1/* tls_g.c - Handle tls/ssl using GNUTLS. */ 2/* $OpenLDAP$ */ 3/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 * 5 * Copyright 2008-2011 The OpenLDAP Foundation. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted only as authorized by the OpenLDAP 10 * Public License. 11 * 12 * A copy of this license is available in the file LICENSE in the 13 * top-level directory of the distribution or, alternatively, at 14 * <http://www.OpenLDAP.org/license.html>. 15 */ 16/* ACKNOWLEDGEMENTS: GNUTLS support written by Howard Chu and 17 * Matt Backes; sponsored by The Written Word (thewrittenword.com) 18 * and Stanford University (stanford.edu). 19 */ 20 21#include "portable.h" 22 23#ifdef HAVE_GNUTLS 24 25#include "ldap_config.h" 26 27#include <stdio.h> 28 29#include <ac/stdlib.h> 30#include <ac/errno.h> 31#include <ac/socket.h> 32#include <ac/string.h> 33#include <ac/ctype.h> 34#include <ac/time.h> 35#include <ac/unistd.h> 36#include <ac/param.h> 37#include <ac/dirent.h> 38#include <sys/stat.h> 39#include <fcntl.h> 40 41#include "ldap-int.h" 42#include "ldap-tls.h" 43 44#include <gnutls/gnutls.h> 45#include <gnutls/x509.h> 46#include <gcrypt.h> 47 48#define DH_BITS (1024) 49 50#if LIBGNUTLS_VERSION_NUMBER >= 0x020200 51#define HAVE_CIPHERSUITES 1 52/* This is a kludge. gcrypt 1.4.x has support. Recent GnuTLS requires gcrypt 1.4.x 53 * but that dependency isn't reflected in their configure script, resulting in 54 * build errors on older gcrypt. So, if they have a working build environment, 55 * assume gcrypt is new enough. 56 */ 57#define HAVE_GCRYPT_RAND 1 58#else 59#undef HAVE_CIPHERSUITES 60#undef HAVE_GCRYPT_RAND 61#endif 62 63#ifndef HAVE_CIPHERSUITES 64/* Versions prior to 2.2.0 didn't handle cipher suites, so we had to 65 * kludge them ourselves. 66 */ 67typedef struct tls_cipher_suite { 68 const char *name; 69 gnutls_kx_algorithm_t kx; 70 gnutls_cipher_algorithm_t cipher; 71 gnutls_mac_algorithm_t mac; 72 gnutls_protocol_t version; 73} tls_cipher_suite; 74#endif 75 76typedef struct tlsg_ctx { 77 struct ldapoptions *lo; 78 gnutls_certificate_credentials_t cred; 79 gnutls_dh_params_t dh_params; 80 unsigned long verify_depth; 81 int refcount; 82#ifdef HAVE_CIPHERSUITES 83 gnutls_priority_t prios; 84#else 85 int *kx_list; 86 int *cipher_list; 87 int *mac_list; 88#endif 89#ifdef LDAP_R_COMPILE 90 ldap_pvt_thread_mutex_t ref_mutex; 91#endif 92} tlsg_ctx; 93 94typedef struct tlsg_session { 95 gnutls_session_t session; 96 tlsg_ctx *ctx; 97 struct berval peer_der_dn; 98} tlsg_session; 99 100#ifndef HAVE_CIPHERSUITES 101static tls_cipher_suite *tlsg_ciphers; 102static int tlsg_n_ciphers; 103#endif 104 105static int tlsg_parse_ciphers( tlsg_ctx *ctx, char *suites ); 106static int tlsg_cert_verify( tlsg_session *s ); 107 108#ifdef LDAP_R_COMPILE 109 110static int 111tlsg_mutex_init( void **priv ) 112{ 113 int err = 0; 114 ldap_pvt_thread_mutex_t *lock = LDAP_MALLOC( sizeof( ldap_pvt_thread_mutex_t )); 115 116 if ( !lock ) 117 err = ENOMEM; 118 if ( !err ) { 119 err = ldap_pvt_thread_mutex_init( lock ); 120 if ( err ) 121 LDAP_FREE( lock ); 122 else 123 *priv = lock; 124 } 125 return err; 126} 127 128static int 129tlsg_mutex_destroy( void **lock ) 130{ 131 int err = ldap_pvt_thread_mutex_destroy( *lock ); 132 LDAP_FREE( *lock ); 133 return err; 134} 135 136static int 137tlsg_mutex_lock( void **lock ) 138{ 139 return ldap_pvt_thread_mutex_lock( *lock ); 140} 141 142static int 143tlsg_mutex_unlock( void **lock ) 144{ 145 return ldap_pvt_thread_mutex_unlock( *lock ); 146} 147 148static struct gcry_thread_cbs tlsg_thread_cbs = { 149 GCRY_THREAD_OPTION_USER, 150 NULL, 151 tlsg_mutex_init, 152 tlsg_mutex_destroy, 153 tlsg_mutex_lock, 154 tlsg_mutex_unlock, 155 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL 156}; 157 158static void 159tlsg_thr_init( void ) 160{ 161 gcry_control (GCRYCTL_SET_THREAD_CBS, &tlsg_thread_cbs); 162} 163#endif /* LDAP_R_COMPILE */ 164 165/* 166 * Initialize TLS subsystem. Should be called only once. 167 */ 168static int 169tlsg_init( void ) 170{ 171#ifdef HAVE_GCRYPT_RAND 172 struct ldapoptions *lo = LDAP_INT_GLOBAL_OPT(); 173 if ( lo->ldo_tls_randfile && 174 gcry_control( GCRYCTL_SET_RNDEGD_SOCKET, lo->ldo_tls_randfile )) { 175 Debug( LDAP_DEBUG_ANY, 176 "TLS: gcry_control GCRYCTL_SET_RNDEGD_SOCKET failed\n", 177 0, 0, 0); 178 return -1; 179 } 180#endif 181 182 gnutls_global_init(); 183 184#ifndef HAVE_CIPHERSUITES 185 /* GNUtls cipher suite handling: The library ought to parse suite 186 * names for us, but it doesn't. It will return a list of suite names 187 * that it supports, so we can do parsing ourselves. It ought to tell 188 * us how long the list is, but it doesn't do that either, so we just 189 * have to count it manually... 190 */ 191 { 192 int i = 0; 193 tls_cipher_suite *ptr, tmp; 194 char cs_id[2]; 195 196 while ( gnutls_cipher_suite_info( i, cs_id, &tmp.kx, &tmp.cipher, 197 &tmp.mac, &tmp.version )) 198 i++; 199 tlsg_n_ciphers = i; 200 201 /* Store a copy */ 202 tlsg_ciphers = LDAP_MALLOC(tlsg_n_ciphers * sizeof(tls_cipher_suite)); 203 if ( !tlsg_ciphers ) 204 return -1; 205 for ( i=0; i<tlsg_n_ciphers; i++ ) { 206 tlsg_ciphers[i].name = gnutls_cipher_suite_info( i, cs_id, 207 &tlsg_ciphers[i].kx, &tlsg_ciphers[i].cipher, &tlsg_ciphers[i].mac, 208 &tlsg_ciphers[i].version ); 209 } 210 } 211#endif 212 return 0; 213} 214 215/* 216 * Tear down the TLS subsystem. Should only be called once. 217 */ 218static void 219tlsg_destroy( void ) 220{ 221#ifndef HAVE_CIPHERSUITES 222 LDAP_FREE( tlsg_ciphers ); 223 tlsg_ciphers = NULL; 224 tlsg_n_ciphers = 0; 225#endif 226 gnutls_global_deinit(); 227} 228 229static tls_ctx * 230tlsg_ctx_new ( struct ldapoptions *lo ) 231{ 232 tlsg_ctx *ctx; 233 234 ctx = ber_memcalloc ( 1, sizeof (*ctx) ); 235 if ( ctx ) { 236 ctx->lo = lo; 237 if ( gnutls_certificate_allocate_credentials( &ctx->cred )) { 238 ber_memfree( ctx ); 239 return NULL; 240 } 241 ctx->refcount = 1; 242#ifdef HAVE_CIPHERSUITES 243 gnutls_priority_init( &ctx->prios, "NORMAL", NULL ); 244#endif 245#ifdef LDAP_R_COMPILE 246 ldap_pvt_thread_mutex_init( &ctx->ref_mutex ); 247#endif 248 } 249 return (tls_ctx *)ctx; 250} 251 252static void 253tlsg_ctx_ref( tls_ctx *ctx ) 254{ 255 tlsg_ctx *c = (tlsg_ctx *)ctx; 256 LDAP_MUTEX_LOCK( &c->ref_mutex ); 257 c->refcount++; 258 LDAP_MUTEX_UNLOCK( &c->ref_mutex ); 259} 260 261static void 262tlsg_ctx_free ( tls_ctx *ctx ) 263{ 264 tlsg_ctx *c = (tlsg_ctx *)ctx; 265 int refcount; 266 267 if ( !c ) return; 268 269 LDAP_MUTEX_LOCK( &c->ref_mutex ); 270 refcount = --c->refcount; 271 LDAP_MUTEX_UNLOCK( &c->ref_mutex ); 272 if ( refcount ) 273 return; 274#ifdef HAVE_CIPHERSUITES 275 gnutls_priority_deinit( c->prios ); 276#else 277 LDAP_FREE( c->kx_list ); 278#endif 279 gnutls_certificate_free_credentials( c->cred ); 280 ber_memfree ( c ); 281} 282 283static int 284tlsg_getfile( const char *path, gnutls_datum_t *buf ) 285{ 286 int rc = -1, fd; 287 struct stat st; 288 289 fd = open( path, O_RDONLY ); 290 if ( fd >= 0 && fstat( fd, &st ) == 0 ) { 291 buf->size = st.st_size; 292 buf->data = LDAP_MALLOC( st.st_size + 1 ); 293 if ( buf->data ) { 294 rc = read( fd, buf->data, st.st_size ); 295 close( fd ); 296 if ( rc < st.st_size ) 297 rc = -1; 298 else 299 rc = 0; 300 } 301 } 302 return rc; 303} 304 305/* This is the GnuTLS default */ 306#define VERIFY_DEPTH 6 307 308/* 309 * initialize a new TLS context 310 */ 311static int 312tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server ) 313{ 314 tlsg_ctx *ctx = lo->ldo_tls_ctx; 315 int rc; 316 317 if ( lo->ldo_tls_ciphersuite && 318 tlsg_parse_ciphers( ctx, lt->lt_ciphersuite )) { 319 Debug( LDAP_DEBUG_ANY, 320 "TLS: could not set cipher list %s.\n", 321 lo->ldo_tls_ciphersuite, 0, 0 ); 322 return -1; 323 } 324 325 if (lo->ldo_tls_cacertdir != NULL) { 326 Debug( LDAP_DEBUG_ANY, 327 "TLS: warning: cacertdir not implemented for gnutls\n", 328 NULL, NULL, NULL ); 329 } 330 331 if (lo->ldo_tls_cacertfile != NULL) { 332 rc = gnutls_certificate_set_x509_trust_file( 333 ctx->cred, 334 lt->lt_cacertfile, 335 GNUTLS_X509_FMT_PEM ); 336 if ( rc < 0 ) return -1; 337 } 338 339 if ( lo->ldo_tls_certfile && lo->ldo_tls_keyfile ) { 340 gnutls_x509_privkey_t key; 341 gnutls_datum_t buf; 342 gnutls_x509_crt_t certs[VERIFY_DEPTH]; 343 unsigned int max = VERIFY_DEPTH; 344 345 rc = gnutls_x509_privkey_init( &key ); 346 if ( rc ) return -1; 347 348 /* OpenSSL builds the cert chain for us, but GnuTLS 349 * expects it to be present in the certfile. If it's 350 * not, we have to build it ourselves. So we have to 351 * do some special checks here... 352 */ 353 rc = tlsg_getfile( lt->lt_keyfile, &buf ); 354 if ( rc ) return -1; 355 rc = gnutls_x509_privkey_import( key, &buf, 356 GNUTLS_X509_FMT_PEM ); 357 LDAP_FREE( buf.data ); 358 if ( rc < 0 ) return rc; 359 360 rc = tlsg_getfile( lt->lt_certfile, &buf ); 361 if ( rc ) return -1; 362 rc = gnutls_x509_crt_list_import( certs, &max, &buf, 363 GNUTLS_X509_FMT_PEM, 0 ); 364 LDAP_FREE( buf.data ); 365 if ( rc < 0 ) return rc; 366 367 /* If there's only one cert and it's not self-signed, 368 * then we have to build the cert chain. 369 */ 370 if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) { 371 gnutls_x509_crt_t *cas; 372 unsigned int i, j, ncas; 373 374 gnutls_certificate_get_x509_cas( ctx->cred, &cas, &ncas ); 375 for ( i = 1; i<VERIFY_DEPTH; i++ ) { 376 for ( j = 0; j<ncas; j++ ) { 377 if ( gnutls_x509_crt_check_issuer( certs[i-1], cas[j] )) { 378 certs[i] = cas[j]; 379 max++; 380 /* If this CA is self-signed, we're done */ 381 if ( gnutls_x509_crt_check_issuer( cas[j], cas[j] )) 382 j = ncas; 383 break; 384 } 385 } 386 /* only continue if we found a CA and it was not self-signed */ 387 if ( j == ncas ) 388 break; 389 } 390 } 391 rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key ); 392 if ( rc ) return -1; 393 } else if ( lo->ldo_tls_certfile || lo->ldo_tls_keyfile ) { 394 Debug( LDAP_DEBUG_ANY, 395 "TLS: only one of certfile and keyfile specified\n", 396 NULL, NULL, NULL ); 397 return -1; 398 } 399 400 if ( lo->ldo_tls_dhfile ) { 401 Debug( LDAP_DEBUG_ANY, 402 "TLS: warning: ignoring dhfile\n", 403 NULL, NULL, NULL ); 404 } 405 406 if ( lo->ldo_tls_crlfile ) { 407 rc = gnutls_certificate_set_x509_crl_file( 408 ctx->cred, 409 lt->lt_crlfile, 410 GNUTLS_X509_FMT_PEM ); 411 if ( rc < 0 ) return -1; 412 rc = 0; 413 } 414 415 /* FIXME: ITS#5992 - this should go be configurable, 416 * and V1 CA certs should be phased out ASAP. 417 */ 418 gnutls_certificate_set_verify_flags( ctx->cred, 419 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT ); 420 421 if ( is_server ) { 422 gnutls_dh_params_init(&ctx->dh_params); 423 gnutls_dh_params_generate2(ctx->dh_params, DH_BITS); 424 } 425 return 0; 426} 427 428static tls_session * 429tlsg_session_new ( tls_ctx * ctx, int is_server ) 430{ 