📄 ckuath.c
字号:
(tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_NONE) ) { str_request[i++] = AUTHTYPE_NTLM; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) strcat(tn_msg,"NTLM CLIENT_TO_SERVER|ONE_WAY "); i++; } }#endif /* NTLM */#ifdef CK_SSL if ( auth_type_user[j] == AUTHTYPE_SSL#ifdef SSLDLL && ck_ssleay_is_installed()#endif /* SSLDLL */ && !tls_active_flag && !ssl_active_flag && ssl_initialized ) { if ((TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_MU && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_NONE) ) { str_request[i++] = AUTHTYPE_SSL; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) strcat(tn_msg,"SSL CLIENT_TO_SERVER|ONE_WAY "); i++; } }#endif /* CK_SSL */#ifdef CK_SRP if ( auth_type_user[j] == AUTHTYPE_SRP#ifdef SRPDLL && hSRP#endif /* SRPDLL */ ) {#ifndef PRE_SRP_1_4_5 /* Dont' do this yet. SRP when it uses the ENCRYPT_USING_TELOPT */ /* flag it must perform a checksum of the auth-type-pair but there */ /* is no mechansim to do that yet. */#ifdef CK_ENCRYPTION if ((TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_RF && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_RF && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_TELOPT) ) { str_request[i++] = AUTHTYPE_SRP; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_USING_TELOPT; if ( deblog || tn_deb || debses ) strcat(tn_msg,"SRP CLIENT_TO_SERVER|ONE_WAY|ENCRYPT "); i++; }#endif /* CK_ENCRYPTION */#endif /* PRE_SRP_1_4_5 */ if ((TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_MU && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_NONE) ) { str_request[i++] = AUTHTYPE_SRP; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) strcat(tn_msg,"SRP CLIENT_TO_SERVER|ONE_WAY "); i++; } }#endif /* SRP */#ifdef KRB5 if ( auth_type_user[j] == AUTHTYPE_KERBEROS_V5#ifdef OS2 && hKRB5_32#endif /* OS2 */ ) {#ifdef CK_ENCRYPTION#ifdef USE_INI_CRED_FWD if ( forward_flag && (TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_RF && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_RF && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_TELOPT) ) { str_request[i++] = AUTHTYPE_KERBEROS_V5; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL; str_request[i] |= AUTH_ENCRYPT_USING_TELOPT; str_request[i] |= INI_CRED_FWD_ON; if ( deblog || tn_deb || debses ) strcat(tn_msg,"KERBEROS_V5 CLIENT_TO_SERVER|MUTUAL|ENCRYPT "); i++; }#endif /* USE_INI_CRED_FWD */ if ((TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_RF && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_RF && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_TELOPT) ) { str_request[i++] = AUTHTYPE_KERBEROS_V5; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL; str_request[i] |= AUTH_ENCRYPT_USING_TELOPT; if ( deblog || tn_deb || debses ) strcat(tn_msg,"KERBEROS_V5 CLIENT_TO_SERVER|MUTUAL|ENCRYPT "); i++; }#endif /* CK_ENCRYPTION */ if ((TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_MU && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_NONE) ) {#ifdef CK_ENCRYPTION /* Can't perform mutual authentication without encryption */ if ( tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL ) { str_request[i++] = AUTHTYPE_KERBEROS_V5; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) strcat(tn_msg,"KERBEROS_V5 CLIENT_TO_SERVER|MUTUAL "); i++; }#endif /* CK_ENCRYPTION */ if ( tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY ) { str_request[i++] = AUTHTYPE_KERBEROS_V5; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) strcat(tn_msg,"KERBEROS_V5 CLIENT_TO_SERVER|ONE_WAY "); i++; } } }#endif /* KRB5 */#ifdef KRB4 if ( auth_type_user[j] == AUTHTYPE_KERBEROS_V4#ifdef OS2 && hKRB4_32#endif /* OS2 */ ) {#ifdef CK_ENCRYPTION if ((TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_RF && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_RF && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_TELOPT) ) { str_request[i++] = AUTHTYPE_KERBEROS_V4; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL; str_request[i] |= AUTH_ENCRYPT_USING_TELOPT; if ( deblog || tn_deb || debses ) strcat(tn_msg,"KERBEROS_V4 CLIENT_TO_SERVER|MUTUAL|ENCRYPT "); i++; }#endif /* CK_ENCRYPTION */ if ((TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && TELOPT_U_MODE(TELOPT_ENCRYPTION)) != TN_NG_MU && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_NONE) ) {#ifdef CK_ENCRYPTION /* Can't perform mutual authentication without encryption */ if ( tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL ) { str_request[i++] = AUTHTYPE_KERBEROS_V4; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) strcat(tn_msg,"KERBEROS_V4 CLIENT_TO_SERVER|MUTUAL "); i++; }#endif /* CK_ENCRYPTION */ if ( tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY ) { str_request[i++] = AUTHTYPE_KERBEROS_V4; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) strcat(tn_msg,"KERBEROS_V4 CLIENT_TO_SERVER|ONE_WAY "); i++; } } }#endif /* KRB4 */ } } str_request[i++] = IAC; str_request[i++] = SE; if ( deblog || tn_deb || debses ) { strcat(tn_msg,"IAC SE"); debug(F100,tn_msg,"",0); if (tn_deb || debses) tn_debug(tn_msg); } /* Send data */ rc = ttol((CHAR *)str_request, i); if ( rc == i ) return(0); else return(-1);}#ifdef CK_ENCRYPTIONVOIDck_tn_enc_start(){ if (!TELOPT_ME(TELOPT_ENCRYPTION) && !TELOPT_U(TELOPT_ENCRYPTION)) return; if (!TELOPT_SB(TELOPT_ENCRYPTION).encrypt.stop && (!encrypt_is_decrypting() || !encrypt_is_encrypting())) { debug(F110,"ck_tn_enc_start","nothing to do",0); return; } TELOPT_SB(TELOPT_ENCRYPTION).encrypt.stop = 0; if (TELOPT_ME(TELOPT_ENCRYPTION) && !encrypt_is_encrypting()) { debug(F110,"ck_tn_enc_start","encrypt_request_start",0); encrypt_request_start(); } if (TELOPT_U(TELOPT_ENCRYPTION) && !encrypt_is_decrypting()) { debug(F110,"ck_tn_enc_start","encrypt_send_request_start",0); encrypt_send_request_start(); } tn_wait("encrypt start"); tn_push();}VOIDck_tn_enc_stop(){ if (!TELOPT_ME(TELOPT_ENCRYPTION) && !TELOPT_U(TELOPT_ENCRYPTION)) return; if (TELOPT_SB(TELOPT_ENCRYPTION).encrypt.stop || !(encrypt_is_decrypting() || encrypt_is_encrypting())) { debug(F110,"ck_tn_enc_stop","nothing to do",0); return; } TELOPT_SB(TELOPT_ENCRYPTION).encrypt.stop = 1; if (TELOPT_U(TELOPT_ENCRYPTION) && encrypt_is_decrypting()) { debug(F110,"ck_tn_enc_stop","encrypt_send_request_end",0); encrypt_send_request_end(); } if (TELOPT_ME(TELOPT_ENCRYPTION) && encrypt_is_encrypting()) { debug(F110,"ck_tn_enc_stop","encrypt_send_end",0); encrypt_send_end(); } tn_wait("encrypt stop"); tn_push();}#endif /* CK_ENCRYPTION *//* C K _ K R B _ T N _ S B _ A U T H * An interface between the C-Kermit Telnet Command Parser and the Authent- * ication option parser implemented in the Kerberos Telnet client. * * sb - the subnegotiation as calculated in ckcnet.c * len - the length of the buffer * * Returns: 0 on success and -1 on failure */int#ifdef CK_ANSICck_tn_sb_auth(char * sb, int len)#else /* CK_ANSIC */ck_tn_sb_auth(sb,len) char * sb; int len;#endif /* CK_ANSIC */{ /* auth_parse() assumes that sb starts at pos 1 not 0 as in ckcnet.c */ /* and it wants the length to exclude the IAC SE bytes */ char buf[1024]; int rc = -1; buf[0] = SB; memcpy( &buf[1], sb, len ); buf[len+1] = '\0'; rc = auth_parse(buf,len+1-2); debug(F111,"ck_tn_sb_auth","rc",rc); if (rc == AUTH_FAILURE) { authentication_version = AUTHTYPE_NULL;#ifdef OS2 ipadl25();#endif /* OS2 */ return(-1); }#ifdef OS2 ipadl25();#endif /* OS2 */ return(0);}/* C K _ K R B _ T N _ S B _ E N C R Y P T * An interface between the C-Kermit Telnet Command Parser and the Encryption * option parser implemented in the Kerberos Telnet client. * * sb - the subnegotiation as calculated in ckcnet.c * len - the length of the buffer * * Returns: Always returns 0 for success since encrypt_parse is void */int#ifdef CK_ANSICck_tn_sb_encrypt(char * sb, int len)#elseck_tn_sb_encrypt(sb,len) char * sb; int len;#endif /* CK_ANSIC */{ /* encrypt_parse() assumes that sb starts at pos 1 not 0 as in ckcnet.c */ /* and it wants the length to exclude the IAC SE bytes */#ifdef CK_ENCRYPTION char buf[1024]; buf[0] = SB; memcpy( &buf[1], sb, len ); buf[len+1] = '\0'; if (encrypt_parse(buf,len+1-2) < 0) return(-1); /* This is a hack. It does not belong here but should really be in */ /* encrypt_parse() but in K95 the encrypt_parse() routine does not */ /* have access to the telopt_states array. */ if ( buf[1] == ENCRYPT_REQEND ) TELOPT_SB(TELOPT_ENCRYPTION).encrypt.stop = 1; else if ( buf[1] == ENCRYPT_REQSTART ) TELOPT_SB(TELOPT_ENCRYPTION).encrypt.stop = 0;#ifdef OS2 ipadl25();#endif /* OS2 */#endif /* ENCRYPTION */ return(0);}/* C K _ K R B _ E N C R Y P T I N G * Returns 1 if we are encrypting and 0 if we are not */int#ifdef CK_ANSICck_tn_encrypting(VOID)#else /* CK_ANSIC */ck_tn_encrypting()#endif /* CK_ANSIC */{#ifdef CK_ENCRYPTION if ( g_kstream == NULL ) return(0); if ( g_kstream->encrypt && encrypt_is_encrypting()) { debug(F111,"ck_tn_encrypting","encrypting", g_kstream->encrypt_type); return(g_kstream->encrypt_type); }#endif /* CK_ENCRYPTION */ debug(F110,"ck_tn_encrypting","not encrypting",0); return(0);}/* C K _ K R B _ D E C R Y P T I N G * Returns 1 if we are decrypting and 0 if we are not */int#ifdef CK_ANSICck_tn_decrypting(VOID)#elseck_tn_decrypting()#endif /* CK_ANSIC */{#ifdef CK_ENCRYPTION if ( g_kstream == NULL ) return(0); if ( g_kstream->decrypt && encrypt_is_decrypting()) { debug(F111,"ck_tn_decrypting","decrypting", g_kstream->decrypt_type); return(g_kstream->decrypt_type); }#endif /* CK_ENCRYPTION */ debug(F110,"ck_tn_decrypting","not decrypting",0); return(0);}/* C K _ K R B _ A U T H E N T I C A T E D * Returns the authentication type: AUTHTYPE_NULL, AUTHTYPE_KERBEROS4, * or AUTHTYPE_KERBEROS5, AUTHTYPE_SRP, ... (see ckctel.h) */int#ifdef CK_ANSICck_tn_authenticated(VOID)#elseck_tn_authenticated()#endif{ return(authentication_version);}/* C K _ K R B _ E N C R Y P T * encrypts n characters in s if we are encrypting */VOID#ifdef CK_ANSICck_tn_encrypt( char * s, int n )#elseck_tn_encrypt( s,n ) char * s; int n;#endif{#ifdef CK_ENCRYPTION struct kstream_data_block i; if (g_kstream->encrypt && encrypt_is_encrypting()) {#ifdef DEBUG hexdump("from plaintext", s, n);#endif i.ptr = s; i.length = n;⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -