authsrv: get rid of needreply parameter by changing vnc protocol handler
This commit is contained in:
parent
9f2c7606ab
commit
27485e62d1
|
@ -167,7 +167,7 @@ pak(Ticketreq *tr)
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
getkey(char *u, Keyslot *k, int canreply)
|
getkey(char *u, Keyslot *k)
|
||||||
{
|
{
|
||||||
/* empty user id is an error */
|
/* empty user id is an error */
|
||||||
if(*u == 0)
|
if(*u == 0)
|
||||||
|
@ -182,7 +182,7 @@ getkey(char *u, Keyslot *k, int canreply)
|
||||||
|
|
||||||
if(ticketform != 0){
|
if(ticketform != 0){
|
||||||
syslog(0, AUTHLOG, "need DES key for %s, but DES is disabled", u);
|
syslog(0, AUTHLOG, "need DES key for %s, but DES is disabled", u);
|
||||||
if(canreply) replyerror("DES is disabled");
|
replyerror("DES is disabled");
|
||||||
exits(0);
|
exits(0);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -198,12 +198,12 @@ ticketrequest(Ticketreq *tr)
|
||||||
|
|
||||||
if(tr->uid[0] == 0)
|
if(tr->uid[0] == 0)
|
||||||
exits(0);
|
exits(0);
|
||||||
if(!getkey(tr->authid, &akey, 1)){
|
if(!getkey(tr->authid, &akey)){
|
||||||
/* make one up so caller doesn't know it was wrong */
|
/* make one up so caller doesn't know it was wrong */
|
||||||
mkkey(&akey);
|
mkkey(&akey);
|
||||||
syslog(0, AUTHLOG, "tr-fail authid %s", tr->authid);
|
syslog(0, AUTHLOG, "tr-fail authid %s", tr->authid);
|
||||||
}
|
}
|
||||||
if(!getkey(tr->hostid, &hkey, 1)){
|
if(!getkey(tr->hostid, &hkey)){
|
||||||
/* make one up so caller doesn't know it was wrong */
|
/* make one up so caller doesn't know it was wrong */
|
||||||
mkkey(&hkey);
|
mkkey(&hkey);
|
||||||
syslog(0, AUTHLOG, "tr-fail hostid %s(%s)", tr->hostid, raddr);
|
syslog(0, AUTHLOG, "tr-fail hostid %s(%s)", tr->hostid, raddr);
|
||||||
|
@ -245,7 +245,7 @@ challengebox(Ticketreq *tr)
|
||||||
syslog(0, AUTHLOG, "cr-fail uid %s@%s", tr->uid, raddr);
|
syslog(0, AUTHLOG, "cr-fail uid %s@%s", tr->uid, raddr);
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!getkey(tr->hostid, &hkey, 1)){
|
if(!getkey(tr->hostid, &hkey)){
|
||||||
/* make one up so caller doesn't know it was wrong */
|
/* make one up so caller doesn't know it was wrong */
|
||||||
mkkey(&hkey);
|
mkkey(&hkey);
|
||||||
syslog(0, AUTHLOG, "cr-fail hostid %s %s@%s", tr->hostid, tr->uid, raddr);
|
syslog(0, AUTHLOG, "cr-fail hostid %s %s@%s", tr->hostid, tr->uid, raddr);
|
||||||
|
@ -288,7 +288,7 @@ changepasswd(Ticketreq *tr)
|
||||||
Ticket t;
|
Ticket t;
|
||||||
int n, m;
|
int n, m;
|
||||||
|
|
||||||
if(!getkey(tr->uid, &ukey, 1)){
|
if(!getkey(tr->uid, &ukey)){
|
||||||
/* make one up so caller doesn't know it was wrong */
|
/* make one up so caller doesn't know it was wrong */
|
||||||
mkkey(&ukey);
|
mkkey(&ukey);
|
||||||
syslog(0, AUTHLOG, "cp-fail uid %s@%s", tr->uid, raddr);
|
syslog(0, AUTHLOG, "cp-fail uid %s@%s", tr->uid, raddr);
|
||||||
|
@ -441,7 +441,7 @@ apop(Ticketreq *tr, int type)
|
||||||
* lookup
|
* lookup
|
||||||
*/
|
*/
|
||||||
secret = findsecret(KEYDB, tr->uid, sbuf);
|
secret = findsecret(KEYDB, tr->uid, sbuf);
|
||||||
if(!getkey(tr->hostid, &hkey, 1) || secret == nil){
|
if(!getkey(tr->hostid, &hkey) || secret == nil){
|
||||||
replyerror("apop-fail bad response %s", raddr);
|
replyerror("apop-fail bad response %s", raddr);
|
||||||
logfail(tr->uid);
|
logfail(tr->uid);
|
||||||
if(tries > 5)
|
if(tries > 5)
|
||||||
|
@ -529,12 +529,18 @@ vnc(Ticketreq *tr)
|
||||||
if(write(1, chal, sizeof(chal)) != sizeof(chal))
|
if(write(1, chal, sizeof(chal)) != sizeof(chal))
|
||||||
exits(0);
|
exits(0);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* get response
|
||||||
|
*/
|
||||||
|
if(readn(0, reply, sizeof(reply)) != sizeof(reply))
|
||||||
|
exits(0);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* lookup keys (and swizzle bits)
|
* lookup keys (and swizzle bits)
|
||||||
*/
|
*/
|
||||||
memset(sbuf, 0, sizeof(sbuf));
|
memset(sbuf, 0, sizeof(sbuf));
|
||||||
secret = findsecret(KEYDB, tr->uid, sbuf);
|
secret = findsecret(KEYDB, tr->uid, sbuf);
|
||||||
if(!getkey(tr->hostid, &hkey, 0) || secret == nil){
|
if(!getkey(tr->hostid, &hkey) || secret == nil){
|
||||||
mkkey(&hkey);
|
mkkey(&hkey);
|
||||||
genrandom((uchar*)sbuf, sizeof(sbuf));
|
genrandom((uchar*)sbuf, sizeof(sbuf));
|
||||||
secret = sbuf;
|
secret = sbuf;
|
||||||
|
@ -542,12 +548,6 @@ vnc(Ticketreq *tr)
|
||||||
for(i = 0; i < 8; i++)
|
for(i = 0; i < 8; i++)
|
||||||
secret[i] = swizzletab[(uchar)secret[i]];
|
secret[i] = swizzletab[(uchar)secret[i]];
|
||||||
|
|
||||||
/*
|
|
||||||
* get response
|
|
||||||
*/
|
|
||||||
if(readn(0, reply, sizeof(reply)) != sizeof(reply))
|
|
||||||
exits(0);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* decrypt response and compare
|
* decrypt response and compare
|
||||||
*/
|
*/
|
||||||
|
@ -598,7 +598,7 @@ chap(Ticketreq *tr)
|
||||||
* lookup
|
* lookup
|
||||||
*/
|
*/
|
||||||
secret = findsecret(KEYDB, tr->uid, sbuf);
|
secret = findsecret(KEYDB, tr->uid, sbuf);
|
||||||
if(!getkey(tr->hostid, &hkey, 1) || secret == nil){
|
if(!getkey(tr->hostid, &hkey) || secret == nil){
|
||||||
replyerror("chap-fail bad response %s", raddr);
|
replyerror("chap-fail bad response %s", raddr);
|
||||||
logfail(tr->uid);
|
logfail(tr->uid);
|
||||||
return;
|
return;
|
||||||
|
@ -748,7 +748,7 @@ mschap(Ticketreq *tr)
|
||||||
* lookup
|
* lookup
|
||||||
*/
|
*/
|
||||||
secret = findsecret(KEYDB, tr->uid, sbuf);
|
secret = findsecret(KEYDB, tr->uid, sbuf);
|
||||||
if(!getkey(tr->hostid, &hkey, 1) || secret == nil){
|
if(!getkey(tr->hostid, &hkey) || secret == nil){
|
||||||
replyerror("mschap-fail bad response %s/%s(%s)", tr->uid, tr->hostid, raddr);
|
replyerror("mschap-fail bad response %s/%s(%s)", tr->uid, tr->hostid, raddr);
|
||||||
logfail(tr->uid);
|
logfail(tr->uid);
|
||||||
return;
|
return;
|
||||||
|
|
Loading…
Reference in a new issue