* $Source$
* $Author$
*
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
*
* For copying and distribution information, please see the file
* <krb5/copyright.h>.
"$Id$";
#endif /* !lint & !SABER */
-#include <krb5/copyright.h>
#include "krb425.h"
+#include <arpa/inet.h>
long
krb_mk_priv(in, out, in_length, sched, key, sender, receiver)
krb5_data inbuf;
krb5_data out5;
krb5_keyblock keyb;
- krb5_address saddr;
+ krb5_address saddr, *saddr2;
krb5_address raddr;
krb5_error_code r;
char sa[4], ra[4];
+ krb5_rcache rcache;
keyb.keytype = KEYTYPE_DES;
keyb.length = sizeof(des_cblock);
inbuf.data = (char *)in;
inbuf.length = in_length;
- if (r = krb5_mk_priv(&inbuf,
- KEYTYPE_DES,
- &keyb,
- &saddr, &raddr,
- 0, /* no sequence number */
- 0, /* default flags (none) */
- 0, &out5)) {
+ if (r = krb5_gen_portaddr(&saddr, (krb5_pointer)&sender->sin_port,
+ &saddr2)) {
+#ifdef EBUG
+ ERROR(r);
+#endif
+ return(-1);
+ }
+
+
+ if (rcache = (krb5_rcache) malloc(sizeof(*rcache))) {
+ if (!(r = krb5_rc_resolve_type(&rcache, "dfl"))) {
+ char *cachename;
+ extern krb5_deltat krb5_clockskew;
+ char *insender;
+
+ insender = inet_ntoa(sender->sin_addr);
+
+ if (cachename = calloc(1, strlen(insender)+1+3)) {
+ strcpy(cachename, "rc_");
+ strcat(cachename, insender);
+
+ if (!(r = krb5_rc_resolve(rcache, cachename))) {
+ if (!((r = krb5_rc_recover(rcache)) &&
+ (r = krb5_rc_initialize(rcache,
+ krb5_clockskew)))) {
+ r = krb5_mk_priv(&inbuf,
+ KEYTYPE_DES,
+ &keyb,
+ saddr2, &raddr,
+ 0, /* no sequence number */
+ 0, /* default flags (none) */
+ rcache,
+ 0, /* ignore ivec */
+ &out5);
+ krb5_rc_close(rcache);
+ }
+ }
+ free(cachename);
+ } else
+ r = ENOMEM;
+ }
+ xfree(rcache);
+ } else {
+ krb5_free_addr(saddr2);
+#ifdef EBUG
+ ERROR(ENOMEM);
+#endif
+ return(-1);
+ }
+ krb5_free_addr(saddr2);
+ if (r) {
#ifdef EBUG
ERROR(r);
#endif
* $Source$
* $Author$
*
- * Copyright 1990 by the Massachusetts Institute of Technology.
+ * Copyright 1990,1991 by the Massachusetts Institute of Technology.
+ * All Rights Reserved.
*
* For copying and distribution information, please see the file
* <krb5/copyright.h>.
"$Id$";
#endif /* !lint & !SABER */
-#include <krb5/copyright.h>
#include "krb425.h"
+#include <arpa/inet.h>
long
krb_mk_safe(in, out, in_length, key, sender, receiver)
krb5_data inbuf;
krb5_data out5;
krb5_keyblock keyb;
- krb5_address saddr;
+ krb5_address saddr, *saddr2;
krb5_address raddr;
krb5_error_code r;
char sa[4], ra[4];
+ krb5_rcache rcache;
keyb.keytype = KEYTYPE_DES;
keyb.length = sizeof(des_cblock);
inbuf.data = (char *)in;
inbuf.length = in_length;
- if (r = krb5_mk_safe(&inbuf,
- CKSUMTYPE_CRC32,
- &keyb,
- &saddr, &raddr,
- 0, /* no sequence number */
- 0, /* default flags (none) */
- &out5)) {
+ if (r = krb5_gen_portaddr(&saddr, (krb5_pointer)&sender->sin_port,
+ &saddr2)) {
+#ifdef EBUG
+ ERROR(r);
+#endif
+ return(-1);
+ }
+
+ if (rcache = (krb5_rcache) malloc(sizeof(*rcache))) {
+ if (!(r = krb5_rc_resolve_type(&rcache, "dfl"))) {
+ char *cachename;
+ extern krb5_deltat krb5_clockskew;
+ char *insender;
+
+ insender = inet_ntoa(sender->sin_addr);
+
+ if (cachename = calloc(1, strlen(insender)+1+3)) {
+ strcpy(cachename, "rc_");
+ strcat(cachename, insender);
+
+ if (!(r = krb5_rc_resolve(rcache, cachename))) {
+ if (!((r = krb5_rc_recover(rcache)) &&
+ (r = krb5_rc_initialize(rcache,
+ krb5_clockskew)))) {
+ r = krb5_mk_safe(&inbuf,
+ CKSUMTYPE_RSA_MD4_DES,
