1 /* 2 * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34 #include "krb5_locl.h" 35 #include <wind.h> 36 37 struct PAC_INFO_BUFFER { 38 uint32_t type; 39 uint32_t buffersize; 40 uint32_t offset_hi; 41 uint32_t offset_lo; 42 }; 43 44 struct PACTYPE { 45 uint32_t numbuffers; 46 uint32_t version; 47 struct PAC_INFO_BUFFER buffers[1]; 48 }; 49 50 struct krb5_pac_data { 51 struct PACTYPE *pac; 52 krb5_data data; 53 struct PAC_INFO_BUFFER *server_checksum; 54 struct PAC_INFO_BUFFER *privsvr_checksum; 55 struct PAC_INFO_BUFFER *logon_name; 56 }; 57 58 #define PAC_ALIGNMENT 8 59 60 #define PACTYPE_SIZE 8 61 #define PAC_INFO_BUFFER_SIZE 16 62 63 #define PAC_SERVER_CHECKSUM 6 64 #define PAC_PRIVSVR_CHECKSUM 7 65 #define PAC_LOGON_NAME 10 66 #define PAC_CONSTRAINED_DELEGATION 11 67 68 #define CHECK(r,f,l) \ 69 do { \ 70 if (((r) = f ) != 0) { \ 71 krb5_clear_error_message(context); \ 72 goto l; \ 73 } \ 74 } while(0) 75 76 static const char zeros[PAC_ALIGNMENT] = { 0 }; 77 78 /* 79 * HMAC-MD5 checksum over any key (needed for the PAC routines) 80 */ 81 82 static krb5_error_code 83 HMAC_MD5_any_checksum(krb5_context context, 84 const krb5_keyblock *key, 85 const void *data, 86 size_t len, 87 unsigned usage, 88 Checksum *result) 89 { 90 struct _krb5_key_data local_key; 91 krb5_error_code ret; 92 93 memset(&local_key, 0, sizeof(local_key)); 94 95 ret = krb5_copy_keyblock(context, key, &local_key.key); 96 if (ret) 97 return ret; 98 99 ret = krb5_data_alloc (&result->checksum, 16); 100 if (ret) { 101 krb5_free_keyblock(context, local_key.key); 102 return ret; 103 } 104 105 result->cksumtype = CKSUMTYPE_HMAC_MD5; 106 ret = _krb5_HMAC_MD5_checksum(context, &local_key, data, len, usage, result); 107 if (ret) 108 krb5_data_free(&result->checksum); 109 110 krb5_free_keyblock(context, local_key.key); 111 return ret; 112 } 113 114 115 /* 116 * 117 */ 118 119 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 120 krb5_pac_parse(krb5_context context, const void *ptr, size_t len, 121 krb5_pac *pac) 122 { 123 krb5_error_code ret; 124 krb5_pac p; 125 krb5_storage *sp = NULL; 126 uint32_t i, tmp, tmp2, header_end; 127 128 p = calloc(1, sizeof(*p)); 129 if (p == NULL) { 130 ret = krb5_enomem(context); 131 goto out; 132 } 133 134 sp = krb5_storage_from_readonly_mem(ptr, len); 135 if (sp == NULL) { 136 ret = krb5_enomem(context); 137 goto out; 138 } 139 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); 140 141 CHECK(ret, krb5_ret_uint32(sp, &tmp), out); 142 CHECK(ret, krb5_ret_uint32(sp, &tmp2), out); 143 if (tmp < 1) { 144 ret = EINVAL; /* Too few buffers */ 145 krb5_set_error_message(context, ret, N_("PAC have too few buffer", "")); 146 goto out; 147 } 148 if (tmp2 != 0) { 149 ret = EINVAL; /* Wrong version */ 150 krb5_set_error_message(context, ret, 151 N_("PAC have wrong version %d", ""), 152 (int)tmp2); 153 goto out; 154 } 155 156 p->pac = calloc(1, 157 sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1))); 158 if (p->pac == NULL) { 159 ret = krb5_enomem(context); 160 goto out; 161 } 162 163 p->pac->numbuffers = tmp; 164 p->pac->version = tmp2; 165 166 header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers); 167 if (header_end > len) { 168 ret = EINVAL; 169 goto out; 170 } 171 172 for (i = 0; i < p->pac->numbuffers; i++) { 173 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].type), out); 174 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].buffersize), out); 175 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_lo), out); 176 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_hi), out); 177 178 /* consistency checks */ 179 if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) { 180 ret = EINVAL; 181 krb5_set_error_message(context, ret, 182 N_("PAC out of allignment", "")); 183 goto out; 184 } 185 if (p->pac->buffers[i].offset_hi) { 186 ret = EINVAL; 187 krb5_set_error_message(context, ret, 188 N_("PAC high offset set", "")); 189 goto out; 190 } 191 if (p->pac->buffers[i].offset_lo > len) { 192 ret = EINVAL; 193 krb5_set_error_message(context, ret, 194 N_("PAC offset off end", "")); 195 goto out; 196 } 197 if (p->pac->buffers[i].offset_lo < header_end) { 198 ret = EINVAL; 199 krb5_set_error_message(context, ret, 200 N_("PAC offset inside header: %lu %lu", ""), 201 (unsigned long)p->pac->buffers[i].offset_lo, 202 (unsigned long)header_end); 203 goto out; 204 } 205 if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){ 206 ret = EINVAL; 207 krb5_set_error_message(context, ret, N_("PAC length off end", "")); 208 goto out; 209 } 210 211 /* let save pointer to data we need later */ 212 if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) { 213 if (p->server_checksum) { 214 ret = EINVAL; 215 krb5_set_error_message(context, ret, 216 N_("PAC have two server checksums", "")); 217 goto out; 218 } 219 p->server_checksum = &p->pac->buffers[i]; 220 } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) { 221 if (p->privsvr_checksum) { 222 ret = EINVAL; 223 krb5_set_error_message(context, ret, 224 N_("PAC have two KDC checksums", "")); 225 goto out; 226 } 227 p->privsvr_checksum = &p->pac->buffers[i]; 228 } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) { 229 if (p->logon_name) { 230 ret = EINVAL; 231 krb5_set_error_message(context, ret, 232 N_("PAC have two logon names", "")); 233 goto out; 234 } 235 p->logon_name = &p->pac->buffers[i]; 236 } 237 } 238 239 ret = krb5_data_copy(&p->data, ptr, len); 240 if (ret) 241 goto out; 242 243 krb5_storage_free(sp); 244 245 *pac = p; 246 return 0; 247 248 out: 249 if (sp) 250 krb5_storage_free(sp); 251 if (p) { 252 if (p->pac) 253 free(p->pac); 254 free(p); 255 } 256 *pac = NULL; 257 258 return ret; 259 } 260 261 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 262 krb5_pac_init(krb5_context context, krb5_pac *pac) 263 { 264 krb5_error_code ret; 265 krb5_pac p; 266 267 p = calloc(1, sizeof(*p)); 268 if (p == NULL) { 269 return krb5_enomem(context); 270 } 271 272 p->pac = calloc(1, sizeof(*p->pac)); 273 if (p->pac == NULL) { 274 free(p); 275 return krb5_enomem(context); 276 } 277 278 ret = krb5_data_alloc(&p->data, PACTYPE_SIZE); 279 if (ret) { 280 free (p->pac); 281 free(p); 282 return krb5_enomem(context); 283 } 284 285 *pac = p; 286 return 0; 287 } 288 289 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 290 krb5_pac_add_buffer(krb5_context context, krb5_pac p, 291 uint32_t type, const krb5_data *data) 292 { 293 krb5_error_code ret; 294 void *ptr; 295 size_t len, offset, header_end, old_end; 296 uint32_t i; 297 298 len = p->pac->numbuffers; 299 300 ptr = realloc(p->pac, 301 sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len)); 302 if (ptr == NULL) 303 return krb5_enomem(context); 304 305 p->pac = ptr; 306 307 for (i = 0; i < len; i++) 308 p->pac->buffers[i].offset_lo += PAC_INFO_BUFFER_SIZE; 309 310 offset = p->data.length + PAC_INFO_BUFFER_SIZE; 311 312 p->pac->buffers[len].type = type; 313 p->pac->buffers[len].buffersize = data->length; 314 p->pac->buffers[len].offset_lo = offset; 315 p->pac->buffers[len].offset_hi = 0; 316 317 old_end = p->data.length; 318 len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE; 319 if (len < p->data.length) { 320 krb5_set_error_message(context, EINVAL, "integer overrun"); 321 return EINVAL; 322 } 323 324 /* align to PAC_ALIGNMENT */ 325 len = ((len + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT; 326 327 ret = krb5_data_realloc(&p->data, len); 328 if (ret) { 329 krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 330 return ret; 331 } 332 333 /* 334 * make place for new PAC INFO BUFFER header 335 */ 336 header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers); 337 memmove((unsigned char *)p->data.data + header_end + PAC_INFO_BUFFER_SIZE, 338 (unsigned char *)p->data.data + header_end , 339 old_end - header_end); 340 memset((unsigned char *)p->data.data + header_end, 0, PAC_INFO_BUFFER_SIZE); 341 342 /* 343 * copy in new data part 344 */ 345 346 memcpy((unsigned char *)p->data.data + offset, 347 data->data, data->length); 348 memset((unsigned char *)p->data.data + offset + data->length, 349 0, p->data.length - offset - data->length); 350 351 p->pac->numbuffers += 1; 352 353 return 0; 354 } 355 356 /** 357 * Get the PAC buffer of specific type from the pac. 358 * 359 * @param context Kerberos 5 context. 360 * @param p the pac structure returned by krb5_pac_parse(). 361 * @param type type of buffer to get 362 * @param data return data, free with krb5_data_free(). 363 * 364 * @return Returns 0 to indicate success. Otherwise an kerberos et 365 * error code is returned, see krb5_get_error_message(). 366 * 367 * @ingroup krb5_pac 368 */ 369 370 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 371 krb5_pac_get_buffer(krb5_context context, krb5_pac p, 372 uint32_t type, krb5_data *data) 373 { 374 krb5_error_code ret; 375 uint32_t i; 376 377 for (i = 0; i < p->pac->numbuffers; i++) { 378 const size_t len = p->pac->buffers[i].buffersize; 379 const size_t offset = p->pac->buffers[i].offset_lo; 380 381 if (p->pac->buffers[i].type != type) 382 continue; 383 384 ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len); 385 if (ret) { 386 krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 387 return ret; 388 } 389 return 0; 390 } 391 krb5_set_error_message(context, ENOENT, "No PAC buffer of type %lu was found", 392 (unsigned long)type); 393 return ENOENT; 394 } 395 396 /* 397 * 398 */ 399 400 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 401 krb5_pac_get_types(krb5_context context, 402 krb5_pac p, 403 size_t *len, 404 uint32_t **types) 405 { 406 size_t i; 407 408 *types = calloc(p->pac->numbuffers, sizeof(*types)); 409 if (*types == NULL) { 410 *len = 0; 411 return krb5_enomem(context); 412 } 413 for (i = 0; i < p->pac->numbuffers; i++) 414 (*types)[i] = p->pac->buffers[i].type; 415 *len = p->pac->numbuffers; 416 417 return 0; 418 } 419 420 /* 421 * 422 */ 423 424 KRB5_LIB_FUNCTION void KRB5_LIB_CALL 425 krb5_pac_free(krb5_context context, krb5_pac pac) 426 { 427 krb5_data_free(&pac->data); 428 free(pac->pac); 429 free(pac); 430 } 431 432 /* 433 * 434 */ 435 436 static krb5_error_code 437 verify_checksum(krb5_context context, 438 const struct PAC_INFO_BUFFER *sig, 439 const krb5_data *data, 440 void *ptr, size_t len, 441 const krb5_keyblock *key) 442 { 443 krb5_storage *sp = NULL; 444 uint32_t type; 445 krb5_error_code ret; 446 Checksum cksum; 447 448 memset(&cksum, 0, sizeof(cksum)); 449 450 sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo, 