shishi-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

inetutils libinetutils/shishi.c rlogind/rlogind...

From: shishi-commit
Subject: inetutils libinetutils/shishi.c rlogind/rlogind...
Date: Wed, 24 Sep 2003 17:30:35 -0400 
CVSROOT:        /cvsroot/shishi
Module name:    inetutils
Branch:         
Changes by:     Nicolas Pouvesle <address@hidden>       03/09/24 17:30:35

Modified files:
        libinetutils   : shishi.c 
        rlogind        : rlogind.c 
        rshd           : rshd.c 
        rsh            : rsh.c 

Log message:
        Add checksum verification.

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/libinetutils/shishi.c.diff?tr1=1.6&tr2=1.7&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/rlogind/rlogind.c.diff?tr1=1.6&tr2=1.7&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/rshd/rshd.c.diff?tr1=1.5&tr2=1.6&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/rsh/rsh.c.diff?tr1=1.6&tr2=1.7&r1=text&r2=text

Patches:
Index: inetutils/libinetutils/shishi.c
diff -u inetutils/libinetutils/shishi.c:1.6 inetutils/libinetutils/shishi.c:1.7
--- inetutils/libinetutils/shishi.c:1.6 Wed Sep 24 11:17:58 2003
+++ inetutils/libinetutils/shishi.c     Wed Sep 24 17:30:35 2003
@@ -67,7 +67,7 @@
   
   h = *handle;
   
-  //if (!(*cname))
+  if (!(*cname))
     *cname = (char *) shishi_principal_default (h);
   
   /* size of KRB5 auth message */
@@ -96,7 +96,7 @@
 
   if (verbose)
     {
-      printf ("Client: %s\n", cname);
+      printf ("Client: %s\n", *cname);
       printf ("Server: %s\n", sname);
     }
   
@@ -109,7 +109,7 @@
   strcat (tmpserver, "/");
   strcat (tmpserver, sname);
   
-  hint.client = (char *) cname;
+  hint.client = (char *) *cname;
   hint.server = (char *) tmpserver;
   
   tkt = shishi_tkts_get (shishi_tkts_default (h), &hint);
@@ -137,7 +137,7 @@
 
   /* checksum = port: terminal name */
 
-  snprintf (cksumdata, 100, "%u:%s%s", ntohs(port), cmd, cname);  
+  snprintf (cksumdata, 100, "%u:%s%s", ntohs(port), cmd, *cname);  
   
   /* add checksum to authenticator */
 
@@ -227,8 +227,8 @@
 }
 
 int
-get_auth (int infd, Shishi ** handle, Shishi_key ** enckey, const char ** 
err_msg, int * protoversion
-         /*int * cksumtype, char * cksum, int * cksumlen*/)
+get_auth (int infd, Shishi ** handle, Shishi_key ** enckey, const char ** 
err_msg, int * protoversion,
+         int * cksumtype, char * cksum, int * cksumlen)
 {
   Shishi_key *key;
   Shishi_ap *ap;
@@ -399,13 +399,13 @@
 #endif
 
   /* Get authenticator checksum */
-  /*  rc = shishi_authenticator_cksum (*handle, shishi_ap_authenticator (ap), 
cksumtype, cksum, cksumlen);
+  rc = shishi_authenticator_cksum (*handle, shishi_ap_authenticator (ap), 
cksumtype, cksum, cksumlen);
   if (rc != SHISHI_OK)
     {
       syslog (LOG_ERR, "Could not get checksum authenticator from AP-REQ: 
%s\n", shishi_strerror (rc));
       return 1;
     }
-  */
+  
 
   /* User is authenticated. */
   error = 0;
Index: inetutils/rlogind/rlogind.c
diff -u inetutils/rlogind/rlogind.c:1.6 inetutils/rlogind/rlogind.c:1.7
--- inetutils/rlogind/rlogind.c:1.6     Wed Sep 24 11:17:58 2003
+++ inetutils/rlogind/rlogind.c Wed Sep 24 17:30:35 2003
@@ -1029,16 +1029,20 @@
   int error = 0;
   int keylen, keytype;
   struct passwd *pwd = NULL;
-  /*int cksumtype, cksumlen = 30;
+  int cksumtype, cksumlen = 30;
   char cksum[30];
+  char * compcksum;
+  size_t compcksumlen;
   char cksumdata[100];
-  */
+  struct sockaddr_in sock;
+  size_t socklen;    
+  
 #ifdef ENCRYPTION  
-  rc = get_auth (infd, &ad->h, &ad->enckey, err_msg, &ad->protocol
-                /*&cksumtype, cksum, &cksumlen*/);
+  rc = get_auth (infd, &ad->h, &ad->enckey, err_msg, &ad->protocol,
+                &cksumtype, cksum, &cksumlen);
 #else
   rc = get_auth (infd, &ad->h, NULL, err_msg, &ad->protocol
-                /*&cksumtype, cksum, &cksumlen*/);
+                &cksumtype, cksum, &cksumlen);
 #endif
   if (rc != SHISHI_OK)
     return rc;
@@ -1124,18 +1128,29 @@
          "Kerberos V login from %s on %s\n",
          ad->lusername, ad->hostname);
   
-  /* ADD CHECKSUM VERIFICATION CODE !!!!!!!!!!!!!! */
-  /*
-  snprintf (cksumdata, 100, "%u:%s%s", ntohs(port), ad->term + 5, 
ad->lusername);  
-  shishi_checksum (Shishi * handle,
-             Shishi_key * key,
-             int keyusage,
-             int cksumtype,
-             const char *in, size_t inlen, char **out, size_t * outlen)
-  */
+  /* verify checksum */
 
-  free (pwd);
+ if (getsockname (infd, (struct sockaddr *)&sock, &socklen) < 0)
+    {
+      syslog (LOG_ERR, "Can't get sock name");
+      fatal (infd, "Can't get sockname", 1);
+    }
 
+  snprintf (cksumdata, 100, "%u:%s%s", ntohs(sock.sin_port), ad->term + 5, 
ad->lusername);  
+  rc = shishi_checksum (ad->h, ad->enckey, 0, cksumtype, cksumdata,
+                       strlen (cksumdata), &compcksum, &compcksumlen);
+  if ((rc != SHISHI_OK) || (compcksumlen != cksumlen) || (memcmp (compcksum, 
cksum, cksumlen) != 0))
+    {
+      /* err_msg crash ? */
+      /* *err_msg = "checksum verify failed"; */
+      syslog (LOG_ERR, "checksum verify failed: %s", shishi_error (ad->h));
+      free (compcksum);
+      return 1;
+    }
+  
+  free (pwd);
+  free (compcksum);
+      
   return SHISHI_OK;
 }
 #endif
Index: inetutils/rsh/rsh.c
diff -u inetutils/rsh/rsh.c:1.6 inetutils/rsh/rsh.c:1.7
--- inetutils/rsh/rsh.c:1.6     Wed Sep 24 11:17:58 2003
+++ inetutils/rsh/rsh.c Wed Sep 24 17:30:35 2003
@@ -351,8 +351,6 @@
        if (*host == '\0')
          usage ();
       }
-    if (!user)
-      user = pw->pw_name;
   }
 
 #if defined(KERBEROS) || defined(SHISHI)
@@ -500,11 +498,15 @@
     }
   else
     {
+      if (!user)
+         user = pw->pw_name;
       if (doencrypt)
        errx (1, "the -x flag requires Kerberos authentication");
       rem = rcmd (&host, sp->s_port, pw->pw_name, user, args, &rfd2);
     }
 #else
+  if (!user)
+     user = pw->pw_name;
   rem = rcmd (&host, sp->s_port, pw->pw_name, user, args, &rfd2);
 #endif
 
Index: inetutils/rshd/rshd.c
diff -u inetutils/rshd/rshd.c:1.5 inetutils/rshd/rshd.c:1.6
--- inetutils/rshd/rshd.c:1.5   Wed Sep 24 11:17:58 2003
+++ inetutils/rshd/rshd.c       Wed Sep 24 17:30:35 2003
@@ -308,6 +308,8 @@
   int          pv1[2], pv2[2];
   fd_set               wready, writeto;
   int keytype, keylen;
+  int cksumtype, cksumlen = 30;
+  char cksum[30];
 #endif
 
   signal(SIGINT, SIG_DFL);
@@ -567,7 +569,8 @@
        int rc;
        char * err_msg = NULL;
 
-       rc = get_auth (STDIN_FILENO, &h, &enckey, &err_msg, &protocol);
+       rc = get_auth (STDIN_FILENO, &h, &enckey, &err_msg, &protocol,
+                      &cksumtype, cksum, &cksumlen);
        if (rc != SHISHI_OK)
        {
          error ("Kerberos authentication failure: %s\n", err_msg);
@@ -588,6 +591,11 @@
  {
    int error;
    int rc;
+   char * compcksum;
+   size_t compcksumlen;
+   char cksumdata[100];
+   struct sockaddr_in sock;
+   size_t socklen;    
 
 #ifdef ENCRYPTION
    if (strlen (cmdbuf) >= 3)
@@ -646,6 +654,30 @@
        //error ("Kerberos authentication failure: %s\n", err_msg);
        exit (1);
      }
+
+   /* verify checksum */
+   
+   /* Doesn't give socket port ? 
+   if (getsockname (STDIN_FILENO, (struct sockaddr *)&sock, &socklen) < 0)
+     {
+       syslog (LOG_ERR, "Can't get sock name");
+       exit (1);
+     }
+   */
+   snprintf (cksumdata, 100, "544:%s%s", /*ntohs(sock.sin_port),*/ cmdbuf, 
locuser);  
+   rc = shishi_checksum (h, enckey, 0, cksumtype, cksumdata,
+                        strlen (cksumdata), &compcksum, &compcksumlen);
+   if ((rc != SHISHI_OK) || (compcksumlen != cksumlen) || (memcmp (compcksum, 
cksum, cksumlen) != 0))
+     {
+       /* err_msg crash ? */
+       /* *err_msg = "checksum verify failed"; */
+       syslog (LOG_ERR, "checksum verify failed: %s", shishi_error (h));
+       free (compcksum);
+       exit (1);       
+     }
+
+   free (compcksum);
+
  }
 #endif
reply via email to
[Prev in Thread] Current Thread [Next in Thread]