/* len is number of bytes out */
static void hex2bin(char *buf, int len) {
int i;
for (i = 0; i < len; i++) {
buf[i] = (h2b(buf[2 * i + 0]) << 4)
| (h2b(buf[2 * i + 1]) << 0);
}
}
//--------------------------------------------------
// Converts a hex number (string) to binary value
// hex - hex number
// bin - buffer for binary value
// len - buffer length
//--------------------------------------------------
EXP_OPTION void hex2bin(const char* hex, byte* bin, int* len)
{
int i, l;
byte b;
RETURN_VOID_IF_NULL(hex);
RETURN_VOID_IF_NULL(bin);
RETURN_VOID_IF_NULL(len);
memset(bin, 0, *len);
l = strlen(hex);
for(i = 0; i < l; i += 2) {
b = (byte) ((h2b(hex[i]) << 4) | h2b(hex[i+1]));
bin[i/2] = b;
}
*len = i / 2;
}
int byte_cpy(char *dest,char *src,int destlen)
{
register char *p,*p1;
int i;
p=src;
p1=dest;
for(i=0;i<destlen;i++) {
if(!*p) break;
*p1++ = h2b(p);
if(*(++p)) p++;
}
return p-src;
}
/* generic inflate() run, where hex is the hexadecimal input data, what is the
text to include in an error message, step is how much input data to feed
inflate() on each call, or zero to feed it all, win is the window bits
parameter to inflateInit2(), len is the size of the output buffer, and err
is the error code expected from the first inflate() call (the second
inflate() call is expected to return Z_STREAM_END). If win is 47, then
header information is collected with inflateGetHeader(). If a zlib stream
is looking for a dictionary, then an empty dictionary is provided.
inflate() is run until all of the input data is consumed. */
local void inf(char *hex, char *what, unsigned step, int win, unsigned len,
int err)
{
int ret;
unsigned have;
unsigned char *in, *out;
z_stream strm, copy;
gz_header head;
mem_setup(&strm);
strm.avail_in = 0;
strm.next_in = Z_NULL;
ret = inflateInit2(&strm, win);
if (ret != Z_OK) {
mem_done(&strm, what);
return;
}
out = malloc(len); assert(out != NULL);
if (win == 47) {
head.extra = out;
head.extra_max = len;
head.name = out;
head.name_max = len;
head.comment = out;
head.comm_max = len;
ret = inflateGetHeader(&strm, &head); assert(ret == Z_OK);
}
in = h2b(hex, &have); assert(in != NULL);
if (step == 0 || step > have)
step = have;
strm.avail_in = step;
have -= step;
strm.next_in = in;
do {
strm.avail_out = len;
strm.next_out = out;
ret = inflate(&strm, Z_NO_FLUSH); assert(err == 9 || ret == err);
if (ret != Z_OK && ret != Z_BUF_ERROR && ret != Z_NEED_DICT)
break;
if (ret == Z_NEED_DICT) {
ret = inflateSetDictionary(&strm, in, 1);
assert(ret == Z_DATA_ERROR);
mem_limit(&strm, 1);
ret = inflateSetDictionary(&strm, out, 0);
assert(ret == Z_MEM_ERROR);
mem_limit(&strm, 0);
((struct inflate_state *)strm.state)->mode = DICT;
ret = inflateSetDictionary(&strm, out, 0);
assert(ret == Z_OK);
ret = inflate(&strm, Z_NO_FLUSH); assert(ret == Z_BUF_ERROR);
}
ret = inflateCopy(©, &strm); assert(ret == Z_OK);
ret = inflateEnd(©); assert(ret == Z_OK);
err = 9; /* don't care next time around */
have += strm.avail_in;
strm.avail_in = step > have ? have : step;
have -= strm.avail_in;
} while (strm.avail_in);
free(in);
free(out);
ret = inflateReset2(&strm, -8); assert(ret == Z_OK);
ret = inflateEnd(&strm); assert(ret == Z_OK);
mem_done(&strm, what);
}
ret = inflateBackInit(&strm, 15, win); assert(ret == Z_OK);
ret = inflateBackEnd(&strm); assert(ret == Z_OK);
fputs("inflateBack built-in memory routines\n", stderr);
}
/* do a raw inflate of data in hexadecimal with both inflate and inflateBack */
local int try(char *hex, char *id, int err)
{
int ret;
unsigned len, size;
unsigned char *in, *out, *win;
char *prefix;
z_stream strm;
/* convert to hex */
in = h2b(hex, &len);
assert(in != NULL);
/* allocate work areas */
size = len << 3;
out = malloc(size);
assert(out != NULL);
win = malloc(32768);
assert(win != NULL);
prefix = malloc(strlen(id) + 6);
assert(prefix != NULL);
/* first with inflate */
strcpy(prefix, id);
strcat(prefix, "-late");
mem_setup(&strm);
void hs2bs(char * hex, byte * res, uint lres) {
uint i = 0;
for(i = 0; i < 2*lres;i+=2) {
res[i/2] = h2b( hex+i );
}
}
void
apop(Ticketreq *tr, int type)
{
int challen, i, tries;
char *secret, *hkey, *p;
Ticketreq treq;
DigestState *s;
char sbuf[SECRETLEN], hbuf[DESKEYLEN];
char tbuf[TICKREQLEN];
char buf[MD5dlen*2];
uchar digest[MD5dlen], resp[MD5dlen];
ulong rb[4];
char chal[256];
USED(tr);
/*
* Create a challenge and send it.
*/
randombytes((uchar*)rb, sizeof(rb));
p = chal;
p += snprint(p, sizeof(chal), "<%lux%lux.%lux%lux@%s>",
rb[0], rb[1], rb[2], rb[3], domainname());
challen = p - chal;
print("%c%-5d%s", AuthOKvar, challen, chal);
/* give user a few attempts */
for(tries = 0; ; tries++) {
/*
* get ticket request
*/
if(readn(0, tbuf, TICKREQLEN) < 0)
exits(0);
convM2TR(tbuf, &treq);
tr = &treq;
if(tr->type != type)
exits(0);
/*
* read response
*/
if(readn(0, buf, MD5dlen*2) < 0)
exits(0);
for(i = 0; i < MD5dlen; i++)
resp[i] = (h2b(buf[2*i])<<4)|h2b(buf[2*i+1]);
/*
* lookup
*/
secret = findsecret(KEYDB, tr->uid, sbuf);
hkey = findkey(KEYDB, tr->hostid, hbuf);
if(hkey == 0 || secret == 0){
replyerror("apop-fail bad response %s", raddr);
logfail(tr->uid);
if(tries > 5)
return;
continue;
}
/*
* check for match
*/
if(type == AuthCram){
hmac_md5((uchar*)chal, challen,
(uchar*)secret, strlen(secret),
digest, nil);
} else {
s = md5((uchar*)chal, challen, 0, 0);
md5((uchar*)secret, strlen(secret), digest, s);
}
if(memcmp(digest, resp, MD5dlen) != 0){
replyerror("apop-fail bad response %s", raddr);
logfail(tr->uid);
if(tries > 5)
return;
continue;
}
break;
}
succeed(tr->uid);
/*
* reply with ticket & authenticator
*/
if(tickauthreply(tr, hkey) < 0)
exits(0);
if(debug){
if(type == AuthCram)
syslog(0, AUTHLOG, "cram-ok %s %s", tr->uid, raddr);
else
syslog(0, AUTHLOG, "apop-ok %s %s", tr->uid, raddr);
}
}
