155682Smarkm/*
2233294Sstas * Copyright (c) 1997-2007 Kungliga Tekniska H��gskolan
3233294Sstas * (Royal Institute of Technology, Stockholm, Sweden).
4233294Sstas * All rights reserved.
555682Smarkm *
6233294Sstas * Redistribution and use in source and binary forms, with or without
7233294Sstas * modification, are permitted provided that the following conditions
8233294Sstas * are met:
955682Smarkm *
10233294Sstas * 1. Redistributions of source code must retain the above copyright
11233294Sstas *    notice, this list of conditions and the following disclaimer.
1255682Smarkm *
13233294Sstas * 2. Redistributions in binary form must reproduce the above copyright
14233294Sstas *    notice, this list of conditions and the following disclaimer in the
15233294Sstas *    documentation and/or other materials provided with the distribution.
1655682Smarkm *
17233294Sstas * 3. Neither the name of the Institute nor the names of its contributors
18233294Sstas *    may be used to endorse or promote products derived from this software
19233294Sstas *    without specific prior written permission.
2055682Smarkm *
21233294Sstas * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22233294Sstas * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23233294Sstas * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24233294Sstas * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25233294Sstas * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26233294Sstas * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27233294Sstas * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28233294Sstas * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29233294Sstas * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30233294Sstas * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31233294Sstas * SUCH DAMAGE.
3255682Smarkm */
3355682Smarkm
34233294Sstas#include "krb5_locl.h"
3555682Smarkm
36233294SstasKRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
3755682Smarkmkrb5_rd_priv(krb5_context context,
3855682Smarkm	     krb5_auth_context auth_context,
3955682Smarkm	     const krb5_data *inbuf,
4055682Smarkm	     krb5_data *outbuf,
41178825Sdfr	     krb5_replay_data *outdata)
4255682Smarkm{
43178825Sdfr    krb5_error_code ret;
44178825Sdfr    KRB_PRIV priv;
45178825Sdfr    EncKrbPrivPart part;
46178825Sdfr    size_t len;
47178825Sdfr    krb5_data plain;
48178825Sdfr    krb5_keyblock *key;
49178825Sdfr    krb5_crypto crypto;
5055682Smarkm
51233294Sstas    krb5_data_zero(outbuf);
5255682Smarkm
53233294Sstas    if ((auth_context->flags &
54233294Sstas	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE)))
55233294Sstas    {
56233294Sstas	if (outdata == NULL) {
57233294Sstas	    krb5_clear_error_message (context);
58233294Sstas	    return KRB5_RC_REQUIRED; /* XXX better error, MIT returns this */
59233294Sstas	}
60233294Sstas	/* if these fields are not present in the priv-part, silently
61233294Sstas           return zero */
62233294Sstas	memset(outdata, 0, sizeof(*outdata));
63178825Sdfr    }
6455682Smarkm
65178825Sdfr    memset(&priv, 0, sizeof(priv));
66178825Sdfr    ret = decode_KRB_PRIV (inbuf->data, inbuf->length, &priv, &len);
67178825Sdfr    if (ret) {
68233294Sstas	krb5_clear_error_message (context);
69178825Sdfr	goto failure;
70178825Sdfr    }
71178825Sdfr    if (priv.pvno != 5) {
72233294Sstas	krb5_clear_error_message (context);
73178825Sdfr	ret = KRB5KRB_AP_ERR_BADVERSION;
74178825Sdfr	goto failure;
75178825Sdfr    }
76178825Sdfr    if (priv.msg_type != krb_priv) {
77233294Sstas	krb5_clear_error_message (context);
78178825Sdfr	ret = KRB5KRB_AP_ERR_MSG_TYPE;
79178825Sdfr	goto failure;
80178825Sdfr    }
8155682Smarkm
82178825Sdfr    if (auth_context->remote_subkey)
83178825Sdfr	key = auth_context->remote_subkey;
84178825Sdfr    else if (auth_context->local_subkey)
85178825Sdfr	key = auth_context->local_subkey;
86178825Sdfr    else
87178825Sdfr	key = auth_context->keyblock;
88178825Sdfr
89178825Sdfr    ret = krb5_crypto_init(context, key, 0, &crypto);
90178825Sdfr    if (ret)
91178825Sdfr	goto failure;
92178825Sdfr    ret = krb5_decrypt_EncryptedData(context,
93178825Sdfr				     crypto,
94178825Sdfr				     KRB5_KU_KRB_PRIV,
95178825Sdfr				     &priv.enc_part,
96178825Sdfr				     &plain);
97178825Sdfr    krb5_crypto_destroy(context, crypto);
98233294Sstas    if (ret)
99178825Sdfr	goto failure;
100178825Sdfr
101178825Sdfr    ret = decode_EncKrbPrivPart (plain.data, plain.length, &part, &len);
102178825Sdfr    krb5_data_free (&plain);
103178825Sdfr    if (ret) {
104233294Sstas	krb5_clear_error_message (context);
105178825Sdfr	goto failure;
106178825Sdfr    }
107233294Sstas
108178825Sdfr    /* check sender address */
10955682Smarkm
110178825Sdfr    if (part.s_address
111178825Sdfr	&& auth_context->remote_address
112178825Sdfr	&& !krb5_address_compare (context,
113178825Sdfr				  auth_context->remote_address,
114178825Sdfr				  part.s_address)) {
115233294Sstas	krb5_clear_error_message (context);
116178825Sdfr	ret = KRB5KRB_AP_ERR_BADADDR;
117178825Sdfr	goto failure_part;
118178825Sdfr    }
11955682Smarkm
120178825Sdfr    /* check receiver address */
12155682Smarkm
122178825Sdfr    if (part.r_address
123178825Sdfr	&& auth_context->local_address
124178825Sdfr	&& !krb5_address_compare (context,
125178825Sdfr				  auth_context->local_address,
126178825Sdfr				  part.r_address)) {
127233294Sstas	krb5_clear_error_message (context);
128178825Sdfr	ret = KRB5KRB_AP_ERR_BADADDR;
129178825Sdfr	goto failure_part;
130178825Sdfr    }
13155682Smarkm
132178825Sdfr    /* check timestamp */
133178825Sdfr    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_TIME) {
134178825Sdfr	krb5_timestamp sec;
13555682Smarkm
136178825Sdfr	krb5_timeofday (context, &sec);
137178825Sdfr	if (part.timestamp == NULL ||
138178825Sdfr	    part.usec      == NULL ||
139178825Sdfr	    abs(*part.timestamp - sec) > context->max_skew) {
140233294Sstas	    krb5_clear_error_message (context);
141178825Sdfr	    ret = KRB5KRB_AP_ERR_SKEW;
142178825Sdfr	    goto failure_part;
143178825Sdfr	}
144178825Sdfr    }
14555682Smarkm
146178825Sdfr    /* XXX - check replay cache */
14755682Smarkm
148178825Sdfr    /* check sequence number. since MIT krb5 cannot generate a sequence
149178825Sdfr       number of zero but instead generates no sequence number, we accept that
150178825Sdfr    */
15172445Sassar
152178825Sdfr    if (auth_context->flags & KRB5_AUTH_CONTEXT_DO_SEQUENCE) {
153178825Sdfr	if ((part.seq_number == NULL
154178825Sdfr	     && auth_context->remote_seqnumber != 0)
155178825Sdfr	    || (part.seq_number != NULL
156178825Sdfr		&& *part.seq_number != auth_context->remote_seqnumber)) {
157233294Sstas	    krb5_clear_error_message (context);
158178825Sdfr	    ret = KRB5KRB_AP_ERR_BADORDER;
159178825Sdfr	    goto failure_part;
160178825Sdfr	}
161178825Sdfr	auth_context->remote_seqnumber++;
162178825Sdfr    }
16355682Smarkm
164178825Sdfr    ret = krb5_data_copy (outbuf, part.user_data.data, part.user_data.length);
165178825Sdfr    if (ret)
166178825Sdfr	goto failure_part;
16755682Smarkm
168233294Sstas    if ((auth_context->flags &
169178825Sdfr	 (KRB5_AUTH_CONTEXT_RET_TIME | KRB5_AUTH_CONTEXT_RET_SEQUENCE))) {
170178825Sdfr	if(part.timestamp)
171178825Sdfr	    outdata->timestamp = *part.timestamp;
172178825Sdfr	if(part.usec)
173178825Sdfr	    outdata->usec = *part.usec;
174178825Sdfr	if(part.seq_number)
175178825Sdfr	    outdata->seq = *part.seq_number;
176178825Sdfr    }
17755682Smarkm
178178825Sdfr  failure_part:
179178825Sdfr    free_EncKrbPrivPart (&part);
18055682Smarkm
181178825Sdfr  failure:
182178825Sdfr    free_KRB_PRIV (&priv);
183178825Sdfr    return ret;
18455682Smarkm}
185