157416Smarkm/*- 257416Smarkm * Copyright (c) 1992, 1993 357416Smarkm * The Regents of the University of California. All rights reserved. 457416Smarkm * 557416Smarkm * Redistribution and use in source and binary forms, with or without 657416Smarkm * modification, are permitted provided that the following conditions 757416Smarkm * are met: 857416Smarkm * 1. Redistributions of source code must retain the above copyright 957416Smarkm * notice, this list of conditions and the following disclaimer. 1057416Smarkm * 2. Redistributions in binary form must reproduce the above copyright 1157416Smarkm * notice, this list of conditions and the following disclaimer in the 1257416Smarkm * documentation and/or other materials provided with the distribution. 1357416Smarkm * 3. All advertising materials mentioning features or use of this software 1457416Smarkm * must display the following acknowledgement: 1557416Smarkm * This product includes software developed by the University of 1657416Smarkm * California, Berkeley and its contributors. 1757416Smarkm * 4. Neither the name of the University nor the names of its contributors 1857416Smarkm * may be used to endorse or promote products derived from this software 1957416Smarkm * without specific prior written permission. 2057416Smarkm * 2157416Smarkm * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 2257416Smarkm * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2357416Smarkm * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2457416Smarkm * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 2557416Smarkm * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2657416Smarkm * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2757416Smarkm * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2857416Smarkm * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2957416Smarkm * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 3057416Smarkm * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 3157416Smarkm * SUCH DAMAGE. 3257416Smarkm */ 3357416Smarkm 3457416Smarkm#include <config.h> 3557416Smarkm 36233294SstasRCSID("$Id$"); 3757416Smarkm 3857416Smarkm#ifdef SPX 3957416Smarkm/* 4057416Smarkm * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION 4157416Smarkm * ALL RIGHTS RESERVED 4257416Smarkm * 4357416Smarkm * "Digital Equipment Corporation authorizes the reproduction, 4457416Smarkm * distribution and modification of this software subject to the following 4557416Smarkm * restrictions: 4657416Smarkm * 4757416Smarkm * 1. Any partial or whole copy of this software, or any modification 4857416Smarkm * thereof, must include this copyright notice in its entirety. 4957416Smarkm * 5057416Smarkm * 2. This software is supplied "as is" with no warranty of any kind, 5157416Smarkm * expressed or implied, for any purpose, including any warranty of fitness 5257416Smarkm * or merchantibility. DIGITAL assumes no responsibility for the use or 5357416Smarkm * reliability of this software, nor promises to provide any form of 5457416Smarkm * support for it on any basis. 5557416Smarkm * 5657416Smarkm * 3. Distribution of this software is authorized only if no profit or 5757416Smarkm * remuneration of any kind is received in exchange for such distribution. 5857416Smarkm * 5957416Smarkm * 4. This software produces public key authentication certificates 6057416Smarkm * bearing an expiration date established by DIGITAL and RSA Data 6157416Smarkm * Security, Inc. It may cease to generate certificates after the expiration 6257416Smarkm * date. Any modification of this software that changes or defeats 6357416Smarkm * the expiration date or its effect is unauthorized. 6457416Smarkm * 6557416Smarkm * 5. Software that will renew or extend the expiration date of 6657416Smarkm * authentication certificates produced by this software may be obtained 6757416Smarkm * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA 6857416Smarkm * 94065, (415)595-8782, or from DIGITAL" 6957416Smarkm * 7057416Smarkm */ 7157416Smarkm 7257416Smarkm#ifdef HAVE_SYS_TYPES_H 7357416Smarkm#include <sys/types.h> 7457416Smarkm#endif 7557416Smarkm#ifdef HAVE_ARPA_TELNET_H 7657416Smarkm#include <arpa/telnet.h> 7757416Smarkm#endif 7857416Smarkm#include <stdio.h> 7957416Smarkm#include "gssapi_defs.h" 8057416Smarkm#include <stdlib.h> 8157416Smarkm#include <string.h> 8257416Smarkm 8357416Smarkm#include <pwd.h> 8457416Smarkm#ifdef SOCKS 8557416Smarkm#include <socks.h> 8657416Smarkm#endif 8757416Smarkm 8857416Smarkm#include "encrypt.h" 8957416Smarkm#include "auth.h" 9057416Smarkm#include "misc.h" 9157416Smarkm 9257416Smarkmextern auth_debug_mode; 9357416Smarkm 9457416Smarkmstatic unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, 9557416Smarkm AUTHTYPE_SPX, }; 9657416Smarkmstatic unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 9757416Smarkm TELQUAL_NAME, }; 9857416Smarkm 9957416Smarkm#define SPX_AUTH 0 /* Authentication data follows */ 10057416Smarkm#define SPX_REJECT 1 /* Rejected (reason might follow) */ 10157416Smarkm#define SPX_ACCEPT 2 /* Accepted */ 10257416Smarkm 10357416Smarkmstatic des_key_schedule sched; 10457416Smarkmstatic des_cblock challenge = { 0 }; 10557416Smarkm 10657416Smarkm 10757416Smarkm/*******************************************************************/ 10857416Smarkm 10957416Smarkmgss_OID_set actual_mechs; 11057416Smarkmgss_OID actual_mech_type, output_name_type; 11157416Smarkmint major_status, status, msg_ctx = 0, new_status; 11257416Smarkmint req_flags = 0, ret_flags, lifetime_rec; 11357416Smarkmgss_cred_id_t gss_cred_handle; 11457416Smarkmgss_ctx_id_t actual_ctxhandle, context_handle; 11557416Smarkmgss_buffer_desc output_token, input_token, input_name_buffer; 11657416Smarkmgss_buffer_desc status_string; 11757416Smarkmgss_name_t desired_targname, src_name; 11857416Smarkmgss_channel_bindings input_chan_bindings; 11957416Smarkmchar lhostname[GSS_C_MAX_PRINTABLE_NAME]; 12057416Smarkmchar targ_printable[GSS_C_MAX_PRINTABLE_NAME]; 12157416Smarkmint to_addr=0, from_addr=0; 12257416Smarkmchar *address; 12357416Smarkmgss_buffer_desc fullname_buffer; 12457416Smarkmgss_OID fullname_type; 12557416Smarkmgss_cred_id_t gss_delegated_cred_handle; 12657416Smarkm 12757416Smarkm/*******************************************************************/ 12857416Smarkm 12957416Smarkm 13057416Smarkm 13157416Smarkm static int 13257416SmarkmData(ap, type, d, c) 13357416Smarkm Authenticator *ap; 13457416Smarkm int type; 13557416Smarkm void *d; 13657416Smarkm int c; 13757416Smarkm{ 13857416Smarkm unsigned char *p = str_data + 4; 13957416Smarkm unsigned char *cd = (unsigned char *)d; 14057416Smarkm 14157416Smarkm if (c == -1) 14257416Smarkm c = strlen((char *)cd); 14357416Smarkm 14457416Smarkm if (0) { 14557416Smarkm printf("%s:%d: [%d] (%d)", 14657416Smarkm str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY", 14757416Smarkm str_data[3], 14857416Smarkm type, c); 14957416Smarkm printd(d, c); 15057416Smarkm printf("\r\n"); 15157416Smarkm } 15257416Smarkm *p++ = ap->type; 15357416Smarkm *p++ = ap->way; 15457416Smarkm *p++ = type; 15557416Smarkm while (c-- > 0) { 15657416Smarkm if ((*p++ = *cd++) == IAC) 15757416Smarkm *p++ = IAC; 15857416Smarkm } 15957416Smarkm *p++ = IAC; 16057416Smarkm *p++ = SE; 16157416Smarkm if (str_data[3] == TELQUAL_IS) 16257416Smarkm printsub('>', &str_data[2], p - (&str_data[2])); 16357416Smarkm return(telnet_net_write(str_data, p - str_data)); 16457416Smarkm} 16557416Smarkm 16657416Smarkm int 16757416Smarkmspx_init(ap, server) 16857416Smarkm Authenticator *ap; 16957416Smarkm int server; 17057416Smarkm{ 17157416Smarkm gss_cred_id_t tmp_cred_handle; 17257416Smarkm 17357416Smarkm if (server) { 17457416Smarkm str_data[3] = TELQUAL_REPLY; 17557416Smarkm gethostname(lhostname, sizeof(lhostname)); 17657416Smarkm snprintf (targ_printable, sizeof(targ_printable), 17757416Smarkm "SERVICE:rcmd@%s", lhostname); 17857416Smarkm input_name_buffer.length = strlen(targ_printable); 17957416Smarkm input_name_buffer.value = targ_printable; 18057416Smarkm major_status = gss_import_name(&status, 18157416Smarkm &input_name_buffer, 18257416Smarkm GSS_C_NULL_OID, 18357416Smarkm &desired_targname); 18457416Smarkm major_status = gss_acquire_cred(&status, 18557416Smarkm desired_targname, 18657416Smarkm 0, 18757416Smarkm GSS_C_NULL_OID_SET, 18857416Smarkm GSS_C_ACCEPT, 18957416Smarkm &tmp_cred_handle, 19057416Smarkm &actual_mechs, 19157416Smarkm &lifetime_rec); 19257416Smarkm if (major_status != GSS_S_COMPLETE) return(0); 19357416Smarkm } else { 19457416Smarkm str_data[3] = TELQUAL_IS; 19557416Smarkm } 19657416Smarkm return(1); 19757416Smarkm} 19857416Smarkm 19957416Smarkm int 20057416Smarkmspx_send(ap) 20157416Smarkm Authenticator *ap; 20257416Smarkm{ 20357416Smarkm des_cblock enckey; 20457416Smarkm int r; 20557416Smarkm 20657416Smarkm gss_OID actual_mech_type, output_name_type; 20757416Smarkm int msg_ctx = 0, new_status, status; 20857416Smarkm int req_flags = 0, ret_flags, lifetime_rec, major_status; 20957416Smarkm gss_buffer_desc output_token, input_token, input_name_buffer; 21057416Smarkm gss_buffer_desc output_name_buffer, status_string; 21157416Smarkm gss_name_t desired_targname; 21257416Smarkm gss_channel_bindings input_chan_bindings; 21357416Smarkm char targ_printable[GSS_C_MAX_PRINTABLE_NAME]; 21457416Smarkm int from_addr=0, to_addr=0, myhostlen, j; 21557416Smarkm int deleg_flag=1, mutual_flag=0, replay_flag=0, seq_flag=0; 21657416Smarkm char *address; 21757416Smarkm 21857416Smarkm printf("[ Trying SPX ... ]\r\n"); 21957416Smarkm snprintf (targ_printable, sizeof(targ_printable), 22057416Smarkm "SERVICE:rcmd@%s", RemoteHostName); 22157416Smarkm 22257416Smarkm input_name_buffer.length = strlen(targ_printable); 22357416Smarkm input_name_buffer.value = targ_printable; 22457416Smarkm 22557416Smarkm if (!UserNameRequested) { 22657416Smarkm return(0); 22757416Smarkm } 22857416Smarkm 22957416Smarkm major_status = gss_import_name(&status, 23057416Smarkm &input_name_buffer, 23157416Smarkm GSS_C_NULL_OID, 23257416Smarkm &desired_targname); 23357416Smarkm 23457416Smarkm 23557416Smarkm major_status = gss_display_name(&status, 23657416Smarkm desired_targname, 23757416Smarkm &output_name_buffer, 23857416Smarkm &output_name_type); 23957416Smarkm 240233294Sstas printf("target is '%.*s'\n", (int)output_name_buffer.length, 241233294Sstas (char*)output_name_buffer.value); 242233294Sstas fflush(stdout); 24357416Smarkm 24457416Smarkm major_status = gss_release_buffer(&status, &output_name_buffer); 24557416Smarkm 24657416Smarkm input_chan_bindings = (gss_channel_bindings) 24757416Smarkm malloc(sizeof(gss_channel_bindings_desc)); 24857416Smarkm 24957416Smarkm input_chan_bindings->initiator_addrtype = GSS_C_AF_INET; 25057416Smarkm input_chan_bindings->initiator_address.length = 4; 25157416Smarkm address = (char *) malloc(4); 25257416Smarkm input_chan_bindings->initiator_address.value = (char *) address; 25357416Smarkm address[0] = ((from_addr & 0xff000000) >> 24); 25457416Smarkm address[1] = ((from_addr & 0xff0000) >> 16); 25557416Smarkm address[2] = ((from_addr & 0xff00) >> 8); 25657416Smarkm address[3] = (from_addr & 0xff); 25757416Smarkm input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET; 25857416Smarkm input_chan_bindings->acceptor_address.length = 4; 25957416Smarkm address = (char *) malloc(4); 26057416Smarkm input_chan_bindings->acceptor_address.value = (char *) address; 26157416Smarkm address[0] = ((to_addr & 0xff000000) >> 24); 26257416Smarkm address[1] = ((to_addr & 0xff0000) >> 16); 26357416Smarkm address[2] = ((to_addr & 0xff00) >> 8); 26457416Smarkm address[3] = (to_addr & 0xff); 26557416Smarkm input_chan_bindings->application_data.length = 0; 26657416Smarkm 26757416Smarkm req_flags = 0; 26857416Smarkm if (deleg_flag) req_flags = req_flags | 1; 26957416Smarkm if (mutual_flag) req_flags = req_flags | 2; 27057416Smarkm if (replay_flag) req_flags = req_flags | 4; 27157416Smarkm if (seq_flag) req_flags = req_flags | 8; 27257416Smarkm 27357416Smarkm major_status = gss_init_sec_context(&status, /* minor status */ 27457416Smarkm GSS_C_NO_CREDENTIAL, /* cred handle */ 27557416Smarkm &actual_ctxhandle, /* ctx handle */ 27657416Smarkm desired_targname, /* target name */ 27757416Smarkm GSS_C_NULL_OID, /* mech type */ 27857416Smarkm req_flags, /* req flags */ 27957416Smarkm 0, /* time req */ 28057416Smarkm input_chan_bindings, /* chan binding */ 28157416Smarkm GSS_C_NO_BUFFER, /* input token */ 28257416Smarkm &actual_mech_type, /* actual mech */ 28357416Smarkm &output_token, /* output token */ 28457416Smarkm &ret_flags, /* ret flags */ 28557416Smarkm &lifetime_rec); /* time rec */ 28657416Smarkm 28757416Smarkm if ((major_status != GSS_S_COMPLETE) && 28857416Smarkm (major_status != GSS_S_CONTINUE_NEEDED)) { 28957416Smarkm gss_display_status(&new_status, 29057416Smarkm status, 29157416Smarkm GSS_C_MECH_CODE, 29257416Smarkm GSS_C_NULL_OID, 29357416Smarkm &msg_ctx, 29457416Smarkm &status_string); 295233294Sstas printf("%.