[2461] in Kerberos-V5-bugs
pending/195: krb5-beta7: Misc CMU telnet patches
daemon@ATHENA.MIT.EDU (John Gardiner Myers)
Thu Nov 14 22:00:14 1996
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: gnats-admin@rt-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, John Gardiner Myers <jgm@cmu.edu>
Date: Thu, 14 Nov 1996 18:56:02 -0800 (PST)
From: John Gardiner Myers <jgm@cmu.edu>
To: krb5-bugs@MIT.EDU
Cc: shadow@andrew.cmu.edu, rob@andrew.cmu.edu
>Number: 195
>Category: pending
>Synopsis: krb5-beta7: Misc CMU telnet patches
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Nov 14 21:58:03 EST 1996
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
[CMU folks: I reversed the sense of the -x switch to telnetd. This isn't
the complete set of patches. Some patches minorly tweaked, and extended
to deal with Kerberos V5.]
The following patch drops in a bunch of CMU changes to telnet/telnetd.
Most of these fix bogosities in the user interface of telnet, and you
should consider making most of these the default (if not making them
always be set.)
A complete description of the options in this set:
* AUTHENTICATE_IS_DEFAULT
* ENCRYPT_IS_DEFAULT
If set, defaults to authenticating and encrypting, respectively. In
my opinion, these should always be on. If possible, one should
*always* authenticate and encrypt--it only costs a bit of CPU, plus
the possible exposure of your identity to the server.
AUTHENITCATE_IS_DEFAULT is not the same as always turning on the -a
switch. The former will always authenticate, but not request
autologin (unless -a is also given).
* VERBOSE_AUTH_OPTION
Turns off all of the "[ Kerberos V5 accepts you ]" chatter by default,
adding a command in telnet to turn it back on. User's don't care--it
should just work. Perhaps the mutual authentication failure warnings
shouldn't be conditionalized, but most of this stuff is noise.
* XAUTHORITY
* XAUTHDIR
Passes the contents of your .Xauthority file, if encryption gets
negotiated on. XAUTHDIR specifies the directory to put the
.Xauthority file in (defaults to /tmp)
Requires The X11 Xau library. I haven't hacked autoconf
to hunt for this properly. Server side requires the "-x" switch to
telnetd to enable; as it requires login to support the
new "-x" switch. Changes for login will be sent under separate cover.
The author of this patch seems to like to use ANSI-specific preprocessor
operations. I could definitely imagine your declining this particular
patch for non-portability.
* SHOW_ENCRYPTION_WARNING
Both client and server print a warning if encryption is NOT turned on.
In my opinion, should always be turned on when ENCRYPTION is turned on.
* ENCRYPT_ANY_PORT
Server always tries to negotiate encryption on, so it happens even
when telnetd is running on a non-default port. In my opinion, should
always be on.
* ALWAYS_ACCEPT_AUTHENTICATION
When the credentials are valid, server always accepts the
authentication protocol exchange, even when the authenticated identity
is not authorized to auto-login. That way, one can get an encrypted
connection to a server, even though one is not authorized to
auto-login. When the authorization check fails, the requested
auto-login userid is passed to the login program, so the user then
gets prompted with "Password:" instead of having to type the userid in
at the "login:" prompt.
In my opinion, should always be turned on.
* VERBOSE_AUTO_LOGIN
When the client requested an auto-login, prints a "login: whatever"
line before invoking login. Goes with the above. In my opinion,
should always be turned on.
Index: arpa/telnet.h
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/arpa/telnet.h,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 telnet.h
*** telnet.h 1996/11/02 20:53:51 1.1.1.1
--- telnet.h 1996/11/15 02:08:43
***************
*** 119,128 ****
#define TELOPT_AUTHENTICATION 37/* Authenticate */
#define TELOPT_ENCRYPT 38 /* Encryption option */
#define TELOPT_NEW_ENVIRON 39 /* New - Environment variables */
#define TELOPT_EXOPL 255 /* extended-options-list */
! #define NTELOPTS (1+TELOPT_NEW_ENVIRON)
#ifdef TELOPTS
char *telopts[NTELOPTS+1] = {
"BINARY", "ECHO", "RCP", "SUPPRESS GO AHEAD", "NAME",
--- 119,129 ----
#define TELOPT_AUTHENTICATION 37/* Authenticate */
#define TELOPT_ENCRYPT 38 /* Encryption option */
#define TELOPT_NEW_ENVIRON 39 /* New - Environment variables */
+ #define TELOPT_XAUTH 41 /* Passing Xauthentication */
#define TELOPT_EXOPL 255 /* extended-options-list */
! #define NTELOPTS (1+TELOPT_XAUTH)
#ifdef TELOPTS
char *telopts[NTELOPTS+1] = {
"BINARY", "ECHO", "RCP", "SUPPRESS GO AHEAD", "NAME",
***************
*** 134,144 ****
"TACACS UID", "OUTPUT MARKING", "TTYLOC",
"3270 REGIME", "X.3 PAD", "NAWS", "TSPEED", "LFLOW",
"LINEMODE", "XDISPLOC", "OLD-ENVIRON", "AUTHENTICATION",
! "ENCRYPT", "NEW-ENVIRON",
0,
};
#define TELOPT_FIRST TELOPT_BINARY
! #define TELOPT_LAST TELOPT_NEW_ENVIRON
#define TELOPT_OK(x) ((unsigned int)(x) <= TELOPT_LAST)
#define TELOPT(x) telopts[(x)-TELOPT_FIRST]
#endif
--- 135,145 ----
"TACACS UID", "OUTPUT MARKING", "TTYLOC",
"3270 REGIME", "X.3 PAD", "NAWS", "TSPEED", "LFLOW",
"LINEMODE", "XDISPLOC", "OLD-ENVIRON", "AUTHENTICATION",
! "ENCRYPT", "NEW-ENVIRON", "XAUTH",
0,
};
#define TELOPT_FIRST TELOPT_BINARY
! #define TELOPT_LAST TELOPT_XAUTH
#define TELOPT_OK(x) ((unsigned int)(x) <= TELOPT_LAST)
#define TELOPT(x) telopts[(x)-TELOPT_FIRST]
#endif
Index: libtelnet/Makefile.in
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/libtelnet/Makefile.in,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 Makefile.in
*** Makefile.in 1996/11/02 20:53:51 1.1.1.1
--- Makefile.in 1996/11/15 01:59:59
***************
*** 20,25 ****
--- 20,28 ----
# @(#)Makefile.generic 5.5 (Berkeley) 3/1/91
#
AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DDES_ENCRYPTION -DKRB5 -DFORWARD \
+ -DAUTHENTICATE_IS_DEFAULT -DENCRYPT_IS_DEFAULT -DVERBOSE_AUTH_OPTION \
+ -DXAUTHORITY -DSHOW_ENCRYPTION_WARNING -DENCRYPT_ANY_PORT \
+ -DALWAYS_ACCEPT_AUTHENTICATION -DVERBOSE_AUTO_LOGIN \
-UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
LOCALINCLUDES=-I.. -I$(srcdir)/.. @KRB4_INCLUDES@
CFLAGS = $(CCOPTS) $(AUTH_DEF) $(DEFS) $(LOCALINCLUDES)
Index: libtelnet/auth.c
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/libtelnet/auth.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 auth.c
*** auth.c 1996/11/02 20:53:52 1.1.1.1
--- auth.c 1996/11/15 00:23:12
***************
*** 94,99 ****
--- 94,102 ----
extern rsaencpwd_printsub();
#endif
+ #ifdef VERBOSE_AUTH_OPTION
+ int auth_verbose = 0;
+ #endif
int auth_debug_mode = 0;
int auth_has_failed = 0;
int auth_enable_encrypt = 0;
***************
*** 578,586 ****
--- 581,595 ----
Authenticator *ap;
int result;
{
+ #ifdef SHOW_ENCRYPTION_WARNING
+ extern void Encryption_Warning();
+ #endif
if (!(authenticated = ap))
authenticated = &NoAuth;
validuser = result;
+ #ifdef SHOW_ENCRYPTION_WARNING
+ if ((result != AUTH_VALID) && (result != AUTH_USER)) Encryption_Warning();
+ #endif
}
/* ARGSUSED */
***************
*** 673,677 ****
--- 682,700 ----
return;
}
*buf = '\0';
+ }
+ #endif
+ #ifdef VERBOSE_AUTH_OPTION
+ int
+ AuthVerbose(on)
+ int on;
+ {
+ if (on < 0)
+ auth_verbose ^= 1;
+ else
+ auth_verbose = on;
+ printf("Authentication %s verbose\r\n",
+ auth_verbose ? "is" : "is not");
+ return(1);
}
#endif
Index: libtelnet/auth.h
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/libtelnet/auth.h,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 auth.h
*** auth.h 1996/11/02 20:53:52 1.1.1.1
--- auth.h 1996/11/14 23:34:29
***************
*** 84,87 ****
--- 84,90 ----
#include "auth-proto.h"
extern auth_debug_mode;
+ #ifdef VERBOSE_AUTH_OPTION
+ extern auth_verbose;
+ #endif
#endif
Index: libtelnet/encrypt.c
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/libtelnet/encrypt.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 encrypt.c
*** encrypt.c 1996/11/02 20:53:52 1.1.1.1
--- encrypt.c 1996/11/15 00:24:51
***************
*** 133,138 ****
--- 133,163 ----
static unsigned char str_start[72] = { IAC, SB, TELOPT_ENCRYPT };
static unsigned char str_end[] = { IAC, SB, TELOPT_ENCRYPT, 0, IAC, SE };
+ #ifdef SHOW_ENCRYPTION_WARNING
+ void
+ Encryption_Warning()
+ {
+ static int done = 0;
+ if (!done && !Server)
+ {
+ printf("Client Warning: Connection not encrypted! Communication may be eavesdropped.\r\n");
+ done = 1;
+ }
+ }
+ int
+ is_encrypted()
+ {
+ if (!havesessionkey) return (0);
+ if (!(I_SUPPORT_ENCRYPT & remote_supports_decrypt)) return (0);
+ while (autoencrypt && !encrypt_output) {
+ if (telnet_spin())
+ return(0);
+ }
+ if (autoencrypt && !encrypt_output) return(0);
+ return (1);
+ }
+ #endif /* SHOW_ENCRYPTION_WARNING */
+
Encryptions *
findencryption(type)
int type;
***************
*** 513,519 ****
--- 538,551 ----
if (use_type) {
ep = findencryption(use_type);
if (!ep)
+ #ifdef SHOW_ENCRYPTION_WARNING
+ {
+ if (!Server) Encryption_Warning();
+ #endif
return;
+ #ifdef SHOW_ENCRYPTION_WARNING
+ }
+ #endif
type = ep->start ? (*ep->start)(DIR_ENCRYPT, Server) : 0;
if (encrypt_debug_mode)
printf(">>>%s: (*ep->start)() returned %d\r\n",
***************
*** 523,528 ****
--- 555,564 ----
encrypt_mode = use_type;
if (type == 0)
encrypt_start_output(use_type);
+ #ifdef SHOW_ENCRYPTION_WARNING
+ } else {
+ if (!Server) Encryption_Warning();
+ #endif
}
}
Index: libtelnet/kerberos.c
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/libtelnet/kerberos.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 kerberos.c
*** kerberos.c 1996/11/02 20:53:52 1.1.1.1
--- kerberos.c 1996/11/15 00:41:17
***************
*** 167,179 ****
--- 167,184 ----
CREDENTIALS cred;
int r;
+ #ifdef VERBOSE_AUTH_OPTION
+ if (auth_verbose)
+ #endif
printf("[ Trying KERBEROS4 ... ]\r\n");
+ #ifndef AUTHENTICATE_IS_DEFAULT
if (!UserNameRequested) {
if (auth_debug_mode) {
printf("Kerberos V4: no user name supplied\r\n");
}
return(0);
}
+ #endif
memset(instance, 0, sizeof(instance));
***************
*** 196,201 ****
--- 201,210 ----
printf("get_cred failed: %s\r\n", krb_err_txt[r]);
return(0);
}
+ #ifdef AUTHENTICATE_IS_DEFAULT
+ if (!UserNameRequested)
+ UserNameRequested = "";
+ #endif
if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
if (auth_debug_mode)
printf("Not enough room for user name\r\n");
***************
*** 292,302 ****
--- 301,326 ----
krb_kntoln(&adat, name);
if (UserNameRequested && !kuserok(&adat, UserNameRequested))
+ #ifdef ALWAYS_ACCEPT_AUTHENTICATION
+ {
+ #endif
Data(ap, KRB_ACCEPT, (void *)0, 0);
+ #ifdef ALWAYS_ACCEPT_AUTHENTICATION
+ auth_finished(ap, AUTH_USER);
+ }
+ #endif
else
+ #ifdef ALWAYS_ACCEPT_AUTHENTICATION
+ {
+ Data(ap, KRB_ACCEPT,
