jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-18 06:50:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Use rfc3961 library to decrypt kerberos 5 tickets

Browse Source 
Decrypt tickets with non-des enctypes by calling out to the rfc3961 library.
This requires the security object to be given an enhanced get_key callback
that supports looking up keys by enctype.
Include a wrapper around afsconf_GetKeyByTypes so rxkad doesn't have
to know anything about libauth internals/interfaces

Change-Id: Id2b085fb41e2ed3576ec66b2914c03e78c0077ec
This commit is contained in:
Chaskiel Grundman 2013-04-06 13:42:23 -04:00 committed by Simon Wilkinson
parent 94635f7271
commit ea4812f03d
52 changed files with 224 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.in
View File

@ -216,7 +216,7 @@ afs: config export comerr afs_depinstall
sys: cmd comerr afs hcrypto rx rxstat fsint sys_depinstall
+${COMPILE_PART1} sys ${COMPILE_PART2}
rxkad: cmd comerr hcrypto rx rxkad_depinstall
rxkad: cmd comerr hcrypto rfc3961 rx rxkad_depinstall
+${COMPILE_PART1} rxkad ${COMPILE_PART2}
auth: cmd comerr hcrypto lwp rx rxkad audit sys auth_depinstall

4
src/WINNT/afsd/NTMakefile
View File

@ -335,6 +335,7 @@ LOGON_DLLLIBS =\
$(DESTDIR)\lib\afs\afsutil.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrpc.lib \
$(LANAHELPERLIB) \
$(AFSKFWLIB)
@ -421,7 +422,8 @@ EXELIBS = \
$(DESTDIR)\lib\libafsconf.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afshcrypto.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrfc3961.lib
EXELIBS2 = \
$(DESTDIR)\lib\afsrpc.lib \

3
src/WINNT/afssvrmgr/NTMakefile
View File

@ -103,7 +103,8 @@ EXELIBS = \
$(DESTDIR)\lib\afs\TaAfsAppLib.lib \
$(DESTDIR)\lib\afs\afsutil.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrpc.lib
############################################################################

3
src/WINNT/aklog/NTMakefile
View File

@ -38,7 +38,8 @@ EXELIBS = \
$(DESTDIR)\lib\afsrpc.lib \
$(DESTDIR)\lib\afsauthent.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrpc.lib
OTHERLIBS = dnsapi.lib mpr.lib

3
src/WINNT/client_creds/NTMakefile
View File

@ -73,7 +73,8 @@ EXELIBS = \
$(DESTDIR)\lib\afs\afscom_err.lib \
$(DESTDIR)\lib\afs\afsutil.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrpc.lib
############################################################################
#

1
src/WINNT/netidmgr_plugin/NTMakefile
View File

@ -94,6 +94,7 @@ OBJFILES= \
LIBFILES= \
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrpc.lib \
$(DESTDIR)\lib\afsauthent.lib \
$(DESTDIR)\lib\libafsconf.lib \
$(DESTDIR)\lib\afs\mtafsutil.lib\

1
src/auth/Makefile.in
View File

@ -29,6 +29,7 @@ LT_libs= $(LDFLAGS_roken) $(LIB_roken)
LIBS=libauth.a \
${TOP_LIBDIR}/librxkad.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/librx.a \
${TOP_LIBDIR}/libsys.a \
${TOP_LIBDIR}/liblwp.a \

3
src/auth/NTMakefile
View File

@ -99,7 +99,8 @@ EXELIBS =\
$(EXELIBDIR)\libafsconf.lib \
$(EXELIBDIR)\opr.lib \
$(EXELIBDIR)\afshcrypto.lib \
$(EXELIBDIR)\afsroken.lib
$(EXELIBDIR)\afsroken.lib \
$(EXELIBDIR)\afsrfc3961.lib
$(SETKEY_EXEFILE): $(SETKEY_EXEOBJS) $(EXELIBS)
$(EXECONLINK) dnsapi.lib shell32.lib

40
src/auth/authcon.c
View File

@ -42,6 +42,31 @@ QuickAuth(struct rx_securityClass **astr, afs_int32 *aindex)
}
#if !defined(UKERNEL)
static int _afsconf_GetRxkadKrb5Key(void *arock, int kvno, int enctype, void *outkey,
size_t *keylen)
{
struct afsconf_dir *adir = arock;
struct afsconf_typedKey *kobj;
struct rx_opaque *keymat;
afsconf_keyType tktype;
int tkvno, tenctype;
int code;
code = afsconf_GetKeyByTypes(adir, afsconf_rxkad_krb5, kvno, enctype, &kobj);
if (code != 0)
return code;
afsconf_typedKey_values(kobj, &tktype, &tkvno, &tenctype, &keymat);
if (*keylen < keymat->len) {
afsconf_typedKey_put(&kobj);
return AFSCONF_BADKEY;
}
memcpy(outkey, keymat->val, keymat->len);
*keylen = keymat->len;
afsconf_typedKey_put(&kobj);
return 0;
}
/* Return an appropriate security class and index */
afs_int32
afsconf_ServerAuth(void *arock,
@ -53,7 +78,8 @@ afsconf_ServerAuth(void *arock,
LOCK_GLOBAL_MUTEX;
tclass = (struct rx_securityClass *)
rxkad_NewServerSecurityObject(0, adir, afsconf_GetKey, NULL);
rxkad_NewKrb5ServerSecurityObject(0, adir, afsconf_GetKey,
_afsconf_GetRxkadKrb5Key, NULL);
if (tclass) {
*astr = tclass;
*aindex = RX_SECIDX_KAD;
@ -254,12 +280,16 @@ afsconf_BuildServerSecurityObjects(void *rock,
(*classes)[0] = rxnull_NewServerSecurityObject();
(*classes)[1] = NULL;
(*classes)[2] = rxkad_NewServerSecurityObject(0, dir,
afsconf_GetKey, NULL);
(*classes)[2] = rxkad_NewKrb5ServerSecurityObject(0, dir,
afsconf_GetKey,
_afsconf_GetRxkadKrb5Key,
NULL);
if (dir->securityFlags & AFSCONF_SECOPTS_ALWAYSENCRYPT)
(*classes)[3] = rxkad_NewServerSecurityObject(rxkad_crypt, dir,
afsconf_GetKey, NULL);
(*classes)[3] = rxkad_NewKrb5ServerSecurityObject(rxkad_crypt, dir,
afsconf_GetKey,
_afsconf_GetRxkadKrb5Key,
NULL);
}
#endif

3
src/auth/cellconfig.p.h
View File

@ -150,7 +150,8 @@ struct afsconf_typedKeyList {
typedef enum {
afsconf_rxkad = 0,
afsconf_rxgk =1
afsconf_rxgk =1,
afsconf_rxkad_krb5 =2
} afsconf_keyType;
extern struct afsconf_typedKey *

1
src/bozo/Makefile.in
View File

@ -39,6 +39,7 @@ LIBS= ${TOP_LIBDIR}/librx.a \
${TOP_LIBDIR}/libopr.a \
${TOP_LIBDIR}/libsys.a \
${TOP_LIBDIR}/libprocmgmt.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a
OBJS=bosserver.o bnode.o ezbnodeops.o fsbnodeops.o bosint.ss.o bosint.xdr.o \

6
src/bozo/NTMakefile
View File

@ -70,7 +70,8 @@ BOSSERVER_EXELIBS =\
$(DESTDIR)\lib\afs\afspioctl.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afshcrypto.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrfc3961.lib
$(BOSSERVER_EXEFILE): $(BOSSERVER_EXEOBJS) $(BOSSERVER_EXELIBS)
$(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib
@ -109,7 +110,8 @@ BOS_EXELIBS =\
$(DESTDIR)\lib\libafsconf.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afshcrypto.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrfc3961.lib
$(RS_BOS_EXEFILE): $(BOS_EXEOBJS) $(BOS_EXELIBS)
$(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib

1
src/bucoord/Makefile.in
View File

@ -21,6 +21,7 @@ LIBS=${TOP_LIBDIR}/libbudb.a ${TOP_LIBDIR}/libbubasics.a \
${TOP_LIBDIR}/libafscom_err.a \
${TOP_LIBDIR}/util.a \
$(TOP_LIBDIR)/libopr.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a
all: ${TOP_LIBDIR}/libbxdb.a ${TOP_INCDIR}/afs/bucoord_prototypes.h ${TOP_INCDIR}/afs/bc.h backup

3
src/bucoord/NTMakefile
View File

@ -93,7 +93,8 @@ EXELIBS =\
$(DESTDIR)\lib\libafsconf.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afshcrypto.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrfc3961.lib
$(EXEFILE): $(EXEOBJS) $(EXERES) $(EXELIBS)

1
src/budb/Makefile.in
View File

@ -42,6 +42,7 @@ LIBS=${TOP_LIBDIR}/libbubasics.a \
${TOP_LIBDIR}/libafscom_err.a \
${TOP_LIBDIR}/util.a \
${TOP_LIBDIR}/libopr.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a
COMMON_OBJS = database.o db_alloc.o db_dump.o db_hash.o struct_ops.o ol_verify.o

3
src/budb/NTMakefile
View File

@ -81,7 +81,8 @@ EXELIBS =\
$(DESTDIR)\lib\afs\afspioctl.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afshcrypto.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrfc3961.lib
$(EXEFILE): $(EXEOBJS) $(EXELIBS)
$(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib

1
src/butc/Makefile.in
View File

@ -41,6 +41,7 @@ LIBS=${TOP_LIBDIR}/libbudb.a \
${TOP_LIBDIR}/liblwp.a \
${TOP_LIBDIR}/libcmd.a \
${TOP_LIBDIR}/libafscom_err.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a \
${TOP_LIBDIR}/libusd.a \
${TOP_LIBDIR}/util.a \

3
src/butc/NTMakefile
View File

@ -55,7 +55,8 @@ EXELIBS =\
$(DESTDIR)\lib\libafsconf.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afshcrypto.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrfc3961.lib
$(EXERES): butc.rc AFS_component_version_number.h

1
src/finale/Makefile.in
View File

@ -40,6 +40,7 @@ LIBS=${TOP_LIBDIR}/libubik.a \
${TOP_LIBDIR}/libkauth.a \
${TOP_LIBDIR}/libprot.a \
${TOP_LIBDIR}/libopr.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${XLIBS}
all: translate_et

1
src/fsprobe/Makefile.in
View File

@ -26,6 +26,7 @@ LIBS=${TOP_LIBDIR}/libvolser.a ${TOP_LIBDIR}/vlib.a ${TOP_LIBDIR}/libacl.a \
${TOP_LIBDIR}/liblwp.a \
${TOP_LIBDIR}/libsys.a \
${TOP_LIBDIR}/util.a ${TOP_LIBDIR}/libopr.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a
all: ${TOP_INCDIR}/afs/fsprobe.h ${TOP_LIBDIR}/libfsprobe.a fsprobe_test

1
src/gtx/Makefile.in
View File

@ -36,6 +36,7 @@ LIBS=\
${TOP_LIBDIR}/libkauth.a \
${TOP_LIBDIR}/libauth.a \
${TOP_LIBDIR}/librxkad.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafscom_err.a \
${TOP_LIBDIR}/libopr.a \
${TOP_LIBDIR}/util.a

2
src/kauth/Makefile.in
View File

@ -51,6 +51,7 @@ LIBS=${TOP_LIBDIR}/libubik.a \
${TOP_LIBDIR}/libafsutil.a \
${TOP_LIBDIR}/libopr.a \
$(DBM) \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a
KLIBS=${TOP_LIBDIR}/libubik.a \
@ -65,6 +66,7 @@ KLIBS=${TOP_LIBDIR}/libubik.a \
${TOP_LIBDIR}/libafscom_err.a \
${TOP_LIBDIR}/libafsutil.a \
${TOP_LIBDIR}/libopr.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a
all: liboafs_kauth.la libauthent_kauth.la \

3
src/kauth/NTMakefile
View File

@ -95,7 +95,8 @@ AFSLIBS = \
$(DESTDIR)\lib\libafsconf.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afshcrypto.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrfc3961.lib
TOKENLIB = $(DESTDIR)\lib\afs\afspioctl.lib

