unstick r69784

Revision 69784

Date:
1995/05/30 20:13:29
Author:
dab
Revision Log:
Code cleanup, use mem*() instead of b*()

Files:

Legend:

 
Added
 
Removed
 
Modified
  • lib/libtelnet/auth.c

     
    6 6 */
    7 7
    8 8 #ifndef lint
    9 static char sccsid[] = "@(#)auth.c 8.2 (Berkeley) 02/16/95";
    9 static char sccsid[] = "@(#)auth.c 8.3 (Berkeley) 05/30/95";
    10 10 #endif /* not lint */
    11 11
    12 12 /*
     
    260 260 Authenticator *ap;
    261 261
    262 262 if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
    263 printf("auth %s 'type'\n", on ? "enable" : "disable");
    263 printf("auth %s 'type'\n", on ? "enable" : "disable");
    264 264 printf("Where 'type' is one of:\n");
    265 265 printf("\t%s\n", AUTHTYPE_NAME(0));
    266 266 mask = 0;
     
    393 393 auth_send_cnt = cnt > sizeof(_auth_send_data)
    394 394 ? sizeof(_auth_send_data)
    395 395 : cnt;
    396 bcopy((void *)data, (void *)_auth_send_data, auth_send_cnt);
    396 memmove((void *)_auth_send_data, (void *)data, auth_send_cnt);
    397 397 auth_send_data = _auth_send_data;
    398 398 } else {
    399 399 /*
     
    444 444 * We requested strong authentication, however no mechanisms worked.
    445 445 * Therefore, exit on client end.
    446 446 */
    447 printf("Unable to securely authenticate user ... exit\n");
    447 printf("Unable to securely authenticate user ... exit\n");
    448 448 exit(0);
    449 449 #endif /* KANNAN */
    450 450 }
     
    519 519 Name, cnt, sizeof(savename)-1);
    520 520 return;
    521 521 }
    522 bcopy((void *)data, (void *)savename, cnt);
    522 memmove((void *)savename, (void *)data, cnt);
    523 523 savename[cnt] = '\0'; /* Null terminate */
    524 524 if (auth_debug_mode)
    525 525 printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
  • lib/libtelnet/enc_des.c

     
    6 6 */
    7 7
    8 8 #ifndef lint
    9 static char sccsid[] = "@(#)enc_des.c 8.2 (Berkeley) 12/15/93";
    9 static char sccsid[] = "@(#)enc_des.c 8.3 (Berkeley) 05/30/95";
    10 10 #endif /* not lint */
    11 11
    12 12 #ifdef ENCRYPTION
     
    117 117 fb64_init(fbp)
    118 118 register struct fb *fbp;
    119 119 {
    120 bzero((void *)fbp, sizeof(*fbp));
    120 memset((void *)fbp, 0, sizeof(*fbp));
    121 121 fbp->state[0] = fbp->state[1] = FAILED;
    122 122 fbp->fb_feed[0] = IAC;
    123 123 fbp->fb_feed[1] = SB;
     
    348 348 break;
    349 349
    350 350 case FB64_IV_BAD:
    351 bzero(fbp->temp_feed, sizeof(Block));
    351 memset(fbp->temp_feed, 0, sizeof(Block));
    352 352 fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
    353 353 state = FAILED;
    354 354 break;
     
    396 396 key ? key->type : -1, SK_DES);
    397 397 return;
    398 398 }
    399 bcopy((void *)key->data, (void *)fbp->krbdes_key, sizeof(Block));
    399 memmove((void *)fbp->krbdes_key, (void *)key->data, sizeof(Block));
    400 400
    401 401 fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
    402 402 fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
     
    523 523 register struct stinfo *stp;
    524 524 {
    525 525
    526 bcopy((void *)seed, (void *)stp->str_iv, sizeof(Block));
    527 bcopy((void *)seed, (void *)stp->str_output, sizeof(Block));
    526 memmove((void *)stp->str_iv, (void *)seed, sizeof(Block));
    527 memmove((void *)stp->str_output, (void *)seed, sizeof(Block));
    528 528
    529 529 des_key_sched(stp->str_ikey, stp->str_sched);
    530 530
     
    536 536 Block key;
    537 537 register struct stinfo *stp;
    538 538 {
    539 bcopy((void *)key, (void *)stp->str_ikey, sizeof(Block));
    539 memmove((void *)stp->str_ikey, (void *)key, sizeof(Block));
    540 540 des_key_sched(key, stp->str_sched);
    541 541
    542 bcopy((void *)stp->str_iv, (void *)stp->str_output, sizeof(Block));
    542 memmove((void *)stp->str_output, (void *)stp->str_iv, sizeof(Block));
    543 543
    544 544 stp->str_index = sizeof(Block);
    545 545 }
     
    554 554 * INPUT --(--------->(+)+---> DATA
    555 555 * | |
    556 556 * +-------------+
    557 *
    558 557 *
    558 *
    559 559 * Given:
    560 560 * iV: Initial vector, 64 bits (8 bytes) long.
    561 561 * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
     
    579 579 if (index == sizeof(Block)) {
    580 580 Block b;
    581 581 des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
    582 bcopy((void *)b, (void *)stp->str_feed, sizeof(Block));
    582 memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
    583 583 index = 0;
    584 584 }
    585 585
     
    613 613 if (index == sizeof(Block)) {
    614 614 Block b;
    615 615 des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
    616 bcopy((void *)b, (void *)stp->str_feed, sizeof(Block));
    616 memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
    617 617 stp->str_index = 1; /* Next time will be 1 */
    618 index = 0; /* But now use 0 */
    618 index = 0; /* But now use 0 */
    619 619 }
    620 620
    621 621 /* On decryption we store (data) which is cypher. */
     
    655 655 if (index == sizeof(Block)) {
    656 656 Block b;
    657 657 des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
    658 bcopy((void *)b, (void *)stp->str_feed, sizeof(Block));
    658 memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
    659 659 index = 0;
    660 660 }
    661 661 *s++ ^= stp->str_feed[index];
     
    686 686 if (index == sizeof(Block)) {
    687 687 Block b;
    688 688 des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
    689 bcopy((void *)b, (void *)stp->str_feed, sizeof(Block));
    689 memmove((void *)stp->str_feed, (void *)b, sizeof(Block));
    690 690 stp->str_index = 1; /* Next time will be 1 */
    691 index = 0; /* But now use 0 */
    691 index = 0; /* But now use 0 */
    692 692 }
    693 693
    694 694 return(data ^ stp->str_feed[index]);
  • lib/libtelnet/encrypt.c

     
    6 6 */
    7 7
    8 8 #ifndef lint
    9 static char sccsid[] = "@(#)encrypt.c 8.1 (Berkeley) 06/04/93";
    9 static char sccsid[] = "@(#)encrypt.c 8.2 (Berkeley) 05/30/95";
    10 10 #endif /* not lint */
    11 11
    12 12 /*
     
    80 80 static Encryptions encryptions[] = {
    81 81 #ifdef DES_ENCRYPTION
    82 82 { "DES_CFB64", ENCTYPE_DES_CFB64,
    83 cfb64_encrypt,
    83 cfb64_encrypt,
    84 84 cfb64_decrypt,
    85 85 cfb64_init,
    86 86 cfb64_start,
     
    90 90 cfb64_keyid,
    91 91 cfb64_printsub },
    92 92 { "DES_OFB64", ENCTYPE_DES_OFB64,
    93 ofb64_encrypt,
    93 ofb64_encrypt,
    94 94 ofb64_decrypt,
    95 95 ofb64_init,
    96 96 ofb64_start,
     
    682 682 * Called when ENCRYPT REQUEST-START is received. If we receive
    683 683 * this before a type is picked, then that indicates that the
    684 684 * other side wants us to start encrypting data as soon as we
    685 * can.
    685 * can.
    686 686 */
    687 687 void
    688 688 encrypt_request_start(data, cnt)
     
    737 737 if (ep->keyid)
    738 738 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
    739 739
    740 } else if ((len != kp->keylen) || (bcmp(keyid, kp->keyid, len) != 0)) {
    740 } else if ((len != kp->keylen) ||
    741 (memcmp(keyid, kp->keyid, len) != 0)) {
    741 742 /*
    742 743 * Length or contents are different
    743 744 */
    744 745 kp->keylen = len;
    745 bcopy(keyid, kp->keyid, len);
    746 memmove(kp->keyid, keyid, len);
    746 747 if (ep->keyid)
    747 748 (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
    748 749 } else {
     
