Upgrade to the latest & greatest authentication/encryption

author Dave A. Borman <dab@ucbvax.Berkeley.EDU>

Sat, 23 Mar 1991 05:17:52 +0000 (21:17 -0800)

committer Dave A. Borman <dab@ucbvax.Berkeley.EDU>

Sat, 23 Mar 1991 05:17:52 +0000 (21:17 -0800)
author Dave A. Borman <dab@ucbvax.Berkeley.EDU>
Sat, 23 Mar 1991 05:17:52 +0000 (21:17 -0800)
committer Dave A. Borman <dab@ucbvax.Berkeley.EDU>
Sat, 23 Mar 1991 05:17:52 +0000 (21:17 -0800)
diff --git a/usr/src/lib/libtelnet/Makefile b/usr/src/lib/libtelnet/Makefile

index 5cd75ec..b8940e7 100644 (file)
--- a/usr/src/lib/libtelnet/Makefile
+++ b/usr/src/lib/libtelnet/Makefile
@@ -4,15 +4,15 @@
  #
  # %sccs.include.redist.sh
  #
  #
  # %sccs.include.redist.sh
  #
-#      @(#)Makefile    5.2 (Berkeley) %G%
+#      @(#)Makefile    5.3 (Berkeley) %G%
  #
  
  LIB=   telnet
  SRCS=  auth.c encrypt.c genget.c getent.c gettytab.c misc.c
  #
  
  LIB=   telnet
  SRCS=  auth.c encrypt.c genget.c getent.c gettytab.c misc.c
-SRCS+= kerberos.c krb_des.c
-#SRCS+=        kerberos5.c simple_auth.c
+SRCS+= kerberos.c enc_des.c
+#SRCS+=        kerberos5.c
  CFLAGS+= -DENCRYPT -DAUTHENTICATE
  CFLAGS+= -DENCRYPT -DAUTHENTICATE
-CFLAGS+= -DKRB4 -DKRBDES_ENCRYPT -I/usr/include/kerberosIV
+CFLAGS+= -DKRB4 -DDES_ENCRYPT -I/usr/include/kerberosIV
  
  .PATH:  ${.CURDIR}/../../libexec/getty
  .include <bsd.lib.mk>
  
  .PATH:  ${.CURDIR}/../../libexec/getty
  .include <bsd.lib.mk>
diff --git a/usr/src/lib/libtelnet/auth-proto.h b/usr/src/lib/libtelnet/auth-proto.h

index 20d8f84..4eb0d4e 100644 (file)
--- a/usr/src/lib/libtelnet/auth-proto.h
+++ b/usr/src/lib/libtelnet/auth-proto.h
@@ -4,7 +4,7 @@
   *
   * %sccs.include.redist.c%
   *
   *
   * %sccs.include.redist.c%
   *
- *     @(#)auth-proto.h        5.1 (Berkeley) %G%
+ *     @(#)auth-proto.h        5.2 (Berkeley) %G%
   */
  
  /*
   */
  
  /*
@@ -50,13 +50,6 @@ int auth_wait P((char *));
  void auth_disable_name P((char *));
  void auth_gen_printsub P((unsigned char *, int, unsigned char *, int));
  
  void auth_disable_name P((char *));
  void auth_gen_printsub P((unsigned char *, int, unsigned char *, int));
  
-#ifdef SIMPLE_AUTH
-int simple_auth_init P((Authenticator *, int));
-int simple_auth_send P((Authenticator *));
-void simple_auth_is_reply P((Authenticator *, unsigned char *, int));
-void simple_auth_printsub P((unsigned char *, int, unsigned char *, int));
-#endif
-
  #ifdef KRB4
  int kerberos4_init P((Authenticator *, int));
  int kerberos4_send P((Authenticator *));
  #ifdef KRB4
  int kerberos4_init P((Authenticator *, int));
  int kerberos4_send P((Authenticator *));
diff --git a/usr/src/lib/libtelnet/auth.c b/usr/src/lib/libtelnet/auth.c

index 6ca1eb8..fb0d4cb 100644 (file)
--- a/usr/src/lib/libtelnet/auth.c
+++ b/usr/src/lib/libtelnet/auth.c
@@ -6,7 +6,7 @@
   */
  
  #ifndef lint
   */
  
  #ifndef lint
-static char sccsid[] = "@(#)auth.c     5.1 (Berkeley) %G%";
+static char sccsid[] = "@(#)auth.c     5.2 (Berkeley) %G%";
  #endif /* not lint */
  
  /*
  #endif /* not lint */
  
  /*
@@ -58,7 +58,6 @@ static        int     Server = 0;
  static Authenticator   *authenticated = 0;
  static int     authenticating = 0;
  static int     validuser = 0;
  static Authenticator   *authenticated = 0;
  static int     authenticating = 0;
  static int     validuser = 0;
-static char    valid_name[256];
  static unsigned char   _auth_send_data[256];
  static unsigned char   *auth_send_data;
  static int     auth_send_cnt = 0;
  static unsigned char   _auth_send_data[256];
  static unsigned char   *auth_send_data;
  static int     auth_send_cnt = 0;
@@ -69,6 +68,13 @@ static       int     auth_send_cnt = 0;
   */
  Authenticator authenticators[] = {
  #ifdef KRB5
   */
  Authenticator authenticators[] = {
  #ifdef KRB5
+       { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+                               kerberos5_init,
+                               kerberos5_send,
+                               kerberos5_is,
+                               kerberos5_reply,
+                               kerberos5_status,
+                               kerberos5_printsub },
         { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
                                 kerberos5_init,
                                 kerberos5_send,
         { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
                                 kerberos5_init,
                                 kerberos5_send,
@@ -78,6 +84,13 @@ Authenticator authenticators[] = {
                                 kerberos5_printsub },
  #endif
  #ifdef KRB4
                                 kerberos5_printsub },
  #endif
  #ifdef KRB4
+       { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
+                               kerberos4_init,
+                               kerberos4_send,
+                               kerberos4_is,
+                               kerberos4_reply,
+                               kerberos4_status,
+                               kerberos4_printsub },
         { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
                                 kerberos4_init,
                                 kerberos4_send,
         { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
                                 kerberos4_init,
                                 kerberos4_send,
@@ -85,15 +98,6 @@ Authenticator authenticators[] = {
                                 kerberos4_reply,
                                 kerberos4_status,
                                 kerberos4_printsub },
                                 kerberos4_reply,
                                 kerberos4_status,
                                 kerberos4_printsub },
-#endif
-#ifdef SIMPLE_AUTH
-       { AUTHTYPE_TEST,        AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
-                               simple_auth_init,
-                               simple_auth_send,
-                               simple_auth_is_reply,
-                               simple_auth_is_reply,
-                               0,
-                               simple_auth_printsub },
  #endif
         { 0, },
  };
  #endif
         { 0, },
  };
@@ -132,9 +136,9 @@ auth_init(name, server)
                 if (!ap->init || (*ap->init)(ap, server)) {
                         i_support |= typemask(ap->type);
                         if (auth_debug_mode)
                 if (!ap->init || (*ap->init)(ap, server)) {
                         i_support |= typemask(ap->type);
                         if (auth_debug_mode)
-                               printf(">>>%s: I support auth type %d\r\n",
+                               printf(">>>%s: I support auth type %d %d\r\n",
                                         Name,
                                         Name,
-                                       ap->type);
+                                       ap->type, ap->way);
                 }
                 ++ap;
         }
                 }
                 ++ap;
         }
@@ -218,9 +222,13 @@ auth_onoff(type, on)
  }
  
         int
  }
  
         int
-auth_togdebug()
+auth_togdebug(on)
+       int on;
  {
  {
-       auth_debug_mode ^= 1;
+       if (on < 0)
+               auth_debug_mode ^= 1;
+       else
+               auth_debug_mode = on;
         printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
         return(1);
  }
         printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
         return(1);
  }
@@ -260,8 +268,8 @@ auth_request()
                 while (ap->type) {
                         if (i_support & ~i_wont_support & typemask(ap->type)) {
                                 if (auth_debug_mode) {
                 while (ap->type) {
                         if (i_support & ~i_wont_support & typemask(ap->type)) {
                                 if (auth_debug_mode) {
-                                       printf(">>>%s: Sending type %d\r\n",
-                                               Name, ap->type);
+                                       printf(">>>%s: Sending type %d %d\r\n",
+                                               Name, ap->type, ap->way);
                                 }
                                 *e++ = ap->type;
                                 *e++ = ap->way;
                                 }
                                 *e++ = ap->type;
                                 *e++ = ap->way;
@@ -336,8 +344,9 @@ auth_send(data, cnt)
                                 printf("Internal state error: cannot find authentication type %d a second time\r\n", *auth_send_data);
                         } else if (ap->send) {
                                 if (auth_debug_mode)
                                 printf("Internal state error: cannot find authentication type %d a second time\r\n", *auth_send_data);
                         } else if (ap->send) {
                                 if (auth_debug_mode)
-                                       printf(">>>%s: Trying %d\r\n",
-                                               Name, *auth_send_data);
+                                       printf(">>>%s: Trying %d %d\r\n",
+                                               Name, auth_send_data[0],
+                                                       auth_send_data[1]);
                                 if ((*ap->send)(ap)) {
                                         /*
                                          * Okay, we found one we like
                                 if ((*ap->send)(ap)) {
                                         /*
                                          * Okay, we found one we like
@@ -416,6 +425,55 @@ auth_reply(data, cnt)
                         Name, *data);
  }
  
                         Name, *data);
  }
  
+       void
+auth_name(data, cnt)
+       unsigned char *data;
+       int cnt;
+{
+       Authenticator *ap;
+       unsigned char savename[256];
+
+       if (cnt < 1) {
+               if (auth_debug_mode)
+                       printf(">>>%s: Empty name in NAME\r\n", Name);
+               return;
+       }
+       if (cnt > sizeof(savename) - 1) {
+               if (auth_debug_mode)
+                       printf(">>>%s: Name in NAME (%d) exceeds %d length\r\n",
+                                       Name, cnt, sizeof(savename)-1);
+               return;
+       }
+       bcopy((void *)data, (void *)savename, cnt);
+       savename[cnt] = '\0';   /* Null terminate */
+       if (auth_debug_mode)
+               printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
+       auth_encrypt_user(savename);
+}
+
+       int
+auth_sendname(cp, len)
+       unsigned char *cp;
+       int len;
+{
+       static unsigned char str_request[256+6]
+                       = { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, };
+       register unsigned char *e = str_request + 4;
+       register unsigned char *ee = &str_request[sizeof(str_request)-2];
+
+       while (--len >= 0) {
+               if ((*e++ = *cp++) == IAC)
+                       *e++ = IAC;
+               if (e >= ee)
+                       return(0);
+       }
+       *e++ = IAC;
+       *e++ = SE;
+       net_write(str_request, e - str_request);
+       printsub('>', &str_request[2], e - &str_request[2]);
+       return(1);
+}
+
         void
  auth_finished(ap, result)
         Authenticator *ap;
         void
  auth_finished(ap, result)
         Authenticator *ap;
diff --git a/usr/src/lib/libtelnet/enc-proto.h b/usr/src/lib/libtelnet/enc-proto.h

index d5eff39..db5ddd1 100644 (file)
--- a/usr/src/lib/libtelnet/enc-proto.h
+++ b/usr/src/lib/libtelnet/enc-proto.h
@@ -4,7 +4,7 @@
   *
   * %sccs.include.redist.c%
   *
   *
   * %sccs.include.redist.c%
   *
- *     @(#)enc-proto.h 5.1 (Berkeley) %G%
+ *     @(#)enc-proto.h 5.2 (Berkeley) %G%
   */
  
  /*
   */
  
  /*
@@ -38,7 +38,8 @@
  void encrypt_init P((char *, int));
  Encryptions *findencryption P((int));
  void encrypt_send_supprt P((void));
  void encrypt_init P((char *, int));
  Encryptions *findencryption P((int));
  void encrypt_send_supprt P((void));
-void encrypt_auto P((void));
+void encrypt_auto P((int));
+void decrypt_auto P((int));
  void encrypt_is P((unsigned char *, int));
  void encrypt_reply P((unsigned char *, int));
  void encrypt_start_input P((int));
  void encrypt_is P((unsigned char *, int));
  void encrypt_reply P((unsigned char *, int));
  void encrypt_start_input P((int));
@@ -51,6 +52,7 @@ void encrypt_send_request_end P((void));
  void encrypt_send_end P((void));
  void encrypt_wait P((void));
  void encrypt_send_support P((void));
  void encrypt_send_end P((void));
  void encrypt_wait P((void));
  void encrypt_send_support P((void));
+void encrypt_send_keyid P((int, unsigned char *, int, int));
  int net_write P((unsigned char *, int));
  
  #ifdef TELENTD
  int net_write P((unsigned char *, int));
  
  #ifdef TELENTD
@@ -60,14 +62,25 @@ int encrypt_cmd P((int, char **));
  void encrypt_display P((void));
  #endif
  
  void encrypt_display P((void));
  #endif
  
-void krbdes_encrypt P((unsigned char *, int));
-int krbdes_decrypt P((int));
-int krbdes_is P((unsigned char *, int));
-int krbdes_reply P((unsigned char *, int));
-void krbdes_init P((int));
-int krbdes_start P((int, int));
-void krbdes_session P((Session_Key *, int));
-void krbdes_printsub P((unsigned char *, int, unsigned char *, int));
+void cfb64_encrypt P((unsigned char *, int));
+int cfb64_decrypt P((int));
+void cfb64_init P((int));
+int cfb64_start P((int, int));
+int cfb64_is P((unsigned char *, int));
+int cfb64_reply P((unsigned char *, int));
+void cfb64_session P((Session_Key *, int));
+int cfb64_keyid P((int, unsigned char *, int *));
+void cfb64_printsub P((unsigned char *, int, unsigned char *, int));
+
+void ofb64_encrypt P((unsigned char *, int));
+int ofb64_decrypt P((int));
+void ofb64_init P((int));
+int ofb64_start P((int, int));
+int ofb64_is P((unsigned char *, int));
+int ofb64_reply P((unsigned char *, int));
+void ofb64_session P((Session_Key *, int));
+int ofb64_keyid P((int, unsigned char *, int *));
+void ofb64_printsub P((unsigned char *, int, unsigned char *, int));
  
  int  des_new_random_key P((Block));
  void des_set_random_generator_seed P((Block));
  
  int  des_new_random_key P((Block));
  void des_set_random_generator_seed P((Block));
diff --git a/usr/src/lib/libtelnet/encrypt.c b/usr/src/lib/libtelnet/encrypt.c

index f207ccd..12841a1 100644 (file)
--- a/usr/src/lib/libtelnet/encrypt.c
+++ b/usr/src/lib/libtelnet/encrypt.c
@@ -6,7 +6,7 @@
   */
  
  #ifndef lint
   */
  
  #ifndef lint
-static char sccsid[] = "@(#)encrypt.c  5.1 (Berkeley) %G%";
+static char sccsid[] = "@(#)encrypt.c  5.2 (Berkeley) %G%";
  #endif /* not lint */
  
  /*
  #endif /* not lint */
  
  /*
@@ -60,37 +60,53 @@ static int encrypt_verbose = 0;
  static int autoencrypt = 0;
  static int autodecrypt = 0;
  static int havesessionkey = 0;
  static int autoencrypt = 0;
  static int autodecrypt = 0;
  static int havesessionkey = 0;
-static int encrypt_mark = 0;
-static int decrypt_mark = 0;
  static int Server = 0;
  static char *Name = "Noname";
  
  #define        typemask(x)     ((x) > 0 ? 1 << ((x)-1) : 0)
  
  static int Server = 0;
  static char *Name = "Noname";
  
  #define        typemask(x)     ((x) > 0 ? 1 << ((x)-1) : 0)
  
-static long i_support_encrypt = typemask(ENCTYPE_KRBDES);
-static long i_support_decrypt = typemask(ENCTYPE_KRBDES);
+static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64)
+                               | typemask(ENCTYPE_DES_OFB64);
+static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64)
+                               | typemask(ENCTYPE_DES_OFB64);
+static long i_wont_support_encrypt = 0;
+static long i_wont_support_decrypt = 0;
+#define        I_SUPPORT_ENCRYPT       (i_support_encrypt & ~i_wont_support_encrypt)
+#define        I_SUPPORT_DECRYPT       (i_support_decrypt & ~i_wont_support_decrypt)
+
  static long remote_supports_encrypt = 0;
  static long remote_supports_decrypt = 0;
  
  static Encryptions encryptions[] = {
  static long remote_supports_encrypt = 0;
  static long remote_supports_decrypt = 0;
  
  static Encryptions encryptions[] = {
-#if    defined(KRBDES_ENCRYPT)
-    { "KRBDES",                ENCTYPE_KRBDES,
-                       krbdes_encrypt, 
-                       krbdes_decrypt,
-                       krbdes_init,
-                       krbdes_start,
-                       krbdes_is,
-                       krbdes_reply,
-                       krbdes_session,
-                       krbdes_printsub },
+#if    defined(DES_ENCRYPT)
+    { "DES_CFB64",     ENCTYPE_DES_CFB64,
+                       cfb64_encrypt,  
+                       cfb64_decrypt,
+                       cfb64_init,
+                       cfb64_start,
+                       cfb64_is,
+                       cfb64_reply,
+                       cfb64_session,
+                       cfb64_keyid,
+                       cfb64_printsub },
+    { "DES_OFB64",     ENCTYPE_DES_OFB64,
+                       ofb64_encrypt,  
+                       ofb64_decrypt,
+                       ofb64_init,
+                       ofb64_start,
+                       ofb64_is,
+                       ofb64_reply,
+                       ofb64_session,
+                       ofb64_keyid,
+                       ofb64_printsub },
  #endif
      { 0, },
  };
  
  static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT,
  #endif
      { 0, },
  };
  
  static unsigned char str_send[64] = { IAC, SB, TELOPT_ENCRYPT,
-                                        ENCRYPT_SUPPORT, };
+                                        ENCRYPT_SUPPORT };
  static unsigned char str_suplen = 0;
  static unsigned char str_suplen = 0;
-static unsigned char str_start[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
+static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT };
  static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
  
         Encryptions *
  static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
  
         Encryptions *
@@ -99,7 +115,7 @@ findencryption(type)
  {
         Encryptions *ep = encryptions;
  
  {
         Encryptions *ep = encryptions;
  
-       if (!(i_support_encrypt & remote_supports_decrypt & typemask(type)))
+       if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt & typemask(type)))
                 return(0);
         while (ep->type && ep->type != type)
                 ++ep;
                 return(0);
         while (ep->type && ep->type != type)
                 ++ep;
@@ -112,13 +128,26 @@ finddecryption(type)
  {
         Encryptions *ep = encryptions;
  
  {
         Encryptions *ep = encryptions;
  
-       if (!(i_support_decrypt & remote_supports_encrypt & typemask(type)))
+       if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & typemask(type)))
                 return(0);
         while (ep->type && ep->type != type)
                 ++ep;
         return(ep->type ? ep : 0);
  }
  
                 return(0);
         while (ep->type && ep->type != type)
                 ++ep;
         return(ep->type ? ep : 0);
  }
  
+#define        MAXKEYLEN 64
+
+static struct key_info {
+       unsigned char keyid[MAXKEYLEN];
+       int keylen;
+       int dir;
+       int *modep;
+       Encryptions *(*getcrypt)();
+} ki[2] = {
+       { { 0 }, 0, DIR_ENCRYPT, &encrypt_mode, findencryption },
+       { { 0 }, 0, DIR_DECRYPT, &decrypt_mode, finddecryption },
+};
+
         void
  encrypt_init(name, server)
         char *name;
         void
  encrypt_init(name, server)
         char *name;
@@ -146,8 +175,9 @@ encrypt_init(name, server)
                                 Name, ENCTYPE_NAME(ep->type));
                 i_support_encrypt |= typemask(ep->type);
                 i_support_decrypt |= typemask(ep->type);
                                 Name, ENCTYPE_NAME(ep->type));
                 i_support_encrypt |= typemask(ep->type);
                 i_support_decrypt |= typemask(ep->type);
-               if ((str_send[str_suplen++] = ep->type) == IAC)
-                       str_send[str_suplen++] = IAC;
+               if ((i_wont_support_decrypt & typemask(ep->type)) == 0)
+                       if ((str_send[str_suplen++] = ep->type) == IAC)
+                               str_send[str_suplen++] = IAC;
                 if (ep->init)
                         (*ep->init)(Server);
                 ++ep;
                 if (ep->init)
                         (*ep->init)(Server);
                 ++ep;
@@ -163,7 +193,7 @@ encrypt_list_types()
  
         printf("Valid encryption types:\n");
         while (ep->type) {
  
         printf("Valid encryption types:\n");
         while (ep->type) {
-               printf("\t%s\n\n", ENCTYPE_NAME(ep->type));
+               printf("\t%s (%d)\r\n", ENCTYPE_NAME(ep->type), ep->type);
                 ++ep;
         }
  }
                 ++ep;
         }
  }
@@ -182,42 +212,71 @@ EncryptEnable(type, mode)
         return(0);
  }
  
         return(0);
  }
  
+       int
+EncryptDisable(type, mode)
+       char *type, *mode;
+{
+       register Encryptions *ep;
+       int ret = 0;
+
+       if (isprefix(type, "help") || isprefix(type, "?")) {
+               printf("Usage: encrypt disable <type> [input|output]\n");
+               encrypt_list_types();
+       } else if ((ep = (Encryptions *)genget(type, encryptions,
+                                               sizeof(Encryptions))) == 0) {
+               printf("%s: invalid encryption type\n", type);
+       } else if (Ambiguous(ep)) {
+               printf("Ambiguous type '%s'\n", type);
+       } else {
+               if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) {
+                       if (decrypt_mode == ep->type)
+                               EncryptStopInput();
+                       i_wont_support_decrypt |= typemask(ep->type);
+                       ret = 1;
+               }
+               if ((mode == 0) || (isprefix(mode, "output"))) {
+                       if (encrypt_mode == ep->type)
+                               EncryptStopOutput();
+                       i_wont_support_encrypt |= typemask(ep->type);
+                       ret = 1;
+               }
+               if (ret == 0)
+                       printf("%s: invalid encryption mode\n", mode);
+       }
+       return(ret);
+}
+
         int
  EncryptType(type, mode)
         char *type;
         char *mode;
  {
         register Encryptions *ep;
         int
  EncryptType(type, mode)
         char *type;
         char *mode;
  {
         register Encryptions *ep;
+       int ret = 0;
  
         if (isprefix(type, "help") || isprefix(type, "?")) {
                 printf("Usage: encrypt type <type> [input|output]\n");
                 encrypt_list_types();
  
         if (isprefix(type, "help") || isprefix(type, "?")) {
                 printf("Usage: encrypt type <type> [input|output]\n");
                 encrypt_list_types();
-               return(0);
-       }
-
-       ep = (Encryptions *)genget(type, encryptions, sizeof(Encryptions));
-
-       if (ep == 0) {
+       } else if ((ep = (Encryptions *)genget(type, encryptions,
+                                               sizeof(Encryptions))) == 0) {
                 printf("%s: invalid encryption type\n", type);
                 printf("%s: invalid encryption type\n", type);
-               return(0);
-       }
-       if (Ambiguous(ep)) {
+       } else if (Ambiguous(ep)) {
                 printf("Ambiguous type '%s'\n", type);
                 printf("Ambiguous type '%s'\n", type);
-               return(0);
-       }
-
-       if (mode) {
-               if (isprefix(mode, "input"))
+       } else {
+               if ((mode == 0) || isprefix(mode, "input")) {
                         decrypt_mode = ep->type;
                         decrypt_mode = ep->type;
-               else if (isprefix(mode, "output"))
+                       i_wont_support_decrypt &= ~typemask(ep->type);
+                       ret = 1;
+               }
+               if ((mode == 0) || isprefix(mode, "output")) {
                         encrypt_mode = ep->type;
                         encrypt_mode = ep->type;
-               else {
-                       printf("%s: invalid encryption mode\n", mode);
-                       return(0);
+                       i_wont_support_encrypt &= ~typemask(ep->type);
+                       ret = 1;
                 }
                 }
-       } else
-               decrypt_mode = encrypt_mode = ep->type;
-       return(1);
+               if (ret == 0)
+                       printf("%s: invalid encryption mode\n", mode);
+       }
+       return(ret);
  }
  
         int
  }
  
         int
@@ -351,33 +410,50 @@ encrypt_send_support()
  }
  
         int
  }
  
         int
-EncryptTogDebug()
+EncryptDebug(on)
+       int on;
  {
  {
-       encrypt_debug_mode ^= 1;
+       if (on < 0)
+               encrypt_debug_mode ^= 1;
+       else
+               encrypt_debug_mode = on;
         printf("Encryption debugging %s\r\n",
                 encrypt_debug_mode ? "enabled" : "disabled");
         return(1);
  }
  
         int
         printf("Encryption debugging %s\r\n",
                 encrypt_debug_mode ? "enabled" : "disabled");
         return(1);
  }
  
         int
-EncryptTogVerbose()
+EncryptVerbose(on)
+       int on;
  {
  {
-       encrypt_verbose ^= 1;
+       if (on < 0)
+               encrypt_verbose ^= 1;
+       else
+               encrypt_verbose = on;
         printf("Encryption %s verbose\r\n",
                 encrypt_verbose ? "is" : "is not");
         return(1);
  }
  
         int
         printf("Encryption %s verbose\r\n",
                 encrypt_verbose ? "is" : "is not");
         return(1);
  }
  
         int
-EncryptTogAuto()
+EncryptAutoEnc(on)
+       int on;
  {
  {
-       autoencrypt ^= 1;
-       autodecrypt ^= 1;
-       printf("Automatic encryption of data is %s\r\n",
+       encrypt_auto(on);
+       printf("Automatic encryption of output is %s\r\n",
                 autoencrypt ? "enabled" : "disabled");
         return(1);
  }
  
                 autoencrypt ? "enabled" : "disabled");
         return(1);
  }
  
+       int
+EncryptAutoDec(on)
+       int on;
+{
+       decrypt_auto(on);
+       printf("Automatic decryption of input is %s\r\n",
+               autodecrypt ? "enabled" : "disabled");
+       return(1);
+}
  
  /*
   * Called when ENCRYPT SUPPORT is received.
  
  /*
   * Called when ENCRYPT SUPPORT is received.
@@ -402,7 +478,7 @@ encrypt_support(typelist, cnt)
                                 Name,
                                 ENCTYPE_NAME(type), type);
                 if ((type < ENCTYPE_CNT) &&
                                 Name,
                                 ENCTYPE_NAME(type), type);
                 if ((type < ENCTYPE_CNT) &&
-                   (i_support_encrypt & typemask(type))) {
+                   (I_SUPPORT_ENCRYPT & typemask(type))) {
                         remote_supports_decrypt |= typemask(type);
                         if (use_type == 0)
                                 use_type = type;
                         remote_supports_decrypt |= typemask(type);
                         if (use_type == 0)
                                 use_type = type;
@@ -418,7 +494,7 @@ encrypt_support(typelist, cnt)
                                         Name, type);
                 if (type < 0)
                         return;
                                         Name, type);
                 if (type < 0)
                         return;
-               encrypt_mode = type;
+               encrypt_mode = use_type;
                 if (type == 0)
                         encrypt_start_output(use_type);
         }
                 if (type == 0)
                         encrypt_start_output(use_type);
         }
@@ -441,21 +517,25 @@ encrypt_is(data, cnt)
                 if (encrypt_debug_mode)
                         printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
                                 Name,
                 if (encrypt_debug_mode)
                         printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
                                 Name,
-                               ENCTYPE_NAME(data[-1]), data[1]);
+                               ENCTYPE_NAME_OK(type)
+                                       ? ENCTYPE_NAME(type) : "(unknown)",
+                               type);
                 return;
         }
         if (!ep->is) {
                 if (encrypt_debug_mode)
                         printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
                                 Name,
                 return;
         }
         if (!ep->is) {
                 if (encrypt_debug_mode)
                         printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
                                 Name,
-                               ENCTYPE_NAME(type), type);
+                               ENCTYPE_NAME_OK(type)
+                                       ? ENCTYPE_NAME(type) : "(unknown)",
+                               type);
                 ret = 0;
         } else {
                 ret = (*ep->is)(data, cnt);
                 ret = 0;
         } else {
                 ret = (*ep->is)(data, cnt);
-/*@*/          if (encrypt_debug_mode)
-/*@*/                  printf("(*ep->is)(%x, %d) returned %s(%d)\n", data, cnt,
-/*@*/                          (ret < 0) ? "FAIL " :
-/*@*/                          (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
+               if (encrypt_debug_mode)
+                       printf("(*ep->is)(%x, %d) returned %s(%d)\n", data, cnt,
+                               (ret < 0) ? "FAIL " :
+                               (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
         }
         if (ret < 0) {
                 autodecrypt = 0;
         }
         if (ret < 0) {
                 autodecrypt = 0;
@@ -481,22 +561,26 @@ encrypt_reply(data, cnt)
                 if (encrypt_debug_mode)
                         printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
                                 Name,
                 if (encrypt_debug_mode)
                         printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
                                 Name,
-                               ENCTYPE_NAME(data[-1]), data[1]);
+                               ENCTYPE_NAME_OK(type)
+                                       ? ENCTYPE_NAME(type) : "(unknown)",
+                               type);
                 return;
         }
         if (!ep->reply) {
                 if (encrypt_debug_mode)
                         printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
                                 Name,
                 return;
         }
         if (!ep->reply) {
                 if (encrypt_debug_mode)
                         printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
                                 Name,
-                               ENCTYPE_NAME(data[-1]), data[1]);
+                               ENCTYPE_NAME_OK(type)
+                                       ? ENCTYPE_NAME(type) : "(unknown)",
+                               type);
                 ret = 0;
         } else {
                 ret = (*ep->reply)(data, cnt);
                 ret = 0;
         } else {
                 ret = (*ep->reply)(data, cnt);
-/*@*/          if (encrypt_debug_mode)
-/*@*/                  printf("(*ep->reply)(%x, %d) returned %s(%d)\n",
-/*@*/                          data, cnt,
-/*@*/                          (ret < 0) ? "FAIL " :
-/*@*/                          (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
+               if (encrypt_debug_mode)
+                       printf("(*ep->reply)(%x, %d) returned %s(%d)\n",
+                               data, cnt,
+                               (ret < 0) ? "FAIL " :
+                               (ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
         }
         if (encrypt_debug_mode)
                 printf(">>>%s: encrypt_reply returned %d\n", Name, ret);
         }
         if (encrypt_debug_mode)
                 printf(">>>%s: encrypt_reply returned %d\n", Name, ret);
@@ -513,7 +597,9 @@ encrypt_reply(data, cnt)
   * Called when a ENCRYPT START command is received.
   */
         void
   * Called when a ENCRYPT START command is received.
   */
         void
-encrypt_start()
+encrypt_start(data, cnt)
+       unsigned char *data;
+       int cnt;
  {
         Encryptions *ep;
  
  {
         Encryptions *ep;
  
@@ -539,7 +625,11 @@ encrypt_start()
                                 Name, ENCTYPE_NAME(decrypt_mode));
         } else {
                 printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n",
                                 Name, ENCTYPE_NAME(decrypt_mode));
         } else {
                 printf("%s: Warning, Cannot decrypt type %s (%d)!!!\r\n",
-                               Name, ENCTYPE_NAME(decrypt_mode), decrypt_mode);
+                               Name,
+                               ENCTYPE_NAME_OK(decrypt_mode)
+                                       ? ENCTYPE_NAME(decrypt_mode)
+                                       : "(unknown)",
+                               decrypt_mode);
                 encrypt_send_request_end();
         }
  }
                 encrypt_send_request_end();
         }
  }
@@ -556,10 +646,6 @@ encrypt_session_key(key, server)
         while (ep->type) {
                 if (ep->session)
                         (*ep->session)(key, server);
         while (ep->type) {
                 if (ep->session)
                         (*ep->session)(key, server);
-               if (!encrypt_output && autoencrypt && !server)
-                       encrypt_start_output(ep->type);
-               if (!decrypt_input && autodecrypt && !server)
-                       encrypt_send_request_start();
                 ++ep;
         }
  }
                 ++ep;
         }
  }
@@ -593,20 +679,122 @@ encrypt_request_end()
   * can. 
   */
         void
   * can. 
   */
         void
-encrypt_request_start()
+encrypt_request_start(data, cnt)
+       unsigned char *data;
+       int cnt;
  {
  {
-       if (!encrypt_mode && Server) {
-               autoencrypt = 1;
+       if (encrypt_mode == 0)  {
+               if (Server)
+                       autoencrypt = 1;
                 return;
         }
         encrypt_start_output(encrypt_mode);
  }
  
                 return;
         }
         encrypt_start_output(encrypt_mode);
  }
  
+static unsigned char str_keyid[(MAXKEYLEN*2)+5] = { IAC, SB, TELOPT_ENCRYPT };
+
+encrypt_enc_keyid(keyid, len)
+       unsigned char *keyid;
+       int len;
+{
+       encrypt_keyid(&ki[1], keyid, len);
+}
+
+encrypt_dec_keyid(keyid, len)
+       unsigned char *keyid;
+       int len;
+{
+       encrypt_keyid(&ki[0], keyid, len);
+}
+
+encrypt_keyid(kp, keyid, len)
+       struct key_info *kp;
+       unsigned char *keyid;
+       int len;
+{
+       Encryptions *ep;
+       unsigned char *strp, *cp;
+       int dir = kp->dir;
+       register int ret = 0;
+
+       if (!(ep = (*kp->getcrypt)(*kp->modep))) {
+               if (len == 0)
+                       return;
+               kp->keylen = 0;
+       } else if (len == 0) {
+               /*
+                * Empty option, indicates a failure.
+                */
+               if (kp->keylen == 0)
+                       return;
+               kp->keylen = 0;
+               if (ep->keyid)
+                       (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
+
+       } else if ((len != kp->keylen) || (bcmp(keyid, kp->keyid, len) != 0)) {
+               /*
+                * Length or contents are different
+                */
+               kp->keylen = len;
+               bcopy(keyid, kp->keyid, len);
+               if (ep->keyid)
+                       (void)(*ep->keyid)(dir, kp->keyid, &kp->keylen);
+       } else {
+               if (ep->keyid)
+                       ret = (*ep->keyid)(dir, kp->keyid, &kp->keylen);
+               if ((ret == 0) && (dir == DIR_ENCRYPT) && autoencrypt)
+                       encrypt_start_output(*kp->modep);
+               return;
+       }
+
+       encrypt_send_keyid(dir, kp->keyid, kp->keylen, 0);
+}
+
         void
         void
-encrypt_auto()
+encrypt_send_keyid(dir, keyid, keylen, saveit)
+       int dir;
+       unsigned char *keyid;
+       int keylen;
+       int saveit;
+{
+       unsigned char *strp;
+
+       str_keyid[3] = (dir == DIR_ENCRYPT)
+                       ? ENCRYPT_ENC_KEYID : ENCRYPT_DEC_KEYID;
+       if (saveit) {
+               struct key_info *kp = &ki[(dir == DIR_ENCRYPT) ? 0 : 1];
+               bcopy(keyid, kp->keyid, keylen);
+               kp->keylen = keylen;
+       }
+
+       for (strp = &str_keyid[4]; keylen > 0; --keylen) {
+               if ((*strp++ = *keyid++) == IAC)
+                       *strp++ = IAC;
+       }
+       *strp++ = IAC;
+       *strp++ = SE;
+       net_write(str_keyid, strp - str_keyid);
+       printsub('>', &str_keyid[2], strp - str_keyid - 2);
+}
+
+       void
+encrypt_auto(on)
+       int on;
+{
+       if (on < 0)
+               autoencrypt ^= 1;
+       else
+               autoencrypt = on ? 1 : 0;
+}
+
+       void
+decrypt_auto(on)
+       int on;
  {
  {
-       autoencrypt = 1;
-       autodecrypt = 1;
+       if (on < 0)
+               autodecrypt ^= 1;
+       else
+               autodecrypt = on ? 1 : 0;
  }
  
         void
  }
  
         void
@@ -614,36 +802,42 @@ encrypt_start_output(type)
         int type;
  {
         Encryptions *ep;
         int type;
  {
         Encryptions *ep;
-       register int ret;
+       register unsigned char *p;
+       register int i;
  
         if (!(ep = findencryption(type))) {
                 if (encrypt_debug_mode) {
  
         if (!(ep = findencryption(type))) {
                 if (encrypt_debug_mode) {
-                       printf(">>>%s: Marking type %s for later encryption use\r\n",
+                       printf(">>>%s: Can't encrypt with type %s (%d)\r\n",
                                 Name,
                                 Name,
-                               ENCTYPE_NAME(type));
+                               ENCTYPE_NAME_OK(type)
+                                       ? ENCTYPE_NAME(type) : "(unknown)",
+                               type);
                 }
                 }
-               encrypt_mark |= typemask(type);
                 return;
         }
         if (ep->start) {
                 return;
         }
         if (ep->start) {
-               ret = (*ep->start)(DIR_ENCRYPT, Server);
-               if (ret) {
-                       if (encrypt_debug_mode) {
-                               if (ret < 0)
-                                       printf(">>>%s: Start failed for %s\r\n",
-                                               Name, ENCTYPE_NAME(type));
-                               else
-                                       printf(">>>%s: Start: initial negotiation in progress%s\r\n",
-                                               Name, ENCTYPE_NAME(type));
-                       }
-
-                       return;
+               i = (*ep->start)(DIR_ENCRYPT, Server);
+               if (encrypt_debug_mode) {
+                       printf(">>>%s: Encrypt start: %s (%d) %s\r\n",
+                               Name, 
+                               (i < 0) ? "failed" :
+                                       "initial negotiation in progress",
+                               i, ENCTYPE_NAME(type));
                 }
                 }
+               if (i)
+                       return;
+       }
+       p = str_start + 3;
+       *p++ = ENCRYPT_START;
+       for (i = 0; i < ki[0].keylen; ++i) {
+               if ((*p++ = ki[0].keyid[i]) == IAC)
+                       *p++ = IAC;
         }
         }
-       str_start[3] = ENCRYPT_START;
-       net_write(str_start, sizeof(str_start));
+       *p++ = IAC;
+       *p++ = SE;
+       net_write(str_start, p - str_start);
         net_encrypt();
         net_encrypt();
-       printsub('>', &str_start[2], sizeof(str_start) - 2);
+       printsub('>', &str_start[2], p - &str_start[2]);
         /*
          * If we are already encrypting in some mode, then
          * encrypt the ring (which includes our request) in
         /*
          * If we are already encrypting in some mode, then
          * encrypt the ring (which includes our request) in
@@ -684,32 +878,19 @@ encrypt_send_end()
         void
  encrypt_send_request_start()
  {
         void
  encrypt_send_request_start()
  {
-#ifdef notdef
-       Encryptions *ep;
-
-       if (!(ep = findencryption(type))) {
-               if (encrypt_debug_mode) {
-                       printf(">>>%s: Marking type %s for later decryption use\r\n",
-                               Name,
-                               ENCTYPE_NAME(type));
-               }
-               decrypt_mark |= typemask(type);
-               return;
-       }
+       register unsigned char *p;
+       register int i;
  
  
-       if (ep->start && (*ep->start)(DIR_DECRYPT, Server)) {
-               if (encrypt_debug_mode) {
-                       printf(">>>%s: Request failed for %s\r\n",
-                               Name,
-                               ENCTYPE_NAME(type));
-               }
-               return;
+       p = &str_start[3];
+       *p++ = ENCRYPT_REQSTART;
+       for (i = 0; i < ki[1].keylen; ++i) {
+               if ((*p++ = ki[1].keyid[i]) == IAC)
+                       *p++ = IAC;
         }
         }
-#endif
-
-       str_start[3] = ENCRYPT_REQSTART;
-       net_write(str_start, sizeof(str_start));
-       printsub('>', &str_start[2], sizeof(str_start) - 2);
+       *p++ = IAC;
+       *p++ = SE;
+       net_write(str_start, p - str_start);
+       printsub('>', &str_start[2], p - &str_start[2]);
         if (encrypt_debug_mode)
                 printf(">>>%s: Request input to be encrypted\r\n", Name);
  }
         if (encrypt_debug_mode)
                 printf(">>>%s: Request input to be encrypted\r\n", Name);
  }
@@ -731,7 +912,7 @@ encrypt_wait()
         register int encrypt, decrypt;
         if (encrypt_debug_mode)
                 printf(">>>%s: in encrypt_wait\r\n", Name);
         register int encrypt, decrypt;
         if (encrypt_debug_mode)
                 printf(">>>%s: in encrypt_wait\r\n", Name);
-       if (!havesessionkey || !(i_support_encrypt & remote_supports_decrypt))
+       if (!havesessionkey || !(I_SUPPORT_ENCRYPT & remote_supports_decrypt))
                 return;
         while (autoencrypt && !encrypt_output)
                 if (telnet_spin())
                 return;
         while (autoencrypt && !encrypt_output)
                 if (telnet_spin())
diff --git a/usr/src/lib/libtelnet/encrypt.h b/usr/src/lib/libtelnet/encrypt.h

index 3a6dccf..8d13c42 100644 (file)
--- a/usr/src/lib/libtelnet/encrypt.h
+++ b/usr/src/lib/libtelnet/encrypt.h
@@ -4,7 +4,7 @@
   *
   * %sccs.include.redist.c%
   *
   *
   * %sccs.include.redist.c%
   *
- *     @(#)encrypt.h   5.1 (Berkeley) %G%
+ *     @(#)encrypt.h   5.2 (Berkeley) %G%
   */
  
  /*
   */
  
  /*
@@ -66,6 +66,7 @@ typedef struct {
         int     (*is) P((unsigned char *, int));
         int     (*reply) P((unsigned char *, int));
         void    (*session) P((Session_Key *, int));
         int     (*is) P((unsigned char *, int));
         int     (*reply) P((unsigned char *, int));
         void    (*session) P((Session_Key *, int));
+       int     (*keyid) P((int, unsigned char *, int *));
         void    (*printsub) P((unsigned char *, int, unsigned char *, int));
  } Encryptions;
  
         void    (*printsub) P((unsigned char *, int, unsigned char *, int));
  } Encryptions;
  
diff --git a/usr/src/lib/libtelnet/kerberos.c b/usr/src/lib/libtelnet/kerberos.c

index 02c3b84..24967f6 100644 (file)
--- a/usr/src/lib/libtelnet/kerberos.c
+++ b/usr/src/lib/libtelnet/kerberos.c
@@ -6,7 +6,7 @@
   */
  
  #ifndef lint
   */
  
  #ifndef lint
-static char sccsid[] = "@(#)kerberos.c 5.1 (Berkeley) %G%";
+static char sccsid[] = "@(#)kerberos.c 5.2 (Berkeley) %G%";
  #endif /* not lint */
  
  /*
  #endif /* not lint */
  
  /*
@@ -68,12 +68,14 @@ extern auth_debug_mode;
  
  static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
                                         AUTHTYPE_KERBEROS_V4, };
  
  static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
                                         AUTHTYPE_KERBEROS_V4, };
+static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
+                                       TELQUAL_NAME, };
  
  #define        KRB_AUTH        0               /* Authentication data follows */
  #define        KRB_REJECT      1               /* Rejected (reason might follow) */
  
  #define        KRB_AUTH        0               /* Authentication data follows */
  #define        KRB_REJECT      1               /* Rejected (reason might follow) */
-#define        KRB_ACCEPT      2               /* Accepted (name might follow) */
-#define        KRB_NEWKEY      3               /* A new session key follows */
-#define        KRB_NAME        4               /* Name to authenticate for */
+#define        KRB_ACCEPT      2               /* Accepted */
+#define        KRB_CHALLANGE   3               /* Challange for mutual auth. */
+#define        KRB_RESPONSE    4               /* Response for mutual auth. */
  
  static KTEXT_ST auth;
  static char name[ANAME_SZ];
  
  static KTEXT_ST auth;
  static char name[ANAME_SZ];
@@ -81,14 +83,17 @@ static      AUTH_DAT adat = { 0 };
  #if    defined(ENCRYPT)
  static Block   session_key     = { 0 };
  #endif
  #if    defined(ENCRYPT)
  static Block   session_key     = { 0 };
  #endif
+static Schedule sched;
+static Block   challange       = { 0 };
  
         static int
  
         static int
-Data(type, d, c)
+Data(ap, type, d, c)
+       Authenticator *ap;
         int type;
         void *d;
         int c;
  {
         int type;
         void *d;
         int c;
  {
-        unsigned char *p = str_data + 6;
+        unsigned char *p = str_data + 4;
         unsigned char *cd = (unsigned char *)d;
  
         if (c == -1)
         unsigned char *cd = (unsigned char *)d;
  
         if (c == -1)
@@ -102,6 +107,8 @@ Data(type, d, c)
                  printd(d, c);
                  printf("\r\n");
          }
                  printd(d, c);
                  printf("\r\n");
          }
+       *p++ = ap->type;
+       *p++ = ap->way;
         *p++ = type;
          while (c-- > 0) {
                  if ((*p++ = *cd++) == IAC)
         *p++ = type;
          while (c-- > 0) {
                  if ((*p++ = *cd++) == IAC)
@@ -123,8 +130,6 @@ kerberos4_init(ap, server)
                 str_data[3] = TELQUAL_REPLY;
         else
                 str_data[3] = TELQUAL_IS;
                 str_data[3] = TELQUAL_REPLY;
         else
                 str_data[3] = TELQUAL_IS;
-       str_data[4] = ap->type;
-       str_data[5] = ap->way;
         return(1);
  }
  
         return(1);
  }
  
@@ -142,9 +147,6 @@ kerberos4_send(ap)
         char *krb_realmofhost();
         char *krb_get_phost();
         CREDENTIALS cred;
         char *krb_realmofhost();
         char *krb_get_phost();
         CREDENTIALS cred;
-#if    defined(ENCRYPT)
-       Schedule krb_sched;
-#endif
         int r;
         
         if (!UserNameRequested) {
         int r;
         
         if (!UserNameRequested) {
@@ -178,25 +180,42 @@ kerberos4_send(ap)
                 }
                 return(0);
         }
                 }
                 return(0);
         }
-       if (!Data(KRB_NAME, (void *)UserNameRequested, -1)) {
+       if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
                 if (auth_debug_mode)
                         printf("Not enough room for user name\r\n");
                 return(0);
         }
         if (auth_debug_mode)
                 printf("Sent %d bytes of authentication data\r\n", auth.length);
                 if (auth_debug_mode)
                         printf("Not enough room for user name\r\n");
                 return(0);
         }
         if (auth_debug_mode)
                 printf("Sent %d bytes of authentication data\r\n", auth.length);
-       if (!Data(KRB_AUTH, (void *)auth.dat, auth.length)) {
+       if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) {
                 if (auth_debug_mode)
                         printf("Not enough room for authentication data\r\n");
                 return(0);
         }
                 if (auth_debug_mode)
                         printf("Not enough room for authentication data\r\n");
                 return(0);
         }
-#if    defined(ENCRYPT)
-       des_key_sched(cred.session, krb_sched);
-       des_set_random_generator_seed(cred.session);
-       des_new_random_key(session_key);
-       des_ecb_encrypt(session_key, enckey, krb_sched, 1);
-       Data(KRB_NEWKEY, (void *)enckey, sizeof(enckey));
-#endif
+       /*
+        * If we are doing mutual authentication, get set up to send
+        * the challange, and verify it when the response comes back.
+        */
+       if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+               register int i;
+
+               des_key_sched(cred.session, sched);
+               des_set_random_generator_seed(cred.session);
+               des_new_random_key(challange);
+               des_ecb_encrypt(challange, session_key, sched, 1);
+               /*
+                * Increment the challange by 1, and encrypt it for
+                * later comparison.
+                */
+               for (i = 7; i >= 0; --i) {
+                       register int x;
+                       x = (unsigned int)challange[i] + 1;
+                       challange[i] = x;       /* ignore overflow */
+                       if (x < 256)            /* if no overflow, all done */
+                               break;
+               }
+               des_ecb_encrypt(challange, challange, sched, 1);
+       }
         
         if (auth_debug_mode) {
                 printf("CK: %d:", cksum(auth.dat, auth.length));
         
         if (auth_debug_mode) {
                 printf("CK: %d:", cksum(auth.dat, auth.length));
@@ -217,25 +236,14 @@ kerberos4_is(ap, data, cnt)
         Block datablock;
         char realm[REALM_SZ];
         char instance[INST_SZ];
         Block datablock;
         char realm[REALM_SZ];
         char instance[INST_SZ];
-       Schedule sched;
         int r;
  
         if (cnt-- < 1)
                 return;
         switch (*data++) {
         int r;
  
         if (cnt-- < 1)
                 return;
         switch (*data++) {
-       case KRB_NAME: {
-               char user[256];
-
-               if (cnt > 255)
-                       cnt = 255;
-               strncpy(user, (char *)data, cnt);
-               user[cnt] = 0;
-               auth_encrypt_user(user);
-               return;
-           }
         case KRB_AUTH:
                 if (krb_get_lrealm(realm, 1) != KSUCCESS) {
         case KRB_AUTH:
                 if (krb_get_lrealm(realm, 1) != KSUCCESS) {
-                       Data(KRB_REJECT, (void *)"No local V4 Realm.", -1);
+                       Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1);
                         auth_finished(ap, AUTH_REJECT);
                         if (auth_debug_mode)
                                 printf("No local realm\r\n");
                         auth_finished(ap, AUTH_REJECT);
                         if (auth_debug_mode)
                                 printf("No local realm\r\n");
@@ -252,36 +260,63 @@ kerberos4_is(ap, data, cnt)
                 if (r = krb_rd_req(&auth, "rcmd", instance, 0, &adat, "")) {
                         if (auth_debug_mode)
                                 printf("Kerberos failed him as %s\r\n", name);
                 if (r = krb_rd_req(&auth, "rcmd", instance, 0, &adat, "")) {
                         if (auth_debug_mode)
                                 printf("Kerberos failed him as %s\r\n", name);
-                       Data(KRB_REJECT, (void *)krb_err_txt[r], -1);
+                       Data(ap, KRB_REJECT, (void *)krb_err_txt[r], -1);
                         auth_finished(ap, AUTH_REJECT);
                         return;
                 }
                 bcopy((void *)adat.session, (void *)session_key, sizeof(Block));
                 krb_kntoln(&adat, name);
                         auth_finished(ap, AUTH_REJECT);
                         return;
                 }
                 bcopy((void *)adat.session, (void *)session_key, sizeof(Block));
                 krb_kntoln(&adat, name);
-               Data(KRB_ACCEPT, (void *)name, -1);
+               Data(ap, KRB_ACCEPT, (void *)0, 0);
                 auth_finished(ap, AUTH_USER);
                 if (auth_debug_mode) {
                         printf("Kerberos accepting him as %s\r\n", name);
                 }
                 auth_finished(ap, AUTH_USER);
                 if (auth_debug_mode) {
                         printf("Kerberos accepting him as %s\r\n", name);
                 }
-               return;
-       case KRB_NEWKEY:
-#if    defined(ENCRYPT)
-               if (VALIDKEY(session_key)) {
-                       des_key_sched(session_key, sched);
-                       bcopy((void *)data, (void *)datablock, sizeof(Block));
-                       des_ecb_encrypt(datablock, session_key, sched, 0);
-                       skey.type = SK_DES;
-                       skey.length = 8;
-                       skey.data = session_key;
-                       encrypt_session_key(&skey, 1);
+               break;
+
+       case KRB_CHALLANGE:
+               if (!VALIDKEY(session_key)) {
+                       /*
+                        * We don't have a valid session key, so just
+                        * send back a response with an empty session
+                        * key.
+                        */
+                       Data(ap, KRB_RESPONSE, (void *)0, 0);
+                       break;
                 }
                 }
-#endif
-               return;
+
+               des_key_sched(session_key, sched);
+               bcopy((void *)data, (void *)datablock, sizeof(Block));
+               /*
+                * Take the received encrypted challange, and encrypt
+                * it again to get a unique session_key for the
+                * ENCRYPT option.
+                */
+               des_ecb_encrypt(datablock, session_key, sched, 1);
+               skey.type = SK_DES;
+               skey.length = 8;
+               skey.data = session_key;
+               encrypt_session_key(&skey, 1);
+               /*
+                * Now decrypt the received encrypted challange,
+                * increment by one, re-encrypt it and send it back.
+                */
+               des_ecb_encrypt(datablock, challange, sched, 0);
+               for (r = 7; r >= 0; r++) {
+                       register int t;
+                       t = (unsigned int)challange[r] + 1;
+                       challange[r] = t;       /* ignore overflow */
+                       if (t < 256)            /* if no overflow, all done */
+                               break;
+               }
+               des_ecb_encrypt(challange, challange, sched, 1);
+               Data(ap, KRB_RESPONSE, (void *)challange, sizeof(challange));
+               break;
+
         default:
                 if (auth_debug_mode)
                         printf("Unknown Kerberos option %d\r\n", data[-1]);
         default:
                 if (auth_debug_mode)
                         printf("Unknown Kerberos option %d\r\n", data[-1]);
-               Data(KRB_REJECT, 0, 0);
-               return;
+               Data(ap, KRB_REJECT, 0, 0);
+               break;
         }
  }
  
         }
  }
  
@@ -305,18 +340,39 @@ kerberos4_reply(ap, data, cnt)
                 auth_send_retry();
                 return;
         case KRB_ACCEPT:
                 auth_send_retry();
                 return;
         case KRB_ACCEPT:
-               if (cnt > 0) {
-                       printf("[ Kerberos V4 accepts you as %.*s ]\n", cnt, data);
-               } else
-                       printf("[ Kerberos V4 accepts you ]\n", cnt, data);
+               printf("[ Kerberos V4 accepts you ]\n");
+               if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+                       /*
+                        * Send over the encrypted challange.
+                        */
+                       Data(ap, KRB_CHALLANGE, (void *)session_key,
+                                               sizeof(session_key));
  #if    defined(ENCRYPT)
  #if    defined(ENCRYPT)
-               skey.type = SK_DES;
-               skey.length = 8;
-               skey.data = session_key;
-               encrypt_session_key(&skey, 0);
+                       des_ecb_encrypt(session_key, session_key, sched, 1);
+                       skey.type = SK_DES;
+                       skey.length = 8;
+                       skey.data = session_key;
+                       encrypt_session_key(&skey, 0);
  #endif
  #endif
+                       return;
+               }
                 auth_finished(ap, AUTH_USER);
                 return;
                 auth_finished(ap, AUTH_USER);
                 return;
+       case KRB_RESPONSE:
+               /*
+                * Verify that the response to the challange is correct.
+                */
+               if ((cnt != sizeof(Block)) ||
+                   (0 != memcmp((void *)data, (void *)challange,
+                                               sizeof(challange))))
+               {
+                       printf("[ Kerberos V4 challange failed!!! ]\r\n");
+                       auth_send_retry();
+                       return;
+               }
+               printf("[ Kerberos V4 challange successful ]\r\n");
+               auth_finished(ap, AUTH_USER);
+               break;
         default:
                 if (auth_debug_mode)
                         printf("Unknown Kerberos option %d\r\n", data[-1]);
         default:
                 if (auth_debug_mode)
                         printf("Unknown Kerberos option %d\r\n", data[-1]);
@@ -355,10 +411,6 @@ kerberos4_printsub(data, cnt, buf, buflen)
         buflen -= 1;
  
         switch(data[3]) {
         buflen -= 1;
  
         switch(data[3]) {
-       case KRB_NAME:                  /* Name to authenticate for */
-               strncpy((char *)buf, " NAME ", buflen);
-               goto common;
-
         case KRB_REJECT:                /* Rejected (reason might follow) */
                 strncpy((char *)buf, " REJECT ", buflen);
                 goto common;
         case KRB_REJECT:                /* Rejected (reason might follow) */
                 strncpy((char *)buf, " REJECT ", buflen);
                 goto common;
@@ -380,8 +432,12 @@ kerberos4_printsub(data, cnt, buf, buflen)
                 strncpy((char *)buf, " AUTH", buflen);
                 goto common2;
  
                 strncpy((char *)buf, " AUTH", buflen);
                 goto common2;
  
-       case KRB_NEWKEY:                /* A new session key follows */
-               strncpy((char *)buf, " NEWKEY", buflen);
+       case KRB_CHALLANGE:
+               strncpy((char *)buf, " CHALLANGE", buflen);
+               goto common2;
+
+       case KRB_RESPONSE:
+               strncpy((char *)buf, " RESPONSE", buflen);
                 goto common2;
  
         default:
                 goto common2;
  
         default:
diff --git a/usr/src/lib/libtelnet/kerberos5.c b/usr/src/lib/libtelnet/kerberos5.c

index 6261988..bc39750 100644 (file)
--- a/usr/src/lib/libtelnet/kerberos5.c
+++ b/usr/src/lib/libtelnet/kerberos5.c
@@ -6,7 +6,7 @@
   */
  
  #ifndef lint
   */
  
  #ifndef lint
-static char sccsid[] = "@(#)kerberos5.c        5.1 (Berkeley) %G%";
+static char sccsid[] = "@(#)kerberos5.c        5.2 (Berkeley) %G%";
  #endif /* not lint */
  
  /*
  #endif /* not lint */
  
  /*
@@ -58,12 +58,14 @@ char *malloc();
  
  static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
                                         AUTHTYPE_KERBEROS_V5, };
  
  static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
                                         AUTHTYPE_KERBEROS_V5, };
+static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
+                                       TELQUAL_NAME, };
  
  #define        KRB_AUTH        0               /* Authentication data follows */
  #define        KRB_REJECT      1               /* Rejected (reason might follow) */
  
  #define        KRB_AUTH        0               /* Authentication data follows */
  #define        KRB_REJECT      1               /* Rejected (reason might follow) */
-#define        KRB_ACCEPT      2               /* Accepted (name might follow) */
-#define        KRB_NEWKEY      3               /* New key to use */
-#define KRB_NAME        4               /* Name to authenticate for */
+#define        KRB_ACCEPT      2               /* Accepted */
+#define        KRB_CHALLANGE   3               /* Challange for mutual auth. */
+#define        KRB_RESPONSE    4               /* Response for mutual auth. */
  
  static krb5_data auth;
         /* telnetd gets session key from here */
  
  static krb5_data auth;
         /* telnetd gets session key from here */
@@ -72,18 +74,21 @@ static      krb5_tkt_authent *authdat = NULL;
  #if    defined(ENCRYPT)
  Block  session_key;
  #endif
  #if    defined(ENCRYPT)
  Block  session_key;
  #endif
+static Schedule sched;
+static Block   challange;
  
         static int
  
         static int
-Data(type, d, c)
+Data(ap, type, d, c)
+       Authenticator *ap;
         int type;
         void *d;
         int c;
  {
         int type;
         void *d;
         int c;
  {
-        unsigned char *p = str_data + 6;
+        unsigned char *p = str_data + 4;
         unsigned char *cd = (unsigned char *)d;
  
         if (c == -1)
         unsigned char *cd = (unsigned char *)d;
  
         if (c == -1)
-               c = strlen(d);
+               c = strlen((char *)cd);
  
          if (auth_debug_mode) {
                  printf("%s:%d: [%d] (%d)",
  
          if (auth_debug_mode) {
                  printf("%s:%d: [%d] (%d)",
@@ -93,6 +98,8 @@ Data(type, d, c)
                  printd(d, c);
                  printf("\r\n");
          }
                  printd(d, c);
                  printf("\r\n");
          }
+       *p++ = ap->type;
+       *p++ = ap->way;
         *p++ = type;
          while (c-- > 0) {
                  if ((*p++ = *cd++) == IAC)
         *p++ = type;
          while (c-- > 0) {
                  if ((*p++ = *cd++) == IAC)
@@ -114,8 +121,6 @@ kerberos5_init(ap, server)
                 str_data[3] = TELQUAL_REPLY;
         else
                 str_data[3] = TELQUAL_IS;
                 str_data[3] = TELQUAL_REPLY;
         else
                 str_data[3] = TELQUAL_IS;
-       str_data[4] = ap->type;
-       str_data[5] = ap->way;
          krb5_init_ets();
         return(1);
  }
          krb5_init_ets();
         return(1);
  }
@@ -224,28 +229,42 @@ kerberos5_send(ap)
                 return(0);
         }
  
                 return(0);
         }
  
-        if (!Data(KRB_NAME, (void *)UserNameRequested, -1)) {
+        if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
                  if (auth_debug_mode)
                          printf("Not enough room for user name\r\n");
                  return(0);
          }
                  if (auth_debug_mode)
                          printf("Not enough room for user name\r\n");
                  return(0);
          }
-       if (!Data(KRB_AUTH, auth.data, auth.length)) {
+       if (!Data(ap, KRB_AUTH, auth.data, auth.length)) {
                 if (auth_debug_mode)
                         printf("Not enough room for authentication data\r\n");
                 return(0);
         }
                 if (auth_debug_mode)
                         printf("Not enough room for authentication data\r\n");
                 return(0);
         }
-#if     defined(ENCRYPT)
-       if (creds.keyblock.keytype == KEYTYPE_DES) {
-               Schedule krb_sched;
-               Block enckey;
-
-               des_key_sched(creds.keyblock.contents, krb_sched);
+       /*
+        * If we are doing mutual authentication, get set up to send
+        * the challange, and verify it when the response comes back.
+        */
+       if (((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
+           && (creds.keyblock.keytype == KEYTYPE_DES)) {
+               register int i;
+
+               des_key_sched(creds.keyblock.contents, sched);
                 des_set_random_generator_seed(creds.keyblock.contents);
                 des_set_random_generator_seed(creds.keyblock.contents);
-               des_new_random_key(session_key);
-               des_ecb_encrypt(session_key, enckey, krb_sched, 1);
-               Data(KRB_NEWKEY, (void *)enckey, sizeof(enckey));
+               des_new_random_key(challange);
+               des_ecb_encrypt(challange, session_key, sched, 1);
+               /*
+                * Increment the challange by 1, and encrypt it for
+                * later comparison.
+                */
+               for (i = 7; i >= 0; --i) {
+                       register int x;
+                       x = (unsigned int)challange[i] + 1;
+                       challange[i] = x;       /* ignore overflow */
+                       if (x < 256)            /* if no overflow, all done */
+                               break;
+               }
+               des_ecb_encrypt(challange, challange, sched, 1);
         }
         }
-#endif
+       
         if (auth_debug_mode) {
                 printf("Sent Kerberos V5 credentials to server\r\n");
         }
         if (auth_debug_mode) {
                 printf("Sent Kerberos V5 credentials to server\r\n");
         }
@@ -264,7 +283,6 @@ kerberos5_is(ap, data, cnt)
         static char *realm = NULL;
         krb5_data *server[4];
         krb5_data srvdata[3];
         static char *realm = NULL;
         krb5_data *server[4];
         krb5_data srvdata[3];
-        Schedule sched;
          Session_Key skey;
         char *name;
         char *getenv();
          Session_Key skey;
         char *name;
         char *getenv();
@@ -272,16 +290,6 @@ kerberos5_is(ap, data, cnt)
         if (cnt-- < 1)
                 return;
         switch (*data++) {
         if (cnt-- < 1)
                 return;
         switch (*data++) {
-        case KRB_NAME: {
-                char user[256];
-
-                if (cnt > 255)
-                        cnt = 255;
-                strncpy(user, data, cnt);
-                user[cnt] = 0;
-                auth_encrypt_user(user);
-                return;
-            }
         case KRB_AUTH:
                 auth.data = (char *)data;
                 auth.length = cnt;
         case KRB_AUTH:
                 auth.data = (char *)data;
                 auth.length = cnt;
@@ -289,7 +297,7 @@ kerberos5_is(ap, data, cnt)
                 if (!(hp = gethostbyname(LocalHostName))) {
                         if (auth_debug_mode)
                                 printf("Cannot resolve local host name\r\n");
                 if (!(hp = gethostbyname(LocalHostName))) {
                         if (auth_debug_mode)
                                 printf("Cannot resolve local host name\r\n");
-                       Data(KRB_REJECT, "Unknown local hostname.", -1);
+                       Data(ap, KRB_REJECT, "Unknown local hostname.", -1);
                         auth_finished(ap, AUTH_REJECT);
                         return;
                 }
                         auth_finished(ap, AUTH_REJECT);
                         return;
                 }
@@ -297,7 +305,7 @@ kerberos5_is(ap, data, cnt)
                 if (!realm && (krb5_get_default_realm(&realm))) {
                         if (auth_debug_mode)
                                 printf("Could not get defualt realm\r\n");
                 if (!realm && (krb5_get_default_realm(&realm))) {
                         if (auth_debug_mode)
                                 printf("Could not get defualt realm\r\n");
-                       Data(KRB_REJECT, "Could not get default realm.", -1);
+                       Data(ap, KRB_REJECT, "Could not get default realm.", -1);
                         auth_finished(ap, AUTH_REJECT);
                         return;
                 }
                         auth_finished(ap, AUTH_REJECT);
                         return;
                 }
@@ -305,7 +313,7 @@ kerberos5_is(ap, data, cnt)
                 if ((name = malloc(strlen(hp->h_name)+1)) == NULL) {
                         if (auth_debug_mode)
                                 printf("Out of memory for hostname in Kerberos V5\r\n");
                 if ((name = malloc(strlen(hp->h_name)+1)) == NULL) {
                         if (auth_debug_mode)
                                 printf("Out of memory for hostname in Kerberos V5\r\n");
-                       Data(KRB_REJECT, "Out of memory.", -1);
+                       Data(ap, KRB_REJECT, "Out of memory.", -1);
                         auth_finished(ap, AUTH_REJECT);
                         return;
                 }
                         auth_finished(ap, AUTH_REJECT);
                         return;
                 }
@@ -339,7 +347,7 @@ kerberos5_is(ap, data, cnt)
                         authdat = 0;
                         (void) strcpy(errbuf, "Read req failed: ");
                         (void) strcat(errbuf, error_message(r));
                         authdat = 0;
                         (void) strcpy(errbuf, "Read req failed: ");
                         (void) strcat(errbuf, error_message(r));
-                       Data(KRB_REJECT, errbuf, -1);
+                       Data(ap, KRB_REJECT, errbuf, -1);
                         if (auth_debug_mode)
                                 printf("%s\r\n", errbuf);
                         return;
                         if (auth_debug_mode)
                                 printf("%s\r\n", errbuf);
                         return;
@@ -348,33 +356,62 @@ kerberos5_is(ap, data, cnt)
                 if (krb5_unparse_name(authdat->ticket->enc_part2 ->client,
                                                                         &name))
                         name = 0;
                 if (krb5_unparse_name(authdat->ticket->enc_part2 ->client,
                                                                         &name))
                         name = 0;
-               Data(KRB_ACCEPT, name, name ? -1 : 0);
+               Data(ap, KRB_ACCEPT, name, name ? -1 : 0);
                 if (auth_debug_mode) {
                         printf("Kerberos5 accepting him as ``%s''\r\n",
                                                         name ? name : "");
                 }
                  auth_finished(ap, AUTH_USER);
                 if (auth_debug_mode) {
                         printf("Kerberos5 accepting him as ``%s''\r\n",
                                                         name ? name : "");
                 }
                  auth_finished(ap, AUTH_USER);
-                return;
-        case KRB_NEWKEY:
-#if     defined(ENCRYPT)
-               if (authdat && authdat->ticket->enc_part2->session->keytype
-                               == KEYTYPE_DES)
-               {
-                       des_key_sched(authdat->ticket->enc_part2->session
-                                                       ->contents, sched);
-                       des_ecb_encrypt(data, session_key, sched, 0);
-                       skey.type = SK_DES;
-                       skey.length = 8;
-                       skey.data = session_key;
-                       encrypt_session_key(&skey, 1);
+               if (authdat->ticket->enc_part2->session->keytype != KEYTYPE_DES)
+                       break;
+               bcopy((void *)authdat->ticket->enc_part2->session->contents,
+                     (void *)session_key, sizeof(Block));
+               break;
+
+       case KRB_CHALLANGE:
+               if (!VALIDKEY(session_key)) {
+                       /*
+                        * We don't have a valid session key, so just
+                        * send back a response with an empty session
+                        * key.
+                        */
+                       Data(ap, KRB_RESPONSE, (void *)0, 0);
+                       break;
                 }
                 }
-#endif
-                return;
+
+               des_key_sched(session_key, sched);
+               bcopy((void *)data, (void *)datablock, sizeof(Block));
+               /*
+                * Take the received encrypted challange, and encrypt
+                * it again to get a unique session_key for the
+                * ENCRYPT option.
+                */
+               des_ecb_encrypt(datablock, session_key, sched, 1);
+               skey.type = SK_DES;
+               skey.length = 8;
+               skey.data = session_key;
+               encrypt_session_key(&skey, 1);
+               /*
+                * Now decrypt the received encrypted challange,
+                * increment by one, re-encrypt it and send it back.
+                */
+               des_ecb_encrypt(datablock, challange, sched, 0);
+               for (r = 7; r >= 0; r++) {
+                       register int t;
+                       t = (unsigned int)challange[r] + 1;
+                       challange[r] = t;       /* ignore overflow */
+                       if (t < 256)            /* if no overflow, all done */
+                               break;
+               }
+               des_ecb_encrypt(challange, challange, sched, 1);
+               Data(ap, KRB_RESPONSE, (void *)challange, sizeof(challange));
+               break;
+
         default:
                 if (auth_debug_mode)
                         printf("Unknown Kerberos option %d\r\n", data[-1]);
         default:
                 if (auth_debug_mode)
                         printf("Unknown Kerberos option %d\r\n", data[-1]);
-               Data(KRB_REJECT, 0, 0);
-               return;
+               Data(ap, KRB_REJECT, 0, 0);
+               break;
         }
  }
  
