kdc_preauth.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
*
* Copyright 1995 by the Massachusetts Institute of Technology.
* All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
* Preauthentication routines for the KDC.
*/
/*
* Copyright (C) 1998 by the FundsXpress, INC.
*
* All rights reserved.
*
* Export of this software from the United States of America may require
* a specific license from the United States Government. It is the
* responsibility of any person or organization contemplating export to
* obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of FundsXpress. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. FundsXpress makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
#include "k5-int.h"
#include "kdc_util.h"
#include "extern.h"
#include "com_err.h"
#include <assert.h>
#include <stdio.h>
#include <libintl.h>
#include <syslog.h>
typedef krb5_error_code (*verify_proc)
typedef krb5_error_code (*edata_proc)
krb5_pa_data *data);
typedef krb5_error_code (*return_proc)
krb5_pa_data **send_pa);
typedef struct _krb5_preauth_systems {
char * name;
int type;
int flags;
static krb5_error_code get_etype_info
krb5_pa_data *data);
static krb5_error_code
static krb5_error_code
krb5_pa_data **send_pa);
static krb5_error_code return_pw_salt
krb5_pa_data **send_pa);
/* SAM preauth support */
static krb5_error_code get_sam_edata
krb5_pa_data *data);
static krb5_error_code return_sam_data
krb5_pa_data **send_pa);
/*
* Preauth property flags
*/
#define PA_HARDWARE 0x00000001
#define PA_REQUIRED 0x00000002
#define PA_SUFFICIENT 0x00000004
/* Not really a padata, so don't include it in the etype list*/
#define PA_PSEUDO 0x00000008
static krb5_preauth_systems preauth_systems[] = {
{
"timestamp",
0,
0,
0
},
{
"etype-info",
0,
0,
0
},
{
"etype-info2",
0,
0,
},
{
"pw-salt",
PA_PSEUDO, /* Don't include this in the error list */
0,
0,
},
{
"sam-response",
0,
0,
},
{
"sam-challenge",
PA_HARDWARE, /* causes get_preauth_hint_list to use this */
0,
0
},
{ "[end]", -1,}
};
static krb5_error_code
{
ap++;
return(KRB5_PREAUTH_BAD_TYPE);
return 0;
}
{
#if 0
/*
* If this is the pwchange service, and the pre-auth bit is set,
* allow it even if the HW preauth would normally be required.
*
* Sandia national labs wanted this for some strange reason... we
* leave it disabled normally.
*/
return 0;
#endif
#ifdef DEBUG
"client needs %spreauth, %shw preauth; request has %spreauth, %shw preauth",
#endif
return "NEEDED_PREAUTH";
return "NEEDED_HW_PREAUTH";
return 0;
}
void get_preauth_hint_list(
{
int hw_only;
/* Zero these out in case we need to abort */
if (pa_data == 0)
return;
continue;
continue;
if (*pa == 0)
goto errout;
if (retval) {
/* just failed on this type, continue */
*pa = 0;
continue;
}
}
pa++;
}
if (pa_data[0] == 0) {
"%spreauth required but hint list is empty",
}
&edat);
if (retval)
goto errout;
return;
}
/*
* This routine is called to verify the preauthentication information
* for a V5 request.
*
* Returns 0 if the pre-authentication is valid, non-zero to indicate
* an error code of some sort.
*/
{
krb5_error_code retval = 0;
return 0;
#ifdef DEBUG
#endif
#ifdef DEBUG
#endif
continue;
#ifdef DEBUG
#endif
if (pa_sys->verify_padata == 0)
continue;
pa_found++;
enc_tkt_reply, *padata);
if (retval) {
pa_ok = 0;
break;
}
} else {
#ifdef DEBUG
#endif
pa_ok = 1;
break;
}
}
if (pa_ok)
return 0;
/* pa system was not found, but principal doesn't require preauth */
if (!pa_found &&
return 0;
if (!pa_found)
error_message (retval));
/* The following switch statement allows us
* to return some preauth system errors back to the client.
*/
switch(retval) {
case KRB5KRB_AP_ERR_SKEW:
return retval;
default:
return KRB5KDC_ERR_PREAUTH_FAILED;
}
}
/*
* return_padata creates any necessary preauthentication
* structures which should be returned by the KDC to the client
*/
{
krb5_pa_data ** padata;
krb5_pa_data ** send_pa;
krb5_pa_data * pa = 0;
int size = 0;
if (ap->return_padata)
size++;
}
return ENOMEM;
*send_pa = 0;
if (ap->return_padata == 0)
continue;
pa = 0;
break;
}
}
}
goto cleanup;
if (*send_pa)
send_pa++;
*send_pa = 0;
}
retval = 0;
if (send_pa_list[0]) {
send_pa_list = 0;
}
if (send_pa_list)
return (retval);
}
static krb5_boolean
{
switch(enctype) {
case ENCTYPE_DES_CBC_CRC:
case ENCTYPE_DES_CBC_MD4:
case ENCTYPE_DES_CBC_MD5:
case ENCTYPE_DES3_CBC_SHA1:
case ENCTYPE_DES3_CBC_RAW:
case ENCTYPE_ARCFOUR_HMAC:
case ENCTYPE_ARCFOUR_HMAC_EXP :
return 0;
default:
if (krb5_c_valid_enctype(enctype))
return 1;
else return 0;
}
}
static krb5_boolean
{
int i;
return 1;
return 0;
}
static krb5_error_code
krb5_pa_data * pa)
{
krb5_pa_enc_ts * pa_enc = 0;
krb5_enc_data *enc_data = 0;
enc_ts_data.data = 0;
goto cleanup;
goto cleanup;
start = 0;
decrypt_err = 0;
while (1) {
-1, 0, &client_key)))
goto cleanup;
goto cleanup;
0, enc_data, &enc_ts_data);
if (retval == 0)
break;
else
}
goto cleanup;
goto cleanup;
goto cleanup;
}
retval = 0;
if (enc_data) {
}
if (pa_enc)
/*
* If we get NO_MATCHING_KEY and decryption previously failed, and
* we failed to find any other keys of the correct enctype after
* that failed decryption, it probably means that the password was
* incorrect.
*/
return retval;
}
static krb5_error_code
int etype_info2)
{
return ENOMEM;
client_key, &salt);
if (retval)
goto fail;
switch (etype) {
case ENCTYPE_DES_CBC_CRC:
case ENCTYPE_DES_CBC_MD4:
case ENCTYPE_DES_CBC_MD5:
goto fail;
}
break;
default:
break;
}
}
}
return 0;
fail:
if (tmp_entry) {
}
return retval;
}
/*
* This function returns the etype information for a particular
* client, to be passed back in the preauth list in the KRB_ERROR
* message. It supports generating both etype_info and etype_info2
* as most of the work is the same.
*/
static krb5_error_code
{
krb5_etype_info_entry ** entry = 0;
int i = 0;
int start = 0;
int seen_des = 0;
sizeof(krb5_etype_info_entry *));
return ENOMEM;
while (1) {
-1, 0, &client_key);
if (retval == KRB5_KDB_NO_MATCHING_KEY)
break;
if (retval)
goto cleanup;
if (db_etype == ENCTYPE_DES_CBC_MD4)
goto cleanup;
}
entry[i+1] = 0;
i++;
}
/*
* If there is a des key in the kdb, try the "similar" enctypes,
* avoid duplicate entries.
*/
if (!seen_des) {
switch (db_etype) {
case ENCTYPE_DES_CBC_MD5:
break;
case ENCTYPE_DES_CBC_CRC:
break;
default:
continue;
}
goto cleanup;
}
entry[i+1] = 0;
i++;
}
seen_des++;
}
}
if (etype_info2)
&scratch);
else
if (retval)
goto cleanup;
/*
* note, don't free scratch->data as it is in use (don't use
* krb5_free_data() either).
