From 103265630c5c8991088d6116cdee821a27ca4ca9 Mon Sep 17 00:00:00 2001 From: John Kohl Date: Wed, 27 Feb 1991 11:48:26 +0000 Subject: [PATCH] add rcache handling git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@1797 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb425/mk_priv.c | 66 ++++++++++++++++++++++++++++++++------ src/lib/krb425/mk_safe.c | 64 ++++++++++++++++++++++++++++++------ src/lib/krb5/krb/mk_priv.c | 32 ++++++++++++++++-- src/lib/krb5/krb/mk_safe.c | 25 +++++++++++++++ 4 files changed, 164 insertions(+), 23 deletions(-) diff --git a/src/lib/krb425/mk_priv.c b/src/lib/krb425/mk_priv.c index d360056f8..6aa5b3765 100644 --- a/src/lib/krb425/mk_priv.c +++ b/src/lib/krb425/mk_priv.c @@ -2,7 +2,8 @@ * $Source$ * $Author$ * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * All Rights Reserved. * * For copying and distribution information, please see the file * . @@ -15,8 +16,8 @@ static char rcsid_mk_priv_c[] = "$Id$"; #endif /* !lint & !SABER */ -#include #include "krb425.h" +#include long krb_mk_priv(in, out, in_length, sched, key, sender, receiver) @@ -31,10 +32,11 @@ struct sockaddr_in *receiver; krb5_data inbuf; krb5_data out5; krb5_keyblock keyb; - krb5_address saddr; + krb5_address saddr, *saddr2; krb5_address raddr; krb5_error_code r; char sa[4], ra[4]; + krb5_rcache rcache; keyb.keytype = KEYTYPE_DES; keyb.length = sizeof(des_cblock); @@ -54,13 +56,57 @@ struct sockaddr_in *receiver; inbuf.data = (char *)in; inbuf.length = in_length; - if (r = krb5_mk_priv(&inbuf, - KEYTYPE_DES, - &keyb, - &saddr, &raddr, - 0, /* no sequence number */ - 0, /* default flags (none) */ - 0, &out5)) { + if (r = krb5_gen_portaddr(&saddr, (krb5_pointer)&sender->sin_port, + &saddr2)) { +#ifdef EBUG + ERROR(r); +#endif + return(-1); + } + + + if (rcache = (krb5_rcache) malloc(sizeof(*rcache))) { + if (!(r = krb5_rc_resolve_type(&rcache, "dfl"))) { + char *cachename; + extern krb5_deltat krb5_clockskew; + char *insender; + + insender = inet_ntoa(sender->sin_addr); + + if (cachename = calloc(1, strlen(insender)+1+3)) { + strcpy(cachename, "rc_"); + strcat(cachename, insender); + + if (!(r = krb5_rc_resolve(rcache, cachename))) { + if (!((r = krb5_rc_recover(rcache)) && + (r = krb5_rc_initialize(rcache, + krb5_clockskew)))) { + r = krb5_mk_priv(&inbuf, + KEYTYPE_DES, + &keyb, + saddr2, &raddr, + 0, /* no sequence number */ + 0, /* default flags (none) */ + rcache, + 0, /* ignore ivec */ + &out5); + krb5_rc_close(rcache); + } + } + free(cachename); + } else + r = ENOMEM; + } + xfree(rcache); + } else { + krb5_free_addr(saddr2); +#ifdef EBUG + ERROR(ENOMEM); +#endif + return(-1); + } + krb5_free_addr(saddr2); + if (r) { #ifdef EBUG ERROR(r); #endif diff --git a/src/lib/krb425/mk_safe.c b/src/lib/krb425/mk_safe.c index 28d6407cd..8d0b39c7a 100644 --- a/src/lib/krb425/mk_safe.c +++ b/src/lib/krb425/mk_safe.c @@ -2,7 +2,8 @@ * $Source$ * $Author$ * - * Copyright 1990 by the Massachusetts Institute of Technology. + * Copyright 1990,1991 by the Massachusetts Institute of Technology. + * All Rights Reserved. * * For copying and distribution information, please see the file * . @@ -15,8 +16,8 @@ static char rcsid_mk_safe_c[] = "$Id$"; #endif /* !lint & !SABER */ -#include #include "krb425.h" +#include long krb_mk_safe(in, out, in_length, key, sender, receiver) @@ -30,10 +31,11 @@ struct sockaddr_in *receiver; krb5_data inbuf; krb5_data out5; krb5_keyblock keyb; - krb5_address saddr; + krb5_address saddr, *saddr2; krb5_address raddr; krb5_error_code r; char sa[4], ra[4]; + krb5_rcache rcache; keyb.keytype = KEYTYPE_DES; keyb.length = sizeof(des_cblock); @@ -53,13 +55,55 @@ struct sockaddr_in *receiver; inbuf.data = (char *)in; inbuf.length = in_length; - if (r = krb5_mk_safe(&inbuf, - CKSUMTYPE_CRC32, - &keyb, - &saddr, &raddr, - 0, /* no sequence number */ - 0, /* default flags (none) */ - &out5)) { + if (r = krb5_gen_portaddr(&saddr, (krb5_pointer)&sender->sin_port, + &saddr2)) { +#ifdef EBUG + ERROR(r); +#endif + return(-1); + } + + if (rcache = (krb5_rcache) malloc(sizeof(*rcache))) { + if (!(r = krb5_rc_resolve_type(&rcache, "dfl"))) { + char *cachename; + extern krb5_deltat krb5_clockskew; + char *insender; + + insender = inet_ntoa(sender->sin_addr); + + if (cachename = calloc(1, strlen(insender)+1+3)) { + strcpy(cachename, "rc_"); + strcat(cachename, insender); + + if (!(r = krb5_rc_resolve(rcache, cachename))) { + if (!((r = krb5_rc_recover(rcache)) && + (r = krb5_rc_initialize(rcache, + krb5_clockskew)))) { + r = krb5_mk_safe(&inbuf, + CKSUMTYPE_RSA_MD4_DES, + &keyb, + saddr2, &raddr, + 0, /* no sequence number */ + 0, /* default flags (none) */ + rcache, + &out5); + krb5_rc_close(rcache); + } + } + free(cachename); + } else + r = ENOMEM; + } + xfree(rcache); + } else { + krb5_free_addr(saddr2); +#ifdef EBUG + ERROR(ENOMEM); +#endif + return(-1); + } + krb5_free_addr(saddr2); + if (r) { #ifdef EBUG ERROR(r); #endif diff --git a/src/lib/krb5/krb/mk_priv.c b/src/lib/krb5/krb/mk_priv.c index d4c1e0b33..003cb71f3 100644 --- a/src/lib/krb5/krb/mk_priv.c +++ b/src/lib/krb5/krb/mk_priv.c @@ -46,6 +46,7 @@ krb5_mk_priv(DECLARG(const krb5_data *, userdata), DECLARG(const krb5_address *, recv_addr), DECLARG(krb5_int32, seq_number), DECLARG(krb5_int32, priv_flags), + DECLARG(krb5_rcache, rcache), DECLARG(krb5_pointer, i_vector), DECLARG(krb5_data *, outbuf)) OLDDECLARG(const krb5_data *, userdata) @@ -55,6 +56,7 @@ OLDDECLARG(const krb5_address *, sender_addr) OLDDECLARG(const krb5_address *, recv_addr) OLDDECLARG(krb5_int32, seq_number) OLDDECLARG(krb5_int32, priv_flags) +OLDDECLARG(krb5_rcache, rcache) OLDDECLARG(krb5_pointer, i_vector) OLDDECLARG(krb5_data *, outbuf) { @@ -77,6 +79,9 @@ OLDDECLARG(krb5_data *, outbuf) privmsg_enc_part.r_address = 0; if (!(priv_flags & KRB5_PRIV_NOTIME)) { + if (!rcache) + /* gotta provide an rcache in this case... */ + return KRB5_RC_REQUIRED; if (retval = krb5_us_timeofday(&privmsg_enc_part.timestamp, &privmsg_enc_part.usec)) return retval; @@ -114,10 +119,11 @@ OLDDECLARG(krb5_data *, outbuf) } #define cleanup_encpart() {\ -(void) memset(privmsg.enc_part.ciphertext.data, 0, \ + (void) memset(privmsg.enc_part.ciphertext.data, 0, \ privmsg.enc_part.ciphertext.length); \ -free(privmsg.enc_part.ciphertext.data); \ -privmsg.enc_part.ciphertext.length = 0; privmsg.enc_part.ciphertext.data = 0;} + free(privmsg.enc_part.ciphertext.data); \ + privmsg.enc_part.ciphertext.length = 0; \ + privmsg.enc_part.ciphertext.data = 0;} /* do any necessary key pre-processing */ if (retval = krb5_process_key(&eblock, key)) { @@ -157,6 +163,26 @@ privmsg.enc_part.ciphertext.length = 0; privmsg.enc_part.ciphertext.data = 0;} } cleanup_encpart(); + if (!(priv_flags & KRB5_PRIV_NOTIME)) { + krb5_donot_replay replay; + + if (retval = krb5_gen_replay_name(sender_addr, "_priv", + &replay.client)) { + cleanup_scratch(); + return retval; + } + + replay.server = ""; /* XXX */ + replay.cusec = privmsg_enc_part.usec; + replay.ctime = privmsg_enc_part.timestamp; + if (retval = krb5_rc_store(rcache, &replay)) { + /* should we really error out here? XXX */ + cleanup_scratch(); + xfree(replay.client); + return retval; + } + xfree(replay.client); + } *outbuf = *scratch; xfree(scratch); return 0; diff --git a/src/lib/krb5/krb/mk_safe.c b/src/lib/krb5/krb/mk_safe.c index 5fe61d610..c5b32a462 100644 --- a/src/lib/krb5/krb/mk_safe.c +++ b/src/lib/krb5/krb/mk_safe.c @@ -44,6 +44,7 @@ krb5_mk_safe(DECLARG(const krb5_data *, userdata), DECLARG(const krb5_address *, recv_addr), DECLARG(krb5_int32, seq_number), DECLARG(krb5_int32, safe_flags), + DECLARG(krb5_rcache, rcache), DECLARG(krb5_data *, outbuf)) OLDDECLARG(const krb5_data *, userdata) OLDDECLARG(const krb5_cksumtype, sumtype) @@ -52,6 +53,7 @@ OLDDECLARG(const krb5_address *, sender_addr) OLDDECLARG(const krb5_address *, recv_addr) OLDDECLARG(krb5_int32, seq_number) OLDDECLARG(krb5_int32, safe_flags) +OLDDECLARG(krb5_rcache, rcache) OLDDECLARG(krb5_data *, outbuf) { krb5_error_code retval; @@ -73,6 +75,9 @@ OLDDECLARG(krb5_data *, outbuf) safemsg.r_address = 0; if (!(safe_flags & KRB5_SAFE_NOTIME)) { + if (!rcache) + /* gotta provide an rcache in this case... */ + return KRB5_RC_REQUIRED; if (retval = krb5_us_timeofday(&safemsg.timestamp, &safemsg.usec)) return retval; } @@ -120,6 +125,26 @@ OLDDECLARG(krb5_data *, outbuf) return retval; } xfree(safe_checksum.contents); + if (!(safe_flags & KRB5_SAFE_NOTIME)) { + krb5_donot_replay replay; + + if (retval = krb5_gen_replay_name(sender_addr, "_safe", + &replay.client)) { + clean_scratch(); + return retval; + } + + replay.server = ""; /* XXX */ + replay.cusec = safemsg.usec; + replay.ctime = safemsg.timestamp; + if (retval = krb5_rc_store(rcache, &replay)) { + /* should we really error out here? XXX */ + clean_scratch(); + xfree(replay.client); + return retval; + } + xfree(replay.client); + } *outbuf = *scratch; xfree(scratch); -- 2.26.2