    769 770 ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID;
    770 771 if (saveit) {
    771 772 struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1];
    772 bcopy(keyid, kp->keyid, keylen);
    773 memmove(kp->keyid, keyid, keylen);
    773 774 kp->keylen = keylen;
    774 775 }
    775 776
     
    825 826 i = (*ep->start)(DIR_ENCRYPT, Server);
    826 827 if (encrypt_debug_mode) {
    827 828 printf(">>>%s: Encrypt start: %s (%d) %s\r\n",
    828 Name,
    829 Name,
    829 830 (i < 0) ? "failed" :
    830 831 "initial negotiation in progress",
    831 832 i, ENCTYPE_NAME(type));
  • lib/libtelnet/forward.c

     
    17 17 */
    18 18
    19 19 #ifndef lint
    20 static char sccsid[] = "@(#)forward.c 8.1 (Berkeley) 03/24/95";
    20 static char sccsid[] = "@(#)forward.c 8.2 (Berkeley) 05/30/95";
    21 21 #endif /* not lint */
    22 22
    23 23
    24 24 /* General-purpose forwarding routines. These routines may be put into */
    25 /* libkrb5.a to allow widespread use */
    25 /* libkrb5.a to allow widespread use */
    26 26
    27 27 #if defined(KRB5) && defined(FORWARD)
    28 28 #include <stdio.h>
     
    91 91 addrs = (krb5_address **) malloc ((i+1)*sizeof(*addrs));
    92 92 if (!addrs)
    93 93 return ENOMEM;
    94
    94
    95 95 for(i=0; hp->h_addr_list[i]; i++) {
    96 96 addrs[i] = (krb5_address *) malloc(sizeof(krb5_address));
    97 97 if (addrs[i]) {
     
    103 103 return ENOMEM;
    104 104 }
    105 105 else
    106 memcpy ((char *)addrs[i]->contents, hp->h_addr_list[i],
    106 memmove ((char *)addrs[i]->contents, hp->h_addr_list[i],
    107 107 addrs[i]->length);
    108 108 }
    109 109 else {
     
    115 115 memset((char *)&creds, 0, sizeof(creds));
    116 116 if (retval = krb5_copy_principal(client, &creds.client))
    117 117 return retval;
    118
    118
    119 119 if (retval = krb5_build_principal_ext(&creds.server,
    120 120 strlen(hrealms[0]),
    121 121 hrealms[0],
     
    125 125 client->realm.data,
    126 126 0))
    127 127 return retval;
    128
    128
    129 129 creds.times.starttime = 0;
    130 130 if (retval = krb5_timeofday(&now)) {
    131 131 return retval;
    132 132 }
    133 133 creds.times.endtime = now + KRB5_DEFAULT_LIFE;
    134 134 creds.times.renew_till = 0;
    135
    135
    136 136 if (retval = krb5_cc_default(&cc)) {
    137 137 return retval;
    138 138 }
     
    193 193 &tgt.keyblock,
    194 194 etype, /* enctype */
    195 195 &dec_rep);
    196
    196
    197 197 cleanup();
    198 198 if (retval)
    199 199 return retval;
     
    208 208 cleanup();
    209 209 return retval;
    210 210 }
    211
    211
    212 212 /* now it's decrypted and ready for prime time */
    213 213
    214 214 if (!krb5_principal_compare(dec_rep->client, tgt.client)) {
     
    216 216 return KRB5_KDCREP_MODIFIED;
    217 217 }
    218 218
    219 if (retval = mk_cred(dec_rep,
    220 etype,
    219 if (retval = mk_cred(dec_rep,
    220 etype,
    221 221 enc_key,
    222 222 0,
    223 0,
    223 0,
    224 224 outbuf))
    225 225 return retval;
    226 226
     
    257 257 ret_cred.tickets[0] = dec_rep->ticket;
    258 258 ret_cred.tickets[1] = 0;
    259 259
    260 ret_cred.enc_part.etype = etype;
    260 ret_cred.enc_part.etype = etype;
    261 261 ret_cred.enc_part.kvno = 0;
    262 262
    263 cred_enc_part.ticket_info = (krb5_cred_info **)
    263 cred_enc_part.ticket_info = (krb5_cred_info **)
    264 264 calloc(2, sizeof(*cred_enc_part.ticket_info));
    265 265 if (!cred_enc_part.ticket_info) {
    266 266 krb5_free_tickets(ret_cred.tickets);
    267 267 return ENOMEM;
    268 268 }
    269 cred_enc_part.ticket_info[0] = (krb5_cred_info *)
    269 cred_enc_part.ticket_info[0] = (krb5_cred_info *)
    270 270 malloc(sizeof(*cred_enc_part.ticket_info[0]));
    271 271 if (!cred_enc_part.ticket_info[0]) {
    272 272 krb5_free_tickets(ret_cred.tickets);
     
    314 314 ret_cred.enc_part.ciphertext.length - scratch->length);
    315 315 if (!(ret_cred.enc_part.ciphertext.data =
    316 316 malloc(ret_cred.enc_part.ciphertext.length))) {
    317 retval = ENOMEM;
    318 goto clean_scratch;
    317 retval = ENOMEM;
    318 goto clean_scratch;
    319 319 }
    320 320
    321 321 #define cleanup_encpart() {\
     
    327 327
    328 328 /* do any necessary key pre-processing */
    329 329 if (retval = krb5_process_key(&eblock, key)) {
    330 goto clean_encpart;
    330 goto clean_encpart;
    331 331 }
    332 332
    333 333 #define cleanup_prockey() {(void) krb5_finish_key(&eblock);}
     
    335 335 /* call the encryption routine */
    336 336 if (retval = krb5_encrypt((krb5_pointer) scratch->data,
    337 337 (krb5_pointer)
    338 ret_cred.enc_part.ciphertext.data,
    338 ret_cred.enc_part.ciphertext.data,
    339 339 scratch->length, &eblock,
    340 340 0)) {
    341 goto clean_prockey;
    341 goto clean_prockey;
    342 342 }
    343
    343
    344 344 /* private message is now assembled-- do some cleanup */
    345 345 cleanup_scratch();
    346 346
    347 347 if (retval = krb5_finish_key(&eblock)) {
    348 cleanup_encpart();
    349 return retval;
    348 cleanup_encpart();
    349 return retval;
    350 350 }
    351 351 /* encode private message */
    352 352 if (retval = encode_krb5_cred(&ret_cred, &scratch)) {
    353 cleanup_encpart();
    353 cleanup_encpart();
    354 354 return retval;
    355 355 }
    356 356
     
    389 389 krb5_ccache ccache = NULL;
    390 390 struct passwd *pwd;
    391 391
    392 if (retval = rd_cred(inbuf, ticket->enc_part2->session,
    392 if (retval = rd_cred(inbuf, ticket->enc_part2->session,
    393 393 &creds, 0, 0)) {
    394 394 return(retval);
    395 395 }
    396
    396
    397 397 if (!(pwd = (struct passwd *) getpwnam(lusername))) {
    398 398 return -1;
    399 399 }
     
    422 422
    423 423
    424 424
    425 extern krb5_deltat krb5_clockskew;
    425 extern krb5_deltat krb5_clockskew;
    426 426 #define in_clock_skew(date) (abs((date)-currenttime) < krb5_clockskew)
    427 427
    428 428 /* Decode the KRB-CRED message, and return creds */
     
    430 430 rd_cred(inbuf, key, creds, sender_addr, recv_addr)
    431 431 const krb5_data *inbuf;
    432 432 const krb5_keyblock *key;
    433 krb5_creds *creds; /* Filled in */
    433 krb5_creds *creds; /* Filled in */
    434 434 const krb5_address *sender_addr; /* optional */
    435 const krb5_address *recv_addr; /* optional */
    435 const krb5_address *recv_addr; /* optional */
    436 436 {
    437 437 krb5_error_code retval;
    438 438 krb5_encrypt_block eblock;
     
    443 443
    444 444 if (!krb5_is_krb_cred(inbuf))
    445 445 return KRB5KRB_AP_ERR_MSG_TYPE;
    446
    446
    447 447 /* decode private message */
    448 448 if (retval = decode_krb5_cred(inbuf, &credmsg)) {
    449 449 return retval;
    450 450 }
    451
    451
    452 452 #define cleanup_credmsg() {(void)krb5_xfree(credmsg->enc_part.ciphertext.data); (void)krb5_xfree(credmsg);}
    453 453
    454 454 if (!(scratch = (krb5_data *) malloc(sizeof(*scratch)))) {
     
    469 469 krb5_xfree(creds->ticket.data);
    470 470 return ENOMEM;
    471 471 }
    472 memcpy((char *)creds->ticket.data, (char *) scratch->data, scratch->length);
    472 memmove((char *)creds->ticket.data, (char *) scratch->data, scratch->length);
    473 473
    474 474 cleanup_scratch();
    475 475
     
