Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Clean up deleted files.

Browse Source
This commit is contained in:
mycroft 1994-02-25 02:53:07 +00:00
parent 50c0885ee0
commit 275855a18f
5 changed files with 0 additions and 2012 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

117
lib/libtelnet/enc-proto.h
View File

@ -1,117 +0,0 @@
/*-
* Copyright (c) 1991 The Regents of the University of California.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* from: @(#)enc-proto.h 5.2 (Berkeley) 3/22/91
* $Id: enc-proto.h,v 1.2 1993/08/01 18:32:53 mycroft Exp $
*/
/*
* Copyright (C) 1990 by the Massachusetts Institute of Technology
*
* Export of this software from the United States of America is assumed
* to require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
#if !defined(P)
#ifdef __STDC__
#define P(x) x
#else
#define P(x) ()
#endif
#endif
#if defined(ENCRYPT)
void encrypt_init P((char *, int));
Encryptions *findencryption P((int));
void encrypt_send_supprt P((void));
void encrypt_auto P((int));
void decrypt_auto P((int));
void encrypt_is P((unsigned char *, int));
void encrypt_reply P((unsigned char *, int));
void encrypt_start_input P((int));
void encrypt_session_key P((Session_Key *, int));
void encrypt_end_input P((void));
void encrypt_start_output P((int));
void encrypt_end_output P((void));
void encrypt_send_request_start P((void));
void encrypt_send_request_end P((void));
void encrypt_send_end P((void));
void encrypt_wait P((void));
void encrypt_send_support P((void));
void encrypt_send_keyid P((int, unsigned char *, int, int));
int net_write P((unsigned char *, int));
#ifdef TELENTD
void encrypt_wait P((void));
#else
int encrypt_cmd P((int, char **));
void encrypt_display P((void));
#endif
void cfb64_encrypt P((unsigned char *, int));
int cfb64_decrypt P((int));
void cfb64_init P((int));
int cfb64_start P((int, int));
int cfb64_is P((unsigned char *, int));
int cfb64_reply P((unsigned char *, int));
void cfb64_session P((Session_Key *, int));
int cfb64_keyid P((int, unsigned char *, int *));
void cfb64_printsub P((unsigned char *, int, unsigned char *, int));
void ofb64_encrypt P((unsigned char *, int));
int ofb64_decrypt P((int));
void ofb64_init P((int));
int ofb64_start P((int, int));
int ofb64_is P((unsigned char *, int));
int ofb64_reply P((unsigned char *, int));
void ofb64_session P((Session_Key *, int));
int ofb64_keyid P((int, unsigned char *, int *));
void ofb64_printsub P((unsigned char *, int, unsigned char *, int));
int des_new_random_key P((Block));
void des_set_random_generator_seed P((Block));
void des_key_sched P((Block, Schedule));
void des_ecb_encrypt P((Block, Block, Schedule, int));
int des_string_to_key P((char *, Block));
#endif

721
lib/libtelnet/enc_des.c
View File

@ -1,721 +0,0 @@
/*-
* Copyright (c) 1991 The Regents of the University of California.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
/*static char sccsid[] = "from: @(#)enc_des.c 5.1 (Berkeley) 3/22/91";*/
static char rcsid[] = "$Id: enc_des.c,v 1.2 1993/08/01 18:32:44 mycroft Exp $";
#endif /* not lint */
#if defined(AUTHENTICATE) && defined(ENCRYPT) && defined(DES_ENCRYPT)
#include <arpa/telnet.h>
#include <stdio.h>
#ifdef __STDC__
#include <stdlib.h>
#endif
#include "encrypt.h"
#include "key-proto.h"
#include "misc-proto.h"
extern encrypt_debug_mode;
#define CFB 0
#define OFB 1
#define NO_SEND_IV 1
#define NO_RECV_IV 2
#define NO_KEYID 4
#define IN_PROGRESS (NO_SEND_IV|NO_RECV_IV|NO_KEYID)
#define SUCCESS 0
#define FAILED -1
struct fb {
Block krbdes_key;
Schedule krbdes_sched;
Block temp_feed;
unsigned char fb_feed[64];
int need_start;
int state[2];
int keyid[2];
int once;
struct stinfo {
Block str_output;
Block str_feed;
Block str_iv;
Block str_ikey;
Schedule str_sched;
int str_index;
int str_flagshift;
} streams[2];
};
static struct fb fb[2];
struct keyidlist {
char *keyid;
int keyidlen;
char *key;
int keylen;
int flags;
} keyidlist [] = {
{ "\0", 1, 0, 0, 0 }, /* default key of zero */
{ 0, 0, 0, 0, 0 }
};
#define KEYFLAG_MASK 03
#define KEYFLAG_NOINIT 00
#define KEYFLAG_INIT 01
#define KEYFLAG_OK 02
#define KEYFLAG_BAD 03
#define KEYFLAG_SHIFT 2
#define SHIFT_VAL(a,b) (KEYFLAG_SHIFT*((a)+((b)*2)))
#define FB64_IV 1
#define FB64_IV_OK 2
#define FB64_IV_BAD 3
void fb64_stream_iv P((Block, struct stinfo *));
void fb64_init P((struct fb *));
int fb64_start P((struct fb *, int, int));
int fb64_is P((unsigned char *, int, struct fb *));
int fb64_reply P((unsigned char *, int, struct fb *));
void fb64_session P((Session_Key *, int, struct fb *));
void fb64_stream_key P((Block, struct stinfo *));
int fb64_keyid P((int, unsigned char *, int *, struct fb *));
void
cfb64_init(server)
int server;
{
fb64_init(&fb[CFB]);
fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64;
fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB);
fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB);
}
void
ofb64_init(server)
int server;
{
fb64_init(&fb[OFB]);
fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64;
fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB);
fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB);
}
void
fb64_init(fbp)
register struct fb *fbp;
{
bzero((void *)fbp, sizeof(*fbp));
fbp->state[0] = fbp->state[1] = FAILED;
fbp->fb_feed[0] = IAC;
fbp->fb_feed[1] = SB;
fbp->fb_feed[2] = TELOPT_ENCRYPT;
fbp->fb_feed[3] = ENCRYPT_IS;
}
/*
* Returns:
* -1: some error. Negotiation is done, encryption not ready.
