home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
gondwana.ecr.mu.oz.au/pub/
/
Graphics.tar
/
Graphics
/
athena
/
eBones-p9.patch.Z
/
eBones-p9.patch
Wrap
Text File
|
1990-10-25
|
39KB
|
1,409 lines
diff -r -c ../oBones/src/Imakefile src/Imakefile
*** ../oBones/src/Imakefile Wed Nov 8 00:39:57 1989
--- src/Imakefile Tue Sep 11 10:37:28 1990
***************
*** 25,31 ****
--- 25,36 ----
make ${MFLAGS} regression
# add more simple regression tests here.
+ #ifdef NOENCRYPTION
regression:
+ #else
+ regression:
+ lib/des/destest
+ #endif
clean-imake:
diff -r -c ../oBones/src/Makefile src/Makefile
*** ../oBones/src/Makefile Tue Oct 3 06:37:39 1989
--- src/Makefile Tue Sep 11 12:22:06 1990
***************
*** 156,162 ****
# add more simple regression tests here.
regression:
! lib/des/verify
clean-imake:
cd util/imake; make clean
--- 156,162 ----
# add more simple regression tests here.
regression:
! lib/des/destest
clean-imake:
cd util/imake; make clean
diff -r -c ../oBones/src/admin/kdb_edit.c src/admin/kdb_edit.c
*** ../oBones/src/admin/kdb_edit.c Mon Sep 10 16:08:45 1990
--- src/admin/kdb_edit.c Mon Sep 10 16:31:29 1990
***************
*** 242,260 ****
--- 242,273 ----
}
/* password */
if (editpw) {
+ #ifdef NOENCRYPTION
placebo_read_pw_string(pw_str, sizeof pw_str,
"\nNew Password: ", TRUE);
+ #else
+ des_read_pw_string(pw_str, sizeof pw_str,
+ "\nNew Password: ", TRUE);
+ #endif
if (!strcmp(pw_str, "RANDOM")) {
printf("\nRandom password [y] ? ");
gets(temp);
if (!strcmp("n", temp) || !strcmp("N", temp)) {
/* no, use literal */
+ #ifdef NOENCRYPTION
bzero(new_key, sizeof(C_Block));
new_key[0] = 127;
+ #else
+ string_to_key(pw_str, new_key);
+ #endif
bzero(pw_str, sizeof pw_str); /* "RANDOM" */
} else {
+ #ifdef NOENCRYPTION
bzero(new_key, sizeof(C_Block));
new_key[0] = 127;
+ #else
+ random_key(new_key);
+ #endif
bzero(pw_str, sizeof pw_str);
}
} else if (!strcmp(pw_str, "NULL")) {
***************
*** 262,269 ****
--- 275,286 ----
gets(temp);
if (!strcmp("n", temp) || !strcmp("N", temp)) {
/* no, use literal */
+ #ifdef NOENCRYPTION
bzero(new_key, sizeof(C_Block));
new_key[0] = 127;
+ #else
+ string_to_key(pw_str, new_key);
+ #endif
bzero(pw_str, sizeof pw_str); /* "NULL" */
} else {
***************
*** 272,279 ****
--- 289,300 ----
goto null_key;
}
} else {
+ #ifdef NOENCRYPTION
bzero(new_key, sizeof(C_Block));
new_key[0] = 127;
+ #else
+ string_to_key(pw_str,new_key);
+ #endif
bzero(pw_str, sizeof pw_str);
}
diff -r -c ../oBones/src/admin/kdb_init.c src/admin/kdb_init.c
*** ../oBones/src/admin/kdb_init.c Wed Nov 8 00:38:33 1989
--- src/admin/kdb_init.c Mon Sep 10 16:32:17 1990
***************
*** 137,144 ****
--- 137,148 ----
principal.key_high = 0;
break;
case RANDOM_KEY:
+ #ifdef NOENCRYPTION
bzero(new_key, sizeof(C_Block));
new_key[0] = 127;
+ #else
+ random_key(new_key);
+ #endif
kdb_encrypt_key (new_key, new_key, master_key, master_key_schedule,
ENCRYPT);
bcopy(new_key, &principal.key_low, 4);
diff -r -c ../oBones/src/admin/kdb_util.c src/admin/kdb_util.c
*** ../oBones/src/admin/kdb_util.c Mon Sep 10 16:09:44 1990
--- src/admin/kdb_util.c Mon Sep 10 16:33:12 1990
***************
*** 386,391 ****
--- 386,396 ----
bcopy((char *)&(p->key_low), (char *)key, 4);
bcopy((char *)&(p->key_high), (char *)(((long *) key) + 1), 4);
+ #ifndef NOENCRYPTION
+ des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key,
+ (long)sizeof(des_cblock),master_key_schedule,
+ (des_cblock *)master_key_schedule,DECRYPT);
+ #endif
/* make new key, new style */
kdb_encrypt_key (key, key, master_key, master_key_schedule, ENCRYPT);
***************
*** 431,436 ****
--- 436,445 ----
bcopy((char *)&principal_data[0].key_low, (char *)key_from_db, 4);
bcopy((char *)&principal_data[0].key_high,
(char *)(((long *) key_from_db) + 1), 4);
+ #ifndef NOENCRYPTION
+ des_pcbc_encrypt(key_from_db,key_from_db,(long)sizeof(key_from_db),
+ master_key_schedule,(des_cblock *)master_key_schedule,DECRYPT);
+ #endif
/* the decrypted database key had better equal the master key */
n = bcmp((char *) master_key, (char *) key_from_db,
sizeof(master_key));
diff -r -c ../oBones/src/appl/bsd/login.c src/appl/bsd/login.c
*** ../oBones/src/appl/bsd/login.c Mon Sep 10 16:06:55 1990
--- src/appl/bsd/login.c Tue Sep 11 14:02:05 1990
***************
*** 333,339 ****
--- 333,343 ----
int krbval;
char realm[REALM_SZ];
int kpass_ok,lpass_ok;
+ #ifdef NOENCRYPTION
#define read_long_pw_string placebo_read_pw_string
+ #else
+ #define read_long_pw_string des_read_pw_string
+ #endif
int read_long_pw_string();
#endif
ioctlval = 0;
diff -r -c ../oBones/src/appl/bsd/rcp.c src/appl/bsd/rcp.c
*** ../oBones/src/appl/bsd/rcp.c Wed Nov 8 00:38:44 1989
--- src/appl/bsd/rcp.c Tue Sep 11 15:01:17 1990
***************
*** 66,74 ****
--- 66,82 ----
