ckuath.c

KERMIT工具 这在办公室下载不了,很多人都没有载不到.

    return(hGSSAPI != NULL);
#else /* OS2 */
    return(1);
#endif /* OS2 */
#else /* KRB5 */
    return(0);
#endif /* KRB5 */
}

int
ck_krb5_is_installed()
{
#ifdef KRB5
#ifdef OS2
    return(hKRB5_32 != NULL);
#else /* OS2 */
    return(1);
#endif /* OS2 */
#else /* KRB5 */
    return(0);
#endif /* KRB5 */
}


int
ck_krb5_is_installed_as_server()
{
#ifdef KRB5
#ifdef HEIMDAL
    krb5_error_code ret;
    krb5_keytab kt;
    krb5_kt_cursor cursor;

    ret = krb5_kt_default(k5_context, &kt);
    if ( ret ) {
        krb5_kt_close(k5_context, kt);
        return(0);
    } else {
        krb5_kt_end_seq_get(k5_context, kt, &cursor);
        krb5_kt_close(k5_context, kt);
        return(1);
    }
#else /* HEIMDAL */
#ifndef COMMENT
    char ktname[CKMAXPATH]="";

    if ( k5_keytab ) {
        ckstrncpy(ktname,k5_keytab,CKMAXPATH);
    } else {
        krb5_error_code code;

        if ( k5_context == NULL)
            if (krb5_init_context(&k5_context))
                return(0);

        code = krb5_kt_default_name(k5_context,ktname,CKMAXPATH);
        debug(F101,"krb5_kt_default_name","",code);
        if ( code ) {
            /* We can't check the existence of the file since we can't   */
            /* determine the file name.  So we return TRUE and let       */
            /* Krb5 be offered to the user even though it may fail later */
            return(1);
        }
    }

    if ( !strncmp("FILE:",ktname,5) ) {
        if ( zchki(&ktname[5]) > 0 )
            return(1);
        else
            return(0);
    } else {
        if (ktname[0])
            return(1);
        else
            return(0);
    }
#else /* COMMENT */
    krb5_error_code             krb5rc = KRB5KRB_ERR_GENERIC;
    krb5_context                krb5context = NULL;
    krb5_ccache                 krb5ccdef = NULL;
    krb5_creds                  krb5creds, *krb5credsp = NULL;
    int                         rc = 0;

    if ( !ck_krb5_is_installed() )
        return(0);

    memset((char *)&krb5creds, 0, sizeof(krb5creds));

    if ((krb5rc = krb5_init_context(&krb5context)) != 0)
        goto err;

    if ((krb5rc = krb5_sname_to_principal(krb5context,
                                          szHostName,
                                          krb5_d_srv ?
                                          krb5_d_srv :
                                          KRB5_SERVICE_NAME,
                                          KRB5_NT_SRV_HST,
                                          &krb5creds.server)) != 0)
      goto err;

    if ((krb5rc = krb5_cc_default(krb5context, &krb5ccdef)) != 0)
        goto err;

    if ((krb5rc = krb5_cc_get_principal(krb5context, krb5ccdef,
                                         &krb5creds.client)) != 0)
        goto err;

    if ((krb5rc = krb5_get_credentials(krb5context, 0, krb5ccdef,
                                        &krb5creds, &krb5credsp)) != 0)
        goto err;
    rc = 1;

  err:

    if (krb5creds.client)
      krb5_free_principal(krb5context, krb5creds.client);
    if (krb5creds.server)
      krb5_free_principal(krb5context, krb5creds.server);
    if (krb5context)
      krb5_free_context(krb5context);
    return(rc);

#endif /* COMMENT */
#endif /* HEIMDAL */
#else /* KRB5 */
    return(0);
#endif /* KRB5 */
}

int
ck_krb4_is_installed()
{
#ifdef KRB4
#ifdef OS2
    return(hKRB4_32 != NULL);
#else /* OS2 */
    return(1);
#endif /* OS2 */
#else /* KRB4 */
    return(0);
#endif /* KRB4 */
}

int
ck_krb4_is_installed_as_server()
{
    if ( !ck_krb4_is_installed() )
        return(0);

