oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Protoize

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@993 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
1996-11-17 00:18:18 +00:00
parent 74c0bb16f5
commit 1fecad00ea
1 changed files with 426 additions and 457 deletions
Download Patch File Download Diff File Expand all files Collapse all files

883
appl/telnet/libtelnet/auth.c
View File

@@ -114,83 +114,83 @@ static int auth_send_cnt = 0;
*/ */
Authenticator authenticators[] = { Authenticator authenticators[] = {
#ifdef UNSAFE #ifdef UNSAFE
{ AUTHTYPE_UNSAFE, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, { AUTHTYPE_UNSAFE, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
unsafe_init, unsafe_init,
unsafe_send, unsafe_send,
unsafe_is, unsafe_is,
unsafe_reply, unsafe_reply,
unsafe_status, unsafe_status,
unsafe_printsub }, unsafe_printsub },
#endif #endif
#ifdef SRA #ifdef SRA
{ AUTHTYPE_SRA, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, { AUTHTYPE_SRA, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
sra_init, sra_init,
sra_send, sra_send,
sra_is, sra_is,
sra_reply, sra_reply,
sra_status, sra_status,
sra_printsub }, sra_printsub },
#endif #endif
#ifdef SPX #ifdef SPX
{ AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
spx_init, spx_init,
spx_send, spx_send,
spx_is, spx_is,
spx_reply, spx_reply,
spx_status, spx_status,
spx_printsub }, spx_printsub },
{ AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
spx_init, spx_init,
spx_send, spx_send,
spx_is, spx_is,
spx_reply, spx_reply,
spx_status, spx_status,
spx_printsub }, spx_printsub },
#endif #endif
#ifdef KRB5 #ifdef KRB5
{ AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
kerberos5_init, kerberos5_init,
kerberos5_send, kerberos5_send,
kerberos5_is, kerberos5_is,
kerberos5_reply, kerberos5_reply,
kerberos5_status, kerberos5_status,
kerberos5_printsub }, kerberos5_printsub },
#endif #endif
#ifdef KRB4 #ifdef KRB4
{ AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
kerberos4_init, kerberos4_init,
kerberos4_send_mutual, kerberos4_send_mutual,
kerberos4_is, kerberos4_is,
kerberos4_reply, kerberos4_reply,
kerberos4_status, kerberos4_status,
kerberos4_printsub }, kerberos4_printsub },
{ AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
kerberos4_init, kerberos4_init,
kerberos4_send_oneway, kerberos4_send_oneway,
kerberos4_is, kerberos4_is,
kerberos4_reply, kerberos4_reply,
kerberos4_status, kerberos4_status,
kerberos4_printsub }, kerberos4_printsub },
#endif #endif
#ifdef KRB4_ENCPWD #ifdef KRB4_ENCPWD
{ AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, { AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
krb4encpwd_init, krb4encpwd_init,
krb4encpwd_send, krb4encpwd_send,
krb4encpwd_is, krb4encpwd_is,
krb4encpwd_reply, krb4encpwd_reply,
krb4encpwd_status, krb4encpwd_status,
krb4encpwd_printsub }, krb4encpwd_printsub },
#endif #endif
#ifdef RSA_ENCPWD #ifdef RSA_ENCPWD
{ AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, { AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
rsaencpwd_init, rsaencpwd_init,
rsaencpwd_send, rsaencpwd_send,
rsaencpwd_is, rsaencpwd_is,
rsaencpwd_reply, rsaencpwd_reply,
rsaencpwd_status, rsaencpwd_status,
rsaencpwd_printsub }, rsaencpwd_printsub },
#endif #endif
{ 0, }, { 0, },
}; };
static Authenticator NoAuth = { 0 }; static Authenticator NoAuth = { 0 };
@@ -198,193 +198,181 @@ static Authenticator NoAuth = { 0 };
static int i_support = 0; static int i_support = 0;
static int i_wont_support = 0; static int i_wont_support = 0;
Authenticator * Authenticator *
findauthenticator(type, way) findauthenticator(int type, int way)
int type;
int way;
{ {
Authenticator *ap = authenticators; Authenticator *ap = authenticators;
