From c65efafe73234062a1a2bb721c9330ac98591df0 Mon Sep 17 00:00:00 2001 From: John Kohl Date: Wed, 7 Feb 1990 17:49:56 +0000 Subject: [PATCH] *** empty log message *** git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@315 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/krb/in_tkt_pwd.c | 107 ++++++++++++++++++++++++++++++++++ src/lib/krb5/krb/kdc_rep_dc.c | 76 ++++++++++++++++++++++++ 2 files changed, 183 insertions(+) create mode 100644 src/lib/krb5/krb/in_tkt_pwd.c create mode 100644 src/lib/krb5/krb/kdc_rep_dc.c diff --git a/src/lib/krb5/krb/in_tkt_pwd.c b/src/lib/krb5/krb/in_tkt_pwd.c new file mode 100644 index 000000000..1fb08b0d7 --- /dev/null +++ b/src/lib/krb5/krb/in_tkt_pwd.c @@ -0,0 +1,107 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * krb5_get_in_tkt_with_password() + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_in_tkt_pwd_c[] = +"$Id$"; +#endif /* !lint & !SABER */ + +#include +#include +#include +#include +#include + +extern krb5_cryptosystem_entry *string_to_keyarray[]; /* XXX */ + +struct pwd_keyproc_arg { + krb5_principal who; + krb5_data password; +}; + +/* + * key-producing procedure for use by krb5_get_in_tkt_with_password. + */ + +static krb5_error_code +pwd_keyproc(type, key, keyseed) +krb5_keytype type; +krb5_keyblock **key; +krb5_pointer keyseed; +{ + krb5_error_code retval; + struct pwd_keyproc_arg *arg; + + if (!valid_keytype(type)) + return KRB5KDC_ERR_ETYPE_NOSUPP; /* XXX */ + *key = (krb5_keyblock *)malloc(sizeof(**key)); + if (!*key) + return ENOMEM; + + arg = (struct pwd_keyproc_arg *)keyseed; + if (retval = (*string_to_keyarray[type]->string_to_key)(type, + *key, + &arg->password, + arg->who)) { + free((char *) *key); + return(retval); + } + return 0; +} + +/* + Attempts to get an initial ticket for creds->client to use server + creds->server, (realm is taken from creds->client), with options + options, requesting encryption type etype, and using + creds->times.starttime, creds->times.endtime, creds->times.renew_till + as from, till, and rtime. creds->times.renew_till is ignored unless + the RENEWABLE option is requested. + + If addrs is non-NULL, it is used for the addresses requested. If it is + null, the system standard addresses are used. + + If password is non-NULL, it is converted using the cryptosystem entry + point for a string conversion routine, seeded with the client's name. + If password is passed as NULL, the password is read from the terminal, + and then converted into a key. + + A succesful call will place the ticket in the credentials cache ccache. + + returns system errors, encryption errors + */ +krb5_error_code +krb5_get_in_tkt_with_password(options, addrs, etype, keytype, password, + ccache, creds) +krb5_flags options; +krb5_address **addrs; +krb5_enctype etype; +krb5_keytype keytype; +char *password; +krb5_ccache ccache; +krb5_creds *creds; +{ + krb5_error_code retval; + struct pwd_keyproc_arg keyseed; + + + keyseed.password.data = password; + keyseed.password.length = strlen(password); + keyseed.who = creds->client; + + retval = krb5_get_in_tkt(options, addrs, etype, keytype, pwd_keyproc, + (krb5_pointer) &keyseed, + krb5_kdc_rep_decrypt_proc, 0, + creds); + /* XXX need to play with creds & store them ? */ + return retval; +} + diff --git a/src/lib/krb5/krb/kdc_rep_dc.c b/src/lib/krb5/krb/kdc_rep_dc.c new file mode 100644 index 000000000..7dfdfad7d --- /dev/null +++ b/src/lib/krb5/krb/kdc_rep_dc.c @@ -0,0 +1,76 @@ +/* + * $Source$ + * $Author$ + * + * Copyright 1990 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * . + * + * krb5_kdc_rep_tkt_decrypt() + */ + +#if !defined(lint) && !defined(SABER) +static char rcsid_kdc_rep_dc_c [] = +"$Id$"; +#endif /* !lint & !SABER */ + +#include +#include +#include +#include +#include + +/*ARGSUSED*/ +krb5_error_code +krb5_kdc_rep_decrypt_proc(dec_rep, key, decryptarg) +krb5_kdc_rep *dec_rep; +krb5_keyblock *key; +krb5_pointer decryptarg; +{ + krb5_error_code retval; + krb5_encrypt_block eblock; + krb5_data scratch; + krb5_enc_kdc_rep_part *local_encpart; + + if (!valid_etype(dec_rep->etype)) + return KRB5KDC_ERR_ETYPE_NOSUPP; + + scratch.length = dec_rep->enc_part.length; + if (!(scratch.data = malloc(dec_rep->enc_part.length))) { + return(ENOMEM); + } + + /* put together an eblock for this encryption */ + + eblock.crypto_entry = krb5_csarray[dec_rep->etype]->system; + + /* do any necessary key pre-processing */ + if (retval = (*eblock.crypto_entry->process_key)(&eblock, key)) { + free(scratch.data); + return(retval); + } + + /* call the encryption routine */ + if (retval = + (*eblock.crypto_entry->decrypt_func)((krb5_pointer) dec_rep->enc_part.data, + (krb5_pointer) scratch.data, + scratch.length, &eblock)) { + (void) (*eblock.crypto_entry->finish_key)(&eblock); + free(scratch.data); + return retval; + } +#define clean_scratch() {bzero(scratch.data, scratch.length); free(scratch.data);} + if (retval = (*eblock.crypto_entry->finish_key)(&eblock)) { + clean_scratch(); + return retval; + } + retval = decode_krb5_enc_kdc_rep_part(&scratch, &local_encpart); + clean_scratch(); + if (retval) + return retval; + + dec_rep->enc_part2 = local_encpart; + + return 0; +} -- 2.26.2