Latest version of SGI routed courtesy of Vern Schryver. This version

adds the capability to use MD5 authentication as defined in the latest
documents.

Submitted by:	Vernon J. Schryver <vjs@mica.denver.sgi.com>

3 files changed, 555 insertions, 14 deletions

diff --git a/sbin/routed/rtquery/md5.c b/sbin/routed/rtquery/md5.c
new file mode 100644
index 0000000..a6fcf16
--- /dev/null
+++ b/sbin/routed/rtquery/md5.c
@@ -0,0 +1,325 @@
+/* This code could be made a lot faster for PPP */
+
+/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+ * rights reserved.
+ *
+ * License to copy and use this software is granted provided that it
+ * is identified as the "RSA Data Security, Inc. MD5 Message-Digest
+ * Algorithm" in all material mentioning or referencing this software
+ * or this function.
+ *
+ * License is also granted to make and use derivative works provided
+ * that such works are identified as "derived from the RSA Data
+ * Security, Inc. MD5 Message-Digest Algorithm" in all material
+ * mentioning or referencing the derived work.
+ *
+ * RSA Data Security, Inc. makes no representations concerning either
+ * the merchantability of this software or the suitability of this
+ * software for any particular purpose. It is provided "as is"
+ * without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+#ident "$Revision: 1.2 $"
+
+#ifdef sgi
+#include <strings.h>
+#include <bstring.h>
+#endif
+#include <sys/types.h>
+
+#define MD5_DIGEST_LEN 16
+typedef struct {
+	u_int32_t state[4];		/* state (ABCD) */
+	u_int32_t count[2];		/* # of bits, modulo 2^64 (LSB 1st) */
+	unsigned char buffer[64];	/* input buffer */
+} MD5_CTX;
+extern void MD5Init(MD5_CTX*);
+extern void MD5Update(MD5_CTX*, u_char*, u_int);
+extern void MD5Final(u_char[MD5_DIGEST_LEN], MD5_CTX*);
+
+/* UINT4 defines a four byte word */
+#define UINT4 u_int32_t
+
+
+#define MD5_memcpy(d,s,l) bcopy(s,d,l)
+
+/* Constants for MD5Transform routine.
+ */
+#define S11 7
+#define S12 12
+#define S13 17
+#define S14 22
+#define S21 5
+#define S22 9
+#define S23 14
+#define S24 20
+#define S31 4
+#define S32 11
+#define S33 16
+#define S34 23
+#define S41 6
+#define S42 10
+#define S43 15
+#define S44 21
+
+static void MD5Transform(UINT4[4], unsigned char [64]);
+static void Encode(unsigned char *, UINT4 *, unsigned int);
+static void Decode(UINT4 *, unsigned char *, unsigned int);
+
+static unsigned char PADDING[64] = {
+	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+
+/* F, G, H and I are basic MD5 functions.
+ */
+#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+#define I(x, y, z) ((y) ^ ((x) | (~z)))
+
+/* ROTATE_LEFT rotates x left n bits.
+ */
+#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
+
+/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
+ * Rotation is separate from addition to prevent recomputation.
+ */
+#define FF(a, b, c, d, x, s, ac) { \
+	(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
+	(a) = ROTATE_LEFT ((a), (s)); \
+	(a) += (b); \
+}
+#define GG(a, b, c, d, x, s, ac) { \
+	(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
+	(a) = ROTATE_LEFT ((a), (s)); \
+	(a) += (b); \
+}
+#define HH(a, b, c, d, x, s, ac) { \
+	(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
+	(a) = ROTATE_LEFT ((a), (s)); \
+	(a) += (b); \
+}
+#define II(a, b, c, d, x, s, ac) { \
+	(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
+	(a) = ROTATE_LEFT ((a), (s)); \
+	(a) += (b); \
+}
+
+/* MD5 initialization. Begins an MD5 operation, writing a new context.
+ */
+void
+MD5Init(MD5_CTX *context)
+{
+	context->count[0] = context->count[1] = 0;
+	/* Load magic initialization constants.
+	 */
+	context->state[0] = 0x67452301;
+	context->state[1] = 0xefcdab89;
+	context->state[2] = 0x98badcfe;
+	context->state[3] = 0x10325476;
+}
+
+/* MD5 block update operation. Continues an MD5 message-digest
+ * operation, processing another message block, and updating the
+ * context.
+ */
+void
+MD5Update(MD5_CTX *context,		/* context */
