From 275855a18f7b32c31d6522f82e4efa73b289b74f Mon Sep 17 00:00:00 2001 From: mycroft Date: Fri, 25 Feb 1994 02:53:07 +0000 Subject: [PATCH] Clean up deleted files. --- lib/libtelnet/enc-proto.h | 117 ------- lib/libtelnet/enc_des.c | 721 -------------------------------------- lib/libtelnet/kerberos.c | 522 --------------------------- lib/libtelnet/kerberos5.c | 580 ------------------------------ lib/libtelnet/key-proto.h | 72 ---- 5 files changed, 2012 deletions(-) delete mode 100644 lib/libtelnet/enc-proto.h delete mode 100644 lib/libtelnet/enc_des.c delete mode 100644 lib/libtelnet/kerberos.c delete mode 100644 lib/libtelnet/kerberos5.c delete mode 100644 lib/libtelnet/key-proto.h diff --git a/lib/libtelnet/enc-proto.h b/lib/libtelnet/enc-proto.h deleted file mode 100644 index bb0ab0f8fe6f..000000000000 --- a/lib/libtelnet/enc-proto.h +++ /dev/null @@ -1,117 +0,0 @@ -/*- - * Copyright (c) 1991 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * from: @(#)enc-proto.h 5.2 (Berkeley) 3/22/91 - * $Id: enc-proto.h,v 1.2 1993/08/01 18:32:53 mycroft Exp $ - */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ -#if !defined(P) -#ifdef __STDC__ -#define P(x) x -#else -#define P(x) () -#endif -#endif - -#if defined(ENCRYPT) -void encrypt_init P((char *, int)); -Encryptions *findencryption P((int)); -void encrypt_send_supprt P((void)); -void encrypt_auto P((int)); -void decrypt_auto P((int)); -void encrypt_is P((unsigned char *, int)); -void encrypt_reply P((unsigned char *, int)); -void encrypt_start_input P((int)); -void encrypt_session_key P((Session_Key *, int)); -void encrypt_end_input P((void)); -void encrypt_start_output P((int)); -void encrypt_end_output P((void)); -void encrypt_send_request_start P((void)); -void encrypt_send_request_end P((void)); -void encrypt_send_end P((void)); -void encrypt_wait P((void)); -void encrypt_send_support P((void)); -void encrypt_send_keyid P((int, unsigned char *, int, int)); -int net_write P((unsigned char *, int)); - -#ifdef TELENTD -void encrypt_wait P((void)); -#else -int encrypt_cmd P((int, char **)); -void encrypt_display P((void)); -#endif - -void cfb64_encrypt P((unsigned char *, int)); -int cfb64_decrypt P((int)); -void cfb64_init P((int)); -int cfb64_start P((int, int)); -int cfb64_is P((unsigned char *, int)); -int cfb64_reply P((unsigned char *, int)); -void cfb64_session P((Session_Key *, int)); -int cfb64_keyid P((int, unsigned char *, int *)); -void cfb64_printsub P((unsigned char *, int, unsigned char *, int)); - -void ofb64_encrypt P((unsigned char *, int)); -int ofb64_decrypt P((int)); -void ofb64_init P((int)); -int ofb64_start P((int, int)); -int ofb64_is P((unsigned char *, int)); -int ofb64_reply P((unsigned char *, int)); -void ofb64_session P((Session_Key *, int)); -int ofb64_keyid P((int, unsigned char *, int *)); -void ofb64_printsub P((unsigned char *, int, unsigned char *, int)); - -int des_new_random_key P((Block)); -void des_set_random_generator_seed P((Block)); -void des_key_sched P((Block, Schedule)); -void des_ecb_encrypt P((Block, Block, Schedule, int)); -int des_string_to_key P((char *, Block)); -#endif diff --git a/lib/libtelnet/enc_des.c b/lib/libtelnet/enc_des.c deleted file mode 100644 index 660b71caafdd..000000000000 --- a/lib/libtelnet/enc_des.c +++ /dev/null @@ -1,721 +0,0 @@ -/*- - * Copyright (c) 1991 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef lint -/*static char sccsid[] = "from: @(#)enc_des.c 5.1 (Berkeley) 3/22/91";*/ -static char rcsid[] = "$Id: enc_des.c,v 1.2 1993/08/01 18:32:44 mycroft Exp $"; -#endif /* not lint */ - -#if defined(AUTHENTICATE) && defined(ENCRYPT) && defined(DES_ENCRYPT) -#include -#include -#ifdef __STDC__ -#include -#endif - -#include "encrypt.h" -#include "key-proto.h" -#include "misc-proto.h" - -extern encrypt_debug_mode; - -#define CFB 0 -#define OFB 1 - -#define NO_SEND_IV 1 -#define NO_RECV_IV 2 -#define NO_KEYID 4 -#define IN_PROGRESS (NO_SEND_IV|NO_RECV_IV|NO_KEYID) -#define SUCCESS 0 -#define FAILED -1 - - -struct fb { - Block krbdes_key; - Schedule krbdes_sched; - Block temp_feed; - unsigned char fb_feed[64]; - int need_start; - int state[2]; - int keyid[2]; - int once; - struct stinfo { - Block str_output; - Block str_feed; - Block str_iv; - Block str_ikey; - Schedule str_sched; - int str_index; - int str_flagshift; - } streams[2]; -}; - -static struct fb fb[2]; - -struct keyidlist { - char *keyid; - int keyidlen; - char *key; - int keylen; - int flags; -} keyidlist [] = { - { "\0", 1, 0, 0, 0 }, /* default key of zero */ - { 0, 0, 0, 0, 0 } -}; - -#define KEYFLAG_MASK 03 - -#define KEYFLAG_NOINIT 00 -#define KEYFLAG_INIT 01 -#define KEYFLAG_OK 02 -#define KEYFLAG_BAD 03 - -#define KEYFLAG_SHIFT 2 - -#define SHIFT_VAL(a,b) (KEYFLAG_SHIFT*((a)+((b)*2))) - -#define FB64_IV 1 -#define FB64_IV_OK 2 -#define FB64_IV_BAD 3 - - -void fb64_stream_iv P((Block, struct stinfo *)); -void fb64_init P((struct fb *)); -int fb64_start P((struct fb *, int, int)); -int fb64_is P((unsigned char *, int, struct fb *)); -int fb64_reply P((unsigned char *, int, struct fb *)); -void fb64_session P((Session_Key *, int, struct fb *)); -void fb64_stream_key P((Block, struct stinfo *)); -int fb64_keyid P((int, unsigned char *, int *, struct fb *)); - - void -cfb64_init(server) - int server; -{ - fb64_init(&fb[CFB]); - fb[CFB].fb_feed[4] = ENCTYPE_DES_CFB64; - fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, CFB); - fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, CFB); -} - - void -ofb64_init(server) - int server; -{ - fb64_init(&fb[OFB]); - fb[OFB].fb_feed[4] = ENCTYPE_DES_OFB64; - fb[CFB].streams[0].str_flagshift = SHIFT_VAL(0, OFB); - fb[CFB].streams[1].str_flagshift = SHIFT_VAL(1, OFB); -} - - void -fb64_init(fbp) - register struct fb *fbp; -{ - bzero((void *)fbp, sizeof(*fbp)); - fbp->state[0] = fbp->state[1] = FAILED; - fbp->fb_feed[0] = IAC; - fbp->fb_feed[1] = SB; - fbp->fb_feed[2] = TELOPT_ENCRYPT; - fbp->fb_feed[3] = ENCRYPT_IS; -} - -/* - * Returns: - * -1: some error. Negotiation is done, encryption not ready. - * 0: Successful, initial negotiation all done. - * 1: successful, negotiation not done yet. - * 2: Not yet. Other things (like getting the key from - * Kerberos) have to happen before we can continue. - */ - int -cfb64_start(dir, server) - int dir; - int server; -{ - return(fb64_start(&fb[CFB], dir, server)); -} - int -ofb64_start(dir, server) - int dir; - int server; -{ - return(fb64_start(&fb[OFB], dir, server)); -} - - static int -fb64_start(fbp, dir, server) - struct fb *fbp; - int dir; - int server; -{ - Block b; - int x; - unsigned char *p; - register int state; - - switch (dir) { - case DIR_DECRYPT: - /* - * This is simply a request to have the other side - * start output (our input). He will negotiate an - * IV so we need not look for it. - */ - state = fbp->state[dir-1]; - if (state == FAILED) - state = IN_PROGRESS; - break; - - case DIR_ENCRYPT: - state = fbp->state[dir-1]; - if (state == FAILED) - state = IN_PROGRESS; - else if ((state & NO_SEND_IV) == 0) - break; - - if (!VALIDKEY(fbp->krbdes_key)) { - fbp->need_start = 1; - break; - } - state &= ~NO_SEND_IV; - state |= NO_RECV_IV; - if (encrypt_debug_mode) - printf("Creating new feed\r\n"); - /* - * Create a random feed and send it over. - */ - des_new_random_key(fbp->temp_feed); - des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed, - fbp->krbdes_sched, 1); - p = fbp->fb_feed + 3; - *p++ = ENCRYPT_IS; - p++; - *p++ = FB64_IV; - for (x = 0; x < sizeof(Block); ++x) { - if ((*p++ = fbp->temp_feed[x]) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); - net_write(fbp->fb_feed, p - fbp->fb_feed); - break; - default: - return(FAILED); - } - return(fbp->state[dir-1] = state); -} - -/* - * Returns: - * -1: some error. Negotiation is done, encryption not ready. - * 0: Successful, initial negotiation all done. - * 1: successful, negotiation not done yet. - */ - int -cfb64_is(data, cnt) - unsigned char *data; - int cnt; -{ - return(fb64_is(data, cnt, &fb[CFB])); -} - int -ofb64_is(data, cnt) - unsigned char *data; - int cnt; -{ - return(fb64_is(data, cnt, &fb[OFB])); -} - - int -fb64_is(data, cnt, fbp) - unsigned char *data; - int cnt; - struct fb *fbp; -{ - int x; - unsigned char *p; - Block b; - register int state = fbp->state[DIR_DECRYPT-1]; - - if (cnt-- < 1) - goto failure; - - switch (*data++) { - case FB64_IV: - if (cnt != sizeof(Block)) { - if (encrypt_debug_mode) - printf("CFB64: initial vector failed on size\r\n"); - state = FAILED; - goto failure; - } - - if (encrypt_debug_mode) - printf("CFB64: initial vector received\r\n"); - - if (encrypt_debug_mode) - printf("Initializing Decrypt stream\r\n"); - - fb64_stream_iv((void *)data, &fbp->streams[DIR_DECRYPT-1]); - - p = fbp->fb_feed + 3; - *p++ = ENCRYPT_REPLY; - p++; - *p++ = FB64_IV_OK; - *p++ = IAC; - *p++ = SE; - printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); - net_write(fbp->fb_feed, p - fbp->fb_feed); - - state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS; - break; - - default: - if (encrypt_debug_mode) { - printf("Unknown option type: %d\r\n", *(data-1)); - printd(data, cnt); - printf("\r\n"); - } - /* FALL THROUGH */ - failure: - /* - * We failed. Send an FB64_IV_BAD option - * to the other side so it will know that - * things failed. - */ - p = fbp->fb_feed + 3; - *p++ = ENCRYPT_REPLY; - p++; - *p++ = FB64_IV_BAD; - *p++ = IAC; - *p++ = SE; - printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); - net_write(fbp->fb_feed, p - fbp->fb_feed); - - break; - } - return(fbp->state[DIR_DECRYPT-1] = state); -} - -/* - * Returns: - * -1: some error. Negotiation is done, encryption not ready. - * 0: Successful, initial negotiation all done. - * 1: successful, negotiation not done yet. - */ - int -cfb64_reply(data, cnt) - unsigned char *data; - int cnt; -{ - return(fb64_reply(data, cnt, &fb[CFB])); -} - int -ofb64_reply(data, cnt) - unsigned char *data; - int cnt; -{ - return(fb64_reply(data, cnt, &fb[OFB])); -} - - - int -fb64_reply(data, cnt, fbp) - unsigned char *data; - int cnt; - struct fb *fbp; -{ - int x; - unsigned char *p; - Block b; - register int state = fbp->state[DIR_ENCRYPT-1]; - - if (cnt-- < 1) - goto failure; - - switch (*data++) { - case FB64_IV_OK: - fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]); - if (state == FAILED) - state = IN_PROGRESS; - state &= ~NO_RECV_IV; - encrypt_send_keyid(DIR_ENCRYPT, (unsigned char *)"\0", 1, 1); - break; - - case FB64_IV_BAD: - bzero(fbp->temp_feed, sizeof(Block)); - fb64_stream_iv(fbp->temp_feed, &fbp->streams[DIR_ENCRYPT-1]); - state = FAILED; - break; - - default: - if (encrypt_debug_mode) { - printf("Unknown