search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libtommath: Fix possible integer overflow CVE-2023-36328
[heimdal.git] / kdc / mssfu.c
blobc9e42bcfcbb5d23baeafaabb306552c2df0aa277
1 /*
2 * Copyright (c) 1997-2008 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "kdc_locl.h"
35
36 /*
37 * [MS-SFU] Kerberos Protocol Extensions:
38 * Service for User (S4U2Self) and Constrained Delegation Protocol (S4U2Proxy)
39 * https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-sfu/
40 */
41
42 /*
43 * Determine if constrained delegation is allowed from this client to this server
44 */
45
46 static krb5_error_code
47 check_constrained_delegation(krb5_context context,
48 krb5_kdc_configuration *config,
49 HDB *clientdb,
50 hdb_entry *client,
51 hdb_entry *server,
52 krb5_const_principal target)
53 {
54 const HDB_Ext_Constrained_delegation_acl *acl;
55 krb5_error_code ret;
56 size_t i;
57
58 /*
59 * constrained delegation (S4U2Proxy) only works within
60 * the same realm. We use the already canonicalized version
61 * of the principals here, while "target" is the principal
62 * provided by the client.
63 */
64 if (!krb5_realm_compare(context, client->principal, server->principal)) {
65 ret = KRB5KDC_ERR_BADOPTION;
66 kdc_log(context, config, 4,
67 "Bad request for constrained delegation");
68 return ret;
69 }
70
71 if (clientdb->hdb_check_constrained_delegation) {
72 ret = clientdb->hdb_check_constrained_delegation(context, clientdb, client, target);
73 if (ret == 0)
74 return 0;
75 } else {
76 /* if client delegates to itself, that ok */
77 if (krb5_principal_compare(context, client->principal, server->principal) == TRUE)
78 return 0;
79
80 ret = hdb_entry_get_ConstrainedDelegACL(client, &acl);
81 if (ret) {
82 krb5_clear_error_message(context);
83 return ret;
84 }
85
86 if (acl) {
87 for (i = 0; i < acl->len; i++) {
88 if (krb5_principal_compare(context, target, &acl->val[i]) == TRUE)
89 return 0;
90 }
91 }
92 ret = KRB5KDC_ERR_BADOPTION;
93 }
94 kdc_log(context, config, 4,
95 "Bad request for constrained delegation");
96 return ret;
97 }
98
99 /*
100 * Validate a protocol transition (S4U2Self) request. If present and
101 * successfully validated then the client in the request structure
102 * will be replaced with the impersonated client.
103 */
104
105 static krb5_error_code
106 validate_protocol_transition(astgs_request_t r)
107 {
108 krb5_error_code ret;
109 KDC_REQ_BODY *b = &r->req.req_body;
110 EncTicketPart *ticket = &r->ticket->ticket;
111 hdb_entry *s4u_client = NULL;
112 HDB *s4u_clientdb;
113 int flags = HDB_F_FOR_TGS_REQ;
114 krb5_principal s4u_client_name = NULL, s4u_canon_client_name = NULL;
115 krb5_pac s4u_pac = NULL;
116 const PA_DATA *sdata;
117 char *s4ucname = NULL;
118 int i = 0;
119 krb5_crypto crypto;
120 krb5_data datack;
121 PA_S4U2Self self;
122 const char *str;
123
124 if (r->client == NULL)
125 return 0;
126
127 sdata = _kdc_find_padata(&r->req, &i, KRB5_PADATA_FOR_USER);
128 if (sdata == NULL)
129 return 0;
130
131 memset(&self, 0, sizeof(self));
132
133 if (b->kdc_options.canonicalize)
134 flags |= HDB_F_CANON;
135
136 ret = decode_PA_S4U2Self(sdata->padata_value.data,
137 sdata->padata_value.length,
138 &self, NULL);
139 if (ret) {
140 kdc_audit_addreason((kdc_request_t)r,
141 "Failed to decode PA-S4U2Self");
142 kdc_log(r->context, r->config, 4, "Failed to decode PA-S4U2Self");
143 goto out;
144 }
145
146 if (!krb5_checksum_is_keyed(r->context, self.cksum.cksumtype)) {
147 kdc_audit_addreason((kdc_request_t)r,
148 "PA-S4U2Self with unkeyed checksum");
149 kdc_log(r->context, r->config, 4, "Reject PA-S4U2Self with unkeyed checksum");
150 ret = KRB5KRB_AP_ERR_INAPP_CKSUM;
151 goto out;
152 }
153
154 ret = _krb5_s4u2self_to_checksumdata(r->context, &self, &datack);
155 if (ret)
156 goto out;
157
158 ret = krb5_crypto_init(r->context, &ticket->key, 0, &crypto);
159 if (ret) {
160 const char *msg = krb5_get_error_message(r->context, ret);
161 krb5_data_free(&datack);
162 kdc_log(r->context, r->config, 4, "krb5_crypto_init failed: %s", msg);
163 krb5_free_error_message(r->context, msg);
164 goto out;
165 }
166
167 /* Allow HMAC_MD5 checksum with any key type */
168 if (self.cksum.cksumtype == CKSUMTYPE_HMAC_MD5) {
169 struct krb5_crypto_iov iov;
170 unsigned char csdata[16];
171 Checksum cs;
172
173 cs.checksum.length = sizeof(csdata);
174 cs.checksum.data = &csdata;
175
176 iov.data.data = datack.data;
177 iov.data.length = datack.length;
178 iov.flags = KRB5_CRYPTO_TYPE_DATA;
179
180 ret = _krb5_HMAC_MD5_checksum(r->context, NULL, &crypto->key,
181 KRB5_KU_OTHER_CKSUM, &iov, 1,
182 &cs);
183 if (ret == 0 &&
184 krb5_data_ct_cmp(&cs.checksum, &self.cksum.checksum) != 0)
185 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
186 } else {
187 ret = _kdc_verify_checksum(r->context,
188 crypto,
189 KRB5_KU_OTHER_CKSUM,
190 &datack,
191 &self.cksum);
192 }
193 krb5_data_free(&datack);
194 krb5_crypto_destroy(r->context, crypto);
195 if (ret) {
196 const char *msg = krb5_get_error_message(r->context, ret);
197 kdc_audit_addreason((kdc_request_t)r,
198 "S4U2Self checksum failed");
199 kdc_log(r->context, r->config, 4,
200 "krb5_verify_checksum failed for S4U2Self: %s", msg);
201 krb5_free_error_message(r->context, msg);
202 goto out;
203 }
204
205 ret = _krb5_principalname2krb5_principal(r->context,
206 &s4u_client_name,
207 self.name,
208 self.realm);
209 if (ret)
210 goto out;
211
212 ret = krb5_unparse_name(r->context, s4u_client_name, &s4ucname);
213 if (ret)
214 goto out;
215
216 /*
217 * Note no HDB_F_SYNTHETIC_OK -- impersonating non-existent clients
218 * is probably not desirable!
219 */
220 ret = _kdc_db_fetch(r->context, r->config, s4u_client_name,
221 HDB_F_GET_CLIENT | flags, NULL,
222 &s4u_clientdb, &s4u_client);
223 if (ret) {
224 const char *msg;
225
226 /*
227 * If the client belongs to the same realm as our krbtgt, it
228 * should exist in the local database.
229 *
230 */
231 if (ret == HDB_ERR_NOENTRY)
232 ret = KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN;
233 msg = krb5_get_error_message(r->context, ret);
234 kdc_audit_addreason((kdc_request_t)r,
235 "S4U2Self principal to impersonate not found");
236 kdc_log(r->context, r->config, 2,
237 "S4U2Self principal to impersonate %s not found in database: %s",
238 s4ucname, msg);
239 krb5_free_error_message(r->context, msg);
240 goto out;
241 }
242
243 /*
244 * Ignore require_pwchange and pw_end attributes (as Windows does),
245 * since S4U2Self is not password authentication.
246 */
247 s4u_client->flags.require_pwchange = FALSE;
248 free(s4u_client->pw_end);
249 s4u_client->pw_end = NULL;
250
251 ret = kdc_check_flags(r, FALSE, s4u_client, r->server);
252 if (ret)
253 goto out; /* kdc_check_flags() calls kdc_audit_addreason() */
254
255 ret = _kdc_pac_generate(r,
256 s4u_client,
257 r->server,
258 NULL,
259 KRB5_PAC_WAS_GIVEN_IMPLICITLY,
260 &s4u_pac);
261 if (ret) {
262 kdc_log(r->context, r->config, 4, "PAC generation failed for -- %s", s4ucname);
263 goto out;
264 }
265
266 /*
267 * Check that service doing the impersonating is
268 * requesting a ticket to it-self.
269 */
270 ret = _kdc_check_client_matches_target_service(r->context,
271 r->config,
272 r->clientdb,
273 r->client,
274 r->server,
275 r->server_princ);
276 if (ret) {
277 kdc_log(r->context, r->config, 4, "S4U2Self: %s is not allowed "
278 "to impersonate to service "
279 "(tried for user %s to service %s)",
280 r->cname, s4ucname, r->sname);
281 goto out;
282 }
283
284 ret = krb5_copy_principal(r->context, s4u_client->principal,
285 &s4u_canon_client_name);
286 if (ret)
287 goto out;
288
289 /*
290 * If the service isn't trusted for authentication to
291 * delegation or if the impersonate client is disallowed
292 * forwardable, remove the forwardable flag.
293 */
294 if (r->client->flags.trusted_for_delegation &&
295 s4u_client->flags.forwardable) {
296 str = " [forwardable]";
297 } else {
298 b->kdc_options.forwardable = 0;
299 str = "";
300 }
301 kdc_log(r->context, r->config, 4, "s4u2self %s impersonating %s to "
302 "service %s%s", r->cname, s4ucname, r->sname, str);
303
304 /*
305 * Replace all client information in the request with the
306 * impersonated client. (The audit entry containing the original
307 * client name will have been created before this point.)
308 */
309 _kdc_request_set_cname_nocopy((kdc_request_t)r, &s4ucname);
310 _kdc_request_set_client_princ_nocopy(r, &s4u_client_name);
311
312 _kdc_free_ent(r->context, r->clientdb, r->client);
313 r->client = s4u_client;
314 s4u_client = NULL;
315 r->clientdb = s4u_clientdb;
316 s4u_clientdb = NULL;
317
318 _kdc_request_set_canon_client_princ_nocopy(r, &s4u_canon_client_name);
319 _kdc_request_set_pac_nocopy(r, &s4u_pac);
320
321 out:
322 if (s4u_client)
323 _kdc_free_ent(r->context, s4u_clientdb, s4u_client);
324 krb5_free_principal(r->context, s4u_client_name);
325 krb5_xfree(s4ucname);
326 krb5_free_principal(r->context, s4u_canon_client_name);
327 krb5_pac_free(r->context, s4u_pac);
328
329 free_PA_S4U2Self(&self);
330
331 return ret;
332 }
333
334 /*
335 * Validate a constrained delegation (S4U2Proxy) request. If present
336 * and successfully validated then the client in the request structure
337 * will be replaced with the client from the evidence ticket.
338 */
339
340 static krb5_error_code
341 validate_constrained_delegation(astgs_request_t r)
342 {
343 krb5_error_code ret;
344 KDC_REQ_BODY *b = &r->req.req_body;
345 int flags = HDB_F_FOR_TGS_REQ;
346 krb5_principal s4u_client_name = NULL, s4u_server_name = NULL;
347 krb5_principal s4u_canon_client_name = NULL;
348 krb5_pac s4u_pac = NULL;
349 uint64_t s4u_pac_attributes;
350 char *s4ucname = NULL, *s4usname = NULL;
351 EncTicketPart evidence_tkt;
352 HDB *s4u_clientdb;
353 hdb_entry *s4u_client = NULL;
354 krb5_boolean ad_kdc_issued = FALSE;
355 Key *clientkey;
356 Ticket *t;
357 krb5_const_realm local_realm;
358
359 if (r->client == NULL
360 || b->additional_tickets == NULL
361 || b->additional_tickets->len == 0
362 || b->kdc_options.cname_in_addl_tkt == 0
363 || b->kdc_options.enc_tkt_in_skey)
364 return 0;
365
366 memset(&evidence_tkt, 0, sizeof(evidence_tkt));
367 local_realm =
368 krb5_principal_get_comp_string(r->context, r->krbtgt->principal, 1);
369
370 /*
371 * We require that the service's TGT has a PAC; this will have been
372 * validated prior to this function being called.
