xref: /illumos-gate/usr/src/lib/libnsl/rpc/auth_des.c (revision dd72704bd9e794056c558153663c739e2012d721)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 
23 /*
24  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
25  * Use is subject to license terms.
26  */
27 /* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
28 /* All Rights Reserved */
29 /*
30  * Portions of this source code were derived from Berkeley
31  * 4.3 BSD under license from the Regents of the University of
32  * California.
33  */
34 
35 /*
36  * auth_des.c, client-side implementation of DES authentication
37  *
38  */
39 
40 #include "mt.h"
41 #include "rpc_mt.h"
42 #include <rpc/rpc.h>
43 #include <rpc/des_crypt.h>
44 #include <syslog.h>
45 #include <stdlib.h>
46 #include <string.h>
47 #include <synch.h>
48 #undef NIS
49 #include <rpcsvc/nis.h>
50 
51 #define	USEC_PER_SEC		1000000
52 #define	RTIME_TIMEOUT		5	/* seconds to wait for sync */
53 
54 extern bool_t xdr_authdes_cred(XDR *, struct authdes_cred *);
55 extern bool_t xdr_authdes_verf(XDR *, struct authdes_verf *);
56 extern int key_encryptsession_pk(const char *, netobj *, des_block *);
57 
58 extern bool_t __rpc_get_time_offset(struct timeval *, nis_server *, char *,
59 						char **, char **);
60 static struct auth_ops *authdes_ops(void);
61 static bool_t authdes_refresh(AUTH *, void *);
62 
63 /*
64  * This struct is pointed to by the ah_private field of an "AUTH *"
65  */
66 struct ad_private {
67 	char *ad_fullname;		/* client's full name */
68 	uint_t ad_fullnamelen;		/* length of name, rounded up */
69 	char *ad_servername;		/* server's full name */
70 	size_t ad_servernamelen;	/* length of name, rounded up */
71 	uint_t ad_window;		/* client specified window */
72 	bool_t ad_dosync;		/* synchronize? */
73 	char *ad_timehost;		/* remote host to sync with */
74 	struct timeval ad_timediff;	/* server's time - client's time */
75 	uint_t ad_nickname;		/* server's nickname for client */
76 	struct authdes_cred ad_cred;	/* storage for credential */
77 	struct authdes_verf ad_verf;	/* storage for verifier */
78 	struct timeval ad_timestamp;	/* timestamp sent */
79 	des_block ad_xkey;		/* encrypted conversation key */
80 	uchar_t ad_pkey[1024];		/* Servers actual public key */
81 	char *ad_netid;			/* Timehost netid */
82 	char *ad_uaddr;			/* Timehost uaddr */
83 	nis_server *ad_nis_srvr;	/* NIS+ server struct */
84 };
85 
86 extern AUTH *authdes_pk_seccreate(const char *, netobj *, uint_t, const char *,
87 				const des_block *, nis_server *);
88 
89 /*
90  * documented version of authdes_seccreate
91  */
92 /*
93  *	servername: 	network name of server
94  *	win:		time to live
95  *	timehost:	optional hostname to sync with
96  *	ckey:		optional conversation key to use
97  */
98 
99 AUTH *
100 authdes_seccreate(const char *servername, const uint_t win,
101 	const char *timehost, const des_block *ckey)
102 {
103 	uchar_t	pkey_data[1024];
104 	netobj	pkey;
105 
106 	if (!getpublickey(servername, (char *)pkey_data)) {
107 		syslog(LOG_ERR,
108 			"authdes_seccreate: no public key found for %s",
109 			servername);
110 
111 		return (NULL);
112 	}
113 
114 	pkey.n_bytes = (char *)pkey_data;
115 	pkey.n_len = (uint_t)strlen((char *)pkey_data) + 1;
116 	return (authdes_pk_seccreate(servername, &pkey, win, timehost,
117 					ckey, NULL));
118 }
119 
120 /*
121  * Slightly modified version of authdes_seccreate which takes the public key
122  * of the server principal as an argument. This spares us a call to
123  * getpublickey() which in the nameserver context can cause a deadlock.