3
src/kauth/test/NTMakefile
View File

@ -18,7 +18,8 @@ EXELIBS = \
$(DESTDIR)\afs\afsprot.lib \
$(DESTDIR)\afsrx.lib \
$(DESTDIR)\afs\afscom_err.lib \
$(DESTDIR)\afs\afskauth.lib
$(DESTDIR)\afs\afskauth.lib \
$(DESTDIR)\lib\afsrfc3961.lib
$(OUT)\multiklog.exe: $(OUT)\multiklog.obj

1
src/libafsrpc/Makefile.in
View File

@ -13,6 +13,7 @@ LT_objs = \
$(top_builddir)/src/fsint/libafsrpc_fsint.la \
$(top_builddir)/src/rx/libafsrpc_rx.la \
$(top_builddir)/src/rxkad/libafsrpc_rxkad.la \
$(top_builddir)/src/crypto/rfc3961/libafsrpc_rfc3961.la \
$(top_builddir)/src/comerr/libafsrpc_comerr.la \
$(top_builddir)/src/util/libafsrpc_util.la \
$(top_builddir)/src/rxstat/libafsrpc_rxstat.la \

1
src/libafsrpc/afsrpc.def
View File

@ -340,6 +340,7 @@ EXPORTS
initialize_RXK_error_table @345
rx_GetNetworkError @346
afs_set_com_err_hook @347
rxkad_NewKrb5ServerSecurityObject @348
; for performance testing
rx_TSFPQGlobSize @2001 DATA

1
src/libafsrpc/libafsrpc.la.sym
View File

@ -153,6 +153,7 @@ rxi_RoundUpPacket
rxi_SetCallNumberVector
rxkad_GetServerInfo
rxkad_NewClientSecurityObject
rxkad_NewKrb5ServerSecurityObject
rxkad_NewServerSecurityObject
rxkad_global_stats
rxkad_global_stats_lock

2
src/log/Makefile.in
View File

@ -22,6 +22,7 @@ LIBRARIES=${TOP_LIBDIR}/libauth.a \
${TOP_LIBDIR}/libsys.a \
${TOP_LIBDIR}/liblwp.a ${TOP_LIBDIR}/libcmd.a \
${TOP_LIBDIR}/util.a ${TOP_LIBDIR}/libopr.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a
KLIBRARIES=${TOP_LIBDIR}/libauth.krb.a \
@ -30,6 +31,7 @@ KLIBRARIES=${TOP_LIBDIR}/libauth.krb.a \
${TOP_LIBDIR}/libsys.a \
${TOP_LIBDIR}/liblwp.a ${TOP_LIBDIR}/libcmd.a \
${TOP_LIBDIR}/util.a ${TOP_LIBDIR}/libopr.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a
#

1
src/ptserver/Makefile.in
View File

@ -41,6 +41,7 @@ LIBS= ${TOP_LIBDIR}/libubik.a \
${TOP_LIBDIR}/libaudit.a \
${TOP_LIBDIR}/libafsutil.a \
${TOP_LIBDIR}/libopr.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a
LT_objs = ptuser.lo pterror.lo ptint.cs.lo ptint.xdr.lo display.lo

6
src/ptserver/NTMakefile
View File

@ -73,7 +73,8 @@ PTSERVER_EXELIBS =\
$(DESTDIR)\lib\afs\afspioctl.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afshcrypto.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrfc3961.lib
!IF (("$(SYS_NAME)"!="i386_win95" ) && ("$(SYS_NAME)"!="I386_WIN95" ))
PTSERVER_EXELIBS =$(PTSERVER_EXELIBS) $(DESTDIR)\lib\afs\afsprocmgmt.lib
@ -126,7 +127,8 @@ PTS_EXELIBS =\
$(DESTDIR)\lib\libafsconf.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afshcrypto.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrfc3961.lib
$(PTS): $(PTS_EXEOBJS) $(PTS_EXELIBS)
$(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib

3
src/rxkad/Makefile.in
View File

@ -23,7 +23,8 @@ LT_objs=rxkad_client.lo rxkad_server.lo rxkad_common.lo rxkad_errs.lo \
LT_deps=$(top_builddir)/src/comerr/liboafs_comerr.la \
$(top_builddir)/src/rx/liboafs_rx.la \
$(top_builddir)/src/opr/liboafs_opr.la
$(top_builddir)/src/opr/liboafs_opr.la \
$(top_builddir)/src/crypto/rfc3961/liboafs_rfc3961.la
LT_libs=$(LDFLAGS_hcrypto) $(LIB_hcrypto)

1
src/rxkad/liboafs_rxkad.la.sym
View File

@ -2,6 +2,7 @@ initialize_RXK_error_table
life_to_time
rxkad_GetServerInfo
rxkad_NewClientSecurityObject
rxkad_NewKrb5ServerSecurityObject
rxkad_NewServerSecurityObject
time_to_life
tkt_CheckTimes

1
src/rxkad/private_data.h
View File

@ -78,6 +78,7 @@ struct rxkad_sprivate {
int (*get_key) (void *, int,
struct ktc_encryptionKey *);
/* func. of kvno and server key ptr */
rxkad_get_key_enctype_func get_key_enctype;
int (*user_ok) (char *, char *,
char *, afs_int32);
/* func called with new client name */

4
src/rxkad/rxkad.p.h
View File

@ -91,6 +91,10 @@ typedef signed char rxkad_level;
extern int rxkad_EpochWasSet; /* TRUE => we called rx_SetEpoch */
/* Get key by enctype. Takes a rock (path to conf dir), kvno and enctype as
* input and returns the key and key length. On input, the keylength parameter
* must be set to the length of storage allocated by the caller. */
typedef int (*rxkad_get_key_enctype_func) (void *, int, int, void *, size_t *);
#include <rx/rxkad_prototypes.h>

7
src/rxkad/rxkad_prototypes.h
View File

@ -106,6 +106,12 @@ extern struct rx_securityClass *rxkad_NewServerSecurityObject(rxkad_level
char *cell,
afs_int32
kvno));
extern struct rx_securityClass *rxkad_NewKrb5ServerSecurityObject
(rxkad_level level, void *get_key_rock,
int (*get_key) (void *get_key_rock, int kvno,
struct ktc_encryptionKey *serverKey),
rxkad_get_key_enctype_func get_key_enctype,
int (*user_ok) (char *name, char *instance, char *cell, afs_int32 kvno));
extern int rxkad_CheckAuthentication(struct rx_securityClass *aobj,
struct rx_connection *aconn);
extern int rxkad_CreateChallenge(struct rx_securityClass *aobj,
@ -151,6 +157,7 @@ extern afs_uint32 _rxkad_crc_update(const char *p, size_t len, afs_uint32 res);
extern int tkt_DecodeTicket5(char *ticket, afs_int32 ticket_len,
int (*get_key) (void *, int,
struct ktc_encryptionKey *),
rxkad_get_key_enctype_func get_key2,
char *get_key_rock, int serv_kvno, char *name,
char *inst, char *cell, struct ktc_encryptionKey *session_key,
afs_int32 * host, afs_uint32 * start,

22
src/rxkad/rxkad_server.c
View File

@ -165,6 +165,23 @@ rxkad_NewServerSecurityObject(rxkad_level level, void *get_key_rock,
return tsc;
}
struct rx_securityClass *
rxkad_NewKrb5ServerSecurityObject(rxkad_level level, void *get_key_rock,
int (*get_key) (void *get_key_rock, int kvno,
struct ktc_encryptionKey *
serverKey),
rxkad_get_key_enctype_func get_key_enctype,
int (*user_ok) (char *name, char *instance,
char *cell, afs_int32 kvno)
) {
struct rx_securityClass *tsc;
struct rxkad_sprivate *tsp;
tsc = rxkad_NewServerSecurityObject(level, get_key_rock, get_key, user_ok);
tsp = (struct rxkad_sprivate *)tsc->privateData;
tsp->get_key_enctype = get_key_enctype;
return tsc;
}
/* server: called to tell if a connection authenticated properly */
int
@ -325,8 +342,9 @@ rxkad_CheckResponse(struct rx_securityClass *aobj,
if (code == -1 && ((kvno == RXKAD_TKT_TYPE_KERBEROS_V5)
|| (kvno == RXKAD_TKT_TYPE_KERBEROS_V5_ENCPART_ONLY))) {
code =
tkt_DecodeTicket5(tix, tlen, tsp->get_key, tsp->get_key_rock,
kvno, client.name, client.instance, client.cell,
tkt_DecodeTicket5(tix, tlen, tsp->get_key, tsp->get_key_enctype,
tsp->get_key_rock, kvno, client.name,
client.instance, client.cell,
&sessionkey, &host, &start, &end,
tsp->flags & RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
if (code)

