spx.c

早期freebsd实现

	}

	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
		return(0);
	}

	if (!Data(ap, SPX_AUTH, (void *)output_token.value, output_token.length)) {
		return(0);
	}

	return(1);
}

	void
spx_is(ap, data, cnt)
	Authenticator *ap;
	unsigned char *data;
	int cnt;
{
	Session_Key skey;
	Block datablock;
	int r;

	if (cnt-- < 1)
		return;
	switch (*data++) {
	case SPX_AUTH:
	        input_token.length = cnt;
		input_token.value = (char *) data;

		gethostname(lhostname, sizeof(lhostname));

		strcpy(targ_printable, "SERVICE:rcmd@");
		strcat(targ_printable, lhostname);

		input_name_buffer.length = strlen(targ_printable);
		input_name_buffer.value = targ_printable;

		major_status = gss_import_name(&status,
                                       &input_name_buffer,
                                       GSS_C_NULL_OID,
                                       &desired_targname);

		major_status = gss_acquire_cred(&status,
                                        desired_targname,
                                        0,
                                        GSS_C_NULL_OID_SET,
                                        GSS_C_ACCEPT,
                                        &gss_cred_handle,
                                        &actual_mechs,
                                        &lifetime_rec);

		major_status = gss_release_name(&status, desired_targname);

		input_chan_bindings = (gss_channel_bindings)
		  malloc(sizeof(gss_channel_bindings_desc));

		input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
		input_chan_bindings->initiator_address.length = 4;
		address = (char *) malloc(4);
		input_chan_bindings->initiator_address.value = (char *) address;
		address[0] = ((from_addr & 0xff000000) >> 24);
		address[1] = ((from_addr & 0xff0000) >> 16);
		address[2] = ((from_addr & 0xff00) >> 8);
		address[3] = (from_addr & 0xff);
		input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
		input_chan_bindings->acceptor_address.length = 4;
		address = (char *) malloc(4);
		input_chan_bindings->acceptor_address.value = (char *) address;
		address[0] = ((to_addr & 0xff000000) >> 24);
		address[1] = ((to_addr & 0xff0000) >> 16);
		address[2] = ((to_addr & 0xff00) >> 8);
		address[3] = (to_addr & 0xff);
		input_chan_bindings->application_data.length = 0;

		major_status = gss_accept_sec_context(&status,
					      &context_handle,
                                              gss_cred_handle,
                                              &input_token,
                                              input_chan_bindings,
                                              &src_name,
                                              &actual_mech_type,
                                              &output_token,
                                              &ret_flags,
                                              &lifetime_rec,
                                              &gss_delegated_cred_handle);


		if (major_status != GSS_S_COMPLETE) {

		  major_status = gss_display_name(&status,
					  src_name,
                                          &fullname_buffer,
                                          &fullname_type);
			Data(ap, SPX_REJECT, (void *)"auth failed", -1);
			auth_finished(ap, AUTH_REJECT);
			return;
		}

		major_status = gss_display_name(&status,
                                          src_name,
                                          &fullname_buffer,
                                          &fullname_type);


		Data(ap, SPX_ACCEPT, (void *)output_token.value, output_token.length);
		auth_finished(ap, AUTH_USER);
		break;

	default:
		Data(ap, SPX_REJECT, 0, 0);
		break;
	}
}


	void
spx_reply(ap, data, cnt)
	Authenticator *ap;
	unsigned char *data;
	int cnt;
{
	Session_Key skey;

	if (cnt-- < 1)
		return;
	switch (*data++) {
	case SPX_REJECT:
		if (cnt > 0) {
			printf("[ SPX refuses authentication because %.*s ]\r\n",
				cnt, data);
		} else
			printf("[ SPX refuses authentication ]\r\n");
		auth_send_retry();
		return;
	case SPX_ACCEPT:
		printf("[ SPX accepts you ]\n");
		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
			/*
			 * Send over the encrypted challenge.
		 	 */
		  input_token.value = (char *) data;
		  input_token.length = cnt;