char krb_realm[REALM_SZ];
void try_normal();
char **save_argv(), *strsave(), *krb_realmofhost();
+ #ifdef NOENCRYPTION
#define des_read read
#define des_write write
+ #else
+ int encryptflag=0;
+ #endif
+ #ifdef ultrix
+ #define UCB_RCP "/usr/ucb/rcp.ucb"
+ #else
#define UCB_RCP "/bin/rcp.ucb"
+ #endif
#else /* !KERBEROS */
#define des_read read
#define des_write write
***************
*** 162,167 ****
--- 170,180 ----
usage();
strncpy(krb_realm,*argv,REALM_SZ);
goto next_arg;
+ #ifndef NOENCRYPTION
+ case 'x':
+ encryptflag++;
+ break;
+ #endif
#endif KERBEROS
/* The rest of these are not for users. */
case 'd':
***************
*** 204,210 ****
--- 217,227 ----
#ifdef KERBEROS
(void) sprintf(cmd, "rcp%s%s%s%s",
iamrecursive ? " -r" : "", pflag ? " -p" : "",
+ #ifdef NOENCRYPTION
"",
+ #else
+ encryptflag?" -x":"",
+ #endif
targetshouldbedirectory ? " -d" : "");
#else /* !KERBEROS */
(void) sprintf(cmd, "rcp%s%s%s",
***************
*** 322,327 ****
--- 339,349 ----
(rem == -1) ? "rcmd protocol failure" : krb_err_txt[rem]);
rem = -1;
} else {
+ #ifndef NOENCRYPTION
+ if (encryptflag)
+ send_auth(host,krb_realm);
+ #endif
+
}
if (rem<0)
try_normal(orig_argv);
***************
*** 421,426 ****
--- 443,453 ----
(rem == -1) ? "rcmd protocol failure" : krb_err_txt[rem]);
rem = -1;
} else {
+ #ifndef NOENCRYPTION
+ if (encryptflag)
+ send_auth(host,krb_realm);
+ #endif
+
}
if (rem<0)
try_normal(orig_argv);
***************
*** 944,950 ****
--- 971,981 ----
{
#ifdef KERBEROS
fprintf(stderr,
+ #ifdef NOENCRYPTION
"Usage: rcp [-p] [-k realm] f1 f2; or:\n\trcp [-r] [-p] [-k realm] f1 ... fn d2\n");
+ #else
+ "Usage: rcp [-p] [-x] [-k realm] f1 f2; or:\n\trcp [-r] [-p] [-x] [-k realm] f1 ... fn d2\n");
+ #endif
#else /* !KERBEROS */
fputs("usage: rcp [-p] f1 f2; or: rcp [-rp] f1 ... fn d2\n", stderr);
#endif
***************
*** 978,983 ****
--- 1009,1018 ----
{
register int i;
+ #ifndef NOENCRYPTION
+ if (!encryptflag)
+ #endif
+ {
fprintf(stderr,"trying normal rcp (%s)\n", UCB_RCP);
fflush(stderr);
/* close all but stdin, stdout, stderr */
***************
*** 985,990 ****
--- 1020,1026 ----
(void) close(i);
execv(UCB_RCP, argv);
perror("exec");
+ }
exit(1);
}
***************
*** 1018,1022 ****
--- 1054,1144 ----
return(ret);
}
+ #ifndef NOENCRYPTION
+ int send_auth(h,r)
+ char *h;
+ char *r;
+ {
+ int lslen,fslen,i;
+ long opts;
+
+ lslen=sizeof(struct sockaddr_in);
+ if (getsockname(sock,&local,&lslen) < 0)
+ {
+ perror("getsockname");
+ exit(1);
+ }
+ fslen=sizeof(struct sockaddr_in);
+ if (getpeername(sock,&foreign,&fslen) < 0)
+ {
+ perror("getpeername");
+ exit(1);
+ }
+ if ((r == NULL) || (*r == '\0'))
+ r=krb_realmofhost(h);
+ opts=KOPT_DO_MUTUAL;
+ if ((rem=krb_sendauth(opts,sock,&ticket,"rcmd",h,r,
+ (unsigned long)getpid(),&msg_data,&cred,schedule,&local,
+ &foreign,"KCMDV0.1")) != KSUCCESS)
+ {
+ fprintf(stderr,"krb_sendauth failure: %s\n",
+ krb_err_txt[rem]);
+ exit(1);
+ }
+ }
+
+ int answer_auth()
+ {
+ int lslen,fslen,status;
+ long opts;
+ char inst[INST_SZ],v[9];
+
+ lslen=sizeof(struct sockaddr_in);
+ if (getsockname(rem,&local,&lslen) < 0)
+ {
+ perror("getsockname");
+ exit(1);
+ }
+ fslen=sizeof(struct sockaddr_in);
+ if(getpeername(rem,&foreign,&fslen) < 0)
+ {
+ perror("getperrname");
+ exit(1);
+ }
+ strcpy(inst,"*");
+ opts=KOPT_DO_MUTUAL;
+ if ((status=krb_recvauth(opts,rem,&ticket,"rcmd",inst,&foreign,&local,
+ &kdata,"",schedule,v)) != KSUCCESS)
+ {
+ fprintf(stderr,"krb_recvauth failure: %s\n",
+ krb_err_txt[status]);
+ exit(1);
+ }
+ }
+
+ int des_read(fd,buf,len)
+ int fd;
+ char *buf;
+ int len;
+ {
+ if (encryptflag)
+ return(des_enc_read(fd,buf,len,schedule,
+ (iamremote?kdata.session:cred.session)));
+ else
+ return(read(fd,buf,len));
+ }
+
+ int des_write(fd,buf,len)
+ int fd;
+ char *buf;
+ int len;
+ {
+ if (encryptflag)
+ return(des_enc_write(fd,buf,len,schedule,
+ (iamremote?kdata.session:cred.session)));
+ else
+ return(write(fd,buf,len));
+ }
+ #endif
#endif KERBEROS
diff -r -c ../oBones/src/appl/bsd/rlogin.c src/appl/bsd/rlogin.c
*** ../oBones/src/appl/bsd/rlogin.c Mon Sep 10 15:42:33 1990
--- src/appl/bsd/rlogin.c Tue Sep 11 10:49:40 1990
***************
*** 114,121 ****
--- 114,125 ----
#ifdef KERBEROS
void try_normal();
char krb_realm[REALM_SZ];
+ #ifndef NOENCRYPTION
+ int encryptflag=0;
+ #else
#define des_read read
#define des_write write
+ #endif
CREDENTIALS cred;
Key_schedule schedule;
MSG_DAT msg_data;
***************
*** 261,266 ****
--- 265,279 ----
argv++, argc--;
goto another;
}
+ #ifndef NOENCRYPTION
+ if ((argc > 0) && (strcmp(*argv,"-x") == 0))
+ {
+ encryptflag++;
+ argv++;
+ argc--;
+ goto another;
+ }
+ #endif
#endif KERBEROS
if (host == 0)
goto usage;
***************
*** 277,285 ****
--- 290,308 ----
* attempt to login with Kerberos.
