From 74c0bb16f5ef296cee7c39638fb102bb70a2ccd5 Mon Sep 17 00:00:00 2001 From: Johan Danielsson Date: Sun, 17 Nov 1996 00:04:20 +0000 Subject: [PATCH] Protoize git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@992 ec53bebd-3082-4978-b11e-865c3cabbd6b --- appl/telnet/libtelnet/encrypt.c | 1158 +++++++++++++++--------------- appl/telnet/libtelnet/genget.c | 78 +- appl/telnet/libtelnet/kerberos.c | 635 ++++++++-------- appl/telnet/libtelnet/misc.c | 60 +- 4 files changed, 952 insertions(+), 979 deletions(-) diff --git a/appl/telnet/libtelnet/encrypt.c b/appl/telnet/libtelnet/encrypt.c index e73c5470e..d0ef4b87a 100644 --- a/appl/telnet/libtelnet/encrypt.c +++ b/appl/telnet/libtelnet/encrypt.c @@ -97,45 +97,45 @@ static char *Name = "Noname"; #define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0) static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64) - | typemask(ENCTYPE_DES_OFB64); -static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64) - | typemask(ENCTYPE_DES_OFB64); -static long i_wont_support_encrypt = 0; -static long i_wont_support_decrypt = 0; + | typemask(ENCTYPE_DES_OFB64); + static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64) + | typemask(ENCTYPE_DES_OFB64); + static long i_wont_support_encrypt = 0; + static long i_wont_support_decrypt = 0; #define I_SUPPORT_ENCRYPT (i_support_encrypt & ~i_wont_support_encrypt) #define I_SUPPORT_DECRYPT (i_support_decrypt & ~i_wont_support_decrypt) -static long remote_supports_encrypt = 0; -static long remote_supports_decrypt = 0; + static long remote_supports_encrypt = 0; + static long remote_supports_decrypt = 0; -static Encryptions encryptions[] = { + static Encryptions encryptions[] = { #if defined(DES_ENCRYPTION) - { "DES_CFB64", ENCTYPE_DES_CFB64, - cfb64_encrypt, - cfb64_decrypt, - cfb64_init, - cfb64_start, - cfb64_is, - cfb64_reply, - cfb64_session, - cfb64_keyid, - cfb64_printsub }, - { "DES_OFB64", ENCTYPE_DES_OFB64, - ofb64_encrypt, - ofb64_decrypt, - ofb64_init, - ofb64_start, - ofb64_is, - ofb64_reply, - ofb64_session, - ofb64_keyid, - ofb64_printsub }, + { "DES_CFB64", ENCTYPE_DES_CFB64, + cfb64_encrypt, + cfb64_decrypt, + cfb64_init, + cfb64_start, + cfb64_is, + cfb64_reply, + cfb64_session, + cfb64_keyid, + cfb64_printsub }, + { "DES_OFB64", ENCTYPE_DES_OFB64, + ofb64_encrypt, + ofb64_decrypt, + ofb64_init, + ofb64_start, + ofb64_is, + ofb64_reply, + ofb64_session, + ofb64_keyid, + ofb64_printsub }, #endif - { 0, }, -}; + { 0, }, + }; static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT, - ENCRYPT_SUPPORT }; + ENCRYPT_SUPPORT }; static unsigned char str_suplen = 0; static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT }; static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE }; @@ -143,355 +143,355 @@ static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE }; Encryptions * findencryption(int type) { - Encryptions *ep = encryptions; + Encryptions *ep = encryptions; - if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type))) - return(0); - while (ep->type && ep->type != type) - ++ep; - return(ep->type ? ep : 0); + if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type))) + return(0); + while (ep->type && ep->type != type) + ++ep; + return(ep->type ? ep : 0); } Encryptions * finddecryption(int type) { - Encryptions *ep = encryptions; + Encryptions *ep = encryptions; - if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type))) - return(0); - while (ep->type && ep->type != type) - ++ep; - return(ep->type ? ep : 0); + if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type))) + return(0); + while (ep->type && ep->type != type) + ++ep; + return(ep->type ? ep : 0); } #define MAXKEYLEN 64 static struct key_info { - unsigned char keyid[MAXKEYLEN]; - int keylen; - int dir; - int *modep; - Encryptions *(*getcrypt)(); + unsigned char keyid[MAXKEYLEN]; + int keylen; + int dir; + int *modep; + Encryptions *(*getcrypt)(); } ki[2] = { - { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption }, - { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption }, + { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption }, + { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption }, }; void encrypt_init(char *name, int server) { - Encryptions *ep = encryptions; + Encryptions *ep = encryptions; - Name = name; - Server = server; - i_support_encrypt = i_support_decrypt = 0; - remote_supports_encrypt = remote_supports_decrypt = 0; - encrypt_mode = 0; - decrypt_mode = 0; - encrypt_output = 0; - decrypt_input = 0; + Name = name; + Server = server; + i_support_encrypt = i_support_decrypt = 0; + remote_supports_encrypt = remote_supports_decrypt = 0; + encrypt_mode = 0; + decrypt_mode = 0; + encrypt_output = 0; + decrypt_input = 0; #ifdef notdef - encrypt_verbose = !server; + encrypt_verbose = !server; #endif - str_suplen = 4; + str_suplen = 4; - while (ep->type) { - if (encrypt_debug_mode) - printf(">>>%s: I will support %s\r\n", - Name, ENCTYPE_NAME(ep->type)); - i_support_encrypt |= typemask(ep->type); - i_support_decrypt |= typemask(ep->type); - if ((i_wont_support_decrypt & typemask(ep->type)) == 0) - if ((str_send[str_suplen++] = ep->type) == IAC) - str_send[str_suplen++] = IAC; - if (ep->init) - (*ep->init)(Server); - ++ep; - } - str_send[str_suplen++] = IAC; - str_send[str_suplen++] = SE; + while (ep->type) { + if (encrypt_debug_mode) + printf(">>>%s: I will support %s\r\n", + Name, ENCTYPE_NAME(ep->type)); + i_support_encrypt |= typemask(ep->type); + i_support_decrypt |= typemask(ep->type); + if ((i_wont_support_decrypt & typemask(ep->type)) == 0) + if ((str_send[str_suplen++] = ep->type) == IAC) + str_send[str_suplen++] = IAC; + if (ep->init) + (*ep->init)(Server); + ++ep; + } + str_send[str_suplen++] = IAC; + str_send[str_suplen++] = SE; } void encrypt_list_types(void) { - Encryptions *ep = encryptions; + Encryptions *ep = encryptions; - printf("Valid encryption types:\n"); - while (ep->type) { - printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type); - ++ep; - } + printf("Valid encryption types:\n"); + while (ep->type) { + printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type); + ++ep; + } } int EncryptEnable(char *type, char *mode) { - if (isprefix(type, "help") || isprefix(type, "?")) { - printf("Usage: encrypt enable [input|output]\n"); - encrypt_list_types(); - return(0); - } - if (EncryptType(type, mode)) - return(EncryptStart(mode)); + if (isprefix(type, "help") || isprefix(type, "?")) { + printf("Usage: encrypt enable [input|output]\n"); + encrypt_list_types(); return(0); + } + if (EncryptType(type, mode)) + return(EncryptStart(mode)); + return(0); } int EncryptDisable(char *type, char *mode) { - register Encryptions *ep; - int ret = 0; + register Encryptions *ep; + int ret = 0; - if (isprefix(type, "help") || isprefix(type, "?")) { - printf("Usage: encrypt disable [input|output]\n"); - encrypt_list_types(); - } else if ((ep = (Encryptions *)genget(type, (char**)encryptions, - sizeof(Encryptions))) == 0) { - printf("%s: invalid encryption type\n", type); - } else if (Ambiguous(ep)) { - printf("Ambiguous type '%s'\n", type); - } else { - if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) { - if (decrypt_mode == ep->type) - EncryptStopInput(); - i_wont_support_decrypt |= typemask(ep->type); - ret = 1; - } - if ((mode == 0) || (isprefix(mode, "output"))) { - if (encrypt_mode == ep->type) - EncryptStopOutput(); - i_wont_support_encrypt |= typemask(ep->type); - ret = 1; - } - if (ret == 0) - printf("%s: invalid encryption mode\n", mode); + if (isprefix(type, "help") || isprefix(type, "?")) { + printf("Usage: encrypt disable [input|output]\n"); + encrypt_list_types(); + } else if ((ep = (Encryptions *)genget(type, (char**)encryptions, + sizeof(Encryptions))) == 0) { + printf("%s: invalid encryption type\n", type); + } else if (Ambiguous(ep)) { + printf("Ambiguous type '%s'\n", type); + } else { + if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) { + if (decrypt_mode == ep->type) + EncryptStopInput(); + i_wont_support_decrypt |= typemask(ep->type); + ret = 1; } - return(ret); + if ((mode == 0) || (isprefix(mode, "output"))) { + if (encrypt_mode == ep->type) + EncryptStopOutput(); + i_wont_support_encrypt |= typemask(ep->type); + ret = 1; + } + if (ret == 0) + printf("%s: invalid encryption mode\n", mode); + } + return(ret); } int EncryptType(char *type, char *mode) { - register Encryptions *ep; - int ret = 0; + register Encryptions *ep; + int ret = 0; - if (isprefix(type, "help") || isprefix(type, "?")) { - printf("Usage: encrypt type [input|output]\n"); - encrypt_list_types(); - } else if ((ep = (Encryptions *)genget(type, (char**)encryptions, - sizeof(Encryptions))) == 0) { - printf("%s: invalid encryption type\n", type); - } else if (Ambiguous(ep)) { - printf("Ambiguous type '%s'\n", type); - } else { - if ((mode == 0) || isprefix(mode, "input")) { - decrypt_mode = ep->type; - i_wont_support_decrypt &= ~typemask(ep->type); - ret = 1; - } - if ((mode == 0) || isprefix(mode, "output")) { - encrypt_mode = ep->type; - i_wont_support_encrypt &= ~typemask(ep->type); - ret = 1; - } - if (ret == 0) - printf("%s: invalid encryption mode\n", mode); + if (isprefix(type, "help") || isprefix(type, "?")) { + printf("Usage: encrypt type [input|output]\n"); + encrypt_list_types(); + } else if ((ep = (Encryptions *)genget(type, (char**)encryptions, + sizeof(Encryptions))) == 0) { + printf("%s: invalid encryption type\n", type); + } else if (Ambiguous(ep)) { + printf("Ambiguous type '%s'\n", type); + } else { + if ((mode == 0) || isprefix(mode, "input")) { + decrypt_mode = ep->type; + i_wont_support_decrypt &= ~typemask(ep->type); + ret = 1; } - return(ret); + if ((mode == 0) || isprefix(mode, "output")) { + encrypt_mode = ep->type; + i_wont_support_encrypt &= ~typemask(ep->type); + ret = 1; + } + if (ret == 0) + printf("%s: invalid encryption mode\n", mode); + } + return(ret); } int EncryptStart(char *mode) { - register int ret = 0; - if (mode) { - if (isprefix(mode, "input")) - return(EncryptStartInput()); - if (isprefix(mode, "output")) - return(EncryptStartOutput()); - if (isprefix(mode, "help") || isprefix(mode, "?")) { - printf("Usage: encrypt start [input|output]\n"); - return(0); - } - printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode); - return(0); + register int ret = 0; + if (mode) { + if (isprefix(mode, "input")) + return(EncryptStartInput()); + if (isprefix(mode, "output")) + return(EncryptStartOutput()); + if (isprefix(mode, "help") || isprefix(mode, "?")) { + printf("Usage: encrypt start [input|output]\n"); + return(0); } - ret += EncryptStartInput(); - ret += EncryptStartOutput(); - return(ret); + printf("%s: invalid encryption mode 'encrypt start ?' for help\n", mode); + return(0); + } + ret += EncryptStartInput(); + ret += EncryptStartOutput(); + return(ret); } int EncryptStartInput(void) { - if (decrypt_mode) { - encrypt_send_request_start(); - return(1); - } - printf("No previous decryption mode, decryption not enabled\r\n"); - return(0); + if (decrypt_mode) { + encrypt_send_request_start(); + return(1); + } + printf("No previous decryption mode, decryption not enabled\r\n"); + return(0); } int EncryptStartOutput(void) { - if (encrypt_mode) { - encrypt_start_output(encrypt_mode); - return(1); - } - printf("No previous encryption mode, encryption not enabled\r\n"); - return(0); + if (encrypt_mode) { + encrypt_start_output(encrypt_mode); + return(1); + } + printf("No previous encryption mode, encryption not enabled\r\n"); + return(0); } int EncryptStop(char *mode) { - int ret = 0; - if (mode) { - if (isprefix(mode, "input")) - return(EncryptStopInput()); - if (isprefix(mode, "output")) - return(EncryptStopOutput()); - if (isprefix(mode, "help") || isprefix(mode, "?")) { - printf("Usage: encrypt stop [input|output]\n"); - return(0); - } - printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode); - return(0); + int ret = 0; + if (mode) { + if (isprefix(mode, "input")) + return(EncryptStopInput()); + if (isprefix(mode, "output")) + return(EncryptStopOutput()); + if (isprefix(mode, "help") || isprefix(mode, "?")) { + printf("Usage: encrypt stop [input|output]\n"); + return(0); } - ret += EncryptStopInput(); - ret += EncryptStopOutput(); - return(ret); + printf("%s: invalid encryption mode 'encrypt stop ?' for help\n", mode); + return(0); + } + ret += EncryptStopInput(); + ret += EncryptStopOutput(); + return(ret); } int EncryptStopInput(void) { - encrypt_send_request_end(); - return(1); + encrypt_send_request_end(); + return(1); } int EncryptStopOutput(void) { - encrypt_send_end(); - return(1); + encrypt_send_end(); + return(1); } void encrypt_display(void) { - printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n", - autoencrypt?"on":"off", autodecrypt?"on":"off"); + printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n", + autoencrypt?"on":"off", autodecrypt?"on":"off"); - if (encrypt_output) - printf("Currently encrypting output with %s\r\n", - ENCTYPE_NAME(encrypt_mode)); - else - printf("Currently not encrypting output\r\n"); + if (encrypt_output) + printf("Currently encrypting output with %s\r\n", + ENCTYPE_NAME(encrypt_mode)); + else + printf("Currently not encrypting output\r\n"); - if (decrypt_input) - printf("Currently decrypting input with %s\r\n", - ENCTYPE_NAME(decrypt_mode)); - else - printf("Currently not decrypting input\r\n"); + if (decrypt_input) + printf("Currently decrypting input with %s\r\n", + ENCTYPE_NAME(decrypt_mode)); + else + printf("Currently not decrypting input\r\n"); } int EncryptStatus(void) { - printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n", - autoencrypt?"on":"off", autodecrypt?"on":"off"); + printf("Autoencrypt for output is %s. Autodecrypt for input is %s.\r\n", + autoencrypt?"on":"off", autodecrypt?"on":"off"); - if (encrypt_output) - printf("Currently encrypting output with %s\r\n", - ENCTYPE_NAME(encrypt_mode)); - else if (encrypt_mode) { - printf("Currently output is clear text.\r\n"); - printf("Last encryption mode was %s\r\n", - ENCTYPE_NAME(encrypt_mode)); - } else - printf("Currently not encrypting output\r\n"); + if (encrypt_output) + printf("Currently encrypting output with %s\r\n", + ENCTYPE_NAME(encrypt_mode)); + else if (encrypt_mode) { + printf("Currently output is clear text.\r\n"); + printf("Last encryption mode was %s\r\n", + ENCTYPE_NAME(encrypt_mode)); + } else + printf("Currently not encrypting output\r\n"); - if (decrypt_input) { - printf("Currently decrypting input with %s\r\n", - ENCTYPE_NAME(decrypt_mode)); - } else if (decrypt_mode) { - printf("Currently input is clear text.