2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "gssapiP_eap.h"
38 * Fast reauthentication support for EAP GSS.
42 krb5_encrypt_tkt_part(krb5_context, const krb5_keyblock *, krb5_ticket *);
45 encode_krb5_ticket(const krb5_ticket *rep, krb5_data **code);
47 static krb5_error_code
48 getAcceptorKey(krb5_context krbContext,
51 krb5_principal *princ,
55 krb5_keytab keytab = NULL;
56 krb5_keytab_entry ktent;
57 krb5_kt_cursor cursor = NULL;
60 memset(key, 0, sizeof(*key));
61 memset(&ktent, 0, sizeof(ktent));
63 code = krb5_kt_default(krbContext, &keytab);
67 if (cred != GSS_C_NO_CREDENTIAL && cred->name != GSS_C_NO_NAME) {
68 code = krb5_kt_get_entry(krbContext, keytab,
69 cred->name->krbPrincipal, 0,
70 ctx->encryptionType, &ktent);
74 code = krb5_kt_start_seq_get(krbContext, keytab, &cursor);
78 while ((code = krb5_kt_next_entry(krbContext, keytab,
79 &ktent, &cursor)) == 0) {
80 if (ktent.key.enctype == ctx->encryptionType) {
83 krb5_free_keytab_entry_contents(krbContext, &ktent);
89 *princ = ktent.principal;
94 if (cred == GSS_C_NO_CREDENTIAL || cred->name == GSS_C_NO_NAME)
95 krb5_kt_end_seq_get(krbContext, keytab, &cursor);
96 krb5_kt_close(krbContext, keytab);
100 krb5_free_principal(krbContext, *princ);
103 krb5_free_keyblock_contents(krbContext, key),
104 memset(key, 0, sizeof(key));
111 gssEapMakeReauthCreds(OM_uint32 *minor,
114 gss_buffer_t credBuf)
116 OM_uint32 major = GSS_S_COMPLETE;
117 krb5_error_code code;
118 krb5_context krbContext = NULL;
119 krb5_ticket ticket = { 0 };
120 krb5_keyblock session = { 0 }, acceptorKey = { 0 };
121 krb5_enc_tkt_part enc_part = { 0 };
122 gss_buffer_desc attrBuf = GSS_C_EMPTY_BUFFER;
123 krb5_authdata *authData[2], authDatum = { 0 };
124 krb5_data *ticketData = NULL, *credsData = NULL;
125 krb5_creds creds = { 0 };
126 krb5_auth_context authContext = NULL;
129 credBuf->value = NULL;
131 GSSEAP_KRB_INIT(&krbContext);
133 code = getAcceptorKey(krbContext, ctx, cred,
134 &ticket.server, &acceptorKey);
135 if (code == KRB5_KT_NOTFOUND) {
136 gss_buffer_desc emptyToken = { 0, "" };
139 * If we can't produce the KRB-CRED message, we need to
140 * return an empty (not NULL) token to the caller so we
141 * don't change the number of authentication legs.
143 return duplicateBuffer(minor, &emptyToken, credBuf);
144 } else if (code != 0)
147 enc_part.flags = TKT_FLG_INITIAL;
149 code = krb5_c_make_random_key(krbContext, ctx->encryptionType,
154 enc_part.session = &session;
155 enc_part.client = ctx->initiatorName->krbPrincipal;
156 enc_part.times.authtime = time(NULL);
157 enc_part.times.starttime = enc_part.times.authtime;
158 enc_part.times.endtime = ctx->expiryTime
161 enc_part.times.renew_till = 0;
163 major = gssEapExportAttrContext(minor, ctx->initiatorName,
165 if (GSS_ERROR(major))
168 authDatum.ad_type = KRB5_AUTHDATA_RADIUS_AVP;
169 authDatum.length = attrBuf.length;
170 authDatum.contents = attrBuf.value;
171 authData[0] = &authDatum;
174 code = krb5_make_authdata_kdc_issued(krbContext, &session,
175 ticket.server, authData,
176 &enc_part.authorization_data);
180 ticket.enc_part2 = &enc_part;
182 code = krb5_encrypt_tkt_part(krbContext, &acceptorKey, &ticket);
186 code = encode_krb5_ticket(&ticket, &ticketData);
190 creds.client = enc_part.client;
191 creds.server = ticket.server;
192 creds.keyblock = session;
193 creds.times = enc_part.times;
194 creds.ticket_flags = enc_part.flags;
195 creds.ticket = *ticketData;
196 creds.authdata = authData;
198 code = krb5_auth_con_init(krbContext, &authContext);
202 code = krb5_auth_con_setflags(krbContext, authContext, 0);
206 code = krb5_auth_con_setsendsubkey(krbContext, authContext,
211 code = krb5_mk_1cred(krbContext, authContext, &creds, &credsData, NULL);
215 krbDataToGssBuffer(credsData, credBuf);
218 if (ticket.enc_part.ciphertext.data != NULL)
219 GSSEAP_FREE(ticket.enc_part.ciphertext.data);
220 krb5_free_keyblock_contents(krbContext, &session);
221 krb5_free_keyblock_contents(krbContext, &acceptorKey);
222 gss_release_buffer(minor, &attrBuf);
223 krb5_free_data(krbContext, ticketData);
224 krb5_auth_con_free(krbContext, authContext);
225 krb5_free_authdata(krbContext, enc_part.authorization_data);
226 if (credsData != NULL)
227 GSSEAP_FREE(credsData);
229 if (major == GSS_S_COMPLETE) {
231 major = code != 0 ? GSS_S_FAILURE : GSS_S_COMPLETE;
238 isTicketGrantingServiceP(krb5_context krbContext,
239 krb5_const_principal principal)
241 if (krb5_princ_size(krbContext, principal) == 2 &&
242 krb5_princ_component(krbContext, principal, 0)->length == 6 &&
243 memcmp(krb5_princ_component(krbContext, principal, 0)->data, "krbtgt", 6) == 0)
250 gssEapStoreReauthCreds(OM_uint32 *minor,
253 gss_buffer_t credBuf)
255 OM_uint32 major = GSS_S_COMPLETE, code;
256 krb5_context krbContext = NULL;
257 krb5_auth_context authContext = NULL;
258 krb5_data credData = { 0 };
259 krb5_creds **creds = NULL;
260 krb5_principal canonPrinc;
263 if (credBuf->length == 0 || cred == GSS_C_NO_CREDENTIAL)
264 return GSS_S_COMPLETE;
266 GSSEAP_KRB_INIT(&krbContext);
268 code = krb5_auth_con_init(krbContext, &authContext);
272 code = krb5_auth_con_setflags(krbContext, authContext, 0);
276 code = krb5_auth_con_setrecvsubkey(krbContext, authContext,
281 gssBufferToKrbData(credBuf, &credData);
283 code = krb5_rd_cred(krbContext, authContext, &credData, &creds, NULL);
287 if (creds == NULL || creds[0] == NULL)
290 code = krb5_copy_principal(krbContext, creds[0]->client, &canonPrinc);
294 krb5_free_principal(krbContext, cred->name->krbPrincipal);
295 cred->name->krbPrincipal = canonPrinc;
297 cred->expiryTime = creds[0]->times.endtime;
299 code = krb5_cc_new_unique(krbContext, "MEMORY", NULL, &cred->krbCredCache);
303 code = krb5_cc_initialize(krbContext, cred->krbCredCache,
308 for (i = 0; creds[i] != NULL; i++) {
309 krb5_creds kcred = *(creds[i]);
312 * Swap in the acceptor name the client asked for so
313 * get_credentials() works
315 if (!isTicketGrantingServiceP(krbContext, kcred.server))
316 kcred.server = ctx->acceptorName->krbPrincipal;
318 code = krb5_cc_store_cred(krbContext, cred->krbCredCache, &kcred);
323 major = gss_krb5_import_cred(minor, cred->krbCredCache, NULL, NULL,
325 if (GSS_ERROR(major))
331 krb5_auth_con_free(krbContext, authContext);
333 for (i = 0; creds[i] != NULL; i++)
334 krb5_free_creds(krbContext, creds[i]);
336 if (major == GSS_S_COMPLETE)
337 major = *minor ? GSS_S_FAILURE : GSS_S_COMPLETE;
342 static OM_uint32 (*gssInitSecContextNext)(
345 gss_ctx_id_t *context_handle,
346 gss_name_t target_name,
350 gss_channel_bindings_t input_chan_bindings,
351 gss_buffer_t input_token,
352 gss_OID *actual_mech_type,
353 gss_buffer_t output_token,
354 OM_uint32 *ret_flags,
355 OM_uint32 *time_rec);
357 static OM_uint32 (*gssAcceptSecContextNext)(
359 gss_ctx_id_t *context_handle,
361 gss_buffer_t input_token,
362 gss_channel_bindings_t input_chan_bindings,
363 gss_name_t *src_name,
365 gss_buffer_t output_token,
366 OM_uint32 *ret_flags,
368 gss_cred_id_t *delegated_cred_handle);
370 static OM_uint32 (*gssReleaseCredNext)(
372 gss_cred_id_t *cred_handle);
374 static OM_uint32 (*gssReleaseNameNext)(
378 static OM_uint32 (*gssInquireSecContextByOidNext)(
380 const gss_ctx_id_t context_handle,
381 const gss_OID desired_object,
382 gss_buffer_set_t *data_set);
384 static OM_uint32 (*gssDeleteSecContextNext)(
386 gss_ctx_id_t *context_handle,
387 gss_buffer_t output_token);
389 static OM_uint32 (*gssDisplayNameNext)(
392 gss_buffer_t output_name_buffer,
393 gss_OID *output_name_type);
395 static OM_uint32 (*gssImportNameNext)(
399 gss_name_t *outputName);
401 static OM_uint32 (*gssKrbExtractAuthzDataFromSecContextNext)(
403 const gss_ctx_id_t context_handle,
405 gss_buffer_t ad_data);
407 static OM_uint32 (*gssStoreCredNext)(
409 const gss_cred_id_t input_cred_handle,
410 gss_cred_usage_t input_usage,
411 const gss_OID desired_mech,
412 OM_uint32 overwrite_cred,
413 OM_uint32 default_cred,
414 gss_OID_set *elements_stored,
415 gss_cred_usage_t *cred_usage_stored);
417 static OM_uint32 (*gssGetNameAttributeNext)(
424 gss_buffer_t display_value,
427 #define NEXT_SYMBOL(local, global) ((local) = dlsym(RTLD_NEXT, (global)))
430 gssEapReauthInitialize(OM_uint32 *minor)
432 NEXT_SYMBOL(gssInitSecContextNext, "gss_init_sec_context");
433 NEXT_SYMBOL(gssAcceptSecContextNext, "gss_accept_sec_context");
434 NEXT_SYMBOL(gssReleaseCredNext, "gss_release_cred");
435 NEXT_SYMBOL(gssReleaseNameNext, "gss_release_name");
436 NEXT_SYMBOL(gssInquireSecContextByOidNext, "gss_inquire_sec_context_by_oid");
437 NEXT_SYMBOL(gssDeleteSecContextNext, "gss_delete_sec_context");
438 NEXT_SYMBOL(gssDisplayNameNext, "gss_display_name");
439 NEXT_SYMBOL(gssImportNameNext, "gss_import_name");
440 NEXT_SYMBOL(gssKrbExtractAuthzDataFromSecContextNext, "gsskrb5_extract_authz_data_from_sec_context");
441 NEXT_SYMBOL(gssStoreCredNext, "gss_store_cred");
442 NEXT_SYMBOL(gssGetNameAttributeNext, "gss_get_name_attribute");
444 return GSS_S_COMPLETE;
448 gssInitSecContext(OM_uint32 *minor,
450 gss_ctx_id_t *context_handle,
451 gss_name_t target_name,
455 gss_channel_bindings_t input_chan_bindings,
456 gss_buffer_t input_token,
457 gss_OID *actual_mech_type,
458 gss_buffer_t output_token,
459 OM_uint32 *ret_flags,
462 if (gssInitSecContextNext == NULL)
463 return GSS_S_UNAVAILABLE;
465 return gssInitSecContextNext(minor, cred, context_handle,
466 target_name, mech_type, req_flags,
467 time_req, input_chan_bindings,
468 input_token, actual_mech_type,
469 output_token, ret_flags, time_rec);
473 gssAcceptSecContext(OM_uint32 *minor,
474 gss_ctx_id_t *context_handle,
476 gss_buffer_t input_token,
477 gss_channel_bindings_t input_chan_bindings,
478 gss_name_t *src_name,
480 gss_buffer_t output_token,
481 OM_uint32 *ret_flags,
483 gss_cred_id_t *delegated_cred_handle)
485 if (gssAcceptSecContextNext == NULL)
486 return GSS_S_UNAVAILABLE;
488 return gssAcceptSecContextNext(minor, context_handle, cred,
489 input_token, input_chan_bindings,
490 src_name, mech_type, output_token,
491 ret_flags, time_rec, delegated_cred_handle);
495 gssReleaseCred(OM_uint32 *minor,
496 gss_cred_id_t *cred_handle)
498 if (gssReleaseCredNext == NULL)
499 return GSS_S_UNAVAILABLE;
501 return gssReleaseCredNext(minor, cred_handle);
505 gssReleaseName(OM_uint32 *minor,
508 if (gssReleaseName == NULL)
509 return GSS_S_UNAVAILABLE;
511 return gssReleaseNameNext(minor, name);
515 gssDeleteSecContext(OM_uint32 *minor,
516 gss_ctx_id_t *context_handle,
517 gss_buffer_t output_token)
519 if (gssDeleteSecContextNext == NULL)
520 return GSS_S_UNAVAILABLE;
522 return gssDeleteSecContextNext(minor, context_handle, output_token);
526 gssDisplayName(OM_uint32 *minor,
531 if (gssDisplayNameNext == NULL)
532 return GSS_S_UNAVAILABLE;
534 return gssDisplayNameNext(minor, name, buffer, name_type);
538 gssImportName(OM_uint32 *minor,
543 if (gssImportNameNext == NULL)
544 return GSS_S_UNAVAILABLE;
546 return gssImportNameNext(minor, buffer, name_type, name);
550 gssInquireSecContextByOid(OM_uint32 *minor,
551 const gss_ctx_id_t context_handle,
552 const gss_OID desired_object,
553 gss_buffer_set_t *data_set)
555 if (gssInquireSecContextByOidNext == NULL)
556 return GSS_S_UNAVAILABLE;
558 return gssInquireSecContextByOidNext(minor, context_handle,
559 desired_object, data_set);
563 gssKrbExtractAuthzDataFromSecContext(OM_uint32 *minor,
564 const gss_ctx_id_t ctx,
566 gss_buffer_t ad_data)
568 if (gssKrbExtractAuthzDataFromSecContextNext == NULL)
569 return GSS_S_UNAVAILABLE;
571 return gssKrbExtractAuthzDataFromSecContextNext(minor, ctx,
576 gssStoreCred(OM_uint32 *minor,
577 const gss_cred_id_t input_cred_handle,
578 gss_cred_usage_t input_usage,
579 const gss_OID desired_mech,
580 OM_uint32 overwrite_cred,
581 OM_uint32 default_cred,
582 gss_OID_set *elements_stored,
583 gss_cred_usage_t *cred_usage_stored)
585 if (gssStoreCredNext == NULL)
586 return GSS_S_UNAVAILABLE;
588 return gssStoreCredNext(minor, input_cred_handle, input_usage,
589 desired_mech, overwrite_cred, default_cred,
590 elements_stored, cred_usage_stored);
594 gssGetNameAttribute(OM_uint32 *minor,
600 gss_buffer_t display_value,
603 if (gssGetNameAttributeNext == NULL)
604 return GSS_S_UNAVAILABLE;
606 return gssGetNameAttributeNext(minor, name, attr, authenticated, complete,
607 value, display_value, more);
610 static gss_buffer_desc radiusAvpKrbAttr = {
611 sizeof("urn:authdata-radius-avp") - 1, "urn:authdata-radius-avp"
615 * Unfortunately extracting an AD-KDCIssued authorization data element
616 * is pretty implementation-dependent. It's not possible to verify the
617 * signature ourselves because the ticket session key is not exposed
618 * outside GSS. In an ideal world, all AD-KDCIssued elements would be
