2N/A/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */ 2N/A /* Default flags, do time not seq */ 2N/A /* Free old addresses */ 2N/A /* Free old addresses */ 2N/A * This function overloads the keyblock field. It is only useful prior to 2N/A * a krb5_rd_req_decode() call for user to user authentication where the 2N/A * server has the key and needs to use it to decrypt the incoming request. 2N/A * Once decrypted this key is no longer necessary and is then overwritten 2N/A * with the session key sent by the client. 2N/A return EINVAL;
/* XXX need an error for no keyblock */ 2N/A * krb5int_auth_con_chkseqnum 2N/A * We use a somewhat complex heuristic for validating received 2N/A * sequence numbers. We must accommodate both our older 2N/A * implementation, which sends negative sequence numbers, and the 2N/A * broken Heimdal implementation (at least as of 0.5.2), which 2N/A * violates X.690 BER for integer encodings. The requirement of 2N/A * handling negative sequence numbers removes one of easier means of 2N/A * detecting a Heimdal implementation, so we resort to this mess 2N/A * X.690 BER (and consequently DER, which are the required encoding 2N/A * rules in RFC1510) encode all integer types as signed integers. 2N/A * This means that the MSB being set on the first octet of the 2N/A * contents of the encoding indicates a negative value. Heimdal does 2N/A * not prepend the required zero octet to unsigned integer encodings 2N/A * which would otherwise have the MSB of the first octet of their 2N/A * Our ASN.1 library implements a special decoder for sequence 2N/A * numbers, accepting both negative and positive 32-bit numbers but 2N/A * mapping them both into the space of positive unsigned 32-bit 2N/A * numbers in the obvious bit-pattern-preserving way. This maintains 2N/A * compatibility with our older implementations. This also means that 2N/A * encodings emitted by Heimdal are ambiguous. 2N/A * Heimdal counter value received uint32 value 2N/A * 0x00000080 0xFFFFFF80 2N/A * 0x000000FF 0xFFFFFFFF 2N/A * 0x00008000 0xFFFF8000 2N/A * 0x0000FFFF 0xFFFFFFFF 2N/A * 0x00800000 0xFF800000 2N/A * 0x00FFFFFF 0xFFFFFFFF 2N/A * 0xFF800000 0xFF800000 2N/A * 0xFFFFFFFF 0xFFFFFFFF 2N/A * We use two auth_context flags, SANE_SEQ and HEIMDAL_SEQ, which are 2N/A * only set after we can unambiguously determine the sanity of the 2N/A * sending implementation. Once one of these flags is set, we accept 2N/A * only the sequence numbers appropriate to the remote implementation 2N/A * type. We can make the determination in two different ways. The 2N/A * first is to note the receipt of a "negative" sequence number when a 2N/A * "positive" one was expected. The second is to note the receipt of 2N/A * a sequence number that wraps through "zero" in a weird way. The 2N/A * latter corresponds to the receipt of an initial sequence number in 2N/A * the ambiguous range. 2N/A * There are 2^7 + 2^15 + 2^23 + 2^23 = 16810112 total ambiguous 2N/A * initial Heimdal counter values, but we receive them as one of 2^23 2N/A * possible values. There is a ~1/256 chance of a Heimdal 2N/A * implementation sending an intial sequence number in the ambiguous 2N/A * We have to do special treatment when receiving sequence numbers 2N/A * between 0xFF800000..0xFFFFFFFF, or when wrapping through zero 2N/A * weirdly (due to ambiguous initial sequence number). If we are 2N/A * expecting a value corresponding to an ambiguous Heimdal counter 2N/A * value, and we receive an exact match, we can mark the remote end as 2N/A * If sender is known to be sane, accept _only_ exact matches. 2N/A * If sender is not known to be sane, first check the ambiguous 2N/A * range of received values, 0xFF800000..0xFFFFFFFF. 2N/A * If expected sequence number is in the range 2N/A * 0xFF800000..0xFFFFFFFF, then we can't make any 2N/A * determinations about the sanity of the sending 2N/A * If sender is not known for certain to be a broken Heimdal 2N/A * implementation, check for exact match. 2N/A * Now apply hairy algorithm for matching sequence numbers 2N/A * sent by broken Heimdal implementations. If it matches, we 2N/A * know for certain it's a broken Heimdal sender. 2N/A * Received value not in the ambiguous range? If the _expected_ 2N/A * value is in the range of ambiguous Hemidal counter values, and 2N/A * it matches the received value, sender is known to be sane. 2N/A * Magic wraparound for the case where the intial sequence number 2N/A * is in the ambiguous range. This means that the sender's 2N/A * counter is at a different count than ours, so we correct ours, 2N/A * and mark the sender as being a broken Heimdal implementation.