/* * 2. Marshal */ static bool_t authdes_marshal(AUTH *auth, XDR *xdrs) { /* LINTED pointer alignment */ struct ad_private *ad = AUTH_PRIVATE(auth); struct authdes_cred *cred = &ad->ad_cred; struct authdes_verf *verf = &ad->ad_verf; des_block cryptbuf[2]; des_block ivec; int status; int len; rpc_inline_t *ixdr; /* * Figure out the "time", accounting for any time difference * with the server if necessary. */ (void)gettimeofday(&ad->ad_timestamp, NULL); ad->ad_timestamp.tv_sec += ad->ad_timediff.tv_sec; ad->ad_timestamp.tv_usec += ad->ad_timediff.tv_usec; while (ad->ad_timestamp.tv_usec >= USEC_PER_SEC) { ad->ad_timestamp.tv_usec -= USEC_PER_SEC; ad->ad_timestamp.tv_sec++; } /* * XDR the timestamp and possibly some other things, then * encrypt them. */ ixdr = (rpc_inline_t *)cryptbuf; IXDR_PUT_INT32(ixdr, ad->ad_timestamp.tv_sec); IXDR_PUT_INT32(ixdr, ad->ad_timestamp.tv_usec); if (ad->ad_cred.adc_namekind == ADN_FULLNAME) { IXDR_PUT_U_INT32(ixdr, ad->ad_window); IXDR_PUT_U_INT32(ixdr, ad->ad_window - 1); ivec.key.high = ivec.key.low = 0; status = cbc_crypt((char *)&auth->ah_key, (char *)cryptbuf, (u_int) 2 * sizeof (des_block), DES_ENCRYPT | DES_HW, (char *)&ivec); } else { status = ecb_crypt((char *)&auth->ah_key, (char *)cryptbuf, (u_int) sizeof (des_block), DES_ENCRYPT | DES_HW); } if (DES_FAILED(status)) { syslog(LOG_ERR, "authdes_marshal: DES encryption failure"); return (FALSE); } ad->ad_verf.adv_xtimestamp = cryptbuf[0]; if (ad->ad_cred.adc_namekind == ADN_FULLNAME) { ad->ad_cred.adc_fullname.window = cryptbuf[1].key.high; ad->ad_verf.adv_winverf = cryptbuf[1].key.low; } else { ad->ad_cred.adc_nickname = ad->ad_nickname; ad->ad_verf.adv_winverf = 0; } /* * Serialize the credential and verifier into opaque * authentication data. */ if (ad->ad_cred.adc_namekind == ADN_FULLNAME) { len = ((1 + 1 + 2 + 1)*BYTES_PER_XDR_UNIT + ad->ad_fullnamelen); } else { len = (1 + 1)*BYTES_PER_XDR_UNIT; } if ((ixdr = xdr_inline(xdrs, 2*BYTES_PER_XDR_UNIT))) { IXDR_PUT_INT32(ixdr, AUTH_DES); IXDR_PUT_INT32(ixdr, len); } else { ATTEMPT(xdr_putint32(xdrs, (int *)&auth->ah_cred.oa_flavor)); ATTEMPT(xdr_putint32(xdrs, &len)); } ATTEMPT(xdr_authdes_cred(xdrs, cred)); len = (2 + 1)*BYTES_PER_XDR_UNIT; if ((ixdr = xdr_inline(xdrs, 2*BYTES_PER_XDR_UNIT))) { IXDR_PUT_INT32(ixdr, AUTH_DES); IXDR_PUT_INT32(ixdr, len); } else { ATTEMPT(xdr_putint32(xdrs, (int *)&auth->ah_verf.oa_flavor)); ATTEMPT(xdr_putint32(xdrs, &len)); } ATTEMPT(xdr_authdes_verf(xdrs, verf)); return (TRUE); }
/* * 2. Marshal */ static bool_t authdes_marshal (AUTH *auth, XDR *xdrs) { struct ad_private *ad = AUTH_PRIVATE (auth); struct authdes_cred *cred = &ad->ad_cred; struct authdes_verf *verf = &ad->ad_verf; des_block cryptbuf[2]; des_block ivec; int status; int len; register int32_t *ixdr; struct timeval tval; /* * Figure out the "time", accounting for any time difference * with the server if necessary. */ __gettimeofday (&tval, (struct timezone *) NULL); ad->ad_timestamp.tv_sec = tval.tv_sec + ad->ad_timediff.tv_sec; ad->ad_timestamp.tv_usec = tval.tv_usec + ad->ad_timediff.tv_usec; if (ad->ad_timestamp.tv_usec >= MILLION) { ad->ad_timestamp.tv_usec -= MILLION; ad->ad_timestamp.tv_sec += 1; } /* * XDR the timestamp and possibly some other things, then * encrypt them. * XXX We have a real Year 2038 problem here. */ ixdr = (int32_t *) cryptbuf; IXDR_PUT_INT32 (ixdr, ad->ad_timestamp.tv_sec); IXDR_PUT_INT32 (ixdr, ad->ad_timestamp.tv_usec); if (ad->ad_cred.adc_namekind == ADN_FULLNAME) { IXDR_PUT_U_INT32 (ixdr, ad->ad_window); IXDR_PUT_U_INT32 (ixdr, ad->ad_window - 1); ivec.key.high = ivec.key.low = 0; status = cbc_crypt ((char *) &auth->ah_key, (char *) cryptbuf, 2 * sizeof (des_block), DES_ENCRYPT | DES_HW, (char *) &ivec); } else status = ecb_crypt ((char *) &auth->ah_key, (char *) cryptbuf, sizeof (des_block), DES_ENCRYPT | DES_HW); if (DES_FAILED (status)) { debug ("authdes_marshal: DES encryption failure"); return FALSE; } ad->ad_verf.adv_xtimestamp = cryptbuf[0]; if (ad->ad_cred.adc_namekind == ADN_FULLNAME) { ad->ad_cred.adc_fullname.window = cryptbuf[1].key.high; ad->ad_verf.adv_winverf = cryptbuf[1].key.low; } else { ad->ad_cred.adc_nickname = ad->ad_nickname; ad->ad_verf.adv_winverf = 0; } /* * Serialize the credential and verifier into opaque * authentication data. */ if (ad->ad_cred.adc_namekind == ADN_FULLNAME) len = ((1 + 1 + 2 + 1) * BYTES_PER_XDR_UNIT + ad->ad_fullnamelen); else len = (1 + 1) * BYTES_PER_XDR_UNIT; if ((ixdr = xdr_inline (xdrs, 2 * BYTES_PER_XDR_UNIT)) != NULL) { IXDR_PUT_INT32 (ixdr, AUTH_DES); IXDR_PUT_U_INT32 (ixdr, len); } else { ATTEMPT (xdr_putint32 (xdrs, &auth->ah_cred.oa_flavor)); ATTEMPT (xdr_putint32 (xdrs, &len)); } ATTEMPT (xdr_authdes_cred (xdrs, cred)); len = (2 + 1) * BYTES_PER_XDR_UNIT; if ((ixdr = xdr_inline (xdrs, 2 * BYTES_PER_XDR_UNIT)) != NULL) { IXDR_PUT_INT32 (ixdr, AUTH_DES); IXDR_PUT_U_INT32 (ixdr, len); } else { ATTEMPT (xdr_putint32 (xdrs, &auth->ah_verf.oa_flavor)); ATTEMPT (xdr_putint32 (xdrs, &len)); } ATTEMPT (xdr_authdes_verf (xdrs, verf)); return TRUE; }