+	  unsigned char *input,		/* input block */
+	  unsigned int inputLen)	/* length of input block */
+{
+	unsigned int i, indx, partLen;
+
+	/* Compute number of bytes mod 64 */
+	indx = ((context->count[0] >> 3) & 0x3F);
+
+	/* Update number of bits */
+	if ((context->count[0] += ((UINT4)inputLen << 3))
+	    < ((UINT4)inputLen << 3))
+		context->count[1]++;
+	context->count[1] += ((UINT4)inputLen >> 29);
+
+	partLen = 64 - indx;
+
+	/* Transform as many times as possible.
+	 */
+	if (inputLen >= partLen) {
+		bcopy(input, &context->buffer[indx], partLen);
+		MD5Transform (context->state, context->buffer);
+
+		for (i = partLen; i + 63 < inputLen; i += 64)
+			MD5Transform (context->state, &input[i]);
+
+		indx = 0;
+	} else {
+		i = 0;
+	}
+
+	/* Buffer remaining input */
+	bcopy(&input[i], &context->buffer[indx], inputLen-i);
+}
+
+
+/* MD5 finalization. Ends an MD5 message-digest operation, writing the
+  the message digest and zeroizing the context.
+ */
+void
+MD5Final(unsigned char digest[MD5_DIGEST_LEN],	/* message digest */
+	 MD5_CTX *context)		/* context */
+{
+	unsigned char bits[8];
+	unsigned int indx, padLen;
+
+	/* Save number of bits */
+	Encode (bits, context->count, 8);
+
+	/* Pad out to 56 mod 64.
+	 */
+	indx = (unsigned int)((context->count[0] >> 3) & 0x3f);
+	padLen = (indx < 56) ? (56 - indx) : (120 - indx);
+	MD5Update(context, PADDING, padLen);
+
+	/* Append length (before padding) */
+	MD5Update(context, bits, 8);
+
+	/* Store state in digest */
+	Encode(digest, context->state, MD5_DIGEST_LEN);
+
+	/* Zeroize sensitive information.
+	 */
+	bzero(context, sizeof(*context));
+}
+
+
+/* MD5 basic transformation. Transforms state based on block.
+ */
+static void
+MD5Transform(UINT4 state[4],
+	     unsigned char block[64])
+{
+	UINT4 a = state[0], b = state[1], c = state[2], d = state[3], x[16];
+
+	Decode (x, block, 64);
+
+	/* Round 1 */
+	FF (a, b, c, d, x[ 0], S11, 0xd76aa478);    /* 1 */
+	FF (d, a, b, c, x[ 1], S12, 0xe8c7b756);    /* 2 */
+	FF (c, d, a, b, x[ 2], S13, 0x242070db);    /* 3 */
+	FF (b, c, d, a, x[ 3], S14, 0xc1bdceee);    /* 4 */
+	FF (a, b, c, d, x[ 4], S11, 0xf57c0faf);    /* 5 */
+	FF (d, a, b, c, x[ 5], S12, 0x4787c62a);    /* 6 */
+	FF (c, d, a, b, x[ 6], S13, 0xa8304613);    /* 7 */
+	FF (b, c, d, a, x[ 7], S14, 0xfd469501);    /* 8 */
+	FF (a, b, c, d, x[ 8], S11, 0x698098d8);    /* 9 */
+	FF (d, a, b, c, x[ 9], S12, 0x8b44f7af);    /* 10 */
+	FF (c, d, a, b, x[10], S13, 0xffff5bb1);    /* 11 */
+	FF (b, c, d, a, x[11], S14, 0x895cd7be);    /* 12 */
+	FF (a, b, c, d, x[12], S11, 0x6b901122);    /* 13 */
+	FF (d, a, b, c, x[13], S12, 0xfd987193);    /* 14 */
+	FF (c, d, a, b, x[14], S13, 0xa679438e);    /* 15 */
+	FF (b, c, d, a, x[15], S14, 0x49b40821);    /* 16 */
+
+	/* Round 2 */
+	GG (a, b, c, d, x[ 1], S21, 0xf61e2562);    /* 17 */
+	GG (d, a, b, c, x[ 6], S22, 0xc040b340);    /* 18 */
+	GG (c, d, a, b, x[11], S23, 0x265e5a51);    /* 19 */
+	GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa);    /* 20 */
+	GG (a, b, c, d, x[ 5], S21, 0xd62f105d);    /* 21 */
+	GG (d, a, b, c, x[10], S22,  0x2441453);    /* 22 */
+	GG (c, d, a, b, x[15], S23, 0xd8a1e681);    /* 23 */
+	GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8);    /* 24 */
+	GG (a, b, c, d, x[ 9], S21, 0x21e1cde6);    /* 25 */
+	GG (d, a, b, c, x[14], S22, 0xc33707d6);    /* 26 */
+	GG (c, d, a, b, x[ 3], S23, 0xf4d50d87);    /* 27 */
+	GG (b, c, d, a, x[ 8], S24, 0x455a14ed);    /* 28 */
+	GG (a, b, c, d, x[13], S21, 0xa9e3e905);    /* 29 */
+	GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8);    /* 30 */
+	GG (c, d, a, b, x[ 7], S23, 0x676f02d9);    /* 31 */
+	GG (b, c, d, a, x[12], S24, 0x8d2a4c8a);    /* 32 */
+
+	/* Round 3 */
+	HH (a, b, c, d, x[ 5], S31, 0xfffa3942);    /* 33 */
+	HH (d, a, b, c, x[ 8], S32, 0x8771f681);    /* 34 */
+	HH (c, d, a, b, x[11], S33, 0x6d9d6122);    /* 35 */
+	HH (b, c, d, a, x[14], S34, 0xfde5380c);    /* 36 */
