1 files changed, 0 insertions, 324 deletions
diff --git a/crypto/kerberosIV/lib/krb/rd_req.c b/crypto/kerberosIV/lib/krb/rd_req.c
deleted file mode 100644
index 4dca78e..0000000
--- a/crypto/kerberosIV/lib/krb/rd_req.c
+++ /dev/null
@@ -1,324 +0,0 @@
-/*
- * Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
- * (Royal Institute of Technology, Stockholm, Sweden).
- * All rights reserved.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 
- * 3. Neither the name of the Institute nor the names of its contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- * 
- * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-#include "krb_locl.h"
-
-RCSID("$Id: rd_req.c,v 1.27.2.2 2000/06/23 04:00:20 assar Exp $");
-
-static struct timeval t_local = { 0, 0 };
-
-/*
- * Keep the following information around for subsequent calls
- * to this routine by the same server using the same key.
- */
-
-static des_key_schedule serv_key;	/* Key sched to decrypt ticket */
-static des_cblock ky;              /* Initialization vector */
-static int st_kvno;		/* version number for this key */
-static char st_rlm[REALM_SZ];	/* server's realm */
-static char st_nam[ANAME_SZ];	/* service name */
-static char st_inst[INST_SZ];	/* server's instance */
-
-/*
- * This file contains two functions.  krb_set_key() takes a DES
- * key or password string and returns a DES key (either the original
- * key, or the password converted into a DES key) and a key schedule
- * for it.
- *
- * krb_rd_req() reads an authentication request and returns information
- * about the identity of the requestor, or an indication that the
- * identity information was not authentic.
- */
-
-/*
- * krb_set_key() takes as its first argument either a DES key or a
- * password string.  The "cvt" argument indicates how the first
- * argument "key" is to be interpreted: if "cvt" is null, "key" is
- * taken to be a DES key; if "cvt" is non-null, "key" is taken to
- * be a password string, and is converted into a DES key using
- * string_to_key().  In either case, the resulting key is returned
- * in the external static variable "ky".  A key schedule is
- * generated for "ky" and returned in the external static variable
- * "serv_key".
- *
- * This routine returns the return value of des_key_sched.
- *
- * krb_set_key() needs to be in the same .o file as krb_rd_req() so that
- * the key set by krb_set_key() is available in private storage for
- * krb_rd_req().
- */
-
-int
-krb_set_key(void *key, int cvt)
-{
-#ifdef NOENCRYPTION
-    memset(ky, 0, sizeof(ky));
-    return KSUCCESS;
-#else /* Encrypt */
-    if (cvt)
-        des_string_to_key((char*)key, &ky);
-    else
-        memcpy((char*)ky, key, 8);
-    return(des_key_sched(&ky, serv_key));
-#endif /* NOENCRYPTION */
-}
-
-
-/*
- * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or
- * AUTH_MSG_APPL_REQUEST_MUTUAL message created by krb_mk_req(),
- * checks its integrity and returns a judgement as to the requestor's
- * identity.
- *
- * The "authent" argument is a pointer to the received message.
- * The "service" and "instance" arguments name the receiving server,
- * and are used to get the service's ticket to decrypt the ticket
- * in the message, and to compare against the server name inside the
- * ticket.  "from_addr" is the network address of the host from which
- * the message was received; this is checked against the network
- * address in the ticket.  If "from_addr" is zero, the check is not
- * performed.  "ad" is an AUTH_DAT structure which is
- * filled in with information about the sender's identity according
- * to the authenticator and ticket sent in the message.  Finally,
- * "fn" contains the name of the file containing the server's key.
- * (If "fn" is NULL, the server's key is assumed to have been set
- * by krb_set_key().  If "fn" is the null string ("") the default
- * file KEYFILE, defined in "krb.h", is used.)
