1 /* Copyright (c) 1990,1993 Regents of The University of Michigan.
2 * Copyright (c) 1999 Adrian Sun (asun@u.washington.edu)
3 * All Rights Reserved. See COPYRIGHT.
20 #include <atalk/afp.h>
21 #include <atalk/uam.h>
25 #define CRYPTBUFLEN (KEYSIZE*2)
26 #define CRYPT2BUFLEN (KEYSIZE + PASSWDLEN)
28 /* hash a number to a 16-bit quantity */
29 #define pgphash(a) ((((unsigned long) (a) >> 8) ^ \
30 (unsigned long) (a)) & 0xffff)
33 static struct passwd *pgppwd;
37 static int pgp_login(void *obj, struct passwd **uam_pwd,
38 char *ibuf, int ibuflen,
39 char *rbuf, int *rbuflen)
41 BIGNUM *bn, *gbn, *pbn;
48 if (uam_afpserver_option(obj, UAM_OPTION_USERNAME, (void *) &name, &i) < 0)
51 len = (unsigned char) *ibuf++;
53 return( AFPERR_PARAM );
56 memcpy(name, ibuf, len );
59 if ((unsigned long) ibuf & 1) /* padding */
62 if (( pgppwd = uam_getname(name, i)) == NULL ) {
66 syslog( LOG_INFO, "pgp login: %s", name);
67 if (uam_checkuser(pgppwd) < 0)
68 return AFPERR_NOTAUTH;
70 /* get the challenge */
71 len = (unsigned char) *ibuf++;
74 /* get the signature. it's always 16 bytes. */
75 if (uam_afpserver_option(obj, UAM_OPTION_SIGNATURE,
76 (void *) &name, NULL) < 0) {
80 memcpy(rbuf + KEYSIZE, name, KEYSIZE);
86 static int pgp_logincont(void *obj, struct passwd **uam_pwd,
87 char *ibuf, int ibuflen,
88 char *rbuf, int *rbuflen)
90 BIGNUM *bn1, *bn2, *bn3;
96 /* check for session id */
97 memcpy(&sessid, ibuf, sizeof(sessid));
98 if (sessid != pgphash(obj))
100 ibuf += sizeof(sessid);
102 /* use rbuf as scratch space */
103 CAST_cbc_encrypt(ibuf, rbuf, CRYPT2BUFLEN, &castkey,
106 /* check to make sure that the random number is the same. we
107 * get sent back an incremented random number. */
108 if (!(bn1 = BN_bin2bn(rbuf, KEYSIZE, NULL)))
111 if (!(bn2 = BN_bin2bn(randbuf, sizeof(randbuf), NULL))) {
116 /* zero out the random number */
117 memset(rbuf, 0, sizeof(randbuf));
118 memset(randbuf, 0, sizeof(randbuf));
121 if (!(bn3 = BN_new())) {
127 BN_sub(bn3, bn1, bn2);
131 /* okay. is it one more? */
132 if (!BN_is_one(bn3)) {
139 if ( kcheckuser(*uam_pwd, rbuf) == 0) {
145 rbuf[PASSWDLEN] = '\0';
146 p = crypt( rbuf, pgppwd->pw_passwd );
147 memset(rbuf, 0, PASSWDLEN);
148 if ( strcmp( p, pgppwd->pw_passwd ) == 0 ) {
153 return AFPERR_NOTAUTH;
157 static int uam_setup(const char *path)
159 if (uam_register(UAM_SERVER_LOGIN, path, "PGPuam 1.0",
160 pgp_login, pgp_logincont, NULL) < 0)
166 static void uam_cleanup(void)
168 uam_unregister(UAM_SERVER_LOGIN, "PGPuam 1.0");
171 UAM_MODULE_EXPORT struct uam_export uams_pgp = {
174 uam_setup, uam_cleanup