619 * verified by the Kerberos library and authentication would fail if
620 * verification failed. We're not quite there yet and as a result have
621 * to go through some hoops to get this to work. The alternative would
622 * be to sign the authorization data with our long-term key, but it
623 * seems a pity to compromise the design because of current implementation
627 defrostAttrContext(OM_uint32 *minor,
631 OM_uint32 major, tmpMinor;
632 gss_buffer_desc authData = GSS_C_EMPTY_BUFFER;
633 gss_buffer_desc authDataDisplay = GSS_C_EMPTY_BUFFER;
635 int authenticated, complete;
637 major = gssGetNameAttribute(minor, glueName, &radiusAvpKrbAttr,
638 &authenticated, &complete,
639 &authData, &authDataDisplay, &more);
640 if (major == GSS_S_COMPLETE) {
641 if (authenticated == 0)
642 major = GSS_S_BAD_NAME;
644 major = gssEapImportAttrContext(minor, &authData, mechName);
645 } else if (major == GSS_S_UNAVAILABLE) {
646 major = GSS_S_COMPLETE;
649 gss_release_buffer(&tmpMinor, &authData);
650 gss_release_buffer(&tmpMinor, &authDataDisplay);
656 gssEapGlueToMechName(OM_uint32 *minor,
658 gss_name_t *pMechName)
660 OM_uint32 major, tmpMinor;
661 gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER;
663 *pMechName = GSS_C_NO_NAME;
665 major = gssDisplayName(minor, glueName, &nameBuf, NULL);
666 if (GSS_ERROR(major))
669 major = gssEapImportName(minor, &nameBuf, GSS_C_NT_USER_NAME,
671 if (GSS_ERROR(major))
674 major = defrostAttrContext(minor, glueName, *pMechName);
675 if (GSS_ERROR(major))
679 if (GSS_ERROR(major)) {
680 gssReleaseName(&tmpMinor, pMechName);
681 *pMechName = GSS_C_NO_NAME;
684 gss_release_buffer(&tmpMinor, &nameBuf);
690 gssEapMechToGlueName(OM_uint32 *minor,
692 gss_name_t *pGlueName)
694 OM_uint32 major, tmpMinor;
695 gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER;
697 *pGlueName = GSS_C_NO_NAME;
699 major = gssEapDisplayName(minor, mechName, &nameBuf, NULL);
700 if (GSS_ERROR(major))
703 major = gssImportName(minor, &nameBuf, GSS_C_NT_USER_NAME,
705 if (GSS_ERROR(major))
709 gss_release_buffer(&tmpMinor, &nameBuf);
715 gssEapReauthComplete(OM_uint32 *minor,
721 OM_uint32 major, tmpMinor;
722 gss_buffer_set_t keyData = GSS_C_NO_BUFFER_SET;
724 if (!oidEqual(mech, gss_mech_krb5)) {
725 major = GSS_S_BAD_MECH;
729 major = gssInquireSecContextByOid(minor, ctx->kerberosCtx,
730 GSS_C_INQ_SSPI_SESSION_KEY, &keyData);
731 if (GSS_ERROR(major))
738 oid.length = keyData->elements[1].length;
739 oid.elements = keyData->elements[1].value;
741 /* GSS_KRB5_SESSION_KEY_ENCTYPE_OID */
742 major = decomposeOid(minor,
743 "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x04",
745 if (GSS_ERROR(major))
748 ctx->encryptionType = suffix;
752 krb5_context krbContext = NULL;
755 GSSEAP_KRB_INIT(&krbContext);
757 KRB_KEY_LENGTH(&key) = keyData->elements[0].length;
758 KRB_KEY_DATA(&key) = keyData->elements[0].value;
759 KRB_KEY_TYPE(&key) = ctx->encryptionType;
761 *minor = krb5_copy_keyblock_contents(krbContext,
762 &key, &ctx->rfc3961Key);
764 major = GSS_S_FAILURE;
769 major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key,
771 if (GSS_ERROR(major))
774 if (timeRec != GSS_C_INDEFINITE)
775 ctx->expiryTime = time(NULL) + timeRec;
777 major = sequenceInit(minor,
778 &ctx->seqState, ctx->recvSeq,
779 ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0),
780 ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0),
782 if (GSS_ERROR(major))
785 major = GSS_S_COMPLETE;
788 gss_release_buffer_set(&tmpMinor, &keyData);