diff options
| author | markm <markm@FreeBSD.org> | 2001-11-30 21:06:38 +0000 |
|---|---|---|
| committer | markm <markm@FreeBSD.org> | 2001-11-30 21:06:38 +0000 |
| commit | 19fd256fae7c15fbb63128196d5550a72c559ea8 (patch) | |
| tree | 1caab024c94078fe45902c1c2f8f58e5bdb7d4f4 /crypto/telnet/libtelnet | |
| parent | e92874bd103e4d5462fd2c0013b77afc3d52df05 (diff) | |
| download | FreeBSD-src-19fd256fae7c15fbb63128196d5550a72c559ea8.zip FreeBSD-src-19fd256fae7c15fbb63128196d5550a72c559ea8.tar.gz | |
Very large style makeover.
1) ANSIfy.
2) Clean up ifdefs so that
a) ones that never/always apply are appropriately either
fully removed, or just the #if junk is removed.
b) change #if defined(FOO) for appropiate values of FOO.
(currently AUTHENTICATION and ENCRYPTION)
3) WARNS=2 fixing
4) GC other unused stuff
This code can now be unifdef(1)ed to make non-crypto telnet.
Diffstat (limited to 'crypto/telnet/libtelnet')
| -rw-r--r-- | crypto/telnet/libtelnet/auth-proto.h | 80 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/auth.c | 188 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/auth.h | 20 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/enc-proto.h | 122 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/enc_des.c | 250 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/encrypt.c | 282 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/encrypt.h | 32 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/genget.c | 9 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/getent.c | 40 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/kerberos.c | 133 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/kerberos5.c | 1223 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/key-proto.h | 18 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/krb4encpwd.c | 26 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/misc-proto.h | 25 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/misc.c | 41 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/pk.c | 23 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/pk.h | 13 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/read_password.c | 1 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/rsaencpwd.c | 22 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/spx.c | 592 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/sra.c | 119 |
21 files changed, 1175 insertions, 2084 deletions
diff --git a/crypto/telnet/libtelnet/auth-proto.h b/crypto/telnet/libtelnet/auth-proto.h index e6b8481..0bcc0b6 100644 --- a/crypto/telnet/libtelnet/auth-proto.h +++ b/crypto/telnet/libtelnet/auth-proto.h @@ -62,48 +62,58 @@ #endif #endif -#if defined(AUTHENTICATION) -Authenticator *findauthenticator P((int, int)); +#ifdef AUTHENTICATION -void auth_init P((char *, int)); -int auth_cmd P((int, char **)); -void auth_request P((void)); -void auth_send P((unsigned char *, int)); -void auth_send_retry P((void)); -void auth_is P((unsigned char *, int)); -void auth_reply P((unsigned char *, int)); -void auth_finished P((Authenticator *, int)); -int auth_wait P((char *)); -void auth_disable_name P((char *)); -void auth_gen_printsub P((unsigned char *, int, unsigned char *, int)); -void auth_name P((unsigned char *, int)); -void auth_printsub P((unsigned char *, int, unsigned char *, int)); -int auth_sendname P((unsigned char *, int)); -void auth_encrypt_user P((char *)); +Authenticator *findauthenticator(int, int); + +void auth_init(const char *, int); +int auth_cmd(int, char **); +void auth_request(void); +void auth_send(unsigned char *, int); +void auth_send_retry(void); +void auth_is(unsigned char *, int); +void auth_reply(unsigned char *, int); +void auth_finished(Authenticator *, int); +int auth_wait(char *); +void auth_disable_name(char *); +void auth_gen_printsub(unsigned char *, int, unsigned char *, int); +void auth_name(unsigned char *, int); +void auth_printsub(unsigned char *, int, unsigned char *, int); +int auth_sendname(unsigned char *, int); +void auth_encrypt_user(char *); +int auth_disable(char *); +int auth_enable(char *); +int auth_togdebug(int); +int auth_status(void); + +int getauthmask(char *, int *); #ifdef KRB4 -int kerberos4_init P((Authenticator *, int)); -int kerberos4_send P((Authenticator *)); -void kerberos4_is P((Authenticator *, unsigned char *, int)); -void kerberos4_reply P((Authenticator *, unsigned char *, int)); -int kerberos4_status P((Authenticator *, char *, int)); -void kerberos4_printsub P((unsigned char *, int, unsigned char *, int)); +int kerberos4_init(Authenticator *, int); +int kerberos4_send(Authenticator *); +void kerberos4_is(Authenticator *, unsigned char *, int); +void kerberos4_reply(Authenticator *, unsigned char *, int); +int kerberos4_status(Authenticator *, char *, int); +void kerberos4_printsub(unsigned char *, int, unsigned char *, int); #endif #ifdef KRB5 -int kerberos5_init P((Authenticator *, int)); -int kerberos5_send P((Authenticator *)); -void kerberos5_is P((Authenticator *, unsigned char *, int)); -void kerberos5_reply P((Authenticator *, unsigned char *, int)); -int kerberos5_status P((Authenticator *, char *, int)); -void kerberos5_printsub P((unsigned char *, int, unsigned char *, int)); +int kerberos5_init(Authenticator *, int); +int kerberos5_send_mutual(Authenticator *); +int kerberos5_send_oneway(Authenticator *); +void kerberos5_is(Authenticator *, unsigned char *, int); +void kerberos5_reply(Authenticator *, unsigned char *, int); +int kerberos5_status(Authenticator *, char *, int level); +void kerberos5_printsub(unsigned char *, int, unsigned char *, int); #endif + #ifdef SRA -int sra_init P((Authenticator *, int)); -int sra_send P((Authenticator *)); -void sra_is P((Authenticator *, unsigned char *, int)); -void sra_reply P((Authenticator *, unsigned char *, int)); -int sra_status P((Authenticator *, char *, int)); -void sra_printsub P((unsigned char *, int, unsigned char *, int)); +int sra_init(Authenticator *, int); +int sra_send(Authenticator *); +void sra_is(Authenticator *, unsigned char *, int); +void sra_reply(Authenticator *, unsigned char *, int); +int sra_status(Authenticator *, char *, int); +void sra_printsub(unsigned char *, int, unsigned char *, int); #endif + #endif diff --git a/crypto/telnet/libtelnet/auth.c b/crypto/telnet/libtelnet/auth.c index eb1e20c..79d985d 100644 --- a/crypto/telnet/libtelnet/auth.c +++ b/crypto/telnet/libtelnet/auth.c @@ -34,6 +34,7 @@ */ #include <sys/cdefs.h> + __FBSDID("$FreeBSD$"); #ifndef lint @@ -61,28 +62,22 @@ static const char sccsid[] = "@(#)auth.c 8.3 (Berkeley) 5/30/95"; */ -#if defined(AUTHENTICATION) -#include <stdio.h> +#ifdef AUTHENTICATION +#define AUTH_NAMES #include <sys/types.h> #include <signal.h> -#define AUTH_NAMES -#include <arpa/telnet.h> -#ifdef __STDC__ +#include <stdio.h> #include <stdlib.h> -#include <unistd.h> -#endif -#ifdef NO_STRING_H -#include <strings.h> -#else #include <string.h> -#endif +#include <unistd.h> +#include <arpa/telnet.h> #include "encrypt.h" #include "auth.h" #include "misc-proto.h" #include "auth-proto.h" -#define typemask(x) (1<<((x)-1)) +#define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0) #ifdef KRB4_ENCPWD extern krb4encpwd_init(); @@ -103,7 +98,7 @@ extern rsaencpwd_printsub(); #endif int auth_debug_mode = 0; -static char *Name = "Noname"; +static const char *Name = "Noname"; static int Server = 0; static Authenticator *authenticated = 0; static int authenticating = 0; @@ -120,27 +115,11 @@ void auth_encrypt_user(char *name); * in priority order, i.e. try the first one first. */ Authenticator authenticators[] = { -#ifdef SPX - { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, - spx_init, - spx_send, - spx_is, - spx_reply, - spx_status, - spx_printsub }, - { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, - spx_init, - spx_send, - spx_is, - spx_reply, - spx_status, - spx_printsub }, -#endif #ifdef KRB5 # ifdef ENCRYPTION { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, kerberos5_init, - kerberos5_send, + kerberos5_send_mutual, kerberos5_is, kerberos5_reply, kerberos5_status, @@ -148,7 +127,7 @@ Authenticator authenticators[] = { # endif /* ENCRYPTION */ { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, kerberos5_init, - kerberos5_send, + kerberos5_send_oneway, kerberos5_is, kerberos5_reply, kerberos5_status, @@ -200,18 +179,16 @@ Authenticator authenticators[] = { sra_printsub }, #endif - { 0, }, + { 0, 0, 0, 0, 0, 0, 0, 0 }, }; -static Authenticator NoAuth = { 0 }; +static Authenticator NoAuth = { 0, 0, 0, 0, 0, 0, 0, 0 }; static int i_support = 0; static int i_wont_support = 0; - Authenticator * -findauthenticator(type, way) - int type; - int way; +Authenticator * +findauthenticator(int type, int way) { Authenticator *ap = authenticators; @@ -220,10 +197,8 @@ findauthenticator(type, way) return(ap->type ? ap : 0); } - void -auth_init(name, server) - char *name; - int server; +void +auth_init(const char *name, int server) { Authenticator *ap = authenticators; @@ -248,9 +223,8 @@ auth_init(name, server) } } - void -auth_disable_name(name) - char *name; +void +auth_disable_name(char *name) { int x; for (x = 0; x < AUTHTYPE_CNT; ++x) { @@ -261,12 +235,10 @@ auth_disable_name(name) } } - int -getauthmask(type, maskp) - char *type; - int *maskp; +int +getauthmask(char *type, int *maskp) { - register int x; + int x; if (AUTHTYPE_NAME(0) && !strcasecmp(type, AUTHTYPE_NAME(0))) { *maskp = -1; @@ -282,24 +254,20 @@ getauthmask(type, maskp) return(0); } - int -auth_enable(type) - char *type; +int +auth_enable(char *type) { return(auth_onoff(type, 1)); } - int -auth_disable(type) - char *type; +int +auth_disable(char *type) { return(auth_onoff(type, 0)); } - int -auth_onoff(type, on) - char *type; - int on; +int +auth_onoff(char *type, int on) { int i, mask = -1; Authenticator *ap; @@ -329,9 +297,8 @@ auth_onoff(type, on) return(1); } - int -auth_togdebug(on) - int on; +int +auth_togdebug(int on) { if (on < 0) auth_debug_mode ^= 1; @@ -341,8 +308,8 @@ auth_togdebug(on) return(1); } - int -auth_status() +int +auth_status(void) { Authenticator *ap; int i, mask; @@ -368,8 +335,8 @@ auth_status() * This routine is called by the server to start authentication * negotiation. */ - void -auth_request() +void +auth_request(void) { static unsigned char str_request[64] = { IAC, SB, TELOPT_AUTHENTICATION, @@ -408,10 +375,8 @@ auth_request() * with KERBEROS instead of LOGIN (which is against what the * protocol says)) you will have to hack this code... */ - void -auth_send(data, cnt) - unsigned char *data; - int cnt; +void +auth_send(unsigned char *data, int cnt) { Authenticator *ap; static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION, @@ -435,7 +400,7 @@ auth_send(data, cnt) */ if (data < _auth_send_data || data > _auth_send_data + sizeof(_auth_send_data)) { - auth_send_cnt = cnt > sizeof(_auth_send_data) + auth_send_cnt = (size_t)cnt > sizeof(_auth_send_data) ? sizeof(_auth_send_data) : cnt; memmove((void *)_auth_send_data, (void *)data, auth_send_cnt); @@ -484,18 +449,10 @@ auth_send(data, cnt) if (auth_debug_mode) printf(">>>%s: Sent failure message\r\n", Name); auth_finished(0, AUTH_REJECT); -#ifdef KANNAN - /* - * We requested strong authentication, however no mechanisms worked. - * Therefore, exit on client end. - */ - printf("Unable to securely authenticate user ... exit\n"); - exit(0); -#endif /* KANNAN */ } - void -auth_send_retry() +void +auth_send_retry(void) { /* * if auth_send_cnt <= 0 then auth_send will end up rejecting @@ -504,10 +461,8 @@ auth_send_retry() auth_send(auth_send_data, auth_send_cnt); } - void -auth_is(data, cnt) - unsigned char *data; - int cnt; +void +auth_is(unsigned char *data, int cnt) { Authenticator *ap; @@ -527,10 +482,8 @@ auth_is(data, cnt) Name, *data); } - void -auth_reply(data, cnt) - unsigned char *data; - int cnt; +void +auth_reply(unsigned char *data, int cnt) { Authenticator *ap; @@ -545,10 +498,8 @@ auth_reply(data, cnt) Name, *data); } - void -auth_name(data, cnt) - unsigned char *data; - int cnt; +void +auth_name(unsigned char *data, int cnt) { unsigned char savename[256]; @@ -557,7 +508,7 @@ auth_name(data, cnt) printf(">>>%s: Empty name in NAME\r\n", Name); return; } - if (cnt > sizeof(savename) - 1) { + if ((size_t)cnt > sizeof(savename) - 1) { if (auth_debug_mode) printf(">>>%s: Name in NAME (%d) exceeds %d length\r\n", Name, cnt, sizeof(savename)-1); @@ -570,15 +521,13 @@ auth_name(data, cnt) auth_encrypt_user(savename); } - int -auth_sendname(cp, len) - unsigned char *cp; - int len; +int +auth_sendname(unsigned char *cp, int len) { static unsigned char str_request[256+6] = { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, }; - register unsigned char *e = str_request + 4; - register unsigned char *ee = &str_request[sizeof(str_request)-2]; + unsigned char *e = str_request + 4; + unsigned char *ee = &str_request[sizeof(str_request)-2]; while (--len >= 0) { if ((*e++ = *cp++) == IAC) @@ -593,27 +542,23 @@ auth_sendname(cp, len) return(1); } - void -auth_finished(ap, result) - Authenticator *ap; - int result; +void +auth_finished(Authenticator *ap, int result) { if (!(authenticated = ap)) authenticated = &NoAuth; validuser = result; } - /* ARGSUSED */ - static void -auth_intr(sig) - int sig; +/* ARGSUSED */ +static void +auth_intr(int sig __unused) { auth_finished(0, AUTH_REJECT); } - int -auth_wait(name) - char *name; +int +auth_wait(char *name) { if (auth_debug_mode) printf(">>>%s: in auth_wait.