option type: %d\r\n", data[-1]); - printd(data, cnt); - printf("\r\n"); - } - /* FALL THROUGH */ - failure: - state = FAILED; - break; - } - return(fbp->state[DIR_ENCRYPT-1] = state); -} - - void -cfb64_session(key, server) - Session_Key *key; - int server; -{ - fb64_session(key, server, &fb[CFB]); -} - - void -ofb64_session(key, server) - Session_Key *key; - int server; -{ - fb64_session(key, server, &fb[OFB]); -} - - static void -fb64_session(key, server, fbp) - Session_Key *key; - int server; - struct fb *fbp; -{ - - if (!key || key->type != SK_DES) { - if (encrypt_debug_mode) - printf("Can't set krbdes's session key (%d != %d)\r\n", - key ? key->type : -1, SK_DES); - return; - } - bcopy((void *)key->data, (void *)fbp->krbdes_key, sizeof(Block)); - - fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_ENCRYPT-1]); - fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]); - - if (fbp->once == 0) { - des_set_random_generator_seed(fbp->krbdes_key); - fbp->once = 1; - } - des_key_sched(fbp->krbdes_key, fbp->krbdes_sched); - /* - * Now look to see if krbdes_start() was was waiting for - * the key to show up. If so, go ahead an call it now - * that we have the key. - */ - if (fbp->need_start) { - fbp->need_start = 0; - fb64_start(fbp, DIR_ENCRYPT, server); - } -} - -/* - * We only accept a keyid of 0. If we get a keyid of - * 0, then mark the state as SUCCESS. - */ - int -cfb64_keyid(dir, kp, lenp) - int dir, *lenp; - unsigned char *kp; -{ - return(fb64_keyid(dir, kp, lenp, &fb[CFB])); -} - - int -ofb64_keyid(dir, kp, lenp) - int dir, *lenp; - unsigned char *kp; -{ - return(fb64_keyid(dir, kp, lenp, &fb[OFB])); -} - - int -fb64_keyid(dir, kp, lenp, fbp) - int dir, *lenp; - unsigned char *kp; - struct fb *fbp; -{ - register int state = fbp->state[dir-1]; - - if (*lenp != 1 || (*kp != '\0')) { - *lenp = 0; - return(state); - } - - if (state == FAILED) - state = IN_PROGRESS; - - state &= ~NO_KEYID; - - return(fbp->state[dir-1] = state); -} - - void -fb64_printsub(data, cnt, buf, buflen, type) - unsigned char *data, *buf, *type; - int cnt, buflen; -{ - char lbuf[32]; - register int i; - char *cp; - - buf[buflen-1] = '\0'; /* make sure it's NULL terminated */ - buflen -= 1; - - switch(data[2]) { - case FB64_IV: - sprintf(lbuf, "%s_IV", type); - cp = lbuf; - goto common; - - case FB64_IV_OK: - sprintf(lbuf, "%s_IV_OK", type); - cp = lbuf; - goto common; - - case FB64_IV_BAD: - sprintf(lbuf, "%s_IV_BAD", type); - cp = lbuf; - goto common; - - default: - sprintf(lbuf, " %d (unknown)", data[2]); - cp = lbuf; - common: - for (; (buflen > 0) && (*buf = *cp++); buf++) - buflen--; - for (i = 3; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); - for (cp = lbuf; (buflen > 0) && (*buf = *cp++); buf++) - buflen--; - } - break; - } -} - - void -cfb64_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; -{ - fb64_printsub(data, cnt, buf, buflen, "CFB64"); -} - - void -ofb64_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; -{ - fb64_printsub(data, cnt, buf, buflen, "OFB64"); -} - - void -fb64_stream_iv(seed, stp) - Block seed; - register struct stinfo *stp; -{ - - bcopy((void *)seed, (void *)stp->str_iv, sizeof(Block)); - bcopy((void *)seed, (void *)stp->str_output, sizeof(Block)); - - des_key_sched(stp->str_ikey, stp->str_sched); - - stp->str_index = sizeof(Block); -} - - void -fb64_stream_key(key, stp) - Block key; - register struct stinfo *stp; -{ - bcopy((void *)key, (void *)stp->str_ikey, sizeof(Block)); - des_key_sched(key, stp->str_sched); - - bcopy((void *)stp->str_iv, (void *)stp->str_output, sizeof(Block)); - - stp->str_index = sizeof(Block); -} - -/* - * DES 64 bit Cipher Feedback - * - * key --->+-----+ - * +->| DES |--+ - * | +-----+ | - * | v - * INPUT --(--------->(+)+---> DATA - * | | - * +-------------+ - * - * - * Given: - * iV: Initial vector, 64 bits (8 bytes) long. - * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt). - * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output. - * - * V0 = DES(iV, key) - * On = Dn ^ Vn - * V(n+1) = DES(On, key) - */ - - void -cfb64_encrypt(s, c) - register unsigned char *s; - int c; -{ - register struct stinfo *stp = &fb[CFB].streams[DIR_ENCRYPT-1]; - register int index; - - index = stp->str_index; - while (c-- > 0) { - if (index == sizeof(Block)) { - Block b; - des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1); - bcopy((void *)b, (void *)stp->str_feed, sizeof(Block)); - index = 0; - } - - /* On encryption, we store (feed ^ data) which is cypher */ - *s = stp->str_output[index] = (stp->str_feed[index] ^ *s); - s++; - index++; - } - stp->str_index = index; -} - - int -cfb64_decrypt(data) - int data; -{ - register struct stinfo *stp = &fb[CFB].streams[DIR_DECRYPT-1]; - int index; - - if (data == -1) { - /* - * Back up one byte. It is assumed that we will - * never back up more than one byte. If we do, this - * may or may not work. - */ - if (stp->str_index) - --stp->str_index; - return(0); - } - - index = stp->str_index++; - if (index == sizeof(Block)) { - Block b; - des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1); - bcopy((void *)b, (void *)stp->str_feed, sizeof(Block)); - stp->str_index = 1; /* Next time will be 1 */ - index = 0; /* But now use 0 */ - } - - /* On decryption we store (data) which is cypher. */ - stp->str_output[index] = data; - return(data ^ stp->str_feed[index]); -} - -/* - * DES 64 bit Output Feedback - * - * key --->+-----+ - * +->| DES |--+ - * | +-----+ | - * +-----------+ - * v - * INPUT -------->(+) ----> DATA - * - * Given: - * iV: Initial vector, 64 bits (8 bytes) long. - * Dn: the nth chunk of 64 bits (8 bytes) of data to encrypt (decrypt). - * On: the nth chunk of 64 bits (8 bytes) of encrypted (decrypted) output. - * - * V0 = DES(iV, key) - * V(n+1) = DES(Vn, key) - * On = Dn ^ Vn - */ - void -ofb64_encrypt(s, c) - register unsigned char *s; - int c; -{ - register struct stinfo *stp = &fb[OFB].streams[DIR_ENCRYPT-1]; - register int index; - - index = stp->str_index; - while (c-- > 0) { - if (index == sizeof(Block)) { - Block b; - des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1); - bcopy((void *)b, (void *)stp->str_feed, sizeof(Block)); - index = 0; - } - *s++ ^= stp->str_feed[index]; - index++; - } - stp->str_index = index; -} - - int -ofb64_decrypt(data) - int data; -{ - register struct stinfo *stp = &fb[OFB].streams[DIR_DECRYPT-1]; - int index; - - if (data == -1) { - /* - * Back up one byte. It is assumed that we will - * never back up more than one byte. If we do, this - * may or may not work. - */ - if (stp->str_index) - --stp->str_index; - return(0); - } - - index = stp->str_index++; - if (index == sizeof(Block)) { - Block b; - des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1); - bcopy((void *)b, (void *)stp->str_feed, sizeof(Block)); - stp->str_index = 1; /* Next time will be 1 */ - index = 0; /* But now use 0 */ - } - - return(data ^ stp->str_feed[index]); -} -#endif diff --git a/lib/libtelnet/kerberos.c b/lib/libtelnet/kerberos.c deleted file mode 100644 index 9d976259e3a7..000000000000 --- a/lib/libtelnet/kerberos.c +++ /dev/null @@ -1,522 +0,0 @@ -/*- - * Copyright (c) 1991 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef lint -/*static char sccsid[] = "from: @(#)kerberos.c 5.2 (Berkeley) 3/22/91";*/ -static char rcsid[] = "$Id: kerberos.c,v 1.2 1993/08/01 18:32:36 mycroft Exp $"; -#endif /* not lint */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#ifdef KRB4 -#include -#include -#include -#if defined(ENCRYPT) -#define __NEED_ENCRYPT__ -#undef ENCRYPT -#endif -#include /* BSD wont include this in krb.h, so we do it here */ -#include -#if defined(__NEED_ENCRYPT__) && !defined(ENCRYPT) -#define ENCRYPT -#undef __NEED_ENCRYPT__ -#endif -#ifdef __STDC__ -#include -#endif -#ifdef NO_STRING_H -#include -#else -#include -#endif - -#include "encrypt.h" -#include "auth.h" -#include "misc.h" - -int cksum P((unsigned char *, int)); -int krb_mk_req P((KTEXT, char *, char *, char *, u_long)); -int krb_rd_req P((KTEXT, char *, char *, u_long, AUTH_DAT *, char *)); -int krb_kntoln P((AUTH_DAT *, char *)); -int krb_get_cred P((char *, char *, char *, CREDENTIALS *)); -int krb_get_lrealm P((char *, int)); -int kuserok P((AUTH_DAT *, char *)); - -extern auth_debug_mode; - -static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, - AUTHTYPE_KERBEROS_V4, }; -static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION, - TELQUAL_NAME, }; - -#define KRB_AUTH 0 /* Authentication data follows */ -#define KRB_REJECT 1 /* Rejected (reason might follow) */ -#define KRB_ACCEPT 2 /* Accepted */ -#define KRB_CHALLANGE 3 /* Challange for mutual auth. */ -#define KRB_RESPONSE 4 /* Response for mutual auth. */ - -static KTEXT_ST auth; -static char name[ANAME_SZ]; -static AUTH_DAT adat = { 0 }; -#if defined(ENCRYPT) -static Block session_key = { 0 }; -#endif -static Schedule sched; -static Block challange = { 0 }; - - static int -Data(ap, type, d, c) - Authenticator *ap; - int type; - void *d; - int c; -{ - unsigned char *p = str_data + 4; - unsigned char *cd = (unsigned char *)d; - - if (c == -1) - c = strlen((char *)cd); - - if (auth_debug_mode) { - printf("%s:%d: [%d] (%d)", - str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", - str_data[3], - type, c); - printd(d, c); - printf("\r\n"); - } - *p++ = ap->type; - *p++ = ap->way; - *p++ = type; - while (c-- > 0) { - if ((*p++ = *cd++) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - if (str_data[3] == TELQUAL_IS) - printsub('>', &str_data[2], p - (&str_data[2])); - return(net_write(str_data, p - str_data)); -} - - int -kerberos4_init(ap, server) - Authenticator *ap; - int server; -{ - if (server) - str_data[3] = TELQUAL_REPLY; - else - str_data[3] = TELQUAL_IS; - return(1); -} - -char dst_realm_buf[REALM_SZ], *dest_realm = NULL; -int dst_realm_sz = REALM_SZ; - - int -kerberos4_send(ap) - Authenticator *ap; -{ - KTEXT_ST auth; - Block enckey; - char instance[INST_SZ]; - char *realm; - char *krb_realmofhost(); - char *krb_get_phost(); - CREDENTIALS cred; - int r; - - if (!UserNameRequested) { - if (auth_debug_mode) { - printf("Kerberos V4: no user name supplied\r\n"); - } - return(0); - } - - bzero(instance, sizeof(instance)); - if (realm = krb_get_phost(RemoteHostName)) - strncpy(instance, realm, sizeof(instance)); - instance[sizeof(instance)-1] = '\0'; - - realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName); - if (!realm) { - if (auth_debug_mode) { - printf("Kerberos V4: no realm for %s\r\n", RemoteHostName); - } - return(0); - } - if (r = krb_mk_req(&auth, "rcmd", instance, realm, 0L)) { - if (auth_debug_mode) { - printf("mk_req failed: %s\r\n", krb_err_txt[r]); - } - return(0); - } - if (r = krb_get_cred("rcmd", instance, realm, &cred)) { - if (auth_debug_mode) { - printf("get_cred failed: %s\r\n", krb_err_txt[r]); - } - return(0); - } - if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { - if (auth_debug_mode) - printf("Not enough room for user name\r\n"); - return(0); - } - if (auth_debug_mode) - printf("Sent %d bytes of authentication data\r\n", auth.length); - if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) { - if (auth_debug_mode) - printf("Not enough room for authentication data\r\n"); - return(0); - } - /* - * If we are doing mutual authentication, get set up to send - * the challange, and verify it when the response comes back. - */ - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - register int i; - - des_key_sched(cred.session, sched); - des_set_random_generator_seed(cred.session); - des_new_random_key(challange); - des_ecb_encrypt(challange, session_key, sched, 1); - /* - * Increment the challange by 1, and encrypt it for - * later comparison. - */ - for (i = 7; i >= 0; --i) { - register int x; - x = (unsigned int)challange[i] + 1; - challange[i] = x; /* ignore overflow */ - if (x < 256) /* if no overflow, all done */ - break; - } - des_ecb_encrypt(challange, challange, sched, 1); - } - - if (auth_debug_mode) { - printf("CK: %d:", cksum(auth.dat, auth.length)); - printd(auth.dat, auth.length); - printf("\r\n"); - printf("Sent Kerberos V4 credentials to server\r\n"); - } - return(1); -} - - void -kerberos4_is(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; -{ - Session_Key skey; - Block datablock; - char realm[REALM_SZ]; - char instance[INST_SZ]; - int r; - - if (cnt-- < 1) - return; - switch (*data++) { - case KRB_AUTH: - if (krb_get_lrealm(realm, 1) != KSUCCESS) { - Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1); - auth_finished(ap, AUTH_REJECT); - if (auth_debug_mode) - printf("No local realm\r\n"); - return; - } - bcopy((void *)data, (void *)auth.dat, auth.length = cnt); - if (auth_debug_mode) { - printf("Got %d bytes of authentication data\r\n", cnt); - printf("CK: %d:", cksum(auth.dat, auth.length)); - printd(auth.dat, auth.length); - printf("\r\n"); - } - instance[0] = '*'; instance[1] = 0; - if (r = krb_rd_req(&auth, "rcmd", instance, 0, &adat, "")) { - if (auth_debug_mode) - printf("Kerberos failed him as %s\r\n", name); - Data(ap, KRB_REJECT, (void *)krb_err_txt[r], -1); - auth_finished(ap, AUTH_REJECT); - return; - } - bcopy((void *)adat.session, (void *)session_key, sizeof(Block)); - krb_kntoln(&adat, name); - Data(ap, KRB_ACCEPT, (void *)0, 0); - auth_finished(ap, AUTH_USER); - if (auth_debug_mode) { - printf("Kerberos accepting him as %s\r\n", name); - } - break; - - case KRB_CHALLANGE: - if (!VALIDKEY(session_key)) { - /* - * We don't have a valid session key, so just - * send back a response with an empty session - * key. - */ - Data(ap, KRB_RESPONSE, (void *)0, 0); - break; - } - - des_key_sched(session_key, sched); - bcopy((void *)data, (void *)datablock, sizeof(Block)); - /* - * Take the received encrypted challange, and encrypt - * it again to get a unique session_key for the - * ENCRYPT option. - */ - des_ecb_encrypt(datablock, session_key, sched, 1); - skey.type = SK_DES; - skey.length = 8; - skey.data = session_key; - encrypt_session_key(&skey, 1); - /* - * Now decrypt the received encrypted challange, - * increment by one, re-encrypt it and send it back. - */ - des_ecb_encrypt(datablock, challange, sched, 0); - for (r = 7; r >= 0; r++) { - register int t; - t = (unsigned int)challange[r] + 1; - challange[r] = t; /* ignore overflow */ - if (t < 256) /* if no overflow, all done */ - break; - } - des_ecb_encrypt(challange, challange, sched, 1); - Data(ap, KRB_RESPONSE, (void *)challange, sizeof(challange)); - break; - - default: - if (auth_debug_mode) - printf("Unknown Kerberos option %d\r\n", data[-1]); - Data(ap, KRB_REJECT, 0, 0); - break; - } -} - - void -kerberos4_reply(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; -{ - Session_Key skey; - - if (cnt-- < 1) - return; - switch (*data++) { - case KRB_REJECT: - if (cnt > 0) { - printf("[ Kerberos V4 refuses authentication because %.*s ]\r\n", - cnt, data); - } else - printf("[ Kerberos V4 refuses authentication ]\r\n"); - auth_send_retry(); - return; - case KRB_ACCEPT: - printf("[ Kerberos V4 accepts you ]\n"); - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - /* - * Send over the encrypted challange. - */ - Data(ap, KRB_CHALLANGE, (void *)session_key, - sizeof(session_key)); -#if defined(ENCRYPT) - des_ecb_encrypt(session_key, session_key, sched, 1); - skey.type = SK_DES; - skey.length = 8; - skey.data = session_key; - encrypt_session_key(&skey, 0); -#endif - return; - } - auth_finished(ap, AUTH_USER); - return; - case KRB_RESPONSE: - /* - * Verify that the response to the challange is correct. - */ - if ((cnt != sizeof(Block)) || - (0 != memcmp((void *)data, (void *)challange, - sizeof(challange)))) - { - printf("[ Kerberos V4 challange failed!!! ]\r\n"); - auth_send_retry(); - return; - } - printf("[ Kerberos V4 challange successful ]\r\n"); - auth_finished(ap, AUTH_USER); - break; - default: - if (auth_debug_mode) - printf("Unknown Kerberos option %d\r\n", data[-1]); - return; - } -} - - int -kerberos4_status(ap, name, level) - Authenticator *ap; - char *name; - int level; -{ - if (level < AUTH_USER) - return(level); - - if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { - strcpy(name, UserNameRequested); - return(AUTH_VALID); - } else - return(AUTH_USER); -} - -#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} -#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} - - void -kerberos4_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; -{ - char lbuf[32]; - register int i; - - buf[buflen-1] = '\0'; /* make sure its NULL terminated */ - buflen -= 1; - - switch(data[3]) { - case KRB_REJECT: /* Rejected (reason might follow) */ - strncpy((char *)buf, " REJECT ", buflen); - goto common; - - case KRB_ACCEPT: /* Accepted (name might follow) */ - strncpy((char *)buf, " ACCEPT ", buflen); - common: - BUMP(buf, buflen); - if (cnt <= 4) - break; - ADDC(buf, buflen, '"'); - for (i = 4; i < cnt; i++) - ADDC(buf, buflen, data[i]); - ADDC(buf, buflen, '"'); - ADDC(buf, buflen, '\0'); - break; - - case KRB_AUTH: /* Authentication data follows */ - strncpy((char *)buf, " AUTH", buflen); - goto common2; - - case KRB_CHALLANGE: - strncpy((char *)buf, " CHALLANGE", buflen); - goto common2; - - case KRB_RESPONSE: - strncpy((char *)buf, " RESPONSE", buflen); - goto common2; - - default: - sprintf(lbuf, " %d (unknown)", data[3]); - strncpy((char *)buf, lbuf, buflen); - common2: - BUMP(buf, buflen); - for (i = 4; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); - strncpy((char *)buf, lbuf, buflen); - BUMP(buf, buflen); - } - break; - } -} - - int -cksum(d, n) - unsigned char *d; - int n; -{ - int ck = 0; - - switch (n&03) - while (n > 0) { - case 0: - ck ^= *d++ << 24; - --n; - case 3: - ck ^= *d++ << 16; - --n; - case 2: - ck ^= *d++ << 8; - --n; - case 1: - ck ^= *d++; - --n; - } - return(ck); -} -#endif - -#ifdef notdef - -prkey(msg, key) - char *msg; - unsigned char *key; -{ - register int i; - printf("%s:", msg); - for (i = 0; i < 8; i++) - printf(" %3d", key[i]); - printf("\r\n"); -} -#endif diff --git a/lib/libtelnet/kerberos5.c b/lib/libtelnet/kerberos5.c deleted file mode 100644 index a257807c3413..000000000000 --- a/lib/libtelnet/kerberos5.c +++ /dev/null @@ -1,580 +0,0 @@ -/*- - * Copyright (c) 1991 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#ifndef lint -/*static char sccsid[] = "from: @(#)kerberos5.c 5.2 (Berkeley) 3/22/91";*/ -static char rcsid[] = "$Id: kerberos5.c,v 1.2 1993/08/01 18:32:34 mycroft Exp $"; -#endif /* not lint */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - - -#ifdef KRB5 -#include -#include -#include -#include -#include -#include -#include - -#ifdef __STDC__ -#include -#endif -#ifdef NO_STRING_H -#include -#else -#include -#endif - -#include "encrypt.h" -#include "auth.h" -#include "misc.h" - -extern auth_debug_mode; - -char *malloc(); - -static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, - AUTHTYPE_KERBEROS_V5, }; -static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION, - TELQUAL_NAME, }; - -#define KRB_AUTH 0 /* Authentication data follows */ -#define KRB_REJECT 1 /* Rejected (reason might follow) */ -#define KRB_ACCEPT 2 /* Accepted */ -#define KRB_CHALLANGE 3 /* Challange for mutual auth. */ -#define KRB_RESPONSE 4 /* Response for mutual auth. */ - -static krb5_data auth; - /* telnetd gets session key from here */ -static krb5_tkt_authent *authdat = NULL; - -#if defined(ENCRYPT) -Block session_key; -#endif -static Schedule sched; -static Block challange; - - static int -Data(ap, type, d, c) - Authenticator *ap; - int type; - void *d; - int c; -{ - unsigned char *p = str_data + 4; - unsigned char *cd = (unsigned char *)d; - - if (c == -1) - c = strlen((char *)cd); - - if (auth_debug_mode) { - printf("%s:%d: [%d] (%d)", - str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", - str_data[3], - type, c); - printd(d, c); - printf("\r\n"); - } - *p++ = ap->type; - *p++ = ap->way; - *p++ = type; - while (c-- > 0) { - if ((*p++ = *cd++) == IAC) - *p++ = IAC; - } - *p++ = IAC; - *p++ = SE; - if (str_data[3] == TELQUAL_IS) - printsub('>', &str_data[2], p - &str_data[2]); - return(net_write(str_data, p - str_data)); -} - - int -kerberos5_init(ap, server) - Authenticator *ap; - int server; -{ - if (server) - str_data[3] = TELQUAL_REPLY; - else - str_data[3] = TELQUAL_IS; - krb5_init_ets(); - return(1); -} - - int -kerberos5_send(ap) - Authenticator *ap; -{ - char **realms; - char *name; - char *p1, *p2; - krb5_checksum ksum; - krb5_octet sum[CRC32_CKSUM_LENGTH]; - krb5_data *server[4]; - krb5_data srvdata[3]; - krb5_error_code r; - krb5_ccache ccache; - krb5_creds creds; /* telnet gets session key from here */ - extern krb5_flags krb5_kdc_default_options; - - ksum.checksum_type = CKSUMTYPE_CRC32; - ksum.contents = sum; - ksum.length = sizeof(sum); - bzero((void *)sum, sizeof(sum)); - - if (!UserNameRequested) { - if (auth_debug_mode) { - printf("Kerberos V5: no user name supplied\r\n"); - } - return(0); - } - - if (r = krb5_cc_default(&ccache)) { - if (auth_debug_mode) { - printf("Kerberos V5: could not get default ccache\r\n"); - } - return(0); - } - - if ((name = malloc(strlen(RemoteHostName)+1)) == NULL) { - if (auth_debug_mode) - printf("Out of memory for hostname in Kerberos V5\r\n"); - return(0); - } - - if (r = krb5_get_host_realm(RemoteHostName, &realms)) { - if (auth_debug_mode) - printf("Kerberos