2 * Copyright (c) 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <digest_asn1.h>
38 RCSID("$Id: digest.c,v 1.7 2006/10/22 20:11:44 lha Exp $");
41 _kdc_do_digest(krb5_context context,
42 krb5_kdc_configuration *config,
43 const DigestREQ *req, krb5_data *reply,
44 const char *from, struct sockaddr *addr)
46 krb5_error_code ret = 0;
47 krb5_ticket *ticket = NULL;
48 krb5_auth_context ac = NULL;
49 krb5_keytab id = NULL;
50 krb5_crypto crypto = NULL;
54 krb5_flags ap_req_options;
57 krb5_storage *sp = NULL;
59 hdb_entry_ex *server = NULL, *user = NULL;
60 char *password = NULL;
61 krb5_data serverNonce;
63 if(!config->enable_digest) {
64 kdc_log(context, config, 0, "Rejected digest request from %s", from);
65 return KRB5KDC_ERR_POLICY;
69 krb5_data_zero(reply);
70 krb5_data_zero(&serverNonce);
71 memset(&ireq, 0, sizeof(ireq));
72 memset(&r, 0, sizeof(r));
73 memset(&rep, 0, sizeof(rep));
75 kdc_log(context, config, 0, "Digest request from %s", from);
77 ret = krb5_kt_resolve(context, "HDB:", &id);
79 kdc_log(context, config, 0, "Can't open database for digest");
83 ret = krb5_rd_req(context,
93 /* check the server principal in the ticket matches digest/R@R */
95 krb5_principal principal = NULL;
98 ret = krb5_ticket_get_server(context, ticket, &principal);
103 krb5_set_error_string(context, "Wrong digest server principal used");
104 p = krb5_principal_get_comp_string(context, principal, 0);
106 krb5_free_principal(context, principal);
109 if (strcmp(p, KRB5_DIGEST_NAME) != 0) {
110 krb5_free_principal(context, principal);
114 p = krb5_principal_get_comp_string(context, principal, 1);
116 krb5_free_principal(context, principal);
119 r = krb5_principal_get_realm(context, principal);
121 krb5_free_principal(context, principal);
124 if (strcmp(p, r) != 0) {
125 krb5_free_principal(context, principal);
129 ret = _kdc_db_fetch(context, config, principal,
130 HDB_F_GET_SERVER, NULL, &server);
134 krb5_free_principal(context, principal);
137 /* check the client is allowed to do digest auth */
139 krb5_principal principal = NULL;
140 hdb_entry_ex *client;
142 ret = krb5_ticket_get_client(context, ticket, &principal);
146 ret = _kdc_db_fetch(context, config, principal,
147 HDB_F_GET_CLIENT, NULL, &client);
148 krb5_free_principal(context, principal);
152 if (client->entry.flags.allow_digest == 0) {
153 krb5_set_error_string(context,
154 "Client is not permitted to use digest");
155 ret = KRB5KDC_ERR_POLICY;
156 _kdc_free_ent (context, client);
159 _kdc_free_ent (context, client);
166 ret = krb5_auth_con_getremotesubkey(context, ac, &key);
170 krb5_set_error_string(context, "digest: remote subkey not found");
175 ret = krb5_crypto_init(context, key, 0, &crypto);
176 krb5_free_keyblock (context, key);
181 ret = krb5_decrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT,
182 &req->innerReq, &buf);
183 krb5_crypto_destroy(context, crypto);
188 ret = decode_DigestReqInner(buf.data, buf.length, &ireq, NULL);
189 krb5_data_free(&buf);
191 krb5_set_error_string(context, "Failed to decode digest inner request");
196 * Process the inner request
199 switch (ireq.element) {
200 case choice_DigestReqInner_init: {
201 unsigned char server_nonce[16], identifier;
203 RAND_pseudo_bytes(&identifier, sizeof(identifier));
204 RAND_pseudo_bytes(server_nonce, sizeof(server_nonce));
206 server_nonce[0] = kdc_time & 0xff;
207 server_nonce[1] = (kdc_time >> 8) & 0xff;
208 server_nonce[2] = (kdc_time >> 16) & 0xff;
209 server_nonce[3] = (kdc_time >> 24) & 0xff;
211 r.element = choice_DigestRepInner_initReply;
