search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
No empty .Rs/.Re
[netbsd-mini2440.git] / crypto / dist / heimdal / lib / krb5 / pac.c
blobd5cc6d4b2505cb6bdf03dca3144298d7b9f47ace
1 /*
2 * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include "krb5_locl.h"
35
36 __RCSID("$Heimdal: pac.c 21934 2007-08-27 14:21:04Z lha $"
37 "$NetBSD$");
38
39 struct PAC_INFO_BUFFER {
40 uint32_t type;
41 uint32_t buffersize;
42 uint32_t offset_hi;
43 uint32_t offset_lo;
44 };
45
46 struct PACTYPE {
47 uint32_t numbuffers;
48 uint32_t version;
49 struct PAC_INFO_BUFFER buffers[1];
50 };
51
52 struct krb5_pac_data {
53 struct PACTYPE *pac;
54 krb5_data data;
55 struct PAC_INFO_BUFFER *server_checksum;
56 struct PAC_INFO_BUFFER *privsvr_checksum;
57 struct PAC_INFO_BUFFER *logon_name;
58 };
59
60 #define PAC_ALIGNMENT 8
61
62 #define PACTYPE_SIZE 8
63 #define PAC_INFO_BUFFER_SIZE 16
64
65 #define PAC_SERVER_CHECKSUM 6
66 #define PAC_PRIVSVR_CHECKSUM 7
67 #define PAC_LOGON_NAME 10
68 #define PAC_CONSTRAINED_DELEGATION 11
69
70 #define CHECK(r,f,l) \
71 do { \
72 if (((r) = f ) != 0) { \
73 krb5_clear_error_string(context); \
74 goto l; \
75 } \
76 } while(0)
77
78 static const char zeros[PAC_ALIGNMENT] = { 0 };
79
80 /*
81 *
82 */
83
84 krb5_error_code
85 krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
86 krb5_pac *pac)
87 {
88 krb5_error_code ret;
89 krb5_pac p;
90 krb5_storage *sp = NULL;
91 uint32_t i, tmp, tmp2, header_end;
92
93 p = calloc(1, sizeof(*p));
94 if (p == NULL) {
95 ret = ENOMEM;
96 krb5_set_error_string(context, "out of memory");
97 goto out;
98 }
99
100 sp = krb5_storage_from_readonly_mem(ptr, len);
101 if (sp == NULL) {
102 ret = ENOMEM;
103 krb5_set_error_string(context, "out of memory");
104 goto out;
105 }
106 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
107
108 CHECK(ret, krb5_ret_uint32(sp, &tmp), out);
109 CHECK(ret, krb5_ret_uint32(sp, &tmp2), out);
110 if (tmp < 1) {
111 krb5_set_error_string(context, "PAC have too few buffer");
112 ret = EINVAL; /* Too few buffers */
113 goto out;
114 }
115 if (tmp2 != 0) {
116 krb5_set_error_string(context, "PAC have wrong version");
117 ret = EINVAL; /* Wrong version */
118 goto out;
119 }
120
121 p->pac = calloc(1,
122 sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (tmp - 1)));
123 if (p->pac == NULL) {
124 krb5_set_error_string(context, "out of memory");
125 ret = ENOMEM;
126 goto out;
127 }
128
129 p->pac->numbuffers = tmp;
130 p->pac->version = tmp2;
131
132 header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
133 if (header_end > len) {
134 ret = EINVAL;
135 goto out;
136 }
137
138 for (i = 0; i < p->pac->numbuffers; i++) {
139 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].type), out);
140 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].buffersize), out);
141 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_lo), out);
142 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_hi), out);
143
144 /* consistency checks */
145 if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) {
146 krb5_set_error_string(context, "PAC out of allignment");
147 ret = EINVAL;
148 goto out;
149 }
150 if (p->pac->buffers[i].offset_hi) {
151 krb5_set_error_string(context, "PAC high offset set");
152 ret = EINVAL;
153 goto out;
154 }
155 if (p->pac->buffers[i].offset_lo > len) {
156 krb5_set_error_string(context, "PAC offset off end");
157 ret = EINVAL;
158 goto out;