* 0: Successful, initial negotiation all done.
* 1: successful, negotiation not done yet.
* 2: Not yet. Other things (like getting the key from
* Kerberos) have to happen before we can continue.
*/
int
cfb64_start(dir, server)
int dir;
int server;
{
return(fb64_start(&fb[CFB], dir, server));
}
int
ofb64_start(dir, server)
int dir;
int server;
{
return(fb64_start(&fb[OFB], dir, server));
}
static int
fb64_start(fbp, dir, server)
struct fb *fbp;
int dir;
int server;
{
Block b;
int x;
unsigned char *p;
register int state;
switch (dir) {
case DIR_DECRYPT:
/*
* This is simply a request to have the other side
* start output (our input). He will negotiate an
* IV so we need not look for it.
*/
state = fbp->state[dir-1];
if (state == FAILED)
state = IN_PROGRESS;
break;
case DIR_ENCRYPT:
state = fbp->state[dir-1];
if (state == FAILED)
state = IN_PROGRESS;
else if ((state & NO_SEND_IV) == 0)
break;
if (!VALIDKEY(fbp->krbdes_key)) {
fbp->need_start = 1;
break;
}
state &= ~NO_SEND_IV;
state |= NO_RECV_IV;
if (encrypt_debug_mode)
printf("Creating new feed\r\n");
/*
* Create a random feed and send it over.
*/
des_new_random_key(fbp->temp_feed);
des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
fbp->krbdes_sched, 1);
p = fbp->fb_feed + 3;
*p++ = ENCRYPT_IS;
p++;
*p++ = FB64_IV;
for (x = 0; x < sizeof(Block); ++x) {
if ((*p++ = fbp->temp_feed[x]) == IAC)
*p++ = IAC;
}
*p++ = IAC;
*p++ = SE;
printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
net_write(fbp->fb_feed, p - fbp->fb_feed);
break;
default:
return(FAILED);
}
return(fbp->state[dir-1] = state);
}
/*
* Returns:
* -1: some error. Negotiation is done, encryption not ready.
* 0: Successful, initial negotiation all done.
* 1: successful, negotiation not done yet.
*/
int
cfb64_is(data, cnt)
unsigned char *data;
int cnt;
{
return(fb64_is(data, cnt, &fb[CFB]));
}
int
ofb64_is(data, cnt)
unsigned char *data;
int cnt;
{
return(fb64_is(data, cnt, &fb[OFB]));
}
int
fb64_is(data, cnt, fbp)
unsigned char *data;
int cnt;
struct fb *fbp;
{
int x;
unsigned char *p;
Block b;
register int state = fbp->state[DIR_DECRYPT-1];
if (cnt-- < 1)
goto failure;
switch (*data++) {
case FB64_IV:
if (cnt != sizeof(Block)) {
if (encrypt_debug_mode)
printf("CFB64: initial vector failed on size\r\n");
state = FAILED;
goto failure;
}
if (encrypt_debug_mode)
printf("CFB64: initial vector received\r\n");
if (encrypt_debug_mode)
printf("Initializing Decrypt stream\r\n");
fb64_stream_iv((void *)data, &fbp->streams[DIR_DECRYPT-1]);
p = fbp->fb_feed + 3;
*p++ = ENCRYPT_REPLY;
p++;
*p++ = FB64_IV_OK;
*p++ = IAC;
*p++ = SE;
printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
net_write(fbp->fb_feed, p - fbp->fb_feed);
state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS;
break;
default:
if (encrypt_debug_mode) {
printf("Unknown option type: %d\r\n", *(data-1));
printd(data, cnt);
printf("\r\n");
}
/* FALL THROUGH */
failure:
/*
* We failed. Send an FB64_IV_BAD option
* to the other side so it will know that
* things failed.
*/
p = fbp->fb_feed + 3;
*p++ = ENCRYPT_REPLY;
p++;
*p++ = FB64_IV_BAD;
*p++ = IAC;
*p++ = SE;
printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
net_write(fbp->fb_feed, p - fbp->fb_feed);
break;
}
return(fbp->state[DIR_DECRYPT-1] = state);
}
/*
* Returns:
* -1: some error. Negotiation is done, encryption not ready.
* 0: Successful, initial negotiation all done.
* 1: successful, negotiation not done yet.
*/
int
cfb64_reply(data, cnt)
unsigned char *data;
int cnt;
{
return(fb64_reply(data, cnt, &fb[CFB]));
}
int
ofb64_reply(data, cnt)
unsigned char *data;
int cnt;
{
return(fb64_reply(data, cnt, &fb[OFB]));
}
int
fb64_reply(data, cnt, fbp)
unsigned char *data;
int cnt;
struct fb *fbp;
{
int x;
unsigned char *p;
Block b;
register int state = fbp->state[DIR_ENCRYPT-1];
if (cnt-- < 1)
goto failure;
switch (*data++) {
case FB64_IV_OK:
fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
if (state == FAILED)
state = IN_PROGRESS;
state &= ~NO_RECV_IV;
encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1);
break;
case FB64_IV_BAD:
bzero(fbp->temp_feed, sizeof(Block));
fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]);
state = FAILED;
break;
default:
if (encrypt_debug_mode) {
printf("Unknown option type: %d\r\n", data[-1]);
printd(data, cnt);
printf("\r\n");
}
/* FALL THROUGH */
failure:
state = FAILED;
break;
}
return(fbp->state[DIR_ENCRYPT-1] = state);
}
void
cfb64_session(key, server)
Session_Key *key;
int server;
{
fb64_session(key, server, &fb[CFB]);
}
void
ofb64_session(key, server)
Session_Key *key;
int server;
{
fb64_session(key, server, &fb[OFB]);
}
static void
fb64_session(key, server, fbp)
Session_Key *key;
int server;
struct fb *fbp;
{
if (!key || key->type != SK_DES) {
if (encrypt_debug_mode)
printf("Can't set krbdes's session key (%d != %d)\r\n",
key ? key->type : -1, SK_DES);
return;
}
bcopy((void *)key->data, (void *)fbp->krbdes_key, sizeof(Block));
fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]);
fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]);
if (fbp->once == 0) {
des_set_random_generator_seed(fbp->krbdes_key);
fbp->once = 1;
}
des_key_sched(fbp->krbdes_key, fbp->krbdes_sched);
/*
* Now look to see if krbdes_start() was was waiting for
* the key to show up. If so, go ahead an call it now
* that we have the key.
*/
if (fbp->need_start) {
fbp->need_start = 0;
fb64_start(fbp, DIR_ENCRYPT, server);
}
}
/*
* We only accept a keyid of 0. If we get a keyid of
* 0, then mark the state as SUCCESS.
*/
int
cfb64_keyid(dir, kp, lenp)
int dir, *lenp;
unsigned char *kp;
{
return(fb64_keyid(dir, kp, lenp, &fb[CFB]));
}
int
ofb64_keyid(dir, kp, lenp)
int dir, *lenp;
unsigned char *kp;
{
return(fb64_keyid(dir, kp, lenp, &fb[OFB]));
}
int
fb64_keyid(dir, kp, lenp, fbp)
int dir, *lenp;
unsigned char *kp;
struct fb *fbp;
{
register int state = fbp->state[dir-1];
if (*lenp != 1 || (*kp != '\0')) {
*lenp = 0;
return(state);
}
if (state == FAILED)
state = IN_PROGRESS;
state &= ~NO_KEYID;
return(fbp->state[dir-1] = state);
}
void
fb64_printsub(data, cnt, buf, buflen, type)
unsigned char *data, *buf, *type;
int cnt, buflen;
{
char lbuf[32];
register int i;
char *cp;
buf[buflen-1] = '\0'; /* make sure it's NULL terminated */
buflen -= 1;
switch(data[2]) {
case FB64_IV:
sprintf(lbuf, "%s_IV", type);
cp = lbuf;
goto common;
case FB64_IV_OK:
sprintf(lbuf, "%s_IV_OK", type);
cp = lbuf;
goto common;
case FB64_IV_BAD:
sprintf(lbuf, "%s_IV_BAD", type);
cp = lbuf;
goto common;
default:
sprintf(lbuf, " %d (unknown)", data[2]);
cp = lbuf;
common:
for (; (buflen > 0) && (*buf = *cp++); buf++)
buflen--;
for (i = 3; i < cnt; i++) {
sprintf(lbuf, " %d", data[i]);
for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++)
buflen--;
}
break;
}
}
void
cfb64_printsub(data, cnt, buf, buflen)
unsigned char *data, *buf;
int cnt, buflen;
{
fb64_printsub(data, cnt, buf, buflen, "CFB64");
}
void
ofb64_printsub(data, cnt, buf, buflen)
unsigned char *data, *buf;
int cnt, buflen;
{
fb64_printsub(data, cnt, buf, buflen, "OFB64");
}
void
fb64_stream_iv(seed, stp)
Block seed;
register struct stinfo *stp;
{
bcopy((void *)seed, (void *)stp->str_iv, sizeof(Block));
bcopy((void *)seed, (void *)stp->str_output, sizeof(Block));
des_key_sched(stp->str_ikey, stp->str_sched);
stp->str_index = sizeof(Block);
}
void
fb64_stream_key(key, stp)
Block key;
register struct stinfo *stp;
{
bcopy((void *)key, (void *)stp->str_ikey, sizeof(Block));
des_key_sched(key, stp->str_sched);
bcopy((void *)stp->str_iv, (void *)stp->str_output, sizeof(Block));
stp->str_index = sizeof(Block);
}
/*
* DES 64 bit Cipher Feedback
*
* key --->+-----+
* +->| DES |--+
* | +-----+ |
* | v
* INPUT --(--------->(+)+---> DATA
* | |
* +-------------+
*
*
* Given:
* iV: Initial vector, 64 bits (8 bytes) long.
* Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
* On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
*
* V0 = DES(iV, key)
* On = Dn ^ Vn
* V(n+1) = DES(On, key)
*/
void
cfb64_encrypt(s, c)
register unsigned char *s;
int c;
{
register struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1];
register int index;
index = stp->str_index;
while (c-- > 0) {
if (index == sizeof(Block)) {
Block b;
des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
bcopy((void *)b, (void *)stp->str_feed, sizeof(Block));
index = 0;
}
/* On encryption, we store (feed ^ data) which is cypher */
*s = stp->str_output[index] = (stp->str_feed[index] ^ *s);
s++;
index++;
}
stp->str_index = index;
}
int
cfb64_decrypt(data)
int data;
{
register struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1];
int index;
if (data == -1) {
/*
* Back up one byte. It is assumed that we will
* never back up more than one byte. If we do, this
* may or may not work.
*/
if (stp->str_index)
--stp->str_index;
return(0);
}
index = stp->str_index++;
if (index == sizeof(Block)) {
Block b;
des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
bcopy((void *)b, (void *)stp->str_feed, sizeof(Block));
stp->str_index = 1; /* Next time will be 1 */
index = 0; /* But now use 0 */
}
/* On decryption we store (data) which is cypher. */
stp->str_output[index] = data;
return(data ^ stp->str_feed[index]);
}
/*
* DES 64 bit Output Feedback
*
* key --->+-----+
* +->| DES |--+
* | +-----+ |
* +-----------+
* v
* INPUT -------->(+) ----> DATA
*
* Given:
* iV: Initial vector, 64 bits (8 bytes) long.
* Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt).
* On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output.
