Adding upstream version 2:4.20.0+dfsg.upstream/2%4.20.0+dfsg

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 271 insertions, 0 deletions

diff --git a/third_party/heimdal/lib/gssapi/krb5/8003.c b/third_party/heimdal/lib/gssapi/krb5/8003.c
new file mode 100644
index 0000000..0b91cf8
--- /dev/null
+++ b/third_party/heimdal/lib/gssapi/krb5/8003.c
@@ -0,0 +1,271 @@
+/*
+ * Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "gsskrb5_locl.h"
+
+static krb5_error_code
+hash_input_chan_bindings (const gss_channel_bindings_t b,
+			  u_char *p)
+{
+  u_char num[4];
+  EVP_MD_CTX *ctx;
+
+  ctx = EVP_MD_CTX_create();
+  EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
+
+  _gss_mg_encode_le_uint32 (b->initiator_addrtype, num);
+  EVP_DigestUpdate(ctx, num, sizeof(num));
+  _gss_mg_encode_le_uint32 (b->initiator_address.length, num);
+  EVP_DigestUpdate(ctx, num, sizeof(num));
+  if (b->initiator_address.length)
+      EVP_DigestUpdate(ctx,
+		       b->initiator_address.value,
+		       b->initiator_address.length);
+  _gss_mg_encode_le_uint32 (b->acceptor_addrtype, num);
+  EVP_DigestUpdate(ctx, num, sizeof(num));
+  _gss_mg_encode_le_uint32 (b->acceptor_address.length, num);
+  EVP_DigestUpdate(ctx, num, sizeof(num));
+  if (b->acceptor_address.length)
+      EVP_DigestUpdate(ctx,
+		       b->acceptor_address.value,
+		       b->acceptor_address.length);
+  _gss_mg_encode_le_uint32 (b->application_data.length, num);
+  EVP_DigestUpdate(ctx, num, sizeof(num));
+  if (b->application_data.length)
+      EVP_DigestUpdate(ctx,
+		       b->application_data.value,
+		       b->application_data.length);
+  EVP_DigestFinal_ex(ctx, p, NULL);
+  EVP_MD_CTX_destroy(ctx);
+
+  return 0;
+}
+
+/*
+ * create a checksum over the chanel bindings in
+ * `input_chan_bindings', `flags' and `fwd_data' and return it in
+ * `result'
+ */
+
+OM_uint32
+_gsskrb5_create_8003_checksum (
+		      OM_uint32 *minor_status,
+		      const gss_channel_bindings_t input_chan_bindings,
+		      OM_uint32 flags,
+		      const krb5_data *fwd_data,
+		      Checksum *result)
+{
+    u_char *p;
+
+    /*
+     * see rfc1964 (section 1.1.1 (Initial Token), and the checksum value
+     * field's format) */
+    result->cksumtype = CKSUMTYPE_GSSAPI;
+    if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG))
+	result->checksum.length = 24 + 4 + fwd_data->length;
+    else
+	result->checksum.length = 24;
+    result->checksum.data   = malloc (result->checksum.length);
+    if (result->checksum.data == NULL) {
+	*minor_status = ENOMEM;
+	return GSS_S_FAILURE;
+    }
+
+    p = result->checksum.data;
+    _gss_mg_encode_le_uint32 (16, p);
+    p += 4;
+    if (input_chan_bindings == GSS_C_NO_CHANNEL_BINDINGS) {
+	memset (p, 0, 16);
+    } else {
+	hash_input_chan_bindings (input_chan_bindings, p);
+    }
+    p += 16;
+    _gss_mg_encode_le_uint32 (flags, p);
+    p += 4;
+
+    if (fwd_data->length > 0 && (flags & GSS_C_DELEG_FLAG)) {
+
+	*p++ = (1 >> 0) & 0xFF;                   /* DlgOpt */ /* == 1 */
+	*p++ = (1 >> 8) & 0xFF;                   /* DlgOpt */ /* == 0 */
+	*p++ = (fwd_data->length >> 0) & 0xFF;    /* Dlgth  */
+	*p++ = (fwd_data->length >> 8) & 0xFF;    /* Dlgth  */
+	memcpy(p, (unsigned char *) fwd_data->data, fwd_data->length);
+
+	/* p += fwd_data->length; */ /* commented out to quiet warning */
+    }
+
+    return GSS_S_COMPLETE;
+}
+
+static krb5_error_code
+check_ap_options_cbt(void *ad_data, size_t ad_len,
+                     krb5_boolean *client_asserted_cb)
+{
+    uint32_t ad_ap_options;
+
+    *client_asserted_cb = FALSE;
+
+    if (ad_len != sizeof(uint32_t))
+	return KRB5KRB_AP_ERR_MSG_TYPE;
+
+    _gss_mg_decode_le_uint32(ad_data, &ad_ap_options);
+
+    if (ad_ap_options & KERB_AP_OPTIONS_CBT)
+	*client_asserted_cb = TRUE;
+
+    return 0;
+}
+
+static krb5_error_code
+find_ap_options(krb5_context context,
+		krb5_authenticator authenticator,
+	        krb5_boolean *client_asserted_cb)
+{
+    krb5_error_code ret;
+    krb5_authdata *ad;
+    krb5_data data;
+
+    *client_asserted_cb = FALSE;
+
+    ad = authenticator->authorization_data;
+    if (ad == NULL)
+	return 0;
+
+    ret = _krb5_get_ad(context, ad, NULL, KRB5_AUTHDATA_AP_OPTIONS,  &data);
+    if (ret)
+	return ret == ENOENT ? 0 : ret;
+
+    ret = check_ap_options_cbt(data.data, data.length, client_asserted_cb);
+    krb5_data_free(&data);
+
+    return ret;
+}
+
+/*
+ * verify the checksum in `cksum' over `input_chan_bindings'
+ * returning  `flags' and `fwd_data'
+ */
+
+OM_uint32
+_gsskrb5_verify_8003_checksum(
+		      krb5_context context,
+		      OM_uint32 *minor_status,
+		      const gss_channel_bindings_t input_chan_bindings,
+		      krb5_authenticator authenticator,
+		      OM_uint32 *flags,
+		      krb5_data *fwd_data)
+{
+    unsigned char hash[16];
+    unsigned char *p;
+    OM_uint32 length;
+    int DlgOpt;
+    static unsigned char zeros[16];
+    krb5_boolean channel_bound = FALSE;
+    const Checksum *cksum = authenticator->cksum;
+    krb5_boolean client_asserted_cb;
+    krb5_error_code ret;
+
+    /* XXX should handle checksums > 24 bytes */
+    if(cksum->cksumtype != CKSUMTYPE_GSSAPI || cksum->checksum.length < 24) {
+	*minor_status = 0;
+	return GSS_S_BAD_BINDINGS;
+    }
+
+    p = cksum->checksum.data;
+    _gss_mg_decode_le_uint32(p, &length);
+    if(length != sizeof(hash)) {
+	*minor_status = 0;
+	return GSS_S_BAD_BINDINGS;
+    }
+
+    p += 4;
+
+    ret = find_ap_options(context, authenticator, &client_asserted_cb);
+    if (ret) {
+	*minor_status = ret;
+	return GSS_S_FAILURE;
+    }
+
+    if (input_chan_bindings != GSS_C_NO_CHANNEL_BINDINGS
+	&& (ct_memcmp(p, zeros, sizeof(zeros)) != 0 || client_asserted_cb)) {
+	if(hash_input_chan_bindings(input_chan_bindings, hash) != 0) {
+	    *minor_status = 0;
+	    return GSS_S_BAD_BINDINGS;
+	}
+	if(ct_memcmp(hash, p, sizeof(hash)) != 0) {
+	    *minor_status = 0;
+	    return GSS_S_BAD_BINDINGS;
+	}
+	channel_bound = TRUE;
+    }
+
+    p += sizeof(hash);
+
+    _gss_mg_decode_le_uint32(p, flags);
+    p += 4;
+
+    if (cksum->checksum.length > 24 && (*flags & GSS_C_DELEG_FLAG)) {
+	if(cksum->checksum.length < 28) {
+	    *minor_status = 0;
+	    return GSS_S_BAD_BINDINGS;
+	}
+
+	DlgOpt = (p[0] << 0) | (p[1] << 8);
+	p += 2;
+	if (DlgOpt != 1) {
+	    *minor_status = 0;
+	    return GSS_S_BAD_BINDINGS;
+	}
+
+	fwd_data->length = (p[0] << 0) | (p[1] << 8);
+	p += 2;
+	if(cksum->checksum.length < 28 + fwd_data->length) {
+	    *minor_status = 0;
+	    return GSS_S_BAD_BINDINGS;
+	}
+	fwd_data->data = malloc(fwd_data->length);
+	if (fwd_data->data == NULL) {
+	    *minor_status = ENOMEM;
+	    return GSS_S_FAILURE;
+	}
+	memcpy(fwd_data->data, p, fwd_data->length);
+    }
+
+    if (channel_bound) {
+	*flags |= GSS_C_CHANNEL_BOUND_FLAG;
+    } else {
+	*flags &= ~GSS_C_CHANNEL_BOUND_FLAG;
+    }
+
+    return GSS_S_COMPLETE;
+}