handle protocol version 2

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11349 ec53bebd-3082-4978-b11e-865c3cabbd6b

appl/rsh/common.c

@@ -36,10 +36,36 @@ RCSID("$Id$");
 
 #if defined(KRB4) || defined(KRB5)
 
+#ifdef KRB5
+int key_usage = 1026;
+
+void *ivec_in[2];
+void *ivec_out[2];
+
+void
+init_ivecs(int client)
+{
+    size_t blocksize;
+
+    krb5_crypto_block_size(context, crypto, &blocksize);
+
+    ivec_in[0] = malloc(blocksize);
+    memset(ivec_in[0], client, blocksize);
+
+    ivec_in[1] = malloc(blocksize);
+    memset(ivec_in[1], 2 | client, blocksize);
+
+    ivec_out[0] = malloc(blocksize);
+    memset(ivec_out[0], !client, blocksize);
+
+    ivec_out[1] = malloc(blocksize);
+    memset(ivec_out[1], 2 | !client, blocksize);
+}
+#endif
+
+
 ssize_t
-do_read (int fd,
-	 void *buf,
-	 size_t sz)
+do_read (int fd, void *buf, size_t sz, void *ivec)
 {
     if (do_encrypt) {
 #ifdef KRB4
@@ -61,7 +87,11 @@ do_read (int fd,
 	    len = ntohl(len);
 	    if (len > sz)
 		abort ();
-	    outer_len = krb5_get_wrapped_length (context, crypto, len);
+	    /* ivec will be non null for protocol version 2 */
+	    if(ivec != NULL)
+		outer_len = krb5_get_wrapped_length (context, crypto, len + 4);
+	    else
+		outer_len = krb5_get_wrapped_length (context, crypto, len);
 	    edata = malloc (outer_len);
 	    if (edata == NULL)
 		errx (1, "malloc: cannot allocate %u bytes", outer_len);
@@ -69,13 +99,22 @@ do_read (int fd,
 	    if (ret <= 0)
 		return ret;
 
-	    status = krb5_decrypt(context, crypto, KRB5_KU_OTHER_ENCRYPTED, 
-				  edata, outer_len, &data);
+	    status = krb5_decrypt_ivec(context, crypto, key_usage, 
+				       edata, outer_len, &data, ivec);
 	    free (edata);
 	    
 	    if (status)
-		errx (1, "%s", krb5_get_err_text (context, status));
-	    memcpy (buf, data.data, len);
+		krb5_err (context, 1, status, "decrypting data");
+	    if(ivec != NULL) {
+		unsigned long l;
+		if(data.length < len + 4)
+		    errx (1, "data received is too short");
+		_krb5_get_int(data.data, &l, 4);
+		if(l != len)
+		    errx (1, "inconsistency in received data");
+		memcpy (buf, (unsigned char *)data.data+4, len);
+	    } else
+		memcpy (buf, data.data, len);
 	    krb5_data_free (&data);
 	    return len;
 	} else
@@ -86,7 +125,7 @@ do_read (int fd,
 }
 
 ssize_t
-do_write (int fd, void *buf, size_t sz)
+do_write (int fd, void *buf, size_t sz, void *ivec)
 {
     if (do_encrypt) {
 #ifdef KRB4
@@ -98,20 +137,27 @@ do_write (int fd, void *buf, size_t sz)
 	if(auth_method == AUTH_KRB5) {
 	    krb5_error_code status;
 	    krb5_data data;
-	    u_int32_t len;
+	    unsigned char len[4];
 	    int ret;
 
-	    status = krb5_encrypt(context, crypto, KRB5_KU_OTHER_ENCRYPTED,
-				  buf, sz, &data);
-	    
+	    _krb5_put_int(len, sz, 4);
+	    if(ivec != NULL) {
+		unsigned char *tmp = malloc(sz + 4);
+		if(tmp == NULL)
+		    err(1, "malloc");
+		_krb5_put_int(tmp, sz, 4);
+		memcpy(tmp + 4, buf, sz);
+		status = krb5_encrypt_ivec(context, crypto, key_usage,
+					   tmp, sz + 4, &data, ivec);
+		free(tmp);
+	    } else
+		status = krb5_encrypt_ivec(context, crypto, key_usage,
+					   buf, sz, &data, ivec);
+
 	    if (status)
-		errx (1, "%s", krb5_get_err_text(context, status));
+		krb5_err(context, 1, status, "encrypting data");
 
-	    assert (krb5_get_wrapped_length (context, crypto,
-					     sz) == data.length);
-
-	    len = htonl(sz);
-	    ret = krb5_net_write (context, &fd, &len, 4);
+	    ret = krb5_net_write (context, &fd, len, 4);
 	    if (ret != 4)
 		return ret;
 	    ret = krb5_net_write (context, &fd, data.data, data.length);