while (ap->type && (ap->type != type || ap->way != way)) while (ap->type && (ap->type != type || ap->way != way))
++ap; ++ap;
return(ap->type ? ap : 0); return(ap->type ? ap : 0);
} }
void void
auth_init(name, server) auth_init(char *name, int server)
char *name;
int server;
{ {
Authenticator *ap = authenticators; Authenticator *ap = authenticators;
Server = server; Server = server;
Name = name; Name = name;
i_support = 0; i_support = 0;
authenticated = 0; authenticated = 0;
authenticating = 0; authenticating = 0;
while (ap->type) { while (ap->type) {
if (!ap->init || (*ap->init)(ap, server)) { if (!ap->init || (*ap->init)(ap, server)) {
i_support |= typemask(ap->type); i_support |= typemask(ap->type);
if (auth_debug_mode) if (auth_debug_mode)
printf(">>>%s: I support auth type %d %d\r\n", printf(">>>%s: I support auth type %d %d\r\n",
Name, Name,
ap->type, ap->way); ap->type, ap->way);
}
else if (auth_debug_mode)
printf(">>>%s: Init failed: auth type %d %d\r\n",
Name, ap->type, ap->way);
++ap;
} }
else if (auth_debug_mode)
printf(">>>%s: Init failed: auth type %d %d\r\n",
Name, ap->type, ap->way);
++ap;
}
} }
void void
auth_disable_name(name) auth_disable_name(char *name)
char *name;
{ {
int x; int x;
for (x = 0; x < AUTHTYPE_CNT; ++x) { for (x = 0; x < AUTHTYPE_CNT; ++x) {
if (!strcasecmp(name, AUTHTYPE_NAME(x))) { if (!strcasecmp(name, AUTHTYPE_NAME(x))) {
i_wont_support |= typemask(x); i_wont_support |= typemask(x);
break; break;
}
} }
}
} }
int int
getauthmask(type, maskp) getauthmask(char *type, int *maskp)
char *type;
int *maskp;
{ {
register int x; register int x;
if (!strcasecmp(type, AUTHTYPE_NAME(0))) { if (!strcasecmp(type, AUTHTYPE_NAME(0))) {
*maskp = -1; *maskp = -1;
return(1);
}
for (x = 1; x < AUTHTYPE_CNT; ++x) {
if (!strcasecmp(type, AUTHTYPE_NAME(x))) {
*maskp = typemask(x);
return(1);
}
}
return(0);
}
int
auth_enable(type)
char *type;
{
return(auth_onoff(type, 1));
}
int
auth_disable(type)
char *type;
{
return(auth_onoff(type, 0));
}
int
auth_onoff(type, on)
char *type;
int on;
{
int i, mask = -1;
Authenticator *ap;
if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
printf("auth %s 'type'\n", on ? "enable" : "disable");
printf("Where 'type' is one of:\n");
printf("\t%s\n", AUTHTYPE_NAME(0));
mask = 0;
for (ap = authenticators; ap->type; ap++) {
if ((mask & (i = typemask(ap->type))) != 0)
continue;
mask |= i;
printf("\t%s\n", AUTHTYPE_NAME(ap->type));
}
return(0);
}
if (!getauthmask(type, &mask)) {
printf("%s: invalid authentication type\n", type);
return(0);
}
if (on)
i_wont_support &= ~mask;
else
i_wont_support |= mask;
return(1); return(1);
}
for (x = 1; x < AUTHTYPE_CNT; ++x) {
if (!strcasecmp(type, AUTHTYPE_NAME(x))) {
*maskp = typemask(x);
return(1);
}
}
return(0);
} }
int int
auth_togdebug(on) auth_enable(char *type)
int on;
{ {
if (on < 0) return(auth_onoff(type, 1));
auth_debug_mode ^= 1;
else
auth_debug_mode = on;
printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
return(1);
} }
int int
auth_status() auth_disable(char *type)
{ {
Authenticator *ap; return(auth_onoff(type, 0));
int i, mask; }
if (i_wont_support == -1) int
printf("Authentication disabled\n"); auth_onoff(char *type, int on)
else {
printf("Authentication enabled\n"); int i, mask = -1;
Authenticator *ap;
if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
printf("auth %s 'type'\n", on ? "enable" : "disable");
printf("Where 'type' is one of:\n");
printf("\t%s\n", AUTHTYPE_NAME(0));
mask = 0; mask = 0;
for (ap = authenticators; ap->type; ap++) { for (ap = authenticators; ap->type; ap++) {
if ((mask & (i = typemask(ap->type))) != 0) if ((mask & (i = typemask(ap->type))) != 0)
continue; continue;
mask |= i; mask |= i;
printf("%s: %s\n", AUTHTYPE_NAME(ap->type), printf("\t%s\n", AUTHTYPE_NAME(ap->type));
(i_wont_support & typemask(ap->type)) ?
"disabled" : "enabled");
} }
return(1); return(0);
}
if (!getauthmask(type, &mask)) {
printf("%s: invalid authentication type\n", type);
return(0);
}
if (on)
i_wont_support &= ~mask;
else
i_wont_support |= mask;
return(1);
}
int
auth_togdebug(int on)
{
if (on < 0)
auth_debug_mode ^= 1;
else
auth_debug_mode = on;
printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
return(1);
}
int
auth_status(void)
{
Authenticator *ap;
int i, mask;
if (i_wont_support == -1)
printf("Authentication disabled\n");
else
printf("Authentication enabled\n");
mask = 0;
for (ap = authenticators; ap->type; ap++) {
if ((mask & (i = typemask(ap->type))) != 0)
continue;
mask |= i;
printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
(i_wont_support & typemask(ap->type)) ?
"disabled" : "enabled");
}
return(1);
} }
/* /*
* This routine is called by the server to start authentication * This routine is called by the server to start authentication
* negotiation. * negotiation.
*/ */
void void
auth_request() auth_request(void)
{ {
static unsigned char str_request[64] = { IAC, SB, static unsigned char str_request[64] = { IAC, SB,
TELOPT_AUTHENTICATION, TELOPT_AUTHENTICATION,
TELQUAL_SEND, }; TELQUAL_SEND, };
Authenticator *ap = authenticators; Authenticator *ap = authenticators;
unsigned char *e = str_request + 4; unsigned char *e = str_request + 4;
if (!authenticating) { if (!authenticating) {
authenticating = 1; authenticating = 1;
while (ap->type) { while (ap->type) {
if (i_support & ~i_wont_support & typemask(ap->type)) { if (i_support & ~i_wont_support & typemask(ap->type)) {
if (auth_debug_mode) { if (auth_debug_mode) {
printf(">>>%s: Sending type %d %d\r\n", printf(">>>%s: Sending type %d %d\r\n",
Name, ap->type, ap->way); Name, ap->type, ap->way);
}
*e++ = ap->type;
*e++ = ap->way;
}
++ap;
} }
*e++ = IAC; *e++ = ap->type;
*e++ = SE; *e++ = ap->way;
net_write(str_request, e - str_request); }
printsub('>', &str_request[2], e - str_request - 2); ++ap;
} }
*e++ = IAC;
*e++ = SE;
net_write(str_request, e - str_request);
printsub('>', &str_request[2], e - str_request - 2);
}
} }
/* /*
@@ -398,282 +386,263 @@ auth_request()
* with KERBEROS instead of LOGIN (which is against what the * with KERBEROS instead of LOGIN (which is against what the
* protocol says)) you will have to hack this code... * protocol says)) you will have to hack this code...
*/ */
void void
auth_send(data, cnt) auth_send(unsigned char *data, int cnt)
unsigned char *data;
int cnt;
{ {
Authenticator *ap; Authenticator *ap;
static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION, static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION,
TELQUAL_IS, AUTHTYPE_NULL, 0, TELQUAL_IS, AUTHTYPE_NULL, 0,
IAC, SE }; IAC, SE };
if (Server) { if (Server) {
if (auth_debug_mode) {
printf(">>>%s: auth_send called!\r\n", Name);
}
return;
}
if (auth_debug_mode) { if (auth_debug_mode) {
printf(">>>%s: auth_send got:", Name); printf(">>>%s: auth_send called!\r\n", Name);
printd(data, cnt); printf("\r\n");
} }
return;
}
if (auth_debug_mode) {
printf(">>>%s: auth_send got:", Name);
printd(data, cnt); printf("\r\n");
}
/*
* Save the data, if it is new, so that we can continue looking
* at it if the authorization we try doesn't work
*/
if (data < _auth_send_data ||
data > _auth_send_data + sizeof(_auth_send_data)) {
auth_send_cnt = cnt > sizeof(_auth_send_data)
? sizeof(_auth_send_data)
: cnt;
memmove((void *)_auth_send_data, (void *)data, auth_send_cnt);
auth_send_data = _auth_send_data;
} else {
/* /*
* Save the data, if it is new, so that we can continue looking * This is probably a no-op, but we just make sure
* at it if the authorization we try doesn't work
*/ */
if (data < _auth_send_data || auth_send_data = data;
data > _auth_send_data + sizeof(_auth_send_data)) { auth_send_cnt = cnt;
auth_send_cnt = cnt > sizeof(_auth_send_data) }
? sizeof(_auth_send_data) while ((auth_send_cnt -= 2) >= 0) {
: cnt;
memmove((void *)_auth_send_data, (void *)data, auth_send_cnt);
auth_send_data = _auth_send_data;
} else {
/*
* This is probably a no-op, but we just make sure
*/
auth_send_data = data;
auth_send_cnt = cnt;
}
while ((auth_send_cnt -= 2) >= 0) {
if (auth_debug_mode)
printf(">>>%s: He supports %d\r\n",
Name, *auth_send_data);
if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) {
ap = findauthenticator(auth_send_data[0],
auth_send_data[1]);
if (ap && ap->send) {
if (auth_debug_mode)
printf(">>>%s: Trying %d %d\r\n",
Name, auth_send_data[0],
auth_send_data[1]);
if ((*ap->send)(ap)) {
/*
* Okay, we found one we like
* and did it.
* we can go home now.
*/
if (auth_debug_mode)
printf(">>>%s: Using type %d\r\n",
Name, *auth_send_data);
auth_send_data += 2;
return;
}
}
/* else
* just continue on and look for the
* next one if we didn't do anything.
*/
}
auth_send_data += 2;
}
net_write(str_none, sizeof(str_none));
printsub('>', &str_none[2], sizeof(str_none) - 2);
if (auth_debug_mode) if (auth_debug_mode)
printf(">>>%s: Sent failure message\r\n", Name); printf(">>>%s: He supports %d\r\n",
auth_finished(0, AUTH_REJECT); Name, *auth_send_data);
if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) {
ap = findauthenticator(auth_send_data[0],
auth_send_data[1]);
if (ap && ap->send) {
if (auth_debug_mode)
printf(">>>%s: Trying %d %d\r\n",
Name, auth_send_data[0],
auth_send_data[1]);
if ((*ap->send)(ap)) {
/*
* Okay, we found one we like
* and did it.
* we can go home now.
*/
if (auth_debug_mode)
printf(">>>%s: Using type %d\r\n",
Name, *auth_send_data);
auth_send_data += 2;
return;
}
}
/* else
* just continue on and look for the
* next one if we didn't do anything.
*/
}
auth_send_data += 2;
}
net_write(str_none, sizeof(str_none));
printsub('>', &str_none[2], sizeof(str_none) - 2);
if (auth_debug_mode)
printf(">>>%s: Sent failure message\r\n", Name);
auth_finished(0, AUTH_REJECT);
#ifdef KANNAN #ifdef KANNAN
/* /*
* We requested strong authentication, however no mechanisms worked. * We requested strong authentication, however no mechanisms worked.
* Therefore, exit on client end. * Therefore, exit on client end.
*/ */
printf("Unable to securely authenticate user ... exit\n"); printf("Unable to securely authenticate user ... exit\n");
exit(0); exit(0);
#endif /* KANNAN */ #endif /* KANNAN */
} }
void void
auth_send_retry() auth_send_retry(void)
{ {
/* /*
* if auth_send_cnt <= 0 then auth_send will end up rejecting * if auth_send_cnt <= 0 then auth_send will end up rejecting
* the authentication and informing the other side of this. * the authentication and informing the other side of this.
*/ */
auth_send(auth_send_data, auth_send_cnt); auth_send(auth_send_data, auth_send_cnt);
} }
void void
auth_is(data, cnt) auth_is(unsigned char *data, int cnt)
unsigned char *data;
int cnt;
{ {
Authenticator *ap; Authenticator *ap;
if (cnt < 2) if (cnt < 2)
return; return;
if (data[0] == AUTHTYPE_NULL) { if (data[0] == AUTHTYPE_NULL) {
auth_finished(0, AUTH_REJECT);
return;
}
if (ap = findauthenticator(data[0], data[1])) {
if (ap->is)
(*ap->is)(ap, data+2, cnt-2);
} else if (auth_debug_mode)
printf(">>>%s: Invalid authentication in IS: %d\r\n",
Name, *data);
}
void
auth_reply(data, cnt)
unsigned char *data;
int cnt;
{
Authenticator *ap;
if (cnt < 2)
return;
if (ap = findauthenticator(data[0], data[1])) {
if (ap->reply)
(*ap->reply)(ap, data+2, cnt-2);
} else if (auth_debug_mode)
printf(">>>%s: Invalid authentication in SEND: %d\r\n",
Name, *data);
}
void
auth_name(data, cnt)
unsigned char *data;
int cnt;
{
unsigned char savename[256];
if (cnt < 1) {
if (auth_debug_mode)
printf(">>>%s: Empty name in NAME\r\n", Name);
return;
}
if (cnt > sizeof(savename) - 1) {
if (auth_debug_mode)
printf(">>>%s: Name in NAME (%d) exceeds %d length\r\n",
Name, cnt, sizeof(savename)-1);
return;
}
memmove((void *)savename, (void *)data, cnt);
savename[cnt] = '\0'; /* Null terminate */
if (auth_debug_mode)
printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
auth_encrypt_user(savename);
}
int
auth_sendname(cp, len)
unsigned char *cp;
int len;
{
static unsigned char str_request[256+6]
= { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, };
register unsigned char *e = str_request + 4;
register unsigned char *ee = &str_request[sizeof(str_request)-2];
while (--len >= 0) {
if ((*e++ = *cp++) == IAC)
*e++ = IAC;
if (e >= ee)
return(0);
}
*e++ = IAC;
*e++ = SE;
net_write(str_request, e - str_request);
printsub('>', &str_request[2], e - &str_request[2]);
return(1);
}
void
auth_finished(ap, result)
Authenticator *ap;
int result;
{
if (!(authenticated = ap))
authenticated = &NoAuth;
validuser = result;
}
/* ARGSUSED */
static void
auth_intr(sig)
int sig;
{
auth_finished(0, AUTH_REJECT); auth_finished(0, AUTH_REJECT);
return;
}
if (ap = findauthenticator(data[0], data[1])) {
if (ap->is)
(*ap->is)(ap, data+2, cnt-2);
} else if (auth_debug_mode)
printf(">>>%s: Invalid authentication in IS: %d\r\n",
Name, *data);
} }
int void
auth_wait(name) auth_reply(unsigned char *data, int cnt)
char *name;
{ {
Authenticator *ap;
if (cnt < 2)
return;
if (ap = findauthenticator(data[0], data[1])) {
if (ap->reply)
(*ap->reply)(ap, data+2, cnt-2);
} else if (auth_debug_mode)
printf(">>>%s: Invalid authentication in SEND: %d\r\n",
Name, *data);
}
void
auth_name(unsigned char *data, int cnt)
{
unsigned char savename[256];
if (cnt < 1) {
if (auth_debug_mode) if (auth_debug_mode)
printf(">>>%s: in auth_wait.\r\n", Name); printf(">>>%s: Empty name in NAME\r\n", Name);
return;
if (Server && !authenticating) }
return(0); if (cnt > sizeof(savename) - 1) {
if (auth_debug_mode)
(void) signal(SIGALRM, auth_intr); printf(">>>%s: Name in NAME (%d) exceeds %d length\r\n",
alarm(30); Name, cnt, sizeof(savename)-1);
while (!authenticated) return;
if (telnet_spin()) }
break; memmove((void *)savename, (void *)data, cnt);
alarm(0); savename[cnt] = '\0'; /* Null terminate */
(void) signal(SIGALRM, SIG_DFL); if (auth_debug_mode)
printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
/* auth_encrypt_user(savename);
* Now check to see if the user is valid or not
*/
if (!authenticated || authenticated == &NoAuth)
return(AUTH_REJECT);
if (validuser == AUTH_VALID)
validuser = AUTH_USER;
if (authenticated->status)
validuser = (*authenticated->status)(authenticated,
name, validuser);
return(validuser);
} }
void int
auth_debug(mode) auth_sendname(unsigned char *cp, int len)
int mode;
{ {
auth_debug_mode = mode; static unsigned char str_request[256+6]
= { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, };
register unsigned char *e = str_request + 4;
register unsigned char *ee = &str_request[sizeof(str_request)-2];
while (--len >= 0) {
if ((*e++ = *cp++) == IAC)
*e++ = IAC;
if (e >= ee)
return(0);
}
*e++ = IAC;
*e++ = SE;
net_write(str_request, e - str_request);
printsub('>', &str_request[2], e - &str_request[2]);
return(1);
} }
void void
auth_printsub(data, cnt, buf, buflen) auth_finished(Authenticator *ap, int result)
unsigned char *data, *buf;
int cnt, buflen;
{ {
Authenticator *ap; if (!(authenticated = ap))
authenticated = &NoAuth;
if ((ap = findauthenticator(data[1], data[2])) && ap->printsub) validuser = result;
(*ap->printsub)(data, cnt, buf, buflen);
else
auth_gen_printsub(data, cnt, buf, buflen);
} }
void /* ARGSUSED */
auth_gen_printsub(data, cnt, buf, buflen) static void
unsigned char *data, *buf; auth_intr(int sig)
int cnt, buflen;
{ {
register unsigned char *cp; auth_finished(0, AUTH_REJECT);
unsigned char tbuf[16]; }
cnt -= 3; int
data += 3; auth_wait(char *name)
buf[buflen-1] = '\0'; {
buf[buflen-2] = '*'; if (auth_debug_mode)
buflen -= 2; printf(">>>%s: in auth_wait.\r\n", Name);
for (; cnt > 0; cnt--, data++) {
sprintf((char *)tbuf, " %d", *data); if (Server && !authenticating)
for (cp = tbuf; *cp && buflen > 0; --buflen) return(0);
*buf++ = *cp++;
if (buflen <= 0) (void) signal(SIGALRM, auth_intr);
return; alarm(30);
} while (!authenticated)
*buf = '\0'; if (telnet_spin())
break;
alarm(0);
(void) signal(SIGALRM, SIG_DFL);
/*
* Now check to see if the user is valid or not
*/
if (!authenticated || authenticated == &NoAuth)
return(AUTH_REJECT);
if (validuser == AUTH_VALID)
validuser = AUTH_USER;
if (authenticated->status)
validuser = (*authenticated->status)(authenticated,
name, validuser);
return(validuser);
}
void
auth_debug(int mode)
{
auth_debug_mode = mode;
}
void
auth_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
{
Authenticator *ap;
if ((ap = findauthenticator(data[1], data[2])) && ap->printsub)
(*ap->printsub)(data, cnt, buf, buflen);
else
auth_gen_printsub(data, cnt, buf, buflen);
}
void
auth_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
{
register unsigned char *cp;
unsigned char tbuf[16];
cnt -= 3;
data += 3;
buf[buflen-1] = '\0';
buf[buflen-2] = '*';
buflen -= 2;
for (; cnt > 0; cnt--, data++) {
sprintf((char *)tbuf, " %d", *data);
for (cp = tbuf; *cp && buflen > 0; --buflen)
*buf++ = *cp++;
if (buflen <= 0)
return;
}
*buf = '\0';
} }
#endif #endif