xref: /freebsd/crypto/heimdal/lib/krb5/rd_priv.c (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e) 
1 /*
2  * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include <krb5_locl.h>
35 
36 RCSID("$Id: rd_priv.c,v 1.29 2001/06/18 02:46:15 assar Exp $");
37 
38 krb5_error_code
39 krb5_rd_priv(krb5_context context,
40 	     krb5_auth_context auth_context,
41 	     const krb5_data *inbuf,
42 	     krb5_data *outbuf,
43 	     /*krb5_replay_data*/ void *outdata)
44 {
45   krb5_error_code ret;
46   KRB_PRIV priv;
47   EncKrbPrivPart part;
48   size_t len;
49   krb5_data plain;
50   krb5_keyblock *key;
51   krb5_crypto crypto;
52 
53   memset(&priv, 0, sizeof(priv));
54   ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len);
55   if (ret)
56       goto failure;
57   if (priv.pvno != 5) {
58       krb5_clear_error_string (context);
59       ret = KRB5KRB_AP_ERR_BADVERSION;
60       goto failure;
61   }
62   if (priv.msg_type != krb_priv) {
63       krb5_clear_error_string (context);
64       ret = KRB5KRB_AP_ERR_MSG_TYPE;
65       goto failure;
66   }
67 
68   if (auth_context->remote_subkey)
69       key = auth_context->remote_subkey;
70   else if (auth_context->local_subkey)
71       key = auth_context->local_subkey;
72   else
73       key = auth_context->keyblock;
74 
75   ret = krb5_crypto_init(context, key, 0, &crypto);
76   if (ret)
77       goto failure;
78   ret = krb5_decrypt_EncryptedData(context,
79 				   crypto,
80 				   KRB5_KU_KRB_PRIV,
81 				   &priv.enc_part,
82 				   &plain);
83   krb5_crypto_destroy(context, crypto);
84   if (ret)
85       goto failure;
86 
87   ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len);
88   krb5_data_free (&plain);
89   if (ret)
90       goto failure;
91 
92   /* check sender address */
93 
94   if (part.s_address
95       && auth_context->remote_address
96       && !krb5_address_compare (context,
97 				auth_context->remote_address,
98 				part.s_address)) {
99       krb5_clear_error_string (context);
100       ret = KRB5KRB_AP_ERR_BADADDR;
101       goto failure_part;
102   }
103 
104   /* check receiver address */
105 
106   if (part.r_address
107       && auth_context->local_address
108       && !krb5_address_compare (context,
109 				auth_context->local_address,
110 				part.r_address)) {
111       krb5_clear_error_string (context);
112       ret = KRB5KRB_AP_ERR_BADADDR;
113       goto failure_part;
114   }
115 
116   /* check timestamp */
117   if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
118       krb5_timestamp sec;
119 
120       krb5_timeofday (context, &sec);
121       if (part.timestamp == NULL ||
122 	  part.usec      == NULL ||
123 	  abs(*part.timestamp - sec) > context->max_skew) {
124 	  krb5_clear_error_string (context);
125 	  ret = KRB5KRB_AP_ERR_SKEW;
126 	  goto failure_part;
127       }
128   }
129 
130   /* XXX - check replay cache */
131 
132   /* check sequence number. since MIT krb5 cannot generate a sequence
133      number of zero but instead generates no sequence number, we accept that
134   */
135 
136   if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
137       if ((part.seq_number == NULL
138 	   && auth_context->remote_seqnumber != 0)
139 	  || (part.seq_number != NULL
140 	      && *part.seq_number != auth_context->remote_seqnumber)) {
141 	  krb5_clear_error_string (context);
142 	  ret = KRB5KRB_AP_ERR_BADORDER;
143 	  goto failure_part;
144       }
145       auth_context->remote_seqnumber++;
146   }
147 
148   ret = krb5_data_copy (outbuf, part.user_data.data, part.user_data.length);
149   if (ret)
150       goto failure_part;
151 
152   free_EncKrbPrivPart (&part);
153   free_KRB_PRIV (&priv);
154   return 0;
155 
156 failure_part:
157   free_EncKrbPrivPart (&part);
158 
159 failure:
160   free_KRB_PRIV (&priv);
161   return ret;
162 }
163