1/*-
2 * Copyright (c) 1991, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
--- 15 unchanged lines hidden (view full) ---
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 * $FreeBSD: head/contrib/telnet/libtelnet/kerberos.c 84305 2001-10-01 16:04:55Z markm $
34 */
35
36#include <sys/cdefs.h>
37__FBSDID("$FreeBSD: head/contrib/telnet/libtelnet/kerberos.c 84305 2001-10-01 16:04:55Z markm $");
38
39#ifndef lint
40static const char sccsid[] = "@(#)kerberos.c 8.3 (Berkeley) 5/30/95";
41#endif /* not lint */
42
43/*
44 * Copyright (C) 1990 by the Massachusetts Institute of Technology
45 *
46 * Export of this software from the United States of America is assumed
--- 11 unchanged lines hidden (view full) ---
58 * permission. M.I.T. makes no representations about the suitability of
59 * this software for any purpose. It is provided "as is" without express
60 * or implied warranty.
61 */
62
63#ifdef KRB4
64#include <sys/types.h>
65#include <arpa/telnet.h>
66#include <stdio.h>
67#include <openssl/des.h> /* BSD wont include this in krb.h, so we do it here */
68#include <krb.h>
69#ifdef __STDC__
70#include <stdlib.h>
71#endif
72#ifdef NO_STRING_H
73#include <strings.h>
74#else
75#include <string.h>
76#endif
77
78#include "encrypt.h"
79#include "auth.h"
80#include "misc.h"
81
82int kerberos4_cksum P((unsigned char *, int));
83int kuserok P((AUTH_DAT *, char *));
84
85extern auth_debug_mode;
86
87static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
88 AUTHTYPE_KERBEROS_V4, };
89
90#define KRB_AUTH 0 /* Authentication data follows */
91#define KRB_REJECT 1 /* Rejected (reason might follow) */
92#define KRB_ACCEPT 2 /* Accepted */
93#define KRB_CHALLENGE 3 /* Challenge for mutual auth. */
94#define KRB_RESPONSE 4 /* Response for mutual auth. */
95
96#define KRB_SERVICE_NAME "rcmd"
97
98static KTEXT_ST auth;
99static char name[ANAME_SZ];
100static AUTH_DAT adat = { 0 };
101#ifdef ENCRYPTION
102static Block session_key = { 0 };
103static des_key_schedule sched;
104static Block challenge = { 0 };
105#endif /* ENCRYPTION */
106
107 static int
108Data(ap, type, d, c)
109 Authenticator *ap;
110 int type;
111 void *d;
112 int c;
113{
114 unsigned char *p = str_data + 4;
115 unsigned char *cd = (unsigned char *)d;
116
117 if (c == -1)
118 c = strlen((char *)cd);
119
120 if (auth_debug_mode) {
121 printf("%s:%d: [%d] (%d)",
122 str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
123 str_data[3],
124 type, c);
125 printd(d, c);
126 printf("\r\n");
--- 7 unchanged lines hidden (view full) ---
134 }
135 *p++ = IAC;
136 *p++ = SE;
137 if (str_data[3] == TELQUAL_IS)
138 printsub('>', &str_data[2], p - (&str_data[2]));
139 return(net_write(str_data, p - str_data));
140}
141
142 int
143kerberos4_init(ap, server)
144 Authenticator *ap;
145 int server;
146{
147 FILE *fp;
148
149 if (server) {
150 str_data[3] = TELQUAL_REPLY;
151 if ((fp = fopen(KEYFILE, "r")) == NULL)
152 return(0);
153 fclose(fp);
154 } else {
155 str_data[3] = TELQUAL_IS;
156 }
157 return(1);
158}
159
160char dst_realm_buf[REALM_SZ], *dest_realm = NULL;
161int dst_realm_sz = REALM_SZ;
162
163 int
164kerberos4_send(ap)
165 Authenticator *ap;
166{
167 KTEXT_ST auth;
168 char instance[INST_SZ];
169 char *realm;
170 char *krb_realmofhost();
171 char *krb_get_phost();
172 CREDENTIALS cred;
173 int r;
174
175 printf("[ Trying KERBEROS4 ... ]\n");
176 if (!UserNameRequested) {
177 if (auth_debug_mode) {
178 printf("Kerberos V4: no user name supplied\r\n");
179 }
--- 8 unchanged lines hidden (view full) ---
188 instance[sizeof(instance)-1] = '\0';
189
190 realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName);
191
192 if (!realm) {
193 printf("Kerberos V4: no realm for %s\r\n", RemoteHostName);
194 return(0);
195 }
196 if ((r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0L))) {
197 printf("mk_req failed: %s\r\n", krb_err_txt[r]);
198 return(0);
199 }
200 if ((r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred))) {
201 printf("get_cred failed: %s\r\n", krb_err_txt[r]);
202 return(0);
203 }
204 if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
205 if (auth_debug_mode)
206 printf("Not enough room for user name\r\n");
207 return(0);
208 }
209 if (auth_debug_mode)
210 printf("Sent %d bytes of authentication data\r\n", auth.length);
211 if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) {
212 if (auth_debug_mode)
213 printf("Not enough room for authentication data\r\n");
214 return(0);
215 }
216#ifdef ENCRYPTION
217 /*
218 * If we are doing mutual authentication, get set up to send
219 * the challenge, and verify it when the response comes back.
--- 17 unchanged lines hidden (view full) ---
237 if (x < 256) /* if no overflow, all done */
238 break;
239 }
240 des_ecb_encrypt(&challenge, &challenge, sched, 1);
241 }
242#endif /* ENCRYPTION */
243
244 if (auth_debug_mode) {
245 printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
246 printd(auth.dat, auth.length);
247 printf("\r\n");
248 printf("Sent Kerberos V4 credentials to server\r\n");
249 }
250 return(1);
251}
252
253 void
254kerberos4_is(ap, data, cnt)
255 Authenticator *ap;
256 unsigned char *data;
257 int cnt;
258{
259#ifdef ENCRYPTION
260 Session_Key skey;
261 Block datablock;
262#endif /* ENCRYPTION */
263 char realm[REALM_SZ];
264 char instance[INST_SZ];
265 int r;
266
267 if (cnt-- < 1)
268 return;
269 switch (*data++) {
270 case KRB_AUTH:
271 if (krb_get_lrealm(realm, 1) != KSUCCESS) {
272 Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1);
273 auth_finished(ap, AUTH_REJECT);
274 if (auth_debug_mode)
275 printf("No local realm\r\n");
276 return;
277 }
278 memmove((void *)auth.dat, (void *)data, auth.length = cnt);
279 if (auth_debug_mode) {
280 printf("Got %d bytes of authentication data\r\n", cnt);
281 printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
282 printd(auth.dat, auth.length);
283 printf("\r\n");
284 }
285 instance[0] = '*'; instance[1] = 0;
286 if ((r = krb_rd_req(&auth, KRB_SERVICE_NAME,
287 instance, 0, &adat, ""))) {
288 if (auth_debug_mode)
289 printf("Kerberos failed him as %s\r\n", name);
290 Data(ap, KRB_REJECT, (void *)krb_err_txt[r], -1);
291 auth_finished(ap, AUTH_REJECT);
292 return;
293 }
294#ifdef ENCRYPTION
295 memmove((void *)session_key, (void *)adat.session, sizeof(Block));
296#endif /* ENCRYPTION */
297 krb_kntoln(&adat, name);
298
299 if (UserNameRequested && !kuserok(&adat, UserNameRequested))
300 Data(ap, KRB_ACCEPT, (void *)0, 0);
301 else
302 Data(ap, KRB_REJECT,
303 (void *)"user is not authorized", -1);
304 auth_finished(ap, AUTH_USER);
305 break;
306
307 case KRB_CHALLENGE:
308#ifndef ENCRYPTION
309 Data(ap, KRB_RESPONSE, (void *)0, 0);
310#else /* ENCRYPTION */
311 if (!VALIDKEY(session_key)) {
312 /*
313 * We don't have a valid session key, so just
314 * send back a response with an empty session
315 * key.
316 */
317 Data(ap, KRB_RESPONSE, (void *)0, 0);
318 break;
319 }
320
321 /*
322 * Initialize the random number generator since it's
323 * used later on by the encryption routine.
324 */
325 des_init_random_number_generator(&session_key);
--- 17 unchanged lines hidden (view full) ---
343 for (r = 7; r >= 0; r--) {
344 register int t;
345 t = (unsigned int)challenge[r] + 1;
346 challenge[r] = t; /* ignore overflow */
347 if (t < 256) /* if no overflow, all done */
348 break;
349 }
350 des_ecb_encrypt(&challenge, &challenge, sched, 1);
351 Data(ap, KRB_RESPONSE, (void *)challenge, sizeof(challenge));
352#endif /* ENCRYPTION */
353 break;
354
355 default:
356 if (auth_debug_mode)
357 printf("Unknown Kerberos option %d\r\n", data[-1]);
358 Data(ap, KRB_REJECT, 0, 0);
359 break;
360 }
361}
362
363 void
364kerberos4_reply(ap, data, cnt)
365 Authenticator *ap;
366 unsigned char *data;
367 int cnt;
368{
369#ifdef ENCRYPTION
370 Session_Key skey;
371#endif /* ENCRYPTION */
372
373 if (cnt-- < 1)
374 return;
375 switch (*data++) {
--- 7 unchanged lines hidden (view full) ---
383 return;
384 case KRB_ACCEPT:
385 printf("[ Kerberos V4 accepts you ]\n");
386 if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
387 /*
388 * Send over the encrypted challenge.
389 */
390#ifndef ENCRYPTION
391 Data(ap, KRB_CHALLENGE, (void *)0, 0);
392#else /* ENCRYPTION */
393 Data(ap, KRB_CHALLENGE, (void *)session_key,
394 sizeof(session_key));
395 des_ecb_encrypt(&session_key, &session_key, sched, 1);
396 skey.type = SK_DES;
397 skey.length = 8;
398 skey.data = session_key;
399 encrypt_session_key(&skey, 0);
400#endif /* ENCRYPTION */
401 return;
--- 21 unchanged lines hidden (view full) ---
423 break;
424 default:
425 if (auth_debug_mode)
426 printf("Unknown Kerberos option %d\r\n", data[-1]);
427 return;
428 }
429}
430
431 int
432kerberos4_status(ap, name, level)
433 Authenticator *ap;
434 char *name;
435 int level;
436{
437 if (level < AUTH_USER)
438 return(level);
439
440 if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
441 strcpy(name, UserNameRequested);
442 return(AUTH_VALID);
443 } else
444 return(AUTH_USER);
445}
446
447#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
448#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
449
450 void
451kerberos4_printsub(data, cnt, buf, buflen)
452 unsigned char *data, *buf;
453 int cnt, buflen;
454{
455 char lbuf[32];
456 register int i;
457
458 buf[buflen-1] = '\0'; /* make sure its NULL terminated */
459 buflen -= 1;
460
461 switch(data[3]) {
--- 35 unchanged lines hidden (view full) ---
497 sprintf(lbuf, " %d", data[i]);
498 strncpy((char *)buf, lbuf, buflen);
499 BUMP(buf, buflen);
500 }
501 break;
502 }
503}
504
505 int
506kerberos4_cksum(d, n)
507 unsigned char *d;
508 int n;
509{
510 int ck = 0;
511
512 /*
513 * A comment is probably needed here for those not
514 * well versed in the "C" language. Yes, this is
515 * supposed to be a "switch" with the body of the
516 * "switch" being a "while" statement. The whole
--- 17 unchanged lines hidden (view full) ---
534 --n;
535 case 1:
536 ck ^= (int)*d++;
537 --n;
538 }
539 return(ck);
540}
541#endif
542
543#ifdef notdef
544
545prkey(msg, key)
546 char *msg;
547 unsigned char *key;
548{
549 register int i;
550 printf("%s:", msg);
551 for (i = 0; i < 8; i++)
552 printf(" %3d", key[i]);
553 printf("\r\n");
554}
555#endif
2 * Copyright (c) 1991, 1993
3 * The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
--- 15 unchanged lines hidden (view full) ---
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 * $FreeBSD: head/contrib/telnet/libtelnet/kerberos.c 84305 2001-10-01 16:04:55Z markm $
34 */
35
36#include <sys/cdefs.h>
37__FBSDID("$FreeBSD: head/contrib/telnet/libtelnet/kerberos.c 84305 2001-10-01 16:04:55Z markm $");
38
39#ifndef lint
40static const char sccsid[] = "@(#)kerberos.c 8.3 (Berkeley) 5/30/95";
41#endif /* not lint */
42
43/*
44 * Copyright (C) 1990 by the Massachusetts Institute of Technology
45 *
46 * Export of this software from the United States of America is assumed
--- 11 unchanged lines hidden (view full) ---
58 * permission. M.I.T. makes no representations about the suitability of
59 * this software for any purpose. It is provided "as is" without express
60 * or implied warranty.
