Makefile.in: Added flags which turn on the encryption option

telnetd.c (getterminaltype): If the authentication option which was negotiated requires that encryption be turned on, then enforce this here. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7663 dc483132-0cff-0310-8789-dd5450dbe970
author: Theodore Tso <tytso@mit.edu> 1996-03-19 02:39:45 +0000
committer: Theodore Tso <tytso@mit.edu> 1996-03-19 02:39:45 +0000
commit: 769c2b3450c3663a0815951eda93ea6f476221ac (patch)
tree: 36f1d7228c13b7d41af1c6a6b4de199721ca77d3 /src/appl
parent: 12bf8c806285ed4a0689eb7cc3966896dc80568b (diff)
download: krb5-769c2b3450c3663a0815951eda93ea6f476221ac.tar.gz
krb5-769c2b3450c3663a0815951eda93ea6f476221ac.tar.xz
krb5-769c2b3450c3663a0815951eda93ea6f476221ac.zip
3 files changed, 51 insertions, 3 deletions
diff --git a/src/appl/telnet/telnetd/ChangeLog b/src/appl/telnet/telnetd/ChangeLog
index f15d82bad..1b4cd3fa3 100644
--- a/src/appl/telnet/telnetd/ChangeLog
+++ b/src/appl/telnet/telnetd/ChangeLog
@@ -1,3 +1,11 @@
+Mon Mar 18 20:29:05 1996  Theodore Y. Ts'o  <tytso@dcl>
+
+	* Makefile.in: Added flags which turn on the encryption option.
+
+	* telnetd.c (getterminaltype): If the authentication option which
+		was negotiated requires that encryption be turned on, then
+		enforce this here.
+
 Mon Feb 26 03:33:48 1996  Sam Hartman  <hartmans@tertius.mit.edu>
 
 	* configure.in: Call USE_ANAME
diff --git a/src/appl/telnet/telnetd/Makefile.in b/src/appl/telnet/telnetd/Makefile.in
index 533633ba3..a0421779f 100644
--- a/src/appl/telnet/telnetd/Makefile.in
+++ b/src/appl/telnet/telnetd/Makefile.in
@@ -22,7 +22,7 @@
 
 LOCAL_LIBRARIES=-lpty
 DEPLOCAL_LIBRARIES=$(TOPLIBD)/../util/pty/libpty.a
-AUTH_DEF=-DAUTHENTICATION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
+AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
 OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
 LOCALINCLUDES=-I.. -I$(srcdir)/..
 CFLAGS = $(CCOPTS) $(AUTH_DEF) $(OTHERDEFS) $(DEFS) $(LOCALINCLUDES)
diff --git a/src/appl/telnet/telnetd/telnetd.c b/src/appl/telnet/telnetd/telnetd.c
index aa8ad8101..029add63b 100644
--- a/src/appl/telnet/telnetd/telnetd.c
+++ b/src/appl/telnet/telnetd/telnetd.c
@@ -51,6 +51,10 @@ static char copyright[] =
 # undef _SC_CRAY_SECURE_SYS
 #endif
 
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <netdb.h>
 #include <libpty.h>
 #include <com_err.h>
 #if	defined(_SC_CRAY_SECURE_SYS)
@@ -77,11 +81,16 @@ struct	socket_security ss;
 
 #if	defined(AUTHENTICATION)
 #include <libtelnet/auth.h>
+#include <libtelnet/auth-proto.h>
 int	auth_level = 0;
 #endif
 #if	defined(SecurID)
 int	require_SecurID = 0;
 #endif
+#ifdef ENCRYPTION
+#include <libtelnet/encrypt.h>
+#include <libtelnet/enc-proto.h>
+#endif
 
 extern	int utmp_len;
 int	registerd_host_only = 0;
@@ -98,6 +107,8 @@ int	registerd_host_only = 0;
 # include <sys/ptyvar.h>
 #endif
 
+void doit P((struct sockaddr_in *));
+
 /*
  * Because of the way ptyibuf is used with streams messages, we need
  * ptyibuf+1 to be on a full-word boundary.  The following wierdness
@@ -428,7 +439,7 @@ main(argc, argv)
 		usage();
 		/* NOT REACHED */
 	    } else if (argc == 1) {
-		    if (sp = getservbyname(*argv, "tcp")) {
+		    if ((sp = getservbyname(*argv, "tcp"))) {
 			sin.sin_port = sp->s_port;
 		    } else {
 			sin.sin_port = atoi(*argv);
@@ -569,7 +580,9 @@ main(argc, argv)
 #endif	/* defined(IPPROTO_IP) && defined(IP_TOS) */
 	net = 0;
 	doit(&from);
+	
 	/* NOTREACHED */
+	return 0;
 }  /* end of main */
 
 	void
@@ -618,6 +631,16 @@ usage()
 	exit(1);
 }
 
+static void encrypt_failure()
+{
+    char *error_message =
+	"Encryption was not successfully negotiated.  Goodbye.\r\n\r\n";
+
+    writenet(error_message, strlen(error_message));
+    netflush();
+    exit(1);
+}
+
 /*
  * getterminaltype
  *
@@ -660,6 +683,7 @@ getterminaltype(name)
     while (
 #ifdef	ENCRYPTION
 	   his_do_dont_is_changing(TELOPT_ENCRYPT) ||
+	   his_will_wont_is_changing(TELOPT_ENCRYPT) ||
 #endif	/* ENCRYPTION */
 	   his_will_wont_is_changing(TELOPT_TTYPE) ||
 	   his_will_wont_is_changing(TELOPT_TSPEED) ||
@@ -676,6 +700,22 @@ getterminaltype(name)
     if (his_state_is_will(TELOPT_ENCRYPT)) {
 	encrypt_wait();
     }
+    if (auth_must_encrypt()) {
+	time_t timeout = time(0) + 60;
+	
+	if (my_state_is_dont(TELOPT_ENCRYPT) ||
+	    my_state_is_wont(TELOPT_ENCRYPT))
+	    encrypt_failure();
+
+	if (!EncryptStartInput() || !EncryptStartOutput())
+	    encrypt_failure();
+
+	while (!encrypt_is_encrypting()) {
+	    if (time(0) > timeout)
+		encrypt_failure();
+	    ttloop();
+	}
+    }
 #endif	/* ENCRYPTION */
     if (his_state_is_will(TELOPT_TSPEED)) {
 	static unsigned char sb[] =
@@ -828,7 +868,7 @@ extern void telnet P((int, int, char *));
 /*
  * Get a pty, scan input lines.
  */
-doit(who)
+void doit(who)
 	struct sockaddr_in *who;
 {
 	char *host, *inet_ntoa();
author	Theodore Tso <tytso@mit.edu>	1996-03-19 02:39:45 +0000
committer	Theodore Tso <tytso@mit.edu>	1996-03-19 02:39:45 +0000
commit	769c2b3450c3663a0815951eda93ea6f476221ac (patch)
tree	36f1d7228c13b7d41af1c6a6b4de199721ca77d3 /src/appl
parent	12bf8c806285ed4a0689eb7cc3966896dc80568b (diff)
download	krb5-769c2b3450c3663a0815951eda93ea6f476221ac.tar.gz krb5-769c2b3450c3663a0815951eda93ea6f476221ac.tar.xz krb5-769c2b3450c3663a0815951eda93ea6f476221ac.zip