diff options
Diffstat (limited to 'secure')
92 files changed, 37129 insertions, 44 deletions
diff --git a/secure/Makefile b/secure/Makefile new file mode 100644 index 0000000..e74ab8e --- /dev/null +++ b/secure/Makefile @@ -0,0 +1,35 @@ +# $Id: Makefile,v 1.8 1995/09/29 20:22:44 ache Exp $ + +# lib must be first, or it will not work. This is because we reference +# the lib's in the directory where they are built from the binaries we +# want to build. + +SUBDIR= lib usr.bin + +SDIR= ${.CURDIR}/.. + +CODAI= ${MAKE} ${MFLAGS} cleandir; \ + ${MAKE} ${MFLAGS} obj; \ + ${MAKE} ${MFLAGS} depend all install + +CODAD= ${MAKE} ${MFLAGS} MAKE_EBONES=yes cleandir; \ + ${MAKE} ${MFLAGS} MAKE_EBONES=yes obj; \ + ${MAKE} ${MFLAGS} MAKE_EBONES=yes depend all distribute + +# These are the programs which depend on secure libs +sprog: + cd ${SDIR}/bin/ed; ${CODAI} + cd ${SDIR}/sbin/init; ${CODAI} + +bootstrap: + ( cd include; ${MAKE} ${MFLAGS} install ) + ( cd lib; ${MAKE} ${MFLAGS} depend all install ) + ${MAKE} ${MFLAGS} cleandir + ${MAKE} ${MFLAGS} obj + ${MAKE} ${MFLAGS} depend all install sprog + +help-distribute: distribute + cd ${SDIR}/bin/ed; ${CODAD} + cd ${SDIR}/sbin/init; ${CODAD} + +.include <bsd.subdir.mk> diff --git a/secure/Makefile.inc b/secure/Makefile.inc new file mode 100644 index 0000000..65ea36b --- /dev/null +++ b/secure/Makefile.inc @@ -0,0 +1,15 @@ +# $Id: Makefile.inc,v 1.6 1995/05/11 22:07:49 jkh Exp $ + +DISTRIBUTION=des + +.if exists(${.CURDIR}/../../lib/libtelnet/obj) +TELNETOBJDIR= ${.CURDIR}/../../lib/libtelnet/obj +.else +TELNETOBJDIR= ${.CURDIR}/../../lib/libtelnet +.endif + +.if exists(${.CURDIR}/../../lib/libcrypt/obj) +CRYPTOBJDIR= ${.CURDIR}/../../lib/libcrypt/obj +.else +CRYPTOBJDIR= ${.CURDIR}/../../lib/libcrypt +.endif diff --git a/secure/lib/Makefile b/secure/lib/Makefile new file mode 100644 index 0000000..2b47738 --- /dev/null +++ b/secure/lib/Makefile @@ -0,0 +1,6 @@ +# $Id$ + +SUBDIR= libcipher libdes + +.include <bsd.subdir.mk> + diff --git a/secure/lib/Makefile.inc b/secure/lib/Makefile.inc new file mode 100644 index 0000000..019e99a --- /dev/null +++ b/secure/lib/Makefile.inc @@ -0,0 +1,6 @@ +# $Id: Makefile.inc,v 1.3 1994/11/14 20:45:28 phk Exp $ + +.include "${.CURDIR}/../../Makefile.inc" +.if exists(${.CURDIR}/../../../lib/Makefile.inc) +.include "${.CURDIR}/../../../lib/Makefile.inc" +.endif diff --git a/secure/lib/libcipher/Makefile b/secure/lib/libcipher/Makefile new file mode 100644 index 0000000..c0cd46a --- /dev/null +++ b/secure/lib/libcipher/Makefile @@ -0,0 +1,16 @@ +# +# $Id: Makefile,v 1.8 1996/04/11 07:08:09 markm Exp $ +# + +LIB= cipher +SRCS= crypt.c +PRECIOUSLIB= yes +#NOPROFILE= yes + +MAN3= cipher.3 +MLINKS= cipher.3 encrypt.3 cipher.3 setkey.3 +MLINKS+=cipher.3 des_cipher.3 cipher.3 des_setkey.3 + +#SUBDIR= test + +.include <bsd.lib.mk> diff --git a/secure/lib/libcipher/README b/secure/lib/libcipher/README new file mode 100644 index 0000000..53ea229 --- /dev/null +++ b/secure/lib/libcipher/README @@ -0,0 +1,98 @@ + + FreeSec - NetBSD libcrypt replacement + + David Burren <davidb@werj.com.au> + Release 1.0, March 1994 + + Document ref: $Id: README,v 1.1 1994/09/07 08:55:24 g89r4222 Exp $ + + +Description +=========== +This library is a drop-in replacement for the libcrypt used in U.S. copies +of NetBSD, duplicating that library's functionality. A suite of verification +and benchmark tools is provided. + +FreeSec 1.0 is an original implementation of the DES algorithm and the +crypt(3) interfaces used in Unix-style operating systems. It was produced +in Australia and as such is not covered by U.S. export restrictions (at +least for copies that remain outside the U.S.). + + +History +======= +An earlier version of the FreeSec library was built using the UFC-crypt +package that is distributed as part of the GNU library. UFC-crypt did not +support the des_cipher() or des_setkey() functions, nor the new-style +crypt with long keys. These were implemented in FreeSec 0.2, but at least +one bug remained, where encryption would only succeed if either the salt +or the plaintext was zero. Because of its heritage FreeSec 0.2 was covered +by the GNU Library Licence. + +FreeSec 1.0 is an original implementation by myself, and has been tested +against the verification suite I'd been using with FreeSec 0.2 (this is not +encumbered by any licence). FreeSec 1.0 is covered by a Berkeley-style +licence, which better fits into the *BSD hierarchy than the earlier GNU +licence. + + +Why should you use FreeSec? +=========================== +FreeSec is intended as a replacement for the U.S.-only NetBSD libcrypt, +to act as a baseline for encryption functionality. + +Some other packages (such as Eric Young's libdes package) are faster and +more complete than FreeSec, but typically have different licencing +arrangements. While some applications will justify the use of these +packages, the idea here is that everyone should have access to *at least* +the functionality of FreeSec. + + +Performance of FreeSec 1.0 +========================== +I compare below the performance of three libcrypt implementations. As can be +seen, it's between the U.S. library and UFC-crypt. While the performance of +FreeSec 1.0 is good enough to keep me happy for now, I hope to improve it in +future versions. I was interested to note that while UFC-crypt is faster on +a 386, hardware characteristics can have markedly different effects on each +implementation. + + +386DX40, 128k cache | U.S. BSD | FreeSec 1.0 | FreeSec 0.2 +CFLAGS=-O2 | | | +========================+===============+===============+================== +crypt (alternate keys) | 317 | 341 | 395 + crypt/sec | | | +------------------------+---------------+---------------+------------------ +crypt (constant key) | 317 | 368 | 436 + crypt/sec | | | +------------------------+---------------+---------------+------------------ +des_cipher( , , , 1) | 6037 | 7459 | 3343 + blocks/sec | | | +------------------------+---------------+---------------+------------------ +des_cipher( , , , 25) | 8871 | 9627 | 15926 + blocks/sec | | | + +Notes: The results tabled here are the average over 10 runs. + The entry/exit code for FreeSec 0.2's des_cipher() is particularly + inefficient, thus the anomalous result for single encryptions. + + +As an experiment using a machine with a larger register set and an +obscenely fast CPU, I obtained the following results: + + 60 MHz R4400 | FreeSec 1.0 | FreeSec 0.2 + ========================+================================= + crypt (alternate keys) | 2545 | 2702 + crypt/sec | | + ------------------------+--------------------------------- + crypt (constant key) | 2852 | 2981 + crypt/sec | | + ------------------------+--------------------------------- + des_cipher( , , , 1) | 56443 | 21409 + blocks/sec | | + ------------------------+--------------------------------- + des_cipher( , , , 25) | 82531 | 18276 + blocks/sec | | + +Obviously your mileage will vary with your hardware and your compiler... diff --git a/secure/lib/libcipher/README.FreeBSD b/secure/lib/libcipher/README.FreeBSD new file mode 100644 index 0000000..06b943f --- /dev/null +++ b/secure/lib/libcipher/README.FreeBSD @@ -0,0 +1,6 @@ +$Id: README.FreeBSD,v 1.1 1994/09/07 08:55:25 g89r4222 Exp $ + +This is FreeSec package for NetBSD, unchanged for +FreeBSD, except for the Makefile. + +The other stuff in libcrypt will be added in stages! diff --git a/secure/lib/libcipher/cipher.3 b/secure/lib/libcipher/cipher.3 new file mode 100644 index 0000000..162e89f --- /dev/null +++ b/secure/lib/libcipher/cipher.3 @@ -0,0 +1,150 @@ +.\" FreeSec: libcrypt for NetBSD +.\" +.\" Copyright (c) 1994 David Burren +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 4. Neither the name of the author nor the names of other contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: crypt.3,v 1.5 1995/07/25 14:03:49 mark Exp $ +.\" +.\" Manual page, using -mandoc macros +.\" +.Dd March 9, 1994 +.Dt CIPHER 3 +.Os "FreeSec 1.0" +.Sh NAME +.Nm setkey , +.Nm encrypt , +.Nm des_setkey , +.Nm des_cipher , +.Nd DES encryption +.Sh SYNOPSIS +.Ft int +.Fn setkey "char *key" +.Ft int +.Fn encrypt "char *block" "int flag" +.Ft int +.Fn des_setkey "const char *key" +.Ft int +.Fn des_cipher "const char *in" "char *out" "long salt" "int count" +.Sh DESCRIPTION +The functions, +.Fn encrypt , +.Fn setkey , +.Fn des_setkey +and +.Fn des_cipher +provide access to the +.Tn DES +algorithm. +.Fn setkey +is passed a 64-byte array of binary values (numeric 0 or 1). +A 56-bit key is extracted from this array by dividing the +array into groups of 8, and ignoring the last bit in each group. +That bit is reserved for a byte parity check by DES, but is ignored +by these functions. +.Pp +The +.Fa block +argument to +.Fn encrypt +is also a 64-byte array of binary values. +If the value of +.Fa flag +is 0, +.Fa block +is encrypted otherwise it is decrypted. +The result is returned in the original array +.Fa block +after using the key specified by +.Fn setkey +to process it. +.Pp +The argument to +.Fn des_setkey +is a character array of length 8. +The least significant bit (the parity bit) in each character is ignored, +and the remaining bits are concatenated to form a 56-bit key. +The function +.Fn des_cipher +encrypts (or decrypts if +.Fa count +is negative) the 64-bits stored in the 8 characters at +.Fa in +using +.Xr abs 3 +of +.Fa count +iterations of +.Tn DES +and stores the 64-bit result in the 8 characters at +.Fa out +(which may be the same as +.Fa in +). +The +.Fa salt +introduces disorder in the +.Tn DES +algorithm in one of 16777216 or 4096 possible ways +(ie. with 24 or 12 bits: if bit +.Em i +of the +.Ar salt +is set, then bits +.Em i +and +.Em i+24 +are swapped in the +.Tn DES +E-box output). +.Pp +The functions +.Fn setkey , +.Fn encrypt , +.Fn des_setkey , +and +.Fn des_cipher +return 0 on success and 1 on failure. +.Pp +The +.Fn setkey +and +.Fn des_setkey +functions manipulate the same key space. +.Sh SEE ALSO +.Xr login 1 , +.Xr passwd 1 , +.Xr getpass 3 , +.Xr crypt 3 , +.Xr passwd 5 +.Sh HISTORY +This library (FreeSec 1.0) was developed outside the United States of America +as an unencumbered replacement for the U.S.-only NetBSD libcrypt encryption +library. +Users should be aware that this code (and programs staticly linked with it) +may not be exported from the U.S., although it apparently can be imported. +.Sh AUTHOR +David Burren <davidb@werj.com.au> diff --git a/secure/lib/libcipher/crypt.c b/secure/lib/libcipher/crypt.c new file mode 100644 index 0000000..cbdefde --- /dev/null +++ b/secure/lib/libcipher/crypt.c @@ -0,0 +1,623 @@ +/* + * FreeSec: libcrypt for NetBSD + * + * Copyright (c) 1994 David Burren + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the author nor the names of other contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: crypt.c,v 1.2 1994/09/07 21:48:46 csgr Exp $ + * + * This is an original implementation of the DES and the crypt(3) interfaces + * by David Burren <davidb@werj.com.au>. + * + * An excellent reference on the underlying algorithm (and related + * algorithms) is: + * + * B. Schneier, Applied Cryptography: protocols, algorithms, + * and source code in C, John Wiley & Sons, 1994. + * + * Note that in that book's description of DES the lookups for the initial, + * pbox, and final permutations are inverted (this has been brought to the + * attention of the author). A list of errata for this book has been + * posted to the sci.crypt newsgroup by the author and is available for FTP. + * + * ARCHITECTURE ASSUMPTIONS: + * This code assumes that u_longs are 32 bits. It will probably not + * operate on 64-bit machines without modifications. + * It is assumed that the 8-byte arrays passed by reference can be + * addressed as arrays of u_longs (ie. the CPU is not picky about + * alignment). + */ +#include <sys/types.h> +#include <sys/param.h> +#include <pwd.h> + +#ifdef DEBUG +# include <stdio.h> +#endif + + +static u_char IP[64] = { + 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, + 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 +}; + +static u_char inv_key_perm[64]; +static u_char u_key_perm[56]; +static u_char key_perm[56] = { + 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, + 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 +}; + +static u_char key_shifts[16] = { + 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 +}; + +static u_char inv_comp_perm[56]; +static u_char comp_perm[48] = { + 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, + 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 +}; + +/* + * No E box is used, as it's replaced by some ANDs, shifts, and ORs. + */ + +static u_char u_sbox[8][64]; +static u_char sbox[8][64] = { + { + 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, + 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, + 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, + 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 + }, + { + 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, + 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, + 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, + 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 + }, + { + 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, + 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, + 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, + 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 + }, + { + 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, + 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, + 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, + 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 + }, + { + 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, + 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, + 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, + 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 + }, + { + 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, + 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, + 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, + 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 + }, + { + 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, + 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, + 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, + 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 + }, + { + 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, + 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, + 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, + 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 + } +}; + +static u_char un_pbox[32]; +static u_char pbox[32] = { + 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, + 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 +}; + +static u_long bits32[32] = +{ + 0x80000000, 0x40000000, 0x20000000, 0x10000000, + 0x08000000, 0x04000000, 0x02000000, 0x01000000, + 0x00800000, 0x00400000, 0x00200000, 0x00100000, + 0x00080000, 0x00040000, 0x00020000, 0x00010000, + 0x00008000, 0x00004000, 0x00002000, 0x00001000, + 0x00000800, 0x00000400, 0x00000200, 0x00000100, + 0x00000080, 0x00000040, 0x00000020, 0x00000010, + 0x00000008, 0x00000004, 0x00000002, 0x00000001 +}; + +static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; + +static u_long saltbits; +static long old_salt; +static u_long *bits28, *bits24; +static u_char init_perm[64], final_perm[64]; +static u_long en_keysl[16], en_keysr[16]; +static u_long de_keysl[16], de_keysr[16]; +static int des_initialised = 0; +static u_char m_sbox[4][4096]; +static u_long psbox[4][256]; +static u_long ip_maskl[8][256], ip_maskr[8][256]; +static u_long fp_maskl[8][256], fp_maskr[8][256]; +static u_long key_perm_maskl[8][128], key_perm_maskr[8][128]; +static u_long comp_maskl[8][128], comp_maskr[8][128]; +static u_long old_rawkey0, old_rawkey1; + +static u_char ascii64[] = + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; +/* 0000000000111111111122222222223333333333444444444455555555556666 */ +/* 0123456789012345678901234567890123456789012345678901234567890123 */ + +static inline int +ascii_to_bin(char ch) +{ + if (ch > 'z') + return(0); + if (ch >= 'a') + return(ch - 'a' + 38); + if (ch > 'Z') + return(0); + if (ch >= 'A') + return(ch - 'A' + 12); + if (ch > '9') + return(0); + if (ch >= '.') + return(ch - '.'); + return(0); +} + + +static void +des_init() +{ + int i, j, b, k, inbit, obit; + u_long *p, *il, *ir, *fl, *fr; + + old_rawkey0 = old_rawkey1 = 0L; + saltbits = 0L; + old_salt = 0L; + bits24 = (bits28 = bits32 + 4) + 4; + + /* + * Invert the S-boxes, reordering the input bits. + */ + for (i = 0; i < 8; i++) + for (j = 0; j < 64; j++) { + b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); + u_sbox[i][j] = sbox[i][b]; + } + + /* + * Convert the inverted S-boxes into 4 arrays of 8 bits. + * Each will handle 12 bits of the S-box input. + */ + for (b = 0; b < 4; b++) + for (i = 0; i < 64; i++) + for (j = 0; j < 64; j++) + m_sbox[b][(i << 6) | j] = + (u_sbox[(b << 1)][i] << 4) | + u_sbox[(b << 1) + 1][j]; + + /* + * Set up the initial & final permutations into a useful form, and + * initialise the inverted key permutation. + */ + for (i = 0; i < 64; i++) { + init_perm[final_perm[i] = IP[i] - 1] = i; + inv_key_perm[i] = 255; + } + + /* + * Invert the key permutation and initialise the inverted key + * compression permutation. + */ + for (i = 0; i < 56; i++) { + u_key_perm[i] = key_perm[i] - 1; + inv_key_perm[key_perm[i] - 1] = i; + inv_comp_perm[i] = 255; + } + + /* + * Invert the key compression permutation. + */ + for (i = 0; i < 48; i++) { + inv_comp_perm[comp_perm[i] - 1] = i; + } + + /* + * Set up the OR-mask arrays for the initial and final permutations, + * and for the key initial and compression permutations. + */ + for (k = 0; k < 8; k++) { + for (i = 0; i < 256; i++) { + *(il = &ip_maskl[k][i]) = 0L; + *(ir = &ip_maskr[k][i]) = 0L; + *(fl = &fp_maskl[k][i]) = 0L; + *(fr = &fp_maskr[k][i]) = 0L; + for (j = 0; j < 8; j++) { + inbit = 8 * k + j; + if (i & bits8[j]) { + if ((obit = init_perm[inbit]) < 32) + *il |= bits32[obit]; + else + *ir |= bits32[obit-32]; + if ((obit = final_perm[inbit]) < 32) + *fl |= bits32[obit]; + else + *fr |= bits32[obit - 32]; + } + } + } + for (i = 0; i < 128; i++) { + *(il = &key_perm_maskl[k][i]) = 0L; + *(ir = &key_perm_maskr[k][i]) = 0L; + for (j = 0; j < 7; j++) { + inbit = 8 * k + j; + if (i & bits8[j + 1]) { + if ((obit = inv_key_perm[inbit]) == 255) + continue; + if (obit < 28) + *il |= bits28[obit]; + else + *ir |= bits28[obit - 28]; + } + } + *(il = &comp_maskl[k][i]) = 0L; + *(ir = &comp_maskr[k][i]) = 0L; + for (j = 0; j < 7; j++) { + inbit = 7 * k + j; + if (i & bits8[j + 1]) { + if ((obit=inv_comp_perm[inbit]) == 255) + continue; + if (obit < 24) + *il |= bits24[obit]; + else + *ir |= bits24[obit - 24]; + } + } + } + } + + /* + * Invert the P-box permutation, and convert into OR-masks for + * handling the output of the S-box arrays setup above. + */ + for (i = 0; i < 32; i++) + un_pbox[pbox[i] - 1] = i; + + for (b = 0; b < 4; b++) + for (i = 0; i < 256; i++) { + *(p = &psbox[b][i]) = 0L; + for (j = 0; j < 8; j++) { + if (i & bits8[j]) + *p |= bits32[un_pbox[8 * b + j]]; + } + } + + des_initialised = 1; +} + + +static void +setup_salt(long salt) +{ + u_long obit, saltbit; + int i; + + if (salt == old_salt) + return; + old_salt = salt; + + saltbits = 0L; + saltbit = 1; + obit = 0x800000; + for (i = 0; i < 24; i++) { + if (salt & saltbit) + saltbits |= obit; + saltbit <<= 1; + obit >>= 1; + } +} + + +int +des_setkey(const char *key) +{ + u_long k0, k1, rawkey0, rawkey1; + int shifts, i, b, round; + + if (!des_initialised) + des_init(); + + rawkey0 = ntohl(*(u_long *) key); + rawkey1 = ntohl(*(u_long *) (key + 4)); + + if ((rawkey0 | rawkey1) + && rawkey0 == old_rawkey0 + && rawkey1 == old_rawkey1) { + /* + * Already setup for this key. + * This optimisation fails on a zero key (which is weak and + * has bad parity anyway) in order to simplify the starting + * conditions. + */ + return(0); + } + old_rawkey0 = rawkey0; + old_rawkey1 = rawkey1; + + /* + * Do key permutation and split into two 28-bit subkeys. + */ + k0 = key_perm_maskl[0][rawkey0 >> 25] + | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] + | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] + | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] + | key_perm_maskl[4][rawkey1 >> 25] + | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] + | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] + | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; + k1 = key_perm_maskr[0][rawkey0 >> 25] + | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] + | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] + | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] + | key_perm_maskr[4][rawkey1 >> 25] + | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] + | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] + | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; + /* + * Rotate subkeys and do compression permutation. + */ + shifts = 0; + for (round = 0; round < 16; round++) { + u_long t0, t1; + int bit; + + shifts += key_shifts[round]; + + t0 = (k0 << shifts) | (k0 >> (28 - shifts)); + t1 = (k1 << shifts) | (k1 >> (28 - shifts)); + + de_keysl[15 - round] = + en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] + | comp_maskl[1][(t0 >> 14) & 0x7f] + | comp_maskl[2][(t0 >> 7) & 0x7f] + | comp_maskl[3][t0 & 0x7f] + | comp_maskl[4][(t1 >> 21) & 0x7f] + | comp_maskl[5][(t1 >> 14) & 0x7f] + | comp_maskl[6][(t1 >> 7) & 0x7f] + | comp_maskl[7][t1 & 0x7f]; + + de_keysr[15 - round] = + en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] + | comp_maskr[1][(t0 >> 14) & 0x7f] + | comp_maskr[2][(t0 >> 7) & 0x7f] + | comp_maskr[3][t0 & 0x7f] + | comp_maskr[4][(t1 >> 21) & 0x7f] + | comp_maskr[5][(t1 >> 14) & 0x7f] + | comp_maskr[6][(t1 >> 7) & 0x7f] + | comp_maskr[7][t1 & 0x7f]; + } + return(0); +} + + +static int +do_des( u_long l_in, u_long r_in, u_long *l_out, u_long *r_out, int count) +{ + /* + * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. + */ + u_long mask, rawl, rawr, l, r, *kl, *kr, *kl1, *kr1; + u_long f, r48l, r48r; + int i, j, b, round; + + if (count == 0) { + return(1); + } else if (count > 0) { + /* + * Encrypting + */ + kl1 = en_keysl; + kr1 = en_keysr; + } else { + /* + * Decrypting + */ + count = -count; + kl1 = de_keysl; + kr1 = de_keysr; + } + + /* + * Do initial permutation (IP). + */ + l = ip_maskl[0][l_in >> 24] + | ip_maskl[1][(l_in >> 16) & 0xff] + | ip_maskl[2][(l_in >> 8) & 0xff] + | ip_maskl[3][l_in & 0xff] + | ip_maskl[4][r_in >> 24] + | ip_maskl[5][(r_in >> 16) & 0xff] + | ip_maskl[6][(r_in >> 8) & 0xff] + | ip_maskl[7][r_in & 0xff]; + r = ip_maskr[0][l_in >> 24] + | ip_maskr[1][(l_in >> 16) & 0xff] + | ip_maskr[2][(l_in >> 8) & 0xff] + | ip_maskr[3][l_in & 0xff] + | ip_maskr[4][r_in >> 24] + | ip_maskr[5][(r_in >> 16) & 0xff] + | ip_maskr[6][(r_in >> 8) & 0xff] + | ip_maskr[7][r_in & 0xff]; + + while (count--) { + /* + * Do each round. + */ + kl = kl1; + kr = kr1; + round = 16; + while (round--) { + /* + * Expand R to 48 bits (simulate the E-box). + */ + r48l = ((r & 0x00000001) << 23) + | ((r & 0xf8000000) >> 9) + | ((r & 0x1f800000) >> 11) + | ((r & 0x01f80000) >> 13) + | ((r & 0x001f8000) >> 15); + + r48r = ((r & 0x0001f800) << 7) + | ((r & 0x00001f80) << 5) + | ((r & 0x000001f8) << 3) + | ((r & 0x0000001f) << 1) + | ((r & 0x80000000) >> 31); + /* + * Do salting for crypt() and friends, and + * XOR with the permuted key. + */ + f = (r48l ^ r48r) & saltbits; + r48l ^= f ^ *kl++; + r48r ^= f ^ *kr++; + /* + * Do sbox lookups (which shrink it back to 32 bits) + * and do the pbox permutation at the same time. + */ + f = psbox[0][m_sbox[0][r48l >> 12]] + | psbox[1][m_sbox[1][r48l & 0xfff]] + | psbox[2][m_sbox[2][r48r >> 12]] + | psbox[3][m_sbox[3][r48r & 0xfff]]; + /* + * Now that we've permuted things, complete f(). + */ + f ^= l; + l = r; + r = f; + } + r = l; + l = f; + } + /* + * Do final permutation (inverse of IP). + */ + *l_out = fp_maskl[0][l >> 24] + | fp_maskl[1][(l >> 16) & 0xff] + | fp_maskl[2][(l >> 8) & 0xff] + | fp_maskl[3][l & 0xff] + | fp_maskl[4][r >> 24] + | fp_maskl[5][(r >> 16) & 0xff] + | fp_maskl[6][(r >> 8) & 0xff] + | fp_maskl[7][r & 0xff]; + *r_out = fp_maskr[0][l >> 24] + | fp_maskr[1][(l >> 16) & 0xff] + | fp_maskr[2][(l >> 8) & 0xff] + | fp_maskr[3][l & 0xff] + | fp_maskr[4][r >> 24] + | fp_maskr[5][(r >> 16) & 0xff] + | fp_maskr[6][(r >> 8) & 0xff] + | fp_maskr[7][r & 0xff]; + return(0); +} + + +int +des_cipher(const char *in, char *out, long salt, int count) +{ + u_long l_out, r_out, rawl, rawr; + int retval; + + if (!des_initialised) + des_init(); + + setup_salt(salt); + + rawl = ntohl(*((u_long *) in)++); + rawr = ntohl(*((u_long *) in)); + + retval = do_des(rawl, rawr, &l_out, &r_out, count); + + *((u_long *) out)++ = htonl(l_out); + *((u_long *) out) = htonl(r_out); + return(retval); +} + + +int +setkey(char *key) +{ + int i, j; + u_long packed_keys[2]; + u_char *p; + + p = (u_char *) packed_keys; + + for (i = 0; i < 8; i++) { + p[i] = 0; + for (j = 0; j < 8; j++) + if (*key++ & 1) + p[i] |= bits8[j]; + } + return(des_setkey(p)); +} + + +int +encrypt(char *block, int flag) +{ + u_long io[2]; + u_char *p; + int i, j, retval; + + if (!des_initialised) + des_init(); + + setup_salt(0L); + p = block; + for (i = 0; i < 2; i++) { + io[i] = 0L; + for (j = 0; j < 32; j++) + if (*p++ & 1) + io[i] |= bits32[j]; + } + retval = do_des(io[0], io[1], io, io + 1, flag ? -1 : 1); + for (i = 0; i < 2; i++) + for (j = 0; j < 32; j++) + block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0; + return(retval); +} + diff --git a/secure/lib/libcipher/test/Makefile b/secure/lib/libcipher/test/Makefile new file mode 100644 index 0000000..f1cf6cc --- /dev/null +++ b/secure/lib/libcipher/test/Makefile @@ -0,0 +1,56 @@ +# +# Hacked Makefile to compile and run the DES-certification program, +# but not install anything. +# +# $Id: Makefile,v 1.1.1.1 1994/09/07 21:18:08 csgr Exp $ +# +LIBCRYPT!=cd $(.CURDIR)/..; \ + printf "xxx:\n\techo \$${.OBJDIR}/libcipher.a\n" | make -r -s -f - xxx + +#CFLAGS+= -DHAVE_CRYPT16 +LIBCRYPT+= -lcrypt + +TARGETS=cert speedcrypt speeddes + +all: ${TARGETS} + +test: all testcrypt testencrypt testdes testspeed + +testcrypt: cert + @./cert -c + +testencrypt: cert + @./cert -e < ${.CURDIR}/cert.input + +testdes: cert + @./cert -d < ${.CURDIR}/cert.input + +testspeed: cryptspeed desspeed + +cryptspeed: speedcrypt + @./speedcrypt 30 1 + @./speedcrypt 30 1 + @./speedcrypt 30 0 + @./speedcrypt 30 0 + +desspeed: speeddes + @./speeddes 30 1 + @./speeddes 30 1 + @./speeddes 40 25 + @./speeddes 40 25 + +cert: cert.c ${LIBCRYPT} + $(CC) $(CFLAGS) -o cert ${.CURDIR}/cert.c ${LIBCRYPT} + +speedcrypt: speedcrypt.c ${LIBCRYPT} + $(CC) $(CFLAGS) -o speedcrypt ${.CURDIR}/speedcrypt.c ${LIBCRYPT} + +speeddes: speeddes.c ${LIBCRYPT} + $(CC) $(CFLAGS) -o speeddes ${.CURDIR}/speeddes.c ${LIBCRYPT} + +clean: + rm -f ${TARGETS} + +install: + +.include <bsd.prog.mk> diff --git a/secure/lib/libcipher/test/README b/secure/lib/libcipher/test/README new file mode 100644 index 0000000..eb6b0be --- /dev/null +++ b/secure/lib/libcipher/test/README @@ -0,0 +1,10 @@ +This directory contains test programs to certify DES operation and to +time the crypt() call (of curiosity value). + +Simply type `make test` to run the tests. + +The normal `make all` and `make install` that get done during library building +and installation will build these programs BUT NOT INSTALL THEM. After all, +they're only for testing... + +- David Burren, January 1994 diff --git a/secure/lib/libcipher/test/cert.c b/secure/lib/libcipher/test/cert.c new file mode 100644 index 0000000..549c230 --- /dev/null +++ b/secure/lib/libcipher/test/cert.c @@ -0,0 +1,344 @@ +/* + * This DES validation program shipped with FreeSec is derived from that + * shipped with UFC-crypt which is apparently derived from one distributed + * with Phil Karns PD DES package. + * + * $Id: cert.c,v 1.1.1.1 1994/09/07 21:18:08 csgr Exp $ + */ + +#include <stdio.h> + +int totfails = 0; + +char *crypt(); +#ifdef HAVE_CRYPT16 +char *crypt16(); +#endif /* HAVE_CRYPT16 */ + + +static struct crypt_test { + char *key, *setting, *answer; +} crypt_tests[] = { + "foob", "ar", "arlEKn0OzVJn.", + "holyhooplasbatman!", "_X.......", "_X.......N89y2Z.e4WU", + "holyhooplasbatman!", "_X...X...", "_X...X...rSUDQ5Na/QM", + "holyhooplasbatman!", "_XX..X...", "_XX..X...P8vb9xU4JAk", + "holyhooplasbatman!", "_XX..XX..", "_XX..XX..JDs5IlGLqT2", + "holyhooplasbatman!", "_XX..XXa.", "_XX..XXa.bFVsOnCNh8Y", + "holyhooplasbatman!", "_XXa.X...", "_XXa.X...Ghsb3QKNaps", +#ifdef TAKES_TOO_LONG_ON_SOME_CRYPTS + "holyhooplasbatman!", "_arararar", "_ararararNGMzvpNjeCc", +#endif + NULL, NULL, NULL, +}; + + +static struct crypt_test crypt16_tests[] = { + "foob", "ar", "arxo23jZDD5AYbHbqoy9Dalg", + "holyhooplasbatman!", "ar", "arU5FRLJ3kxIoedlmyrOelEw", + NULL, NULL, NULL +}; + + +void good_bye() +{ + if(totfails == 0) { + printf(" Passed validation\n"); + exit(0); + } else { + printf(" %d failures during validation!!!\n", totfails); + exit(1); + } +} + + +void put8(cp) +char *cp; +{ + int i,j,t; + + for(i = 0; i < 8; i++){ + t = 0; + for(j = 0; j < 8; j++) + t = t << 1 | *cp++; + printf("%02x", t); + } +} + + +void print_bits(bits) +unsigned char *bits; +{ + int i; + + for (i = 0; i < 8; i++) { + printf("%02x", bits[i]); + } +} + + +int parse_line(buff, salt, key, plain, answer) +char *buff; +long *salt; +char *key, *plain, *answer; +{ + char *ptr1, *ptr2; + int val; + int i,j,t; + + /* + * Extract salt + */ + if (sscanf(buff, "%lu", salt) != 1) + return(-1); + for (ptr2 = buff; *ptr2 && !isspace(*ptr2); ptr2++) + ; + + /* + * Extract key + */ + for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++) + ; + for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++) + ; + if (ptr2 - ptr1 != 16) + return(-1); + for (i = 0; i < 8; i++){ + if (sscanf(ptr1 + 2*i, "%2x", &t) != 1) + return(-2); + for (j = 0; j < 8; j++) + *key++ = (t & 1 << (7 - j)) != 0; + } + + /* + * Extract plain + */ + for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++) + ; + for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++) + ; + if (ptr2 - ptr1 != 16) + return(-1); + for (i = 0; i < 8; i++){ + if (sscanf(ptr1 + 2*i, "%2x", &t) != 1) + return(-2); + for (j = 0; j < 8; j++) + *plain++ = (t & 1 << (7 - j)) != 0; + } + + /* + * Extract answer + */ + for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++) + ; + for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++) + ; + if (ptr2 - ptr1 != 16) + return(-1); + for (i = 0; i < 8; i++){ + if (sscanf(ptr1 + 2*i, "%2x", &t) != 1) + return(-2); + for (j = 0; j < 8; j++) + *answer++ = (t & 1 << (7 - j)) != 0; + } + return(0); +} + +/* + * Test the setkey and encrypt functions + */ +void test_encrypt() +{ + char key[64],plain[64],cipher[64],answer[64]; + char buff[BUFSIZ]; + unsigned long salt; + int i; + int test; + int fail; + + printf("Testing setkey/encrypt\n"); + + for(test=0;fgets(buff, BUFSIZ, stdin);test++){ + + /* + * Allow comments. + */ + if (*buff == '#') + continue; + + if ((fail = parse_line(buff, &salt, key, plain, answer)) < 0){ + printf("test %d garbled (%d)\n", test, fail); + continue; + } + + if (salt) + continue; /* encrypt has no salt support */ + + printf(" K: "); put8(key); + printf(" P: "); put8(plain); + printf(" C: "); put8(answer); + + setkey(key); + for(i = 0; i < 64; i++) + cipher[i] = plain[i]; + encrypt(cipher, 0); + + for(i=0;i<64;i++) + if(cipher[i] != answer[i]) + break; + fail = 0; + if(i != 64){ + printf(" Enc FAIL "); + put8(cipher); + fail++; totfails++; + } + + encrypt(cipher, 1); + + for(i=0;i<64;i++) + if(cipher[i] != plain[i]) + break; + if(i != 64){ + printf(" Dec FAIL"); + fail++; totfails++; + } + + if(fail == 0) + printf(" OK"); + printf("\n"); + } +} + + +void bytes_to_bits(bytes, bits) +char *bytes; +unsigned char *bits; +{ + int i, j; + + for (i = 0; i < 8; i++) { + bits[i] = 0; + for (j = 0; j < 8; j++) { + bits[i] |= (bytes[i*8+j] & 1) << (7 - j); + } + } +} + + +/* + * Test the des_setkey and des_cipher functions + */ +void test_des() +{ + char ckey[64], cplain[64], canswer[64]; + unsigned char key[8], plain[8], cipher[8], answer[8]; + char buff[BUFSIZ]; + unsigned long salt; + int i; + int test; + int fail; + + printf("Testing des_setkey/des_cipher\n"); + + for(test=0;fgets(buff, BUFSIZ, stdin);test++){ + + /* + * Allow comments. + */ + if (*buff == '#') + continue; + + if ((fail = parse_line(buff, &salt, ckey, cplain, canswer)) <0){ + printf("test %d garbled (%d)\n", test, fail); + continue; + } + + printf(" S: %06x", salt); + printf(" K: "); put8(ckey); + printf(" P: "); put8(cplain); + printf(" C: "); put8(canswer); + + bytes_to_bits(ckey, key); + bytes_to_bits(cplain, plain); + bytes_to_bits(canswer, answer); + des_setkey(key); + des_cipher(plain, cipher, salt, 1); + + for(i = 0; i < 8; i++) + if(cipher[i] != answer[i]) + break; + fail = 0; + if(i != 8){ + printf(" Enc FAIL "); + print_bits(cipher); + fail++; totfails++; + } + + des_cipher(cipher, cipher, salt, -1); + + for(i = 0; i < 8; i++) + if(cipher[i] != plain[i]) + break; + if(i != 8){ + printf(" Dec FAIL"); + fail++; totfails++; + } + + if(fail == 0) + printf(" OK"); + printf("\n"); + } +} + + +/* + * Test the old-style crypt(), the new-style crypt(), and crypt16(). + */ +void test_crypt() +{ + char *result; + struct crypt_test *p; + + printf("Testing crypt() family\n"); + + for (p = crypt_tests; p->key; p++) { + printf(" crypt(\"%s\", \"%s\"), \"%s\" expected", + p->key, p->setting, p->answer); + fflush(stdout); + result = crypt(p->key, p->setting); + if(!strcmp(result, p->answer)) { + printf(", OK\n"); + } else { + printf("\n failed (\"%s\")\n", result); + totfails++; + } + } + +#ifdef HAVE_CRYPT16 + for (p = crypt16_tests; p->key; p++) { + printf(" crypt16(\"%s\", \"%s\"), \"%s\" expected", + p->key, p->setting, p->answer); + fflush(stdout); + result = crypt16(p->key, p->setting); + if(!strcmp(result, p->answer)) { + printf(", OK\n"); + } else { + printf("\n failed (\"%s\")\n", result); + totfails++; + } + } +#endif /* HAVE_CRYPT16 */ +} + +main(argc, argv) +int argc; +char *argv[]; +{ + if(argc < 1 || !strcmp(argv[1], "-e")) + test_encrypt(); + else if(!strcmp(argv[1], "-d")) + test_des(); + else if(!strcmp(argv[1], "-c")) + test_crypt(); + good_bye(); +} diff --git a/secure/lib/libcipher/test/cert.input b/secure/lib/libcipher/test/cert.input new file mode 100644 index 0000000..275639c --- /dev/null +++ b/secure/lib/libcipher/test/cert.input @@ -0,0 +1,179 @@ +# $Id: cert.input,v 1.1 1994/09/07 08:55:26 g89r4222 Exp $ +# +# Salt, key, plaintext, ciphertext +# +0 0101010101010101 95f8a5e5dd31d900 8000000000000000 +0 0101010101010101 dd7f121ca5015619 4000000000000000 +0 0101010101010101 2e8653104f3834ea 2000000000000000 +0 0101010101010101 4bd388ff6cd81d4f 1000000000000000 +0 0101010101010101 20b9e767b2fb1456 0800000000000000 +0 0101010101010101 55579380d77138ef 0400000000000000 +0 0101010101010101 6cc5defaaf04512f 0200000000000000 +0 0101010101010101 0d9f279ba5d87260 0100000000000000 +0 0101010101010101 d9031b0271bd5a0a 0080000000000000 +0 0101010101010101 424250b37c3dd951 0040000000000000 +0 0101010101010101 b8061b7ecd9a21e5 0020000000000000 +0 0101010101010101 f15d0f286b65bd28 0010000000000000 +0 0101010101010101 add0cc8d6e5deba1 0008000000000000 +0 0101010101010101 e6d5f82752ad63d1 0004000000000000 +0 0101010101010101 ecbfe3bd3f591a5e 0002000000000000 +0 0101010101010101 f356834379d165cd 0001000000000000 +0 0101010101010101 2b9f982f20037fa9 0000800000000000 +0 0101010101010101 889de068a16f0be6 0000400000000000 +0 0101010101010101 e19e275d846a1298 0000200000000000 +0 0101010101010101 329a8ed523d71aec 0000100000000000 +0 0101010101010101 e7fce22557d23c97 0000080000000000 +0 0101010101010101 12a9f5817ff2d65d 0000040000000000 +0 0101010101010101 a484c3ad38dc9c19 0000020000000000 +0 0101010101010101 fbe00a8a1ef8ad72 0000010000000000 +0 0101010101010101 750d079407521363 0000008000000000 +0 0101010101010101 64feed9c724c2faf 0000004000000000 +0 0101010101010101 f02b263b328e2b60 0000002000000000 +0 0101010101010101 9d64555a9a10b852 0000001000000000 +0 0101010101010101 d106ff0bed5255d7 0000000800000000 +0 0101010101010101 e1652c6b138c64a5 0000000400000000 +0 0101010101010101 e428581186ec8f46 0000000200000000 +0 0101010101010101 aeb5f5ede22d1a36 0000000100000000 +0 0101010101010101 e943d7568aec0c5c 0000000080000000 +0 0101010101010101 df98c8276f54b04b 0000000040000000 +0 0101010101010101 b160e4680f6c696f 0000000020000000 +0 0101010101010101 fa0752b07d9c4ab8 0000000010000000 +0 0101010101010101 ca3a2b036dbc8502 0000000008000000 +0 0101010101010101 5e0905517bb59bcf 0000000004000000 +0 0101010101010101 814eeb3b91d90726 0000000002000000 +0 0101010101010101 4d49db1532919c9f 0000000001000000 +0 0101010101010101 25eb5fc3f8cf0621 0000000000800000 +0 0101010101010101 ab6a20c0620d1c6f 0000000000400000 +0 0101010101010101 79e90dbc98f92cca 0000000000200000 +0 0101010101010101 866ecedd8072bb0e 0000000000100000 +0 0101010101010101 8b54536f2f3e64a8 0000000000080000 +0 0101010101010101 ea51d3975595b86b 0000000000040000 +0 0101010101010101 caffc6ac4542de31 0000000000020000 +0 0101010101010101 8dd45a2ddf90796c 0000000000010000 +0 0101010101010101 1029d55e880ec2d0 0000000000008000 +0 0101010101010101 5d86cb23639dbea9 0000000000004000 +0 0101010101010101 1d1ca853ae7c0c5f 0000000000002000 +0 0101010101010101 ce332329248f3228 0000000000001000 +0 0101010101010101 8405d1abe24fb942 0000000000000800 +0 0101010101010101 e643d78090ca4207 0000000000000400 +0 0101010101010101 48221b9937748a23 0000000000000200 +0 0101010101010101 dd7c0bbd61fafd54 0000000000000100 +0 0101010101010101 2fbc291a570db5c4 0000000000000080 +0 0101010101010101 e07c30d7e4e26e12 0000000000000040 +0 0101010101010101 0953e2258e8e90a1 0000000000000020 +0 0101010101010101 5b711bc4ceebf2ee 0000000000000010 +0 0101010101010101 cc083f1e6d9e85f6 0000000000000008 +0 0101010101010101 d2fd8867d50d2dfe 0000000000000004 +0 0101010101010101 06e7ea22ce92708f 0000000000000002 +0 0101010101010101 166b40b44aba4bd6 0000000000000001 +0 8001010101010101 0000000000000000 95a8d72813daa94d +0 4001010101010101 0000000000000000 0eec1487dd8c26d5 +0 2001010101010101 0000000000000000 7ad16ffb79c45926 +0 1001010101010101 0000000000000000 d3746294ca6a6cf3 +0 0801010101010101 0000000000000000 809f5f873c1fd761 +0 0401010101010101 0000000000000000 c02faffec989d1fc +0 0201010101010101 0000000000000000 4615aa1d33e72f10 +0 0180010101010101 0000000000000000 2055123350c00858 +0 0140010101010101 0000000000000000 df3b99d6577397c8 +0 0120010101010101 0000000000000000 31fe17369b5288c9 +0 0110010101010101 0000000000000000 dfdd3cc64dae1642 +0 0108010101010101 0000000000000000 178c83ce2b399d94 +0 0104010101010101 0000000000000000 50f636324a9b7f80 +0 0102010101010101 0000000000000000 a8468ee3bc18f06d +0 0101800101010101 0000000000000000 a2dc9e92fd3cde92 +0 0101400101010101 0000000000000000 cac09f797d031287 +0 0101200101010101 0000000000000000 90ba680b22aeb525 +0 0101100101010101 0000000000000000 ce7a24f350e280b6 +0 0101080101010101 0000000000000000 882bff0aa01a0b87 +0 0101040101010101 0000000000000000 25610288924511c2 +0 0101020101010101 0000000000000000 c71516c29c75d170 +0 0101018001010101 0000000000000000 5199c29a52c9f059 +0 0101014001010101 0000000000000000 c22f0a294a71f29f +0 0101012001010101 0000000000000000 ee371483714c02ea +0 0101011001010101 0000000000000000 a81fbd448f9e522f +0 0101010801010101 0000000000000000 4f644c92e192dfed +0 0101010401010101 0000000000000000 1afa9a66a6df92ae +0 0101010201010101 0000000000000000 b3c1cc715cb879d8 +0 0101010180010101 0000000000000000 19d032e64ab0bd8b +0 0101010140010101 0000000000000000 3cfaa7a7dc8720dc +0 0101010120010101 0000000000000000 b7265f7f447ac6f3 +0 0101010110010101 0000000000000000 9db73b3c0d163f54 +0 0101010108010101 0000000000000000 8181b65babf4a975 +0 0101010104010101 0000000000000000 93c9b64042eaa240 +0 0101010102010101 0000000000000000 5570530829705592 +0 0101010101800101 0000000000000000 8638809e878787a0 +0 0101010101400101 0000000000000000 41b9a79af79ac208 +0 0101010101200101 0000000000000000 7a9be42f2009a892 +0 0101010101100101 0000000000000000 29038d56ba6d2745 +0 0101010101080101 0000000000000000 5495c6abf1e5df51 +0 0101010101040101 0000000000000000 ae13dbd561488933 +0 0101010101020101 0000000000000000 024d1ffa8904e389 +0 0101010101018001 0000000000000000 d1399712f99bf02e +0 0101010101014001 0000000000000000 14c1d7c1cffec79e +0 0101010101012001 0000000000000000 1de5279dae3bed6f +0 0101010101011001 0000000000000000 e941a33f85501303 +0 0101010101010801 0000000000000000 da99dbbc9a03f379 +0 0101010101010401 0000000000000000 b7fc92f91d8e92e9 +0 0101010101010201 0000000000000000 ae8e5caa3ca04e85 +0 0101010101010180 0000000000000000 9cc62df43b6eed74 +0 0101010101010140 0000000000000000 d863dbb5c59a91a0 +0 0101010101010120 0000000000000000 a1ab2190545b91d7 +0 0101010101010110 0000000000000000 0875041e64c570f7 +0 0101010101010108 0000000000000000 5a594528bebef1cc +0 0101010101010104 0000000000000000 fcdb3291de21f0c0 +0 0101010101010102 0000000000000000 869efd7f9f265a09 +0 1046913489980131 0000000000000000 88d55e54f54c97b4 +0 1007103489988020 0000000000000000 0c0cc00c83ea48fd +0 10071034c8980120 0000000000000000 83bc8ef3a6570183 +0 1046103489988020 0000000000000000 df725dcad94ea2e9 +0 1086911519190101 0000000000000000 e652b53b550be8b0 +0 1086911519580101 0000000000000000 af527120c485cbb0 +0 5107b01519580101 0000000000000000 0f04ce393db926d5 +0 1007b01519190101 0000000000000000 c9f00ffc74079067 +0 3107915498080101 0000000000000000 7cfd82a593252b4e +0 3107919498080101 0000000000000000 cb49a2f9e91363e3 +0 10079115b9080140 0000000000000000 00b588be70d23f56 +0 3107911598080140 0000000000000000 406a9a6ab43399ae +0 1007d01589980101 0000000000000000 6cb773611dca9ada +0 9107911589980101 0000000000000000 67fd21c17dbb5d70 +0 9107d01589190101 0000000000000000 9592cb4110430787 +0 1007d01598980120 0000000000000000 a6b7ff68a318ddd3 +0 1007940498190101 0000000000000000 4d102196c914ca16 +0 0107910491190401 0000000000000000 2dfa9f4573594965 +0 0107910491190101 0000000000000000 b46604816c0e0774 +0 0107940491190401 0000000000000000 6e7e6221a4f34e87 +0 19079210981a0101 0000000000000000 aa85e74643233199 +0 1007911998190801 0000000000000000 2e5a19db4d1962d6 +0 10079119981a0801 0000000000000000 23a866a809d30894 +0 1007921098190101 0000000000000000 d812d961f017d320 +0 100791159819010b 0000000000000000 055605816e58608f +0 1004801598190101 0000000000000000 abd88e8b1b7716f1 +0 1004801598190102 0000000000000000 537ac95be69da1e1 +0 1004801598190108 0000000000000000 aed0f6ae3c25cdd8 +0 1002911598100104 0000000000000000 b3e35a5ee53e7b8d +0 1002911598190104 0000000000000000 61c79c71921a2ef8 +0 1002911598100201 0000000000000000 e2f5728f0995013c +0 1002911698100101 0000000000000000 1aeac39a61f0a464 +0 7ca110454a1a6e57 01a1d6d039776742 690f5b0d9a26939b +0 0131d9619dc1376e 5cd54ca83def57da 7a389d10354bd271 +0 07a1133e4a0b2686 0248d43806f67172 868ebb51cab4599a +0 3849674c2602319e 51454b582ddf440a 7178876e01f19b2a +0 04b915ba43feb5b6 42fd443059577fa2 af37fb421f8c4095 +0 0113b970fd34f2ce 059b5e0851cf143a 86a560f10ec6d85b +0 0170f175468fb5e6 0756d8e0774761d2 0cd3da020021dc09 +0 43297fad38e373fe 762514b829bf486a ea676b2cb7db2b7a +0 07a7137045da2a16 3bdd119049372802 dfd64a815caf1a0f +0 04689104c2fd3b2f 26955f6835af609a 5c513c9c4886c088 +0 37d06bb516cb7546 164d5e404f275232 0a2aeeae3ff4ab77 +0 1f08260d1ac2465e 6b056e18759f5cca ef1bf03e5dfa575a +0 584023641aba6176 004bd6ef09176062 88bf0db6d70dee56 +0 025816164629b007 480d39006ee762f2 a1f9915541020b56 +0 49793ebc79b3258f 437540c8698f3cfa 6fbf1cafcffd0556 +0 4fb05e1515ab73a7 072d43a077075292 2f22e49bab7ca1ac +0 49e95d6d4ca229bf 02fe55778117f12a 5a6b612cc26cce4a +0 018310dc409b26d6 1d9d5c5018f728c2 5f4c038ed12b2e41 +0 1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793 +1 1c587f1c13924fef 305532286d6f295a 400d307ca24fee60 +57 1c587f1c13924fef 305532286d6f295a 28b568f40e7d43ae +1 8001010101010101 0000000000000000 f501029f268e45dc +0 1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793 diff --git a/secure/lib/libcipher/test/speedcrypt.c b/secure/lib/libcipher/test/speedcrypt.c new file mode 100644 index 0000000..f7507fd --- /dev/null +++ b/secure/lib/libcipher/test/speedcrypt.c @@ -0,0 +1,76 @@ +#include <sys/types.h> +#include <sys/time.h> +#include <sys/resource.h> +#include <signal.h> +#include <stdio.h> + +int keep_going, count, alternate, seconds; +struct rusage prior, now; + +void +finish() +{ + keep_going = 0; +} + + +main(int argc, char *argv[]) +{ + struct itimerval itv; + u_long msecs, key1[8], key2[8]; + char *k1, *k2; + + if (argc < 2 || sscanf(argv[1], "%d", &seconds) != 1) + seconds = 20; + + if (argc < 3 || sscanf(argv[2], "%d", &alternate) != 1) + alternate = 0; + + printf ("Running crypt%s for %d seconds of vtime...\n", + alternate ? " with alternate keys" : "", seconds); + + bzero(&itv, sizeof (itv)); + signal (SIGVTALRM, finish); + itv.it_value.tv_sec = seconds; + itv.it_value.tv_usec = 0; + setitimer(ITIMER_VIRTUAL, &itv, NULL); + + keep_going = 1; + if (getrusage(0, &prior) < 0) { + perror("getrusage"); + exit(1); + } + + k1 = (char *) key1; + k2 = (char *) key2; + strcpy(k1, "fredfredfredfredfred"); + strcpy(k2, "joejoejoejoejoejoejo"); + + if (alternate) + for (count = 0; keep_going; count++) + { +#if defined(LONGCRYPT) + crypt((count & 1) ? k1 : k2, "_ara.X..."); +#else + crypt((count & 1) ? k1 : k2, "eek"); +#endif + } + else + for (count = 0; keep_going; count++) + { +#if defined(LONGCRYPT) + crypt(k1, "_ara.X..."); +#else + crypt(k1, "eek"); +#endif + } + + if (getrusage(0, &now) < 0) { + perror("getrusage"); + exit(1); + } + msecs = (now.ru_utime.tv_sec - prior.ru_utime.tv_sec) * 1000 + + (now.ru_utime.tv_usec - prior.ru_utime.tv_usec) / 1000; + printf ("\tDid %d crypt()s per second.\n", 1000 * count / msecs); + exit(0); +} diff --git a/secure/lib/libcipher/test/speeddes.c b/secure/lib/libcipher/test/speeddes.c new file mode 100644 index 0000000..a582236 --- /dev/null +++ b/secure/lib/libcipher/test/speeddes.c @@ -0,0 +1,61 @@ +#include <sys/types.h> +#include <sys/time.h> +#include <sys/resource.h> +#include <signal.h> +#include <stdio.h> + +int keep_going, count, alternate, seconds, iters; +struct rusage prior, now; +u_long block[3]; +char *blk; + +void +finish() +{ + keep_going = 0; +} + + +main(int argc, char *argv[]) +{ + struct itimerval itv; + u_long msecs; + + if (argc < 2 || sscanf(argv[1], "%d", &seconds) != 1) + seconds = 20; + + if (argc < 3 || sscanf(argv[2], "%d", &iters) != 1) + iters = 1; + + printf ("Running des_cipher( , , 0L, %d) for %d seconds of vtime...\n", + iters, seconds); + + bzero(&itv, sizeof (itv)); + signal (SIGVTALRM, finish); + itv.it_value.tv_sec = seconds; + itv.it_value.tv_usec = 0; + setitimer(ITIMER_VIRTUAL, &itv, NULL); + + keep_going = 1; + if (getrusage(0, &prior) < 0) { + perror("getrusage"); + exit(1); + } + + blk = (char *) block; + (void)des_setkey(blk); + for (count = 0; keep_going; count++) + (void) des_cipher(blk, blk, 0, iters); + + if (getrusage(0, &now) < 0) { + perror("getrusage"); + exit(1); + } + + msecs = (now.ru_utime.tv_sec - prior.ru_utime.tv_sec) * 1000 + + (now.ru_utime.tv_usec - prior.ru_utime.tv_usec) / 1000; + printf ("Did %d encryptions per second, each of %d iteration(s).\n", + 1000 * count / msecs, iters); + printf ("\tTotal %d blocks per second.\n", (1000*iters*count)/msecs); + exit(0); +} diff --git a/secure/lib/libcrypt/Makefile b/secure/lib/libcrypt/Makefile new file mode 100644 index 0000000..7963770 --- /dev/null +++ b/secure/lib/libcrypt/Makefile @@ -0,0 +1,45 @@ +# +# $Id: Makefile,v 1.10 1996/03/24 07:30:27 markm Exp $ +# + +LCRYPTBASE= libcrypt +LCRYPTSO= $(LCRYPTBASE).so.$(SHLIB_MAJOR).$(SHLIB_MINOR) + +LDCRYPTBASE= libdescrypt +LDCRYPTSO= $(LDCRYPTBASE).so.$(SHLIB_MAJOR).$(SHLIB_MINOR) + +.PATH: ${.CURDIR}/../../../lib/libmd + +LIB= descrypt +SRCS= crypt.c crypt-md5.c md5c.c +MAN3= crypt.3 +CFLAGS+= -I${.CURDIR}/../../../lib/libmd -Wall +PRECIOUSLIB= yes + +test: + cd test ; make test ; make clean + +.include <bsd.lib.mk> + +# We only install the links if they do not already exist. +# This may have to be revised +afterinstall: +.if !defined(NOPIC) && defined(SHLIB_MAJOR) + @cd $(DESTDIR)/$(LIBDIR); \ + if [ ! -e $(LCRYPTSO) ]; then \ + rm -f $(LCRYPTSO); \ + ln -s $(LDCRYPTSO) $(LCRYPTSO); \ + fi +.endif + @cd $(DESTDIR)/$(LIBDIR); \ + if [ ! -e $(LCRYPTBASE).a ]; then \ + rm -f $(LCRYPTBASE).a; \ + ln -s $(LDCRYPTBASE).a libcrypt.a; \ + fi +.if !defined(NOPROFILE) + @cd $(DESTDIR)/$(LIBDIR); \ + if [ ! -e $(LCRYPTBASE)_p.a ]; then \ + rm -f $(LCRYPTBASE)_p.a; \ + ln -s $(LDCRYPTBASE)_p.a libcrypt_p.a; \ + fi +.endif diff --git a/secure/lib/libcrypt/README b/secure/lib/libcrypt/README new file mode 100644 index 0000000..051c9c1 --- /dev/null +++ b/secure/lib/libcrypt/README @@ -0,0 +1,98 @@ + + FreeSec - NetBSD libcrypt replacement + + David Burren <davidb@werj.com.au> + Release 1.0, March 1994 + + Document ref: $Id: README,v 1.1.1.1 1994/04/04 14:57:18 g89r4222 Exp $ + + +Description +=========== +This library is a drop-in replacement for the libcrypt used in U.S. copies +of NetBSD, duplicating that library's functionality. A suite of verification +and benchmark tools is provided. + +FreeSec 1.0 is an original implementation of the DES algorithm and the +crypt(3) interfaces used in Unix-style operating systems. It was produced +in Australia and as such is not covered by U.S. export restrictions (at +least for copies that remain outside the U.S.). + + +History +======= +An earlier version of the FreeSec library was built using the UFC-crypt +package that is distributed as part of the GNU library. UFC-crypt did not +support the des_cipher() or des_setkey() functions, nor the new-style +crypt with long keys. These were implemented in FreeSec 0.2, but at least +one bug remained, where encryption would only succeed if either the salt +or the plaintext was zero. Because of its heritage FreeSec 0.2 was covered +by the GNU Library Licence. + +FreeSec 1.0 is an original implementation by myself, and has been tested +against the verification suite I'd been using with FreeSec 0.2 (this is not +encumbered by any licence). FreeSec 1.0 is covered by a Berkeley-style +licence, which better fits into the *BSD hierarchy than the earlier GNU +licence. + + +Why should you use FreeSec? +=========================== +FreeSec is intended as a replacement for the U.S.-only NetBSD libcrypt, +to act as a baseline for encryption functionality. + +Some other packages (such as Eric Young's libdes package) are faster and +more complete than FreeSec, but typically have different licencing +arrangements. While some applications will justify the use of these +packages, the idea here is that everyone should have access to *at least* +the functionality of FreeSec. + + +Performance of FreeSec 1.0 +========================== +I compare below the performance of three libcrypt implementations. As can be +seen, it's between the U.S. library and UFC-crypt. While the performance of +FreeSec 1.0 is good enough to keep me happy for now, I hope to improve it in +future versions. I was interested to note that while UFC-crypt is faster on +a 386, hardware characteristics can have markedly different effects on each +implementation. + + +386DX40, 128k cache | U.S. BSD | FreeSec 1.0 | FreeSec 0.2 +CFLAGS=-O2 | | | +========================+===============+===============+================== +crypt (alternate keys) | 317 | 341 | 395 + crypt/sec | | | +------------------------+---------------+---------------+------------------ +crypt (constant key) | 317 | 368 | 436 + crypt/sec | | | +------------------------+---------------+---------------+------------------ +des_cipher( , , , 1) | 6037 | 7459 | 3343 + blocks/sec | | | +------------------------+---------------+---------------+------------------ +des_cipher( , , , 25) | 8871 | 9627 | 15926 + blocks/sec | | | + +Notes: The results tabled here are the average over 10 runs. + The entry/exit code for FreeSec 0.2's des_cipher() is particularly + inefficient, thus the anomalous result for single encryptions. + + +As an experiment using a machine with a larger register set and an +obscenely fast CPU, I obtained the following results: + + 60 MHz R4400 | FreeSec 1.0 | FreeSec 0.2 + ========================+================================= + crypt (alternate keys) | 2545 | 2702 + crypt/sec | | + ------------------------+--------------------------------- + crypt (constant key) | 2852 | 2981 + crypt/sec | | + ------------------------+--------------------------------- + des_cipher( , , , 1) | 56443 | 21409 + blocks/sec | | + ------------------------+--------------------------------- + des_cipher( , , , 25) | 82531 | 18276 + blocks/sec | | + +Obviously your mileage will vary with your hardware and your compiler... diff --git a/secure/lib/libcrypt/README.FreeBSD b/secure/lib/libcrypt/README.FreeBSD new file mode 100644 index 0000000..250467e --- /dev/null +++ b/secure/lib/libcrypt/README.FreeBSD @@ -0,0 +1,21 @@ +$Id: README.FreeBSD,v 1.2 1994/04/04 15:10:57 g89r4222 Exp $ + +This is FreeSec package for NetBSD, unchanged for +FreeBSD, except for the Makefile. + +FreeSec was written by David Burren <davidb@werj.com.au> + +A few bugs in the original FreeSec release have been fixed. + +In order to make libcrypt binaries exportable from the USA, +only the symbol _crypt() (later to be changed to ___crypt()) +is exported from libcrypt. + +This source code was developed outside the USA, and can be +obtained outside the USA. + + Geoff Rehmet + Rhodes University + Grahamstown + South Africa + 8 August 1994 diff --git a/secure/lib/libcrypt/crypt-des.c b/secure/lib/libcrypt/crypt-des.c new file mode 100644 index 0000000..31b2024 --- /dev/null +++ b/secure/lib/libcrypt/crypt-des.c @@ -0,0 +1,697 @@ +/* + * FreeSec: libcrypt for NetBSD + * + * Copyright (c) 1994 David Burren + * All rights reserved. + * + * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet + * crypt.c should now *only* export crypt(), in order to make + * binaries of libcrypt exportable from the USA + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the author nor the names of other contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + * + * This is an original implementation of the DES and the crypt(3) interfaces + * by David Burren <davidb@werj.com.au>. + * + * An excellent reference on the underlying algorithm (and related + * algorithms) is: + * + * B. Schneier, Applied Cryptography: protocols, algorithms, + * and source code in C, John Wiley & Sons, 1994. + * + * Note that in that book's description of DES the lookups for the initial, + * pbox, and final permutations are inverted (this has been brought to the + * attention of the author). A list of errata for this book has been + * posted to the sci.crypt newsgroup by the author and is available for FTP. + * + * ARCHITECTURE ASSUMPTIONS: + * This code assumes that u_longs are 32 bits. It will probably not + * operate on 64-bit machines without modifications. + * It is assumed that the 8-byte arrays passed by reference can be + * addressed as arrays of u_longs (ie. the CPU is not picky about + * alignment). + */ +#include <sys/types.h> +#include <sys/param.h> +#include <pwd.h> +#include <string.h> + +char *crypt_md5(const char *pw, const char *salt); + +/* We can't always assume gcc */ +#ifdef __GNUC__ +#define INLINE inline +#endif + + +static u_char IP[64] = { + 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, + 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 +}; + +static u_char inv_key_perm[64]; +static u_char u_key_perm[56]; +static u_char key_perm[56] = { + 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, + 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 +}; + +static u_char key_shifts[16] = { + 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 +}; + +static u_char inv_comp_perm[56]; +static u_char comp_perm[48] = { + 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, + 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 +}; + +/* + * No E box is used, as it's replaced by some ANDs, shifts, and ORs. + */ + +static u_char u_sbox[8][64]; +static u_char sbox[8][64] = { + { + 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, + 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, + 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, + 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 + }, + { + 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, + 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, + 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, + 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 + }, + { + 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, + 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, + 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, + 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 + }, + { + 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, + 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, + 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, + 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 + }, + { + 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, + 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, + 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, + 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 + }, + { + 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, + 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, + 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, + 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 + }, + { + 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, + 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, + 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, + 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 + }, + { + 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, + 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, + 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, + 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 + } +}; + +static u_char un_pbox[32]; +static u_char pbox[32] = { + 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, + 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 +}; + +static u_long bits32[32] = +{ + 0x80000000, 0x40000000, 0x20000000, 0x10000000, + 0x08000000, 0x04000000, 0x02000000, 0x01000000, + 0x00800000, 0x00400000, 0x00200000, 0x00100000, + 0x00080000, 0x00040000, 0x00020000, 0x00010000, + 0x00008000, 0x00004000, 0x00002000, 0x00001000, + 0x00000800, 0x00000400, 0x00000200, 0x00000100, + 0x00000080, 0x00000040, 0x00000020, 0x00000010, + 0x00000008, 0x00000004, 0x00000002, 0x00000001 +}; + +static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; + +static u_long saltbits; +static long old_salt; +static u_long *bits28, *bits24; +static u_char init_perm[64], final_perm[64]; +static u_long en_keysl[16], en_keysr[16]; +static u_long de_keysl[16], de_keysr[16]; +static int des_initialised = 0; +static u_char m_sbox[4][4096]; +static u_long psbox[4][256]; +static u_long ip_maskl[8][256], ip_maskr[8][256]; +static u_long fp_maskl[8][256], fp_maskr[8][256]; +static u_long key_perm_maskl[8][128], key_perm_maskr[8][128]; +static u_long comp_maskl[8][128], comp_maskr[8][128]; +static u_long old_rawkey0, old_rawkey1; + +static u_char ascii64[] = + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; +/* 0000000000111111111122222222223333333333444444444455555555556666 */ +/* 0123456789012345678901234567890123456789012345678901234567890123 */ + +static INLINE int +ascii_to_bin(char ch) +{ + if (ch > 'z') + return(0); + if (ch >= 'a') + return(ch - 'a' + 38); + if (ch > 'Z') + return(0); + if (ch >= 'A') + return(ch - 'A' + 12); + if (ch > '9') + return(0); + if (ch >= '.') + return(ch - '.'); + return(0); +} + +static void +des_init() +{ + int i, j, b, k, inbit, obit; + u_long *p, *il, *ir, *fl, *fr; + + old_rawkey0 = old_rawkey1 = 0L; + saltbits = 0L; + old_salt = 0L; + bits24 = (bits28 = bits32 + 4) + 4; + + /* + * Invert the S-boxes, reordering the input bits. + */ + for (i = 0; i < 8; i++) + for (j = 0; j < 64; j++) { + b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); + u_sbox[i][j] = sbox[i][b]; + } + + /* + * Convert the inverted S-boxes into 4 arrays of 8 bits. + * Each will handle 12 bits of the S-box input. + */ + for (b = 0; b < 4; b++) + for (i = 0; i < 64; i++) + for (j = 0; j < 64; j++) + m_sbox[b][(i << 6) | j] = + (u_sbox[(b << 1)][i] << 4) | + u_sbox[(b << 1) + 1][j]; + + /* + * Set up the initial & final permutations into a useful form, and + * initialise the inverted key permutation. + */ + for (i = 0; i < 64; i++) { + init_perm[final_perm[i] = IP[i] - 1] = i; + inv_key_perm[i] = 255; + } + + /* + * Invert the key permutation and initialise the inverted key + * compression permutation. + */ + for (i = 0; i < 56; i++) { + u_key_perm[i] = key_perm[i] - 1; + inv_key_perm[key_perm[i] - 1] = i; + inv_comp_perm[i] = 255; + } + + /* + * Invert the key compression permutation. + */ + for (i = 0; i < 48; i++) { + inv_comp_perm[comp_perm[i] - 1] = i; + } + + /* + * Set up the OR-mask arrays for the initial and final permutations, + * and for the key initial and compression permutations. + */ + for (k = 0; k < 8; k++) { + for (i = 0; i < 256; i++) { + *(il = &ip_maskl[k][i]) = 0L; + *(ir = &ip_maskr[k][i]) = 0L; + *(fl = &fp_maskl[k][i]) = 0L; + *(fr = &fp_maskr[k][i]) = 0L; + for (j = 0; j < 8; j++) { + inbit = 8 * k + j; + if (i & bits8[j]) { + if ((obit = init_perm[inbit]) < 32) + *il |= bits32[obit]; + else + *ir |= bits32[obit-32]; + if ((obit = final_perm[inbit]) < 32) + *fl |= bits32[obit]; + else + *fr |= bits32[obit - 32]; + } + } + } + for (i = 0; i < 128; i++) { + *(il = &key_perm_maskl[k][i]) = 0L; + *(ir = &key_perm_maskr[k][i]) = 0L; + for (j = 0; j < 7; j++) { + inbit = 8 * k + j; + if (i & bits8[j + 1]) { + if ((obit = inv_key_perm[inbit]) == 255) + continue; + if (obit < 28) + *il |= bits28[obit]; + else + *ir |= bits28[obit - 28]; + } + } + *(il = &comp_maskl[k][i]) = 0L; + *(ir = &comp_maskr[k][i]) = 0L; + for (j = 0; j < 7; j++) { + inbit = 7 * k + j; + if (i & bits8[j + 1]) { + if ((obit=inv_comp_perm[inbit]) == 255) + continue; + if (obit < 24) + *il |= bits24[obit]; + else + *ir |= bits24[obit - 24]; + } + } + } + } + + /* + * Invert the P-box permutation, and convert into OR-masks for + * handling the output of the S-box arrays setup above. + */ + for (i = 0; i < 32; i++) + un_pbox[pbox[i] - 1] = i; + + for (b = 0; b < 4; b++) + for (i = 0; i < 256; i++) { + *(p = &psbox[b][i]) = 0L; + for (j = 0; j < 8; j++) { + if (i & bits8[j]) + *p |= bits32[un_pbox[8 * b + j]]; + } + } + + des_initialised = 1; +} + +static void +setup_salt(long salt) +{ + u_long obit, saltbit; + int i; + + if (salt == old_salt) + return; + old_salt = salt; + + saltbits = 0L; + saltbit = 1; + obit = 0x800000; + for (i = 0; i < 24; i++) { + if (salt & saltbit) + saltbits |= obit; + saltbit <<= 1; + obit >>= 1; + } +} + +static int +des_setkey(const char *key) +{ + u_long k0, k1, rawkey0, rawkey1; + int shifts, round; + + if (!des_initialised) + des_init(); + + rawkey0 = ntohl(*(u_long *) key); + rawkey1 = ntohl(*(u_long *) (key + 4)); + + if ((rawkey0 | rawkey1) + && rawkey0 == old_rawkey0 + && rawkey1 == old_rawkey1) { + /* + * Already setup for this key. + * This optimisation fails on a zero key (which is weak and + * has bad parity anyway) in order to simplify the starting + * conditions. + */ + return(0); + } + old_rawkey0 = rawkey0; + old_rawkey1 = rawkey1; + + /* + * Do key permutation and split into two 28-bit subkeys. + */ + k0 = key_perm_maskl[0][rawkey0 >> 25] + | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] + | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] + | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] + | key_perm_maskl[4][rawkey1 >> 25] + | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] + | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] + | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; + k1 = key_perm_maskr[0][rawkey0 >> 25] + | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] + | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] + | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] + | key_perm_maskr[4][rawkey1 >> 25] + | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] + | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] + | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; + /* + * Rotate subkeys and do compression permutation. + */ + shifts = 0; + for (round = 0; round < 16; round++) { + u_long t0, t1; + + shifts += key_shifts[round]; + + t0 = (k0 << shifts) | (k0 >> (28 - shifts)); + t1 = (k1 << shifts) | (k1 >> (28 - shifts)); + + de_keysl[15 - round] = + en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] + | comp_maskl[1][(t0 >> 14) & 0x7f] + | comp_maskl[2][(t0 >> 7) & 0x7f] + | comp_maskl[3][t0 & 0x7f] + | comp_maskl[4][(t1 >> 21) & 0x7f] + | comp_maskl[5][(t1 >> 14) & 0x7f] + | comp_maskl[6][(t1 >> 7) & 0x7f] + | comp_maskl[7][t1 & 0x7f]; + + de_keysr[15 - round] = + en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] + | comp_maskr[1][(t0 >> 14) & 0x7f] + | comp_maskr[2][(t0 >> 7) & 0x7f] + | comp_maskr[3][t0 & 0x7f] + | comp_maskr[4][(t1 >> 21) & 0x7f] + | comp_maskr[5][(t1 >> 14) & 0x7f] + | comp_maskr[6][(t1 >> 7) & 0x7f] + | comp_maskr[7][t1 & 0x7f]; + } + return(0); +} + +static int +do_des( u_long l_in, u_long r_in, u_long *l_out, u_long *r_out, int count) +{ + /* + * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. + */ + u_long l, r, *kl, *kr, *kl1, *kr1; + u_long f, r48l, r48r; + int round; + + if (count == 0) { + return(1); + } else if (count > 0) { + /* + * Encrypting + */ + kl1 = en_keysl; + kr1 = en_keysr; + } else { + /* + * Decrypting + */ + count = -count; + kl1 = de_keysl; + kr1 = de_keysr; + } + + /* + * Do initial permutation (IP). + */ + l = ip_maskl[0][l_in >> 24] + | ip_maskl[1][(l_in >> 16) & 0xff] + | ip_maskl[2][(l_in >> 8) & 0xff] + | ip_maskl[3][l_in & 0xff] + | ip_maskl[4][r_in >> 24] + | ip_maskl[5][(r_in >> 16) & 0xff] + | ip_maskl[6][(r_in >> 8) & 0xff] + | ip_maskl[7][r_in & 0xff]; + r = ip_maskr[0][l_in >> 24] + | ip_maskr[1][(l_in >> 16) & 0xff] + | ip_maskr[2][(l_in >> 8) & 0xff] + | ip_maskr[3][l_in & 0xff] + | ip_maskr[4][r_in >> 24] + | ip_maskr[5][(r_in >> 16) & 0xff] + | ip_maskr[6][(r_in >> 8) & 0xff] + | ip_maskr[7][r_in & 0xff]; + + while (count--) { + /* + * Do each round. + */ + kl = kl1; + kr = kr1; + round = 16; + while (round--) { + /* + * Expand R to 48 bits (simulate the E-box). + */ + r48l = ((r & 0x00000001) << 23) + | ((r & 0xf8000000) >> 9) + | ((r & 0x1f800000) >> 11) + | ((r & 0x01f80000) >> 13) + | ((r & 0x001f8000) >> 15); + + r48r = ((r & 0x0001f800) << 7) + | ((r & 0x00001f80) << 5) + | ((r & 0x000001f8) << 3) + | ((r & 0x0000001f) << 1) + | ((r & 0x80000000) >> 31); + /* + * Do salting for crypt() and friends, and + * XOR with the permuted key. + */ + f = (r48l ^ r48r) & saltbits; + r48l ^= f ^ *kl++; + r48r ^= f ^ *kr++; + /* + * Do sbox lookups (which shrink it back to 32 bits) + * and do the pbox permutation at the same time. + */ + f = psbox[0][m_sbox[0][r48l >> 12]] + | psbox[1][m_sbox[1][r48l & 0xfff]] + | psbox[2][m_sbox[2][r48r >> 12]] + | psbox[3][m_sbox[3][r48r & 0xfff]]; + /* + * Now that we've permuted things, complete f(). + */ + f ^= l; + l = r; + r = f; + } + r = l; + l = f; + } + /* + * Do final permutation (inverse of IP). + */ + *l_out = fp_maskl[0][l >> 24] + | fp_maskl[1][(l >> 16) & 0xff] + | fp_maskl[2][(l >> 8) & 0xff] + | fp_maskl[3][l & 0xff] + | fp_maskl[4][r >> 24] + | fp_maskl[5][(r >> 16) & 0xff] + | fp_maskl[6][(r >> 8) & 0xff] + | fp_maskl[7][r & 0xff]; + *r_out = fp_maskr[0][l >> 24] + | fp_maskr[1][(l >> 16) & 0xff] + | fp_maskr[2][(l >> 8) & 0xff] + | fp_maskr[3][l & 0xff] + | fp_maskr[4][r >> 24] + | fp_maskr[5][(r >> 16) & 0xff] + | fp_maskr[6][(r >> 8) & 0xff] + | fp_maskr[7][r & 0xff]; + return(0); +} + +static int +des_cipher(const char *in, char *out, long salt, int count) +{ + u_long l_out, r_out, rawl, rawr; + int retval; + + if (!des_initialised) + des_init(); + + setup_salt(salt); + + rawl = ntohl(*((u_long *) in)++); + rawr = ntohl(*((u_long *) in)); + + retval = do_des(rawl, rawr, &l_out, &r_out, count); + + *((u_long *) out)++ = htonl(l_out); + *((u_long *) out) = htonl(r_out); + return(retval); +} + +char * +crypt(char *key, char *setting) +{ + int i; + u_long count, salt, l, r0, r1, keybuf[2]; + u_char *p, *q; + static u_char output[21]; + + if (!strncmp(setting, "$1$", 3)) + return crypt_md5(key, setting); + + if (!des_initialised) + des_init(); + + + /* + * Copy the key, shifting each character up by one bit + * and padding with zeros. + */ + q = (u_char *) keybuf; + while (q - (u_char *) keybuf - 8) { + if ((*q++ = *key << 1)) + key++; + } + if (des_setkey((u_char *) keybuf)) + return(NULL); + + if (*setting == _PASSWORD_EFMT1) { + /* + * "new"-style: + * setting - underscore, 4 bytes of count, 4 bytes of salt + * key - unlimited characters + */ + for (i = 1, count = 0L; i < 5; i++) + count |= ascii_to_bin(setting[i]) << (i - 1) * 6; + + for (i = 5, salt = 0L; i < 9; i++) + salt |= ascii_to_bin(setting[i]) << (i - 5) * 6; + + while (*key) { + /* + * Encrypt the key with itself. + */ + if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0L, 1)) + return(NULL); + /* + * And XOR with the next 8 characters of the key. + */ + q = (u_char *) keybuf; + while (q - (u_char *) keybuf - 8 && *key) + *q++ ^= *key++ << 1; + + if (des_setkey((u_char *) keybuf)) + return(NULL); + } + strncpy(output, setting, 9); + + /* + * Double check that we weren't given a short setting. + * If we were, the above code will probably have created + * wierd values for count and salt, but we don't really care. + * Just make sure the output string doesn't have an extra + * NUL in it. + */ + output[9] = '\0'; + p = output + strlen(output); + } else { + /* + * "old"-style: + * setting - 2 bytes of salt + * key - up to 8 characters + */ + count = 25; + + salt = (ascii_to_bin(setting[1]) << 6) + | ascii_to_bin(setting[0]); + + output[0] = setting[0]; + /* + * If the encrypted password that the salt was extracted from + * is only 1 character long, the salt will be corrupted. We + * need to ensure that the output string doesn't have an extra + * NUL in it! + */ + output[1] = setting[1] ? setting[1] : output[0]; + + p = output + 2; + } + setup_salt(salt); + /* + * Do it. + */ + if (do_des(0L, 0L, &r0, &r1, count)) + return(NULL); + /* + * Now encode the result... + */ + l = (r0 >> 8); + *p++ = ascii64[(l >> 18) & 0x3f]; + *p++ = ascii64[(l >> 12) & 0x3f]; + *p++ = ascii64[(l >> 6) & 0x3f]; + *p++ = ascii64[l & 0x3f]; + + l = (r0 << 16) | ((r1 >> 16) & 0xffff); + *p++ = ascii64[(l >> 18) & 0x3f]; + *p++ = ascii64[(l >> 12) & 0x3f]; + *p++ = ascii64[(l >> 6) & 0x3f]; + *p++ = ascii64[l & 0x3f]; + + l = r1 << 2; + *p++ = ascii64[(l >> 12) & 0x3f]; + *p++ = ascii64[(l >> 6) & 0x3f]; + *p++ = ascii64[l & 0x3f]; + *p = 0; + + return(output); +} diff --git a/secure/lib/libcrypt/crypt-md5.c b/secure/lib/libcrypt/crypt-md5.c new file mode 100644 index 0000000..6740f72 --- /dev/null +++ b/secure/lib/libcrypt/crypt-md5.c @@ -0,0 +1,157 @@ +/* + * ---------------------------------------------------------------------------- + * "THE BEER-WARE LICENSE" (Revision 42): + * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you + * can do whatever you want with this stuff. If we meet some day, and you think + * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp + * ---------------------------------------------------------------------------- + * + * This has had its entry point changed to crypt_md5 for use in + * a dual-personality (DES & MD5) environment) -- MarkM - Nov 1995 + * + * $Id$ + * + */ + +#if 0 +#if defined(LIBC_SCCS) && !defined(lint) +static char rcsid[] = "$Header: /home/ncvs/src/lib/libcrypt/crypt.c,v 1.3 1995/05/30 05:42:22 rgrimes Exp $"; +#endif /* LIBC_SCCS and not lint */ +#endif + +#include <unistd.h> +#include <stdio.h> +#include <string.h> +#include <md5.h> + +static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + +static void +to64(s, v, n) + char *s; + unsigned long v; + int n; +{ + while (--n >= 0) { + *s++ = itoa64[v&0x3f]; + v >>= 6; + } +} + +/* + * UNIX password + * + * Use MD5 for what it is best at... + */ + +char * +crypt_md5(pw, salt) + register const char *pw; + register const char *salt; +{ + static char *magic = "$1$"; /* + * This string is magic for + * this algorithm. Having + * it this way, we can get + * get better later on + */ + static char passwd[120], *p; + static const char *sp,*ep; + unsigned char final[16]; + int sl,pl,i,j; + MD5_CTX ctx,ctx1; + unsigned long l; + + /* Refine the Salt first */ + sp = salt; + + /* If it starts with the magic string, then skip that */ + if(!strncmp(sp,magic,strlen(magic))) + sp += strlen(magic); + + /* It stops at the first '$', max 8 chars */ + for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++) + continue; + + /* get the length of the true salt */ + sl = ep - sp; + + MD5Init(&ctx); + + /* The password first, since that is what is most unknown */ + MD5Update(&ctx,pw,strlen(pw)); + + /* Then our magic string */ + MD5Update(&ctx,magic,strlen(magic)); + + /* Then the raw salt */ + MD5Update(&ctx,sp,sl); + + /* Then just as many characters of the MD5(pw,salt,pw) */ + MD5Init(&ctx1); + MD5Update(&ctx1,pw,strlen(pw)); + MD5Update(&ctx1,sp,sl); + MD5Update(&ctx1,pw,strlen(pw)); + MD5Final(final,&ctx1); + for(pl = strlen(pw); pl > 0; pl -= 16) + MD5Update(&ctx,final,pl>16 ? 16 : pl); + + /* Don't leave anything around in vm they could use. */ + memset(final,0,sizeof final); + + /* Then something really weird... */ + for (j=0,i = strlen(pw); i ; i >>= 1) + if(i&1) + MD5Update(&ctx, final+j, 1); + else + MD5Update(&ctx, pw+j, 1); + + /* Now make the output string */ + strcpy(passwd,magic); + strncat(passwd,sp,sl); + strcat(passwd,"$"); + + MD5Final(final,&ctx); + + /* + * and now, just to make sure things don't run too fast + * On a 60 Mhz Pentium this takes 34 msec, so you would + * need 30 seconds to build a 1000 entry dictionary... + */ + for(i=0;i<1000;i++) { + MD5Init(&ctx1); + if(i & 1) + MD5Update(&ctx1,pw,strlen(pw)); + else + MD5Update(&ctx1,final,16); + + if(i % 3) + MD5Update(&ctx1,sp,sl); + + if(i % 7) + MD5Update(&ctx1,pw,strlen(pw)); + + if(i & 1) + MD5Update(&ctx1,final,16); + else + MD5Update(&ctx1,pw,strlen(pw)); + MD5Final(final,&ctx1); + } + + p = passwd + strlen(passwd); + + l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4; + l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4; + l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4; + l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4; + l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4; + l = final[11] ; to64(p,l,2); p += 2; + *p = '\0'; + + /* Don't leave anything around in vm they could use. */ + memset(final,0,sizeof final); + + return passwd; +} + diff --git a/secure/lib/libcrypt/crypt.3 b/secure/lib/libcrypt/crypt.3 new file mode 100644 index 0000000..9eefd25 --- /dev/null +++ b/secure/lib/libcrypt/crypt.3 @@ -0,0 +1,159 @@ +.\" FreeSec: libcrypt for NetBSD +.\" +.\" Copyright (c) 1994 David Burren +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 4. Neither the name of the author nor the names of other contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: crypt.3,v 1.5 1995/12/16 09:01:49 markm Exp $ +.\" +.\" Manual page, using -mandoc macros +.\" +.Dd March 9, 1994 +.Dt CRYPT 3 +.Os "FreeSec 1.0" +.Sh NAME +.Nm crypt +.Nd DES trapdoor encryption +.Sh SYNOPSIS +.Ft char +.Fn *crypt "const char *key" "const char *setting" +.Sh DESCRIPTION +The +.Fn crypt +function performs password encryption, based on the +.Tn NBS +Data Encryption Standard (DES). +Additional code has been added to deter key search attempts. +The first argument to +.Nm crypt +is a +.Dv null Ns -terminated +string, typically a user's typed password. +The second is in one of three forms: +if it begins with an underscore (``_'') then an extended format is used +in interpreting both the the key and the setting, as outlined below. +if it begins with the string ``$1$'' then an exportable format is used. +.Ss Extended crypt: +.Pp +The +.Ar key +is divided into groups of 8 characters (the last group is null-padded) +and the low-order 7 bits of each each character (56 bits per group) are +used to form the DES key as follows: +the first group of 56 bits becomes the initial DES key. +For each additional group, the XOR of the encryption of the current DES +key with itself and the group bits becomes the next DES key. +.Pp +The setting is a 9-character array consisting of an underscore followed +by 4 bytes of iteration count and 4 bytes of salt. +These are encoded as printable characters, 6 bits per character, +least significant character first. +The values 0 to 63 are encoded as ``./0-9A-Za-z''. +This allows 24 bits for both +.Fa count +and +.Fa salt . +.Ss "Traditional" crypt: +.Pp +The first 8 bytes of the key are null-padded, and the low-order 7 bits of +each character is used to form the 56-bit +.Tn DES +key. +.Pp +The setting is a 2-character array of the ASCII-encoded salt. +Thus only 12 bits of +.Fa salt +are used. +.Fa count +is set to 25. +.Ss "FreeBSD" or "Exportable" crypt: +.Pp +If the salt begins with ``$1$'' then the freely exportable +.Tn MD5 +algorithm is used to calculate a hash value, from which the password string +is generated. The +.Tn MD5 +derived routine is designed to be time-consuming like the DES based version. +.Ss Algorithm: +.Pp +The +.Fa salt +introduces disorder in the +.Tn DES +algorithm in one of 16777216 or 4096 possible ways +(ie. with 24 or 12 bits: if bit +.Em i +of the +.Ar salt +is set, then bits +.Em i +and +.Em i+24 +are swapped in the +.Tn DES +E-box output). +.Pp +The DES key is used to encrypt a 64-bit constant using +.Ar count +iterations of +.Tn DES . +The value returned is a +.Dv null Ns -terminated +string, 20 or 13 bytes (plus null) in length, consisting of the +.Ar setting +followed by the encoded 64-bit encryption. +.Pp +The function +.Fn crypt +returns a pointer to the encrypted value on success, and NULL on failure. +.Sh SEE ALSO +.Xr login 1 , +.Xr passwd 1 , +.Xr getpass 3 , +.Xr passwd 5 +.Sh BUGS +The +.Fn crypt +function returns a pointer to static data, and subsequent calls to +.Fn crypt +will modify the same object. +.Sh HISTORY +A rotor-based +.Fn crypt +function appeared in +.At v6 . +The current style +.Fn crypt +first appeared in +.At v7 . +.Pp +This library (FreeSec 1.0) was developed outside the United States of America +as an unencumbered replacement for the U.S.-only NetBSD libcrypt encryption +library. +Users should be aware that this code (and programs staticly linked with it) +may not be exported from the U.S., although it apparently can be imported. +.Sh AUTHOR +David Burren <davidb@werj.com.au> diff --git a/secure/lib/libcrypt/crypt.c b/secure/lib/libcrypt/crypt.c new file mode 100644 index 0000000..31b2024 --- /dev/null +++ b/secure/lib/libcrypt/crypt.c @@ -0,0 +1,697 @@ +/* + * FreeSec: libcrypt for NetBSD + * + * Copyright (c) 1994 David Burren + * All rights reserved. + * + * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet + * crypt.c should now *only* export crypt(), in order to make + * binaries of libcrypt exportable from the USA + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 4. Neither the name of the author nor the names of other contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id$ + * + * This is an original implementation of the DES and the crypt(3) interfaces + * by David Burren <davidb@werj.com.au>. + * + * An excellent reference on the underlying algorithm (and related + * algorithms) is: + * + * B. Schneier, Applied Cryptography: protocols, algorithms, + * and source code in C, John Wiley & Sons, 1994. + * + * Note that in that book's description of DES the lookups for the initial, + * pbox, and final permutations are inverted (this has been brought to the + * attention of the author). A list of errata for this book has been + * posted to the sci.crypt newsgroup by the author and is available for FTP. + * + * ARCHITECTURE ASSUMPTIONS: + * This code assumes that u_longs are 32 bits. It will probably not + * operate on 64-bit machines without modifications. + * It is assumed that the 8-byte arrays passed by reference can be + * addressed as arrays of u_longs (ie. the CPU is not picky about + * alignment). + */ +#include <sys/types.h> +#include <sys/param.h> +#include <pwd.h> +#include <string.h> + +char *crypt_md5(const char *pw, const char *salt); + +/* We can't always assume gcc */ +#ifdef __GNUC__ +#define INLINE inline +#endif + + +static u_char IP[64] = { + 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, + 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, + 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, + 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 +}; + +static u_char inv_key_perm[64]; +static u_char u_key_perm[56]; +static u_char key_perm[56] = { + 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, + 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, + 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, + 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 +}; + +static u_char key_shifts[16] = { + 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 +}; + +static u_char inv_comp_perm[56]; +static u_char comp_perm[48] = { + 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, + 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, + 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, + 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 +}; + +/* + * No E box is used, as it's replaced by some ANDs, shifts, and ORs. + */ + +static u_char u_sbox[8][64]; +static u_char sbox[8][64] = { + { + 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, + 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, + 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, + 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 + }, + { + 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, + 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, + 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, + 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 + }, + { + 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, + 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, + 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, + 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 + }, + { + 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, + 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, + 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, + 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 + }, + { + 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, + 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, + 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, + 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 + }, + { + 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, + 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, + 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, + 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 + }, + { + 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, + 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, + 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, + 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 + }, + { + 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, + 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, + 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, + 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 + } +}; + +static u_char un_pbox[32]; +static u_char pbox[32] = { + 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, + 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 +}; + +static u_long bits32[32] = +{ + 0x80000000, 0x40000000, 0x20000000, 0x10000000, + 0x08000000, 0x04000000, 0x02000000, 0x01000000, + 0x00800000, 0x00400000, 0x00200000, 0x00100000, + 0x00080000, 0x00040000, 0x00020000, 0x00010000, + 0x00008000, 0x00004000, 0x00002000, 0x00001000, + 0x00000800, 0x00000400, 0x00000200, 0x00000100, + 0x00000080, 0x00000040, 0x00000020, 0x00000010, + 0x00000008, 0x00000004, 0x00000002, 0x00000001 +}; + +static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; + +static u_long saltbits; +static long old_salt; +static u_long *bits28, *bits24; +static u_char init_perm[64], final_perm[64]; +static u_long en_keysl[16], en_keysr[16]; +static u_long de_keysl[16], de_keysr[16]; +static int des_initialised = 0; +static u_char m_sbox[4][4096]; +static u_long psbox[4][256]; +static u_long ip_maskl[8][256], ip_maskr[8][256]; +static u_long fp_maskl[8][256], fp_maskr[8][256]; +static u_long key_perm_maskl[8][128], key_perm_maskr[8][128]; +static u_long comp_maskl[8][128], comp_maskr[8][128]; +static u_long old_rawkey0, old_rawkey1; + +static u_char ascii64[] = + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; +/* 0000000000111111111122222222223333333333444444444455555555556666 */ +/* 0123456789012345678901234567890123456789012345678901234567890123 */ + +static INLINE int +ascii_to_bin(char ch) +{ + if (ch > 'z') + return(0); + if (ch >= 'a') + return(ch - 'a' + 38); + if (ch > 'Z') + return(0); + if (ch >= 'A') + return(ch - 'A' + 12); + if (ch > '9') + return(0); + if (ch >= '.') + return(ch - '.'); + return(0); +} + +static void +des_init() +{ + int i, j, b, k, inbit, obit; + u_long *p, *il, *ir, *fl, *fr; + + old_rawkey0 = old_rawkey1 = 0L; + saltbits = 0L; + old_salt = 0L; + bits24 = (bits28 = bits32 + 4) + 4; + + /* + * Invert the S-boxes, reordering the input bits. + */ + for (i = 0; i < 8; i++) + for (j = 0; j < 64; j++) { + b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); + u_sbox[i][j] = sbox[i][b]; + } + + /* + * Convert the inverted S-boxes into 4 arrays of 8 bits. + * Each will handle 12 bits of the S-box input. + */ + for (b = 0; b < 4; b++) + for (i = 0; i < 64; i++) + for (j = 0; j < 64; j++) + m_sbox[b][(i << 6) | j] = + (u_sbox[(b << 1)][i] << 4) | + u_sbox[(b << 1) + 1][j]; + + /* + * Set up the initial & final permutations into a useful form, and + * initialise the inverted key permutation. + */ + for (i = 0; i < 64; i++) { + init_perm[final_perm[i] = IP[i] - 1] = i; + inv_key_perm[i] = 255; + } + + /* + * Invert the key permutation and initialise the inverted key + * compression permutation. + */ + for (i = 0; i < 56; i++) { + u_key_perm[i] = key_perm[i] - 1; + inv_key_perm[key_perm[i] - 1] = i; + inv_comp_perm[i] = 255; + } + + /* + * Invert the key compression permutation. + */ + for (i = 0; i < 48; i++) { + inv_comp_perm[comp_perm[i] - 1] = i; + } + + /* + * Set up the OR-mask arrays for the initial and final permutations, + * and for the key initial and compression permutations. + */ + for (k = 0; k < 8; k++) { + for (i = 0; i < 256; i++) { + *(il = &ip_maskl[k][i]) = 0L; + *(ir = &ip_maskr[k][i]) = 0L; + *(fl = &fp_maskl[k][i]) = 0L; + *(fr = &fp_maskr[k][i]) = 0L; + for (j = 0; j < 8; j++) { + inbit = 8 * k + j; + if (i & bits8[j]) { + if ((obit = init_perm[inbit]) < 32) + *il |= bits32[obit]; + else + *ir |= bits32[obit-32]; + if ((obit = final_perm[inbit]) < 32) + *fl |= bits32[obit]; + else + *fr |= bits32[obit - 32]; + } + } + } + for (i = 0; i < 128; i++) { + *(il = &key_perm_maskl[k][i]) = 0L; + *(ir = &key_perm_maskr[k][i]) = 0L; + for (j = 0; j < 7; j++) { + inbit = 8 * k + j; + if (i & bits8[j + 1]) { + if ((obit = inv_key_perm[inbit]) == 255) + continue; + if (obit < 28) + *il |= bits28[obit]; + else + *ir |= bits28[obit - 28]; + } + } + *(il = &comp_maskl[k][i]) = 0L; + *(ir = &comp_maskr[k][i]) = 0L; + for (j = 0; j < 7; j++) { + inbit = 7 * k + j; + if (i & bits8[j + 1]) { + if ((obit=inv_comp_perm[inbit]) == 255) + continue; + if (obit < 24) + *il |= bits24[obit]; + else + *ir |= bits24[obit - 24]; + } + } + } + } + + /* + * Invert the P-box permutation, and convert into OR-masks for + * handling the output of the S-box arrays setup above. + */ + for (i = 0; i < 32; i++) + un_pbox[pbox[i] - 1] = i; + + for (b = 0; b < 4; b++) + for (i = 0; i < 256; i++) { + *(p = &psbox[b][i]) = 0L; + for (j = 0; j < 8; j++) { + if (i & bits8[j]) + *p |= bits32[un_pbox[8 * b + j]]; + } + } + + des_initialised = 1; +} + +static void +setup_salt(long salt) +{ + u_long obit, saltbit; + int i; + + if (salt == old_salt) + return; + old_salt = salt; + + saltbits = 0L; + saltbit = 1; + obit = 0x800000; + for (i = 0; i < 24; i++) { + if (salt & saltbit) + saltbits |= obit; + saltbit <<= 1; + obit >>= 1; + } +} + +static int +des_setkey(const char *key) +{ + u_long k0, k1, rawkey0, rawkey1; + int shifts, round; + + if (!des_initialised) + des_init(); + + rawkey0 = ntohl(*(u_long *) key); + rawkey1 = ntohl(*(u_long *) (key + 4)); + + if ((rawkey0 | rawkey1) + && rawkey0 == old_rawkey0 + && rawkey1 == old_rawkey1) { + /* + * Already setup for this key. + * This optimisation fails on a zero key (which is weak and + * has bad parity anyway) in order to simplify the starting + * conditions. + */ + return(0); + } + old_rawkey0 = rawkey0; + old_rawkey1 = rawkey1; + + /* + * Do key permutation and split into two 28-bit subkeys. + */ + k0 = key_perm_maskl[0][rawkey0 >> 25] + | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] + | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] + | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] + | key_perm_maskl[4][rawkey1 >> 25] + | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] + | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] + | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; + k1 = key_perm_maskr[0][rawkey0 >> 25] + | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] + | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] + | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] + | key_perm_maskr[4][rawkey1 >> 25] + | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] + | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] + | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; + /* + * Rotate subkeys and do compression permutation. + */ + shifts = 0; + for (round = 0; round < 16; round++) { + u_long t0, t1; + + shifts += key_shifts[round]; + + t0 = (k0 << shifts) | (k0 >> (28 - shifts)); + t1 = (k1 << shifts) | (k1 >> (28 - shifts)); + + de_keysl[15 - round] = + en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] + | comp_maskl[1][(t0 >> 14) & 0x7f] + | comp_maskl[2][(t0 >> 7) & 0x7f] + | comp_maskl[3][t0 & 0x7f] + | comp_maskl[4][(t1 >> 21) & 0x7f] + | comp_maskl[5][(t1 >> 14) & 0x7f] + | comp_maskl[6][(t1 >> 7) & 0x7f] + | comp_maskl[7][t1 & 0x7f]; + + de_keysr[15 - round] = + en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] + | comp_maskr[1][(t0 >> 14) & 0x7f] + | comp_maskr[2][(t0 >> 7) & 0x7f] + | comp_maskr[3][t0 & 0x7f] + | comp_maskr[4][(t1 >> 21) & 0x7f] + | comp_maskr[5][(t1 >> 14) & 0x7f] + | comp_maskr[6][(t1 >> 7) & 0x7f] + | comp_maskr[7][t1 & 0x7f]; + } + return(0); +} + +static int +do_des( u_long l_in, u_long r_in, u_long *l_out, u_long *r_out, int count) +{ + /* + * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. + */ + u_long l, r, *kl, *kr, *kl1, *kr1; + u_long f, r48l, r48r; + int round; + + if (count == 0) { + return(1); + } else if (count > 0) { + /* + * Encrypting + */ + kl1 = en_keysl; + kr1 = en_keysr; + } else { + /* + * Decrypting + */ + count = -count; + kl1 = de_keysl; + kr1 = de_keysr; + } + + /* + * Do initial permutation (IP). + */ + l = ip_maskl[0][l_in >> 24] + | ip_maskl[1][(l_in >> 16) & 0xff] + | ip_maskl[2][(l_in >> 8) & 0xff] + | ip_maskl[3][l_in & 0xff] + | ip_maskl[4][r_in >> 24] + | ip_maskl[5][(r_in >> 16) & 0xff] + | ip_maskl[6][(r_in >> 8) & 0xff] + | ip_maskl[7][r_in & 0xff]; + r = ip_maskr[0][l_in >> 24] + | ip_maskr[1][(l_in >> 16) & 0xff] + | ip_maskr[2][(l_in >> 8) & 0xff] + | ip_maskr[3][l_in & 0xff] + | ip_maskr[4][r_in >> 24] + | ip_maskr[5][(r_in >> 16) & 0xff] + | ip_maskr[6][(r_in >> 8) & 0xff] + | ip_maskr[7][r_in & 0xff]; + + while (count--) { + /* + * Do each round. + */ + kl = kl1; + kr = kr1; + round = 16; + while (round--) { + /* + * Expand R to 48 bits (simulate the E-box). + */ + r48l = ((r & 0x00000001) << 23) + | ((r & 0xf8000000) >> 9) + | ((r & 0x1f800000) >> 11) + | ((r & 0x01f80000) >> 13) + | ((r & 0x001f8000) >> 15); + + r48r = ((r & 0x0001f800) << 7) + | ((r & 0x00001f80) << 5) + | ((r & 0x000001f8) << 3) + | ((r & 0x0000001f) << 1) + | ((r & 0x80000000) >> 31); + /* + * Do salting for crypt() and friends, and + * XOR with the permuted key. + */ + f = (r48l ^ r48r) & saltbits; + r48l ^= f ^ *kl++; + r48r ^= f ^ *kr++; + /* + * Do sbox lookups (which shrink it back to 32 bits) + * and do the pbox permutation at the same time. + */ + f = psbox[0][m_sbox[0][r48l >> 12]] + | psbox[1][m_sbox[1][r48l & 0xfff]] + | psbox[2][m_sbox[2][r48r >> 12]] + | psbox[3][m_sbox[3][r48r & 0xfff]]; + /* + * Now that we've permuted things, complete f(). + */ + f ^= l; + l = r; + r = f; + } + r = l; + l = f; + } + /* + * Do final permutation (inverse of IP). + */ + *l_out = fp_maskl[0][l >> 24] + | fp_maskl[1][(l >> 16) & 0xff] + | fp_maskl[2][(l >> 8) & 0xff] + | fp_maskl[3][l & 0xff] + | fp_maskl[4][r >> 24] + | fp_maskl[5][(r >> 16) & 0xff] + | fp_maskl[6][(r >> 8) & 0xff] + | fp_maskl[7][r & 0xff]; + *r_out = fp_maskr[0][l >> 24] + | fp_maskr[1][(l >> 16) & 0xff] + | fp_maskr[2][(l >> 8) & 0xff] + | fp_maskr[3][l & 0xff] + | fp_maskr[4][r >> 24] + | fp_maskr[5][(r >> 16) & 0xff] + | fp_maskr[6][(r >> 8) & 0xff] + | fp_maskr[7][r & 0xff]; + return(0); +} + +static int +des_cipher(const char *in, char *out, long salt, int count) +{ + u_long l_out, r_out, rawl, rawr; + int retval; + + if (!des_initialised) + des_init(); + + setup_salt(salt); + + rawl = ntohl(*((u_long *) in)++); + rawr = ntohl(*((u_long *) in)); + + retval = do_des(rawl, rawr, &l_out, &r_out, count); + + *((u_long *) out)++ = htonl(l_out); + *((u_long *) out) = htonl(r_out); + return(retval); +} + +char * +crypt(char *key, char *setting) +{ + int i; + u_long count, salt, l, r0, r1, keybuf[2]; + u_char *p, *q; + static u_char output[21]; + + if (!strncmp(setting, "$1$", 3)) + return crypt_md5(key, setting); + + if (!des_initialised) + des_init(); + + + /* + * Copy the key, shifting each character up by one bit + * and padding with zeros. + */ + q = (u_char *) keybuf; + while (q - (u_char *) keybuf - 8) { + if ((*q++ = *key << 1)) + key++; + } + if (des_setkey((u_char *) keybuf)) + return(NULL); + + if (*setting == _PASSWORD_EFMT1) { + /* + * "new"-style: + * setting - underscore, 4 bytes of count, 4 bytes of salt + * key - unlimited characters + */ + for (i = 1, count = 0L; i < 5; i++) + count |= ascii_to_bin(setting[i]) << (i - 1) * 6; + + for (i = 5, salt = 0L; i < 9; i++) + salt |= ascii_to_bin(setting[i]) << (i - 5) * 6; + + while (*key) { + /* + * Encrypt the key with itself. + */ + if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0L, 1)) + return(NULL); + /* + * And XOR with the next 8 characters of the key. + */ + q = (u_char *) keybuf; + while (q - (u_char *) keybuf - 8 && *key) + *q++ ^= *key++ << 1; + + if (des_setkey((u_char *) keybuf)) + return(NULL); + } + strncpy(output, setting, 9); + + /* + * Double check that we weren't given a short setting. + * If we were, the above code will probably have created + * wierd values for count and salt, but we don't really care. + * Just make sure the output string doesn't have an extra + * NUL in it. + */ + output[9] = '\0'; + p = output + strlen(output); + } else { + /* + * "old"-style: + * setting - 2 bytes of salt + * key - up to 8 characters + */ + count = 25; + + salt = (ascii_to_bin(setting[1]) << 6) + | ascii_to_bin(setting[0]); + + output[0] = setting[0]; + /* + * If the encrypted password that the salt was extracted from + * is only 1 character long, the salt will be corrupted. We + * need to ensure that the output string doesn't have an extra + * NUL in it! + */ + output[1] = setting[1] ? setting[1] : output[0]; + + p = output + 2; + } + setup_salt(salt); + /* + * Do it. + */ + if (do_des(0L, 0L, &r0, &r1, count)) + return(NULL); + /* + * Now encode the result... + */ + l = (r0 >> 8); + *p++ = ascii64[(l >> 18) & 0x3f]; + *p++ = ascii64[(l >> 12) & 0x3f]; + *p++ = ascii64[(l >> 6) & 0x3f]; + *p++ = ascii64[l & 0x3f]; + + l = (r0 << 16) | ((r1 >> 16) & 0xffff); + *p++ = ascii64[(l >> 18) & 0x3f]; + *p++ = ascii64[(l >> 12) & 0x3f]; + *p++ = ascii64[(l >> 6) & 0x3f]; + *p++ = ascii64[l & 0x3f]; + + l = r1 << 2; + *p++ = ascii64[(l >> 12) & 0x3f]; + *p++ = ascii64[(l >> 6) & 0x3f]; + *p++ = ascii64[l & 0x3f]; + *p = 0; + + return(output); +} diff --git a/secure/lib/libcrypt/test/Makefile b/secure/lib/libcrypt/test/Makefile new file mode 100644 index 0000000..c55a276 --- /dev/null +++ b/secure/lib/libcrypt/test/Makefile @@ -0,0 +1,42 @@ +# +# Hacked Makefile to compile and run the DES-certification program, +# but not install anything. +# +# $Id: Makefile,v 1.4 1995/05/30 06:11:48 rgrimes Exp $ +# +LIBCRYPT= $(.OBJDIR)/libdescrypt.a + +#CFLAGS+= -DHAVE_CRYPT16 + +TARGETS=cert speedcrypt + +all: ${TARGETS} + +test: all testcrypt testspeed + +testcrypt: cert + @./cert -c + +testspeed: cryptspeed + +cryptspeed: speedcrypt + @./speedcrypt 30 1 + @./speedcrypt 30 1 + @./speedcrypt 30 0 + @./speedcrypt 30 0 + +cert: cert.c ${LIBCRYPT} + $(CC) $(CFLAGS) -o cert ${.CURDIR}/cert.c ${LIBCRYPT} + +speedcrypt: speedcrypt.c ${LIBCRYPT} + $(CC) $(CFLAGS) -o speedcrypt ${.CURDIR}/speedcrypt.c ${LIBCRYPT} + + +clean: + rm -f ${TARGETS} + +install: + +obj: + +.include <bsd.prog.mk> diff --git a/secure/lib/libcrypt/test/README b/secure/lib/libcrypt/test/README new file mode 100644 index 0000000..eb6b0be --- /dev/null +++ b/secure/lib/libcrypt/test/README @@ -0,0 +1,10 @@ +This directory contains test programs to certify DES operation and to +time the crypt() call (of curiosity value). + +Simply type `make test` to run the tests. + +The normal `make all` and `make install` that get done during library building +and installation will build these programs BUT NOT INSTALL THEM. After all, +they're only for testing... + +- David Burren, January 1994 diff --git a/secure/lib/libcrypt/test/cert.c b/secure/lib/libcrypt/test/cert.c new file mode 100644 index 0000000..b2e3ae5 --- /dev/null +++ b/secure/lib/libcrypt/test/cert.c @@ -0,0 +1,208 @@ +/* + * This DES validation program shipped with FreeSec is derived from that + * shipped with UFC-crypt which is apparently derived from one distributed + * with Phil Karns PD DES package. + * + * $Id: cert.c,v 1.2 1994/08/08 17:29:03 csgr Exp $ + */ + +#include <stdio.h> + +int totfails = 0; + +char *crypt(); +#ifdef HAVE_CRYPT16 +char *crypt16(); +#endif /* HAVE_CRYPT16 */ + + +static struct crypt_test { + char *key, *setting, *answer; +} crypt_tests[] = { + "foob", "ar", "arlEKn0OzVJn.", + "holyhooplasbatman!", "_X.......", "_X.......N89y2Z.e4WU", + "holyhooplasbatman!", "_X...X...", "_X...X...rSUDQ5Na/QM", + "holyhooplasbatman!", "_XX..X...", "_XX..X...P8vb9xU4JAk", + "holyhooplasbatman!", "_XX..XX..", "_XX..XX..JDs5IlGLqT2", + "holyhooplasbatman!", "_XX..XXa.", "_XX..XXa.bFVsOnCNh8Y", + "holyhooplasbatman!", "_XXa.X...", "_XXa.X...Ghsb3QKNaps", +#ifdef TAKES_TOO_LONG_ON_SOME_CRYPTS + "holyhooplasbatman!", "_arararar", "_ararararNGMzvpNjeCc", +#endif + NULL, NULL, NULL, +}; + + +static struct crypt_test crypt16_tests[] = { + "foob", "ar", "arxo23jZDD5AYbHbqoy9Dalg", + "holyhooplasbatman!", "ar", "arU5FRLJ3kxIoedlmyrOelEw", + NULL, NULL, NULL +}; + + +void good_bye() +{ + if(totfails == 0) { + printf(" Passed validation\n"); + exit(0); + } else { + printf(" %d failures during validation!!!\n", totfails); + exit(1); + } +} + + +void put8(cp) +char *cp; +{ + int i,j,t; + + for(i = 0; i < 8; i++){ + t = 0; + for(j = 0; j < 8; j++) + t = t << 1 | *cp++; + printf("%02x", t); + } +} + + +void print_bits(bits) +unsigned char *bits; +{ + int i; + + for (i = 0; i < 8; i++) { + printf("%02x", bits[i]); + } +} + + +int parse_line(buff, salt, key, plain, answer) +char *buff; +long *salt; +char *key, *plain, *answer; +{ + char *ptr1, *ptr2; + int val; + int i,j,t; + + /* + * Extract salt + */ + if (sscanf(buff, "%lu", salt) != 1) + return(-1); + for (ptr2 = buff; *ptr2 && !isspace(*ptr2); ptr2++) + ; + + /* + * Extract key + */ + for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++) + ; + for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++) + ; + if (ptr2 - ptr1 != 16) + return(-1); + for (i = 0; i < 8; i++){ + if (sscanf(ptr1 + 2*i, "%2x", &t) != 1) + return(-2); + for (j = 0; j < 8; j++) + *key++ = (t & 1 << (7 - j)) != 0; + } + + /* + * Extract plain + */ + for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++) + ; + for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++) + ; + if (ptr2 - ptr1 != 16) + return(-1); + for (i = 0; i < 8; i++){ + if (sscanf(ptr1 + 2*i, "%2x", &t) != 1) + return(-2); + for (j = 0; j < 8; j++) + *plain++ = (t & 1 << (7 - j)) != 0; + } + + /* + * Extract answer + */ + for (ptr1 = ptr2; *ptr1 && isspace(*ptr1); ptr1++) + ; + for (ptr2 = ptr1; *ptr2 && !isspace(*ptr2); ptr2++) + ; + if (ptr2 - ptr1 != 16) + return(-1); + for (i = 0; i < 8; i++){ + if (sscanf(ptr1 + 2*i, "%2x", &t) != 1) + return(-2); + for (j = 0; j < 8; j++) + *answer++ = (t & 1 << (7 - j)) != 0; + } + return(0); +} + +void bytes_to_bits(bytes, bits) +char *bytes; +unsigned char *bits; +{ + int i, j; + + for (i = 0; i < 8; i++) { + bits[i] = 0; + for (j = 0; j < 8; j++) { + bits[i] |= (bytes[i*8+j] & 1) << (7 - j); + } + } +} + + + +/* + * Test the old-style crypt(), the new-style crypt(), and crypt16(). + */ +void test_crypt() +{ + char *result; + struct crypt_test *p; + + printf("Testing crypt() family\n"); + + for (p = crypt_tests; p->key; p++) { + printf(" crypt(\"%s\", \"%s\"), \"%s\" expected", + p->key, p->setting, p->answer); + fflush(stdout); + result = crypt(p->key, p->setting); + if(!strcmp(result, p->answer)) { + printf(", OK\n"); + } else { + printf("\n failed (\"%s\")\n", result); + totfails++; + } + } + +#ifdef HAVE_CRYPT16 + for (p = crypt16_tests; p->key; p++) { + printf(" crypt16(\"%s\", \"%s\"), \"%s\" expected", + p->key, p->setting, p->answer); + fflush(stdout); + result = crypt16(p->key, p->setting); + if(!strcmp(result, p->answer)) { + printf(", OK\n"); + } else { + printf("\n failed (\"%s\")\n", result); + totfails++; + } + } +#endif /* HAVE_CRYPT16 */ +} + +main(argc, argv) +int argc; +char *argv[]; +{ + test_crypt(); + good_bye(); +} diff --git a/secure/lib/libcrypt/test/cert.input b/secure/lib/libcrypt/test/cert.input new file mode 100644 index 0000000..d0fa7a5 --- /dev/null +++ b/secure/lib/libcrypt/test/cert.input @@ -0,0 +1,179 @@ +# $Id: cert.input,v 1.1.1.1 1994/04/04 14:57:19 g89r4222 Exp $ +# +# Salt, key, plaintext, ciphertext +# +0 0101010101010101 95f8a5e5dd31d900 8000000000000000 +0 0101010101010101 dd7f121ca5015619 4000000000000000 +0 0101010101010101 2e8653104f3834ea 2000000000000000 +0 0101010101010101 4bd388ff6cd81d4f 1000000000000000 +0 0101010101010101 20b9e767b2fb1456 0800000000000000 +0 0101010101010101 55579380d77138ef 0400000000000000 +0 0101010101010101 6cc5defaaf04512f 0200000000000000 +0 0101010101010101 0d9f279ba5d87260 0100000000000000 +0 0101010101010101 d9031b0271bd5a0a 0080000000000000 +0 0101010101010101 424250b37c3dd951 0040000000000000 +0 0101010101010101 b8061b7ecd9a21e5 0020000000000000 +0 0101010101010101 f15d0f286b65bd28 0010000000000000 +0 0101010101010101 add0cc8d6e5deba1 0008000000000000 +0 0101010101010101 e6d5f82752ad63d1 0004000000000000 +0 0101010101010101 ecbfe3bd3f591a5e 0002000000000000 +0 0101010101010101 f356834379d165cd 0001000000000000 +0 0101010101010101 2b9f982f20037fa9 0000800000000000 +0 0101010101010101 889de068a16f0be6 0000400000000000 +0 0101010101010101 e19e275d846a1298 0000200000000000 +0 0101010101010101 329a8ed523d71aec 0000100000000000 +0 0101010101010101 e7fce22557d23c97 0000080000000000 +0 0101010101010101 12a9f5817ff2d65d 0000040000000000 +0 0101010101010101 a484c3ad38dc9c19 0000020000000000 +0 0101010101010101 fbe00a8a1ef8ad72 0000010000000000 +0 0101010101010101 750d079407521363 0000008000000000 +0 0101010101010101 64feed9c724c2faf 0000004000000000 +0 0101010101010101 f02b263b328e2b60 0000002000000000 +0 0101010101010101 9d64555a9a10b852 0000001000000000 +0 0101010101010101 d106ff0bed5255d7 0000000800000000 +0 0101010101010101 e1652c6b138c64a5 0000000400000000 +0 0101010101010101 e428581186ec8f46 0000000200000000 +0 0101010101010101 aeb5f5ede22d1a36 0000000100000000 +0 0101010101010101 e943d7568aec0c5c 0000000080000000 +0 0101010101010101 df98c8276f54b04b 0000000040000000 +0 0101010101010101 b160e4680f6c696f 0000000020000000 +0 0101010101010101 fa0752b07d9c4ab8 0000000010000000 +0 0101010101010101 ca3a2b036dbc8502 0000000008000000 +0 0101010101010101 5e0905517bb59bcf 0000000004000000 +0 0101010101010101 814eeb3b91d90726 0000000002000000 +0 0101010101010101 4d49db1532919c9f 0000000001000000 +0 0101010101010101 25eb5fc3f8cf0621 0000000000800000 +0 0101010101010101 ab6a20c0620d1c6f 0000000000400000 +0 0101010101010101 79e90dbc98f92cca 0000000000200000 +0 0101010101010101 866ecedd8072bb0e 0000000000100000 +0 0101010101010101 8b54536f2f3e64a8 0000000000080000 +0 0101010101010101 ea51d3975595b86b 0000000000040000 +0 0101010101010101 caffc6ac4542de31 0000000000020000 +0 0101010101010101 8dd45a2ddf90796c 0000000000010000 +0 0101010101010101 1029d55e880ec2d0 0000000000008000 +0 0101010101010101 5d86cb23639dbea9 0000000000004000 +0 0101010101010101 1d1ca853ae7c0c5f 0000000000002000 +0 0101010101010101 ce332329248f3228 0000000000001000 +0 0101010101010101 8405d1abe24fb942 0000000000000800 +0 0101010101010101 e643d78090ca4207 0000000000000400 +0 0101010101010101 48221b9937748a23 0000000000000200 +0 0101010101010101 dd7c0bbd61fafd54 0000000000000100 +0 0101010101010101 2fbc291a570db5c4 0000000000000080 +0 0101010101010101 e07c30d7e4e26e12 0000000000000040 +0 0101010101010101 0953e2258e8e90a1 0000000000000020 +0 0101010101010101 5b711bc4ceebf2ee 0000000000000010 +0 0101010101010101 cc083f1e6d9e85f6 0000000000000008 +0 0101010101010101 d2fd8867d50d2dfe 0000000000000004 +0 0101010101010101 06e7ea22ce92708f 0000000000000002 +0 0101010101010101 166b40b44aba4bd6 0000000000000001 +0 8001010101010101 0000000000000000 95a8d72813daa94d +0 4001010101010101 0000000000000000 0eec1487dd8c26d5 +0 2001010101010101 0000000000000000 7ad16ffb79c45926 +0 1001010101010101 0000000000000000 d3746294ca6a6cf3 +0 0801010101010101 0000000000000000 809f5f873c1fd761 +0 0401010101010101 0000000000000000 c02faffec989d1fc +0 0201010101010101 0000000000000000 4615aa1d33e72f10 +0 0180010101010101 0000000000000000 2055123350c00858 +0 0140010101010101 0000000000000000 df3b99d6577397c8 +0 0120010101010101 0000000000000000 31fe17369b5288c9 +0 0110010101010101 0000000000000000 dfdd3cc64dae1642 +0 0108010101010101 0000000000000000 178c83ce2b399d94 +0 0104010101010101 0000000000000000 50f636324a9b7f80 +0 0102010101010101 0000000000000000 a8468ee3bc18f06d +0 0101800101010101 0000000000000000 a2dc9e92fd3cde92 +0 0101400101010101 0000000000000000 cac09f797d031287 +0 0101200101010101 0000000000000000 90ba680b22aeb525 +0 0101100101010101 0000000000000000 ce7a24f350e280b6 +0 0101080101010101 0000000000000000 882bff0aa01a0b87 +0 0101040101010101 0000000000000000 25610288924511c2 +0 0101020101010101 0000000000000000 c71516c29c75d170 +0 0101018001010101 0000000000000000 5199c29a52c9f059 +0 0101014001010101 0000000000000000 c22f0a294a71f29f +0 0101012001010101 0000000000000000 ee371483714c02ea +0 0101011001010101 0000000000000000 a81fbd448f9e522f +0 0101010801010101 0000000000000000 4f644c92e192dfed +0 0101010401010101 0000000000000000 1afa9a66a6df92ae +0 0101010201010101 0000000000000000 b3c1cc715cb879d8 +0 0101010180010101 0000000000000000 19d032e64ab0bd8b +0 0101010140010101 0000000000000000 3cfaa7a7dc8720dc +0 0101010120010101 0000000000000000 b7265f7f447ac6f3 +0 0101010110010101 0000000000000000 9db73b3c0d163f54 +0 0101010108010101 0000000000000000 8181b65babf4a975 +0 0101010104010101 0000000000000000 93c9b64042eaa240 +0 0101010102010101 0000000000000000 5570530829705592 +0 0101010101800101 0000000000000000 8638809e878787a0 +0 0101010101400101 0000000000000000 41b9a79af79ac208 +0 0101010101200101 0000000000000000 7a9be42f2009a892 +0 0101010101100101 0000000000000000 29038d56ba6d2745 +0 0101010101080101 0000000000000000 5495c6abf1e5df51 +0 0101010101040101 0000000000000000 ae13dbd561488933 +0 0101010101020101 0000000000000000 024d1ffa8904e389 +0 0101010101018001 0000000000000000 d1399712f99bf02e +0 0101010101014001 0000000000000000 14c1d7c1cffec79e +0 0101010101012001 0000000000000000 1de5279dae3bed6f +0 0101010101011001 0000000000000000 e941a33f85501303 +0 0101010101010801 0000000000000000 da99dbbc9a03f379 +0 0101010101010401 0000000000000000 b7fc92f91d8e92e9 +0 0101010101010201 0000000000000000 ae8e5caa3ca04e85 +0 0101010101010180 0000000000000000 9cc62df43b6eed74 +0 0101010101010140 0000000000000000 d863dbb5c59a91a0 +0 0101010101010120 0000000000000000 a1ab2190545b91d7 +0 0101010101010110 0000000000000000 0875041e64c570f7 +0 0101010101010108 0000000000000000 5a594528bebef1cc +0 0101010101010104 0000000000000000 fcdb3291de21f0c0 +0 0101010101010102 0000000000000000 869efd7f9f265a09 +0 1046913489980131 0000000000000000 88d55e54f54c97b4 +0 1007103489988020 0000000000000000 0c0cc00c83ea48fd +0 10071034c8980120 0000000000000000 83bc8ef3a6570183 +0 1046103489988020 0000000000000000 df725dcad94ea2e9 +0 1086911519190101 0000000000000000 e652b53b550be8b0 +0 1086911519580101 0000000000000000 af527120c485cbb0 +0 5107b01519580101 0000000000000000 0f04ce393db926d5 +0 1007b01519190101 0000000000000000 c9f00ffc74079067 +0 3107915498080101 0000000000000000 7cfd82a593252b4e +0 3107919498080101 0000000000000000 cb49a2f9e91363e3 +0 10079115b9080140 0000000000000000 00b588be70d23f56 +0 3107911598080140 0000000000000000 406a9a6ab43399ae +0 1007d01589980101 0000000000000000 6cb773611dca9ada +0 9107911589980101 0000000000000000 67fd21c17dbb5d70 +0 9107d01589190101 0000000000000000 9592cb4110430787 +0 1007d01598980120 0000000000000000 a6b7ff68a318ddd3 +0 1007940498190101 0000000000000000 4d102196c914ca16 +0 0107910491190401 0000000000000000 2dfa9f4573594965 +0 0107910491190101 0000000000000000 b46604816c0e0774 +0 0107940491190401 0000000000000000 6e7e6221a4f34e87 +0 19079210981a0101 0000000000000000 aa85e74643233199 +0 1007911998190801 0000000000000000 2e5a19db4d1962d6 +0 10079119981a0801 0000000000000000 23a866a809d30894 +0 1007921098190101 0000000000000000 d812d961f017d320 +0 100791159819010b 0000000000000000 055605816e58608f +0 1004801598190101 0000000000000000 abd88e8b1b7716f1 +0 1004801598190102 0000000000000000 537ac95be69da1e1 +0 1004801598190108 0000000000000000 aed0f6ae3c25cdd8 +0 1002911598100104 0000000000000000 b3e35a5ee53e7b8d +0 1002911598190104 0000000000000000 61c79c71921a2ef8 +0 1002911598100201 0000000000000000 e2f5728f0995013c +0 1002911698100101 0000000000000000 1aeac39a61f0a464 +0 7ca110454a1a6e57 01a1d6d039776742 690f5b0d9a26939b +0 0131d9619dc1376e 5cd54ca83def57da 7a389d10354bd271 +0 07a1133e4a0b2686 0248d43806f67172 868ebb51cab4599a +0 3849674c2602319e 51454b582ddf440a 7178876e01f19b2a +0 04b915ba43feb5b6 42fd443059577fa2 af37fb421f8c4095 +0 0113b970fd34f2ce 059b5e0851cf143a 86a560f10ec6d85b +0 0170f175468fb5e6 0756d8e0774761d2 0cd3da020021dc09 +0 43297fad38e373fe 762514b829bf486a ea676b2cb7db2b7a +0 07a7137045da2a16 3bdd119049372802 dfd64a815caf1a0f +0 04689104c2fd3b2f 26955f6835af609a 5c513c9c4886c088 +0 37d06bb516cb7546 164d5e404f275232 0a2aeeae3ff4ab77 +0 1f08260d1ac2465e 6b056e18759f5cca ef1bf03e5dfa575a +0 584023641aba6176 004bd6ef09176062 88bf0db6d70dee56 +0 025816164629b007 480d39006ee762f2 a1f9915541020b56 +0 49793ebc79b3258f 437540c8698f3cfa 6fbf1cafcffd0556 +0 4fb05e1515ab73a7 072d43a077075292 2f22e49bab7ca1ac +0 49e95d6d4ca229bf 02fe55778117f12a 5a6b612cc26cce4a +0 018310dc409b26d6 1d9d5c5018f728c2 5f4c038ed12b2e41 +0 1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793 +1 1c587f1c13924fef 305532286d6f295a 400d307ca24fee60 +57 1c587f1c13924fef 305532286d6f295a 28b568f40e7d43ae +1 8001010101010101 0000000000000000 f501029f268e45dc +0 1c587f1c13924fef 305532286d6f295a 63fac0d034d9f793 diff --git a/secure/lib/libcrypt/test/speedcrypt.c b/secure/lib/libcrypt/test/speedcrypt.c new file mode 100644 index 0000000..f7507fd --- /dev/null +++ b/secure/lib/libcrypt/test/speedcrypt.c @@ -0,0 +1,76 @@ +#include <sys/types.h> +#include <sys/time.h> +#include <sys/resource.h> +#include <signal.h> +#include <stdio.h> + +int keep_going, count, alternate, seconds; +struct rusage prior, now; + +void +finish() +{ + keep_going = 0; +} + + +main(int argc, char *argv[]) +{ + struct itimerval itv; + u_long msecs, key1[8], key2[8]; + char *k1, *k2; + + if (argc < 2 || sscanf(argv[1], "%d", &seconds) != 1) + seconds = 20; + + if (argc < 3 || sscanf(argv[2], "%d", &alternate) != 1) + alternate = 0; + + printf ("Running crypt%s for %d seconds of vtime...\n", + alternate ? " with alternate keys" : "", seconds); + + bzero(&itv, sizeof (itv)); + signal (SIGVTALRM, finish); + itv.it_value.tv_sec = seconds; + itv.it_value.tv_usec = 0; + setitimer(ITIMER_VIRTUAL, &itv, NULL); + + keep_going = 1; + if (getrusage(0, &prior) < 0) { + perror("getrusage"); + exit(1); + } + + k1 = (char *) key1; + k2 = (char *) key2; + strcpy(k1, "fredfredfredfredfred"); + strcpy(k2, "joejoejoejoejoejoejo"); + + if (alternate) + for (count = 0; keep_going; count++) + { +#if defined(LONGCRYPT) + crypt((count & 1) ? k1 : k2, "_ara.X..."); +#else + crypt((count & 1) ? k1 : k2, "eek"); +#endif + } + else + for (count = 0; keep_going; count++) + { +#if defined(LONGCRYPT) + crypt(k1, "_ara.X..."); +#else + crypt(k1, "eek"); +#endif + } + + if (getrusage(0, &now) < 0) { + perror("getrusage"); + exit(1); + } + msecs = (now.ru_utime.tv_sec - prior.ru_utime.tv_sec) * 1000 + + (now.ru_utime.tv_usec - prior.ru_utime.tv_usec) / 1000; + printf ("\tDid %d crypt()s per second.\n", 1000 * count / msecs); + exit(0); +} diff --git a/secure/lib/libdes/Makefile b/secure/lib/libdes/Makefile new file mode 100644 index 0000000..4f0f821 --- /dev/null +++ b/secure/lib/libdes/Makefile @@ -0,0 +1,41 @@ +# @(#)Makefile 5.4 (Berkeley) 5/7/91 +# $Id: Makefile,v 1.1 1996/02/10 23:49:27 markm Exp $ + +LIB= des +SRCS= cbc3_enc.c cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c \ + ecb3_enc.c ecb_enc.c ede_enc.c enc_read.c enc_writ.c \ + ncbc_enc.c new_rkey.c ofb64enc.c ofb_enc.c pcbc_enc.c \ + qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c \ + str2key.c cfb64ede.c ofb64ede.c supp.c +HEADER= des.h + +SHLIB_MAJOR= 2 +SHLIB_MINOR= 1 + +CFLAGS+= -Wall +CLEANFILES+= des_crypt.3 + +MAN3= des_crypt.3 + +des_crypt.3: des_crypt.man + cp ${.OODATE} ${.TARGET} + +MLINKS= des_crypt.3 des_read_password.3 \ + des_crypt.3 des_read_2password.3 des_crypt.3 des_string_to_key.3 \ + des_crypt.3 des_string_to_2key.3 des_crypt.3 des_read_pw_string.3 \ + des_crypt.3 des_random_key.3 des_crypt.3 des_set_key.3 \ + des_crypt.3 des_key_sched.3 des_crypt.3 des_ecb_encrypt.3 \ + des_crypt.3 des_3ecb_encrypt.3 des_crypt.3 des_cbc_encrypt.3 \ + des_crypt.3 des_3cbc_encrypt.3 des_crypt.3 des_pcbc_encrypt.3 \ + des_crypt.3 des_cfb_encrypt.3 des_crypt.3 des_ofb_encrypt.3 \ + des_crypt.3 des_cbc_cksum.3 des_crypt.3 des_quad_cksum.3 \ + des_crypt.3 des_enc_read.3 des_crypt.3 des_enc_write.3 \ + des_crypt.3 des_set_odd_parity.3 des_crypt.3 des_is_weak_key.3 + +beforeinstall: + -cd ${.CURDIR}; for file in ${HEADER}; do \ + cmp -s $$file ${DESTDIR}/usr/include/$$file || \ + install -c -o ${BINOWN} -g ${BINGRP} -m 444 $$file \ + ${DESTDIR}/usr/include; done + +.include <bsd.lib.mk> diff --git a/secure/lib/libdes/des.h b/secure/lib/libdes/des.h index f0615f1..80b293b 100644 --- a/secure/lib/libdes/des.h +++ b/secure/lib/libdes/des.h @@ -1,5 +1,5 @@ /* lib/des/des.h */ -/* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au) +/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This file is part of an SSL implementation written @@ -48,30 +48,10 @@ #ifndef HEADER_DES_H #define HEADER_DES_H -#ifdef __cplusplus -extern "C" { -#endif - #include <stdio.h> -/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a - * %20 speed up (longs are 8 bytes, int's are 4). */ -#ifndef DES_LONG -#define DES_LONG unsigned long -#endif - typedef unsigned char des_cblock[8]; -typedef struct des_ks_struct - { - union { - des_cblock _; - /* make sure things are correct size on machines with - * 8 byte longs */ - DES_LONG pad[2]; - } ks; -#undef _ -#define _ ks._ - } des_key_schedule[16]; +typedef struct des_ks_struct { des_cblock _; } des_key_schedule[16]; #define DES_KEY_SZ (sizeof(des_cblock)) #define DES_SCHEDULE_SZ (sizeof(des_key_schedule)) @@ -96,10 +76,8 @@ typedef struct des_ks_struct #define C_Block des_cblock #define Key_schedule des_key_schedule -#ifdef KERBEROS #define ENCRYPT DES_ENCRYPT #define DECRYPT DES_DECRYPT -#endif #define KEY_SZ DES_KEY_SZ #define string_to_key des_string_to_key #define read_pw_string des_read_pw_string @@ -114,7 +92,7 @@ typedef struct des_ks_struct #define quad_cksum des_quad_cksum /* For compatibility with the MIT lib - eay 20/05/92 */ -typedef des_key_schedule bit_64; +typedef struct des_key_schedule bit_64; #define des_fixup_key_parity des_set_odd_parity #define des_check_key_parity check_parity @@ -128,11 +106,10 @@ extern int des_rw_mode; /* defaults to DES_PCBC_MODE */ #undef NOPROTO #endif #ifndef NOPROTO -char *des_options(void); void des_ecb3_encrypt(des_cblock *input,des_cblock *output, des_key_schedule ks1,des_key_schedule ks2, des_key_schedule ks3, int enc); -DES_LONG des_cbc_cksum(des_cblock *input,des_cblock *output, +unsigned long des_cbc_cksum(des_cblock *input,des_cblock *output, long length,des_key_schedule schedule,des_cblock *ivec); void des_cbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule schedule,des_cblock *ivec,int enc); @@ -145,8 +122,8 @@ void des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits, long length,des_key_schedule schedule,des_cblock *ivec,int enc); void des_ecb_encrypt(des_cblock *input,des_cblock *output, des_key_schedule ks,int enc); -void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc); -void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc); +void des_encrypt(unsigned long *data,des_key_schedule ks, int enc); +void des_encrypt2(unsigned long *data,des_key_schedule ks, int enc); void des_ede3_cbc_encrypt(des_cblock *input, des_cblock *output, long length, des_key_schedule ks1, des_key_schedule ks2, des_key_schedule ks3, des_cblock *ivec, int enc); @@ -161,6 +138,7 @@ int des_enc_read(int fd,char *buf,int len,des_key_schedule sched, des_cblock *iv); int des_enc_write(int fd,char *buf,int len,des_key_schedule sched, des_cblock *iv); +#if 0 #ifdef PERL5 char *des_crypt(const char *buf,const char *salt); #else @@ -172,11 +150,12 @@ char *crypt(const char *buf,const char *salt); char *crypt(); #endif #endif +#endif void des_ofb_encrypt(unsigned char *in,unsigned char *out, int numbits,long length,des_key_schedule schedule,des_cblock *ivec); void des_pcbc_encrypt(des_cblock *input,des_cblock *output,long length, des_key_schedule schedule,des_cblock *ivec,int enc); -DES_LONG des_quad_cksum(des_cblock *input,des_cblock *output, +unsigned long des_quad_cksum(des_cblock *input,des_cblock *output, long length,int out_count,des_cblock *seed); void des_random_seed(des_cblock key); void des_random_key(des_cblock ret); @@ -208,9 +187,8 @@ void des_generate_random_block(des_cblock *block); #else -char *des_options(); void des_ecb3_encrypt(); -DES_LONG des_cbc_cksum(); +unsigned long des_cbc_cksum(); void des_cbc_encrypt(); void des_ncbc_encrypt(); void des_3cbc_encrypt(); @@ -223,14 +201,16 @@ void des_encrypt2(); void des_ede3_cbc_encrypt(); int des_enc_read(); int des_enc_write(); +#if 0 #ifdef PERL5 char *des_crypt(); #else char *crypt(); #endif +#endif void des_ofb_encrypt(); void des_pcbc_encrypt(); -DES_LONG des_quad_cksum(); +unsigned long des_quad_cksum(); void des_random_seed(); void des_random_key(); int des_read_password(); @@ -250,18 +230,11 @@ void des_cblock_print_file(); /* The following functions are not in the normal unix build or the * SSLeay build. When using the SSLeay build, use RAND_seed() * and RAND_bytes() instead. */ -#ifdef FreeBSD int des_new_random_key(); void des_init_random_number_generator(); void des_set_random_generator_seed(); void des_set_sequence_number(); void des_generate_random_block(); -#endif #endif - -#ifdef __cplusplus -} -#endif - #endif diff --git a/secure/lib/libdes/new_rkey.c b/secure/lib/libdes/new_rkey.c index cfad517..d15e02a 100644 --- a/secure/lib/libdes/new_rkey.c +++ b/secure/lib/libdes/new_rkey.c @@ -1,5 +1,5 @@ -/* crypto/des/new_rkey.c */ -/* Copyright (C) 1995-1996 Eric Young (eay@mincom.oz.au) +/* lib/des/new_rkey.c */ +/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au) * All rights reserved. * * This file is part of an SSL implementation written @@ -77,13 +77,14 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id: new_rnd_key.c,v 1.1 1995/09/16 21:01:51 mark Exp $ + * $Id: new_rkey.c,v 1.2 1996/02/10 15:54:48 markm Exp $ */ /* 21-Nov-95 - eay - I've finally put this into libdes, I have made a * few changes since it need to compile on all version of unix and * there were a few things that would not :-) */ +#include <fcntl.h> #include <stdio.h> #include <unistd.h> #include <sys/time.h> @@ -95,7 +96,7 @@ /* This counter keeps track of the pseudo-random sequence */ static union { - DES_LONG ul0, ul1; + unsigned long ul0, ul1; unsigned char uc[8]; } counter; @@ -174,9 +175,11 @@ des_init_random_number_generator(key) u_int32_t tv_sec; u_int32_t tv_usec; } time64bit; + u_int32_t devrandom[2]; des_cblock new_key; int mib[2]; size_t len; + int dr; /* Get host ID using official BSD 4.4 method */ mib[0] = CTL_KERN; @@ -197,6 +200,25 @@ des_init_random_number_generator(key) gettimeofday(&timeblock, NULL); time64bit.tv_sec = (u_int32_t)timeblock.tv_sec; time64bit.tv_usec = (u_int32_t)timeblock.tv_usec; + /* If /dev/random is available, read some muck */ + dr = open("/dev/random", O_RDONLY); + if (dr >= 0) { + /* Set the descriptor into non-blocking mode. */ + fcntl(dr, F_SETFL, O_NONBLOCK); + len = read(dr, devrandom, sizeof(devrandom)); + close(dr); + if (len > 0) { + time64bit.tv_sec ^= devrandom[0]; + time64bit.tv_usec ^= devrandom[1]; + } +#ifdef DEBUG + printf("DEBUG: read from /dev/random %d %x %x\n", + len, devrandom[0], devrandom[1]); +#endif + } +#ifdef DEBUG + else printf("Cannot open /dev/random\n"); +#endif des_set_sequence_number((unsigned char *)&time64bit); /* Do the work */ diff --git a/secure/lib/libtelnet/Makefile b/secure/lib/libtelnet/Makefile new file mode 100644 index 0000000..94f7549 --- /dev/null +++ b/secure/lib/libtelnet/Makefile @@ -0,0 +1,23 @@ +# From: @(#)Makefile 8.2 (Berkeley) 12/15/93 +# $Id$ + +LIB= telnet +SRCS= encrypt.c genget.c getent.c misc.c + +CFLAGS+= -DHAS_CGETENT -DENCRYPTION + +.if exists(${DESTDIR}/usr/lib/libkrb.a) && defined(MAKE_EBONES) +CFLAGS+= -DDES_ENCRYPTION -DAUTHENTICATION -DKRB4 -I/usr/include/kerberosIV +SRCS+= auth.c kerberos.c enc_des.c +LDADD+= -ldes -lkrb +DPADD+= ${LIBDES} ${LIBKRB} +.endif + +# Not Yet +#SRCS += spx.c rsaencpwd.c read_password.c + +# KRB4_ENCPWD not yet defined +# Used only in krb4encpwd.c and rsaencpwd.c, not yet active +#LDADD+= -ldescrypt + +.include <bsd.lib.mk> diff --git a/secure/lib/libtelnet/auth-proto.h b/secure/lib/libtelnet/auth-proto.h new file mode 100644 index 0000000..111033d --- /dev/null +++ b/secure/lib/libtelnet/auth-proto.h @@ -0,0 +1,96 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)auth-proto.h 8.1 (Berkeley) 6/4/93 + */ + +/* + * Copyright (C) 1990 by the Massachusetts Institute of Technology + * + * Export of this software from the United States of America is assumed + * to require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#if !defined(P) +#ifdef __STDC__ +#define P(x) x +#else +#define P(x) () +#endif +#endif + +#if defined(AUTHENTICATION) +Authenticator *findauthenticator P((int, int)); + +void auth_init P((char *, int)); +int auth_cmd P((int, char **)); +void auth_request P((void)); +void auth_send P((unsigned char *, int)); +void auth_send_retry P((void)); +void auth_is P((unsigned char *, int)); +void auth_reply P((unsigned char *, int)); +void auth_finished P((Authenticator *, int)); +int auth_wait P((char *)); +void auth_disable_name P((char *)); +void auth_gen_printsub P((unsigned char *, int, unsigned char *, int)); + +#ifdef KRB4 +int kerberos4_init P((Authenticator *, int)); +int kerberos4_send P((Authenticator *)); +void kerberos4_is P((Authenticator *, unsigned char *, int)); +void kerberos4_reply P((Authenticator *, unsigned char *, int)); +int kerberos4_status P((Authenticator *, char *, int)); +void kerberos4_printsub P((unsigned char *, int, unsigned char *, int)); +#endif + +#ifdef KRB5 +int kerberos5_init P((Authenticator *, int)); +int kerberos5_send P((Authenticator *)); +void kerberos5_is P((Authenticator *, unsigned char *, int)); +void kerberos5_reply P((Authenticator *, unsigned char *, int)); +int kerberos5_status P((Authenticator *, char *, int)); +void kerberos5_printsub P((unsigned char *, int, unsigned char *, int)); +#endif +#endif diff --git a/secure/lib/libtelnet/auth.c b/secure/lib/libtelnet/auth.c new file mode 100644 index 0000000..64f5ce9 --- /dev/null +++ b/secure/lib/libtelnet/auth.c @@ -0,0 +1,671 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)auth.c 8.3 (Berkeley) 5/30/95"; +#endif /* not lint */ + +/* + * Copyright (C) 1990 by the Massachusetts Institute of Technology + * + * Export of this software from the United States of America is assumed + * to require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + + +#if defined(AUTHENTICATION) +#include <stdio.h> +#include <sys/types.h> +#include <signal.h> +#define AUTH_NAMES +#include <arpa/telnet.h> +#ifdef __STDC__ +#include <stdlib.h> +#endif +#ifdef NO_STRING_H +#include <strings.h> +#else +#include <string.h> +#endif + +#include "encrypt.h" +#include "auth.h" +#include "misc-proto.h" +#include "auth-proto.h" + +#define typemask(x) (1<<((x)-1)) + +#ifdef KRB4_ENCPWD +extern krb4encpwd_init(); +extern krb4encpwd_send(); +extern krb4encpwd_is(); +extern krb4encpwd_reply(); +extern krb4encpwd_status(); +extern krb4encpwd_printsub(); +#endif + +#ifdef RSA_ENCPWD +extern rsaencpwd_init(); +extern rsaencpwd_send(); +extern rsaencpwd_is(); +extern rsaencpwd_reply(); +extern rsaencpwd_status(); +extern rsaencpwd_printsub(); +#endif + +int auth_debug_mode = 0; +static char *Name = "Noname"; +static int Server = 0; +static Authenticator *authenticated = 0; +static int authenticating = 0; +static int validuser = 0; +static unsigned char _auth_send_data[256]; +static unsigned char *auth_send_data; +static int auth_send_cnt = 0; + +/* + * Authentication types supported. Plese note that these are stored + * in priority order, i.e. try the first one first. + */ +Authenticator authenticators[] = { +#ifdef SPX + { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, + spx_init, + spx_send, + spx_is, + spx_reply, + spx_status, + spx_printsub }, + { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, + spx_init, + spx_send, + spx_is, + spx_reply, + spx_status, + spx_printsub }, +#endif +#ifdef KRB5 +# ifdef ENCRYPTION + { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, + kerberos5_init, + kerberos5_send, + kerberos5_is, + kerberos5_reply, + kerberos5_status, + kerberos5_printsub }, +# endif /* ENCRYPTION */ + { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, + kerberos5_init, + kerberos5_send, + kerberos5_is, + kerberos5_reply, + kerberos5_status, + kerberos5_printsub }, +#endif +#ifdef KRB4 +# ifdef ENCRYPTION + { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, + kerberos4_init, + kerberos4_send, + kerberos4_is, + kerberos4_reply, + kerberos4_status, + kerberos4_printsub }, +# endif /* ENCRYPTION */ + { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, + kerberos4_init, + kerberos4_send, + kerberos4_is, + kerberos4_reply, + kerberos4_status, + kerberos4_printsub }, +#endif +#ifdef KRB4_ENCPWD + { AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, + krb4encpwd_init, + krb4encpwd_send, + krb4encpwd_is, + krb4encpwd_reply, + krb4encpwd_status, + krb4encpwd_printsub }, +#endif +#ifdef RSA_ENCPWD + { AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, + rsaencpwd_init, + rsaencpwd_send, + rsaencpwd_is, + rsaencpwd_reply, + rsaencpwd_status, + rsaencpwd_printsub }, +#endif + { 0, }, +}; + +static Authenticator NoAuth = { 0 }; + +static int i_support = 0; +static int i_wont_support = 0; + + Authenticator * +findauthenticator(type, way) + int type; + int way; +{ + Authenticator *ap = authenticators; + + while (ap->type && (ap->type != type || ap->way != way)) + ++ap; + return(ap->type ? ap : 0); +} + + void +auth_init(name, server) + char *name; + int server; +{ + Authenticator *ap = authenticators; + + Server = server; + Name = name; + + i_support = 0; + authenticated = 0; + authenticating = 0; + while (ap->type) { + if (!ap->init || (*ap->init)(ap, server)) { + i_support |= typemask(ap->type); + if (auth_debug_mode) + printf(">>>%s: I support auth type %d %d\r\n", + Name, + ap->type, ap->way); + } + else if (auth_debug_mode) + printf(">>>%s: Init failed: auth type %d %d\r\n", + Name, ap->type, ap->way); + ++ap; + } +} + + void +auth_disable_name(name) + char *name; +{ + int x; + for (x = 0; x < AUTHTYPE_CNT; ++x) { + if (!strcasecmp(name, AUTHTYPE_NAME(x))) { + i_wont_support |= typemask(x); + break; + } + } +} + + int +getauthmask(type, maskp) + char *type; + int *maskp; +{ + register int x; + + if (!strcasecmp(type, AUTHTYPE_NAME(0))) { + *maskp = -1; + return(1); + } + + for (x = 1; x < AUTHTYPE_CNT; ++x) { + if (!strcasecmp(type, AUTHTYPE_NAME(x))) { + *maskp = typemask(x); + return(1); + } + } + return(0); +} + + int +auth_enable(type) + char * type; +{ + return(auth_onoff(type, 1)); +} + + int +auth_disable(type) + char * type; +{ + return(auth_onoff(type, 0)); +} + + int +auth_onoff(type, on) + char *type; + int on; +{ + int i, mask = -1; + Authenticator *ap; + + if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) { + printf("auth %s 'type'\n", on ? "enable" : "disable"); + printf("Where 'type' is one of:\n"); + printf("\t%s\n", AUTHTYPE_NAME(0)); + mask = 0; + for (ap = authenticators; ap->type; ap++) { + if ((mask & (i = typemask(ap->type))) != 0) + continue; + mask |= i; + printf("\t%s\n", AUTHTYPE_NAME(ap->type)); + } + return(0); + } + + if (!getauthmask(type, &mask)) { + printf("%s: invalid authentication type\n", type); + return(0); + } + if (on) + i_wont_support &= ~mask; + else + i_wont_support |= mask; + return(1); +} + + int +auth_togdebug(on) + int on; +{ + if (on < 0) + auth_debug_mode ^= 1; + else + auth_debug_mode = on; + printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled"); + return(1); +} + + int +auth_status() +{ + Authenticator *ap; + int i, mask; + + if (i_wont_support == -1) + printf("Authentication disabled\n"); + else + printf("Authentication enabled\n"); + + mask = 0; + for (ap = authenticators; ap->type; ap++) { + if ((mask & (i = typemask(ap->type))) != 0) + continue; + mask |= i; + printf("%s: %s\n", AUTHTYPE_NAME(ap->type), + (i_wont_support & typemask(ap->type)) ? + "disabled" : "enabled"); + } + return(1); +} + +/* + * This routine is called by the server to start authentication + * negotiation. + */ + void +auth_request() +{ + static unsigned char str_request[64] = { IAC, SB, + TELOPT_AUTHENTICATION, + TELQUAL_SEND, }; + Authenticator *ap = authenticators; + unsigned char *e = str_request + 4; + + if (!authenticating) { + authenticating = 1; + while (ap->type) { + if (i_support & ~i_wont_support & typemask(ap->type)) { + if (auth_debug_mode) { + printf(">>>%s: Sending type %d %d\r\n", + Name, ap->type, ap->way); + } + *e++ = ap->type; + *e++ = ap->way; + } + ++ap; + } + *e++ = IAC; + *e++ = SE; + net_write(str_request, e - str_request); + printsub('>', &str_request[2], e - str_request - 2); + } +} + +/* + * This is called when an AUTH SEND is received. + * It should never arrive on the server side (as only the server can + * send an AUTH SEND). + * You should probably respond to it if you can... + * + * If you want to respond to the types out of order (i.e. even + * if he sends LOGIN KERBEROS and you support both, you respond + * with KERBEROS instead of LOGIN (which is against what the + * protocol says)) you will have to hack this code... + */ + void +auth_send(data, cnt) + unsigned char *data; + int cnt; +{ + Authenticator *ap; + static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION, + TELQUAL_IS, AUTHTYPE_NULL, 0, + IAC, SE }; + if (Server) { + if (auth_debug_mode) { + printf(">>>%s: auth_send called!\r\n", Name); + } + return; + } + + if (auth_debug_mode) { + printf(">>>%s: auth_send got:", Name); + printd(data, cnt); printf("\r\n"); + } + + /* + * Save the data, if it is new, so that we can continue looking + * at it if the authorization we try doesn't work + */ + if (data < _auth_send_data || + data > _auth_send_data + sizeof(_auth_send_data)) { + auth_send_cnt = cnt > sizeof(_auth_send_data) + ? sizeof(_auth_send_data) + : cnt; + memmove((void *)_auth_send_data, (void *)data, auth_send_cnt); + auth_send_data = _auth_send_data; + } else { + /* + * This is probably a no-op, but we just make sure + */ + auth_send_data = data; + auth_send_cnt = cnt; + } + while ((auth_send_cnt -= 2) >= 0) { + if (auth_debug_mode) + printf(">>>%s: He supports %d\r\n", + Name, *auth_send_data); + if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) { + ap = findauthenticator(auth_send_data[0], + auth_send_data[1]); + if (ap && ap->send) { + if (auth_debug_mode) + printf(">>>%s: Trying %d %d\r\n", + Name, auth_send_data[0], + auth_send_data[1]); + if ((*ap->send)(ap)) { + /* + * Okay, we found one we like + * and did it. + * we can go home now. + */ + if (auth_debug_mode) + printf(">>>%s: Using type %d\r\n", + Name, *auth_send_data); + auth_send_data += 2; + return; + } + } + /* else + * just continue on and look for the + * next one if we didn't do anything. + */ + } + auth_send_data += 2; + } + net_write(str_none, sizeof(str_none)); + printsub('>', &str_none[2], sizeof(str_none) - 2); + if (auth_debug_mode) + printf(">>>%s: Sent failure message\r\n", Name); + auth_finished(0, AUTH_REJECT); +#ifdef KANNAN + /* + * We requested strong authentication, however no mechanisms worked. + * Therefore, exit on client end. + */ + printf("Unable to securely authenticate user ... exit\n"); + exit(0); +#endif /* KANNAN */ +} + + void +auth_send_retry() +{ + /* + * if auth_send_cnt <= 0 then auth_send will end up rejecting + * the authentication and informing the other side of this. + */ + auth_send(auth_send_data, auth_send_cnt); +} + + void +auth_is(data, cnt) + unsigned char *data; + int cnt; +{ + Authenticator *ap; + + if (cnt < 2) + return; + + if (data[0] == AUTHTYPE_NULL) { + auth_finished(0, AUTH_REJECT); + return; + } + + if (ap = findauthenticator(data[0], data[1])) { + if (ap->is) + (*ap->is)(ap, data+2, cnt-2); + } else if (auth_debug_mode) + printf(">>>%s: Invalid authentication in IS: %d\r\n", + Name, *data); +} + + void +auth_reply(data, cnt) + unsigned char *data; + int cnt; +{ + Authenticator *ap; + + if (cnt < 2) + return; + + if (ap = findauthenticator(data[0], data[1])) { + if (ap->reply) + (*ap->reply)(ap, data+2, cnt-2); + } else if (auth_debug_mode) + printf(">>>%s: Invalid authentication in SEND: %d\r\n", + Name, *data); +} + + void +auth_name(data, cnt) + unsigned char *data; + int cnt; +{ + Authenticator *ap; + unsigned char savename[256]; + + if (cnt < 1) { + if (auth_debug_mode) + printf(">>>%s: Empty name in NAME\r\n", Name); + return; + } + if (cnt > sizeof(savename) - 1) { + if (auth_debug_mode) + printf(">>>%s: Name in NAME (%d) exceeds %d length\r\n", + Name, cnt, sizeof(savename)-1); + return; + } + memmove((void *)savename, (void *)data, cnt); + savename[cnt] = '\0'; /* Null terminate */ + if (auth_debug_mode) + printf(">>>%s: Got NAME [%s]\r\n", Name, savename); + auth_encrypt_user(savename); +} + + int +auth_sendname(cp, len) + unsigned char *cp; + int len; +{ + static unsigned char str_request[256+6] + = { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, }; + register unsigned char *e = str_request + 4; + register unsigned char *ee = &str_request[sizeof(str_request)-2]; + + while (--len >= 0) { + if ((*e++ = *cp++) == IAC) + *e++ = IAC; + if (e >= ee) + return(0); + } + *e++ = IAC; + *e++ = SE; + net_write(str_request, e - str_request); + printsub('>', &str_request[2], e - &str_request[2]); + return(1); +} + + void +auth_finished(ap, result) + Authenticator *ap; + int result; +{ + if (!(authenticated = ap)) + authenticated = &NoAuth; + validuser = result; +} + + /* ARGSUSED */ + static void +auth_intr(sig) + int sig; +{ + auth_finished(0, AUTH_REJECT); +} + + int +auth_wait(name) + char *name; +{ + if (auth_debug_mode) + printf(">>>%s: in auth_wait.\r\n", Name); + + if (Server && !authenticating) + return(0); + + (void) signal(SIGALRM, auth_intr); + alarm(30); + while (!authenticated) + if (telnet_spin()) + break; + alarm(0); + (void) signal(SIGALRM, SIG_DFL); + + /* + * Now check to see if the user is valid or not + */ + if (!authenticated || authenticated == &NoAuth) + return(AUTH_REJECT); + + if (validuser == AUTH_VALID) + validuser = AUTH_USER; + + if (authenticated->status) + validuser = (*authenticated->status)(authenticated, + name, validuser); + return(validuser); +} + + void +auth_debug(mode) + int mode; +{ + auth_debug_mode = mode; +} + + void +auth_printsub(data, cnt, buf, buflen) + unsigned char *data, *buf; + int cnt, buflen; +{ + Authenticator *ap; + + if ((ap = findauthenticator(data[1], data[2])) && ap->printsub) + (*ap->printsub)(data, cnt, buf, buflen); + else + auth_gen_printsub(data, cnt, buf, buflen); +} + + void +auth_gen_printsub(data, cnt, buf, buflen) + unsigned char *data, *buf; + int cnt, buflen; +{ + register unsigned char *cp; + unsigned char tbuf[16]; + + cnt -= 3; + data += 3; + buf[buflen-1] = '\0'; + buf[buflen-2] = '*'; + buflen -= 2; + for (; cnt > 0; cnt--, data++) { + sprintf((char *)tbuf, " %d", *data); + for (cp = tbuf; *cp && buflen > 0; --buflen) + *buf++ = *cp++; + if (buflen <= 0) + return; + } + *buf = '\0'; +} +#endif diff --git a/secure/lib/libtelnet/auth.h b/secure/lib/libtelnet/auth.h new file mode 100644 index 0000000..615e8a0 --- /dev/null +++ b/secure/lib/libtelnet/auth.h @@ -0,0 +1,87 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)auth.h 8.1 (Berkeley) 6/4/93 + */ + +/* + * Copyright (C) 1990 by the Massachusetts Institute of Technology + * + * Export of this software from the United States of America is assumed + * to require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#ifndef __AUTH__ +#define __AUTH__ + +#define AUTH_REJECT 0 /* Rejected */ +#define AUTH_UNKNOWN 1 /* We don't know who he is, but he's okay */ +#define AUTH_OTHER 2 /* We know him, but not his name */ +#define AUTH_USER 3 /* We know he name */ +#define AUTH_VALID 4 /* We know him, and he needs no password */ + +#if !defined(P) +#ifdef __STDC__ +#define P(x) x +#else +#define P(x) () +#endif +#endif + +typedef struct XauthP { + int type; + int way; + int (*init) P((struct XauthP *, int)); + int (*send) P((struct XauthP *)); + void (*is) P((struct XauthP *, unsigned char *, int)); + void (*reply) P((struct XauthP *, unsigned char *, int)); + int (*status) P((struct XauthP *, char *, int)); + void (*printsub) P((unsigned char *, int, unsigned char *, int)); +} Authenticator; + +#include "auth-proto.h" + +extern auth_debug_mode; +#endif diff --git a/secure/lib/libtelnet/enc-proto.h b/secure/lib/libtelnet/enc-proto.h new file mode 100644 index 0000000..0c0d89c --- /dev/null +++ b/secure/lib/libtelnet/enc-proto.h @@ -0,0 +1,120 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)enc-proto.h 8.1 (Berkeley) 6/4/93 + */ + +/* + * Copyright (C) 1990 by the Massachusetts Institute of Technology + * + * Export of this software from the United States of America is assumed + * to require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ +#if !defined(P) +#ifdef __STDC__ +#define P(x) x +#else +#define P(x) () +#endif +#endif + +#ifdef ENCRYPTION +void encrypt_init P((char *, int)); +Encryptions *findencryption P((int)); +void encrypt_send_supprt P((void)); +void encrypt_auto P((int)); +void decrypt_auto P((int)); +void encrypt_is P((unsigned char *, int)); +void encrypt_reply P((unsigned char *, int)); +void encrypt_start_input P((int)); +void encrypt_session_key P((Session_Key *, int)); +void encrypt_end_input P((void)); +void encrypt_start_output P((int)); +void encrypt_end_output P((void)); +void encrypt_send_request_start P((void)); +void encrypt_send_request_end P((void)); +void encrypt_send_end P((void)); +void encrypt_wait P((void)); +void encrypt_send_support P((void)); +void encrypt_send_keyid P((int, unsigned char *, int, int)); +int net_write P((unsigned char *, int)); + +#ifdef TELENTD +void encrypt_wait P((void)); +#else +int encrypt_cmd P((int, char **)); +void encrypt_display P((void)); +#endif + +void krbdes_encrypt P((unsigned char *, int)); +int krbdes_decrypt P((int)); +int krbdes_is P((unsigned char *, int)); +int krbdes_reply P((unsigned char *, int)); +void krbdes_init P((int)); +int krbdes_start P((int, int)); +void krbdes_session P((Session_Key *, int)); +void krbdes_printsub P((unsigned char *, int, unsigned char *, int)); + +void cfb64_encrypt P((unsigned char *, int)); +int cfb64_decrypt P((int)); +void cfb64_init P((int)); +int cfb64_start P((int, int)); +int cfb64_is P((unsigned char *, int)); +int cfb64_reply P((unsigned char *, int)); +void cfb64_session P((Session_Key *, int)); +int cfb64_keyid P((int, unsigned char *, int *)); +void cfb64_printsub P((unsigned char *, int, unsigned char *, int)); + +void ofb64_encrypt P((unsigned char *, int)); +int ofb64_decrypt P((int)); +void ofb64_init P((int)); +int ofb64_start P((int, int)); +int ofb64_is P((unsigned char *, int)); +int ofb64_reply P((unsigned char *, int)); +void ofb64_session P((Session_Key *, int)); +int ofb64_keyid P((int, unsigned char *, int *)); +void ofb64_printsub P((unsigned char *, int, unsigned char *, int)); + +#endif /* ENCRYPTION */ diff --git a/secure/lib/libtelnet/enc_des.c b/secure/lib/libtelnet/enc_des.c new file mode 100644 index 0000000..d6886fd --- /dev/null +++ b/secure/lib/libtelnet/enc_des.c @@ -0,0 +1,724 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)enc_des.c 8.3 (Berkeley) 5/30/95"; +#endif /* not lint */ + +#ifdef ENCRYPTION +# ifdef AUTHENTICATION +# ifdef DES_ENCRYPTION +#include <arpa/telnet.h> +#include <stdio.h> +#ifdef __STDC__ +#include <stdlib.h> +#endif + +#include "encrypt.h" +#include "key-proto.h" +#include "misc-proto.h" + +extern encrypt_debug_mode; + +#define CFB 0 +#define OFB 1 + +#define NO_SEND_IV 1 +#define NO_RECV_IV 2 +#define NO_KEYID 4 +#define IN_PROGRESS (NO_SEND_IV|NO_RECV_IV|NO_KEYID) +#define SUCCESS 0 +#define FAILED -1 + + +struct fb { + Block krbdes_key; + Schedule krbdes_sched; + Block temp_feed; + unsigned char fb_feed[64]; + int need_start; + int state[2]; + int keyid[2]; + int once; + struct stinfo { + Block str_output; + Block str_feed; + Block str_iv; + Block str_ikey; + Schedule str_sched; + int str_index; + int str_flagshift; + } streams[2]; +}; + +static struct fb fb[2]; + +struct keyidlist { + char *keyid; + int keyidlen; + char *key; + int keylen; + int flags; +} keyidlist [] = { + { "\0", 1, 0, 0, 0 }, /* default key of zero */ + { 0, 0, 0, 0, 0 } +}; + +#define KEYFLAG_MASK 03 + +#define KEYFLAG_NOINIT 00 +#define KEYFLAG_INIT 01 +#define KEYFLAG_OK 02 +#define KEYFLAG_BAD 03 + +#define KEYFLAG_SHIFT 2 + +#define SHIFT_VAL(a,b) (KEYFLAG_SHIFT*((a)+((b)*2))) + +#define FB64_IV 1 +#define FB64_IV_OK 2 +#define FB64_IV_BAD 3 + + +void fb64_stream_iv P((Block, struct stinfo *)); +void fb64_init P((struct fb *)); +static int fb64_start P((struct fb *, int, int)); +int fb64_is P((unsigned char *, int, struct fb *)); +int fb64_reply P((unsigned char *, int, struct fb *)); +static void fb64_session P((Session_Key *, int, struct fb *)); +void fb64_stream_key P((Block, struct stinfo *)); +int fb64_keyid P((int, unsigned char *, int *, struct fb *)); + + void +cfb64_init(server) + int server; +{ + fb64_init(&fb[CFB]); + fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64; + fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB); + fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB); +} + + void +ofb64_init(server) + int server; +{ + fb64_init(&fb[OFB]); + fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64; + fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB); + fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB); +} + + void +fb64_init(fbp) + register struct fb *fbp; +{ + memset((void *)fbp, 0, sizeof(*fbp)); + fbp->state[0] = fbp->state[1] = FAILED; + fbp->fb_feed[0] = IAC; + fbp->fb_feed[1] = SB; + fbp->fb_feed[2] = TELOPT_ENCRYPT; + fbp->fb_feed[3] = ENCRYPT_IS; +} + +/* + * Returns: + * -1: some error. Negotiation is done, encryption not ready. + * 0: Successful, initial negotiation all done. + * 1: successful, negotiation not done yet. + * 2: Not yet. Other things (like getting the key from + * Kerberos) have to happen before we can continue. + */ + int +cfb64_start(dir, server) + int dir; + int server; +{ + return(fb64_start(&fb[CFB], dir, server)); +} + int +ofb64_start(dir, server) + int dir; + int server; +{ + return(fb64_start(&fb[OFB], dir, server)); +} + + static int +fb64_start(fbp, dir, server) + struct fb *fbp; + int dir; + int server; +{ + Block b; + int x; + unsigned char *p; + register int state; + + switch (dir) { + case DIR_DECRYPT: + /* + * This is simply a request to have the other side + * start output (our input). He will negotiate an + * IV so we need not look for it. + */ + state = fbp->state[dir-1]; + if (state == FAILED) + state = IN_PROGRESS; + break; + + case DIR_ENCRYPT: + state = fbp->state[dir-1]; + if (state == FAILED) + state = IN_PROGRESS; + else if ((state & NO_SEND_IV) == 0) + break; + + if (!VALIDKEY(fbp->krbdes_key)) { + fbp->need_start = 1; + break; + } + state &= ~NO_SEND_IV; + state |= NO_RECV_IV; + if (encrypt_debug_mode) + printf("Creating new feed\r\n"); + /* + * Create a random feed and send it over. + */ + des_new_random_key(fbp->temp_feed); + des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed, + fbp->krbdes_sched, 1); + p = fbp->fb_feed + 3; + *p++ = ENCRYPT_IS; + p++; + *p++ = FB64_IV; + for (x = 0; x < sizeof(Block); ++x) { + if ((*p++ = fbp->temp_feed[x]) == IAC) + *p++ = IAC; + } + *p++ = IAC; + *p++ = SE; + printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); + net_write(fbp->fb_feed, p - fbp->fb_feed); + break; + default: + return(FAILED); + } + return(fbp->state[dir-1] = state); +} + +/* + * Returns: + * -1: some error. Negotiation is done, encryption not ready. + * 0: Successful, initial negotiation all done. + * 1: successful, negotiation not done yet. + */ + int +cfb64_is(data, cnt) + unsigned char *data; + int cnt; +{ + return(fb64_is(data, cnt, &fb[CFB])); +} + int +ofb64_is(data, cnt) + unsigned char *data; + int cnt; +{ + return(fb64_is(data, cnt, &fb[OFB])); +} + + int +fb64_is(data, cnt, fbp) + unsigned char *data; + int cnt; + struct fb *fbp; +{ + int x; + unsigned char *p; + Block b; + register int state = fbp->state[DIR_DECRYPT-1]; + + if (cnt-- < 1) + goto failure; + + switch (*data++) { + case FB64_IV: + if (cnt != sizeof(Block)) { + if (encrypt_debug_mode) + printf("CFB64: initial vector failed on size\r\n"); + state = FAILED; + goto failure; + } + + if (encrypt_debug_mode) + printf("CFB64: initial vector received\r\n"); + + if (encrypt_debug_mode) + printf("Initializing Decrypt stream\r\n"); + + fb64_stream_iv((void *)data, &fbp->streams[DIR_DECRYPT-1]); + + p = fbp->fb_feed + 3; + *p++ = ENCRYPT_REPLY; + p++; + *p++ = FB64_IV_OK; + *p++ = IAC; + *p++ = SE; + printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); + net_write(fbp->fb_feed, p - fbp->fb_feed); + + state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS; + break; + + default: + if (encrypt_debug_mode) { + printf("Unknown option type: %d\r\n", *(data-1)); + printd(data, cnt); + printf("\r\n"); + } + /* FALL THROUGH */ + failure: + /* + * We failed. Send an FB64_IV_BAD option + * to the other side so it will know that + * things failed. + */ + p = fbp->fb_feed + 3; + *p++ = ENCRYPT_REPLY; + p++; + *p++ = FB64_IV_BAD; + *p++ = IAC; + *p++ = SE; + printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); + net_write(fbp->fb_feed, p - fbp->fb_feed); + + break; + } + return(fbp->state[DIR_DECRYPT-1] = state); +} + +/* + * Returns: + * -1: some error. Negotiation is done, encryption not ready. + * 0: Successful, initial negotiation all done. + * 1: successful, negotiation not done yet. + */ + int +cfb64_reply(data, cnt) + unsigned char *data; + int cnt; +{ + return(fb64_reply(data, cnt, &fb[CFB])); +} + int +ofb64_reply(data, cnt) + unsigned char *data; + int cnt; +{ + return(fb64_reply(data, cnt, &fb[OFB])); +} + + + int +fb64_reply(data, cnt, fbp) + unsigned char *data; + int cnt; + struct fb *fbp; +{ + int x; + unsigned char *p; + Block b; + register int state = fbp->state[DIR_ENCRYPT-1]; + + if (cnt-- < 1) + goto failure; + + switch (*data++) { + case FB64_IV_OK: + fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]); + if (state == FAILED) + state = IN_PROGRESS; + state &= ~NO_RECV_IV; + encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1); + break; + + case FB64_IV_BAD: + memset(fbp->temp_feed, 0, sizeof(Block)); + fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]); + state = FAILED; + break; + + default: + if (encrypt_debug_mode) { + printf("Unknown option type: %d\r\n", data[-1]); + printd(data, cnt); + printf("\r\n"); + } + /* FALL THROUGH */ + failure: + state = FAILED; + break; + } + return(fbp->state[DIR_ENCRYPT-1] = state); +} + + void +cfb64_session(key, server) + Session_Key *key; + int server; +{ + fb64_session(key, server, &fb[CFB]); +} + + void +ofb64_session(key, server) + Session_Key *key; + int server; +{ + fb64_session(key, server, &fb[OFB]); +} + + static void +fb64_session(key, server, fbp) + Session_Key *key; + int server; + struct fb *fbp; +{ + + if (!key || key->type != SK_DES) { + if (encrypt_debug_mode) + printf("Can't set krbdes's session key (%d != %d)\r\n", + key ? key->type : -1, SK_DES); + return; + } + memmove((void *)fbp->krbdes_key, (void *)key->data, sizeof(Block)); + + fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]); + fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]); + + if (fbp->once == 0) { + des_set_random_generator_seed(fbp->krbdes_key); + fbp->once = 1; + } + des_key_sched(fbp->krbdes_key, fbp->krbdes_sched); + /* + * Now look to see if krbdes_start() was was waiting for + * the key to show up. If so, go ahead an call it now + * that we have the key. + */ + if (fbp->need_start) { + fbp->need_start = 0; + fb64_start(fbp, DIR_ENCRYPT, server); + } +} + +/* + * We only accept a keyid of 0. If we get a keyid of + * 0, then mark the state as SUCCESS. + */ + int +cfb64_keyid(dir, kp, lenp) + int dir, *lenp; + unsigned char *kp; +{ + return(fb64_keyid(dir, kp, lenp, &fb[CFB])); +} + + int +ofb64_keyid(dir, kp, lenp) + int dir, *lenp; + unsigned char *kp; +{ + return(fb64_keyid(dir, kp, lenp, &fb[OFB])); +} + + int +fb64_keyid(dir, kp, lenp, fbp) + int dir, *lenp; + unsigned char *kp; + struct fb *fbp; +{ + register int state = fbp->state[dir-1]; + + if (*lenp != 1 || (*kp != '\0')) { + *lenp = 0; + return(state); + } + + if (state == FAILED) + state = IN_PROGRESS; + + state &= ~NO_KEYID; + + return(fbp->state[dir-1] = state); +} + + void +fb64_printsub(data, cnt, buf, buflen, type) + unsigned char *data, *buf, *type; + int cnt, buflen; +{ + char lbuf[32]; + register int i; + char *cp; + + buf[buflen-1] = '\0'; /* make sure it's NULL terminated */ + buflen -= 1; + + switch(data[2]) { + case FB64_IV: + sprintf(lbuf, "%s_IV", type); + cp = lbuf; + goto common; + + case FB64_IV_OK: + sprintf(lbuf, "%s_IV_OK", type); + cp = lbuf; + goto common; + + case FB64_IV_BAD: + sprintf(lbuf, "%s_IV_BAD", type); + cp = lbuf; + goto common; + + default: + sprintf(lbuf, " %d (unknown)", data[2]); + cp = lbuf; + common: + for (; (buflen > 0) && (*buf = *cp++); buf++) + buflen--; + for (i = 3; i < cnt; i++) { + sprintf(lbuf, " %d", data[i]); + for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++) + buflen--; + } + break; + } +} + + void +cfb64_printsub(data, cnt, buf, buflen) + unsigned char *data, *buf; + int cnt, buflen; +{ + fb64_printsub(data, cnt, buf, buflen, "CFB64"); +} + + void +ofb64_printsub(data, cnt, buf, buflen) + unsigned char *data, *buf; + int cnt, buflen; +{ + fb64_printsub(data, cnt, buf, buflen, "OFB64"); +} + + void +fb64_stream_iv(seed, stp) + Block seed; + register struct stinfo *stp; +{ + + memmove((void *)stp->str_iv, (void *)seed, sizeof(Block)); + memmove((void *)stp->str_output, (void *)seed, sizeof(Block)); + + des_key_sched(stp->str_ikey, stp->str_sched); + + stp->str_index = sizeof(Block); +} + + void +fb64_stream_key(key, stp) + Block key; + register struct stinfo *stp; +{ + memmove((void *)stp->str_ikey, (void *)key, sizeof(Block)); + des_key_sched(key, stp->str_sched); + + memmove((void *)stp->str_output, (void *)stp->str_iv, sizeof(Block)); + + stp->str_index = sizeof(Block); +} + +/* + * DES 64 bit Cipher Feedback + * + * key --->+-----+ + * +->| DES |--+ + * | +-----+ | + * | v + * INPUT --(--------->(+)+---> DATA + * | | + * +-------------+ + * + * + * Given: + * iV: Initial vector, 64 bits (8 bytes) long. + * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt). + * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output. + * + * V0 = DES(iV, key) + * On = Dn ^ Vn + * V(n+1) = DES(On, key) + */ + + void +cfb64_encrypt(s, c) + register unsigned char *s; + int c; +{ + register struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1]; + register int index; + + index = stp->str_index; + while (c-- > 0) { + if (index == sizeof(Block)) { + Block b; + des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1); + memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); + index = 0; + } + + /* On encryption, we store (feed ^ data) which is cypher */ + *s = stp->str_output[index] = (stp->str_feed[index] ^ *s); + s++; + index++; + } + stp->str_index = index; +} + + int +cfb64_decrypt(data) + int data; +{ + register struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1]; + int index; + + if (data == -1) { + /* + * Back up one byte. It is assumed that we will + * never back up more than one byte. If we do, this + * may or may not work. + */ + if (stp->str_index) + --stp->str_index; + return(0); + } + + index = stp->str_index++; + if (index == sizeof(Block)) { + Block b; + des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1); + memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); + stp->str_index = 1; /* Next time will be 1 */ + index = 0; /* But now use 0 */ + } + + /* On decryption we store (data) which is cypher. */ + stp->str_output[index] = data; + return(data ^ stp->str_feed[index]); +} + +/* + * DES 64 bit Output Feedback + * + * key --->+-----+ + * +->| DES |--+ + * | +-----+ | + * +-----------+ + * v + * INPUT -------->(+) ----> DATA + * + * Given: + * iV: Initial vector, 64 bits (8 bytes) long. + * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt). + * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output. + * + * V0 = DES(iV, key) + * V(n+1) = DES(Vn, key) + * On = Dn ^ Vn + */ + void +ofb64_encrypt(s, c) + register unsigned char *s; + int c; +{ + register struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1]; + register int index; + + index = stp->str_index; + while (c-- > 0) { + if (index == sizeof(Block)) { + Block b; + des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1); + memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); + index = 0; + } + *s++ ^= stp->str_feed[index]; + index++; + } + stp->str_index = index; +} + + int +ofb64_decrypt(data) + int data; +{ + register struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1]; + int index; + + if (data == -1) { + /* + * Back up one byte. It is assumed that we will + * never back up more than one byte. If we do, this + * may or may not work. + */ + if (stp->str_index) + --stp->str_index; + return(0); + } + + index = stp->str_index++; + if (index == sizeof(Block)) { + Block b; + des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1); + memmove((void *)stp->str_feed, (void *)b, sizeof(Block)); + stp->str_index = 1; /* Next time will be 1 */ + index = 0; /* But now use 0 */ + } + + return(data ^ stp->str_feed[index]); +} +# endif /* DES_ENCRYPTION */ +# endif /* AUTHENTICATION */ +#endif /* ENCRYPTION */ diff --git a/secure/lib/libtelnet/encrypt.c b/secure/lib/libtelnet/encrypt.c new file mode 100644 index 0000000..432df0c --- /dev/null +++ b/secure/lib/libtelnet/encrypt.c @@ -0,0 +1,1000 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)encrypt.c 8.2 (Berkeley) 5/30/95"; +#endif /* not lint */ + +/* + * Copyright (C) 1990 by the Massachusetts Institute of Technology + * + * Export of this software from the United States of America is assumed + * to require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#ifdef ENCRYPTION + +#define ENCRYPT_NAMES +#include <arpa/telnet.h> + +#include "encrypt.h" +#include "misc.h" + +#ifdef __STDC__ +#include <stdlib.h> +#endif +#ifdef NO_STRING_H +#include <strings.h> +#else +#include <string.h> +#endif + +/* + * These functions pointers point to the current routines + * for encrypting and decrypting data. + */ +void (*encrypt_output) P((unsigned char *, int)); +int (*decrypt_input) P((int)); + +int encrypt_debug_mode = 0; +static int decrypt_mode = 0; +static int encrypt_mode = 0; +static int encrypt_verbose = 0; +static int autoencrypt = 0; +static int autodecrypt = 0; +static int havesessionkey = 0; +static int Server = 0; +static char *Name = "Noname"; + +#define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0) + +static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64) + | typemask(ENCTYPE_DES_OFB64); +static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64) + | typemask(ENCTYPE_DES_OFB64); +static long i_wont_support_encrypt = 0; +static long i_wont_support_decrypt = 0; +#define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt) +#define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt) + +static long remote_supports_encrypt = 0; +static long remote_supports_decrypt = 0; + +static Encryptions encryptions[] = { +#ifdef DES_ENCRYPTION + { "DES_CFB64", ENCTYPE_DES_CFB64, + cfb64_encrypt, + cfb64_decrypt, + cfb64_init, + cfb64_start, + cfb64_is, + cfb64_reply, + cfb64_session, + cfb64_keyid, + cfb64_printsub }, + { "DES_OFB64", ENCTYPE_DES_OFB64, + ofb64_encrypt, + ofb64_decrypt, + ofb64_init, + ofb64_start, + ofb64_is, + ofb64_reply, + ofb64_session, + ofb64_keyid, + ofb64_printsub }, +#endif /* DES_ENCRYPTION */ + { 0, }, +}; + +static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT, + ENCRYPT_SUPPORT }; +static unsigned char str_suplen = 0; +static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT }; +static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE }; + + Encryptions * +findencryption(type) + int type; +{ + Encryptions *ep = encryptions; + + if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type))) + return(0); + while (ep->type && ep->type != type) + ++ep; + return(ep->type ? ep : 0); +} + + Encryptions * +finddecryption(type) + int type; +{ + Encryptions *ep = encryptions; + + if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type))) + return(0); + while (ep->type && ep->type != type) + ++ep; + return(ep->type ? ep : 0); +} + +#define MAXKEYLEN 64 + +static struct key_info { + unsigned char keyid[MAXKEYLEN]; + int keylen; + int dir; + int *modep; + Encryptions *(*getcrypt)(); +} ki[2] = { + { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption }, + { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption }, +}; + + void +encrypt_init(name, server) + char *name; + int server; +{ + Encryptions *ep = encryptions; + + Name = name; + Server = server; + i_support_encrypt = i_support_decrypt = 0; + remote_supports_encrypt = remote_supports_decrypt = 0; + encrypt_mode = 0; + decrypt_mode = 0; + encrypt_output = 0; + decrypt_input = 0; +#ifdef notdef + encrypt_verbose = !server; +#endif + + str_suplen = 4; + + while (ep->type) { + if (encrypt_debug_mode) + printf(">>>%s: I will support %s\r\n", + Name, ENCTYPE_NAME(ep->type)); + i_support_encrypt |= typemask(ep->type); + i_support_decrypt |= typemask(ep->type); + if ((i_wont_support_decrypt & typemask(ep->type)) == 0) + if ((str_send[str_suplen++] = ep->type) == IAC) + str_send[str_suplen++] = IAC; + if (ep->init) + (*ep->init)(Server); + ++ep; + } + str_send[str_suplen++] = IAC; + str_send[str_suplen++] = SE; +} + + void +encrypt_list_types() +{ + Encryptions *ep = encryptions; + + printf("Valid encryption types:\n"); + while (ep->type) { + printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type); + ++ep; + } +} + + int +EncryptEnable(type, mode) + char *type, *mode; +{ + if (isprefix(type, "help") || isprefix(type, "?")) { + printf("Usage: encrypt enable <type> [input|output]\n"); + encrypt_list_types(); + return(0); + } + if (EncryptType(type, mode)) + return(EncryptStart(mode)); + return(0); +} + + int +EncryptDisable(type, mode) + char *type, *mode; +{ + register Encryptions *ep; + int ret = 0; + + if (isprefix(type, "help") || isprefix(type, "?")) { + printf("Usage: encrypt disable <type> [input|output]\n"); + encrypt_list_types(); + } else if ((ep = (Encryptions *)genget(type, encryptions, + sizeof(Encryptions))) == 0) { + printf("%s: invalid encryption type\n", type); + } else if (Ambiguous(ep)) { + printf("Ambiguous type '%s'\n", type); + } else { + if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) { + if (decrypt_mode == ep->type) + EncryptStopInput(); + i_wont_support_decrypt |= typemask(ep->type); + ret = 1; + } + if ((mode == 0) || (isprefix(mode, "output"))) { + if (encrypt_mode == ep->type) + EncryptStopOutput(); + i_wont_support_encrypt |= typemask(ep->type); + ret = 1; + } + if (ret == 0) + printf("%s: invalid encryption mode\n", mode); + } + return(ret); +} + + int +EncryptType(type, mode) + char *type; + char *mode; +{ + register Encryptions *ep; + int ret = 0; + + if (isprefix(type, "help") || isprefix(type, "?")) { + printf("Usage: encrypt type <type> [input|output]\n"); + encrypt_list_types(); + } else if ((ep = (Encryptions *)genget(type, encryptions, + sizeof(Encryptions))) == 0) { + printf("%s: invalid encryption type\n", type); + } else if (Ambiguous(ep)) { + printf("Ambiguous type '%s'\n", type); + } else { + if ((mode == 0) || isprefix(mode, "input")) { + decrypt_mode = ep->type; + i_wont_support_decrypt &= ~typemask(ep->type); + ret = 1; + } + if ((mode == 0) || isprefix(mode, "output")) { + encrypt_mode = ep->type; + i_wont_support_encrypt &= ~typemask(ep->type); + ret = 1; + } + if (ret == 0) + printf("%s: invalid encryption mode\n", mode); + } + return(ret); +} + + int +EncryptStart(mode) + char *mode; +{ + register int ret = 0; + if (mode) { + if (isprefix(mode, "input")) + return(EncryptStartInput()); + if (isprefix(mode, "output")) + return(EncryptStartOutput()); + if (isprefix(mode, "help") || isprefix(mode, "?")) { + printf("Usage: encrypt start [input|output]\n"); + return(0); + } + printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode); + return(0); + } + ret += EncryptStartInput(); + ret += EncryptStartOutput(); + return(ret); +} + + int +EncryptStartInput() +{ + if (decrypt_mode) { + encrypt_send_request_start(); + return(1); + } + printf("No previous decryption mode, decryption not enabled\r\n"); + return(0); +} + + int +EncryptStartOutput() +{ + if (encrypt_mode) { + encrypt_start_output(encrypt_mode); + return(1); + } + printf("No previous encryption mode, encryption not enabled\r\n"); + return(0); +} + + int +EncryptStop(mode) + char *mode; +{ + int ret = 0; + if (mode) { + if (isprefix(mode, "input")) + return(EncryptStopInput()); + if (isprefix(mode, "output")) + return(EncryptStopOutput()); + if (isprefix(mode, "help") || isprefix(mode, "?")) { + printf("Usage: encrypt stop [input|output]\n"); + return(0); + } + printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode); + return(0); + } + ret += EncryptStopInput(); + ret += EncryptStopOutput(); + return(ret); +} + + int +EncryptStopInput() +{ + encrypt_send_request_end(); + return(1); +} + + int +EncryptStopOutput() +{ + encrypt_send_end(); + return(1); +} + + void +encrypt_display() +{ + if (encrypt_output) + printf("Currently encrypting output with %s\r\n", + ENCTYPE_NAME(encrypt_mode)); + if (decrypt_input) + printf("Currently decrypting input with %s\r\n", + ENCTYPE_NAME(decrypt_mode)); +} + + int +EncryptStatus() +{ + if (encrypt_output) + printf("Currently encrypting output with %s\r\n", + ENCTYPE_NAME(encrypt_mode)); + else if (encrypt_mode) { + printf("Currently output is clear text.\r\n"); + printf("Last encryption mode was %s\r\n", + ENCTYPE_NAME(encrypt_mode)); + } + if (decrypt_input) { + printf("Currently decrypting input with %s\r\n", + ENCTYPE_NAME(decrypt_mode)); + } else if (decrypt_mode) { + printf("Currently input is clear text.\r\n"); + printf("Last decryption mode was %s\r\n", + ENCTYPE_NAME(decrypt_mode)); + } + return 1; +} + + void +encrypt_send_support() +{ + if (str_suplen) { + /* + * If the user has requested that decryption start + * immediatly, then send a "REQUEST START" before + * we negotiate the type. + */ + if (!Server && autodecrypt) + encrypt_send_request_start(); + net_write(str_send, str_suplen); + printsub('>', &str_send[2], str_suplen - 2); + str_suplen = 0; + } +} + + int +EncryptDebug(on) + int on; +{ + if (on < 0) + encrypt_debug_mode ^= 1; + else + encrypt_debug_mode = on; + printf("Encryption debugging %s\r\n", + encrypt_debug_mode ? "enabled" : "disabled"); + return(1); +} + + int +EncryptVerbose(on) + int on; +{ + if (on < 0) + encrypt_verbose ^= 1; + else + encrypt_verbose = on; + printf("Encryption %s verbose\r\n", + encrypt_verbose ? "is" : "is not"); + return(1); +} + + int +EncryptAutoEnc(on) + int on; +{ + encrypt_auto(on); + printf("Automatic encryption of output is %s\r\n", + autoencrypt ? "enabled" : "disabled"); + return(1); +} + + int +EncryptAutoDec(on) + int on; +{ + decrypt_auto(on); + printf("Automatic decryption of input is %s\r\n", + autodecrypt ? "enabled" : "disabled"); + return(1); +} + +/* + * Called when ENCRYPT SUPPORT is received. + */ + void +encrypt_support(typelist, cnt) + unsigned char *typelist; + int cnt; +{ + register int type, use_type = 0; + Encryptions *ep; + + /* + * Forget anything the other side has previously told us. + */ + remote_supports_decrypt = 0; + + while (cnt-- > 0) { + type = *typelist++; + if (encrypt_debug_mode) + printf(">>>%s: He is supporting %s (%d)\r\n", + Name, + ENCTYPE_NAME(type), type); + if ((type < ENCTYPE_CNT) && + (I_SUPPORT_ENCRYPT & typemask(type))) { + remote_supports_decrypt |= typemask(type); + if (use_type == 0) + use_type = type; + } + } + if (use_type) { + ep = findencryption(use_type); + if (!ep) + return; + type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0; + if (encrypt_debug_mode) + printf(">>>%s: (*ep->start)() returned %d\r\n", + Name, type); + if (type < 0) + return; + encrypt_mode = use_type; + if (type == 0) + encrypt_start_output(use_type); + } +} + + void +encrypt_is(data, cnt) + unsigned char *data; + int cnt; +{ + Encryptions *ep; + register int type, ret; + + if (--cnt < 0) + return; + type = *data++; + if (type < ENCTYPE_CNT) + remote_supports_encrypt |= typemask(type); + if (!(ep = finddecryption(type))) { + if (encrypt_debug_mode) + printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", + Name, + ENCTYPE_NAME_OK(type) + ? ENCTYPE_NAME(type) : "(unknown)", + type); + return; + } + if (!ep->is) { + if (encrypt_debug_mode) + printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", + Name, + ENCTYPE_NAME_OK(type) + ? ENCTYPE_NAME(type) : "(unknown)", + type); + ret = 0; + } else { + ret = (*ep->is)(data, cnt); + if (encrypt_debug_mode) + printf("(*ep->is)(%x, %d) returned %s(%d)\n", data, cnt, + (ret < 0) ? "FAIL " : + (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); + } + if (ret < 0) { + autodecrypt = 0; + } else { + decrypt_mode = type; + if (ret == 0 && autodecrypt) + encrypt_send_request_start(); + } +} + + void +encrypt_reply(data, cnt) + unsigned char *data; + int cnt; +{ + Encryptions *ep; + register int ret, type; + + if (--cnt < 0) + return; + type = *data++; + if (!(ep = findencryption(type))) { + if (encrypt_debug_mode) + printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", + Name, + ENCTYPE_NAME_OK(type) + ? ENCTYPE_NAME(type) : "(unknown)", + type); + return; + } + if (!ep->reply) { + if (encrypt_debug_mode) + printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", + Name, + ENCTYPE_NAME_OK(type) + ? ENCTYPE_NAME(type) : "(unknown)", + type); + ret = 0; + } else { + ret = (*ep->reply)(data, cnt); + if (encrypt_debug_mode) + printf("(*ep->reply)(%x, %d) returned %s(%d)\n", + data, cnt, + (ret < 0) ? "FAIL " : + (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); + } + if (encrypt_debug_mode) + printf(">>>%s: encrypt_reply returned %d\n", Name, ret); + if (ret < 0) { + autoencrypt = 0; + } else { + encrypt_mode = type; + if (ret == 0 && autoencrypt) + encrypt_start_output(type); + } +} + +/* + * Called when a ENCRYPT START command is received. + */ + void +encrypt_start(data, cnt) + unsigned char *data; + int cnt; +{ + Encryptions *ep; + + if (!decrypt_mode) { + /* + * Something is wrong. We should not get a START + * command without having already picked our + * decryption scheme. Send a REQUEST-END to + * attempt to clear the channel... + */ + printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name); + encrypt_send_request_end(); + return; + } + + if (ep = finddecryption(decrypt_mode)) { + decrypt_input = ep->input; + if (encrypt_verbose) + printf("[ Input is now decrypted with type %s ]\r\n", + ENCTYPE_NAME(decrypt_mode)); + if (encrypt_debug_mode) + printf(">>>%s: Start to decrypt input with type %s\r\n", + Name, ENCTYPE_NAME(decrypt_mode)); + } else { + printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n", + Name, + ENCTYPE_NAME_OK(decrypt_mode) + ? ENCTYPE_NAME(decrypt_mode) + : "(unknown)", + decrypt_mode); + encrypt_send_request_end(); + } +} + + void +encrypt_session_key(key, server) + Session_Key *key; + int server; +{ + Encryptions *ep = encryptions; + + havesessionkey = 1; + + while (ep->type) { + if (ep->session) + (*ep->session)(key, server); +#ifdef notdef + if (!encrypt_output && autoencrypt && !server) + encrypt_start_output(ep->type); + if (!decrypt_input && autodecrypt && !server) + encrypt_send_request_start(); +#endif + ++ep; + } +} + +/* + * Called when ENCRYPT END is received. + */ + void +encrypt_end() +{ + decrypt_input = 0; + if (encrypt_debug_mode) + printf(">>>%s: Input is back to clear text\r\n", Name); + if (encrypt_verbose) + printf("[ Input is now clear text ]\r\n"); +} + +/* + * Called when ENCRYPT REQUEST-END is received. + */ + void +encrypt_request_end() +{ + encrypt_send_end(); +} + +/* + * Called when ENCRYPT REQUEST-START is received. If we receive + * this before a type is picked, then that indicates that the + * other side wants us to start encrypting data as soon as we + * can. + */ + void +encrypt_request_start(data, cnt) + unsigned char *data; + int cnt; +{ + if (encrypt_mode == 0) { + if (Server) + autoencrypt = 1; + return; + } + encrypt_start_output(encrypt_mode); +} + +static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT }; + +encrypt_enc_keyid(keyid, len) + unsigned char *keyid; + int len; +{ + encrypt_keyid(&ki[1], keyid, len); +} + +encrypt_dec_keyid(keyid, len) + unsigned char *keyid; + int len; +{ + encrypt_keyid(&ki[0], keyid, len); +} + +encrypt_keyid(kp, keyid, len) + struct key_info *kp; + unsigned char *keyid; + int len; +{ + Encryptions *ep; + unsigned char *strp, *cp; + int dir = kp->dir; + register int ret = 0; + + if (!(ep = (*kp->getcrypt)(*kp->modep))) { + if (len == 0) + return; + kp->keylen = 0; + } else if (len == 0) { + /* + * Empty option, indicates a failure. + */ + if (kp->keylen == 0) + return; + kp->keylen = 0; + if (ep->keyid) + (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); + + } else if ((len != kp->keylen) || + (memcmp(keyid, kp->keyid, len) != 0)) { + /* + * Length or contents are different + */ + kp->keylen = len; + memmove(kp->keyid, keyid, len); + if (ep->keyid) + (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); + } else { + if (ep->keyid) + ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen); + if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt) + encrypt_start_output(*kp->modep); + return; + } + + encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0); +} + + void +encrypt_send_keyid(dir, keyid, keylen, saveit) + int dir; + unsigned char *keyid; + int keylen; + int saveit; +{ + unsigned char *strp; + + str_keyid[3] = (dir == DIR_ENCRYPT) + ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID; + if (saveit) { + struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1]; + memmove(kp->keyid, keyid, keylen); + kp->keylen = keylen; + } + + for (strp = &str_keyid[4]; keylen > 0; --keylen) { + if ((*strp++ = *keyid++) == IAC) + *strp++ = IAC; + } + *strp++ = IAC; + *strp++ = SE; + net_write(str_keyid, strp - str_keyid); + printsub('>', &str_keyid[2], strp - str_keyid - 2); +} + + void +encrypt_auto(on) + int on; +{ + if (on < 0) + autoencrypt ^= 1; + else + autoencrypt = on ? 1 : 0; +} + + void +decrypt_auto(on) + int on; +{ + if (on < 0) + autodecrypt ^= 1; + else + autodecrypt = on ? 1 : 0; +} + + void +encrypt_start_output(type) + int type; +{ + Encryptions *ep; + register unsigned char *p; + register int i; + + if (!(ep = findencryption(type))) { + if (encrypt_debug_mode) { + printf(">>>%s: Can't encrypt with type %s (%d)\r\n", + Name, + ENCTYPE_NAME_OK(type) + ? ENCTYPE_NAME(type) : "(unknown)", + type); + } + return; + } + if (ep->start) { + i = (*ep->start)(DIR_ENCRYPT, Server); + if (encrypt_debug_mode) { + printf(">>>%s: Encrypt start: %s (%d) %s\r\n", + Name, + (i < 0) ? "failed" : + "initial negotiation in progress", + i, ENCTYPE_NAME(type)); + } + if (i) + return; + } + p = str_start + 3; + *p++ = ENCRYPT_START; + for (i = 0; i < ki[0].keylen; ++i) { + if ((*p++ = ki[0].keyid[i]) == IAC) + *p++ = IAC; + } + *p++ = IAC; + *p++ = SE; + net_write(str_start, p - str_start); + net_encrypt(); + printsub('>', &str_start[2], p - &str_start[2]); + /* + * If we are already encrypting in some mode, then + * encrypt the ring (which includes our request) in + * the old mode, mark it all as "clear text" and then + * switch to the new mode. + */ + encrypt_output = ep->output; + encrypt_mode = type; + if (encrypt_debug_mode) + printf(">>>%s: Started to encrypt output with type %s\r\n", + Name, ENCTYPE_NAME(type)); + if (encrypt_verbose) + printf("[ Output is now encrypted with type %s ]\r\n", + ENCTYPE_NAME(type)); +} + + void +encrypt_send_end() +{ + if (!encrypt_output) + return; + + str_end[3] = ENCRYPT_END; + net_write(str_end, sizeof(str_end)); + net_encrypt(); + printsub('>', &str_end[2], sizeof(str_end) - 2); + /* + * Encrypt the output buffer now because it will not be done by + * netflush... + */ + encrypt_output = 0; + if (encrypt_debug_mode) + printf(">>>%s: Output is back to clear text\r\n", Name); + if (encrypt_verbose) + printf("[ Output is now clear text ]\r\n"); +} + + void +encrypt_send_request_start() +{ + register unsigned char *p; + register int i; + + p = &str_start[3]; + *p++ = ENCRYPT_REQSTART; + for (i = 0; i < ki[1].keylen; ++i) { + if ((*p++ = ki[1].keyid[i]) == IAC) + *p++ = IAC; + } + *p++ = IAC; + *p++ = SE; + net_write(str_start, p - str_start); + printsub('>', &str_start[2], p - &str_start[2]); + if (encrypt_debug_mode) + printf(">>>%s: Request input to be encrypted\r\n", Name); +} + + void +encrypt_send_request_end() +{ + str_end[3] = ENCRYPT_REQEND; + net_write(str_end, sizeof(str_end)); + printsub('>', &str_end[2], sizeof(str_end) - 2); + + if (encrypt_debug_mode) + printf(">>>%s: Request input to be clear text\r\n", Name); +} + + void +encrypt_wait() +{ + register int encrypt, decrypt; + if (encrypt_debug_mode) + printf(">>>%s: in encrypt_wait\r\n", Name); + if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt)) + return; + while (autoencrypt && !encrypt_output) + if (telnet_spin()) + return; +} + + void +encrypt_debug(mode) + int mode; +{ + encrypt_debug_mode = mode; +} + + void +encrypt_gen_printsub(data, cnt, buf, buflen) + unsigned char *data, *buf; + int cnt, buflen; +{ + char tbuf[16], *cp; + + cnt -= 2; + data += 2; + buf[buflen-1] = '\0'; + buf[buflen-2] = '*'; + buflen -= 2;; + for (; cnt > 0; cnt--, data++) { + sprintf(tbuf, " %d", *data); + for (cp = tbuf; *cp && buflen > 0; --buflen) + *buf++ = *cp++; + if (buflen <= 0) + return; + } + *buf = '\0'; +} + + void +encrypt_printsub(data, cnt, buf, buflen) + unsigned char *data, *buf; + int cnt, buflen; +{ + Encryptions *ep; + register int type = data[1]; + + for (ep = encryptions; ep->type && ep->type != type; ep++) + ; + + if (ep->printsub) + (*ep->printsub)(data, cnt, buf, buflen); + else + encrypt_gen_printsub(data, cnt, buf, buflen); +} +#endif /* ENCRYPTION */ diff --git a/secure/lib/libtelnet/encrypt.h b/secure/lib/libtelnet/encrypt.h new file mode 100644 index 0000000..e0ae385 --- /dev/null +++ b/secure/lib/libtelnet/encrypt.h @@ -0,0 +1,108 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)encrypt.h 8.1 (Berkeley) 6/4/93 + */ + +/* + * Copyright (C) 1990 by the Massachusetts Institute of Technology + * + * Export of this software from the United States of America is assumed + * to require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#ifdef ENCRYPTION +# ifndef __ENCRYPTION__ +# define __ENCRYPTION__ + +#define DIR_DECRYPT 1 +#define DIR_ENCRYPT 2 + +typedef unsigned char Block[8]; +typedef unsigned char *BlockT; +typedef struct { Block _; } Schedule[16]; + +#define VALIDKEY(key) ( key[0] | key[1] | key[2] | key[3] | \ + key[4] | key[5] | key[6] | key[7]) + +#define SAMEKEY(k1, k2) (!bcmp((void *)k1, (void *)k2, sizeof(Block))) + +typedef struct { + short type; + int length; + unsigned char *data; +} Session_Key; + +# if !defined(P) +# ifdef __STDC__ +# define P(x) x +# else +# define P(x) () +# endif +# endif + +typedef struct { + char *name; + int type; + void (*output) P((unsigned char *, int)); + int (*input) P((int)); + void (*init) P((int)); + int (*start) P((int, int)); + int (*is) P((unsigned char *, int)); + int (*reply) P((unsigned char *, int)); + void (*session) P((Session_Key *, int)); + int (*keyid) P((int, unsigned char *, int *)); + void (*printsub) P((unsigned char *, int, unsigned char *, int)); +} Encryptions; + +#define SK_DES 1 /* Matched Kerberos v5 KEYTYPE_DES */ + +#include "enc-proto.h" + +extern int encrypt_debug_mode; +extern int (*decrypt_input) P((int)); +extern void (*encrypt_output) P((unsigned char *, int)); +# endif /* __ENCRYPTION__ */ +#endif /* ENCRYPTION */ diff --git a/secure/lib/libtelnet/genget.c b/secure/lib/libtelnet/genget.c new file mode 100644 index 0000000..f87fcf0 --- /dev/null +++ b/secure/lib/libtelnet/genget.c @@ -0,0 +1,105 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)genget.c 8.2 (Berkeley) 5/30/95"; +#endif /* not lint */ + + +#include <ctype.h> + +#define LOWER(x) (isupper(x) ? tolower(x) : (x)) +/* + * The prefix function returns 0 if *s1 is not a prefix + * of *s2. If *s1 exactly matches *s2, the negative of + * the length is returned. If *s1 is a prefix of *s2, + * the length of *s1 is returned. + */ + int +isprefix(s1, s2) + register char *s1, *s2; +{ + register int n = 0; + char *os1; + register char c1, c2; + + if (*s1 == '\0') + return(-1); + os1 = s1; + c1 = *s1; + c2 = *s2; + while (LOWER(c1) == LOWER(c2)) { + if (c1 == '\0') + break; + c1 = *++s1; + c2 = *++s2; + } + return(*s1 ? 0 : (*s2 ? (s1 - os1) : (os1 - s1))); +} + +static char *ambiguous; /* special return value for command routines */ + + char ** +genget(name, table, stlen) + char *name; /* name to match */ + char **table; /* name entry in table */ + int stlen; +{ + register char **c, **found; + register int n; + + if (name == 0) + return 0; + + found = 0; + for (c = table; *c != 0; c = (char **)((char *)c + stlen)) { + if ((n = isprefix(name, *c)) == 0) + continue; + if (n < 0) /* exact match */ + return(c); + if (found) + return(&ambiguous); + found = c; + } + return(found); +} + +/* + * Function call version of Ambiguous() + */ + int +Ambiguous(s) + char *s; +{ + return((char **)s == &ambiguous); +} diff --git a/secure/lib/libtelnet/getent.c b/secure/lib/libtelnet/getent.c new file mode 100644 index 0000000..05626f1 --- /dev/null +++ b/secure/lib/libtelnet/getent.c @@ -0,0 +1,68 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)getent.c 8.2 (Berkeley) 12/15/93"; +#endif /* not lint */ + +static char *area; + +/*ARGSUSED*/ +getent(cp, name) +char *cp, *name; +{ +#ifdef HAS_CGETENT + char *dba[2]; + + dba[0] = "/etc/gettytab"; + dba[1] = 0; + return((cgetent(&area, dba, name) == 0) ? 1 : 0); +#else + return(0); +#endif +} + +#ifndef SOLARIS +/*ARGSUSED*/ +char * +getstr(id, cpp) +char *id, **cpp; +{ +# ifdef HAS_CGETENT + char *answer; + return((cgetstr(area, id, &answer) > 0) ? answer : 0); +# else + return(0); +# endif +} +#endif diff --git a/secure/lib/libtelnet/kerberos.c b/secure/lib/libtelnet/kerberos.c new file mode 100644 index 0000000..f0c8b8a --- /dev/null +++ b/secure/lib/libtelnet/kerberos.c @@ -0,0 +1,555 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)kerberos.c 8.3 (Berkeley) 5/30/95"; +#endif /* not lint */ + +/* + * Copyright (C) 1990 by the Massachusetts Institute of Technology + * + * Export of this software from the United States of America is assumed + * to require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#ifdef KRB4 +#include <sys/types.h> +#include <arpa/telnet.h> +#include <stdio.h> +#include <des.h> /* BSD wont include this in krb.h, so we do it here */ +#include <krb.h> +#ifdef __STDC__ +#include <stdlib.h> +#endif +#ifdef NO_STRING_H +#include <strings.h> +#else +#include <string.h> +#endif + +#include "encrypt.h" +#include "auth.h" +#include "misc.h" + +int kerberos4_cksum P((unsigned char *, int)); +int kuserok P((AUTH_DAT *, char *)); + +extern auth_debug_mode; + +static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, + AUTHTYPE_KERBEROS_V4, }; +static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION, + TELQUAL_NAME, }; + +#define KRB_AUTH 0 /* Authentication data follows */ +#define KRB_REJECT 1 /* Rejected (reason might follow) */ +#define KRB_ACCEPT 2 /* Accepted */ +#define KRB_CHALLENGE 3 /* Challenge for mutual auth. */ +#define KRB_RESPONSE 4 /* Response for mutual auth. */ + +#define KRB_SERVICE_NAME "rcmd" + +static KTEXT_ST auth; +static char name[ANAME_SZ]; +static AUTH_DAT adat = { 0 }; +#ifdef ENCRYPTION +static Block session_key = { 0 }; +static des_key_schedule sched; +static Block challenge = { 0 }; +#endif /* ENCRYPTION */ + + static int +Data(ap, type, d, c) + Authenticator *ap; + int type; + void *d; + int c; +{ + unsigned char *p = str_data + 4; + unsigned char *cd = (unsigned char *)d; + + if (c == -1) + c = strlen((char *)cd); + + if (auth_debug_mode) { + printf("%s:%d: [%d] (%d)", + str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", + str_data[3], + type, c); + printd(d, c); + printf("\r\n"); + } + *p++ = ap->type; + *p++ = ap->way; + *p++ = type; + while (c-- > 0) { + if ((*p++ = *cd++) == IAC) + *p++ = IAC; + } + *p++ = IAC; + *p++ = SE; + if (str_data[3] == TELQUAL_IS) + printsub('>', &str_data[2], p - (&str_data[2])); + return(net_write(str_data, p - str_data)); +} + + int +kerberos4_init(ap, server) + Authenticator *ap; + int server; +{ + FILE *fp; + + if (server) { + str_data[3] = TELQUAL_REPLY; + if ((fp = fopen(KEYFILE, "r")) == NULL) + return(0); + fclose(fp); + } else { + str_data[3] = TELQUAL_IS; + } + return(1); +} + +char dst_realm_buf[REALM_SZ], *dest_realm = NULL; +int dst_realm_sz = REALM_SZ; + + int +kerberos4_send(ap) + Authenticator *ap; +{ + KTEXT_ST auth; +#ifdef ENCRYPTION + Block enckey; +#endif /* ENCRYPTION */ + char instance[INST_SZ]; + char *realm; + char *krb_realmofhost(); + char *krb_get_phost(); + CREDENTIALS cred; + int r; + + printf("[ Trying KERBEROS4 ... ]\n"); + if (!UserNameRequested) { + if (auth_debug_mode) { + printf("Kerberos V4: no user name supplied\r\n"); + } + return(0); + } + + memset(instance, 0, sizeof(instance)); + + if (realm = krb_get_phost(RemoteHostName)) + strncpy(instance, realm, sizeof(instance)); + + instance[sizeof(instance)-1] = '\0'; + + realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName); + + if (!realm) { + printf("Kerberos V4: no realm for %s\r\n", RemoteHostName); + return(0); + } + if (r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0L)) { + printf("mk_req failed: %s\r\n", krb_err_txt[r]); + return(0); + } + if (r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred)) { + printf("get_cred failed: %s\r\n", krb_err_txt[r]); + return(0); + } + if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { + if (auth_debug_mode) + printf("Not enough room for user name\r\n"); + return(0); + } + if (auth_debug_mode) + printf("Sent %d bytes of authentication data\r\n", auth.length); + if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) { + if (auth_debug_mode) + printf("Not enough room for authentication data\r\n"); + return(0); + } +#ifdef ENCRYPTION + /* + * If we are doing mutual authentication, get set up to send + * the challenge, and verify it when the response comes back. + */ + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { + register int i; + + des_key_sched(&cred.session, sched); + des_init_random_number_generator(&cred.session); + des_new_random_key(&session_key); + des_ecb_encrypt(&session_key, &session_key, sched, 0); + des_ecb_encrypt(&session_key, &challenge, sched, 0); + /* + * Increment the challenge by 1, and encrypt it for + * later comparison. + */ + for (i = 7; i >= 0; --i) { + register int x; + x = (unsigned int)challenge[i] + 1; + challenge[i] = x; /* ignore overflow */ + if (x < 256) /* if no overflow, all done */ + break; + } + des_ecb_encrypt(&challenge, &challenge, sched, 1); + } +#endif /* ENCRYPTION */ + + if (auth_debug_mode) { + printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length)); + printd(auth.dat, auth.length); + printf("\r\n"); + printf("Sent Kerberos V4 credentials to server\r\n"); + } + return(1); +} + + void +kerberos4_is(ap, data, cnt) + Authenticator *ap; + unsigned char *data; + int cnt; +{ +#ifdef ENCRYPTION + Session_Key skey; + Block datablock; +#endif /* ENCRYPTION */ + char realm[REALM_SZ]; + char instance[INST_SZ]; + int r; + + if (cnt-- < 1) + return; + switch (*data++) { + case KRB_AUTH: + if (krb_get_lrealm(realm, 1) != KSUCCESS) { + Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1); + auth_finished(ap, AUTH_REJECT); + if (auth_debug_mode) + printf("No local realm\r\n"); + return; + } + memmove((void *)auth.dat, (void *)data, auth.length = cnt); + if (auth_debug_mode) { + printf("Got %d bytes of authentication data\r\n", cnt); + printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length)); + printd(auth.dat, auth.length); + printf("\r\n"); + } + instance[0] = '*'; instance[1] = 0; + if (r = krb_rd_req(&auth, KRB_SERVICE_NAME, + instance, 0, &adat, "")) { + if (auth_debug_mode) + printf("Kerberos failed him as %s\r\n", name); + Data(ap, KRB_REJECT, (void *)krb_err_txt[r], -1); + auth_finished(ap, AUTH_REJECT); + return; + } +#ifdef ENCRYPTION + memmove((void *)session_key, (void *)adat.session, sizeof(Block)); +#endif /* ENCRYPTION */ + krb_kntoln(&adat, name); + + if (UserNameRequested && !kuserok(&adat, UserNameRequested)) + Data(ap, KRB_ACCEPT, (void *)0, 0); + else + Data(ap, KRB_REJECT, + (void *)"user is not authorized", -1); + auth_finished(ap, AUTH_USER); + break; + + case KRB_CHALLENGE: +#ifndef ENCRYPTION + Data(ap, KRB_RESPONSE, (void *)0, 0); +#else /* ENCRYPTION */ + if (!VALIDKEY(session_key)) { + /* + * We don't have a valid session key, so just + * send back a response with an empty session + * key. + */ + Data(ap, KRB_RESPONSE, (void *)0, 0); + break; + } + + /* + * Initialize the random number generator since it's + * used later on by the encryption routine. + */ + des_init_random_number_generator(&session_key); + des_key_sched(&session_key, sched); + memmove((void *)datablock, (void *)data, sizeof(Block)); + /* + * Take the received encrypted challenge, and encrypt + * it again to get a unique session_key for the + * ENCRYPT option. + */ + des_ecb_encrypt(&datablock, &session_key, sched, 1); + skey.type = SK_DES; + skey.length = 8; + skey.data = session_key; + encrypt_session_key(&skey, 1); + /* + * Now decrypt the received encrypted challenge, + * increment by one, re-encrypt it and send it back. + */ + des_ecb_encrypt(&datablock, &challenge, sched, 0); + for (r = 7; r >= 0; r--) { + register int t; + t = (unsigned int)challenge[r] + 1; + challenge[r] = t; /* ignore overflow */ + if (t < 256) /* if no overflow, all done */ + break; + } + des_ecb_encrypt(&challenge, &challenge, sched, 1); + Data(ap, KRB_RESPONSE, (void *)challenge, sizeof(challenge)); +#endif /* ENCRYPTION */ + break; + + default: + if (auth_debug_mode) + printf("Unknown Kerberos option %d\r\n", data[-1]); + Data(ap, KRB_REJECT, 0, 0); + break; + } +} + + void +kerberos4_reply(ap, data, cnt) + Authenticator *ap; + unsigned char *data; + int cnt; +{ +#ifdef ENCRYPTION + Session_Key skey; +#endif /* ENCRYPTION */ + + if (cnt-- < 1) + return; + switch (*data++) { + case KRB_REJECT: + if (cnt > 0) { + printf("[ Kerberos V4 refuses authentication because %.*s ]\r\n", + cnt, data); + } else + printf("[ Kerberos V4 refuses authentication ]\r\n"); + auth_send_retry(); + return; + case KRB_ACCEPT: + printf("[ Kerberos V4 accepts you ]\n"); + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { + /* + * Send over the encrypted challenge. + */ +#ifndef ENCRYPTION + Data(ap, KRB_CHALLENGE, (void *)0, 0); +#else /* ENCRYPTION */ + Data(ap, KRB_CHALLENGE, (void *)session_key, + sizeof(session_key)); + des_ecb_encrypt(&session_key, &session_key, sched, 1); + skey.type = SK_DES; + skey.length = 8; + skey.data = session_key; + encrypt_session_key(&skey, 0); +#endif /* ENCRYPTION */ + return; + } + auth_finished(ap, AUTH_USER); + return; + case KRB_RESPONSE: +#ifdef ENCRYPTION + /* + * Verify that the response to the challenge is correct. + */ + if ((cnt != sizeof(Block)) || + (0 != memcmp((void *)data, (void *)challenge, + sizeof(challenge)))) + { +#endif /* ENCRYPTION */ + printf("[ Kerberos V4 challenge failed!!! ]\r\n"); + auth_send_retry(); + return; +#ifdef ENCRYPTION + } + printf("[ Kerberos V4 challenge successful ]\r\n"); + auth_finished(ap, AUTH_USER); +#endif /* ENCRYPTION */ + break; + default: + if (auth_debug_mode) + printf("Unknown Kerberos option %d\r\n", data[-1]); + return; + } +} + + int +kerberos4_status(ap, name, level) + Authenticator *ap; + char *name; + int level; +{ + if (level < AUTH_USER) + return(level); + + if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { + strcpy(name, UserNameRequested); + return(AUTH_VALID); + } else + return(AUTH_USER); +} + +#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} +#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} + + void +kerberos4_printsub(data, cnt, buf, buflen) + unsigned char *data, *buf; + int cnt, buflen; +{ + char lbuf[32]; + register int i; + + buf[buflen-1] = '\0'; /* make sure its NULL terminated */ + buflen -= 1; + + switch(data[3]) { + case KRB_REJECT: /* Rejected (reason might follow) */ + strncpy((char *)buf, " REJECT ", buflen); + goto common; + + case KRB_ACCEPT: /* Accepted (name might follow) */ + strncpy((char *)buf, " ACCEPT ", buflen); + common: + BUMP(buf, buflen); + if (cnt <= 4) + break; + ADDC(buf, buflen, '"'); + for (i = 4; i < cnt; i++) + ADDC(buf, buflen, data[i]); + ADDC(buf, buflen, '"'); + ADDC(buf, buflen, '\0'); + break; + + case KRB_AUTH: /* Authentication data follows */ + strncpy((char *)buf, " AUTH", buflen); + goto common2; + + case KRB_CHALLENGE: + strncpy((char *)buf, " CHALLENGE", buflen); + goto common2; + + case KRB_RESPONSE: + strncpy((char *)buf, " RESPONSE", buflen); + goto common2; + + default: + sprintf(lbuf, " %d (unknown)", data[3]); + strncpy((char *)buf, lbuf, buflen); + common2: + BUMP(buf, buflen); + for (i = 4; i < cnt; i++) { + sprintf(lbuf, " %d", data[i]); + strncpy((char *)buf, lbuf, buflen); + BUMP(buf, buflen); + } + break; + } +} + + int +kerberos4_cksum(d, n) + unsigned char *d; + int n; +{ + int ck = 0; + + /* + * A comment is probably needed here for those not + * well versed in the "C" language. Yes, this is + * supposed to be a "switch" with the body of the + * "switch" being a "while" statement. The whole + * purpose of the switch is to allow us to jump into + * the middle of the while() loop, and then not have + * to do any more switch()s. + * + * Some compilers will spit out a warning message + * about the loop not being entered at the top. + */ + switch (n&03) + while (n > 0) { + case 0: + ck ^= (int)*d++ << 24; + --n; + case 3: + ck ^= (int)*d++ << 16; + --n; + case 2: + ck ^= (int)*d++ << 8; + --n; + case 1: + ck ^= (int)*d++; + --n; + } + return(ck); +} +#endif + +#ifdef notdef + +prkey(msg, key) + char *msg; + unsigned char *key; +{ + register int i; + printf("%s:", msg); + for (i = 0; i < 8; i++) + printf(" %3d", key[i]); + printf("\r\n"); +} +#endif diff --git a/secure/lib/libtelnet/kerberos5.c b/secure/lib/libtelnet/kerberos5.c new file mode 100644 index 0000000..69a381a --- /dev/null +++ b/secure/lib/libtelnet/kerberos5.c @@ -0,0 +1,764 @@ +/* + * $Source: /home/ncvs/src/secure/lib/libtelnet/kerberos5.c,v $ + * $Author: rgrimes $ + * $Id: kerberos5.c,v 1.2 1995/05/30 06:11:54 rgrimes Exp $ + */ + +#if !defined(lint) && !defined(SABER) +static +#ifdef __STDC__ +const +#endif +char rcsid_kerberos5_c[] = "$Id: kerberos5.c,v 1.2 1995/05/30 06:11:54 rgrimes Exp $"; +#endif /* lint */ + +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)kerberos5.c 8.3 (Berkeley) 5/30/95"; +#endif /* not lint */ + +/* + * Copyright (C) 1990 by the Massachusetts Institute of Technology + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + + +#ifdef KRB5 +#include <arpa/telnet.h> +#include <stdio.h> +#include <krb5/krb5.h> +#include <krb5/asn1.h> +#include <krb5/crc-32.h> +#include <krb5/los-proto.h> +#include <krb5/ext-proto.h> +#include <com_err.h> +#include <netdb.h> +#include <ctype.h> + +/* kerberos 5 include files (ext-proto.h) will get an appropriate stdlib.h + and string.h/strings.h */ + +#include "encrypt.h" +#include "auth.h" +#include "misc.h" + +extern auth_debug_mode; + +#ifdef FORWARD +int forward_flags = 0; /* Flags get set in telnet/main.c on -f and -F */ + +/* These values need to be the same as those defined in telnet/main.c. */ +/* Either define them in both places, or put in some common header file. */ +#define OPTS_FORWARD_CREDS 0x00000002 +#define OPTS_FORWARDABLE_CREDS 0x00000001 + +void kerberos5_forward(); + +#endif /* FORWARD */ + +static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, + AUTHTYPE_KERBEROS_V5, }; +/*static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION, + TELQUAL_NAME, };*/ + +#define KRB_AUTH 0 /* Authentication data follows */ +#define KRB_REJECT 1 /* Rejected (reason might follow) */ +#define KRB_ACCEPT 2 /* Accepted */ +#define KRB_RESPONSE 3 /* Response for mutual auth. */ + +#ifdef FORWARD +#define KRB_FORWARD 4 /* Forwarded credentials follow */ +#define KRB_FORWARD_ACCEPT 5 /* Forwarded credentials accepted */ +#define KRB_FORWARD_REJECT 6 /* Forwarded credentials rejected */ +#endif /* FORWARD */ + +static krb5_data auth; + /* telnetd gets session key from here */ +static krb5_tkt_authent *authdat = NULL; +/* telnet matches the AP_REQ and AP_REP with this */ +static krb5_authenticator authenticator; + +/* some compilers can't hack void *, so we use the Kerberos krb5_pointer, + which is either void * or char *, depending on the compiler. */ + +#define Voidptr krb5_pointer + +Block session_key; + + static int +Data(ap, type, d, c) + Authenticator *ap; + int type; + Voidptr d; + int c; +{ + unsigned char *p = str_data + 4; + unsigned char *cd = (unsigned char *)d; + + if (c == -1) + c = strlen((char *)cd); + + if (auth_debug_mode) { + printf("%s:%d: [%d] (%d)", + str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", + str_data[3], + type, c); + printd(d, c); + printf("\r\n"); + } + *p++ = ap->type; + *p++ = ap->way; + *p++ = type; + while (c-- > 0) { + if ((*p++ = *cd++) == IAC) + *p++ = IAC; + } + *p++ = IAC; + *p++ = SE; + if (str_data[3] == TELQUAL_IS) + printsub('>', &str_data[2], p - &str_data[2]); + return(net_write(str_data, p - str_data)); +} + + int +kerberos5_init(ap, server) + Authenticator *ap; + int server; +{ + if (server) + str_data[3] = TELQUAL_REPLY; + else + str_data[3] = TELQUAL_IS; + krb5_init_ets(); + return(1); +} + + int +kerberos5_send(ap) + Authenticator *ap; +{ + char **realms; + char *name; + char *p1, *p2; + krb5_checksum ksum; + krb5_octet sum[CRC32_CKSUM_LENGTH]; + krb5_principal server; + krb5_error_code r; + krb5_ccache ccache; + krb5_creds creds; /* telnet gets session key from here */ + extern krb5_flags krb5_kdc_default_options; + int ap_opts; + +#ifdef ENCRYPTION + krb5_keyblock *newkey = 0; +#endif /* ENCRYPTION */ + + ksum.checksum_type = CKSUMTYPE_CRC32; + ksum.contents = sum; + ksum.length = sizeof(sum); + memset((Voidptr )sum, 0, sizeof(sum)); + + if (!UserNameRequested) { + if (auth_debug_mode) { + printf("Kerberos V5: no user name supplied\r\n"); + } + return(0); + } + + if (r = krb5_cc_default(&ccache)) { + if (auth_debug_mode) { + printf("Kerberos V5: could not get default ccache\r\n"); + } + return(0); + } + + if ((name = malloc(strlen(RemoteHostName)+1)) == NULL) { + if (auth_debug_mode) + printf("Out of memory for hostname in Kerberos V5\r\n"); + return(0); + } + + if (r = krb5_get_host_realm(RemoteHostName, &realms)) { + if (auth_debug_mode) + printf("Kerberos V5: no realm for %s\r\n", RemoteHostName); + free(name); + return(0); + } + + p1 = RemoteHostName; + p2 = name; + + while (*p2 = *p1++) { + if (isupper(*p2)) + *p2 |= 040; + ++p2; + } + + if (r = krb5_build_principal_ext(&server, + strlen(realms[0]), realms[0], + 4, "host", + p2 - name, name, + 0)) { + if (auth_debug_mode) { + printf("Kerberos V5: failure setting up principal (%s)\r\n", + error_message(r)); + } + free(name); + krb5_free_host_realm(realms); + return(0); + } + + + memset((char *)&creds, 0, sizeof(creds)); + creds.server = server; + + if (r = krb5_cc_get_principal(ccache, &creds.client)) { + if (auth_debug_mode) { + printf("Kerberos V5: failure on principal (%s)\r\n", + error_message(r)); + } + free(name); + krb5_free_principal(server); + krb5_free_host_realm(realms); + return(0); + } + + if (r = krb5_get_credentials(krb5_kdc_default_options, ccache, &creds)) { + if (auth_debug_mode) { + printf("Kerberos V5: failure on credentials(%d)\r\n",r); + } + free(name); + krb5_free_host_realm(realms); + krb5_free_principal(server); + return(0); + } + + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) + ap_opts = AP_OPTS_MUTUAL_REQUIRED; + else + ap_opts = 0; + + r = krb5_mk_req_extended(ap_opts, &ksum, krb5_kdc_default_options, 0, +#ifdef ENCRYPTION + &newkey, +#else /* ENCRYPTION */ + 0, +#endif /* ENCRYPTION */ + ccache, &creds, &authenticator, &auth); + /* don't let the key get freed if we clean up the authenticator */ + authenticator.subkey = 0; + + free(name); + krb5_free_host_realm(realms); + krb5_free_principal(server); +#ifdef ENCRYPTION + if (newkey) { + /* keep the key in our private storage, but don't use it + yet---see kerberos5_reply() below */ + if (newkey->keytype != KEYTYPE_DES) { + if (creds.keyblock.keytype == KEYTYPE_DES) + /* use the session key in credentials instead */ + memmove((char *)session_key, + (char *)creds.keyblock.contents, sizeof(Block)); + else + /* XXX ? */; + } else { + memmove((char *)session_key, (char *)newkey->contents, + sizeof(Block)); + } + krb5_free_keyblock(newkey); + } +#endif /* ENCRYPTION */ + if (r) { + if (auth_debug_mode) { + printf("Kerberos V5: mk_req failed (%s)\r\n", + error_message(r)); + } + return(0); + } + + if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { + if (auth_debug_mode) + printf("Not enough room for user name\r\n"); + return(0); + } + if (!Data(ap, KRB_AUTH, auth.data, auth.length)) { + if (auth_debug_mode) + printf("Not enough room for authentication data\r\n"); + return(0); + } + if (auth_debug_mode) { + printf("Sent Kerberos V5 credentials to server\r\n"); + } + return(1); +} + + void +kerberos5_is(ap, data, cnt) + Authenticator *ap; + unsigned char *data; + int cnt; +{ + int r; + struct hostent *hp; + char *p1, *p2; + static char *realm = NULL; + krb5_principal server; + krb5_ap_rep_enc_part reply; + krb5_data outbuf; +#ifdef ENCRYPTION + Session_Key skey; +#endif /* ENCRYPTION */ + char *name; + char *getenv(); + krb5_data inbuf; + + if (cnt-- < 1) + return; + switch (*data++) { + case KRB_AUTH: + auth.data = (char *)data; + auth.length = cnt; + + if (!(hp = gethostbyname(LocalHostName))) { + if (auth_debug_mode) + printf("Cannot resolve local host name\r\n"); + Data(ap, KRB_REJECT, "Unknown local hostname.", -1); + auth_finished(ap, AUTH_REJECT); + return; + } + + if (!realm && (krb5_get_default_realm(&realm))) { + if (auth_debug_mode) + printf("Could not get default realm\r\n"); + Data(ap, KRB_REJECT, "Could not get default realm.", -1); + auth_finished(ap, AUTH_REJECT); + return; + } + + if ((name = malloc(strlen(hp->h_name)+1)) == NULL) { + if (auth_debug_mode) + printf("Out of memory for hostname in Kerberos V5\r\n"); + Data(ap, KRB_REJECT, "Out of memory.", -1); + auth_finished(ap, AUTH_REJECT); + return; + } + + p1 = hp->h_name; + p2 = name; + + while (*p2 = *p1++) { + if (isupper(*p2)) + *p2 |= 040; + ++p2; + } + + if (authdat) + krb5_free_tkt_authent(authdat); + + r = krb5_build_principal_ext(&server, + strlen(realm), realm, + 4, "host", + p2 - name, name, + 0); + if (!r) { + r = krb5_rd_req_simple(&auth, server, 0, &authdat); + krb5_free_principal(server); + } + if (r) { + char errbuf[128]; + + errout: + authdat = 0; + (void) strcpy(errbuf, "Read req failed: "); + (void) strcat(errbuf, error_message(r)); + Data(ap, KRB_REJECT, errbuf, -1); + if (auth_debug_mode) + printf("%s\r\n", errbuf); + return; + } + free(name); + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { + /* do ap_rep stuff here */ + reply.ctime = authdat->authenticator->ctime; + reply.cusec = authdat->authenticator->cusec; + reply.subkey = 0; /* use the one he gave us, so don't + need to return one here */ + reply.seq_number = 0; /* we don't do seq #'s. */ + + if (r = krb5_mk_rep(&reply, + authdat->authenticator->subkey ? + authdat->authenticator->subkey : + authdat->ticket->enc_part2->session, + &outbuf)) { + goto errout; + } + Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length); + } + if (krb5_unparse_name(authdat->ticket->enc_part2 ->client, + &name)) + name = 0; + Data(ap, KRB_ACCEPT, name, name ? -1 : 0); + if (auth_debug_mode) { + printf("Kerberos5 identifies him as ``%s''\r\n", + name ? name : ""); + } + auth_finished(ap, AUTH_USER); + + free(name); + if (authdat->authenticator->subkey && + authdat->authenticator->subkey->keytype == KEYTYPE_DES) { + memmove((Voidptr )session_key, + (Voidptr )authdat->authenticator->subkey->contents, + sizeof(Block)); + } else if (authdat->ticket->enc_part2->session->keytype == + KEYTYPE_DES) { + memmove((Voidptr )session_key, + (Voidptr )authdat->ticket->enc_part2->session->contents, + sizeof(Block)); + } else + break; + +#ifdef ENCRYPTION + skey.type = SK_DES; + skey.length = 8; + skey.data = session_key; + encrypt_session_key(&skey, 1); +#endif /* ENCRYPTION */ + break; +#ifdef FORWARD + case KRB_FORWARD: + inbuf.data = (char *)data; + inbuf.length = cnt; + if (r = rd_and_store_for_creds(&inbuf, authdat->ticket, + UserNameRequested)) { + char errbuf[128]; + + (void) strcpy(errbuf, "Read forwarded creds failed: "); + (void) strcat(errbuf, error_message(r)); + Data(ap, KRB_FORWARD_REJECT, errbuf, -1); + if (auth_debug_mode) + printf("Could not read forwarded credentials\r\n"); + } + else + Data(ap, KRB_FORWARD_ACCEPT, 0, 0); + if (auth_debug_mode) + printf("Forwarded credentials obtained\r\n"); + break; +#endif /* FORWARD */ + default: + if (auth_debug_mode) + printf("Unknown Kerberos option %d\r\n", data[-1]); + Data(ap, KRB_REJECT, 0, 0); + break; + } +} + + void +kerberos5_reply(ap, data, cnt) + Authenticator *ap; + unsigned char *data; + int cnt; +{ + Session_Key skey; + static int mutual_complete = 0; + + if (cnt-- < 1) + return; + switch (*data++) { + case KRB_REJECT: + if (cnt > 0) { + printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n", + cnt, data); + } else + printf("[ Kerberos V5 refuses authentication ]\r\n"); + auth_send_retry(); + return; + case KRB_ACCEPT: + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL && + !mutual_complete) { + printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\n"); + auth_send_retry(); + return; + } + if (cnt) + printf("[ Kerberos V5 accepts you as ``%.*s'' ]\n", cnt, data); + else + printf("[ Kerberos V5 accepts you ]\n"); + auth_finished(ap, AUTH_USER); +#ifdef FORWARD + if (forward_flags & OPTS_FORWARD_CREDS) + kerberos5_forward(ap); +#endif /* FORWARD */ + break; + case KRB_RESPONSE: + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { + /* the rest of the reply should contain a krb_ap_rep */ + krb5_ap_rep_enc_part *reply; + krb5_data inbuf; + krb5_error_code r; + krb5_keyblock tmpkey; + + inbuf.length = cnt; + inbuf.data = (char *)data; + + tmpkey.keytype = KEYTYPE_DES; + tmpkey.contents = session_key; + tmpkey.length = sizeof(Block); + + if (r = krb5_rd_rep(&inbuf, &tmpkey, &reply)) { + printf("[ Mutual authentication failed: %s ]\n", + error_message(r)); + auth_send_retry(); + return; + } + if (reply->ctime != authenticator.ctime || + reply->cusec != authenticator.cusec) { + printf("[ Mutual authentication failed (mismatched KRB_AP_REP) ]\n"); + auth_send_retry(); + return; + } + krb5_free_ap_rep_enc_part(reply); +#ifdef ENCRYPTION + skey.type = SK_DES; + skey.length = 8; + skey.data = session_key; + encrypt_session_key(&skey, 0); +#endif /* ENCRYPTION */ + mutual_complete = 1; + } + return; +#ifdef FORWARD + case KRB_FORWARD_ACCEPT: + printf("[ Kerberos V5 accepted forwarded credentials ]\n"); + return; + case KRB_FORWARD_REJECT: + printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n", + cnt, data); + return; +#endif /* FORWARD */ + default: + if (auth_debug_mode) + printf("Unknown Kerberos option %d\r\n", data[-1]); + return; + } +} + + int +kerberos5_status(ap, name, level) + Authenticator *ap; + char *name; + int level; +{ + if (level < AUTH_USER) + return(level); + + if (UserNameRequested && + krb5_kuserok(authdat->ticket->enc_part2->client, UserNameRequested)) + { + strcpy(name, UserNameRequested); + return(AUTH_VALID); + } else + return(AUTH_USER); +} + +#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} +#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} + + void +kerberos5_printsub(data, cnt, buf, buflen) + unsigned char *data, *buf; + int cnt, buflen; +{ + char lbuf[32]; + register int i; + + buf[buflen-1] = '\0'; /* make sure its NULL terminated */ + buflen -= 1; + + switch(data[3]) { + case KRB_REJECT: /* Rejected (reason might follow) */ + strncpy((char *)buf, " REJECT ", buflen); + goto common; + + case KRB_ACCEPT: /* Accepted (name might follow) */ + strncpy((char *)buf, " ACCEPT ", buflen); + common: + BUMP(buf, buflen); + if (cnt <= 4) + break; + ADDC(buf, buflen, '"'); + for (i = 4; i < cnt; i++) + ADDC(buf, buflen, data[i]); + ADDC(buf, buflen, '"'); + ADDC(buf, buflen, '\0'); + break; + + + case KRB_AUTH: /* Authentication data follows */ + strncpy((char *)buf, " AUTH", buflen); + goto common2; + + case KRB_RESPONSE: + strncpy((char *)buf, " RESPONSE", buflen); + goto common2; + +#ifdef FORWARD + case KRB_FORWARD: /* Forwarded credentials follow */ + strncpy((char *)buf, " FORWARD", buflen); + goto common2; + + case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */ + strncpy((char *)buf, " FORWARD_ACCEPT", buflen); + goto common2; + + case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */ + /* (reason might follow) */ + strncpy((char *)buf, " FORWARD_REJECT", buflen); + goto common2; +#endif /* FORWARD */ + + default: + sprintf(lbuf, " %d (unknown)", data[3]); + strncpy((char *)buf, lbuf, buflen); + common2: + BUMP(buf, buflen); + for (i = 4; i < cnt; i++) { + sprintf(lbuf, " %d", data[i]); + strncpy((char *)buf, lbuf, buflen); + BUMP(buf, buflen); + } + break; + } +} + +#ifdef FORWARD + void +kerberos5_forward(ap) + Authenticator *ap; +{ + struct hostent *hp; + krb5_creds *local_creds; + krb5_error_code r; + krb5_data forw_creds; + extern krb5_cksumtype krb5_kdc_req_sumtype; + krb5_ccache ccache; + int i; + + if (!(local_creds = (krb5_creds *) + calloc(1, sizeof(*local_creds)))) { + if (auth_debug_mode) + printf("Kerberos V5: could not allocate memory for credentials\r\n"); + return; + } + + if (r = krb5_sname_to_principal(RemoteHostName, "host", 1, + &local_creds->server)) { + if (auth_debug_mode) + printf("Kerberos V5: could not build server name - %s\r\n", + error_message(r)); + krb5_free_creds(local_creds); + return; + } + + if (r = krb5_cc_default(&ccache)) { + if (auth_debug_mode) + printf("Kerberos V5: could not get default ccache - %s\r\n", + error_message(r)); + krb5_free_creds(local_creds); + return; + } + + if (r = krb5_cc_get_principal(ccache, &local_creds->client)) { + if (auth_debug_mode) + printf("Kerberos V5: could not get default principal - %s\r\n", + error_message(r)); + krb5_free_creds(local_creds); + return; + } + + /* Get ticket from credentials cache */ + if (r = krb5_get_credentials(KRB5_GC_CACHED, ccache, local_creds)) { + if (auth_debug_mode) + printf("Kerberos V5: could not obtain credentials - %s\r\n", + error_message(r)); + krb5_free_creds(local_creds); + return; + } + + if (r = get_for_creds(ETYPE_DES_CBC_CRC, + krb5_kdc_req_sumtype, + RemoteHostName, + local_creds->client, + &local_creds->keyblock, + forward_flags & OPTS_FORWARDABLE_CREDS, + &forw_creds)) { + if (auth_debug_mode) + printf("Kerberos V5: error getting forwarded creds - %s\r\n", + error_message(r)); + krb5_free_creds(local_creds); + return; + } + + /* Send forwarded credentials */ + if (!Data(ap, KRB_FORWARD, forw_creds.data, forw_creds.length)) { + if (auth_debug_mode) + printf("Not enough room for authentication data\r\n"); + } + else { + if (auth_debug_mode) + printf("Forwarded local Kerberos V5 credentials to server\r\n"); + } + + krb5_free_creds(local_creds); +} +#endif /* FORWARD */ + +#endif /* KRB5 */ diff --git a/secure/lib/libtelnet/key-proto.h b/secure/lib/libtelnet/key-proto.h new file mode 100644 index 0000000..9668a77 --- /dev/null +++ b/secure/lib/libtelnet/key-proto.h @@ -0,0 +1,71 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)key-proto.h 8.1 (Berkeley) 6/4/93 + */ + +/* + * Copyright (C) 1990 by the Massachusetts Institute of Technology + * + * Export of this software from the United States of America is assumed + * to require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#ifndef __KEY_PROTO__ +#define __KEY_PROTO__ + +#if !defined(P) +#ifdef __STDC__ +#define P(x) x +#else +#define P(x) () +#endif +#endif + +int key_file_exists P((void)); +void key_lookup P((unsigned char *, Block)); +void key_stream_init P((Block, Block, int)); +unsigned char key_stream P((int, int)); +#endif diff --git a/secure/lib/libtelnet/krb4encpwd.c b/secure/lib/libtelnet/krb4encpwd.c new file mode 100644 index 0000000..00f32e8 --- /dev/null +++ b/secure/lib/libtelnet/krb4encpwd.c @@ -0,0 +1,446 @@ +/*- + * Copyright (c) 1992, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)krb4encpwd.c 8.3 (Berkeley) 5/30/95"; +#endif /* not lint */ + + +#ifdef KRB4_ENCPWD +/* + * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION + * ALL RIGHTS RESERVED + * + * "Digital Equipment Corporation authorizes the reproduction, + * distribution and modification of this software subject to the following + * restrictions: + * + * 1. Any partial or whole copy of this software, or any modification + * thereof, must include this copyright notice in its entirety. + * + * 2. This software is supplied "as is" with no warranty of any kind, + * expressed or implied, for any purpose, including any warranty of fitness + * or merchantibility. DIGITAL assumes no responsibility for the use or + * reliability of this software, nor promises to provide any form of + * support for it on any basis. + * + * 3. Distribution of this software is authorized only if no profit or + * remuneration of any kind is received in exchange for such distribution. + * + * 4. This software produces public key authentication certificates + * bearing an expiration date established by DIGITAL and RSA Data + * Security, Inc. It may cease to generate certificates after the expiration + * date. Any modification of this software that changes or defeats + * the expiration date or its effect is unauthorized. + * + * 5. Software that will renew or extend the expiration date of + * authentication certificates produced by this software may be obtained + * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA + * 94065, (415)595-8782, or from DIGITAL" + * + */ + +#include <sys/types.h> +#include <arpa/telnet.h> +#include <pwd.h> +#include <stdio.h> + +#include <des.h> +#include <krb.h> +#ifdef __STDC__ +#include <stdlib.h> +#endif +#ifdef NO_STRING_H +#include <strings.h> +#else +#include <string.h> +#endif + +#include "encrypt.h" +#include "auth.h" +#include "misc.h" + +int krb_mk_encpwd_req P((KTEXT, char *, char *, char *, char *, char *, char *)); +int krb_rd_encpwd_req P((KTEXT, char *, char *, u_long, AUTH_DAT *, char *, char *, char *, char *)); + +extern auth_debug_mode; + +static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, + AUTHTYPE_KRB4_ENCPWD, }; +static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION, + TELQUAL_NAME, }; + +#define KRB4_ENCPWD_AUTH 0 /* Authentication data follows */ +#define KRB4_ENCPWD_REJECT 1 /* Rejected (reason might follow) */ +#define KRB4_ENCPWD_ACCEPT 2 /* Accepted */ +#define KRB4_ENCPWD_CHALLENGE 3 /* Challenge for mutual auth. */ +#define KRB4_ENCPWD_ACK 4 /* Acknowledge */ + +#define KRB_SERVICE_NAME "rcmd" + +static KTEXT_ST auth; +static char name[ANAME_SZ]; +static char user_passwd[ANAME_SZ]; +static AUTH_DAT adat = { 0 }; +#ifdef ENCRYPTION +static Block session_key = { 0 }; +#endif /* ENCRYPTION */ +static Schedule sched; +static char challenge[REALM_SZ]; + + static int +Data(ap, type, d, c) + Authenticator *ap; + int type; + void *d; + int c; +{ + unsigned char *p = str_data + 4; + unsigned char *cd = (unsigned char *)d; + + if (c == -1) + c = strlen((char *)cd); + + if (0) { + printf("%s:%d: [%d] (%d)", + str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", + str_data[3], + type, c); + printd(d, c); + printf("\r\n"); + } + *p++ = ap->type; + *p++ = ap->way; + *p++ = type; + while (c-- > 0) { + if ((*p++ = *cd++) == IAC) + *p++ = IAC; + } + *p++ = IAC; + *p++ = SE; + if (str_data[3] == TELQUAL_IS) + printsub('>', &str_data[2], p - (&str_data[2])); + return(net_write(str_data, p - str_data)); +} + + int +krb4encpwd_init(ap, server) + Authenticator *ap; + int server; +{ + char hostname[80], *cp, *realm; + C_Block skey; + + if (server) { + str_data[3] = TELQUAL_REPLY; + } else { + str_data[3] = TELQUAL_IS; + gethostname(hostname, sizeof(hostname)); + realm = krb_realmofhost(hostname); + cp = strchr(hostname, '.'); + if (*cp != NULL) *cp = NULL; + if (read_service_key(KRB_SERVICE_NAME, hostname, realm, 0, + KEYFILE, (char *)skey)) { + return(0); + } + } + return(1); +} + + int +krb4encpwd_send(ap) + Authenticator *ap; +{ + + printf("[ Trying KRB4ENCPWD ... ]\n"); + if (!UserNameRequested) { + return(0); + } + if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { + return(0); + } + + if (!Data(ap, KRB4_ENCPWD_ACK, (void *)NULL, 0)) { + return(0); + } + + return(1); +} + + void +krb4encpwd_is(ap, data, cnt) + Authenticator *ap; + unsigned char *data; + int cnt; +{ + Session_Key skey; + Block datablock; + char r_passwd[ANAME_SZ], r_user[ANAME_SZ]; + char lhostname[ANAME_SZ], *cp; + int r; + time_t now; + + if (cnt-- < 1) + return; + switch (*data++) { + case KRB4_ENCPWD_AUTH: + memmove((void *)auth.dat, (void *)data, auth.length = cnt); + + gethostname(lhostname, sizeof(lhostname)); + if ((cp = strchr(lhostname, '.')) != 0) *cp = '\0'; + + if (r = krb_rd_encpwd_req(&auth, KRB_SERVICE_NAME, lhostname, 0, &adat, NULL, challenge, r_user, r_passwd)) { + Data(ap, KRB4_ENCPWD_REJECT, (void *)"Auth failed", -1); + auth_finished(ap, AUTH_REJECT); + return; + } + auth_encrypt_userpwd(r_passwd); + if (passwdok(UserNameRequested, UserPassword) == 0) { + /* + * illegal username and password + */ + Data(ap, KRB4_ENCPWD_REJECT, (void *)"Illegal password", -1); + auth_finished(ap, AUTH_REJECT); + return; + } + + memmove((void *)session_key, (void *)adat.session, sizeof(Block)); + Data(ap, KRB4_ENCPWD_ACCEPT, (void *)0, 0); + auth_finished(ap, AUTH_USER); + break; + + case KRB4_ENCPWD_CHALLENGE: + /* + * Take the received random challenge text and save + * for future authentication. + */ + memmove((void *)challenge, (void *)data, sizeof(Block)); + break; + + + case KRB4_ENCPWD_ACK: + /* + * Receive ack, if mutual then send random challenge + */ + + /* + * If we are doing mutual authentication, get set up to send + * the challenge, and verify it when the response comes back. + */ + + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { + register int i; + + time(&now); + sprintf(challenge, "%x", now); + Data(ap, KRB4_ENCPWD_CHALLENGE, (void *)challenge, strlen(challenge)); + } + break; + + default: + Data(ap, KRB4_ENCPWD_REJECT, 0, 0); + break; + } +} + + + void +krb4encpwd_reply(ap, data, cnt) + Authenticator *ap; + unsigned char *data; + int cnt; +{ + Session_Key skey; + KTEXT_ST krb_token; + Block enckey; + CREDENTIALS cred; + int r; + char randchal[REALM_SZ], instance[ANAME_SZ], *cp; + char hostname[80], *realm; + + if (cnt-- < 1) + return; + switch (*data++) { + case KRB4_ENCPWD_REJECT: + if (cnt > 0) { + printf("[ KRB4_ENCPWD refuses authentication because %.*s ]\r\n", + cnt, data); + } else + printf("[ KRB4_ENCPWD refuses authentication ]\r\n"); + auth_send_retry(); + return; + case KRB4_ENCPWD_ACCEPT: + printf("[ KRB4_ENCPWD accepts you ]\n"); + auth_finished(ap, AUTH_USER); + return; + case KRB4_ENCPWD_CHALLENGE: + /* + * Verify that the response to the challenge is correct. + */ + + gethostname(hostname, sizeof(hostname)); + realm = krb_realmofhost(hostname); + memmove((void *)challenge, (void *)data, cnt); + memset(user_passwd, 0, sizeof(user_passwd)); + local_des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0); + UserPassword = user_passwd; + Challenge = challenge; + strcpy(instance, RemoteHostName); + if ((cp = strchr(instance, '.')) != 0) *cp = '\0'; + + if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) { + krb_token.length = 0; + } + + if (!Data(ap, KRB4_ENCPWD_AUTH, (void *)krb_token.dat, krb_token.length)) { + return; + } + + break; + + default: + return; + } +} + + int +krb4encpwd_status(ap, name, level) + Authenticator *ap; + char *name; + int level; +{ + + if (level < AUTH_USER) + return(level); + + if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) { + strcpy(name, UserNameRequested); + return(AUTH_VALID); + } else { + return(AUTH_USER); + } +} + +#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} +#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} + + void +krb4encpwd_printsub(data, cnt, buf, buflen) + unsigned char *data, *buf; + int cnt, buflen; +{ + char lbuf[32]; + register int i; + + buf[buflen-1] = '\0'; /* make sure its NULL terminated */ + buflen -= 1; + + switch(data[3]) { + case KRB4_ENCPWD_REJECT: /* Rejected (reason might follow) */ + strncpy((char *)buf, " REJECT ", buflen); + goto common; + + case KRB4_ENCPWD_ACCEPT: /* Accepted (name might follow) */ + strncpy((char *)buf, " ACCEPT ", buflen); + common: + BUMP(buf, buflen); + if (cnt <= 4) + break; + ADDC(buf, buflen, '"'); + for (i = 4; i < cnt; i++) + ADDC(buf, buflen, data[i]); + ADDC(buf, buflen, '"'); + ADDC(buf, buflen, '\0'); + break; + + case KRB4_ENCPWD_AUTH: /* Authentication data follows */ + strncpy((char *)buf, " AUTH", buflen); + goto common2; + + case KRB4_ENCPWD_CHALLENGE: + strncpy((char *)buf, " CHALLENGE", buflen); + goto common2; + + case KRB4_ENCPWD_ACK: + strncpy((char *)buf, " ACK", buflen); + goto common2; + + default: + sprintf(lbuf, " %d (unknown)", data[3]); + strncpy((char *)buf, lbuf, buflen); + common2: + BUMP(buf, buflen); + for (i = 4; i < cnt; i++) { + sprintf(lbuf, " %d", data[i]); + strncpy((char *)buf, lbuf, buflen); + BUMP(buf, buflen); + } + break; + } +} + +int passwdok(name, passwd) +char *name, *passwd; +{ + char *crypt(); + char *salt, *p; + struct passwd *pwd; + int passwdok_status = 0; + + if (pwd = getpwnam(name)) + salt = pwd->pw_passwd; + else salt = "xx"; + + p = crypt(passwd, salt); + + if (pwd && !strcmp(p, pwd->pw_passwd)) { + passwdok_status = 1; + } else passwdok_status = 0; + return(passwdok_status); +} + +#endif + +#ifdef notdef + +prkey(msg, key) + char *msg; + unsigned char *key; +{ + register int i; + printf("%s:", msg); + for (i = 0; i < 8; i++) + printf(" %3d", key[i]); + printf("\r\n"); +} +#endif diff --git a/secure/lib/libtelnet/misc-proto.h b/secure/lib/libtelnet/misc-proto.h new file mode 100644 index 0000000..e5f334a --- /dev/null +++ b/secure/lib/libtelnet/misc-proto.h @@ -0,0 +1,79 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)misc-proto.h 8.1 (Berkeley) 6/4/93 + */ + +/* + * Copyright (C) 1990 by the Massachusetts Institute of Technology + * + * Export of this software from the United States of America is assumed + * to require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ + +#ifndef __MISC_PROTO__ +#define __MISC_PROTO__ + +#if !defined(P) +#ifdef __STDC__ +#define P(x) x +#else +#define P(x) () +#endif +#endif + +void auth_encrypt_init P((char *, char *, char *, int)); +void auth_encrypt_connect P((int)); +void printd P((unsigned char *, int)); + +/* + * These functions are imported from the application + */ +int net_write P((unsigned char *, int)); +void net_encrypt P((void)); +int telnet_spin P((void)); +char *telnet_getenv P((char *)); +char *telnet_gets P((char *, char *, int, int)); +#endif diff --git a/secure/lib/libtelnet/misc.c b/secure/lib/libtelnet/misc.c new file mode 100644 index 0000000..9565900 --- /dev/null +++ b/secure/lib/libtelnet/misc.c @@ -0,0 +1,94 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)misc.c 8.1 (Berkeley) 6/4/93"; +#endif /* not lint */ + +#include "misc.h" + +char *RemoteHostName; +char *LocalHostName; +char *UserNameRequested = 0; +int ConnectedCount = 0; + + void +auth_encrypt_init(local, remote, name, server) + char *local; + char *remote; + char *name; + int server; +{ + RemoteHostName = remote; + LocalHostName = local; +#if defined(AUTHENTICATION) + auth_init(name, server); +#endif +#ifdef ENCRYPTION + encrypt_init(name, server); +#endif /* ENCRYPTION */ + if (UserNameRequested) { + free(UserNameRequested); + UserNameRequested = 0; + } +} + + void +auth_encrypt_user(name) + char *name; +{ + extern char *strdup(); + + if (UserNameRequested) + free(UserNameRequested); + UserNameRequested = name ? strdup(name) : 0; +} + + void +auth_encrypt_connect(cnt) + int cnt; +{ +} + + void +printd(data, cnt) + unsigned char *data; + int cnt; +{ + if (cnt > 16) + cnt = 16; + while (cnt-- > 0) { + printf(" %02x", *data); + ++data; + } +} diff --git a/secure/lib/libtelnet/misc.h b/secure/lib/libtelnet/misc.h new file mode 100644 index 0000000..41ffa7f --- /dev/null +++ b/secure/lib/libtelnet/misc.h @@ -0,0 +1,42 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)misc.h 8.1 (Berkeley) 6/4/93 + */ + +extern char *UserNameRequested; +extern char *LocalHostName; +extern char *RemoteHostName; +extern int ConnectedCount; +extern int ReservedPort; + +#include "misc-proto.h" diff --git a/secure/lib/libtelnet/read_password.c b/secure/lib/libtelnet/read_password.c new file mode 100644 index 0000000..4676ed3 --- /dev/null +++ b/secure/lib/libtelnet/read_password.c @@ -0,0 +1,145 @@ +/*- + * Copyright (c) 1992, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)read_password.c 8.3 (Berkeley) 5/30/95"; +#endif /* not lint */ + +/* + * $Source: /mit/kerberos/src/lib/des/RCS/read_password.c,v $ + * $Author: jon $ + * + * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * This routine prints the supplied string to standard + * output as a prompt, and reads a password string without + * echoing. + */ + +#if defined(RSA_ENCPWD) || defined(KRB4_ENCPWD) + +#include <stdio.h> +#include <strings.h> +#include <sys/ioctl.h> +#include <signal.h> +#include <setjmp.h> + +static jmp_buf env; + +/*** Routines ****************************************************** */ +/* + * This version just returns the string, doesn't map to key. + * + * Returns 0 on success, non-zero on failure. + */ + +int +local_des_read_pw_string(s,max,prompt,verify) + char *s; + int max; + char *prompt; + int verify; +{ + int ok = 0; + char *ptr; + + jmp_buf old_env; + struct sgttyb tty_state; + char key_string[BUFSIZ]; + + if (max > BUFSIZ) { + return -1; + } + + /* XXX assume jmp_buf is typedef'ed to an array */ + memmove((char *)env, (char *)old_env, sizeof(env)); + if (setjmp(env)) + goto lose; + + /* save terminal state*/ + if (ioctl(0,TIOCGETP,(char *)&tty_state) == -1) + return -1; +/* + push_signals(); +*/ + /* Turn off echo */ + tty_state.sg_flags &= ~ECHO; + if (ioctl(0,TIOCSETP,(char *)&tty_state) == -1) + return -1; + while (!ok) { + (void) printf(prompt); + (void) fflush(stdout); + while (!fgets(s, max, stdin)); + + if ((ptr = strchr(s, '\n'))) + *ptr = '\0'; + if (verify) { + printf("\nVerifying, please re-enter %s",prompt); + (void) fflush(stdout); + if (!fgets(key_string, sizeof(key_string), stdin)) { + clearerr(stdin); + continue; + } + if ((ptr = strchr(key_string, '\n'))) + *ptr = '\0'; + if (strcmp(s,key_string)) { + printf("\n\07\07Mismatch - try again\n"); + (void) fflush(stdout); + continue; + } + } + ok = 1; + } + +lose: + if (!ok) + memset(s, 0, max); + printf("\n"); + /* turn echo back on */ + tty_state.sg_flags |= ECHO; + if (ioctl(0,TIOCSETP,(char *)&tty_state)) + ok = 0; +/* + pop_signals(); +*/ + memmove((char *)old_env, (char *)env, sizeof(env)); + if (verify) + memset(key_string, 0, sizeof (key_string)); + s[max-1] = 0; /* force termination */ + return !ok; /* return nonzero if not okay */ +} +#endif /* defined(RSA_ENCPWD) || defined(KRB4_ENCPWD) */ diff --git a/secure/lib/libtelnet/rsaencpwd.c b/secure/lib/libtelnet/rsaencpwd.c new file mode 100644 index 0000000..3492132 --- /dev/null +++ b/secure/lib/libtelnet/rsaencpwd.c @@ -0,0 +1,492 @@ +/*- + * Copyright (c) 1992, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)rsaencpwd.c 8.3 (Berkeley) 5/30/95"; +#endif /* not lint */ + + +#ifdef RSA_ENCPWD +/* + * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION + * ALL RIGHTS RESERVED + * + * "Digital Equipment Corporation authorizes the reproduction, + * distribution and modification of this software subject to the following + * restrictions: + * + * 1. Any partial or whole copy of this software, or any modification + * thereof, must include this copyright notice in its entirety. + * + * 2. This software is supplied "as is" with no warranty of any kind, + * expressed or implied, for any purpose, including any warranty of fitness + * or merchantibility. DIGITAL assumes no responsibility for the use or + * reliability of this software, nor promises to provide any form of + * support for it on any basis. + * + * 3. Distribution of this software is authorized only if no profit or + * remuneration of any kind is received in exchange for such distribution. + * + * 4. This software produces public key authentication certificates + * bearing an expiration date established by DIGITAL and RSA Data + * Security, Inc. It may cease to generate certificates after the expiration + * date. Any modification of this software that changes or defeats + * the expiration date or its effect is unauthorized. + * + * 5. Software that will renew or extend the expiration date of + * authentication certificates produced by this software may be obtained + * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA + * 94065, (415)595-8782, or from DIGITAL" + * + */ + +#include <sys/types.h> +#include <arpa/telnet.h> +#include <pwd.h> +#include <stdio.h> + +#ifdef __STDC__ +#include <stdlib.h> +#endif +#ifdef NO_STRING_H +#include <strings.h> +#else +#include <string.h> +#endif + +#include "encrypt.h" +#include "auth.h" +#include "misc.h" +#include "cdc.h" + +extern auth_debug_mode; + +static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, + AUTHTYPE_RSA_ENCPWD, }; +static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION, + TELQUAL_NAME, }; + +#define RSA_ENCPWD_AUTH 0 /* Authentication data follows */ +#define RSA_ENCPWD_REJECT 1 /* Rejected (reason might follow) */ +#define RSA_ENCPWD_ACCEPT 2 /* Accepted */ +#define RSA_ENCPWD_CHALLENGEKEY 3 /* Challenge and public key */ + +#define NAME_SZ 40 +#define CHAL_SZ 20 +#define PWD_SZ 40 + +static KTEXT_ST auth; +static char name[NAME_SZ]; +static char user_passwd[PWD_SZ]; +static char key_file[2*NAME_SZ]; +static char lhostname[NAME_SZ]; +static char challenge[CHAL_SZ]; +static int challenge_len; + + static int +Data(ap, type, d, c) + Authenticator *ap; + int type; + void *d; + int c; +{ + unsigned char *p = str_data + 4; + unsigned char *cd = (unsigned char *)d; + + if (c == -1) + c = strlen((char *)cd); + + if (0) { + printf("%s:%d: [%d] (%d)", + str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", + str_data[3], + type, c); + printd(d, c); + printf("\r\n"); + } + *p++ = ap->type; + *p++ = ap->way; + if (type != NULL) *p++ = type; + while (c-- > 0) { + if ((*p++ = *cd++) == IAC) + *p++ = IAC; + } + *p++ = IAC; + *p++ = SE; + if (str_data[3] == TELQUAL_IS) + printsub('>', &str_data[2], p - (&str_data[2])); + return(net_write(str_data, p - str_data)); +} + + int +rsaencpwd_init(ap, server) + Authenticator *ap; + int server; +{ + char *cp; + FILE *fp; + + if (server) { + str_data[3] = TELQUAL_REPLY; + memset(key_file, 0, sizeof(key_file)); + gethostname(lhostname, sizeof(lhostname)); + if ((cp = strchr(lhostname, '.')) != 0) *cp = '\0'; + strcpy(key_file, "/etc/."); + strcat(key_file, lhostname); + strcat(key_file, "_privkey"); + if ((fp=fopen(key_file, "r"))==NULL) return(0); + fclose(fp); + } else { + str_data[3] = TELQUAL_IS; + } + return(1); +} + + int +rsaencpwd_send(ap) + Authenticator *ap; +{ + + printf("[ Trying RSAENCPWD ... ]\n"); + if (!UserNameRequested) { + return(0); + } + if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { + return(0); + } + if (!Data(ap, NULL, (void *)NULL, 0)) { + return(0); + } + + + return(1); +} + + void +rsaencpwd_is(ap, data, cnt) + Authenticator *ap; + unsigned char *data; + int cnt; +{ + Session_Key skey; + Block datablock; + char r_passwd[PWD_SZ], r_user[NAME_SZ]; + char *cp, key[160]; + char chalkey[160], *ptr; + FILE *fp; + int r, i, j, chalkey_len, len; + time_t now; + + cnt--; + switch (*data++) { + case RSA_ENCPWD_AUTH: + memmove((void *)auth.dat, (void *)data, auth.length = cnt); + + if ((fp=fopen(key_file, "r"))==NULL) { + Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1); + auth_finished(ap, AUTH_REJECT); + return; + } + /* + * get privkey + */ + fscanf(fp, "%x;", &len); + for (i=0;i<len;i++) { + j = getc(fp); key[i]=j; + } + fclose(fp); + + r = accept_rsa_encpwd(&auth, key, challenge, + challenge_len, r_passwd); + if (r < 0) { + Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1); + auth_finished(ap, AUTH_REJECT); + return; + } + auth_encrypt_userpwd(r_passwd); + if (rsaencpwd_passwdok(UserNameRequested, UserPassword) == 0) { + /* + * illegal username and password + */ + Data(ap, RSA_ENCPWD_REJECT, (void *)"Illegal password", -1); + auth_finished(ap, AUTH_REJECT); + return; + } + + Data(ap, RSA_ENCPWD_ACCEPT, (void *)0, 0); + auth_finished(ap, AUTH_USER); + break; + + + case IAC: + + /* + * If we are doing mutual authentication, get set up to send + * the challenge, and verify it when the response comes back. + */ + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_ONE_WAY) { + register int i; + + + time(&now); + if ((now % 2) == 0) { + sprintf(challenge, "%x", now); + challenge_len = strlen(challenge); + } else { + strcpy(challenge, "randchal"); + challenge_len = 8; + } + + if ((fp=fopen(key_file, "r"))==NULL) { + Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1); + auth_finished(ap, AUTH_REJECT); + return; + } + /* + * skip privkey + */ + fscanf(fp, "%x;", &len); + for (i=0;i<len;i++) { + j = getc(fp); + } + /* + * get pubkey + */ + fscanf(fp, "%x;", &len); + for (i=0;i<len;i++) { + j = getc(fp); key[i]=j; + } + fclose(fp); + chalkey[0] = 0x30; + ptr = (char *) &chalkey[1]; + chalkey_len = 1+NumEncodeLengthOctets(i)+i+1+NumEncodeLengthOctets(challenge_len)+challenge_len; + EncodeLength(ptr, chalkey_len); + ptr +=NumEncodeLengthOctets(chalkey_len); + *ptr++ = 0x04; /* OCTET STRING */ + *ptr++ = challenge_len; + memmove(ptr, challenge, challenge_len); + ptr += challenge_len; + *ptr++ = 0x04; /* OCTET STRING */ + EncodeLength(ptr, i); + ptr += NumEncodeLengthOctets(i); + memmove(ptr, key, i); + chalkey_len = 1+NumEncodeLengthOctets(chalkey_len)+chalkey_len; + Data(ap, RSA_ENCPWD_CHALLENGEKEY, (void *)chalkey, chalkey_len); + } + break; + + default: + Data(ap, RSA_ENCPWD_REJECT, 0, 0); + break; + } +} + + + void +rsaencpwd_reply(ap, data, cnt) + Authenticator *ap; + unsigned char *data; + int cnt; +{ + Session_Key skey; + KTEXT_ST token; + Block enckey; + int r, pubkey_len; + char randchal[CHAL_SZ], *cp; + char chalkey[160], pubkey[128], *ptr; + + if (cnt-- < 1) + return; + switch (*data++) { + case RSA_ENCPWD_REJECT: + if (cnt > 0) { + printf("[ RSA_ENCPWD refuses authentication because %.*s ]\r\n", + cnt, data); + } else + printf("[ RSA_ENCPWD refuses authentication ]\r\n"); + auth_send_retry(); + return; + case RSA_ENCPWD_ACCEPT: + printf("[ RSA_ENCPWD accepts you ]\n"); + auth_finished(ap, AUTH_USER); + return; + case RSA_ENCPWD_CHALLENGEKEY: + /* + * Verify that the response to the challenge is correct. + */ + + memmove((void *)chalkey, (void *)data, cnt); + ptr = (char *) &chalkey[0]; + ptr += DecodeHeaderLength(chalkey); + if (*ptr != 0x04) { + return; + } + *ptr++; + challenge_len = DecodeValueLength(ptr); + ptr += NumEncodeLengthOctets(challenge_len); + memmove(challenge, ptr, challenge_len); + ptr += challenge_len; + if (*ptr != 0x04) { + return; + } + *ptr++; + pubkey_len = DecodeValueLength(ptr); + ptr += NumEncodeLengthOctets(pubkey_len); + memmove(pubkey, ptr, pubkey_len); + memset(user_passwd, 0, sizeof(user_passwd)); + local_des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0); + UserPassword = user_passwd; + Challenge = challenge; + r = init_rsa_encpwd(&token, user_passwd, challenge, challenge_len, pubkey); + if (r < 0) { + token.length = 1; + } + + if (!Data(ap, RSA_ENCPWD_AUTH, (void *)token.dat, token.length)) { + return; + } + + break; + + default: + return; + } +} + + int +rsaencpwd_status(ap, name, level) + Authenticator *ap; + char *name; + int level; +{ + + if (level < AUTH_USER) + return(level); + + if (UserNameRequested && rsaencpwd_passwdok(UserNameRequested, UserPassword)) { + strcpy(name, UserNameRequested); + return(AUTH_VALID); + } else { + return(AUTH_USER); + } +} + +#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} +#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} + + void +rsaencpwd_printsub(data, cnt, buf, buflen) + unsigned char *data, *buf; + int cnt, buflen; +{ + char lbuf[32]; + register int i; + + buf[buflen-1] = '\0'; /* make sure its NULL terminated */ + buflen -= 1; + + switch(data[3]) { + case RSA_ENCPWD_REJECT: /* Rejected (reason might follow) */ + strncpy((char *)buf, " REJECT ", buflen); + goto common; + + case RSA_ENCPWD_ACCEPT: /* Accepted (name might follow) */ + strncpy((char *)buf, " ACCEPT ", buflen); + common: + BUMP(buf, buflen); + if (cnt <= 4) + break; + ADDC(buf, buflen, '"'); + for (i = 4; i < cnt; i++) + ADDC(buf, buflen, data[i]); + ADDC(buf, buflen, '"'); + ADDC(buf, buflen, '\0'); + break; + + case RSA_ENCPWD_AUTH: /* Authentication data follows */ + strncpy((char *)buf, " AUTH", buflen); + goto common2; + + case RSA_ENCPWD_CHALLENGEKEY: + strncpy((char *)buf, " CHALLENGEKEY", buflen); + goto common2; + + default: + sprintf(lbuf, " %d (unknown)", data[3]); + strncpy((char *)buf, lbuf, buflen); + common2: + BUMP(buf, buflen); + for (i = 4; i < cnt; i++) { + sprintf(lbuf, " %d", data[i]); + strncpy((char *)buf, lbuf, buflen); + BUMP(buf, buflen); + } + break; + } +} + +int rsaencpwd_passwdok(name, passwd) +char *name, *passwd; +{ + char *crypt(); + char *salt, *p; + struct passwd *pwd; + int passwdok_status = 0; + + if (pwd = getpwnam(name)) + salt = pwd->pw_passwd; + else salt = "xx"; + + p = crypt(passwd, salt); + + if (pwd && !strcmp(p, pwd->pw_passwd)) { + passwdok_status = 1; + } else passwdok_status = 0; + return(passwdok_status); +} + +#endif + +#ifdef notdef + +prkey(msg, key) + char *msg; + unsigned char *key; +{ + register int i; + printf("%s:", msg); + for (i = 0; i < 8; i++) + printf(" %3d", key[i]); + printf("\r\n"); +} +#endif diff --git a/secure/lib/libtelnet/spx.c b/secure/lib/libtelnet/spx.c new file mode 100644 index 0000000..5b625c7 --- /dev/null +++ b/secure/lib/libtelnet/spx.c @@ -0,0 +1,588 @@ +/*- + * Copyright (c) 1992, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)spx.c 8.2 (Berkeley) 5/30/95"; +#endif /* not lint */ + +#ifdef SPX +/* + * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION + * ALL RIGHTS RESERVED + * + * "Digital Equipment Corporation authorizes the reproduction, + * distribution and modification of this software subject to the following + * restrictions: + * + * 1. Any partial or whole copy of this software, or any modification + * thereof, must include this copyright notice in its entirety. + * + * 2. This software is supplied "as is" with no warranty of any kind, + * expressed or implied, for any purpose, including any warranty of fitness + * or merchantibility. DIGITAL assumes no responsibility for the use or + * reliability of this software, nor promises to provide any form of + * support for it on any basis. + * + * 3. Distribution of this software is authorized only if no profit or + * remuneration of any kind is received in exchange for such distribution. + * + * 4. This software produces public key authentication certificates + * bearing an expiration date established by DIGITAL and RSA Data + * Security, Inc. It may cease to generate certificates after the expiration + * date. Any modification of this software that changes or defeats + * the expiration date or its effect is unauthorized. + * + * 5. Software that will renew or extend the expiration date of + * authentication certificates produced by this software may be obtained + * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA + * 94065, (415)595-8782, or from DIGITAL" + * + */ + +#include <sys/types.h> +#include <arpa/telnet.h> +#include <stdio.h> +#include "gssapi_defs.h" +#ifdef __STDC__ +#include <stdlib.h> +#endif +#ifdef NO_STRING_H +#include <strings.h> +#else +#include <string.h> +#endif + +#include <pwd.h> +#include "encrypt.h" +#include "auth.h" +#include "misc.h" + +extern auth_debug_mode; + +static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, + AUTHTYPE_SPX, }; +static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION, + TELQUAL_NAME, }; + +#define SPX_AUTH 0 /* Authentication data follows */ +#define SPX_REJECT 1 /* Rejected (reason might follow) */ +#define SPX_ACCEPT 2 /* Accepted */ + +#ifdef ENCRYPTION +static Block session_key = { 0 }; +#endif /* ENCRYPTION */ +static Schedule sched; +static Block challenge = { 0 }; + + +/*******************************************************************/ + +gss_OID_set actual_mechs; +gss_OID actual_mech_type, output_name_type; +int major_status, status, msg_ctx = 0, new_status; +int req_flags = 0, ret_flags, lifetime_rec; +gss_cred_id_t gss_cred_handle; +gss_ctx_id_t actual_ctxhandle, context_handle; +gss_buffer_desc output_token, input_token, input_name_buffer; +gss_buffer_desc status_string; +gss_name_t desired_targname, src_name; +gss_channel_bindings input_chan_bindings; +char lhostname[GSS_C_MAX_PRINTABLE_NAME]; +char targ_printable[GSS_C_MAX_PRINTABLE_NAME]; +int to_addr=0, from_addr=0; +char *address; +gss_buffer_desc fullname_buffer; +gss_OID fullname_type; +gss_cred_id_t gss_delegated_cred_handle; + +/*******************************************************************/ + + + + static int +Data(ap, type, d, c) + Authenticator *ap; + int type; + void *d; + int c; +{ + unsigned char *p = str_data + 4; + unsigned char *cd = (unsigned char *)d; + + if (c == -1) + c = strlen((char *)cd); + + if (0) { + printf("%s:%d: [%d] (%d)", + str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", + str_data[3], + type, c); + printd(d, c); + printf("\r\n"); + } + *p++ = ap->type; + *p++ = ap->way; + *p++ = type; + while (c-- > 0) { + if ((*p++ = *cd++) == IAC) + *p++ = IAC; + } + *p++ = IAC; + *p++ = SE; + if (str_data[3] == TELQUAL_IS) + printsub('>', &str_data[2], p - (&str_data[2])); + return(net_write(str_data, p - str_data)); +} + + int +spx_init(ap, server) + Authenticator *ap; + int server; +{ + gss_cred_id_t tmp_cred_handle; + + if (server) { + str_data[3] = TELQUAL_REPLY; + gethostname(lhostname, sizeof(lhostname)); + strcpy(targ_printable, "SERVICE:rcmd@"); + strcat(targ_printable, lhostname); + input_name_buffer.length = strlen(targ_printable); + input_name_buffer.value = targ_printable; + major_status = gss_import_name(&status, + &input_name_buffer, + GSS_C_NULL_OID, + &desired_targname); + major_status = gss_acquire_cred(&status, + desired_targname, + 0, + GSS_C_NULL_OID_SET, + GSS_C_ACCEPT, + &tmp_cred_handle, + &actual_mechs, + &lifetime_rec); + if (major_status != GSS_S_COMPLETE) return(0); + } else { + str_data[3] = TELQUAL_IS; + } + return(1); +} + + int +spx_send(ap) + Authenticator *ap; +{ + Block enckey; + int r; + + gss_OID actual_mech_type, output_name_type; + int msg_ctx = 0, new_status, status; + int req_flags = 0, ret_flags, lifetime_rec, major_status; + gss_buffer_desc output_token, input_token, input_name_buffer; + gss_buffer_desc output_name_buffer, status_string; + gss_name_t desired_targname; + gss_channel_bindings input_chan_bindings; + char targ_printable[GSS_C_MAX_PRINTABLE_NAME]; + int from_addr=0, to_addr=0, myhostlen, j; + int deleg_flag=1, mutual_flag=0, replay_flag=0, seq_flag=0; + char *address; + + printf("[ Trying SPX ... ]\n"); + strcpy(targ_printable, "SERVICE:rcmd@"); + strcat(targ_printable, RemoteHostName); + + input_name_buffer.length = strlen(targ_printable); + input_name_buffer.value = targ_printable; + + if (!UserNameRequested) { + return(0); + } + + major_status = gss_import_name(&status, + &input_name_buffer, + GSS_C_NULL_OID, + &desired_targname); + + + major_status = gss_display_name(&status, + desired_targname, + &output_name_buffer, + &output_name_type); + + printf("target is '%s'\n", output_name_buffer.value); fflush(stdout); + + major_status = gss_release_buffer(&status, &output_name_buffer); + + input_chan_bindings = (gss_channel_bindings) + malloc(sizeof(gss_channel_bindings_desc)); + + input_chan_bindings->initiator_addrtype = GSS_C_AF_INET; + input_chan_bindings->initiator_address.length = 4; + address = (char *) malloc(4); + input_chan_bindings->initiator_address.value = (char *) address; + address[0] = ((from_addr & 0xff000000) >> 24); + address[1] = ((from_addr & 0xff0000) >> 16); + address[2] = ((from_addr & 0xff00) >> 8); + address[3] = (from_addr & 0xff); + input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET; + input_chan_bindings->acceptor_address.length = 4; + address = (char *) malloc(4); + input_chan_bindings->acceptor_address.value = (char *) address; + address[0] = ((to_addr & 0xff000000) >> 24); + address[1] = ((to_addr & 0xff0000) >> 16); + address[2] = ((to_addr & 0xff00) >> 8); + address[3] = (to_addr & 0xff); + input_chan_bindings->application_data.length = 0; + + req_flags = 0; + if (deleg_flag) req_flags = req_flags | 1; + if (mutual_flag) req_flags = req_flags | 2; + if (replay_flag) req_flags = req_flags | 4; + if (seq_flag) req_flags = req_flags | 8; + + major_status = gss_init_sec_context(&status, /* minor status */ + GSS_C_NO_CREDENTIAL, /* cred handle */ + &actual_ctxhandle, /* ctx handle */ + desired_targname, /* target name */ + GSS_C_NULL_OID, /* mech type */ + req_flags, /* req flags */ + 0, /* time req */ + input_chan_bindings, /* chan binding */ + GSS_C_NO_BUFFER, /* input token */ + &actual_mech_type, /* actual mech */ + &output_token, /* output token */ + &ret_flags, /* ret flags */ + &lifetime_rec); /* time rec */ + + if ((major_status != GSS_S_COMPLETE) && + (major_status != GSS_S_CONTINUE_NEEDED)) { + gss_display_status(&new_status, + status, + GSS_C_MECH_CODE, + GSS_C_NULL_OID, + &msg_ctx, + &status_string); + printf("%s\n", status_string.value); + return(0); + } + + if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { + return(0); + } + + if (!Data(ap, SPX_AUTH, (void *)output_token.value, output_token.length)) { + return(0); + } + + return(1); +} + + void +spx_is(ap, data, cnt) + Authenticator *ap; + unsigned char *data; + int cnt; +{ + Session_Key skey; + Block datablock; + int r; + + if (cnt-- < 1) + return; + switch (*data++) { + case SPX_AUTH: + input_token.length = cnt; + input_token.value = (char *) data; + + gethostname(lhostname, sizeof(lhostname)); + + strcpy(targ_printable, "SERVICE:rcmd@"); + strcat(targ_printable, lhostname); + + input_name_buffer.length = strlen(targ_printable); + input_name_buffer.value = targ_printable; + + major_status = gss_import_name(&status, + &input_name_buffer, + GSS_C_NULL_OID, + &desired_targname); + + major_status = gss_acquire_cred(&status, + desired_targname, + 0, + GSS_C_NULL_OID_SET, + GSS_C_ACCEPT, + &gss_cred_handle, + &actual_mechs, + &lifetime_rec); + + major_status = gss_release_name(&status, desired_targname); + + input_chan_bindings = (gss_channel_bindings) + malloc(sizeof(gss_channel_bindings_desc)); + + input_chan_bindings->initiator_addrtype = GSS_C_AF_INET; + input_chan_bindings->initiator_address.length = 4; + address = (char *) malloc(4); + input_chan_bindings->initiator_address.value = (char *) address; + address[0] = ((from_addr & 0xff000000) >> 24); + address[1] = ((from_addr & 0xff0000) >> 16); + address[2] = ((from_addr & 0xff00) >> 8); + address[3] = (from_addr & 0xff); + input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET; + input_chan_bindings->acceptor_address.length = 4; + address = (char *) malloc(4); + input_chan_bindings->acceptor_address.value = (char *) address; + address[0] = ((to_addr & 0xff000000) >> 24); + address[1] = ((to_addr & 0xff0000) >> 16); + address[2] = ((to_addr & 0xff00) >> 8); + address[3] = (to_addr & 0xff); + input_chan_bindings->application_data.length = 0; + + major_status = gss_accept_sec_context(&status, + &context_handle, + gss_cred_handle, + &input_token, + input_chan_bindings, + &src_name, + &actual_mech_type, + &output_token, + &ret_flags, + &lifetime_rec, + &gss_delegated_cred_handle); + + + if (major_status != GSS_S_COMPLETE) { + + major_status = gss_display_name(&status, + src_name, + &fullname_buffer, + &fullname_type); + Data(ap, SPX_REJECT, (void *)"auth failed", -1); + auth_finished(ap, AUTH_REJECT); + return; + } + + major_status = gss_display_name(&status, + src_name, + &fullname_buffer, + &fullname_type); + + + Data(ap, SPX_ACCEPT, (void *)output_token.value, output_token.length); + auth_finished(ap, AUTH_USER); + break; + + default: + Data(ap, SPX_REJECT, 0, 0); + break; + } +} + + + void +spx_reply(ap, data, cnt) + Authenticator *ap; + unsigned char *data; + int cnt; +{ + Session_Key skey; + + if (cnt-- < 1) + return; + switch (*data++) { + case SPX_REJECT: + if (cnt > 0) { + printf("[ SPX refuses authentication because %.*s ]\r\n", + cnt, data); + } else + printf("[ SPX refuses authentication ]\r\n"); + auth_send_retry(); + return; + case SPX_ACCEPT: + printf("[ SPX accepts you ]\n"); + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { + /* + * Send over the encrypted challenge. + */ + input_token.value = (char *) data; + input_token.length = cnt; + + major_status = gss_init_sec_context(&status, /* minor stat */ + GSS_C_NO_CREDENTIAL, /* cred handle */ + &actual_ctxhandle, /* ctx handle */ + desired_targname, /* target name */ + GSS_C_NULL_OID, /* mech type */ + req_flags, /* req flags */ + 0, /* time req */ + input_chan_bindings, /* chan binding */ + &input_token, /* input token */ + &actual_mech_type, /* actual mech */ + &output_token, /* output token */ + &ret_flags, /* ret flags */ + &lifetime_rec); /* time rec */ + + if (major_status != GSS_S_COMPLETE) { + gss_display_status(&new_status, + status, + GSS_C_MECH_CODE, + GSS_C_NULL_OID, + &msg_ctx, + &status_string); + printf("[ SPX mutual response fails ... '%s' ]\r\n", + status_string.value); + auth_send_retry(); + return; + } + } + auth_finished(ap, AUTH_USER); + return; + + default: + return; + } +} + + int +spx_status(ap, name, level) + Authenticator *ap; + char *name; + int level; +{ + + gss_buffer_desc fullname_buffer, acl_file_buffer; + gss_OID fullname_type; + char acl_file[160], fullname[160]; + int major_status, status = 0; + struct passwd *pwd; + + /* + * hard code fullname to + * "SPX:/C=US/O=Digital/OU=LKG/OU=Sphinx/OU=Users/CN=Kannan Alagappan" + * and acl_file to "~kannan/.sphinx" + */ + + pwd = getpwnam(UserNameRequested); + if (pwd == NULL) { + return(AUTH_USER); /* not authenticated */ + } + + strcpy(acl_file, pwd->pw_dir); + strcat(acl_file, "/.sphinx"); + acl_file_buffer.value = acl_file; + acl_file_buffer.length = strlen(acl_file); + + major_status = gss_display_name(&status, + src_name, + &fullname_buffer, + &fullname_type); + + if (level < AUTH_USER) + return(level); + + major_status = gss__check_acl(&status, &fullname_buffer, + &acl_file_buffer); + + if (major_status == GSS_S_COMPLETE) { + strcpy(name, UserNameRequested); + return(AUTH_VALID); + } else { + return(AUTH_USER); + } + +} + +#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} +#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} + + void +spx_printsub(data, cnt, buf, buflen) + unsigned char *data, *buf; + int cnt, buflen; +{ + char lbuf[32]; + register int i; + + buf[buflen-1] = '\0'; /* make sure its NULL terminated */ + buflen -= 1; + + switch(data[3]) { + case SPX_REJECT: /* Rejected (reason might follow) */ + strncpy((char *)buf, " REJECT ", buflen); + goto common; + + case SPX_ACCEPT: /* Accepted (name might follow) */ + strncpy((char *)buf, " ACCEPT ", buflen); + common: + BUMP(buf, buflen); + if (cnt <= 4) + break; + ADDC(buf, buflen, '"'); + for (i = 4; i < cnt; i++) + ADDC(buf, buflen, data[i]); + ADDC(buf, buflen, '"'); + ADDC(buf, buflen, '\0'); + break; + + case SPX_AUTH: /* Authentication data follows */ + strncpy((char *)buf, " AUTH", buflen); + goto common2; + + default: + sprintf(lbuf, " %d (unknown)", data[3]); + strncpy((char *)buf, lbuf, buflen); + common2: + BUMP(buf, buflen); + for (i = 4; i < cnt; i++) { + sprintf(lbuf, " %d", data[i]); + strncpy((char *)buf, lbuf, buflen); + BUMP(buf, buflen); + } + break; + } +} + +#endif + +#ifdef notdef + +prkey(msg, key) + char *msg; + unsigned char *key; +{ + register int i; + printf("%s:", msg); + for (i = 0; i < 8; i++) + printf(" %3d", key[i]); + printf("\r\n"); +} +#endif diff --git a/secure/libexec/Makefile.inc b/secure/libexec/Makefile.inc new file mode 100644 index 0000000..26d868c --- /dev/null +++ b/secure/libexec/Makefile.inc @@ -0,0 +1,6 @@ +# @(#)Makefile.inc 8.1 (Berkeley) 6/4/93 +# $Id: Makefile.inc,v 1.2 1995/07/29 12:49:22 markm Exp $ + +BINDIR?= /usr/libexec + +.include "${.CURDIR}/../../Makefile.inc" diff --git a/secure/libexec/telnetd/Makefile b/secure/libexec/telnetd/Makefile new file mode 100644 index 0000000..c0c82ee --- /dev/null +++ b/secure/libexec/telnetd/Makefile @@ -0,0 +1,28 @@ +# @(#)Makefile 8.2 (Berkeley) 12/15/93 +# $Id$ + +# Do not define -DKLUDGELINEMODE, as it does not interact well with many +# telnet implementations. + +PROG= telnetd +MAN8= telnetd.8 + +SRCS= authenc.c global.c slc.c state.c sys_term.c telnetd.c \ + termstat.c utility.c + +DPADD= ${TELNETOBJDIR}/libtelnet.a ${LIBUTIL} ${LIBTERMCAP} +LDADD= -L${TELNETOBJDIR} -lutil -ltermcap -ltelnet + +CFLAGS+= -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON -DENV_HACK +CFLAGS+= -DENCRYPTION -I${.CURDIR}/../../lib + +.if exists(${DESTDIR}/usr/lib/libkrb.a) && (defined(MAKE_EBONES)) +CFLAGS+=-DAUTHENTICATION +LDADD+= -ldes -lkrb +DPADD+= ${LIBDES} ${LIBKRB} +.endif + +# Used only in krb4encpwd.c and rsaencpwd.c (libtelnet), not yet active +#LDADD+= -ldescrypt + +.include <bsd.prog.mk> diff --git a/secure/libexec/telnetd/authenc.c b/secure/libexec/telnetd/authenc.c new file mode 100644 index 0000000..ccb463c --- /dev/null +++ b/secure/libexec/telnetd/authenc.c @@ -0,0 +1,91 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)authenc.c 8.2 (Berkeley) 5/30/95"; +#endif /* not lint */ + +#if defined(AUTHENTICATION) || defined(ENCRYPTION) +#include "telnetd.h" +#include <libtelnet/misc.h> + + int +net_write(str, len) + unsigned char *str; + int len; +{ + if (nfrontp + len < netobuf + BUFSIZ) { + memmove((void *)nfrontp, (void *)str, len); + nfrontp += len; + return(len); + } + return(0); +} + + void +net_encrypt() +{ +#ifdef ENCRYPTION + char *s = (nclearto > nbackp) ? nclearto : nbackp; + if (s < nfrontp && encrypt_output) { + (*encrypt_output)((unsigned char *)s, nfrontp - s); + } + nclearto = nfrontp; +#endif /* ENCRYPTION */ +} + + int +telnet_spin() +{ + ttloop(); + return(0); +} + + char * +telnet_getenv(val) + char *val; +{ + extern char *getenv(); + return(getenv(val)); +} + + char * +telnet_gets(prompt, result, length, echo) + char *prompt; + char *result; + int length; + int echo; +{ + return((char *)0); +} +#endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */ diff --git a/secure/libexec/telnetd/defs.h b/secure/libexec/telnetd/defs.h new file mode 100644 index 0000000..a73d4a6 --- /dev/null +++ b/secure/libexec/telnetd/defs.h @@ -0,0 +1,296 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)defs.h 8.1 (Berkeley) 6/4/93 + */ + +/* + * Telnet server defines + */ +#include <sys/types.h> +#include <sys/param.h> + +#ifndef BSD +# define BSD 43 +#endif + +#if defined(CRAY) && !defined(LINEMODE) +# define SYSV_TERMIO +# define LINEMODE +# define KLUDGELINEMODE +# define DIAGNOSTICS +# if defined(UNICOS50) && !defined(UNICOS5) +# define UNICOS5 +# endif +# if !defined(UNICOS5) +# define BFTPDAEMON +# define HAS_IP_TOS +# endif +#endif /* CRAY */ +#if defined(UNICOS5) && !defined(NO_SETSID) +# define NO_SETSID +#endif + +#if defined(PRINTOPTIONS) && defined(DIAGNOSTICS) +#define TELOPTS +#define TELCMDS +#define SLC_NAMES +#endif + +#if defined(SYSV_TERMIO) && !defined(USE_TERMIO) +# define USE_TERMIO +#endif + +#include <sys/socket.h> +#ifndef CRAY +#include <sys/wait.h> +#endif /* CRAY */ +#include <fcntl.h> +#include <sys/file.h> +#include <sys/stat.h> +#include <sys/time.h> +#ifndef FILIO_H +#include <sys/ioctl.h> +#else +#include <sys/filio.h> +#endif + +#include <netinet/in.h> + +#include <arpa/telnet.h> + +#include <stdio.h> +#ifdef __STDC__ +#include <stdlib.h> +#endif +#include <signal.h> +#include <errno.h> +#include <netdb.h> +#include <syslog.h> +#ifndef LOG_DAEMON +#define LOG_DAEMON 0 +#endif +#ifndef LOG_ODELAY +#define LOG_ODELAY 0 +#endif +#include <ctype.h> +#ifndef NO_STRING_H +#include <string.h> +#else +#include <strings.h> +#endif + +#ifndef USE_TERMIO +#include <sgtty.h> +#else +# ifdef SYSV_TERMIO +# include <termio.h> +# else +# include <termios.h> +# endif +#endif +#if !defined(USE_TERMIO) || defined(NO_CC_T) +typedef unsigned char cc_t; +#endif + +#ifdef __STDC__ +#include <unistd.h> +#endif + +#ifndef _POSIX_VDISABLE +# ifdef VDISABLE +# define _POSIX_VDISABLE VDISABLE +# else +# define _POSIX_VDISABLE ((unsigned char)'\377') +# endif +#endif + + +#ifdef CRAY +# ifdef CRAY1 +# include <sys/pty.h> +# ifndef FD_ZERO +# include <sys/select.h> +# endif /* FD_ZERO */ +# endif /* CRAY1 */ + +#include <memory.h> +#endif /* CRAY */ + +#ifdef __hpux +#include <sys/ptyio.h> +#endif + +#if !defined(TIOCSCTTY) && defined(TCSETCTTY) +# define TIOCSCTTY TCSETCTTY +#endif + +#ifndef FD_SET +#ifndef HAVE_fd_set +typedef struct fd_set { int fds_bits[1]; } fd_set; +#endif + +#define FD_SET(n, p) ((p)->fds_bits[0] |= (1<<(n))) +#define FD_CLR(n, p) ((p)->fds_bits[0] &= ~(1<<(n))) +#define FD_ISSET(n, p) ((p)->fds_bits[0] & (1<<(n))) +#define FD_ZERO(p) ((p)->fds_bits[0] = 0) +#endif /* FD_SET */ + +/* + * I/O data buffers defines + */ +#define NETSLOP 64 +#ifdef CRAY +#undef BUFSIZ +#define BUFSIZ 2048 +#endif + +#define NIACCUM(c) { *netip++ = c; \ + ncc++; \ + } + +/* clock manipulations */ +#define settimer(x) (clocks.x = ++clocks.system) +#define sequenceIs(x,y) (clocks.x < clocks.y) + +/* + * Linemode support states, in decreasing order of importance + */ +#define REAL_LINEMODE 0x04 +#define KLUDGE_OK 0x03 +#define NO_AUTOKLUDGE 0x02 +#define KLUDGE_LINEMODE 0x01 +#define NO_LINEMODE 0x00 + +/* + * Structures of information for each special character function. + */ +typedef struct { + unsigned char flag; /* the flags for this function */ + cc_t val; /* the value of the special character */ +} slcent, *Slcent; + +typedef struct { + slcent defset; /* the default settings */ + slcent current; /* the current settings */ + cc_t *sptr; /* a pointer to the char in */ + /* system data structures */ +} slcfun, *Slcfun; + +#ifdef DIAGNOSTICS +/* + * Diagnostics capabilities + */ +#define TD_REPORT 0x01 /* Report operations to client */ +#define TD_EXERCISE 0x02 /* Exercise client's implementation */ +#define TD_NETDATA 0x04 /* Display received data stream */ +#define TD_PTYDATA 0x08 /* Display data passed to pty */ +#define TD_OPTIONS 0x10 /* Report just telnet options */ +#endif /* DIAGNOSTICS */ + +/* + * We keep track of each side of the option negotiation. + */ + +#define MY_STATE_WILL 0x01 +#define MY_WANT_STATE_WILL 0x02 +#define MY_STATE_DO 0x04 +#define MY_WANT_STATE_DO 0x08 + +/* + * Macros to check the current state of things + */ + +#define my_state_is_do(opt) (options[opt]&MY_STATE_DO) +#define my_state_is_will(opt) (options[opt]&MY_STATE_WILL) +#define my_want_state_is_do(opt) (options[opt]&MY_WANT_STATE_DO) +#define my_want_state_is_will(opt) (options[opt]&MY_WANT_STATE_WILL) + +#define my_state_is_dont(opt) (!my_state_is_do(opt)) +#define my_state_is_wont(opt) (!my_state_is_will(opt)) +#define my_want_state_is_dont(opt) (!my_want_state_is_do(opt)) +#define my_want_state_is_wont(opt) (!my_want_state_is_will(opt)) + +#define set_my_state_do(opt) (options[opt] |= MY_STATE_DO) +#define set_my_state_will(opt) (options[opt] |= MY_STATE_WILL) +#define set_my_want_state_do(opt) (options[opt] |= MY_WANT_STATE_DO) +#define set_my_want_state_will(opt) (options[opt] |= MY_WANT_STATE_WILL) + +#define set_my_state_dont(opt) (options[opt] &= ~MY_STATE_DO) +#define set_my_state_wont(opt) (options[opt] &= ~MY_STATE_WILL) +#define set_my_want_state_dont(opt) (options[opt] &= ~MY_WANT_STATE_DO) +#define set_my_want_state_wont(opt) (options[opt] &= ~MY_WANT_STATE_WILL) + +/* + * Tricky code here. What we want to know is if the MY_STATE_WILL + * and MY_WANT_STATE_WILL bits have the same value. Since the two + * bits are adjacent, a little arithmatic will show that by adding + * in the lower bit, the upper bit will be set if the two bits were + * different, and clear if they were the same. + */ +#define my_will_wont_is_changing(opt) \ + ((options[opt]+MY_STATE_WILL) & MY_WANT_STATE_WILL) + +#define my_do_dont_is_changing(opt) \ + ((options[opt]+MY_STATE_DO) & MY_WANT_STATE_DO) + +/* + * Make everything symetrical + */ + +#define HIS_STATE_WILL MY_STATE_DO +#define HIS_WANT_STATE_WILL MY_WANT_STATE_DO +#define HIS_STATE_DO MY_STATE_WILL +#define HIS_WANT_STATE_DO MY_WANT_STATE_WILL + +#define his_state_is_do my_state_is_will +#define his_state_is_will my_state_is_do +#define his_want_state_is_do my_want_state_is_will +#define his_want_state_is_will my_want_state_is_do + +#define his_state_is_dont my_state_is_wont +#define his_state_is_wont my_state_is_dont +#define his_want_state_is_dont my_want_state_is_wont +#define his_want_state_is_wont my_want_state_is_dont + +#define set_his_state_do set_my_state_will +#define set_his_state_will set_my_state_do +#define set_his_want_state_do set_my_want_state_will +#define set_his_want_state_will set_my_want_state_do + +#define set_his_state_dont set_my_state_wont +#define set_his_state_wont set_my_state_dont +#define set_his_want_state_dont set_my_want_state_wont +#define set_his_want_state_wont set_my_want_state_dont + +#define his_will_wont_is_changing my_do_dont_is_changing +#define his_do_dont_is_changing my_will_wont_is_changing diff --git a/secure/libexec/telnetd/ext.h b/secure/libexec/telnetd/ext.h new file mode 100644 index 0000000..db3f1c3 --- /dev/null +++ b/secure/libexec/telnetd/ext.h @@ -0,0 +1,242 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)ext.h 8.2 (Berkeley) 12/15/93 + */ + +/* + * Telnet server variable declarations + */ +extern char options[256]; +extern char do_dont_resp[256]; +extern char will_wont_resp[256]; +extern int linemode; /* linemode on/off */ +#ifdef LINEMODE +extern int uselinemode; /* what linemode to use (on/off) */ +extern int editmode; /* edit modes in use */ +extern int useeditmode; /* edit modes to use */ +extern int alwayslinemode; /* command line option */ +extern int lmodetype; /* Client support for linemode */ +#endif /* LINEMODE */ +extern int flowmode; /* current flow control state */ +extern int restartany; /* restart output on any character state */ +#ifdef DIAGNOSTICS +extern int diagnostic; /* telnet diagnostic capabilities */ +#endif /* DIAGNOSTICS */ +#ifdef BFTPDAEMON +extern int bftpd; /* behave as bftp daemon */ +#endif /* BFTPDAEMON */ +#if defined(SecurID) +extern int require_SecurID; +#endif +#if defined(AUTHENTICATION) +extern int auth_level; +#endif + +extern slcfun slctab[NSLC + 1]; /* slc mapping table */ + +char *terminaltype; + +/* + * I/O data buffers, pointers, and counters. + */ +extern char ptyobuf[BUFSIZ+NETSLOP], *pfrontp, *pbackp; + +extern char netibuf[BUFSIZ], *netip; + +extern char netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp; +extern char *neturg; /* one past last bye of urgent data */ + +extern int pcc, ncc; + +#if defined(CRAY2) && defined(UNICOS5) +extern int unpcc; /* characters left unprocessed by CRAY-2 terminal routine */ +extern char *unptyip; /* pointer to remaining characters in buffer */ +#endif + +extern int pty, net; +extern char *line; +extern int SYNCHing; /* we are in TELNET SYNCH mode */ + +#ifndef P +# ifdef __STDC__ +# define P(x) x +# else +# define P(x) () +# endif +#endif + +extern void + _termstat P((void)), + add_slc P((int, int, int)), + check_slc P((void)), + change_slc P((int, int, int)), + cleanup P((int)), + clientstat P((int, int, int)), + copy_termbuf P((char *, int)), + deferslc P((void)), + defer_terminit P((void)), + do_opt_slc P((unsigned char *, int)), + doeof P((void)), + dooption P((int)), + dontoption P((int)), + edithost P((char *, char *)), + fatal P((int, char *)), + fatalperror P((int, char *)), + get_slc_defaults P((void)), + init_env P((void)), + init_termbuf P((void)), + interrupt P((void)), + localstat P((void)), + flowstat P((void)), + netclear P((void)), + netflush P((void)), +#ifdef DIAGNOSTICS + printoption P((char *, int)), + printdata P((char *, char *, int)), + printsub P((int, unsigned char *, int)), +#endif + ptyflush P((void)), + putchr P((int)), + putf P((char *, char *)), + recv_ayt P((void)), + send_do P((int, int)), + send_dont P((int, int)), + send_slc P((void)), + send_status P((void)), + send_will P((int, int)), + send_wont P((int, int)), + sendbrk P((void)), + sendsusp P((void)), + set_termbuf P((void)), + start_login P((char *, int, char *)), + start_slc P((int)), +#if defined(AUTHENTICATION) + start_slave P((char *)), +#else + start_slave P((char *, int, char *)), +#endif + suboption P((void)), + telrcv P((void)), + ttloop P((void)), + tty_binaryin P((int)), + tty_binaryout P((int)); + +extern int + end_slc P((unsigned char **)), + getnpty P((void)), +#ifndef convex + getpty P((int *)), +#endif + login_tty P((int)), + spcset P((int, cc_t *, cc_t **)), + stilloob P((int)), + terminit P((void)), + termstat P((void)), + tty_flowmode P((void)), + tty_restartany P((void)), + tty_isbinaryin P((void)), + tty_isbinaryout P((void)), + tty_iscrnl P((void)), + tty_isecho P((void)), + tty_isediting P((void)), + tty_islitecho P((void)), + tty_isnewmap P((void)), + tty_israw P((void)), + tty_issofttab P((void)), + tty_istrapsig P((void)), + tty_linemode P((void)); + +extern void + tty_rspeed P((int)), + tty_setecho P((int)), + tty_setedit P((int)), + tty_setlinemode P((int)), + tty_setlitecho P((int)), + tty_setsig P((int)), + tty_setsofttab P((int)), + tty_tspeed P((int)), + willoption P((int)), + wontoption P((int)), + writenet P((unsigned char *, int)); + +#ifdef ENCRYPTION +extern void (*encrypt_output) P((unsigned char *, int)); +extern int (*decrypt_input) P((int)); +extern char *nclearto; +#endif /* ENCRYPTION */ + + +/* + * The following are some clocks used to decide how to interpret + * the relationship between various variables. + */ + +extern struct { + int + system, /* what the current time is */ + echotoggle, /* last time user entered echo character */ + modenegotiated, /* last time operating mode negotiated */ + didnetreceive, /* last time we read data from network */ + ttypesubopt, /* ttype subopt is received */ + tspeedsubopt, /* tspeed subopt is received */ + environsubopt, /* environ subopt is received */ + oenvironsubopt, /* old environ subopt is received */ + xdisplocsubopt, /* xdisploc subopt is received */ + baseline, /* time started to do timed action */ + gotDM; /* when did we last see a data mark */ +} clocks; + + +#if defined(CRAY2) && defined(UNICOS5) +extern int needtermstat; +#endif + +#ifndef DEFAULT_IM +# ifdef CRAY +# define DEFAULT_IM "\r\n\r\nCray UNICOS (%h) (%t)\r\n\r\r\n\r" +# else +# ifdef sun +# define DEFAULT_IM "\r\n\r\nSunOS UNIX (%h) (%t)\r\n\r\r\n\r" +# else +# ifdef ultrix +# define DEFAULT_IM "\r\n\r\nULTRIX (%h) (%t)\r\n\r\r\n\r" +# else +# ifdef __FreeBSD__ +# define DEFAULT_IM "\r\n\r\nFreeBSD (%h) (%t)\r\n\r\r\n\r" +# else +# define DEFAULT_IM "\r\n\r\n4.4 BSD UNIX (%h) (%t)\r\n\r\r\n\r" +# endif +# endif +# endif +# endif +#endif diff --git a/secure/libexec/telnetd/global.c b/secure/libexec/telnetd/global.c new file mode 100644 index 0000000..af21acc --- /dev/null +++ b/secure/libexec/telnetd/global.c @@ -0,0 +1,48 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)global.c 8.1 (Berkeley) 6/4/93"; +#endif /* not lint */ + +/* + * Allocate global variables. We do this + * by including the header file that defines + * them all as externs, but first we define + * the keyword "extern" to be nothing, so that + * we will actually allocate the space. + */ + +#include "defs.h" +#define extern +#include "ext.h" diff --git a/secure/libexec/telnetd/pathnames.h b/secure/libexec/telnetd/pathnames.h new file mode 100644 index 0000000..4e14a88 --- /dev/null +++ b/secure/libexec/telnetd/pathnames.h @@ -0,0 +1,55 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)pathnames.h 8.1 (Berkeley) 6/4/93 + */ + +#if BSD > 43 + +# include <paths.h> + +# ifndef _PATH_LOGIN +# define _PATH_LOGIN "/usr/bin/login" +# endif + +#else + +# define _PATH_TTY "/dev/tty" +# ifndef _PATH_LOGIN +# define _PATH_LOGIN "/bin/login" +# endif + +#endif + +#ifdef BFTPDAEMON +#define BFTPPATH "/usr/ucb/bftp" +#endif /* BFTPDAEMON */ diff --git a/secure/libexec/telnetd/slc.c b/secure/libexec/telnetd/slc.c new file mode 100644 index 0000000..6cbb7ab --- /dev/null +++ b/secure/libexec/telnetd/slc.c @@ -0,0 +1,491 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)slc.c 8.2 (Berkeley) 5/30/95"; +#endif /* not lint */ + +#include "telnetd.h" + +#ifdef LINEMODE +/* + * local varibles + */ +static unsigned char *def_slcbuf = (unsigned char *)0; +static int def_slclen = 0; +static int slcchange; /* change to slc is requested */ +static unsigned char *slcptr; /* pointer into slc buffer */ +static unsigned char slcbuf[NSLC*6]; /* buffer for slc negotiation */ + +/* + * send_slc + * + * Write out the current special characters to the client. + */ + void +send_slc() +{ + register int i; + + /* + * Send out list of triplets of special characters + * to client. We only send info on the characters + * that are currently supported. + */ + for (i = 1; i <= NSLC; i++) { + if ((slctab[i].defset.flag & SLC_LEVELBITS) == SLC_NOSUPPORT) + continue; + add_slc((unsigned char)i, slctab[i].current.flag, + slctab[i].current.val); + } + +} /* end of send_slc */ + +/* + * default_slc + * + * Set pty special characters to all the defaults. + */ + void +default_slc() +{ + register int i; + + for (i = 1; i <= NSLC; i++) { + slctab[i].current.val = slctab[i].defset.val; + if (slctab[i].current.val == (cc_t)(_POSIX_VDISABLE)) + slctab[i].current.flag = SLC_NOSUPPORT; + else + slctab[i].current.flag = slctab[i].defset.flag; + if (slctab[i].sptr) { + *(slctab[i].sptr) = slctab[i].defset.val; + } + } + slcchange = 1; + +} /* end of default_slc */ +#endif /* LINEMODE */ + +/* + * get_slc_defaults + * + * Initialize the slc mapping table. + */ + void +get_slc_defaults() +{ + register int i; + + init_termbuf(); + + for (i = 1; i <= NSLC; i++) { + slctab[i].defset.flag = + spcset(i, &slctab[i].defset.val, &slctab[i].sptr); + slctab[i].current.flag = SLC_NOSUPPORT; + slctab[i].current.val = 0; + } + +} /* end of get_slc_defaults */ + +#ifdef LINEMODE +/* + * add_slc + * + * Add an slc triplet to the slc buffer. + */ + void +add_slc(func, flag, val) + register char func, flag; + register cc_t val; +{ + + if ((*slcptr++ = (unsigned char)func) == 0xff) + *slcptr++ = 0xff; + + if ((*slcptr++ = (unsigned char)flag) == 0xff) + *slcptr++ = 0xff; + + if ((*slcptr++ = (unsigned char)val) == 0xff) + *slcptr++ = 0xff; + +} /* end of add_slc */ + +/* + * start_slc + * + * Get ready to process incoming slc's and respond to them. + * + * The parameter getit is non-zero if it is necessary to grab a copy + * of the terminal control structures. + */ + void +start_slc(getit) + register int getit; +{ + + slcchange = 0; + if (getit) + init_termbuf(); + (void) sprintf((char *)slcbuf, "%c%c%c%c", + IAC, SB, TELOPT_LINEMODE, LM_SLC); + slcptr = slcbuf + 4; + +} /* end of start_slc */ + +/* + * end_slc + * + * Finish up the slc negotiation. If something to send, then send it. + */ + int +end_slc(bufp) + register unsigned char **bufp; +{ + register int len; + void netflush(); + + /* + * If a change has occured, store the new terminal control + * structures back to the terminal driver. + */ + if (slcchange) { + set_termbuf(); + } + + /* + * If the pty state has not yet been fully processed and there is a + * deferred slc request from the client, then do not send any + * sort of slc negotiation now. We will respond to the client's + * request very soon. + */ + if (def_slcbuf && (terminit() == 0)) { + return(0); + } + + if (slcptr > (slcbuf + 4)) { + if (bufp) { + *bufp = &slcbuf[4]; + return(slcptr - slcbuf - 4); + } else { + (void) sprintf((char *)slcptr, "%c%c", IAC, SE); + slcptr += 2; + len = slcptr - slcbuf; + writenet(slcbuf, len); + netflush(); /* force it out immediately */ + DIAG(TD_OPTIONS, printsub('>', slcbuf+2, len-2);); + } + } + return (0); + +} /* end of end_slc */ + +/* + * process_slc + * + * Figure out what to do about the client's slc + */ + void +process_slc(func, flag, val) + register unsigned char func, flag; + register cc_t val; +{ + register int hislevel, mylevel, ack; + + /* + * Ensure that we know something about this function + */ + if (func > NSLC) { + add_slc(func, SLC_NOSUPPORT, 0); + return; + } + + /* + * Process the special case requests of 0 SLC_DEFAULT 0 + * and 0 SLC_VARIABLE 0. Be a little forgiving here, don't + * worry about whether the value is actually 0 or not. + */ + if (func == 0) { + if ((flag = flag & SLC_LEVELBITS) == SLC_DEFAULT) { + default_slc(); + send_slc(); + } else if (flag == SLC_VARIABLE) { + send_slc(); + } + return; + } + + /* + * Appears to be a function that we know something about. So + * get on with it and see what we know. + */ + + hislevel = flag & SLC_LEVELBITS; + mylevel = slctab[func].current.flag & SLC_LEVELBITS; + ack = flag & SLC_ACK; + /* + * ignore the command if: + * the function value and level are the same as what we already have; + * or the level is the same and the ack bit is set + */ + if (hislevel == mylevel && (val == slctab[func].current.val || ack)) { + return; + } else if (ack) { + /* + * If we get here, we got an ack, but the levels don't match. + * This shouldn't happen. If it does, it is probably because + * we have sent two requests to set a variable without getting + * a response between them, and this is the first response. + * So, ignore it, and wait for the next response. + */ + return; + } else { + change_slc(func, flag, val); + } + +} /* end of process_slc */ + +/* + * change_slc + * + * Process a request to change one of our special characters. + * Compare client's request with what we are capable of supporting. + */ + void +change_slc(func, flag, val) + register char func, flag; + register cc_t val; +{ + register int hislevel, mylevel; + + hislevel = flag & SLC_LEVELBITS; + mylevel = slctab[func].defset.flag & SLC_LEVELBITS; + /* + * If client is setting a function to NOSUPPORT + * or DEFAULT, then we can easily and directly + * accomodate the request. + */ + if (hislevel == SLC_NOSUPPORT) { + slctab[func].current.flag = flag; + slctab[func].current.val = (cc_t)_POSIX_VDISABLE; + flag |= SLC_ACK; + add_slc(func, flag, val); + return; + } + if (hislevel == SLC_DEFAULT) { + /* + * Special case here. If client tells us to use + * the default on a function we don't support, then + * return NOSUPPORT instead of what we may have as a + * default level of DEFAULT. + */ + if (mylevel == SLC_DEFAULT) { + slctab[func].current.flag = SLC_NOSUPPORT; + } else { + slctab[func].current.flag = slctab[func].defset.flag; + } + slctab[func].current.val = slctab[func].defset.val; + add_slc(func, slctab[func].current.flag, + slctab[func].current.val); + return; + } + + /* + * Client wants us to change to a new value or he + * is telling us that he can't change to our value. + * Some of the slc's we support and can change, + * some we do support but can't change, + * and others we don't support at all. + * If we can change it then we have a pointer to + * the place to put the new value, so change it, + * otherwise, continue the negotiation. + */ + if (slctab[func].sptr) { + /* + * We can change this one. + */ + slctab[func].current.val = val; + *(slctab[func].sptr) = val; + slctab[func].current.flag = flag; + flag |= SLC_ACK; + slcchange = 1; + add_slc(func, flag, val); + } else { + /* + * It is not possible for us to support this + * request as he asks. + * + * If our level is DEFAULT, then just ack whatever was + * sent. + * + * If he can't change and we can't change, + * then degenerate to NOSUPPORT. + * + * Otherwise we send our level back to him, (CANTCHANGE + * or NOSUPPORT) and if CANTCHANGE, send + * our value as well. + */ + if (mylevel == SLC_DEFAULT) { + slctab[func].current.flag = flag; + slctab[func].current.val = val; + flag |= SLC_ACK; + } else if (hislevel == SLC_CANTCHANGE && + mylevel == SLC_CANTCHANGE) { + flag &= ~SLC_LEVELBITS; + flag |= SLC_NOSUPPORT; + slctab[func].current.flag = flag; + } else { + flag &= ~SLC_LEVELBITS; + flag |= mylevel; + slctab[func].current.flag = flag; + if (mylevel == SLC_CANTCHANGE) { + slctab[func].current.val = + slctab[func].defset.val; + val = slctab[func].current.val; + } + } + add_slc(func, flag, val); + } + +} /* end of change_slc */ + +#if defined(USE_TERMIO) && (VEOF == VMIN) +cc_t oldeofc = '\004'; +#endif + +/* + * check_slc + * + * Check the special characters in use and notify the client if any have + * changed. Only those characters that are capable of being changed are + * likely to have changed. If a local change occurs, kick the support level + * and flags up to the defaults. + */ + void +check_slc() +{ + register int i; + + for (i = 1; i <= NSLC; i++) { +#if defined(USE_TERMIO) && (VEOF == VMIN) + /* + * In a perfect world this would be a neat little + * function. But in this world, we should not notify + * client of changes to the VEOF char when + * ICANON is off, because it is not representing + * a special character. + */ + if (i == SLC_EOF) { + if (!tty_isediting()) + continue; + else if (slctab[i].sptr) + oldeofc = *(slctab[i].sptr); + } +#endif /* defined(USE_TERMIO) && defined(SYSV_TERMIO) */ + if (slctab[i].sptr && + (*(slctab[i].sptr) != slctab[i].current.val)) { + slctab[i].current.val = *(slctab[i].sptr); + if (*(slctab[i].sptr) == (cc_t)_POSIX_VDISABLE) + slctab[i].current.flag = SLC_NOSUPPORT; + else + slctab[i].current.flag = slctab[i].defset.flag; + add_slc((unsigned char)i, slctab[i].current.flag, + slctab[i].current.val); + } + } +} /* check_slc */ + +/* + * do_opt_slc + * + * Process an slc option buffer. Defer processing of incoming slc's + * until after the terminal state has been processed. Save the first slc + * request that comes along, but discard all others. + * + * ptr points to the beginning of the buffer, len is the length. + */ + void +do_opt_slc(ptr, len) + register unsigned char *ptr; + register int len; +{ + register unsigned char func, flag; + cc_t val; + register unsigned char *end = ptr + len; + + if (terminit()) { /* go ahead */ + while (ptr < end) { + func = *ptr++; + if (ptr >= end) break; + flag = *ptr++; + if (ptr >= end) break; + val = (cc_t)*ptr++; + + process_slc(func, flag, val); + + } + } else { + /* + * save this slc buffer if it is the first, otherwise dump + * it. + */ + if (def_slcbuf == (unsigned char *)0) { + def_slclen = len; + def_slcbuf = (unsigned char *)malloc((unsigned)len); + if (def_slcbuf == (unsigned char *)0) + return; /* too bad */ + memmove(def_slcbuf, ptr, len); + } + } + +} /* end of do_opt_slc */ + +/* + * deferslc + * + * Do slc stuff that was deferred. + */ + void +deferslc() +{ + if (def_slcbuf) { + start_slc(1); + do_opt_slc(def_slcbuf, def_slclen); + (void) end_slc(0); + free(def_slcbuf); + def_slcbuf = (unsigned char *)0; + def_slclen = 0; + } + +} /* end of deferslc */ + +#endif /* LINEMODE */ diff --git a/secure/libexec/telnetd/state.c b/secure/libexec/telnetd/state.c new file mode 100644 index 0000000..4ee8bea --- /dev/null +++ b/secure/libexec/telnetd/state.c @@ -0,0 +1,1612 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)state.c 8.5 (Berkeley) 5/30/95"; +#endif /* not lint */ + +#include "telnetd.h" +#if defined(AUTHENTICATION) +#include <libtelnet/auth.h> +#endif + +unsigned char doopt[] = { IAC, DO, '%', 'c', 0 }; +unsigned char dont[] = { IAC, DONT, '%', 'c', 0 }; +unsigned char will[] = { IAC, WILL, '%', 'c', 0 }; +unsigned char wont[] = { IAC, WONT, '%', 'c', 0 }; +int not42 = 1; + +/* + * Buffer for sub-options, and macros + * for suboptions buffer manipulations + */ +unsigned char subbuffer[512], *subpointer= subbuffer, *subend= subbuffer; + +#define SB_CLEAR() subpointer = subbuffer +#define SB_TERM() { subend = subpointer; SB_CLEAR(); } +#define SB_ACCUM(c) if (subpointer < (subbuffer+sizeof subbuffer)) { \ + *subpointer++ = (c); \ + } +#define SB_GET() ((*subpointer++)&0xff) +#define SB_EOF() (subpointer >= subend) +#define SB_LEN() (subend - subpointer) + +#ifdef ENV_HACK +unsigned char *subsave; +#define SB_SAVE() subsave = subpointer; +#define SB_RESTORE() subpointer = subsave; +#endif + + +/* + * State for recv fsm + */ +#define TS_DATA 0 /* base state */ +#define TS_IAC 1 /* look for double IAC's */ +#define TS_CR 2 /* CR-LF ->'s CR */ +#define TS_SB 3 /* throw away begin's... */ +#define TS_SE 4 /* ...end's (suboption negotiation) */ +#define TS_WILL 5 /* will option negotiation */ +#define TS_WONT 6 /* wont " */ +#define TS_DO 7 /* do " */ +#define TS_DONT 8 /* dont " */ + + void +telrcv() +{ + register int c; + static int state = TS_DATA; +#if defined(CRAY2) && defined(UNICOS5) + char *opfrontp = pfrontp; +#endif + + while (ncc > 0) { + if ((&ptyobuf[BUFSIZ] - pfrontp) < 2) + break; + c = *netip++ & 0377, ncc--; +#ifdef ENCRYPTION + if (decrypt_input) + c = (*decrypt_input)(c); +#endif /* ENCRYPTION */ + switch (state) { + + case TS_CR: + state = TS_DATA; + /* Strip off \n or \0 after a \r */ + if ((c == 0) || (c == '\n')) { + break; + } + /* FALL THROUGH */ + + case TS_DATA: + if (c == IAC) { + state = TS_IAC; + break; + } + /* + * We now map \r\n ==> \r for pragmatic reasons. + * Many client implementations send \r\n when + * the user hits the CarriageReturn key. + * + * We USED to map \r\n ==> \n, since \r\n says + * that we want to be in column 1 of the next + * printable line, and \n is the standard + * unix way of saying that (\r is only good + * if CRMOD is set, which it normally is). + */ + if ((c == '\r') && his_state_is_wont(TELOPT_BINARY)) { + int nc = *netip; +#ifdef ENCRYPTION + if (decrypt_input) + nc = (*decrypt_input)(nc & 0xff); +#endif /* ENCRYPTION */ +#ifdef LINEMODE + /* + * If we are operating in linemode, + * convert to local end-of-line. + */ + if (linemode && (ncc > 0) && (('\n' == nc) || + ((0 == nc) && tty_iscrnl())) ) { + netip++; ncc--; + c = '\n'; + } else +#endif + { +#ifdef ENCRYPTION + if (decrypt_input) + (void)(*decrypt_input)(-1); +#endif /* ENCRYPTION */ + state = TS_CR; + } + } + *pfrontp++ = c; + break; + + case TS_IAC: +gotiac: switch (c) { + + /* + * Send the process on the pty side an + * interrupt. Do this with a NULL or + * interrupt char; depending on the tty mode. + */ + case IP: + DIAG(TD_OPTIONS, + printoption("td: recv IAC", c)); + interrupt(); + break; + + case BREAK: + DIAG(TD_OPTIONS, + printoption("td: recv IAC", c)); + sendbrk(); + break; + + /* + * Are You There? + */ + case AYT: + DIAG(TD_OPTIONS, + printoption("td: recv IAC", c)); + recv_ayt(); + break; + + /* + * Abort Output + */ + case AO: + { + DIAG(TD_OPTIONS, + printoption("td: recv IAC", c)); + ptyflush(); /* half-hearted */ + init_termbuf(); + + if (slctab[SLC_AO].sptr && + *slctab[SLC_AO].sptr != (cc_t)(_POSIX_VDISABLE)) { + *pfrontp++ = + (unsigned char)*slctab[SLC_AO].sptr; + } + + netclear(); /* clear buffer back */ + *nfrontp++ = IAC; + *nfrontp++ = DM; + neturg = nfrontp-1; /* off by one XXX */ + DIAG(TD_OPTIONS, + printoption("td: send IAC", DM)); + break; + } + + /* + * Erase Character and + * Erase Line + */ + case EC: + case EL: + { + cc_t ch; + + DIAG(TD_OPTIONS, + printoption("td: recv IAC", c)); + ptyflush(); /* half-hearted */ + init_termbuf(); + if (c == EC) + ch = *slctab[SLC_EC].sptr; + else + ch = *slctab[SLC_EL].sptr; + if (ch != (cc_t)(_POSIX_VDISABLE)) + *pfrontp++ = (unsigned char)ch; + break; + } + + /* + * Check for urgent data... + */ + case DM: + DIAG(TD_OPTIONS, + printoption("td: recv IAC", c)); + SYNCHing = stilloob(net); + settimer(gotDM); + break; + + + /* + * Begin option subnegotiation... + */ + case SB: + state = TS_SB; + SB_CLEAR(); + continue; + + case WILL: + state = TS_WILL; + continue; + + case WONT: + state = TS_WONT; + continue; + + case DO: + state = TS_DO; + continue; + + case DONT: + state = TS_DONT; + continue; + case EOR: + if (his_state_is_will(TELOPT_EOR)) + doeof(); + break; + + /* + * Handle RFC 10xx Telnet linemode option additions + * to command stream (EOF, SUSP, ABORT). + */ + case xEOF: + doeof(); + break; + + case SUSP: + sendsusp(); + break; + + case ABORT: + sendbrk(); + break; + + case IAC: + *pfrontp++ = c; + break; + } + state = TS_DATA; + break; + + case TS_SB: + if (c == IAC) { + state = TS_SE; + } else { + SB_ACCUM(c); + } + break; + + case TS_SE: + if (c != SE) { + if (c != IAC) { + /* + * bad form of suboption negotiation. + * handle it in such a way as to avoid + * damage to local state. Parse + * suboption buffer found so far, + * then treat remaining stream as + * another command sequence. + */ + + /* for DIAGNOSTICS */ + SB_ACCUM(IAC); + SB_ACCUM(c); + subpointer -= 2; + + SB_TERM(); + suboption(); + state = TS_IAC; + goto gotiac; + } + SB_ACCUM(c); + state = TS_SB; + } else { + /* for DIAGNOSTICS */ + SB_ACCUM(IAC); + SB_ACCUM(SE); + subpointer -= 2; + + SB_TERM(); + suboption(); /* handle sub-option */ + state = TS_DATA; + } + break; + + case TS_WILL: + willoption(c); + state = TS_DATA; + continue; + + case TS_WONT: + wontoption(c); + state = TS_DATA; + continue; + + case TS_DO: + dooption(c); + state = TS_DATA; + continue; + + case TS_DONT: + dontoption(c); + state = TS_DATA; + continue; + + default: + syslog(LOG_ERR, "telnetd: panic state=%d\n", state); + printf("telnetd: panic state=%d\n", state); + exit(1); + } + } +#if defined(CRAY2) && defined(UNICOS5) + if (!linemode) { + char xptyobuf[BUFSIZ+NETSLOP]; + char xbuf2[BUFSIZ]; + register char *cp; + int n = pfrontp - opfrontp, oc; + memmove(xptyobuf, opfrontp, n); + pfrontp = opfrontp; + pfrontp += term_input(xptyobuf, pfrontp, n, BUFSIZ+NETSLOP, + xbuf2, &oc, BUFSIZ); + for (cp = xbuf2; oc > 0; --oc) + if ((*nfrontp++ = *cp++) == IAC) + *nfrontp++ = IAC; + } +#endif /* defined(CRAY2) && defined(UNICOS5) */ +} /* end of telrcv */ + +/* + * The will/wont/do/dont state machines are based on Dave Borman's + * Telnet option processing state machine. + * + * These correspond to the following states: + * my_state = the last negotiated state + * want_state = what I want the state to go to + * want_resp = how many requests I have sent + * All state defaults are negative, and resp defaults to 0. + * + * When initiating a request to change state to new_state: + * + * if ((want_resp == 0 && new_state == my_state) || want_state == new_state) { + * do nothing; + * } else { + * want_state = new_state; + * send new_state; + * want_resp++; + * } + * + * When receiving new_state: + * + * if (want_resp) { + * want_resp--; + * if (want_resp && (new_state == my_state)) + * want_resp--; + * } + * if ((want_resp == 0) && (new_state != want_state)) { + * if (ok_to_switch_to new_state) + * want_state = new_state; + * else + * want_resp++; + * send want_state; + * } + * my_state = new_state; + * + * Note that new_state is implied in these functions by the function itself. + * will and do imply positive new_state, wont and dont imply negative. + * + * Finally, there is one catch. If we send a negative response to a + * positive request, my_state will be the positive while want_state will + * remain negative. my_state will revert to negative when the negative + * acknowlegment arrives from the peer. Thus, my_state generally tells + * us not only the last negotiated state, but also tells us what the peer + * wants to be doing as well. It is important to understand this difference + * as we may wish to be processing data streams based on our desired state + * (want_state) or based on what the peer thinks the state is (my_state). + * + * This all works fine because if the peer sends a positive request, the data + * that we receive prior to negative acknowlegment will probably be affected + * by the positive state, and we can process it as such (if we can; if we + * can't then it really doesn't matter). If it is that important, then the + * peer probably should be buffering until this option state negotiation + * is complete. + * + */ + void +send_do(option, init) + int option, init; +{ + if (init) { + if ((do_dont_resp[option] == 0 && his_state_is_will(option)) || + his_want_state_is_will(option)) + return; + /* + * Special case for TELOPT_TM: We send a DO, but pretend + * that we sent a DONT, so that we can send more DOs if + * we want to. + */ + if (option == TELOPT_TM) + set_his_want_state_wont(option); + else + set_his_want_state_will(option); + do_dont_resp[option]++; + } + (void) sprintf(nfrontp, (char *)doopt, option); + nfrontp += sizeof (dont) - 2; + + DIAG(TD_OPTIONS, printoption("td: send do", option)); +} + +#ifdef AUTHENTICATION +extern void auth_request(); +#endif +#ifdef LINEMODE +extern void doclientstat(); +#endif +#ifdef ENCRYPTION +extern void encrypt_send_support(); +#endif /* ENCRYPTION */ + + void +willoption(option) + int option; +{ + int changeok = 0; + void (*func)() = 0; + + /* + * process input from peer. + */ + + DIAG(TD_OPTIONS, printoption("td: recv will", option)); + + if (do_dont_resp[option]) { + do_dont_resp[option]--; + if (do_dont_resp[option] && his_state_is_will(option)) + do_dont_resp[option]--; + } + if (do_dont_resp[option] == 0) { + if (his_want_state_is_wont(option)) { + switch (option) { + + case TELOPT_BINARY: + init_termbuf(); + tty_binaryin(1); + set_termbuf(); + changeok++; + break; + + case TELOPT_ECHO: + /* + * See comments below for more info. + */ + not42 = 0; /* looks like a 4.2 system */ + break; + + case TELOPT_TM: +#if defined(LINEMODE) && defined(KLUDGELINEMODE) + /* + * This telnetd implementation does not really + * support timing marks, it just uses them to + * support the kludge linemode stuff. If we + * receive a will or wont TM in response to our + * do TM request that may have been sent to + * determine kludge linemode support, process + * it, otherwise TM should get a negative + * response back. + */ + /* + * Handle the linemode kludge stuff. + * If we are not currently supporting any + * linemode at all, then we assume that this + * is the client telling us to use kludge + * linemode in response to our query. Set the + * linemode type that is to be supported, note + * that the client wishes to use linemode, and + * eat the will TM as though it never arrived. + */ + if (lmodetype < KLUDGE_LINEMODE) { + lmodetype = KLUDGE_LINEMODE; + clientstat(TELOPT_LINEMODE, WILL, 0); + send_wont(TELOPT_SGA, 1); + } else if (lmodetype == NO_AUTOKLUDGE) { + lmodetype = KLUDGE_OK; + } +#endif /* defined(LINEMODE) && defined(KLUDGELINEMODE) */ + /* + * We never respond to a WILL TM, and + * we leave the state WONT. + */ + return; + + case TELOPT_LFLOW: + /* + * If we are going to support flow control + * option, then don't worry peer that we can't + * change the flow control characters. + */ + slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS; + slctab[SLC_XON].defset.flag |= SLC_DEFAULT; + slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS; + slctab[SLC_XOFF].defset.flag |= SLC_DEFAULT; + case TELOPT_TTYPE: + case TELOPT_SGA: + case TELOPT_NAWS: + case TELOPT_TSPEED: + case TELOPT_XDISPLOC: + case TELOPT_NEW_ENVIRON: + case TELOPT_OLD_ENVIRON: + changeok++; + break; + +#ifdef LINEMODE + case TELOPT_LINEMODE: +# ifdef KLUDGELINEMODE + /* + * Note client's desire to use linemode. + */ + lmodetype = REAL_LINEMODE; +# endif /* KLUDGELINEMODE */ + func = doclientstat; + changeok++; + break; +#endif /* LINEMODE */ + +#ifdef AUTHENTICATION + case TELOPT_AUTHENTICATION: + func = auth_request; + changeok++; + break; +#endif + +#ifdef ENCRYPTION + case TELOPT_ENCRYPT: + func = encrypt_send_support; + changeok++; + break; +#endif /* ENCRYPTION */ + + default: + break; + } + if (changeok) { + set_his_want_state_will(option); + send_do(option, 0); + } else { + do_dont_resp[option]++; + send_dont(option, 0); + } + } else { + /* + * Option processing that should happen when + * we receive conformation of a change in + * state that we had requested. + */ + switch (option) { + case TELOPT_ECHO: + not42 = 0; /* looks like a 4.2 system */ + /* + * Egads, he responded "WILL ECHO". Turn + * it off right now! + */ + send_dont(option, 1); + /* + * "WILL ECHO". Kludge upon kludge! + * A 4.2 client is now echoing user input at + * the tty. This is probably undesireable and + * it should be stopped. The client will + * respond WONT TM to the DO TM that we send to + * check for kludge linemode. When the WONT TM + * arrives, linemode will be turned off and a + * change propogated to the pty. This change + * will cause us to process the new pty state + * in localstat(), which will notice that + * linemode is off and send a WILL ECHO + * so that we are properly in character mode and + * all is well. + */ + break; +#ifdef LINEMODE + case TELOPT_LINEMODE: +# ifdef KLUDGELINEMODE + /* + * Note client's desire to use linemode. + */ + lmodetype = REAL_LINEMODE; +# endif /* KLUDGELINEMODE */ + func = doclientstat; + break; +#endif /* LINEMODE */ + +#ifdef AUTHENTICATION + case TELOPT_AUTHENTICATION: + func = auth_request; + break; +#endif + +#ifdef ENCRYPTION + case TELOPT_ENCRYPT: + func = encrypt_send_support; + break; +#endif /* ENCRYPTION */ + case TELOPT_LFLOW: + func = flowstat; + break; + } + } + } + set_his_state_will(option); + if (func) + (*func)(); +} /* end of willoption */ + + void +send_dont(option, init) + int option, init; +{ + if (init) { + if ((do_dont_resp[option] == 0 && his_state_is_wont(option)) || + his_want_state_is_wont(option)) + return; + set_his_want_state_wont(option); + do_dont_resp[option]++; + } + (void) sprintf(nfrontp, (char *)dont, option); + nfrontp += sizeof (doopt) - 2; + + DIAG(TD_OPTIONS, printoption("td: send dont", option)); +} + + void +wontoption(option) + int option; +{ + /* + * Process client input. + */ + + DIAG(TD_OPTIONS, printoption("td: recv wont", option)); + + if (do_dont_resp[option]) { + do_dont_resp[option]--; + if (do_dont_resp[option] && his_state_is_wont(option)) + do_dont_resp[option]--; + } + if (do_dont_resp[option] == 0) { + if (his_want_state_is_will(option)) { + /* it is always ok to change to negative state */ + switch (option) { + case TELOPT_ECHO: + not42 = 1; /* doesn't seem to be a 4.2 system */ + break; + + case TELOPT_BINARY: + init_termbuf(); + tty_binaryin(0); + set_termbuf(); + break; + +#ifdef LINEMODE + case TELOPT_LINEMODE: +# ifdef KLUDGELINEMODE + /* + * If real linemode is supported, then client is + * asking to turn linemode off. + */ + if (lmodetype != REAL_LINEMODE) + break; +# endif /* KLUDGELINEMODE */ + clientstat(TELOPT_LINEMODE, WONT, 0); + break; +#endif /* LINEMODE */ + + case TELOPT_TM: + /* + * If we get a WONT TM, and had sent a DO TM, + * don't respond with a DONT TM, just leave it + * as is. Short circut the state machine to + * achive this. + */ + set_his_want_state_wont(TELOPT_TM); + return; + + case TELOPT_LFLOW: + /* + * If we are not going to support flow control + * option, then let peer know that we can't + * change the flow control characters. + */ + slctab[SLC_XON].defset.flag &= ~SLC_LEVELBITS; + slctab[SLC_XON].defset.flag |= SLC_CANTCHANGE; + slctab[SLC_XOFF].defset.flag &= ~SLC_LEVELBITS; + slctab[SLC_XOFF].defset.flag |= SLC_CANTCHANGE; + break; + +#if defined(AUTHENTICATION) + case TELOPT_AUTHENTICATION: + auth_finished(0, AUTH_REJECT); + break; +#endif + + /* + * For options that we might spin waiting for + * sub-negotiation, if the client turns off the + * option rather than responding to the request, + * we have to treat it here as if we got a response + * to the sub-negotiation, (by updating the timers) + * so that we'll break out of the loop. + */ + case TELOPT_TTYPE: + settimer(ttypesubopt); + break; + + case TELOPT_TSPEED: + settimer(tspeedsubopt); + break; + + case TELOPT_XDISPLOC: + settimer(xdisplocsubopt); + break; + + case TELOPT_OLD_ENVIRON: + settimer(oenvironsubopt); + break; + + case TELOPT_NEW_ENVIRON: + settimer(environsubopt); + break; + + default: + break; + } + set_his_want_state_wont(option); + if (his_state_is_will(option)) + send_dont(option, 0); + } else { + switch (option) { + case TELOPT_TM: +#if defined(LINEMODE) && defined(KLUDGELINEMODE) + if (lmodetype < NO_AUTOKLUDGE) { + lmodetype = NO_LINEMODE; + clientstat(TELOPT_LINEMODE, WONT, 0); + send_will(TELOPT_SGA, 1); + send_will(TELOPT_ECHO, 1); + } +#endif /* defined(LINEMODE) && defined(KLUDGELINEMODE) */ + break; + +#if defined(AUTHENTICATION) + case TELOPT_AUTHENTICATION: + auth_finished(0, AUTH_REJECT); + break; +#endif + default: + break; + } + } + } + set_his_state_wont(option); + +} /* end of wontoption */ + + void +send_will(option, init) + int option, init; +{ + if (init) { + if ((will_wont_resp[option] == 0 && my_state_is_will(option))|| + my_want_state_is_will(option)) + return; + set_my_want_state_will(option); + will_wont_resp[option]++; + } + (void) sprintf(nfrontp, (char *)will, option); + nfrontp += sizeof (doopt) - 2; + + DIAG(TD_OPTIONS, printoption("td: send will", option)); +} + +#if !defined(LINEMODE) || !defined(KLUDGELINEMODE) +/* + * When we get a DONT SGA, we will try once to turn it + * back on. If the other side responds DONT SGA, we + * leave it at that. This is so that when we talk to + * clients that understand KLUDGELINEMODE but not LINEMODE, + * we'll keep them in char-at-a-time mode. + */ +int turn_on_sga = 0; +#endif + + void +dooption(option) + int option; +{ + int changeok = 0; + + /* + * Process client input. + */ + + DIAG(TD_OPTIONS, printoption("td: recv do", option)); + + if (will_wont_resp[option]) { + will_wont_resp[option]--; + if (will_wont_resp[option] && my_state_is_will(option)) + will_wont_resp[option]--; + } + if ((will_wont_resp[option] == 0) && (my_want_state_is_wont(option))) { + switch (option) { + case TELOPT_ECHO: +#ifdef LINEMODE +# ifdef KLUDGELINEMODE + if (lmodetype == NO_LINEMODE) +# else + if (his_state_is_wont(TELOPT_LINEMODE)) +# endif +#endif + { + init_termbuf(); + tty_setecho(1); + set_termbuf(); + } + changeok++; + break; + + case TELOPT_BINARY: + init_termbuf(); + tty_binaryout(1); + set_termbuf(); + changeok++; + break; + + case TELOPT_SGA: +#if defined(LINEMODE) && defined(KLUDGELINEMODE) + /* + * If kludge linemode is in use, then we must + * process an incoming do SGA for linemode + * purposes. + */ + if (lmodetype == KLUDGE_LINEMODE) { + /* + * Receipt of "do SGA" in kludge + * linemode is the peer asking us to + * turn off linemode. Make note of + * the request. + */ + clientstat(TELOPT_LINEMODE, WONT, 0); + /* + * If linemode did not get turned off + * then don't tell peer that we did. + * Breaking here forces a wont SGA to + * be returned. + */ + if (linemode) + break; + } +#else + turn_on_sga = 0; +#endif /* defined(LINEMODE) && defined(KLUDGELINEMODE) */ + changeok++; + break; + + case TELOPT_STATUS: + changeok++; + break; + + case TELOPT_TM: + /* + * Special case for TM. We send a WILL, but + * pretend we sent a WONT. + */ + send_will(option, 0); + set_my_want_state_wont(option); + set_my_state_wont(option); + return; + + case TELOPT_LOGOUT: + /* + * When we get a LOGOUT option, respond + * with a WILL LOGOUT, make sure that + * it gets written out to the network, + * and then just go away... + */ + set_my_want_state_will(TELOPT_LOGOUT); + send_will(TELOPT_LOGOUT, 0); + set_my_state_will(TELOPT_LOGOUT); + (void)netflush(); + cleanup(0); + /* NOT REACHED */ + break; + +#ifdef ENCRYPTION + case TELOPT_ENCRYPT: + changeok++; + break; +#endif /* ENCRYPTION */ + case TELOPT_LINEMODE: + case TELOPT_TTYPE: + case TELOPT_NAWS: + case TELOPT_TSPEED: + case TELOPT_LFLOW: + case TELOPT_XDISPLOC: +#ifdef TELOPT_ENVIRON + case TELOPT_NEW_ENVIRON: +#endif + case TELOPT_OLD_ENVIRON: + default: + break; + } + if (changeok) { + set_my_want_state_will(option); + send_will(option, 0); + } else { + will_wont_resp[option]++; + send_wont(option, 0); + } + } + set_my_state_will(option); + +} /* end of dooption */ + + void +send_wont(option, init) + int option, init; +{ + if (init) { + if ((will_wont_resp[option] == 0 && my_state_is_wont(option)) || + my_want_state_is_wont(option)) + return; + set_my_want_state_wont(option); + will_wont_resp[option]++; + } + (void) sprintf(nfrontp, (char *)wont, option); + nfrontp += sizeof (wont) - 2; + + DIAG(TD_OPTIONS, printoption("td: send wont", option)); +} + + void +dontoption(option) + int option; +{ + /* + * Process client input. + */ + + + DIAG(TD_OPTIONS, printoption("td: recv dont", option)); + + if (will_wont_resp[option]) { + will_wont_resp[option]--; + if (will_wont_resp[option] && my_state_is_wont(option)) + will_wont_resp[option]--; + } + if ((will_wont_resp[option] == 0) && (my_want_state_is_will(option))) { + switch (option) { + case TELOPT_BINARY: + init_termbuf(); + tty_binaryout(0); + set_termbuf(); + break; + + case TELOPT_ECHO: /* we should stop echoing */ +#ifdef LINEMODE +# ifdef KLUDGELINEMODE + if ((lmodetype != REAL_LINEMODE) && + (lmodetype != KLUDGE_LINEMODE)) +# else + if (his_state_is_wont(TELOPT_LINEMODE)) +# endif +#endif + { + init_termbuf(); + tty_setecho(0); + set_termbuf(); + } + break; + + case TELOPT_SGA: +#if defined(LINEMODE) && defined(KLUDGELINEMODE) + /* + * If kludge linemode is in use, then we + * must process an incoming do SGA for + * linemode purposes. + */ + if ((lmodetype == KLUDGE_LINEMODE) || + (lmodetype == KLUDGE_OK)) { + /* + * The client is asking us to turn + * linemode on. + */ + lmodetype = KLUDGE_LINEMODE; + clientstat(TELOPT_LINEMODE, WILL, 0); + /* + * If we did not turn line mode on, + * then what do we say? Will SGA? + * This violates design of telnet. + * Gross. Very Gross. + */ + } + break; +#else + set_my_want_state_wont(option); + if (my_state_is_will(option)) + send_wont(option, 0); + set_my_state_wont(option); + if (turn_on_sga ^= 1) + send_will(option, 1); + return; +#endif /* defined(LINEMODE) && defined(KLUDGELINEMODE) */ + + default: + break; + } + + set_my_want_state_wont(option); + if (my_state_is_will(option)) + send_wont(option, 0); + } + set_my_state_wont(option); + +} /* end of dontoption */ + +#ifdef ENV_HACK +int env_ovar = -1; +int env_ovalue = -1; +#else /* ENV_HACK */ +# define env_ovar OLD_ENV_VAR +# define env_ovalue OLD_ENV_VALUE +#endif /* ENV_HACK */ + +/* + * suboption() + * + * Look at the sub-option buffer, and try to be helpful to the other + * side. + * + * Currently we recognize: + * + * Terminal type is + * Linemode + * Window size + * Terminal speed + */ + void +suboption() +{ + register int subchar; + + DIAG(TD_OPTIONS, {netflush(); printsub('<', subpointer, SB_LEN()+2);}); + + subchar = SB_GET(); + switch (subchar) { + case TELOPT_TSPEED: { + register int xspeed, rspeed; + + if (his_state_is_wont(TELOPT_TSPEED)) /* Ignore if option disabled */ + break; + + settimer(tspeedsubopt); + + if (SB_EOF() || SB_GET() != TELQUAL_IS) + return; + + xspeed = atoi((char *)subpointer); + + while (SB_GET() != ',' && !SB_EOF()); + if (SB_EOF()) + return; + + rspeed = atoi((char *)subpointer); + clientstat(TELOPT_TSPEED, xspeed, rspeed); + + break; + + } /* end of case TELOPT_TSPEED */ + + case TELOPT_TTYPE: { /* Yaaaay! */ + static char terminalname[41]; + + if (his_state_is_wont(TELOPT_TTYPE)) /* Ignore if option disabled */ + break; + settimer(ttypesubopt); + + if (SB_EOF() || SB_GET() != TELQUAL_IS) { + return; /* ??? XXX but, this is the most robust */ + } + + terminaltype = terminalname; + + while ((terminaltype < (terminalname + sizeof terminalname-1)) && + !SB_EOF()) { + register int c; + + c = SB_GET(); + if (isupper(c)) { + c = tolower(c); + } + *terminaltype++ = c; /* accumulate name */ + } + *terminaltype = 0; + terminaltype = terminalname; + break; + } /* end of case TELOPT_TTYPE */ + + case TELOPT_NAWS: { + register int xwinsize, ywinsize; + + if (his_state_is_wont(TELOPT_NAWS)) /* Ignore if option disabled */ + break; + + if (SB_EOF()) + return; + xwinsize = SB_GET() << 8; + if (SB_EOF()) + return; + xwinsize |= SB_GET(); + if (SB_EOF()) + return; + ywinsize = SB_GET() << 8; + if (SB_EOF()) + return; + ywinsize |= SB_GET(); + clientstat(TELOPT_NAWS, xwinsize, ywinsize); + + break; + + } /* end of case TELOPT_NAWS */ + +#ifdef LINEMODE + case TELOPT_LINEMODE: { + register int request; + + if (his_state_is_wont(TELOPT_LINEMODE)) /* Ignore if option disabled */ + break; + /* + * Process linemode suboptions. + */ + if (SB_EOF()) + break; /* garbage was sent */ + request = SB_GET(); /* get will/wont */ + + if (SB_EOF()) + break; /* another garbage check */ + + if (request == LM_SLC) { /* SLC is not preceeded by WILL or WONT */ + /* + * Process suboption buffer of slc's + */ + start_slc(1); + do_opt_slc(subpointer, subend - subpointer); + (void) end_slc(0); + break; + } else if (request == LM_MODE) { + if (SB_EOF()) + return; + useeditmode = SB_GET(); /* get mode flag */ + clientstat(LM_MODE, 0, 0); + break; + } + + if (SB_EOF()) + break; + switch (SB_GET()) { /* what suboption? */ + case LM_FORWARDMASK: + /* + * According to spec, only server can send request for + * forwardmask, and client can only return a positive response. + * So don't worry about it. + */ + + default: + break; + } + break; + } /* end of case TELOPT_LINEMODE */ +#endif + case TELOPT_STATUS: { + int mode; + + if (SB_EOF()) + break; + mode = SB_GET(); + switch (mode) { + case TELQUAL_SEND: + if (my_state_is_will(TELOPT_STATUS)) + send_status(); + break; + + case TELQUAL_IS: + break; + + default: + break; + } + break; + } /* end of case TELOPT_STATUS */ + + case TELOPT_XDISPLOC: { + if (SB_EOF() || SB_GET() != TELQUAL_IS) + return; + settimer(xdisplocsubopt); + subpointer[SB_LEN()] = '\0'; + (void)setenv("DISPLAY", (char *)subpointer, 1); + break; + } /* end of case TELOPT_XDISPLOC */ + +#ifdef TELOPT_NEW_ENVIRON + case TELOPT_NEW_ENVIRON: +#endif + case TELOPT_OLD_ENVIRON: { + register int c; + register char *cp, *varp, *valp; + + if (SB_EOF()) + return; + c = SB_GET(); + if (c == TELQUAL_IS) { + if (subchar == TELOPT_OLD_ENVIRON) + settimer(oenvironsubopt); + else + settimer(environsubopt); + } else if (c != TELQUAL_INFO) { + return; + } + +#ifdef TELOPT_NEW_ENVIRON + if (subchar == TELOPT_NEW_ENVIRON) { + while (!SB_EOF()) { + c = SB_GET(); + if ((c == NEW_ENV_VAR) || (c == ENV_USERVAR)) + break; + } + } else +#endif + { +#ifdef ENV_HACK + /* + * We only want to do this if we haven't already decided + * whether or not the other side has its VALUE and VAR + * reversed. + */ + if (env_ovar < 0) { + register int last = -1; /* invalid value */ + int empty = 0; + int got_var = 0, got_value = 0, got_uservar = 0; + + /* + * The other side might have its VALUE and VAR values + * reversed. To be interoperable, we need to determine + * which way it is. If the first recognized character + * is a VAR or VALUE, then that will tell us what + * type of client it is. If the fist recognized + * character is a USERVAR, then we continue scanning + * the suboption looking for two consecutive + * VAR or VALUE fields. We should not get two + * consecutive VALUE fields, so finding two + * consecutive VALUE or VAR fields will tell us + * what the client is. + */ + SB_SAVE(); + while (!SB_EOF()) { + c = SB_GET(); + switch(c) { + case OLD_ENV_VAR: + if (last < 0 || last == OLD_ENV_VAR + || (empty && (last == OLD_ENV_VALUE))) + goto env_ovar_ok; + got_var++; + last = OLD_ENV_VAR; + break; + case OLD_ENV_VALUE: + if (last < 0 || last == OLD_ENV_VALUE + || (empty && (last == OLD_ENV_VAR))) + goto env_ovar_wrong; + got_value++; + last = OLD_ENV_VALUE; + break; + case ENV_USERVAR: + /* count strings of USERVAR as one */ + if (last != ENV_USERVAR) + got_uservar++; + if (empty) { + if (last == OLD_ENV_VALUE) + goto env_ovar_ok; + if (last == OLD_ENV_VAR) + goto env_ovar_wrong; + } + last = ENV_USERVAR; + break; + case ENV_ESC: + if (!SB_EOF()) + c = SB_GET(); + /* FALL THROUGH */ + default: + empty = 0; + continue; + } + empty = 1; + } + if (empty) { + if (last == OLD_ENV_VALUE) + goto env_ovar_ok; + if (last == OLD_ENV_VAR) + goto env_ovar_wrong; + } + /* + * Ok, the first thing was a USERVAR, and there + * are not two consecutive VAR or VALUE commands, + * and none of the VAR or VALUE commands are empty. + * If the client has sent us a well-formed option, + * then the number of VALUEs received should always + * be less than or equal to the number of VARs and + * USERVARs received. + * + * If we got exactly as many VALUEs as VARs and + * USERVARs, the client has the same definitions. + * + * If we got exactly as many VARs as VALUEs and + * USERVARS, the client has reversed definitions. + */ + if (got_uservar + got_var == got_value) { + env_ovar_ok: + env_ovar = OLD_ENV_VAR; + env_ovalue = OLD_ENV_VALUE; + } else if (got_uservar + got_value == got_var) { + env_ovar_wrong: + env_ovar = OLD_ENV_VALUE; + env_ovalue = OLD_ENV_VAR; + DIAG(TD_OPTIONS, {sprintf(nfrontp, + "ENVIRON VALUE and VAR are reversed!\r\n"); + nfrontp += strlen(nfrontp);}); + + } + } + SB_RESTORE(); +#endif + + while (!SB_EOF()) { + c = SB_GET(); + if ((c == env_ovar) || (c == ENV_USERVAR)) + break; + } + } + + if (SB_EOF()) + return; + + cp = varp = (char *)subpointer; + valp = 0; + + while (!SB_EOF()) { + c = SB_GET(); + if (subchar == TELOPT_OLD_ENVIRON) { + if (c == env_ovar) + c = NEW_ENV_VAR; + else if (c == env_ovalue) + c = NEW_ENV_VALUE; + } + switch (c) { + + case NEW_ENV_VALUE: + *cp = '\0'; + cp = valp = (char *)subpointer; + break; + + case NEW_ENV_VAR: + case ENV_USERVAR: + *cp = '\0'; + if (valp) + (void)setenv(varp, valp, 1); + else + unsetenv(varp); + cp = varp = (char *)subpointer; + valp = 0; + break; + + case ENV_ESC: + if (SB_EOF()) + break; + c = SB_GET(); + /* FALL THROUGH */ + default: + *cp++ = c; + break; + } + } + *cp = '\0'; + if (valp) + (void)setenv(varp, valp, 1); + else + unsetenv(varp); + break; + } /* end of case TELOPT_NEW_ENVIRON */ +#if defined(AUTHENTICATION) + case TELOPT_AUTHENTICATION: + if (SB_EOF()) + break; + switch(SB_GET()) { + case TELQUAL_SEND: + case TELQUAL_REPLY: + /* + * These are sent by us and cannot be sent by + * the client. + */ + break; + case TELQUAL_IS: + auth_is(subpointer, SB_LEN()); + break; + case TELQUAL_NAME: + auth_name(subpointer, SB_LEN()); + break; + } + break; +#endif +#ifdef ENCRYPTION + case TELOPT_ENCRYPT: + if (SB_EOF()) + break; + switch(SB_GET()) { + case ENCRYPT_SUPPORT: + encrypt_support(subpointer, SB_LEN()); + break; + case ENCRYPT_IS: + encrypt_is(subpointer, SB_LEN()); + break; + case ENCRYPT_REPLY: + encrypt_reply(subpointer, SB_LEN()); + break; + case ENCRYPT_START: + encrypt_start(subpointer, SB_LEN()); + break; + case ENCRYPT_END: + encrypt_end(); + break; + case ENCRYPT_REQSTART: + encrypt_request_start(subpointer, SB_LEN()); + break; + case ENCRYPT_REQEND: + /* + * We can always send an REQEND so that we cannot + * get stuck encrypting. We should only get this + * if we have been able to get in the correct mode + * anyhow. + */ + encrypt_request_end(); + break; + case ENCRYPT_ENC_KEYID: + encrypt_enc_keyid(subpointer, SB_LEN()); + break; + case ENCRYPT_DEC_KEYID: + encrypt_dec_keyid(subpointer, SB_LEN()); + break; + default: + break; + } + break; +#endif /* ENCRYPTION */ + + default: + break; + } /* end of switch */ + +} /* end of suboption */ + + void +doclientstat() +{ + clientstat(TELOPT_LINEMODE, WILL, 0); +} + +#define ADD(c) *ncp++ = c +#define ADD_DATA(c) { *ncp++ = c; if (c == SE || c == IAC) *ncp++ = c; } + void +send_status() +{ + unsigned char statusbuf[256]; + register unsigned char *ncp; + register unsigned char i; + + ncp = statusbuf; + + netflush(); /* get rid of anything waiting to go out */ + + ADD(IAC); + ADD(SB); + ADD(TELOPT_STATUS); + ADD(TELQUAL_IS); + + /* + * We check the want_state rather than the current state, + * because if we received a DO/WILL for an option that we + * don't support, and the other side didn't send a DONT/WONT + * in response to our WONT/DONT, then the "state" will be + * WILL/DO, and the "want_state" will be WONT/DONT. We + * need to go by the latter. + */ + for (i = 0; i < (unsigned char)NTELOPTS; i++) { + if (my_want_state_is_will(i)) { + ADD(WILL); + ADD_DATA(i); + } + if (his_want_state_is_will(i)) { + ADD(DO); + ADD_DATA(i); + } + } + + if (his_want_state_is_will(TELOPT_LFLOW)) { + ADD(SB); + ADD(TELOPT_LFLOW); + if (flowmode) { + ADD(LFLOW_ON); + } else { + ADD(LFLOW_OFF); + } + ADD(SE); + + if (restartany >= 0) { + ADD(SB); + ADD(TELOPT_LFLOW); + if (restartany) { + ADD(LFLOW_RESTART_ANY); + } else { + ADD(LFLOW_RESTART_XON); + } + ADD(SE); + } + } + +#ifdef LINEMODE + if (his_want_state_is_will(TELOPT_LINEMODE)) { + unsigned char *cp, *cpe; + int len; + + ADD(SB); + ADD(TELOPT_LINEMODE); + ADD(LM_MODE); + ADD_DATA(editmode); + ADD(SE); + + ADD(SB); + ADD(TELOPT_LINEMODE); + ADD(LM_SLC); + start_slc(0); + send_slc(); + len = end_slc(&cp); + for (cpe = cp + len; cp < cpe; cp++) + ADD_DATA(*cp); + ADD(SE); + } +#endif /* LINEMODE */ + + ADD(IAC); + ADD(SE); + + writenet(statusbuf, ncp - statusbuf); + netflush(); /* Send it on its way */ + + DIAG(TD_OPTIONS, + {printsub('>', statusbuf, ncp - statusbuf); netflush();}); +} diff --git a/secure/libexec/telnetd/sys_term.c b/secure/libexec/telnetd/sys_term.c new file mode 100644 index 0000000..87db574 --- /dev/null +++ b/secure/libexec/telnetd/sys_term.c @@ -0,0 +1,2318 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)sys_term.c 8.4+1 (Berkeley) 5/30/95"; +#endif /* not lint */ + +#include "telnetd.h" +#include "pathnames.h" + +#if defined(AUTHENTICATION) +#include <libtelnet/auth.h> +#endif + +#if defined(CRAY) || defined(__hpux) +# define PARENT_DOES_UTMP +#endif + +int utmp_len = MAXHOSTNAMELEN; +#ifdef NEWINIT +#include <initreq.h> +#else /* NEWINIT*/ +# ifdef UTMPX +# include <utmpx.h> +struct utmpx wtmp; +# else +# include <utmp.h> +struct utmp wtmp; +# endif /* UTMPX */ + +# ifndef PARENT_DOES_UTMP +#ifdef _PATH_WTMP +char wtmpf[] = _PATH_WTMP; +#else +char wtmpf[] = "/usr/adm/wtmp"; +#endif +#ifdef _PATH_UTMP +char utmpf[] = _PATH_UTMP; +#else +char utmpf[] = "/etc/utmp"; +#endif +# else /* PARENT_DOES_UTMP */ +char wtmpf[] = "/etc/wtmp"; +# endif /* PARENT_DOES_UTMP */ + +# ifdef CRAY +#include <tmpdir.h> +#include <sys/wait.h> +# if (UNICOS_LVL == '7.0') || (UNICOS_LVL == '7.1') +# define UNICOS7x +# endif + +# ifdef UNICOS7x +#include <sys/sysv.h> +#include <sys/secstat.h> +extern int secflag; +extern struct sysv sysv; +# endif /* UNICOS7x */ +# endif /* CRAY */ +#endif /* NEWINIT */ + +#ifdef STREAMSPTY +#include <sac.h> +#include <sys/stropts.h> +#endif + +#define SCPYN(a, b) (void) strncpy(a, b, sizeof(a)) +#define SCMPN(a, b) strncmp(a, b, sizeof(a)) + +#ifdef STREAMS +#include <sys/stream.h> +#endif +#ifdef __hpux +#include <sys/resource.h> +#include <sys/proc.h> +#endif +#include <sys/tty.h> +#ifdef t_erase +#undef t_erase +#undef t_kill +#undef t_intrc +#undef t_quitc +#undef t_startc +#undef t_stopc +#undef t_eofc +#undef t_brkc +#undef t_suspc +#undef t_dsuspc +#undef t_rprntc +#undef t_flushc +#undef t_werasc +#undef t_lnextc +#endif + +#if defined(UNICOS5) && defined(CRAY2) && !defined(EXTPROC) +# define EXTPROC 0400 +#endif + +#ifndef USE_TERMIO +struct termbuf { + struct sgttyb sg; + struct tchars tc; + struct ltchars ltc; + int state; + int lflags; +} termbuf, termbuf2; +# define cfsetospeed(tp, val) (tp)->sg.sg_ospeed = (val) +# define cfsetispeed(tp, val) (tp)->sg.sg_ispeed = (val) +# define cfgetospeed(tp) (tp)->sg.sg_ospeed +# define cfgetispeed(tp) (tp)->sg.sg_ispeed +#else /* USE_TERMIO */ +# ifdef SYSV_TERMIO +# define termios termio +# endif +# ifndef TCSANOW +# ifdef TCSETS +# define TCSANOW TCSETS +# define TCSADRAIN TCSETSW +# define tcgetattr(f, t) ioctl(f, TCGETS, (char *)t) +# else +# ifdef TCSETA +# define TCSANOW TCSETA +# define TCSADRAIN TCSETAW +# define tcgetattr(f, t) ioctl(f, TCGETA, (char *)t) +# else +# define TCSANOW TIOCSETA +# define TCSADRAIN TIOCSETAW +# define tcgetattr(f, t) ioctl(f, TIOCGETA, (char *)t) +# endif +# endif +# define tcsetattr(f, a, t) ioctl(f, a, t) +# define cfsetospeed(tp, val) (tp)->c_cflag &= ~CBAUD; \ + (tp)->c_cflag |= (val) +# define cfgetospeed(tp) ((tp)->c_cflag & CBAUD) +# ifdef CIBAUD +# define cfsetispeed(tp, val) (tp)->c_cflag &= ~CIBAUD; \ + (tp)->c_cflag |= ((val)<<IBSHIFT) +# define cfgetispeed(tp) (((tp)->c_cflag & CIBAUD)>>IBSHIFT) +# else +# define cfsetispeed(tp, val) (tp)->c_cflag &= ~CBAUD; \ + (tp)->c_cflag |= (val) +# define cfgetispeed(tp) ((tp)->c_cflag & CBAUD) +# endif +# endif /* TCSANOW */ +struct termios termbuf, termbuf2; /* pty control structure */ +# ifdef STREAMSPTY +int ttyfd = -1; +# endif +#endif /* USE_TERMIO */ + +/* + * init_termbuf() + * copy_termbuf(cp) + * set_termbuf() + * + * These three routines are used to get and set the "termbuf" structure + * to and from the kernel. init_termbuf() gets the current settings. + * copy_termbuf() hands in a new "termbuf" to write to the kernel, and + * set_termbuf() writes the structure into the kernel. + */ + + void +init_termbuf() +{ +#ifndef USE_TERMIO + (void) ioctl(pty, TIOCGETP, (char *)&termbuf.sg); + (void) ioctl(pty, TIOCGETC, (char *)&termbuf.tc); + (void) ioctl(pty, TIOCGLTC, (char *)&termbuf.ltc); +# ifdef TIOCGSTATE + (void) ioctl(pty, TIOCGSTATE, (char *)&termbuf.state); +# endif +#else +# ifdef STREAMSPTY + (void) tcgetattr(ttyfd, &termbuf); +# else + (void) tcgetattr(pty, &termbuf); +# endif +#endif + termbuf2 = termbuf; +} + +#if defined(LINEMODE) && defined(TIOCPKT_IOCTL) + void +copy_termbuf(cp, len) + char *cp; + int len; +{ + if (len > sizeof(termbuf)) + len = sizeof(termbuf); + memmove((char *)&termbuf, cp, len); + termbuf2 = termbuf; +} +#endif /* defined(LINEMODE) && defined(TIOCPKT_IOCTL) */ + + void +set_termbuf() +{ + /* + * Only make the necessary changes. + */ +#ifndef USE_TERMIO + if (memcmp((char *)&termbuf.sg, (char *)&termbuf2.sg, + sizeof(termbuf.sg))) + (void) ioctl(pty, TIOCSETN, (char *)&termbuf.sg); + if (memcmp((char *)&termbuf.tc, (char *)&termbuf2.tc, + sizeof(termbuf.tc))) + (void) ioctl(pty, TIOCSETC, (char *)&termbuf.tc); + if (memcmp((char *)&termbuf.ltc, (char *)&termbuf2.ltc, + sizeof(termbuf.ltc))) + (void) ioctl(pty, TIOCSLTC, (char *)&termbuf.ltc); + if (termbuf.lflags != termbuf2.lflags) + (void) ioctl(pty, TIOCLSET, (char *)&termbuf.lflags); +#else /* USE_TERMIO */ + if (memcmp((char *)&termbuf, (char *)&termbuf2, sizeof(termbuf))) +# ifdef STREAMSPTY + (void) tcsetattr(ttyfd, TCSANOW, &termbuf); +# else + (void) tcsetattr(pty, TCSANOW, &termbuf); +# endif +# if defined(CRAY2) && defined(UNICOS5) + needtermstat = 1; +# endif +#endif /* USE_TERMIO */ +} + + +/* + * spcset(func, valp, valpp) + * + * This function takes various special characters (func), and + * sets *valp to the current value of that character, and + * *valpp to point to where in the "termbuf" structure that + * value is kept. + * + * It returns the SLC_ level of support for this function. + */ + +#ifndef USE_TERMIO + int +spcset(func, valp, valpp) + int func; + cc_t *valp; + cc_t **valpp; +{ + switch(func) { + case SLC_EOF: + *valp = termbuf.tc.t_eofc; + *valpp = (cc_t *)&termbuf.tc.t_eofc; + return(SLC_VARIABLE); + case SLC_EC: + *valp = termbuf.sg.sg_erase; + *valpp = (cc_t *)&termbuf.sg.sg_erase; + return(SLC_VARIABLE); + case SLC_EL: + *valp = termbuf.sg.sg_kill; + *valpp = (cc_t *)&termbuf.sg.sg_kill; + return(SLC_VARIABLE); + case SLC_IP: + *valp = termbuf.tc.t_intrc; + *valpp = (cc_t *)&termbuf.tc.t_intrc; + return(SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT); + case SLC_ABORT: + *valp = termbuf.tc.t_quitc; + *valpp = (cc_t *)&termbuf.tc.t_quitc; + return(SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT); + case SLC_XON: + *valp = termbuf.tc.t_startc; + *valpp = (cc_t *)&termbuf.tc.t_startc; + return(SLC_VARIABLE); + case SLC_XOFF: + *valp = termbuf.tc.t_stopc; + *valpp = (cc_t *)&termbuf.tc.t_stopc; + return(SLC_VARIABLE); + case SLC_AO: + *valp = termbuf.ltc.t_flushc; + *valpp = (cc_t *)&termbuf.ltc.t_flushc; + return(SLC_VARIABLE); + case SLC_SUSP: + *valp = termbuf.ltc.t_suspc; + *valpp = (cc_t *)&termbuf.ltc.t_suspc; + return(SLC_VARIABLE); + case SLC_EW: + *valp = termbuf.ltc.t_werasc; + *valpp = (cc_t *)&termbuf.ltc.t_werasc; + return(SLC_VARIABLE); + case SLC_RP: + *valp = termbuf.ltc.t_rprntc; + *valpp = (cc_t *)&termbuf.ltc.t_rprntc; + return(SLC_VARIABLE); + case SLC_LNEXT: + *valp = termbuf.ltc.t_lnextc; + *valpp = (cc_t *)&termbuf.ltc.t_lnextc; + return(SLC_VARIABLE); + case SLC_FORW1: + *valp = termbuf.tc.t_brkc; + *valpp = (cc_t *)&termbuf.ltc.t_lnextc; + return(SLC_VARIABLE); + case SLC_BRK: + case SLC_SYNCH: + case SLC_AYT: + case SLC_EOR: + *valp = (cc_t)0; + *valpp = (cc_t *)0; + return(SLC_DEFAULT); + default: + *valp = (cc_t)0; + *valpp = (cc_t *)0; + return(SLC_NOSUPPORT); + } +} + +#else /* USE_TERMIO */ + + int +spcset(func, valp, valpp) + int func; + cc_t *valp; + cc_t **valpp; +{ + +#define setval(a, b) *valp = termbuf.c_cc[a]; \ + *valpp = &termbuf.c_cc[a]; \ + return(b); +#define defval(a) *valp = ((cc_t)a); *valpp = (cc_t *)0; return(SLC_DEFAULT); + + switch(func) { + case SLC_EOF: + setval(VEOF, SLC_VARIABLE); + case SLC_EC: + setval(VERASE, SLC_VARIABLE); + case SLC_EL: + setval(VKILL, SLC_VARIABLE); + case SLC_IP: + setval(VINTR, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT); + case SLC_ABORT: + setval(VQUIT, SLC_VARIABLE|SLC_FLUSHIN|SLC_FLUSHOUT); + case SLC_XON: +#ifdef VSTART + setval(VSTART, SLC_VARIABLE); +#else + defval(0x13); +#endif + case SLC_XOFF: +#ifdef VSTOP + setval(VSTOP, SLC_VARIABLE); +#else + defval(0x11); +#endif + case SLC_EW: +#ifdef VWERASE + setval(VWERASE, SLC_VARIABLE); +#else + defval(0); +#endif + case SLC_RP: +#ifdef VREPRINT + setval(VREPRINT, SLC_VARIABLE); +#else + defval(0); +#endif + case SLC_LNEXT: +#ifdef VLNEXT + setval(VLNEXT, SLC_VARIABLE); +#else + defval(0); +#endif + case SLC_AO: +#if !defined(VDISCARD) && defined(VFLUSHO) +# define VDISCARD VFLUSHO +#endif +#ifdef VDISCARD + setval(VDISCARD, SLC_VARIABLE|SLC_FLUSHOUT); +#else + defval(0); +#endif + case SLC_SUSP: +#ifdef VSUSP + setval(VSUSP, SLC_VARIABLE|SLC_FLUSHIN); +#else + defval(0); +#endif +#ifdef VEOL + case SLC_FORW1: + setval(VEOL, SLC_VARIABLE); +#endif +#ifdef VEOL2 + case SLC_FORW2: + setval(VEOL2, SLC_VARIABLE); +#endif + case SLC_AYT: +#ifdef VSTATUS + setval(VSTATUS, SLC_VARIABLE); +#else + defval(0); +#endif + + case SLC_BRK: + case SLC_SYNCH: + case SLC_EOR: + defval(0); + + default: + *valp = 0; + *valpp = 0; + return(SLC_NOSUPPORT); + } +} +#endif /* USE_TERMIO */ + +#ifdef CRAY +/* + * getnpty() + * + * Return the number of pty's configured into the system. + */ + int +getnpty() +{ +#ifdef _SC_CRAY_NPTY + int numptys; + + if ((numptys = sysconf(_SC_CRAY_NPTY)) != -1) + return numptys; + else +#endif /* _SC_CRAY_NPTY */ + return 128; +} +#endif /* CRAY */ + +#ifndef convex +/* + * getpty() + * + * Allocate a pty. As a side effect, the external character + * array "line" contains the name of the slave side. + * + * Returns the file descriptor of the opened pty. + */ +#ifndef __GNUC__ +char *line = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; +#else +static char Xline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; +char *line = Xline; +#endif +#ifdef CRAY +char *myline = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; +#endif /* CRAY */ + + int +getpty(ptynum) +int *ptynum; +{ + register int p; +#ifdef STREAMSPTY + int t; + char *ptsname(); + + p = open("/dev/ptmx", 2); + if (p > 0) { + grantpt(p); + unlockpt(p); + strcpy(line, ptsname(p)); + return(p); + } + +#else /* ! STREAMSPTY */ +#ifndef CRAY + register char *cp, *p1, *p2; + register int i; +#if defined(sun) && defined(TIOCGPGRP) && BSD < 199207 + int dummy; +#endif + +#ifndef __hpux + (void) sprintf(line, "/dev/ptyXX"); + p1 = &line[8]; + p2 = &line[9]; +#else + (void) sprintf(line, "/dev/ptym/ptyXX"); + p1 = &line[13]; + p2 = &line[14]; +#endif + + for (cp = "pqrsPQRS"; *cp; cp++) { + struct stat stb; + + *p1 = *cp; + *p2 = '0'; + /* + * This stat() check is just to keep us from + * looping through all 256 combinations if there + * aren't that many ptys available. + */ + if (stat(line, &stb) < 0) + break; + for (i = 0; i < 32; i++) { + *p2 = "0123456789abcdefghijklmnopqrstuv"[i]; + p = open(line, 2); + if (p > 0) { +#ifndef __hpux + line[5] = 't'; +#else + for (p1 = &line[8]; *p1; p1++) + *p1 = *(p1+1); + line[9] = 't'; +#endif + chown(line, 0, 0); + chmod(line, 0600); +#if defined(sun) && defined(TIOCGPGRP) && BSD < 199207 + if (ioctl(p, TIOCGPGRP, &dummy) == 0 + || errno != EIO) { + chmod(line, 0666); + close(p); + line[5] = 'p'; + } else +#endif /* defined(sun) && defined(TIOCGPGRP) && BSD < 199207 */ + return(p); + } + } + } +#else /* CRAY */ + extern lowpty, highpty; + struct stat sb; + + for (*ptynum = lowpty; *ptynum <= highpty; (*ptynum)++) { + (void) sprintf(myline, "/dev/pty/%03d", *ptynum); + p = open(myline, 2); + if (p < 0) + continue; + (void) sprintf(line, "/dev/ttyp%03d", *ptynum); + /* + * Here are some shenanigans to make sure that there + * are no listeners lurking on the line. + */ + if(stat(line, &sb) < 0) { + (void) close(p); + continue; + } + if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) { + chown(line, 0, 0); + chmod(line, 0600); + (void)close(p); + p = open(myline, 2); + if (p < 0) + continue; + } + /* + * Now it should be safe...check for accessability. + */ + if (access(line, 6) == 0) + return(p); + else { + /* no tty side to pty so skip it */ + (void) close(p); + } + } +#endif /* CRAY */ +#endif /* STREAMSPTY */ + return(-1); +} +#endif /* convex */ + +#ifdef LINEMODE +/* + * tty_flowmode() Find out if flow control is enabled or disabled. + * tty_linemode() Find out if linemode (external processing) is enabled. + * tty_setlinemod(on) Turn on/off linemode. + * tty_isecho() Find out if echoing is turned on. + * tty_setecho(on) Enable/disable character echoing. + * tty_israw() Find out if terminal is in RAW mode. + * tty_binaryin(on) Turn on/off BINARY on input. + * tty_binaryout(on) Turn on/off BINARY on output. + * tty_isediting() Find out if line editing is enabled. + * tty_istrapsig() Find out if signal trapping is enabled. + * tty_setedit(on) Turn on/off line editing. + * tty_setsig(on) Turn on/off signal trapping. + * tty_issofttab() Find out if tab expansion is enabled. + * tty_setsofttab(on) Turn on/off soft tab expansion. + * tty_islitecho() Find out if typed control chars are echoed literally + * tty_setlitecho() Turn on/off literal echo of control chars + * tty_tspeed(val) Set transmit speed to val. + * tty_rspeed(val) Set receive speed to val. + */ + +#ifdef convex +static int linestate; +#endif + + int +tty_linemode() +{ +#ifndef convex +#ifndef USE_TERMIO + return(termbuf.state & TS_EXTPROC); +#else + return(termbuf.c_lflag & EXTPROC); +#endif +#else + return(linestate); +#endif +} + + void +tty_setlinemode(on) + int on; +{ +#ifdef TIOCEXT +# ifndef convex + set_termbuf(); +# else + linestate = on; +# endif + (void) ioctl(pty, TIOCEXT, (char *)&on); +# ifndef convex + init_termbuf(); +# endif +#else /* !TIOCEXT */ +# ifdef EXTPROC + if (on) + termbuf.c_lflag |= EXTPROC; + else + termbuf.c_lflag &= ~EXTPROC; +# endif +#endif /* TIOCEXT */ +} +#endif /* LINEMODE */ + + int +tty_isecho() +{ +#ifndef USE_TERMIO + return (termbuf.sg.sg_flags & ECHO); +#else + return (termbuf.c_lflag & ECHO); +#endif +} + + int +tty_flowmode() +{ +#ifndef USE_TERMIO + return(((termbuf.tc.t_startc) > 0 && (termbuf.tc.t_stopc) > 0) ? 1 : 0); +#else + return((termbuf.c_iflag & IXON) ? 1 : 0); +#endif +} + + int +tty_restartany() +{ +#ifndef USE_TERMIO +# ifdef DECCTQ + return((termbuf.lflags & DECCTQ) ? 0 : 1); +# else + return(-1); +# endif +#else + return((termbuf.c_iflag & IXANY) ? 1 : 0); +#endif +} + + void +tty_setecho(on) + int on; +{ +#ifndef USE_TERMIO + if (on) + termbuf.sg.sg_flags |= ECHO|CRMOD; + else + termbuf.sg.sg_flags &= ~(ECHO|CRMOD); +#else + if (on) + termbuf.c_lflag |= ECHO; + else + termbuf.c_lflag &= ~ECHO; +#endif +} + + int +tty_israw() +{ +#ifndef USE_TERMIO + return(termbuf.sg.sg_flags & RAW); +#else + return(!(termbuf.c_lflag & ICANON)); +#endif +} + +#if defined (AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R) + int +tty_setraw(on) +{ +# ifndef USE_TERMIO + if (on) + termbuf.sg.sg_flags |= RAW; + else + termbuf.sg.sg_flags &= ~RAW; +# else + if (on) + termbuf.c_lflag &= ~ICANON; + else + termbuf.c_lflag |= ICANON; +# endif +} +#endif + + void +tty_binaryin(on) + int on; +{ +#ifndef USE_TERMIO + if (on) + termbuf.lflags |= LPASS8; + else + termbuf.lflags &= ~LPASS8; +#else + if (on) { + termbuf.c_iflag &= ~ISTRIP; + } else { + termbuf.c_iflag |= ISTRIP; + } +#endif +} + + void +tty_binaryout(on) + int on; +{ +#ifndef USE_TERMIO + if (on) + termbuf.lflags |= LLITOUT; + else + termbuf.lflags &= ~LLITOUT; +#else + if (on) { + termbuf.c_cflag &= ~(CSIZE|PARENB); + termbuf.c_cflag |= CS8; + termbuf.c_oflag &= ~OPOST; + } else { + termbuf.c_cflag &= ~CSIZE; + termbuf.c_cflag |= CS7|PARENB; + termbuf.c_oflag |= OPOST; + } +#endif +} + + int +tty_isbinaryin() +{ +#ifndef USE_TERMIO + return(termbuf.lflags & LPASS8); +#else + return(!(termbuf.c_iflag & ISTRIP)); +#endif +} + + int +tty_isbinaryout() +{ +#ifndef USE_TERMIO + return(termbuf.lflags & LLITOUT); +#else + return(!(termbuf.c_oflag&OPOST)); +#endif +} + +#ifdef LINEMODE + int +tty_isediting() +{ +#ifndef USE_TERMIO + return(!(termbuf.sg.sg_flags & (CBREAK|RAW))); +#else + return(termbuf.c_lflag & ICANON); +#endif +} + + int +tty_istrapsig() +{ +#ifndef USE_TERMIO + return(!(termbuf.sg.sg_flags&RAW)); +#else + return(termbuf.c_lflag & ISIG); +#endif +} + + void +tty_setedit(on) + int on; +{ +#ifndef USE_TERMIO + if (on) + termbuf.sg.sg_flags &= ~CBREAK; + else + termbuf.sg.sg_flags |= CBREAK; +#else + if (on) + termbuf.c_lflag |= ICANON; + else + termbuf.c_lflag &= ~ICANON; +#endif +} + + void +tty_setsig(on) + int on; +{ +#ifndef USE_TERMIO + if (on) + ; +#else + if (on) + termbuf.c_lflag |= ISIG; + else + termbuf.c_lflag &= ~ISIG; +#endif +} +#endif /* LINEMODE */ + + int +tty_issofttab() +{ +#ifndef USE_TERMIO + return (termbuf.sg.sg_flags & XTABS); +#else +# ifdef OXTABS + return (termbuf.c_oflag & OXTABS); +# endif +# ifdef TABDLY + return ((termbuf.c_oflag & TABDLY) == TAB3); +# endif +#endif +} + + void +tty_setsofttab(on) + int on; +{ +#ifndef USE_TERMIO + if (on) + termbuf.sg.sg_flags |= XTABS; + else + termbuf.sg.sg_flags &= ~XTABS; +#else + if (on) { +# ifdef OXTABS + termbuf.c_oflag |= OXTABS; +# endif +# ifdef TABDLY + termbuf.c_oflag &= ~TABDLY; + termbuf.c_oflag |= TAB3; +# endif + } else { +# ifdef OXTABS + termbuf.c_oflag &= ~OXTABS; +# endif +# ifdef TABDLY + termbuf.c_oflag &= ~TABDLY; + termbuf.c_oflag |= TAB0; +# endif + } +#endif +} + + int +tty_islitecho() +{ +#ifndef USE_TERMIO + return (!(termbuf.lflags & LCTLECH)); +#else +# ifdef ECHOCTL + return (!(termbuf.c_lflag & ECHOCTL)); +# endif +# ifdef TCTLECH + return (!(termbuf.c_lflag & TCTLECH)); +# endif +# if !defined(ECHOCTL) && !defined(TCTLECH) + return (0); /* assumes ctl chars are echoed '^x' */ +# endif +#endif +} + + void +tty_setlitecho(on) + int on; +{ +#ifndef USE_TERMIO + if (on) + termbuf.lflags &= ~LCTLECH; + else + termbuf.lflags |= LCTLECH; +#else +# ifdef ECHOCTL + if (on) + termbuf.c_lflag &= ~ECHOCTL; + else + termbuf.c_lflag |= ECHOCTL; +# endif +# ifdef TCTLECH + if (on) + termbuf.c_lflag &= ~TCTLECH; + else + termbuf.c_lflag |= TCTLECH; +# endif +#endif +} + + int +tty_iscrnl() +{ +#ifndef USE_TERMIO + return (termbuf.sg.sg_flags & CRMOD); +#else + return (termbuf.c_iflag & ICRNL); +#endif +} + +/* + * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD). + */ +#if B4800 != 4800 +#define DECODE_BAUD +#endif + +#ifdef DECODE_BAUD + +/* + * A table of available terminal speeds + */ +struct termspeeds { + int speed; + int value; +} termspeeds[] = { + { 0, B0 }, { 50, B50 }, { 75, B75 }, + { 110, B110 }, { 134, B134 }, { 150, B150 }, + { 200, B200 }, { 300, B300 }, { 600, B600 }, + { 1200, B1200 }, { 1800, B1800 }, { 2400, B2400 }, + { 4800, B4800 }, +#ifdef B7200 + { 7200, B7200 }, +#endif + { 9600, B9600 }, +#ifdef B14400 + { 14400, B14400 }, +#endif +#ifdef B19200 + { 19200, B19200 }, +#endif +#ifdef B28800 + { 28800, B28800 }, +#endif +#ifdef B38400 + { 38400, B38400 }, +#endif +#ifdef B57600 + { 57600, B57600 }, +#endif +#ifdef B115200 + { 115200, B115200 }, +#endif +#ifdef B230400 + { 230400, B230400 }, +#endif + { -1, 0 } +}; +#endif /* DECODE_BUAD */ + + void +tty_tspeed(val) + int val; +{ +#ifdef DECODE_BAUD + register struct termspeeds *tp; + + for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++) + ; + if (tp->speed == -1) /* back up to last valid value */ + --tp; + cfsetospeed(&termbuf, tp->value); +#else /* DECODE_BUAD */ + cfsetospeed(&termbuf, val); +#endif /* DECODE_BUAD */ +} + + void +tty_rspeed(val) + int val; +{ +#ifdef DECODE_BAUD + register struct termspeeds *tp; + + for (tp = termspeeds; (tp->speed != -1) && (val > tp->speed); tp++) + ; + if (tp->speed == -1) /* back up to last valid value */ + --tp; + cfsetispeed(&termbuf, tp->value); +#else /* DECODE_BAUD */ + cfsetispeed(&termbuf, val); +#endif /* DECODE_BAUD */ +} + +#if defined(CRAY2) && defined(UNICOS5) + int +tty_isnewmap() +{ + return((termbuf.c_oflag & OPOST) && (termbuf.c_oflag & ONLCR) && + !(termbuf.c_oflag & ONLRET)); +} +#endif + +#ifdef PARENT_DOES_UTMP +# ifndef NEWINIT +extern struct utmp wtmp; +extern char wtmpf[]; +# else /* NEWINIT */ +int gotalarm; + + /* ARGSUSED */ + void +nologinproc(sig) + int sig; +{ + gotalarm++; +} +# endif /* NEWINIT */ +#endif /* PARENT_DOES_UTMP */ + +#ifndef NEWINIT +# ifdef PARENT_DOES_UTMP +extern void utmp_sig_init P((void)); +extern void utmp_sig_reset P((void)); +extern void utmp_sig_wait P((void)); +extern void utmp_sig_notify P((int)); +# endif /* PARENT_DOES_UTMP */ +#endif + +/* + * getptyslave() + * + * Open the slave side of the pty, and do any initialization + * that is necessary. The return value is a file descriptor + * for the slave side. + */ + int +getptyslave() +{ + register int t = -1; + char erase; + +#if !defined(CRAY) || !defined(NEWINIT) +# ifdef LINEMODE + int waslm; +# endif +# ifdef TIOCGWINSZ + struct winsize ws; + extern int def_row, def_col; +# endif + extern int def_tspeed, def_rspeed; + /* + * Opening the slave side may cause initilization of the + * kernel tty structure. We need remember the state of + * if linemode was turned on + * terminal window size + * terminal speed + * erase character + * so that we can re-set them if we need to. + */ +# ifdef LINEMODE + waslm = tty_linemode(); +# endif + erase = termbuf.c_cc[VERASE]; + + /* + * Make sure that we don't have a controlling tty, and + * that we are the session (process group) leader. + */ +# ifdef TIOCNOTTY + t = open(_PATH_TTY, O_RDWR); + if (t >= 0) { + (void) ioctl(t, TIOCNOTTY, (char *)0); + (void) close(t); + } +# endif + + +# ifdef PARENT_DOES_UTMP + /* + * Wait for our parent to get the utmp stuff to get done. + */ + utmp_sig_wait(); +# endif + + t = cleanopen(line); + if (t < 0) + fatalperror(net, line); + +#ifdef STREAMSPTY +#ifdef USE_TERMIO + ttyfd = t; +#endif + if (ioctl(t, I_PUSH, "ptem") < 0) + fatal(net, "I_PUSH ptem"); + if (ioctl(t, I_PUSH, "ldterm") < 0) + fatal(net, "I_PUSH ldterm"); + if (ioctl(t, I_PUSH, "ttcompat") < 0) + fatal(net, "I_PUSH ttcompat"); + if (ioctl(pty, I_PUSH, "pckt") < 0) + fatal(net, "I_PUSH pckt"); +#endif + + /* + * set up the tty modes as we like them to be. + */ + init_termbuf(); +# ifdef TIOCGWINSZ + if (def_row || def_col) { + memset((char *)&ws, 0, sizeof(ws)); + ws.ws_col = def_col; + ws.ws_row = def_row; + (void)ioctl(t, TIOCSWINSZ, (char *)&ws); + } +# endif + + /* + * Settings for sgtty based systems + */ +# ifndef USE_TERMIO + termbuf.sg.sg_flags |= CRMOD|ANYP|ECHO|XTABS; +# endif /* USE_TERMIO */ + + /* + * Settings for UNICOS (and HPUX) + */ +# if defined(CRAY) || defined(__hpux) + termbuf.c_oflag = OPOST|ONLCR|TAB3; + termbuf.c_iflag = IGNPAR|ISTRIP|ICRNL|IXON; + termbuf.c_lflag = ISIG|ICANON|ECHO|ECHOE|ECHOK; + termbuf.c_cflag = EXTB|HUPCL|CS8; +# endif + + /* + * Settings for all other termios/termio based + * systems, other than 4.4BSD. In 4.4BSD the + * kernel does the initial terminal setup. + */ +# if defined(USE_TERMIO) && !(defined(CRAY) || defined(__hpux)) && (BSD <= 43) +# ifndef OXTABS +# define OXTABS 0 +# endif + termbuf.c_lflag |= ECHO; + termbuf.c_oflag |= ONLCR|OXTABS; + termbuf.c_iflag |= ICRNL; + termbuf.c_iflag &= ~IXOFF; +# endif /* defined(USE_TERMIO) && !defined(CRAY) && (BSD <= 43) */ + tty_rspeed((def_rspeed > 0) ? def_rspeed : 9600); + tty_tspeed((def_tspeed > 0) ? def_tspeed : 9600); + if (erase) + termbuf.c_cc[VERASE] = erase; +# ifdef LINEMODE + if (waslm) + tty_setlinemode(1); +# endif /* LINEMODE */ + + /* + * Set the tty modes, and make this our controlling tty. + */ + set_termbuf(); + if (login_tty(t) == -1) + fatalperror(net, "login_tty"); +#endif /* !defined(CRAY) || !defined(NEWINIT) */ + if (net > 2) + (void) close(net); +#if defined(AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R) + /* + * Leave the pty open so that we can write out the rlogin + * protocol for /bin/login, if the authentication works. + */ +#else + if (pty > 2) { + (void) close(pty); + pty = -1; + } +#endif +} + +#if !defined(CRAY) || !defined(NEWINIT) +#ifndef O_NOCTTY +#define O_NOCTTY 0 +#endif +/* + * Open the specified slave side of the pty, + * making sure that we have a clean tty. + */ + int +cleanopen(line) + char *line; +{ + register int t; +#ifdef UNICOS7x + struct secstat secbuf; +#endif /* UNICOS7x */ + +#ifndef STREAMSPTY + /* + * Make sure that other people can't open the + * slave side of the connection. + */ + (void) chown(line, 0, 0); + (void) chmod(line, 0600); +#endif + +# if !defined(CRAY) && (BSD > 43) + (void) revoke(line); +# endif +#ifdef UNICOS7x + if (secflag) { + if (secstat(line, &secbuf) < 0) + return(-1); + if (setulvl(secbuf.st_slevel) < 0) + return(-1); + if (setucmp(secbuf.st_compart) < 0) + return(-1); + } +#endif /* UNICOS7x */ + + t = open(line, O_RDWR|O_NOCTTY); + +#ifdef UNICOS7x + if (secflag) { + if (setulvl(sysv.sy_minlvl) < 0) + return(-1); + if (setucmp(0) < 0) + return(-1); + } +#endif /* UNICOS7x */ + + if (t < 0) + return(-1); + + /* + * Hangup anybody else using this ttyp, then reopen it for + * ourselves. + */ +# if !(defined(CRAY) || defined(__hpux)) && (BSD <= 43) && !defined(STREAMSPTY) + (void) signal(SIGHUP, SIG_IGN); + vhangup(); + (void) signal(SIGHUP, SIG_DFL); + t = open(line, O_RDWR|O_NOCTTY); + if (t < 0) + return(-1); +# endif +# if defined(CRAY) && defined(TCVHUP) + { + register int i; + (void) signal(SIGHUP, SIG_IGN); + (void) ioctl(t, TCVHUP, (char *)0); + (void) signal(SIGHUP, SIG_DFL); + +#ifdef UNICOS7x + if (secflag) { + if (secstat(line, &secbuf) < 0) + return(-1); + if (setulvl(secbuf.st_slevel) < 0) + return(-1); + if (setucmp(secbuf.st_compart) < 0) + return(-1); + } +#endif /* UNICOS7x */ + + i = open(line, O_RDWR); + +#ifdef UNICOS7x + if (secflag) { + if (setulvl(sysv.sy_minlvl) < 0) + return(-1); + if (setucmp(0) < 0) + return(-1); + } +#endif /* UNICOS7x */ + + if (i < 0) + return(-1); + (void) close(t); + t = i; + } +# endif /* defined(CRAY) && defined(TCVHUP) */ + return(t); +} +#endif /* !defined(CRAY) || !defined(NEWINIT) */ + +#if BSD <= 43 + + int +login_tty(t) + int t; +{ + if (setsid() < 0) { +#ifdef ultrix + /* + * The setsid() may have failed because we + * already have a pgrp == pid. Zero out + * our pgrp and try again... + */ + if ((setpgrp(0, 0) < 0) || (setsid() < 0)) +#endif + fatalperror(net, "setsid()"); + } +# ifdef TIOCSCTTY + if (ioctl(t, TIOCSCTTY, (char *)0) < 0) + fatalperror(net, "ioctl(sctty)"); +# if defined(CRAY) + /* + * Close the hard fd to /dev/ttypXXX, and re-open through + * the indirect /dev/tty interface. + */ + close(t); + if ((t = open("/dev/tty", O_RDWR)) < 0) + fatalperror(net, "open(/dev/tty)"); +# endif +# else + /* + * We get our controlling tty assigned as a side-effect + * of opening up a tty device. But on BSD based systems, + * this only happens if our process group is zero. The + * setsid() call above may have set our pgrp, so clear + * it out before opening the tty... + */ +# ifndef SOLARIS + (void) setpgrp(0, 0); +# else + (void) setpgrp(); +# endif + close(open(line, O_RDWR)); +# endif + if (t != 0) + (void) dup2(t, 0); + if (t != 1) + (void) dup2(t, 1); + if (t != 2) + (void) dup2(t, 2); + if (t > 2) + close(t); + return(0); +} +#endif /* BSD <= 43 */ + +#ifdef NEWINIT +char *gen_id = "fe"; +#endif + +/* + * startslave(host) + * + * Given a hostname, do whatever + * is necessary to startup the login process on the slave side of the pty. + */ + +/* ARGSUSED */ + void +startslave(host, autologin, autoname) + char *host; + int autologin; + char *autoname; +{ + register int i; + long time(); + char name[256]; +#ifdef NEWINIT + extern char *ptyip; + struct init_request request; + void nologinproc(); + register int n; +#endif /* NEWINIT */ + +#if defined(AUTHENTICATION) + if (!autoname || !autoname[0]) + autologin = 0; + + if (autologin < auth_level) { + fatal(net, "Authorization failed"); + exit(1); + } +#endif + +#ifndef NEWINIT +# ifdef PARENT_DOES_UTMP + utmp_sig_init(); +# endif /* PARENT_DOES_UTMP */ + + if ((i = fork()) < 0) + fatalperror(net, "fork"); + if (i) { +# ifdef PARENT_DOES_UTMP + /* + * Cray parent will create utmp entry for child and send + * signal to child to tell when done. Child waits for signal + * before doing anything important. + */ + register int pid = i; + void sigjob P((int)); + + setpgrp(); + utmp_sig_reset(); /* reset handler to default */ + /* + * Create utmp entry for child + */ + (void) time(&wtmp.ut_time); + wtmp.ut_type = LOGIN_PROCESS; + wtmp.ut_pid = pid; + SCPYN(wtmp.ut_user, "LOGIN"); + SCPYN(wtmp.ut_host, host); + SCPYN(wtmp.ut_line, line + sizeof("/dev/") - 1); +#ifndef __hpux + SCPYN(wtmp.ut_id, wtmp.ut_line+3); +#else + SCPYN(wtmp.ut_id, wtmp.ut_line+7); +#endif + pututline(&wtmp); + endutent(); + if ((i = open(wtmpf, O_WRONLY|O_APPEND)) >= 0) { + (void) write(i, (char *)&wtmp, sizeof(struct utmp)); + (void) close(i); + } +#ifdef CRAY + (void) signal(WJSIGNAL, sigjob); +#endif + utmp_sig_notify(pid); +# endif /* PARENT_DOES_UTMP */ + } else { + getptyslave(autologin); + start_login(host, autologin, autoname); + /*NOTREACHED*/ + } +#else /* NEWINIT */ + + /* + * Init will start up login process if we ask nicely. We only wait + * for it to start up and begin normal telnet operation. + */ + if ((i = open(INIT_FIFO, O_WRONLY)) < 0) { + char tbuf[128]; + (void) sprintf(tbuf, "Can't open %s\n", INIT_FIFO); + fatalperror(net, tbuf); + } + memset((char *)&request, 0, sizeof(request)); + request.magic = INIT_MAGIC; + SCPYN(request.gen_id, gen_id); + SCPYN(request.tty_id, &line[8]); + SCPYN(request.host, host); + SCPYN(request.term_type, terminaltype ? terminaltype : "network"); +#if !defined(UNICOS5) + request.signal = SIGCLD; + request.pid = getpid(); +#endif +#ifdef BFTPDAEMON + /* + * Are we working as the bftp daemon? + */ + if (bftpd) { + SCPYN(request.exec_name, BFTPPATH); + } +#endif /* BFTPDAEMON */ + if (write(i, (char *)&request, sizeof(request)) < 0) { + char tbuf[128]; + (void) sprintf(tbuf, "Can't write to %s\n", INIT_FIFO); + fatalperror(net, tbuf); + } + (void) close(i); + (void) signal(SIGALRM, nologinproc); + for (i = 0; ; i++) { + char tbuf[128]; + alarm(15); + n = read(pty, ptyip, BUFSIZ); + if (i == 3 || n >= 0 || !gotalarm) + break; + gotalarm = 0; + sprintf(tbuf, "telnetd: waiting for /etc/init to start login process on %s\r\n", line); + (void) write(net, tbuf, strlen(tbuf)); + } + if (n < 0 && gotalarm) + fatal(net, "/etc/init didn't start login process"); + pcc += n; + alarm(0); + (void) signal(SIGALRM, SIG_DFL); + + return; +#endif /* NEWINIT */ +} + +char *envinit[3]; +extern char **environ; + + void +init_env() +{ + extern char *getenv(); + char **envp; + + envp = envinit; + if (*envp = getenv("TZ")) + *envp++ -= 3; +#if defined(CRAY) || defined(__hpux) + else + *envp++ = "TZ=GMT0"; +#endif + *envp = 0; + environ = envinit; +} + +#ifndef NEWINIT + +/* + * start_login(host) + * + * Assuming that we are now running as a child processes, this + * function will turn us into the login process. + */ + + void +start_login(host, autologin, name) + char *host; + int autologin; + char *name; +{ + register char *cp; + register char **argv; + char **addarg(), *user; + extern char *getenv(); +#ifdef UTMPX + register int pid = getpid(); + struct utmpx utmpx; +#endif +#ifdef SOLARIS + char *term; + char termbuf[64]; +#endif + +#ifdef UTMPX + /* + * Create utmp entry for child + */ + + memset(&utmpx, 0, sizeof(utmpx)); + SCPYN(utmpx.ut_user, ".telnet"); + SCPYN(utmpx.ut_line, line + sizeof("/dev/") - 1); + utmpx.ut_pid = pid; + utmpx.ut_id[0] = 't'; + utmpx.ut_id[1] = 'n'; + utmpx.ut_id[2] = SC_WILDC; + utmpx.ut_id[3] = SC_WILDC; + utmpx.ut_type = LOGIN_PROCESS; + (void) time(&utmpx.ut_tv.tv_sec); + if (makeutx(&utmpx) == NULL) + fatal(net, "makeutx failed"); +#endif + + scrub_env(); + + /* + * -h : pass on name of host. + * WARNING: -h is accepted by login if and only if + * getuid() == 0. + * -p : don't clobber the environment (so terminal type stays set). + * + * -f : force this login, he has already been authenticated + */ + argv = addarg(0, "login"); + +#if !defined(NO_LOGIN_H) + +# if defined (AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R) + /* + * Don't add the "-h host" option if we are going + * to be adding the "-r host" option down below... + */ + if ((auth_level < 0) || (autologin != AUTH_VALID)) +# endif + { + argv = addarg(argv, "-h"); + argv = addarg(argv, host); +#ifdef SOLARIS + /* + * SVR4 version of -h takes TERM= as second arg, or - + */ + term = getenv("TERM"); + if (term == NULL || term[0] == 0) { + term = "-"; + } else { + strcpy(termbuf, "TERM="); + strncat(termbuf, term, sizeof(termbuf) - 6); + term = termbuf; + } + argv = addarg(argv, term); +#endif + } +#endif +#if !defined(NO_LOGIN_P) + argv = addarg(argv, "-p"); +#endif +#ifdef LINEMODE + /* + * Set the environment variable "LINEMODE" to either + * "real" or "kludge" if we are operating in either + * real or kludge linemode. + */ + if (lmodetype == REAL_LINEMODE) + setenv("LINEMODE", "real", 1); +# ifdef KLUDGELINEMODE + else if (lmodetype == KLUDGE_LINEMODE || lmodetype == KLUDGE_OK) + setenv("LINEMODE", "kludge", 1); +# endif +#endif +#ifdef BFTPDAEMON + /* + * Are we working as the bftp daemon? If so, then ask login + * to start bftp instead of shell. + */ + if (bftpd) { + argv = addarg(argv, "-e"); + argv = addarg(argv, BFTPPATH); + } else +#endif +#if defined (SecurID) + /* + * don't worry about the -f that might get sent. + * A -s is supposed to override it anyhow. + */ + if (require_SecurID) + argv = addarg(argv, "-s"); +#endif +#if defined (AUTHENTICATION) + if (auth_level >= 0 && autologin == AUTH_VALID) { +# if !defined(NO_LOGIN_F) + argv = addarg(argv, "-f"); + argv = addarg(argv, name); +# else +# if defined(LOGIN_R) + /* + * We don't have support for "login -f", but we + * can fool /bin/login into thinking that we are + * rlogind, and allow us to log in without a + * password. The rlogin protocol expects + * local-user\0remote-user\0term/speed\0 + */ + + if (pty > 2) { + register char *cp; + char speed[128]; + int isecho, israw, xpty, len; + extern int def_rspeed; +# ifndef LOGIN_HOST + /* + * Tell login that we are coming from "localhost". + * If we passed in the real host name, then the + * user would have to allow .rhost access from + * every machine that they want authenticated + * access to work from, which sort of defeats + * the purpose of an authenticated login... + * So, we tell login that the session is coming + * from "localhost", and the user will only have + * to have "localhost" in their .rhost file. + */ +# define LOGIN_HOST "localhost" +# endif + argv = addarg(argv, "-r"); + argv = addarg(argv, LOGIN_HOST); + + xpty = pty; +# ifndef STREAMSPTY + pty = 0; +# else + ttyfd = 0; +# endif + init_termbuf(); + isecho = tty_isecho(); + israw = tty_israw(); + if (isecho || !israw) { + tty_setecho(0); /* Turn off echo */ + tty_setraw(1); /* Turn on raw */ + set_termbuf(); + } + len = strlen(name)+1; + write(xpty, name, len); + write(xpty, name, len); + sprintf(speed, "%s/%d", (cp = getenv("TERM")) ? cp : "", + (def_rspeed > 0) ? def_rspeed : 9600); + len = strlen(speed)+1; + write(xpty, speed, len); + + if (isecho || !israw) { + init_termbuf(); + tty_setecho(isecho); + tty_setraw(israw); + set_termbuf(); + if (!israw) { + /* + * Write a newline to ensure + * that login will be able to + * read the line... + */ + write(xpty, "\n", 1); + } + } + pty = xpty; + } +# else + argv = addarg(argv, name); +# endif +# endif + } else +#endif + if (user = getenv("USER")) { + if (strchr(user, '-')) { + syslog(LOG_ERR, "tried to pass user \"%s\" to login", + user); + fatal(net, "invalid user"); + } + argv = addarg(argv, getenv("USER")); +#if defined(LOGIN_ARGS) && defined(NO_LOGIN_P) + { + register char **cpp; + for (cpp = environ; *cpp; cpp++) + argv = addarg(argv, *cpp); + } +#endif + /* + * Assume that login will set the USER variable + * correctly. For SysV systems, this means that + * USER will no longer be set, just LOGNAME by + * login. (The problem is that if the auto-login + * fails, and the user then specifies a different + * account name, he can get logged in with both + * LOGNAME and USER in his environment, but the + * USER value will be wrong. + */ + unsetenv("USER"); + } +#ifdef SOLARIS + else { + char **p; + + argv = addarg(argv, ""); /* no login name */ + for (p = environ; *p; p++) { + argv = addarg(argv, *p); + } + } +#endif /* SOLARIS */ +#if defined(AUTHENTICATION) && defined(NO_LOGIN_F) && defined(LOGIN_R) + if (pty > 2) + close(pty); +#endif + closelog(); + execv(_PATH_LOGIN, argv); + + syslog(LOG_ERR, "%s: %m\n", _PATH_LOGIN); + fatalperror(net, _PATH_LOGIN); + /*NOTREACHED*/ +} + + char ** +addarg(argv, val) + register char **argv; + register char *val; +{ + register char **cpp; + + if (argv == NULL) { + /* + * 10 entries, a leading length, and a null + */ + argv = (char **)malloc(sizeof(*argv) * 12); + if (argv == NULL) + return(NULL); + *argv++ = (char *)10; + *argv = (char *)0; + } + for (cpp = argv; *cpp; cpp++) + ; + if (cpp == &argv[(int)argv[-1]]) { + --argv; + *argv = (char *)((int)(*argv) + 10); + argv = (char **)realloc(argv, sizeof(*argv)*((int)(*argv) + 2)); + if (argv == NULL) + return(NULL); + argv++; + cpp = &argv[(int)argv[-1] - 10]; + } + *cpp++ = val; + *cpp = 0; + return(argv); +} +#endif /* NEWINIT */ + +/* + * scrub_env() + * + * Remove a few things from the environment that + * don't need to be there. + */ +scrub_env() +{ + register char **cpp, **cpp2; + + for (cpp2 = cpp = environ; *cpp; cpp++) { +#ifdef __FreeBSD__ + if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) && + strncmp(*cpp, "LD_PRELOAD=", 11) && +#else + if (strncmp(*cpp, "LD_", 3) && + strncmp(*cpp, "_RLD_", 5) && + strncmp(*cpp, "LIBPATH=", 8) && +#endif + strncmp(*cpp, "IFS=", 4)) + *cpp2++ = *cpp; + } + *cpp2 = 0; +} + +/* + * cleanup() + * + * This is the routine to call when we are all through, to + * clean up anything that needs to be cleaned up. + */ + /* ARGSUSED */ + void +cleanup(sig) + int sig; +{ +#ifndef PARENT_DOES_UTMP +# if (BSD > 43) || defined(convex) + char *p; + + p = line + sizeof("/dev/") - 1; + if (logout(p)) + logwtmp(p, "", ""); + (void)chmod(line, 0666); + (void)chown(line, 0, 0); + *p = 'p'; + (void)chmod(line, 0666); + (void)chown(line, 0, 0); + (void) shutdown(net, 2); + exit(1); +# else + void rmut(); + + rmut(); + vhangup(); /* XXX */ + (void) shutdown(net, 2); + exit(1); +# endif +#else /* PARENT_DOES_UTMP */ +# ifdef NEWINIT + (void) shutdown(net, 2); + exit(1); +# else /* NEWINIT */ +# ifdef CRAY + static int incleanup = 0; + register int t; + int child_status; /* status of child process as returned by waitpid */ + int flags = WNOHANG|WUNTRACED; + + /* + * 1: Pick up the zombie, if we are being called + * as the signal handler. + * 2: If we are a nested cleanup(), return. + * 3: Try to clean up TMPDIR. + * 4: Fill in utmp with shutdown of process. + * 5: Close down the network and pty connections. + * 6: Finish up the TMPDIR cleanup, if needed. + */ + if (sig == SIGCHLD) { + while (waitpid(-1, &child_status, flags) > 0) + ; /* VOID */ + /* Check if the child process was stopped + * rather than exited. We want cleanup only if + * the child has died. + */ + if (WIFSTOPPED(child_status)) { + return; + } + } + t = sigblock(sigmask(SIGCHLD)); + if (incleanup) { + sigsetmask(t); + return; + } + incleanup = 1; + sigsetmask(t); +#ifdef UNICOS7x + if (secflag) { + /* + * We need to set ourselves back to a null + * label to clean up. + */ + + setulvl(sysv.sy_minlvl); + setucmp((long)0); + } +#endif /* UNICOS7x */ + + t = cleantmp(&wtmp); + setutent(); /* just to make sure */ +# endif /* CRAY */ + rmut(line); + close(pty); + (void) shutdown(net, 2); +# ifdef CRAY + if (t == 0) + cleantmp(&wtmp); +# endif /* CRAY */ + exit(1); +# endif /* NEWINT */ +#endif /* PARENT_DOES_UTMP */ +} + +#if defined(PARENT_DOES_UTMP) && !defined(NEWINIT) +/* + * _utmp_sig_rcv + * utmp_sig_init + * utmp_sig_wait + * These three functions are used to coordinate the handling of + * the utmp file between the server and the soon-to-be-login shell. + * The server actually creates the utmp structure, the child calls + * utmp_sig_wait(), until the server calls utmp_sig_notify() and + * signals the future-login shell to proceed. + */ +static int caught=0; /* NZ when signal intercepted */ +static void (*func)(); /* address of previous handler */ + + void +_utmp_sig_rcv(sig) + int sig; +{ + caught = 1; + (void) signal(SIGUSR1, func); +} + + void +utmp_sig_init() +{ + /* + * register signal handler for UTMP creation + */ + if ((int)(func = signal(SIGUSR1, _utmp_sig_rcv)) == -1) + fatalperror(net, "telnetd/signal"); +} + + void +utmp_sig_reset() +{ + (void) signal(SIGUSR1, func); /* reset handler to default */ +} + +# ifdef __hpux +# define sigoff() /* do nothing */ +# define sigon() /* do nothing */ +# endif + + void +utmp_sig_wait() +{ + /* + * Wait for parent to write our utmp entry. + */ + sigoff(); + while (caught == 0) { + pause(); /* wait until we get a signal (sigon) */ + sigoff(); /* turn off signals while we check caught */ + } + sigon(); /* turn on signals again */ +} + + void +utmp_sig_notify(pid) +{ + kill(pid, SIGUSR1); +} + +# ifdef CRAY +static int gotsigjob = 0; + + /*ARGSUSED*/ + void +sigjob(sig) + int sig; +{ + register int jid; + register struct jobtemp *jp; + + while ((jid = waitjob(NULL)) != -1) { + if (jid == 0) { + return; + } + gotsigjob++; + jobend(jid, NULL, NULL); + } +} + +/* + * jid_getutid: + * called by jobend() before calling cleantmp() + * to find the correct $TMPDIR to cleanup. + */ + + struct utmp * +jid_getutid(jid) + int jid; +{ + struct utmp *cur = NULL; + + setutent(); /* just to make sure */ + while (cur = getutent()) { + if ( (cur->ut_type != NULL) && (jid == cur->ut_jid) ) { + return(cur); + } + } + + return(0); +} + +/* + * Clean up the TMPDIR that login created. + * The first time this is called we pick up the info + * from the utmp. If the job has already gone away, + * then we'll clean up and be done. If not, then + * when this is called the second time it will wait + * for the signal that the job is done. + */ + int +cleantmp(wtp) + register struct utmp *wtp; +{ + struct utmp *utp; + static int first = 1; + register int mask, omask, ret; + extern struct utmp *getutid P((const struct utmp *_Id)); + + + mask = sigmask(WJSIGNAL); + + if (first == 0) { + omask = sigblock(mask); + while (gotsigjob == 0) + sigpause(omask); + return(1); + } + first = 0; + setutent(); /* just to make sure */ + + utp = getutid(wtp); + if (utp == 0) { + syslog(LOG_ERR, "Can't get /etc/utmp entry to clean TMPDIR"); + return(-1); + } + /* + * Nothing to clean up if the user shell was never started. + */ + if (utp->ut_type != USER_PROCESS || utp->ut_jid == 0) + return(1); + + /* + * Block the WJSIGNAL while we are in jobend(). + */ + omask = sigblock(mask); + ret = jobend(utp->ut_jid, utp->ut_tpath, utp->ut_user); + sigsetmask(omask); + return(ret); +} + + int +jobend(jid, path, user) + register int jid; + register char *path; + register char *user; +{ + static int saved_jid = 0; + static int pty_saved_jid = 0; + static char saved_path[sizeof(wtmp.ut_tpath)+1]; + static char saved_user[sizeof(wtmp.ut_user)+1]; + + /* + * this little piece of code comes into play + * only when ptyreconnect is used to reconnect + * to an previous session. + * + * this is the only time when the + * "saved_jid != jid" code is executed. + */ + + if ( saved_jid && saved_jid != jid ) { + if (!path) { /* called from signal handler */ + pty_saved_jid = jid; + } else { + pty_saved_jid = saved_jid; + } + } + + if (path) { + strncpy(saved_path, path, sizeof(wtmp.ut_tpath)); + strncpy(saved_user, user, sizeof(wtmp.ut_user)); + saved_path[sizeof(saved_path)] = '\0'; + saved_user[sizeof(saved_user)] = '\0'; + } + if (saved_jid == 0) { + saved_jid = jid; + return(0); + } + + /* if the jid has changed, get the correct entry from the utmp file */ + + if ( saved_jid != jid ) { + struct utmp *utp = NULL; + struct utmp *jid_getutid(); + + utp = jid_getutid(pty_saved_jid); + + if (utp == 0) { + syslog(LOG_ERR, "Can't get /etc/utmp entry to clean TMPDIR"); + return(-1); + } + + cleantmpdir(jid, utp->ut_tpath, utp->ut_user); + return(1); + } + + cleantmpdir(jid, saved_path, saved_user); + return(1); +} + +/* + * Fork a child process to clean up the TMPDIR + */ +cleantmpdir(jid, tpath, user) + register int jid; + register char *tpath; + register char *user; +{ + switch(fork()) { + case -1: + syslog(LOG_ERR, "TMPDIR cleanup(%s): fork() failed: %m\n", + tpath); + break; + case 0: + execl(CLEANTMPCMD, CLEANTMPCMD, user, tpath, 0); + syslog(LOG_ERR, "TMPDIR cleanup(%s): execl(%s) failed: %m\n", + tpath, CLEANTMPCMD); + exit(1); + default: + /* + * Forget about child. We will exit, and + * /etc/init will pick it up. + */ + break; + } +} +# endif /* CRAY */ +#endif /* defined(PARENT_DOES_UTMP) && !defined(NEWINIT) */ + +/* + * rmut() + * + * This is the function called by cleanup() to + * remove the utmp entry for this person. + */ + +#ifdef UTMPX + void +rmut() +{ + register f; + int found = 0; + struct utmp *u, *utmp; + int nutmp; + struct stat statbf; + + struct utmpx *utxp, utmpx; + + /* + * This updates the utmpx and utmp entries and make a wtmp/x entry + */ + + SCPYN(utmpx.ut_line, line + sizeof("/dev/") - 1); + utxp = getutxline(&utmpx); + if (utxp) { + utxp->ut_type = DEAD_PROCESS; + utxp->ut_exit.e_termination = 0; + utxp->ut_exit.e_exit = 0; + (void) time(&utmpx.ut_tv.tv_sec); + utmpx.ut_tv.tv_usec = 0; + modutx(utxp); + } + endutxent(); +} /* end of rmut */ +#endif + +#if !defined(UTMPX) && !(defined(CRAY) || defined(__hpux)) && BSD <= 43 + void +rmut() +{ + register f; + int found = 0; + struct utmp *u, *utmp; + int nutmp; + struct stat statbf; + + f = open(utmpf, O_RDWR); + if (f >= 0) { + (void) fstat(f, &statbf); + utmp = (struct utmp *)malloc((unsigned)statbf.st_size); + if (!utmp) + syslog(LOG_ERR, "utmp malloc failed"); + if (statbf.st_size && utmp) { + nutmp = read(f, (char *)utmp, (int)statbf.st_size); + nutmp /= sizeof(struct utmp); + + for (u = utmp ; u < &utmp[nutmp] ; u++) { + if (SCMPN(u->ut_line, line+5) || + u->ut_name[0]==0) + continue; + (void) lseek(f, ((long)u)-((long)utmp), L_SET); + SCPYN(u->ut_name, ""); + SCPYN(u->ut_host, ""); + (void) time(&u->ut_time); + (void) write(f, (char *)u, sizeof(wtmp)); + found++; + } + } + (void) close(f); + } + if (found) { + f = open(wtmpf, O_WRONLY|O_APPEND); + if (f >= 0) { + SCPYN(wtmp.ut_line, line+5); + SCPYN(wtmp.ut_name, ""); + SCPYN(wtmp.ut_host, ""); + (void) time(&wtmp.ut_time); + (void) write(f, (char *)&wtmp, sizeof(wtmp)); + (void) close(f); + } + } + (void) chmod(line, 0666); + (void) chown(line, 0, 0); + line[strlen("/dev/")] = 'p'; + (void) chmod(line, 0666); + (void) chown(line, 0, 0); +} /* end of rmut */ +#endif /* CRAY */ + +#ifdef __hpux +rmut (line) +char *line; +{ + struct utmp utmp; + struct utmp *utptr; + int fd; /* for /etc/wtmp */ + + utmp.ut_type = USER_PROCESS; + (void) strncpy(utmp.ut_id, line+12, sizeof(utmp.ut_id)); + (void) setutent(); + utptr = getutid(&utmp); + /* write it out only if it exists */ + if (utptr) { + utptr->ut_type = DEAD_PROCESS; + utptr->ut_time = time((long *) 0); + (void) pututline(utptr); + /* set wtmp entry if wtmp file exists */ + if ((fd = open(wtmpf, O_WRONLY | O_APPEND)) >= 0) { + (void) write(fd, utptr, sizeof(utmp)); + (void) close(fd); + } + } + (void) endutent(); + + (void) chmod(line, 0666); + (void) chown(line, 0, 0); + line[14] = line[13]; + line[13] = line[12]; + line[8] = 'm'; + line[9] = '/'; + line[10] = 'p'; + line[11] = 't'; + line[12] = 'y'; + (void) chmod(line, 0666); + (void) chown(line, 0, 0); +} +#endif diff --git a/secure/libexec/telnetd/telnetd.8 b/secure/libexec/telnetd/telnetd.8 new file mode 100644 index 0000000..f618385 --- /dev/null +++ b/secure/libexec/telnetd/telnetd.8 @@ -0,0 +1,607 @@ +.\" Copyright (c) 1983, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)telnetd.8 8.4 (Berkeley) 6/1/94 +.\" +.Dd June 1, 1994 +.Dt TELNETD 8 +.Os BSD 4.2 +.Sh NAME +.Nm telnetd +.Nd DARPA +.Tn TELNET +protocol server +.Sh SYNOPSIS +.Nm /usr/libexec/telnetd +.Op Fl BUhlkns +.Op Fl D Ar debugmode +.Op Fl I Ns Ar initid +.Op Fl S Ar tos +.Op Fl X Ar authtype +.Op Fl a Ar authmode +.Op Fl edebug +.Op Fl r Ns Ar lowpty-highpty +.Op Fl u Ar len +.Op Fl debug Op Ar port +.Sh DESCRIPTION +The +.Nm telnetd +command is a server which supports the +.Tn DARPA +standard +.Tn TELNET +virtual terminal protocol. +.Nm Telnetd +is normally invoked by the internet server (see +.Xr inetd 8 ) +for requests to connect to the +.Tn TELNET +port as indicated by the +.Pa /etc/services +file (see +.Xr services 5 ) . +The +.Fl debug +option may be used to start up +.Nm telnetd +manually, instead of through +.Xr inetd 8 . +If started up this way, +.Ar port +may be specified to run +.Nm telnetd +on an alternate +.Tn TCP +port number. +.Pp +The +.Nm telnetd +command accepts the following options: +.Bl -tag -width "-a authmode" +.It Fl a Ar authmode +This option may be used for specifying what mode should +be used for authentication. +Note that this option is only useful if +.Nm telnetd +has been compiled with support for the +.Dv AUTHENTICATION +option. +There are several valid values for +.Ar authmode: +.Bl -tag -width debug +.It debug +Turns on authentication debugging code. +.It user +Only allow connections when the remote user +can provide valid authentication information +to identify the remote user, +and is allowed access to the specified account +without providing a password. +.It valid +Only allow connections when the remote user +can provide valid authentication information +to identify the remote user. +The +.Xr login 1 +command will provide any additional user verification +needed if the remote user is not allowed automatic +access to the specified account. +.It other +Only allow connections that supply some authentication information. +This option is currently not supported +by any of the existing authentication mechanisms, +and is thus the same as specifying +.Fl a +.Cm valid . +.It none +This is the default state. +Authentication information is not required. +If no or insufficient authentication information +is provided, then the +.Xr login 1 +program will provide the necessary user +verification. +.It off +This disables the authentication code. +All user verification will happen through the +.Xr login 1 +program. +.El +.It Fl B +Specifies bftp server mode. In this mode, +.Nm telnetd +causes login to start a +.Xr bftp 1 +session rather than the user's +normal shell. In bftp daemon mode normal +logins are not supported, and it must be used +on a port other than the normal +.Tn TELNET +port. +.It Fl D Ar debugmode +This option may be used for debugging purposes. +This allows +.Nm telnetd +to print out debugging information +to the connection, allowing the user to see what +.Nm telnetd +is doing. +There are several possible values for +.Ar debugmode: +.Bl -tag -width exercise +.It Cm options +Prints information about the negotiation of +.Tn TELNET +options. +.It Cm report +Prints the +.Cm options +information, plus some additional information +about what processing is going on. +.It Cm netdata +Displays the data stream received by +.Nm telnetd. +.It Cm ptydata +Displays data written to the pty. +.It Cm exercise +Has not been implemented yet. +.El +.It Fl debug +Enables debugging on each socket created by +.Nm telnetd +(see +.Dv SO_DEBUG +in +.Xr socket 2 ) . +.It Fl edebug +If +.Nm telnetd +has been compiled with support for data encryption, then the +.Fl edebug +option may be used to enable encryption debugging code. +.It Fl h +Disables the printing of host-specific information before +login has been completed. +.It Fl I Ar initid +This option is only applicable to +.Tn UNICOS +systems prior to 7.0. +It specifies the +.Dv ID +from +.Pa /etc/inittab +to use when init starts login sessions. The default +.Dv ID +is +.Dv fe. +.It Fl k +This option is only useful if +.Nm telnetd +has been compiled with both linemode and kludge linemode +support. If the +.Fl k +option is specified, then if the remote client does not +support the +.Dv LINEMODE +option, then +.Nm telnetd +will operate in character at a time mode. +It will still support kludge linemode, but will only +go into kludge linemode if the remote client requests +it. +(This is done by by the client sending +.Dv DONT SUPPRESS-GO-AHEAD +and +.Dv DONT ECHO . ) +The +.Fl k +option is most useful when there are remote clients +that do not support kludge linemode, but pass the heuristic +(if they respond with +.Dv WILL TIMING-MARK +in response to a +.Dv DO TIMING-MARK) +for kludge linemode support. +.It Fl l +Specifies line mode. Tries to force clients to use line- +at-a-time mode. +If the +.Dv LINEMODE +option is not supported, it will go +into kludge linemode. +.It Fl n +Disable +.Dv TCP +keep-alives. Normally +.Nm telnetd +enables the +.Tn TCP +keep-alive mechanism to probe connections that +have been idle for some period of time to determine +if the client is still there, so that idle connections +from machines that have crashed or can no longer +be reached may be cleaned up. +.It Fl r Ar lowpty-highpty +This option is only enabled when +.Nm telnetd +is compiled for +.Dv UNICOS. +It specifies an inclusive range of pseudo-terminal devices to +use. If the system has sysconf variable +.Dv _SC_CRAY_NPTY +configured, the default pty search range is 0 to +.Dv _SC_CRAY_NPTY; +otherwise, the default range is 0 to 128. Either +.Ar lowpty +or +.Ar highpty +may be omitted to allow changing +either end of the search range. If +.Ar lowpty +is omitted, the - character is still required so that +.Nm telnetd +can differentiate +.Ar highpty +from +.Ar lowpty . +.It Fl s +This option is only enabled if +.Nm telnetd +is compiled with support for +.Tn SecurID +cards. +It causes the +.Fl s +option to be passed on to +.Xr login 1 , +and thus is only useful if +.Xr login 1 +supports the +.Fl s +flag to indicate that only +.Tn SecurID +validated logins are allowed, and is +usually useful for controlling remote logins +from outside of a firewall. +.It Fl S Ar tos +.It Fl u Ar len +This option is used to specify the size of the field +in the +.Dv utmp +structure that holds the remote host name. +If the resolved host name is longer than +.Ar len , +the dotted decimal value will be used instead. +This allows hosts with very long host names that +overflow this field to still be uniquely identified. +Specifying +.Fl u0 +indicates that only dotted decimal addresses +should be put into the +.Pa utmp +file. +.ne 1i +.It Fl U +This option causes +.Nm telnetd +to refuse connections from addresses that +cannot be mapped back into a symbolic name +via the +.Xr gethostbyaddr 3 +routine. +.It Fl X Ar authtype +This option is only valid if +.Nm telnetd +has been built with support for the authentication option. +It disables the use of +.Ar authtype +authentication, and +can be used to temporarily disable +a specific authentication type without having to recompile +.Nm telnetd . +.El +.Pp +.Nm Telnetd +operates by allocating a pseudo-terminal device (see +.Xr pty 4 ) +for a client, then creating a login process which has +the slave side of the pseudo-terminal as +.Dv stdin , +.Dv stdout +and +.Dv stderr . +.Nm Telnetd +manipulates the master side of the pseudo-terminal, +implementing the +.Tn TELNET +protocol and passing characters +between the remote client and the login process. +.Pp +When a +.Tn TELNET +session is started up, +.Nm telnetd +sends +.Tn TELNET +options to the client side indicating +a willingness to do the +following +.Tn TELNET +options, which are described in more detail below: +.Bd -literal -offset indent +DO AUTHENTICATION +WILL ENCRYPT +DO TERMINAL TYPE +DO TSPEED +DO XDISPLOC +DO NEW-ENVIRON +DO ENVIRON +WILL SUPPRESS GO AHEAD +DO ECHO +DO LINEMODE +DO NAWS +WILL STATUS +DO LFLOW +DO TIMING-MARK +.Ed +.Pp +The pseudo-terminal allocated to the client is configured +to operate in \*(lqcooked\*(rq mode, and with +.Dv XTABS and +.Dv CRMOD +enabled (see +.Xr tty 4 ) . +.Pp +.Nm Telnetd +has support for enabling locally the following +.Tn TELNET +options: +.Bl -tag -width "DO AUTHENTICATION" +.It "WILL ECHO" +When the +.Dv LINEMODE +option is enabled, a +.Dv WILL ECHO +or +.Dv WONT ECHO +will be sent to the client to indicate the +current state of terminal echoing. +When terminal echo is not desired, a +.Dv WILL ECHO +is sent to indicate that +.Tn telnetd +will take care of echoing any data that needs to be +echoed to the terminal, and then nothing is echoed. +When terminal echo is desired, a +.Dv WONT ECHO +is sent to indicate that +.Tn telnetd +will not be doing any terminal echoing, so the +client should do any terminal echoing that is needed. +.It "WILL BINARY" +Indicates that the client is willing to send a +8 bits of data, rather than the normal 7 bits +of the Network Virtual Terminal. +.It "WILL SGA" +Indicates that it will not be sending +.Dv IAC GA, +go ahead, commands. +.It "WILL STATUS" +Indicates a willingness to send the client, upon +request, of the current status of all +.Tn TELNET +options. +.It "WILL TIMING-MARK" +Whenever a +.Dv DO TIMING-MARK +command is received, it is always responded +to with a +.Dv WILL TIMING-MARK +.ne 1i +.It "WILL LOGOUT" +When a +.Dv DO LOGOUT +is received, a +.Dv WILL LOGOUT +is sent in response, and the +.Tn TELNET +session is shut down. +.It "WILL ENCRYPT" +Only sent if +.Nm telnetd +is compiled with support for data encryption, and +indicates a willingness to decrypt +the data stream. +.El +.Pp +.Nm Telnetd +has support for enabling remotely the following +.Tn TELNET +options: +.Bl -tag -width "DO AUTHENTICATION" +.It "DO BINARY" +Sent to indicate that +.Tn telnetd +is willing to receive an 8 bit data stream. +.It "DO LFLOW" +Requests that the client handle flow control +characters remotely. +.It "DO ECHO" +This is not really supported, but is sent to identify a 4.2BSD +.Xr telnet 1 +client, which will improperly respond with +.Dv WILL ECHO. +If a +.Dv WILL ECHO +is received, a +.Dv DONT ECHO +will be sent in response. +.It "DO TERMINAL-TYPE" +Indicates a desire to be able to request the +name of the type of terminal that is attached +to the client side of the connection. +.It "DO SGA" +Indicates that it does not need to receive +.Dv IAC GA, +the go ahead command. +.It "DO NAWS" +Requests that the client inform the server when +the window (display) size changes. +.It "DO TERMINAL-SPEED" +Indicates a desire to be able to request information +about the speed of the serial line to which +the client is attached. +.It "DO XDISPLOC" +Indicates a desire to be able to request the name +of the X windows display that is associated with +the telnet client. +.It "DO NEW-ENVIRON" +Indicates a desire to be able to request environment +variable information, as described in RFC 1572. +.It "DO ENVIRON" +Indicates a desire to be able to request environment +variable information, as described in RFC 1408. +.It "DO LINEMODE" +Only sent if +.Nm telnetd +is compiled with support for linemode, and +requests that the client do line by line processing. +.It "DO TIMING-MARK" +Only sent if +.Nm telnetd +is compiled with support for both linemode and +kludge linemode, and the client responded with +.Dv WONT LINEMODE. +If the client responds with +.Dv WILL TM, +the it is assumed that the client supports +kludge linemode. +Note that the +.Op Fl k +option can be used to disable this. +.It "DO AUTHENTICATION" +Only sent if +.Nm telnetd +is compiled with support for authentication, and +indicates a willingness to receive authentication +information for automatic login. +.It "DO ENCRYPT" +Only sent if +.Nm telnetd +is compiled with support for data encryption, and +indicates a willingness to decrypt +the data stream. +.Sh ENVIRONMENT +.Sh FILES +.Pa /etc/services +.br +.Pa /etc/inittab +(UNICOS systems only) +.br +.Pa /etc/iptos +(if supported) +.br +.Pa /usr/ucb/bftp +(if supported) +.Sh "SEE ALSO" +.Xr telnet 1 , +.Xr login 1 , +.Xr bftp 1 +(if supported) +.Sh STANDARDS +.Bl -tag -compact -width RFC-1572 +.It Cm RFC-854 +.Tn TELNET +PROTOCOL SPECIFICATION +.It Cm RFC-855 +TELNET OPTION SPECIFICATIONS +.It Cm RFC-856 +TELNET BINARY TRANSMISSION +.It Cm RFC-857 +TELNET ECHO OPTION +.It Cm RFC-858 +TELNET SUPPRESS GO AHEAD OPTION +.It Cm RFC-859 +TELNET STATUS OPTION +.It Cm RFC-860 +TELNET TIMING MARK OPTION +.It Cm RFC-861 +TELNET EXTENDED OPTIONS - LIST OPTION +.It Cm RFC-885 +TELNET END OF RECORD OPTION +.It Cm RFC-1073 +Telnet Window Size Option +.It Cm RFC-1079 +Telnet Terminal Speed Option +.It Cm RFC-1091 +Telnet Terminal-Type Option +.It Cm RFC-1096 +Telnet X Display Location Option +.It Cm RFC-1123 +Requirements for Internet Hosts -- Application and Support +.It Cm RFC-1184 +Telnet Linemode Option +.It Cm RFC-1372 +Telnet Remote Flow Control Option +.It Cm RFC-1416 +Telnet Authentication Option +.It Cm RFC-1411 +Telnet Authentication: Kerberos Version 4 +.It Cm RFC-1412 +Telnet Authentication: SPX +.It Cm RFC-1571 +Telnet Environment Option Interoperability Issues +.It Cm RFC-1572 +Telnet Environment Option +.Sh BUGS +Some +.Tn TELNET +commands are only partially implemented. +.Pp +Because of bugs in the original 4.2 BSD +.Xr telnet 1 , +.Nm telnetd +performs some dubious protocol exchanges to try to discover if the remote +client is, in fact, a 4.2 BSD +.Xr telnet 1 . +.Pp +Binary mode +has no common interpretation except between similar operating systems +(Unix in this case). +.Pp +The terminal type name received from the remote client is converted to +lower case. +.Pp +.Nm Telnetd +never sends +.Tn TELNET +.Dv IAC GA +(go ahead) commands. diff --git a/secure/libexec/telnetd/telnetd.c b/secure/libexec/telnetd/telnetd.c new file mode 100644 index 0000000..707c68a --- /dev/null +++ b/secure/libexec/telnetd/telnetd.c @@ -0,0 +1,1593 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char copyright[] = +"@(#) Copyright (c) 1989, 1993\n\ + The Regents of the University of California. All rights reserved.\n"; +#endif /* not lint */ + +#ifndef lint +static char sccsid[] = "@(#)telnetd.c 8.4 (Berkeley) 5/30/95"; +#endif /* not lint */ + +#include "telnetd.h" +#include "pathnames.h" + +#if defined(_SC_CRAY_SECURE_SYS) && !defined(SCM_SECURITY) +/* + * UNICOS 6.0/6.1 do not have SCM_SECURITY defined, so we can + * use it to tell us to turn off all the socket security code, + * since that is only used in UNICOS 7.0 and later. + */ +# undef _SC_CRAY_SECURE_SYS +#endif + +#if defined(_SC_CRAY_SECURE_SYS) +#include <sys/sysv.h> +#include <sys/secdev.h> +# ifdef SO_SEC_MULTI /* 8.0 code */ +#include <sys/secparm.h> +#include <sys/usrv.h> +# endif /* SO_SEC_MULTI */ +int secflag; +char tty_dev[16]; +struct secdev dv; +struct sysv sysv; +# ifdef SO_SEC_MULTI /* 8.0 code */ +struct socksec ss; +# else /* SO_SEC_MULTI */ /* 7.0 code */ +struct socket_security ss; +# endif /* SO_SEC_MULTI */ +#endif /* _SC_CRAY_SECURE_SYS */ + +#if defined(AUTHENTICATION) +#include <libtelnet/auth.h> +int auth_level = 0; +#endif +#if defined(SecurID) +int require_SecurID = 0; +#endif + +extern int utmp_len; +int registerd_host_only = 0; + +#ifdef STREAMSPTY +# include <stropts.h> +# include <termio.h> +/* make sure we don't get the bsd version */ +# include "/usr/include/sys/tty.h" +# include <sys/ptyvar.h> + +/* + * Because of the way ptyibuf is used with streams messages, we need + * ptyibuf+1 to be on a full-word boundary. The following wierdness + * is simply to make that happen. + */ +long ptyibufbuf[BUFSIZ/sizeof(long)+1]; +char *ptyibuf = ((char *)&ptyibufbuf[1])-1; +char *ptyip = ((char *)&ptyibufbuf[1])-1; +char ptyibuf2[BUFSIZ]; +unsigned char ctlbuf[BUFSIZ]; +struct strbuf strbufc, strbufd; + +int readstream(); + +#else /* ! STREAMPTY */ + +/* + * I/O data buffers, + * pointers, and counters. + */ +char ptyibuf[BUFSIZ], *ptyip = ptyibuf; +char ptyibuf2[BUFSIZ]; + +#endif /* ! STREAMPTY */ + +int hostinfo = 1; /* do we print login banner? */ + +#ifdef CRAY +extern int newmap; /* nonzero if \n maps to ^M^J */ +int lowpty = 0, highpty; /* low, high pty numbers */ +#endif /* CRAY */ + +int debug = 0; +int keepalive = 1; +char *progname; + +extern void usage P((void)); + +/* + * The string to pass to getopt(). We do it this way so + * that only the actual options that we support will be + * passed off to getopt(). + */ +char valid_opts[] = { + 'd', ':', 'h', 'k', 'n', 'S', ':', 'u', ':', 'U', +#ifdef AUTHENTICATION + 'a', ':', 'X', ':', +#endif +#ifdef BFTPDAEMON + 'B', +#endif +#ifdef DIAGNOSTICS + 'D', ':', +#endif +#ifdef ENCRYPTION + 'e', ':', +#endif +#if defined(CRAY) && defined(NEWINIT) + 'I', ':', +#endif +#ifdef LINEMODE + 'l', +#endif +#ifdef CRAY + 'r', ':', +#endif +#ifdef SecurID + 's', +#endif + '\0' +}; + +main(argc, argv) + char *argv[]; +{ + struct sockaddr_in from; + int on = 1, fromlen; + register int ch; + extern char *optarg; + extern int optind; +#if defined(IPPROTO_IP) && defined(IP_TOS) + int tos = -1; +#endif + + pfrontp = pbackp = ptyobuf; + netip = netibuf; + nfrontp = nbackp = netobuf; +#ifdef ENCRYPTION + nclearto = 0; +#endif /* ENCRYPTION */ + + progname = *argv; + +#ifdef CRAY + /* + * Get number of pty's before trying to process options, + * which may include changing pty range. + */ + highpty = getnpty(); +#endif /* CRAY */ + + while ((ch = getopt(argc, argv, valid_opts)) != EOF) { + switch(ch) { + +#ifdef AUTHENTICATION + case 'a': + /* + * Check for required authentication level + */ + if (strcmp(optarg, "debug") == 0) { + extern int auth_debug_mode; + auth_debug_mode = 1; + } else if (strcasecmp(optarg, "none") == 0) { + auth_level = 0; + } else if (strcasecmp(optarg, "other") == 0) { + auth_level = AUTH_OTHER; + } else if (strcasecmp(optarg, "user") == 0) { + auth_level = AUTH_USER; + } else if (strcasecmp(optarg, "valid") == 0) { + auth_level = AUTH_VALID; + } else if (strcasecmp(optarg, "off") == 0) { + /* + * This hack turns off authentication + */ + auth_level = -1; + } else { + fprintf(stderr, + "telnetd: unknown authorization level for -a\n"); + } + break; +#endif /* AUTHENTICATION */ + +#ifdef BFTPDAEMON + case 'B': + bftpd++; + break; +#endif /* BFTPDAEMON */ + + case 'd': + if (strcmp(optarg, "ebug") == 0) { + debug++; + break; + } + usage(); + /* NOTREACHED */ + break; + +#ifdef DIAGNOSTICS + case 'D': + /* + * Check for desired diagnostics capabilities. + */ + if (!strcmp(optarg, "report")) { + diagnostic |= TD_REPORT|TD_OPTIONS; + } else if (!strcmp(optarg, "exercise")) { + diagnostic |= TD_EXERCISE; + } else if (!strcmp(optarg, "netdata")) { + diagnostic |= TD_NETDATA; + } else if (!strcmp(optarg, "ptydata")) { + diagnostic |= TD_PTYDATA; + } else if (!strcmp(optarg, "options")) { + diagnostic |= TD_OPTIONS; + } else { + usage(); + /* NOT REACHED */ + } + break; +#endif /* DIAGNOSTICS */ + +#ifdef ENCRYPTION + case 'e': + if (strcmp(optarg, "debug") == 0) { + extern int encrypt_debug_mode; + encrypt_debug_mode = 1; + break; + } + usage(); + /* NOTREACHED */ + break; +#endif /* ENCRYPTION */ + + case 'h': + hostinfo = 0; + break; + +#if defined(CRAY) && defined(NEWINIT) + case 'I': + { + extern char *gen_id; + gen_id = optarg; + break; + } +#endif /* defined(CRAY) && defined(NEWINIT) */ + +#ifdef LINEMODE + case 'l': + alwayslinemode = 1; + break; +#endif /* LINEMODE */ + + case 'k': +#if defined(LINEMODE) && defined(KLUDGELINEMODE) + lmodetype = NO_AUTOKLUDGE; +#else + /* ignore -k option if built without kludge linemode */ +#endif /* defined(LINEMODE) && defined(KLUDGELINEMODE) */ + break; + + case 'n': + keepalive = 0; + break; + +#ifdef CRAY + case 'r': + { + char *strchr(); + char *c; + + /* + * Allow the specification of alterations + * to the pty search range. It is legal to + * specify only one, and not change the + * other from its default. + */ + c = strchr(optarg, '-'); + if (c) { + *c++ = '\0'; + highpty = atoi(c); + } + if (*optarg != '\0') + lowpty = atoi(optarg); + if ((lowpty > highpty) || (lowpty < 0) || + (highpty > 32767)) { + usage(); + /* NOT REACHED */ + } + break; + } +#endif /* CRAY */ + +#ifdef SecurID + case 's': + /* SecurID required */ + require_SecurID = 1; + break; +#endif /* SecurID */ + case 'S': +#ifdef HAS_GETTOS + if ((tos = parsetos(optarg, "tcp")) < 0) + fprintf(stderr, "%s%s%s\n", + "telnetd: Bad TOS argument '", optarg, + "'; will try to use default TOS"); +#else + fprintf(stderr, "%s%s\n", "TOS option unavailable; ", + "-S flag not supported\n"); +#endif + break; + + case 'u': + utmp_len = atoi(optarg); + break; + + case 'U': + registerd_host_only = 1; + break; + +#ifdef AUTHENTICATION + case 'X': + /* + * Check for invalid authentication types + */ + auth_disable_name(optarg); + break; +#endif /* AUTHENTICATION */ + + default: + fprintf(stderr, "telnetd: %c: unknown option\n", ch); + /* FALLTHROUGH */ + case '?': + usage(); + /* NOTREACHED */ + } + } + + argc -= optind; + argv += optind; + + if (debug) { + int s, ns, foo; + struct servent *sp; + static struct sockaddr_in sin = { AF_INET }; + + if (argc > 1) { + usage(); + /* NOT REACHED */ + } else if (argc == 1) { + if (sp = getservbyname(*argv, "tcp")) { + sin.sin_port = sp->s_port; + } else { + sin.sin_port = atoi(*argv); + if ((int)sin.sin_port <= 0) { + fprintf(stderr, "telnetd: %s: bad port #\n", *argv); + usage(); + /* NOT REACHED */ + } + sin.sin_port = htons((u_short)sin.sin_port); + } + } else { + sp = getservbyname("telnet", "tcp"); + if (sp == 0) { + fprintf(stderr, "telnetd: tcp/telnet: unknown service\n"); + exit(1); + } + sin.sin_port = sp->s_port; + } + + s = socket(AF_INET, SOCK_STREAM, 0); + if (s < 0) { + perror("telnetd: socket");; + exit(1); + } + (void) setsockopt(s, SOL_SOCKET, SO_REUSEADDR, + (char *)&on, sizeof(on)); + if (bind(s, (struct sockaddr *)&sin, sizeof sin) < 0) { + perror("bind"); + exit(1); + } + if (listen(s, 1) < 0) { + perror("listen"); + exit(1); + } + foo = sizeof sin; + ns = accept(s, (struct sockaddr *)&sin, &foo); + if (ns < 0) { + perror("accept"); + exit(1); + } + (void) dup2(ns, 0); + (void) close(ns); + (void) close(s); +#ifdef convex + } else if (argc == 1) { + ; /* VOID*/ /* Just ignore the host/port name */ +#endif + } else if (argc > 0) { + usage(); + /* NOT REACHED */ + } + +#if defined(_SC_CRAY_SECURE_SYS) + secflag = sysconf(_SC_CRAY_SECURE_SYS); + + /* + * Get socket's security label + */ + if (secflag) { + int szss = sizeof(ss); +#ifdef SO_SEC_MULTI /* 8.0 code */ + int sock_multi; + int szi = sizeof(int); +#endif /* SO_SEC_MULTI */ + + memset((char *)&dv, 0, sizeof(dv)); + + if (getsysv(&sysv, sizeof(struct sysv)) != 0) { + perror("getsysv"); + exit(1); + } + + /* + * Get socket security label and set device values + * {security label to be set on ttyp device} + */ +#ifdef SO_SEC_MULTI /* 8.0 code */ + if ((getsockopt(0, SOL_SOCKET, SO_SECURITY, + (char *)&ss, &szss) < 0) || + (getsockopt(0, SOL_SOCKET, SO_SEC_MULTI, + (char *)&sock_multi, &szi) < 0)) { + perror("getsockopt"); + exit(1); + } else { + dv.dv_actlvl = ss.ss_actlabel.lt_level; + dv.dv_actcmp = ss.ss_actlabel.lt_compart; + if (!sock_multi) { + dv.dv_minlvl = dv.dv_maxlvl = dv.dv_actlvl; + dv.dv_valcmp = dv.dv_actcmp; + } else { + dv.dv_minlvl = ss.ss_minlabel.lt_level; + dv.dv_maxlvl = ss.ss_maxlabel.lt_level; + dv.dv_valcmp = ss.ss_maxlabel.lt_compart; + } + dv.dv_devflg = 0; + } +#else /* SO_SEC_MULTI */ /* 7.0 code */ + if (getsockopt(0, SOL_SOCKET, SO_SECURITY, + (char *)&ss, &szss) >= 0) { + dv.dv_actlvl = ss.ss_slevel; + dv.dv_actcmp = ss.ss_compart; + dv.dv_minlvl = ss.ss_minlvl; + dv.dv_maxlvl = ss.ss_maxlvl; + dv.dv_valcmp = ss.ss_maxcmp; + } +#endif /* SO_SEC_MULTI */ + } +#endif /* _SC_CRAY_SECURE_SYS */ + + openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON); + fromlen = sizeof (from); + if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { + fprintf(stderr, "%s: ", progname); + perror("getpeername"); + _exit(1); + } + if (keepalive && + setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, + (char *)&on, sizeof (on)) < 0) { + syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); + } + +#if defined(IPPROTO_IP) && defined(IP_TOS) + { +# if defined(HAS_GETTOS) + struct tosent *tp; + if (tos < 0 && (tp = gettosbyname("telnet", "tcp"))) + tos = tp->t_tos; +# endif + if (tos < 0) + tos = 020; /* Low Delay bit */ + if (tos + && (setsockopt(0, IPPROTO_IP, IP_TOS, + (char *)&tos, sizeof(tos)) < 0) + && (errno != ENOPROTOOPT) ) + syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); + } +#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ + net = 0; + doit(&from); + /* NOTREACHED */ +} /* end of main */ + + void +usage() +{ + fprintf(stderr, "Usage: telnetd"); +#ifdef AUTHENTICATION + fprintf(stderr, " [-a (debug|other|user|valid|off|none)]\n\t"); +#endif +#ifdef BFTPDAEMON + fprintf(stderr, " [-B]"); +#endif + fprintf(stderr, " [-debug]"); +#ifdef DIAGNOSTICS + fprintf(stderr, " [-D (options|report|exercise|netdata|ptydata)]\n\t"); +#endif +#ifdef AUTHENTICATION + fprintf(stderr, " [-edebug]"); +#endif + fprintf(stderr, " [-h]"); +#if defined(CRAY) && defined(NEWINIT) + fprintf(stderr, " [-Iinitid]"); +#endif +#if defined(LINEMODE) && defined(KLUDGELINEMODE) + fprintf(stderr, " [-k]"); +#endif +#ifdef LINEMODE + fprintf(stderr, " [-l]"); +#endif + fprintf(stderr, " [-n]"); +#ifdef CRAY + fprintf(stderr, " [-r[lowpty]-[highpty]]"); +#endif + fprintf(stderr, "\n\t"); +#ifdef SecurID + fprintf(stderr, " [-s]"); +#endif +#ifdef HAS_GETTOS + fprintf(stderr, " [-S tos]"); +#endif +#ifdef AUTHENTICATION + fprintf(stderr, " [-X auth-type]"); +#endif + fprintf(stderr, " [-u utmp_hostname_length] [-U]"); + fprintf(stderr, " [port]\n"); + exit(1); +} + +/* + * getterminaltype + * + * Ask the other end to send along its terminal type and speed. + * Output is the variable terminaltype filled in. + */ +static unsigned char ttytype_sbbuf[] = { + IAC, SB, TELOPT_TTYPE, TELQUAL_SEND, IAC, SE +}; + + int +getterminaltype(name) + char *name; +{ + int retval = -1; + void _gettermname(); + + settimer(baseline); +#if defined(AUTHENTICATION) + /* + * Handle the Authentication option before we do anything else. + */ + send_do(TELOPT_AUTHENTICATION, 1); + while (his_will_wont_is_changing(TELOPT_AUTHENTICATION)) + ttloop(); + if (his_state_is_will(TELOPT_AUTHENTICATION)) { + retval = auth_wait(name); + } +#endif + +#ifdef ENCRYPTION + send_will(TELOPT_ENCRYPT, 1); +#endif /* ENCRYPTION */ + send_do(TELOPT_TTYPE, 1); + send_do(TELOPT_TSPEED, 1); + send_do(TELOPT_XDISPLOC, 1); + send_do(TELOPT_NEW_ENVIRON, 1); + send_do(TELOPT_OLD_ENVIRON, 1); + while ( +#ifdef ENCRYPTION + his_do_dont_is_changing(TELOPT_ENCRYPT) || +#endif /* ENCRYPTION */ + his_will_wont_is_changing(TELOPT_TTYPE) || + his_will_wont_is_changing(TELOPT_TSPEED) || + his_will_wont_is_changing(TELOPT_XDISPLOC) || + his_will_wont_is_changing(TELOPT_NEW_ENVIRON) || + his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) { + ttloop(); + } +#ifdef ENCRYPTION + /* + * Wait for the negotiation of what type of encryption we can + * send with. If autoencrypt is not set, this will just return. + */ + if (his_state_is_will(TELOPT_ENCRYPT)) { + encrypt_wait(); + } +#endif /* ENCRYPTION */ + if (his_state_is_will(TELOPT_TSPEED)) { + static unsigned char sb[] = + { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE }; + + memmove(nfrontp, sb, sizeof sb); + nfrontp += sizeof sb; + DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); + } + if (his_state_is_will(TELOPT_XDISPLOC)) { + static unsigned char sb[] = + { IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE }; + + memmove(nfrontp, sb, sizeof sb); + nfrontp += sizeof sb; + DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); + } + if (his_state_is_will(TELOPT_NEW_ENVIRON)) { + static unsigned char sb[] = + { IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE }; + + memmove(nfrontp, sb, sizeof sb); + nfrontp += sizeof sb; + DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); + } + else if (his_state_is_will(TELOPT_OLD_ENVIRON)) { + static unsigned char sb[] = + { IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE }; + + memmove(nfrontp, sb, sizeof sb); + nfrontp += sizeof sb; + DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2);); + } + if (his_state_is_will(TELOPT_TTYPE)) { + + memmove(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf); + nfrontp += sizeof ttytype_sbbuf; + DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2, + sizeof ttytype_sbbuf - 2);); + } + if (his_state_is_will(TELOPT_TSPEED)) { + while (sequenceIs(tspeedsubopt, baseline)) + ttloop(); + } + if (his_state_is_will(TELOPT_XDISPLOC)) { + while (sequenceIs(xdisplocsubopt, baseline)) + ttloop(); + } + if (his_state_is_will(TELOPT_NEW_ENVIRON)) { + while (sequenceIs(environsubopt, baseline)) + ttloop(); + } + if (his_state_is_will(TELOPT_OLD_ENVIRON)) { + while (sequenceIs(oenvironsubopt, baseline)) + ttloop(); + } + if (his_state_is_will(TELOPT_TTYPE)) { + char first[256], last[256]; + + while (sequenceIs(ttypesubopt, baseline)) + ttloop(); + + /* + * If the other side has already disabled the option, then + * we have to just go with what we (might) have already gotten. + */ + if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) { + (void) strncpy(first, terminaltype, sizeof(first)); + for(;;) { + /* + * Save the unknown name, and request the next name. + */ + (void) strncpy(last, terminaltype, sizeof(last)); + _gettermname(); + if (terminaltypeok(terminaltype)) + break; + if ((strncmp(last, terminaltype, sizeof(last)) == 0) || + his_state_is_wont(TELOPT_TTYPE)) { + /* + * We've hit the end. If this is the same as + * the first name, just go with it. + */ + if (strncmp(first, terminaltype, sizeof(first)) == 0) + break; + /* + * Get the terminal name one more time, so that + * RFC1091 compliant telnets will cycle back to + * the start of the list. + */ + _gettermname(); + if (strncmp(first, terminaltype, sizeof(first)) != 0) + (void) strncpy(terminaltype, first, sizeof(first)); + break; + } + } + } + } + return(retval); +} /* end of getterminaltype */ + + void +_gettermname() +{ + /* + * If the client turned off the option, + * we can't send another request, so we + * just return. + */ + if (his_state_is_wont(TELOPT_TTYPE)) + return; + settimer(baseline); + memmove(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf); + nfrontp += sizeof ttytype_sbbuf; + DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2, + sizeof ttytype_sbbuf - 2);); + while (sequenceIs(ttypesubopt, baseline)) + ttloop(); +} + + int +terminaltypeok(s) + char *s; +{ + char buf[1024]; + + if (terminaltype == NULL) + return(1); + + /* + * tgetent() will return 1 if the type is known, and + * 0 if it is not known. If it returns -1, it couldn't + * open the database. But if we can't open the database, + * it won't help to say we failed, because we won't be + * able to verify anything else. So, we treat -1 like 1. + */ + if (tgetent(buf, s) == 0) + return(0); + return(1); +} + +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 64 +#endif /* MAXHOSTNAMELEN */ + +char *hostname; +char host_name[MAXHOSTNAMELEN]; +char remote_host_name[MAXHOSTNAMELEN]; + +extern void telnet P((int, int, char *)); + +int level; +char user_name[256]; +/* + * Get a pty, scan input lines. + */ +doit(who) + struct sockaddr_in *who; +{ + char *host, *inet_ntoa(); + int t; + struct hostent *hp; + int ptynum; + + /* + * Find an available pty to use. + */ +#ifndef convex + pty = getpty(&ptynum); + if (pty < 0) + fatal(net, "All network ports in use"); +#else + for (;;) { + char *lp; + extern char *line, *getpty(); + + if ((lp = getpty()) == NULL) + fatal(net, "Out of ptys"); + + if ((pty = open(lp, 2)) >= 0) { + strcpy(line,lp); + line[5] = 't'; + break; + } + } +#endif + +#if defined(_SC_CRAY_SECURE_SYS) + /* + * set ttyp line security label + */ + if (secflag) { + char slave_dev[16]; + + sprintf(tty_dev, "/dev/pty/%03d", ptynum); + if (setdevs(tty_dev, &dv) < 0) + fatal(net, "cannot set pty security"); + sprintf(slave_dev, "/dev/ttyp%03d", ptynum); + if (setdevs(slave_dev, &dv) < 0) + fatal(net, "cannot set tty security"); + } +#endif /* _SC_CRAY_SECURE_SYS */ + + /* get name of connected client */ + hp = gethostbyaddr((char *)&who->sin_addr, sizeof (struct in_addr), + who->sin_family); + + if (hp == NULL && registerd_host_only) { + fatal(net, "Couldn't resolve your address into a host name.\r\n\ + Please contact your net administrator"); + } else if (hp && + (strlen(hp->h_name) <= (unsigned int)((utmp_len < 0) ? -utmp_len + : utmp_len))) { + host = hp->h_name; + } else { + host = inet_ntoa(who->sin_addr); + } + /* + * We must make a copy because Kerberos is probably going + * to also do a gethost* and overwrite the static data... + */ + strncpy(remote_host_name, host, sizeof(remote_host_name)-1); + remote_host_name[sizeof(remote_host_name)-1] = 0; + host = remote_host_name; + + (void) gethostname(host_name, sizeof (host_name)); + hostname = host_name; + +#if defined(AUTHENTICATION) || defined(ENCRYPTION) + auth_encrypt_init(hostname, host, "TELNETD", 1); +#endif + + init_env(); + /* + * get terminal type. + */ + *user_name = 0; + level = getterminaltype(user_name); + setenv("TERM", terminaltype ? terminaltype : "network", 1); + +#if defined(_SC_CRAY_SECURE_SYS) + if (secflag) { + if (setulvl(dv.dv_actlvl) < 0) + fatal(net,"cannot setulvl()"); + if (setucmp(dv.dv_actcmp) < 0) + fatal(net, "cannot setucmp()"); + } +#endif /* _SC_CRAY_SECURE_SYS */ + + telnet(net, pty, host); /* begin server process */ + + /*NOTREACHED*/ +} /* end of doit */ + +#if defined(CRAY2) && defined(UNICOS5) && defined(UNICOS50) + int +Xterm_output(ibufp, obuf, icountp, ocount) + char **ibufp, *obuf; + int *icountp, ocount; +{ + int ret; + ret = term_output(*ibufp, obuf, *icountp, ocount); + *ibufp += *icountp; + *icountp = 0; + return(ret); +} +#define term_output Xterm_output +#endif /* defined(CRAY2) && defined(UNICOS5) && defined(UNICOS50) */ + +/* + * Main loop. Select from pty and network, and + * hand data to telnet receiver finite state machine. + */ + void +telnet(f, p, host) + int f, p; + char *host; +{ + int on = 1; +#define TABBUFSIZ 512 + char defent[TABBUFSIZ]; + char defstrs[TABBUFSIZ]; +#undef TABBUFSIZ + char *HE; + char *HN; + char *IM; + void netflush(); + int nfd; + + /* + * Initialize the slc mapping table. + */ + get_slc_defaults(); + + /* + * Do some tests where it is desireable to wait for a response. + * Rather than doing them slowly, one at a time, do them all + * at once. + */ + if (my_state_is_wont(TELOPT_SGA)) + send_will(TELOPT_SGA, 1); + /* + * Is the client side a 4.2 (NOT 4.3) system? We need to know this + * because 4.2 clients are unable to deal with TCP urgent data. + * + * To find out, we send out a "DO ECHO". If the remote system + * answers "WILL ECHO" it is probably a 4.2 client, and we note + * that fact ("WILL ECHO" ==> that the client will echo what + * WE, the server, sends it; it does NOT mean that the client will + * echo the terminal input). + */ + send_do(TELOPT_ECHO, 1); + +#ifdef LINEMODE + if (his_state_is_wont(TELOPT_LINEMODE)) { + /* Query the peer for linemode support by trying to negotiate + * the linemode option. + */ + linemode = 0; + editmode = 0; + send_do(TELOPT_LINEMODE, 1); /* send do linemode */ + } +#endif /* LINEMODE */ + + /* + * Send along a couple of other options that we wish to negotiate. + */ + send_do(TELOPT_NAWS, 1); + send_will(TELOPT_STATUS, 1); + flowmode = 1; /* default flow control state */ + restartany = -1; /* uninitialized... */ + send_do(TELOPT_LFLOW, 1); + + /* + * Spin, waiting for a response from the DO ECHO. However, + * some REALLY DUMB telnets out there might not respond + * to the DO ECHO. So, we spin looking for NAWS, (most dumb + * telnets so far seem to respond with WONT for a DO that + * they don't understand...) because by the time we get the + * response, it will already have processed the DO ECHO. + * Kludge upon kludge. + */ + while (his_will_wont_is_changing(TELOPT_NAWS)) + ttloop(); + + /* + * But... + * The client might have sent a WILL NAWS as part of its + * startup code; if so, we'll be here before we get the + * response to the DO ECHO. We'll make the assumption + * that any implementation that understands about NAWS + * is a modern enough implementation that it will respond + * to our DO ECHO request; hence we'll do another spin + * waiting for the ECHO option to settle down, which is + * what we wanted to do in the first place... + */ + if (his_want_state_is_will(TELOPT_ECHO) && + his_state_is_will(TELOPT_NAWS)) { + while (his_will_wont_is_changing(TELOPT_ECHO)) + ttloop(); + } + /* + * On the off chance that the telnet client is broken and does not + * respond to the DO ECHO we sent, (after all, we did send the + * DO NAWS negotiation after the DO ECHO, and we won't get here + * until a response to the DO NAWS comes back) simulate the + * receipt of a will echo. This will also send a WONT ECHO + * to the client, since we assume that the client failed to + * respond because it believes that it is already in DO ECHO + * mode, which we do not want. + */ + if (his_want_state_is_will(TELOPT_ECHO)) { + DIAG(TD_OPTIONS, + {sprintf(nfrontp, "td: simulating recv\r\n"); + nfrontp += strlen(nfrontp);}); + willoption(TELOPT_ECHO); + } + + /* + * Finally, to clean things up, we turn on our echo. This + * will break stupid 4.2 telnets out of local terminal echo. + */ + + if (my_state_is_wont(TELOPT_ECHO)) + send_will(TELOPT_ECHO, 1); + +#ifndef STREAMSPTY + /* + * Turn on packet mode + */ + (void) ioctl(p, TIOCPKT, (char *)&on); +#endif + +#if defined(LINEMODE) && defined(KLUDGELINEMODE) + /* + * Continuing line mode support. If client does not support + * real linemode, attempt to negotiate kludge linemode by sending + * the do timing mark sequence. + */ + if (lmodetype < REAL_LINEMODE) + send_do(TELOPT_TM, 1); +#endif /* defined(LINEMODE) && defined(KLUDGELINEMODE) */ + + /* + * Call telrcv() once to pick up anything received during + * terminal type negotiation, 4.2/4.3 determination, and + * linemode negotiation. + */ + telrcv(); + + (void) ioctl(f, FIONBIO, (char *)&on); + (void) ioctl(p, FIONBIO, (char *)&on); +#if defined(CRAY2) && defined(UNICOS5) + init_termdriver(f, p, interrupt, sendbrk); +#endif + +#if defined(SO_OOBINLINE) + (void) setsockopt(net, SOL_SOCKET, SO_OOBINLINE, + (char *)&on, sizeof on); +#endif /* defined(SO_OOBINLINE) */ + +#ifdef SIGTSTP + (void) signal(SIGTSTP, SIG_IGN); +#endif +#ifdef SIGTTOU + /* + * Ignoring SIGTTOU keeps the kernel from blocking us + * in ttioct() in /sys/tty.c. + */ + (void) signal(SIGTTOU, SIG_IGN); +#endif + + (void) signal(SIGCHLD, cleanup); + +#if defined(CRAY2) && defined(UNICOS5) + /* + * Cray-2 will send a signal when pty modes are changed by slave + * side. Set up signal handler now. + */ + if ((int)signal(SIGUSR1, termstat) < 0) + perror("signal"); + else if (ioctl(p, TCSIGME, (char *)SIGUSR1) < 0) + perror("ioctl:TCSIGME"); + /* + * Make processing loop check terminal characteristics early on. + */ + termstat(); +#endif + +#ifdef TIOCNOTTY + { + register int t; + t = open(_PATH_TTY, O_RDWR); + if (t >= 0) { + (void) ioctl(t, TIOCNOTTY, (char *)0); + (void) close(t); + } + } +#endif + +#if defined(CRAY) && defined(NEWINIT) && defined(TIOCSCTTY) + (void) setsid(); + ioctl(p, TIOCSCTTY, 0); +#endif + + /* + * Show banner that getty never gave. + * + * We put the banner in the pty input buffer. This way, it + * gets carriage return null processing, etc., just like all + * other pty --> client data. + */ + +#if !defined(CRAY) || !defined(NEWINIT) + if (getenv("USER")) + hostinfo = 0; +#endif + + if (getent(defent, "default") == 1) { + char *getstr(); + char *cp=defstrs; + + HE = getstr("he", &cp); + HN = getstr("hn", &cp); + IM = getstr("im", &cp); + if (HN && *HN) + (void) strcpy(host_name, HN); + if (IM == 0) + IM = ""; + } else { + IM = DEFAULT_IM; + HE = 0; + } + edithost(HE, host_name); + if (hostinfo && *IM) + putf(IM, ptyibuf2); + + if (pcc) + (void) strncat(ptyibuf2, ptyip, pcc+1); + ptyip = ptyibuf2; + pcc = strlen(ptyip); +#ifdef LINEMODE + /* + * Last check to make sure all our states are correct. + */ + init_termbuf(); + localstat(); +#endif /* LINEMODE */ + + DIAG(TD_REPORT, + {sprintf(nfrontp, "td: Entering processing loop\r\n"); + nfrontp += strlen(nfrontp);}); + + /* + * Startup the login process on the slave side of the terminal + * now. We delay this until here to insure option negotiation + * is complete. + */ + startslave(host, level, user_name); + + nfd = ((f > p) ? f : p) + 1; + for (;;) { + fd_set ibits, obits, xbits; + register int c; + + if (ncc < 0 && pcc < 0) + break; + +#if defined(CRAY2) && defined(UNICOS5) + if (needtermstat) + _termstat(); +#endif /* defined(CRAY2) && defined(UNICOS5) */ + FD_ZERO(&ibits); + FD_ZERO(&obits); + FD_ZERO(&xbits); + /* + * Never look for input if there's still + * stuff in the corresponding output buffer + */ + if (nfrontp - nbackp || pcc > 0) { + FD_SET(f, &obits); + } else { + FD_SET(p, &ibits); + } + if (pfrontp - pbackp || ncc > 0) { + FD_SET(p, &obits); + } else { + FD_SET(f, &ibits); + } + if (!SYNCHing) { + FD_SET(f, &xbits); + } + if ((c = select(nfd, &ibits, &obits, &xbits, + (struct timeval *)0)) < 1) { + if (c == -1) { + if (errno == EINTR) { + continue; + } + } + sleep(5); + continue; + } + + /* + * Any urgent data? + */ + if (FD_ISSET(net, &xbits)) { + SYNCHing = 1; + } + + /* + * Something to read from the network... + */ + if (FD_ISSET(net, &ibits)) { +#if !defined(SO_OOBINLINE) + /* + * In 4.2 (and 4.3 beta) systems, the + * OOB indication and data handling in the kernel + * is such that if two separate TCP Urgent requests + * come in, one byte of TCP data will be overlaid. + * This is fatal for Telnet, but we try to live + * with it. + * + * In addition, in 4.2 (and...), a special protocol + * is needed to pick up the TCP Urgent data in + * the correct sequence. + * + * What we do is: if we think we are in urgent + * mode, we look to see if we are "at the mark". + * If we are, we do an OOB receive. If we run + * this twice, we will do the OOB receive twice, + * but the second will fail, since the second + * time we were "at the mark", but there wasn't + * any data there (the kernel doesn't reset + * "at the mark" until we do a normal read). + * Once we've read the OOB data, we go ahead + * and do normal reads. + * + * There is also another problem, which is that + * since the OOB byte we read doesn't put us + * out of OOB state, and since that byte is most + * likely the TELNET DM (data mark), we would + * stay in the TELNET SYNCH (SYNCHing) state. + * So, clocks to the rescue. If we've "just" + * received a DM, then we test for the + * presence of OOB data when the receive OOB + * fails (and AFTER we did the normal mode read + * to clear "at the mark"). + */ + if (SYNCHing) { + int atmark; + + (void) ioctl(net, SIOCATMARK, (char *)&atmark); + if (atmark) { + ncc = recv(net, netibuf, sizeof (netibuf), MSG_OOB); + if ((ncc == -1) && (errno == EINVAL)) { + ncc = read(net, netibuf, sizeof (netibuf)); + if (sequenceIs(didnetreceive, gotDM)) { + SYNCHing = stilloob(net); + } + } + } else { + ncc = read(net, netibuf, sizeof (netibuf)); + } + } else { + ncc = read(net, netibuf, sizeof (netibuf)); + } + settimer(didnetreceive); +#else /* !defined(SO_OOBINLINE)) */ + ncc = read(net, netibuf, sizeof (netibuf)); +#endif /* !defined(SO_OOBINLINE)) */ + if (ncc < 0 && errno == EWOULDBLOCK) + ncc = 0; + else { + if (ncc <= 0) { + break; + } + netip = netibuf; + } + DIAG((TD_REPORT | TD_NETDATA), + {sprintf(nfrontp, "td: netread %d chars\r\n", ncc); + nfrontp += strlen(nfrontp);}); + DIAG(TD_NETDATA, printdata("nd", netip, ncc)); + } + + /* + * Something to read from the pty... + */ + if (FD_ISSET(p, &ibits)) { +#ifndef STREAMSPTY + pcc = read(p, ptyibuf, BUFSIZ); +#else + pcc = readstream(p, ptyibuf, BUFSIZ); +#endif + /* + * On some systems, if we try to read something + * off the master side before the slave side is + * opened, we get EIO. + */ + if (pcc < 0 && (errno == EWOULDBLOCK || +#ifdef EAGAIN + errno == EAGAIN || +#endif + errno == EIO)) { + pcc = 0; + } else { + if (pcc <= 0) + break; +#if !defined(CRAY2) || !defined(UNICOS5) +#ifdef LINEMODE + /* + * If ioctl from pty, pass it through net + */ + if (ptyibuf[0] & TIOCPKT_IOCTL) { + copy_termbuf(ptyibuf+1, pcc-1); + localstat(); + pcc = 1; + } +#endif /* LINEMODE */ + if (ptyibuf[0] & TIOCPKT_FLUSHWRITE) { + netclear(); /* clear buffer back */ +#ifndef NO_URGENT + /* + * There are client telnets on some + * operating systems get screwed up + * royally if we send them urgent + * mode data. + */ + *nfrontp++ = IAC; + *nfrontp++ = DM; + neturg = nfrontp-1; /* off by one XXX */ + DIAG(TD_OPTIONS, + printoption("td: send IAC", DM)); + +#endif + } + if (his_state_is_will(TELOPT_LFLOW) && + (ptyibuf[0] & + (TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))) { + int newflow = + ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0; + if (newflow != flowmode) { + flowmode = newflow; + (void) sprintf(nfrontp, + "%c%c%c%c%c%c", + IAC, SB, TELOPT_LFLOW, + flowmode ? LFLOW_ON + : LFLOW_OFF, + IAC, SE); + nfrontp += 6; + DIAG(TD_OPTIONS, printsub('>', + (unsigned char *)nfrontp-4, + 4);); + } + } + pcc--; + ptyip = ptyibuf+1; +#else /* defined(CRAY2) && defined(UNICOS5) */ + if (!uselinemode) { + unpcc = pcc; + unptyip = ptyibuf; + pcc = term_output(&unptyip, ptyibuf2, + &unpcc, BUFSIZ); + ptyip = ptyibuf2; + } else + ptyip = ptyibuf; +#endif /* defined(CRAY2) && defined(UNICOS5) */ + } + } + + while (pcc > 0) { + if ((&netobuf[BUFSIZ] - nfrontp) < 2) + break; + c = *ptyip++ & 0377, pcc--; + if (c == IAC) + *nfrontp++ = c; +#if defined(CRAY2) && defined(UNICOS5) + else if (c == '\n' && + my_state_is_wont(TELOPT_BINARY) && newmap) + *nfrontp++ = '\r'; +#endif /* defined(CRAY2) && defined(UNICOS5) */ + *nfrontp++ = c; + if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) { + if (pcc > 0 && ((*ptyip & 0377) == '\n')) { + *nfrontp++ = *ptyip++ & 0377; + pcc--; + } else + *nfrontp++ = '\0'; + } + } +#if defined(CRAY2) && defined(UNICOS5) + /* + * If chars were left over from the terminal driver, + * note their existence. + */ + if (!uselinemode && unpcc) { + pcc = unpcc; + unpcc = 0; + ptyip = unptyip; + } +#endif /* defined(CRAY2) && defined(UNICOS5) */ + + if (FD_ISSET(f, &obits) && (nfrontp - nbackp) > 0) + netflush(); + if (ncc > 0) + telrcv(); + if (FD_ISSET(p, &obits) && (pfrontp - pbackp) > 0) + ptyflush(); + } + cleanup(0); +} /* end of telnet */ + +#ifndef TCSIG +# ifdef TIOCSIG +# define TCSIG TIOCSIG +# endif +#endif + +#ifdef STREAMSPTY + +int flowison = -1; /* current state of flow: -1 is unknown */ + +int readstream(p, ibuf, bufsize) + int p; + char *ibuf; + int bufsize; +{ + int flags = 0; + int ret = 0; + struct termios *tsp; + struct termio *tp; + struct iocblk *ip; + char vstop, vstart; + int ixon; + int newflow; + + strbufc.maxlen = BUFSIZ; + strbufc.buf = (char *)ctlbuf; + strbufd.maxlen = bufsize-1; + strbufd.len = 0; + strbufd.buf = ibuf+1; + ibuf[0] = 0; + + ret = getmsg(p, &strbufc, &strbufd, &flags); + if (ret < 0) /* error of some sort -- probably EAGAIN */ + return(-1); + + if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) { + /* data message */ + if (strbufd.len > 0) { /* real data */ + return(strbufd.len + 1); /* count header char */ + } else { + /* nothing there */ + errno = EAGAIN; + return(-1); + } + } + + /* + * It's a control message. Return 1, to look at the flag we set + */ + + switch (ctlbuf[0]) { + case M_FLUSH: + if (ibuf[1] & FLUSHW) + ibuf[0] = TIOCPKT_FLUSHWRITE; + return(1); + + case M_IOCTL: + ip = (struct iocblk *) (ibuf+1); + + switch (ip->ioc_cmd) { + case TCSETS: + case TCSETSW: + case TCSETSF: + tsp = (struct termios *) + (ibuf+1 + sizeof(struct iocblk)); + vstop = tsp->c_cc[VSTOP]; + vstart = tsp->c_cc[VSTART]; + ixon = tsp->c_iflag & IXON; + break; + case TCSETA: + case TCSETAW: + case TCSETAF: + tp = (struct termio *) (ibuf+1 + sizeof(struct iocblk)); + vstop = tp->c_cc[VSTOP]; + vstart = tp->c_cc[VSTART]; + ixon = tp->c_iflag & IXON; + break; + default: + errno = EAGAIN; + return(-1); + } + + newflow = (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0; + if (newflow != flowison) { /* it's a change */ + flowison = newflow; + ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP; + return(1); + } + } + + /* nothing worth doing anything about */ + errno = EAGAIN; + return(-1); +} +#endif /* STREAMSPTY */ + +/* + * Send interrupt to process on other side of pty. + * If it is in raw mode, just write NULL; + * otherwise, write intr char. + */ + void +interrupt() +{ + ptyflush(); /* half-hearted */ + +#if defined(STREAMSPTY) && defined(TIOCSIGNAL) + /* Streams PTY style ioctl to post a signal */ + { + int sig = SIGINT; + (void) ioctl(pty, TIOCSIGNAL, &sig); + (void) ioctl(pty, I_FLUSH, FLUSHR); + } +#else +#ifdef TCSIG + (void) ioctl(pty, TCSIG, (char *)SIGINT); +#else /* TCSIG */ + init_termbuf(); + *pfrontp++ = slctab[SLC_IP].sptr ? + (unsigned char)*slctab[SLC_IP].sptr : '\177'; +#endif /* TCSIG */ +#endif +} + +/* + * Send quit to process on other side of pty. + * If it is in raw mode, just write NULL; + * otherwise, write quit char. + */ + void +sendbrk() +{ + ptyflush(); /* half-hearted */ +#ifdef TCSIG + (void) ioctl(pty, TCSIG, (char *)SIGQUIT); +#else /* TCSIG */ + init_termbuf(); + *pfrontp++ = slctab[SLC_ABORT].sptr ? + (unsigned char)*slctab[SLC_ABORT].sptr : '\034'; +#endif /* TCSIG */ +} + + void +sendsusp() +{ +#ifdef SIGTSTP + ptyflush(); /* half-hearted */ +# ifdef TCSIG + (void) ioctl(pty, TCSIG, (char *)SIGTSTP); +# else /* TCSIG */ + *pfrontp++ = slctab[SLC_SUSP].sptr ? + (unsigned char)*slctab[SLC_SUSP].sptr : '\032'; +# endif /* TCSIG */ +#endif /* SIGTSTP */ +} + +/* + * When we get an AYT, if ^T is enabled, use that. Otherwise, + * just send back "[Yes]". + */ + void +recv_ayt() +{ +#if defined(SIGINFO) && defined(TCSIG) + if (slctab[SLC_AYT].sptr && *slctab[SLC_AYT].sptr != _POSIX_VDISABLE) { + (void) ioctl(pty, TCSIG, (char *)SIGINFO); + return; + } +#endif + (void) strcpy(nfrontp, "\r\n[Yes]\r\n"); + nfrontp += 9; +} + + void +doeof() +{ + init_termbuf(); + +#if defined(LINEMODE) && defined(USE_TERMIO) && (VEOF == VMIN) + if (!tty_isediting()) { + extern char oldeofc; + *pfrontp++ = oldeofc; + return; + } +#endif + *pfrontp++ = slctab[SLC_EOF].sptr ? + (unsigned char)*slctab[SLC_EOF].sptr : '\004'; +} diff --git a/secure/libexec/telnetd/telnetd.h b/secure/libexec/telnetd/telnetd.h new file mode 100644 index 0000000..234b973 --- /dev/null +++ b/secure/libexec/telnetd/telnetd.h @@ -0,0 +1,49 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)telnetd.h 8.1 (Berkeley) 6/4/93 + */ + + +#include "defs.h" +#include "ext.h" + +#ifdef DIAGNOSTICS +#define DIAG(a,b) if (diagnostic & (a)) b +#else +#define DIAG(a,b) +#endif + +/* other external variables */ +extern char **environ; +extern int errno; + diff --git a/secure/libexec/telnetd/termstat.c b/secure/libexec/telnetd/termstat.c new file mode 100644 index 0000000..f499137 --- /dev/null +++ b/secure/libexec/telnetd/termstat.c @@ -0,0 +1,669 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)termstat.c 8.2 (Berkeley) 5/30/95"; +#endif /* not lint */ + +#include "telnetd.h" + +/* + * local variables + */ +int def_tspeed = -1, def_rspeed = -1; +#ifdef TIOCSWINSZ +int def_row = 0, def_col = 0; +#endif +#ifdef LINEMODE +static int _terminit = 0; +#endif /* LINEMODE */ + +#if defined(CRAY2) && defined(UNICOS5) +int newmap = 1; /* nonzero if \n maps to ^M^J */ +#endif + +#ifdef LINEMODE +/* + * localstat + * + * This function handles all management of linemode. + * + * Linemode allows the client to do the local editing of data + * and send only complete lines to the server. Linemode state is + * based on the state of the pty driver. If the pty is set for + * external processing, then we can use linemode. Further, if we + * can use real linemode, then we can look at the edit control bits + * in the pty to determine what editing the client should do. + * + * Linemode support uses the following state flags to keep track of + * current and desired linemode state. + * alwayslinemode : true if -l was specified on the telnetd + * command line. It means to have linemode on as much as + * possible. + * + * lmodetype: signifies whether the client can + * handle real linemode, or if use of kludgeomatic linemode + * is preferred. It will be set to one of the following: + * REAL_LINEMODE : use linemode option + * NO_KLUDGE : don't initiate kludge linemode. + * KLUDGE_LINEMODE : use kludge linemode + * NO_LINEMODE : client is ignorant of linemode + * + * linemode, uselinemode : linemode is true if linemode + * is currently on, uselinemode is the state that we wish + * to be in. If another function wishes to turn linemode + * on or off, it sets or clears uselinemode. + * + * editmode, useeditmode : like linemode/uselinemode, but + * these contain the edit mode states (edit and trapsig). + * + * The state variables correspond to some of the state information + * in the pty. + * linemode: + * In real linemode, this corresponds to whether the pty + * expects external processing of incoming data. + * In kludge linemode, this more closely corresponds to the + * whether normal processing is on or not. (ICANON in + * system V, or COOKED mode in BSD.) + * If the -l option was specified (alwayslinemode), then + * an attempt is made to force external processing on at + * all times. + * + * The following heuristics are applied to determine linemode + * handling within the server. + * 1) Early on in starting up the server, an attempt is made + * to negotiate the linemode option. If this succeeds + * then lmodetype is set to REAL_LINEMODE and all linemode + * processing occurs in the context of the linemode option. + * 2) If the attempt to negotiate the linemode option failed, + * and the "-k" (don't initiate kludge linemode) isn't set, + * then we try to use kludge linemode. We test for this + * capability by sending "do Timing Mark". If a positive + * response comes back, then we assume that the client + * understands kludge linemode (ech!) and the + * lmodetype flag is set to KLUDGE_LINEMODE. + * 3) Otherwise, linemode is not supported at all and + * lmodetype remains set to NO_LINEMODE (which happens + * to be 0 for convenience). + * 4) At any time a command arrives that implies a higher + * state of linemode support in the client, we move to that + * linemode support. + * + * A short explanation of kludge linemode is in order here. + * 1) The heuristic to determine support for kludge linemode + * is to send a do timing mark. We assume that a client + * that supports timing marks also supports kludge linemode. + * A risky proposition at best. + * 2) Further negotiation of linemode is done by changing the + * the server's state regarding SGA. If server will SGA, + * then linemode is off, if server won't SGA, then linemode + * is on. + */ + void +localstat() +{ + void netflush(); + int need_will_echo = 0; + +#if defined(CRAY2) && defined(UNICOS5) + /* + * Keep track of that ol' CR/NL mapping while we're in the + * neighborhood. + */ + newmap = tty_isnewmap(); +#endif /* defined(CRAY2) && defined(UNICOS5) */ + + /* + * Check for changes to flow control if client supports it. + */ + flowstat(); + + /* + * Check linemode on/off state + */ + uselinemode = tty_linemode(); + + /* + * If alwayslinemode is on, and pty is changing to turn it off, then + * force linemode back on. + */ + if (alwayslinemode && linemode && !uselinemode) { + uselinemode = 1; + tty_setlinemode(uselinemode); + } + + if (uselinemode) { + /* + * Check for state of BINARY options. + * + * We only need to do the binary dance if we are actually going + * to use linemode. As this confuses some telnet clients + * that don't support linemode, and doesn't gain us + * anything, we don't do it unless we're doing linemode. + * -Crh (henrich@msu.edu) + */ + + if (tty_isbinaryin()) { + if (his_want_state_is_wont(TELOPT_BINARY)) + send_do(TELOPT_BINARY, 1); + } else { + if (his_want_state_is_will(TELOPT_BINARY)) + send_dont(TELOPT_BINARY, 1); + } + + if (tty_isbinaryout()) { + if (my_want_state_is_wont(TELOPT_BINARY)) + send_will(TELOPT_BINARY, 1); + } else { + if (my_want_state_is_will(TELOPT_BINARY)) + send_wont(TELOPT_BINARY, 1); + } + } + +#ifdef ENCRYPTION + /* + * If the terminal is not echoing, but editing is enabled, + * something like password input is going to happen, so + * if we the other side is not currently sending encrypted + * data, ask the other side to start encrypting. + */ + if (his_state_is_will(TELOPT_ENCRYPT)) { + static int enc_passwd = 0; + if (uselinemode && !tty_isecho() && tty_isediting() + && (enc_passwd == 0) && !decrypt_input) { + encrypt_send_request_start(); + enc_passwd = 1; + } else if (enc_passwd) { + encrypt_send_request_end(); + enc_passwd = 0; + } + } +#endif /* ENCRYPTION */ + + /* + * Do echo mode handling as soon as we know what the + * linemode is going to be. + * If the pty has echo turned off, then tell the client that + * the server will echo. If echo is on, then the server + * will echo if in character mode, but in linemode the + * client should do local echoing. The state machine will + * not send anything if it is unnecessary, so don't worry + * about that here. + * + * If we need to send the WILL ECHO (because echo is off), + * then delay that until after we have changed the MODE. + * This way, when the user is turning off both editing + * and echo, the client will get editing turned off first. + * This keeps the client from going into encryption mode + * and then right back out if it is doing auto-encryption + * when passwords are being typed. + */ + if (uselinemode) { + if (tty_isecho()) + send_wont(TELOPT_ECHO, 1); + else + need_will_echo = 1; +#ifdef KLUDGELINEMODE + if (lmodetype == KLUDGE_OK) + lmodetype = KLUDGE_LINEMODE; +#endif + } + + /* + * If linemode is being turned off, send appropriate + * command and then we're all done. + */ + if (!uselinemode && linemode) { +# ifdef KLUDGELINEMODE + if (lmodetype == REAL_LINEMODE) { +# endif /* KLUDGELINEMODE */ + send_dont(TELOPT_LINEMODE, 1); +# ifdef KLUDGELINEMODE + } else if (lmodetype == KLUDGE_LINEMODE) + send_will(TELOPT_SGA, 1); +# endif /* KLUDGELINEMODE */ + send_will(TELOPT_ECHO, 1); + linemode = uselinemode; + goto done; + } + +# ifdef KLUDGELINEMODE + /* + * If using real linemode check edit modes for possible later use. + * If we are in kludge linemode, do the SGA negotiation. + */ + if (lmodetype == REAL_LINEMODE) { +# endif /* KLUDGELINEMODE */ + useeditmode = 0; + if (tty_isediting()) + useeditmode |= MODE_EDIT; + if (tty_istrapsig()) + useeditmode |= MODE_TRAPSIG; + if (tty_issofttab()) + useeditmode |= MODE_SOFT_TAB; + if (tty_islitecho()) + useeditmode |= MODE_LIT_ECHO; +# ifdef KLUDGELINEMODE + } else if (lmodetype == KLUDGE_LINEMODE) { + if (tty_isediting() && uselinemode) + send_wont(TELOPT_SGA, 1); + else + send_will(TELOPT_SGA, 1); + } +# endif /* KLUDGELINEMODE */ + + /* + * Negotiate linemode on if pty state has changed to turn it on. + * Send appropriate command and send along edit mode, then all done. + */ + if (uselinemode && !linemode) { +# ifdef KLUDGELINEMODE + if (lmodetype == KLUDGE_LINEMODE) { + send_wont(TELOPT_SGA, 1); + } else if (lmodetype == REAL_LINEMODE) { +# endif /* KLUDGELINEMODE */ + send_do(TELOPT_LINEMODE, 1); + /* send along edit modes */ + (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB, + TELOPT_LINEMODE, LM_MODE, useeditmode, + IAC, SE); + nfrontp += 7; + editmode = useeditmode; +# ifdef KLUDGELINEMODE + } +# endif /* KLUDGELINEMODE */ + linemode = uselinemode; + goto done; + } + +# ifdef KLUDGELINEMODE + /* + * None of what follows is of any value if not using + * real linemode. + */ + if (lmodetype < REAL_LINEMODE) + goto done; +# endif /* KLUDGELINEMODE */ + + if (linemode && his_state_is_will(TELOPT_LINEMODE)) { + /* + * If edit mode changed, send edit mode. + */ + if (useeditmode != editmode) { + /* + * Send along appropriate edit mode mask. + */ + (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB, + TELOPT_LINEMODE, LM_MODE, useeditmode, + IAC, SE); + nfrontp += 7; + editmode = useeditmode; + } + + + /* + * Check for changes to special characters in use. + */ + start_slc(0); + check_slc(); + (void) end_slc(0); + } + +done: + if (need_will_echo) + send_will(TELOPT_ECHO, 1); + /* + * Some things should be deferred until after the pty state has + * been set by the local process. Do those things that have been + * deferred now. This only happens once. + */ + if (_terminit == 0) { + _terminit = 1; + defer_terminit(); + } + + netflush(); + set_termbuf(); + return; + +} /* end of localstat */ +#endif /* LINEMODE */ + +/* + * flowstat + * + * Check for changes to flow control + */ + void +flowstat() +{ + if (his_state_is_will(TELOPT_LFLOW)) { + if (tty_flowmode() != flowmode) { + flowmode = tty_flowmode(); + (void) sprintf(nfrontp, "%c%c%c%c%c%c", + IAC, SB, TELOPT_LFLOW, + flowmode ? LFLOW_ON : LFLOW_OFF, + IAC, SE); + nfrontp += 6; + } + if (tty_restartany() != restartany) { + restartany = tty_restartany(); + (void) sprintf(nfrontp, "%c%c%c%c%c%c", + IAC, SB, TELOPT_LFLOW, + restartany ? LFLOW_RESTART_ANY + : LFLOW_RESTART_XON, + IAC, SE); + nfrontp += 6; + } + } +} + +/* + * clientstat + * + * Process linemode related requests from the client. + * Client can request a change to only one of linemode, editmode or slc's + * at a time, and if using kludge linemode, then only linemode may be + * affected. + */ + void +clientstat(code, parm1, parm2) + register int code, parm1, parm2; +{ + void netflush(); + + /* + * Get a copy of terminal characteristics. + */ + init_termbuf(); + + /* + * Process request from client. code tells what it is. + */ + switch (code) { +#ifdef LINEMODE + case TELOPT_LINEMODE: + /* + * Don't do anything unless client is asking us to change + * modes. + */ + uselinemode = (parm1 == WILL); + if (uselinemode != linemode) { +# ifdef KLUDGELINEMODE + /* + * If using kludge linemode, make sure that + * we can do what the client asks. + * We can not turn off linemode if alwayslinemode + * and the ICANON bit is set. + */ + if (lmodetype == KLUDGE_LINEMODE) { + if (alwayslinemode && tty_isediting()) { + uselinemode = 1; + } + } + + /* + * Quit now if we can't do it. + */ + if (uselinemode == linemode) + return; + + /* + * If using real linemode and linemode is being + * turned on, send along the edit mode mask. + */ + if (lmodetype == REAL_LINEMODE && uselinemode) +# else /* KLUDGELINEMODE */ + if (uselinemode) +# endif /* KLUDGELINEMODE */ + { + useeditmode = 0; + if (tty_isediting()) + useeditmode |= MODE_EDIT; + if (tty_istrapsig) + useeditmode |= MODE_TRAPSIG; + if (tty_issofttab()) + useeditmode |= MODE_SOFT_TAB; + if (tty_islitecho()) + useeditmode |= MODE_LIT_ECHO; + (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, + SB, TELOPT_LINEMODE, LM_MODE, + useeditmode, IAC, SE); + nfrontp += 7; + editmode = useeditmode; + } + + + tty_setlinemode(uselinemode); + + linemode = uselinemode; + + if (!linemode) + send_will(TELOPT_ECHO, 1); + } + break; + + case LM_MODE: + { + register int ack, changed; + + /* + * Client has sent along a mode mask. If it agrees with + * what we are currently doing, ignore it; if not, it could + * be viewed as a request to change. Note that the server + * will change to the modes in an ack if it is different from + * what we currently have, but we will not ack the ack. + */ + useeditmode &= MODE_MASK; + ack = (useeditmode & MODE_ACK); + useeditmode &= ~MODE_ACK; + + if (changed = (useeditmode ^ editmode)) { + /* + * This check is for a timing problem. If the + * state of the tty has changed (due to the user + * application) we need to process that info + * before we write in the state contained in the + * ack!!! This gets out the new MODE request, + * and when the ack to that command comes back + * we'll set it and be in the right mode. + */ + if (ack) + localstat(); + if (changed & MODE_EDIT) + tty_setedit(useeditmode & MODE_EDIT); + + if (changed & MODE_TRAPSIG) + tty_setsig(useeditmode & MODE_TRAPSIG); + + if (changed & MODE_SOFT_TAB) + tty_setsofttab(useeditmode & MODE_SOFT_TAB); + + if (changed & MODE_LIT_ECHO) + tty_setlitecho(useeditmode & MODE_LIT_ECHO); + + set_termbuf(); + + if (!ack) { + (void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, + SB, TELOPT_LINEMODE, LM_MODE, + useeditmode|MODE_ACK, + IAC, SE); + nfrontp += 7; + } + + editmode = useeditmode; + } + + break; + + } /* end of case LM_MODE */ +#endif /* LINEMODE */ + + case TELOPT_NAWS: +#ifdef TIOCSWINSZ + { + struct winsize ws; + + def_col = parm1; + def_row = parm2; +#ifdef LINEMODE + /* + * Defer changing window size until after terminal is + * initialized. + */ + if (terminit() == 0) + return; +#endif /* LINEMODE */ + + /* + * Change window size as requested by client. + */ + + ws.ws_col = parm1; + ws.ws_row = parm2; + (void) ioctl(pty, TIOCSWINSZ, (char *)&ws); + } +#endif /* TIOCSWINSZ */ + + break; + + case TELOPT_TSPEED: + { + def_tspeed = parm1; + def_rspeed = parm2; +#ifdef LINEMODE + /* + * Defer changing the terminal speed. + */ + if (terminit() == 0) + return; +#endif /* LINEMODE */ + /* + * Change terminal speed as requested by client. + * We set the receive speed first, so that if we can't + * store seperate receive and transmit speeds, the transmit + * speed will take precedence. + */ + tty_rspeed(parm2); + tty_tspeed(parm1); + set_termbuf(); + + break; + + } /* end of case TELOPT_TSPEED */ + + default: + /* What? */ + break; + } /* end of switch */ + +#if defined(CRAY2) && defined(UNICOS5) + /* + * Just in case of the likely event that we changed the pty state. + */ + rcv_ioctl(); +#endif /* defined(CRAY2) && defined(UNICOS5) */ + + netflush(); + +} /* end of clientstat */ + +#if defined(CRAY2) && defined(UNICOS5) + void +termstat() +{ + needtermstat = 1; +} + + void +_termstat() +{ + needtermstat = 0; + init_termbuf(); + localstat(); + rcv_ioctl(); +} +#endif /* defined(CRAY2) && defined(UNICOS5) */ + +#ifdef LINEMODE +/* + * defer_terminit + * + * Some things should not be done until after the login process has started + * and all the pty modes are set to what they are supposed to be. This + * function is called when the pty state has been processed for the first time. + * It calls other functions that do things that were deferred in each module. + */ + void +defer_terminit() +{ + + /* + * local stuff that got deferred. + */ + if (def_tspeed != -1) { + clientstat(TELOPT_TSPEED, def_tspeed, def_rspeed); + def_tspeed = def_rspeed = 0; + } + +#ifdef TIOCSWINSZ + if (def_col || def_row) { + struct winsize ws; + + memset((char *)&ws, 0, sizeof(ws)); + ws.ws_col = def_col; + ws.ws_row = def_row; + (void) ioctl(pty, TIOCSWINSZ, (char *)&ws); + } +#endif + + /* + * The only other module that currently defers anything. + */ + deferslc(); + +} /* end of defer_terminit */ + +/* + * terminit + * + * Returns true if the pty state has been processed yet. + */ + int +terminit() +{ + return(_terminit); + +} /* end of terminit */ +#endif /* LINEMODE */ diff --git a/secure/libexec/telnetd/utility.c b/secure/libexec/telnetd/utility.c new file mode 100644 index 0000000..e2f285a --- /dev/null +++ b/secure/libexec/telnetd/utility.c @@ -0,0 +1,1202 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)utility.c 8.4 (Berkeley) 5/30/95"; +#endif /* not lint */ + +#ifdef __FreeBSD__ +#include <locale.h> +#endif +#define PRINTOPTIONS +#include "telnetd.h" + +/* + * utility functions performing io related tasks + */ + +/* + * ttloop + * + * A small subroutine to flush the network output buffer, get some data + * from the network, and pass it through the telnet state machine. We + * also flush the pty input buffer (by dropping its data) if it becomes + * too full. + */ + + void +ttloop() +{ + void netflush(); + + DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop\r\n"); + nfrontp += strlen(nfrontp);}); + if (nfrontp-nbackp) { + netflush(); + } + ncc = read(net, netibuf, sizeof netibuf); + if (ncc < 0) { + syslog(LOG_INFO, "ttloop: read: %m\n"); + exit(1); + } else if (ncc == 0) { + syslog(LOG_INFO, "ttloop: peer died: %m\n"); + exit(1); + } + DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop read %d chars\r\n", ncc); + nfrontp += strlen(nfrontp);}); + netip = netibuf; + telrcv(); /* state machine */ + if (ncc > 0) { + pfrontp = pbackp = ptyobuf; + telrcv(); + } +} /* end of ttloop */ + +/* + * Check a descriptor to see if out of band data exists on it. + */ + int +stilloob(s) + int s; /* socket number */ +{ + static struct timeval timeout = { 0 }; + fd_set excepts; + int value; + + do { + FD_ZERO(&excepts); + FD_SET(s, &excepts); + value = select(s+1, (fd_set *)0, (fd_set *)0, &excepts, &timeout); + } while ((value == -1) && (errno == EINTR)); + + if (value < 0) { + fatalperror(pty, "select"); + } + if (FD_ISSET(s, &excepts)) { + return 1; + } else { + return 0; + } +} + + void +ptyflush() +{ + int n; + + if ((n = pfrontp - pbackp) > 0) { + DIAG((TD_REPORT | TD_PTYDATA), + { sprintf(nfrontp, "td: ptyflush %d chars\r\n", n); + nfrontp += strlen(nfrontp); }); + DIAG(TD_PTYDATA, printdata("pd", pbackp, n)); + n = write(pty, pbackp, n); + } + if (n < 0) { + if (errno == EWOULDBLOCK || errno == EINTR) + return; + cleanup(0); + } + pbackp += n; + if (pbackp == pfrontp) + pbackp = pfrontp = ptyobuf; +} + +/* + * nextitem() + * + * Return the address of the next "item" in the TELNET data + * stream. This will be the address of the next character if + * the current address is a user data character, or it will + * be the address of the character following the TELNET command + * if the current address is a TELNET IAC ("I Am a Command") + * character. + */ + char * +nextitem(current) + char *current; +{ + if ((*current&0xff) != IAC) { + return current+1; + } + switch (*(current+1)&0xff) { + case DO: + case DONT: + case WILL: + case WONT: + return current+3; + case SB: /* loop forever looking for the SE */ + { + register char *look = current+2; + + for (;;) { + if ((*look++&0xff) == IAC) { + if ((*look++&0xff) == SE) { + return look; + } + } + } + } + default: + return current+2; + } +} /* end of nextitem */ + + +/* + * netclear() + * + * We are about to do a TELNET SYNCH operation. Clear + * the path to the network. + * + * Things are a bit tricky since we may have sent the first + * byte or so of a previous TELNET command into the network. + * So, we have to scan the network buffer from the beginning + * until we are up to where we want to be. + * + * A side effect of what we do, just to keep things + * simple, is to clear the urgent data pointer. The principal + * caller should be setting the urgent data pointer AFTER calling + * us in any case. + */ + void +netclear() +{ + register char *thisitem, *next; + char *good; +#define wewant(p) ((nfrontp > p) && ((*p&0xff) == IAC) && \ + ((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL)) + +#ifdef ENCRYPTION + thisitem = nclearto > netobuf ? nclearto : netobuf; +#else /* ENCRYPTION */ + thisitem = netobuf; +#endif /* ENCRYPTION */ + + while ((next = nextitem(thisitem)) <= nbackp) { + thisitem = next; + } + + /* Now, thisitem is first before/at boundary. */ + +#ifdef ENCRYPTION + good = nclearto > netobuf ? nclearto : netobuf; +#else /* ENCRYPTION */ + good = netobuf; /* where the good bytes go */ +#endif /* ENCRYPTION */ + + while (nfrontp > thisitem) { + if (wewant(thisitem)) { + int length; + + next = thisitem; + do { + next = nextitem(next); + } while (wewant(next) && (nfrontp > next)); + length = next-thisitem; + memmove(good, thisitem, length); + good += length; + thisitem = next; + } else { + thisitem = nextitem(thisitem); + } + } + + nbackp = netobuf; + nfrontp = good; /* next byte to be sent */ + neturg = 0; +} /* end of netclear */ + +/* + * netflush + * Send as much data as possible to the network, + * handling requests for urgent data. + */ + void +netflush() +{ + int n; + extern int not42; + + if ((n = nfrontp - nbackp) > 0) { + DIAG(TD_REPORT, + { sprintf(nfrontp, "td: netflush %d chars\r\n", n); + n += strlen(nfrontp); /* get count first */ + nfrontp += strlen(nfrontp); /* then move pointer */ + }); +#ifdef ENCRYPTION + if (encrypt_output) { + char *s = nclearto ? nclearto : nbackp; + if (nfrontp - s > 0) { + (*encrypt_output)((unsigned char *)s, nfrontp-s); + nclearto = nfrontp; + } + } +#endif /* ENCRYPTION */ + /* + * if no urgent data, or if the other side appears to be an + * old 4.2 client (and thus unable to survive TCP urgent data), + * write the entire buffer in non-OOB mode. + */ + if ((neturg == 0) || (not42 == 0)) { + n = write(net, nbackp, n); /* normal write */ + } else { + n = neturg - nbackp; + /* + * In 4.2 (and 4.3) systems, there is some question about + * what byte in a sendOOB operation is the "OOB" data. + * To make ourselves compatible, we only send ONE byte + * out of band, the one WE THINK should be OOB (though + * we really have more the TCP philosophy of urgent data + * rather than the Unix philosophy of OOB data). + */ + if (n > 1) { + n = send(net, nbackp, n-1, 0); /* send URGENT all by itself */ + } else { + n = send(net, nbackp, n, MSG_OOB); /* URGENT data */ + } + } + } + if (n < 0) { + if (errno == EWOULDBLOCK || errno == EINTR) + return; + cleanup(0); + } + nbackp += n; +#ifdef ENCRYPTION + if (nbackp > nclearto) + nclearto = 0; +#endif /* ENCRYPTION */ + if (nbackp >= neturg) { + neturg = 0; + } + if (nbackp == nfrontp) { + nbackp = nfrontp = netobuf; +#ifdef ENCRYPTION + nclearto = 0; +#endif /* ENCRYPTION */ + } + return; +} /* end of netflush */ + + +/* + * writenet + * + * Just a handy little function to write a bit of raw data to the net. + * It will force a transmit of the buffer if necessary + * + * arguments + * ptr - A pointer to a character string to write + * len - How many bytes to write + */ + void +writenet(ptr, len) + register unsigned char *ptr; + register int len; +{ + /* flush buffer if no room for new data) */ + if ((&netobuf[BUFSIZ] - nfrontp) < len) { + /* if this fails, don't worry, buffer is a little big */ + netflush(); + } + + memmove(nfrontp, ptr, len); + nfrontp += len; + +} /* end of writenet */ + + +/* + * miscellaneous functions doing a variety of little jobs follow ... + */ + + + void +fatal(f, msg) + int f; + char *msg; +{ + char buf[BUFSIZ]; + + (void) sprintf(buf, "telnetd: %s.