📄 res_auth.c
字号:
int version; /* type of credentials to make */ char *principle;/* principle to make the auth rr for */ char *instance; /* instance to make the auth rr for */ AUTH_DAT *ad; /* auth data to place in the rr */ char *buf; /* pointer to the buffer which will contain the rr */ char *rr; /* pointer to a rr pointer */ int rrlen; /* size of the rr buffer */ char *dname; /* name of the domain of the data */ int type; /* type of the data */ int class; /* class of the data */{ char string[MAXDNAME]; long cksum; C_Block bcksum[2]; CREDENTIALS cred; static char realm[REALM_SZ]; char *cp; int num; struct timeval time_v; int err; cp = rr; if((num = mk_tcred_dname(string, type, class, dname, INT_EXT)) == RET_BAD) return(RET_BAD); if((rrlen -= num) < 0) return(KRBCRED_TOOSMALL); bcopy(string, cp, num); cp += num; if((rrlen -= sizeof(u_short)) < 0) return(KRBCRED_TOOSMALL); putshort(T_CRED, cp); cp += sizeof(u_short); if((rrlen -= sizeof(u_short)) < 0) return(KRBCRED_TOOSMALL); putshort(class, cp); cp += sizeof(u_short); if((rrlen -= sizeof(u_long)) < 0) return(KRBCRED_TOOSMALL); putlong((u_long)0, cp); cp += sizeof(u_long); putshort((u_short)(sizeof(u_short) * 2) + (sizeof(u_long) * 2), cp); cp += sizeof(u_short); if((rrlen -= sizeof(u_short)) < 0) return(KRBCRED_TOOSMALL); putshort(AUTH_KRB, cp); cp += sizeof(u_short); if((rrlen -= sizeof(u_short)) < 0) return(KRBCRED_TOOSMALL); putshort(version, cp); cp += sizeof(u_short); gettimeofday(&time_v, NULL); if((rrlen -= sizeof(u_long)) < 0) return(KRBCRED_TOOSMALL); putlong(time_v.tv_sec, cp); cp += sizeof(u_long); if(ad == NULL) { if(krb_get_lrealm(realm, 0) != KSUCCESS) {#ifdef DEBUG if (_res.options & RES_DEBUG) printf("krb_get_lrealm returned %d\n", err);#endif return(KRBCRED_REALM); } if((err = krb_get_cred(principle, instance, realm, &cred)) != KSUCCESS) {#ifdef DEBUG if (_res.options & RES_DEBUG) printf("get_cred error %d\n", err);#endif return(KRBCRED_CRED); } cksum = quad_cksum((char *)buf, bcksum, cp - buf, 2, cred.session); } else { cksum = quad_cksum((char *)buf, bcksum, cp - buf, 2, ad->session); } if((rrlen -= sizeof(u_long)) < 0) return(KRBCRED_TOOSMALL); putlong(cksum, cp); cp += sizeof(u_long); return(cp - rr);}res_rds_krbcred(version, principle, instance, cred, buf, rr, rrlen, dname, type, class) int version; /* type of credentials to read */ char *principle;/* name of the principle to talk with */ char *instance; /* name of the instance to talk with */ CREDENTIALS *cred; /* cred struct for principle principle */ char *buf; /* pointer to the buffer which contains the rr */ char *rr; /* pointer to the auth rr to read */ int rrlen; /* length of the rr */ char *dname; /* domain of the data that must be authen */ int type; /* type of data the rr should authenticate */ int class; /* class of data the rr should authenticate */{ int err;/* char *data;*/ int length; int auth_type; int auth_version; long timemsg; struct timeval time; static char realm[REALM_SZ]; CREDENTIALS cred_buf;/* char *cksummsg; int cksum;*/ long cksummsg; long cksum; C_Block bcksum[2]; char string[MAXDNAME]; char dnbuf[MAXDNAME]; int n; char *cp; int num; int rr_type; int rr_class; if(version != ONE) return(KRBCRED_NOTSUPP); cp = rr; /* get kerberos ticket */ if((n = dn_expand(buf, rr + rrlen, cp, dnbuf, sizeof(dnbuf))) < 0) return(KRBCRED_EXPAND); cp += n; if((num = mk_tcred_dname(string, type, class, dname, INT_INT)) == RET_BAD) return(KRBCRED_NAME); if(bcmp(string, dnbuf, strlen(string))) return(KRBCRED_NAMECMP); rr_type = _getshort(cp); cp += sizeof(u_short); rr_class = _getshort(cp); cp += sizeof(u_short); if(rr_class != class) return(KRBCRED_CLASS); if(rr_type != T_CRED) return(KRBCRED_TYPE); cp += sizeof(u_long); length = _getshort(cp); cp += sizeof(u_short);/* data = cp;*/ auth_type = _getshort(cp); cp += sizeof(u_short); auth_version = _getshort(cp); cp += sizeof(u_short); if(auth_type != AUTH_KRB) return(KRBCRED_AUTHTYPE); if( auth_version != version) return(KRBCRED_AUTHVER); timemsg = _getlong(cp); cp += sizeof(u_long);/* cksummsg = cp;*/ cksummsg = _getlong(cp); gettimeofday(&time, NULL); bzero(bcksum, sizeof(bcksum)); if ((err = krb_get_lrealm(realm, 0)) != KSUCCESS) {#ifdef DEBUG if (_res.options & RES_DEBUG) printf("krb_get_lrealm returned %d\n", err);#endif return(KRBCRED_REALM); } if(cred == NULL) { if((err = krb_get_cred(principle, instance, realm, &cred_buf)) != KSUCCESS) {#ifdef DEBUG if (_res.options & RES_DEBUG) printf("get_cred error %d\n", err);#endif return(KRBCRED_CRED); } cred = &cred_buf; } cksum = quad_cksum((char *)buf, bcksum, cp - (char *)buf, 2, cred->session);/* if (!bcmp(&cksum, cksummsg, length - (cksummsg - data) ) && abs(timemsg - time.tv_sec) < 5 * 60) return(RET_OK);*/ if (cksum == cksummsg && abs(timemsg - time.tv_sec) < 5 * 60) return((cp - rr) + sizeof(u_long) ); return(KRBCRED_TIME);}res_rdl_krbcred(version, ad, buf, rr, rrlen, dname, type, class, from) int version; /* type of credentials to read */ AUTH_DAT *ad; /* auth data contained in the rr */ char *buf; /* pointer to the buffer which contains the rr */ char *rr; /* poiner to a rr */ int rrlen; /* length of the rr */ char *dname; /* domain of the data that must be authen */ int type; /* type of data the rr should authenticate */ int class; /* class of data the rr should authenticate */ struct sockaddr_in *from; /* address the msg came from */{ char *cp; int auth_type; int auth_version; KTEXT_ST cred; char string[MAXDNAME]; char dnbuf[MAXDNAME]; int length; int num; int rr_type; int rr_class; int n; int err; long cksum; C_Block bcksum[2]; if(version != ONE) return(KRBCRED_NOTSUPP); cp = rr; /* get kerberos ticket */ if((n = dn_expand(buf, rr + rrlen, cp, dnbuf, sizeof(dnbuf))) < 0) return(KRBCRED_EXPAND); cp += n; if((num = mk_tcred_dname(string, type, class, dname, INT_INT)) == RET_BAD) return(KRBCRED_NAME); if(bcmp(string, dnbuf, strlen(string))) return(KRBCRED_NAMECMP); rr_type = _getshort(cp); cp += sizeof(u_short); rr_class = _getshort(cp); cp += sizeof(u_short); if(rr_class != class) return(KRBCRED_CLASS); if(rr_type != T_CRED) return(KRBCRED_TYPE); /* skip over ttl */ cp += sizeof(u_long); cred.length = _getshort(cp); cp += sizeof(u_short); length = (cp - rr ) + cred.length; auth_type = _getshort(cp); cp += sizeof(u_short); auth_version = _getshort(cp); cp += sizeof(u_short); if(auth_type != AUTH_KRB) return(KRBCRED_AUTHTYPE); if(auth_version != version) return(KRBCRED_AUTHVER); bcopy(cp, cred.dat, cred.length - (sizeof(u_short) * 2)); err = krb_rd_req(&cred, NULL, NULL, from->sin_addr, ad, NULL); if (err != KSUCCESS) {#ifdef DEBUG if (err == RD_AP_BADD && debug) { fprintf(ddt, "from->sin_addr = %s, ", inet_ntoa(from->sin_addr)); fprintf(ddt, "ad.address = %s\n", inet_ntoa(ad->address)); } if (debug) fprintf(ddt,"kerberos error %d\n", err);#endif return(KRBCRED_CRED); } else { bzero(bcksum, sizeof(bcksum)); cksum = quad_cksum((char *)buf, bcksum, cp - buf - (3 * sizeof(u_short)), 2, ad->session); if (cksum != ad->checksum) {#ifdef DEBUG if (debug) fprintf(ddt,"crypto checsum failed\n");#endif return(KRBCRED_CKSUM); } else {#ifdef DEBUG if (debug) fprintf(ddt, "kerberos authenticated %s%s%s@%s\n", ad->pname, ad->pinst[0] == 0 ?"":".", ad->pinst, ad->prealm);#endif return(length); } }}char *res_dotname_head(str) char *str;{ char *dest; char *cpdest; char *cpsrc; if((dest = (char *)malloc(MAXDNAME)) == NULL) return(NULL); for(cpsrc = str, cpdest = dest; *cpsrc != '.' && *cpsrc != '\0'; cpsrc++, cpdest++) { *cpdest = *cpsrc; } *cpdest = '\0'; return(dest);}res_dname_rmhead(dname) u_char **dname;{ u_short length; length = (u_short)**dname; *dname += length + 1;}res_dotname_rmhead(str) char **str;{ char *cp; for(cp = *str; *cp != '.' && *cp != '\0'; cp++); if (*cp == '\0') *str = cp; else *str = cp + 1;}#endif AUTHEN⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -