add rcache handling
authorJohn Kohl <jtkohl@mit.edu>
Wed, 27 Feb 1991 11:48:26 +0000 (11:48 +0000)
committerJohn Kohl <jtkohl@mit.edu>
Wed, 27 Feb 1991 11:48:26 +0000 (11:48 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1797 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb425/mk_priv.c
src/lib/krb425/mk_safe.c
src/lib/krb5/krb/mk_priv.c
src/lib/krb5/krb/mk_safe.c

index d360056f828dd70d9ed1712c58e06c5c8743ef54..6aa5b3765115ff5975e6b7ab64e098c0f4a9b002 100644 (file)
@@ -2,7 +2,8 @@
  * $Source$
  * $Author$
  *
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
  *
  * For copying and distribution information, please see the file
  * <krb5/copyright.h>.
@@ -15,8 +16,8 @@ static char rcsid_mk_priv_c[] =
 "$Id$";
 #endif /* !lint & !SABER */
 
-#include <krb5/copyright.h>
 #include "krb425.h"
+#include <arpa/inet.h>
 
 long
 krb_mk_priv(in, out, in_length, sched, key, sender, receiver)
@@ -31,10 +32,11 @@ struct sockaddr_in *receiver;
        krb5_data inbuf;
        krb5_data out5;
        krb5_keyblock keyb;
-       krb5_address saddr;
+       krb5_address saddr, *saddr2;
        krb5_address raddr;
        krb5_error_code r;
        char sa[4], ra[4];
+       krb5_rcache rcache;
 
        keyb.keytype = KEYTYPE_DES;
        keyb.length = sizeof(des_cblock);
@@ -54,13 +56,57 @@ struct sockaddr_in *receiver;
        inbuf.data = (char *)in;
        inbuf.length = in_length;
 
-       if (r = krb5_mk_priv(&inbuf,
-                            KEYTYPE_DES,
-                            &keyb,
-                            &saddr, &raddr,
-                            0,         /* no sequence number */
-                            0,         /* default flags (none) */
-                            0, &out5)) {
+       if (r = krb5_gen_portaddr(&saddr, (krb5_pointer)&sender->sin_port,
+                                 &saddr2)) {
+#ifdef EBUG
+           ERROR(r);
+#endif
+           return(-1);
+       }
+
+
+       if (rcache = (krb5_rcache) malloc(sizeof(*rcache))) {
+           if (!(r = krb5_rc_resolve_type(&rcache, "dfl"))) {
+               char *cachename;
+               extern krb5_deltat krb5_clockskew;
+               char *insender;
+
+               insender = inet_ntoa(sender->sin_addr);
+
+               if (cachename = calloc(1, strlen(insender)+1+3)) {
+                   strcpy(cachename, "rc_");
+                   strcat(cachename, insender);
+
+                   if (!(r = krb5_rc_resolve(rcache, cachename))) {
+                       if (!((r = krb5_rc_recover(rcache)) &&
+                             (r = krb5_rc_initialize(rcache,
+                                                     krb5_clockskew)))) {
+                           r = krb5_mk_priv(&inbuf,
+                                            KEYTYPE_DES,
+                                            &keyb,
+                                            saddr2, &raddr,
+                                            0, /* no sequence number */
+                                            0, /* default flags (none) */
+                                            rcache,
+                                            0, /* ignore ivec */
+                                            &out5);
+                           krb5_rc_close(rcache);
+                       }
+                   }
+                   free(cachename);
+               } else
+                   r = ENOMEM;
+           }
+           xfree(rcache);
+       } else {
+           krb5_free_addr(saddr2);
+#ifdef EBUG
+           ERROR(ENOMEM);
+#endif
+           return(-1);
+       }
+       krb5_free_addr(saddr2);
+       if (r) {
 #ifdef EBUG
                ERROR(r);
 #endif
index 28d6407cdc1aed0f28b65267014143e4fe8ddee3..8d0b39c7aca25b08b8fe68cff12b2a0c40e3a214 100644 (file)
@@ -2,7 +2,8 @@
  * $Source$
  * $Author$
  *
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
  *
  * For copying and distribution information, please see the file
  * <krb5/copyright.h>.
@@ -15,8 +16,8 @@ static char rcsid_mk_safe_c[] =
 "$Id$";
 #endif /* !lint & !SABER */
 
-#include <krb5/copyright.h>
 #include "krb425.h"
+#include <arpa/inet.h>
 
 long
 krb_mk_safe(in, out, in_length, key, sender, receiver)
@@ -30,10 +31,11 @@ struct sockaddr_in *receiver;
        krb5_data inbuf;
        krb5_data out5;
        krb5_keyblock keyb;
-       krb5_address saddr;
+       krb5_address saddr, *saddr2;
        krb5_address raddr;
        krb5_error_code r;
        char sa[4], ra[4];
+       krb5_rcache rcache;
 
        keyb.keytype = KEYTYPE_DES;
        keyb.length = sizeof(des_cblock);
@@ -53,13 +55,55 @@ struct sockaddr_in *receiver;
        inbuf.data = (char *)in;
        inbuf.length = in_length;
 
-       if (r = krb5_mk_safe(&inbuf,
-                            CKSUMTYPE_CRC32,
-                            &keyb,
-                            &saddr, &raddr,
-                            0,         /* no sequence number */
-                            0,         /* default flags (none) */
-                            &out5)) {
+       if (r = krb5_gen_portaddr(&saddr, (krb5_pointer)&sender->sin_port,
+                                 &saddr2)) {
+#ifdef EBUG
+           ERROR(r);
+#endif
+           return(-1);
+       }
+
+       if (rcache = (krb5_rcache) malloc(sizeof(*rcache))) {
+           if (!(r = krb5_rc_resolve_type(&rcache, "dfl"))) {
+               char *cachename;
+               extern krb5_deltat krb5_clockskew;
+               char *insender;
+
+               insender = inet_ntoa(sender->sin_addr);
+
+               if (cachename = calloc(1, strlen(insender)+1+3)) {
+                   strcpy(cachename, "rc_");
+                   strcat(cachename, insender);
+
+                   if (!(r = krb5_rc_resolve(rcache, cachename))) {
+                       if (!((r = krb5_rc_recover(rcache)) &&
+                             (r = krb5_rc_initialize(rcache,
+                                                     krb5_clockskew)))) {
+                           r = krb5_mk_safe(&inbuf,
+                                            CKSUMTYPE_RSA_MD4_DES,
+                                            &keyb,
+                                            saddr2, &raddr,
+                                            0, /* no sequence number */
+                                            0, /* default flags (none) */
+                                            rcache,
+                                            &out5);
+                           krb5_rc_close(rcache);
+                       }
+                   }
+                   free(cachename);
+               } else
+                   r = ENOMEM;
+           }
+           xfree(rcache);
+       } else {
+           krb5_free_addr(saddr2);
+#ifdef EBUG
+           ERROR(ENOMEM);
+#endif
+           return(-1);
+       }
+       krb5_free_addr(saddr2);
+       if (r) {
 #ifdef EBUG
                ERROR(r);
 #endif
index d4c1e0b33313e5814da0953337bb917895951694..003cb71f3d2c41d01e23d0223ba346a3b26883a7 100644 (file)
@@ -46,6 +46,7 @@ krb5_mk_priv(DECLARG(const krb5_data *, userdata),
             DECLARG(const krb5_address *, recv_addr),
             DECLARG(krb5_int32, seq_number),
             DECLARG(krb5_int32, priv_flags),
+            DECLARG(krb5_rcache, rcache),
             DECLARG(krb5_pointer, i_vector),
             DECLARG(krb5_data *, outbuf))
 OLDDECLARG(const krb5_data *, userdata)
@@ -55,6 +56,7 @@ OLDDECLARG(const krb5_address *, sender_addr)
 OLDDECLARG(const krb5_address *, recv_addr)
 OLDDECLARG(krb5_int32, seq_number)
 OLDDECLARG(krb5_int32, priv_flags)
+OLDDECLARG(krb5_rcache, rcache)
 OLDDECLARG(krb5_pointer, i_vector)
 OLDDECLARG(krb5_data *, outbuf)
 {
@@ -77,6 +79,9 @@ OLDDECLARG(krb5_data *, outbuf)
        privmsg_enc_part.r_address = 0;
 
     if (!(priv_flags & KRB5_PRIV_NOTIME)) {
+       if (!rcache)
+           /* gotta provide an rcache in this case... */
+           return KRB5_RC_REQUIRED;
        if (retval = krb5_us_timeofday(&privmsg_enc_part.timestamp,
                                       &privmsg_enc_part.usec))
            return retval;
@@ -114,10 +119,11 @@ OLDDECLARG(krb5_data *, outbuf)
     }
 
