extern int rxkad_EpochWasSet; /* TRUE => we called rx_SetEpoch */
+/* An alternate decryption function for rxkad. Using the given kvno and
+ * enctype, decrypt the input data + length to output data + length. */
+typedef int (*rxkad_alt_decrypt_func)(int, int, void *, size_t, void *,
+ size_t *);
+
#include <rx/rxkad_prototypes.h>
#endif /* OPENAFS_RXKAD_RXKAD_H */
struct rx_connection *aconn,
rx_securityConfigVariables atype,
void * avalue, void **aresult);
+extern int rxkad_SetAltDecryptProc(struct rx_securityClass *aobj,
+ rxkad_alt_decrypt_func alt_decrypt);
/* ticket.c */
extern int tkt_DecodeTicket(char *asecret, afs_int32 ticketLen,
char *get_key_rock, int serv_kvno, char *name,
char *inst, char *cell, struct ktc_encryptionKey *session_key,
afs_int32 * host, afs_uint32 * start,
- afs_uint32 * end, afs_int32 disableDotCheck);
+ afs_uint32 * end, afs_int32 disableDotCheck,
+ rxkad_alt_decrypt_func alt_decrypt);
#if !defined(NO_DES_H_INCLUDE)
static_inline unsigned char *
tkt_DecodeTicket5(tix, tlen, tsp->get_key, tsp->get_key_rock,
kvno, client.name, client.instance, client.cell,
&sessionkey, &host, &start, &end,
- tsp->flags & RXS_CONFIG_FLAGS_DISABLE_DOTCHECK);
+ tsp->flags & RXS_CONFIG_FLAGS_DISABLE_DOTCHECK,
+ tsp->alt_decrypt);
if (code)
return code;
}
}
return 0;
}
+
+int rxkad_SetAltDecryptProc(struct rx_securityClass *aobj,
+ rxkad_alt_decrypt_func alt_decrypt)
+{
+ struct rxkad_sprivate *private =
+ (struct rxkad_sprivate *)aobj->privateData;
+
+ private->alt_decrypt = alt_decrypt;
+ return 0;
+}
int (*get_key) (void *, int, struct ktc_encryptionKey *),
char *get_key_rock, int serv_kvno, char *name, char *inst,
char *cell, struct ktc_encryptionKey *session_key, afs_int32 * host,
- afs_uint32 * start, afs_uint32 * end, afs_int32 disableCheckdot)
+ afs_uint32 * start, afs_uint32 * end, afs_int32 disableCheckdot,
+ rxkad_alt_decrypt_func alt_decrypt)
{
char plain[MAXKRB5TICKETLEN];
struct ktc_encryptionKey serv_key;
v5_serv_kvno = *t5.enc_part.kvno;
}
- /* Check that the key type really fit into 8 bytes */
+ /* check ticket */
+ if (t5.enc_part.cipher.length > sizeof(plain))
+ goto bad_ticket;
switch (t5.enc_part.etype) {
case ETYPE_DES_CBC_CRC:
case ETYPE_DES_CBC_MD4:
case ETYPE_DES_CBC_MD5:
+ /* Check that the key type really fit into 8 bytes */
+ if (t5.enc_part.cipher.length % 8 != 0)
+ goto bad_ticket;
+
+ code = (*get_key) (get_key_rock, v5_serv_kvno, &serv_key);
+ if (code)
+ goto unknown_key;
+
+ /* Decrypt data here, save in plain, assume it will shrink */
+ code =
+ krb5_des_decrypt(&serv_key, t5.enc_part.etype,
+ t5.enc_part.cipher.data,
+ t5.enc_part.cipher.length, plain, &plainsiz);
+ if (code != 0)
+ goto bad_ticket;
break;
default:
- goto unknown_key;
+ if (alt_decrypt != NULL) {
+ plainsiz = sizeof(plain);
+ code = alt_decrypt(v5_serv_kvno, t5.enc_part.etype,
+ t5.enc_part.cipher.data,
+ t5.enc_part.cipher.length, plain, &plainsiz);
+ if (code != 0)
+ goto cleanup;
+ } else
+ goto unknown_key;
}
- /* check ticket */
- if (t5.enc_part.cipher.length > sizeof(plain)
- || t5.enc_part.cipher.length % 8 != 0)
- goto bad_ticket;
-
- code = (*get_key) (get_key_rock, v5_serv_kvno, &serv_key);
- if (code)
- goto unknown_key;
-
- /* Decrypt data here, save in plain, assume it will shrink */
- code =
- krb5_des_decrypt(&serv_key, t5.enc_part.etype,
- t5.enc_part.cipher.data, t5.enc_part.cipher.length,
- plain, &plainsiz);
- if (code != 0)
- goto bad_ticket;
-
/* Decode ticket */
code = decode_EncTicketPart((unsigned char *)plain, plainsiz, &decr_part, &siz);
if (code != 0)
projects / packages / o / openafs.git / commitdiff