tls_g.c 28.9 KB
Newer Older
1
2
3
4
/* tls_g.c - Handle tls/ssl using GNUTLS. */
/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
 *
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
5
 * Copyright 2008-2020 The OpenLDAP Foundation.
6
7
8
9
10
11
12
13
14
15
16
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted only as authorized by the OpenLDAP
 * Public License.
 *
 * A copy of this license is available in the file LICENSE in the
 * top-level directory of the distribution or, alternatively, at
 * <http://www.OpenLDAP.org/license.html>.
 */
/* ACKNOWLEDGEMENTS: GNUTLS support written by Howard Chu and
Emily Backes's avatar
Emily Backes committed
17
 * Emily Backes; sponsored by The Written Word (thewrittenword.com)
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
 * and Stanford University (stanford.edu).
 */

#include "portable.h"

#ifdef HAVE_GNUTLS

#include "ldap_config.h"

#include <stdio.h>

#include <ac/stdlib.h>
#include <ac/errno.h>
#include <ac/socket.h>
#include <ac/string.h>
#include <ac/ctype.h>
#include <ac/time.h>
#include <ac/unistd.h>
#include <ac/param.h>
#include <ac/dirent.h>
38
39
#include <sys/stat.h>
#include <fcntl.h>
40
41
42
43
44
45

#include "ldap-int.h"
#include "ldap-tls.h"

#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
46
47
#include <gnutls/abstract.h>
#include <gnutls/crypto.h>
48
49
50
51
52
53

typedef struct tlsg_ctx {
	gnutls_certificate_credentials_t cred;
	gnutls_dh_params_t dh_params;
	unsigned long verify_depth;
	int refcount;
54
	int reqcert;
55
	gnutls_priority_t prios;
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
#ifdef LDAP_R_COMPILE
	ldap_pvt_thread_mutex_t ref_mutex;
#endif
} tlsg_ctx;

typedef struct tlsg_session {
	gnutls_session_t session;
	tlsg_ctx *ctx;
	struct berval peer_der_dn;
} tlsg_session;

static int tlsg_parse_ciphers( tlsg_ctx *ctx, char *suites );
static int tlsg_cert_verify( tlsg_session *s );

#ifdef LDAP_R_COMPILE

static void
tlsg_thr_init( void )
{
75
	/* do nothing */
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
}
#endif /* LDAP_R_COMPILE */

/*
 * Initialize TLS subsystem. Should be called only once.
 */
static int
tlsg_init( void )
{
	gnutls_global_init();
	return 0;
}

/*
 * Tear down the TLS subsystem. Should only be called once.
 */
static void
tlsg_destroy( void )
{
	gnutls_global_deinit();
}

static tls_ctx *
tlsg_ctx_new ( struct ldapoptions *lo )
{
	tlsg_ctx *ctx;

	ctx = ber_memcalloc ( 1, sizeof (*ctx) );
	if ( ctx ) {
		if ( gnutls_certificate_allocate_credentials( &ctx->cred )) {
			ber_memfree( ctx );
			return NULL;
		}
		ctx->refcount = 1;
110
		gnutls_priority_init( &ctx->prios, "NORMAL", NULL );
111
112
113
114
115
116
117
118
119
120
121
#ifdef LDAP_R_COMPILE
		ldap_pvt_thread_mutex_init( &ctx->ref_mutex );
#endif
	}
	return (tls_ctx *)ctx;
}

static void
tlsg_ctx_ref( tls_ctx *ctx )
{
	tlsg_ctx *c = (tlsg_ctx *)ctx;
122
	LDAP_MUTEX_LOCK( &c->ref_mutex );
123
	c->refcount++;
124
	LDAP_MUTEX_UNLOCK( &c->ref_mutex );
125
126
127
128
129
130
131
132
133
134
}

static void
tlsg_ctx_free ( tls_ctx *ctx )
{
	tlsg_ctx *c = (tlsg_ctx *)ctx;
	int refcount;

	if ( !c ) return;

135
	LDAP_MUTEX_LOCK( &c->ref_mutex );
136
	refcount = --c->refcount;
137
	LDAP_MUTEX_UNLOCK( &c->ref_mutex );
138
139
	if ( refcount )
		return;
140
	gnutls_priority_deinit( c->prios );
141
	gnutls_certificate_free_credentials( c->cred );
142
143
	if ( c->dh_params )
		gnutls_dh_params_deinit( c->dh_params );
144
145
146
	ber_memfree ( c );
}

147
148
149
150
151
static int
tlsg_getfile( const char *path, gnutls_datum_t *buf )
{
	int rc = -1, fd;
	struct stat st;
152
	char ebuf[128];
153
154

	fd = open( path, O_RDONLY );
155
156
157
158
159
160
161
162
	if ( fd < 0 ) {
		Debug2( LDAP_DEBUG_ANY,
			"TLS: opening `%s' failed: %s\n",
			path,
			AC_STRERROR_R( errno, ebuf, sizeof ebuf ));
		return -1;
	}
	if ( fstat( fd, &st ) == 0 ) {
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
		buf->size = st.st_size;
		buf->data = LDAP_MALLOC( st.st_size + 1 );
		if ( buf->data ) {
			rc = read( fd, buf->data, st.st_size );
			close( fd );
			if ( rc < st.st_size )
				rc = -1;
			else
				rc = 0;
		}
	}
	return rc;
}

/* This is the GnuTLS default */
#define	VERIFY_DEPTH	6

180
181
182
183
184
185
186
187
188
189
190
/*
 * initialize a new TLS context
 */
static int
tlsg_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
{
	tlsg_ctx *ctx = lo->ldo_tls_ctx;
	int rc;

 	if ( lo->ldo_tls_ciphersuite &&
		tlsg_parse_ciphers( ctx, lt->lt_ciphersuite )) {
191
		Debug1( LDAP_DEBUG_ANY,
192
 			   "TLS: could not set cipher list %s.\n",
193
			   lo->ldo_tls_ciphersuite );
194
195
196
197
		return -1;
 	}

	if (lo->ldo_tls_cacertdir != NULL) {
198
199
200
201
202
203
204
205
206
207
208
209
210
211
		rc = gnutls_certificate_set_x509_trust_dir(
			ctx->cred,
			lt->lt_cacertdir,
			GNUTLS_X509_FMT_PEM );
		if ( rc > 0 ) {
			Debug2( LDAP_DEBUG_TRACE,
				"TLS: loaded %d CA certificates from directory `%s'.\n",
				rc, lt->lt_cacertdir );
		} else {
			Debug1( LDAP_DEBUG_ANY,
				"TLS: warning: no certificate found in CA certificate directory `%s'.\n",
				lt->lt_cacertdir );
			/* only warn, no return */
		}
212
213
214
215
216
217
218
	}

	if (lo->ldo_tls_cacertfile != NULL) {
		rc = gnutls_certificate_set_x509_trust_file( 
			ctx->cred,
			lt->lt_cacertfile,
			GNUTLS_X509_FMT_PEM );
219
220
221
222
223
224
225
226
227
228
229
230
231
		if ( rc < 0 ) {
			Debug3( LDAP_DEBUG_ANY,
				"TLS: could not use CA certificate file `%s': %s (%d)\n",
				lo->ldo_tls_cacertfile,
				gnutls_strerror( rc ),
				rc );
			return -1;
		} else if ( rc == 0 ) {
			Debug1( LDAP_DEBUG_ANY,
				"TLS: warning: no certificate loaded from CA certificate file `%s'.\n",
				lo->ldo_tls_cacertfile );
			/* only warn, no return */
		}
232
	}
233

234
235
236
237
238
239
240
241
	if (lo->ldo_tls_cacert.bv_val != NULL ) {
		gnutls_datum_t buf;
		buf.data = (unsigned char *)lo->ldo_tls_cacert.bv_val;
		buf.size = lo->ldo_tls_cacert.bv_len;
		rc = gnutls_certificate_set_x509_trust_mem(
			ctx->cred,
			&buf,
			GNUTLS_X509_FMT_DER );
242
243
244
245
246
247
248
		if ( rc < 0 ) {
			Debug2( LDAP_DEBUG_ANY,
				"TLS: could not use CA certificate: %s (%d)\n",
				gnutls_strerror( rc ),
				rc );
			return -1;
		}
249
	}
250

251
252
	if (( lo->ldo_tls_certfile && lo->ldo_tls_keyfile ) ||
		( lo->ldo_tls_cert.bv_val && lo->ldo_tls_key.bv_val )) {
253
254
255
256
257
		gnutls_x509_privkey_t key;
		gnutls_datum_t buf;
		gnutls_x509_crt_t certs[VERIFY_DEPTH];
		unsigned int max = VERIFY_DEPTH;

258
259
260
		rc = gnutls_x509_privkey_init( &key );
		if ( rc ) return -1;

261
262
263
264
265
		/* OpenSSL builds the cert chain for us, but GnuTLS
		 * expects it to be present in the certfile. If it's
		 * not, we have to build it ourselves. So we have to
		 * do some special checks here...
		 */
266
267
268
269
270
271
272
		if ( lo->ldo_tls_key.bv_val ) {
			buf.data = (unsigned char *)lo->ldo_tls_key.bv_val;
			buf.size = lo->ldo_tls_key.bv_len;
			rc = gnutls_x509_privkey_import( key, &buf,
				GNUTLS_X509_FMT_DER );
		} else {
			rc = tlsg_getfile( lt->lt_keyfile, &buf );
273
274
275
276
277
278
			if ( rc ) {
				Debug1( LDAP_DEBUG_ANY,
					"TLS: could not use private key file `%s`.\n",
					lt->lt_keyfile);
				return -1;
			}
279
280
281
282
			rc = gnutls_x509_privkey_import( key, &buf,
				GNUTLS_X509_FMT_PEM );
			LDAP_FREE( buf.data );
		}
283
284
285
286
287
288
289
		if ( rc < 0 ) {
			Debug2( LDAP_DEBUG_ANY,
				"TLS: could not use private key: %s (%d)\n",
				gnutls_strerror( rc ),
				rc );
			return rc;
		}
290

291
292
293
294
295
296
297
		if ( lo->ldo_tls_cert.bv_val ) {
			buf.data = (unsigned char *)lo->ldo_tls_cert.bv_val;
			buf.size = lo->ldo_tls_cert.bv_len;
			rc = gnutls_x509_crt_list_import( certs, &max, &buf,
				GNUTLS_X509_FMT_DER, 0 );
		} else {
			rc = tlsg_getfile( lt->lt_certfile, &buf );
298
299
300
301
302
303
			if ( rc ) {
				Debug1( LDAP_DEBUG_ANY,
					"TLS: could not use certificate file `%s`.\n",
					lt->lt_certfile);
				return -1;
			}
304
305
306
307
			rc = gnutls_x509_crt_list_import( certs, &max, &buf,
				GNUTLS_X509_FMT_PEM, 0 );
			LDAP_FREE( buf.data );
		}
308
309
310
311
312
313
314
		if ( rc < 0 ) {
			Debug2( LDAP_DEBUG_ANY,
				"TLS: could not use certificate: %s (%d)\n",
				gnutls_strerror( rc ),
				rc );
			return rc;
		}
315
316
317
318
319

		/* If there's only one cert and it's not self-signed,
		 * then we have to build the cert chain.
		 */
		if ( max == 1 && !gnutls_x509_crt_check_issuer( certs[0], certs[0] )) {
320
321
322
323
324
325
326
327
328
			unsigned int i;
			for ( i = 1; i<VERIFY_DEPTH; i++ ) {
				if ( gnutls_certificate_get_issuer( ctx->cred, certs[i-1], &certs[i], 0 ))
					break;
				max++;
				/* If this CA is self-signed, we're done */
				if ( gnutls_x509_crt_check_issuer( certs[i], certs[i] ))
					break;
			}
329
330
		}
		rc = gnutls_certificate_set_x509_key( ctx->cred, certs, max, key );
331
332
333
334
335
336
337
		if ( rc ) {
			Debug2( LDAP_DEBUG_ANY,
				"TLS: could not use certificate with key: %s (%d)\n",
				gnutls_strerror( rc ),
				rc );
			return -1;
		}
338
	} else if (( lo->ldo_tls_certfile || lo->ldo_tls_keyfile )) {
339
340
		Debug0( LDAP_DEBUG_ANY,
		       "TLS: only one of certfile and keyfile specified\n" );
341
		return -1;
342
	} else if (( lo->ldo_tls_cert.bv_val || lo->ldo_tls_key.bv_val )) {
343
344
		Debug0( LDAP_DEBUG_ANY,
		       "TLS: only one of cert and key specified\n" );
345
		return -1;
346
347
348
349
350
351
352
353
354
355
	}

	if ( lo->ldo_tls_crlfile ) {
		rc = gnutls_certificate_set_x509_crl_file( 
			ctx->cred,
			lt->lt_crlfile,
			GNUTLS_X509_FMT_PEM );
		if ( rc < 0 ) return -1;
		rc = 0;
	}
Howard Chu's avatar
Howard Chu committed
356

Howard Chu's avatar
Howard Chu committed
357
	/* FIXME: ITS#5992 - this should be configurable,
Howard Chu's avatar
Howard Chu committed
358
359
360
361
362
	 * and V1 CA certs should be phased out ASAP.
	 */
	gnutls_certificate_set_verify_flags( ctx->cred,
		GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT );

363
364
365
366
	if ( is_server && lo->ldo_tls_dhfile ) {
		gnutls_datum_t buf;
		rc = tlsg_getfile( lo->ldo_tls_dhfile, &buf );
		if ( rc ) return -1;
Howard Chu's avatar
Howard Chu committed
367
368
369
370
		rc = gnutls_dh_params_init( &ctx->dh_params );
		if ( rc == 0 )
			rc = gnutls_dh_params_import_pkcs3( ctx->dh_params, &buf,
				GNUTLS_X509_FMT_PEM );
371
372
373
		LDAP_FREE( buf.data );
		if ( rc ) return -1;
		gnutls_certificate_set_dh_params( ctx->cred, ctx->dh_params );
374
	}
375
376
377

	ctx->reqcert = lo->ldo_tls_require_cert;

378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
	return 0;
}

static tls_session *
tlsg_session_new ( tls_ctx * ctx, int is_server )
{
	tlsg_ctx *c = (tlsg_ctx *)ctx;
	tlsg_session *session;

	session = ber_memcalloc ( 1, sizeof (*session) );
	if ( !session )
		return NULL;

	session->ctx = c;
	gnutls_init( &session->session, is_server ? GNUTLS_SERVER : GNUTLS_CLIENT );
393
	gnutls_priority_set( session->session, c->prios );
394
395
396
397
398
	if ( c->cred )
		gnutls_credentials_set( session->session, GNUTLS_CRD_CERTIFICATE, c->cred );
	
	if ( is_server ) {
		int flag = 0;
399
		if ( c->reqcert ) {
400
			flag = GNUTLS_CERT_REQUEST;
401
402
			if ( c->reqcert == LDAP_OPT_X_TLS_DEMAND ||
				c->reqcert == LDAP_OPT_X_TLS_HARD )
403
404
405
406
407
408
409
410
411
412
413
414
415
				flag = GNUTLS_CERT_REQUIRE;
			gnutls_certificate_server_set_request( session->session, flag );
		}
	}
	return (tls_session *)session;
} 

static int
tlsg_session_accept( tls_session *session )
{
	tlsg_session *s = (tlsg_session *)session;
	int rc;

416
	rc = gnutls_handshake( s->session );
417
	if ( rc == 0 && s->ctx->reqcert != LDAP_OPT_X_TLS_NEVER ) {
418
419
420
421
422
		const gnutls_datum_t *peer_cert_list;
		unsigned int list_size;

		peer_cert_list = gnutls_certificate_get_peers( s->session, 
						&list_size );
423
		if ( !peer_cert_list && s->ctx->reqcert == LDAP_OPT_X_TLS_TRY )
424
			rc = 0;
425
426
		else {
			rc = tlsg_cert_verify( s );
427
			if ( rc && s->ctx->reqcert == LDAP_OPT_X_TLS_ALLOW )
428
429
				rc = 0;
		}
430
431
432
433
434
	}
	return rc;
}

static int
435
tlsg_session_connect( LDAP *ld, tls_session *session, const char *name_in )
436
{
Ryan Tandy's avatar
Ryan Tandy committed
437
438
439
440
441
442
443
444
445
446
	tlsg_session *s = (tlsg_session *)session;
	int rc;

	if ( name_in ) {
		rc = gnutls_server_name_set( s->session, GNUTLS_NAME_DNS, name_in, strlen(name_in) );
		if ( rc != GNUTLS_E_SUCCESS ) {
			return rc;
		}
	}

447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
	return tlsg_session_accept( session);
}

static int
tlsg_session_upflags( Sockbuf *sb, tls_session *session, int rc )
{
	tlsg_session *s = (tlsg_session *)session;

	if ( rc != GNUTLS_E_INTERRUPTED && rc != GNUTLS_E_AGAIN )
		return 0;

	switch (gnutls_record_get_direction (s->session)) {
	case 0: 
		sb->sb_trans_needs_read = 1;
		return 1;
	case 1:
		sb->sb_trans_needs_write = 1;
		return 1;
	}
	return 0;
}

static char *
470
tlsg_session_errmsg( tls_session *sess, int rc, char *buf, size_t len )
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
{
	return (char *)gnutls_strerror( rc );
}

static void
tlsg_x509_cert_dn( struct berval *cert, struct berval *dn, int get_subject )
{
	BerElementBuffer berbuf;
	BerElement *ber = (BerElement *)&berbuf;
	ber_tag_t tag;
	ber_len_t len;
	ber_int_t i;

	ber_init2( ber, cert, LBER_USE_DER );
	tag = ber_skip_tag( ber, &len );	/* Sequence */
	tag = ber_skip_tag( ber, &len );	/* Sequence */
Howard Chu's avatar
Howard Chu committed
487
488
489
	tag = ber_peek_tag( ber, &len );	/* Context + Constructed (version) */
	if ( tag == 0xa0 ) {	/* Version is optional */
		tag = ber_skip_tag( ber, &len );
490
		tag = ber_get_int( ber, &i );	/* Int: Version */
Howard Chu's avatar
Howard Chu committed
491
	}
492
493
	tag = ber_skip_tag( ber, &len );	/* Int: Serial (can be longer than ber_int_t) */
	ber_skip_data( ber, len );
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
	tag = ber_skip_tag( ber, &len );	/* Sequence: Signature */
	ber_skip_data( ber, len );
	if ( !get_subject ) {
		tag = ber_peek_tag( ber, &len );	/* Sequence: Issuer DN */
	} else {
		tag = ber_skip_tag( ber, &len );
		ber_skip_data( ber, len );
		tag = ber_skip_tag( ber, &len );	/* Sequence: Validity */
		ber_skip_data( ber, len );
		tag = ber_peek_tag( ber, &len );	/* Sequence: Subject DN */
	}
	len = ber_ptrlen( ber );
	dn->bv_val = cert->bv_val + len;
	dn->bv_len = cert->bv_len - len;
}

static int
tlsg_session_my_dn( tls_session *session, struct berval *der_dn )
{
	tlsg_session *s = (tlsg_session *)session;
	const gnutls_datum_t *x;
	struct berval bv;

	x = gnutls_certificate_get_ours( s->session );

	if (!x) return LDAP_INVALID_CREDENTIALS;
	
521
	bv.bv_val = (char *) x->data;
522
523
524
525
526
527
528
529
530
531
532
533
	bv.bv_len = x->size;

	tlsg_x509_cert_dn( &bv, der_dn, 1 );
	return 0;
}

static int
tlsg_session_peer_dn( tls_session *session, struct berval *der_dn )
{
	tlsg_session *s = (tlsg_session *)session;
	if ( !s->peer_der_dn.bv_val ) {
		const gnutls_datum_t *peer_cert_list;
534
		unsigned int list_size;
535
536
537
538
539
540
541
		struct berval bv;

		peer_cert_list = gnutls_certificate_get_peers( s->session, 
							&list_size );
		if ( !peer_cert_list ) return LDAP_INVALID_CREDENTIALS;

		bv.bv_len = peer_cert_list->size;
542
		bv.bv_val = (char *) peer_cert_list->data;
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561

		tlsg_x509_cert_dn( &bv, &s->peer_der_dn, 1 );
	}
	*der_dn = s->peer_der_dn;
	return 0;
}

/* what kind of hostname were we given? */
#define	IS_DNS	0
#define	IS_IP4	1
#define	IS_IP6	2

#define	CN_OID	"2.5.4.3"

static int
tlsg_session_chkhost( LDAP *ld, tls_session *session, const char *name_in )
{
	tlsg_session *s = (tlsg_session *)session;
	int i, ret;
Howard Chu's avatar
Howard Chu committed
562
	int chkSAN = ld->ld_options.ldo_tls_require_san, gotSAN = 0;
563
	const gnutls_datum_t *peer_cert_list;
564
	unsigned int list_size;
565
566
567
568
569
570
571
572
573
574
575
576
	char altname[NI_MAXHOST];
	size_t altnamesize;

	gnutls_x509_crt_t cert;
	const char *name;
	char *ptr;
	char *domain = NULL;
#ifdef LDAP_PF_INET6
	struct in6_addr addr;
#else
	struct in_addr addr;
#endif
577
	int len1 = 0, len2 = 0;
578
579
580
581
582
583
584
585
586
587
588
589
590
	int ntype = IS_DNS;

	if( ldap_int_hostname &&
		( !name_in || !strcasecmp( name_in, "localhost" ) ) )
	{
		name = ldap_int_hostname;
	} else {
		name = name_in;
	}

	peer_cert_list = gnutls_certificate_get_peers( s->session, 
						&list_size );
	if ( !peer_cert_list ) {
591
592
		Debug0( LDAP_DEBUG_ANY,
			"TLS: unable to get peer certificate.\n" );
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
		/* If this was a fatal condition, things would have
		 * aborted long before now.
		 */
		return LDAP_SUCCESS;
	}
	ret = gnutls_x509_crt_init( &cert );
	if ( ret < 0 )
		return LDAP_LOCAL_ERROR;
	ret = gnutls_x509_crt_import( cert, peer_cert_list, GNUTLS_X509_FMT_DER );
	if ( ret ) {
		gnutls_x509_crt_deinit( cert );
		return LDAP_LOCAL_ERROR;
	}

#ifdef LDAP_PF_INET6
Howard Chu's avatar
Howard Chu committed
608
609
	if (inet_pton(AF_INET6, name, &addr)) {
		ntype = IS_IP6;
610
611
612
613
614
615
616
617
618
619
620
621
622
623
	} else 
#endif
	if ((ptr = strrchr(name, '.')) && isdigit((unsigned char)ptr[1])) {
		if (inet_aton(name, (struct in_addr *)&addr)) ntype = IS_IP4;
	}
	
	if (ntype == IS_DNS) {
		len1 = strlen(name);
		domain = strchr(name, '.');
		if (domain) {
			len2 = len1 - (domain-name);
		}
	}

Howard Chu's avatar
Howard Chu committed
624
	if (chkSAN) {
625
626
627
628
629
630
	for ( i=0, ret=0; ret >= 0; i++ ) {
		altnamesize = sizeof(altname);
		ret = gnutls_x509_crt_get_subject_alt_name( cert, i, 
			altname, &altnamesize, NULL );
		if ( ret < 0 ) break;

Howard Chu's avatar
Howard Chu committed
631
		gotSAN = 1;
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
		/* ignore empty */
		if ( altnamesize == 0 ) continue;

		if ( ret == GNUTLS_SAN_DNSNAME ) {
			if (ntype != IS_DNS) continue;
	
			/* Is this an exact match? */
			if ((len1 == altnamesize) && !strncasecmp(name, altname, len1)) {
				break;
			}

			/* Is this a wildcard match? */
			if (domain && (altname[0] == '*') && (altname[1] == '.') &&
				(len2 == altnamesize-1) && !strncasecmp(domain, &altname[1], len2))
			{
				break;
			}
		} else if ( ret == GNUTLS_SAN_IPADDRESS ) {
			if (ntype == IS_DNS) continue;

#ifdef LDAP_PF_INET6
			if (ntype == IS_IP6 && altnamesize != sizeof(struct in6_addr)) {
				continue;
			} else
#endif
			if (ntype == IS_IP4 && altnamesize != sizeof(struct in_addr)) {
				continue;
			}
			if (!memcmp(altname, &addr, altnamesize)) {
				break;
			}
		}
	}
	if ( ret >= 0 ) {
		ret = LDAP_SUCCESS;
Howard Chu's avatar
Howard Chu committed
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
	}
	}
	if (ret != LDAP_SUCCESS && chkSAN) {
		switch(chkSAN) {
		case LDAP_OPT_X_TLS_DEMAND:
		case LDAP_OPT_X_TLS_HARD:
			if (!gotSAN) {
				Debug0( LDAP_DEBUG_ANY,
					"TLS: unable to get subjectAltName from peer certificate.\n" );
				ret = LDAP_CONNECT_ERROR;
				if ( ld->ld_error ) {
					LDAP_FREE( ld->ld_error );
				}
				ld->ld_error = LDAP_STRDUP(
					_("TLS: unable to get subjectAltName from peer certificate"));
				goto done;
			}
			/* FALLTHRU */
		case LDAP_OPT_X_TLS_TRY:
			if (gotSAN) {
				Debug1( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
					"subjectAltName in certificate.\n",
					name );
				ret = LDAP_CONNECT_ERROR;
				if ( ld->ld_error ) {
					LDAP_FREE( ld->ld_error );
				}
				ld->ld_error = LDAP_STRDUP(
					_("TLS: hostname does not match subjectAltName in peer certificate"));
				goto done;
			}
			break;
		case LDAP_OPT_X_TLS_ALLOW:
			break;
		}
	}

	if ( ret != LDAP_SUCCESS ){
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
		/* find the last CN */
		i=0;
		do {
			altnamesize = 0;
			ret = gnutls_x509_crt_get_dn_by_oid( cert, CN_OID,
				i, 1, altname, &altnamesize );
			if ( ret == GNUTLS_E_SHORT_MEMORY_BUFFER )
				i++;
			else
				break;
		} while ( 1 );

		if ( i ) {
			altnamesize = sizeof(altname);
			ret = gnutls_x509_crt_get_dn_by_oid( cert, CN_OID,
				i-1, 0, altname, &altnamesize );
		}

723
		if ( ret < 0 ) {
724
725
			Debug0( LDAP_DEBUG_ANY,
				"TLS: unable to get common name from peer certificate.\n" );
726
727
728
729
730
731
732
733
734
			ret = LDAP_CONNECT_ERROR;
			if ( ld->ld_error ) {
				LDAP_FREE( ld->ld_error );
			}
			ld->ld_error = LDAP_STRDUP(
				_("TLS: unable to get CN from peer certificate"));

		} else {
			ret = LDAP_LOCAL_ERROR;
Howard Chu's avatar
Howard Chu committed
735
			if ( !len1 ) len1 = strlen( name );
736
737
738
739
740
741
742
743
744
745
746
747
748
749
			if ( len1 == altnamesize && strncasecmp(name, altname, altnamesize) == 0 ) {
				ret = LDAP_SUCCESS;

