diff options
Diffstat (limited to 'camel/camel-sasl-kerberos4.c')
-rw-r--r-- | camel/camel-sasl-kerberos4.c | 223 |
1 files changed, 0 insertions, 223 deletions
diff --git a/camel/camel-sasl-kerberos4.c b/camel/camel-sasl-kerberos4.c deleted file mode 100644 index 1698ffe870..0000000000 --- a/camel/camel-sasl-kerberos4.c +++ /dev/null @@ -1,223 +0,0 @@ -/* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */ -/* - * Authors: Jeffrey Stedfast <fejj@ximian.com> - * - * Copyright 2001 Ximian, Inc. (www.ximian.com) - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Street #330, Boston, MA 02111-1307, USA. - * - */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif - -#ifdef HAVE_KRB4 - -#include <krb.h> -/* MIT krb4 des.h #defines _. Sigh. We don't need it. #undef it here - * so we get the gettexty _ definition later. - */ -#undef _ - -#include <string.h> -#include "camel-sasl-kerberos4.h" -#include "camel-service.h" - -CamelServiceAuthType camel_sasl_kerberos4_authtype = { - N_("Kerberos 4"), - - N_("This option will connect to the server using " - "Kerberos 4 authentication."), - - "KERBEROS_V4", - FALSE -}; - -#define KERBEROS_V4_PROTECTION_NONE 1 -#define KERBEROS_V4_PROTECTION_INTEGRITY 2 -#define KERBEROS_V4_PROTECTION_PRIVACY 4 - -static CamelSaslClass *parent_class = NULL; - -/* Returns the class for a CamelSaslKerberos4 */ -#define CSK4_CLASS(so) CAMEL_SASL_KERBEROS4_CLASS (CAMEL_OBJECT_GET_CLASS (so)) - -static GByteArray *krb4_challenge (CamelSasl *sasl, GByteArray *token, CamelException *ex); - -struct _CamelSaslKerberos4Private { - int state; - - guint32 nonce_n; - guint32 nonce_h; - - des_cblock session; - des_key_schedule schedule; -}; - -static void -camel_sasl_kerberos4_class_init (CamelSaslKerberos4Class *camel_sasl_kerberos4_class) -{ - CamelSaslClass *camel_sasl_class = CAMEL_SASL_CLASS (camel_sasl_kerberos4_class); - - parent_class = CAMEL_SASL_CLASS (camel_type_get_global_classfuncs (camel_sasl_get_type ())); - - /* virtual method overload */ - camel_sasl_class->challenge = krb4_challenge; -} - -static void -camel_sasl_kerberos4_init (gpointer object, gpointer klass) -{ - CamelSaslKerberos4 *sasl_krb4 = CAMEL_SASL_KERBEROS4 (object); - - sasl_krb4->priv = g_new0 (struct _CamelSaslKerberos4Private, 1); -} - -static void -camel_sasl_kerberos4_finalize (CamelObject *object) -{ - CamelSaslKerberos4 *sasl = CAMEL_SASL_KERBEROS4 (object); - - if (sasl->priv) { - memset (sasl->priv, 0, sizeof (sasl->priv)); - g_free (sasl->priv); - } -} - - -CamelType -camel_sasl_kerberos4_get_type (void) -{ - static CamelType type = CAMEL_INVALID_TYPE; - - if (type == CAMEL_INVALID_TYPE) { - type = camel_type_register (camel_sasl_get_type (), - "CamelSaslKerberos4", - sizeof (CamelSaslKerberos4), - sizeof (CamelSaslKerberos4Class), - (CamelObjectClassInitFunc) camel_sasl_kerberos4_class_init, - NULL, - (CamelObjectInitFunc) camel_sasl_kerberos4_init, - (CamelObjectFinalizeFunc) camel_sasl_kerberos4_finalize); - } - - return type; -} - -static GByteArray * -krb4_challenge (CamelSasl *sasl, GByteArray *token, CamelException *ex) -{ - struct _CamelSaslKerberos4Private *priv = CAMEL_SASL_KERBEROS4 (sasl)->priv; - GByteArray *ret = NULL; - char *inst, *realm, *username; - struct hostent *h; - int status, len; - KTEXT_ST authenticator; - CREDENTIALS credentials; - guint32 plus1; - - /* Need to wait for the server */ - if (!token) - return NULL; - - switch (priv->state) { - case 0: - if (token->len != 4) - goto lose; - - memcpy (&priv->nonce_n, token->data, 4); - priv->nonce_h = ntohl (priv->nonce_n); - - /* Our response is an authenticator including that number. */ - h = camel_service_gethost (sasl->service, ex); - inst = g_strndup (h->h_name, strcspn (h->h_name, ".")); - g_strdown (inst); - realm = g_strdup (krb_realmofhost (h->h_name)); - camel_free_host(h); - status = krb_mk_req (&authenticator, sasl->service_name, inst, realm, priv->nonce_h); - if (status == KSUCCESS) { - status = krb_get_cred (sasl->service_name, inst, realm, &credentials); - memcpy (priv->session, credentials.session, sizeof (priv->session)); - memset (&credentials, 0, sizeof (credentials)); - } - g_free (inst); - g_free (realm); - - if (status != KSUCCESS) { - camel_exception_setv (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE, - _("Could not get Kerberos ticket:\n%s"), - krb_err_txt[status]); - goto lose; - } - des_key_sched (&priv->session, priv->schedule); - - ret = g_byte_array_new (); - g_byte_array_append (ret, (const guint8 *)authenticator.dat, authenticator.length); - break; - - case 1: - if (token->len != 8) - goto lose; - - /* This one is encrypted. */ - des_ecb_encrypt ((des_cblock *)token->data, (des_cblock *)token->data, priv->schedule, 0); - - /* Check that the returned value is the original nonce plus one. */ - memcpy (&plus1, token->data, 4); - if (ntohl (plus1) != priv->nonce_h + 1) - goto lose; - - /* "the fifth octet contain[s] a bit-mask specifying the - * protection mechanisms supported by the server" - */ - if (!(token->data[4] & KERBEROS_V4_PROTECTION_NONE)) { - g_warning ("Server does not support `no protection' :-("); - goto lose; - } - - username = sasl->service->url->user; - len = strlen (username) + 9; - len += 8 - len % 8; - ret = g_byte_array_new (); - g_byte_array_set_size (ret, len); - memset (ret->data, 0, len); - memcpy (ret->data, &priv->nonce_n, 4); - ret->data[4] = KERBEROS_V4_PROTECTION_NONE; - ret->data[5] = ret->data[6] = ret->data[7] = 0; - strcpy (ret->data + 8, username); - - des_pcbc_encrypt ((void *)ret->data, (void *)ret->data, len, - priv->schedule, &priv->session, 1); - memset (&priv->session, 0, sizeof (priv->session)); - - sasl->authenticated = TRUE; - break; - } - - priv->state++; - return ret; - - lose: - memset (&priv->session, 0, sizeof (priv->session)); - - if (!camel_exception_is_set (ex)) { - camel_exception_set (ex, CAMEL_EXCEPTION_SERVICE_CANT_AUTHENTICATE, - _("Bad authentication response from server.")); - } - return NULL; -} - -#endif /* HAVE_KRB4 */ |