xref: /freebsd/crypto/heimdal/appl/telnet/libtelnet/spx.c (revision 5ca8e32633c4ffbbcd6762e5888b6a4ba0708c6c)
1 /*-
2  * Copyright (c) 1992, 1993
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. All advertising materials mentioning features or use of this software
14  *    must display the following acknowledgement:
15  *	This product includes software developed by the University of
16  *	California, Berkeley and its contributors.
17  * 4. Neither the name of the University nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include <config.h>
35 
36 RCSID("$Id$");
37 
38 #ifdef	SPX
39 /*
40  * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
41  * ALL RIGHTS RESERVED
42  *
43  * "Digital Equipment Corporation authorizes the reproduction,
44  * distribution and modification of this software subject to the following
45  * restrictions:
46  *
47  * 1.  Any partial or whole copy of this software, or any modification
48  * thereof, must include this copyright notice in its entirety.
49  *
50  * 2.  This software is supplied "as is" with no warranty of any kind,
51  * expressed or implied, for any purpose, including any warranty of fitness
52  * or merchantibility.  DIGITAL assumes no responsibility for the use or
53  * reliability of this software, nor promises to provide any form of
54  * support for it on any basis.
55  *
56  * 3.  Distribution of this software is authorized only if no profit or
57  * remuneration of any kind is received in exchange for such distribution.
58  *
59  * 4.  This software produces public key authentication certificates
60  * bearing an expiration date established by DIGITAL and RSA Data
61  * Security, Inc.  It may cease to generate certificates after the expiration
62  * date.  Any modification of this software that changes or defeats
63  * the expiration date or its effect is unauthorized.
64  *
65  * 5.  Software that will renew or extend the expiration date of
66  * authentication certificates produced by this software may be obtained
67  * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
68  * 94065, (415)595-8782, or from DIGITAL"
69  *
70  */
71 
72 #ifdef HAVE_SYS_TYPES_H
73 #include <sys/types.h>
74 #endif
75 #ifdef HAVE_ARPA_TELNET_H
76 #include <arpa/telnet.h>
77 #endif
78 #include <stdio.h>
79 #include "gssapi_defs.h"
80 #include <stdlib.h>
81 #include <string.h>
82 
83 #include <pwd.h>
84 #ifdef SOCKS
85 #include <socks.h>
86 #endif
87 
88 #include "encrypt.h"
89 #include "auth.h"
90 #include "misc.h"
91 
92 extern auth_debug_mode;
93 
94 static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
95 			  		AUTHTYPE_SPX, };
96 static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
97 					TELQUAL_NAME, };
98 
99 #define	SPX_AUTH	0		/* Authentication data follows */
100 #define	SPX_REJECT	1		/* Rejected (reason might follow) */
101 #define SPX_ACCEPT	2		/* Accepted */
102 
103 static des_key_schedule sched;
104 static des_cblock	challenge	= { 0 };
105 
106 
107 /*******************************************************************/
108 
109 gss_OID_set		actual_mechs;
110 gss_OID			actual_mech_type, output_name_type;
111 int			major_status, status, msg_ctx = 0, new_status;
112 int			req_flags = 0, ret_flags, lifetime_rec;
113 gss_cred_id_t		gss_cred_handle;
114 gss_ctx_id_t		actual_ctxhandle, context_handle;
115 gss_buffer_desc		output_token, input_token, input_name_buffer;
116 gss_buffer_desc		status_string;
117 gss_name_t		desired_targname, src_name;
118 gss_channel_bindings	input_chan_bindings;
119 char			lhostname[GSS_C_MAX_PRINTABLE_NAME];
120 char			targ_printable[GSS_C_MAX_PRINTABLE_NAME];
121 int			to_addr=0, from_addr=0;
122 char			*address;
123 gss_buffer_desc		fullname_buffer;
124 gss_OID			fullname_type;
125 gss_cred_id_t		gss_delegated_cred_handle;
126 
127 /*******************************************************************/
128 
129 
130 
131 	static int
132 Data(ap, type, d, c)
133 	Authenticator *ap;
134 	int type;
135 	void *d;
136 	int c;
137 {
138 	unsigned char *p = str_data + 4;
139 	unsigned char *cd = (unsigned char *)d;
140 
141 	if (c == -1)
142 		c = strlen((char *)cd);
143 
144 	if (0) {
145 		printf("%s:%d: [%d] (%d)",
146 			str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
147 			str_data[3],
148 			type, c);
149 		printd(d, c);
150 		printf("\r\n");
151 	}
152 	*p++ = ap->type;
153 	*p++ = ap->way;
154 	*p++ = type;
155 	while (c-- > 0) {
156 		if ((*p++ = *cd++) == IAC)
157 			*p++ = IAC;
158 	}
159 	*p++ = IAC;
160 	*p++ = SE;
161 	if (str_data[3] == TELQUAL_IS)
162 		printsub('>', &str_data[2], p - (&str_data[2]));
163 	return(telnet_net_write(str_data, p - str_data));
164 }
165 
166 	int
167 spx_init(ap, server)
168 	Authenticator *ap;
169 	int server;
170 {
171 	gss_cred_id_t	tmp_cred_handle;
172 
173 	if (server) {
174 		str_data[3] = TELQUAL_REPLY;
175 		gethostname(lhostname, sizeof(lhostname));
176 		snprintf (targ_printable, sizeof(targ_printable),
177 			  "SERVICE:rcmd@%s", lhostname);
178 		input_name_buffer.length = strlen(targ_printable);
179 		input_name_buffer.value = targ_printable;
180 		major_status = gss_import_name(&status,
181 					&input_name_buffer,
182 					GSS_C_NULL_OID,
183 					&desired_targname);
184 		major_status = gss_acquire_cred(&status,
185 					desired_targname,
186 					0,
187 					GSS_C_NULL_OID_SET,
188 					GSS_C_ACCEPT,
189 					&tmp_cred_handle,
190 					&actual_mechs,
191 					&lifetime_rec);
192 		if (major_status != GSS_S_COMPLETE) return(0);
193 	} else {
194 		str_data[3] = TELQUAL_IS;
195 	}
196 	return(1);
197 }
198 
199 	int
200 spx_send(ap)
201 	Authenticator *ap;
202 {
203 	des_cblock enckey;
204 	int r;
205 
206 	gss_OID	actual_mech_type, output_name_type;
207 	int	msg_ctx = 0, new_status, status;
208 	int	req_flags = 0, ret_flags, lifetime_rec, major_status;
209 	gss_buffer_desc  output_token, input_token, input_name_buffer;
210 	gss_buffer_desc  output_name_buffer, status_string;
211 	gss_name_t    desired_targname;
212 	gss_channel_bindings  input_chan_bindings;
213 	char targ_printable[GSS_C_MAX_PRINTABLE_NAME];
214 	int  from_addr=0, to_addr=0, myhostlen, j;
215 	int  deleg_flag=1, mutual_flag=0, replay_flag=0, seq_flag=0;
216 	char *address;
217 
218 	printf("[ Trying SPX ... ]\r\n");
219 	snprintf (targ_printable, sizeof(targ_printable),
220 		  "SERVICE:rcmd@%s", RemoteHostName);
221 
222 	input_name_buffer.length = strlen(targ_printable);
223 	input_name_buffer.value = targ_printable;
224 
225 	if (!UserNameRequested) {
226 		return(0);
227 	}
228 
229 	major_status = gss_import_name(&status,
230 					&input_name_buffer,
231 					GSS_C_NULL_OID,
232 					&desired_targname);
233 
234 
235 	major_status = gss_display_name(&status,
236 					desired_targname,
237 					&output_name_buffer,
238 					&output_name_type);
239 
240 	printf("target is '%.*s'\n", (int)output_name_buffer.length,
241 					(char*)output_name_buffer.value);
242 	fflush(stdout);
243 
244 	major_status = gss_release_buffer(&status, &output_name_buffer);
245 
246 	input_chan_bindings = (gss_channel_bindings)
247 	  malloc(sizeof(gss_channel_bindings_desc));
248 
249 	input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
250 	input_chan_bindings->initiator_address.length = 4;
251 	address = (char *) malloc(4);
252 	input_chan_bindings->initiator_address.value = (char *) address;
253 	address[0] = ((from_addr & 0xff000000) >> 24);
254 	address[1] = ((from_addr & 0xff0000) >> 16);
255 	address[2] = ((from_addr & 0xff00) >> 8);
256 	address[3] = (from_addr & 0xff);
257 	input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
258 	input_chan_bindings->acceptor_address.length = 4;
259 	address = (char *) malloc(4);
260 	input_chan_bindings->acceptor_address.value = (char *) address;
261 	address[0] = ((to_addr & 0xff000000) >> 24);
262 	address[1] = ((to_addr & 0xff0000) >> 16);
263 	address[2] = ((to_addr & 0xff00) >> 8);
264 	address[3] = (to_addr & 0xff);
265 	input_chan_bindings->application_data.length = 0;
266 
267 	req_flags = 0;
268 	if (deleg_flag)  req_flags = req_flags | 1;
269 	if (mutual_flag) req_flags = req_flags | 2;
270 	if (replay_flag) req_flags = req_flags | 4;
271 	if (seq_flag)    req_flags = req_flags | 8;
272 
273 	major_status = gss_init_sec_context(&status,         /* minor status */
274 					GSS_C_NO_CREDENTIAL, /* cred handle */
275 					&actual_ctxhandle,   /* ctx handle */
276 					desired_targname,    /* target name */
277 					GSS_C_NULL_OID,      /* mech type */
278 					req_flags,           /* req flags */
279 					0,                   /* time req */
280 					input_chan_bindings, /* chan binding */
281 					GSS_C_NO_BUFFER,     /* input token */
282 					&actual_mech_type,   /* actual mech */
283 					&output_token,       /* output token */
284 					&ret_flags,          /* ret flags */
285 					&lifetime_rec);      /* time rec */
286 
287 	if ((major_status != GSS_S_COMPLETE) &&
288 	    (major_status != GSS_S_CONTINUE_NEEDED)) {
289 	  gss_display_status(&new_status,
290 				status,
291 				GSS_C_MECH_CODE,
292 				GSS_C_NULL_OID,
293 				&msg_ctx,
294 				&status_string);
295 	  printf("%.*s\n", (int)status_string.length,
296 				(char*)status_string.value);
297 	  return(0);
298 	}
299 
300 	if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
301 		return(0);
302 	}
303 
304 	if (!Data(ap, SPX_AUTH, output_token.value, output_token.length)) {
305 		return(0);
306 	}
307 
308 	return(1);
309 }
310 
311 	void
312 spx_is(ap, data, cnt)
313 	Authenticator *ap;
314 	unsigned char *data;
315 	int cnt;
316 {
317 	Session_Key skey;
318 	des_cblock datablock;
319 	int r;
320 
321 	if (cnt-- < 1)
322 		return;
323 	switch (*data++) {
324 	case SPX_AUTH:
325 		input_token.length = cnt;
326 		input_token.value = (char *) data;
327 
328 		gethostname(lhostname, sizeof(lhostname));
329 
330 		snprintf(targ_printable, sizeof(targ_printable),
331 			 "SERVICE:rcmd@%s", lhostname);
332 
333 		input_name_buffer.length = strlen(targ_printable);
334 		input_name_buffer.value = targ_printable;
335 
336 		major_status = gss_import_name(&status,
337 					&input_name_buffer,
338 					GSS_C_NULL_OID,
339 					&desired_targname);
340 
341 		major_status = gss_acquire_cred(&status,
342 					desired_targname,
343 					0,
344 					GSS_C_NULL_OID_SET,
345 					GSS_C_ACCEPT,
346 					&gss_cred_handle,
347 					&actual_mechs,
348 					&lifetime_rec);
349 
350 		major_status = gss_release_name(&status, desired_targname);
351 
352 		input_chan_bindings = (gss_channel_bindings)
353 		  malloc(sizeof(gss_channel_bindings_desc));
354 
355 		input_chan_bindings->initiator_addrtype = GSS_C_AF_INET;
356 		input_chan_bindings->initiator_address.length = 4;
357 		address = (char *) malloc(4);
358 		input_chan_bindings->initiator_address.value = (char *) address;
359 		address[0] = ((from_addr & 0xff000000) >> 24);
360 		address[1] = ((from_addr & 0xff0000) >> 16);
361 		address[2] = ((from_addr & 0xff00) >> 8);
362 		address[3] = (from_addr & 0xff);
363 		input_chan_bindings->acceptor_addrtype = GSS_C_AF_INET;
364 		input_chan_bindings->acceptor_address.length = 4;
365 		address = (char *) malloc(4);
366 		input_chan_bindings->acceptor_address.value = (char *) address;
367 		address[0] = ((to_addr & 0xff000000) >> 24);
368 		address[1] = ((to_addr & 0xff0000) >> 16);
369 		address[2] = ((to_addr & 0xff00) >> 8);
370 		address[3] = (to_addr & 0xff);
371 		input_chan_bindings->application_data.length = 0;
372 
373 		major_status = gss_accept_sec_context(&status,
374 						&context_handle,
375 						gss_cred_handle,
376 						&input_token,
377 						input_chan_bindings,
378 						&src_name,
379 						&actual_mech_type,
380 						&output_token,
381 						&ret_flags,
382 						&lifetime_rec,
383 						&gss_delegated_cred_handle);
384 
385 
386 		if (major_status != GSS_S_COMPLETE) {
387 
388 		  major_status = gss_display_name(&status,
389 					src_name,
390 					&fullname_buffer,
391 					&fullname_type);
392 			Data(ap, SPX_REJECT, "auth failed", -1);
393 			auth_finished(ap, AUTH_REJECT);
394 			return;
395 		}
396 
397 		major_status = gss_display_name(&status,
398 					src_name,
399 					&fullname_buffer,
400 					&fullname_type);
401 
402 
403 		Data(ap, SPX_ACCEPT, output_token.value, output_token.length);
404 		auth_finished(ap, AUTH_USER);
405 		break;
406 
407 	default:
408 		Data(ap, SPX_REJECT, 0, 0);
409 		break;
410 	}
411 }
412 
413 
414 	void
415 spx_reply(ap, data, cnt)
416 	Authenticator *ap;
417 	unsigned char *data;
418 	int cnt;
419 {
420 	Session_Key skey;
421 
422 	if (cnt-- < 1)
423 		return;
424 	switch (*data++) {
425 	case SPX_REJECT:
426 		if (cnt > 0) {
427 			printf("[ SPX refuses authentication because %.*s ]\r\n",
428 				cnt, data);
429 		} else
430 			printf("[ SPX refuses authentication ]\r\n");
431 		auth_send_retry();
432 		return;
433 	case SPX_ACCEPT:
434 		printf("[ SPX accepts you ]\r\n");
435 		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
436 			/*
437 			 * Send over the encrypted challenge.
438 		 	 */
439 		  input_token.value = (char *) data;
440 		  input_token.length = cnt;
441 
442 		  major_status = gss_init_sec_context(&status, /* minor stat */
443 					GSS_C_NO_CREDENTIAL, /* cred handle */
444 					&actual_ctxhandle,   /* ctx handle */
445 					desired_targname,    /* target name */
446 					GSS_C_NULL_OID,      /* mech type */
447 					req_flags,           /* req flags */
448 					0,                   /* time req */
449 					input_chan_bindings, /* chan binding */
450 					&input_token,        /* input token */
451 					&actual_mech_type,   /* actual mech */
452 					&output_token,       /* output token */
453 					&ret_flags,          /* ret flags */
454 					&lifetime_rec);      /* time rec */
455 
456 		  if (major_status != GSS_S_COMPLETE) {
457 		    gss_display_status(&new_status,
458 					status,
459 					GSS_C_MECH_CODE,
460 					GSS_C_NULL_OID,
461 					&msg_ctx,
462 					&status_string);
463 		    printf("[ SPX mutual response fails ... '%.*s' ]\r\n",
464 			 (int)status_string.length,
465 			 (char*)status_string.value);
466 		    auth_send_retry();
467 		    return;
468 		  }
469 		}
470 		auth_finished(ap, AUTH_USER);
471 		return;
472 
473 	default:
474 		return;
475 	}
476 }
477 
478 	int
479 spx_status(ap, name, name_sz, level)
480 	Authenticator *ap;
481 	char *name;
482 	size_t name_sz;
483 	int level;
484 {
485 
486 	gss_buffer_desc  fullname_buffer, acl_file_buffer;
487 	gss_OID          fullname_type;
488 	char acl_file[160], fullname[160];
489 	int major_status, status = 0;
490 	struct passwd  *pwd;
491 
492 	/*
493 	 * hard code fullname to
494 	 *   "SPX:/C=US/O=Digital/OU=LKG/OU=Sphinx/OU=Users/CN=Kannan Alagappan"
495 	 * and acl_file to "~kannan/.sphinx"
496 	 */
497 
498 	pwd = k_getpwnam(UserNameRequested);
499 	if (pwd == NULL) {
500 	  return(AUTH_USER);   /*  not authenticated  */
501 	}
502 
503 	snprintf (acl_file, sizeof(acl_file),
504 		  "%s/.sphinx", pwd->pw_dir);
505 
506 	acl_file_buffer.value = acl_file;
507 	acl_file_buffer.length = strlen(acl_file);
508 
509 	major_status = gss_display_name(&status,
510 					src_name,
511 					&fullname_buffer,
512 					&fullname_type);
513 
514 	if (level < AUTH_USER)
515 		return(level);
516 
517 	major_status = gss__check_acl(&status, &fullname_buffer,
518 					&acl_file_buffer);
519 
520 	if (major_status == GSS_S_COMPLETE) {
521 	  strlcpy(name, UserNameRequested, name_sz);
522 	  return(AUTH_VALID);
523 	} else {
524 	   return(AUTH_USER);
525 	}
526 
527 }
528 
529 #define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}
530 #define	ADDC(buf, len, c)	if ((len) > 0) {*(buf)++ = (c); --(len);}
531 
532 	void
533 spx_printsub(unsigned char *data, size_t cnt,
534 	     unsigned char *buf, size_t buflen)
535 {
536 	size_t i;
537 
538 	buf[buflen-1] = '\0';		/* make sure it's NULL terminated */
539 	buflen -= 1;
540 
541 	switch(data[3]) {
542 	case SPX_REJECT:		/* Rejected (reason might follow) */
543 		strlcpy((char *)buf, " REJECT ", buflen);
544 		goto common;
545 
546 	case SPX_ACCEPT:		/* Accepted (name might follow) */
547 		strlcpy((char *)buf, " ACCEPT ", buflen);
548 	common:
549 		BUMP(buf, buflen);
550 		if (cnt <= 4)
551 			break;
552 		ADDC(buf, buflen, '"');
553 		for (i = 4; i < cnt; i++)
554 			ADDC(buf, buflen, data[i]);
555 		ADDC(buf, buflen, '"');
556 		ADDC(buf, buflen, '\0');
557 		break;
558 
559 	case SPX_AUTH:			/* Authentication data follows */
560 		strlcpy((char *)buf, " AUTH", buflen);
561 		goto common2;
562 
563 	default:
564 		snprintf(buf, buflen, " %d (unknown)", data[3]);
565 	common2:
566 		BUMP(buf, buflen);
567 		for (i = 4; i < cnt; i++) {
568 			snprintf(buf, buflen, " %d", data[i]);
569 			BUMP(buf, buflen);
570 		}
571 		break;
572 	}
573 }
574 
575 #endif
576 
577 #ifdef notdef
578 
579 prkey(msg, key)
580 	char *msg;
581 	unsigned char *key;
582 {
583 	int i;
584 	printf("%s:", msg);
585 	for (i = 0; i < 8; i++)
586 		printf(" %3d", key[i]);
587 	printf("\r\n");
588 }
589 #endif
590