Remove the scary bits from telnetd - no more encryption left here.

Only crypt.c in libc remains.
Reviewed by:	Geoff Rehmet

6 files changed, 3 insertions, 274 deletions

diff --git a/libexec/telnetd/Makefile b/libexec/telnetd/Makefile
index e2b5f1b..543ec17 100644
--- a/libexec/telnetd/Makefile
+++ b/libexec/telnetd/Makefile
@@ -5,33 +5,13 @@ CFLAGS+=-DLINEMODE -DKLUDGELINEMODE -DUSE_TERMIO -DDIAGNOSTICS
 CFLAGS+=-DOLD_ENVIRON -DENV_HACK
 CFLAGS+=-I${.CURDIR}/../../lib
 #CFLAGS+=-DAUTHENTICATION -DENCRYPTION
-SRCS=	authenc.c global.c slc.c state.c sys_term.c telnetd.c \
+SRCS=	global.c slc.c state.c sys_term.c telnetd.c \
 	termstat.c utility.c
+#SRCS+=	authenc.c
 DPADD=	${LIBUTIL} ${LIBTERM}
 LDADD=	-lutil -ltermcap -ltelnet
 #LDADD+=	-lkrb -ldes
 MAN8=	telnetd.8
 
-# These are the sources that have encryption stuff in them.
-CRYPT_SRC= authenc.c ext.h state.c telnetd.c termstat.c
-CRYPT_SRC+= utility.c Makefile
-NOCRYPT_DIR=${.CURDIR}/Nocrypt
 
 .include <bsd.prog.mk>
-
-nocrypt:
-#ifdef	ENCRYPTION
-	@for i in ${CRYPT_SRC}; do \
-	    if [ ! -d ${NOCRYPT_DIR} ]; then \
-		echo Creating subdirectory ${NOCRYPT_DIR}; \
-		mkdir ${NOCRYPT_DIR}; \
-	    fi; \
-	    echo ${NOCRYPT_DIR}/$$i; \
-	    unifdef -UENCRYPTION ${.CURDIR}/$$i | \
-		sed "s/ || defined(ENCRYPTION)//" > ${NOCRYPT_DIR}/$$i; \
-	done
-
-placeholder:
-#else	/* ENCRYPTION */
-	@echo "Encryption code already removed."
-#endif	/* ENCRYPTION */
diff --git a/libexec/telnetd/ext.h b/libexec/telnetd/ext.h
index 19bc0d6..62b0fd7 100644
--- a/libexec/telnetd/ext.h
+++ b/libexec/telnetd/ext.h
@@ -191,11 +191,6 @@ extern void
 	wontoption P((int)),
 	writenet P((unsigned char *, int));
 
-#ifdef	ENCRYPTION
-extern void	(*encrypt_output) P((unsigned char *, int));
-extern int	(*decrypt_input) P((int));
-extern char	*nclearto;
-#endif	/* ENCRYPTION */
 
 
 /*
diff --git a/libexec/telnetd/state.c b/libexec/telnetd/state.c
index 2d327a5..c957734 100644
--- a/libexec/telnetd/state.c
+++ b/libexec/telnetd/state.c
@@ -94,10 +94,6 @@ telrcv()
 		if ((&ptyobuf[BUFSIZ] - pfrontp) < 2)
 			break;
 		c = *netip++ & 0377, ncc--;
-#ifdef	ENCRYPTION
-		if (decrypt_input)
-			c = (*decrypt_input)(c);
-#endif	/* ENCRYPTION */
 		switch (state) {
 
 		case TS_CR:
@@ -126,10 +122,6 @@ telrcv()
 			 */
 			if ((c == '\r') && his_state_is_wont(TELOPT_BINARY)) {
 				int nc = *netip;
-#ifdef	ENCRYPTION
-				if (decrypt_input)
-					nc = (*decrypt_input)(nc & 0xff);
-#endif	/* ENCRYPTION */
 #ifdef	LINEMODE
 				/*
 				 * If we are operating in linemode,
@@ -142,10 +134,6 @@ telrcv()
 				} else
 #endif
 				{
-#ifdef	ENCRYPTION
-					if (decrypt_input)
-						(void)(*decrypt_input)(-1);
-#endif	/* ENCRYPTION */
 					state = TS_CR;
 				}
 			}
@@ -464,9 +452,6 @@ extern void auth_request();
 #ifdef	LINEMODE
 extern void doclientstat();
 #endif
-#ifdef	ENCRYPTION
-extern void encrypt_send_support();
-#endif	/* ENCRYPTION */
 
 	void
 willoption(option)
@@ -580,12 +565,6 @@ willoption(option)
 			break;
 #endif
 