159 }
160 if (p->pac->buffers[i].offset_lo < header_end) {
161 krb5_set_error_string(context, "PAC offset inside header: %d %d",
162 p->pac->buffers[i].offset_lo, header_end);
163 ret = EINVAL;
164 goto out;
165 }
166 if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){
167 krb5_set_error_string(context, "PAC length off end");
168 ret = EINVAL;
169 goto out;
170 }
171
172 /* let save pointer to data we need later */
173 if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
174 if (p->server_checksum) {
175 krb5_set_error_string(context, "PAC have two server checksums");
176 ret = EINVAL;
177 goto out;
178 }
179 p->server_checksum = &p->pac->buffers[i];
180 } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
181 if (p->privsvr_checksum) {
182 krb5_set_error_string(context, "PAC have two KDC checksums");
183 ret = EINVAL;
184 goto out;
185 }
186 p->privsvr_checksum = &p->pac->buffers[i];
187 } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
188 if (p->logon_name) {
189 krb5_set_error_string(context, "PAC have two logon names");
190 ret = EINVAL;
191 goto out;
192 }
193 p->logon_name = &p->pac->buffers[i];
194 }
195 }
196
197 ret = krb5_data_copy(&p->data, ptr, len);
198 if (ret)
199 goto out;
200
201 krb5_storage_free(sp);
202
203 *pac = p;
204 return 0;
205
206 out:
207 if (sp)
208 krb5_storage_free(sp);
209 if (p) {
210 if (p->pac)
211 free(p->pac);
212 free(p);
213 }
214 *pac = NULL;
215
216 return ret;
217 }
218
219 krb5_error_code
220 krb5_pac_init(krb5_context context, krb5_pac *pac)
221 {
222 krb5_error_code ret;
223 krb5_pac p;
224
225 p = calloc(1, sizeof(*p));
226 if (p == NULL) {
227 krb5_set_error_string(context, "out of memory");
228 return ENOMEM;
229 }
230
231 p->pac = calloc(1, sizeof(*p->pac));
232 if (p->pac == NULL) {
233 free(p);
234 krb5_set_error_string(context, "out of memory");
235 return ENOMEM;
236 }
237
238 ret = krb5_data_alloc(&p->data, PACTYPE_SIZE);
239 if (ret) {
240 free (p->pac);
241 free(p);
242 krb5_set_error_string(context, "out of memory");
243 return ret;
244 }
245
246
247 *pac = p;
248 return 0;
249 }
250
251 krb5_error_code
252 krb5_pac_add_buffer(krb5_context context, krb5_pac p,
253 uint32_t type, const krb5_data *data)
254 {
255 krb5_error_code ret;
256 void *ptr;
257 size_t len, offset, header_end, old_end;
258 uint32_t i;
259
260 len = p->pac->numbuffers;
261
262 ptr = realloc(p->pac,
263 sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * len));
264 if (ptr == NULL) {
265 krb5_set_error_string(context, "out of memory");
266 return ENOMEM;
267 }
268 p->pac = ptr;
269
270 for (i = 0; i < len; i++)
271 p->pac->buffers[i].offset_lo += PAC_INFO_BUFFER_SIZE;
272
273 offset = p->data.length + PAC_INFO_BUFFER_SIZE;
274
275 p->pac->buffers[len].type = type;
276 p->pac->buffers[len].buffersize = data->length;
277 p->pac->buffers[len].offset_lo = offset;
278 p->pac->buffers[len].offset_hi = 0;
279
280 old_end = p->data.length;
281 len = p->data.length + data->length + PAC_INFO_BUFFER_SIZE;
282 if (len < p->data.length) {
283 krb5_set_error_string(context, "integer overrun");
284 return EINVAL;
285 }
286
287 /* align to PAC_ALIGNMENT */
288 len = ((len + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT;
289
290 ret = krb5_data_realloc(&p->data, len);
291 if (ret) {
292 krb5_set_error_string(context, "out of memory");
293 return ret;
294 }
295
296 /*
297 * make place for new PAC INFO BUFFER header