*s\n", (int)status_string.length, 296233294Sstas (char*)status_string.value); 29757416Smarkm return(0); 29857416Smarkm } 29957416Smarkm 30057416Smarkm if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) { 30157416Smarkm return(0); 30257416Smarkm } 30357416Smarkm 30457416Smarkm if (!Data(ap, SPX_AUTH, output_token.value, output_token.length)) { 30557416Smarkm return(0); 30657416Smarkm } 30757416Smarkm 30857416Smarkm return(1); 30957416Smarkm} 31057416Smarkm 31157416Smarkm void 31257416Smarkmspx_is(ap, data, cnt) 31357416Smarkm Authenticator *ap; 31457416Smarkm unsigned char *data; 31557416Smarkm int cnt; 31657416Smarkm{ 31757416Smarkm Session_Key skey; 31857416Smarkm des_cblock datablock; 31957416Smarkm int r; 32057416Smarkm 32157416Smarkm if (cnt-- < 1) 32257416Smarkm return; 32357416Smarkm switch (*data++) { 32457416Smarkm case SPX_AUTH: 32557416Smarkm input_token.length = cnt; 32657416Smarkm input_token.value = (char *) data; 32757416Smarkm 32857416Smarkm gethostname(lhostname, sizeof(lhostname)); 32957416Smarkm 33057416Smarkm snprintf(targ_printable, sizeof(targ_printable), 33157416Smarkm "SERVICE:rcmd@%s", lhostname); 33257416Smarkm 33357416Smarkm input_name_buffer.length = strlen(targ_printable); 33457416Smarkm input_name_buffer.value = targ_printable; 33557416Smarkm 33657416Smarkm major_status = gss_import_name(&status, 33757416Smarkm &input_name_buffer, 33857416Smarkm GSS_C_NULL_OID, 33957416Smarkm &desired_targname); 34057416Smarkm 34157416Smarkm major_status = gss_acquire_cred(&status, 34257416Smarkm desired_targname, 34357416Smarkm 0, 34457416Smarkm GSS_C_NULL_OID_SET, 34557416Smarkm GSS_C_ACCEPT, 34657416Smarkm &gss_cred_handle, 34757416Smarkm &actual_mechs, 34857416Smarkm &lifetime_rec); 34957416Smarkm 35057416Smarkm major_status = gss_release_name(&status, desired_targname); 35157416Smarkm 35257416Smarkm input_chan_bindings = (gss_channel_bindings) 35357416Smarkm malloc(sizeof(gss_channel_bindings_desc)); 35457416Smarkm 35557416Smarkm input_chan_bindings->initiator_addrtype = GSS_C_AF_INET; 35657416Smarkm input_chan_bindings->initiator_address.length = 4; 35757416Smarkm address = (char *) malloc(4); 35857416Smarkm input_chan_bindings->initiator_address.value = (char *) address; 35957416Smarkm address[0] = ((from_addr & 0xff000000) >> 24); 36057416Smarkm address[1] = ((from_addr & 0xff0000) >> 16); 36157416Smarkm address[2] = ((from_addr & 0xff00) >> 8); 36257416Smarkm address[3] = (from_addr & 0xff); 36357416Smarkm input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET; 36457416Smarkm input_chan_bindings->acceptor_address.length = 4; 36557416Smarkm address = (char *) malloc(4); 36657416Smarkm input_chan_bindings->acceptor_address.value = (char *) address; 36757416Smarkm address[0] = ((to_addr & 0xff000000) >> 24); 36857416Smarkm address[1] = ((to_addr & 0xff0000) >> 16); 36957416Smarkm address[2] = ((to_addr & 0xff00) >> 8); 37057416Smarkm address[3] = (to_addr & 0xff); 37157416Smarkm input_chan_bindings->application_data.length = 0; 37257416Smarkm 37357416Smarkm major_status = gss_accept_sec_context(&status, 37457416Smarkm &context_handle, 37557416Smarkm gss_cred_handle, 37657416Smarkm &input_token, 37757416Smarkm input_chan_bindings, 37857416Smarkm &src_name, 37957416Smarkm &actual_mech_type, 38057416Smarkm &output_token, 38157416Smarkm &ret_flags, 38257416Smarkm &lifetime_rec, 38357416Smarkm &gss_delegated_cred_handle); 38457416Smarkm 38557416Smarkm 38657416Smarkm if (major_status != GSS_S_COMPLETE) { 38757416Smarkm 38857416Smarkm major_status = gss_display_name(&status, 38957416Smarkm src_name, 39057416Smarkm &fullname_buffer, 39157416Smarkm &fullname_type); 39257416Smarkm Data(ap, SPX_REJECT, "auth failed", -1); 39357416Smarkm auth_finished(ap, AUTH_REJECT); 39457416Smarkm return; 39557416Smarkm } 39657416Smarkm 39757416Smarkm major_status = gss_display_name(&status, 39857416Smarkm src_name, 39957416Smarkm &fullname_buffer, 40057416Smarkm &fullname_type); 40157416Smarkm 40257416Smarkm 40357416Smarkm Data(ap, SPX_ACCEPT, output_token.value, output_token.length); 40457416Smarkm auth_finished(ap, AUTH_USER); 40557416Smarkm break; 40657416Smarkm 40757416Smarkm default: 40857416Smarkm Data(ap, SPX_REJECT, 0, 0); 40957416Smarkm break; 41057416Smarkm } 41157416Smarkm} 41257416Smarkm 41357416Smarkm 41457416Smarkm void 41557416Smarkmspx_reply(ap, data, cnt) 41657416Smarkm Authenticator *ap; 41757416Smarkm unsigned char *data; 41857416Smarkm int cnt; 41957416Smarkm{ 42057416Smarkm Session_Key skey; 42157416Smarkm 42257416Smarkm if (cnt-- < 1) 42357416Smarkm return; 42457416Smarkm switch (*data++) { 42557416Smarkm case SPX_REJECT: 42657416Smarkm if (cnt > 0) { 42757416Smarkm printf("[ SPX refuses authentication because %.*s ]\r\n", 42857416Smarkm cnt, data); 42957416Smarkm } else 43057416Smarkm printf("[ SPX refuses authentication ]\r\n"); 43157416Smarkm auth_send_retry(); 43257416Smarkm return; 43357416Smarkm case SPX_ACCEPT: 43457416Smarkm printf("[ SPX accepts you ]\r\n"); 43557416Smarkm if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { 43657416Smarkm /* 43757416Smarkm * Send over the encrypted challenge. 43857416Smarkm */ 43957416Smarkm input_token.value = (char *) data; 44057416Smarkm input_token.length = cnt; 44157416Smarkm 44257416Smarkm major_status = gss_init_sec_context(&status, /* minor stat */ 44357416Smarkm GSS_C_NO_CREDENTIAL, /* cred handle */ 44457416Smarkm &actual_ctxhandle, /* ctx handle */ 44557416Smarkm desired_targname, /* target name */ 44657416Smarkm GSS_C_NULL_OID, /* mech type */ 44757416Smarkm req_flags, /* req flags */ 44857416Smarkm 0, /* time req */ 44957416Smarkm input_chan_bindings, /* chan binding */ 45057416Smarkm &input_token, /* input token */ 45157416Smarkm &actual_mech_type, /* actual mech */ 45257416Smarkm &output_token, /* output token */ 45357416Smarkm &ret_flags, /* ret flags */ 45457416Smarkm &lifetime_rec); /* time rec */ 45557416Smarkm 45657416Smarkm if (major_status != GSS_S_COMPLETE) { 45757416Smarkm gss_display_status(&new_status, 45857416Smarkm status, 45957416Smarkm GSS_C_MECH_CODE, 46057416Smarkm GSS_C_NULL_OID, 46157416Smarkm &msg_ctx, 46257416Smarkm &status_string); 463233294Sstas printf("[ SPX mutual response fails ... '%.*s' ]\r\n", 464233294Sstas (int)status_string.length, 465233294Sstas (char*)status_string.value); 46657416Smarkm auth_send_retry(); 46757416Smarkm return; 46857416Smarkm } 46957416Smarkm } 47057416Smarkm auth_finished(ap, AUTH_USER); 47157416Smarkm return; 47257416Smarkm 47357416Smarkm default: 47457416Smarkm return; 47557416Smarkm } 47657416Smarkm} 47757416Smarkm 47857416Smarkm int 47957416Smarkmspx_status(ap, name, name_sz, level) 48057416Smarkm Authenticator *ap; 48157416Smarkm char *name; 48257416Smarkm size_t name_sz; 48357416Smarkm int level; 48457416Smarkm{ 48557416Smarkm 48657416Smarkm gss_buffer_desc fullname_buffer, acl_file_buffer; 48757416Smarkm gss_OID fullname_type; 48857416Smarkm char acl_file[160], fullname[160]; 48957416Smarkm int major_status, status = 0; 49057416Smarkm struct passwd *pwd; 