From c3c8a3e2f912855addc2c430f909bdce912e3670 Mon Sep 17 00:00:00 2001 From: Marc Dionne Date: Mon, 27 Jul 2009 14:24:15 -0400 Subject: [PATCH] kauth warning reduction Warning removal for various functions that manipulates keys and use several data types interchangeably. Inline helpers are introduced to convert between the types and are used when making function calls to target the appropriate type: des_prototypes.h cblockptr_to_cblock: des_cblock * to des_cblock charptr_to_cblock: char * to des_cblock charptr_to_cblockptr: char * to des_cblock * rxkad_prototypes.h ktc_to_cblock: struct ktc_encryptionKey * to des_cblock ktc_to_cblockptr: struct ktc_encryptionKey * to des_cblock * kauth_internal.h EncryptionKey_to_cblock: EncryptionKey * to des_cblock EncryptionKey_to_ktc: EncryptionKey * to struct ktc_encryptionKey * ktc_to_EncryptionKey: struct ktc_encryptionKey * to EncryptionKey * - parameters are adjusted for tkt_DecodeTicket(5), replacing the char * key with struct ktc_encryptionKey, to match usage - the get_key function is changed to have a void * parameter, to match usage - rxkad_prototypes.h includes des.h to get the des_cblock definition. This causes conflicts for a few files where the kerberos headers are also included - aklog/aklog_main.c and WINNT/afsd/afskfw.c Use NO_DES_H_INCLUDE in thoses cases to skip the new parts of rxkad_prototypes.h Reviewed-on: http://gerrit.openafs.org/234 Tested-by: Jeffrey Altman Reviewed-by: Jeffrey Altman --- Makefile.in | 2 +- src/WINNT/afsd/afskfw.c | 3 +++ src/aklog/aklog_main.c | 4 +++ src/auth/authcon.c | 6 ++--- src/bozo/bos_util.c | 3 ++- src/des/des_prototypes.h | 15 +++++++++++ src/des/strng_to_key.c | 8 +++--- src/kauth/admin_tools.c | 5 ++-- src/kauth/authclient.c | 17 +++++++----- src/kauth/client.c | 14 +++++----- src/kauth/kaprocs.c | 62 ++++++++++++++++++++++---------------------- src/kauth/kauth_internal.h | 15 +++++++++++ src/kauth/kautils.c | 4 +-- src/kauth/kpasswd.c | 8 +++--- src/kauth/krb_udp.c | 15 +++++------ src/kauth/read_passwd.c | 3 ++- src/kauth/rebuild.c | 5 ++-- src/kauth/user.c | 10 +++---- src/rxkad/rxkad_prototypes.h | 24 ++++++++++++++--- src/rxkad/ticket.c | 19 ++++++++------ src/rxkad/ticket5.c | 14 ++++++---- 21 files changed, 162 insertions(+), 94 deletions(-) diff --git a/Makefile.in b/Makefile.in index 6f3da12..c811ce2 100644 --- a/Makefile.in +++ b/Makefile.in @@ -122,7 +122,7 @@ config: prelude procmgmt: config +${COMPILE_PART1} procmgmt ${COMPILE_PART2} -util: procmgmt des lwp_depinstall +util: procmgmt lwp_depinstall +${COMPILE_PART1} util ${COMPILE_PART2} audit: util rx rxkad diff --git a/src/WINNT/afsd/afskfw.c b/src/WINNT/afsd/afskfw.c index 1836b4a..052afea 100644 --- a/src/WINNT/afsd/afskfw.c +++ b/src/WINNT/afsd/afskfw.c @@ -63,6 +63,9 @@ #define USE_MS2MIT 1 #define USE_LEASH 1 +/* Prevent inclusion of des.h to avoid conflicts with des types */ +#define NO_DES_H_INCLUDE + #include "afskfw-int.h" #include "afskfw.h" #include diff --git a/src/aklog/aklog_main.c b/src/aklog/aklog_main.c index 7fe2cb2..cdf6d77 100644 --- a/src/aklog/aklog_main.c +++ b/src/aklog/aklog_main.c @@ -73,6 +73,10 @@ #ifdef AFS_SUN5_ENV #include #endif + +/* Prevent inclusion of des.h to avoid conflicts with des types */ +#define NO_DES_H_INCLUDE + #include #include #include diff --git a/src/auth/authcon.c b/src/auth/authcon.c index 61c578d..548b153 100644 --- a/src/auth/authcon.c +++ b/src/auth/authcon.c @@ -20,8 +20,6 @@ #include "afsincludes.h" #include "afs/stds.h" #include "afs/pthread_glock.h" -#include "des/des.h" -#include "des/des_prototypes.h" #include "rx/rxkad.h" #include "rx/rx.h" #include "afs/cellconfig.h" @@ -107,8 +105,8 @@ GenericAuth(struct afsconf_dir *adir, } /* next create random session key, using key for seed to good random */ - des_init_random_number_generator(&key); - code = des_random_key(&session); + des_init_random_number_generator(ktc_to_cblock(&key)); + code = des_random_key(ktc_to_cblock(&session)); if (code) { return QuickAuth(astr, aindex); } diff --git a/src/bozo/bos_util.c b/src/bozo/bos_util.c index ef08b5e..5cfb674 100644 --- a/src/bozo/bos_util.c +++ b/src/bozo/bos_util.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include @@ -123,7 +124,7 @@ main(int argc, char **argv) printf("\nInput key mismatch\n"); exit(1); } - des_string_to_key(buf, &tkey); + des_string_to_key(buf, ktc_to_cblockptr(&tkey)); code = afsconf_AddKey(tdir, kvno, &tkey, 0); if (code) { printf("bos_util: failed to set key, code %d.\n", code); diff --git a/src/des/des_prototypes.h b/src/des/des_prototypes.h index 11322ef..6c2baf6 100644 --- a/src/des/des_prototypes.h +++ b/src/des/des_prototypes.h @@ -17,6 +17,21 @@ extern void test_set(FILE * stream, const char *src, int testbit, #endif extern int des_debug; +static_inline unsigned char * +cblockptr_to_cblock(des_cblock *key) { + return (unsigned char *)key; +} + +static_inline unsigned char * +charptr_to_cblock(char *key) { + return (unsigned char *)key; +} + +static_inline des_cblock * +charptr_to_cblockptr(char *key) { + return (unsigned char (*)[])key; +} + /* cbc_encrypt.c */ extern afs_int32 des_cbc_encrypt(void * in, void * out, register afs_int32 length, diff --git a/src/des/strng_to_key.c b/src/des/strng_to_key.c index 1d9c5b2..61fdf60 100644 --- a/src/des/strng_to_key.c +++ b/src/des/strng_to_key.c @@ -105,16 +105,16 @@ des_string_to_key(char *str, register des_cblock * key) } /* fix key parity */ - des_fixup_key_parity(key); + des_fixup_key_parity(cblockptr_to_cblock(key)); /* Now one-way encrypt it with the folded key */ - (void)des_key_sched(key, key_sked); - (void)des_cbc_cksum((des_cblock *) in_str, key, length, key_sked, key); + des_key_sched(cblockptr_to_cblock(key), key_sked); + des_cbc_cksum(charptr_to_cblockptr(in_str), key, length, key_sked, key); /* erase key_sked */ memset((char *)key_sked, 0, sizeof(key_sked)); /* now fix up key parity again */ - des_fixup_key_parity(key); + des_fixup_key_parity(cblockptr_to_cblock(key)); if (des_debug) fprintf(stdout, "\nResulting string_to_key = 0x%x 0x%x\n", diff --git a/src/kauth/admin_tools.c b/src/kauth/admin_tools.c index ccf9483..982c128 100644 --- a/src/kauth/admin_tools.c +++ b/src/kauth/admin_tools.c @@ -27,6 +27,7 @@ #include #include +#include #include #define UBIK_LEGACY_CALLITER 1 #include @@ -763,7 +764,7 @@ StringToKey(struct cmd_syndesc *as, void *arock) ka_PrintBytes((char *)&key, sizeof(key)); printf("'.\n"); - des_string_to_key(as->parms[0].items->data, &key); + des_string_to_key(as->parms[0].items->data, ktc_to_cblockptr(&key)); printf("Converting %s with the DES string to key yields key='", as->parms[0].items->data); @@ -1425,7 +1426,7 @@ MyBeforeProc(struct cmd_syndesc *as, void *arock) ka_GetAdminToken(name, instance, cell, &key, KA_SIXHOURS, &token, 0 /* !new */ ); if (code == KABADREQUEST) { - des_string_to_key(passwd, &key); + des_string_to_key(passwd, ktc_to_cblockptr(&key)); code = ka_GetAdminToken(name, instance, cell, &key, KA_SIXHOURS, &token, 0 /* !new */ ); diff --git a/src/kauth/authclient.c b/src/kauth/authclient.c index ef81d33..4feba28 100644 --- a/src/kauth/authclient.c +++ b/src/kauth/authclient.c @@ -25,11 +25,12 @@ #include "afs_usrops.h" #include "afs/stds.h" #include "afs/pthread_glock.h" +#include "des.h" +#include "des_prototypes.h" #include "rx/rxkad.h" #include "afs/cellconfig.h" #include "ubik.h" #include "afs/auth.h" -#include "des/des.h" #include "afs/afsutil.h" #include "afs/kauth.h" @@ -47,11 +48,13 @@ #include #endif #include +#include +#include +#include #include #include #include #include -#include #include #include "kauth.h" #include "kautils.h" @@ -528,7 +531,7 @@ ka_Authenticate(char *name, char *instance, char *cell, struct ubik_client * con int version; LOCK_GLOBAL_MUTEX; - if ((code = des_key_sched(key, schedule))) { + if ((code = des_key_sched(ktc_to_cblock(key), schedule))) { UNLOCK_GLOBAL_MUTEX; return KABADKEY; } @@ -550,7 +553,7 @@ ka_Authenticate(char *name, char *instance, char *cell, struct ubik_client * con arequest.SeqLen = sizeof(request); arequest.SeqBody = (char *)&request; des_pcbc_encrypt(arequest.SeqBody, arequest.SeqBody, arequest.SeqLen, - schedule, key, ENCRYPT); + schedule, ktc_to_cblockptr(key), ENCRYPT); oanswer.MaxSeqLen = sizeof(answer); oanswer.SeqLen = 0; @@ -586,7 +589,7 @@ ka_Authenticate(char *name, char *instance, char *cell, struct ubik_client * con return KAUBIKCALL; } des_pcbc_encrypt(oanswer.SeqBody, oanswer.SeqBody, oanswer.SeqLen, - schedule, key, DECRYPT); + schedule, ktc_to_cblockptr(key), DECRYPT); switch (version) { case 1: @@ -662,7 +665,7 @@ ka_GetToken(char *name, char *instance, char *cell, char *cname, char *cinst, st aticket.SeqLen = auth_token->ticketLen; aticket.SeqBody = auth_token->ticket; - code = des_key_sched(&auth_token->sessionKey, schedule); + code = des_key_sched(ktc_to_cblock(&auth_token->sessionKey), schedule); if (code) { UNLOCK_GLOBAL_MUTEX; return KABADKEY; @@ -704,7 +707,7 @@ ka_GetToken(char *name, char *instance, char *cell, char *cname, char *cinst, st } des_pcbc_encrypt(oanswer.SeqBody, oanswer.SeqBody, oanswer.SeqLen, - schedule, &auth_token->sessionKey, DECRYPT); + schedule, ktc_to_cblockptr(&auth_token->sessionKey), DECRYPT); switch (version) { case 1: diff --git a/src/kauth/client.c b/src/kauth/client.c index b489d46..847a15c 100644 --- a/src/kauth/client.c +++ b/src/kauth/client.c @@ -30,7 +30,7 @@ #include "afs/kautils.h" #include "afs/pthread_glock.h" #include "des/des.h" -#include +#include "des/des_prototypes.h" #else /* defined(UKERNEL) */ #include @@ -48,6 +48,8 @@ #include #include #include +#include +#include #include "kauth.h" #include "kautils.h" #endif /* defined(UKERNEL) */ @@ -97,7 +99,7 @@ Andrew_StringToKey(char *str, char *cell, /* cell for password */ keybytes[i] = (unsigned char)(temp << 1); } } - des_fixup_key_parity(key); + des_fixup_key_parity(ktc_to_cblock(key)); } static void @@ -105,7 +107,7 @@ StringToKey(char *str, char *cell, /* cell for password */ struct ktc_encryptionKey *key) { des_key_schedule schedule; - char temp_key[8]; + unsigned char temp_key[8]; char ivec[8]; char password[BUFSIZ]; int passlen; @@ -120,14 +122,14 @@ StringToKey(char *str, char *cell, /* cell for password */ memcpy(temp_key, "kerberos", 8); des_fixup_key_parity(temp_key); des_key_sched(temp_key, schedule); - des_cbc_cksum(password, ivec, passlen, schedule, ivec); + des_cbc_cksum(charptr_to_cblockptr(password), charptr_to_cblockptr(ivec), passlen, schedule, charptr_to_cblockptr(ivec)); memcpy(temp_key, ivec, 8); des_fixup_key_parity(temp_key); des_key_sched(temp_key, schedule); - des_cbc_cksum(password, key, passlen, schedule, ivec); + des_cbc_cksum(charptr_to_cblockptr(password), ktc_to_cblockptr(key), passlen, schedule, charptr_to_cblockptr(ivec)); - des_fixup_key_parity(key); + des_fixup_key_parity(ktc_to_cblock(key)); } void diff --git a/src/kauth/kaprocs.c b/src/kauth/kaprocs.c index 9674673..ec23611 100644 --- a/src/kauth/kaprocs.c +++ b/src/kauth/kaprocs.c @@ -26,6 +26,8 @@ #include #include #include +#include +#include #include #include #include @@ -35,8 +37,6 @@ #include #endif #include -#include -#include #include #include #include @@ -149,12 +149,12 @@ get_time(Date *timeP, if (to) { /* check if auto cpw is disabled */ if (!(ntohl(tentry.flags) & KAFNOCPW)) { memcpy(&key, &random_value[0], sizeof(key)); - des_fixup_key_parity(&key); + des_fixup_key_parity(ktc_to_cblock(&key)); code = set_password(tt, KA_ADMIN_NAME, KA_ADMIN_INST, &key, 0, 0); if (code == 0) { - des_init_random_number_generator(&key); + des_init_random_number_generator(ktc_to_cblock(&key)); ka_ConvertBytes(buf, sizeof(buf), (char *)&key, sizeof(key)); es_Report("New Admin key is %s\n", buf); @@ -173,7 +173,7 @@ get_time(Date *timeP, if (to) { /* check if auto cpw is disabled */ if (!