+	HH (a, b, c, d, x[ 1], S31, 0xa4beea44);    /* 37 */
+	HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9);    /* 38 */
+	HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60);    /* 39 */
+	HH (b, c, d, a, x[10], S34, 0xbebfbc70);    /* 40 */
+	HH (a, b, c, d, x[13], S31, 0x289b7ec6);    /* 41 */
+	HH (d, a, b, c, x[ 0], S32, 0xeaa127fa);    /* 42 */
+	HH (c, d, a, b, x[ 3], S33, 0xd4ef3085);    /* 43 */
+	HH (b, c, d, a, x[ 6], S34,  0x4881d05);    /* 44 */
+	HH (a, b, c, d, x[ 9], S31, 0xd9d4d039);    /* 45 */
+	HH (d, a, b, c, x[12], S32, 0xe6db99e5);    /* 46 */
+	HH (c, d, a, b, x[15], S33, 0x1fa27cf8);    /* 47 */
+	HH (b, c, d, a, x[ 2], S34, 0xc4ac5665);    /* 48 */
+
+	/* Round 4 */
+	II (a, b, c, d, x[ 0], S41, 0xf4292244);    /* 49 */
+	II (d, a, b, c, x[ 7], S42, 0x432aff97);    /* 50 */
+	II (c, d, a, b, x[14], S43, 0xab9423a7);    /* 51 */
+	II (b, c, d, a, x[ 5], S44, 0xfc93a039);    /* 52 */
+	II (a, b, c, d, x[12], S41, 0x655b59c3);    /* 53 */
+	II (d, a, b, c, x[ 3], S42, 0x8f0ccc92);    /* 54 */
+	II (c, d, a, b, x[10], S43, 0xffeff47d);    /* 55 */
+	II (b, c, d, a, x[ 1], S44, 0x85845dd1);    /* 56 */
+	II (a, b, c, d, x[ 8], S41, 0x6fa87e4f);    /* 57 */
+	II (d, a, b, c, x[15], S42, 0xfe2ce6e0);    /* 58 */
+	II (c, d, a, b, x[ 6], S43, 0xa3014314);    /* 59 */
+	II (b, c, d, a, x[13], S44, 0x4e0811a1);    /* 60 */
+	II (a, b, c, d, x[ 4], S41, 0xf7537e82);    /* 61 */
+	II (d, a, b, c, x[11], S42, 0xbd3af235);    /* 62 */
+	II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb);    /* 63 */
+	II (b, c, d, a, x[ 9], S44, 0xeb86d391);    /* 64 */
+
+	state[0] += a;
+	state[1] += b;
+	state[2] += c;
+	state[3] += d;
+
+	/* Zeroize sensitive information.
+	 */
+	bzero(x, sizeof(x));
+}
+
+
+/* Encodes input (UINT4) into output (unsigned char). Assumes len is
+ * a multiple of 4.
+ */
+static void
+Encode(unsigned char *output,
+       UINT4 *input,
+       unsigned int len)
+{
+	unsigned int i, j;
+
+	for (i = 0, j = 0; j < len; i++, j += 4) {
+		output[j] = (unsigned char)(input[i] & 0xff);
+		output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
+		output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
+		output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
+	}
+}
+
+
+/* Decodes input (unsigned char) into output (UINT4). Assumes len is
+ * a multiple of 4.
+ */
+static void
+Decode (UINT4 *output,
+	unsigned char *input,
+	unsigned int len)
+{
+	unsigned int i, j;
+
+	for (i = 0, j = 0; j < len; i++, j += 4)
+		output[i] = ((UINT4)input[j]) | (((UINT4)input[j+1]) << 8) |
+	(((UINT4)input[j+2]) << 16) | (((UINT4)input[j+3]) << 24);
+}
diff --git a/sbin/routed/rtquery/rtquery.8 b/sbin/routed/rtquery/rtquery.8
index d77ca30..7227bc4 100644
--- a/sbin/routed/rtquery/rtquery.8
+++ b/sbin/routed/rtquery/rtquery.8
@@ -9,10 +9,15 @@
 .Op Fl np1
 .Op Fl w Ar timeout
 .Op Fl r Ar addr
+.Op Fl a Ar secret
+.Ar host ...
+
+.Nm
+.Op Fl t Ar op
 .Ar host ...
 .Sh DESCRIPTION
 .Nm Rtquery
-is used to query a network routing daemon,
+is used to query a RIP network routing daemon,
 .Xr routed 8
 or
 .Xr gated 8 ,
@@ -74,12 +79,17 @@ By default, each host is given 15 seconds to respond.
 .It Fl r Ar addr
 ask about the route to destination
 .Em addr .
+.It Fl a Ar passwd=XXX
+.It Fl a Ar md5_passwd=XXX|KeyID
+cause the query to be sent with the indicated cleartext or MD5 password.
 .It Fl t Ar op
 change tracing, where
 .Em op
 is one of the following.
 Requests from processes not running with UID 0 or on distant networks
 are generally ignored by the daemon except for a message in the system log.
+.Xr gated 8 
+is likely to ignore these debugging requests.
 .El
 .Bl -tag -width Ds -offset indent-two
 .It Em on=tracefile
diff --git a/sbin/routed/rtquery/rtquery.c b/sbin/routed/rtquery/rtquery.c
index 7d6913a..0579141 100644
--- a/sbin/routed/rtquery/rtquery.c
+++ b/sbin/routed/rtquery/rtquery.c
@@ -65,6 +65,17 @@ static char rcsid[] = "$NetBSD$";
 #define _HAVE_SIN_LEN
 #endif
 
