Beispiel #1
0
int
EncryptDisable(char *type, char *mode)
{
	Encryptions *ep;
	int ret = 0;

	if (isprefix(type, "help") || isprefix(type, "?")) {
		printf("Usage: encrypt disable <type> [input|output]\n");
		encrypt_list_types();
	} else if ((ep = (Encryptions *)genget(type, (char **)encryptions,
						sizeof(Encryptions))) == 0) {
		printf("%s: invalid encryption type\n", type);
	} else if (Ambiguous((char **)ep)) {
		printf("Ambiguous type '%s'\n", type);
	} else {
		if ((mode == 0) || (isprefix(mode, "input") ? 1 : 0)) {
			if (decrypt_mode == ep->type)
				EncryptStopInput();
			i_wont_support_decrypt |= typemask(ep->type);
			ret = 1;
		}
		if ((mode == 0) || (isprefix(mode, "output"))) {
			if (encrypt_mode == ep->type)
				EncryptStopOutput();
			i_wont_support_encrypt |= typemask(ep->type);
			ret = 1;
		}
		if (ret == 0)
			printf("%s: invalid encryption mode\n", mode);
	}
	return(ret);
}
Beispiel #2
0
void
encrypt_init(const char *name, int server)
{
	Encryptions *ep = encryptions;

	Name = name;
	Server = server;
	i_support_encrypt = i_support_decrypt = 0;
	remote_supports_encrypt = remote_supports_decrypt = 0;
	encrypt_mode = 0;
	decrypt_mode = 0;
	encrypt_output = 0;
	decrypt_input = 0;

	str_suplen = 4;

	while (ep->type) {
		if (encrypt_debug_mode)
			printf(">>>%s: I will support %s\r\n",
				Name, ENCTYPE_NAME(ep->type));
		i_support_encrypt |= typemask(ep->type);
		i_support_decrypt |= typemask(ep->type);
		if ((i_wont_support_decrypt & typemask(ep->type)) == 0)
			if ((str_send[str_suplen++] = ep->type) == IAC)
				str_send[str_suplen++] = IAC;
		if (ep->init)
			(*ep->init)(Server);
		++ep;
	}
	str_send[str_suplen++] = IAC;
	str_send[str_suplen++] = SE;
}
Beispiel #3
0
/*
 * This routine is called by the server to start authentication
 * negotiation.
 */
void
auth_request(void)
{
	static unsigned char str_request[64] = { IAC, SB,
						 TELOPT_AUTHENTICATION,
						 TELQUAL_SEND, };
	Authenticator *ap = authenticators;
	unsigned char *e = str_request + 4;

	if (!authenticating) {
		authenticating = 1;
		while (ap->type) {
			if (i_support & ~i_wont_support & typemask(ap->type)) {
				if (auth_debug_mode) {
					printf(">>>%s: Sending type %d %d\r\n",
						Name, ap->type, ap->way);
				}
				*e++ = ap->type;
				*e++ = ap->way;
			}
			++ap;
		}
		*e++ = IAC;
		*e++ = SE;
		net_write(str_request, e - str_request);
		printsub('>', &str_request[2], e - str_request - 2);
	}
}
Beispiel #4
0
int
auth_onoff(char *type, int on)
{
	int i, mask = -1;
	Authenticator *ap;

	if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
		printf("auth %s 'type'\n", on ? "enable" : "disable");
		printf("Where 'type' is one of:\n");
		printf("\t%s\n", AUTHTYPE_NAME(0));
		mask = 0;
		for (ap = authenticators; ap->type; ap++) {
			if ((mask & (i = typemask(ap->type))) != 0)
				continue;
			mask |= i;
			printf("\t%s\n", AUTHTYPE_NAME(ap->type));
		}
		return(0);
	}

	if (!getauthmask(type, &mask)) {
		printf("%s: invalid authentication type\n", type);
		return(0);
	}
	if (on)
		i_wont_support &= ~mask;
	else
		i_wont_support |= mask;
	return(1);
}
Beispiel #5
0
void
auth_init(const char *name, int server)
{
	Authenticator *ap = authenticators;