124  */
125 
126 AUTH *
127 authdes_pk_seccreate(const char *servername, netobj *pkey, uint_t window,
128 	const char *timehost, const des_block *ckey, nis_server *srvr)
129 {
130 	AUTH *auth;
131 	struct ad_private *ad;
132 	char namebuf[MAXNETNAMELEN+1];
133 
134 	/*
135 	 * Allocate everything now
136 	 */
137 	auth = malloc(sizeof (AUTH));
138 	if (auth == NULL) {
139 		syslog(LOG_ERR, "authdes_pk_seccreate: out of memory");
140 		return (NULL);
141 	}
142 	ad = malloc(sizeof (struct ad_private));
143 	if (ad == NULL) {
144 		syslog(LOG_ERR, "authdes_pk_seccreate: out of memory");
145 		goto failed;
146 	}
147 	ad->ad_fullname = ad->ad_servername = NULL; /* Sanity reasons */
148 	ad->ad_timehost = NULL;
149 	ad->ad_netid = NULL;
150 	ad->ad_uaddr = NULL;
151 	ad->ad_nis_srvr = NULL;
152 	ad->ad_timediff.tv_sec = 0;
153 	ad->ad_timediff.tv_usec = 0;
154 	(void) memcpy(ad->ad_pkey, pkey->n_bytes, pkey->n_len);
155 	if (!getnetname(namebuf))
156 		goto failed;
157 	ad->ad_fullnamelen = RNDUP((uint_t)strlen(namebuf));
158 	ad->ad_fullname = malloc(ad->ad_fullnamelen + 1);
159 	ad->ad_servernamelen = strlen(servername);
160 	ad->ad_servername = malloc(ad->ad_servernamelen + 1);
161 
162 	if (ad->ad_fullname == NULL || ad->ad_servername == NULL) {
163 		syslog(LOG_ERR, "authdes_seccreate: out of memory");
164 		goto failed;
165 	}
166 	if (timehost != NULL) {
167 		ad->ad_timehost = malloc(strlen(timehost) + 1);
168 		if (ad->ad_timehost == NULL) {
169 			syslog(LOG_ERR, "authdes_seccreate: out of memory");
170 			goto failed;
171 		}
172 		(void) memcpy(ad->ad_timehost, timehost, strlen(timehost) + 1);
173 		ad->ad_dosync = TRUE;
174 	} else if (srvr != NULL) {
175 		ad->ad_nis_srvr = srvr;	/* transient */
176 		ad->ad_dosync = TRUE;
177 	} else {
178 		ad->ad_dosync = FALSE;
179 	}
180 	(void) memcpy(ad->ad_fullname, namebuf, ad->ad_fullnamelen + 1);
181 	(void) memcpy(ad->ad_servername, servername, ad->ad_servernamelen + 1);
182 	ad->ad_window = window;
183 	if (ckey == NULL) {
184 		if (key_gendes(&auth->ah_key) < 0) {
185 			syslog(LOG_ERR,
186 	"authdes_seccreate: keyserv(8) is unable to generate session key");
187 			goto failed;
188 		}
189 	} else
190 		auth->ah_key = *ckey;
191 
192 	/*
193 	 * Set up auth handle
194 	 */
195 	auth->ah_cred.oa_flavor = AUTH_DES;
196 	auth->ah_verf.oa_flavor = AUTH_DES;
197 	auth->ah_ops = authdes_ops();
198 	auth->ah_private = (caddr_t)ad;
199 
200 	if (!authdes_refresh(auth, NULL)) {
201 		goto failed;
202 	}
203 	ad->ad_nis_srvr = NULL; /* not needed any longer */
204 	return (auth);
205 
206 failed:
207 	if (auth)
208 		free(auth);
209 	if (ad) {
210 		if (ad->ad_fullname)
211 			free(ad->ad_fullname);
212 		if (ad->ad_servername)
213 			free(ad->ad_servername);
214 		if (ad->ad_timehost)
215 			free(ad->ad_timehost);
216 		if (ad->ad_netid)
217 			free(ad->ad_netid);
218 		if (ad->ad_uaddr)
219 			free(ad->ad_uaddr);
220 		free(ad);
221 	}
222 	return (NULL);
223 }
224 
225 /*
226  * Implement the five authentication operations
227  */
228 
229 /*
230  * 1. Next Verifier
231  */
232 /*ARGSUSED*/
233 static void
234 authdes_nextverf(AUTH *auth)
235 {
236 	/* what the heck am I supposed to do??? */
237 }
238 
239 
240 /*
241  * 2. Marshal
242  */
243 static bool_t
244 authdes_marshal(AUTH *auth, XDR *xdrs)
245 {
246 /* LINTED pointer alignment */
247 	struct ad_private *ad = (struct ad_private *)auth->ah_private;
248 	struct authdes_cred *cred = &ad->ad_cred;
249 	struct authdes_verf *verf = &ad->ad_verf;
250 	des_block cryptbuf[2];
251 	des_block ivec;
252 	int status;
253 	int len;
254 	rpc_inline_t *ixdr;
255 
256 	/*
257 	 * Figure out the "time", accounting for any time difference
258 	 * with the server if necessary.
259 	 */
260 	(void) gettimeofday(&ad->ad_timestamp, NULL);
261 	ad->ad_timestamp.tv_sec += ad->ad_timediff.tv_sec;
262 	ad->ad_timestamp.tv_usec += ad->ad_timediff.tv_usec;
263 	while (ad->ad_timestamp.tv_usec >= USEC_PER_SEC) {
264 		ad->ad_timestamp.tv_usec -= USEC_PER_SEC;
265 		ad->ad_timestamp.tv_sec++;
266 	}
267 
268 	/*
269 	 * XDR the timestamp and possibly some other things, then
270 	 * encrypt them.
271 	 */
272 	ixdr = (rpc_inline_t *)cryptbuf;
273 	IXDR_PUT_INT32(ixdr, ad->ad_timestamp.tv_sec);
274 	IXDR_PUT_INT32(ixdr, ad->ad_timestamp.tv_usec);
275 	if (ad->ad_cred.adc_namekind == ADN_FULLNAME) {
276 		IXDR_PUT_U_INT32(ixdr, ad->ad_window);
277 		IXDR_PUT_U_INT32(ixdr, ad->ad_window - 1);
278 		ivec.key.high = ivec.key.low = 0;
279 		status = cbc_crypt((char *)&auth->ah_key, (char *)cryptbuf,
280 				2 * sizeof (des_block),
281 				DES_ENCRYPT | DES_HW, (char *)&ivec);
282 	} else {
283 		status = ecb_crypt((char *)&auth->ah_key, (char *)cryptbuf,
284 				sizeof (des_block),
285 				DES_ENCRYPT | DES_HW);
286 	}
287 	if (DES_FAILED(status)) {
288 		syslog(LOG_ERR, "authdes_marshal: DES encryption failure");
289 		return (FALSE);
290 	}
291 	ad->ad_verf.adv_xtimestamp = cryptbuf[0];
292 	if (ad->ad_cred.adc_namekind == ADN_FULLNAME) {
293 		ad->ad_cred.adc_fullname.window = cryptbuf[1].key.high;
294 		ad->ad_verf.adv_winverf = cryptbuf[1].key.low;
295 	} else {
296 		ad->ad_cred.adc_nickname = ad->ad_nickname;
297 		ad->ad_verf.adv_winverf = 0;
298 	}
299 
300 	/*
301 	 * Serialize the credential and verifier into opaque
302 	 * authentication data.
303 	 */
304 	if (ad->ad_cred.adc_namekind == ADN_FULLNAME) {
305 		len = ((1 + 1 + 2 + 1)*BYTES_PER_XDR_UNIT + ad->ad_fullnamelen);
306 	} else {
307 		len = (1 + 1)*BYTES_PER_XDR_UNIT;
308 	}
309 
310 	if (ixdr = xdr_inline(xdrs, 2*BYTES_PER_XDR_UNIT)) {
311 		IXDR_PUT_INT32(ixdr, AUTH_DES);
312 		IXDR_PUT_INT32(ixdr, len);
313 	} else {
314 		if (!xdr_putint32(xdrs, (int *)&auth->ah_cred.oa_flavor))
315 			return (FALSE);
316 		if (!xdr_putint32(xdrs, &len))
317 			return (FALSE);
318 	}
319 	if (!xdr_authdes_cred(xdrs, cred))
320 		return (FALSE);
321 
322 	len = (2 + 1)*BYTES_PER_XDR_UNIT;
323 	if (ixdr = xdr_inline(xdrs, 2*BYTES_PER_XDR_UNIT)) {
324 		IXDR_PUT_INT32(ixdr, AUTH_DES);
325 		IXDR_PUT_INT32(ixdr, len);
326 	} else {
327 		if (!xdr_putint32(xdrs, (int *)&auth->ah_verf.oa_flavor))
328 			return (FALSE);
329 		if (!xdr_putint32(xdrs, &len))
330 			return (FALSE);
331 	}
332 	return (xdr_authdes_verf(xdrs, verf));
333 }
334 
335 
336 /*
337  * 3. Validate
338  */
339 static bool_t
340 authdes_validate(AUTH *auth, struct opaque_auth *rverf)
341 {
342 /* LINTED pointer alignment */
343 	struct ad_private *ad = (struct ad_private *)auth->ah_private;
344 	struct authdes_verf verf;
345 	int status;
346 	uint32_t *ixdr;
347 	des_block buf;
348 
349 	if (rverf->oa_length != (2 + 1) * BYTES_PER_XDR_UNIT)
350 		return (FALSE);
351 /* LINTED pointer alignment */
352 	ixdr = (uint32_t *)rverf->oa_base;
353 	buf.key.high = (uint32_t)*ixdr++;
354 	buf.key.low = (uint32_t)*ixdr++;
355 	verf.adv_int_u = (uint32_t)*ixdr++;
