2 * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 #include "krb5_locl.h"
37 struct PAC_INFO_BUFFER {
47 struct PAC_INFO_BUFFER buffers[1];
50 struct krb5_pac_data {
53 struct PAC_INFO_BUFFER *server_checksum;
54 struct PAC_INFO_BUFFER *privsvr_checksum;
55 struct PAC_INFO_BUFFER *logon_name;
58 #define PAC_ALIGNMENT 8
60 #define PACTYPE_SIZE 8
61 #define PAC_INFO_BUFFER_SIZE 16
63 #define PAC_SERVER_CHECKSUM 6
64 #define PAC_PRIVSVR_CHECKSUM 7
65 #define PAC_LOGON_NAME 10
66 #define PAC_CONSTRAINED_DELEGATION 11
68 #define CHECK(r,f,l) \
70 if (((r) = f ) != 0) { \
71 krb5_clear_error_message(context); \
76 static const char zeros[PAC_ALIGNMENT] = { 0 };
79 * HMAC-MD5 checksum over any key (needed for the PAC routines)
82 static krb5_error_code
83 HMAC_MD5_any_checksum(krb5_context context,
84 const krb5_keyblock *key,
90 struct _krb5_key_data local_key;
93 memset(&local_key, 0, sizeof(local_key));
95 ret = krb5_copy_keyblock(context, key, &local_key.key);
99 ret = krb5_data_alloc (&result->checksum, 16);
101 krb5_free_keyblock(context, local_key.key);
105 result->cksumtype = CKSUMTYPE_HMAC_MD5;
106 ret = _krb5_HMAC_MD5_checksum(context, &local_key, data, len, usage, result);
108 krb5_data_free(&result->checksum);
110 krb5_free_keyblock(context, local_key.key);
115 static krb5_error_code pac_header_size(krb5_context context,
116 uint32_t num_buffers,
120 uint32_t header_size;
122 /* Guard against integer overflow on 32-bit systems. */
123 if (num_buffers > 1000) {
125 krb5_set_error_message(context, ret, "PAC has too many buffers");
128 header_size = PAC_INFO_BUFFER_SIZE * num_buffers;
130 /* Guard against integer overflow on 32-bit systems. */
131 if (header_size > UINT32_MAX - PACTYPE_SIZE) {
133 krb5_set_error_message(context, ret, "PAC has too many buffers");
136 header_size += PACTYPE_SIZE;
138 *result = header_size;
143 static krb5_error_code pac_aligned_size(krb5_context context,
145 uint32_t *aligned_size)
149 /* Guard against integer overflow on 32-bit systems. */
150 if (size > UINT32_MAX - (PAC_ALIGNMENT - 1)) {
152 krb5_set_error_message(context, ret, "integer overrun");
155 size += PAC_ALIGNMENT - 1;
157 /* align to PAC_ALIGNMENT */
158 size = (size / PAC_ALIGNMENT) * PAC_ALIGNMENT;
160 *aligned_size = size;
169 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
170 krb5_pac_parse(krb5_context context, const void *ptr, size_t len,
175 krb5_storage *sp = NULL;
176 uint32_t i, tmp, tmp2, header_end;
178 p = calloc(1, sizeof(*p));
180 ret = krb5_enomem(context);
184 sp = krb5_storage_from_readonly_mem(ptr, len);
186 ret = krb5_enomem(context);
189 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
191 CHECK(ret, krb5_ret_uint32(sp, &tmp), out);
192 CHECK(ret, krb5_ret_uint32(sp, &tmp2), out);
194 ret = EINVAL; /* Too few buffers */
195 krb5_set_error_message(context, ret, N_("PAC have too few buffer", ""));
199 ret = EINVAL; /* Wrong version */
200 krb5_set_error_message(context, ret,
201 N_("PAC have wrong version %d", ""),
206 ret = pac_header_size(context, tmp, &header_end);
211 p->pac = calloc(1, header_end);
212 if (p->pac == NULL) {
213 ret = krb5_enomem(context);
217 p->pac->numbuffers = tmp;
218 p->pac->version = tmp2;
220 if (header_end > len) {
225 for (i = 0; i < p->pac->numbuffers; i++) {
226 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].type), out);
227 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].buffersize), out);
228 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_lo), out);
229 CHECK(ret, krb5_ret_uint32(sp, &p->pac->buffers[i].offset_hi), out);
231 /* consistency checks */
232 if (p->pac->buffers[i].offset_lo & (PAC_ALIGNMENT - 1)) {
234 krb5_set_error_message(context, ret,
235 N_("PAC out of allignment", ""));
238 if (p->pac->buffers[i].offset_hi) {
240 krb5_set_error_message(context, ret,
241 N_("PAC high offset set", ""));
244 if (p->pac->buffers[i].offset_lo > len) {
246 krb5_set_error_message(context, ret,
247 N_("PAC offset off end", ""));
250 if (p->pac->buffers[i].offset_lo < header_end) {
252 krb5_set_error_message(context, ret,
253 N_("PAC offset inside header: %lu %lu", ""),
254 (unsigned long)p->pac->buffers[i].offset_lo,
255 (unsigned long)header_end);
258 if (p->pac->buffers[i].buffersize > len - p->pac->buffers[i].offset_lo){
260 krb5_set_error_message(context, ret, N_("PAC length off end", ""));
264 /* let save pointer to data we need later */
265 if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
266 if (p->server_checksum) {
268 krb5_set_error_message(context, ret,
269 N_("PAC have two server checksums", ""));
272 p->server_checksum = &p->pac->buffers[i];
273 } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
274 if (p->privsvr_checksum) {
276 krb5_set_error_message(context, ret,
277 N_("PAC have two KDC checksums", ""));
280 p->privsvr_checksum = &p->pac->buffers[i];
281 } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
284 krb5_set_error_message(context, ret,
285 N_("PAC have two logon names", ""));
288 p->logon_name = &p->pac->buffers[i];
292 ret = krb5_data_copy(&p->data, ptr, len);
296 krb5_storage_free(sp);
303 krb5_storage_free(sp);
314 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
315 krb5_pac_init(krb5_context context, krb5_pac *pac)
320 p = calloc(1, sizeof(*p));
322 return krb5_enomem(context);
325 p->pac = calloc(1, sizeof(*p->pac));
326 if (p->pac == NULL) {
328 return krb5_enomem(context);
331 ret = krb5_data_alloc(&p->data, PACTYPE_SIZE);
335 return krb5_enomem(context);
342 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
343 krb5_pac_add_buffer(krb5_context context, krb5_pac p,
344 uint32_t type, const krb5_data *data)
348 uint32_t unaligned_len, num_buffers, len, offset, header_end, old_end;
351 if (data->length > UINT32_MAX) {
353 krb5_set_error_message(context, ret, "integer overrun");
357 num_buffers = p->pac->numbuffers;
359 if (num_buffers >= UINT32_MAX) {
361 krb5_set_error_message(context, ret, "integer overrun");
364 ret = pac_header_size(context, num_buffers + 1, &header_end);
369 ptr = realloc(p->pac, header_end);
371 return krb5_enomem(context);
375 for (i = 0; i < num_buffers; i++) {
376 if (p->pac->buffers[i].offset_lo > UINT32_MAX - PAC_INFO_BUFFER_SIZE) {
378 krb5_set_error_message(context, ret, "integer overrun");
382 p->pac->buffers[i].offset_lo += PAC_INFO_BUFFER_SIZE;
385 if (p->data.length > UINT32_MAX - PAC_INFO_BUFFER_SIZE) {
387 krb5_set_error_message(context, ret, "integer overrun");
390 offset = p->data.length + PAC_INFO_BUFFER_SIZE;
392 p->pac->buffers[num_buffers].type = type;
393 p->pac->buffers[num_buffers].buffersize = data->length;
394 p->pac->buffers[num_buffers].offset_lo = offset;
395 p->pac->buffers[num_buffers].offset_hi = 0;
397 old_end = p->data.length;
398 if (offset > UINT32_MAX - data->length) {
399 krb5_set_error_message(context, EINVAL, "integer overrun");
402 unaligned_len = offset + data->length;
404 ret = pac_aligned_size(context, unaligned_len, &len);
408 ret = krb5_data_realloc(&p->data, len);
410 krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
415 * make place for new PAC INFO BUFFER header
417 header_end -= PAC_INFO_BUFFER_SIZE;
418 memmove((unsigned char *)p->data.data + header_end + PAC_INFO_BUFFER_SIZE,
419 (unsigned char *)p->data.data + header_end ,
420 old_end - header_end);
421 memset((unsigned char *)p->data.data + header_end, 0, PAC_INFO_BUFFER_SIZE);
424 * copy in new data part
427 memcpy((unsigned char *)p->data.data + offset,
428 data->data, data->length);
429 memset((unsigned char *)p->data.data + offset + data->length,
430 0, p->data.length - unaligned_len);
432 p->pac->numbuffers += 1;
438 * Get the PAC buffer of specific type from the pac.