+#define MD5_DIGEST_LEN 16
+typedef struct {
+	u_int32_t state[4];		/* state (ABCD) */
+	u_int32_t count[2];		/* # of bits, modulo 2^64 (LSB 1st) */
+	unsigned char buffer[64];	/* input buffer */
+} MD5_CTX;
+extern void MD5Init(MD5_CTX*);
+extern void MD5Update(MD5_CTX*, u_char*, u_int);
+extern void MD5Final(u_char[MD5_DIGEST_LEN], MD5_CTX*);
+
+
 #define	WTIME	15		/* Time to wait for all responses */
 #define	STIME	(250*1000)	/* usec to wait for another response */
 
@@ -90,8 +101,10 @@ int	pflag;				/* play the `gated` game */
 int	ripv2 = 1;			/* use RIP version 2 */
 int	wtime = WTIME;
 int	rflag;				/* 1=ask about a particular route */
-int	trace;
-int	not_trace;
+int	trace, not_trace;		/* send trace command or not */
+int	auth_type = RIP_AUTH_NONE;
+char	passwd[RIP_AUTH_PW_LEN];
+u_long	keyid;
 
 struct timeval sent;			/* when query sent */
 
@@ -101,6 +114,7 @@ static void trace_loop(char *argv[]);
 static void query_loop(char *argv[], int);
 static int getnet(char *, struct netinfo *);
 static u_int std_mask(u_int);
+static int parse_quote(char **, char *, char *, char *, int);
 
 
 int
@@ -108,14 +122,14 @@ main(int argc,
      char *argv[])
 {
 	int ch, bsize;
-	char *p, *options, *value;
+	char *p, *options, *value, delim;
 
 	OMSG.rip_nets[0].n_dst = RIP_DEFAULT;
 	OMSG.rip_nets[0].n_family = RIP_AF_UNSPEC;
 	OMSG.rip_nets[0].n_metric = htonl(HOPCNT_INFINITY);
 
 	pgmname = argv[0];
-	while ((ch = getopt(argc, argv, "np1w:r:t:")) != EOF)
+	while ((ch = getopt(argc, argv, "np1w:r:t:a:")) != EOF)
 		switch (ch) {
 		case 'n':
 			not_trace = 1;
@@ -208,6 +222,31 @@ main(int argc,
 			}
 			break;
 
