diff options
Diffstat (limited to 'contrib/telnet/libtelnet/sra.c')
-rw-r--r-- | contrib/telnet/libtelnet/sra.c | 119 |
1 files changed, 26 insertions, 93 deletions
diff --git a/contrib/telnet/libtelnet/sra.c b/contrib/telnet/libtelnet/sra.c index 8a94951..cf53fd7 100644 --- a/contrib/telnet/libtelnet/sra.c +++ b/contrib/telnet/libtelnet/sra.c @@ -29,38 +29,33 @@ */ #include <sys/cdefs.h> + __FBSDID("$FreeBSD$"); #ifdef SRA +#ifdef ENCRYPTION #include <sys/types.h> #include <arpa/telnet.h> +#include <pwd.h> #include <stdio.h> -#ifdef __STDC__ #include <stdlib.h> -#endif -#ifdef NO_STRING_H -#include <strings.h> -#else #include <string.h> -#endif +#include <syslog.h> +#include <ttyent.h> -#if !defined(NOPAM) +#ifndef NOPAM #include <security/pam_appl.h> #else #include <unistd.h> #endif -#include <pwd.h> -#include <syslog.h> -#include <ttyent.h> - #include "auth.h" #include "misc.h" #include "encrypt.h" #include "pk.h" char pka[HEXKEYBYTES+1], ska[HEXKEYBYTES+1], pkb[HEXKEYBYTES+1]; -char *user,*pass,*xuser,*xpass; +char *user, *pass, *xuser, *xpass; DesData ck; IdeaData ik; @@ -80,7 +75,7 @@ static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, #define SRA_ACCEPT 4 #define SRA_REJECT 5 -static int check_user(const char *, const char *); +static int check_user(char *, char *); /* support routine to send out authentication message */ static int @@ -115,7 +110,7 @@ Data(Authenticator *ap, int type, void *d, int c) } int -sra_init(Authenticator *ap, int server) +sra_init(Authenticator *ap __unused, int server) { if (server) str_data[3] = TELQUAL_REPLY; @@ -212,12 +207,10 @@ sra_is(Authenticator *ap, unsigned char *data, int cnt) if(valid) { Data(ap, SRA_ACCEPT, (void *)0, 0); -#ifdef DES_ENCRYPTION skey.data = ck; skey.type = SK_DES; skey.length = 8; encrypt_session_key(&skey, 1); -#endif sra_valid = 1; auth_finished(ap, AUTH_VALID); @@ -252,10 +245,9 @@ bad: void sra_reply(Authenticator *ap, unsigned char *data, int cnt) { - extern char *telnet_gets(); char uprompt[256],tuser[256]; Session_Key skey; - int i; + size_t i; if (cnt-- < 1) return; @@ -333,12 +325,10 @@ sra_reply(Authenticator *ap, unsigned char *data, int cnt) case SRA_ACCEPT: printf("[ SRA accepts you ]\r\n"); -#ifdef DES_ENCRYPTION skey.data = ck; skey.type = SK_DES; skey.length = 8; encrypt_session_key(&skey, 0); -#endif auth_finished(ap, AUTH_VALID); return; @@ -350,7 +340,7 @@ sra_reply(Authenticator *ap, unsigned char *data, int cnt) } int -sra_status(Authenticator *ap, char *name, int level) +sra_status(Authenticator *ap __unused, char *name, int level) { if (level < AUTH_USER) return(level); @@ -368,7 +358,7 @@ void sra_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { char lbuf[32]; - register int i; + int i; buf[buflen-1] = '\0'; /* make sure its NULL terminated */ buflen -= 1; @@ -423,70 +413,14 @@ sra_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) } } -struct passwd *pw; - -/* - * Helper function for sgetpwnam(). - */ -char * -sgetsave(char *s) -{ - char *new = malloc((unsigned) strlen(s) + 1); - - if (new == NULL) { - return(NULL); - } - (void) strcpy(new, s); - return (new); -} - -struct passwd * -sgetpwnam(char *name) -{ - static struct passwd save; - register struct passwd *p; - char *sgetsave(); - - if ((p = getpwnam(name)) == NULL) - return (p); - if (save.pw_name) { - free(save.pw_name); - free(save.pw_passwd); - free(save.pw_gecos); - free(save.pw_dir); - free(save.pw_shell); - } - save = *p; - save.pw_name = sgetsave(p->pw_name); - save.pw_passwd = sgetsave(p->pw_passwd); - save.pw_gecos = sgetsave(p->pw_gecos); - save.pw_dir = sgetsave(p->pw_dir); - save.pw_shell = sgetsave(p->pw_shell); -#if 0 -syslog(LOG_WARNING,"%s\n",save.pw_name); -syslog(LOG_WARNING,"%s\n",save.pw_passwd); -syslog(LOG_WARNING,"%s\n",save.pw_gecos); -syslog(LOG_WARNING,"%s\n",save.pw_dir); -#endif -#ifdef USE_SHADOW - { - struct spwd *sp; - sp = getspnam(name); - free(save.pw_passwd); - save.pw_passwd = sgetsave(sp->sp_pwdp); - } -#endif - return (&save); -} - static int -isroot(const char *user) +isroot(const char *usr) { - struct passwd *pw; + struct passwd *pwd; - if ((pw=getpwnam(user))==NULL) + if ((pwd=getpwnam(usr))==NULL) return 0; - return (!pw->pw_uid); + return (!pwd->pw_uid); } static int @@ -499,9 +433,9 @@ rootterm(char *ttyn) #ifdef NOPAM static int -check_user(const char *name, const char *pass) +check_user(char *name, char *cred) { - register char *cp; + char *cp; char *xpasswd, *salt; if (isroot(name) && !rootterm(line)) @@ -517,7 +451,7 @@ check_user(const char *name, const char *pass) } salt = pw->pw_passwd; - xpasswd = crypt(pass, salt); + xpasswd = crypt(cred, salt); /* The strcmp does not catch null passwords! */ if (pw == NULL || *pw->pw_passwd == '\0' || strcmp(xpasswd, pw->pw_passwd)) { @@ -545,9 +479,8 @@ struct cred_t { }; typedef struct cred_t cred_t; -int -auth_conv(int num_msg, const struct pam_message **msg, - struct pam_response **resp, void *appdata) +static int +auth_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata) { int i; cred_t *cred = (cred_t *) appdata; @@ -588,13 +521,13 @@ auth_conv(int num_msg, const struct pam_message **msg, * The PAM version as a side effect may put a new username in *name. */ static int -check_user(const char *name, const char *pass) +check_user(char *name, char *cred) { pam_handle_t *pamh = NULL; const void *item; int rval; int e; - cred_t auth_cred = { name, pass }; + cred_t auth_cred = { name, cred }; struct pam_conv conv = { &auth_conv, &auth_cred }; e = pam_start("telnetd", name, &conv, &pamh); @@ -634,7 +567,7 @@ check_user(const char *name, const char *pass) */ if ((e = pam_get_item(pamh, PAM_USER, &item)) == PAM_SUCCESS) { - strcpy((char *) name, (const char *) item); + strcpy(name, item); } else syslog(LOG_ERR, "Couldn't get PAM_USER: %s", pam_strerror(pamh, e)); @@ -665,5 +598,5 @@ check_user(const char *name, const char *pass) #endif -#endif - +#endif /* ENCRYPTION */ +#endif /* SRA */ |