merge new-crypto branch

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@5332 ec53bebd-3082-4978-b11e-865c3cabbd6b
1999-02-11 21:03:59 +00:00
parent 0a6c3f7fde
commit aaae186ab9
83 changed files with 4175 additions and 1509 deletions
--- a/appl/afsutil/Makefile.am
+++ b/appl/afsutil/Makefile.am
@@ -11,7 +11,7 @@ AFSPROGS =
 endif
 bin_PROGRAMS = $(AFSPROGS)

-LDADD = $(top_builddir)/lib/kafs/libkafs.a \
+LDADD = $(top_builddir)/lib/kafs/libkafs.a $(AIX_EXTRA_KAFS) \
 	$(LIB_krb4) \
 	$(top_builddir)/lib/krb5/libkrb5.la \
 	$(top_builddir)/lib/asn1/libasn1.la \
--- a/appl/ftp/ChangeLog
+++ b/appl/ftp/ChangeLog
@@ -1,3 +1,7 @@
+Tue Dec  1 14:44:29 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* ftpd/Makefile.am: link with extra libs for aix
+
 Sun Nov 22 10:28:20 1998  Assar Westerlund  <assar@sics.se>

 	* ftpd/ftpd.c (retrying): support on-the-fly decompression
@@ -33,6 +37,10 @@ Tue Sep  1 16:56:42 1998  Johan Danielsson  <joda@emma.pdc.kth.se>

 	* ftp/cmds.c (quote1): fix % quoting bug

+Fri Aug 14 17:10:06 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* ftp/krb4.c: krb_put_int -> KRB_PUT_INT
+
 Tue Jun 30 18:07:15 1998  Assar Westerlund  <assar@sics.se>

 	* ftp/security.c (auth): free `app_data'
--- a/appl/ftp/ftp/krb4.c
+++ b/appl/ftp/ftp/krb4.c
@@ -152,7 +152,7 @@ krb4_adat(void *app_data, void *buf, size_t len)
    cs = auth_dat.checksum + 1;
    {
 	unsigned char tmp[4];
-	krb_put_int(cs, tmp, 4, sizeof(tmp));
+	KRB_PUT_INT(cs, tmp, 4, sizeof(tmp));
 	tmp_len = krb_mk_safe(tmp, msg, 4, &d->key, &LOCAL_ADDR, &REMOTE_ADDR);
    }
    if(tmp_len < 0){
--- a/appl/ftp/ftpd/Makefile.am
+++ b/appl/ftp/ftpd/Makefile.am
@@ -40,7 +40,7 @@ gssapi.c:
 CLEANFILES = security.c security.h krb4.c gssapi.c

 if KRB4
-afslib = $(top_builddir)/lib/kafs/libkafs.a
+afslib = $(top_builddir)/lib/kafs/libkafs.a $(AIX_EXTRA_KAFS)
 else
 afslib =
 endif
--- a/appl/rsh/common.c
+++ b/appl/rsh/common.c
@@ -68,9 +68,12 @@ do_read (int fd,
 	    ret = krb5_net_read (context, &fd, buf, outer_len);
 	    if (ret != outer_len)
 		return ret;
-	    status = krb5_decrypt(context, buf, outer_len,
-				  ETYPE_DES_CBC_CRC, /* XXX */
-				  keyblock, &data);
+
+	    
+
+	    status = krb5_decrypt(context, crypto, KRB5_KU_OTHER_ENCRYPTED, 
+				  buf, outer_len, &data);
+	    
 	    if (status)
 		errx (1, "%s", krb5_get_err_text (context, status));
 	    memcpy (buf, data.data, len);
@@ -98,12 +101,9 @@ do_write (int fd, void *buf, size_t sz)
 	    u_int32_t len;
 	    int ret;

-	    status = krb5_encrypt (context,
-				   buf,
-				   sz,
-				   ETYPE_DES_CBC_CRC, /* XXX */
-				   keyblock,
-				   &data);
+	    status = krb5_encrypt(context, crypto, KRB5_KU_OTHER_ENCRYPTED,
+				  buf, sz, &data);
+	    
 	    if (status)
 		errx (1, "%s", krb5_get_err_text(context, status));
 	    len = htonl(sz);
--- a/appl/rsh/rsh.c
+++ b/appl/rsh/rsh.c
@@ -44,6 +44,7 @@ int do_encrypt;
 int do_forward;
 krb5_context context;
 krb5_keyblock *keyblock;
+krb5_crypto crypto;
 des_key_schedule schedule;
 des_cblock iv;