	Server = server;
	Name = name;

	i_support = 0;
	authenticated = 0;
	authenticating = 0;
	while (ap->type) {
		if (!ap->init || (*ap->init)(ap, server)) {
			i_support |= typemask(ap->type);
			if (auth_debug_mode)
				printf(">>>%s: I support auth type %d %d\r\n",
					Name,
					ap->type, ap->way);
		}
		else if (auth_debug_mode)
			printf(">>>%s: Init failed: auth type %d %d\r\n",
				Name, ap->type, ap->way);
		++ap;
	}
}
Beispiel #6
0
void
auth_init (char *name, int server)
{
  TN_Authenticator *ap = authenticators;

  Server = server;
  Name = name;

  i_support = 0;
  authenticated = 0;
  authenticating = 0;
  while (ap->type)
    {
      if (!ap->init || (*ap->init) (ap, server))
	{
	  i_support |= typemask (ap->type);
	  if (auth_debug_mode)
	    printf (">>>%s: I support auth type %s (%d) %s (%d)\r\n",
		    Name,
		    AUTHTYPE_NAME_OK (ap->type) ?
		    AUTHTYPE_NAME (ap->type) :
		    "unknown",
		    ap->type,
		    ap->way &
		    AUTH_HOW_MASK &
		    AUTH_HOW_MUTUAL ? "MUTUAL" : "ONEWAY", ap->way);
	}
      else if (auth_debug_mode)
	printf (">>>%s: Init failed: auth type %d %d\r\n",
		Name, ap->type, ap->way);
      ++ap;
    }
}
Beispiel #7
0
void
auth_disable_name(char *name)
{
	int x;
	for (x = 0; x < AUTHTYPE_CNT; ++x) {
		if (AUTHTYPE_NAME(x) && !strcasecmp(name, AUTHTYPE_NAME(x))) {
			i_wont_support |= typemask(x);
			break;
		}
	}
}
Beispiel #8
0
static Encryptions *
finddecryption(int type)
{
	Encryptions *ep = encryptions;

	if (!(I_SUPPORT_DECRYPT & remote_supports_encrypt & (unsigned)typemask(type)))
		return(0);
	while (ep->type && ep->type != type)
		++ep;
	return(ep->type ? ep : 0);
}
Beispiel #9
0
int
auth_status(void)
{
	Authenticator *ap;
	int i, mask;

	if (i_wont_support == -1)
		printf("Authentication disabled\n");
	else
		printf("Authentication enabled\n");

	mask = 0;
	for (ap = authenticators; ap->type; ap++) {
		if ((mask & (i = typemask(ap->type))) != 0)
			continue;
		mask |= i;
		printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
			(i_wont_support & typemask(ap->type)) ?
					"disabled" : "enabled");
	}
	return(1);
}
Beispiel #10
0
/*
 * Called when ENCRYPT SUPPORT is received.
 */
void
encrypt_support(unsigned char *typelist, int cnt)
{
	int type, use_type = 0;
	Encryptions *ep;

	/*
	 * Forget anything the other side has previously told us.
	 */
	remote_supports_decrypt = 0;

	while (cnt-- > 0) {
		type = *typelist++;
		if (encrypt_debug_mode)
			printf(">>>%s: He is supporting %s (%d)\r\n",
				Name,
				ENCTYPE_NAME(type), type);
		if ((type < ENCTYPE_CNT) &&
		    (I_SUPPORT_ENCRYPT & typemask(type))) {
			remote_supports_decrypt |= typemask(type);
			if (use_type == 0)
				use_type = type;
		}
	}
	if (use_type) {
		ep = findencryption(use_type);
		if (!ep)
			return;
		type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0;
		if (encrypt_debug_mode)
			printf(">>>%s: (*ep->start)() returned %d\r\n",
					Name, type);
		if (type < 0)
			return;
		encrypt_mode = use_type;
		if (type == 0)
			encrypt_start_output(use_type);
	}
}
Beispiel #11
0
int
getauthmask(char *type, int *maskp)
{
	int x;