*
* V0 = DES(iV, key)
* V(n+1) = DES(Vn, key)
* On = Dn ^ Vn
*/
void
ofb64_encrypt(s, c)
register unsigned char *s;
int c;
{
register struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1];
register int index;
index = stp->str_index;
while (c-- > 0) {
if (index == sizeof(Block)) {
Block b;
des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
bcopy((void *)b, (void *)stp->str_feed, sizeof(Block));
index = 0;
}
*s++ ^= stp->str_feed[index];
index++;
}
stp->str_index = index;
}
int
ofb64_decrypt(data)
int data;
{
register struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1];
int index;
if (data == -1) {
/*
* Back up one byte. It is assumed that we will
* never back up more than one byte. If we do, this
* may or may not work.
*/
if (stp->str_index)
--stp->str_index;
return(0);
}
index = stp->str_index++;
if (index == sizeof(Block)) {
Block b;
des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
bcopy((void *)b, (void *)stp->str_feed, sizeof(Block));
stp->str_index = 1; /* Next time will be 1 */
index = 0; /* But now use 0 */
}
return(data ^ stp->str_feed[index]);
}
#endif

522
lib/libtelnet/kerberos.c
View File

@ -1,522 +0,0 @@
/*-
* Copyright (c) 1991 The Regents of the University of California.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
/*static char sccsid[] = "from: @(#)kerberos.c 5.2 (Berkeley) 3/22/91";*/
static char rcsid[] = "$Id: kerberos.c,v 1.2 1993/08/01 18:32:36 mycroft Exp $";
#endif /* not lint */
/*
* Copyright (C) 1990 by the Massachusetts Institute of Technology
*
* Export of this software from the United States of America is assumed
* to require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
#ifdef KRB4
#include <sys/types.h>
#include <arpa/telnet.h>
#include <stdio.h>
#if defined(ENCRYPT)
#define __NEED_ENCRYPT__
#undef ENCRYPT
#endif
#include <des.h> /* BSD wont include this in krb.h, so we do it here */
#include <krb.h>
#if defined(__NEED_ENCRYPT__) && !defined(ENCRYPT)
#define ENCRYPT
#undef __NEED_ENCRYPT__
#endif
#ifdef __STDC__
#include <stdlib.h>
#endif
#ifdef NO_STRING_H
#include <strings.h>
#else
#include <string.h>
#endif
#include "encrypt.h"
#include "auth.h"
#include "misc.h"
int cksum P((unsigned char *, int));
int krb_mk_req P((KTEXT, char *, char *, char *, u_long));
int krb_rd_req P((KTEXT, char *, char *, u_long, AUTH_DAT *, char *));
int krb_kntoln P((AUTH_DAT *, char *));
int krb_get_cred P((char *, char *, char *, CREDENTIALS *));
int krb_get_lrealm P((char *, int));
int kuserok P((AUTH_DAT *, char *));
extern auth_debug_mode;
static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
AUTHTYPE_KERBEROS_V4, };
static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
TELQUAL_NAME, };
#define KRB_AUTH 0 /* Authentication data follows */
#define KRB_REJECT 1 /* Rejected (reason might follow) */
#define KRB_ACCEPT 2 /* Accepted */
#define KRB_CHALLANGE 3 /* Challange for mutual auth. */
#define KRB_RESPONSE 4 /* Response for mutual auth. */
static KTEXT_ST auth;
static char name[ANAME_SZ];
static AUTH_DAT adat = { 0 };
#if defined(ENCRYPT)
static Block session_key = { 0 };
#endif
static Schedule sched;
static Block challange = { 0 };
static int
Data(ap, type, d, c)
Authenticator *ap;
int type;
void *d;
int c;
{
unsigned char *p = str_data + 4;
unsigned char *cd = (unsigned char *)d;
if (c == -1)
c = strlen((char *)cd);
if (auth_debug_mode) {
printf("%s:%d: [%d] (%d)",
str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
str_data[3],
type, c);
printd(d, c);
printf("\r\n");
}
*p++ = ap->type;
*p++ = ap->way;
*p++ = type;
while (c-- > 0) {
if ((*p++ = *cd++) == IAC)
*p++ = IAC;
}
*p++ = IAC;
*p++ = SE;
if (str_data[3] == TELQUAL_IS)
printsub('>', &str_data[2], p - (&str_data[2]));
return(net_write(str_data, p - str_data));
}
int
kerberos4_init(ap, server)
Authenticator *ap;
int server;
{
if (server)
str_data[3] = TELQUAL_REPLY;
else
str_data[3] = TELQUAL_IS;
return(1);
}
char dst_realm_buf[REALM_SZ], *dest_realm = NULL;
int dst_realm_sz = REALM_SZ;
int
kerberos4_send(ap)
Authenticator *ap;
{
KTEXT_ST auth;
Block enckey;
char instance[INST_SZ];
char *realm;
char *krb_realmofhost();
char *krb_get_phost();
CREDENTIALS cred;
int r;
if (!UserNameRequested) {
if (auth_debug_mode) {
printf("Kerberos V4: no user name supplied\r\n");
}
return(0);
}
bzero(instance, sizeof(instance));
if (realm = krb_get_phost(RemoteHostName))
strncpy(instance, realm, sizeof(instance));
instance[sizeof(instance)-1] = '\0';
realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName);
if (!realm) {
if (auth_debug_mode) {
printf("Kerberos V4: no realm for %s\r\n", RemoteHostName);
}
return(0);
}
if (r = krb_mk_req(&auth, "rcmd", instance, realm, 0L)) {
if (auth_debug_mode) {
printf("mk_req failed: %s\r\n", krb_err_txt[r]);
}
return(0);
}
if (r = krb_get_cred("rcmd", instance, realm, &cred)) {
if (auth_debug_mode) {
printf("get_cred failed: %s\r\n", krb_err_txt[r]);
}
return(0);
}
if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
if (auth_debug_mode)
printf("Not enough room for user name\r\n");
return(0);
}
if (auth_debug_mode)
printf("Sent %d bytes of authentication data\r\n", auth.length);
if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) {
if (auth_debug_mode)
printf("Not enough room for authentication data\r\n");
return(0);
}
/*
* If we are doing mutual authentication, get set up to send
* the challange, and verify it when the response comes back.
