diff options
author | Theodore Tso <tytso@mit.edu> | 1996-03-19 02:39:45 +0000 |
---|---|---|
committer | Theodore Tso <tytso@mit.edu> | 1996-03-19 02:39:45 +0000 |
commit | 769c2b3450c3663a0815951eda93ea6f476221ac (patch) | |
tree | 36f1d7228c13b7d41af1c6a6b4de199721ca77d3 /src/appl/telnet | |
parent | 12bf8c806285ed4a0689eb7cc3966896dc80568b (diff) | |
download | krb5-769c2b3450c3663a0815951eda93ea6f476221ac.tar.gz krb5-769c2b3450c3663a0815951eda93ea6f476221ac.tar.xz krb5-769c2b3450c3663a0815951eda93ea6f476221ac.zip |
Makefile.in: Added flags which turn on the encryption option
telnetd.c (getterminaltype): If the authentication option which was
negotiated requires that encryption be turned on, then enforce this
here.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7663 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/appl/telnet')
-rw-r--r-- | src/appl/telnet/telnetd/ChangeLog | 8 | ||||
-rw-r--r-- | src/appl/telnet/telnetd/Makefile.in | 2 | ||||
-rw-r--r-- | src/appl/telnet/telnetd/telnetd.c | 44 |
3 files changed, 51 insertions, 3 deletions
diff --git a/src/appl/telnet/telnetd/ChangeLog b/src/appl/telnet/telnetd/ChangeLog index f15d82bad..1b4cd3fa3 100644 --- a/src/appl/telnet/telnetd/ChangeLog +++ b/src/appl/telnet/telnetd/ChangeLog @@ -1,3 +1,11 @@ +Mon Mar 18 20:29:05 1996 Theodore Y. Ts'o <tytso@dcl> + + * Makefile.in: Added flags which turn on the encryption option. + + * telnetd.c (getterminaltype): If the authentication option which + was negotiated requires that encryption be turned on, then + enforce this here. + Mon Feb 26 03:33:48 1996 Sam Hartman <hartmans@tertius.mit.edu> * configure.in: Call USE_ANAME diff --git a/src/appl/telnet/telnetd/Makefile.in b/src/appl/telnet/telnetd/Makefile.in index 533633ba3..a0421779f 100644 --- a/src/appl/telnet/telnetd/Makefile.in +++ b/src/appl/telnet/telnetd/Makefile.in @@ -22,7 +22,7 @@ LOCAL_LIBRARIES=-lpty DEPLOCAL_LIBRARIES=$(TOPLIBD)/../util/pty/libpty.a -AUTH_DEF=-DAUTHENTICATION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN +AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON LOCALINCLUDES=-I.. -I$(srcdir)/.. CFLAGS = $(CCOPTS) $(AUTH_DEF) $(OTHERDEFS) $(DEFS) $(LOCALINCLUDES) diff --git a/src/appl/telnet/telnetd/telnetd.c b/src/appl/telnet/telnetd/telnetd.c index aa8ad8101..029add63b 100644 --- a/src/appl/telnet/telnetd/telnetd.c +++ b/src/appl/telnet/telnetd/telnetd.c @@ -51,6 +51,10 @@ static char copyright[] = # undef _SC_CRAY_SECURE_SYS #endif +#include <stdio.h> +#include <unistd.h> +#include <stdlib.h> +#include <netdb.h> #include <libpty.h> #include <com_err.h> #if defined(_SC_CRAY_SECURE_SYS) @@ -77,11 +81,16 @@ struct socket_security ss; #if defined(AUTHENTICATION) #include <libtelnet/auth.h> +#include <libtelnet/auth-proto.h> int auth_level = 0; #endif #if defined(SecurID) int require_SecurID = 0; #endif +#ifdef ENCRYPTION +#include <libtelnet/encrypt.h> +#include <libtelnet/enc-proto.h> +#endif extern int utmp_len; int registerd_host_only = 0; @@ -98,6 +107,8 @@ int registerd_host_only = 0; # include <sys/ptyvar.h> #endif +void doit P((struct sockaddr_in *)); + /* * Because of the way ptyibuf is used with streams messages, we need * ptyibuf+1 to be on a full-word boundary. The following wierdness @@ -428,7 +439,7 @@ main(argc, argv) usage(); /* NOT REACHED */ } else if (argc == 1) { - if (sp = getservbyname(*argv, "tcp")) { + if ((sp = getservbyname(*argv, "tcp"))) { sin.sin_port = sp->s_port; } else { sin.sin_port = atoi(*argv); @@ -569,7 +580,9 @@ main(argc, argv) #endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ net = 0; doit(&from); + /* NOTREACHED */ + return 0; } /* end of main */ void @@ -618,6 +631,16 @@ usage() exit(1); } +static void encrypt_failure() +{ + char *error_message = + "Encryption was not successfully negotiated. Goodbye.\r\n\r\n"; + + writenet(error_message, strlen(error_message)); + netflush(); + exit(1); +} + /* * getterminaltype * @@ -660,6 +683,7 @@ getterminaltype(name) while ( #ifdef ENCRYPTION his_do_dont_is_changing(TELOPT_ENCRYPT) || + his_will_wont_is_changing(TELOPT_ENCRYPT) || #endif /* ENCRYPTION */ his_will_wont_is_changing(TELOPT_TTYPE) || his_will_wont_is_changing(TELOPT_TSPEED) || @@ -676,6 +700,22 @@ getterminaltype(name) if (his_state_is_will(TELOPT_ENCRYPT)) { encrypt_wait(); } + if (auth_must_encrypt()) { + time_t timeout = time(0) + 60; + + if (my_state_is_dont(TELOPT_ENCRYPT) || + my_state_is_wont(TELOPT_ENCRYPT)) + encrypt_failure(); + + if (!EncryptStartInput() || !EncryptStartOutput()) + encrypt_failure(); + + while (!encrypt_is_encrypting()) { + if (time(0) > timeout) + encrypt_failure(); + ttloop(); + } + } #endif /* ENCRYPTION */ if (his_state_is_will(TELOPT_TSPEED)) { static unsigned char sb[] = @@ -828,7 +868,7 @@ extern void telnet P((int, int, char *)); /* * Get a pty, scan input lines. */ -doit(who) +void doit(who) struct sockaddr_in *who; { char *host, *inet_ntoa(); |