*/
retval = 0;
if (entry)
return retval;
}
static krb5_error_code
{
int i;
return KRB5KDC_ERR_PADATA_TYPE_NOSUPP ;;;; /*Caller will
* skip this
* type*/
}
}
static krb5_error_code
{
}
static krb5_error_code
{
if (tmp_padata == NULL)
return ENOMEM;
goto cleanup;
}
entry, 1);
if (retval)
goto cleanup;
&scratch);
if (retval)
goto cleanup;
*send_pa = tmp_padata;
/* For cleanup - we no longer own the contents of the krb5_data
* only to pointer to the krb5_data
*/
if (entry)
if (retval) {
if (tmp_padata)
}
if (scratch)
return retval;
}
static krb5_error_code
krb5_pa_data ** send_pa;
{
int i;
return 0;
}
return 0;
return ENOMEM;
case KRB5_KDB_SALTTYPE_V4:
/* send an empty (V4) salt */
break;
&salt_data)))
goto cleanup;
break;
case KRB5_KDB_SALTTYPE_AFS3:
/* send an AFS style realm-based salt */
/* for now, just pass the realm back and let the client
do the work. In the future, add a kdc configuration
variable that specifies the old cell name. */
/* it would be just like ONLYREALM, but we need to pass the 0 */
goto cleanup;
}
break;
goto cleanup;
}
break;
== NULL) {
goto cleanup;
}
break;
default:
return 0;
}
return 0;
return retval;
}
static krb5_error_code
krb5_pa_data ** send_pa;
{
int i;
krb5_sam_response *sr = 0;
if (in_padata == 0)
return 0;
/*
* We start by doing the same thing verify_sam_response() does:
* extract the psr from the padata (which is an sr). Nothing
* here should generate errors! We've already successfully done
* all this once.
*/
gettext("return_sam_data(): decode_krb5_sam_response failed"));
goto cleanup;
}
{
goto cleanup;
}
gettext("return_sam_data(): decrypt track_id failed"));
goto cleanup;
}
}
"return_sam_data(): decode_krb5_predicted_sam_response failed"));
goto cleanup;
}
/* We could use sr->sam_flags, but it may be absent or altered. */
gettext("Unsupported SAM flag must-pk-encrypt-sad"));
goto cleanup;
}
/* No key munging */
goto cleanup;
}
/* Use sam_key instead of client key */
/* XXX Attach a useful pa_data */
goto cleanup;
}
/* Otherwise (no flags set), we XOR the keys */
/* XXX The passwords-04 draft is underspecified here wrt different
key types. We will do what I hope to get into the -05 draft. */
{
for (i = 0; i < length; i++)
p[i] ^= q[i];
}
/* Post-mixing key correction */
switch (encrypting_key->enctype) {
case ENCTYPE_DES_CBC_CRC:
case ENCTYPE_DES_CBC_MD4:
case ENCTYPE_DES_CBC_MD5:
case ENCTYPE_DES_CBC_RAW:
break;
/* XXX case ENCTYPE_DES3_CBC_MD5: listed in 1510bis-04 draft */
case ENCTYPE_DES3_CBC_SHA: /* XXX deprecated? */
case ENCTYPE_DES3_CBC_RAW:
case ENCTYPE_DES3_CBC_SHA1:
for (i = 0; i < 3; i++) {
}
break;
default:
gettext("Unimplemented keytype for SAM key mixing"));
goto cleanup;
}
/* XXX Attach a useful pa_data */
if (sr)
if (psr)
return retval;
}
static struct {
char* name;
int sam_type;
} *sam_ptr, sam_inst_map[] = {
#if 0 /* SUNWresync121 - unsupported hardware and kdc.log annoyance */
{ "SNK4", PA_SAM_TYPE_DIGI_PATH, },
{ "SECURID", PA_SAM_TYPE_SECURID, },
{ "GRAIL", PA_SAM_TYPE_GRAIL, },
#endif
{ 0, 0 },
};
static krb5_error_code
{
char response[9];
char inputblock[8];
/* Given the client name we can figure out what type of preauth
they need. The spec is currently for querying the database for
names that match the types of preauth used. Later we should
make this mapping show up in kdc.conf. In the meantime, we
hardcode the following:
/SNK4 -- Digital Pathways SNK/4 preauth.
/GRAIL -- experimental preauth
The first one found is used. See sam_inst_map above.
For SNK4 in particular, the key in the database is the key for
the device; kadmin needs a special interface for it.