298 */
299 header_end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
300 memmove((unsigned char *)p->data.data + header_end + PAC_INFO_BUFFER_SIZE,
301 (unsigned char *)p->data.data + header_end ,
302 old_end - header_end);
303 memset((unsigned char *)p->data.data + header_end, 0, PAC_INFO_BUFFER_SIZE);
304
305 /*
306 * copy in new data part
307 */
308
309 memcpy((unsigned char *)p->data.data + offset,
310 data->data, data->length);
311 memset((unsigned char *)p->data.data + offset + data->length,
312 0, p->data.length - offset - data->length);
313
314 p->pac->numbuffers += 1;
315
316 return 0;
317 }
318
319 krb5_error_code
320 krb5_pac_get_buffer(krb5_context context, krb5_pac p,
321 uint32_t type, krb5_data *data)
322 {
323 krb5_error_code ret;
324 uint32_t i;
325
326 /*
327 * Hide the checksums from external consumers
328 */
329
330 if (type == PAC_PRIVSVR_CHECKSUM || type == PAC_SERVER_CHECKSUM) {
331 ret = krb5_data_alloc(data, 16);
332 if (ret) {
333 krb5_set_error_string(context, "out of memory");
334 return ret;
335 }
336 memset(data->data, 0, data->length);
337 return 0;
338 }
339
340 for (i = 0; i < p->pac->numbuffers; i++) {
341 size_t len = p->pac->buffers[i].buffersize;
342 size_t offset = p->pac->buffers[i].offset_lo;
343
344 if (p->pac->buffers[i].type != type)
345 continue;
346
347 ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len);
348 if (ret) {
349 krb5_set_error_string(context, "Out of memory");
350 return ret;
351 }
352 return 0;
353 }
354 krb5_set_error_string(context, "No PAC buffer of type %lu was found",
355 (unsigned long)type);
356 return ENOENT;
357 }
358
359 /*
360 *
361 */
362
363 krb5_error_code
364 krb5_pac_get_types(krb5_context context,
365 krb5_pac p,
366 size_t *len,
367 uint32_t **types)
368 {
369 size_t i;
370
371 *types = calloc(p->pac->numbuffers, sizeof(*types));
372 if (*types == NULL) {
373 *len = 0;
374 krb5_set_error_string(context, "out of memory");
375 return ENOMEM;
376 }
377 for (i = 0; i < p->pac->numbuffers; i++)
378 (*types)[i] = p->pac->buffers[i].type;
379 *len = p->pac->numbuffers;
380
381 return 0;
382 }
383
384 /*
385 *
386 */
387
388 void
389 krb5_pac_free(krb5_context context, krb5_pac pac)
390 {
391 krb5_data_free(&pac->data);
392 free(pac->pac);
393 free(pac);
394 }
395
396 /*
397 *
398 */
399
400 static krb5_error_code
401 verify_checksum(krb5_context context,
402 const struct PAC_INFO_BUFFER *sig,
403 const krb5_data *data,
404 void *ptr, size_t len,
405 const krb5_keyblock *key)
406 {
407 krb5_crypto crypto = NULL;
408 krb5_storage *sp = NULL;
409 uint32_t type;
410 krb5_error_code ret;
411 Checksum cksum;
412
413 memset(&cksum, 0, sizeof(cksum));
414
415 sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo,
416 sig->buffersize);
417 if (sp == NULL) {
418 krb5_set_error_string(context, "out of memory");
419 return ENOMEM;
420 }
421 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
422
423 CHECK(ret, krb5_ret_uint32(sp, &type), out);
424 cksum.cksumtype = type;
425 cksum.checksum.length =
426 sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR);
427 cksum.checksum.data = malloc(cksum.checksum.length);
428 if (cksum.checksum.data == NULL) {
429 krb5_set_error_string(context, "out of memory");
430 ret = ENOMEM;
431 goto out;
432 }
433 ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
434 if (ret != cksum.checksum.length) {
435 krb5_set_error_string(context, "PAC checksum missing checksum");