373 */
374 if (r->pac == NULL) {
375 ret = KRB5KDC_ERR_BADOPTION;
376 kdc_audit_addreason((kdc_request_t)r, "Missing PAC");
377 kdc_log(r->context, r->config, 4,
378 "Constrained delegation without PAC, %s/%s",
379 r->cname, r->sname);
380 goto out;
381 }
382
383 t = &b->additional_tickets->val[0];
384
385 ret = hdb_enctype2key(r->context, r->client,
386 hdb_kvno2keys(r->context, r->client,
387 t->enc_part.kvno ? * t->enc_part.kvno : 0),
388 t->enc_part.etype, &clientkey);
389 if (ret) {
390 ret = KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */
391 goto out;
392 }
393
394 ret = krb5_decrypt_ticket(r->context, t, &clientkey->key, &evidence_tkt, 0);
395 if (ret) {
396 kdc_audit_addreason((kdc_request_t)r,
397 "Failed to decrypt constrained delegation ticket");
398 kdc_log(r->context, r->config, 4,
399 "failed to decrypt ticket for "
400 "constrained delegation from %s to %s", r->cname, r->sname);
401 goto out;
402 }
403
404 ret = _krb5_principalname2krb5_principal(r->context,
405 &s4u_client_name,
406 evidence_tkt.cname,
407 evidence_tkt.crealm);
408 if (ret)
409 goto out;
410
411 ret = krb5_unparse_name(r->context, s4u_client_name, &s4ucname);
412 if (ret)
413 goto out;
414
415 kdc_audit_addkv((kdc_request_t)r, 0, "impersonatee", "%s", s4ucname);
416
417 ret = _krb5_principalname2krb5_principal(r->context,
418 &s4u_server_name,
419 t->sname,
420 t->realm);
421 if (ret)
422 goto out;
423
424 ret = krb5_unparse_name(r->context, s4u_server_name, &s4usname);
425 if (ret)
426 goto out;
427
428 /* check that ticket is valid */
429 if (evidence_tkt.flags.forwardable == 0) {
430 kdc_audit_addreason((kdc_request_t)r,
431 "Missing forwardable flag on ticket for constrained delegation");
432 kdc_log(r->context, r->config, 4,
433 "Missing forwardable flag on ticket for "
434 "constrained delegation from %s (%s) as %s to %s ",
435 r->cname, s4usname, s4ucname, r->sname);
436 ret = KRB5KDC_ERR_BADOPTION;
437 goto out;
438 }
439
440 ret = check_constrained_delegation(r->context, r->config, r->clientdb,
441 r->client, r->server, r->server_princ);
442 if (ret) {
443 kdc_audit_addreason((kdc_request_t)r,
444 "Constrained delegation not allowed");
445 kdc_log(r->context, r->config, 4,
446 "constrained delegation from %s (%s) as %s to %s not allowed",
447 r->cname, s4usname, s4ucname, r->sname);
448 goto out;
449 }
450
451 ret = _kdc_verify_flags(r->context, r->config, &evidence_tkt, s4ucname);
452 if (ret) {
453 kdc_audit_addreason((kdc_request_t)r,
454 "Constrained delegation ticket expired or invalid");
455 goto out;
456 }
457
458 /* Try lookup the delegated client in DB */
459 ret = _kdc_db_fetch_client(r->context, r->config, flags,
460 s4u_client_name, s4ucname, local_realm,
461 &s4u_clientdb, &s4u_client);
462 if (ret)
463 goto out;
464
465 if (s4u_client != NULL) {
466 ret = kdc_check_flags(r, FALSE, s4u_client, r->server);
467 if (ret)
468 goto out;
469 }
470
471 /*
472 * TODO: pass in t->sname and t->realm and build
473 * a S4U_DELEGATION_INFO blob to the PAC.