\r\n", Name); @@ -644,17 +589,8 @@ auth_wait(name) return(validuser); } - void -auth_debug(mode) - int mode; -{ - auth_debug_mode = mode; -} - - void -auth_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; +void +auth_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { Authenticator *ap; @@ -664,12 +600,10 @@ auth_printsub(data, cnt, buf, buflen) auth_gen_printsub(data, cnt, buf, buflen); } - void -auth_gen_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; +void +auth_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { - register unsigned char *cp; + unsigned char *cp; unsigned char tbuf[16]; cnt -= 3; diff --git a/crypto/telnet/libtelnet/auth.h b/crypto/telnet/libtelnet/auth.h index 2110f9e..a8ee048 100644 --- a/crypto/telnet/libtelnet/auth.h +++ b/crypto/telnet/libtelnet/auth.h @@ -63,23 +63,15 @@ #define AUTH_USER 3 /* We know he name */ #define AUTH_VALID 4 /* We know him, and he needs no password */ -#if !defined(P) -#ifdef __STDC__ -#define P(x) x -#else -#define P(x) () -#endif -#endif - typedef struct XauthP { int type; int way; - int (*init) P((struct XauthP *, int)); - int (*send) P((struct XauthP *)); - void (*is) P((struct XauthP *, unsigned char *, int)); - void (*reply) P((struct XauthP *, unsigned char *, int)); - int (*status) P((struct XauthP *, char *, int)); - void (*printsub) P((unsigned char *, int, unsigned char *, int)); + int (*init)(struct XauthP *, int); + int (*send)(struct XauthP *); + void (*is)(struct XauthP *, unsigned char *, int); + void (*reply)(struct XauthP *, unsigned char *, int); + int (*status)(struct XauthP *, char *, int); + void (*printsub)(unsigned char *, int, unsigned char *, int); } Authenticator; #include "auth-proto.h" diff --git a/crypto/telnet/libtelnet/enc-proto.h b/crypto/telnet/libtelnet/enc-proto.h index bbbc07c..a132962 100644 --- a/crypto/telnet/libtelnet/enc-proto.h +++ b/crypto/telnet/libtelnet/enc-proto.h @@ -62,68 +62,72 @@ #endif #ifdef ENCRYPTION -void encrypt_init P((char *, int)); -Encryptions *findencryption P((int)); -void encrypt_send_supprt P((void)); -void encrypt_auto P((int)); -void decrypt_auto P((int)); -void encrypt_is P((unsigned char *, int)); -void encrypt_reply P((unsigned char *, int)); -void encrypt_start_input P((int)); -void encrypt_session_key P((Session_Key *, int)); -void encrypt_end_input P((void)); -void encrypt_start_output P((int)); -void encrypt_end_output P((void)); -void encrypt_send_request_start P((void)); -void encrypt_send_request_end P((void)); -void encrypt_send_end P((void)); -void encrypt_wait P((void)); -void encrypt_send_support P((void)); -void encrypt_send_keyid P((int, unsigned char *, int, int)); -void encrypt_start P((unsigned char *, int)); -void encrypt_end P((void)); -void encrypt_support P((unsigned char *, int)); -void encrypt_request_start P((unsigned char *, int)); -void encrypt_request_end P((void)); -void encrypt_enc_keyid P((unsigned char *, int)); -void encrypt_dec_keyid P((unsigned char *, int)); -void encrypt_printsub P((unsigned char *, int, unsigned char *, int)); -int net_write P((unsigned char *, int)); +void encrypt_init(const char *, int); +Encryptions *findencryption(int); +void encrypt_send_supprt(void); +void encrypt_auto(int); +void decrypt_auto(int); +void encrypt_is(unsigned char *, int); +void encrypt_reply(unsigned char *, int); +void encrypt_start_input(int); +void encrypt_session_key(Session_Key *, int); +void encrypt_end_input(void); +void encrypt_start_output(int); +void encrypt_end_output(void); +void encrypt_send_request_start(void); +void encrypt_send_request_end(void); +void encrypt_send_end(void); +void encrypt_wait(void); +void encrypt_send_support(void); +void encrypt_send_keyid(int, const char *, int, int); +void encrypt_start(unsigned char *, int); +void encrypt_end(void); +void encrypt_support(unsigned char *, int); +void encrypt_request_start(unsigned char *, int); +void encrypt_request_end(void); +void encrypt_enc_keyid(unsigned char *, int); +void encrypt_dec_keyid(unsigned char *, int); +void encrypt_printsub(unsigned char *, int, unsigned char *, int); +void encrypt_gen_printsub(unsigned char *, int, unsigned char *, int); +void encrypt_display(void); -#ifndef TELENTD -int encrypt_cmd P((int, char **)); -void encrypt_display P((void)); -#endif +void fb64_printsub(unsigned char *, int, unsigned char *, int, const char *); + +int EncryptEnable(char *, char *); +int EncryptDisable(char *, char *); +int EncryptStatus(void); +int EncryptDebug(int); +int EncryptVerbose(int); +int EncryptAutoEnc(int); +int EncryptAutoDec(int); -#ifdef DES_ENCRYPTION -void krbdes_encrypt P((unsigned char *, int)); -int krbdes_decrypt P((int)); -int krbdes_is P((unsigned char *, int)); -int krbdes_reply P((unsigned char *, int)); -void krbdes_init P((int)); -int krbdes_start P((int, int)); -void krbdes_session P((Session_Key *, int)); -void krbdes_printsub P((unsigned char *, int, unsigned char *, int)); +void krbdes_encrypt(unsigned char *, int); +int krbdes_decrypt(int); +int krbdes_is(unsigned char *, int); +int krbdes_reply(unsigned char *, int); +void krbdes_init(int); +int krbdes_start(int, int); +void krbdes_session(Session_Key *, int); +void krbdes_printsub(unsigned char *, int, unsigned char *, int); -void cfb64_encrypt P((unsigned char *, int)); -int cfb64_decrypt P((int)); -void cfb64_init P((int)); -int cfb64_start P((int, int)); -int cfb64_is P((unsigned char *, int)); -int cfb64_reply P((unsigned char *, int)); -void cfb64_session P((Session_Key *, int)); -int cfb64_keyid P((int, unsigned char *, int *)); -void cfb64_printsub P((unsigned char *, int, unsigned char *, int)); +void cfb64_encrypt(unsigned char *, int); +int cfb64_decrypt(int); +void cfb64_init(int); +int cfb64_start(int, int); +int cfb64_is(unsigned char *, int); +int cfb64_reply(unsigned char *, int); +void cfb64_session(Session_Key *, int); +int cfb64_keyid(int, unsigned char *, int *); +void cfb64_printsub(unsigned char *, int, unsigned char *, int); -void ofb64_encrypt P((unsigned char *, int)); -int ofb64_decrypt P((int)); -void ofb64_init P((int)); -int ofb64_start P((int, int)); -int ofb64_is P((unsigned char *, int)); -int ofb64_reply P((unsigned char *, int)); -void ofb64_session P((Session_Key *, int)); -int ofb64_keyid P((int, unsigned char *, int *)); -void ofb64_printsub P((unsigned char *, int, unsigned char *, int)); -#endif /* DES_ENCRYPTION */ +void ofb64_encrypt(unsigned char *, int); +int ofb64_decrypt(int); +void ofb64_init(int); +int ofb64_start(int, int); +int ofb64_is(unsigned char *, int); +int ofb64_reply(unsigned char *, int); +void ofb64_session(Session_Key *, int); +int ofb64_keyid(int, unsigned char *, int *); +void ofb64_printsub(unsigned char *, int, unsigned char *, int); #endif /* ENCRYPTION */ diff --git a/crypto/telnet/libtelnet/enc_des.c b/crypto/telnet/libtelnet/enc_des.c index 21113e5..93392a7 100644 --- a/crypto/telnet/libtelnet/enc_des.c +++ b/crypto/telnet/libtelnet/enc_des.c @@ -34,6 +34,7 @@ */ #include <sys/cdefs.h> + __FBSDID("$FreeBSD$"); #ifndef lint @@ -42,15 +43,12 @@ static const char sccsid[] = "@(#)enc_des.c 8.3 (Berkeley) 5/30/95"; #ifdef ENCRYPTION # ifdef AUTHENTICATION -# ifdef DES_ENCRYPTION #include <arpa/telnet.h> +#include <openssl/des.h> #include <stdio.h> -#ifdef __STDC__ #include <stdlib.h> -#endif - -#include <openssl/des.h> #include <string.h> + #include "encrypt.h" #include "key-proto.h" #include "misc-proto.h" @@ -92,7 +90,7 @@ struct fb { static struct fb fb[2]; struct keyidlist { - char *keyid; + const char *keyid; int keyidlen; char *key; int keylen; @@ -127,9 +125,8 @@ static void fb64_session P((Session_Key *, int, struct fb *)); void fb64_stream_key P((Block, struct stinfo *)); int fb64_keyid P((int, unsigned char *, int *, struct fb *)); - void -cfb64_init(server) - int server; +void +cfb64_init(int server __unused) { fb64_init(&fb[CFB]); fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64; @@ -137,9 +134,8 @@ cfb64_init(server) fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB); } - void -ofb64_init(server) - int server; +void +ofb64_init(int server __unused) { fb64_init(&fb[OFB]); fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64; @@ -147,9 +143,8 @@ ofb64_init(server) fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB); } - void -fb64_init(fbp) - register struct fb *fbp; +void +fb64_init(struct fb *fbp) { memset((void *)fbp, 0, sizeof(*fbp)); fbp->state[0] = fbp->state[1] = FAILED; @@ -167,30 +162,24 @@ fb64_init(fbp) * 2: Not yet. Other things (like getting the key from * Kerberos) have to happen before we can continue. */ - int -cfb64_start(dir, server) - int dir; - int server; +int +cfb64_start(int dir, int server) { return(fb64_start(&fb[CFB], dir, server)); } - int -ofb64_start(dir, server) - int dir; - int server; + +int +ofb64_start(int dir, int server) { return(fb64_start(&fb[OFB], dir, server)); } - static int -fb64_start(fbp, dir, server) - struct fb *fbp; - int dir; - int server; +static int +fb64_start(struct fb *fbp, int dir, int server __unused) { - int x; + size_t x; unsigned char *p; - register int state; + int state; switch (dir) { case DIR_DECRYPT: @@ -250,29 +239,23 @@ fb64_start(fbp, dir, server) * 0: Successful, initial negotiation all done. * 1: successful, negotiation not done yet. */ - int -cfb64_is(data, cnt) - unsigned char *data; - int cnt; +int +cfb64_is(unsigned char *data, int cnt) { return(fb64_is(data, cnt, &fb[CFB])); } - int -ofb64_is(data, cnt) - unsigned char *data; - int cnt; + +int +ofb64_is(unsigned char *data, int cnt) { return(fb64_is(data, cnt, &fb[OFB])); } - int -fb64_is(data, cnt, fbp) - unsigned char *data; - int cnt; - struct fb *fbp; +int +fb64_is(unsigned char *data, int cnt, struct fb *fbp) { unsigned char *p; - register int state = fbp->state[DIR_DECRYPT-1]; + int state = fbp->state[DIR_DECRYPT-1]; if (cnt-- < 1) goto failure; @@ -339,29 +322,22 @@ fb64_is(data, cnt, fbp) * 0: Successful, initial negotiation all done. * 1: successful, negotiation not done yet. */ - int -cfb64_reply(data, cnt) - unsigned char *data; - int cnt; +int +cfb64_reply(unsigned char *data, int cnt) { return(fb64_reply(data, cnt, &fb[CFB])); } - int -ofb64_reply(data, cnt) - unsigned char *data; - int cnt; + +int +ofb64_reply(unsigned char *data, int cnt) { return(fb64_reply(data, cnt, &fb[OFB])); } - - int -fb64_reply(data, cnt, fbp) - unsigned char *data; - int cnt; - struct fb *fbp; +int +fb64_reply(unsigned char *data, int cnt, struct fb *fbp) { - register int state = fbp->state[DIR_ENCRYPT-1]; + int state = fbp->state[DIR_ENCRYPT-1]; if (cnt-- < 1) goto failure; @@ -372,7 +348,7 @@ fb64_reply(data, cnt, fbp) if (state == FAILED) state = IN_PROGRESS; state &= ~NO_RECV_IV; - encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1); + encrypt_send_keyid(DIR_ENCRYPT, "\0", 1, 1); break; case FB64_IV_BAD: @@ -395,29 +371,21 @@ fb64_reply(data, cnt, fbp) return(fbp->state[DIR_ENCRYPT-1] = state); } - void -cfb64_session(key, server) - Session_Key *key; - int server; +void +cfb64_session(Session_Key *key, int server) { fb64_session(key, server, &fb[CFB]); } - void -ofb64_session(key, server) - Session_Key *key; - int server; +void +ofb64_session(Session_Key *key, int server) { fb64_session(key, server, &fb[OFB]); } - static void -fb64_session(key, server, fbp) - Session_Key *key; - int server; - struct fb *fbp; +static void +fb64_session(Session_Key *key, int server, struct fb *fbp) { - if (!key || key->type != SK_DES) { if (encrypt_debug_mode) printf("Can't set krbdes's session key (%d != %d)\r\n", @@ -449,29 +417,22 @@ fb64_session(key, server, fbp) * We only accept a keyid of 0. If we get a keyid of * 0, then mark the state as SUCCESS. */ - int -cfb64_keyid(dir, kp, lenp) - int dir, *lenp; - unsigned char *kp; +int +cfb64_keyid(int dir, unsigned char *kp, int *lenp) { return(fb64_keyid(dir, kp, lenp, &fb[CFB])); } - int -ofb64_keyid(dir, kp, lenp) - int dir, *lenp; - unsigned char *kp; +int +ofb64_keyid(int dir, unsigned char *kp, int *lenp) { return(fb64_keyid(dir, kp, lenp, &fb[OFB])); } - int -fb64_keyid(dir, kp, lenp, fbp) - int dir, *lenp; - unsigned char *kp; - struct fb *fbp; +int +fb64_keyid(int dir, unsigned char *kp, int *lenp, struct fb *fbp) { - register int state = fbp->state[dir-1]; + int state = fbp->state[dir-1]; if (*lenp != 1 || (*kp != '\0')) { *lenp = 0; @@ -486,13 +447,11 @@ fb64_keyid(dir, kp, lenp, fbp) return(fbp->state[dir-1] = state); } - void -fb64_printsub(data, cnt, buf, buflen, type) - unsigned char *data, *buf, *type; - int cnt, buflen; +void +fb64_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen, const char *type) { char lbuf[32]; - register int i; + int i; char *cp; buf[buflen-1] = '\0'; /* make sure it's NULL terminated */ @@ -529,26 +488,20 @@ fb64_printsub(data, cnt, buf, buflen, type) } } - void -cfb64_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; +void +cfb64_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { fb64_printsub(data, cnt, buf, buflen, "CFB64"); } - void -ofb64_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; +void +ofb64_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { fb64_printsub(data, cnt, buf, buflen, "OFB64"); } - void -fb64_stream_iv(seed, stp) - Block seed; - register struct stinfo *stp; +void +fb64_stream_iv(Block seed, struct stinfo *stp) { memmove((void *)stp->str_iv, (void *)seed, sizeof(Block)); @@ -559,10 +512,8 @@ fb64_stream_iv(seed, stp) stp->str_index = sizeof(Block); } - void -fb64_stream_key(key, stp) - Block key; - register struct stinfo *stp; +void +fb64_stream_key(Block key, struct stinfo *stp) { memmove((void *)stp->str_ikey, (void *)key, sizeof(Block)); des_key_sched((Block *)key, stp->str_sched); @@ -594,37 +545,34 @@ fb64_stream_key(key, stp) * V(n+1) = DES(On, key) */ - void -cfb64_encrypt(s, c) - register unsigned char *s; - int c; +void +cfb64_encrypt(unsigned char *s, int c) { - register struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1]; - register int index; + struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1]; + int idx; - index = stp->str_index; + idx = stp->str_index; while (c-- > 0) { - if (index == sizeof(Block)) { + if (idx == sizeof(Block)) { Block b; des_ecb_encrypt((Block *)stp->str_output, (Block *)b, stp->str_sched, 1); memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); - index = 0; + idx = 0; } /* On encryption, we store (feed ^ data) which is cypher */ - *s = stp->str_output[index] = (stp->str_feed[index] ^ *s); + *s = stp->str_output[idx] = (stp->str_feed[idx] ^ *s); s++; - index++; + idx++; } - stp->str_index = index; + stp->str_index = idx; } - int -cfb64_decrypt(data) - int data; +int +cfb64_decrypt(int data) { - register struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1]; - int index; + struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1]; + int idx; if (data == -1) { /* @@ -637,18 +585,18 @@ cfb64_decrypt(data) return(0); } - index = stp->str_index++; - if (index == sizeof(Block)) { + idx = stp->str_index++; + if (idx == sizeof(Block)) { Block b; des_ecb_encrypt((Block *)stp->str_output, (Block *)b, stp->str_sched, 1); memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); stp->str_index = 1; /* Next time will be 1 */ - index = 0; /* But now use 0 */ + idx = 0; /* But now use 0 */ } /* On decryption we store (data) which is cypher. */ - stp->str_output[index] = data; - return(data ^ stp->str_feed[index]); + stp->str_output[idx] = data; + return(data ^ stp->str_feed[idx]); } /* @@ -670,34 +618,31 @@ cfb64_decrypt(data) * V(n+1) = DES(Vn, key) * On = Dn ^ Vn */ - void -ofb64_encrypt(s, c) - register unsigned char *s; - int c; +void +ofb64_encrypt(unsigned char *s, int c) { - register struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1]; - register int index; + struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1]; + int idx; - index = stp->str_index; + idx = stp->str_index; while (c-- > 0) { - if (index == sizeof(Block)) { + if (idx == sizeof(Block)) { Block b; des_ecb_encrypt((Block *)stp->str_feed, (Block *)b, stp->str_sched, 1); memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); - index = 0; + idx = 0; } - *s++ ^= stp->str_feed[index]; - index++; + *s++ ^= stp->str_feed[idx]; + idx++; } - stp->str_index = index; + stp->str_index = idx; } - int -ofb64_decrypt(data) - int data; +int +ofb64_decrypt(int data) { - register struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1]; - int index; + struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1]; + int idx; if (data == -1) { /* @@ -710,17 +655,16 @@ ofb64_decrypt(data) return(0); } - index = stp->str_index++; - if (index == sizeof(Block)) { + idx = stp->str_index++; + if (idx == sizeof(Block)) { Block b; des_ecb_encrypt((Block *)stp->str_feed, (Block *)b, stp->str_sched, 1); memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); stp->str_index = 1; /* Next time will be 1 */ - index = 0; /* But now use 0 */ + idx = 0; /* But now use 0 */ } - return(data ^ stp->str_feed[index]); + return(data ^ stp->str_feed[idx]); } -# endif /* DES_ENCRYPTION */ # endif /* AUTHENTICATION */ #endif /* ENCRYPTION */ diff --git a/crypto/telnet/libtelnet/encrypt.c b/crypto/telnet/libtelnet/encrypt.c index d78f904..d57fd7f 100644 --- a/crypto/telnet/libtelnet/encrypt.c +++ b/crypto/telnet/libtelnet/encrypt.c @@ -32,6 +32,7 @@ */ #include <sys/cdefs.h> + __FBSDID("$FreeBSD$"); #ifndef lint @@ -63,21 +64,14 @@ static const char sccsid[] = "@(#)encrypt.c 8.2 (Berkeley) 5/30/95"; #ifdef ENCRYPTION #define ENCRYPT_NAMES -#include <stdio.h> #include <arpa/telnet.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> #include "encrypt.h" #include "misc.h" -#ifdef __STDC__ -#include <stdlib.h> -#endif -#ifdef NO_STRING_H -#include <strings.h> -#else -#include <string.h> -#endif - /* * These functions pointers point to the current routines * for encrypting and decrypting data. @@ -93,10 +87,6 @@ int EncryptStartOutput(void); int EncryptStopInput(void); int EncryptStopOutput(void); -int Ambiguous(char **s); -int isprefix(char *s1, char *s2); -char **genget(char *name, char **table, int stlen); - int encrypt_debug_mode = 0; static int decrypt_mode = 0; static int encrypt_mode = 0; @@ -105,19 +95,15 @@ static int autoencrypt = 0; static int autodecrypt = 0; static int havesessionkey = 0; static int Server = 0; -static char *Name = "Noname"; +static const char *Name = "Noname"; #define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0) static long i_support_encrypt = 0 -#ifdef DES_ENCRYPTION | typemask(ENCTYPE_DES_CFB64) | typemask(ENCTYPE_DES_OFB64) -#endif |0; static long i_support_decrypt = 0 -#ifdef DES_ENCRYPTION | typemask(ENCTYPE_DES_CFB64) | typemask(ENCTYPE_DES_OFB64) -#endif |0; static long i_wont_support_encrypt = 0; @@ -129,7 +115,6 @@ static long remote_supports_encrypt = 0; static long remote_supports_decrypt = 0; static Encryptions encryptions[] = { -#ifdef DES_ENCRYPTION { "DES_CFB64", ENCTYPE_DES_CFB64, cfb64_encrypt, cfb64_decrypt, @@ -150,8 +135,7 @@ static Encryptions encryptions[] = { ofb64_session, ofb64_keyid, ofb64_printsub }, -#endif /* DES_ENCRYPTION */ - { 0, }, + { NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }, }; static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT, @@ -160,26 +144,24 @@ static unsigned char str_suplen = 0; static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT }; static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE }; - Encryptions * -findencryption(type) - int type; +Encryptions * +findencryption(int type) { Encryptions *ep = encryptions; - if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type))) + if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & (unsigned)typemask(type))) return(0); while (ep->type && ep->type != type) ++ep; return(ep->type ? ep : 0); } - Encryptions * -finddecryption(type) - int type; +static Encryptions * +finddecryption(int type) { Encryptions *ep = encryptions; - if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type))) + if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & (unsigned)typemask(type))) return(0); while (ep->type && ep->type != type) ++ep; @@ -193,7 +175,7 @@ static struct key_info { int keylen; int dir; int *modep; - Encryptions *(*getcrypt)(); + Encryptions *(*getcrypt)(int); } ki[2] = { { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption }, { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption }, @@ -201,10 +183,8 @@ static struct key_info { static void encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len); - void -encrypt_init(name, server) - char *name; - int server; +void +encrypt_init(const char *name, int server) { Encryptions *ep = encryptions; @@ -216,9 +196,6 @@ encrypt_init(name, server) decrypt_mode = 0; encrypt_output = 0; decrypt_input = 0; -#ifdef notdef - encrypt_verbose = !server; -#endif str_suplen = 4; @@ -239,8 +216,8 @@ encrypt_init(name, server) str_send[str_suplen++] = SE; } - void -encrypt_list_types() +static void +encrypt_list_types(void) { Encryptions *ep = encryptions; @@ -251,9 +228,8 @@ encrypt_list_types() } } - int -EncryptEnable(type, mode) - char *type, *mode; +int +EncryptEnable(char *type, char *mode) { if (isprefix(type, "help") || isprefix(type, "?")) { printf("Usage: encrypt enable <type> [input|output]\n"); @@ -265,11 +241,10 @@ EncryptEnable(type, mode) return(0); } - int -EncryptDisable(type, mode) - char *type, *mode; +int +EncryptDisable(char *type, char *mode) { - register Encryptions *ep; + Encryptions *ep; int ret = 0; if (isprefix(type, "help") || isprefix(type, "?")) { @@ -299,12 +274,10 @@ EncryptDisable(type, mode) return(ret); } - int -EncryptType(type, mode) - char *type; - char *mode; +int +EncryptType(char *type, char *mode) { - register Encryptions *ep; + Encryptions *ep; int ret = 0; if (isprefix(type, "help") || isprefix(type, "?")) { @@ -332,11 +305,10 @@ EncryptType(type, mode) return(ret); } - int -EncryptStart(mode) - char *mode; +int +EncryptStart(char *mode) { - register int ret = 0; + int ret = 0; if (mode) { if (isprefix(mode, "input")) return(EncryptStartInput()); @@ -354,8 +326,8 @@ EncryptStart(mode) return(ret); } - int -EncryptStartInput() +int +EncryptStartInput(void) { if (decrypt_mode) { encrypt_send_request_start(); @@ -365,8 +337,8 @@ EncryptStartInput() return(0); } - int -EncryptStartOutput() +int +EncryptStartOutput(void) { if (encrypt_mode) { encrypt_start_output(encrypt_mode); @@ -376,9 +348,8 @@ EncryptStartOutput() return(0); } - int -EncryptStop(mode) - char *mode; +int +EncryptStop(char *mode) { int ret = 0; if (mode) { @@ -398,22 +369,22 @@ EncryptStop(mode) return(ret); } - int -EncryptStopInput() +int +EncryptStopInput(void) { encrypt_send_request_end(); return(1); } - int -EncryptStopOutput() +int +EncryptStopOutput(void) { encrypt_send_end(); return(1); } - void -encrypt_display() +void +encrypt_display(void) { if (encrypt_output) printf("Currently encrypting output with %s\r\n", @@ -423,8 +394,8 @@ encrypt_display() ENCTYPE_NAME(decrypt_mode)); } - int -EncryptStatus() +int +EncryptStatus(void) { if (encrypt_output) printf("Currently encrypting output with %s\r\n", @@ -445,8 +416,8 @@ EncryptStatus() return 1; } - void -encrypt_send_support() +void +encrypt_send_support(void) { if (str_suplen) { /* @@ -462,9 +433,8 @@ encrypt_send_support() } } - int -EncryptDebug(on) - int on; +int +EncryptDebug(int on) { if (on < 0) encrypt_debug_mode ^= 1; @@ -475,9 +445,8 @@ EncryptDebug(on) return(1); } - int -EncryptVerbose(on) - int on; +int +EncryptVerbose(int on) { if (on < 0) encrypt_verbose ^= 1; @@ -488,9 +457,8 @@ EncryptVerbose(on) return(1); } - int -EncryptAutoEnc(on) - int on; +int +EncryptAutoEnc(int on) { encrypt_auto(on); printf("Automatic encryption of output is %s\r\n", @@ -498,9 +466,8 @@ EncryptAutoEnc(on) return(1); } - int -EncryptAutoDec(on) - int on; +int +EncryptAutoDec(int on) { decrypt_auto(on); printf("Automatic decryption of input is %s\r\n", @@ -511,12 +478,10 @@ EncryptAutoDec(on) /* * Called when ENCRYPT SUPPORT is received. */ - void -encrypt_support(typelist, cnt) - unsigned char *typelist; - int cnt; +void +encrypt_support(unsigned char *typelist, int cnt) { - register int type, use_type = 0; + int type, use_type = 0; Encryptions *ep; /* @@ -553,13 +518,11 @@ encrypt_support(typelist, cnt) } } - void -encrypt_is(data, cnt) - unsigned char *data; - int cnt; +void +encrypt_is(unsigned char *data, int cnt) { Encryptions *ep; - register int type, ret; + int type, ret; if (--cnt < 0) return; @@ -599,13 +562,11 @@ encrypt_is(data, cnt) } } - void -encrypt_reply(data, cnt) - unsigned char *data; - int cnt; +void +encrypt_reply(unsigned char *data, int cnt) { Encryptions *ep; - register int ret, type; + int ret, type; if (--cnt < 0) return; @@ -649,10 +610,8 @@ encrypt_reply(data, cnt) /* * Called when a ENCRYPT START command is received. */ - void -encrypt_start(data, cnt) - unsigned char *data; - int cnt; +void +encrypt_start(unsigned char *data __unused, int cnt __unused) { Encryptions *ep; @@ -687,10 +646,8 @@ encrypt_start(data, cnt) } } - void -encrypt_session_key(key, server) - Session_Key *key; - int server; +void +encrypt_session_key( Session_Key *key, int server) { Encryptions *ep = encryptions; @@ -699,12 +656,6 @@ encrypt_session_key(key, server) while (ep->type) { if (ep->session) (*ep->session)(key, server); -#ifdef notdef - if (!encrypt_output && autoencrypt && !server) - encrypt_start_output(ep->type); - if (!decrypt_input && autodecrypt && !server) - encrypt_send_request_start(); -#endif ++ep; } } @@ -712,8 +663,8 @@ encrypt_session_key(key, server) /* * Called when ENCRYPT END is received. */ - void -encrypt_end() +void +encrypt_end(void) { decrypt_input = 0; if (encrypt_debug_mode) @@ -725,8 +676,8 @@ encrypt_end() /* * Called when ENCRYPT REQUEST-END is received. */ - void -encrypt_request_end() +void +encrypt_request_end(void) { encrypt_send_end(); } @@ -737,10 +688,8 @@ encrypt_request_end() * other side wants us to start encrypting data as soon as we * can. */ - void -encrypt_request_start(data, cnt) - unsigned char *data; - int cnt; +void +encrypt_request_start(unsigned char *data __unused, int cnt __unused) { if (encrypt_mode == 0) { if (Server) @@ -752,31 +701,24 @@ encrypt_request_start(data, cnt) static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT }; - void -encrypt_enc_keyid(keyid, len) - unsigned char *keyid; - int len; +void +encrypt_enc_keyid(unsigned char *keyid, int len) { encrypt_keyid(&ki[1], keyid, len); } - void -encrypt_dec_keyid(keyid, len) - unsigned char *keyid; - int len; +void +encrypt_dec_keyid(unsigned char *keyid, int len) { encrypt_keyid(&ki[0], keyid, len); } - void -encrypt_keyid(kp, keyid, len) - struct key_info *kp; - unsigned char *keyid; - int len; +void +encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len) { Encryptions *ep; int dir = kp->dir; - register int ret = 0; + int ret = 0; if (!(ep = (*kp->getcrypt)(*kp->modep))) { if (len == 0) @@ -812,12 +754,8 @@ encrypt_keyid(kp, keyid, len) encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0); } - void -encrypt_send_keyid(dir, keyid, keylen, saveit) - int dir; - unsigned char *keyid; - int keylen; - int saveit; +void +encrypt_send_keyid(int dir, const char *keyid, int keylen, int saveit) { unsigned char *strp; @@ -839,9 +777,8 @@ encrypt_send_keyid(dir, keyid, keylen, saveit) printsub('>', &str_keyid[2], strp - str_keyid - 2); } - void -encrypt_auto(on) - int on; +void +encrypt_auto(int on) { if (on < 0) autoencrypt ^= 1; @@ -849,9 +786,8 @@ encrypt_auto(on) autoencrypt = on ? 1 : 0; } - void -decrypt_auto(on) - int on; +void +decrypt_auto(int on) { if (on < 0) autodecrypt ^= 1; @@ -859,13 +795,12 @@ decrypt_auto(on) autodecrypt = on ? 1 : 0; } - void -encrypt_start_output(type) - int type; +void +encrypt_start_output(int type) { Encryptions *ep; - register unsigned char *p; - register int i; + unsigned char *p; + int i; if (!