authsrv: more aes key stuff
This commit is contained in:
parent
63b18e7925
commit
c3487a4b49
3 changed files with 50 additions and 14 deletions
|
@ -41,6 +41,7 @@ void error(char*, ...);
|
|||
void fail(char*);
|
||||
int findkey(char*, char*, Authkey*);
|
||||
char* finddeskey(char*, char*, char*);
|
||||
uchar* findaeskey(char*, char*, uchar*);
|
||||
char* findsecret(char*, char*, char*);
|
||||
int getauthkey(Authkey*);
|
||||
long getexpiration(char *db, char *u);
|
||||
|
@ -61,6 +62,7 @@ long readn(int, void*, long);
|
|||
char* secureidcheck(char*, char*);
|
||||
int setkey(char*, char*, Authkey*);
|
||||
char* setdeskey(char*, char*, char*);
|
||||
uchar* setaeskey(char*, char*, uchar*);
|
||||
char* setsecret(char*, char*, char*);
|
||||
int smartcheck(void*, long, char*);
|
||||
void succeed(char*);
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
int debug;
|
||||
Ndb *db;
|
||||
char raddr[128];
|
||||
uchar zeros[16];
|
||||
|
||||
/* Microsoft auth constants */
|
||||
enum {
|
||||
|
@ -31,7 +32,6 @@ int speaksfor(char*, char*);
|
|||
void replyerror(char*, ...);
|
||||
void getraddr(char*);
|
||||
void mkkey(Authkey*);
|
||||
int samekey(Authkey*, Authkey*);
|
||||
void mkticket(Ticketreq*, Ticket*);
|
||||
void randombytes(uchar*, int);
|
||||
void nthash(uchar hash[MShashlen], char *passwd);
|
||||
|
@ -254,10 +254,14 @@ changepasswd(Ticketreq *tr)
|
|||
exits(0);
|
||||
}
|
||||
passtokey(&nkey, pr.old);
|
||||
if(!samekey(&nkey, &okey)){
|
||||
if(memcmp(nkey.des, okey.des, DESKEYLEN) != 0){
|
||||
replyerror("protocol botch2: %s", raddr);
|
||||
continue;
|
||||
}
|
||||
if(memcmp(okey.aes, zeros, AESKEYLEN) != 0 && memcmp(okey.aes, nkey.aes, AESKEYLEN) != 0){
|
||||
replyerror("protocol botch3: %s", raddr);
|
||||
continue;
|
||||
}
|
||||
if(*pr.new){
|
||||
err = okpasswd(pr.new);
|
||||
if(err){
|
||||
|
@ -1000,12 +1004,6 @@ mkkey(Authkey *k)
|
|||
randombytes((uchar*)k->des, DESKEYLEN);
|
||||
}
|
||||
|
||||
int
|
||||
samekey(Authkey *a, Authkey *b)
|
||||
{
|
||||
return memcmp(a->des, b->des, DESKEYLEN) == 0;
|
||||
}
|
||||
|
||||
void
|
||||
mkticket(Ticketreq *tr, Ticket *t)
|
||||
{
|
||||
|
|
|
@ -41,7 +41,21 @@ finddeskey(char *db, char *user, char *key)
|
|||
snprint(filename, sizeof filename, "%s/%s/key", db, user);
|
||||
n = readfile(filename, key, DESKEYLEN);
|
||||
if(n != DESKEYLEN)
|
||||
return 0;
|
||||
return nil;
|
||||
else
|
||||
return key;
|
||||
}
|
||||
|
||||
uchar*
|
||||
findaeskey(char *db, char *user, uchar *key)
|
||||
{
|
||||
int n;
|
||||
char filename[Maxpath];
|
||||
|
||||
snprint(filename, sizeof filename, "%s/%s/aeskey", db, user);
|
||||
n = readfile(filename, (char*)key, AESKEYLEN);
|
||||
if(n != AESKEYLEN)
|
||||
return nil;
|
||||
else
|
||||
return key;
|
||||
}
|
||||
|
@ -49,8 +63,12 @@ finddeskey(char *db, char *user, char *key)
|
|||
int
|
||||
findkey(char *db, char *user, Authkey *key)
|
||||
{
|
||||
int ret;
|
||||
|
||||
memset(key, 0, sizeof(Authkey));
|
||||
return finddeskey(db, user, key->des) != nil;
|
||||
ret = finddeskey(db, user, key->des) != nil;
|
||||
ret |= findaeskey(db, user, key->aes) != nil;
|
||||
return ret;
|
||||
}
|
||||
|
||||
char*
|
||||
|
@ -63,7 +81,7 @@ findsecret(char *db, char *user, char *secret)
|
|||
n = readfile(filename, secret, SECRETLEN-1);
|
||||
secret[n]=0;
|
||||
if(n <= 0)
|
||||
return 0;
|
||||
return nil;
|
||||
else
|
||||
return secret;
|
||||
}
|
||||
|
@ -77,7 +95,21 @@ setdeskey(char *db, char *user, char *key)
|
|||
snprint(filename, sizeof filename, "%s/%s/key", db, user);
|
||||
n = writefile(filename, key, DESKEYLEN);
|
||||
if(n != DESKEYLEN)
|
||||
return 0;
|
||||
return nil;
|
||||
else
|
||||
return key;
|
||||
}
|
||||
|
||||
uchar*
|
||||
setaeskey(char *db, char *user, uchar *key)
|
||||
{
|
||||
int n;
|
||||
char filename[Maxpath];
|
||||
|
||||
snprint(filename, sizeof filename, "%s/%s/aeskey", db, user);
|
||||
n = writefile(filename, (char*)key, AESKEYLEN);
|
||||
if(n != AESKEYLEN)
|
||||
return nil;
|
||||
else
|
||||
return key;
|
||||
}
|
||||
|
@ -85,7 +117,11 @@ setdeskey(char *db, char *user, char *key)
|
|||
int
|
||||
setkey(char *db, char *user, Authkey *key)
|
||||
{
|
||||
return setdeskey(db, user, key->des) != nil;
|
||||
int ret;
|
||||
|
||||
ret = setdeskey(db, user, key->des) != nil;
|
||||
ret |= setaeskey(db, user, key->aes) != nil;
|
||||
return ret;
|
||||
}
|
||||
|
||||
char*
|
||||
|
@ -97,7 +133,7 @@ setsecret(char *db, char *user, char *secret)
|
|||
snprint(filename, sizeof filename, "%s/%s/secret", db, user);
|
||||
n = writefile(filename, secret, strlen(secret));
|
||||
if(n != strlen(secret))
|
||||
return 0;
|
||||
return nil;
|
||||
else
|
||||
return secret;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue