1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
|
/*
* lib/krb4/cr_tkt.c
*
* Copyright 1985, 1986, 1987, 1988, 2000 by the Massachusetts
* Institute of Technology. All Rights Reserved.
*
* Export of this software from the United States of America may
* require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. Furthermore if you modify this software you must label
* your software as modified software and not distribute it in such a
* fashion that it might be confused with the original M.I.T. software.
* M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
#include <krb5.h>
#include "des.h"
#include "krb.h"
#include "prot.h"
#include <string.h>
#include "port-sockets.h"
static int
krb_cr_tkt_int (KTEXT tkt, unsigned int flags_in, char *pname,
char *pinstance, char *prealm, long paddress,
char *session, int life, long time_sec,
char *sname, char *sinstance);
/*
* Create ticket takes as arguments information that should be in a
* ticket, and the KTEXT object in which the ticket should be
* constructed. It then constructs a ticket and returns, leaving the
* newly created ticket in tkt.
#ifndef NOENCRYPTION
* The data in tkt->dat is encrypted in the server's key.
#endif
* The length of the ticket is a multiple of
* eight bytes and is in tkt->length.
*
* If the ticket is too long, the ticket will contain nulls.
* The return value of the routine is undefined.
*
* The corresponding routine to extract information from a ticket it
* decomp_ticket. When changes are made to this routine, the
* corresponding changes should also be made to that file.
*
* The packet is built in the following format:
*
* variable
* type or constant data
* ---- ----------- ----
*
* tkt->length length of ticket (multiple of 8 bytes)
*
#ifdef NOENCRYPTION
* tkt->dat:
#else
* tkt->dat: (encrypted in server's key)
#endif
*
* unsigned char flags namely, HOST_BYTE_ORDER
*
* string pname client's name
*
* string pinstance client's instance
*
* string prealm client's realm
*
* 4 bytes paddress client's address
*
* 8 bytes session session key
*
* 1 byte life ticket lifetime
*
* 4 bytes time_sec KDC timestamp
*
* string sname service's name
*
* string sinstance service's instance
*
* <=7 bytes null null pad to 8 byte multiple
*
*/
int
krb_create_ticket(tkt, flags, pname, pinstance, prealm, paddress,
session, life, time_sec, sname, sinstance, key)
KTEXT tkt; /* Gets filled in by the ticket */
unsigned int flags; /* Various Kerberos flags */
char *pname; /* Principal's name */
char *pinstance; /* Principal's instance */
char *prealm; /* Principal's authentication domain */
long paddress; /* Net address of requesting entity */
char *session; /* Session key inserted in ticket */
int life; /* Lifetime of the ticket */
long time_sec; /* Issue time and date */
char *sname; /* Service Name */
char *sinstance; /* Instance Name */
C_Block key; /* Service's secret key */
{
int kerr;
Key_schedule key_s;
kerr = krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm, paddress,
session, life, time_sec, sname, sinstance);
if (kerr)
return kerr;
/* Encrypt the ticket in the services key */
key_sched(key, key_s);
pcbc_encrypt((C_Block *)tkt->dat, (C_Block *)tkt->dat,
(long)tkt->length, key_s, (C_Block *)key, 1);
memset(key_s, 0, sizeof(key_s));
return 0;
}
int
krb_cr_tkt_krb5(tkt, flags, pname, pinstance, prealm, paddress,
session, life, time_sec, sname, sinstance, k5key)
KTEXT tkt; /* Gets filled in by the ticket */
unsigned int flags; /* Various Kerberos flags */
char *pname; /* Principal's name */
char *pinstance; /* Principal's instance */
char *prealm; /* Principal's authentication domain */
long paddress; /* Net address of requesting entity */
char *session; /* Session key inserted in ticket */
int life; /* Lifetime of the ticket */
long time_sec; /* Issue time and date */
char *sname; /* Service Name */
char *sinstance; /* Instance Name */
krb5_keyblock *k5key; /* NULL if not present */
{
int kerr;
krb5_data in;
krb5_enc_data out;
krb5_error_code ret;
size_t enclen;
kerr = krb_cr_tkt_int(tkt, flags, pname, pinstance, prealm,
paddress, session, life, time_sec,
sname, sinstance);
if (kerr)
return kerr;
/* Encrypt the ticket in the services key */
in.length = tkt->length;
in.data = (char *)tkt->dat;
/* XXX assumes context arg is ignored */
ret = krb5_c_encrypt_length(NULL, k5key->enctype,
(size_t)in.length, &enclen);
if (ret)
return KFAILURE;
out.ciphertext.length = enclen;
out.ciphertext.data = malloc(enclen);
if (out.ciphertext.data == NULL)
return KFAILURE; /* XXX maybe ENOMEM? */
/* XXX assumes context arg is ignored */
ret = krb5_c_encrypt(NULL, k5key, KRB5_KEYUSAGE_KDC_REP_TICKET,
NULL, &in, &out);
if (ret) {
free(out.ciphertext.data);
return KFAILURE;
} else {
tkt->length = out.ciphertext.length;
memcpy(tkt->dat, out.ciphertext.data, out.ciphertext.length);
memset(out.ciphertext.data, 0, out.ciphertext.length);
free(out.ciphertext.data);
}
return 0;
}
static int
krb_cr_tkt_int(tkt, flags_in, pname, pinstance, prealm, paddress,
session, life, time_sec, sname, sinstance)
KTEXT tkt; /* Gets filled in by the ticket */
unsigned int flags_in; /* Various Kerberos flags */
char *pname; /* Principal's name */
char *pinstance; /* Principal's instance */
char *prealm; /* Principal's authentication domain */
long paddress; /* Net address of requesting entity */
char *session; /* Session key inserted in ticket */
int life; /* Lifetime of the ticket */
long time_sec; /* Issue time and date */
char *sname; /* Service Name */
char *sinstance; /* Instance Name */
{
register unsigned char *data; /* running index into ticket */
size_t pnamelen, pinstlen, prealmlen, snamelen, sinstlen;
struct in_addr paddr;
/* Be really paranoid. */
if (sizeof(paddr.s_addr) != 4)
return KFAILURE;
tkt->length = 0; /* Clear previous data */
/* Check length of ticket */
pnamelen = strlen(pname) + 1;
pinstlen = strlen(pinstance) + 1;
prealmlen = strlen(prealm) + 1;
snamelen = strlen(sname) + 1;
sinstlen = strlen(sinstance) + 1;
if (sizeof(tkt->dat) / 8 < ((1 + pnamelen + pinstlen + prealmlen
+ 4 /* address */
+ 8 /* session */
+ 1 /* life */
+ 4 /* issue time */
+ snamelen + sinstlen
+ 7) / 8) /* roundoff */
|| life > 255 || life < 0) {
memset(tkt->dat, 0, sizeof(tkt->dat));
return KFAILURE /* XXX */;
}
data = tkt->dat;
*data++ = flags_in;
memcpy(data, pname, pnamelen);
data += pnamelen;
memcpy(data, pinstance, pinstlen);
data += pinstlen;
memcpy(data, prealm, prealmlen);
data += prealmlen;
paddr.s_addr = paddress;
memcpy(data, &paddr.s_addr, sizeof(paddr.s_addr));
data += sizeof(paddr.s_addr);
memcpy(data, session, 8);
data += 8;
*data++ = life;
/* issue time */
KRB4_PUT32BE(data, time_sec);
memcpy(data, sname, snamelen);
data += snamelen;
memcpy(data, sinstance, sinstlen);
data += sinstlen;
/* guarantee null padded ticket to multiple of 8 bytes */
memset(data, 0, 7);
tkt->length = ((data - tkt->dat + 7) / 8) * 8;
return 0;
}
|