+ (void *)"password required", -1);
+ auth_finished(ap, AUTH_UNKNOWN);
+ }
+ #else
Data(ap, KRB_REJECT,
(void *)"user is not authorized", -1);
auth_finished(ap, AUTH_USER);
+ #endif
break;
case KRB_CHALLENGE:
***************
*** 370,382 ****
--- 394,415 ----
switch (*data++) {
case KRB_REJECT:
if (cnt > 0) {
+ #ifdef VERBOSE_AUTH_OPTION
+ if (auth_verbose)
+ #endif
printf("[ Kerberos V4 refuses authentication because %.*s ]\r\n",
cnt, data);
} else
+ #ifdef VERBOSE_AUTH_OPTION
+ if (auth_verbose)
+ #endif
printf("[ Kerberos V4 refuses authentication ]\r\n");
auth_send_retry();
return;
case KRB_ACCEPT:
+ #ifdef VERBOSE_AUTH_OPTION
+ if (auth_verbose)
+ #endif
printf("[ Kerberos V4 accepts you ]\r\n");
if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
/*
***************
*** 407,417 ****
--- 440,456 ----
sizeof(challenge))))
{
#endif /* ENCRYPTION */
+ #ifdef VERBOSE_AUTH_OPTION
+ if (auth_verbose)
+ #endif
printf("[ Kerberos V4 challenge failed!!! ]\r\n");
auth_send_retry();
return;
#ifdef ENCRYPTION
}
+ #ifdef VERBOSE_AUTH_OPTION
+ if (auth_verbose)
+ #endif
printf("[ Kerberos V4 challenge successful ]\r\n");
auth_finished(ap, AUTH_USER);
#endif /* ENCRYPTION */
***************
*** 429,439 ****
--- 468,484 ----
char *name;
int level;
{
+ #ifdef ALWAYS_ACCEPT_AUTHENTICATION
+ if(UserNameRequested)
+ strcpy(name, UserNameRequested);
+ #endif
if (level < AUTH_USER)
return(level);
if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
+ #ifndef ALWAYS_ACCEPT_AUTHENTICATION
strcpy(name, UserNameRequested);
+ #endif
return(AUTH_VALID);
} else
return(AUTH_USER);
Index: libtelnet/kerberos5.c
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/libtelnet/kerberos5.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 kerberos5.c
*** kerberos5.c 1996/11/02 20:53:52 1.1.1.1
--- kerberos5.c 1996/11/15 00:43:11
***************
*** 217,228 ****
--- 217,230 ----
krb5_keyblock *newkey = 0;
#endif /* ENCRYPTION */
+ #ifndef AUTHENTICATE_IS_DEFAULT
if (!UserNameRequested) {
if (auth_debug_mode) {
printf("Kerberos V5: no user name supplied\r\n");
}
return(0);
}
+ #endif
if ((r = krb5_cc_default(telnet_context, &ccache))) {
if (auth_debug_mode) {
***************
*** 342,347 ****
--- 344,353 ----
return(0);
}
+ #ifdef AUTHENTICATE_IS_DEFAULT
+ if (!UserNameRequested)
+ UserNameRequested = "";
+ #endif
if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
if (auth_debug_mode)
printf("Not enough room for user name\r\n");
***************
*** 565,579 ****
--- 571,594 ----
switch (*data++) {
case KRB_REJECT:
if (cnt > 0) {
+ #ifdef VERBOSE_AUTH_OPTION
+ if (auth_verbose)
+ #endif
printf("[ Kerberos V5 refuses authentication because %.*s ]\r\n",
cnt, data);
} else
+ #ifdef VERBOSE_AUTH_OPTION
+ if (auth_verbose)
+ #endif
printf("[ Kerberos V5 refuses authentication ]\r\n");
auth_send_retry();
return;
case KRB_ACCEPT:
if (!mutual_complete) {
if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
+ #ifdef VERBOSE_AUTH_OPTION
+ if (auth_verbose)
+ #endif
printf("[ Kerberos V5 accepted you, but didn't provide mutual authentication! ]\r\n");
auth_send_retry();
return;
***************
*** 587,595 ****
}
#endif /* ENCRYPTION */
}
! if (cnt)
printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data);
else
printf("[ Kerberos V5 accepts you ]\r\n");
auth_finished(ap, AUTH_USER);
#ifdef FORWARD
--- 602,617 ----
}
#endif /* ENCRYPTION */
}
! if (cnt) {
! #ifdef VERBOSE_AUTH_OPTION
! if (auth_verbose)
! #endif
printf("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data);
+ }
else
+ #ifdef VERBOSE_AUTH_OPTION
+ if (auth_verbose)
+ #endif
printf("[ Kerberos V5 accepts you ]\r\n");
auth_finished(ap, AUTH_USER);
#ifdef FORWARD
***************
*** 609,614 ****
--- 631,640 ----
if ((r = krb5_rd_rep(telnet_context, auth_context, &inbuf,
&reply))) {
+ #ifdef VERBOSE_AUTH_OPTION
+ if (auth_verbose)
+ #endif
+
printf("[ Mutual authentication failed: %s ]\r\n",
error_message(r));
auth_send_retry();
***************
*** 628,636 ****
--- 654,668 ----
return;
#ifdef FORWARD
case KRB_FORWARD_ACCEPT:
+ #ifdef VERBOSE_AUTH_OPTION
+ if (auth_verbose)
+ #endif
printf("[ Kerberos V5 accepted forwarded credentials ]\r\n");
return;
case KRB_FORWARD_REJECT:
+ #ifdef VERBOSE_AUTH_OPTION
+ if (auth_verbose)
+ #endif
printf("[ Kerberos V5 refuses forwarded credentials because %.*s ]\r\n",
cnt, data);
return;
***************
*** 649,654 ****
--- 681,691 ----
char *name;
int level;
{
+ #ifdef ALWAYS_ACCEPT_AUTHENTICATION
+ if(UserNameRequested)
+ strcpy(name, UserNameRequested);
+ #endif
+
if (level < AUTH_USER)
return(level);
***************
*** 656,662 ****
--- 693,701 ----
krb5_kuserok(telnet_context, ticket->enc_part2->client,
UserNameRequested))
{
+ #ifndef ALWAYS_ACCEPT_AUTHENTICATION
strcpy(name, UserNameRequested);
+ #endif
return(AUTH_VALID);
} else
return(AUTH_USER);
Index: telnet/Makefile.in
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/telnet/Makefile.in,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 Makefile.in
*** Makefile.in 1996/11/02 20:53:54 1.1.1.1
--- Makefile.in 1996/11/15 02:20:42
***************
*** 20,28 ****
# @(#)Makefile.generic 5.5 (Berkeley) 3/1/91
#
! AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
OTHERDEFS=-DLINEMODE -DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
! LOCALINCLUDES=-I.. -I$(srcdir)/..
CFLAGS = $(CCOPTS) $(AUTH_DEF) $(OTHERDEFS) $(DEFS) $(LOCALINCLUDES)
ARPA_TELNET= $(srcdir)/../arpa/telnet.h
--- 20,31 ----
# @(#)Makefile.generic 5.5 (Berkeley) 3/1/91
#
! AUTH_DEF= -DAUTHENTICATE_IS_DEFAULT -DENCRYPT_IS_DEFAULT -DVERBOSE_AUTH_OPTION \
! -DXAUTHORITY -DSHOW_ENCRYPTION_WARNING -DENCRYPT_ANY_PORT \
! -DALWAYS_ACCEPT_AUTHENTICATION -DVERBOSE_AUTO_LOGIN \
! -DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
OTHERDEFS=-DLINEMODE -DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
! LOCALINCLUDES=-I.. -I$(srcdir)/.. -I$(srcdir)/../libtelnet
CFLAGS = $(CCOPTS) $(AUTH_DEF) $(OTHERDEFS) $(DEFS) $(LOCALINCLUDES)
ARPA_TELNET= $(srcdir)/../arpa/telnet.h
***************
*** 39,45 ****
all:: telnet
telnet: $(OBJS) $(DEPLIBS) ../libtelnet/libtelnet.a
! $(LD) -o $@ $(LDFLAGS) $(LDARGS) $(OBJS) ../libtelnet/libtelnet.a $(LIBS)
clean::
$(RM) telnet
--- 42,48 ----
all:: telnet
telnet: $(OBJS) $(DEPLIBS) ../libtelnet/libtelnet.a
! $(LD) -o $@ $(LDFLAGS) $(LDARGS) $(OBJS) ../libtelnet/libtelnet.a -L/usr/X11R6/lib -lXau $(LIBS)
clean::
$(RM) telnet
Index: telnet/commands.c
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/telnet/commands.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 commands.c
*** commands.c 1996/11/02 20:53:54 1.1.1.1
--- commands.c 1996/11/15 00:03:17
***************
*** 90,95 ****
--- 90,99 ----
#define MAXDNAME 256 /*per the rfc*/
#endif
+ #ifdef XAUTHORITY
+ extern int doxauth;
+ #endif /* XAUTHORITY */
+
#if defined(IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
***************
*** 627,632 ****
--- 631,639 ----
static int togglehelp P((void));
#if defined(AUTHENTICATION)
extern int auth_togdebug P((int));
+ # ifdef VERBOSE_AUTH_OPTION
+ extern int AuthVerbose P((int));
+ # endif
#endif
#ifdef ENCRYPTION
extern int EncryptAutoEnc P((int));
***************
*** 665,670 ****
--- 672,684 ----
auth_togdebug,
0,
"print authentication debugging information" },
+ #ifdef VERBOSE_AUTH_OPTION
+ { "verbose_auth",
+ "Toggle verbose authentication output",
+ AuthVerbose,
+ 0,
+ "print verbose authentication output" },
+ #endif
#endif
#ifdef ENCRYPTION
{ "autoencrypt",
***************
*** 688,693 ****
--- 702,714 ----
0,
"print encryption debugging information" },
#endif /* ENCRYPTION */
+ #ifdef XAUTHORITY
+ { "doxauth",
+ "sending of xauthority cookies",
+ 0,
+ &doxauth,
+ "Send xauthority cookies (if encrypting)" },
+ #endif /* XAUTHORITY */
{ "skiprc",
"don't read ~/.telnetrc file",
0,
Index: telnet/main.c
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/telnet/main.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 main.c
*** main.c 1996/11/02 20:53:54 1.1.1.1
--- main.c 1996/11/14 23:21:37
***************
*** 297,302 ****
--- 297,306 ----
/* NOTREACHED */
}
}
+ #ifdef ENCRYPT_IS_DEFAULT
+ encrypt_auto(1);
+ decrypt_auto(1);
+ #endif
if (autologin == -1)
autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1;
Index: telnet/telnet.c
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/telnet/telnet.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 telnet.c
*** telnet.c 1996/11/02 20:53:54 1.1.1.1
--- telnet.c 1996/11/15 02:06:00
***************
*** 54,59 ****
--- 54,71 ----
#include "types.h"
#include "general.h"
+ #ifdef XAUTHORITY
+ #include <stdio.h>
+ #include <X11/Xauth.h>
+ #include <des.h>
+ #include "encrypt.h"
+
+ static xauth_server_ok = 0,
+ xauth_encrypt_ok = 0,
+ xauth_sent_once = 0;
+
+ #endif /* XAUTHORITY */
+
�
#define strip(x) ((x)&0x7f)
***************
*** 75,80 ****
--- 87,95 ----
char will_wont_resp[256];
int
+ #ifdef XAUTHORITY
+ doxauth = 1,
+ #endif /* XAUTHORITY */
eight = 0,
autologin = 0, /* Autologin anyone? */
skiprc = 0,
***************
*** 114,119 ****
--- 129,137 ----
#ifdef KLUDGELINEMODE
cc_t echoc;
#endif
+ #ifdef XAUTHORITY
+ FILE *xauthority_file = NULL;
+ #endif /* XAUTHORITY */
/*
* Telnet receiver states for fsm
***************
*** 163,169 ****
{ "3270 mode", 0 },
};
#endif
!
�
/*
* Initialize telnet environment.
--- 181,189 ----
{ "3270 mode", 0 },
};
#endif
! #ifdef SHOW_ENCRYPTION_WARNING
! extern void Encryption_Warning();
! #endif
�
/*
* Initialize telnet environment.
***************
*** 439,444 ****
--- 459,470 ----
set_my_state_dont(option);
return; /* Never reply to TM will's/wont's */
+ #ifdef SHOW_ENCRYPTION_WARNING
+ case TELOPT_ENCRYPT:
+ case TELOPT_AUTHENTICATION:
+ Encryption_Warning();
+ #endif
+
default:
break;
}
***************
*** 495,500 ****
--- 521,531 ----
case TELOPT_SGA: /* no big deal */
#ifdef ENCRYPTION
case TELOPT_ENCRYPT: /* encryption variable option */
+ #ifdef ENCRYPT_ANY_PORT
+ if (my_state_is_wont(TELOPT_ENCRYPT)) {
+ send_will(TELOPT_ENCRYPT, 0);
+ }
+ #endif
#endif /* ENCRYPTION */
new_state_ok = 1;
break;
***************
*** 515,521 ****
--- 546,554 ----
#if defined(AUTHENTICATION)
case TELOPT_AUTHENTICATION:
+ #ifndef AUTHENTICATE_IS_DEFAULT
if (autologin)
+ #endif
new_state_ok = 1;
break;
#endif
***************
*** 525,530 ****
--- 558,575 ----
new_state_ok = 1;
break;
+ #ifdef XAUTHORITY
+ case TELOPT_XAUTH: {
+ char *auth = XauFileName();
+
+ if (doxauth &&
+ env_getvalue("DISPLAY") &&
+ (xauthority_file = fopen(auth, "r")))
+ new_state_ok = 1;
+ }
+ break;
+ #endif /* XAUTHORITY */
+
case TELOPT_LINEMODE:
#ifdef KLUDGELINEMODE
kludgelinemode = 0;
***************
*** 796,801 ****
--- 841,938 ----
next = tnamep;
return(*next++);
}
+ #ifdef XAUTHORITY
+ /* Utility routine to help translate xauth entries */
+
+ static char *xauth_translate(unsigned short len,
+ unsigned char *str,
+ unsigned char *dp)
+ {
+ int sp;
+
+ /* The following sprintf braindamage is necessary because
+ * bsd insists that sprintf should return a pointer
+ * to the buffer (which we *know* already), not the
+ * number of characters output. So we strlen.
+ * Gotta love BSD.
+ */
+
+ sprintf(dp, " %04x ", len);
+ dp += strlen(dp);
+
+ for (sp = 0; sp < len; sp++) {
+ sprintf(dp, "%02x", str[sp]);
+ dp += strlen(dp);
+ }
+ return dp;
+ }
+
+ static void
+ xauth_send_auth()
+ {
+ Xauth *auth;
+ /* Here, we itterate through the file, and send all the xauth
+ * data, one TELQUAL_IS per cookie.
+ */
+
+ xauth_sent_once = 1;
+ while (xauthority_file && (auth = XauReadAuth(xauthority_file))) {
+ int bufsize = 2 * (52 + /* needed for data */
+ auth->address_length +
+ auth->number_length +
+ auth->name_length +
+ auth->data_length);
+
+ {
+ /* unsigned char temp[bufsize];*/
+ unsigned char *temp;
+ unsigned char *dp;
+ int len, sp;
+
+ temp = malloc(bufsize);
+ memset(temp, '\0', bufsize);
+
+ if (auth->family == 256) continue; /* localhost */
+
+ /* Prefix */
+ sprintf(temp,
+ "%c%c%c%c%04x",
+ IAC, SB,
+ TELOPT_XAUTH, TELQUAL_IS,
+ auth->family);
+ dp = temp + 8;
+
+ /* Translate it all */
+
+ #define XAUTH_TRANS(foo) dp = xauth_translate(auth-> ## foo ## _length, \
+ auth-> ## foo, dp)
+
+ XAUTH_TRANS(address);
+ XAUTH_TRANS(number);
+ XAUTH_TRANS(name);
+ XAUTH_TRANS(data);
+
+ #undef XAUTH_TRANS
+
+ /* Postfix */
+ sprintf(dp, "%c%c", IAC, SE);
+ len = dp + 2 - temp;
+
+ if (len < NETROOM()) {
+ ring_supply_data(&netoring, temp, len);
+ printsub('>', temp+2, len - 2);
+ }
+
+ /*@*/ else printf("lm_will: not enough room in buffer\n");
+ free(temp);
+ }
+ XauDisposeAuth(auth);
+ }
+ fclose(xauthority_file);
+ xauthority_file = NULL;
+ }
+
+ #endif /* XAUTHORITY */
/*
* suboption()
*
***************
*** 974,983 ****
--- 1111,1139 ----
}
break;
+ #ifdef XAUTHORITY
+ case TELOPT_XAUTH:
+ if (my_want_state_is_wont(TELOPT_XAUTH))
+ return;
+ if (SB_EOF())
+ return;
+ if (! doxauth || ! xauthority_file)
+ return;
+ if (SB_GET() == TELQUAL_SEND) {
+ xauth_server_ok = 1;
+ if (xauth_encrypt_ok)
+ xauth_send_auth();
+ }
+
+ break;
+ #endif /* XAUTHORITY */
+
#if defined(AUTHENTICATION)
case TELOPT_AUTHENTICATION: {
+ #ifndef AUTHENTICATE_IS_DEFAULT
if (!autologin)
break;
+ #endif
if (SB_EOF())
return;
switch(SB_GET()) {
***************
*** 1014,1019 ****
--- 1170,1180 ----
if (my_want_state_is_dont(TELOPT_ENCRYPT))
return;
encrypt_start(subpointer, SB_LEN());
+ #ifdef XAUTHORITY
+ xauth_encrypt_ok = 1;
+ if (xauth_server_ok && ! xauth_sent_once)
+ xauth_send_auth();
+ #endif
break;
case ENCRYPT_END:
if (my_want_state_is_dont(TELOPT_ENCRYPT))
***************
*** 2268,2274 ****
--- 2429,2437 ----
#endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */
# if !defined(TN3270)
#if defined(AUTHENTICATION)
+ #ifndef AUTHENTICATE_IS_DEFAULT
if (autologin)
+ #endif
send_will(TELOPT_AUTHENTICATION, 1);
#endif
#ifdef ENCRYPTION
***************
*** 2287,2293 ****
--- 2450,2469 ----
send_will(TELOPT_NEW_ENVIRON, 1);
send_do(TELOPT_STATUS, 1);
if (env_getvalue((unsigned char *)"DISPLAY"))
