/* * Copyright 2002 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ /* * usr/src/cmd/cmd-inet/usr.bin/telnet/auth.c */ /* * Copyright (c) 1991, 1993 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* based on @(#)auth.c 8.1 (Berkeley) 6/4/93 */ /* * Copyright (C) 1990 by the Massachusetts Institute of Technology * * Export of this software from the United States of America may * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright * notice appear in all copies and that both that copyright notice and * this permission notice appear in supporting documentation, and that * the name of M.I.T. not be used in advertising or publicity pertaining * to distribution of the software without specific, written prior * permission. Furthermore if you modify this software you must label * your software as modified software and not distribute it in such a * fashion that it might be confused with the original M.I.T. software. * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. */ #include #include #include #define AUTHTYPE_NAMES /* this is needed for arpa/telnet.h */ #include #ifdef __STDC__ #include #endif #include #include "externs.h" #include "encrypt.h" #include "auth.h" #define typemask(x) ((x) > 0 ? 1 << ((x)-1) : 0) static int auth_onoff(const char *type, boolean_t on); static void auth_gen_printsub(uchar_t *, uint_t, uchar_t *, uint_t); boolean_t auth_debug_mode = B_FALSE; boolean_t auth_has_failed = B_FALSE; boolean_t auth_enable_encrypt = B_FALSE; static char *Name = "Noname"; static Authenticator *authenticated = NULL; static uchar_t _auth_send_data[BUFSIZ]; static uchar_t *auth_send_data; static int auth_send_cnt = 0; /* * Authentication types supported. Note that these are stored * in priority order, i.e. try the first one first. */ static Authenticator authenticators[] = { { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL|AUTH_ENCRYPT_ON, kerberos5_init, kerberos5_send, kerberos5_reply, kerberos5_status, kerberos5_printsub }, { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL, kerberos5_init, kerberos5_send, kerberos5_reply, kerberos5_status, kerberos5_printsub }, { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY, kerberos5_init, kerberos5_send, kerberos5_reply, kerberos5_status, kerberos5_printsub }, { 0, }, }; static Authenticator NoAuth = { 0 }; static uint_t i_support = 0; static uint_t i_wont_support = 0; /* * Traverse the Authenticator array until we find the authentication type * and matching direction we are looking for. Return a pointer into the * Authenticator type array. * * Returns: 0 - type not found (error) * nonzero - pointer to authenticator */ static Authenticator * findauthenticator(int type, int way) { Authenticator *ap = authenticators; while (ap->type && (ap->type != type || ap->way != way)) ++ap; return (ap->type ? ap : NULL); } /* * For each authentication type in the Authenticator array, * call the associated init routine, and update the i_support bitfield. */ void auth_init(const char *name) { Authenticator *ap = authenticators; Name = name ? strdup(name) : "Noname"; i_support = 0; authenticated = NULL; while (ap->type) { if (!ap->init || (*ap->init)(ap)) { i_support |= typemask(ap->type); if (auth_debug_mode) (void) printf(gettext (">>>%s: I support auth type %d %d\r\n"), Name, ap->type, ap->way); } ++ap; } } /* * Search the Authenticator array for the authentication type 'name', * and disable this type by updating the i_wont_support bitfield. */ void auth_disable_name(const char *name) { uint_t x; for (x = 0; x < AUTHTYPE_CNT; ++x) { if (!strcasecmp(name, AUTHTYPE_NAME(x))) { i_wont_support |= typemask(x); break; } } if (!i_wont_support) (void) printf( gettext("%s : invalid authentication type\n"), name); } /* * Search the Authenticator array for the authentication type given * by the character string 'type', and return its integer bitmask * in maskp. * * Returns: 1 - no error * 0 - type not found (error) */ static int getauthmask(const char *type, uint_t *maskp) { uint_t x; if (!strcasecmp(type, AUTHTYPE_NAME(0))) { *maskp = (uint_t)-1; return (1); } for (x = 1; x < AUTHTYPE_CNT; ++x) { if (!strcasecmp(type, AUTHTYPE_NAME(x))) { *maskp = typemask(x); return (1); } } return (0); } int auth_enable(char *type) { return (auth_onoff(type, B_TRUE)); } int auth_disable(char *type) { return (auth_onoff(type, B_FALSE)); } /* * Responds to the 'auth enable