1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
/*
* $Source$
* $Author$
*
* Copyright 1990 by the Massachusetts Institute of Technology.
*
* For copying and distribution information, please see the file
* <krb5/mit-copyright.h>.
*
* krb5_mk_safe()
*/
#if !defined(lint) && !defined(SABER)
static char rcsid_mk_safe_c[] =
"$Id$";
#endif /* !lint & !SABER */
#include <krb5/copyright.h>
#include <krb5/krb5.h>
#include <krb5/krb5_err.h>
#include <krb5/asn1.h>
#include <stdio.h>
#include <krb5/libos-proto.h>
#include <krb5/ext-proto.h>
/*
Formats a KRB_SAFE message into outbuf.
userdata is formatted as the user data in the message.
sumtype specifies the encryption type; key specifies the key which
might be used to seed the checksum; sender_addr and recv_addr specify
the full addresses (host and port) of the sender and receiver.
The host portion of sender_addr is used to form the addresses used in the
KRB_SAFE message.
The outbuf buffer storage is allocated, and should be freed by the
caller when finished.
returns system errors
*/
krb5_error_code
krb5_mk_safe(DECLARG(krb5_data *, userdata),
DECLARG(krb5_cksumtype, sumtype),
DECLARG(krb5_keyblock *, key),
DECLARG(krb5_fulladdr *, sender_addr),
DECLARG(krb5_fulladdr *, recv_addr),
DECLARG(krb5_data *, outbuf))
OLDDECLARG(krb5_data *, userdata)
OLDDECLARG(krb5_cksumtype, sumtype)
OLDDECLARG(krb5_keyblock *, key)
OLDDECLARG(krb5_fulladdr *, sender_addr)
OLDDECLARG(krb5_fulladdr *, recv_addr)
OLDDECLARG(krb5_data *, outbuf)
{
krb5_error_code retval;
krb5_safe safemsg;
krb5_address *addrs[2];
krb5_octet zero_octet = 0;
krb5_checksum safe_checksum;
krb5_data *scratch;
if (!valid_cksumtype(sumtype))
return KRB5_PROG_SUMTYPE_NOSUPP;
addrs[0] = sender_addr->address;
addrs[1] = 0;
safemsg.user_data = *userdata;
safemsg.addresses = addrs;
if (retval = krb5_ms_timeofday(&safemsg.timestamp, &safemsg.msec))
return retval;
if (krb5_fulladdr_order(sender_addr, recv_addr) > 0)
safemsg.msec = (safemsg.msec & MSEC_VAL_MASK) | MSEC_DIRBIT;
else
/* this should be a no-op, but just to be sure... */
safemsg.msec = safemsg.msec & MSEC_VAL_MASK;
/* to do the checksum stuff, we need to encode the message with a
zero-length zero-type checksum, then checksum the encoding, then
re-encode with the
checksum. */
safe_checksum.checksum_type = 0;
safe_checksum.length = 0;
safe_checksum.contents = &zero_octet;
safemsg.checksum = &safe_checksum;
if (retval = encode_krb5_safe(&safemsg, &scratch))
return retval;
#define clean_scratch() {(void) bzero((char *)scratch->data, scratch->length); krb5_free_data(scratch);}
if (retval = (*(krb5_cksumarray[sumtype]->sum_func))(scratch->data,
0, /* XXX? */
(krb5_pointer) key->contents,
scratch->length,
key->length,
&safe_checksum)) {
clean_scratch();
return retval;
}
safemsg.checksum = &safe_checksum;
clean_scratch();
if (retval = encode_krb5_safe(&safemsg, &scratch))
return retval;
*outbuf = *scratch;
free((char *)scratch);
return 0;
}
|