+ #ifdef XAUTHORITY
+ {
+ #endif
send_will(TELOPT_XDISPLOC, 1);
+ #ifdef XAUTHORITY
+ /* Attempt to access the Xauth file */
+ /* You know, I think that if there're *any* entries
+ * in the xauth file, we should send them. (Well,
+ * other than localhost entries :-)
+ */
+ if (xauthority_file)
+ send_will(TELOPT_XAUTH, 1);
+ }
+ #endif /* XAUTHORITY */
if (eight)
tel_enter_binary(eight);
}
Index: telnet/utilities.c
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/telnet/utilities.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 utilities.c
*** utilities.c 1996/11/02 20:53:55 1.1.1.1
--- utilities.c 1996/11/15 00:11:39
***************
*** 751,756 ****
--- 751,773 ----
}
break;
+ #ifdef XAUTHORITY
+ case TELOPT_XAUTH:
+ fprintf(NetTrace, "XAUTHORITY ");
+ switch (pointer[1]) {
+ case TELQUAL_IS:
+ fprintf(NetTrace, "IS \"%.*s\"", length-2, (char *)pointer+2);
+ break;
+ case TELQUAL_SEND:
+ fprintf(NetTrace, "SEND");
+ break;
+ default:
+ fprintf(NetTrace, "- unknown qualifier %d (0x%x).",
+ pointer[1], pointer[1]);
+ }
+ break;
+ #endif
+
case TELOPT_NEW_ENVIRON:
fprintf(NetTrace, "NEW-ENVIRON ");
#ifdef OLD_ENVIRON
Index: telnetd/Makefile.in
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/telnetd/Makefile.in,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 Makefile.in
*** Makefile.in 1996/11/02 20:53:55 1.1.1.1
--- Makefile.in 1996/11/15 02:26:38
***************
*** 22,30 ****
LOCAL_LIBRARIES=-lpty
DEPLOCAL_LIBRARIES=$(TOPLIBD)/../util/pty/libpty.a
! AUTH_DEF=-DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
! LOCALINCLUDES=-I.. -I$(srcdir)/..
CFLAGS = $(CCOPTS) $(AUTH_DEF) $(OTHERDEFS) $(DEFS) $(LOCALINCLUDES)
ARPA_TELNET= $(srcdir)/../arpa/telnet.h
--- 22,33 ----
LOCAL_LIBRARIES=-lpty
DEPLOCAL_LIBRARIES=$(TOPLIBD)/../util/pty/libpty.a
! AUTH_DEF= -DAUTHENTICATE_IS_DEFAULT -DENCRYPT_IS_DEFAULT -DVERBOSE_AUTH_OPTION \
! -DXAUTHORITY -DSHOW_ENCRYPTION_WARNING -DENCRYPT_ANY_PORT \
! -DALWAYS_ACCEPT_AUTHENTICATION -DVERBOSE_AUTO_LOGIN \
! -DAUTHENTICATION -DENCRYPTION -DKRB5 -DFORWARD -UNO_LOGIN_F -DLOGIN_CAP_F -DLOGIN_PROGRAM=KRB5_PATH_LOGIN
OTHERDEFS=-DKLUDGELINEMODE -DDIAGNOSTICS -DENV_HACK -DOLD_ENVIRON
! LOCALINCLUDES=-I.. -I$(srcdir)/.. -I$(srcdir)/../libtelnet
CFLAGS = $(CCOPTS) $(AUTH_DEF) $(OTHERDEFS) $(DEFS) $(LOCALINCLUDES)
ARPA_TELNET= $(srcdir)/../arpa/telnet.h
***************
*** 54,60 ****
all:: telnetd
telnetd: $(OBJS) $(DEPLIBS) ../libtelnet/libtelnet.a
! $(LD) -o $@ $(LDFLAGS) $(LDARGS) $(OBJS) ../libtelnet/libtelnet.a $(LIBS)
clean::
$(RM) telnetd
--- 57,63 ----
all:: telnetd
telnetd: $(OBJS) $(DEPLIBS) ../libtelnet/libtelnet.a
! $(LD) -o $@ $(LDFLAGS) $(LDARGS) $(OBJS) ../libtelnet/libtelnet.a -L/usr/X11R6/lib -lXau $(LIBS)
clean::
$(RM) telnetd
Index: telnetd/ext.h
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/telnetd/ext.h,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 ext.h
*** ext.h 1996/11/02 20:53:55 1.1.1.1
--- ext.h 1996/11/15 02:38:45
***************
*** 211,221 ****
--- 211,227 ----
environsubopt, /* environ subopt is received */
oenvironsubopt, /* old environ subopt is received */
xdisplocsubopt, /* xdisploc subopt is received */
+ #ifdef XAUTHORITY
+ xauthsubopt, /* xauth subopt is received */
+ #endif /* XAUTHORITY */
baseline, /* time started to do timed action */
gotDM; /* when did we last see a data mark */
} clocks;
+ #ifdef XAUTHORITY
+ extern int enable_xauth;
+ #endif
#if defined(CRAY2) && defined(UNICOS5)
extern int needtermstat;
#endif
Index: telnetd/state.c
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/telnetd/state.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 state.c
*** state.c 1996/11/02 20:53:55 1.1.1.1
--- state.c 1996/11/15 02:38:54
***************
*** 38,43 ****
--- 38,50 ----
#include <libtelnet/auth.h>
#endif
+ #ifdef XAUTHORITY
+ #include <X11/Xauth.h>
+ #include <des.h>
+ #include "encrypt.h"
+ extern FILE *xauthority_file;
+ #endif /* XAUTHORITY */
+
unsigned char doopt[] = { IAC, DO, '%', 'c', 0 };
unsigned char dont[] = { IAC, DONT, '%', 'c', 0 };
unsigned char will[] = { IAC, WILL, '%', 'c', 0 };
***************
*** 566,571 ****
--- 573,581 ----
case TELOPT_NAWS:
case TELOPT_TSPEED:
case TELOPT_XDISPLOC:
+ #ifdef XAUTHORITY
+ case TELOPT_XAUTH:
+ #endif /* XAUTHORITY */
case TELOPT_NEW_ENVIRON:
case TELOPT_OLD_ENVIRON:
changeok++;
***************
*** 781,786 ****
--- 791,802 ----
settimer(xdisplocsubopt);
break;
+ #ifdef XAUTHORITY
+ case TELOPT_XAUTH:
+ settimer(xauthsubopt);
+ break;
