lots of new stuff

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@299 ec53bebd-3082-4978-b11e-865c3cabbd6b
1996-03-17 00:51:52 +00:00
parent 81cbbf7820
commit e40b97b423
21 changed files with 2152 additions and 3 deletions
--- a/lib/krb5/get_in_tkt.c
+++ b/lib/krb5/get_in_tkt.c
@@ -1,5 +1,35 @@
 #include "krb5_locl.h"

+static krb5_error_code
+krb5_get_salt (krb5_principal princ,
+	       krb5_data realm,
+	       krb5_data *salt)
+{
+     size_t len;
+     int i;
+     krb5_error_code err;
+     char *p;
+     
+     len = realm->len;
+     for (i = 0; i < princ->ncomp; ++i)
+	  len += princ->comp[i].length;
+     err = krb5_alloc (salt, len);
+     if (err)
+	  return err;
+     p = salt->data;
+     strncpy (p, realm->data, realm->len);
+     p += realm->len;
+     for (i = 0; i < princ->cnomp; ++i) {
+	  strncpy (p, princ->comp[i].data, princ->comp[i].length);
+	  p += princ->comp[i].length;
+     }
+     return 0;
+}
+
+/*
+ *
+ */
+
 krb5_error_code
 krb5_get_in_tkt(krb5_context context,
 		krb5_flags options,
@@ -14,5 +44,65 @@ krb5_get_in_tkt(krb5_context context,
 		krb5_ccache ccache,
 		krb5_kdc_rep **ret_as_reply)
 {
-  
+     As_Req a;
+     Kdc_Rep rep;
+     krb5_principal server;
+     krb5_data req, resp;
+     char buf[BUFSIZ];
+     Buffer buf;
+     krb5_data salt;
+     krb5_keyblock *key;
+
+     server.type = KRB_NT_SRV_INST;
+     server.ncomp = 2;
+     server.comp = malloc (sizeof(*server.comp) * server.ncomp);
+     server.comp[0] = string_make ("krbtgt");
+     server.comp[1] = creds->client.realm;
+
+     a.pvno = 5;
+     a.msg_type = KRB_AS_REQ;
+/* a.kdc_options */
+     a.cname = &creds->client;
+     a.sname = &server;
+     a.realm = creds->client.realm;
+     a.till  = creds->times.endtime;
+     a.nonce = 17;
+     if (etypes)
+	  a.etypes = etypes;
+     else
+	  a.etypes = context->etypes;
+     if (addrs)
+	  a.addresses = addrs;
+     else
+	  a.addresses = krb5_get_all_client_addrs ();
+     
+     req.data = buf;
+
+     req.len = der_put_as_req (req.data + sizeof(buf) - 1, &a);
+     string_free (server.comp[0]);
+     free (server.comp);
+     if (addrs == NULL)
+	  free (a.addresses);
+
+     err = krb5_sendto_kdc (context, &req, a.realm, &resp);
+     if (err) {
+	  return err;
+     }
+     buf_init (&buffer, resp.data, resp.len);
+     if (der_get_as_rep (&buffer, &rep) == -1) {
+	  return ASN1_PARSE_ERROR;
+     }
+     err = krb5_get_salt (creds->client, creds->client.realm, &salt);
+     if (err)
+	  return err;
+     err = (*key_proc)(context, b.enc_part.etype, salt, keyseed, &key);
+     krb5_data_free (&salt);
+     if (err)
+	  return err;
+     
+     err = (*decrypt_proc)(context, key, decryptarg, &rep);
+     memset (&key.contents.data, 0, key.contents.length);
+     krb5_data_free (&key.contents);
+     if (err)
+	  return err;
 }
--- a/lib/krb5/get_in_tkt_pw.c
+++ b/lib/krb5/get_in_tkt_pw.c
@@ -0,0 +1,41 @@
+#include "krb5_locl.h"
+
+static krb5_error_code
+key_proc (krb5_context context,
+	  krb5_keytype type,
+	  krb5_data *salt,
+	  krb5_const_pointer keyseed,
+	  krb5_keyblock **key)
+{
+     krb5_error_code err;
+     char *password = (char *)keyseed;
+     char buf[BUFSIZ];
+     
+     key = malloc (sizeof (*key));
+     if (key == NULL)
+	  return ENOMEM;
+     key->keytype = type;
+     if (password == NULL) {
+	  des_read_pw_string (buf, sizeof(buf), "Password: ", 0);
+	  password = buf;
+     }
+     err = krb5_string_to_key (password, salt, key);
+     memset (buf, 0, sizeof(buf));
+     return err;
+}
+
+krb5_error_code
+krb5_get_in_tkt_with_password (krb5_context context,
+			       krb5_flags options,
+			       krb5_address *const *addrs,
+			       const krb5_enctype *etypes,
+			       const krb5_preauthtype *pre_auth_types,
+			       const char *password,
+			       krb5_ccache ccache,
+			       krb5_creds *creds,
+			       krb5_kdc-rep **ret_as_reply)
+{
+     return krb5_get_in_tkt (context, options, addrs, etypes,
+			     pre_auth_types, key_proc, password,
+			     NULL, NULL, creds, cache, ret_as_reply);
+}
--- a/lib/krb5/get_port.c
+++ b/lib/krb5/get_port.c
@@ -0,0 +1,17 @@
+#include <krb5_locl.h>
+
+int
+krb5_getportbyname (const char *service,
+		    const char *proto,
+		    int default_port)
+{
+    struct servent *sp;
+
+    if ((sp = getservbyname (service, proto)) == NULL) {
+	 fprintf (stderr, "%s/%s unknown service, "
+		  "using default port %d\n", service, proto,
+		  ntohs(default_port));
+	 return default_port;
+    } else
+	 return sp->s_port;
+}
--- a/lib/krb5/krbhst.c
+++ b/lib/krb5/krbhst.c
@@ -0,0 +1,27 @@
+#include "krb5_locl.h"
+
+krb5_error_code
+krb5_get_krbhst (krb5_context context,
+		 const krb5_data *realm,
+		 char ***hostlist)
+{
+     krb5_error_code err;
+     char buf[BUFSIZ];
+     char *val;
+     
+     sprintf (buf, "realms %s kdc", realm.data);
+     err = krb5_get_config_tag (context.cf, buf, &val);
+     if (err)
+	  return err;
+     **hostlist = malloc (2 * sizeof (char *));
+     (*hostlist)[0] = val;
+     (*hostlist)[1] = NULL;
+     return 0;
+}
+
+krb5_error_code
+krb5_free_krbhst (krb5_context context,
+		  char *const *hostlist)
+{
+     free (hostlist);
+}
--- a/lib/krb5/send_to_kdc.c
+++ b/lib/krb5/send_to_kdc.c
@@ -0,0 +1,85 @@
+#include "krb5_locl.h"
+
+static int
+send_and_recv (int fd,
+	       struct sockaddr_in *addr,
+	       krb5_data *send,
+	       krb5_data *recv)
+{
+     struct fdset fdset;
+     struct timeval timeout;
+     int ret;
+     long nbytes;
+
+     if (sendto (fd, send->data, send->len, 0,
+		 (struct sockaddr *)addr, sizeof(*addr)) < 0)
+	  return -1;
+     FD_ZERO(&fdset);
+     FD_SET(fd, &fdset);
+     timeout.tv_sec  = 3;
+     timeout.tv_usec = 0;
+     ret = select (fd + 1, &fdset, NULL, NULL, &timeout);
+     if (ret <= 0)
+	  return -1;
+     else {
+	  ioctl (fd, FIONREAD, &nbytes);
+
+	  nbytes -= sizeof(struct udphdr) + sizeof(struct iphdr);
+
+	  recv->data = malloc (nbytes);
+	  ret = recvfrom (fd, recv->data, nbytes, 0, NULL, 0);
+	  if (ret < 0) {
+	       free (recv->data);
+	       return -1;
+	  }
+	  recv->data = realloc (recv->data, ret);
+	  recv->len  = ret;
+	  return 0;
+     }
+}
+
+krb5_error_code
+krb5_sentdo_kdc (krb5_context context,
+		 const krb5_data *send,
+		 const krb5_data *realm,
+		 krb5_data *receive)
+{
+     krb5_error_code err;
+     char **hostlist, **hp, *p;
+     struct hostent *hostent;
+     int fd;
+     int port;
+     int i;
+
+     port = krb5_getportbyname ("kerberos", "udp", htons(750));
+     fd = socket (AF_INET, SOCK_DGRAM, 0);
+     if (fd < 0)
+	  return errno;
+
+     err = krb5_get_krbhst (context, realm, &hostlist);