V5: no realm for %s\r\n", RemoteHostName); - free(name); - return(0); - } - - p1 = RemoteHostName; - p2 = name; - - while (*p2 = *p1++) { - if (isupper(*p2)) - *p2 |= 040; - ++p2; - } - - srvdata[0].data = realms[0]; - srvdata[0].length = strlen(realms[0]); - srvdata[1].data = "rcmd"; - srvdata[1].length = 4; - srvdata[2].data = name; - srvdata[2].length = p2 - name; - - server[0] = &srvdata[0]; - server[1] = &srvdata[1]; - server[2] = &srvdata[2]; - server[3] = 0; - - bzero((char *)&creds, sizeof(creds)); - creds.server = (krb5_principal)server; - - if (r = krb5_cc_get_principal(ccache, &creds.client)) { - if (auth_debug_mode) { - printf("Keberos V5: failure on principal (%d)\r\n", - error_message(r)); - } - free(name); - krb5_free_host_realm(realms); - return(0); - } - - if (r = krb5_get_credentials(krb5_kdc_default_options, ccache, &creds)) { - if (auth_debug_mode) { - printf("Keberos V5: failure on credentials(%d)\r\n",r); - } - free(name); - krb5_free_host_realm(realms); - return(0); - } - - r = krb5_mk_req_extended(0, &ksum, &creds.times, - krb5_kdc_default_options, - ccache, &creds, 0, &auth); - - free(name); - krb5_free_host_realm(realms); - if (r) { - if (auth_debug_mode) { - printf("Keberos V5: mk_req failed\r\n"); - } - return(0); - } - - if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { - if (auth_debug_mode) - printf("Not enough room for user name\r\n"); - return(0); - } - if (!Data(ap, KRB_AUTH, auth.data, auth.length)) { - if (auth_debug_mode) - printf("Not enough room for authentication data\r\n"); - return(0); - } - /* - * If we are doing mutual authentication, get set up to send - * the challange, and verify it when the response comes back. - */ - if (((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) - && (creds.keyblock.keytype == KEYTYPE_DES)) { - register int i; - - des_key_sched(creds.keyblock.contents, sched); - des_set_random_generator_seed(creds.keyblock.contents); - des_new_random_key(challange); - des_ecb_encrypt(challange, session_key, sched, 1); - /* - * Increment the challange by 1, and encrypt it for - * later comparison. - */ - for (i = 7; i >= 0; --i) { - register int x; - x = (unsigned int)challange[i] + 1; - challange[i] = x; /* ignore overflow */ - if (x < 256) /* if no overflow, all done */ - break; - } - des_ecb_encrypt(challange, challange, sched, 1); - } - - if (auth_debug_mode) { - printf("Sent Kerberos V5 credentials to server\r\n"); - } - return(1); -} - - void -kerberos5_is(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; -{ - int r; - struct hostent *hp; - char *p1, *p2; - static char *realm = NULL; - krb5_data *server[4]; - krb5_data srvdata[3]; - Session_Key skey; - char *name; - char *getenv(); - - if (cnt-- < 1) - return; - switch (*data++) { - case KRB_AUTH: - auth.data = (char *)data; - auth.length = cnt; - - if (!(hp = gethostbyname(LocalHostName))) { - if (auth_debug_mode) - printf("Cannot resolve local host name\r\n"); - Data(ap, KRB_REJECT, "Unknown local hostname.", -1); - auth_finished(ap, AUTH_REJECT); - return; - } - - if (!realm && (krb5_get_default_realm(&realm))) { - if (auth_debug_mode) - printf("Could not get defualt realm\r\n"); - Data(ap, KRB_REJECT, "Could not get default realm.", -1); - auth_finished(ap, AUTH_REJECT); - return; - } - - if ((name = malloc(strlen(hp->h_name)+1)) == NULL) { - if (auth_debug_mode) - printf("Out of memory for hostname in Kerberos V5\r\n"); - Data(ap, KRB_REJECT, "Out of memory.", -1); - auth_finished(ap, AUTH_REJECT); - return; - } - - p1 = hp->h_name; - p2 = name; - - while (*p2 = *p1++) { - if (isupper(*p2)) - *p2 |= 040; - ++p2; - } - - srvdata[0].data = realm; - srvdata[0].length = strlen(realm); - srvdata[1].data = "rcmd"; - srvdata[1].length = 4; - srvdata[2].data = name; - srvdata[2].length = p2 - name; - - server[0] = &srvdata[0]; - server[1] = &srvdata[1]; - server[2] = &srvdata[2]; - server[3] = 0; - - if (authdat) - krb5_free_tkt_authent(authdat); - if (r = krb5_rd_req_simple(&auth, server, 0, &authdat)) { - char errbuf[128]; - - authdat = 0; - (void) strcpy(errbuf, "Read req failed: "); - (void) strcat(errbuf, error_message(r)); - Data(ap, KRB_REJECT, errbuf, -1); - if (auth_debug_mode) - printf("%s\r\n", errbuf); - return; - } - free(name); - if (krb5_unparse_name(authdat->ticket->enc_part2 ->client, - &name)) - name = 0; - Data(ap, KRB_ACCEPT, name, name ? -1 : 0); - if (auth_debug_mode) { - printf("Kerberos5 accepting him as ``%s''\r\n", - name ? name : ""); - } - auth_finished(ap, AUTH_USER); - if (authdat->ticket->enc_part2->session->keytype != KEYTYPE_DES) - break; - bcopy((void *)authdat->ticket->enc_part2->session->contents, - (void *)session_key, sizeof(Block)); - break; - - case KRB_CHALLANGE: - if (!VALIDKEY(session_key)) { - /* - * We don't have a valid session key, so just - * send back a response with an empty session - * key. - */ - Data(ap, KRB_RESPONSE, (void *)0, 0); - break; - } - - des_key_sched(session_key, sched); - bcopy((void *)data, (void *)datablock, sizeof(Block)); - /* - * Take the received encrypted challange, and encrypt - * it again to get a unique session_key for the - * ENCRYPT option. - */ - des_ecb_encrypt(datablock, session_key, sched, 1); - skey.type = SK_DES; - skey.length = 8; - skey.data = session_key; - encrypt_session_key(&skey, 1); - /* - * Now decrypt the received encrypted challange, - * increment by one, re-encrypt it and send it back. - */ - des_ecb_encrypt(datablock, challange, sched, 0); - for (r = 7; r >= 0; r++) { - register int t; - t = (unsigned int)challange[r] + 1; - challange[r] = t; /* ignore overflow */ - if (t < 256) /* if no overflow, all done */ - break; - } - des_ecb_encrypt(challange, challange, sched, 1); - Data(ap, KRB_RESPONSE, (void *)challange, sizeof(challange)); - break; - - default: - if (auth_debug_mode) - printf("Unknown Kerberos option %d\r\n", data[-1]); - Data(ap, KRB_REJECT, 0, 0); - break; - } -} - - void -kerberos5_reply(ap, data, cnt) - Authenticator *ap; - unsigned char *data; - int cnt; -{ - Session_Key skey; - - if (cnt-- < 1) - return; - switch (*data++) { - case KRB_REJECT: - if (cnt > 0) { - printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n", - cnt, data); - } else - printf("[ Kerberos V5 refuses authentication ]\r\n"); - auth_send_retry(); - return; - case KRB_ACCEPT: - printf("[ Kerberos V5 accepts you ]\n", cnt, data); - if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { - /* - * Send over the encrypted challange. - */ - Data(ap, KRB_CHALLANGE, (void *)session_key, - sizeof(session_key)); -#if defined(ENCRYPT) - des_ecb_encrypt(session_key, session_key, sched, 1); - skey.type = SK_DES; - skey.length = 8; - skey.data = session_key; - encrypt_session_key(&skey, 0); -#endif - return; - } - auth_finished(ap, AUTH_USER); - return; - case KRB_RESPONSE: - /* - * Verify that the response to the challange is correct. - */ - if ((cnt != sizeof(Block)) || - (0 != memcmp((void *)data, (void *)challange, - sizeof(challange)))) - { - printf("[ Kerberos V5 challange failed!!! ]\r\n"); - auth_send_retry(); - return; - } - printf("[ Kerberos V5 challange successful ]\r\n"); - auth_finished(ap, AUTH_USER); - break; - default: - if (auth_debug_mode) - printf("Unknown Kerberos option %d\r\n", data[-1]); - return; - } -} - - int -kerberos5_status(ap, name, level) - Authenticator *ap; - char *name; - int level; -{ - if (level < AUTH_USER) - return(level); - - if (UserNameRequested && - krb5_kuserok(authdat->ticket->enc_part2->client, UserNameRequested)) - { - strcpy(name, UserNameRequested); - return(AUTH_VALID); - } else - return(AUTH_USER); -} - -#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} -#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len));} - - void -kerberos5_printsub(data, cnt, buf, buflen) - unsigned char *data, *buf; - int cnt, buflen; -{ - char lbuf[32]; - register int i; - - buf[buflen-1] = '\0'; /* make sure its NULL terminated */ - buflen -= 1; - - switch(data[3]) { - case KRB_REJECT: /* Rejected (reason might follow) */ - strncpy((char *)buf, " REJECT ", buflen); - goto common; - - case KRB_ACCEPT: /* Accepted (name might follow) */ - strncpy((char *)buf, " ACCEPT ", buflen); - common: - BUMP(buf, buflen); - if (cnt <= 4) - break; - ADDC(buf, buflen, '"'); - for (i = 4; i < cnt; i++) - ADDC(buf, buflen, data[i]); - ADDC(buf, buflen, '"'); - ADDC(buf, buflen, '\0'); - break; - - case KRB_AUTH: /* Authentication data follows */ - strncpy((char *)buf, " AUTH", buflen); - goto common2; - - case KRB_CHALLANGE: - strncpy((char *)buf, " CHALLANGE", buflen); - goto common2; - - case KRB_RESPONSE: - strncpy((char *)buf, " RESPONSE", buflen); - goto common2; - - default: - sprintf(lbuf, " %d (unknown)", data[3]); - strncpy((char *)buf, lbuf, buflen); - common2: - BUMP(buf, buflen); - for (i = 4; i < cnt; i++) { - sprintf(lbuf, " %d", data[i]); - strncpy((char *)buf, lbuf, buflen); - BUMP(buf, buflen); - } - break; - } -} -#endif diff --git a/lib/libtelnet/key-proto.h b/lib/libtelnet/key-proto.h deleted file mode 100644 index c36b31964a2e..000000000000 --- a/lib/libtelnet/key-proto.h +++ /dev/null @@ -1,72 +0,0 @@ -/*- - * Copyright (c) 1991 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * from: @(#)key-proto.h 5.1 (Berkeley) 2/28/91 - * $Id: key-proto.h,v 1.2 1993/08/01 18:32:50 mycroft Exp $ - */ - -/* - * Copyright (C) 1990 by the Massachusetts Institute of Technology - * - * Export of this software from the United States of America is assumed - * to require a specific license from the United States Government. - * It is the responsibility of any person or organization contemplating - * export to obtain such a license before exporting. - * - * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - * distribute this software and its documentation for any purpose and - * without fee is hereby granted, provided that the above copyright - * notice appear in all copies and that both that copyright notice and - * this permission notice appear in supporting documentation, and that - * the name of M.I.T. not be used in advertising or publicity pertaining - * to distribution of the software without specific, written prior - * permission. M.I.T. makes no representations about the suitability of - * this software for any purpose. It is provided "as is" without express - * or implied warranty. - */ - -#ifndef __KEY_PROTO__ -#define __KEY_PROTO__ - -#if !defined(P) -#ifdef __STDC__ -#define P(x) x -#else -#define P(x) () -#endif -#endif - -int key_file_exists P((void)); -void key_lookup P((unsigned char *, Block)); -void key_stream_init P((Block, Block, int)); -unsigned char key_stream P((int, int)); -#endif