 #define cleanup_encpart() {\
-(void) memset(privmsg.enc_part.ciphertext.data, 0, \
+       (void) memset(privmsg.enc_part.ciphertext.data, 0, \
             privmsg.enc_part.ciphertext.length); \
-free(privmsg.enc_part.ciphertext.data); \
-privmsg.enc_part.ciphertext.length = 0; privmsg.enc_part.ciphertext.data = 0;}
+       free(privmsg.enc_part.ciphertext.data); \
+       privmsg.enc_part.ciphertext.length = 0; \
+       privmsg.enc_part.ciphertext.data = 0;}
 
     /* do any necessary key pre-processing */
     if (retval = krb5_process_key(&eblock, key)) {
@@ -157,6 +163,26 @@ privmsg.enc_part.ciphertext.length = 0; privmsg.enc_part.ciphertext.data = 0;}
     }
 
     cleanup_encpart();
+    if (!(priv_flags & KRB5_PRIV_NOTIME)) {
+       krb5_donot_replay replay;
+
+       if (retval = krb5_gen_replay_name(sender_addr, "_priv",
+                                         &replay.client)) {
+           cleanup_scratch();
+           return retval;
+       }
+
+       replay.server = "";             /* XXX */
+       replay.cusec = privmsg_enc_part.usec;
+       replay.ctime = privmsg_enc_part.timestamp;
+       if (retval = krb5_rc_store(rcache, &replay)) {
+           /* should we really error out here? XXX */
+           cleanup_scratch();
+           xfree(replay.client);
+           return retval;
+       }
+       xfree(replay.client);
+    }
     *outbuf = *scratch;
     xfree(scratch);
     return 0;
index 5fe61d61065e31964d8772315dc1255038055921..c5b32a462fae3d62f8901df05df11482b65a41fd 100644 (file)
@@ -44,6 +44,7 @@ krb5_mk_safe(DECLARG(const krb5_data *, userdata),
             DECLARG(const krb5_address *, recv_addr),
             DECLARG(krb5_int32, seq_number),
             DECLARG(krb5_int32, safe_flags),
+            DECLARG(krb5_rcache, rcache),
             DECLARG(krb5_data *, outbuf))
 OLDDECLARG(const krb5_data *, userdata)
 OLDDECLARG(const krb5_cksumtype, sumtype)
@@ -52,6 +53,7 @@ OLDDECLARG(const krb5_address *, sender_addr)
 OLDDECLARG(const krb5_address *, recv_addr)
 OLDDECLARG(krb5_int32, seq_number)
 OLDDECLARG(krb5_int32, safe_flags)
+OLDDECLARG(krb5_rcache, rcache)
 OLDDECLARG(krb5_data *, outbuf)
 {
     krb5_error_code retval;
@@ -73,6 +75,9 @@ OLDDECLARG(krb5_data *, outbuf)
        safemsg.r_address = 0;
 
     if (!(safe_flags & KRB5_SAFE_NOTIME)) {
+       if (!rcache)
+           /* gotta provide an rcache in this case... */
+           return KRB5_RC_REQUIRED;
        if (retval = krb5_us_timeofday(&safemsg.timestamp, &safemsg.usec))
            return retval;
     }
@@ -120,6 +125,26 @@ OLDDECLARG(krb5_data *, outbuf)
        return retval;
     }
     xfree(safe_checksum.contents);
+    if (!(safe_flags & KRB5_SAFE_NOTIME)) {
+       krb5_donot_replay replay;
+
+       if (retval = krb5_gen_replay_name(sender_addr, "_safe",
+                                         &replay.client)) {
+           clean_scratch();
+           return retval;
+       }
+
+       replay.server = "";             /* XXX */
+       replay.cusec = safemsg.usec;
+       replay.ctime = safemsg.timestamp;
+       if (retval = krb5_rc_store(rcache, &replay)) {
+           /* should we really error out here? XXX */
+           clean_scratch();
+           xfree(replay.client);
+           return retval;
+       }
+       xfree(replay.client);
+    }
     *outbuf = *scratch;
     xfree(scratch);