diff options
Diffstat (limited to 'third_party/heimdal/lib/krb5/mk_cred.c')
| -rw-r--r-- | third_party/heimdal/lib/krb5/mk_cred.c | 324 |
1 files changed, 324 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/krb5/mk_cred.c b/third_party/heimdal/lib/krb5/mk_cred.c new file mode 100644 index 0000000..41e858f --- /dev/null +++ b/third_party/heimdal/lib/krb5/mk_cred.c @@ -0,0 +1,324 @@ +/* + * Copyright (c) 1997 - 2004 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb5_locl.h" + +#define CHECKED_ALLOC(dst) do { \ + if ((ALLOC(dst, 1)) == NULL) { \ + ret = krb5_enomem(context); \ + goto out; \ + } \ + } while (0) + +#define CHECKED_COPY(cp_func, dst, src) do { \ + if (cp_func(src, dst)) { \ + ret = krb5_enomem(context); \ + goto out; \ + } \ + } while (0) +#define CHECKED_COPY_PPC2KCI(cp_func, dst, src) \ + CHECKED_COPY(cp_func, krb_cred_info->dst, &ppcreds[i]->src) + +#define CHECKED_ALLOC_ASSIGN(dst, src) do { \ + if ((ALLOC(dst, 1)) == NULL) { \ + ret = krb5_enomem(context); \ + goto out; \ + } else \ + *dst = src; \ + } while (0) +#define CHECKED_ALLOC_ASSIGN_PPC2KCI(dst, src) \ + CHECKED_ALLOC_ASSIGN(krb_cred_info->dst, ppcreds[i]->src) + +#define CHECKED_ALLOC_COPY(cp_func, dst, src) do { \ + if ((ALLOC(dst, 1)) == NULL || cp_func(src, dst)) { \ + ret = krb5_enomem(context); \ + goto out; \ + } \ + } while (0) +#define CHECKED_ALLOC_COPY_PPC2KCI(cp_func, dst, src) \ + CHECKED_ALLOC_COPY(cp_func, krb_cred_info->dst, &ppcreds[i]->src) + +/** + * Make a KRB-CRED PDU with N credentials. + * + * @param context A kerberos 5 context. + * @param auth_context The auth context with the key to encrypt the out_data. + * @param ppcreds A null-terminated array of credentials to forward. + * @param ppdata The output KRB-CRED (to be freed by caller). + * @param replay_data (unused). + * + * @return Return an error code or 0. + * + * @ingroup krb5_credential + */ + +/* ARGSUSED */ +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context, + krb5_creds **ppcreds, krb5_data **ppdata, + krb5_replay_data *replay_data) +{ + krb5_error_code ret; + krb5_data out_data; + + ret = _krb5_mk_ncred(context, auth_context, ppcreds, &out_data, + replay_data); + if (ret == 0) { + /* + * MIT allocates the return structure for no good reason. We do + * likewise as, in this case, incompatibility is the greater evil. + */ + *ppdata = calloc(1, sizeof(**ppdata)); + if (*ppdata) { + **ppdata = out_data; + } else { + krb5_data_free(&out_data); + ret = krb5_enomem(context); + } + } + + return ret; +} + +/* ARGSUSED */ +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_mk_ncred(krb5_context context, + krb5_auth_context auth_context, + krb5_creds **ppcreds, + krb5_data *out_data, + krb5_replay_data *replay_data) +{ + krb5_error_code ret; + EncKrbCredPart enc_krb_cred_part; + KrbCredInfo *krb_cred_info; + krb5_crypto crypto; + KRB_CRED cred; + unsigned char *buf = NULL; + size_t ncreds, i; + size_t buf_size; + size_t len; + + /* + * The ownership of 'buf' is re-assigned to a containing structure + * multiple times. We enforce an invariant, either buf is non-zero + * and we own it, or buf is zero and it is freed or some structure + * owns any storage previously allocated as 'buf'. + */ +#define CHOWN_BUF(x, buf) do { (x) = (buf); (buf) = 0; } while (0) +#define DISOWN_BUF(buf) do { free(buf); (buf) = 0; } while (0) + + for (ncreds = 0; ppcreds[ncreds]; ncreds++) + ; + + memset (&cred, 0, sizeof(cred)); + memset (&enc_krb_cred_part, 0, sizeof(enc_krb_cred_part)); + cred.pvno = 5; + cred.msg_type = krb_cred; + ALLOC_SEQ(&cred.tickets, ncreds); + if (cred.tickets.val == NULL) { + ret = krb5_enomem(context); + goto out; + } + ALLOC_SEQ(&enc_krb_cred_part.ticket_info, ncreds); + if (enc_krb_cred_part.ticket_info.val == NULL) { + ret = krb5_enomem(context); + goto out; + } + + for (i = 0; i < ncreds; i++) { + ret = decode_Ticket(ppcreds[i]->ticket.data, + ppcreds[i]->ticket.length, + &cred.tickets.val[i], + &len);/* don't care about len */ + if (ret) + goto out; + + /* fill ticket_info.val[i] */ + krb_cred_info = &enc_krb_cred_part.ticket_info.val[i]; + + CHECKED_COPY(copy_EncryptionKey, + &krb_cred_info->key, &ppcreds[i]->session); + CHECKED_ALLOC_COPY_PPC2KCI(copy_Realm, prealm, client->realm); + CHECKED_ALLOC_COPY_PPC2KCI(copy_PrincipalName, pname, client->name); + CHECKED_ALLOC_ASSIGN_PPC2KCI(flags, flags.b); + CHECKED_ALLOC_ASSIGN_PPC2KCI(authtime, times.authtime); + CHECKED_ALLOC_ASSIGN_PPC2KCI(starttime, times.starttime); + CHECKED_ALLOC_ASSIGN_PPC2KCI(endtime, times.endtime); + CHECKED_ALLOC_ASSIGN_PPC2KCI(renew_till, times.renew_till); + CHECKED_ALLOC_COPY_PPC2KCI(copy_Realm, srealm, server->realm); + CHECKED_ALLOC_COPY_PPC2KCI(copy_PrincipalName, sname, server->name); + CHECKED_ALLOC_COPY_PPC2KCI(copy_HostAddresses, caddr, addresses); + } + + if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { + krb5_timestamp sec; + int32_t usec; + + krb5_us_timeofday (context, &sec, &usec); + + CHECKED_ALLOC_ASSIGN(enc_krb_cred_part.timestamp, sec); + CHECKED_ALLOC_ASSIGN(enc_krb_cred_part.usec, usec); + } else { + enc_krb_cred_part.timestamp = NULL; + enc_krb_cred_part.usec = NULL; + /* XXX Er, shouldn't we set the seq nums?? */ + } + + /* XXX: Is this needed? */ + if (auth_context->local_address && auth_context->local_port) { + ret = krb5_make_addrport(context, + &enc_krb_cred_part.s_address, + auth_context->local_address, + auth_context->local_port); + if (ret) + goto out; + } + + /* XXX: Is this needed? */ + if (auth_context->remote_address) { + if (auth_context->remote_port) { + /* + * XXX: Should we be checking "no-addresses" for + * the receiving realm? + */ + ret = krb5_make_addrport(context, + &enc_krb_cred_part.r_address, + auth_context->remote_address, + auth_context->remote_port); + if (ret) + goto out; + } else { + /* + * XXX Ugly, make krb5_make_addrport() handle missing port + * number (i.e., port == 0), then remove this else. + */ + CHECKED_ALLOC(enc_krb_cred_part.r_address); + ret = krb5_copy_address(context, auth_context->remote_address, + enc_krb_cred_part.r_address); + if (ret) + goto out; + } + } + + /* encode EncKrbCredPart */ + ASN1_MALLOC_ENCODE(EncKrbCredPart, buf, buf_size, + &enc_krb_cred_part, &len, ret); + if (ret) + goto out; + + /** + * Some older of the MIT gssapi library used clear-text tickets + * (warped inside AP-REQ encryption), use the krb5_auth_context + * flag KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED to support those + * tickets. The session key is used otherwise to encrypt the + * forwarded ticket. + */ + + if (auth_context->flags & KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED) { + cred.enc_part.etype = KRB5_ENCTYPE_NULL; + cred.enc_part.kvno = NULL; + CHOWN_BUF(cred.enc_part.cipher.data, buf); + cred.enc_part.cipher.length = buf_size; + } else { + /* + * Here older versions then 0.7.2 of Heimdal used the local or + * remote subkey. That is wrong, the session key should be + * used. Heimdal 0.7.2 and newer have code to try both in the + * receiving end. + */ + + ret = krb5_crypto_init(context, auth_context->keyblock, 0, &crypto); + if (ret == 0) + ret = krb5_encrypt_EncryptedData(context, + crypto, + KRB5_KU_KRB_CRED, + buf, + len, + 0, + &cred.enc_part); + if (ret) + goto out; + DISOWN_BUF(buf); + krb5_crypto_destroy(context, crypto); + } + + ASN1_MALLOC_ENCODE(KRB_CRED, buf, buf_size, &cred, &len, ret); + if (ret) + goto out; + + CHOWN_BUF(out_data->data, buf); + out_data->length = len; + ret = 0; + + out: + free_EncKrbCredPart(&enc_krb_cred_part); + free_KRB_CRED(&cred); + free(buf); + return ret; +} + +/** + * Make a KRB-CRED PDU with 1 credential. + * + * @param context A kerberos 5 context. + * @param auth_context The auth context with the key to encrypt the out_data. + * @param ppcred A credential to forward. + * @param ppdata The output KRB-CRED (to be freed by caller). + * @param replay_data (unused). + * + * @return Return an error code or 0. + * + * @ingroup krb5_credential + */ + +/* ARGSUSED */ +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +krb5_mk_1cred(krb5_context context, krb5_auth_context auth_context, + krb5_creds *ppcred, krb5_data **ppdata, + krb5_replay_data *replay_data) +{ + krb5_creds *ppcreds[2] = { ppcred, NULL }; + + return krb5_mk_ncred(context, auth_context, ppcreds, ppdata, replay_data); +} + +/* ARGSUSED */ +KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL +_krb5_mk_1cred(krb5_context context, krb5_auth_context auth_context, + krb5_creds *ppcred, krb5_data *ppdata, + krb5_replay_data *replay_data) +{ + krb5_creds *ppcreds[2] = { ppcred, NULL }; + + return _krb5_mk_ncred(context, auth_context, ppcreds, ppdata, replay_data); +} |