Allow default data protection level through a "prot level" in
.netrc. This really should be done in a more useful manner. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@527 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -11,8 +11,6 @@ static des_key_schedule schedule;
|
||||
|
||||
static char *data_buffer;
|
||||
|
||||
enum { prot_clear, prot_safe, prot_confidential, prot_private };
|
||||
|
||||
extern struct sockaddr_in hisctladdr, myctladdr;
|
||||
|
||||
int auth_complete;
|
||||
@@ -22,6 +20,8 @@ static int command_prot;
|
||||
static int auth_pbsz;
|
||||
static int data_prot;
|
||||
|
||||
static int request_data_prot;
|
||||
|
||||
|
||||
static struct {
|
||||
int level;
|
||||
@@ -70,6 +70,49 @@ void sec_status(void)
|
||||
}
|
||||
}
|
||||
|
||||
static int
|
||||
sec_prot_internal(int level)
|
||||
{
|
||||
int ret;
|
||||
char *p;
|
||||
int s = 1048576;
|
||||
|
||||
int old_verbose = verbose;
|
||||
verbose = 0;
|
||||
|
||||
if(!auth_complete){
|
||||
fprintf(stderr, "No security data exchange has taken place.\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if(level){
|
||||
ret = command("PBSZ %d", s);
|
||||
if(ret != COMPLETE){
|
||||
fprintf(stderr, "Failed to set protection buffer size.\n");
|
||||
return -1;
|
||||
}
|
||||
auth_pbsz = s;
|
||||
p = strstr(reply_string, "PBSZ=");
|
||||
if(p)
|
||||
sscanf(p, "PBSZ=%d", &s);
|
||||
if(s < auth_pbsz)
|
||||
auth_pbsz = s;
|
||||
if(data_buffer)
|
||||
free(data_buffer);
|
||||
data_buffer = malloc(auth_pbsz);
|
||||
}
|
||||
verbose = old_verbose;
|
||||
ret = command("PROT %c", level["CSEP"]); /* XXX :-) */
|
||||
if(ret != COMPLETE){
|
||||
fprintf(stderr, "Failed to set protection level.\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
data_prot = level;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
void sec_prot(int argc, char **argv)
|
||||
{
|
||||
int s;
|
||||
@@ -84,17 +127,12 @@ void sec_prot(int argc, char **argv)
|
||||
return;
|
||||
}
|
||||
if(!auth_complete){
|
||||
fprintf(stderr, "ehu?\n");
|
||||
fprintf(stderr, "No security data exchange has taken place.\n");
|
||||
code = -1;
|
||||
return;
|
||||
}
|
||||
level = name_to_level(argv[1]);
|
||||
|
||||
if(level == prot_confidential){
|
||||
printf("Confidential protection is not defined for Kerberos.\n");
|
||||
code = -1;
|
||||
return;
|
||||
}
|
||||
|
||||
if(level == -1){
|
||||
fprintf(stderr,
|
||||
@@ -103,35 +141,38 @@ void sec_prot(int argc, char **argv)
|
||||
code = -1;
|
||||
return;
|
||||
}
|
||||
if(level){
|
||||
s = 65536;
|
||||
ret = command("PBSZ %d", s);
|
||||
if(ret != COMPLETE){
|
||||
fprintf(stderr, "Ehu?\n");
|
||||
code = -1;
|
||||
return;
|
||||
}
|
||||
auth_pbsz = s;
|
||||
p = strstr(reply_string, "PBSZ=");
|
||||
if(p)
|
||||
sscanf(p, "PBSZ=%d", &s);
|
||||
if(s < auth_pbsz)
|
||||
auth_pbsz = s;
|
||||
if(data_buffer)
|
||||
free(data_buffer);
|
||||
data_buffer = malloc(auth_pbsz);
|
||||
}
|
||||
|
||||
ret = command("PROT %c", level["CSEP"]); /* XXX :-) */
|
||||
if(ret != COMPLETE){
|
||||
fprintf(stderr, "Ehu ?\n");
|
||||
if(level == prot_confidential){
|
||||
printf("Confidential protection is not defined with Kerberos.\n");
|
||||
code = -1;
|
||||
return;
|
||||
}
|
||||
|
||||
if(sec_prot_internal(level) < 0){
|
||||
code = -1;
|
||||
return;
|
||||
}
|
||||
data_prot = level;
|
||||
code = 0;
|
||||
}
|
||||
|
||||
void
|
||||
sec_set_protection_level(void)
|
||||
{
|
||||
if(auth_complete && data_prot != request_data_prot)
|
||||
sec_prot_internal(request_data_prot);
|
||||
}
|
||||
|
||||
|
||||
int
|
||||
sec_request_prot(char *level)
|
||||
{
|
||||
int l = name_to_level(level);
|
||||
if(l == -1)
|
||||
return -1;
|
||||
request_data_prot = l;
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int sec_getc(FILE *F)
|
||||
{
|
||||
|
||||
@@ -5,8 +5,13 @@ extern int auth_complete;
|
||||
|
||||
void sec_status(void);
|
||||
|
||||
enum { prot_clear, prot_safe, prot_confidential, prot_private };
|
||||
|
||||
void sec_prot(int, char**);
|
||||
|
||||
void sec_set_protection_level(void);
|
||||
int sec_request_prot(char *level);
|
||||
|
||||
void kauth(int, char **);
|
||||
void klist(int, char **);
|
||||
|
||||
|
||||
@@ -43,6 +43,7 @@ static FILE *cfile;
|
||||
#define PASSWD 3
|
||||
#define ACCOUNT 4
|
||||
#define MACDEF 5
|
||||
#define PROT 6
|
||||
#define ID 10
|
||||
#define MACH 11
|
||||
|
||||
@@ -59,6 +60,7 @@ static struct toktab {
|
||||
{ "account", ACCOUNT },
|
||||
{ "machine", MACH },
|
||||
{ "macdef", MACDEF },
|
||||
{ "prot", PROT },
|
||||
{ NULL, 0 }
|
||||
};
|
||||
|
||||
@@ -66,7 +68,6 @@ int
|
||||
ruserpass(char *host, char **aname, char **apass, char **aacct)
|
||||
{
|
||||
char *hdir, buf[BUFSIZ], *tmp;
|
||||
char myname[MAXHOSTNAMELEN], *mydomain;
|
||||
int t, i, c, usedefault = 0;
|
||||
struct stat stb;
|
||||
|
||||
@@ -80,10 +81,11 @@ ruserpass(char *host, char **aname, char **apass, char **aacct)
|
||||
warn("%s", buf);
|
||||
return (0);
|
||||
}
|
||||
if (gethostname(myname, sizeof(myname)) < 0)
|
||||
myname[0] = '\0';
|
||||
if ((mydomain = strchr(myname, '.')) == NULL)
|
||||
mydomain = "";
|
||||
if(k_gethostname(myhostname, MaxHostNameLen) < 0)
|
||||
strcpy(myhostname, "");
|
||||
if((mydomain = strchr(myhostname, '.')) == NULL)
|
||||
mydomain = myhostname;
|
||||
|
||||
next:
|
||||
while ((t = token())) switch(t) {
|
||||
|
||||
@@ -213,6 +215,11 @@ next:
|
||||
goto bad;
|
||||
}
|
||||
break;
|
||||
case PROT:
|
||||
token();
|
||||
if(sec_request_prot(tokval) < 0)
|
||||
warnx("Unknown protection level \"%s\"", tokval);
|
||||
break;
|
||||
default:
|
||||
warnx("Unknown .netrc keyword %s", tokval);
|
||||
break;
|
||||
|
||||
Reference in New Issue
Block a user