shishi-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

inetutils headers/shishi_def.h libinetutils/shi...

From: shishi-commit
Subject: inetutils headers/shishi_def.h libinetutils/shi...
Date: Mon, 29 Sep 2003 05:41:28 -0400 
CVSROOT:        /cvsroot/shishi
Module name:    inetutils
Branch:         
Changes by:     Nicolas Pouvesle <address@hidden>       03/09/29 05:41:28

Modified files:
        headers        : shishi_def.h 
        libinetutils   : shishi.c 
        rlogind        : rlogind.c 
        rshd           : rshd.c 

Log message:
        Add authorization check.

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/headers/shishi_def.h.diff?tr1=1.3&tr2=1.4&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/libinetutils/shishi.c.diff?tr1=1.7&tr2=1.8&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/rlogind/rlogind.c.diff?tr1=1.8&tr2=1.9&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/inetutils/rshd/rshd.c.diff?tr1=1.6&tr2=1.7&r1=text&r2=text

Patches:
Index: inetutils/headers/shishi_def.h
diff -u inetutils/headers/shishi_def.h:1.3 inetutils/headers/shishi_def.h:1.4
--- inetutils/headers/shishi_def.h:1.3  Wed Sep 24 11:17:58 2003
+++ inetutils/headers/shishi_def.h      Mon Sep 29 05:41:26 2003
@@ -19,7 +19,6 @@
 #include <sys/socket.h>
 #include <netinet/in.h>
 
-#define SHISHI_KEYUSAGE_KCMD_DES 1026
 #define SERVICE "host"
 #define BUFLEN 1040
 
@@ -44,6 +43,7 @@
   int kerberos_version;
   int verbose;
   Shishi *h;
+  Shishi_ap * ap;
   int protocol;
   Shishi_key * enckey;
   shishi_ivector iv1, iv2;
Index: inetutils/libinetutils/shishi.c
diff -u inetutils/libinetutils/shishi.c:1.7 inetutils/libinetutils/shishi.c:1.8
--- inetutils/libinetutils/shishi.c:1.7 Wed Sep 24 17:30:35 2003
+++ inetutils/libinetutils/shishi.c     Mon Sep 29 05:41:27 2003
@@ -227,11 +227,10 @@
 }
 
 int
-get_auth (int infd, Shishi ** handle, Shishi_key ** enckey, const char ** 
err_msg, int * protoversion,
+get_auth (int infd, Shishi ** handle, Shishi_ap ** ap, Shishi_key ** enckey, 
const char ** err_msg, int * protoversion,
          int * cksumtype, char * cksum, int * cksumlen)
 {
   Shishi_key *key;
-  Shishi_ap *ap;
   char * out;
   int outlen;
   char * buf;
@@ -360,7 +359,7 @@
   
   /* Create Authentication context */
 
-  rc = shishi_ap_nosubkey (*handle, &ap);
+  rc = shishi_ap_nosubkey (*handle, ap);
   if (rc != SHISHI_OK)
     {
       syslog (LOG_ERR, "Could not create AP: %s\n", shishi_strerror (rc));
@@ -369,7 +368,7 @@
 
   /* Store request in context */
 
-  shishi_ap_req_der_set (ap, buf, buflen);
+  shishi_ap_req_der_set (*ap, buf, buflen);
   if (rc != SHISHI_OK)
     {
       syslog (LOG_ERR, "Could not parse AP-REQ: %s\n", shishi_strerror (rc));
@@ -380,7 +379,7 @@
 
   /* Process authentication request */
 
-  rc = shishi_ap_req_process (ap, key);
+  rc = shishi_ap_req_process (*ap, key);
   if (rc != SHISHI_OK)
     {
       syslog (LOG_ERR, "Could not process AP-REQ: %s\n", shishi_strerror (rc));
@@ -393,13 +392,13 @@
   if (*protoversion == 2)
     {
       *enckey = NULL;
-      shishi_authenticator_get_subkey (*handle, shishi_ap_authenticator (ap), 
enckey);
+      shishi_authenticator_get_subkey (*handle, shishi_ap_authenticator (*ap), 
enckey);
     }
   
 #endif
 
   /* Get authenticator checksum */
-  rc = shishi_authenticator_cksum (*handle, shishi_ap_authenticator (ap), 
cksumtype, cksum, cksumlen);
+  rc = shishi_authenticator_cksum (*handle, shishi_ap_authenticator (*ap), 
cksumtype, cksum, cksumlen);
   if (rc != SHISHI_OK)
     {
       syslog (LOG_ERR, "Could not get checksum authenticator from AP-REQ: 
%s\n", shishi_strerror (rc));
@@ -413,9 +412,9 @@
 
   /* Authenticate ourself to client, if request */
 
-  if (shishi_apreq_mutual_required_p (*handle, shishi_ap_req(ap)))
+  if (shishi_apreq_mutual_required_p (*handle, shishi_ap_req (*ap)))
     {
-      rc = shishi_ap_rep_der (ap, &out, &outlen);
+      rc = shishi_ap_rep_der (*ap, &out, &outlen);
       if (rc != SHISHI_OK)
         {
           syslog (LOG_ERR, "Error creating AP-REP: %s\n", shishi_strerror 
(rc));
@@ -449,7 +448,7 @@
     {
       Shishi_tkt * tkt;
       
-      tkt = shishi_ap_tkt (ap);
+      tkt = shishi_ap_tkt (*ap);
       if (tkt == NULL)
        {
          syslog (LOG_ERR, "Could not get tkt from AP-REQ: %s\n", 
shishi_strerror (rc));
@@ -457,7 +456,7 @@
        }
 
       rc = shishi_encticketpart_get_key (*handle, 
-                                   shishi_tkt_encticketpart (tkt), enckey);
+                                        shishi_tkt_encticketpart (tkt), 
enckey);
       if (rc != SHISHI_OK)
        {
          syslog (LOG_ERR, "Could not get key from Encticketpart: %s\n", 
shishi_strerror (rc));
@@ -466,8 +465,6 @@
     }
 #endif
 
-  shishi_ap_done (ap);
-  
   return SHISHI_OK;
 }
 
Index: inetutils/rlogind/rlogind.c
diff -u inetutils/rlogind/rlogind.c:1.8 inetutils/rlogind/rlogind.c:1.9
--- inetutils/rlogind/rlogind.c:1.8     Thu Sep 25 07:31:28 2003
+++ inetutils/rlogind/rlogind.c Mon Sep 29 05:41:27 2003
@@ -1038,10 +1038,10 @@
   size_t socklen;    
   
 #ifdef ENCRYPTION  
-  rc = get_auth (infd, &ad->h, &ad->enckey, err_msg, &ad->protocol,
+  rc = get_auth (infd, &ad->h, &ad->ap, &ad->enckey, err_msg, &ad->protocol,
                 &cksumtype, cksum, &cksumlen);
 #else
-  rc = get_auth (infd, &ad->h, NULL, err_msg, &ad->protocol,
+  rc = get_auth (infd, &ad->h, &ad->ap, NULL, err_msg, &ad->protocol,
                 &cksumtype, cksum, &cksumlen);
 #endif
   if (rc != SHISHI_OK)
@@ -1123,7 +1123,9 @@
          ad->lusername, ad->hostname);
   
   */
-
+  
+  free (pwd);
+  
   syslog (LOG_INFO | LOG_AUTH,
          "Kerberos V login from %s on %s\n",
          ad->lusername, ad->hostname);
@@ -1147,10 +1149,19 @@
       free (compcksum);
       return 1;
     }
-  
-  free (pwd);
+
   free (compcksum);
-      
+
+  rc = shishi_authorized_p (ad->h, shishi_ap_tkt (ad->ap), ad->lusername);
+  if (!rc)
+    {
+      syslog (LOG_ERR, "User is not authorized to log in as: %s", 
ad->lusername);
+      shishi_ap_done (ad->ap);
+      return 1;
+    }
+
+  shishi_ap_done (ad->ap);
+
   return SHISHI_OK;
 }
 #endif
Index: inetutils/rshd/rshd.c
diff -u inetutils/rshd/rshd.c:1.6 inetutils/rshd/rshd.c:1.7
--- inetutils/rshd/rshd.c:1.6   Wed Sep 24 17:30:35 2003
+++ inetutils/rshd/rshd.c       Mon Sep 29 05:41:28 2003
@@ -122,6 +122,7 @@
 # include <shishi.h>
 # include "shishi_def.h"
 Shishi * h;
+Shishi_ap * ap;
 Shishi_key * enckey;
 shishi_ivector iv1, iv2, iv3, iv4;
 shishi_ivector *ivtab[4];
@@ -569,7 +570,7 @@
        int rc;
        char * err_msg = NULL;
 
-       rc = get_auth (STDIN_FILENO, &h, &enckey, &err_msg, &protocol,
+       rc = get_auth (STDIN_FILENO, &h, &ap, &enckey, &err_msg, &protocol,
                       &cksumtype, cksum, &cksumlen);
        if (rc != SHISHI_OK)
        {
@@ -577,11 +578,10 @@
          free (err_msg);
          exit (1);
        }
-
       }
   else
 #endif
-    remuser = getstr ("remuser");
+      remuser = getstr ("remuser");
 
   /* Read three strings from the client. */
   locuser = getstr ("locuser");
@@ -647,6 +647,7 @@
 
        }
 #endif
+
    remuser = getstr ("remuser");
    rc = read (STDIN_FILENO, &error, sizeof (int));
    if ((rc != sizeof (int)) && rc)
@@ -676,7 +677,17 @@
        exit (1);       
      }
 
+   rc = shishi_authorized_p (h, shishi_ap_tkt (ap), locuser);
+   if (!rc)
+     {
+       syslog (LOG_ERR, "User is not authorized to log in as: %s", locuser);
+       shishi_ap_done (ap);
+       exit (1);
+     }
+
    free (compcksum);
+
+   shishi_ap_done (ap);
 
  }
 #endif
reply via email to
[Prev in Thread] Current Thread [Next in Thread]