2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "gssapiP_eap.h"
38 * Fast reauthentication support for EAP GSS.
42 krb5_encrypt_tkt_part(krb5_context, const krb5_keyblock *, krb5_ticket *);
45 encode_krb5_ticket(const krb5_ticket *rep, krb5_data **code);
47 static krb5_error_code
48 getAcceptorKey(krb5_context krbContext,
51 krb5_principal *princ,
55 krb5_keytab keytab = NULL;
56 krb5_keytab_entry ktent = { 0 };
57 krb5_kt_cursor cursor = NULL;
60 memset(key, 0, sizeof(*key));
62 code = krb5_kt_default(krbContext, &keytab);
66 if (cred != GSS_C_NO_CREDENTIAL && cred->name != GSS_C_NO_NAME) {
67 code = krb5_kt_get_entry(krbContext, keytab,
68 cred->name->krbPrincipal, 0,
69 ctx->encryptionType, &ktent);
73 code = krb5_kt_start_seq_get(krbContext, keytab, &cursor);
77 while ((code = krb5_kt_next_entry(krbContext, keytab,
78 &ktent, &cursor)) == 0) {
79 if (ktent.key.enctype == ctx->encryptionType)
82 krb5_free_keytab_entry_contents(krbContext, &ktent);
87 *princ = ktent.principal;
92 if (cred == GSS_C_NO_CREDENTIAL || cred->name == GSS_C_NO_NAME)
93 krb5_kt_end_seq_get(krbContext, keytab, &cursor);
94 krb5_kt_close(krbContext, keytab);
97 krb5_free_keytab_entry_contents(krbContext, &ktent);
103 freezeAttrContext(OM_uint32 *minor,
104 gss_name_t initiatorName,
105 krb5_const_principal acceptorPrinc,
106 krb5_keyblock *session,
107 krb5_authdata ***authdata)
109 OM_uint32 major, tmpMinor;
110 krb5_error_code code;
111 gss_buffer_desc attrBuf = GSS_C_EMPTY_BUFFER;
112 krb5_authdata *authData[2], authDatum = { 0 };
113 krb5_context krbContext;
115 GSSEAP_KRB_INIT(&krbContext);
117 major = gssEapExportAttrContext(minor, initiatorName, &attrBuf);
118 if (GSS_ERROR(major))
121 authDatum.ad_type = KRB5_AUTHDATA_RADIUS_AVP;
122 authDatum.length = attrBuf.length;
123 authDatum.contents = attrBuf.value;
124 authData[0] = &authDatum;
127 code = krb5_make_authdata_kdc_issued(krbContext, session, acceptorPrinc,
130 major = GSS_S_FAILURE;
133 major = GSS_S_COMPLETE;
136 gss_release_buffer(&tmpMinor, &attrBuf);
142 gssEapMakeReauthCreds(OM_uint32 *minor,
145 gss_buffer_t credBuf)
147 OM_uint32 major = GSS_S_COMPLETE;
148 krb5_error_code code;
149 krb5_context krbContext = NULL;
150 krb5_ticket ticket = { 0 };
151 krb5_keyblock session = { 0 }, acceptorKey = { 0 };
152 krb5_enc_tkt_part enc_part = { 0 };
153 krb5_data *ticketData = NULL, *credsData = NULL;
154 krb5_creds creds = { 0 };
155 krb5_auth_context authContext = NULL;
158 credBuf->value = NULL;
160 GSSEAP_KRB_INIT(&krbContext);
162 code = getAcceptorKey(krbContext, ctx, cred,
163 &ticket.server, &acceptorKey);
164 if (code == KRB5_KT_NOTFOUND) {
165 gss_buffer_desc emptyToken = { 0, "" };
168 * If we can't produce the KRB-CRED message, we need to
169 * return an empty (not NULL) token to the caller so we
170 * don't change the number of authentication legs.
172 return duplicateBuffer(minor, &emptyToken, credBuf);
173 } else if (code != 0)
176 enc_part.flags = TKT_FLG_INITIAL;
179 * Generate a random session key to place in the ticket and
180 * sign the "KDC-Issued" authorization data element.
182 code = krb5_c_make_random_key(krbContext, ctx->encryptionType,
187 enc_part.session = &session;
188 enc_part.client = ctx->initiatorName->krbPrincipal;
189 enc_part.times.authtime = time(NULL);
190 enc_part.times.starttime = enc_part.times.authtime;
191 enc_part.times.endtime = ctx->expiryTime
194 enc_part.times.renew_till = 0;
196 major = freezeAttrContext(minor, ctx->initiatorName, ticket.server,
197 &session, &enc_part.authorization_data);
198 if (GSS_ERROR(major))
201 ticket.enc_part2 = &enc_part;
203 code = krb5_encrypt_tkt_part(krbContext, &acceptorKey, &ticket);
207 code = encode_krb5_ticket(&ticket, &ticketData);
211 creds.client = enc_part.client;
212 creds.server = ticket.server;
213 creds.keyblock = session;
214 creds.times = enc_part.times;
215 creds.ticket_flags = enc_part.flags;
216 creds.ticket = *ticketData;
217 creds.authdata = enc_part.authorization_data;
219 code = krb5_auth_con_init(krbContext, &authContext);
223 code = krb5_auth_con_setflags(krbContext, authContext, 0);
227 code = krb5_auth_con_setsendsubkey(krbContext, authContext,
232 code = krb5_mk_1cred(krbContext, authContext, &creds, &credsData, NULL);
236 krbDataToGssBuffer(credsData, credBuf);
239 if (ticket.enc_part.ciphertext.data != NULL)
240 GSSEAP_FREE(ticket.enc_part.ciphertext.data);
241 krb5_free_keyblock_contents(krbContext, &session);
242 krb5_free_keyblock_contents(krbContext, &acceptorKey);
243 krb5_free_data(krbContext, ticketData);
244 krb5_auth_con_free(krbContext, authContext);
245 krb5_free_authdata(krbContext, enc_part.authorization_data);
246 if (credsData != NULL)
247 GSSEAP_FREE(credsData);
249 if (major == GSS_S_COMPLETE) {
251 major = code != 0 ? GSS_S_FAILURE : GSS_S_COMPLETE;
258 isTicketGrantingServiceP(krb5_context krbContext,
259 krb5_const_principal principal)
261 if (krb5_princ_size(krbContext, principal) == 2 &&
262 krb5_princ_component(krbContext, principal, 0)->length == 6 &&
263 memcmp(krb5_princ_component(krbContext,
264 principal, 0)->data, "krbtgt", 6) == 0)
271 gssEapStoreReauthCreds(OM_uint32 *minor,
274 gss_buffer_t credBuf)
276 OM_uint32 major = GSS_S_COMPLETE, code;
277 krb5_context krbContext = NULL;
278 krb5_auth_context authContext = NULL;
279 krb5_data credData = { 0 };
280 krb5_creds **creds = NULL;
281 krb5_principal canonPrinc;
284 if (credBuf->length == 0 || cred == GSS_C_NO_CREDENTIAL)
285 return GSS_S_COMPLETE;
287 GSSEAP_KRB_INIT(&krbContext);
289 code = krb5_auth_con_init(krbContext, &authContext);
293 code = krb5_auth_con_setflags(krbContext, authContext, 0);
297 code = krb5_auth_con_setrecvsubkey(krbContext, authContext,
302 gssBufferToKrbData(credBuf, &credData);
304 code = krb5_rd_cred(krbContext, authContext, &credData, &creds, NULL);
308 if (creds == NULL || creds[0] == NULL)
311 code = krb5_copy_principal(krbContext, creds[0]->client, &canonPrinc);
315 krb5_free_principal(krbContext, cred->name->krbPrincipal);
316 cred->name->krbPrincipal = canonPrinc;
318 cred->expiryTime = creds[0]->times.endtime;
320 code = krb5_cc_new_unique(krbContext, "MEMORY", NULL, &cred->krbCredCache);
324 code = krb5_cc_initialize(krbContext, cred->krbCredCache,
329 for (i = 0; creds[i] != NULL; i++) {
330 krb5_creds kcred = *(creds[i]);
333 * Swap in the acceptor name the client asked for so
334 * get_credentials() works. We're making the assumption that
335 * any service tickets returned are for us. We'll need to
336 * reflect some more on whether that is a safe assumption.
338 if (!isTicketGrantingServiceP(krbContext, kcred.server))
339 kcred.server = ctx->acceptorName->krbPrincipal;
341 code = krb5_cc_store_cred(krbContext, cred->krbCredCache, &kcred);
347 * To turn a credentials cache into a GSS credentials handle, we
348 * require the gss_krb5_import_cred() API (present in Heimdal, but
349 * not shipped in MIT yet).
351 major = gss_krb5_import_cred(minor, cred->krbCredCache, NULL, NULL,
353 if (GSS_ERROR(major))
359 krb5_auth_con_free(krbContext, authContext);
361 for (i = 0; creds[i] != NULL; i++)
362 krb5_free_creds(krbContext, creds[i]);
364 if (major == GSS_S_COMPLETE)
365 major = *minor ? GSS_S_FAILURE : GSS_S_COMPLETE;
371 (*gssInitSecContextNext)(OM_uint32 *,
378 gss_channel_bindings_t,
386 (*gssAcceptSecContextNext)(OM_uint32 *,
390 gss_channel_bindings_t,
399 (*gssReleaseCredNext)(OM_uint32 *, gss_cred_id_t *);
402 (*gssReleaseNameNext)(OM_uint32 *, gss_name_t *);
405 (*gssInquireSecContextByOidNext)(OM_uint32 *,
411 (*gssDeleteSecContextNext)(OM_uint32 *,
416 (*gssDisplayNameNext)(OM_uint32 *,
422 (*gssImportNameNext)(OM_uint32 *,
428 (*gssStoreCredNext)(OM_uint32 *,
438 (*gssGetNameAttributeNext)(OM_uint32 *,
447 #define NEXT_SYMBOL(local, global) ((local) = dlsym(RTLD_NEXT, (global)))
450 gssEapReauthInitialize(OM_uint32 *minor)
452 NEXT_SYMBOL(gssInitSecContextNext, "gss_init_sec_context");
453 NEXT_SYMBOL(gssAcceptSecContextNext, "gss_accept_sec_context");
454 NEXT_SYMBOL(gssReleaseCredNext, "gss_release_cred");
455 NEXT_SYMBOL(gssReleaseNameNext, "gss_release_name");
456 NEXT_SYMBOL(gssInquireSecContextByOidNext, "gss_inquire_sec_context_by_oid");
457 NEXT_SYMBOL(gssDeleteSecContextNext, "gss_delete_sec_context");
458 NEXT_SYMBOL(gssDisplayNameNext, "gss_display_name");
459 NEXT_SYMBOL(gssImportNameNext, "gss_import_name");
460 NEXT_SYMBOL(gssStoreCredNext, "gss_store_cred");
461 NEXT_SYMBOL(gssGetNameAttributeNext, "gss_get_name_attribute");
463 return GSS_S_COMPLETE;
467 gssInitSecContext(OM_uint32 *minor,
469 gss_ctx_id_t *context_handle,
470 gss_name_t target_name,
474 gss_channel_bindings_t input_chan_bindings,
475 gss_buffer_t input_token,
476 gss_OID *actual_mech_type,
477 gss_buffer_t output_token,
478 OM_uint32 *ret_flags,
481 if (gssInitSecContextNext == NULL)
482 return GSS_S_UNAVAILABLE;
484 return gssInitSecContextNext(minor, cred, context_handle,
485 target_name, mech_type, req_flags,
486 time_req, input_chan_bindings,
487 input_token, actual_mech_type,
488 output_token, ret_flags, time_rec);
492 gssAcceptSecContext(OM_uint32 *minor,
493 gss_ctx_id_t *context_handle,
495 gss_buffer_t input_token,
496 gss_channel_bindings_t input_chan_bindings,
497 gss_name_t *src_name,
499 gss_buffer_t output_token,
500 OM_uint32 *ret_flags,
502 gss_cred_id_t *delegated_cred_handle)
504 if (gssAcceptSecContextNext == NULL)
505 return GSS_S_UNAVAILABLE;
507 return gssAcceptSecContextNext(minor, context_handle, cred,
508 input_token, input_chan_bindings,
509 src_name, mech_type, output_token,
510 ret_flags, time_rec, delegated_cred_handle);
514 gssReleaseCred(OM_uint32 *minor,
515 gss_cred_id_t *cred_handle)
517 if (gssReleaseCredNext == NULL)
518 return GSS_S_UNAVAILABLE;
520 return gssReleaseCredNext(minor, cred_handle);
524 gssReleaseName(OM_uint32 *minor,
527 if (gssReleaseName == NULL)
528 return GSS_S_UNAVAILABLE;
530 return gssReleaseNameNext(minor, name);
534 gssDeleteSecContext(OM_uint32 *minor,
535 gss_ctx_id_t *context_handle,
536 gss_buffer_t output_token)
538 if (gssDeleteSecContextNext == NULL)
539 return GSS_S_UNAVAILABLE;
541 return gssDeleteSecContextNext(minor, context_handle, output_token);
545 gssDisplayName(OM_uint32 *minor,
550 if (gssDisplayNameNext == NULL)
551 return GSS_S_UNAVAILABLE;
553 return gssDisplayNameNext(minor, name, buffer, name_type);
557 gssImportName(OM_uint32 *minor,
562 if (gssImportNameNext == NULL)
563 return GSS_S_UNAVAILABLE;
565 return gssImportNameNext(minor, buffer, name_type, name);
569 gssInquireSecContextByOid(OM_uint32 *minor,
570 const gss_ctx_id_t context_handle,
571 const gss_OID desired_object,
572 gss_buffer_set_t *data_set)
574 if (gssInquireSecContextByOidNext == NULL)
575 return GSS_S_UNAVAILABLE;
577 return gssInquireSecContextByOidNext(minor, context_handle,
578 desired_object, data_set);
582 gssStoreCred(OM_uint32 *minor,
583 const gss_cred_id_t input_cred_handle,
584 gss_cred_usage_t input_usage,
585 const gss_OID desired_mech,
586 OM_uint32 overwrite_cred,
587 OM_uint32 default_cred,
588 gss_OID_set *elements_stored,
589 gss_cred_usage_t *cred_usage_stored)
591 if (gssStoreCredNext == NULL)
592 return GSS_S_UNAVAILABLE;
594 return gssStoreCredNext(minor, input_cred_handle, input_usage,
595 desired_mech, overwrite_cred, default_cred,
596 elements_stored, cred_usage_stored);
600 gssGetNameAttribute(OM_uint32 *minor,
606 gss_buffer_t display_value,
609 if (gssGetNameAttributeNext == NULL)
610 return GSS_S_UNAVAILABLE;
612 return gssGetNameAttributeNext(minor, name, attr, authenticated, complete,
613 value, display_value, more);
616 static gss_buffer_desc radiusAvpKrbAttr = {
617 sizeof("urn:authdata-radius-avp") - 1, "urn:authdata-radius-avp"
621 * Unfortunately extracting an AD-KDCIssued authorization data element
622 * is pretty implementation-dependent. It's not possible to verify the
623 * signature ourselves because the ticket session key is not exposed
624 * outside GSS. In an ideal world, all AD-KDCIssued elements would be
625 * verified by the Kerberos library and authentication would fail if
626 * verification failed. We're not quite there yet and as a result have
627 * to go through some hoops to get this to work. The alternative would
628 * be to sign the authorization data with our long-term key, but it
629 * seems a pity to compromise the design because of current implementation
632 * (Specifically, the hoops involve a libkrb5 authorisation data plugin
633 * that exposes the verified and serialised attribute context through
634 * the Kerberos GSS mechanism's naming extensions API.)
