diff options
-rw-r--r-- | usr.bin/tcfs/tcfs_dbmaint.c | 19 | ||||
-rw-r--r-- | usr.bin/tcfs/tcfs_keymaint.c | 31 | ||||
-rw-r--r-- | usr.bin/tcfs/tcfsgenkey.c | 4 | ||||
-rw-r--r-- | usr.bin/tcfs/tcfslib.h | 4 | ||||
-rw-r--r-- | usr.bin/tcfs/tcfsputkey.c | 11 |
5 files changed, 35 insertions, 34 deletions
diff --git a/usr.bin/tcfs/tcfs_dbmaint.c b/usr.bin/tcfs/tcfs_dbmaint.c index d368ecc030b..9eb26c9fb01 100644 --- a/usr.bin/tcfs/tcfs_dbmaint.c +++ b/usr.bin/tcfs/tcfs_dbmaint.c @@ -389,14 +389,15 @@ tcfs_group_chgpwd (char *user, gid_t gid, char *old, char *new) tcfsgpwdb *group_info; unsigned char *key; - key=(unsigned char *)calloc(UUKEYSIZE, sizeof (char)); + key = (unsigned char *)calloc(UUGKEYSIZE + 1, sizeof (char)); if (!key) return 0; - if (!tcfs_decrypt_key (user, old, (unsigned char*)group_info->gkey, key, GROUPKEY)) + if (!tcfs_decrypt_key (old, group_info->gkey, key, GKEYSIZE)) return 0; - if (!tcfs_encrypt_key (user, new, key, (unsigned char *)group_info->gkey, GROUPKEY)) + if (!tcfs_encrypt_key (new, key, GKEYSIZE, group_info->gkey, + UUGKEYSIZE + 1)) return 0; if (!tcfs_gputpwnam (user, group_info, U_CHG)) @@ -414,15 +415,15 @@ tcfs_chgpwd (char *user, char *old, char *new) tcfspwdb *user_info=NULL; unsigned char *key; - key = (unsigned char*)calloc(UUKEYSIZE, sizeof(char)); + key = (unsigned char*)calloc(UUKEYSIZE + 1, sizeof(char)); if (!tcfs_getpwnam (user, &user_info)) return 0; - if (!tcfs_decrypt_key (user, old, (unsigned char *)user_info->upw, key, USERKEY)) + if (!tcfs_decrypt_key (old, user_info->upw, key, KEYSIZE)) return 0; - if (!tcfs_encrypt_key (user, new, key, (unsigned char *)user_info->upw, USERKEY)) + if (!tcfs_encrypt_key (new, key, KEYSIZE, user_info->upw, UUKEYSIZE + 1)) return 0; if (!tcfs_putpwnam (user, user_info, U_CHG)) @@ -442,7 +443,7 @@ tcfs_chgpassword (char *user, char *old, char *new) DBT found, key; unsigned char *ckey; - ckey = (unsigned char*)calloc(UUKEYSIZE, sizeof(char)); + ckey = (unsigned char*)calloc(UUGKEYSIZE + 1, sizeof(char)); if (!ckey) return 0; @@ -467,10 +468,10 @@ tcfs_chgpassword (char *user, char *old, char *new) gpdb->get(gpdb, &key, &found, 0); - if (!tcfs_decrypt_key (user, old, (unsigned char *)((tcfsgpwdb *)found.data)->gkey, ckey, USERKEY)) + if (!tcfs_decrypt_key (old, ((tcfsgpwdb *)found.data)->gkey, ckey, GKEYSIZE)) return 0; - if (!tcfs_encrypt_key (user, new, ckey, (unsigned char *)((tcfsgpwdb *)found.data)->gkey, USERKEY)) + if (!tcfs_encrypt_key (new, ckey, GKEYSIZE, ((tcfsgpwdb *)found.data)->gkey, UUGKEYSIZE + 1)) return 0; if (gpdb->put (gpdb, &key, &found, 0)) { diff --git a/usr.bin/tcfs/tcfs_keymaint.c b/usr.bin/tcfs/tcfs_keymaint.c index 156fc8b2847..d3d8f834eb1 100644 --- a/usr.bin/tcfs/tcfs_keymaint.c +++ b/usr.bin/tcfs/tcfs_keymaint.c @@ -55,23 +55,25 @@ tcfs_callfunction(char *filesystem, struct tcfs_args *arg) } int -tcfs_decrypt_key (char *u, char *pwd, unsigned char *t, unsigned char *tk, - unsigned int flag) +tcfs_decrypt_key (char *pwd, u_char *t, u_char *tk, int tklen) { - int i = 0; + int i = 0, len; char pass[_PASSWORD_LEN], *cypher; char tcfskey[2*KEYSIZE], iv[8]; blf_ctx ctx; - int keysize = (flag == GROUPKEY) ? GKEYSIZE : KEYSIZE; if (!tk) return 0; - strcpy (pass, pwd); + strlcpy (pass, pwd, sizeof(pass)); - if (uudecode ((char *)t, tcfskey, sizeof(tcfskey)) == -1) { + len = uudecode ((char *)t, tcfskey, sizeof(tcfskey)); + if (len == -1) { fprintf(stderr, "tcfs_decrypt_key: uudecode failed\n"); return 0; + } else if (len != tklen) { + fprintf(stderr, "tcfs_decrypt_key: uudecode wrong length\n"); + return 0; } while (strlen (pass) < 8) { @@ -83,30 +85,27 @@ tcfs_decrypt_key (char *u, char *pwd, unsigned char *t, unsigned char *tk, blf_key(&ctx, pass, strlen(pass)); memset(iv, 