-#ifdef	ENCRYPTION
-		case TELOPT_ENCRYPT:
-			func = encrypt_send_support;
-			changeok++;
-			break;
-#endif	/* ENCRYPTION */
 
 		default:
 			break;
@@ -645,11 +624,6 @@ willoption(option)
 			break;
 #endif
 
-#ifdef	ENCRYPTION
-		case TELOPT_ENCRYPT:
-			func = encrypt_send_support;
-			break;
-#endif	/* ENCRYPTION */
 		case TELOPT_LFLOW:
 			func = flowstat;
 			break;
@@ -940,11 +914,6 @@ dooption(option)
 			/* NOT REACHED */
 			break;
 
-#ifdef	ENCRYPTION
-		case TELOPT_ENCRYPT:
-			changeok++;
-			break;
-#endif	/* ENCRYPTION */
 		case TELOPT_LINEMODE:
 		case TELOPT_TTYPE:
 		case TELOPT_NAWS:
@@ -1464,49 +1433,6 @@ suboption()
 	}
 	break;
 #endif
-#ifdef	ENCRYPTION
-    case TELOPT_ENCRYPT:
-	if (SB_EOF())
-		break;
-	switch(SB_GET()) {
-	case ENCRYPT_SUPPORT:
-		encrypt_support(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_IS:
-		encrypt_is(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_REPLY:
-		encrypt_reply(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_START:
-		encrypt_start(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_END:
-		encrypt_end();
-		break;
-	case ENCRYPT_REQSTART:
-		encrypt_request_start(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_REQEND:
-		/*
-		 * We can always send an REQEND so that we cannot
-		 * get stuck encrypting.  We should only get this
-		 * if we have been able to get in the correct mode
-		 * anyhow.
-		 */
-		encrypt_request_end();
-		break;
-	case ENCRYPT_ENC_KEYID:
-		encrypt_enc_keyid(subpointer, SB_LEN());
-		break;
-	case ENCRYPT_DEC_KEYID:
-		encrypt_dec_keyid(subpointer, SB_LEN());
-		break;
-	default:
-		break;
-	}
-	break;
-#endif	/* ENCRYPTION */
 
     default:
 	break;
diff --git a/libexec/telnetd/telnetd.c b/libexec/telnetd/telnetd.c
index 6860534..5b2a884 100644
--- a/libexec/telnetd/telnetd.c
+++ b/libexec/telnetd/telnetd.c
@@ -143,9 +143,6 @@ char valid_opts[] = {
 #ifdef DIAGNOSTICS
 	'D', ':',
 #endif
-#ifdef	ENCRYPTION
-	'e', ':',
-#endif
 #if	defined(CRAY) && defined(NEWINIT)
 	'I', ':',
 #endif
@@ -176,9 +173,6 @@ main(argc, argv)
 	pfrontp = pbackp = ptyobuf;
 	netip = netibuf;
 	nfrontp = nbackp = netobuf;
-#ifdef	ENCRYPTION
-	nclearto = 0;
-#endif	/* ENCRYPTION */
 
 	progname = *argv;
 
@@ -258,17 +252,6 @@ main(argc, argv)
 			break;
 #endif /* DIAGNOSTICS */
 
-#ifdef	ENCRYPTION
-		case 'e':
-			if (strcmp(optarg, "debug") == 0) {
-				extern int encrypt_debug_mode;
-				encrypt_debug_mode = 1;
-				break;
-			}
-			usage();
-			/* NOTREACHED */
-			break;
-#endif	/* ENCRYPTION */
 
 		case 'h':
 			hostinfo = 0;
@@ -605,18 +588,12 @@ getterminaltype(name)
     }
 #endif
 