* If we fail at any step, use the standard rlogin
*/
+ #ifndef NOENCRYPTION
+ if (encryptflag)
+ sp=getservbyname("eklogin","tcp");
+ else
+ #endif
sp = getservbyname("klogin","tcp");
if (sp == 0) {
+ #ifdef NOENCRYPTION
fprintf(stderr, "rlogin: klogin/tcp: unknown service\n");
+ #else
+ fprintf(stderr,"rlogin: %s/tcp: unknown service\n",
+ encryptflag?"eklogin":"klogin");
+ #endif
try_normal(orig_argv);
}
***************
*** 308,313 ****
--- 331,340 ----
#ifdef KERBEROS
rem=KSUCCESS;
+ #ifndef NOENCRYPTION
+ if (encryptflag) authopts=KOPT_DO_MUTUAL;
+ else
+ #endif
{
#ifdef ATHENA_COMPAT
authopts = KOPT_DO_OLDSTYLE;
***************
*** 381,387 ****
--- 408,418 ----
#ifdef ATHENA
fprintf (stderr,
"usage: rlogin host [-option] [-option...] [-k realm ] [-t ttytype] [-l username]\n");
+ #ifdef NOENCRYPTION
fprintf (stderr, " where option is e, 7, 8, noflow, n, a, or c\n");
+ #else
+ fprintf (stderr, " where option is e, 7, 8, noflow, n, a, c or x\n");
+ #endif
#else !ATHENA
fprintf (stderr,
"usage: rlogin host [ -ex ] [-k realm ] [-l username] [ -8 ] [ -L ]\n");
***************
*** 937,942 ****
--- 968,976 ----
{
register char *host;
+ #ifndef NOENCRYPTION
+ if (encryptflag) exit(1);
+ #endif
fprintf(stderr,"trying normal rlogin (%s)\n",
UCB_RLOGIN);
fflush(stderr);
***************
*** 962,964 ****
--- 996,1022 ----
prf("\007Connection closed.");
done(1);
}
+
+ #ifndef NOENCRYPTION
+ int des_read(fd,buf,len)
+ int fd;
+ char *buf;
+ int len;
+ {
+ if (encryptflag)
+ return(des_enc_read(fd,buf,len,schedule,cred.session));
+ else
+ return(read(fd,buf,len));
+ }
+
+ int des_write(fd,buf,len)
+ int fd;
+ char *buf;
+ int len;
+ {
+ if (encryptflag)
+ return(des_enc_write(fd,buf,len,schedule,cred.session));
+ else
+ return(write(fd,buf,len));
+ }
+ #endif
diff -r -c ../oBones/src/appl/bsd/rlogind.c src/appl/bsd/rlogind.c
*** ../oBones/src/appl/bsd/rlogind.c Wed Nov 8 00:38:46 1989
--- src/appl/bsd/rlogind.c Tue Sep 11 12:24:10 1990
***************
*** 75,82 ****
--- 75,87 ----
KTEXT ticket;
Key_schedule schedule;
void do_krb_login();
+ #ifdef NOENCRYPTION
#define des_read read
#define des_write write
+ #else
+ #define des_read(a,b,c) ((eklogin)?des_enc_read(a,b,c,schedule,kdata->session):read(a,b,c))
+ #define des_write(a,b,c) ((eklogin)?des_enc_write(a,b,c,schedule,kdata->session):write(a,b,c))
+ #endif
#else /* !KERBEROS */
#define des_read read
#define des_write write
***************
*** 117,124 ****
--- 122,135 ----
* If the name of the program is "eklogind", all data passing over
* the network pipe are encrypted.
*/
+
+ #ifdef NOENCRYPTION
klogin = (!strcmp(*argv,"eklogind") ||
!strcmp(*argv,"klogind")); /* pass -k flag to login */
+ #else
+ eklogin=!strcmp(*argv,"eklogind");
+ klogin=!strcmp(*argv,"klogind");
+ #endif
Klogin = !strcmp(*argv,"Klogind"); /* pass -K flag to login */
/*
* if klogin, Klogin, and eklogin are zero (ie, the program name was
***************
*** 126,136 ****
--- 137,157 ----
*/
#ifndef LOG_AUTH /* 4.2 syslog */
+ #ifdef NOENCRYPTION
openlog(klogin ? "klogind" : (Klogin ? "Klogind" : "rlogind"),
LOG_PID);
#else
+ openlog(eklogin?"eklogind":(klogin?"klogind":
+ (Klogin?"Klogind":"rlogind")),LOG_PID);
+ #endif
+ #else
+ #ifdef NOENCRYPTION
openlog(klogin ? "klogind" : (Klogin ? "Klogind" : "rlogind"),
LOG_PID | LOG_AUTH, LOG_AUTH);
+ #else
+ openlog(eklogin ? "eklogind" : (klogin ? "klogind" :
+ (Klogin ? "Klogind" : "rlogind")),LOG_PID|LOG_AUTH,LOG_AUTH);
+ #endif
#endif /* 4.2 syslog */
#else
#ifndef LOG_AUTH /* 4.2 syslog */
***************
*** 187,193 ****
--- 208,218 ----
#ifdef KERBEROS
/* Don't care about reserved port for kerberos logins */
if (fromp->sin_family != AF_INET ||
+ #ifdef NOENCRYPTION
(!klogin && !Klogin &&
+ #else
+ (!klogin && !Klogin && !eklogin &&
+ #endif
(fromp->sin_port >= IPPORT_RESERVED ||
fromp->sin_port < IPPORT_RESERVED/2)))
#else /* !KERBEROS */
***************
*** 279,284 ****
--- 304,321 ----
execl(LOGIN_PROGRAM, "login", "-k", hp->h_name, 0);
} else if (Klogin) {
execl(LOGIN_PROGRAM, "login", "-K", hp->h_name, 0);
+ #ifndef NOENCRYPTION
+ } else if (eklogin)
+ {
+ struct passwd *pw;
+
+ pw=getpwnam(lusername);
+ if ((pw != NULL) && (pw->pw_uid == 0))
+ syslog(LOG_INFO,"root login (eklogin) from %s (%s.%s@%s",
+ hp->h_name,kdata->pname,kdata->pinst,
+ kdata->prealm);
+ execl(LOGIN_PROGRAM,"login","-e",lusername,0);
+ #endif
} else {
execl(LOGIN_PROGRAM, "login", "-r", hp->h_name, 0);
}
diff -r -c ../oBones/src/appl/sample/simple_client.c src/appl/sample/simple_client.c
*** ../oBones/src/appl/sample/simple_client.c Wed Nov 8 00:38:40 1989
--- src/appl/sample/simple_client.c Mon Sep 10 17:12:27 1990
***************
*** 165,171 ****
--- 165,176 ----
/* PREPARE KRB_MK_PRIV MESSAGE */
+ #ifdef NOENCRYPTION
bzero((char *)sched, sizeof(sched));
+ #else
+ /* Get key schedule for session key */
+ des_key_sched(cred->session, sched);
+ #endif
/* Make the encrypted message */
len = krb_mk_priv(MSG, ktxt->dat, strlen(MSG)+1,
diff -r -c ../oBones/src/appl/sample/simple_server.c src/appl/sample/simple_server.c
*** ../oBones/src/appl/sample/simple_server.c Wed Nov 8 00:38:40 1989
--- src/appl/sample/simple_server.c Mon Sep 10 17:13:26 1990
***************
*** 135,141 ****
--- 135,146 ----
/* NOW GET ENCRYPTED MESSAGE */
+ #ifdef NOENCRYPTION
bzero((char *)sched, sizeof(sched));
+ #else
+ /* need key schedule for session key */
+ des_key_sched(ad.session, sched);
+ #endif
/* use "recvfrom" so we know client's address */
i = sizeof(c_sock);
diff -r -c ../oBones/src/kadmin/kadm_ser_wrap.c src/kadmin/kadm_ser_wrap.c
*** ../oBones/src/kadmin/kadm_ser_wrap.c Wed Nov 8 00:39:52 1989
--- src/kadmin/kadm_ser_wrap.c Mon Sep 10 17:18:51 1990
***************
*** 136,148 ****
--- 136,156 ----
#define clr_cli_secrets() {bzero((char *)sess_sched, sizeof(sess_sched)); bzero((char *)ad.session, sizeof(ad.session));}
in_st = *dat + *dat_len - r_len;
+ #ifdef NOENCRYPTION
ncksum = 0;
+ #else
+ ncksum = quad_cksum(in_st, (u_long *)0, (long) r_len, 0, ad.session);
+ #endif
if (ncksum!=ad.checksum) { /* yow, are we correct yet */
clr_cli_secrets();
errpkt(dat, dat_len,KADM_BAD_CHK);
return KADM_BAD_CHK;
}
+ #ifdef NOENCRYPTION
bzero(sess_sched, sizeof(sess_sched));
+ #else
+ des_key_sched(ad.session, sess_sched);
+ #endif
if (retc = (int) krb_rd_priv(in_st, r_len, sess_sched, ad.session,
&server_parm.recv_addr,
&server_parm.admin_addr, &msg_st)) {
diff -r -c ../oBones/src/kadmin/kadmin.c src/kadmin/kadmin.c
*** ../oBones/src/kadmin/kadmin.c Wed Nov 8 00:39:49 1989
--- src/kadmin/kadmin.c Tue Sep 11 12:26:45 1990
***************
*** 489,495 ****
--- 489,499 ----
}
}
+ #ifdef NOENCRYPTION
#define read_long_pw_string placebo_read_pw_string
+ #else
+ #define read_long_pw_string des_read_pw_string
+ #endif
extern int read_long_pw_string();
int
***************
*** 599,605 ****
--- 603,613 ----
printf("Null passwords are not allowed; try again.\n");
} while (strlen(new_passwd) == 0);
+ #ifdef NOENCRYPTION
bzero((char *) newkey, sizeof(newkey));
+ #else
+ des_string_to_key(new_passwd, newkey);
+ #endif
bzero(new_passwd, sizeof(new_passwd));
bcopy((char *) newkey,(char *)low,4);
***************
*** 607,613 ****
--- 615,623 ----
bzero((char *) newkey, sizeof(newkey));
+ #ifdef NOENCRYPTION
*low = 1;
+ #endif
if (byteswap != DONTSWAP) {
*low = htonl(*low);
diff -r -c ../oBones/src/kadmin/kpasswd.c src/kadmin/kpasswd.c
*** ../oBones/src/kadmin/kpasswd.c Wed Nov 8 00:39:50 1989
--- src/kadmin/kpasswd.c Mon Sep 10 17:24:50 1990
***************
*** 51,57 ****
--- 51,61 ----
void get_pw_new_key();
+ #ifdef NOENCRYPTION
#define read_long_pw_string placebo_read_pw_string
+ #else
+ #define read_long_pw_string des_read_pw_string
+ #endif
int read_long_pw_string();
bzero(name, sizeof(name));
***************
*** 211,218 ****
--- 215,226 ----
printf("Null passwords are not allowed; try again.\n");
} while (strlen(pword) == 0);
+ #ifdef NOENCRYPTION
bzero((char *) new_key, sizeof(des_cblock));
new_key[0] = (unsigned char) 1;
+ #else
+ (void) des_string_to_key(pword, new_key);
+ #endif
bzero(pword, sizeof(pword));
}
diff -r -c ../oBones/src/kadmin/ksrvutil.c src/kadmin/ksrvutil.c
*** ../oBones/src/kadmin/ksrvutil.c Wed Nov 8 00:39:53 1989
--- src/kadmin/ksrvutil.c Tue Sep 11 11:02:30 1990
***************
*** 37,43 ****
--- 37,47 ----
#include <errno.h>
#include <kadm.h>
+ #ifdef NOENCRYPTION
#define read_long_pw_string placebo_read_pw_string
+ #else /* NOENCRYPTION */
+ #define read_long_pw_string des_read_pw_string
+ #endif /* NOENCRYPTION */
int read_long_pw_string();
#define SRVTAB_MODE 0600 /* rw------- */
***************
*** 556,563 ****
--- 560,571 ----
KADM_SINST, 1, keyfile)) == KSUCCESS) &&
((status = kadm_init_link("changepw", KRB_MASTER, srealm)) ==
KADM_SUCCESS)) {
+ #ifdef NOENCRYPTION
(void) bzero((char *) new_key, sizeof(des_cblock));
new_key[0] = (unsigned char) 1;
+ #else /* NOENCRYPTION */
+ (void) des_random_key(new_key);
+ #endif /* NOENCRYPTION */
return(KADM_SUCCESS);
}
***************
*** 573,580 ****
--- 581,592 ----
if (read_long_pw_string(password, sizeof(password)-1, "Password: ", 1))
leave("Error reading password.", 1);
+ #ifdef NOENCRYPTION
(void) bzero((char *) key, sizeof(des_cblock));
key[0] = (unsigned char) 1;
+ #else /* NOENCRYPTION */
+ (void) des_string_to_key(password, key);
+ #endif /* NOENCRYPTION */
(void) bzero((char *)password, sizeof(password));
}
diff -r -c ../oBones/src/kuser/ksu.c src/kuser/ksu.c
*** ../oBones/src/kuser/ksu.c Wed Nov 8 00:38:52 1989
--- src/kuser/ksu.c Tue Sep 11 08:39:04 1990
***************
*** 89,95 ****
--- 89,99 ----
char *user, *shell, *username, *cleanenv[2], *nargv[4], **np;
char namebuf[50], shellbuf[MAXPATHLEN];
char *crypt(), *getpass(), *getenv(), *getlogin(), *rindex(), *strcpy();
+ #ifdef NOENCRYPTION
#define read_long_pw_string placebo_read_pw_string
+ #else
+ #define read_long_pw_string des_read_pw_string
+ #endif
int read_long_pw_string();
char pw_buf[MAXPWSIZE];
char *mytty;
diff -r -c ../oBones/src/lib/Imakefile src/lib/Imakefile
*** ../oBones/src/lib/Imakefile Wed Nov 8 00:39:22 1989
--- src/lib/Imakefile Tue Sep 11 08:40:28 1990
***************
*** 11,14 ****
--- 11,18 ----
#define have_subdirs
CODE=Imakefile
+ #ifdef NOENCRYPTION
SUBDIRS= krb kdb kadm knet acl
+ #else /* Do encryption */
+ SUBDIRS= des krb kdb kadm knet acl
+ #endif /* NOENCRYPTION */
diff -r -c ../oBones/src/lib/kadm/kadm_cli_wrap.c src/lib/kadm/kadm_cli_wrap.c
*** ../oBones/src/lib/kadm/kadm_cli_wrap.c Mon Sep 10 16:00:04 1990
--- src/lib/kadm/kadm_cli_wrap.c Tue Aug 7 17:14:52 1990
***************
*** 317,323 ****
--- 317,328 ----
sizeof(u_long) (for the size indication) from total size */
act_len += vts_long((u_long) priv_len, &act_st, act_len);
+ #ifdef NOENCRYPTION
cksum = 0;
+ #else
+ cksum = quad_cksum(priv_pak, (u_long *)0, (long)priv_len, 0,
+ sess_key);
+ #endif
if (retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst,
client_parm.krbrlm, (long)cksum)) {
/* authenticator? */
***************
*** 396,402 ****
--- 401,412 ----
return stat + krb_err_base;
bcopy((char *) cred.session, (char *) s_k, sizeof(des_cblock));
bzero((char *) cred.session, sizeof(des_cblock));
+ #ifdef NOENCRYPTION
bzero(s_s, sizeof(des_key_schedule));
+ #else
+ if (stat = key_sched(s_k,s_s))
+ return(stat+krb_err_base);
+ #endif
return KADM_SUCCESS;
} /* This code "works" */
diff -r -c ../oBones/src/lib/kdb/krb_kdb_utils.c src/lib/kdb/krb_kdb_utils.c
*** ../oBones/src/lib/kdb/krb_kdb_utils.c Wed Nov 8 00:39:19 1989
--- src/lib/kdb/krb_kdb_utils.c Tue Sep 11 08:45:25 1990
***************
*** 35,42 ****
--- 35,47 ----
int kfile;
if (prompt) {
+ #ifdef NOENCRYPTION
placebo_read_password(master_key,
"\nEnter Kerberos master key: ", 0);
+ #else
+ des_read_password(master_key,
+ "\nEnter Kerberos master key: ", 0);
+ #endif
printf ("\n");
}
else {
***************
*** 51,56 ****
--- 56,64 ----
close(kfile);
}
+ #ifndef NOENCRYPTION
+ key_sched(master_key,master_key_sched);
+ #endif
return (0);
}
***************
*** 126,130 ****
--- 134,143 ----
int e_d_flag;
{
+ #ifdef NOENCRYPTION
bcopy(in, out, sizeof(C_Block));
+ #else
+ pcbc_encrypt(in,out,(long)sizeof(C_Block),master_key_sched,master_key,
+ e_d_flag);
+ #endif
}
diff -r -c ../oBones/src/lib/krb/create_ciph.c src/lib/krb/create_ciph.c
*** ../oBones/src/lib/krb/create_ciph.c Wed Nov 8 00:39:11 1989
--- src/lib/krb/create_ciph.c Tue Sep 11 12:27:50 1990
***************
*** 101,106 ****
--- 101,111 ----
c->length = (((ptr - (char *) c->dat) + 7) / 8) * 8;
+ #ifndef NOENCRYPTION
+ key_sched(key,key_s);
+ pcbc_encrypt((C_Block *)c->dat,(C_Block *)c->dat,(long) c->length,key_s,
+ key,ENCRYPT);
+ #endif /* NOENCRYPTION */
return(KSUCCESS);
}
diff -r -c ../oBones/src/lib/krb/create_ticket.c src/lib/krb/create_ticket.c
*** ../oBones/src/lib/krb/create_ticket.c Wed Nov 8 00:38:54 1989
--- src/lib/krb/create_ticket.c Tue Sep 11 11:18:35 1990
***************
*** 123,127 ****
--- 123,132 ----
return KFAILURE /* XXX */;
}
+ #ifndef NOENCRYPTION
+ key_sched(key,key_s);
+ pcbc_encrypt((C_Block *)tkt->dat,(C_Block *)tkt->dat,(long)tkt->length,
+ key_s,key,ENCRYPT);
+ #endif
return 0;
}
diff -r -c ../oBones/src/lib/krb/decomp_ticket.c src/lib/krb/decomp_ticket.c
*** ../oBones/src/lib/krb/decomp_ticket.c Wed Nov 8 00:38:55 1989
--- src/lib/krb/decomp_ticket.c Tue Sep 11 08:51:30 1990
***************
*** 68,73 ****
--- 68,77 ----
unsigned char *uptr;
char *ptr = (char *)tkt->dat;
+ #ifndef NOENCRYPTION
+ pcbc_encrypt((C_Block *)tkt->dat,(C_Block *)tkt->dat,(long)tkt->length,
+ key_s,key,DECRYPT);
+ #endif /* ! NOENCRYPTION */
*flags = *ptr; /* get flags byte */
ptr += sizeof(*flags);
diff -r -c ../oBones/src/lib/krb/get_ad_tkt.c src/lib/krb/get_ad_tkt.c
*** ../oBones/src/lib/krb/get_ad_tkt.c Wed Nov 8 00:38:57 1989
--- src/lib/krb/get_ad_tkt.c Tue Sep 11 13:39:33 1990
***************
*** 182,187 ****
--- 182,192 ----
bcopy((char *) pkt_cipher(rpkt),(char *) (cip->dat),cip->length);
+ #ifndef NOENCRYPTION
+ key_sched(cr.session,key_s);
+ pcbc_encrypt((C_Block *)cip->dat,(C_Block *)cip->dat,(long)cip->length,
+ key_s,cr.session,DECRYPT);
+ #endif
/* Get rid of all traces of key */
bzero((char *) cr.session, sizeof(key));
bzero((char *) key_s, sizeof(key_s));
diff -r -c ../oBones/src/lib/krb/get_in_tkt.c src/lib/krb/get_in_tkt.c
*** ../oBones/src/lib/krb/get_in_tkt.c Wed Nov 8 00:38:58 1989
--- src/lib/krb/get_in_tkt.c Tue Sep 11 11:29:40 1990
***************
*** 49,56 ****
--- 49,63 ----
char *user, *instance, *realm, *passwd;
C_Block key;
{
+ #ifdef NOENCRYPTION
if (!passwd)
placebo_read_password(key, "Password: ", 0);
+ #else
+ if (passwd)
+ string_to_key(passwd,key);
+ else
+ des_read_password(key,"Password: ",0);
+ #endif
return (0);
}
***************
*** 80,85 ****
--- 87,93 ----
passwd_to_key, NULL, password));
}
+ #ifdef NOENCRYPTION
/*
* $Source: /mit/kerberos/src/lib/krb/RCS/get_in_tkt.c,v $
* $Author: jtkohl $
***************
*** 280,282 ****
--- 288,291 ----
longjmp(env,1);
}
#endif
+ #endif /* NOENCRYPTION */
diff -r -c ../oBones/src/lib/krb/krb_get_in_tkt.c src/lib/krb/krb_get_in_tkt.c
*** ../oBones/src/lib/krb/krb_get_in_tkt.c Wed Nov 8 00:39:00 1989
--- src/lib/krb/krb_get_in_tkt.c Tue Sep 11 13:42:15 1990
***************
*** 47,52 ****
--- 47,55 ----
C_Block key; /* Key for decrypting cipher */
Key_schedule key_s;
+ #ifndef NOENCRYPTION
+ /* Attempt to decrypt it */
+ #endif
/* generate a key */
***************
*** 57,62 ****
--- 60,70 ----
return(rc);
}
+ #ifndef NOENCRYPTION
+ key_sched(key,key_s);
+ pcbc_encrypt((C_Block *)cip->dat,(C_Block *)cip->dat,
+ (long) cip->length,key_s,key,DES_DECRYPT);
+ #endif /* !NOENCRYPTION */
/* Get rid of all traces of key */
bzero((char *)key,sizeof(key));
bzero((char *)key_s,sizeof(key_s));
diff -r -c ../oBones/src/lib/krb/mk_priv.c src/lib/krb/mk_priv.c
*** ../oBones/src/lib/krb/mk_priv.c Wed Nov 8 00:39:03 1989
--- src/lib/krb/mk_priv.c Tue Sep 11 09:19:12 1990
***************
*** 80,85 ****
--- 80,88 ----
* HOST_BYTE_ORDER byte order in low bit
*
* 4 bytes c_length length of data
+ #ifndef NOENCRYPT
+ * we encrypt from here with pcbc_encrypt
+ #endif
*
* 4 bytes length length of user data
* length in user data
***************
*** 133,139 ****
--- 136,146 ----
bcopy((char *)&length,(char *)p,sizeof(length));
p += sizeof(length);
+ #ifdef NOENCRYPTION
/* make all the stuff contiguous for checksum */
+ #else
+ /* make all the stuff contiguous for checksum and encryption */
+ #endif
bcopy((char *)in,(char *)p,(int) length);
p += length;
***************
*** 191,196 ****
--- 198,206 ----
/* stuff the length */
bcopy((char *) &c_length,(char *)c_length_ptr,sizeof(c_length));
+ #ifndef NOENCRYPTION