49157416Smarkm 49257416Smarkm /* 49357416Smarkm * hard code fullname to 49457416Smarkm * "SPX:/C=US/O=Digital/OU=LKG/OU=Sphinx/OU=Users/CN=Kannan Alagappan" 49557416Smarkm * and acl_file to "~kannan/.sphinx" 49657416Smarkm */ 49757416Smarkm 49857416Smarkm pwd = k_getpwnam(UserNameRequested); 49957416Smarkm if (pwd == NULL) { 50057416Smarkm return(AUTH_USER); /* not authenticated */ 50157416Smarkm } 50257416Smarkm 50357416Smarkm snprintf (acl_file, sizeof(acl_file), 50457416Smarkm "%s/.sphinx", pwd->pw_dir); 50557416Smarkm 50657416Smarkm acl_file_buffer.value = acl_file; 50757416Smarkm acl_file_buffer.length = strlen(acl_file); 50857416Smarkm 50957416Smarkm major_status = gss_display_name(&status, 51057416Smarkm src_name, 51157416Smarkm &fullname_buffer, 51257416Smarkm &fullname_type); 51357416Smarkm 51457416Smarkm if (level < AUTH_USER) 51557416Smarkm return(level); 51657416Smarkm 51757416Smarkm major_status = gss__check_acl(&status, &fullname_buffer, 51857416Smarkm &acl_file_buffer); 51957416Smarkm 52057416Smarkm if (major_status == GSS_S_COMPLETE) { 52157416Smarkm strlcpy(name, UserNameRequested, name_sz); 52257416Smarkm return(AUTH_VALID); 52357416Smarkm } else { 52457416Smarkm return(AUTH_USER); 52557416Smarkm } 52657416Smarkm 52757416Smarkm} 52857416Smarkm 52957416Smarkm#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);} 53057416Smarkm#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);} 53157416Smarkm 53257416Smarkm void 533233294Sstasspx_printsub(unsigned char *data, size_t cnt, 534233294Sstas unsigned char *buf, size_t buflen) 53557416Smarkm{ 536233294Sstas size_t i; 53757416Smarkm 538178825Sdfr buf[buflen-1] = '\0'; /* make sure it's NULL terminated */ 53957416Smarkm buflen -= 1; 54057416Smarkm 54157416Smarkm switch(data[3]) { 54257416Smarkm case SPX_REJECT: /* Rejected (reason might follow) */ 54357416Smarkm strlcpy((char *)buf, " REJECT ", buflen); 54457416Smarkm goto common; 54557416Smarkm 54657416Smarkm case SPX_ACCEPT: /* Accepted (name might follow) */ 54757416Smarkm strlcpy((char *)buf, " ACCEPT ", buflen); 54857416Smarkm common: 54957416Smarkm BUMP(buf, buflen); 55057416Smarkm if (cnt <= 4) 55157416Smarkm break; 55257416Smarkm ADDC(buf, buflen, '"'); 55357416Smarkm for (i = 4; i < cnt; i++) 55457416Smarkm ADDC(buf, buflen, data[i]); 55557416Smarkm ADDC(buf, buflen, '"'); 55657416Smarkm ADDC(buf, buflen, '\0'); 55757416Smarkm break; 55857416Smarkm 55957416Smarkm case SPX_AUTH: /* Authentication data follows */ 56057416Smarkm strlcpy((char *)buf, " AUTH", buflen); 56157416Smarkm goto common2; 56257416Smarkm 56357416Smarkm default: 56457416Smarkm snprintf(buf, buflen, " %d (unknown)", data[3]); 56557416Smarkm common2: 56657416Smarkm BUMP(buf, buflen); 56757416Smarkm for (i = 4; i < cnt; i++) { 56857416Smarkm snprintf(buf, buflen, " %d", data[i]); 56957416Smarkm BUMP(buf, buflen); 57057416Smarkm } 57157416Smarkm break; 57257416Smarkm } 57357416Smarkm} 57457416Smarkm 57557416Smarkm#endif 57657416Smarkm 57757416Smarkm#ifdef notdef 57857416Smarkm 57957416Smarkmprkey(msg, key) 58057416Smarkm char *msg; 58157416Smarkm unsigned char *key; 58257416Smarkm{ 58357416Smarkm int i; 58457416Smarkm printf("%s:", msg); 58557416Smarkm for (i = 0; i < 8; i++) 58657416Smarkm printf(" %3d", key[i]); 58757416Smarkm printf("\r\n"); 58857416Smarkm} 58957416Smarkm#endif 590