accept_sec_context.c

   1 /*
   2  * Copyright (c) 2010, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31  */
  32
  33 #include "gssapiP_eap.h"
  34
  35 /*
  36  * Mark a context as ready for cryptographic operations
  37  */
  38 static OM_uint32
  39 acceptReady(OM_uint32 *minor, gss_ctx_id_t ctx, gss_cred_id_t cred)
  40 {
  41     OM_uint32 major, tmpMinor;
  42     VALUE_PAIR *vp;
  43     gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER;
  44
  45     /* Cache encryption type derived from selected mechanism OID */
  46     major = gssEapOidToEnctype(minor, ctx->mechanismUsed,
  47                                &ctx->encryptionType);
  48     if (GSS_ERROR(major))
  49         return major;
  50
  51     /*
  52      * Now, if we have a username from the identity packet, discard it
  53      * because it's unauthenticated.
  54      */
  55     gssEapReleaseName(&tmpMinor, &ctx->initiatorName);
  56
  57     vp = rc_avpair_get(ctx->acceptorCtx.avps, PW_USER_NAME, 0);
  58     if (vp != NULL) {
  59         nameBuf.length = vp->lvalue;
  60         nameBuf.value = vp->strvalue;
  61     } else {
  62         ctx->gssFlags |= GSS_C_ANON_FLAG;
  63     }
  64
  65     major = gssEapImportName(minor, &nameBuf, GSS_C_NT_USER_NAME,
  66                              &ctx->initiatorName);
  67     if (GSS_ERROR(major))
  68         return major;
  69
  70     ctx->initiatorName->attrCtx = gssEapCreateAttrContext(cred, ctx);
  71
  72     vp = rc_avpair_get(ctx->acceptorCtx.avps,
  73                        RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY,
  74                        RADIUS_VENDOR_ID_MICROSOFT);
  75     if (ctx->encryptionType != ENCTYPE_NULL && vp != NULL) {
  76         major = gssEapDeriveRfc3961Key(minor,
  77                                        (unsigned char *)vp->strvalue,
  78                                        vp->lvalue,
  79                                        ctx->encryptionType,
  80                                        &ctx->rfc3961Key);
  81         if (GSS_ERROR(major))
  82             return major;
  83
  84         major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key,
  85                                            &ctx->checksumType);
  86         if (GSS_ERROR(major))
  87             return major;
  88     } else {
  89         /*
  90          * draft-howlett-eap-gss says that integrity/confidentialty should
  91          * always be advertised as available, but if we have no keying
  92          * material it seems confusing to the caller to advertise this.
  93          */
  94         ctx->gssFlags &= ~(GSS_C_INTEG_FLAG | GSS_C_CONF_FLAG);
  95         ctx->encryptionType = ENCTYPE_NULL;
  96     }
  97
  98     major = sequenceInit(minor,
  99                          &ctx->seqState, ctx->recvSeq,
 100                          ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0),
 101                          ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0),
 102                          TRUE);
 103     if (GSS_ERROR(major))
 104         return major;
 105
 106     return GSS_S_COMPLETE;
 107 }
 108
 109 static OM_uint32
 110 eapGssSmAcceptIdentity(OM_uint32 *minor,
 111                        gss_ctx_id_t ctx,
 112                        gss_cred_id_t cred,
 113                        gss_buffer_t inputToken,
 114                        gss_channel_bindings_t chanBindings,
 115                        gss_buffer_t outputToken)
 116 {
 117     OM_uint32 major;
 118     union {
 119         struct eap_hdr pdu;
 120         unsigned char data[5];
 121     } pkt;
 122     gss_buffer_desc pktBuffer;
 123
 124     if (inputToken != GSS_C_NO_BUFFER && inputToken->length != 0)
 125         return GSS_S_DEFECTIVE_TOKEN;
 126
 127     assert(ctx->acceptorCtx.radHandle == NULL);
 128
 129     major = gssEapRadiusAllocHandle(minor, cred, &ctx->acceptorCtx.radHandle);
 130     if (GSS_ERROR(major))
 131         return major;
 132
 133     if (ctx->acceptorName == GSS_C_NO_NAME &&