\r\n"); - printf("Last decryption mode was %s\r\n", - ENCTYPE_NAME(decrypt_mode)); - } else - printf("Currently not decrypting input\r\n"); + if (decrypt_input) { + printf("Currently decrypting input with %s\r\n", + ENCTYPE_NAME(decrypt_mode)); + } else if (decrypt_mode) { + printf("Currently input is clear text.\r\n"); + printf("Last decryption mode was %s\r\n", + ENCTYPE_NAME(decrypt_mode)); + } else + printf("Currently not decrypting input\r\n"); - return 1; + return 1; } void encrypt_send_support(void) { - if (str_suplen) { - /* - * If the user has requested that decryption start - * immediatly, then send a "REQUEST START" before - * we negotiate the type. - */ - if (!Server && autodecrypt) - encrypt_send_request_start(); - net_write(str_send, str_suplen); - printsub('>', &str_send[2], str_suplen - 2); - str_suplen = 0; - } + if (str_suplen) { + /* + * If the user has requested that decryption start + * immediatly, then send a "REQUEST START" before + * we negotiate the type. + */ + if (!Server && autodecrypt) + encrypt_send_request_start(); + net_write(str_send, str_suplen); + printsub('>', &str_send[2], str_suplen - 2); + str_suplen = 0; + } } int EncryptDebug(int on) { - if (on < 0) - encrypt_debug_mode ^= 1; - else - encrypt_debug_mode = on; - printf("Encryption debugging %s\r\n", - encrypt_debug_mode ? "enabled" : "disabled"); - return(1); + if (on < 0) + encrypt_debug_mode ^= 1; + else + encrypt_debug_mode = on; + printf("Encryption debugging %s\r\n", + encrypt_debug_mode ? "enabled" : "disabled"); + return(1); } /* turn on verbose encryption, but dont keep telling the whole world */ void encrypt_verbose_quiet(int on) { - if(on < 0) - encrypt_verbose ^= 1; - else - encrypt_verbose = on ? 1 : 0; + if(on < 0) + encrypt_verbose ^= 1; + else + encrypt_verbose = on ? 1 : 0; } int EncryptVerbose(int on) { - encrypt_verbose_quiet(on); - printf("Encryption %s verbose\r\n", - encrypt_verbose ? "is" : "is not"); - return(1); + encrypt_verbose_quiet(on); + printf("Encryption %s verbose\r\n", + encrypt_verbose ? "is" : "is not"); + return(1); } int EncryptAutoEnc(int on) { - encrypt_auto(on); - printf("Automatic encryption of output is %s\r\n", - autoencrypt ? "enabled" : "disabled"); - return(1); + encrypt_auto(on); + printf("Automatic encryption of output is %s\r\n", + autoencrypt ? "enabled" : "disabled"); + return(1); } int EncryptAutoDec(int on) { - decrypt_auto(on); - printf("Automatic decryption of input is %s\r\n", - autodecrypt ? "enabled" : "disabled"); - return(1); + decrypt_auto(on); + printf("Automatic decryption of input is %s\r\n", + autodecrypt ? "enabled" : "disabled"); + return(1); } /* Called when we receive a WONT or a DONT ENCRYPT after we sent a DO @@ -512,130 +512,130 @@ encrypt_not(void) void encrypt_support(unsigned char *typelist, int cnt) { - register int type, use_type = 0; - Encryptions *ep; + register int type, use_type = 0; + Encryptions *ep; - /* - * Forget anything the other side has previously told us. - */ - remote_supports_decrypt = 0; + /* + * Forget anything the other side has previously told us. + */ + remote_supports_decrypt = 0; - while (cnt-- > 0) { - type = *typelist++; - if (encrypt_debug_mode) - printf(">>>%s: He is supporting %s (%d)\r\n", - Name, - ENCTYPE_NAME(type), type); - if ((type < ENCTYPE_CNT) && - (I_SUPPORT_ENCRYPT & typemask(type))) { - remote_supports_decrypt |= typemask(type); - if (use_type == 0) - use_type = type; - } - } - if (use_type) { - ep = findencryption(use_type); - if (!ep) - return; - type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0; - if (encrypt_debug_mode) - printf(">>>%s: (*ep->start)() returned %d\r\n", - Name, type); - if (type < 0) - return; - encrypt_mode = use_type; - if (type == 0) - encrypt_start_output(use_type); + while (cnt-- > 0) { + type = *typelist++; + if (encrypt_debug_mode) + printf(">>>%s: He is supporting %s (%d)\r\n", + Name, + ENCTYPE_NAME(type), type); + if ((type < ENCTYPE_CNT) && + (I_SUPPORT_ENCRYPT & typemask(type))) { + remote_supports_decrypt |= typemask(type); + if (use_type == 0) + use_type = type; } + } + if (use_type) { + ep = findencryption(use_type); + if (!ep) + return; + type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0; + if (encrypt_debug_mode) + printf(">>>%s: (*ep->start)() returned %d\r\n", + Name, type); + if (type < 0) + return; + encrypt_mode = use_type; + if (type == 0) + encrypt_start_output(use_type); + } } void encrypt_is(unsigned char *data, int cnt) { - Encryptions *ep; - register int type, ret; + Encryptions *ep; + register int type, ret; - if (--cnt < 0) - return; - type = *data++; - if (type < ENCTYPE_CNT) - remote_supports_encrypt |= typemask(type); - if (!(ep = finddecryption(type))) { - if (encrypt_debug_mode) - printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", - Name, - ENCTYPE_NAME_OK(type) - ? ENCTYPE_NAME(type) : "(unknown)", - type); - return; - } - if (!ep->is) { - if (encrypt_debug_mode) - printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", - Name, - ENCTYPE_NAME_OK(type) - ? ENCTYPE_NAME(type) : "(unknown)", - type); - ret = 0; - } else { - ret = (*ep->is)(data, cnt); - if (encrypt_debug_mode) - printf("(*ep->is)(%p, %d) returned %s(%d)\n", data, cnt, - (ret < 0) ? "FAIL " : - (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); - } - if (ret < 0) { - autodecrypt = 0; - } else { - decrypt_mode = type; - if (ret == 0 && autodecrypt) - encrypt_send_request_start(); - } + if (--cnt < 0) + return; + type = *data++; + if (type < ENCTYPE_CNT) + remote_supports_encrypt |= typemask(type); + if (!(ep = finddecryption(type))) { + if (encrypt_debug_mode) + printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", + Name, + ENCTYPE_NAME_OK(type) + ? ENCTYPE_NAME(type) : "(unknown)", + type); + return; + } + if (!ep->is) { + if (encrypt_debug_mode) + printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", + Name, + ENCTYPE_NAME_OK(type) + ? ENCTYPE_NAME(type) : "(unknown)", + type); + ret = 0; + } else { + ret = (*ep->is)(data, cnt); + if (encrypt_debug_mode) + printf("(*ep->is)(%p, %d) returned %s(%d)\n", data, cnt, + (ret < 0) ? "FAIL " : + (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); + } + if (ret < 0) { + autodecrypt = 0; + } else { + decrypt_mode = type; + if (ret == 0 && autodecrypt) + encrypt_send_request_start(); + } } void encrypt_reply(unsigned char *data, int cnt) { - Encryptions *ep; - register int ret, type; + Encryptions *ep; + register int ret, type; - if (--cnt < 0) - return; - type = *data++; - if (!(ep = findencryption(type))) { - if (encrypt_debug_mode) - printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", - Name, - ENCTYPE_NAME_OK(type) - ? ENCTYPE_NAME(type) : "(unknown)", - type); - return; - } - if (!ep->reply) { - if (encrypt_debug_mode) - printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", - Name, - ENCTYPE_NAME_OK(type) - ? ENCTYPE_NAME(type) : "(unknown)", - type); - ret = 0; - } else { - ret = (*ep->reply)(data, cnt); - if (encrypt_debug_mode) - printf("(*ep->reply)(%p, %d) returned %s(%d)\n", - data, cnt, - (ret < 0) ? "FAIL " : - (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); - } + if (--cnt < 0) + return; + type = *data++; + if (!(ep = findencryption(type))) { if (encrypt_debug_mode) - printf(">>>%s: encrypt_reply returned %d\n", Name, ret); - if (ret < 0) { - autoencrypt = 0; - } else { - encrypt_mode = type; - if (ret == 0 && autoencrypt) - encrypt_start_output(type); - } + printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n", + Name, + ENCTYPE_NAME_OK(type) + ? ENCTYPE_NAME(type) : "(unknown)", + type); + return; + } + if (!ep->reply) { + if (encrypt_debug_mode) + printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n", + Name, + ENCTYPE_NAME_OK(type) + ? ENCTYPE_NAME(type) : "(unknown)", + type); + ret = 0; + } else { + ret = (*ep->reply)(data, cnt); + if (encrypt_debug_mode) + printf("(*ep->reply)(%p, %d) returned %s(%d)\n", + data, cnt, + (ret < 0) ? "FAIL " : + (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret); + } + if (encrypt_debug_mode) + printf(">>>%s: encrypt_reply returned %d\n", Name, ret); + if (ret < 0) { + autoencrypt = 0; + } else { + encrypt_mode = type; + if (ret == 0 && autoencrypt) + encrypt_start_output(type); + } } /* @@ -644,51 +644,51 @@ encrypt_reply(unsigned char *data, int cnt) void encrypt_start(unsigned char *data, int cnt) { - Encryptions *ep; + Encryptions *ep; - if (!decrypt_mode) { - /* - * Something is wrong. We should not get a START - * command without having already picked our - * decryption scheme. Send a REQUEST-END to - * attempt to clear the channel... - */ - printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name); - encrypt_send_request_end(); - return; - } + if (!decrypt_mode) { + /* + * Something is wrong. We should not get a START + * command without having already picked our + * decryption scheme. Send a REQUEST-END to + * attempt to clear the channel... + */ + printf("%s: Warning, Cannot decrypt input stream!!!\r\n", Name); + encrypt_send_request_end(); + return; + } - if (ep = finddecryption(decrypt_mode)) { - decrypt_input = ep->input; - if (encrypt_verbose) - printf("[ Input is now decrypted with type %s ]\r\n", - ENCTYPE_NAME(decrypt_mode)); - if (encrypt_debug_mode) - printf(">>>%s: Start to decrypt input with type %s\r\n", - Name, ENCTYPE_NAME(decrypt_mode)); - } else { - printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n", - Name, - ENCTYPE_NAME_OK(decrypt_mode) - ? ENCTYPE_NAME(decrypt_mode) - : "(unknown)", - decrypt_mode); - encrypt_send_request_end(); - } + if (ep = finddecryption(decrypt_mode)) { + decrypt_input = ep->input; + if (encrypt_verbose) + printf("[ Input is now decrypted with type %s ]\r\n", + ENCTYPE_NAME(decrypt_mode)); + if (encrypt_debug_mode) + printf(">>>%s: Start to decrypt input with type %s\r\n", + Name, ENCTYPE_NAME(decrypt_mode)); + } else { + printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n", + Name, + ENCTYPE_NAME_OK(decrypt_mode) + ? ENCTYPE_NAME(decrypt_mode) + : "(unknown)", + decrypt_mode); + encrypt_send_request_end(); + } } void encrypt_session_key(Session_Key *key, int server) { - Encryptions *ep = encryptions; + Encryptions *ep = encryptions; - havesessionkey = 1; + havesessionkey = 1; - while (ep->type) { - if (ep->session) - (*ep->session)(key, server); - ++ep; - } + while (ep->type) { + if (ep->session) + (*ep->session)(key, server); + ++ep; + } } /* @@ -697,11 +697,11 @@ encrypt_session_key(Session_Key *key, int server) void encrypt_end(void) { - decrypt_input = 0; - if (encrypt_debug_mode) - printf(">>>%s: Input is back to clear text\r\n", Name); - if (encrypt_verbose) - printf("[ Input is now clear text ]\r\n"); + decrypt_input = 0; + if (encrypt_debug_mode) + printf(">>>%s: Input is back to clear text\r\n", Name); + if (encrypt_verbose) + printf("[ Input is now clear text ]\r\n"); } /* @@ -710,7 +710,7 @@ encrypt_end(void) void encrypt_request_end(void) { - encrypt_send_end(); + encrypt_send_end(); } /* @@ -722,264 +722,264 @@ encrypt_request_end(void) void encrypt_request_start(unsigned char *data, int cnt) { - if (encrypt_mode == 0) { - if (Server) - autoencrypt = 1; - return; - } - encrypt_start_output(encrypt_mode); + if (encrypt_mode == 0) { + if (Server) + autoencrypt = 1; + return; + } + encrypt_start_output(encrypt_mode); } static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT }; void encrypt_keyid(struct key_info *kp, unsigned char *keyid, int len) { - Encryptions *ep; - int dir = kp->dir; - register int ret = 0; + Encryptions *ep; + int dir = kp->dir; + register int ret = 0; - if (!(ep = (*kp->getcrypt)(*kp->modep))) { - if (len == 0) - return; - kp->keylen = 0; - } else if (len == 0) { - /* - * Empty option, indicates a failure. - */ - if (kp->keylen == 0) - return; - kp->keylen = 0; - if (ep->keyid) - (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); + if (!(ep = (*kp->getcrypt)(*kp->modep))) { + if (len == 0) + return; + kp->keylen = 0; + } else if (len == 0) { + /* + * Empty option, indicates a failure. + */ + if (kp->keylen == 0) + return; + kp->keylen = 0; + if (ep->keyid) + (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); - } else if ((len != kp->keylen) || (memcmp(keyid,kp->keyid,len) != 0)) { - /* - * Length or contents are different - */ - kp->keylen = len; - memcpy(kp->keyid,keyid, len); - if (ep->keyid) - (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); - } else { - if (ep->keyid) - ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen); - if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt) - encrypt_start_output(*kp->modep); - return; - } + } else if ((len != kp->keylen) || (memcmp(keyid,kp->keyid,len) != 0)) { + /* + * Length or contents are different + */ + kp->keylen = len; + memcpy(kp->keyid,keyid, len); + if (ep->keyid) + (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen); + } else { + if (ep->keyid) + ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen); + if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt) + encrypt_start_output(*kp->modep); + return; + } - encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0); + encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0); } void encrypt_enc_keyid(unsigned char *keyid, int len) { - encrypt_keyid(&ki[1], keyid, len); + encrypt_keyid(&ki[1], keyid, len); } void encrypt_dec_keyid(unsigned char *keyid, int len) { - encrypt_keyid(&ki[0], keyid, len); + encrypt_keyid(&ki[0], keyid, len); } void encrypt_send_keyid(int dir, unsigned char *keyid, int keylen, int saveit) { - unsigned char *strp; + unsigned char *strp; - str_keyid[3] = (dir == DIR_ENCRYPT) - ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID; - if (saveit) { - struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1]; - memcpy(kp->keyid,keyid, keylen); - kp->keylen = keylen; - } + str_keyid[3] = (dir == DIR_ENCRYPT) + ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID; + if (saveit) { + struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1]; + memcpy(kp->keyid,keyid, keylen); + kp->keylen = keylen; + } - for (strp = &str_keyid[4]; keylen > 0; --keylen) { - if ((*strp++ = *keyid++) == IAC) - *strp++ = IAC; - } - *strp++ = IAC; - *strp++ = SE; - net_write(str_keyid, strp - str_keyid); - printsub('>', &str_keyid[2], strp - str_keyid - 2); + for (strp = &str_keyid[4]; keylen > 0; --keylen) { + if ((*strp++ = *keyid++) == IAC) + *strp++ = IAC; + } + *strp++ = IAC; + *strp++ = SE; + net_write(str_keyid, strp - str_keyid); + printsub('>', &str_keyid[2], strp - str_keyid - 2); } void encrypt_auto(int on) { - if (on < 0) - autoencrypt ^= 1; - else - autoencrypt = on ? 1 : 0; + if (on < 0) + autoencrypt ^= 1; + else + autoencrypt = on ? 1 : 0; } void decrypt_auto(int on) { - if (on < 0) - autodecrypt ^= 1; - else - autodecrypt = on ? 1 : 0; + if (on < 0) + autodecrypt ^= 1; + else + autodecrypt = on ? 1 : 0; } void encrypt_start_output(int type) { - Encryptions *ep; - register unsigned char *p; - register int i; + Encryptions *ep; + register unsigned char *p; + register int i; - if (!(ep = findencryption(type))) { - if (encrypt_debug_mode) { - printf(">>>%s: Can't encrypt with type %s (%d)\r\n", - Name, - ENCTYPE_NAME_OK(type) - ? ENCTYPE_NAME(type) : "(unknown)", - type); - } - return; + if (!(ep = findencryption(type))) { + if (encrypt_debug_mode) { + printf(">>>%s: Can't encrypt with type %s (%d)\r\n", + Name, + ENCTYPE_NAME_OK(type) + ? ENCTYPE_NAME(type) : "(unknown)", + type); } - if (ep->start) { - i = (*ep->start)(DIR_ENCRYPT, Server); - if (encrypt_debug_mode) { - printf(">>>%s: Encrypt start: %s (%d) %s\r\n", - Name, - (i < 0) ? "failed" : - "initial negotiation in progress", - i, ENCTYPE_NAME(type)); - } - if (i) - return; + return; + } + if (ep->start) { + i = (*ep->start)(DIR_ENCRYPT, Server); + if (encrypt_debug_mode) { + printf(">>>%s: Encrypt start: %s (%d) %s\r\n", + Name, + (i < 0) ? "failed" : + "initial negotiation in progress", + i, ENCTYPE_NAME(type)); } - p = str_start + 3; - *p++ = ENCRYPT_START; - for (i = 0; i < ki[0].keylen; ++i) { - if ((*p++ = ki[0].keyid[i]) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - net_write(str_start, p - str_start); - net_encrypt(); - printsub('>', &str_start[2], p - &str_start[2]); - /* - * If we are already encrypting in some mode, then - * encrypt the ring (which includes our request) in - * the old mode, mark it all as "clear text" and then - * switch to the new mode. - */ - encrypt_output = ep->output; - encrypt_mode = type; - if (encrypt_debug_mode) - printf(">>>%s: Started to encrypt output with type %s\r\n", - Name, ENCTYPE_NAME(type)); - if (encrypt_verbose) - printf("[ Output is now encrypted with type %s ]\r\n", - ENCTYPE_NAME(type)); + if (i) + return; + } + p = str_start + 3; + *p++ = ENCRYPT_START; + for (i = 0; i < ki[0].keylen; ++i) { + if ((*p++ = ki[0].keyid[i]) == IAC) + *p++ = IAC; + } + *p++ = IAC; + *p++ = SE; + net_write(str_start, p - str_start); + net_encrypt(); + printsub('>', &str_start[2], p - &str_start[2]); + /* + * If we are already encrypting in some mode, then + * encrypt the ring (which includes our request) in + * the old mode, mark it all as "clear text" and then + * switch to the new mode. + */ + encrypt_output = ep->output; + encrypt_mode = type; + if (encrypt_debug_mode) + printf(">>>%s: Started to encrypt output with type %s\r\n", + Name, ENCTYPE_NAME(type)); + if (encrypt_verbose) + printf("[ Output is now encrypted with type %s ]\r\n", + ENCTYPE_NAME(type)); } void encrypt_send_end(void) { - if (!encrypt_output) - return; + if (!encrypt_output) + return; - str_end[3] = ENCRYPT_END; - net_write(str_end, sizeof(str_end)); - net_encrypt(); - printsub('>', &str_end[2], sizeof(str_end) - 2); - /* - * Encrypt the output buffer now because it will not be done by - * netflush... - */ - encrypt_output = 0; - if (encrypt_debug_mode) - printf(">>>%s: Output is back to clear text\r\n", Name); - if (encrypt_verbose) - printf("[ Output is now clear text ]\r\n"); + str_end[3] = ENCRYPT_END; + net_write(str_end, sizeof(str_end)); + net_encrypt(); + printsub('>', &str_end[2], sizeof(str_end) - 2); + /* + * Encrypt the output buffer now because it will not be done by + * netflush... + */ + encrypt_output = 0; + if (encrypt_debug_mode) + printf(">>>%s: Output is back to clear text\r\n", Name); + if (encrypt_verbose) + printf("[ Output is now clear text ]\r\n"); } void encrypt_send_request_start(void) { - register unsigned char *p; - register int i; + register unsigned char *p; + register int i; - p = &str_start[3]; - *p++ = ENCRYPT_REQSTART; - for (i = 0; i < ki[1].keylen; ++i) { - if ((*p++ = ki[1].keyid[i]) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - net_write(str_start, p - str_start); - printsub('>', &str_start[2], p - &str_start[2]); - if (encrypt_debug_mode) - printf(">>>%s: Request input to be encrypted\r\n", Name); + p = &str_start[3]; + *p++ = ENCRYPT_REQSTART; + for (i = 0; i < ki[1].keylen; ++i) { + if ((*p++ = ki[1].keyid[i]) == IAC) + *p++ = IAC; + } + *p++ = IAC; + *p++ = SE; + net_write(str_start, p - str_start); + printsub('>', &str_start[2], p - &str_start[2]); + if (encrypt_debug_mode) + printf(">>>%s: Request input to be encrypted\r\n", Name); } void encrypt_send_request_end(void) { - str_end[3] = ENCRYPT_REQEND; - net_write(str_end, sizeof(str_end)); - printsub('>', &str_end[2], sizeof(str_end) - 2); + str_end[3] = ENCRYPT_REQEND; + net_write(str_end, sizeof(str_end)); + printsub('>', &str_end[2], sizeof(str_end) - 2); - if (encrypt_debug_mode) - printf(">>>%s: Request input to be clear text\r\n", Name); + if (encrypt_debug_mode) + printf(">>>%s: Request input to be clear text\r\n", Name); } void encrypt_wait(void) { - if (encrypt_debug_mode) - printf(">>>%s: in encrypt_wait\r\n", Name); - if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt)) - return; - while (autoencrypt && !encrypt_output) - if (telnet_spin()) - return; + if (encrypt_debug_mode) + printf(">>>%s: in encrypt_wait\r\n", Name); + if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt)) + return; + while (autoencrypt && !encrypt_output) + if (telnet_spin()) + return; } void encrypt_debug(int mode) { - encrypt_debug_mode = mode; + encrypt_debug_mode = mode; } void encrypt_gen_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { - char tbuf[16], *cp; + char tbuf[16], *cp; - cnt -= 2; - data += 2; - buf[buflen-1] = '\0'; - buf[buflen-2] = '*'; - buflen -= 2;; - for (; cnt > 0; cnt--, data++) { - sprintf(tbuf, " %d", *data); - for (cp = tbuf; *cp && buflen > 0; --buflen) - *buf++ = *cp++; - if (buflen <= 0) - return; - } - *buf = '\0'; + cnt -= 2; + data += 2; + buf[buflen-1] = '\0'; + buf[buflen-2] = '*'; + buflen -= 2;; + for (; cnt > 0; cnt--, data++) { + sprintf(tbuf, " %d", *data); + for (cp = tbuf; *cp && buflen > 0; --buflen) + *buf++ = *cp++; + if (buflen <= 0) + return; + } + *buf = '\0'; } void encrypt_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { - Encryptions *ep; - register int type = data[1]; + Encryptions *ep; + register int type = data[1]; - for (ep = encryptions; ep->type && ep->type != type; ep++) - ; + for (ep = encryptions; ep->type && ep->type != type; ep++) + ; - if (ep->printsub) - (*ep->printsub)(data, cnt, buf, buflen); - else - encrypt_gen_printsub(data, cnt, buf, buflen); + if (ep->printsub) + (*ep->printsub)(data, cnt, buf, buflen); + else + encrypt_gen_printsub(data, cnt, buf, buflen); } #endif diff --git a/appl/telnet/libtelnet/genget.c b/appl/telnet/libtelnet/genget.c index c3e351e1c..35b2182fd 100644 --- a/appl/telnet/libtelnet/genget.c +++ b/appl/telnet/libtelnet/genget.c @@ -46,58 +46,58 @@ static char sccsid[] = "@(#)genget.c 8.2 (Berkeley) 5/30/95"; * the length of *s1 is returned. */ -int isprefix(char *s1, char *s2) +int +isprefix(char *s1, char *s2) { - char *os1; - register char c1, c2; + char *os1; + register char c1, c2; - if (*s1 == '\0') - return(-1); - os1 = s1; - c1 = *s1; - c2 = *s2; - while (LOWER(c1) == LOWER(c2)) { - if (c1 == '\0') - break; - c1 = *++s1; - c2 = *++s2; - } - return(*s1 ? 0 : (*s2 ? (s1 - os1) : (os1 - s1))); + if (*s1 == '\0') + return(-1); + os1 = s1; + c1 = *s1; + c2 = *s2; + while (LOWER(c1) == LOWER(c2)) { + if (c1 == '\0') + break; + c1 = *++s1; + c2 = *++s2; + } + return(*s1 ? 0 : (*s2 ? (s1 - os1) : (os1 - s1))); } static char *ambiguous; /* special return value for command routines */ - char ** -genget(name, table, stlen) - char *name; /* name to match */ - char **table; /* name entry in table */ - int stlen; +char ** +genget(char *name, char **table, int stlen) + /* name to match */ + /* name entry in table */ + { - register char **c, **found; - register int n; + register char **c, **found; + register int n; - if (name == 0) - return 0; + if (name == 0) + return 0; - found = 0; - for (c = table; *c != 0; c = (char **)((char *)c + stlen)) { - if ((n = isprefix(name, *c)) == 0) - continue; - if (n < 0) /* exact match */ - return(c); - if (found) - return(&ambiguous); - found = c; - } - return(found); + found = 0; + for (c = table; *c != 0; c = (char **)((char *)c + stlen)) { + if ((n = isprefix(name, *c)) == 0) + continue; + if (n < 0) /* exact match */ + return(c); + if (found) + return(&ambiguous); + found = c; + } + return(found); } /* * Function call version of Ambiguous() */ - int -Ambiguous(s) - char *s; +int +Ambiguous(char *s) { - return((char **)s == &ambiguous); + return((char **)s == &ambiguous); } diff --git a/appl/telnet/libtelnet/kerberos.c b/appl/telnet/libtelnet/kerberos.c index f2e66655e..161690cc2 100644 --- a/appl/telnet/libtelnet/kerberos.c +++ b/appl/telnet/libtelnet/kerberos.c @@ -103,57 +103,51 @@ static des_cblock session_key; static des_key_schedule sched; static des_cblock challenge; - static int -Data(ap, type, d, c) - Authenticator *ap; - int type; - void *d; - int c; +static int +Data(Authenticator *ap, int type, void *d, int c) { - unsigned char *p = str_data + 4; - unsigned char *cd = (unsigned char *)d; + unsigned char *p = str_data + 4; + unsigned char *cd = (unsigned char *)d; - if (c == -1) - c = strlen((char *)cd); + if (c == -1) + c = strlen((char *)cd); - if (auth_debug_mode) { - printf("%s:%d: [%d] (%d)", - str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", - str_data[3], - type, c); - printd(d, c); - printf("\r\n"); - } - *p++ = ap->type; - *p++ = ap->way; - *p++ = type; - while (c-- > 0) { - if ((*p++ = *cd++) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - if (str_data[3] == TELQUAL_IS) - printsub('>', &str_data[2], p - (&str_data[2])); - return(net_write(str_data, p - str_data)); + if (auth_debug_mode) { + printf("%s:%d: [%d] (%d)", + str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", + str_data[3], + type, c); + printd(d, c); + printf("\r\n"); + } + *p++ = ap->type; + *p++ = ap->way; + *p++ = type; + while (c-- > 0) { + if ((*p++ = *cd++) == IAC) + *p++ = IAC; + } + *p++ = IAC; + *p++ = SE; + if (str_data[3] == TELQUAL_IS) + printsub('>', &str_data[2], p - (&str_data[2])); + return(net_write(str_data, p - str_data)); } - int -kerberos4_init(ap, server) - Authenticator *ap; - int server; +int +kerberos4_init(Authenticator *ap, int server) { - FILE *fp; + FILE *fp; - if (server) { - str_data[3] = TELQUAL_REPLY; - if ((fp = fopen(KEYFILE, "r")) == NULL) - return(0); - fclose(fp); - } else { - str_data[3] = TELQUAL_IS; - } - return(1); + if (server) { + str_data[3] = TELQUAL_REPLY; + if ((fp = fopen(KEYFILE, "r")) == NULL) + return(0); + fclose(fp); + } else { + str_data[3] = TELQUAL_IS; + } + return(1); } char dst_realm_buf[REALM_SZ], *dest_realm = NULL; @@ -162,180 +156,177 @@ int dst_realm_sz = REALM_SZ; static int kerberos4_send(char *name, Authenticator *ap) { - KTEXT_ST auth; - char instance[INST_SZ]; - char *realm; - char *krb_realmofhost(); - char *krb_get_phost(); - CREDENTIALS cred; - int r; + KTEXT_ST auth; + char instance[INST_SZ]; + char *realm; + char *krb_realmofhost(const char *); + char *krb_get_phost(const char *); + CREDENTIALS cred; + int r; - printf("[ Trying %s ... ]\r\n", name); - if (!UserNameRequested) { - if (auth_debug_mode) { - printf("Kerberos V4: no user name supplied\r\n"); - } - return(0); + printf("[ Trying %s ... ]\r\n", name); + if (!UserNameRequested) { + if (auth_debug_mode) { + printf("Kerberos V4: no user name supplied\r\n"); } + return(0); + } - memset(instance, 0, sizeof(instance)); + memset(instance, 0, sizeof(instance)); - if (realm = krb_get_phost(RemoteHostName)) - strncpy(instance, realm, sizeof(instance)); + if (realm = krb_get_phost(RemoteHostName)) + strncpy(instance, realm, sizeof(instance)); - instance[sizeof(instance)-1] = '\0'; + instance[sizeof(instance)-1] = '\0'; - realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName); + realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName); - if (!realm) { - printf("Kerberos V4: no realm for %s\r\n", RemoteHostName); - return(0); - } - if (r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0L)) { - printf("mk_req failed: %s\r\n", krb_get_err_text(r)); - return(0); - } - if (r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred)) { - printf("get_cred failed: %s\r\n", krb_get_err_text(r)); - return(0); - } - if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { - if (auth_debug_mode) - printf("Not enough room for user name\r\n"); - return(0); - } + if (!realm) { + printf("Kerberos V4: no realm for %s\r\n", RemoteHostName); + return(0); + } + if (r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0L)) { + printf("mk_req failed: %s\r\n", krb_get_err_text(r)); + return(0); + } + if (r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred)) { + printf("get_cred failed: %s\r\n", krb_get_err_text(r)); + return(0); + } + if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { if (auth_debug_mode) - printf("Sent %d bytes of authentication data\r\n", auth.length); - if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) { - if (auth_debug_mode) - printf("Not enough room for authentication data\r\n"); - return(0); - } + printf("Not enough room for user name\r\n"); + return(0); + } + if (auth_debug_mode) + printf("Sent %d bytes of authentication data\r\n", auth.length); + if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) { + if (auth_debug_mode) + printf("Not enough room for authentication data\r\n"); + return(0); + } #ifdef ENCRYPTION - /* create challenge */ - if ((ap->way & AUTH_HOW_MASK)==AUTH_HOW_MUTUAL) { - int i; + /* create challenge */ + if ((ap->way & AUTH_HOW_MASK)==AUTH_HOW_MUTUAL) { + int i; - des_key_sched(&cred.session, sched); - des_init_random_number_generator(&cred.session); - des_new_random_key(&session_key); - des_ecb_encrypt(&session_key, &session_key, sched, 0); - des_ecb_encrypt(&session_key, &challenge, sched, 0); + des_key_sched(&cred.session, sched); + des_init_random_number_generator(&cred.session); + des_new_random_key(&session_key); + des_ecb_encrypt(&session_key, &session_key, sched, 0); + des_ecb_encrypt(&session_key, &challenge, sched, 0); - /* - old code - Some CERT Advisory thinks this is a bad thing... + /* + old code + Some CERT Advisory thinks this is a bad thing... - des_init_random_number_generator(&cred.session); - des_new_random_key(&challenge); - des_ecb_encrypt(&challenge, &session_key, sched, 1); - */ + des_init_random_number_generator(&cred.session); + des_new_random_key(&challenge); + des_ecb_encrypt(&challenge, &session_key, sched, 1); + */ - /* - * Increment the challenge by 1, and encrypt it for - * later comparison. - */ - for (i = 7; i >= 0; --i) + /* + * Increment the challenge by 1, and encrypt it for + * later comparison. + */ + for (i = 7; i >= 0; --i) if(++challenge[i] != 0) /* No carry! */ - break; - des_ecb_encrypt(&challenge, &challenge, sched, 1); - } + break; + des_ecb_encrypt(&challenge, &challenge, sched, 1); + } #endif - if (auth_debug_mode) { - printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length)); - printd(auth.dat, auth.length); - printf("\r\n"); - printf("Sent Kerberos V4 credentials to server\r\n"); - } - return(1); + if (auth_debug_mode) { + printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length)); + printd(auth.dat, auth.length); + printf("\r\n"); + printf("Sent Kerberos V4 credentials to server\r\n"); + } + return(1); } int kerberos4_send_mutual(Authenticator *ap) { - return kerberos4_send("mutual KERBEROS4", ap); + return kerberos4_send("mutual KERBEROS4", ap); } int kerberos4_send_oneway(Authenticator *ap) { - return kerberos4_send("KERBEROS4", ap); + return kerberos4_send("KERBEROS4", ap); } - void -kerberos4_is(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; +void +kerberos4_is(Authenticator *ap, unsigned char *data, int cnt) { - char realm[REALM_SZ]; - char instance[INST_SZ]; - int r; + char realm[REALM_SZ]; + char instance[INST_SZ]; + int r; - if (cnt-- < 1) - return; - switch (*data++) { - case KRB_AUTH: - if (krb_get_lrealm(realm, 1) != KSUCCESS) { - Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1); - auth_finished(ap, AUTH_REJECT); - if (auth_debug_mode) - printf("No local realm\r\n"); - return; - } - memmove((void *)auth.dat, (void *)data, auth.length = cnt); - if (auth_debug_mode) { - printf("Got %d bytes of authentication data\r\n", cnt); - printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length)); - printd(auth.dat, auth.length); - printf("\r\n"); - } - k_getsockinst(0, instance); /* Telnetd uses socket 0 */ - if (r = krb_rd_req(&auth, KRB_SERVICE_NAME, - instance, 0, &adat, "")) { - if (auth_debug_mode) - printf("Kerberos failed him as %s\r\n", name); - Data(ap, KRB_REJECT, (void *)krb_get_err_text(r), -1); - auth_finished(ap, AUTH_REJECT); - return; - } - /* save the session key */ - memmove(session_key, adat.session, sizeof(adat.session)); - krb_kntoln(&adat, name); + if (cnt-- < 1) + return; + switch (*data++) { + case KRB_AUTH: + if (krb_get_lrealm(realm, 1) != KSUCCESS) { + Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1); + auth_finished(ap, AUTH_REJECT); + if (auth_debug_mode) + printf("No local realm\r\n"); + return; + } + memmove((void *)auth.dat, (void *)data, auth.length = cnt); + if (auth_debug_mode) { + printf("Got %d bytes of authentication data\r\n", cnt); + printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length)); + printd(auth.dat, auth.length); + printf("\r\n"); + } + k_getsockinst(0, instance); /* Telnetd uses socket 0 */ + if (r = krb_rd_req(&auth, KRB_SERVICE_NAME, + instance, 0, &adat, "")) { + if (auth_debug_mode) + printf("Kerberos failed him as %s\r\n", name); + Data(ap, KRB_REJECT, (void *)krb_get_err_text(r), -1); + auth_finished(ap, AUTH_REJECT); + return; + } + /* save the session key */ + memmove(session_key, adat.session, sizeof(adat.session)); + krb_kntoln(&adat, name); - if (UserNameRequested && !kuserok(&adat, UserNameRequested)) - Data(ap, KRB_ACCEPT, (void *)0, 0); - else { - char *msg = malloc(ANAME_SZ + 1 + INST_SZ + - REALM_SZ + - strlen(UserNameRequested) + 80); + if (UserNameRequested && !kuserok(&adat, UserNameRequested)) + Data(ap, KRB_ACCEPT, (void *)0, 0); + else { + char *msg = malloc(ANAME_SZ + 1 + INST_SZ + + REALM_SZ + + strlen(UserNameRequested) + 80); - if (msg == NULL) - Data(ap, KRB_REJECT, (void *)0, 0); - sprintf (msg, "user `%s' is not authorized to " - "login as `%s'", - krb_unparse_name(adat.pname, - adat.pinst, - adat.prealm), - UserNameRequested); + if (msg == NULL) + Data(ap, KRB_REJECT, (void *)0, 0); + sprintf (msg, "user `%s' is not authorized to " + "login as `%s'", + krb_unparse_name(adat.pname, + adat.pinst, + adat.prealm), + UserNameRequested); - Data(ap, KRB_REJECT, (void *)msg, -1); - free(msg); - } - auth_finished(ap, AUTH_USER); - break; + Data(ap, KRB_REJECT, (void *)msg, -1); + free(msg); + } + auth_finished(ap, AUTH_USER); + break; - case KRB_CHALLENGE: + case KRB_CHALLENGE: #ifndef ENCRYPTION - Data(ap, KRB_RESPONSE, (void *)0, 0); + Data(ap, KRB_RESPONSE, (void *)0, 0); #else - if(!VALIDKEY(session_key)){ + if(!VALIDKEY(session_key)){ Data(ap, KRB_RESPONSE, NULL, 0); break; - } - des_key_sched(&session_key, sched); - { + } + des_key_sched(&session_key, sched); + { des_cblock d_block; int i; Session_Key skey; @@ -352,200 +343,190 @@ kerberos4_is(ap, data, cnt) /* decrypt challenge, add one and encrypt it */ des_ecb_encrypt(&d_block, &challenge, sched, 0); for (i = 7; i >= 0; i--) - if(++challenge[i] != 0) - break; + if(++challenge[i] != 0) + break; des_ecb_encrypt(&challenge, &challenge, sched, 1); Data(ap, KRB_RESPONSE, (void *)challenge, sizeof(challenge)); - } -#endif - break; - - default: - if (auth_debug_mode) - printf("Unknown Kerberos option %d\r\n", data[-1]); - Data(ap, KRB_REJECT, 0, 0); - break; } +#endif + break; + + default: + if (auth_debug_mode) + printf("Unknown Kerberos option %d\r\n", data[-1]); + Data(ap, KRB_REJECT, 0, 0); + break; + } } - void -kerberos4_reply(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; +void +kerberos4_reply(Authenticator *ap, unsigned char *data, int cnt) { - Session_Key skey; + Session_Key skey; - if (cnt-- < 1) - return; - switch (*data++) { - case KRB_REJECT: - if (cnt > 0) { - printf("[ Kerberos V4 refuses authentication because %.*s ]\r\n", - cnt, data); - } else - printf("[ Kerberos V4 refuses authentication ]\r\n"); - auth_send_retry(); - return; - case KRB_ACCEPT: - printf("[ Kerberos V4 accepts you ]\r\n"); - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - /* - * Send over the encrypted challenge. - */ - Data(ap, KRB_CHALLENGE, session_key, - sizeof(session_key)); + if (cnt-- < 1) + return; + switch (*data++) { + case KRB_REJECT: + if (cnt > 0) { + printf("[ Kerberos V4 refuses authentication because %.