[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
inetutils libinetutils/shishi.c rlogind/rlogind...
From: |
shishi-commit |
Subject: |
inetutils libinetutils/shishi.c rlogind/rlogind... |
Date: |
Wed, 24 Sep 2003 17:30:35 -0400 |
CVSROOT: /cvsroot/shishi
Module name: inetutils
Branch:
Changes by: Nicolas Pouvesle <address@hidden> 03/09/24 17:30:35
Modified files:
libinetutils : shishi.c
rlogind : rlogind.c
rshd : rshd.c
rsh : rsh.c
Log message:
Add checksum verification.
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/libinetutils/shishi.c.diff?tr1=1.6&tr2=1.7&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/rlogind/rlogind.c.diff?tr1=1.6&tr2=1.7&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/rshd/rshd.c.diff?tr1=1.5&tr2=1.6&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/rsh/rsh.c.diff?tr1=1.6&tr2=1.7&r1=text&r2=text
Patches:
Index: inetutils/libinetutils/shishi.c
diff -u inetutils/libinetutils/shishi.c:1.6 inetutils/libinetutils/shishi.c:1.7
--- inetutils/libinetutils/shishi.c:1.6 Wed Sep 24 11:17:58 2003
+++ inetutils/libinetutils/shishi.c Wed Sep 24 17:30:35 2003
@@ -67,7 +67,7 @@
h = *handle;
- //if (!(*cname))
+ if (!(*cname))
*cname = (char *) shishi_principal_default (h);
/* size of KRB5 auth message */
@@ -96,7 +96,7 @@
if (verbose)
{
- printf ("Client: %s\n", cname);
+ printf ("Client: %s\n", *cname);
printf ("Server: %s\n", sname);
}
@@ -109,7 +109,7 @@
strcat (tmpserver, "/");
strcat (tmpserver, sname);
- hint.client = (char *) cname;
+ hint.client = (char *) *cname;
hint.server = (char *) tmpserver;
tkt = shishi_tkts_get (shishi_tkts_default (h), &hint);
@@ -137,7 +137,7 @@
/* checksum = port: terminal name */
- snprintf (cksumdata, 100, "%u:%s%s", ntohs(port), cmd, cname);
+ snprintf (cksumdata, 100, "%u:%s%s", ntohs(port), cmd, *cname);
/* add checksum to authenticator */
@@ -227,8 +227,8 @@
}
int
-get_auth (int infd, Shishi ** handle, Shishi_key ** enckey, const char **
err_msg, int * protoversion
- /*int * cksumtype, char * cksum, int * cksumlen*/)
+get_auth (int infd, Shishi ** handle, Shishi_key ** enckey, const char **
err_msg, int * protoversion,
+ int * cksumtype, char * cksum, int * cksumlen)
{
Shishi_key *key;
Shishi_ap *ap;
@@ -399,13 +399,13 @@
#endif
/* Get authenticator checksum */
- /* rc = shishi_authenticator_cksum (*handle, shishi_ap_authenticator (ap),
cksumtype, cksum, cksumlen);
+ rc = shishi_authenticator_cksum (*handle, shishi_ap_authenticator (ap),
cksumtype, cksum, cksumlen);
if (rc != SHISHI_OK)
{
syslog (LOG_ERR, "Could not get checksum authenticator from AP-REQ:
%s\n", shishi_strerror (rc));
return 1;
}
- */
+
/* User is authenticated. */
error = 0;
Index: inetutils/rlogind/rlogind.c
diff -u inetutils/rlogind/rlogind.c:1.6 inetutils/rlogind/rlogind.c:1.7
--- inetutils/rlogind/rlogind.c:1.6 Wed Sep 24 11:17:58 2003
+++ inetutils/rlogind/rlogind.c Wed Sep 24 17:30:35 2003
@@ -1029,16 +1029,20 @@
int error = 0;
int keylen, keytype;
struct passwd *pwd = NULL;
- /*int cksumtype, cksumlen = 30;
+ int cksumtype, cksumlen = 30;
char cksum[30];
+ char * compcksum;
+ size_t compcksumlen;
char cksumdata[100];
- */
+ struct sockaddr_in sock;
+ size_t socklen;
+
#ifdef ENCRYPTION
- rc = get_auth (infd, &ad->h, &ad->enckey, err_msg, &ad->protocol
- /*&cksumtype, cksum, &cksumlen*/);
+ rc = get_auth (infd, &ad->h, &ad->enckey, err_msg, &ad->protocol,
+ &cksumtype, cksum, &cksumlen);
#else
rc = get_auth (infd, &ad->h, NULL, err_msg, &ad->protocol
- /*&cksumtype, cksum, &cksumlen*/);
+ &cksumtype, cksum, &cksumlen);
#endif
if (rc != SHISHI_OK)
return rc;
@@ -1124,18 +1128,29 @@
"Kerberos V login from %s on %s\n",
ad->lusername, ad->hostname);
- /* ADD CHECKSUM VERIFICATION CODE !!!!!!!!!!!!!! */
- /*
- snprintf (cksumdata, 100, "%u:%s%s", ntohs(port), ad->term + 5,
ad->lusername);
- shishi_checksum (Shishi * handle,
- Shishi_key * key,
- int keyusage,
- int cksumtype,
- const char *in, size_t inlen, char **out, size_t * outlen)
- */
+ /* verify checksum */
- free (pwd);
+ if (getsockname (infd, (struct sockaddr *)&sock, &socklen) < 0)
+ {
+ syslog (LOG_ERR, "Can't get sock name");
+ fatal (infd, "Can't get sockname", 1);
+ }
+ snprintf (cksumdata, 100, "%u:%s%s", ntohs(sock.sin_port), ad->term + 5,
ad->lusername);
+ rc = shishi_checksum (ad->h, ad->enckey, 0, cksumtype, cksumdata,
+ strlen (cksumdata), &compcksum, &compcksumlen);
+ if ((rc != SHISHI_OK) || (compcksumlen != cksumlen) || (memcmp (compcksum,
cksum, cksumlen) != 0))
+ {
+ /* err_msg crash ? */
+ /* *err_msg = "checksum verify failed"; */
+ syslog (LOG_ERR, "checksum verify failed: %s", shishi_error (ad->h));
+ free (compcksum);
+ return 1;
+ }
+
+ free (pwd);
+ free (compcksum);
+
return SHISHI_OK;
}
#endif
Index: inetutils/rsh/rsh.c
diff -u inetutils/rsh/rsh.c:1.6 inetutils/rsh/rsh.c:1.7
--- inetutils/rsh/rsh.c:1.6 Wed Sep 24 11:17:58 2003
+++ inetutils/rsh/rsh.c Wed Sep 24 17:30:35 2003
@@ -351,8 +351,6 @@
if (*host == '\0')
usage ();
}
- if (!user)
- user = pw->pw_name;
}
#if defined(KERBEROS) || defined(SHISHI)
@@ -500,11 +498,15 @@
}
else
{
+ if (!user)
+ user = pw->pw_name;
if (doencrypt)
errx (1, "the -x flag requires Kerberos authentication");
rem = rcmd (&host, sp->s_port, pw->pw_name, user, args, &rfd2);
}
#else
+ if (!user)
+ user = pw->pw_name;
rem = rcmd (&host, sp->s_port, pw->pw_name, user, args, &rfd2);
#endif
Index: inetutils/rshd/rshd.c
diff -u inetutils/rshd/rshd.c:1.5 inetutils/rshd/rshd.c:1.6
--- inetutils/rshd/rshd.c:1.5 Wed Sep 24 11:17:58 2003
+++ inetutils/rshd/rshd.c Wed Sep 24 17:30:35 2003
@@ -308,6 +308,8 @@
int pv1[2], pv2[2];
fd_set wready, writeto;
int keytype, keylen;
+ int cksumtype, cksumlen = 30;
+ char cksum[30];
#endif
signal(SIGINT, SIG_DFL);
@@ -567,7 +569,8 @@
int rc;
char * err_msg = NULL;
- rc = get_auth (STDIN_FILENO, &h, &enckey, &err_msg, &protocol);
+ rc = get_auth (STDIN_FILENO, &h, &enckey, &err_msg, &protocol,
+ &cksumtype, cksum, &cksumlen);
if (rc != SHISHI_OK)
{
error ("Kerberos authentication failure: %s\n", err_msg);
@@ -588,6 +591,11 @@
{
int error;
int rc;
+ char * compcksum;
+ size_t compcksumlen;
+ char cksumdata[100];
+ struct sockaddr_in sock;
+ size_t socklen;
#ifdef ENCRYPTION
if (strlen (cmdbuf) >= 3)
@@ -646,6 +654,30 @@
//error ("Kerberos authentication failure: %s\n", err_msg);
exit (1);
}
+
+ /* verify checksum */
+
+ /* Doesn't give socket port ?
+ if (getsockname (STDIN_FILENO, (struct sockaddr *)&sock, &socklen) < 0)
+ {
+ syslog (LOG_ERR, "Can't get sock name");
+ exit (1);
+ }
+ */
+ snprintf (cksumdata, 100, "544:%s%s", /*ntohs(sock.sin_port),*/ cmdbuf,
locuser);
+ rc = shishi_checksum (h, enckey, 0, cksumtype, cksumdata,
+ strlen (cksumdata), &compcksum, &compcksumlen);
+ if ((rc != SHISHI_OK) || (compcksumlen != cksumlen) || (memcmp (compcksum,
cksum, cksumlen) != 0))
+ {
+ /* err_msg crash ? */
+ /* *err_msg = "checksum verify failed"; */
+ syslog (LOG_ERR, "checksum verify failed: %s", shishi_error (h));
+ free (compcksum);
+ exit (1);
+ }
+
+ free (compcksum);
+
}
#endif