#ifdef KRB4
    if ( !k4_keytab ) {
#ifdef NT
        char name[CKMAXPATH]="";
        DWORD len = CKMAXPATH;

        len = GetWindowsDirectory(name,len);
        if ( len > 0 )
            ckstrncat(name,"/srvtab",CKMAXPATH);
        if ( name[0] )
            makestr(&k4_keytab,name);
#else /* NT */
        makestr(&k4_keytab,"/etc/srvtab");
#endif /* NT */
    }

    if ( !k4_keytab )
        return(0);

    if ( zchki(k4_keytab) > 0 )
        return(1);
#ifdef KRB524
    else if (ck_krb5_is_installed_as_server())
        return(1);
#endif /* KRB524 */
    else
        return(0);
#endif /* KRB4 */
}

int
ck_srp_is_installed_as_server()
{
#ifdef CK_SRP
#ifdef SRPDLL
    if ( hSRP == NULL )
        return(0);
#endif /* SRPDLL */
#ifdef COMMENT
    /* This is the new API as of 1.7.4.  However, all it does
       is allocate a data structure.  It can never fail.
     */
    {
        SRP * s_srp = SRP_new(SRP_RFC2945_server_method());
        if ( s_srp ) {
            SRP_free(s_srp);
            s_srp = NULL;
            return(1);
        }
        return(0);
    }
#else /* COMMENT */
    {
        struct t_pw * tpw = NULL;
        struct t_conf * tconf = NULL;
        if((tconf = t_openconf(NULL)) == NULL)
            return(0);
        if((tpw = t_openpw(NULL)) == NULL) {
            t_closeconf(tconf);
            return(0);
        }
        t_closeconf(tconf);
        t_closepw(tpw);
        return(1);
    }
#endif /* COMMENT */
#else /* SRP */
    return(0);
#endif /* SRP */
}

int
ck_srp_is_installed()
{
#ifdef CK_SRP
#ifdef SRPDLL
    if ( hSRP == NULL )
        return(0);
#endif /* SRPDLL */
    return(1);
#else /* CK_SRP */
    return(0);
#endif /* CK_SRP */
}

int
ck_krypto_is_installed()
{
#ifdef CK_SRP
#ifdef OS2
    if ( hLIBKRYPTO == NULL )
        return(0);
#endif /* OS2 */
    return(1);
#else /* CK_SRP */
    return(0);
#endif /* CK_SRP */
}

int
ck_crypt_is_installed()
{
#ifdef CK_ENCRYPTION
#ifdef CRYPT_DLL
    return(hCRYPT != NULL);
#else /* CRYPT_DLL */
    return(1);
#endif /* CRYPT_DLL */
#else /* ENCRYPTION */
    return(0);
#endif /* ENCRYPTION */
}

int
ck_ntlm_is_installed()
{
#ifdef NT
    return(hSSPI != NULL);
#else /* NT */
    return(0);
#endif /* NT */
}

int
ck_tn_auth_valid()
{
    return(validUser);
}

/* C K _ K R B _ A U T H _ I N _ P R O G R E S S
 *
 * Is an authentication negotiation still in progress?
 *
 */

int
#ifdef CK_ANSIC
ck_tn_auth_in_progress(void)
#else
ck_tn_auth_in_progress()
#endif
{
    switch (authentication_version) {
    case AUTHTYPE_AUTO:
        return(1);
    case AUTHTYPE_NULL:
        return(0);
#ifdef KRB4
    case AUTHTYPE_KERBEROS_V4:
        if (!accept_complete) {
            debug(F100,"ck_auth_in_progress() Kerberos 4 !accept_complete",
                   "",0);
            return(1);
        }
        else if ((auth_how & AUTH_HOW_MASK) && !mutual_complete) {
            debug(F100,"ck_auth_in_progress() Kerberos 4 !mutual_complete",
                   "",0);
            return(1);
        }
        else
            return(0);
#endif /* KRB4 */
#ifdef KRB5
    case AUTHTYPE_KERBEROS_V5:
        if (!accept_complete) {
            debug(F100,"ck_auth_in_progress() Kerberos 5 !accept_complete",
                   "",0);
            return(1);
        }
        else if ((auth_how & AUTH_HOW_MASK) && !mutual_complete) {
            debug(F100,"ck_auth_in_progress() Kerberos 5 !mutual_complete",
                   "",0);
            return(1);
        }
        else
            return(0);
#ifdef GSSAPI_K5
    case AUTHTYPE_GSSAPI_KRB5:
        if (!accept_complete) {
            debug(F100,
		  "ck_auth_in_progress() GSSAPI Kerberos 5 !accept_complete",
		  "",
		  0
		  );
            return(1);
        }
        else if ((auth_how & AUTH_HOW_MASK) && !mutual_complete) {
            debug(F100,
		  "ck_auth_in_progress() GSSAPI Kerberos 5 !mutual_complete",
		  "",
		  0
		  );
            return(1);
        } else
	  return(0);
        break;
#endif /* GSSAPI_K5 */
#endif /* KRB5 */
#ifdef CK_SRP
    case AUTHTYPE_SRP:
        if (!accept_complete || srp_waitresp)
            return(1);
        else
            return(0);
#endif /* CK_SRP */
#ifdef NTLM
    case AUTHTYPE_NTLM:
        if (!accept_complete) {
            debug(F100,"ck_auth_in_progress() NTLM !accept_complete",
                   "",0);
            return(1);
        }
        else
            return(0);
#endif /* NTLM */
    case AUTHTYPE_SSL:
        if (!accept_complete) {
            debug(F100,"ck_auth_in_progress() SSL !accept_complete",
                   "",0);
            return(1);
        }
        else
            return(0);
    default:
        return(0);
    }
    return(0);
}


/*  C K _ K R B _ T N _ A U T H _ R E Q U E S T
 *
 *  Builds a Telnet Authentication Send Negotiation providing the
 *  list of supported authentication methods.  To be used only
 *  when accepting incoming connections as only the server (DO) side of the
 *  Telnet negotiation is allowed to send an AUTH SEND.
 *
 *  Returns: 0 on success and -1 on failure
 */

static unsigned char str_request[64] = { IAC, SB,
                                             TELOPT_AUTHENTICATION,
                                             TELQUAL_SEND };
#ifdef GSSAPI_K5
static int
ck_tn_auth_request_gsskrb5(int i)
{
    if (ck_gssapi_is_installed() && ck_krb5_is_installed_as_server()) {
        if ( (tn_auth_how == TN_AUTH_HOW_ANY ||
               tn_auth_how == TN_AUTH_HOW_MUTUAL)  &&
             (tn_auth_enc == TN_AUTH_ENC_ANY ||
               tn_auth_enc == TN_AUTH_ENC_EXCH) ) {
            str_request[i++] = AUTHTYPE_KERBEROS_V5;
            str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL;
            str_request[i] |= AUTH_ENCRYPT_AFTER_EXCHANGE;

            if ( deblog || tn_deb || debses )
                ckstrncat(tn_msg,
                "KERBEROS_V5 CLIENT_TO_SERVER|MUTUAL|ENCRYPT_AFTER_EXCHANGE ",
                          TN_MSG_LEN);
            i++;
        }
    }
}
#endif /* GSSAPI_K5 */

#ifdef KRB5
static int
ck_tn_auth_request_krb5(int i)
{
    if (ck_krb5_is_installed_as_server()) {
#ifdef CK_SSL
        if ( ck_ssleay_is_installed() &&
             (tls_active_flag || ssl_active_flag) &&
             ssl_finished_messages )
        {
#ifdef USE_INI_CRED_FWD
            if ( forward_flag &&
                 (tn_auth_how == TN_AUTH_HOW_ANY ||
                   tn_auth_how == TN_AUTH_HOW_MUTUAL)  &&
                 (tn_auth_enc == TN_AUTH_ENC_ANY ||
                   tn_auth_enc == TN_AUTH_ENC_TELOPT)
                 )
            {
                str_request[i++] = AUTHTYPE_KERBEROS_V5;
                str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL;
                str_request[i] |= AUTH_ENCRYPT_START_TLS;
                str_request[i] |= INI_CRED_FWD_ON;

                if ( deblog || tn_deb || debses )
                    ckstrncat(tn_msg,
 "KERBEROS_V5 CLIENT_TO_SERVER|MUTUAL|ENCRYPT_START_TLS|INI_CRED_FWD_ON ",
                               TN_MSG_LEN);
                i++;
            }
#endif /* USE_INI_CRED_FWD */
            if ( (tn_auth_how == TN_AUTH_HOW_ANY ||
                   tn_auth_how == TN_AUTH_HOW_MUTUAL)  &&
                 (tn_auth_enc == TN_AUTH_ENC_ANY ||
                   tn_auth_enc == TN_AUTH_ENC_TELOPT) ) {
                str_request[i++] = AUTHTYPE_KERBEROS_V5;
                str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL;
                str_request[i] |= AUTH_ENCRYPT_START_TLS;

                if ( deblog || tn_deb || debses )
                    ckstrncat(tn_msg,
                      "KERBEROS_V5 CLIENT_TO_SERVER|MUTUAL|ENCRYPT_START_TLS ",
                              TN_MSG_LEN);
                i++;
            }
            if ( tn_auth_how == TN_AUTH_HOW_ANY ||
                 tn_auth_how == TN_AUTH_HOW_ONE_WAY ) {
                str_request[i++] = AUTHTYPE_KERBEROS_V5;
                str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY;
                str_request[i] |= AUTH_ENCRYPT_START_TLS;

                if ( deblog || tn_deb || debses )
                    ckstrncat(tn_msg,
                    "KERBEROS_V5 CLIENT_TO_SERVER|ONE_WAY|ENCRYPT_START_TLS ",
                               TN_MSG_LEN);
                i++;
            }
        }
#ifdef CK_ENCRYPTION
        else
        {
#endif /* CK_ENCRYPTION */
#endif /* CK_SSL */
#ifdef CK_ENCRYPTION
#ifdef USE_INI_CRED_FWD
            if ( forward_flag &&
                 TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_RF &&
                 TELOPT_U_MODE(TELOPT_ENCRYPTION) != TN_NG_RF &&