440 * @param context Kerberos 5 context.
441 * @param p the pac structure returned by krb5_pac_parse().
442 * @param type type of buffer to get
443 * @param data return data, free with krb5_data_free().
445 * @return Returns 0 to indicate success. Otherwise an kerberos et
446 * error code is returned, see krb5_get_error_message().
451 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
452 krb5_pac_get_buffer(krb5_context context, krb5_pac p,
453 uint32_t type, krb5_data *data)
458 for (i = 0; i < p->pac->numbuffers; i++) {
459 const uint32_t len = p->pac->buffers[i].buffersize;
460 const uint32_t offset = p->pac->buffers[i].offset_lo;
462 if (p->pac->buffers[i].type != type)
465 ret = krb5_data_copy(data, (unsigned char *)p->data.data + offset, len);
467 krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
472 krb5_set_error_message(context, ENOENT, "No PAC buffer of type %lu was found",
473 (unsigned long)type);
481 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
482 krb5_pac_get_types(krb5_context context,
489 *types = calloc(p->pac->numbuffers, sizeof(*types));
490 if (*types == NULL) {
492 return krb5_enomem(context);
494 for (i = 0; i < p->pac->numbuffers; i++)
495 (*types)[i] = p->pac->buffers[i].type;
496 *len = p->pac->numbuffers;
505 KRB5_LIB_FUNCTION void KRB5_LIB_CALL
506 krb5_pac_free(krb5_context context, krb5_pac pac)
508 krb5_data_free(&pac->data);
517 static krb5_error_code
518 verify_checksum(krb5_context context,
519 const struct PAC_INFO_BUFFER *sig,
520 const krb5_data *data,
521 void *ptr, size_t len,
522 const krb5_keyblock *key)
524 krb5_storage *sp = NULL;
529 memset(&cksum, 0, sizeof(cksum));
531 sp = krb5_storage_from_mem((char *)data->data + sig->offset_lo,
534 return krb5_enomem(context);
536 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
538 CHECK(ret, krb5_ret_uint32(sp, &type), out);
539 cksum.cksumtype = type;
540 cksum.checksum.length =
541 sig->buffersize - krb5_storage_seek(sp, 0, SEEK_CUR);
542 cksum.checksum.data = malloc(cksum.checksum.length);
543 if (cksum.checksum.data == NULL) {
544 ret = krb5_enomem(context);
547 ret = krb5_storage_read(sp, cksum.checksum.data, cksum.checksum.length);
548 if (ret != (int)cksum.checksum.length) {
550 krb5_set_error_message(context, ret, "PAC checksum missing checksum");
554 if (!krb5_checksum_is_keyed(context, cksum.cksumtype)) {
556 krb5_set_error_message(context, ret, "Checksum type %d not keyed",
561 /* If the checksum is HMAC-MD5, the checksum type is not tied to
562 * the key type, instead the HMAC-MD5 checksum is applied blindly
563 * on whatever key is used for this connection, avoiding issues
564 * with unkeyed checksums on des-cbc-md5 and des-cbc-crc. See
565 * http://comments.gmane.org/gmane.comp.encryption.kerberos.devel/8743
566 * for the same issue in MIT, and
567 * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx
568 * for Microsoft's explaination */
570 if (cksum.cksumtype == CKSUMTYPE_HMAC_MD5) {
571 Checksum local_checksum;
573 memset(&local_checksum, 0, sizeof(local_checksum));
575 ret = HMAC_MD5_any_checksum(context, key, ptr, len,
576 KRB5_KU_OTHER_CKSUM, &local_checksum);
578 if (ret != 0 || krb5_data_ct_cmp(&local_checksum.checksum, &cksum.checksum) != 0) {
579 ret = KRB5KRB_AP_ERR_BAD_INTEGRITY;
580 krb5_set_error_message(context, ret,
581 N_("PAC integrity check failed for "
582 "hmac-md5 checksum", ""));
584 krb5_data_free(&local_checksum.checksum);
587 krb5_crypto crypto = NULL;
589 ret = krb5_crypto_init(context, key, 0, &crypto);
593 ret = krb5_verify_checksum(context, crypto, KRB5_KU_OTHER_CKSUM,
595 krb5_crypto_destroy(context, crypto);
597 free(cksum.checksum.data);
598 krb5_storage_free(sp);
603 if (cksum.checksum.data)
604 free(cksum.checksum.data);
606 krb5_storage_free(sp);
610 static krb5_error_code
611 create_checksum(krb5_context context,
612 const krb5_keyblock *key,
614 void *data, size_t datalen,
615 void *sig, size_t siglen)
617 krb5_crypto crypto = NULL;
621 /* If the checksum is HMAC-MD5, the checksum type is not tied to
622 * the key type, instead the HMAC-MD5 checksum is applied blindly
623 * on whatever key is used for this connection, avoiding issues
624 * with unkeyed checksums on des-cbc-md5 and des-cbc-crc. See
625 * http://comments.gmane.org/gmane.comp.encryption.kerberos.devel/8743
626 * for the same issue in MIT, and
627 * http://blogs.msdn.com/b/openspecification/archive/2010/01/01/verifying-the-server-signature-in-kerberos-privilege-account-certificate.aspx
628 * for Microsoft's explaination */
630 if (cksumtype == (uint32_t)CKSUMTYPE_HMAC_MD5) {
631 ret = HMAC_MD5_any_checksum(context, key, data, datalen,
632 KRB5_KU_OTHER_CKSUM, &cksum);
634 ret = krb5_crypto_init(context, key, 0, &crypto);
638 ret = krb5_create_checksum(context, crypto, KRB5_KU_OTHER_CKSUM, 0,
639 data, datalen, &cksum);
640 krb5_crypto_destroy(context, crypto);
644 if (cksum.checksum.length != siglen) {
645 krb5_set_error_message(context, EINVAL, "pac checksum wrong length");
646 free_Checksum(&cksum);
650 memcpy(sig, cksum.checksum.data, siglen);
651 free_Checksum(&cksum);
661 #define NTTIME_EPOCH 0x019DB1DED53E8000LL
664 unix2nttime(time_t unix_time)
667 wt = unix_time * (uint64_t)10000000 + (uint64_t)NTTIME_EPOCH;
671 static krb5_error_code
672 verify_logonname(krb5_context context,
673 const struct PAC_INFO_BUFFER *logon_name,
674 const krb5_data *data,
676 krb5_const_principal principal)
680 uint32_t time1, time2;
685 sp = krb5_storage_from_readonly_mem((const char *)data->data + logon_name->offset_lo,
686 logon_name->buffersize);
688 return krb5_enomem(context);
690 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
692 CHECK(ret, krb5_ret_uint32(sp, &time1), out);
693 CHECK(ret, krb5_ret_uint32(sp, &time2), out);
697 t1 = unix2nttime(authtime);
698 t2 = ((uint64_t)time2 << 32) | time1;
700 krb5_storage_free(sp);
701 krb5_set_error_message(context, EINVAL, "PAC timestamp mismatch");
705 CHECK(ret, krb5_ret_uint16(sp, &len), out);
707 krb5_storage_free(sp);
708 krb5_set_error_message(context, EINVAL, "PAC logon name length missing");
714 krb5_storage_free(sp);
715 return krb5_enomem(context);
717 ret = krb5_storage_read(sp, s, len);
719 krb5_storage_free(sp);
720 krb5_set_error_message(context, EINVAL, "Failed to read PAC logon name");
723 krb5_storage_free(sp);
725 size_t ucs2len = len / 2;
728 unsigned int flags = WIND_RW_LE;
730 ucs2 = malloc(sizeof(ucs2[0]) * ucs2len);
732 return krb5_enomem(context);
734 ret = wind_ucs2read(s, len, &flags, ucs2, &ucs2len);
738 krb5_set_error_message(context, ret, "Failed to convert string to UCS-2");
741 ret = wind_ucs2utf8_length(ucs2, ucs2len, &u8len);
744 krb5_set_error_message(context, ret, "Failed to count length of UCS-2 string");
747 u8len += 1; /* Add space for NUL */
751 return krb5_enomem(context);
753 ret = wind_ucs2utf8(ucs2, ucs2len, s, &u8len);
757 krb5_set_error_message(context, ret, "Failed to convert to UTF-8");
761 ret = krb5_parse_name_flags(context, s, KRB5_PRINCIPAL_PARSE_NO_REALM, &p2);
766 if (krb5_principal_compare_any_realm(context, principal, p2) != TRUE) {
768 krb5_set_error_message(context, ret, "PAC logon name mismatch");
770 krb5_free_principal(context, p2);
780 static krb5_error_code
781 build_logon_name(krb5_context context,
783 krb5_const_principal principal,
792 t = unix2nttime(authtime);
794 krb5_data_zero(logon);
796 sp = krb5_storage_emem();
798 return krb5_enomem(context);
800 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
802 CHECK(ret, krb5_store_uint32(sp, t & 0xffffffff), out);
803 CHECK(ret, krb5_store_uint32(sp, t >> 32), out);
805 ret = krb5_unparse_name_flags(context, principal,
806 KRB5_PRINCIPAL_UNPARSE_NO_REALM, &s);
815 ret = wind_utf8ucs2_length(s, &ucs2_len);
818 krb5_set_error_message(context, ret, "Failed to count length of UTF-8 string");
822 ucs2 = malloc(sizeof(ucs2[0]) * ucs2_len);
825 return krb5_enomem(context);
828 ret = wind_utf8ucs2(s, ucs2, &ucs2_len);
832 krb5_set_error_message(context, ret, "Failed to convert string to UCS-2");
836 s2_len = (ucs2_len + 1) * 2;
840 return krb5_enomem(context);
844 ret = wind_ucs2write(ucs2, ucs2_len,
845 &flags, s2, &s2_len);
849 krb5_set_error_message(context, ret, "Failed to write to UCS-2 buffer");
854 * we do not want zero termination
856 s2_len = ucs2_len * 2;
859 CHECK(ret, krb5_store_uint16(sp, s2_len), out);
861 ret = krb5_storage_write(sp, s2, s2_len);
863 if (ret != (int)s2_len) {
864 ret = krb5_enomem(context);
867 ret = krb5_storage_to_data(sp, logon);
870 krb5_storage_free(sp);
874 krb5_storage_free(sp);
882 * @param context Kerberos 5 context.
883 * @param pac the pac structure returned by krb5_pac_parse().
884 * @param authtime The time of the ticket the PAC belongs to.
885 * @param principal the principal to verify.
886 * @param server The service key, most always be given.
887 * @param privsvr The KDC key, may be given.
889 * @return Returns 0 to indicate success. Otherwise an kerberos et
890 * error code is returned, see krb5_get_error_message().
895 KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
896 krb5_pac_verify(krb5_context context,
899 krb5_const_principal principal,
900 const krb5_keyblock *server,
901 const krb5_keyblock *privsvr)
905 if (pac->server_checksum == NULL) {
906 krb5_set_error_message(context, EINVAL, "PAC missing server checksum");
909 if (pac->privsvr_checksum == NULL) {
910 krb5_set_error_message(context, EINVAL, "PAC missing kdc checksum");
913 if (pac->logon_name == NULL) {
914 krb5_set_error_message(context, EINVAL, "PAC missing logon name");
918 ret = verify_logonname(context,
927 * in the service case, clean out data option of the privsvr and
928 * server checksum before checking the checksum.