+ &keyb,
+ saddr2, &raddr,
+ 0, /* no sequence number */
+ 0, /* default flags (none) */
+ rcache,
+ &out5);
+ krb5_rc_close(rcache);
+ }
+ }
+ free(cachename);
+ } else
+ r = ENOMEM;
+ }
+ xfree(rcache);
+ } else {
+ krb5_free_addr(saddr2);
+#ifdef EBUG
+ ERROR(ENOMEM);
+#endif
+ return(-1);
+ }
+ krb5_free_addr(saddr2);
+ if (r) {
#ifdef EBUG
ERROR(r);
#endif
DECLARG(const krb5_address *, recv_addr),
DECLARG(krb5_int32, seq_number),
DECLARG(krb5_int32, priv_flags),
+ DECLARG(krb5_rcache, rcache),
DECLARG(krb5_pointer, i_vector),
DECLARG(krb5_data *, outbuf))
OLDDECLARG(const krb5_data *, userdata)
OLDDECLARG(const krb5_address *, recv_addr)
OLDDECLARG(krb5_int32, seq_number)
OLDDECLARG(krb5_int32, priv_flags)
+OLDDECLARG(krb5_rcache, rcache)
OLDDECLARG(krb5_pointer, i_vector)
OLDDECLARG(krb5_data *, outbuf)
{
privmsg_enc_part.r_address = 0;
if (!(priv_flags & KRB5_PRIV_NOTIME)) {
+ if (!rcache)
+ /* gotta provide an rcache in this case... */
+ return KRB5_RC_REQUIRED;
if (retval = krb5_us_timeofday(&privmsg_enc_part.timestamp,
&privmsg_enc_part.usec))
return retval;
}
#define cleanup_encpart() {\
-(void) memset(privmsg.enc_part.ciphertext.data, 0, \
+ (void) memset(privmsg.enc_part.ciphertext.data, 0, \
privmsg.enc_part.ciphertext.length); \
-free(privmsg.enc_part.ciphertext.data); \
-privmsg.enc_part.ciphertext.length = 0; privmsg.enc_part.ciphertext.data = 0;}
+ free(privmsg.enc_part.ciphertext.data); \
+ privmsg.enc_part.ciphertext.length = 0; \
+ privmsg.enc_part.ciphertext.data = 0;}
/* do any necessary key pre-processing */
if (retval = krb5_process_key(&eblock, key)) {
}
cleanup_encpart();
+ if (!(priv_flags & KRB5_PRIV_NOTIME)) {
+ krb5_donot_replay replay;
+
+ if (retval = krb5_gen_replay_name(sender_addr, "_priv",
+ &replay.client)) {
+ cleanup_scratch();
+ return retval;
+ }
+
+ replay.server = ""; /* XXX */
+ replay.cusec = privmsg_enc_part.usec;
+ replay.ctime = privmsg_enc_part.timestamp;
+ if (retval = krb5_rc_store(rcache, &replay)) {
+ /* should we really error out here? XXX */
+ cleanup_scratch();
+ xfree(replay.client);
+ return retval;
+ }
+ xfree(replay.client);
+ }
*outbuf = *scratch;
xfree(scratch);
return 0;
DECLARG(const krb5_address *, recv_addr),
DECLARG(krb5_int32, seq_number),
DECLARG(krb5_int32, safe_flags),
+ DECLARG(krb5_rcache, rcache),
DECLARG(krb5_data *, outbuf))
OLDDECLARG(const krb5_data *, userdata)
OLDDECLARG(const krb5_cksumtype, sumtype)
OLDDECLARG(const krb5_address *, recv_addr)
OLDDECLARG(krb5_int32, seq_number)
OLDDECLARG(krb5_int32, safe_flags)
+OLDDECLARG(krb5_rcache, rcache)
OLDDECLARG(krb5_data *, outbuf)
{
krb5_error_code retval;
safemsg.r_address = 0;
if (!(safe_flags & KRB5_SAFE_NOTIME)) {
+ if (!rcache)
+ /* gotta provide an rcache in this case... */
+ return KRB5_RC_REQUIRED;
if (retval = krb5_us_timeofday(&safemsg.timestamp, &safemsg.usec))
return retval;
}
return retval;
}
xfree(safe_checksum.contents);
+ if (!(safe_flags & KRB5_SAFE_NOTIME)) {
+ krb5_donot_replay replay;
+
+ if (retval = krb5_gen_replay_name(sender_addr, "_safe",
+ &replay.client)) {
+ clean_scratch();
+ return retval;
+ }
+
+ replay.server = ""; /* XXX */
+ replay.cusec = safemsg.usec;
+ replay.ctime = safemsg.timestamp;
+ if (retval = krb5_rc_store(rcache, &replay)) {
+ /* should we really error out here? XXX */
+ clean_scratch();
+ xfree(replay.client);
+ return retval;
+ }
+ xfree(replay.client);
+ }
*outbuf = *scratch;
xfree(scratch);