    482 482
    483 483 krb5_use_cstype(&eblock, credmsg->enc_part.etype);
    484 484 scratch->length = credmsg->enc_part.ciphertext.length;
    485
    485
    486 486 if (!(scratch->data = malloc(scratch->length))) {
    487 487 cleanup_credmsg();
    488 return ENOMEM;
    488 return ENOMEM;
    489 489 }
    490 490
    491 491 /* do any necessary key pre-processing */
    492 492 if (retval = krb5_process_key(&eblock, key)) {
    493 cleanup_credmsg();
    493 cleanup_credmsg();
    494 494 cleanup_scratch();
    495 495 return retval;
    496 496 }
    497
    497
    498 498 #define cleanup_prockey() {(void) krb5_finish_key(&eblock);}
    499
    499
    500 500 /* call the decryption routine */
    501 501 if (retval = krb5_decrypt((krb5_pointer) credmsg->enc_part.ciphertext.data,
    502 502 (krb5_pointer) scratch->data,
     
    504 504 0)) {
    505 505 cleanup_credmsg();
    506 506 cleanup_scratch();
    507 cleanup_prockey();
    507 cleanup_prockey();
    508 508 return retval;
    509 509 }
    510 510
     
    513 513 cleanup_credmsg();
    514 514
    515 515 if (retval = krb5_finish_key(&eblock)) {
    516 cleanup_scratch();
    517 return retval;
    516 cleanup_scratch();
    517 return retval;
    518 518 }
    519 519
    520 520 /* now decode the decrypted stuff */
     
    531 531 return retval;
    532 532 }
    533 533 if (!in_clock_skew(credmsg_enc_part->timestamp)) {
    534 cleanup_mesg();
    534 cleanup_mesg();
    535 535 return KRB5KRB_AP_ERR_SKEW;
    536 536 }
    537 537
    538 538 if (sender_addr && credmsg_enc_part->s_address &&
    539 !krb5_address_compare(sender_addr,
    539 !krb5_address_compare(sender_addr,
    540 540 credmsg_enc_part->s_address)) {
    541 541 cleanup_mesg();
    542 542 return KRB5KRB_AP_ERR_BADADDR;
    543 543 }
    544 544 if (recv_addr && credmsg_enc_part->r_address &&
    545 !krb5_address_compare(recv_addr,
    545 !krb5_address_compare(recv_addr,
    546 546 credmsg_enc_part->r_address)) {
    547 547 cleanup_mesg();
    548 548 return KRB5KRB_AP_ERR_BADADDR;
    549 }
    549 }
    550 550
    551 551 if (credmsg_enc_part->r_address) {
    552 552 krb5_address **our_addrs;
    553
    553
    554 554 if (retval = krb5_os_localaddr(&our_addrs)) {
    555 555 cleanup_mesg();
    556 556 return retval;
    557 557 }
    558 if (!krb5_address_search(credmsg_enc_part->r_address,
    558 if (!krb5_address_search(credmsg_enc_part->r_address,
    559 559 our_addrs)) {
    560 560 krb5_free_addresses(our_addrs);
    561 561 cleanup_mesg();
     
    572 572 if (retval = krb5_copy_principal(credmsg_enc_part->ticket_info[0]->server,
    573 573 &creds->server)) {
    574 574 return(retval);
    575 }
    575 }
    576 576
    577 577 if (retval =
    578 krb5_copy_keyblock_contents(credmsg_enc_part->ticket_info[0]->session,
    578 krb5_copy_keyblock_contents(credmsg_enc_part->ticket_info[0]->session,
    579 579 &creds->keyblock)) {
    580 580 return(retval);
    581 581 }
  • lib/libtelnet/genget.c

     
    6 6 */
    7 7
    8 8 #ifndef lint
    9 static char sccsid[] = "@(#)genget.c 8.1 (Berkeley) 06/04/93";
    9 static char sccsid[] = "@(#)genget.c 8.2 (Berkeley) 05/30/95";
    10 10 #endif /* not lint */
    11 11
    12 12
     
    23 23 isprefix(s1, s2)
    24 24 register char *s1, *s2;
    25 25 {
    26 register int n = 0;
    27 char *os1;
    26 register int n = 0;
    27 char *os1;
    28 28 register char c1, c2;
    29 29
    30 if (*s1 == '\0')
    31 return(-1);
    32 os1 = s1;
    30 if (*s1 == '\0')
    31 return(-1);
    32 os1 = s1;
    33 33 c1 = *s1;
    34 34 c2 = *s2;
    35 while (LOWER(c1) == LOWER(c2)) {
    35 while (LOWER(c1) == LOWER(c2)) {
    36 36 if (c1 == '\0')
    37 37 break;
    38 c1 = *++s1;
    39 c2 = *++s2;
    40 }
    41 return(*s1 ? 0 : (*s2 ? (s1 - os1) : (os1 - s1)));
    38 c1 = *++s1;
    39 c2 = *++s2;
    40 }
    41 return(*s1 ? 0 : (*s2 ? (s1 - os1) : (os1 - s1)));
    42 42 }
    43 43
    44 44 static char *ambiguous; /* special return value for command routines */
  • lib/libtelnet/kerberos.c

     
    6 6 */
    7 7
    8 8 #ifndef lint
    9 static char sccsid[] = "@(#)kerberos.c 8.2 (Berkeley) 02/16/95";
    9 static char sccsid[] = "@(#)kerberos.c 8.3 (Berkeley) 05/30/95";
    10 10 #endif /* not lint */
    11 11
    12 12 /*
     
    33 33 #include <sys/types.h>
    34 34 #include <arpa/telnet.h>
    35 35 #include <stdio.h>
    36 #include <des.h> /* BSD wont include this in krb.h, so we do it here */
    36 #include <des.h> /* BSD wont include this in krb.h, so we do it here */
    37 37 #include <krb.h>
    38 38 #ifdef __STDC__
    39 39 #include <stdlib.h>
     
    87 87 void *d;
    88 88 int c;
    89 89 {
    90 unsigned char *p = str_data + 4;
    90 unsigned char *p = str_data + 4;
    91 91 unsigned char *cd = (unsigned char *)d;
    92 92
    93 93 if (c == -1)
    94 94 c = strlen((char *)cd);
    95 95
    96 if (auth_debug_mode) {
    97 printf("%s:%d: [%d] (%d)",
    98 str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
    99 str_data[3],
    100 type, c);
    101 printd(d, c);
    102 printf("\r\n");
    103 }
    96 if (auth_debug_mode) {
    97 printf("%s:%d: [%d] (%d)",
    98 str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
    99 str_data[3],
    100 type, c);
    101 printd(d, c);
    102 printf("\r\n");
    103 }
    104 104 *p++ = ap->type;
    105 105 *p++ = ap->way;
    106 106 *p++ = type;
    107 while (c-- > 0) {
    108 if ((*p++ = *cd++) == IAC)
    109 *p++ = IAC;
    110 }
    111 *p++ = IAC;
    112 *p++ = SE;
    107 while (c-- > 0) {
    108 if ((*p++ = *cd++) == IAC)
    109 *p++ = IAC;
    110 }
    111 *p++ = IAC;
    112 *p++ = SE;
    113 113 if (str_data[3] == TELQUAL_IS)
    114 114 printsub('>', &str_data[2], p - (&str_data[2]));
    115 return(net_write(str_data, p - str_data));
    115 return(net_write(str_data, p - str_data));
    116 116 }
    117 117
    118 118 int
     
    151 151 CREDENTIALS cred;
    152 152 int r;
    153 153
    154 printf("[ Trying KERBEROS4 ... ]\n");
    154 printf("[ Trying KERBEROS4 ... ]\n");
    155 155 if (!UserNameRequested) {
    156 156 if (auth_debug_mode) {
    157 157 printf("Kerberos V4: no user name supplied\r\n");
     
    159 159 return(0);
    160 160 }
    161 161
    162 bzero(instance, sizeof(instance));
    162 memset(instance, 0, sizeof(instance));
    163 163
    164 164 if (realm = krb_get_phost(RemoteHostName))
    165 165 strncpy(instance, realm, sizeof(instance));
     
    219 219 des_ecb_encrypt(challenge, challenge, sched, 1);
    220 220 }
    221 221 #endif /* ENCRYPTION */
    222
    222
    223 223 if (auth_debug_mode) {
    224 224 printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
    225 225 printd(auth.dat, auth.length);
     
