oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

implement RET_SEQUENCE and RET_TIME

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12133 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
2003-04-25 16:59:52 +00:00
parent 6538b13e17
commit 4297f56e60
6 changed files with 439 additions and 362 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/krb5/krb5_auth_context.3
View File

@@ -181,12 +181,20 @@ gets and modifies the flags for a
.Nm krb5_auth_context
structure. Possible flags to set are:
.Bl -tag -width Ds
.It Dv KRB5_AUTH_CONTEXT_DO_TIME
check timestamp on incoming packets.
.\".It Dv KRB5_AUTH_CONTEXT_RET_TIME
.It Dv KRB5_AUTH_CONTEXT_DO_SEQUENCE
Generate and check sequence-number on each packet.
.\".It Dv KRB5_AUTH_CONTEXT_RET_SEQUENCE
.It Dv KRB5_AUTH_CONTEXT_DO_TIME
Check timestamp on incoming packets.
.It Dv KRB5_AUTH_CONTEXT_RET_SEQUENCE , Dv KRB5_AUTH_CONTEXT_RET_TIME
Return sequence numbers and time stamps in the outdata parameter of
.Xr krb5_rd_cred 3 ,
.Xr krb5_rd_priv 3 ,
.Xr krb5_rd_safe 3 ,
.Xr krb5_mk_priv 3
and
.Xr krb5_mk_safe 3 .
Setting this flag requires that parameter to be passed to these
functions.
.\".It Dv KRB5_AUTH_CONTEXT_PERMIT_ALL
.El
.Pp

172
lib/krb5/mk_priv.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2003 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -41,95 +41,111 @@ krb5_mk_priv(krb5_context context,
krb5_auth_context auth_context,
const krb5_data *userdata,
krb5_data *outbuf,
/*krb5_replay_data*/ void *outdata)
krb5_replay_data *outdata)
{
krb5_error_code ret;
KRB_PRIV s;
EncKrbPrivPart part;
u_char *buf;
size_t buf_size;
size_t len;
u_int32_t tmp_seq;
krb5_keyblock *key;
int32_t sec, usec;
KerberosTime sec2;
int usec2;
krb5_crypto crypto;
krb5_error_code ret;
KRB_PRIV s;
EncKrbPrivPart part;
u_char *buf = NULL;
size_t buf_size;
size_t len;
krb5_crypto crypto;
krb5_keyblock *key;
krb5_replay_data rdata;
if (auth_context->local_subkey)
key = auth_context->local_subkey;
else if (auth_context->remote_subkey)
key = auth_context->remote_subkey;
else
key = auth_context->keyblock;
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
outdata == NULL)
return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
krb5_us_timeofday (context, &sec, &usec);
if (auth_context->local_subkey)
key = auth_context->local_subkey;
else if (auth_context->remote_subkey)
key = auth_context->remote_subkey;
else
key = auth_context->keyblock;
part.user_data = *userdata;
sec2 = sec;
part.timestamp = &sec2;
usec2 = usec;
part.usec = &usec2;
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
tmp_seq = auth_context->local_seqnumber;
part.seq_number = &tmp_seq;
} else {
part.seq_number = NULL;
}
memset(&rdata, 0, sizeof(rdata));
part.s_address = auth_context->local_address;
part.r_address = auth_context->remote_address;
part.user_data = *userdata;
krb5_data_zero (&s.enc_part.cipher);
krb5_us_timeofday (context, &rdata.timestamp, &rdata.usec);
ASN1_MALLOC_ENCODE(EncKrbPrivPart, buf, buf_size, &part, &len, ret);
if (ret)
goto fail;
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
part.timestamp = &rdata.timestamp;
part.usec = &rdata.usec;
} else {
part.timestamp = NULL;
part.usec = NULL;
}
s.pvno = 5;
s.msg_type = krb_priv;
s.enc_part.etype = key->keytype;
s.enc_part.kvno = NULL;
if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_TIME) {
outdata->timestamp = rdata.timestamp;
outdata->usec = rdata.usec;
}
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) {
free (buf);
return ret;
}
ret = krb5_encrypt (context,
crypto,
KRB5_KU_KRB_PRIV,
buf + buf_size - len,
len,
&s.enc_part.cipher);
krb5_crypto_destroy(context, crypto);
if (ret) {
free(buf);
return ret;
}
free(buf);
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
rdata.seq = auth_context->local_seqnumber;
part.seq_number = &rdata.seq;
} else
part.seq_number = NULL;
if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
outdata->seq = auth_context->local_seqnumber;
part.s_address = auth_context->local_address;
part.r_address = auth_context->remote_address;
krb5_data_zero (&s.enc_part.cipher);
ASN1_MALLOC_ENCODE(EncKrbPrivPart, buf, buf_size, &part, &len, ret);
if (ret)
goto fail;
s.pvno = 5;
s.msg_type = krb_priv;
s.enc_part.etype = key->keytype;
s.enc_part.kvno = NULL;
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) {
free (buf);
return ret;
}
ret = krb5_encrypt (context,
crypto,
KRB5_KU_KRB_PRIV,
buf + buf_size - len,
len,
&s.enc_part.cipher);
krb5_crypto_destroy(context, crypto);
if (ret) {
free(buf);
return ret;
}
free(buf);
ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret);
ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret);
if(ret)
goto fail;
krb5_data_free (&s.enc_part.cipher);
if(ret)
goto fail;
krb5_data_free (&s.enc_part.cipher);
ret = krb5_data_copy(outbuf, buf + buf_size - len, len);
if (ret) {
krb5_set_error_string (context, "malloc: out of memory");
free(buf);
return ENOMEM;
}
free (buf);
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
auth_context->local_seqnumber =
(auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
return 0;
ret = krb5_data_copy(outbuf, buf + buf_size - len, len);
if (ret) {
krb5_set_error_string (context, "malloc: out of memory");
free(buf);
return ENOMEM;
}
free (buf);
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
auth_context->local_seqnumber =
(auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
return 0;
fail:
free (buf);
krb5_data_free (&s.enc_part.cipher);
return ret;
fail:
free (buf);
krb5_data_free (&s.enc_part.cipher);
return ret;
}

161
lib/krb5/mk_safe.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2003 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -40,85 +40,102 @@ krb5_mk_safe(krb5_context context,
krb5_auth_context auth_context,
const krb5_data *userdata,
krb5_data *outbuf,
/*krb5_replay_data*/ void *outdata)
krb5_replay_data *outdata)
{
krb5_error_code ret;
KRB_SAFE s;
int32_t sec, usec;
KerberosTime sec2;
int usec2;
u_char *buf = NULL;
size_t buf_size;
size_t len;
u_int32_t tmp_seq;
krb5_crypto crypto;
krb5_keyblock *key;
krb5_error_code ret;
KRB_SAFE s;
u_char *buf = NULL;
size_t buf_size;
size_t len;
krb5_crypto crypto;
krb5_keyblock *key;
krb5_replay_data rdata;
if (auth_context->local_subkey)
key = auth_context->local_subkey;
else if (auth_context->remote_subkey)
key = auth_context->remote_subkey;
else
key = auth_context->keyblock;
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
outdata == NULL)
return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
s.pvno = 5;
s.msg_type = krb_safe;
if (auth_context->local_subkey)
key = auth_context->local_subkey;
else if (auth_context->remote_subkey)
key = auth_context->remote_subkey;
else
key = auth_context->keyblock;
s.safe_body.user_data = *userdata;
krb5_us_timeofday (context, &sec, &usec);
s.pvno = 5;
s.msg_type = krb_safe;
sec2 = sec;
s.safe_body.timestamp = &sec2;
usec2 = usec2;
s.safe_body.usec = &usec2;
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
tmp_seq = auth_context->local_seqnumber;
s.safe_body.seq_number = &tmp_seq;
} else
s.safe_body.seq_number = NULL;
memset(&rdata, 0, sizeof(rdata));
s.safe_body.s_address = auth_context->local_address;
s.safe_body.r_address = auth_context->remote_address;
s.safe_body.user_data = *userdata;
s.cksum.cksumtype = 0;
s.cksum.checksum.data = NULL;
s.cksum.checksum.length = 0;
krb5_us_timeofday (context, &rdata.timestamp, &rdata.usec);
ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
if (ret)
return ret;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) {
free (buf);
return ret;
}
ret = krb5_create_checksum(context,
crypto,
KRB5_KU_KRB_SAFE_CKSUM,
0,
buf,
len,
&s.cksum);
krb5_crypto_destroy(context, crypto);
if (ret) {
free (buf);
return ret;
}
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
