1/* $FreeBSD: head/contrib/telnet/libtelnet/sra.c 76751 2001-05-17 16:28:11Z nsayer $ */
2
3#ifdef SRA
4#include <sys/types.h>
5#include <arpa/telnet.h>
6#include <stdio.h>
7#ifdef __STDC__
8#include <stdlib.h>
9#endif
10#ifdef NO_STRING_H
11#include <strings.h>
12#else
13#include <string.h>
14#endif
15
16#if !defined(NOPAM)
17#include <security/pam_appl.h>
18#endif
19
20#include <ttyent.h>
21
22#include "auth.h"
23#include "misc.h"
24#include "encrypt.h"
25#include "pk.h"
26
27char pka[HEXKEYBYTES+1], ska[HEXKEYBYTES+1], pkb[HEXKEYBYTES+1];
28char *user,*pass,*xuser,*xpass;
29DesData ck;
30IdeaData ik;
31
32extern int auth_debug_mode;
33extern char *line;
34
35static sra_valid = 0;
36static passwd_sent = 0;
37
38static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
39 AUTHTYPE_SRA, };
40
41#define SRA_KEY 0
42#define SRA_USER 1
43#define SRA_CONTINUE 2
44#define SRA_PASS 3
45#define SRA_ACCEPT 4
46#define SRA_REJECT 5
47
48/* support routine to send out authentication message */
49static int Data(ap, type, d, c)
50Authenticator *ap;
51int type;
52void *d;
53int c;
54{
55 unsigned char *p = str_data + 4;
56 unsigned char *cd = (unsigned char *)d;
57
58 if (c == -1)
59 c = strlen((char *)cd);
60
61 if (auth_debug_mode) {
--- 13 unchanged lines hidden (view full) ---
75 }
76 *p++ = IAC;
77 *p++ = SE;
78 if (str_data[3] == TELQUAL_IS)
79 printsub('>', &str_data[2], p - (&str_data[2]));
80 return(net_write(str_data, p - str_data));
81}
82
83int sra_init(ap, server)
84Authenticator *ap;
85int server;
86{
87 if (server)
88 str_data[3] = TELQUAL_REPLY;
89 else
90 str_data[3] = TELQUAL_IS;
91
92 user = (char *)malloc(256);
93 xuser = (char *)malloc(513);
--- 6 unchanged lines hidden (view full) ---
100
101 passwd_sent = 0;
102
103 genkeys(pka,ska);
104 return(1);
105}
106
107/* client received a go-ahead for sra */
108int sra_send(ap)
109Authenticator *ap;
110{
111 /* send PKA */
112
113 if (auth_debug_mode)
114 printf("Sent PKA to server.\r\n" );
115 printf("Trying SRA secure login:\r\n");
116 if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) {
117 if (auth_debug_mode)
118 printf("Not enough room for authentication data\r\n");
119 return(0);
120 }
121
122 return(1);
123}
124
125/* server received an IS -- could be SRA KEY, USER, or PASS */
126void sra_is(ap, data, cnt)
127Authenticator *ap;
128unsigned char *data;
129int cnt;
130{
131 int valid;
132 Session_Key skey;
133
134 if (cnt-- < 1)
135 goto bad;
136 switch (*data++) {
137
--- 74 unchanged lines hidden (view full) ---
212 printf("Unknown SRA option %d\r\n", data[-1]);
213 }
214bad:
215 Data(ap, SRA_REJECT, 0, 0);
216 sra_valid = 0;
217 auth_finished(ap, AUTH_REJECT);
218}
219
220extern char *getpass();
221
222/* client received REPLY -- could be SRA KEY, CONTINUE, ACCEPT, or REJECT */
223void sra_reply(ap, data, cnt)
224Authenticator *ap;
225unsigned char *data;
226int cnt;
227{
228 extern char *telnet_gets();
229 char uprompt[256],tuser[256];
230 Session_Key skey;
231 int i;
232
233 if (cnt-- < 1)
234 return;
--- 82 unchanged lines hidden (view full) ---
317 return;
318 default:
319 if (auth_debug_mode)
320 printf("Unknown SRA option %d\r\n", data[-1]);
321 return;
322 }
323}
324
325int sra_status(ap, name, level)
326Authenticator *ap;
327char *name;
328int level;
329{
330 if (level < AUTH_USER)
331 return(level);
332 if (UserNameRequested && sra_valid) {
333 strcpy(name, UserNameRequested);
334 return(AUTH_VALID);
335 } else
336 return(AUTH_USER);
337}
338
339#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
340#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
341
342void sra_printsub(data, cnt, buf, buflen)
343unsigned char *data, *buf;
344int cnt, buflen;
345{
346 char lbuf[32];
347 register int i;
348
349 buf[buflen-1] = '\0'; /* make sure its NULL terminated */
350 buflen -= 1;
351
352 switch(data[3]) {
--- 47 unchanged lines hidden (view full) ---
400}
401
402struct passwd *pw;
403
404/*
405 * Helper function for sgetpwnam().
406 */
407char *
408sgetsave(s)
409 char *s;
410{
411 char *new = malloc((unsigned) strlen(s) + 1);
412
413 if (new == NULL) {
414 return(NULL);
415 }
416 (void) strcpy(new, s);
417 return (new);
418}
419
420#include <pwd.h>
421#include <syslog.h>
422#ifdef USE_SHADOW
423#include <shadow.h>
424#endif
425
426
427struct passwd *
428sgetpwnam(name)
429 char *name;
430{
431 static struct passwd save;
432 register struct passwd *p;
433 char *sgetsave();
434
435 if ((p = getpwnam(name)) == NULL)
436 return (p);
437 if (save.pw_name) {
--- 22 unchanged lines hidden (view full) ---
460 free(save.pw_passwd);
461 save.pw_passwd = sgetsave(sp->sp_pwdp);
462 }
463#endif
464 return (&save);
465}
466
467static int
468isroot(user)
469char *user;
470{
471 struct passwd *pw;
472
473 if ((pw=getpwnam(user))==NULL)
474 return 0;
475 return (!pw->pw_uid);
476}
477
478static int
479rootterm(ttyn)
480char *ttyn;
481{
482 struct ttyent *t;
483
484 return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
485}
486
487#ifdef NOPAM
488char *crypt();
489
490int check_user(name, pass)
491char *name;
492char *pass;
493{
494 register char *cp;
495 char *xpasswd, *salt;
496
497 if (isroot(name) && !rootterm(line))
498 {
499 crypt("AA","*"); /* Waste some time to simulate success */
500 return(0);
--- 29 unchanged lines hidden (view full) ---
530#define COPY_STRING(s) (s ? strdup(s):NULL)
531
532struct cred_t {
533 const char *uname;
534 const char *pass;
535};
536typedef struct cred_t cred_t;
537
538auth_conv(int num_msg, const struct pam_message **msg,
539 struct pam_response **resp, void *appdata)
540{
541 int i;
542 cred_t *cred = (cred_t *) appdata;
543 struct pam_response *reply =
544 malloc(sizeof(struct pam_response) * num_msg);
545
--- 25 unchanged lines hidden (view full) ---
571
572 *resp = reply;
573 return PAM_SUCCESS;
574}
575
576/*
577 * The PAM version as a side effect may put a new username in *name.
578 */
579int check_user(const char *name, const char *pass)
580{
581 pam_handle_t *pamh = NULL;
582 const char *tmpl_user;
583 const void *item;
584 int rval;
585 int e;
586 cred_t auth_cred = { name, pass };
587 struct pam_conv conv = { &auth_conv, &auth_cred };
588
589 e = pam_start("telnetd", name, &conv, &pamh);
590 if (e != PAM_SUCCESS) {
--- 27 unchanged lines hidden (view full) ---
618 *
619 * This is supported by two various mechanisms in the
620 * individual modules. However, from the application's
621 * point of view, the template user is always passed
622 * back as a changed value of the PAM_USER item.
