+Mon Mar 18 20:29:05 1996 Theodore Y. Ts'o <tytso@dcl>
+
+ * Makefile.in: Added flags which turn on the encryption option.
+
+ * telnetd.c (getterminaltype): If the authentication option which
+ was negotiated requires that encryption be turned on, then
+ enforce this here.
+
Mon Feb 26 03:33:48 1996 Sam Hartman <hartmans@tertius.mit.edu>
* configure.in: Call USE_ANAME
LOCAL_LIBRARIES=-lpty
DEPLOCAL_LIBRARIES=$(TOPLIBD)/../util/pty/libpty.a
-AUTH_DEF=-DAUTHENTICATION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
+AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
LOCALINCLUDES=-I.. -I$(srcdir)/..
CFLAGS = $(CCOPTS) $(AUTH_DEF) $(OTHERDEFS) $(DEFS) $(LOCALINCLUDES)
# undef _SC_CRAY_SECURE_SYS
#endif
+#include <stdio.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <netdb.h>
#include <libpty.h>
#include <com_err.h>
#if defined(_SC_CRAY_SECURE_SYS)
#if defined(AUTHENTICATION)
#include <libtelnet/auth.h>
+#include <libtelnet/auth-proto.h>
int auth_level = 0;
#endif
#if defined(SecurID)
int require_SecurID = 0;
#endif
+#ifdef ENCRYPTION
+#include <libtelnet/encrypt.h>
+#include <libtelnet/enc-proto.h>
+#endif
extern int utmp_len;
int registerd_host_only = 0;
# include <sys/ptyvar.h>
#endif
+void doit P((struct sockaddr_in *));
+
/*
* Because of the way ptyibuf is used with streams messages, we need
* ptyibuf+1 to be on a full-word boundary. The following wierdness
usage();
/* NOT REACHED */
} else if (argc == 1) {
- if (sp = getservbyname(*argv, "tcp")) {
+ if ((sp = getservbyname(*argv, "tcp"))) {
sin.sin_port = sp->s_port;
} else {
sin.sin_port = atoi(*argv);
#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
net = 0;
doit(&from);
+
/* NOTREACHED */
+ return 0;
} /* end of main */
void
exit(1);
}
+static void encrypt_failure()
+{
+ char *error_message =
+ "Encryption was not successfully negotiated. Goodbye.\r\n\r\n";
+
+ writenet(error_message, strlen(error_message));
+ netflush();
+ exit(1);
+}
+
/*
* getterminaltype
*
while (
#ifdef ENCRYPTION
his_do_dont_is_changing(TELOPT_ENCRYPT) ||
+ his_will_wont_is_changing(TELOPT_ENCRYPT) ||
#endif /* ENCRYPTION */
his_will_wont_is_changing(TELOPT_TTYPE) ||
his_will_wont_is_changing(TELOPT_TSPEED) ||
if (his_state_is_will(TELOPT_ENCRYPT)) {
encrypt_wait();
}
+ if (auth_must_encrypt()) {
+ time_t timeout = time(0) + 60;
+
+ if (my_state_is_dont(TELOPT_ENCRYPT) ||
+ my_state_is_wont(TELOPT_ENCRYPT))
+ encrypt_failure();
+
+ if (!EncryptStartInput() || !EncryptStartOutput())
+ encrypt_failure();
+
+ while (!encrypt_is_encrypting()) {
+ if (time(0) > timeout)
+ encrypt_failure();
+ ttloop();
+ }
+ }
#endif /* ENCRYPTION */
if (his_state_is_will(TELOPT_TSPEED)) {
static unsigned char sb[] =
/*
* Get a pty, scan input lines.
*/
-doit(who)
+void doit(who)
struct sockaddr_in *who;
{
char *host, *inet_ntoa();
projects / krb5.git / commitdiff