oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

implement RET_SEQUENCE and RET_TIME

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12133 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
2003-04-25 16:59:52 +00:00
parent 6538b13e17
commit 4297f56e60
6 changed files with 439 additions and 362 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
lib/krb5/krb5_auth_context.3
View File

@@ -181,12 +181,20 @@ gets and modifies the flags for a
.Nm krb5_auth_context .Nm krb5_auth_context
structure. Possible flags to set are: structure. Possible flags to set are:
.Bl -tag -width Ds .Bl -tag -width Ds
.It Dv KRB5_AUTH_CONTEXT_DO_TIME
check timestamp on incoming packets.
.\".It Dv KRB5_AUTH_CONTEXT_RET_TIME
.It Dv KRB5_AUTH_CONTEXT_DO_SEQUENCE .It Dv KRB5_AUTH_CONTEXT_DO_SEQUENCE
Generate and check sequence-number on each packet. Generate and check sequence-number on each packet.
.\".It Dv KRB5_AUTH_CONTEXT_RET_SEQUENCE .It Dv KRB5_AUTH_CONTEXT_DO_TIME
Check timestamp on incoming packets.
.It Dv KRB5_AUTH_CONTEXT_RET_SEQUENCE , Dv KRB5_AUTH_CONTEXT_RET_TIME
Return sequence numbers and time stamps in the outdata parameter of
.Xr krb5_rd_cred 3 ,
.Xr krb5_rd_priv 3 ,
.Xr krb5_rd_safe 3 ,
.Xr krb5_mk_priv 3
and
.Xr krb5_mk_safe 3 .
Setting this flag requires that parameter to be passed to these
functions.
.\".It Dv KRB5_AUTH_CONTEXT_PERMIT_ALL .\".It Dv KRB5_AUTH_CONTEXT_PERMIT_ALL
.El .El
.Pp .Pp

172
lib/krb5/mk_priv.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2003 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -41,95 +41,111 @@ krb5_mk_priv(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
const krb5_data *userdata, const krb5_data *userdata,
krb5_data *outbuf, krb5_data *outbuf,
/*krb5_replay_data*/ void *outdata) krb5_replay_data *outdata)
{ {
krb5_error_code ret; krb5_error_code ret;
KRB_PRIV s; KRB_PRIV s;
EncKrbPrivPart part; EncKrbPrivPart part;
u_char *buf; u_char *buf = NULL;
size_t buf_size; size_t buf_size;
size_t len; size_t len;
u_int32_t tmp_seq; krb5_crypto crypto;
krb5_keyblock *key; krb5_keyblock *key;
int32_t sec, usec; krb5_replay_data rdata;
KerberosTime sec2;
int usec2;
krb5_crypto crypto;
if (auth_context->local_subkey) if ((auth_context->flags &
key = auth_context->local_subkey; (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
else if (auth_context->remote_subkey) outdata == NULL)
key = auth_context->remote_subkey; return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
else
key = auth_context->keyblock;
krb5_us_timeofday (context, &sec, &usec); if (auth_context->local_subkey)
key = auth_context->local_subkey;
else if (auth_context->remote_subkey)
key = auth_context->remote_subkey;
else
key = auth_context->keyblock;
part.user_data = *userdata; memset(&rdata, 0, sizeof(rdata));
sec2 = sec;
part.timestamp = &sec2;
usec2 = usec;
part.usec = &usec2;
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
tmp_seq = auth_context->local_seqnumber;
part.seq_number = &tmp_seq;
} else {
part.seq_number = NULL;
}
part.s_address = auth_context->local_address; part.user_data = *userdata;
part.r_address = auth_context->remote_address;
krb5_data_zero (&s.enc_part.cipher); krb5_us_timeofday (context, &rdata.timestamp, &rdata.usec);
ASN1_MALLOC_ENCODE(EncKrbPrivPart, buf, buf_size, &part, &len, ret); if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
if (ret) part.timestamp = &rdata.timestamp;
goto fail; part.usec = &rdata.usec;
} else {
part.timestamp = NULL;
part.usec = NULL;
}
s.pvno = 5; if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_TIME) {
s.msg_type = krb_priv; outdata->timestamp = rdata.timestamp;
s.enc_part.etype = key->keytype; outdata->usec = rdata.usec;
s.enc_part.kvno = NULL; }
ret = krb5_crypto_init(context, key, 0, &crypto); if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
if (ret) { rdata.seq = auth_context->local_seqnumber;
free (buf); part.seq_number = &rdata.seq;
return ret; } else
} part.seq_number = NULL;
ret = krb5_encrypt (context,
crypto, if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
KRB5_KU_KRB_PRIV, outdata->seq = auth_context->local_seqnumber;
buf + buf_size - len,
len, part.s_address = auth_context->local_address;
&s.enc_part.cipher); part.r_address = auth_context->remote_address;
krb5_crypto_destroy(context, crypto);
if (ret) { krb5_data_zero (&s.enc_part.cipher);
free(buf);
return ret; ASN1_MALLOC_ENCODE(EncKrbPrivPart, buf, buf_size, &part, &len, ret);
} if (ret)
free(buf); goto fail;
s.pvno = 5;
s.msg_type = krb_priv;
s.enc_part.etype = key->keytype;
s.enc_part.kvno = NULL;
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) {
free (buf);
return ret;
}
ret = krb5_encrypt (context,
crypto,
KRB5_KU_KRB_PRIV,
buf + buf_size - len,
len,
&s.enc_part.cipher);
krb5_crypto_destroy(context, crypto);
if (ret) {
free(buf);
return ret;
}
free(buf);
ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret); ASN1_MALLOC_ENCODE(KRB_PRIV, buf, buf_size, &s, &len, ret);
if(ret) if(ret)
goto fail; goto fail;
krb5_data_free (&s.enc_part.cipher); krb5_data_free (&s.enc_part.cipher);
ret = krb5_data_copy(outbuf, buf + buf_size - len, len); ret = krb5_data_copy(outbuf, buf + buf_size - len, len);
if (ret) { if (ret) {
krb5_set_error_string (context, "malloc: out of memory"); krb5_set_error_string (context, "malloc: out of memory");
free(buf); free(buf);
return ENOMEM; return ENOMEM;
} }
free (buf); free (buf);
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
auth_context->local_seqnumber = auth_context->local_seqnumber =
(auth_context->local_seqnumber + 1) & 0xFFFFFFFF; (auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
return 0; return 0;
fail: fail:
free (buf); free (buf);
krb5_data_free (&s.enc_part.cipher); krb5_data_free (&s.enc_part.cipher);
return ret; return ret;
} }

161
lib/krb5/mk_safe.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2003 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -40,85 +40,102 @@ krb5_mk_safe(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
const krb5_data *userdata, const krb5_data *userdata,
krb5_data *outbuf, krb5_data *outbuf,
/*krb5_replay_data*/ void *outdata) krb5_replay_data *outdata)
{ {
krb5_error_code ret; krb5_error_code ret;
KRB_SAFE s; KRB_SAFE s;
int32_t sec, usec; u_char *buf = NULL;
KerberosTime sec2; size_t buf_size;
int usec2; size_t len;
u_char *buf = NULL; krb5_crypto crypto;
size_t buf_size; krb5_keyblock *key;
size_t len; krb5_replay_data rdata;
u_int32_t tmp_seq;
krb5_crypto crypto;
krb5_keyblock *key;
if (auth_context->local_subkey) if ((auth_context->flags &
key = auth_context->local_subkey; (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
else if (auth_context->remote_subkey) outdata == NULL)
key = auth_context->remote_subkey; return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
else
key = auth_context->keyblock;
s.pvno = 5; if (auth_context->local_subkey)
s.msg_type = krb_safe; key = auth_context->local_subkey;
else if (auth_context->remote_subkey)
key = auth_context->remote_subkey;
else
key = auth_context->keyblock;
s.safe_body.user_data = *userdata; s.pvno = 5;
krb5_us_timeofday (context, &sec, &usec); s.msg_type = krb_safe;