    254 254 printf("No local realm\r\n");
    255 255 return;
    256 256 }
    257 bcopy((void *)data, (void *)auth.dat, auth.length = cnt);
    257 memmove((void *)auth.dat, (void *)data, auth.length = cnt);
    258 258 if (auth_debug_mode) {
    259 259 printf("Got %d bytes of authentication data\r\n", cnt);
    260 260 printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
     
    271 271 return;
    272 272 }
    273 273 #ifdef ENCRYPTION
    274 bcopy((void *)adat.session, (void *)session_key, sizeof(Block));
    274 memmove((void *)session_key, (void *)adat.session, sizeof(Block));
    275 275 #endif /* ENCRYPTION */
    276 276 krb_kntoln(&adat, name);
    277 277
     
    303 303 */
    304 304 des_init_random_number_generator(session_key);
    305 305 des_key_sched(session_key, sched);
    306 bcopy((void *)data, (void *)datablock, sizeof(Block));
    306 memmove((void *)datablock, (void *)data, sizeof(Block));
    307 307 /*
    308 308 * Take the received encrypted challenge, and encrypt
    309 309 * it again to get a unique session_key for the
  • lib/libtelnet/kerberos5.c

     
    20 20 */
    21 21
    22 22 #ifndef lint
    23 static char sccsid[] = "@(#)kerberos5.c 8.2 (Berkeley) 12/15/93";
    23 static char sccsid[] = "@(#)kerberos5.c 8.3 (Berkeley) 05/30/95";
    24 24 #endif /* not lint */
    25 25
    26 26 /*
     
    58 58
    59 59 /* kerberos 5 include files (ext-proto.h) will get an appropriate stdlib.h
    60 60 and string.h/strings.h */
    61
    61
    62 62 #include "encrypt.h"
    63 63 #include "auth.h"
    64 64 #include "misc.h"
     
    70 70
    71 71 /* These values need to be the same as those defined in telnet/main.c. */
    72 72 /* Either define them in both places, or put in some common header file. */
    73 #define OPTS_FORWARD_CREDS 0x00000002
    74 #define OPTS_FORWARDABLE_CREDS 0x00000001
    73 #define OPTS_FORWARD_CREDS 0x00000002
    74 #define OPTS_FORWARDABLE_CREDS 0x00000001
    75 75
    76 76 void kerberos5_forward();
    77 77
     
    113 113 Voidptr d;
    114 114 int c;
    115 115 {
    116 unsigned char *p = str_data + 4;
    116 unsigned char *p = str_data + 4;
    117 117 unsigned char *cd = (unsigned char *)d;
    118 118
    119 119 if (c == -1)
    120 120 c = strlen((char *)cd);
    121 121
    122 if (auth_debug_mode) {
    123 printf("%s:%d: [%d] (%d)",
    124 str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
    125 str_data[3],
    126 type, c);
    127 printd(d, c);
    128 printf("\r\n");
    129 }
    122 if (auth_debug_mode) {
    123 printf("%s:%d: [%d] (%d)",
    124 str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
    125 str_data[3],
    126 type, c);
    127 printd(d, c);
    128 printf("\r\n");
    129 }
    130 130 *p++ = ap->type;
    131 131 *p++ = ap->way;
    132 132 *p++ = type;
    133 while (c-- > 0) {
    134 if ((*p++ = *cd++) == IAC)
    135 *p++ = IAC;
    136 }
    137 *p++ = IAC;
    138 *p++ = SE;
    133 while (c-- > 0) {
    134 if ((*p++ = *cd++) == IAC)
    135 *p++ = IAC;
    136 }
    137 *p++ = IAC;
    138 *p++ = SE;
    139 139 if (str_data[3] == TELQUAL_IS)
    140 140 printsub('>', &str_data[2], p - &str_data[2]);
    141 return(net_write(str_data, p - str_data));
    141 return(net_write(str_data, p - str_data));
    142 142 }
    143 143
    144 144 int
     
    150 150 str_data[3] = TELQUAL_REPLY;
    151 151 else
    152 152 str_data[3] = TELQUAL_IS;
    153 krb5_init_ets();
    153 krb5_init_ets();
    154 154 return(1);
    155 155 }
    156 156
     
    177 177 ksum.checksum_type = CKSUMTYPE_CRC32;
    178 178 ksum.contents = sum;
    179 179 ksum.length = sizeof(sum);
    180 bzero((Voidptr )sum, sizeof(sum));
    181
    182 if (!UserNameRequested) {
    183 if (auth_debug_mode) {
    184 printf("Kerberos V5: no user name supplied\r\n");
    185 }
    186 return(0);
    187 }
    180 memset((Voidptr )sum, 0, sizeof(sum));
    188 181
    182 if (!UserNameRequested) {
    183 if (auth_debug_mode) {
    184 printf("Kerberos V5: no user name supplied\r\n");
    185 }
    186 return(0);
    187 }
    188
    189 189 if (r = krb5_cc_default(&ccache)) {
    190 190 if (auth_debug_mode) {
    191 191 printf("Kerberos V5: could not get default ccache\r\n");
     
    228 228 krb5_free_host_realm(realms);
    229 229 return(0);
    230 230 }
    231
    232 231
    233 bzero((char *)&creds, sizeof(creds));
    232
    233 memset((char *)&creds, 0, sizeof(creds));
    234 234 creds.server = server;
    235 235
    236 236 if (r = krb5_cc_get_principal(ccache, &creds.client)) {
     
    258 258 ap_opts = AP_OPTS_MUTUAL_REQUIRED;
    259 259 else
    260 260 ap_opts = 0;
    261
    261
    262 262 r = krb5_mk_req_extended(ap_opts, &ksum, krb5_kdc_default_options, 0,
    263 263 #ifdef ENCRYPTION
    264 264 &newkey,
     
    279 279 if (newkey->keytype != KEYTYPE_DES) {
    280 280 if (creds.keyblock.keytype == KEYTYPE_DES)
    281 281 /* use the session key in credentials instead */
    282 memcpy((char *)session_key,
    282 memmove((char *)session_key,
    283 283 (char *)creds.keyblock.contents, sizeof(Block));
    284 284 else
    285 285 /* XXX ? */;
    286 286 } else {
    287 memcpy((char *)session_key, (char *)newkey->contents,
    287 memmove((char *)session_key, (char *)newkey->contents,
    288 288 sizeof(Block));
    289 289 }
    290 290 krb5_free_keyblock(newkey);
     
    298 298 return(0);
    299 299 }
    300 300
    301 if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
    302 if (auth_debug_mode)
    303 printf("Not enough room for user name\r\n");
    304 return(0);
    305 }
    301 if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
    302 if (auth_debug_mode)
    303 printf("Not enough room for user name\r\n");
    304 return(0);
    305 }
    306 306 if (!Data(ap, KRB_AUTH, auth.data, auth.length)) {
    307 307 if (auth_debug_mode)
    308 308 printf("Not enough room for authentication data\r\n");
     
    377 377 if (authdat)
    378 378 krb5_free_tkt_authent(authdat);
    379 379
    380 r = krb5_build_principal_ext(&server,
    380 r = krb5_build_principal_ext(&server,
    381 381 strlen(realm), realm,
    382 382 4, "host",
    383 383 p2 - name, name,
     
    415 415 goto errout;
    416 416 }
    417 417 Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length);
    418 }
    418 }
    419 419 if (krb5_unparse_name(authdat->ticket->enc_part2 ->client,
    420 420 &name))
    421 421 name = 0;
     
    424 424 printf("Kerberos5 identifies him as ``%s''\r\n",
    425 425 name ? name : "");
    426 426 }
    427 auth_finished(ap, AUTH_USER);
    428
    427 auth_finished(ap, AUTH_USER);
    428
    429 429 free(name);
    430 430 if (authdat->authenticator->subkey &&
    431 431 authdat->authenticator->subkey->keytype == KEYTYPE_DES) {
    432 bcopy((Voidptr )authdat->authenticator->subkey->contents,
    433 (Voidptr )session_key, sizeof(Block));
    432 memmove((Voidptr )session_key,
    433 (Voidptr )authdat->authenticator->subkey->contents,
    434 sizeof(Block));
    434 435 } else if (authdat->ticket->enc_part2->session->keytype ==
    435 436 KEYTYPE_DES) {
    436 bcopy((Voidptr )authdat->ticket->enc_part2->session->contents,
    437 (Voidptr )session_key, sizeof(Block));
    437 memmove((Voidptr )session_key,
    438 (Voidptr )authdat->ticket->enc_part2->session->contents,
    439 sizeof(Block));
    438 440 } else
    439 441 break;
    440
    442
    441 443 #ifdef ENCRYPTION
    442 444 skey.type = SK_DES;
    443 445 skey.length = 8;
     