213 hex_encode(server_nonce, sizeof(server_nonce), &r.u.initReply.nonce);
214 if (r.u.initReply.nonce == NULL) {
215 krb5_set_error_string(context, "Failed to decode server nonce");
220 sp = krb5_storage_emem();
223 krb5_set_error_string(context, "out of memory");
226 ret = krb5_store_stringz(sp, ireq.u.init.type);
228 krb5_clear_error_string(context);
232 if (ireq.u.init.channel) {
235 asprintf(&s, "%s-%s:%s", r.u.initReply.nonce,
236 ireq.u.init.channel->cb_type,
237 ireq.u.init.channel->cb_binding);
239 krb5_set_error_string(context, "Failed to allocate "
244 free(r.u.initReply.nonce);
245 r.u.initReply.nonce = s;
248 ret = krb5_store_stringz(sp, r.u.initReply.nonce);
250 krb5_clear_error_string(context);
254 if (strcasecmp(ireq.u.init.type, "CHAP") == 0) {
255 r.u.initReply.identifier =
256 malloc(sizeof(*r.u.initReply.identifier));
257 if (r.u.initReply.identifier == NULL) {
258 krb5_set_error_string(context, "out of memory");
263 asprintf(r.u.initReply.identifier, "%02X", identifier & 0xff);
264 if (*r.u.initReply.identifier == NULL) {
265 krb5_set_error_string(context, "out of memory");
270 ret = krb5_store_stringz(sp, *r.u.initReply.identifier);
272 krb5_clear_error_string(context);
276 r.u.initReply.identifier = NULL;
278 if (ireq.u.init.hostname) {
279 ret = krb5_store_stringz(sp, *ireq.u.init.hostname);
281 krb5_clear_error_string(context);
286 ret = krb5_storage_to_data(sp, &buf);
288 krb5_clear_error_string(context);
294 krb5_enctype enctype;
296 ret = _kdc_get_preferred_key(context,
304 ret = krb5_crypto_init(context, &key->key, 0, &crypto);
309 ret = krb5_create_checksum(context,
311 KRB5_KU_DIGEST_OPAQUE,
316 krb5_crypto_destroy(context, crypto);
318 krb5_data_free(&buf);
322 ASN1_MALLOC_ENCODE(Checksum, buf.data, buf.length, &res, &size, ret);
325 krb5_set_error_string(context, "Failed to encode "
326 "checksum in digest request");
329 if (size != buf.length)
330 krb5_abortx(context, "ASN1 internal error");
332 hex_encode(buf.data, buf.length, &r.u.initReply.opaque);
334 if (r.u.initReply.opaque == NULL) {
335 krb5_clear_error_string(context);
342 case choice_DigestReqInner_digestRequest: {
343 krb5_principal clientprincipal;
346 sp = krb5_storage_emem();
349 krb5_set_error_string(context, "out of memory");
352 krb5_store_stringz(sp, ireq.u.digestRequest.type);
354 krb5_store_stringz(sp, ireq.u.digestRequest.serverNonce);
355 if (ireq.u.digestRequest.identifier) {
356 ret = krb5_store_stringz(sp, *ireq.u.digestRequest.identifier);
358 krb5_clear_error_string(context);
362 if (ireq.u.digestRequest.hostname) {
363 ret = krb5_store_stringz(sp, *ireq.u.digestRequest.hostname);
365 krb5_clear_error_string(context);
370 buf.length = strlen(ireq.u.digestRequest.opaque);
371 buf.data = malloc(buf.length);
372 if (buf.data == NULL) {
373 krb5_set_error_string(context, "out of memory");
378 ret = hex_decode(ireq.u.digestRequest.opaque, buf.data, buf.length);
380 krb5_set_error_string(context, "Failed to decode opaque");
386 ret = decode_Checksum(buf.data, buf.length, &res, NULL);
389 krb5_set_error_string(context, "Failed to decode digest Checksum");
393 ret = krb5_storage_to_data(sp, &buf);
395 krb5_clear_error_string(context);
399 serverNonce.length = strlen(ireq.u.digestRequest.serverNonce);
400 serverNonce.data = malloc(serverNonce.length);
401 if (serverNonce.data == NULL) {
402 krb5_set_error_string(context, "out of memory");
408 * CHAP does the checksum of the raw nonce, but do it for all
409 * types, since we need to check the timestamp.
414 ssize = hex_decode(ireq.u.digestRequest.serverNonce,
415 serverNonce.data, serverNonce.length);
417 krb5_set_error_string(context, "Failed to decode serverNonce");
421 serverNonce.length = ssize;
426 krb5_enctype enctype;
428 ret = _kdc_get_preferred_key(context,
436 ret = krb5_crypto_init(context, &key->key, 0, &crypto);
441 ret = krb5_verify_checksum(context, crypto,
442 KRB5_KU_DIGEST_OPAQUE,
443 buf.data, buf.length, &res);
444 krb5_crypto_destroy(context, crypto);
451 unsigned char *p = serverNonce.data;
454 if (serverNonce.length < 4) {
455 krb5_set_error_string(context, "server nonce too short");
459 t = p[0] | (p[1] << 8) | (p[2] << 16) | (p[3] << 24);
461 if (abs((kdc_time & 0xffffffff) - t) > context->max_skew) {
462 krb5_set_error_string(context, "time screw in server nonce ");
469 ret = krb5_parse_name(context,
470 ireq.u.digestRequest.username,
475 ret = _kdc_db_fetch(context, config, clientprincipal,
476 HDB_F_GET_CLIENT, &db, &user);
478 krb5_free_principal(context, clientprincipal);
482 ret = hdb_entry_get_password(context, db, &user->entry, &password);
483 if (ret || password == NULL) {
486 krb5_set_error_string(context, "password missing");
491 if (strcasecmp(ireq.u.digestRequest.type, "CHAP") == 0) {
493 unsigned char md[MD5_DIGEST_LENGTH];
496 if (ireq.u.digestRequest.identifier == NULL) {
497 krb5_set_error_string(context, "Identifier missing "
498 "from CHAP request");
503 if (hex_decode(*ireq.u.digestRequest.identifier, &id, 1) != 1) {
504 krb5_set_error_string(context, "failed to decode identifier");
510 MD5_Update(&ctx, &id, 1);
511 MD5_Update(&ctx, password, strlen(password));
512 MD5_Update(&ctx, serverNonce.data, serverNonce.length);
515 r.element = choice_DigestRepInner_response;
516 hex_encode(md, sizeof(md), &r.u.response.responseData);
517 if (r.u.response.responseData == NULL) {
518 krb5_clear_error_string(context);
522 } else if (strcasecmp(ireq.u.digestRequest.type, "SASL-DIGEST-MD5") == 0) {
524 unsigned char md[MD5_DIGEST_LENGTH];
527 if (ireq.u.digestRequest.nonceCount == NULL)
529 if (ireq.u.digestRequest.clientNonce == NULL)
531 if (ireq.u.digestRequest.qop == NULL)
533 if (ireq.u.digestRequest.realm == NULL)
537 MD5_Update(&ctx, ireq.u.digestRequest.username,
538 strlen(ireq.u.digestRequest.username));
539 MD5_Update(&ctx, ":", 1);
540 MD5_Update(&ctx, *ireq.u.digestRequest.realm,
541 strlen(*ireq.u.digestRequest.realm));
542 MD5_Update(&ctx, ":", 1);
543 MD5_Update(&ctx, password, strlen(password));
547 MD5_Update(&ctx, md, sizeof(md));
548 MD5_Update(&ctx, ":", 1);
549 MD5_Update(&ctx, ireq.u.digestRequest.serverNonce,
550 strlen(ireq.u.digestRequest.serverNonce));
551 MD5_Update(&ctx, ":", 1);
552 MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount,
553 strlen(*ireq.u.digestRequest.nonceCount));
554 if (ireq.u.digestRequest.authid) {
555 MD5_Update(&ctx, ":", 1);
556 MD5_Update(&ctx, *ireq.u.digestRequest.authid,
557 strlen(*ireq.u.digestRequest.authid));
560 hex_encode(md, sizeof(md), &A1);
562 krb5_set_error_string(context, "out of memory");
