![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to sendauth.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / krb|
Return to sendauth.c CVS log | Up to [CSRG BSD Unix] / 43BSDReno / kerberosIV / krb |
1.1 ! root 1: /* ! 2: * $Source: /usr/src/kerberosIV/krb/RCS/sendauth.c,v $ ! 3: * $Author: kfall $ ! 4: * ! 5: * Copyright 1987, 1988 by the Massachusetts Institute of Technology. ! 6: * ! 7: * For copying and distribution information, please see the file ! 8: * <mit-copyright.h>. ! 9: * ! 10: */ ! 11: ! 12: #ifndef lint ! 13: static char rcsid_sendauth_c[] = ! 14: "$Header: /usr/src/kerberosIV/krb/RCS/sendauth.c,v 4.5 90/06/25 20:57:24 kfall Exp $"; ! 15: #endif lint ! 16: ! 17: #include <mit-copyright.h> ! 18: ! 19: #include <des.h> ! 20: #include <krb.h> ! 21: #include <sys/types.h> ! 22: #include <netinet/in.h> ! 23: #include <syslog.h> ! 24: #include <errno.h> ! 25: #include <stdio.h> ! 26: #include <strings.h> ! 27: ! 28: #define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */ ! 29: /* ! 30: * If the protocol changes, you will need to change the version string ! 31: * and make appropriate changes in krb_recvauth.c ! 32: */ ! 33: ! 34: extern int errno; ! 35: ! 36: extern char *krb_get_phost(); ! 37: ! 38: /* ! 39: * This file contains two routines: krb_sendauth() and krb_sendsrv(). ! 40: * ! 41: * krb_sendauth() transmits a ticket over a file descriptor for a ! 42: * desired service, instance, and realm, doing mutual authentication ! 43: * with the server if desired. ! 44: * ! 45: * krb_sendsvc() sends a service name to a remote knetd server. ! 46: */ ! 47: ! 48: /* ! 49: * The first argument to krb_sendauth() contains a bitfield of ! 50: * options (the options are defined in "krb.h"): ! 51: * ! 52: * KOPT_DONT_CANON Don't canonicalize instance as a hostname. ! 53: * (If this option is not chosen, krb_get_phost() ! 54: * is called to canonicalize it.) ! 55: * ! 56: * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos. ! 57: * A ticket must be supplied in the "ticket" ! 58: * argument. ! 59: * (If this option is not chosen, and there ! 60: * is no ticket for the given server in the ! 61: * ticket cache, one will be fetched using ! 62: * krb_mk_req() and returned in "ticket".) ! 63: * ! 64: * KOPT_DO_MUTUAL Do mutual authentication, requiring that the ! 65: * receiving server return the checksum+1 encrypted ! 66: * in the session key. The mutual authentication ! 67: * is done using krb_mk_priv() on the other side ! 68: * (see "recvauth.c") and krb_rd_priv() on this ! 69: * side. ! 70: * ! 71: * The "fd" argument is a file descriptor to write to the remote ! 72: * server on. The "ticket" argument is used to store the new ticket ! 73: * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is ! 74: * chosen, the ticket must be supplied in the "ticket" argument. ! 75: * The "service", "inst", and "realm" arguments identify the ticket. ! 76: * If "realm" is null, the local realm is used. ! 77: * ! 78: * The following arguments are only needed if the KOPT_DO_MUTUAL option ! 79: * is chosen: ! 80: * ! 81: * The "checksum" argument is a number that the server will add 1 to ! 82: * to authenticate itself back to the client; the "msg_data" argument ! 83: * holds the returned mutual-authentication message from the server ! 84: * (i.e., the checksum+1); the "cred" structure is used to hold the ! 85: * session key of the server, extracted from the ticket file, for use ! 86: * in decrypting the mutual authentication message from the server; ! 87: * and "schedule" holds the key schedule for that decryption. The ! 88: * the local and server addresses are given in "laddr" and "faddr". ! 89: * ! 90: * The application protocol version number (of up to KRB_SENDAUTH_VLEN ! 91: * characters) is passed in "version". ! 92: * ! 93: * If all goes well, KSUCCESS is returned, otherwise some error code. ! 94: * ! 95: * The format of the message sent to the server is: ! 96: * ! 97: * Size Variable Field ! 98: * ---- -------- ----- ! 99: * ! 100: * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol ! 101: * bytes version number ! 102: * ! 103: * KRB_SENDAUTH_VLEN version application protocol ! 104: * bytes version number ! 105: * ! 106: * 4 bytes ticket->length length of ticket ! 107: * ! 108: * ticket->length ticket->dat ticket itself ! 109: */ ! 110: ! 111: /* ! 112: * XXX: Note that krb_rd_priv() is coded in such a way that ! 113: * "msg_data->app_data" will be pointing into "priv_buf", which ! 114: * will disappear when krb_sendauth() returns. ! 115: */ ! 116: ! 117: int ! 118: krb_sendauth(options, fd, ticket, service, inst, realm, checksum, ! 119: msg_data, cred, schedule, laddr, faddr, version) ! 120: long options; /* bit-pattern of options */ ! 