451 sig->buffersize); 452 if (sp == NULL) 453 return krb5_enomem(context); 454 455 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); 456 457 CHECK(ret, krb5_ret_uint32(sp, &type), out); 458 cksum.cksumtype = type; 459 cksum.checksum.length = 460 sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR); 461 cksum.checksum.data = malloc(cksum.checksum.length); 462 if (cksum.checksum.data == NULL) { 463 ret = krb5_enomem(context); 464 goto out; 465 } 466 ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length); 467 if (ret != (int)cksum.checksum.length) { 468 ret = EINVAL; 469 krb5_set_error_message(context, ret, "PAC checksum missing checksum"); 470 goto out; 471 } 472 473 if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) { 474 ret = EINVAL; 475 krb5_set_error_message(context, ret, "Checksum type %d not keyed", 476 cksum.cksumtype); 477 goto out; 478 } 479 480 /* If the checksum is HMAC-MD5, the checksum type is not tied to 481 * the key type, instead the HMAC-MD5 checksum is applied blindly 482 * on whatever key is used for this connection, avoiding issues 483 * with unkeyed checksums on des-cbc-md5 and des-cbc-crc. See 484 * http://comments.gmane.org/gmane.comp.encryption.kerberos.devel/8743 485 * for the same issue in MIT, and 486 * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx 487 * for Microsoft's explaination */ 488 489 if (cksum.cksumtype == CKSUMTYPE_HMAC_MD5) { 490 Checksum local_checksum; 491 492 memset(&local_checksum, 0, sizeof(local_checksum)); 493 494 ret = HMAC_MD5_any_checksum(context, key, ptr, len, 495 KRB5_KU_OTHER_CKSUM, &local_checksum); 496 497 if (ret != 0 || krb5_data_ct_cmp(&local_checksum.checksum, &cksum.checksum) != 0) { 498 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY; 499 krb5_set_error_message(context, ret, 500 N_("PAC integrity check failed for " 501 "hmac-md5 checksum", "")); 502 } 503 krb5_data_free(&local_checksum.checksum); 504 505 } else { 506 krb5_crypto crypto = NULL; 507 508 ret = krb5_crypto_init(context, key, 0, &crypto); 509 if (ret) 510 goto out; 511 512 ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 513 ptr, len, &cksum); 514 krb5_crypto_destroy(context, crypto); 515 } 516 free(cksum.checksum.data); 517 krb5_storage_free(sp); 518 519 return ret; 520 521 out: 522 if (cksum.checksum.data) 523 free(cksum.checksum.data); 524 if (sp) 525 krb5_storage_free(sp); 526 return ret; 527 } 528 529 static krb5_error_code 530 create_checksum(krb5_context context, 531 const krb5_keyblock *key, 532 uint32_t cksumtype, 533 void *data, size_t datalen, 534 void *sig, size_t siglen) 535 { 536 krb5_crypto crypto = NULL; 537 krb5_error_code ret; 538 Checksum cksum; 539 540 /* If the checksum is HMAC-MD5, the checksum type is not tied to 541 * the key type, instead the HMAC-MD5 checksum is applied blindly 542 * on whatever key is used for this connection, avoiding issues 543 * with unkeyed checksums on des-cbc-md5 and des-cbc-crc. See 544 * http://comments.gmane.org/gmane.comp.encryption.kerberos.devel/8743 545 * for the same issue in MIT, and 546 * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx 547 * for Microsoft's explaination */ 548 549 if (cksumtype == (uint32_t)CKSUMTYPE_HMAC_MD5) { 550 ret = HMAC_MD5_any_checksum(context, key, data, datalen, 551 KRB5_KU_OTHER_CKSUM, &cksum); 552 } else { 553 ret = krb5_crypto_init(context, key, 0, &crypto); 554 if (ret) 555 return ret; 556 557 ret = krb5_create_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 0, 558 data, datalen, &cksum); 559 krb5_crypto_destroy(context, crypto); 560 if (ret) 561 return ret; 562 } 563 if (cksum.checksum.length != siglen) { 564 krb5_set_error_message(context, EINVAL, "pac checksum wrong length"); 565 free_Checksum(&cksum); 566 return EINVAL; 567 } 568 569 memcpy(sig, cksum.checksum.data, siglen); 570 free_Checksum(&cksum); 571 572 return 0; 573 } 574 575 576 /* 577 * 578 */ 579 580 #define NTTIME_EPOCH 0x019DB1DED53E8000LL 581 582 static uint64_t 583 unix2nttime(time_t unix_time) 584 { 585 long long wt; 586 wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH; 587 return wt; 588 } 589 590 static krb5_error_code 591 verify_logonname(krb5_context context, 592 const struct PAC_INFO_BUFFER *logon_name, 593 const krb5_data *data, 594 time_t authtime, 595 krb5_const_principal principal) 596 { 597 krb5_error_code ret; 598 krb5_principal p2; 599 uint32_t time1, time2; 600 krb5_storage *sp; 601 uint16_t len; 602 char *s; 603 604 sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo, 605 logon_name->buffersize); 606 if (sp == NULL) 607 return krb5_enomem(context); 608 609 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); 610 611 CHECK(ret, krb5_ret_uint32(sp, &time1), out); 612 CHECK(ret, krb5_ret_uint32(sp, &time2), out); 613 614 { 615 uint64_t t1, t2; 616 t1 = unix2nttime(authtime); 617 t2 = ((uint64_t)time2 << 32) | time1; 618 if (t1 != t2) { 619 krb5_storage_free(sp); 620 krb5_set_error_message(context, EINVAL, "PAC timestamp mismatch"); 621 return EINVAL; 622 } 623 } 624 CHECK(ret, krb5_ret_uint16(sp, &len), out); 625 if (len == 0) { 626 krb5_storage_free(sp); 627 krb5_set_error_message(context, EINVAL, "PAC logon name length missing"); 628 return EINVAL; 629 } 630 631 s = malloc(len); 632 if (s == NULL) { 633 krb5_storage_free(sp); 634 return krb5_enomem(context); 635 } 636 ret = krb5_storage_read(sp, s, len); 637 if (ret != len) { 638 krb5_storage_free(sp); 639 krb5_set_error_message(context, EINVAL, "Failed to read PAC logon name"); 640 return EINVAL; 641 } 642 krb5_storage_free(sp); 643 { 644 size_t ucs2len = len / 2; 645 uint16_t *ucs2; 646 size_t u8len; 647 unsigned int flags = WIND_RW_LE; 648 649 ucs2 = malloc(sizeof(ucs2[0]) * ucs2len); 650 if (ucs2 == NULL) 651 return krb5_enomem(context); 652 653 ret = wind_ucs2read(s, len, &flags, ucs2, &ucs2len); 654 free(s); 655 if (ret) { 656 free(ucs2); 657 krb5_set_error_message(context, ret, "Failed to convert string to UCS-2"); 658 return ret; 659 } 660 ret = wind_ucs2utf8_length(ucs2, ucs2len, &u8len); 661 if (ret) { 662 free(ucs2); 663 krb5_set_error_message(context, ret, "Failed to count length of UCS-2 string"); 664 return ret; 665 } 666 u8len += 1; /* Add space for NUL */ 667 s = malloc(u8len); 668 if (s == NULL) { 669 free(ucs2); 670 return krb5_enomem(context); 671 } 672 ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len); 673 free(ucs2); 674 if (ret) { 675 free(s); 676 krb5_set_error_message(context, ret, "Failed to convert to UTF-8"); 677 return ret; 678 } 679 } 680 ret = krb5_parse_name_flags(context, s, KRB5_PRINCIPAL_PARSE_NO_REALM, &p2); 681 free(s); 682 if (ret) 683 return ret; 684 685 if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) { 686 ret = EINVAL; 687 krb5_set_error_message(context, ret, "PAC logon name mismatch"); 688 } 689 krb5_free_principal(context, p2); 690 return ret; 691 out: 692 return ret; 693 } 694 695 /* 696 * 697 */ 698 699 static krb5_error_code 700 build_logon_name(krb5_context context, 701 time_t authtime, 702 krb5_const_principal principal, 703 krb5_data *logon) 704 { 705 krb5_error_code ret; 706 krb5_storage *sp; 707 uint64_t t; 708 char *s, *s2; 709 size_t i, len; 710 711 t = unix2nttime(authtime); 712 713 krb5_data_zero(logon); 714 715 sp = krb5_storage_emem(); 716 if (sp == NULL) 717 return krb5_enomem(context); 718 719 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); 720 721 CHECK(ret, krb5_store_uint32(sp, t & 0xffffffff), out); 722 CHECK(ret, krb5_store_uint32(sp, t >> 32), out); 723 724 ret = krb5_unparse_name_flags(context, principal, 725 KRB5_PRINCIPAL_UNPARSE_NO_REALM, &s); 726 if (ret) 727 goto out; 728 729 len = strlen(s); 730 731 CHECK(ret, krb5_store_uint16(sp, len * 2), out); 732 733 #if 1 /* cheat for now */ 734 s2 = malloc(len * 2); 735 if (s2 == NULL) { 736 ret = krb5_enomem(context); 737 free(s); 738 goto out; 739 } 740 for (i = 0; i < len; i++) { 741 s2[i * 2] = s[i]; 742 s2[i * 2 + 1] = 0; 743 } 744 free(s); 745 #else 746 /* write libwind code here */ 747 #endif 748 749 ret = krb5_storage_write(sp, s2, len * 2); 750 free(s2); 751 if (ret != (int)(len * 2)) { 752 ret = krb5_enomem(context); 753 goto out; 754 } 755 ret = krb5_storage_to_data(sp, logon); 756 if (ret) 757 goto out; 758 krb5_storage_free(sp); 759 760 return 0; 761 out: 762 krb5_storage_free(sp); 763 return ret; 764 } 765 766 767 /** 768 * Verify the PAC. 769 * 770 * @param context Kerberos 5 context. 771 * @param pac the pac structure returned by krb5_pac_parse(). 772 * @param authtime The time of the ticket the PAC belongs to. 773 * @param principal the principal to verify. 774 * @param server The service key, most always be given. 775 * @param privsvr The KDC key, may be given. 776 777 * @return Returns 0 to indicate success. Otherwise an kerberos et 778 * error code is returned, see krb5_get_error_message(). 779 * 780 * @ingroup krb5_pac 781 */ 782 783 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL 784 krb5_pac_verify(krb5_context context, 785 const krb5_pac pac, 786 time_t authtime, 787 krb5_const_principal principal, 788 const krb5_keyblock *server, 789 const krb5_keyblock *privsvr) 790 { 791 krb5_error_code ret; 792 793 if (pac->server_checksum == NULL) { 794 krb5_set_error_message(context, EINVAL, "PAC missing server checksum"); 795 return EINVAL; 796 } 797 if (pac->privsvr_checksum == NULL) { 798 krb5_set_error_message(context, EINVAL, "PAC missing kdc checksum"); 799 return EINVAL; 800 } 801 if (pac->logon_name == NULL) { 802 krb5_set_error_message(context, EINVAL, "PAC missing logon name"); 803 return EINVAL; 804 } 805 806 ret = verify_logonname(context, 807 pac->logon_name, 808 &pac->data, 809 authtime, 810 principal); 811 if (ret) 812 return ret; 813 814 /* 815 * in the service case, clean out data option of the privsvr and 816 * server checksum before checking the checksum. 817 */ 818 { 819 krb5_data *copy; 820 821 ret = krb5_copy_data(context, &pac->data, ©); 822 if (ret) 823 return ret; 824 825 if (pac->server_checksum->buffersize < 4) 826 return EINVAL; 827 if (pac->privsvr_checksum->buffersize < 4) 828 return EINVAL; 829 830 memset((char *)copy->data + pac->server_checksum->offset_lo + 4, 831 0, 832 pac->server_checksum->buffersize - 4); 833 834 memset((char *)copy->data + pac->privsvr_checksum->offset_lo + 4, 835 0, 836 pac->privsvr_checksum->buffersize - 4); 837 838 ret = verify_checksum(context, 839 pac->server_checksum, 840 &pac->data, 841 copy->data, 842 copy->length, 843 server); 844 krb5_free_data(context, copy); 845 if (ret) 846 return ret; 847 } 848 if (privsvr) { 849 /* The priv checksum covers the server checksum */ 850 ret = verify_checksum(context, 851 pac->privsvr_checksum, 852 &pac->data, 853 (char *)pac->data.data 854 + pac->server_checksum->offset_lo + 4, 855 pac->server_checksum->buffersize - 4, 856 privsvr); 857 if (ret) 858 return ret; 859 } 860 861 return 0; 862 } 863 864 /* 865 * 866 */ 867 868 static krb5_error_code 869 fill_zeros(krb5_context context, krb5_storage *sp, size_t len) 870 { 871 ssize_t sret; 872 size_t l; 873 874 while (len) { 875 l = len; 876 if (l > sizeof(zeros)) 877 l = sizeof(zeros); 878 sret = krb5_storage_write(sp, zeros, l); 879 if (sret <= 0) 880 return krb5_enomem(context); 881 882 len -= sret; 883 } 884 return 0; 885 } 886 887 static krb5_error_code 888 pac_checksum(krb5_context context, 889 const krb5_keyblock *key, 890 uint32_t *cksumtype, 891 size_t *cksumsize) 892 { 893 krb5_cksumtype cktype; 894 krb5_error_code ret; 895 krb5_crypto crypto = NULL; 896 897 ret = krb5_crypto_init(context, key, 0, &crypto); 898 if (ret) 899 return ret; 900 901 ret = krb5_crypto_get_checksum_type(context, crypto, &cktype); 902 krb5_crypto_destroy(context, crypto); 903 if (ret) 904 return ret; 905 906 if (krb5_checksum_is_keyed(context, cktype) == FALSE) { 907 *cksumtype = CKSUMTYPE_HMAC_MD5; 908 *cksumsize = 16; 909 } 910 911 ret = krb5_checksumsize(context, cktype, cksumsize); 912 if (ret) 913 return ret; 914 915 *cksumtype = (uint32_t)cktype; 916 917 return 0; 918 } 919 920 krb5_error_code 921 _krb5_pac_sign(krb5_context context, 922 krb5_pac p, 923 time_t authtime, 924 krb5_principal principal, 925 const krb5_keyblock *server_key, 926 const krb5_keyblock *priv_key, 927 krb5_data *data) 928 { 929 krb5_error_code ret; 930 krb5_storage *sp = NULL, *spdata = NULL; 931 uint32_t end; 932 size_t server_size, priv_size; 933 uint32_t server_offset = 0, priv_offset = 0; 934 uint32_t server_cksumtype = 0, priv_cksumtype = 0; 935 int num = 0; 936 size_t i; 937 krb5_data logon, d; 938 939 krb5_data_zero(&logon); 940 941 if (p->logon_name == NULL) 942 num++; 943 if (p->server_checksum == NULL) 944 num++; 945 if (p->privsvr_checksum == NULL) 946 num++; 947 948 if (num) { 949 void *ptr; 950 951 ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1))); 952 if (ptr == NULL) 953 return krb5_enomem(context); 954 955 p->pac = ptr; 956 957 if (p->logon_name == NULL) { 958 p->logon_name = &p->pac->buffers[p->pac->numbuffers++]; 959 memset(p->logon_name, 0, sizeof(*p->logon_name)); 960 p->logon_name->type = PAC_LOGON_NAME; 961 } 962 if (p->server_checksum == NULL) { 963 p->server_checksum = &p->pac->buffers[p->pac->numbuffers++]; 964 memset(p->server_checksum, 0, sizeof(*p->server_checksum)); 965 p->server_checksum->type = PAC_SERVER_CHECKSUM; 966 } 967 if (p->privsvr_checksum == NULL) { 968 p->privsvr_checksum = &p->pac->buffers[p->pac->numbuffers++]; 969 memset(p->privsvr_checksum, 0, sizeof(*p->privsvr_checksum)); 970 p->privsvr_checksum->type = PAC_PRIVSVR_CHECKSUM; 971 } 972 } 973 974 /* Calculate LOGON NAME */ 975 ret = build_logon_name(context, authtime, principal, &logon); 976 if (ret) 977 goto out; 978 979 /* Set lengths for checksum */ 980 ret = pac_checksum(context, server_key, &server_cksumtype, &server_size); 981 if (ret) 982 goto out; 983 ret = pac_checksum(context, priv_key, &priv_cksumtype, &priv_size); 984 if (ret) 985 goto out; 986 987 /* Encode PAC */ 988 sp = krb5_storage_emem(); 989 if (sp == NULL) 990 return krb5_enomem(context); 991 992 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE); 993 994 spdata = krb5_storage_emem(); 995 if (spdata == NULL) { 996 krb5_storage_free(sp); 997 return krb5_enomem(context); 998 } 999 krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE); 1000 1001 CHECK(ret, krb5_store_uint32(sp, p->pac->numbuffers), out); 1002 CHECK(ret, krb5_store_uint32(sp, p->pac->version), out); 1003 1004 end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers); 1005 1006 for (i = 0; i < p->pac->numbuffers; i++) { 1007 uint32_t len; 1008 size_t sret; 1009 void *ptr = NULL; 1010 1011 /* store data */ 1012 1013 if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) { 1014 len = server_size + 4; 1015 server_offset = end + 4; 1016 CHECK(ret, krb5_store_uint32(spdata, server_cksumtype), out); 1017 CHECK(ret, fill_zeros(context, spdata, server_size), out); 1018 } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) { 1019 len = priv_size + 4; 1020 priv_offset = end + 4; 1021 CHECK(ret, krb5_store_uint32(spdata, priv_cksumtype), out); 1022 CHECK(ret, fill_zeros(context, spdata, priv_size), out); 1023 } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) { 1024 len = krb5_storage_write(spdata, logon.data, logon.length); 1025 if (logon.length != len) { 1026 ret = EINVAL; 1027 goto out; 1028 } 1029 } else { 1030 len = p->pac->buffers[i].buffersize; 1031 ptr = (char *)p->data.data + p->pac->buffers[i].offset_lo; 1032 1033 sret = krb5_storage_write(spdata, ptr, len); 1034 if (sret != len) { 1035 ret = krb5_enomem(context); 1036 goto out; 1037 } 1038 /* XXX if not aligned, fill_zeros */ 1039 } 1040 1041 /* write header */ 1042 CHECK(ret, krb5_store_uint32(sp, p->pac->buffers[i].type), out); 1043 CHECK(ret, krb5_store_uint32(sp, len), out); 1044 CHECK(ret, krb5_store_uint32(sp, end), out); 1045 CHECK(ret, krb5_store_uint32(sp, 0), out); 1046 1047 /* advance data endpointer and align */ 1048 { 1049 int32_t e; 1050 1051 end += len; 1052 e = ((end + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT; 1053 if ((int32_t)end != e) { 1054 CHECK(ret, fill_zeros(context, spdata, e - end), out); 1055 } 1056 end = e; 1057 } 1058 1059 } 1060 1061 /* assert (server_offset != 0 && priv_offset != 0); */ 1062 1063 /* export PAC */ 1064 ret = krb5_storage_to_data(spdata, &d); 1065 if (ret) { 1066 krb5_set_error_message(context, ret, N_("malloc: out of memory", "")); 1067 goto out; 1068 } 1069 ret = krb5_storage_write(sp, d.data, d.length); 1070 if (ret != (int)d.length) { 1071 krb5_data_free(&d); 1072 ret = krb5_enomem(context); 1073 goto out; 1074 } 1075 krb5_data_free(&d); 1076 1077 ret = krb5_storage_to_data(sp, &d); 1078 if (ret) { 1079 ret = krb5_enomem(context); 1080 goto out; 1081 } 1082 1083 /* sign */ 1084 ret = create_checksum(context, server_key, server_cksumtype, 1085 d.data, d.length, 1086 (char *)d.data + server_offset, server_size); 1087 if (ret) { 1088 krb5_data_free(&d); 1089 goto out; 1090 } 1091 ret = create_checksum(context, priv_key, priv_cksumtype, 1092 (char *)d.data + server_offset, server_size, 1093 (char *)d.data + priv_offset, priv_size); 1094 if (ret) { 1095 krb5_data_free(&d); 1096 goto out; 1097 } 1098 1099 /* done */ 1100 *data = d; 1101 1102 krb5_data_free(&logon); 1103 krb5_storage_free(sp); 1104 krb5_storage_free(spdata); 1105 1106 return 0; 1107 out: 1108 krb5_data_free(&logon); 1109 if (sp) 1110 krb5_storage_free(sp); 1111 if (spdata) 1112 krb5_storage_free(spdata); 1113 return ret; 1114 } 1115