xref: /freebsd/crypto/heimdal/lib/krb5/rd_priv.c (revision c25d7ab7414672a680e73cefc0a681d10427bf77) 
1 /*
2  * Copyright (c) 1997 - 2001 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of the Institute nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include <krb5_locl.h>
35 
36 RCSID("$Id: rd_priv.c,v 1.27 2001/01/19 04:27:09 assar Exp $");
37 
38 krb5_error_code
39 krb5_rd_priv(krb5_context context,
40 	     krb5_auth_context auth_context,
41 	     const krb5_data *inbuf,
42 	     krb5_data *outbuf,
43 	     /*krb5_replay_data*/ void *outdata)
44 {
45   krb5_error_code ret;
46   KRB_PRIV priv;
47   EncKrbPrivPart part;
48   size_t len;
49   krb5_data plain;
50   krb5_keyblock *key;
51   krb5_crypto crypto;
52 
53   memset(&priv, 0, sizeof(priv));
54   ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len);
55   if (ret)
56       goto failure;
57   if (priv.pvno != 5) {
58       ret = KRB5KRB_AP_ERR_BADVERSION;
59       goto failure;
60   }
61   if (priv.msg_type != krb_priv) {
62       ret = KRB5KRB_AP_ERR_MSG_TYPE;
63       goto failure;
64   }
65 
66   /* XXX - Is this right? */
67 
68   if (auth_context->local_subkey)
69       key = auth_context->local_subkey;
70   else if (auth_context->remote_subkey)
71       key = auth_context->remote_subkey;
72   else
73       key = auth_context->keyblock;
74 
75   ret = krb5_crypto_init(context, key, 0, &crypto);
76   if (ret)
77       goto failure;
78   ret = krb5_decrypt_EncryptedData(context,
79 				   crypto,
80 				   KRB5_KU_KRB_PRIV,
81 				   &priv.enc_part,
82 				   &plain);
83   krb5_crypto_destroy(context, crypto);
84   if (ret)
85       goto failure;
86 
87   ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len);
88   krb5_data_free (&plain);
89   if (ret)
90       goto failure;
91 
92   /* check sender address */
93 
94   if (part.s_address
95       && auth_context->remote_address
96       && !krb5_address_compare (context,
97 				auth_context->remote_address,
98 				part.s_address)) {
99       ret = KRB5KRB_AP_ERR_BADADDR;
100       goto failure_part;
101   }
102 
103   /* check receiver address */
104 
105   if (part.r_address
106       && auth_context->local_address
107       && !krb5_address_compare (context,
108 				auth_context->local_address,
109 				part.r_address)) {
110       ret = KRB5KRB_AP_ERR_BADADDR;
111       goto failure_part;
112   }
113 
114   /* check timestamp */
115   if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
116       krb5_timestamp sec;
117 
118       krb5_timeofday (context, &sec);
119       if (part.timestamp == NULL ||
120 	  part.usec      == NULL ||
121 	  abs(*part.timestamp - sec) > context->max_skew) {
122 	  ret = KRB5KRB_AP_ERR_SKEW;
123 	  goto failure_part;
124       }
125   }
126 
127   /* XXX - check replay cache */
128 
129   /* check sequence number. since MIT krb5 cannot generate a sequence
130      number of zero but instead generates no sequence number, we accept that
131   */
132 
133   if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
134       if ((part.seq_number == NULL
135 	   && auth_context->remote_seqnumber != 0)
136 	  || (part.seq_number != NULL
137 	      && *part.seq_number != auth_context->remote_seqnumber)) {
138 	  ret = KRB5KRB_AP_ERR_BADORDER;
139 	  goto failure_part;
140       }
141       auth_context->remote_seqnumber++;
142   }
143 
144   ret = krb5_data_copy (outbuf, part.user_data.data, part.user_data.length);
145   if (ret)
146       goto failure_part;
147 
148   free_EncKrbPrivPart (&part);
149   free_KRB_PRIV (&priv);
150   return 0;
151 
152 failure_part:
153   free_EncKrbPrivPart (&part);
154 
155 failure:
156   free_KRB_PRIV (&priv);
157   return ret;
158 }
159