\r\n", msg); +#ifdef ENCRYPTION + if (encrypt_output) { + /* + * Better turn off encryption first.... + * Hope it flushes... + */ + encrypt_send_end(); + netflush(); + } +#endif /* ENCRYPTION */ + (void) write(f, buf, (int)strlen(buf)); + sleep(1); /*XXX*/ + exit(1); +} + + void +fatalperror(f, msg) + int f; + char *msg; +{ + char buf[BUFSIZ], *strerror(); + + (void) sprintf(buf, "%s: %s", msg, strerror(errno)); + fatal(f, buf); +} + +char editedhost[32]; + + void +edithost(pat, host) + register char *pat; + register char *host; +{ + register char *res = editedhost; + char *strncpy(); + + if (!pat) + pat = ""; + while (*pat) { + switch (*pat) { + + case '#': + if (*host) + host++; + break; + + case '@': + if (*host) + *res++ = *host++; + break; + + default: + *res++ = *pat; + break; + } + if (res == &editedhost[sizeof editedhost - 1]) { + *res = '\0'; + return; + } + pat++; + } + if (*host) + (void) strncpy(res, host, + sizeof editedhost - (res - editedhost) -1); + else + *res = '\0'; + editedhost[sizeof editedhost - 1] = '\0'; +} + +static char *putlocation; + + void +putstr(s) + register char *s; +{ + + while (*s) + putchr(*s++); +} + + void +putchr(cc) + int cc; +{ + *putlocation++ = cc; +} + +#ifdef __FreeBSD__ +static char fmtstr[] = { "%+" }; +#else +/* + * This is split on two lines so that SCCS will not see the M + * between two % signs and expand it... + */ +static char fmtstr[] = { "%l:%M\ +%P on %A, %d %B %Y" }; +#endif + + void +putf(cp, where) + register char *cp; + char *where; +{ + char *slash; + time_t t; + char db[100]; +#ifdef STREAMSPTY + extern char *strchr(); +#else + extern char *strrchr(); +#endif + + putlocation = where; + + while (*cp) { + if (*cp != '%') { + putchr(*cp++); + continue; + } + switch (*++cp) { + + case 't': +#ifdef STREAMSPTY + /* names are like /dev/pts/2 -- we want pts/2 */ + slash = strchr(line+1, '/'); +#else + slash = strrchr(line, '/'); +#endif + if (slash == (char *) 0) + putstr(line); + else + putstr(&slash[1]); + break; + + case 'h': + putstr(editedhost); + break; + + case 'd': +#ifdef __FreeBSD__ + setlocale(LC_TIME, ""); +#endif + (void)time(&t); + (void)strftime(db, sizeof(db), fmtstr, localtime(&t)); + putstr(db); + break; + + case '%': + putchr('%'); + break; + } + cp++; + } +} + +#ifdef DIAGNOSTICS +/* + * Print telnet options and commands in plain text, if possible. + */ + void +printoption(fmt, option) + register char *fmt; + register int option; +{ + if (TELOPT_OK(option)) + sprintf(nfrontp, "%s %s\r\n", fmt, TELOPT(option)); + else if (TELCMD_OK(option)) + sprintf(nfrontp, "%s %s\r\n", fmt, TELCMD(option)); + else + sprintf(nfrontp, "%s %d\r\n", fmt, option); + nfrontp += strlen(nfrontp); + return; +} + + void +printsub(direction, pointer, length) + char direction; /* '<' or '>' */ + unsigned char *pointer; /* where suboption data sits */ + int length; /* length of suboption data */ +{ + register int i; + char buf[512]; + + if (!(diagnostic & TD_OPTIONS)) + return; + + if (direction) { + sprintf(nfrontp, "td: %s suboption ", + direction == '<' ? "recv" : "send"); + nfrontp += strlen(nfrontp); + if (length >= 3) { + register int j; + + i = pointer[length-2]; + j = pointer[length-1]; + + if (i != IAC || j != SE) { + sprintf(nfrontp, "(terminated by "); + nfrontp += strlen(nfrontp); + if (TELOPT_OK(i)) + sprintf(nfrontp, "%s ", TELOPT(i)); + else if (TELCMD_OK(i)) + sprintf(nfrontp, "%s ", TELCMD(i)); + else + sprintf(nfrontp, "%d ", i); + nfrontp += strlen(nfrontp); + if (TELOPT_OK(j)) + sprintf(nfrontp, "%s", TELOPT(j)); + else if (TELCMD_OK(j)) + sprintf(nfrontp, "%s", TELCMD(j)); + else + sprintf(nfrontp, "%d", j); + nfrontp += strlen(nfrontp); + sprintf(nfrontp, ", not IAC SE!) "); + nfrontp += strlen(nfrontp); + } + } + length -= 2; + } + if (length < 1) { + sprintf(nfrontp, "(Empty suboption??\?)"); + nfrontp += strlen(nfrontp); + return; + } + switch (pointer[0]) { + case TELOPT_TTYPE: + sprintf(nfrontp, "TERMINAL-TYPE "); + nfrontp += strlen(nfrontp); + switch (pointer[1]) { + case TELQUAL_IS: + sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2); + break; + case TELQUAL_SEND: + sprintf(nfrontp, "SEND"); + break; + default: + sprintf(nfrontp, + "- unknown qualifier %d (0x%x).", + pointer[1], pointer[1]); + } + nfrontp += strlen(nfrontp); + break; + case TELOPT_TSPEED: + sprintf(nfrontp, "TERMINAL-SPEED"); + nfrontp += strlen(nfrontp); + if (length < 2) { + sprintf(nfrontp, " (empty suboption??\?)"); + nfrontp += strlen(nfrontp); + break; + } + switch (pointer[1]) { + case TELQUAL_IS: + sprintf(nfrontp, " IS %.*s", length-2, (char *)pointer+2); + nfrontp += strlen(nfrontp); + break; + default: + if (pointer[1] == 1) + sprintf(nfrontp, " SEND"); + else + sprintf(nfrontp, " %d (unknown)", pointer[1]); + nfrontp += strlen(nfrontp); + for (i = 2; i < length; i++) { + sprintf(nfrontp, " ?%d?", pointer[i]); + nfrontp += strlen(nfrontp); + } + break; + } + break; + + case TELOPT_LFLOW: + sprintf(nfrontp, "TOGGLE-FLOW-CONTROL"); + nfrontp += strlen(nfrontp); + if (length < 2) { + sprintf(nfrontp, " (empty suboption??\?)"); + nfrontp += strlen(nfrontp); + break; + } + switch (pointer[1]) { + case LFLOW_OFF: + sprintf(nfrontp, " OFF"); break; + case LFLOW_ON: + sprintf(nfrontp, " ON"); break; + case LFLOW_RESTART_ANY: + sprintf(nfrontp, " RESTART-ANY"); break; + case LFLOW_RESTART_XON: + sprintf(nfrontp, " RESTART-XON"); break; + default: + sprintf(nfrontp, " %d (unknown)", pointer[1]); + } + nfrontp += strlen(nfrontp); + for (i = 2; i < length; i++) { + sprintf(nfrontp, " ?%d?", pointer[i]); + nfrontp += strlen(nfrontp); + } + break; + + case TELOPT_NAWS: + sprintf(nfrontp, "NAWS"); + nfrontp += strlen(nfrontp); + if (length < 2) { + sprintf(nfrontp, " (empty suboption??\?)"); + nfrontp += strlen(nfrontp); + break; + } + if (length == 2) { + sprintf(nfrontp, " ?%d?", pointer[1]); + nfrontp += strlen(nfrontp); + break; + } + sprintf(nfrontp, " %d %d (%d)", + pointer[1], pointer[2], + (int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2]))); + nfrontp += strlen(nfrontp); + if (length == 4) { + sprintf(nfrontp, " ?%d?", pointer[3]); + nfrontp += strlen(nfrontp); + break; + } + sprintf(nfrontp, " %d %d (%d)", + pointer[3], pointer[4], + (int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4]))); + nfrontp += strlen(nfrontp); + for (i = 5; i < length; i++) { + sprintf(nfrontp, " ?%d?", pointer[i]); + nfrontp += strlen(nfrontp); + } + break; + + case TELOPT_LINEMODE: + sprintf(nfrontp, "LINEMODE "); + nfrontp += strlen(nfrontp); + if (length < 2) { + sprintf(nfrontp, " (empty suboption??\?)"); + nfrontp += strlen(nfrontp); + break; + } + switch (pointer[1]) { + case WILL: + sprintf(nfrontp, "WILL "); + goto common; + case WONT: + sprintf(nfrontp, "WONT "); + goto common; + case DO: + sprintf(nfrontp, "DO "); + goto common; + case DONT: + sprintf(nfrontp, "DONT "); + common: + nfrontp += strlen(nfrontp); + if (length < 3) { + sprintf(nfrontp, "(no option??\?)"); + nfrontp += strlen(nfrontp); + break; + } + switch (pointer[2]) { + case LM_FORWARDMASK: + sprintf(nfrontp, "Forward Mask"); + nfrontp += strlen(nfrontp); + for (i = 3; i < length; i++) { + sprintf(nfrontp, " %x", pointer[i]); + nfrontp += strlen(nfrontp); + } + break; + default: + sprintf(nfrontp, "%d (unknown)", pointer[2]); + nfrontp += strlen(nfrontp); + for (i = 3; i < length; i++) { + sprintf(nfrontp, " %d", pointer[i]); + nfrontp += strlen(nfrontp); + } + break; + } + break; + + case LM_SLC: + sprintf(nfrontp, "SLC"); + nfrontp += strlen(nfrontp); + for (i = 2; i < length - 2; i += 3) { + if (SLC_NAME_OK(pointer[i+SLC_FUNC])) + sprintf(nfrontp, " %s", SLC_NAME(pointer[i+SLC_FUNC])); + else + sprintf(nfrontp, " %d", pointer[i+SLC_FUNC]); + nfrontp += strlen(nfrontp); + switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) { + case SLC_NOSUPPORT: + sprintf(nfrontp, " NOSUPPORT"); break; + case SLC_CANTCHANGE: + sprintf(nfrontp, " CANTCHANGE"); break; + case SLC_VARIABLE: + sprintf(nfrontp, " VARIABLE"); break; + case SLC_DEFAULT: + sprintf(nfrontp, " DEFAULT"); break; + } + nfrontp += strlen(nfrontp); + sprintf(nfrontp, "%s%s%s", + pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "", + pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "", + pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : ""); + nfrontp += strlen(nfrontp); + if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN| + SLC_FLUSHOUT| SLC_LEVELBITS)) { + sprintf(nfrontp, "(0x%x)", pointer[i+SLC_FLAGS]); + nfrontp += strlen(nfrontp); + } + sprintf(nfrontp, " %d;", pointer[i+SLC_VALUE]); + nfrontp += strlen(nfrontp); + if ((pointer[i+SLC_VALUE] == IAC) && + (pointer[i+SLC_VALUE+1] == IAC)) + i++; + } + for (; i < length; i++) { + sprintf(nfrontp, " ?%d?", pointer[i]); + nfrontp += strlen(nfrontp); + } + break; + + case LM_MODE: + sprintf(nfrontp, "MODE "); + nfrontp += strlen(nfrontp); + if (length < 3) { + sprintf(nfrontp, "(no mode??\?)"); + nfrontp += strlen(nfrontp); + break; + } + { + char tbuf[32]; + sprintf(tbuf, "%s%s%s%s%s", + pointer[2]&MODE_EDIT ? "|EDIT" : "", + pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "", + pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "", + pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "", + pointer[2]&MODE_ACK ? "|ACK" : ""); + sprintf(nfrontp, "%s", tbuf[1] ? &tbuf[1] : "0"); + nfrontp += strlen(nfrontp); + } + if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) { + sprintf(nfrontp, " (0x%x)", pointer[2]); + nfrontp += strlen(nfrontp); + } + for (i = 3; i < length; i++) { + sprintf(nfrontp, " ?0x%x?", pointer[i]); + nfrontp += strlen(nfrontp); + } + break; + default: + sprintf(nfrontp, "%d (unknown)", pointer[1]); + nfrontp += strlen(nfrontp); + for (i = 2; i < length; i++) { + sprintf(nfrontp, " %d", pointer[i]); + nfrontp += strlen(nfrontp); + } + } + break; + + case TELOPT_STATUS: { + register char *cp; + register int j, k; + + sprintf(nfrontp, "STATUS"); + nfrontp += strlen(nfrontp); + + switch (pointer[1]) { + default: + if (pointer[1] == TELQUAL_SEND) + sprintf(nfrontp, " SEND"); + else + sprintf(nfrontp, " %d (unknown)", pointer[1]); + nfrontp += strlen(nfrontp); + for (i = 2; i < length; i++) { + sprintf(nfrontp, " ?%d?", pointer[i]); + nfrontp += strlen(nfrontp); + } + break; + case TELQUAL_IS: + sprintf(nfrontp, " IS\r\n"); + nfrontp += strlen(nfrontp); + + for (i = 2; i < length; i++) { + switch(pointer[i]) { + case DO: cp = "DO"; goto common2; + case DONT: cp = "DONT"; goto common2; + case WILL: cp = "WILL"; goto common2; + case WONT: cp = "WONT"; goto common2; + common2: + i++; + if (TELOPT_OK(pointer[i])) + sprintf(nfrontp, " %s %s", cp, TELOPT(pointer[i])); + else + sprintf(nfrontp, " %s %d", cp, pointer[i]); + nfrontp += strlen(nfrontp); + + sprintf(nfrontp, "\r\n"); + nfrontp += strlen(nfrontp); + break; + + case SB: + sprintf(nfrontp, " SB "); + nfrontp += strlen(nfrontp); + i++; + j = k = i; + while (j < length) { + if (pointer[j] == SE) { + if (j+1 == length) + break; + if (pointer[j+1] == SE) + j++; + else + break; + } + pointer[k++] = pointer[j++]; + } + printsub(0, &pointer[i], k - i); + if (i < length) { + sprintf(nfrontp, " SE"); + nfrontp += strlen(nfrontp); + i = j; + } else + i = j - 1; + + sprintf(nfrontp, "\r\n"); + nfrontp += strlen(nfrontp); + + break; + + default: + sprintf(nfrontp, " %d", pointer[i]); + nfrontp += strlen(nfrontp); + break; + } + } + break; + } + break; + } + + case TELOPT_XDISPLOC: + sprintf(nfrontp, "X-DISPLAY-LOCATION "); + nfrontp += strlen(nfrontp); + switch (pointer[1]) { + case TELQUAL_IS: + sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2); + break; + case TELQUAL_SEND: + sprintf(nfrontp, "SEND"); + break; + default: + sprintf(nfrontp, "- unknown qualifier %d (0x%x).", + pointer[1], pointer[1]); + } + nfrontp += strlen(nfrontp); + break; + + case TELOPT_NEW_ENVIRON: + sprintf(nfrontp, "NEW-ENVIRON "); + goto env_common1; + case TELOPT_OLD_ENVIRON: + sprintf(nfrontp, "OLD-ENVIRON"); + env_common1: + nfrontp += strlen(nfrontp); + switch (pointer[1]) { + case TELQUAL_IS: + sprintf(nfrontp, "IS "); + goto env_common; + case TELQUAL_SEND: + sprintf(nfrontp, "SEND "); + goto env_common; + case TELQUAL_INFO: + sprintf(nfrontp, "INFO "); + env_common: + nfrontp += strlen(nfrontp); + { + register int noquote = 2; + for (i = 2; i < length; i++ ) { + switch (pointer[i]) { + case NEW_ENV_VAR: + sprintf(nfrontp, "\" VAR " + noquote); + nfrontp += strlen(nfrontp); + noquote = 2; + break; + + case NEW_ENV_VALUE: + sprintf(nfrontp, "\" VALUE " + noquote); + nfrontp += strlen(nfrontp); + noquote = 2; + break; + + case ENV_ESC: + sprintf(nfrontp, "\" ESC " + noquote); + nfrontp += strlen(nfrontp); + noquote = 2; + break; + + case ENV_USERVAR: + sprintf(nfrontp, "\" USERVAR " + noquote); + nfrontp += strlen(nfrontp); + noquote = 2; + break; + + default: + def_case: + if (isprint(pointer[i]) && pointer[i] != '"') { + if (noquote) { + *nfrontp++ = '"'; + noquote = 0; + } + *nfrontp++ = pointer[i]; + } else { + sprintf(nfrontp, "\" %03o " + noquote, + pointer[i]); + nfrontp += strlen(nfrontp); + noquote = 2; + } + break; + } + } + if (!noquote) + *nfrontp++ = '"'; + break; + } + } + break; + +#if defined(AUTHENTICATION) + case TELOPT_AUTHENTICATION: + sprintf(nfrontp, "AUTHENTICATION"); + nfrontp += strlen(nfrontp); + + if (length < 2) { + sprintf(nfrontp, " (empty suboption??\?)"); + nfrontp += strlen(nfrontp); + break; + } + switch (pointer[1]) { + case TELQUAL_REPLY: + case TELQUAL_IS: + sprintf(nfrontp, " %s ", (pointer[1] == TELQUAL_IS) ? + "IS" : "REPLY"); + nfrontp += strlen(nfrontp); + if (AUTHTYPE_NAME_OK(pointer[2])) + sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[2])); + else + sprintf(nfrontp, "%d ", pointer[2]); + nfrontp += strlen(nfrontp); + if (length < 3) { + sprintf(nfrontp, "(partial suboption??\?)"); + nfrontp += strlen(nfrontp); + break; + } + sprintf(nfrontp, "%s|%s", + ((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? + "CLIENT" : "SERVER", + ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? + "MUTUAL" : "ONE-WAY"); + nfrontp += strlen(nfrontp); + + auth_printsub(&pointer[1], length - 1, buf, sizeof(buf)); + sprintf(nfrontp, "%s", buf); + nfrontp += strlen(nfrontp); + break; + + case TELQUAL_SEND: + i = 2; + sprintf(nfrontp, " SEND "); + nfrontp += strlen(nfrontp); + while (i < length) { + if (AUTHTYPE_NAME_OK(pointer[i])) + sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[i])); + else + sprintf(nfrontp, "%d ", pointer[i]); + nfrontp += strlen(nfrontp); + if (++i >= length) { + sprintf(nfrontp, "(partial suboption??\?)"); + nfrontp += strlen(nfrontp); + break; + } + sprintf(nfrontp, "%s|%s ", + ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? + "CLIENT" : "SERVER", + ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? + "MUTUAL" : "ONE-WAY"); + nfrontp += strlen(nfrontp); + ++i; + } + break; + + case TELQUAL_NAME: + i = 2; + sprintf(nfrontp, " NAME \""); + nfrontp += strlen(nfrontp); + while (i < length) + *nfrontp += pointer[i++]; + *nfrontp += '"'; + break; + + default: + for (i = 2; i < length; i++) { + sprintf(nfrontp, " ?%d?", pointer[i]); + nfrontp += strlen(nfrontp); + } + break; + } + break; +#endif + +#ifdef ENCRYPTION + case TELOPT_ENCRYPT: + sprintf(nfrontp, "ENCRYPT"); + nfrontp += strlen(nfrontp); + if (length < 2) { + sprintf(nfrontp, " (empty suboption??\?)"); + nfrontp += strlen(nfrontp); + break; + } + switch (pointer[1]) { + case ENCRYPT_START: + sprintf(nfrontp, " START"); + nfrontp += strlen(nfrontp); + break; + + case ENCRYPT_END: + sprintf(nfrontp, " END"); + nfrontp += strlen(nfrontp); + break; + + case ENCRYPT_REQSTART: + sprintf(nfrontp, " REQUEST-START"); + nfrontp += strlen(nfrontp); + break; + + case ENCRYPT_REQEND: + sprintf(nfrontp, " REQUEST-END"); + nfrontp += strlen(nfrontp); + break; + + case ENCRYPT_IS: + case ENCRYPT_REPLY: + sprintf(nfrontp, " %s ", (pointer[1] == ENCRYPT_IS) ? + "IS" : "REPLY"); + nfrontp += strlen(nfrontp); + if (length < 3) { + sprintf(nfrontp, " (partial suboption??\?)"); + nfrontp += strlen(nfrontp); + break; + } + if (ENCTYPE_NAME_OK(pointer[2])) + sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[2])); + else + sprintf(nfrontp, " %d (unknown)", pointer[2]); + nfrontp += strlen(nfrontp); + + encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf)); + sprintf(nfrontp, "%s", buf); + nfrontp += strlen(nfrontp); + break; + + case ENCRYPT_SUPPORT: + i = 2; + sprintf(nfrontp, " SUPPORT "); + nfrontp += strlen(nfrontp); + while (i < length) { + if (ENCTYPE_NAME_OK(pointer[i])) + sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[i])); + else + sprintf(nfrontp, "%d ", pointer[i]); + nfrontp += strlen(nfrontp); + i++; + } + break; + + case ENCRYPT_ENC_KEYID: + sprintf(nfrontp, " ENC_KEYID", pointer[1]); + nfrontp += strlen(nfrontp); + goto encommon; + + case ENCRYPT_DEC_KEYID: + sprintf(nfrontp, " DEC_KEYID", pointer[1]); + nfrontp += strlen(nfrontp); + goto encommon; + + default: + sprintf(nfrontp, " %d (unknown)", pointer[1]); + nfrontp += strlen(nfrontp); + encommon: + for (i = 2; i < length; i++) { + sprintf(nfrontp, " %d", pointer[i]); + nfrontp += strlen(nfrontp); + } + break; + } + break; +#endif /* ENCRYPTION */ + + default: + if (TELOPT_OK(pointer[0])) + sprintf(nfrontp, "%s (unknown)", TELOPT(pointer[0])); + else + sprintf(nfrontp, "%d (unknown)", pointer[i]); + nfrontp += strlen(nfrontp); + for (i = 1; i < length; i++) { + sprintf(nfrontp, " %d", pointer[i]); + nfrontp += strlen(nfrontp); + } + break; + } + sprintf(nfrontp, "\r\n"); + nfrontp += strlen(nfrontp); +} + +/* + * Dump a data buffer in hex and ascii to the output data stream. + */ + void +printdata(tag, ptr, cnt) + register char *tag; + register char *ptr; + register int cnt; +{ + register int i; + char xbuf[30]; + + while (cnt) { + /* flush net output buffer if no room for new data) */ + if ((&netobuf[BUFSIZ] - nfrontp) < 80) { + netflush(); + } + + /* add a line of output */ + sprintf(nfrontp, "%s: ", tag); + nfrontp += strlen(nfrontp); + for (i = 0; i < 20 && cnt; i++) { + sprintf(nfrontp, "%02x", *ptr); + nfrontp += strlen(nfrontp); + if (isprint(*ptr)) { + xbuf[i] = *ptr; + } else { + xbuf[i] = '.'; + } + if (i % 2) { + *nfrontp = ' '; + nfrontp++; + } + cnt--; + ptr++; + } + xbuf[i] = '\0'; + sprintf(nfrontp, " %s\r\n", xbuf ); + nfrontp += strlen(nfrontp); + } +} +#endif /* DIAGNOSTICS */ diff --git a/secure/usr.bin/Makefile b/secure/usr.bin/Makefile new file mode 100644 index 0000000..48b0024 --- /dev/null +++ b/secure/usr.bin/Makefile @@ -0,0 +1,6 @@ +# $Id: Makefile,v 1.2 1995/07/29 12:49:25 markm Exp $ + +SUBDIR= bdes + +.include <bsd.subdir.mk> + diff --git a/secure/usr.bin/Makefile.inc b/secure/usr.bin/Makefile.inc new file mode 100644 index 0000000..e09cceb --- /dev/null +++ b/secure/usr.bin/Makefile.inc @@ -0,0 +1,4 @@ +# $Id: Makefile.inc,v 1.1 1994/09/07 07:16:50 pst Exp $ + +BINDIR= /usr/bin +.include "${.CURDIR}/../../Makefile.inc" diff --git a/secure/usr.bin/bdes/Makefile b/secure/usr.bin/bdes/Makefile new file mode 100644 index 0000000..5af8438 --- /dev/null +++ b/secure/usr.bin/bdes/Makefile @@ -0,0 +1,16 @@ +# @(#)Makefile 8.1 (Berkeley) 6/6/93 +# $Id: Makefile,v 1.6 1995/12/21 17:57:16 ache Exp $ + +PROG= bdes +SRCS= bdes.c + +.if exists(${.OBJDIR}/../../lib/libcipher) +LDFLAGS+= -L${.OBJDIR}/../../lib/libcipher +.else +LDFLAGS+= -L${.CURDIR}/../../lib/libcipher +.endif + +LDADD+= -lcipher +DPADD+= libcipher.a + +.include <bsd.prog.mk> diff --git a/secure/usr.bin/bdes/bdes.1 b/secure/usr.bin/bdes/bdes.1 new file mode 100644 index 0000000..48179fd --- /dev/null +++ b/secure/usr.bin/bdes/bdes.1 @@ -0,0 +1,304 @@ +.\" Copyright (c) 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" This code is derived from software contributed to Berkeley by +.\" Matt Bishop of Dartmouth College. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)bdes.1 8.1 (Berkeley) 6/29/93 +.\" +.TH BDES 1 "June 29, 1993" +.UC 6 +.SH NAME +bdes \- encrypt/decrypt using the Data Encryption Standard +.SH SYNOPSIS +.nf +.ft B +bdes [ \-abdp ] [ \-F N ] [ \-f N ] [ \-k key ] +.ti +5 +[ \-m N ] [ \-o N ] [ \-v vector ] +.ft R +.fi +.SH DESCRIPTION +.I Bdes +implements all DES modes of operation described in FIPS PUB 81, +including alternative cipher feedback mode and both authentication +modes. +.I Bdes +reads from the standard input and writes to the standard output. +By default, the input is encrypted using cipher block chaining mode. +Using the same key for encryption and decryption preserves plain text. +.PP +All modes but the electronic code book mode require an initialization +vector; if none is supplied, the zero vector is used. +If no +.I key +is specified on the command line, the user is prompted for one (see +.IR getpass (3) +for more details). +.PP +The options are as follows: +.TP +\-a +The key and initialization vector strings are to be taken as ASCII, +suppressing the special interpretation given to leading ``0X'', ``0x'', +``0B'', and ``0b'' characters. +This flag applies to +.I both +the key and initialization vector. +.TP +\-b +Use electronic code book mode. +.TP +\-d +Decrypt the input. +.TP +\-F +Use +.IR N -bit +alternative cipher feedback mode. +Currently +.I N +must be a multiple of 7 between 7 and 56 inclusive (this does not conform +to the alternative CFB mode specification). +.TP +\-f +Use +.IR N -bit +cipher feedback mode. +Currently +.I N +must be a multiple of 8 between 8 and 64 inclusive (this does not conform +to the standard CFB mode specification). +.TP +\-k +Use +.I key +as the cryptographic key. +.TP +\-m +Compute a message authentication code (MAC) of +.I N +bits on the input. +The value of +.I N +must be between 1 and 64 inclusive; if +.I N +is not a multiple of 8, enough 0 bits will be added to pad the MAC length +to the nearest multiple of 8. +Only the MAC is output. +MACs are only available in cipher block chaining mode or in cipher feedback +mode. +.TP +\-o +Use +.IR N -bit +output feedback mode. +Currently +.I N +must be a multiple of 8 between 8 and 64 inclusive (this does not conform +to the OFB mode specification). +.TP +\-p +Disable the resetting of the parity bit. +This flag forces the parity bit of the key to be used as typed, rather than +making each character be of odd parity. +It is used only if the key is given in ASCII. +.TP +\-v +Set the initialization vector to +.IR vector ; +the vector is interpreted in the same way as the key. +The vector is ignored in electronic codebook mode. +.PP +The key and initialization vector are taken as sequences of ASCII +characters which are then mapped into their bit representations. +If either begins with ``0X'' or ``0x'', +that one is taken as a sequence of hexadecimal digits indicating the +bit pattern; +if either begins with ``0B'' or ``0b'', +that one is taken as a sequence of binary digits indicating the bit pattern. +In either case, +only the leading 64 bits of the key or initialization vector +are used, +and if fewer than 64 bits are provided, enough 0 bits are appended +to pad the key to 64 bits. +.PP +According to the DES standard, the low-order bit of each character in the +key string is deleted. +Since most ASCII representations set the high-order bit to 0, simply +deleting the low-order bit effectively reduces the size of the key space +from 2\u\s-356\s0\d to 2\u\s-348\s0\d keys. +To prevent this, the high-order bit must be a function depending in part +upon the low-order bit; so, the high-order bit is set to whatever value +gives odd parity. +This preserves the key space size. +Note this resetting of the parity bit is +.I not +done if the key is given in binary or hex, and can be disabled for ASCII +keys as well. +.PP +The DES is considered a very strong cryptosystem, and other than table lookup +attacks, key search attacks, and Hellman's time-memory tradeoff (all of which +are very expensive and time-consuming), no cryptanalytic methods for breaking +the DES are known in the open literature. +No doubt the choice of keys and key security are the most vulnerable aspect +of +.IR bdes . +.SH IMPLEMENTATION NOTES +For implementors wishing to write software compatible with this program, +the following notes are provided. +This software is believed to be compatible with the implementation of the +data encryption standard distributed by Sun Microsystems, Inc. +.PP +In the ECB and CBC modes, plaintext is encrypted in units of 64 bits (8 bytes, +also called a block). +To ensure that the plaintext file is encrypted correctly, +.I bdes +will (internally) append from 1 to 8 bytes, the last byte containing an +integer stating how many bytes of that final block are from the plaintext +file, and encrypt the resulting block. +Hence, when decrypting, the last block may contain from 0 to 7 characters +present in the plaintext file, and the last byte tells how many. +Note that if during decryption the last byte of the file does not contain an +integer between 0 and 7, either the file has been corrupted or an incorrect +key has been given. +A similar mechanism is used for the OFB and CFB modes, except that those +simply require the length of the input to be a multiple of the mode size, +and the final byte contains an integer between 0 and one less than the number +of bytes being used as the mode. +(This was another reason that the mode size must be a multiple of 8 for those +modes.) +.PP +Unlike Sun's implementation, unused bytes of that last block are not filled +with random data, but instead contain what was in those byte positions in +the preceding block. +This is quicker and more portable, and does not weaken the encryption +significantly. +.PP +If the key is entered in ASCII, the parity bits of the key characters are set +so that each key character is of odd parity. +Unlike Sun's implementation, it is possible to enter binary or hexadecimal +keys on the command line, and if this is done, the parity bits are +.I not +reset. +This allows testing using arbitrary bit patterns as keys. +.PP +The Sun implementation always uses an initialization vector of 0 +(that is, all zeroes). +By default, +.I bdes +does too, but this may be changed from the command line. +.SH SEE ALSO +crypt(3), getpass(3) +.sp +.IR "Data Encryption Standard" , +Federal Information Processing Standard #46, +National Bureau of Standards, +U.S. Department of Commerce, +Washington DC +(Jan. 1977) +.sp +.IR "DES Modes of Operation" , +Federal Information Processing Standard #81, +National Bureau of Standards, +U.S. Department of Commerce +Washington DC +(Dec. 1980) +.sp +Dorothy Denning, +.IR "Cryptography and Data Security" , +Addison-Wesley Publishing Co., +Reading, MA +\(co1982. +.sp +Matt Bishop, +.IR "Implementation Notes on bdes(1)" , +Technical Report PCS-TR-91-158, +Department of Mathematics and Computer Science, +Dartmouth College, +Hanover, NH 03755 +(Apr. 1991). +.SH DISCLAIMER +.nf +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. +.fi +.SH BUGS +There is a controversy raging over whether the DES will still be secure +in a few years. +The advent of special-purpose hardware could reduce the cost of any of the +methods of attack named above so that they are no longer computationally +infeasible. +.PP +As the key or key schedule is stored in memory, the encryption can be +compromised if memory is readable. +Additionally, programs which display programs' arguments may compromise the +key and initialization vector, if they are specified on the command line. +To avoid this +.I bdes +overwrites its arguments, however, the obvious race cannot currently be +avoided. +.PP +Certain specific keys should be avoided because they introduce potential +weaknesses; these keys, called the +.I weak +and +.I semiweak +keys, are (in hex notation, where p is either 0 or 1, and P is either +e or f): +.sp +.nf +.in +10n +.ta \w'0x0p0p0p0p0p0p0p0p\0\0\0'u+5n +0x0p0p0p0p0p0p0p0p 0x0p1P0p1P0p0P0p0P +0x0pep0pep0pfp0pfp 0x0pfP0pfP0pfP0pfP +0x1P0p1P0p0P0p0P0p 0x1P1P1P1P0P0P0P0P +0x1Pep1Pep0Pfp0Pfp 0x1PfP1PfP0PfP0PfP +0xep0pep0pfp0pfp0p 0xep1Pep1pfp0Pfp0P +0xepepepepepepepep 0xepfPepfPfpfPfpfP +0xfP0pfP0pfP0pfP0p 0xfP1PfP1PfP0PfP0P +0xfPepfPepfPepfPep 0xfPfPfPfPfPfPfPfP +.fi +.in -10n +.sp +This is inherent in the DES algorithm (see Moore and Simmons, +\*(LqCycle structure of the DES with weak and semi-weak keys,\*(Rq +.I "Advances in Cryptology \- Crypto '86 Proceedings" , +Springer-Verlag New York, \(co1987, pp. 9-32.) diff --git a/secure/usr.bin/bdes/bdes.c b/secure/usr.bin/bdes/bdes.c new file mode 100644 index 0000000..257d549 --- /dev/null +++ b/secure/usr.bin/bdes/bdes.c @@ -0,0 +1,1046 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Matt Bishop of Dartmouth College. + * + * The United States Government has rights in this work pursuant + * to contract no. NAG 2-680 between the National Aeronautics and + * Space Administration and Dartmouth College. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char copyright[] = +"@(#) Copyright (c) 1991, 1993\n\ + The Regents of the University of California. All rights reserved.\n"; +#endif /* not lint */ + +#ifndef lint +static char sccsid[] = "@(#)bdes.c 8.1 (Berkeley) 6/6/93"; +#endif /* not lint */ + +/* + * BDES -- DES encryption package for Berkeley Software Distribution 4.4 + * options: + * -a key is in ASCII + * -b use ECB (electronic code book) mode + * -d invert (decrypt) input + * -f b use b-bit CFB (cipher feedback) mode + * -F b use b-bit CFB (cipher feedback) alternative mode + * -k key use key as the cryptographic key + * -m b generate a MAC of length b + * -o b use b-bit OFB (output feedback) mode + * -p don't reset the parity bit + * -v v use v as the initialization vector (ignored for ECB) + * note: the last character of the last block is the integer indicating + * how many characters of that block are to be output + * + * Author: Matt Bishop + * Department of Mathematics and Computer Science + * Dartmouth College + * Hanover, NH 03755 + * Email: Matt.Bishop@dartmouth.edu + * ...!decvax!dartvax!Matt.Bishop + * + * See Technical Report PCS-TR91-158, Department of Mathematics and Computer + * Science, Dartmouth College, for a detailed description of the implemen- + * tation and differences between it and Sun's. The DES is described in + * FIPS PUB 46, and the modes in FIPS PUB 81 (see either the manual page + * or the technical report for a complete reference). + */ + +#include <errno.h> +#include <unistd.h> +#include <stdio.h> +#include <ctype.h> +#include <stdlib.h> +#include <string.h> + +/* + * BSD and System V systems offer special library calls that do + * block moves and fills, so if possible we take advantage of them + */ +#define MEMCPY(dest,src,len) bcopy((src),(dest),(len)) +#define MEMZERO(dest,len) bzero((dest),(len)) + +/* Hide the calls to the primitive encryption routines. */ +#define FASTWAY +#ifdef FASTWAY +#define DES_KEY(buf) \ + if (des_setkey(buf)) \ + err("des_setkey", 0); +#define DES_XFORM(buf) \ + if (des_cipher(buf, buf, 0L, (inverse ? -1 : 1))) \ + err("des_cipher", 0); +#else +#define DES_KEY(buf) { \ + char bits1[64]; /* bits of key */ \ + expand(buf, bits1); \ + if (setkey(bits1)) \ + err("setkey", 0); \ + } +#define DES_XFORM(buf) { \ + char bits1[64]; /* bits of message */ \ + expand(buf, bits1); \ + if (encrypt(bits1, inverse)) \ + err("encrypt", 0); \ + compress(bits1, buf); \ + } +#endif + +/* + * this does an error-checking write + */ +#define READ(buf, n) fread(buf, sizeof(char), n, stdin) +#define WRITE(buf,n) \ + if (fwrite(buf, sizeof(char), n, stdout) != n) \ + err(bn, NULL); + +/* + * some things to make references easier + */ +typedef char Desbuf[8]; +#define CHAR(x,i) (x[i]) +#define UCHAR(x,i) (x[i]) +#define BUFFER(x) (x) +#define UBUFFER(x) (x) + +/* + * global variables and related macros + */ +#define KEY_DEFAULT 0 /* interpret radix of key from key */ +#define KEY_ASCII 1 /* key is in ASCII characters */ +int keybase = KEY_DEFAULT; /* how to interpret the key */ + +enum { /* encrypt, decrypt, authenticate */ + MODE_ENCRYPT, MODE_DECRYPT, MODE_AUTHENTICATE +} mode = MODE_ENCRYPT; +enum { /* ecb, cbc, cfb, cfba, ofb? */ + ALG_ECB, ALG_CBC, ALG_CFB, ALG_OFB, ALG_CFBA +} alg = ALG_CBC; + +Desbuf ivec; /* initialization vector */ +char bits[] = { /* used to extract bits from a char */ + '\200', '\100', '\040', '\020', '\010', '\004', '\002', '\001' +}; +int inverse; /* 0 to encrypt, 1 to decrypt */ +int macbits = -1; /* number of bits in authentication */ +int fbbits = -1; /* number of feedback bits */ +int pflag; /* 1 to preserve parity bits */ + +main(ac, av) + int ac; /* arg count */ + char **av; /* arg vector */ +{ + extern int optind; /* option (argument) number */ + extern char *optarg; /* argument to option if any */ + register int i; /* counter in a for loop */ + register char *p; /* used to obtain the key */ + Desbuf msgbuf; /* I/O buffer */ + int kflag; /* command-line encryptiooon key */ + int argc; /* the real arg count */ + char **argv; /* the real argument vector */ + + /* + * Hide the arguments from ps(1) by making private copies of them + * and clobbering the global (visible to ps(1)) ones. + */ + argc = ac; + ac = 1; + argv = malloc((argc + 1) * sizeof(char *)); + for (i = 0; i < argc; ++i) { + argv[i] = strdup(av[i]); + MEMZERO(av[i], strlen(av[i])); + } + argv[argc] = NULL; + + /* initialize the initialization vctor */ + MEMZERO(ivec, 8); + + /* process the argument list */ + kflag = 0; + while ((i = getopt(argc, argv, "abdF:f:k:m:o:pv:")) != EOF) + switch(i) { + case 'a': /* key is ASCII */ + keybase = KEY_ASCII; + break; + case 'b': /* use ECB mode */ + alg = ALG_ECB; + break; + case 'd': /* decrypt */ + mode = MODE_DECRYPT; + break; + case 'F': /* use alternative CFB mode */ + alg = ALG_CFBA; + if ((fbbits = setbits(optarg, 7)) > 56 || fbbits == 0) + err(-1, "-F: number must be 1-56 inclusive"); + else if (fbbits == -1) + err(-1, "-F: number must be a multiple of 7"); + break; + case 'f': /* use CFB mode */ + alg = ALG_CFB; + if ((fbbits = setbits(optarg, 8)) > 64 || fbbits == 0) + err(-1, "-f: number must be 1-64 inclusive"); + else if (fbbits == -1) + err(-1, "-f: number must be a multiple of 8"); + break; + case 'k': /* encryption key */ + kflag = 1; + cvtkey(BUFFER(msgbuf), optarg); + break; + case 'm': /* number of bits for MACing */ + mode = MODE_AUTHENTICATE; + if ((macbits = setbits(optarg, 1)) > 64) + err(-1, "-m: number must be 0-64 inclusive"); + break; + case 'o': /* use OFB mode */ + alg = ALG_OFB; + if ((fbbits = setbits(optarg, 8)) > 64 || fbbits == 0) + err(-1, "-o: number must be 1-64 inclusive"); + else if (fbbits == -1) + err(-1, "-o: number must be a multiple of 8"); + break; + case 'p': /* preserve parity bits */ + pflag = 1; + break; + case 'v': /* set initialization vector */ + cvtkey(BUFFER(ivec), optarg); + break; + default: /* error */ + usage(); + } + + if (!kflag) { + /* + * if the key's not ASCII, assume it is + */ + keybase = KEY_ASCII; + /* + * get the key + */ + p = getpass("Enter key: "); + /* + * copy it, nul-padded, into the key area + */ + cvtkey(BUFFER(msgbuf), p); + } + + makekey(msgbuf); + inverse = (alg == ALG_CBC || alg == ALG_ECB) && mode == MODE_DECRYPT; + + switch(alg) { + case ALG_CBC: + switch(mode) { + case MODE_AUTHENTICATE: /* authenticate using CBC mode */ + cbcauth(); + break; + case MODE_DECRYPT: /* decrypt using CBC mode */ + cbcdec(); + break; + case MODE_ENCRYPT: /* encrypt using CBC mode */ + cbcenc(); + break; + } + break; + case ALG_CFB: + switch(mode) { + case MODE_AUTHENTICATE: /* authenticate using CFB mode */ + cfbauth(); + break; + case MODE_DECRYPT: /* decrypt using CFB mode */ + cfbdec(); + break; + case MODE_ENCRYPT: /* encrypt using CFB mode */ + cfbenc(); + break; + } + break; + case ALG_CFBA: + switch(mode) { + case MODE_AUTHENTICATE: /* authenticate using CFBA mode */ + err(-1, "can't authenticate with CFBA mode"); + break; + case MODE_DECRYPT: /* decrypt using CFBA mode */ + cfbadec(); + break; + case MODE_ENCRYPT: /* encrypt using CFBA mode */ + cfbaenc(); + break; + } + break; + case ALG_ECB: + switch(mode) { + case MODE_AUTHENTICATE: /* authenticate using ECB mode */ + err(-1, "can't authenticate with ECB mode"); + break; + case MODE_DECRYPT: /* decrypt using ECB mode */ + ecbdec(); + break; + case MODE_ENCRYPT: /* encrypt using ECB mode */ + ecbenc(); + break; + } + break; + case ALG_OFB: + switch(mode) { + case MODE_AUTHENTICATE: /* authenticate using OFB mode */ + err(-1, "can't authenticate with OFB mode"); + break; + case MODE_DECRYPT: /* decrypt using OFB mode */ + ofbdec(); + break; + case MODE_ENCRYPT: /* encrypt using OFB mode */ + ofbenc(); + break; + } + break; + } + exit(0); +} + +/* + * print a warning message and, possibly, terminate + */ +err(n, s) + int n; /* offending block number */ + char *s; /* the message */ +{ + if (n > 0) + (void)fprintf(stderr, "bdes (block %d): ", n); + else + (void)fprintf(stderr, "bdes: "); + (void)fprintf(stderr, "%s\n", s ? s : strerror(errno)); + exit(1); +} + +/* + * map a hex character to an integer + */ +tobinhex(c, radix) + char c; /* char to be converted */ + int radix; /* base (2 to 16) */ +{ + switch(c) { + case '0': return(0x0); + case '1': return(0x1); + case '2': return(radix > 2 ? 0x2 : -1); + case '3': return(radix > 3 ? 0x3 : -1); + case '4': return(radix > 4 ? 0x4 : -1); + case '5': return(radix > 5 ? 0x5 : -1); + case '6': return(radix > 6 ? 0x6 : -1); + case '7': return(radix > 7 ? 0x7 : -1); + case '8': return(radix > 8 ? 0x8 : -1); + case '9': return(radix > 9 ? 0x9 : -1); + case 'A': case 'a': return(radix > 10 ? 0xa : -1); + case 'B': case 'b': return(radix > 11 ? 0xb : -1); + case 'C': case 'c': return(radix > 12 ? 0xc : -1); + case 'D': case 'd': return(radix > 13 ? 0xd : -1); + case 'E': case 'e': return(radix > 14 ? 0xe : -1); + case 'F': case 'f': return(radix > 15 ? 0xf : -1); + } + /* + * invalid character + */ + return(-1); +} + +/* + * convert the key to a bit pattern + */ +cvtkey(obuf, ibuf) + char *obuf; /* bit pattern */ + char *ibuf; /* the key itself */ +{ + register int i, j; /* counter in a for loop */ + int nbuf[64]; /* used for hex/key translation */ + + /* + * just switch on the key base + */ + switch(keybase) { + case KEY_ASCII: /* ascii to integer */ + (void)strncpy(obuf, ibuf, 8); + return; + case KEY_DEFAULT: /* tell from context */ + /* + * leading '0x' or '0X' == hex key + */ + if (ibuf[0] == '0' && (ibuf[1] == 'x' || ibuf[1] == 'X')) { + ibuf = &ibuf[2]; + /* + * now translate it, bombing on any illegal hex digit + */ + for (i = 0; ibuf[i] && i < 16; i++) + if ((nbuf[i] = tobinhex(ibuf[i], 16)) == -1) + err(-1, "bad hex digit in key"); + while (i < 16) + nbuf[i++] = 0; + for (i = 0; i < 8; i++) + obuf[i] = + ((nbuf[2*i]&0xf)<<4) | (nbuf[2*i+1]&0xf); + /* preserve parity bits */ + pflag = 1; + return; + } + /* + * leading '0b' or '0B' == binary key + */ + if (ibuf[0] == '0' && (ibuf[1] == 'b' || ibuf[1] == 'B')) { + ibuf = &ibuf[2]; + /* + * now translate it, bombing on any illegal binary digit + */ + for (i = 0; ibuf[i] && i < 16; i++) + if ((nbuf[i] = tobinhex(ibuf[i], 2)) == -1) + err(-1, "bad binary digit in key"); + while (i < 64) + nbuf[i++] = 0; + for (i = 0; i < 8; i++) + for (j = 0; j < 8; j++) + obuf[i] = (obuf[i]<<1)|nbuf[8*i+j]; + /* preserve parity bits */ + pflag = 1; + return; + } + /* + * no special leader -- ASCII + */ + (void)strncpy(obuf, ibuf, 8); + } +} + +/* + * convert an ASCII string into a decimal number: + * 1. must be between 0 and 64 inclusive + * 2. must be a valid decimal number + * 3. must be a multiple of mult + */ +setbits(s, mult) + char *s; /* the ASCII string */ + int mult; /* what it must be a multiple of */ +{ + register char *p; /* pointer in a for loop */ + register int n = 0; /* the integer collected */ + + /* + * skip white space + */ + while (isspace(*s)) + s++; + /* + * get the integer + */ + for (p = s; *p; p++) { + if (isdigit(*p)) + n = n * 10 + *p - '0'; + else { + err(-1, "bad decimal digit in MAC length"); + } + } + /* + * be sure it's a multiple of mult + */ + return((n % mult != 0) ? -1 : n); +} + +/***************** + * DES FUNCTIONS * + *****************/ +/* + * This sets the DES key and (if you're using the deszip version) + * the direction of the transformation. This uses the Sun + * to map the 64-bit key onto the 56 bits that the key schedule + * generation routines use: the old way, which just uses the user- + * supplied 64 bits as is, and the new way, which resets the parity + * bit to be the same as the low-order bit in each character. The + * new way generates a greater variety of key schedules, since many + * systems set the parity (high) bit of each character to 0, and the + * DES ignores the low order bit of each character. + */ +makekey(buf) + Desbuf buf; /* key block */ +{ + register int i, j; /* counter in a for loop */ + register int par; /* parity counter */ + + /* + * if the parity is not preserved, flip it + */ + if (!pflag) { + for (i = 0; i < 8; i++) { + par = 0; + for (j = 1; j < 8; j++) + if ((bits[j]&UCHAR(buf, i)) != 0) + par++; + if ((par&01) == 01) + UCHAR(buf, i) = UCHAR(buf, i)&0177; + else + UCHAR(buf, i) = (UCHAR(buf, i)&0177)|0200; + } + } + + DES_KEY(UBUFFER(buf)); +} + +/* + * This encrypts using the Electronic Code Book mode of DES + */ +ecbenc() +{ + register int n; /* number of bytes actually read */ + register int bn; /* block number */ + Desbuf msgbuf; /* I/O buffer */ + + for (bn = 0; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) { + /* + * do the transformation + */ + DES_XFORM(UBUFFER(msgbuf)); + WRITE(BUFFER(msgbuf), 8); + } + /* + * at EOF or last block -- in either ase, the last byte contains + * the character representation of the number of bytes in it + */ + bn++; + MEMZERO(&CHAR(msgbuf, n), 8 - n); + CHAR(msgbuf, 7) = n; + DES_XFORM(UBUFFER(msgbuf)); + WRITE(BUFFER(msgbuf), 8); + +} + +/* + * This decrypts using the Electronic Code Book mode of DES + */ +ecbdec() +{ + register int n; /* number of bytes actually read */ + register int c; /* used to test for EOF */ + register int bn; /* block number */ + Desbuf msgbuf; /* I/O buffer */ + + for (bn = 1; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) { + /* + * do the transformation + */ + DES_XFORM(UBUFFER(msgbuf)); + /* + * if the last one, handle it specially + */ + if ((c = getchar()) == EOF) { + n = CHAR(msgbuf, 7); + if (n < 0 || n > 7) + err(bn, "decryption failed (block corrupted)"); + } + else + (void)ungetc(c, stdin); + WRITE(BUFFER(msgbuf), n); + } + if (n > 0) + err(bn, "decryption failed (incomplete block)"); +} + +/* + * This encrypts using the Cipher Block Chaining mode of DES + */ +cbcenc() +{ + register int n; /* number of bytes actually read */ + register int bn; /* block number */ + Desbuf msgbuf; /* I/O buffer */ + + /* + * do the transformation + */ + for (bn = 1; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) { + for (n = 0; n < 8; n++) + CHAR(msgbuf, n) ^= CHAR(ivec, n); + DES_XFORM(UBUFFER(msgbuf)); + MEMCPY(BUFFER(ivec), BUFFER(msgbuf), 8); + WRITE(BUFFER(msgbuf), 8); + } + /* + * at EOF or last block -- in either case, the last byte contains + * the character representation of the number of bytes in it + */ + bn++; + MEMZERO(&CHAR(msgbuf, n), 8 - n); + CHAR(msgbuf, 7) = n; + for (n = 0; n < 8; n++) + CHAR(msgbuf, n) ^= CHAR(ivec, n); + DES_XFORM(UBUFFER(msgbuf)); + WRITE(BUFFER(msgbuf), 8); + +} + +/* + * This decrypts using the Cipher Block Chaining mode of DES + */ +cbcdec() +{ + register int n; /* number of bytes actually read */ + Desbuf msgbuf; /* I/O buffer */ + Desbuf ibuf; /* temp buffer for initialization vector */ + register int c; /* used to test for EOF */ + register int bn; /* block number */ + + for (bn = 0; (n = READ(BUFFER(msgbuf), 8)) == 8; bn++) { + /* + * do the transformation + */ + MEMCPY(BUFFER(ibuf), BUFFER(msgbuf), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (c = 0; c < 8; c++) + UCHAR(msgbuf, c) ^= UCHAR(ivec, c); + MEMCPY(BUFFER(ivec), BUFFER(ibuf), 8); + /* + * if the last one, handle it specially + */ + if ((c = getchar()) == EOF) { + n = CHAR(msgbuf, 7); + if (n < 0 || n > 7) + err(bn, "decryption failed (block corrupted)"); + } + else + (void)ungetc(c, stdin); + WRITE(BUFFER(msgbuf), n); + } + if (n > 0) + err(bn, "decryption failed (incomplete block)"); +} + +/* + * This authenticates using the Cipher Block Chaining mode of DES + */ +cbcauth() +{ + register int n, j; /* number of bytes actually read */ + Desbuf msgbuf; /* I/O buffer */ + Desbuf encbuf; /* encryption buffer */ + + /* + * do the transformation + * note we DISCARD the encrypted block; + * we only care about the last one + */ + while ((n = READ(BUFFER(msgbuf), 8)) == 8) { + for (n = 0; n < 8; n++) + CHAR(encbuf, n) = CHAR(msgbuf, n) ^ CHAR(ivec, n); + DES_XFORM(UBUFFER(encbuf)); + MEMCPY(BUFFER(ivec), BUFFER(encbuf), 8); + } + /* + * now compute the last one, right padding with '\0' if need be + */ + if (n > 0) { + MEMZERO(&CHAR(msgbuf, n), 8 - n); + for (n = 0; n < 8; n++) + CHAR(encbuf, n) = CHAR(msgbuf, n) ^ CHAR(ivec, n); + DES_XFORM(UBUFFER(encbuf)); + } + /* + * drop the bits + * we write chars until fewer than 7 bits, + * and then pad the last one with 0 bits + */ + for (n = 0; macbits > 7; n++, macbits -= 8) + (void)putchar(CHAR(encbuf, n)); + if (macbits > 0) { + CHAR(msgbuf, 0) = 0x00; + for (j = 0; j < macbits; j++) + CHAR(msgbuf, 0) |= (CHAR(encbuf, n)&bits[j]); + (void)putchar(CHAR(msgbuf, 0)); + } +} + +/* + * This encrypts using the Cipher FeedBack mode of DES + */ +cfbenc() +{ + register int n; /* number of bytes actually read */ + register int nbytes; /* number of bytes to read */ + register int bn; /* block number */ + char ibuf[8]; /* input buffer */ + Desbuf msgbuf; /* encryption buffer */ + + /* + * do things in bytes, not bits + */ + nbytes = fbbits / 8; + /* + * do the transformation + */ + for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) { + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (n = 0; n < 8 - nbytes; n++) + UCHAR(ivec, n) = UCHAR(ivec, n+nbytes); + for (n = 0; n < nbytes; n++) + UCHAR(ivec, 8-nbytes+n) = ibuf[n] ^ UCHAR(msgbuf, n); + WRITE(&CHAR(ivec, 8-nbytes), nbytes); + } + /* + * at EOF or last block -- in either case, the last byte contains + * the character representation of the number of bytes in it + */ + bn++; + MEMZERO(&ibuf[n], nbytes - n); + ibuf[nbytes - 1] = n; + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (n = 0; n < nbytes; n++) + ibuf[n] ^= UCHAR(msgbuf, n); + WRITE(ibuf, nbytes); +} + +/* + * This decrypts using the Cipher Block Chaining mode of DES + */ +cfbdec() +{ + register int n; /* number of bytes actually read */ + register int c; /* used to test for EOF */ + register int nbytes; /* number of bytes to read */ + register int bn; /* block number */ + char ibuf[8]; /* input buffer */ + char obuf[8]; /* output buffer */ + Desbuf msgbuf; /* encryption buffer */ + + /* + * do things in bytes, not bits + */ + nbytes = fbbits / 8; + /* + * do the transformation + */ + for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) { + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (c = 0; c < 8 - nbytes; c++) + CHAR(ivec, c) = CHAR(ivec, c+nbytes); + for (c = 0; c < nbytes; c++) { + CHAR(ivec, 8-nbytes+c) = ibuf[c]; + obuf[c] = ibuf[c] ^ UCHAR(msgbuf, c); + } + /* + * if the last one, handle it specially + */ + if ((c = getchar()) == EOF) { + n = obuf[nbytes-1]; + if (n < 0 || n > nbytes-1) + err(bn, "decryption failed (block corrupted)"); + } + else + (void)ungetc(c, stdin); + WRITE(obuf, n); + } + if (n > 0) + err(bn, "decryption failed (incomplete block)"); +} + +/* + * This encrypts using the alternative Cipher FeedBack mode of DES + */ +cfbaenc() +{ + register int n; /* number of bytes actually read */ + register int nbytes; /* number of bytes to read */ + register int bn; /* block number */ + char ibuf[8]; /* input buffer */ + char obuf[8]; /* output buffer */ + Desbuf msgbuf; /* encryption buffer */ + + /* + * do things in bytes, not bits + */ + nbytes = fbbits / 7; + /* + * do the transformation + */ + for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) { + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (n = 0; n < 8 - nbytes; n++) + UCHAR(ivec, n) = UCHAR(ivec, n+nbytes); + for (n = 0; n < nbytes; n++) + UCHAR(ivec, 8-nbytes+n) = (ibuf[n] ^ UCHAR(msgbuf, n)) + |0200; + for (n = 0; n < nbytes; n++) + obuf[n] = CHAR(ivec, 8-nbytes+n)&0177; + WRITE(obuf, nbytes); + } + /* + * at EOF or last block -- in either case, the last byte contains + * the character representation of the number of bytes in it + */ + bn++; + MEMZERO(&ibuf[n], nbytes - n); + ibuf[nbytes - 1] = ('0' + n)|0200; + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (n = 0; n < nbytes; n++) + ibuf[n] ^= UCHAR(msgbuf, n); + WRITE(ibuf, nbytes); +} + +/* + * This decrypts using the alternative Cipher Block Chaining mode of DES + */ +cfbadec() +{ + register int n; /* number of bytes actually read */ + register int c; /* used to test for EOF */ + register int nbytes; /* number of bytes to read */ + register int bn; /* block number */ + char ibuf[8]; /* input buffer */ + char obuf[8]; /* output buffer */ + Desbuf msgbuf; /* encryption buffer */ + + /* + * do things in bytes, not bits + */ + nbytes = fbbits / 7; + /* + * do the transformation + */ + for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) { + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (c = 0; c < 8 - nbytes; c++) + CHAR(ivec, c) = CHAR(ivec, c+nbytes); + for (c = 0; c < nbytes; c++) { + CHAR(ivec, 8-nbytes+c) = ibuf[c]|0200; + obuf[c] = (ibuf[c] ^ UCHAR(msgbuf, c))&0177; + } + /* + * if the last one, handle it specially + */ + if ((c = getchar()) == EOF) { + if ((n = (obuf[nbytes-1] - '0')) < 0 + || n > nbytes-1) + err(bn, "decryption failed (block corrupted)"); + } + else + (void)ungetc(c, stdin); + WRITE(obuf, n); + } + if (n > 0) + err(bn, "decryption failed (incomplete block)"); +} + + +/* + * This encrypts using the Output FeedBack mode of DES + */ +ofbenc() +{ + register int n; /* number of bytes actually read */ + register int c; /* used to test for EOF */ + register int nbytes; /* number of bytes to read */ + register int bn; /* block number */ + char ibuf[8]; /* input buffer */ + char obuf[8]; /* output buffer */ + Desbuf msgbuf; /* encryption buffer */ + + /* + * do things in bytes, not bits + */ + nbytes = fbbits / 8; + /* + * do the transformation + */ + for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) { + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (n = 0; n < 8 - nbytes; n++) + UCHAR(ivec, n) = UCHAR(ivec, n+nbytes); + for (n = 0; n < nbytes; n++) { + UCHAR(ivec, 8-nbytes+n) = UCHAR(msgbuf, n); + obuf[n] = ibuf[n] ^ UCHAR(msgbuf, n); + } + WRITE(obuf, nbytes); + } + /* + * at EOF or last block -- in either case, the last byte contains + * the character representation of the number of bytes in it + */ + bn++; + MEMZERO(&ibuf[n], nbytes - n); + ibuf[nbytes - 1] = n; + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (c = 0; c < nbytes; c++) + ibuf[c] ^= UCHAR(msgbuf, c); + WRITE(ibuf, nbytes); +} + +/* + * This decrypts using the Output Block Chaining mode of DES + */ +ofbdec() +{ + register int n; /* number of bytes actually read */ + register int c; /* used to test for EOF */ + register int nbytes; /* number of bytes to read */ + register int bn; /* block number */ + char ibuf[8]; /* input buffer */ + char obuf[8]; /* output buffer */ + Desbuf msgbuf; /* encryption buffer */ + + /* + * do things in bytes, not bits + */ + nbytes = fbbits / 8; + /* + * do the transformation + */ + for (bn = 1; (n = READ(ibuf, nbytes)) == nbytes; bn++) { + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (c = 0; c < 8 - nbytes; c++) + CHAR(ivec, c) = CHAR(ivec, c+nbytes); + for (c = 0; c < nbytes; c++) { + CHAR(ivec, 8-nbytes+c) = UCHAR(msgbuf, c); + obuf[c] = ibuf[c] ^ UCHAR(msgbuf, c); + } + /* + * if the last one, handle it specially + */ + if ((c = getchar()) == EOF) { + n = obuf[nbytes-1]; + if (n < 0 || n > nbytes-1) + err(bn, "decryption failed (block corrupted)"); + } + else + (void)ungetc(c, stdin); + /* + * dump it + */ + WRITE(obuf, n); + } + if (n > 0) + err(bn, "decryption failed (incomplete block)"); +} + +/* + * This authenticates using the Cipher FeedBack mode of DES + */ +cfbauth() +{ + register int n, j; /* number of bytes actually read */ + register int nbytes; /* number of bytes to read */ + char ibuf[8]; /* input buffer */ + Desbuf msgbuf; /* encryption buffer */ + + /* + * do things in bytes, not bits + */ + nbytes = fbbits / 8; + /* + * do the transformation + */ + while ((n = READ(ibuf, nbytes)) == nbytes) { + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (n = 0; n < 8 - nbytes; n++) + UCHAR(ivec, n) = UCHAR(ivec, n+nbytes); + for (n = 0; n < nbytes; n++) + UCHAR(ivec, 8-nbytes+n) = ibuf[n] ^ UCHAR(msgbuf, n); + } + /* + * at EOF or last block -- in either case, the last byte contains + * the character representation of the number of bytes in it + */ + MEMZERO(&ibuf[n], nbytes - n); + ibuf[nbytes - 1] = '0' + n; + MEMCPY(BUFFER(msgbuf), BUFFER(ivec), 8); + DES_XFORM(UBUFFER(msgbuf)); + for (n = 0; n < nbytes; n++) + ibuf[n] ^= UCHAR(msgbuf, n); + /* + * drop the bits + * we write chars until fewer than 7 bits, + * and then pad the last one with 0 bits + */ + for (n = 0; macbits > 7; n++, macbits -= 8) + (void)putchar(CHAR(msgbuf, n)); + if (macbits > 0) { + CHAR(msgbuf, 0) = 0x00; + for (j = 0; j < macbits; j++) + CHAR(msgbuf, 0) |= (CHAR(msgbuf, n)&bits[j]); + (void)putchar(CHAR(msgbuf, 0)); + } +} + +#ifndef FASTWAY +/* + * change from 8 bits/Uchar to 1 bit/Uchar + */ +expand(from, to) + Desbuf from; /* 8bit/unsigned char string */ + char *to; /* 1bit/char string */ +{ + register int i, j; /* counters in for loop */ + + for (i = 0; i < 8; i++) + for (j = 0; j < 8; j++) + *to++ = (CHAR(from, i)>>(7-j))&01; +} + +/* + * change from 1 bit/char to 8 bits/Uchar + */ +compress(from, to) + char *from; /* 1bit/char string */ + Desbuf to; /* 8bit/unsigned char string */ +{ + register int i, j; /* counters in for loop */ + + for (i = 0; i < 8; i++) { + CHAR(to, i) = 0; + for (j = 0; j < 8; j++) + CHAR(to, i) = ((*from++)<<(7-j))|CHAR(to, i); + } +} +#endif + +/* + * message about usage + */ +usage() +{ + (void)fprintf(stderr, "%s\n", +"usage: bdes [-abdp] [-F bit] [-f bit] [-k key] [-m bit] [-o bit] [-v vector]"); + exit(1); +} diff --git a/secure/usr.bin/bdes/bdes.ps b/secure/usr.bin/bdes/bdes.ps new file mode 100644 index 0000000..471c267 --- /dev/null +++ b/secure/usr.bin/bdes/bdes.ps @@ -0,0 +1,2945 @@ +%! +%%BoundingBox: (atend) +%%Pages: (atend) +%%DocumentFonts: (atend) +%%EndComments +% +% FrameMaker PostScript Prolog 2.0, for use with FrameMaker 2.0 +% Copyright (c) 1986,87,89 by Frame Technology, Inc. All rights reserved. +% +% Known Problems: +% Due to bugs in Transcript, the 'PS-Adobe-' is omitted from line 1 +/FMversion (2.0) def +% Set up Color vs. Black-and-White + /FMPrintInColor systemdict /colorimage known def +% Uncomment this line to force b&w on color printer +% /FMPrintInColor false def +/FrameDict 190 dict def +systemdict /errordict known not {/errordict 10 dict def + errordict /rangecheck {stop} put} if +% The readline in 23.0 doesn't recognize cr's as nl's on AppleTalk +FrameDict /tmprangecheck errordict /rangecheck get put +errordict /rangecheck {FrameDict /bug true put} put +FrameDict /bug false put +mark +% Some PS machines read past the CR, so keep the following 3 lines together! +currentfile 5 string readline +00 +0000000000 +cleartomark +errordict /rangecheck FrameDict /tmprangecheck get put +FrameDict /bug get { + /readline { + /gstring exch def + /gfile exch def + /gindex 0 def + { + gfile read pop + dup 10 eq {exit} if + dup 13 eq {exit} if + gstring exch gindex exch put + /gindex gindex 1 add def + } loop + pop + gstring 0 gindex getinterval true + } def + } if +/FMVERSION { + FMversion ne { + /Times-Roman findfont 18 scalefont setfont + 100 100 moveto + (FrameMaker version does not match postscript_prolog!) + dup = + show showpage + } if + } def +/FMLOCAL { + FrameDict begin + 0 def + end + } def + /gstring FMLOCAL + /gfile FMLOCAL + /gindex FMLOCAL + /orgxfer FMLOCAL + /orgproc FMLOCAL + /organgle FMLOCAL + /orgfreq FMLOCAL + /yscale FMLOCAL + /xscale FMLOCAL + /manualfeed FMLOCAL + /paperheight FMLOCAL + /paperwidth FMLOCAL +/FMDOCUMENT { + array /FMfonts exch def + /#copies exch def + FrameDict begin + 0 ne dup {setmanualfeed} if + /manualfeed exch def + /paperheight exch def + /paperwidth exch def + setpapername + manualfeed {true} {papersize} ifelse + {manualpapersize} {false} ifelse + {desperatepapersize} if + /yscale exch def + /xscale exch def + currenttransfer cvlit /orgxfer exch def + currentscreen cvlit /orgproc exch def + /organgle exch def /orgfreq exch def + end + } def + /pagesave FMLOCAL + /orgmatrix FMLOCAL + /landscape FMLOCAL +/FMBEGINPAGE { + FrameDict begin + /pagesave save def + 3.86 setmiterlimit + /landscape exch 0 ne def + landscape { + 90 rotate 0 exch neg translate pop + } + {pop pop} + ifelse + xscale yscale scale + /orgmatrix matrix def + gsave + } def +/FMENDPAGE { + grestore + pagesave restore + end + showpage + } def +/FMDEFINEFONT { + FrameDict begin + findfont + ReEncode + 2 index exch + definefont exch + scalefont + FMfonts 3 1 roll + put + end + } bind def +/FMNORMALIZEGRAPHICS { + newpath + 0.0 0.0 moveto + 1 setlinewidth + 0 setlinecap + 0 0 0 sethsbcolor + 0 setgray + } bind def + /fx FMLOCAL + /fy FMLOCAL + /fh FMLOCAL + /fw FMLOCAL + /llx FMLOCAL + /lly FMLOCAL + /urx FMLOCAL + /ury FMLOCAL +/FMBEGINEPSF { + end + /FMEPSF save def + /showpage {} def + FMNORMALIZEGRAPHICS + [/fy /fx /fh /fw /ury /urx /lly /llx] {exch def} forall + fx fy translate + rotate + fw urx llx sub div fh ury lly sub div scale + llx neg lly neg translate + } bind def +/FMENDEPSF { + FMEPSF restore + FrameDict begin + } bind def +FrameDict begin +/setmanualfeed { +%%BeginFeature *ManualFeed True + statusdict /manualfeed true put +%%EndFeature + } def +/max {2 copy lt {exch} if pop} bind def +/min {2 copy gt {exch} if pop} bind def +/inch {72 mul} def +/pagedimen { + paperheight sub abs 16 lt exch + paperwidth sub abs 16 lt and + {/papername exch def} {pop} ifelse + } def + /papersizedict FMLOCAL +/setpapername { + /papersizedict 14 dict def + papersizedict begin + /papername /unknown def + /Letter 8.5 inch 11.0 inch pagedimen + /LetterSmall 7.68 inch 10.16 inch pagedimen + /Tabloid 11.0 inch 17.0 inch pagedimen + /Ledger 17.0 inch 11.0 inch pagedimen + /Legal 8.5 inch 14.0 inch pagedimen + /Statement 5.5 inch 8.5 inch pagedimen + /Executive 7.5 inch 10.0 inch pagedimen + /A3 11.69 inch 16.5 inch pagedimen + /A4 8.26 inch 11.69 inch pagedimen + /A4Small 7.47 inch 10.85 inch pagedimen + /B4 10.125 inch 14.33 inch pagedimen + /B5 7.16 inch 10.125 inch pagedimen + end + } def +/papersize { + papersizedict begin + /Letter {lettertray} def + /LetterSmall {lettertray lettersmall} def + /Tabloid {11x17tray} def + /Ledger {ledgertray} def + /Legal {legaltray} def + /Statement {statementtray} def + /Executive {executivetray} def + /A3 {a3tray} def + /A4 {a4tray} def + /A4Small {a4tray a4small} def + /B4 {b4tray} def + /B5 {b5tray} def + /unknown {unknown} def + papersizedict dup papername known {papername} {/unknown} ifelse get + end + /FMdicttop countdictstack 1 add def + statusdict begin stopped end + countdictstack -1 FMdicttop {pop end} for + } def +/manualpapersize { + papersizedict begin + /Letter {letter} def + /LetterSmall {lettersmall} def + /Tabloid {11x17} def + /Ledger {ledger} def + /Legal {legal} def + /Statement {statement} def + /Executive {executive} def + /A3 {a3} def + /A4 {a4} def + /A4Small {a4small} def + /B4 {b4} def + /B5 {b5} def + /unknown {unknown} def + papersizedict dup papername known {papername} {/unknown} ifelse get + end + stopped + } def +/desperatepapersize { + statusdict /setpageparams known + { + paperwidth paperheight 0 1 + statusdict begin + {setpageparams} stopped pop + end + } if + } def +/savematrix { + orgmatrix currentmatrix pop + } bind def +/restorematrix { + orgmatrix setmatrix + } bind def +/dmatrix matrix def +/dpi 72 0 dmatrix defaultmatrix dtransform + dup mul exch dup mul add sqrt def +/freq dpi 18.75 div 8 div round dup 0 eq {pop 1} if 8 mul dpi exch div def +/sangle 1 0 dmatrix defaultmatrix dtransform exch atan def +/DiacriticEncoding [ +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl +/numbersign /dollar /percent /ampersand /quotesingle /parenleft +/parenright /asterisk /plus /comma /hyphen /period /slash /zero /one +/two /three /four /five /six /seven /eight /nine /colon /semicolon +/less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K +/L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash +/bracketright /asciicircum /underscore /grave /a /b /c /d /e /f /g /h +/i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar +/braceright /asciitilde /.notdef /Adieresis /Aring /Ccedilla /Eacute +/Ntilde /Odieresis /Udieresis /aacute /agrave /acircumflex /adieresis +/atilde /aring /ccedilla /eacute /egrave /ecircumflex /edieresis +/iacute /igrave /icircumflex /idieresis /ntilde /oacute /ograve +/ocircumflex /odieresis /otilde /uacute /ugrave /ucircumflex +/udieresis /dagger /.notdef /cent /sterling /section /bullet +/paragraph /germandbls /registered /copyright /trademark /acute +/dieresis /.notdef /AE /Oslash /.notdef /.notdef /.notdef /.notdef +/yen /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/ordfeminine /ordmasculine /.notdef /ae /oslash /questiondown +/exclamdown /logicalnot /.notdef /florin /.notdef /.notdef +/guillemotleft /guillemotright /ellipsis /.notdef /Agrave /Atilde +/Otilde /OE /oe /endash /emdash /quotedblleft /quotedblright +/quoteleft /quoteright /.notdef /.notdef /ydieresis /Ydieresis +/fraction /currency /guilsinglleft /guilsinglright /fi /fl /daggerdbl +/periodcentered /quotesinglbase /quotedblbase /perthousand +/Acircumflex /Ecircumflex /Aacute /Edieresis /Egrave /Iacute +/Icircumflex /Idieresis /Igrave /Oacute /Ocircumflex /.notdef /Ograve +/Uacute /Ucircumflex /Ugrave /dotlessi /circumflex /tilde /macron +/breve /dotaccent /ring /cedilla /hungarumlaut /ogonek /caron +] def +/ReEncode { + dup + length + dict begin + { + 1 index /FID ne + {def} + {pop pop} ifelse + } forall + Encoding StandardEncoding eq + { + /Encoding DiacriticEncoding def + }if + currentdict + end + } bind def +/graymode true def + /bwidth FMLOCAL + /bpside FMLOCAL + /bstring FMLOCAL + /onbits FMLOCAL + /offbits FMLOCAL + /xindex FMLOCAL + /yindex FMLOCAL + /x FMLOCAL + /y FMLOCAL +/setpattern { + /bwidth exch def + /bpside exch def + /bstring exch def + /onbits 0 def /offbits 0 def + freq sangle landscape {90 add} if + {/y exch def + /x exch def + /xindex x 1 add 2 div bpside mul cvi def + /yindex y 1 add 2 div bpside mul cvi def + bstring yindex bwidth mul xindex 8 idiv add get + 1 7 xindex 8 mod sub bitshift and 0 ne + {/onbits onbits 1 add def 1} + {/offbits offbits 1 add def 0} + ifelse + } + setscreen + {} settransfer + offbits offbits onbits add div FMsetgray + /graymode false def + } bind def +/grayness { + FMsetgray + graymode not { + /graymode true def + orgxfer cvx settransfer + orgfreq organgle orgproc cvx setscreen + } if + } bind def + /HUE FMLOCAL + /SAT FMLOCAL + /BRIGHT FMLOCAL + /Colors FMLOCAL +FMPrintInColor + + { + /HUE 0 def + /SAT 0 def + /BRIGHT 0 def + % array of arrays Hue and Sat values for the separations [HUE BRIGHT] + /Colors + [[0 0 ] % black + [0 0 ] % white + [0.00 1.0] % red + [0.37 1.0] % green + [0.60 1.0] % blue + [0.50 1.0] % cyan + [0.83 1.0] % magenta + [0.16 1.0] % comment / yellow + ] def + + /BEGINBITMAPCOLOR { + BITMAPCOLOR} def + /BEGINBITMAPCOLORc { + BITMAPCOLORc} def + /K { + Colors exch get dup + 0 get /HUE exch store + 1 get /BRIGHT exch store + HUE 0 eq BRIGHT 0 eq and + {1.0 SAT sub setgray} + {HUE SAT BRIGHT sethsbcolor} + ifelse + } def + /FMsetgray { + /SAT exch 1.0 exch sub store + HUE 0 eq BRIGHT 0 eq and + {1.0 SAT sub setgray} + {HUE SAT BRIGHT sethsbcolor} + ifelse + } bind def + } + + { + /BEGINBITMAPCOLOR { + BITMAPGRAY} def + /BEGINBITMAPCOLORc { + BITMAPGRAYc} def + /FMsetgray {setgray} bind def + /K { + pop + } def + } +ifelse +/normalize { + transform round exch round exch itransform + } bind def +/dnormalize { + dtransform round exch round exch idtransform + } bind def +/lnormalize { + 0 dtransform exch cvi 2 idiv 2 mul 1 add exch idtransform pop + } bind def +/H { + lnormalize setlinewidth + } bind def +/Z { + setlinecap + } bind def +/X { + fillprocs exch get exec + } bind def +/V { + gsave eofill grestore + } bind def +/N { + stroke + } bind def +/M {newpath moveto} bind def +/E {lineto} bind def +/D {curveto} bind def +/O {closepath} bind def + /n FMLOCAL +/L { + /n exch def + newpath + normalize + moveto + 2 1 n {pop normalize lineto} for + } bind def +/Y { + L + closepath + } bind def + /x1 FMLOCAL + /x2 FMLOCAL + /y1 FMLOCAL + /y2 FMLOCAL + /rad FMLOCAL +/R { + /y2 exch def + /x2 exch def + /y1 exch def + /x1 exch def + x1 y1 + x2 y1 + x2 y2 + x1 y2 + 4 Y + } bind def +/RR { + /rad exch def + normalize + /y2 exch def + /x2 exch def + normalize + /y1 exch def + /x1 exch def + newpath + x1 y1 rad add moveto + x1 y2 x2 y2 rad arcto + x2 y2 x2 y1 rad arcto + x2 y1 x1 y1 rad arcto + x1 y1 x1 y2 rad arcto + closepath + 16 {pop} repeat + } bind def +/C { + grestore + gsave + R + clip + } bind def +/U { + grestore + gsave + } bind def +/F { + FMfonts exch get + setfont + } bind def +/T { + moveto show + } bind def +/RF { + rotate + 0 ne {-1 1 scale} if + } bind def +/TF { + gsave + moveto + RF + show + grestore + } bind def +/P { + moveto + 0 32 3 2 roll widthshow + } bind def +/PF { + gsave + moveto + RF + 0 32 3 2 roll widthshow + grestore + } bind def +/S { + moveto + 0 exch ashow + } bind def +/SF { + gsave + moveto + RF + 0 exch ashow + grestore + } bind def +/B { + moveto + 0 32 4 2 roll 0 exch awidthshow + } bind def +/BF { + gsave + moveto + RF + 0 32 4 2 roll 0 exch awidthshow + grestore + } bind def + /x FMLOCAL + /y FMLOCAL + /dx FMLOCAL + /dy FMLOCAL + /dl FMLOCAL + /t FMLOCAL + /t2 FMLOCAL + /Cos FMLOCAL + /Sin FMLOCAL + /r FMLOCAL +/W { + dnormalize + /dy exch def + /dx exch def + normalize + /y exch def + /x exch def + /dl dx dx mul dy dy mul add sqrt def + dl 0.0 gt { + /t currentlinewidth def + savematrix + /Cos dx dl div def + /Sin dy dl div def + /r [Cos Sin Sin neg Cos 0.0 0.0] def + /t2 t 2.5 mul 3.5 max def + newpath + x y translate + r concat + 0.0 0.0 moveto + dl t 2.7 mul sub 0.0 rlineto + stroke + restorematrix + x dx add y dy add translate + r concat + t 0.67 mul setlinewidth + t 1.61 mul neg 0.0 translate + 0.0 0.0 moveto + t2 1.7 mul neg t2 2.0 div moveto + 0.0 0.0 lineto + t2 1.7 mul neg t2 2.0 div neg lineto + stroke + t setlinewidth + restorematrix + } if + } bind def +/G { + gsave + newpath + normalize translate 0.0 0.0 moveto + dnormalize scale + 0.0 0.0 1.0 5 3 roll arc + closepath fill + grestore + } bind def +/A { + gsave + savematrix + newpath + 2 index 2 div add exch 3 index 2 div sub exch + normalize 2 index 2 div sub exch 3 index 2 div add exch + translate + scale + 0.0 0.0 1.0 5 3 roll arc + restorematrix + stroke + grestore + } bind def + /x FMLOCAL + /y FMLOCAL + /w FMLOCAL + /h FMLOCAL + /xx FMLOCAL + /yy FMLOCAL + /ww FMLOCAL + /hh FMLOCAL + /FMsaveobject FMLOCAL + /FMoptop FMLOCAL + /FMdicttop FMLOCAL +/BEGINPRINTCODE { + /FMdicttop countdictstack 1 add def + /FMoptop count 4 sub def + /FMsaveobject save def + userdict begin + /showpage {} def + FMNORMALIZEGRAPHICS + 3 index neg 3 index neg translate + } bind def +/ENDPRINTCODE { + count -1 FMoptop {pop pop} for + countdictstack -1 FMdicttop {pop end} for + FMsaveobject restore + } bind def +/gn { + 0 + { 46 mul + cf read pop + 32 sub + dup 46 lt {exit} if + 46 sub add + } loop + add + } bind def + /str FMLOCAL +/cfs { + /str sl string def + 0 1 sl 1 sub {str exch val put} for + str def + } bind def +/ic [ + 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223 + 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0223 + 0 + {0 hx} {1 hx} {2 hx} {3 hx} {4 hx} {5 hx} {6 hx} {7 hx} {8 hx} {9 hx} + {10 hx} {11 hx} {12 hx} {13 hx} {14 hx} {15 hx} {16 hx} {17 hx} {18 hx} + {19 hx} {gn hx} {0} {1} {2} {3} {4} {5} {6} {7} {8} {9} {10} {11} {12} + {13} {14} {15} {16} {17} {18} {19} {gn} {0 wh} {1 wh} {2 wh} {3 wh} + {4 wh} {5 wh} {6 wh} {7 wh} {8 wh} {9 wh} {10 wh} {11 wh} {12 wh} + {13 wh} {14 wh} {gn wh} {0 bl} {1 bl} {2 bl} {3 bl} {4 bl} {5 bl} {6 bl} + {7 bl} {8 bl} {9 bl} {10 bl} {11 bl} {12 bl} {13 bl} {14 bl} {gn bl} + {0 fl} {1 fl} {2 fl} {3 fl} {4 fl} {5 fl} {6 fl} {7 fl} {8 fl} {9 fl} + {10 fl} {11 fl} {12 fl} {13 fl} {14 fl} {gn fl} + ] def + /sl FMLOCAL + /val FMLOCAL + /ws FMLOCAL + /im FMLOCAL + /bs FMLOCAL + /cs FMLOCAL + /len FMLOCAL + /pos FMLOCAL +/ms { + /sl exch def + /val 255 def + /ws cfs + /im cfs + /val 0 def + /bs cfs + /cs cfs + } bind def +400 ms +/ip { + is + 0 + cf cs readline pop + { ic exch get exec + add + } forall + pop + + } bind def +/wh { + /len exch def + /pos exch def + ws 0 len getinterval im pos len getinterval copy pop + pos len + } bind def +/bl { + /len exch def + /pos exch def + bs 0 len getinterval im pos len getinterval copy pop + pos len + } bind def +/s1 1 string def +/fl { + /len exch def + /pos exch def + /val cf s1 readhexstring pop 0 get def + pos 1 pos len add 1 sub {im exch val put} for + pos len + } bind def +/hx { + 3 copy getinterval + cf exch readhexstring pop pop + } bind def + /h FMLOCAL + /w FMLOCAL + /d FMLOCAL + /lb FMLOCAL + /bitmapsave FMLOCAL + /is FMLOCAL + /cf FMLOCAL +/wbytes { + dup + 8 eq {pop} {1 eq {7 add 8 idiv} {3 add 4 idiv} ifelse} ifelse + } bind def +/BEGINBITMAPBWc { + 1 {} COMMONBITMAPc + } bind def +/BEGINBITMAPGRAYc { + 8 {} COMMONBITMAPc + } bind def +/BEGINBITMAP2BITc { + 2 {} COMMONBITMAPc + } bind def +/COMMONBITMAPc { + /r exch def + /d exch def + gsave + translate rotate scale /h exch def /w exch def + /lb w d wbytes def + sl lb lt {lb ms} if + /bitmapsave save def + r + /is im 0 lb getinterval def + ws 0 lb getinterval is copy pop + /cf currentfile def + w h d [w 0 0 h neg 0 h] + {ip} image + bitmapsave restore + grestore + } bind def +/BEGINBITMAPBW { + 1 {} COMMONBITMAP + } bind def +/BEGINBITMAPGRAY { + 8 {} COMMONBITMAP + } bind def +/BEGINBITMAP2BIT { + 2 {} COMMONBITMAP + } bind def +/COMMONBITMAP { + /r exch def + /d exch def + gsave + translate rotate scale /h exch def /w exch def + /bitmapsave save def + r + /is w d wbytes string def + /cf currentfile def + w h d [w 0 0 h neg 0 h] + {cf is readhexstring pop} image + bitmapsave restore + grestore + } bind def + /proc1 FMLOCAL + /proc2 FMLOCAL + /newproc FMLOCAL +/Fmcc { + /proc2 exch cvlit def + /proc1 exch cvlit def + /newproc proc1 length proc2 length add array def + newproc 0 proc1 putinterval + newproc proc1 length proc2 putinterval + newproc cvx +} bind def +/ngrayt 256 array def +/nredt 256 array def +/nbluet 256 array def +/ngreent 256 array def + /gryt FMLOCAL + /blut FMLOCAL + /grnt FMLOCAL + /redt FMLOCAL + /indx FMLOCAL + /cynu FMLOCAL + /magu FMLOCAL + /yelu FMLOCAL + /k FMLOCAL + /u FMLOCAL +/colorsetup { + currentcolortransfer + /gryt exch def + /blut exch def + /grnt exch def + /redt exch def + 0 1 255 { + /indx exch def + /cynu 1 red indx get 255 div sub def + /magu 1 green indx get 255 div sub def + /yelu 1 blue indx get 255 div sub def + /k cynu magu min yelu min def + /u k currentundercolorremoval exec def + nredt indx 1 0 cynu u sub max sub redt exec put + ngreent indx 1 0 magu u sub max sub grnt exec put + nbluet indx 1 0 yelu u sub max sub blut exec put + ngrayt indx 1 k currentblackgeneration exec sub gryt exec put + } for + {255 mul cvi nredt exch get} + {255 mul cvi ngreent exch get} + {255 mul cvi nbluet exch get} + {255 mul cvi ngrayt exch get} + setcolortransfer + {pop 0} setundercolorremoval + {} setblackgeneration + } bind def + /tran FMLOCAL +/fakecolorsetup { + /tran 256 string def + 0 1 255 {/indx exch def + tran indx + red indx get 77 mul + green indx get 151 mul + blue indx get 28 mul + add add 256 idiv put} for + currenttransfer + {255 mul cvi tran exch get 255.0 div} + exch Fmcc settransfer +} bind def +/BITMAPCOLOR { + /d 8 def + gsave + translate rotate scale /h exch def /w exch def + /bitmapsave save def + colorsetup + /is w d wbytes string def + /cf currentfile def + w h d [w 0 0 h neg 0 h] + {cf is readhexstring pop} {is} {is} true 3 colorimage + bitmapsave restore + grestore + } bind def +/BITMAPCOLORc { + /d 8 def + gsave + translate rotate scale /h exch def /w exch def + /lb w d wbytes def + sl lb lt {lb ms} if + /bitmapsave save def + colorsetup + /is im 0 lb getinterval def + ws 0 lb getinterval is copy pop + /cf currentfile def + w h d [w 0 0 h neg 0 h] + {ip} {is} {is} true 3 colorimage + bitmapsave restore + grestore + } bind def +/BITMAPGRAY { + 8 {fakecolorsetup} COMMONBITMAP + } bind def +/BITMAPGRAYc { + 8 {fakecolorsetup} COMMONBITMAPc + } bind def +/ENDBITMAP { + } bind def +end +%%EndProlog +%%BeginSetup +(2.0) FMVERSION +1 1 612 792 0 1 16 FMDOCUMENT +/fillprocs 32 array def +fillprocs 0 { 0.000000 grayness } put +fillprocs 1 { 0.100000 grayness } put +fillprocs 2 { 0.300000 grayness } put +fillprocs 3 { 0.500000 grayness } put +fillprocs 4 { 0.700000 grayness } put +fillprocs 5 { 0.900000 grayness } put +fillprocs 6 { 0.970000 grayness } put +fillprocs 7 { 1.000000 grayness } put +fillprocs 8 {<0f87c3e1f0783c1e> 8 1 setpattern } put +fillprocs 9 {<0f1e3c78f0e1c387> 8 1 setpattern } put +fillprocs 10 {<cccccccccccccccc> 8 1 setpattern } put +fillprocs 11 {<ffff0000ffff0000> 8 1 setpattern } put +fillprocs 12 {<8142241818244281> 8 1 setpattern } put +fillprocs 13 {<8040201008040201> 8 1 setpattern } put +fillprocs 14 {<03060c183060c081> 8 1 setpattern } put +fillprocs 15 {} put +fillprocs 16 { 1.000000 grayness } put +fillprocs 17 { 0.900000 grayness } put +fillprocs 18 { 0.700000 grayness } put +fillprocs 19 { 0.500000 grayness } put +fillprocs 20 { 0.300000 grayness } put +fillprocs 21 { 0.100000 grayness } put +fillprocs 22 { 0.030000 grayness } put +fillprocs 23 { 0.000000 grayness } put +fillprocs 24 {<f0783c1e0f87c3e1> 8 1 setpattern } put +fillprocs 25 {<f0e1c3870f1e3c78> 8 1 setpattern } put +fillprocs 26 {<3333333333333333> 8 1 setpattern } put +fillprocs 27 {<0000ffff0000ffff> 8 1 setpattern } put +fillprocs 28 {<7ebddbe7e7dbbd7e> 8 1 setpattern } put +fillprocs 29 {<7fbfdfeff7fbfdfe> 8 1 setpattern } put +fillprocs 30 {<fcf9f3e7cf9f3f7e> 8 1 setpattern } put +fillprocs 31 {} put +%%EndSetup +0 12 /Helvetica-Bold FMDEFINEFONT +1 12 /Helvetica-BoldOblique FMDEFINEFONT +%%Page: "-1" 1 +%%BeginPaperSize: Letter +%%EndPaperSize +612 792 0 FMBEGINPAGE +144 144 468 396 R +7 X +0 K +V +0 F +0 X +1.2 (IMPLEMENT) 178.34 388 S +1.2 (A) 258.88 388 S +1.2 (TION NOTES ON ) 267.85 388 S +1 F +1.2 (bdes) 382.61 388 S +0 F +1.2 (\0501\051) 415.4 388 S +1.2 (Matt Bishop) 265.09 338 S +1.2 (T) 197.74 288 S +1.2 (echnical Report PCS-TR91-158) 205.38 288 S +FMENDPAGE +%%EndPage: "-1" 2 +%%Page: "0" 2 +612 792 0 FMBEGINPAGE +72 72 540 720 R +7 X +0 K +V +FMENDPAGE +%%EndPage: "0" 3 +0 12 /Times-Roman FMDEFINEFONT +1 18 /Times-Bold FMDEFINEFONT +2 18 /Times-BoldItalic FMDEFINEFONT +3 12 /Times-Italic FMDEFINEFONT +4 12 /Times-Bold FMDEFINEFONT +5 10 /Times-Roman FMDEFINEFONT +6 12 /Courier FMDEFINEFONT +7 12 /Courier-Oblique FMDEFINEFONT +8 12 /ZapfDingbats FMDEFINEFONT +9 12 /Symbol FMDEFINEFONT +10 12 /Courier-Bold FMDEFINEFONT +%%Page: "1" 3 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 1 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +1 F +0 X +(Implementation Notes on ) 179.84 708 T +2 F +(bdes) 378.21 708 T +1 F +(\0501\051) 411.19 708 T +0 F +( ) 432.17 708 T +3 F +(Matt Bishop) 276.51 676 T +0 F +(Department of Mathematics and Computer Science) 182.92 656 T +(Dartmouth College) 259.86 642 T +(Hanover) 257.45 628 T +(, NH 03755) 298.26 628 T +3 F +(ABSTRACT) 277.68 602 T +0 F +0.27 (This note describes the implementation of ) 108 582 P +3 F +0.27 (bdes) 314.13 582 P +0 F +0.27 (, the \336le encryption program being) 336.12 582 P +0.36 (distributed in the 4.4 release of the Berkeley Software Distribution. It implements) 108 568 P +(all modes of the Data Encryption Standard program.) 108 554 T +4 F +(1. Intr) 72 528 T +(oduction) 104.43 528 T +0 F +-0.09 (The Data Encryption Standard is a standard endorsed by the federal government. It is con-) 108 504 P +-0.56 (siderably stronger than the algorithm used by the ) 72 484 P +5 F +-0.47 (UNIX) 305.36 484 P +0 F +-0.56 (\252 ) 330.34 484 P +3 F +-0.56 (crypt) 344.53 484 P +0 F +-0.56 (\0501\051 program, and therefore is a more) 369.18 484 P +0.11 (suitable candidate for protecting information, especially information contained in ) 72 464 P +5 F +0.09 (ASCII) 466.05 464 P +0 F +0.11 ( \336les. The) 492.14 464 P +-0.65 (program ) 72 444 P +3 F +-0.65 (bdes) 114.99 444 P +0 F +-0.65 (\0501\051 implements the DES and all of its modes, including the two authentication modes.) 136.97 444 P +-0.59 (Because others may wish to write software compatible with this program, this note presents) 108 420 P +-0.04 (the layout of the encrypted \336les produced by ) 72 400 P +3 F +-0.04 (bdes) 288.86 400 P +0 F +-0.04 ( as well as internal details relevant to the imple-) 310.85 400 P +-0.15 (mentation. Whereever possible and appropriate, the description of the ) 72 380 P +3 F +-0.15 (des) 408.04 380 P +0 F +-0.15 (\0501\051 program given in [4]) 424.03 380 P +-0.2 (has been followed; thus, ) 72 360 P +3 F +-0.2 (bdes) 190.77 360 P +0 F +-0.2 ( is completely compatible with that program. However) 212.75 360 P +-0.2 (, ) 473.33 360 P +3 F +-0.2 (bdes) 479.12 360 P +0 F +-0.2 ( also of-) 501.11 360 P +(fers several extensions to ) 72 340 T +3 F +(des) 195.9 340 T +0 F +( that are not compatible, and these will be explicitly pointed out.) 211.89 340 T +-0.14 (In this note, strings typed as shown will be in ) 108 316 P +6 F +-0.34 (Courier Roman font) 326.78 316 P +0 F +-0.14 (, and strings to be) 455.62 316 P +-0.42 (chosen by the user will be in ) 72 296 P +7 F +-1 (Courier Oblique font) 209.32 296 P +0 F +-0.42 (. The space character \050) 351.24 296 P +5 F +-0.35 (ASCII) 457.79 296 P +0 F +-0.42 ( <) 483.88 296 P +5 F +-0.35 (SP) 493.23 296 P +0 F +-0.42 (>, octal) 504.34 296 P +-0.43 (40, decimal 32, hex 20\051 will be represented as \322) 72 276 P +8 F +-0.47 (z) 296.98 276 P +0 F +-0.43 (\323 and the newline character \050) 301.96 276 P +5 F +-0.35 (ASCII) 438.03 276 P +0 F +-0.43 ( <) 464.13 276 P +5 F +-0.35 (NL) 473.46 276 P +0 F +-0.43 (>, octal 12,) 486.79 276 P +-0.05 (decimal 10, hex a\051 as \322) 72 256 P +9 F +-0.05 (\277) 181.65 256 P +0 F +-0.05 (\323. Because it is often more convenient to represent arbitrary characters as) 189.54 256 P +1.13 (a sequence of hexadecimal digits, that representation will often be used; these digits will be in) 72 236 P +10 F +(Courier Bold font) 72 216 T +0 F +( with spaces often inserted for readability) 194.33 216 T +(.) 392.07 216 T +4 F +(2. Overview and Use) 72 184 T +3 F +-0.39 (Bdes) 108 160 P +0 F +-0.39 ( implements the Data Encryption Standard algorithm in software, and enables the user) 131.32 160 P +-0.61 (to encrypt data using any of the four modes of operation of the DES \050Electronic Code Book, Cipher) 72 140 P +72 72 540 720 C +72 72 540 117 C +72 72 549 108 R +7 X +0 K +V +5 F +0 X +(This work is based on work funded by grant NAG2-680 from the National +Aeronautics and Space Administration to ) 72 101.33 T +(Dartmouth College.) 72 89.33 T +(UNIX is a Registered T) 72 77.33 T +(rademark of A) 166.58 77.33 T +(T&T Bell Laboratories.) 223.75 77.33 T +72 72 540 720 C +0 0 612 792 C +72 126 225 126 2 L +7 X +0 K +V +0.5 H +2 Z +0 X +N +FMENDPAGE +%%EndPage: "1" 4 +%%Page: "2" 4 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 2 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +0 X +0.31 (Block Chaining, ) 72 712 P +3 F +0.31 (k) 154.25 712 P +0 F +0.31 (-bit Cipher Feed Back, and ) 159.58 712 P +3 F +0.31 (k) 293.71 712 P +0 F +0.31 (-bit Output Feed Back\051 as well as the Alternate ) 299.04 712 P +3 F +0.31 (k) 530.68 712 P +0 F +0.31 (-) 536.01 712 P +-0.04 (bit Cipher Feed Back mode. Further) 72 692 P +-0.04 (, ) 244.52 692 P +3 F +-0.04 (bdes) 250.48 692 P +0 F +-0.04 ( supports message authentication code generation based) 272.46 692 P +(on both the Cipher Block Chaining mode and the ) 72 672 T +3 F +(k) 310.86 672 T +0 F +(-bit Cipher Feed Back mode.) 316.19 672 T +0.07 (By default, ) 108 648 P +3 F +0.07 (bdes) 164.43 648 P +0 F +0.07 ( encrypts an input \336le using Cipher Block Chaining mode, and is invoked) 186.41 648 P +-0.4 (as a \336lter) 72 628 P +-0.4 (. The key may be speci\336ed either on the command line or may be typed to the prompt. So,) 114.51 628 P +(if the input \336le ) 72 608 T +7 F +(inputf) 145.96 608 T +(ile) 189.14 608 T +0 F +( contains the message) 210.73 608 T +6 F +(a) 253.9 584 T +8 F +(z) 261.1 584 T +6 F +(test) 266.07 584 T +8 F +(z) 294.86 584 T +6 F +(message) 299.83 584 T +9 F +(\277) 350.21 584 T +0 F +(then the following command encrypts it using the key ) 72 560 T +6 F +(abcdefgh) 333.5 560 T +0 F +(:) 391.07 560 T +6 F +(bdes -k abcdefgh < ) 158.48 536 T +7 F +(inputf) 295.21 536 T +(ile) 338.38 536 T +6 F +( > ) 359.97 536 T +7 F +(outputf) 381.56 536 T +(ile) 431.93 536 T +0 F +(The option ) 72 512 T +4 F +(-k) 127.3 512 T +0 F +( indicates the next ar) 137.96 512 T +(gument is the key) 237.01 512 T +(. Now ) 321.17 512 T +7 F +(outputf) 353.48 512 T +(ile) 403.86 512 T +0 F +( contains) 425.45 512 T +10 F +(16 0e eb af 68 a0 d0 19 f1 a2 9b 31 0d 8a 01 c3) 136.89 488 T +0 F +0.06 (Other modes are speci\336ed using command-line options, as is control of the way the key is) 108 464 P +(interpreted. The next sections contain several examples, and the Appendix has the manual page.) 72 444 T +4 F +(3. Keys and Parity) 72 412 T +0 F +0.58 (The key consists of 64 bits, and may be presented in any of hex, binary) 108 388 P +0.58 (, or as a string of) 456.48 388 P +5 F +0.12 (ASCII) 72 368 P +0 F +0.14 ( characters. If the key is given in hex or binary) 98.1 368 P +0.14 (, it is used as is with no changes. However) 322.21 368 P +0.14 (, if) 526.53 368 P +-0.27 (the key is given in ) 72 348 P +5 F +-0.23 (ASCII) 161.59 348 P +0 F +-0.27 (, a delicate problem arises: by convention, the parity bit is usually set to 0.) 187.69 348 P +-0.47 (This high-order bit is generally ignored by applications; but the DES +does not do so. Instead, it dis-) 72 328 P +-0.14 (cards the low-order bit, ef) 72 308 P +-0.14 (fectively reducing the size of the space of possible keys from 2) 195.44 308 P +5 F +-0.12 (56) 495.97 312.8 P +0 F +-0.14 ( to 2) 505.97 308 P +5 F +-0.12 (48) 527.01 312.8 P +0 F +-0.14 (.) 537 308 P +-0.46 ( T) 108 284 P +-0.46 (o preserve the size of the key space, the value of the parity bit must be related to the value) 117.03 284 P +-0.09 (in the low-order bit, so the program sets the high-order bit to make each character in the key be of) 72 264 P +-0.7 (odd parity) 72 244 P +-0.7 (. \050Note that the initial value of the parity bit is ) 119.49 244 P +3 F +-0.7 (not) 334.99 244 P +0 F +-0.7 ( used in this computation.\051 For example,) 350.31 244 P +(if the key is ) 72 224 T +6 F +(abcdefgh) 131.29 224 T +0 F +(, the actual key bits used are determined as follows:) 188.86 224 T +5 F +(ASCII) 99 200 T +0 F +( key) 125.1 200 T +6 F +(a) 243 200 T +(b) 279 200 T +(c) 315 200 T +(d) 351 200 T +(e) 387 200 T +(f) 423 200 T +(g) 459 200 T +(h) 495 200 T +5 F +(ASCII) 99 180 T +0 F +( key bits \050hex\051) 125.1 180 T +10 F +(61) 243 180 T +(62) 279 180 T +(63) 315 180 T +(64) 351 180 T +(65) 387 180 T +(66) 423 180 T +(67) 459 180 T +(68) 495 180 T +0 F +(parity) 99 160 T +(odd) 243 160 T +(odd) 279 160 T +(even) 315 160 T +(odd) 351 160 T +(even) 387 160 T +(even) 423 160 T +(odd) 459 160 T +(odd) 495 160 T +(key bits used \050hex\051) 99 140 T +10 F +(61) 243 140 T +(62) 279 140 T +(e3) 315 140 T +(64) 351 140 T +(e5) 387 140 T +(e6) 423 140 T +(67) 459 140 T +(68) 495 140 T +0 F +0.18 (This convention \050as opposed to requiring even parity) 108 120 P +0.18 (, or simply copying the low-order bit) 362 120 P +-0.41 (to the high-order bit\051 was chosen to provide compatibility with the encryption program ) 72 100 P +3 F +-0.41 (des) 486.77 100 P +0 F +-0.41 ( distrib-) 502.76 100 P +-0.52 (uted by Sun Microsystems, Inc. [4]. Whether the key is entered on the command line or on the key-) 72 80 P +FMENDPAGE +%%EndPage: "2" 5 +%%Page: "3" 5 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 3 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +0 X +1.89 (board, by default it is processed into the same key schedule generated by Sun\325) 72 712 P +1.89 (s ) 471.02 712 P +3 F +1.89 (des) 480.58 712 P +0 F +1.89 (, so \336les) 496.56 712 P +(encrypted on a Sun can be decrypted using ) 72 692 T +3 F +(bdes) 280.51 692 T +0 F +( \050and vice versa\051.) 302.49 692 T +-0.3 (If the user does not wish to use the Sun convention, the option \320) 108 668 P +4 F +-0.3 (p) 411.9 668 P +0 F +-0.3 ( will disable the parity bit) 418.57 668 P +-0.62 (changing; with it, the parity bit is that of the character typed. This +is useful when the key is a known) 72 648 P +5 F +(ASCII) 72 628 T +0 F +( string and the \336le was encrypted on a system which does not alter parity bits.) 98.1 628 T +-0.24 (A key may be represented as a bit vector) 108 604 P +-0.24 (, rather than an ) 300.74 604 P +5 F +-0.2 (ASCII) 374.7 604 P +0 F +-0.24 ( string, in one of two ways. It) 400.8 604 P +0.19 (may be represented as a string of up to 16 hexadecimal digits; if fewer than 16 are given, the key) 72 584 P +0.16 (is right \336lled with 0 bits. Or) 72 564 P +0.16 (, it may be represented as a string of up to 64 binary digits, and again) 206.11 564 P +0.15 (if fewer than 64 are given, the key is right-\336lled with 0 bits. Bit +vector keys must be given on the) 72 544 P +0.51 (command line, and must begin with the characters ) 72 524 P +6 F +1.24 (0x) 320.28 524 P +0 F +0.51 ( or ) 334.67 524 P +6 F +1.24 (0X) 351.69 524 P +0 F +0.51 ( \050for hexadecimal\051 or ) 366.08 524 P +6 F +1.24 (0b) 472.71 524 P +0 F +0.51 ( or ) 487.1 524 P +6 F +1.24 (0B) 504.12 524 P +0 F +0.51 ( \050for) 518.51 524 P +(binary\051. For example, all of the following strings generate the same key schedule:) 72 504 T +5 F +(ASCII) 72 480 T +0 F +( key) 98.1 480 T +6 F +(abcdefgh) 180 480 T +0 F +(hexadecimal key) 72 460 T +6 F +(0x6162e364e5e66768) 180 460 T +0 F +(binary key) 72 440 T +6 F +(0b0110000101100010111000110110100011100101111000-) 180 440 T +(1100110011101101000) 180 420 T +0 F +-0.14 ( Note that giving the key on the command line as ) 108 396 P +6 F +-0.34 (0x6162636465666768) 345.27 396 P +0 F +-0.14 ( will ) 474.8 396 P +3 F +-0.14 (not) 499.17 396 P +0 F +-0.14 ( reset) 514.5 396 P +0.25 (the parity bits, because it is interpreted as a sequence of hex digits, not ) 72 376 P +5 F +0.21 (ASCII) 416.58 376 P +0 F +0.25 ( characters. The dif-) 442.68 376 P +0.69 (ference in interpretation is that here the user can specify all bits of the key exactly) 72 356 P +0.69 (, whereas \050on) 474.34 356 P +0.25 (most terminals\051 it is not possible to control how the parity bit of ) 72 336 P +5 F +0.21 (ASCII) 384.76 336 P +0 F +0.25 ( characters is set. On some) 410.85 336 P +0.36 (systems, it is possible to use a \322Meta\323 key to set the parity bit for an ) 72 316 P +5 F +0.3 (ASCII) 407.23 316 P +0 F +0.36 ( character; should this) 433.33 316 P +-0.3 (be the case and the user desire ) 72 296 P +3 F +-0.3 (bdes) 218.09 296 P +0 F +-0.3 ( not to reset the parity bit, the option ) 240.07 296 P +4 F +-0.3 (\320p) 415.25 296 P +0 F +-0.3 ( will force the parity bit) 427.92 296 P +(to be used as typed.) 72 276 T +4 F +(4. Encryption Output Repr) 72 244 T +(esentation) 211.05 244 T +0 F +0.01 (All modes of the DES output ciphertext in blocks; the size of the block is 64 bits \0508 bytes\051) 108 220 P +-0.25 (for ECB and CBC modes, and ) 72 200 P +3 F +-0.25 (k) 218.74 200 P +0 F +-0.25 ( bits for the ) 224.07 200 P +3 F +-0.25 (k) 281.02 200 P +0 F +-0.25 (-bit CFB and OFB modes, and there are as many out-) 286.35 200 P +-0.5 (put blocks as input blocks. However) 72 180 P +-0.5 (, as the length of the input is usually not a multiple of the block) 243.55 180 P +-0.35 (size, some padding is necessary; but as padding must be done by appending characters, these char-) 72 160 P +0.29 (acters must be distinguished from the input characters somehow) 72 140 P +0.29 (. The mechanism used is that the) 381.35 140 P +0.31 (last character of the \050decrypted\051 last block is the +\050integer\051 number of characters from the input in) 72 120 P +(the last block.) 72 100 T +FMENDPAGE +%%EndPage: "3" 6 +%%Page: "4" 6 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 4 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +0 X +-0.59 (For example, suppose ) 108 712 P +7 F +-1.41 (inputf) 214.16 712 P +-1.41 (ile) 257.34 712 P +0 F +-0.59 ( contains \322) 278.93 712 P +6 F +-1.41 (This) 329.04 712 P +8 F +-0.65 (z) 357.83 712 P +6 F +-1.41 (is) 362.8 712 P +8 F +-0.65 (z) 377.2 712 P +6 F +-1.41 (a) 382.17 712 P +8 F +-0.65 (z) 389.37 712 P +6 F +-1.41 (test) 394.35 712 P +9 F +-0.59 (\277) 423.13 712 P +0 F +-0.59 (\323, and it is encrypted in) 431.02 712 P +(CBC mode using the key \322) 72 692 T +6 F +(abcdef#@) 200.93 692 T +0 F +(\323 and the initialization vector ) 258.5 692 T +6 F +(0x0) 401.4 692 T +0 F +(; the command is) 422.99 692 T +6 F +(bdes -k abcdef#@ < ) 158.48 668 T +7 F +(inputf) 295.21 668 T +(ile) 338.38 668 T +6 F +( > ) 359.97 668 T +7 F +(outputf) 381.56 668 T +(ile) 431.93 668 T +0 F +(as CBC is the default encryption mode and ) 72 644 T +6 F +(0x0) 281.2 644 T +0 F +( the default initialization vector:) 302.79 644 T +(text) 72 620 T +6 F +(T) 117 620 T +(h) 144 620 T +(i) 171 620 T +(s) 198 620 T +8 F +(z) 225 620 T +6 F +(i) 252 620 T +(s) 279 620 T +8 F +(z) 306 620 T +6 F +(a) 333 620 T +8 F +(z) 360 620 T +6 F +(t) 387 620 T +(e) 414 620 T +(s) 441 620 T +(t) 468 620 T +9 F +(\277) 495 620 T +0 F +(hex) 72 600 T +10 F +(54) 117 600 T +(68) 144 600 T +(69) 171 600 T +(73) 198 600 T +(20) 225 600 T +(69) 252 600 T +(73) 279 600 T +(20) 306 600 T +(61) 333 600 T +(20) 360 600 T +(74) 387 600 T +(65) 414 600 T +(73) 441 600 T +(74) 468 600 T +(0a) 495 600 T +0 F +(input) 72 580 T +10 F +(54) 117 580 T +(68) 144 580 T +(69) 171 580 T +(73) 198 580 T +(20) 225 580 T +(69) 252 580 T +(73) 279 580 T +(20) 306 580 T +(61) 333 580 T +(20) 360 580 T +(74) 387 580 T +(65) 414 580 T +(73) 441 580 T +(74) 468 580 T +(0a) 495 580 T +(07) 522 580 T +0 F +(output) 72 560 T +10 F +(a5) 117 560 T +(5f) 144 560 T +(81) 171 560 T +(53) 198 560 T +(51) 225 560 T +(98) 252 560 T +(47) 279 560 T +(02) 306 560 T +(db) 333 560 T +(5a) 360 560 T +(c5) 387 560 T +(fe) 414 560 T +(50) 441 560 T +(3d) 468 560 T +(40) 495 560 T +(ce) 522 560 T +0 F +0.04 (Notice that the text is 15 characters long, so there are 7 bytes following the last full block.) 108 540 P +3 F +0.22 (Bdes) 72 520 P +0 F +0.22 ( pads this to a full block by appending one byte containing the ) 95.32 520 P +5 F +0.19 (ASCII) 399.67 520 P +0 F +0.22 ( character with numeric) 425.77 520 P +(value 7 \050the ) 72 500 T +5 F +(ASCII) 131.62 500 T +0 F +( character <) 157.71 500 T +5 F +(BEL) 214.42 500 T +0 F +(>\051. The result is then encrypted.) 233.3 500 T +0.44 (As another example, suppose ) 108 476 P +7 F +1.07 (inputf) 253.34 476 P +1.07 (ile) 296.52 476 P +0 F +0.44 ( contains \322) 318.11 476 P +6 F +1.07 (test) 370.29 476 P +0 F +0.44 (\323, and it is encrypted in ECB) 399.08 476 P +(mode using the key \322) 72 456 T +6 F +(abcdef#@) 173.93 456 T +0 F +(\323; the command is) 231.5 456 T +6 F +(bdes -b \320k abcdef#@ < ) 147.69 432 T +7 F +(inputf) 306 432 T +(ile) 349.18 432 T +6 F +( > ) 370.76 432 T +7 F +(outputf) 392.35 432 T +(ile) 442.73 432 T +0 F +(because the option ) 72 408 T +4 F +(\320b) 164.26 408 T +0 F +( signi\336es ECB mode:) 176.93 408 T +(text) 72 384 T +6 F +(t) 144 384 T +(e) 171 384 T +(s) 198 384 T +(t) 225 384 T +0 F +(hex) 72 364 T +10 F +(74) 144 364 T +(65) 171 364 T +(73) 198 364 T +(74) 225 364 T +0 F +(input) 72 344 T +10 F +(74) 144 344 T +(65) 171 344 T +(73) 198 344 T +(74) 225 344 T +(00) 252 344 T +(00) 279 344 T +(00) 306 344 T +(04) 333 344 T +0 F +(output) 72 324 T +10 F +(0d) 144 324 T +(8a) 171 324 T +(6e) 198 324 T +(57) 225 324 T +(9c) 252 324 T +(8f) 279 324 T +(27) 306 324 T +(5d) 333 324 T +0 F +-0.31 (Finally) 108 304 P +-0.31 (, if the length of the message is indeed a multiple of the block size, an extra block of) 141.21 304 P +0.83 (all 0 bits is added. Suppose ) 72 284 P +7 F +1.99 (inputf) 210.57 284 P +1.99 (ile) 253.74 284 P +0 F +0.83 ( contains \322) 275.33 284 P +6 F +1.99 (test) 328.28 284 P +9 F +0.83 (\277) 357.07 284 P +0 F +0.83 (\323, and it is encrypted in 40-bit CFB) 364.96 284 P +1.51 (mode using the key \322) 72 264 P +6 F +3.62 (abcdef#@) 179.96 264 P +0 F +1.51 (\323 and the initialization vector ) 237.53 264 P +6 F +3.62 (0x0123456789abcdef) 387.97 264 P +0 F +1.51 (; the) 517.5 264 P +(command is) 72 244 T +6 F +-0.99 (bdes -f40 -v0x0123456789abcdef -kabcdef#@ < ) 72 220 P +7 F +-0.99 (inputf) 383.67 220 P +-0.99 (ile) 426.85 220 P +6 F +-0.99 ( > ) 448.43 220 P +7 F +-0.99 (outputf) 468.04 220 P +-0.99 (ile) 518.41 220 P +0 F +0.16 (because the option ) 72 196 P +4 F +0.16 (\320f40 ) 164.75 196 P +0 F +0.16 (signi\336es 40-bit CFB mode, and ) 189.89 196 P +4 F +0.16 (-v0x01234566789abcdef) 343.96 196 P +0 F +0.16 ( sets the initial-) 465.89 196 P +(ization vector \050note that spaces between the option and its ar) 72 176 T +(gument are optional\051:) 361.57 176 T +(text) 72 152 T +6 F +(t) 144 152 T +(e) 171 152 T +(s) 198 152 T +(t) 225 152 T +9 F +(\277) 252 152 T +0 F +(hex) 72 132 T +10 F +(74) 144 132 T +(65) 171 132 T +(73) 198 132 T +(74) 225 132 T +(0a) 252 132 T +0 F +(input) 72 112 T +10 F +(74) 144 112 T +(65) 171 112 T +(73) 198 112 T +(74) 225 112 T +(0a) 252 112 T +(00) 279 112 T +(00) 306 112 T +(00) 333 112 T +(00) 360 112 T +(00) 387 112 T +0 F +(output) 72 92 T +10 F +(e2) 144 92 T +(c2) 171 92 T +(69) 198 92 T +(a4) 225 92 T +(5b) 252 92 T +(3c) 279 92 T +(3d) 306 92 T +(b3) 333 92 T +(f5) 360 92 T +(3c) 387 92 T +FMENDPAGE +%%EndPage: "4" 7 +1 12 /Times-BoldItalic FMDEFINEFONT +2 14 /Symbol FMDEFINEFONT +%%Page: "5" 7 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 5 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +0 X +(Note here the block size is 40 bits \0505 bytes\051, not 64 bits \0508 bytes\051.) 108 712 T +-0.4 (This technique allows complete compatibility with Sun\325) 108 688 P +-0.4 (s ) 374.11 688 P +3 F +-0.4 (des) 381.37 688 P +0 F +-0.4 ( program. In Sun\325) 397.36 688 P +-0.4 (s implemen-) 480.77 688 P +0.02 (tation, padding is done with random bytes rather than bytes containing all zero bits. Cryptograph-) 72 668 P +0.85 (ically) 72 648 P +0.85 (, this makes no dif) 97.87 648 P +0.85 (ference, as the DES is a suf) 189.32 648 P +0.85 (\336ciently good random cipher to obscure the) 325.74 648 P +(input \050see for example [2], Chapter 6\051, and known plaintext attacks are very dif) 72 628 T +(\336cult [1].) 451.82 628 T +4 F +(5. Differ) 72 596 T +(ences Between the Standard CFB and OFB Modes and ) 114.41 596 T +1 F +(bdes) 397.26 596 T +0 F +-0.11 (The UNIX operating system treats all \336les as streams of 8-bit bytes. In order to implement) 108 572 P +-0.08 (the CFB and OFB modes properly) 72 552 P +-0.08 (, it would be necessary to read ) 235.74 552 P +3 F +-0.08 (k) 383.74 552 P +0 F +-0.08 ( bits from the \336le, where ) 389.07 552 P +3 F +-0.08 (k) 509.51 552 P +0 F +-0.08 ( is an) 514.84 552 P +0.98 (integer between 1 and 64 inclusive. However) 72 532 P +0.98 (, this would require considerable buf) 294.22 532 P +0.98 (fering and be) 474.77 532 P +0.23 (quite inef) 72 512 P +0.23 (\336cient and prohibitively slow) 117.65 512 P +0.23 (. For these reasons, the current implementation of ) 258.48 512 P +3 F +0.23 (bdes) 501.48 512 P +0 F +0.23 ( re-) 523.46 512 P +0.47 (quires that ) 72 492 P +3 F +0.47 (k) 126.23 492 P +0 F +0.47 ( be a multiple of 8, so that an integral number of bytes will always be read from the) 131.56 492 P +(\336le. Other than this change, this mode is implemented as described in [3].) 72 472 T +-0.58 (A similar observation holds for the alternate CFB mode described in [3]. Here, only the low) 108 448 P +0.23 (7 bits of each byte are signi\336cant, and hence the parameter ) 72 428 P +3 F +0.23 (k) 358.95 428 P +0 F +0.23 ( is an integer from 1 to 56 inclusive;) 364.28 428 P +(bdes requires k to be a multiple of 7. The high-order bit is retained for encryption and decryption,) 72 408 T +(but output \050whether from encryption or decryption\051 always has the high-order bit set to zero.) 72 388 T +4 F +(6. Message Authentication Code Modes) 72 356 T +0 F +0.57 (The Data Encryption Standard provides two modes of authentication, each providing be-) 108 332 P +1.27 (tween 1 and 64 bits of authentication data. In both cases an ) 72 312 P +3 F +1.27 (n) 373.32 312 P +0 F +1.27 (-bit message authentication code) 379.32 312 P +0.62 (\050MAC\051 is generated, where 1) 72 292 P +2 F +0.73 ( ) 214.71 292 P +9 F +0.62 (\243) 218.94 292 P +0 F +0.62 ( ) 225.52 292 P +3 F +0.62 (n) 229.15 292 P +0 F +0.62 ( ) 235.14 292 P +9 F +0.62 (\243) 238.76 292 P +0 F +0.62 ( 64. The \336rst is based on the CBC encryption mode, and the) 245.35 292 P +(second on CFB mode. Both work the same.) 72 272 T +0.13 (First, the \336le is padded to a multiple of the block size by appending enough zero bits. It is) 108 248 P +-0.16 (then encrypted using the standard CBC \050or CFB\051 algorithm, but +all encrypted text is discarded ex-) 72 228 P +-0.44 (cept for the last block. The ) 72 208 P +3 F +-0.44 (n) 200.9 208 P +0 F +-0.44 ( leading bits of the last block are used as the MAC. Note that the block) 206.9 208 P +(size constrains the number of bits available as the MAC.) 72 188 T +0.71 (The implementation allows the user to specify that the MAC is to be computed in either) 108 164 P +-0.01 (CBC or CFB mode, and the user can specify any number of bits from 1 to 64 inclusive. However) 72 144 P +-0.01 (,) 537 144 P +-0.11 (because the UNIX operating system can only output bits in multiples of 8, if the number of bits of) 72 124 P +-0.08 (MAC is not a multiple of 8, the MAC will be right-padded with the minimum number of zero bits) 72 104 P +-0.31 (necessary to make the MAC length be a multiple of 8. However) 72 84 P +-0.31 (, note that as the standard \050[3], Ap-) 374.6 84 P +FMENDPAGE +%%EndPage: "5" 8 +%%Page: "6" 8 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 6 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +0 X +-0.14 (pendix F\051 requires an incomplete \336nal block be right-padded with +zeroes, the technique of forcing) 72 712 P +(the last octet to contain the number of bytes in the message is ) 72 692 T +3 F +(not) 369.47 692 T +0 F +( used here.) 384.8 692 T +-0.39 (For example, suppose ) 108 668 P +7 F +-0.94 (inputf) 214.76 668 P +-0.94 (ile) 257.93 668 P +0 F +-0.39 ( contains \322) 279.52 668 P +6 F +-0.94 (This) 330.04 668 P +8 F +-0.43 (z) 358.82 668 P +6 F +-0.94 (is) 363.8 668 P +8 F +-0.43 (z) 378.19 668 P +6 F +-0.94 (a) 383.17 668 P +8 F +-0.43 (z) 390.36 668 P +6 F +-0.94 (test) 395.34 668 P +9 F +-0.39 (\277) 424.13 668 P +0 F +-0.39 (\323, and a 64-bit MAC is) 432.02 668 P +-0.73 (to be generated using CBC mode, the key \322) 72 648 P +6 F +-1.74 (abcdef#@) 274.39 648 P +0 F +-0.73 (\323 and the initialization vector ) 331.96 648 P +6 F +-1.74 (0x0) 471.23 648 P +0 F +-0.73 (; the com-) 492.82 648 P +(mand is) 72 628 T +6 F +(bdes -m 64 -k abcdef#@ < ) 136.89 604 T +7 F +(inputf) 316.79 604 T +(ile) 359.97 604 T +6 F +( > ) 381.56 604 T +7 F +(outputf) 403.15 604 T +(ile) 453.52 604 T +0 F +(as CBC is the default encryption mode and ) 72 580 T +6 F +(0x0) 281.2 580 T +0 F +( the default initialization vector:) 302.79 580 T +(text) 72 556 T +6 F +(T) 117 556 T +(h) 144 556 T +(i) 171 556 T +(s) 198 556 T +8 F +(z) 225 556 T +6 F +(i) 252 556 T +(s) 279 556 T +8 F +(z) 306 556 T +6 F +(a) 333 556 T +8 F +(z) 360 556 T +6 F +(t) 387 556 T +(e) 414 556 T +(s) 441 556 T +(t) 468 556 T +9 F +(\277) 495 556 T +0 F +(hex) 72 536 T +10 F +(54) 117 536 T +(68) 144 536 T +(69) 171 536 T +(73) 198 536 T +(20) 225 536 T +(69) 252 536 T +(73) 279 536 T +(20) 306 536 T +(61) 333 536 T +(20) 360 536 T +(74) 387 536 T +(65) 414 536 T +(73) 441 536 T +(74) 468 536 T +(0a) 495 536 T +0 F +(input) 72 516 T +10 F +(54) 117 516 T +(68) 144 516 T +(69) 171 516 T +(73) 198 516 T +(20) 225 516 T +(69) 252 516 T +(73) 279 516 T +(20) 306 516 T +(61) 333 516 T +(20) 360 516 T +(74) 387 516 T +(65) 414 516 T +(73) 441 516 T +(74) 468 516 T +(0a) 495 516 T +(00) 522 516 T +0 F +(output) 72 496 T +10 F +(43) 117 496 T +(18) 144 496 T +(de) 171 496 T +(74) 198 496 T +(24) 225 496 T +(a9) 252 496 T +(65) 279 496 T +(d1) 306 496 T +0 F +0.04 (Notice that the text is 15 characters long, so there are 7 bytes following the last full block.) 108 476 P +3 F +(Bdes) 72 456 T +0 F +( pads this to a full block by appending a zero-\336lled byte. The result is then encrypted and the) 95.32 456 T +(last block of output is used as the MAC.) 72 436 T +0.06 (As another example, suppose we used the same text, and wanted a 36-bit MAC to be gen-) 108 412 P +6.91 (erated using 40-bit CFB mode, the key \322) 72 392 P +6 F +16.58 (abcdef#@) 314.9 392 P +0 F +6.91 (\323 and the initialization vector) 372.47 392 P +6 F +(0x0123456789abcdef) 72 372 T +0 F +(; the command is) 201.53 372 T +6 F +(bdes -m 36 -f 40 -v 0x0123456789abcdef < ) 79.32 348 T +7 F +(inputf) 374.36 348 T +(ile) 417.54 348 T +6 F +( > ) 439.13 348 T +7 F +(outputf) 460.71 348 T +(ile) 511.09 348 T +0 F +-0.19 (where ) 72 324 P +4 F +-0.19 (\320m 36) 104.11 324 P +0 F +-0.19 ( is the option to generate a 36-bit MAC, ) 134.91 324 P +4 F +-0.19 (\320f 40) 327.79 324 P +0 F +-0.19 ( indicates 40-bit CFB is to be used, and) 352.58 324 P +4 F +-0.31 (\320v 0x123456789abcdef) 72 304 P +0 F +-0.31 ( sets the initialization vector) 186.62 304 P +-0.31 (. Note that, as the key is not given on the com-) 319.95 304 P +(mand line, the user will be prompted for it. It gives:) 72 284 T +(text) 72 260 T +6 F +(T) 117 260 T +(h) 144 260 T +(i) 171 260 T +(s) 198 260 T +8 F +(z) 225 260 T +6 F +(i) 252 260 T +(s) 279 260 T +8 F +(z) 306 260 T +6 F +(a) 333 260 T +8 F +(z) 360 260 T +6 F +(t) 387 260 T +(e) 414 260 T +(s) 441 260 T +(t) 468 260 T +9 F +(\277) 495 260 T +0 F +(hex) 72 240 T +10 F +(54) 117 240 T +(68) 144 240 T +(69) 171 240 T +(73) 198 240 T +(20) 225 240 T +(69) 252 240 T +(73) 279 240 T +(20) 306 240 T +(61) 333 240 T +(20) 360 240 T +(74) 387 240 T +(65) 414 240 T +(73) 441 240 T +(74) 468 240 T +(0a) 495 240 T +0 F +(input) 72 220 T +10 F +(54) 117 220 T +(68) 144 220 T +(69) 171 220 T +(73) 198 220 T +(20) 225 220 T +(69) 252 220 T +(73) 279 220 T +(20) 306 220 T +(61) 333 220 T +(20) 360 220 T +(74) 387 220 T +(65) 414 220 T +(73) 441 220 T +(74) 468 220 T +(0a) 495 220 T +0 F +(output) 72 200 T +10 F +(2b) 117 200 T +(18) 144 200 T +(68) 171 200 T +(2d) 198 200 T +(60) 225 200 T +0 F +0.19 (Note that the MAC is padded on the right by four zero bits to produce \336ve characters that) 108 180 P +(can be output.) 