		  major_status = gss_init_sec_context(&status, /* minor stat */
                                        GSS_C_NO_CREDENTIAL, /* cred handle */
                                        &actual_ctxhandle,   /* ctx handle */
                                        desired_targname,    /* target name */
                                        GSS_C_NULL_OID,      /* mech type */
                                        req_flags,           /* req flags */
                                        0,                   /* time req */
                                        input_chan_bindings, /* chan binding */
                                        &input_token,        /* input token */
                                        &actual_mech_type,   /* actual mech */
                                        &output_token,       /* output token */
                                        &ret_flags,          /* ret flags */
                                        &lifetime_rec);      /* time rec */

		  if (major_status != GSS_S_COMPLETE) {
		    gss_display_status(&new_status,
				       status,
				       GSS_C_MECH_CODE,
				       GSS_C_NULL_OID,
				       &msg_ctx,
				       &status_string);
		    printf("[ SPX mutual response fails ... '%s' ]\r\n",
			 status_string.value);
		    auth_send_retry();
		    return;
		  }
		}
		auth_finished(ap, AUTH_USER);
		return;

	default:
		return;
	}
}

	int
spx_status(ap, name, level)
	Authenticator *ap;
	char *name;
	int level;
{

	gss_buffer_desc  fullname_buffer, acl_file_buffer;
	gss_OID          fullname_type;
        char acl_file[160], fullname[160];
        int major_status, status = 0;
	struct passwd  *pwd;

        /*
         * hard code fullname to
         *   "SPX:/C=US/O=Digital/OU=LKG/OU=Sphinx/OU=Users/CN=Kannan Alagappan"
         * and acl_file to "~kannan/.sphinx"
         */

	pwd = getpwnam(UserNameRequested);
	if (pwd == NULL) {
          return(AUTH_USER);   /*  not authenticated  */
        }

	strcpy(acl_file, pwd->pw_dir);
	strcat(acl_file, "/.sphinx");
        acl_file_buffer.value = acl_file;
        acl_file_buffer.length = strlen(acl_file);

	major_status = gss_display_name(&status,
					src_name,
					&fullname_buffer,
					&fullname_type);

	if (level < AUTH_USER)
		return(level);

        major_status = gss__check_acl(&status, &fullname_buffer,
                                      &acl_file_buffer);

        if (major_status == GSS_S_COMPLETE) {
	  strcpy(name, UserNameRequested);
	  return(AUTH_VALID);
        } else {
           return(AUTH_USER);
        }

}

#define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
#define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}

	void
spx_printsub(data, cnt, buf, buflen)
	unsigned char *data, *buf;
	int cnt, buflen;
{
	char lbuf[32];
	register int i;

	buf[buflen-1] = '\0';		/* make sure its NULL terminated */
	buflen -= 1;

	switch(data[3]) {
	case SPX_REJECT:		/* Rejected (reason might follow) */
		strncpy((char *)buf, " REJECT ", buflen);
		goto common;

	case SPX_ACCEPT:		/* Accepted (name might follow) */
		strncpy((char *)buf, " ACCEPT ", buflen);
	common:
		BUMP(buf, buflen);
		if (cnt <= 4)
			break;
		ADDC(buf, buflen, '"');
		for (i = 4; i < cnt; i++)
			ADDC(buf, buflen, data[i]);
		ADDC(buf, buflen, '"');
		ADDC(buf, buflen, '\0');
		break;

	case SPX_AUTH:			/* Authentication data follows */
		strncpy((char *)buf, " AUTH", buflen);
		goto common2;

	default:
		sprintf(lbuf, " %d (unknown)", data[3]);
		strncpy((char *)buf, lbuf, buflen);
	common2:
		BUMP(buf, buflen);
		for (i = 4; i < cnt; i++) {
			sprintf(lbuf, " %d", data[i]);
			strncpy((char *)buf, lbuf, buflen);
			BUMP(buf, buflen);
		}
		break;
	}
}

#endif

#ifdef notdef

prkey(msg, key)
	char *msg;
	unsigned char *key;
{
	register int i;
	printf("%s:", msg);
	for (i = 0; i < 8; i++)
		printf(" %3d", key[i]);
	printf("\r\n");
}
#endif