436 ret = EINVAL;
437 goto out;
438 }
439
440 if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) {
441 krb5_set_error_string (context, "Checksum type %d not keyed",
442 cksum.cksumtype);
443 ret = EINVAL;
444 goto out;
445 }
446
447 ret = krb5_crypto_init(context, key, 0, &crypto);
448 if (ret)
449 goto out;
450
451 ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM,
452 ptr, len, &cksum);
453 free(cksum.checksum.data);
454 krb5_crypto_destroy(context, crypto);
455 krb5_storage_free(sp);
456
457 return ret;
458
459 out:
460 if (cksum.checksum.data)
461 free(cksum.checksum.data);
462 if (sp)
463 krb5_storage_free(sp);
464 if (crypto)
465 krb5_crypto_destroy(context, crypto);
466 return ret;
467 }
468
469 static krb5_error_code
470 create_checksum(krb5_context context,
471 const krb5_keyblock *key,
472 void *data, size_t datalen,
473 void *sig, size_t siglen)
474 {
475 krb5_crypto crypto = NULL;
476 krb5_error_code ret;
477 Checksum cksum;
478
479 ret = krb5_crypto_init(context, key, 0, &crypto);
480 if (ret)
481 return ret;
482
483 ret = krb5_create_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 0,
484 data, datalen, &cksum);
485 krb5_crypto_destroy(context, crypto);
486 if (ret)
487 return ret;
488
489 if (cksum.checksum.length != siglen) {
490 krb5_set_error_string(context, "pac checksum wrong length");
491 free_Checksum(&cksum);
492 return EINVAL;
493 }
494
495 memcpy(sig, cksum.checksum.data, siglen);
496 free_Checksum(&cksum);
497
498 return 0;
499 }
500
501
502 /*
503 *
504 */
505
506 #define NTTIME_EPOCH 0x019DB1DED53E8000LL
507
508 static uint64_t
509 unix2nttime(time_t unix_time)
510 {
511 long long wt;
512 wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH;
513 return wt;
514 }
515
516 static krb5_error_code
517 verify_logonname(krb5_context context,
518 const struct PAC_INFO_BUFFER *logon_name,
519 const krb5_data *data,
520 time_t authtime,
521 krb5_const_principal principal)
522 {
523 krb5_error_code ret;
524 krb5_principal p2;
525 uint32_t time1, time2;
526 krb5_storage *sp;
527 uint16_t len;
528 char *s;
529
530 sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo,
531 logon_name->buffersize);
532 if (sp == NULL) {
533 krb5_set_error_string(context, "Out of memory");
534 return ENOMEM;
535 }
536
537 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
538
539 CHECK(ret, krb5_ret_uint32(sp, &time1), out);
540 CHECK(ret, krb5_ret_uint32(sp, &time2), out);
541
542 {
543 uint64_t t1, t2;
544 t1 = unix2nttime(authtime);
545 t2 = ((uint64_t)time2 << 32) | time1;
546 if (t1 != t2) {
547 krb5_storage_free(sp);
548 krb5_set_error_string(context, "PAC timestamp mismatch");
549 return EINVAL;
550 }
551 }
552 CHECK(ret, krb5_ret_uint16(sp, &len), out);
553 if (len == 0) {
554 krb5_storage_free(sp);
555 krb5_set_error_string(context, "PAC logon name length missing");
556 return EINVAL;
557 }
558
559 s = malloc(len);
560 if (s == NULL) {
561 krb5_storage_free(sp);
562 krb5_set_error_string(context, "Out of memory");
563 return ENOMEM;
564 }
565 ret = krb5_storage_read(sp, s, len);
566 if (ret != len) {
567 krb5_storage_free(sp);
568 krb5_set_error_string(context, "Failed to read pac logon name");
569 return EINVAL;
570 }
571 krb5_storage_free(sp);
572 #if 1 /* cheat for now */
573 {
574 size_t i;
575
576 if (len & 1) {
577 krb5_set_error_string(context, "PAC logon name malformed");
578 return EINVAL;
579 }
580
581 for (i = 0; i < len / 2; i++) {
582 if (s[(i * 2) + 1]) {
583 krb5_set_error_string(context, "PAC logon name not ASCII");
584 return EINVAL;
585 }
586 s[i] = s[i * 2];
587 }
588 s[i] = '\0';
589 }
590 #else
591 {
592 uint16_t *ucs2;
593 ssize_t ucs2len;
594 size_t u8len;
595
596 ucs2 = malloc(sizeof(ucs2[0]) * len / 2);
597 if (ucs2)
598 abort();
599 ucs2len = wind_ucs2read(s, len / 2, ucs2);
600 free(s);
601 if (len < 0)
602 return -1;
603 ret = wind_ucs2toutf8(ucs2, ucs2len, NULL, &u8len);
604 if (ret < 0)
605 abort();
606 s = malloc(u8len + 1);
607 if (s == NULL)
608 abort();
609 wind_ucs2toutf8(ucs2, ucs2len, s, &u8len);
610 free(ucs2);
611 }
612 #endif
613 ret = krb5_parse_name_flags(context, s, KRB5_PRINCIPAL_PARSE_NO_REALM, &p2);
614 free(s);
615 if (ret)
616 return ret;
617
618 if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) {
619 krb5_set_error_string(context, "PAC logon name mismatch");
620 ret = EINVAL;
621 }
622 krb5_free_principal(context, p2);
623 return ret;
624 out:
625 return ret;
626 }
627
628 /*
629 *
630 */
631
632 static krb5_error_code
633 build_logon_name(krb5_context context,
634 time_t authtime,
635 krb5_const_principal principal,
636 krb5_data *logon)
637 {
638 krb5_error_code ret;
639 krb5_storage *sp;
640 uint64_t t;
641 char *s, *s2;
642 size_t i, len;
643
644 t = unix2nttime(authtime);
645
646 krb5_data_zero(logon);
647
648 sp = krb5_storage_emem();
649 if (sp == NULL) {
650 krb5_set_error_string(context, "out of memory");
651 return ENOMEM;
652 }
653 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
654
655 CHECK(ret, krb5_store_uint32(sp, t & 0xffffffff), out);
656 CHECK(ret, krb5_store_uint32(sp, t >> 32), out);
657
658 ret = krb5_unparse_name_flags(context, principal,
659 KRB5_PRINCIPAL_UNPARSE_NO_REALM, &s);
660 if (ret)
661 goto out;
662
663 len = strlen(s);
664
665 CHECK(ret, krb5_store_uint16(sp, len * 2), out);
666
667 #if 1 /* cheat for now */
668 s2 = malloc(len * 2);
669 if (s2 == NULL) {
670 ret = ENOMEM;
671 free(s);
672 goto out;
673 }
674 for (i = 0; i < len; i++) {
675 s2[i * 2] = s[i];
676 s2[i * 2 + 1] = 0;
677 }
678 free(s);
679 #else
680 /* write libwind code here */
681 #endif
682
683 ret = krb5_storage_write(sp, s2, len * 2);
684 free(s2);
685 if (ret != len * 2) {
686 ret = ENOMEM;
687 goto out;
688 }
689 ret = krb5_storage_to_data(sp, logon);
690 if (ret)
691 goto out;
692 krb5_storage_free(sp);
693
694 return 0;
695 out:
696 krb5_storage_free(sp);
697 return ret;
698 }
699
700
701 /*
702 *
703 */
704
705 krb5_error_code
706 krb5_pac_verify(krb5_context context,
707 const krb5_pac pac,
708 time_t authtime,
709 krb5_const_principal principal,
710 const krb5_keyblock *server,
711 const krb5_keyblock *privsvr)
712 {
713 krb5_error_code ret;
714
715 if (pac->server_checksum == NULL) {
716 krb5_set_error_string(context, "PAC missing server checksum");
717 return EINVAL;
718 }
719 if (pac->privsvr_checksum == NULL) {
720 krb5_set_error_string(context, "PAC missing kdc checksum");
721 return EINVAL;
722 }
723 if (pac->logon_name == NULL) {
724 krb5_set_error_string(context, "PAC missing logon name");
725 return EINVAL;
726 }
727
728 ret = verify_logonname(context,
729 pac->logon_name,
730 &pac->data,
731 authtime,
732 principal);
733 if (ret)
734 return ret;
735
736 /*
737 * in the service case, clean out data option of the privsvr and
738 * server checksum before checking the checksum.
739 */
740 {
741 krb5_data *copy;
742
743 ret = krb5_copy_data(context, &pac->data, &copy);
744 if (ret)
745 return ret;
746
747 if (pac->server_checksum->buffersize < 4)
748 return EINVAL;
749 if (pac->privsvr_checksum->buffersize < 4)
750 return EINVAL;
751
752 memset((char *)copy->data + pac->server_checksum->offset_lo + 4,
753 0,
754 pac->server_checksum->buffersize - 4);
755
756 memset((char *)copy->data + pac->privsvr_checksum->offset_lo + 4,
757 0,
758 pac->privsvr_checksum->buffersize - 4);
759
760 ret = verify_checksum(context,
761 pac->server_checksum,
762 &pac->data,
763 copy->data,
764 copy->length,
765 server);
766 krb5_free_data(context, copy);
767 if (ret)
768 return ret;
769 }
770 if (privsvr) {
771 ret = verify_checksum(context,
772 pac->privsvr_checksum,
773 &pac->data,
774 (char *)pac->data.data
775 + pac->server_checksum->offset_lo + 4,
776 pac->server_checksum->buffersize - 4,
777 privsvr);
778 if (ret)
779 return ret;
780 }
781
782 return 0;
783 }
784
785 /*
786 *
787 */
788
789 static krb5_error_code
790 fill_zeros(krb5_context context, krb5_storage *sp, size_t len)
791 {
792 ssize_t sret;
793 size_t l;
794
795 while (len) {
796 l = len;
797 if (l > sizeof(zeros))
798 l = sizeof(zeros);
799 sret = krb5_storage_write(sp, zeros, l);
800 if (sret <= 0) {
801 krb5_set_error_string(context, "out of memory");
802 return ENOMEM;
803 }
804 len -= sret;
805 }
806 return 0;
807 }
808
809 static krb5_error_code
810 pac_checksum(krb5_context context,
811 const krb5_keyblock *key,
812 uint32_t *cksumtype,
813 size_t *cksumsize)
814 {
815 krb5_cksumtype cktype;
816 krb5_error_code ret;
817 krb5_crypto crypto = NULL;
818
819 ret = krb5_crypto_init(context, key, 0, &crypto);
820 if (ret)
821 return ret;
822
823 ret = krb5_crypto_get_checksum_type(context, crypto, &cktype);
824 ret = krb5_crypto_destroy(context, crypto);
825 if (ret)
826 return ret;
827
828 if (krb5_checksum_is_keyed(context, cktype) == FALSE) {
829 krb5_set_error_string(context, "PAC checksum type is not keyed");
830 return EINVAL;
831 }
832
833 ret = krb5_checksumsize(context, cktype, cksumsize);
834 if (ret)
835 return ret;
836
837 *cksumtype = (uint32_t)cktype;
838
839 return 0;
840 }
841
842 krb5_error_code
843 _krb5_pac_sign(krb5_context context,
844 krb5_pac p,
845 time_t authtime,
846 krb5_principal principal,
847 const krb5_keyblock *server_key,
848 const krb5_keyblock *priv_key,
849 krb5_data *data)
850 {
851 krb5_error_code ret;
852 krb5_storage *sp = NULL, *spdata = NULL;
853 uint32_t end;
854 size_t server_size, priv_size;
855 uint32_t server_offset = 0, priv_offset = 0;
856 uint32_t server_cksumtype = 0, priv_cksumtype = 0;
857 int i, num = 0;
858 krb5_data logon, d;
859
860 krb5_data_zero(&logon);
861
862 if (p->logon_name == NULL)
863 num++;
864 if (p->server_checksum == NULL)
865 num++;
866 if (p->privsvr_checksum == NULL)
867 num++;
868
869 if (num) {
870 void *ptr;
871
872 ptr = realloc(p->pac, sizeof(*p->pac) + (sizeof(p->pac->buffers[0]) * (p->pac->numbuffers + num - 1)));
873 if (ptr == NULL) {
874 krb5_set_error_string(context, "out of memory");
875 return ENOMEM;
876 }
877 p->pac = ptr;
878
879 if (p->logon_name == NULL) {
880 p->logon_name = &p->pac->buffers[p->pac->numbuffers++];
881 memset(p->logon_name, 0, sizeof(*p->logon_name));
882 p->logon_name->type = PAC_LOGON_NAME;
883 }
884 if (p->server_checksum == NULL) {
885 p->server_checksum = &p->pac->buffers[p->pac->numbuffers++];
886 memset(p->server_checksum, 0, sizeof(*p->server_checksum));
887 p->server_checksum->type = PAC_SERVER_CHECKSUM;
888 }
889 if (p->privsvr_checksum == NULL) {
890 p->privsvr_checksum = &p->pac->buffers[p->pac->numbuffers++];
891 memset(p->privsvr_checksum, 0, sizeof(*p->privsvr_checksum));
892 p->privsvr_checksum->type = PAC_PRIVSVR_CHECKSUM;
893 }
894 }
895
896 /* Calculate LOGON NAME */
897 ret = build_logon_name(context, authtime, principal, &logon);