			} else if (( altname[0] == '*' ) && ( altname[1] == '.' )) {
					/* Is this a wildcard match? */
				if( domain &&
					(len2 == altnamesize-1) && !strncasecmp(domain, &altname[1], len2)) {
					ret = LDAP_SUCCESS;
				}
			}
		}

		if( ret == LDAP_LOCAL_ERROR ) {
			altname[altnamesize] = '\0';
750
			Debug2( LDAP_DEBUG_ANY, "TLS: hostname (%s) does not match "
751
				"common name in certificate (%s).\n", 
752
				name, altname );
753
754
755
756
757
			ret = LDAP_CONNECT_ERROR;
			if ( ld->ld_error ) {
				LDAP_FREE( ld->ld_error );
			}
			ld->ld_error = LDAP_STRDUP(
Howard Chu's avatar
Howard Chu committed
758
				_("TLS: hostname does not match name in peer certificate"));
759
760
		}
	}
Howard Chu's avatar
Howard Chu committed
761
done:
762
763
764
765
766
767
768
769
770
771
772
773
774
775
	gnutls_x509_crt_deinit( cert );
	return ret;
}

static int
tlsg_session_strength( tls_session *session )
{
	tlsg_session *s = (tlsg_session *)session;
	gnutls_cipher_algorithm_t c;

	c = gnutls_cipher_get( s->session );
	return gnutls_cipher_get_key_size( c ) * 8;
}

Howard Chu's avatar
Howard Chu committed
776
777
778
static int
tlsg_session_unique( tls_session *sess, struct berval *buf, int is_server)
{
779
780
781
782
783
784
785
786
787
788
789
790
791
	tlsg_session *s = (tlsg_session *)sess;
	gnutls_datum_t cb;
	int rc;

	rc = gnutls_session_channel_binding( s->session, GNUTLS_CB_TLS_UNIQUE, &cb );
	if ( rc == 0 ) {
		int len = cb.size;
		if ( len > buf->bv_len )
			len = buf->bv_len;
		buf->bv_len = len;
		memcpy( buf->bv_val, cb.data, len );
		return len;
	}
Howard Chu's avatar
Howard Chu committed
792
793
794
	return 0;
}

795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
static int
tlsg_session_endpoint( tls_session *sess, struct berval *buf, int is_server )
{
	tlsg_session *s = (tlsg_session *)sess;
	const gnutls_datum_t *cert_data;
	gnutls_x509_crt_t server_cert;
	gnutls_digest_algorithm_t md;
	int sign_algo, md_len, rc;

	if ( is_server )
		cert_data = gnutls_certificate_get_ours( s->session );
	else
		cert_data = gnutls_certificate_get_peers( s->session, NULL );

	if ( cert_data == NULL )
		return 0;

	rc = gnutls_x509_crt_init( &server_cert );
	if ( rc != GNUTLS_E_SUCCESS )
		return 0;

	rc = gnutls_x509_crt_import( server_cert, cert_data, GNUTLS_X509_FMT_DER );
	if ( rc != GNUTLS_E_SUCCESS ) {
		gnutls_x509_crt_deinit( server_cert );
		return 0;
	}

	sign_algo = gnutls_x509_crt_get_signature_algorithm( server_cert );
	gnutls_x509_crt_deinit( server_cert );
	if ( sign_algo <= GNUTLS_SIGN_UNKNOWN )
		return 0;

	md = gnutls_sign_get_hash_algorithm( sign_algo );
	if ( md == GNUTLS_DIG_UNKNOWN )
		return 0;

	/* See RFC 5929 */
	switch (md) {
	case GNUTLS_DIG_NULL:
	case GNUTLS_DIG_MD2:
	case GNUTLS_DIG_MD5:
	case GNUTLS_DIG_SHA1:
		md = GNUTLS_DIG_SHA256;
	}

	md_len = gnutls_hash_get_len( md );
	if ( md_len == 0 || md_len > buf->bv_len )
		return 0;

	rc = gnutls_hash_fast( md, cert_data->data, cert_data->size, buf->bv_val );
	if ( rc != GNUTLS_E_SUCCESS )
		return 0;

	buf->bv_len = md_len;

	return md_len;
}

Howard Chu's avatar
Howard Chu committed
853
854
855
856
857
858
859
860
861
862
863
864
865
866
static const char *
tlsg_session_version( tls_session *sess )
{
	tlsg_session *s = (tlsg_session *)sess;
	return gnutls_protocol_get_name(gnutls_protocol_get_version( s->session ));
}

static const char *
tlsg_session_cipher( tls_session *sess )
{
	tlsg_session *s = (tlsg_session *)sess;
	return gnutls_cipher_get_name(gnutls_cipher_get( s->session ));
}

867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
static int
tlsg_session_peercert( tls_session *sess, struct berval *der )
{
	tlsg_session *s = (tlsg_session *)sess;
	const gnutls_datum_t *peer_cert_list;
	unsigned int list_size;

	peer_cert_list = gnutls_certificate_get_peers( s->session, &list_size );
	if (!peer_cert_list)
		return -1;
	der->bv_len = peer_cert_list[0].size;
	der->bv_val = LDAP_MALLOC( der->bv_len );
	if (!der->bv_val)
		return -1;
	memcpy(der->bv_val, peer_cert_list[0].data, der->bv_len);
	return 0;
}

