[1212] in Kerberos-V5-bugs
krb5b4pl3: add support for non-encrypting kprop/kpropd
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Sun Mar 19 21:22:15 1995
From: "Jonathan I. Kamens" <jik@cam.ov.com>
Date: Sun, 19 Mar 1995 21:25:25 -0500
To: krb5-bugs@MIT.EDU
The patch below adds support for compiling versions of kprop and
kpropd which use SAFE rather than PRIV messages to transmit the
Kerberos database. This is a minimal security threat, since the keys
in the database are encrypted in the master key anyway. Furthermore,
this is necessary in order to be able to build a Kerberos product that
can be exported (the version of kprop/kpropd that uses PRIV messages
can be used to transmit arbitrary files across the network encrypted,
which is a no-no in exportable software).
This patch also fixes a minor bug -- calls to krb5_mk/rd_safe in kprop
and kpropd were using the PRIV symbols when they should have been
using the SAFE symbols.
--- slave/Makefile.in 1995/03/13 00:45:37 1.1
+++ slave/Makefile.in 1995/03/13 00:49:29 1.2
@@ -45,3 +45,31 @@
clean::
$(RM) kprop kpropd
+NX_CLIENTOBJS= kprop_nx.o
+NX_SERVEROBJS= kpropd_nx.o
+
+all:: kprop_nx kpropd_nx
+
+kprop_nx: $(NX_CLIENTOBJS) $(DEPLIBS)
+ $(CC) $(CFLAGS) -o kprop_nx $(NX_CLIENTOBJS) $(LOCAL_LIBRARIES) $(LIBS)
+
+kprop_nx.o: kprop.c
+ $(CC) -o kprop_nx.o -c $(CFLAGS) -DNX $<
+
+install::
+ $(INSTALL_PROGRAM) kprop_nx ${DESTDIR}$(SERVER_BINDIR)/kprop_nx
+
+kpropd_nx: $(NX_SERVEROBJS) $(DEPLIBS)
+ $(CC) $(CFLAGS) -o kpropd_nx $(NX_SERVEROBJS) $(LOCAL_LIBRARIES) $(LIBS)
+
+kpropd_nx.o: kpropd.c
+ $(CC) -o kpropd_nx.o -c $(CFLAGS) -DNX $<
+
+install::
+ $(INSTALL_PROGRAM) kpropd_nx ${DESTDIR}$(SERVER_BINDIR)/kpropd_nx
+
+clean::
+ $(RM) $(NX_CLIENTOBJS) $(NX_SERVEROBJS)
+
+clean::
+ $(RM) kprop_nx kpropd_nx
--- slave/kprop.c 1995/03/13 20:54:41 1.4
+++ slave/kprop.c 1995/03/13 21:08:02 1.5
@@ -55,7 +55,11 @@
#include "kprop.h"
+#ifdef NX
+static char *kprop_version = KPROP_PROT_VERSION_NX;
+#else
static char *kprop_version = KPROP_PROT_VERSION;
+#endif
char *progname = 0;
int debug = 0;
@@ -457,7 +461,11 @@
/*
* Now we send over the database. We use the following protocol:
* Send over a KRB_SAFE message with the size. Then we send over the
+#ifdef NX
+ * database in blocks of KPROP_BLKSIZE, protected using KRB_SAFE.
+#else
* database in blocks of KPROP_BLKSIZE, encrypted using KRB_PRIV.
+#endif
* Then we expect to see a KRB_SAFE message with the size sent back.
*
* At any point in the protocol, we may send a KRB_ERROR message; this
@@ -486,7 +494,7 @@
&my_creds.keyblock,
&sender_addr, &receiver_addr,
my_seq_num++,
- KRB5_PRIV_DOSEQUENCE|KRB5_SAFE_NOTIME,
+ KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME,
0, /* no rcache when NOTIME */
&outbuf)) {
com_err(progname, retval, "while encoding database size");
@@ -518,15 +526,28 @@
sent_size = 0;
while (n = read(database_fd, buf, sizeof(buf))) {
inbuf.length = n;
- if (retval = krb5_mk_priv(&inbuf, ETYPE_DES_CBC_CRC,
- &my_creds.keyblock,
- &sender_addr,
- &receiver_addr,
- my_seq_num++,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
- 0, /* again, no rcache */
- i_vector,
- &outbuf)) {
+ if (retval =
+#ifdef NX
+ krb5_mk_safe(&inbuf, KPROP_CKSUMTYPE,
+ &my_creds.keyblock,
+ &sender_addr,
+ &receiver_addr,
+ my_seq_num++,
+ KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME,
+ 0, /* again, no rcache */
+ &outbuf)
+#else
+ krb5_mk_priv(&inbuf, ETYPE_DES_CBC_CRC,
+ &my_creds.keyblock,
+ &sender_addr,
+ &receiver_addr,
+ my_seq_num++,
+ KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
+ 0, /* again, no rcache */
+ i_vector,
+ &outbuf)
+#endif
+ ) {
sprintf(buf,
"while encoding database block starting at %d",
sent_size);
--- slave/kprop.h 1995/03/13 21:09:41 1.2
+++ slave/kprop.h 1995/03/13 21:10:26 1.3
@@ -34,6 +34,7 @@
#define KPROPD_ACL_FILE "/krb5/kpropd.acl"
#define KPROP_PROT_VERSION "kprop5_01"
+#define KPROP_PROT_VERSION_NX "kprop5_01nx"
#define KPROP_BUFSIZ 32768
--- slave/kpropd.c 1995/03/13 21:57:40 1.10
+++ slave/kpropd.c 1995/03/13 22:00:52 1.11
@@ -64,7 +64,11 @@
#define SYSLOG_CLASS LOG_DAEMON
-static char *kprop_version = KPROP_PROT_VERSION;
+#ifdef NX
+static char *kprop_version = KPROP_PROT_VERSION_NX;
+#else
+static char *kprop_version = KPROP_PROT_VERSION_NX;
+#endif
char *progname;
int debug = 0;
@@ -623,11 +627,21 @@
}
if (krb5_is_krb_error(&inbuf))
recv_error(&inbuf);
- if (retval = krb5_rd_priv(&inbuf, session_key,
- &sender_addr, &receiver_addr,
- his_seq_num++,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
- i_vector, 0, &outbuf)) {
+ if (retval =
+#ifdef NX
+ krb5_rd_safe(&inbuf, session_key,
+ &sender_addr, &receiver_addr,
+ his_seq_num++,
+ KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME,
+ 0, &outbuf)
+#else
+ krb5_rd_priv(&inbuf, session_key,
+ &sender_addr, &receiver_addr,
+ his_seq_num++,
+ KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
+ i_vector, 0, &outbuf)
+#endif
+ ) {
sprintf(buf,
"while decoding database block starting at offset %d",
received_size);
@@ -689,7 +703,7 @@
/* we are sending, not receiving! */
&receiver_addr, &sender_addr,
my_seq_num++,
- KRB5_PRIV_DOSEQUENCE|KRB5_PRIV_NOTIME,
+ KRB5_SAFE_DOSEQUENCE|KRB5_SAFE_NOTIME,
0, /* no rcache when NOTIME */
&outbuf)) {
com_err(progname, retval,
