From: Theodore Tso Date: Tue, 19 Mar 1996 02:39:45 +0000 (+0000) Subject: Makefile.in: Added flags which turn on the encryption option X-Git-Tag: krb5-1.0-beta6~339 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=769c2b3450c3663a0815951eda93ea6f476221ac;p=krb5.git Makefile.in: Added flags which turn on the encryption option telnetd.c (getterminaltype): If the authentication option which was negotiated requires that encryption be turned on, then enforce this here. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7663 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/telnet/telnetd/ChangeLog b/src/appl/telnet/telnetd/ChangeLog index f15d82bad..1b4cd3fa3 100644 --- a/src/appl/telnet/telnetd/ChangeLog +++ b/src/appl/telnet/telnetd/ChangeLog @@ -1,3 +1,11 @@ +Mon Mar 18 20:29:05 1996 Theodore Y. Ts'o + + * Makefile.in: Added flags which turn on the encryption option. + + * telnetd.c (getterminaltype): If the authentication option which + was negotiated requires that encryption be turned on, then + enforce this here. + Mon Feb 26 03:33:48 1996 Sam Hartman * configure.in: Call USE_ANAME diff --git a/src/appl/telnet/telnetd/Makefile.in b/src/appl/telnet/telnetd/Makefile.in index 533633ba3..a0421779f 100644 --- a/src/appl/telnet/telnetd/Makefile.in +++ b/src/appl/telnet/telnetd/Makefile.in @@ -22,7 +22,7 @@ LOCAL_LIBRARIES=-lpty DEPLOCAL_LIBRARIES=$(TOPLIBD)/../util/pty/libpty.a -AUTH_DEF=-DAUTHENTICATION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN +AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON LOCALINCLUDES=-I.. -I$(srcdir)/.. CFLAGS = $(CCOPTS) $(AUTH_DEF) $(OTHERDEFS) $(DEFS) $(LOCALINCLUDES) diff --git a/src/appl/telnet/telnetd/telnetd.c b/src/appl/telnet/telnetd/telnetd.c index aa8ad8101..029add63b 100644 --- a/src/appl/telnet/telnetd/telnetd.c +++ b/src/appl/telnet/telnetd/telnetd.c @@ -51,6 +51,10 @@ static char copyright[] = # undef _SC_CRAY_SECURE_SYS #endif +#include +#include +#include +#include #include #include #if defined(_SC_CRAY_SECURE_SYS) @@ -77,11 +81,16 @@ struct socket_security ss; #if defined(AUTHENTICATION) #include +#include int auth_level = 0; #endif #if defined(SecurID) int require_SecurID = 0; #endif +#ifdef ENCRYPTION +#include +#include +#endif extern int utmp_len; int registerd_host_only = 0; @@ -98,6 +107,8 @@ int registerd_host_only = 0; # include #endif +void doit P((struct sockaddr_in *)); + /* * Because of the way ptyibuf is used with streams messages, we need * ptyibuf+1 to be on a full-word boundary. The following wierdness @@ -428,7 +439,7 @@ main(argc, argv) usage(); /* NOT REACHED */ } else if (argc == 1) { - if (sp = getservbyname(*argv, "tcp")) { + if ((sp = getservbyname(*argv, "tcp"))) { sin.sin_port = sp->s_port; } else { sin.sin_port = atoi(*argv); @@ -569,7 +580,9 @@ main(argc, argv) #endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ net = 0; doit(&from); + /* NOTREACHED */ + return 0; } /* end of main */ void @@ -618,6 +631,16 @@ usage() exit(1); } +static void encrypt_failure() +{ + char *error_message = + "Encryption was not successfully negotiated. Goodbye.\r\n\r\n"; + + writenet(error_message, strlen(error_message)); + netflush(); + exit(1); +} + /* * getterminaltype * @@ -660,6 +683,7 @@ getterminaltype(name) while ( #ifdef ENCRYPTION his_do_dont_is_changing(TELOPT_ENCRYPT) || + his_will_wont_is_changing(TELOPT_ENCRYPT) || #endif /* ENCRYPTION */ his_will_wont_is_changing(TELOPT_TTYPE) || his_will_wont_is_changing(TELOPT_TSPEED) || @@ -676,6 +700,22 @@ getterminaltype(name) if (his_state_is_will(TELOPT_ENCRYPT)) { encrypt_wait(); } + if (auth_must_encrypt()) { + time_t timeout = time(0) + 60; + + if (my_state_is_dont(TELOPT_ENCRYPT) || + my_state_is_wont(TELOPT_ENCRYPT)) + encrypt_failure(); + + if (!EncryptStartInput() || !EncryptStartOutput()) + encrypt_failure(); + + while (!encrypt_is_encrypting()) { + if (time(0) > timeout) + encrypt_failure(); + ttloop(); + } + } #endif /* ENCRYPTION */ if (his_state_is_will(TELOPT_TSPEED)) { static unsigned char sb[] = @@ -828,7 +868,7 @@ extern void telnet P((int, int, char *)); /* * Get a pty, scan input lines. */ -doit(who) +void doit(who) struct sockaddr_in *who; { char *host, *inet_ntoa();