-#ifdef	ENCRYPTION
-    send_will(TELOPT_ENCRYPT, 1);
-#endif	/* ENCRYPTION */
     send_do(TELOPT_TTYPE, 1);
     send_do(TELOPT_TSPEED, 1);
     send_do(TELOPT_XDISPLOC, 1);
     send_do(TELOPT_NEW_ENVIRON, 1);
     send_do(TELOPT_OLD_ENVIRON, 1);
     while (
-#ifdef	ENCRYPTION
-	   his_do_dont_is_changing(TELOPT_ENCRYPT) ||
-#endif	/* ENCRYPTION */
 	   his_will_wont_is_changing(TELOPT_TTYPE) ||
 	   his_will_wont_is_changing(TELOPT_TSPEED) ||
 	   his_will_wont_is_changing(TELOPT_XDISPLOC) ||
@@ -624,15 +601,6 @@ getterminaltype(name)
 	   his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) {
 	ttloop();
     }
-#ifdef	ENCRYPTION
-    /*
-     * Wait for the negotiation of what type of encryption we can
-     * send with.  If autoencrypt is not set, this will just return.
-     */
-    if (his_state_is_will(TELOPT_ENCRYPT)) {
-	encrypt_wait();
-    }
-#endif	/* ENCRYPTION */
     if (his_state_is_will(TELOPT_TSPEED)) {
 	static unsigned char sb[] =
 			{ IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
@@ -854,7 +822,7 @@ doit(who)
 	(void) gethostname(host_name, sizeof (host_name));
 	hostname = host_name;
 
-#if	defined(AUTHENTICATION) || defined(ENCRYPTION)
+#if	defined(AUTHENTICATION)
 	auth_encrypt_init(hostname, host, "TELNETD", 1);
 #endif
 
diff --git a/libexec/telnetd/termstat.c b/libexec/telnetd/termstat.c
index a3f6931..25124a0 100644
--- a/libexec/telnetd/termstat.c
+++ b/libexec/telnetd/termstat.c
@@ -181,25 +181,6 @@ localstat()
 		tty_setlinemode(uselinemode);
 	}
 
-#ifdef	ENCRYPTION
-	/*
-	 * If the terminal is not echoing, but editing is enabled,
-	 * something like password input is going to happen, so
-	 * if we the other side is not currently sending encrypted
-	 * data, ask the other side to start encrypting.
-	 */
-	if (his_state_is_will(TELOPT_ENCRYPT)) {
-		static int enc_passwd = 0;
-		if (uselinemode && !tty_isecho() && tty_isediting()
-		    && (enc_passwd == 0) && !decrypt_input) {
-			encrypt_send_request_start();
-			enc_passwd = 1;
-		} else if (enc_passwd) {
-			encrypt_send_request_end();
-			enc_passwd = 0;
-		}
-	}
-#endif	/* ENCRYPTION */
 
 	/*
 	 * Do echo mode handling as soon as we know what the
diff --git a/libexec/telnetd/utility.c b/libexec/telnetd/utility.c
index 8c08bdc..1fbd7e3 100644
--- a/libexec/telnetd/utility.c
+++ b/libexec/telnetd/utility.c
@@ -193,11 +193,7 @@ netclear()
 #define	wewant(p)	((nfrontp > p) && ((*p&0xff) == IAC) && \
 				((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
 
-#ifdef	ENCRYPTION
-    thisitem = nclearto > netobuf ? nclearto : netobuf;
-#else	/* ENCRYPTION */
     thisitem = netobuf;
-#endif	/* ENCRYPTION */
 
     while ((next = nextitem(thisitem)) <= nbackp) {
 	thisitem = next;
@@ -205,11 +201,7 @@ netclear()
 
     /* Now, thisitem is first before/at boundary. */
 
-#ifdef	ENCRYPTION
-    good = nclearto > netobuf ? nclearto : netobuf;
-#else	/* ENCRYPTION */
     good = netobuf;	/* where the good bytes go */
-#endif	/* ENCRYPTION */
 
     while (nfrontp > thisitem) {
 	if (wewant(thisitem)) {
@@ -250,15 +242,6 @@ netflush()
 	      n += strlen(nfrontp);  /* get count first */
 	      nfrontp += strlen(nfrontp);  /* then move pointer */
 	    });
-#ifdef	ENCRYPTION
-	if (encrypt_output) {
-		char *s = nclearto ? nclearto : nbackp;
-		if (nfrontp - s > 0) {
-			(*encrypt_output)((unsigned char *)s, nfrontp-s);
-			nclearto = nfrontp;
-		}
-	}
-#endif	/* ENCRYPTION */
 	/*
 	 * if no urgent data, or if the other side appears to be an
 	 * old 4.2 client (and thus unable to survive TCP urgent data),
@@ -289,18 +272,11 @@ netflush()
 	cleanup(0);
     }
     nbackp += n;
-#ifdef	ENCRYPTION
-    if (nbackp > nclearto)
-	nclearto = 0;
-#endif	/* ENCRYPTION */
     if (nbackp >= neturg) {
 	neturg = 0;
     }
     if (nbackp == nfrontp) {
 	nbackp = nfrontp = netobuf;
-#ifdef	ENCRYPTION
-	nclearto = 0;
-#endif	/* ENCRYPTION */
     }
     return;
 }  /* end of netflush */
@@ -346,16 +322,6 @@ fatal(f, msg)
 	char buf[BUFSIZ];
 
