static int passwd_cb(char *buf, int size, int rwflag, void *filename) { #if OPENSSL_VERSION_NUMBER >= 0x00907000L UI *ui; const char *prompt; ui = UI_new(); if (ui == NULL) goto err; prompt = UI_construct_prompt(ui, "passphrase", filename); UI_add_input_string(ui, prompt, 0, buf, 0, size - 1); UI_process(ui); UI_free(ui); return strlen(buf); err: LM_ERR("passwd_cb failed\n"); if (ui) UI_free(ui); return 0; #else if( des_read_pw_string(buf, size-1, "Enter Private Key password:"******"passwd_cb failed\n"); return 0; } return strlen( buf ); #endif }
/* For historical reasons, the standard function for reading passwords is * in the DES library -- if someone ever wants to disable DES, * this function will fail */ int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) { #ifndef NO_DES if ((prompt == NULL) && (prompt_string[0] != '\0')) prompt=prompt_string; return(des_read_pw_string(buf,len,prompt,verify)); #else return -1; #endif }
int sc_init_open_login( CK_SESSION_HANDLE_PTR PsessionHandle, CK_SLOT_ID_PTR pslot, char * ppin, CK_USER_TYPE userType) { CK_RV status; char * pin; char rpin[256]; /* could also add CKF_EXCLUSIVE_SESSION */ int flags = CKF_RW_SESSION | CKF_SERIAL_SESSION ; status = (*(pFunctionList->C_OpenSession))(*pslot, flags, 0, NULL, PsessionHandle); if (status != CKR_OK) { SCerr(SCERR_F_SCINIT,SCERR_R_OPENSESSION); ERR_add_error_data(1,sc_ERR_code(status)); return SCERR_R_OPENSESSION; } if (ppin) /* did user provide the pin? */ { pin = ppin; } else { pin = rpin; memset(rpin,0,sizeof(rpin)); #ifdef WIN32 read_passphrase_win32_prompt( (userType == CKU_USER) ? "Smart Card User PIN:" : "Smart Card SO PIN:",0); read_passphrase_win32(rpin,sizeof(rpin),0); #else des_read_pw_string(rpin,sizeof(rpin), (userType == CKU_USER) ? "Smart Card User PIN:" : "Smart Card SO PIN:",0); #endif /*DEE should test this too */ } status = (*(pFunctionList->C_Login))(*PsessionHandle, userType, (CK_CHAR_PTR)pin, strlen(pin)); memset(rpin,0,sizeof(rpin)); if (status != CKR_OK) { SCerr(SCERR_F_SCINIT,SCERR_R_LOGIN); ERR_add_error_data(1,sc_ERR_code(status)); return SCERR_R_LOGIN; } return 0; }
char * prompt_password(const char * prompt) { int rc = // Read password from terminal. Disable terminal echo. des_read_pw_string ( Myproxy_pw, // buffer sizeof ( Myproxy_pw ) - 1, // length prompt, // prompt true // verify ); if (rc) { return NULL; } return Myproxy_pw; }
int main(int argc, char **argv) { struct afsconf_dir *tdir; afs_int32 code; if (argc == 1) { printf("bos_util: usage is 'bos_util <opcode> options, e.g.\n"); printf(" bos_util add <kvno>\n"); printf(" bos_util adddes <kvno>\n"); #ifdef KERBEROS printf(" bos_util srvtab2keyfile <kvno> <keyfile> <princ>\n"); #endif printf(" bos_util delete <kvno>\n"); printf(" bos_util list\n"); exit(1); } tdir = afsconf_Open(AFSDIR_SERVER_ETC_DIR); if (!tdir) { printf("bos_util: can't initialize conf dir '%s'\n", AFSDIR_SERVER_ETC_DIR); exit(1); } if (strcmp(argv[1], "add") == 0) { struct ktc_encryptionKey tkey; int kvno; char buf[BUFSIZ], ver[BUFSIZ]; char *tcell = NULL; if (argc != 3) { printf("bos_util add: usage is 'bos_util add <kvno>\n"); exit(1); } kvno = atoi(argv[2]); memset(&tkey, 0, sizeof(struct ktc_encryptionKey)); /* prompt for key */ code = des_read_pw_string(buf, sizeof(buf), "input key: ", 0); if (code || strlen(buf) == 0) { printf("Bad key: \n"); exit(1); } code = des_read_pw_string(ver, sizeof(ver), "Retype input key: ", 0); if (code || strlen(ver) == 0) { printf("Bad key: \n"); exit(1); } if (strcmp(ver, buf) != 0) { printf("\nInput key mismatch\n"); exit(1); } ka_StringToKey(buf, tcell, &tkey); code = afsconf_AddKey(tdir, kvno, ktc_to_charptr(&tkey), 0); if (code) { printf("bos_util: failed to set key, code %d.\n", code); exit(1); } } else if (strcmp(argv[1], "adddes") == 0) { struct ktc_encryptionKey tkey; int kvno; afs_int32 code; char buf[BUFSIZ], ver[BUFSIZ]; if (argc != 3) { printf("bos_util adddes: usage is 'bos_util adddes <kvno>\n"); exit(1); } kvno = atoi(argv[2]); memset(&tkey, 0, sizeof(struct ktc_encryptionKey)); /* prompt for key */ code = des_read_pw_string(buf, sizeof(buf), "input key: ", 0); if (code || strlen(buf) == 0) { printf("Bad key: \n"); exit(1); } code = des_read_pw_string(ver, sizeof(ver), "Retype input key: ", 0); if (code || strlen(ver) == 0) { printf("Bad key: \n"); exit(1); } if (strcmp(ver, buf) != 0) { printf("\nInput key mismatch\n"); exit(1); } des_string_to_key(buf, ktc_to_cblockptr(&tkey)); code = afsconf_AddKey(tdir, kvno, ktc_to_charptr(&tkey), 0); if (code) { printf("bos_util: failed to set key, code %d.\n", code); exit(1); } } #ifdef KERBEROS else if (strcmp(argv[1], "srvtab2keyfile") == 0) { char tkey[8], name[255], inst[255], realm[255]; int kvno; if (argc != 5) { printf ("bos_util add: usage is 'bos_util srvtab2keyfile <kvno> <keyfile> <princ>\n"); exit(1); } kvno = atoi(argv[2]); bzero(tkey, sizeof(tkey)); code = kname_parse(name, inst, realm, argv[4]); if (code != 0) { printf("Invalid kerberos name\n"); exit(1); } code = read_service_key(name, inst, realm, kvno, argv[3], tkey); if (code != 0) { printf("Can't find key in %s\n", argv[3]); exit(1); } code = afsconf_AddKey(tdir, kvno, tkey, 0); if (code) { printf("bos_util: failed to set key, code %d.\n", code); exit(1); } } #endif else if (strcmp(argv[1], "delete") == 0) { long kvno; if (argc != 3) { printf("bos_util delete: usage is 'bos_util delete <kvno>\n"); exit(1); } kvno = atoi(argv[2]); code = afsconf_DeleteKey(tdir, kvno); if (code) { printf("bos_util: failed to delete key %ld, (code %d)\n", kvno, code); exit(1); } } else if (strcmp(argv[1], "list") == 0) { struct afsconf_keys tkeys; int i; unsigned char tbuffer[9]; code = afsconf_GetKeys(tdir, &tkeys); if (code) { printf("bos_util: failed to get keys, code %d\n", code); exit(1); } for (i = 0; i < tkeys.nkeys; i++) { if (tkeys.key[i].kvno != -1) { int count; unsigned char x[8]; memcpy(tbuffer, tkeys.key[i].key, 8); tbuffer[8] = 0; printf("kvno %4d: key is '%s' '", tkeys.key[i].kvno, tbuffer); strcpy((char *)x, (char *)tbuffer); for (count = 0; count < 8; count++) printf("\\%03o", x[count]); printf("'\n"); } } printf("All done.\n"); } else { printf ("bos_util: unknown operation '%s', type 'bos_util' for assistance\n", argv[1]); exit(1); } exit(0); }
/*ARGSUSED */ static int passwd_to_key( char *user, char *instance, char *realm, char *passwd, C_Block key ) { #ifdef NOENCRYPTION if (!passwd) placebo_read_password(key, "Password: "******"Password: "******"Trying next_string_to_key[%d]\n",in_tkt_decrypt_again); } else --in_tkt_decrypt_again; /* * If the principal is known to be in the local realm, don't even bother * to attempt decryptions with alternative string to key algorithms (i.e. * we presumably aren't schizophrenic with respect to our own string to * key function). This is simply an optimization to avoid extra useless * work when a bad password has been supplied in the common case. */ /* THIS IS WRONG!!!!! * if (strcmp(realm, KRB_REALM) == 0) * in_tkt_decrypt_again = 0; */ /* * If there are no more string to key algorithms to try, zero the password * string now so that krb_get_in_tkt() doesn't have to call us back since * it can't distinguish this case from one when the password function * doesn't support iteration at all. */ if (in_tkt_decrypt_again == 0) { bzero(key_string, sizeof (key_string)); have_key_string = 0; } #else /* OLDSTRTOKEY */ // back to the original MIT code if (passwd) string_to_key(passwd, key); else { des_read_password(key, "Password: ", 0); } #endif /* OLDSTRTOKEY */ #endif /* !NOENCRYPTION */ return (0); }
void kauth(int argc, char **argv) { int ret; char buf[1024]; des_cblock key; des_key_schedule schedule; KTEXT_ST tkt, tktcopy; char *name; char *p; int overbose; char passwd[100]; int tmp; int save; if(argc > 2){ printf("usage: %s [principal]\n", argv[0]); code = -1; return; } if(argc == 2) name = argv[1]; else name = username; overbose = verbose; verbose = 0; save = set_command_prot(prot_private); ret = command("SITE KAUTH %s", name); if(ret != CONTINUE){ verbose = overbose; set_command_prot(save); code = -1; return; } verbose = overbose; p = strstr(reply_string, "T="); if(!p){ printf("Bad reply from server.\n"); set_command_prot(save); code = -1; return; } p += 2; tmp = base64_decode(p, &tkt.dat); if(tmp < 0){ printf("Failed to decode base64 in reply.\n"); set_command_prot(save); code = -1; return; } tkt.length = tmp; tktcopy.length = tkt.length; p = strstr(reply_string, "P="); if(!p){ printf("Bad reply from server.\n"); verbose = overbose; set_command_prot(save); code = -1; return; } name = p + 2; for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++); *p = 0; snprintf(buf, sizeof(buf), "Password for %s:", name); if (des_read_pw_string (passwd, sizeof(passwd)-1, buf, 0)) *passwd = '\0'; des_string_to_key (passwd, &key); des_key_sched(&key, schedule); des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat, tkt.length, schedule, &key, DES_DECRYPT); if (strcmp ((char*)tktcopy.dat + 8, KRB_TICKET_GRANTING_TICKET) != 0) { afs_string_to_key (passwd, krb_realmofhost(hostname), &key); des_key_sched (&key, schedule); des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat, tkt.length, schedule, &key, DES_DECRYPT); } memset(key, 0, sizeof(key)); memset(schedule, 0, sizeof(schedule)); memset(passwd, 0, sizeof(passwd)); if(base64_encode(tktcopy.dat, tktcopy.length, &p) < 0) { printf("Out of memory base64-encoding.\n"); set_command_prot(save); code = -1; return; } memset (tktcopy.dat, 0, tktcopy.length); ret = command("SITE KAUTH %s %s", name, p); free(p); set_command_prot(save); if(ret != COMPLETE){ code = -1; return; } code = 0; }