431 tlsg_ctx *c = (tlsg_ctx *)ctx; 432 tlsg_session *session; 433 434 session = ber_memcalloc ( 1, sizeof (*session) ); 435 if ( !session ) 436 return NULL; 437 438 session->ctx = c; 439 gnutls_init( &session->session, is_server ? GNUTLS_SERVER : GNUTLS_CLIENT ); 440#ifdef HAVE_CIPHERSUITES 441 gnutls_priority_set( session->session, c->prios ); 442#else 443 gnutls_set_default_priority( session->session ); 444 if ( c->kx_list ) { 445 gnutls_kx_set_priority( session->session, c->kx_list ); 446 gnutls_cipher_set_priority( session->session, c->cipher_list ); 447 gnutls_mac_set_priority( session->session, c->mac_list ); 448 } 449#endif 450 if ( c->cred ) 451 gnutls_credentials_set( session->session, GNUTLS_CRD_CERTIFICATE, c->cred ); 452 453 if ( is_server ) { 454 int flag = 0; 455 if ( c->lo->ldo_tls_require_cert ) { 456 flag = GNUTLS_CERT_REQUEST; 457 if ( c->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_DEMAND || 458 c->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_HARD ) 459 flag = GNUTLS_CERT_REQUIRE; 460 gnutls_certificate_server_set_request( session->session, flag ); 461 } 462 } 463 return (tls_session *)session; 464} 465 466static int 467tlsg_session_accept( tls_session *session ) 468{ 469 tlsg_session *s = (tlsg_session *)session; 470 int rc; 471 472 rc = gnutls_handshake( s->session ); 473 if ( rc == 0 && s->ctx->lo->ldo_tls_require_cert != LDAP_OPT_X_TLS_NEVER ) { 474 const gnutls_datum_t *peer_cert_list; 475 unsigned int list_size; 476 477 peer_cert_list = gnutls_certificate_get_peers( s->session, 478 &list_size ); 479 if ( !peer_cert_list && s->ctx->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_TRY ) 480 rc = 0; 481 else { 482 rc = tlsg_cert_verify( s ); 483 if ( rc && s->ctx->lo->ldo_tls_require_cert == LDAP_OPT_X_TLS_ALLOW ) 484 rc = 0; 485 } 486 } 487 return rc; 488} 489 490static int 491tlsg_session_connect( LDAP *ld, tls_session *session ) 492{ 493 return tlsg_session_accept( session); 494} 495 496static int 497tlsg_session_upflags( Sockbuf *sb, tls_session *session, int rc ) 498{ 499 tlsg_session *s = (tlsg_session *)session; 500 501 if ( rc != GNUTLS_E_INTERRUPTED && rc != GNUTLS_E_AGAIN ) 502 return 0; 503 504 switch (gnutls_record_get_direction (s->session)) { 505 case 0: 506 sb->sb_trans_needs_read = 1; 507 return 1; 508 case 1: 509 sb->sb_trans_needs_write = 1; 510 return 1; 511 } 512 return 0; 513} 514 515static char * 516tlsg_session_errmsg( tls_session *sess, int rc, char *buf, size_t len ) 517{ 518 return (char *)gnutls_strerror( rc ); 519} 520 521static void 522tlsg_x509_cert_dn( struct berval *cert, struct berval *dn, int get_subject ) 523{ 524 BerElementBuffer berbuf; 525 BerElement *ber = (BerElement *)&berbuf; 526 ber_tag_t tag; 527 ber_len_t len; 528 ber_int_t i; 529 530 ber_init2( ber, cert, LBER_USE_DER ); 531 tag = ber_skip_tag( ber, &len ); /* Sequence */ 532 tag = ber_skip_tag( ber, &len ); /* Sequence */ 533 tag = ber_peek_tag( ber, &len ); /* Context + Constructed (version) */ 534 if ( tag == 0xa0 ) { /* Version is optional */ 535 tag = ber_skip_tag( ber, &len ); 536 tag = ber_get_int( ber, &i ); /* Int: Version */ 537 } 538 tag = ber_skip_tag( ber, &len ); /* Int: Serial (can be longer than ber_int_t) */ 539 ber_skip_data( ber, len ); 540 tag = ber_skip_tag( ber, &len ); /* Sequence: Signature */ 541 ber_skip_data( ber, len ); 542 if ( !get_subject ) { 543 tag = ber_peek_tag( ber, &len ); /* Sequence: Issuer DN */ 544 } else { 545 tag = ber_skip_tag( ber, &len ); 546 ber_skip_data( ber, len ); 547 tag = ber_skip_tag( ber, &len ); /* Sequence: Validity */ 548 ber_skip_data( ber, len ); 549 tag = ber_peek_tag( ber, &len ); /* Sequence: Subject DN */ 550 } 551 len = ber_ptrlen( ber ); 552 dn->bv_val = cert->bv_val + len; 553 dn->bv_len = cert->bv_len - len; 554} 555 556static int 557tlsg_session_my_dn( tls_session *session, struct berval *der_dn ) 558{ 559 tlsg_session *s = (tlsg_session *)session; 560 const gnutls_datum_t *x; 561 struct berval bv; 562 563 x = gnutls_certificate_get_ours( s->session ); 564 565 if (!x) return LDAP_INVALID_CREDENTIALS; 566 567 bv.bv_val = (char *) x->data; 568 bv.bv_len = x->size; 569 570 tlsg_x509_cert_dn( &bv, der_dn, 1 ); 571 return 0; 572} 573 574static int 575tlsg_session_peer_dn( tls_session *session, struct berval *der_dn ) 576{ 577 tlsg_session *s = (tlsg_session *)session; 578 if ( !s->peer_der_dn.bv_val ) { 579 const gnutls_datum_t *peer_cert_list; 580 unsigned int list_size; 581 struct berval bv; 582 583 peer_cert_list = gnutls_certificate_get_peers( s->session, 584 &list_size ); 585 if ( !peer_cert_list ) return LDAP_INVALID_CREDENTIALS; 586 587 bv.bv_len = peer_cert_list->size; 588 bv.bv_val = (char *) peer_cert_list->data; 589 590 tlsg_x509_cert_dn( &bv, &s->peer_der_dn, 1 ); 591 } 592 *der_dn = s->peer_der_dn; 593 return 0; 594} 595 596/* what kind of hostname were we given? */ 597#define IS_DNS 0 598#define IS_IP4 1 599#define IS_IP6 2 600 601#define CN_OID "2.5.4.3" 602 603static int 604tlsg_session_chkhost( LDAP *ld, tls_session *session, const char *name_in ) 605{ 606 tlsg_session *s = (tlsg_session *)session; 607 int i, ret; 608 const gnutls_datum_t *peer_cert_list; 609 unsigned int list_size; 610 char altname[NI_MAXHOST]; 611 size_t altnamesize; 612 613 gnutls_x509_crt_t cert; 614 const char *name; 615 char *ptr; 616 char *domain = NULL; 617#ifdef LDAP_PF_INET6 618 struct in6_addr addr; 619#else 620 struct in_addr addr; 621#endif 622 int len1 = 0, len2 = 0; 623 int ntype = IS_DNS; 624 625 if( ldap_int_hostname && 626 ( !name_in || !strcasecmp( name_in, "localhost" ) ) ) 627 { 628 name = ldap_int_hostname; 629 } else { 630 name = name_in; 631 } 632 633 peer_cert_list = gnutls_certificate_get_peers( s->session, 634 &list_size ); 635 if ( !peer_cert_list ) { 636 Debug( LDAP_DEBUG_ANY, 637 "TLS: unable to get peer certificate.\n", 638 0, 0, 0 ); 639 /* If this was a fatal condition, things would have 640 * aborted long before now. 641 */ 642 return LDAP_SUCCESS; 643 } 644 ret = gnutls_x509_crt_init( &cert ); 645 if ( ret < 0 ) 646 return LDAP_LOCAL_ERROR; 647 ret = gnutls_x509_crt_import( cert, peer_cert_list, GNUTLS_X509_FMT_DER ); 648 if ( ret ) { 649 gnutls_x509_crt_deinit( cert ); 650 return LDAP_LOCAL_ERROR; 651 } 652 653#ifdef LDAP_PF_INET6 654 if (name[0] == '[' && strchr(name, ']')) { 655 char *n2 = ldap_strdup(name+1); 656 *strchr(n2, ']') = 0; 657 if (inet_pton(AF_INET6, n2, &addr)) 658 ntype = IS_IP6; 659 LDAP_FREE(n2); 660 } else 661#endif 662 if ((ptr = strrchr(name, '.')) && isdigit((unsigned char)ptr[1])) { 663 if (inet_aton(name, (struct in_addr *)&addr)) ntype = IS_IP4; 664 } 665 666 if (ntype == IS_DNS) { 667 len1 = strlen(name); 668 domain = strchr(name, '.'); 669 if (domain) { 670 len2 = len1 - (domain-name); 671 } 672 } 673 674 for ( i=0, ret=0; ret >= 0; i++ ) { 675 altnamesize = sizeof(altname); 676 ret = gnutls_x509_crt_get_subject_alt_name( cert, i, 677 altname, &altnamesize, NULL ); 678 if ( ret < 0 ) break; 679 680 /* ignore empty */ 681 if ( altnamesize == 0 ) continue; 682 683 if ( ret == GNUTLS_SAN_DNSNAME ) { 684 if (ntype != IS_DNS) continue; 685 686 /* Is this an exact match? */ 687 if ((len1 == altnamesize) && !strncasecmp(name, altname, len1)) { 688 break; 689 } 690 691 /* Is this a wildcard match? */ 692 if (domain && (altname[0] == '*') && (altname[1] == '.') && 693 (len2 == altnamesize-1) && !strncasecmp(domain, &altname[1], len2)) 694 { 695 break; 696 } 697 } else if ( ret == GNUTLS_SAN_IPADDRESS ) { 698 if (ntype == IS_DNS) continue; 699 700#ifdef LDAP_PF_INET6 701 if (ntype == IS_IP6 && altnamesize != sizeof(struct in6_addr)) { 702 continue; 703 } else 704#endif 705 if (ntype == IS_IP4 && altnamesize != sizeof(struct in_addr)) { 706 continue; 707 } 708 if (!memcmp(altname, &addr, altnamesize)) { 709 break; 710 } 711 } 712 } 713 if ( ret >= 0 ) { 714 ret = LDAP_SUCCESS; 715 } else { 716 /* find the last CN */ 717 i=0; 718 do { 719 altnamesize = 0; 720 ret = gnutls_x509_crt_get_dn_by_oid( cert, CN_OID, 721 i, 1, altname, &altnamesize ); 722 if ( ret == GNUTLS_E_SHORT_MEMORY_BUFFER ) 723 i++; 724 else 725 break; 726 } while ( 1 ); 727 728 if ( i ) { 729 altnamesize = sizeof(altname); 730 ret = gnutls_x509_crt_get_dn_by_oid( cert, CN_OID, 731 i-1, 0, altname, &altnamesize ); 732 } 733 734 if ( ret < 0 ) { 735 Debug( LDAP_DEBUG_ANY, 736 "TLS: unable to get common name from peer certificate.\n", 737 0, 0, 0 ); 738 ret = LDAP_CONNECT_ERROR; 739 if ( ld->ld_error ) { 740 LDAP_FREE( ld->ld_error ); 741 } 742 ld->ld_error = LDAP_STRDUP( 743 _("TLS: unable to get CN from peer certificate")); 744 745 } else { 746 ret = LDAP_LOCAL_ERROR; 747 if ( !len1 ) len1 = strlen( name ); 748 if ( len1 == altnamesize && strncasecmp(name, altname, altnamesize) == 0 ) { 749 ret = LDAP_SUCCESS; 750 751 } else if (( altname[0] == '*' ) && ( altname[1] == '.' )) { 752 /* Is this a wildcard match? */ 753 if( domain && 754 (len2 == altnamesize-1) && !strncasecmp(domain, &altname[1], len2)) { 755 ret = LDAP_SUCCESS; 756 } 757 } 758 } 759 760 if( ret == LDAP_LOCAL_ERROR ) { 761 altname[altnamesize] = '\0'; 762 Debug( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match " 763 "common name in certificate (%s).\n", 764 name, altname, 0 ); 765 ret = LDAP_CONNECT_ERROR; 766 if ( ld->ld_error ) { 767 LDAP_FREE( ld->ld_error ); 768 } 769 ld->ld_error = LDAP_STRDUP( 770 _("TLS: hostname does not match CN in peer certificate")); 771 } 772 } 773 gnutls_x509_crt_deinit( cert ); 774 return ret; 775} 776 777static int 778tlsg_session_strength( tls_session *session ) 779{ 780 tlsg_session *s = (tlsg_session *)session; 781 gnutls_cipher_algorithm_t c; 782 783 c = gnutls_cipher_get( s->session ); 784 return gnutls_cipher_get_key_size( c ) * 8; 785} 786 787/* suites is a string of colon-separated cipher suite names. */ 788static int 789tlsg_parse_ciphers( tlsg_ctx *ctx, char *suites ) 790{ 791#ifdef HAVE_CIPHERSUITES 792 const char *err; 793 return gnutls_priority_init( &ctx->prios, suites, &err ); 794#else 795 char *ptr, *end; 796 int i, j, len, num; 797 int *list, nkx = 0, ncipher = 0, nmac = 0; 798 int *kx, *cipher, *mac; 799 800 num = 0; 801 ptr = suites; 802 do { 803 end = strchr(ptr, ':'); 804 if ( end ) 805 len = end - ptr; 806 else 807 len = strlen(ptr); 808 for (i=0; i<tlsg_n_ciphers; i++) { 809 if ( !strncasecmp( tlsg_ciphers[i].name, ptr, len )) { 810 num++; 811 break; 812 } 813 } 814 if ( i == tlsg_n_ciphers ) { 815 /* unrecognized cipher suite */ 816 return -1; 817 } 818 ptr += len + 1; 819 } while (end); 820 821 /* Space for all 3 lists */ 822 list = LDAP_MALLOC( (num+1) * sizeof(int) * 3 ); 823 if ( !list ) 824 return -1; 825 kx = list; 826 cipher = kx+num+1; 827 mac = cipher+num+1; 828 829 ptr = suites; 830 do { 831 end = strchr(ptr, ':'); 832 if ( end ) 833 len = end - ptr; 834 else 835 len = strlen(ptr); 836 for (i=0; i<tlsg_n_ciphers; i++) { 837 /* For each cipher suite, insert its algorithms into 838 * their respective priority lists. Make sure they 839 * only appear once in each list. 840 */ 841 if ( !strncasecmp( tlsg_ciphers[i].name, ptr, len )) { 842 for (j=0; j<nkx; j++) 843 if ( kx[j] == tlsg_ciphers[i].kx ) 844 break; 845 if ( j == nkx ) 846 kx[nkx++] = tlsg_ciphers[i].kx; 847 for (j=0; j<ncipher; j++) 848 if ( cipher[j] == tlsg_ciphers[i].cipher ) 849 break; 850 if ( j == ncipher ) 851 cipher[ncipher++] = tlsg_ciphers[i].cipher; 852 for (j=0; j<nmac; j++) 853 if ( mac[j] == tlsg_ciphers[i].mac ) 854 break; 855 if ( j == nmac ) 856 mac[nmac++] = tlsg_ciphers[i].mac; 857 break; 858 } 859 } 860 ptr += len + 1; 861 } while (end); 862 kx[nkx] = 0; 863 cipher[ncipher] = 0; 864 mac[nmac] = 0; 865 ctx->kx_list = kx; 866 ctx->cipher_list = cipher; 867 ctx->mac_list = mac; 868 return 0; 869#endif 870} 871 872/* 873 * TLS support for LBER Sockbufs 874 */ 875 876struct tls_data { 877 tlsg_session *session; 878 Sockbuf_IO_Desc *sbiod; 879}; 880 881static ssize_t 882tlsg_recv( gnutls_transport_ptr_t ptr, void *buf, size_t len ) 883{ 884 struct tls_data *p; 885 886 if ( buf == NULL || len <= 0 ) return 0; 887 888 p = (struct tls_data *)ptr; 889 890 if ( p == NULL || p->sbiod == NULL ) { 891 return 0; 892 } 893 894 return LBER_SBIOD_READ_NEXT( p->sbiod, buf, len ); 895} 896 897static ssize_t 898tlsg_send( gnutls_transport_ptr_t ptr, const void *buf, size_t len ) 899{ 900 struct tls_data *p; 901 902 if ( buf == NULL || len <= 0 ) return 0; 903 904 p = (struct tls_data *)ptr; 905 906 if ( p == NULL || p->sbiod == NULL ) { 907 return 0; 908 } 909 910 return LBER_SBIOD_WRITE_NEXT( p->sbiod, (char *)buf, len ); 911} 912 913static int 914tlsg_sb_setup( Sockbuf_IO_Desc *sbiod, void *arg ) 915{ 916 struct tls_data *p; 917 tlsg_session *session = arg; 918 919 assert( sbiod != NULL ); 920 921 p = LBER_MALLOC( sizeof( *p ) ); 922 if ( p == NULL ) { 923 return -1; 924 } 925 926 gnutls_transport_set_ptr( session->session, (gnutls_transport_ptr)p ); 927 gnutls_transport_set_pull_function( session->session, tlsg_recv ); 928 gnutls_transport_set_push_function( session->session, tlsg_send ); 929 p->session = session; 930 p->sbiod = sbiod; 931 sbiod->sbiod_pvt = p; 932 return 0; 933} 934 935static int 936tlsg_sb_remove( Sockbuf_IO_Desc *sbiod ) 937{ 938 struct tls_data *p; 939 940 assert( sbiod != NULL ); 941 assert( sbiod->sbiod_pvt != NULL ); 942 943 p = (struct tls_data *)sbiod->sbiod_pvt; 944 gnutls_deinit ( p->session->session ); 945 LBER_FREE( p->session ); 946 LBER_FREE( sbiod->sbiod_pvt ); 947 sbiod->sbiod_pvt = NULL; 948 return 0; 949} 950 951static int 952tlsg_sb_close( Sockbuf_IO_Desc *sbiod ) 953{ 954 struct tls_data *p; 955 956 assert( sbiod != NULL ); 957 assert( sbiod->sbiod_pvt != NULL ); 958 959 p = (struct tls_data *)sbiod->sbiod_pvt; 960 gnutls_bye ( p->session->session, GNUTLS_SHUT_WR ); 961 return 0; 962} 963 964static int 965tlsg_sb_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg ) 966{ 967 struct tls_data *p; 968 969 assert( sbiod != NULL ); 970 assert( sbiod->sbiod_pvt != NULL ); 971 972 p = (struct tls_data *)sbiod->sbiod_pvt; 973 974 if ( opt == LBER_SB_OPT_GET_SSL ) { 975 *((tlsg_session **)arg) = p->session; 976 return 1; 977 978 } else if ( opt == LBER_SB_OPT_DATA_READY ) { 979 if( gnutls_record_check_pending( p->session->session ) > 0 ) { 980 return 1; 981 } 982 } 983 984 return LBER_SBIOD_CTRL_NEXT( sbiod, opt, arg ); 985} 986 987static ber_slen_t 988tlsg_sb_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len) 989{ 990 struct tls_data *p; 991 ber_slen_t ret; 992 993 assert( sbiod != NULL ); 994 assert( SOCKBUF_VALID( sbiod->sbiod_sb ) ); 995 996 p = (struct tls_data *)sbiod->sbiod_pvt; 997 998 ret = gnutls_record_recv ( p->session->session, buf, len ); 999 switch (ret) { 1000 case GNUTLS_E_INTERRUPTED: 1001 case GNUTLS_E_AGAIN: 1002 sbiod->sbiod_sb->sb_trans_needs_read = 1; 1003 sock_errset(EWOULDBLOCK); 1004 ret = 0; 1005 break; 1006 case GNUTLS_E_REHANDSHAKE: 1007 for ( ret = gnutls_handshake ( p->session->session ); 1008 ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN; 1009 ret = gnutls_handshake ( p->session->session ) ); 1010 sbiod->sbiod_sb->sb_trans_needs_read = 1; 1011 ret = 0; 1012 break; 1013 default: 1014 sbiod->sbiod_sb->sb_trans_needs_read = 0; 1015 } 1016 return ret; 1017} 1018 1019static ber_slen_t 1020tlsg_sb_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len) 1021{ 1022 struct tls_data *p; 1023 ber_slen_t ret; 1024 1025 assert( sbiod != NULL ); 1026 assert( SOCKBUF_VALID( sbiod->sbiod_sb ) ); 1027 1028 p = (struct tls_data *)sbiod->sbiod_pvt; 1029 1030 ret = gnutls_record_send ( p->session->session, (char *)buf, len ); 1031 1032 if ( ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN ) { 1033 sbiod->sbiod_sb->sb_trans_needs_write = 1; 1034 sock_errset(EWOULDBLOCK); 1035 ret = 0; 1036 } else { 1037 sbiod->sbiod_sb->sb_trans_needs_write = 0; 1038 } 1039 return ret; 1040} 1041 1042static Sockbuf_IO tlsg_sbio = 1043{ 1044 tlsg_sb_setup, /* sbi_setup */ 1045 tlsg_sb_remove, /* sbi_remove */ 1046 tlsg_sb_ctrl, /* sbi_ctrl */ 1047 tlsg_sb_read, /* sbi_read */ 1048 tlsg_sb_write, /* sbi_write */ 1049 tlsg_sb_close /* sbi_close */ 1050}; 1051 1052/* Certs are not automatically varified during the handshake */ 1053static int 1054tlsg_cert_verify( tlsg_session *ssl ) 1055{ 1056 unsigned int status = 0; 1057 int err; 1058 time_t now = time(0); 1059 time_t peertime; 1060 1061 err = gnutls_certificate_verify_peers2( ssl->session, &status ); 1062 if ( err < 0 ) { 1063 Debug( LDAP_DEBUG_ANY,"TLS: gnutls_certificate_verify_peers2 failed %d\n", 1064 err,0,0 ); 1065 return -1; 1066 } 1067 if ( status ) { 1068 Debug( LDAP_DEBUG_TRACE,"TLS: peer cert untrusted or revoked (0x%x)\n", 1069 status, 0,0 ); 1070 return -1; 1071 } 1072 peertime = gnutls_certificate_expiration_time_peers( ssl->session ); 1073 if ( peertime == (time_t) -1 ) { 1074 Debug( LDAP_DEBUG_ANY, "TLS: gnutls_certificate_expiration_time_peers failed\n", 1075 0, 0, 0 ); 1076 return -1; 1077 } 1078 if ( peertime < now ) { 1079 Debug( LDAP_DEBUG_ANY, "TLS: peer certificate is expired\n", 1080 0, 0, 0 ); 1081 return -1; 1082 } 1083 peertime = gnutls_certificate_activation_time_peers( ssl->session ); 1084 if ( peertime == (time_t) -1 ) { 1085 Debug( LDAP_DEBUG_ANY, "TLS: gnutls_certificate_activation_time_peers failed\n", 1086 0, 0, 0 ); 1087 return -1; 1088 } 1089 if ( peertime > now ) { 1090 Debug( LDAP_DEBUG_ANY, "TLS: peer certificate not yet active\n", 1091 0, 0, 0 ); 1092 return -1; 1093 } 1094 return 0; 1095} 1096 1097tls_impl ldap_int_tls_impl = { 1098 "GnuTLS", 1099 1100 tlsg_init, 1101 tlsg_destroy, 1102 1103 tlsg_ctx_new, 1104 tlsg_ctx_ref, 1105 tlsg_ctx_free, 1106 tlsg_ctx_init, 1107 1108 tlsg_session_new, 1109 tlsg_session_connect, 1110 tlsg_session_accept, 1111 tlsg_session_upflags, 1112 tlsg_session_errmsg, 1113 tlsg_session_my_dn, 1114 tlsg_session_peer_dn, 1115 tlsg_session_chkhost, 1116 tlsg_session_strength, 1117 1118 &tlsg_sbio, 1119 1120#ifdef LDAP_R_COMPILE 1121 tlsg_thr_init, 1122#else 1123 NULL, 1124#endif 1125 1126 0 1127}; 1128 1129#endif /* HAVE_GNUTLS */ 1130