- *
- * krb_rd_req() returns RD_AP_OK if the authentication information
- * was genuine, or one of the following error codes (defined in
- * "krb.h"):
- *
- *	RD_AP_VERSION		- wrong protocol version number
- *	RD_AP_MSG_TYPE		- wrong message type
- *	RD_AP_UNDEC		- couldn't decipher the message
- *	RD_AP_INCON		- inconsistencies found
- *	RD_AP_BADD		- wrong network address
- *	RD_AP_TIME		- client time (in authenticator)
- *				  too far off server time
- *	RD_AP_NYV		- Kerberos time (in ticket) too
- *				  far off server time
- *	RD_AP_EXP		- ticket expired
- *
- * For the message format, see krb_mk_req().
- *
- * Mutual authentication is not implemented.
- */
-
-int
-krb_rd_req(KTEXT authent,	/* The received message */
-	   char *service,	/* Service name */
-	   char *instance,	/* Service instance */
-	   int32_t from_addr,	/* Net address of originating host */
-	   AUTH_DAT *ad,	/* Structure to be filled in */
-	   char *a_fn)		/* Filename to get keys from */
-{
-    static KTEXT_ST ticket;     /* Temp storage for ticket */
-    static KTEXT tkt = &ticket;
-    static KTEXT_ST req_id_st;  /* Temp storage for authenticator */
-    KTEXT req_id = &req_id_st;
-
-    char realm[REALM_SZ];	/* Realm of issuing kerberos */
-
-    unsigned char skey[KKEY_SZ]; /* Session key from ticket */
-    char sname[SNAME_SZ];	/* Service name from ticket */
-    char iname[INST_SZ];	/* Instance name from ticket */
-    char r_aname[ANAME_SZ];	/* Client name from authenticator */
-    char r_inst[INST_SZ];	/* Client instance from authenticator */
-    char r_realm[REALM_SZ];	/* Client realm from authenticator */
-    u_int32_t r_time_sec;	/* Coarse time from authenticator */
-    unsigned long delta_t;      /* Time in authenticator - local time */
-    long tkt_age;		/* Age of ticket */
-    static unsigned char s_kvno;/* Version number of the server's key
-				 * Kerberos used to encrypt ticket */
-
-    struct timeval tv;
-    int status;
-
-    int pvno;
-    int type;
-    int little_endian;
-
-    const char *fn = a_fn;
-
-    unsigned char *p;
-
-    if (authent->length <= 0)
-	return(RD_AP_MODIFIED);
-
-    p = authent->dat;
-
-    /* get msg version, type and byte order, and server key version */
-
-    pvno = *p++;
-
-    if(pvno != KRB_PROT_VERSION)
-	return RD_AP_VERSION;
-    
-    type = *p++;
-    
-    little_endian = type & 1;
-    type &= ~1;
-    
-    if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL)
-	return RD_AP_MSG_TYPE;
-
-    s_kvno = *p++;
-
-    p += krb_get_string(p, realm, sizeof(realm));
-
-    /*
-     * If "fn" is NULL, key info should already be set; don't
-     * bother with ticket file.  Otherwise, check to see if we
-     * already have key info for the given server and key version
-     * (saved in the static st_* variables).  If not, go get it
-     * from the ticket file.  If "fn" is the null string, use the
-     * default ticket file.