474 */
475 ret = _kdc_check_pac(r, s4u_client_name, s4u_server_name,
476 s4u_client, r->server, r->krbtgt, r->client,
477 &clientkey->key, &r->ticket_key->key, &evidence_tkt,
478 &ad_kdc_issued, &s4u_pac,
479 &s4u_canon_client_name, &s4u_pac_attributes);
480 if (ret) {
481 const char *msg = krb5_get_error_message(r->context, ret);
482 kdc_audit_addreason((kdc_request_t)r,
483 "Constrained delegation ticket PAC check failed");
484 kdc_log(r->context, r->config, 4,
485 "Verify delegated PAC failed to %s for client"
486 "%s (%s) as %s from %s with %s",
487 r->sname, r->cname, s4usname, s4ucname, r->from, msg);
488 krb5_free_error_message(r->context, msg);
489 goto out;
490 }
491
492 if (s4u_pac == NULL || !ad_kdc_issued) {
493 ret = KRB5KDC_ERR_BADOPTION;
494 kdc_log(r->context, r->config, 4,
495 "Ticket not signed with PAC; service %s failed for "
496 "for delegation to %s for client %s (%s) from %s; (%s).",
497 r->sname, s4ucname, s4usname, r->cname, r->from,
498 s4u_pac ? "Ticket unsigned" : "No PAC");
499 kdc_audit_addreason((kdc_request_t)r,
500 "Constrained delegation ticket not signed");
501 goto out;
502 }
503
504 /*
505 * If the evidence ticket PAC didn't include PAC_UPN_DNS_INFO with
506 * the canonical client name, but the user is local to our KDC, we
507 * can insert the canonical client name ourselves.
508 */
509 if (s4u_canon_client_name == NULL && s4u_client != NULL) {
510 ret = krb5_copy_principal(r->context, s4u_client->principal,
511 &s4u_canon_client_name);
512 if (ret)
513 goto out;
514 }
515
516 kdc_log(r->context, r->config, 4, "constrained delegation for %s "
517 "from %s (%s) to %s", s4ucname, r->cname, s4usname, r->sname);
518
519 /*
520 * Replace all client information in the request with the
521 * impersonated client. (The audit entry containing the original
522 * client name will have been created before this point.)
523 */
524 _kdc_request_set_cname_nocopy((kdc_request_t)r, &s4ucname);
525 _kdc_request_set_client_princ_nocopy(r, &s4u_client_name);
526
527 _kdc_free_ent(r->context, r->clientdb, r->client);
528 r->client = s4u_client;
529 s4u_client = NULL;
530 r->clientdb = s4u_clientdb;
531 s4u_clientdb = NULL;
532
533 _kdc_request_set_canon_client_princ_nocopy(r, &s4u_canon_client_name);
534 _kdc_request_set_pac_nocopy(r, &s4u_pac);
535
536 r->pac_attributes = s4u_pac_attributes;
537
538 out:
539 if (s4u_client)
540 _kdc_free_ent(r->context, s4u_clientdb, s4u_client);
541 krb5_free_principal(r->context, s4u_client_name);
542 krb5_xfree(s4ucname);
543 krb5_free_principal(r->context, s4u_server_name);
544 krb5_xfree(s4usname);
545 krb5_free_principal(r->context, s4u_canon_client_name);
546 krb5_pac_free(r->context, s4u_pac);
547
548 free_EncTicketPart(&evidence_tkt);
549
550 return ret;
551 }
552
553 /*
554 *
555 */
556
557 krb5_error_code
558 _kdc_validate_services_for_user(astgs_request_t r)
559 {
560 krb5_error_code ret;
561
562 ret = validate_protocol_transition(r);
563 if (ret == 0)
564 ret = validate_constrained_delegation(r);
565
566 return ret;
567 }
Heimdal