From e1505e52176477c28d67fdd20cf4ecee3b9bee7e Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Mon, 14 Nov 1994 21:33:58 +0000 Subject: [PATCH] kerberos.c: Initialize random number generator on the server side so that the encryption routines later on can use it. Fix bug in how we pick the challenge for the challenge/response mutual authentication. forward.c: Move rd_cred and mk_cred to libkrb.a. (Although we still need to fix the API!) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4658 dc483132-0cff-0310-8789-dd5450dbe970 --- src/appl/telnet/libtelnet/ChangeLog | 14 ++ src/appl/telnet/libtelnet/forward.c | 332 --------------------------- src/appl/telnet/libtelnet/kerberos.c | 10 +- 3 files changed, 22 insertions(+), 334 deletions(-) diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog index 85959d788..ec83596ac 100644 --- a/src/appl/telnet/libtelnet/ChangeLog +++ b/src/appl/telnet/libtelnet/ChangeLog @@ -1,3 +1,17 @@ +Mon Nov 14 16:27:29 1994 Theodore Y. Ts'o (tytso@dcl) + + * kerberos.c (kerberos4_is): Initialize random number generator on + the server side so that the encryption routines later on + can use it. + + * kerberos.c (kerberos4_send): Fix bug in how we pick the + challenge for the challenge/response mutual + authentication. + +Fri Nov 11 00:55:36 1994 Theodore Y. Ts'o (tytso@dcl) + + * forward.c (mk_cred, rd_cred): Move these routines to libkrb.a. + Tue Nov 8 01:39:50 1994 Theodore Y. Ts'o (tytso@dcl) * kerberos.c (kerberos4_is): Fix bug in logic of incrementing the diff --git a/src/appl/telnet/libtelnet/forward.c b/src/appl/telnet/libtelnet/forward.c index 52fd51863..1a72671a7 100644 --- a/src/appl/telnet/libtelnet/forward.c +++ b/src/appl/telnet/libtelnet/forward.c @@ -228,151 +228,6 @@ get_for_creds(etype, sumtype, rhost, client, enc_key, forwardable, outbuf) #undef cleanup } - - -/* Create asn.1 encoded KRB-CRED message from the kdc reply. */ -krb5_error_code -mk_cred(dec_rep, etype, key, sender_addr, recv_addr, outbuf) -krb5_kdc_rep *dec_rep; -krb5_enctype etype; -krb5_keyblock *key; -krb5_address *sender_addr; -krb5_address *recv_addr; -krb5_data *outbuf; -{ - krb5_error_code retval; - krb5_encrypt_block eblock; - krb5_cred ret_cred; - krb5_cred_enc_part cred_enc_part; - krb5_data *scratch; - - if (!valid_etype(etype)) - return KRB5_PROG_ETYPE_NOSUPP; - - ret_cred.tickets = (krb5_ticket **) calloc(2, sizeof(*ret_cred.tickets)); - if (!ret_cred.tickets) - return ENOMEM; - ret_cred.tickets[0] = dec_rep->ticket; - ret_cred.tickets[1] = 0; - - ret_cred.enc_part.etype = etype; - ret_cred.enc_part.kvno = 0; - - cred_enc_part.ticket_info = (krb5_cred_info **) - calloc(2, sizeof(*cred_enc_part.ticket_info)); - if (!cred_enc_part.ticket_info) { - krb5_free_tickets(ret_cred.tickets); - return ENOMEM; - } - cred_enc_part.ticket_info[0] = (krb5_cred_info *) - malloc(sizeof(*cred_enc_part.ticket_info[0])); - if (!cred_enc_part.ticket_info[0]) { - krb5_free_tickets(ret_cred.tickets); - krb5_free_cred_enc_part(cred_enc_part); - return ENOMEM; - } - cred_enc_part.nonce = 0; - - if (retval = krb5_us_timeofday(&cred_enc_part.timestamp, - &cred_enc_part.usec)) - return retval; - - cred_enc_part.s_address = (krb5_address *)sender_addr; - cred_enc_part.r_address = (krb5_address *)recv_addr; - - cred_enc_part.ticket_info[0]->session = dec_rep->enc_part2->session; - cred_enc_part.ticket_info[0]->client = dec_rep->client; - cred_enc_part.ticket_info[0]->server = dec_rep->enc_part2->server; - cred_enc_part.ticket_info[0]->flags = dec_rep->enc_part2->flags; - cred_enc_part.ticket_info[0]->times = dec_rep->enc_part2->times; - cred_enc_part.ticket_info[0]->caddrs = dec_rep->enc_part2->caddrs; - - cred_enc_part.ticket_info[1] = 0; - - /* start by encoding to-be-encrypted part of the message */ - - if (retval = encode_krb5_enc_cred_part(&cred_enc_part, &scratch)) - return retval; - -#define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); krb5_free_data(scratch); } - - /* put together an eblock for this encryption */ - - krb5_use_cstype(&eblock, etype); - ret_cred.enc_part.ciphertext.length = krb5_encrypt_size(scratch->length, - eblock.crypto_entry); - /* add padding area, and zero it */ - if (!