98
src/rxkad/ticket5.c
View File

@ -81,6 +81,10 @@
#include "v5der.c"
#include "v5gen.c"
#define RFC3961_NO_ENUMS
#define RFC3961_NO_CKSUM
#include <afs/rfc3961.h>
/*
* Principal conversion Taken from src/lib/krb5/krb/conv_princ from MIT Kerberos. If you
* find a need to change the services here, please consider opening a
@ -176,12 +180,19 @@ static int
int
tkt_DecodeTicket5(char *ticket, afs_int32 ticket_len,
int (*get_key) (void *, int, struct ktc_encryptionKey *),
rxkad_get_key_enctype_func get_key_enctype,
char *get_key_rock, int serv_kvno, char *name, char *inst,
char *cell, struct ktc_encryptionKey *session_key, afs_int32 * host,
afs_uint32 * start, afs_uint32 * end, afs_int32 disableCheckdot)
{
char plain[MAXKRB5TICKETLEN];
struct ktc_encryptionKey serv_key;
void *keybuf;
size_t keysize, allocsiz;
krb5_context context;
krb5_keyblock k;
krb5_crypto cr;
krb5_data plaindata;
Ticket t5; /* Must free */
EncTicketPart decr_part; /* Must free */
int code;
@ -224,25 +235,82 @@ tkt_DecodeTicket5(char *ticket, afs_int32 ticket_len,
case ETYPE_DES_CBC_CRC:
case ETYPE_DES_CBC_MD4:
case ETYPE_DES_CBC_MD5:
/* check ticket */
if (t5.enc_part.cipher.length > sizeof(plain)
|| t5.enc_part.cipher.length % 8 != 0)
goto bad_ticket;
code = (*get_key) (get_key_rock, v5_serv_kvno, &serv_key);
if (code)
goto unknown_key;
/* Decrypt data here, save in plain, assume it will shrink */
code =
krb5_des_decrypt(&serv_key, t5.enc_part.etype,
t5.enc_part.cipher.data, t5.enc_part.cipher.length,
plain, &plainsiz);
break;
default:
goto unknown_key;
if (get_key_enctype == NULL)
goto unknown_key;
code = krb5_init_context(&context);
if (code != 0)
goto unknown_key;
code = krb5_enctype_valid(context, t5.enc_part.etype);
if (code != 0) {
krb5_free_context(context);
goto unknown_key;
}
code = krb5_enctype_keybits(context, t5.enc_part.etype, &keysize);
if (code != 0) {
krb5_free_context(context);
goto unknown_key;
}
keysize = keysize / 8;
allocsiz = keysize;
keybuf = rxi_Alloc(allocsiz);
/* this is not quite a hole for afsconf_GetKeyByTypes. A wrapper
that calls afsconf_GetKeyByTypes and afsconf_typedKey_values
is needed */
code = get_key_enctype(get_key_rock, v5_serv_kvno, t5.enc_part.etype,
keybuf, &keysize);
if (code) {
rxi_Free(keybuf, allocsiz);
krb5_free_context(context);
goto unknown_key;
}
code = krb5_keyblock_init(context, t5.enc_part.etype,
keybuf, keysize, &k);
rxi_Free(keybuf, allocsiz);
if (code != 0) {
krb5_free_context(context);
goto unknown_key;
}
code = krb5_crypto_init(context, &k, t5.enc_part.etype, &cr);
krb5_free_keyblock_contents(context, &k);
if (code != 0) {
krb5_free_context(context);
goto unknown_key;
}
#ifndef KRB5_KU_TICKET
#define KRB5_KU_TICKET 2
#endif
code = krb5_decrypt(context, cr, KRB5_KU_TICKET, t5.enc_part.cipher.data,
t5.enc_part.cipher.length, &plaindata);
krb5_crypto_destroy(context, cr);
if (code == 0) {
if (plaindata.length > MAXKRB5TICKETLEN) {
krb5_data_free(&plaindata);
krb5_free_context(context);
goto bad_ticket;
}
memcpy(plain, plaindata.data, plaindata.length);
plainsiz = plaindata.length;
krb5_data_free(&plaindata);
}
krb5_free_context(context);
}
/* check ticket */
if (t5.enc_part.cipher.length > sizeof(plain)
|| t5.enc_part.cipher.length % 8 != 0)
goto bad_ticket;
code = (*get_key) (get_key_rock, v5_serv_kvno, &serv_key);
if (code)
goto unknown_key;
/* Decrypt data here, save in plain, assume it will shrink */
code =
krb5_des_decrypt(&serv_key, t5.enc_part.etype,
t5.enc_part.cipher.data, t5.enc_part.cipher.length,
plain, &plainsiz);
if (code != 0)
goto bad_ticket;

1
src/scout/Makefile.in
View File

@ -43,6 +43,7 @@ LIBS=${TOP_LIBDIR}/libgtx.a \
${TOP_LIBDIR}/liblwp.a \
${TOP_LIBDIR}/util.a \
${TOP_LIBDIR}/libopr.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a
all: scout

2
src/sgistuff/Makefile.in
View File

@ -25,6 +25,7 @@ AFSLIBS=${TOP_LIBDIR}/libkauth.a \
${TOP_LIBDIR}/librxkad.a \
${TOP_LIBDIR}/libsys.a \
${LIBDIR}/librx.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a \
${LIBDIR}/liblwp.a \
${TOP_LIBDIR}/libcmd.a \
@ -38,6 +39,7 @@ KAFSLIBS=${TOP_LIBDIR}/libkauth.krb.a \
${TOP_LIBDIR}/librxkad.a \
${TOP_LIBDIR}/libsys.a \
${LIBDIR}/librx.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a \
${LIBDIR}/liblwp.a \
${TOP_LIBDIR}/libcmd.a \

3
src/tbutc/NTMakefile
View File

@ -83,7 +83,8 @@ BUTCLIBS=$(DESTDIR)\lib\afs\afsbudb.lib \
$(DESTDIR)\lib\libafsconf.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afshcrypto.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrfc3961.lib
# rm $(OUT)\tcstatus.obj
# nmake /nologo /f ntmakefile install

2
src/tests/Makefile.in
View File

@ -11,7 +11,7 @@ SYS_LIBS = ${TOP_LIBDIR}/libsys.a ${TOP_LIBDIR}/librx.a ${TOP_LIBDIR}/liblwp.a $
AUTH_LIBS = ${TOP_LIBDIR}/libauth.a ${SYS_LIBS}
INT_LIBS = ${TOP_LIBDIR}/libafsint.a ${TOP_LIBDIR}/libsys.a ${TOP_LIBDIR}/librxkad.a ${TOP_LIBDIR}/librx.a ${TOP_LIBDIR}/liblwp.a ${TOP_LIBDIR}/libafscom_err.a ${TOP_LIBDIR}/util.a
INT_LIBS = ${TOP_LIBDIR}/libafsint.a ${TOP_LIBDIR}/libsys.a ${TOP_LIBDIR}/librxkad.a ${TOP_LIBDIR}/librx.a ${TOP_LIBDIR}/liblwp.a ${TOP_LIBDIR}/libafscom_err.a ${TOP_LIBDIR}/util.a ${TOP_LIBDIR}/libafsrfc3961.a
TEST_PROGRAMS = write-ro-file hello-world read-vs-mmap read-vs-mmap2 \
mmap-and-read large-dir large-dir2 large-dir3 mountpoint \