623 */
624 if ((e = pam_get_item(pamh, PAM_USER, &item)) ==
625 PAM_SUCCESS) {
626 strcpy(name, (const char *) item);
627 } else
628 syslog(LOG_ERR, "Couldn't get PAM_USER: %s",
629 pam_strerror(pamh, e));
630 if (isroot(name) && !rootterm(line))
631 rval = 0;
632 else
633 rval = 1;
634 break;
--- 24 unchanged lines hidden ---
2
3#ifdef SRA
4#include <sys/types.h>
5#include <arpa/telnet.h>
6#include <stdio.h>
7#ifdef __STDC__
8#include <stdlib.h>
9#endif
10#ifdef NO_STRING_H
11#include <strings.h>
12#else
13#include <string.h>
14#endif
15
16#if !defined(NOPAM)
17#include <security/pam_appl.h>
18#endif
19
20#include <ttyent.h>
21
22#include "auth.h"
23#include "misc.h"
24#include "encrypt.h"
25#include "pk.h"
26
27char pka[HEXKEYBYTES+1], ska[HEXKEYBYTES+1], pkb[HEXKEYBYTES+1];
28char *user,*pass,*xuser,*xpass;
29DesData ck;
30IdeaData ik;
31
32extern int auth_debug_mode;
33extern char *line;
34
35static sra_valid = 0;
36static passwd_sent = 0;
37
38static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
39 AUTHTYPE_SRA, };
40
41#define SRA_KEY 0
42#define SRA_USER 1
43#define SRA_CONTINUE 2
44#define SRA_PASS 3
45#define SRA_ACCEPT 4
46#define SRA_REJECT 5
47
48/* support routine to send out authentication message */
49static int Data(ap, type, d, c)
50Authenticator *ap;
51int type;
52void *d;
53int c;
54{
55 unsigned char *p = str_data + 4;
56 unsigned char *cd = (unsigned char *)d;
57
58 if (c == -1)
59 c = strlen((char *)cd);
60
61 if (auth_debug_mode) {
--- 13 unchanged lines hidden (view full) ---
75 }
76 *p++ = IAC;
77 *p++ = SE;
78 if (str_data[3] == TELQUAL_IS)
79 printsub('>', &str_data[2], p - (&str_data[2]));
80 return(net_write(str_data, p - str_data));
81}
82
83int sra_init(ap, server)
84Authenticator *ap;
85int server;
86{
87 if (server)
88 str_data[3] = TELQUAL_REPLY;
89 else
90 str_data[3] = TELQUAL_IS;
91
92 user = (char *)malloc(256);
93 xuser = (char *)malloc(513);
--- 6 unchanged lines hidden (view full) ---
100
101 passwd_sent = 0;
102
103 genkeys(pka,ska);
104 return(1);
105}
106
107/* client received a go-ahead for sra */
108int sra_send(ap)
109Authenticator *ap;
110{
111 /* send PKA */
112
113 if (auth_debug_mode)
114 printf("Sent PKA to server.\r\n" );
115 printf("Trying SRA secure login:\r\n");
116 if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) {
117 if (auth_debug_mode)
118 printf("Not enough room for authentication data\r\n");
119 return(0);
120 }
121
122 return(1);
123}
124
125/* server received an IS -- could be SRA KEY, USER, or PASS */
126void sra_is(ap, data, cnt)
127Authenticator *ap;
128unsigned char *data;
129int cnt;
130{
131 int valid;
132 Session_Key skey;
133
134 if (cnt-- < 1)
135 goto bad;
136 switch (*data++) {
137
--- 74 unchanged lines hidden (view full) ---
212 printf("Unknown SRA option %d\r\n", data[-1]);
213 }
214bad:
215 Data(ap, SRA_REJECT, 0, 0);
216 sra_valid = 0;
217 auth_finished(ap, AUTH_REJECT);
218}
219
220extern char *getpass();
221
222/* client received REPLY -- could be SRA KEY, CONTINUE, ACCEPT, or REJECT */
223void sra_reply(ap, data, cnt)
224Authenticator *ap;
225unsigned char *data;
226int cnt;
227{
228 extern char *telnet_gets();
229 char uprompt[256],tuser[256];
230 Session_Key skey;
231 int i;
232
233 if (cnt-- < 1)
234 return;
--- 82 unchanged lines hidden (view full) ---
317 return;
318 default:
319 if (auth_debug_mode)
320 printf("Unknown SRA option %d\r\n", data[-1]);
321 return;
322 }
323}
324
325int sra_status(ap, name, level)
326Authenticator *ap;
327char *name;
328int level;
329{
330 if (level < AUTH_USER)
331 return(level);
332 if (UserNameRequested && sra_valid) {
333 strcpy(name, UserNameRequested);
334 return(AUTH_VALID);
335 } else
336 return(AUTH_USER);
337}
338
339#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
340#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
341
342void sra_printsub(data, cnt, buf, buflen)
343unsigned char *data, *buf;
344int cnt, buflen;
345{
346 char lbuf[32];
347 register int i;
348
349 buf[buflen-1] = '\0'; /* make sure its NULL terminated */
350 buflen -= 1;
351
352 switch(data[3]) {
--- 47 unchanged lines hidden (view full) ---
400}
401
402struct passwd *pw;
403
404/*
405 * Helper function for sgetpwnam().