356 
357 	/*
358 	 * Decrypt the timestamp
359 	 */
360 	status = ecb_crypt((char *)&auth->ah_key, (char *)&buf,
361 		sizeof (des_block), DES_DECRYPT | DES_HW);
362 
363 	if (DES_FAILED(status)) {
364 		syslog(LOG_ERR, "authdes_validate: DES decryption failure");
365 		return (FALSE);
366 	}
367 
368 	/*
369 	 * xdr the decrypted timestamp
370 	 */
371 /* LINTED pointer alignment */
372 	ixdr = (uint32_t *)buf.c;
373 	verf.adv_timestamp.tv_sec = IXDR_GET_INT32(ixdr) + 1;
374 	verf.adv_timestamp.tv_usec = IXDR_GET_INT32(ixdr);
375 
376 	/*
377 	 * validate
378 	 */
379 	if (memcmp(&ad->ad_timestamp, &verf.adv_timestamp,
380 		sizeof (struct timeval)) != 0) {
381 		syslog(LOG_DEBUG, "authdes_validate: verifier mismatch");
382 		return (FALSE);
383 	}
384 
385 	/*
386 	 * We have a nickname now, let's use it
387 	 */
388 	ad->ad_nickname = verf.adv_nickname;
389 	ad->ad_cred.adc_namekind = ADN_NICKNAME;
390 	return (TRUE);
391 }
392 
393 /*
394  * 4. Refresh
395  */
396 /*ARGSUSED*/
397 static bool_t
398 authdes_refresh(AUTH *auth, void *dummy)
399 {
400 /* LINTED pointer alignment */
401 	struct ad_private *ad = (struct ad_private *)auth->ah_private;
402 	struct authdes_cred *cred = &ad->ad_cred;
403 	int		ok;
404 	netobj		pkey;
405 
406 	if (ad->ad_dosync) {
407 		ok = __rpc_get_time_offset(&ad->ad_timediff, ad->ad_nis_srvr,
408 					    ad->ad_timehost, &(ad->ad_uaddr),
409 					    &(ad->ad_netid));
410 		if (!ok) {
411 			/*
412 			 * Hope the clocks are synced!
413 			 */
414 			ad->ad_dosync = 0;
415 			syslog(LOG_DEBUG,
416 		    "authdes_refresh: unable to synchronize clock");
417 		}
418 	}
419 	ad->ad_xkey = auth->ah_key;
420 	pkey.n_bytes = (char *)(ad->ad_pkey);
421 	pkey.n_len = (uint_t)strlen((char *)ad->ad_pkey) + 1;
422 	if (key_encryptsession_pk(ad->ad_servername, &pkey, &ad->ad_xkey) < 0) {
423 		syslog(LOG_INFO,
424 	"authdes_refresh: keyserv(8) is unable to encrypt session key");
425 		return (FALSE);
426 	}
427 	cred->adc_fullname.key = ad->ad_xkey;
428 	cred->adc_namekind = ADN_FULLNAME;
429 	cred->adc_fullname.name = ad->ad_fullname;
430 	return (TRUE);
431 }
432 
433 
434 /*
435  * 5. Destroy
436  */
437 static void
438 authdes_destroy(AUTH *auth)
439 {
440 /* LINTED pointer alignment */
441 	struct ad_private *ad = (struct ad_private *)auth->ah_private;
442 
443 	free(ad->ad_fullname);
444 	free(ad->ad_servername);
445 	if (ad->ad_timehost)
446 		free(ad->ad_timehost);
447 	if (ad->ad_netid)
448 		free(ad->ad_netid);
449 	if (ad->ad_uaddr)
450 		free(ad->ad_uaddr);
451 	free(ad);
452 	free(auth);
453 }
454 
455 static struct auth_ops *
456 authdes_ops(void)
457 {
458 	static struct auth_ops ops;
459 	extern mutex_t ops_lock;
460 
461 	/* VARIABLES PROTECTED BY ops_lock: ops */
462 
463 	(void) mutex_lock(&ops_lock);
464 	if (ops.ah_nextverf == NULL) {
465 		ops.ah_nextverf = authdes_nextverf;
466 		ops.ah_marshal = authdes_marshal;
467 		ops.ah_validate = authdes_validate;
468 		ops.ah_refresh = authdes_refresh;
469 		ops.ah_destroy = authdes_destroy;
470 	}
471 	(void) mutex_unlock(&ops_lock);
472 	return (&ops);
473 }
474