doom3/doxygen/krb4_8c_source.html

 /* This source code was modified by Martin Hedenfalk <mhe@stacken.kth.se> for

  * use in Curl. His latest changes were done 2000-09-18.

  *

  * It has since been patched away like a madman by Daniel Stenberg

  * <daniel@haxx.se> to make it better applied to curl conditions, and to make

  * it not use globals, pollute name space and more. This source code awaits a

  * rewrite to work around the paragraph 2 in the BSD licenses as explained

  * below.

  *

  * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska H�gskolan

  * (Royal Institute of Technology, Stockholm, Sweden).

  * All rights reserved.

  *

  * Redistribution and use in source and binary forms, with or without

  * modification, are permitted provided that the following conditions

  * are met:

  *

  * 1. Redistributions of source code must retain the above copyright

  *    notice, this list of conditions and the following disclaimer.

  *

  * 2. Redistributions in binary form must reproduce the above copyright

  *    notice, this list of conditions and the following disclaimer in the

  *    documentation and/or other materials provided with the distribution.

  *

  * 3. Neither the name of the Institute nor the names of its contributors

  *    may be used to endorse or promote products derived from this software

  *    without specific prior written permission.

  *

  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND

  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE

  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  * SUCH DAMAGE.  */


 #include "setup.h"


 #ifndef CURL_DISABLE_FTP

 #ifdef HAVE_KRB4


 #include "security.h"

 #include "base64.h"

 #include <stdlib.h>

 #ifdef HAVE_NETDB_H

 #include <netdb.h>

 #endif

 #include <string.h>

 #include <krb.h>

 #include <des.h>


 #ifdef HAVE_UNISTD_H

 #include <unistd.h> /* for getpid() */

 #endif


 #include "ftp.h"

 #include "sendf.h"

 #include "krb4.h"


 #if defined(HAVE_INET_NTOA_R) && !defined(HAVE_INET_NTOA_R_DECL)

 #include "inet_ntoa_r.h"

 #endif


 /* The last #include file should be: */

 #ifdef CURLDEBUG

 #include "memdebug.h"

 #endif


 #define LOCAL_ADDR (&conn->local_addr)

 #define REMOTE_ADDR (&conn->serv_addr)

 #define myctladdr LOCAL_ADDR

 #define hisctladdr REMOTE_ADDR


 struct krb4_data {

   des_cblock key;

   des_key_schedule schedule;

   char name[ANAME_SZ];

   char instance[INST_SZ];

   char realm[REALM_SZ];

 };


 #ifndef HAVE_STRLCPY

 /* if it ever goes non-static, make it Curl_ prefixed! */

 static size_t

 strlcpy (char *dst, const char *src, size_t dst_sz)

 {

   size_t n;

   char *p;


   for (p = dst, n = 0;

        n + 1 < dst_sz && *src != '\0';

        ++p, ++src, ++n)

     *p = *src;

   *p = '\0';

   if (*src == '\0')

     return n;

   else

     return n + strlen (src);

 }

 #else

 size_t strlcpy (char *dst, const char *src, size_t dst_sz);

 #endif


 static int

 krb4_check_prot(void *app_data, int level)

 {

   app_data = NULL; /* prevent compiler warning */

   if(level == prot_confidential)

     return -1;

   return 0;

 }


 static int

 krb4_decode(void *app_data, void *buf, int len, int level,

             struct connectdata *conn)

 {

   MSG_DAT m;

   int e;

   struct krb4_data *d = app_data;


   if(level == prot_safe)

     e = krb_rd_safe(buf, len, &d->key,

                     (struct sockaddr_in *)REMOTE_ADDR,

                     (struct sockaddr_in *)LOCAL_ADDR, &m);

   else

     e = krb_rd_priv(buf, len, d->schedule, &d->key,

                     (struct sockaddr_in *)REMOTE_ADDR,

                     (struct sockaddr_in *)LOCAL_ADDR, &m);

   if(e) {

     struct SessionHandle *data = conn->data;

     infof(data, "krb4_decode: %s\n", krb_get_err_text(e));

     return -1;

   }

   memmove(buf, m.app_data, m.app_length);

   return m.app_length;

 }


 static int

 krb4_overhead(void *app_data, int level, int len)

 {

   /* no arguments are used, just init them to prevent compiler warnings */

   app_data = NULL;

   level = 0;

   len = 0;

   return 31;

 }


 static int

 krb4_encode(void *app_data, void *from, int length, int level, void **to,

             struct connectdata *conn)

 {

   struct krb4_data *d = app_data;

   *to = malloc(length + 31);

   if(level == prot_safe)

     return krb_mk_safe(from, *to, length, &d->key,

                        (struct sockaddr_in *)LOCAL_ADDR,

                        (struct sockaddr_in *)REMOTE_ADDR);

   else if(level == prot_private)

     return krb_mk_priv(from, *to, length, d->schedule, &d->key,

                        (struct sockaddr_in *)LOCAL_ADDR,

                        (struct sockaddr_in *)REMOTE_ADDR);

   else

     return -1;

 }


 static int

 mk_auth(struct krb4_data *d, KTEXT adat,

         const char *service, char *host, int checksum)

 {

   int ret;

   CREDENTIALS cred;

   char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ];


   strlcpy(sname, service, sizeof(sname));

   strlcpy(inst, krb_get_phost(host), sizeof(inst));

   strlcpy(realm, krb_realmofhost(host), sizeof(realm));

   ret = krb_mk_req(adat, sname, inst, realm, checksum);

   if(ret)

     return ret;

   strlcpy(sname, service, sizeof(sname));

   strlcpy(inst, krb_get_phost(host), sizeof(inst));

   strlcpy(realm, krb_realmofhost(host), sizeof(realm));

   ret = krb_get_cred(sname, inst, realm, &cred);

   memmove(&d->key, &cred.session, sizeof(des_cblock));

   des_key_sched(&d->key, d->schedule);

   memset(&cred, 0, sizeof(cred));

   return ret;

 }


 #ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM

 int krb_get_our_ip_for_realm(char *, struct in_addr *);

 #endif


 static int

 krb4_auth(void *app_data, struct connectdata *conn)

 {

   int ret;

   char *p;

   int len;

   KTEXT_ST adat;

   MSG_DAT msg_data;

   int checksum;

   u_int32_t cs;

   struct krb4_data *d = app_data;

   char *host = conn->hostname;

   ssize_t nread;

   int l = sizeof(conn->local_addr);

   struct SessionHandle *data = conn->data;

   CURLcode result;


   if(getsockname(conn->sock[FIRSTSOCKET],

                  (struct sockaddr *)LOCAL_ADDR, &l) < 0)

     perror("getsockname()");


   checksum = getpid();

   ret = mk_auth(d, &adat, "ftp", host, checksum);

   if(ret == KDC_PR_UNKNOWN)

     ret = mk_auth(d, &adat, "rcmd", host, checksum);

   if(ret) {

     Curl_infof(data, "%s\n", krb_get_err_text(ret));

     return AUTH_CONTINUE;

   }


 #ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM

   if (krb_get_config_bool("nat_in_use")) {

     struct sockaddr_in *localaddr  = (struct sockaddr_in *)LOCAL_ADDR;

     struct in_addr natAddr;


     if (krb_get_our_ip_for_realm(krb_realmofhost(host),

                                  &natAddr) != KSUCCESS

         && krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS)

       Curl_infof(data, "Can't get address for realm %s\n",

                  krb_realmofhost(host));

     else {

       if (natAddr.s_addr != localaddr->sin_addr.s_addr) {

 #ifdef HAVE_INET_NTOA_R

         char ntoa_buf[64];

         char *ip = (char *)inet_ntoa_r(natAddr, ntoa_buf, sizeof(ntoa_buf));

 #else

         char *ip = (char *)inet_ntoa(natAddr);

 #endif

         Curl_infof(data, "Using NAT IP address (%s) for kerberos 4\n", ip);

         localaddr->sin_addr = natAddr;

       }

     }

   }

 #endif


   if(Curl_base64_encode((char *)adat.dat, adat.length, &p) < 1) {

     Curl_failf(data, "Out of memory base64-encoding");

     return AUTH_CONTINUE;

   }


   result = Curl_ftpsendf(conn, "ADAT %s", p);


   free(p);


   if(result)

     return -2;


   if(Curl_GetFTPResponse(&nread, conn, NULL))

     return -1;


   if(data->state.buffer[0] != '2'){

     Curl_failf(data, "Server didn't accept auth data");

     return AUTH_ERROR;

   }


   p = strstr(data->state.buffer, "ADAT=");

   if(!p) {

     Curl_failf(data, "Remote host didn't send adat reply");

     return AUTH_ERROR;

   }

   p += 5;

   len = Curl_base64_decode(p, (char *)adat.dat);

   if(len < 0) {

     Curl_failf(data, "Failed to decode base64 from server");

     return AUTH_ERROR;

   }

   adat.length = len;

   ret = krb_rd_safe(adat.dat, adat.length, &d->key,

                     (struct sockaddr_in *)hisctladdr,

                     (struct sockaddr_in *)myctladdr, &msg_data);

   if(ret) {

     Curl_failf(data, "Error reading reply from server: %s",

                krb_get_err_text(ret));

     return AUTH_ERROR;

   }

   krb_get_int(msg_data.app_data, &cs, 4, 0);

   if(cs - checksum != 1) {

     Curl_failf(data, "Bad checksum returned from server");

     return AUTH_ERROR;

   }

   return AUTH_OK;

 }


 struct Curl_sec_client_mech Curl_krb4_client_mech = {

     "KERBEROS_V4",

     sizeof(struct krb4_data),

     NULL, /* init */

     krb4_auth,

     NULL, /* end */

     krb4_check_prot,

     krb4_overhead,

     krb4_encode,

     krb4_decode

 };


 CURLcode Curl_krb_kauth(struct connectdata *conn)

 {

   des_cblock key;

   des_key_schedule schedule;

   KTEXT_ST tkt, tktcopy;

   char *name;

   char *p;

   char passwd[100];

   int tmp;

   ssize_t nread;

   int save;

   CURLcode result;


   save = Curl_set_command_prot(conn, prot_private);


   result = Curl_ftpsendf(conn, "SITE KAUTH %s", conn->user);


   if(result)

     return result;


   result = Curl_GetFTPResponse(&nread, conn, NULL);

   if(result)

     return result;


   if(conn->data->state.buffer[0] != '3'){

     Curl_set_command_prot(conn, save);

     return CURLE_FTP_WEIRD_SERVER_REPLY;

   }


   p = strstr(conn->data->state.buffer, "T=");

   if(!p) {

     Curl_failf(conn->data, "Bad reply from server");

     Curl_set_command_prot(conn, save);

     return CURLE_FTP_WEIRD_SERVER_REPLY;

   }


   p += 2;

   tmp = Curl_base64_decode(p, (char *)tkt.dat);

   if(tmp < 0) {

     Curl_failf(conn->data, "Failed to decode base64 in reply.\n");

     Curl_set_command_prot(conn, save);

     return CURLE_FTP_WEIRD_SERVER_REPLY;

   }

   tkt.length = tmp;

   tktcopy.length = tkt.length;


   p = strstr(conn->data->state.buffer, "P=");

   if(!p) {

     Curl_failf(conn->data, "Bad reply from server");

     Curl_set_command_prot(conn, save);

     return CURLE_FTP_WEIRD_SERVER_REPLY;

   }

   name = p + 2;

   for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++);

   *p = 0;


   des_string_to_key (conn->passwd, &key);

   des_key_sched(&key, schedule);


   des_pcbc_encrypt((void *)tkt.dat, (void *)tktcopy.dat,

                    tkt.length,

                    schedule, &key, DES_DECRYPT);

   if (strcmp ((char*)tktcopy.dat + 8,

               KRB_TICKET_GRANTING_TICKET) != 0) {

     afs_string_to_key(passwd,

                       krb_realmofhost(conn->hostname),

                       &key);

     des_key_sched(&key, schedule);

     des_pcbc_encrypt((void *)tkt.dat, (void *)tktcopy.dat,

                      tkt.length,

                      schedule, &key, DES_DECRYPT);

   }

   memset(key, 0, sizeof(key));

   memset(schedule, 0, sizeof(schedule));

   memset(passwd, 0, sizeof(passwd));

   if(Curl_base64_encode((char *)tktcopy.dat, tktcopy.length, &p) < 1) {

     failf(conn->data, "Out of memory base64-encoding.");