    449 451 case KRB_FORWARD:
    450 452 inbuf.data = (char *)data;
    451 453 inbuf.length = cnt;
    452 if (r = rd_and_store_for_creds(&inbuf, authdat->ticket,
    454 if (r = rd_and_store_for_creds(&inbuf, authdat->ticket,
    453 455 UserNameRequested)) {
    454 456 char errbuf[128];
    455
    457
    456 458 (void) strcpy(errbuf, "Read forwarded creds failed: ");
    457 459 (void) strcat(errbuf, error_message(r));
    458 460 Data(ap, KRB_FORWARD_REJECT, errbuf, -1);
    459 461 if (auth_debug_mode)
    460 462 printf("Could not read forwarded credentials\r\n");
    461 463 }
    462 else
    464 else
    463 465 Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
    464 466 if (auth_debug_mode)
    465 467 printf("Forwarded credentials obtained\r\n");
     
    479 481 unsigned char *data;
    480 482 int cnt;
    481 483 {
    482 Session_Key skey;
    484 Session_Key skey;
    483 485 static int mutual_complete = 0;
    484 486
    485 487 if (cnt-- < 1)
     
    623 625 goto common2;
    624 626
    625 627 #ifdef FORWARD
    626 case KRB_FORWARD: /* Forwarded credentials follow */
    628 case KRB_FORWARD: /* Forwarded credentials follow */
    627 629 strncpy((char *)buf, " FORWARD", buflen);
    628 630 goto common2;
    629 631
    630 case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */
    632 case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */
    631 633 strncpy((char *)buf, " FORWARD_ACCEPT", buflen);
    632 634 goto common2;
    633 635
    634 case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */
    636 case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */
    635 637 /* (reason might follow) */
    636 638 strncpy((char *)buf, " FORWARD_REJECT", buflen);
    637 639 goto common2;
     
    652 654 }
    653 655
    654 656 #ifdef FORWARD
    655 void
    657 void
    656 658 kerberos5_forward(ap)
    657 659 Authenticator *ap;
    658 660 {
     
    664 666 krb5_ccache ccache;
    665 667 int i;
    666 668
    667 if (!(local_creds = (krb5_creds *)
    669 if (!(local_creds = (krb5_creds *)
    668 670 calloc(1, sizeof(*local_creds)))) {
    669 if (auth_debug_mode)
    671 if (auth_debug_mode)
    670 672 printf("Kerberos V5: could not allocate memory for credentials\r\n");
    671 673 return;
    672 674 }
    673 675
    674 676 if (r = krb5_sname_to_principal(RemoteHostName, "host", 1,
    675 677 &local_creds->server)) {
    676 if (auth_debug_mode)
    678 if (auth_debug_mode)
    677 679 printf("Kerberos V5: could not build server name - %s\r\n",
    678 680 error_message(r));
    679 681 krb5_free_creds(local_creds);
     
    681 683 }
    682 684
    683 685 if (r = krb5_cc_default(&ccache)) {
    684 if (auth_debug_mode)
    686 if (auth_debug_mode)
    685 687 printf("Kerberos V5: could not get default ccache - %s\r\n",
    686 688 error_message(r));
    687 689 krb5_free_creds(local_creds);
     
    689 691 }
    690 692
    691 693 if (r = krb5_cc_get_principal(ccache, &local_creds->client)) {
    692 if (auth_debug_mode)
    694 if (auth_debug_mode)
    693 695 printf("Kerberos V5: could not get default principal - %s\r\n",
    694 696 error_message(r));
    695 697 krb5_free_creds(local_creds);
     
    698 700
    699 701 /* Get ticket from credentials cache */
    700 702 if (r = krb5_get_credentials(KRB5_GC_CACHED, ccache, local_creds)) {
    701 if (auth_debug_mode)
    703 if (auth_debug_mode)
    702 704 printf("Kerberos V5: could not obtain credentials - %s\r\n",
    703 705 error_message(r));
    704 706 krb5_free_creds(local_creds);
     
    712 714 &local_creds->keyblock,
    713 715 forward_flags & OPTS_FORWARDABLE_CREDS,
    714 716 &forw_creds)) {
    715 if (auth_debug_mode)
    717 if (auth_debug_mode)
    716 718 printf("Kerberos V5: error getting forwarded creds - %s\r\n",
    717 719 error_message(r));
    718 720 krb5_free_creds(local_creds);
    719 721 return;
    720 722 }
    721
    723
    722 724 /* Send forwarded credentials */
    723 725 if (!Data(ap, KRB_FORWARD, forw_creds.data, forw_creds.length)) {
    724 726 if (auth_debug_mode)
  • lib/libtelnet/krb4encpwd.c

     
    6 6 */
    7 7
    8 8 #ifndef lint
    9 static char sccsid[] = "@(#)krb4encpwd.c 8.2 (Berkeley) 02/16/95";
    9 static char sccsid[] = "@(#)krb4encpwd.c 8.3 (Berkeley) 05/30/95";
    10 10 #endif /* not lint */
    11 11
    12 12
     
    99 99 void *d;
    100 100 int c;
    101 101 {
    102 unsigned char *p = str_data + 4;
    102 unsigned char *p = str_data + 4;
    103 103 unsigned char *cd = (unsigned char *)d;
    104 104
    105 105 if (c == -1)
    106 106 c = strlen((char *)cd);
    107 107
    108 if (0) {
    109 printf("%s:%d: [%d] (%d)",
    110 str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
    111 str_data[3],
    112 type, c);
    113 printd(d, c);
    114 printf("\r\n");
    115 }
    108 if (0) {
    109 printf("%s:%d: [%d] (%d)",
    110 str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
    111 str_data[3],
    112 type, c);
    113 printd(d, c);
    114 printf("\r\n");
    115 }
    116 116 *p++ = ap->type;
    117 117 *p++ = ap->way;
    118 118 *p++ = type;
    119 while (c-- > 0) {
    120 if ((*p++ = *cd++) == IAC)
    121 *p++ = IAC;
    122 }
    123 *p++ = IAC;
    124 *p++ = SE;
    119 while (c-- > 0) {
    120 if ((*p++ = *cd++) == IAC)
    121 *p++ = IAC;
    122 }
    123 *p++ = IAC;
    124 *p++ = SE;
    125 125 if (str_data[3] == TELQUAL_IS)
    126 126 printsub('>', &str_data[2], p - (&str_data[2]));
    127 return(net_write(str_data, p - str_data));
    127 return(net_write(str_data, p - str_data));
    128 128 }
    129 129
    130 130 int
     
    132 132 Authenticator *ap;
    133 133 int server;
    134 134 {
    135 char hostname[80], *cp, *realm;
    135 char hostname[80], *cp, *realm;
    136 136 C_Block skey;
    137 137
    138 138 if (server) {
     
    141 141 str_data[3] = TELQUAL_IS;
    142 142 gethostname(hostname, sizeof(hostname));
    143 143 realm = krb_realmofhost(hostname);
    144 cp = index(hostname, '.');
    144 cp = strchr(hostname, '.');
    145 145 if (*cp != NULL) *cp = NULL;
    146 146 if (read_service_key(KRB_SERVICE_NAME, hostname, realm, 0,
    147 147 KEYFILE, (char *)skey)) {
     
    188 188 return;
    189 189 switch (*data++) {
    190 190 case KRB4_ENCPWD_AUTH:
    191 bcopy((void *)data, (void *)auth.dat, auth.length = cnt);
    191 memmove((void *)auth.dat, (void *)data, auth.length = cnt);
    192 192
    193 193 gethostname(lhostname, sizeof(lhostname));
    194 if ((cp = index(lhostname, '.')) != 0) *cp = '\0';
    194 if ((cp = strchr(lhostname, '.')) != 0) *cp = '\0';
    195 195
    196 196 if (r = krb_rd_encpwd_req(&auth, KRB_SERVICE_NAME, lhostname, 0, &adat, NULL, challenge, r_user, r_passwd)) {
    197 197 Data(ap, KRB4_ENCPWD_REJECT, (void *)"Auth failed", -1);
     
    208 208 return;
    209 209 }
    210 210
    211 bcopy((void *)adat.session, (void *)session_key, sizeof(Block));
    211 memmove((void *)session_key, (void *)adat.session, sizeof(Block));
    212 212 Data(ap, KRB4_ENCPWD_ACCEPT, (void *)0, 0);
    213 213 auth_finished(ap, AUTH_USER);
    214 214 break;
     