61 */
62
63#ifdef KRB4
64#include <sys/types.h>
65#include <arpa/telnet.h>
66#include <stdio.h>
67#include <openssl/des.h> /* BSD wont include this in krb.h, so we do it here */
68#include <krb.h>
69#ifdef __STDC__
70#include <stdlib.h>
71#endif
72#ifdef NO_STRING_H
73#include <strings.h>
74#else
75#include <string.h>
76#endif
77
78#include "encrypt.h"
79#include "auth.h"
80#include "misc.h"
81
82int kerberos4_cksum P((unsigned char *, int));
83int kuserok P((AUTH_DAT *, char *));
84
85extern auth_debug_mode;
86
87static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
88 AUTHTYPE_KERBEROS_V4, };
89
90#define KRB_AUTH 0 /* Authentication data follows */
91#define KRB_REJECT 1 /* Rejected (reason might follow) */
92#define KRB_ACCEPT 2 /* Accepted */
93#define KRB_CHALLENGE 3 /* Challenge for mutual auth. */
94#define KRB_RESPONSE 4 /* Response for mutual auth. */
95
96#define KRB_SERVICE_NAME "rcmd"
97
98static KTEXT_ST auth;
99static char name[ANAME_SZ];
100static AUTH_DAT adat = { 0 };
101#ifdef ENCRYPTION
102static Block session_key = { 0 };
103static des_key_schedule sched;
104static Block challenge = { 0 };
105#endif /* ENCRYPTION */
106
107 static int
108Data(ap, type, d, c)
109 Authenticator *ap;
110 int type;
111 void *d;
112 int c;
113{
114 unsigned char *p = str_data + 4;
115 unsigned char *cd = (unsigned char *)d;
116
117 if (c == -1)
118 c = strlen((char *)cd);
119
120 if (auth_debug_mode) {
121 printf("%s:%d: [%d] (%d)",
122 str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
123 str_data[3],
124 type, c);
125 printd(d, c);
126 printf("\r\n");
--- 7 unchanged lines hidden (view full) ---
134 }
135 *p++ = IAC;
136 *p++ = SE;
137 if (str_data[3] == TELQUAL_IS)
138 printsub('>', &str_data[2], p - (&str_data[2]));
139 return(net_write(str_data, p - str_data));
140}
141
142 int
143kerberos4_init(ap, server)
144 Authenticator *ap;
145 int server;
146{
147 FILE *fp;
148
149 if (server) {
150 str_data[3] = TELQUAL_REPLY;
151 if ((fp = fopen(KEYFILE, "r")) == NULL)
152 return(0);
153 fclose(fp);
154 } else {
155 str_data[3] = TELQUAL_IS;
156 }
157 return(1);
158}
159
160char dst_realm_buf[REALM_SZ], *dest_realm = NULL;
161int dst_realm_sz = REALM_SZ;
162
163 int
164kerberos4_send(ap)
165 Authenticator *ap;
166{
167 KTEXT_ST auth;
168 char instance[INST_SZ];
169 char *realm;
170 char *krb_realmofhost();
171 char *krb_get_phost();
172 CREDENTIALS cred;
173 int r;
174
175 printf("[ Trying KERBEROS4 ... ]\n");
176 if (!UserNameRequested) {
177 if (auth_debug_mode) {
178 printf("Kerberos V4: no user name supplied\r\n");
179 }
--- 8 unchanged lines hidden (view full) ---
188 instance[sizeof(instance)-1] = '\0';
189
190 realm = dest_realm ? dest_realm : krb_realmofhost(RemoteHostName);
191
192 if (!realm) {
193 printf("Kerberos V4: no realm for %s\r\n", RemoteHostName);
194 return(0);
195 }
196 if ((r = krb_mk_req(&auth, KRB_SERVICE_NAME, instance, realm, 0L))) {
197 printf("mk_req failed: %s\r\n", krb_err_txt[r]);
198 return(0);
199 }
200 if ((r = krb_get_cred(KRB_SERVICE_NAME, instance, realm, &cred))) {
201 printf("get_cred failed: %s\r\n", krb_err_txt[r]);
202 return(0);
203 }
204 if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
205 if (auth_debug_mode)
206 printf("Not enough room for user name\r\n");
207 return(0);
208 }
209 if (auth_debug_mode)
210 printf("Sent %d bytes of authentication data\r\n", auth.length);
211 if (!Data(ap, KRB_AUTH, (void *)auth.dat, auth.length)) {
212 if (auth_debug_mode)
213 printf("Not enough room for authentication data\r\n");
214 return(0);
215 }
216#ifdef ENCRYPTION
217 /*
218 * If we are doing mutual authentication, get set up to send
219 * the challenge, and verify it when the response comes back.
--- 17 unchanged lines hidden (view full) ---
237 if (x < 256) /* if no overflow, all done */
238 break;
239 }
240 des_ecb_encrypt(&challenge, &challenge, sched, 1);
241 }
242#endif /* ENCRYPTION */
243
244 if (auth_debug_mode) {
245 printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
246 printd(auth.dat, auth.length);
247 printf("\r\n");
248 printf("Sent Kerberos V4 credentials to server\r\n");
249 }
250 return(1);
251}
252
253 void
254kerberos4_is(ap, data, cnt)
255 Authenticator *ap;
256 unsigned char *data;
257 int cnt;
258{
259#ifdef ENCRYPTION
260 Session_Key skey;
261 Block datablock;
262#endif /* ENCRYPTION */
263 char realm[REALM_SZ];
264 char instance[INST_SZ];
265 int r;
266
267 if (cnt-- < 1)
268 return;
269 switch (*data++) {
270 case KRB_AUTH:
271 if (krb_get_lrealm(realm, 1) != KSUCCESS) {
272 Data(ap, KRB_REJECT, (void *)"No local V4 Realm.", -1);
273 auth_finished(ap, AUTH_REJECT);
274 if (auth_debug_mode)
275 printf("No local realm\r\n");
276 return;
277 }
278 memmove((void *)auth.dat, (void *)data, auth.length = cnt);
279 if (auth_debug_mode) {
280 printf("Got %d bytes of authentication data\r\n", cnt);
281 printf("CK: %d:", kerberos4_cksum(auth.dat, auth.length));
282 printd(auth.dat, auth.length);
283 printf("\r\n");
284 }
285 instance[0] = '*'; instance[1] = 0;
286 if ((r = krb_rd_req(&auth, KRB_SERVICE_NAME,
287 instance, 0, &adat, ""))) {
288 if (auth_debug_mode)
289 printf("Kerberos failed him as %s\r\n", name);
290 Data(ap, KRB_REJECT, (void *)krb_err_txt[r], -1);
291 auth_finished(ap, AUTH_REJECT);
292 return;
293 }
294#ifdef ENCRYPTION
295 memmove((void *)session_key, (void *)adat.session, sizeof(Block));
296#endif /* ENCRYPTION */
297 krb_kntoln(&adat, name);
298
299 if (UserNameRequested && !kuserok(&adat, UserNameRequested))
300 Data(ap, KRB_ACCEPT, (void *)0, 0);
301 else
302 Data(ap, KRB_REJECT,
303 (void *)"user is not authorized", -1);
304 auth_finished(ap, AUTH_USER);
305 break;
306
307 case KRB_CHALLENGE:
308#ifndef ENCRYPTION
309 Data(ap, KRB_RESPONSE, (void *)0, 0);
310#else /* ENCRYPTION */
311 if (!VALIDKEY(session_key)) {
312 /*
313 * We don't have a valid session key, so just
314 * send back a response with an empty session
315 * key.
