-char *ckathv = "Authentication, 8.0.232, 7 Feb 2004";
+char *ckathv = "Authentication, 9.0.235, 16 Mar 2010";
/*
C K U A T H . C -- Authentication for C-Kermit
- Copyright (C) 1999, 2004,
+ Copyright (C) 1999, 2010,
Trustees of Columbia University in the City of New York.
All rights reserved. See the C-Kermit COPYING.TXT file or the
copyright text in the ckcmai.c module for disclaimer and permissions.
#ifndef VMS
#ifndef FREEBSD4
#ifndef OpenBSD
+#ifdef MACOSX
+#include <sys/malloc.h>
+#else /* MACOSX */
#include <malloc.h>
+#endif /* MACOSX */
#endif /* OpenBSD */
#endif /* FREEBSD4 */
#endif /* VMS */
#undef printf
#endif /* printf */
#include "krb5.h"
+
#include "com_err.h"
+
#ifdef saveprintf
#define printf saveprintf
#endif /* saveprintf */
#ifdef CK_SSL
#ifdef LIBDES
#ifdef OPENSSL_097
+#ifdef CK_DES
#define OPENSSL_ENABLE_OLD_DES_SUPPORT
#include <openssl/des.h>
+#endif /* CK_DES */
#endif /* OPENSSL_097 */
#ifndef HEADER_DES_H
#define HEADER_DES_H
static krb5_ticket *k5_ticket = NULL;
#ifndef KRB5_SERVICE_NAME
#define KRB5_SERVICE_NAME "host"
+#ifdef MACOSX
+#define MIT_CURRENT 1
+#define decode_krb5_ticket krb5_decode_ticket
+#define krb5_read_message ck_krb5_read_message
+#define krb5_write_message ck_krb5_write_message
+#endif /* MACOSX */
#endif
_PROTOTYP(static int k5_auth_send,(int,int,int));
buf[0] = SB;
memcpy( &buf[1], sb, len-2 );
- rc = encrypt_parse(buf,len-1);
+ rc = encrypt_parse((CHAR *)buf,len-1);
if (rc < 0) {
free(buf);
if (g_kstream->encrypt && encrypt_is_encrypting()) {
#ifdef DEBUG
- hexdump("from plaintext", s, n);
+ ckhexdump("from plaintext", s, n);
#endif
i.ptr = s;
i.length = n;
g_kstream->encrypt(&i, NULL);
#ifdef DEBUG
- hexdump("to cyphertext", s, n);
+ ckhexdump("to cyphertext", s, n);
#endif
}
else debug(F101,"ck_tn_encrypt not encrypting","",n);
if (g_kstream->decrypt && encrypt_is_decrypting()) {
#ifdef DEBUG
- hexdump("from cyphertext", s, n);
+ ckhexdump("from cyphertext", s, n);
#endif
i.ptr = s;
i.length = n;
g_kstream->decrypt(&i, NULL);
#ifdef DEBUG
- hexdump("to plaintext", s, n);
+ ckhexdump("to plaintext", s, n);
#endif
}
else debug(F101,"ck_tn_decrypt not decrypting","",n);
&encdata, &data);
#else /* MIT_CURRENT */
memset(k4_sched,0,sizeof(Schedule));
- hexdump("auth_send",cred.session,8);
+ ckhexdump("auth_send",cred.session,8);
rc = des_key_sched(cred.session, k4_sched);
if ( rc == -1 ) {
printf("?Invalid DES key specified in credentials\r\n");
debug(F110,"auth_send",
"DES Key Schedule not set by credentials",0);
}
- hexdump("auth_send schedule",k4_sched,8*16);
+ ckhexdump("auth_send schedule",k4_sched,8*16);
des_set_random_generator_seed(cred.session);
des_fixup_key_parity(k4_session_key);
} while ( ck_des_is_weak_key(k4_session_key) );
- hexdump("auth_send des_new_random_key(k4_session_key)",
+ ckhexdump("auth_send des_new_random_key(k4_session_key)",
k4_session_key,8);
/* Decrypt the session key so that we can send it to the */
#else /* NT */
des_ecb_encrypt(&k4_session_key, &k4_session_key, k4_sched, 0);
#endif /* NT */