sec2 = sec; memset(&rdata, 0, sizeof(rdata));
s.safe_body.timestamp = &sec2;
usec2 = usec2;
s.safe_body.usec = &usec2;
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
tmp_seq = auth_context->local_seqnumber;
s.safe_body.seq_number = &tmp_seq;
} else
s.safe_body.seq_number = NULL;
s.safe_body.s_address = auth_context->local_address; s.safe_body.user_data = *userdata;
s.safe_body.r_address = auth_context->remote_address;
s.cksum.cksumtype = 0; krb5_us_timeofday (context, &rdata.timestamp, &rdata.usec);
s.cksum.checksum.data = NULL;
s.cksum.checksum.length = 0;
ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret); if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
if (ret) s.safe_body.timestamp = &rdata.timestamp;
return ret; s.safe_body.usec = &rdata.usec;
if(buf_size != len) } else {
krb5_abortx(context, "internal error in ASN.1 encoder"); s.safe_body.timestamp = NULL;
ret = krb5_crypto_init(context, key, 0, &crypto); s.safe_body.usec = NULL;
if (ret) { }
free (buf);
return ret; if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_TIME) {
} outdata->timestamp = rdata.timestamp;
ret = krb5_create_checksum(context, outdata->usec = rdata.usec;
crypto, }
KRB5_KU_KRB_SAFE_CKSUM,
0,
buf,
len,
&s.cksum);
krb5_crypto_destroy(context, crypto);
if (ret) {
free (buf);
return ret;
}
free(buf); if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret); rdata.seq = auth_context->local_seqnumber;
free_Checksum (&s.cksum); s.safe_body.seq_number = &rdata.seq;
if(ret) } else
return ret; s.safe_body.seq_number = NULL;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
outbuf->length = len; if (auth_context->flags & KRB5_AUTH_CONTEXT_RET_SEQUENCE)
outbuf->data = buf; outdata->seq = auth_context->local_seqnumber;
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
auth_context->local_seqnumber = s.safe_body.s_address = auth_context->local_address;
(auth_context->local_seqnumber + 1) & 0xFFFFFFFF; s.safe_body.r_address = auth_context->remote_address;
return 0;
s.cksum.cksumtype = 0;
s.cksum.checksum.data = NULL;
s.cksum.checksum.length = 0;
ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
if (ret)
return ret;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
ret = krb5_crypto_init(context, key, 0, &crypto);
if (ret) {
free (buf);
return ret;
}
ret = krb5_create_checksum(context,
crypto,
KRB5_KU_KRB_SAFE_CKSUM,
0,
buf,
len,
&s.cksum);
krb5_crypto_destroy(context, crypto);
if (ret) {
free (buf);
return ret;
}
free(buf);
ASN1_MALLOC_ENCODE(KRB_SAFE, buf, buf_size, &s, &len, ret);
free_Checksum (&s.cksum);
if(ret)
return ret;
if(buf_size != len)
krb5_abortx(context, "internal error in ASN.1 encoder");
outbuf->length = len;
outbuf->data = buf;
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE)
auth_context->local_seqnumber =
(auth_context->local_seqnumber + 1) & 0xFFFFFFFF;
return 0;
} }

39
lib/krb5/rd_cred.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2003 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -40,7 +40,7 @@ krb5_rd_cred(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
krb5_data *in_data, krb5_data *in_data,
krb5_creds ***ret_creds, krb5_creds ***ret_creds,
krb5_replay_data *out_data) krb5_replay_data *outdata)
{ {
krb5_error_code ret; krb5_error_code ret;
size_t len; size_t len;
@@ -50,6 +50,11 @@ krb5_rd_cred(krb5_context context,
krb5_crypto crypto; krb5_crypto crypto;
int i; int i;
if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
outdata == NULL)
return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
