BSD 4.4 Lite KerberosIV Sources
This commit is contained in:
parent
58f0484fa2
commit
ee765d4857
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/vendor-crypto/eBones/dist/; revision=1575
210
eBones/des/new_rnd_key.c
Normal file
210
eBones/des/new_rnd_key.c
Normal file
@ -0,0 +1,210 @@
|
||||
/*
|
||||
* $Source: /usr/src/kerberosIV/des/RCS/new_rnd_key.c,v $
|
||||
* $Author: bostic $
|
||||
*
|
||||
* Copyright 1988 by the Massachusetts Institute of Technology.
|
||||
*
|
||||
* For copying and distribution information, please see the file
|
||||
* <mit-copyright.h>.
|
||||
*
|
||||
* New pseudo-random key generator, using DES encryption to make the
|
||||
* pseudo-random cycle as hard to break as DES.
|
||||
*
|
||||
* Written by Mark Lillibridge, MIT Project Athena
|
||||
*
|
||||
* Under U.S. law, this software may not be exported outside the US
|
||||
* without license from the U.S. Commerce department.
|
||||
*/
|
||||
|
||||
#ifndef lint
|
||||
static char rcsid_new_rnd_key_c[] =
|
||||
"$Header: /usr/src/kerberosIV/des/RCS/new_rnd_key.c,v 4.2 91/02/25 15:14:22 bostic Exp $";
|
||||
#endif lint
|
||||
|
||||
#include <mit-copyright.h>
|
||||
|
||||
#include <des.h>
|
||||
#include "des_internal.h"
|
||||
|
||||
extern void des_fixup_key_parity();
|
||||
extern int des_is_weak_key();
|
||||
|
||||
void des_set_random_generator_seed(), des_set_sequence_number();
|
||||
void des_generate_random_block();
|
||||
|
||||
/*
|
||||
* des_new_random_key: create a random des key
|
||||
*
|
||||
* Requires: des_set_random_number_generater_seed must be at called least
|
||||
* once before this routine is called.
|
||||
*
|
||||
* Notes: the returned key has correct parity and is guarenteed not
|
||||
* to be a weak des key. Des_generate_random_block is used to
|
||||
* provide the random bits.
|
||||
*/
|
||||
int
|
||||
des_new_random_key(key)
|
||||
des_cblock key;
|
||||
{
|
||||
do {
|
||||
des_generate_random_block(key);
|
||||
des_fixup_key_parity(key);
|
||||
} while (des_is_weak_key(key));
|
||||
|
||||
return(0);
|
||||
}
|
||||
|
||||
/*
|
||||
* des_init_random_number_generator:
|
||||
*
|
||||
* This routine takes a secret key possibly shared by a number
|
||||
* of servers and uses it to generate a random number stream that is
|
||||
* not shared by any of the other servers. It does this by using the current
|
||||
* process id, host id, and the current time to the nearest second. The
|
||||
* resulting stream seed is not useful information for cracking the secret
|
||||
* key. Moreover, this routine keeps no copy of the secret key.
|
||||
* This routine is used for example, by the kerberos server(s) with the
|
||||
* key in question being the kerberos master key.
|
||||
*
|
||||
* Note: this routine calls des_set_random_generator_seed.
|
||||
*/
|
||||
#ifndef BSDUNIX
|
||||
you lose... (aka, you get to implement an analog of this for your
|
||||
system...)
|
||||
#else
|
||||
|
||||
#include <sys/time.h>
|
||||
|
||||
void des_init_random_number_generator(key)
|
||||
des_cblock key;
|
||||
{
|
||||
struct { /* This must be 64 bits exactly */
|
||||
long process_id;
|
||||
long host_id;
|
||||
} seed;
|
||||
struct timeval time; /* this must also be 64 bits exactly */
|
||||
des_cblock new_key;
|
||||
long gethostid();
|
||||
|
||||
/*
|
||||
* use a host id and process id in generating the seed to ensure
|
||||
* that different servers have different streams:
|
||||
*/
|
||||
seed.host_id = gethostid();
|
||||
seed.process_id = getpid();
|
||||
|
||||
/*
|
||||
* Generate a tempory value that depends on the key, host_id, and
|
||||
* process_id such that it gives no useful information about the key:
|
||||
*/
|
||||
des_set_random_generator_seed(key);
|
||||
des_set_sequence_number((unsigned char *)&seed);
|
||||
des_new_random_key(new_key);
|
||||
|
||||
/*
|
||||
* use it to select a random stream:
|
||||
*/
|
||||
des_set_random_generator_seed(new_key);
|
||||
|
||||
/*
|
||||
* use a time stamp to ensure that a server started later does not reuse
|
||||
* an old stream:
|
||||
*/
|
||||
gettimeofday(&time, (struct timezone *)0);
|
||||
des_set_sequence_number((unsigned char *)&time);
|
||||
|
||||
/*
|
||||
* use the time stamp finally to select the final seed using the
|
||||
* current random number stream:
|
||||
*/
|
||||
des_new_random_key(new_key);
|
||||
des_set_random_generator_seed(new_key);
|
||||
}
|
||||
|
||||
#endif /* ifdef BSDUNIX */
|
||||
|
||||
/*
|
||||
* This module implements a random number generator faculty such that the next
|
||||
* number in any random number stream is very hard to predict without knowing
|
||||
* the seed for that stream even given the preceeding random numbers.
|
||||
*/
|
||||
|
||||
/*
|
||||
* The secret des key schedule for the current stream of random numbers:
|
||||
*/
|
||||
static des_key_schedule random_sequence_key;
|
||||
|
||||
/*
|
||||
* The sequence # in the current stream of random numbers:
|
||||
*/
|
||||
static unsigned char sequence_number[8];
|
||||
|
||||
/*
|
||||
* des_set_random_generator_seed: this routine is used to select a random
|
||||
* number stream. The stream that results is
|
||||
* totally determined by the passed in key.
|
||||
* (I.e., calling this routine again with the
|
||||
* same key allows repeating a sequence of
|
||||
* random numbers)
|
||||
*
|
||||
* Requires: key is a valid des key. I.e., has correct parity and is not a
|
||||
* weak des key.
|
||||
*/
|
||||
void
|
||||
des_set_random_generator_seed(key)
|
||||
des_cblock key;
|
||||
{
|
||||
register int i;
|
||||
|
||||
/* select the new stream: (note errors are not possible here...) */
|
||||
des_key_sched(key, random_sequence_key);
|
||||
|
||||
/* "seek" to the start of the stream: */
|
||||
for (i=0; i<8; i++)
|
||||
sequence_number[i] = 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* des_set_sequence_number: this routine is used to set the sequence number
|
||||
* of the current random number stream. This routine
|
||||
* may be used to "seek" within the current random
|
||||
* number stream.
|
||||
*
|
||||
* Note that des_set_random_generator_seed resets the sequence number to 0.
|
||||
*/
|
||||
void
|
||||
des_set_sequence_number(new_sequence_number)
|
||||
des_cblock new_sequence_number;
|
||||
{
|
||||
bcopy((char *)new_sequence_number, (char *)sequence_number,
|
||||
sizeof(sequence_number));
|
||||
}
|
||||
|
||||
/*
|
||||
* des_generate_random_block: routine to return the next random number
|
||||
* from the current random number stream.
|
||||
* The returned number is 64 bits long.
|
||||
*
|
||||
* Requires: des_set_random_generator_seed must have been called at least once
|
||||
* before this routine is called.
|
||||
*/
|
||||
void des_generate_random_block(block)
|
||||
des_cblock block;
|
||||
{
|
||||
int i;
|
||||
|
||||
/*
|
||||
* Encrypt the sequence number to get the new random block:
|
||||
*/
|
||||
des_ecb_encrypt(sequence_number, block, random_sequence_key, 1);
|
||||
|
||||
/*
|
||||
* Increment the sequence number as an 8 byte unsigned number with wrap:
|
||||
* (using LSB here)
|
||||
*/
|
||||
for (i=0; i<8; i++) {
|
||||
sequence_number[i] = (sequence_number[i] + 1) & 0xff;
|
||||
if (sequence_number[i])
|
||||
break;
|
||||
}
|
||||
}
|
20
eBones/include/mit-copyright.h
Normal file
20
eBones/include/mit-copyright.h
Normal file
@ -0,0 +1,20 @@
|
||||
/*
|
||||
Copyright (C) 1989 by the Massachusetts Institute of Technology
|
||||
|
||||
Export of this software from the United States of America is assumed
|
||||
to require a specific license from the United States Government.
|
||||
It is the responsibility of any person or organization contemplating
|
||||
export to obtain such a license before exporting.
|
||||
|
||||
WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
||||
distribute this software and its documentation for any purpose and
|
||||
without fee is hereby granted, provided that the above copyright
|
||||
notice appear in all copies and that both that copyright notice and
|
||||
this permission notice appear in supporting documentation, and that
|
||||
the name of M.I.T. not be used in advertising or publicity pertaining
|
||||
to distribution of the software without specific, written prior
|
||||
permission. M.I.T. makes no representations about the suitability of
|
||||
this software for any purpose. It is provided "as is" without express
|
||||
or implied warranty.
|
||||
|
||||
*/
|
462
eBones/krb/krb.3
Normal file
462
eBones/krb/krb.3
Normal file
@ -0,0 +1,462 @@
|
||||
.\" $Source: /usr/src/kerberosIV/man/RCS/krb.3,v $
|
||||
.\" $Author: bostic $
|
||||
.\" $Header: /usr/src/kerberosIV/man/RCS/krb.3,v 4.11 1994/04/19 14:16:56 bostic Exp $
|
||||
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
||||
.\"
|
||||
.\" For copying and distribution information,
|
||||
.\" please see the file <mit-copyright.h>.
|
||||
.\"
|
||||
.TH KERBEROS 3 "Kerberos Version 4.0" "MIT Project Athena"
|
||||
.SH NAME
|
||||
krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, krb_get_cred,
|
||||
krb_mk_priv, krb_rd_priv, krb_mk_safe, krb_rd_safe, krb_mk_err,
|
||||
krb_rd_err, krb_ck_repl \- Kerberos authentication library
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.nj
|
||||
.ft B
|
||||
#include <kerberosIV/des.h>
|
||||
#include <kerberosIV/krb.h>
|
||||
.PP
|
||||
.ft B
|
||||
extern char *krb_err_txt[];
|
||||
.PP
|
||||
.ft B
|
||||
int krb_mk_req(authent,service,instance,realm,checksum)
|
||||
KTEXT authent;
|
||||
char *service;
|
||||
char *instance;
|
||||
char *realm;
|
||||
u_long checksum;
|
||||
.PP
|
||||
.ft B
|
||||
int krb_rd_req(authent,service,instance,from_addr,ad,fn)
|
||||
KTEXT authent;
|
||||
char *service;
|
||||
char *instance;
|
||||
u_long from_addr;
|
||||
AUTH_DAT *ad;
|
||||
char *fn;
|
||||
.PP
|
||||
.ft B
|
||||
int krb_kntoln(ad,lname)
|
||||
AUTH_DAT *ad;
|
||||
char *lname;
|
||||
.PP
|
||||
.ft B
|
||||
int krb_set_key(key,cvt)
|
||||
char *key;
|
||||
int cvt;
|
||||
.PP
|
||||
.ft B
|
||||
int krb_get_cred(service,instance,realm,c)
|
||||
char *service;
|
||||
char *instance;
|
||||
char *realm;
|
||||
CREDENTIALS *c;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_mk_priv(in,out,in_length,schedule,key,sender,receiver)
|
||||
u_char *in;
|
||||
u_char *out;
|
||||
u_long in_length;
|
||||
des_cblock key;
|
||||
des_key_schedule schedule;
|
||||
struct sockaddr_in *sender;
|
||||
struct sockaddr_in *receiver;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_rd_priv(in,in_length,schedule,key,sender,receiver,msg_data)
|
||||
u_char *in;
|
||||
u_long in_length;
|
||||
Key_schedule schedule;
|
||||
des_cblock key;
|
||||
struct sockaddr_in *sender;
|
||||
struct sockaddr_in *receiver;
|
||||
MSG_DAT *msg_data;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_mk_safe(in,out,in_length,key,sender,receiver)
|
||||
u_char *in;
|
||||
u_char *out;
|
||||
u_long in_length;
|
||||
des_cblock key;
|
||||
struct sockaddr_in *sender;
|
||||
struct sockaddr_in *receiver;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_rd_safe(in,length,key,sender,receiver,msg_data)
|
||||
u_char *in;
|
||||
u_long length;
|
||||
des_cblock key;
|
||||
struct sockaddr_in *sender;
|
||||
struct sockaddr_in *receiver;
|
||||
MSG_DAT *msg_data;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_mk_err(out,code,string)
|
||||
u_char *out;
|
||||
long code;
|
||||
char *string;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_rd_err(in,length,code,msg_data)
|
||||
u_char *in;
|
||||
u_long length;
|
||||
long code;
|
||||
MSG_DAT *msg_data;
|
||||
.fi
|
||||
.ft R
|
||||
.SH DESCRIPTION
|
||||
This library supports network authentication and various related
|
||||
operations. The library contains many routines beyond those described
|
||||
in this man page, but they are not intended to be used directly.
|
||||
Instead, they are called by the routines that are described, the
|
||||
authentication server and the login program.
|
||||
.PP
|
||||
.I krb_err_txt[]
|
||||
contains text string descriptions of various Kerberos error codes returned
|
||||
by some of the routines below.
|
||||
.PP
|
||||
.I krb_mk_req
|
||||
takes a pointer to a text structure in which an authenticator is to be
|
||||
built. It also takes the name, instance, and realm of the service to be
|
||||
used and an optional checksum. It is up to the application to decide
|
||||
how to generate the checksum.
|
||||
.I krb_mk_req
|
||||
then retrieves a ticket for the desired service and creates an
|
||||
authenticator. The authenticator is built in
|
||||
.I authent
|
||||
and is accessible
|
||||
to the calling procedure.
|
||||
.PP
|
||||
It is up to the application to get the authenticator to the service
|
||||
where it will be read by
|
||||
.I krb_rd_req.
|
||||
Unless an attacker possesses the session key contained in the ticket, it
|
||||
will be unable to modify the authenticator. Thus, the checksum can be
|
||||
used to verify the authenticity of the other data that will pass through
|
||||
a connection.
|
||||
.PP
|
||||
.I krb_rd_req
|
||||
takes an authenticator of type
|
||||
.B KTEXT,
|
||||
a service name, an instance, the address of the
|
||||
host originating the request, and a pointer to a structure of type
|
||||
.B AUTH_DAT
|
||||
which is filled in with information obtained from the authenticator.
|
||||
It also optionally takes the name of the file in which it will find the
|
||||
secret key(s) for the service.
|
||||
If the supplied
|
||||
.I instance
|
||||
contains "*", then the first service key with the same service name
|
||||
found in the service key file will be used, and the
|
||||
.I instance
|
||||
argument will be filled in with the chosen instance. This means that
|
||||
the caller must provide space for such an instance name.
|
||||
.PP
|
||||
It is used to find out information about the principal when a request
|
||||
has been made to a service. It is up to the application protocol to get
|
||||
the authenticator from the client to the service. The authenticator is
|
||||
then passed to
|
||||
.I krb_rd_req
|
||||
to extract the desired information.
|
||||
.PP
|
||||
.I krb_rd_req
|
||||
returns zero (RD_AP_OK) upon successful authentication. If a packet was
|
||||
forged, modified, or replayed, authentication will fail. If the
|
||||
authentication fails, a non-zero value is returned indicating the
|
||||
particular problem encountered. See
|
||||
.I krb.h
|
||||
for the list of error codes.
|
||||
.PP
|
||||
If the last argument is the null string (""), krb_rd_req will use the
|
||||
file /etc/srvtab to find its keys. If the last argument is NULL, it
|
||||
will assume that the key has been set by
|
||||
.I krb_set_key
|
||||
and will not bother looking further.
|
||||
.PP
|
||||
.I krb_kntoln
|
||||
converts a Kerberos name to a local name. It takes a structure
|
||||
of type AUTH_DAT and uses the name and instance to look in the database
|
||||
/etc/aname to find the corresponding local name. The local name is
|
||||
returned and can be used by an application to change uids, directories,
|
||||
or other parameters. It is not an integral part of Kerberos, but is
|
||||
instead provided to support the use of Kerberos in existing utilities.
|
||||
.PP
|
||||
.I krb_set_key
|
||||
takes as an argument a des key. It then creates
|
||||
a key schedule from it and saves the original key to be used as an
|
||||
initialization vector.
|
||||
It is used to set the server's key which
|
||||
must be used to decrypt tickets.
|
||||
.PP
|
||||
If called with a non-zero second argument,
|
||||
.I krb_set_key
|
||||
will first convert the input from a string of arbitrary length to a DES
|
||||
key by encrypting it with a one-way function.
|
||||
.PP
|
||||
In most cases it should not be necessary to call
|
||||
.I krb_set_key.
|
||||
The necessary keys will usually be obtained and set inside
|
||||
.I krb_rd_req. krb_set_key
|
||||
is provided for those applications that do not wish to place the
|
||||
application keys on disk.
|
||||
.PP
|
||||
.I krb_get_cred
|
||||
searches the caller's ticket file for a ticket for the given service, instance,
|
||||
and realm; and, if a ticket is found, fills in the given CREDENTIALS structure
|
||||
with the ticket information.
|
||||
.PP
|
||||
If the ticket was found,
|
||||
.I krb_get_cred
|
||||
returns GC_OK.
|
||||
If the ticket file can't be found, can't be read, doesn't belong to
|
||||
the user (other than root), isn't a regular file, or is in the wrong
|
||||
mode, the error GC_TKFIL is returned.
|
||||
.PP
|
||||
.I krb_mk_priv
|
||||
creates an encrypted, authenticated
|
||||
message from any arbitrary application data, pointed to by
|
||||
.I in
|
||||
and
|
||||
.I in_length
|
||||
bytes long.
|
||||
The private session key, pointed to by
|
||||
.I key
|
||||
and the key schedule,
|
||||
.I schedule,
|
||||
are used to encrypt the data and some header information using
|
||||
.I pcbc_encrypt.
|
||||
.I sender
|
||||
and
|
||||
.I receiver
|
||||
point to the Internet address of the two parties.
|
||||
In addition to providing privacy, this protocol message protects
|
||||
against modifications, insertions or replays. The encapsulated message and
|
||||
header are placed in the area pointed to by
|
||||
.I out
|
||||
and the routine returns the length of the output, or -1 indicating
|
||||
an error.
|
||||
.PP
|
||||
.I krb_rd_priv
|
||||
decrypts and authenticates a received
|
||||
.I krb_mk_priv
|
||||
message.
|
||||
.I in
|
||||
points to the beginning of the received message, whose length
|
||||
is specified in
|
||||
.I in_length.
|
||||
The private session key, pointed to by
|
||||
.I key,
|
||||
and the key schedule,
|
||||
.I schedule,
|
||||
are used to decrypt and verify the received message.
|
||||
.I msg_data
|
||||
is a pointer to a
|
||||
.I MSG_DAT
|
||||
struct, defined in
|
||||
.I krb.h.
|
||||
The routine fills in the
|
||||
.I app_data
|
||||
field with a pointer to the decrypted application data,
|
||||
.I app_length
|
||||
with the length of the
|
||||
.I app_data
|
||||
field,
|
||||
.I time_sec
|
||||
and
|
||||
.I time_5ms
|
||||
with the timestamps in the message, and
|
||||
.I swap
|
||||
with a 1 if the byte order of the receiver is different than that of
|
||||
the sender. (The application must still determine if it is appropriate
|
||||
to byte-swap application data; the Kerberos protocol fields are already taken
|
||||
care of). The
|
||||
.I hash
|
||||
field returns a value useful as input to the
|
||||
.I krb_ck_repl
|
||||
routine.
|
||||
|
||||
The routine returns zero if ok, or a Kerberos error code. Modified messages
|
||||
and old messages cause errors, but it is up to the caller to
|
||||
check the time sequence of messages, and to check against recently replayed
|
||||
messages using
|
||||
.I krb_ck_repl
|
||||
if so desired.
|
||||
.PP
|
||||
.I krb_mk_safe
|
||||
creates an authenticated, but unencrypted message from any arbitrary
|
||||
application data,
|
||||
pointed to by
|
||||
.I in
|
||||
and
|
||||
.I in_length
|
||||
bytes long.
|
||||
The private session key, pointed to by
|
||||
.I key,
|
||||
is used to seed the
|
||||
.I quad_cksum()
|
||||
checksum algorithm used as part of the authentication.
|
||||
.I sender
|
||||
and
|
||||
.I receiver
|
||||
point to the Internet address of the two parties.
|
||||
This message does not provide privacy, but does protect (via detection)
|
||||
against modifications, insertions or replays. The encapsulated message and
|
||||
header are placed in the area pointed to by
|
||||
.I out
|
||||
and the routine returns the length of the output, or -1 indicating
|
||||
an error.
|
||||
The authentication provided by this routine is not as strong as that
|
||||
provided by
|
||||
.I krb_mk_priv
|
||||
or by computing the checksum using
|
||||
.I cbc_cksum
|
||||
instead, both of which authenticate via DES.
|
||||
.PP
|
||||
|
||||
.I krb_rd_safe
|
||||
authenticates a received
|
||||
.I krb_mk_safe
|
||||
message.
|
||||
.I in
|
||||
points to the beginning of the received message, whose length
|
||||
is specified in
|
||||
.I in_length.
|
||||
The private session key, pointed to by
|
||||
.I key,
|
||||
is used to seed the quad_cksum() routine as part of the authentication.
|
||||
.I msg_data
|
||||
is a pointer to a
|
||||
.I MSG_DAT
|
||||
struct, defined in
|
||||
.I krb.h .
|
||||
The routine fills in these
|
||||
.I MSG_DAT
|
||||
fields:
|
||||
the
|
||||
.I app_data
|
||||
field with a pointer to the application data,
|
||||
.I app_length
|
||||
with the length of the
|
||||
.I app_data
|
||||
field,
|
||||
.I time_sec
|
||||
and
|
||||
.I time_5ms
|
||||
with the timestamps in the message, and
|
||||
.I swap
|
||||
with a 1 if the byte order of the receiver is different than that of
|
||||
the sender.
|
||||
(The application must still determine if it is appropriate
|
||||
to byte-swap application data; the Kerberos protocol fields are already taken
|
||||
care of). The
|
||||
.I hash
|
||||
field returns a value useful as input to the
|
||||
.I krb_ck_repl
|
||||
routine.
|
||||
|
||||
The routine returns zero if ok, or a Kerberos error code. Modified messages
|
||||
and old messages cause errors, but it is up to the caller to
|
||||
check the time sequence of messages, and to check against recently replayed
|
||||
messages using
|
||||
.I krb_ck_repl
|
||||
if so desired.
|
||||
.PP
|
||||
.I krb_mk_err
|
||||
constructs an application level error message that may be used along
|
||||
with
|
||||
.I krb_mk_priv
|
||||
or
|
||||
.I krb_mk_safe.
|
||||
.I out
|
||||
is a pointer to the output buffer,
|
||||
.I code
|
||||
is an application specific error code, and
|
||||
.I string
|
||||
is an application specific error string.
|
||||
|
||||
.PP
|
||||
.I krb_rd_err
|
||||
unpacks a received
|
||||
.I krb_mk_err
|
||||
message.
|
||||
.I in
|
||||
points to the beginning of the received message, whose length
|
||||
is specified in
|
||||
.I in_length.
|
||||
.I code
|
||||
is a pointer to a value to be filled in with the error
|
||||
value provided by the application.
|
||||
.I msg_data
|
||||
is a pointer to a
|
||||
.I MSG_DAT
|
||||
struct, defined in
|
||||
.I krb.h .
|
||||
The routine fills in these
|
||||
.I MSG_DAT
|
||||
fields: the
|
||||
.I app_data
|
||||
field with a pointer to the application error text,
|
||||
.I app_length
|
||||
with the length of the
|
||||
.I app_data
|
||||
field, and
|
||||
.I swap
|
||||
with a 1 if the byte order of the receiver is different than that of
|
||||
the sender. (The application must still determine if it is appropriate
|
||||
to byte-swap application data; the Kerberos protocol fields are already taken
|
||||
care of).
|
||||
|
||||
The routine returns zero if the error message has been successfully received,
|
||||
or a Kerberos error code.
|
||||
.PP
|
||||
The
|
||||
.I KTEXT
|
||||
structure is used to pass around text of varying lengths. It consists
|
||||
of a buffer for the data, and a length. krb_rd_req takes an argument of this
|
||||
type containing the authenticator, and krb_mk_req returns the
|
||||
authenticator in a structure of this type. KTEXT itself is really a
|
||||
pointer to the structure. The actual structure is of type KTEXT_ST.
|
||||
.PP
|
||||
The
|
||||
.I AUTH_DAT
|
||||
structure is filled in by krb_rd_req. It must be allocated before
|
||||
calling krb_rd_req, and a pointer to it is passed. The structure is
|
||||
filled in with data obtained from Kerberos.
|
||||
.I MSG_DAT
|
||||
structure is filled in by either krb_rd_priv, krb_rd_safe, or
|
||||
krb_rd_err. It must be allocated before the call and a pointer to it
|
||||
is passed. The structure is
|
||||
filled in with data obtained from Kerberos.
|
||||
.PP
|
||||
.SH FILES
|
||||
/usr/include/kerberosIV/krb.h
|
||||
.br
|
||||
/usr/lib/libkrb.a
|
||||
.br
|
||||
/usr/include/kerberosIV/des.h
|
||||
.br
|
||||
/usr/lib/libdes.a
|
||||
.br
|
||||
/etc/kerberosIV/aname
|
||||
.br
|
||||
/etc/kerberosIV/srvtab
|
||||
.br
|
||||
/tmp/tkt[uid]
|
||||
.SH "SEE ALSO"
|
||||
kerberos(1), des_crypt(3)
|
||||
.SH DIAGNOSTICS
|
||||
.SH BUGS
|
||||
The caller of
|
||||
.I krb_rd_req, krb_rd_priv, and krb_rd_safe
|
||||
must check time order and for replay attempts.
|
||||
.I krb_ck_repl
|
||||
is not implemented yet.
|
||||
.SH AUTHORS
|
||||
Clifford Neuman, MIT Project Athena
|
||||
.br
|
||||
Steve Miller, MIT Project Athena/Digital Equipment Corporation
|
||||
.SH RESTRICTIONS
|
||||
COPYRIGHT 1985,1986,1989 Massachusetts Institute of Technology
|
462
eBones/lib/libkrb/krb.3
Normal file
462
eBones/lib/libkrb/krb.3
Normal file
@ -0,0 +1,462 @@
|
||||
.\" $Source: /usr/src/kerberosIV/man/RCS/krb.3,v $
|
||||
.\" $Author: bostic $
|
||||
.\" $Header: /usr/src/kerberosIV/man/RCS/krb.3,v 4.11 1994/04/19 14:16:56 bostic Exp $
|
||||
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
||||
.\"
|
||||
.\" For copying and distribution information,
|
||||
.\" please see the file <mit-copyright.h>.
|
||||
.\"
|
||||
.TH KERBEROS 3 "Kerberos Version 4.0" "MIT Project Athena"
|
||||
.SH NAME
|
||||
krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, krb_get_cred,
|
||||
krb_mk_priv, krb_rd_priv, krb_mk_safe, krb_rd_safe, krb_mk_err,
|
||||
krb_rd_err, krb_ck_repl \- Kerberos authentication library
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.nj
|
||||
.ft B
|
||||
#include <kerberosIV/des.h>
|
||||
#include <kerberosIV/krb.h>
|
||||
.PP
|
||||
.ft B
|
||||
extern char *krb_err_txt[];
|
||||
.PP
|
||||
.ft B
|
||||
int krb_mk_req(authent,service,instance,realm,checksum)
|
||||
KTEXT authent;
|
||||
char *service;
|
||||
char *instance;
|
||||
char *realm;
|
||||
u_long checksum;
|
||||
.PP
|
||||
.ft B
|
||||
int krb_rd_req(authent,service,instance,from_addr,ad,fn)
|
||||
KTEXT authent;
|
||||
char *service;
|
||||
char *instance;
|
||||
u_long from_addr;
|
||||
AUTH_DAT *ad;
|
||||
char *fn;
|
||||
.PP
|
||||
.ft B
|
||||
int krb_kntoln(ad,lname)
|
||||
AUTH_DAT *ad;
|
||||
char *lname;
|
||||
.PP
|
||||
.ft B
|
||||
int krb_set_key(key,cvt)
|
||||
char *key;
|
||||
int cvt;
|
||||
.PP
|
||||
.ft B
|
||||
int krb_get_cred(service,instance,realm,c)
|
||||
char *service;
|
||||
char *instance;
|
||||
char *realm;
|
||||
CREDENTIALS *c;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_mk_priv(in,out,in_length,schedule,key,sender,receiver)
|
||||
u_char *in;
|
||||
u_char *out;
|
||||
u_long in_length;
|
||||
des_cblock key;
|
||||
des_key_schedule schedule;
|
||||
struct sockaddr_in *sender;
|
||||
struct sockaddr_in *receiver;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_rd_priv(in,in_length,schedule,key,sender,receiver,msg_data)
|
||||
u_char *in;
|
||||
u_long in_length;
|
||||
Key_schedule schedule;
|
||||
des_cblock key;
|
||||
struct sockaddr_in *sender;
|
||||
struct sockaddr_in *receiver;
|
||||
MSG_DAT *msg_data;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_mk_safe(in,out,in_length,key,sender,receiver)
|
||||
u_char *in;
|
||||
u_char *out;
|
||||
u_long in_length;
|
||||
des_cblock key;
|
||||
struct sockaddr_in *sender;
|
||||
struct sockaddr_in *receiver;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_rd_safe(in,length,key,sender,receiver,msg_data)
|
||||
u_char *in;
|
||||
u_long length;
|
||||
des_cblock key;
|
||||
struct sockaddr_in *sender;
|
||||
struct sockaddr_in *receiver;
|
||||
MSG_DAT *msg_data;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_mk_err(out,code,string)
|
||||
u_char *out;
|
||||
long code;
|
||||
char *string;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_rd_err(in,length,code,msg_data)
|
||||
u_char *in;
|
||||
u_long length;
|
||||
long code;
|
||||
MSG_DAT *msg_data;
|
||||
.fi
|
||||
.ft R
|
||||
.SH DESCRIPTION
|
||||
This library supports network authentication and various related
|
||||
operations. The library contains many routines beyond those described
|
||||
in this man page, but they are not intended to be used directly.
|
||||
Instead, they are called by the routines that are described, the
|
||||
authentication server and the login program.
|
||||
.PP
|
||||
.I krb_err_txt[]
|
||||
contains text string descriptions of various Kerberos error codes returned
|
||||
by some of the routines below.
|
||||
.PP
|
||||
.I krb_mk_req
|
||||
takes a pointer to a text structure in which an authenticator is to be
|
||||
built. It also takes the name, instance, and realm of the service to be
|
||||
used and an optional checksum. It is up to the application to decide
|
||||
how to generate the checksum.
|
||||
.I krb_mk_req
|
||||
then retrieves a ticket for the desired service and creates an
|
||||
authenticator. The authenticator is built in
|
||||
.I authent
|
||||
and is accessible
|
||||
to the calling procedure.
|
||||
.PP
|
||||
It is up to the application to get the authenticator to the service
|
||||
where it will be read by
|
||||
.I krb_rd_req.
|
||||
Unless an attacker possesses the session key contained in the ticket, it
|
||||
will be unable to modify the authenticator. Thus, the checksum can be
|
||||
used to verify the authenticity of the other data that will pass through
|
||||
a connection.
|
||||
.PP
|
||||
.I krb_rd_req
|
||||
takes an authenticator of type
|
||||
.B KTEXT,
|
||||
a service name, an instance, the address of the
|
||||
host originating the request, and a pointer to a structure of type
|
||||
.B AUTH_DAT
|
||||
which is filled in with information obtained from the authenticator.
|
||||
It also optionally takes the name of the file in which it will find the
|
||||
secret key(s) for the service.
|
||||
If the supplied
|
||||
.I instance
|
||||
contains "*", then the first service key with the same service name
|
||||
found in the service key file will be used, and the
|
||||
.I instance
|
||||
argument will be filled in with the chosen instance. This means that
|
||||
the caller must provide space for such an instance name.
|
||||
.PP
|
||||
It is used to find out information about the principal when a request
|
||||
has been made to a service. It is up to the application protocol to get
|
||||
the authenticator from the client to the service. The authenticator is
|
||||
then passed to
|
||||
.I krb_rd_req
|
||||
to extract the desired information.
|
||||
.PP
|
||||
.I krb_rd_req
|
||||
returns zero (RD_AP_OK) upon successful authentication. If a packet was
|
||||
forged, modified, or replayed, authentication will fail. If the
|
||||
authentication fails, a non-zero value is returned indicating the
|
||||
particular problem encountered. See
|
||||
.I krb.h
|
||||
for the list of error codes.
|
||||
.PP
|
||||
If the last argument is the null string (""), krb_rd_req will use the
|
||||
file /etc/srvtab to find its keys. If the last argument is NULL, it
|
||||
will assume that the key has been set by
|
||||
.I krb_set_key
|
||||
and will not bother looking further.
|
||||
.PP
|
||||
.I krb_kntoln
|
||||
converts a Kerberos name to a local name. It takes a structure
|
||||
of type AUTH_DAT and uses the name and instance to look in the database
|
||||
/etc/aname to find the corresponding local name. The local name is
|
||||
returned and can be used by an application to change uids, directories,
|
||||
or other parameters. It is not an integral part of Kerberos, but is
|
||||
instead provided to support the use of Kerberos in existing utilities.
|
||||
.PP
|
||||
.I krb_set_key
|
||||
takes as an argument a des key. It then creates
|
||||
a key schedule from it and saves the original key to be used as an
|
||||
initialization vector.
|
||||
It is used to set the server's key which
|
||||
must be used to decrypt tickets.
|
||||
.PP
|
||||
If called with a non-zero second argument,
|
||||
.I krb_set_key
|
||||
will first convert the input from a string of arbitrary length to a DES
|
||||
key by encrypting it with a one-way function.
|
||||
.PP
|
||||
In most cases it should not be necessary to call
|
||||
.I krb_set_key.
|
||||
The necessary keys will usually be obtained and set inside
|
||||
.I krb_rd_req. krb_set_key
|
||||
is provided for those applications that do not wish to place the
|
||||
application keys on disk.
|
||||
.PP
|
||||
.I krb_get_cred
|
||||
searches the caller's ticket file for a ticket for the given service, instance,
|
||||
and realm; and, if a ticket is found, fills in the given CREDENTIALS structure
|
||||
with the ticket information.
|
||||
.PP
|
||||
If the ticket was found,
|
||||
.I krb_get_cred
|
||||
returns GC_OK.
|
||||
If the ticket file can't be found, can't be read, doesn't belong to
|
||||
the user (other than root), isn't a regular file, or is in the wrong
|
||||
mode, the error GC_TKFIL is returned.
|
||||
.PP
|
||||
.I krb_mk_priv
|
||||
creates an encrypted, authenticated
|
||||
message from any arbitrary application data, pointed to by
|
||||
.I in
|
||||
and
|
||||
.I in_length
|
||||
bytes long.
|
||||
The private session key, pointed to by
|
||||
.I key
|
||||
and the key schedule,
|
||||
.I schedule,
|
||||
are used to encrypt the data and some header information using
|
||||
.I pcbc_encrypt.
|
||||
.I sender
|
||||
and
|
||||
.I receiver
|
||||
point to the Internet address of the two parties.
|
||||
In addition to providing privacy, this protocol message protects
|
||||
against modifications, insertions or replays. The encapsulated message and
|
||||
header are placed in the area pointed to by
|
||||
.I out
|
||||
and the routine returns the length of the output, or -1 indicating
|
||||
an error.
|
||||
.PP
|
||||
.I krb_rd_priv
|
||||
decrypts and authenticates a received
|
||||
.I krb_mk_priv
|
||||
message.
|
||||
.I in
|
||||
points to the beginning of the received message, whose length
|
||||
is specified in
|
||||
.I in_length.
|
||||
The private session key, pointed to by
|
||||
.I key,
|
||||
and the key schedule,
|
||||
.I schedule,
|
||||
are used to decrypt and verify the received message.
|
||||
.I msg_data
|
||||
is a pointer to a
|
||||
.I MSG_DAT
|
||||
struct, defined in
|
||||
.I krb.h.
|
||||
The routine fills in the
|
||||
.I app_data
|
||||
field with a pointer to the decrypted application data,
|
||||
.I app_length
|
||||
with the length of the
|
||||
.I app_data
|
||||
field,
|
||||
.I time_sec
|
||||
and
|
||||
.I time_5ms
|
||||
with the timestamps in the message, and
|
||||
.I swap
|
||||
with a 1 if the byte order of the receiver is different than that of
|
||||
the sender. (The application must still determine if it is appropriate
|
||||
to byte-swap application data; the Kerberos protocol fields are already taken
|
||||
care of). The
|
||||
.I hash
|
||||
field returns a value useful as input to the
|
||||
.I krb_ck_repl
|
||||
routine.
|
||||
|
||||
The routine returns zero if ok, or a Kerberos error code. Modified messages
|
||||
and old messages cause errors, but it is up to the caller to
|
||||
check the time sequence of messages, and to check against recently replayed
|
||||
messages using
|
||||
.I krb_ck_repl
|
||||
if so desired.
|
||||
.PP
|
||||
.I krb_mk_safe
|
||||
creates an authenticated, but unencrypted message from any arbitrary
|
||||
application data,
|
||||
pointed to by
|
||||
.I in
|
||||
and
|
||||
.I in_length
|
||||
bytes long.
|
||||
The private session key, pointed to by
|
||||
.I key,
|
||||
is used to seed the
|
||||
.I quad_cksum()
|
||||
checksum algorithm used as part of the authentication.
|
||||
.I sender
|
||||
and
|
||||
.I receiver
|
||||
point to the Internet address of the two parties.
|
||||
This message does not provide privacy, but does protect (via detection)
|
||||
against modifications, insertions or replays. The encapsulated message and
|
||||
header are placed in the area pointed to by
|
||||
.I out
|
||||
and the routine returns the length of the output, or -1 indicating
|
||||
an error.
|
||||
The authentication provided by this routine is not as strong as that
|
||||
provided by
|
||||
.I krb_mk_priv
|
||||
or by computing the checksum using
|
||||
.I cbc_cksum
|
||||
instead, both of which authenticate via DES.
|
||||
.PP
|
||||
|
||||
.I krb_rd_safe
|
||||
authenticates a received
|
||||
.I krb_mk_safe
|
||||
message.
|
||||
.I in
|
||||
points to the beginning of the received message, whose length
|
||||
is specified in
|
||||
.I in_length.
|
||||
The private session key, pointed to by
|
||||
.I key,
|
||||
is used to seed the quad_cksum() routine as part of the authentication.
|
||||
.I msg_data
|
||||
is a pointer to a
|
||||
.I MSG_DAT
|
||||
struct, defined in
|
||||
.I krb.h .
|
||||
The routine fills in these
|
||||
.I MSG_DAT
|
||||
fields:
|
||||
the
|
||||
.I app_data
|
||||
field with a pointer to the application data,
|
||||
.I app_length
|
||||
with the length of the
|
||||
.I app_data
|
||||
field,
|
||||
.I time_sec
|
||||
and
|
||||
.I time_5ms
|
||||
with the timestamps in the message, and
|
||||
.I swap
|
||||
with a 1 if the byte order of the receiver is different than that of
|
||||
the sender.
|
||||
(The application must still determine if it is appropriate
|
||||
to byte-swap application data; the Kerberos protocol fields are already taken
|
||||
care of). The
|
||||
.I hash
|
||||
field returns a value useful as input to the
|
||||
.I krb_ck_repl
|
||||
routine.
|
||||
|
||||
The routine returns zero if ok, or a Kerberos error code. Modified messages
|
||||
and old messages cause errors, but it is up to the caller to
|
||||
check the time sequence of messages, and to check against recently replayed
|
||||
messages using
|
||||
.I krb_ck_repl
|
||||
if so desired.
|
||||
.PP
|
||||
.I krb_mk_err
|
||||
constructs an application level error message that may be used along
|
||||
with
|
||||
.I krb_mk_priv
|
||||
or
|
||||
.I krb_mk_safe.
|
||||
.I out
|
||||
is a pointer to the output buffer,
|
||||
.I code
|
||||
is an application specific error code, and
|
||||
.I string
|
||||
is an application specific error string.
|
||||
|
||||
.PP
|
||||
.I krb_rd_err
|
||||
unpacks a received
|
||||
.I krb_mk_err
|
||||
message.
|
||||
.I in
|
||||
points to the beginning of the received message, whose length
|
||||
is specified in
|
||||
.I in_length.
|
||||
.I code
|
||||
is a pointer to a value to be filled in with the error
|
||||
value provided by the application.
|
||||
.I msg_data
|
||||
is a pointer to a
|
||||
.I MSG_DAT
|
||||
struct, defined in
|
||||
.I krb.h .
|
||||
The routine fills in these
|
||||
.I MSG_DAT
|
||||
fields: the
|
||||
.I app_data
|
||||
field with a pointer to the application error text,
|
||||
.I app_length
|
||||
with the length of the
|
||||
.I app_data
|
||||
field, and
|
||||
.I swap
|
||||
with a 1 if the byte order of the receiver is different than that of
|
||||
the sender. (The application must still determine if it is appropriate
|
||||
to byte-swap application data; the Kerberos protocol fields are already taken
|
||||
care of).
|
||||
|
||||
The routine returns zero if the error message has been successfully received,
|
||||
or a Kerberos error code.
|
||||
.PP
|
||||
The
|
||||
.I KTEXT
|
||||
structure is used to pass around text of varying lengths. It consists
|
||||
of a buffer for the data, and a length. krb_rd_req takes an argument of this
|
||||
type containing the authenticator, and krb_mk_req returns the
|
||||
authenticator in a structure of this type. KTEXT itself is really a
|
||||
pointer to the structure. The actual structure is of type KTEXT_ST.
|
||||
.PP
|
||||
The
|
||||
.I AUTH_DAT
|
||||
structure is filled in by krb_rd_req. It must be allocated before
|
||||
calling krb_rd_req, and a pointer to it is passed. The structure is
|
||||
filled in with data obtained from Kerberos.
|
||||
.I MSG_DAT
|
||||
structure is filled in by either krb_rd_priv, krb_rd_safe, or
|
||||
krb_rd_err. It must be allocated before the call and a pointer to it
|
||||
is passed. The structure is
|
||||
filled in with data obtained from Kerberos.
|
||||
.PP
|
||||
.SH FILES
|
||||
/usr/include/kerberosIV/krb.h
|
||||
.br
|
||||
/usr/lib/libkrb.a
|
||||
.br
|
||||
/usr/include/kerberosIV/des.h
|
||||
.br
|
||||
/usr/lib/libdes.a
|
||||
.br
|
||||
/etc/kerberosIV/aname
|
||||
.br
|
||||
/etc/kerberosIV/srvtab
|
||||
.br
|
||||
/tmp/tkt[uid]
|
||||
.SH "SEE ALSO"
|
||||
kerberos(1), des_crypt(3)
|
||||
.SH DIAGNOSTICS
|
||||
.SH BUGS
|
||||
The caller of
|
||||
.I krb_rd_req, krb_rd_priv, and krb_rd_safe
|
||||
must check time order and for replay attempts.
|
||||
.I krb_ck_repl
|
||||
is not implemented yet.
|
||||
.SH AUTHORS
|
||||
Clifford Neuman, MIT Project Athena
|
||||
.br
|
||||
Steve Miller, MIT Project Athena/Digital Equipment Corporation
|
||||
.SH RESTRICTIONS
|
||||
COPYRIGHT 1985,1986,1989 Massachusetts Institute of Technology
|
462
eBones/man/krb.3
Normal file
462
eBones/man/krb.3
Normal file
@ -0,0 +1,462 @@
|
||||
.\" $Source: /usr/src/kerberosIV/man/RCS/krb.3,v $
|
||||
.\" $Author: bostic $
|
||||
.\" $Header: /usr/src/kerberosIV/man/RCS/krb.3,v 4.11 1994/04/19 14:16:56 bostic Exp $
|
||||
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
||||
.\"
|
||||
.\" For copying and distribution information,
|
||||
.\" please see the file <mit-copyright.h>.
|
||||
.\"
|
||||
.TH KERBEROS 3 "Kerberos Version 4.0" "MIT Project Athena"
|
||||
.SH NAME
|
||||
krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, krb_get_cred,
|
||||
krb_mk_priv, krb_rd_priv, krb_mk_safe, krb_rd_safe, krb_mk_err,
|
||||
krb_rd_err, krb_ck_repl \- Kerberos authentication library
|
||||
.SH SYNOPSIS
|
||||
.nf
|
||||
.nj
|
||||
.ft B
|
||||
#include <kerberosIV/des.h>
|
||||
#include <kerberosIV/krb.h>
|
||||
.PP
|
||||
.ft B
|
||||
extern char *krb_err_txt[];
|
||||
.PP
|
||||
.ft B
|
||||
int krb_mk_req(authent,service,instance,realm,checksum)
|
||||
KTEXT authent;
|
||||
char *service;
|
||||
char *instance;
|
||||
char *realm;
|
||||
u_long checksum;
|
||||
.PP
|
||||
.ft B
|
||||
int krb_rd_req(authent,service,instance,from_addr,ad,fn)
|
||||
KTEXT authent;
|
||||
char *service;
|
||||
char *instance;
|
||||
u_long from_addr;
|
||||
AUTH_DAT *ad;
|
||||
char *fn;
|
||||
.PP
|
||||
.ft B
|
||||
int krb_kntoln(ad,lname)
|
||||
AUTH_DAT *ad;
|
||||
char *lname;
|
||||
.PP
|
||||
.ft B
|
||||
int krb_set_key(key,cvt)
|
||||
char *key;
|
||||
int cvt;
|
||||
.PP
|
||||
.ft B
|
||||
int krb_get_cred(service,instance,realm,c)
|
||||
char *service;
|
||||
char *instance;
|
||||
char *realm;
|
||||
CREDENTIALS *c;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_mk_priv(in,out,in_length,schedule,key,sender,receiver)
|
||||
u_char *in;
|
||||
u_char *out;
|
||||
u_long in_length;
|
||||
des_cblock key;
|
||||
des_key_schedule schedule;
|
||||
struct sockaddr_in *sender;
|
||||
struct sockaddr_in *receiver;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_rd_priv(in,in_length,schedule,key,sender,receiver,msg_data)
|
||||
u_char *in;
|
||||
u_long in_length;
|
||||
Key_schedule schedule;
|
||||
des_cblock key;
|
||||
struct sockaddr_in *sender;
|
||||
struct sockaddr_in *receiver;
|
||||
MSG_DAT *msg_data;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_mk_safe(in,out,in_length,key,sender,receiver)
|
||||
u_char *in;
|
||||
u_char *out;
|
||||
u_long in_length;
|
||||
des_cblock key;
|
||||
struct sockaddr_in *sender;
|
||||
struct sockaddr_in *receiver;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_rd_safe(in,length,key,sender,receiver,msg_data)
|
||||
u_char *in;
|
||||
u_long length;
|
||||
des_cblock key;
|
||||
struct sockaddr_in *sender;
|
||||
struct sockaddr_in *receiver;
|
||||
MSG_DAT *msg_data;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_mk_err(out,code,string)
|
||||
u_char *out;
|
||||
long code;
|
||||
char *string;
|
||||
.PP
|
||||
.ft B
|
||||
long krb_rd_err(in,length,code,msg_data)
|
||||
u_char *in;
|
||||
u_long length;
|
||||
long code;
|
||||
MSG_DAT *msg_data;
|
||||
.fi
|
||||
.ft R
|
||||
.SH DESCRIPTION
|
||||
This library supports network authentication and various related
|
||||
operations. The library contains many routines beyond those described
|
||||
in this man page, but they are not intended to be used directly.
|
||||
Instead, they are called by the routines that are described, the
|
||||
authentication server and the login program.
|
||||
.PP
|
||||
.I krb_err_txt[]
|
||||
contains text string descriptions of various Kerberos error codes returned
|
||||
by some of the routines below.
|
||||
.PP
|
||||
.I krb_mk_req
|
||||
takes a pointer to a text structure in which an authenticator is to be
|
||||
built. It also takes the name, instance, and realm of the service to be
|
||||
used and an optional checksum. It is up to the application to decide
|
||||
how to generate the checksum.
|
||||
.I krb_mk_req
|
||||
then retrieves a ticket for the desired service and creates an
|
||||
authenticator. The authenticator is built in
|
||||
.I authent
|
||||
and is accessible
|
||||
to the calling procedure.
|
||||
.PP
|
||||
It is up to the application to get the authenticator to the service
|
||||
where it will be read by
|
||||
.I krb_rd_req.
|
||||
Unless an attacker possesses the session key contained in the ticket, it
|
||||
will be unable to modify the authenticator. Thus, the checksum can be
|
||||
used to verify the authenticity of the other data that will pass through
|
||||
a connection.
|
||||
.PP
|
||||
.I krb_rd_req
|
||||
takes an authenticator of type
|
||||
.B KTEXT,
|
||||
a service name, an instance, the address of the
|
||||
host originating the request, and a pointer to a structure of type
|
||||
.B AUTH_DAT
|
||||
which is filled in with information obtained from the authenticator.
|
||||
It also optionally takes the name of the file in which it will find the
|
||||
secret key(s) for the service.
|
||||
If the supplied
|
||||
.I instance
|
||||
contains "*", then the first service key with the same service name
|
||||
found in the service key file will be used, and the
|
||||
.I instance
|
||||
argument will be filled in with the chosen instance. This means that
|
||||
the caller must provide space for such an instance name.
|
||||
.PP
|
||||
It is used to find out information about the principal when a request
|
||||
has been made to a service. It is up to the application protocol to get
|
||||
the authenticator from the client to the service. The authenticator is
|
||||
then passed to
|
||||
.I krb_rd_req
|
||||
to extract the desired information.
|
||||
.PP
|
||||
.I krb_rd_req
|
||||
returns zero (RD_AP_OK) upon successful authentication. If a packet was
|
||||
forged, modified, or replayed, authentication will fail. If the
|
||||
authentication fails, a non-zero value is returned indicating the
|
||||
particular problem encountered. See
|
||||
.I krb.h
|
||||
for the list of error codes.
|
||||
.PP
|
||||
If the last argument is the null string (""), krb_rd_req will use the
|
||||
file /etc/srvtab to find its keys. If the last argument is NULL, it
|
||||
will assume that the key has been set by
|
||||
.I krb_set_key
|
||||
and will not bother looking further.
|
||||
.PP
|
||||
.I krb_kntoln
|
||||
converts a Kerberos name to a local name. It takes a structure
|
||||
of type AUTH_DAT and uses the name and instance to look in the database
|
||||
/etc/aname to find the corresponding local name. The local name is
|
||||
returned and can be used by an application to change uids, directories,
|
||||
or other parameters. It is not an integral part of Kerberos, but is
|
||||
instead provided to support the use of Kerberos in existing utilities.
|
||||
.PP
|
||||
.I krb_set_key
|
||||
takes as an argument a des key. It then creates
|
||||
a key schedule from it and saves the original key to be used as an
|
||||
initialization vector.
|
||||
It is used to set the server's key which
|
||||
must be used to decrypt tickets.
|
||||
.PP
|
||||
If called with a non-zero second argument,
|
||||
.I krb_set_key
|
||||
will first convert the input from a string of arbitrary length to a DES
|
||||
key by encrypting it with a one-way function.
|
||||
.PP
|
||||
In most cases it should not be necessary to call
|
||||
.I krb_set_key.
|
||||
The necessary keys will usually be obtained and set inside
|
||||
.I krb_rd_req. krb_set_key
|
||||
is provided for those applications that do not wish to place the
|
||||
application keys on disk.
|
||||
.PP
|
||||
.I krb_get_cred
|
||||
searches the caller's ticket file for a ticket for the given service, instance,
|
||||
and realm; and, if a ticket is found, fills in the given CREDENTIALS structure
|
||||
with the ticket information.
|
||||
.PP
|
||||
If the ticket was found,
|
||||
.I krb_get_cred
|
||||
returns GC_OK.
|
||||
If the ticket file can't be found, can't be read, doesn't belong to
|
||||
the user (other than root), isn't a regular file, or is in the wrong
|
||||
mode, the error GC_TKFIL is returned.
|
||||
.PP
|
||||
.I krb_mk_priv
|
||||
creates an encrypted, authenticated
|
||||
message from any arbitrary application data, pointed to by
|
||||
.I in
|
||||
and
|
||||
.I in_length
|
||||
bytes long.
|
||||
The private session key, pointed to by
|
||||
.I key
|
||||
and the key schedule,
|
||||
.I schedule,
|
||||
are used to encrypt the data and some header information using
|
||||
.I pcbc_encrypt.
|
||||
.I sender
|
||||
and
|
||||
.I receiver
|
||||
point to the Internet address of the two parties.
|
||||
In addition to providing privacy, this protocol message protects
|
||||
against modifications, insertions or replays. The encapsulated message and
|
||||
header are placed in the area pointed to by
|
||||
.I out
|
||||
and the routine returns the length of the output, or -1 indicating
|
||||
an error.
|
||||
.PP
|
||||
.I krb_rd_priv
|
||||
decrypts and authenticates a received
|
||||
.I krb_mk_priv
|
||||
message.
|
||||
.I in
|
||||
points to the beginning of the received message, whose length
|
||||
is specified in
|
||||
.I in_length.
|
||||
The private session key, pointed to by
|
||||
.I key,
|
||||
and the key schedule,
|
||||
.I schedule,
|
||||
are used to decrypt and verify the received message.
|
||||
.I msg_data
|
||||
is a pointer to a
|
||||
.I MSG_DAT
|
||||
struct, defined in
|
||||
.I krb.h.
|
||||
The routine fills in the
|
||||
.I app_data
|
||||
field with a pointer to the decrypted application data,
|
||||
.I app_length
|
||||
with the length of the
|
||||
.I app_data
|
||||
field,
|
||||
.I time_sec
|
||||
and
|
||||
.I time_5ms
|
||||
with the timestamps in the message, and
|
||||
.I swap
|
||||
with a 1 if the byte order of the receiver is different than that of
|
||||
the sender. (The application must still determine if it is appropriate
|
||||
to byte-swap application data; the Kerberos protocol fields are already taken
|
||||
care of). The
|
||||
.I hash
|
||||
field returns a value useful as input to the
|
||||
.I krb_ck_repl
|
||||
routine.
|
||||
|
||||
The routine returns zero if ok, or a Kerberos error code. Modified messages
|
||||
and old messages cause errors, but it is up to the caller to
|
||||
check the time sequence of messages, and to check against recently replayed
|
||||
messages using
|
||||
.I krb_ck_repl
|
||||
if so desired.
|
||||
.PP
|
||||
.I krb_mk_safe
|
||||
creates an authenticated, but unencrypted message from any arbitrary
|
||||
application data,
|
||||
pointed to by
|
||||
.I in
|
||||
and
|
||||
.I in_length
|
||||
bytes long.
|
||||
The private session key, pointed to by
|
||||
.I key,
|
||||
is used to seed the
|
||||
.I quad_cksum()
|
||||
checksum algorithm used as part of the authentication.
|
||||
.I sender
|
||||
and
|
||||
.I receiver
|
||||
point to the Internet address of the two parties.
|
||||
This message does not provide privacy, but does protect (via detection)
|
||||
against modifications, insertions or replays. The encapsulated message and
|
||||
header are placed in the area pointed to by
|
||||
.I out
|
||||
and the routine returns the length of the output, or -1 indicating
|
||||
an error.
|
||||
The authentication provided by this routine is not as strong as that
|
||||
provided by
|
||||
.I krb_mk_priv
|
||||
or by computing the checksum using
|
||||
.I cbc_cksum
|
||||
instead, both of which authenticate via DES.
|
||||
.PP
|
||||
|
||||
.I krb_rd_safe
|
||||
authenticates a received
|
||||
.I krb_mk_safe
|
||||
message.
|
||||
.I in
|
||||
points to the beginning of the received message, whose length
|
||||
is specified in
|
||||
.I in_length.
|
||||
The private session key, pointed to by
|
||||
.I key,
|
||||
is used to seed the quad_cksum() routine as part of the authentication.
|
||||
.I msg_data
|
||||
is a pointer to a
|
||||
.I MSG_DAT
|
||||
struct, defined in
|
||||
.I krb.h .
|
||||
The routine fills in these
|
||||
.I MSG_DAT
|
||||
fields:
|
||||
the
|
||||
.I app_data
|
||||
field with a pointer to the application data,
|
||||
.I app_length
|
||||
with the length of the
|
||||
.I app_data
|
||||
field,
|
||||
.I time_sec
|
||||
and
|
||||
.I time_5ms
|
||||
with the timestamps in the message, and
|
||||
.I swap
|
||||
with a 1 if the byte order of the receiver is different than that of
|
||||
the sender.
|
||||
(The application must still determine if it is appropriate
|
||||
to byte-swap application data; the Kerberos protocol fields are already taken
|
||||
care of). The
|
||||
.I hash
|
||||
field returns a value useful as input to the
|
||||
.I krb_ck_repl
|
||||
routine.
|
||||
|
||||
The routine returns zero if ok, or a Kerberos error code. Modified messages
|
||||
and old messages cause errors, but it is up to the caller to
|
||||
check the time sequence of messages, and to check against recently replayed
|
||||
messages using
|
||||
.I krb_ck_repl
|
||||
if so desired.
|
||||
.PP
|
||||
.I krb_mk_err
|
||||
constructs an application level error message that may be used along
|
||||
with
|
||||
.I krb_mk_priv
|
||||
or
|
||||
.I krb_mk_safe.
|
||||
.I out
|
||||
is a pointer to the output buffer,
|
||||
.I code
|
||||
is an application specific error code, and
|
||||
.I string
|
||||
is an application specific error string.
|
||||
|
||||
.PP
|
||||
.I krb_rd_err
|
||||
unpacks a received
|
||||
.I krb_mk_err
|
||||
message.
|
||||
.I in
|
||||
points to the beginning of the received message, whose length
|
||||
is specified in
|
||||
.I in_length.
|
||||
.I code
|
||||
is a pointer to a value to be filled in with the error
|
||||
value provided by the application.
|
||||
.I msg_data
|
||||
is a pointer to a
|
||||
.I MSG_DAT
|
||||
struct, defined in
|
||||
.I krb.h .
|
||||
The routine fills in these
|
||||
.I MSG_DAT
|
||||
fields: the
|
||||
.I app_data
|
||||
field with a pointer to the application error text,
|
||||
.I app_length
|
||||
with the length of the
|
||||
.I app_data
|
||||
field, and
|
||||
.I swap
|
||||
with a 1 if the byte order of the receiver is different than that of
|
||||
the sender. (The application must still determine if it is appropriate
|
||||
to byte-swap application data; the Kerberos protocol fields are already taken
|
||||
care of).
|
||||
|
||||
The routine returns zero if the error message has been successfully received,
|
||||
or a Kerberos error code.
|
||||
.PP
|
||||
The
|
||||
.I KTEXT
|
||||
structure is used to pass around text of varying lengths. It consists
|
||||
of a buffer for the data, and a length. krb_rd_req takes an argument of this
|
||||
type containing the authenticator, and krb_mk_req returns the
|
||||
authenticator in a structure of this type. KTEXT itself is really a
|
||||
pointer to the structure. The actual structure is of type KTEXT_ST.
|
||||
.PP
|
||||
The
|
||||
.I AUTH_DAT
|
||||
structure is filled in by krb_rd_req. It must be allocated before
|
||||
calling krb_rd_req, and a pointer to it is passed. The structure is
|
||||
filled in with data obtained from Kerberos.
|
||||
.I MSG_DAT
|
||||
structure is filled in by either krb_rd_priv, krb_rd_safe, or
|
||||
krb_rd_err. It must be allocated before the call and a pointer to it
|
||||
is passed. The structure is
|
||||
filled in with data obtained from Kerberos.
|
||||
.PP
|
||||
.SH FILES
|
||||
/usr/include/kerberosIV/krb.h
|
||||
.br
|
||||
/usr/lib/libkrb.a
|
||||
.br
|
||||
/usr/include/kerberosIV/des.h
|
||||
.br
|
||||
/usr/lib/libdes.a
|
||||
.br
|
||||
/etc/kerberosIV/aname
|
||||
.br
|
||||
/etc/kerberosIV/srvtab
|
||||
.br
|
||||
/tmp/tkt[uid]
|
||||
.SH "SEE ALSO"
|
||||
kerberos(1), des_crypt(3)
|
||||
.SH DIAGNOSTICS
|
||||
.SH BUGS
|
||||
The caller of
|
||||
.I krb_rd_req, krb_rd_priv, and krb_rd_safe
|
||||
must check time order and for replay attempts.
|
||||
.I krb_ck_repl
|
||||
is not implemented yet.
|
||||
.SH AUTHORS
|
||||
Clifford Neuman, MIT Project Athena
|
||||
.br
|
||||
Steve Miller, MIT Project Athena/Digital Equipment Corporation
|
||||
.SH RESTRICTIONS
|
||||
COPYRIGHT 1985,1986,1989 Massachusetts Institute of Technology
|
Loading…
Reference in New Issue
Block a user