568 MD5_Update(&ctx, "AUTHENTICATE:", sizeof("AUTHENTICATE:") - 1);
569 MD5_Update(&ctx, *ireq.u.digestRequest.uri,
570 strlen(*ireq.u.digestRequest.uri));
573 if (strcmp(ireq.u.digestRequest.digest, "clear") != 0) {
574 static char conf_zeros[] = ":00000000000000000000000000000000";
575 MD5_Update(&ctx, conf_zeros, sizeof(conf_zeros) - 1);
579 hex_encode(md, sizeof(md), &A2);
581 krb5_set_error_string(context, "out of memory");
588 MD5_Update(&ctx, A1, strlen(A2));
589 MD5_Update(&ctx, ":", 1);
590 MD5_Update(&ctx, ireq.u.digestRequest.serverNonce,
591 strlen(ireq.u.digestRequest.serverNonce));
592 MD5_Update(&ctx, ":", 1);
593 MD5_Update(&ctx, *ireq.u.digestRequest.nonceCount,
594 strlen(*ireq.u.digestRequest.nonceCount));
595 MD5_Update(&ctx, ":", 1);
596 MD5_Update(&ctx, *ireq.u.digestRequest.clientNonce,
597 strlen(*ireq.u.digestRequest.clientNonce));
598 MD5_Update(&ctx, ":", 1);
599 MD5_Update(&ctx, *ireq.u.digestRequest.qop,
600 strlen(*ireq.u.digestRequest.qop));
601 MD5_Update(&ctx, ":", 1);
602 MD5_Update(&ctx, A2, strlen(A2));
606 r.element = choice_DigestRepInner_response;
607 hex_encode(md, sizeof(md), &r.u.response.responseData);
612 if (r.u.response.responseData == NULL) {
613 krb5_set_error_string(context, "out of memory");
619 r.element = choice_DigestRepInner_error;
620 asprintf(&r.u.error.reason, "unsupported digest type %s",
621 ireq.u.digestRequest.type);
622 if (r.u.error.reason == NULL) {
623 krb5_set_error_string(context, "out of memory");
627 r.u.error.code = EINVAL;
633 r.element = choice_DigestRepInner_error;
634 r.u.error.reason = strdup("unknown operation");
635 if (r.u.error.reason == NULL) {
636 krb5_set_error_string(context, "out of memory");
640 r.u.error.code = EINVAL;
644 ASN1_MALLOC_ENCODE(DigestRepInner, buf.data, buf.length, &r, &size, ret);
646 krb5_set_error_string(context, "Failed to encode inner digest reply");
649 if (size != buf.length)
650 krb5_abortx(context, "ASN1 internal error");
652 krb5_auth_con_addflags(context, ac, KRB5_AUTH_CONTEXT_USE_SUBKEY, NULL);
654 ret = krb5_mk_rep (context, ac, &rep.apRep);
661 ret = krb5_auth_con_getlocalsubkey(context, ac, &key);
665 ret = krb5_crypto_init(context, key, 0, &crypto);
666 krb5_free_keyblock (context, key);
671 ret = krb5_encrypt_EncryptedData(context, crypto, KRB5_KU_DIGEST_ENCRYPT,
672 buf.data, buf.length, 0,
675 ASN1_MALLOC_ENCODE(DigestREP, reply->data, reply->length, &rep, &size, ret);
677 krb5_set_error_string(context, "Failed to encode digest reply");
680 if (size != reply->length)
681 krb5_abortx(context, "ASN1 internal error");
686 krb5_auth_con_free(context, ac);
688 krb5_warn(context, ret, "Digest request from %s failed", from);
690 krb5_free_ticket(context, ticket);
692 krb5_kt_close(context, id);
694 krb5_crypto_destroy(context, crypto);
696 krb5_storage_free(sp);
698 _kdc_free_ent (context, user);
700 _kdc_free_ent (context, server);
702 memset(password, 0, strlen(password));
705 krb5_data_free(&buf);
706 krb5_data_free(&serverNonce);
707 free_DigestREP(&rep);
708 free_DigestRepInner(&r);
709 free_DigestReqInner(&ireq);