auth.c

经典的unix下telnetd代码

/*     $OpenBSD: auth.c,v 1.2 2003/06/02 19:38:24 millert Exp $    */

/*-
 * Copyright (c) 1991, 1993
 *	The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */

#ifndef lint
/* from: static char sccsid[] = "@(#)auth.c    8.3 (Berkeley) 5/30/95" */
/* from: static char *rcsid = "$NetBSD: auth.c,v 1.5 1996/02/24 01:15:17 jtk Exp $"; */
#endif /* not lint */

/*
 * This source code is no longer held under any constraint of USA
 * `cryptographic laws' since it was exported legally.  The cryptographic
 * functions were removed from the code and a "Bones" distribution was
 * made.  A Commodity Jurisdiction Request #012-94 was filed with the
 * USA State Department, who handed it to the Commerce department.  The
 * code was determined to fall under General License GTDA under ECCN 5D96G,
 * and hence exportable.  The cryptographic interfaces were re-added by Eric
 * Young, and then KTH proceeded to maintain the code in the free world.
 *
 */

/*
 * Copyright (C) 1990 by the Massachusetts Institute of Technology
 *
 * Export of this software from the United States of America is assumed
 * to require a specific license from the United States Government.
 * It is the responsibility of any person or organization contemplating
 * export to obtain such a license before exporting.
 *
 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 * distribute this software and its documentation for any purpose and
 * without fee is hereby granted, provided that the above copyright
 * notice appear in all copies and that both that copyright notice and
 * this permission notice appear in supporting documentation, and that
 * the name of M.I.T. not be used in advertising or publicity pertaining
 * to distribution of the software without specific, written prior
 * permission.  M.I.T. makes no representations about the suitability of
 * this software for any purpose.  It is provided "as is" without express
 * or implied warranty.
 */

/* "$KTH: auth.c,v 1.23 2000/01/18 03:09:34 assar Exp $" */

#if	defined(AUTHENTICATION)
#include <stdio.h>
#include <sys/types.h>
#include <unistd.h>
#include <signal.h>
#define	AUTH_NAMES
#include <arpa/telnet.h>
#include <stdlib.h>
#include <string.h>

#include "encrypt.h"
#include "auth.h"
#include "misc-proto.h"
#include "auth-proto.h"

#define	typemask(x)		(1<<((x)-1))

#ifdef	KRB4_ENCPWD
extern krb4encpwd_init();
extern krb4encpwd_send();
extern krb4encpwd_is();
extern krb4encpwd_reply();
extern krb4encpwd_status();
extern krb4encpwd_printsub();
#endif

#ifdef	RSA_ENCPWD
extern rsaencpwd_init();
extern rsaencpwd_send();
extern rsaencpwd_is();
extern rsaencpwd_reply();
extern rsaencpwd_status();
extern rsaencpwd_printsub();
#endif

int auth_debug_mode = 0;
int auth_has_failed  = 0;
int auth_enable_encrypt = 0;
static 	const	char	*Name = "Noname";
static	int	Server = 0;
static	Authenticator	*authenticated = 0;
static	int	authenticating = 0;
static	int	validuser = 0;
static	unsigned char	_auth_send_data[256];
static	unsigned char	*auth_send_data;
static	int	auth_send_cnt = 0;

/*
 * Authentication types supported.  Plese note that these are stored
 * in priority order, i.e. try the first one first.
 */
Authenticator authenticators[] = {
#ifdef UNSAFE
    { AUTHTYPE_UNSAFE, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
      unsafe_init,
      unsafe_send,
      unsafe_is,
      unsafe_reply,
      unsafe_status,
      unsafe_printsub },
#endif
#ifdef SRA
    { AUTHTYPE_SRA, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
      sra_init,
      sra_send,
      sra_is,
      sra_reply,
      sra_status,
      sra_printsub },
#endif
#ifdef	SPX
    { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
      spx_init,
      spx_send,
      spx_is,
      spx_reply,
      spx_status,
      spx_printsub },
    { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
      spx_init,
      spx_send,
      spx_is,
      spx_reply,
      spx_status,
      spx_printsub },
#endif
#ifdef	KRB5
    { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
      kerberos5_init,
      kerberos5_send_mutual,
      kerberos5_is,
      kerberos5_reply,
      kerberos5_status,
      kerberos5_printsub },
    { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
      kerberos5_init,
      kerberos5_send_oneway,
      kerberos5_is,
      kerberos5_reply,
      kerberos5_status,
      kerberos5_printsub },
#endif
#ifdef	KRB4
    { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
      kerberos4_init,
      kerberos4_send_mutual,
      kerberos4_is,
      kerberos4_reply,
      kerberos4_status,
      kerberos4_printsub },
    { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
      kerberos4_init,
      kerberos4_send_oneway,
      kerberos4_is,
      kerberos4_reply,
      kerberos4_status,
      kerberos4_printsub },
#endif
#ifdef	KRB4_ENCPWD
    { AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
      krb4encpwd_init,
      krb4encpwd_send,
      krb4encpwd_is,
      krb4encpwd_reply,
      krb4encpwd_status,
      krb4encpwd_printsub },
#endif
#ifdef	RSA_ENCPWD
    { AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
      rsaencpwd_init,
      rsaencpwd_send,
      rsaencpwd_is,
      rsaencpwd_reply,
      rsaencpwd_status,
      rsaencpwd_printsub },
#endif
    { 0, },
};

static Authenticator NoAuth = { 0 };

static int	i_support = 0;
static int	i_wont_support = 0;

Authenticator *
findauthenticator(int type, int way)
{
    Authenticator *ap = authenticators;

    while (ap->type && (ap->type != type || ap->way != way))
	++ap;
    return(ap->type ? ap : 0);
}

void
auth_init(const char *name, int server)
{
    Authenticator *ap = authenticators;

    Server = server;
    Name = name;

    i_support = 0;
    authenticated = 0;
    authenticating = 0;
    while (ap->type) {
	if (!ap->init || (*ap->init)(ap, server)) {
	    i_support |= typemask(ap->type);
	    if (auth_debug_mode)
		printf(">>>%s: I support auth type %d %d\r\n",
		       Name,
		       ap->type, ap->way);
	}
	else if (auth_debug_mode)
	    printf(">>>%s: Init failed: auth type %d %d\r\n",
		   Name, ap->type, ap->way);
	++ap;
    }
}

void
auth_disable_name(char *name)
{
    int x;
    for (x = 0; x < AUTHTYPE_CNT; ++x) {
	if (!strcasecmp(name, AUTHTYPE_NAME(x))) {
	    i_wont_support |= typemask(x);
	    break;
	}
    }
}

int
getauthmask(char *type, int *maskp)
{
    int x;

    if (!strcasecmp(type, AUTHTYPE_NAME(0))) {
	*maskp = -1;
	return(1);
    }

    for (x = 1; x < AUTHTYPE_CNT; ++x) {
	if (!strcasecmp(type, AUTHTYPE_NAME(x))) {
	    *maskp = typemask(x);
	    return(1);
	}
    }
    return(0);
}

int
auth_enable(char *type)
{
    return(auth_onoff(type, 1));
}

int
auth_disable(char *type)
{
    return(auth_onoff(type, 0));
}

int
auth_onoff(char *type, int on)
{
    int i, mask = -1;
    Authenticator *ap;

    if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
	printf("auth %s 'type'\n", on ? "enable" : "disable");
	printf("Where 'type' is one of:\n");
	printf("\t%s\n", AUTHTYPE_NAME(0));
	mask = 0;
	for (ap = authenticators; ap->type; ap++) {
	    if ((mask & (i = typemask(ap->type))) != 0)
		continue;
	    mask |= i;
	    printf("\t%s\n", AUTHTYPE_NAME(ap->type));
	}
	return(0);
    }

    if (!getauthmask(type, &mask)) {
	printf("%s: invalid authentication type\n", type);
	return(0);
    }
    if (on)
	i_wont_support &= ~mask;
    else
	i_wont_support |= mask;
    return(1);
}

int
auth_togdebug(int on)
{
    if (on < 0)
	auth_debug_mode ^= 1;
    else
	auth_debug_mode = on;
    printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
    return(1);