kerberos.c: Initialize random number generator on the server side so

	that the encryption routines later on can use it.

	Fix bug in how we pick the challenge for the challenge/response
	mutual authentication.

forward.c: Move rd_cred and mk_cred to libkrb.a.  (Although we still
	need to fix the API!)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4658 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 22 insertions, 334 deletions

diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog
index 85959d788..ec83596ac 100644
--- a/src/appl/telnet/libtelnet/ChangeLog
+++ b/src/appl/telnet/libtelnet/ChangeLog
@@ -1,3 +1,17 @@
+Mon Nov 14 16:27:29 1994  Theodore Y. Ts'o  (tytso@dcl)
+
+	* kerberos.c (kerberos4_is): Initialize random number generator on
+		the server side so that the encryption routines later on
+		can use it. 
+
+	* kerberos.c (kerberos4_send): Fix bug in how we pick the
+		challenge for the challenge/response mutual
+		authentication.
+
+Fri Nov 11 00:55:36 1994  Theodore Y. Ts'o  (tytso@dcl)
+
+	* forward.c (mk_cred, rd_cred): Move these routines to libkrb.a.
+
 Tue Nov  8 01:39:50 1994  Theodore Y. Ts'o  (tytso@dcl)
 
 	* kerberos.c (kerberos4_is): Fix bug in logic of incrementing the
diff --git a/src/appl/telnet/libtelnet/forward.c b/src/appl/telnet/libtelnet/forward.c
index 52fd51863..1a72671a7 100644
--- a/src/appl/telnet/libtelnet/forward.c
+++ b/src/appl/telnet/libtelnet/forward.c
@@ -228,151 +228,6 @@ get_for_creds(etype, sumtype, rhost, client, enc_key, forwardable, outbuf)
 #undef cleanup
 }
 
-
-
-/* Create asn.1 encoded KRB-CRED message from the kdc reply. */
-krb5_error_code
-mk_cred(dec_rep, etype, key, sender_addr, recv_addr, outbuf)
-krb5_kdc_rep *dec_rep;
-krb5_enctype etype;
-krb5_keyblock *key;
-krb5_address *sender_addr;
-krb5_address *recv_addr;
-krb5_data *outbuf;
-{
-    krb5_error_code retval;
-    krb5_encrypt_block eblock;
-    krb5_cred ret_cred;
-    krb5_cred_enc_part cred_enc_part;
-    krb5_data *scratch;
-
-    if (!valid_etype(etype))
-      return KRB5_PROG_ETYPE_NOSUPP;
-
-    ret_cred.tickets = (krb5_ticket **) calloc(2, sizeof(*ret_cred.tickets));
-    if (!ret_cred.tickets)
-      return ENOMEM;
-    ret_cred.tickets[0] = dec_rep->ticket;
-    ret_cred.tickets[1] = 0;
-
-    ret_cred.enc_part.etype = etype; 
-    ret_cred.enc_part.kvno = 0;
-
-    cred_enc_part.ticket_info = (krb5_cred_info **) 
-      calloc(2, sizeof(*cred_enc_part.ticket_info));
-    if (!cred_enc_part.ticket_info) {
-	krb5_free_tickets(ret_cred.tickets);
-	return ENOMEM;
-    }
-    cred_enc_part.ticket_info[0] = (krb5_cred_info *) 
-      malloc(sizeof(*cred_enc_part.ticket_info[0]));
-    if (!cred_enc_part.ticket_info[0]) {
-	krb5_free_tickets(ret_cred.tickets);
-	krb5_free_cred_enc_part(cred_enc_part);
-	return ENOMEM;
-    }
-    cred_enc_part.nonce = 0;
-
-    if (retval = krb5_us_timeofday(&cred_enc_part.timestamp,
-				   &cred_enc_part.usec))
-      return retval;
-
-    cred_enc_part.s_address = (krb5_address *)sender_addr;
-    cred_enc_part.r_address = (krb5_address *)recv_addr;
-
-    cred_enc_part.ticket_info[0]->session = dec_rep->enc_part2->session;
-    cred_enc_part.ticket_info[0]->client = dec_rep->client;
-    cred_enc_part.ticket_info[0]->server = dec_rep->enc_part2->server;
-    cred_enc_part.ticket_info[0]->flags  = dec_rep->enc_part2->flags;
-    cred_enc_part.ticket_info[0]->times  = dec_rep->enc_part2->times;
-    cred_enc_part.ticket_info[0]->caddrs = dec_rep->enc_part2->caddrs;
-
-    cred_enc_part.ticket_info[1] = 0;
-
-    /* start by encoding to-be-encrypted part of the message */
-
-    if (retval = encode_krb5_enc_cred_part(&cred_enc_part, &scratch))
-      return retval;
-
-#define cleanup_scratch() { (void) memset(scratch->data, 0, scratch->length); krb5_free_data(scratch); }
-
-    /* put together an eblock for this encryption */
-
-    krb5_use_cstype(&eblock, etype);
-    ret_cred.enc_part.ciphertext.length = krb5_encrypt_size(scratch->length,
-						eblock.crypto_entry);
-    /* add padding area, and zero it */
-    if (!(scratch->data = realloc(scratch->data,
-				  ret_cred.enc_part.ciphertext.length))) {
-	/* may destroy scratch->data */
-	krb5_xfree(scratch);
-	return ENOMEM;
-    }
-    memset(scratch->data + scratch->length, 0,
-	  ret_cred.enc_part.ciphertext.length - scratch->length);
-    if (!(ret_cred.enc_part.ciphertext.data =
-	  malloc(ret_cred.enc_part.ciphertext.length))) {
-        retval = ENOMEM;
-        goto clean_scratch;
-    }
-
-#define cleanup_encpart() {\
-	(void) memset(ret_cred.enc_part.ciphertext.data, 0, \
-	     ret_cred.enc_part.ciphertext.length); \
-	free(ret_cred.enc_part.ciphertext.data); \
-	ret_cred.enc_part.ciphertext.length = 0; \
-	ret_cred.enc_part.ciphertext.data = 0;}
-
-    /* do any necessary key pre-processing */
-    if (retval = krb5_process_key(&eblock, key)) {
-        goto clean_encpart;
-    }
-
-#define cleanup_prockey() {(void) krb5_finish_key(&eblock);}
-
-    /* call the encryption routine */
-    if (retval = krb5_encrypt((krb5_pointer) scratch->data,
-			      (krb5_pointer)
-			      ret_cred.enc_part.ciphertext.data, 
-			      scratch->length, &eblock,
-			      0)) {
-        goto clean_prockey;
-    }
-    
-    /* private message is now assembled-- do some cleanup */
-    cleanup_scratch();
-
-    if (retval = krb5_finish_key(&eblock)) {
-        cleanup_encpart();
-        return retval;
-    }
-    /* encode private message */
-    if (retval = encode_krb5_cred(&ret_cred, &scratch))  {
-        cleanup_encpart();
-	return retval;
-    }
-
-    cleanup_encpart();
-
-    *outbuf = *scratch;
-    krb5_xfree(scratch);
-    return 0;
-
- clean_prockey:
-    cleanup_prockey();
- clean_encpart:
-    cleanup_encpart();
- clean_scratch:
-    cleanup_scratch();
-
-    return retval;
-#undef cleanup_prockey
-#undef cleanup_encpart
-#undef cleanup_scratch
-}
-
-
-
 /* Decode, decrypt and store the forwarded creds in the local ccache. */
 krb5_error_code
 rd_and_store_for_creds(inbuf, ticket, lusername)
@@ -417,191 +272,4 @@ rd_and_store_for_creds(inbuf, ticket, lusername)
     return retval;
 }
 
-
-
-extern krb5_deltat krb5_clockskew;   
-#define in_clock_skew(date) (abs((date)-currenttime) < krb5_clockskew)
-
-/* Decode the KRB-CRED message, and return creds */
-krb5_error_code
-rd_cred(inbuf, key, creds, sender_addr, recv_addr)
-const krb5_data *inbuf;
-const krb5_keyblock *key;
-krb5_creds *creds;                /* Filled in */
-const krb5_address *sender_addr;  /* optional */
-const krb5_address *recv_addr;    /* optional */
-{
-    krb5_error_code retval;
-    krb5_encrypt_block eblock;
-    krb5_cred *credmsg;
-    krb5_cred_enc_part *credmsg_enc_part;
-    krb5_data *scratch;
-    krb5_timestamp currenttime;
-
-    if (!krb5_is_krb_cred(inbuf))
-	return KRB5KRB_AP_ERR_MSG_TYPE;
-    
-    /* decode private message */
-    if (retval = decode_krb5_cred(inbuf, &credmsg))  {
-	return retval;
-    }
-    
-#define cleanup_credmsg() {(void)krb5_xfree(credmsg->enc_part.ciphertext.data); (void)krb5_xfree(credmsg);}
-
-    if (!(scratch = (krb5_data *) malloc(sizeof(*scratch)))) {
-	cleanup_credmsg();
-	return ENOMEM;
-    }
-
-#define cleanup_scratch() {(void)memset(scratch->data, 0, scratch->length); (void)krb5_xfree(scratch->data);}
-
-    if (retval = encode_krb5_ticket(credmsg->tickets[0], &scratch)) {
-	cleanup_credmsg();
-	cleanup_scratch();
-	return(retval);
-    }
-
-    creds->ticket = *scratch;
-    if (!(creds->ticket.data = malloc(scratch->length))) {
-	krb5_xfree(creds->ticket.data);
-	return ENOMEM;
-    }
-    memcpy((char *)creds->ticket.data, (char *) scratch->data, scratch->length);
-
-    cleanup_scratch();
-
-    if (!valid_etype(credmsg->enc_part.etype)) {
-	cleanup_credmsg();
-	return KRB5_PROG_ETYPE_NOSUPP;
-    }
-
-    /* put together an eblock for this decryption */
-
-    krb5_use_cstype(&eblock, credmsg->enc_part.etype);
-    scratch->length = credmsg->enc_part.ciphertext.length;
-    
-    if (!(scratch->data = malloc(scratch->length))) {
-	cleanup_credmsg();
-        return ENOMEM;
-    }
-
-    /* do any necessary key pre-processing */
-    if (retval = krb5_process_key(&eblock, key)) {
-        cleanup_credmsg();
-	cleanup_scratch();
-	return retval;
-    }
-    
-#define cleanup_prockey() {(void) krb5_finish_key(&eblock);}
-    
-    /* call the decryption routine */
-    if (retval = krb5_decrypt((krb5_pointer) credmsg->enc_part.ciphertext.data,
-			      (krb5_pointer) scratch->data,
-			      scratch->length, &eblock,
-			      0)) {
-	cleanup_credmsg();
-	cleanup_scratch();
-        cleanup_prockey();
-	return retval;
-    }
-
-    /* cred message is now decrypted -- do some cleanup */
-
-    cleanup_credmsg();
-
-    if (retval = krb5_finish_key(&eblock)) {
-        cleanup_scratch();
-        return retval;
-    }
-
-    /*  now decode the decrypted stuff */
-    if (retval = decode_krb5_enc_cred_part(scratch, &credmsg_enc_part)) {
-	cleanup_scratch();
-	return retval;
-    }
-    cleanup_scratch();
-
-#define cleanup_mesg() {(void)krb5_xfree(credmsg_enc_part);}
-
-    if (retval = krb5_timeofday(&currenttime)) {
-	cleanup_mesg();
-	return retval;
-    }
-    if (!in_clock_skew(credmsg_enc_part->timestamp)) {
-	cleanup_mesg();  
-	return KRB5KRB_AP_ERR_SKEW;
-    }
-
-    if (sender_addr && credmsg_enc_part->s_address &&
-	!krb5_address_compare(sender_addr, 
-			      credmsg_enc_part->s_address)) {
-	cleanup_mesg();
-	return KRB5KRB_AP_ERR_BADADDR;
-    }
-    if (recv_addr && credmsg_enc_part->r_address &&
-	!krb5_address_compare(recv_addr, 
-			      credmsg_enc_part->r_address)) {
-	cleanup_mesg();
-	return KRB5KRB_AP_ERR_BADADDR;
-    }	    
-
-    if (credmsg_enc_part->r_address) {
-	krb5_address **our_addrs;
-	
-	if (retval = krb5_os_localaddr(&our_addrs)) {
-	    cleanup_mesg();
-	    return retval;
-	}
-	if (!krb5_address_search(credmsg_enc_part->r_address, 
-				 our_addrs)) {
-	    krb5_free_addresses(our_addrs);
-	    cleanup_mesg();
-	    return KRB5KRB_AP_ERR_BADADDR;
-	}
-	krb5_free_addresses(our_addrs);
-    }
-
-    if (retval = krb5_copy_principal(credmsg_enc_part->ticket_info[0]->client,
-				     &creds->client)) {
-	return(retval);
-    }
-
-    if (retval = krb5_copy_principal(credmsg_enc_part->ticket_info[0]->server,
-				     &creds->server)) {
-	return(retval);
-    }  
-
-    if (retval =
-	krb5_copy_keyblock_contents(credmsg_enc_part->ticket_info[0]->session, 
-				    &creds->keyblock)) {
-	return(retval);
-    }
-
-#undef clean
-#define clean() {\
-	memset((char *)creds->keyblock.contents, 0, creds->keyblock.length);}
-
-    creds->times = credmsg_enc_part->ticket_info[0]->times;
-    creds->is_skey = FALSE;
-    creds->ticket_flags = credmsg_enc_part->ticket_info[0]->flags;
-
-    if (retval = krb5_copy_addresses(credmsg_enc_part->ticket_info[0]->caddrs,
-				     &creds->addresses)) {
-	clean();
-	return(retval);
-    }
-
-    creds->second_ticket.length = 0;
-
-    creds->authdata = 0;
-
-    cleanup_mesg();
-    return 0;
-#undef clean
-#undef cleanup_credmsg
-#undef cleanup_scratch
-#undef cleanup_prockey
-#undef cleanup_mesg
-}
-
 #endif /* defined(KRB5) && defined(FORWARD) */
diff --git a/src/appl/telnet/libtelnet/kerberos.c b/src/appl/telnet/libtelnet/kerberos.c
index 8f1b7c1de..b2d56a25a 100644
--- a/src/appl/telnet/libtelnet/kerberos.c
+++ b/src/appl/telnet/libtelnet/kerberos.c
@@ -226,8 +226,9 @@ kerberos4_send(ap)
 
 		des_key_sched(cred.session, sched);
 		des_init_random_number_generator(cred.session);
-		des_new_random_key(challenge);
-		des_ecb_encrypt(challenge, session_key, sched, 1);
+		des_new_random_key(session_key);
+		des_ecb_encrypt(session_key, session_key, sched, 0);
+		des_ecb_encrypt(session_key, challenge, sched, 0);
 		/*
 		 * Increment the challenge by 1, and encrypt it for
 		 * later comparison.
@@ -320,6 +321,11 @@ kerberos4_is(ap, data, cnt)
 			break;
 		}
 
+		/*
+		 * Initialize the random number generator since it's
+		 * used later on by the encryption routine.
+		 */
+		des_init_random_number_generator(session_key);
 		des_key_sched(session_key, sched);
 		memcpy((void *)datablock, (void *)data, sizeof(Block));
 		/*