121: int fd; /* file descriptor to write onto */ ! 122: KTEXT ticket; /* where to put ticket (return); or ! 123: * supplied in case of KOPT_DONT_MK_REQ */ ! 124: char *service, *inst, *realm; /* service name, instance, realm */ ! 125: u_long checksum; /* checksum to include in request */ ! 126: MSG_DAT *msg_data; /* mutual auth MSG_DAT (return) */ ! 127: CREDENTIALS *cred; /* credentials (return) */ ! 128: Key_schedule schedule; /* key schedule (return) */ ! 129: struct sockaddr_in *laddr; /* local address */ ! 130: struct sockaddr_in *faddr; /* address of foreign host on fd */ ! 131: char *version; /* version string */ ! 132: { ! 133: int rem, i, cc; ! 134: char srv_inst[INST_SZ]; ! 135: char krb_realm[REALM_SZ]; ! 136: char buf[BUFSIZ]; ! 137: long tkt_len; ! 138: u_char priv_buf[1024]; ! 139: u_long cksum; ! 140: ! 141: rem=KSUCCESS; ! 142: ! 143: /* get current realm if not passed in */ ! 144: if (!realm) { ! 145: rem = krb_get_lrealm(krb_realm,1); ! 146: if (rem != KSUCCESS) ! 147: return(rem); ! 148: realm = krb_realm; ! 149: } ! 150: ! 151: /* copy instance into local storage, canonicalizing if desired */ ! 152: if (options & KOPT_DONT_CANON) ! 153: (void) strncpy(srv_inst, inst, INST_SZ); ! 154: else ! 155: (void) strncpy(srv_inst, krb_get_phost(inst), INST_SZ); ! 156: ! 157: /* get the ticket if desired */ ! 158: if (!(options & KOPT_DONT_MK_REQ)) { ! 159: rem = krb_mk_req(ticket, service, srv_inst, realm, checksum); ! 160: if (rem != KSUCCESS) ! 161: return(rem); ! 162: } ! 163: ! 164: #ifdef ATHENA_COMPAT ! 165: /* this is only for compatibility with old servers */ ! 166: if (options & KOPT_DO_OLDSTYLE) { ! 167: (void) sprintf(buf,"%d ",ticket->length); ! 168: (void) write(fd, buf, strlen(buf)); ! 169: (void) write(fd, (char *) ticket->dat, ticket->length); ! 170: return(rem); ! 171: } ! 172: #endif ATHENA_COMPAT ! 173: /* if mutual auth, get credentials so we have service session ! 174: keys for decryption below */ ! 175: if (options & KOPT_DO_MUTUAL) ! 176: if (cc = krb_get_cred(service, srv_inst, realm, cred)) ! 177: return(cc); ! 178: ! 179: /* zero the buffer */ ! 180: (void) bzero(buf, BUFSIZ); ! 181: ! 182: /* insert version strings */ ! 183: (void) strncpy(buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN); ! 184: (void) strncpy(buf+KRB_SENDAUTH_VLEN, version, KRB_SENDAUTH_VLEN); ! 185: ! 186: /* increment past vers strings */ ! 187: i = 2*KRB_SENDAUTH_VLEN; ! 188: ! 189: /* put ticket length into buffer */ ! 190: tkt_len = htonl((unsigned long) ticket->length); ! 191: (void) bcopy((char *) &tkt_len, buf+i, sizeof(tkt_len)); ! 192: i += sizeof(tkt_len); ! 193: ! 194: /* put ticket into buffer */ ! 195: (void) bcopy((char *) ticket->dat, buf+i, ticket->length); ! 196: i += ticket->length; ! 197: ! 198: /* write the request to the server */ ! 199: if ((cc = krb_net_write(fd, buf, i)) != i) ! 200: return(cc); ! 201: ! 202: /* mutual authentication, if desired */ ! 203: if (options & KOPT_DO_MUTUAL) { ! 204: /* get the length of the reply */ ! 205: if (krb_net_read(fd, (char *) &tkt_len, sizeof(tkt_len)) != ! 206: sizeof(tkt_len)) ! 207: return(errno); ! 208: tkt_len = ntohl((unsigned long)tkt_len); ! 209: ! 210: /* if the length is negative, the server failed to recognize us. */ ! 211: if (tkt_len < 0) ! 212: return(KFAILURE); /* XXX */ ! 213: /* read the reply... */ ! 214: if (krb_net_read(fd, (char *)priv_buf, (int) tkt_len) != (int) tkt_len) ! 215: return(errno); ! 216: ! 217: /* ...and decrypt it */ ! 218: #ifndef NOENCRYPTION ! 219: key_sched(cred->session, schedule); ! 220: #endif /* !NOENCRYPTION */ ! 221: if (cc = krb_rd_priv(priv_buf,(unsigned long) tkt_len, schedule, ! 222: cred->session, faddr, laddr, msg_data)) ! 223: return(cc); ! 224: ! 225: /* fetch the (modified) checksum */ ! 226: (void) bcopy((char *)msg_data->app_data, (char *)&cksum, ! 227: sizeof(cksum)); ! 228: cksum = ntohl(cksum); ! 229: ! 230: /* if it doesn't match, fail */ ! 231: if (cksum != checksum + 1) ! 232: return(KFAILURE); /* XXX */ ! 233: } ! 234: return(KSUCCESS); ! 235: } ! 236: ! 237: #ifdef ATHENA_COMPAT ! 238: /* ! 239: * krb_sendsvc ! 240: */ ! 241: ! 242: int ! 243: krb_sendsvc(fd, service) ! 244: int fd; ! 245: char *service; ! 246: { ! 247: /* write the service name length and then the service name to ! 248: the fd */ ! 249: long serv_length; ! 250: int cc; ! 251: ! 252: serv_length = htonl((unsigned long)strlen(service)); ! 253: if ((cc = krb_net_write(fd, (char *) &serv_length, ! 254: sizeof(serv_length))) ! 255: != sizeof(serv_length)) ! 256: return(cc); ! 257: if ((cc = krb_net_write(fd, service, strlen(service))) ! 258: != strlen(service)) ! 259: return(cc); ! 260: return(KSUCCESS); ! 261: } ! 262: #endif ATHENA_COMPAT
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.