+     if (err) {
+	  close (fd);
+	  return err;
+     }
+     for (i = 0; i < 3; ++i)
+	  for (hp = hostlist; p = *hp; ++hp) {
+	       char *addr;
+
+	       hostent = gethostbyname (p);
+	       while (addr = *hostent->h_addr_list++) {
+		    struct sockaddr_in a;
+		    
+		    memset (a, 0, sizeof(a));
+		    a.sin_family = AF_INET;
+		    a.sin_port   = port;
+		    a.sin_addr   = *((struct in_addr *)addr);
+		    
+		    if (send_and_recv (fd, &a, send, recv) == 0) {
+			 krb5_free_krbhst (context, hostlist);
+			 return KDC_ERR_NONE;
+		    }
+	       }
+	  }
+     krb5_free_krbhst (context, hostlist);
+     return KRB5_KDC_UNREACH;
+}
--- a/lib/krb5/str2key.c
+++ b/lib/krb5/str2key.c
@@ -0,0 +1,141 @@
+#include <krb5_locl.h>
+
+/*
+ * Reverse 8 bytes
+ */
+
+static void
+reverse (unsigned char *s)
+{
+     static unsigned char tbl[] = {
+	  0x0,
+	  0x8,
+	  0x4,
+	  0xC,
+	  0x2,
+	  0xA,
+	  0x6,
+	  0xE,
+	  0x1,
+	  0x9,
+	  0x5,
+	  0xD,
+	  0x3,
+	  0xB,
+	  0x7,
+	  0xF
+     };
+
+     char tmp;
+
+#define REVONE(str, i, j) \
+do { tmp = str[i]; str[i] = str[j]; str[j] = tmp;} while(0)
+
+     REVONE(s,0,7);
+     REVONE(s,1,6);
+     REVONE(s,2,5);
+     REVONE(s,3,4);
+#undef REVONE
+
+#define REVTWO(q) \
+q = (tbl[q & 0x0F] << 4) | (tbl[q >> 4])
+
+     REVTWO(s[0]);
+     REVTWO(s[1]);
+     REVTWO(s[2]);
+     REVTWO(s[3]);
+     REVTWO(s[4]);
+     REVTWO(s[5]);
+     REVTWO(s[6]);
+     REVTWO(s[7]);
+
+#undef REVTWO
+}
+
+/*
+ * A = A xor B. A & B is 8 bytes.
+ */
+
+static void
+xor (unsigned char *a, unsigned char *b)
+{
+     a[0] ^= b[0];
+     a[1] ^= b[1];
+     a[2] ^= b[2];
+     a[3] ^= b[3];
+     a[4] ^= b[4];
+     a[5] ^= b[5];
+     a[6] ^= b[6];
+     a[7] ^= b[7];
+}
+
+/*
+ * Init a from b
+ */
+
+static void
+init (unsigned char *a, unsigned char *b)
+{
+     a[0] = b[0] << 1;
+     a[1] = b[1] << 1;
+     a[2] = b[2] << 1;
+     a[3] = b[3] << 1;
+     a[4] = b[4] << 1;
+     a[5] = b[5] << 1;
+     a[6] = b[6] << 1;
+     a[7] = b[7] << 1;
+}
+
+void
+krb5_string_to_key (char *str,
+		    krb5_data *salt,
+		    krb5_keyblock *key)
+{
+     int odd, i;
+     size_t len;
+     char *s, *p;
+     des_cblock tempkey;
+     des_key_schedule sched;
+     krb5_error_code err;
+
+     len = strlen(str) + salt->len;
+#if 1
+     len = (len + 7) / 8 * 8;
+#endif
+     p = s = malloc (len);
+     if (p == NULL)
+	  return ENOMEM;
+     err = krb5_data_alloc (&key->contents, sizeof(des_cblock));
+     if (err) {
+	  free (p);
+	  return err;
+     }
+     memset (s, 0, len);
+     strncpy (p, str, strlen(str));
+     p += strlen(str);
+     strncpy (p, salt->data, salt->len);
+     odd = 1;
+     memset (tempkey, 0, sizeof(tempkey));
+     for (i = 0; i < len; i += 8) {
+	  unsigned char tmp[8];
+
+	  init (tmp, &s[i]);
+
+	  if (odd == 0) {
+	       odd = 1;
+	       reverse (tmp);
+	       init (tmp, tmp);
+	  } else
+	       odd = 0;
+	  xor (tempkey, tmp);
+     }
+     des_set_odd_parity (&tempkey);
+     des_set_key (&tempkey, sched);
+     des_cbc_cksum ((des_cblock *)s, &tempkey, len, sched, &tempkey);
+     free (s);
+     des_set_odd_parity (&tempkey);
+     if (des_is_weak_key (&tempkey))
+	  xor ((char *)&tempkey, "0x000x000x000x000x000x000x000xF0");
+     memcpy (key->contents.data, &tempkey, sizeof(tempkey));
+     return 0;
+}