933 ret = krb5_copy_data(context, &pac->data, ©);
937 if (pac->server_checksum->buffersize < 4)
939 if (pac->privsvr_checksum->buffersize < 4)
942 memset((char *)copy->data + pac->server_checksum->offset_lo + 4,
944 pac->server_checksum->buffersize - 4);
946 memset((char *)copy->data + pac->privsvr_checksum->offset_lo + 4,
948 pac->privsvr_checksum->buffersize - 4);
950 ret = verify_checksum(context,
951 pac->server_checksum,
956 krb5_free_data(context, copy);
961 /* The priv checksum covers the server checksum */
962 ret = verify_checksum(context,
963 pac->privsvr_checksum,
965 (char *)pac->data.data
966 + pac->server_checksum->offset_lo + 4,
967 pac->server_checksum->buffersize - 4,
980 static krb5_error_code
981 fill_zeros(krb5_context context, krb5_storage *sp, size_t len)
988 if (l > sizeof(zeros))
990 sret = krb5_storage_write(sp, zeros, l);
992 return krb5_enomem(context);
999 static krb5_error_code
1000 pac_checksum(krb5_context context,
1001 const krb5_keyblock *key,
1002 uint32_t *cksumtype,
1005 krb5_cksumtype cktype;
1006 krb5_error_code ret;
1007 krb5_crypto crypto = NULL;
1009 ret = krb5_crypto_init(context, key, 0, &crypto);
1013 ret = krb5_crypto_get_checksum_type(context, crypto, &cktype);
1014 krb5_crypto_destroy(context, crypto);
1018 if (krb5_checksum_is_keyed(context, cktype) == FALSE) {
1019 *cksumtype = CKSUMTYPE_HMAC_MD5;
1023 ret = krb5_checksumsize(context, cktype, cksumsize);
1027 *cksumtype = (uint32_t)cktype;
1033 _krb5_pac_sign(krb5_context context,
1036 krb5_principal principal,
1037 const krb5_keyblock *server_key,
1038 const krb5_keyblock *priv_key,
1041 krb5_error_code ret;
1042 krb5_storage *sp = NULL, *spdata = NULL;
1044 size_t server_size, priv_size;
1045 uint32_t server_offset = 0, priv_offset = 0;
1046 uint32_t server_cksumtype = 0, priv_cksumtype = 0;
1051 krb5_data_zero(&logon);
1053 if (p->logon_name == NULL)
1055 if (p->server_checksum == NULL)
1057 if (p->privsvr_checksum == NULL)
1064 if (p->pac->numbuffers > UINT32_MAX - num) {
1066 krb5_set_error_message(context, ret, "integer overrun");
1069 ret = pac_header_size(context, p->pac->numbuffers + num, &len);
1073 ptr = realloc(p->pac, len);
1075 return krb5_enomem(context);
1079 if (p->logon_name == NULL) {
1080 p->logon_name = &p->pac->buffers[p->pac->numbuffers++];
1081 memset(p->logon_name, 0, sizeof(*p->logon_name));
1082 p->logon_name->type = PAC_LOGON_NAME;
1084 if (p->server_checksum == NULL) {
1085 p->server_checksum = &p->pac->buffers[p->pac->numbuffers++];
1086 memset(p->server_checksum, 0, sizeof(*p->server_checksum));
1087 p->server_checksum->type = PAC_SERVER_CHECKSUM;
1089 if (p->privsvr_checksum == NULL) {
1090 p->privsvr_checksum = &p->pac->buffers[p->pac->numbuffers++];
1091 memset(p->privsvr_checksum, 0, sizeof(*p->privsvr_checksum));
1092 p->privsvr_checksum->type = PAC_PRIVSVR_CHECKSUM;
1096 /* Calculate LOGON NAME */
1097 ret = build_logon_name(context, authtime, principal, &logon);
1101 /* Set lengths for checksum */
1102 ret = pac_checksum(context, server_key, &server_cksumtype, &server_size);
1105 ret = pac_checksum(context, priv_key, &priv_cksumtype, &priv_size);