*s ]\r\n", + cnt, data); + } else + printf("[ Kerberos V4 refuses authentication ]\r\n"); + auth_send_retry(); + return; + case KRB_ACCEPT: + printf("[ Kerberos V4 accepts you ]\r\n"); + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { + /* + * Send over the encrypted challenge. + */ + Data(ap, KRB_CHALLENGE, session_key, + sizeof(session_key)); #ifdef ENCRYPTION - des_ecb_encrypt(&session_key, &session_key, sched, 1); - skey.type = SK_DES; - skey.length = 8; - skey.data = session_key; - encrypt_session_key(&skey, 0); + des_ecb_encrypt(&session_key, &session_key, sched, 1); + skey.type = SK_DES; + skey.length = 8; + skey.data = session_key; + encrypt_session_key(&skey, 0); #endif - return; - } - auth_finished(ap, AUTH_USER); - return; - case KRB_RESPONSE: - /* make sure the response is correct */ - if ((cnt != sizeof(des_cblock)) || - (memcmp(data, challenge, sizeof(challenge)))){ + return; + } + auth_finished(ap, AUTH_USER); + return; + case KRB_RESPONSE: + /* make sure the response is correct */ + if ((cnt != sizeof(des_cblock)) || + (memcmp(data, challenge, sizeof(challenge)))){ printf("[ Kerberos V4 challenge failed!!! ]\r\n"); auth_send_retry(); return; - } - printf("[ Kerberos V4 challenge successful ]\r\n"); - auth_finished(ap, AUTH_USER); - break; - default: - if (auth_debug_mode) - printf("Unknown Kerberos option %d\r\n", data[-1]); - return; } + printf("[ Kerberos V4 challenge successful ]\r\n"); + auth_finished(ap, AUTH_USER); + break; + default: + if (auth_debug_mode) + printf("Unknown Kerberos option %d\r\n", data[-1]); + return; + } } - int -kerberos4_status(ap, name, level) - Authenticator *ap; - char *name; - int level; +int +kerberos4_status(Authenticator *ap, char *name, int level) { - if (level < AUTH_USER) - return(level); + if (level < AUTH_USER) + return(level); - if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { - strcpy(name, UserNameRequested); - return(AUTH_VALID); - } else - return(AUTH_USER); + if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { + strcpy(name, UserNameRequested); + return(AUTH_VALID); + } else + return(AUTH_USER); } #define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} #define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} - void -kerberos4_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; +void +kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) { - char lbuf[32]; - register int i; + char lbuf[32]; + register int i; - buf[buflen-1] = '\0'; /* make sure its NULL terminated */ - buflen -= 1; + buf[buflen-1] = '\0'; /* make sure its NULL terminated */ + buflen -= 1; - switch(data[3]) { - case KRB_REJECT: /* Rejected (reason might follow) */ - strncpy((char *)buf, " REJECT ", buflen); - goto common; + switch(data[3]) { + case KRB_REJECT: /* Rejected (reason might follow) */ + strncpy((char *)buf, " REJECT ", buflen); + goto common; - case KRB_ACCEPT: /* Accepted (name might follow) */ - strncpy((char *)buf, " ACCEPT ", buflen); - common: - BUMP(buf, buflen); - if (cnt <= 4) - break; - ADDC(buf, buflen, '"'); - for (i = 4; i < cnt; i++) - ADDC(buf, buflen, data[i]); - ADDC(buf, buflen, '"'); - ADDC(buf, buflen, '\0'); - break; + case KRB_ACCEPT: /* Accepted (name might follow) */ + strncpy((char *)buf, " ACCEPT ", buflen); + common: + BUMP(buf, buflen); + if (cnt <= 4) + break; + ADDC(buf, buflen, '"'); + for (i = 4; i < cnt; i++) + ADDC(buf, buflen, data[i]); + ADDC(buf, buflen, '"'); + ADDC(buf, buflen, '\0'); + break; - case KRB_AUTH: /* Authentication data follows */ - strncpy((char *)buf, " AUTH", buflen); - goto common2; + case KRB_AUTH: /* Authentication data follows */ + strncpy((char *)buf, " AUTH", buflen); + goto common2; - case KRB_CHALLENGE: - strncpy((char *)buf, " CHALLENGE", buflen); - goto common2; + case KRB_CHALLENGE: + strncpy((char *)buf, " CHALLENGE", buflen); + goto common2; - case KRB_RESPONSE: - strncpy((char *)buf, " RESPONSE", buflen); - goto common2; + case KRB_RESPONSE: + strncpy((char *)buf, " RESPONSE", buflen); + goto common2; - default: - sprintf(lbuf, " %d (unknown)", data[3]); - strncpy((char *)buf, lbuf, buflen); - common2: - BUMP(buf, buflen); - for (i = 4; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); - strncpy((char *)buf, lbuf, buflen); - BUMP(buf, buflen); - } - break; + default: + sprintf(lbuf, " %d (unknown)", data[3]); + strncpy((char *)buf, lbuf, buflen); + common2: + BUMP(buf, buflen); + for (i = 4; i < cnt; i++) { + sprintf(lbuf, " %d", data[i]); + strncpy((char *)buf, lbuf, buflen); + BUMP(buf, buflen); } + break; + } } - int -kerberos4_cksum(d, n) - unsigned char *d; - int n; +int +kerberos4_cksum(unsigned char *d, int n) { - int ck = 0; + int ck = 0; - /* - * A comment is probably needed here for those not - * well versed in the "C" language. Yes, this is - * supposed to be a "switch" with the body of the - * "switch" being a "while" statement. The whole - * purpose of the switch is to allow us to jump into - * the middle of the while() loop, and then not have - * to do any more switch()s. - * - * Some compilers will spit out a warning message - * about the loop not being entered at the top. - */ - switch (n&03) + /* + * A comment is probably needed here for those not + * well versed in the "C" language. Yes, this is + * supposed to be a "switch" with the body of the + * "switch" being a "while" statement. The whole + * purpose of the switch is to allow us to jump into + * the middle of the while() loop, and then not have + * to do any more switch()s. + * + * Some compilers will spit out a warning message + * about the loop not being entered at the top. + */ + switch (n&03) while (n > 0) { case 0: - ck ^= (int)*d++ << 24; - --n; + ck ^= (int)*d++ << 24; + --n; case 3: - ck ^= (int)*d++ << 16; - --n; + ck ^= (int)*d++ << 16; + --n; case 2: - ck ^= (int)*d++ << 8; - --n; + ck ^= (int)*d++ << 8; + --n; case 1: - ck ^= (int)*d++; - --n; + ck ^= (int)*d++; + --n; } - return(ck); + return(ck); } #endif #ifdef notdef prkey(msg, key) - char *msg; - unsigned char *key; + char *msg; + unsigned char *key; { - register int i; - printf("%s:", msg); - for (i = 0; i < 8; i++) - printf(" %3d", key[i]); - printf("\r\n"); + register int i; + printf("%s:", msg); + for (i = 0; i < 8; i++) + printf(" %3d", key[i]); + printf("\r\n"); } #endif diff --git a/appl/telnet/libtelnet/misc.c b/appl/telnet/libtelnet/misc.c index b740414f7..90a8266bb 100644 --- a/appl/telnet/libtelnet/misc.c +++ b/appl/telnet/libtelnet/misc.c @@ -45,53 +45,45 @@ char *LocalHostName; char *UserNameRequested = 0; int ConnectedCount = 0; - void -auth_encrypt_init(local, remote, name, server) - char *local; - char *remote; - char *name; - int server; +void +auth_encrypt_init(char *local, char *remote, char *name, int server) { - RemoteHostName = remote; - LocalHostName = local; + RemoteHostName = remote; + LocalHostName = local; #if defined(AUTHENTICATION) - auth_init(name, server); + auth_init(name, server); #endif #if defined(ENCRYPTION) - encrypt_init(name, server); + encrypt_init(name, server); #endif - if (UserNameRequested) { - free(UserNameRequested); - UserNameRequested = 0; - } + if (UserNameRequested) { + free(UserNameRequested); + UserNameRequested = 0; + } } - void -auth_encrypt_user(name) - char *name; +void +auth_encrypt_user(char *name) { - extern char *strdup(); + extern char *strdup(const char *); - if (UserNameRequested) - free(UserNameRequested); - UserNameRequested = name ? strdup(name) : 0; + if (UserNameRequested) + free(UserNameRequested); + UserNameRequested = name ? strdup(name) : 0; } - void -auth_encrypt_connect(cnt) - int cnt; +void +auth_encrypt_connect(int cnt) { } - void -printd(data, cnt) - unsigned char *data; - int cnt; +void +printd(unsigned char *data, int cnt) { - if (cnt > 16) - cnt = 16; - while (cnt-- > 0) { - printf(" %02x", *data); - ++data; - } + if (cnt > 16) + cnt = 16; + while (cnt-- > 0) { + printf(" %02x", *data); + ++data; + } }