/** * Main function that will be run by the scheduler. * * @param cls closure * @param args remaining command-line arguments * @param cfgfile name of the configuration file used (for saving, can be NULL!) * @param cfg configuration */ static void run (void *cls, char *const *args, const char *cfgfile, const struct GNUNET_CONFIGURATION_Handle *cfg) { struct GNUNET_CRYPTO_RsaPrivateKey *pk; struct GNUNET_CRYPTO_RsaPublicKeyBinaryEncoded pub; struct GNUNET_PeerIdentity pid; if (NULL == args[0]) { fprintf (stderr, _("No hostkey file specified on command line\n")); return; } if (0 != weak_random) GNUNET_CRYPTO_random_disable_entropy_gathering (); if (make_keys > 0) { create_keys (args[0]); return; } pk = GNUNET_CRYPTO_rsa_key_create_from_file (args[0]); if (NULL == pk) return; if (print_public_key) { char *s; GNUNET_CRYPTO_rsa_key_get_public (pk, &pub); s = GNUNET_CRYPTO_rsa_public_key_to_string (&pub); fprintf (stdout, "%s\n", s); GNUNET_free (s); } if (print_peer_identity) { struct GNUNET_CRYPTO_HashAsciiEncoded enc; GNUNET_CRYPTO_rsa_key_get_public (pk, &pub); GNUNET_CRYPTO_hash (&pub, sizeof (pub), &pid.hashPubKey); GNUNET_CRYPTO_hash_to_enc (&pid.hashPubKey, &enc); fprintf (stdout, "%s\n", enc.encoding); } if (print_short_identity) { struct GNUNET_CRYPTO_ShortHashAsciiEncoded enc; struct GNUNET_CRYPTO_ShortHashCode sh; GNUNET_CRYPTO_rsa_key_get_public (pk, &pub); GNUNET_CRYPTO_short_hash (&pub, sizeof (pub), &sh); GNUNET_CRYPTO_short_hash_to_enc (&sh, &enc); fprintf (stdout, "%s\n", enc.short_encoding); } GNUNET_CRYPTO_rsa_key_free (pk); }
static int read_or_create_log(const char *filename, const char *token, uint8_t *salt, uint8_t *nonce, uint8_t *key_buf, uint8_t **out_buf, int64_t *data_size) { int fd; struct stat fileinfo; int ret; fd = open_log_file(filename); if (fd == -1) { goto fail; } ret = fstat(fd, &fileinfo); if (fileinfo.st_size == 0) { ret = create_salt(salt, SALT_SIZE); if (ret != 0) goto fail_fd; ret = create_salt(nonce, NONCE_SIZE); if (ret != 0) goto fail_fd; } else if (fileinfo.st_size < MIN_LOG_FILE_SIZE) { goto fail_fd; } create_keys(token, salt, key_buf); if (fileinfo.st_size > 0) { ret = read_and_validate_log(fd, token, out_buf, data_size); if ((ret != CAPSTONE_EXIT_SUCCESS) || !out_buf || !(*out_buf)) goto fail_fd; } return fd; fail_fd: close(fd); fail: return -1; }
int main(int argc, const char *argv[]) { static const char *server = NULL; static const char *principal = NULL; static const char *keytab = NULL; static const char *enctypes_string = NULL; static const char *binddn = NULL; static const char *bindpw = NULL; char *ldap_uri = NULL; static const char *sasl_mech = NULL; static const char *ca_cert_file = NULL; int quiet = 0; int askpass = 0; int permitted_enctypes = 0; int retrieve = 0; struct poptOption options[] = { { "quiet", 'q', POPT_ARG_NONE, &quiet, 0, _("Print as little as possible"), _("Output only on errors")}, { "server", 's', POPT_ARG_STRING, &server, 0, _("Contact this specific KDC Server"), _("Server Name") }, { "principal", 'p', POPT_ARG_STRING, &principal, 0, _("The principal to get a keytab for (ex: ftp/[email protected])"), _("Kerberos Service Principal Name") }, { "keytab", 'k', POPT_ARG_STRING, &keytab, 0, _("The keytab file to append the new key to (will be " "created if it does not exist)."), _("Keytab File Name") }, { "enctypes", 'e', POPT_ARG_STRING, &enctypes_string, 0, _("Encryption types to request"), _("Comma separated encryption types list") }, { "permitted-enctypes", 