1110 sp = krb5_storage_emem();
1112 return krb5_enomem(context);
1114 krb5_storage_set_flags(sp, KRB5_STORAGE_BYTEORDER_LE);
1116 spdata = krb5_storage_emem();
1117 if (spdata == NULL) {
1118 krb5_storage_free(sp);
1119 return krb5_enomem(context);
1121 krb5_storage_set_flags(spdata, KRB5_STORAGE_BYTEORDER_LE);
1123 CHECK(ret, krb5_store_uint32(sp, p->pac->numbuffers), out);
1124 CHECK(ret, krb5_store_uint32(sp, p->pac->version), out);
1126 ret = pac_header_size(context, p->pac->numbuffers, &end);
1130 for (i = 0; i < p->pac->numbuffers; i++) {
1137 if (p->pac->buffers[i].type == PAC_SERVER_CHECKSUM) {
1138 if (server_size > UINT32_MAX - 4) {
1140 krb5_set_error_message(context, ret, "integer overrun");
1143 if (end > UINT32_MAX - 4) {
1145 krb5_set_error_message(context, ret, "integer overrun");
1148 len = server_size + 4;
1149 server_offset = end + 4;
1150 CHECK(ret, krb5_store_uint32(spdata, server_cksumtype), out);
1151 CHECK(ret, fill_zeros(context, spdata, server_size), out);
1152 } else if (p->pac->buffers[i].type == PAC_PRIVSVR_CHECKSUM) {
1153 if (priv_size > UINT32_MAX - 4) {
1155 krb5_set_error_message(context, ret, "integer overrun");
1158 if (end > UINT32_MAX - 4) {
1160 krb5_set_error_message(context, ret, "integer overrun");
1163 len = priv_size + 4;
1164 priv_offset = end + 4;
1165 CHECK(ret, krb5_store_uint32(spdata, priv_cksumtype), out);
1166 CHECK(ret, fill_zeros(context, spdata, priv_size), out);
1167 } else if (p->pac->buffers[i].type == PAC_LOGON_NAME) {
1168 len = krb5_storage_write(spdata, logon.data, logon.length);
1169 if (logon.length != len) {
1174 len = p->pac->buffers[i].buffersize;
1175 ptr = (char *)p->data.data + p->pac->buffers[i].offset_lo;
1177 sret = krb5_storage_write(spdata, ptr, len);
1179 ret = krb5_enomem(context);
1182 /* XXX if not aligned, fill_zeros */
1186 CHECK(ret, krb5_store_uint32(sp, p->pac->buffers[i].type), out);
1187 CHECK(ret, krb5_store_uint32(sp, len), out);
1188 CHECK(ret, krb5_store_uint32(sp, end), out);
1189 CHECK(ret, krb5_store_uint32(sp, 0), out);
1191 /* advance data endpointer and align */
1195 if (end > UINT32_MAX - len) {
1197 krb5_set_error_message(context, ret, "integer overrun");
1202 ret = pac_aligned_size(context, end, &e);
1207 CHECK(ret, fill_zeros(context, spdata, e - end), out);
1214 /* assert (server_offset != 0 && priv_offset != 0); */
1217 ret = krb5_storage_to_data(spdata, &d);
1219 krb5_set_error_message(context, ret, N_("malloc: out of memory", ""));
1222 ret = krb5_storage_write(sp, d.data, d.length);
1223 if (ret != (int)d.length) {
1225 ret = krb5_enomem(context);
1230 ret = krb5_storage_to_data(sp, &d);
1232 ret = krb5_enomem(context);
1237 ret = create_checksum(context, server_key, server_cksumtype,
1239 (char *)d.data + server_offset, server_size);
1244 ret = create_checksum(context, priv_key, priv_cksumtype,
1245 (char *)d.data + server_offset, server_size,
1246 (char *)d.data + priv_offset, priv_size);
1255 krb5_data_free(&logon);
1256 krb5_storage_free(sp);
1257 krb5_storage_free(spdata);
1261 krb5_data_free(&logon);
1263 krb5_storage_free(sp);
1265 krb5_storage_free(spdata);