+		case 'a':
+			not_trace = 1;
+			p = strchr(optarg,'=');
+			if (!p)
+				goto usage;
+			*p++ = '\0';
+			if (!strcasecmp("passwd",optarg))
+				auth_type = RIP_AUTH_PW;
+			else if (!strcasecmp("md5_passwd",optarg))
+				auth_type = RIP_AUTH_MD5;
+			else
+				goto usage;
+			if (0 > parse_quote(&p,"|",&delim,
+					    passwd,sizeof(passwd)))
+				goto usage;
+			if (auth_type == RIP_AUTH_MD5
+			    && delim == '|') {
+				keyid = strtoul(p+1,&p,0);
+				if (keyid > 255 || *p != '\0')
+					goto usage;
+			} else if (delim != '\0') {
+				goto usage;
+			}
+			break;
+
 		default:
 			goto usage;
 	}
@@ -215,8 +254,9 @@ main(int argc,
 	argc -= optind;
 	if ((not_trace && trace) || argc == 0) {
 usage:		fprintf(stderr, "%s: [-np1v] [-r tgt_rt] [-w wtime]"
-			" host1 [host2 ...]\n"
-			"or\t-t {on=filename|more|off} host1 host2 ...\n",
+			" [-a type=passwd] host1 [host2 ...]\n"
+			"or\t-t {on=filename|more|off|on=dump/../table}"
+			" host1 [host2 ...]\n",
 			pgmname);
 		exit(1);
 	}
@@ -294,6 +334,8 @@ trace_loop(char *argv[])
 static void
 query_loop(char *argv[], int argc)
 {
+#	define NA0 (OMSG.rip_auths[0])
+#	define NA2 (OMSG.rip_auths[2])
 	struct seen {
 		struct seen *next;
 		struct in_addr addr;
@@ -304,11 +346,38 @@ query_loop(char *argv[], int argc)
 	struct timeval now, delay;
 	struct sockaddr_in from;
 	int fromlen;
+	MD5_CTX md5_ctx;
 
 
 	OMSG.rip_cmd = (pflag) ? RIPCMD_POLL : RIPCMD_REQUEST;
 	if (ripv2) {
 		OMSG.rip_vers = RIPv2;
+		if (auth_type == RIP_AUTH_PW) {
+			OMSG.rip_nets[1] = OMSG.rip_nets[0];
+			NA0.a_family = RIP_AF_AUTH;
+			NA0.a_type = RIP_AUTH_PW;
+			bcopy(passwd, NA0.au.au_pw,
+			      RIP_AUTH_PW_LEN);
+			omsg_len += sizeof(OMSG.rip_nets[0]);
+
+		} else if (auth_type == RIP_AUTH_MD5) {
+			OMSG.rip_nets[1] = OMSG.rip_nets[0];
+			NA0.a_family = RIP_AF_AUTH;
+			NA0.a_type = RIP_AUTH_MD5;
+			NA0.au.a_md5.md5_keyid = (int8_t)keyid;
+			NA0.au.a_md5.md5_auth_len = RIP_AUTH_PW_LEN;
+			NA0.au.a_md5.md5_seqno = 0;
+			NA0.au.a_md5.md5_pkt_len = sizeof(OMSG.rip_nets[1]);
+			NA2.a_family = RIP_AF_AUTH;
+			NA2.a_type = 1;
+			bcopy(passwd, NA2.au.au_pw, sizeof(NA2.au.au_pw));
+			MD5Init(&md5_ctx);
+			MD5Update(&md5_ctx, (u_char *)&NA0,
+				  (char *)(&NA2+1) - (char *)&NA0);
+			MD5Final(NA2.au.au_pw, &md5_ctx);
+			omsg_len += 2*sizeof(OMSG.rip_nets[0]);
+		}
+
 	} else {
 		OMSG.rip_vers = RIPv1;
 		OMSG.rip_nets[0].n_mask = 0;
@@ -393,7 +462,7 @@ query_loop(char *argv[], int argc)
 }
 
 
-/* sent do one host
+/* send to one host
  */
 static int
 out(char *host)
@@ -432,6 +501,60 @@ out(char *host)
 
 
 /*
+ * Convert string to printable characters
+ */
+static char *
+qstring(u_char *s, int len)
+{
+	static char buf[8*20+1];
+	char *p;
+	u_char *s2, c;
+
+
+	for (p = buf; len != 0 && p < &buf[sizeof(buf)-1]; len--) {
+		c = *s++;
+		if (c == '\0') {
+			for (s2 = s+1; s2 < &s[len]; s2++) {
+				if (*s2 != '\0')
+					break;
+			}
+			if (s2 >= &s[len])
+			    goto exit;
+		}
+
+		if (c >= ' ' && c < 0x7f && c != '\\') {
+			*p++ = c;
+			continue;
+		}
+		*p++ = '\\';
+		switch (c) {
+		case '\\':
+			*p++ = '\\';
+			break;
+		case '\n':
+			*p++= 'n';
+			break;
+		case '\r':
+			*p++= 'r';
+			break;
+		case '\t':
+			*p++ = 't';
+			break;
+		case '\b':
+			*p++ = 'b';
+			break;
+		default:
+			p += sprintf(p,"%o",c);
+			break;
+		}
+	}
+exit:
+	*p = '\0';
+	return buf;
+}
+
+
+/*
  * Handle an incoming RIP packet.
  */
 static void
@@ -447,7 +570,7 @@ rip_input(struct sockaddr_in *from,
 	int i;
 	struct hostent *hp;
 	struct netent *np;
-	struct netauth *a;
+	struct netauth *na;
 
 
 	if (nflag) {
@@ -544,11 +667,33 @@ rip_input(struct sockaddr_in *from,
 			}
 
 		} else if (n->n_family == RIP_AF_AUTH) {
-			a = (struct netauth*)n;
-			(void)printf("    authentication type %d: ",
-				     a->a_type);
-			for (i = 0; i < sizeof(a->au.au_pw); i++)
-				(void)printf("%02x ", a->au.au_pw[i]);
+			na = (struct netauth*)n;
+			if (na->a_type == RIP_AUTH_PW
+			    && n == IMSG.rip_nets) {
+				(void)printf("  Password Authentication:"
+					     " \"%s\"\n",
+					     qstring(na->au.au_pw,
+						     RIP_AUTH_PW_LEN));
+				continue;
+			}
+
+			if (na->a_type == RIP_AUTH_MD5
+			    && n == IMSG.rip_nets) {
+				(void)printf("  MD5 Authentication"
+					     " len=%d KeyID=%d"
+					     " seqno=%d"
+					     " rsvd=%#x,%#x\n",
+					     na->au.a_md5.md5_pkt_len,
+					     na->au.a_md5.md5_keyid,
+					     na->au.a_md5.md5_seqno,
+					     na->au.a_md5.rsvd[0],
+					     na->au.a_md5.rsvd[1]);
+				continue;
+			}
+			(void)printf("  Authentication type %d: ",
+				     ntohs(na->a_type));
+			for (i = 0; i < sizeof(na->au.au_pw); i++)
+				(void)printf("%02x ", na->au.au_pw[i]);
 			putc('\n', stdout);
 			continue;
 
@@ -652,3 +797,64 @@ getnet(char *name,
 	rt->n_mask = htonl(mask);
 	return 1;
 }
+
+
+/* strtok(), but honoring backslash
+ */
+static int				/* -1=bad */
+parse_quote(char **linep,
+	    char *delims,
+	    char *delimp,
+	    char *buf,
+	    int	lim)
+{
+	char c, *pc, *p;
+
+
+	pc = *linep;
+	if (*pc == '\0')
+		return -1;
+
+	for (;;) {
+		if (lim == 0)
+			return -1;
+		c = *pc++;
+		if (c == '\0')
+			break;
+
+		if (c == '\\' && pc != '\0') {
+			if ((c = *pc++) == 'n') {
+				c = '\n';
+			} else if (c == 'r') {
+				c = '\r';
+			} else if (c == 't') {
+				c = '\t';
+			} else if (c == 'b') {
+				c = '\b';
+			} else if (c >= '0' && c <= '7') {
+				c -= '0';
+				if (*pc >= '0' && *pc <= '7') {
+					c = (c<<3)+(*pc++ - '0');
+					if (*pc >= '0' && *pc <= '7')
+					    c = (c<<3)+(*pc++ - '0');
+				}
+			}
+
+		} else {
+			for (p = delims; *p != '\0'; ++p) {
+				if (*p == c)
+					goto exit;
+			}
+		}
+
+		*buf++ = c;
+		--lim;
+	}
+exit:
+	if (delimp != 0)
+		*delimp = c;
+	*linep = pc-1;
+	if (lim != 0)
+		*buf = '\0';
+	return 0;
+}