 134         cred != GSS_C_NO_CREDENTIAL &&
 135         cred->name != GSS_C_NO_NAME) {
 136         major = gss_duplicate_name(minor, cred->name, &ctx->acceptorName);
 137         if (GSS_ERROR(major))
 138             return major;
 139     }
 140
 141     pkt.pdu.code = EAP_CODE_REQUEST;
 142     pkt.pdu.identifier = 0;
 143     pkt.pdu.length = htons(sizeof(pkt.data));
 144     pkt.data[4] = EAP_TYPE_IDENTITY;
 145
 146     pktBuffer.length = sizeof(pkt.data);
 147     pktBuffer.value = pkt.data;
 148
 149     major = duplicateBuffer(minor, &pktBuffer, outputToken);
 150     if (GSS_ERROR(major))
 151         return major;
 152
 153     ctx->state = EAP_STATE_AUTHENTICATE;
 154
 155     return GSS_S_CONTINUE_NEEDED;
 156 }
 157
 158 static OM_uint32
 159 importInitiatorIdentity(OM_uint32 *minor,
 160                         gss_ctx_id_t ctx,
 161                         gss_buffer_t inputToken,
 162                         gss_buffer_t nameBuf)
 163 {
 164     OM_uint32 major, tmpMinor;
 165     struct eap_hdr *pdu = (struct eap_hdr *)inputToken->value;
 166     unsigned char *pos = (unsigned char *)(pdu + 1);
 167     gss_name_t name;
 168
 169     assert(pdu->code == EAP_CODE_RESPONSE);
 170     assert(pos[0] == EAP_TYPE_IDENTITY);
 171
 172     nameBuf->value = pos + 1;
 173     nameBuf->length = inputToken->length - sizeof(*pdu) - 1;
 174
 175     major = gssEapImportName(minor, nameBuf, GSS_C_NT_USER_NAME, &name);
 176     if (GSS_ERROR(major))
 177         return major;
 178
 179     gssEapReleaseName(&tmpMinor, &ctx->initiatorName);
 180     ctx->initiatorName = name;
 181
 182     return GSS_S_COMPLETE;
 183 }
 184
 185 static OM_uint32
 186 eapGssSmAcceptAuthenticate(OM_uint32 *minor,
 187                            gss_ctx_id_t ctx,
 188                            gss_cred_id_t cred,
 189                            gss_buffer_t inputToken,
 190                            gss_channel_bindings_t chanBindings,
 191                            gss_buffer_t outputToken)
 192 {
 193     OM_uint32 major, tmpMinor;
 194     int code;
 195     VALUE_PAIR *send = NULL;
 196     VALUE_PAIR *received = NULL;
 197     rc_handle *rh = ctx->acceptorCtx.radHandle;
 198     char msgBuffer[4096];
 199     struct eap_hdr *pdu;
 200     unsigned char *pos;
 201     gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER;
 202
 203     pdu = (struct eap_hdr *)inputToken->value;
 204     pos = (unsigned char *)(pdu + 1);
 205
 206     if (inputToken->length > sizeof(*pdu) &&
 207         pdu->code == EAP_CODE_RESPONSE &&
 208         pos[0] == EAP_TYPE_IDENTITY) {
 209         major = importInitiatorIdentity(minor, ctx, inputToken, &nameBuf);
 210         if (GSS_ERROR(major))
 211             goto cleanup;
 212
 213         major = addAvpFromBuffer(minor, rh, &send, PW_USER_NAME, &nameBuf);
 214         if (GSS_ERROR(major))
 215             goto cleanup;
 216     }
 217
 218     major = addAvpFromBuffer(minor, rh, &send, PW_EAP_MESSAGE, inputToken);
 219     if (GSS_ERROR(major))
 220         goto cleanup;
 221
 222     if (ctx->acceptorCtx.lastStatus == CHALLENGE_RC) {
 223         major = addAvpFromBuffer(minor, rh, &send, PW_STATE,
 224                                  &ctx->acceptorCtx.state);
 225         if (GSS_ERROR(major))
 226             goto cleanup;
 227
 228         gss_release_buffer(&tmpMinor, &ctx->acceptorCtx.state);
 229     }
 230
 231     code = rc_auth(rh, 0, send, &received, msgBuffer);
 232     switch (code) {
 233     case OK_RC:
 234     case CHALLENGE_RC:
 235         major = GSS_S_CONTINUE_NEEDED;
 236         break;
 237     case TIMEOUT_RC:
 238         major = GSS_S_UNAVAILABLE;
 239         break;
 240     case REJECT_RC:
 241         major = GSS_S_DEFECTIVE_CREDENTIAL;
 242         break;
 243     default:
 244         major = GSS_S_FAILURE;
 245         goto cleanup;
 246     }
 247
 248     if (GSS_ERROR(major))
 249         goto cleanup;
 250
 251     ctx->acceptorCtx.lastStatus = code;
 252
 253     major = getBufferFromAvps(minor, received, PW_EAP_MESSAGE,
