1/* $FreeBSD: head/contrib/telnet/libtelnet/sra.c 76751 2001-05-17 16:28:11Z nsayer $ */
| 1/* $FreeBSD: head/contrib/telnet/libtelnet/sra.c 81965 2001-08-20 12:28:40Z markm $ */
|
2 3#ifdef SRA 4#include <sys/types.h> 5#include <arpa/telnet.h> 6#include <stdio.h> 7#ifdef __STDC__ 8#include <stdlib.h> 9#endif 10#ifdef NO_STRING_H 11#include <strings.h> 12#else 13#include <string.h> 14#endif 15 16#if !defined(NOPAM) 17#include <security/pam_appl.h>
| 2 3#ifdef SRA 4#include <sys/types.h> 5#include <arpa/telnet.h> 6#include <stdio.h> 7#ifdef __STDC__ 8#include <stdlib.h> 9#endif 10#ifdef NO_STRING_H 11#include <strings.h> 12#else 13#include <string.h> 14#endif 15 16#if !defined(NOPAM) 17#include <security/pam_appl.h>
|
| 18#else 19#include <unistd.h>
|
18#endif 19
| 20#endif 21
|
| 22#include <pwd.h> 23#include <syslog.h>
|
20#include <ttyent.h> 21 22#include "auth.h" 23#include "misc.h" 24#include "encrypt.h" 25#include "pk.h" 26 27char pka[HEXKEYBYTES+1], ska[HEXKEYBYTES+1], pkb[HEXKEYBYTES+1]; 28char *user,*pass,*xuser,*xpass; 29DesData ck; 30IdeaData ik; 31 32extern int auth_debug_mode; 33extern char *line; 34
| 24#include <ttyent.h> 25 26#include "auth.h" 27#include "misc.h" 28#include "encrypt.h" 29#include "pk.h" 30 31char pka[HEXKEYBYTES+1], ska[HEXKEYBYTES+1], pkb[HEXKEYBYTES+1]; 32char *user,*pass,*xuser,*xpass; 33DesData ck; 34IdeaData ik; 35 36extern int auth_debug_mode; 37extern char *line; 38
|
35static sra_valid = 0; 36static passwd_sent = 0;
| 39static int sra_valid = 0; 40static int passwd_sent = 0;
|
37 38static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, 39 AUTHTYPE_SRA, }; 40 41#define SRA_KEY 0 42#define SRA_USER 1 43#define SRA_CONTINUE 2 44#define SRA_PASS 3 45#define SRA_ACCEPT 4 46#define SRA_REJECT 5 47
| 41 42static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, 43 AUTHTYPE_SRA, }; 44 45#define SRA_KEY 0 46#define SRA_USER 1 47#define SRA_CONTINUE 2 48#define SRA_PASS 3 49#define SRA_ACCEPT 4 50#define SRA_REJECT 5 51
|
| 52static int check_user(const char *, const char *); 53
|
48/* support routine to send out authentication message */
| 54/* support routine to send out authentication message */
|
49static int Data(ap, type, d, c) 50Authenticator *ap; 51int type; 52void *d; 53int c;
| 55static int 56Data(Authenticator *ap, int type, void *d, int c)
|
54{ 55 unsigned char *p = str_data + 4; 56 unsigned char *cd = (unsigned char *)d; 57 58 if (c == -1) 59 c = strlen((char *)cd); 60 61 if (auth_debug_mode) { 62 printf("%s:%d: [%d] (%d)", 63 str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", 64 str_data[3], 65 type, c); 66 printd(d, c); 67 printf("\r\n"); 68 } 69 *p++ = ap->type; 70 *p++ = ap->way; 71 *p++ = type; 72 while (c-- > 0) { 73 if ((*p++ = *cd++) == IAC) 74 *p++ = IAC; 75 } 76 *p++ = IAC; 77 *p++ = SE; 78 if (str_data[3] == TELQUAL_IS) 79 printsub('>', &str_data[2], p - (&str_data[2])); 80 return(net_write(str_data, p - str_data)); 81} 82
| 57{ 58 unsigned char *p = str_data + 4; 59 unsigned char *cd = (unsigned char *)d; 60 61 if (c == -1) 62 c = strlen((char *)cd); 63 64 if (auth_debug_mode) { 65 printf("%s:%d: [%d] (%d)", 66 str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", 67 str_data[3], 68 type, c); 69 printd(d, c); 70 printf("\r\n"); 71 } 72 *p++ = ap->type; 73 *p++ = ap->way; 74 *p++ = type; 75 while (c-- > 0) { 76 if ((*p++ = *cd++) == IAC) 77 *p++ = IAC; 78 } 79 *p++ = IAC; 80 *p++ = SE; 81 if (str_data[3] == TELQUAL_IS) 82 printsub('>', &str_data[2], p - (&str_data[2])); 83 return(net_write(str_data, p - str_data)); 84} 85
|
83int sra_init(ap, server) 84Authenticator *ap; 85int server;
| 86int 87sra_init(Authenticator *ap, int server)
|
86{ 87 if (server) 88 str_data[3] = TELQUAL_REPLY; 89 else 90 str_data[3] = TELQUAL_IS; 91 92 user = (char *)malloc(256); 93 xuser = (char *)malloc(513); 94 pass = (char *)malloc(256); 95 xpass = (char *)malloc(513); 96 97 if (user == NULL || xuser == NULL || pass == NULL || xpass == 98 NULL) 99 return 0; /* malloc failed */ 100 101 passwd_sent = 0; 102 103 genkeys(pka,ska); 104 return(1); 105} 106 107/* client received a go-ahead for sra */
| 88{ 89 if (server) 90 str_data[3] = TELQUAL_REPLY; 91 else 92 str_data[3] = TELQUAL_IS; 93 94 user = (char *)malloc(256); 95 xuser = (char *)malloc(513); 96 pass = (char *)malloc(256); 97 xpass = (char *)malloc(513); 98 99 if (user == NULL || xuser == NULL || pass == NULL || xpass == 100 NULL) 101 return 0; /* malloc failed */ 102 103 passwd_sent = 0; 104 105 genkeys(pka,ska); 106 return(1); 107} 108 109/* client received a go-ahead for sra */
|
108int sra_send(ap) 109Authenticator *ap;
| 110int 111sra_send(Authenticator *ap)
|
110{ 111 /* send PKA */ 112 113 if (auth_debug_mode) 114 printf("Sent PKA to server.\r\n" ); 115 printf("Trying SRA secure login:\r\n"); 116 if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) { 117 if (auth_debug_mode) 118 printf("Not enough room for authentication data\r\n"); 119 return(0); 120 } 121 122 return(1); 123} 124 125/* server received an IS -- could be SRA KEY, USER, or PASS */
| 112{ 113 /* send PKA */ 114 115 if (auth_debug_mode) 116 printf("Sent PKA to server.\r\n" ); 117 printf("Trying SRA secure login:\r\n"); 118 if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) { 119 if (auth_debug_mode) 120 printf("Not enough room for authentication data\r\n"); 121 return(0); 122 } 123 124 return(1); 125} 126 127/* server received an IS -- could be SRA KEY, USER, or PASS */
|
126void sra_is(ap, data, cnt) 127Authenticator *ap; 128unsigned char *data; 129int cnt;
| 128void 129sra_is(Authenticator *ap, unsigned char *data, int cnt)
|
130{ 131 int valid; 132 Session_Key skey; 133 134 if (cnt-- < 1) 135 goto bad; 136 switch (*data++) { 137 138 case SRA_KEY: 139 if (cnt < HEXKEYBYTES) { 140 Data(ap, SRA_REJECT, (void *)0, 0); 141 auth_finished(ap, AUTH_USER); 142 if (auth_debug_mode) { 143 printf("SRA user rejected for bad PKB\r\n"); 144 } 145 return; 146 } 147 if (auth_debug_mode) 148 printf("Sent pka\r\n"); 149 if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) { 150 if (auth_debug_mode) 151 printf("Not enough room\r\n"); 152 return; 153 } 154 memcpy(pkb,data,HEXKEYBYTES); 155 pkb[HEXKEYBYTES] = '\0'; 156 common_key(ska,pkb,&ik,&ck); 157 return; 158 159 case SRA_USER: 160 /* decode KAB(u) */ 161 if (cnt > 512) /* Attempted buffer overflow */ 162 break; 163 memcpy(xuser,data,cnt); 164 xuser[cnt] = '\0'; 165 pk_decode(xuser,user,&ck); 166 auth_encrypt_user(user); 167 Data(ap, SRA_CONTINUE, (void *)0, 0); 168 169 return; 170 171 case SRA_PASS: 172 if (cnt > 512) /* Attempted buffer overflow */ 173 break; 174 /* decode KAB(P) */ 175 memcpy(xpass,data,cnt); 176 xpass[cnt] = '\0'; 177 pk_decode(xpass,pass,&ck); 178 179 /* check user's password */ 180 valid = check_user(user,pass); 181 182 if(valid) { 183 Data(ap, SRA_ACCEPT, (void *)0, 0); 184#ifdef DES_ENCRYPTION 185 skey.data = ck; 186 skey.type = SK_DES; 187 skey.length = 8; 188 encrypt_session_key(&skey, 1); 189#endif 190 191 sra_valid = 1; 192 auth_finished(ap, AUTH_VALID); 193 if (auth_debug_mode) { 194 printf("SRA user accepted\r\n"); 195 } 196 } 197 else { 198 Data(ap, SRA_CONTINUE, (void *)0, 0); 199/* 200 Data(ap, SRA_REJECT, (void *)0, 0); 201 sra_valid = 0; 202 auth_finished(ap, AUTH_REJECT); 203*/ 204 if (auth_debug_mode) { 205 printf("SRA user failed\r\n"); 206 } 207 } 208 return; 209 210 default: 211 if (auth_debug_mode) 212 printf("Unknown SRA option %d\r\n", data[-1]); 213 } 214bad: 215 Data(ap, SRA_REJECT, 0, 0); 216 sra_valid = 0; 217 auth_finished(ap, AUTH_REJECT); 218} 219
