void kerberos4_reply(Authenticator *ap, unsigned char *data, int cnt) { Session_Key skey; if (cnt-- < 1) return; switch (*data++) { case KRB_REJECT: if(auth_done){ /* XXX Ick! */ printf("[ Kerberos V4 received unknown opcode ]\r\n"); }else{ printf("[ Kerberos V4 refuses authentication "); if (cnt > 0) printf("because %.*s ", cnt, data); printf("]\r\n"); auth_send_retry(); } return; case KRB_ACCEPT: printf("[ Kerberos V4 accepts you ]\r\n"); auth_done = 1; if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { /* * Send over the encrypted challenge. */ Data(ap, KRB_CHALLENGE, session_key, sizeof(session_key)); des_ecb_encrypt(&session_key, &session_key, sched, 1); skey.type = SK_DES; skey.length = 8; skey.data = session_key; encrypt_session_key(&skey, 0); #if 0 kerberos4_forward(ap); #endif return; } auth_finished(ap, AUTH_USER); return; case KRB_RESPONSE: /* make sure the response is correct */ if ((cnt != sizeof(des_cblock)) || (memcmp(data, challenge, sizeof(challenge)))){ printf("[ Kerberos V4 challenge failed!!! ]\r\n"); auth_send_retry(); return; } printf("[ Kerberos V4 challenge successful ]\r\n"); auth_finished(ap, AUTH_USER); break; case KRB_FORWARD_ACCEPT: printf("[ Kerberos V4 accepted forwarded credentials ]\r\n"); break; case KRB_FORWARD_REJECT: printf("[ Kerberos V4 rejected forwarded credentials: `%.*s']\r\n", cnt, data); break; default: if (auth_debug_mode) printf("Unknown Kerberos option %d\r\n", data[-1]); return; } }
void kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt) { static int mutual_complete = 0; if (cnt-- < 1) return; switch (*data++) { case KRB_REJECT: if (cnt > 0) { printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n", cnt, data); } else printf("[ Kerberos V5 refuses authentication ]\r\n"); auth_send_retry(); return; case KRB_ACCEPT: { krb5_error_code ret; Session_Key skey; krb5_keyblock *keyblock; if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL && !mutual_complete) { printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n"); auth_send_retry(); return; } if (cnt) printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data); else printf("[ Kerberos V5 accepts you ]\r\n"); ret = krb5_auth_con_getlocalsubkey (context, auth_context, &keyblock); if (ret) ret = krb5_auth_con_getkey (context, auth_context, &keyblock); if(ret) { printf("[ krb5_auth_con_getkey: %s ]\r\n", krb5_get_err_text(context, ret)); auth_send_retry(); return; } skey.type = SK_DES; skey.length = 8; skey.data = keyblock->keyvalue.data; encrypt_session_key(&skey, 0); krb5_free_keyblock_contents (context, keyblock); auth_finished(ap, AUTH_USER); #ifdef FORWARD if (forward_flags & OPTS_FORWARD_CREDS) kerberos5_forward(ap); #endif /* FORWARD */ break; } case KRB_RESPONSE: if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { /* the rest of the reply should contain a krb_ap_rep */ krb5_ap_rep_enc_part *reply; krb5_data inbuf; krb5_error_code ret; inbuf.length = cnt; inbuf.data = (char *)data; ret = krb5_rd_rep(context, auth_context, &inbuf, &reply); if (ret) { printf("[ Mutual authentication failed: %s ]\r\n", krb5_get_err_text (context, ret)); auth_send_retry(); return; } krb5_free_ap_rep_enc_part(context, reply); mutual_complete = 1; } return; #ifdef FORWARD case KRB_FORWARD_ACCEPT: printf("[ Kerberos V5 accepted forwarded credentials ]\r\n"); return; case KRB_FORWARD_REJECT: printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n", cnt, data); return; #endif /* FORWARD */ default: if (auth_debug_mode) printf("Unknown Kerberos option %d\r\n", data[-1]); return; } }
void kerberos5_reply (TN_Authenticator * ap, unsigned char *data, int cnt) { # ifdef ENCRYPTION Session_Key skey; # endif static int mutual_complete = 0; if (cnt-- < 1) return; switch (*data++) { case KRB_REJECT: if (cnt > 0) printf ("[ Kerberos V5 refuses authentication because %.*s ]\r\n", cnt, data); else printf ("[ Kerberos V5 refuses authentication ]\r\n"); auth_send_retry (); return; case KRB_ACCEPT: if (!mutual_complete) { if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { printf ("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n"); auth_send_retry (); break; } telnet_encrypt_key (&skey); } if (cnt) printf ("[ Kerberos V5 accepts you as ``%.*s''%s ]\r\n", cnt, data, mutual_complete ? " (server authenticated)" : " (server NOT authenticated)"); else printf ("[ Kerberos V5 accepts you ]\r\n"); auth_finished (ap, AUTH_USER); # ifdef FORWARD if (forward_flags & OPTS_FORWARD_CREDS) kerberos5_forward (ap); # endif break; case KRB_RESPONSE: if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { krb5_ap_rep_enc_part *reply; krb5_data inbuf; krb5_error_code r; inbuf.length = cnt; inbuf.data = (char *) data; if ((r = krb5_rd_rep (telnet_context, auth_context, &inbuf, &reply))) { printf ("[ Mutual authentication failed: %s ]\r\n", error_message (r)); auth_send_retry (); break; } krb5_free_ap_rep_enc_part (telnet_context, reply); telnet_encrypt_key (&skey); mutual_complete = 1; } break; # ifdef FORWARD case KRB_FORWARD_ACCEPT: printf ("[ Kerberos V5 accepted forwarded credentials ]\r\n"); break; case KRB_FORWARD_REJECT: printf ("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n", cnt, data); break; # endif /* FORWARD */ default: DEBUG (("Unknown Kerberos option %d\r\n", data[-1])); } }