*ret_creds = NULL; *ret_creds = NULL;
ret = decode_KRB_CRED(in_data->data, in_data->length, ret = decode_KRB_CRED(in_data->data, in_data->length,
@@ -70,9 +75,9 @@ krb5_rd_cred(krb5_context context,
} }
if (cred.enc_part.etype == ETYPE_NULL) { if (cred.enc_part.etype == ETYPE_NULL) {
/* DK: MIT GSS-API Compatibility */ /* DK: MIT GSS-API Compatibility */
enc_krb_cred_part_data.length = cred.enc_part.cipher.length; enc_krb_cred_part_data.length = cred.enc_part.cipher.length;
enc_krb_cred_part_data.data = cred.enc_part.cipher.data; enc_krb_cred_part_data.data = cred.enc_part.cipher.data;
} else { } else {
if (auth_context->remote_subkey) if (auth_context->remote_subkey)
ret = krb5_crypto_init(context, auth_context->remote_subkey, ret = krb5_crypto_init(context, auth_context->remote_subkey,
@@ -80,7 +85,7 @@ krb5_rd_cred(krb5_context context,
else else
ret = krb5_crypto_init(context, auth_context->keyblock, ret = krb5_crypto_init(context, auth_context->keyblock,
0, &crypto); 0, &crypto);
/* DK: MIT rsh */ /* DK: MIT rsh */
if (ret) if (ret)
goto out; goto out;
@@ -185,25 +190,23 @@ krb5_rd_cred(krb5_context context,
} }
} }
if(out_data != NULL) { if ((auth_context->flags &
(KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
/* if these fields are not present in the cred-part, silently
return zero */
memset(outdata, 0, sizeof(*outdata));
if(enc_krb_cred_part.timestamp) if(enc_krb_cred_part.timestamp)
out_data->timestamp = *enc_krb_cred_part.timestamp; outdata->timestamp = *enc_krb_cred_part.timestamp;
else
out_data->timestamp = 0;
if(enc_krb_cred_part.usec) if(enc_krb_cred_part.usec)
out_data->usec = *enc_krb_cred_part.usec; outdata->usec = *enc_krb_cred_part.usec;
else
out_data->usec = 0;
if(enc_krb_cred_part.nonce) if(enc_krb_cred_part.nonce)
out_data->seq = *enc_krb_cred_part.nonce; outdata->seq = *enc_krb_cred_part.nonce;
else
out_data->seq = 0;
} }
/* Convert to NULL terminated list of creds */ /* Convert to NULL terminated list of creds */
*ret_creds = calloc(enc_krb_cred_part.ticket_info.len + 1, *ret_creds = calloc(enc_krb_cred_part.ticket_info.len + 1,
sizeof(**ret_creds)); sizeof(**ret_creds));
if (*ret_creds == NULL) { if (*ret_creds == NULL) {
ret = ENOMEM; ret = ENOMEM;
@@ -259,7 +262,7 @@ krb5_rd_cred(krb5_context context,
(*ret_creds)[i] = NULL; (*ret_creds)[i] = NULL;
return 0; return 0;
out: out:
free_KRB_CRED (&cred); free_KRB_CRED (&cred);
if(*ret_creds) { if(*ret_creds) {
for(i = 0; (*ret_creds)[i]; i++) for(i = 0; (*ret_creds)[i]; i++)

218
lib/krb5/rd_priv.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2001 Kungliga Tekniska H<>gskolan * Copyright (c) 1997-2003 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -40,123 +40,137 @@ krb5_rd_priv(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
const krb5_data *inbuf, const krb5_data *inbuf,
krb5_data *outbuf, krb5_data *outbuf,
/*krb5_replay_data*/ void *outdata) krb5_replay_data *outdata)
{ {
krb5_error_code ret; krb5_error_code ret;
KRB_PRIV priv; KRB_PRIV priv;
EncKrbPrivPart part; EncKrbPrivPart part;
size_t len; size_t len;
krb5_data plain; krb5_data plain;
krb5_keyblock *key; krb5_keyblock *key;
krb5_crypto crypto; krb5_crypto crypto;
memset(&priv, 0, sizeof(priv)); if ((auth_context->flags &
ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len); (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
if (ret) outdata == NULL)
goto failure; return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
if (priv.pvno != 5) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADVERSION;
goto failure;
}
if (priv.msg_type != krb_priv) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_MSG_TYPE;
goto failure;
}
if (auth_context->remote_subkey) memset(&priv, 0, sizeof(priv));
key = auth_context->remote_subkey; ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len);
else if (auth_context->local_subkey) if (ret)
key = auth_context->local_subkey; goto failure;
else if (priv.pvno != 5) {
key = auth_context->keyblock; krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADVERSION;
goto failure;
}
if (priv.msg_type != krb_priv) {
krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_MSG_TYPE;
goto failure;
}
ret = krb5_crypto_init(context, key, 0, &crypto); if (auth_context->remote_subkey)
if (ret) key = auth_context->remote_subkey;
goto failure; else if (auth_context->local_subkey)
ret = krb5_decrypt_EncryptedData(context, key = auth_context->local_subkey;
crypto, else
KRB5_KU_KRB_PRIV, key = auth_context->keyblock;
&priv.enc_part,
&plain);
krb5_crypto_destroy(context, crypto);
if (ret)
goto failure;
ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len); ret = krb5_crypto_init(context, key, 0, &crypto);
krb5_data_free (&plain); if (ret)
if (ret) goto failure;
goto failure; ret = krb5_decrypt_EncryptedData(context,
crypto,
KRB5_KU_KRB_PRIV,
&priv.enc_part,
&plain);
krb5_crypto_destroy(context, crypto);
if (ret)
goto failure;
ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len);
krb5_data_free (&plain);
if (ret)
goto failure;
/* check sender address */ /* check sender address */
if (part.s_address if (part.s_address
&& auth_context->remote_address && auth_context->remote_address
&& !krb5_address_compare (context, && !krb5_address_compare (context,
auth_context->remote_address, auth_context->remote_address,
part.s_address)) { part.s_address)) {
krb5_clear_error_string (context); krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADADDR; ret = KRB5KRB_AP_ERR_BADADDR;
goto failure_part; goto failure_part;
} }
/* check receiver address */ /* check receiver address */
if (part.r_address if (part.r_address
&& auth_context->local_address && auth_context->local_address
&& !krb5_address_compare (context, && !krb5_address_compare (context,
auth_context->local_address, auth_context->local_address,
part.r_address)) { part.r_address)) {
krb5_clear_error_string (context); krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADADDR; ret = KRB5KRB_AP_ERR_BADADDR;
goto failure_part; goto failure_part;
} }
/* check timestamp */ /* check timestamp */
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_timestamp sec; krb5_timestamp sec;
krb5_timeofday (context, &sec); krb5_timeofday (context, &sec);
if (part.timestamp == NULL || if (part.timestamp == NULL ||
part.usec == NULL || part.usec == NULL ||
abs(*part.timestamp - sec) > context->max_skew) { abs(*part.timestamp - sec) > context->max_skew) {
krb5_clear_error_string (context); krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_SKEW; ret = KRB5KRB_AP_ERR_SKEW;
goto failure_part; goto failure_part;
} }
} }
/* XXX - check replay cache */ /* XXX - check replay cache */
/* check sequence number. since MIT krb5 cannot generate a sequence /* check sequence number. since MIT krb5 cannot generate a sequence
number of zero but instead generates no sequence number, we accept that number of zero but instead generates no sequence number, we accept that
*/ */
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
if ((part.seq_number == NULL if ((part.seq_number == NULL
&& auth_context->remote_seqnumber != 0) && auth_context->remote_seqnumber != 0)
|| (part.seq_number != NULL || (part.seq_number != NULL
&& *part.seq_number != auth_context->remote_seqnumber)) { && *part.seq_number != auth_context->remote_seqnumber)) {
krb5_clear_error_string (context); krb5_clear_error_string (context);
ret = KRB5KRB_AP_ERR_BADORDER; ret = KRB5KRB_AP_ERR_BADORDER;
goto failure_part; goto failure_part;
} }
auth_context->remote_seqnumber++; auth_context->remote_seqnumber++;
} }
ret = krb5_data_copy (outbuf, part.user_data.data, part.user_data.length); ret = krb5_data_copy (outbuf, part.user_data.data, part.user_data.length);
if (ret) if (ret)
goto failure_part; goto failure_part;
free_EncKrbPrivPart (&part); if ((auth_context->flags &
free_KRB_PRIV (&priv); (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
return 0; /* if these fields are not present in the priv-part, silently
return zero */
memset(outdata, 0, sizeof(*outdata));
if(part.timestamp)
outdata->timestamp = *part.timestamp;
if(part.usec)
outdata->usec = *part.usec;
if(part.seq_number)
outdata->seq = *part.seq_number;
}
failure_part: failure_part:
free_EncKrbPrivPart (&part); free_EncKrbPrivPart (&part);
failure: failure:
free_KRB_PRIV (&priv); free_KRB_PRIV (&priv);
return ret; return ret;
} }

195
lib/krb5/rd_safe.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997 - 2002 Kungliga Tekniska H<>gskolan * Copyright (c) 1997 - 2003 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -87,104 +87,123 @@ krb5_rd_safe(krb5_context context,
krb5_auth_context auth_context, krb5_auth_context auth_context,
const krb5_data *inbuf, const krb5_data *inbuf,
krb5_data *outbuf, krb5_data *outbuf,
/*krb5_replay_data*/ void *outdata) krb5_replay_data *outdata)
{ {
krb5_error_code ret; krb5_error_code ret;
KRB_SAFE safe; KRB_SAFE safe;
size_t len; size_t len;
ret = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe, &len); if ((auth_context->flags &
if (ret) (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)) &&
return ret; outdata == NULL) {
if (safe.pvno != 5) { krb5_set_error_string(context, "rd_safe: need outdata to return data");
ret = KRB5KRB_AP_ERR_BADVERSION; return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
krb5_clear_error_string (context); }
goto failure;
}
if (safe.msg_type != krb_safe) {
ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_clear_error_string (context);
goto failure;
}
if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype)
|| !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) {
ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
krb5_clear_error_string (context);
goto failure;
}
/* check sender address */ ret = decode_KRB_SAFE (inbuf->data, inbuf->length, &safe, &len);
if (ret)
return ret;
if (safe.pvno != 5) {
ret = KRB5KRB_AP_ERR_BADVERSION;
krb5_clear_error_string (context);
goto failure;
}
if (safe.msg_type != krb_safe) {
ret = KRB5KRB_AP_ERR_MSG_TYPE;
krb5_clear_error_string (context);
goto failure;
}
if (!krb5_checksum_is_keyed(context, safe.cksum.cksumtype)
|| !krb5_checksum_is_collision_proof(context, safe.cksum.cksumtype)) {
ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
krb5_clear_error_string (context);
goto failure;
}
if (safe.safe_body.s_address /* check sender address */
&& auth_context->remote_address
&& !krb5_address_compare (context,
auth_context->remote_address,
safe.safe_body.s_address)) {
ret = KRB5KRB_AP_ERR_BADADDR;
krb5_clear_error_string (context);
goto failure;
}
/* check receiver address */ if (safe.safe_body.s_address
&& auth_context->remote_address
&& !krb5_address_compare (context,
auth_context->remote_address,
safe.safe_body.s_address)) {
ret = KRB5KRB_AP_ERR_BADADDR;
krb5_clear_error_string (context);
goto failure;
}
if (safe.safe_body.r_address /* check receiver address */
&& auth_context->local_address
&& !krb5_address_compare (context,
auth_context->local_address,
safe.safe_body.r_address)) {
ret = KRB5KRB_AP_ERR_BADADDR;
krb5_clear_error_string (context);
goto failure;
}
/* check timestamp */ if (safe.safe_body.r_address
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) { && auth_context->local_address
krb5_timestamp sec; && !krb5_address_compare (context,
auth_context->local_address,
safe.safe_body.r_address)) {
ret = KRB5KRB_AP_ERR_BADADDR;
krb5_clear_error_string (context);
goto failure;
}
krb5_timeofday (context, &sec); /* check timestamp */
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
krb5_timestamp sec;
if (safe.safe_body.timestamp == NULL || krb5_timeofday (context, &sec);
safe.safe_body.usec == NULL ||
abs(*safe.safe_body.timestamp - sec) > context->max_skew) {
ret = KRB5KRB_AP_ERR_SKEW;
krb5_clear_error_string (context);
goto failure;
}
}
/* XXX - check replay cache */
/* check sequence number. since MIT krb5 cannot generate a sequence if (safe.safe_body.timestamp == NULL ||
number of zero but instead generates no sequence number, we accept that safe.safe_body.usec == NULL ||
*/ abs(*safe.safe_body.timestamp - sec) > context->max_skew) {
ret = KRB5KRB_AP_ERR_SKEW;
krb5_clear_error_string (context);
goto failure;
}
}
/* XXX - check replay cache */
if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) { /* check sequence number. since MIT krb5 cannot generate a sequence
if ((safe.safe_body.seq_number == NULL number of zero but instead generates no sequence number, we accept that
&& auth_context->remote_seqnumber != 0) */
|| (safe.safe_body.seq_number != NULL
&& *safe.safe_body.seq_number !=
auth_context->remote_seqnumber)) {
ret = KRB5KRB_AP_ERR_BADORDER;
krb5_clear_error_string (context);
goto failure;
}
auth_context->remote_seqnumber++;
}
ret = verify_checksum (context, auth_context, &safe); if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
if (ret) if ((safe.safe_body.seq_number == NULL
goto failure; && auth_context->remote_seqnumber != 0)
|| (safe.safe_body.seq_number != NULL
&& *safe.safe_body.seq_number !=
auth_context->remote_seqnumber)) {
ret = KRB5KRB_AP_ERR_BADORDER;
krb5_clear_error_string (context);
goto failure;
}
auth_context->remote_seqnumber++;
}
ret = verify_checksum (context, auth_context, &safe);
if (ret)
goto failure;
outbuf->length = safe.safe_body.user_data.length; outbuf->length = safe.safe_body.user_data.length;
outbuf->data = malloc(outbuf->length); outbuf->data = malloc(outbuf->length);
if (outbuf->data == NULL) { if (outbuf->data == NULL) {
ret = ENOMEM; ret = ENOMEM;
krb5_set_error_string (context, "malloc: out of memory"); krb5_set_error_string (context, "malloc: out of memory");
goto failure; goto failure;
} }
memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length); memcpy (outbuf->data, safe.safe_body.user_data.data, outbuf->length);
free_KRB_SAFE (&safe);
return 0; if ((auth_context->flags &
failure: (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
free_KRB_SAFE (&safe); /* if these fields are not present in the safe-part, silently
return ret; return zero */
memset(outdata, 0, sizeof(*outdata));
if(safe.safe_body.timestamp)
outdata->timestamp = *safe.safe_body.timestamp;
if(safe.safe_body.usec)
outdata->usec = *safe.safe_body.usec;
if(safe.safe_body.seq_number)
outdata->seq = *safe.safe_body.seq_number;
}
failure:
free_KRB_SAFE (&safe);
return ret;
} }