@@ -278,6 +279,11 @@ send_krb5_auth(int s,
      errx (1, "krb5_auth_con_getkey: %s",
 	    krb5_get_err_text(context, status));

+    krb5_crypto_init(context, keyblock, 0, &crypto);
+    if(status)
+	errx (1, "krb5_crypto_init: %s",
+	      krb5_get_err_text(context, status));
+
    len = strlen(remote_user) + 1;
    if (net_write (s, remote_user, len) != len)
 	err (1, "write");
--- a/appl/rsh/rsh_locl.h
+++ b/appl/rsh/rsh_locl.h
@@ -122,6 +122,7 @@ extern enum auth_method auth_method;
 extern int do_encrypt;
 extern krb5_context context;
 extern krb5_keyblock *keyblock;
+extern krb5_crypto crypto;
 extern des_key_schedule schedule;
 extern des_cblock iv;

--- a/appl/rsh/rshd.c
+++ b/appl/rsh/rshd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997 Kungliga Tekniska H<>gskolan
+ * Copyright (c) 1997, 1998 Kungliga Tekniska H<>gskolan
 * (Royal Institute of Technology, Stockholm, Sweden). 
 * All rights reserved. 
 *
@@ -43,6 +43,7 @@ enum auth_method auth_method;

 krb5_context context;
 krb5_keyblock *keyblock;
+krb5_crypto crypto;
 des_key_schedule schedule;
 des_cblock iv;

@@ -225,7 +226,6 @@ recv_krb5_auth (int s, u_char *buf,
    krb5_auth_context auth_context = NULL;
    krb5_ticket *ticket;
    krb5_error_code status;
-    krb5_authenticator authenticator;
    krb5_data cksum_data;
    krb5_principal server;

@@ -269,33 +269,31 @@ recv_krb5_auth (int s, u_char *buf,

    status = krb5_auth_con_getkey (context, auth_context, &keyblock);
    if (status)
-	syslog_and_die ("krb5_auth_con_getkey: %s",
-			krb5_get_err_text(context, status));
+       syslog_and_die ("krb5_auth_con_getkey: %s",
+                       krb5_get_err_text(context, status));

-    status = krb5_auth_getauthenticator (context,
-					 auth_context,
-					 &authenticator);
-    if (status)
-	syslog_and_die ("krb5_auth_getauthenticator: %s",
-			krb5_get_err_text(context, status));
+    status = krb5_crypto_init(context, keyblock, 0, &crypto);
+    if(status)
+	syslog_and_die("krb5_crypto_init: %s", 
+		       krb5_get_err_text(context, status));

+    
    cksum_data.length = asprintf ((char **)&cksum_data.data,
 				  "%u:%s%s",
 				  ntohs(thisaddr.sin_port),
 				  cmd,
 				  server_username);

-    status = krb5_verify_checksum (context,
-				   cksum_data.data,
-				   cksum_data.length,
-				   keyblock,
-				   authenticator->cksum);
+    status = krb5_verify_authenticator_checksum(context, 
+						auth_context,
+						cksum_data.data, 
+						cksum_data.length);
+
    if (status)
-	syslog_and_die ("krb5_verify_checksum: %s",
+	syslog_and_die ("krb5_verify_authenticator_checksum: %s",
 			krb5_get_err_text(context, status));

    free (cksum_data.data);
-    krb5_free_authenticator (context, &authenticator);

    recv_krb5_creds (s, auth_context, server_username, ticket->client);

--- a/appl/telnet/ChangeLog
+++ b/appl/telnet/ChangeLog
@@ -4,6 +4,18 @@ Mon Feb  1 04:08:36 1999  Assar Westerlund  <assar@sics.se>
 	if we actually have IPv6.  From "Brandon S. Allbery KF8NH"
 	<allbery@kf8nh.apk.net>

+Sat Nov 21 16:51:00 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
+
+	* telnetd/sys_term.c (cleanup): don't call vhangup() on sgi:s
+
+Fri Aug 14 16:29:18 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* libtelnet/kerberos.c: krb_put_int -> KRB_PUT_INT
+
+Thu Jul 23 20:29:05 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
+
+	* libtelnet/kerberos5.c: use krb5_verify_authenticator_checksum
+
 Wed May 27 04:19:17 1998  Assar Westerlund  <assar@sics.se>