885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
static int
tlsg_session_pinning( LDAP *ld, tls_session *sess, char *hashalg, struct berval *hash )
{
	tlsg_session *s = (tlsg_session *)sess;
	const gnutls_datum_t *cert_list;
	unsigned int cert_list_size = 0;
	gnutls_x509_crt_t crt;
	gnutls_pubkey_t pubkey;
	gnutls_datum_t key = {};
	gnutls_digest_algorithm_t alg;
	struct berval keyhash;
	size_t len;
	int rc = -1;

	if ( hashalg ) {
		alg = gnutls_digest_get_id( hashalg );
		if ( alg == GNUTLS_DIG_UNKNOWN ) {
902
			Debug1( LDAP_DEBUG_ANY, "tlsg_session_pinning: "
903
					"unknown hashing algorithm for GnuTLS: '%s'\n",
904
					hashalg );
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
			return rc;
		}
	}

	cert_list = gnutls_certificate_get_peers( s->session, &cert_list_size );
	if ( cert_list_size == 0 ) {
		return rc;
	}

	if ( gnutls_x509_crt_init( &crt ) < 0 ) {
		return rc;
	}

	if ( gnutls_x509_crt_import( crt, &cert_list[0], GNUTLS_X509_FMT_DER ) ) {
		goto done;
	}

	if ( gnutls_pubkey_init( &pubkey ) ) {
		goto done;
	}

	if ( gnutls_pubkey_import_x509( pubkey, crt, 0 ) < 0 ) {
		goto done;
	}

	gnutls_pubkey_export( pubkey, GNUTLS_X509_FMT_DER, key.data, &len );
	if ( len <= 0 ) {
		goto done;
	}

	key.data = LDAP_MALLOC( len );
	if ( !key.data ) {
		goto done;
	}

	key.size = len;

	if ( gnutls_pubkey_export( pubkey, GNUTLS_X509_FMT_DER,
				key.data, &len ) < 0 ) {
		goto done;
	}

	if ( hashalg ) {
		keyhash.bv_len = gnutls_hash_get_len( alg );
		keyhash.bv_val = LDAP_MALLOC( keyhash.bv_len );
		if ( !keyhash.bv_val || gnutls_fingerprint( alg, &key,
					keyhash.bv_val, &keyhash.bv_len ) < 0 ) {
			goto done;
		}
	} else {
		keyhash.bv_val = (char *)key.data;
		keyhash.bv_len = key.size;
	}

	if ( ber_bvcmp( hash, &keyhash ) ) {
		rc = LDAP_CONNECT_ERROR;
961
962
		Debug0( LDAP_DEBUG_ANY, "tlsg_session_pinning: "
				"public key hash does not match provided pin.\n" );
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
		if ( ld->ld_error ) {
			LDAP_FREE( ld->ld_error );
		}
		ld->ld_error = LDAP_STRDUP(
			_("TLS: public key hash does not match provided pin"));
	} else {
		rc = LDAP_SUCCESS;
	}

done:
	if ( pubkey ) {
		gnutls_pubkey_deinit( pubkey );
	}
	if ( crt ) {
		gnutls_x509_crt_deinit( crt );
	}
	if ( keyhash.bv_val != (char *)key.data ) {
		LDAP_FREE( keyhash.bv_val );
	}
	if ( key.data ) {
		LDAP_FREE( key.data );
	}
	return rc;
}

988
989
990
991
/* suites is a string of colon-separated cipher suite names. */
static int
tlsg_parse_ciphers( tlsg_ctx *ctx, char *suites )
{
992
	const char *err;
993
994
995
996
	int rc = gnutls_priority_init( &ctx->prios, suites, &err );
	if ( rc )
		ctx->prios = NULL;
	return rc;
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
}

/*
 * TLS support for LBER Sockbufs
 */

struct tls_data {
	tlsg_session		*session;
	Sockbuf_IO_Desc		*sbiod;
};

static ssize_t
tlsg_recv( gnutls_transport_ptr_t ptr, void *buf, size_t len )
{
	struct tls_data		*p;

	if ( buf == NULL || len <= 0 ) return 0;

	p = (struct tls_data *)ptr;

	if ( p == NULL || p->sbiod == NULL ) {
		return 0;
	}

	return LBER_SBIOD_READ_NEXT( p->sbiod, buf, len );
}

static ssize_t
tlsg_send( gnutls_transport_ptr_t ptr, const void *buf, size_t len )
{
	struct tls_data		*p;
	
	if ( buf == NULL || len <= 0 ) return 0;
	
	p = (struct tls_data *)ptr;

	if ( p == NULL || p->sbiod == NULL ) {
		return 0;
	}

	return LBER_SBIOD_WRITE_NEXT( p->sbiod, (char *)buf, len );
}

static int
tlsg_sb_setup( Sockbuf_IO_Desc *sbiod, void *arg )
{
	struct tls_data		*p;
	tlsg_session	*session = arg;

	assert( sbiod != NULL );

	p = LBER_MALLOC( sizeof( *p ) );
	if ( p == NULL ) {
		return -1;
	}
	
1053
	gnutls_transport_set_ptr( session->session, (gnutls_transport_ptr_t)p );
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
	gnutls_transport_set_pull_function( session->session, tlsg_recv );
	gnutls_transport_set_push_function( session->session, tlsg_send );
	p->session = session;
	p->sbiod = sbiod;
	sbiod->sbiod_pvt = p;
	return 0;
}

static int
tlsg_sb_remove( Sockbuf_IO_Desc *sbiod )
{
	struct tls_data		*p;
	
	assert( sbiod != NULL );
	assert( sbiod->sbiod_pvt != NULL );

	p = (struct tls_data *)sbiod->sbiod_pvt;
	gnutls_deinit ( p->session->session );
	LBER_FREE( p->session );
	LBER_FREE( sbiod->sbiod_pvt );
	sbiod->sbiod_pvt = NULL;
	return 0;
}

static int
tlsg_sb_close( Sockbuf_IO_Desc *sbiod )
{
	struct tls_data		*p;
	
	assert( sbiod != NULL );
	assert( sbiod->sbiod_pvt != NULL );

	p = (struct tls_data *)sbiod->sbiod_pvt;
1087
	gnutls_bye ( p->session->session, GNUTLS_SHUT_WR );
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
	return 0;
}

static int
tlsg_sb_ctrl( Sockbuf_IO_Desc *sbiod, int opt, void *arg )
{
	struct tls_data		*p;
	
	assert( sbiod != NULL );
	assert( sbiod->sbiod_pvt != NULL );

	p = (struct tls_data *)sbiod->sbiod_pvt;
	
	if ( opt == LBER_SB_OPT_GET_SSL ) {
		*((tlsg_session **)arg) = p->session;
		return 1;
		
	} else if ( opt == LBER_SB_OPT_DATA_READY ) {
		if( gnutls_record_check_pending( p->session->session ) > 0 ) {
			return 1;
		}
	}
	
	return LBER_SBIOD_CTRL_NEXT( sbiod, opt, arg );
}

static ber_slen_t
tlsg_sb_read( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
{
	struct tls_data		*p;
	ber_slen_t		ret;

	assert( sbiod != NULL );
	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );

	p = (struct tls_data *)sbiod->sbiod_pvt;

	ret = gnutls_record_recv ( p->session->session, buf, len );
	switch (ret) {
	case GNUTLS_E_INTERRUPTED:
	case GNUTLS_E_AGAIN:
		sbiod->sbiod_sb->sb_trans_needs_read = 1;
		sock_errset(EWOULDBLOCK);
		ret = 0;
		break;
	case GNUTLS_E_REHANDSHAKE:
		for ( ret = gnutls_handshake ( p->session->session );
		      ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN;
		      ret = gnutls_handshake ( p->session->session ) );
		sbiod->sbiod_sb->sb_trans_needs_read = 1;
		ret = 0;
		break;
	default:
		sbiod->sbiod_sb->sb_trans_needs_read = 0;
	}
	return ret;
}

static ber_slen_t
tlsg_sb_write( Sockbuf_IO_Desc *sbiod, void *buf, ber_len_t len)
{
	struct tls_data		*p;
	ber_slen_t		ret;

	assert( sbiod != NULL );
	assert( SOCKBUF_VALID( sbiod->sbiod_sb ) );

	p = (struct tls_data *)sbiod->sbiod_pvt;

	ret = gnutls_record_send ( p->session->session, (char *)buf, len );

	if ( ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN ) {
		sbiod->sbiod_sb->sb_trans_needs_write = 1;
		sock_errset(EWOULDBLOCK);
		ret = 0;
	} else {
		sbiod->sbiod_sb->sb_trans_needs_write = 0;
	}
	return ret;
}

static Sockbuf_IO tlsg_sbio =
{
	tlsg_sb_setup,		/* sbi_setup */
	tlsg_sb_remove,		/* sbi_remove */
	tlsg_sb_ctrl,		/* sbi_ctrl */
	tlsg_sb_read,		/* sbi_read */
	tlsg_sb_write,		/* sbi_write */
	tlsg_sb_close		/* sbi_close */
};

/* Certs are not automatically varified during the handshake */
static int
tlsg_cert_verify( tlsg_session *ssl )
{
	unsigned int status = 0;
	int err;
	time_t now = time(0);
1186
	time_t peertime;
1187
1188
1189

	err = gnutls_certificate_verify_peers2( ssl->session, &status );
	if ( err < 0 ) {
1190
1191
		Debug1( LDAP_DEBUG_ANY,"TLS: gnutls_certificate_verify_peers2 failed %d\n",
			err );
1192
1193
1194
		return -1;
	}
	if ( status ) {
1195
1196
		Debug1( LDAP_DEBUG_TRACE,"TLS: peer cert untrusted or revoked (0x%x)\n",
			status );
1197
1198
		return -1;
	}
1199
1200
	peertime = gnutls_certificate_expiration_time_peers( ssl->session );
	if ( peertime == (time_t) -1 ) {
1201
		Debug0( LDAP_DEBUG_ANY, "TLS: gnutls_certificate_expiration_time_peers failed\n" );
1202
1203
1204
		return -1;
	}
	if ( peertime < now ) {
1205
		Debug0( LDAP_DEBUG_ANY, "TLS: peer certificate is expired\n" );
1206
1207
		return -1;
	}
1208
1209
	peertime = gnutls_certificate_activation_time_peers( ssl->session );
	if ( peertime == (time_t) -1 ) {
1210
		Debug0( LDAP_DEBUG_ANY, "TLS: gnutls_certificate_activation_time_peers failed\n" );
1211
1212
1213
		return -1;
	}
	if ( peertime > now ) {
1214
		Debug0( LDAP_DEBUG_ANY, "TLS: peer certificate not yet active\n" );
1215
1216
1217
1218
1219
		return -1;
	}
	return 0;
}

1220
tls_impl ldap_int_tls_impl = {
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
	"GnuTLS",

	tlsg_init,
	tlsg_destroy,

	tlsg_ctx_new,
	tlsg_ctx_ref,
	tlsg_ctx_free,
	tlsg_ctx_init,

	tlsg_session_new,
	tlsg_session_connect,
	tlsg_session_accept,
	tlsg_session_upflags,
	tlsg_session_errmsg,
	tlsg_session_my_dn,
	tlsg_session_peer_dn,
	tlsg_session_chkhost,
	tlsg_session_strength,
Howard Chu's avatar
Howard Chu committed
1240
	tlsg_session_unique,
1241
	tlsg_session_endpoint,
Howard Chu's avatar
Howard Chu committed
1242
1243
	tlsg_session_version,
	tlsg_session_cipher,
1244
	tlsg_session_peercert,
1245
	tlsg_session_pinning,
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258

	&tlsg_sbio,

#ifdef LDAP_R_COMPILE
	tlsg_thr_init,
#else
	NULL,
#endif

	0
};

#endif /* HAVE_GNUTLS */