| 130{ 131 int valid; 132 Session_Key skey; 133 134 if (cnt-- < 1) 135 goto bad; 136 switch (*data++) { 137 138 case SRA_KEY: 139 if (cnt < HEXKEYBYTES) { 140 Data(ap, SRA_REJECT, (void *)0, 0); 141 auth_finished(ap, AUTH_USER); 142 if (auth_debug_mode) { 143 printf("SRA user rejected for bad PKB\r\n"); 144 } 145 return; 146 } 147 if (auth_debug_mode) 148 printf("Sent pka\r\n"); 149 if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) { 150 if (auth_debug_mode) 151 printf("Not enough room\r\n"); 152 return; 153 } 154 memcpy(pkb,data,HEXKEYBYTES); 155 pkb[HEXKEYBYTES] = '\0'; 156 common_key(ska,pkb,&ik,&ck); 157 return; 158 159 case SRA_USER: 160 /* decode KAB(u) */ 161 if (cnt > 512) /* Attempted buffer overflow */ 162 break; 163 memcpy(xuser,data,cnt); 164 xuser[cnt] = '\0'; 165 pk_decode(xuser,user,&ck); 166 auth_encrypt_user(user); 167 Data(ap, SRA_CONTINUE, (void *)0, 0); 168 169 return; 170 171 case SRA_PASS: 172 if (cnt > 512) /* Attempted buffer overflow */ 173 break; 174 /* decode KAB(P) */ 175 memcpy(xpass,data,cnt); 176 xpass[cnt] = '\0'; 177 pk_decode(xpass,pass,&ck); 178 179 /* check user's password */ 180 valid = check_user(user,pass); 181 182 if(valid) { 183 Data(ap, SRA_ACCEPT, (void *)0, 0); 184#ifdef DES_ENCRYPTION 185 skey.data = ck; 186 skey.type = SK_DES; 187 skey.length = 8; 188 encrypt_session_key(&skey, 1); 189#endif 190 191 sra_valid = 1; 192 auth_finished(ap, AUTH_VALID); 193 if (auth_debug_mode) { 194 printf("SRA user accepted\r\n"); 195 } 196 } 197 else { 198 Data(ap, SRA_CONTINUE, (void *)0, 0); 199/* 200 Data(ap, SRA_REJECT, (void *)0, 0); 201 sra_valid = 0; 202 auth_finished(ap, AUTH_REJECT); 203*/ 204 if (auth_debug_mode) { 205 printf("SRA user failed\r\n"); 206 } 207 } 208 return; 209 210 default: 211 if (auth_debug_mode) 212 printf("Unknown SRA option %d\r\n", data[-1]); 213 } 214bad: 215 Data(ap, SRA_REJECT, 0, 0); 216 sra_valid = 0; 217 auth_finished(ap, AUTH_REJECT); 218} 219
|
220extern char *getpass(); 221
| |
222/* client received REPLY -- could be SRA KEY, CONTINUE, ACCEPT, or REJECT */
| 220/* client received REPLY -- could be SRA KEY, CONTINUE, ACCEPT, or REJECT */
|
223void sra_reply(ap, data, cnt) 224Authenticator *ap; 225unsigned char *data; 226int cnt;
| 221void 222sra_reply(Authenticator *ap, unsigned char *data, int cnt)
|
227{ 228 extern char *telnet_gets(); 229 char uprompt[256],tuser[256]; 230 Session_Key skey; 231 int i; 232 233 if (cnt-- < 1) 234 return; 235 switch (*data++) { 236 237 case SRA_KEY: 238 /* calculate common key */ 239 if (cnt < HEXKEYBYTES) { 240 if (auth_debug_mode) { 241 printf("SRA user rejected for bad PKB\r\n"); 242 } 243 return; 244 } 245 memcpy(pkb,data,HEXKEYBYTES); 246 pkb[HEXKEYBYTES] = '\0'; 247 248 common_key(ska,pkb,&ik,&ck); 249 250 enc_user: 251 252 /* encode user */ 253 memset(tuser,0,sizeof(tuser)); 254 sprintf(uprompt,"User (%s): ",UserNameRequested); 255 telnet_gets(uprompt,tuser,255,1); 256 if (tuser[0] == '\n' || tuser[0] == '\r' ) 257 strcpy(user,UserNameRequested); 258 else { 259 /* telnet_gets leaves the newline on */ 260 for(i=0;i<sizeof(tuser);i++) { 261 if (tuser[i] == '\n') { 262 tuser[i] = '\0'; 263 break; 264 } 265 } 266 strcpy(user,tuser); 267 } 268 pk_encode(user,xuser,&ck); 269 270 /* send it off */ 271 if (auth_debug_mode) 272 printf("Sent KAB(U)\r\n"); 273 if (!Data(ap, SRA_USER, (void *)xuser, strlen(xuser))) { 274 if (auth_debug_mode) 275 printf("Not enough room\r\n"); 276 return; 277 } 278 break; 279 280 case SRA_CONTINUE: 281 if (passwd_sent) { 282 passwd_sent = 0; 283 printf("[ SRA login failed ]\r\n"); 284 goto enc_user; 285 } 286 /* encode password */ 287 memset(pass,0,sizeof(pass)); 288 telnet_gets("Password: ",pass,255,0); 289 pk_encode(pass,xpass,&ck); 290 /* send it off */ 291 if (auth_debug_mode) 292 printf("Sent KAB(P)\r\n"); 293 if (!Data(ap, SRA_PASS, (void *)xpass, strlen(xpass))) { 294 if (auth_debug_mode) 295 printf("Not enough room\r\n"); 296 return; 297 } 298 passwd_sent = 1; 299 break; 300 301 case SRA_REJECT: 302 printf("[ SRA refuses authentication ]\r\n"); 303 printf("Trying plaintext login:\r\n"); 304 auth_finished(0,AUTH_REJECT); 305 return; 306 307 case SRA_ACCEPT: 308 printf("[ SRA accepts you ]\r\n"); 309#ifdef DES_ENCRYPTION 310 skey.data = ck; 311 skey.type = SK_DES; 312 skey.length = 8; 313 encrypt_session_key(&skey, 0); 314#endif 315 316 auth_finished(ap, AUTH_VALID); 317 return; 318 default: 319 if (auth_debug_mode) 320 printf("Unknown SRA option %d\r\n", data[-1]); 321 return; 322 } 323} 324
| 223{ 224 extern char *telnet_gets(); 225 char uprompt[256],tuser[256]; 226 Session_Key skey; 227 int i; 228 229 if (cnt-- < 1) 230 return; 231 switch (*data++) { 232 233 case SRA_KEY: 234 /* calculate common key */ 235 if (cnt < HEXKEYBYTES) { 236 if (auth_debug_mode) { 237 printf("SRA user rejected for bad PKB\r\n"); 238 } 239 return; 240 } 241 memcpy(pkb,data,HEXKEYBYTES); 242 pkb[HEXKEYBYTES] = '\0'; 243 244 common_key(ska,pkb,&ik,&ck); 245 246 enc_user: 247 248 /* encode user */ 249 memset(tuser,0,sizeof(tuser)); 250 sprintf(uprompt,"User (%s): ",UserNameRequested); 251 telnet_gets(uprompt,tuser,255,1); 252 if (tuser[0] == '\n' || tuser[0] == '\r' ) 253 strcpy(user,UserNameRequested); 254 else { 255 /* telnet_gets leaves the newline on */ 256 for(i=0;i<sizeof(tuser);i++) { 257 if (tuser[i] == '\n') { 258 tuser[i] = '\0'; 259 break; 260 } 261 } 262 strcpy(user,tuser); 263 } 264 pk_encode(user,xuser,&ck); 265 266 /* send it off */ 267 if (auth_debug_mode) 268 printf("Sent KAB(U)\r\n"); 269 if (!Data(ap, SRA_USER, (void *)xuser, strlen(xuser))) { 270 if (auth_debug_mode) 271 printf("Not enough room\r\n"); 272 return; 273 } 274 break; 275 276 case SRA_CONTINUE: 277 if (passwd_sent) { 278 passwd_sent = 0; 279 printf("[ SRA login failed ]\r\n"); 280 goto enc_user; 281 } 282 /* encode password */ 283 memset(pass,0,sizeof(pass)); 284 telnet_gets("Password: ",pass,255,0); 285 pk_encode(pass,xpass,&ck); 286 /* send it off */ 287 if (auth_debug_mode) 288 printf("Sent KAB(P)\r\n"); 289 if (!Data(ap, SRA_PASS, (void *)xpass, strlen(xpass))) { 290 if (auth_debug_mode) 291 printf("Not enough room\r\n"); 292 return; 293 } 294 passwd_sent = 1; 295 break; 296 297 case SRA_REJECT: 298 printf("[ SRA refuses authentication ]\r\n"); 299 printf("Trying plaintext login:\r\n"); 300 auth_finished(0,AUTH_REJECT); 301 return; 302 303 case SRA_ACCEPT: 304 printf("[ SRA accepts you ]\r\n"); 305#ifdef DES_ENCRYPTION 306 skey.data = ck; 307 skey.type = SK_DES; 308 skey.length = 8; 309 encrypt_session_key(&skey, 0); 310#endif 311 312 auth_finished(ap, AUTH_VALID); 313 return; 314 default: 315 if (auth_debug_mode) 316 printf("Unknown SRA option %d\r\n", data[-1]); 317 return; 318 } 319} 320
|
325int sra_status(ap, name, level) 326Authenticator *ap; 327char *name; 328int level;
| 321int 322sra_status(Authenticator *ap, char *name, int level)
|
329{ 330 if (level < AUTH_USER) 331 return(level); 332 if (UserNameRequested && sra_valid) { 333 strcpy(name, UserNameRequested); 334 return(AUTH_VALID); 335 } else 336 return(AUTH_USER); 337} 338 339#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} 340#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} 341
| 323{ 324 if (level < AUTH_USER) 325 return(level); 326 if (UserNameRequested && sra_valid) { 327 strcpy(name, UserNameRequested); 328 return(AUTH_VALID); 329 } else 330 return(AUTH_USER); 331} 332 333#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} 334#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} 335
|
342void sra_printsub(data, cnt, buf, buflen) 343unsigned char *data, *buf; 344int cnt, buflen;
| 336void 337sra_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
|
345{ 346 char lbuf[32]; 347 register int i; 348 349 buf[buflen-1] = '\0'; /* make sure its NULL terminated */ 350 buflen -= 1; 351 352 switch(data[3]) { 353 354 case SRA_CONTINUE: 355 strncpy((char *)buf, " CONTINUE ", buflen); 356 goto common; 357 358 case SRA_REJECT: /* Rejected (reason might follow) */ 359 strncpy((char *)buf, " REJECT ", buflen); 360 goto common; 361 362 case SRA_ACCEPT: /* Accepted (name might follow) */ 363 strncpy((char *)buf, " ACCEPT ", buflen); 364 365 common: 366 BUMP(buf, buflen); 367 if (cnt <= 4) 368 break; 369 ADDC(buf, buflen, '"'); 370 for (i = 4; i < cnt; i++) 371 ADDC(buf, buflen, data[i]); 372 ADDC(buf, buflen, '"'); 373 ADDC(buf, buflen, '\0'); 374 break; 375 376 case SRA_KEY: /* Authentication data follows */ 377 strncpy((char *)buf, " KEY ", buflen); 378 goto common2; 379 380 case SRA_USER: 381 strncpy((char *)buf, " USER ", buflen); 382 goto common2; 383 384 case SRA_PASS: 385 strncpy((char *)buf, " PASS ", buflen); 386 goto common2; 387 388 default: 389 sprintf(lbuf, " %d (unknown)", data[3]); 390 strncpy((char *)buf, lbuf, buflen); 391 common2: 392 BUMP(buf, buflen); 393 for (i = 4; i < cnt; i++) { 394 sprintf(lbuf, " %d", data[i]); 395 strncpy((char *)buf, lbuf, buflen); 396 BUMP(buf, buflen); 397 } 398 break; 399 } 400} 401 402struct passwd *pw; 403 404/* 405 * Helper function for sgetpwnam(). 406 */ 407char *
| 338{ 339 char lbuf[32]; 340 register int i; 341 342 buf[buflen-1] = '\0'; /* make sure its NULL terminated */ 343 buflen -= 1; 344 345 switch(data[3]) { 346 347 case SRA_CONTINUE: 348 strncpy((char *)buf, " CONTINUE ", buflen); 349 goto common; 350 351 case SRA_REJECT: /* Rejected (reason might follow) */ 352 strncpy((char *)buf, " REJECT ", buflen); 353 goto common; 354 355 case SRA_ACCEPT: /* Accepted (name might follow) */ 356 strncpy((char *)buf, " ACCEPT ", buflen); 357 358 common: 359 BUMP(buf, buflen); 360 if (cnt <= 4) 361 break; 362 ADDC(buf, buflen, '"'); 363 for (i = 4; i < cnt; i++) 364 ADDC(buf, buflen, data[i]); 365 ADDC(buf, buflen, '"'); 366 ADDC(buf, buflen, '\0'); 367 break; 368 369 case SRA_KEY: /* Authentication data follows */ 370 strncpy((char *)buf, " KEY ", buflen); 371 goto common2; 372 373 case SRA_USER: 374 strncpy((char *)buf, " USER ", buflen); 375 goto common2; 376 377 case SRA_PASS: 378 strncpy((char *)buf, " PASS ", buflen); 379 goto common2; 380 381 default: 382 sprintf(lbuf, " %d (unknown)", data[3]); 383 strncpy((char *)buf, lbuf, buflen); 384 common2: 385 BUMP(buf, buflen); 386 for (i = 4; i < cnt; i++) { 387 sprintf(lbuf, " %d", data[i]); 388 strncpy((char *)buf, lbuf, buflen); 389 BUMP(buf, buflen); 390 } 391 break; 392 } 393} 394 395struct passwd *pw; 396 397/* 398 * Helper function for sgetpwnam(). 399 */ 400char *
|
408sgetsave(s) 409 char *s;
| 401sgetsave(char *s)
|
410{ 411 char *new = malloc((unsigned) strlen(s) + 1); 412 413 if (new == NULL) { 414 return(NULL); 415 } 416 (void) strcpy(new, s); 417 return (new); 418} 419
| 402{ 403 char *new = malloc((unsigned) strlen(s) + 1); 404 405 if (new == NULL) { 406 return(NULL); 407 } 408 (void) strcpy(new, s); 409 return (new); 410} 411
|
420#include <pwd.h> 421#include <syslog.h> 422#ifdef USE_SHADOW 423#include <shadow.h> 424#endif 425 426
| |
427struct passwd *
| 412struct passwd *
|
428sgetpwnam(name) 429 char *name;
| 413sgetpwnam(char *name)
|
