shishi-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

inetutils/libinetutils shishi.c

From: shishi-commit
Subject: inetutils/libinetutils shishi.c
Date: Wed, 17 Sep 2003 09:16:52 -0400 
CVSROOT:        /cvsroot/shishi
Module name:    inetutils
Branch:         
Changes by:     Nicolas Pouvesle <address@hidden>       03/09/17 09:16:52

Modified files:
        libinetutils   : shishi.c 

Log message:
        Add KCMDV0.1 protocol support.

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/libinetutils/shishi.c.diff?tr1=1.1&tr2=1.2&r1=text&r2=text

Patches:
Index: inetutils/libinetutils/shishi.c
diff -u inetutils/libinetutils/shishi.c:1.1 inetutils/libinetutils/shishi.c:1.2
--- inetutils/libinetutils/shishi.c:1.1 Sat Sep 13 16:10:37 2003
+++ inetutils/libinetutils/shishi.c     Wed Sep 17 09:16:52 2003
@@ -224,7 +224,7 @@
 }
 
 int
-get_auth (int infd, Shishi ** handle, Shishi_key ** enckey, const char 
**err_msg)
+get_auth (int infd, Shishi ** handle, Shishi_key ** enckey, const char 
**err_msg, int * protoversion)
 {
   Shishi_key *key;
   Shishi_ap *ap;
@@ -240,7 +240,8 @@
   /* KERBEROS 5 SENDAUTH MESSAGE */
   char krb5sendauth[] = "KRB5_SENDAUTH_V1.0";
   /* PROTOCOL VERSION */
-  char krb5sendclient[] = "KCMDV0.2";
+  char krb5kcmd1[] = "KCMDV0.1";
+  char krb5kcmd2[] = "KCMDV0.2";
   int auth_correct = 0;
   char * servername;
 
@@ -293,7 +294,7 @@
       senderror (infd, 1, "Invalid authentication type.\r\n");
       return 1;
     }
-  
+
   free (buf);
 
   /* Read protocol version */
@@ -303,7 +304,6 @@
       senderror (infd, 2, "Error reading protocol message size...\r\n");
       return 1;
     }
-  
   buflen = ntohl (len);
   buf = (char *) xmalloc (buflen);
 
@@ -314,13 +314,21 @@
       return 1;
     }
 
-  len = strlen (krb5sendclient);
-  rc = strncmp (buf, krb5sendclient, buflen >= len ? len : buflen);
+  len = strlen (krb5kcmd1);
+  rc = strncmp (buf, krb5kcmd1, buflen >= len ? len : buflen);
   if (rc)
     {
-      senderror (infd, 2, "Protocol version not supported...\r\n");
-      return 1;
+      len = strlen (krb5kcmd2);
+      rc = strncmp (buf, krb5kcmd2, buflen >= len ? len : buflen);
+      if (rc)
+       {
+         senderror (infd, 2, "Protocol version not supported...\r\n");
+         return 1;
+       }
+      *protoversion = 2;
     }
+  else
+    *protoversion = 1;
 
   free (buf);
   
@@ -380,13 +388,15 @@
 #ifdef ENCRYPTION
 
   /* extract subkey if present from ap exchange for secure connection */
-
-  *enckey = NULL;
-  shishi_authenticator_get_subkey (*handle, shishi_ap_authenticator (ap), 
enckey);
+  if (*protoversion == 2)
+    {
+      *enckey = NULL;
+      shishi_authenticator_get_subkey (*handle, shishi_ap_authenticator (ap), 
enckey);
+    }
+  
 #endif
 
   /* User is authenticated. */
-
   error = 0;
   write (infd, &error, sizeof (int));
 
@@ -423,6 +433,28 @@
      /* We are authenticated to client */
     }
 
+#ifdef ENCRYPTION
+  if (*protoversion == 1)
+    {
+      Shishi_tkt * tkt;
+      
+      tkt = shishi_ap_tkt (ap);
+      if (tkt == NULL)
+       {
+         syslog (LOG_ERR, "Could not get tkt from AP-REQ: %s\n", 
shishi_strerror (rc));
+         return 1;
+       }
+
+      rc = shishi_encticketpart_get_key (*handle, 
+                                   shishi_tkt_encticketpart (tkt), enckey);
+      if (rc != SHISHI_OK)
+       {
+         syslog (LOG_ERR, "Could not get key from Encticketpart: %s\n", 
shishi_strerror (rc));
+         return 1;
+       }
+    }
+#endif
+
   shishi_ap_done (ap);
   
   return SHISHI_OK;
@@ -433,7 +465,7 @@
 /* read encrypted data on socket */
 int
 readenc (Shishi * h, int sock, char *buf, int *len, shishi_ivector *iv,
-        Shishi_key * enckey)
+        Shishi_key * enckey, int proto)
 {
   char *out;
   char *outbis;
@@ -462,7 +494,9 @@
   hashsize =
     shishi_checksum_cksumlen (shishi_cipher_defaultcksumtype (enctype));
 
-  dlen += blocksize - 1 + 4;
+  dlen += blocksize - 1;
+  if (proto == 2)
+    dlen += 4;
   if (shishi_key_type (enckey) != SHISHI_DES3_CBC_HMAC_SHA1_KD)
     dlen += hashsize;
   else
@@ -489,31 +523,46 @@
       return 1;
     }
   
-  /* decrypt it */
-  rc =
-    shishi_decrypt_ivupdate (h, enckey, iv->keyusage, iv->iv, iv->ivlen, &iv2, 
&iv->ivlen, outbis,
+  if (proto == 1)
+    { 
+      rc =
+       shishi_decrypt (h, enckey, iv->keyusage, outbis, dlen, &out, &outlen);
+    }
+  else
+    {
+      rc =
+       shishi_decrypt_ivupdate (h, enckey, iv->keyusage, iv->iv, iv->ivlen, 
&iv2, &iv->ivlen, outbis,
                             dlen, &out, &outlen);
+    }
   if (rc != SHISHI_OK)
     {
       printf ("decryption error\n");
       return 1;
     }
-  
+
   /* len = first 4 bytes of decrypted data */
-  *len = ntohl (*((int *) out));
+  if (proto == 2)
+    {
+      /* in KCMDV0.2 first 4 bytes of decrypted data = len of data */
+      *len = ntohl (*((int *) out));
+      val = sizeof (int);
+    }
+  else
+    {
+      *len = outlen;
+      val = 0;
+    }
 
-  /* update iv */
-  memcpy (iv->iv, iv2, iv->ivlen);
+  if (proto == 2)
+    {
+      /* update iv */
+      memcpy (iv->iv, iv2, iv->ivlen);
+    }
 
-  /* Temp patch to remove 5 unidentified bytes data from server */
   memset (buf, 0, BUFLEN);
-  //  if ((unsigned char) out[4] == 255)
-  //  val = 5 + sizeof (int);
-  //else
-    val = sizeof (int);
 
   /* copy decrypted data to output */
-  memcpy (buf, out + val, strlen (out + val));
+  memcpy (buf, out + val, outlen-val);
 
   free (out);
   free (outbis);
@@ -524,7 +573,7 @@
 /* write encrypted data to socket */
 int
 writeenc (Shishi * h, int sock, char *buf, int wlen, int *len, shishi_ivector 
*iv,
-         Shishi_key * enckey)
+         Shishi_key * enckey, int proto)
 {
   char *out;
   char *bufbis;
@@ -540,40 +589,51 @@
   dlen = htonl (dlen);
 
   /* data to encrypt = size + data */
-  bufbis = malloc (wlen + sizeof (int));
-  memcpy (bufbis, (char *) &dlen, sizeof (int));
-  memcpy (bufbis + sizeof (int), buf, wlen);
-
-  /* encrypt it */
-  rc =
-    shishi_encrypt_ivupdate (h, enckey, iv->keyusage, iv->iv, iv->ivlen, &iv2, 
&iv->ivlen, bufbis,
-                            wlen + sizeof (int), &out, &outlen);
+  if (proto == 2)
+    {
+      bufbis = malloc (wlen + sizeof (int));
+      memset (bufbis, 0, wlen + sizeof (int));
+      memcpy (bufbis, (char *) &dlen, sizeof (int));
+      memcpy (bufbis + sizeof (int), buf, wlen);
+      
+      /* encrypt it */
+      rc =
+       shishi_encrypt_ivupdate (h, enckey, iv->keyusage, iv->iv, iv->ivlen, 
&iv2, &iv->ivlen, bufbis,
+                                wlen + sizeof (int), &out, &outlen);
+    }
+  else
+    {
+      bufbis = malloc (wlen);
+      memset (bufbis, 0, wlen);
+      memcpy (bufbis, buf, wlen);
+    
+      /* data to encrypt = size + data */
+      rc =
+       shishi_encrypt (h, enckey, iv->keyusage, bufbis, wlen, &out, &outlen);  
  
+    }
+
   if (rc != SHISHI_OK)
     {
       printf ("decryption error\n");
+      free (bufbis);
       return 1;
     }
 
   free (bufbis);
 
   /* data to send = original size + encrypted data */
-  bufbis = malloc (outlen + sizeof (int));
-  if (bufbis == NULL)
-    {
-      printf ("Malloc error!\n");
-      return 1;
-    }
-  memcpy (bufbis, (char *) &dlen, sizeof (int));
-  memcpy (bufbis + sizeof (int), out, outlen);
-
   /* send it */
-  write (sock, bufbis, outlen + sizeof (int));
+  write (sock, &dlen, sizeof (int));
+  write (sock, out, outlen);
+
   *len = wlen;
 
-  /* update iv */
-  memcpy (iv->iv, iv2, iv->ivlen);
+  if (proto == 2)
+    {
+      /* update iv */
+      memcpy (iv->iv, iv2, iv->ivlen);
+    }
 
-  free (bufbis);
   free (out);
 
   return SHISHI_OK;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]