bail out if encryption has been requested but could not be enabled

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10801 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
2001-12-20 20:39:52 +00:00
parent 98c7ce0bbf
commit 2edd648e6b
7 changed files with 96 additions and 4 deletions

View File

@@ -62,7 +62,14 @@ net_encrypt(void)
int
telnet_spin(void)
{
return(-1);
extern int scheduler_lockout_tty;
scheduler_lockout_tty = 1;
Scheduler(0);
scheduler_lockout_tty = 0;
return 0;
}
char *

View File

@@ -66,6 +66,7 @@ extern int
localchars, /* we recognize interrupt/quit */
donelclchars, /* the user has set "localchars" */
showoptions,
wantencryption, /* User has requested encryption */
net, /* Network file descriptor */
tin, /* Terminal input file descriptor */
tout, /* Terminal output file descriptor */
@@ -81,6 +82,8 @@ extern int
termdata, /* Print out terminal data flow */
debug; /* Debug level */
extern int intr_happened, intr_waiting; /* for interrupt handling */
extern cc_t escape; /* Escape to command mode */
extern cc_t rlogin; /* Rlogin mode escape character */
#ifdef KLUDGELINEMODE

View File

@@ -126,6 +126,7 @@ krb5_init(void)
"libdefaults", "encrypt", NULL)) {
encrypt_auto(1);
decrypt_auto(1);
wantencryption = 1;
EncryptVerbose(1);
}
#endif
@@ -295,6 +296,7 @@ main(int argc, char **argv)
#ifdef ENCRYPTION
encrypt_auto(1);
decrypt_auto(1);
wantencryption = 1;
EncryptVerbose(1);
#else
fprintf(stderr,

View File

@@ -651,10 +651,17 @@ deadpeer(int sig)
longjmp(peerdied, -1);
}
int intr_happened = 0;
int intr_waiting = 0;
/* ARGSUSED */
static RETSIGTYPE
intr(int sig)
{
if (intr_waiting) {
intr_happened = 1;
return;
}
if (localchars) {
intp();
return;

View File

@@ -177,8 +177,10 @@ In this
mode, the escape character is set to the tilde (~) character,
unless modified by the -e option.
.It Fl x
Turns on encryption of the data stream if possible. This is
currently the default and when it fails a warning is issued.
Turn on encryption of the data stream. When this option is turned on,
.B telnet
will exit with an error if authentication cannot be negotiated or if
encryption cannot be turned on.
.It Ar host
Indicates the official name, an alias, or the Internet address
of a remote host.

View File

@@ -70,6 +70,7 @@ int
netdata, /* Print out network data flow */
crlf, /* Should '\r' be mapped to <CR><LF> (or <CR><NUL>)? */
telnetport,
wantencryption = 0,
SYNCHing, /* we are in TELNET SYNCH mode */
flushout, /* flush output */
autoflush = 0, /* flush output when interrupting? */
@@ -84,6 +85,8 @@ int
char *prompt = 0;
int scheduler_lockout_tty = 0;
cc_t escape;
cc_t rlogin;
#ifdef KLUDGELINEMODE
@@ -1957,7 +1960,7 @@ telsnd()
*/
static int
int
Scheduler(int block) /* should we block in the select ? */
{
/* One wants to be a bit careful about setting returnValue
@@ -1988,6 +1991,10 @@ Scheduler(int block) /* should we block in the select ? */
/* If we have seen a signal recently, reset things */
if (scheduler_lockout_tty) {
ttyin = ttyout = 0;
}
/* Call to system code to process rings */
returnValue = process_rings(netin, netout, netex, ttyin, ttyout, !block);
@@ -2010,6 +2017,8 @@ Scheduler(int block) /* should we block in the select ? */
void
my_telnet(char *user)
{
int printed_encrypt = 0;
sys_telnet_init();
#if defined(AUTHENTICATION) || defined(ENCRYPTION)
@@ -2048,6 +2057,64 @@ my_telnet(char *user)
tel_enter_binary(binary);
}
#ifdef ENCRYPTION
/*
* Note: we assume a tie to the authentication option here. This
* is necessary so that authentication fails, we don't spin
* forever.
*/
if (wantencryption) {
extern int auth_has_failed;
time_t timeout = time(0) + 60;
send_do(TELOPT_ENCRYPT, 1);
send_will(TELOPT_ENCRYPT, 1);
while (1) {
if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) {
printf("\nServer refused to negotiate authentication,\n");
printf("which is required for encryption.\n");
Exit(1);
}
if (auth_has_failed) {
printf("\nAuthentication negotation has failed,\n");
printf("which is required for encryption.\n");
Exit(1);
}
if (my_want_state_is_dont(TELOPT_ENCRYPT) ||
my_want_state_is_wont(TELOPT_ENCRYPT)) {
printf("\nServer refused to negotiate encryption.\n");
Exit(1);
}
if (encrypt_is_encrypting())
break;
if (time(0) > timeout) {
printf("\nEncryption could not be enabled.\n");
Exit(1);
}
if (printed_encrypt == 0) {
printed_encrypt = 1;
printf("Waiting for encryption to be negotiated...\n");
/*
* Turn on MODE_TRAPSIG and then turn off localchars
* so that ^C will cause telnet to exit.
*/
TerminalNewMode(getconnmode()|MODE_TRAPSIG);
intr_waiting = 1;
}
if (intr_happened) {
printf("\nUser interrupt.\n");
Exit(1);
}
telnet_spin();
}
if (printed_encrypt) {
printf("done.\n");
intr_waiting = 0;
setconnmode(0);
}
}
#endif
for (;;) {
int schedValue;

View File

@@ -138,6 +138,10 @@
#include <netinet/ip.h>
#endif
#ifdef HAVE_ARPA_INET_H
#ifdef _AIX
struct sockaddr_dl; /* AIX fun */
struct ether_addr;
#endif
#include <arpa/inet.h>
#endif