1994-09-30 14:50:09 +00:00
|
|
|
/*
|
|
|
|
* Copyright 1986, 1987, 1988 by the Massachusetts Institute
|
|
|
|
* of Technology.
|
|
|
|
* For copying and distribution information, please see the file
|
|
|
|
* <Copyright.MIT>.
|
|
|
|
*
|
|
|
|
* This routine dissects a a Kerberos 'private msg', decrypting it,
|
|
|
|
* checking its integrity, and returning a pointer to the application
|
|
|
|
* data contained and its length.
|
|
|
|
*
|
|
|
|
* Returns 0 (RD_AP_OK) for success or an error code (RD_AP_...). If
|
|
|
|
* the return value is RD_AP_TIME, then either the times are too far
|
|
|
|
* out of synch, OR the packet was modified.
|
|
|
|
*
|
|
|
|
* Steve Miller Project Athena MIT/DEC
|
|
|
|
*
|
|
|
|
* from: rd_priv.c,v 4.14 89/04/28 11:59:42 jtkohl Exp $
|
1995-08-25 22:52:32 +00:00
|
|
|
* $Id: rd_priv.c,v 1.3 1995/07/18 16:39:31 mark Exp $
|
1994-09-30 14:50:09 +00:00
|
|
|
*/
|
|
|
|
|
1995-08-25 22:52:32 +00:00
|
|
|
#if 0
|
1994-09-30 14:50:09 +00:00
|
|
|
#ifndef lint
|
|
|
|
static char rcsid[]=
|
1995-08-25 22:52:32 +00:00
|
|
|
"$Id: rd_priv.c,v 1.3 1995/07/18 16:39:31 mark Exp $";
|
1994-09-30 14:50:09 +00:00
|
|
|
#endif /* lint */
|
1995-08-25 22:52:32 +00:00
|
|
|
#endif
|
1994-09-30 14:50:09 +00:00
|
|
|
|
|
|
|
/* system include files */
|
1995-08-25 22:52:32 +00:00
|
|
|
#include <string.h>
|
1995-09-07 21:39:00 +00:00
|
|
|
#include <stdio.h>
|
1994-09-30 14:50:09 +00:00
|
|
|
#include <errno.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <sys/time.h>
|
|
|
|
|
|
|
|
/* application include files */
|
|
|
|
#include <des.h>
|
|
|
|
#include <krb.h>
|
|
|
|
#include <prot.h>
|
|
|
|
#include "lsb_addr_comp.h"
|
|
|
|
|
1995-09-07 21:39:00 +00:00
|
|
|
extern int krb_debug;
|
|
|
|
|
1994-09-30 14:50:09 +00:00
|
|
|
/* static storage */
|
|
|
|
|
|
|
|
static u_long c_length;
|
|
|
|
static int swap_bytes;
|
|
|
|
static struct timeval local_time;
|
|
|
|
static long delta_t;
|
|
|
|
int private_msg_ver = KRB_PROT_VERSION;
|
|
|
|
|
|
|
|
/*
|
|
|
|
#ifdef NOENCRPYTION
|
|
|
|
* krb_rd_priv() checks the integrity of an
|
|
|
|
#else
|
|
|
|
* krb_rd_priv() decrypts and checks the integrity of an
|
|
|
|
#endif
|
|
|
|
* AUTH_MSG_PRIVATE message. Given the message received, "in",
|
|
|
|
* the length of that message, "in_length", the key "schedule"
|
|
|
|
* and "key", and the network addresses of the
|
|
|
|
* "sender" and "receiver" of the message, krb_rd_safe() returns
|
|
|
|
* RD_AP_OK if the message is okay, otherwise some error code.
|
|
|
|
*
|
|
|
|
* The message data retrieved from "in" are returned in the structure
|
|
|
|
* "m_data". The pointer to the application data
|
|
|
|
* (m_data->app_data) refers back to the appropriate place in "in".
|
|
|
|
*
|
|
|
|
* See the file "mk_priv.c" for the format of the AUTH_MSG_PRIVATE
|
|
|
|
* message. The structure containing the extracted message
|
|
|
|
* information, MSG_DAT, is defined in "krb.h".
|
|
|
|
*/
|
|
|
|
|
1995-09-07 21:39:00 +00:00
|
|
|
long
|
|
|
|
krb_rd_priv(in,in_length,schedule,key,sender,receiver,m_data)
|
|
|
|
u_char *in; /* pointer to the msg received */
|
|
|
|
u_long in_length; /* length of "in" msg */
|
|
|
|
Key_schedule schedule; /* precomputed key schedule */
|
|
|
|
C_Block key; /* encryption key for seed and ivec */
|
|
|
|
struct sockaddr_in *sender;
|
|
|
|
struct sockaddr_in *receiver;
|
|
|
|
MSG_DAT *m_data; /*various input/output data from msg */
|
1994-09-30 14:50:09 +00:00
|
|
|
{
|
|
|
|
register u_char *p,*q;
|
|
|
|
static u_long src_addr; /* Can't send structs since no
|
|
|
|
* guarantees on size */
|
|
|
|
|
|
|
|
if (gettimeofday(&local_time,(struct timezone *)0))
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
p = in; /* beginning of message */
|
|
|
|
swap_bytes = 0;
|
|
|
|
|
|
|
|
if (*p++ != KRB_PROT_VERSION && *(p-1) != 3)
|
|
|
|
return RD_AP_VERSION;
|
|
|
|
private_msg_ver = *(p-1);
|
|
|
|
if (((*p) & ~1) != AUTH_MSG_PRIVATE)
|
|
|
|
return RD_AP_MSG_TYPE;
|
|
|
|
if ((*p++ & 1) != HOST_BYTE_ORDER)
|
|
|
|
swap_bytes++;
|
|
|
|
|
|
|
|
/* get cipher length */
|
|
|
|
bcopy((char *)p,(char *)&c_length,sizeof(c_length));
|
|
|
|
if (swap_bytes)
|
|
|
|
swap_u_long(c_length);
|
|
|
|
p += sizeof(c_length);
|
|
|
|
/* check for rational length so we don't go comatose */
|
|
|
|
if (VERSION_SZ + MSG_TYPE_SZ + c_length > in_length)
|
|
|
|
return RD_AP_MODIFIED;
|
|
|
|
|
|
|
|
|
|
|
|
q = p; /* mark start of encrypted stuff */
|
|
|
|
|
|
|
|
#ifndef NOENCRYPTION
|
1995-09-07 21:39:00 +00:00
|
|
|
pcbc_encrypt((C_Block *)q,(C_Block *)q,(long)c_length,schedule,
|
|
|
|
(C_Block *)key,DECRYPT);
|
1994-09-30 14:50:09 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
/* safely get application data length */
|
|
|
|
bcopy((char *) p,(char *)&(m_data->app_length),
|
|
|
|
sizeof(m_data->app_length));
|
|
|
|
if (swap_bytes)
|
|
|
|
swap_u_long(m_data->app_length);
|
|
|
|
p += sizeof(m_data->app_length); /* skip over */
|
|
|
|
|
|
|
|
if (m_data->app_length + sizeof(c_length) + sizeof(in_length) +
|
|
|
|
sizeof(m_data->time_sec) + sizeof(m_data->time_5ms) +
|
|
|
|
sizeof(src_addr) + VERSION_SZ + MSG_TYPE_SZ
|
|
|
|
> in_length)
|
|
|
|
return RD_AP_MODIFIED;
|
|
|
|
|
|
|
|
#ifndef NOENCRYPTION
|
|
|
|
/* we're now at the decrypted application data */
|
|
|
|
#endif
|
|
|
|
m_data->app_data = p;
|
|
|
|
|
|
|
|
p += m_data->app_length;
|
|
|
|
|
|
|
|
/* safely get time_5ms */
|
|
|
|
bcopy((char *) p, (char *)&(m_data->time_5ms),
|
|
|
|
sizeof(m_data->time_5ms));
|
|
|
|
/* don't need to swap-- one byte for now */
|
|
|
|
p += sizeof(m_data->time_5ms);
|
|
|
|
|
|
|
|
/* safely get src address */
|
|
|
|
bcopy((char *) p,(char *)&src_addr,sizeof(src_addr));
|
|
|
|
/* don't swap, net order always */
|
|
|
|
p += sizeof(src_addr);
|
|
|
|
|
|
|
|
if (src_addr != (u_long) sender->sin_addr.s_addr)
|
|
|
|
return RD_AP_MODIFIED;
|
|
|
|
|
|
|
|
/* safely get time_sec */
|
|
|
|
bcopy((char *) p, (char *)&(m_data->time_sec),
|
|
|
|
sizeof(m_data->time_sec));
|
|
|
|
if (swap_bytes) swap_u_long(m_data->time_sec);
|
|
|
|
|
|
|
|
p += sizeof(m_data->time_sec);
|
|
|
|
|
|
|
|
/* check direction bit is the sign bit */
|
1995-05-30 06:41:30 +00:00
|
|
|
/* For compatibility with broken old code, compares are done in VAX
|
|
|
|
byte order (LSBFIRST) */
|
1994-09-30 14:50:09 +00:00
|
|
|
if (lsb_net_ulong_less(sender->sin_addr.s_addr,
|
1995-05-30 06:41:30 +00:00
|
|
|
receiver->sin_addr.s_addr)==-1)
|
|
|
|
/* src < recv */
|
|
|
|
m_data->time_sec = - m_data->time_sec;
|
|
|
|
else if (lsb_net_ulong_less(sender->sin_addr.s_addr,
|
|
|
|
receiver->sin_addr.s_addr)==0)
|
1994-09-30 14:50:09 +00:00
|
|
|
if (lsb_net_ushort_less(sender->sin_port,receiver->sin_port)==-1)
|
|
|
|
/* src < recv */
|
1995-05-30 06:41:30 +00:00
|
|
|
m_data->time_sec = - m_data->time_sec;
|
1994-09-30 14:50:09 +00:00
|
|
|
/*
|
|
|
|
* all that for one tiny bit!
|
|
|
|
* Heaven help those that talk to themselves.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* check the time integrity of the msg */
|
|
|
|
delta_t = abs((int)((long) local_time.tv_sec
|
|
|
|
- m_data->time_sec));
|
|
|
|
if (delta_t > CLOCK_SKEW)
|
|
|
|
return RD_AP_TIME;
|
|
|
|
if (krb_debug)
|
1995-08-25 22:52:32 +00:00
|
|
|
printf("\ndelta_t = %ld",delta_t);
|
1994-09-30 14:50:09 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* caller must check timestamps for proper order and
|
|
|
|
* replays, since server might have multiple clients
|
|
|
|
* each with its own timestamps and we don't assume
|
|
|
|
* tightly synchronized clocks.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef notdef
|
|
|
|
bcopy((char *) p,(char *)&cksum,sizeof(cksum));
|
|
|
|
if (swap_bytes) swap_u_long(cksum)
|
|
|
|
/*
|
|
|
|
* calculate the checksum of the length, sequence,
|
|
|
|
* and input data, on the sending byte order!!
|
|
|
|
*/
|
|
|
|
calc_cksum = quad_cksum(q,NULL,p-q,0,key);
|
|
|
|
|
|
|
|
if (krb_debug)
|
|
|
|
printf("\ncalc_cksum = %u, received cksum = %u",
|
|
|
|
calc_cksum, cksum);
|
|
|
|
if (cksum != calc_cksum)
|
|
|
|
return RD_AP_MODIFIED;
|
|
|
|
#endif
|
|
|
|
return RD_AP_OK; /* OK == 0 */
|
|
|
|
}
|