summaryrefslogtreecommitdiffstats
path: root/src/appl/telnet
diff options
context:
space:
mode:
authorTheodore Tso <tytso@mit.edu>1996-03-19 02:39:45 +0000
committerTheodore Tso <tytso@mit.edu>1996-03-19 02:39:45 +0000
commit769c2b3450c3663a0815951eda93ea6f476221ac (patch)
tree36f1d7228c13b7d41af1c6a6b4de199721ca77d3 /src/appl/telnet
parent12bf8c806285ed4a0689eb7cc3966896dc80568b (diff)
downloadkrb5-769c2b3450c3663a0815951eda93ea6f476221ac.tar.gz
krb5-769c2b3450c3663a0815951eda93ea6f476221ac.tar.xz
krb5-769c2b3450c3663a0815951eda93ea6f476221ac.zip
Makefile.in: Added flags which turn on the encryption option
telnetd.c (getterminaltype): If the authentication option which was negotiated requires that encryption be turned on, then enforce this here. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7663 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/appl/telnet')
-rw-r--r--src/appl/telnet/telnetd/ChangeLog8
-rw-r--r--src/appl/telnet/telnetd/Makefile.in2
-rw-r--r--src/appl/telnet/telnetd/telnetd.c44
3 files changed, 51 insertions, 3 deletions
diff --git a/src/appl/telnet/telnetd/ChangeLog b/src/appl/telnet/telnetd/ChangeLog
index f15d82bad..1b4cd3fa3 100644
--- a/src/appl/telnet/telnetd/ChangeLog
+++ b/src/appl/telnet/telnetd/ChangeLog
@@ -1,3 +1,11 @@
+Mon Mar 18 20:29:05 1996 Theodore Y. Ts'o <tytso@dcl>
+
+ * Makefile.in: Added flags which turn on the encryption option.
+
+ * telnetd.c (getterminaltype): If the authentication option which
+ was negotiated requires that encryption be turned on, then
+ enforce this here.
+
Mon Feb 26 03:33:48 1996 Sam Hartman <hartmans@tertius.mit.edu>
* configure.in: Call USE_ANAME
diff --git a/src/appl/telnet/telnetd/Makefile.in b/src/appl/telnet/telnetd/Makefile.in
index 533633ba3..a0421779f 100644
--- a/src/appl/telnet/telnetd/Makefile.in
+++ b/src/appl/telnet/telnetd/Makefile.in
@@ -22,7 +22,7 @@
LOCAL_LIBRARIES=-lpty
DEPLOCAL_LIBRARIES=$(TOPLIBD)/../util/pty/libpty.a
-AUTH_DEF=-DAUTHENTICATION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
+AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
LOCALINCLUDES=-I.. -I$(srcdir)/..
CFLAGS = $(CCOPTS) $(AUTH_DEF) $(OTHERDEFS) $(DEFS) $(LOCALINCLUDES)
diff --git a/src/appl/telnet/telnetd/telnetd.c b/src/appl/telnet/telnetd/telnetd.c
index aa8ad8101..029add63b 100644
--- a/src/appl/telnet/telnetd/telnetd.c
+++ b/src/appl/telnet/telnetd/telnetd.c
@@ -51,6 +51,10 @@ static char copyright[] =
# undef _SC_CRAY_SECURE_SYS
#endif
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <netdb.h>
#include <libpty.h>
#include <com_err.h>
#if defined(_SC_CRAY_SECURE_SYS)
@@ -77,11 +81,16 @@ struct socket_security ss;
#if defined(AUTHENTICATION)
#include <libtelnet/auth.h>
+#include <libtelnet/auth-proto.h>
int auth_level = 0;
#endif
#if defined(SecurID)
int require_SecurID = 0;
#endif
+#ifdef ENCRYPTION
+#include <libtelnet/encrypt.h>
+#include <libtelnet/enc-proto.h>
+#endif
extern int utmp_len;
int registerd_host_only = 0;
@@ -98,6 +107,8 @@ int registerd_host_only = 0;
# include <sys/ptyvar.h>
#endif
+void doit P((struct sockaddr_in *));
+
/*
* Because of the way ptyibuf is used with streams messages, we need
* ptyibuf+1 to be on a full-word boundary. The following wierdness
@@ -428,7 +439,7 @@ main(argc, argv)
usage();
/* NOT REACHED */
} else if (argc == 1) {
- if (sp = getservbyname(*argv, "tcp")) {
+ if ((sp = getservbyname(*argv, "tcp"))) {
sin.sin_port = sp->s_port;
} else {
sin.sin_port = atoi(*argv);
@@ -569,7 +580,9 @@ main(argc, argv)
#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
net = 0;
doit(&from);
+
/* NOTREACHED */
+ return 0;
} /* end of main */
void
@@ -618,6 +631,16 @@ usage()
exit(1);
}
+static void encrypt_failure()
+{
+ char *error_message =
+ "Encryption was not successfully negotiated. Goodbye.\r\n\r\n";
+
+ writenet(error_message, strlen(error_message));
+ netflush();
+ exit(1);
+}
+
/*
* getterminaltype
*
@@ -660,6 +683,7 @@ getterminaltype(name)
while (
#ifdef ENCRYPTION
his_do_dont_is_changing(TELOPT_ENCRYPT) ||
+ his_will_wont_is_changing(TELOPT_ENCRYPT) ||
#endif /* ENCRYPTION */
his_will_wont_is_changing(TELOPT_TTYPE) ||
his_will_wont_is_changing(TELOPT_TSPEED) ||
@@ -676,6 +700,22 @@ getterminaltype(name)
if (his_state_is_will(TELOPT_ENCRYPT)) {
encrypt_wait();
}
+ if (auth_must_encrypt()) {
+ time_t timeout = time(0) + 60;
+
+ if (my_state_is_dont(TELOPT_ENCRYPT) ||
+ my_state_is_wont(TELOPT_ENCRYPT))
+ encrypt_failure();
+
+ if (!EncryptStartInput() || !EncryptStartOutput())
+ encrypt_failure();
+
+ while (!encrypt_is_encrypting()) {
+ if (time(0) > timeout)
+ encrypt_failure();
+ ttloop();
+ }
+ }
#endif /* ENCRYPTION */
if (his_state_is_will(TELOPT_TSPEED)) {
static unsigned char sb[] =
@@ -828,7 +868,7 @@ extern void telnet P((int, int, char *));
/*
* Get a pty, scan input lines.
*/
-doit(who)
+void doit(who)
struct sockaddr_in *who;
{
char *host, *inet_ntoa();