 	(void) sprintf(buf, "telnetd: %s.\r\n", msg);
-#ifdef	ENCRYPTION
-	if (encrypt_output) {
-		/*
-		 * Better turn off encryption first....
-		 * Hope it flushes...
-		 */
-		encrypt_send_end();
-		netflush();
-	}
-#endif	/* ENCRYPTION */
 	(void) write(f, buf, (int)strlen(buf));
 	sleep(1);	/*XXX*/
 	exit(1);
@@ -1044,93 +1010,6 @@ printsub(direction, pointer, length)
 	    break;
 #endif
 
-#ifdef	ENCRYPTION
-	case TELOPT_ENCRYPT:
-	    sprintf(nfrontp, "ENCRYPT");
-	    nfrontp += strlen(nfrontp);
-	    if (length < 2) {
-		sprintf(nfrontp, " (empty suboption??\?)");
-		nfrontp += strlen(nfrontp);
-		break;
-	    }
-	    switch (pointer[1]) {
-	    case ENCRYPT_START:
-		sprintf(nfrontp, " START");
-		nfrontp += strlen(nfrontp);
-		break;
-
-	    case ENCRYPT_END:
-		sprintf(nfrontp, " END");
-		nfrontp += strlen(nfrontp);
-		break;
-
-	    case ENCRYPT_REQSTART:
-		sprintf(nfrontp, " REQUEST-START");
-		nfrontp += strlen(nfrontp);
-		break;
-
-	    case ENCRYPT_REQEND:
-		sprintf(nfrontp, " REQUEST-END");
-		nfrontp += strlen(nfrontp);
-		break;
-
-	    case ENCRYPT_IS:
-	    case ENCRYPT_REPLY:
-		sprintf(nfrontp, " %s ", (pointer[1] == ENCRYPT_IS) ?
-							"IS" : "REPLY");
-		nfrontp += strlen(nfrontp);
-		if (length < 3) {
-		    sprintf(nfrontp, " (partial suboption??\?)");
-		    nfrontp += strlen(nfrontp);
-		    break;
-		}
-		if (ENCTYPE_NAME_OK(pointer[2]))
-		    sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[2]));
-		else
-		    sprintf(nfrontp, " %d (unknown)", pointer[2]);
-		nfrontp += strlen(nfrontp);
-
-		encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
-		sprintf(nfrontp, "%s", buf);
-		nfrontp += strlen(nfrontp);
-		break;
-
-	    case ENCRYPT_SUPPORT:
-		i = 2;
-		sprintf(nfrontp, " SUPPORT ");
-		nfrontp += strlen(nfrontp);
-		while (i < length) {
-		    if (ENCTYPE_NAME_OK(pointer[i]))
-			sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[i]));
-		    else
-			sprintf(nfrontp, "%d ", pointer[i]);
-		    nfrontp += strlen(nfrontp);
-		    i++;
-		}
-		break;
-
-	    case ENCRYPT_ENC_KEYID:
-		sprintf(nfrontp, " ENC_KEYID", pointer[1]);
-		nfrontp += strlen(nfrontp);
-		goto encommon;
-
-	    case ENCRYPT_DEC_KEYID:
-		sprintf(nfrontp, " DEC_KEYID", pointer[1]);
-		nfrontp += strlen(nfrontp);
-		goto encommon;
-
-	    default:
-		sprintf(nfrontp, " %d (unknown)", pointer[1]);
-		nfrontp += strlen(nfrontp);
-	    encommon:
-		for (i = 2; i < length; i++) {
-		    sprintf(nfrontp, " %d", pointer[i]);
-		    nfrontp += strlen(nfrontp);
-		}
-		break;
-	    }
-	    break;
-#endif	/* ENCRYPTION */
 
 	default:
 	    if (TELOPT_OK(pointer[0]))