     Curl_set_command_prot(conn, save);

     return CURLE_OUT_OF_MEMORY;

   }

   memset (tktcopy.dat, 0, tktcopy.length);


   result = Curl_ftpsendf(conn, "SITE KAUTH %s %s", name, p);

   free(p);

   if(result)

     return result;


   result = Curl_GetFTPResponse(&nread, conn, NULL);

   if(result)

     return result;

   Curl_set_command_prot(conn, save);


   return CURLE_OK;

 }


 #endif /* HAVE_KRB4 */

 #endif /* CURL_DISABLE_FTP */

Curl_krb_kauth
CURLcode Curl_krb_kauth(struct connectdata *conn)

strcmp
#define strcmp
Definition: Str.h:41

Curl_failf
void Curl_failf(struct SessionHandle *data, const char *fmt,...)
Definition: sendf.c:146

UrlState::buffer
char buffer[BUFSIZE+1]
Definition: urldata.h:679

FIRSTSOCKET
#define FIRSTSOCKET
Definition: urldata.h:394

AUTH_CONTINUE
#define AUTH_CONTINUE
Definition: security.h:45

Curl_krb4_client_mech
struct Curl_sec_client_mech Curl_krb4_client_mech

n
GLenum GLsizei n
Definition: glext.h:3705

failf
#define failf
Definition: sendf.h:32

sendf.h

Curl_base64_encode
size_t Curl_base64_encode(const char *inp, size_t insize, char **outptr)
Definition: base64.c:123

CURLcode
CURLcode
Definition: curl.h:209

Curl_GetFTPResponse
CURLcode Curl_GetFTPResponse(ssize_t *nreadp, struct connectdata *conn, int *ftpcode)
Definition: ftp.c:208

Curl_base64_decode
size_t Curl_base64_decode(const char *src, char *dest)
Definition: base64.c:81

setup.h

src
GLuint src
Definition: glext.h:5390

SessionHandle::state
struct UrlState state
Definition: urldata.h:903

len
GLenum GLsizei len
Definition: glext.h:3472

Curl_ftpsendf
CURLcode Curl_ftpsendf(struct connectdata *conn, const char *fmt,...)
Definition: ftp.c:2416

result
Boolean result
Definition: PreferencesDialog.cpp:727

ssize_t
#define ssize_t
Definition: config-win32.h:27

prepare.l
list l
Definition: prepare.py:17

inet_ntoa_r
char * inet_ntoa_r(const struct in_addr in, char *buffer, int buflen)

connectdata::passwd
char * passwd
Definition: urldata.h:447

dst
GLuint dst
Definition: glext.h:5285

Curl_sec_client_mech
Definition: security.h:31

CURLE_OUT_OF_MEMORY
Definition: curl.h:237

ftp.h

connectdata::hostname
char * hostname
Definition: urldata.h:432

NULL
#define NULL
Definition: Lib.h:88

data
GLsizei GLsizei GLenum GLenum const GLvoid * data
Definition: glext.h:2853

SessionHandle
Definition: urldata.h:895

CURLE_OK
Definition: curl.h:210

connectdata::data
struct SessionHandle * data
Definition: urldata.h:403

CURLE_FTP_WEIRD_SERVER_REPLY
Definition: curl.h:218

base64.h

Curl_set_command_prot
enum protection_level Curl_set_command_prot(struct connectdata *, enum protection_level)

krb4.h

connectdata::sock
curl_socket_t sock[2]
Definition: urldata.h:454

Curl_infof
void Curl_infof(struct SessionHandle *data, const char *fmt,...)
Definition: sendf.c:130

AUTH_ERROR
#define AUTH_ERROR
Definition: security.h:46

name
const GLcharARB * name
Definition: glext.h:3629

security.h

length
GLsizei const GLcharARB const GLint * length
Definition: glext.h:3599

infof
#define infof
Definition: sendf.h:31

inet_ntoa
#define inet_ntoa(x)
Definition: amigaos.h:40

inet_ntoa_r.h

level
GLint level
Definition: glext.h:2878

memdebug.h

p
GLfloat GLfloat p
Definition: glext.h:4674

connectdata
Definition: urldata.h:401

connectdata::user
char * user
Definition: urldata.h:446

AUTH_OK
Definition: AsyncServer.h:62