[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
inetutils headers/shishi_def.h libinetutils/shi...
From: |
shishi-commit |
Subject: |
inetutils headers/shishi_def.h libinetutils/shi... |
Date: |
Mon, 29 Sep 2003 05:41:28 -0400 |
CVSROOT: /cvsroot/shishi
Module name: inetutils
Branch:
Changes by: Nicolas Pouvesle <address@hidden> 03/09/29 05:41:28
Modified files:
headers : shishi_def.h
libinetutils : shishi.c
rlogind : rlogind.c
rshd : rshd.c
Log message:
Add authorization check.
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/headers/shishi_def.h.diff?tr1=1.3&tr2=1.4&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/libinetutils/shishi.c.diff?tr1=1.7&tr2=1.8&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/rlogind/rlogind.c.diff?tr1=1.8&tr2=1.9&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/rshd/rshd.c.diff?tr1=1.6&tr2=1.7&r1=text&r2=text
Patches:
Index: inetutils/headers/shishi_def.h
diff -u inetutils/headers/shishi_def.h:1.3 inetutils/headers/shishi_def.h:1.4
--- inetutils/headers/shishi_def.h:1.3 Wed Sep 24 11:17:58 2003
+++ inetutils/headers/shishi_def.h Mon Sep 29 05:41:26 2003
@@ -19,7 +19,6 @@
#include <sys/socket.h>
#include <netinet/in.h>
-#define SHISHI_KEYUSAGE_KCMD_DES 1026
#define SERVICE "host"
#define BUFLEN 1040
@@ -44,6 +43,7 @@
int kerberos_version;
int verbose;
Shishi *h;
+ Shishi_ap * ap;
int protocol;
Shishi_key * enckey;
shishi_ivector iv1, iv2;
Index: inetutils/libinetutils/shishi.c
diff -u inetutils/libinetutils/shishi.c:1.7 inetutils/libinetutils/shishi.c:1.8
--- inetutils/libinetutils/shishi.c:1.7 Wed Sep 24 17:30:35 2003
+++ inetutils/libinetutils/shishi.c Mon Sep 29 05:41:27 2003
@@ -227,11 +227,10 @@
}
int
-get_auth (int infd, Shishi ** handle, Shishi_key ** enckey, const char **
err_msg, int * protoversion,
+get_auth (int infd, Shishi ** handle, Shishi_ap ** ap, Shishi_key ** enckey,
const char ** err_msg, int * protoversion,
int * cksumtype, char * cksum, int * cksumlen)
{
Shishi_key *key;
- Shishi_ap *ap;
char * out;
int outlen;
char * buf;
@@ -360,7 +359,7 @@
/* Create Authentication context */
- rc = shishi_ap_nosubkey (*handle, &ap);
+ rc = shishi_ap_nosubkey (*handle, ap);
if (rc != SHISHI_OK)
{
syslog (LOG_ERR, "Could not create AP: %s\n", shishi_strerror (rc));
@@ -369,7 +368,7 @@
/* Store request in context */
- shishi_ap_req_der_set (ap, buf, buflen);
+ shishi_ap_req_der_set (*ap, buf, buflen);
if (rc != SHISHI_OK)
{
syslog (LOG_ERR, "Could not parse AP-REQ: %s\n", shishi_strerror (rc));
@@ -380,7 +379,7 @@
/* Process authentication request */
- rc = shishi_ap_req_process (ap, key);
+ rc = shishi_ap_req_process (*ap, key);
if (rc != SHISHI_OK)
{
syslog (LOG_ERR, "Could not process AP-REQ: %s\n", shishi_strerror (rc));
@@ -393,13 +392,13 @@
if (*protoversion == 2)
{
*enckey = NULL;
- shishi_authenticator_get_subkey (*handle, shishi_ap_authenticator (ap),
enckey);
+ shishi_authenticator_get_subkey (*handle, shishi_ap_authenticator (*ap),
enckey);
}
#endif
/* Get authenticator checksum */
- rc = shishi_authenticator_cksum (*handle, shishi_ap_authenticator (ap),
cksumtype, cksum, cksumlen);
+ rc = shishi_authenticator_cksum (*handle, shishi_ap_authenticator (*ap),
cksumtype, cksum, cksumlen);
if (rc != SHISHI_OK)
{
syslog (LOG_ERR, "Could not get checksum authenticator from AP-REQ:
%s\n", shishi_strerror (rc));
@@ -413,9 +412,9 @@
/* Authenticate ourself to client, if request */
- if (shishi_apreq_mutual_required_p (*handle, shishi_ap_req(ap)))
+ if (shishi_apreq_mutual_required_p (*handle, shishi_ap_req (*ap)))
{
- rc = shishi_ap_rep_der (ap, &out, &outlen);
+ rc = shishi_ap_rep_der (*ap, &out, &outlen);
if (rc != SHISHI_OK)
{
syslog (LOG_ERR, "Error creating AP-REP: %s\n", shishi_strerror
(rc));
@@ -449,7 +448,7 @@
{
Shishi_tkt * tkt;
- tkt = shishi_ap_tkt (ap);
+ tkt = shishi_ap_tkt (*ap);
if (tkt == NULL)
{
syslog (LOG_ERR, "Could not get tkt from AP-REQ: %s\n",
shishi_strerror (rc));
@@ -457,7 +456,7 @@
}
rc = shishi_encticketpart_get_key (*handle,
- shishi_tkt_encticketpart (tkt), enckey);
+ shishi_tkt_encticketpart (tkt),
enckey);
if (rc != SHISHI_OK)
{
syslog (LOG_ERR, "Could not get key from Encticketpart: %s\n",
shishi_strerror (rc));
@@ -466,8 +465,6 @@
}
#endif
- shishi_ap_done (ap);
-
return SHISHI_OK;
}
Index: inetutils/rlogind/rlogind.c
diff -u inetutils/rlogind/rlogind.c:1.8 inetutils/rlogind/rlogind.c:1.9
--- inetutils/rlogind/rlogind.c:1.8 Thu Sep 25 07:31:28 2003
+++ inetutils/rlogind/rlogind.c Mon Sep 29 05:41:27 2003
@@ -1038,10 +1038,10 @@
size_t socklen;
#ifdef ENCRYPTION
- rc = get_auth (infd, &ad->h, &ad->enckey, err_msg, &ad->protocol,
+ rc = get_auth (infd, &ad->h, &ad->ap, &ad->enckey, err_msg, &ad->protocol,
&cksumtype, cksum, &cksumlen);
#else
- rc = get_auth (infd, &ad->h, NULL, err_msg, &ad->protocol,
+ rc = get_auth (infd, &ad->h, &ad->ap, NULL, err_msg, &ad->protocol,
&cksumtype, cksum, &cksumlen);
#endif
if (rc != SHISHI_OK)
@@ -1123,7 +1123,9 @@
ad->lusername, ad->hostname);
*/
-
+
+ free (pwd);
+
syslog (LOG_INFO | LOG_AUTH,
"Kerberos V login from %s on %s\n",
ad->lusername, ad->hostname);
@@ -1147,10 +1149,19 @@
free (compcksum);
return 1;
}
-
- free (pwd);
+
free (compcksum);
-
+
+ rc = shishi_authorized_p (ad->h, shishi_ap_tkt (ad->ap), ad->lusername);
+ if (!rc)
+ {
+ syslog (LOG_ERR, "User is not authorized to log in as: %s",
ad->lusername);
+ shishi_ap_done (ad->ap);
+ return 1;
+ }
+
+ shishi_ap_done (ad->ap);
+
return SHISHI_OK;
}
#endif
Index: inetutils/rshd/rshd.c
diff -u inetutils/rshd/rshd.c:1.6 inetutils/rshd/rshd.c:1.7
--- inetutils/rshd/rshd.c:1.6 Wed Sep 24 17:30:35 2003
+++ inetutils/rshd/rshd.c Mon Sep 29 05:41:28 2003
@@ -122,6 +122,7 @@
# include <shishi.h>
# include "shishi_def.h"
Shishi * h;
+Shishi_ap * ap;
Shishi_key * enckey;
shishi_ivector iv1, iv2, iv3, iv4;
shishi_ivector *ivtab[4];
@@ -569,7 +570,7 @@
int rc;
char * err_msg = NULL;
- rc = get_auth (STDIN_FILENO, &h, &enckey, &err_msg, &protocol,
+ rc = get_auth (STDIN_FILENO, &h, &ap, &enckey, &err_msg, &protocol,
&cksumtype, cksum, &cksumlen);
if (rc != SHISHI_OK)
{
@@ -577,11 +578,10 @@
free (err_msg);
exit (1);
}
-
}
else
#endif
- remuser = getstr ("remuser");
+ remuser = getstr ("remuser");
/* Read three strings from the client. */
locuser = getstr ("locuser");
@@ -647,6 +647,7 @@
}
#endif
+
remuser = getstr ("remuser");
rc = read (STDIN_FILENO, &error, sizeof (int));
if ((rc != sizeof (int)) && rc)
@@ -676,7 +677,17 @@
exit (1);
}
+ rc = shishi_authorized_p (h, shishi_ap_tkt (ap), locuser);
+ if (!rc)
+ {
+ syslog (LOG_ERR, "User is not authorized to log in as: %s", locuser);
+ shishi_ap_done (ap);
+ exit (1);
+ }
+
free (compcksum);
+
+ shishi_ap_done (ap);
}
#endif