s.safe_body.timestamp = &rdata.timestamp;
s.safe_body.usec = &rdata.usec;
} else {
s.safe_body.timestamp = NULL;
s.safe_body.usec = NULL;
}
if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_TIME) {
outdata->timestamp = rdata.timestamp;
outdata->usec = rdata.usec;
}
free(buf);
ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
free_Checksum (&s.cksum);
if(ret)
return ret;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
rdata.seq = auth_context->local_seqnumber;
s.safe_body.seq_number = &rdata.seq;
} else
s.safe_body.seq_number = NULL;
outbuf->length = len;
outbuf->data = buf;
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
auth_context->local_seqnumber =
(auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
return 0;
if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
outdata->seq = auth_context->local_seqnumber;
s.safe_body.s_address = auth_context->local_address;
s.safe_body.r_address = auth_context->remote_address;
s.cksum.cksumtype = 0;
s.cksum.checksum.data = NULL;
s.cksum.checksum.length = 0;
ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
if (ret)
return ret;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) {
free (buf);
return ret;
}
ret = krb5_create_checksum(context,
crypto,
KRB5_KU_KRB_SAFE_CKSUM,
0,
buf,
len,
&s.cksum);
krb5_crypto_destroy(context, crypto);
if (ret) {
free (buf);
return ret;
}
free(buf);
ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
free_Checksum (&s.cksum);
if(ret)
return ret;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
outbuf->length = len;
outbuf->data = buf;
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
auth_context->local_seqnumber =
(auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
return 0;
}

39
lib/krb5/rd_cred.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2003 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -40,7 +40,7 @@ krb5_rd_cred(krb5_context context,
krb5_auth_context auth_context,
krb5_data *in_data,
krb5_creds ***ret_creds,
krb5_replay_data *out_data)
krb5_replay_data *outdata)
{
krb5_error_code ret;
size_t len;
@@ -50,6 +50,11 @@ krb5_rd_cred(krb5_context context,
krb5_crypto crypto;
int i;
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
outdata == NULL)
return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
*ret_creds = NULL;
ret = decode_KRB_CRED(in_data->data, in_data->length,
@@ -70,9 +75,9 @@ krb5_rd_cred(krb5_context context,
}
if (cred.enc_part.etype == ETYPE_NULL) {
/* DK: MIT GSS-API Compatibility */
enc_krb_cred_part_data.length = cred.enc_part.cipher.length;
enc_krb_cred_part_data.data = cred.enc_part.cipher.data;
/* DK: MIT GSS-API Compatibility */
enc_krb_cred_part_data.length = cred.enc_part.cipher.length;
enc_krb_cred_part_data.data = cred.enc_part.cipher.data;
} else {
if (auth_context->remote_subkey)
ret = krb5_crypto_init(context, auth_context->remote_subkey,
@@ -80,7 +85,7 @@ krb5_rd_cred(krb5_context context,
else
ret = krb5_crypto_init(context, auth_context->keyblock,
0, &crypto);
/* DK: MIT rsh */
/* DK: MIT rsh */
if (ret)
goto out;
@@ -185,25 +190,23 @@ krb5_rd_cred(krb5_context context,
}
}
if(out_data != NULL) {
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
/* if these fields are not present in the cred-part, silently
return zero */
memset(outdata, 0, sizeof(*outdata));
if(enc_krb_cred_part.timestamp)
out_data->timestamp = *enc_krb_cred_part.timestamp;
else
out_data->timestamp = 0;
outdata->timestamp = *enc_krb_cred_part.timestamp;
if(enc_krb_cred_part.usec)
out_data->usec = *enc_krb_cred_part.usec;
else
out_data->usec = 0;
outdata->usec = *enc_krb_cred_part.usec;
if(enc_krb_cred_part.nonce)
out_data->seq = *enc_krb_cred_part.nonce;
else
out_data->seq = 0;
outdata->seq = *enc_krb_cred_part.nonce;
}
/* Convert to NULL terminated list of creds */
*ret_creds = calloc(enc_krb_cred_part.ticket_info.len + 1,
sizeof(**ret_creds));
sizeof(**ret_creds));
if (*ret_creds == NULL) {
ret = ENOMEM;
@@ -259,7 +262,7 @@ krb5_rd_cred(krb5_context context,
(*ret_creds)[i] = NULL;
return 0;
out:
out:
free_KRB_CRED (&cred);
if(*ret_creds) {
for(i = 0; (*ret_creds)[i]; i++)

218
lib/krb5/rd_priv.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997-2003 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -40,123 +40,137 @@ krb5_rd_priv(krb5_context context,
krb5_auth_context auth_context,
const krb5_data *inbuf,
krb5_data *outbuf,
/*krb5_replay_data*/ void *outdata)
krb5_replay_data *outdata)
{
krb5_error_code ret;
KRB_PRIV priv;
EncKrbPrivPart part;
size_t len;
krb5_data plain;
krb5_keyblock *key;
krb5_crypto crypto;
krb5_error_code ret;
KRB_PRIV priv;
EncKrbPrivPart part;
size_t len;
krb5_data plain;
krb5_keyblock *key;
krb5_crypto crypto;
memset(&priv, 0, sizeof(priv));
ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len);
if (ret)
goto failure;
if (priv.pvno != 5) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADVERSION;
goto failure;
}
if (priv.msg_type != krb_priv) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_MSG_TYPE;
goto failure;
}
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
outdata == NULL)
return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
if (auth_context->remote_subkey)
key = auth_context->remote_subkey;
else if (auth_context->local_subkey)
key = auth_context->local_subkey;
else
key = auth_context->keyblock;
memset(&priv, 0, sizeof(priv));
ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len);
if (ret)
goto failure;
if (priv.pvno != 5) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADVERSION;
goto failure;
}
if (priv.msg_type != krb_priv) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_MSG_TYPE;
goto failure;
}
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret)
goto failure;
ret = krb5_decrypt_EncryptedData(context,
crypto,
KRB5_KU_KRB_PRIV,
&priv.enc_part,
&plain);
krb5_crypto_destroy(context, crypto);
if (ret)
goto failure;
if (auth_context->remote_subkey)
key = auth_context->remote_subkey;
else if (auth_context->local_subkey)
key = auth_context->local_subkey;
else
key = auth_context->keyblock;
ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len);
krb5_data_free (&plain);
if (ret)
goto failure;
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret)
goto failure;
ret = krb5_decrypt_EncryptedData(context,
crypto,
KRB5_KU_KRB_PRIV,
&priv.enc_part,
&plain);
krb5_crypto_destroy(context, crypto);
if (ret)
goto failure;
ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len);
krb5_data_free (&plain);
if (ret)
goto failure;
/* check sender address */
/* check sender address */
if (part.s_address
&& auth_context->remote_address
&& !krb5_address_compare (context,
auth_context->remote_address,
part.s_address)) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADADDR;
goto failure_part;
}
if (part.s_address
&& auth_context->remote_address
&& !krb5_address_compare (context,
auth_context->remote_address,
part.s_address)) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADADDR;
goto failure_part;
}
/* check receiver address */
/* check receiver address */
if (part.r_address
&& auth_context->local_address
&& !krb5_address_compare (context,
auth_context->local_address,
part.r_address)) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADADDR;
goto failure_part;
}
if (part.r_address
&& auth_context->local_address
&& !krb5_address_compare (context,
auth_context->local_address,
part.r_address)) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADADDR;
goto failure_part;
}
/* check timestamp */
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_timestamp sec;
/* check timestamp */
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_timestamp sec;
krb5_timeofday (context, &sec);
if (part.timestamp == NULL ||
part.usec == NULL ||
abs(*part.timestamp - sec) > context->max_skew) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_SKEW;
goto failure_part;
}
}
krb5_timeofday (context, &sec);
if (part.timestamp == NULL ||
part.usec == NULL ||
abs(*part.timestamp - sec) > context->max_skew) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_SKEW;
goto failure_part;
}
}
/* XXX - check replay cache */
/* XXX - check replay cache */
/* check sequence number. since MIT krb5 cannot generate a sequence
number of zero but instead generates no sequence number, we accept that
*/
/* check sequence number. since MIT krb5 cannot generate a sequence
number of zero but instead generates no sequence number, we accept that
*/
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
if ((part.seq_number == NULL
&& auth_context->remote_seqnumber != 0)
|| (part.seq_number != NULL
&& *part.seq_number != auth_context->remote_seqnumber)) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADORDER;
goto failure_part;
}
auth_context->remote_seqnumber++;
}
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
if ((part.seq_number == NULL
&& auth_context->remote_seqnumber != 0)
|| (part.seq_number != NULL
&& *part.seq_number != auth_context->remote_seqnumber)) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADORDER;
goto failure_part;
}
auth_context->remote_seqnumber++;
}
ret = krb5_data_copy (outbuf, part.user_data.data, part.user_data.length);
if (ret)
goto failure_part;
ret = krb5_data_copy (outbuf, part.user_data.data, part.user_data.length);
if (ret)
goto failure_part;
free_EncKrbPrivPart (&part);
free_KRB_PRIV (&priv);
return 0;
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
/* if these fields are not present in the priv-part, silently
return zero */
memset(outdata, 0, sizeof(*outdata));
if(part.timestamp)
outdata->timestamp = *part.timestamp;
if(part.usec)
outdata->usec = *part.usec;
if(part.seq_number)
outdata->seq = *part.seq_number;
}
failure_part:
free_EncKrbPrivPart (&part);
failure_part:
free_EncKrbPrivPart (&part);
failure:
free_KRB_PRIV (&priv);
return ret;
failure:
free_KRB_PRIV (&priv);
return ret;
}

195
lib/krb5/rd_safe.c
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997 - 2003 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -87,104 +87,123 @@ krb5_rd_safe(krb5_context context,
krb5_auth_context auth_context,
const krb5_data *inbuf,
krb5_data *outbuf,
/*krb5_replay_data*/ void *outdata)
krb5_replay_data *outdata)
{
krb5_error_code ret;
KRB_SAFE safe;
size_t len;
krb5_error_code ret;
KRB_SAFE safe;
size_t len;
ret = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe, &len);
if (ret)
return ret;
if (safe.pvno != 5) {
ret = KRB5KRB_AP_ERR_BADVERSION;
krb5_clear_error_string (context);
goto failure;
}
if (safe.msg_type != krb_safe) {
ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_clear_error_string (context);
goto failure;
}
if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype)
|| !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) {
ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
krb5_clear_error_string (context);
goto failure;
}
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
outdata == NULL) {
krb5_set_error_string(context, "rd_safe: need outdata to return data");
return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
}
/* check sender address */
ret = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe, &len);
if (ret)
return ret;
if (safe.pvno != 5) {
ret = KRB5KRB_AP_ERR_BADVERSION;
krb5_clear_error_string (context);
goto failure;
}
if (safe.msg_type != krb_safe) {
ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_clear_error_string (context);
goto failure;
}
if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype)
|| !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) {
ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
krb5_clear_error_string (context);
goto failure;
}
if (safe.safe_body.s_address
&& auth_context->remote_address
&& !krb5_address_compare (context,
auth_context->remote_address,
safe.safe_body.s_address)) {
ret = KRB5KRB_AP_ERR_BADADDR;
krb5_clear_error_string (context);
goto failure;
}
/* check sender address */
/* check receiver address */
if (safe.safe_body.s_address
&& auth_context->remote_address
&& !krb5_address_compare (context,
auth_context->remote_address,
safe.safe_body.s_address)) {
ret = KRB5KRB_AP_ERR_BADADDR;
krb5_clear_error_string (context);
goto failure;
}
if (safe.safe_body.r_address
&& auth_context->local_address
&& !krb5_address_compare (context,
auth_context->local_address,
safe.safe_body.r_address)) {
ret = KRB5KRB_AP_ERR_BADADDR;
krb5_clear_error_string (context);
goto failure;
}
/* check receiver address */
/* check timestamp */
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_timestamp sec;
if (safe.safe_body.r_address
&& auth_context->local_address
&& !krb5_address_compare (context,
auth_context->local_address,
safe.safe_body.r_address)) {
ret = KRB5KRB_AP_ERR_BADADDR;
krb5_clear_error_string (context);
goto failure;
}
krb5_timeofday (context, &sec);
/* check timestamp */
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_timestamp sec;
if (safe.safe_body.timestamp == NULL ||
safe.safe_body.usec == NULL ||
abs(*safe.safe_body.timestamp - sec) > context->max_skew) {
ret = KRB5KRB_AP_ERR_SKEW;
krb5_clear_error_string (context);
goto failure;
}
}
/* XXX - check replay cache */
krb5_timeofday (context, &sec);
/* check sequence number. since MIT krb5 cannot generate a sequence
number of zero but instead generates no sequence number, we accept that
*/
if (safe.safe_body.timestamp == NULL ||
safe.safe_body.usec == NULL ||
abs(*safe.safe_body.timestamp - sec) > context->max_skew) {
ret = KRB5KRB_AP_ERR_SKEW;
krb5_clear_error_string (context);
goto failure;
}
}
/* XXX - check replay cache */
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
if ((safe.safe_body.seq_number == NULL
&& auth_context->remote_seqnumber != 0)
|| (safe.safe_body.seq_number != NULL
&& *safe.safe_body.seq_number !=
auth_context->remote_seqnumber)) {
ret = KRB5KRB_AP_ERR_BADORDER;
krb5_clear_error_string (context);
goto failure;
}
auth_context->remote_seqnumber++;
}
/* check sequence number. since MIT krb5 cannot generate a sequence
number of zero but instead generates no sequence number, we accept that
*/
ret = verify_checksum (context, auth_context, &safe);
if (ret)
goto failure;
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
if ((safe.safe_body.seq_number == NULL
&& auth_context->remote_seqnumber != 0)
|| (safe.safe_body.seq_number != NULL
&& *safe.safe_body.seq_number !=
auth_context->remote_seqnumber)) {
ret = KRB5KRB_AP_ERR_BADORDER;
krb5_clear_error_string (context);
goto failure;
}
auth_context->remote_seqnumber++;
}
ret = verify_checksum (context, auth_context, &safe);
if (ret)
goto failure;
outbuf->length = safe.safe_body.user_data.length;
outbuf->data = malloc(outbuf->length);
if (outbuf->data == NULL) {
ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory");
goto failure;
}
memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length);
free_KRB_SAFE (&safe);
return 0;
failure:
free_KRB_SAFE (&safe);
return ret;
outbuf->length = safe.safe_body.user_data.length;
outbuf->data = malloc(outbuf->length);
if (outbuf->data == NULL) {
ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory");
goto failure;
}
memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length);
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
/* if these fields are not present in the safe-part, silently
return zero */
memset(outdata, 0, sizeof(*outdata));
if(safe.safe_body.timestamp)
outdata->timestamp = *safe.safe_body.timestamp;
if(safe.safe_body.usec)
outdata->usec = *safe.safe_body.usec;
if(safe.safe_body.seq_number)
outdata->seq = *safe.safe_body.seq_number;
}
failure:
free_KRB_SAFE (&safe);
return ret;
}