72 160 T +4 F +(7. Differ) 72 128 T +(ences Between ) 114.41 128 T +1 F +(bdes) 191.01 128 T +4 F +( and Sun\325) 212.99 128 T +(s DES Implementation) 261.88 128 T +0 F +0.02 (The program ) 108 104 P +3 F +0.02 (bdes) 173.33 104 P +0 F +0.02 ( is designed to be completely compatible with Sun Microsystems, Inc.\325) 195.31 104 P +0.02 (s) 535.33 104 P +0.57 (implementation of the Data Encryption Standard, called ) 72 84 P +3 F +0.57 (des) 347.14 84 P +0 F +0.57 ( and described in [4]. Thus, \336les en-) 363.13 84 P +FMENDPAGE +%%EndPage: "6" 9 +%%Page: "7" 9 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 7 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +0 X +0.44 (crypted using ) 72 712 P +3 F +0.44 (des) 140.84 712 P +0 F +0.44 ( can be decrypted using ) 156.83 712 P +3 F +0.44 (bdes) 275.29 712 P +0 F +0.44 (, and vice versa, provided modes common to both) 297.27 712 P +-0.34 (are used. However) 72 692 P +-0.34 (, ) 160.41 692 P +3 F +-0.34 (bdes) 166.06 692 P +0 F +-0.34 ( does not allow \336les to be named on the command line, nor does it support) 188.05 692 P +-0.68 (hardware devices \050and so the ) 72 672 P +4 F +-0.68 (-s) 210.83 672 P +0 F +-0.68 ( and ) 219.49 672 P +4 F +-0.68 (-f) 241.45 672 P +0 F +-0.68 ( options of Sun\325) 249.44 672 P +-0.68 (s ) 323.71 672 P +3 F +-0.68 (des) 330.7 672 P +0 F +-0.68 ( are not available\051. Further) 346.69 672 P +-0.68 (, as encryption) 471.07 672 P +-0.05 (is the default, the Sun ) 72 652 P +3 F +-0.05 (des) 179.01 652 P +0 F +-0.05 ( ) 195 652 P +4 F +-0.05 (-e) 197.95 652 P +0 F +-0.05 ( option is not recognized. As the manual page to ) 207.27 652 P +3 F +-0.05 (bdes) 441.6 652 P +0 F +-0.05 ( is in the appen-) 463.59 652 P +(dix, these dif) 72 632 T +(ferences will not be elaborated upon further) 134.08 632 T +(.) 343.24 632 T +0.44 (Sun\325) 108 608 P +0.44 (s ) 130 608 P +3 F +0.44 (des) 138.1 608 P +0 F +0.44 ( supports the use of special-purpose hardware to encrypt and decrypt. Although) 154.09 608 P +3 F +1.33 (bdes) 72 588 P +0 F +1.33 ( does not directly support the use of such hardware, it uses the library routine ) 93.98 588 P +3 F +1.33 (encrypt) 487.05 588 P +0 F +1.33 (\0503\051,) 523.02 588 P +-0.09 (which may) 72 568 P +-0.09 (. Hardware support was not included directly to support as lar) 124.1 568 P +-0.09 (ge a number of platforms) 419.11 568 P +(as possible with installers needing to know as little about the hardware as possible.) 72 548 T +-0.08 (Sun\325) 108 524 P +-0.08 (s ) 130 524 P +3 F +-0.08 (des) 137.58 524 P +0 F +-0.08 ( supports only the CBC and ECB encryption modes; ) 153.57 524 P +3 F +-0.08 (bdes) 407.07 524 P +0 F +-0.08 ( supports all modes de-) 429.05 524 P +0.26 (scribed in [3] \050although CFB and OFB are not completely supported\051 as well as both CBC-based) 72 504 P +(and CFB-based MACs.) 72 484 T +0.15 (Although input with length not a multiple of the block size is handled in the same way by) 108 460 P +-0.47 (both ) 72 440 P +3 F +-0.47 (des) 95.85 440 P +0 F +-0.47 ( and ) 111.84 440 P +3 F +-0.47 (bdes) 134.21 440 P +0 F +-0.47 (, dif) 156.19 440 P +-0.47 (ferent values of the padding bytes are used in all but the last byte of the input.) 174.82 440 P +(Where ) 72 420 T +3 F +(bdes) 106.96 420 T +0 F +( puts zero bytes, ) 128.94 420 T +3 F +(des) 209.89 420 T +0 F +( puts bytes containing random values. The reason for Sun\325) 225.87 420 T +(s doing) 505.02 420 T +0.47 (so is to prevent a known plaintext attack on the \336le should an +attacker determine that the input\325) 72 400 P +0.47 (s) 535.33 400 P +-0.29 (length were a multiple of the block size. W) 72 380 P +-0.29 (ith ) 276.05 380 P +3 F +-0.29 (bdes) 291.43 380 P +0 F +-0.29 (, the plaintext contents of the last block of input) 313.41 380 P +0.31 (for such a \336le is known \050a block with all bits zero\051. W) 72 360 P +0.31 (ith ) 333.99 360 P +3 F +0.31 (des) 349.96 360 P +0 F +0.31 (, the plaintext contents of that block) 365.95 360 P +0.73 (are not known. Cryptanalytically) 72 340 P +0.73 (, given the information about the strength of the DES currently) 231.29 340 P +0.2 (known, it is widely believed that known plaintext attacks are infeasible +\050see for example [1]\051 and) 72 320 P +1.86 (so initializing and invoking the pseudorandom number generator seems unnecessary) 72 300 P +1.86 (. But this) 492.63 300 P +(means that ciphertexts produced from a plaintext by ) 72 280 T +3 F +(bdes) 324.48 280 T +0 F +( and ) 346.47 280 T +3 F +(des) 369.78 280 T +0 F +( will dif) 385.77 280 T +(fer in the last block.) 423.54 280 T +4 F +(Refer) 72 248 T +(ences) 100.41 248 T +0 F +([1]) 72 224 T +0.37 (D. Denning, \322The Data Encryption Standard: Fifteen Y) 108 224 P +0.37 (ears of Public Scrutiny) 374.87 224 P +0.37 (,\323 ) 484.8 224 P +3 F +0.37 (Pr) 496.49 224 P +0.37 (oceed-) 508.04 224 P +-0.47 (ings of the Sixth Annual Computer Security Applications Confer) 108 204 P +-0.47 (ence) 411.65 204 P +0 F +-0.47 ( pp. x\320xv \050Dec. 1990\051.) 433.62 204 P +([2]) 72 180 T +(A. Konheim, ) 108 180 T +3 F +(Cryptography: A Primer) 173.29 180 T +0 F +(, John W) 291.4 180 T +(iley and Sons, Inc., New Y) 333.9 180 T +(ork, NY \0501981\051.) 461.94 180 T +([3]) 72 156 T +3 F +0.63 (DES Modes of Operation) 108 156 P +0 F +0.63 (, Federal Information Processing Standards Publication 81, Na-) 231.47 156 P +-0.07 (tional Bureau of Standards, U.S. Department of Commerce, W) 108 136 P +-0.07 (ashington, DC \050Dec. 1980\051.) 407.62 136 P +([4]) 72 112 T +3 F +(UNIX User) 108 112 T +(\325) 162.74 112 T +(s Manual) 165.18 112 T +0 F +(, Sun Microsystems Inc., Mountain V) 210.16 112 T +(iew) 390 112 T +(, CA \050Mar) 406.54 112 T +(. 1988\051.) 455.51 112 T +4 F +(Appendix. The UNIX System Manual Page for ) 72 80 T +1 F +(bdes) 313.2 80 T +FMENDPAGE +%%EndPage: "7" 10 +1 11 /Times-Bold FMDEFINEFONT +%%Page: "8" 10 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 8 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +1 F +0 X +(NAME) 72 712.67 T +0 F +(bdes - encrypt/decrypt using the Data Encryption Standard) 108 689 T +1 F +(SYNOPSIS) 72 663.67 T +4 F +(bdes) 108 640 T +0 F +( [) 131.33 640 T +3 F +( ) 138.32 640 T +4 F +(-abdp) 141.32 640 T +0 F +( ] [ ) 171.31 640 T +4 F +(-F) 188.3 640 T +0 F +( ) 199.62 640 T +3 F +(b) 202.62 640 T +0 F +( ] [ ) 208.61 640 T +4 F +(-f) 225.6 640 T +0 F +( ) 233.58 640 T +3 F +(b) 236.58 640 T +0 F +( ] [ ) 242.58 640 T +4 F +(-k) 259.56 640 T +0 F +( ) 270.22 640 T +3 F +(key) 273.22 640 T +0 F +( ] [ ) 289.2 640 T +4 F +(-m) 306.18 640 T +0 F +( ) 320.16 640 T +3 F +(b) 323.16 640 T +0 F +( ] [ ) 329.16 640 T +4 F +(-o) 346.14 640 T +0 F +( ) 356.13 640 T +3 F +(b) 359.13 640 T +0 F +( ] [ ) 365.13 640 T +4 F +(-v) 382.11 640 T +0 F +( ) 392.1 640 T +3 F +(vector) 395.1 640 T +0 F +( ]) 425.07 640 T +1 F +(DESCRIPTION) 72 614.67 T +3 F +-0.69 (Bdes) 108 591 P +0 F +-0.69 ( reads from the standard input and writes on the standard output. It implements all DES) 131.32 591 P +-0.09 (modes of operation described in FIPS PUB 81 including alternative cipher feedback mode) 108 577 P +0.74 (and both authentication modes. All modes but the electronic code book mode require an) 108 563 P +-0.14 (initialization vector; if none is supplied, the zero vector is used. T) 108 549 P +-0.14 (o protect the key and ini-) 420.44 549 P +0.29 (tialization vector from being read by) 108 535 P +3 F +0.29 ( ps) 284.98 535 P +0 F +0.29 (\0501\051, ) 298.94 535 P +3 F +0.29 (bdes ) 319.21 535 P +0 F +0.29 (hides its ar) 344.48 535 P +0.29 (guments on entry) 396.81 535 P +0.29 (. If no ) 479.89 535 P +3 F +0.29 (key ) 512.74 535 P +0 F +0.29 (is) 532 535 P +-0.61 (given, one is requested from the controlling terminal if that can be opened, or from the stan-) 108 521 P +(dard input if not.) 108 507 T +-0.17 (The key and initialization vector are taken as sequences of ) 108 489 P +5 F +-0.14 (ASCII) 389.38 489 P +0 F +-0.17 ( characters which are then) 415.48 489 P +-0.35 (mapped into their bit representations. If either begins with +\3240x\325 or \3240X\325, that one is taken as) 108 475 P +1.02 (a sequence of hexadecimal digits indicating the bit pattern; if either begins with \3240b\325 or) 108 461 P +-0.73 (\3240B\325, that one is taken as a sequence of binary digits +indicating the bit pattern. In either case,) 108 447 P +-0.37 (only the leading 64 bits of the key or initialization vector are used, and if fewer than 64 bits) 108 433 P +0.35 (are provided, enough 0 bits are appended to pad the key to 64 bits. Note that if the key is) 108 419 P +0.03 (not entered on the command line, it is interpreted in the same way) 108 405 P +0.03 (, because with 4.4 BSD,) 424.31 405 P +-0.36 (the password reading function ) 108 391 P +3 F +-0.36 (getpass) 254.45 391 P +0 F +-0.36 (\0503\051 allows enough characters for either hex or binary) 290.43 391 P +(keys to be entered.) 108 377 T +0.04 (According to the DES standard, the low-order bit of each character in the key string is de-) 108 359 P +-0.18 (leted. Since most ) 108 345 P +5 F +-0.15 (ASCII) 192.75 345 P +0 F +-0.18 ( representations set the high-order bit to 0, simply deleting the low-) 218.84 345 P +-0.29 (order bit ef) 108 331 P +-0.29 (fectively reduces the size of the key space from 2) 160.49 331 P +5 F +-0.24 (56) 394.67 335.8 P +0 F +-0.29 ( to 2) 404.67 331 P +5 F +-0.24 (48) 425.41 335.8 P +0 F +-0.29 ( keys. T) 435.4 331 P +-0.29 (o prevent this,) 472.29 331 P +-0.46 (the high-order bit must be a function depending in part upon the low-order bit; so, the high-) 108 317 P +0.11 (order bit is set to whatever value gives odd parity) 108 303 P +0.11 (. This preserves the key space size. Note) 345.05 303 P +(this resetting of the parity bit is ) 108 289 T +3 F +(not) 260.92 289 T +0 F +( done if the key is given in binary or hex.) 276.24 289 T +-0.38 (By default, the standard input is encrypted using cipher block chaining mode and is written) 108 271 P +0.18 (to the standard output. Using the same key for encryption and decryption preserves plain-) 108 257 P +(text, so) 108 243 T +( bdes ) 225.81 225 T +3 F +(key) 253.79 225 T +0 F +( < plaintext | bdes \320i ) 269.77 225 T +3 F +(key) 370.21 225 T +0 F +( ) 386.19 225 T +(is a very expensive equivalent of ) 108 201 T +3 F +(cat) 268.54 201 T +0 F +(\0501\051.) 283.2 201 T +(Options are:) 108 183 T +( ) 108 165 T +4 F +(\320a) 111 165 T +0 F +-0.75 (The key and initialization vector strings are to be taken as ) 144 165 P +5 F +-0.62 (ASCII) 415.89 165 P +0 F +-0.75 ( suppressing the spe-) 441.98 165 P +0.3 (cial interpretation given to leading \3240x\325, \3240X\325, \3240b\325, +and \3240B\325 characters. Note this) 144 151 P +(\337ag applies to ) 144 137 T +3 F +(both) 214.29 137 T +0 F +( the key and initialization vector) 235.62 137 T +(.) 389.85 137 T +4 F +(\320b) 108 119 T +0 F +(Use electronic code book mode.) 144 119 T +4 F +(\320d) 108 101 T +0 F +(Decrypt the input.) 144 101 T +FMENDPAGE +%%EndPage: "8" 11 +%%Page: "9" 11 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 9 of 11) 479.71 34.7 T +72 72 540 720 R +7 X +V +4 F +0 X +(\320f) 108 712 T +0 F +( ) 117.99 712 T +3 F +(b) 120.99 712 T +0 F +-0.29 (Use ) 144 712 P +3 F +-0.29 (b) 165.36 712 P +0 F +-0.29 (-bit cipher feedback mode. Currently ) 171.35 712 P +3 F +-0.29 (b) 350.42 712 P +0 F +-0.29 ( must be a multiple of 8 between 8 and) 356.42 712 P +(64 inclusive \050this does not conform to the standard CFB mode speci\336cation\051.) 144 698 T +4 F +(\320F) 108 680 T +0 F +( ) 121.32 680 T +3 F +(b) 124.32 680 T +0 F +-0.29 (Use ) 144 680 P +3 F +-0.29 (b) 165.36 680 P +0 F +-0.29 (-bit alternative cipher feedback mode. Currently ) 171.36 680 P +3 F +-0.29 (b) 403.77 680 P +0 F +-0.29 ( must be a multiple of 7 be-) 409.77 680 P +-0.12 (tween 7 and 56 inclusive \050this does not conform to the alternative CFB mode spec-) 144 666 P +(i\336cation\051.) 144 652 T +4 F +(\320k) 108 634 T +0 F +( ) 120.67 634 T +3 F +(key) 123.66 634 T +0 F +0.37 (Use the string ) 144 616 P +3 F +0.37 (key) 214.74 616 P +0 F +0.37 ( as the cryptographic key) 230.72 616 P +0.37 (. If this ar) 352.01 616 P +0.37 (gument is not given, the user) 399.54 616 P +(will be prompted for the key) 144 602 T +(.) 280.12 602 T +4 F +(\320m) 108 584 T +0 F +( ) 123.99 584 T +3 F +(b) 126.99 584 T +0 F +0.71 (Compute a message authentication code \050MAC\051 of ) 144 584 P +3 F +0.71 (b) 395.78 584 P +0 F +0.71 ( bits on the input. ) 401.77 584 P +3 F +0.71 (b) 491.94 584 P +0 F +0.71 ( must be) 497.94 584 P +0.11 (between 1 and 64 inclusive; if ) 144 570 P +3 F +0.11 (b) 291.87 570 P +0 F +0.11 ( is not a multiple of 8, enough 0 bits will be added) 297.86 570 P +-0.44 (to pad the MAC length to the nearest multiple of 8. Only the MAC is output. MACs) 144 556 P +(are only available in cipher block chaining mode or in cipher feedback mode.) 144 542 T +4 F +(\320o) 108 524 T +0 F +( ) 119.99 524 T +3 F +(b) 122.99 524 T +0 F +-0.34 (Use ) 144 524 P +3 F +-0.34 (b) 165.31 524 P +0 F +-0.34 (-bit output feedback mode. Currently ) 171.31 524 P +3 F +-0.34 (b) 350.83 524 P +0 F +-0.34 ( must be a multiple of 8 between 8 and) 356.83 524 P +(64 inclusive \050this does not conform to the OFB mode speci\336cation\051.) 144 510 T +4 F +(\320p) 108 492 T +0 F +-0.14 (Disable the resetting of the parity bit. This \337ag forces the parity bit of the key to be) 144 492 P +0.03 (used as typed, rather than making each character be of odd parity) 144 478 P +0.03 (. It is used only if) 455.91 478 P +(the key is given in ) 144 464 T +5 F +(ASCII) 234.95 464 T +0 F +(.) 261.04 464 T +4 F +(\320v) 108 446 T +0 F +( ) 119.99 446 T +3 F +(vector) 122.99 446 T +0 F +-0.5 (Set the initialization vector to ) 144 428 P +3 F +-0.5 (v) 286.44 428 P +0 F +-0.5 (; the vector is interpreted in the same way as the key) 291.76 428 P +-0.5 (.) 537 428 P +(The vector is ignored in electronic codebook mode.) 144 414 T +-0.55 (The DES is considered a very strong cryptosystem, and other than table lookup attacks, key) 108 396 P +0.24 (search attacks, and Hellman\325) 108 382 P +0.24 (s time-memory tradeof) 246.61 382 P +0.24 (f \050all of which are very expensive and) 356.8 382 P +0.66 (time-consuming\051, no cryptanalytic methods for breaking the DES are known in the open) 108 368 P +0.33 (literature. No doubt the choice of keys and key security are the most vulnerable aspect of) 108 354 P +3 F +(bdes) 108 340 T +0 F +(.) 129.98 340 T +4 F +(IMPLEMENT) 72 314 T +(A) 146.41 314 T +(TION NOTES) 154.18 314 T +0 F +0.57 (For implementors wishing to write software compatible with this program, the following) 108 290 P +-0.23 (notes are provided. This software is completely compatible with the implementation of the) 108 276 P +(data encryption standard distributed by Sun Microsystems, Inc.) 108 262 T +0.11 (In the ECB and CBC modes, plaintext is encrypted in units of 64 bits \0508 bytes, also called) 108 244 P +0.52 (a block\051. T) 108 230 P +0.52 (o ensure that the plaintext \336le is encrypted correctly) 160.49 230 P +0.52 (, ) 413.01 230 P +3 F +0.52 (bdes ) 419.53 230 P +0 F +0.52 (will \050internally\051 ap-) 445.03 230 P +0.29 (pend from 1 to 8 bytes, the last byte containing an integer stating how many bytes of that) 108 216 P +-0.71 (\336nal block are from the plaintext \336le, and encrypt the resulting block. Hence, when decrypt-) 108 202 P +0.27 (ing, the last block may contain from 0 to 7 characters present in the plaintext \336le, and the) 108 188 P +-0.59 (last byte tells how many) 108 174 P +-0.59 (. Note that if during decryption the last byte of the \336le does not con-) 221.46 174 P +0.41 (tain an integer between 0 and 7, either the \336le has been corrupted or an incorrect key has) 108 160 P +0.48 (been given. A similar mechanism is used for the OFB and CFB modes, except that those) 108 146 P +0.26 (simply require the length of the input to be a multiple of the mode size, and the \336nal byte) 108 132 P +-0.73 (contains an integer between 0 and one less than the number of bytes being used as the mode.) 108 118 P +(\050This was another reason that the mode size must be a multiple of 8 for those modes.\051) 108 104 T +FMENDPAGE +%%EndPage: "9" 12 +%%Page: "10" 12 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 10 of 11) 473.71 34.7 T +72 72 540 720 R +7 X +V +0 X +0.94 (Unlike Sun\325) 108 712 P +0.94 (s implementation, unused bytes of that last block are not \336lled with random) 166.58 712 P +0.57 (data, but instead contain what was in those byte positions in the preceding block. This is) 108 698 P +(quicker and more portable, and does not weaken the encryption signi\336cantly) 108 684 T +(.) 473.95 684 T +0.36 (If the key is entered in ) 108 666 P +5 F +0.3 (ASCII) 220.76 666 P +0 F +0.36 (, the parity bits of the key characters are set so that each key) 246.85 666 P +1.03 (character is of odd parity) 108 652 P +1.03 (. Unlike Sun\325) 231.23 652 P +1.03 (s implementation, it is possible to enter binary or) 296.92 652 P +-0.57 (hexadecimal keys on the command line, and if this is done, the parity bits are ) 108 638 P +3 F +-0.57 (not ) 472.85 638 P +0 F +-0.57 (reset. This) 490.61 638 P +(allows testing using arbitrary bit patterns as keys.) 108 624 T +0.64 (The Sun implementation always uses an initialization vector of 0 \050that is, all zeroes\051. By) 108 606 P +(default, ) 108 592 T +3 F +(bdes ) 147.3 592 T +0 F +(does too, but this may be changed from the command line.) 172.29 592 T +4 F +(FILES) 72 566 T +0 F +(/dev/tty) 108 542 T +(controlling terminal for typed key) 180 542 T +4 F +(SEE ALSO) 72 516 T +3 F +(crypt) 108 492 T +0 F +(\0501\051, ) 132.65 492 T +3 F +(crypt) 152.63 492 T +0 F +(\0503\051) 177.27 492 T +3 F +-0.4 (Data Encryption Standar) 108 474 P +-0.4 (d) 228.02 474 P +0 F +-0.4 (, Federal Information Processing Standard #46, National Bureau) 234.02 474 P +(of Standards, U.S. Department of Commerce, W) 108 460 T +(ashington DC \050Jan. 1977\051.) 340.2 460 T +3 F +0.16 (DES) 108 442 P +0 F +0.16 ( ) 129.98 442 P +3 F +0.16 (Modes of Operation, ) 133.15 442 P +0 F +0.16 (Federal Information Processing Standard #81, National Bureau) 236.24 442 P +(of Standards, U.S. Department of Commerce, W) 108 428 T +(ashington DC \050Dec. 1980\051.) 340.2 428 T +2.75 (Dorothy Denning, ) 108 410 P +3 F +2.75 (Cryptography and Data Security) 203.77 410 P +0 F +2.75 (, Addison-W) 368.8 410 P +2.75 (esley Publishing Co.,) 432.55 410 P +(Reading, MA \2511982.) 108 396 T +-0.19 ( Matt Bishop, \322Implementation Notes on ) 108 378 P +3 F +-0.19 (bdes) 305.76 378 P +0 F +-0.19 (\0501\051\323, T) 327.75 378 P +-0.19 (echnical Report PCS-TR-91-158, De-) 359.35 378 P +0.34 (partment of Mathematics and Computer Science, Dartmouth College, Hanover) 108 364 P +0.34 (, NH \050Apr) 488.01 364 P +0.34 (.) 537 364 P +(1991\051.) 108 350 T +4 F +(CAUTION) 72 324 T +0 F +-0.55 (Certain speci\336c keys should be avoided because they introduce potential weaknesses; these) 108 300 P +-0.44 (keys, called the ) 108 286 P +3 F +-0.44 (weak) 183.95 286 P +0 F +-0.44 ( and ) 208.6 286 P +3 F +-0.44 (semiweak) 231.03 286 P +0 F +-0.44 ( keys, are \050in hex notation, where ) 277.66 286 P +6 F +-1.06 (p) 437.45 286 P +0 F +-0.44 ( is either ) 444.64 286 P +6 F +-1.06 (0) 487.63 286 P +0 F +-0.44 ( or ) 494.82 286 P +6 F +-1.06 (1) 509.93 286 P +0 F +-0.44 (, and) 517.12 286 P +6 F +(P) 108 272 T +0 F +( is either ) 115.2 272 T +6 F +(e) 159.5 272 T +0 F +( or ) 166.7 272 T +6 F +(f) 182.68 272 T +0 F +(\051:) 189.88 272 T +6 F +(0x0p0p0p0p0p0p0p0p) 144 254 T +(0x0p1P0p1P0p0P0p0P) 360 254 T +(0x0pep0pep0pfp0pfp) 144 236 T +(0x0pfP0pfP0pfP0pfP) 360 236 T +(0x1P0p1P0p0P0p0P0p) 144 218 T +(0x1P1P1P1P0P0P0P0P) 360 218 T +(0x1Pep1Pep0Pfp0Pfp) 144 200 T +(0x1PfP1PfP0PfP0PfP) 360 200 T +(0xep0pep0pfp0pfp0p) 144 182 T +(0xep1Pep1pfp0Pfp0P) 360 182 T +(0xepepepepepepepep) 144 164 T +(0xepfPepfPfpfPfpfP) 360 164 T +(0xfP0pfP0pfP0pfP0p) 144 146 T +(0xfP1PfP1PfP0PfP0P) 360 146 T +(0xfPepfPepfPepfPep) 144 128 T +(0xfPfPfPfPfPfPfPfP) 360 128 T +0 F +0.13 (The weakness of these keys is inherent in the DES algorithm \050see for example Moore and) 108 110 P +-0.57 (Simmons, \322Cycle structure of the DES with weak and semi-weak keys,\323) 108 96 P +3 F +-0.57 ( Advances in Cryp-) 449.43 96 P +(tology \320 Crypto \32486 Pr) 108 82 T +(oceedings) 216.83 82 T +0 F +(, Springer) 264.79 82 T +(-V) 311.85 82 T +(erlag New Y) 323.17 82 T +(ork, \2511987, pp. 9-32\051.) 383.25 82 T +FMENDPAGE +%%EndPage: "10" 13 +%%Page: "11" 13 +612 792 0 FMBEGINPAGE +72 745.99 540 756 R +7 X +0 K +V +72 32.69 540 42.7 R +V +0 F +0 X +(Page 11 of 11) 473.71 34.7 T +72 72 540 720 R +7 X +V +4 F +0 X +(BUGS) 72 712 T +0 F +-0.18 (There is a controversy raging over whether the DES will still be secure in a few years. The) 108 688 P +0.31 (advent of special-purpose hardware could reduce the cost of any of the methods of attack) 108 674 P +(named above so that they are no longer computationally infeasible.) 108 660 T +0.32 (Programs which display programs\325 ar) 108 642 P +0.32 (guments may compromise the key and initialization) 289.59 642 P +0.76 (vector if they are speci\336ed on the command line. T) 108 628 P +0.76 (o avoid this ) 358.46 628 P +3 F +0.76 (bdes) 419.7 628 P +0 F +0.76 ( overwrites its ar) 441.68 628 P +0.76 (gu-) 524.01 628 P +(ments. However) 108 614 T +(, the obvious race cannot currently be avoided.) 186.12 614 T +0.25 (As the key or key schedule is kept in memory throughout the run of this program, the en-) 108 596 P +(cryption can be compromised if memory is readable.) 108 582 T +-0.4 (There is no warranty of merchantability nor any warranty of \336tness for a particular purpose) 108 564 P +0.05 (nor any other warranty) 108 550 P +0.05 (, either express or implied, as to the accuracy of the enclosed mate-) 216.95 550 P +(rials or as to their suitability for any particular purpose.) 108 536 T +-0.06 (Accordingly) 108 518 P +-0.06 (, the user assumes full responsibility for their use. Further) 167.18 518 P +-0.06 (, the author assumes) 442.93 518 P +-0.25 (no obligation to furnish any assistance of any kind whatsoever) 108 504 P +-0.25 (, or to furnish any additional) 404.69 504 P +(information or documentation.) 108 490 T +4 F +(AUTHOR) 72 464 T +0 F +-0.54 (Matt Bishop, Department of Mathematics and Computer Science, Bradley Hall, Dartmouth) 108 440 P +(College, Hanover) 108 426 T +(, NH 03755) 192.12 426 T +(Electronic mail addresses:) 108 408 T +(Internet: Matt.Bishop@dartmouth.edu) 108 390 T +(UUCP: decvax!dartvax!Matt.Bishop) 108 372 T +FMENDPAGE +%%EndPage: "11" 14 +%%Trailer +%%BoundingBox: 0 0 612 792 +%%Pages: 13 1 +%%DocumentFonts: Helvetica-Bold +%%+ Helvetica-BoldOblique +%%+ Times-Roman +%%+ Times-Bold +%%+ Times-BoldItalic +%%+ Times-Italic +%%+ Courier +%%+ Courier-Oblique +%%+ ZapfDingbats +%%+ Symbol +%%+ Courier-Bold diff --git a/secure/usr.bin/telnet/Makefile b/secure/usr.bin/telnet/Makefile new file mode 100644 index 0000000..3369827 --- /dev/null +++ b/secure/usr.bin/telnet/Makefile @@ -0,0 +1,56 @@ +# +# Copyright (c) 1990 The Regents of the University of California. +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by the University of +# California, Berkeley and its contributors. +# 4. Neither the name of the University nor the names of its contributors +# may be used to endorse or promote products derived from this software +# without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. +# +# @(#)Makefile 8.1 (Berkeley) 6/6/93 +# $Id: Makefile,v 1.14 1996/04/23 05:18:42 pst Exp $ +# + +PROG= telnet + +SRCS= authenc.c commands.c main.c network.c ring.c sys_bsd.c telnet.c \ + terminal.c tn3270.c utilities.c + +CFLAGS+=-DTERMCAP -DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK -DENCRYPTION +CFLAGS+=-I${.CURDIR}/../../lib +LDADD+= -L${TELNETOBJDIR} -ltermcap -ltelnet +DPADD+= ${TELNETOBJDIR}/libtelnet.a ${LIBTERMCAP} + +.if exists(${DESTDIR}/usr/lib/libkrb.a) && (defined(MAKE_EBONES)) +CFLAGS+=-DAUTHENTICATION -DKRB4 +LDADD+= -ldes -lkrb +DPADD+= ${LIBDES} ${LIBKRB} +.endif + +# Used only in krb4encpwd.c and rsaencpwd.c (libtelnet), not yet active +#LDADD+= -ldescrypt + +.include <bsd.prog.mk> diff --git a/secure/usr.bin/telnet/README b/secure/usr.bin/telnet/README new file mode 100644 index 0000000..086c88f --- /dev/null +++ b/secure/usr.bin/telnet/README @@ -0,0 +1,566 @@ + + +This is a distribution of both client and server telnet. These programs +have been compiled on: + telnet telnetd + BSD 4.3 Reno X X + UNICOS 5.1 X X + UNICOS 6.0 X X + UNICOS 6.1 X X + UNICOS 7.0 X X + SunOs 3.5 X X (no linemode in server) + SunOs 4.1 X X (no linemode in server) + DYNIX V3.0.17.9 X X (no linemode in server) + Ultrix 3.1 X X (no linemode in server) + Ultrix 4.0 X X (no linemode in server) + +In addition, previous versions have been compiled on the following +machines, but were not available for testing this version. + telnet telnetd + SunOs 4.0.3c X X (no linemode in server) + BSD 4.3 X X (no linemode in server) + DYNIX V3.0.12 X X (no linemode in server) + +Februrary 22, 1991: + + Features: + + This version of telnet/telnetd has support for both + the AUTHENTICATION and ENCRYPTION options. The + AUTHENTICATION option is fairly well defined, and + an option number has been assigned to it. The + ENCRYPTION option is still in a state of flux; an + option number has NOT been assigned to it yet. + The code is provided in this release for experimental + and testing purposes. + + The telnet "send" command can now be used to send + do/dont/will/wont commands, with any telnet option + name. The rules for when do/dont/will/wont are sent + are still followed, so just because the user requests + that one of these be sent doesn't mean that it will + be sent... + + The telnet "getstatus" command no longer requires + that option printing be enabled to see the response + to the "DO STATUS" command. + + A -n flag has been added to telnetd to disable + keepalives. + + A new telnet command, "auth" has been added (if + AUTHENTICATE is defined). It has four sub-commands, + "status", "debug", "disable", "enable" and "help". + + A new telnet command, "encrypt" has been added (if + ENCRYPT is defined). It has many sub-commands: + "enable", "type", "start", "stop", "input", + "-input", "output", "-output", "status", "auto", + "verbose", "debug", and "help". + + An "rlogin" interface has been added. If the program + is named "rlogin", or the "-r" flag is given, then + an rlogin type of interface will be used. + ~. Terminates the session + ~<susp> Suspend the session + ~^] Escape to telnet command mode + ~~ Pass through the ~. + BUG: If you type the rlogin escape character + in the middle of a line while in rlogin + mode, you cannot erase it or any characters + before it. Hopefully this can be fixed + in a future release... + + General changes: + + A "libtelnet.a" has now been created. This libraray + contains code that is common to both telnet and + telnetd. This is also where library routines that + are needed, but are not in the standard C library, + are placed. + + The makefiles have been re-done. All of the site + specific configuration information has now been put + into a single "Config.generic" file, in the top level + directory. Changing this one file will take care of + all three subdirectories. Also, to add a new/local + definition, a "Config.local" file may be created + at the top level; if that file exists, the subdirectories + will use that file instead of "Config.generic". + + Many 1-2 line functions in commands.c have been + removed, and just inserted in-line, or replaced + with a macro. + + Bug Fixes: + + The non-termio code in both telnet and telnetd was + setting/clearing CTLECH in the sg_flags word. This + was incorrect, and has been changed to set/clear the + LCTLECH bit in the local mode word. + + The SRCRT #define has been removed. If IP_OPTIONS + and IPPROTO_IP are defined on the system, then the + source route code is automatically enabled. + + The NO_GETTYTAB #define has been removed; there + is a compatability routine that can be built into + libtelnet to achive the same results. + + The server, telnetd, has been switched to use getopt() + for parsing the argument list. + + The code for getting the input/output speeds via + cfgetispeed()/cfgetospeed() was still not quite + right in telnet. Posix says if the ispeed is 0, + then it is really equal to the ospeed. + + The suboption processing code in telnet now has + explicit checks to make sure that we received + the entire suboption (telnetd was already doing this). + + The telnet code for processing the terminal type + could cause a core dump if an existing connection + was closed, and a new connection opened without + exiting telnet. + + Telnetd was doing a TCSADRAIN when setting the new + terminal settings; This is not good, because it means + that the tcsetattr() will hang waiting for output to + drain, and telnetd is the only one that will drain + the output... The fix is to use TCSANOW which does + not wait. + + Telnetd was improperly setting/clearing the ISTRIP + flag in the c_lflag field, it should be using the + c_iflag field. + + When the child process of telnetd was opening the + slave side of the pty, it was re-setting the EXTPROC + bit too early, and some of the other initialization + code was wiping it out. This would cause telnetd + to go out of linemode and into single character mode. + + One instance of leaving linemode in telnetd forgot + to send a WILL ECHO to the client, the net result + would be that the user would see double character + echo. + + If the MODE was being changed several times very + quickly, telnetd could get out of sync with the + state changes and the returning acks; and wind up + being left in the wrong state. + +September 14, 1990: + + Switch the client to use getopt() for parsing the + argument list. The 4.3Reno getopt.c is included for + systems that don't have getopt(). + + Use the posix _POSIX_VDISABLE value for what value + to use when disabling special characters. If this + is undefined, it defaults to 0x3ff. + + For non-termio systems, TIOCSETP was being used to + change the state of the terminal. This causes the + input queue to be flushed, which we don't want. This + is now changed to TIOCSETN. + + Take out the "#ifdef notdef" around the code in the + server that generates a "sync" when the pty oputput + is flushed. The potential problem is that some older + telnet clients may go into an infinate loop when they + receive a "sync", if so, the server can be compiled + with "NO_URGENT" defined. + + Fix the client where it was setting/clearing the OPOST + bit in the c_lflag field, not the c_oflag field. + + Fix the client where it was setting/clearing the ISTRIP + bit in the c_lflag field, not the c_iflag field. (On + 4.3Reno, this is the ECHOPRT bit in the c_lflag field.) + The client also had its interpretation of WILL BINARY + and DO BINARY reversed. + + Fix a bug in client that would cause a core dump when + attempting to remove the last environment variable. + + In the client, there were a few places were switch() + was being passed a character, and if it was a negative + value, it could get sign extended, and not match + the 8 bit case statements. The fix is to and the + switch value with 0xff. + + Add a couple more printoption() calls in the client, I + don't think there are any more places were a telnet + command can be received and not printed out when + "options" is on. + + A new flag has been added to the client, "-a". Currently, + this just causes the USER name to be sent across, in + the future this may be used to signify that automatic + authentication is requested. + + The USER variable is now only sent by the client if + the "-a" or "-l user" options are explicity used, or + if the user explicitly asks for the "USER" environment + variable to be exported. In the server, if it receives + the "USER" environment variable, it won't print out the + banner message, so that only "Password:" will be printed. + This makes the symantics more like rlogin, and should be + more familiar to the user. (People are not used to + getting a banner message, and then getting just a + "Password:" prompt.) + + Re-vamp the code for starting up the child login + process. The code was getting ugly, and it was + hard to tell what was really going on. What we + do now is after the fork(), in the child: + 1) make sure we have no controlling tty + 2) open and initialize the tty + 3) do a setsid()/setpgrp() + 4) makes the tty our controlling tty. + On some systems, #2 makes the tty our controlling + tty, and #4 is a no-op. The parent process does + a gets rid of any controlling tty after the child + is fork()ed. + + Use the strdup() library routine in telnet, instead + of the local savestr() routine. If you don't have + strdup(), you need to define NO_STRDUP. + + Add support for ^T (SIGINFO/VSTATUS), found in the + 4.3Reno distribution. This maps to the AYT character. + You need a 4-line bugfix in the kernel to get this + to work properly: + + > *** tty_pty.c.ORG Tue Sep 11 09:41:53 1990 + > --- tty_pty.c Tue Sep 11 17:48:03 1990 + > *************** + > *** 609,613 **** + > if ((tp->t_lflag&NOFLSH) == 0) + > ttyflush(tp, FREAD|FWRITE); + > ! pgsignal(tp->t_pgrp, *(unsigned int *)data); + > return(0); + > } + > --- 609,616 ---- + > if ((tp->t_lflag&NOFLSH) == 0) + > ttyflush(tp, FREAD|FWRITE); + > ! pgsignal(tp->t_pgrp, *(unsigned int *)data, 1); + > ! if ((*(unsigned int *)data == SIGINFO) && + > ! ((tp->t_lflag&NOKERNINFO) == 0)) + > ! ttyinfo(tp); + > return(0); + > } + + The client is now smarter when setting the telnet escape + character; it only sets it to one of VEOL and VEOL2 if + one of them is undefined, and the other one is not already + defined to the telnet escape character. + + Handle TERMIOS systems that have seperate input and output + line speed settings imbedded in the flags. + + Many other minor bug fixes. + +June 20, 1990: + Re-organize makefiles and source tree. The telnet/Source + directory is now gone, and all the source that was in + telnet/Source is now just in the telnet directory. + + Seperate makefile for each system are now gone. There + are two makefiles, Makefile and Makefile.generic. + The "Makefile" has the definitions for the various + system, and "Makefile.generic" does all the work. + There is a variable called "WHAT" that is used to + specify what to make. For example, in the telnet + directory, you might say: + make 4.4bsd WHAT=clean + to clean out the directory. + + Add support for the ENVIRON and XDISPLOC options. + In order for the server to work, login has to have + the "-p" option to preserve environment variables. + + Add the SOFT_TAB and LIT_ECHO modes in the LINEMODE support. + + Add the "-l user" option to command line and open command + (This is passed through the ENVIRON option). + + Add the "-e" command line option, for setting the escape + character. + + Add the "-D", diagnostic, option to the server. This allows + the server to print out debug information, which is very + useful when trying to debug a telnet that doesn't have any + debugging ability. + + Turn off the literal next character when not in LINEMODE. + + Don't recognize ^Y locally, just pass it through. + + Make minor modifications for Sun4.0 and Sun4.1 + + Add support for both FORW1 and FORW2 characters. The + telnet escpape character is set to whichever of the + two is not being used. If both are in use, the escape + character is not set, so when in linemode the user will + have to follow the escape character with a <CR> or <EOF) + to get it passed through. + + Commands can now be put in single and double quotes, and + a backslash is now an escape character. This is needed + for allowing arbitrary strings to be assigned to environment + variables. + + Switch telnetd to use macros like telnet for keeping + track of the state of all the options. + + Fix telnetd's processing of options so that we always do + the right processing of the LINEMODE option, regardless + of who initiates the request to turn it on. Also, make + sure that if the other side went "WILL ECHO" in response + to our "DO ECHO", that we send a "DONT ECHO" to get the + option turned back off! + + Fix the TERMIOS setting of the terminal speed to handle both + BSD's seperate fields, and the SYSV method of CBAUD bits. + + Change how we deal with the other side refusing to enable + an option. The sequence used to be: send DO option; receive + WONT option; send DONT option. Now, the sequence is: send + DO option; receive WONT option. Both should be valid + according to the spec, but there has been at least one + client implementation of telnet identified that can get + really confused by this. (The exact sequence, from a trace + on the server side, is (numbers are number of responses that + we expect to get after that line...): + + send WILL ECHO 1 (initial request) + send WONT ECHO 2 (server is changing state) + recv DO ECHO 1 (first reply, ok. expect DONT ECHO next) + send WILL ECHO 2 (server changes state again) + recv DONT ECHO 1 (second reply, ok. expect DO ECHO next) + recv DONT ECHO 0 (third reply, wrong answer. got DONT!!!) + *** send WONT ECHO (send WONT to acknowledge the DONT) + send WILL ECHO 1 (ask again to enable option) + recv DO ECHO 0 + + recv DONT ECHO 0 + send WONT ECHO 1 + recv DONT ECHO 0 + recv DO ECHO 1 + send WILL ECHO 0 + (and the last 5 lines loop forever) + + The line with the "***" is last of the WILL/DONT/WONT sequence. + The change to the server to not generate that makes this same + example become: + + send will ECHO 1 + send wont ECHO 2 + recv do ECHO 1 + send will ECHO 2 + recv dont ECHO 1 + recv dont ECHO 0 + recv do ECHO 1 + send will ECHO 0 + + There is other option negotiation going on, and not sending + the third part changes some of the timings, but this specific + example no longer gets stuck in a loop. The "telnet.state" + file has been modified to reflect this change to the algorithm. + + A bunch of miscellaneous bug fixes and changes to make + lint happier. + + This version of telnet also has some KERBEROS stuff in + it. This has not been tested, it uses an un-authorized + telnet option number, and uses an out-of-date version + of the (still being defined) AUTHENTICATION option. + There is no support for this code, do not enable it. + + +March 1, 1990: +CHANGES/BUGFIXES SINCE LAST RELEASE: + Some support for IP TOS has been added. Requires that the + kernel support the IP_TOS socket option (currently this + is only in UNICOS 6.0). + + Both telnet and telnetd now use the cc_t typedef. typedefs are + included for systems that don't have it (in termios.h). + + SLC_SUSP was not supported properly before. It is now. + + IAC EOF was not translated properly in telnetd for SYSV_TERMIO + when not in linemode. It now saves a copy of the VEOF character, + so that when ICANON is turned off and we can't trust it anymore + (because it is now the VMIN character) we use the saved value. + + There were two missing "break" commands in the linemode + processing code in telnetd. + + Telnetd wasn't setting the kernel window size information + properly. It was using the rows for both rows and columns... + +Questions/comments go to + David Borman + Cray Research, Inc. + 655F Lone Oak Drive + Eagan, MN 55123 + dab@cray.com. + +README: You are reading it. + +Config.generic: + This file contains all the OS specific definitions. It + has pre-definitions for many common system types, and is + in standard makefile fromat. See the comments at the top + of the file for more information. + +Config.local: + This is not part of the distribution, but if this file exists, + it is used instead of "Config.generic". This allows site + specific configuration without having to modify the distributed + "Config.generic" file. + +kern.diff: + This file contains the diffs for the changes needed for the + kernel to support LINEMODE is the server. These changes are + for a 4.3BSD system. You may need to make some changes for + your particular system. + + There is a new bit in the terminal state word, TS_EXTPROC. + When this bit is set, several aspects of the terminal driver + are disabled. Input line editing, character echo, and + mapping of signals are all disabled. This allows the telnetd + to turn of these functions when in linemode, but still keep + track of what state the user wants the terminal to be in. + + New ioctl()s: + + TIOCEXT Turn on/off the TS_EXTPROC bit + TIOCGSTATE Get t_state of tty to look at TS_EXTPROC bit + TIOCSIG Generate a signal to processes in the + current process group of the pty. + + There is a new mode for packet driver, the TIOCPKT_IOCTL bit. + When packet mode is turned on in the pty, and the TS_EXTPROC + bit is set, then whenever the state of the pty is changed, the + next read on the master side of the pty will have the TIOCPKT_IOCTL + bit set, and the data will contain the following: + struct xx { + struct sgttyb a; + struct tchars b; + struct ltchars c; + int t_state; + int t_flags; + } + This allows the process on the server side of the pty to know + when the state of the terminal has changed, and what the new + state is. + + However, if you define USE_TERMIO or SYSV_TERMIO, the code will + expect that the structure returned in the TIOCPKT_IOCTL is + the termio/termios structure. + +stty.diff: + This file contains the changes needed for the stty(1) program + to report on the current status of the TS_EXTPROC bit. It also + allows the user to turn on/off the TS_EXTPROC bit. This is useful + because it allows the user to say "stty -extproc", and the + LINEMODE option will be automatically disabled, and saying "stty + extproc" will re-enable the LINEMODE option. + +telnet.state: + Both the client and server have code in them to deal + with option negotiation loops. The algorithm that is + used is described in this file. + +tmac.doc: + Macros for use in formatting the man pages on non-4.3Reno + systems. + +telnet: + This directory contains the client code. No kernel changes are + needed to use this code. + +telnetd: + This directory contains the server code. If LINEMODE or KLUDGELINEMODE + are defined, then the kernel modifications listed above are needed. + +libtelnet: + This directory contains code that is common to both the client + and the server. + +arpa: + This directory has a new <arpa/telnet.h> + + +The following TELNET options are supported: + + LINEMODE: + The LINEMODE option is supported as per RFC1116. The + FORWARDMASK option is not currently supported. + + BINARY: The client has the ability to turn on/off the BINARY + option in each direction. Turning on BINARY from + server to client causes the LITOUT bit to get set in + the terminal driver on both ends, turning on BINARY + from the client to the server causes the PASS8 bit + to get set in the terminal driver on both ends. + + TERMINAL-TYPE: + This is supported as per RFC1091. On the server side, + when a terminal type is received, termcap/terminfo + is consulted to determine if it is a known terminal + type. It keeps requesting terminal types until it + gets one that it recongnizes, or hits the end of the + list. The server side looks up the entry in the + termcap/terminfo data base, and generates a list of + names which it then passes one at a time to each + request for a terminal type, duplicating the last + entry in the list before cycling back to the beginning. + + NAWS: The Negotiate about Window Size, as per RFC 1073. + + TERMINAL-SPEED: + Implemented as per RFC 1079 + + TOGGLE-FLOW-CONTROL: + Implemented as per RFC 1080 + + TIMING-MARK: + As per RFC 860 + + SGA: As per RFC 858 + + ECHO: As per RFC 857 + + STATUS: + The server will send its current status upon + request. It does not ask for the clients status. + The client will request the servers current status + from the "send getstatus" command. + + ENVIRON: + This option is currently being defined by the IETF + Telnet Working Group, and an RFC has not yet been + issued, but should be in the near future... + + X-DISPLAY-LOCATION: + This functionality can be done through the ENVIRON + option, it is added here for completeness. + + AUTHENTICATION: + This option is currently being defined by the IETF + Telnet Working Group, and an RFC has not yet been + issued. The basic framework is pretty much decided, + but the definitions for the specific authentication + schemes is still in a state of flux. + + ENCRYPT: + This option is currently being defined by the IETF + Telnet Working Group, and an RFC has not yet been + issued. The draft RFC is still in a state of flux, + so this code may change in the future. diff --git a/secure/usr.bin/telnet/authenc.c b/secure/usr.bin/telnet/authenc.c new file mode 100644 index 0000000..545df78 --- /dev/null +++ b/secure/usr.bin/telnet/authenc.c @@ -0,0 +1,111 @@ +/*- + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)authenc.c 8.1 (Berkeley) 6/6/93"; +#endif /* not lint */ + +#if defined(AUTHENTICATION) || defined(ENCRYPTION) +#include <sys/types.h> +#include <arpa/telnet.h> +#include <libtelnet/encrypt.h> +#include <libtelnet/misc.h> + +#include "general.h" +#include "ring.h" +#include "externs.h" +#include "defines.h" +#include "types.h" + + int +net_write(str, len) + unsigned char *str; + int len; +{ + if (NETROOM() > len) { + ring_supply_data(&netoring, str, len); + if (str[0] == IAC && str[1] == SE) + printsub('>', &str[2], len-2); + return(len); + } + return(0); +} + + void +net_encrypt() +{ +#ifdef ENCRYPTION + if (encrypt_output) + ring_encrypt(&netoring, encrypt_output); + else + ring_clearto(&netoring); +#endif /* ENCRYPTION */ +} + + int +telnet_spin() +{ + return(-1); +} + + char * +telnet_getenv(val) + char *val; +{ + return((char *)env_getvalue((unsigned char *)val)); +} + + char * +telnet_gets(prompt, result, length, echo) + char *prompt; + char *result; + int length; + int echo; +{ + extern char *getpass(); + extern int globalmode; + int om = globalmode; + char *res; + + TerminalNewMode(-1); + if (echo) { + printf("%s", prompt); + res = fgets(result, length, stdin); + } else if (res = getpass(prompt)) { + strncpy(result, res, length); + res = result; + } + TerminalNewMode(om); + return(res); +} +#endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */ diff --git a/secure/usr.bin/telnet/commands.c b/secure/usr.bin/telnet/commands.c new file mode 100644 index 0000000..a6967b5 --- /dev/null +++ b/secure/usr.bin/telnet/commands.c @@ -0,0 +1,2945 @@ +/* + * Copyright (c) 1988, 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)commands.c 8.4 (Berkeley) 5/30/95"; +#endif /* not lint */ + +#if defined(unix) +#include <sys/param.h> +#if defined(CRAY) || defined(sysV88) +#include <sys/types.h> +#endif +#include <sys/file.h> +#else +#include <sys/types.h> +#endif /* defined(unix) */ +#include <sys/socket.h> +#include <netinet/in.h> +#ifdef CRAY +#include <fcntl.h> +#endif /* CRAY */ + +#include <signal.h> +#include <netdb.h> +#include <ctype.h> +#include <pwd.h> +#include <varargs.h> +#include <errno.h> + +#include <arpa/telnet.h> + +#include "general.h" + +#include "ring.h" + +#include "externs.h" +#include "defines.h" +#include "types.h" + +#if !defined(CRAY) && !defined(sysV88) +#include <netinet/in_systm.h> +# if (defined(vax) || defined(tahoe) || defined(hp300)) && !defined(ultrix) +# include <machine/endian.h> +# endif /* vax */ +#endif /* !defined(CRAY) && !defined(sysV88) */ +#include <netinet/ip.h> + + +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 64 +#endif MAXHOSTNAMELEN + +#if defined(IPPROTO_IP) && defined(IP_TOS) +int tos = -1; +#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ + +char *hostname; +static char _hostname[MAXHOSTNAMELEN]; + +extern char *getenv(); + +extern int isprefix(); +extern char **genget(); +extern int Ambiguous(); + +static call(); + +typedef struct { + char *name; /* command name */ + char *help; /* help string (NULL for no help) */ + int (*handler)(); /* routine which executes command */ + int needconnect; /* Do we need to be connected to execute? */ +} Command; + +static char line[256]; +static char saveline[256]; +static int margc; +static char *margv[20]; + + static void +makeargv() +{ + register char *cp, *cp2, c; + register char **argp = margv; + + margc = 0; + cp = line; + if (*cp == '!') { /* Special case shell escape */ + strcpy(saveline, line); /* save for shell command */ + *argp++ = "!"; /* No room in string to get this */ + margc++; + cp++; + } + while (c = *cp) { + register int inquote = 0; + while (isspace(c)) + c = *++cp; + if (c == '\0') + break; + *argp++ = cp; + margc += 1; + for (cp2 = cp; c != '\0'; c = *++cp) { + if (inquote) { + if (c == inquote) { + inquote = 0; + continue; + } + } else { + if (c == '\\') { + if ((c = *++cp) == '\0') + break; + } else if (c == '"') { + inquote = '"'; + continue; + } else if (c == '\'') { + inquote = '\''; + continue; + } else if (isspace(c)) + break; + } + *cp2++ = c; + } + *cp2 = '\0'; + if (c == '\0') + break; + cp++; + } + *argp++ = 0; +} + +/* + * Make a character string into a number. + * + * Todo: 1. Could take random integers (12, 0x12, 012, 0b1). + */ + + static +special(s) + register char *s; +{ + register char c; + char b; + + switch (*s) { + case '^': + b = *++s; + if (b == '?') { + c = b | 0x40; /* DEL */ + } else { + c = b & 0x1f; + } + break; + default: + c = *s; + break; + } + return c; +} + +/* + * Construct a control character sequence + * for a special character. + */ + static char * +control(c) + register cc_t c; +{ + static char buf[5]; + /* + * The only way I could get the Sun 3.5 compiler + * to shut up about + * if ((unsigned int)c >= 0x80) + * was to assign "c" to an unsigned int variable... + * Arggg.... + */ + register unsigned int uic = (unsigned int)c; + + if (uic == 0x7f) + return ("^?"); + if (c == (cc_t)_POSIX_VDISABLE) { + return "off"; + } + if (uic >= 0x80) { + buf[0] = '\\'; + buf[1] = ((c>>6)&07) + '0'; + buf[2] = ((c>>3)&07) + '0'; + buf[3] = (c&07) + '0'; + buf[4] = 0; + } else if (uic >= 0x20) { + buf[0] = c; + buf[1] = 0; + } else { + buf[0] = '^'; + buf[1] = '@'+c; + buf[2] = 0; + } + return (buf); +} + + + +/* + * The following are data structures and routines for + * the "send" command. + * + */ + +struct sendlist { + char *name; /* How user refers to it (case independent) */ + char *help; /* Help information (0 ==> no help) */ + int needconnect; /* Need to be connected */ + int narg; /* Number of arguments */ + int (*handler)(); /* Routine to perform (for special ops) */ + int nbyte; /* Number of bytes to send this command */ + int what; /* Character to be sent (<0 ==> special) */ +}; + + +static int + send_esc P((void)), + send_help P((void)), + send_docmd P((char *)), + send_dontcmd P((char *)), + send_willcmd P((char *)), + send_wontcmd P((char *)); + +static struct sendlist Sendlist[] = { + { "ao", "Send Telnet Abort output", 1, 0, 0, 2, AO }, + { "ayt", "Send Telnet 'Are You There'", 1, 0, 0, 2, AYT }, + { "brk", "Send Telnet Break", 1, 0, 0, 2, BREAK }, + { "break", 0, 1, 0, 0, 2, BREAK }, + { "ec", "Send Telnet Erase Character", 1, 0, 0, 2, EC }, + { "el", "Send Telnet Erase Line", 1, 0, 0, 2, EL }, + { "escape", "Send current escape character", 1, 0, send_esc, 1, 0 }, + { "ga", "Send Telnet 'Go Ahead' sequence", 1, 0, 0, 2, GA }, + { "ip", "Send Telnet Interrupt Process", 1, 0, 0, 2, IP }, + { "intp", 0, 1, 0, 0, 2, IP }, + { "interrupt", 0, 1, 0, 0, 2, IP }, + { "intr", 0, 1, 0, 0, 2, IP }, + { "nop", "Send Telnet 'No operation'", 1, 0, 0, 2, NOP }, + { "eor", "Send Telnet 'End of Record'", 1, 0, 0, 2, EOR }, + { "abort", "Send Telnet 'Abort Process'", 1, 0, 0, 2, ABORT }, + { "susp", "Send Telnet 'Suspend Process'", 1, 0, 0, 2, SUSP }, + { "eof", "Send Telnet End of File Character", 1, 0, 0, 2, xEOF }, + { "synch", "Perform Telnet 'Synch operation'", 1, 0, dosynch, 2, 0 }, + { "getstatus", "Send request for STATUS", 1, 0, get_status, 6, 0 }, + { "?", "Display send options", 0, 0, send_help, 0, 0 }, + { "help", 0, 0, 0, send_help, 0, 0 }, + { "do", 0, 0, 1, send_docmd, 3, 0 }, + { "dont", 0, 0, 1, send_dontcmd, 3, 0 }, + { "will", 0, 0, 1, send_willcmd, 3, 0 }, + { "wont", 0, 0, 1, send_wontcmd, 3, 0 }, + { 0 } +}; + +#define GETSEND(name) ((struct sendlist *) genget(name, (char **) Sendlist, \ + sizeof(struct sendlist))) + + static int +sendcmd(argc, argv) + int argc; + char **argv; +{ + int count; /* how many bytes we are going to need to send */ + int i; + int question = 0; /* was at least one argument a question */ + struct sendlist *s; /* pointer to current command */ + int success = 0; + int needconnect = 0; + + if (argc < 2) { + printf("need at least one argument for 'send' command\n"); + printf("'send ?' for help\n"); + return 0; + } + /* + * First, validate all the send arguments. + * In addition, we see how much space we are going to need, and + * whether or not we will be doing a "SYNCH" operation (which + * flushes the network queue). + */ + count = 0; + for (i = 1; i < argc; i++) { + s = GETSEND(argv[i]); + if (s == 0) { + printf("Unknown send argument '%s'\n'send ?' for help.\n", + argv[i]); + return 0; + } else if (Ambiguous(s)) { + printf("Ambiguous send argument '%s'\n'send ?' for help.\n", + argv[i]); + return 0; + } + if (i + s->narg >= argc) { + fprintf(stderr, + "Need %d argument%s to 'send %s' command. 'send %s ?' for help.\n", + s->narg, s->narg == 1 ? "" : "s", s->name, s->name); + return 0; + } + count += s->nbyte; + if (s->handler == send_help) { + send_help(); + return 0; + } + + i += s->narg; + needconnect += s->needconnect; + } + if (!connected && needconnect) { + printf("?Need to be connected first.\n"); + printf("'send ?' for help\n"); + return 0; + } + /* Now, do we have enough room? */ + if (NETROOM() < count) { + printf("There is not enough room in the buffer TO the network\n"); + printf("to process your request. Nothing will be done.\n"); + printf("('send synch' will throw away most data in the network\n"); + printf("buffer, if this might help.)\n"); + return 0; + } + /* OK, they are all OK, now go through again and actually send */ + count = 0; + for (i = 1; i < argc; i++) { + if ((s = GETSEND(argv[i])) == 0) { + fprintf(stderr, "Telnet 'send' error - argument disappeared!\n"); + (void) quit(); + /*NOTREACHED*/ + } + if (s->handler) { + count++; + success += (*s->handler)((s->narg > 0) ? argv[i+1] : 0, + (s->narg > 1) ? argv[i+2] : 0); + i += s->narg; + } else { + NET2ADD(IAC, s->what); + printoption("SENT", IAC, s->what); + } + } + return (count == success); +} + + static int +send_esc() +{ + NETADD(escape); + return 1; +} + + static int +send_docmd(name) + char *name; +{ + return(send_tncmd(send_do, "do", name)); +} + + static int +send_dontcmd(name) + char *name; +{ + return(send_tncmd(send_dont, "dont", name)); +} + static int +send_willcmd(name) + char *name; +{ + return(send_tncmd(send_will, "will", name)); +} + static int +send_wontcmd(name) + char *name; +{ + return(send_tncmd(send_wont, "wont", name)); +} + + int +send_tncmd(func, cmd, name) + void (*func)(); + char *cmd, *name; +{ + char **cpp; + extern char *telopts[]; + register int val = 0; + + if (isprefix(name, "help") || isprefix(name, "?")) { + register int col, len; + + printf("Usage: send %s <value|option>\n", cmd); + printf("\"value\" must be from 0 to 255\n"); + printf("Valid options are:\n\t"); + + col = 8; + for (cpp = telopts; *cpp; cpp++) { + len = strlen(*cpp) + 3; + if (col + len > 65) { + printf("\n\t"); + col = 8; + } + printf(" \"%s\"", *cpp); + col += len; + } + printf("\n"); + return 0; + } + cpp = (char **)genget(name, telopts, sizeof(char *)); + if (Ambiguous(cpp)) { + fprintf(stderr,"'%s': ambiguous argument ('send %s ?' for help).\n", + name, cmd); + return 0; + } + if (cpp) { + val = cpp - telopts; + } else { + register char *cp = name; + + while (*cp >= '0' && *cp <= '9') { + val *= 10; + val += *cp - '0'; + cp++; + } + if (*cp != 0) { + fprintf(stderr, "'%s': unknown argument ('send %s ?' for help).\n", + name, cmd); + return 0; + } else if (val < 0 || val > 255) { + fprintf(stderr, "'%s': bad value ('send %s ?' for help).\n", + name, cmd); + return 0; + } + } + if (!connected) { + printf("?Need to be connected first.\n"); + return 0; + } + (*func)(val, 1); + return 1; +} + + static int +send_help() +{ + struct sendlist *s; /* pointer to current command */ + for (s = Sendlist; s->name; s++) { + if (s->help) + printf("%-15s %s\n", s->name, s->help); + } + return(0); +} + +/* + * The following are the routines and data structures referred + * to by the arguments to the "toggle" command. + */ + + static int +lclchars() +{ + donelclchars = 1; + return 1; +} + + static int +togdebug() +{ +#ifndef NOT43 + if (net > 0 && + (SetSockOpt(net, SOL_SOCKET, SO_DEBUG, debug)) < 0) { + perror("setsockopt (SO_DEBUG)"); + } +#else /* NOT43 */ + if (debug) { + if (net > 0 && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 0, 0) < 0) + perror("setsockopt (SO_DEBUG)"); + } else + printf("Cannot turn off socket debugging\n"); +#endif /* NOT43 */ + return 1; +} + + + static int +togcrlf() +{ + if (crlf) { + printf("Will send carriage returns as telnet <CR><LF>.\n"); + } else { + printf("Will send carriage returns as telnet <CR><NUL>.\n"); + } + return 1; +} + +int binmode; + + static int +togbinary(val) + int val; +{ + donebinarytoggle = 1; + + if (val >= 0) { + binmode = val; + } else { + if (my_want_state_is_will(TELOPT_BINARY) && + my_want_state_is_do(TELOPT_BINARY)) { + binmode = 1; + } else if (my_want_state_is_wont(TELOPT_BINARY) && + my_want_state_is_dont(TELOPT_BINARY)) { + binmode = 0; + } + val = binmode ? 0 : 1; + } + + if (val == 1) { + if (my_want_state_is_will(TELOPT_BINARY) && + my_want_state_is_do(TELOPT_BINARY)) { + printf("Already operating in binary mode with remote host.\n"); + } else { + printf("Negotiating binary mode with remote host.\n"); + tel_enter_binary(3); + } + } else { + if (my_want_state_is_wont(TELOPT_BINARY) && + my_want_state_is_dont(TELOPT_BINARY)) { + printf("Already in network ascii mode with remote host.\n"); + } else { + printf("Negotiating network ascii mode with remote host.\n"); + tel_leave_binary(3); + } + } + return 1; +} + + static int +togrbinary(val) + int val; +{ + donebinarytoggle = 1; + + if (val == -1) + val = my_want_state_is_do(TELOPT_BINARY) ? 0 : 1; + + if (val == 1) { + if (my_want_state_is_do(TELOPT_BINARY)) { + printf("Already receiving in binary mode.\n"); + } else { + printf("Negotiating binary mode on input.\n"); + tel_enter_binary(1); + } + } else { + if (my_want_state_is_dont(TELOPT_BINARY)) { + printf("Already receiving in network ascii mode.\n"); + } else { + printf("Negotiating network ascii mode on input.\n"); + tel_leave_binary(1); + } + } + return 1; +} + + static int +togxbinary(val) + int val; +{ + donebinarytoggle = 1; + + if (val == -1) + val = my_want_state_is_will(TELOPT_BINARY) ? 0 : 1; + + if (val == 1) { + if (my_want_state_is_will(TELOPT_BINARY)) { + printf("Already transmitting in binary mode.\n"); + } else { + printf("Negotiating binary mode on output.\n"); + tel_enter_binary(2); + } + } else { + if (my_want_state_is_wont(TELOPT_BINARY)) { + printf("Already transmitting in network ascii mode.\n"); + } else { + printf("Negotiating network ascii mode on output.\n"); + tel_leave_binary(2); + } + } + return 1; +} + + +static int togglehelp P((void)); +#if defined(AUTHENTICATION) +extern int auth_togdebug P((int)); +#endif +#ifdef ENCRYPTION +extern int EncryptAutoEnc P((int)); +extern int EncryptAutoDec P((int)); +extern int EncryptDebug P((int)); +extern int EncryptVerbose P((int)); +#endif /* ENCRYPTION */ + +struct togglelist { + char *name; /* name of toggle */ + char *help; /* help message */ + int (*handler)(); /* routine to do actual setting */ + int *variable; + char *actionexplanation; +}; + +static struct togglelist Togglelist[] = { + { "autoflush", + "flushing of output when sending interrupt characters", + 0, + &autoflush, + "flush output when sending interrupt characters" }, + { "autosynch", + "automatic sending of interrupt characters in urgent mode", + 0, + &autosynch, + "send interrupt characters in urgent mode" }, +#if defined(AUTHENTICATION) + { "autologin", + "automatic sending of login and/or authentication info", + 0, + &autologin, + "send login name and/or authentication information" }, + { "authdebug", + "Toggle authentication debugging", + auth_togdebug, + 0, + "print authentication debugging information" }, +#endif +#ifdef ENCRYPTION + { "autoencrypt", + "automatic encryption of data stream", + EncryptAutoEnc, + 0, + "automatically encrypt output" }, + { "autodecrypt", + "automatic decryption of data stream", + EncryptAutoDec, + 0, + "automatically decrypt input" }, + { "verbose_encrypt", + "Toggle verbose encryption output", + EncryptVerbose, + 0, + "print verbose encryption output" }, + { "encdebug", + "Toggle encryption debugging", + EncryptDebug, + 0, + "print encryption debugging information" }, +#endif /* ENCRYPTION */ + { "skiprc", + "don't read ~/.telnetrc file", + 0, + &skiprc, + "skip reading of ~/.telnetrc file" }, + { "binary", + "sending and receiving of binary data", + togbinary, + 0, + 0 }, + { "inbinary", + "receiving of binary data", + togrbinary, + 0, + 0 }, + { "outbinary", + "sending of binary data", + togxbinary, + 0, + 0 }, + { "crlf", + "sending carriage returns as telnet <CR><LF>", + togcrlf, + &crlf, + 0 }, + { "crmod", + "mapping of received carriage returns", + 0, + &crmod, + "map carriage return on output" }, + { "localchars", + "local recognition of certain control characters", + lclchars, + &localchars, + "recognize certain control characters" }, + { " ", "", 0 }, /* empty line */ +#if defined(unix) && defined(TN3270) + { "apitrace", + "(debugging) toggle tracing of API transactions", + 0, + &apitrace, + "trace API transactions" }, + { "cursesdata", + "(debugging) toggle printing of hexadecimal curses data", + 0, + &cursesdata, + "print hexadecimal representation of curses data" }, +#endif /* defined(unix) && defined(TN3270) */ + { "debug", + "debugging", + togdebug, + &debug, + "turn on socket level debugging" }, + { "netdata", + "printing of hexadecimal network data (debugging)", + 0, + &netdata, + "print hexadecimal representation of network traffic" }, + { "prettydump", + "output of \"netdata\" to user readable format (debugging)", + 0, + &prettydump, + "print user readable output for \"netdata\"" }, + { "options", + "viewing of options processing (debugging)", + 0, + &showoptions, + "show option processing" }, +#if defined(unix) + { "termdata", + "(debugging) toggle printing of hexadecimal terminal data", + 0, + &termdata, + "print hexadecimal representation of terminal traffic" }, +#endif /* defined(unix) */ + { "?", + 0, + togglehelp }, + { "help", + 0, + togglehelp }, + { 0 } +}; + + static int +togglehelp() +{ + struct togglelist *c; + + for (c = Togglelist; c->name; c++) { + if (c->help) { + if (*c->help) + printf("%-15s toggle %s\n", c->name, c->help); + else + printf("\n"); + } + } + printf("\n"); + printf("%-15s %s\n", "?", "display help information"); + return 0; +} + + static void +settogglehelp(set) + int set; +{ + struct togglelist *c; + + for (c = Togglelist; c->name; c++) { + if (c->help) { + if (*c->help) + printf("%-15s %s %s\n", c->name, set ? "enable" : "disable", + c->help); + else + printf("\n"); + } + } +} + +#define GETTOGGLE(name) (struct togglelist *) \ + genget(name, (char **) Togglelist, sizeof(struct togglelist)) + + static int +toggle(argc, argv) + int argc; + char *argv[]; +{ + int retval = 1; + char *name; + struct togglelist *c; + + if (argc < 2) { + fprintf(stderr, + "Need an argument to 'toggle' command. 'toggle ?' for help.\n"); + return 0; + } + argc--; + argv++; + while (argc--) { + name = *argv++; + c = GETTOGGLE(name); + if (Ambiguous(c)) { + fprintf(stderr, "'%s': ambiguous argument ('toggle ?' for help).\n", + name); + return 0; + } else if (c == 0) { + fprintf(stderr, "'%s': unknown argument ('toggle ?' for help).\n", + name); + return 0; + } else { + if (c->variable) { + *c->variable = !*c->variable; /* invert it */ + if (c->actionexplanation) { + printf("%s %s.\n", *c->variable? "Will" : "Won't", + c->actionexplanation); + } + } + if (c->handler) { + retval &= (*c->handler)(-1); + } + } + } + return retval; +} + +/* + * The following perform the "set" command. + */ + +#ifdef USE_TERMIO +struct termio new_tc = { 0 }; +#endif + +struct setlist { + char *name; /* name */ + char *help; /* help information */ + void (*handler)(); + cc_t *charp; /* where it is located at */ +}; + +static struct setlist Setlist[] = { +#ifdef KLUDGELINEMODE + { "echo", "character to toggle local echoing on/off", 0, &echoc }, +#endif + { "escape", "character to escape back to telnet command mode", 0, &escape }, + { "rlogin", "rlogin escape character", 0, &rlogin }, + { "tracefile", "file to write trace information to", SetNetTrace, (cc_t *)NetTraceFile}, + { " ", "" }, + { " ", "The following need 'localchars' to be toggled true", 0, 0 }, + { "flushoutput", "character to cause an Abort Output", 0, termFlushCharp }, + { "interrupt", "character to cause an Interrupt Process", 0, termIntCharp }, + { "quit", "character to cause an Abort process", 0, termQuitCharp }, + { "eof", "character to cause an EOF ", 0, termEofCharp }, + { " ", "" }, + { " ", "The following are for local editing in linemode", 0, 0 }, + { "erase", "character to use to erase a character", 0, termEraseCharp }, + { "kill", "character to use to erase a line", 0, termKillCharp }, + { "lnext", "character to use for literal next", 0, termLiteralNextCharp }, + { "susp", "character to cause a Suspend Process", 0, termSuspCharp }, + { "reprint", "character to use for line reprint", 0, termRprntCharp }, + { "worderase", "character to use to erase a word", 0, termWerasCharp }, + { "start", "character to use for XON", 0, termStartCharp }, + { "stop", "character to use for XOFF", 0, termStopCharp }, + { "forw1", "alternate end of line character", 0, termForw1Charp }, + { "forw2", "alternate end of line character", 0, termForw2Charp }, + { "ayt", "alternate AYT character", 0, termAytCharp }, + { 0 } +}; + +#if defined(CRAY) && !defined(__STDC__) +/* Work around compiler bug in pcc 4.1.5 */ + void +_setlist_init() +{ +#ifndef KLUDGELINEMODE +#define N 5 +#else +#define N 6 +#endif + Setlist[N+0].charp = &termFlushChar; + Setlist[N+1].charp = &termIntChar; + Setlist[N+2].charp = &termQuitChar; + Setlist[N+3].charp = &termEofChar; + Setlist[N+6].charp = &termEraseChar; + Setlist[N+7].charp = &termKillChar; + Setlist[N+8].charp = &termLiteralNextChar; + Setlist[N+9].charp = &termSuspChar; + Setlist[N+10].charp = &termRprntChar; + Setlist[N+11].charp = &termWerasChar; + Setlist[N+12].charp = &termStartChar; + Setlist[N+13].charp = &termStopChar; + Setlist[N+14].charp = &termForw1Char; + Setlist[N+15].charp = &termForw2Char; + Setlist[N+16].charp = &termAytChar; +#undef N +} +#endif /* defined(CRAY) && !defined(__STDC__) */ + + static struct setlist * +getset(name) + char *name; +{ + return (struct setlist *) + genget(name, (char **) Setlist, sizeof(struct setlist)); +} + + void +set_escape_char(s) + char *s; +{ + if (rlogin != _POSIX_VDISABLE) { + rlogin = (s && *s) ? special(s) : _POSIX_VDISABLE; + printf("Telnet rlogin escape character is '%s'.\n", + control(rlogin)); + } else { + escape = (s && *s) ? special(s) : _POSIX_VDISABLE; + printf("Telnet escape character is '%s'.\n", control(escape)); + } +} + + static int +setcmd(argc, argv) + int argc; + char *argv[]; +{ + int value; + struct setlist *ct; + struct togglelist *c; + + if (argc < 2 || argc > 3) { + printf("Format is 'set Name Value'\n'set ?' for help.\n"); + return 0; + } + if ((argc == 2) && (isprefix(argv[1], "?") || isprefix(argv[1], "help"))) { + for (ct = Setlist; ct->name; ct++) + printf("%-15s %s\n", ct->name, ct->help); + printf("\n"); + settogglehelp(1); + printf("%-15s %s\n", "?", "display help information"); + return 0; + } + + ct = getset(argv[1]); + if (ct == 0) { + c = GETTOGGLE(argv[1]); + if (c == 0) { + fprintf(stderr, "'%s': unknown argument ('set ?' for help).\n", + argv[1]); + return 0; + } else if (Ambiguous(c)) { + fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\n", + argv[1]); + return 0; + } + if (c->variable) { + if ((argc == 2) || (strcmp("on", argv[2]) == 0)) + *c->variable = 1; + else if (strcmp("off", argv[2]) == 0) + *c->variable = 0; + else { + printf("Format is 'set togglename [on|off]'\n'set ?' for help.\n"); + return 0; + } + if (c->actionexplanation) { + printf("%s %s.\n", *c->variable? "Will" : "Won't", + c->actionexplanation); + } + } + if (c->handler) + (*c->handler)(1); + } else if (argc != 3) { + printf("Format is 'set Name Value'\n'set ?' for help.\n"); + return 0; + } else if (Ambiguous(ct)) { + fprintf(stderr, "'%s': ambiguous argument ('set ?' for help).\n", + argv[1]); + return 0; + } else if (ct->handler) { + (*ct->handler)(argv[2]); + printf("%s set to \"%s\".\n", ct->name, (char *)ct->charp); + } else { + if (strcmp("off", argv[2])) { + value = special(argv[2]); + } else { + value = _POSIX_VDISABLE; + } + *(ct->charp) = (cc_t)value; + printf("%s character is '%s'.\n", ct->name, control(*(ct->charp))); + } + slc_check(); + return 1; +} + + static int +unsetcmd(argc, argv) + int argc; + char *argv[]; +{ + struct setlist *ct; + struct togglelist *c; + register char *name; + + if (argc < 2) { + fprintf(stderr, + "Need an argument to 'unset' command. 'unset ?' for help.\n"); + return 0; + } + if (isprefix(argv[1], "?") || isprefix(argv[1], "help")) { + for (ct = Setlist; ct->name; ct++) + printf("%-15s %s\n", ct->name, ct->help); + printf("\n"); + settogglehelp(0); + printf("%-15s %s\n", "?", "display help information"); + return 0; + } + + argc--; + argv++; + while (argc--) { + name = *argv++; + ct = getset(name); + if (ct == 0) { + c = GETTOGGLE(name); + if (c == 0) { + fprintf(stderr, "'%s': unknown argument ('unset ?' for help).\n", + name); + return 0; + } else if (Ambiguous(c)) { + fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\n", + name); + return 0; + } + if (c->variable) { + *c->variable = 0; + if (c->actionexplanation) { + printf("%s %s.\n", *c->variable? "Will" : "Won't", + c->actionexplanation); + } + } + if (c->handler) + (*c->handler)(0); + } else if (Ambiguous(ct)) { + fprintf(stderr, "'%s': ambiguous argument ('unset ?' for help).\n", + name); + return 0; + } else if (ct->handler) { + (*ct->handler)(0); + printf("%s reset to \"%s\".\n", ct->name, (char *)ct->charp); + } else { + *(ct->charp) = _POSIX_VDISABLE; + printf("%s character is '%s'.\n", ct->name, control(*(ct->charp))); + } + } + return 1; +} + +/* + * The following are the data structures and routines for the + * 'mode' command. + */ +#ifdef KLUDGELINEMODE +extern int kludgelinemode; + + static int +dokludgemode() +{ + kludgelinemode = 1; + send_wont(TELOPT_LINEMODE, 1); + send_dont(TELOPT_SGA, 1); + send_dont(TELOPT_ECHO, 1); +} +#endif + + static int +dolinemode() +{ +#ifdef KLUDGELINEMODE + if (kludgelinemode) + send_dont(TELOPT_SGA, 1); +#endif + send_will(TELOPT_LINEMODE, 1); + send_dont(TELOPT_ECHO, 1); + return 1; +} + + static int +docharmode() +{ +#ifdef KLUDGELINEMODE + if (kludgelinemode) + send_do(TELOPT_SGA, 1); + else +#endif + send_wont(TELOPT_LINEMODE, 1); + send_do(TELOPT_ECHO, 1); + return 1; +} + + static int +dolmmode(bit, on) + int bit, on; +{ + unsigned char c; + extern int linemode; + + if (my_want_state_is_wont(TELOPT_LINEMODE)) { + printf("?Need to have LINEMODE option enabled first.\n"); + printf("'mode ?' for help.\n"); + return 0; + } + + if (on) + c = (linemode | bit); + else + c = (linemode & ~bit); + lm_mode(&c, 1, 1); + return 1; +} + + int +setmode(bit) +{ + return dolmmode(bit, 1); +} + + int +clearmode(bit) +{ + return dolmmode(bit, 0); +} + +struct modelist { + char *name; /* command name */ + char *help; /* help string */ + int (*handler)(); /* routine which executes command */ + int needconnect; /* Do we need to be connected to execute? */ + int arg1; +}; + +extern int modehelp(); + +static struct modelist ModeList[] = { + { "character", "Disable LINEMODE option", docharmode, 1 }, +#ifdef KLUDGELINEMODE + { "", "(or disable obsolete line-by-line mode)", 0 }, +#endif + { "line", "Enable LINEMODE option", dolinemode, 1 }, +#ifdef KLUDGELINEMODE + { "", "(or enable obsolete line-by-line mode)", 0 }, +#endif + { "", "", 0 }, + { "", "These require the LINEMODE option to be enabled", 0 }, + { "isig", "Enable signal trapping", setmode, 1, MODE_TRAPSIG }, + { "+isig", 0, setmode, 1, MODE_TRAPSIG }, + { "-isig", "Disable signal trapping", clearmode, 1, MODE_TRAPSIG }, + { "edit", "Enable character editing", setmode, 1, MODE_EDIT }, + { "+edit", 0, setmode, 1, MODE_EDIT }, + { "-edit", "Disable character editing", clearmode, 1, MODE_EDIT }, + { "softtabs", "Enable tab expansion", setmode, 1, MODE_SOFT_TAB }, + { "+softtabs", 0, setmode, 1, MODE_SOFT_TAB }, + { "-softtabs", "Disable character editing", clearmode, 1, MODE_SOFT_TAB }, + { "litecho", "Enable literal character echo", setmode, 1, MODE_LIT_ECHO }, + { "+litecho", 0, setmode, 1, MODE_LIT_ECHO }, + { "-litecho", "Disable literal character echo", clearmode, 1, MODE_LIT_ECHO }, + { "help", 0, modehelp, 0 }, +#ifdef KLUDGELINEMODE + { "kludgeline", 0, dokludgemode, 1 }, +#endif + { "", "", 0 }, + { "?", "Print help information", modehelp, 0 }, + { 0 }, +}; + + + int +modehelp() +{ + struct modelist *mt; + + printf("format is: 'mode Mode', where 'Mode' is one of:\n\n"); + for (mt = ModeList; mt->name; mt++) { + if (mt->help) { + if (*mt->help) + printf("%-15s %s\n", mt->name, mt->help); + else + printf("\n"); + } + } + return 0; +} + +#define GETMODECMD(name) (struct modelist *) \ + genget(name, (char **) ModeList, sizeof(struct modelist)) + + static int +modecmd(argc, argv) + int argc; + char *argv[]; +{ + struct modelist *mt; + + if (argc != 2) { + printf("'mode' command requires an argument\n"); + printf("'mode ?' for help.\n"); + } else if ((mt = GETMODECMD(argv[1])) == 0) { + fprintf(stderr, "Unknown mode '%s' ('mode ?' for help).\n", argv[1]); + } else if (Ambiguous(mt)) { + fprintf(stderr, "Ambiguous mode '%s' ('mode ?' for help).\n", argv[1]); + } else if (mt->needconnect && !connected) { + printf("?Need to be connected first.\n"); + printf("'mode ?' for help.\n"); + } else if (mt->handler) { + return (*mt->handler)(mt->arg1); + } + return 0; +} + +/* + * The following data structures and routines implement the + * "display" command. + */ + + static int +display(argc, argv) + int argc; + char *argv[]; +{ + struct togglelist *tl; + struct setlist *sl; + +#define dotog(tl) if (tl->variable && tl->actionexplanation) { \ + if (*tl->variable) { \ + printf("will"); \ + } else { \ + printf("won't"); \ + } \ + printf(" %s.\n", tl->actionexplanation); \ + } + +#define doset(sl) if (sl->name && *sl->name != ' ') { \ + if (sl->handler == 0) \ + printf("%-15s [%s]\n", sl->name, control(*sl->charp)); \ + else \ + printf("%-15s \"%s\"\n", sl->name, (char *)sl->charp); \ + } + + if (argc == 1) { + for (tl = Togglelist; tl->name; tl++) { + dotog(tl); + } + printf("\n"); + for (sl = Setlist; sl->name; sl++) { + doset(sl); + } + } else { + int i; + + for (i = 1; i < argc; i++) { + sl = getset(argv[i]); + tl = GETTOGGLE(argv[i]); + if (Ambiguous(sl) || Ambiguous(tl)) { + printf("?Ambiguous argument '%s'.\n", argv[i]); + return 0; + } else if (!sl && !tl) { + printf("?Unknown argument '%s'.\n", argv[i]); + return 0; + } else { + if (tl) { + dotog(tl); + } + if (sl) { + doset(sl); + } + } + } + } +/*@*/optionstatus(); +#ifdef ENCRYPTION + EncryptStatus(); +#endif /* ENCRYPTION */ + return 1; +#undef doset +#undef dotog +} + +/* + * The following are the data structures, and many of the routines, + * relating to command processing. + */ + +/* + * Set the escape character. + */ + static int +setescape(argc, argv) + int argc; + char *argv[]; +{ + register char *arg; + char buf[50]; + + printf( + "Deprecated usage - please use 'set escape%s%s' in the future.\n", + (argc > 2)? " ":"", (argc > 2)? argv[1]: ""); + if (argc > 2) + arg = argv[1]; + else { + printf("new escape character: "); + (void) fgets(buf, sizeof(buf), stdin); + arg = buf; + } + if (arg[0] != '\0') + escape = arg[0]; + if (!In3270) { + printf("Escape character is '%s'.\n", control(escape)); + } + (void) fflush(stdout); + return 1; +} + + /*VARARGS*/ + static int +togcrmod() +{ + crmod = !crmod; + printf("Deprecated usage - please use 'toggle crmod' in the future.\n"); + printf("%s map carriage return on output.\n", crmod ? "Will" : "Won't"); + (void) fflush(stdout); + return 1; +} + + /*VARARGS*/ + int +suspend() +{ +#ifdef SIGTSTP + setcommandmode(); + { + long oldrows, oldcols, newrows, newcols, err; + + err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0; + (void) kill(0, SIGTSTP); + /* + * If we didn't get the window size before the SUSPEND, but we + * can get them now (?), then send the NAWS to make sure that + * we are set up for the right window size. + */ + if (TerminalWindowSize(&newrows, &newcols) && connected && + (err || ((oldrows != newrows) || (oldcols != newcols)))) { + sendnaws(); + } + } + /* reget parameters in case they were changed */ + TerminalSaveState(); + setconnmode(0); +#else + printf("Suspend is not supported. Try the '!' command instead\n"); +#endif + return 1; +} + +#if !defined(TN3270) + /*ARGSUSED*/ + int +shell(argc, argv) + int argc; + char *argv[]; +{ + long oldrows, oldcols, newrows, newcols, err; + + setcommandmode(); + + err = (TerminalWindowSize(&oldrows, &oldcols) == 0) ? 1 : 0; + switch(vfork()) { + case -1: + perror("Fork failed\n"); + break; + + case 0: + { + /* + * Fire up the shell in the child. + */ + register char *shellp, *shellname; + extern char *strrchr(); + + shellp = getenv("SHELL"); + if (shellp == NULL) + shellp = "/bin/sh"; + if ((shellname = strrchr(shellp, '/')) == 0) + shellname = shellp; + else + shellname++; + if (argc > 1) + execl(shellp, shellname, "-c", &saveline[1], 0); + else + execl(shellp, shellname, 0); + perror("Execl"); + _exit(1); + } + default: + (void)wait((int *)0); /* Wait for the shell to complete */ + + if (TerminalWindowSize(&newrows, &newcols) && connected && + (err || ((oldrows != newrows) || (oldcols != newcols)))) { + sendnaws(); + } + break; + } + return 1; +} +#else /* !defined(TN3270) */ +extern int shell(); +#endif /* !defined(TN3270) */ + + /*VARARGS*/ + static +bye(argc, argv) + int argc; /* Number of arguments */ + char *argv[]; /* arguments */ +{ + extern int resettermname; + + if (connected) { + (void) shutdown(net, 2); + printf("Connection closed.\n"); + (void) NetClose(net); + connected = 0; + resettermname = 1; +#if defined(AUTHENTICATION) || defined(ENCRYPTION) + auth_encrypt_connect(connected); +#endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */ + /* reset options */ + tninit(); +#if defined(TN3270) + SetIn3270(); /* Get out of 3270 mode */ +#endif /* defined(TN3270) */ + } + if ((argc != 2) || (strcmp(argv[1], "fromquit") != 0)) { + longjmp(toplevel, 1); + /* NOTREACHED */ + } + return 1; /* Keep lint, etc., happy */ +} + +/*VARARGS*/ +quit() +{ + (void) call(bye, "bye", "fromquit", 0); + Exit(0); + /*NOTREACHED*/ +} + +/*VARARGS*/ + int +logout() +{ + send_do(TELOPT_LOGOUT, 1); + (void) netflush(); + return 1; +} + + +/* + * The SLC command. + */ + +struct slclist { + char *name; + char *help; + void (*handler)(); + int arg; +}; + +static void slc_help(); + +struct slclist SlcList[] = { + { "export", "Use local special character definitions", + slc_mode_export, 0 }, + { "import", "Use remote special character definitions", + slc_mode_import, 1 }, + { "check", "Verify remote special character definitions", + slc_mode_import, 0 }, + { "help", 0, slc_help, 0 }, + { "?", "Print help information", slc_help, 0 }, + { 0 }, +}; + + static void +slc_help() +{ + struct slclist *c; + + for (c = SlcList; c->name; c++) { + if (c->help) { + if (*c->help) + printf("%-15s %s\n", c->name, c->help); + else + printf("\n"); + } + } +} + + static struct slclist * +getslc(name) + char *name; +{ + return (struct slclist *) + genget(name, (char **) SlcList, sizeof(struct slclist)); +} + + static +slccmd(argc, argv) + int argc; + char *argv[]; +{ + struct slclist *c; + + if (argc != 2) { + fprintf(stderr, + "Need an argument to 'slc' command. 'slc ?' for help.\n"); + return 0; + } + c = getslc(argv[1]); + if (c == 0) { + fprintf(stderr, "'%s': unknown argument ('slc ?' for help).\n", + argv[1]); + return 0; + } + if (Ambiguous(c)) { + fprintf(stderr, "'%s': ambiguous argument ('slc ?' for help).\n", + argv[1]); + return 0; + } + (*c->handler)(c->arg); + slcstate(); + return 1; +} + +/* + * The ENVIRON command. + */ + +struct envlist { + char *name; + char *help; + void (*handler)(); + int narg; +}; + +extern struct env_lst * + env_define P((unsigned char *, unsigned char *)); +extern void + env_undefine P((unsigned char *)), + env_export P((unsigned char *)), + env_unexport P((unsigned char *)), + env_send P((unsigned char *)), +#if defined(OLD_ENVIRON) && defined(ENV_HACK) + env_varval P((unsigned char *)), +#endif + env_list P((void)); +static void + env_help P((void)); + +struct envlist EnvList[] = { + { "define", "Define an environment variable", + (void (*)())env_define, 2 }, + { "undefine", "Undefine an environment variable", + env_undefine, 1 }, + { "export", "Mark an environment variable for automatic export", + env_export, 1 }, + { "unexport", "Don't mark an environment variable for automatic export", + env_unexport, 1 }, + { "send", "Send an environment variable", env_send, 1 }, + { "list", "List the current environment variables", + env_list, 0 }, +#if defined(OLD_ENVIRON) && defined(ENV_HACK) + { "varval", "Reverse VAR and VALUE (auto, right, wrong, status)", + env_varval, 1 }, +#endif + { "help", 0, env_help, 0 }, + { "?", "Print help information", env_help, 0 }, + { 0 }, +}; + + static void +env_help() +{ + struct envlist *c; + + for (c = EnvList; c->name; c++) { + if (c->help) { + if (*c->help) + printf("%-15s %s\n", c->name, c->help); + else + printf("\n"); + } + } +} + + static struct envlist * +getenvcmd(name) + char *name; +{ + return (struct envlist *) + genget(name, (char **) EnvList, sizeof(struct envlist)); +} + +env_cmd(argc, argv) + int argc; + char *argv[]; +{ + struct envlist *c; + + if (argc < 2) { + fprintf(stderr, + "Need an argument to 'environ' command. 'environ ?' for help.\n"); + return 0; + } + c = getenvcmd(argv[1]); + if (c == 0) { + fprintf(stderr, "'%s': unknown argument ('environ ?' for help).\n", + argv[1]); + return 0; + } + if (Ambiguous(c)) { + fprintf(stderr, "'%s': ambiguous argument ('environ ?' for help).\n", + argv[1]); + return 0; + } + if (c->narg + 2 != argc) { + fprintf(stderr, + "Need %s%d argument%s to 'environ %s' command. 'environ ?' for help.\n", + c->narg < argc + 2 ? "only " : "", + c->narg, c->narg == 1 ? "" : "s", c->name); + return 0; + } + (*c->handler)(argv[2], argv[3]); + return 1; +} + +struct env_lst { + struct env_lst *next; /* pointer to next structure */ + struct env_lst *prev; /* pointer to previous structure */ + unsigned char *var; /* pointer to variable name */ + unsigned char *value; /* pointer to variable value */ + int export; /* 1 -> export with default list of variables */ + int welldefined; /* A well defined variable */ +}; + +struct env_lst envlisthead; + + struct env_lst * +env_find(var) + unsigned char *var; +{ + register struct env_lst *ep; + + for (ep = envlisthead.next; ep; ep = ep->next) { + if (strcmp((char *)ep->var, (char *)var) == 0) + return(ep); + } + return(NULL); +} + + void +env_init() +{ + extern char **environ; + register char **epp, *cp; + register struct env_lst *ep; + extern char *strchr(); + + for (epp = environ; *epp; epp++) { + if (cp = strchr(*epp, '=')) { + *cp = '\0'; + ep = env_define((unsigned char *)*epp, + (unsigned char *)cp+1); + ep->export = 0; + *cp = '='; + } + } + /* + * Special case for DISPLAY variable. If it is ":0.0" or + * "unix:0.0", we have to get rid of "unix" and insert our + * hostname. + */ + if ((ep = env_find("DISPLAY")) + && ((*ep->value == ':') + || (strncmp((char *)ep->value, "unix:", 5) == 0))) { + char hbuf[256+1]; + char *cp2 = strchr((char *)ep->value, ':'); + + gethostname(hbuf, 256); + hbuf[256] = '\0'; + cp = (char *)malloc(strlen(hbuf) + strlen(cp2) + 1); + sprintf((char *)cp, "%s%s", hbuf, cp2); + free(ep->value); + ep->value = (unsigned char *)cp; + } + /* + * If USER is not defined, but LOGNAME is, then add + * USER with the value from LOGNAME. By default, we + * don't export the USER variable. + */ + if ((env_find("USER") == NULL) && (ep = env_find("LOGNAME"))) { + env_define((unsigned char *)"USER", ep->value); + env_unexport((unsigned char *)"USER"); + } + env_export((unsigned char *)"DISPLAY"); + env_export((unsigned char *)"PRINTER"); +} + + struct env_lst * +env_define(var, value) + unsigned char *var, *value; +{ + register struct env_lst *ep; + + if (ep = env_find(var)) { + if (ep->var) + free(ep->var); + if (ep->value) + free(ep->value); + } else { + ep = (struct env_lst *)malloc(sizeof(struct env_lst)); + ep->next = envlisthead.next; + envlisthead.next = ep; + ep->prev = &envlisthead; + if (ep->next) + ep->next->prev = ep; + } + ep->welldefined = opt_welldefined(var); + ep->export = 1; + ep->var = (unsigned char *)strdup((char *)var); + ep->value = (unsigned char *)strdup((char *)value); + return(ep); +} + + void +env_undefine(var) + unsigned char *var; +{ + register struct env_lst *ep; + + if (ep = env_find(var)) { + ep->prev->next = ep->next; + if (ep->next) + ep->next->prev = ep->prev; + if (ep->var) + free(ep->var); + if (ep->value) + free(ep->value); + free(ep); + } +} + + void +env_export(var) + unsigned char *var; +{ + register struct env_lst *ep; + + if (ep = env_find(var)) + ep->export = 1; +} + + void +env_unexport(var) + unsigned char *var; +{ + register struct env_lst *ep; + + if (ep = env_find(var)) + ep->export = 0; +} + + void +env_send(var) + unsigned char *var; +{ + register struct env_lst *ep; + + if (my_state_is_wont(TELOPT_NEW_ENVIRON) +#ifdef OLD_ENVIRON + && my_state_is_wont(TELOPT_OLD_ENVIRON) +#endif + ) { + fprintf(stderr, + "Cannot send '%s': Telnet ENVIRON option not enabled\n", + var); + return; + } + ep = env_find(var); + if (ep == 0) { + fprintf(stderr, "Cannot send '%s': variable not defined\n", + var); + return; + } + env_opt_start_info(); + env_opt_add(ep->var); + env_opt_end(0); +} + + void +env_list() +{ + register struct env_lst *ep; + + for (ep = envlisthead.next; ep; ep = ep->next) { + printf("%c %-20s %s\n", ep->export ? '*' : ' ', + ep->var, ep->value); + } +} + + unsigned char * +env_default(init, welldefined) + int init; +{ + static struct env_lst *nep = NULL; + + if (init) { + nep = &envlisthead; + return; + } + if (nep) { + while (nep = nep->next) { + if (nep->export && (nep->welldefined == welldefined)) + return(nep->var); + } + } + return(NULL); +} + + unsigned char * +env_getvalue(var) + unsigned char *var; +{ + register struct env_lst *ep; + + if (ep = env_find(var)) + return(ep->value); + return(NULL); +} + +#if defined(OLD_ENVIRON) && defined(ENV_HACK) + void +env_varval(what) + unsigned char *what; +{ + extern int old_env_var, old_env_value, env_auto; + int len = strlen((char *)what); + + if (len == 0) + goto unknown; + + if (strncasecmp((char *)what, "status", len) == 0) { + if (env_auto) + printf("%s%s", "VAR and VALUE are/will be ", + "determined automatically\n"); + if (old_env_var == OLD_ENV_VAR) + printf("VAR and VALUE set to correct definitions\n"); + else + printf("VAR and VALUE definitions are reversed\n"); + } else if (strncasecmp((char *)what, "auto", len) == 0) { + env_auto = 1; + old_env_var = OLD_ENV_VALUE; + old_env_value = OLD_ENV_VAR; + } else if (strncasecmp((char *)what, "right", len) == 0) { + env_auto = 0; + old_env_var = OLD_ENV_VAR; + old_env_value = OLD_ENV_VALUE; + } else if (strncasecmp((char *)what, "wrong", len) == 0) { + env_auto = 0; + old_env_var = OLD_ENV_VALUE; + old_env_value = OLD_ENV_VAR; + } else { +unknown: + printf("Unknown \"varval\" command. (\"auto\", \"right\", \"wrong\", \"status\")\n"); + } +} +#endif + +#if defined(AUTHENTICATION) +/* + * The AUTHENTICATE command. + */ + +struct authlist { + char *name; + char *help; + int (*handler)(); + int narg; +}; + +extern int + auth_enable P((char *)), + auth_disable P((char *)), + auth_status P((void)); +static int + auth_help P((void)); + +struct authlist AuthList[] = { + { "status", "Display current status of authentication information", + auth_status, 0 }, + { "disable", "Disable an authentication type ('auth disable ?' for more)", + auth_disable, 1 }, + { "enable", "Enable an authentication type ('auth enable ?' for more)", + auth_enable, 1 }, + { "help", 0, auth_help, 0 }, + { "?", "Print help information", auth_help, 0 }, + { 0 }, +}; + + static int +auth_help() +{ + struct authlist *c; + + for (c = AuthList; c->name; c++) { + if (c->help) { + if (*c->help) + printf("%-15s %s\n", c->name, c->help); + else + printf("\n"); + } + } + return 0; +} + +auth_cmd(argc, argv) + int argc; + char *argv[]; +{ + struct authlist *c; + + if (argc < 2) { + fprintf(stderr, + "Need an argument to 'auth' command. 'auth ?' for help.\n"); + return 0; + } + + c = (struct authlist *) + genget(argv[1], (char **) AuthList, sizeof(struct authlist)); + if (c == 0) { + fprintf(stderr, "'%s': unknown argument ('auth ?' for help).\n", + argv[1]); + return 0; + } + if (Ambiguous(c)) { + fprintf(stderr, "'%s': ambiguous argument ('auth ?' for help).\n", + argv[1]); + return 0; + } + if (c->narg + 2 != argc) { + fprintf(stderr, + "Need %s%d argument%s to 'auth %s' command. 'auth ?' for help.\n", + c->narg < argc + 2 ? "only " : "", + c->narg, c->narg == 1 ? "" : "s", c->name); + return 0; + } + return((*c->handler)(argv[2], argv[3])); +} +#endif + +#ifdef ENCRYPTION +/* + * The ENCRYPT command. + */ + +struct encryptlist { + char *name; + char *help; + int (*handler)(); + int needconnect; + int minarg; + int maxarg; +}; + +extern int + EncryptEnable P((char *, char *)), + EncryptDisable P((char *, char *)), + EncryptType P((char *, char *)), + EncryptStart P((char *)), + EncryptStartInput P((void)), + EncryptStartOutput P((void)), + EncryptStop P((char *)), + EncryptStopInput P((void)), + EncryptStopOutput P((void)), + EncryptStatus P((void)); +static int + EncryptHelp P((void)); + +struct encryptlist EncryptList[] = { + { "enable", "Enable encryption. ('encrypt enable ?' for more)", + EncryptEnable, 1, 1, 2 }, + { "disable", "Disable encryption. ('encrypt enable ?' for more)", + EncryptDisable, 0, 1, 2 }, + { "type", "Set encryption type. ('encrypt type ?' for more)", + EncryptType, 0, 1, 1 }, + { "start", "Start encryption. ('encrypt start ?' for more)", + EncryptStart, 1, 0, 1 }, + { "stop", "Stop encryption. ('encrypt stop ?' for more)", + EncryptStop, 1, 0, 1 }, + { "input", "Start encrypting the input stream", + EncryptStartInput, 1, 0, 0 }, + { "-input", "Stop encrypting the input stream", + EncryptStopInput, 1, 0, 0 }, + { "output", "Start encrypting the output stream", + EncryptStartOutput, 1, 0, 0 }, + { "-output", "Stop encrypting the output stream", + EncryptStopOutput, 1, 0, 0 }, + + { "status", "Display current status of authentication information", + EncryptStatus, 0, 0, 0 }, + { "help", 0, EncryptHelp, 0, 0, 0 }, + { "?", "Print help information", EncryptHelp, 0, 0, 0 }, + { 0 }, +}; + + static int +EncryptHelp() +{ + struct encryptlist *c; + + for (c = EncryptList; c->name; c++) { + if (c->help) { + if (*c->help) + printf("%-15s %s\n", c->name, c->help); + else + printf("\n"); + } + } + return 0; +} + +encrypt_cmd(argc, argv) + int argc; + char *argv[]; +{ + struct encryptlist *c; + + if (argc < 2) { + fprintf(stderr, + "Need an argument to 'encrypt' command. 'encrypt ?' for help.\n"); + return 0; + } + + c = (struct encryptlist *) + genget(argv[1], (char **) EncryptList, sizeof(struct encryptlist)); + if (c == 0) { + fprintf(stderr, "'%s': unknown argument ('encrypt ?' for help).\n", + argv[1]); + return 0; + } + if (Ambiguous(c)) { + fprintf(stderr, "'%s': ambiguous argument ('encrypt ?' for help).\n", + argv[1]); + return 0; + } + argc -= 2; + if (argc < c->minarg || argc > c->maxarg) { + if (c->minarg == c->maxarg) { + fprintf(stderr, "Need %s%d argument%s ", + c->minarg < argc ? "only " : "", c->minarg, + c->minarg == 1 ? "" : "s"); + } else { + fprintf(stderr, "Need %s%d-%d arguments ", + c->maxarg < argc ? "only " : "", c->minarg, c->maxarg); + } + fprintf(stderr, "to 'encrypt %s' command. 'encrypt ?' for help.\n", + c->name); + return 0; + } + if (c->needconnect && !connected) { + if (!(argc && (isprefix(argv[2], "help") || isprefix(argv[2], "?")))) { + printf("?Need to be connected first.\n"); + return 0; + } + } + return ((*c->handler)(argc > 0 ? argv[2] : 0, + argc > 1 ? argv[3] : 0, + argc > 2 ? argv[4] : 0)); +} +#endif /* ENCRYPTION */ + +#if defined(unix) && defined(TN3270) + static void +filestuff(fd) + int fd; +{ + int res; + +#ifdef F_GETOWN + setconnmode(0); + res = fcntl(fd, F_GETOWN, 0); + setcommandmode(); + + if (res == -1) { + perror("fcntl"); + return; + } + printf("\tOwner is %d.\n", res); +#endif + + setconnmode(0); + res = fcntl(fd, F_GETFL, 0); + setcommandmode(); + + if (res == -1) { + perror("fcntl"); + return; + } +#ifdef notdef + printf("\tFlags are 0x%x: %s\n", res, decodeflags(res)); +#endif +} +#endif /* defined(unix) && defined(TN3270) */ + +/* + * Print status about the connection. + */ + /*ARGSUSED*/ + static +status(argc, argv) + int argc; + char *argv[]; +{ + if (connected) { + printf("Connected to %s.\n", hostname); + if ((argc < 2) || strcmp(argv[1], "notmuch")) { + int mode = getconnmode(); + + if (my_want_state_is_will(TELOPT_LINEMODE)) { + printf("Operating with LINEMODE option\n"); + printf("%s line editing\n", (mode&MODE_EDIT) ? "Local" : "No"); + printf("%s catching of signals\n", + (mode&MODE_TRAPSIG) ? "Local" : "No"); + slcstate(); +#ifdef KLUDGELINEMODE + } else if (kludgelinemode && my_want_state_is_dont(TELOPT_SGA)) { + printf("Operating in obsolete linemode\n"); +#endif + } else { + printf("Operating in single character mode\n"); + if (localchars) + printf("Catching signals locally\n"); + } + printf("%s character echo\n", (mode&MODE_ECHO) ? "Local" : "Remote"); + if (my_want_state_is_will(TELOPT_LFLOW)) + printf("%s flow control\n", (mode&MODE_FLOW) ? "Local" : "No"); +#ifdef ENCRYPTION + encrypt_display(); +#endif /* ENCRYPTION */ + } + } else { + printf("No connection.\n"); + } +# if !defined(TN3270) + printf("Escape character is '%s'.\n", control(escape)); + (void) fflush(stdout); +# else /* !defined(TN3270) */ + if ((!In3270) && ((argc < 2) || strcmp(argv[1], "notmuch"))) { + printf("Escape character is '%s'.\n", control(escape)); + } +# if defined(unix) + if ((argc >= 2) && !strcmp(argv[1], "everything")) { + printf("SIGIO received %d time%s.\n", + sigiocount, (sigiocount == 1)? "":"s"); + if (In3270) { + printf("Process ID %d, process group %d.\n", + getpid(), getpgrp(getpid())); + printf("Terminal input:\n"); + filestuff(tin); + printf("Terminal output:\n"); + filestuff(tout); + printf("Network socket:\n"); + filestuff(net); + } + } + if (In3270 && transcom) { + printf("Transparent mode command is '%s'.\n", transcom); + } +# endif /* defined(unix) */ + (void) fflush(stdout); + if (In3270) { + return 0; + } +# endif /* defined(TN3270) */ + return 1; +} + +#ifdef SIGINFO +/* + * Function that gets called when SIGINFO is received. + */ +ayt_status() +{ + (void) call(status, "status", "notmuch", 0); +} +#endif + +unsigned long inet_addr(); + + int +tn(argc, argv) + int argc; + char *argv[]; +{ + register struct hostent *host = 0; + struct sockaddr_in sin; + struct servent *sp = 0; + unsigned long temp; + extern char *inet_ntoa(); +#if defined(IP_OPTIONS) && defined(IPPROTO_IP) + char *srp = 0, *strrchr(); + unsigned long sourceroute(), srlen; +#endif + char *cmd, *hostp = 0, *portp = 0, *user = 0; + + /* clear the socket address prior to use */ + memset((char *)&sin, 0, sizeof(sin)); + + if (connected) { + printf("?Already connected to %s\n", hostname); + setuid(getuid()); + return 0; + } + if (argc < 2) { + (void) strcpy(line, "open "); + printf("(to) "); + (void) fgets(&line[strlen(line)], sizeof(line) - strlen(line), stdin); + makeargv(); + argc = margc; + argv = margv; + } + cmd = *argv; + --argc; ++argv; + while (argc) { + if (strcmp(*argv, "help") == 0 || isprefix(*argv, "?")) + goto usage; + if (strcmp(*argv, "-l") == 0) { + --argc; ++argv; + if (argc == 0) + goto usage; + user = *argv++; + --argc; + continue; + } + if (strcmp(*argv, "-a") == 0) { + --argc; ++argv; + autologin = 1; + continue; + } + if (hostp == 0) { + hostp = *argv++; + --argc; + continue; + } + if (portp == 0) { + portp = *argv++; + --argc; + continue; + } + usage: + printf("usage: %s [-l user] [-a] host-name [port]\n", cmd); + setuid(getuid()); + return 0; + } + if (hostp == 0) + goto usage; + +#if defined(IP_OPTIONS) && defined(IPPROTO_IP) + if (hostp[0] == '@' || hostp[0] == '!') { + if ((hostname = strrchr(hostp, ':')) == NULL) + hostname = strrchr(hostp, '@'); + hostname++; + srp = 0; + temp = sourceroute(hostp, &srp, &srlen); + if (temp == 0) { + herror(srp); + setuid(getuid()); + return 0; + } else if (temp == -1) { + printf("Bad source route option: %s\n", hostp); + setuid(getuid()); + return 0; + } else { + sin.sin_addr.s_addr = temp; + sin.sin_family = AF_INET; + } + } else { +#endif + temp = inet_addr(hostp); + if (temp != (unsigned long) -1) { + sin.sin_addr.s_addr = temp; + sin.sin_family = AF_INET; + (void) strcpy(_hostname, hostp); + hostname = _hostname; + } else { + host = gethostbyname(hostp); + if (host) { + sin.sin_family = host->h_addrtype; +#if defined(h_addr) /* In 4.3, this is a #define */ + memmove((caddr_t)&sin.sin_addr, + host->h_addr_list[0], host->h_length); +#else /* defined(h_addr) */ + memmove((caddr_t)&sin.sin_addr, host->h_addr, host->h_length); +#endif /* defined(h_addr) */ + strncpy(_hostname, host->h_name, sizeof(_hostname)); + _hostname[sizeof(_hostname)-1] = '\0'; + hostname = _hostname; + } else { + herror(hostp); + setuid(getuid()); + return 0; + } + } +#if defined(IP_OPTIONS) && defined(IPPROTO_IP) + } +#endif + if (portp) { + if (*portp == '-') { + portp++; + telnetport = 1; + } else + telnetport = 0; + sin.sin_port = atoi(portp); + if (sin.sin_port == 0) { + sp = getservbyname(portp, "tcp"); + if (sp) + sin.sin_port = sp->s_port; + else { + printf("%s: bad port number\n", portp); + setuid(getuid()); + return 0; + } + } else { +#if !defined(htons) + u_short htons P((unsigned short)); +#endif /* !defined(htons) */ + sin.sin_port = htons(sin.sin_port); + } + } else { + if (sp == 0) { + sp = getservbyname("telnet", "tcp"); + if (sp == 0) { + fprintf(stderr, "telnet: tcp/telnet: unknown service\n"); + setuid(getuid()); + return 0; + } + sin.sin_port = sp->s_port; + } + telnetport = 1; + } + printf("Trying %s...\n", inet_ntoa(sin.sin_addr)); + do { + net = socket(AF_INET, SOCK_STREAM, 0); + setuid(getuid()); + if (net < 0) { + perror("telnet: socket"); + return 0; + } +#if defined(IP_OPTIONS) && defined(IPPROTO_IP) + if (srp && setsockopt(net, IPPROTO_IP, IP_OPTIONS, (char *)srp, srlen) < 0) + perror("setsockopt (IP_OPTIONS)"); +#endif +#if defined(IPPROTO_IP) && defined(IP_TOS) + { +# if defined(HAS_GETTOS) + struct tosent *tp; + if (tos < 0 && (tp = gettosbyname("telnet", "tcp"))) + tos = tp->t_tos; +# endif + if (tos < 0) + tos = 020; /* Low Delay bit */ + if (tos + && (setsockopt(net, IPPROTO_IP, IP_TOS, + (char *)&tos, sizeof(int)) < 0) + && (errno != ENOPROTOOPT)) + perror("telnet: setsockopt (IP_TOS) (ignored)"); + } +#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ + + if (debug && SetSockOpt(net, SOL_SOCKET, SO_DEBUG, 1) < 0) { + perror("setsockopt (SO_DEBUG)"); + } + + if (connect(net, (struct sockaddr *)&sin, sizeof (sin)) < 0) { +#if defined(h_addr) /* In 4.3, this is a #define */ + if (host && host->h_addr_list[1]) { + int oerrno = errno; + + fprintf(stderr, "telnet: connect to address %s: ", + inet_ntoa(sin.sin_addr)); + errno = oerrno; + perror((char *)0); + host->h_addr_list++; + memmove((caddr_t)&sin.sin_addr, + host->h_addr_list[0], host->h_length); + (void) NetClose(net); + continue; + } +#endif /* defined(h_addr) */ + perror("telnet: Unable to connect to remote host"); + return 0; + } + connected++; +#if defined(AUTHENTICATION) || defined(ENCRYPTION) + auth_encrypt_connect(connected); +#endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */ + } while (connected == 0); + cmdrc(hostp, hostname); + if (autologin && user == NULL) { + struct passwd *pw; + + user = getenv("USER"); + if (user == NULL || + (pw = getpwnam(user)) && pw->pw_uid != getuid()) { + if (pw = getpwuid(getuid())) + user = pw->pw_name; + else + user = NULL; + } + } + if (user) { + env_define((unsigned char *)"USER", (unsigned char *)user); + env_export((unsigned char *)"USER"); + } + (void) call(status, "status", "notmuch", 0); + if (setjmp(peerdied) == 0) + telnet(user); + (void) NetClose(net); + ExitString("Connection closed by foreign host.\n",1); + /*NOTREACHED*/ +} + +#define HELPINDENT (sizeof ("connect")) + +static char + openhelp[] = "connect to a site", + closehelp[] = "close current connection", + logouthelp[] = "forcibly logout remote user and close the connection", + quithelp[] = "exit telnet", + statushelp[] = "print status information", + helphelp[] = "print help information", + sendhelp[] = "transmit special characters ('send ?' for more)", + sethelp[] = "set operating parameters ('set ?' for more)", + unsethelp[] = "unset operating parameters ('unset ?' for more)", + togglestring[] ="toggle operating parameters ('toggle ?' for more)", + slchelp[] = "change state of special charaters ('slc ?' for more)", + displayhelp[] = "display operating parameters", +#if defined(TN3270) && defined(unix) + transcomhelp[] = "specify Unix command for transparent mode pipe", +#endif /* defined(TN3270) && defined(unix) */ +#if defined(AUTHENTICATION) + authhelp[] = "turn on (off) authentication ('auth ?' for more)", +#endif +#ifdef ENCRYPTION + encrypthelp[] = "turn on (off) encryption ('encrypt ?' for more)", +#endif /* ENCRYPTION */ +#if defined(unix) + zhelp[] = "suspend telnet", +#endif /* defined(unix) */ + shellhelp[] = "invoke a subshell", + envhelp[] = "change environment variables ('environ ?' for more)", + modestring[] = "try to enter line or character mode ('mode ?' for more)"; + +static int help(); + +static Command cmdtab[] = { + { "close", closehelp, bye, 1 }, + { "logout", logouthelp, logout, 1 }, + { "display", displayhelp, display, 0 }, + { "mode", modestring, modecmd, 0 }, + { "open", openhelp, tn, 0 }, + { "quit", quithelp, quit, 0 }, + { "send", sendhelp, sendcmd, 0 }, + { "set", sethelp, setcmd, 0 }, + { "unset", unsethelp, unsetcmd, 0 }, + { "status", statushelp, status, 0 }, + { "toggle", togglestring, toggle, 0 }, + { "slc", slchelp, slccmd, 0 }, +#if defined(TN3270) && defined(unix) + { "transcom", transcomhelp, settranscom, 0 }, +#endif /* defined(TN3270) && defined(unix) */ +#if defined(AUTHENTICATION) + { "auth", authhelp, auth_cmd, 0 }, +#endif +#ifdef ENCRYPTION + { "encrypt", encrypthelp, encrypt_cmd, 0 }, +#endif /* ENCRYPTION */ +#if defined(unix) + { "z", zhelp, suspend, 0 }, +#endif /* defined(unix) */ +#if defined(TN3270) + { "!", shellhelp, shell, 1 }, +#else + { "!", shellhelp, shell, 0 }, +#endif + { "environ", envhelp, env_cmd, 0 }, + { "?", helphelp, help, 0 }, + 0 +}; + +static char crmodhelp[] = "deprecated command -- use 'toggle crmod' instead"; +static char escapehelp[] = "deprecated command -- use 'set escape' instead"; + +static Command cmdtab2[] = { + { "help", 0, help, 0 }, + { "escape", escapehelp, setescape, 0 }, + { "crmod", crmodhelp, togcrmod, 0 }, + 0 +}; + + +/* + * Call routine with argc, argv set from args (terminated by 0). + */ + + /*VARARGS1*/ + static +call(va_alist) + va_dcl +{ + va_list ap; + typedef int (*intrtn_t)(); + intrtn_t routine; + char *args[100]; + int argno = 0; + + va_start(ap); + routine = (va_arg(ap, intrtn_t)); + while ((args[argno++] = va_arg(ap, char *)) != 0) { + ; + } + va_end(ap); + return (*routine)(argno-1, args); +} + + + static Command * +getcmd(name) + char *name; +{ + Command *cm; + + if (cm = (Command *) genget(name, (char **) cmdtab, sizeof(Command))) + return cm; + return (Command *) genget(name, (char **) cmdtab2, sizeof(Command)); +} + + void +command(top, tbuf, cnt) + int top; + char *tbuf; + int cnt; +{ + register Command *c; + + setcommandmode(); + if (!top) { + putchar('\n'); +#if defined(unix) + } else { + (void) signal(SIGINT, SIG_DFL); + (void) signal(SIGQUIT, SIG_DFL); +#endif /* defined(unix) */ + } + for (;;) { + if (rlogin == _POSIX_VDISABLE) + printf("%s> ", prompt); + if (tbuf) { + register char *cp; + cp = line; + while (cnt > 0 && (*cp++ = *tbuf++) != '\n') + cnt--; + tbuf = 0; + if (cp == line || *--cp != '\n' || cp == line) + goto getline; + *cp = '\0'; + if (rlogin == _POSIX_VDISABLE) + printf("%s\n", line); + } else { + getline: + if (rlogin != _POSIX_VDISABLE) + printf("%s> ", prompt); + if (fgets(line, sizeof(line), stdin) == NULL) { + if (feof(stdin) || ferror(stdin)) { + (void) quit(); + /*NOTREACHED*/ + } + break; + } + } + if (line[0] == 0) + break; + makeargv(); + if (margv[0] == 0) { + break; + } + c = getcmd(margv[0]); + if (Ambiguous(c)) { + printf("?Ambiguous command\n"); + continue; + } + if (c == 0) { + printf("?Invalid command\n"); + continue; + } + if (c->needconnect && !connected) { + printf("?Need to be connected first.\n"); + continue; + } + if ((*c->handler)(margc, margv)) { + break; + } + } + if (!top) { + if (!connected) { + longjmp(toplevel, 1); + /*NOTREACHED*/ + } +#if defined(TN3270) + if (shell_active == 0) { + setconnmode(0); + } +#else /* defined(TN3270) */ + setconnmode(0); +#endif /* defined(TN3270) */ + } +} + +/* + * Help command. + */ + static +help(argc, argv) + int argc; + char *argv[]; +{ + register Command *c; + + if (argc == 1) { + printf("Commands may be abbreviated. Commands are:\n\n"); + for (c = cmdtab; c->name; c++) + if (c->help) { + printf("%-*s\t%s\n", HELPINDENT, c->name, + c->help); + } + return 0; + } + while (--argc > 0) { + register char *arg; + arg = *++argv; + c = getcmd(arg); + if (Ambiguous(c)) + printf("?Ambiguous help command %s\n", arg); + else if (c == (Command *)0) + printf("?Invalid help command %s\n", arg); + else + printf("%s\n", c->help); + } + return 0; +} + +static char *rcname = 0; +static char rcbuf[128]; + +cmdrc(m1, m2) + char *m1, *m2; +{ + register Command *c; + FILE *rcfile; + int gotmachine = 0; + int l1 = strlen(m1); + int l2 = strlen(m2); + char m1save[64]; + + if (skiprc) + return; + + strcpy(m1save, m1); + m1 = m1save; + + if (rcname == 0) { + rcname = getenv("HOME"); + if (rcname) + strcpy(rcbuf, rcname); + else + rcbuf[0] = '\0'; + strcat(rcbuf, "/.telnetrc"); + rcname = rcbuf; + } + + if ((rcfile = fopen(rcname, "r")) == 0) { + return; + } + + for (;;) { + if (fgets(line, sizeof(line), rcfile) == NULL) + break; + if (line[0] == 0) + break; + if (line[0] == '#') + continue; + if (gotmachine) { + if (!isspace(line[0])) + gotmachine = 0; + } + if (gotmachine == 0) { + if (isspace(line[0])) + continue; + if (strncasecmp(line, m1, l1) == 0) + strncpy(line, &line[l1], sizeof(line) - l1); + else if (strncasecmp(line, m2, l2) == 0) + strncpy(line, &line[l2], sizeof(line) - l2); + else if (strncasecmp(line, "DEFAULT", 7) == 0) + strncpy(line, &line[7], sizeof(line) - 7); + else + continue; + if (line[0] != ' ' && line[0] != '\t' && line[0] != '\n') + continue; + gotmachine = 1; + } + makeargv(); + if (margv[0] == 0) + continue; + c = getcmd(margv[0]); + if (Ambiguous(c)) { + printf("?Ambiguous command: %s\n", margv[0]); + continue; + } + if (c == 0) { + printf("?Invalid command: %s\n", margv[0]); + continue; + } + /* + * This should never happen... + */ + if (c->needconnect && !connected) { + printf("?Need to be connected first for %s.\n", margv[0]); + continue; + } + (*c->handler)(margc, margv); + } + fclose(rcfile); +} + +#if defined(IP_OPTIONS) && defined(IPPROTO_IP) + +/* + * Source route is handed in as + * [!]@hop1@hop2...[@|:]dst + * If the leading ! is present, it is a + * strict source route, otherwise it is + * assmed to be a loose source route. + * + * We fill in the source route option as + * hop1,hop2,hop3...dest + * and return a pointer to hop1, which will + * be the address to connect() to. + * + * Arguments: + * arg: pointer to route list to decipher + * + * cpp: If *cpp is not equal to NULL, this is a + * pointer to a pointer to a character array + * that should be filled in with the option. + * + * lenp: pointer to an integer that contains the + * length of *cpp if *cpp != NULL. + * + * Return values: + * + * Returns the address of the host to connect to. If the + * return value is -1, there was a syntax error in the + * option, either unknown characters, or too many hosts. + * If the return value is 0, one of the hostnames in the + * path is unknown, and *cpp is set to point to the bad + * hostname. + * + * *cpp: If *cpp was equal to NULL, it will be filled + * in with a pointer to our static area that has + * the option filled in. This will be 32bit aligned. + * + * *lenp: This will be filled in with how long the option + * pointed to by *cpp is. + * + */ + unsigned long +sourceroute(arg, cpp, lenp) + char *arg; + char **cpp; + int *lenp; +{ + static char lsr[44]; +#ifdef sysV88 + static IOPTN ipopt; +#endif + char *cp, *cp2, *lsrp, *lsrep; + register int tmp; + struct in_addr sin_addr; + register struct hostent *host = 0; + register char c; + + /* + * Verify the arguments, and make sure we have + * at least 7 bytes for the option. + */ + if (cpp == NULL || lenp == NULL) + return((unsigned long)-1); + if (*cpp != NULL && *lenp < 7) + return((unsigned long)-1); + /* + * Decide whether we have a buffer passed to us, + * or if we need to use our own static buffer. + */ + if (*cpp) { + lsrp = *cpp; + lsrep = lsrp + *lenp; + } else { + *cpp = lsrp = lsr; + lsrep = lsrp + 44; + } + + cp = arg; + + /* + * Next, decide whether we have a loose source + * route or a strict source route, and fill in + * the begining of the option. + */ +#ifndef sysV88 + if (*cp == '!') { + cp++; + *lsrp++ = IPOPT_SSRR; + } else + *lsrp++ = IPOPT_LSRR; +#else + if (*cp == '!') { + cp++; + ipopt.io_type = IPOPT_SSRR; + } else + ipopt.io_type = IPOPT_LSRR; +#endif + + if (*cp != '@') + return((unsigned long)-1); + +#ifndef sysV88 + lsrp++; /* skip over length, we'll fill it in later */ + *lsrp++ = 4; +#endif + + cp++; + + sin_addr.s_addr = 0; + + for (c = 0;;) { + if (c == ':') + cp2 = 0; + else for (cp2 = cp; c = *cp2; cp2++) { + if (c == ',') { + *cp2++ = '\0'; + if (*cp2 == '@') + cp2++; + } else if (c == '@') { + *cp2++ = '\0'; + } else if (c == ':') { + *cp2++ = '\0'; + } else + continue; + break; + } + if (!c) + cp2 = 0; + + if ((tmp = inet_addr(cp)) != -1) { + sin_addr.s_addr = tmp; + } else if (host = gethostbyname(cp)) { +#if defined(h_addr) + memmove((caddr_t)&sin_addr, + host->h_addr_list[0], host->h_length); +#else + memmove((caddr_t)&sin_addr, host->h_addr, host->h_length); +#endif + } else { + *cpp = cp; + return(0); + } + memmove(lsrp, (char *)&sin_addr, 4); + lsrp += 4; + if (cp2) + cp = cp2; + else + break; + /* + * Check to make sure there is space for next address + */ + if (lsrp + 4 > lsrep) + return((unsigned long)-1); + } +#ifndef sysV88 + if ((*(*cpp+IPOPT_OLEN) = lsrp - *cpp) <= 7) { + *cpp = 0; + *lenp = 0; + return((unsigned long)-1); + } + *lsrp++ = IPOPT_NOP; /* 32 bit word align it */ + *lenp = lsrp - *cpp; +#else + ipopt.io_len = lsrp - *cpp; + if (ipopt.io_len <= 5) { /* Is 3 better ? */ + *cpp = 0; + *lenp = 0; + return((unsigned long)-1); + } + *lenp = sizeof(ipopt); + *cpp = (char *) &ipopt; +#endif + return(sin_addr.s_addr); +} +#endif diff --git a/secure/usr.bin/telnet/defines.h b/secure/usr.bin/telnet/defines.h new file mode 100644 index 0000000..0978173 --- /dev/null +++ b/secure/usr.bin/telnet/defines.h @@ -0,0 +1,61 @@ +/* + * Copyright (c) 1988, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)defines.h 8.1 (Berkeley) 6/6/93 + */ + +#define settimer(x) clocks.x = clocks.system++ + +#if !defined(TN3270) + +#define SetIn3270() + +#endif /* !defined(TN3270) */ + +#define NETADD(c) { *netoring.supply = c; ring_supplied(&netoring, 1); } +#define NET2ADD(c1,c2) { NETADD(c1); NETADD(c2); } +#define NETBYTES() (ring_full_count(&netoring)) +#define NETROOM() (ring_empty_count(&netoring)) + +#define TTYADD(c) if (!(SYNCHing||flushout)) { \ + *ttyoring.supply = c; \ + ring_supplied(&ttyoring, 1); \ + } +#define TTYBYTES() (ring_full_count(&ttyoring)) +#define TTYROOM() (ring_empty_count(&ttyoring)) + +/* Various modes */ +#define MODE_LOCAL_CHARS(m) ((m)&(MODE_EDIT|MODE_TRAPSIG)) +#define MODE_LOCAL_ECHO(m) ((m)&MODE_ECHO) +#define MODE_COMMAND_LINE(m) ((m)==-1) + +#define CONTROL(x) ((x)&0x1f) /* CTRL(x) is not portable */ diff --git a/secure/usr.bin/telnet/externs.h b/secure/usr.bin/telnet/externs.h new file mode 100644 index 0000000..7c52be9 --- /dev/null +++ b/secure/usr.bin/telnet/externs.h @@ -0,0 +1,482 @@ +/* + * Copyright (c) 1988, 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)externs.h 8.3 (Berkeley) 5/30/95 + */ + +#ifndef BSD +# define BSD 43 +#endif + +/* + * ucb stdio.h defines BSD as something wierd + */ +#if defined(sun) && defined(__svr4__) +#define BSD 43 +#endif + +#ifndef USE_TERMIO +# if BSD > 43 || defined(SYSV_TERMIO) +# define USE_TERMIO +# endif +#endif + +#include <stdio.h> +#include <setjmp.h> +#if defined(CRAY) && !defined(NO_BSD_SETJMP) +#include <bsdsetjmp.h> +#endif +#ifndef FILIO_H +#include <sys/ioctl.h> +#else +#include <sys/filio.h> +#endif +#ifdef CRAY +# include <errno.h> +#endif /* CRAY */ +#ifdef USE_TERMIO +# ifndef VINTR +# ifdef SYSV_TERMIO +# include <sys/termio.h> +# else +# include <sys/termios.h> +# define termio termios +# endif +# endif +#endif +#if defined(NO_CC_T) || !defined(USE_TERMIO) +# if !defined(USE_TERMIO) +typedef char cc_t; +# else +typedef unsigned char cc_t; +# endif +#endif + +#ifndef NO_STRING_H +#include <string.h> +#else +#include <strings.h> +#endif + +#ifndef _POSIX_VDISABLE +# ifdef sun +# include <sys/param.h> /* pick up VDISABLE definition, mayby */ +# endif +# ifdef VDISABLE +# define _POSIX_VDISABLE VDISABLE +# else +# define _POSIX_VDISABLE ((cc_t)'\377') +# endif +#endif + +#define SUBBUFSIZE 256 + +#ifndef CRAY +extern int errno; /* outside this world */ +#endif /* !CRAY */ + +#if !defined(P) +# ifdef __STDC__ +# define P(x) x +# else +# define P(x) () +# endif +#endif + +extern int + autologin, /* Autologin enabled */ + skiprc, /* Don't process the ~/.telnetrc file */ + eight, /* use eight bit mode (binary in and/or out */ + flushout, /* flush output */ + connected, /* Are we connected to the other side? */ + globalmode, /* Mode tty should be in */ + In3270, /* Are we in 3270 mode? */ + telnetport, /* Are we connected to the telnet port? */ + localflow, /* Flow control handled locally */ + restartany, /* If flow control, restart output on any character */ + localchars, /* we recognize interrupt/quit */ + donelclchars, /* the user has set "localchars" */ + showoptions, + net, /* Network file descriptor */ + tin, /* Terminal input file descriptor */ + tout, /* Terminal output file descriptor */ + crlf, /* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */ + autoflush, /* flush output when interrupting? */ + autosynch, /* send interrupt characters with SYNCH? */ + SYNCHing, /* Is the stream in telnet SYNCH mode? */ + donebinarytoggle, /* the user has put us in binary */ + dontlecho, /* do we suppress local echoing right now? */ + crmod, + netdata, /* Print out network data flow */ + prettydump, /* Print "netdata" output in user readable format */ +#if defined(unix) +#if defined(TN3270) + cursesdata, /* Print out curses data flow */ + apitrace, /* Trace API transactions */ +#endif /* defined(TN3270) */ + termdata, /* Print out terminal data flow */ +#endif /* defined(unix) */ + debug; /* Debug level */ + +extern cc_t escape; /* Escape to command mode */ +extern cc_t rlogin; /* Rlogin mode escape character */ +#ifdef KLUDGELINEMODE +extern cc_t echoc; /* Toggle local echoing */ +#endif + +extern char + *prompt; /* Prompt for command. */ + +extern char + doopt[], + dont[], + will[], + wont[], + options[], /* All the little options */ + *hostname; /* Who are we connected to? */ +#ifdef ENCRYPTION +extern void (*encrypt_output) P((unsigned char *, int)); +extern int (*decrypt_input) P((int)); +#endif /* ENCRYPTION */ + +/* + * We keep track of each side of the option negotiation. + */ + +#define MY_STATE_WILL 0x01 +#define MY_WANT_STATE_WILL 0x02 +#define MY_STATE_DO 0x04 +#define MY_WANT_STATE_DO 0x08 + +/* + * Macros to check the current state of things + */ + +#define my_state_is_do(opt) (options[opt]&MY_STATE_DO) +#define my_state_is_will(opt) (options[opt]&MY_STATE_WILL) +#define my_want_state_is_do(opt) (options[opt]&MY_WANT_STATE_DO) +#define my_want_state_is_will(opt) (options[opt]&MY_WANT_STATE_WILL) + +#define my_state_is_dont(opt) (!my_state_is_do(opt)) +#define my_state_is_wont(opt) (!my_state_is_will(opt)) +#define my_want_state_is_dont(opt) (!my_want_state_is_do(opt)) +#define my_want_state_is_wont(opt) (!my_want_state_is_will(opt)) + +#define set_my_state_do(opt) {options[opt] |= MY_STATE_DO;} +#define set_my_state_will(opt) {options[opt] |= MY_STATE_WILL;} +#define set_my_want_state_do(opt) {options[opt] |= MY_WANT_STATE_DO;} +#define set_my_want_state_will(opt) {options[opt] |= MY_WANT_STATE_WILL;} + +#define set_my_state_dont(opt) {options[opt] &= ~MY_STATE_DO;} +#define set_my_state_wont(opt) {options[opt] &= ~MY_STATE_WILL;} +#define set_my_want_state_dont(opt) {options[opt] &= ~MY_WANT_STATE_DO;} +#define set_my_want_state_wont(opt) {options[opt] &= ~MY_WANT_STATE_WILL;} + +/* + * Make everything symetrical + */ + +#define HIS_STATE_WILL MY_STATE_DO +#define HIS_WANT_STATE_WILL MY_WANT_STATE_DO +#define HIS_STATE_DO MY_STATE_WILL +#define HIS_WANT_STATE_DO MY_WANT_STATE_WILL + +#define his_state_is_do my_state_is_will +#define his_state_is_will my_state_is_do +#define his_want_state_is_do my_want_state_is_will +#define his_want_state_is_will my_want_state_is_do + +#define his_state_is_dont my_state_is_wont +#define his_state_is_wont my_state_is_dont +#define his_want_state_is_dont my_want_state_is_wont +#define his_want_state_is_wont my_want_state_is_dont + +#define set_his_state_do set_my_state_will +#define set_his_state_will set_my_state_do +#define set_his_want_state_do set_my_want_state_will +#define set_his_want_state_will set_my_want_state_do + +#define set_his_state_dont set_my_state_wont +#define set_his_state_wont set_my_state_dont +#define set_his_want_state_dont set_my_want_state_wont +#define set_his_want_state_wont set_my_want_state_dont + + +extern FILE + *NetTrace; /* Where debugging output goes */ +extern unsigned char + NetTraceFile[]; /* Name of file where debugging output goes */ +extern void + SetNetTrace P((char *)); /* Function to change where debugging goes */ + +extern jmp_buf + peerdied, + toplevel; /* For error conditions. */ + +extern void + command P((int, char *, int)), + Dump P((int, unsigned char *, int)), + init_3270 P((void)), + printoption P((char *, int, int)), + printsub P((int, unsigned char *, int)), + sendnaws P((void)), + setconnmode P((int)), + setcommandmode P((void)), + setneturg P((void)), + sys_telnet_init P((void)), + telnet P((char *)), + tel_enter_binary P((int)), + TerminalFlushOutput P((void)), + TerminalNewMode P((int)), + TerminalRestoreState P((void)), + TerminalSaveState P((void)), + tninit P((void)), + upcase P((char *)), + willoption P((int)), + wontoption P((int)); + +extern void + send_do P((int, int)), + send_dont P((int, int)), + send_will P((int, int)), + send_wont P((int, int)); + +extern void + lm_will P((unsigned char *, int)), + lm_wont P((unsigned char *, int)), + lm_do P((unsigned char *, int)), + lm_dont P((unsigned char *, int)), + lm_mode P((unsigned char *, int, int)); + +extern void + slc_init P((void)), + slcstate P((void)), + slc_mode_export P((void)), + slc_mode_import P((int)), + slc_import P((int)), + slc_export P((void)), + slc P((unsigned char *, int)), + slc_check P((void)), + slc_start_reply P((void)), + slc_add_reply P((int, int, int)), + slc_end_reply P((void)); +extern int + slc_update P((void)); + +extern void + env_opt P((unsigned char *, int)), + env_opt_start P((void)), + env_opt_start_info P((void)), + env_opt_add P((unsigned char *)), + env_opt_end P((int)); + +extern unsigned char + *env_default P((int, int)), + *env_getvalue P((unsigned char *)); + +extern int + get_status P((void)), + dosynch P((void)); + +extern cc_t + *tcval P((int)); + +#ifndef USE_TERMIO + +extern struct tchars ntc; +extern struct ltchars nltc; +extern struct sgttyb nttyb; + +# define termEofChar ntc.t_eofc +# define termEraseChar nttyb.sg_erase +# define termFlushChar nltc.t_flushc +# define termIntChar ntc.t_intrc +# define termKillChar nttyb.sg_kill +# define termLiteralNextChar nltc.t_lnextc +# define termQuitChar ntc.t_quitc +# define termSuspChar nltc.t_suspc +# define termRprntChar nltc.t_rprntc +# define termWerasChar nltc.t_werasc +# define termStartChar ntc.t_startc +# define termStopChar ntc.t_stopc +# define termForw1Char ntc.t_brkc +extern cc_t termForw2Char; +extern cc_t termAytChar; + +# define termEofCharp (cc_t *)&ntc.t_eofc +# define termEraseCharp (cc_t *)&nttyb.sg_erase +# define termFlushCharp (cc_t *)&nltc.t_flushc +# define termIntCharp (cc_t *)&ntc.t_intrc +# define termKillCharp (cc_t *)&nttyb.sg_kill +# define termLiteralNextCharp (cc_t *)&nltc.t_lnextc +# define termQuitCharp (cc_t *)&ntc.t_quitc +# define termSuspCharp (cc_t *)&nltc.t_suspc +# define termRprntCharp (cc_t *)&nltc.t_rprntc +# define termWerasCharp (cc_t *)&nltc.t_werasc +# define termStartCharp (cc_t *)&ntc.t_startc +# define termStopCharp (cc_t *)&ntc.t_stopc +# define termForw1Charp (cc_t *)&ntc.t_brkc +# define termForw2Charp (cc_t *)&termForw2Char +# define termAytCharp (cc_t *)&termAytChar + +# else + +extern struct termio new_tc; + +# define termEofChar new_tc.c_cc[VEOF] +# define termEraseChar new_tc.c_cc[VERASE] +# define termIntChar new_tc.c_cc[VINTR] +# define termKillChar new_tc.c_cc[VKILL] +# define termQuitChar new_tc.c_cc[VQUIT] + +# ifndef VSUSP +extern cc_t termSuspChar; +# else +# define termSuspChar new_tc.c_cc[VSUSP] +# endif +# if defined(VFLUSHO) && !defined(VDISCARD) +# define VDISCARD VFLUSHO +# endif +# ifndef VDISCARD +extern cc_t termFlushChar; +# else +# define termFlushChar new_tc.c_cc[VDISCARD] +# endif +# ifndef VWERASE +extern cc_t termWerasChar; +# else +# define termWerasChar new_tc.c_cc[VWERASE] +# endif +# ifndef VREPRINT +extern cc_t termRprntChar; +# else +# define termRprntChar new_tc.c_cc[VREPRINT] +# endif +# ifndef VLNEXT +extern cc_t termLiteralNextChar; +# else +# define termLiteralNextChar new_tc.c_cc[VLNEXT] +# endif +# ifndef VSTART +extern cc_t termStartChar; +# else +# define termStartChar new_tc.c_cc[VSTART] +# endif +# ifndef VSTOP +extern cc_t termStopChar; +# else +# define termStopChar new_tc.c_cc[VSTOP] +# endif +# ifndef VEOL +extern cc_t termForw1Char; +# else +# define termForw1Char new_tc.c_cc[VEOL] +# endif +# ifndef VEOL2 +extern cc_t termForw2Char; +# else +# define termForw2Char new_tc.c_cc[VEOL] +# endif +# ifndef VSTATUS +extern cc_t termAytChar; +#else +# define termAytChar new_tc.c_cc[VSTATUS] +#endif + +# if !defined(CRAY) || defined(__STDC__) +# define termEofCharp &termEofChar +# define termEraseCharp &termEraseChar +# define termIntCharp &termIntChar +# define termKillCharp &termKillChar +# define termQuitCharp &termQuitChar +# define termSuspCharp &termSuspChar +# define termFlushCharp &termFlushChar +# define termWerasCharp &termWerasChar +# define termRprntCharp &termRprntChar +# define termLiteralNextCharp &termLiteralNextChar +# define termStartCharp &termStartChar +# define termStopCharp &termStopChar +# define termForw1Charp &termForw1Char +# define termForw2Charp &termForw2Char +# define termAytCharp &termAytChar +# else + /* Work around a compiler bug */ +# define termEofCharp 0 +# define termEraseCharp 0 +# define termIntCharp 0 +# define termKillCharp 0 +# define termQuitCharp 0 +# define termSuspCharp 0 +# define termFlushCharp 0 +# define termWerasCharp 0 +# define termRprntCharp 0 +# define termLiteralNextCharp 0 +# define termStartCharp 0 +# define termStopCharp 0 +# define termForw1Charp 0 +# define termForw2Charp 0 +# define termAytCharp 0 +# endif +#endif + + +/* Ring buffer structures which are shared */ + +extern Ring + netoring, + netiring, + ttyoring, + ttyiring; + +/* Tn3270 section */ +#if defined(TN3270) + +extern int + HaveInput, /* Whether an asynchronous I/O indication came in */ + noasynchtty, /* Don't do signals on I/O (SIGURG, SIGIO) */ + noasynchnet, /* Don't do signals on I/O (SIGURG, SIGIO) */ + sigiocount, /* Count of SIGIO receptions */ + shell_active; /* Subshell is active */ + +extern char + *Ibackp, /* Oldest byte of 3270 data */ + Ibuf[], /* 3270 buffer */ + *Ifrontp, /* Where next 3270 byte goes */ + tline[], + *transcom; /* Transparent command */ + +extern int + settranscom P((int, char**)); + +extern void + inputAvailable P((int)); +#endif /* defined(TN3270) */ diff --git a/secure/usr.bin/telnet/fdset.h b/secure/usr.bin/telnet/fdset.h new file mode 100644 index 0000000..045bb72 --- /dev/null +++ b/secure/usr.bin/telnet/fdset.h @@ -0,0 +1,49 @@ +/* + * Copyright (c) 1988, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)fdset.h 8.1 (Berkeley) 6/6/93 + */ + +/* + * The following is defined just in case someone should want to run + * this telnet on a 4.2 system. + * + */ + +#ifndef FD_SETSIZE + +#define FD_SET(n, p) ((p)->fds_bits[0] |= (1<<(n))) +#define FD_CLR(n, p) ((p)->fds_bits[0] &= ~(1<<(n))) +#define FD_ISSET(n, p) ((p)->fds_bits[0] & (1<<(n))) +#define FD_ZERO(p) ((p)->fds_bits[0] = 0) + +#endif diff --git a/secure/usr.bin/telnet/general.h b/secure/usr.bin/telnet/general.h new file mode 100644 index 0000000..4efa951 --- /dev/null +++ b/secure/usr.bin/telnet/general.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 1988, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)general.h 8.1 (Berkeley) 6/6/93 + */ + +/* + * Some general definitions. + */ + + +#define numberof(x) (sizeof x/sizeof x[0]) +#define highestof(x) (numberof(x)-1) + +#define ClearElement(x) memset((char *)&x, 0, sizeof x) +#define ClearArray(x) memset((char *)x, 0, sizeof x) diff --git a/secure/usr.bin/telnet/main.c b/secure/usr.bin/telnet/main.c new file mode 100644 index 0000000..09ac26c --- /dev/null +++ b/secure/usr.bin/telnet/main.c @@ -0,0 +1,322 @@ +/* + * Copyright (c) 1988, 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char copyright[] = +"@(#) Copyright (c) 1988, 1990, 1993\n\ + The Regents of the University of California. All rights reserved.\n"; +#endif /* not lint */ + +#ifndef lint +static char sccsid[] = "@(#)main.c 8.3 (Berkeley) 5/30/95"; +#endif /* not lint */ + +#include <sys/types.h> + +#include "ring.h" +#include "externs.h" +#include "defines.h" + +/* These values need to be the same as defined in libtelnet/kerberos5.c */ +/* Either define them in both places, or put in some common header file. */ +#define OPTS_FORWARD_CREDS 0x00000002 +#define OPTS_FORWARDABLE_CREDS 0x00000001 + +#if 0 +#define FORWARD +#endif + +/* + * Initialize variables. + */ + void +tninit() +{ + init_terminal(); + + init_network(); + + init_telnet(); + + init_sys(); + +#if defined(TN3270) + init_3270(); +#endif +} + + void +usage() +{ + fprintf(stderr, "Usage: %s %s%s%s%s\n", + prompt, +#ifdef AUTHENTICATION + "[-8] [-E] [-K] [-L] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]", + "\n\t[-k realm] [-l user] [-f/-F] [-n tracefile] ", +#else + "[-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user]", + "\n\t[-n tracefile]", +#endif +#if defined(TN3270) && defined(unix) +# ifdef AUTHENTICATION + "[-noasynch] [-noasynctty]\n\t[-noasyncnet] [-r] [-t transcom] ", +# else + "[-noasynch] [-noasynctty] [-noasyncnet] [-r]\n\t[-t transcom]", +# endif +#else + "[-r] ", +#endif +#ifdef ENCRYPTION + "[-x] [host-name [port]]" +#else /* ENCRYPTION */ + "[host-name [port]]" +#endif /* ENCRYPTION */ + ); + exit(1); +} + +/* + * main. Parse arguments, invoke the protocol or command parser. + */ + + +main(argc, argv) + int argc; + char *argv[]; +{ + extern char *optarg; + extern int optind; + int ch; + char *user, *strrchr(); +#ifdef FORWARD + extern int forward_flags; +#endif /* FORWARD */ + + tninit(); /* Clear out things */ +#if defined(CRAY) && !defined(__STDC__) + _setlist_init(); /* Work around compiler bug */ +#endif + + TerminalSaveState(); + + if (prompt = strrchr(argv[0], '/')) + ++prompt; + else + prompt = argv[0]; + + user = NULL; + + rlogin = (strncmp(prompt, "rlog", 4) == 0) ? '~' : _POSIX_VDISABLE; + autologin = -1; + + while ((ch = getopt(argc, argv, "8EKLS:X:acde:fFk:l:n:rt:x")) != EOF) { + switch(ch) { + case '8': + eight = 3; /* binary output and input */ + break; + case 'E': + rlogin = escape = _POSIX_VDISABLE; + break; + case 'K': +#ifdef AUTHENTICATION + autologin = 0; +#endif + break; + case 'L': + eight |= 2; /* binary output only */ + break; + case 'S': + { +#ifdef HAS_GETTOS + extern int tos; + + if ((tos = parsetos(optarg, "tcp")) < 0) + fprintf(stderr, "%s%s%s%s\n", + prompt, ": Bad TOS argument '", + optarg, + "; will try to use default TOS"); +#else + fprintf(stderr, + "%s: Warning: -S ignored, no parsetos() support.\n", + prompt); +#endif + } + break; + case 'X': +#ifdef AUTHENTICATION + auth_disable_name(optarg); +#endif + break; + case 'a': + autologin = 1; + break; + case 'c': + skiprc = 1; + break; + case 'd': + debug = 1; + break; + case 'e': + set_escape_char(optarg); + break; + case 'f': +#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD) + if (forward_flags & OPTS_FORWARD_CREDS) { + fprintf(stderr, + "%s: Only one of -f and -F allowed.\n", + prompt); + usage(); + } + forward_flags |= OPTS_FORWARD_CREDS; +#else + fprintf(stderr, + "%s: Warning: -f ignored, no Kerberos V5 support.\n", + prompt); +#endif + break; + case 'F': +#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD) + if (forward_flags & OPTS_FORWARD_CREDS) { + fprintf(stderr, + "%s: Only one of -f and -F allowed.\n", + prompt); + usage(); + } + forward_flags |= OPTS_FORWARD_CREDS; + forward_flags |= OPTS_FORWARDABLE_CREDS; +#else + fprintf(stderr, + "%s: Warning: -F ignored, no Kerberos V5 support.\n", + prompt); +#endif + break; + case 'k': +#if defined(AUTHENTICATION) && defined(KRB4) + { + extern char *dest_realm, dst_realm_buf[], dst_realm_sz; + dest_realm = dst_realm_buf; + (void)strncpy(dest_realm, optarg, dst_realm_sz); + } +#else + fprintf(stderr, + "%s: Warning: -k ignored, no Kerberos V4 support.\n", + prompt); +#endif + break; + case 'l': + autologin = 1; + user = optarg; + break; + case 'n': +#if defined(TN3270) && defined(unix) + /* distinguish between "-n oasynch" and "-noasynch" */ + if (argv[optind - 1][0] == '-' && argv[optind - 1][1] + == 'n' && argv[optind - 1][2] == 'o') { + if (!strcmp(optarg, "oasynch")) { + noasynchtty = 1; + noasynchnet = 1; + } else if (!strcmp(optarg, "oasynchtty")) + noasynchtty = 1; + else if (!strcmp(optarg, "oasynchnet")) + noasynchnet = 1; + } else +#endif /* defined(TN3270) && defined(unix) */ + SetNetTrace(optarg); + break; + case 'r': + rlogin = '~'; + break; + case 't': +#if defined(TN3270) && defined(unix) + transcom = tline; + (void)strcpy(transcom, optarg); +#else + fprintf(stderr, + "%s: Warning: -t ignored, no TN3270 support.\n", + prompt); +#endif + break; + case 'x': +#ifdef ENCRYPTION + encrypt_auto(1); + decrypt_auto(1); +#else /* ENCRYPTION */ + fprintf(stderr, + "%s: Warning: -x ignored, no ENCRYPT support.\n", + prompt); +#endif /* ENCRYPTION */ + break; + case '?': + default: + usage(); + /* NOTREACHED */ + } + } + if (autologin == -1) + autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1; + + argc -= optind; + argv += optind; + + if (argc) { + char *args[7], **argp = args; + + if (argc > 2) + usage(); + *argp++ = prompt; + if (user) { + *argp++ = "-l"; + *argp++ = user; + } + *argp++ = argv[0]; /* host */ + if (argc > 1) + *argp++ = argv[1]; /* port */ + *argp = 0; + + if (setjmp(toplevel) != 0) + Exit(0); + if (tn(argp - args, args) == 1) + return (0); + else + return (1); + } + (void)setjmp(toplevel); + for (;;) { +#ifdef TN3270 + if (shell_active) + shell_continue(); + else +#endif + command(1, 0, 0); + } +} diff --git a/secure/usr.bin/telnet/network.c b/secure/usr.bin/telnet/network.c new file mode 100644 index 0000000..0fe5cee --- /dev/null +++ b/secure/usr.bin/telnet/network.c @@ -0,0 +1,177 @@ +/* + * Copyright (c) 1988, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)network.c 8.2 (Berkeley) 12/15/93"; +#endif /* not lint */ + +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/time.h> + +#include <errno.h> + +#include <arpa/telnet.h> + +#include "ring.h" + +#include "defines.h" +#include "externs.h" +#include "fdset.h" + +Ring netoring, netiring; +unsigned char netobuf[2*BUFSIZ], netibuf[BUFSIZ]; + +/* + * Initialize internal network data structures. + */ + + void +init_network() +{ + if (ring_init(&netoring, netobuf, sizeof netobuf) != 1) { + exit(1); + } + if (ring_init(&netiring, netibuf, sizeof netibuf) != 1) { + exit(1); + } + NetTrace = stdout; +} + + +/* + * Check to see if any out-of-band data exists on a socket (for + * Telnet "synch" processing). + */ + + int +stilloob() +{ + static struct timeval timeout = { 0 }; + fd_set excepts; + int value; + + do { + FD_ZERO(&excepts); + FD_SET(net, &excepts); + value = select(net+1, (fd_set *)0, (fd_set *)0, &excepts, &timeout); + } while ((value == -1) && (errno == EINTR)); + + if (value < 0) { + perror("select"); + (void) quit(); + /* NOTREACHED */ + } + if (FD_ISSET(net, &excepts)) { + return 1; + } else { + return 0; + } +} + + +/* + * setneturg() + * + * Sets "neturg" to the current location. + */ + + void +setneturg() +{ + ring_mark(&netoring); +} + + +/* + * netflush + * Send as much data as possible to the network, + * handling requests for urgent data. + * + * The return value indicates whether we did any + * useful work. + */ + + + int +netflush() +{ + register int n, n1; + +#ifdef ENCRYPTION + if (encrypt_output) + ring_encrypt(&netoring, encrypt_output); +#endif /* ENCRYPTION */ + if ((n1 = n = ring_full_consecutive(&netoring)) > 0) { + if (!ring_at_mark(&netoring)) { + n = send(net, (char *)netoring.consume, n, 0); /* normal write */ + } else { + /* + * In 4.2 (and 4.3) systems, there is some question about + * what byte in a sendOOB operation is the "OOB" data. + * To make ourselves compatible, we only send ONE byte + * out of band, the one WE THINK should be OOB (though + * we really have more the TCP philosophy of urgent data + * rather than the Unix philosophy of OOB data). + */ + n = send(net, (char *)netoring.consume, 1, MSG_OOB);/* URGENT data */ + } + } + if (n < 0) { + if (errno != ENOBUFS && errno != EWOULDBLOCK) { + setcommandmode(); + perror(hostname); + (void)NetClose(net); + ring_clear_mark(&netoring); + longjmp(peerdied, -1); + /*NOTREACHED*/ + } + n = 0; + } + if (netdata && n) { + Dump('>', netoring.consume, n); + } + if (n) { + ring_consumed(&netoring, n); + /* + * If we sent all, and more to send, then recurse to pick + * up the other half. + */ + if ((n1 == n) && ring_full_consecutive(&netoring)) { + (void) netflush(); + } + return 1; + } else { + return 0; + } +} diff --git a/secure/usr.bin/telnet/ring.c b/secure/usr.bin/telnet/ring.c new file mode 100644 index 0000000..37dfda8 --- /dev/null +++ b/secure/usr.bin/telnet/ring.c @@ -0,0 +1,362 @@ +/* + * Copyright (c) 1988, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)ring.c 8.2 (Berkeley) 5/30/95"; +#endif /* not lint */ + +/* + * This defines a structure for a ring buffer. + * + * The circular buffer has two parts: + *((( + * full: [consume, supply) + * empty: [supply, consume) + *]]] + * + */ + +#include <stdio.h> +#include <errno.h> + +#ifdef size_t +#undef size_t +#endif + +#include <sys/types.h> +#ifndef FILIO_H +#include <sys/ioctl.h> +#endif +#include <sys/socket.h> + +#include "ring.h" +#include "general.h" + +/* Internal macros */ + +#if !defined(MIN) +#define MIN(a,b) (((a)<(b))? (a):(b)) +#endif /* !defined(MIN) */ + +#define ring_subtract(d,a,b) (((a)-(b) >= 0)? \ + (a)-(b): (((a)-(b))+(d)->size)) + +#define ring_increment(d,a,c) (((a)+(c) < (d)->top)? \ + (a)+(c) : (((a)+(c))-(d)->size)) + +#define ring_decrement(d,a,c) (((a)-(c) >= (d)->bottom)? \ + (a)-(c) : (((a)-(c))-(d)->size)) + + +/* + * The following is a clock, used to determine full, empty, etc. + * + * There is some trickiness here. Since the ring buffers are initialized + * to ZERO on allocation, we need to make sure, when interpreting the + * clock, that when the times are EQUAL, then the buffer is FULL. + */ +static u_long ring_clock = 0; + + +#define ring_empty(d) (((d)->consume == (d)->supply) && \ + ((d)->consumetime >= (d)->supplytime)) +#define ring_full(d) (((d)->supply == (d)->consume) && \ + ((d)->supplytime > (d)->consumetime)) + + + + + +/* Buffer state transition routines */ + + ring_init(ring, buffer, count) +Ring *ring; + unsigned char *buffer; + int count; +{ + memset((char *)ring, 0, sizeof *ring); + + ring->size = count; + + ring->supply = ring->consume = ring->bottom = buffer; + + ring->top = ring->bottom+ring->size; + +#ifdef ENCRYPTION + ring->clearto = 0; +#endif /* ENCRYPTION */ + + return 1; +} + +/* Mark routines */ + +/* + * Mark the most recently supplied byte. + */ + + void +ring_mark(ring) + Ring *ring; +{ + ring->mark = ring_decrement(ring, ring->supply, 1); +} + +/* + * Is the ring pointing to the mark? + */ + + int +ring_at_mark(ring) + Ring *ring; +{ + if (ring->mark == ring->consume) { + return 1; + } else { + return 0; + } +} + +/* + * Clear any mark set on the ring. + */ + + void +ring_clear_mark(ring) + Ring *ring; +{ + ring->mark = 0; +} + +/* + * Add characters from current segment to ring buffer. + */ + void +ring_supplied(ring, count) + Ring *ring; + int count; +{ + ring->supply = ring_increment(ring, ring->supply, count); + ring->supplytime = ++ring_clock; +} + +/* + * We have just consumed "c" bytes. + */ + void +ring_consumed(ring, count) + Ring *ring; + int count; +{ + if (count == 0) /* don't update anything */ + return; + + if (ring->mark && + (ring_subtract(ring, ring->mark, ring->consume) < count)) { + ring->mark = 0; + } +#ifdef ENCRYPTION + if (ring->consume < ring->clearto && + ring->clearto <= ring->consume + count) + ring->clearto = 0; + else if (ring->consume + count > ring->top && + ring->bottom <= ring->clearto && + ring->bottom + ((ring->consume + count) - ring->top)) + ring->clearto = 0; +#endif /* ENCRYPTION */ + ring->consume = ring_increment(ring, ring->consume, count); + ring->consumetime = ++ring_clock; + /* + * Try to encourage "ring_empty_consecutive()" to be large. + */ + if (ring_empty(ring)) { + ring->consume = ring->supply = ring->bottom; + } +} + + + +/* Buffer state query routines */ + + +/* Number of bytes that may be supplied */ + int +ring_empty_count(ring) + Ring *ring; +{ + if (ring_empty(ring)) { /* if empty */ + return ring->size; + } else { + return ring_subtract(ring, ring->consume, ring->supply); + } +} + +/* number of CONSECUTIVE bytes that may be supplied */ + int +ring_empty_consecutive(ring) + Ring *ring; +{ + if ((ring->consume < ring->supply) || ring_empty(ring)) { + /* + * if consume is "below" supply, or empty, then + * return distance to the top + */ + return ring_subtract(ring, ring->top, ring->supply); + } else { + /* + * else, return what we may. + */ + return ring_subtract(ring, ring->consume, ring->supply); + } +} + +/* Return the number of bytes that are available for consuming + * (but don't give more than enough to get to cross over set mark) + */ + + int +ring_full_count(ring) + Ring *ring; +{ + if ((ring->mark == 0) || (ring->mark == ring->consume)) { + if (ring_full(ring)) { + return ring->size; /* nothing consumed, but full */ + } else { + return ring_subtract(ring, ring->supply, ring->consume); + } + } else { + return ring_subtract(ring, ring->mark, ring->consume); + } +} + +/* + * Return the number of CONSECUTIVE bytes available for consuming. + * However, don't return more than enough to cross over set mark. + */ + int +ring_full_consecutive(ring) + Ring *ring; +{ + if ((ring->mark == 0) || (ring->mark == ring->consume)) { + if ((ring->supply < ring->consume) || ring_full(ring)) { + return ring_subtract(ring, ring->top, ring->consume); + } else { + return ring_subtract(ring, ring->supply, ring->consume); + } + } else { + if (ring->mark < ring->consume) { + return ring_subtract(ring, ring->top, ring->consume); + } else { /* Else, distance to mark */ + return ring_subtract(ring, ring->mark, ring->consume); + } + } +} + +/* + * Move data into the "supply" portion of of the ring buffer. + */ + void +ring_supply_data(ring, buffer, count) + Ring *ring; + unsigned char *buffer; + int count; +{ + int i; + + while (count) { + i = MIN(count, ring_empty_consecutive(ring)); + memmove(ring->supply, buffer, i); + ring_supplied(ring, i); + count -= i; + buffer += i; + } +} + +#ifdef notdef + +/* + * Move data from the "consume" portion of the ring buffer + */ + void +ring_consume_data(ring, buffer, count) + Ring *ring; + unsigned char *buffer; + int count; +{ + int i; + + while (count) { + i = MIN(count, ring_full_consecutive(ring)); + memmove(buffer, ring->consume, i); + ring_consumed(ring, i); + count -= i; + buffer += i; + } +} +#endif + +#ifdef ENCRYPTION + void +ring_encrypt(ring, encryptor) + Ring *ring; + void (*encryptor)(); +{ + unsigned char *s, *c; + + if (ring_empty(ring) || ring->clearto == ring->supply) + return; + + if (!(c = ring->clearto)) + c = ring->consume; + + s = ring->supply; + + if (s <= c) { + (*encryptor)(c, ring->top - c); + (*encryptor)(ring->bottom, s - ring->bottom); + } else + (*encryptor)(c, s - c); + + ring->clearto = ring->supply; +} + + void +ring_clearto(ring) + Ring *ring; +{ + if (!ring_empty(ring)) + ring->clearto = ring->supply; + else + ring->clearto = 0; +} +#endif /* ENCRYPTION */ diff --git a/secure/usr.bin/telnet/ring.h b/secure/usr.bin/telnet/ring.h new file mode 100644 index 0000000..2a36781 --- /dev/null +++ b/secure/usr.bin/telnet/ring.h @@ -0,0 +1,105 @@ +/* + * Copyright (c) 1988, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)ring.h 8.1 (Berkeley) 6/6/93 + */ + +#if defined(P) +# undef P +#endif + +#if defined(__STDC__) || defined(LINT_ARGS) +# define P(x) x +#else +# define P(x) () +#endif + +/* + * This defines a structure for a ring buffer. + * + * The circular buffer has two parts: + *((( + * full: [consume, supply) + * empty: [supply, consume) + *]]] + * + */ +typedef struct { + unsigned char *consume, /* where data comes out of */ + *supply, /* where data comes in to */ + *bottom, /* lowest address in buffer */ + *top, /* highest address+1 in buffer */ + *mark; /* marker (user defined) */ +#ifdef ENCRYPTION + unsigned char *clearto; /* Data to this point is clear text */ + unsigned char *encryyptedto; /* Data is encrypted to here */ +#endif /* ENCRYPTION */ + int size; /* size in bytes of buffer */ + u_long consumetime, /* help us keep straight full, empty, etc. */ + supplytime; +} Ring; + +/* Here are some functions and macros to deal with the ring buffer */ + +/* Initialization routine */ +extern int + ring_init P((Ring *ring, unsigned char *buffer, int count)); + +/* Data movement routines */ +extern void + ring_supply_data P((Ring *ring, unsigned char *buffer, int count)); +#ifdef notdef +extern void + ring_consume_data P((Ring *ring, unsigned char *buffer, int count)); +#endif + +/* Buffer state transition routines */ +extern void + ring_supplied P((Ring *ring, int count)), + ring_consumed P((Ring *ring, int count)); + +/* Buffer state query routines */ +extern int + ring_empty_count P((Ring *ring)), + ring_empty_consecutive P((Ring *ring)), + ring_full_count P((Ring *ring)), + ring_full_consecutive P((Ring *ring)); + +#ifdef ENCRYPTION +extern void + ring_encrypt P((Ring *ring, void (*func)())), + ring_clearto P((Ring *ring)); +#endif /* ENCRYPTION */ + +extern void + ring_clear_mark(), + ring_mark(); diff --git a/secure/usr.bin/telnet/sys_bsd.c b/secure/usr.bin/telnet/sys_bsd.c new file mode 100644 index 0000000..3ede7c4 --- /dev/null +++ b/secure/usr.bin/telnet/sys_bsd.c @@ -0,0 +1,1220 @@ +/* + * Copyright (c) 1988, 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)sys_bsd.c 8.4 (Berkeley) 5/30/95"; +#endif /* not lint */ + +/* + * The following routines try to encapsulate what is system dependent + * (at least between 4.x and dos) which is used in telnet.c. + */ + + +#include <fcntl.h> +#include <sys/types.h> +#include <sys/time.h> +#include <sys/socket.h> +#include <signal.h> +#include <errno.h> +#include <arpa/telnet.h> + +#include "ring.h" + +#include "fdset.h" + +#include "defines.h" +#include "externs.h" +#include "types.h" + +#if defined(CRAY) || (defined(USE_TERMIO) && !defined(SYSV_TERMIO)) +#define SIG_FUNC_RET void +#else +#define SIG_FUNC_RET int +#endif + +#ifdef SIGINFO +extern SIG_FUNC_RET ayt_status(); +#endif + +int + tout, /* Output file descriptor */ + tin, /* Input file descriptor */ + net; + +#ifndef USE_TERMIO +struct tchars otc = { 0 }, ntc = { 0 }; +struct ltchars oltc = { 0 }, nltc = { 0 }; +struct sgttyb ottyb = { 0 }, nttyb = { 0 }; +int olmode = 0; +# define cfgetispeed(ptr) (ptr)->sg_ispeed +# define cfgetospeed(ptr) (ptr)->sg_ospeed +# define old_tc ottyb + +#else /* USE_TERMIO */ +struct termio old_tc = { 0 }; +extern struct termio new_tc; + +# ifndef TCSANOW +# ifdef TCSETS +# define TCSANOW TCSETS +# define TCSADRAIN TCSETSW +# define tcgetattr(f, t) ioctl(f, TCGETS, (char *)t) +# else +# ifdef TCSETA +# define TCSANOW TCSETA +# define TCSADRAIN TCSETAW +# define tcgetattr(f, t) ioctl(f, TCGETA, (char *)t) +# else +# define TCSANOW TIOCSETA +# define TCSADRAIN TIOCSETAW +# define tcgetattr(f, t) ioctl(f, TIOCGETA, (char *)t) +# endif +# endif +# define tcsetattr(f, a, t) ioctl(f, a, (char *)t) +# define cfgetospeed(ptr) ((ptr)->c_cflag&CBAUD) +# ifdef CIBAUD +# define cfgetispeed(ptr) (((ptr)->c_cflag&CIBAUD) >> IBSHIFT) +# else +# define cfgetispeed(ptr) cfgetospeed(ptr) +# endif +# endif /* TCSANOW */ +# ifdef sysV88 +# define TIOCFLUSH TC_PX_DRAIN +# endif +#endif /* USE_TERMIO */ + +static fd_set ibits, obits, xbits; + + + void +init_sys() +{ + tout = fileno(stdout); + tin = fileno(stdin); + FD_ZERO(&ibits); + FD_ZERO(&obits); + FD_ZERO(&xbits); + + errno = 0; +} + + + int +TerminalWrite(buf, n) + char *buf; + int n; +{ + return write(tout, buf, n); +} + + int +TerminalRead(buf, n) + char *buf; + int n; +{ + return read(tin, buf, n); +} + +/* + * + */ + + int +TerminalAutoFlush() +{ +#if defined(LNOFLSH) + int flush; + + ioctl(0, TIOCLGET, (char *)&flush); + return !(flush&LNOFLSH); /* if LNOFLSH, no autoflush */ +#else /* LNOFLSH */ + return 1; +#endif /* LNOFLSH */ +} + +#ifdef KLUDGELINEMODE +extern int kludgelinemode; +#endif +/* + * TerminalSpecialChars() + * + * Look at an input character to see if it is a special character + * and decide what to do. + * + * Output: + * + * 0 Don't add this character. + * 1 Do add this character + */ + +extern void xmitAO(), xmitEL(), xmitEC(), intp(), sendbrk(); + + int +TerminalSpecialChars(c) + int c; +{ + if (c == termIntChar) { + intp(); + return 0; + } else if (c == termQuitChar) { +#ifdef KLUDGELINEMODE + if (kludgelinemode) + sendbrk(); + else +#endif + sendabort(); + return 0; + } else if (c == termEofChar) { + if (my_want_state_is_will(TELOPT_LINEMODE)) { + sendeof(); + return 0; + } + return 1; + } else if (c == termSuspChar) { + sendsusp(); + return(0); + } else if (c == termFlushChar) { + xmitAO(); /* Transmit Abort Output */ + return 0; + } else if (!MODE_LOCAL_CHARS(globalmode)) { + if (c == termKillChar) { + xmitEL(); + return 0; + } else if (c == termEraseChar) { + xmitEC(); /* Transmit Erase Character */ + return 0; + } + } + return 1; +} + + +/* + * Flush output to the terminal + */ + + void +TerminalFlushOutput() +{ +#ifdef TIOCFLUSH + (void) ioctl(fileno(stdout), TIOCFLUSH, (char *) 0); +#else + (void) ioctl(fileno(stdout), TCFLSH, (char *) 0); +#endif +} + + void +TerminalSaveState() +{ +#ifndef USE_TERMIO + ioctl(0, TIOCGETP, (char *)&ottyb); + ioctl(0, TIOCGETC, (char *)&otc); + ioctl(0, TIOCGLTC, (char *)&oltc); + ioctl(0, TIOCLGET, (char *)&olmode); + + ntc = otc; + nltc = oltc; + nttyb = ottyb; + +#else /* USE_TERMIO */ + tcgetattr(0, &old_tc); + + new_tc = old_tc; + +#ifndef VDISCARD + termFlushChar = CONTROL('O'); +#endif +#ifndef VWERASE + termWerasChar = CONTROL('W'); +#endif +#ifndef VREPRINT + termRprntChar = CONTROL('R'); +#endif +#ifndef VLNEXT + termLiteralNextChar = CONTROL('V'); +#endif +#ifndef VSTART + termStartChar = CONTROL('Q'); +#endif +#ifndef VSTOP + termStopChar = CONTROL('S'); +#endif +#ifndef VSTATUS + termAytChar = CONTROL('T'); +#endif +#endif /* USE_TERMIO */ +} + + cc_t * +tcval(func) + register int func; +{ + switch(func) { + case SLC_IP: return(&termIntChar); + case SLC_ABORT: return(&termQuitChar); + case SLC_EOF: return(&termEofChar); + case SLC_EC: return(&termEraseChar); + case SLC_EL: return(&termKillChar); + case SLC_XON: return(&termStartChar); + case SLC_XOFF: return(&termStopChar); + case SLC_FORW1: return(&termForw1Char); +#ifdef USE_TERMIO + case SLC_FORW2: return(&termForw2Char); +# ifdef VDISCARD + case SLC_AO: return(&termFlushChar); +# endif +# ifdef VSUSP + case SLC_SUSP: return(&termSuspChar); +# endif +# ifdef VWERASE + case SLC_EW: return(&termWerasChar); +# endif +# ifdef VREPRINT + case SLC_RP: return(&termRprntChar); +# endif +# ifdef VLNEXT + case SLC_LNEXT: return(&termLiteralNextChar); +# endif +# ifdef VSTATUS + case SLC_AYT: return(&termAytChar); +# endif +#endif + + case SLC_SYNCH: + case SLC_BRK: + case SLC_EOR: + default: + return((cc_t *)0); + } +} + + void +TerminalDefaultChars() +{ +#ifndef USE_TERMIO + ntc = otc; + nltc = oltc; + nttyb.sg_kill = ottyb.sg_kill; + nttyb.sg_erase = ottyb.sg_erase; +#else /* USE_TERMIO */ + memmove(new_tc.c_cc, old_tc.c_cc, sizeof(old_tc.c_cc)); +# ifndef VDISCARD + termFlushChar = CONTROL('O'); +# endif +# ifndef VWERASE + termWerasChar = CONTROL('W'); +# endif +# ifndef VREPRINT + termRprntChar = CONTROL('R'); +# endif +# ifndef VLNEXT + termLiteralNextChar = CONTROL('V'); +# endif +# ifndef VSTART + termStartChar = CONTROL('Q'); +# endif +# ifndef VSTOP + termStopChar = CONTROL('S'); +# endif +# ifndef VSTATUS + termAytChar = CONTROL('T'); +# endif +#endif /* USE_TERMIO */ +} + +#ifdef notdef +void +TerminalRestoreState() +{ +} +#endif + +/* + * TerminalNewMode - set up terminal to a specific mode. + * MODE_ECHO: do local terminal echo + * MODE_FLOW: do local flow control + * MODE_TRAPSIG: do local mapping to TELNET IAC sequences + * MODE_EDIT: do local line editing + * + * Command mode: + * MODE_ECHO|MODE_EDIT|MODE_FLOW|MODE_TRAPSIG + * local echo + * local editing + * local xon/xoff + * local signal mapping + * + * Linemode: + * local/no editing + * Both Linemode and Single Character mode: + * local/remote echo + * local/no xon/xoff + * local/no signal mapping + */ + + + void +TerminalNewMode(f) + register int f; +{ + static int prevmode = 0; +#ifndef USE_TERMIO + struct tchars tc; + struct ltchars ltc; + struct sgttyb sb; + int lmode; +#else /* USE_TERMIO */ + struct termio tmp_tc; +#endif /* USE_TERMIO */ + int onoff; + int old; + cc_t esc; + + globalmode = f&~MODE_FORCE; + if (prevmode == f) + return; + + /* + * Write any outstanding data before switching modes + * ttyflush() returns 0 only when there is no more data + * left to write out, it returns -1 if it couldn't do + * anything at all, otherwise it returns 1 + the number + * of characters left to write. +#ifndef USE_TERMIO + * We would really like ask the kernel to wait for the output + * to drain, like we can do with the TCSADRAIN, but we don't have + * that option. The only ioctl that waits for the output to + * drain, TIOCSETP, also flushes the input queue, which is NOT + * what we want (TIOCSETP is like TCSADFLUSH). +#endif + */ + old = ttyflush(SYNCHing|flushout); + if (old < 0 || old > 1) { +#ifdef USE_TERMIO + tcgetattr(tin, &tmp_tc); +#endif /* USE_TERMIO */ + do { + /* + * Wait for data to drain, then flush again. + */ +#ifdef USE_TERMIO + tcsetattr(tin, TCSADRAIN, &tmp_tc); +#endif /* USE_TERMIO */ + old = ttyflush(SYNCHing|flushout); + } while (old < 0 || old > 1); + } + + old = prevmode; + prevmode = f&~MODE_FORCE; +#ifndef USE_TERMIO + sb = nttyb; + tc = ntc; + ltc = nltc; + lmode = olmode; +#else + tmp_tc = new_tc; +#endif + + if (f&MODE_ECHO) { +#ifndef USE_TERMIO + sb.sg_flags |= ECHO; +#else + tmp_tc.c_lflag |= ECHO; + tmp_tc.c_oflag |= ONLCR; + if (crlf) + tmp_tc.c_iflag |= ICRNL; +#endif + } else { +#ifndef USE_TERMIO + sb.sg_flags &= ~ECHO; +#else + tmp_tc.c_lflag &= ~ECHO; + tmp_tc.c_oflag &= ~ONLCR; +# ifdef notdef + if (crlf) + tmp_tc.c_iflag &= ~ICRNL; +# endif +#endif + } + + if ((f&MODE_FLOW) == 0) { +#ifndef USE_TERMIO + tc.t_startc = _POSIX_VDISABLE; + tc.t_stopc = _POSIX_VDISABLE; +#else + tmp_tc.c_iflag &= ~(IXOFF|IXON); /* Leave the IXANY bit alone */ + } else { + if (restartany < 0) { + tmp_tc.c_iflag |= IXOFF|IXON; /* Leave the IXANY bit alone */ + } else if (restartany > 0) { + tmp_tc.c_iflag |= IXOFF|IXON|IXANY; + } else { + tmp_tc.c_iflag |= IXOFF|IXON; + tmp_tc.c_iflag &= ~IXANY; + } +#endif + } + + if ((f&MODE_TRAPSIG) == 0) { +#ifndef USE_TERMIO + tc.t_intrc = _POSIX_VDISABLE; + tc.t_quitc = _POSIX_VDISABLE; + tc.t_eofc = _POSIX_VDISABLE; + ltc.t_suspc = _POSIX_VDISABLE; + ltc.t_dsuspc = _POSIX_VDISABLE; +#else + tmp_tc.c_lflag &= ~ISIG; +#endif + localchars = 0; + } else { +#ifdef USE_TERMIO + tmp_tc.c_lflag |= ISIG; +#endif + localchars = 1; + } + + if (f&MODE_EDIT) { +#ifndef USE_TERMIO + sb.sg_flags &= ~CBREAK; + sb.sg_flags |= CRMOD; +#else + tmp_tc.c_lflag |= ICANON; +#endif + } else { +#ifndef USE_TERMIO + sb.sg_flags |= CBREAK; + if (f&MODE_ECHO) + sb.sg_flags |= CRMOD; + else + sb.sg_flags &= ~CRMOD; +#else + tmp_tc.c_lflag &= ~ICANON; + tmp_tc.c_iflag &= ~ICRNL; + tmp_tc.c_cc[VMIN] = 1; + tmp_tc.c_cc[VTIME] = 0; +#endif + } + + if ((f&(MODE_EDIT|MODE_TRAPSIG)) == 0) { +#ifndef USE_TERMIO + ltc.t_lnextc = _POSIX_VDISABLE; +#else +# ifdef VLNEXT + tmp_tc.c_cc[VLNEXT] = (cc_t)(_POSIX_VDISABLE); +# endif +#endif + } + + if (f&MODE_SOFT_TAB) { +#ifndef USE_TERMIO + sb.sg_flags |= XTABS; +#else +# ifdef OXTABS + tmp_tc.c_oflag |= OXTABS; +# endif +# ifdef TABDLY + tmp_tc.c_oflag &= ~TABDLY; + tmp_tc.c_oflag |= TAB3; +# endif +#endif + } else { +#ifndef USE_TERMIO + sb.sg_flags &= ~XTABS; +#else +# ifdef OXTABS + tmp_tc.c_oflag &= ~OXTABS; +# endif +# ifdef TABDLY + tmp_tc.c_oflag &= ~TABDLY; +# endif +#endif + } + + if (f&MODE_LIT_ECHO) { +#ifndef USE_TERMIO + lmode &= ~LCTLECH; +#else +# ifdef ECHOCTL + tmp_tc.c_lflag &= ~ECHOCTL; +# endif +#endif + } else { +#ifndef USE_TERMIO + lmode |= LCTLECH; +#else +# ifdef ECHOCTL + tmp_tc.c_lflag |= ECHOCTL; +# endif +#endif + } + + if (f == -1) { + onoff = 0; + } else { +#ifndef USE_TERMIO + if (f & MODE_OUTBIN) + lmode |= LLITOUT; + else + lmode &= ~LLITOUT; + + if (f & MODE_INBIN) + lmode |= LPASS8; + else + lmode &= ~LPASS8; +#else + if (f & MODE_INBIN) + tmp_tc.c_iflag &= ~ISTRIP; + else + tmp_tc.c_iflag |= ISTRIP; + if (f & MODE_OUTBIN) { + tmp_tc.c_cflag &= ~(CSIZE|PARENB); + tmp_tc.c_cflag |= CS8; + tmp_tc.c_oflag &= ~OPOST; + } else { + tmp_tc.c_cflag &= ~(CSIZE|PARENB); + tmp_tc.c_cflag |= old_tc.c_cflag & (CSIZE|PARENB); + tmp_tc.c_oflag |= OPOST; + } +#endif + onoff = 1; + } + + if (f != -1) { +#ifdef SIGTSTP + SIG_FUNC_RET susp(); +#endif /* SIGTSTP */ +#ifdef SIGINFO + SIG_FUNC_RET ayt(); +#endif + +#ifdef SIGTSTP + (void) signal(SIGTSTP, susp); +#endif /* SIGTSTP */ +#ifdef SIGINFO + (void) signal(SIGINFO, ayt); +#endif +#if defined(USE_TERMIO) && defined(NOKERNINFO) + tmp_tc.c_lflag |= NOKERNINFO; +#endif + /* + * We don't want to process ^Y here. It's just another + * character that we'll pass on to the back end. It has + * to process it because it will be processed when the + * user attempts to read it, not when we send it. + */ +#ifndef USE_TERMIO + ltc.t_dsuspc = _POSIX_VDISABLE; +#else +# ifdef VDSUSP + tmp_tc.c_cc[VDSUSP] = (cc_t)(_POSIX_VDISABLE); +# endif +#endif +#ifdef USE_TERMIO + /* + * If the VEOL character is already set, then use VEOL2, + * otherwise use VEOL. + */ + esc = (rlogin != _POSIX_VDISABLE) ? rlogin : escape; + if ((tmp_tc.c_cc[VEOL] != esc) +# ifdef VEOL2 + && (tmp_tc.c_cc[VEOL2] != esc) +# endif + ) { + if (tmp_tc.c_cc[VEOL] == (cc_t)(_POSIX_VDISABLE)) + tmp_tc.c_cc[VEOL] = esc; +# ifdef VEOL2 + else if (tmp_tc.c_cc[VEOL2] == (cc_t)(_POSIX_VDISABLE)) + tmp_tc.c_cc[VEOL2] = esc; +# endif + } +#else + if (tc.t_brkc == (cc_t)(_POSIX_VDISABLE)) + tc.t_brkc = esc; +#endif + } else { +#ifdef SIGINFO + SIG_FUNC_RET ayt_status(); + + (void) signal(SIGINFO, ayt_status); +#endif +#ifdef SIGTSTP + (void) signal(SIGTSTP, SIG_DFL); +# ifndef SOLARIS + (void) sigsetmask(sigblock(0) & ~(1<<(SIGTSTP-1))); +# else SOLARIS + (void) sigrelse(SIGTSTP); +# endif SOLARIS +#endif /* SIGTSTP */ +#ifndef USE_TERMIO + ltc = oltc; + tc = otc; + sb = ottyb; + lmode = olmode; +#else + tmp_tc = old_tc; +#endif + } +#ifndef USE_TERMIO + ioctl(tin, TIOCLSET, (char *)&lmode); + ioctl(tin, TIOCSLTC, (char *)<c); + ioctl(tin, TIOCSETC, (char *)&tc); + ioctl(tin, TIOCSETN, (char *)&sb); +#else + if (tcsetattr(tin, TCSADRAIN, &tmp_tc) < 0) + tcsetattr(tin, TCSANOW, &tmp_tc); +#endif + +#if (!defined(TN3270)) || ((!defined(NOT43)) || defined(PUTCHAR)) +# if !defined(sysV88) + ioctl(tin, FIONBIO, (char *)&onoff); + ioctl(tout, FIONBIO, (char *)&onoff); +# endif +#endif /* (!defined(TN3270)) || ((!defined(NOT43)) || defined(PUTCHAR)) */ +#if defined(TN3270) + if (noasynchtty == 0) { + ioctl(tin, FIOASYNC, (char *)&onoff); + } +#endif /* defined(TN3270) */ + +} + +/* + * Try to guess whether speeds are "encoded" (4.2BSD) or just numeric (4.4BSD). + */ +#if B4800 != 4800 +#define DECODE_BAUD +#endif + +#ifdef DECODE_BAUD +#ifndef B7200 +#define B7200 B4800 +#endif + +#ifndef B14400 +#define B14400 B9600 +#endif + +#ifndef B19200 +# define B19200 B14400 +#endif + +#ifndef B28800 +#define B28800 B19200 +#endif + +#ifndef B38400 +# define B38400 B28800 +#endif + +#ifndef B57600 +#define B57600 B38400 +#endif + +#ifndef B76800 +#define B76800 B57600 +#endif + +#ifndef B115200 +#define B115200 B76800 +#endif + +#ifndef B230400 +#define B230400 B115200 +#endif + + +/* + * This code assumes that the values B0, B50, B75... + * are in ascending order. They do not have to be + * contiguous. + */ +struct termspeeds { + long speed; + long value; +} termspeeds[] = { + { 0, B0 }, { 50, B50 }, { 75, B75 }, + { 110, B110 }, { 134, B134 }, { 150, B150 }, + { 200, B200 }, { 300, B300 }, { 600, B600 }, + { 1200, B1200 }, { 1800, B1800 }, { 2400, B2400 }, + { 4800, B4800 }, { 7200, B7200 }, { 9600, B9600 }, + { 14400, B14400 }, { 19200, B19200 }, { 28800, B28800 }, + { 38400, B38400 }, { 57600, B57600 }, { 115200, B115200 }, + { 230400, B230400 }, { -1, B230400 } +}; +#endif /* DECODE_BAUD */ + + void +TerminalSpeeds(ispeed, ospeed) + long *ispeed; + long *ospeed; +{ +#ifdef DECODE_BAUD + register struct termspeeds *tp; +#endif /* DECODE_BAUD */ + register long in, out; + + out = cfgetospeed(&old_tc); + in = cfgetispeed(&old_tc); + if (in == 0) + in = out; + +#ifdef DECODE_BAUD + tp = termspeeds; + while ((tp->speed != -1) && (tp->value < in)) + tp++; + *ispeed = tp->speed; + + tp = termspeeds; + while ((tp->speed != -1) && (tp->value < out)) + tp++; + *ospeed = tp->speed; +#else /* DECODE_BAUD */ + *ispeed = in; + *ospeed = out; +#endif /* DECODE_BAUD */ +} + + int +TerminalWindowSize(rows, cols) + long *rows, *cols; +{ +#ifdef TIOCGWINSZ + struct winsize ws; + + if (ioctl(fileno(stdin), TIOCGWINSZ, (char *)&ws) >= 0) { + *rows = ws.ws_row; + *cols = ws.ws_col; + return 1; + } +#endif /* TIOCGWINSZ */ + return 0; +} + + int +NetClose(fd) + int fd; +{ + return close(fd); +} + + + void +NetNonblockingIO(fd, onoff) + int fd; + int onoff; +{ + ioctl(fd, FIONBIO, (char *)&onoff); +} + +#if defined(TN3270) + void +NetSigIO(fd, onoff) + int fd; + int onoff; +{ + ioctl(fd, FIOASYNC, (char *)&onoff); /* hear about input */ +} + + void +NetSetPgrp(fd) + int fd; +{ + int myPid; + + myPid = getpid(); + fcntl(fd, F_SETOWN, myPid); +} +#endif /*defined(TN3270)*/ + +/* + * Various signal handling routines. + */ + + /* ARGSUSED */ + SIG_FUNC_RET +deadpeer(sig) + int sig; +{ + setcommandmode(); + longjmp(peerdied, -1); +} + + /* ARGSUSED */ + SIG_FUNC_RET +intr(sig) + int sig; +{ + if (localchars) { + intp(); + return; + } + setcommandmode(); + longjmp(toplevel, -1); +} + + /* ARGSUSED */ + SIG_FUNC_RET +intr2(sig) + int sig; +{ + if (localchars) { +#ifdef KLUDGELINEMODE + if (kludgelinemode) + sendbrk(); + else +#endif + sendabort(); + return; + } +} + +#ifdef SIGTSTP + /* ARGSUSED */ + SIG_FUNC_RET +susp(sig) + int sig; +{ + if ((rlogin != _POSIX_VDISABLE) && rlogin_susp()) + return; + if (localchars) + sendsusp(); +} +#endif + +#ifdef SIGWINCH + /* ARGSUSED */ + SIG_FUNC_RET +sendwin(sig) + int sig; +{ + if (connected) { + sendnaws(); + } +} +#endif + +#ifdef SIGINFO + /* ARGSUSED */ + SIG_FUNC_RET +ayt(sig) + int sig; +{ + if (connected) + sendayt(); + else + ayt_status(); +} +#endif + + + void +sys_telnet_init() +{ + (void) signal(SIGINT, intr); + (void) signal(SIGQUIT, intr2); + (void) signal(SIGPIPE, deadpeer); +#ifdef SIGWINCH + (void) signal(SIGWINCH, sendwin); +#endif +#ifdef SIGTSTP + (void) signal(SIGTSTP, susp); +#endif +#ifdef SIGINFO + (void) signal(SIGINFO, ayt); +#endif + + setconnmode(0); + + NetNonblockingIO(net, 1); + +#if defined(TN3270) + if (noasynchnet == 0) { /* DBX can't handle! */ + NetSigIO(net, 1); + NetSetPgrp(net); + } +#endif /* defined(TN3270) */ + +#if defined(SO_OOBINLINE) + if (SetSockOpt(net, SOL_SOCKET, SO_OOBINLINE, 1) == -1) { + perror("SetSockOpt"); + } +#endif /* defined(SO_OOBINLINE) */ +} + +/* + * Process rings - + * + * This routine tries to fill up/empty our various rings. + * + * The parameter specifies whether this is a poll operation, + * or a block-until-something-happens operation. + * + * The return value is 1 if something happened, 0 if not. + */ + + int +process_rings(netin, netout, netex, ttyin, ttyout, poll) + int poll; /* If 0, then block until something to do */ +{ + register int c; + /* One wants to be a bit careful about setting returnValue + * to one, since a one implies we did some useful work, + * and therefore probably won't be called to block next + * time (TN3270 mode only). + */ + int returnValue = 0; + static struct timeval TimeValue = { 0 }; + + if (netout) { + FD_SET(net, &obits); + } + if (ttyout) { + FD_SET(tout, &obits); + } +#if defined(TN3270) + if (ttyin) { + FD_SET(tin, &ibits); + } +#else /* defined(TN3270) */ + if (ttyin) { + FD_SET(tin, &ibits); + } +#endif /* defined(TN3270) */ +#if defined(TN3270) + if (netin) { + FD_SET(net, &ibits); + } +# else /* !defined(TN3270) */ + if (netin) { + FD_SET(net, &ibits); + } +# endif /* !defined(TN3270) */ + if (netex) { + FD_SET(net, &xbits); + } + if ((c = select(16, &ibits, &obits, &xbits, + (poll == 0)? (struct timeval *)0 : &TimeValue)) < 0) { + if (c == -1) { + /* + * we can get EINTR if we are in line mode, + * and the user does an escape (TSTP), or + * some other signal generator. + */ + if (errno == EINTR) { + return 0; + } +# if defined(TN3270) + /* + * we can get EBADF if we were in transparent + * mode, and the transcom process died. + */ + if (errno == EBADF) { + /* + * zero the bits (even though kernel does it) + * to make sure we are selecting on the right + * ones. + */ + FD_ZERO(&ibits); + FD_ZERO(&obits); + FD_ZERO(&xbits); + return 0; + } +# endif /* defined(TN3270) */ + /* I don't like this, does it ever happen? */ + printf("sleep(5) from telnet, after select\r\n"); + sleep(5); + } + return 0; + } + + /* + * Any urgent data? + */ + if (FD_ISSET(net, &xbits)) { + FD_CLR(net, &xbits); + SYNCHing = 1; + (void) ttyflush(1); /* flush already enqueued data */ + } + + /* + * Something to read from the network... + */ + if (FD_ISSET(net, &ibits)) { + int canread; + + FD_CLR(net, &ibits); + canread = ring_empty_consecutive(&netiring); +#if !defined(SO_OOBINLINE) + /* + * In 4.2 (and some early 4.3) systems, the + * OOB indication and data handling in the kernel + * is such that if two separate TCP Urgent requests + * come in, one byte of TCP data will be overlaid. + * This is fatal for Telnet, but we try to live + * with it. + * + * In addition, in 4.2 (and...), a special protocol + * is needed to pick up the TCP Urgent data in + * the correct sequence. + * + * What we do is: if we think we are in urgent + * mode, we look to see if we are "at the mark". + * If we are, we do an OOB receive. If we run + * this twice, we will do the OOB receive twice, + * but the second will fail, since the second + * time we were "at the mark", but there wasn't + * any data there (the kernel doesn't reset + * "at the mark" until we do a normal read). + * Once we've read the OOB data, we go ahead + * and do normal reads. + * + * There is also another problem, which is that + * since the OOB byte we read doesn't put us + * out of OOB state, and since that byte is most + * likely the TELNET DM (data mark), we would + * stay in the TELNET SYNCH (SYNCHing) state. + * So, clocks to the rescue. If we've "just" + * received a DM, then we test for the + * presence of OOB data when the receive OOB + * fails (and AFTER we did the normal mode read + * to clear "at the mark"). + */ + if (SYNCHing) { + int atmark; + static int bogus_oob = 0, first = 1; + + ioctl(net, SIOCATMARK, (char *)&atmark); + if (atmark) { + c = recv(net, netiring.supply, canread, MSG_OOB); + if ((c == -1) && (errno == EINVAL)) { + c = recv(net, netiring.supply, canread, 0); + if (clocks.didnetreceive < clocks.gotDM) { + SYNCHing = stilloob(net); + } + } else if (first && c > 0) { + /* + * Bogosity check. Systems based on 4.2BSD + * do not return an error if you do a second + * recv(MSG_OOB). So, we do one. If it + * succeeds and returns exactly the same + * data, then assume that we are running + * on a broken system and set the bogus_oob + * flag. (If the data was different, then + * we probably got some valid new data, so + * increment the count...) + */ + int i; + i = recv(net, netiring.supply + c, canread - c, MSG_OOB); + if (i == c && + memcmp(netiring.supply, netiring.supply + c, i) == 0) { + bogus_oob = 1; + first = 0; + } else if (i < 0) { + bogus_oob = 0; + first = 0; + } else + c += i; + } + if (bogus_oob && c > 0) { + int i; + /* + * Bogosity. We have to do the read + * to clear the atmark to get out of + * an infinate loop. + */ + i = read(net, netiring.supply + c, canread - c); + if (i > 0) + c += i; + } + } else { + c = recv(net, netiring.supply, canread, 0); + } + } else { + c = recv(net, netiring.supply, canread, 0); + } + settimer(didnetreceive); +#else /* !defined(SO_OOBINLINE) */ + c = recv(net, (char *)netiring.supply, canread, 0); +#endif /* !defined(SO_OOBINLINE) */ + if (c < 0 && errno == EWOULDBLOCK) { + c = 0; + } else if (c <= 0) { + return -1; + } + if (netdata) { + Dump('<', netiring.supply, c); + } + if (c) + ring_supplied(&netiring, c); + returnValue = 1; + } + + /* + * Something to read from the tty... + */ + if (FD_ISSET(tin, &ibits)) { + FD_CLR(tin, &ibits); + c = TerminalRead(ttyiring.supply, ring_empty_consecutive(&ttyiring)); + if (c < 0 && errno == EIO) + c = 0; + if (c < 0 && errno == EWOULDBLOCK) { + c = 0; + } else { + /* EOF detection for line mode!!!! */ + if ((c == 0) && MODE_LOCAL_CHARS(globalmode) && isatty(tin)) { + /* must be an EOF... */ + *ttyiring.supply = termEofChar; + c = 1; + } + if (c <= 0) { + return -1; + } + if (termdata) { + Dump('<', ttyiring.supply, c); + } + ring_supplied(&ttyiring, c); + } + returnValue = 1; /* did something useful */ + } + + if (FD_ISSET(net, &obits)) { + FD_CLR(net, &obits); + returnValue |= netflush(); + } + if (FD_ISSET(tout, &obits)) { + FD_CLR(tout, &obits); + returnValue |= (ttyflush(SYNCHing|flushout) > 0); + } + + return returnValue; +} diff --git a/secure/usr.bin/telnet/telnet.1 b/secure/usr.bin/telnet/telnet.1 new file mode 100644 index 0000000..b996fea --- /dev/null +++ b/secure/usr.bin/telnet/telnet.1 @@ -0,0 +1,1366 @@ +.\" Copyright (c) 1983, 1990, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)telnet.1 8.6 (Berkeley) 6/1/94 +.\" +.Dd June 1, 1994 +.Dt TELNET 1 +.Os BSD 4.2 +.Sh NAME +.Nm telnet +.Nd user interface to the +.Tn TELNET +protocol +.Sh SYNOPSIS +.Nm telnet +.Op Fl 8EFKLacdfrx +.Op Fl S Ar tos +.Op Fl X Ar authtype +.Op Fl e Ar escapechar +.Op Fl k Ar realm +.Op Fl l Ar user +.Op Fl n Ar tracefile +.Oo +.Ar host +.Op port +.Oc +.Sh DESCRIPTION +The +.Nm telnet +command +is used to communicate with another host using the +.Tn TELNET +protocol. +If +.Nm telnet +is invoked without the +.Ar host +argument, it enters command mode, +indicated by its prompt +.Pq Nm telnet\&> . +In this mode, it accepts and executes the commands listed below. +If it is invoked with arguments, it performs an +.Ic open +command with those arguments. +.Pp +Options: +.Bl -tag -width indent +.It Fl 8 +Specifies an 8-bit data path. This causes an attempt to +negotiate the +.Dv TELNET BINARY +option on both input and output. +.It Fl E +Stops any character from being recognized as an escape character. +.It Fl F +If Kerberos V5 authentication is being used, the +.Fl F +option allows the local credentials to be forwarded +to the remote system, including any credentials that +have already been forwarded into the local environment. +.It Fl K +Specifies no automatic login to the remote system. +.It Fl L +Specifies an 8-bit data path on output. This causes the +BINARY option to be negotiated on output. +.It Fl S Ar tos +Sets the IP type-of-service (TOS) option for the telnet +connection to the value +.Ar tos, +which can be a numeric TOS value +or, on systems that support it, a symbolic +TOS name found in the /etc/iptos file. +.It Fl X Ar atype +Disables the +.Ar atype +type of authentication. +.It Fl a +Attempt automatic login. +Currently, this sends the user name via the +.Ev USER +variable +of the +.Ev ENVIRON +option if supported by the remote system. +The name used is that of the current user as returned by +.Xr getlogin 2 +if it agrees with the current user ID, +otherwise it is the name associated with the user ID. +.It Fl c +Disables the reading of the user's +.Pa \&.telnetrc +file. (See the +.Ic toggle skiprc +command on this man page.) +.It Fl d +Sets the initial value of the +.Ic debug +toggle to +.Dv TRUE +.It Fl e Ar escape char +Sets the initial +.Nm +.Nm telnet +escape character to +.Ar escape char. +If +.Ar escape char +is omitted, then +there will be no escape character. +.It Fl f +If Kerberos V5 authentication is being used, the +.Fl f +option allows the local credentials to be forwarded to the remote system. +.ne 1i +.It Fl k Ar realm +If Kerberos authentication is being used, the +.Fl k +option requests that telnet obtain tickets for the remote host in +realm realm instead of the remote host's realm, as determined +by +.Xr krb_realmofhost 3 . +.It Fl l Ar user +When connecting to the remote system, if the remote system +understands the +.Ev ENVIRON +option, then +.Ar user +will be sent to the remote system as the value for the variable USER. +This option implies the +.Fl a +option. +This option may also be used with the +.Ic open +command. +.It Fl n Ar tracefile +Opens +.Ar tracefile +for recording trace information. +See the +.Ic set tracefile +command below. +.It Fl r +Specifies a user interface similar to +.Xr rlogin 1 . +In this +mode, the escape character is set to the tilde (~) character, +unless modified by the -e option. +.It Fl x +Turns on encryption of the data stream if possible. This +option is not available outside of the United States and +Canada. +.It Ar host +Indicates the official name, an alias, or the Internet address +of a remote host. +.It Ar port +Indicates a port number (address of an application). If a number is +not specified, the default +.Nm telnet +port is used. +.El +.Pp +When in rlogin mode, a line of the form ~. disconnects from the +remote host; ~ is the telnet escape character. +Similarly, the line ~^Z suspends the telnet session. +The line ~^] escapes to the normal telnet escape prompt. +.Pp +Once a connection has been opened, +.Nm telnet +will attempt to enable the +.Dv TELNET LINEMODE +option. +If this fails, then +.Nm telnet +will revert to one of two input modes: +either \*(Lqcharacter at a time\*(Rq +or \*(Lqold line by line\*(Rq +depending on what the remote system supports. +.Pp +When +.Dv LINEMODE +is enabled, character processing is done on the +local system, under the control of the remote system. When input +editing or character echoing is to be disabled, the remote system +will relay that information. The remote system will also relay +changes to any special characters that happen on the remote +system, so that they can take effect on the local system. +.Pp +In \*(Lqcharacter at a time\*(Rq mode, most +text typed is immediately sent to the remote host for processing. +.Pp +In \*(Lqold line by line\*(Rq mode, all text is echoed locally, +and (normally) only completed lines are sent to the remote host. +The \*(Lqlocal echo character\*(Rq (initially \*(Lq^E\*(Rq) may be used +to turn off and on the local echo +(this would mostly be used to enter passwords +without the password being echoed). +.Pp +If the +.Dv LINEMODE +option is enabled, or if the +.Ic localchars +toggle is +.Dv TRUE +(the default for \*(Lqold line by line\*(Lq; see below), +the user's +.Ic quit , +.Ic intr , +and +.Ic flush +characters are trapped locally, and sent as +.Tn TELNET +protocol sequences to the remote side. +If +.Dv LINEMODE +has ever been enabled, then the user's +.Ic susp +and +.Ic eof +are also sent as +.Tn TELNET +protocol sequences, +and +.Ic quit +is sent as a +.Dv TELNET ABORT +instead of +.Dv BREAK +There are options (see +.Ic toggle +.Ic autoflush +and +.Ic toggle +.Ic autosynch +below) +which cause this action to flush subsequent output to the terminal +(until the remote host acknowledges the +.Tn TELNET +sequence) and flush previous terminal input +(in the case of +.Ic quit +and +.Ic intr ) . +.Pp +While connected to a remote host, +.Nm telnet +command mode may be entered by typing the +.Nm telnet +\*(Lqescape character\*(Rq (initially \*(Lq^]\*(Rq). +When in command mode, the normal terminal editing conventions are available. +.Pp +The following +.Nm telnet +commands are available. +Only enough of each command to uniquely identify it need be typed +(this is also true for arguments to the +.Ic mode , +.Ic set , +.Ic toggle , +.Ic unset , +.Ic slc , +.Ic environ , +and +.Ic display +commands). +.Pp +.Bl -tag -width "mode type" +.It Ic auth Ar argument ... +The auth command manipulates the information sent through the +.Dv TELNET AUTHENTICATE +option. Valid arguments for the +auth command are as follows: +.Bl -tag -width "disable type" +.It Ic disable Ar type +Disables the specified type of authentication. To +obtain a list of available types, use the +.Ic auth disable \&? +command. +.It Ic enable Ar type +Enables the specified type of authentication. To +obtain a list of available types, use the +.Ic auth enable \&? +command. +.It Ic status +Lists the current status of the various types of +authentication. +.El +.It Ic close +Close a +.Tn TELNET +session and return to command mode. +.It Ic display Ar argument ... +Displays all, or some, of the +.Ic set +and +.Ic toggle +values (see below). +.It Ic encrypt Ar argument ... +The encrypt command manipulates the information sent through the +.Dv TELNET ENCRYPT +option. +.Pp +Note: Because of export controls, the +.Dv TELNET ENCRYPT +option is not supported outside of the United States and Canada. +.Pp +Valid arguments for the encrypt command are as follows: +.Bl -tag -width Ar +.It Ic disable Ar type Ic [input|output] +Disables the specified type of encryption. If you +omit the input and output, both input and output +are disabled. To obtain a list of available +types, use the +.Ic encrypt disable \&? +command. +.It Ic enable Ar type Ic [input|output] +Enables the specified type of encryption. If you +omit input and output, both input and output are +enabled. To obtain a list of available types, use the +.Ic encrypt enable \&? +command. +.It Ic input +This is the same as the +.Ic encrypt start input +command. +.It Ic -input +This is the same as the +.Ic encrypt stop input +command. +.It Ic output +This is the same as the +.Ic encrypt start output +command. +.It Ic -output +This is the same as the +.Ic encrypt stop output +command. +.It Ic start Ic [input|output] +Attempts to start encryption. If you omit +.Ic input +and +.Ic output, +both input and output are enabled. To +obtain a list of available types, use the +.Ic encrypt enable \&? +command. +.It Ic status +Lists the current status of encryption. +.It Ic stop Ic [input|output] +Stops encryption. If you omit input and output, +encryption is on both input and output. +.It Ic type Ar type +Sets the default type of encryption to be used +with later +.Ic encrypt start +or +.Ic encrypt stop +commands. +.El +.It Ic environ Ar arguments... +The +.Ic environ +command is used to manipulate the +the variables that my be sent through the +.Dv TELNET ENVIRON +option. +The initial set of variables is taken from the users +environment, with only the +.Ev DISPLAY +and +.Ev PRINTER +variables being exported by default. +The +.Ev USER +variable is also exported if the +.Fl a +or +.Fl l +options are used. +.br +Valid arguments for the +.Ic environ +command are: +.Bl -tag -width Fl +.It Ic define Ar variable value +Define the variable +.Ar variable +to have a value of +.Ar value. +Any variables defined by this command are automatically exported. +The +.Ar value +may be enclosed in single or double quotes so +that tabs and spaces may be included. +.It Ic undefine Ar variable +Remove +.Ar variable +from the list of environment variables. +.It Ic export Ar variable +Mark the variable +.Ar variable +to be exported to the remote side. +.It Ic unexport Ar variable +Mark the variable +.Ar variable +to not be exported unless +explicitly asked for by the remote side. +.It Ic list +List the current set of environment variables. +Those marked with a +.Cm * +will be sent automatically, +other variables will only be sent if explicitly requested. +.It Ic \&? +Prints out help information for the +.Ic environ +command. +.El +.It Ic logout +Sends the +.Dv TELNET LOGOUT +option to the remote side. +This command is similar to a +.Ic close +command; however, if the remote side does not support the +.Dv LOGOUT +option, nothing happens. +If, however, the remote side does support the +.Dv LOGOUT +option, this command should cause the remote side to close the +.Tn TELNET +connection. +If the remote side also supports the concept of +suspending a user's session for later reattachment, +the logout argument indicates that you +should terminate the session immediately. +.It Ic mode Ar type +.Ar Type +is one of several options, depending on the state of the +.Tn TELNET +session. +The remote host is asked for permission to go into the requested mode. +If the remote host is capable of entering that mode, the requested +mode will be entered. +.Bl -tag -width Ar +.It Ic character +Disable the +.Dv TELNET LINEMODE +option, or, if the remote side does not understand the +.Dv LINEMODE +option, then enter \*(Lqcharacter at a time\*(Lq mode. +.It Ic line +Enable the +.Dv TELNET LINEMODE +option, or, if the remote side does not understand the +.Dv LINEMODE +option, then attempt to enter \*(Lqold-line-by-line\*(Lq mode. +.It Ic isig Pq Ic \-isig +Attempt to enable (disable) the +.Dv TRAPSIG +mode of the +.Dv LINEMODE +option. +This requires that the +.Dv LINEMODE +option be enabled. +.It Ic edit Pq Ic \-edit +Attempt to enable (disable) the +.Dv EDIT +mode of the +.Dv LINEMODE +option. +This requires that the +.Dv LINEMODE +option be enabled. +.It Ic softtabs Pq Ic \-softtabs +Attempt to enable (disable) the +.Dv SOFT_TAB +mode of the +.Dv LINEMODE +option. +This requires that the +.Dv LINEMODE +option be enabled. +.ne 1i +.It Ic litecho Pq Ic \-litecho +Attempt to enable (disable) the +.Dv LIT_ECHO +mode of the +.Dv LINEMODE +option. +This requires that the +.Dv LINEMODE +option be enabled. +.It Ic \&? +Prints out help information for the +.Ic mode +command. +.El +.It Xo +.Ic open Ar host +.Oo Op Fl l +.Ar user +.Oc Ns Oo Fl +.Ar port Oc +.Xc +Open a connection to the named host. +If no port number +is specified, +.Nm telnet +will attempt to contact a +.Tn TELNET +server at the default port. +The host specification may be either a host name (see +.Xr hosts 5 ) +or an Internet address specified in the \*(Lqdot notation\*(Rq (see +.Xr inet 3 ) . +The +.Op Fl l +option may be used to specify the user name +to be passed to the remote system via the +.Ev ENVIRON +option. +When connecting to a non-standard port, +.Nm telnet +omits any automatic initiation of +.Tn TELNET +options. When the port number is preceded by a minus sign, +the initial option negotiation is done. +After establishing a connection, the file +.Pa \&.telnetrc +in the +users home directory is opened. Lines beginning with a # are +comment lines. Blank lines are ignored. Lines that begin +without white space are the start of a machine entry. The +first thing on the line is the name of the machine that is +being connected to. The rest of the line, and successive +lines that begin with white space are assumed to be +.Nm telnet +commands and are processed as if they had been typed +in manually to the +.Nm telnet +command prompt. +.It Ic quit +Close any open +.Tn TELNET +session and exit +.Nm telnet . +An end of file (in command mode) will also close a session and exit. +.It Ic send Ar arguments +Sends one or more special character sequences to the remote host. +The following are the arguments which may be specified +(more than one argument may be specified at a time): +.Pp +.Bl -tag -width escape +.It Ic abort +Sends the +.Dv TELNET ABORT +(Abort +processes) +sequence. +.It Ic ao +Sends the +.Dv TELNET AO +(Abort Output) sequence, which should cause the remote system to flush +all output +.Em from +the remote system +.Em to +the user's terminal. +.It Ic ayt +Sends the +.Dv TELNET AYT +(Are You There) +sequence, to which the remote system may or may not choose to respond. +.It Ic brk +Sends the +.Dv TELNET BRK +(Break) sequence, which may have significance to the remote +system. +.It Ic ec +Sends the +.Dv TELNET EC +(Erase Character) +sequence, which should cause the remote system to erase the last character +entered. +.It Ic el +Sends the +.Dv TELNET EL +(Erase Line) +sequence, which should cause the remote system to erase the line currently +being entered. +.It Ic eof +Sends the +.Dv TELNET EOF +(End Of File) +sequence. +.It Ic eor +Sends the +.Dv TELNET EOR +(End of Record) +sequence. +.It Ic escape +Sends the current +.Nm telnet +escape character (initially \*(Lq^\*(Rq). +.It Ic ga +Sends the +.Dv TELNET GA +(Go Ahead) +sequence, which likely has no significance to the remote system. +.It Ic getstatus +If the remote side supports the +.Dv TELNET STATUS +command, +.Ic getstatus +will send the subnegotiation to request that the server send +its current option status. +.ne 1i +.It Ic ip +Sends the +.Dv TELNET IP +(Interrupt Process) sequence, which should cause the remote +system to abort the currently running process. +.It Ic nop +Sends the +.Dv TELNET NOP +(No OPeration) +sequence. +.It Ic susp +Sends the +.Dv TELNET SUSP +(SUSPend process) +sequence. +.It Ic synch +Sends the +.Dv TELNET SYNCH +sequence. +This sequence causes the remote system to discard all previously typed +(but not yet read) input. +This sequence is sent as +.Tn TCP +urgent +data (and may not work if the remote system is a +.Bx 4.2 +system -- if +it doesn't work, a lower case \*(Lqr\*(Rq may be echoed on the terminal). +.It Ic do Ar cmd +.It Ic dont Ar cmd +.It Ic will Ar cmd +.It Ic wont Ar cmd +Sends the +.Dv TELNET DO +.Ar cmd +sequence. +.Ar Cmd +can be either a decimal number between 0 and 255, +or a symbolic name for a specific +.Dv TELNET +command. +.Ar Cmd +can also be either +.Ic help +or +.Ic \&? +to print out help information, including +a list of known symbolic names. +.It Ic \&? +Prints out help information for the +.Ic send +command. +.El +.It Ic set Ar argument value +.It Ic unset Ar argument value +The +.Ic set +command will set any one of a number of +.Nm telnet +variables to a specific value or to +.Dv TRUE . +The special value +.Ic off +turns off the function associated with +the variable, this is equivalent to using the +.Ic unset +command. +The +.Ic unset +command will disable or set to +.Dv FALSE +any of the specified functions. +The values of variables may be interrogated with the +.Ic display +command. +The variables which may be set or unset, but not toggled, are +listed here. In addition, any of the variables for the +.Ic toggle +command may be explicitly set or unset using +the +.Ic set +and +.Ic unset +commands. +.Bl -tag -width escape +.It Ic ayt +If +.Tn TELNET +is in localchars mode, or +.Dv LINEMODE +is enabled, and the status character is typed, a +.Dv TELNET AYT +sequence (see +.Ic send ayt +preceding) is sent to the +remote host. The initial value for the "Are You There" +character is the terminal's status character. +.It Ic echo +This is the value (initially \*(Lq^E\*(Rq) which, when in +\*(Lqline by line\*(Rq mode, toggles between doing local echoing +of entered characters (for normal processing), and suppressing +echoing of entered characters (for entering, say, a password). +.It Ic eof +If +.Nm telnet +is operating in +.Dv LINEMODE +or \*(Lqold line by line\*(Rq mode, entering this character +as the first character on a line will cause this character to be +sent to the remote system. +The initial value of the eof character is taken to be the terminal's +.Ic eof +character. +.It Ic erase +If +.Nm telnet +is in +.Ic localchars +mode (see +.Ic toggle +.Ic localchars +below), +.Sy and +if +.Nm telnet +is operating in \*(Lqcharacter at a time\*(Rq mode, then when this +character is typed, a +.Dv TELNET EC +sequence (see +.Ic send +.Ic ec +above) +is sent to the remote system. +The initial value for the erase character is taken to be +the terminal's +.Ic erase +character. +.It Ic escape +This is the +.Nm telnet +escape character (initially \*(Lq^[\*(Rq) which causes entry +into +.Nm telnet +command mode (when connected to a remote system). +.It Ic flushoutput +If +.Nm telnet +is in +.Ic localchars +mode (see +.Ic toggle +.Ic localchars +below) +and the +.Ic flushoutput +character is typed, a +.Dv TELNET AO +sequence (see +.Ic send +.Ic ao +above) +is sent to the remote host. +The initial value for the flush character is taken to be +the terminal's +.Ic flush +character. +.It Ic forw1 +.It Ic forw2 +If +.Tn TELNET +is operating in +.Dv LINEMODE , +these are the +characters that, when typed, cause partial lines to be +forwarded to the remote system. The initial value for +the forwarding characters are taken from the terminal's +eol and eol2 characters. +.It Ic interrupt +If +.Nm telnet +is in +.Ic localchars +mode (see +.Ic toggle +.Ic localchars +below) +and the +.Ic interrupt +character is typed, a +.Dv TELNET IP +sequence (see +.Ic send +.Ic ip +above) +is sent to the remote host. +The initial value for the interrupt character is taken to be +the terminal's +.Ic intr +character. +.It Ic kill +If +.Nm telnet +is in +.Ic localchars +mode (see +.Ic toggle +.Ic localchars +below), +.Ic and +if +.Nm telnet +is operating in \*(Lqcharacter at a time\*(Rq mode, then when this +character is typed, a +.Dv TELNET EL +sequence (see +.Ic send +.Ic el +above) +is sent to the remote system. +The initial value for the kill character is taken to be +the terminal's +.Ic kill +character. +.It Ic lnext +If +.Nm telnet +is operating in +.Dv LINEMODE +or \*(Lqold line by line\*(Lq mode, then this character is taken to +be the terminal's +.Ic lnext +character. +The initial value for the lnext character is taken to be +the terminal's +.Ic lnext +character. +.It Ic quit +If +.Nm telnet +is in +.Ic localchars +mode (see +.Ic toggle +.Ic localchars +below) +and the +.Ic quit +character is typed, a +.Dv TELNET BRK +sequence (see +.Ic send +.Ic brk +above) +is sent to the remote host. +The initial value for the quit character is taken to be +the terminal's +.Ic quit +character. +.It Ic reprint +If +.Nm telnet +is operating in +.Dv LINEMODE +or \*(Lqold line by line\*(Lq mode, then this character is taken to +be the terminal's +.Ic reprint +character. +The initial value for the reprint character is taken to be +the terminal's +.Ic reprint +character. +.It Ic rlogin +This is the rlogin escape character. +If set, the normal +.Tn TELNET +escape character is ignored unless it is +preceded by this character at the beginning of a line. +This character, at the beginning of a line followed by +a "." closes the connection; when followed by a ^Z it +suspends the telnet command. The initial state is to +disable the rlogin escape character. +.It Ic start +If the +.Dv TELNET TOGGLE-FLOW-CONTROL +option has been enabled, +then this character is taken to +be the terminal's +.Ic start +character. +The initial value for the kill character is taken to be +the terminal's +.Ic start +character. +.It Ic stop +If the +.Dv TELNET TOGGLE-FLOW-CONTROL +option has been enabled, +then this character is taken to +be the terminal's +.Ic stop +character. +The initial value for the kill character is taken to be +the terminal's +.Ic stop +character. +.It Ic susp +If +.Nm telnet +is in +.Ic localchars +mode, or +.Dv LINEMODE +is enabled, and the +.Ic suspend +character is typed, a +.Dv TELNET SUSP +sequence (see +.Ic send +.Ic susp +above) +is sent to the remote host. +The initial value for the suspend character is taken to be +the terminal's +.Ic suspend +character. +.ne 1i +.It Ic tracefile +This is the file to which the output, caused by +.Ic netdata +or +.Ic option +tracing being +.Dv TRUE , +will be written. If it is set to +.Dq Fl , +then tracing information will be written to standard output (the default). +.It Ic worderase +If +.Nm telnet +is operating in +.Dv LINEMODE +or \*(Lqold line by line\*(Lq mode, then this character is taken to +be the terminal's +.Ic worderase +character. +The initial value for the worderase character is taken to be +the terminal's +.Ic worderase +character. +.It Ic \&? +Displays the legal +.Ic set +.Pq Ic unset +commands. +.El +.It Ic slc Ar state +The +.Ic slc +command (Set Local Characters) is used to set +or change the state of the the special +characters when the +.Dv TELNET LINEMODE +option has +been enabled. Special characters are characters that get +mapped to +.Tn TELNET +commands sequences (like +.Ic ip +or +.Ic quit ) +or line editing characters (like +.Ic erase +and +.Ic kill ) . +By default, the local special characters are exported. +.Bl -tag -width Fl +.It Ic check +Verify the current settings for the current special characters. +The remote side is requested to send all the current special +character settings, and if there are any discrepancies with +the local side, the local side will switch to the remote value. +.It Ic export +Switch to the local defaults for the special characters. The +local default characters are those of the local terminal at +the time when +.Nm telnet +was started. +.It Ic import +Switch to the remote defaults for the special characters. +The remote default characters are those of the remote system +at the time when the +.Tn TELNET +connection was established. +.It Ic \&? +Prints out help information for the +.Ic slc +command. +.El +.It Ic status +Show the current status of +.Nm telnet . +This includes the peer one is connected to, as well +as the current mode. +.It Ic toggle Ar arguments ... +Toggle (between +.Dv TRUE +and +.Dv FALSE ) +various flags that control how +.Nm telnet +responds to events. +These flags may be set explicitly to +.Dv TRUE +or +.Dv FALSE +using the +.Ic set +and +.Ic unset +commands listed above. +More than one argument may be specified. +The state of these flags may be interrogated with the +.Ic display +command. +Valid arguments are: +.Bl -tag -width Ar +.It Ic authdebug +Turns on debugging information for the authentication code. +.It Ic autoflush +If +.Ic autoflush +and +.Ic localchars +are both +.Dv TRUE , +then when the +.Ic ao , +or +.Ic quit +characters are recognized (and transformed into +.Tn TELNET +sequences; see +.Ic set +above for details), +.Nm telnet +refuses to display any data on the user's terminal +until the remote system acknowledges (via a +.Dv TELNET TIMING MARK +option) +that it has processed those +.Tn TELNET +sequences. +The initial value for this toggle is +.Dv TRUE +if the terminal user had not +done an "stty noflsh", otherwise +.Dv FALSE +(see +.Xr stty 1 ) . +.It Ic autodecrypt +When the +.Dv TELNET ENCRYPT +option is negotiated, by +default the actual encryption (decryption) of the data +stream does not start automatically. The autoencrypt +(autodecrypt) command states that encryption of the +output (input) stream should be enabled as soon as +possible. +.sp +.Pp +Note: Because of export controls, the +.Dv TELNET ENCRYPT +option is not supported outside the United States and Canada. +.It Ic autologin +If the remote side supports the +.Dv TELNET AUTHENTICATION +option +.Tn TELNET +attempts to use it to perform automatic authentication. If the +.Dv AUTHENTICATION +option is not supported, the user's login +name are propagated through the +.Dv TELNET ENVIRON +option. +This command is the same as specifying +.Ar a +option on the +.Ic open +command. +.It Ic autosynch +If +.Ic autosynch +and +.Ic localchars +are both +.Dv TRUE , +then when either the +.Ic intr +or +.Ic quit +characters is typed (see +.Ic set +above for descriptions of the +.Ic intr +and +.Ic quit +characters), the resulting +.Tn TELNET +sequence sent is followed by the +.Dv TELNET SYNCH +sequence. +This procedure +.Ic should +cause the remote system to begin throwing away all previously +typed input until both of the +.Tn TELNET +sequences have been read and acted upon. +The initial value of this toggle is +.Dv FALSE . +.It Ic binary +Enable or disable the +.Dv TELNET BINARY +option on both input and output. +.It Ic inbinary +Enable or disable the +.Dv TELNET BINARY +option on input. +.It Ic outbinary +Enable or disable the +.Dv TELNET BINARY +option on output. +.It Ic crlf +If this is +.Dv TRUE , +then carriage returns will be sent as +.Li <CR><LF> . +If this is +.Dv FALSE , +then carriage returns will be send as +.Li <CR><NUL> . +The initial value for this toggle is +.Dv FALSE . +.It Ic crmod +Toggle carriage return mode. +When this mode is enabled, most carriage return characters received from +the remote host will be mapped into a carriage return followed by +a line feed. +This mode does not affect those characters typed by the user, only +those received from the remote host. +This mode is not very useful unless the remote host +only sends carriage return, but never line feed. +The initial value for this toggle is +.Dv FALSE . +.It Ic debug +Toggles socket level debugging (useful only to the +.Ic super user ) . +The initial value for this toggle is +.Dv FALSE . +.It Ic encdebug +Turns on debugging information for the encryption code. +.It Ic localchars +If this is +.Dv TRUE , +then the +.Ic flush , +.Ic interrupt , +.Ic quit , +.Ic erase , +and +.Ic kill +characters (see +.Ic set +above) are recognized locally, and transformed into (hopefully) appropriate +.Tn TELNET +control sequences +(respectively +.Ic ao , +.Ic ip , +.Ic brk , +.Ic ec , +and +.Ic el ; +see +.Ic send +above). +The initial value for this toggle is +.Dv TRUE +in \*(Lqold line by line\*(Rq mode, +and +.Dv FALSE +in \*(Lqcharacter at a time\*(Rq mode. +When the +.Dv LINEMODE +option is enabled, the value of +.Ic localchars +is ignored, and assumed to always be +.Dv TRUE . +If +.Dv LINEMODE +has ever been enabled, then +.Ic quit +is sent as +.Ic abort , +and +.Ic eof and +.B suspend +are sent as +.Ic eof and +.Ic susp , +see +.Ic send +above). +.It Ic netdata +Toggles the display of all network data (in hexadecimal format). +The initial value for this toggle is +.Dv FALSE . +.It Ic options +Toggles the display of some internal +.Nm telnet +protocol processing (having to do with +.Tn TELNET +options). +The initial value for this toggle is +.Dv FALSE . +.ne 1i +.It Ic prettydump +When the +.Ic netdata +toggle is enabled, if +.Ic prettydump +is enabled the output from the +.Ic netdata +command will be formatted in a more user readable format. +Spaces are put between each character in the output, and the +beginning of any +.Tn TELNET +escape sequence is preceded by a '*' to aid in locating them. +.It Ic skiprc +When the skiprc toggle is +.Dv TRUE , +.Tn TELNET +skips the reading of the +.Pa \&.telnetrc +file in the users home +directory when connections are opened. The initial +value for this toggle is +.Dv FALSE. +.It Ic termdata +Toggles the display of all terminal data (in hexadecimal format). +The initial value for this toggle is +.Dv FALSE . +.It Ic verbose_encrypt +When the +.Ic verbose_encrypt +toggle is +.Dv TRUE , +.Tn TELNET +prints out a message each time encryption is enabled or +disabled. The initial value for this toggle is +.Dv FALSE. +Note: Because of export controls, data encryption +is not supported outside of the United States and Canada. +.It Ic \&? +Displays the legal +.Ic toggle +commands. +.El +.It Ic z +Suspend +.Nm telnet . +This command only works when the user is using the +.Xr csh 1 . +.It Ic \&! Op Ar command +Execute a single command in a subshell on the local +system. If +.Ic command +is omitted, then an interactive +subshell is invoked. +.It Ic \&? Op Ar command +Get help. With no arguments, +.Nm telnet +prints a help summary. +If a command is specified, +.Nm telnet +will print the help information for just that command. +.El +.Sh ENVIRONMENT +.Nm Telnet +uses at least the +.Ev HOME , +.Ev SHELL , +.Ev DISPLAY , +and +.Ev TERM +environment variables. +Other environment variables may be propagated +to the other side via the +.Dv TELNET ENVIRON +option. +.Sh FILES +.Bl -tag -width ~/.telnetrc -compact +.It Pa ~/.telnetrc +user customized telnet startup values +.El +.Sh HISTORY +The +.Nm Telnet +command appeared in +.Bx 4.2 . +.Sh NOTES +.Pp +On some remote systems, echo has to be turned off manually when in +\*(Lqold line by line\*(Rq mode. +.Pp +In \*(Lqold line by line\*(Rq mode or +.Dv LINEMODE +the terminal's +.Ic eof +character is only recognized (and sent to the remote system) +when it is the first character on a line. diff --git a/secure/usr.bin/telnet/telnet.c b/secure/usr.bin/telnet/telnet.c new file mode 100644 index 0000000..4402fdd --- /dev/null +++ b/secure/usr.bin/telnet/telnet.c @@ -0,0 +1,2650 @@ +/* + * Copyright (c) 1988, 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)telnet.c 8.4 (Berkeley) 5/30/95"; +#endif /* not lint */ + +#include <sys/types.h> + +#if defined(unix) +#include <signal.h> +/* By the way, we need to include curses.h before telnet.h since, + * among other things, telnet.h #defines 'DO', which is a variable + * declared in curses.h. + */ +#endif /* defined(unix) */ + +#include <arpa/telnet.h> + +#include <ctype.h> + +#include "ring.h" + +#include "defines.h" +#include "externs.h" +#include "types.h" +#include "general.h" + + +#define strip(x) ((my_want_state_is_wont(TELOPT_BINARY)) ? ((x)&0x7f) : (x)) + +static unsigned char subbuffer[SUBBUFSIZE], + *subpointer, *subend; /* buffer for sub-options */ +#define SB_CLEAR() subpointer = subbuffer; +#define SB_TERM() { subend = subpointer; SB_CLEAR(); } +#define SB_ACCUM(c) if (subpointer < (subbuffer+sizeof subbuffer)) { \ + *subpointer++ = (c); \ + } + +#define SB_GET() ((*subpointer++)&0xff) +#define SB_PEEK() ((*subpointer)&0xff) +#define SB_EOF() (subpointer >= subend) +#define SB_LEN() (subend - subpointer) + +char options[256]; /* The combined options */ +char do_dont_resp[256]; +char will_wont_resp[256]; + +int + eight = 0, + autologin = 0, /* Autologin anyone? */ + skiprc = 0, + connected, + showoptions, + In3270, /* Are we in 3270 mode? */ + ISend, /* trying to send network data in */ + debug = 0, + crmod, + netdata, /* Print out network data flow */ + crlf, /* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */ +#if defined(TN3270) + noasynchtty = 0,/* User specified "-noasynch" on command line */ + noasynchnet = 0,/* User specified "-noasynch" on command line */ + askedSGA = 0, /* We have talked about suppress go ahead */ +#endif /* defined(TN3270) */ + telnetport, + SYNCHing, /* we are in TELNET SYNCH mode */ + flushout, /* flush output */ + autoflush = 0, /* flush output when interrupting? */ + autosynch, /* send interrupt characters with SYNCH? */ + localflow, /* we handle flow control locally */ + restartany, /* if flow control enabled, restart on any character */ + localchars, /* we recognize interrupt/quit */ + donelclchars, /* the user has set "localchars" */ + donebinarytoggle, /* the user has put us in binary */ + dontlecho, /* do we suppress local echoing right now? */ + globalmode; + +char *prompt = 0; + +cc_t escape; +cc_t rlogin; +#ifdef KLUDGELINEMODE +cc_t echoc; +#endif + +/* + * Telnet receiver states for fsm + */ +#define TS_DATA 0 +#define TS_IAC 1 +#define TS_WILL 2 +#define TS_WONT 3 +#define TS_DO 4 +#define TS_DONT 5 +#define TS_CR 6 +#define TS_SB 7 /* sub-option collection */ +#define TS_SE 8 /* looking for sub-option end */ + +static int telrcv_state; +#ifdef OLD_ENVIRON +unsigned char telopt_environ = TELOPT_NEW_ENVIRON; +#else +# define telopt_environ TELOPT_NEW_ENVIRON +#endif + +jmp_buf toplevel = { 0 }; +jmp_buf peerdied; + +int flushline; +int linemode; + +#ifdef KLUDGELINEMODE +int kludgelinemode = 1; +#endif + +/* + * The following are some clocks used to decide how to interpret + * the relationship between various variables. + */ + +Clocks clocks; + +#ifdef notdef +Modelist modelist[] = { + { "telnet command mode", COMMAND_LINE }, + { "character-at-a-time mode", 0 }, + { "character-at-a-time mode (local echo)", LOCAL_ECHO|LOCAL_CHARS }, + { "line-by-line mode (remote echo)", LINE | LOCAL_CHARS }, + { "line-by-line mode", LINE | LOCAL_ECHO | LOCAL_CHARS }, + { "line-by-line mode (local echoing suppressed)", LINE | LOCAL_CHARS }, + { "3270 mode", 0 }, +}; +#endif + + +/* + * Initialize telnet environment. + */ + + void +init_telnet() +{ + env_init(); + + SB_CLEAR(); + ClearArray(options); + + connected = In3270 = ISend = localflow = donebinarytoggle = 0; +#if defined(AUTHENTICATION) || defined(ENCRYPTION) + auth_encrypt_connect(connected); +#endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */ + restartany = -1; + + SYNCHing = 0; + + /* Don't change NetTrace */ + + escape = CONTROL(']'); + rlogin = _POSIX_VDISABLE; +#ifdef KLUDGELINEMODE + echoc = CONTROL('E'); +#endif + + flushline = 1; + telrcv_state = TS_DATA; +} + + +#ifdef notdef +#include <varargs.h> + + /*VARARGS*/ + static void +printring(va_alist) + va_dcl +{ + va_list ap; + char buffer[100]; /* where things go */ + char *ptr; + char *format; + char *string; + Ring *ring; + int i; + + va_start(ap); + + ring = va_arg(ap, Ring *); + format = va_arg(ap, char *); + ptr = buffer; + + while ((i = *format++) != 0) { + if (i == '%') { + i = *format++; + switch (i) { + case 'c': + *ptr++ = va_arg(ap, int); + break; + case 's': + string = va_arg(ap, char *); + ring_supply_data(ring, buffer, ptr-buffer); + ring_supply_data(ring, string, strlen(string)); + ptr = buffer; + break; + case 0: + ExitString("printring: trailing %%.\n", 1); + /*NOTREACHED*/ + default: + ExitString("printring: unknown format character.\n", 1); + /*NOTREACHED*/ + } + } else { + *ptr++ = i; + } + } + ring_supply_data(ring, buffer, ptr-buffer); +} +#endif + +/* + * These routines are in charge of sending option negotiations + * to the other side. + * + * The basic idea is that we send the negotiation if either side + * is in disagreement as to what the current state should be. + */ + + void +send_do(c, init) + register int c, init; +{ + if (init) { + if (((do_dont_resp[c] == 0) && my_state_is_do(c)) || + my_want_state_is_do(c)) + return; + set_my_want_state_do(c); + do_dont_resp[c]++; + } + NET2ADD(IAC, DO); + NETADD(c); + printoption("SENT", DO, c); +} + + void +send_dont(c, init) + register int c, init; +{ + if (init) { + if (((do_dont_resp[c] == 0) && my_state_is_dont(c)) || + my_want_state_is_dont(c)) + return; + set_my_want_state_dont(c); + do_dont_resp[c]++; + } + NET2ADD(IAC, DONT); + NETADD(c); + printoption("SENT", DONT, c); +} + + void +send_will(c, init) + register int c, init; +{ + if (init) { + if (((will_wont_resp[c] == 0) && my_state_is_will(c)) || + my_want_state_is_will(c)) + return; + set_my_want_state_will(c); + will_wont_resp[c]++; + } + NET2ADD(IAC, WILL); + NETADD(c); + printoption("SENT", WILL, c); +} + + void +send_wont(c, init) + register int c, init; +{ + if (init) { + if (((will_wont_resp[c] == 0) && my_state_is_wont(c)) || + my_want_state_is_wont(c)) + return; + set_my_want_state_wont(c); + will_wont_resp[c]++; + } + NET2ADD(IAC, WONT); + NETADD(c); + printoption("SENT", WONT, c); +} + + + void +willoption(option) + int option; +{ + int new_state_ok = 0; + + if (do_dont_resp[option]) { + --do_dont_resp[option]; + if (do_dont_resp[option] && my_state_is_do(option)) + --do_dont_resp[option]; + } + + if ((do_dont_resp[option] == 0) && my_want_state_is_dont(option)) { + + switch (option) { + + case TELOPT_ECHO: +# if defined(TN3270) + /* + * The following is a pain in the rear-end. + * Various IBM servers (some versions of Wiscnet, + * possibly Fibronics/Spartacus, and who knows who + * else) will NOT allow us to send "DO SGA" too early + * in the setup proceedings. On the other hand, + * 4.2 servers (telnetd) won't set SGA correctly. + * So, we are stuck. Empirically (but, based on + * a VERY small sample), the IBM servers don't send + * out anything about ECHO, so we postpone our sending + * "DO SGA" until we see "WILL ECHO" (which 4.2 servers + * DO send). + */ + { + if (askedSGA == 0) { + askedSGA = 1; + if (my_want_state_is_dont(TELOPT_SGA)) + send_do(TELOPT_SGA, 1); + } + } + /* Fall through */ + case TELOPT_EOR: +#endif /* defined(TN3270) */ + case TELOPT_BINARY: + case TELOPT_SGA: + settimer(modenegotiated); + /* FALL THROUGH */ + case TELOPT_STATUS: +#if defined(AUTHENTICATION) + case TELOPT_AUTHENTICATION: +#endif +#ifdef ENCRYPTION + case TELOPT_ENCRYPT: +#endif /* ENCRYPTION */ + new_state_ok = 1; + break; + + case TELOPT_TM: + if (flushout) + flushout = 0; + /* + * Special case for TM. If we get back a WILL, + * pretend we got back a WONT. + */ + set_my_want_state_dont(option); + set_my_state_dont(option); + return; /* Never reply to TM will's/wont's */ + + case TELOPT_LINEMODE: + default: + break; + } + + if (new_state_ok) { + set_my_want_state_do(option); + send_do(option, 0); + setconnmode(0); /* possibly set new tty mode */ + } else { + do_dont_resp[option]++; + send_dont(option, 0); + } + } + set_my_state_do(option); +#ifdef ENCRYPTION + if (option == TELOPT_ENCRYPT) + encrypt_send_support(); +#endif /* ENCRYPTION */ +} + + void +wontoption(option) + int option; +{ + if (do_dont_resp[option]) { + --do_dont_resp[option]; + if (do_dont_resp[option] && my_state_is_dont(option)) + --do_dont_resp[option]; + } + + if ((do_dont_resp[option] == 0) && my_want_state_is_do(option)) { + + switch (option) { + +#ifdef KLUDGELINEMODE + case TELOPT_SGA: + if (!kludgelinemode) + break; + /* FALL THROUGH */ +#endif + case TELOPT_ECHO: + settimer(modenegotiated); + break; + + case TELOPT_TM: + if (flushout) + flushout = 0; + set_my_want_state_dont(option); + set_my_state_dont(option); + return; /* Never reply to TM will's/wont's */ + + default: + break; + } + set_my_want_state_dont(option); + if (my_state_is_do(option)) + send_dont(option, 0); + setconnmode(0); /* Set new tty mode */ + } else if (option == TELOPT_TM) { + /* + * Special case for TM. + */ + if (flushout) + flushout = 0; + set_my_want_state_dont(option); + } + set_my_state_dont(option); +} + + static void +dooption(option) + int option; +{ + int new_state_ok = 0; + + if (will_wont_resp[option]) { + --will_wont_resp[option]; + if (will_wont_resp[option] && my_state_is_will(option)) + --will_wont_resp[option]; + } + + if (will_wont_resp[option] == 0) { + if (my_want_state_is_wont(option)) { + + switch (option) { + + case TELOPT_TM: + /* + * Special case for TM. We send a WILL, but pretend + * we sent WONT. + */ + send_will(option, 0); + set_my_want_state_wont(TELOPT_TM); + set_my_state_wont(TELOPT_TM); + return; + +# if defined(TN3270) + case TELOPT_EOR: /* end of record */ +# endif /* defined(TN3270) */ + case TELOPT_BINARY: /* binary mode */ + case TELOPT_NAWS: /* window size */ + case TELOPT_TSPEED: /* terminal speed */ + case TELOPT_LFLOW: /* local flow control */ + case TELOPT_TTYPE: /* terminal type option */ + case TELOPT_SGA: /* no big deal */ +#ifdef ENCRYPTION + case TELOPT_ENCRYPT: /* encryption variable option */ +#endif /* ENCRYPTION */ + new_state_ok = 1; + break; + + case TELOPT_NEW_ENVIRON: /* New environment variable option */ +#ifdef OLD_ENVIRON + if (my_state_is_will(TELOPT_OLD_ENVIRON)) + send_wont(TELOPT_OLD_ENVIRON, 1); /* turn off the old */ + goto env_common; + case TELOPT_OLD_ENVIRON: /* Old environment variable option */ + if (my_state_is_will(TELOPT_NEW_ENVIRON)) + break; /* Don't enable if new one is in use! */ + env_common: + telopt_environ = option; +#endif + new_state_ok = 1; + break; + +#if defined(AUTHENTICATION) + case TELOPT_AUTHENTICATION: + if (autologin) + new_state_ok = 1; + break; +#endif + + case TELOPT_XDISPLOC: /* X Display location */ + if (env_getvalue((unsigned char *)"DISPLAY")) + new_state_ok = 1; + break; + + case TELOPT_LINEMODE: +#ifdef KLUDGELINEMODE + kludgelinemode = 0; + send_do(TELOPT_SGA, 1); +#endif + set_my_want_state_will(TELOPT_LINEMODE); + send_will(option, 0); + set_my_state_will(TELOPT_LINEMODE); + slc_init(); + return; + + case TELOPT_ECHO: /* We're never going to echo... */ + default: + break; + } + + if (new_state_ok) { + set_my_want_state_will(option); + send_will(option, 0); + setconnmode(0); /* Set new tty mode */ + } else { + will_wont_resp[option]++; + send_wont(option, 0); + } + } else { + /* + * Handle options that need more things done after the + * other side has acknowledged the option. + */ + switch (option) { + case TELOPT_LINEMODE: +#ifdef KLUDGELINEMODE + kludgelinemode = 0; + send_do(TELOPT_SGA, 1); +#endif + set_my_state_will(option); + slc_init(); + send_do(TELOPT_SGA, 0); + return; + } + } + } + set_my_state_will(option); +} + + static void +dontoption(option) + int option; +{ + + if (will_wont_resp[option]) { + --will_wont_resp[option]; + if (will_wont_resp[option] && my_state_is_wont(option)) + --will_wont_resp[option]; + } + + if ((will_wont_resp[option] == 0) && my_want_state_is_will(option)) { + switch (option) { + case TELOPT_LINEMODE: + linemode = 0; /* put us back to the default state */ + break; +#ifdef OLD_ENVIRON + case TELOPT_NEW_ENVIRON: + /* + * The new environ option wasn't recognized, try + * the old one. + */ + send_will(TELOPT_OLD_ENVIRON, 1); + telopt_environ = TELOPT_OLD_ENVIRON; + break; +#endif + } + /* we always accept a DONT */ + set_my_want_state_wont(option); + if (my_state_is_will(option)) + send_wont(option, 0); + setconnmode(0); /* Set new tty mode */ + } + set_my_state_wont(option); +} + +/* + * Given a buffer returned by tgetent(), this routine will turn + * the pipe seperated list of names in the buffer into an array + * of pointers to null terminated names. We toss out any bad, + * duplicate, or verbose names (names with spaces). + */ + +static char *name_unknown = "UNKNOWN"; +static char *unknown[] = { 0, 0 }; + + char ** +mklist(buf, name) + char *buf, *name; +{ + register int n; + register char c, *cp, **argvp, *cp2, **argv, **avt; + + if (name) { + if ((int)strlen(name) > 40) { + name = 0; + unknown[0] = name_unknown; + } else { + unknown[0] = name; + upcase(name); + } + } else + unknown[0] = name_unknown; + /* + * Count up the number of names. + */ + for (n = 1, cp = buf; *cp && *cp != ':'; cp++) { + if (*cp == '|') + n++; + } + /* + * Allocate an array to put the name pointers into + */ + argv = (char **)malloc((n+3)*sizeof(char *)); + if (argv == 0) + return(unknown); + + /* + * Fill up the array of pointers to names. + */ + *argv = 0; + argvp = argv+1; + n = 0; + for (cp = cp2 = buf; (c = *cp); cp++) { + if (c == '|' || c == ':') { + *cp++ = '\0'; + /* + * Skip entries that have spaces or are over 40 + * characters long. If this is our environment + * name, then put it up front. Otherwise, as + * long as this is not a duplicate name (case + * insensitive) add it to the list. + */ + if (n || (cp - cp2 > 41)) + ; + else if (name && (strncasecmp(name, cp2, cp-cp2) == 0)) + *argv = cp2; + else if (is_unique(cp2, argv+1, argvp)) + *argvp++ = cp2; + if (c == ':') + break; + /* + * Skip multiple delimiters. Reset cp2 to + * the beginning of the next name. Reset n, + * the flag for names with spaces. + */ + while ((c = *cp) == '|') + cp++; + cp2 = cp; + n = 0; + } + /* + * Skip entries with spaces or non-ascii values. + * Convert lower case letters to upper case. + */ + if ((c == ' ') || !isascii(c)) + n = 1; + else if (islower(c)) + *cp = toupper(c); + } + + /* + * Check for an old V6 2 character name. If the second + * name points to the beginning of the buffer, and is + * only 2 characters long, move it to the end of the array. + */ + if ((argv[1] == buf) && (strlen(argv[1]) == 2)) { + --argvp; + for (avt = &argv[1]; avt < argvp; avt++) + *avt = *(avt+1); + *argvp++ = buf; + } + + /* + * Duplicate last name, for TTYPE option, and null + * terminate the array. If we didn't find a match on + * our terminal name, put that name at the beginning. + */ + cp = *(argvp-1); + *argvp++ = cp; + *argvp = 0; + + if (*argv == 0) { + if (name) + *argv = name; + else { + --argvp; + for (avt = argv; avt < argvp; avt++) + *avt = *(avt+1); + } + } + if (*argv) + return(argv); + else + return(unknown); +} + + int +is_unique(name, as, ae) + register char *name, **as, **ae; +{ + register char **ap; + register int n; + + n = strlen(name) + 1; + for (ap = as; ap < ae; ap++) + if (strncasecmp(*ap, name, n) == 0) + return(0); + return (1); +} + +#ifdef TERMCAP +char termbuf[1024]; + + /*ARGSUSED*/ + int +setupterm(tname, fd, errp) + char *tname; + int fd, *errp; +{ + if (tgetent(termbuf, tname) == 1) { + termbuf[1023] = '\0'; + if (errp) + *errp = 1; + return(0); + } + if (errp) + *errp = 0; + return(-1); +} +#else +#define termbuf ttytype +extern char ttytype[]; +#endif + +int resettermname = 1; + + char * +gettermname() +{ + char *tname; + static char **tnamep = 0; + static char **next; + int err; + + if (resettermname) { + resettermname = 0; + if (tnamep && tnamep != unknown) + free(tnamep); + if ((tname = (char *)env_getvalue((unsigned char *)"TERM")) && + (setupterm(tname, 1, &err) == 0)) { + tnamep = mklist(termbuf, tname); + } else { + if (tname && ((int)strlen(tname) <= 40)) { + unknown[0] = tname; + upcase(tname); + } else + unknown[0] = name_unknown; + tnamep = unknown; + } + next = tnamep; + } + if (*next == 0) + next = tnamep; + return(*next++); +} +/* + * suboption() + * + * Look at the sub-option buffer, and try to be helpful to the other + * side. + * + * Currently we recognize: + * + * Terminal type, send request. + * Terminal speed (send request). + * Local flow control (is request). + * Linemode + */ + + static void +suboption() +{ + unsigned char subchar; + + printsub('<', subbuffer, SB_LEN()+2); + switch (subchar = SB_GET()) { + case TELOPT_TTYPE: + if (my_want_state_is_wont(TELOPT_TTYPE)) + return; + if (SB_EOF() || SB_GET() != TELQUAL_SEND) { + return; + } else { + char *name; + unsigned char temp[50]; + int len; + +#if defined(TN3270) + if (tn3270_ttype()) { + return; + } +#endif /* defined(TN3270) */ + name = gettermname(); + len = strlen(name) + 4 + 2; + if (len < NETROOM()) { + sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_TTYPE, + TELQUAL_IS, name, IAC, SE); + ring_supply_data(&netoring, temp, len); + printsub('>', &temp[2], len-2); + } else { + ExitString("No room in buffer for terminal type.\n", 1); + /*NOTREACHED*/ + } + } + break; + case TELOPT_TSPEED: + if (my_want_state_is_wont(TELOPT_TSPEED)) + return; + if (SB_EOF()) + return; + if (SB_GET() == TELQUAL_SEND) { + long ospeed, ispeed; + unsigned char temp[50]; + int len; + + TerminalSpeeds(&ispeed, &ospeed); + + sprintf((char *)temp, "%c%c%c%c%d,%d%c%c", IAC, SB, TELOPT_TSPEED, + TELQUAL_IS, ospeed, ispeed, IAC, SE); + len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */ + + if (len < NETROOM()) { + ring_supply_data(&netoring, temp, len); + printsub('>', temp+2, len - 2); + } +/*@*/ else printf("lm_will: not enough room in buffer\n"); + } + break; + case TELOPT_LFLOW: + if (my_want_state_is_wont(TELOPT_LFLOW)) + return; + if (SB_EOF()) + return; + switch(SB_GET()) { + case LFLOW_RESTART_ANY: + restartany = 1; + break; + case LFLOW_RESTART_XON: + restartany = 0; + break; + case LFLOW_ON: + localflow = 1; + break; + case LFLOW_OFF: + localflow = 0; + break; + default: + return; + } + setcommandmode(); + setconnmode(0); + break; + + case TELOPT_LINEMODE: + if (my_want_state_is_wont(TELOPT_LINEMODE)) + return; + if (SB_EOF()) + return; + switch (SB_GET()) { + case WILL: + lm_will(subpointer, SB_LEN()); + break; + case WONT: + lm_wont(subpointer, SB_LEN()); + break; + case DO: + lm_do(subpointer, SB_LEN()); + break; + case DONT: + lm_dont(subpointer, SB_LEN()); + break; + case LM_SLC: + slc(subpointer, SB_LEN()); + break; + case LM_MODE: + lm_mode(subpointer, SB_LEN(), 0); + break; + default: + break; + } + break; + +#ifdef OLD_ENVIRON + case TELOPT_OLD_ENVIRON: +#endif + case TELOPT_NEW_ENVIRON: + if (SB_EOF()) + return; + switch(SB_PEEK()) { + case TELQUAL_IS: + case TELQUAL_INFO: + if (my_want_state_is_dont(subchar)) + return; + break; + case TELQUAL_SEND: + if (my_want_state_is_wont(subchar)) { + return; + } + break; + default: + return; + } + env_opt(subpointer, SB_LEN()); + break; + + case TELOPT_XDISPLOC: + if (my_want_state_is_wont(TELOPT_XDISPLOC)) + return; + if (SB_EOF()) + return; + if (SB_GET() == TELQUAL_SEND) { + unsigned char temp[50], *dp; + int len; + + if ((dp = env_getvalue((unsigned char *)"DISPLAY")) == NULL) { + /* + * Something happened, we no longer have a DISPLAY + * variable. So, turn off the option. + */ + send_wont(TELOPT_XDISPLOC, 1); + break; + } + sprintf((char *)temp, "%c%c%c%c%s%c%c", IAC, SB, TELOPT_XDISPLOC, + TELQUAL_IS, dp, IAC, SE); + len = strlen((char *)temp+4) + 4; /* temp[3] is 0 ... */ + + if (len < NETROOM()) { + ring_supply_data(&netoring, temp, len); + printsub('>', temp+2, len - 2); + } +/*@*/ else printf("lm_will: not enough room in buffer\n"); + } + break; + +#if defined(AUTHENTICATION) + case TELOPT_AUTHENTICATION: { + if (!autologin) + break; + if (SB_EOF()) + return; + switch(SB_GET()) { + case TELQUAL_IS: + if (my_want_state_is_dont(TELOPT_AUTHENTICATION)) + return; + auth_is(subpointer, SB_LEN()); + break; + case TELQUAL_SEND: + if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) + return; + auth_send(subpointer, SB_LEN()); + break; + case TELQUAL_REPLY: + if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) + return; + auth_reply(subpointer, SB_LEN()); + break; + case TELQUAL_NAME: + if (my_want_state_is_dont(TELOPT_AUTHENTICATION)) + return; + auth_name(subpointer, SB_LEN()); + break; + } + } + break; +#endif +#ifdef ENCRYPTION + case TELOPT_ENCRYPT: + if (SB_EOF()) + return; + switch(SB_GET()) { + case ENCRYPT_START: + if (my_want_state_is_dont(TELOPT_ENCRYPT)) + return; + encrypt_start(subpointer, SB_LEN()); + break; + case ENCRYPT_END: + if (my_want_state_is_dont(TELOPT_ENCRYPT)) + return; + encrypt_end(); + break; + case ENCRYPT_SUPPORT: + if (my_want_state_is_wont(TELOPT_ENCRYPT)) + return; + encrypt_support(subpointer, SB_LEN()); + break; + case ENCRYPT_REQSTART: + if (my_want_state_is_wont(TELOPT_ENCRYPT)) + return; + encrypt_request_start(subpointer, SB_LEN()); + break; + case ENCRYPT_REQEND: + if (my_want_state_is_wont(TELOPT_ENCRYPT)) + return; + /* + * We can always send an REQEND so that we cannot + * get stuck encrypting. We should only get this + * if we have been able to get in the correct mode + * anyhow. + */ + encrypt_request_end(); + break; + case ENCRYPT_IS: + if (my_want_state_is_dont(TELOPT_ENCRYPT)) + return; + encrypt_is(subpointer, SB_LEN()); + break; + case ENCRYPT_REPLY: + if (my_want_state_is_wont(TELOPT_ENCRYPT)) + return; + encrypt_reply(subpointer, SB_LEN()); + break; + case ENCRYPT_ENC_KEYID: + if (my_want_state_is_dont(TELOPT_ENCRYPT)) + return; + encrypt_enc_keyid(subpointer, SB_LEN()); + break; + case ENCRYPT_DEC_KEYID: + if (my_want_state_is_wont(TELOPT_ENCRYPT)) + return; + encrypt_dec_keyid(subpointer, SB_LEN()); + break; + default: + break; + } + break; +#endif /* ENCRYPTION */ + default: + break; + } +} + +static unsigned char str_lm[] = { IAC, SB, TELOPT_LINEMODE, 0, 0, IAC, SE }; + + void +lm_will(cmd, len) + unsigned char *cmd; + int len; +{ + if (len < 1) { +/*@*/ printf("lm_will: no command!!!\n"); /* Should not happen... */ + return; + } + switch(cmd[0]) { + case LM_FORWARDMASK: /* We shouldn't ever get this... */ + default: + str_lm[3] = DONT; + str_lm[4] = cmd[0]; + if (NETROOM() > sizeof(str_lm)) { + ring_supply_data(&netoring, str_lm, sizeof(str_lm)); + printsub('>', &str_lm[2], sizeof(str_lm)-2); + } +/*@*/ else printf("lm_will: not enough room in buffer\n"); + break; + } +} + + void +lm_wont(cmd, len) + unsigned char *cmd; + int len; +{ + if (len < 1) { +/*@*/ printf("lm_wont: no command!!!\n"); /* Should not happen... */ + return; + } + switch(cmd[0]) { + case LM_FORWARDMASK: /* We shouldn't ever get this... */ + default: + /* We are always DONT, so don't respond */ + return; + } +} + + void +lm_do(cmd, len) + unsigned char *cmd; + int len; +{ + if (len < 1) { +/*@*/ printf("lm_do: no command!!!\n"); /* Should not happen... */ + return; + } + switch(cmd[0]) { + case LM_FORWARDMASK: + default: + str_lm[3] = WONT; + str_lm[4] = cmd[0]; + if (NETROOM() > sizeof(str_lm)) { + ring_supply_data(&netoring, str_lm, sizeof(str_lm)); + printsub('>', &str_lm[2], sizeof(str_lm)-2); + } +/*@*/ else printf("lm_do: not enough room in buffer\n"); + break; + } +} + + void +lm_dont(cmd, len) + unsigned char *cmd; + int len; +{ + if (len < 1) { +/*@*/ printf("lm_dont: no command!!!\n"); /* Should not happen... */ + return; + } + switch(cmd[0]) { + case LM_FORWARDMASK: + default: + /* we are always WONT, so don't respond */ + break; + } +} + +static unsigned char str_lm_mode[] = { + IAC, SB, TELOPT_LINEMODE, LM_MODE, 0, IAC, SE +}; + + void +lm_mode(cmd, len, init) + unsigned char *cmd; + int len, init; +{ + if (len != 1) + return; + if ((linemode&MODE_MASK&~MODE_ACK) == *cmd) + return; + if (*cmd&MODE_ACK) + return; + linemode = *cmd&(MODE_MASK&~MODE_ACK); + str_lm_mode[4] = linemode; + if (!init) + str_lm_mode[4] |= MODE_ACK; + if (NETROOM() > sizeof(str_lm_mode)) { + ring_supply_data(&netoring, str_lm_mode, sizeof(str_lm_mode)); + printsub('>', &str_lm_mode[2], sizeof(str_lm_mode)-2); + } +/*@*/ else printf("lm_mode: not enough room in buffer\n"); + setconnmode(0); /* set changed mode */ +} + + + +/* + * slc() + * Handle special character suboption of LINEMODE. + */ + +struct spc { + cc_t val; + cc_t *valp; + char flags; /* Current flags & level */ + char mylevel; /* Maximum level & flags */ +} spc_data[NSLC+1]; + +#define SLC_IMPORT 0 +#define SLC_EXPORT 1 +#define SLC_RVALUE 2 +static int slc_mode = SLC_EXPORT; + + void +slc_init() +{ + register struct spc *spcp; + + localchars = 1; + for (spcp = spc_data; spcp < &spc_data[NSLC+1]; spcp++) { + spcp->val = 0; + spcp->valp = 0; + spcp->flags = spcp->mylevel = SLC_NOSUPPORT; + } + +#define initfunc(func, flags) { \ + spcp = &spc_data[func]; \ + if (spcp->valp = tcval(func)) { \ + spcp->val = *spcp->valp; \ + spcp->mylevel = SLC_VARIABLE|flags; \ + } else { \ + spcp->val = 0; \ + spcp->mylevel = SLC_DEFAULT; \ + } \ + } + + initfunc(SLC_SYNCH, 0); + /* No BRK */ + initfunc(SLC_AO, 0); + initfunc(SLC_AYT, 0); + /* No EOR */ + initfunc(SLC_ABORT, SLC_FLUSHIN|SLC_FLUSHOUT); + initfunc(SLC_EOF, 0); +#ifndef SYSV_TERMIO + initfunc(SLC_SUSP, SLC_FLUSHIN); +#endif + initfunc(SLC_EC, 0); + initfunc(SLC_EL, 0); +#ifndef SYSV_TERMIO + initfunc(SLC_EW, 0); + initfunc(SLC_RP, 0); + initfunc(SLC_LNEXT, 0); +#endif + initfunc(SLC_XON, 0); + initfunc(SLC_XOFF, 0); +#ifdef SYSV_TERMIO + spc_data[SLC_XON].mylevel = SLC_CANTCHANGE; + spc_data[SLC_XOFF].mylevel = SLC_CANTCHANGE; +#endif + initfunc(SLC_FORW1, 0); +#ifdef USE_TERMIO + initfunc(SLC_FORW2, 0); + /* No FORW2 */ +#endif + + initfunc(SLC_IP, SLC_FLUSHIN|SLC_FLUSHOUT); +#undef initfunc + + if (slc_mode == SLC_EXPORT) + slc_export(); + else + slc_import(1); + +} + + void +slcstate() +{ + printf("Special characters are %s values\n", + slc_mode == SLC_IMPORT ? "remote default" : + slc_mode == SLC_EXPORT ? "local" : + "remote"); +} + + void +slc_mode_export() +{ + slc_mode = SLC_EXPORT; + if (my_state_is_will(TELOPT_LINEMODE)) + slc_export(); +} + + void +slc_mode_import(def) + int def; +{ + slc_mode = def ? SLC_IMPORT : SLC_RVALUE; + if (my_state_is_will(TELOPT_LINEMODE)) + slc_import(def); +} + +unsigned char slc_import_val[] = { + IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_VARIABLE, 0, IAC, SE +}; +unsigned char slc_import_def[] = { + IAC, SB, TELOPT_LINEMODE, LM_SLC, 0, SLC_DEFAULT, 0, IAC, SE +}; + + void +slc_import(def) + int def; +{ + if (NETROOM() > sizeof(slc_import_val)) { + if (def) { + ring_supply_data(&netoring, slc_import_def, sizeof(slc_import_def)); + printsub('>', &slc_import_def[2], sizeof(slc_import_def)-2); + } else { + ring_supply_data(&netoring, slc_import_val, sizeof(slc_import_val)); + printsub('>', &slc_import_val[2], sizeof(slc_import_val)-2); + } + } +/*@*/ else printf("slc_import: not enough room\n"); +} + + void +slc_export() +{ + register struct spc *spcp; + + TerminalDefaultChars(); + + slc_start_reply(); + for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) { + if (spcp->mylevel != SLC_NOSUPPORT) { + if (spcp->val == (cc_t)(_POSIX_VDISABLE)) + spcp->flags = SLC_NOSUPPORT; + else + spcp->flags = spcp->mylevel; + if (spcp->valp) + spcp->val = *spcp->valp; + slc_add_reply(spcp - spc_data, spcp->flags, spcp->val); + } + } + slc_end_reply(); + (void)slc_update(); + setconnmode(1); /* Make sure the character values are set */ +} + + void +slc(cp, len) + register unsigned char *cp; + int len; +{ + register struct spc *spcp; + register int func,level; + + slc_start_reply(); + + for (; len >= 3; len -=3, cp +=3) { + + func = cp[SLC_FUNC]; + + if (func == 0) { + /* + * Client side: always ignore 0 function. + */ + continue; + } + if (func > NSLC) { + if ((cp[SLC_FLAGS] & SLC_LEVELBITS) != SLC_NOSUPPORT) + slc_add_reply(func, SLC_NOSUPPORT, 0); + continue; + } + + spcp = &spc_data[func]; + + level = cp[SLC_FLAGS]&(SLC_LEVELBITS|SLC_ACK); + + if ((cp[SLC_VALUE] == (unsigned char)spcp->val) && + ((level&SLC_LEVELBITS) == (spcp->flags&SLC_LEVELBITS))) { + continue; + } + + if (level == (SLC_DEFAULT|SLC_ACK)) { + /* + * This is an error condition, the SLC_ACK + * bit should never be set for the SLC_DEFAULT + * level. Our best guess to recover is to + * ignore the SLC_ACK bit. + */ + cp[SLC_FLAGS] &= ~SLC_ACK; + } + + if (level == ((spcp->flags&SLC_LEVELBITS)|SLC_ACK)) { + spcp->val = (cc_t)cp[SLC_VALUE]; + spcp->flags = cp[SLC_FLAGS]; /* include SLC_ACK */ + continue; + } + + level &= ~SLC_ACK; + + if (level <= (spcp->mylevel&SLC_LEVELBITS)) { + spcp->flags = cp[SLC_FLAGS]|SLC_ACK; + spcp->val = (cc_t)cp[SLC_VALUE]; + } + if (level == SLC_DEFAULT) { + if ((spcp->mylevel&SLC_LEVELBITS) != SLC_DEFAULT) + spcp->flags = spcp->mylevel; + else + spcp->flags = SLC_NOSUPPORT; + } + slc_add_reply(func, spcp->flags, spcp->val); + } + slc_end_reply(); + if (slc_update()) + setconnmode(1); /* set the new character values */ +} + + void +slc_check() +{ + register struct spc *spcp; + + slc_start_reply(); + for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) { + if (spcp->valp && spcp->val != *spcp->valp) { + spcp->val = *spcp->valp; + if (spcp->val == (cc_t)(_POSIX_VDISABLE)) + spcp->flags = SLC_NOSUPPORT; + else + spcp->flags = spcp->mylevel; + slc_add_reply(spcp - spc_data, spcp->flags, spcp->val); + } + } + slc_end_reply(); + setconnmode(1); +} + + +unsigned char slc_reply[128]; +unsigned char *slc_replyp; + + void +slc_start_reply() +{ + slc_replyp = slc_reply; + *slc_replyp++ = IAC; + *slc_replyp++ = SB; + *slc_replyp++ = TELOPT_LINEMODE; + *slc_replyp++ = LM_SLC; +} + + void +slc_add_reply(func, flags, value) + unsigned char func; + unsigned char flags; + cc_t value; +{ + if ((*slc_replyp++ = func) == IAC) + *slc_replyp++ = IAC; + if ((*slc_replyp++ = flags) == IAC) + *slc_replyp++ = IAC; + if ((*slc_replyp++ = (unsigned char)value) == IAC) + *slc_replyp++ = IAC; +} + + void +slc_end_reply() +{ + register int len; + + *slc_replyp++ = IAC; + *slc_replyp++ = SE; + len = slc_replyp - slc_reply; + if (len <= 6) + return; + if (NETROOM() > len) { + ring_supply_data(&netoring, slc_reply, slc_replyp - slc_reply); + printsub('>', &slc_reply[2], slc_replyp - slc_reply - 2); + } +/*@*/else printf("slc_end_reply: not enough room\n"); +} + + int +slc_update() +{ + register struct spc *spcp; + int need_update = 0; + + for (spcp = &spc_data[1]; spcp < &spc_data[NSLC+1]; spcp++) { + if (!(spcp->flags&SLC_ACK)) + continue; + spcp->flags &= ~SLC_ACK; + if (spcp->valp && (*spcp->valp != spcp->val)) { + *spcp->valp = spcp->val; + need_update = 1; + } + } + return(need_update); +} + +#ifdef OLD_ENVIRON +# ifdef ENV_HACK +/* + * Earlier version of telnet/telnetd from the BSD code had + * the definitions of VALUE and VAR reversed. To ensure + * maximum interoperability, we assume that the server is + * an older BSD server, until proven otherwise. The newer + * BSD servers should be able to handle either definition, + * so it is better to use the wrong values if we don't + * know what type of server it is. + */ +int env_auto = 1; +int old_env_var = OLD_ENV_VAR; +int old_env_value = OLD_ENV_VALUE; +# else +# define old_env_var OLD_ENV_VAR +# define old_env_value OLD_ENV_VALUE +# endif +#endif + + void +env_opt(buf, len) + register unsigned char *buf; + register int len; +{ + register unsigned char *ep = 0, *epc = 0; + register int i; + + switch(buf[0]&0xff) { + case TELQUAL_SEND: + env_opt_start(); + if (len == 1) { + env_opt_add(NULL); + } else for (i = 1; i < len; i++) { + switch (buf[i]&0xff) { +#ifdef OLD_ENVIRON + case OLD_ENV_VAR: +# ifdef ENV_HACK + if (telopt_environ == TELOPT_OLD_ENVIRON + && env_auto) { + /* Server has the same definitions */ + old_env_var = OLD_ENV_VAR; + old_env_value = OLD_ENV_VALUE; + } + /* FALL THROUGH */ +# endif + case OLD_ENV_VALUE: + /* + * Although OLD_ENV_VALUE is not legal, we will + * still recognize it, just in case it is an + * old server that has VAR & VALUE mixed up... + */ + /* FALL THROUGH */ +#else + case NEW_ENV_VAR: +#endif + case ENV_USERVAR: + if (ep) { + *epc = 0; + env_opt_add(ep); + } + ep = epc = &buf[i+1]; + break; + case ENV_ESC: + i++; + /*FALL THROUGH*/ + default: + if (epc) + *epc++ = buf[i]; + break; + } + } + if (ep) { + *epc = 0; + env_opt_add(ep); + } + env_opt_end(1); + break; + + case TELQUAL_IS: + case TELQUAL_INFO: + /* Ignore for now. We shouldn't get it anyway. */ + break; + + default: + break; + } +} + +#define OPT_REPLY_SIZE 256 +unsigned char *opt_reply; +unsigned char *opt_replyp; +unsigned char *opt_replyend; + + void +env_opt_start() +{ + if (opt_reply) + opt_reply = (unsigned char *)realloc(opt_reply, OPT_REPLY_SIZE); + else + opt_reply = (unsigned char *)malloc(OPT_REPLY_SIZE); + if (opt_reply == NULL) { +/*@*/ printf("env_opt_start: malloc()/realloc() failed!!!\n"); + opt_reply = opt_replyp = opt_replyend = NULL; + return; + } + opt_replyp = opt_reply; + opt_replyend = opt_reply + OPT_REPLY_SIZE; + *opt_replyp++ = IAC; + *opt_replyp++ = SB; + *opt_replyp++ = telopt_environ; + *opt_replyp++ = TELQUAL_IS; +} + + void +env_opt_start_info() +{ + env_opt_start(); + if (opt_replyp) + opt_replyp[-1] = TELQUAL_INFO; +} + + void +env_opt_add(ep) + register unsigned char *ep; +{ + register unsigned char *vp, c; + + if (opt_reply == NULL) /*XXX*/ + return; /*XXX*/ + + if (ep == NULL || *ep == '\0') { + /* Send user defined variables first. */ + env_default(1, 0); + while (ep = env_default(0, 0)) + env_opt_add(ep); + + /* Now add the list of well know variables. */ + env_default(1, 1); + while (ep = env_default(0, 1)) + env_opt_add(ep); + return; + } + vp = env_getvalue(ep); + if (opt_replyp + (vp ? strlen((char *)vp) : 0) + + strlen((char *)ep) + 6 > opt_replyend) + { + register int len; + opt_replyend += OPT_REPLY_SIZE; + len = opt_replyend - opt_reply; + opt_reply = (unsigned char *)realloc(opt_reply, len); + if (opt_reply == NULL) { +/*@*/ printf("env_opt_add: realloc() failed!!!\n"); + opt_reply = opt_replyp = opt_replyend = NULL; + return; + } + opt_replyp = opt_reply + len - (opt_replyend - opt_replyp); + opt_replyend = opt_reply + len; + } + if (opt_welldefined(ep)) +#ifdef OLD_ENVIRON + if (telopt_environ == TELOPT_OLD_ENVIRON) + *opt_replyp++ = old_env_var; + else +#endif + *opt_replyp++ = NEW_ENV_VAR; + else + *opt_replyp++ = ENV_USERVAR; + for (;;) { + while (c = *ep++) { + switch(c&0xff) { + case IAC: + *opt_replyp++ = IAC; + break; + case NEW_ENV_VAR: + case NEW_ENV_VALUE: + case ENV_ESC: + case ENV_USERVAR: + *opt_replyp++ = ENV_ESC; + break; + } + *opt_replyp++ = c; + } + if (ep = vp) { +#ifdef OLD_ENVIRON + if (telopt_environ == TELOPT_OLD_ENVIRON) + *opt_replyp++ = old_env_value; + else +#endif + *opt_replyp++ = NEW_ENV_VALUE; + vp = NULL; + } else + break; + } +} + + int +opt_welldefined(ep) + char *ep; +{ + if ((strcmp(ep, "USER") == 0) || + (strcmp(ep, "DISPLAY") == 0) || + (strcmp(ep, "PRINTER") == 0) || + (strcmp(ep, "SYSTEMTYPE") == 0) || + (strcmp(ep, "JOB") == 0) || + (strcmp(ep, "ACCT") == 0)) + return(1); + return(0); +} + void +env_opt_end(emptyok) + register int emptyok; +{ + register int len; + + len = opt_replyp - opt_reply + 2; + if (emptyok || len > 6) { + *opt_replyp++ = IAC; + *opt_replyp++ = SE; + if (NETROOM() > len) { + ring_supply_data(&netoring, opt_reply, len); + printsub('>', &opt_reply[2], len - 2); + } +/*@*/ else printf("slc_end_reply: not enough room\n"); + } + if (opt_reply) { + free(opt_reply); + opt_reply = opt_replyp = opt_replyend = NULL; + } +} + + + + int +telrcv() +{ + register int c; + register int scc; + register unsigned char *sbp; + int count; + int returnValue = 0; + + scc = 0; + count = 0; + while (TTYROOM() > 2) { + if (scc == 0) { + if (count) { + ring_consumed(&netiring, count); + returnValue = 1; + count = 0; + } + sbp = netiring.consume; + scc = ring_full_consecutive(&netiring); + if (scc == 0) { + /* No more data coming in */ + break; + } + } + + c = *sbp++ & 0xff, scc--; count++; +#ifdef ENCRYPTION + if (decrypt_input) + c = (*decrypt_input)(c); +#endif /* ENCRYPTION */ + + switch (telrcv_state) { + + case TS_CR: + telrcv_state = TS_DATA; + if (c == '\0') { + break; /* Ignore \0 after CR */ + } + else if ((c == '\n') && my_want_state_is_dont(TELOPT_ECHO) && !crmod) { + TTYADD(c); + break; + } + /* Else, fall through */ + + case TS_DATA: + if (c == IAC) { + telrcv_state = TS_IAC; + break; + } +# if defined(TN3270) + if (In3270) { + *Ifrontp++ = c; + while (scc > 0) { + c = *sbp++ & 0377, scc--; count++; +#ifdef ENCRYPTION + if (decrypt_input) + c = (*decrypt_input)(c); +#endif /* ENCRYPTION */ + if (c == IAC) { + telrcv_state = TS_IAC; + break; + } + *Ifrontp++ = c; + } + } else +# endif /* defined(TN3270) */ + /* + * The 'crmod' hack (see following) is needed + * since we can't * set CRMOD on output only. + * Machines like MULTICS like to send \r without + * \n; since we must turn off CRMOD to get proper + * input, the mapping is done here (sigh). + */ + if ((c == '\r') && my_want_state_is_dont(TELOPT_BINARY)) { + if (scc > 0) { + c = *sbp&0xff; +#ifdef ENCRYPTION + if (decrypt_input) + c = (*decrypt_input)(c); +#endif /* ENCRYPTION */ + if (c == 0) { + sbp++, scc--; count++; + /* a "true" CR */ + TTYADD('\r'); + } else if (my_want_state_is_dont(TELOPT_ECHO) && + (c == '\n')) { + sbp++, scc--; count++; + TTYADD('\n'); + } else { +#ifdef ENCRYPTION + if (decrypt_input) + (*decrypt_input)(-1); +#endif /* ENCRYPTION */ + + TTYADD('\r'); + if (crmod) { + TTYADD('\n'); + } + } + } else { + telrcv_state = TS_CR; + TTYADD('\r'); + if (crmod) { + TTYADD('\n'); + } + } + } else { + TTYADD(c); + } + continue; + + case TS_IAC: +process_iac: + switch (c) { + + case WILL: + telrcv_state = TS_WILL; + continue; + + case WONT: + telrcv_state = TS_WONT; + continue; + + case DO: + telrcv_state = TS_DO; + continue; + + case DONT: + telrcv_state = TS_DONT; + continue; + + case DM: + /* + * We may have missed an urgent notification, + * so make sure we flush whatever is in the + * buffer currently. + */ + printoption("RCVD", IAC, DM); + SYNCHing = 1; + (void) ttyflush(1); + SYNCHing = stilloob(); + settimer(gotDM); + break; + + case SB: + SB_CLEAR(); + telrcv_state = TS_SB; + continue; + +# if defined(TN3270) + case EOR: + if (In3270) { + if (Ibackp == Ifrontp) { + Ibackp = Ifrontp = Ibuf; + ISend = 0; /* should have been! */ + } else { + Ibackp += DataFromNetwork(Ibackp, Ifrontp-Ibackp, 1); + ISend = 1; + } + } + printoption("RCVD", IAC, EOR); + break; +# endif /* defined(TN3270) */ + + case IAC: +# if !defined(TN3270) + TTYADD(IAC); +# else /* !defined(TN3270) */ + if (In3270) { + *Ifrontp++ = IAC; + } else { + TTYADD(IAC); + } +# endif /* !defined(TN3270) */ + break; + + case NOP: + case GA: + default: + printoption("RCVD", IAC, c); + break; + } + telrcv_state = TS_DATA; + continue; + + case TS_WILL: + printoption("RCVD", WILL, c); + willoption(c); + SetIn3270(); + telrcv_state = TS_DATA; + continue; + + case TS_WONT: + printoption("RCVD", WONT, c); + wontoption(c); + SetIn3270(); + telrcv_state = TS_DATA; + continue; + + case TS_DO: + printoption("RCVD", DO, c); + dooption(c); + SetIn3270(); + if (c == TELOPT_NAWS) { + sendnaws(); + } else if (c == TELOPT_LFLOW) { + localflow = 1; + setcommandmode(); + setconnmode(0); + } + telrcv_state = TS_DATA; + continue; + + case TS_DONT: + printoption("RCVD", DONT, c); + dontoption(c); + flushline = 1; + setconnmode(0); /* set new tty mode (maybe) */ + SetIn3270(); + telrcv_state = TS_DATA; + continue; + + case TS_SB: + if (c == IAC) { + telrcv_state = TS_SE; + } else { + SB_ACCUM(c); + } + continue; + + case TS_SE: + if (c != SE) { + if (c != IAC) { + /* + * This is an error. We only expect to get + * "IAC IAC" or "IAC SE". Several things may + * have happend. An IAC was not doubled, the + * IAC SE was left off, or another option got + * inserted into the suboption are all possibilities. + * If we assume that the IAC was not doubled, + * and really the IAC SE was left off, we could + * get into an infinate loop here. So, instead, + * we terminate the suboption, and process the + * partial suboption if we can. + */ + SB_ACCUM(IAC); + SB_ACCUM(c); + subpointer -= 2; + SB_TERM(); + + printoption("In SUBOPTION processing, RCVD", IAC, c); + suboption(); /* handle sub-option */ + SetIn3270(); + telrcv_state = TS_IAC; + goto process_iac; + } + SB_ACCUM(c); + telrcv_state = TS_SB; + } else { + SB_ACCUM(IAC); + SB_ACCUM(SE); + subpointer -= 2; + SB_TERM(); + suboption(); /* handle sub-option */ + SetIn3270(); + telrcv_state = TS_DATA; + } + } + } + if (count) + ring_consumed(&netiring, count); + return returnValue||count; +} + +static int bol = 1, local = 0; + + int +rlogin_susp() +{ + if (local) { + local = 0; + bol = 1; + command(0, "z\n", 2); + return(1); + } + return(0); +} + + static int +telsnd() +{ + int tcc; + int count; + int returnValue = 0; + unsigned char *tbp; + + tcc = 0; + count = 0; + while (NETROOM() > 2) { + register int sc; + register int c; + + if (tcc == 0) { + if (count) { + ring_consumed(&ttyiring, count); + returnValue = 1; + count = 0; + } + tbp = ttyiring.consume; + tcc = ring_full_consecutive(&ttyiring); + if (tcc == 0) { + break; + } + } + c = *tbp++ & 0xff, sc = strip(c), tcc--; count++; + if (rlogin != _POSIX_VDISABLE) { + if (bol) { + bol = 0; + if (sc == rlogin) { + local = 1; + continue; + } + } else if (local) { + local = 0; + if (sc == '.' || c == termEofChar) { + bol = 1; + command(0, "close\n", 6); + continue; + } + if (sc == termSuspChar) { + bol = 1; + command(0, "z\n", 2); + continue; + } + if (sc == escape) { + command(0, (char *)tbp, tcc); + bol = 1; + count += tcc; + tcc = 0; + flushline = 1; + break; + } + if (sc != rlogin) { + ++tcc; + --tbp; + --count; + c = sc = rlogin; + } + } + if ((sc == '\n') || (sc == '\r')) + bol = 1; + } else if (sc == escape) { + /* + * Double escape is a pass through of a single escape character. + */ + if (tcc && strip(*tbp) == escape) { + tbp++; + tcc--; + count++; + bol = 0; + } else { + command(0, (char *)tbp, tcc); + bol = 1; + count += tcc; + tcc = 0; + flushline = 1; + break; + } + } else + bol = 0; +#ifdef KLUDGELINEMODE + if (kludgelinemode && (globalmode&MODE_EDIT) && (sc == echoc)) { + if (tcc > 0 && strip(*tbp) == echoc) { + tcc--; tbp++; count++; + } else { + dontlecho = !dontlecho; + settimer(echotoggle); + setconnmode(0); + flushline = 1; + break; + } + } +#endif + if (MODE_LOCAL_CHARS(globalmode)) { + if (TerminalSpecialChars(sc) == 0) { + bol = 1; + break; + } + } + if (my_want_state_is_wont(TELOPT_BINARY)) { + switch (c) { + case '\n': + /* + * If we are in CRMOD mode (\r ==> \n) + * on our local machine, then probably + * a newline (unix) is CRLF (TELNET). + */ + if (MODE_LOCAL_CHARS(globalmode)) { + NETADD('\r'); + } + NETADD('\n'); + bol = flushline = 1; + break; + case '\r': + if (!crlf) { + NET2ADD('\r', '\0'); + } else { + NET2ADD('\r', '\n'); + } + bol = flushline = 1; + break; + case IAC: + NET2ADD(IAC, IAC); + break; + default: + NETADD(c); + break; + } + } else if (c == IAC) { + NET2ADD(IAC, IAC); + } else { + NETADD(c); + } + } + if (count) + ring_consumed(&ttyiring, count); + return returnValue||count; /* Non-zero if we did anything */ +} + +/* + * Scheduler() + * + * Try to do something. + * + * If we do something useful, return 1; else return 0. + * + */ + + + int +Scheduler(block) + int block; /* should we block in the select ? */ +{ + /* One wants to be a bit careful about setting returnValue + * to one, since a one implies we did some useful work, + * and therefore probably won't be called to block next + * time (TN3270 mode only). + */ + int returnValue; + int netin, netout, netex, ttyin, ttyout; + + /* Decide which rings should be processed */ + + netout = ring_full_count(&netoring) && + (flushline || + (my_want_state_is_wont(TELOPT_LINEMODE) +#ifdef KLUDGELINEMODE + && (!kludgelinemode || my_want_state_is_do(TELOPT_SGA)) +#endif + ) || + my_want_state_is_will(TELOPT_BINARY)); + ttyout = ring_full_count(&ttyoring); + +#if defined(TN3270) + ttyin = ring_empty_count(&ttyiring) && (shell_active == 0); +#else /* defined(TN3270) */ + ttyin = ring_empty_count(&ttyiring); +#endif /* defined(TN3270) */ + +#if defined(TN3270) + netin = ring_empty_count(&netiring); +# else /* !defined(TN3270) */ + netin = !ISend && ring_empty_count(&netiring); +# endif /* !defined(TN3270) */ + + netex = !SYNCHing; + + /* If we have seen a signal recently, reset things */ +# if defined(TN3270) && defined(unix) + if (HaveInput) { + HaveInput = 0; + (void) signal(SIGIO, inputAvailable); + } +#endif /* defined(TN3270) && defined(unix) */ + + /* Call to system code to process rings */ + + returnValue = process_rings(netin, netout, netex, ttyin, ttyout, !block); + + /* Now, look at the input rings, looking for work to do. */ + + if (ring_full_count(&ttyiring)) { +# if defined(TN3270) + if (In3270) { + int c; + + c = DataFromTerminal(ttyiring.consume, + ring_full_consecutive(&ttyiring)); + if (c) { + returnValue = 1; + ring_consumed(&ttyiring, c); + } + } else { +# endif /* defined(TN3270) */ + returnValue |= telsnd(); +# if defined(TN3270) + } +# endif /* defined(TN3270) */ + } + + if (ring_full_count(&netiring)) { +# if !defined(TN3270) + returnValue |= telrcv(); +# else /* !defined(TN3270) */ + returnValue = Push3270(); +# endif /* !defined(TN3270) */ + } + return returnValue; +} + +/* + * Select from tty and network... + */ + void +telnet(user) + char *user; +{ + sys_telnet_init(); + +#if defined(AUTHENTICATION) || defined(ENCRYPTION) + { + static char local_host[256] = { 0 }; + + if (!local_host[0]) { + gethostname(local_host, sizeof(local_host)); + local_host[sizeof(local_host)-1] = 0; + } + auth_encrypt_init(local_host, hostname, "TELNET", 0); + auth_encrypt_user(user); + } +#endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */ +# if !defined(TN3270) + if (telnetport) { +#if defined(AUTHENTICATION) + if (autologin) + send_will(TELOPT_AUTHENTICATION, 1); +#endif +#ifdef ENCRYPTION + send_do(TELOPT_ENCRYPT, 1); + send_will(TELOPT_ENCRYPT, 1); +#endif /* ENCRYPTION */ + send_do(TELOPT_SGA, 1); + send_will(TELOPT_TTYPE, 1); + send_will(TELOPT_NAWS, 1); + send_will(TELOPT_TSPEED, 1); + send_will(TELOPT_LFLOW, 1); + send_will(TELOPT_LINEMODE, 1); + send_will(TELOPT_NEW_ENVIRON, 1); + send_do(TELOPT_STATUS, 1); + if (env_getvalue((unsigned char *)"DISPLAY")) + send_will(TELOPT_XDISPLOC, 1); + if (eight) + tel_enter_binary(eight); + } +# endif /* !defined(TN3270) */ + +# if !defined(TN3270) + for (;;) { + int schedValue; + + while ((schedValue = Scheduler(0)) != 0) { + if (schedValue == -1) { + setcommandmode(); + return; + } + } + + if (Scheduler(1) == -1) { + setcommandmode(); + return; + } + } +# else /* !defined(TN3270) */ + for (;;) { + int schedValue; + + while (!In3270 && !shell_active) { + if (Scheduler(1) == -1) { + setcommandmode(); + return; + } + } + + while ((schedValue = Scheduler(0)) != 0) { + if (schedValue == -1) { + setcommandmode(); + return; + } + } + /* If there is data waiting to go out to terminal, don't + * schedule any more data for the terminal. + */ + if (ring_full_count(&ttyoring)) { + schedValue = 1; + } else { + if (shell_active) { + if (shell_continue() == 0) { + ConnectScreen(); + } + } else if (In3270) { + schedValue = DoTerminalOutput(); + } + } + if (schedValue && (shell_active == 0)) { + if (Scheduler(1) == -1) { + setcommandmode(); + return; + } + } + } +# endif /* !defined(TN3270) */ +} + +#if 0 /* XXX - this not being in is a bug */ +/* + * nextitem() + * + * Return the address of the next "item" in the TELNET data + * stream. This will be the address of the next character if + * the current address is a user data character, or it will + * be the address of the character following the TELNET command + * if the current address is a TELNET IAC ("I Am a Command") + * character. + */ + + static char * +nextitem(current) + char *current; +{ + if ((*current&0xff) != IAC) { + return current+1; + } + switch (*(current+1)&0xff) { + case DO: + case DONT: + case WILL: + case WONT: + return current+3; + case SB: /* loop forever looking for the SE */ + { + register char *look = current+2; + + for (;;) { + if ((*look++&0xff) == IAC) { + if ((*look++&0xff) == SE) { + return look; + } + } + } + } + default: + return current+2; + } +} +#endif /* 0 */ + +/* + * netclear() + * + * We are about to do a TELNET SYNCH operation. Clear + * the path to the network. + * + * Things are a bit tricky since we may have sent the first + * byte or so of a previous TELNET command into the network. + * So, we have to scan the network buffer from the beginning + * until we are up to where we want to be. + * + * A side effect of what we do, just to keep things + * simple, is to clear the urgent data pointer. The principal + * caller should be setting the urgent data pointer AFTER calling + * us in any case. + */ + + static void +netclear() +{ +#if 0 /* XXX */ + register char *thisitem, *next; + char *good; +#define wewant(p) ((nfrontp > p) && ((*p&0xff) == IAC) && \ + ((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL)) + + thisitem = netobuf; + + while ((next = nextitem(thisitem)) <= netobuf.send) { + thisitem = next; + } + + /* Now, thisitem is first before/at boundary. */ + + good = netobuf; /* where the good bytes go */ + + while (netoring.add > thisitem) { + if (wewant(thisitem)) { + int length; + + next = thisitem; + do { + next = nextitem(next); + } while (wewant(next) && (nfrontp > next)); + length = next-thisitem; + memmove(good, thisitem, length); + good += length; + thisitem = next; + } else { + thisitem = nextitem(thisitem); + } + } + +#endif /* 0 */ +} + +/* + * These routines add various telnet commands to the data stream. + */ + + static void +doflush() +{ + NET2ADD(IAC, DO); + NETADD(TELOPT_TM); + flushline = 1; + flushout = 1; + (void) ttyflush(1); /* Flush/drop output */ + /* do printoption AFTER flush, otherwise the output gets tossed... */ + printoption("SENT", DO, TELOPT_TM); +} + + void +xmitAO() +{ + NET2ADD(IAC, AO); + printoption("SENT", IAC, AO); + if (autoflush) { + doflush(); + } +} + + + void +xmitEL() +{ + NET2ADD(IAC, EL); + printoption("SENT", IAC, EL); +} + + void +xmitEC() +{ + NET2ADD(IAC, EC); + printoption("SENT", IAC, EC); +} + + + int +dosynch() +{ + netclear(); /* clear the path to the network */ + NETADD(IAC); + setneturg(); + NETADD(DM); + printoption("SENT", IAC, DM); + return 1; +} + +int want_status_response = 0; + + int +get_status() +{ + unsigned char tmp[16]; + register unsigned char *cp; + + if (my_want_state_is_dont(TELOPT_STATUS)) { + printf("Remote side does not support STATUS option\n"); + return 0; + } + cp = tmp; + + *cp++ = IAC; + *cp++ = SB; + *cp++ = TELOPT_STATUS; + *cp++ = TELQUAL_SEND; + *cp++ = IAC; + *cp++ = SE; + if (NETROOM() >= cp - tmp) { + ring_supply_data(&netoring, tmp, cp-tmp); + printsub('>', tmp+2, cp - tmp - 2); + } + ++want_status_response; + return 1; +} + + void +intp() +{ + NET2ADD(IAC, IP); + printoption("SENT", IAC, IP); + flushline = 1; + if (autoflush) { + doflush(); + } + if (autosynch) { + dosynch(); + } +} + + void +sendbrk() +{ + NET2ADD(IAC, BREAK); + printoption("SENT", IAC, BREAK); + flushline = 1; + if (autoflush) { + doflush(); + } + if (autosynch) { + dosynch(); + } +} + + void +sendabort() +{ + NET2ADD(IAC, ABORT); + printoption("SENT", IAC, ABORT); + flushline = 1; + if (autoflush) { + doflush(); + } + if (autosynch) { + dosynch(); + } +} + + void +sendsusp() +{ + NET2ADD(IAC, SUSP); + printoption("SENT", IAC, SUSP); + flushline = 1; + if (autoflush) { + doflush(); + } + if (autosynch) { + dosynch(); + } +} + + void +sendeof() +{ + NET2ADD(IAC, xEOF); + printoption("SENT", IAC, xEOF); +} + + void +sendayt() +{ + NET2ADD(IAC, AYT); + printoption("SENT", IAC, AYT); +} + +/* + * Send a window size update to the remote system. + */ + + void +sendnaws() +{ + long rows, cols; + unsigned char tmp[16]; + register unsigned char *cp; + + if (my_state_is_wont(TELOPT_NAWS)) + return; + +#define PUTSHORT(cp, x) { if ((*cp++ = ((x)>>8)&0xff) == IAC) *cp++ = IAC; \ + if ((*cp++ = ((x))&0xff) == IAC) *cp++ = IAC; } + + if (TerminalWindowSize(&rows, &cols) == 0) { /* Failed */ + return; + } + + cp = tmp; + + *cp++ = IAC; + *cp++ = SB; + *cp++ = TELOPT_NAWS; + PUTSHORT(cp, cols); + PUTSHORT(cp, rows); + *cp++ = IAC; + *cp++ = SE; + if (NETROOM() >= cp - tmp) { + ring_supply_data(&netoring, tmp, cp-tmp); + printsub('>', tmp+2, cp - tmp - 2); + } +} + + void +tel_enter_binary(rw) + int rw; +{ + if (rw&1) + send_do(TELOPT_BINARY, 1); + if (rw&2) + send_will(TELOPT_BINARY, 1); +} + + void +tel_leave_binary(rw) + int rw; +{ + if (rw&1) + send_dont(TELOPT_BINARY, 1); + if (rw&2) + send_wont(TELOPT_BINARY, 1); +} diff --git a/secure/usr.bin/telnet/terminal.c b/secure/usr.bin/telnet/terminal.c new file mode 100644 index 0000000..b5ceeda --- /dev/null +++ b/secure/usr.bin/telnet/terminal.c @@ -0,0 +1,240 @@ +/* + * Copyright (c) 1988, 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)terminal.c 8.2 (Berkeley) 2/16/95"; +#endif /* not lint */ + +#include <arpa/telnet.h> +#include <sys/types.h> + +#include "ring.h" + +#include "externs.h" +#include "types.h" + +Ring ttyoring, ttyiring; +unsigned char ttyobuf[2*BUFSIZ], ttyibuf[BUFSIZ]; + +int termdata; /* Debugging flag */ + +#ifdef USE_TERMIO +# ifndef VDISCARD +cc_t termFlushChar; +# endif +# ifndef VLNEXT +cc_t termLiteralNextChar; +# endif +# ifndef VSUSP +cc_t termSuspChar; +# endif +# ifndef VWERASE +cc_t termWerasChar; +# endif +# ifndef VREPRINT +cc_t termRprntChar; +# endif +# ifndef VSTART +cc_t termStartChar; +# endif +# ifndef VSTOP +cc_t termStopChar; +# endif +# ifndef VEOL +cc_t termForw1Char; +# endif +# ifndef VEOL2 +cc_t termForw2Char; +# endif +# ifndef VSTATUS +cc_t termAytChar; +# endif +#else +cc_t termForw2Char; +cc_t termAytChar; +#endif + +/* + * initialize the terminal data structures. + */ + + void +init_terminal() +{ + if (ring_init(&ttyoring, ttyobuf, sizeof ttyobuf) != 1) { + exit(1); + } + if (ring_init(&ttyiring, ttyibuf, sizeof ttyibuf) != 1) { + exit(1); + } + autoflush = TerminalAutoFlush(); +} + + +/* + * Send as much data as possible to the terminal. + * + * Return value: + * -1: No useful work done, data waiting to go out. + * 0: No data was waiting, so nothing was done. + * 1: All waiting data was written out. + * n: All data - n was written out. + */ + + + int +ttyflush(drop) + int drop; +{ + register int n, n0, n1; + + n0 = ring_full_count(&ttyoring); + if ((n1 = n = ring_full_consecutive(&ttyoring)) > 0) { + if (drop) { + TerminalFlushOutput(); + /* we leave 'n' alone! */ + } else { + n = TerminalWrite(ttyoring.consume, n); + } + } + if (n > 0) { + if (termdata && n) { + Dump('>', ttyoring.consume, n); + } + /* + * If we wrote everything, and the full count is + * larger than what we wrote, then write the + * rest of the buffer. + */ + if (n1 == n && n0 > n) { + n1 = n0 - n; + if (!drop) + n1 = TerminalWrite(ttyoring.bottom, n1); + if (n1 > 0) + n += n1; + } + ring_consumed(&ttyoring, n); + } + if (n < 0) + return -1; + if (n == n0) { + if (n0) + return -1; + return 0; + } + return n0 - n + 1; +} + + +/* + * These routines decides on what the mode should be (based on the values + * of various global variables). + */ + + + int +getconnmode() +{ + extern int linemode; + int mode = 0; +#ifdef KLUDGELINEMODE + extern int kludgelinemode; +#endif + + if (In3270) + return(MODE_FLOW); + + if (my_want_state_is_dont(TELOPT_ECHO)) + mode |= MODE_ECHO; + + if (localflow) + mode |= MODE_FLOW; + + if (my_want_state_is_will(TELOPT_BINARY)) + mode |= MODE_INBIN; + + if (his_want_state_is_will(TELOPT_BINARY)) + mode |= MODE_OUTBIN; + +#ifdef KLUDGELINEMODE + if (kludgelinemode) { + if (my_want_state_is_dont(TELOPT_SGA)) { + mode |= (MODE_TRAPSIG|MODE_EDIT); + if (dontlecho && (clocks.echotoggle > clocks.modenegotiated)) { + mode &= ~MODE_ECHO; + } + } + return(mode); + } +#endif + if (my_want_state_is_will(TELOPT_LINEMODE)) + mode |= linemode; + return(mode); +} + + void +setconnmode(force) + int force; +{ +#ifdef ENCRYPTION + static int enc_passwd = 0; +#endif /* ENCRYPTION */ + register int newmode; + + newmode = getconnmode()|(force?MODE_FORCE:0); + + TerminalNewMode(newmode); + +#ifdef ENCRYPTION + if ((newmode & (MODE_ECHO|MODE_EDIT)) == MODE_EDIT) { + if (my_want_state_is_will(TELOPT_ENCRYPT) + && (enc_passwd == 0) && !encrypt_output) { + encrypt_request_start(0, 0); + enc_passwd = 1; + } + } else { + if (enc_passwd) { + encrypt_request_end(); + enc_passwd = 0; + } + } +#endif /* ENCRYPTION */ + +} + + + void +setcommandmode() +{ + TerminalNewMode(-1); +} diff --git a/secure/usr.bin/telnet/tn3270.c b/secure/usr.bin/telnet/tn3270.c new file mode 100644 index 0000000..a75cd1e --- /dev/null +++ b/secure/usr.bin/telnet/tn3270.c @@ -0,0 +1,411 @@ +/* + * Copyright (c) 1988, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)tn3270.c 8.2 (Berkeley) 5/30/95"; +#endif /* not lint */ + +#include <sys/types.h> +#include <arpa/telnet.h> + +#include "general.h" + +#include "defines.h" +#include "ring.h" +#include "externs.h" +#include "fdset.h" + +#if defined(TN3270) + +#include "../ctlr/screen.h" +#include "../general/globals.h" + +#include "../sys_curses/telextrn.h" +#include "../ctlr/externs.h" + +#if defined(unix) +int + HaveInput, /* There is input available to scan */ + cursesdata, /* Do we dump curses data? */ + sigiocount; /* Number of times we got a SIGIO */ + +char tline[200]; +char *transcom = 0; /* transparent mode command (default: none) */ +#endif /* defined(unix) */ + +char Ibuf[8*BUFSIZ], *Ifrontp, *Ibackp; + +static char sb_terminal[] = { IAC, SB, + TELOPT_TTYPE, TELQUAL_IS, + 'I', 'B', 'M', '-', '3', '2', '7', '8', '-', '2', + IAC, SE }; +#define SBTERMMODEL 13 + +static int + Sent3270TerminalType; /* Have we said we are a 3270? */ + +#endif /* defined(TN3270) */ + + + void +init_3270() +{ +#if defined(TN3270) +#if defined(unix) + HaveInput = 0; + sigiocount = 0; +#endif /* defined(unix) */ + Sent3270TerminalType = 0; + Ifrontp = Ibackp = Ibuf; + init_ctlr(); /* Initialize some things */ + init_keyboard(); + init_screen(); + init_system(); +#endif /* defined(TN3270) */ +} + + +#if defined(TN3270) + +/* + * DataToNetwork - queue up some data to go to network. If "done" is set, + * then when last byte is queued, we add on an IAC EOR sequence (so, + * don't call us with "done" until you want that done...) + * + * We actually do send all the data to the network buffer, since our + * only client needs for us to do that. + */ + + int +DataToNetwork(buffer, count, done) + register char *buffer; /* where the data is */ + register int count; /* how much to send */ + int done; /* is this the last of a logical block */ +{ + register int loop, c; + int origCount; + + origCount = count; + + while (count) { + /* If not enough room for EORs, IACs, etc., wait */ + if (NETROOM() < 6) { + fd_set o; + + FD_ZERO(&o); + netflush(); + while (NETROOM() < 6) { + FD_SET(net, &o); + (void) select(net+1, (fd_set *) 0, &o, (fd_set *) 0, + (struct timeval *) 0); + netflush(); + } + } + c = ring_empty_count(&netoring); + if (c > count) { + c = count; + } + loop = c; + while (loop) { + if (((unsigned char)*buffer) == IAC) { + break; + } + buffer++; + loop--; + } + if ((c = c-loop)) { + ring_supply_data(&netoring, buffer-c, c); + count -= c; + } + if (loop) { + NET2ADD(IAC, IAC); + count--; + buffer++; + } + } + + if (done) { + NET2ADD(IAC, EOR); + netflush(); /* try to move along as quickly as ... */ + } + return(origCount - count); +} + + +#if defined(unix) + void +inputAvailable(signo) + int signo; +{ + HaveInput = 1; + sigiocount++; +} +#endif /* defined(unix) */ + + void +outputPurge() +{ + (void) ttyflush(1); +} + + +/* + * The following routines are places where the various tn3270 + * routines make calls into telnet.c. + */ + +/* + * DataToTerminal - queue up some data to go to terminal. + * + * Note: there are people who call us and depend on our processing + * *all* the data at one time (thus the select). + */ + + int +DataToTerminal(buffer, count) + register char *buffer; /* where the data is */ + register int count; /* how much to send */ +{ + register int c; + int origCount; + + origCount = count; + + while (count) { + if (TTYROOM() == 0) { +#if defined(unix) + fd_set o; + + FD_ZERO(&o); +#endif /* defined(unix) */ + (void) ttyflush(0); + while (TTYROOM() == 0) { +#if defined(unix) + FD_SET(tout, &o); + (void) select(tout+1, (fd_set *) 0, &o, (fd_set *) 0, + (struct timeval *) 0); +#endif /* defined(unix) */ + (void) ttyflush(0); + } + } + c = TTYROOM(); + if (c > count) { + c = count; + } + ring_supply_data(&ttyoring, buffer, c); + count -= c; + buffer += c; + } + return(origCount); +} + + +/* + * Push3270 - Try to send data along the 3270 output (to screen) direction. + */ + + int +Push3270() +{ + int save = ring_full_count(&netiring); + + if (save) { + if (Ifrontp+save > Ibuf+sizeof Ibuf) { + if (Ibackp != Ibuf) { + memmove(Ibuf, Ibackp, Ifrontp-Ibackp); + Ifrontp -= (Ibackp-Ibuf); + Ibackp = Ibuf; + } + } + if (Ifrontp+save < Ibuf+sizeof Ibuf) { + (void)telrcv(); + } + } + return save != ring_full_count(&netiring); +} + + +/* + * Finish3270 - get the last dregs of 3270 data out to the terminal + * before quitting. + */ + + void +Finish3270() +{ + while (Push3270() || !DoTerminalOutput()) { +#if defined(unix) + HaveInput = 0; +#endif /* defined(unix) */ + ; + } +} + + +/* StringToTerminal - output a null terminated string to the terminal */ + + void +StringToTerminal(s) + char *s; +{ + int count; + + count = strlen(s); + if (count) { + (void) DataToTerminal(s, count); /* we know it always goes... */ + } +} + + +#if ((!defined(NOT43)) || defined(PUTCHAR)) +/* _putchar - output a single character to the terminal. This name is so that + * curses(3x) can call us to send out data. + */ + + void +_putchar(c) + char c; +{ +#if defined(sun) /* SunOS 4.0 bug */ + c &= 0x7f; +#endif /* defined(sun) */ + if (cursesdata) { + Dump('>', &c, 1); + } + if (!TTYROOM()) { + (void) DataToTerminal(&c, 1); + } else { + TTYADD(c); + } +} +#endif /* ((!defined(NOT43)) || defined(PUTCHAR)) */ + + void +SetIn3270() +{ + if (Sent3270TerminalType && my_want_state_is_will(TELOPT_BINARY) + && my_want_state_is_do(TELOPT_BINARY) && !donebinarytoggle) { + if (!In3270) { + In3270 = 1; + Init3270(); /* Initialize 3270 functions */ + /* initialize terminal key mapping */ + InitTerminal(); /* Start terminal going */ + setconnmode(0); + } + } else { + if (In3270) { + StopScreen(1); + In3270 = 0; + Stop3270(); /* Tell 3270 we aren't here anymore */ + setconnmode(0); + } + } +} + +/* + * tn3270_ttype() + * + * Send a response to a terminal type negotiation. + * + * Return '0' if no more responses to send; '1' if a response sent. + */ + + int +tn3270_ttype() +{ + /* + * Try to send a 3270 type terminal name. Decide which one based + * on the format of our screen, and (in the future) color + * capaiblities. + */ + InitTerminal(); /* Sets MaxNumberColumns, MaxNumberLines */ + if ((MaxNumberLines >= 24) && (MaxNumberColumns >= 80)) { + Sent3270TerminalType = 1; + if ((MaxNumberLines >= 27) && (MaxNumberColumns >= 132)) { + MaxNumberLines = 27; + MaxNumberColumns = 132; + sb_terminal[SBTERMMODEL] = '5'; + } else if (MaxNumberLines >= 43) { + MaxNumberLines = 43; + MaxNumberColumns = 80; + sb_terminal[SBTERMMODEL] = '4'; + } else if (MaxNumberLines >= 32) { + MaxNumberLines = 32; + MaxNumberColumns = 80; + sb_terminal[SBTERMMODEL] = '3'; + } else { + MaxNumberLines = 24; + MaxNumberColumns = 80; + sb_terminal[SBTERMMODEL] = '2'; + } + NumberLines = 24; /* before we start out... */ + NumberColumns = 80; + ScreenSize = NumberLines*NumberColumns; + if ((MaxNumberLines*MaxNumberColumns) > MAXSCREENSIZE) { + ExitString("Programming error: MAXSCREENSIZE too small.\n", + 1); + /*NOTREACHED*/ + } + printsub('>', sb_terminal+2, sizeof sb_terminal-2); + ring_supply_data(&netoring, sb_terminal, sizeof sb_terminal); + return 1; + } else { + return 0; + } +} + +#if defined(unix) + int +settranscom(argc, argv) + int argc; + char *argv[]; +{ + int i; + + if (argc == 1 && transcom) { + transcom = 0; + } + if (argc == 1) { + return 1; + } + transcom = tline; + (void) strcpy(transcom, argv[1]); + for (i = 2; i < argc; ++i) { + (void) strcat(transcom, " "); + (void) strcat(transcom, argv[i]); + } + return 1; +} +#endif /* defined(unix) */ + +#endif /* defined(TN3270) */ diff --git a/secure/usr.bin/telnet/types.h b/secure/usr.bin/telnet/types.h new file mode 100644 index 0000000..191d311 --- /dev/null +++ b/secure/usr.bin/telnet/types.h @@ -0,0 +1,52 @@ +/* + * Copyright (c) 1988, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)types.h 8.1 (Berkeley) 6/6/93 + */ + +typedef struct { + char *modedescriptions; + char modetype; +} Modelist; + +extern Modelist modelist[]; + +typedef struct { + int + system, /* what the current time is */ + echotoggle, /* last time user entered echo character */ + modenegotiated, /* last time operating mode negotiated */ + didnetreceive, /* last time we read data from network */ + gotDM; /* when did we last see a data mark */ +} Clocks; + +extern Clocks clocks; diff --git a/secure/usr.bin/telnet/utilities.c b/secure/usr.bin/telnet/utilities.c new file mode 100644 index 0000000..06d08a4 --- /dev/null +++ b/secure/usr.bin/telnet/utilities.c @@ -0,0 +1,939 @@ +/* + * Copyright (c) 1988, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifndef lint +static char sccsid[] = "@(#)utilities.c 8.3 (Berkeley) 5/30/95"; +#endif /* not lint */ + +#define TELOPTS +#define TELCMDS +#define SLC_NAMES +#include <arpa/telnet.h> +#include <sys/types.h> +#include <sys/time.h> + +#include <ctype.h> + +#include "general.h" + +#include "fdset.h" + +#include "ring.h" + +#include "defines.h" + +#include "externs.h" + +FILE *NetTrace = 0; /* Not in bss, since needs to stay */ +int prettydump; + +/* + * upcase() + * + * Upcase (in place) the argument. + */ + + void +upcase(argument) + register char *argument; +{ + register int c; + + while ((c = *argument) != 0) { + if (islower(c)) { + *argument = toupper(c); + } + argument++; + } +} + +/* + * SetSockOpt() + * + * Compensate for differences in 4.2 and 4.3 systems. + */ + + int +SetSockOpt(fd, level, option, yesno) + int fd, level, option, yesno; +{ +#ifndef NOT43 + return setsockopt(fd, level, option, + (char *)&yesno, sizeof yesno); +#else /* NOT43 */ + if (yesno == 0) { /* Can't do that in 4.2! */ + fprintf(stderr, "Error: attempt to turn off an option 0x%x.\n", + option); + return -1; + } + return setsockopt(fd, level, option, 0, 0); +#endif /* NOT43 */ +} + +/* + * The following are routines used to print out debugging information. + */ + +unsigned char NetTraceFile[256] = "(standard output)"; + + void +SetNetTrace(file) + register char *file; +{ + if (NetTrace && NetTrace != stdout) + fclose(NetTrace); + if (file && (strcmp(file, "-") != 0)) { + NetTrace = fopen(file, "w"); + if (NetTrace) { + strcpy((char *)NetTraceFile, file); + return; + } + fprintf(stderr, "Cannot open %s.\n", file); + } + NetTrace = stdout; + strcpy((char *)NetTraceFile, "(standard output)"); +} + + void +Dump(direction, buffer, length) + char direction; + unsigned char *buffer; + int length; +{ +# define BYTES_PER_LINE 32 +# define min(x,y) ((x<y)? x:y) + unsigned char *pThis; + int offset; + extern pettydump; + + offset = 0; + + while (length) { + /* print one line */ + fprintf(NetTrace, "%c 0x%x\t", direction, offset); + pThis = buffer; + if (prettydump) { + buffer = buffer + min(length, BYTES_PER_LINE/2); + while (pThis < buffer) { + fprintf(NetTrace, "%c%.2x", + (((*pThis)&0xff) == 0xff) ? '*' : ' ', + (*pThis)&0xff); + pThis++; + } + length -= BYTES_PER_LINE/2; + offset += BYTES_PER_LINE/2; + } else { + buffer = buffer + min(length, BYTES_PER_LINE); + while (pThis < buffer) { + fprintf(NetTrace, "%.2x", (*pThis)&0xff); + pThis++; + } + length -= BYTES_PER_LINE; + offset += BYTES_PER_LINE; + } + if (NetTrace == stdout) { + fprintf(NetTrace, "\r\n"); + } else { + fprintf(NetTrace, "\n"); + } + if (length < 0) { + fflush(NetTrace); + return; + } + /* find next unique line */ + } + fflush(NetTrace); +} + + + void +printoption(direction, cmd, option) + char *direction; + int cmd, option; +{ + if (!showoptions) + return; + if (cmd == IAC) { + if (TELCMD_OK(option)) + fprintf(NetTrace, "%s IAC %s", direction, TELCMD(option)); + else + fprintf(NetTrace, "%s IAC %d", direction, option); + } else { + register char *fmt; + fmt = (cmd == WILL) ? "WILL" : (cmd == WONT) ? "WONT" : + (cmd == DO) ? "DO" : (cmd == DONT) ? "DONT" : 0; + if (fmt) { + fprintf(NetTrace, "%s %s ", direction, fmt); + if (TELOPT_OK(option)) + fprintf(NetTrace, "%s", TELOPT(option)); + else if (option == TELOPT_EXOPL) + fprintf(NetTrace, "EXOPL"); + else + fprintf(NetTrace, "%d", option); + } else + fprintf(NetTrace, "%s %d %d", direction, cmd, option); + } + if (NetTrace == stdout) { + fprintf(NetTrace, "\r\n"); + fflush(NetTrace); + } else { + fprintf(NetTrace, "\n"); + } + return; +} + + void +optionstatus() +{ + register int i; + extern char will_wont_resp[], do_dont_resp[]; + + for (i = 0; i < 256; i++) { + if (do_dont_resp[i]) { + if (TELOPT_OK(i)) + printf("resp DO_DONT %s: %d\n", TELOPT(i), do_dont_resp[i]); + else if (TELCMD_OK(i)) + printf("resp DO_DONT %s: %d\n", TELCMD(i), do_dont_resp[i]); + else + printf("resp DO_DONT %d: %d\n", i, + do_dont_resp[i]); + if (my_want_state_is_do(i)) { + if (TELOPT_OK(i)) + printf("want DO %s\n", TELOPT(i)); + else if (TELCMD_OK(i)) + printf("want DO %s\n", TELCMD(i)); + else + printf("want DO %d\n", i); + } else { + if (TELOPT_OK(i)) + printf("want DONT %s\n", TELOPT(i)); + else if (TELCMD_OK(i)) + printf("want DONT %s\n", TELCMD(i)); + else + printf("want DONT %d\n", i); + } + } else { + if (my_state_is_do(i)) { + if (TELOPT_OK(i)) + printf(" DO %s\n", TELOPT(i)); + else if (TELCMD_OK(i)) + printf(" DO %s\n", TELCMD(i)); + else + printf(" DO %d\n", i); + } + } + if (will_wont_resp[i]) { + if (TELOPT_OK(i)) + printf("resp WILL_WONT %s: %d\n", TELOPT(i), will_wont_resp[i]); + else if (TELCMD_OK(i)) + printf("resp WILL_WONT %s: %d\n", TELCMD(i), will_wont_resp[i]); + else + printf("resp WILL_WONT %d: %d\n", + i, will_wont_resp[i]); + if (my_want_state_is_will(i)) { + if (TELOPT_OK(i)) + printf("want WILL %s\n", TELOPT(i)); + else if (TELCMD_OK(i)) + printf("want WILL %s\n", TELCMD(i)); + else + printf("want WILL %d\n", i); + } else { + if (TELOPT_OK(i)) + printf("want WONT %s\n", TELOPT(i)); + else if (TELCMD_OK(i)) + printf("want WONT %s\n", TELCMD(i)); + else + printf("want WONT %d\n", i); + } + } else { + if (my_state_is_will(i)) { + if (TELOPT_OK(i)) + printf(" WILL %s\n", TELOPT(i)); + else if (TELCMD_OK(i)) + printf(" WILL %s\n", TELCMD(i)); + else + printf(" WILL %d\n", i); + } + } + } + +} + + void +printsub(direction, pointer, length) + char direction; /* '<' or '>' */ + unsigned char *pointer; /* where suboption data sits */ + int length; /* length of suboption data */ +{ + register int i; + char buf[512]; + extern int want_status_response; + + if (showoptions || direction == 0 || + (want_status_response && (pointer[0] == TELOPT_STATUS))) { + if (direction) { + fprintf(NetTrace, "%s IAC SB ", + (direction == '<')? "RCVD":"SENT"); + if (length >= 3) { + register int j; + + i = pointer[length-2]; + j = pointer[length-1]; + + if (i != IAC || j != SE) { + fprintf(NetTrace, "(terminated by "); + if (TELOPT_OK(i)) + fprintf(NetTrace, "%s ", TELOPT(i)); + else if (TELCMD_OK(i)) + fprintf(NetTrace, "%s ", TELCMD(i)); + else + fprintf(NetTrace, "%d ", i); + if (TELOPT_OK(j)) + fprintf(NetTrace, "%s", TELOPT(j)); + else if (TELCMD_OK(j)) + fprintf(NetTrace, "%s", TELCMD(j)); + else + fprintf(NetTrace, "%d", j); + fprintf(NetTrace, ", not IAC SE!) "); + } + } + length -= 2; + } + if (length < 1) { + fprintf(NetTrace, "(Empty suboption??\?)"); + if (NetTrace == stdout) + fflush(NetTrace); + return; + } + switch (pointer[0]) { + case TELOPT_TTYPE: + fprintf(NetTrace, "TERMINAL-TYPE "); + switch (pointer[1]) { + case TELQUAL_IS: + fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2); + break; + case TELQUAL_SEND: + fprintf(NetTrace, "SEND"); + break; + default: + fprintf(NetTrace, + "- unknown qualifier %d (0x%x).", + pointer[1], pointer[1]); + } + break; + case TELOPT_TSPEED: + fprintf(NetTrace, "TERMINAL-SPEED"); + if (length < 2) { + fprintf(NetTrace, " (empty suboption??\?)"); + break; + } + switch (pointer[1]) { + case TELQUAL_IS: + fprintf(NetTrace, " IS "); + fprintf(NetTrace, "%.*s", length-2, (char *)pointer+2); + break; + default: + if (pointer[1] == 1) + fprintf(NetTrace, " SEND"); + else + fprintf(NetTrace, " %d (unknown)", pointer[1]); + for (i = 2; i < length; i++) + fprintf(NetTrace, " ?%d?", pointer[i]); + break; + } + break; + + case TELOPT_LFLOW: + fprintf(NetTrace, "TOGGLE-FLOW-CONTROL"); + if (length < 2) { + fprintf(NetTrace, " (empty suboption??\?)"); + break; + } + switch (pointer[1]) { + case LFLOW_OFF: + fprintf(NetTrace, " OFF"); break; + case LFLOW_ON: + fprintf(NetTrace, " ON"); break; + case LFLOW_RESTART_ANY: + fprintf(NetTrace, " RESTART-ANY"); break; + case LFLOW_RESTART_XON: + fprintf(NetTrace, " RESTART-XON"); break; + default: + fprintf(NetTrace, " %d (unknown)", pointer[1]); + } + for (i = 2; i < length; i++) + fprintf(NetTrace, " ?%d?", pointer[i]); + break; + + case TELOPT_NAWS: + fprintf(NetTrace, "NAWS"); + if (length < 2) { + fprintf(NetTrace, " (empty suboption??\?)"); + break; + } + if (length == 2) { + fprintf(NetTrace, " ?%d?", pointer[1]); + break; + } + fprintf(NetTrace, " %d %d (%d)", + pointer[1], pointer[2], + (int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2]))); + if (length == 4) { + fprintf(NetTrace, " ?%d?", pointer[3]); + break; + } + fprintf(NetTrace, " %d %d (%d)", + pointer[3], pointer[4], + (int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4]))); + for (i = 5; i < length; i++) + fprintf(NetTrace, " ?%d?", pointer[i]); + break; + +#if defined(AUTHENTICATION) + case TELOPT_AUTHENTICATION: + fprintf(NetTrace, "AUTHENTICATION"); + if (length < 2) { + fprintf(NetTrace, " (empty suboption??\?)"); + break; + } + switch (pointer[1]) { + case TELQUAL_REPLY: + case TELQUAL_IS: + fprintf(NetTrace, " %s ", (pointer[1] == TELQUAL_IS) ? + "IS" : "REPLY"); + if (AUTHTYPE_NAME_OK(pointer[2])) + fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[2])); + else + fprintf(NetTrace, "%d ", pointer[2]); + if (length < 3) { + fprintf(NetTrace, "(partial suboption??\?)"); + break; + } + fprintf(NetTrace, "%s|%s", + ((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? + "CLIENT" : "SERVER", + ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? + "MUTUAL" : "ONE-WAY"); + + auth_printsub(&pointer[1], length - 1, buf, sizeof(buf)); + fprintf(NetTrace, "%s", buf); + break; + + case TELQUAL_SEND: + i = 2; + fprintf(NetTrace, " SEND "); + while (i < length) { + if (AUTHTYPE_NAME_OK(pointer[i])) + fprintf(NetTrace, "%s ", AUTHTYPE_NAME(pointer[i])); + else + fprintf(NetTrace, "%d ", pointer[i]); + if (++i >= length) { + fprintf(NetTrace, "(partial suboption??\?)"); + break; + } + fprintf(NetTrace, "%s|%s ", + ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? + "CLIENT" : "SERVER", + ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? + "MUTUAL" : "ONE-WAY"); + ++i; + } + break; + + case TELQUAL_NAME: + i = 2; + fprintf(NetTrace, " NAME \""); + while (i < length) + putc(pointer[i++], NetTrace); + putc('"', NetTrace); + break; + + default: + for (i = 2; i < length; i++) + fprintf(NetTrace, " ?%d?", pointer[i]); + break; + } + break; +#endif + +#ifdef ENCRYPTION + case TELOPT_ENCRYPT: + fprintf(NetTrace, "ENCRYPT"); + if (length < 2) { + fprintf(NetTrace, " (empty suboption??\?)"); + break; + } + switch (pointer[1]) { + case ENCRYPT_START: + fprintf(NetTrace, " START"); + break; + + case ENCRYPT_END: + fprintf(NetTrace, " END"); + break; + + case ENCRYPT_REQSTART: + fprintf(NetTrace, " REQUEST-START"); + break; + + case ENCRYPT_REQEND: + fprintf(NetTrace, " REQUEST-END"); + break; + + case ENCRYPT_IS: + case ENCRYPT_REPLY: + fprintf(NetTrace, " %s ", (pointer[1] == ENCRYPT_IS) ? + "IS" : "REPLY"); + if (length < 3) { + fprintf(NetTrace, " (partial suboption??\?)"); + break; + } + if (ENCTYPE_NAME_OK(pointer[2])) + fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[2])); + else + fprintf(NetTrace, " %d (unknown)", pointer[2]); + + encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf)); + fprintf(NetTrace, "%s", buf); + break; + + case ENCRYPT_SUPPORT: + i = 2; + fprintf(NetTrace, " SUPPORT "); + while (i < length) { + if (ENCTYPE_NAME_OK(pointer[i])) + fprintf(NetTrace, "%s ", ENCTYPE_NAME(pointer[i])); + else + fprintf(NetTrace, "%d ", pointer[i]); + i++; + } + break; + + case ENCRYPT_ENC_KEYID: + fprintf(NetTrace, " ENC_KEYID "); + goto encommon; + + case ENCRYPT_DEC_KEYID: + fprintf(NetTrace, " DEC_KEYID "); + goto encommon; + + default: + fprintf(NetTrace, " %d (unknown)", pointer[1]); + encommon: + for (i = 2; i < length; i++) + fprintf(NetTrace, " %d", pointer[i]); + break; + } + break; +#endif /* ENCRYPTION */ + + case TELOPT_LINEMODE: + fprintf(NetTrace, "LINEMODE "); + if (length < 2) { + fprintf(NetTrace, " (empty suboption??\?)"); + break; + } + switch (pointer[1]) { + case WILL: + fprintf(NetTrace, "WILL "); + goto common; + case WONT: + fprintf(NetTrace, "WONT "); + goto common; + case DO: + fprintf(NetTrace, "DO "); + goto common; + case DONT: + fprintf(NetTrace, "DONT "); + common: + if (length < 3) { + fprintf(NetTrace, "(no option??\?)"); + break; + } + switch (pointer[2]) { + case LM_FORWARDMASK: + fprintf(NetTrace, "Forward Mask"); + for (i = 3; i < length; i++) + fprintf(NetTrace, " %x", pointer[i]); + break; + default: + fprintf(NetTrace, "%d (unknown)", pointer[2]); + for (i = 3; i < length; i++) + fprintf(NetTrace, " %d", pointer[i]); + break; + } + break; + + case LM_SLC: + fprintf(NetTrace, "SLC"); + for (i = 2; i < length - 2; i += 3) { + if (SLC_NAME_OK(pointer[i+SLC_FUNC])) + fprintf(NetTrace, " %s", SLC_NAME(pointer[i+SLC_FUNC])); + else + fprintf(NetTrace, " %d", pointer[i+SLC_FUNC]); + switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) { + case SLC_NOSUPPORT: + fprintf(NetTrace, " NOSUPPORT"); break; + case SLC_CANTCHANGE: + fprintf(NetTrace, " CANTCHANGE"); break; + case SLC_VARIABLE: + fprintf(NetTrace, " VARIABLE"); break; + case SLC_DEFAULT: + fprintf(NetTrace, " DEFAULT"); break; + } + fprintf(NetTrace, "%s%s%s", + pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "", + pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "", + pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : ""); + if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN| + SLC_FLUSHOUT| SLC_LEVELBITS)) + fprintf(NetTrace, "(0x%x)", pointer[i+SLC_FLAGS]); + fprintf(NetTrace, " %d;", pointer[i+SLC_VALUE]); + if ((pointer[i+SLC_VALUE] == IAC) && + (pointer[i+SLC_VALUE+1] == IAC)) + i++; + } + for (; i < length; i++) + fprintf(NetTrace, " ?%d?", pointer[i]); + break; + + case LM_MODE: + fprintf(NetTrace, "MODE "); + if (length < 3) { + fprintf(NetTrace, "(no mode??\?)"); + break; + } + { + char tbuf[64]; + sprintf(tbuf, "%s%s%s%s%s", + pointer[2]&MODE_EDIT ? "|EDIT" : "", + pointer[2]&MODE_TRAPSIG ? "|TRAPSIG" : "", + pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "", + pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "", + pointer[2]&MODE_ACK ? "|ACK" : ""); + fprintf(NetTrace, "%s", tbuf[1] ? &tbuf[1] : "0"); + } + if (pointer[2]&~(MODE_MASK)) + fprintf(NetTrace, " (0x%x)", pointer[2]); + for (i = 3; i < length; i++) + fprintf(NetTrace, " ?0x%x?", pointer[i]); + break; + default: + fprintf(NetTrace, "%d (unknown)", pointer[1]); + for (i = 2; i < length; i++) + fprintf(NetTrace, " %d", pointer[i]); + } + break; + + case TELOPT_STATUS: { + register char *cp; + register int j, k; + + fprintf(NetTrace, "STATUS"); + + switch (pointer[1]) { + default: + if (pointer[1] == TELQUAL_SEND) + fprintf(NetTrace, " SEND"); + else + fprintf(NetTrace, " %d (unknown)", pointer[1]); + for (i = 2; i < length; i++) + fprintf(NetTrace, " ?%d?", pointer[i]); + break; + case TELQUAL_IS: + if (--want_status_response < 0) + want_status_response = 0; + if (NetTrace == stdout) + fprintf(NetTrace, " IS\r\n"); + else + fprintf(NetTrace, " IS\n"); + + for (i = 2; i < length; i++) { + switch(pointer[i]) { + case DO: cp = "DO"; goto common2; + case DONT: cp = "DONT"; goto common2; + case WILL: cp = "WILL"; goto common2; + case WONT: cp = "WONT"; goto common2; + common2: + i++; + if (TELOPT_OK((int)pointer[i])) + fprintf(NetTrace, " %s %s", cp, TELOPT(pointer[i])); + else + fprintf(NetTrace, " %s %d", cp, pointer[i]); + + if (NetTrace == stdout) + fprintf(NetTrace, "\r\n"); + else + fprintf(NetTrace, "\n"); + break; + + case SB: + fprintf(NetTrace, " SB "); + i++; + j = k = i; + while (j < length) { + if (pointer[j] == SE) { + if (j+1 == length) + break; + if (pointer[j+1] == SE) + j++; + else + break; + } + pointer[k++] = pointer[j++]; + } + printsub(0, &pointer[i], k - i); + if (i < length) { + fprintf(NetTrace, " SE"); + i = j; + } else + i = j - 1; + + if (NetTrace == stdout) + fprintf(NetTrace, "\r\n"); + else + fprintf(NetTrace, "\n"); + + break; + + default: + fprintf(NetTrace, " %d", pointer[i]); + break; + } + } + break; + } + break; + } + + case TELOPT_XDISPLOC: + fprintf(NetTrace, "X-DISPLAY-LOCATION "); + switch (pointer[1]) { + case TELQUAL_IS: + fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2); + break; + case TELQUAL_SEND: + fprintf(NetTrace, "SEND"); + break; + default: + fprintf(NetTrace, "- unknown qualifier %d (0x%x).", + pointer[1], pointer[1]); + } + break; + + case TELOPT_NEW_ENVIRON: + fprintf(NetTrace, "NEW-ENVIRON "); +#ifdef OLD_ENVIRON + goto env_common1; + case TELOPT_OLD_ENVIRON: + fprintf(NetTrace, "OLD-ENVIRON"); + env_common1: +#endif + switch (pointer[1]) { + case TELQUAL_IS: + fprintf(NetTrace, "IS "); + goto env_common; + case TELQUAL_SEND: + fprintf(NetTrace, "SEND "); + goto env_common; + case TELQUAL_INFO: + fprintf(NetTrace, "INFO "); + env_common: + { + register int noquote = 2; +#if defined(ENV_HACK) && defined(OLD_ENVIRON) + extern int old_env_var, old_env_value; +#endif + for (i = 2; i < length; i++ ) { + switch (pointer[i]) { + case NEW_ENV_VALUE: +#ifdef OLD_ENVIRON + /* case NEW_ENV_OVAR: */ + if (pointer[0] == TELOPT_OLD_ENVIRON) { +# ifdef ENV_HACK + if (old_env_var == OLD_ENV_VALUE) + fprintf(NetTrace, "\" (VALUE) " + noquote); + else +# endif + fprintf(NetTrace, "\" VAR " + noquote); + } else +#endif /* OLD_ENVIRON */ + fprintf(NetTrace, "\" VALUE " + noquote); + noquote = 2; + break; + + case NEW_ENV_VAR: +#ifdef OLD_ENVIRON + /* case OLD_ENV_VALUE: */ + if (pointer[0] == TELOPT_OLD_ENVIRON) { +# ifdef ENV_HACK + if (old_env_value == OLD_ENV_VAR) + fprintf(NetTrace, "\" (VAR) " + noquote); + else +# endif + fprintf(NetTrace, "\" VALUE " + noquote); + } else +#endif /* OLD_ENVIRON */ + fprintf(NetTrace, "\" VAR " + noquote); + noquote = 2; + break; + + case ENV_ESC: + fprintf(NetTrace, "\" ESC " + noquote); + noquote = 2; + break; + + case ENV_USERVAR: + fprintf(NetTrace, "\" USERVAR " + noquote); + noquote = 2; + break; + + default: + def_case: + if (isprint(pointer[i]) && pointer[i] != '"') { + if (noquote) { + putc('"', NetTrace); + noquote = 0; + } + putc(pointer[i], NetTrace); + } else { + fprintf(NetTrace, "\" %03o " + noquote, + pointer[i]); + noquote = 2; + } + break; + } + } + if (!noquote) + putc('"', NetTrace); + break; + } + } + break; + + default: + if (TELOPT_OK(pointer[0])) + fprintf(NetTrace, "%s (unknown)", TELOPT(pointer[0])); + else + fprintf(NetTrace, "%d (unknown)", pointer[0]); + for (i = 1; i < length; i++) + fprintf(NetTrace, " %d", pointer[i]); + break; + } + if (direction) { + if (NetTrace == stdout) + fprintf(NetTrace, "\r\n"); + else + fprintf(NetTrace, "\n"); + } + if (NetTrace == stdout) + fflush(NetTrace); + } +} + +/* EmptyTerminal - called to make sure that the terminal buffer is empty. + * Note that we consider the buffer to run all the + * way to the kernel (thus the select). + */ + + void +EmptyTerminal() +{ +#if defined(unix) + fd_set o; + + FD_ZERO(&o); +#endif /* defined(unix) */ + + if (TTYBYTES() == 0) { +#if defined(unix) + FD_SET(tout, &o); + (void) select(tout+1, (fd_set *) 0, &o, (fd_set *) 0, + (struct timeval *) 0); /* wait for TTLOWAT */ +#endif /* defined(unix) */ + } else { + while (TTYBYTES()) { + (void) ttyflush(0); +#if defined(unix) + FD_SET(tout, &o); + (void) select(tout+1, (fd_set *) 0, &o, (fd_set *) 0, + (struct timeval *) 0); /* wait for TTLOWAT */ +#endif /* defined(unix) */ + } + } +} + + void +SetForExit() +{ + setconnmode(0); +#if defined(TN3270) + if (In3270) { + Finish3270(); + } +#else /* defined(TN3270) */ + do { + (void)telrcv(); /* Process any incoming data */ + EmptyTerminal(); + } while (ring_full_count(&netiring)); /* While there is any */ +#endif /* defined(TN3270) */ + setcommandmode(); + fflush(stdout); + fflush(stderr); +#if defined(TN3270) + if (In3270) { + StopScreen(1); + } +#endif /* defined(TN3270) */ + setconnmode(0); + EmptyTerminal(); /* Flush the path to the tty */ + setcommandmode(); +} + + void +Exit(returnCode) + int returnCode; +{ + SetForExit(); + exit(returnCode); +} + + void +ExitString(string, returnCode) + char *string; + int returnCode; +{ + SetForExit(); + fwrite(string, 1, strlen(string), stderr); + exit(returnCode); +} diff --git a/secure/usr.sbin/sendmail/Makefile b/secure/usr.sbin/sendmail/Makefile new file mode 100644 index 0000000..7decb02 --- /dev/null +++ b/secure/usr.sbin/sendmail/Makefile @@ -0,0 +1,45 @@ +# @(#)Makefile 8.12 (Berkeley) 5/29/95 + +VER= XX +SUBDIR= src mailstats makemap praliases smrsh cf/cf +FTPDIR= mastodon:/disks/barad-dur/ftp/sendmail/. +DISTFILES=sendmail.${VER}.tar.Z sendmail.${VER}.tar.gz \ + RELEASE_NOTES FAQ KNOWNBUGS +FILES= Files.base Files.cf Files.misc Files.xdoc + +tar: sccs-check compile-world run-pax + +sccs-check: + sccs check + (cd src; sccs check) + (cd doc/op; sccs check) + (cd doc/intro; sccs check) + (cd doc/usenix; sccs check) + (cd cf; sccs check) + (cd cf/m4; sccs check) + (cd cf/mailer; sccs check) + (cd cf/feature; sccs check) + (cd cf/cf; sccs check) + (cd cf/ostype; sccs check) + (cd cf/domain; sccs check) + +compile-world: + (cd src; ${MAKE}) + (cd doc; PRINTER=ps ${MAKE}) + (cd doc; chmod 444 op/op.ps intro/intro.ps usenix/usenix.ps) + (cd cf/cf; ${MAKE}) + +run-pax: Files.base Files.cf Files.misc Files.xdoc + chmod +x src/makesendmail + pax -w -x tar -L \ + -s ",cf/domain/unspecified-domain,sendmail-${VER}/cf/domain/berkeley-only,p" \ + -s ",^,sendmail-${VER}/," \ + -f sendmail.${VER}.tar \ + `cat ${FILES} | grep -v ^#` + gzip -c sendmail.${VER}.tar > sendmail.${VER}.tar.gz + compress sendmail.${VER}.tar + +ftp: sendmail.${VER}.tar.Z + rcp ${DISTFILES} ${FTPDIR} + +.include <bsd.subdir.mk> diff --git a/secure/usr.sbin/xntpd/lib/authdes.c b/secure/usr.sbin/xntpd/lib/authdes.c new file mode 100644 index 0000000..d6d8d1b --- /dev/null +++ b/secure/usr.sbin/xntpd/lib/authdes.c @@ -0,0 +1,869 @@ +/* + * authdes.c - an implementation of the DES cipher algorithm for NTP + */ +#include <sys/types.h> + +#include <netinet/in.h> + +#if BYTE_ORDER == BIG_ENDIAN +#define XNTP_BIG_ENDIAN +#endif +#if BYTE_ORDER == LITTLE_ENDIAN +#define XNTP_LITTLE_ENDIAN +#endif + +/* + * There are two entries in here. auth_subkeys() called to + * compute the encryption and decryption key schedules, while + * auth_des() is called to do the actual encryption/decryption + */ + +/* + * Byte order woes. The DES code is sensitive to byte order. This + * used to be resolved by calling ntohl() and htonl() to swap things + * around, but this turned out to be quite costly on Vaxes where those + * things are actual functions. The code now straightens out byte + * order troubles on its own, with no performance penalty for little + * end first machines, but at great expense to cleanliness. + */ +#if !defined(XNTP_BIG_ENDIAN) && !defined(XNTP_LITTLE_ENDIAN) + /* + * Pick one or the other. + */ + BYTE_ORDER_NOT_DEFINED_FOR_AUTHENTICATION +#endif + +/* + * Key setup. Here we entirely permute a key, saving the results + * for both the encryption and decryption. Note that while the + * decryption subkeys are simply the encryption keys reordered, + * we save both so that a common cipher routine may be used. + */ + +/* + * Permuted choice 1 tables. These are used to extract bits + * from the left and right parts of the key to form Ci and Di. + * The code that uses these tables knows which bits from which + * part of each key are used to form Ci and Di. + */ +static u_long PC1_CL[8] = { + 0x00000000, 0x00000010, 0x00001000, 0x00001010, + 0x00100000, 0x00100010, 0x00101000, 0x00101010 +}; + +static u_long PC1_DL[16] = { + 0x00000000, 0x00100000, 0x00001000, 0x00101000, + 0x00000010, 0x00100010, 0x00001010, 0x00101010, + 0x00000001, 0x00100001, 0x00001001, 0x00101001, + 0x00000011, 0x00100011, 0x00001011, 0x00101011 +}; + +static u_long PC1_CR[16] = { + 0x00000000, 0x00000001, 0x00000100, 0x00000101, + 0x00010000, 0x00010001, 0x00010100, 0x00010101, + 0x01000000, 0x01000001, 0x01000100, 0x01000101, + 0x01010000, 0x01010001, 0x01010100, 0x01010101 +}; + +static u_long PC1_DR[8] = { + 0x00000000, 0x01000000, 0x00010000, 0x01010000, + 0x00000100, 0x01000100, 0x00010100, 0x01010100 +}; + + +/* + * At the start of some iterations of the key schedule we do + * a circular left shift by one place, while for others we do a shift by + * two places. This has bits set for the iterations where we do 2 bit + * shifts, starting at the low order bit. + */ +#define TWO_BIT_SHIFTS 0x7efc + +/* + * Permuted choice 2 tables. The first actually produces the low order + * 24 bits of the subkey Ki from the 28 bit value of Ci. The second produces + * the high order 24 bits from Di. The tables are indexed by six bit + * segments of Ci and Di respectively. The code is handcrafted to compute + * the appropriate 6 bit chunks. + * + * Note that for ease of computation, the 24 bit values are produced with + * six bits going into each byte. + */ +static u_long PC2_C[4][64] = { + 0x00000000, 0x00040000, 0x01000000, 0x01040000, + 0x00000400, 0x00040400, 0x01000400, 0x01040400, + 0x00200000, 0x00240000, 0x01200000, 0x01240000, + 0x00200400, 0x00240400, 0x01200400, 0x01240400, + 0x00000001, 0x00040001, 0x01000001, 0x01040001, + 0x00000401, 0x00040401, 0x01000401, 0x01040401, + 0x00200001, 0x00240001, 0x01200001, 0x01240001, + 0x00200401, 0x00240401, 0x01200401, 0x01240401, + 0x02000000, 0x02040000, 0x03000000, 0x03040000, + 0x02000400, 0x02040400, 0x03000400, 0x03040400, + 0x02200000, 0x02240000, 0x03200000, 0x03240000, + 0x02200400, 0x02240400, 0x03200400, 0x03240400, + 0x02000001, 0x02040001, 0x03000001, 0x03040001, + 0x02000401, 0x02040401, 0x03000401, 0x03040401, + 0x02200001, 0x02240001, 0x03200001, 0x03240001, + 0x02200401, 0x02240401, 0x03200401, 0x03240401, + + 0x00000000, 0x00000002, 0x00000800, 0x00000802, + 0x08000000, 0x08000002, 0x08000800, 0x08000802, + 0x00010000, 0x00010002, 0x00010800, 0x00010802, + 0x08010000, 0x08010002, 0x08010800, 0x08010802, + 0x00000100, 0x00000102, 0x00000900, 0x00000902, + 0x08000100, 0x08000102, 0x08000900, 0x08000902, + 0x00010100, 0x00010102, 0x00010900, 0x00010902, + 0x08010100, 0x08010102, 0x08010900, 0x08010902, + 0x00000010, 0x00000012, 0x00000810, 0x00000812, + 0x08000010, 0x08000012, 0x08000810, 0x08000812, + 0x00010010, 0x00010012, 0x00010810, 0x00010812, + 0x08010010, 0x08010012, 0x08010810, 0x08010812, + 0x00000110, 0x00000112, 0x00000910, 0x00000912, + 0x08000110, 0x08000112, 0x08000910, 0x08000912, + 0x00010110, 0x00010112, 0x00010910, 0x00010912, + 0x08010110, 0x08010112, 0x08010910, 0x08010912, + + 0x00000000, 0x04000000, 0x00002000, 0x04002000, + 0x10000000, 0x14000000, 0x10002000, 0x14002000, + 0x00000020, 0x04000020, 0x00002020, 0x04002020, + 0x10000020, 0x14000020, 0x10002020, 0x14002020, + 0x00080000, 0x04080000, 0x00082000, 0x04082000, + 0x10080000, 0x14080000, 0x10082000, 0x14082000, + 0x00080020, 0x04080020, 0x00082020, 0x04082020, + 0x10080020, 0x14080020, 0x10082020, 0x14082020, + 0x20000000, 0x24000000, 0x20002000, 0x24002000, + 0x30000000, 0x34000000, 0x30002000, 0x34002000, + 0x20000020, 0x24000020, 0x20002020, 0x24002020, + 0x30000020, 0x34000020, 0x30002020, 0x34002020, + 0x20080000, 0x24080000, 0x20082000, 0x24082000, + 0x30080000, 0x34080000, 0x30082000, 0x34082000, + 0x20080020, 0x24080020, 0x20082020, 0x24082020, + 0x30080020, 0x34080020, 0x30082020, 0x34082020, + + 0x00000000, 0x00100000, 0x00000008, 0x00100008, + 0x00000200, 0x00100200, 0x00000208, 0x00100208, + 0x00020000, 0x00120000, 0x00020008, 0x00120008, + 0x00020200, 0x00120200, 0x00020208, 0x00120208, + 0x00000004, 0x00100004, 0x0000000c, 0x0010000c, + 0x00000204, 0x00100204, 0x0000020c, 0x0010020c, + 0x00020004, 0x00120004, 0x0002000c, 0x0012000c, + 0x00020204, 0x00120204, 0x0002020c, 0x0012020c, + 0x00001000, 0x00101000, 0x00001008, 0x00101008, + 0x00001200, 0x00101200, 0x00001208, 0x00101208, + 0x00021000, 0x00121000, 0x00021008, 0x00121008, + 0x00021200, 0x00121200, 0x00021208, 0x00121208, + 0x00001004, 0x00101004, 0x0000100c, 0x0010100c, + 0x00001204, 0x00101204, 0x0000120c, 0x0010120c, + 0x00021004, 0x00121004, 0x0002100c, 0x0012100c, + 0x00021204, 0x00121204, 0x0002120c, 0x0012120c +}; + +static u_long PC2_D[4][64] = { + 0x00000000, 0x00000200, 0x00020000, 0x00020200, + 0x00000001, 0x00000201, 0x00020001, 0x00020201, + 0x08000000, 0x08000200, 0x08020000, 0x08020200, + 0x08000001, 0x08000201, 0x08020001, 0x08020201, + 0x00200000, 0x00200200, 0x00220000, 0x00220200, + 0x00200001, 0x00200201, 0x00220001, 0x00220201, + 0x08200000, 0x08200200, 0x08220000, 0x08220200, + 0x08200001, 0x08200201, 0x08220001, 0x08220201, + 0x00000002, 0x00000202, 0x00020002, 0x00020202, + 0x00000003, 0x00000203, 0x00020003, 0x00020203, + 0x08000002, 0x08000202, 0x08020002, 0x08020202, + 0x08000003, 0x08000203, 0x08020003, 0x08020203, + 0x00200002, 0x00200202, 0x00220002, 0x00220202, + 0x00200003, 0x00200203, 0x00220003, 0x00220203, + 0x08200002, 0x08200202, 0x08220002, 0x08220202, + 0x08200003, 0x08200203, 0x08220003, 0x08220203, + + 0x00000000, 0x00000010, 0x20000000, 0x20000010, + 0x00100000, 0x00100010, 0x20100000, 0x20100010, + 0x00000800, 0x00000810, 0x20000800, 0x20000810, + 0x00100800, 0x00100810, 0x20100800, 0x20100810, + 0x04000000, 0x04000010, 0x24000000, 0x24000010, + 0x04100000, 0x04100010, 0x24100000, 0x24100010, + 0x04000800, 0x04000810, 0x24000800, 0x24000810, + 0x04100800, 0x04100810, 0x24100800, 0x24100810, + 0x00000004, 0x00000014, 0x20000004, 0x20000014, + 0x00100004, 0x00100014, 0x20100004, 0x20100014, + 0x00000804, 0x00000814, 0x20000804, 0x20000814, + 0x00100804, 0x00100814, 0x20100804, 0x20100814, + 0x04000004, 0x04000014, 0x24000004, 0x24000014, + 0x04100004, 0x04100014, 0x24100004, 0x24100014, + 0x04000804, 0x04000814, 0x24000804, 0x24000814, + 0x04100804, 0x04100814, 0x24100804, 0x24100814, + + 0x00000000, 0x00001000, 0x00010000, 0x00011000, + 0x02000000, 0x02001000, 0x02010000, 0x02011000, + 0x00000020, 0x00001020, 0x00010020, 0x00011020, + 0x02000020, 0x02001020, 0x02010020, 0x02011020, + 0x00040000, 0x00041000, 0x00050000, 0x00051000, + 0x02040000, 0x02041000, 0x02050000, 0x02051000, + 0x00040020, 0x00041020, 0x00050020, 0x00051020, + 0x02040020, 0x02041020, 0x02050020, 0x02051020, + 0x00002000, 0x00003000, 0x00012000, 0x00013000, + 0x02002000, 0x02003000, 0x02012000, 0x02013000, + 0x00002020, 0x00003020, 0x00012020, 0x00013020, + 0x02002020, 0x02003020, 0x02012020, 0x02013020, + 0x00042000, 0x00043000, 0x00052000, 0x00053000, + 0x02042000, 0x02043000, 0x02052000, 0x02053000, + 0x00042020, 0x00043020, 0x00052020, 0x00053020, + 0x02042020, 0x02043020, 0x02052020, 0x02053020, + + 0x00000000, 0x00000400, 0x01000000, 0x01000400, + 0x00000100, 0x00000500, 0x01000100, 0x01000500, + 0x10000000, 0x10000400, 0x11000000, 0x11000400, + 0x10000100, 0x10000500, 0x11000100, 0x11000500, + 0x00080000, 0x00080400, 0x01080000, 0x01080400, + 0x00080100, 0x00080500, 0x01080100, 0x01080500, + 0x10080000, 0x10080400, 0x11080000, 0x11080400, + 0x10080100, 0x10080500, 0x11080100, 0x11080500, + 0x00000008, 0x00000408, 0x01000008, 0x01000408, + 0x00000108, 0x00000508, 0x01000108, 0x01000508, + 0x10000008, 0x10000408, 0x11000008, 0x11000408, + 0x10000108, 0x10000508, 0x11000108, 0x11000508, + 0x00080008, 0x00080408, 0x01080008, 0x01080408, + 0x00080108, 0x00080508, 0x01080108, 0x01080508, + 0x10080008, 0x10080408, 0x11080008, 0x11080408, + 0x10080108, 0x10080508, 0x11080108, 0x11080508 +}; + + + +/* + * Permute the key to give us our key schedule. + */ +void +DESauth_subkeys(key, encryptkeys, decryptkeys) + u_long *key; + u_char *encryptkeys; + u_char *decryptkeys; +{ + register u_long tmp; + register u_long c, d; + register u_char *ek, *dk; + register int two_bit_shifts; + register int i; + + /* + * The first permutted choice gives us the 28 bits for C0 and + * 28 for D0. C0 gets 12 bits from the left key and 16 from + * the right, while D0 gets 16 from the left and 12 from the + * right. The code knows which bits go where. + */ + tmp = *key; /* left part of key */ + c = PC1_CL[(tmp >> 29) & 0x7] + | (PC1_CL[(tmp >> 21) & 0x7] << 1) + | (PC1_CL[(tmp >> 13) & 0x7] << 2) + | (PC1_CL[(tmp >> 5) & 0x7] << 3); + d = PC1_DL[(tmp >> 25) & 0xf] + | (PC1_DL[(tmp >> 17) & 0xf] << 1) + | (PC1_DL[(tmp >> 9) & 0xf] << 2) + | (PC1_DL[(tmp >> 1) & 0xf] << 3); + + tmp = *(key+1); /* right part of key */ + c |= PC1_CR[(tmp >> 28) & 0xf] + | (PC1_CR[(tmp >> 20) & 0xf] << 1) + | (PC1_CR[(tmp >> 12) & 0xf] << 2) + | (PC1_CR[(tmp >> 4) & 0xf] << 3); + d |= PC1_DR[(tmp >> 25) & 0x7] + | (PC1_DR[(tmp >> 17) & 0x7] << 1) + | (PC1_DR[(tmp >> 9) & 0x7] << 2) + | (PC1_DR[(tmp >> 1) & 0x7] << 3); + + /* + * Now iterate to compute the key schedule. Note that we + * record the entire set of subkeys in 6 bit chunks since + * they are used that way. At 6 bits/char, we need + * 48/6 char's/subkey * 16 subkeys/encryption == 128 chars. + * encryptkeys and decryptkeys must be this big. + */ + ek = encryptkeys; + dk = decryptkeys + (8 * 15); + two_bit_shifts = TWO_BIT_SHIFTS; + for (i = 16; i > 0; i--) { + /* + * Do the rotation. One bit and two bit rotations + * are done separately. Note C and D are 28 bits. + */ + if (two_bit_shifts & 0x1) { + c = ((c << 2) & 0xffffffc) | (c >> 26); + d = ((d << 2) & 0xffffffc) | (d >> 26); + } else { + c = ((c << 1) & 0xffffffe) | (c >> 27); + d = ((d << 1) & 0xffffffe) | (d >> 27); + } + two_bit_shifts >>= 1; + + /* + * Apply permutted choice 2 to C to get the first + * 24 bits worth of keys. Note that bits 9, 18, 22 + * and 25 (using DES numbering) in C are unused. The + * shift-mask stuff is done to delete these bits from + * the indices, since this cuts the table size in half. + */ + tmp = PC2_C[0][((c >> 22) & 0x3f)] + | PC2_C[1][((c >> 15) & 0xf) | ((c >> 16) & 0x30)] + | PC2_C[2][((c >> 4) & 0x3) | ((c >> 9) & 0x3c)] + | PC2_C[3][((c ) & 0x7) | ((c >> 4) & 0x38)]; + *ek++ = *dk++ = (u_char)(tmp >> 24); + *ek++ = *dk++ = (u_char)(tmp >> 16); + *ek++ = *dk++ = (u_char)(tmp >> 8); + *ek++ = *dk++ = (u_char)tmp; + + /* + * Apply permutted choice 2 to D to get the other half. + * Here, bits 7, 10, 15 and 26 go unused. The sqeezing + * actually turns out to be cheaper here. + */ + tmp = PC2_D[0][((d >> 22) & 0x3f)] + | PC2_D[1][((d >> 14) & 0xf) | ((d >> 15) & 0x30)] + | PC2_D[2][((d >> 7) & 0x3f)] + | PC2_D[3][((d ) & 0x3) | ((d >> 1) & 0x3c)]; + *ek++ = *dk++ = (u_char)(tmp >> 24); + *ek++ = *dk++ = (u_char)(tmp >> 16); + *ek++ = *dk++ = (u_char)(tmp >> 8); + *ek++ = *dk++ = (u_char)tmp; + + /* + * We are filling in the decryption subkeys from the end. + * Space it back 16 elements to get to the start of the + * next set. + */ + dk -= 16; + } +} + +/* + * The DES algorithm. This is intended to be fairly speedy at the + * expense of some memory. + * + * This uses all the standard hacks. The S boxes and the P permutation + * are precomputed into one table. The E box never actually appears + * explicitly since it is easy to apply this algorithmically. The + * initial permutation and final (inverse initial) permuation are + * computed from tables designed to permute four bits at a time. This + * should run pretty fast on machines with 32 bit words and + * bit field/multiple bit shift instructions which are fast. + */ + +/* + * The initial permutation array. This is used to compute both the + * left and the right halves of the initial permutation using bytes + * from words made from the following operations: + * + * ((left & 0x55555555) << 1) | (right & 0x55555555) for left half + * (left & 0xaaaaaaaa) | ((right & 0xaaaaaaaa) >> 1) for right half + * + * The scheme is that we index into the table using each byte. The + * result from the high order byte is or'd with the result from the + * next byte shifted left once is or'd with the result from the next + * byte shifted left twice if or'd with the result from the low order + * byte shifted left by three. Clear? + */ +static u_long IP[256] = { + 0x00000000, 0x00000010, 0x00000001, 0x00000011, + 0x00001000, 0x00001010, 0x00001001, 0x00001011, + 0x00000100, 0x00000110, 0x00000101, 0x00000111, + 0x00001100, 0x00001110, 0x00001101, 0x00001111, + 0x00100000, 0x00100010, 0x00100001, 0x00100011, + 0x00101000, 0x00101010, 0x00101001, 0x00101011, + 0x00100100, 0x00100110, 0x00100101, 0x00100111, + 0x00101100, 0x00101110, 0x00101101, 0x00101111, + 0x00010000, 0x00010010, 0x00010001, 0x00010011, + 0x00011000, 0x00011010, 0x00011001, 0x00011011, + 0x00010100, 0x00010110, 0x00010101, 0x00010111, + 0x00011100, 0x00011110, 0x00011101, 0x00011111, + 0x00110000, 0x00110010, 0x00110001, 0x00110011, + 0x00111000, 0x00111010, 0x00111001, 0x00111011, + 0x00110100, 0x00110110, 0x00110101, 0x00110111, + 0x00111100, 0x00111110, 0x00111101, 0x00111111, + 0x10000000, 0x10000010, 0x10000001, 0x10000011, + 0x10001000, 0x10001010, 0x10001001, 0x10001011, + 0x10000100, 0x10000110, 0x10000101, 0x10000111, + 0x10001100, 0x10001110, 0x10001101, 0x10001111, + 0x10100000, 0x10100010, 0x10100001, 0x10100011, + 0x10101000, 0x10101010, 0x10101001, 0x10101011, + 0x10100100, 0x10100110, 0x10100101, 0x10100111, + 0x10101100, 0x10101110, 0x10101101, 0x10101111, + 0x10010000, 0x10010010, 0x10010001, 0x10010011, + 0x10011000, 0x10011010, 0x10011001, 0x10011011, + 0x10010100, 0x10010110, 0x10010101, 0x10010111, + 0x10011100, 0x10011110, 0x10011101, 0x10011111, + 0x10110000, 0x10110010, 0x10110001, 0x10110011, + 0x10111000, 0x10111010, 0x10111001, 0x10111011, + 0x10110100, 0x10110110, 0x10110101, 0x10110111, + 0x10111100, 0x10111110, 0x10111101, 0x10111111, + 0x01000000, 0x01000010, 0x01000001, 0x01000011, + 0x01001000, 0x01001010, 0x01001001, 0x01001011, + 0x01000100, 0x01000110, 0x01000101, 0x01000111, + 0x01001100, 0x01001110, 0x01001101, 0x01001111, + 0x01100000, 0x01100010, 0x01100001, 0x01100011, + 0x01101000, 0x01101010, 0x01101001, 0x01101011, + 0x01100100, 0x01100110, 0x01100101, 0x01100111, + 0x01101100, 0x01101110, 0x01101101, 0x01101111, + 0x01010000, 0x01010010, 0x01010001, 0x01010011, + 0x01011000, 0x01011010, 0x01011001, 0x01011011, + 0x01010100, 0x01010110, 0x01010101, 0x01010111, + 0x01011100, 0x01011110, 0x01011101, 0x01011111, + 0x01110000, 0x01110010, 0x01110001, 0x01110011, + 0x01111000, 0x01111010, 0x01111001, 0x01111011, + 0x01110100, 0x01110110, 0x01110101, 0x01110111, + 0x01111100, 0x01111110, 0x01111101, 0x01111111, + 0x11000000, 0x11000010, 0x11000001, 0x11000011, + 0x11001000, 0x11001010, 0x11001001, 0x11001011, + 0x11000100, 0x11000110, 0x11000101, 0x11000111, + 0x11001100, 0x11001110, 0x11001101, 0x11001111, + 0x11100000, 0x11100010, 0x11100001, 0x11100011, + 0x11101000, 0x11101010, 0x11101001, 0x11101011, + 0x11100100, 0x11100110, 0x11100101, 0x11100111, + 0x11101100, 0x11101110, 0x11101101, 0x11101111, + 0x11010000, 0x11010010, 0x11010001, 0x11010011, + 0x11011000, 0x11011010, 0x11011001, 0x11011011, + 0x11010100, 0x11010110, 0x11010101, 0x11010111, + 0x11011100, 0x11011110, 0x11011101, 0x11011111, + 0x11110000, 0x11110010, 0x11110001, 0x11110011, + 0x11111000, 0x11111010, 0x11111001, 0x11111011, + 0x11110100, 0x11110110, 0x11110101, 0x11110111, + 0x11111100, 0x11111110, 0x11111101, 0x11111111 +}; + +/* + * The final permutation array. Like the IP array, used + * to compute both the left and right results from the nibbles + * of words computed from: + * + * ((left & 0x0f0f0f0f) << 4) | (right & 0x0f0f0f0f) for left result + * (left & 0xf0f0f0f0) | ((right & 0xf0f0f0f0) >> 4) for right result + * + * The result from the high order byte is shifted left 6 bits and + * or'd with the result from the next byte shifted left 4 bits, which + * is or'd with the result from the next byte shifted left 2 bits, + * which is or'd with the result from the low byte. + * + * There is one of these for big end machines (the natural order for + * DES) and a second for little end machines. One is a byte swapped + * version of the other. + */ +#ifndef XNTP_LITTLE_ENDIAN + /* + * Big end version + */ +static u_long FP[256] = { + 0x00000000, 0x02000000, 0x00020000, 0x02020000, + 0x00000200, 0x02000200, 0x00020200, 0x02020200, + 0x00000002, 0x02000002, 0x00020002, 0x02020002, + 0x00000202, 0x02000202, 0x00020202, 0x02020202, + 0x01000000, 0x03000000, 0x01020000, 0x03020000, + 0x01000200, 0x03000200, 0x01020200, 0x03020200, + 0x01000002, 0x03000002, 0x01020002, 0x03020002, + 0x01000202, 0x03000202, 0x01020202, 0x03020202, + 0x00010000, 0x02010000, 0x00030000, 0x02030000, + 0x00010200, 0x02010200, 0x00030200, 0x02030200, + 0x00010002, 0x02010002, 0x00030002, 0x02030002, + 0x00010202, 0x02010202, 0x00030202, 0x02030202, + 0x01010000, 0x03010000, 0x01030000, 0x03030000, + 0x01010200, 0x03010200, 0x01030200, 0x03030200, + 0x01010002, 0x03010002, 0x01030002, 0x03030002, + 0x01010202, 0x03010202, 0x01030202, 0x03030202, + 0x00000100, 0x02000100, 0x00020100, 0x02020100, + 0x00000300, 0x02000300, 0x00020300, 0x02020300, + 0x00000102, 0x02000102, 0x00020102, 0x02020102, + 0x00000302, 0x02000302, 0x00020302, 0x02020302, + 0x01000100, 0x03000100, 0x01020100, 0x03020100, + 0x01000300, 0x03000300, 0x01020300, 0x03020300, + 0x01000102, 0x03000102, 0x01020102, 0x03020102, + 0x01000302, 0x03000302, 0x01020302, 0x03020302, + 0x00010100, 0x02010100, 0x00030100, 0x02030100, + 0x00010300, 0x02010300, 0x00030300, 0x02030300, + 0x00010102, 0x02010102, 0x00030102, 0x02030102, + 0x00010302, 0x02010302, 0x00030302, 0x02030302, + 0x01010100, 0x03010100, 0x01030100, 0x03030100, + 0x01010300, 0x03010300, 0x01030300, 0x03030300, + 0x01010102, 0x03010102, 0x01030102, 0x03030102, + 0x01010302, 0x03010302, 0x01030302, 0x03030302, + 0x00000001, 0x02000001, 0x00020001, 0x02020001, + 0x00000201, 0x02000201, 0x00020201, 0x02020201, + 0x00000003, 0x02000003, 0x00020003, 0x02020003, + 0x00000203, 0x02000203, 0x00020203, 0x02020203, + 0x01000001, 0x03000001, 0x01020001, 0x03020001, + 0x01000201, 0x03000201, 0x01020201, 0x03020201, + 0x01000003, 0x03000003, 0x01020003, 0x03020003, + 0x01000203, 0x03000203, 0x01020203, 0x03020203, + 0x00010001, 0x02010001, 0x00030001, 0x02030001, + 0x00010201, 0x02010201, 0x00030201, 0x02030201, + 0x00010003, 0x02010003, 0x00030003, 0x02030003, + 0x00010203, 0x02010203, 0x00030203, 0x02030203, + 0x01010001, 0x03010001, 0x01030001, 0x03030001, + 0x01010201, 0x03010201, 0x01030201, 0x03030201, + 0x01010003, 0x03010003, 0x01030003, 0x03030003, + 0x01010203, 0x03010203, 0x01030203, 0x03030203, + 0x00000101, 0x02000101, 0x00020101, 0x02020101, + 0x00000301, 0x02000301, 0x00020301, 0x02020301, + 0x00000103, 0x02000103, 0x00020103, 0x02020103, + 0x00000303, 0x02000303, 0x00020303, 0x02020303, + 0x01000101, 0x03000101, 0x01020101, 0x03020101, + 0x01000301, 0x03000301, 0x01020301, 0x03020301, + 0x01000103, 0x03000103, 0x01020103, 0x03020103, + 0x01000303, 0x03000303, 0x01020303, 0x03020303, + 0x00010101, 0x02010101, 0x00030101, 0x02030101, + 0x00010301, 0x02010301, 0x00030301, 0x02030301, + 0x00010103, 0x02010103, 0x00030103, 0x02030103, + 0x00010303, 0x02010303, 0x00030303, 0x02030303, + 0x01010101, 0x03010101, 0x01030101, 0x03030101, + 0x01010301, 0x03010301, 0x01030301, 0x03030301, + 0x01010103, 0x03010103, 0x01030103, 0x03030103, + 0x01010303, 0x03010303, 0x01030303, 0x03030303 +}; +#else + /* + * Byte swapped for little end machines. + */ +static u_long FP[256] = { + 0x00000000, 0x00000002, 0x00000200, 0x00000202, + 0x00020000, 0x00020002, 0x00020200, 0x00020202, + 0x02000000, 0x02000002, 0x02000200, 0x02000202, + 0x02020000, 0x02020002, 0x02020200, 0x02020202, + 0x00000001, 0x00000003, 0x00000201, 0x00000203, + 0x00020001, 0x00020003, 0x00020201, 0x00020203, + 0x02000001, 0x02000003, 0x02000201, 0x02000203, + 0x02020001, 0x02020003, 0x02020201, 0x02020203, + 0x00000100, 0x00000102, 0x00000300, 0x00000302, + 0x00020100, 0x00020102, 0x00020300, 0x00020302, + 0x02000100, 0x02000102, 0x02000300, 0x02000302, + 0x02020100, 0x02020102, 0x02020300, 0x02020302, + 0x00000101, 0x00000103, 0x00000301, 0x00000303, + 0x00020101, 0x00020103, 0x00020301, 0x00020303, + 0x02000101, 0x02000103, 0x02000301, 0x02000303, + 0x02020101, 0x02020103, 0x02020301, 0x02020303, + 0x00010000, 0x00010002, 0x00010200, 0x00010202, + 0x00030000, 0x00030002, 0x00030200, 0x00030202, + 0x02010000, 0x02010002, 0x02010200, 0x02010202, + 0x02030000, 0x02030002, 0x02030200, 0x02030202, + 0x00010001, 0x00010003, 0x00010201, 0x00010203, + 0x00030001, 0x00030003, 0x00030201, 0x00030203, + 0x02010001, 0x02010003, 0x02010201, 0x02010203, + 0x02030001, 0x02030003, 0x02030201, 0x02030203, + 0x00010100, 0x00010102, 0x00010300, 0x00010302, + 0x00030100, 0x00030102, 0x00030300, 0x00030302, + 0x02010100, 0x02010102, 0x02010300, 0x02010302, + 0x02030100, 0x02030102, 0x02030300, 0x02030302, + 0x00010101, 0x00010103, 0x00010301, 0x00010303, + 0x00030101, 0x00030103, 0x00030301, 0x00030303, + 0x02010101, 0x02010103, 0x02010301, 0x02010303, + 0x02030101, 0x02030103, 0x02030301, 0x02030303, + 0x01000000, 0x01000002, 0x01000200, 0x01000202, + 0x01020000, 0x01020002, 0x01020200, 0x01020202, + 0x03000000, 0x03000002, 0x03000200, 0x03000202, + 0x03020000, 0x03020002, 0x03020200, 0x03020202, + 0x01000001, 0x01000003, 0x01000201, 0x01000203, + 0x01020001, 0x01020003, 0x01020201, 0x01020203, + 0x03000001, 0x03000003, 0x03000201, 0x03000203, + 0x03020001, 0x03020003, 0x03020201, 0x03020203, + 0x01000100, 0x01000102, 0x01000300, 0x01000302, + 0x01020100, 0x01020102, 0x01020300, 0x01020302, + 0x03000100, 0x03000102, 0x03000300, 0x03000302, + 0x03020100, 0x03020102, 0x03020300, 0x03020302, + 0x01000101, 0x01000103, 0x01000301, 0x01000303, + 0x01020101, 0x01020103, 0x01020301, 0x01020303, + 0x03000101, 0x03000103, 0x03000301, 0x03000303, + 0x03020101, 0x03020103, 0x03020301, 0x03020303, + 0x01010000, 0x01010002, 0x01010200, 0x01010202, + 0x01030000, 0x01030002, 0x01030200, 0x01030202, + 0x03010000, 0x03010002, 0x03010200, 0x03010202, + 0x03030000, 0x03030002, 0x03030200, 0x03030202, + 0x01010001, 0x01010003, 0x01010201, 0x01010203, + 0x01030001, 0x01030003, 0x01030201, 0x01030203, + 0x03010001, 0x03010003, 0x03010201, 0x03010203, + 0x03030001, 0x03030003, 0x03030201, 0x03030203, + 0x01010100, 0x01010102, 0x01010300, 0x01010302, + 0x01030100, 0x01030102, 0x01030300, 0x01030302, + 0x03010100, 0x03010102, 0x03010300, 0x03010302, + 0x03030100, 0x03030102, 0x03030300, 0x03030302, + 0x01010101, 0x01010103, 0x01010301, 0x01010303, + 0x01030101, 0x01030103, 0x01030301, 0x01030303, + 0x03010101, 0x03010103, 0x03010301, 0x03010303, + 0x03030101, 0x03030103, 0x03030301, 0x03030303 +}; +#endif + + +/* + * The SP table is actually the S boxes and the P permutation + * table combined. + */ +static u_long SP[8][64] = { + 0x00808200, 0x00000000, 0x00008000, 0x00808202, + 0x00808002, 0x00008202, 0x00000002, 0x00008000, + 0x00000200, 0x00808200, 0x00808202, 0x00000200, + 0x00800202, 0x00808002, 0x00800000, 0x00000002, + 0x00000202, 0x00800200, 0x00800200, 0x00008200, + 0x00008200, 0x00808000, 0x00808000, 0x00800202, + 0x00008002, 0x00800002, 0x00800002, 0x00008002, + 0x00000000, 0x00000202, 0x00008202, 0x00800000, + 0x00008000, 0x00808202, 0x00000002, 0x00808000, + 0x00808200, 0x00800000, 0x00800000, 0x00000200, + 0x00808002, 0x00008000, 0x00008200, 0x00800002, + 0x00000200, 0x00000002, 0x00800202, 0x00008202, + 0x00808202, 0x00008002, 0x00808000, 0x00800202, + 0x00800002, 0x00000202, 0x00008202, 0x00808200, + 0x00000202, 0x00800200, 0x00800200, 0x00000000, + 0x00008002, 0x00008200, 0x00000000, 0x00808002, + + 0x40084010, 0x40004000, 0x00004000, 0x00084010, + 0x00080000, 0x00000010, 0x40080010, 0x40004010, + 0x40000010, 0x40084010, 0x40084000, 0x40000000, + 0x40004000, 0x00080000, 0x00000010, 0x40080010, + 0x00084000, 0x00080010, 0x40004010, 0x00000000, + 0x40000000, 0x00004000, 0x00084010, 0x40080000, + 0x00080010, 0x40000010, 0x00000000, 0x00084000, + 0x00004010, 0x40084000, 0x40080000, 0x00004010, + 0x00000000, 0x00084010, 0x40080010, 0x00080000, + 0x40004010, 0x40080000, 0x40084000, 0x00004000, + 0x40080000, 0x40004000, 0x00000010, 0x40084010, + 0x00084010, 0x00000010, 0x00004000, 0x40000000, + 0x00004010, 0x40084000, 0x00080000, 0x40000010, + 0x00080010, 0x40004010, 0x40000010, 0x00080010, + 0x00084000, 0x00000000, 0x40004000, 0x00004010, + 0x40000000, 0x40080010, 0x40084010, 0x00084000, + + 0x00000104, 0x04010100, 0x00000000, 0x04010004, + 0x04000100, 0x00000000, 0x00010104, 0x04000100, + 0x00010004, 0x04000004, 0x04000004, 0x00010000, + 0x04010104, 0x00010004, 0x04010000, 0x00000104, + 0x04000000, 0x00000004, 0x04010100, 0x00000100, + 0x00010100, 0x04010000, 0x04010004, 0x00010104, + 0x04000104, 0x00010100, 0x00010000, 0x04000104, + 0x00000004, 0x04010104, 0x00000100, 0x04000000, + 0x04010100, 0x04000000, 0x00010004, 0x00000104, + 0x00010000, 0x04010100, 0x04000100, 0x00000000, + 0x00000100, 0x00010004, 0x04010104, 0x04000100, + 0x04000004, 0x00000100, 0x00000000, 0x04010004, + 0x04000104, 0x00010000, 0x04000000, 0x04010104, + 0x00000004, 0x00010104, 0x00010100, 0x04000004, + 0x04010000, 0x04000104, 0x00000104, 0x04010000, + 0x00010104, 0x00000004, 0x04010004, 0x00010100, + + 0x80401000, 0x80001040, 0x80001040, 0x00000040, + 0x00401040, 0x80400040, 0x80400000, 0x80001000, + 0x00000000, 0x00401000, 0x00401000, 0x80401040, + 0x80000040, 0x00000000, 0x00400040, 0x80400000, + 0x80000000, 0x00001000, 0x00400000, 0x80401000, + 0x00000040, 0x00400000, 0x80001000, 0x00001040, + 0x80400040, 0x80000000, 0x00001040, 0x00400040, + 0x00001000, 0x00401040, 0x80401040, 0x80000040, + 0x00400040, 0x80400000, 0x00401000, 0x80401040, + 0x80000040, 0x00000000, 0x00000000, 0x00401000, + 0x00001040, 0x00400040, 0x80400040, 0x80000000, + 0x80401000, 0x80001040, 0x80001040, 0x00000040, + 0x80401040, 0x80000040, 0x80000000, 0x00001000, + 0x80400000, 0x80001000, 0x00401040, 0x80400040, + 0x80001000, 0x00001040, 0x00400000, 0x80401000, + 0x00000040, 0x00400000, 0x00001000, 0x00401040, + + 0x00000080, 0x01040080, 0x01040000, 0x21000080, + 0x00040000, 0x00000080, 0x20000000, 0x01040000, + 0x20040080, 0x00040000, 0x01000080, 0x20040080, + 0x21000080, 0x21040000, 0x00040080, 0x20000000, + 0x01000000, 0x20040000, 0x20040000, 0x00000000, + 0x20000080, 0x21040080, 0x21040080, 0x01000080, + 0x21040000, 0x20000080, 0x00000000, 0x21000000, + 0x01040080, 0x01000000, 0x21000000, 0x00040080, + 0x00040000, 0x21000080, 0x00000080, 0x01000000, + 0x20000000, 0x01040000, 0x21000080, 0x20040080, + 0x01000080, 0x20000000, 0x21040000, 0x01040080, + 0x20040080, 0x00000080, 0x01000000, 0x21040000, + 0x21040080, 0x00040080, 0x21000000, 0x21040080, + 0x01040000, 0x00000000, 0x20040000, 0x21000000, + 0x00040080, 0x01000080, 0x20000080, 0x00040000, + 0x00000000, 0x20040000, 0x01040080, 0x20000080, + + 0x10000008, 0x10200000, 0x00002000, 0x10202008, + 0x10200000, 0x00000008, 0x10202008, 0x00200000, + 0x10002000, 0x00202008, 0x00200000, 0x10000008, + 0x00200008, 0x10002000, 0x10000000, 0x00002008, + 0x00000000, 0x00200008, 0x10002008, 0x00002000, + 0x00202000, 0x10002008, 0x00000008, 0x10200008, + 0x10200008, 0x00000000, 0x00202008, 0x10202000, + 0x00002008, 0x00202000, 0x10202000, 0x10000000, + 0x10002000, 0x00000008, 0x10200008, 0x00202000, + 0x10202008, 0x00200000, 0x00002008, 0x10000008, + 0x00200000, 0x10002000, 0x10000000, 0x00002008, + 0x10000008, 0x10202008, 0x00202000, 0x10200000, + 0x00202008, 0x10202000, 0x00000000, 0x10200008, + 0x00000008, 0x00002000, 0x10200000, 0x00202008, + 0x00002000, 0x00200008, 0x10002008, 0x00000000, + 0x10202000, 0x10000000, 0x00200008, 0x10002008, + + 0x00100000, 0x02100001, 0x02000401, 0x00000000, + 0x00000400, 0x02000401, 0x00100401, 0x02100400, + 0x02100401, 0x00100000, 0x00000000, 0x02000001, + 0x00000001, 0x02000000, 0x02100001, 0x00000401, + 0x02000400, 0x00100401, 0x00100001, 0x02000400, + 0x02000001, 0x02100000, 0x02100400, 0x00100001, + 0x02100000, 0x00000400, 0x00000401, 0x02100401, + 0x00100400, 0x00000001, 0x02000000, 0x00100400, + 0x02000000, 0x00100400, 0x00100000, 0x02000401, + 0x02000401, 0x02100001, 0x02100001, 0x00000001, + 0x00100001, 0x02000000, 0x02000400, 0x00100000, + 0x02100400, 0x00000401, 0x00100401, 0x02100400, + 0x00000401, 0x02000001, 0x02100401, 0x02100000, + 0x00100400, 0x00000000, 0x00000001, 0x02100401, + 0x00000000, 0x00100401, 0x02100000, 0x00000400, + 0x02000001, 0x02000400, 0x00000400, 0x00100001, + + 0x08000820, 0x00000800, 0x00020000, 0x08020820, + 0x08000000, 0x08000820, 0x00000020, 0x08000000, + 0x00020020, 0x08020000, 0x08020820, 0x00020800, + 0x08020800, 0x00020820, 0x00000800, 0x00000020, + 0x08020000, 0x08000020, 0x08000800, 0x00000820, + 0x00020800, 0x00020020, 0x08020020, 0x08020800, + 0x00000820, 0x00000000, 0x00000000, 0x08020020, + 0x08000020, 0x08000800, 0x00020820, 0x00020000, + 0x00020820, 0x00020000, 0x08020800, 0x00000800, + 0x00000020, 0x08020020, 0x00000800, 0x00020820, + 0x08000800, 0x00000020, 0x08000020, 0x08020000, + 0x08020020, 0x08000000, 0x00020000, 0x08000820, + 0x00000000, 0x08020820, 0x00020020, 0x08000020, + 0x08020000, 0x08000800, 0x08000820, 0x00000000, + 0x08020820, 0x00020800, 0x00020800, 0x00000820, + 0x00000820, 0x00020020, 0x08000000, 0x08020800 +}; + + + +/* + * DESauth_des - perform an in place DES encryption on 64 bits + * + * Note that the `data' argument is always in big-end-first + * byte order, i.e. *(char *)data is the high order byte of + * the 8 byte data word. We modify the initial and final + * permutation computations for little-end-first machines to + * swap bytes into the natural host order at the beginning and + * back to big-end order at the end. This is unclean but avoids + * a byte swapping performance penalty on Vaxes (which are slow already). + */ +void +DESauth_des(data, subkeys) + u_long *data; + u_char *subkeys; +{ + register u_long left, right; + register u_long temp; + register u_char *kp; + register int i; + + /* + * Do the initial permutation. The first operation gets + * all the bits which are used to form the left half of the + * permutted result in one word, which is then used to + * index the appropriate table a byte at a time. + */ + temp = ((*data & 0x55555555) << 1) | (*(data+1) & 0x55555555); +#ifdef XNTP_LITTLE_ENDIAN + /* + * Modify the computation to use the opposite set of bytes. + */ + left = (IP[(temp >> 24) & 0xff] << 3) + | (IP[(temp >> 16) & 0xff] << 2) + | (IP[(temp >> 8) & 0xff] << 1) + | IP[temp & 0xff]; +#else + left = IP[(temp >> 24) & 0xff] + | (IP[(temp >> 16) & 0xff] << 1) + | (IP[(temp >> 8) & 0xff] << 2) + | (IP[temp & 0xff] << 3); +#endif + + /* + * Same thing again except for the right half. + */ + temp = (*data & 0xaaaaaaaa) | ((*(data+1) & 0xaaaaaaaa) >> 1); +#ifdef XNTP_LITTLE_ENDIAN + right = (IP[(temp >> 24) & 0xff] << 3) + | (IP[(temp >> 16) & 0xff] << 2) + | (IP[(temp >> 8) & 0xff] << 1) + | IP[temp & 0xff]; +#else + right = IP[(temp >> 24) & 0xff] + | (IP[(temp >> 16) & 0xff] << 1) + | (IP[(temp >> 8) & 0xff] << 2) + | (IP[temp & 0xff] << 3); +#endif + + /* + * Do the 16 rounds through the cipher function. We actually + * do two at a time, one on the left half and one on the right + * half. + */ + kp = subkeys; + for (i = 0; i < 8; i++) { + /* + * The E expansion is easy to compute algorithmically. + * Take a look at its form and compare it to + * everything involving temp below. Note that + * since SP[0-7] don't have any bits in common set + * it is okay to do the successive xor's. + */ + temp = (right >> 1) | ((right & 1) ? 0x80000000 : 0); + left ^= SP[0][((temp >> 26) & 0x3f) ^ *kp++]; + left ^= SP[1][((temp >> 22) & 0x3f) ^ *kp++]; + left ^= SP[2][((temp >> 18) & 0x3f) ^ *kp++]; + left ^= SP[3][((temp >> 14) & 0x3f) ^ *kp++]; + left ^= SP[4][((temp >> 10) & 0x3f) ^ *kp++]; + left ^= SP[5][((temp >> 6) & 0x3f) ^ *kp++]; + left ^= SP[6][((temp >> 2) & 0x3f) ^ *kp++]; + left ^= SP[7][(((right << 1) | ((right & 0x80000000)?1:0)) + & 0x3f) ^ *kp++]; + + /* + * Careful here. Right now `right' is actually the + * left side and `left' is the right side. Do the + * same thing again, except swap `left' and `right' + */ + temp = (left >> 1) | ((left & 1) ? 0x80000000 : 0); + right ^= SP[0][((temp >> 26) & 0x3f) ^ *kp++]; + right ^= SP[1][((temp >> 22) & 0x3f) ^ *kp++]; + right ^= SP[2][((temp >> 18) & 0x3f) ^ *kp++]; + right ^= SP[3][((temp >> 14) & 0x3f) ^ *kp++]; + right ^= SP[4][((temp >> 10) & 0x3f) ^ *kp++]; + right ^= SP[5][((temp >> 6) & 0x3f) ^ *kp++]; + right ^= SP[6][((temp >> 2) & 0x3f) ^ *kp++]; + right ^= SP[7][(((left << 1) | ((left & 0x80000000)?1:0)) + & 0x3f) ^ *kp++]; + + /* + * By the time we get here, all is straightened out + * again. `left' is left and `right' is right. + */ + } + + /* + * Now the final permutation. Note this is like the IP above + * except that the data is computed from + * + * ((left & 0x0f0f0f0f) << 4) | (right & 0x0f0f0f0f) for left result + * (left & 0xf0f0f0f0) | ((right & 0xf0f0f0f0) >> 4) for right result + * + * Just to confuse things more, we're supposed to swap the right + * and the left halves before doing this. Instead, we'll just + * switch which goes where when computing the temporary. + * + * This operation also byte swaps stuff back into big end byte + * order. This is accomplished by modifying the FP table for + * little end machines, however, so we don't have to worry about + * it here. + */ + temp = ((right & 0x0f0f0f0f) << 4) | (left & 0x0f0f0f0f); + *data = (FP[(temp >> 24) & 0xff] << 6) + | (FP[(temp >> 16) & 0xff] << 4) + | (FP[(temp >> 8) & 0xff] << 2) + | FP[temp & 0xff]; + + temp = (right & 0xf0f0f0f0) | ((left & 0xf0f0f0f0) >> 4); + *(data+1) = (FP[(temp >> 24) & 0xff] << 6) + | (FP[(temp >> 16) & 0xff] << 4) + | (FP[(temp >> 8) & 0xff] << 2) + | FP[temp & 0xff]; +}; |