From c5f77d7f244dda724d9c3f4b68973e0aa3fb6de1 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Sat, 20 Jan 1996 00:55:45 +0000 Subject: [PATCH] In the client, construct a checksum from the command line and remote user and encode them in the authenticator. In the daemon, if a checksum is present, verify it. This change *should* make it possible to use rsh in a secure fassion provided that you always use a client that has checksumming. If you do not use encrypted rsh, then the command line cannot be spoofed, but the standard input and output can still be spoofed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7341 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/bsd/ChangeLog | 4 ++++ src/appl/bsd/kcmd.c | 15 +++++++++++++-- src/appl/bsd/krshd.c | 28 +++++++++++++++++++++++++++- 3 files changed, 44 insertions(+), 3 deletions(-) diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index c319837e9..50d2cbdd7 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,5 +1,9 @@ Fri Jan 19 10:45:29 1996 Sam Hartman + * krshd.c (recvauth): Verify checksum against command line and remote user. + + * kcmd.c: Send authenticator with checksum of command line and remote user. + * krlogin.c (des_read): Return 0 or -1 on close/error respectively. Wed Jan 17 15:14:33 1996 Sam Hartman diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index 1c232c6a0..28944b6a1 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -107,7 +107,17 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, krb5_data outbuf; krb5_flags options = authopts; krb5_auth_context auth_context = NULL; - + char *cksumbuf; + krb5_data cksumdat; + if ((cksumbuf = malloc(strlen(cmd)+strlen(remuser))) == 0 ) { + fprintf(stderr, "Unable to allocate memory for checksum buffer.\n"); + return(-1); + } + strcpy(cksumbuf, cmd); + strcat(cksumbuf, remuser); + cksumdat.data = cksumbuf; + cksumdat.length = strlen(cksumbuf); + pid = getpid(); hp = gethostbyname(*ahost); if (hp == 0) { @@ -305,7 +315,8 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, authentication. */ status = krb5_sendauth(bsd_context, &auth_context, (krb5_pointer) &s, "KCMDV0.1", ret_cred->client, ret_cred->server, - authopts, NULL, ret_cred, 0, &error, &rep_ret, NULL); + authopts, &cksumdat, ret_cred, 0, &error, &rep_ret, NULL); + krb5_xfree(cksumdat.data); if (status) { printf("Couldn't authenticate to server: %s\n", error_message(status)); if (error) { diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index eb760fc13..29fc75754 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -1611,6 +1611,7 @@ recvauth(netf, peersin) krb5_data inbuf; char v4_instance[INST_SZ]; /* V4 Instance */ char v4_version[9]; +krb5_authenticator *authenticator; krb5_ticket *ticket; len = sizeof(laddr); @@ -1699,7 +1700,32 @@ recvauth(netf, peersin) if (status = krb5_copy_principal(bsd_context, ticket->enc_part2->client, &client)) return status; - + if (status = krb5_auth_con_getauthenticator(bsd_context, auth_context, &authenticator)) + return status; + + if (authenticator->checksum) { + char * chksumbuf = (char *) malloc(strlen(cmdbuf)+strlen(remuser)+1); + if (chksumbuf == 0) + goto error_cleanup; + + strcpy(chksumbuf,cmdbuf); + strcat(chksumbuf,remuser); + + if ( status = krb5_verify_checksum(bsd_context, + authenticator->checksum->checksum_type, + authenticator->checksum, + chksumbuf, strlen(chksumbuf), + ticket->enc_part2->session->contents, + ticket->enc_part2->session->length)) + goto error_cleanup; + + error_cleanup: +krb5_free_authenticator(bsd_context, authenticator); +krb5_xfree(chksumbuf); +if (status) + return status; +} + /* Setup eblock for encrypted sessions. */ krb5_use_enctype(bsd_context, &eblock, ticket->enc_part2->session->enctype); if (status = krb5_process_key(bsd_context, &eblock, ticket->enc_part2->session)) -- 2.26.2