 	* telnet/sys_bsd.c (process_rings): correct call to `stilloob'
--- a/appl/telnet/libtelnet/kerberos.c
+++ b/appl/telnet/libtelnet/kerberos.c
@@ -620,13 +620,13 @@ pack_cred(CREDENTIALS *cred, unsigned char *buf)
    p += REALM_SZ;
    memcpy(p, cred->session, 8);
    p += 8;
-    p += krb_put_int(cred->lifetime, p, 4, 4);
-    p += krb_put_int(cred->kvno, p, 4, 4);
-    p += krb_put_int(cred->ticket_st.length, p, 4, 4);
+    p += KRB_PUT_INT(cred->lifetime, p, 4, 4);
+    p += KRB_PUT_INT(cred->kvno, p, 4, 4);
+    p += KRB_PUT_INT(cred->ticket_st.length, p, 4, 4);
    memcpy(p, cred->ticket_st.dat, cred->ticket_st.length);
    p += cred->ticket_st.length;
-    p += krb_put_int(0, p, 4, 4);
-    p += krb_put_int(cred->issue_date, p, 4, 4);
+    p += KRB_PUT_INT(0, p, 4, 4);
+    p += KRB_PUT_INT(cred->issue_date, p, 4, 4);
    memcpy (p, cred->pname, ANAME_SZ);
    p += ANAME_SZ;
    memcpy (p, cred->pinst, INST_SZ);
--- a/appl/telnet/libtelnet/kerberos5.c
+++ b/appl/telnet/libtelnet/kerberos5.c
@@ -256,7 +256,6 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
    krb5_keyblock *key_block;
    char *name;
    krb5_principal server;
-    krb5_authenticator authenticator;
    int zero = 0;

    if (cnt-- < 1)
@@ -327,55 +326,29 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 	    free (errbuf);
 	    return;
 	}
-
-	ret = krb5_auth_con_getkey(context, auth_context, &key_block);
-	if (ret) {
-	    Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    if (auth_debug_mode)
-		printf("Kerberos V5: "
-		       "krb5_auth_con_getkey failed (%s)\r\n",
-		       krb5_get_err_text(context, ret));
-	    return;
-	}
 	
-	ret = krb5_auth_getauthenticator (context,
-					  auth_context,
-					  &authenticator);
-	if (ret) {
-	    Data(ap, KRB_REJECT, "krb5_auth_getauthenticator failed", -1);
-	    auth_finished(ap, AUTH_REJECT);
-	    if (auth_debug_mode)
-		printf("Kerberos V5: "
-		       "krb5_auth_getauthenticator failed (%s)\r\n",
-		       krb5_get_err_text(context, ret));
-	    return;
-	}
-
-	if (authenticator->cksum) {
+	{
 	    char foo[2];
-
+	    
 	    foo[0] = ap->type;
 	    foo[1] = ap->way;
+	    
+	    ret = krb5_verify_authenticator_checksum(context,
+						     auth_context,
+						     foo, 
+						     sizeof(foo));

-	    ret = krb5_verify_checksum (context,
-					foo,
-					sizeof(foo),
-					key_block,
-					authenticator->cksum);
 	    if (ret) {
-		Data(ap, KRB_REJECT, "No checksum", -1);
+		char *errbuf;
+		asprintf(&errbuf, "Bad checksum: %s", 
+			 krb5_get_err_text(context, ret));
+		Data(ap, KRB_REJECT, errbuf, -1);
 		if (auth_debug_mode)
-		    printf ("No checksum\r\n");
-		krb5_free_authenticator (context,
-					 &authenticator);
-		
+		    printf ("%s\r\n", errbuf);
+		free(errbuf);
 		return;
 	    }
 	}
-	krb5_free_authenticator (context,
-				 &authenticator);
-
 	ret = krb5_auth_con_getremotesubkey (context,
 					     auth_context,
 					     &key_block);
@@ -416,7 +389,9 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 		       name ? name : "");
 	    }

-	    if(key_block->keytype == KEYTYPE_DES) {
+	    if(key_block->keytype == ETYPE_DES_CBC_MD5 ||
+	       key_block->keytype == ETYPE_DES_CBC_MD4 ||
+	       key_block->keytype == ETYPE_DES_CBC_CRC) {
 		Session_Key skey;

 		skey.type = SK_DES;
--- a/appl/telnet/telnetd/sys_term.c
+++ b/appl/telnet/telnetd/sys_term.c
@@ -1602,8 +1602,10 @@ cleanup(int sig)
 #if defined(HAVE_UTMPX_H) || !defined(HAVE_LOGWTMP)
    rmut();
 #ifdef HAVE_VHANGUP
+#ifndef __sgi
    vhangup(); /* XXX */
 #endif
+#endif
 #else
    char *p;