    218 218 * Take the received random challenge text and save
    219 219 * for future authentication.
    220 220 */
    221 bcopy((void *)data, (void *)challenge, sizeof(Block));
    221 memmove((void *)challenge, (void *)data, sizeof(Block));
    222 222 break;
    223 223
    224 224
     
    240 240 Data(ap, KRB4_ENCPWD_CHALLENGE, (void *)challenge, strlen(challenge));
    241 241 }
    242 242 break;
    243
    243
    244 244 default:
    245 245 Data(ap, KRB4_ENCPWD_REJECT, 0, 0);
    246 246 break;
     
    259 259 Block enckey;
    260 260 CREDENTIALS cred;
    261 261 int r;
    262 char randchal[REALM_SZ], instance[ANAME_SZ], *cp;
    263 char hostname[80], *realm;
    262 char randchal[REALM_SZ], instance[ANAME_SZ], *cp;
    263 char hostname[80], *realm;
    264 264
    265 265 if (cnt-- < 1)
    266 266 return;
     
    284 284
    285 285 gethostname(hostname, sizeof(hostname));
    286 286 realm = krb_realmofhost(hostname);
    287 bcopy((void *)data, (void *)challenge, cnt);
    288 bzero(user_passwd, sizeof(user_passwd));
    287 memmove((void *)challenge, (void *)data, cnt);
    288 memset(user_passwd, 0, sizeof(user_passwd));
    289 289 local_des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
    290 290 UserPassword = user_passwd;
    291 291 Challenge = challenge;
    292 292 strcpy(instance, RemoteHostName);
    293 if ((cp = index(instance, '.')) != 0) *cp = '\0';
    293 if ((cp = strchr(instance, '.')) != 0) *cp = '\0';
    294 294
    295 295 if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) {
    296 296 krb_token.length = 0;
  • lib/libtelnet/read_password.c

     
    6 6 */
    7 7
    8 8 #ifndef lint
    9 static char sccsid[] = "@(#)read_password.c 8.2 (Berkeley) 12/15/93";
    9 static char sccsid[] = "@(#)read_password.c 8.3 (Berkeley) 05/30/95";
    10 10 #endif /* not lint */
    11 11
    12 12 /*
     
    50 50 {
    51 51 int ok = 0;
    52 52 char *ptr;
    53
    53
    54 54 jmp_buf old_env;
    55 55 struct sgttyb tty_state;
    56 56 char key_string[BUFSIZ];
     
    60 60 }
    61 61
    62 62 /* XXX assume jmp_buf is typedef'ed to an array */
    63 bcopy((char *)old_env, (char *)env, sizeof(env));
    63 memmove((char *)env, (char *)old_env, sizeof(env));
    64 64 if (setjmp(env))
    65 65 goto lose;
    66 66
    67 67 /* save terminal state*/
    68 if (ioctl(0,TIOCGETP,(char *)&tty_state) == -1)
    68 if (ioctl(0,TIOCGETP,(char *)&tty_state) == -1)
    69 69 return -1;
    70 70 /*
    71 71 push_signals();
     
    79 79 (void) fflush(stdout);
    80 80 while (!fgets(s, max, stdin));
    81 81
    82 if ((ptr = index(s, '\n')))
    82 if ((ptr = strchr(s, '\n')))
    83 83 *ptr = '\0';
    84 84 if (verify) {
    85 85 printf("\nVerifying, please re-enter %s",prompt);
     
    88 88 clearerr(stdin);
    89 89 continue;
    90 90 }
    91 if ((ptr = index(key_string, '\n')))
    91 if ((ptr = strchr(key_string, '\n')))
    92 92 *ptr = '\0';
    93 93 if (strcmp(s,key_string)) {
    94 94 printf("\n\07\07Mismatch - try again\n");
     
    101 101
    102 102 lose:
    103 103 if (!ok)
    104 bzero(s, max);
    104 memset(s, 0, max);
    105 105 printf("\n");
    106 106 /* turn echo back on */
    107 107 tty_state.sg_flags |= ECHO;
     
    110 110 /*
    111 111 pop_signals();
    112 112 */
    113 bcopy((char *)env, (char *)old_env, sizeof(env));
    113 memmove((char *)old_env, (char *)env, sizeof(env));
    114 114 if (verify)
    115 bzero(key_string, sizeof (key_string));
    115 memset(key_string, 0, sizeof (key_string));
    116 116 s[max-1] = 0; /* force termination */
    117 117 return !ok; /* return nonzero if not okay */
    118 118 }
  • lib/libtelnet/rsaencpwd.c

     
    6 6 */
    7 7
    8 8 #ifndef lint
    9 static char sccsid[] = "@(#)rsaencpwd.c 8.2 (Berkeley) 02/16/95";
    9 static char sccsid[] = "@(#)rsaencpwd.c 8.3 (Berkeley) 05/30/95";
    10 10 #endif /* not lint */
    11 11
    12 12
     
    94 94 void *d;
    95 95 int c;
    96 96 {
    97 unsigned char *p = str_data + 4;
    97 unsigned char *p = str_data + 4;
    98 98 unsigned char *cd = (unsigned char *)d;
    99 99
    100 100 if (c == -1)
    101 101 c = strlen((char *)cd);
    102 102
    103 if (0) {
    104 printf("%s:%d: [%d] (%d)",
    105 str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
    106 str_data[3],
    107 type, c);
    108 printd(d, c);
    109 printf("\r\n");
    110 }
    103 if (0) {
    104 printf("%s:%d: [%d] (%d)",
    105 str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
    106 str_data[3],
    107 type, c);
    108 printd(d, c);
    109 printf("\r\n");
    110 }
    111 111 *p++ = ap->type;
    112 112 *p++ = ap->way;
    113 113 if (type != NULL) *p++ = type;
    114 while (c-- > 0) {
    115 if ((*p++ = *cd++) == IAC)
    116 *p++ = IAC;
    117 }
    118 *p++ = IAC;
    119 *p++ = SE;
    114 while (c-- > 0) {
    115 if ((*p++ = *cd++) == IAC)
    116 *p++ = IAC;
    117 }
    118 *p++ = IAC;
    119 *p++ = SE;
    120 120 if (str_data[3] == TELQUAL_IS)
    121 121 printsub('>', &str_data[2], p - (&str_data[2]));
    122 return(net_write(str_data, p - str_data));
    122 return(net_write(str_data, p - str_data));
    123 123 }
    124 124
    125 125 int
     
    132 132
    133 133 if (server) {
    134 134 str_data[3] = TELQUAL_REPLY;
    135 bzero(key_file, sizeof(key_file));
    135 memset(key_file, 0, sizeof(key_file));
    136 136 gethostname(lhostname, sizeof(lhostname));
    137 if ((cp = index(lhostname, '.')) != 0) *cp = '\0';
    137 if ((cp = strchr(lhostname, '.')) != 0) *cp = '\0';
    138 138 strcpy(key_file, "/etc/.");
    139 139 strcat(key_file, lhostname);
    140 140 strcat(key_file, "_privkey");
     
    184 184 cnt--;
    185 185 switch (*data++) {
    186 186 case RSA_ENCPWD_AUTH:
    187 bcopy((void *)data, (void *)auth.dat, auth.length = cnt);
    187 memmove((void *)auth.dat, (void *)data, auth.length = cnt);
    188 188
    189 189 if ((fp=fopen(key_file, "r"))==NULL) {
    190 190 Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1);
     
    268 268 ptr +=NumEncodeLengthOctets(chalkey_len);
    269 269 *ptr++ = 0x04; /* OCTET STRING */
    270 270 *ptr++ = challenge_len;
    271 bcopy(challenge, ptr, challenge_len);
    271 memmove(ptr, challenge, challenge_len);
    272 272 ptr += challenge_len;
    273 273 *ptr++ = 0x04; /* OCTET STRING */
    274 274 EncodeLength(ptr, i);
    275 275 ptr += NumEncodeLengthOctets(i);
    276 bcopy(key, ptr, i);
    276 memmove(ptr, key, i);
    277 277 chalkey_len = 1+NumEncodeLengthOctets(chalkey_len)+chalkey_len;
    278 278 Data(ap, RSA_ENCPWD_CHALLENGEKEY, (void *)chalkey, chalkey_len);
    279 279 }
    280 280 break;
    281
    281
    282 282 default:
    283 283 Data(ap, RSA_ENCPWD_REJECT, 0, 0);
    284 284 break;
     
    296 296 KTEXT_ST token;
    297 297 Block enckey;
    298 298 int r, pubkey_len;
    299 char randchal[CHAL_SZ], *cp;
    300 char chalkey[160], pubkey[128], *ptr;
    299 char randchal[CHAL_SZ], *cp;
    300 char chalkey[160], pubkey[128], *ptr;
    301 301
    302 302 if (cnt-- < 1)
    303 303 return;
     
