📄 ckuath.c
字号:
if (!hostname) hostname = ""; if (!ipaddr) ipaddr = ""; if (!username) username = ""; ckstrncpy( szUserName, username, UIDBUFLEN ); ckstrncpy( szHostName, hostname, UIDBUFLEN ); ckstrncpy( szIP, ipaddr, 16 ); szUserNameRequested[0] = '\0'; szUserNameAuthenticated[0] = '\0'; validUser = AUTH_REJECT; if ( sstelnet ) str_data[3] = TELQUAL_REPLY; else str_data[3] = TELQUAL_IS; debug(F110,"ck_auth_init Username",username,0); debug(F110,"ck_auth_init Hostname",hostname,0); debug(F110,"ck_auth_init Ipaddr",ipaddr,0);#ifdef KRB5 /* free previous ret_cred */ if ( ret_cred ) { krb5_free_creds(k5_context, ret_cred); ret_cred = NULL; } /* and context */ if ( k5_context ) { krb5_free_context(k5_context); k5_context = NULL; } /* create k5_context */ krb5_init_context(&k5_context);#ifndef MIT_CURRENT krb5_init_ets(k5_context);#endif /* MIT_CURRENT */ memset(&k5_auth,0,sizeof(k5_auth)); if (auth_context) { krb5_auth_con_free(k5_context, auth_context); auth_context = 0; }#ifdef CK_ENCRYPTION if (k5_session_key) { krb5_free_keyblock(k5_context, k5_session_key); k5_session_key = 0; }#endif /* ENCRYPTION */#endif /* KRB5 */#ifdef KRB4#ifdef CK_ENCRYPTION /* Initialize buffers used for authentication */ memset(&k4_session_key, 0, sizeof(k4_session_key)); memset(&k4_challenge, 0, sizeof(k4_challenge));#endif /* ENCRYPTION */#endif /* KRB4 */ kstream_destroy(); auth_how = 0; auth_crypt = 0; auth_fwd = 0; accept_complete = 0; mutual_complete = 0; authentication_version = AUTHTYPE_NULL;#ifdef CK_KERBEROS#ifdef RLOGCODE rlog_encrypt = 0; nstored = 0; store_ptr = storage; memset(storage,0,sizeof(storage));#endif /* RLOGCODE */#endif /* CK_KERBEROS */#ifdef CK_SRP srp_waitresp = 0;#endif /* SRP */ /* create kstream from socket */ /* a kstream is simply a structure containing the socket handle */ /* and pointers to the appropriate functions for encryption, */ /* decryption, and the like. */ ctl.encrypt = auth_encrypt; ctl.decrypt = auth_decrypt; ctl.init = auth_init; ctl.destroy = auth_destroy; if (!kstream_create_from_fd(socket, &ctl, NULL)) return(0); return(1);}intck_tn_auth_valid(){ return(validUser);}/* C K _ K R B _ A U T H _ I N _ P R O G R E S S * * Is an authentication negotiation still in progress? * */int#ifdef CK_ANSICck_tn_auth_in_progress(void)#elseck_tn_auth_in_progress()#endif{ switch (authentication_version) { case AUTHTYPE_AUTO: return(1); case AUTHTYPE_NULL: return(0);#ifdef KRB4 case AUTHTYPE_KERBEROS_V4: if (!accept_complete) { debug(F100,"ck_auth_in_progress() Kerberos 4 !accept_complete", "",0); return(1); } else if ((auth_how & AUTH_HOW_MASK) && !mutual_complete) { debug(F100,"ck_auth_in_progress() Kerberos 4 !mutual_complete", "",0); return(1); } else return(0);#endif /* KRB4 */#ifdef KRB5 case AUTHTYPE_KERBEROS_V5: if (!accept_complete) { debug(F100,"ck_auth_in_progress() Kerberos 5 !accept_complete", "",0); return(1); } else if ((auth_how & AUTH_HOW_MASK) && !mutual_complete) { debug(F100,"ck_auth_in_progress() Kerberos 5 !mutual_complete", "",0); return(1); } else return(0);#endif /* KRB5 */#ifdef CK_SRP case AUTHTYPE_SRP: if (!accept_complete || srp_waitresp) return(1); else return(0);#endif /* CK_SRP */#ifdef NTLM case AUTHTYPE_NTLM: if (!accept_complete) { debug(F100,"ck_auth_in_progress() NTLM !accept_complete", "",0); return(1); } else return(0);#endif /* NTLM */ case AUTHTYPE_SSL: if (!accept_complete) { debug(F100,"ck_auth_in_progress() SSL !accept_complete", "",0); return(1); } else return(0); default: return(0); } return(0);}/* C K _ K R B _ T N _ A U T H _ R E Q U E S T * * Builds a Telnet Authentication Send Negotiation providing the * list of supported authentication methods. To be used only * when accepting incoming connections as only the server (DO) side of the * Telnet negotiation is allowed to send an AUTH SEND. * * Returns: 0 on success and -1 on failure */int#ifdef CK_ANSICck_tn_auth_request(void)#elseck_tn_auth_request()#endif{ static unsigned char str_request[64] = { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_SEND }; int i = 4, rc = -1;#ifdef CK_SSL if (TELOPT_SB(TELOPT_START_TLS).start_tls.me_follows) { return(0); }#endif /* CK_SSL */ if ( deblog || tn_deb || debses ) strcpy(tn_msg,"TELNET SENT SB AUTHENTICATION SEND "); /* Create a list of acceptable Authentication types to send to */ /* the client and let it choose find one that we support */ /* For those authentication methods that support Encryption or */ /* Credentials Forwarding we must send all of the appropriate */ /* combinations based upon the state of */ /* TELOPT_x_MODE(TELOPT_ENCRYPTION) and forward_flag. */ if ( auth_type_user[0] == AUTHTYPE_AUTO ) { /* Microsoft's Telnet client won't perform authentication if */ /* NTLM is not first. */#ifdef NTLM if ( ck_ntlm_is_valid() ) { if ((TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_MU && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_NONE) ) { str_request[i++] = AUTHTYPE_NTLM; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) strcat(tn_msg,"NTLM CLIENT_TO_SERVER|ONE_WAY "); i++; } }#endif /* NTLM */#ifdef KRB5 if (1#ifdef OS2 && hKRB5_32#endif /* OS2 */ ) {#ifdef CK_ENCRYPTION#ifdef USE_INI_CRED_FWD if ( forward_flag && (TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_RF && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_RF && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_TELOPT) ) { str_request[i++] = AUTHTYPE_KERBEROS_V5; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL; str_request[i] |= AUTH_ENCRYPT_USING_TELOPT; str_request[i] |= INI_CRED_FWD_ON; if ( deblog || tn_deb || debses ) strcat(tn_msg,"KERBEROS_V5 CLIENT_TO_SERVER|MUTUAL|ENCRYPT "); i++; }#endif /* USE_INI_CRED_FWD */ if ((TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_RF && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_RF && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_TELOPT) ) { str_request[i++] = AUTHTYPE_KERBEROS_V5; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL; str_request[i] |= AUTH_ENCRYPT_USING_TELOPT; if ( deblog || tn_deb || debses ) strcat(tn_msg,"KERBEROS_V5 CLIENT_TO_SERVER|MUTUAL|ENCRYPT "); i++; }#endif /* CK_ENCRYPTION */ if ((TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_MU && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_NONE) ) {#ifdef CK_ENCRYPTION /* Can't perform mutual authentication without encryption */ if ( tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL ) { str_request[i++] = AUTHTYPE_KERBEROS_V5; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) strcat(tn_msg,"KERBEROS_V5 CLIENT_TO_SERVER|MUTUAL "); i++; }#endif /* CK_ENCRYPTION */ if ( tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY ) { str_request[i++] = AUTHTYPE_KERBEROS_V5; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) strcat(tn_msg,"KERBEROS_V5 CLIENT_TO_SERVER|ONE_WAY "); i++; } } }#endif /* KRB5 */#ifdef KRB4 if (1#ifdef OS2 && hKRB4_32#endif /* OS2 */ ) {#ifdef CK_ENCRYPTION if ((TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_RF && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_RF && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_TELOPT) ) { str_request[i++] = AUTHTYPE_KERBEROS_V4; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL; str_request[i] |= AUTH_ENCRYPT_USING_TELOPT; if ( deblog || tn_deb || debses ) strcat(tn_msg,"KERBEROS_V4 CLIENT_TO_SERVER|MUTUAL|ENCRYPT "); i++; }#endif /* CK_ENCRYPTION */ if ((TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_MU && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_NONE) ) {#ifdef CK_ENCRYPTION /* Can't perform mutual authentication without encryption */ if ( tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL ) { str_request[i++] = AUTHTYPE_KERBEROS_V4; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) strcat(tn_msg,"KERBEROS_V4 CLIENT_TO_SERVER|MUTUAL "); i++; }#endif /* CK_ENCRYPTION */ if ( tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY ) { str_request[i++] = AUTHTYPE_KERBEROS_V4; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) strcat(tn_msg,"KERBEROS_V4 CLIENT_TO_SERVER|ONE_WAY "); i++; } } }#endif /* KRB4 */#ifdef CK_SRP if ( 1#ifdef SRPDLL && hSRP#endif /* SRPDLL */ ) {#ifndef PRE_SRP_1_4_5 /* Dont' do this yet. SRP when it uses the ENCRYPT_USING_TELOPT */ /* flag it must perform a checksum of the auth-type-pair but there */ /* is no mechansim to do that yet. */#ifdef CK_ENCRYPTION if ((TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_RF && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_RF && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_TELOPT) ) { str_request[i++] = AUTHTYPE_SRP; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_USING_TELOPT; if ( deblog || tn_deb || debses ) strcat(tn_msg,"SRP CLIENT_TO_SERVER|ONE_WAY|ENCRYPT "); i++; }#endif /* CK_ENCRYPTION */#endif /* PRE_SRP_1_4_5 */ if ((TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_MU && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_NONE) ) { str_request[i++] = AUTHTYPE_SRP; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) strcat(tn_msg,"SRP CLIENT_TO_SERVER|ONE_WAY "); i++; } }#endif /* SRP */#ifdef CK_SSL if ( 1#ifdef SSLDLL && ck_ssleay_is_installed()#endif /* SSLDLL */ && !tls_active_flag && !ssl_active_flag && ssl_initialized ) { if ((TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_MU && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_NONE) ) { str_request[i++] = AUTHTYPE_SSL; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) strcat(tn_msg,"SSL CLIENT_TO_SERVER|ONE_WAY "); i++; } }#endif /* CK_SSL */ } else { int j; for ( j=0; j<AUTHTYPLSTSZ && auth_type_user[j] != AUTHTYPE_NULL; j++) {#ifdef NTLM if (auth_type_user[j] == AUTHTYPE_NTLM && ck_ntlm_is_valid()) { if ((TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_MU &&⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -