ReactOS  0.4.13-dev-464-g6b95727
auth_des.h File Reference
#include <rpc/auth.h>
Include dependency graph for auth_des.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  authdes_fullname
 
struct  authdes_cred
 
struct  authdes_verf
 

Macros

#define adv_timestamp   adv_time_u.adv_ctime
 
#define adv_xtimestamp   adv_time_u.adv_xtime
 
#define adv_winverf   adv_int_u
 
#define adv_timeverf   adv_time_u.adv_ctime
 
#define adv_xtimeverf   adv_time_u.adv_xtime
 
#define adv_nickname   adv_int_u
 

Enumerations

enum  authdes_namekind { ADN_FULLNAME, ADN_NICKNAME }
 

Functions

__BEGIN_DECLS int authdes_getucred (struct authdes_cred *, uid_t *, gid_t *, int *, gid_t *)
 
__END_DECLS __BEGIN_DECLS bool_t xdr_authdes_cred (XDR *, struct authdes_cred *)
 
bool_t xdr_authdes_verf (XDR *, struct authdes_verf *)
 
int rtime (dev_t, struct netbuf *, int, struct timeval *, struct timeval *)
 
void kgetnetname (char *)
 
enum auth_stat _svcauth_des (struct svc_req *, struct rpc_msg *)
 

Macro Definition Documentation

◆ adv_nickname

#define adv_nickname   adv_int_u

Definition at line 111 of file auth_des.h.

◆ adv_timestamp

#define adv_timestamp   adv_time_u.adv_ctime

Definition at line 98 of file auth_des.h.

◆ adv_timeverf

#define adv_timeverf   adv_time_u.adv_ctime

Definition at line 109 of file auth_des.h.

◆ adv_winverf

#define adv_winverf   adv_int_u

Definition at line 100 of file auth_des.h.

◆ adv_xtimestamp

#define adv_xtimestamp   adv_time_u.adv_xtime

Definition at line 99 of file auth_des.h.

◆ adv_xtimeverf

#define adv_xtimeverf   adv_time_u.adv_xtime

Definition at line 110 of file auth_des.h.

Enumeration Type Documentation

◆ authdes_namekind

Enumerator
ADN_FULLNAME 
ADN_NICKNAME 

Definition at line 50 of file auth_des.h.

50  {
51  ADN_FULLNAME,
53 };

Function Documentation

◆ _svcauth_des()

enum auth_stat _svcauth_des ( struct svc_req ,
struct rpc_msg  
)

Definition at line 106 of file svc_auth_des.c.

109 {
110 
111  long *ixdr;
112  des_block cryptbuf[2];
113  struct authdes_cred *cred;
114  struct authdes_verf verf;
115  int status;
116  struct cache_entry *entry;
117  short sid = 0;
118  des_block *sessionkey;
119  des_block ivec;
120  u_int window;
121  struct timeval timestamp;
122  u_long namelen;
123  struct area {
124  struct authdes_cred area_cred;
125  char area_netname[MAXNETNAMELEN+1];
126  } *area;
127 
128  if (authdes_cache == NULL) {
129  cache_init();
130  }
131 
132  area = (struct area *)rqst->rq_clntcred;
133  cred = (struct authdes_cred *)&area->area_cred;
134 
135  /*
136  * Get the credential
137  */
138  ixdr = (long *)msg->rm_call.cb_cred.oa_base;
139  cred->adc_namekind = IXDR_GET_ENUM(ixdr, enum authdes_namekind);
140  switch (cred->adc_namekind) {
141  case ADN_FULLNAME:
142  namelen = IXDR_GET_U_LONG(ixdr);
143  if (namelen > MAXNETNAMELEN) {
144  return (AUTH_BADCRED);
145  }
146  cred->adc_fullname.name = area->area_netname;
147  bcopy((char *)ixdr, cred->adc_fullname.name,
148  (u_int)namelen);
149  cred->adc_fullname.name[namelen] = 0;
150  ixdr += (RNDUP(namelen) / BYTES_PER_XDR_UNIT);
151  cred->adc_fullname.key.key.high = (u_long)*ixdr++;
152  cred->adc_fullname.key.key.low = (u_long)*ixdr++;
153  cred->adc_fullname.window = (u_long)*ixdr++;
154  break;
155  case ADN_NICKNAME:
156  cred->adc_nickname = (u_long)*ixdr++;
157  break;
158  default:
159  return (AUTH_BADCRED);
160  }
161 
162  /*
163  * Get the verifier
164  */
165  ixdr = (long *)msg->rm_call.cb_verf.oa_base;
166  verf.adv_xtimestamp.key.high = (u_long)*ixdr++;
167  verf.adv_xtimestamp.key.low = (u_long)*ixdr++;
168  verf.adv_int_u = (u_long)*ixdr++;
169 
170 
171  /*
172  * Get the conversation key
173  */
174  if (cred->adc_namekind == ADN_FULLNAME) {
175  netobj pkey;
176  char pkey_data[1024];
177 
178  sessionkey = &cred->adc_fullname.key;
179  if (! getpublickey(cred->adc_fullname.name, pkey_data)) {
180  debug("getpublickey");
181  return(AUTH_BADCRED);
182  }
183  pkey.n_bytes = pkey_data;
184  pkey.n_len = strlen(pkey_data) + 1;
185  if (key_decryptsession_pk(cred->adc_fullname.name, &pkey,
186  sessionkey) < 0) {
187  debug("decryptsessionkey");
188  return (AUTH_BADCRED); /* key not found */
189  }
190  } else { /* ADN_NICKNAME */
191  sid = (short)cred->adc_nickname;
192  if (sid < 0 || sid >= AUTHDES_CACHESZ) {
193  debug("bad nickname");
194  return (AUTH_BADCRED); /* garbled credential */
195  }
196  sessionkey = &authdes_cache[sid].key;
197  }
198 
199 
200  /*
201  * Decrypt the timestamp
202  */
203  cryptbuf[0] = verf.adv_xtimestamp;
204  if (cred->adc_namekind == ADN_FULLNAME) {
205  cryptbuf[1].key.high = cred->adc_fullname.window;
206  cryptbuf[1].key.low = verf.adv_winverf;
207  ivec.key.high = ivec.key.low = 0;
208  status = cbc_crypt((char *)sessionkey, (char *)cryptbuf,
209  2*sizeof(des_block), DES_DECRYPT | DES_HW,
210  (char *)&ivec);
211  } else {
212  status = ecb_crypt((char *)sessionkey, (char *)cryptbuf,
213  sizeof(des_block), DES_DECRYPT | DES_HW);
214  }
215  if (DES_FAILED(status)) {
216  debug("decryption failure");
217  return (AUTH_FAILED); /* system error */
218  }
219 
220  /*
221  * XDR the decrypted timestamp
222  */
223  ixdr = (long *)cryptbuf;
224  timestamp.tv_sec = IXDR_GET_LONG(ixdr);
225  timestamp.tv_usec = IXDR_GET_LONG(ixdr);
226 
227  /*
228  * Check for valid credentials and verifiers.
229  * They could be invalid because the key was flushed
230  * out of the cache, and so a new session should begin.
231  * Be sure and send AUTH_REJECTED{CRED, VERF} if this is the case.
232  */
233  {
234  struct timeval current;
235  int nick;
236  int winverf;
237 
238  if (cred->adc_namekind == ADN_FULLNAME) {
239  window = IXDR_GET_U_LONG(ixdr);
240  winverf = IXDR_GET_U_LONG(ixdr);
241  if (winverf != window - 1) {
242  debug("window verifier mismatch");
243  return (AUTH_BADCRED); /* garbled credential */
244  }
245  sid = cache_spot(sessionkey, cred->adc_fullname.name,
246  &timestamp);
247  if (sid < 0) {
248  debug("replayed credential");
249  return (AUTH_REJECTEDCRED); /* replay */
250  }
251  nick = 0;
252  } else { /* ADN_NICKNAME */
253  window = authdes_cache[sid].window;
254  nick = 1;
255  }
256 
257  if ((u_long)timestamp.tv_usec >= USEC_PER_SEC) {
258  debug("invalid usecs");
259  /* cached out (bad key), or garbled verifier */
260  return (nick ? AUTH_REJECTEDVERF : AUTH_BADVERF);
261  }
262  if (nick && BEFORE(&timestamp,
263  &authdes_cache[sid].laststamp)) {
264  debug("timestamp before last seen");
265  return (AUTH_REJECTEDVERF); /* replay */
266  }
267  (void) gettimeofday(&current, (struct timezone *)NULL);
268  current.tv_sec -= window; /* allow for expiration */
269  if (!BEFORE(&current, &timestamp)) {
270  debug("timestamp expired");
271  /* replay, or garbled credential */
272  return (nick ? AUTH_REJECTEDVERF : AUTH_BADCRED);
273  }
274  }
275 
276  /*
277  * Set up the reply verifier
278  */
279  verf.adv_nickname = (u_long)sid;
280 
281  /*
282  * xdr the timestamp before encrypting
283  */
284  ixdr = (long *)cryptbuf;
285  IXDR_PUT_LONG(ixdr, timestamp.tv_sec - 1);
286  IXDR_PUT_LONG(ixdr, timestamp.tv_usec);
287 
288  /*
289  * encrypt the timestamp
290  */
291  status = ecb_crypt((char *)sessionkey, (char *)cryptbuf,
292  sizeof(des_block), DES_ENCRYPT | DES_HW);
293  if (DES_FAILED(status)) {
294  debug("encryption failure");
295  return (AUTH_FAILED); /* system error */
296  }
297  verf.adv_xtimestamp = cryptbuf[0];
298 
299  /*
300  * Serialize the reply verifier, and update rqst
301  */
302  ixdr = (long *)msg->rm_call.cb_verf.oa_base;
303  *ixdr++ = (long)verf.adv_xtimestamp.key.high;
304  *ixdr++ = (long)verf.adv_xtimestamp.key.low;
305  *ixdr++ = (long)verf.adv_int_u;
306 
307  rqst->rq_xprt->xp_verf.oa_flavor = AUTH_DES;
308  rqst->rq_xprt->xp_verf.oa_base = msg->rm_call.cb_verf.oa_base;
309  rqst->rq_xprt->xp_verf.oa_length =
310  (char *)ixdr - msg->rm_call.cb_verf.oa_base;
311 
312  /*
313  * We succeeded, commit the data to the cache now and
314  * finish cooking the credential.
315  */
316  entry = &authdes_cache[sid];
317  entry->laststamp = timestamp;
318  cache_ref(sid);
319  if (cred->adc_namekind == ADN_FULLNAME) {
320  cred->adc_fullname.window = window;
321  cred->adc_nickname = (u_long)sid; /* save nickname */
322  if (entry->rname != NULL) {
323  mem_free(entry->rname, strlen(entry->rname) + 1);
324  }
325  entry->rname = (char *)mem_alloc((u_int)strlen(cred->adc_fullname.name)
326  + 1);
327  if (entry->rname != NULL) {
328  (void) strcpy(entry->rname, cred->adc_fullname.name);
329  } else {
330  debug("out of memory");
331  }
332  entry->key = *sessionkey;
333  entry->window = window;
334  invalidate(entry->localcred); /* mark any cached cred invalid */
335  } else { /* ADN_NICKNAME */
336  /*
337  * nicknames are cooked into fullnames
338  */
339  cred->adc_namekind = ADN_FULLNAME;
340  cred->adc_fullname.name = entry->rname;
341  cred->adc_fullname.key = entry->key;
342  cred->adc_fullname.window = entry->window;
343  }
344  return (AUTH_OK); /* we made it!*/
345 }
#define IXDR_PUT_LONG(buf, v)
Definition: xdr.h:273
#define AUTHDES_CACHESZ
Definition: svc_auth_des.c:76
static void invalidate()
struct png_info_def **typedef void(__cdecl typeof(png_destroy_read_struct))(struct png_struct_def **
Definition: typeof.h:49
#define DES_DECRYPT
Definition: des_crypt.h:52
unsigned long u_long
Definition: linux.h:269
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
struct des_block::@179 key
int key_decryptsession_pk(const char *, netobj *, des_block *)
#define DES_FAILED(err)
Definition: des_crypt.h:65
int cbc_crypt(char *key, char *buf, unsigned len, unsigned mode, char *ivec)
Definition: des_crypt.c:75
FT_UInt sid
Definition: cffcmap.c:139
struct authdes_fullname adc_fullname
Definition: auth_des.h:72
Definition: svc_auth_des.c:77
GLint namelen
Definition: glext.h:7232
static short cache_spot()
#define IXDR_GET_U_LONG(buf)
Definition: xdr.h:277
unsigned short(__cdecl typeof(TIFFCurrentDirectory))(struct tiff *)
Definition: typeof.h:93
#define gettimeofday(tv, tz)
Definition: adns_win32.h:159
#define mem_alloc(bsize)
Definition: types.h:123
u_int32_t adc_nickname
Definition: auth_des.h:74
#define DES_ENCRYPT
Definition: des_crypt.h:51
#define debug(msg)
Definition: svc_auth_des.c:68
#define USEC_PER_SEC
Definition: svc_auth_des.c:70
#define IXDR_GET_ENUM(buf, t)
Definition: xdr.h:276
Definition: auth.h:145
Definition: xdr.h:332
#define DES_HW
Definition: des_crypt.h:56
smooth NULL
Definition: ftsmooth.c:416
int ecb_crypt(char *key, char *buf, unsigned len, unsigned mode)
Definition: des_crypt.c:102
if(!(yy_init))
Definition: macro.lex.yy.c:714
#define bcopy(s1, s2, n)
Definition: various.h:25
u_int n_len
Definition: xdr.h:333
uint32_t entry
Definition: isohybrid.c:63
#define RNDUP(x)
Definition: xdr.h:94
enum authdes_namekind adc_namekind
Definition: auth_des.h:71
static IHTMLWindow2 * window
Definition: events.c:77
#define MAXNETNAMELEN
Definition: auth.h:78
char * n_bytes
Definition: xdr.h:334
int getpublickey(char *netname, char *publickey) const
Definition: getpublickey.c:166
UINT32 u_int
Definition: types.h:82
#define long
Definition: qsort.c:33
static Real area(Real A[2], Real B[2], Real C[2])
Definition: polyDBG.cc:50
authdes_namekind
Definition: auth_des.h:50
#define BEFORE(t1, t2)
Definition: svc_auth_des.c:71
#define AUTH_DES
Definition: auth.h:407
#define msg(x)
Definition: auth_time.c:54
char * strcpy(char *DstString, const char *SrcString)
Definition: utclib.c:388
#define mem_free(ptr, bsize)
Definition: types.h:124
#define IXDR_GET_LONG(buf)
Definition: xdr.h:272
Definition: fake.h:14
static SERVICE_STATUS status
Definition: service.c:31
static void cache_ref()
static void cache_init()
Definition: svc_auth_des.c:352
struct task_struct * current
Definition: linux.c:32
static struct cache_entry * authdes_cache
Definition: svc_auth_des.c:84
#define BYTES_PER_XDR_UNIT
Definition: xdr.h:93
Definition: ps.c:97