898 if (ret)
899 goto out;
900
901 /* Set lengths for checksum */
902 ret = pac_checksum(context, server_key, &server_cksumtype, &server_size);
903 if (ret)
904 goto out;
905 ret = pac_checksum(context, priv_key, &priv_cksumtype, &priv_size);
906 if (ret)
907 goto out;
908
909 /* Encode PAC */
910 sp = krb5_storage_emem();
911 if (sp == NULL) {
912 krb5_set_error_string(context, "out of memory");
913 return ENOMEM;
914 }
915 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
916
917 spdata = krb5_storage_emem();
918 if (spdata == NULL) {
919 krb5_storage_free(sp);
920 krb5_set_error_string(context, "out of memory");
921 return ENOMEM;
922 }
923 krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE);
924
925 CHECK(ret, krb5_store_uint32(sp, p->pac->numbuffers), out);
926 CHECK(ret, krb5_store_uint32(sp, p->pac->version), out);
927
928 end = PACTYPE_SIZE + (PAC_INFO_BUFFER_SIZE * p->pac->numbuffers);
929
930 for (i = 0; i < p->pac->numbuffers; i++) {
931 uint32_t len;
932 size_t sret;
933 void *ptr = NULL;
934
935 /* store data */
936
937 if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
938 len = server_size + 4;
939 server_offset = end + 4;
940 CHECK(ret, krb5_store_uint32(spdata, server_cksumtype), out);
941 CHECK(ret, fill_zeros(context, spdata, server_size), out);
942 } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
943 len = priv_size + 4;
944 priv_offset = end + 4;
945 CHECK(ret, krb5_store_uint32(spdata, priv_cksumtype), out);
946 CHECK(ret, fill_zeros(context, spdata, priv_size), out);
947 } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
948 len = krb5_storage_write(spdata, logon.data, logon.length);
949 if (logon.length != len) {
950 ret = EINVAL;
951 goto out;
952 }
953 } else {
954 len = p->pac->buffers[i].buffersize;
955 ptr = (char *)p->data.data + p->pac->buffers[i].offset_lo;
956
957 sret = krb5_storage_write(spdata, ptr, len);
958 if (sret != len) {
959 krb5_set_error_string(context, "out of memory");
960 ret = ENOMEM;
961 goto out;
962 }
963 /* XXX if not aligned, fill_zeros */
964 }
965
966 /* write header */
967 CHECK(ret, krb5_store_uint32(sp, p->pac->buffers[i].type), out);
968 CHECK(ret, krb5_store_uint32(sp, len), out);
969 CHECK(ret, krb5_store_uint32(sp, end), out);
970 CHECK(ret, krb5_store_uint32(sp, 0), out);
971
972 /* advance data endpointer and align */
973 {
974 int32_t e;
975
976 end += len;
977 e = ((end + PAC_ALIGNMENT - 1) / PAC_ALIGNMENT) * PAC_ALIGNMENT;
978 if (end != e) {
979 CHECK(ret, fill_zeros(context, spdata, e - end), out);
980 }
981 end = e;
982 }
983
984 }
985
986 /* assert (server_offset != 0 && priv_offset != 0); */
987
988 /* export PAC */
989 ret = krb5_storage_to_data(spdata, &d);
990 if (ret) {
991 krb5_set_error_string(context, "out of memory");
992 goto out;
993 }
994 ret = krb5_storage_write(sp, d.data, d.length);
995 if (ret != d.length) {
996 krb5_data_free(&d);
997 krb5_set_error_string(context, "out of memory");
998 ret = ENOMEM;
999 goto out;
1000 }
1001 krb5_data_free(&d);
1002
1003 ret = krb5_storage_to_data(sp, &d);
1004 if (ret) {
1005 krb5_set_error_string(context, "out of memory");
1006 goto out;
1007 }
1008
1009 /* sign */
1010
1011 ret = create_checksum(context, server_key,
1012 d.data, d.length,
1013 (char *)d.data + server_offset, server_size);
1014 if (ret) {
1015 krb5_data_free(&d);
1016 goto out;
1017 }
1018
1019 ret = create_checksum(context, priv_key,
1020 (char *)d.data + server_offset, server_size,
1021 (char *)d.data + priv_offset, priv_size);
1022 if (ret) {
1023 krb5_data_free(&d);
1024 goto out;
1025 }
1026
1027 /* done */
1028 *data = d;
1029
1030 krb5_data_free(&logon);
1031 krb5_storage_free(sp);
1032 krb5_storage_free(spdata);
1033
1034 return 0;
1035 out:
1036 krb5_data_free(&logon);
1037 if (sp)
1038 krb5_storage_free(sp);
1039 if (spdata)
1040 krb5_storage_free(spdata);
1041 return ret;
1042 }
NetBSD on the FriendlyARM MINI2440