(ntohl(tentry.flags) & KAFNOCPW)) { memcpy(&key, &random_value[2], sizeof(key)); - des_fixup_key_parity(&key); + des_fixup_key_parity(ktc_to_cblock(&key)); code = set_password(tt, KA_TGS_NAME, lrealm, &key, 0, 0); if (code == 0) { ka_ConvertBytes(buf, sizeof(buf), (char *)&key, @@ -220,14 +220,14 @@ initialize_database(struct ubik_trans *tt) int code; gettimeofday((struct timeval *)&key, 0); /* this is just a cheap seed key */ - des_fixup_key_parity(&key); - des_init_random_number_generator(&key); - if ((code = des_random_key(&key)) + des_fixup_key_parity(ktc_to_cblock(&key)); + des_init_random_number_generator(ktc_to_cblock(&key)); + if ((code = des_random_key(ktc_to_cblock(&key))) || (code = create_user(tt, KA_ADMIN_NAME, KA_ADMIN_INST, &key, 0, KAFNORMAL | KAFNOSEAL | KAFNOTGS))) return code; - if ((code = des_random_key(&key)) + if ((code = des_random_key(ktc_to_cblock(&key))) || (code = create_user(tt, KA_TGS_NAME, lrealm, &key, 0, KAFNORMAL | KAFNOSEAL | KAFNOTGS))) @@ -291,7 +291,7 @@ init_kaprocs(const char *lclpath, int initFlags) code); return code; } - des_init_random_number_generator(&key); + des_init_random_number_generator(ktc_to_cblock(&key)); code = ubik_EndTrans(tt); if (code) { @@ -629,7 +629,7 @@ kamCreateUser(struct rx_call *call, char *aname, char *ainstance, afs_int32 caller; /* Disk offset of caller's entry */ COUNT_REQ(CreateUser); - if (!des_check_key_parity(&ainitpw) || des_is_weak_key(&ainitpw)) + if (!des_check_key_parity(EncryptionKey_to_cblock(&ainitpw)) || des_is_weak_key(EncryptionKey_to_cblock(&ainitpw))) return KABADKEY; if (!name_instance_legal(aname, ainstance)) return KABADNAME; @@ -641,7 +641,7 @@ kamCreateUser(struct rx_call *call, char *aname, char *ainstance, ubik_AbortTrans(tt); return code; } - code = create_user(tt, aname, ainstance, &ainitpw, caller, KAFNORMAL); + code = create_user(tt, aname, ainstance, EncryptionKey_to_ktc(&ainitpw), caller, KAFNORMAL); if (code) { COUNT_ABO; ubik_AbortTrans(tt); @@ -702,11 +702,11 @@ ChangePassWord(struct rx_call *call, char *aname, char *ainstance, } /* decrypt request w/ user password */ - if ((code = des_key_sched(&tentry.key, user_schedule))) + if ((code = des_key_sched(ktc_to_cblock(&tentry.key), user_schedule))) es_Report("In KAChangePassword: key_sched returned %d\n", code); des_pcbc_encrypt(arequest->SeqBody, &request, min(arequest->SeqLen, sizeof(request)), user_schedule, - &tentry.key, DECRYPT); + ktc_to_cblockptr(&tentry.key), DECRYPT); /* validate the request */ request_time = ntohl(request.time); /* reorder date */ @@ -719,7 +719,7 @@ ChangePassWord(struct rx_call *call, char *aname, char *ainstance, /* check to see if the new password was used before, or if there has * not been sufficient time since the last password change */ - code = impose_reuse_limits(&request.newpw, &tentry); + code = impose_reuse_limits(ktc_to_EncryptionKey(&request.newpw), &tentry); if (code) { goto abort; } @@ -738,7 +738,7 @@ ChangePassWord(struct rx_call *call, char *aname, char *ainstance, memcpy(answer, KA_CPW_ANS_LABEL, KA_LABELSIZE); des_pcbc_encrypt(oanswer->SeqBody, oanswer->SeqBody, answer_len, - user_schedule, &tentry.key, ENCRYPT); + user_schedule, ktc_to_cblockptr(&tentry.key), ENCRYPT); code = set_password(tt, aname, ainstance, &request.newpw, kvno, 0); if (code) { @@ -889,7 +889,7 @@ kamSetPassword(struct rx_call *call, char *aname, char *ainstance, COUNT_REQ(SetPassword); if (akvno > MAXKAKVNO) return KABADARGUMENT; - if (!des_check_key_parity(&apassword) || des_is_weak_key(&apassword)) + if (!des_check_key_parity(EncryptionKey_to_cblock(&apassword)) || des_is_weak_key(EncryptionKey_to_cblock(&apassword))) return KABADKEY; if (!name_instance_legal(aname, ainstance)) @@ -900,7 +900,7 @@ kamSetPassword(struct rx_call *call, char *aname, char *ainstance, if (code) { goto abort; } - if ((code = karead(tt, caller, &tentry, sizeof(tentry)))) { + if ((code = karead(tt, caller, (char *)&tentry, sizeof(tentry)))) { code = KAIO; goto abort; } @@ -913,10 +913,10 @@ kamSetPassword(struct rx_call *call, char *aname, char *ainstance, code = impose_reuse_limits(&apassword, &tentry); if (!code) code = - set_password(tt, aname, ainstance, &apassword, akvno, 0); + set_password(tt, aname, ainstance, EncryptionKey_to_ktc(&apassword), akvno, 0); } } else if (ntohl(tentry.flags) & KAFADMIN) { - code = set_password(tt, aname, ainstance, &apassword, akvno, caller); + code = set_password(tt, aname, ainstance, EncryptionKey_to_ktc(&apassword), akvno, caller); } else code = KANOAUTH; if (code) @@ -1100,11 +1100,11 @@ Authenticate(int version, struct rx_call *call, char *aname, char *ainstance, save_principal(authPrincipal, aname, ainstance, 0); /* decrypt request w/ user password */ - if ((code = des_key_sched(&tentry.key, user_schedule))) + if ((code = des_key_sched(ktc_to_cblock(&tentry.key), user_schedule))) es_Report("In KAAuthenticate: key_sched returned %d\n", code); des_pcbc_encrypt(arequest->SeqBody, &request, min(arequest->SeqLen, sizeof(request)), user_schedule, - &tentry.key, DECRYPT); + ktc_to_cblockptr(&tentry.key), DECRYPT); request.time = ntohl(request.time); /* reorder date */ tgt = !strncmp(request.label, KA_GETTGT_REQ_LABEL, sizeof(request.label)); @@ -1166,7 +1166,7 @@ Authenticate(int version, struct rx_call *call, char *aname, char *ainstance, tgskvno = ntohl(server.key_version); memcpy(&tgskey, &server.key, sizeof(tgskey)); - code = des_random_key(&sessionKey); + code = des_random_key(ktc_to_cblock(&sessionKey)); if (code) { code = KANOKEYS; goto abort; @@ -1244,7 +1244,7 @@ Authenticate(int version, struct rx_call *call, char *aname, char *ainstance, goto abort; } des_pcbc_encrypt(oanswer->SeqBody, oanswer->SeqBody, oanswer->SeqLen, - user_schedule, &tentry.key, ENCRYPT); + user_schedule, ktc_to_cblockptr(&tentry.key), ENCRYPT); code = ubik_EndTrans(tt); KALOG(aname, ainstance, sname, sinst, NULL, call->conn->peer->host, LOG_AUTHENTICATE); @@ -1588,7 +1588,7 @@ kamGetEntry(struct rx_call *call, code = KANOENT; goto abort; } else { - if ((code = karead(tt, callerIndex, &caller, sizeof(caller)))) { + if ((code = karead(tt, callerIndex, (char *)&caller, sizeof(caller)))) { code = KAIO; goto abort; } @@ -1647,7 +1647,7 @@ kamGetEntry(struct rx_call *call, /* Now get entry of user who last modified this entry */ if (ntohl(tentry.modification_id)) { temp = ntohl(tentry.modification_id); - code = karead(tt, temp, &tentry, sizeof(tentry)); + code = karead(tt, temp, (char *)&tentry, sizeof(tentry)); if (code) { code = KAIO; goto abort; @@ -1800,7 +1800,7 @@ GetTicket(int version, code = KANOAUTH; goto abort; } - code = des_key_sched(&authSessionKey, schedule); + code = des_key_sched(ktc_to_cblock(&authSessionKey), schedule); if (code) { code = KANOAUTH; goto abort; @@ -1855,7 +1855,7 @@ GetTicket(int version, } save_principal(tgsServerPrincipal, sname, sinstance, 0); - code = des_random_key(&sessionKey); + code = des_random_key(ktc_to_cblock(&sessionKey)); if (code) { code = KANOKEYS; goto abort; @@ -1929,7 +1929,7 @@ GetTicket(int version, goto abort; } des_pcbc_encrypt(oanswer->SeqBody, oanswer->SeqBody, oanswer->SeqLen, - schedule, &authSessionKey, ENCRYPT); + schedule, ktc_to_cblockptr(&authSessionKey), ENCRYPT); code = ubik_EndTrans(tt); KALOG(name, instance, sname, sinstance, (import ? authDomain : NULL), call->conn->peer->host, LOG_GETTICKET); @@ -2145,7 +2145,7 @@ kamGetRandomKey(struct rx_call *call, EncryptionKey *key) COUNT_REQ(GetRandomKey); if ((code = AwaitInitialization())) return code; - code = des_random_key(key); + code = des_random_key(EncryptionKey_to_cblock(key)); if (code) return KANOKEYS; return 0; @@ -2304,7 +2304,7 @@ SKAM_LockStatus(struct rx_call *call, goto abort; if (!noAuthenticationRequired && callerIndex) { - if (karead(tt, callerIndex, &caller, sizeof(caller))) { + if (karead(tt, callerIndex, (char *)&caller, sizeof(caller))) { code = KAIO; goto abort; } diff --git a/src/kauth/kauth_internal.h b/src/kauth/kauth_internal.h index 8356f93..1b77b19 100644 --- a/src/kauth/kauth_internal.h +++ b/src/kauth/kauth_internal.h @@ -26,3 +26,18 @@ extern afs_int32 ka_NewKey(struct ubik_trans *tt, afs_int32 tentryaddr, struct ktc_encryptionKey *key); extern int name_instance_legal(char *name, char *instance); + +static inline unsigned char * +EncryptionKey_to_cblock(EncryptionKey *key) { + return (unsigned char *)key; +} + +static inline struct ktc_encryptionKey * +EncryptionKey_to_ktc(EncryptionKey *key) { + return (struct ktc_encryptionKey *)key; +} + +static inline EncryptionKey * +ktc_to_EncryptionKey(struct ktc_encryptionKey *key) { + return (EncryptionKey *)key; +} diff --git a/src/kauth/kautils.c b/src/kauth/kautils.c index f48fbf1..8dc507d 100644 --- a/src/kauth/kautils.c +++ b/src/kauth/kautils.c @@ -143,13 +143,13 @@ afs_int32 ka_KeyCheckSum(char *key, afs_uint32 * cksumP) { des_key_schedule s; - char block[8]; + unsigned char block[8]; afs_uint32 cksum; afs_int32 code; *cksumP = 0; memset(block, 0, 8); - code = des_key_sched(key, s); + code = des_key_sched(charptr_to_cblock(key), s); if (code) return KABADKEY; des_ecb_encrypt(block, block, s, ENCRYPT); diff --git a/src/kauth/kpasswd.c b/src/kauth/kpasswd.c index e40fdd3..e543743 100644 --- a/src/kauth/kpasswd.c +++ b/src/kauth/kpasswd.c @@ -29,12 +29,12 @@ #endif #include #include +#include +#include #include #include #include #include -#include -#include #include "kauth.h" #include "kautils.h" #include "kkids.h" @@ -406,7 +406,7 @@ CommandProc(struct cmd_syndesc *as, void *arock) } } ka_StringToKey(passwd, realm, &key); - des_string_to_key(passwd, &mitkey); + des_string_to_key(passwd, ktc_to_cblockptr(&mitkey)); give_to_child(passwd); /* Get new password if it wasn't provided. */ @@ -453,7 +453,7 @@ CommandProc(struct cmd_syndesc *as, void *arock) npasswd[8] = 0; /* in case the password was exactly 8 chars long */ #endif ka_StringToKey(npasswd, realm, &newkey); - des_string_to_key(npasswd, &newmitkey); + des_string_to_key(npasswd, ktc_to_cblockptr(&newmitkey)); memset(npasswd, 0, sizeof(npasswd)); if (lexplicit) diff --git a/src/kauth/krb_udp.c b/src/kauth/krb_udp.c index c51c485..dad0a74 100644 --- a/src/kauth/krb_udp.c +++ b/src/kauth/krb_udp.c @@ -34,12 +34,11 @@ #include #include #include +#include #include #include #include #include -#include -#include #include #include "kauth.h" @@ -163,9 +162,9 @@ create_cipher(char *cipher, int *cipherLen, printf("\n"); } - if ((code = des_key_sched(key, schedule))) + if ((code = des_key_sched(ktc_to_cblock(key), schedule))) printf("In KAAuthenticate: key_sched returned %d\n", code); - des_pcbc_encrypt(cipher, cipher, len, schedule, key, ENCRYPT); + des_pcbc_encrypt(cipher, cipher, len, schedule, ktc_to_cblockptr(key), ENCRYPT); *cipherLen = round_up_to_ebs(len); if (krb_udp_debug) { @@ -223,8 +222,8 @@ check_auth(struct packet *pkt, char *auth, int authLen, afs_int32 time_sec; int byteOrder = pkt->byteOrder; - des_key_sched(key, schedule); - des_pcbc_encrypt(auth, auth, authLen, schedule, key, DECRYPT); + des_key_sched(ktc_to_cblock(key), schedule); + des_pcbc_encrypt(auth, auth, authLen, schedule, ktc_to_cblockptr(key), DECRYPT); packet = auth; if (strcmp(packet, name) != 0) return KABADTICKET; @@ -322,7 +321,7 @@ UDP_Authenticate(int ksoc, struct sockaddr_in *client, char *name, } /* make the ticket */ - code = des_random_key(&sessionKey); + code = des_random_key(ktc_to_cblock(&sessionKey)); if (code) { code = KERB_ERR_NULL_KEY; /* was KANOKEYS */ goto abort; @@ -535,7 +534,7 @@ UDP_GetTicket(int ksoc, struct packet *pkt, afs_int32 kvno, if (ntohl(server.flags) & KAFNOSEAL) return KABADSERVER; - code = des_random_key(&sessionKey); + code = des_random_key(ktc_to_cblock(&sessionKey)); if (code) { code = KERB_ERR_NULL_KEY; /* was KANOKEYS */ goto fail; diff --git a/src/kauth/read_passwd.c b/src/kauth/read_passwd.c index 746f693..49a7c44 100644 --- a/src/kauth/read_passwd.c +++ b/src/kauth/read_passwd.c @@ -15,9 +15,10 @@ #include -#include #include +#include +#include #ifdef BSDUNIX #include #include diff --git a/src/kauth/rebuild.c b/src/kauth/rebuild.c index 987d9d4..760deee 100644 --- a/src/kauth/rebuild.c +++ b/src/kauth/rebuild.c @@ -29,6 +29,7 @@ #include #include #include +#include #include @@ -469,8 +470,8 @@ WorkerBee(struct cmd_syndesc *as, void *arock) printf("Entry %d has zero length name\n", i); continue; } - if (!des_check_key_parity(&entry.key) - || des_is_weak_key(&entry.key)) { + if (!des_check_key_parity(ktc_to_cblock(&entry.key)) + || des_is_weak_key(ktc_to_cblock(&entry.key))) { fprintf(stderr, "Entry %d, %s, has bad key\n", i, EntryName(&entry)); continue; diff --git a/src/kauth/user.c b/src/kauth/user.c index 0f0a274..20d6b2b 100644 --- a/src/kauth/user.c +++ b/src/kauth/user.c @@ -35,7 +35,6 @@ #include "afs/kautils.h" #include "afs/afsutil.h" #include "afs/ptuser.h" -#include "des.h" #else /* defined(UKERNEL) */ #include #include @@ -47,6 +46,7 @@ #include #endif #include +#include #include #include #include @@ -55,11 +55,11 @@ #include #include #include +#include +#include #include #include #include /* max ticket lifetime */ -#include -#include #include "kauth.h" #include "kautils.h" #endif /* defined(UKERNEL) */ @@ -205,7 +205,7 @@ ka_UserAuthenticateGeneral(afs_int32 flags, char *name, char *instance, if (flags & KA_USERAUTH_ONLY_VERIFY) { code = ka_VerifyUserToken(name, instance, realm, &key); if (code == KABADREQUEST) { - des_string_to_key(password, &key); + des_string_to_key(password, ktc_to_cblockptr(&key)); code = ka_VerifyUserToken(name, instance, realm, &key); } } else { @@ -230,7 +230,7 @@ ka_UserAuthenticateGeneral(afs_int32 flags, char *name, char *instance, GetTickets(name, instance, realm, &key, lifetime, password_expires, dosetpag); if (code == KABADREQUEST) { - des_string_to_key(password, &key); + des_string_to_key(password, ktc_to_cblockptr(&key)); code = GetTickets(name, instance, realm, &key, lifetime, password_expires, dosetpag); diff --git a/src/rxkad/rxkad_prototypes.h b/src/rxkad/rxkad_prototypes.h index 7db7bc2..0fead04 100644 --- a/src/rxkad/rxkad_prototypes.h +++ b/src/rxkad/rxkad_prototypes.h @@ -14,6 +14,11 @@ #include "fcrypt.h" #include "rx/rx.h" +/* Don't include des.h where it can cause conflict with krb4 headers */ +#if !defined(NO_DES_H_INCLUDE) +#include +#endif + /* domestic/crypt_conn.c */ extern afs_int32 rxkad_DecryptPacket(const struct rx_connection *conn, const fc_KeySchedule * schedule, @@ -129,7 +134,7 @@ extern afs_int32 rxkad_SetConfiguration(struct rx_securityClass *aobj, /* ticket.c */ extern int tkt_DecodeTicket(char *asecret, afs_int32 ticketLen, struct ktc_encryptionKey *key, char *name, - char *inst, char *cell, char *sessionKey, + char *inst, char *cell, struct ktc_encryptionKey *sessionKey, afs_int32 * host, afs_int32 * start, afs_int32 * end); extern int tkt_MakeTicket(char *ticket, int *ticketLen, @@ -145,11 +150,24 @@ extern unsigned char time_to_life(afs_uint32 start, afs_uint32 end); /* ticket5.c */ extern int tkt_DecodeTicket5(char *ticket, afs_int32 ticket_len, - int (*get_key) (char *, int, + int (*get_key) (void *, int, struct ktc_encryptionKey *), char *get_key_rock, int serv_kvno, char *name, - char *inst, char *cell, char *session_key, + char *inst, char *cell, struct ktc_encryptionKey *session_key, afs_int32 * host, afs_int32 * start, afs_int32 * end, afs_int32 disableDotCheck); +#if !defined(NO_DES_H_INCLUDE) +static_inline unsigned char * +ktc_to_cblock(struct ktc_encryptionKey *key) { + return (unsigned char *)key; +} + +static_inline des_cblock * +ktc_to_cblockptr(struct ktc_encryptionKey *key) { + return (des_cblock *)key; +} +#endif + + #endif diff --git a/src/rxkad/ticket.c b/src/rxkad/ticket.c index 7b63929..0b6628c 100644 --- a/src/rxkad/ticket.c +++ b/src/rxkad/ticket.c @@ -14,6 +14,7 @@ #include #endif +#include #if defined(UKERNEL) #include "afs/sysincludes.h" @@ -21,8 +22,9 @@ #include "afs/stds.h" #include "rx/xdr.h" #include "rx/rx.h" -#include "des/des.h" #include "rxkad/lifetimes.h" +#include "des.h" +#include "des/des_prototypes.h" #include "rx/rxkad.h" #else /* defined(UKERNEL) */ #include @@ -33,9 +35,10 @@ #include #endif #include +#include +#include #include #include -#include #include "lifetimes.h" #include "rxkad.h" #endif /* defined(UKERNEL) */ @@ -113,7 +116,7 @@ decode_athena_ticket(char *ticket, int ticketLen, char *name, char *inst, int tkt_DecodeTicket(char *asecret, afs_int32 ticketLen, struct ktc_encryptionKey *key, char *name, char *inst, - char *cell, char *sessionKey, afs_int32 * host, + char *cell, struct ktc_encryptionKey *sessionKey, afs_int32 * host, afs_int32 * start, afs_int32 * end) { char clear_ticket[MAXKTCTICKETLEN]; @@ -128,15 +131,15 @@ tkt_DecodeTicket(char *asecret, afs_int32 ticketLen, ((ticketLen) % 8 != 0)) /* enc. part must be (0 mod 8) bytes */ return RXKADBADTICKET; - if (key_sched(key, schedule.schedule)) + if (key_sched(ktc_to_cblock(key), schedule.schedule)) return RXKADBADKEY; ticket = clear_ticket; - pcbc_encrypt(asecret, ticket, ticketLen, schedule.schedule, key, DECRYPT); + pcbc_encrypt(asecret, ticket, ticketLen, schedule.schedule, ktc_to_cblockptr(key), DECRYPT); code = decode_athena_ticket(ticket, ticketLen, name, inst, cell, host, - sessionKey, start, end); + (struct ktc_encryptionKey *)sessionKey, start, end); if (code) return RXKADBADTICKET; @@ -226,11 +229,11 @@ tkt_MakeTicket(char *ticket, int *ticketLen, struct ktc_encryptionKey *key, return -1; /* encrypt ticket */ - if ((code = key_sched(key, schedule.schedule))) { + if ((code = key_sched(ktc_to_cblock(key), schedule.schedule))) { printf("In tkt_MakeTicket: key_sched returned %d\n", code); return RXKADBADKEY; } - pcbc_encrypt(ticket, ticket, *ticketLen, schedule.schedule, key, ENCRYPT); + pcbc_encrypt(ticket, ticket, *ticketLen, schedule.schedule, ktc_to_cblockptr(key), ENCRYPT); return 0; } diff --git a/src/rxkad/ticket5.c b/src/rxkad/ticket5.c index a83f7fe..9b4300c 100644 --- a/src/rxkad/ticket5.c +++ b/src/rxkad/ticket5.c @@ -68,7 +68,6 @@ #include "../afs/stds.h" #include "../rx/xdr.h" #include "../rx/rx.h" -#include "../des/des.h" #include "../afs/lifetimes.h" #include "../afs/rxkad.h" #else /* defined(UKERNEL) */ @@ -82,7 +81,6 @@ #include #include #include -#include #include "lifetimes.h" #include "rxkad.h" #endif /* defined(UKERNEL) */ @@ -102,6 +100,12 @@ * bug with MIT by sending mail to krb5-bugs@mit.edu. */ +extern afs_int32 des_cbc_encrypt(void * in, void * out, + register afs_int32 length, + des_key_schedule key, des_cblock *iv, + int encrypt); +extern int des_key_sched(register des_cblock k, des_key_schedule schedule); + struct krb_convert { char *v4_str; char *v5_str; @@ -190,9 +194,9 @@ static int int tkt_DecodeTicket5(char *ticket, afs_int32 ticket_len, - int (*get_key) (char *, int, struct ktc_encryptionKey *), + int (*get_key) (void *, int, struct ktc_encryptionKey *), char *get_key_rock, int serv_kvno, char *name, char *inst, - char *cell, char *session_key, afs_int32 * host, + char *cell, struct ktc_encryptionKey *session_key, afs_int32 * host, afs_int32 * start, afs_int32 * end, afs_int32 disableCheckdot) { char plain[MAXKRB5TICKETLEN]; @@ -446,7 +450,7 @@ krb5_des_decrypt(struct ktc_encryptionKey *key, int etype, void *in, cksum_func = NULL; - des_key_sched(key, &s); + des_key_sched(ktc_to_cblock(key), (struct des_ks_struct *)&s); #define CONFOUNDERSZ 8 -- 1.9.4