+ pcbc_encrypt((C_Block *)q,(C_Block *)q,(long)(p-q),schedule,key,ENCRYPT);
+ #endif /* NOENCRYPTION */
return (q - out + c_length); /* resulting size */
}
diff -r -c ../oBones/src/lib/krb/mk_req.c src/lib/krb/mk_req.c
*** ../oBones/src/lib/krb/mk_req.c Wed Nov 8 00:39:09 1989
--- src/lib/krb/mk_req.c Tue Sep 11 09:22:57 1990
***************
*** 155,160 ****
--- 155,166 ----
/* Fill to a multiple of 8 bytes for DES */
req_id->length = ((req_id->length+7)/8)*8;
+ #ifndef NOENCRYPTION
+ key_sched(cr.session,key_s);
+ pcbc_encrypt((C_Block *)req_id->dat,(C_Block *)req_id->dat,
+ (long)req_id->length,key_s,cr.session,ENCRYPT);
+ bzero((char *) key_s, sizeof(key_s));
+ #endif /* NOENCRYPTION */
/* Copy it into the authenticator */
bcopy((char *)(req_id->dat),(char *)(authent->dat+authent->length),
diff -r -c ../oBones/src/lib/krb/mk_safe.c src/lib/krb/mk_safe.c
*** ../oBones/src/lib/krb/mk_safe.c Wed Nov 8 00:38:59 1989
--- src/lib/krb/mk_safe.c Tue Sep 11 09:24:51 1990
***************
*** 153,160 ****
--- 153,164 ----
bcopy((char *)&msg_time_sec,(char *)p,sizeof(msg_time_sec));
p += sizeof(msg_time_sec);
+ #ifdef NOENCRYPTION
cksum = 0;
bzero(big_cksum, sizeof(big_cksum));
+ #else
+ cksum=quad_cksum(q,big_cksum,p-q,2,key);
+ #endif
if (krb_debug)
printf("\ncksum = %u",cksum);
diff -r -c ../oBones/src/lib/krb/rd_priv.c src/lib/krb/rd_priv.c
*** ../oBones/src/lib/krb/rd_priv.c Wed Nov 8 00:39:08 1989
--- src/lib/krb/rd_priv.c Tue Sep 11 09:27:20 1990
***************
*** 111,116 ****
--- 111,119 ----
q = p; /* mark start of encrypted stuff */
+ #ifndef NOENCRYPTION
+ pcbc_encrypt((C_Block *)q,(C_Block *)q,(long)c_length,schedule,key,DECRYPT);
+ #endif
/* safely get application data length */
bcopy((char *) p,(char *)&(m_data->app_length),
***************
*** 125,130 ****
--- 128,136 ----
> in_length)
return RD_AP_MODIFIED;
+ #ifndef NOENCRYPTION
+ /* we're now at the decrypted application data */
+ #endif
m_data->app_data = p;
p += m_data->app_length;
diff -r -c ../oBones/src/lib/krb/rd_req.c src/lib/krb/rd_req.c
*** ../oBones/src/lib/krb/rd_req.c Wed Nov 8 00:39:04 1989
--- src/lib/krb/rd_req.c Tue Sep 11 09:28:09 1990
***************
*** 71,78 ****
--- 71,86 ----
char *key;
int cvt;
{
+ #ifdef NOENCRYPTION
bzero(ky, sizeof(ky));
return KSUCCESS;
+ #else
+ if (cvt)
+ string_to_key(key,ky);
+ else
+ bcopy(key,(char *)ky,8);
+ return(des_key_sched(ky,serv_key));
+ #endif
}
***************
*** 199,204 ****
--- 207,217 ----
strcmp(st_rlm,realm) || (st_kvno != s_kvno))) {
if (*fn == 0) fn = KEYFILE;
st_kvno = s_kvno;
+ #ifndef NOENCRYPTION
+ if (read_service_key(service,instance,realm,s_kvno,fn,(char *)skey))
+ return(RD_AP_UNDEC);
+ if (status=krb_set_key((char *)skey,0)) return(status);
+ #endif
(void) strcpy(st_rlm,realm);
(void) strcpy(st_nam,service);
(void) strcpy(st_inst,instance);
***************
*** 213,218 ****
--- 226,234 ----
if (krb_ap_req_debug)
log("ticket->length: %d",tkt->length);
+ #ifndef NOENCRYPTION
+ /* Decrypt and take apart ticket */
+ #endif
if (decomp_ticket(tkt,&ad->k_flags,ad->pname,ad->pinst,ad->prealm,
&(ad->address),ad->session, &(ad->life),
***************
*** 233,238 ****
--- 249,259 ----
return(RD_AP_MODIFIED);
bcopy(ptr + tkt->length, (char *)(req_id->dat),req_id->length);
+ #ifndef NOENCRYPTION
+ key_sched(ad->session,seskey_sched);
+ pcbc_encrypt((C_Block *)req_id->dat,(C_Block *)req_id->dat,
+ (long)req_id->length,seskey_sched,ad->session,DES_DECRYPT);
+ #endif /* NOENCRYPTION */
#define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED);
diff -r -c ../oBones/src/lib/krb/rd_safe.c src/lib/krb/rd_safe.c
*** ../oBones/src/lib/krb/rd_safe.c Wed Nov 8 00:39:06 1989
--- src/lib/krb/rd_safe.c Tue Sep 11 09:28:34 1990
***************
*** 167,173 ****
--- 167,177 ----
bcopy((char *)p,(char *)big_cksum,sizeof(big_cksum));
if (swap_bytes) swap_u_16(big_cksum);
+ #ifdef NOENCRYPTION
bzero(calc_cksum, sizeof(calc_cksum));
+ #else
+ quad_cksum(q,calc_cksum,p-q,2,key);
+ #endif
if (krb_debug)
printf("\ncalc_cksum = %u, received cksum = %u",
diff -r -c ../oBones/src/lib/krb/recvauth.c src/lib/krb/recvauth.c
*** ../oBones/src/lib/krb/recvauth.c Mon Sep 10 16:10:56 1990
--- src/lib/krb/recvauth.c Tue Sep 11 09:29:01 1990
***************
*** 252,257 ****
--- 252,260 ----
for return to the client */
cksum = kdata->checksum + 1;
cksum = htonl(cksum);
+ #ifndef NOENCRYPTION
+ key_sched(kdata->session,schedule);
+ #endif
priv_len = krb_mk_priv((unsigned char *)&cksum,
tmp_buf,
(unsigned long) sizeof(cksum),
diff -r -c ../oBones/src/lib/krb/sendauth.c src/lib/krb/sendauth.c
*** ../oBones/src/lib/krb/sendauth.c Mon Sep 10 16:11:24 1990
--- src/lib/krb/sendauth.c Tue Sep 11 09:33:17 1990
***************
*** 214,219 ****
--- 214,222 ----
return(errno);
/* ...and decrypt it */
+ #ifndef NOENCRYPTION
+ key_sched(cred->session,schedule);
+ #endif
if (cc = krb_rd_priv(priv_buf,(unsigned long) tkt_len, schedule,
cred->session, faddr, laddr, msg_data))
return(cc);
diff -r -c ../oBones/src/lib/krb/util.c src/lib/krb/util.c
*** ../oBones/src/lib/krb/util.c Wed Nov 8 00:39:06 1989
--- src/lib/krb/util.c Tue Sep 11 09:34:08 1990
***************
*** 45,51 ****
--- 45,55 ----
x->checksum, x->time_sec);
#endif /* lint */
printf("[8] =");
+ #ifdef NOENCRYPTION
placebo_cblock_print(x->session);
+ #else
+ des_cblock_print_file(x->session,stdout);
+ #endif
/* skip reply for now */
}
***************
*** 55,60 ****
--- 59,65 ----
* Printed format is: " 0x { x, x, x, x, x, x, x, x }"
*/
+ #ifdef NOENCRYPTION
placebo_cblock_print(x)
des_cblock x;
{
***************
*** 69,71 ****
--- 74,77 ----
}
printf(" }");
}
+ #endif
diff -r -c ../oBones/src/server/kerberos.c src/server/kerberos.c
*** ../oBones/src/server/kerberos.c Mon Sep 10 15:46:07 1990
--- src/server/kerberos.c Tue Sep 11 11:41:45 1990
***************
*** 430,437 ****
/* Bound requested lifetime with service and user */
lifetime = min(req_life, ((u_long) s_name_data.max_life));
lifetime = min(lifetime, ((u_long) a_name_data.max_life));
- bzero(session_key, sizeof(C_Block));
/* unseal server's key from master key */
bcopy(&s_name_data.key_low, key, 4);
bcopy(&s_name_data.key_high, ((long *) key) + 1, 4);
--- 430,441 ----
/* Bound requested lifetime with service and user */
lifetime = min(req_life, ((u_long) s_name_data.max_life));
lifetime = min(lifetime, ((u_long) a_name_data.max_life));
+ #ifdef NOENCRYPTION
+ bzero(session_key, sizeof(C_Block));
+ #else
+ random_key(session_key);
+ #endif
/* unseal server's key from master key */
bcopy(&s_name_data.key_low, key, 4);
bcopy(&s_name_data.key_high, ((long *) key) + 1, 4);
***************
*** 552,563 ****
/* unseal server's key from master key */
bcopy(&s_name_data.key_low, key, 4);
bcopy(&s_name_data.key_high, ((long *) key) + 1, 4);
- #ifndef NOENCRYPTION
kdb_encrypt_key(key, key, master_key,
master_key_schedule, DECRYPT);
/* construct and seal the ticket */
bzero(session_key, sizeof(C_Block));
#endif
krb_create_ticket(tk, k_flags, ad->pname, ad->pinst,
--- 556,569 ----
/* unseal server's key from master key */
bcopy(&s_name_data.key_low, key, 4);
bcopy(&s_name_data.key_high, ((long *) key) + 1, 4);
kdb_encrypt_key(key, key, master_key,
master_key_schedule, DECRYPT);
/* construct and seal the ticket */
+ #ifdef NOENCRYPTION
bzero(session_key, sizeof(C_Block));
+ #else
+ random_key(session_key);
#endif
krb_create_ticket(tk, k_flags, ad->pname, ad->pinst,
diff -r -c ../oBones/src/slave/kprop.c src/slave/kprop.c
*** ../oBones/src/slave/kprop.c Mon Sep 10 16:07:02 1990
--- src/slave/kprop.c Tue Sep 11 11:42:43 1990
***************
*** 390,396 ****
--- 390,405 ----
close (s);
continue; /*** NEXT SLAVE ***/
}
+ #ifdef NOENCRYPTION
bzero((char *)session_sched, sizeof(session_sched));
+ #else
+ if (key_sched (cred.session, session_sched)) {
+ fprintf (stderr, "%s: can't make key schedule.",
+ cs->name);
+ close (s);
+ continue; /*** NEXT SLAVE ***/
+ }
+ #endif
/* SAFE (quad_cksum) and CLEAR are just not good enough */
cksum = 0;
#ifdef not_working_yet
diff -r -c ../oBones/src/slave/kpropd.c src/slave/kpropd.c
*** ../oBones/src/slave/kpropd.c Wed Nov 8 00:39:56 1989
--- src/slave/kpropd.c Tue Sep 11 11:43:49 1990
***************
*** 353,359 ****
--- 353,366 ----
Key_schedule session_sched;
if (private)
+ #ifdef NOENCRYPTION
bzero((char *)session_sched, sizeof(session_sched));
+ #else
+ if (key_sched (ad->session, session_sched)) {
+ klog (L_KRB_PERR, "kpropd: can't make key schedule");
+ SlowDeath();
+ }
+ #endif
while (1) {
n = krb_net_read (in, &length, sizeof length);
***************
*** 445,450 ****
--- 452,460 ----
klog(L_KRB_PERR, errmsg);
SlowDeath();
}
+ #ifndef NOENCRYPTION
+ cksum += cbc_cksum(buf, obuf, n, key_sched, key_sched);
+ #endif
}
return cksum;
}
diff -r -c ../oBones/src/util/imake.includes/config.Imakefile src/util/imake.includes/config.Imakefile
*** ../oBones/src/util/imake.includes/config.Imakefile Mon Sep 10 16:12:04 1990
--- src/util/imake.includes/config.Imakefile Tue Sep 11 14:04:54 1990
***************
*** 129,138 ****
--- 129,145 ----
ACL_LIB=$(BUILDTOP)/lib/acl/libacl.a
ACL_LIBDEP=$(ACL_LIB)
+ #ifdef NOENCRYPTION
NOENCFLAG=-DNOENCRYPTION
DES_LIBDEP=
DES_LIB=
DES_LINTLIB=
+ #else /* Do encryption */
+ NOENCFLAG=
+ DES_LIB=$(BUILDTOP)/lib/des/libdes.a
+ DES_LIBDEP=$(DES_LIB)
+ DES_LINTLIB=$(BUILDTOP)/lib/des/llib-ldes.ln
+ #endif /* NOENCRYPTION */
#ifdef NDBM
DBMFLAG=-DNDBM