- hexdump(
+ ckhexdump(
"auth_send des_ecb_encrypt(k4_session_key,k4_session_key,0)",
k4_session_key,8
);
des_ecb_encrypt(&k4_session_key, &k4_challenge, k4_sched, 0);
#endif /* NT */
- hexdump("auth_send des_ecb_encrypt(k4_session_key,k4_challenge,0)",
+ ckhexdump("auth_send des_ecb_encrypt(k4_session_key,k4_challenge,0)",
k4_challenge,8);
#endif /* MIT_CURRENT */
/*
if (x < 256) /* if no overflow, all done */
break;
}
- hexdump("auth_send k4_challenge+1",k4_challenge,8);
+ ckhexdump("auth_send k4_challenge+1",k4_challenge,8);
#ifdef MIT_CURRENT
data.data = k4_challenge;
data.length = 8;
#else /* NT */
des_ecb_encrypt(&k4_challenge, &k4_challenge, k4_sched, 1);
#endif /* NT */
- hexdump("auth_send des_ecb_encrypt(k4_session_key,k4_challenge,1)",
+ ckhexdump("auth_send des_ecb_encrypt(k4_session_key,k4_challenge,1)",
k4_challenge,8);
#endif /* MIT_CURRENT */
}
case AUTHTYPE_KERBEROS_V5:
debug(F111,"auth_send KRB5","k5_auth.length",k5_auth.length);
for ( i=0 ; i<k5_auth.length ; i++ ) {
- if ( ((char *)k5_auth.data)[i] == IAC )
+ if ( (char *)k5_auth.data[i] == IAC )
iaccnt++;
}
-
- if ( k5_auth.length + iaccnt + 10 < sizeof(buf) )
- k5_auth.length = copy_for_net(&buf[7], k5_auth.data, k5_auth.length);
- else {
+ if ( k5_auth.length + iaccnt + 10 < sizeof(buf) ) {
+ k5_auth.length = copy_for_net(&buf[7],
+ (CHAR *)k5_auth.data,
+ k5_auth.length);
+ } else {
debug(F100,"auth_send() KRB5 auth data too large for buffer","",0);
k5_auth.length = 0;
}
- sprintf(&buf[k5_auth.length+7], "%c%c", IAC, SE); /* safe */
+ sprintf((char *)&buf[k5_auth.length+7], "%c%c", IAC, SE); /* safe */
if (deblog || tn_deb || debses) {
int i;
ckmakxmsg(tn_msg,TN_MSG_LEN,
AUTHMODE_NAME(mode)," AUTH ",
NULL,NULL,NULL,NULL,NULL
);
- tn_hex((char *)tn_msg,TN_MSG_LEN,&buf[7],k5_auth.length);
+ tn_hex((CHAR *)tn_msg,TN_MSG_LEN,&buf[7],k5_auth.length);
ckstrncat(tn_msg,"IAC SE",TN_MSG_LEN);
debug(F100,tn_msg,"",0);
if (tn_deb || debses) tn_debug(tn_msg);
#else /* NT */
des_ecb_encrypt(&k4_session_key, &k4_session_key, k4_sched, 1);
#endif /* NT */
- hexdump(
+ ckhexdump(
"k4_auth_reply des_ecb_encrypt(k4_session_key,k4_session_key,1)",
k4_session_key,
8
return AUTH_FAILURE;
}
- hexdump("KRB4_RESPONSE &parsedat[5]",&parsedat[5],8);
+ ckhexdump("KRB4_RESPONSE &parsedat[5]",&parsedat[5],8);
#ifdef CK_ENCRYPTION
- hexdump("KRB4_RESPONSE k4_challenge",k4_challenge,8);
+ ckhexdump("KRB4_RESPONSE k4_challenge",k4_challenge,8);
/* The datablock returned from the host should match the value */
/* we stored in k4_challenge. */
memcpy((void *)k4_auth.dat, (void *)data, k4_auth.length);
} else
k4_auth.length = 0;
- hexdump("k4_auth.dat",k4_auth.dat, k4_auth.length);
+ ckhexdump("k4_auth.dat",k4_auth.dat, k4_auth.length);
/* Get Instance */
inaddr.s_addr = inet_addr(myipaddr);
krb4_d_srv ? krb4_d_srv : KRB4_SERVICE_NAME,
instance, 0, &k4_adat, k4_keytab)) {
- hexdump("k4_adat", &k4_adat, sizeof(AUTH_DAT));
+ ckhexdump("k4_adat", &k4_adat, sizeof(AUTH_DAT));
krb_kntoln(&k4_adat, k4_name);
ckmakmsg(strTmp,sizeof(strTmp),
"Kerberos failed him as ", k4_name,NULL,NULL);
#ifdef CK_ENCRYPTION
memcpy((void *)k4_session_key, (void *)k4_adat.session,
sizeof(Block)); /* safe */
- hexdump("k4_auth_is k4_session_key",k4_session_key,sizeof(Block));
+ ckhexdump("k4_auth_is k4_session_key",k4_session_key,sizeof(Block));
#endif /* ENCRYPTION */
krb_kntoln(&k4_adat, k4_name);
debug(F110,"auth_is CHALLENGE",
"DES Key Schedule not set by credentials",0);
}
- hexdump("auth_is schedule",k4_sched,8*16);
+ ckhexdump("auth_is schedule",k4_sched,8*16);
memcpy((void *)datablock, (void *)data, sizeof(Block)); /* safe */
- hexdump("auth_is challege",datablock,sizeof(Block));
+ ckhexdump("auth_is challege",datablock,sizeof(Block));
/*
* Take the received encrypted challenge, and encrypt
#else /* NT */
des_ecb_encrypt(&datablock, &k4_session_key, k4_sched, 1);
#endif /* NT */
- hexdump("auth_is des_ecb_encrypt(datablock,k4_session_key,1)",
+ ckhexdump("auth_is des_ecb_encrypt(datablock,k4_session_key,1)",
k4_session_key,8);
#ifdef CK_SSL
#else /* NT */
des_ecb_encrypt(&datablock, &k4_challenge, k4_sched, 0);
#endif /* NT */
- hexdump("auth_is des_ecb_encrypt(datablock,k4_challenge,0)",
+ ckhexdump("auth_is des_ecb_encrypt(datablock,k4_challenge,0)",
k4_session_key,8);
#endif /* MIT_CURRENT */
for (r = 7; r >= 0; r--) {
if (t < 256) /* if no overflow, all done */
break;
}
- hexdump("auth_is k4_challenge+1",k4_challenge,8);
+ ckhexdump("auth_is k4_challenge+1",k4_challenge,8);
#ifdef MIT_CURRENT
kdata.data = k4_challenge;
#else /* NT */
des_ecb_encrypt(&k4_challenge, &k4_challenge, k4_sched, 1);
#endif /* NT */
- hexdump("auth_is des_ecb_encrypt(k4_challenge_key,k4_challenge,1)",
+ ckhexdump("auth_is des_ecb_encrypt(k4_challenge_key,k4_challenge,1)",
k4_challenge,8);
#endif /* MIT_CURRENT */
if ( !ok )
passwd[0] = '\0';
} else {
- ckstrncpy(passwd,pwbuf,sizeof(passwd));
+ ckstrncpy(passwd,(char *)pwbuf,sizeof(passwd));
#ifdef OS2
if ( pwcrypt )
ck_encrypt((char *)passwd);
ssl_get_server_finished(&tls_verify[0],12);
ssl_get_client_finished(&tls_verify[12],12);
- reply.data = data;
+ reply.data = (char *)data;
reply.length = cnt;
krb5_auth_con_genaddrs(k5_context, auth_context, ttyfd,
data += 4; /* Point to status byte */
cnt -= 4;
- hexdump("k5_auth_is data",data,cnt);
+ ckhexdump("k5_auth_is data",data,cnt);
debug(F111,"k5_auth_is","how",how);
if (cnt-- < 1) {
#ifdef HEIMDAL
if (!r)
- r = krb5_auth_con_setaddrs_from_fd(k5_context,auth_context,&ttyfd);
-
+ r = krb5_auth_con_setaddrs_from_fd(k5_context,
+ auth_context,
+ &ttyfd);
if (!r)
- r = krb5_sock_to_principal(k5_context,0,"host",
- KRB5_NT_SRV_HST,&server);
-
+ r = krb5_sock_to_principal(k5_context,
+ 0,
+ "host",
+ KRB5_NT_SRV_HST,
+ &server);
if (!r)
#else /* HEIMDAL */
if (!r) {
if ((how & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_START_TLS) {
ssl_get_client_finished(&type_check[2],12);
ssl_get_server_finished(&type_check[14],12);
- hexdump("k5_auth_is type_check",type_check,26);
+ ckhexdump("k5_auth_is type_check",type_check,26);
}
#endif /* CK_SSL */
if ((how & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_START_TLS) {
ssl_get_client_finished(&type_check[2],12);
ssl_get_server_finished(&type_check[14],12);
- hexdump("k5_auth_is type_check",type_check,26);
+ ckhexdump("k5_auth_is type_check",type_check,26);
}
#endif /* CK_SSL */
data += 4; /* Point to status byte */
cnt -= 4;
- hexdump("gssk5_auth_is data",data,cnt);
+ ckhexdump("gssk5_auth_is data",data,cnt);
debug(F111,"gssk5_auth_is","how",how);
if (cnt-- < 1) {
if (!(ssl_active_flag || tls_active_flag))
#endif /* CK_SSL */
{
- hexdump("SRP_RESPONSE ts",ts,sizeof(ts));
- hexdump("SRP_RESPONSE session_key",
+ ckhexdump("SRP_RESPONSE ts",ts,sizeof(ts));
+ ckhexdump("SRP_RESPONSE session_key",
ts->session_key,
SESSION_KEY_LEN
);
debug(F100,"ck_krb_rlogin version 5","",0);
- realm = ck_krb5_realmofhost(hostname);
+ realm = ck_krb5_realmofhost((char *)hostname);
if (!realm) {
ckstrncpy(strTmp, "Can't find realm for host \"",AUTHTMPBL);
- ckstrncat(strTmp, hostname,AUTHTMPBL);
+ ckstrncat(strTmp, (char *)hostname,AUTHTMPBL);
ckstrncat(strTmp, "\"",AUTHTMPBL);
printf("?Kerberos 5 error: %s\r\n",strTmp);
krb5_errno = KRB5_ERR_HOST_REALM_UNKNOWN;
(ck_krb5_is_tgt_valid() > 0)) )
ck_krb5_autoget_TGT(realm);
- buflen = strlen(term_speed)+strlen(remoteuser)+64;
- if ((cksumbuf = malloc(buflen)) == 0)
- {
+ buflen = strlen((char *)term_speed) + strlen((char *)remoteuser) + 64;
+ if ((cksumbuf = malloc(buflen)) == 0) {
printf("Unable to allocate memory for checksum buffer.\r\n");
return(-1);
}
-
ckmakmsg(cksumbuf,buflen,ckuitoa((unsigned short) ntohs(port)),":",
- term_speed,remoteuser);
+ (char *)term_speed,(char *)remoteuser);
cksumdat.data = cksumbuf;
cksumdat.length = strlen(cksumbuf);
return(-1);
}
memset(get_cred,0,sizeof(krb5_creds));
- status = krb5_sname_to_principal(k5_context, hostname, service,
- KRB5_NT_SRV_HST, &get_cred->server);
+ status = krb5_sname_to_principal(k5_context, (char *) hostname,
+ service, KRB5_NT_SRV_HST,
+ &get_cred->server);
if (status) {
printf("ck_krb_rlogin: krb5_sname_to_principal failed: %s\r\n",
error_message(status));
krb5_free_ap_rep_enc_part(k5_context, rep_ret);
}
- (void) ttol(remoteuser, strlen(remoteuser)+1);
- (void) ttol(term_speed, strlen(term_speed)+1);
- (void) ttol(localuser, strlen(localuser)+1);
+ (void) ttol(remoteuser, strlen((char *)remoteuser)+1);
+ (void) ttol(term_speed, strlen((char *)term_speed)+1);
+ (void) ttol(localuser, strlen((char *)localuser)+1);
if (forward_flag) { /* Forward credentials (global) */
if (status = krb5_fwd_tgt_creds( k5_context,
auth_context,
- hostname,
+ (char *)hostname,
ret_cred->client,
ret_cred->server,
0,
if ((c = ttinc(0)) < 0) {
if (c==-1) {
- perror(hostname);
+ perror((char *)hostname);
} else {
printf("ck_krb_rlogin: bad connection with remote host\r\n");
}
if (status = krb5_c_encrypt_length(k5_context,
k5_session_key->enctype,
use_ivecs ? rd_len + 4 : rd_len,
- &net_len)) {
+ (size_t *)&net_len)) {
errno = status;
return(-1);
}
} else if ( cc != rd_len )
return(0);
- hexdump("krb4_des_read des_inbuf",des_inbuf,8);
+ ckhexdump("krb4_des_read des_inbuf",des_inbuf,8);
#ifdef CK_ENCRYPTION
#ifdef KRB524
(void) des_pcbc_encrypt(des_inbuf,
DECRYPT);
#endif /* KRB524 */
#endif /* ENCRYPTION */
- hexdump("krb4_des_read storage",storage,8);
+ ckhexdump("krb4_des_read storage",storage,8);
/*
* when the cleartext block is < 8 bytes, it is "right-justified"
random_confounder(8 - len, garbage_buf);
/* this "right-justifies" the data in the buffer */
(void) memcpy(garbage_buf + 8 - len, buf, len); /* safe */
- hexdump("krb4_des_write garbage_buf",garbage_buf,8);
+ ckhexdump("krb4_des_write garbage_buf",garbage_buf,8);
} else
- hexdump("krb4_des_write buf",buf,8);
+ ckhexdump("krb4_des_write buf",buf,8);
#ifdef CK_ENCRYPTION
#ifdef KRB524
(void) des_pcbc_encrypt((len < 8) ? garbage_buf : buf,
#endif /* KRB524 */
#endif /* ENCRYPTION */
if ( len < 8 )
- hexdump("krb4_des_write (post pcbc) garbage_buf",garbage_buf,8);
+ ckhexdump("krb4_des_write (post pcbc) garbage_buf",garbage_buf,8);
else
- hexdump("krb4_des_write (post pcbc) buf",buf,8);
- hexdump("krb4_des_write (des_outpkt+4)",(des_outpkt+4),8);
+ ckhexdump("krb4_des_write (post pcbc) buf",buf,8);
+ ckhexdump("krb4_des_write (des_outpkt+4)",(des_outpkt+4),8);
/* tell the other end the real amount, but send an 8-byte padded
packet */
len_buf[1] = (len & 0xff0000) >> 16;
len_buf[2] = (len & 0xff00) >> 8;
len_buf[3] = (len & 0xff);
- hexdump("krb4_des_write des_outpkt len",des_outpkt,12);
+ ckhexdump("krb4_des_write des_outpkt len",des_outpkt,12);
cc = net_write(fd, des_outpkt, roundup(len,8)+4);
debug(F111,"net_write","chars written",cc);
return(len);
/* create k5_context */
krb5_init_context(&k5_context);
#ifndef MIT_CURRENT
+#ifndef NO_KRB5_INIT_ETS
+/* This routine is a no-op in Kerberos 1.4.x and later */
+/* and in some installations it can't be found in which case */
+/* define NO_KRB5_INIT_ETS */
if (k5_context)
krb5_init_ets(k5_context);
+#endif /* NO_KRB5_INIT_ETS */
#endif /* MIT_CURRENT */
#ifdef KRB524_CONV
krb524_init_ets(k5_context);
break;
}
}
+
+#ifdef MACOSX
+#ifdef KRB5
+
+krb5_error_code
+ck_krb5_write_message(krb5_context con, krb5_pointer ptr, krb5_data *data)
+{
+ int fd = *((int *)ptr);
+ long msglen;
+
+ msglen = htonl(data->length);
+ if (net_write(fd,(CHAR *)&msglen,4) != 4) {
+ return(-1);
+ }
+ if ( data->length ) {
+ if (net_write(fd,data->data,data->length) != data->length) {
+ return(-1);
+ }
+ }
+ return(0);
+}
+
+krb5_error_code
+ck_krb5_read_message( krb5_context context,
+ krb5_pointer ptr,
+ krb5_data * data)
+{
+ extern int ttyfd;
+ int fd = *((int *)ptr);
+ long msglen;
+ char *p;
+ int i, rc;
+
+ if (net_read(fd,&msglen,4) < 0)
+ return(-1);
+
+ data->length = ntohl(msglen);
+ if ( data->length ) {
+ data->data = malloc(data->length);
+
+ i = 0;
+ while ( i < data->length ) {
+ if ((rc = net_read(fd,&data->data[i],(data->length - i))) < 0)
+ return(-1);
+ i += rc;
+ }
+ }
+ return(0);
+}
+#endif /* KRB5 */
+#endif /* MACOSX */
#endif /* CK_SECURITY */
+
+