430{ 431 static struct passwd save; 432 register struct passwd *p; 433 char *sgetsave(); 434 435 if ((p = getpwnam(name)) == NULL) 436 return (p); 437 if (save.pw_name) { 438 free(save.pw_name); 439 free(save.pw_passwd); 440 free(save.pw_gecos); 441 free(save.pw_dir); 442 free(save.pw_shell); 443 } 444 save = *p; 445 save.pw_name = sgetsave(p->pw_name); 446 save.pw_passwd = sgetsave(p->pw_passwd); 447 save.pw_gecos = sgetsave(p->pw_gecos); 448 save.pw_dir = sgetsave(p->pw_dir); 449 save.pw_shell = sgetsave(p->pw_shell); 450#if 0 451syslog(LOG_WARNING,"%s\n",save.pw_name); 452syslog(LOG_WARNING,"%s\n",save.pw_passwd); 453syslog(LOG_WARNING,"%s\n",save.pw_gecos); 454syslog(LOG_WARNING,"%s\n",save.pw_dir); 455#endif 456#ifdef USE_SHADOW 457 { 458 struct spwd *sp; 459 sp = getspnam(name); 460 free(save.pw_passwd); 461 save.pw_passwd = sgetsave(sp->sp_pwdp); 462 } 463#endif 464 return (&save); 465} 466 467static int
| 414{ 415 static struct passwd save; 416 register struct passwd *p; 417 char *sgetsave(); 418 419 if ((p = getpwnam(name)) == NULL) 420 return (p); 421 if (save.pw_name) { 422 free(save.pw_name); 423 free(save.pw_passwd); 424 free(save.pw_gecos); 425 free(save.pw_dir); 426 free(save.pw_shell); 427 } 428 save = *p; 429 save.pw_name = sgetsave(p->pw_name); 430 save.pw_passwd = sgetsave(p->pw_passwd); 431 save.pw_gecos = sgetsave(p->pw_gecos); 432 save.pw_dir = sgetsave(p->pw_dir); 433 save.pw_shell = sgetsave(p->pw_shell); 434#if 0 435syslog(LOG_WARNING,"%s\n",save.pw_name); 436syslog(LOG_WARNING,"%s\n",save.pw_passwd); 437syslog(LOG_WARNING,"%s\n",save.pw_gecos); 438syslog(LOG_WARNING,"%s\n",save.pw_dir); 439#endif 440#ifdef USE_SHADOW 441 { 442 struct spwd *sp; 443 sp = getspnam(name); 444 free(save.pw_passwd); 445 save.pw_passwd = sgetsave(sp->sp_pwdp); 446 } 447#endif 448 return (&save); 449} 450 451static int
|
468isroot(user) 469char *user;
| 452isroot(const char *user)
|
470{ 471 struct passwd *pw; 472 473 if ((pw=getpwnam(user))==NULL) 474 return 0; 475 return (!pw->pw_uid); 476} 477 478static int
| 453{ 454 struct passwd *pw; 455 456 if ((pw=getpwnam(user))==NULL) 457 return 0; 458 return (!pw->pw_uid); 459} 460 461static int
|
479rootterm(ttyn) 480char *ttyn;
| 462rootterm(char *ttyn)
|
481{ 482 struct ttyent *t; 483 484 return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE); 485} 486 487#ifdef NOPAM
| 463{ 464 struct ttyent *t; 465 466 return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE); 467} 468 469#ifdef NOPAM
|
488char *crypt(); 489 490int check_user(name, pass) 491char *name; 492char *pass;
| 470static int 471check_user(const char *name, const char *pass)
|
493{ 494 register char *cp; 495 char *xpasswd, *salt; 496 497 if (isroot(name) && !rootterm(line)) 498 { 499 crypt("AA","*"); /* Waste some time to simulate success */ 500 return(0); 501 } 502 503 if (pw = sgetpwnam(name)) { 504 if (pw->pw_shell == NULL) { 505 pw = (struct passwd *) NULL; 506 return(0); 507 } 508 509 salt = pw->pw_passwd; 510 xpasswd = crypt(pass, salt); 511 /* The strcmp does not catch null passwords! */ 512 if (pw == NULL || *pw->pw_passwd == '\0' || 513 strcmp(xpasswd, pw->pw_passwd)) { 514 pw = (struct passwd *) NULL; 515 return(0); 516 } 517 return(1); 518 } 519 return(0); 520} 521#else 522 523/* 524 * The following is stolen from ftpd, which stole it from the imap-uw 525 * PAM module and login.c. It is needed because we can't really 526 * "converse" with the user, having already gone to the trouble of 527 * getting their username and password through an encrypted channel. 528 */ 529 530#define COPY_STRING(s) (s ? strdup(s):NULL) 531 532struct cred_t { 533 const char *uname; 534 const char *pass; 535}; 536typedef struct cred_t cred_t; 537