+ #endif /* XAUTHORITY */
+
case TELOPT_OLD_ENVIRON:
settimer(oenvironsubopt);
break;
***************
*** 962,967 ****
--- 978,986 ----
case TELOPT_TSPEED:
case TELOPT_LFLOW:
case TELOPT_XDISPLOC:
+ #ifdef XAUTHORITY
+ case TELOPT_XAUTH:
+ #endif /* XAUTHORITY */
#ifdef TELOPT_ENVIRON
case TELOPT_NEW_ENVIRON:
#endif
***************
*** 1091,1096 ****
--- 1110,1171 ----
# define env_ovalue OLD_ENV_VALUE
#endif /* ENV_HACK */
+ #ifdef XAUTHORITY
+ /* Utility functions for xauth translation */
+
+ static int xauth_hexval(char foo) {
+ return (foo >= '0' && foo <= '9' ? foo - '0' :
+ foo >= 'A' && foo <= 'F' ? foo - 'A' + 10 :
+ foo >= 'a' && foo <= 'f' ? foo - 'a' + 10 : 0);
+ }
+
+ static unsigned short xauth_getushort() {
+ unsigned short val = 0;
+ int i;
+ char s;
+
+ for (i = 0; i < 4; i++) {
+ while (! SB_EOF() && isspace(s = SB_GET()));
+ if (SB_EOF()) break;
+ val *= 16;
+ val += xauth_hexval(s);
+ }
+ return val;
+ }
+
+ static char *xauth_getbytes(unsigned short len) {
+ char *loc, s;
+ int ind, i;
+
+ if (! (loc = malloc(len)))
+ return NULL;
+
+ while (! SB_EOF()) {
+ SB_SAVE();
+ if (! isspace(SB_GET()))
+ break;
+ }
+
+ if (SB_EOF()) {
+ free(loc);
+ return NULL;
+ }
+
+ SB_RESTORE();
+
+ for (ind = 0; ind < len; ind++) {
+ loc[ind] = 0;
+ for (i = 0; i < 2; i++) {
+ while (! SB_EOF() && isspace(s = SB_GET()));
+ loc[ind] *= 16;
+ loc[ind] += xauth_hexval(s);
+ }
+ }
+
+ return loc;
+ }
+ #endif /* XAUTHORITY */
+
/*
* suboption()
*
***************
*** 1270,1275 ****
--- 1345,1390 ----
(void)setenv("DISPLAY", (char *)subpointer, 1);
break;
} /* end of case TELOPT_XDISPLOC */
+
+ #ifdef XAUTHORITY
+ case TELOPT_XAUTH: {
+ if (enable_xauth) {
+ Xauth auth;
+ int sp;
+
+ if (SB_EOF() || SB_GET() != TELQUAL_IS)
+ return;
+ settimer(xauthsubopt);
+
+ /* Here's where we take the packet of data and
+ * add it to the xauth file.
+ */
+
+ auth.family = xauth_getushort();
+
+ #define XAUTH_RETRIEVE(foo) \
+ auth. ## foo = \
+ xauth_getbytes(auth. ## foo ## _length = xauth_getushort());
+
+ XAUTH_RETRIEVE(address);
+ XAUTH_RETRIEVE(number);
+ XAUTH_RETRIEVE(name);
+ XAUTH_RETRIEVE(data);
+ #undef XAUTH_RETRIEVE
+
+ if (xauthority_file) {
+ XauWriteAuth(xauthority_file, &auth);
+ fflush(xauthority_file);
+ }
+
+ free(auth.address);
+ free(auth.number);
+ free(auth.name);
+ free(auth.data);
+ } /* !disable_xauth */
+ break;
+ } /* end of case TELOPT_XAUTH */
+ #endif /* XAUTHORITY */
#ifdef TELOPT_NEW_ENVIRON
case TELOPT_NEW_ENVIRON:
Index: telnetd/sys_term.c
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/telnetd/sys_term.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 sys_term.c
*** sys_term.c 1996/11/02 20:53:55 1.1.1.1
--- sys_term.c 1996/11/15 02:39:07
***************
*** 176,181 ****
--- 176,186 ----
# endif
#endif /* USE_TERMIO */
+ #ifdef XAUTHORITY
+ extern int xauthority_fd;
+ extern char *xauthority_name;
+ #endif /* XAUTHORITY */
+
#ifndef SETPGRP_TWOARG
#define setpgrp(a,b) setpgrp()
#endif
***************
*** 1268,1273 ****
--- 1273,1294 ----
if (require_SecurID)
argv = addarg(argv, "-s");
#endif
+ #ifdef XAUTHORITY
+ if (enable_xauth && xauthority_fd >= 0) {
+ fcntl(xauthority_fd, F_SETFD, 0);
+ (void)setenv("XAUTHORITY", (char *)xauthority_name, 1);
+ argv = addarg(argv, "-x");
+ {
+ char buf[16]; /* yeah, like there'll EVER be this many fds */
+
+
+
+
+ sprintf(buf, "%d", xauthority_fd);
+ argv = addarg(argv, buf);
+ }
+ }
+ #endif /* XAUTHORITY */
#if defined (AUTHENTICATION)
if (auth_level >= 0 && autologin == AUTH_VALID) {
# if !defined(NO_LOGIN_F)
Index: telnetd/telnetd.c
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/telnetd/telnetd.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 telnetd.c
*** telnetd.c 1996/11/02 20:53:56 1.1.1.1
--- telnetd.c 1996/11/15 02:39:20
***************
*** 141,146 ****
--- 141,158 ----
char *progname;
extern void usage P((void));
+ #ifdef VERBOSE_AUTO_LOGIN
+ char user_name[256];
+ #endif
+ #ifdef XAUTHORITY
+ #ifndef XAUTHDIR
+ #define XAUTHDIR "/tmp"
+ #endif
+ int enable_xauth = 0;
+ FILE *xauthority_file = NULL;
+ int xauthority_fd = -1;
+ char *xauthority_name = NULL;
+ #endif
/*
* The string to pass to getopt(). We do it this way so
***************
*** 176,181 ****
--- 188,196 ----
#ifdef KRB5
'R', ':', 't', ':',
#endif
+ #ifdef XAUTHORITY
+ 'x',
+ #endif
'\0'
};
***************
*** 409,414 ****
--- 424,434 ----
auth_disable_name(optarg);
break;
#endif /* AUTHENTICATION */
+ #ifdef XAUTHORITY
+ case 'x':
+ enable_xauth = 0;
