[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
inetutils/libinetutils shishi.c
From: |
shishi-commit |
Subject: |
inetutils/libinetutils shishi.c |
Date: |
Wed, 17 Sep 2003 09:16:52 -0400 |
CVSROOT: /cvsroot/shishi
Module name: inetutils
Branch:
Changes by: Nicolas Pouvesle <address@hidden> 03/09/17 09:16:52
Modified files:
libinetutils : shishi.c
Log message:
Add KCMDV0.1 protocol support.
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/libinetutils/shishi.c.diff?tr1=1.1&tr2=1.2&r1=text&r2=text
Patches:
Index: inetutils/libinetutils/shishi.c
diff -u inetutils/libinetutils/shishi.c:1.1 inetutils/libinetutils/shishi.c:1.2
--- inetutils/libinetutils/shishi.c:1.1 Sat Sep 13 16:10:37 2003
+++ inetutils/libinetutils/shishi.c Wed Sep 17 09:16:52 2003
@@ -224,7 +224,7 @@
}
int
-get_auth (int infd, Shishi ** handle, Shishi_key ** enckey, const char
**err_msg)
+get_auth (int infd, Shishi ** handle, Shishi_key ** enckey, const char
**err_msg, int * protoversion)
{
Shishi_key *key;
Shishi_ap *ap;
@@ -240,7 +240,8 @@
/* KERBEROS 5 SENDAUTH MESSAGE */
char krb5sendauth[] = "KRB5_SENDAUTH_V1.0";
/* PROTOCOL VERSION */
- char krb5sendclient[] = "KCMDV0.2";
+ char krb5kcmd1[] = "KCMDV0.1";
+ char krb5kcmd2[] = "KCMDV0.2";
int auth_correct = 0;
char * servername;
@@ -293,7 +294,7 @@
senderror (infd, 1, "Invalid authentication type.\r\n");
return 1;
}
-
+
free (buf);
/* Read protocol version */
@@ -303,7 +304,6 @@
senderror (infd, 2, "Error reading protocol message size...\r\n");
return 1;
}
-
buflen = ntohl (len);
buf = (char *) xmalloc (buflen);
@@ -314,13 +314,21 @@
return 1;
}
- len = strlen (krb5sendclient);
- rc = strncmp (buf, krb5sendclient, buflen >= len ? len : buflen);
+ len = strlen (krb5kcmd1);
+ rc = strncmp (buf, krb5kcmd1, buflen >= len ? len : buflen);
if (rc)
{
- senderror (infd, 2, "Protocol version not supported...\r\n");
- return 1;
+ len = strlen (krb5kcmd2);
+ rc = strncmp (buf, krb5kcmd2, buflen >= len ? len : buflen);
+ if (rc)
+ {
+ senderror (infd, 2, "Protocol version not supported...\r\n");
+ return 1;
+ }
+ *protoversion = 2;
}
+ else
+ *protoversion = 1;
free (buf);
@@ -380,13 +388,15 @@
#ifdef ENCRYPTION
/* extract subkey if present from ap exchange for secure connection */
-
- *enckey = NULL;
- shishi_authenticator_get_subkey (*handle, shishi_ap_authenticator (ap),
enckey);
+ if (*protoversion == 2)
+ {
+ *enckey = NULL;
+ shishi_authenticator_get_subkey (*handle, shishi_ap_authenticator (ap),
enckey);
+ }
+
#endif
/* User is authenticated. */
-
error = 0;
write (infd, &error, sizeof (int));
@@ -423,6 +433,28 @@
/* We are authenticated to client */
}
+#ifdef ENCRYPTION
+ if (*protoversion == 1)
+ {
+ Shishi_tkt * tkt;
+
+ tkt = shishi_ap_tkt (ap);
+ if (tkt == NULL)
+ {
+ syslog (LOG_ERR, "Could not get tkt from AP-REQ: %s\n",
shishi_strerror (rc));
+ return 1;
+ }
+
+ rc = shishi_encticketpart_get_key (*handle,
+ shishi_tkt_encticketpart (tkt), enckey);
+ if (rc != SHISHI_OK)
+ {
+ syslog (LOG_ERR, "Could not get key from Encticketpart: %s\n",
shishi_strerror (rc));
+ return 1;
+ }
+ }
+#endif
+
shishi_ap_done (ap);
return SHISHI_OK;
@@ -433,7 +465,7 @@
/* read encrypted data on socket */
int
readenc (Shishi * h, int sock, char *buf, int *len, shishi_ivector *iv,
- Shishi_key * enckey)
+ Shishi_key * enckey, int proto)
{
char *out;
char *outbis;
@@ -462,7 +494,9 @@
hashsize =
shishi_checksum_cksumlen (shishi_cipher_defaultcksumtype (enctype));
- dlen += blocksize - 1 + 4;
+ dlen += blocksize - 1;
+ if (proto == 2)
+ dlen += 4;
if (shishi_key_type (enckey) != SHISHI_DES3_CBC_HMAC_SHA1_KD)
dlen += hashsize;
else
@@ -489,31 +523,46 @@
return 1;
}
- /* decrypt it */
- rc =
- shishi_decrypt_ivupdate (h, enckey, iv->keyusage, iv->iv, iv->ivlen, &iv2,
&iv->ivlen, outbis,
+ if (proto == 1)
+ {
+ rc =
+ shishi_decrypt (h, enckey, iv->keyusage, outbis, dlen, &out, &outlen);
+ }
+ else
+ {
+ rc =
+ shishi_decrypt_ivupdate (h, enckey, iv->keyusage, iv->iv, iv->ivlen,
&iv2, &iv->ivlen, outbis,
dlen, &out, &outlen);
+ }
if (rc != SHISHI_OK)
{
printf ("decryption error\n");
return 1;
}
-
+
/* len = first 4 bytes of decrypted data */
- *len = ntohl (*((int *) out));
+ if (proto == 2)
+ {
+ /* in KCMDV0.2 first 4 bytes of decrypted data = len of data */
+ *len = ntohl (*((int *) out));
+ val = sizeof (int);
+ }
+ else
+ {
+ *len = outlen;
+ val = 0;
+ }
- /* update iv */
- memcpy (iv->iv, iv2, iv->ivlen);
+ if (proto == 2)
+ {
+ /* update iv */
+ memcpy (iv->iv, iv2, iv->ivlen);
+ }
- /* Temp patch to remove 5 unidentified bytes data from server */
memset (buf, 0, BUFLEN);
- // if ((unsigned char) out[4] == 255)
- // val = 5 + sizeof (int);
- //else
- val = sizeof (int);
/* copy decrypted data to output */
- memcpy (buf, out + val, strlen (out + val));
+ memcpy (buf, out + val, outlen-val);
free (out);
free (outbis);
@@ -524,7 +573,7 @@
/* write encrypted data to socket */
int
writeenc (Shishi * h, int sock, char *buf, int wlen, int *len, shishi_ivector
*iv,
- Shishi_key * enckey)
+ Shishi_key * enckey, int proto)
{
char *out;
char *bufbis;
@@ -540,40 +589,51 @@
dlen = htonl (dlen);
/* data to encrypt = size + data */
- bufbis = malloc (wlen + sizeof (int));
- memcpy (bufbis, (char *) &dlen, sizeof (int));
- memcpy (bufbis + sizeof (int), buf, wlen);
-
- /* encrypt it */
- rc =
- shishi_encrypt_ivupdate (h, enckey, iv->keyusage, iv->iv, iv->ivlen, &iv2,
&iv->ivlen, bufbis,
- wlen + sizeof (int), &out, &outlen);
+ if (proto == 2)
+ {
+ bufbis = malloc (wlen + sizeof (int));
+ memset (bufbis, 0, wlen + sizeof (int));
+ memcpy (bufbis, (char *) &dlen, sizeof (int));
+ memcpy (bufbis + sizeof (int), buf, wlen);
+
+ /* encrypt it */
+ rc =
+ shishi_encrypt_ivupdate (h, enckey, iv->keyusage, iv->iv, iv->ivlen,
&iv2, &iv->ivlen, bufbis,
+ wlen + sizeof (int), &out, &outlen);
+ }
+ else
+ {
+ bufbis = malloc (wlen);
+ memset (bufbis, 0, wlen);
+ memcpy (bufbis, buf, wlen);
+
+ /* data to encrypt = size + data */
+ rc =
+ shishi_encrypt (h, enckey, iv->keyusage, bufbis, wlen, &out, &outlen);
+ }
+
if (rc != SHISHI_OK)
{
printf ("decryption error\n");
+ free (bufbis);
return 1;
}
free (bufbis);
/* data to send = original size + encrypted data */
- bufbis = malloc (outlen + sizeof (int));
- if (bufbis == NULL)
- {
- printf ("Malloc error!\n");
- return 1;
- }
- memcpy (bufbis, (char *) &dlen, sizeof (int));
- memcpy (bufbis + sizeof (int), out, outlen);
-
/* send it */
- write (sock, bufbis, outlen + sizeof (int));
+ write (sock, &dlen, sizeof (int));
+ write (sock, out, outlen);
+
*len = wlen;
- /* update iv */
- memcpy (iv->iv, iv2, iv->ivlen);
+ if (proto == 2)
+ {
+ /* update iv */
+ memcpy (iv->iv, iv2, iv->ivlen);
+ }
- free (bufbis);
free (out);
return SHISHI_OK;
- inetutils/libinetutils shishi.c,
shishi-commit <=