search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kernel - Remove debugging kprintf
[dragonfly.git] / lib / libtelnet / sra.c
blob4a89038b3508ead398860b6cdd2c6e3fa420d274
1 /*-
2 * Copyright (c) 1991, 1993
3 * Dave Safford. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of the University nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * $FreeBSD: src/crypto/telnet/libtelnet/sra.c,v 1.1.2.7 2002/05/16 08:46:49 markm Exp $
30 */
31
32 #ifdef SRA
33 #ifdef ENCRYPTION
34 #include <sys/types.h>
35 #include <arpa/telnet.h>
36 #include <pwd.h>
37 #include <stdio.h>
38 #include <stdlib.h>
39 #include <string.h>
40 #include <syslog.h>
41 #include <ttyent.h>
42
43 #ifndef NOPAM
44 #include <security/pam_appl.h>
45 #else
46 #include <unistd.h>
47 #endif
48
49 #include "auth.h"
50 #include "misc.h"
51 #include "encrypt.h"
52 #include "pk.h"
53
54 char pka[HEXKEYBYTES+1], ska[HEXKEYBYTES+1], pkb[HEXKEYBYTES+1];
55 char *user, *pass, *xuser, *xpass;
56 DesData ck;
57 IdeaData ik;
58
59 #define PASS_SIZE 256
60
61 extern int auth_debug_mode;
62 extern char line[16];
63
64 static int sra_valid = 0;
65 static int passwd_sent = 0;
66
67 static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
68 AUTHTYPE_SRA, };
69
70 #define SRA_KEY 0
71 #define SRA_USER 1
72 #define SRA_CONTINUE 2
73 #define SRA_PASS 3
74 #define SRA_ACCEPT 4
75 #define SRA_REJECT 5
76
77 static int check_user(char *, char *);
78
79 /* support routine to send out authentication message */
80 static int
81 Data(Authenticator *ap, int type, void *d, int c)
82 {
83 unsigned char *p = str_data + 4;
84 unsigned char *cd = (unsigned char *)d;
85
86 if (c == -1)
87 c = strlen((char *)cd);
88
89 if (auth_debug_mode) {
90 printf("%s:%d: [%d] (%d)",
91 str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
92 str_data[3],
93 type, c);
94 printd(d, c);
95 printf("\r\n");
96 }
97 *p++ = ap->type;
98 *p++ = ap->way;
99 *p++ = type;
100 while (c-- > 0) {
101 if ((*p++ = *cd++) == IAC)
102 *p++ = IAC;
103 }
104 *p++ = IAC;
105 *p++ = SE;
106 if (str_data[3] == TELQUAL_IS)
107 printsub('>', &str_data[2], p - (&str_data[2]));
108 return(net_write(str_data, p - str_data));
109 }
110
111 int
112 sra_init(Authenticator *ap __unused, int server)
113 {
114 if (server)
115 str_data[3] = TELQUAL_REPLY;
116 else
117 str_data[3] = TELQUAL_IS;
118
119 user = (char *)malloc(256);
120 xuser = (char *)malloc(513);
121 pass = (char *)malloc(PASS_SIZE);
122 xpass = (char *)malloc(513);
123
124 if (user == NULL || xuser == NULL || pass == NULL || xpass ==
125 NULL)
126 return 0; /* malloc failed */
127
128 passwd_sent = 0;
129
130 genkeys(pka,ska);
131 return(1);
132 }
133
134 /* client received a go-ahead for sra */
135 int
136 sra_send(Authenticator *ap)
137 {
138 /* send PKA */
139
140 if (auth_debug_mode)
141 printf("Sent PKA to server.\r\n" );
142 printf("Trying SRA secure login:\r\n");
143 if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) {
144 if (auth_debug_mode)
145 printf("Not enough room for authentication data\r\n");
146 return(0);
147 }
148
149 return(1);
150 }
151
152 /* server received an IS -- could be SRA KEY, USER, or PASS */
153 void
154 sra_is(Authenticator *ap, unsigned char *data, int cnt)
155 {
156 int valid;
157 Session_Key skey;
158
159 if (cnt-- < 1)
160 goto bad;
161 switch (*data++) {
162
163 case SRA_KEY:
164 if (cnt < HEXKEYBYTES) {
165 Data(ap, SRA_REJECT, (void *)0, 0);
166 auth_finished(ap, AUTH_USER);
167 if (auth_debug_mode) {
168 printf("SRA user rejected for bad PKB\r\n");
169 }
170 return;
171 }
172 if (auth_debug_mode)
173 printf("Sent pka\r\n");
174 if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) {
175 if (auth_debug_mode)
176 printf("Not enough room\r\n");
177 return;
178 }
179 memcpy(pkb,data,HEXKEYBYTES);
180 pkb[HEXKEYBYTES] = '\0';
181 common_key(ska,pkb,&ik,&ck);
182 return;
183
184 case SRA_USER:
185 /* decode KAB(u) */
186 if (cnt > 512) /* Attempted buffer overflow */
187 break;
188 memcpy(xuser,data,cnt);
189 xuser[cnt] = '\0';
190 pk_decode(xuser,user,&ck);
191 auth_encrypt_user(user);
192 Data(ap, SRA_CONTINUE, (void *)0, 0);
193
194 return;
195
196 case SRA_PASS:
197 if (cnt > 512) /* Attempted buffer overflow */
198 break;
199 /* decode KAB(P) */
200 memcpy(xpass,data,cnt);
201 xpass[cnt] = '\0';
202 pk_decode(xpass,pass,&ck);
203
204 /* check user's password */
205 valid = check_user(user,pass);
206
207 if(valid) {
208 Data(ap, SRA_ACCEPT, (void *)0, 0);
209 skey.data = ck;
210 skey.type = SK_DES;
211 skey.length = 8;
212 encrypt_session_key(&skey, 1);
213
214 sra_valid = 1;
215 auth_finished(ap, AUTH_VALID);
216 if (auth_debug_mode) {
217 printf("SRA user accepted\r\n");
218 }
219 }
220 else {
221 Data(ap, SRA_CONTINUE, (void *)0, 0);
222 /*
223 Data(ap, SRA_REJECT, (void *)0, 0);
224 sra_valid = 0;
225 auth_finished(ap, AUTH_REJECT);
226 */
227 if (auth_debug_mode) {
228 printf("SRA user failed\r\n");
229 }
230 }
231 return;
232
233 default:
234 if (auth_debug_mode)
235 printf("Unknown SRA option %d\r\n", data[-1]);
236 }
237 bad:
238 Data(ap, SRA_REJECT, 0, 0);
239 sra_valid = 0;
240 auth_finished(ap, AUTH_REJECT);
241 }
242
243 /* client received REPLY -- could be SRA KEY, CONTINUE, ACCEPT, or REJECT */
244 void
245 sra_reply(Authenticator *ap, unsigned char *data, int cnt)
246 {
247 char uprompt[256],tuser[256];
248 Session_Key skey;
249 size_t i;
250
251 if (cnt-- < 1)
252 return;
253 switch (*data++) {
254
255 case SRA_KEY:
256 /* calculate common key */
257 if (cnt < HEXKEYBYTES) {
258 if (auth_debug_mode) {
259 printf("SRA user rejected for bad PKB\r\n");
260 }
261 return;
262 }
263 memcpy(pkb,data,HEXKEYBYTES);
264 pkb[HEXKEYBYTES] = '\0';
265
266 common_key(ska,pkb,&ik,&ck);
267
268 enc_user:
269
270 /* encode user */
271 memset(tuser,0,sizeof(tuser));
272 sprintf(uprompt,"User (%s): ",UserNameRequested);
273 telnet_gets(uprompt,tuser,255,1);
274 if (tuser[0] == '\n' || tuser[0] == '\r' )
275 strcpy(user,UserNameRequested);
276 else {
277 /* telnet_gets leaves the newline on */
278 for(i=0;i<sizeof(tuser);i++) {
279 if (tuser[i] == '\n') {
280 tuser[i] = '\0';
281 break;
282 }
283 }
284 strcpy(user,tuser);
285 }
286 pk_encode(user,xuser,&ck);
287
288 /* send it off */
289 if (auth_debug_mode)
290 printf("Sent KAB(U)\r\n");
291 if (!Data(ap, SRA_USER, xuser, strlen(xuser))) {
292 if (auth_debug_mode)
293 printf("Not enough room\r\n");
294 return;
295 }
296 break;
297
298 case SRA_CONTINUE:
299 if (passwd_sent) {
300 passwd_sent = 0;
301 printf("[ SRA login failed ]\r\n");
302 goto enc_user;
303 }
304 /* encode password */
305 memset(pass,0,PASS_SIZE);
306 telnet_gets("Password: ",pass,PASS_SIZE-1,0);
307 pk_encode(pass,xpass,&ck);
308 /* send it off */
309 if (auth_debug_mode)
310 printf("Sent KAB(P)\r\n");
311 if (!Data(ap, SRA_PASS, xpass, strlen(xpass))) {
312 if (auth_debug_mode)
313 printf("Not enough room\r\n");
314 return;
315 }
316 passwd_sent = 1;
317 break;
318
319 case SRA_REJECT:
320 printf("[ SRA refuses authentication ]\r\n");
321 printf("Trying plaintext login:\r\n");
322 auth_finished(0,AUTH_REJECT);
323 return;
324
325 case SRA_ACCEPT:
326 printf("[ SRA accepts you ]\r\n");
327 skey.data = ck;
328 skey.type = SK_DES;
329 skey.length = 8;
330 encrypt_session_key(&skey, 0);
331
332 auth_finished(ap, AUTH_VALID);
333 return;
334 default:
335 if (auth_debug_mode)
336 printf("Unknown SRA option %d\r\n", data[-1]);
337 return;
338 }
339 }
340
341 int
342 sra_status(Authenticator *ap __unused, char *name, int level)
343 {
344 if (level < AUTH_USER)
345 return(level);
346 if (UserNameRequested && sra_valid) {
347 strcpy(name, UserNameRequested);
348 return(AUTH_VALID);
349 } else
350 return(AUTH_USER);
351 }
352
353 #define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
354 #define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
355
356 void
357 sra_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
358 {
359 char lbuf[32];
360 int i;
361
362 buf[buflen-1] = '\0'; /* make sure its NULL terminated */
363 buflen -= 1;
364
365 switch(data[3]) {
366
367 case SRA_CONTINUE:
368 strncpy((char *)buf, " CONTINUE ", buflen);
369 goto common;
370
371 case SRA_REJECT: /* Rejected (reason might follow) */
372 strncpy((char *)buf, " REJECT ", buflen);
373 goto common;
374
375 case SRA_ACCEPT: /* Accepted (name might follow) */
376 strncpy((char *)buf, " ACCEPT ", buflen);
377
378 common:
379 BUMP(buf, buflen);
380 if (cnt <= 4)
381 break;
382 ADDC(buf, buflen, '"');
383 for (i = 4; i < cnt; i++)
384 ADDC(buf, buflen, data[i]);
385 ADDC(buf, buflen, '"');
386 ADDC(buf, buflen, '\0');
387 break;
388
389 case SRA_KEY: /* Authentication data follows */
390 strncpy((char *)buf, " KEY ", buflen);
391 goto common2;
392
393 case SRA_USER:
394 strncpy((char *)buf, " USER ", buflen);
395 goto common2;
396
397 case SRA_PASS:
398 strncpy((char *)buf, " PASS ", buflen);
399 goto common2;
400
401 default:
402 sprintf(lbuf, " %d (unknown)", data[3]);
403 strncpy((char *)buf, lbuf, buflen);
404 common2:
405 BUMP(buf, buflen);
406 for (i = 4; i < cnt; i++) {
407 sprintf(lbuf, " %d", data[i]);
408 strncpy((char *)buf, lbuf, buflen);
409 BUMP(buf, buflen);
410 }
411 break;
412 }
413 }
414
415 static int
416 isroot(const char *usr)
417 {
418 struct passwd *pwd;
419
420 if ((pwd=getpwnam(usr))==NULL)
421 return 0;
422 return (!pwd->pw_uid);
423 }
424
425 static int
426 rootterm(char *ttyn)
427 {
428 struct ttyent *t;
429
430 return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE);
431 }
432
433 #ifdef NOPAM
434 static int
435 check_user(char *name, char *cred)
436 {
437 char *xpasswd, *salt;
438
439 if (isroot(name) && !rootterm(line))
440 {
441 crypt("AA","*"); /* Waste some time to simulate success */
442 return(0);
443 }
444
445 if (pw = sgetpwnam(name)) {
446 if (pw->pw_shell == NULL) {
447 pw = NULL;
448 return(0);
449 }
450
451 salt = pw->pw_passwd;
452 xpasswd = crypt(cred, salt);
453 /* The strcmp does not catch null passwords! */
454 if (pw == NULL || *pw->pw_passwd == '\0' ||
455 strcmp(xpasswd, pw->pw_passwd)) {
456 pw = NULL;
457 return(0);
458 }
459 return(1);
460 }
461 return(0);
462 }
463 #else
464
465 /*
466 * The following is stolen from ftpd, which stole it from the imap-uw
467 * PAM module and login.c. It is needed because we can't really
468 * "converse" with the user, having already gone to the trouble of
469 * getting their username and password through an encrypted channel.
470 */
471
472 #define COPY_STRING(s) (s ? strdup(s):NULL)
473
474 struct cred_t {
475 const char *uname;
476 const char *pass;
477 };
478 typedef struct cred_t cred_t;
479
480 static int
481 auth_conv(int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata)
482 {
483 int i;
484 cred_t *cred = (cred_t *) appdata;
485 struct pam_response *reply =
486 malloc(sizeof(struct pam_response) * num_msg);
487
488 if (reply == NULL)
489 return PAM_BUF_ERR;
490
491 for (i = 0; i < num_msg; i++) {
492 switch (msg[i]->msg_style) {
493 case PAM_PROMPT_ECHO_ON: /* assume want user name */
494 reply[i].resp_retcode = PAM_SUCCESS;
495 reply[i].resp = COPY_STRING(cred->uname);
496 /* PAM frees resp. */
497 break;
498 case PAM_PROMPT_ECHO_OFF: /* assume want password */
499 reply[i].resp_retcode = PAM_SUCCESS;
500 reply[i].resp = COPY_STRING(cred->pass);
501 /* PAM frees resp. */
502 break;
503 case PAM_TEXT_INFO:
504 case PAM_ERROR_MSG:
505 reply[i].resp_retcode = PAM_SUCCESS;
506 reply[i].resp = NULL;
507 break;
508 default: /* unknown message style */
509 free(reply);
510 return PAM_CONV_ERR;
511 }
512 }
513
514 *resp = reply;
515 return PAM_SUCCESS;
516 }
517
518 /*
519 * The PAM version as a side effect may put a new username in *name.
520 */
521 static int
522 check_user(char *name, char *cred)
523 {
524 pam_handle_t *pamh = NULL;
525 const void *item;
526 int rval;
527 int e;
528 cred_t auth_cred = { name, cred };
529 struct pam_conv conv = { &auth_conv, &auth_cred };
530
531 e = pam_start("telnetd", name, &conv, &pamh);
532 if (e != PAM_SUCCESS) {
533 syslog(LOG_ERR, "pam_start: %s", pam_strerror(pamh, e));
534 return 0;
535 }
536
537 #if 0 /* Where can we find this value? */
538 e = pam_set_item(pamh, PAM_RHOST, remotehost);
539 if (e != PAM_SUCCESS) {
540 syslog(LOG_ERR, "pam_set_item(PAM_RHOST): %s",
541 pam_strerror(pamh, e));
542 return 0;
543 }
544 #endif
545
546 e = pam_authenticate(pamh, 0);
547 switch (e) {
548 case PAM_SUCCESS:
549 /*
550 * With PAM we support the concept of a "template"
551 * user. The user enters a login name which is
552 * authenticated by PAM, usually via a remote service
553 * such as RADIUS or TACACS+. If authentication
554 * succeeds, a different but related "template" name
555 * is used for setting the credentials, shell, and
556 * home directory. The name the user enters need only
557 * exist on the remote authentication server, but the
558 * template name must be present in the local password
559 * database.
560 *
561 * This is supported by two various mechanisms in the
562 * individual modules. However, from the application's
563 * point of view, the template user is always passed
564 * back as a changed value of the PAM_USER item.
565 */
566 if ((e = pam_get_item(pamh, PAM_USER, &item)) ==
567 PAM_SUCCESS) {
568 strcpy(name, item);
569 } else
570 syslog(LOG_ERR, "Couldn't get PAM_USER: %s",
571 pam_strerror(pamh, e));
572 if (isroot(name) && !rootterm(line))
573 rval = 0;
574 else
575 rval = 1;
576 break;
577
578 case PAM_AUTH_ERR:
579 case PAM_USER_UNKNOWN:
580 case PAM_MAXTRIES:
581 rval = 0;
582 break;
583
584 default:
585 syslog(LOG_ERR, "auth_pam: %s", pam_strerror(pamh, e));
586 rval = 0;
587 break;
588 }
589
590 if ((e = pam_end(pamh, e)) != PAM_SUCCESS) {
591 syslog(LOG_ERR, "pam_end: %s", pam_strerror(pamh, e));
592 rval = 0;
593 }
594 return rval;
595 }
596
597 #endif
598
599 #endif /* ENCRYPTION */
600 #endif /* SRA */
DragonFly BSD