ckuath.c

C-Kermit源码。是使用串口/Modem和网络通讯的程序

char *ckathv = "Authentication, 7.0.141, 19 Dec 1999";
/*
  C K U A T H . C  --  Authentication for C-Kermit

  Copyright (C) 1999, 2000,
    Trustees of Columbia University in the City of New York.
    All rights reserved.  See the C-Kermit COPYING.TXT file or the
    copyright text in the ckcmai.c module for disclaimer and permissions.

  Author:  Jeffrey E Altman (jaltman@columbia.edu)
*/
/*
 * Based on a concatenation of all necessary source files distributed with the
 * Kerberos 5 NT Alpha 2 Telnet package from MIT with significant changes.
 * Additional copyrights included with affected code.
 */
/*
 * Implements Kerberos 4/5, SRP, SSL, NTLM authentication and START_TLS
 */

#include "ckcdeb.h"

#ifdef CK_AUTHENTICATION
#include "ckcker.h"
#include "ckucmd.h"                             /* For struct keytab */
#include "ckcnet.h"

#ifdef CRYPT_DLL
#ifndef LIBDES
#define LIBDES
#endif /* LIBDES */
#ifdef OS2
#ifdef NT
#include <windows.h>
#else /* NT */
#define INCL_DOSMODULEMGR
#include <os2.h>
#endif /* NT */
#endif /* OS2 */
#endif /* CRYPT_DLL */

#ifdef NT
#define KRB5_AUTOCONF__
#define NTLM
#endif /* NT */

#ifdef CK_KERBEROS
#define KINIT
#define KLIST
#define KDESTROY
#define CHECKADDRS
#else /* CK_KERBEROS */
#ifdef KRB4
#undef KRB4
#endif /* KRB4 */
#ifdef KRB5
#undef KRB5
#endif /* KRB5 */
#ifdef KRB524
#undef KRB524
#endif /* KRB524 */
#endif /* CK_KERBEROS */

#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <time.h>
#include <fcntl.h>
#include <malloc.h>
#ifdef OS2
#include <io.h>
#endif /* OS2 */

#ifdef KRB5
#include "krb5.h"
#include "com_err.h"
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
#ifdef UNIX
#define krb5_free_unparsed_name(con,val) free((char FAR *)(val))
#endif /* UNIX */
#endif /* KRB5 */

#ifdef KRB4
#define  des_cblock Block
#define  des_key_schedule Schedule
#ifdef NT
#define _WINDOWS
#include "kerberosIV/krb.h"
#else /* NT */
#ifdef KRB524
#include "kerberosIV/krb.h"
_PROTOTYP(const char * krb_get_err_text_entry, (int));
#else /* KRB524 */
#ifdef SOLARIS
#ifndef sun
/* for some reason the Makefile entries for the Solaris systems have -Usun */
#define sun
#endif /* sun */
#endif /* SOLARIS */
#include "krb.h"
#define krb_get_err_text_entry krb_get_err_text
#endif /* KRB524 */
#endif /* NT */
#else /* KRB4 */
#ifdef CK_SSL
#define  des_cblock Block
#define  des_key_schedule Schedule
#endif /* CK_SSL */
#endif /* KRB4 */

#include "ckuath.h"
#ifdef CK_KERBEROS
#ifndef KRB5
#define NOBLOCKDEF
#endif /* KRB5 */
#ifdef KRB524
#define NOBLOCKDEF
#endif /* KRB524 */
#endif /* CK_KERBEROS */
#include "ckuat2.h"

#ifdef CK_SSL
#ifdef LIBDES
#ifndef HEADER_DES_H
#define HEADER_DES_H
#endif /* HEADER_DES_H */
#endif /* LIBDES */
#include "ck_ssl.h"
#endif /* SSL */

#define PWD_SZ 128

#ifndef LIBDES
#ifdef UNIX
#define des_set_random_generator_seed(x) des_init_random_number_generator(x)
#endif /* UNIX */
#endif /* LIBDES */


/*
 * Globals
 */
int authentication_version = AUTHTYPE_NULL;
int auth_type_user[AUTHTYPLSTSZ]      = {AUTHTYPE_AUTO, AUTHTYPE_NULL};
static int auth_how=0;
static int auth_crypt=0;
static int auth_fwd=0;

/* These are state completion variables */
int accept_complete = 0;
static int mutual_complete = 0;

#ifdef KRB4
#ifdef OS2
/* The Leash implementation of Kerberos 4 used by Kermit 95 */
/* has an extended Credentials structure that includes the  */
/* ip address of the ticket in readable form.               */
#ifdef KRB4
#ifndef ADDR_SZ
#define ADDR_SZ 40      /* From Leash krb.h */
#endif /* ADDR_SZ */

struct leash_credentials {
    char    service[ANAME_SZ];  /* Service name */
    char    instance[INST_SZ];  /* Instance */
    char    realm[REALM_SZ];    /* Auth domain */
    C_Block session;            /* Session key */
    int     lifetime;           /* Lifetime */
    int     kvno;               /* Key version number */
    KTEXT_ST ticket_st;         /* The ticket itself */
    long    issue_date;         /* The issue time */
    char    pname[ANAME_SZ];    /* Principal's name */
    char    pinst[INST_SZ];     /* Principal's instance */
    char    address[ADDR_SZ];   /* IP Address in ticket */
};

typedef struct leash_credentials LEASH_CREDENTIALS;
#endif /* KRB4 */
static LEASH_CREDENTIALS cred;
#else /* OS2 */
static CREDENTIALS cred;
#endif /* OS2 */
static KTEXT_ST k4_auth;
static char     k4_name[ANAME_SZ];
static AUTH_DAT k4_adat  = { 0 };
static char *   k4_keyfile = "/etc/srvtab";
static MSG_DAT  k4_msg_data;
#ifdef CK_ENCRYPTION
static Block    k4_session_key     = { 0 };
static Schedule k4_sched;
static Block    k4_challenge       = { 0 };
#ifdef MIT_CURRENT
static krb5_keyblock k4_krbkey;
#endif /* MIT_CURRENT */
#endif /* ENCRYPTION */
#define KRB4_SERVICE_NAME    "rcmd"

_PROTOTYP(static int k4_auth_send,(VOID));
_PROTOTYP(static int k4_auth_reply,(unsigned char *, int));
_PROTOTYP(static int k4_auth_is,(unsigned char *, int));
#endif /* KRB4 */

#ifdef KRB5
static krb5_data          k5_auth;
static krb5_auth_context  auth_context;
static krb5_keyblock     *k5_session_key = NULL;
#ifdef FORWARD
_PROTOTYP(void kerberos5_forward,(VOID));
#endif /* FORWARD */

#define KRB5_SERVICE_NAME    "host"

_PROTOTYP(static int k5_auth_send,(int,int,int));
_PROTOTYP(static int k5_auth_reply,(int, unsigned char *, int));
_PROTOTYP(static int k5_auth_is,(int,unsigned char *, int));
_PROTOTYP(static int SendK5AuthSB,(int, void *, int));
#endif /* KRB5 */

#ifdef CK_SRP
_PROTOTYP(static int srp_reply,(int, unsigned char *, int));
_PROTOTYP(static int srp_is,(int, unsigned char *, int));
#endif /* SRP */

_PROTOTYP(void auth_finished, (int));

#ifdef CK_ENCRYPTION
static int encrypt_flag = 1;
#endif
#ifdef FORWARD
int forward_flag = 0;       	   /* forward tickets? */
int forwardable_flag = 1;   	   /* get forwardable tickets to forward? */
int forwarded_tickets = 0;         /* were tickets forwarded? */
#endif

static unsigned char str_data[4096] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
			  		AUTHTYPE_KERBEROS_V5, };
#define AUTHTMPBL 2048
static char strTmp[AUTHTMPBL+1];
       char szUserNameRequested[UIDBUFLEN+1];    /* for incoming connections */
       char szUserNameAuthenticated[UIDBUFLEN+1];/* for incoming connections */
       char szHostName[UIDBUFLEN+1];
static char szLocalHostName[UIDBUFLEN+1];
static char szIP[16];
static char szUserName[UIDBUFLEN+1];
static int  validUser = AUTH_REJECT;    /* User starts out invalid */

static struct kstream_crypt_ctl_block ctl;
static kstream g_kstream=NULL;

#ifdef KRB5
static krb5_context k5_context=NULL;
static krb5_creds * ret_cred=NULL;
static krb5_context telnet_context=NULL;
static char * telnet_srvtab = NULL;
static char * telnet_krb5_realm = NULL;
static krb5_ticket * k5_ticket = NULL;
#endif /* KRB5 */

#ifdef CK_SRP
#include <t_pwd.h>
#include <t_client.h>
#include <t_server.h>

static struct t_server * ts = NULL;
static struct t_client * tc = NULL;
#ifdef PRE_SRP_1_4_4
#ifndef PRE_SRP_1_4_5
#define PRE_SRP_1_4_5
#endif /* PRE_SRP_1_4_5 */
static struct t_pw * tpw = NULL;
static struct t_conf * tconf = NULL;
#endif /* PRE_SRP_1_4_4 */

static int srp_waitresp = 0;	/* Flag to indicate readiness for response */
static struct t_num * B;	/* Holder for B */
static char srp_passwd[PWD_SZ];
#endif /* CK_SRP */

#ifdef CK_KERBEROS
#ifdef RLOGCODE
#define OPTS_FORWARD_CREDS           0x00000002
#define OPTS_FORWARDABLE_CREDS       0x00000001

#define RLOGIN_BUFSIZ 5120
char des_inbuf[2*RLOGIN_BUFSIZ];       /* needs to be > largest read size */
char des_outpkt[2*RLOGIN_BUFSIZ+4];    /* needs to be > largest write size */
#ifdef KRB5
krb5_data desinbuf,desoutbuf;
krb5_encrypt_block eblock;             /* eblock for encrypt/decrypt */
#endif /* KRB5 */

static char storage[2*RLOGIN_BUFSIZ];  /* storage for the decryption */
static int nstored = 0;
static char *store_ptr = storage;
static int rlog_encrypt = 0;
#endif /* RLOGCODE */

extern char * krb5_d_principal;		/* Default principal */
extern char * krb5_d_instance;          /* Default instance */
extern char * krb5_d_realm;		/* Default realm */
extern char * krb5_d_cc;		/* Default credentials cache */
extern char * krb5_d_srv;               /* Default service name */
extern int    krb5_d_lifetime;          /* Default lifetime */
extern int    krb5_d_forwardable;
extern int    krb5_d_proxiable;
extern int    krb5_d_renewable;
extern int    krb5_autoget;
extern int    krb5_checkaddrs;
extern int    krb5_d_getk4;

extern int    krb5_errno;
extern char * krb5_errmsg;

extern char * krb4_d_principal;		/* Default principal */
extern char * krb4_d_realm;		/* Default realm */
extern char * krb4_d_srv;               /* Default service name */
extern int    krb4_d_lifetime;          /* Default lifetime */
extern int    krb4_d_preauth;
extern char * krb4_d_instance;
extern int    krb4_autoget;
extern int    krb4_checkaddrs;

extern int    krb4_errno;
extern char * krb4_errmsg;
#endif /* CK_KERBEROS */

extern char tn_msg[], hexbuf[];         /* from ckcnet.c */
extern char pwbuf[];
extern int  pwflg, pwcrypt;
extern int deblog, debses, tn_deb;
extern int sstelnet, inserver;
#ifdef CK_LOGIN
extern int ckxanon;
#endif /* CK_LOGIN */
extern int tn_auth_how;
extern int tn_auth_enc;
#ifdef CK_ENCRYPTION
extern int cx_type;
#endif /* CK_ENCRYPTION */


#ifdef OS2
#include "ckoath.c"
#endif /* OS2 */

int
ck_krb5_is_installed()
{
#ifdef KRB5
#ifdef OS2
    return(hKRB5_32 != NULL);
#else /* OS2 */
    return(1);
#endif /* OS2 */
#else /* KRB5 */
    return(0);
#endif /* KRB5 */
}

int
ck_krb4_is_installed()
{
#ifdef KRB4
#ifdef OS2
    return(hKRB4_32 != NULL);
#else /* OS2 */
    return(1);
#endif /* OS2 */
#else /* KRB4 */
    return(0);
#endif /* KRB4 */
}

int
ck_srp_is_installed()
{
#ifdef CK_SRP
#ifdef SRPDLL
    return(hSRP != NULL);
#else /* SRPDLL */
    return(1);
#endif /* SRPDLL */
#else /* SRP */
    return(0);
#endif /* SRP */
}

int
ck_crypt_is_installed()
{
#ifdef CK_ENCRYPTION
#ifdef CRYPT_DLL
    return(hCRYPT != NULL);
#else /* CRYPT_DLL */
    return(1);
#endif /* CRYPT_DLL */
#else /* ENCRYPTION */
    return(0);
#endif /* ENCRYPTION */
}

int
ck_ntlm_is_installed()
{
#ifdef NT
    return(hSSPI != NULL);
#else /* NT */
    return(0);
#endif /* NT */
}

/* C K _ K R B _ I N I T
 * Initialize the Kerberos system for a pending connection
 *   hostname - a reverse DNS lookup of the hostname when possible
 *   ipaddr   - the ip address of the host
 *   username - the name the user wants to connect under not necessarily
 *              the same as principal
 *   socket   - the socket handle (ttyfd in Kermit speak)
 *
 * Returns: 1 on success and 0 on failure
 */

int
#ifdef CK_ANSIC
ck_auth_init( char * hostname, char * ipaddr, char * username, int socket )
#else /* CK_ANSIC */
ck_auth_init( hostname, ipaddr, username, socket )
    char * hostname; char * ipaddr; char *username; int socket;
#endif /* CK_ANSIC */
{
#ifdef OS2
    if ( !ck_auth_loaddll() ) {
        TELOPT_ME_MODE(TELOPT_AUTHENTICATION) = TN_NG_RF;
        TELOPT_U_MODE(TELOPT_AUTHENTICATION) = TN_NG_RF;
        return(0);
    }
#endif /* OS2 */

    if ( !!ck_crypt_is_installed() ) {
        TELOPT_ME_MODE(TELOPT_ENCRYPTION) = TN_NG_RF;
        TELOPT_U_MODE(TELOPT_ENCRYPTION) = TN_NG_RF;
    }