📄 ckuath.c
字号:
(tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_TELOPT) ) { str_request[i++] = AUTHTYPE_KERBEROS_V5; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL; str_request[i] |= AUTH_ENCRYPT_USING_TELOPT; str_request[i] |= INI_CRED_FWD_ON; if ( deblog || tn_deb || debses ) ckstrncat(tn_msg, "KERBEROS_V5 CLIENT_TO_SERVER|MUTUAL|ENCRYPT_USING_TELOPT|INI_CRED_FWD_ON ", TN_MSG_LEN); i++; }#endif /* USE_INI_CRED_FWD */ if ( TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_RF && TELOPT_U_MODE(TELOPT_ENCRYPTION) != TN_NG_RF && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_TELOPT) ) { str_request[i++] = AUTHTYPE_KERBEROS_V5; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL; str_request[i] |= AUTH_ENCRYPT_USING_TELOPT; if ( deblog || tn_deb || debses ) ckstrncat(tn_msg, "KERBEROS_V5 CLIENT_TO_SERVER|MUTUAL|ENCRYPT_USING_TELOPT ", TN_MSG_LEN); i++; }#ifdef CK_SSL }#endif /* CK_SSL */#endif /* CK_ENCRYPTION */ if ( TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && TELOPT_U_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_NONE)#ifdef CK_SSL && !(ck_ssleay_is_installed() && (tls_active_flag || ssl_active_flag) && tls_is_anon(0))#endif /* CK_SSL */ ) {#ifdef CK_ENCRYPTION /* Can't perform mutual authentication without encryption */ if ( tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL ) { str_request[i++] = AUTHTYPE_KERBEROS_V5; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) ckstrncat(tn_msg,"KERBEROS_V5 CLIENT_TO_SERVER|MUTUAL ", TN_MSG_LEN); i++; }#endif /* CK_ENCRYPTION */ if ( tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY ) { str_request[i++] = AUTHTYPE_KERBEROS_V5; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) ckstrncat(tn_msg,"KERBEROS_V5 CLIENT_TO_SERVER|ONE_WAY ", TN_MSG_LEN); i++; } } } return(i);}#endif /* KRB5 */#ifdef KRB4static intck_tn_auth_request_krb4(int i){ if (ck_krb4_is_installed_as_server()) {#ifdef CK_ENCRYPTION if (TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_RF && TELOPT_U_MODE(TELOPT_ENCRYPTION) != TN_NG_RF && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_TELOPT) ) { str_request[i++] = AUTHTYPE_KERBEROS_V4; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL; str_request[i] |= AUTH_ENCRYPT_USING_TELOPT; if ( deblog || tn_deb || debses ) ckstrncat(tn_msg,"KERBEROS_V4 CLIENT_TO_SERVER|MUTUAL|ENCRYPT ", TN_MSG_LEN); i++; }#endif /* CK_ENCRYPTION */ if (TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && TELOPT_U_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_NONE) ) {#ifdef CK_ENCRYPTION /* Can't perform mutual authentication without encryption */ if ( tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL ) { str_request[i++] = AUTHTYPE_KERBEROS_V4; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_MUTUAL; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) ckstrncat(tn_msg,"KERBEROS_V4 CLIENT_TO_SERVER|MUTUAL ", TN_MSG_LEN); i++; }#endif /* CK_ENCRYPTION */ if ( tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY ) { str_request[i++] = AUTHTYPE_KERBEROS_V4; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) ckstrncat(tn_msg,"KERBEROS_V4 CLIENT_TO_SERVER|ONE_WAY ", TN_MSG_LEN); i++; } } } return(i);}#endif /* KRB4 */#ifdef CK_SRPstatic intck_tn_auth_request_srp(int i){ if (ck_srp_is_installed_as_server()) {#ifndef PRE_SRP_1_4_5 /* Dont' do this yet. SRP when it uses the ENCRYPT_USING_TELOPT */ /* flag it must perform a checksum of the auth-type-pair but there */ /* is no mechansim to do that yet. */#ifdef CK_SSL if ( ck_ssleay_is_installed() && (tls_active_flag || ssl_active_flag) && ssl_finished_messages && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_TELOPT)) { str_request[i++] = AUTHTYPE_SRP; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_START_TLS; if ( deblog || tn_deb || debses ) ckstrncat(tn_msg, "SRP CLIENT_TO_SERVER|ONE_WAY|ENCRYPT_START_TLS ", TN_MSG_LEN); i++; }#ifdef CK_ENCRYPTION else {#endif /* CK_ENCRYPTION */#endif /* CK_SSL */#ifdef CK_ENCRYPTION if (TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_RF && TELOPT_U_MODE(TELOPT_ENCRYPTION) != TN_NG_RF && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_TELOPT) ) { str_request[i++] = AUTHTYPE_SRP; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_USING_TELOPT; if ( deblog || tn_deb || debses ) ckstrncat(tn_msg, "SRP CLIENT_TO_SERVER|ONE_WAY|ENCRYPT_USING_TELOPT ", TN_MSG_LEN); i++; }#ifdef CK_SSL }#endif /* CK_SSL */#endif /* CK_ENCRYPTION */#endif /* PRE_SRP_1_4_5 */ if (TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && TELOPT_U_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_MUTUAL) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_NONE)#ifdef CK_SSL && !(ck_ssleay_is_installed() && (tls_active_flag || ssl_active_flag) && tls_is_anon(0))#endif /* CK_SSL */ ) { str_request[i++] = AUTHTYPE_SRP; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) ckstrncat(tn_msg,"SRP CLIENT_TO_SERVER|ONE_WAY ", TN_MSG_LEN); i++; } } return(i);}#endif /* CK_SRP */#ifdef CK_SSLstatic intck_tn_auth_request_ssl(int i){ if (ck_ssleay_is_installed() && !tls_active_flag && !ssl_active_flag && ssl_initialized ) { if (TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && TELOPT_U_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_NONE) ) { str_request[i++] = AUTHTYPE_SSL; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) ckstrncat(tn_msg,"SSL CLIENT_TO_SERVER|ONE_WAY ", TN_MSG_LEN); i++; } } return(i);}#endif /* CK_SSL */#ifdef NTLMstatic intck_tn_auth_request_ntlm(int i){ /* Microsoft's Telnet client won't perform authentication if */ /* NTLM is not first. */ if ( ck_ntlm_is_valid(1) ) { if (TELOPT_ME_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && TELOPT_U_MODE(TELOPT_ENCRYPTION) != TN_NG_MU && (tn_auth_how == TN_AUTH_HOW_ANY || tn_auth_how == TN_AUTH_HOW_ONE_WAY) && (tn_auth_enc == TN_AUTH_ENC_ANY || tn_auth_enc == TN_AUTH_ENC_NONE) ) { str_request[i++] = AUTHTYPE_NTLM; str_request[i] = AUTH_CLIENT_TO_SERVER | AUTH_HOW_ONE_WAY; str_request[i] |= AUTH_ENCRYPT_OFF; if ( deblog || tn_deb || debses ) ckstrncat(tn_msg,"NTLM CLIENT_TO_SERVER|ONE_WAY ", TN_MSG_LEN); i++; } } return(i);}#endif /* NTLM */int#ifdef CK_ANSICck_tn_auth_request(void)#elseck_tn_auth_request()#endif{ int i = 4, rc = -1;#ifdef CK_SSL if (TELOPT_SB(TELOPT_START_TLS).start_tls.me_follows) { return(0); }#endif /* CK_SSL */ if ( deblog || tn_deb || debses ) strcpy(tn_msg,"TELNET SENT SB AUTHENTICATION SEND "); /* Create a list of acceptable Authentication types to send to */ /* the client and let it choose find one that we support */ /* For those authentication methods that support Encryption or */ /* Credentials Forwarding we must send all of the appropriate */ /* combinations based upon the state of */ /* TELOPT_x_MODE(TELOPT_ENCRYPTION) and forward_flag. */ if ( auth_type_user[0] == AUTHTYPE_AUTO ) {#ifdef GSSAPI_K5 i = ck_tn_auth_request_gsskrb5(i);#endif /* GSSAPI_K5 */#ifdef KRB5 i = ck_tn_auth_request_krb5(i);#endif /* KRB5 */#ifdef KRB4 i = ck_tn_auth_request_krb4(i);#endif /* KRB4 */#ifdef CK_SRP i = ck_tn_auth_request_srp(i);#endif /* SRP */#ifdef CK_SSL i = ck_tn_auth_request_ssl(i);#endif /* CK_SSL */#ifdef NTLM i = ck_tn_auth_request_ntlm(i);#endif /* NTLM */ } else { int j; for ( j=0; j<AUTHTYPLSTSZ && auth_type_user[j] != AUTHTYPE_NULL; j++) {#ifdef NTLM if (auth_type_user[j] == AUTHTYPE_NTLM) i = ck_tn_auth_request_ntlm(i);#endif /* NTLM */#ifdef CK_SSL if ( auth_type_user[j] == AUTHTYPE_SSL ) i = ck_tn_auth_request_ssl(i);#endif /* CK_SSL */#ifdef CK_SRP if ( auth_type_user[j] == AUTHTYPE_SRP ) i = ck_tn_auth_request_srp(i);#endif /* SRP */#ifdef GSSAPI_K5 if ( auth_type_user[j] == AUTHTYPE_GSSAPI_KRB5 ) i = ck_tn_auth_request_gsskrb5(i);#endif /* GSSAPI_K5 */#ifdef KRB5 if ( auth_type_user[j] == AUTHTYPE_KERBEROS_V5 ) i = ck_tn_auth_request_krb5(i);#endif /* KRB5 */#ifdef KRB4 if ( auth_type_user[j] == AUTHTYPE_KERBEROS_V4 ) i = ck_tn_auth_request_krb4(i);#endif /* KRB4 */ } } str_request[i++] = IAC; str_request[i++] = SE; if ( deblog || tn_deb || debses ) { ckstrncat(tn_msg,"IAC SE",TN_MSG_LEN); debug(F100,tn_msg,"",0); if (tn_deb || debses) tn_debug(tn_msg); } /* Send data */#ifdef OS2 RequestTelnetMutex( SEM_INDEFINITE_WAIT );#endif rc = ttol((CHAR *)str_request, i);#ifdef OS2 ReleaseTelnetMutex();#endif if ( rc == i ) return(0); else return(-1);}#ifdef CK_ENCRYPTIONVOIDck_tn_enc_start(){ if (!TELOPT_ME(TELOPT_ENCRYPTION) && !TELOPT_U(TELOPT_ENCRYPTION)) return; if (!TELOPT_SB(TELOPT_ENCRYPTION).encrypt.stop && (!encrypt_is_decrypting() || !encrypt_is_encrypting())) { debug(F110,"ck_tn_enc_start","nothing to do",0); return; } TELOPT_SB(TELOPT_ENCRYPTION).encrypt.stop = 0; if (TELOPT_ME(TELOPT_ENCRYPTION) && !encrypt_is_encrypting()) { debug(F110,"ck_tn_enc_start","encrypt_request_start",0); encrypt_request_start(); } if (TELOPT_U(TELOPT_ENCRYPTION) && !encrypt_is_decrypting()) { debug(F110,"ck_tn_enc_start","encrypt_send_request_start",0); encrypt_send_request_start(); } tn_wait("encrypt start"); tn_push();}VOIDck_tn_enc_stop(){ if (!TELOPT_ME(TELOPT_ENCRYPTION) && !TELOPT_U(TELOPT_ENCRYPTION)) return; if (TELOPT_SB(TELOPT_ENCRYPTION).encrypt.stop || !(encrypt_is_decrypting() || encrypt_is_encrypting())) { debug(F110,"ck_tn_enc_stop","nothing to do",0); return; } TELOPT_SB(TELOPT_ENCRYPTION).encrypt.stop = 1; if (TELOPT_U(TELOPT_ENCRYPTION) && encrypt_is_decrypting()) { debug(F110,"ck_tn_enc_stop","encrypt_send_request_end",0); encrypt_send_request_end(); } if (TELOPT_ME(TELOPT_ENCRYPTION) && encrypt_is_encrypting()) { debug(F110,"ck_tn_enc_stop","encrypt_send_end",0); encrypt_send_end(); } tn_wait("encrypt stop"); tn_push();}#endif /* CK_ENCRYPTION *//* C K _ K R B _ T N _ S B _ A U T H * An interface between the C-Kermit Telnet Command Parser and the Authent- * ication option parser implemented in the Kerberos Telnet client. * * sb - the subnegotiation as calculated in ckcnet.c * len - the length of the buffer * * Returns: 0 on success and -1 on failure */int#ifdef CK_ANSICck_tn_sb_auth(char * sb, int len)#else /* CK_ANSIC */ck_tn_sb_auth(sb,len) char * sb; int len;#endif /* CK_ANSIC */{ /* auth_parse() assumes that sb starts at pos 1 not 0 as in ckcnet.c */ /* and it wants the length to exclude the IAC SE bytes */ CHAR * buf; int rc = -1; buf = malloc(len-1); if ( !buf ) return(-1); buf[0] = SB; memcpy( &buf[1], sb, len-2 ); rc = auth_parse(buf,len-1); free(buf); debug(F111,"ck_tn_sb_auth","rc",rc); if (rc == AUTH_FAILURE) { authentication_version = AUTHTYPE_NULL;#ifndef NOLOCAL#ifdef OS2 ipadl25();#endif /* OS2 */#endif /* NOLOCAL */ return(-1); }#ifndef NOLOCAL#ifdef OS2 ipadl25();#endif /* OS2 */#endif /* NOLOCAL */ return(0);}/* C K _ K R B _ T N _ S B _ E N C R Y P T * An interface between the C-Kermit Telnet Command Parser and the Encryption * option parser implemented in the Kerberos Telnet client. * * sb - the subnegotiation as calculated in ckcnet.c * len - the length of the buffer * * Returns: Always returns 0 for success since encrypt_parse is void */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -