sra.c (76751) | sra.c (81965) |
---|---|
1/* $FreeBSD: head/contrib/telnet/libtelnet/sra.c 76751 2001-05-17 16:28:11Z nsayer $ */ | 1/* $FreeBSD: head/contrib/telnet/libtelnet/sra.c 81965 2001-08-20 12:28:40Z markm $ */ |
2 3#ifdef SRA 4#include <sys/types.h> 5#include <arpa/telnet.h> 6#include <stdio.h> 7#ifdef __STDC__ 8#include <stdlib.h> 9#endif 10#ifdef NO_STRING_H 11#include <strings.h> 12#else 13#include <string.h> 14#endif 15 16#if !defined(NOPAM) 17#include <security/pam_appl.h> | 2 3#ifdef SRA 4#include <sys/types.h> 5#include <arpa/telnet.h> 6#include <stdio.h> 7#ifdef __STDC__ 8#include <stdlib.h> 9#endif 10#ifdef NO_STRING_H 11#include <strings.h> 12#else 13#include <string.h> 14#endif 15 16#if !defined(NOPAM) 17#include <security/pam_appl.h> |
18#else 19#include <unistd.h> |
|
18#endif 19 | 20#endif 21 |
22#include <pwd.h> 23#include <syslog.h> |
|
20#include <ttyent.h> 21 22#include "auth.h" 23#include "misc.h" 24#include "encrypt.h" 25#include "pk.h" 26 27char pka[HEXKEYBYTES+1], ska[HEXKEYBYTES+1], pkb[HEXKEYBYTES+1]; 28char *user,*pass,*xuser,*xpass; 29DesData ck; 30IdeaData ik; 31 32extern int auth_debug_mode; 33extern char *line; 34 | 24#include <ttyent.h> 25 26#include "auth.h" 27#include "misc.h" 28#include "encrypt.h" 29#include "pk.h" 30 31char pka[HEXKEYBYTES+1], ska[HEXKEYBYTES+1], pkb[HEXKEYBYTES+1]; 32char *user,*pass,*xuser,*xpass; 33DesData ck; 34IdeaData ik; 35 36extern int auth_debug_mode; 37extern char *line; 38 |
35static sra_valid = 0; 36static passwd_sent = 0; | 39static int sra_valid = 0; 40static int passwd_sent = 0; |
37 38static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, 39 AUTHTYPE_SRA, }; 40 41#define SRA_KEY 0 42#define SRA_USER 1 43#define SRA_CONTINUE 2 44#define SRA_PASS 3 45#define SRA_ACCEPT 4 46#define SRA_REJECT 5 47 | 41 42static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, 43 AUTHTYPE_SRA, }; 44 45#define SRA_KEY 0 46#define SRA_USER 1 47#define SRA_CONTINUE 2 48#define SRA_PASS 3 49#define SRA_ACCEPT 4 50#define SRA_REJECT 5 51 |
52static int check_user(const char *, const char *); 53 |
|
48/* support routine to send out authentication message */ | 54/* support routine to send out authentication message */ |
49static int Data(ap, type, d, c) 50Authenticator *ap; 51int type; 52void *d; 53int c; | 55static int 56Data(Authenticator *ap, int type, void *d, int c) |
54{ 55 unsigned char *p = str_data + 4; 56 unsigned char *cd = (unsigned char *)d; 57 58 if (c == -1) 59 c = strlen((char *)cd); 60 61 if (auth_debug_mode) { --- 13 unchanged lines hidden (view full) --- 75 } 76 *p++ = IAC; 77 *p++ = SE; 78 if (str_data[3] == TELQUAL_IS) 79 printsub('>', &str_data[2], p - (&str_data[2])); 80 return(net_write(str_data, p - str_data)); 81} 82 | 57{ 58 unsigned char *p = str_data + 4; 59 unsigned char *cd = (unsigned char *)d; 60 61 if (c == -1) 62 c = strlen((char *)cd); 63 64 if (auth_debug_mode) { --- 13 unchanged lines hidden (view full) --- 78 } 79 *p++ = IAC; 80 *p++ = SE; 81 if (str_data[3] == TELQUAL_IS) 82 printsub('>', &str_data[2], p - (&str_data[2])); 83 return(net_write(str_data, p - str_data)); 84} 85 |
83int sra_init(ap, server) 84Authenticator *ap; 85int server; | 86int 87sra_init(Authenticator *ap, int server) |
86{ 87 if (server) 88 str_data[3] = TELQUAL_REPLY; 89 else 90 str_data[3] = TELQUAL_IS; 91 92 user = (char *)malloc(256); 93 xuser = (char *)malloc(513); --- 6 unchanged lines hidden (view full) --- 100 101 passwd_sent = 0; 102 103 genkeys(pka,ska); 104 return(1); 105} 106 107/* client received a go-ahead for sra */ | 88{ 89 if (server) 90 str_data[3] = TELQUAL_REPLY; 91 else 92 str_data[3] = TELQUAL_IS; 93 94 user = (char *)malloc(256); 95 xuser = (char *)malloc(513); --- 6 unchanged lines hidden (view full) --- 102 103 passwd_sent = 0; 104 105 genkeys(pka,ska); 106 return(1); 107} 108 109/* client received a go-ahead for sra */ |
108int sra_send(ap) 109Authenticator *ap; | 110int 111sra_send(Authenticator *ap) |
110{ 111 /* send PKA */ 112 113 if (auth_debug_mode) 114 printf("Sent PKA to server.\r\n" ); 115 printf("Trying SRA secure login:\r\n"); 116 if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) { 117 if (auth_debug_mode) 118 printf("Not enough room for authentication data\r\n"); 119 return(0); 120 } 121 122 return(1); 123} 124 125/* server received an IS -- could be SRA KEY, USER, or PASS */ | 112{ 113 /* send PKA */ 114 115 if (auth_debug_mode) 116 printf("Sent PKA to server.\r\n" ); 117 printf("Trying SRA secure login:\r\n"); 118 if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) { 119 if (auth_debug_mode) 120 printf("Not enough room for authentication data\r\n"); 121 return(0); 122 } 123 124 return(1); 125} 126 127/* server received an IS -- could be SRA KEY, USER, or PASS */ |
126void sra_is(ap, data, cnt) 127Authenticator *ap; 128unsigned char *data; 129int cnt; | 128void 129sra_is(Authenticator *ap, unsigned char *data, int cnt) |
130{ 131 int valid; 132 Session_Key skey; 133 134 if (cnt-- < 1) 135 goto bad; 136 switch (*data++) { 137 --- 74 unchanged lines hidden (view full) --- 212 printf("Unknown SRA option %d\r\n", data[-1]); 213 } 214bad: 215 Data(ap, SRA_REJECT, 0, 0); 216 sra_valid = 0; 217 auth_finished(ap, AUTH_REJECT); 218} 219 | 130{ 131 int valid; 132 Session_Key skey; 133 134 if (cnt-- < 1) 135 goto bad; 136 switch (*data++) { 137 --- 74 unchanged lines hidden (view full) --- 212 printf("Unknown SRA option %d\r\n", data[-1]); 213 } 214bad: 215 Data(ap, SRA_REJECT, 0, 0); 216 sra_valid = 0; 217 auth_finished(ap, AUTH_REJECT); 218} 219 |
220extern char *getpass(); 221 | |
222/* client received REPLY -- could be SRA KEY, CONTINUE, ACCEPT, or REJECT */ | 220/* client received REPLY -- could be SRA KEY, CONTINUE, ACCEPT, or REJECT */ |
223void sra_reply(ap, data, cnt) 224Authenticator *ap; 225unsigned char *data; 226int cnt; | 221void 222sra_reply(Authenticator *ap, unsigned char *data, int cnt) |
227{ 228 extern char *telnet_gets(); 229 char uprompt[256],tuser[256]; 230 Session_Key skey; 231 int i; 232 233 if (cnt-- < 1) 234 return; --- 82 unchanged lines hidden (view full) --- 317 return; 318 default: 319 if (auth_debug_mode) 320 printf("Unknown SRA option %d\r\n", data[-1]); 321 return; 322 } 323} 324 | 223{ 224 extern char *telnet_gets(); 225 char uprompt[256],tuser[256]; 226 Session_Key skey; 227 int i; 228 229 if (cnt-- < 1) 230 return; --- 82 unchanged lines hidden (view full) --- 313 return; 314 default: 315 if (auth_debug_mode) 316 printf("Unknown SRA option %d\r\n", data[-1]); 317 return; 318 } 319} 320 |
325int sra_status(ap, name, level) 326Authenticator *ap; 327char *name; 328int level; | 321int 322sra_status(Authenticator *ap, char *name, int level) |
329{ 330 if (level < AUTH_USER) 331 return(level); 332 if (UserNameRequested && sra_valid) { 333 strcpy(name, UserNameRequested); 334 return(AUTH_VALID); 335 } else 336 return(AUTH_USER); 337} 338 339#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} 340#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} 341 | 323{ 324 if (level < AUTH_USER) 325 return(level); 326 if (UserNameRequested && sra_valid) { 327 strcpy(name, UserNameRequested); 328 return(AUTH_VALID); 329 } else 330 return(AUTH_USER); 331} 332 333#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} 334#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} 335 |
342void sra_printsub(data, cnt, buf, buflen) 343unsigned char *data, *buf; 344int cnt, buflen; | 336void 337sra_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) |
345{ 346 char lbuf[32]; 347 register int i; 348 349 buf[buflen-1] = '\0'; /* make sure its NULL terminated */ 350 buflen -= 1; 351 352 switch(data[3]) { --- 47 unchanged lines hidden (view full) --- 400} 401 402struct passwd *pw; 403 404/* 405 * Helper function for sgetpwnam(). 406 */ 407char * | 338{ 339 char lbuf[32]; 340 register int i; 341 342 buf[buflen-1] = '\0'; /* make sure its NULL terminated */ 343 buflen -= 1; 344 345 switch(data[3]) { --- 47 unchanged lines hidden (view full) --- 393} 394 395struct passwd *pw; 396 397/* 398 * Helper function for sgetpwnam(). 399 */ 400char * |
408sgetsave(s) 409 char *s; | 401sgetsave(char *s) |
410{ 411 char *new = malloc((unsigned) strlen(s) + 1); 412 413 if (new == NULL) { 414 return(NULL); 415 } 416 (void) strcpy(new, s); 417 return (new); 418} 419 | 402{ 403 char *new = malloc((unsigned) strlen(s) + 1); 404 405 if (new == NULL) { 406 return(NULL); 407 } 408 (void) strcpy(new, s); 409 return (new); 410} 411 |
420#include <pwd.h> 421#include <syslog.h> 422#ifdef USE_SHADOW 423#include <shadow.h> 424#endif 425 426 | |
427struct passwd * | 412struct passwd * |
428sgetpwnam(name) 429 char *name; | 413sgetpwnam(char *name) |
430{ 431 static struct passwd save; 432 register struct passwd *p; 433 char *sgetsave(); 434 435 if ((p = getpwnam(name)) == NULL) 436 return (p); 437 if (save.pw_name) { --- 22 unchanged lines hidden (view full) --- 460 free(save.pw_passwd); 461 save.pw_passwd = sgetsave(sp->sp_pwdp); 462 } 463#endif 464 return (&save); 465} 466 467static int | 414{ 415 static struct passwd save; 416 register struct passwd *p; 417 char *sgetsave(); 418 419 if ((p = getpwnam(name)) == NULL) 420 return (p); 421 if (save.pw_name) { --- 22 unchanged lines hidden (view full) --- 444 free(save.pw_passwd); 445 save.pw_passwd = sgetsave(sp->sp_pwdp); 446 } 447#endif 448 return (&save); 449} 450 451static int |
468isroot(user) 469char *user; | 452isroot(const char *user) |
470{ 471 struct passwd *pw; 472 473 if ((pw=getpwnam(user))==NULL) 474 return 0; 475 return (!pw->pw_uid); 476} 477 478static int | 453{ 454 struct passwd *pw; 455 456 if ((pw=getpwnam(user))==NULL) 457 return 0; 458 return (!pw->pw_uid); 459} 460 461static int |
479rootterm(ttyn) 480char *ttyn; | 462rootterm(char *ttyn) |
481{ 482 struct ttyent *t; 483 484 return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE); 485} 486 487#ifdef NOPAM | 463{ 464 struct ttyent *t; 465 466 return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE); 467} 468 469#ifdef NOPAM |
488char *crypt(); 489 490int check_user(name, pass) 491char *name; 492char *pass; | 470static int 471check_user(const char *name, const char *pass) |
493{ 494 register char *cp; 495 char *xpasswd, *salt; 496 497 if (isroot(name) && !rootterm(line)) 498 { 499 crypt("AA","*"); /* Waste some time to simulate success */ 500 return(0); --- 29 unchanged lines hidden (view full) --- 530#define COPY_STRING(s) (s ? strdup(s):NULL) 531 532struct cred_t { 533 const char *uname; 534 const char *pass; 535}; 536typedef struct cred_t cred_t; 537 | 472{ 473 register char *cp; 474 char *xpasswd, *salt; 475 476 if (isroot(name) && !rootterm(line)) 477 { 478 crypt("AA","*"); /* Waste some time to simulate success */ 479 return(0); --- 29 unchanged lines hidden (view full) --- 509#define COPY_STRING(s) (s ? strdup(s):NULL) 510 511struct cred_t { 512 const char *uname; 513 const char *pass; 514}; 515typedef struct cred_t cred_t; 516 |
517int |
|
538auth_conv(int num_msg, const struct pam_message **msg, 539 struct pam_response **resp, void *appdata) 540{ 541 int i; 542 cred_t *cred = (cred_t *) appdata; 543 struct pam_response *reply = 544 malloc(sizeof(struct pam_response) * num_msg); 545 --- 25 unchanged lines hidden (view full) --- 571 572 *resp = reply; 573 return PAM_SUCCESS; 574} 575 576/* 577 * The PAM version as a side effect may put a new username in *name. 578 */ | 518auth_conv(int num_msg, const struct pam_message **msg, 519 struct pam_response **resp, void *appdata) 520{ 521 int i; 522 cred_t *cred = (cred_t *) appdata; 523 struct pam_response *reply = 524 malloc(sizeof(struct pam_response) * num_msg); 525 --- 25 unchanged lines hidden (view full) --- 551 552 *resp = reply; 553 return PAM_SUCCESS; 554} 555 556/* 557 * The PAM version as a side effect may put a new username in *name. 558 */ |
579int check_user(const char *name, const char *pass) | 559static int 560check_user(const char *name, const char *pass) |
580{ 581 pam_handle_t *pamh = NULL; | 561{ 562 pam_handle_t *pamh = NULL; |
582 const char *tmpl_user; | |
583 const void *item; 584 int rval; 585 int e; 586 cred_t auth_cred = { name, pass }; 587 struct pam_conv conv = { &auth_conv, &auth_cred }; 588 589 e = pam_start("telnetd", name, &conv, &pamh); 590 if (e != PAM_SUCCESS) { --- 27 unchanged lines hidden (view full) --- 618 * 619 * This is supported by two various mechanisms in the 620 * individual modules. However, from the application's 621 * point of view, the template user is always passed 622 * back as a changed value of the PAM_USER item. 623 */ 624 if ((e = pam_get_item(pamh, PAM_USER, &item)) == 625 PAM_SUCCESS) { | 563 const void *item; 564 int rval; 565 int e; 566 cred_t auth_cred = { name, pass }; 567 struct pam_conv conv = { &auth_conv, &auth_cred }; 568 569 e = pam_start("telnetd", name, &conv, &pamh); 570 if (e != PAM_SUCCESS) { --- 27 unchanged lines hidden (view full) --- 598 * 599 * This is supported by two various mechanisms in the 600 * individual modules. However, from the application's 601 * point of view, the template user is always passed 602 * back as a changed value of the PAM_USER item. 603 */ 604 if ((e = pam_get_item(pamh, PAM_USER, &item)) == 605 PAM_SUCCESS) { |
626 strcpy(name, (const char *) item); | 606 strcpy((char *) name, (const char *) item); |
627 } else 628 syslog(LOG_ERR, "Couldn't get PAM_USER: %s", 629 pam_strerror(pamh, e)); 630 if (isroot(name) && !rootterm(line)) 631 rval = 0; 632 else 633 rval = 1; 634 break; --- 24 unchanged lines hidden --- | 607 } else 608 syslog(LOG_ERR, "Couldn't get PAM_USER: %s", 609 pam_strerror(pamh, e)); 610 if (isroot(name) && !rootterm(line)) 611 rval = 0; 612 else 613 rval = 1; 614 break; --- 24 unchanged lines hidden --- |