316 */
317 Data(ap, KRB_RESPONSE, (void *)0, 0);
318 break;
319 }
320
321 /*
322 * Initialize the random number generator since it's
323 * used later on by the encryption routine.
324 */
325 des_init_random_number_generator(&session_key);
--- 17 unchanged lines hidden (view full) ---
343 for (r = 7; r >= 0; r--) {
344 register int t;
345 t = (unsigned int)challenge[r] + 1;
346 challenge[r] = t; /* ignore overflow */
347 if (t < 256) /* if no overflow, all done */
348 break;
349 }
350 des_ecb_encrypt(&challenge, &challenge, sched, 1);
351 Data(ap, KRB_RESPONSE, (void *)challenge, sizeof(challenge));
352#endif /* ENCRYPTION */
353 break;
354
355 default:
356 if (auth_debug_mode)
357 printf("Unknown Kerberos option %d\r\n", data[-1]);
358 Data(ap, KRB_REJECT, 0, 0);
359 break;
360 }
361}
362
363 void
364kerberos4_reply(ap, data, cnt)
365 Authenticator *ap;
366 unsigned char *data;
367 int cnt;
368{
369#ifdef ENCRYPTION
370 Session_Key skey;
371#endif /* ENCRYPTION */
372
373 if (cnt-- < 1)
374 return;
375 switch (*data++) {
--- 7 unchanged lines hidden (view full) ---
383 return;
384 case KRB_ACCEPT:
385 printf("[ Kerberos V4 accepts you ]\n");
386 if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
387 /*
388 * Send over the encrypted challenge.
389 */
390#ifndef ENCRYPTION
391 Data(ap, KRB_CHALLENGE, (void *)0, 0);
392#else /* ENCRYPTION */
393 Data(ap, KRB_CHALLENGE, (void *)session_key,
394 sizeof(session_key));
395 des_ecb_encrypt(&session_key, &session_key, sched, 1);
396 skey.type = SK_DES;
397 skey.length = 8;
398 skey.data = session_key;
399 encrypt_session_key(&skey, 0);
400#endif /* ENCRYPTION */
401 return;
--- 21 unchanged lines hidden (view full) ---
423 break;
424 default:
425 if (auth_debug_mode)
426 printf("Unknown Kerberos option %d\r\n", data[-1]);
427 return;
428 }
429}
430
431 int
432kerberos4_status(ap, name, level)
433 Authenticator *ap;
434 char *name;
435 int level;
436{
437 if (level < AUTH_USER)
438 return(level);
439
440 if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
441 strcpy(name, UserNameRequested);
442 return(AUTH_VALID);
443 } else
444 return(AUTH_USER);
445}
446
447#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
448#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
449
450 void
451kerberos4_printsub(data, cnt, buf, buflen)
452 unsigned char *data, *buf;
453 int cnt, buflen;
454{
455 char lbuf[32];
456 register int i;
457
458 buf[buflen-1] = '\0'; /* make sure its NULL terminated */
459 buflen -= 1;
460
461 switch(data[3]) {
--- 35 unchanged lines hidden (view full) ---
497 sprintf(lbuf, " %d", data[i]);
498 strncpy((char *)buf, lbuf, buflen);
499 BUMP(buf, buflen);
500 }
501 break;
502 }
503}
504
505 int
506kerberos4_cksum(d, n)
507 unsigned char *d;
508 int n;
509{
510 int ck = 0;
511
512 /*
513 * A comment is probably needed here for those not
514 * well versed in the "C" language. Yes, this is
515 * supposed to be a "switch" with the body of the
516 * "switch" being a "while" statement. The whole
--- 17 unchanged lines hidden (view full) ---
534 --n;
535 case 1:
536 ck ^= (int)*d++;
537 --n;
538 }
539 return(ck);
540}
541#endif
542
543#ifdef notdef
544
545prkey(msg, key)
546 char *msg;
547 unsigned char *key;
548{
549 register int i;
550 printf("%s:", msg);
551 for (i = 0; i < 8; i++)
552 printf(" %3d", key[i]);
553 printf("\r\n");
554}
555#endif