+ break;
+ #endif
default:
fprintf(stderr, "telnetd: %c: unknown option\n", ch);
***************
*** 670,675 ****
--- 690,698 ----
send_do(TELOPT_TTYPE, 1);
send_do(TELOPT_TSPEED, 1);
send_do(TELOPT_XDISPLOC, 1);
+ #ifdef XAUTHORITY
+ send_do(TELOPT_XAUTH, 1);
+ #endif /* XAUTHORITY */
send_do(TELOPT_NEW_ENVIRON, 1);
send_do(TELOPT_OLD_ENVIRON, 1);
while (
***************
*** 680,685 ****
--- 703,711 ----
his_will_wont_is_changing(TELOPT_TTYPE) ||
his_will_wont_is_changing(TELOPT_TSPEED) ||
his_will_wont_is_changing(TELOPT_XDISPLOC) ||
+ #ifdef XAUTHORITY
+ his_will_wont_is_changing(TELOPT_XAUTH) ||
+ #endif /* XAUTHORITY */
his_will_wont_is_changing(TELOPT_NEW_ENVIRON) ||
his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) {
ttloop();
***************
*** 726,731 ****
--- 752,795 ----
memcpy(nfrontp, sb, sizeof sb);
nfrontp += sizeof sb;
}
+ #ifdef XAUTHORITY
+ if (his_state_is_will(TELOPT_XAUTH)) {
+ static unsigned retry_count = 0;
+ static unsigned char sb[] =
+ { IAC, SB, TELOPT_XAUTH, TELQUAL_SEND, IAC, SE };
+ memmove(nfrontp, sb, sizeof sb);
+ nfrontp += sizeof sb;
+ DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+ /* Allocate a file for the auth entry in /xauth
+ * (or wherever the Makefile tells us to)
+ */
+
+ #ifdef TMP_MAX
+ #define XAUTH_TMP_MAX TMP_MAX
+ #else /* TMP_MAX */
+ #define XAUTH_TMP_MAX 17576
+ #endif /* TMP_MAX */
+
+ while (retry_count < XAUTH_TMP_MAX) {
+ if (! (xauthority_name = tempnam(XAUTHDIR, "xauth_")))
+ break;
+
+ #undef XAUTH_TMP_MAX
+
+ xauthority_fd = open(xauthority_name,
+ O_RDWR | O_CREAT | O_EXCL, 0600);
+
+ if (xauthority_fd >= 0 || errno != EEXIST)
+ break;
+
+ free(xauthority_name);
+ xauthority_name = NULL;
+ retry_count++;
+ }
+ if (xauthority_fd >= 0)
+ xauthority_file = fdopen(xauthority_fd, "r+");
+ }
+ #endif /* XAUTHORITY */
if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
static unsigned char sb[] =
{ IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE };
***************
*** 753,758 ****
--- 817,828 ----
while (sequenceIs(xdisplocsubopt, baseline))
ttloop();
}
+ #ifdef XAUTHORITY
+ if (his_state_is_will(TELOPT_XAUTH)) {
+ while (sequenceIs(xdisplocsubopt, baseline))
+ ttloop();
+ }
+ #endif /* XAUTHORITY */
if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
while (sequenceIs(environsubopt, baseline))
ttloop();
***************
*** 870,876 ****
--- 940,948 ----
struct hostent *hp;
int level;
int ptynum;
+ #ifndef VERBOSE_AUTO_LOGIN
char user_name[256];
+ #endif
long retval;
/*
* Find an available pty to use.
***************
*** 1184,1192 ****
--- 1256,1266 ----
*/
#if !defined(CRAY) || !defined(NEWINIT)
+ #ifndef VERBOSE_AUTO_LOGIN
if (getenv("USER"))
hostinfo = 0;
#endif
+ #endif
if (getent(defent, "default") == 1) {
char *getstr();
***************
*** 1204,1211 ****
--- 1278,1311 ----
HEstr = 0;
}
edithost(HEstr, host_name);
+ #ifdef SHOW_ENCRYPTION_WARNING
+ {
+ #define TABBUFSIZ 512
+ char banner[TABBUFSIZ];
+ #undef TABBUFSIZ
+
+ bzero(banner,sizeof(banner));
+ if (my_state_is_wont(TELOPT_ENCRYPT) || !is_encrypted())
+ {
+ (void *) strcpy(banner, "Server Warning: Connection not encrypted! Communication may be eavesdropped.\r\n");
+ }
+ strcat(banner,IM);
+
+ if (hostinfo && banner)
+ putf(banner, ptyibuf2);
+ }
+ #else
if (hostinfo && *IM)
putf(IM, ptyibuf2);
+ #endif
+ #ifdef VERBOSE_AUTO_LOGIN
+ if (user_name && strcmp(user_name, ""))
+ {
+ (void *) strcat(ptyibuf2, "login: ");
+ (void *) strcat(ptyibuf2, user_name);
+ (void *) strcat(ptyibuf2, "\r\n");
+ }
+ #endif
if (pcc)
(void) strncat(ptyibuf2, ptyip, pcc+1);
Index: telnetd/utility.c
===================================================================
RCS file: /usr/system/portola/cvsroot/security/krb5/src/appl/telnet/telnetd/utility.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 utility.c
*** utility.c 1996/11/02 20:53:56 1.1.1.1
--- utility.c 1996/11/15 00:19:31
***************
*** 883,888 ****
--- 883,906 ----
}
nfrontp += strlen(nfrontp);
break;
+ #ifdef XAUTHORITY
+ case TELOPT_XAUTH:
+ sprintf(nfrontp, "XAUTHORITY ");
+ nfrontp += strlen(nfrontp);
+ switch (pointer[1]) {
+ case TELQUAL_IS:
+ sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2);
+ break;
+ case TELQUAL_SEND:
+ sprintf(nfrontp, "SEND");
+ break;
+ default:
+ sprintf(nfrontp, "- unknown qualifier %d (0x%x).",
+ pointer[1], pointer[1]);
+ }
+ nfrontp += strlen(nfrontp);
+ break;
+ #endif /* XAUTHORITY */
case TELOPT_NEW_ENVIRON:
sprintf(nfrontp, "NEW-ENVIRON ");
(end of message)