3
src/tptserver/NTMakefile
View File

@ -95,7 +95,8 @@ PTSERVER_EXELIBS =\
$(DESTDIR)\lib\libafsconf.lib \
$(DESTDIR)\lib\afs\afspioctl.lib \
$(DESTDIR)\lib\afs\afsprocmgmt.lib \
$(DESTDIR)\lib\afspthread.lib
$(DESTDIR)\lib\afspthread.lib \
$(DESTDIR)\lib\afsrfc3961.lib
$(PTSERVER): $(PTSERVER_EXEOBJS) $(PTUTILS_OBJ) $(PTINT_XDR_OBJ) $(UTILS_OBJ) $(MAP_OBJ) $(LWP_OBJS) $(PTSERVER_EXERES) $(RXKADOBJS) $(PTSERVER_EXELIBS)
$(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib

1
src/tsm41/Makefile.in
View File

@ -18,6 +18,7 @@ AFSLIBS = \
${TOP_LIBDIR}/libauth.a \
${TOP_LIBDIR}/librxkad.a \
${TOP_LIBDIR}/libsys.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a \
${TOP_LIBDIR}/librx.a \
${TOP_LIBDIR}/liblwp.a \

1
src/update/Makefile.in
View File

@ -19,6 +19,7 @@ LIBS=${TOP_LIBDIR}/libauth.a \
${TOP_LIBDIR}/libafscom_err.a \
${TOP_LIBDIR}/util.a \
${TOP_LIBDIR}/libopr.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a
all: upserver upclient

3
src/update/NTMakefile
View File

@ -25,7 +25,8 @@ LIBS = \
$(DESTDIR)\lib\afs\afspioctl.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afshcrypto.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrfc3961.lib
############################################################################
# Definitions for generating files via RXGEN

1
src/uss/Makefile.in
View File

@ -30,6 +30,7 @@ LIBS=${TOP_LIBDIR}/libvolser.a \
${TOP_LIBDIR}/libafscom_err.a \
${TOP_LIBDIR}/util.a \
${TOP_LIBDIR}/libopr.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a
OBJS = uss_procs.o \

1
src/venus/Makefile.in
View File

@ -47,6 +47,7 @@ FSLIBS=${TOP_LIBDIR}/libsys.a \
${TOP_LIBDIR}/libaudit.a \
$(TOP_LIBDIR)/libafsutil.a \
$(TOP_LIBDIR)/libopr.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a
CMLIBS=${TOP_LIBDIR}/libsys.a \

3
src/viced/NTMakefile
View File

@ -82,7 +82,8 @@ EXELIBS = \
$(DESTDIR)\lib\afs\mtafsdir.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afspthread.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrfc3961.lib
$(EXEFILE): $(EXEOBJS) $(EXELIBS)
$(EXECONLINK)

1
src/vlserver/Makefile.in
View File

@ -35,6 +35,7 @@ LIBS=\
${TOP_LIBDIR}/libaudit.a \
${TOP_LIBDIR}/libafsutil.a \
$(TOP_LIBDIR)/libopr.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a
LT_objs = vldbint.xdr.lo vldbint.cs.lo vl_errors.lo

3
src/vlserver/NTMakefile
View File

@ -92,7 +92,8 @@ VLSERVER_EXECLIBS = \
$(DESTDIR)\lib\afs\afspioctl.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afshcrypto.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrfc3961.lib
$(VLSERVER): $(VLSERVER_EXEOBJS) $(LIBFILE) $(VLSERVER_EXECLIBS)
$(EXECONLINK) dnsapi.lib mpr.lib iphlpapi.lib shell32.lib

1
src/volser/Makefile.in
View File

@ -42,6 +42,7 @@ LIBS=\
${TOP_LIBDIR}/libusd.a \
${TOP_LIBDIR}/util.a \
${TOP_LIBDIR}/libopr.a \
${TOP_LIBDIR}/libafsrfc3961.a \
${TOP_LIBDIR}/libafshcrypto_lwp.a
VOLDUMP_LIBS = \

3
src/volser/NTMakefile
View File

@ -75,7 +75,8 @@ EXEC_LIBS = \
$(DESTDIR)\lib\afs\afspioctl.lib \
$(DESTDIR)\lib\opr.lib \
$(DESTDIR)\lib\afshcrypto.lib \
$(DESTDIR)\lib\afsroken.lib
$(DESTDIR)\lib\afsroken.lib \
$(DESTDIR)\lib\afsrfc3961.lib
############################################################################