0, sizeof(iv)); - blf_cbc_decrypt(&ctx, iv, tcfskey, keysize); + blf_cbc_decrypt(&ctx, iv, tcfskey, tklen); memset (pass, 0, strlen (pass)); memset (&ctx, 0, sizeof(ctx)); - memcpy (tk, tcfskey, keysize); + memcpy (tk, tcfskey, tklen); return 1; } int -tcfs_encrypt_key (char *u, char *pw, unsigned char *key, unsigned char *ek, - unsigned int flag) +tcfs_encrypt_key (char *pw, u_char *key, int klen, u_char *ek, int eklen) { int i = 0; char pass[_PASSWORD_LEN], iv[8]; blf_ctx ctx; - int keysize = (flag == GROUPKEY) ? GKEYSIZE : KEYSIZE; - int uulen = (flag == GROUPKEY) ? UUGKEYSIZE : UUKEYSIZE; int res; if (!ek) return 0; - strcpy (pass, pw); + strlcpy (pass, pw, sizeof(pass)); while (strlen(pass) < 8) { char tmp[_PASSWORD_LEN]; @@ -118,12 +117,12 @@ tcfs_encrypt_key (char *u, char *pw, unsigned char *key, unsigned char *ek, blf_key(&ctx, pass, strlen(pass)); memset(iv, 0, sizeof(iv)); - blf_cbc_encrypt(&ctx, iv, key, keysize); + blf_cbc_encrypt(&ctx, iv, key, klen); memset(&ctx, 0, sizeof(ctx)); - res = uuencode (key, keysize, ek, uulen + 1); - if (res != uulen) { + res = uuencode (key, klen, ek, eklen); + if (res != eklen - 1) { fprintf(stderr, "tcfs_encrypt_key: uuencode length wrong\n"); return (0); } diff --git a/usr.bin/tcfs/tcfsgenkey.c b/usr.bin/tcfs/tcfsgenkey.c index d811fa846f4..54833865582 100644 --- a/usr.bin/tcfs/tcfsgenkey.c +++ b/usr.bin/tcfs/tcfsgenkey.c @@ -75,12 +75,12 @@ genkey_main (int argn, char *argv[]) /* * Encrypt the generated key with user password */ - cryptedkey = (char*)calloc(UUKEYSIZE, sizeof(char)); + cryptedkey = (char*)calloc(UUKEYSIZE + 1, sizeof(char)); if (!cryptedkey) tcfs_error (ER_MEM, NULL); - if (!tcfs_encrypt_key (user, passwd, newkey, cryptedkey, USERKEY)) + if (!tcfs_encrypt_key (passwd, newkey, KEYSIZE, cryptedkey, UUKEYSIZE + 1)) tcfs_error (ER_MEM, NULL); /* diff --git a/usr.bin/tcfs/tcfslib.h b/usr.bin/tcfs/tcfslib.h index 6f8f52b861e..337cb6c31b5 100644 --- a/usr.bin/tcfs/tcfslib.h +++ b/usr.bin/tcfs/tcfslib.h @@ -25,8 +25,8 @@ extern void tcfsgpwdbr_dispose (tcfsgpwdb *p); extern int tcfs_chgpwd (char *u, char *o, char *p); extern int tcfs_group_chgpwd (char *u, gid_t gid, char *o, char *p); extern int tcfs_chgpassword (char *u, char *o, char *p); -extern int tcfs_decrypt_key (char *u, char *pwd, unsigned char *t, unsigned char *tk, unsigned int flag); -extern int tcfs_encrypt_key (char *u, char *pw, unsigned char *key, unsigned char *ek, unsigned int flag); +extern int tcfs_decrypt_key (char *pwd, u_char *t, u_char *tk, int tklen); +extern int tcfs_encrypt_key (char *pwd, u_char *key, int klen, u_char *ek, int eklen); extern char *tcfs_decode (char *t, int *l); extern char *tcfs_encode (char *t, int l); extern char *gentcfskey (void); diff --git a/usr.bin/tcfs/tcfsputkey.c b/usr.bin/tcfs/tcfsputkey.c index 930ab9ac395..b8ce0a53d8a 100644 --- a/usr.bin/tcfs/tcfsputkey.c +++ b/usr.bin/tcfs/tcfsputkey.c @@ -121,8 +121,8 @@ putkey_main(int argc, char *argv[]) treshold = ginfo->soglia; - tcfs_decrypt_key(user, password, ginfo->gkey, tcfskey, - GROUPKEY); + if (!tcfs_decrypt_key(password, ginfo->gkey, tcfskey, GKEYSIZE)) + tcfs_error(ER_CUSTOM, "Could not decrypt group key"); es = tcfs_group_enable(fspath,uid,gid,treshold,tcfskey); @@ -148,13 +148,14 @@ putkey_main(int argc, char *argv[]) tcfs_error(ER_CUSTOM,"Default key non found"); if(!strlen(info->upw)) - tcfs_error(ER_CUSTOM,"Invalid default key"); + tcfs_error(ER_CUSTOM, "Invalid default key"); tcfskey = (char*)malloc(UUKEYSIZE); if(!tcfskey) - tcfs_error(ER_MEM,NULL); + tcfs_error(ER_MEM, NULL); - tcfs_decrypt_key (user, password, info->upw, tcfskey, USERKEY); + if (!tcfs_decrypt_key (password, info->upw, tcfskey, KEYSIZE)) + tcfs_error(ER_CUSTOM, "Could not decrypt key"); havekey = TRUE; } |