| 472{ 473 register char *cp; 474 char *xpasswd, *salt; 475 476 if (isroot(name) && !rootterm(line)) 477 { 478 crypt("AA","*"); /* Waste some time to simulate success */ 479 return(0); 480 } 481 482 if (pw = sgetpwnam(name)) { 483 if (pw->pw_shell == NULL) { 484 pw = (struct passwd *) NULL; 485 return(0); 486 } 487 488 salt = pw->pw_passwd; 489 xpasswd = crypt(pass, salt); 490 /* The strcmp does not catch null passwords! */ 491 if (pw == NULL || *pw->pw_passwd == '\0' || 492 strcmp(xpasswd, pw->pw_passwd)) { 493 pw = (struct passwd *) NULL; 494 return(0); 495 } 496 return(1); 497 } 498 return(0); 499} 500#else 501 502/* 503 * The following is stolen from ftpd, which stole it from the imap-uw 504 * PAM module and login.c. It is needed because we can't really 505 * "converse" with the user, having already gone to the trouble of 506 * getting their username and password through an encrypted channel. 507 */ 508 509#define COPY_STRING(s) (s ? strdup(s):NULL) 510 511struct cred_t { 512 const char *uname; 513 const char *pass; 514}; 515typedef struct cred_t cred_t; 516
|
| 517int
|
538auth_conv(int num_msg, const struct pam_message **msg, 539 struct pam_response **resp, void *appdata) 540{ 541 int i; 542 cred_t *cred = (cred_t *) appdata; 543 struct pam_response *reply = 544 malloc(sizeof(struct pam_response) * num_msg); 545 546 if (reply == NULL) 547 return PAM_BUF_ERR; 548 549 for (i = 0; i < num_msg; i++) { 550 switch (msg[i]->msg_style) { 551 case PAM_PROMPT_ECHO_ON: /* assume want user name */ 552 reply[i].resp_retcode = PAM_SUCCESS; 553 reply[i].resp = COPY_STRING(cred->uname); 554 /* PAM frees resp. */ 555 break; 556 case PAM_PROMPT_ECHO_OFF: /* assume want password */ 557 reply[i].resp_retcode = PAM_SUCCESS; 558 reply[i].resp = COPY_STRING(cred->pass); 559 /* PAM frees resp. */ 560 break; 561 case PAM_TEXT_INFO: 562 case PAM_ERROR_MSG: 563 reply[i].resp_retcode = PAM_SUCCESS; 564 reply[i].resp = NULL; 565 break; 566 default: /* unknown message style */ 567 free(reply); 568 return PAM_CONV_ERR; 569 } 570 } 571 572 *resp = reply; 573 return PAM_SUCCESS; 574} 575 576/* 577 * The PAM version as a side effect may put a new username in *name. 578 */
| 518auth_conv(int num_msg, const struct pam_message **msg, 519 struct pam_response **resp, void *appdata) 520{ 521 int i; 522 cred_t *cred = (cred_t *) appdata; 523 struct pam_response *reply = 524 malloc(sizeof(struct pam_response) * num_msg); 525 526 if (reply == NULL) 527 return PAM_BUF_ERR; 528 529 for (i = 0; i < num_msg; i++) { 530 switch (msg[i]->msg_style) { 531 case PAM_PROMPT_ECHO_ON: /* assume want user name */ 532 reply[i].resp_retcode = PAM_SUCCESS; 533 reply[i].resp = COPY_STRING(cred->uname); 534 /* PAM frees resp. */ 535 break; 536 case PAM_PROMPT_ECHO_OFF: /* assume want password */ 537 reply[i].resp_retcode = PAM_SUCCESS; 538 reply[i].resp = COPY_STRING(cred->pass); 539 /* PAM frees resp. */ 540 break; 541 case PAM_TEXT_INFO: 542 case PAM_ERROR_MSG: 543 reply[i].resp_retcode = PAM_SUCCESS; 544 reply[i].resp = NULL; 545 break; 546 default: /* unknown message style */ 547 free(reply); 548 return PAM_CONV_ERR; 549 } 550 } 551 552 *resp = reply; 553 return PAM_SUCCESS; 554} 555 556/* 557 * The PAM version as a side effect may put a new username in *name. 558 */
|
579int check_user(const char *name, const char *pass)
| 559static int 560check_user(const char *name, const char *pass)
|
580{ 581 pam_handle_t *pamh = NULL;
| 561{ 562 pam_handle_t *pamh = NULL;
|
582 const char *tmpl_user;
| |