*/
if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
register int i;
des_key_sched(cred.session, sched);
des_set_random_generator_seed(cred.session);
des_new_random_key(challange);
des_ecb_encrypt(challange, session_key, sched, 1);
/*
* Increment the challange by 1, and encrypt it for
* later comparison.
*/
for (i = 7; i >= 0; --i) {
register int x;
x = (unsigned int)challange[i] + 1;
challange[i] = x; /* ignore overflow */
if (x < 256) /* if no overflow, all done */
break;
}
des_ecb_encrypt(challange, challange, sched, 1);
}
if (auth_debug_mode) {
printf("CK: %d:", cksum(auth.dat, auth.length));
printd(auth.dat, auth.length);
printf("\r\n");
printf("Sent Kerberos V4 credentials to server\r\n");
}
return(1);
}
void
kerberos4_is(ap, data, cnt)
Authenticator *ap;
unsigned char *data;
int cnt;
{
Session_Key skey;
Block datablock;
char realm[REALM_SZ];
char instance[INST_SZ];
int r;
if (cnt-- < 1)
return;
switch (*data++) {
case KRB_AUTH:
if (krb_get_lrealm(realm, 1) != KSUCCESS) {
Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1);
auth_finished(ap, AUTH_REJECT);
if (auth_debug_mode)
printf("No local realm\r\n");
return;
}
bcopy((void *)data, (void *)auth.dat, auth.length = cnt);
if (auth_debug_mode) {
printf("Got %d bytes of authentication data\r\n", cnt);
printf("CK: %d:", cksum(auth.dat, auth.length));
printd(auth.dat, auth.length);
printf("\r\n");
}
instance[0] = '*'; instance[1] = 0;
if (r = krb_rd_req(&auth, "rcmd", instance, 0, &adat, "")) {
if (auth_debug_mode)
printf("Kerberos failed him as %s\r\n", name);
Data(ap, KRB_REJECT, (void *)krb_err_txt[r], -1);
auth_finished(ap, AUTH_REJECT);
return;
}
bcopy((void *)adat.session, (void *)session_key, sizeof(Block));
krb_kntoln(&adat, name);
Data(ap, KRB_ACCEPT, (void *)0, 0);
auth_finished(ap, AUTH_USER);
if (auth_debug_mode) {
printf("Kerberos accepting him as %s\r\n", name);
}
break;
case KRB_CHALLANGE:
if (!VALIDKEY(session_key)) {
/*
* We don't have a valid session key, so just
* send back a response with an empty session
* key.
*/
Data(ap, KRB_RESPONSE, (void *)0, 0);
break;
}
des_key_sched(session_key, sched);
bcopy((void *)data, (void *)datablock, sizeof(Block));
/*
* Take the received encrypted challange, and encrypt
* it again to get a unique session_key for the
* ENCRYPT option.
*/
des_ecb_encrypt(datablock, session_key, sched, 1);
skey.type = SK_DES;
skey.length = 8;
skey.data = session_key;
encrypt_session_key(&skey, 1);
/*
* Now decrypt the received encrypted challange,
* increment by one, re-encrypt it and send it back.
*/
des_ecb_encrypt(datablock, challange, sched, 0);
for (r = 7; r >= 0; r++) {
register int t;
t = (unsigned int)challange[r] + 1;
challange[r] = t; /* ignore overflow */
if (t < 256) /* if no overflow, all done */
break;
}
des_ecb_encrypt(challange, challange, sched, 1);
Data(ap, KRB_RESPONSE, (void *)challange, sizeof(challange));
break;
default:
if (auth_debug_mode)
printf("Unknown Kerberos option %d\r\n", data[-1]);
Data(ap, KRB_REJECT, 0, 0);
break;
}
}
void
kerberos4_reply(ap, data, cnt)
Authenticator *ap;
unsigned char *data;
int cnt;
{
Session_Key skey;
if (cnt-- < 1)
return;
switch (*data++) {
case KRB_REJECT:
if (cnt > 0) {
printf("[ Kerberos V4 refuses authentication because %.*s ]\r\n",
cnt, data);
} else
printf("[ Kerberos V4 refuses authentication ]\r\n");
auth_send_retry();
return;
case KRB_ACCEPT:
printf("[ Kerberos V4 accepts you ]\n");
if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
/*
* Send over the encrypted challange.
*/
Data(ap, KRB_CHALLANGE, (void *)session_key,
sizeof(session_key));
#if defined(ENCRYPT)
des_ecb_encrypt(session_key, session_key, sched, 1);
skey.type = SK_DES;
skey.length = 8;
skey.data = session_key;
encrypt_session_key(&skey, 0);
#endif
return;
}
auth_finished(ap, AUTH_USER);
return;
case KRB_RESPONSE:
/*
* Verify that the response to the challange is correct.
*/
if ((cnt != sizeof(Block)) ||
(0 != memcmp((void *)data, (void *)challange,
sizeof(challange))))
{
printf("[ Kerberos V4 challange failed!!! ]\r\n");
auth_send_retry();
return;
}
printf("[ Kerberos V4 challange successful ]\r\n");
auth_finished(ap, AUTH_USER);
break;
default:
if (auth_debug_mode)
printf("Unknown Kerberos option %d\r\n", data[-1]);
return;
}
}
int
kerberos4_status(ap, name, level)
Authenticator *ap;
char *name;
int level;
{
if (level < AUTH_USER)
return(level);
if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
strcpy(name, UserNameRequested);
return(AUTH_VALID);
} else
return(AUTH_USER);
}
#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
void
kerberos4_printsub(data, cnt, buf, buflen)
unsigned char *data, *buf;
int cnt, buflen;
{
char lbuf[32];
register int i;
buf[buflen-1] = '\0'; /* make sure its NULL terminated */
buflen -= 1;
switch(data[3]) {
case KRB_REJECT: /* Rejected (reason might follow) */
strncpy((char *)buf, " REJECT ", buflen);
goto common;
case KRB_ACCEPT: /* Accepted (name might follow) */
strncpy((char *)buf, " ACCEPT ", buflen);
common:
BUMP(buf, buflen);
if (cnt <= 4)
break;
ADDC(buf, buflen, '"');
for (i = 4; i < cnt; i++)
ADDC(buf, buflen, data[i]);
ADDC(buf, buflen, '"');
ADDC(buf, buflen, '\0');
break;
case KRB_AUTH: /* Authentication data follows */
strncpy((char *)buf, " AUTH", buflen);
goto common2;
case KRB_CHALLANGE:
strncpy((char *)buf, " CHALLANGE", buflen);
goto common2;
case KRB_RESPONSE:
strncpy((char *)buf, " RESPONSE", buflen);
goto common2;
default:
sprintf(lbuf, " %d (unknown)", data[3]);
strncpy((char *)buf, lbuf, buflen);
common2:
BUMP(buf, buflen);
for (i = 4; i < cnt; i++) {
sprintf(lbuf, " %d", data[i]);
strncpy((char *)buf, lbuf, buflen);
BUMP(buf, buflen);
}
break;
}
}
int
cksum(d, n)
unsigned char *d;
int n;
{
int ck = 0;
switch (n&03)
while (n > 0) {
case 0:
ck ^= *d++ << 24;
--n;
case 3:
ck ^= *d++ << 16;
--n;
case 2:
ck ^= *d++ << 8;
--n;
case 1:
ck ^= *d++;
--n;
}
return(ck);
}
#endif
#ifdef notdef
prkey(msg, key)
char *msg;
unsigned char *key;
{
register int i;
printf("%s:", msg);
for (i = 0; i < 8; i++)
printf(" %3d", key[i]);
printf("\r\n");
}
#endif

580
lib/libtelnet/kerberos5.c
View File

@ -1,580 +0,0 @@
/*-
* Copyright (c) 1991 The Regents of the University of California.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
/*static char sccsid[] = "from: @(#)kerberos5.c 5.2 (Berkeley) 3/22/91";*/
static char rcsid[] = "$Id: kerberos5.c,v 1.2 1993/08/01 18:32:34 mycroft Exp $";
#endif /* not lint */
/*
* Copyright (C) 1990 by the Massachusetts Institute of Technology
*
* Export of this software from the United States of America is assumed
* to require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
#ifdef KRB5
#include <arpa/telnet.h>
#include <stdio.h>
#include <krb5/krb5.h>
#include <krb5/crc-32.h>
#include <krb5/libos-proto.h>
#include <netdb.h>
#include <ctype.h>
#ifdef __STDC__
#include <stdlib.h>
#endif
#ifdef NO_STRING_H
#include <strings.h>
#else
#include <string.h>
#endif
#include "encrypt.h"
#include "auth.h"
#include "misc.h"
extern auth_debug_mode;
char *malloc();
static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
AUTHTYPE_KERBEROS_V5, };
static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
TELQUAL_NAME, };
#define KRB_AUTH 0 /* Authentication data follows */
#define KRB_REJECT 1 /* Rejected (reason might follow) */
#define KRB_ACCEPT 2 /* Accepted */
#define KRB_CHALLANGE 3 /* Challange for mutual auth. */
#define KRB_RESPONSE 4 /* Response for mutual auth. */
static krb5_data auth;
/* telnetd gets session key from here */
static krb5_tkt_authent *authdat = NULL;
#if defined(ENCRYPT)
Block session_key;
#endif
static Schedule sched;
static Block challange;
static int
Data(ap, type, d, c)
Authenticator *ap;
int type;
void *d;
int c;
{
unsigned char *p = str_data + 4;
unsigned char *cd = (unsigned char *)d;
if (c == -1)
c = strlen((char *)cd);
if (auth_debug_mode) {
printf("%s:%d: [%d] (%d)",
str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
str_data[3],
type, c);
printd(d, c);
printf("\r\n");
}
*p++ = ap->type;
*p++ = ap->way;
*p++ = type;
while (c-- > 0) {
if ((*p++ = *cd++) == IAC)
*p++ = IAC;
}
*p++ = IAC;
*p++ = SE;
if (str_data[3] == TELQUAL_IS)
printsub('>', &str_data[2], p - &str_data[2]);
return(net_write(str_data, p - str_data));
}
int
kerberos5_init(ap, server)
Authenticator *ap;
int server;
{
if (server)
str_data[3] = TELQUAL_REPLY;
else
str_data[3] = TELQUAL_IS;
krb5_init_ets();
return(1);
}
int
kerberos5_send(ap)
Authenticator *ap;
{
char **realms;
char *name;
char *p1, *p2;
krb5_checksum ksum;
krb5_octet sum[CRC32_CKSUM_LENGTH];
krb5_data *server[4];
krb5_data srvdata[3];
krb5_error_code r;
krb5_ccache ccache;
krb5_creds creds; /* telnet gets session key from here */
extern krb5_flags krb5_kdc_default_options;
ksum.checksum_type = CKSUMTYPE_CRC32;
ksum.contents = sum;
ksum.length = sizeof(sum);
bzero((void *)sum, sizeof(sum));
if (!UserNameRequested) {
if (auth_debug_mode) {
printf("Kerberos V5: no user name supplied\r\n");
}
return(0);
}
if (r = krb5_cc_default(&ccache)) {
if (auth_debug_mode) {
printf("Kerberos V5: could not get default ccache\r\n");
}
return(0);
}
if ((name = malloc(strlen(RemoteHostName)+1)) == NULL) {
if (auth_debug_mode)
printf("Out of memory for hostname in Kerberos V5\r\n");
return(0);
}
if (r = krb5_get_host_realm(RemoteHostName, &realms)) {
if (auth_debug_mode)
printf("Kerberos V5: no realm for %s\r\n", RemoteHostName);
free(name);
return(0);
}
p1 = RemoteHostName;
p2 = name;
while (*p2 = *p1++) {
if (isupper(*p2))
*p2 |= 040;
++p2;
}
srvdata[0].data = realms[0];
srvdata[0].length = strlen(realms[0]);
srvdata[1].data = "rcmd";
srvdata[1].length = 4;
srvdata[2].data = name;
srvdata[2].length = p2 - name;
server[0] = &srvdata[0];
server[1] = &srvdata[1];
server[2] = &srvdata[2];
server[3] = 0;
bzero((char *)&creds, sizeof(creds));
creds.server = (krb5_principal)server;
if (r = krb5_cc_get_principal(ccache, &creds.client)) {
if (auth_debug_mode) {
printf("Keberos V5: failure on principal (%d)\r\n",
error_message(r));
}
free(name);
krb5_free_host_realm(realms);
return(0);
}
if (r = krb5_get_credentials(krb5_kdc_default_options, ccache, &creds)) {
if (auth_debug_mode) {
printf("Keberos V5: failure on credentials(%d)\r\n",r);
}
free(name);
krb5_free_host_realm(realms);
return(0);
}
r = krb5_mk_req_extended(0, &ksum, &creds.times,
krb5_kdc_default_options,
ccache, &creds, 0, &auth);
free(name);
krb5_free_host_realm(realms);
if (r) {
if (auth_debug_mode) {
printf("Keberos V5: mk_req failed\r\n");
}
return(0);
}
if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
if (auth_debug_mode)
printf("Not enough room for user name\r\n");
return(0);
}
if (!Data(ap, KRB_AUTH, auth.data, auth.length)) {
if (auth_debug_mode)
printf("Not enough room for authentication data\r\n");
return(0);
}
/*
* If we are doing mutual authentication, get set up to send
* the challange, and verify it when the response comes back.
*/
if (((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
&& (creds.keyblock.keytype == KEYTYPE_DES)) {
register int i;
des_key_sched(creds.keyblock.contents, sched);
des_set_random_generator_seed(creds.keyblock.contents);
des_new_random_key(challange);
des_ecb_encrypt(challange, session_key, sched, 1);
/*
* Increment the challange by 1, and encrypt it for
* later comparison.
*/
for (i = 7; i >= 0; --i) {
register int x;
x = (unsigned int)challange[i] + 1;
challange[i] = x; /* ignore overflow */
if (x < 256) /* if no overflow, all done */
break;
}
des_ecb_encrypt(challange, challange, sched, 1);
}
if (auth_debug_mode) {
printf("Sent Kerberos V5 credentials to server\r\n");
}
return(1);
}
void
kerberos5_is(ap, data, cnt)
Authenticator *ap;
unsigned char *data;
int cnt;
{
int r;
struct hostent *hp;
char *p1, *p2;
static char *realm = NULL;
krb5_data *server[4];
krb5_data srvdata[3];
Session_Key skey;
char *name;
char *getenv();
if (cnt-- < 1)
return;
switch (*data++) {
case KRB_AUTH:
auth.data = (char *)data;
auth.length = cnt;
if (!(hp = gethostbyname(LocalHostName))) {
if (auth_debug_mode)
printf("Cannot resolve local host name\r\n");
Data(ap, KRB_REJECT, "Unknown local hostname.", -1);
auth_finished(ap, AUTH_REJECT);
return;
}
if (!realm && (krb5_get_default_realm(&realm))) {
if (auth_debug_mode)
printf("Could not get defualt realm\r\n");
Data(ap, KRB_REJECT, "Could not get default realm.", -1);
auth_finished(ap, AUTH_REJECT);
return;
}
if ((name = malloc(strlen(hp->h_name)+1)) == NULL) {
if (auth_debug_mode)
printf("Out of memory for hostname in Kerberos V5\r\n");
Data(ap, KRB_REJECT, "Out of memory.", -1);
auth_finished(ap, AUTH_REJECT);
return;
}
p1 = hp->h_name;
p2 = name;
while (*p2 = *p1++) {
if (isupper(*p2))
*p2 |= 040;
++p2;
}
srvdata[0].data = realm;
srvdata[0].length = strlen(realm);
srvdata[1].data = "rcmd";
srvdata[1].length = 4;
srvdata[2].data = name;
srvdata[2].length = p2 - name;
server[0] = &srvdata[0];
server[1] = &srvdata[1];
server[2] = &srvdata[2];
server[3] = 0;
if (authdat)
krb5_free_tkt_authent(authdat);
if (r = krb5_rd_req_simple(&auth, server, 0, &authdat)) {
char errbuf[128];
authdat = 0;
(void) strcpy(errbuf, "Read req failed: ");
(void) strcat(errbuf, error_message(r));
Data(ap, KRB_REJECT, errbuf, -1);
if (auth_debug_mode)
printf("%s\r\n", errbuf);
return;
}
free(name);
if (krb5_unparse_name(authdat->ticket->enc_part2 ->client,
&name))
name = 0;
Data(ap, KRB_ACCEPT, name, name ? -1 : 0);
if (auth_debug_mode) {
printf("Kerberos5 accepting him as ``%s''\r\n",
name ? name : "");
}
auth_finished(ap, AUTH_USER);
if (authdat->ticket->enc_part2->session->keytype != KEYTYPE_DES)
break;
bcopy((void *)authdat->ticket->enc_part2->session->contents,
(void *)session_key, sizeof(Block));
break;
case KRB_CHALLANGE:
if (!VALIDKEY(session_key)) {
/*
* We don't have a valid session key, so just
* send back a response with an empty session
* key.
*/
Data(ap, KRB_RESPONSE, (void *)0, 0);
break;
}
des_key_sched(session_key, sched);
bcopy((void *)data, (void *)datablock, sizeof(Block));
/*
* Take the received encrypted challange, and encrypt
* it again to get a unique session_key for the
* ENCRYPT option.
*/
des_ecb_encrypt(datablock, session_key, sched, 1);
skey.type = SK_DES;
skey.length = 8;
skey.data = session_key;
encrypt_session_key(&skey, 1);
/*
* Now decrypt the received encrypted challange,
* increment by one, re-encrypt it and send it back.
*/
des_ecb_encrypt(datablock, challange, sched, 0);
for (r = 7; r >= 0; r++) {
register int t;
t = (unsigned int)challange[r] + 1;
challange[r] = t; /* ignore overflow */
if (t < 256) /* if no overflow, all done */
break;
}
des_ecb_encrypt(challange, challange, sched, 1);
Data(ap, KRB_RESPONSE, (void *)challange, sizeof(challange));
break;
default:
if (auth_debug_mode)
printf("Unknown Kerberos option %d\r\n", data[-1]);
Data(ap, KRB_REJECT, 0, 0);
break;
}
}
void
kerberos5_reply(ap, data, cnt)
Authenticator *ap;
unsigned char *data;
int cnt;
{
Session_Key skey;
if (cnt-- < 1)
return;
switch (*data++) {
case KRB_REJECT:
if (cnt > 0) {
printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n",
cnt, data);
} else
printf("[ Kerberos V5 refuses authentication ]\r\n");
auth_send_retry();
return;
case KRB_ACCEPT:
printf("[ Kerberos V5 accepts you ]\n", cnt, data);
if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
/*
* Send over the encrypted challange.
*/
Data(ap, KRB_CHALLANGE, (void *)session_key,
sizeof(session_key));
#if defined(ENCRYPT)
des_ecb_encrypt(session_key, session_key, sched, 1);
skey.type = SK_DES;
skey.length = 8;
skey.data = session_key;
encrypt_session_key(&skey, 0);
#endif
return;
}
auth_finished(ap, AUTH_USER);
return;
case KRB_RESPONSE:
/*
* Verify that the response to the challange is correct.
*/
if ((cnt != sizeof(Block)) ||
(0 != memcmp((void *)data, (void *)challange,
sizeof(challange))))
{
printf("[ Kerberos V5 challange failed!!! ]\r\n");
auth_send_retry();
return;
}
printf("[ Kerberos V5 challange successful ]\r\n");
auth_finished(ap, AUTH_USER);
break;
default:
if (auth_debug_mode)
printf("Unknown Kerberos option %d\r\n", data[-1]);
return;
}
}
int
kerberos5_status(ap, name, level)
Authenticator *ap;
char *name;
int level;
{
if (level < AUTH_USER)
return(level);
if (UserNameRequested &&
krb5_kuserok(authdat->ticket->enc_part2->client, UserNameRequested))
{
strcpy(name, UserNameRequested);
return(AUTH_VALID);
} else
return(AUTH_USER);
}
#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len));}
void
kerberos5_printsub(data, cnt, buf, buflen)
unsigned char *data, *buf;
int cnt, buflen;
{
char lbuf[32];
register int i;
buf[buflen-1] = '\0'; /* make sure its NULL terminated */
buflen -= 1;
switch(data[3]) {
case KRB_REJECT: /* Rejected (reason might follow) */
strncpy((char *)buf, " REJECT ", buflen);
goto common;
case KRB_ACCEPT: /* Accepted (name might follow) */
strncpy((char *)buf, " ACCEPT ", buflen);
common:
BUMP(buf, buflen);
if (cnt <= 4)
break;
ADDC(buf, buflen, '"');
for (i = 4; i < cnt; i++)
ADDC(buf, buflen, data[i]);
ADDC(buf, buflen, '"');
ADDC(buf, buflen, '\0');
break;
case KRB_AUTH: /* Authentication data follows */
strncpy((char *)buf, " AUTH", buflen);
goto common2;
case KRB_CHALLANGE:
strncpy((char *)buf, " CHALLANGE", buflen);
goto common2;
case KRB_RESPONSE:
strncpy((char *)buf, " RESPONSE", buflen);
goto common2;
default:
sprintf(lbuf, " %d (unknown)", data[3]);
strncpy((char *)buf, lbuf, buflen);
common2:
BUMP(buf, buflen);
for (i = 4; i < cnt; i++) {
sprintf(lbuf, " %d", data[i]);
strncpy((char *)buf, lbuf, buflen);
BUMP(buf, buflen);
}
break;
}
}
#endif

72
lib/libtelnet/key-proto.h
View File

@ -1,72 +0,0 @@
/*-
* Copyright (c) 1991 The Regents of the University of California.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* from: @(#)key-proto.h 5.1 (Berkeley) 2/28/91
* $Id: key-proto.h,v 1.2 1993/08/01 18:32:50 mycroft Exp $
*/
/*
* Copyright (C) 1990 by the Massachusetts Institute of Technology
*
* Export of this software from the United States of America is assumed
* to require a specific license from the United States Government.
* It is the responsibility of any person or organization contemplating
* export to obtain such a license before exporting.
*
* WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
* distribute this software and its documentation for any purpose and
* without fee is hereby granted, provided that the above copyright
* notice appear in all copies and that both that copyright notice and
* this permission notice appear in supporting documentation, and that
* the name of M.I.T. not be used in advertising or publicity pertaining
* to distribution of the software without specific, written prior
* permission. M.I.T. makes no representations about the suitability of
* this software for any purpose. It is provided "as is" without express
* or implied warranty.
*/
#ifndef __KEY_PROTO__
#define __KEY_PROTO__
#if !defined(P)
#ifdef __STDC__
#define P(x) x
#else
#define P(x) ()
#endif
#endif
int key_file_exists P((void));
void key_lookup P((unsigned char *, Block));
void key_stream_init P((Block, Block, int));
unsigned char key_stream P((int, int));
#endif