*/
{
int probeslot;
if (retval) {
gettext("copying client name for preauth probe"));
return retval;
}
npr = 1;
if(!retval) {
break;
}
}
/* if sc.sam_type is set, it worked */
/* so use assoc to get the key out! */
{
/* here's what do_tgs_req does */
0, /* Get highest kvno */
&assoc_key);
if (retval) {
char *sname;
gettext("snk4 finding the enctype and key <%s>"),
sname);
return retval;
}
/* convert server.key into a real key */
NULL);
if (retval) {
gettext("snk4 pulling out key entry"));
return retval;
}
/* now we can use encrypting_key... */
}
} else {
/* SAM is not an option - so don't return as hint */
return KRB5_PREAUTH_BAD_TYPE;
}
}
/* Replay prevention */
return retval;
#ifdef USE_RCACHE
return retval;
#endif /* USE_RCACHE */
case PA_SAM_TYPE_GRAIL:
#if 0 /* Enable this to test "normal" (no flags set) mode. */
#endif
/* string2key on sc.sam_challenge goes in here */
/* eblock is just to set the enctype */
{
goto cleanup;
goto cleanup;
{
goto cleanup;
goto cleanup;
}
goto cleanup;
}
}
/* Generate checksum */
/*krb5_checksum_size(context, ctype)*/
/*krb5_calculate_checksum(context,ctype,in,in_length,seed,
seed_length,outcksum) */
/*krb5_verify_checksum(context,ctype,cksum,in,in_length,seed,
seed_length) */
#if 0 /* XXX a) glue appears broken; b) this gives up the SAD */
#endif /* 0 */
retval = 0;
break;
case PA_SAM_TYPE_DIGI_PATH:
#if 1
#endif
/* generate digit string, take it mod 1000000 (six digits.) */
{
int j;
char outputblock[8];
int i;
&session_key);
if (retval) {
/* random key failed */
gettext("generating random challenge for preauth"));
return retval;
}
/* now session_key has a key which we can pick bits out of */
/* we need six decimal digits. Grab 6 bytes, div 2, mod 10 each. */
gettext("keytype didn't match code expectations"));
return retval;
}
for(i = 0; i<6; i++) {
}
if (session_key.contents)
/* retval = krb5_finish_key(kdc_context, &eblock); */
/* now we have inputblock containing the 8 byte input to DES... */
if (retval) {
gettext("snk4 processing key"));
}
{
/* XXX I know this is enough because of the fixed raw enctype.
if it's not, the underlying code will return a reasonable
error, which should never happen */
gettext("snk4 response generation failed"));
return retval;
}
}
/* now output block is the raw bits of the response; convert it
to display form */
for (j=0; j<4; j++) {
char n[2];
int k;
n[0] = outputblock[j] & 0xf;
for (k=0; k<2; k++) {
if(n[k] > 9) n[k] = ((n[k]-1)>>2);
/* This is equivalent to:
if(n[k]>=0xa && n[k]<=0xc) n[k] = 2;
if(n[k]>=0xd && n[k]<=0xf) n[k] = 3;
*/
}
/* for v4, we keygen: *(j+(char*)&key1) = (n[1]<<4) | n[0]; */
/* for v5, we just generate a string */
/* and now, response has what we work with. */
}
response[8] = 0;
#if 0 /* for debugging, hack the output too! */
#endif
}
/* string2key on sc.sam_challenge goes in here */
/* eblock is just to set the enctype */
{
&predict_response, 0 /* salt */,
{
goto cleanup;
goto cleanup;
}
goto cleanup;
}
}
/* Generate checksum */
/*krb5_checksum_size(context, ctype)*/
/*krb5_calculate_checksum(context,ctype,in,in_length,seed,
seed_length,outcksum) */
/*krb5_verify_checksum(context,ctype,cksum,in,in_length,seed,
seed_length) */
#if 0 /* XXX a) glue appears broken; b) this gives up the SAD */
#endif /* 0 */
retval = 0;
break;
}
return retval;
}
static krb5_error_code
krb5_pa_data * pa;
{
krb5_sam_response *sr = 0;
goto cleanup;
}
See passwords-04, par 4.1, 4.2 */
{
goto cleanup;
}
gettext("decrypt track_id failed"));
goto cleanup;
}
}
gettext("decode_krb5_predicted_sam_response failed -- replay attack?"));
goto cleanup;
}
/* Replay detection */
goto cleanup;
goto cleanup;
gettext("Principal mismatch in SAM psr! -- replay attack?"));
goto cleanup;
}
goto cleanup;
#ifdef USE_RCACHE
{
extern krb5_deltat rc_lifetime;
/*
* Verify this response came back in a timely manner.
* We do this b/c otherwise very old (expunged from the rcache)
* psr's would be able to be replayed.
*/
gettext("SAM psr came back too late! -- replay attack?"));
goto cleanup;
}
/* Now check the replay cache. */
goto cleanup;
}
}
#endif /* USE_RCACHE */
{
goto cleanup;
}
goto cleanup;
}
}
goto cleanup;
}
goto cleanup;
}
goto cleanup;
}
gettext("sam verify failure"));
return retval;
}