static int krb4_adat(void *app_data, void *buf, size_t len) { KTEXT_ST tkt; AUTH_DAT auth_dat; char *p; int kerror; uint32_t cs; char msg[35]; /* size of encrypted block */ int tmp_len; struct krb4_data *d = app_data; char inst[INST_SZ]; struct sockaddr_in *his_addr_sin = (struct sockaddr_in *)his_addr; memcpy(tkt.dat, buf, len); tkt.length = len; k_getsockinst(0, inst, sizeof(inst)); kerror = krb_rd_req(&tkt, "ftp", inst, his_addr_sin->sin_addr.s_addr, &auth_dat, ""); if(kerror == RD_AP_UNDEC){ k_getsockinst(0, inst, sizeof(inst)); kerror = krb_rd_req(&tkt, "rcmd", inst, his_addr_sin->sin_addr.s_addr, &auth_dat, ""); } if(kerror){ reply(535, "Error reading request: %s.", krb_get_err_text(kerror)); return -1; } memcpy(d->key, auth_dat.session, sizeof(d->key)); des_set_key(&d->key, d->schedule); strlcpy(d->name, auth_dat.pname, sizeof(d->name)); strlcpy(d->instance, auth_dat.pinst, sizeof(d->instance)); strlcpy(d->realm, auth_dat.prealm, sizeof(d->instance)); cs = auth_dat.checksum + 1; { unsigned char tmp[4]; KRB_PUT_INT(cs, tmp, 4, sizeof(tmp)); tmp_len = krb_mk_safe(tmp, msg, 4, &d->key, (struct sockaddr_in *)LOCAL_ADDR, (struct sockaddr_in *)REMOTE_ADDR); } if(tmp_len < 0){ reply(535, "Error creating reply: %s.", strerror(errno)); return -1; } len = tmp_len; if(base64_encode(msg, len, &p) < 0) { reply(535, "Out of memory base64-encoding."); return -1; } reply(235, "ADAT=%s", p); sec_complete = 1; free(p); return 0; }
static int kerberosv4_encode(void *context, const struct iovec *invec, unsigned numiov, const char **output, unsigned *outputlen) { int len, ret; context_t *text = (context_t *)context; struct buffer_info *inblob, bufinfo; if(numiov > 1) { ret = _plug_iovec_to_buf(text->utils, invec, numiov, &text->enc_in_buf); if(ret != SASL_OK) return ret; inblob = text->enc_in_buf; } else { bufinfo.data = invec[0].iov_base; bufinfo.curlen = invec[0].iov_len; inblob = &bufinfo; } ret = _plug_buf_alloc(text->utils, &(text->encode_buf), &text->encode_buf_len, inblob->curlen+40); if(ret != SASL_OK) return ret; KRB_LOCK_MUTEX(text->utils); if (text->sec_type == KRB_SEC_ENCRYPTION) { /* Type incompatibility on 4th arg probably means you're building against krb4 in MIT krb5, but got the OpenSSL headers in your way. You need to not use openssl/des.h with MIT kerberos. */ len=krb_mk_priv(inblob->data, (text->encode_buf+4), inblob->curlen, text->init_keysched, &text->session, &text->ip_local, &text->ip_remote); } else if (text->sec_type == KRB_SEC_INTEGRITY) { len=krb_mk_safe(inblob->data, (text->encode_buf+4), inblob->curlen, &text->session, &text->ip_local, &text->ip_remote); } else { len = -1; } KRB_UNLOCK_MUTEX(text->utils); /* returns -1 on error */ if (len==-1) return SASL_FAIL; /* now copy in the len of the buffer in network byte order */ *outputlen=len+4; len=htonl(len); memcpy(text->encode_buf, &len, 4); /* Setup the const pointer */ *output = text->encode_buf; return SASL_OK; }
static int krb4_encode(void *app_data, void *from, int length, int level, void **to) { struct krb4_data *d = app_data; *to = malloc(length + 31); if(level == prot_safe) return krb_mk_safe(from, *to, length, &d->key, (struct sockaddr_in *)LOCAL_ADDR, (struct sockaddr_in *)REMOTE_ADDR); else if(level == prot_private) return krb_mk_priv(from, *to, length, d->schedule, &d->key, (struct sockaddr_in *)LOCAL_ADDR, (struct sockaddr_in *)REMOTE_ADDR); else return -1; }
static int krb4_encode(void *app_data, const void *from, int length, int level, void **to, struct connectdata *conn) { struct krb4_data *d = app_data; *to = malloc(length + 31); if(!*to) return -1; if(level == prot_safe) /* NOTE that the void* cast is safe, krb_mk_safe/priv don't modify the * input buffer */ return krb_mk_safe((void*)from, *to, length, &d->key, (struct sockaddr_in *)LOCAL_ADDR, (struct sockaddr_in *)REMOTE_ADDR); else if(level == prot_private) return krb_mk_priv((void*)from, *to, length, d->schedule, &d->key, (struct sockaddr_in *)LOCAL_ADDR, (struct sockaddr_in *)REMOTE_ADDR); else return -1; }