In the client, construct a checksum from the command line
authorSam Hartman <hartmans@mit.edu>
Sat, 20 Jan 1996 00:55:45 +0000 (00:55 +0000)
committerSam Hartman <hartmans@mit.edu>
Sat, 20 Jan 1996 00:55:45 +0000 (00:55 +0000)
and remote user and encode them in the authenticator.  In the daemon,
if a checksum is present, verify it.

This change *should* make it possible to use rsh in a secure
fassion provided  that you always use a client that has
checksumming.

If you do not use encrypted rsh, then the command line cannot be
spoofed,
but the standard input and output  can still be spoofed.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7341 dc483132-0cff-0310-8789-dd5450dbe970

src/appl/bsd/ChangeLog
src/appl/bsd/kcmd.c
src/appl/bsd/krshd.c

index c319837e9781d50f0fcb166f3a715d0dddde04e3..50d2cbdd7c05a2394f37dbe3dcd1dc7125bc862a 100644 (file)
@@ -1,5 +1,9 @@
 Fri Jan 19 10:45:29 1996  Sam Hartman  <hartmans@tertius.mit.edu>
 
+       * krshd.c (recvauth): Verify checksum against command line and remote user.
+
+       * kcmd.c: Send authenticator with checksum of command line and remote user.
+
        * krlogin.c (des_read): Return 0 or -1 on close/error respectively.
 
 Wed Jan 17 15:14:33 1996  Sam Hartman  <hartmans@tertius.mit.edu>
index 1c232c6a068c484e55d02df03189285d85adb838..28944b6a1a6a030ca017c33a9191799148ce3aec 100644 (file)
@@ -107,7 +107,17 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
     krb5_data outbuf;
     krb5_flags options = authopts;
     krb5_auth_context auth_context = NULL;
-
+    char *cksumbuf;
+    krb5_data cksumdat;
+    if ((cksumbuf = malloc(strlen(cmd)+strlen(remuser))) == 0 ) {
+      fprintf(stderr, "Unable to allocate memory for checksum buffer.\n");
+      return(-1);
+    }
+    strcpy(cksumbuf, cmd);
+    strcat(cksumbuf, remuser);
+    cksumdat.data = cksumbuf;
+       cksumdat.length = strlen(cksumbuf);
+       
     pid = getpid();
     hp = gethostbyname(*ahost);
     if (hp == 0) {
@@ -305,7 +315,8 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
        authentication. */
     status = krb5_sendauth(bsd_context, &auth_context, (krb5_pointer) &s,
                            "KCMDV0.1", ret_cred->client, ret_cred->server,
-                          authopts, NULL, ret_cred, 0, &error, &rep_ret, NULL);
+                          authopts, &cksumdat, ret_cred, 0,    &error, &rep_ret, NULL);
+       krb5_xfree(cksumdat.data);
     if (status) {
        printf("Couldn't authenticate to server: %s\n", error_message(status));
        if (error) {
index eb760fc13ffeec55e2879cd52bb89a95240432dd..29fc757544bb437525bbe73774b3349b2d1af6b8 100644 (file)
@@ -1611,6 +1611,7 @@ recvauth(netf, peersin)
     krb5_data inbuf;
     char v4_instance[INST_SZ]; /* V4 Instance */
     char v4_version[9];
+krb5_authenticator *authenticator;
     krb5_ticket        *ticket;
 
     len = sizeof(laddr);
@@ -1699,7 +1700,32 @@ recvauth(netf, peersin)
     if (status = krb5_copy_principal(bsd_context, ticket->enc_part2->client, 
                                     &client))
        return status;
-
+    if (status = krb5_auth_con_getauthenticator(bsd_context, auth_context, &authenticator))
+      return status;
+    
+    if (authenticator->checksum) {
+      char * chksumbuf = (char *) malloc(strlen(cmdbuf)+strlen(remuser)+1);
+      if (chksumbuf == 0)
+    goto error_cleanup;
+
+      strcpy(chksumbuf,cmdbuf);
+      strcat(chksumbuf,remuser);
+
+      if ( status = krb5_verify_checksum(bsd_context,
+                                        authenticator->checksum->checksum_type,
+                                        authenticator->checksum,
+                                        chksumbuf, strlen(chksumbuf),
+                                                                              ticket->enc_part2->session->contents, 
+                                      ticket->enc_part2->session->length))
+       goto error_cleanup;
+
+ error_cleanup:
+krb5_free_authenticator(bsd_context, authenticator);
+krb5_xfree(chksumbuf);
+if (status)
+  return status;
+}
+    
     /* Setup eblock for encrypted sessions. */
     krb5_use_enctype(bsd_context, &eblock, ticket->enc_part2->session->enctype);
     if (status = krb5_process_key(bsd_context, &eblock, ticket->enc_part2->session))