(ep = findencryption(type))) { if (encrypt_debug_mode) { @@ -916,8 +851,8 @@ encrypt_start_output(type) ENCTYPE_NAME(type)); } - void -encrypt_send_end() +void +encrypt_send_end(void) { if (!encrypt_output) return; @@ -937,11 +872,11 @@ encrypt_send_end() printf("[ Output is now clear text ]\r\n"); } - void -encrypt_send_request_start() +void +encrypt_send_request_start(void) { - register unsigned char *p; - register int i; + unsigned char *p; + int i; p = &str_start[3]; *p++ = ENCRYPT_REQSTART; @@ -957,8 +892,8 @@ encrypt_send_request_start() printf(">>>%s: Request input to be encrypted\r\n", Name); } - void -encrypt_send_request_end() +void +encrypt_send_request_end(void) { str_end[3] = ENCRYPT_REQEND; net_write(str_end, sizeof(str_end)); @@ -968,8 +903,8 @@ encrypt_send_request_end() printf(">>>%s: Request input to be clear text\r\n", Name); } - void -encrypt_wait() +void +encrypt_wait(void) { if (encrypt_debug_mode) printf(">>>%s: in encrypt_wait\r\n", Name); @@ -980,17 +915,8 @@ encrypt_wait() return; } - void -encrypt_debug(mode) - int mode; -{ - encrypt_debug_mode = mode; -} - - void -encrypt_gen_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; +void +encrypt_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { char tbuf[16], *cp; @@ -1009,13 +935,11 @@ encrypt_gen_printsub(data, cnt, buf, buflen) *buf = '\0'; } - void -encrypt_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; +void +encrypt_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { Encryptions *ep; - register int type = data[1]; + int type = data[1]; for (ep = encryptions; ep->type && ep->type != type; ep++) ; diff --git a/crypto/telnet/libtelnet/encrypt.h b/crypto/telnet/libtelnet/encrypt.h index 869ad75..eda8d57 100644 --- a/crypto/telnet/libtelnet/encrypt.h +++ b/crypto/telnet/libtelnet/encrypt.h @@ -81,26 +81,18 @@ typedef struct { unsigned char *data; } Session_Key; -# if !defined(P) -# ifdef __STDC__ -# define P(x) x -# else -# define P(x) () -# endif -# endif - typedef struct { - char *name; + const char *name; int type; - void (*output) P((unsigned char *, int)); - int (*input) P((int)); - void (*init) P((int)); - int (*start) P((int, int)); - int (*is) P((unsigned char *, int)); - int (*reply) P((unsigned char *, int)); - void (*session) P((Session_Key *, int)); - int (*keyid) P((int, unsigned char *, int *)); - void (*printsub) P((unsigned char *, int, unsigned char *, int)); + void (*output)(unsigned char *, int); + int (*input)(int); + void (*init)(int); + int (*start)(int, int); + int (*is)(unsigned char *, int); + int (*reply)(unsigned char *, int); + void (*session)(Session_Key *, int); + int (*keyid)(int, unsigned char *, int *); + void (*printsub)(unsigned char *, int, unsigned char *, int); } Encryptions; #define SK_DES 1 /* Matched Kerberos v5 KEYTYPE_DES */ @@ -108,7 +100,7 @@ typedef struct { #include "enc-proto.h" extern int encrypt_debug_mode; -extern int (*decrypt_input) P((int)); -extern void (*encrypt_output) P((unsigned char *, int)); +extern int (*decrypt_input)(int); +extern void (*encrypt_output)(unsigned char *, int); # endif /* __ENCRYPTION__ */ #endif /* ENCRYPTION */ diff --git a/crypto/telnet/libtelnet/genget.c b/crypto/telnet/libtelnet/genget.c index e46b1cb..e24bb44 100644 --- a/crypto/telnet/libtelnet/genget.c +++ b/crypto/telnet/libtelnet/genget.c @@ -32,6 +32,7 @@ */ #include <sys/cdefs.h> + __FBSDID("$FreeBSD$"); #ifndef lint @@ -43,6 +44,8 @@ static const char sccsid[] = "@(#)genget.c 8.2 (Berkeley) 5/30/95"; #include <ctype.h> +#include "misc-proto.h" + #define LOWER(x) (isupper(x) ? tolower(x) : (x)) /* * The prefix function returns 0 if *s1 is not a prefix @@ -51,7 +54,7 @@ static const char sccsid[] = "@(#)genget.c 8.2 (Berkeley) 5/30/95"; * the length of *s1 is returned. */ int -isprefix(char *s1, char *s2) +isprefix(char *s1, const char *s2) { char *os1; char c1, c2; @@ -98,7 +101,7 @@ genget(char *name, char **table, int stlen) * Function call version of Ambiguous() */ int -Ambiguous(char *s) +Ambiguous(char **s) { - return((char **)s == &ambiguous); + return(s == &ambiguous); } diff --git a/crypto/telnet/libtelnet/getent.c b/crypto/telnet/libtelnet/getent.c index ee6f03f..d6e8d9c 100644 --- a/crypto/telnet/libtelnet/getent.c +++ b/crypto/telnet/libtelnet/getent.c @@ -32,6 +32,7 @@ */ #include <sys/cdefs.h> + __FBSDID("$FreeBSD$"); #ifndef lint @@ -40,37 +41,36 @@ static char sccsid[] = "@(#)getent.c 8.2 (Berkeley) 12/15/93"; #endif #endif /* not lint */ -#ifdef HAS_CGETENT #include <stdlib.h> -#endif +#include <string.h> + +#include "misc-proto.h" static char *area; +static char gettytab[] = "/etc/gettytab"; /*ARGSUSED*/ int -getent(char *cp, char *name) +getent(char *cp __unused, const char *name) { -#ifdef HAS_CGETENT - char *dba[2]; + int retval; + char *tempnam, *dba[2] = { gettytab, NULL }; - dba[0] = "/etc/gettytab"; - dba[1] = 0; - return((cgetent(&area, dba, name) == 0) ? 1 : 0); -#else - return(0); -#endif + tempnam = strdup(name); + retval = cgetent(&area, dba, tempnam) == 0 ? 1 : 0; + free(tempnam); + return(retval); } -#ifndef SOLARIS /*ARGSUSED*/ char * -Getstr(char *id, char **cpp) +Getstr(const char *id, char **cpp __unused) { -# ifdef HAS_CGETENT - char *answer; - return((cgetstr(area, id, &answer) > 0) ? answer : 0); -# else - return(0); -# endif + int retval; + char *answer, *tempid; + + tempid = strdup(id); + retval = cgetstr(area, tempid, &answer); + free(tempid); + return((retval > 0) ? answer : NULL); } -#endif diff --git a/crypto/telnet/libtelnet/kerberos.c b/crypto/telnet/libtelnet/kerberos.c index d7628e3..a6805b8 100644 --- a/crypto/telnet/libtelnet/kerberos.c +++ b/crypto/telnet/libtelnet/kerberos.c @@ -29,11 +29,10 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. - * - * $FreeBSD$ */ #include <sys/cdefs.h> + __FBSDID("$FreeBSD$"); #ifndef lint @@ -63,17 +62,11 @@ static const char sccsid[] = "@(#)kerberos.c 8.3 (Berkeley) 5/30/95"; #ifdef KRB4 #include <sys/types.h> #include <arpa/telnet.h> -#include <stdio.h> #include <openssl/des.h> /* BSD wont include this in krb.h, so we do it here */ #include <krb.h> -#ifdef __STDC__ +#include <stdio.h> #include <stdlib.h> -#endif -#ifdef NO_STRING_H -#include <strings.h> -#else #include <string.h> -#endif #include "encrypt.h" #include "auth.h" @@ -82,7 +75,7 @@ static const char sccsid[] = "@(#)kerberos.c 8.3 (Berkeley) 5/30/95"; int kerberos4_cksum P((unsigned char *, int)); int kuserok P((AUTH_DAT *, char *)); -extern auth_debug_mode; +extern int auth_debug_mode; static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, AUTHTYPE_KERBEROS_V4, }; @@ -93,29 +86,26 @@ static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, #define KRB_CHALLENGE 3 /* Challenge for mutual auth. */ #define KRB_RESPONSE 4 /* Response for mutual auth. */ -#define KRB_SERVICE_NAME "rcmd" - static KTEXT_ST auth; static char name[ANAME_SZ]; -static AUTH_DAT adat = { 0 }; +static AUTH_DAT adat = { 0, "", "", "", 0, {}, 0, 0, 0, { 0, "", 0 } }; #ifdef ENCRYPTION static Block session_key = { 0 }; static des_key_schedule sched; static Block challenge = { 0 }; #endif /* ENCRYPTION */ - static int -Data(ap, type, d, c) - Authenticator *ap; - int type; - void *d; - int c; +static char krb_service_name[] = "rcmd"; +static char empty[] = ""; + +static int +Data(Authenticator *ap, int type, const unsigned char *d, int c) { unsigned char *p = str_data + 4; - unsigned char *cd = (unsigned char *)d; + const unsigned char *cd = d; if (c == -1) - c = strlen((char *)cd); + c = strlen(cd); if (auth_debug_mode) { printf("%s:%d: [%d] (%d)", @@ -139,10 +129,8 @@ Data(ap, type, d, c) return(net_write(str_data, p - str_data)); } - int -kerberos4_init(ap, server) - Authenticator *ap; - int server; +int +kerberos4_init(Authenticator *ap __unused, int server) { FILE *fp; @@ -160,15 +148,12 @@ kerberos4_init(ap, server) char dst_realm_buf[REALM_SZ], *dest_realm = NULL; int dst_realm_sz = REALM_SZ; - int -kerberos4_send(ap) - Authenticator *ap; +int +kerberos4_send(Authenticator *ap) { - KTEXT_ST auth; + KTEXT_ST lauth; char instance[INST_SZ]; char *realm; - char *krb_realmofhost(); - char *krb_get_phost(); CREDENTIALS cred; int r; @@ -193,11 +178,11 @@ kerberos4_send(ap) printf("Kerberos V4: no realm for %s\r\n", RemoteHostName); return(0); } - if ((r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0L))) { + if ((r = krb_mk_req(&lauth, krb_service_name, instance, realm, 0L))) { printf("mk_req failed: %s\r\n", krb_err_txt[r]); return(0); } - if ((r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred))) { + if ((r = krb_get_cred(krb_service_name, instance, realm, &cred))) { printf("get_cred failed: %s\r\n", krb_err_txt[r]); return(0); } @@ -207,8 +192,8 @@ kerberos4_send(ap) return(0); } if (auth_debug_mode) - printf("Sent %d bytes of authentication data\r\n", auth.length); - if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) { + printf("Sent %d bytes of authentication data\r\n", lauth.length); + if (!Data(ap, KRB_AUTH, (void *)lauth.dat, lauth.length)) { if (auth_debug_mode) printf("Not enough room for authentication data\r\n"); return(0); @@ -242,19 +227,16 @@ kerberos4_send(ap) #endif /* ENCRYPTION */ if (auth_debug_mode) { - printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length)); - printd(auth.dat, auth.length); + printf("CK: %d:", kerberos4_cksum(lauth.dat, lauth.length)); + printd(lauth.dat, lauth.length); printf("\r\n"); printf("Sent Kerberos V4 credentials to server\r\n"); } return(1); } - void -kerberos4_is(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; +void +kerberos4_is(Authenticator *ap, unsigned char *data, int cnt) { #ifdef ENCRYPTION Session_Key skey; @@ -269,7 +251,7 @@ kerberos4_is(ap, data, cnt) switch (*data++) { case KRB_AUTH: if (krb_get_lrealm(realm, 1) != KSUCCESS) { - Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1); + Data(ap, KRB_REJECT, "No local V4 Realm.", -1); auth_finished(ap, AUTH_REJECT); if (auth_debug_mode) printf("No local realm\r\n"); @@ -283,11 +265,11 @@ kerberos4_is(ap, data, cnt) printf("\r\n"); } instance[0] = '*'; instance[1] = 0; - if ((r = krb_rd_req(&auth, KRB_SERVICE_NAME, - instance, 0, &adat, ""))) { + if ((r = krb_rd_req(&auth, krb_service_name, + instance, 0, &adat, empty))) { if (auth_debug_mode) printf("Kerberos failed him as %s\r\n", name); - Data(ap, KRB_REJECT, (void *)krb_err_txt[r], -1); + Data(ap, KRB_REJECT, krb_err_txt[r], -1); auth_finished(ap, AUTH_REJECT); return; } @@ -297,16 +279,15 @@ kerberos4_is(ap, data, cnt) krb_kntoln(&adat, name); if (UserNameRequested && !kuserok(&adat, UserNameRequested)) - Data(ap, KRB_ACCEPT, (void *)0, 0); + Data(ap, KRB_ACCEPT, NULL, 0); else - Data(ap, KRB_REJECT, - (void *)"user is not authorized", -1); + Data(ap, KRB_REJECT, "user is not authorized", -1); auth_finished(ap, AUTH_USER); break; case KRB_CHALLENGE: #ifndef ENCRYPTION - Data(ap, KRB_RESPONSE, (void *)0, 0); + Data(ap, KRB_RESPONSE, NULL, 0); #else /* ENCRYPTION */ if (!VALIDKEY(session_key)) { /* @@ -314,7 +295,7 @@ kerberos4_is(ap, data, cnt) * send back a response with an empty session * key. */ - Data(ap, KRB_RESPONSE, (void *)0, 0); + Data(ap, KRB_RESPONSE, NULL, 0); break; } @@ -348,23 +329,20 @@ kerberos4_is(ap, data, cnt) break; } des_ecb_encrypt(&challenge, &challenge, sched, 1); - Data(ap, KRB_RESPONSE, (void *)challenge, sizeof(challenge)); + Data(ap, KRB_RESPONSE, challenge, sizeof(challenge)); #endif /* ENCRYPTION */ break; default: if (auth_debug_mode) printf("Unknown Kerberos option %d\r\n", data[-1]); - Data(ap, KRB_REJECT, 0, 0); + Data(ap, KRB_REJECT, NULL, 0); break; } } - void -kerberos4_reply(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; +void +kerberos4_reply(Authenticator *ap, unsigned char *data, int cnt) { #ifdef ENCRYPTION Session_Key skey; @@ -388,9 +366,9 @@ kerberos4_reply(ap, data, cnt) * Send over the encrypted challenge. */ #ifndef ENCRYPTION - Data(ap, KRB_CHALLENGE, (void *)0, 0); + Data(ap, KRB_CHALLENGE, NULL, 0); #else /* ENCRYPTION */ - Data(ap, KRB_CHALLENGE, (void *)session_key, + Data(ap, KRB_CHALLENGE, session_key, sizeof(session_key)); des_ecb_encrypt(&session_key, &session_key, sched, 1); skey.type = SK_DES; @@ -428,17 +406,14 @@ kerberos4_reply(ap, data, cnt) } } - int -kerberos4_status(ap, name, level) - Authenticator *ap; - char *name; - int level; +int +kerberos4_status(Authenticator *ap __unused, char *nam, int level) { if (level < AUTH_USER) return(level); if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { - strcpy(name, UserNameRequested); + strcpy(nam, UserNameRequested); return(AUTH_VALID); } else return(AUTH_USER); @@ -447,10 +422,8 @@ kerberos4_status(ap, name, level) #define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} #define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} - void -kerberos4_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; +void +kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { char lbuf[32]; register int i; @@ -502,10 +475,8 @@ kerberos4_printsub(data, cnt, buf, buflen) } } - int -kerberos4_cksum(d, n) - unsigned char *d; - int n; +int +kerberos4_cksum(unsigned char *d, int n) { int ck = 0; @@ -539,17 +510,3 @@ kerberos4_cksum(d, n) return(ck); } #endif - -#ifdef notdef - -prkey(msg, key) - char *msg; - unsigned char *key; -{ - register int i; - printf("%s:", msg); - for (i = 0; i < 8; i++) - printf(" %3d", key[i]); - printf("\r\n"); -} -#endif diff --git a/crypto/telnet/libtelnet/kerberos5.c b/crypto/telnet/libtelnet/kerberos5.c index f3b3e70..392978c 100644 --- a/crypto/telnet/libtelnet/kerberos5.c +++ b/crypto/telnet/libtelnet/kerberos5.c @@ -1,12 +1,3 @@ -/* - * $Source: /mit/krb5/.cvsroot/src/appl/telnet/libtelnet/kerberos5.c,v $ - * $Author: tytso $ - * $Id: kerberos5.c,v 1.1 1997/09/04 06:11:15 markm Exp $ - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - /*- * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. @@ -40,10 +31,6 @@ __FBSDID("$FreeBSD$"); * SUCH DAMAGE. */ -#ifndef lint -static const char sccsid[] = "@(#)kerberos5.c 8.3 (Berkeley) 5/30/95"; -#endif /* not lint */ - /* * Copyright (C) 1990 by the Massachusetts Institute of Technology * @@ -64,28 +51,28 @@ static const char sccsid[] = "@(#)kerberos5.c 8.3 (Berkeley) 5/30/95"; * or implied warranty. */ +#include <sys/cdefs.h> + +__FBSDID("$FreeBSD$"); #ifdef KRB5 + #include <arpa/telnet.h> -#include <com_err.h> -#include <ctype.h> -#include <krb5.h> -#include <krb5_asn1.h> -#include <netdb.h> #include <stdio.h> #include <stdlib.h> #include <string.h> - -/* kerberos 5 include files (ext-proto.h) will get an appropriate stdlib.h - and string.h/strings.h */ +#include <unistd.h> +#include <netdb.h> +#include <ctype.h> +#include <pwd.h> +#define Authenticator k5_Authenticator +#include <krb5.h> +#undef Authenticator #include "encrypt.h" #include "auth.h" #include "misc.h" -extern int auth_debug_mode; - -#ifdef FORWARD int forward_flags = 0; /* Flags get set in telnet/main.c on -f and -F */ /* These values need to be the same as those defined in telnet/main.c. */ @@ -93,666 +80,722 @@ int forward_flags = 0; /* Flags get set in telnet/main.c on -f and -F */ #define OPTS_FORWARD_CREDS 0x00000002 #define OPTS_FORWARDABLE_CREDS 0x00000001 -void kerberos5_forward(); - -#endif /* FORWARD */ +void kerberos5_forward (Authenticator *); static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, AUTHTYPE_KERBEROS_V5, }; -/*static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION, - TELQUAL_NAME, };*/ #define KRB_AUTH 0 /* Authentication data follows */ #define KRB_REJECT 1 /* Rejected (reason might follow) */ #define KRB_ACCEPT 2 /* Accepted */ #define KRB_RESPONSE 3 /* Response for mutual auth. */ -#ifdef FORWARD #define KRB_FORWARD 4 /* Forwarded credentials follow */ #define KRB_FORWARD_ACCEPT 5 /* Forwarded credentials accepted */ #define KRB_FORWARD_REJECT 6 /* Forwarded credentials rejected */ -#endif /* FORWARD */ static krb5_data auth; - /* telnetd gets session key from here */ -static krb5_tkt_authent *authdat = NULL; -/* telnet matches the AP_REQ and AP_REP with this */ -static krb5_authenticator authenticator; - -/* some compilers can't hack void *, so we use the Kerberos krb5_pointer, - which is either void * or char *, depending on the compiler. */ +static krb5_ticket *ticket; -#define Voidptr krb5_pointer +static krb5_context context; +static krb5_auth_context auth_context; -Block session_key; - - static int -Data(ap, type, d, c) - Authenticator *ap; - int type; - Voidptr d; - int c; +static int +Data(Authenticator *ap, int type, const char *d, int c) { - unsigned char *p = str_data + 4; - unsigned char *cd = (unsigned char *)d; - - if (c == -1) - c = strlen((char *)cd); - - if (auth_debug_mode) { - printf("%s:%d: [%d] (%d)", - str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", - str_data[3], - type, c); - printd(d, c); - printf("\r\n"); - } - *p++ = ap->type; - *p++ = ap->way; - *p++ = type; - while (c-- > 0) { - if ((*p++ = *cd++) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - if (str_data[3] == TELQUAL_IS) - printsub('>', &str_data[2], p - &str_data[2]); - return(net_write(str_data, p - str_data)); + unsigned char *p = str_data + 4; + const unsigned char *cd = d; + + if (c == -1) + c = strlen(cd); + + if (auth_debug_mode) { + printf("%s:%d: [%d] (%d)", + str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", + str_data[3], + type, c); + printd(d, c); + printf("\r\n"); + } + *p++ = ap->type; + *p++ = ap->way; + *p++ = type; + while (c-- > 0) { + if ((*p++ = *cd++) == IAC) + *p++ = IAC; + } + *p++ = IAC; + *p++ = SE; + if (str_data[3] == TELQUAL_IS) + printsub('>', &str_data[2], p - &str_data[2]); + return(net_write(str_data, p - str_data)); } - int -kerberos5_init(ap, server) - Authenticator *ap; - int server; +int +kerberos5_init(Authenticator *ap __unused, int server) { - if (server) - str_data[3] = TELQUAL_REPLY; - else - str_data[3] = TELQUAL_IS; - krb5_init_ets(); - return(1); + krb5_error_code ret; + + ret = krb5_init_context(&context); + if (ret) + return 0; + if (server) { + krb5_keytab kt; + krb5_kt_cursor cursor; + + ret = krb5_kt_default(context, &kt); + if (ret) + return 0; + + ret = krb5_kt_start_seq_get (context, kt, &cursor); + if (ret) { + krb5_kt_close (context, kt); + return 0; + } + krb5_kt_end_seq_get (context, kt, &cursor); + krb5_kt_close (context, kt); + + str_data[3] = TELQUAL_REPLY; + } else + str_data[3] = TELQUAL_IS; + return(1); } - int -kerberos5_send(ap) - Authenticator *ap; +extern int net; + +static int +kerberos5_send(const char *name, Authenticator *ap) { - char **realms; - char *name; - char *p1, *p2; - krb5_checksum ksum; - krb5_octet sum[CRC32_CKSUM_LENGTH]; - krb5_principal server; - krb5_error_code r; - krb5_ccache ccache; - krb5_creds creds; /* telnet gets session key from here */ - extern krb5_flags krb5_kdc_default_options; - int ap_opts; - -#ifdef ENCRYPTION - krb5_keyblock *newkey = 0; -#endif /* ENCRYPTION */ - - ksum.checksum_type = CKSUMTYPE_CRC32; - ksum.contents = sum; - ksum.length = sizeof(sum); - memset((Voidptr )sum, 0, sizeof(sum)); - - if (!UserNameRequested) { - if (auth_debug_mode) { - printf("Kerberos V5: no user name supplied\r\n"); - } - return(0); + krb5_error_code ret; + krb5_ccache ccache; + int ap_opts; + krb5_data cksum_data; + char foo[2]; + + if (!UserNameRequested) { + if (auth_debug_mode) { + printf("Kerberos V5: no user name supplied\r\n"); } - - if (r = krb5_cc_default(&ccache)) { - if (auth_debug_mode) { - printf("Kerberos V5: could not get default ccache\r\n"); - } - return(0); + return(0); + } + + ret = krb5_cc_default(context, &ccache); + if (ret) { + if (auth_debug_mode) { + printf("Kerberos V5: could not get default ccache: %s\r\n", + krb5_get_err_text (context, ret)); } - - if ((name = malloc(strlen(RemoteHostName)+1)) == NULL) { - if (auth_debug_mode) - printf("Out of memory for hostname in Kerberos V5\r\n"); - return(0); + return 0; + } + + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) + ap_opts = AP_OPTS_MUTUAL_REQUIRED; + else + ap_opts = 0; + + ret = krb5_auth_con_init (context, &auth_context); + if (ret) { + if (auth_debug_mode) { + printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n", + krb5_get_err_text(context, ret)); } + return(0); + } - if (r = krb5_get_host_realm(RemoteHostName, &realms)) { - if (auth_debug_mode) - printf("Kerberos V5: no realm for %s\r\n", RemoteHostName); - free(name); - return(0); + ret = krb5_auth_con_setaddrs_from_fd (context, + auth_context, + &net); + if (ret) { + if (auth_debug_mode) { + printf ("Kerberos V5:" + " krb5_auth_con_setaddrs_from_fd failed (%s)\r\n", + krb5_get_err_text(context, ret)); } + return(0); + } + + krb5_auth_setkeytype (context, auth_context, KEYTYPE_DES); + + foo[0] = ap->type; + foo[1] = ap->way; + + cksum_data.length = sizeof(foo); + cksum_data.data = foo; - p1 = RemoteHostName; - p2 = name; - while (*p2 = *p1++) { - if (isupper(*p2)) - *p2 |= 040; - ++p2; + { + krb5_principal service; + char sname[128]; + + + ret = krb5_sname_to_principal (context, + RemoteHostName, + NULL, + KRB5_NT_SRV_HST, + &service); + if(ret) { + if (auth_debug_mode) { + printf ("Kerberos V5:" + " krb5_sname_to_principal(%s) failed (%s)\r\n", + RemoteHostName, krb5_get_err_text(context, ret)); + } + return 0; } + ret = krb5_unparse_name_fixed(context, service, sname, sizeof(sname)); + if(ret) { + if (auth_debug_mode) { + printf ("Kerberos V5:" + " krb5_unparse_name_fixed failed (%s)\r\n", + krb5_get_err_text(context, ret)); + } + return 0; + } + printf("[ Trying %s (%s)... ]\r\n", name, sname); + ret = krb5_mk_req_exact(context, &auth_context, ap_opts, + service, + &cksum_data, ccache, &auth); + krb5_free_principal (context, service); - if (r = krb5_build_principal_ext(&server, - strlen(realms[0]), realms[0], - 4, "host", - p2 - name, name, - 0)) { - if (auth_debug_mode) { - printf("Kerberos V5: failure setting up principal (%s)\r\n", - error_message(r)); - } - free(name); - krb5_free_host_realm(realms); - return(0); + } + if (ret) { + if (1 || auth_debug_mode) { + printf("Kerberos V5: mk_req failed (%s)\r\n", + krb5_get_err_text(context, ret)); } + return(0); + } + if (!auth_sendname((unsigned char *)UserNameRequested, + strlen(UserNameRequested))) { + if (auth_debug_mode) + printf("Not enough room for user name\r\n"); + return(0); + } + if (!Data(ap, KRB_AUTH, auth.data, auth.length)) { + if (auth_debug_mode) + printf("Not enough room for authentication data\r\n"); + return(0); + } + if (auth_debug_mode) { + printf("Sent Kerberos V5 credentials to server\r\n"); + } + return(1); +} - memset((char *)&creds, 0, sizeof(creds)); - creds.server = server; +int +kerberos5_send_mutual(Authenticator *ap) +{ + return kerberos5_send("mutual KERBEROS5", ap); +} - if (r = krb5_cc_get_principal(ccache, &creds.client)) { - if (auth_debug_mode) { - printf("Kerberos V5: failure on principal (%s)\r\n", - error_message(r)); - } - free(name); - krb5_free_principal(server); - krb5_free_host_realm(realms); - return(0); - } +int +kerberos5_send_oneway(Authenticator *ap) +{ + return kerberos5_send("KERBEROS5", ap); +} - if (r = krb5_get_credentials(krb5_kdc_default_options, ccache, &creds)) { - if (auth_debug_mode) { - printf("Kerberos V5: failure on credentials(%d)\r\n",r); - } - free(name); - krb5_free_host_realm(realms); - krb5_free_principal(server); - return(0); +void +kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) +{ + krb5_error_code ret; + krb5_data outbuf; + krb5_keyblock *key_block; + char *name; + krb5_principal server; + int zero = 0; + + if (cnt-- < 1) + return; + switch (*data++) { + case KRB_AUTH: + auth.data = (char *)data; + auth.length = cnt; + + auth_context = NULL; + + ret = krb5_auth_con_init (context, &auth_context); + if (ret) { + Data(ap, KRB_REJECT, "krb5_auth_con_init failed", -1); + auth_finished(ap, AUTH_REJECT); + if (auth_debug_mode) + printf("Kerberos V5: krb5_auth_con_init failed (%s)\r\n", + krb5_get_err_text(context, ret)); + return; } - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) - ap_opts = AP_OPTS_MUTUAL_REQUIRED; - else - ap_opts = 0; - - r = krb5_mk_req_extended(ap_opts, &ksum, krb5_kdc_default_options, 0, -#ifdef ENCRYPTION - &newkey, -#else /* ENCRYPTION */ - 0, -#endif /* ENCRYPTION */ - ccache, &creds, &authenticator, &auth); - /* don't let the key get freed if we clean up the authenticator */ - authenticator.subkey = 0; - - free(name); - krb5_free_host_realm(realms); - krb5_free_principal(server); -#ifdef ENCRYPTION - if (newkey) { - /* keep the key in our private storage, but don't use it - yet---see kerberos5_reply() below */ - if (newkey->keytype != KEYTYPE_DES) { - if (creds.keyblock.keytype == KEYTYPE_DES) - /* use the session key in credentials instead */ - memmove((char *)session_key, - (char *)creds.keyblock.contents, sizeof(Block)); - else - /* XXX ? */; - } else { - memmove((char *)session_key, (char *)newkey->contents, - sizeof(Block)); - } - krb5_free_keyblock(newkey); + ret = krb5_auth_con_setaddrs_from_fd (context, + auth_context, + &zero); + if (ret) { + Data(ap, KRB_REJECT, "krb5_auth_con_setaddrs_from_fd failed", -1); + auth_finished(ap, AUTH_REJECT); + if (auth_debug_mode) + printf("Kerberos V5: " + "krb5_auth_con_setaddrs_from_fd failed (%s)\r\n", + krb5_get_err_text(context, ret)); + return; } -#endif /* ENCRYPTION */ - if (r) { - if (auth_debug_mode) { - printf("Kerberos V5: mk_req failed (%s)\r\n", - error_message(r)); - } - return(0); + + ret = krb5_sock_to_principal (context, + 0, + "host", + KRB5_NT_SRV_HST, + &server); + if (ret) { + Data(ap, KRB_REJECT, "krb5_sock_to_principal failed", -1); + auth_finished(ap, AUTH_REJECT); + if (auth_debug_mode) + printf("Kerberos V5: " + "krb5_sock_to_principal failed (%s)\r\n", + krb5_get_err_text(context, ret)); + return; } - if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { - if (auth_debug_mode) - printf("Not enough room for user name\r\n"); - return(0); + ret = krb5_rd_req(context, + &auth_context, + &auth, + server, + NULL, + NULL, + &ticket); + + krb5_free_principal (context, server); + if (ret) { + char *errbuf; + + asprintf(&errbuf, + "Read req failed: %s", + krb5_get_err_text(context, ret)); + Data(ap, KRB_REJECT, errbuf, -1); + if (auth_debug_mode) + printf("%s\r\n", errbuf); + free (errbuf); + return; } - if (!Data(ap, KRB_AUTH, auth.data, auth.length)) { + + { + char foo[2]; + + foo[0] = ap->type; + foo[1] = ap->way; + + ret = krb5_verify_authenticator_checksum(context, + auth_context, + foo, + sizeof(foo)); + + if (ret) { + char *errbuf; + asprintf(&errbuf, "Bad checksum: %s", + krb5_get_err_text(context, ret)); + Data(ap, KRB_REJECT, errbuf, -1); if (auth_debug_mode) - printf("Not enough room for authentication data\r\n"); - return(0); + printf ("%s\r\n", errbuf); + free(errbuf); + return; + } } - if (auth_debug_mode) { - printf("Sent Kerberos V5 credentials to server\r\n"); + ret = krb5_auth_con_getremotesubkey (context, + auth_context, + &key_block); + + if (ret) { + Data(ap, KRB_REJECT, "krb5_auth_con_getremotesubkey failed", -1); + auth_finished(ap, AUTH_REJECT); + if (auth_debug_mode) + printf("Kerberos V5: " + "krb5_auth_con_getremotesubkey failed (%s)\r\n", + krb5_get_err_text(context, ret)); + return; } - return(1); -} - - void -kerberos5_is(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; -{ - int r; - struct hostent *hp; - char *p1, *p2; - static char *realm = NULL; - krb5_principal server; - krb5_ap_rep_enc_part reply; - krb5_data outbuf; -#ifdef ENCRYPTION - Session_Key skey; -#endif /* ENCRYPTION */ - char *name; - char *getenv(); - krb5_data inbuf; - if (cnt-- < 1) + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { + ret = krb5_mk_rep(context, auth_context, &outbuf); + if (ret) { + Data(ap, KRB_REJECT, + "krb5_mk_rep failed", -1); + auth_finished(ap, AUTH_REJECT); + if (auth_debug_mode) + printf("Kerberos V5: " + "krb5_mk_rep failed (%s)\r\n", + krb5_get_err_text(context, ret)); return; - switch (*data++) { - case KRB_AUTH: - auth.data = (char *)data; - auth.length = cnt; - - if (!(hp = gethostbyname(LocalHostName))) { - if (auth_debug_mode) - printf("Cannot resolve local host name\r\n"); - Data(ap, KRB_REJECT, "Unknown local hostname.", -1); - auth_finished(ap, AUTH_REJECT); - return; - } - - if (!realm && (krb5_get_default_realm(&realm))) { - if (auth_debug_mode) - printf("Could not get default realm\r\n"); - Data(ap, KRB_REJECT, "Could not get default realm.", -1); - auth_finished(ap, AUTH_REJECT); - return; - } - - if ((name = malloc(strlen(hp->h_name)+1)) == NULL) { - if (auth_debug_mode) - printf("Out of memory for hostname in Kerberos V5\r\n"); - Data(ap, KRB_REJECT, "Out of memory.", -1); - auth_finished(ap, AUTH_REJECT); - return; - } - - p1 = hp->h_name; - p2 = name; - - while (*p2 = *p1++) { - if (isupper(*p2)) - *p2 |= 040; - ++p2; - } - - if (authdat) - krb5_free_tkt_authent(authdat); - - r = krb5_build_principal_ext(&server, - strlen(realm), realm, - 4, "host", - p2 - name, name, - 0); - if (!r) { - r = krb5_rd_req_simple(&auth, server, 0, &authdat); - krb5_free_principal(server); - } - if (r) { - char errbuf[128]; - - errout: - authdat = 0; - (void) strcpy(errbuf, "Read req failed: "); - (void) strcat(errbuf, error_message(r)); - Data(ap, KRB_REJECT, errbuf, -1); - if (auth_debug_mode) - printf("%s\r\n", errbuf); - return; - } - free(name); - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - /* do ap_rep stuff here */ - reply.ctime = authdat->authenticator->ctime; - reply.cusec = authdat->authenticator->cusec; - reply.subkey = 0; /* use the one he gave us, so don't - need to return one here */ - reply.seq_number = 0; /* we don't do seq #'s. */ - - if (r = krb5_mk_rep(&reply, - authdat->authenticator->subkey ? - authdat->authenticator->subkey : - authdat->ticket->enc_part2->session, - &outbuf)) { - goto errout; - } - Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length); - } - if (krb5_unparse_name(authdat->ticket->enc_part2 ->client, - &name)) - name = 0; - Data(ap, KRB_ACCEPT, name, name ? -1 : 0); - if (auth_debug_mode) { - printf("Kerberos5 identifies him as ``%s''\r\n", - name ? name : ""); - } - auth_finished(ap, AUTH_USER); - - free(name); - if (authdat->authenticator->subkey && - authdat->authenticator->subkey->keytype == KEYTYPE_DES) { - memmove((Voidptr )session_key, - (Voidptr )authdat->authenticator->subkey->contents, - sizeof(Block)); - } else if (authdat->ticket->enc_part2->session->keytype == - KEYTYPE_DES) { - memmove((Voidptr )session_key, - (Voidptr )authdat->ticket->enc_part2->session->contents, - sizeof(Block)); - } else - break; - -#ifdef ENCRYPTION + } + Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length); + } + if (krb5_unparse_name(context, ticket->client, &name)) + name = 0; + + if(UserNameRequested && krb5_kuserok(context, + ticket->client, + UserNameRequested)) { + Data(ap, KRB_ACCEPT, name, name ? -1 : 0); + if (auth_debug_mode) { + printf("Kerberos5 identifies him as ``%s''\r\n", + name ? name : ""); + } + + if(key_block->keytype == ETYPE_DES_CBC_MD5 || + key_block->keytype == ETYPE_DES_CBC_MD4 || + key_block->keytype == ETYPE_DES_CBC_CRC) { + Session_Key skey; + skey.type = SK_DES; skey.length = 8; - skey.data = session_key; - encrypt_session_key(&skey, 1); -#endif /* ENCRYPTION */ - break; -#ifdef FORWARD - case KRB_FORWARD: - inbuf.data = (char *)data; - inbuf.length = cnt; - if (r = rd_and_store_for_creds(&inbuf, authdat->ticket, - UserNameRequested)) { - char errbuf[128]; - - (void) strcpy(errbuf, "Read forwarded creds failed: "); - (void) strcat(errbuf, error_message(r)); - Data(ap, KRB_FORWARD_REJECT, errbuf, -1); - if (auth_debug_mode) - printf("Could not read forwarded credentials\r\n"); - } - else - Data(ap, KRB_FORWARD_ACCEPT, 0, 0); - if (auth_debug_mode) - printf("Forwarded credentials obtained\r\n"); - break; -#endif /* FORWARD */ - default: - if (auth_debug_mode) - printf("Unknown Kerberos option %d\r\n", data[-1]); - Data(ap, KRB_REJECT, 0, 0); - break; + skey.data = key_block->keyvalue.data; + encrypt_session_key(&skey, 0); + } + + } else { + char *msg; + + asprintf (&msg, "user `%s' is not authorized to " + "login as `%s'", + name ? name : "<unknown>", + UserNameRequested ? UserNameRequested : "<nobody>"); + if (msg == NULL) + Data(ap, KRB_REJECT, NULL, 0); + else { + Data(ap, KRB_REJECT, (void *)msg, -1); + free(msg); + } + auth_finished (ap, AUTH_REJECT); + krb5_free_keyblock_contents(context, key_block); + break; + } + auth_finished(ap, AUTH_USER); + krb5_free_keyblock_contents(context, key_block); + + break; + case KRB_FORWARD: { + struct passwd *pwd; + char ccname[1024]; /* XXX */ + krb5_data inbuf; + krb5_ccache ccache; + inbuf.data = (char *)data; + inbuf.length = cnt; + + pwd = getpwnam (UserNameRequested); + if (pwd == NULL) + break; + + snprintf (ccname, sizeof(ccname), + "FILE:/tmp/krb5cc_%u", pwd->pw_uid); + + ret = krb5_cc_resolve (context, ccname, &ccache); + if (ret) { + if (auth_debug_mode) + printf ("Kerberos V5: could not get ccache: %s\r\n", + krb5_get_err_text(context, ret)); + break; + } + + ret = krb5_cc_initialize (context, + ccache, + ticket->client); + if (ret) { + if (auth_debug_mode) + printf ("Kerberos V5: could not init ccache: %s\r\n", + krb5_get_err_text(context, ret)); + break; } + +#if defined(DCE) + esetenv("KRB5CCNAME", ccname, 1); +#endif + ret = krb5_rd_cred2 (context, + auth_context, + ccache, + &inbuf); + if(ret) { + char *errbuf; + + asprintf (&errbuf, + "Read forwarded creds failed: %s", + krb5_get_err_text (context, ret)); + if(errbuf == NULL) + Data(ap, KRB_FORWARD_REJECT, NULL, 0); + else + Data(ap, KRB_FORWARD_REJECT, errbuf, -1); + if (auth_debug_mode) + printf("Could not read forwarded credentials: %s\r\n", + errbuf); + free (errbuf); + } else { + Data(ap, KRB_FORWARD_ACCEPT, 0, 0); +#if defined(DCE) + dfsfwd = 1; +#endif + } + chown (ccname + 5, pwd->pw_uid, -1); + if (auth_debug_mode) + printf("Forwarded credentials obtained\r\n"); + break; + } + default: + if (auth_debug_mode) + printf("Unknown Kerberos option %d\r\n", data[-1]); + Data(ap, KRB_REJECT, 0, 0); + break; + } } - void -kerberos5_reply(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; +void +kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt) { - Session_Key skey; - static int mutual_complete = 0; + static int mutual_complete = 0; - if (cnt-- < 1) - return; - switch (*data++) { - case KRB_REJECT: - if (cnt > 0) { - printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n", - cnt, data); - } else - printf("[ Kerberos V5 refuses authentication ]\r\n"); - auth_send_retry(); - return; - case KRB_ACCEPT: - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL && - !mutual_complete) { - printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\n"); - auth_send_retry(); - return; - } - if (cnt) - printf("[ Kerberos V5 accepts you as ``%.*s'' ]\n", cnt, data); - else - printf("[ Kerberos V5 accepts you ]\n"); - auth_finished(ap, AUTH_USER); -#ifdef FORWARD - if (forward_flags & OPTS_FORWARD_CREDS) - kerberos5_forward(ap); -#endif /* FORWARD */ - break; - case KRB_RESPONSE: - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - /* the rest of the reply should contain a krb_ap_rep */ - krb5_ap_rep_enc_part *reply; - krb5_data inbuf; - krb5_error_code r; - krb5_keyblock tmpkey; - - inbuf.length = cnt; - inbuf.data = (char *)data; - - tmpkey.keytype = KEYTYPE_DES; - tmpkey.contents = session_key; - tmpkey.length = sizeof(Block); - - if (r = krb5_rd_rep(&inbuf, &tmpkey, &reply)) { - printf("[ Mutual authentication failed: %s ]\n", - error_message(r)); - auth_send_retry(); - return; - } - if (reply->ctime != authenticator.ctime || - reply->cusec != authenticator.cusec) { - printf("[ Mutual authentication failed (mismatched KRB_AP_REP) ]\n"); - auth_send_retry(); - return; - } - krb5_free_ap_rep_enc_part(reply); -#ifdef ENCRYPTION - skey.type = SK_DES; - skey.length = 8; - skey.data = session_key; - encrypt_session_key(&skey, 0); -#endif /* ENCRYPTION */ - mutual_complete = 1; - } - return; -#ifdef FORWARD - case KRB_FORWARD_ACCEPT: - printf("[ Kerberos V5 accepted forwarded credentials ]\n"); - return; - case KRB_FORWARD_REJECT: - printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n", - cnt, data); - return; -#endif /* FORWARD */ - default: - if (auth_debug_mode) - printf("Unknown Kerberos option %d\r\n", data[-1]); - return; + if (cnt-- < 1) + return; + switch (*data++) { + case KRB_REJECT: + if (cnt > 0) { + printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n", + cnt, data); + } else + printf("[ Kerberos V5 refuses authentication ]\r\n"); + auth_send_retry(); + return; + case KRB_ACCEPT: { + krb5_error_code ret; + Session_Key skey; + krb5_keyblock *keyblock; + + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL && + !mutual_complete) { + printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n"); + auth_send_retry(); + return; } + if (cnt) + printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data); + else + printf("[ Kerberos V5 accepts you ]\r\n"); + + ret = krb5_auth_con_getlocalsubkey (context, + auth_context, + &keyblock); + if (ret) + ret = krb5_auth_con_getkey (context, + auth_context, + &keyblock); + if(ret) { + printf("[ krb5_auth_con_getkey: %s ]\r\n", + krb5_get_err_text(context, ret)); + auth_send_retry(); + return; + } + + skey.type = SK_DES; + skey.length = 8; + skey.data = keyblock->keyvalue.data; + encrypt_session_key(&skey, 0); + krb5_free_keyblock_contents (context, keyblock); + auth_finished(ap, AUTH_USER); + if (forward_flags & OPTS_FORWARD_CREDS) + kerberos5_forward(ap); + break; + } + case KRB_RESPONSE: + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { + /* the rest of the reply should contain a krb_ap_rep */ + krb5_ap_rep_enc_part *reply; + krb5_data inbuf; + krb5_error_code ret; + + inbuf.length = cnt; + inbuf.data = (char *)data; + + ret = krb5_rd_rep(context, auth_context, &inbuf, &reply); + if (ret) { + printf("[ Mutual authentication failed: %s ]\r\n", + krb5_get_err_text (context, ret)); + auth_send_retry(); + return; + } + krb5_free_ap_rep_enc_part(context, reply); + mutual_complete = 1; + } + return; + case KRB_FORWARD_ACCEPT: + printf("[ Kerberos V5 accepted forwarded credentials ]\r\n"); + return; + case KRB_FORWARD_REJECT: + printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n", + cnt, data); + return; + default: + if (auth_debug_mode) + printf("Unknown Kerberos option %d\r\n", data[-1]); + return; + } } - int -kerberos5_status(ap, name, level) - Authenticator *ap; - char *name; - int level; +int +kerberos5_status(Authenticator *ap __unused, char *name, int level) { - if (level < AUTH_USER) - return(level); + if (level < AUTH_USER) + return(level); - if (UserNameRequested && - krb5_kuserok(authdat->ticket->enc_part2->client, UserNameRequested)) + if (UserNameRequested && + krb5_kuserok(context, + ticket->client, + UserNameRequested)) { - strcpy(name, UserNameRequested); - return(AUTH_VALID); + strcpy(name, UserNameRequested); + return(AUTH_VALID); } else - return(AUTH_USER); + return(AUTH_USER); } #define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} #define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} - void -kerberos5_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; +void +kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { - char lbuf[32]; - register int i; - - buf[buflen-1] = '\0'; /* make sure its NULL terminated */ - buflen -= 1; - - switch(data[3]) { - case KRB_REJECT: /* Rejected (reason might follow) */ - strncpy((char *)buf, " REJECT ", buflen); - goto common; - - case KRB_ACCEPT: /* Accepted (name might follow) */ - strncpy((char *)buf, " ACCEPT ", buflen); - common: - BUMP(buf, buflen); - if (cnt <= 4) - break; - ADDC(buf, buflen, '"'); - for (i = 4; i < cnt; i++) - ADDC(buf, buflen, data[i]); - ADDC(buf, buflen, '"'); - ADDC(buf, buflen, '\0'); - break; - - - case KRB_AUTH: /* Authentication data follows */ - strncpy((char *)buf, " AUTH", buflen); - goto common2; - - case KRB_RESPONSE: - strncpy((char *)buf, " RESPONSE", buflen); - goto common2; - -#ifdef FORWARD - case KRB_FORWARD: /* Forwarded credentials follow */ - strncpy((char *)buf, " FORWARD", buflen); - goto common2; - - case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */ - strncpy((char *)buf, " FORWARD_ACCEPT", buflen); - goto common2; - - case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */ - /* (reason might follow) */ - strncpy((char *)buf, " FORWARD_REJECT", buflen); - goto common2; -#endif /* FORWARD */ - - default: - sprintf(lbuf, " %d (unknown)", data[3]); - strncpy((char *)buf, lbuf, buflen); - common2: - BUMP(buf, buflen); - for (i = 4; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); - strncpy((char *)buf, lbuf, buflen); - BUMP(buf, buflen); - } - break; + int i; + + buf[buflen-1] = '\0'; /* make sure its NULL terminated */ + buflen -= 1; + + switch(data[3]) { + case KRB_REJECT: /* Rejected (reason might follow) */ + strlcpy((char *)buf, " REJECT ", buflen); + goto common; + + case KRB_ACCEPT: /* Accepted (name might follow) */ + strlcpy((char *)buf, " ACCEPT ", buflen); + common: + BUMP(buf, buflen); + if (cnt <= 4) + break; + ADDC(buf, buflen, '"'); + for (i = 4; i < cnt; i++) + ADDC(buf, buflen, data[i]); + ADDC(buf, buflen, '"'); + ADDC(buf, buflen, '\0'); + break; + + + case KRB_AUTH: /* Authentication data follows */ + strlcpy((char *)buf, " AUTH", buflen); + goto common2; + + case KRB_RESPONSE: + strlcpy((char *)buf, " RESPONSE", buflen); + goto common2; + + case KRB_FORWARD: /* Forwarded credentials follow */ + strlcpy((char *)buf, " FORWARD", buflen); + goto common2; + + case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */ + strlcpy((char *)buf, " FORWARD_ACCEPT", buflen); + goto common2; + + case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */ + /* (reason might follow) */ + strlcpy((char *)buf, " FORWARD_REJECT", buflen); + goto common2; + + default: + snprintf(buf, buflen, " %d (unknown)", data[3]); + common2: + BUMP(buf, buflen); + for (i = 4; i < cnt; i++) { + snprintf(buf, buflen, " %d", data[i]); + BUMP(buf, buflen); } + break; + } } -#ifdef FORWARD - void -kerberos5_forward(ap) - Authenticator *ap; +void +kerberos5_forward(Authenticator *ap) { - struct hostent *hp; - krb5_creds *local_creds; - krb5_error_code r; - krb5_data forw_creds; - extern krb5_cksumtype krb5_kdc_req_sumtype; - krb5_ccache ccache; - int i; - - if (!(local_creds = (krb5_creds *) - calloc(1, sizeof(*local_creds)))) { + krb5_error_code ret; + krb5_ccache ccache; + krb5_creds creds; + krb5_kdc_flags flags; + krb5_data out_data; + krb5_principal principal; + + ret = krb5_cc_default (context, &ccache); + if (ret) { if (auth_debug_mode) - printf("Kerberos V5: could not allocate memory for credentials\r\n"); + printf ("KerberosV5: could not get default ccache: %s\r\n", + krb5_get_err_text (context, ret)); return; } - if (r = krb5_sname_to_principal(RemoteHostName, "host", 1, - &local_creds->server)) { + ret = krb5_cc_get_principal (context, ccache, &principal); + if (ret) { if (auth_debug_mode) - printf("Kerberos V5: could not build server name - %s\r\n", - error_message(r)); - krb5_free_creds(local_creds); + printf ("KerberosV5: could not get principal: %s\r\n", + krb5_get_err_text (context, ret)); return; } - if (r = krb5_cc_default(&ccache)) { - if (auth_debug_mode) - printf("Kerberos V5: could not get default ccache - %s\r\n", - error_message(r)); - krb5_free_creds(local_creds); - return; - } + memset (&creds, 0, sizeof(creds)); - if (r = krb5_cc_get_principal(ccache, &local_creds->client)) { - if (auth_debug_mode) - printf("Kerberos V5: could not get default principal - %s\r\n", - error_message(r)); - krb5_free_creds(local_creds); - return; - } + creds.client = principal; + + ret = krb5_build_principal (context, + &creds.server, + strlen(principal->realm), + principal->realm, + "krbtgt", + principal->realm, + NULL); - /* Get ticket from credentials cache */ - if (r = krb5_get_credentials(KRB5_GC_CACHED, ccache, local_creds)) { + if (ret) { if (auth_debug_mode) - printf("Kerberos V5: could not obtain credentials - %s\r\n", - error_message(r)); - krb5_free_creds(local_creds); + printf ("KerberosV5: could not get principal: %s\r\n", + krb5_get_err_text (context, ret)); return; } - if (r = get_for_creds(ETYPE_DES_CBC_CRC, - krb5_kdc_req_sumtype, - RemoteHostName, - local_creds->client, - &local_creds->keyblock, - forward_flags & OPTS_FORWARDABLE_CREDS, - &forw_creds)) { + creds.times.endtime = 0; + + flags.i = 0; + flags.b.forwarded = 1; + if (forward_flags & OPTS_FORWARDABLE_CREDS) + flags.b.forwardable = 1; + + ret = krb5_get_forwarded_creds (context, + auth_context, + ccache, + flags.i, + RemoteHostName, + &creds, + &out_data); + if (ret) { if (auth_debug_mode) - printf("Kerberos V5: error getting forwarded creds - %s\r\n", - error_message(r)); - krb5_free_creds(local_creds); + printf ("Kerberos V5: error getting forwarded creds: %s\r\n", + krb5_get_err_text (context, ret)); return; } - /* Send forwarded credentials */ - if (!Data(ap, KRB_FORWARD, forw_creds.data, forw_creds.length)) { + if(!Data(ap, KRB_FORWARD, out_data.data, out_data.length)) { if (auth_debug_mode) - printf("Not enough room for authentication data\r\n"); - } - else { + printf("Not enough room for authentication data\r\n"); + } else { if (auth_debug_mode) - printf("Forwarded local Kerberos V5 credentials to server\r\n"); + printf("Forwarded local Kerberos V5 credentials to server\r\n"); } +} - krb5_free_creds(local_creds); +#if defined(DCE) +/* if this was a K5 authentication try and join a PAG for the user. */ +void +kerberos5_dfspag(void) +{ + if (dfsk5ok) { + dfspag = krb5_dfs_pag(context, dfsfwd, ticket->client, + UserNameRequested); + } } -#endif /* FORWARD */ +#endif #endif /* KRB5 */ diff --git a/crypto/telnet/libtelnet/key-proto.h b/crypto/telnet/libtelnet/key-proto.h index 9668a77..2f3f346 100644 --- a/crypto/telnet/libtelnet/key-proto.h +++ b/crypto/telnet/libtelnet/key-proto.h @@ -51,21 +51,15 @@ * permission. M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. + * + * $FreeBSD$ */ #ifndef __KEY_PROTO__ #define __KEY_PROTO__ -#if !defined(P) -#ifdef __STDC__ -#define P(x) x -#else -#define P(x) () -#endif -#endif - -int key_file_exists P((void)); -void key_lookup P((unsigned char *, Block)); -void key_stream_init P((Block, Block, int)); -unsigned char key_stream P((int, int)); +int key_file_exists(void); +void key_lookup(unsigned char *, Block); +void key_stream_init(Block, Block, int); +unsigned char key_stream(int, int); #endif diff --git a/crypto/telnet/libtelnet/krb4encpwd.c b/crypto/telnet/libtelnet/krb4encpwd.c index d0d2b48..8b21def 100644 --- a/crypto/telnet/libtelnet/krb4encpwd.c +++ b/crypto/telnet/libtelnet/krb4encpwd.c @@ -32,6 +32,7 @@ */ #include <sys/cdefs.h> + __FBSDID("$FreeBSD$"); #ifndef lint @@ -74,20 +75,13 @@ static char sccsid[] = "@(#)krb4encpwd.c 8.3 (Berkeley) 5/30/95"; */ #include <sys/types.h> +#include <openssl/des.h> #include <arpa/telnet.h> +#include <krb.h> #include <pwd.h> #include <stdio.h> - -#include <openssl/des.h> -#include <krb.h> -#ifdef __STDC__ #include <stdlib.h> -#endif -#ifdef NO_STRING_H -#include <strings.h> -#else #include <string.h> -#endif #include "encrypt.h" #include "auth.h" @@ -432,17 +426,3 @@ char *name, *passwd; } #endif - -#ifdef notdef - -prkey(msg, key) - char *msg; - unsigned char *key; -{ - register int i; - printf("%s:", msg); - for (i = 0; i < 8; i++) - printf(" %3d", key[i]); - printf("\r\n"); -} -#endif diff --git a/crypto/telnet/libtelnet/misc-proto.h b/crypto/telnet/libtelnet/misc-proto.h index c0d2068..5f4f9fc 100644 --- a/crypto/telnet/libtelnet/misc-proto.h +++ b/crypto/telnet/libtelnet/misc-proto.h @@ -65,17 +65,24 @@ #endif #endif -void auth_encrypt_init P((char *, char *, char *, int)); -void auth_encrypt_connect P((int)); -void printd P((unsigned char *, int)); +void auth_encrypt_init(char *, char *, const char *, int); +void auth_encrypt_connect(int); +void printd(const unsigned char *, int); + +int isprefix(char *, const char *); +char **genget(char *, char **, int); +int Ambiguous(char **); + +int getent(char *, const char *); +char *Getstr(const char *, char **); /* * These functions are imported from the application */ -int net_write P((unsigned char *, int)); -void net_encrypt P((void)); -int telnet_spin P((void)); -char *telnet_getenv P((char *)); -char *telnet_gets P((char *, char *, int, int)); -void printsub P((int, unsigned char *, int)); +int net_write(unsigned char *, int); +void net_encrypt(void); +int telnet_spin(void); +char *telnet_getenv(char *); +char *telnet_gets(const char *, char *, int, int); +void printsub(char, unsigned char *, int); #endif diff --git a/crypto/telnet/libtelnet/misc.c b/crypto/telnet/libtelnet/misc.c index c9ebec7..e9e7957 100644 --- a/crypto/telnet/libtelnet/misc.c +++ b/crypto/telnet/libtelnet/misc.c @@ -32,6 +32,7 @@ */ #include <sys/cdefs.h> + __FBSDID("$FreeBSD$"); #ifndef lint @@ -42,8 +43,10 @@ static const char sccsid[] = "@(#)misc.c 8.1 (Berkeley) 6/4/93"; #include <stdio.h> #include <stdlib.h> +#include <string.h> + #include "misc.h" -#if defined(AUTHENTICATION) +#ifdef AUTHENTICATION #include "auth.h" #endif #ifdef ENCRYPTION @@ -55,16 +58,18 @@ char *LocalHostName; char *UserNameRequested = 0; int ConnectedCount = 0; - void -auth_encrypt_init(local, remote, name, server) - char *local; - char *remote; - char *name; - int server; +#ifndef AUTHENTICATION +#define undef1 __unused +#else +#define undef1 +#endif + +void +auth_encrypt_init(char *local, char *remote, const char *name undef1, int server undef1) { RemoteHostName = remote; LocalHostName = local; -#if defined(AUTHENTICATION) +#ifdef AUTHENTICATION auth_init(name, server); #endif #ifdef ENCRYPTION @@ -76,27 +81,23 @@ auth_encrypt_init(local, remote, name, server) } } - void -auth_encrypt_user(name) - char *name; +#ifdef ENCRYPTION +void +auth_encrypt_user(char *name) { - extern char *strdup(); - if (UserNameRequested) free(UserNameRequested); UserNameRequested = name ? strdup(name) : 0; } - void -auth_encrypt_connect(cnt) - int cnt; +void +auth_encrypt_connect(int cnt __unused) { } +#endif /* ENCRYPTION */ - void -printd(data, cnt) - unsigned char *data; - int cnt; +void +printd(const unsigned char *data, int cnt) { if (cnt > 16) cnt = 16; diff --git a/crypto/telnet/libtelnet/pk.c b/crypto/telnet/libtelnet/pk.c index 51ad927..fc41aed 100644 --- a/crypto/telnet/libtelnet/pk.c +++ b/crypto/telnet/libtelnet/pk.c @@ -28,6 +28,10 @@ * */ +#include <sys/cdefs.h> + +__FBSDID("$FreeBSD$"); + /* public key routines */ /* functions: genkeys(char *public, char *secret) @@ -39,19 +43,15 @@ char secret[HEXKEYBYTES + 1]; */ -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - #include <sys/time.h> #include <openssl/des.h> #include <fcntl.h> #include <stdio.h> +#include <stdlib.h> #include <string.h> + #include "mp.h" #include "pk.h" -#if defined(SOLARIS2) || defined(LINUX) || defined(__FreeBSD__) -#include <stdlib.h> -#endif static void adjust(char keyout[HEXKEYBYTES+1], char *keyin); @@ -129,11 +129,7 @@ common_key(char *xsecret, char *xpublic, IdeaData *ideakey, DesData *deskey) pow(public, secret, modulus, common); extractdeskey(common, deskey); extractideakey(common, ideakey); -#if DES_OSTHOLM - des_fixup_key_parity(deskey); -#else des_set_odd_parity(deskey); -#endif mfree(common); mfree(secret); mfree(public); @@ -143,7 +139,7 @@ common_key(char *xsecret, char *xpublic, IdeaData *ideakey, DesData *deskey) /* * Generate a seed */ -void +static void getseed(char *seed, int seedsize) { int i; @@ -160,7 +156,7 @@ getseed(char *seed, int seedsize) void genkeys(char *public, char *secret) { - int i; + size_t i; # define BASEBITS (8*sizeof(short) - 1) # define BASE (1 << BASEBITS) @@ -247,7 +243,8 @@ pk_decode(char *in, char *out, DesData *key) char buf[256]; DesData i; des_key_schedule k; - int l,n1,n2,op; + int n1,n2,op; + size_t l; memset(&i,0,sizeof(i)); memset(buf,0,sizeof(buf)); diff --git a/crypto/telnet/libtelnet/pk.h b/crypto/telnet/libtelnet/pk.h index b0bbe57..555d8eb 100644 --- a/crypto/telnet/libtelnet/pk.h +++ b/crypto/telnet/libtelnet/pk.h @@ -32,23 +32,11 @@ /* header for the des routines that we will use */ typedef unsigned char byte, DesData[ 8], IdeaData[16]; -#if 0 -typedef unsigned long word, DesKeys[32]; -#else #define DesKeys des_key_schedule -#endif #define DES_DECRYPT 0 #define DES_ENCRYPT 1 -#if 0 -extern void des_fixup_key_parity(); /* (DesData *key) */ -extern int des_key_sched(); /* (DesData *key, DesKeys *m) */ -extern int des_ecb_encrypt(); /* (DesData *src, *dst, DesKeys *m, int mode) */ -extern int des_cbc_encrypt(); /* (char *src, *dst, int length, - DesKeys *m, DesData *init, int mode) */ -#endif - /* public key routines */ /* functions: genkeys(char *public, char *secret) @@ -69,4 +57,3 @@ extern void common_key(char *secret, char *public, IdeaData *common, DesData *deskey); extern void pk_encode(char *in, char *out, DesData *deskey); extern void pk_decode(char *in, char *out, DesData *deskey); - diff --git a/crypto/telnet/libtelnet/read_password.c b/crypto/telnet/libtelnet/read_password.c index f2a85cd..badf214 100644 --- a/crypto/telnet/libtelnet/read_password.c +++ b/crypto/telnet/libtelnet/read_password.c @@ -32,6 +32,7 @@ */ #include <sys/cdefs.h> + __FBSDID("$FreeBSD$"); #ifndef lint diff --git a/crypto/telnet/libtelnet/rsaencpwd.c b/crypto/telnet/libtelnet/rsaencpwd.c index fa6043c..fba0c6b 100644 --- a/crypto/telnet/libtelnet/rsaencpwd.c +++ b/crypto/telnet/libtelnet/rsaencpwd.c @@ -32,6 +32,7 @@ */ #include <sys/cdefs.h> + __FBSDID("$FreeBSD$"); #ifndef lint @@ -77,15 +78,8 @@ static char sccsid[] = "@(#)rsaencpwd.c 8.3 (Berkeley) 5/30/95"; #include <arpa/telnet.h> #include <pwd.h> #include <stdio.h> - -#ifdef __STDC__ #include <stdlib.h> -#endif -#ifdef NO_STRING_H -#include <strings.h> -#else #include <string.h> -#endif #include "encrypt.h" #include "auth.h" @@ -479,17 +473,3 @@ char *name, *passwd; } #endif - -#ifdef notdef - -prkey(msg, key) - char *msg; - unsigned char *key; -{ - register int i; - printf("%s:", msg); - for (i = 0; i < 8; i++) - printf(" %3d", key[i]); - printf("\r\n"); -} -#endif diff --git a/crypto/telnet/libtelnet/spx.c b/crypto/telnet/libtelnet/spx.c deleted file mode 100644 index ad1eca4..0000000 --- a/crypto/telnet/libtelnet/spx.c +++ /dev/null @@ -1,592 +0,0 @@ -/*- - * Copyright (c) 1992, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include <sys/cdefs.h> -__FBSDID("$FreeBSD$"); - -#ifndef lint -#if 0 -static char sccsid[] = "@(#)spx.c 8.2 (Berkeley) 5/30/95"; -#endif -#endif /* not lint */ - -#ifdef SPX -/* - * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION - * ALL RIGHTS RESERVED - * - * "Digital Equipment Corporation authorizes the reproduction, - * distribution and modification of this software subject to the following - * restrictions: - * - * 1. Any partial or whole copy of this software, or any modification - * thereof, must include this copyright notice in its entirety. - * - * 2. This software is supplied "as is" with no warranty of any kind, - * expressed or implied, for any purpose, including any warranty of fitness - * or merchantibility. DIGITAL assumes no responsibility for the use or - * reliability of this software, nor promises to provide any form of - * support for it on any basis. - * - * 3. Distribution of this software is authorized only if no profit or - * remuneration of any kind is received in exchange for such distribution. - * - * 4. This software produces public key authentication certificates - * bearing an expiration date established by DIGITAL and RSA Data - * Security, Inc. It may cease to generate certificates after the expiration - * date. Any modification of this software that changes or defeats - * the expiration date or its effect is unauthorized. - * - * 5. Software that will renew or extend the expiration date of - * authentication certificates produced by this software may be obtained - * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA - * 94065, (415)595-8782, or from DIGITAL" - * - */ - -#include <sys/types.h> -#include <arpa/telnet.h> -#include <stdio.h> -#include "gssapi_defs.h" -#ifdef __STDC__ -#include <stdlib.h> -#endif -#ifdef NO_STRING_H -#include <strings.h> -#else -#include <string.h> -#endif - -#include <pwd.h> -#include "encrypt.h" -#include "auth.h" -#include "misc.h" - -extern auth_debug_mode; - -static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, - AUTHTYPE_SPX, }; -static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION, - TELQUAL_NAME, }; - -#define SPX_AUTH 0 /* Authentication data follows */ -#define SPX_REJECT 1 /* Rejected (reason might follow) */ -#define SPX_ACCEPT 2 /* Accepted */ - -#ifdef ENCRYPTION -static Block session_key = { 0 }; -#endif /* ENCRYPTION */ -static Block challenge = { 0 }; - - -/*******************************************************************/ - -gss_OID_set actual_mechs; -gss_OID actual_mech_type, output_name_type; -int major_status, status, msg_ctx = 0, new_status; -int req_flags = 0, ret_flags, lifetime_rec; -gss_cred_id_t gss_cred_handle; -gss_ctx_id_t actual_ctxhandle, context_handle; -gss_buffer_desc output_token, input_token, input_name_buffer; -gss_buffer_desc status_string; -gss_name_t desired_targname, src_name; -gss_channel_bindings input_chan_bindings; -char lhostname[GSS_C_MAX_PRINTABLE_NAME]; -char targ_printable[GSS_C_MAX_PRINTABLE_NAME]; -int to_addr=0, from_addr=0; -char *address; -gss_buffer_desc fullname_buffer; -gss_OID fullname_type; -gss_cred_id_t gss_delegated_cred_handle; - -/*******************************************************************/ - - - - static int -Data(ap, type, d, c) - Authenticator *ap; - int type; - void *d; - int c; -{ - unsigned char *p = str_data + 4; - unsigned char *cd = (unsigned char *)d; - - if (c == -1) - c = strlen((char *)cd); - - if (0) { - printf("%s:%d: [%d] (%d)", - str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", - str_data[3], - type, c); - printd(d, c); - printf("\r\n"); - } - *p++ = ap->type; - *p++ = ap->way; - *p++ = type; - while (c-- > 0) { - if ((*p++ = *cd++) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - if (str_data[3] == TELQUAL_IS) - printsub('>', &str_data[2], p - (&str_data[2])); - return(net_write(str_data, p - str_data)); -} - - int -spx_init(ap, server) - Authenticator *ap; - int server; -{ - gss_cred_id_t tmp_cred_handle; - - if (server) { - str_data[3] = TELQUAL_REPLY; - gethostname(lhostname, sizeof(lhostname)); - strcpy(targ_printable, "SERVICE:rcmd@"); - strcat(targ_printable, lhostname); - input_name_buffer.length = strlen(targ_printable); - input_name_buffer.value = targ_printable; - major_status = gss_import_name(&status, - &input_name_buffer, - GSS_C_NULL_OID, - &desired_targname); - major_status = gss_acquire_cred(&status, - desired_targname, - 0, - GSS_C_NULL_OID_SET, - GSS_C_ACCEPT, - &tmp_cred_handle, - &actual_mechs, - &lifetime_rec); - if (major_status != GSS_S_COMPLETE) return(0); - } else { - str_data[3] = TELQUAL_IS; - } - return(1); -} - - int -spx_send(ap) - Authenticator *ap; -{ - Block enckey; - int r; - - gss_OID actual_mech_type, output_name_type; - int msg_ctx = 0, new_status, status; - int req_flags = 0, ret_flags, lifetime_rec, major_status; - gss_buffer_desc output_token, input_token, input_name_buffer; - gss_buffer_desc output_name_buffer, status_string; - gss_name_t desired_targname; - gss_channel_bindings input_chan_bindings; - char targ_printable[GSS_C_MAX_PRINTABLE_NAME]; - int from_addr=0, to_addr=0, myhostlen, j; - int deleg_flag=1, mutual_flag=0, replay_flag=0, seq_flag=0; - char *address; - - printf("[ Trying SPX ... ]\n"); - strcpy(targ_printable, "SERVICE:rcmd@"); - strcat(targ_printable, RemoteHostName); - - input_name_buffer.length = strlen(targ_printable); - input_name_buffer.value = targ_printable; - - if (!UserNameRequested) { - return(0); - } - - major_status = gss_import_name(&status, - &input_name_buffer, - GSS_C_NULL_OID, - &desired_targname); - - - major_status = gss_display_name(&status, - desired_targname, - &output_name_buffer, - &output_name_type); - - printf("target is '%s'\n", output_name_buffer.value); fflush(stdout); - - major_status = gss_release_buffer(&status, &output_name_buffer); - - input_chan_bindings = (gss_channel_bindings) - malloc(sizeof(gss_channel_bindings_desc)); - - input_chan_bindings->initiator_addrtype = GSS_C_AF_INET; - input_chan_bindings->initiator_address.length = 4; - address = (char *) malloc(4); - input_chan_bindings->initiator_address.value = (char *) address; - address[0] = ((from_addr & 0xff000000) >> 24); - address[1] = ((from_addr & 0xff0000) >> 16); - address[2] = ((from_addr & 0xff00) >> 8); - address[3] = (from_addr & 0xff); - input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET; - input_chan_bindings->acceptor_address.length = 4; - address = (char *) malloc(4); - input_chan_bindings->acceptor_address.value = (char *) address; - address[0] = ((to_addr & 0xff000000) >> 24); - address[1] = ((to_addr & 0xff0000) >> 16); - address[2] = ((to_addr & 0xff00) >> 8); - address[3] = (to_addr & 0xff); - input_chan_bindings->application_data.length = 0; - - req_flags = 0; - if (deleg_flag) req_flags = req_flags | 1; - if (mutual_flag) req_flags = req_flags | 2; - if (replay_flag) req_flags = req_flags | 4; - if (seq_flag) req_flags = req_flags | 8; - - major_status = gss_init_sec_context(&status, /* minor status */ - GSS_C_NO_CREDENTIAL, /* cred handle */ - &actual_ctxhandle, /* ctx handle */ - desired_targname, /* target name */ - GSS_C_NULL_OID, /* mech type */ - req_flags, /* req flags */ - 0, /* time req */ - input_chan_bindings, /* chan binding */ - GSS_C_NO_BUFFER, /* input token */ - &actual_mech_type, /* actual mech */ - &output_token, /* output token */ - &ret_flags, /* ret flags */ - &lifetime_rec); /* time rec */ - - if ((major_status != GSS_S_COMPLETE) && - (major_status != GSS_S_CONTINUE_NEEDED)) { - gss_display_status(&new_status, - status, - GSS_C_MECH_CODE, - GSS_C_NULL_OID, - &msg_ctx, - &status_string); - printf("%s\n", status_string.value); - return(0); - } - - if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { - return(0); - } - - if (!Data(ap, SPX_AUTH, (void *)output_token.value, output_token.length)) { - return(0); - } - - return(1); -} - - void -spx_is(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; -{ - Session_Key skey; - Block datablock; - int r; - - if (cnt-- < 1) - return; - switch (*data++) { - case SPX_AUTH: - input_token.length = cnt; - input_token.value = (char *) data; - - gethostname(lhostname, sizeof(lhostname)); - - strcpy(targ_printable, "SERVICE:rcmd@"); - strcat(targ_printable, lhostname); - - input_name_buffer.length = strlen(targ_printable); - input_name_buffer.value = targ_printable; - - major_status = gss_import_name(&status, - &input_name_buffer, - GSS_C_NULL_OID, - &desired_targname); - - major_status = gss_acquire_cred(&status, - desired_targname, - 0, - GSS_C_NULL_OID_SET, - GSS_C_ACCEPT, - &gss_cred_handle, - &actual_mechs, - &lifetime_rec); - - major_status = gss_release_name(&status, desired_targname); - - input_chan_bindings = (gss_channel_bindings) - malloc(sizeof(gss_channel_bindings_desc)); - - input_chan_bindings->initiator_addrtype = GSS_C_AF_INET; - input_chan_bindings->initiator_address.length = 4; - address = (char *) malloc(4); - input_chan_bindings->initiator_address.value = (char *) address; - address[0] = ((from_addr & 0xff000000) >> 24); - address[1] = ((from_addr & 0xff0000) >> 16); - address[2] = ((from_addr & 0xff00) >> 8); - address[3] = (from_addr & 0xff); - input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET; - input_chan_bindings->acceptor_address.length = 4; - address = (char *) malloc(4); - input_chan_bindings->acceptor_address.value = (char *) address; - address[0] = ((to_addr & 0xff000000) >> 24); - address[1] = ((to_addr & 0xff0000) >> 16); - address[2] = ((to_addr & 0xff00) >> 8); - address[3] = (to_addr & 0xff); - input_chan_bindings->application_data.length = 0; - - major_status = gss_accept_sec_context(&status, - &context_handle, - gss_cred_handle, - &input_token, - input_chan_bindings, - &src_name, - &actual_mech_type, - &output_token, - &ret_flags, - &lifetime_rec, - &gss_delegated_cred_handle); - - - if (major_status != GSS_S_COMPLETE) { - - major_status = gss_display_name(&status, - src_name, - &fullname_buffer, - &fullname_type); - Data(ap, SPX_REJECT, (void *)"auth failed", -1); - auth_finished(ap, AUTH_REJECT); - return; - } - - major_status = gss_display_name(&status, - src_name, - &fullname_buffer, - &fullname_type); - - - Data(ap, SPX_ACCEPT, (void *)output_token.value, output_token.length); - auth_finished(ap, AUTH_USER); - break; - - default: - Data(ap, SPX_REJECT, 0, 0); - break; - } -} - - - void -spx_reply(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; -{ - Session_Key skey; - - if (cnt-- < 1) - return; - switch (*data++) { - case SPX_REJECT: - if (cnt > 0) { - printf("[ SPX refuses authentication because %.*s ]\r\n", - cnt, data); - } else - printf("[ SPX refuses authentication ]\r\n"); - auth_send_retry(); - return; - case SPX_ACCEPT: - printf("[ SPX accepts you ]\n"); - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - /* - * Send over the encrypted challenge. - */ - input_token.value = (char *) data; - input_token.length = cnt; - - major_status = gss_init_sec_context(&status, /* minor stat */ - GSS_C_NO_CREDENTIAL, /* cred handle */ - &actual_ctxhandle, /* ctx handle */ - desired_targname, /* target name */ - GSS_C_NULL_OID, /* mech type */ - req_flags, /* req flags */ - 0, /* time req */ - input_chan_bindings, /* chan binding */ - &input_token, /* input token */ - &actual_mech_type, /* actual mech */ - &output_token, /* output token */ - &ret_flags, /* ret flags */ - &lifetime_rec); /* time rec */ - - if (major_status != GSS_S_COMPLETE) { - gss_display_status(&new_status, - status, - GSS_C_MECH_CODE, - GSS_C_NULL_OID, - &msg_ctx, - &status_string); - printf("[ SPX mutual response fails ... '%s' ]\r\n", - status_string.value); - auth_send_retry(); - return; - } - } - auth_finished(ap, AUTH_USER); - return; - - default: - return; - } -} - - int -spx_status(ap, name, level) - Authenticator *ap; - char *name; - int level; -{ - - gss_buffer_desc fullname_buffer, acl_file_buffer; - gss_OID fullname_type; - char acl_file[160], fullname[160]; - int major_status, status = 0; - struct passwd *pwd; - - /* - * hard code fullname to - * "SPX:/C=US/O=Digital/OU=LKG/OU=Sphinx/OU=Users/CN=Kannan Alagappan" - * and acl_file to "~kannan/.sphinx" - */ - - pwd = getpwnam(UserNameRequested); - if (pwd == NULL) { - return(AUTH_USER); /* not authenticated */ - } - - strcpy(acl_file, pwd->pw_dir); - strcat(acl_file, "/.sphinx"); - acl_file_buffer.value = acl_file; - acl_file_buffer.length = strlen(acl_file); - - major_status = gss_display_name(&status, - src_name, - &fullname_buffer, - &fullname_type); - - if (level < AUTH_USER) - return(level); - - major_status = gss__check_acl(&status, &fullname_buffer, - &acl_file_buffer); - - if (major_status == GSS_S_COMPLETE) { - strcpy(name, UserNameRequested); - return(AUTH_VALID); - } else { - return(AUTH_USER); - } - -} - -#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} -#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} - - void -spx_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; -{ - char lbuf[32]; - register int i; - - buf[buflen-1] = '\0'; /* make sure its NULL terminated */ - buflen -= 1; - - switch(data[3]) { - case SPX_REJECT: /* Rejected (reason might follow) */ - strncpy((char *)buf, " REJECT ", buflen); - goto common; - - case SPX_ACCEPT: /* Accepted (name might follow) */ - strncpy((char *)buf, " ACCEPT ", buflen); - common: - BUMP(buf, buflen); - if (cnt <= 4) - break; - ADDC(buf, buflen, '"'); - for (i = 4; i < cnt; i++) - ADDC(buf, buflen, data[i]); - ADDC(buf, buflen, '"'); - ADDC(buf, buflen, '\0'); - break; - - case SPX_AUTH: /* Authentication data follows */ - strncpy((char *)buf, " AUTH", buflen); - goto common2; - - default: - sprintf(lbuf, " %d (unknown)", data[3]); - strncpy((char *)buf, lbuf, buflen); - common2: - BUMP(buf, buflen); - for (i = 4; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); - strncpy((char *)buf, lbuf, buflen); - BUMP(buf, buflen); - } - break; - } -} - -#endif - -#ifdef notdef - -prkey(msg, key) - char *msg; - unsigned char *key; -{ - register int i; - printf("%s:", msg); - for (i = 0; i < 8; i++) - printf(" %3d", key[i]); - printf("\r\n"); -} -#endif diff --git a/crypto/telnet/libtelnet/sra.c b/crypto/telnet/libtelnet/sra.c index 8a94951..cf53fd7 100644 --- a/crypto/telnet/libtelnet/sra.c +++ b/crypto/telnet/libtelnet/sra.c @@ -29,38 +29,33 @@ */ #include <sys/cdefs.h> + __FBSDID("$FreeBSD$"); #ifdef SRA +#ifdef ENCRYPTION #include <sys/types.h> #include <arpa/telnet.h> +#include <pwd.h> #include <stdio.h> -#ifdef __STDC__ #include <stdlib.h> -#endif -#ifdef NO_STRING_H -#include <strings.h> -#else #include <string.h> -#endif +#include <syslog.h> +#include <ttyent.h> -#if !defined(NOPAM) +#ifndef NOPAM #include <security/pam_appl.h> #else #include <unistd.h> #endif -#include <pwd.h> -#include <syslog.h> -#include <ttyent.h> - #include "auth.h" #include "misc.h" #include "encrypt.h" #include "pk.h" char pka[HEXKEYBYTES+1], ska[HEXKEYBYTES+1], pkb[HEXKEYBYTES+1]; -char *user,*pass,*xuser,*xpass; +char *user, *pass, *xuser, *xpass; DesData ck; IdeaData ik; @@ -80,7 +75,7 @@ static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, #define SRA_ACCEPT 4 #define SRA_REJECT 5 -static int check_user(const char *, const char *); +static int check_user(char *, char *); /* support routine to send out authentication message */ static int @@ -115,7 +110,7 @@ Data(Authenticator *ap, int type, void *d, int c) } int -sra_init(Authenticator *ap, int server) +sra_init(Authenticator *ap __unused, int server) { if (server) str_data[3] = TELQUAL_REPLY; @@ -212,12 +207,10 @@ sra_is(Authenticator *ap, unsigned char *data, int cnt) if(valid) { Data(ap, SRA_ACCEPT, (void *)0, 0); -#ifdef DES_ENCRYPTION skey.data = ck; skey.type = SK_DES; skey.length = 8; encrypt_session_key(&skey, 1); -#endif sra_valid = 1; auth_finished(ap, AUTH_VALID); @@ -252,10 +245,9 @@ bad: void sra_reply(Authenticator *ap, unsigned char *data, int cnt) { - extern char *telnet_gets(); char uprompt[256],tuser[256]; Session_Key skey; - int i; + size_t i; if (cnt-- < 1) return; @@ -333,12 +325,10 @@ sra_reply(Authenticator *ap, unsigned char *data, int cnt) case SRA_ACCEPT: printf("[ SRA accepts you ]\r\n"); -#ifdef DES_ENCRYPTION skey.data = ck; skey.type = SK_DES; skey.length = 8; encrypt_session_key(&skey, 0); -#endif auth_finished(ap, AUTH_VALID); return; @@ -350,7 +340,7 @@ sra_reply(Authenticator *ap, unsigned char *data, int cnt) } int -sra_status(Authenticator *ap, char *name, int level) +sra_status(Authenticator *ap __unused, char *name, int level) { if (level < AUTH_USER) return(level); @@ -368,7 +358,7 @@ void sra_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { char lbuf[32]; - register int i; + int i; buf[buflen-1] = '\0'; /* make sure its NULL terminated */ buflen -= 1; @@ -423,70 +413,14 @@ sra_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) } } -struct passwd *pw; - -/* - * Helper function for sgetpwnam(). - */ -char * -sgetsave(char *s) -{ - char *new = malloc((unsigned) strlen(s) + 1); - - if (new == NULL) { - return(NULL); - } - (void) strcpy(new, s); - return (new); -} - -struct passwd * -sgetpwnam(char *name) -{ - static struct passwd save; - register struct passwd *p; - char *sgetsave(); - - if ((p = getpwnam(name)) == NULL) - return (p); - if (save.pw_name) { - free(save.pw_name); - free(save.pw_passwd); - free(save.pw_gecos); - free(save.pw_dir); - free(save.pw_shell); - } - save = *p; - save.pw_name = sgetsave(p->pw_name); - save.pw_passwd = sgetsave(p->pw_passwd); - save.pw_gecos = sgetsave(p->pw_gecos); - save.pw_dir = sgetsave(p->pw_dir); - save.pw_shell = sgetsave(p->pw_shell); -#if 0 -syslog(LOG_WARNING,"%s\n",save.pw_name); -syslog(LOG_WARNING,"%s\n",save.pw_passwd); -syslog(LOG_WARNING,"%s\n",save.pw_gecos); -syslog(LOG_WARNING,"%s\n",save.pw_dir); -#endif -#ifdef USE_SHADOW - { - struct spwd *sp; - sp = getspnam(name); - free(save.pw_passwd); - save.pw_passwd = sgetsave(sp->sp_pwdp); - } -#endif - return (&save); -} - static int -isroot(const char *user) +isroot(const char *usr) { - struct passwd *pw; + struct passwd *pwd; - if ((pw=getpwnam(user))==NULL) + if ((pwd=getpwnam(usr))==NULL) return 0; - return (!pw->pw_uid); + return (!pwd->pw_uid); } static int @@ -499,9 +433,9 @@ rootterm(char *ttyn) #ifdef NOPAM static int -check_user(const char *name, const char *pass) +check_user(char *name, char *cred) { - register char *cp; + char *cp; char *xpasswd, *salt; if (isroot(name) && !rootterm(line)) @@ -517,7 +451,7 @@ check_user(const char *name, const char *pass) } salt = pw->pw_passwd; - xpasswd = crypt(pass, salt); + xpasswd = crypt(cred, salt); /* The strcmp does not catch null passwords! */ if (pw == NULL || *pw->pw_passwd == '\0' || strcmp(xpasswd, pw->pw_passwd)) { @@ -545,9 +479,8 @@ struct cred_t { }; typedef struct cred_t cred_t; -int -auth_conv(int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata) +static int +auth_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata) { int i; cred_t *cred = (cred_t *) appdata; @@ -588,13 +521,13 @@ auth_conv(int num_msg, const struct pam_message **msg, * The PAM version as a side effect may put a new username in *name. */ static int -check_user(const char *name, const char *pass) +check_user(char *name, char *cred) { pam_handle_t *pamh = NULL; const void *item; int rval; int e; - cred_t auth_cred = { name, pass }; + cred_t auth_cred = { name, cred }; struct pam_conv conv = { &auth_conv, &auth_cred }; e = pam_start("telnetd", name, &conv, &pamh); @@ -634,7 +567,7 @@ check_user(const char *name, const char *pass) */ if ((e = pam_get_item(pamh, PAM_USER, &item)) == PAM_SUCCESS) { - strcpy((char *) name, (const char *) item); + strcpy(name, item); } else syslog(LOG_ERR, "Couldn't get PAM_USER: %s", pam_strerror(pamh, e)); @@ -665,5 +598,5 @@ check_user(const char *name, const char *pass) #endif -#endif - +#endif /* ENCRYPTION */ +#endif /* SRA */ |