(scratch->data = realloc(scratch->data, - ret_cred.enc_part.ciphertext.length))) { - /* may destroy scratch->data */ - krb5_xfree(scratch); - return ENOMEM; - } - memset(scratch->data + scratch->length, 0, - ret_cred.enc_part.ciphertext.length - scratch->length); - if (!(ret_cred.enc_part.ciphertext.data = - malloc(ret_cred.enc_part.ciphertext.length))) { - retval = ENOMEM; - goto clean_scratch; - } - -#define cleanup_encpart() {\ - (void) memset(ret_cred.enc_part.ciphertext.data, 0, \ - ret_cred.enc_part.ciphertext.length); \ - free(ret_cred.enc_part.ciphertext.data); \ - ret_cred.enc_part.ciphertext.length = 0; \ - ret_cred.enc_part.ciphertext.data = 0;} - - /* do any necessary key pre-processing */ - if (retval = krb5_process_key(&eblock, key)) { - goto clean_encpart; - } - -#define cleanup_prockey() {(void) krb5_finish_key(&eblock);} - - /* call the encryption routine */ - if (retval = krb5_encrypt((krb5_pointer) scratch->data, - (krb5_pointer) - ret_cred.enc_part.ciphertext.data, - scratch->length, &eblock, - 0)) { - goto clean_prockey; - } - - /* private message is now assembled-- do some cleanup */ - cleanup_scratch(); - - if (retval = krb5_finish_key(&eblock)) { - cleanup_encpart(); - return retval; - } - /* encode private message */ - if (retval = encode_krb5_cred(&ret_cred, &scratch)) { - cleanup_encpart(); - return retval; - } - - cleanup_encpart(); - - *outbuf = *scratch; - krb5_xfree(scratch); - return 0; - - clean_prockey: - cleanup_prockey(); - clean_encpart: - cleanup_encpart(); - clean_scratch: - cleanup_scratch(); - - return retval; -#undef cleanup_prockey -#undef cleanup_encpart -#undef cleanup_scratch -} - - - /* Decode, decrypt and store the forwarded creds in the local ccache. */ krb5_error_code rd_and_store_for_creds(inbuf, ticket, lusername) @@ -417,191 +272,4 @@ rd_and_store_for_creds(inbuf, ticket, lusername) return retval; } - - -extern krb5_deltat krb5_clockskew; -#define in_clock_skew(date) (abs((date)-currenttime) < krb5_clockskew) - -/* Decode the KRB-CRED message, and return creds */ -krb5_error_code -rd_cred(inbuf, key, creds, sender_addr, recv_addr) -const krb5_data *inbuf; -const krb5_keyblock *key; -krb5_creds *creds; /* Filled in */ -const krb5_address *sender_addr; /* optional */ -const krb5_address *recv_addr; /* optional */ -{ - krb5_error_code retval; - krb5_encrypt_block eblock; - krb5_cred *credmsg; - krb5_cred_enc_part *credmsg_enc_part; - krb5_data *scratch; - krb5_timestamp currenttime; - - if (!krb5_is_krb_cred(inbuf)) - return KRB5KRB_AP_ERR_MSG_TYPE; - - /* decode private message */ - if (retval = decode_krb5_cred(inbuf, &credmsg)) { - return retval; - } - -#define cleanup_credmsg() {(void)krb5_xfree(credmsg->enc_part.ciphertext.data); (void)krb5_xfree(credmsg);} - - if (!(scratch = (krb5_data *) malloc(sizeof(*scratch)))) { - cleanup_credmsg(); - return ENOMEM; - } - -#define cleanup_scratch() {(void)memset(scratch->data, 0, scratch->length); (void)krb5_xfree(scratch->data);} - - if (retval = encode_krb5_ticket(credmsg->tickets[0], &scratch)) { - cleanup_credmsg(); - cleanup_scratch(); - return(retval); - } - - creds->ticket = *scratch; - if (!(creds->ticket.data = malloc(scratch->length))) { - krb5_xfree(creds->ticket.data); - return ENOMEM; - } - memcpy((char *)creds->ticket.data, (char *) scratch->data, scratch->length); - - cleanup_scratch(); - - if (!valid_etype(credmsg->enc_part.etype)) { - cleanup_credmsg(); - return KRB5_PROG_ETYPE_NOSUPP; - } - - /* put together an eblock for this decryption */ - - krb5_use_cstype(&eblock, credmsg->enc_part.etype); - scratch->length = credmsg->enc_part.ciphertext.length; - - if (!