	if (AUTHTYPE_NAME(0) && !strcasecmp(type, AUTHTYPE_NAME(0))) {
		*maskp = -1;
		return(1);
	}

	for (x = 1; x < AUTHTYPE_CNT; ++x) {
		if (AUTHTYPE_NAME(x) && !strcasecmp(type, AUTHTYPE_NAME(x))) {
			*maskp = typemask(x);
			return(1);
		}
	}
	return(0);
}
Beispiel #12
0
void
encrypt_is(unsigned char *data, int cnt)
{
	Encryptions *ep;
	int type, ret;

	if (--cnt < 0)
		return;
	type = *data++;
	if (type < ENCTYPE_CNT)
		remote_supports_encrypt |= typemask(type);
	if (!(ep = finddecryption(type))) {
		if (encrypt_debug_mode)
			printf(">>>%s: Can't find type %s (%d) for initial negotiation\r\n",
				Name,
				ENCTYPE_NAME_OK(type)
					? ENCTYPE_NAME(type) : "(unknown)",
				type);
		return;
	}
	if (!ep->is) {
		if (encrypt_debug_mode)
			printf(">>>%s: No initial negotiation needed for type %s (%d)\r\n",
				Name,
				ENCTYPE_NAME_OK(type)
					? ENCTYPE_NAME(type) : "(unknown)",
				type);
		ret = 0;
	} else {
		ret = (*ep->is)(data, cnt);
		if (encrypt_debug_mode)
			printf("(*ep->is)(%p, %d) returned %s(%d)\n", data, cnt,
				(ret < 0) ? "FAIL " :
				(ret == 0) ? "SUCCESS " : "MORE_TO_DO ", ret);
	}
	if (ret < 0) {
		autodecrypt = 0;
	} else {
		decrypt_mode = type;
		if (ret == 0 && autodecrypt)
			encrypt_send_request_start();
	}
}
Beispiel #13
0
void	(*encrypt_output) P((unsigned char *, int));
int	(*decrypt_input) P((int));

int encrypt_debug_mode = 0;
static int decrypt_mode = 0;
static int encrypt_mode = 0;
static int encrypt_verbose = 0;
static int autoencrypt = 0;
static int autodecrypt = 0;
static int havesessionkey = 0;
static int Server = 0;
static char *Name = "Noname";

#define	typemask(x)	((x) > 0 ? 1 << ((x)-1) : 0)

static long i_support_encrypt = typemask(ENCTYPE_DES_CFB64)
				| typemask(ENCTYPE_DES_OFB64);
static long i_support_decrypt = typemask(ENCTYPE_DES_CFB64)
				| typemask(ENCTYPE_DES_OFB64);
static long i_wont_support_encrypt = 0;
static long i_wont_support_decrypt = 0;
#define	I_SUPPORT_ENCRYPT	(i_support_encrypt & ~i_wont_support_encrypt)
#define	I_SUPPORT_DECRYPT	(i_support_decrypt & ~i_wont_support_decrypt)

static long remote_supports_encrypt = 0;
static long remote_supports_decrypt = 0;

static Encryptions encryptions[] = {
#ifdef	DES_ENCRYPTION
    { "DES_CFB64",	ENCTYPE_DES_CFB64,
			cfb64_encrypt,	
Beispiel #14
0
/*
 * This is called when an AUTH SEND is received.
 * It should never arrive on the server side (as only the server can
 * send an AUTH SEND).
 * You should probably respond to it if you can...
 *
 * If you want to respond to the types out of order (i.e. even
 * if he sends  LOGIN KERBEROS and you support both, you respond
 * with KERBEROS instead of LOGIN (which is against what the
 * protocol says)) you will have to hack this code...
 */
void
auth_send(unsigned char *data, int cnt)
{
	Authenticator *ap;
	static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION,
					    TELQUAL_IS, AUTHTYPE_NULL, 0,
					    IAC, SE };
	if (Server) {
		if (auth_debug_mode) {
			printf(">>>%s: auth_send called!\r\n", Name);
		}
		return;
	}

	if (auth_debug_mode) {
		printf(">>>%s: auth_send got:", Name);
		printd(data, cnt); printf("\r\n");
	}

	/*
	 * Save the data, if it is new, so that we can continue looking
	 * at it if the authorization we try doesn't work
	 */
	if (data < _auth_send_data ||
	    data > _auth_send_data + sizeof(_auth_send_data)) {
		auth_send_cnt = (size_t)cnt > sizeof(_auth_send_data)
					? sizeof(_auth_send_data)
					: cnt;
		memmove((void *)_auth_send_data, (void *)data, auth_send_cnt);
		auth_send_data = _auth_send_data;
	} else {
		/*
		 * This is probably a no-op, but we just make sure
		 */
		auth_send_data = data;
		auth_send_cnt = cnt;
	}
	while ((auth_send_cnt -= 2) >= 0) {
		if (auth_debug_mode)
			printf(">>>%s: He supports %d\r\n",
				Name, *auth_send_data);
		if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) {
			ap = findauthenticator(auth_send_data[0],
					       auth_send_data[1]);
			if (ap && ap->send) {
				if (auth_debug_mode)
					printf(">>>%s: Trying %d %d\r\n",
						Name, auth_send_data[0],
							auth_send_data[1]);
				if ((*ap->send)(ap)) {
					/*
					 * Okay, we found one we like
					 * and did it.
					 * we can go home now.
					 */
					if (auth_debug_mode)
						printf(">>>%s: Using type %d\r\n",
							Name, *auth_send_data);
					auth_send_data += 2;
					return;
				}
			}
			/* else
			 *	just continue on and look for the
			 *	next one if we didn't do anything.
			 */
		}
		auth_send_data += 2;
	}
	net_write(str_none, sizeof(str_none));
	printsub('>', &str_none[2], sizeof(str_none) - 2);
	if (auth_debug_mode)
		printf(">>>%s: Sent failure message\r\n", Name);
	auth_finished(0, AUTH_REJECT);
}
Beispiel #15
0
/*
 * This is called when an AUTH SEND is received.
 * It should never arrive on the server side (as only the server can
 * send an AUTH SEND).
 * You should probably respond to it if you can...
 *
 * If you want to respond to the types out of order (i.e. even
 * if he sends  LOGIN KERBEROS and you support both, you respond
 * with KERBEROS instead of LOGIN (which is against what the
 * protocol says)) you will have to hack this code...
 */
void
auth_send (unsigned char *data, int cnt)
{
  TN_Authenticator *ap;
  static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION,
    TELQUAL_IS, AUTHTYPE_NULL, 0,
    IAC, SE
  };
  if (Server)
    {
      if (auth_debug_mode)
	{
	  printf (">>>%s: auth_send called!\r\n", Name);
	}
      return;
    }

  if (auth_debug_mode)
    {
      printf (">>>%s: auth_send got:", Name);
      printd (data, cnt);
      printf ("\r\n");
    }