406 */
407char *
408sgetsave(s)
409 char *s;
410{
411 char *new = malloc((unsigned) strlen(s) + 1);
412
413 if (new == NULL) {
414 return(NULL);
415 }
416 (void) strcpy(new, s);
417 return (new);
418}
419
420#include <pwd.h>
421#include <syslog.h>
422#ifdef USE_SHADOW
423#include <shadow.h>
424#endif
425
426
427struct passwd *
428sgetpwnam(name)
429 char *name;
430{
431 static struct passwd save;
432 register struct passwd *p;
433 char *sgetsave();
434
435 if ((p = getpwnam(name)) == NULL)
436 return (p);
437 if (save.pw_name) {
--- 22 unchanged lines hidden (view full) ---
460 free(save.pw_passwd);
461 save.pw_passwd = sgetsave(sp->sp_pwdp);
462 }
463#endif
464 return (&save);
465}
466
467static int
468isroot(user)
469char *user;
470{
471 struct passwd *pw;
472
473 if ((pw=getpwnam(user))==NULL)
474 return 0;
475 return (!pw->pw_uid);
476}
477
478static int
479rootterm(ttyn)
480char *ttyn;
481{
482 struct ttyent *t;
483
484 return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
485}
486
487#ifdef NOPAM
488char *crypt();
489
490int check_user(name, pass)
491char *name;
492char *pass;
493{
494 register char *cp;
495 char *xpasswd, *salt;
496
497 if (isroot(name) && !rootterm(line))
498 {
499 crypt("AA","*"); /* Waste some time to simulate success */
500 return(0);
--- 29 unchanged lines hidden (view full) ---
530#define COPY_STRING(s) (s ? strdup(s):NULL)
531
532struct cred_t {
533 const char *uname;
534 const char *pass;
535};
536typedef struct cred_t cred_t;
537
538auth_conv(int num_msg, const struct pam_message **msg,
539 struct pam_response **resp, void *appdata)
540{
541 int i;
542 cred_t *cred = (cred_t *) appdata;
543 struct pam_response *reply =
544 malloc(sizeof(struct pam_response) * num_msg);
545
--- 25 unchanged lines hidden (view full) ---
571
572 *resp = reply;
573 return PAM_SUCCESS;
574}
575
576/*
577 * The PAM version as a side effect may put a new username in *name.
578 */
579int check_user(const char *name, const char *pass)
580{
581 pam_handle_t *pamh = NULL;
582 const char *tmpl_user;
583 const void *item;
584 int rval;
585 int e;
586 cred_t auth_cred = { name, pass };
587 struct pam_conv conv = { &auth_conv, &auth_cred };
588
589 e = pam_start("telnetd", name, &conv, &pamh);
590 if (e != PAM_SUCCESS) {
--- 27 unchanged lines hidden (view full) ---
618 *
619 * This is supported by two various mechanisms in the
620 * individual modules. However, from the application's
621 * point of view, the template user is always passed
622 * back as a changed value of the PAM_USER item.
623 */
624 if ((e = pam_get_item(pamh, PAM_USER, &item)) ==
625 PAM_SUCCESS) {
626 strcpy(name, (const char *) item);
627 } else
628 syslog(LOG_ERR, "Couldn't get PAM_USER: %s",
629 pam_strerror(pamh, e));
630 if (isroot(name) && !rootterm(line))
631 rval = 0;
632 else
633 rval = 1;
634 break;
--- 24 unchanged lines hidden ---