Allow encryption to be required, wait to the client to turn it on, if

failes, refuse the connection. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18111 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-09-19 08:26:21 +00:00
parent ead5f1b7b6
commit 4adf47957d
1 changed files with 20 additions and 0 deletions
--- a/appl/telnet/telnetd/telnetd.c
+++ b/appl/telnet/telnetd/telnetd.c
@@ -59,6 +59,9 @@ int	auth_level = 0;

 extern	int utmp_len;
 int	registerd_host_only = 0;
+#ifdef ENCRYPTION
+int	require_encryption = 0;
+#endif

 #undef NOERROR

@@ -137,6 +140,9 @@ char valid_opts[] = "Bd:hklnS:u:UL:y"
 #ifdef AUTHENTICATION
 		    "a:X:z"
 #endif
+#ifdef ENCRYPTION
+                     "e"
+#endif
 #ifdef DIAGNOSTICS
 		    "D:"
 #endif
@@ -248,6 +254,11 @@ main(int argc, char **argv)
 	    break;
 #endif /* DIAGNOSTICS */

+#ifdef ENCRYPTION
+	case 'e':
+	    require_encryption = 1;
+	    break;
+#endif

 	case 'h':
 	    hostinfo = 0;
@@ -549,6 +560,15 @@ getterminaltype(char *name, size_t name_sz)
    if (his_state_is_will(TELOPT_ENCRYPT)) {
 	encrypt_wait();
    }
+    if (require_encryption) {
+
+	while (encrypt_delay())
+	    if (telnet_spin())
+		fatal(net, "Failed while waiting for encryption");
+
+	if (!encrypt_is_encrypting())
+	    fatal(net, "Encryption required but not turned on by client");
+    }
 #endif
    if (his_state_is_will(TELOPT_TSPEED)) {
 	static unsigned char sb[] =