583 const void *item; 584 int rval; 585 int e; 586 cred_t auth_cred = { name, pass }; 587 struct pam_conv conv = { &auth_conv, &auth_cred }; 588 589 e = pam_start("telnetd", name, &conv, &pamh); 590 if (e != PAM_SUCCESS) { 591 syslog(LOG_ERR, "pam_start: %s", pam_strerror(pamh, e)); 592 return 0; 593 } 594 595#if 0 /* Where can we find this value? */ 596 e = pam_set_item(pamh, PAM_RHOST, remotehost); 597 if (e != PAM_SUCCESS) { 598 syslog(LOG_ERR, "pam_set_item(PAM_RHOST): %s", 599 pam_strerror(pamh, e)); 600 return 0; 601 } 602#endif 603 604 e = pam_authenticate(pamh, 0); 605 switch (e) { 606 case PAM_SUCCESS: 607 /* 608 * With PAM we support the concept of a "template" 609 * user. The user enters a login name which is 610 * authenticated by PAM, usually via a remote service 611 * such as RADIUS or TACACS+. If authentication 612 * succeeds, a different but related "template" name 613 * is used for setting the credentials, shell, and 614 * home directory. The name the user enters need only 615 * exist on the remote authentication server, but the 616 * template name must be present in the local password 617 * database. 618 * 619 * This is supported by two various mechanisms in the 620 * individual modules. However, from the application's 621 * point of view, the template user is always passed 622 * back as a changed value of the PAM_USER item. 623 */ 624 if ((e = pam_get_item(pamh, PAM_USER, &item)) == 625 PAM_SUCCESS) {
| 563 const void *item; 564 int rval; 565 int e; 566 cred_t auth_cred = { name, pass }; 567 struct pam_conv conv = { &auth_conv, &auth_cred }; 568 569 e = pam_start("telnetd", name, &conv, &pamh); 570 if (e != PAM_SUCCESS) { 571 syslog(LOG_ERR, "pam_start: %s", pam_strerror(pamh, e)); 572 return 0; 573 } 574 575#if 0 /* Where can we find this value? */ 576 e = pam_set_item(pamh, PAM_RHOST, remotehost); 577 if (e != PAM_SUCCESS) { 578 syslog(LOG_ERR, "pam_set_item(PAM_RHOST): %s", 579 pam_strerror(pamh, e)); 580 return 0; 581 } 582#endif 583 584 e = pam_authenticate(pamh, 0); 585 switch (e) { 586 case PAM_SUCCESS: 587 /* 588 * With PAM we support the concept of a "template" 589 * user. The user enters a login name which is 590 * authenticated by PAM, usually via a remote service 591 * such as RADIUS or TACACS+. If authentication 592 * succeeds, a different but related "template" name 593 * is used for setting the credentials, shell, and 594 * home directory. The name the user enters need only 595 * exist on the remote authentication server, but the 596 * template name must be present in the local password 597 * database. 598 * 599 * This is supported by two various mechanisms in the 600 * individual modules. However, from the application's 601 * point of view, the template user is always passed 602 * back as a changed value of the PAM_USER item. 603 */ 604 if ((e = pam_get_item(pamh, PAM_USER, &item)) == 605 PAM_SUCCESS) {
|
626 strcpy(name, (const char *) item);
| 606 strcpy((char *) name, (const char *) item);
|
627 } else 628 syslog(LOG_ERR, "Couldn't get PAM_USER: %s", 629 pam_strerror(pamh, e)); 630 if (isroot(name) && !rootterm(line)) 631 rval = 0; 632 else 633 rval = 1; 634 break; 635 636 case PAM_AUTH_ERR: 637 case PAM_USER_UNKNOWN: 638 case PAM_MAXTRIES: 639 rval = 0; 640 break; 641 642 default: 643 syslog(LOG_ERR, "auth_pam: %s", pam_strerror(pamh, e)); 644 rval = 0; 645 break; 646 } 647 648 if ((e = pam_end(pamh, e)) != PAM_SUCCESS) { 649 syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); 650 rval = 0; 651 } 652 return rval; 653} 654 655#endif 656 657#endif 658
| 607 } else 608 syslog(LOG_ERR, "Couldn't get PAM_USER: %s", 609 pam_strerror(pamh, e)); 610 if (isroot(name) && !rootterm(line)) 611 rval = 0; 612 else 613 rval = 1; 614 break; 615 616 case PAM_AUTH_ERR: 617 case PAM_USER_UNKNOWN: 618 case PAM_MAXTRIES: 619 rval = 0; 620 break; 621 622 default: 623 syslog(LOG_ERR, "auth_pam: %s", pam_strerror(pamh, e)); 624 rval = 0; 625 break; 626 } 627 628 if ((e = pam_end(pamh, e)) != PAM_SUCCESS) { 629 syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e)); 630 rval = 0; 631 } 632 return rval; 633} 634 635#endif 636 637#endif 638
|