summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.bin/tcfs/tcfs_dbmaint.c19
-rw-r--r--usr.bin/tcfs/tcfs_keymaint.c31
-rw-r--r--usr.bin/tcfs/tcfsgenkey.c4
-rw-r--r--usr.bin/tcfs/tcfslib.h4
-rw-r--r--usr.bin/tcfs/tcfsputkey.c11
5 files changed, 35 insertions, 34 deletions
diff --git a/usr.bin/tcfs/tcfs_dbmaint.c b/usr.bin/tcfs/tcfs_dbmaint.c
index d368ecc030b..9eb26c9fb01 100644
--- a/usr.bin/tcfs/tcfs_dbmaint.c
+++ b/usr.bin/tcfs/tcfs_dbmaint.c
@@ -389,14 +389,15 @@ tcfs_group_chgpwd (char *user, gid_t gid, char *old, char *new)
tcfsgpwdb *group_info;
unsigned char *key;
- key=(unsigned char *)calloc(UUKEYSIZE, sizeof (char));
+ key = (unsigned char *)calloc(UUGKEYSIZE + 1, sizeof (char));
if (!key)
return 0;
- if (!tcfs_decrypt_key (user, old, (unsigned char*)group_info->gkey, key, GROUPKEY))
+ if (!tcfs_decrypt_key (old, group_info->gkey, key, GKEYSIZE))
return 0;
- if (!tcfs_encrypt_key (user, new, key, (unsigned char *)group_info->gkey, GROUPKEY))
+ if (!tcfs_encrypt_key (new, key, GKEYSIZE, group_info->gkey,
+ UUGKEYSIZE + 1))
return 0;
if (!tcfs_gputpwnam (user, group_info, U_CHG))
@@ -414,15 +415,15 @@ tcfs_chgpwd (char *user, char *old, char *new)
tcfspwdb *user_info=NULL;
unsigned char *key;
- key = (unsigned char*)calloc(UUKEYSIZE, sizeof(char));
+ key = (unsigned char*)calloc(UUKEYSIZE + 1, sizeof(char));
if (!tcfs_getpwnam (user, &user_info))
return 0;
- if (!tcfs_decrypt_key (user, old, (unsigned char *)user_info->upw, key, USERKEY))
+ if (!tcfs_decrypt_key (old, user_info->upw, key, KEYSIZE))
return 0;
- if (!tcfs_encrypt_key (user, new, key, (unsigned char *)user_info->upw, USERKEY))
+ if (!tcfs_encrypt_key (new, key, KEYSIZE, user_info->upw, UUKEYSIZE + 1))
return 0;
if (!tcfs_putpwnam (user, user_info, U_CHG))
@@ -442,7 +443,7 @@ tcfs_chgpassword (char *user, char *old, char *new)
DBT found, key;
unsigned char *ckey;
- ckey = (unsigned char*)calloc(UUKEYSIZE, sizeof(char));
+ ckey = (unsigned char*)calloc(UUGKEYSIZE + 1, sizeof(char));
if (!ckey)
return 0;
@@ -467,10 +468,10 @@ tcfs_chgpassword (char *user, char *old, char *new)
gpdb->get(gpdb, &key, &found, 0);
- if (!tcfs_decrypt_key (user, old, (unsigned char *)((tcfsgpwdb *)found.data)->gkey, ckey, USERKEY))
+ if (!tcfs_decrypt_key (old, ((tcfsgpwdb *)found.data)->gkey, ckey, GKEYSIZE))
return 0;
- if (!tcfs_encrypt_key (user, new, ckey, (unsigned char *)((tcfsgpwdb *)found.data)->gkey, USERKEY))
+ if (!tcfs_encrypt_key (new, ckey, GKEYSIZE, ((tcfsgpwdb *)found.data)->gkey, UUGKEYSIZE + 1))
return 0;
if (gpdb->put (gpdb, &key, &found, 0)) {
diff --git a/usr.bin/tcfs/tcfs_keymaint.c b/usr.bin/tcfs/tcfs_keymaint.c
index 156fc8b2847..d3d8f834eb1 100644
--- a/usr.bin/tcfs/tcfs_keymaint.c
+++ b/usr.bin/tcfs/tcfs_keymaint.c
@@ -55,23 +55,25 @@ tcfs_callfunction(char *filesystem, struct tcfs_args *arg)
}
int
-tcfs_decrypt_key (char *u, char *pwd, unsigned char *t, unsigned char *tk,
- unsigned int flag)
+tcfs_decrypt_key (char *pwd, u_char *t, u_char *tk, int tklen)
{
- int i = 0;
+ int i = 0, len;
char pass[_PASSWORD_LEN], *cypher;
char tcfskey[2*KEYSIZE], iv[8];
blf_ctx ctx;
- int keysize = (flag == GROUPKEY) ? GKEYSIZE : KEYSIZE;
if (!tk)
return 0;
- strcpy (pass, pwd);
+ strlcpy (pass, pwd, sizeof(pass));
- if (uudecode ((char *)t, tcfskey, sizeof(tcfskey)) == -1) {
+ len = uudecode ((char *)t, tcfskey, sizeof(tcfskey));
+ if (len == -1) {
fprintf(stderr, "tcfs_decrypt_key: uudecode failed\n");
return 0;
+ } else if (len != tklen) {
+ fprintf(stderr, "tcfs_decrypt_key: uudecode wrong length\n");
+ return 0;
}
while (strlen (pass) < 8) {
@@ -83,30 +85,27 @@ tcfs_decrypt_key (char *u, char *pwd, unsigned char *t, unsigned char *tk,
blf_key(&ctx, pass, strlen(pass));
memset(iv, 0, sizeof(iv));
- blf_cbc_decrypt(&ctx, iv, tcfskey, keysize);
+ blf_cbc_decrypt(&ctx, iv, tcfskey, tklen);
memset (pass, 0, strlen (pass));
memset (&ctx, 0, sizeof(ctx));
- memcpy (tk, tcfskey, keysize);
+ memcpy (tk, tcfskey, tklen);
return 1;
}
int
-tcfs_encrypt_key (char *u, char *pw, unsigned char *key, unsigned char *ek,
- unsigned int flag)
+tcfs_encrypt_key (char *pw, u_char *key, int klen, u_char *ek, int eklen)
{
int i = 0;
char pass[_PASSWORD_LEN], iv[8];
blf_ctx ctx;
- int keysize = (flag == GROUPKEY) ? GKEYSIZE : KEYSIZE;
- int uulen = (flag == GROUPKEY) ? UUGKEYSIZE : UUKEYSIZE;
int res;
if (!ek)
return 0;
- strcpy (pass, pw);
+ strlcpy (pass, pw, sizeof(pass));
while (strlen(pass) < 8) {
char tmp[_PASSWORD_LEN];
@@ -118,12 +117,12 @@ tcfs_encrypt_key (char *u, char *pw, unsigned char *key, unsigned char *ek,
blf_key(&ctx, pass, strlen(pass));
memset(iv, 0, sizeof(iv));
- blf_cbc_encrypt(&ctx, iv, key, keysize);
+ blf_cbc_encrypt(&ctx, iv, key, klen);
memset(&ctx, 0, sizeof(ctx));
- res = uuencode (key, keysize, ek, uulen + 1);
- if (res != uulen) {
+ res = uuencode (key, klen, ek, eklen);
+ if (res != eklen - 1) {
fprintf(stderr, "tcfs_encrypt_key: uuencode length wrong\n");
return (0);
}
diff --git a/usr.bin/tcfs/tcfsgenkey.c b/usr.bin/tcfs/tcfsgenkey.c
index d811fa846f4..54833865582 100644
--- a/usr.bin/tcfs/tcfsgenkey.c
+++ b/usr.bin/tcfs/tcfsgenkey.c
@@ -75,12 +75,12 @@ genkey_main (int argn, char *argv[])
/*
* Encrypt the generated key with user password
*/
- cryptedkey = (char*)calloc(UUKEYSIZE, sizeof(char));
+ cryptedkey = (char*)calloc(UUKEYSIZE + 1, sizeof(char));
if (!cryptedkey)
tcfs_error (ER_MEM, NULL);
- if (!tcfs_encrypt_key (user, passwd, newkey, cryptedkey, USERKEY))
+ if (!tcfs_encrypt_key (passwd, newkey, KEYSIZE, cryptedkey, UUKEYSIZE + 1))
tcfs_error (ER_MEM, NULL);
/*
diff --git a/usr.bin/tcfs/tcfslib.h b/usr.bin/tcfs/tcfslib.h
index 6f8f52b861e..337cb6c31b5 100644
--- a/usr.bin/tcfs/tcfslib.h
+++ b/usr.bin/tcfs/tcfslib.h
@@ -25,8 +25,8 @@ extern void tcfsgpwdbr_dispose (tcfsgpwdb *p);
extern int tcfs_chgpwd (char *u, char *o, char *p);
extern int tcfs_group_chgpwd (char *u, gid_t gid, char *o, char *p);
extern int tcfs_chgpassword (char *u, char *o, char *p);
-extern int tcfs_decrypt_key (char *u, char *pwd, unsigned char *t, unsigned char *tk, unsigned int flag);
-extern int tcfs_encrypt_key (char *u, char *pw, unsigned char *key, unsigned char *ek, unsigned int flag);
+extern int tcfs_decrypt_key (char *pwd, u_char *t, u_char *tk, int tklen);
+extern int tcfs_encrypt_key (char *pwd, u_char *key, int klen, u_char *ek, int eklen);
extern char *tcfs_decode (char *t, int *l);
extern char *tcfs_encode (char *t, int l);
extern char *gentcfskey (void);
diff --git a/usr.bin/tcfs/tcfsputkey.c b/usr.bin/tcfs/tcfsputkey.c
index 930ab9ac395..b8ce0a53d8a 100644
--- a/usr.bin/tcfs/tcfsputkey.c
+++ b/usr.bin/tcfs/tcfsputkey.c
@@ -121,8 +121,8 @@ putkey_main(int argc, char *argv[])
treshold = ginfo->soglia;
- tcfs_decrypt_key(user, password, ginfo->gkey, tcfskey,
- GROUPKEY);
+ if (!tcfs_decrypt_key(password, ginfo->gkey, tcfskey, GKEYSIZE))
+ tcfs_error(ER_CUSTOM, "Could not decrypt group key");
es = tcfs_group_enable(fspath,uid,gid,treshold,tcfskey);
@@ -148,13 +148,14 @@ putkey_main(int argc, char *argv[])
tcfs_error(ER_CUSTOM,"Default key non found");
if(!strlen(info->upw))
- tcfs_error(ER_CUSTOM,"Invalid default key");
+ tcfs_error(ER_CUSTOM, "Invalid default key");
tcfskey = (char*)malloc(UUKEYSIZE);
if(!tcfskey)
- tcfs_error(ER_MEM,NULL);
+ tcfs_error(ER_MEM, NULL);
- tcfs_decrypt_key (user, password, info->upw, tcfskey, USERKEY);
+ if (!tcfs_decrypt_key (password, info->upw, tcfskey, KEYSIZE))
+ tcfs_error(ER_CUSTOM, "Could not decrypt key");
havekey = TRUE;
}