         }
  }
  
@@ -398,18 +435,39 @@ kerberos5_reply(ap, data, cnt)
                 auth_send_retry();
                 return;
         case KRB_ACCEPT:
                 auth_send_retry();
                 return;
         case KRB_ACCEPT:
-               if (cnt > 0) {
-                       printf("[ Kerberos V5 accepts you as %.*s ]\n", cnt, data);
-               } else
-                       printf("[ Kerberos V5 accepts you ]\n", cnt, data);
+               printf("[ Kerberos V5 accepts you ]\n", cnt, data);
+               if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+                       /*
+                        * Send over the encrypted challange.
+                        */
+                       Data(ap, KRB_CHALLANGE, (void *)session_key,
+                                               sizeof(session_key));
  #if    defined(ENCRYPT)
  #if    defined(ENCRYPT)
-                skey.type = SK_DES;
-                skey.length = 8;
-                skey.data = session_key;
-                encrypt_session_key(&skey, 0);
+                       des_ecb_encrypt(session_key, session_key, sched, 1);
+                       skey.type = SK_DES;
+                       skey.length = 8;
+                       skey.data = session_key;
+                       encrypt_session_key(&skey, 0);
  #endif
  #endif
-                auth_finished(ap, AUTH_USER);
+                       return;
+               }
+               auth_finished(ap, AUTH_USER);
                 return;
                 return;
+       case KRB_RESPONSE:
+               /*
+                * Verify that the response to the challange is correct.
+                */
+               if ((cnt != sizeof(Block)) ||
+                   (0 != memcmp((void *)data, (void *)challange,
+                                               sizeof(challange))))
+               {
+                       printf("[ Kerberos V5 challange failed!!! ]\r\n");
+                       auth_send_retry();
+                       return;
+               }
+               printf("[ Kerberos V5 challange successful ]\r\n");
+               auth_finished(ap, AUTH_USER);
+               break;
         default:
                 if (auth_debug_mode)
                         printf("Unknown Kerberos option %d\r\n", data[-1]);
         default:
                 if (auth_debug_mode)
                         printf("Unknown Kerberos option %d\r\n", data[-1]);
@@ -450,16 +508,12 @@ kerberos5_printsub(data, cnt, buf, buflen)
         buflen -= 1;
  
         switch(data[3]) {
         buflen -= 1;
  
         switch(data[3]) {
-       case KRB_NAME:                  /* Name to authenticate for */
-               strncpy(buf, " NAME ", buflen);
-               goto common;
-
         case KRB_REJECT:                /* Rejected (reason might follow) */
         case KRB_REJECT:                /* Rejected (reason might follow) */
-               strncpy(buf, " REJECT ", buflen);
+               strncpy((char *)buf, " REJECT ", buflen);
                 goto common;
  
         case KRB_ACCEPT:                /* Accepted (name might follow) */
                 goto common;
  
         case KRB_ACCEPT:                /* Accepted (name might follow) */
-               strncpy(buf, " ACCEPT ", buflen);
+               strncpy((char *)buf, " ACCEPT ", buflen);
         common:
                 BUMP(buf, buflen);
                 if (cnt <= 4)
         common:
                 BUMP(buf, buflen);
                 if (cnt <= 4)
@@ -472,21 +526,25 @@ kerberos5_printsub(data, cnt, buf, buflen)
                 break;
  
         case KRB_AUTH:                  /* Authentication data follows */
                 break;
  
         case KRB_AUTH:                  /* Authentication data follows */
-               strncpy(buf, " AUTH", buflen);
+               strncpy((char *)buf, " AUTH", buflen);
+               goto common2;
+
+       case KRB_CHALLANGE:
+               strncpy((char *)buf, " CHALLANGE", buflen);
                 goto common2;
  
                 goto common2;
  
-       case KRB_NEWKEY:                /* A new session key follows */
-               strncpy(buf, " NEWKEY", buflen);
+       case KRB_RESPONSE:
+               strncpy((char *)buf, " RESPONSE", buflen);
                 goto common2;
  
         default:
                 sprintf(lbuf, " %d (unknown)", data[3]);
                 goto common2;
  
         default:
                 sprintf(lbuf, " %d (unknown)", data[3]);
-               strncpy(buf, lbuf, buflen);
+               strncpy((char *)buf, lbuf, buflen);
         common2:
                 BUMP(buf, buflen);
                 for (i = 4; i < cnt; i++) {
                         sprintf(lbuf, " %d", data[i]);
         common2:
                 BUMP(buf, buflen);
                 for (i = 4; i < cnt; i++) {
                         sprintf(lbuf, " %d", data[i]);
-                       strncpy(buf, lbuf, buflen);
+                       strncpy((char *)buf, lbuf, buflen);
                         BUMP(buf, buflen);
                 }
                 break;
                         BUMP(buf, buflen);
                 }
                 break;
diff --git a/usr/src/libexec/telnetd/state.c b/usr/src/libexec/telnetd/state.c

index de6296a..891d672 100644 (file)
--- a/usr/src/libexec/telnetd/state.c
+++ b/usr/src/libexec/telnetd/state.c
@@ -6,7 +6,7 @@
   */
  
  #ifndef lint
   */
  
  #ifndef lint
-static char sccsid[] = "@(#)state.c    5.9 (Berkeley) %G%";
+static char sccsid[] = "@(#)state.c    5.10 (Berkeley) %G%";
  #endif /* not lint */
  
  #include "telnetd.h"
  #endif /* not lint */
  
  #include "telnetd.h"
@@ -1271,6 +1271,9 @@ suboption()
         case TELQUAL_IS:
                 auth_is(subpointer, SB_LEN());
                 break;
         case TELQUAL_IS:
                 auth_is(subpointer, SB_LEN());
                 break;
+       case TELQUAL_NAME:
+               auth_name(subpointer, SB_LEN());
+               break;
         }
         break;
  #endif
         }
         break;
  #endif
@@ -1289,13 +1292,13 @@ suboption()
                 encrypt_reply(subpointer, SB_LEN());
                 break;
         case ENCRYPT_START:
                 encrypt_reply(subpointer, SB_LEN());
                 break;
         case ENCRYPT_START:
-               encrypt_start();
+               encrypt_start(subpointer, SB_LEN());
                 break;
         case ENCRYPT_END:
                 encrypt_end();
                 break;
         case ENCRYPT_REQSTART:
                 break;
         case ENCRYPT_END:
                 encrypt_end();
                 break;
         case ENCRYPT_REQSTART:
-               encrypt_request_start();
+               encrypt_request_start(subpointer, SB_LEN());
                 break;
         case ENCRYPT_REQEND:
                 /*
                 break;
         case ENCRYPT_REQEND:
                 /*
@@ -1306,6 +1309,12 @@ suboption()
                  */
                 encrypt_request_end();
                 break;
                  */
                 encrypt_request_end();
                 break;
+       case ENCRYPT_ENC_KEYID:
+               encrypt_enc_keyid(subpointer, SB_LEN());
+               break;
+       case ENCRYPT_DEC_KEYID:
+               encrypt_dec_keyid(subpointer, SB_LEN());
+               break;
         default:
                 break;
         }
         default:
                 break;
         }
diff --git a/usr/src/libexec/telnetd/termstat.c b/usr/src/libexec/telnetd/termstat.c

index 99f58b7..1c2f1e2 100644 (file)
--- a/usr/src/libexec/telnetd/termstat.c
+++ b/usr/src/libexec/telnetd/termstat.c
@@ -6,7 +6,7 @@
   */
  
  #ifndef lint
   */
  
  #ifndef lint
-static char sccsid[] = "@(#)termstat.c 5.9 (Berkeley) %G%";
+static char sccsid[] = "@(#)termstat.c 5.10 (Berkeley) %G%";
  #endif /* not lint */
  
  #include "telnetd.h"
  #endif /* not lint */
  
  #include "telnetd.h"
@@ -160,6 +160,26 @@ localstat()
                 tty_setlinemode(uselinemode);
         }
  
                 tty_setlinemode(uselinemode);
         }
  
+#if    defined(ENCRYPT)
+       /*
+        * If the terminal is not echoing, but editing is enabled,
+        * something like password input is going to happen, so
+        * if we the other side is not currently sending encrypted
+        * data, ask the other side to start encrypting.
+        */
+       if (his_state_is_will(TELOPT_ENCRYPT)) {
+               static int enc_passwd = 0;
+               if (uselinemode && !tty_isecho() && tty_isediting()
+                   && (enc_passwd == 0) && !decrypt_input) {
+                       encrypt_send_request_start();
+                       enc_passwd = 1;
+               } else if (enc_passwd) {
+                       encrypt_send_request_end();
+                       enc_passwd = 0;
+               }
+       }
+#endif
+
         /*
          * Do echo mode handling as soon as we know what the
          * linemode is going to be.
         /*
          * Do echo mode handling as soon as we know what the
          * linemode is going to be.
diff --git a/usr/src/libexec/telnetd/utility.c b/usr/src/libexec/telnetd/utility.c

index 9cfee00..abd4905 100644 (file)
--- a/usr/src/libexec/telnetd/utility.c
+++ b/usr/src/libexec/telnetd/utility.c
@@ -6,7 +6,7 @@
   */
  
  #ifndef lint
   */
  
  #ifndef lint
-static char sccsid[] = "@(#)utility.c  5.7 (Berkeley) %G%";
+static char sccsid[] = "@(#)utility.c  5.8 (Berkeley) %G%";
  #endif /* not lint */
  
  #define PRINTOPTIONS
  #endif /* not lint */
  
  #define PRINTOPTIONS
@@ -485,7 +485,7 @@ printsub(direction, pointer, length)
      int                        length;         /* length of suboption data */
  {
      register int i;
      int                        length;         /* length of suboption data */
  {
      register int i;
-    char buf[256];
+    char buf[512];
  
          if (!(diagnostic & TD_OPTIONS))
                 return;
  
          if (!(diagnostic & TD_OPTIONS))
                 return;
@@ -942,9 +942,9 @@ printsub(direction, pointer, length)
                     break;
                 }
                 sprintf(nfrontp, "%s|%s",
                     break;
                 }
                 sprintf(nfrontp, "%s|%s",
-                       (pointer[3] & AUTH_WHO_MASK == AUTH_WHO_CLIENT) ?
+                       ((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
                         "CLIENT" : "SERVER",
                         "CLIENT" : "SERVER",
-                       (pointer[3] & AUTH_HOW_MASK == AUTH_HOW_MUTUAL) ?
+                       ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
                         "MUTUAL" : "ONE-WAY");
                 nfrontp += strlen(nfrontp);
  
                         "MUTUAL" : "ONE-WAY");
                 nfrontp += strlen(nfrontp);
  
@@ -969,15 +969,24 @@ printsub(direction, pointer, length)
                         break;
                     }
                     sprintf(nfrontp, "%s|%s ",
                         break;
                     }
                     sprintf(nfrontp, "%s|%s ",
-                       (pointer[i] & AUTH_WHO_MASK == AUTH_WHO_CLIENT) ?
+                       ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
                                                         "CLIENT" : "SERVER",
                                                         "CLIENT" : "SERVER",
-                       (pointer[i] & AUTH_HOW_MASK == AUTH_HOW_MUTUAL) ?
+                       ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
                                                         "MUTUAL" : "ONE-WAY");
                     nfrontp += strlen(nfrontp);
                     ++i;
                 }
                 break;
  
                                                         "MUTUAL" : "ONE-WAY");
                     nfrontp += strlen(nfrontp);
                     ++i;
                 }
                 break;
  
+           case TELQUAL_NAME:
+               i = 2;
+               sprintf(nfrontp, " NAME \"");
+               nfrontp += strlen(nfrontp);
+               while (i < length)
+                   *nfrontp += pointer[i++];
+               *nfrontp += '"';
+               break;
+
             default:
                     for (i = 2; i < length; i++) {
                         sprintf(nfrontp, " ?%d?", pointer[i]);
             default:
                     for (i = 2; i < length; i++) {
                         sprintf(nfrontp, " ?%d?", pointer[i]);
@@ -1053,9 +1062,20 @@ printsub(direction, pointer, length)
                 }
                 break;
  
                 }
                 break;
  
+           case ENCRYPT_ENC_KEYID:
+               sprintf(nfrontp, " ENC_KEYID", pointer[1]);
+               nfrontp += strlen(nfrontp);
+               goto encommon;
+
+           case ENCRYPT_DEC_KEYID:
+               sprintf(nfrontp, " DEC_KEYID", pointer[1]);
+               nfrontp += strlen(nfrontp);
+               goto encommon;
+
             default:
             default:
-               sprintf(nfrontp, "%d (unknown)", pointer[1]);
+               sprintf(nfrontp, " %d (unknown)", pointer[1]);
                 nfrontp += strlen(nfrontp);
                 nfrontp += strlen(nfrontp);
+           encommon:
                 for (i = 2; i < length; i++) {
                     sprintf(nfrontp, " %d", pointer[i]);
                     nfrontp += strlen(nfrontp);
                 for (i = 2; i < length; i++) {
                     sprintf(nfrontp, " %d", pointer[i]);
                     nfrontp += strlen(nfrontp);
diff --git a/usr/src/usr.bin/telnet/commands.c b/usr/src/usr.bin/telnet/commands.c

index 4399bd2..ca0094e 100644 (file)
--- a/usr/src/usr.bin/telnet/commands.c
+++ b/usr/src/usr.bin/telnet/commands.c
@@ -6,7 +6,7 @@
   */
  
  #ifndef lint
   */
  
  #ifndef lint
-static char sccsid[] = "@(#)commands.c 5.4 (Berkeley) %G%";
+static char sccsid[] = "@(#)commands.c 5.5 (Berkeley) %G%";
  #endif /* not lint */
  
  #if    defined(unix)
  #endif /* not lint */
  
  #if    defined(unix)
@@ -578,6 +578,15 @@ togxbinary(val)
  
  
  extern int togglehelp P((void));
  
  
  extern int togglehelp P((void));
+#if    defined(AUTHENTICATE)
+extern int auth_togdebug P((int));
+#endif
+#if    defined(ENCRYPT)
+extern int EncryptAutoEnc P((int));
+extern int EncryptAutoDec P((int));
+extern int EncryptDebug P((int));
+extern int EncryptVerbose P((int));
+#endif
  
  struct togglelist {
      char       *name;          /* name of toggle */
  
  struct togglelist {
      char       *name;          /* name of toggle */
@@ -598,6 +607,45 @@ static struct togglelist Togglelist[] = {
             0,
                 &autosynch,
                     "send interrupt characters in urgent mode" },
             0,
                 &autosynch,
                     "send interrupt characters in urgent mode" },
+#if    defined(AUTHENTICATE)
+    { "autologin",
+       "automatic sending of login and/or authentication info",
+           0,
+               &autologin,
+                   "send login name and/or authentication information" },
+    { "authdebug",
+       "Toggle authentication debugging",
+           auth_togdebug,
+               0,
+                    "print authentication debugging information" },
+#endif
+#if    defined(ENCRYPT)
+    { "autoencrypt",
+       "automatic encryption of data stream",
+           EncryptAutoEnc,
+               0,
+                   "automatically encrypt output" },
+    { "autodecrypt",
+       "automatic decryption of data stream",
+           EncryptAutoDec,
+               0,
+                   "automatically decrypt input" },
+    { "verbose_encrypt",
+       "Toggle verbose encryption output",
+           EncryptVerbose,
+               0,
+                   "print verbose encryption output" },
+    { "encdebug",
+       "Toggle encryption debugging",
+           EncryptDebug,
+               0,
+                   "print encryption debugging information" },
+#endif
+    { "skiprc",
+       "don't read ~/.telnetrc file",
+           0,
+               &skiprc,
+                   "read ~/.telnetrc file" },
      { "binary",
         "sending and receiving of binary data",
             togbinary,
      { "binary",
         "sending and receiving of binary data",
             togbinary,
@@ -1764,14 +1812,11 @@ extern int
         auth_enable P((int)),
         auth_disable P((int)),
         auth_status P((void)),
         auth_enable P((int)),
         auth_disable P((int)),
         auth_status P((void)),
-       auth_togdebug P((void)),
         auth_help P((void));
  
  struct authlist AuthList[] = {
      { "status",        "Display current status of authentication information",
                                                 auth_status,    0 },
         auth_help P((void));
  
  struct authlist AuthList[] = {
      { "status",        "Display current status of authentication information",
                                                 auth_status,    0 },
-    { "debug", "Toggle authentication debugging",
-                                               auth_togdebug,  0 },
      { "disable", "Disable an authentication type ('auth disable ?' for more)",
                                                 auth_disable,   1 },
      { "enable", "Enable an authentication type ('auth enable ?' for more)",
      { "disable", "Disable an authentication type ('auth disable ?' for more)",
                                                 auth_disable,   1 },
      { "enable", "Enable an authentication type ('auth enable ?' for more)",
@@ -1842,6 +1887,7 @@ struct encryptlist {
  
  extern int
         EncryptEnable P((char *, char *)),
  
  extern int
         EncryptEnable P((char *, char *)),
+       EncryptDisable P((char *, char *)),
         EncryptType P((char *, char *)),
         EncryptStart P((char *)),
         EncryptStartInput P((void)),
         EncryptType P((char *, char *)),
         EncryptStart P((char *)),
         EncryptStartInput P((void)),
@@ -1849,15 +1895,14 @@ extern int
         EncryptStop P((char *)),
         EncryptStopInput P((void)),
         EncryptStopOutput P((void)),
         EncryptStop P((char *)),
         EncryptStopInput P((void)),
         EncryptStopOutput P((void)),
-       EncryptTogAuto P((void)),
-       EncryptTogDebug P((void)),
-       EncryptTogVerbose P((void)),
         EncryptStatus P((void)),
         EncryptHelp P((void));
  
  struct encryptlist EncryptList[] = {
      { "enable", "Enable encryption. ('encrypt enable ?' for more)",
                                                 EncryptEnable, 1, 1, 2 },
         EncryptStatus P((void)),
         EncryptHelp P((void));
  
  struct encryptlist EncryptList[] = {
      { "enable", "Enable encryption. ('encrypt enable ?' for more)",
                                                 EncryptEnable, 1, 1, 2 },
+    { "disable", "Disable encryption. ('encrypt enable ?' for more)",
+                                               EncryptDisable, 0, 1, 2 },
      { "type", "Set encryptiong type. ('encrypt type ?' for more)",
                                                 EncryptType, 0, 1, 1 },
      { "start", "Start encryption. ('encrypt start ?' for more)",
      { "type", "Set encryptiong type. ('encrypt type ?' for more)",
                                                 EncryptType, 0, 1, 1 },
      { "start", "Start encryption. ('encrypt start ?' for more)",
@@ -1875,12 +1920,6 @@ struct encryptlist EncryptList[] = {
  
      { "status",        "Display current status of authentication information",
                                                 EncryptStatus,  0, 0, 0 },
  
      { "status",        "Display current status of authentication information",
                                                 EncryptStatus,  0, 0, 0 },
-    { "auto", "Toggle automatic enabling of encryption",
-                                               EncryptTogAuto, 0, 0, 0 },
-    { "verbose", "Toggle verbose encryption output",
-                                               EncryptTogVerbose, 0, 0, 0 },
-    { "debug", "Toggle encryption debugging",
-                                               EncryptTogDebug, 0, 0, 0 },
      { "help",  0,                              EncryptHelp,    0, 0, 0 },
      { "?",     "Print help information",       EncryptHelp,    0, 0, 0 },
      { 0 },
      { "help",  0,                              EncryptHelp,    0, 0, 0 },
      { "?",     "Print help information",       EncryptHelp,    0, 0, 0 },
      { 0 },
@@ -2534,6 +2573,9 @@ cmdrc(m1, m2)
      int l2 = strlen(m2);
      char m1save[64];
  
      int l2 = strlen(m2);
      char m1save[64];
  
+    if (skiprc)
+       return;
+
      strcpy(m1save, m1);
      m1 = m1save;
  
      strcpy(m1save, m1);
      m1 = m1save;
  
@@ -2558,6 +2600,10 @@ cmdrc(m1, m2)
             break;
         if (line[0] == '#')
             continue;
             break;
         if (line[0] == '#')
             continue;
+       if (gotmachine) {
+           if (!isspace(line[0]))
+               gotmachine = 0;
+       }
         if (gotmachine == 0) {
             if (isspace(line[0]))
                 continue;
         if (gotmachine == 0) {
             if (isspace(line[0]))
                 continue;
@@ -2565,14 +2611,13 @@ cmdrc(m1, m2)
                 strncpy(line, &line[l1], sizeof(line) - l1);
             else if (strncasecmp(line, m2, l2) == 0)
                 strncpy(line, &line[l2], sizeof(line) - l2);
                 strncpy(line, &line[l1], sizeof(line) - l1);
             else if (strncasecmp(line, m2, l2) == 0)
                 strncpy(line, &line[l2], sizeof(line) - l2);
+           else if (strncasecmp(line, "DEFAULT", 7) == 0)
+               strncpy(line, &line[7], sizeof(line) - 7);
             else
                 continue;
             else
                 continue;
-           gotmachine = 1;
-       } else {
-           if (!isspace(line[0])) {
-               gotmachine = 0;
+           if (line[0] != ' ' && line[0] != '\t' && line[0] != '\n')
                 continue;
                 continue;
-           }
+           gotmachine = 1;
         }
         makeargv();
         if (margv[0] == 0)
         }
         makeargv();
         if (margv[0] == 0)
diff --git a/usr/src/usr.bin/telnet/externs.h b/usr/src/usr.bin/telnet/externs.h

index 5a179fa..c6b0d90 100644 (file)
--- a/usr/src/usr.bin/telnet/externs.h
+++ b/usr/src/usr.bin/telnet/externs.h
@@ -4,7 +4,7 @@
   *
   * %sccs.include.redist.c%
   *
   *
   * %sccs.include.redist.c%
   *
- *     @(#)externs.h   5.2 (Berkeley) %G%
+ *     @(#)externs.h   5.3 (Berkeley) %G%
   */
  
  #ifndef        BSD
   */
  
  #ifndef        BSD
@@ -70,6 +70,7 @@ extern int errno;             /* outside this world */
  
  extern int
      autologin,         /* Autologin enabled */
  
  extern int
      autologin,         /* Autologin enabled */
+    skiprc,            /* Don't process the ~/.telnetrc file */
      eight,             /* use eight bit mode (binary in and/or out */
      flushout,          /* flush output */
      connected,         /* Are we connected to the other side? */
      eight,             /* use eight bit mode (binary in and/or out */
      flushout,          /* flush output */
      connected,         /* Are we connected to the other side? */
diff --git a/usr/src/usr.bin/telnet/main.c b/usr/src/usr.bin/telnet/main.c

index a06e478..46f02d0 100644 (file)
--- a/usr/src/usr.bin/telnet/main.c
+++ b/usr/src/usr.bin/telnet/main.c
@@ -12,7 +12,7 @@ char copyright[] =
  #endif /* not lint */
  
  #ifndef lint
  #endif /* not lint */
  
  #ifndef lint
-static char sccsid[] = "@(#)main.c     5.3 (Berkeley) %G%";
+static char sccsid[] = "@(#)main.c     5.4 (Berkeley) %G%";
  #endif /* not lint */
  
  #include <sys/types.h>
  #endif /* not lint */
  
  #include <sys/types.h>
@@ -142,6 +142,9 @@ main(argc, argv)
                 case 'a':
                         autologin = 1;
                         break;
                 case 'a':
                         autologin = 1;
                         break;
+               case 'c':
+                       skiprc = 1;
+                       break;
                 case 'd':
                         debug = 1;
                         break;
                 case 'd':
                         debug = 1;
                         break;
@@ -196,7 +199,8 @@ main(argc, argv)
                         break;
                 case 'x':
  #ifdef ENCRYPT
                         break;
                 case 'x':
  #ifdef ENCRYPT
-                       encrypt_auto();
+                       encrypt_auto(1);
+                       decrypt_auto(1);
  #else
                         fprintf(stderr,
                             "%s: Warning: -x ignored, no ENCRYPT support.\n",
  #else
                         fprintf(stderr,
                             "%s: Warning: -x ignored, no ENCRYPT support.\n",
diff --git a/usr/src/usr.bin/telnet/telnet.c b/usr/src/usr.bin/telnet/telnet.c

index 77707e2..53b8006 100644 (file)
--- a/usr/src/usr.bin/telnet/telnet.c
+++ b/usr/src/usr.bin/telnet/telnet.c
@@ -6,7 +6,7 @@
   */
  
  #ifndef lint
   */
  
  #ifndef lint
-static char sccsid[] = "@(#)telnet.c   5.52 (Berkeley) %G%";
+static char sccsid[] = "@(#)telnet.c   5.53 (Berkeley) %G%";
  #endif /* not lint */
  
  #include <sys/types.h>
  #endif /* not lint */
  
  #include <sys/types.h>
@@ -53,6 +53,7 @@ char  will_wont_resp[256];
  int
         eight = 0,
         autologin = 0,  /* Autologin anyone? */
  int
         eight = 0,
         autologin = 0,  /* Autologin anyone? */
+       skiprc = 0,
         connected,
         showoptions,
         In3270,         /* Are we in 3270 mode? */
         connected,
         showoptions,
         In3270,         /* Are we in 3270 mode? */
@@ -926,6 +927,11 @@ suboption()
                                 return;
                         auth_reply(subpointer, SB_LEN());
                         break;
                                 return;
                         auth_reply(subpointer, SB_LEN());
                         break;
+               case TELQUAL_NAME:
+                       if (my_want_state_is_dont(TELOPT_AUTHENTICATION))
+                               return;
+                       auth_name(subpointer, SB_LEN());
+                       break;
                 }
         }
         break;
                 }
         }
         break;
@@ -938,7 +944,7 @@ suboption()
                 case ENCRYPT_START:
                         if (my_want_state_is_dont(TELOPT_ENCRYPT))
                                 return;
                 case ENCRYPT_START:
                         if (my_want_state_is_dont(TELOPT_ENCRYPT))
                                 return;
-                       encrypt_start();
+                       encrypt_start(subpointer, SB_LEN());
                         break;
                 case ENCRYPT_END:
                         if (my_want_state_is_dont(TELOPT_ENCRYPT))
                         break;
                 case ENCRYPT_END:
                         if (my_want_state_is_dont(TELOPT_ENCRYPT))
@@ -953,7 +959,7 @@ suboption()
                 case ENCRYPT_REQSTART:
                         if (my_want_state_is_wont(TELOPT_ENCRYPT))
                                 return;
                 case ENCRYPT_REQSTART:
                         if (my_want_state_is_wont(TELOPT_ENCRYPT))
                                 return;
-                       encrypt_request_start();
+                       encrypt_request_start(subpointer, SB_LEN());
                         break;
                 case ENCRYPT_REQEND:
                         if (my_want_state_is_wont(TELOPT_ENCRYPT))
                         break;
                 case ENCRYPT_REQEND:
                         if (my_want_state_is_wont(TELOPT_ENCRYPT))
@@ -976,6 +982,16 @@ suboption()
                                 return;
                         encrypt_reply(subpointer, SB_LEN());
                         break;
                                 return;
                         encrypt_reply(subpointer, SB_LEN());
                         break;
+               case ENCRYPT_ENC_KEYID:
+                       if (my_want_state_is_dont(TELOPT_ENCRYPT))
+                               return;
+                       encrypt_enc_keyid(subpointer, SB_LEN());
+                       break;
+               case ENCRYPT_DEC_KEYID:
+                       if (my_want_state_is_wont(TELOPT_ENCRYPT))
+                               return;
+                       encrypt_dec_keyid(subpointer, SB_LEN());
+                       break;
                 default:
                         break;
                 }
                 default:
                         break;
                 }
diff --git a/usr/src/usr.bin/telnet/terminal.c b/usr/src/usr.bin/telnet/terminal.c

index 310d551..0497c36 100644 (file)
--- a/usr/src/usr.bin/telnet/terminal.c
+++ b/usr/src/usr.bin/telnet/terminal.c
@@ -6,7 +6,7 @@
   */
  
  #ifndef lint
   */
  
  #ifndef lint
-static char sccsid[] = "@(#)terminal.c 5.2 (Berkeley) %G%";
+static char sccsid[] = "@(#)terminal.c 5.3 (Berkeley) %G%";
  #endif /* not lint */
  
  #include <arpa/telnet.h>
  #endif /* not lint */
  
  #include <arpa/telnet.h>
@@ -192,7 +192,7 @@ setconnmode(force)
      if ((newmode & (MODE_ECHO|MODE_EDIT)) == MODE_EDIT) {
         if (my_want_state_is_will(TELOPT_ENCRYPT)
                                 && (enc_passwd == 0) && !encrypt_output) {
      if ((newmode & (MODE_ECHO|MODE_EDIT)) == MODE_EDIT) {
         if (my_want_state_is_will(TELOPT_ENCRYPT)
                                 && (enc_passwd == 0) && !encrypt_output) {
-           encrypt_request_start();
+           encrypt_request_start(0, 0);
             enc_passwd = 1;
         }
      } else {
             enc_passwd = 1;
         }
      } else {
diff --git a/usr/src/usr.bin/telnet/utilities.c b/usr/src/usr.bin/telnet/utilities.c

index 8eb30ba..8117c12 100644 (file)
--- a/usr/src/usr.bin/telnet/utilities.c
+++ b/usr/src/usr.bin/telnet/utilities.c
@@ -6,7 +6,7 @@
   */
  
  #ifndef lint
   */
  
  #ifndef lint
-static char sccsid[] = "@(#)utilities.c        5.2 (Berkeley) %G%";
+static char sccsid[] = "@(#)utilities.c        5.3 (Berkeley) %G%";
  #endif /* not lint */
  
  #define        TELOPTS
  #endif /* not lint */
  
  #define        TELOPTS
@@ -268,7 +268,7 @@ printsub(direction, pointer, length)
      int                  length;       /* length of suboption data */
  {
      register int i;
      int                  length;       /* length of suboption data */
  {
      register int i;
-    char buf[256];
+    char buf[512];
      extern int want_status_response;
  
      if (showoptions || direction == 0 ||
      extern int want_status_response;
  
      if (showoptions || direction == 0 ||
@@ -406,9 +406,9 @@ printsub(direction, pointer, length)
                     break;
                 }
                 fprintf(NetTrace, "%s|%s",
                     break;
                 }
                 fprintf(NetTrace, "%s|%s",
-                       (pointer[3] & AUTH_WHO_MASK == AUTH_WHO_CLIENT) ?
+                       ((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
                         "CLIENT" : "SERVER",
                         "CLIENT" : "SERVER",
-                       (pointer[3] & AUTH_HOW_MASK == AUTH_HOW_MUTUAL) ?
+                       ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
                         "MUTUAL" : "ONE-WAY");
  
                 auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
                         "MUTUAL" : "ONE-WAY");
  
                 auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
@@ -428,14 +428,22 @@ printsub(direction, pointer, length)
                         break;
                     }
                     fprintf(NetTrace, "%s|%s ",
                         break;
                     }
                     fprintf(NetTrace, "%s|%s ",
-                       (pointer[i] & AUTH_WHO_MASK == AUTH_WHO_CLIENT) ?
+                       ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
                                                         "CLIENT" : "SERVER",
                                                         "CLIENT" : "SERVER",
-                       (pointer[i] & AUTH_HOW_MASK == AUTH_HOW_MUTUAL) ?
+                       ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
                                                         "MUTUAL" : "ONE-WAY");
                     ++i;
                 }
                 break;
  
                                                         "MUTUAL" : "ONE-WAY");
                     ++i;
                 }
                 break;
  
+           case TELQUAL_NAME:
+               i = 2;
+               fprintf(NetTrace, " NAME \"");
+               while (i < length)
+                   putc(pointer[i++], NetTrace);
+               putc('"', NetTrace);
+               break;
+
             default:
                     for (i = 2; i < length; i++)
                         fprintf(NetTrace, " ?%d?", pointer[i]);
             default:
                     for (i = 2; i < length; i++)
                         fprintf(NetTrace, " ?%d?", pointer[i]);
@@ -497,8 +505,17 @@ printsub(direction, pointer, length)
                 }
                 break;
  
                 }
                 break;
  
+           case ENCRYPT_ENC_KEYID:
+               fprintf(NetTrace, " ENC_KEYID ");
+               goto encommon;
+
+           case ENCRYPT_DEC_KEYID:
+               fprintf(NetTrace, " DEC_KEYID ");
+               goto encommon;
+
             default:
             default:
-               fprintf(NetTrace, "%d (unknown)", pointer[1]);
+               fprintf(NetTrace, " %d (unknown)", pointer[1]);
+           encommon:
                 for (i = 2; i < length; i++)
                     fprintf(NetTrace, " %d", pointer[i]);
                 break;
                 for (i = 2; i < length; i++)
                     fprintf(NetTrace, " %d", pointer[i]);
                 break;
author	Dave A. Borman <dab@ucbvax.Berkeley.EDU>
	Sat, 23 Mar 1991 05:17:52 +0000 (21:17 -0800)
committer	Dave A. Borman <dab@ucbvax.Berkeley.EDU>
	Sat, 23 Mar 1991 05:17:52 +0000 (21:17 -0800)
usr/src/lib/libtelnet/Makefile		patch \| blob \| blame \| history
usr/src/lib/libtelnet/auth-proto.h		patch \| blob \| blame \| history
usr/src/lib/libtelnet/auth.c		patch \| blob \| blame \| history
usr/src/lib/libtelnet/enc-proto.h		patch \| blob \| blame \| history
usr/src/lib/libtelnet/encrypt.c		patch \| blob \| blame \| history
usr/src/lib/libtelnet/encrypt.h		patch \| blob \| blame \| history
usr/src/lib/libtelnet/kerberos.c		patch \| blob \| blame \| history
usr/src/lib/libtelnet/kerberos5.c		patch \| blob \| blame \| history
usr/src/libexec/telnetd/state.c		patch \| blob \| blame \| history
usr/src/libexec/telnetd/termstat.c		patch \| blob \| blame \| history
usr/src/libexec/telnetd/utility.c		patch \| blob \| blame \| history
usr/src/usr.bin/telnet/commands.c		patch \| blob \| blame \| history
usr/src/usr.bin/telnet/externs.h		patch \| blob \| blame \| history
usr/src/usr.bin/telnet/main.c		patch \| blob \| blame \| history
usr/src/usr.bin/telnet/telnet.c		patch \| blob \| blame \| history
usr/src/usr.bin/telnet/terminal.c		patch \| blob \| blame \| history
usr/src/usr.bin/telnet/utilities.c		patch \| blob \| blame \| history