-     */
-    if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) ||
-               strcmp(st_rlm,realm) || (st_kvno != s_kvno))) {
-        if (*fn == 0) fn = (char *)KEYFILE;
-        st_kvno = s_kvno;
-        if (read_service_key(service, instance, realm, s_kvno,
-			     fn, (char *)skey))
-            return(RD_AP_UNDEC);
-        if ((status = krb_set_key((char*)skey, 0)))
-	    return(status);
-        strlcpy (st_rlm, realm, REALM_SZ);
-        strlcpy (st_nam, service, SNAME_SZ);
-        strlcpy (st_inst, instance, INST_SZ);
-    }
-
-    tkt->length = *p++;
-
-    req_id->length = *p++;
-
-    if(tkt->length + (p - authent->dat) > authent->length)
-	return RD_AP_MODIFIED;
-
-    memcpy(tkt->dat, p, tkt->length);
-    p += tkt->length;
-
-    if (krb_ap_req_debug)
-        krb_log("ticket->length: %d",tkt->length);
-
-    /* Decrypt and take apart ticket */
-    if (decomp_ticket(tkt, &ad->k_flags, ad->pname, ad->pinst, ad->prealm,
-                      &ad->address, ad->session, &ad->life,
-                      &ad->time_sec, sname, iname, &ky, serv_key))
-        return RD_AP_UNDEC;
-    
-    if (krb_ap_req_debug) {
-        krb_log("Ticket Contents.");
-        krb_log(" Aname:   %s.%s",ad->pname, ad->prealm);
-        krb_log(" Service: %s", krb_unparse_name_long(sname, iname, NULL));
-    }
-
-    /* Extract the authenticator */
-    
-    if(req_id->length + (p - authent->dat) > authent->length)
-	return RD_AP_MODIFIED;
-
-    memcpy(req_id->dat, p, req_id->length);
-    p = req_id->dat;
-    
-#ifndef NOENCRYPTION
-    /* And decrypt it with the session key from the ticket */
-    if (krb_ap_req_debug) krb_log("About to decrypt authenticator");
-
-    encrypt_ktext(req_id, &ad->session, DES_DECRYPT);
-
-    if (krb_ap_req_debug) krb_log("Done.");
-#endif /* NOENCRYPTION */
-
-    /* cast req_id->length to int? */
-#define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED);
-
-    p += krb_get_nir(p,
-		     r_aname, sizeof(r_aname),
-		     r_inst, sizeof(r_inst),
-		     r_realm, sizeof(r_realm));
-
-    p += krb_get_int(p, &ad->checksum, 4, little_endian);
-
-    p++; /* time_5ms is not used */
-
-    p += krb_get_int(p, &r_time_sec, 4, little_endian);
-
-    /* Check for authenticity of the request */
-    if (krb_ap_req_debug)
-        krb_log("Principal: %s.%s@%s / %s.%s@%s",ad->pname,ad->pinst, ad->prealm, 
-	      r_aname, r_inst, r_realm);
-    if (strcmp(ad->pname, r_aname) != 0 ||
-	strcmp(ad->pinst, r_inst) != 0 ||
-	strcmp(ad->prealm, r_realm) != 0)
-	return RD_AP_INCON;
-    
-    if (krb_ap_req_debug)
-        krb_log("Address: %x %x", ad->address, from_addr);
-
-    if (from_addr && (!krb_equiv(ad->address, from_addr)))
-        return RD_AP_BADD;
-
-    gettimeofday(&tv, NULL);
-    delta_t = abs((int)(tv.tv_sec - r_time_sec));
-    if (delta_t > CLOCK_SKEW) {
-        if (krb_ap_req_debug)
-            krb_log("Time out of range: %lu - %lu = %lu",
-		    (unsigned long)t_local.tv_sec,
-		    (unsigned long)r_time_sec,
-		    (unsigned long)delta_t);
-        return RD_AP_TIME;
-    }
-
-    /* Now check for expiration of ticket */
-
-    tkt_age = tv.tv_sec - ad->time_sec;
-    if (krb_ap_req_debug)
-        krb_log("Time: %ld Issue Date: %lu Diff: %ld Life %x",
-		(long)tv.tv_sec,
-		(unsigned long)ad->time_sec,
-		tkt_age,
-		ad->life);
-    
-    if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW))
-	return RD_AP_NYV;
-
-    if (tv.tv_sec > krb_life_to_time(ad->time_sec, ad->life))
-        return RD_AP_EXP;
-
-    /* All seems OK */
-    ad->reply.length = 0;
-
-    return(RD_AP_OK);
-}