    319 319 * Verify that the response to the challenge is correct.
    320 320 */
    321 321
    322 bcopy((void *)data, (void *)chalkey, cnt);
    322 memmove((void *)chalkey, (void *)data, cnt);
    323 323 ptr = (char *) &chalkey[0];
    324 324 ptr += DecodeHeaderLength(chalkey);
    325 325 if (*ptr != 0x04) {
    326 return;
    327 }
    326 return;
    327 }
    328 328 *ptr++;
    329 329 challenge_len = DecodeValueLength(ptr);
    330 330 ptr += NumEncodeLengthOctets(challenge_len);
    331 bcopy(ptr, challenge, challenge_len);
    331 memmove(challenge, ptr, challenge_len);
    332 332 ptr += challenge_len;
    333 333 if (*ptr != 0x04) {
    334 return;
    335 }
    336 *ptr++;
    334 return;
    335 }
    336 *ptr++;
    337 337 pubkey_len = DecodeValueLength(ptr);
    338 338 ptr += NumEncodeLengthOctets(pubkey_len);
    339 bcopy(ptr, pubkey, pubkey_len);
    340 bzero(user_passwd, sizeof(user_passwd));
    339 memmove(pubkey, ptr, pubkey_len);
    340 memset(user_passwd, 0, sizeof(user_passwd));
    341 341 local_des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
    342 342 UserPassword = user_passwd;
    343 343 Challenge = challenge;
  • lib/libtelnet/spx.c

     
    6 6 */
    7 7
    8 8 #ifndef lint
    9 static char sccsid[] = "@(#)spx.c 8.1 (Berkeley) 06/04/93";
    9 static char sccsid[] = "@(#)spx.c 8.2 (Berkeley) 05/30/95";
    10 10 #endif /* not lint */
    11 11
    12 12 #ifdef SPX
     
    81 81
    82 82 /*******************************************************************/
    83 83
    84 gss_OID_set actual_mechs;
    85 gss_OID actual_mech_type, output_name_type;
    86 int major_status, status, msg_ctx = 0, new_status;
    87 int req_flags = 0, ret_flags, lifetime_rec;
    88 gss_cred_id_t gss_cred_handle;
    89 gss_ctx_id_t actual_ctxhandle, context_handle;
    90 gss_buffer_desc output_token, input_token, input_name_buffer;
    91 gss_buffer_desc status_string;
    92 gss_name_t desired_targname, src_name;
    93 gss_channel_bindings input_chan_bindings;
    94 char lhostname[GSS_C_MAX_PRINTABLE_NAME];
    95 char targ_printable[GSS_C_MAX_PRINTABLE_NAME];
    96 int to_addr=0, from_addr=0;
    97 char *address;
    98 gss_buffer_desc fullname_buffer;
    99 gss_OID fullname_type;
    100 gss_cred_id_t gss_delegated_cred_handle;
    84 gss_OID_set actual_mechs;
    85 gss_OID actual_mech_type, output_name_type;
    86 int major_status, status, msg_ctx = 0, new_status;
    87 int req_flags = 0, ret_flags, lifetime_rec;
    88 gss_cred_id_t gss_cred_handle;
    89 gss_ctx_id_t actual_ctxhandle, context_handle;
    90 gss_buffer_desc output_token, input_token, input_name_buffer;
    91 gss_buffer_desc status_string;
    92 gss_name_t desired_targname, src_name;
    93 gss_channel_bindings input_chan_bindings;
    94 char lhostname[GSS_C_MAX_PRINTABLE_NAME];
    95 char targ_printable[GSS_C_MAX_PRINTABLE_NAME];
    96 int to_addr=0, from_addr=0;
    97 char *address;
    98 gss_buffer_desc fullname_buffer;
    99 gss_OID fullname_type;
    100 gss_cred_id_t gss_delegated_cred_handle;
    101 101
    102 102 /*******************************************************************/
    103 103
     
    110 110 void *d;
    111 111 int c;
    112 112 {
    113 unsigned char *p = str_data + 4;
    113 unsigned char *p = str_data + 4;
    114 114 unsigned char *cd = (unsigned char *)d;
    115 115
    116 116 if (c == -1)
    117 117 c = strlen((char *)cd);
    118 118
    119 if (0) {
    120 printf("%s:%d: [%d] (%d)",
    121 str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
    122 str_data[3],
    123 type, c);
    124 printd(d, c);
    125 printf("\r\n");
    126 }
    119 if (0) {
    120 printf("%s:%d: [%d] (%d)",
    121 str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
    122 str_data[3],
    123 type, c);
    124 printd(d, c);
    125 printf("\r\n");
    126 }
    127 127 *p++ = ap->type;
    128 128 *p++ = ap->way;
    129 129 *p++ = type;
    130 while (c-- > 0) {
    131 if ((*p++ = *cd++) == IAC)
    132 *p++ = IAC;
    133 }
    134 *p++ = IAC;
    135 *p++ = SE;
    130 while (c-- > 0) {
    131 if ((*p++ = *cd++) == IAC)
    132 *p++ = IAC;
    133 }
    134 *p++ = IAC;
    135 *p++ = SE;
    136 136 if (str_data[3] == TELQUAL_IS)
    137 137 printsub('>', &str_data[2], p - (&str_data[2]));
    138 return(net_write(str_data, p - str_data));
    138 return(net_write(str_data, p - str_data));
    139 139 }
    140 140
    141 141 int
     
    143 143 Authenticator *ap;
    144 144 int server;
    145 145 {
    146 gss_cred_id_t tmp_cred_handle;
    146 gss_cred_id_t tmp_cred_handle;
    147 147
    148 148 if (server) {
    149 149 str_data[3] = TELQUAL_REPLY;
     
    153 153 input_name_buffer.length = strlen(targ_printable);
    154 154 input_name_buffer.value = targ_printable;
    155 155 major_status = gss_import_name(&status,
    156 &input_name_buffer,
    157 GSS_C_NULL_OID,
    158 &desired_targname);
    156 &input_name_buffer,
    157 GSS_C_NULL_OID,
    158 &desired_targname);
    159 159 major_status = gss_acquire_cred(&status,
    160 desired_targname,
    161 0,
    162 GSS_C_NULL_OID_SET,
    163 GSS_C_ACCEPT,
    164 &tmp_cred_handle,
    165 &actual_mechs,
    166 &lifetime_rec);
    160 desired_targname,
    161 0,
    162 GSS_C_NULL_OID_SET,
    163 GSS_C_ACCEPT,
    164 &tmp_cred_handle,
    165 &actual_mechs,
    166 &lifetime_rec);
    167 167 if (major_status != GSS_S_COMPLETE) return(0);
    168 168 } else {
    169 169 str_data[3] = TELQUAL_IS;
     
    178 178 Block enckey;
    179 179 int r;
    180 180
    181 gss_OID actual_mech_type, output_name_type;
    182 int msg_ctx = 0, new_status, status;
    183 int req_flags = 0, ret_flags, lifetime_rec, major_status;
    181 gss_OID actual_mech_type, output_name_type;
    182 int msg_ctx = 0, new_status, status;
    183 int req_flags = 0, ret_flags, lifetime_rec, major_status;
    184 184 gss_buffer_desc output_token, input_token, input_name_buffer;
    185 185 gss_buffer_desc output_name_buffer, status_string;
    186 186 gss_name_t desired_targname;
     
    202 202 }
    203 203
    204 204 major_status = gss_import_name(&status,
    205 &input_name_buffer,
    206 GSS_C_NULL_OID,
    207 &desired_targname);
    205 &input_name_buffer,
    206 GSS_C_NULL_OID,
    207 &desired_targname);
    208 208
    209 209
    210 210 major_status = gss_display_name(&status,
     
    237 237 address[3] = (to_addr & 0xff);
    238 238 input_chan_bindings->application_data.length = 0;
    239 239
    240 req_flags = 0;
    241 if (deleg_flag) req_flags = req_flags | 1;
    242 if (mutual_flag) req_flags = req_flags | 2;
    243 if (replay_flag) req_flags = req_flags | 4;
    244 if (seq_flag) req_flags = req_flags | 8;
    240 req_flags = 0;
    241 if (deleg_flag) req_flags = req_flags | 1;
    242 if (mutual_flag) req_flags = req_flags | 2;
    243 if (replay_flag) req_flags = req_flags | 4;
    244 if (seq_flag) req_flags = req_flags | 8;
    245 245
    246 major_status = gss_init_sec_context(&status, /* minor status */
    246 major_status = gss_init_sec_context(&status, /* minor status */
    247 247 GSS_C_NO_CREDENTIAL, /* cred handle */
    248 &actual_ctxhandle, /* ctx handle */
    249 desired_targname, /* target name */
    250 GSS_C_NULL_OID, /* mech type */
    251 req_flags, /* req flags */
    252 0, /* time req */
    253 input_chan_bindings, /* chan binding */
    254 GSS_C_NO_BUFFER, /* input token */
    255 &actual_mech_type, /* actual mech */
    256 &output_token, /* output token */
    257 &ret_flags, /* ret flags */
    258 &lifetime_rec); /* time rec */
    248 &actual_ctxhandle, /* ctx handle */
    249 desired_targname, /* target name */
    250 GSS_C_NULL_OID, /* mech type */
    251 req_flags, /* req flags */
    252 0, /* time req */
    253 input_chan_bindings, /* chan binding */
    254 GSS_C_NO_BUFFER, /* input token */
    255 &actual_mech_type, /* actual mech */
    256 &output_token, /* output token */
    257 &ret_flags, /* ret flags */
    258 &lifetime_rec); /* time rec */
    259 259
    260 260 if ((major_status != GSS_S_COMPLETE) &&
    261 261 (major_status != GSS_S_CONTINUE_NEEDED)) {
    262 gss_display_status(&new_status,
    263 status,
    264 GSS_C_MECH_CODE,
    265 GSS_C_NULL_OID,
    266 &msg_ctx,
    267 &status_string);
    268 printf("%s\n", status_string.value);
    262 gss_display_status(&new_status,
    263 status,
    264 GSS_C_MECH_CODE,
    265 GSS_C_NULL_OID,
    266 &msg_ctx,
    267 &status_string);
    268 printf("%s\n", status_string.value);
    269 269 return(0);
    270 270 }
    271 271
     
    294 294 return;
    295 295 switch (*data++) {
    296 296 case SPX_AUTH:
    297 input_token.length = cnt;
    297 input_token.length = cnt;
    298 298 input_token.value = (char *) data;
    299 299
    300 300 gethostname(lhostname, sizeof(lhostname));
     
    306 306 input_name_buffer.value = targ_printable;
    307 307
    308 308 major_status = gss_import_name(&status,
    309 &input_name_buffer,
    310 GSS_C_NULL_OID,
    311 &desired_targname);
    309 &input_name_buffer,
    310 GSS_C_NULL_OID,
    311 &desired_targname);
    312 312
    313 313 major_status = gss_acquire_cred(&status,
    314 desired_targname,
    315 0,
    316 GSS_C_NULL_OID_SET,
    317 GSS_C_ACCEPT,
    318 &gss_cred_handle,
    319 &actual_mechs,
    320 &lifetime_rec);
    314 desired_targname,
    315 0,
    316 GSS_C_NULL_OID_SET,
    317 GSS_C_ACCEPT,
    318 &gss_cred_handle,
    319 &actual_mechs,
    320 &lifetime_rec);
    321 321
    322 322 major_status = gss_release_name(&status, desired_targname);
    323 323
     
    343 343 input_chan_bindings->application_data.length = 0;
    344 344
    345 345 major_status = gss_accept_sec_context(&status,
    346 &context_handle,
    347 gss_cred_handle,
    348 &input_token,
    349 input_chan_bindings,
    350 &src_name,
    351 &actual_mech_type,
    352 &output_token,
    353 &ret_flags,
    354 &lifetime_rec,
    355 &gss_delegated_cred_handle);
    346 &context_handle,
    347 gss_cred_handle,
    348 &input_token,
    349 input_chan_bindings,
    350 &src_name,
    351 &actual_mech_type,
    352 &output_token,
    353 &ret_flags,
    354 &lifetime_rec,
    355 &gss_delegated_cred_handle);
    356 356
    357 357
    358 358 if (major_status != GSS_S_COMPLETE) {
    359 359
    360 360 major_status = gss_display_name(&status,
    361 src_name,
    362 &fullname_buffer,
    363 &fullname_type);
    361 src_name,
    362 &fullname_buffer,
    363 &fullname_type);
    364 364 Data(ap, SPX_REJECT, (void *)"auth failed", -1);
    365 365 auth_finished(ap, AUTH_REJECT);
    366 366 return;
    367 367 }
    368 368
    369 369 major_status = gss_display_name(&status,
    370 src_name,
    371 &fullname_buffer,
    372 &fullname_type);
    370 src_name,
    371 &fullname_buffer,
    372 &fullname_type);
    373 373
    374 374
    375 375 Data(ap, SPX_ACCEPT, (void *)output_token.value, output_token.length);
     
    412 412 input_token.length = cnt;
    413 413
    414 414 major_status = gss_init_sec_context(&status, /* minor stat */
    415 GSS_C_NO_CREDENTIAL, /* cred handle */
    416 &actual_ctxhandle, /* ctx handle */
    417 desired_targname, /* target name */
    418 GSS_C_NULL_OID, /* mech type */
    419 req_flags, /* req flags */
    420 0, /* time req */
    421 input_chan_bindings, /* chan binding */
    422 &input_token, /* input token */
    423 &actual_mech_type, /* actual mech */
    424 &output_token, /* output token */
    425 &ret_flags, /* ret flags */
    426 &lifetime_rec); /* time rec */
    415 GSS_C_NO_CREDENTIAL, /* cred handle */
    416 &actual_ctxhandle, /* ctx handle */
    417 desired_targname, /* target name */
    418 GSS_C_NULL_OID, /* mech type */
    419 req_flags, /* req flags */
    420 0, /* time req */
    421 input_chan_bindings, /* chan binding */
    422 &input_token, /* input token */
    423 &actual_mech_type, /* actual mech */
    424 &output_token, /* output token */
    425 &ret_flags, /* ret flags */
    426 &lifetime_rec); /* time rec */
    427 427
    428 428 if (major_status != GSS_S_COMPLETE) {
    429 429 gss_display_status(&new_status,
    430 status,
    431 GSS_C_MECH_CODE,
    432 GSS_C_NULL_OID,
    433 &msg_ctx,
    434 &status_string);
    430 status,
    431 GSS_C_MECH_CODE,
    432 GSS_C_NULL_OID,
    433 &msg_ctx,
    434 &status_string);
    435 435 printf("[ SPX mutual response fails ... '%s' ]\r\n",
    436 436 status_string.value);
    437 437 auth_send_retry();
     
    455 455
    456 456 gss_buffer_desc fullname_buffer, acl_file_buffer;
    457 457 gss_OID fullname_type;
    458 char acl_file[160], fullname[160];
    459 int major_status, status = 0;
    458 char acl_file[160], fullname[160];
    459 int major_status, status = 0;
    460 460 struct passwd *pwd;
    461 461
    462 /*
    463 * hard code fullname to
    464 * "SPX:/C=US/O=Digital/OU=LKG/OU=Sphinx/OU=Users/CN=Kannan Alagappan"
    465 * and acl_file to "~kannan/.sphinx"
    466 */
    462 /*
    463 * hard code fullname to
    464 * "SPX:/C=US/O=Digital/OU=LKG/OU=Sphinx/OU=Users/CN=Kannan Alagappan"
    465 * and acl_file to "~kannan/.sphinx"
    466 */
    467 467
    468 468 pwd = getpwnam(UserNameRequested);
    469 469 if (pwd == NULL) {
    470 return(AUTH_USER); /* not authenticated */
    471 }
    470 return(AUTH_USER); /* not authenticated */
    471 }
    472 472
    473 473 strcpy(acl_file, pwd->pw_dir);
    474 474 strcat(acl_file, "/.sphinx");
    475 acl_file_buffer.value = acl_file;
    476 acl_file_buffer.length = strlen(acl_file);
    475 acl_file_buffer.value = acl_file;
    476 acl_file_buffer.length = strlen(acl_file);
    477 477
    478 478 major_status = gss_display_name(&status,
    479 479 src_name,
     
    483 483 if (level < AUTH_USER)
    484 484 return(level);
    485 485
    486 major_status = gss__check_acl(&status, &fullname_buffer,
    487 &acl_file_buffer);
    486 major_status = gss__check_acl(&status, &fullname_buffer,
    487 &acl_file_buffer);
    488 488
    489 if (major_status == GSS_S_COMPLETE) {
    489 if (major_status == GSS_S_COMPLETE) {
    490 490 strcpy(name, UserNameRequested);
    491 491 return(AUTH_VALID);
    492 } else {
    493 return(AUTH_USER);
    494 }
    492 } else {
    493 return(AUTH_USER);
    494 }
    495 495
    496 496 }
    497 497