Referenced by _authenticate().

◆ authdes_getucred()

__BEGIN_DECLS int authdes_getucred ( struct authdes_cred ,
uid_t ,
gid_t ,
int ,
gid_t  
)

◆ kgetnetname()

void kgetnetname ( char )

◆ rtime()

int rtime ( dev_t  ,
struct netbuf ,
int  ,
struct timeval ,
struct timeval  
)

◆ xdr_authdes_cred()

__END_DECLS __BEGIN_DECLS bool_t xdr_authdes_cred ( XDR ,
struct authdes_cred  
)

Definition at line 46 of file authdes_prot.c.

49 {
50  /*
51  * Unrolled xdr
52  */
53  ATTEMPT(xdr_enum(xdrs, (enum_t *)&cred->adc_namekind));
54  switch (cred->adc_namekind) {
55  case ADN_FULLNAME:
56  ATTEMPT(xdr_string(xdrs, &cred->adc_fullname.name,
57  MAXNETNAMELEN));
58  ATTEMPT(xdr_opaque(xdrs, (caddr_t)&cred->adc_fullname.key,
59  sizeof(des_block)));
60  ATTEMPT(xdr_opaque(xdrs, (caddr_t)&cred->adc_fullname.window,
61  sizeof(cred->adc_fullname.window)));
62  return (TRUE);
63  case ADN_NICKNAME:
64  ATTEMPT(xdr_opaque(xdrs, (caddr_t)&cred->adc_nickname,
65  sizeof(cred->adc_nickname)));
66  return (TRUE);
67  default:
68  return (FALSE);
69  }
70 }
#define TRUE
Definition: types.h:120
bool_t xdr_string(XDR *xdrs, char **cpp, u_int maxsize)
Definition: xdr.c:678
char * caddr_t
Definition: rosdhcp.h:36
bool_t xdr_enum(XDR *xdrs, enum_t *ep)
Definition: xdr.c:458
int32_t enum_t
Definition: types.h:102
bool_t xdr_opaque(XDR *xdrs, caddr_t cp, u_int cnt)
Definition: xdr.c:484
#define MAXNETNAMELEN
Definition: auth.h:78
#define ATTEMPT(xdr_op)
Definition: authdes_prot.c:43

◆ xdr_authdes_verf()

bool_t xdr_authdes_verf ( XDR ,
struct authdes_verf  
)

Definition at line 74 of file authdes_prot.c.

77 {
78  /*
79  * Unrolled xdr
80  */
81  ATTEMPT(xdr_opaque(xdrs, (caddr_t)&verf->adv_xtimestamp,
82  sizeof(des_block)));
83  ATTEMPT(xdr_opaque(xdrs, (caddr_t)&verf->adv_int_u,
84  sizeof(verf->adv_int_u)));
85  return (TRUE);
86 }
#define TRUE
Definition: types.h:120
char * caddr_t
Definition: rosdhcp.h:36
bool_t xdr_opaque(XDR *xdrs, caddr_t cp, u_int cnt)
Definition: xdr.c:484
#define ATTEMPT(xdr_op)
Definition: authdes_prot.c:43