static int
fb64_start(struct fb *fbp, int dir, int server __unused)
{
size_t x;
unsigned char *p;
int state;
switch (dir) {
case DIR_DECRYPT:
/*
* This is simply a request to have the other side
* start output (our input). He will negotiate an
* IV so we need not look for it.
*/
state = fbp->state[dir-1];
if (state == FAILED)
state = IN_PROGRESS;
break;
case DIR_ENCRYPT:
state = fbp->state[dir-1];
if (state == FAILED)
state = IN_PROGRESS;
else if ((state & NO_SEND_IV) == 0)
break;
if (!VALIDKEY(fbp->krbdes_key)) {
fbp->need_start = 1;
break;
}
state &= ~NO_SEND_IV;
state |= NO_RECV_IV;
if (encrypt_debug_mode)
printf("Creating new feed\r\n");
/*
* Create a random feed and send it over.
*/
des_random_key((Block *)fbp->temp_feed);
des_ecb_encrypt((Block *)fbp->temp_feed, (Block *)fbp->temp_feed,
fbp->krbdes_sched, 1);
p = fbp->fb_feed + 3;
*p++ = ENCRYPT_IS;
p++;
*p++ = FB64_IV;
for (x = 0; x < sizeof(Block); ++x) {
if ((*p++ = fbp->temp_feed[x]) == IAC)
*p++ = IAC;
}
*p++ = IAC;
*p++ = SE;
printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
net_write(fbp->fb_feed, p - fbp->fb_feed);
break;
default:
return(FAILED);
}
return(fbp->state[dir-1] = state);
}
void
kerberos4_is(Authenticator *ap, unsigned char *data, int cnt)
{
struct sockaddr_in addr;
char realm[REALM_SZ];
char instance[INST_SZ];
int r;
int addr_len;
if (cnt-- < 1)
return;
switch (*data++) {
case KRB_AUTH:
if (krb_get_lrealm(realm, 1) != KSUCCESS) {
Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1);
auth_finished(ap, AUTH_REJECT);
if (auth_debug_mode)
printf("No local realm\r\n");
return;
}
memmove(auth.dat, data, auth.length = cnt);
if (auth_debug_mode) {
printf("Got %d bytes of authentication data\r\n", cnt);
printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
printd(auth.dat, auth.length);
printf("\r\n");
}
k_getsockinst(0, instance, sizeof(instance));
addr_len = sizeof(addr);
if(getpeername(0, (struct sockaddr *)&addr, &addr_len) < 0) {
if(auth_debug_mode)
printf("getpeername failed\r\n");
Data(ap, KRB_REJECT, "getpeername failed", -1);
auth_finished(ap, AUTH_REJECT);
return;
}
r = krb_rd_req(&auth, KRB_SERVICE_NAME,
instance, addr.sin_addr.s_addr, &adat, "");
if (r) {
if (auth_debug_mode)
printf("Kerberos failed him as %s\r\n", name);
Data(ap, KRB_REJECT, (void *)krb_get_err_text(r), -1);
auth_finished(ap, AUTH_REJECT);
return;
}
/* save the session key */
memmove(session_key, adat.session, sizeof(adat.session));
krb_kntoln(&adat, name);
if (UserNameRequested && !kuserok(&adat, UserNameRequested)){
char ts[MAXPATHLEN];
struct passwd *pw = getpwnam(UserNameRequested);
if(pw){
snprintf(ts, sizeof(ts),
"%s%u",
TKT_ROOT,
(unsigned)pw->pw_uid);
setenv("KRBTKFILE", ts, 1);
}
Data(ap, KRB_ACCEPT, NULL, 0);
} else {
char *msg;
asprintf (&msg, "user `%s' is not authorized to "
"login as `%s'",
krb_unparse_name_long(adat.pname,
adat.pinst,
adat.prealm),
UserNameRequested ? UserNameRequested : "<nobody>");
if (msg == NULL)
Data(ap, KRB_REJECT, NULL, 0);
else {
Data(ap, KRB_REJECT, (void *)msg, -1);
free(msg);
}
}
auth_finished(ap, AUTH_USER);
break;
case KRB_CHALLENGE:
#ifndef ENCRYPTION
Data(ap, KRB_RESPONSE, NULL, 0);
#else
if(!VALIDKEY(session_key)){
Data(ap, KRB_RESPONSE, NULL, 0);
break;
}
des_key_sched(&session_key, sched);
{
des_cblock d_block;
int i;
Session_Key skey;
memmove(d_block, data, sizeof(d_block));
/* make a session key for encryption */
des_ecb_encrypt(&d_block, &session_key, sched, 1);
skey.type=SK_DES;
skey.length=8;
skey.data=session_key;
encrypt_session_key(&skey, 1);
/* decrypt challenge, add one and encrypt it */
des_ecb_encrypt(&d_block, &challenge, sched, 0);
for (i = 7; i >= 0; i--)
if(++challenge[i] != 0)
break;
des_ecb_encrypt(&challenge, &challenge, sched, 1);
Data(ap, KRB_RESPONSE, (void *)challenge, sizeof(challenge));
}
#endif
break;
case KRB_FORWARD:
{
des_key_schedule ks;
unsigned char netcred[sizeof(CREDENTIALS)];
CREDENTIALS cred;
int ret;
if(cnt > sizeof(cred))
abort();
des_set_key(&session_key, ks);
des_pcbc_encrypt((void*)data, (void*)netcred, cnt,
ks, &session_key, DES_DECRYPT);
unpack_cred(netcred, cnt, &cred);
{
if(strcmp(cred.service, KRB_TICKET_GRANTING_TICKET) ||
strncmp(cred.instance, cred.realm, sizeof(cred.instance)) ||
cred.lifetime < 0 || cred.lifetime > 255 ||
cred.kvno < 0 || cred.kvno > 255 ||
cred.issue_date < 0 ||
cred.issue_date > time(0) + CLOCK_SKEW ||
strncmp(cred.pname, adat.pname, sizeof(cred.pname)) ||
strncmp(cred.pinst, adat.pinst, sizeof(cred.pname))){
Data(ap, KRB_FORWARD_REJECT, "Bad credentials", -1);
}else{
if((ret = tf_setup(&cred,
cred.pname,
cred.pinst)) == KSUCCESS){
struct passwd *pw = getpwnam(UserNameRequested);
if (pw)
chown(tkt_string(), pw->pw_uid, pw->pw_gid);
Data(ap, KRB_FORWARD_ACCEPT, 0, 0);
} else{
Data(ap, KRB_FORWARD_REJECT,
krb_get_err_text(ret), -1);
}
}
}
memset(data, 0, cnt);
memset(ks, 0, sizeof(ks));
memset(&cred, 0, sizeof(cred));
}
break;
default:
if (auth_debug_mode)
printf("Unknown Kerberos option %d\r\n", data[-1]);
Data(ap, KRB_REJECT, 0, 0);
break;
}
}
static int fb64_start(struct fb *fbp, int dir, int server)
{
int x;
unsigned char *p;
int state;
switch (dir) {
case DIR_DECRYPT:
/*
* This is simply a request to have the other side
* start output (our input). He will negotiate an
* IV so we need not look for it.
*/
state = fbp->state[dir-1];
if (state == FAILED)
state = IN_PROGRESS;
break;
case DIR_ENCRYPT:
state = fbp->state[dir-1];
if (state == FAILED)
state = IN_PROGRESS;
else if ((state & NO_SEND_IV) == 0) {
break;
}
if (!VALIDKEY(fbp->krbdes_key)) {
fbp->need_start = 1;
break;
}
state &= ~NO_SEND_IV;
state |= NO_RECV_IV;
if (encrypt_debug_mode)
printf("Creating new feed\r\n");
/*
* Create a random feed and send it over.
*/
do {
if (RAND_bytes(fbp->temp_feed,
sizeof(*fbp->temp_feed)) != 1)
abort();
DES_set_odd_parity(&fbp->temp_feed);
} while(DES_is_weak_key(&fbp->temp_feed));
p = fbp->fb_feed + 3;
*p++ = ENCRYPT_IS;
p++;
*p++ = FB64_IV;
for (x = 0; x < sizeof(DES_cblock); ++x) {
if ((*p++ = fbp->temp_feed[x]) == IAC)
*p++ = IAC;
}
*p++ = IAC;
*p++ = SE;
printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
break;
default:
return(FAILED);
}
return(fbp->state[dir-1] = state);
}