From 5115426fe6ca5bd63cf8e3997fbaf8277792c024 Mon Sep 17 00:00:00 2001
From: Ken Raeburn <raeburn@mit.edu>
Date: Fri, 30 Jun 2000 00:16:21 +0000
Subject: 1.2-beta4 pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12470 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/appl/bsd/krlogin.c | 61 +++++++++++++++++++++++++++++++++-----------------
 1 file changed, 40 insertions(+), 21 deletions(-)

(limited to 'src/appl/bsd/krlogin.c')

diff --git a/src/appl/bsd/krlogin.c b/src/appl/bsd/krlogin.c
index da4a88980..0039056c3 100644
--- a/src/appl/bsd/krlogin.c
+++ b/src/appl/bsd/krlogin.c
@@ -177,6 +177,7 @@ int fflag = 0, Fflag = 0;
 krb5_creds *cred;
 struct sockaddr_in local, foreign;
 krb5_context bsd_context;
+krb5_auth_context auth_context;
 
 #ifdef KRB5_KRB4_COMPAT
 Key_schedule v4_schedule;
@@ -377,6 +378,7 @@ main(argc, argv)
 #endif
 #endif
     int port, debug_port = 0;
+    enum kcmd_proto kcmd_proto = KCMD_PROTOCOL_COMPAT_HACK;
    
     memset(&defaultservent, 0, sizeof(struct servent));
     if (strrchr(argv[0], '/'))
@@ -502,6 +504,16 @@ main(argc, argv)
 	argv++, argc--;
 	goto another;
     }
+    if (argc > 0 && !strcmp(*argv, "-PO")) {
+	kcmd_proto = KCMD_OLD_PROTOCOL;
+	argv++, argc--;
+	goto another;
+    }
+    if (argc > 0 && !strcmp(*argv, "-PN")) {
+	kcmd_proto = KCMD_NEW_PROTOCOL;
+	argv++, argc--;
+	goto another;
+    }
 #endif /* KERBEROS */
     if (host == 0)
       goto usage;
@@ -559,7 +571,8 @@ main(argc, argv)
 	if (tcgetattr(0, &ttyb) == 0) {
 		int ospeed = cfgetospeed (&ttyb);
 
-		(void) strcat(term, "/");
+                term[sizeof(term) - 1] = '\0';
+		(void) strncat(term, "/", sizeof(term) - 1 - strlen(term));
 		if (ospeed >= 50)
 			/* On some systems, ospeed is the baud rate itself,
 			   not a table index.  */
@@ -567,15 +580,16 @@ main(argc, argv)
 		else if (ospeed >= sizeof(speeds)/sizeof(char*))
 			/* Past end of table, but not high enough to
 			   look like a real speed.  */
-			(void) strcat (term, speeds[sizeof(speeds)/sizeof(char*) - 1]);
+			(void) strncat (term, speeds[sizeof(speeds)/sizeof(char*) - 1], sizeof(term) - 1 - strlen(term));
 		else {
-			(void) strcat(term, speeds[ospeed]);
+			(void) strncat(term, speeds[ospeed], sizeof(term) - 1 - strlen(term));
 		}
+                term[sizeof (term) - 1] = '\0';
 	}
 #else
     if (ioctl(0, TIOCGETP, &ttyb) == 0) {
-	(void) strcat(term, "/");
-	(void) strcat(term, speeds[ttyb.sg_ospeed]);
+	(void) strncat(term, "/", sizeof(term) - 1 - strlen(term));
+	(void) strncat(term, speeds[ttyb.sg_ospeed], sizeof(term) - 1 - strlen(term));
     }
 #endif
     (void) get_window_size(0, &winsize);
@@ -631,10 +645,14 @@ main(argc, argv)
 		  0,		/* No need for sequence number */
 		  0,		/* No need for server seq # */
 		  &local, &foreign,
-		  authopts,
+		  &auth_context, authopts,
 		  0,		/* Not any port # */
-		  0);
+		  0,
+		  &kcmd_proto);
     if (status) {
+	if (kcmd_proto == KCMD_NEW_PROTOCOL && encrypt_flag)
+	    /* Don't fall back to something less secure.  */
+	    exit (1);
 #ifdef KRB5_KRB4_COMPAT
 	fprintf(stderr, "Trying krb4 rlogin...\n");
 	status = k4cmd(&sock, &host, port,
@@ -650,19 +668,20 @@ main(argc, argv)
 	try_normal(orig_argv);
 #endif
     } else {
-	krb5_boolean similar;
-
-	rcmd_stream_init_krb5(&cred->keyblock, encrypt_flag, 1);
-
-	if (status = krb5_c_enctype_compare(bsd_context, ENCTYPE_DES_CBC_CRC,
-					    cred->keyblock.enctype, &similar))
-	    try_normal(orig_argv); /* doesn't return */
+	krb5_keyblock *key = 0;
 
-	if (!similar) {
+	if (kcmd_proto == KCMD_NEW_PROTOCOL) {
 	    do_inband = 1;
-	    if (debug_port)
-		fprintf(stderr, "DEBUG: setting do_inband\n");
+
+	    status = krb5_auth_con_getlocalsubkey (bsd_context, auth_context,
+						   &key);
+	    if ((status || !key) && encrypt_flag)
+		try_normal(orig_argv);
 	}
+	if (key == 0)
+	    key = &cred->keyblock;
+
+	rcmd_stream_init_krb5(key, encrypt_flag, 1, 1, kcmd_proto);
     }
 	
     rem = sock;
@@ -1122,9 +1141,9 @@ writer()
 #endif
 
 	    if (c != cmdchar)
-	      (void) rcmd_stream_write(rem, &cmdchar, 1);
+	      (void) rcmd_stream_write(rem, &cmdchar, 1, 0);
 	}
-	if (rcmd_stream_write(rem, &c, 1) == 0) {
+	if (rcmd_stream_write(rem, &c, 1, 0) == 0) {
 	    prf("line gone");
 	    break;
 	}
@@ -1239,7 +1258,7 @@ sendwindow()
     wp->ws_col = htons(winsize.ws_col);
     wp->ws_xpixel = htons(winsize.ws_xpixel);
     wp->ws_ypixel = htons(winsize.ws_ypixel);
-    (void) rcmd_stream_write(rem, obuf, sizeof(obuf));
+    (void) rcmd_stream_write(rem, obuf, sizeof(obuf), 0);
 }
 
 
@@ -1458,7 +1477,7 @@ fd_set readset, excset, writeset;
 		bufp += n;
 	    }
 	    if (FD_ISSET(rem, &readset)) {
-	  	rcvcnt = rcmd_stream_read(rem, rcvbuf, sizeof (rcvbuf));
+	  	rcvcnt = rcmd_stream_read(rem, rcvbuf, sizeof (rcvbuf), 0);
 		if (rcvcnt == 0)
 		    return (0);
 		if (rcvcnt < 0)
-- 
cgit