0, POPT_ARG_NONE, &permitted_enctypes, 0, _("Show the list of permitted encryption types and exit"), _("Permitted Encryption Types") }, { "password", 'P', POPT_ARG_NONE, &askpass, 0, _("Asks for a non-random password to use for the principal"), NULL }, { "binddn", 'D', POPT_ARG_STRING, &binddn, 0, _("LDAP DN"), _("DN to bind as if not using kerberos") }, { "bindpw", 'w', POPT_ARG_STRING, &bindpw, 0, _("LDAP password"), _("password to use if not using kerberos") }, { "cacert", 0, POPT_ARG_STRING, &ca_cert_file, 0, _("Path to the IPA CA certificate"), _("IPA CA certificate")}, { "ldapuri", 'H', POPT_ARG_STRING, &ldap_uri, 0, _("LDAP uri to connect to. Mutually exclusive with --server"), _("url")}, { "mech", 'Y', POPT_ARG_STRING, &sasl_mech, 0, _("LDAP SASL bind mechanism if no bindd/bindpw"), _("GSSAPI|EXTERNAL") }, { "retrieve", 'r', POPT_ARG_NONE, &retrieve, 0, _("Retrieve current keys without changing them"), NULL }, POPT_AUTOHELP POPT_TABLEEND }; poptContext pc; char *ktname; char *password = NULL; krb5_context krbctx; krb5_ccache ccache; krb5_principal uprinc = NULL; krb5_principal sprinc; krb5_error_code krberr; struct keys_container keys = { 0 }; krb5_keytab kt; int kvno; int i, ret; char *err_msg; ret = init_gettext(); if (ret) { fprintf(stderr, "Failed to load translations\n"); } krberr = krb5_init_context(&krbctx); if (krberr) { fprintf(stderr, _("Kerberos context initialization failed\n")); exit(1); } pc = poptGetContext("ipa-getkeytab", argc, (const char **)argv, options, 0); ret = poptGetNextOpt(pc); if (ret == -1 && permitted_enctypes && !(server || principal || keytab || quiet)) { krb5_enctype *ktypes; char enc[79]; /* fit std terminal or truncate */ krberr = krb5_get_permitted_enctypes(krbctx, &ktypes); if (krberr) { fprintf(stderr, _("No system preferred enctypes ?!\n")); exit(1); } fprintf(stdout, _("Supported encryption types:\n")); for (i = 0; ktypes[i]; i++) { krberr = krb5_enctype_to_string(ktypes[i], enc, 79); if (krberr) { fprintf(stderr, _("Warning: " "failed to convert type (#%d)\n"), i); continue; } fprintf(stdout, "%s\n", enc); } ipa_krb5_free_ktypes(krbctx, ktypes); exit (0); } if (ret != -1 || !principal || !keytab || permitted_enctypes) { if (!quiet) { poptPrintUsage(pc, stderr, 0); } exit(2); } if (NULL!=binddn && NULL==bindpw) { fprintf(stderr, _("Bind password required when using a bind DN.\n")); if (!quiet) poptPrintUsage(pc, stderr, 0); exit(10); } if (NULL != binddn && NULL != sasl_mech) { fprintf(stderr, _("Cannot specify both SASL mechanism " "and bind DN simultaneously.\n")); if (!quiet) poptPrintUsage(pc, stderr, 0); exit(2); } if (sasl_mech && check_sasl_mech(sasl_mech)) { fprintf(stderr, _("Invalid SASL bind mechanism\n")); if (!quiet) poptPrintUsage(pc, stderr, 0); exit(2); } if (!binddn && !sasl_mech) { sasl_mech = LDAP_SASL_GSSAPI; } if (server && ldap_uri) { fprintf(stderr, _("Cannot specify server and LDAP uri " "simultaneously.\n")); if (!quiet) poptPrintUsage(pc, stderr, 0); exit(2); } if (!server && !ldap_uri) { struct ipa_config *ipacfg = NULL; ret = read_ipa_config(&ipacfg); if (ret == 0) { server = ipacfg->server_name; ipacfg->server_name = NULL; } free(ipacfg); if (!server) { fprintf(stderr, _("Server name not provided and unavailable\n")); exit(2); } } if (server) { ret = ipa_server_to_uri(server, sasl_mech, &ldap_uri); if (ret) { exit(ret); } } if (!ca_cert_file) { ca_cert_file = DEFAULT_CA_CERT_FILE; } if (askpass && retrieve) { fprintf(stderr, _("Incompatible options provided (-r and -P)\n")); exit(2); } if (askpass) { password = ask_password(krbctx); if (!password) { exit(2); } } else if (enctypes_string && strchr(enctypes_string, ':')) { if (!quiet) { fprintf(stderr, _("Warning: salt types are not honored" " with randomized passwords (see opt. -P)\n")); } } ret = asprintf(&ktname, "WRFILE:%s", keytab); if (ret == -1) { exit(3); } krberr = krb5_parse_name(krbctx, principal, &sprinc); if (krberr) { fprintf(stderr, _("Invalid Service Principal Name\n")); exit(4); } if (NULL == bindpw && strcmp(sasl_mech, LDAP_SASL_GSSAPI) == 0) { krberr = krb5_cc_default(krbctx, &ccache); if (krberr) { fprintf(stderr, _("Kerberos Credential Cache not found. " "Do you have a Kerberos Ticket?\n")); exit(5); } krberr = krb5_cc_get_principal(krbctx, ccache, &uprinc); if (krberr) { fprintf(stderr, _("Kerberos User Principal not found. " "Do you have a valid Credential Cache?\n")); exit(6); } } krberr = krb5_kt_resolve(krbctx, ktname, &kt); if (krberr) { fprintf(stderr, _("Failed to open Keytab\n")); exit(7); } kvno = -1; ret = ldap_get_keytab(krbctx, (retrieve == 0), password, enctypes_string, ldap_uri, principal, uprinc, binddn, bindpw, sasl_mech, ca_cert_file, &keys, &kvno, &err_msg); if (ret) { if (!quiet && err_msg != NULL) { fprintf(stderr, "%s", err_msg); } } if (retrieve == 0 && kvno == -1) { if (!quiet) { fprintf(stderr, _("Retrying with pre-4.0 keytab retrieval method...\n")); } /* create key material */ ret = create_keys(krbctx, sprinc, password, enctypes_string, &keys, &err_msg); if (!ret) { if (err_msg != NULL) { fprintf(stderr, "%s", err_msg); } fprintf(stderr, _("Failed to create key material\n")); exit(8); } kvno = ldap_set_keytab(krbctx, ldap_uri, principal, uprinc, binddn, bindpw, sasl_mech, ca_cert_file, &keys); } if (kvno == -1) { fprintf(stderr, _("Failed to get keytab\n")); exit(9); } for (i = 0; i < keys.nkeys; i++) { krb5_keytab_entry kt_entry; memset((char *)&kt_entry, 0, sizeof(kt_entry)); kt_entry.principal = sprinc; kt_entry.key = keys.ksdata[i].key; kt_entry.vno = kvno; krberr = krb5_kt_add_entry(krbctx, kt, &kt_entry); if (krberr) { fprintf(stderr, _("Failed to add key to the keytab\n")); exit (11); } } free_keys_contents(krbctx, &keys); krberr = krb5_kt_close(krbctx, kt); if (krberr) { fprintf(stderr, _("Failed to close the keytab\n")); exit (12); } if (!quiet) { fprintf(stderr, _("Keytab successfully retrieved and stored in: %s\n"), keytab); } exit(0); }
int lnp_handle_key_exchange_ok(lnp_packet_p *packet, int content_length) { lnp_key_exchange_ok_p key_exchange_ok; int routing_entry_index; int store_entry_index; /* Reading packet */ if (parse_key_exchange_ok(&key_exchange_ok, packet->content, content_length) == LNP_ERROR) { liblog_debug(LAYER_NET, "packet format corrupted."); return LNP_ERROR; } liblog_debug(LAYER_NET, "packet successfuly parsed."); /* lock routing entry */ routing_entry_index = lnp_routing_entry_lock(packet->source); if (routing_entry_index == LNP_LOOKUP_ERROR) { //TODO } store_entry_index = routing_table[routing_entry_index].store_index; if (lnp_key_store[store_entry_index].handshake_state != LNP_HANDSHAKE_EXCHANGING_KEYS) { liblog_info(LAYER_NET, "public_key_exchange_ok dropped: " "state must be LNP_HANDSHAKE_EXCHANGING_KEYS."); lnp_routing_entry_unlock(routing_entry_index); return LNP_ERROR; } lnp_key_store[store_entry_index].cipher = lnp_cipher_search(key_exchange_ok.cipher); lnp_key_store[store_entry_index].hash = lnp_hash_search(key_exchange_ok.hash); lnp_key_store[store_entry_index].mac = lnp_mac_search(key_exchange_ok.mac); /* Functions received don't support even the defaults. */ if (lnp_key_store[store_entry_index].cipher == NULL || lnp_key_store[store_entry_index].hash == NULL || lnp_key_store[store_entry_index].mac == NULL) { liblog_error(LAYER_NET, "received functions not supported, packet dropped."); lnp_routing_entry_unlock(routing_entry_index); return LNP_ERROR; } liblog_debug(LAYER_NET, "received functions are supported."); // TODO decifrar if (memcmp(lnp_key_store[store_entry_index].k_out, key_exchange_ok.encrypted_k, LNP_K_LENGTH) != 0) { lnp_routing_entry_unlock(routing_entry_index); return LNP_ERROR; } /* Create all the keys. */ if (create_keys(store_entry_index) == LNP_ERROR) { liblog_error(LAYER_NET, "error generating keys."); lnp_routing_entry_unlock(routing_entry_index); return LNP_ERROR; }; lnp_key_store[store_entry_index].handshake_state = LNP_HANDSHAKE_CONNECTED; lnp_routing_entry_signal(routing_entry_index); lnp_routing_entry_unlock(routing_entry_index); return LNP_OK; }
int lnp_handle_key_exchange(lnp_packet_p *packet, int content_length) { lnp_key_exchange_p key_exchange; int routing_entry_index; int store_entry_index; /* Reading packet */ if (parse_key_exchange(&key_exchange, packet->content, content_length) == LNP_ERROR) { liblog_debug(LAYER_NET, "packet format corrupted."); return LNP_ERROR; } liblog_debug(LAYER_NET, "packet successfuly parsed."); /* lock routing entry */ routing_entry_index = lnp_routing_entry_lock(packet->source); if (routing_entry_index == LNP_LOOKUP_ERROR) { //TODO } store_entry_index = routing_table[routing_entry_index].store_index; if (lnp_key_store[store_entry_index].handshake_state != LNP_HANDSHAKE_BEING_CONNECTED) { liblog_info(LAYER_NET, "public_key_exchange dropped: " "state must be LNP_HANDSHAKE_BEING_CONNECTED."); lnp_routing_entry_unlock(routing_entry_index); return LNP_ERROR; } lnp_key_store[store_entry_index].cipher = lnp_cipher_search(key_exchange.ciphers); lnp_key_store[store_entry_index].hash = lnp_hash_search(key_exchange.hashes); lnp_key_store[store_entry_index].mac = lnp_mac_search(key_exchange.macs); /* Functions received don't support even the defaults. */ if (lnp_key_store[store_entry_index].cipher == NULL || lnp_key_store[store_entry_index].hash == NULL || lnp_key_store[store_entry_index].mac == NULL) { liblog_error(LAYER_NET, "received functions not supported, packet dropped."); lnp_routing_entry_unlock(routing_entry_index); return LNP_ERROR; } liblog_debug(LAYER_NET, "received functions are supported."); // TODO decifrar if (memcmp(lnp_key_store[store_entry_index].k_out, key_exchange.encrypted_k_1, LNP_K_LENGTH) != 0) { lnp_routing_entry_unlock(routing_entry_index); return LNP_ERROR; } liblog_debug(LAYER_NET, "parameter k authenticated."); // TODO decifrar memcpy(lnp_key_store[store_entry_index].k_in, key_exchange.encrypted_k_2, LNP_K_LENGTH); /* Create all the keys. */ if (create_keys(store_entry_index) == LNP_ERROR) { liblog_error(LAYER_NET, "error generating session keys."); lnp_routing_entry_unlock(routing_entry_index); return LNP_ERROR; }; if (send_key_exchange_ok(packet->source, store_entry_index) == LNP_ERROR) { lnp_routing_entry_unlock(routing_entry_index); return LNP_ERROR; } lnp_key_store[store_entry_index].handshake_state = LNP_HANDSHAKE_CONNECTED; /*pthread_cond_broadcast( &lnp_key_store[store_entry_index].handshake_condition);*/ /*lnp_routing_entry_signal(routing_entry_index);*/ lnp_routing_entry_unlock(routing_entry_index); return LNP_OK; }