 254                               outputToken, TRUE);
 255     if ((major == GSS_S_UNAVAILABLE && code != OK_RC) ||
 256         GSS_ERROR(major))
 257         goto cleanup;
 258
 259     if (code == CHALLENGE_RC) {
 260         major = getBufferFromAvps(minor, received, PW_STATE,
 261                                   &ctx->acceptorCtx.state, TRUE);
 262         if (major != GSS_S_UNAVAILABLE && GSS_ERROR(major))
 263             goto cleanup;
 264     } else {
 265         ctx->acceptorCtx.avps = received;
 266         received = NULL;
 267
 268         major = acceptReady(minor, ctx, cred);
 269         if (GSS_ERROR(major))
 270             goto cleanup;
 271
 272         ctx->state = EAP_STATE_GSS_CHANNEL_BINDINGS;
 273     }
 274
 275     major = GSS_S_CONTINUE_NEEDED;
 276
 277 cleanup:
 278     if (received != NULL)
 279         rc_avpair_free(received);
 280
 281     return major;
 282 }
 283
 284 static OM_uint32
 285 eapGssSmAcceptGssChannelBindings(OM_uint32 *minor,
 286                                  gss_ctx_id_t ctx,
 287                                  gss_cred_id_t cred,
 288                                  gss_buffer_t inputToken,
 289                                  gss_channel_bindings_t chanBindings,
 290                                  gss_buffer_t outputToken)
 291 {
 292     OM_uint32 major;
 293     gss_iov_buffer_desc iov[2];
 294
 295     outputToken->length = 0;
 296     outputToken->value = NULL;
 297
 298     if (chanBindings == GSS_C_NO_CHANNEL_BINDINGS) {
 299         ctx->state = EAP_STATE_ESTABLISHED;
 300         return GSS_S_COMPLETE;
 301     }
 302
 303     if (inputToken->length < 14) {
 304         return GSS_S_DEFECTIVE_TOKEN;
 305     }
 306
 307     iov[0].type = GSS_IOV_BUFFER_TYPE_DATA;
 308     iov[0].buffer.length = 0;
 309     iov[0].buffer.value = NULL;
 310
 311     if (chanBindings != GSS_C_NO_CHANNEL_BINDINGS)
 312         iov[0].buffer = chanBindings->application_data;
 313
 314     iov[1].type = GSS_IOV_BUFFER_TYPE_HEADER;
 315     iov[1].buffer.length = 16;
 316     iov[1].buffer.value = (unsigned char *)inputToken->value - 2;
 317
 318     assert(load_uint16_be(iov[1].buffer.value) == TOK_TYPE_GSS_CB);
 319
 320     iov[2].type = GSS_IOV_BUFFER_TYPE_TRAILER;
 321     iov[2].buffer.length = inputToken->length - 14;
 322     iov[2].buffer.value = (unsigned char *)inputToken->value + 14;
 323
 324     major = gssEapUnwrapOrVerifyMIC(minor, ctx, NULL, NULL,
 325                                     iov, 3, TOK_TYPE_GSS_CB);
 326     if (major == GSS_S_COMPLETE) {
 327         ctx->state = EAP_STATE_ESTABLISHED;
 328     }
 329
 330 #if 0
 331     gss_release_buffer(&tmpMinor, &iov[0].buffer);
 332 #endif
 333
 334     return major;
 335 }
 336
 337 static OM_uint32
 338 eapGssSmAcceptEstablished(OM_uint32 *minor,
 339                           gss_ctx_id_t ctx,
 340                           gss_cred_id_t cred,
 341                           gss_buffer_t inputToken,
 342                           gss_channel_bindings_t chanBindings,
 343                           gss_buffer_t outputToken)
 344 {
 345     /* Called with already established context */
 346     *minor = EINVAL;
 347     return GSS_S_BAD_STATUS;
 348 }
 349
 350 static struct gss_eap_acceptor_sm {
 351     enum gss_eap_token_type inputTokenType;
 352     enum gss_eap_token_type outputTokenType;
 353     OM_uint32 (*processToken)(OM_uint32 *,
 354                               gss_ctx_id_t,
 355                               gss_cred_id_t,
 356                               gss_buffer_t,
 357                               gss_channel_bindings_t,
 358                               gss_buffer_t);
 359 } eapGssAcceptorSm[] = {
 360     { TOK_TYPE_EAP_RESP,    TOK_TYPE_EAP_REQ,  eapGssSmAcceptIdentity           },
 361     { TOK_TYPE_EAP_RESP,    TOK_TYPE_EAP_REQ,  eapGssSmAcceptAuthenticate       },
 362     { TOK_TYPE_GSS_CB,      TOK_TYPE_NONE,     eapGssSmAcceptGssChannelBindings },
 363     { TOK_TYPE_NONE,        TOK_TYPE_NONE,     eapGssSmAcceptEstablished        },
 364 };
 365
 366 OM_uint32
 367 gss_accept_sec_context(OM_uint32 *minor,
 368                        gss_ctx_id_t *context_handle,
 369                        gss_cred_id_t cred,
 370                        gss_buffer_t input_token,
 371                        gss_channel_bindings_t input_chan_bindings,
 372                        gss_name_t *src_name,
 373                        gss_OID *mech_type,
 374                        gss_buffer_t output_token,
 375                        OM_uint32 *ret_flags,
 376                        OM_uint32 *time_rec,
 377                        gss_cred_id_t *delegated_cred_handle)
 378 {
 379     OM_uint32 major;
 380     OM_uint32 tmpMajor, tmpMinor;
 381     gss_ctx_id_t ctx = *context_handle;
 382     struct gss_eap_acceptor_sm *sm = NULL;
 383     gss_buffer_desc innerInputToken = GSS_C_EMPTY_BUFFER;
 384     gss_buffer_desc innerOutputToken = GSS_C_EMPTY_BUFFER;
 385
 386     *minor = 0;
 387
 388     output_token->length = 0;
 389     output_token->value = NULL;
 390
 391     if (cred != GSS_C_NO_CREDENTIAL && !(cred->flags & CRED_FLAG_ACCEPT)) {
 392         return GSS_S_NO_CRED;
 393     }
 394
 395     if (input_token == GSS_C_NO_BUFFER || input_token->length == 0) {
 396         return GSS_S_DEFECTIVE_TOKEN;
 397     }
 398
 399     if (ctx == GSS_C_NO_CONTEXT) {
 400         major = gssEapAllocContext(minor, &ctx);
 401         if (GSS_ERROR(major))
 402             return major;
 403
 404         *context_handle = ctx;
 405     }
 406
 407     GSSEAP_MUTEX_LOCK(&ctx->mutex);
 408
 409     sm = &eapGssAcceptorSm[ctx->state];
 410
 411     major = gssEapVerifyToken(minor, ctx, input_token,
 412                               sm->inputTokenType, &innerInputToken);
 413     if (GSS_ERROR(major))
 414         goto cleanup;
 415
 416     /* If credentials were provided, check they're usable with this mech */
 417     if (!gssEapCredAvailable(cred, ctx->mechanismUsed)) {
 418         major = GSS_S_BAD_MECH;
 419         goto cleanup;
 420     }
 421
 422     do {
 423         sm = &eapGssAcceptorSm[ctx->state];
 424
 425         major = (sm->processToken)(minor,
 426                                    ctx,
 427                                    cred,
 428                                    &innerInputToken,
 429                                    input_chan_bindings,
 430                                    &innerOutputToken);
 431         if (GSS_ERROR(major))
 432             goto cleanup;
 433     } while (major == GSS_S_CONTINUE_NEEDED && innerOutputToken.length == 0);
 434
 435     if (mech_type != NULL) {
 436         if (!gssEapInternalizeOid(ctx->mechanismUsed, mech_type))
 437             duplicateOid(&tmpMinor, ctx->mechanismUsed, mech_type);
 438     }
 439     if (innerOutputToken.length != 0) {
 440         tmpMajor = gssEapMakeToken(&tmpMinor, ctx, &innerOutputToken,
 441                                    sm->outputTokenType, output_token);
 442         if (GSS_ERROR(tmpMajor)) {
 443             major = tmpMajor;
 444             *minor = tmpMinor;
 445             goto cleanup;
 446         }
 447     }
 448     if (ret_flags != NULL)
 449         *ret_flags = ctx->gssFlags;
 450     if (delegated_cred_handle != NULL)
 451         *delegated_cred_handle = GSS_C_NO_CREDENTIAL;
 452
 453     if (major == GSS_S_COMPLETE) {
 454         if (src_name != NULL && ctx->initiatorName != GSS_C_NO_NAME) {
 455             major = gss_duplicate_name(&tmpMinor, ctx->initiatorName, src_name);
 456             if (GSS_ERROR(major))
 457                 goto cleanup;
 458         }
 459         if (time_rec != NULL)
 460             gss_context_time(&tmpMinor, ctx, time_rec);
 461     }
 462
 463     assert(ctx->state == EAP_STATE_ESTABLISHED || major == GSS_S_CONTINUE_NEEDED);
 464
 465 cleanup:
 466     GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
 467
 468     if (GSS_ERROR(major))
 469         gssEapReleaseContext(&tmpMinor, context_handle);
 470
 471     gss_release_buffer(&tmpMinor, &innerOutputToken);
 472
 473     return major;
 474 }
 475