(scratch->data = malloc(scratch->length))) { - cleanup_credmsg(); - return ENOMEM; - } - - /* do any necessary key pre-processing */ - if (retval = krb5_process_key(&eblock, key)) { - cleanup_credmsg(); - cleanup_scratch(); - return retval; - } - -#define cleanup_prockey() {(void) krb5_finish_key(&eblock);} - - /* call the decryption routine */ - if (retval = krb5_decrypt((krb5_pointer) credmsg->enc_part.ciphertext.data, - (krb5_pointer) scratch->data, - scratch->length, &eblock, - 0)) { - cleanup_credmsg(); - cleanup_scratch(); - cleanup_prockey(); - return retval; - } - - /* cred message is now decrypted -- do some cleanup */ - - cleanup_credmsg(); - - if (retval = krb5_finish_key(&eblock)) { - cleanup_scratch(); - return retval; - } - - /* now decode the decrypted stuff */ - if (retval = decode_krb5_enc_cred_part(scratch, &credmsg_enc_part)) { - cleanup_scratch(); - return retval; - } - cleanup_scratch(); - -#define cleanup_mesg() {(void)krb5_xfree(credmsg_enc_part);} - - if (retval = krb5_timeofday(¤ttime)) { - cleanup_mesg(); - return retval; - } - if (!in_clock_skew(credmsg_enc_part->timestamp)) { - cleanup_mesg(); - return KRB5KRB_AP_ERR_SKEW; - } - - if (sender_addr && credmsg_enc_part->s_address && - !krb5_address_compare(sender_addr, - credmsg_enc_part->s_address)) { - cleanup_mesg(); - return KRB5KRB_AP_ERR_BADADDR; - } - if (recv_addr && credmsg_enc_part->r_address && - !krb5_address_compare(recv_addr, - credmsg_enc_part->r_address)) { - cleanup_mesg(); - return KRB5KRB_AP_ERR_BADADDR; - } - - if (credmsg_enc_part->r_address) { - krb5_address **our_addrs; - - if (retval = krb5_os_localaddr(&our_addrs)) { - cleanup_mesg(); - return retval; - } - if (!krb5_address_search(credmsg_enc_part->r_address, - our_addrs)) { - krb5_free_addresses(our_addrs); - cleanup_mesg(); - return KRB5KRB_AP_ERR_BADADDR; - } - krb5_free_addresses(our_addrs); - } - - if (retval = krb5_copy_principal(credmsg_enc_part->ticket_info[0]->client, - &creds->client)) { - return(retval); - } - - if (retval = krb5_copy_principal(credmsg_enc_part->ticket_info[0]->server, - &creds->server)) { - return(retval); - } - - if (retval = - krb5_copy_keyblock_contents(credmsg_enc_part->ticket_info[0]->session, - &creds->keyblock)) { - return(retval); - } - -#undef clean -#define clean() {\ - memset((char *)creds->keyblock.contents, 0, creds->keyblock.length);} - - creds->times = credmsg_enc_part->ticket_info[0]->times; - creds->is_skey = FALSE; - creds->ticket_flags = credmsg_enc_part->ticket_info[0]->flags; - - if (retval = krb5_copy_addresses(credmsg_enc_part->ticket_info[0]->caddrs, - &creds->addresses)) { - clean(); - return(retval); - } - - creds->second_ticket.length = 0; - - creds->authdata = 0; - - cleanup_mesg(); - return 0; -#undef clean -#undef cleanup_credmsg -#undef cleanup_scratch -#undef cleanup_prockey -#undef cleanup_mesg -} - #endif /* defined(KRB5) && defined(FORWARD) */ diff --git a/src/appl/telnet/libtelnet/kerberos.c b/src/appl/telnet/libtelnet/kerberos.c index 8f1b7c1de..b2d56a25a 100644 --- a/src/appl/telnet/libtelnet/kerberos.c +++ b/src/appl/telnet/libtelnet/kerberos.c @@ -226,8 +226,9 @@ kerberos4_send(ap) des_key_sched(cred.session, sched); des_init_random_number_generator(cred.session); - des_new_random_key(challenge); - des_ecb_encrypt(challenge, session_key, sched, 1); + des_new_random_key(session_key); + des_ecb_encrypt(session_key, session_key, sched, 0); + des_ecb_encrypt(session_key, challenge, sched, 0); /* * Increment the challenge by 1, and encrypt it for * later comparison. @@ -320,6 +321,11 @@ kerberos4_is(ap, data, cnt) break; } + /* + * Initialize the random number generator since it's + * used later on by the encryption routine. + */ + des_init_random_number_generator(session_key); des_key_sched(session_key, sched); memcpy((void *)datablock, (void *)data, sizeof(Block)); /* -- 2.26.2