  /*
   * Save the data, if it is new, so that we can continue looking
   * at it if the authorization we try doesn't work
   */
  if (data < _auth_send_data ||
      data > _auth_send_data + sizeof (_auth_send_data))
    {
      auth_send_cnt = cnt > sizeof (_auth_send_data)
	? sizeof (_auth_send_data) : cnt;
      memmove ((void *) _auth_send_data, (void *) data, auth_send_cnt);
      auth_send_data = _auth_send_data;
    }
  else
    {
      /*
       * This is probably a no-op, but we just make sure
       */
      auth_send_data = data;
      auth_send_cnt = cnt;
    }
  while ((auth_send_cnt -= 2) >= 0)
    {
      if (auth_debug_mode)
	printf (">>>%s: He supports %s (%d) %s (%d)\r\n",
		Name, AUTHTYPE_NAME_OK (auth_send_data[0]) ?
		AUTHTYPE_NAME (auth_send_data[0]) :
		"unknown",
		auth_send_data[0],
		auth_send_data[1] &
		AUTH_HOW_MASK &
		AUTH_HOW_MUTUAL ? "MUTUAL" : "ONEWAY", auth_send_data[1]);
      if ((i_support & ~i_wont_support) & typemask (*auth_send_data))
	{
	  ap = findauthenticator (auth_send_data[0], auth_send_data[1]);
	  if (ap && ap->send)
	    {
	      if (auth_debug_mode)
		printf (">>>%s: Trying %s (%d) %s (%d)\r\n",
			Name,
			AUTHTYPE_NAME_OK (auth_send_data[0]) ?
			AUTHTYPE_NAME (auth_send_data[0]) :
			"unknown",
			auth_send_data[0],
			auth_send_data[1] &
			AUTH_HOW_MASK &
			AUTH_HOW_MUTUAL ?
			"MUTUAL" : "ONEWAY", auth_send_data[1]);
	      if ((*ap->send) (ap))
		{
		  /*
		   * Okay, we found one we like
		   * and did it.
		   * we can go home now.
		   */
		  if (auth_debug_mode)
		    printf (">>>%s: Using type %s (%d)\r\n",
			    Name,
			    AUTHTYPE_NAME_OK (*auth_send_data) ?
			    AUTHTYPE_NAME (*auth_send_data) :
			    "unknown", *auth_send_data);
		  auth_send_data += 2;
		  return;
		}
	    }
	  /* else
	   *      just continue on and look for the
	   *      next one if we didn't do anything.
	   */
	}
      auth_send_data += 2;
    }
  net_write (str_none, sizeof (str_none));
  printsub ('>', &str_none[2], sizeof (str_none) - 2);
  if (auth_debug_mode)
    printf (">>>%s: Sent failure message\r\n", Name);
  auth_finished (0, AUTH_REJECT);
# ifdef KANNAN
  /*
   *  We requested strong authentication, however no mechanisms worked.
   *  Therefore, exit on client end.
   */
  printf ("Unable to securely authenticate user ... exit\n");
  exit (EXIT_SUCCESS);
# endif	/* KANNAN */
}
Beispiel #16
0
int EncryptStopOutput(void);

int encrypt_debug_mode = 0;
static int decrypt_mode = 0;
static int encrypt_mode = 0;
static int encrypt_verbose = 0;
static int autoencrypt = 0;
static int autodecrypt = 0;
static int havesessionkey = 0;
static int Server = 0;
static const char *Name = "Noname";

#define	typemask(x)	((x) > 0 ? 1 << ((x)-1) : 0)

static u_long i_support_encrypt = 0
 | typemask(ENCTYPE_DES_CFB64) | typemask(ENCTYPE_DES_OFB64)
 |0;
static u_long i_support_decrypt = 0
 | typemask(ENCTYPE_DES_CFB64) | typemask(ENCTYPE_DES_OFB64)
 |0;

static u_long i_wont_support_encrypt = 0;
static u_long i_wont_support_decrypt = 0;
#define	I_SUPPORT_ENCRYPT	(i_support_encrypt & ~i_wont_support_encrypt)
#define	I_SUPPORT_DECRYPT	(i_support_decrypt & ~i_wont_support_decrypt)

static u_long remote_supports_encrypt = 0;
static u_long remote_supports_decrypt = 0;

static Encryptions encryptions[] = {
    { "DES_CFB64",	ENCTYPE_DES_CFB64,