637 defrostAttrContext(OM_uint32 *minor,
641 OM_uint32 major, tmpMinor;
642 gss_buffer_desc authData = GSS_C_EMPTY_BUFFER;
643 gss_buffer_desc authDataDisplay = GSS_C_EMPTY_BUFFER;
645 int authenticated, complete;
647 major = gssGetNameAttribute(minor, glueName, &radiusAvpKrbAttr,
648 &authenticated, &complete,
649 &authData, &authDataDisplay, &more);
650 if (major == GSS_S_COMPLETE) {
651 if (authenticated == 0)
652 major = GSS_S_BAD_NAME;
654 major = gssEapImportAttrContext(minor, &authData, mechName);
655 } else if (major == GSS_S_UNAVAILABLE) {
656 major = GSS_S_COMPLETE;
659 gss_release_buffer(&tmpMinor, &authData);
660 gss_release_buffer(&tmpMinor, &authDataDisplay);
666 gssEapGlueToMechName(OM_uint32 *minor,
668 gss_name_t *pMechName)
670 OM_uint32 major, tmpMinor;
671 gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER;
673 *pMechName = GSS_C_NO_NAME;
675 major = gssDisplayName(minor, glueName, &nameBuf, NULL);
676 if (GSS_ERROR(major))
679 major = gssEapImportName(minor, &nameBuf, GSS_C_NT_USER_NAME,
681 if (GSS_ERROR(major))
684 major = defrostAttrContext(minor, glueName, *pMechName);
685 if (GSS_ERROR(major))
689 if (GSS_ERROR(major)) {
690 gssReleaseName(&tmpMinor, pMechName);
691 *pMechName = GSS_C_NO_NAME;
694 gss_release_buffer(&tmpMinor, &nameBuf);
700 gssEapMechToGlueName(OM_uint32 *minor,
702 gss_name_t *pGlueName)
704 OM_uint32 major, tmpMinor;
705 gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER;
707 *pGlueName = GSS_C_NO_NAME;
709 major = gssEapDisplayName(minor, mechName, &nameBuf, NULL);
710 if (GSS_ERROR(major))
713 major = gssImportName(minor, &nameBuf, GSS_C_NT_USER_NAME,
715 if (GSS_ERROR(major))
719 gss_release_buffer(&tmpMinor, &nameBuf);
725 * Suck out the analgous elements of a Kerberos GSS context into an EAP
726 * one so that the application doesn't know the difference.
729 gssEapReauthComplete(OM_uint32 *minor,
735 OM_uint32 major, tmpMinor;
736 gss_buffer_set_t keyData = GSS_C_NO_BUFFER_SET;
738 if (!oidEqual(mech, gss_mech_krb5)) {
739 major = GSS_S_BAD_MECH;
743 /* Get the raw subsession key and encryptino type*/
744 major = gssInquireSecContextByOid(minor, ctx->kerberosCtx,
745 GSS_C_INQ_SSPI_SESSION_KEY, &keyData);
746 if (GSS_ERROR(major))
753 oid.length = keyData->elements[1].length;
754 oid.elements = keyData->elements[1].value;
756 /* GSS_KRB5_SESSION_KEY_ENCTYPE_OID */
757 major = decomposeOid(minor,
758 "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x04",
760 if (GSS_ERROR(major))
763 ctx->encryptionType = suffix;
767 krb5_context krbContext = NULL;
770 GSSEAP_KRB_INIT(&krbContext);
772 KRB_KEY_LENGTH(&key) = keyData->elements[0].length;
773 KRB_KEY_DATA(&key) = keyData->elements[0].value;
774 KRB_KEY_TYPE(&key) = ctx->encryptionType;
776 *minor = krb5_copy_keyblock_contents(krbContext,
777 &key, &ctx->rfc3961Key);
779 major = GSS_S_FAILURE;
784 major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key,
786 if (GSS_ERROR(major))
789 if (timeRec != GSS_C_INDEFINITE)
790 ctx->expiryTime = time(NULL) + timeRec;
792 major = sequenceInit(minor,
793 &ctx->seqState, ctx->recvSeq,
794 ((ctx->gssFlags & GSS_C_REPLAY_FLAG) != 0),
795 ((ctx->gssFlags & GSS_C_SEQUENCE_FLAG) != 0),
797 if (GSS_ERROR(major))
800 major = GSS_S_COMPLETE;
803 gss_release_buffer_set(&tmpMinor, &keyData);