| blob | 0d5858c26707e9b82afeff3930dfbddf3d8d245f |
1 Index: README
2 ===================================================================
3 RCS file: /cvsroot/inetutils/inetutils/README,v
4 retrieving revision 1.10
5 diff -u -p -r1.10 README
6 --- README 25 Dec 2001 18:47:44 -0000 1.10
7 +++ README 9 Aug 2003 21:10:35 -0000
8 @@ -47,6 +47,12 @@ not want to install these files.
9 install setuid root to work correctly they use priviledge ports
10 for communication.
12 +3) If both Kerberos 5 (MIT and Heimdal) and Shishi is specified, the
13 +applications that have been ported to use Shishi will use Shishi only,
14 +and the applications that have not been ported to use Shishi will use
15 +MIT or Heimdal Kerberos. If you want MIT or Heimdal instead of
16 +Shishi, don't specify --with-shishi.
17 +
18 Some known deficiencies:
19 o Many programs do not support long options, such as --version or --help.
20 o The authentication and encryption options have not been tested.
21 Index: configure.ac
22 ===================================================================
23 RCS file: /cvsroot/inetutils/inetutils/configure.ac,v
24 retrieving revision 1.18
25 diff -u -p -r1.18 configure.ac
26 --- configure.ac 24 May 2003 23:36:45 -0000 1.18
27 +++ configure.ac 9 Aug 2003 21:10:35 -0000
28 @@ -1,6 +1,6 @@
29 # Configuration for inetutils
30 #
31 -# Copyright (C) 1995, 1996, 1997, 1998, 2000, 2001, 2002 Free Software Foundation, Inc.
32 +# Copyright (C) 1995, 1996, 1997, 1998, 2000, 2001, 2002, 2003 Free Software Foundation, Inc.
33 #
34 # Written by Miles Bader <miles@gnu.ai.mit.edu>
35 #
36 @@ -63,6 +63,9 @@ AC_ARG_WITH(krb4, [ --with-krb4[[=PATH]
37 AC_ARG_WITH(krb5, [ --with-krb5[[=PATH]] Compile with Kerberos V],
38 [KERBEROS_VERSION=5
39 KERBEROS_DIR=$withval])
40 +AC_ARG_WITH(shishi, AC_HELP_STRING([--with-shishi[[=PATH]]],
41 + [Compile with Shishi (Kerberos 5)]),
42 + [SHISHI_DIR=$withval])
43 AC_ARG_WITH(wrap, [ --with-wrap add tcp wrapper support])
44 AC_ARG_WITH(pam, [ --with-pam add support for PAM])
46 @@ -242,6 +245,7 @@ if test "$enable_encryption" = yes -o "$
47 AH_TEMPLATE(KERBEROS, [Define to one if you have Kerberos])
48 AH_TEMPLATE(KRB4, [Define to one if you have Kerberos IV])
49 AH_TEMPLATE(KRB5, [Define to one if you have Kerberos V])
50 + AH_TEMPLATE(SHISHI, [Define to 1 if you have Shishi])
51 AH_TEMPLATE(DES_ENCRYPTION, [FIXME])
53 if test "$KERBEROS_VERSION" = 4; then
54 @@ -275,6 +279,14 @@ if test "$enable_encryption" = yes -o "$
55 ;;
56 esac
57 fi
58 + fi
59 + if test "$with_shishi" = "yes"; then
60 + if test x$SHISHI_DIR != x; then
61 + LIBAUTH="$LIBAUTH -L$SHISHI_DIR/lib"
62 + INCAUTH="$INCAUTH -I$SHISHI_DIR/include "
63 + fi
64 + LIBAUTH="$LIBAUTH -lshishi"
65 + AC_DEFINE(SHISHI)
66 fi
67 fi
68 AC_SUBST(LIBAUTH)
69 Index: libtelnet/Makefile.am
70 ===================================================================
71 RCS file: /cvsroot/inetutils/inetutils/libtelnet/Makefile.am,v
72 retrieving revision 1.5
73 diff -u -p -r1.5 Makefile.am
74 --- libtelnet/Makefile.am 8 Apr 2002 14:02:39 -0000 1.5
75 +++ libtelnet/Makefile.am 9 Aug 2003 21:10:35 -0000
76 @@ -4,6 +4,6 @@ INCLUDES = -I$(top_builddir)/include @IN
78 noinst_LIBRARIES = libtelnet.a
80 -libtelnet_a_SOURCES = auth.c enc_des.c encrypt.c forward.c genget.c getent.c kerberos.c kerberos5.c misc.c read_passwd.c
81 +libtelnet_a_SOURCES = auth.c enc_des.c encrypt.c forward.c genget.c getent.c kerberos.c kerberos5.c misc.c read_passwd.c shishi.c
83 noinst_HEADERS = auth-proto.h auth.h enc-proto.h encrypt.h key-proto.h misc-proto.h misc.h
84 Index: libtelnet/auth-proto.h
85 ===================================================================
86 RCS file: /cvsroot/inetutils/inetutils/libtelnet/auth-proto.h,v
87 retrieving revision 1.3
88 diff -u -p -r1.3 auth-proto.h
89 --- libtelnet/auth-proto.h 6 Dec 2002 16:09:06 -0000 1.3
90 +++ libtelnet/auth-proto.h 9 Aug 2003 21:10:35 -0000
91 @@ -89,4 +89,14 @@ void kerberos5_reply P((TN_Authenticator
92 int kerberos5_status P((TN_Authenticator *, char *, int));
93 void kerberos5_printsub P((unsigned char *, int, unsigned char *, int));
94 #endif
95 +
96 +#ifdef SHISHI
97 +int krb5shishi_init P((TN_Authenticator *, int));
98 +int krb5shishi_send P((TN_Authenticator *));
99 +void krb5shishi_is P((TN_Authenticator *, unsigned char *, int));
100 +void krb5shishi_reply P((TN_Authenticator *, unsigned char *, int));
101 +int krb5shishi_status P((TN_Authenticator *, char *, int));
102 +void krb5shishi_printsub P((unsigned char *, int, unsigned char *, int));
103 +void krb5shishi_cleanup P((TN_Authenticator *));
104 +#endif
105 #endif
106 Index: libtelnet/auth.c
107 ===================================================================
108 RCS file: /cvsroot/inetutils/inetutils/libtelnet/auth.c,v
109 retrieving revision 1.6
110 diff -u -p -r1.6 auth.c
111 --- libtelnet/auth.c 6 Dec 2002 16:10:07 -0000 1.6
112 +++ libtelnet/auth.c 9 Aug 2003 21:10:35 -0000
113 @@ -126,6 +126,24 @@ TN_Authenticator authenticators[] = {
114 spx_status,
115 spx_printsub },
116 #endif
117 +#ifdef SHISHI
118 + { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
119 + krb5shishi_init,
120 + krb5shishi_send,
121 + krb5shishi_is,
122 + krb5shishi_reply,
123 + krb5shishi_status,
124 + krb5shishi_printsub,
125 + krb5shishi_cleanup },
126 + { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
127 + krb5shishi_init,
128 + krb5shishi_send,
129 + krb5shishi_is,
130 + krb5shishi_reply,
131 + krb5shishi_status,
132 + krb5shishi_printsub,
133 + krb5shishi_cleanup },
134 +#endif
135 #ifdef KRB5
136 # ifdef ENCRYPTION
137 { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
138 @@ -610,6 +628,8 @@ auth_finished(ap, result)
139 TN_Authenticator *ap;
140 int result;
141 {
142 + if (ap && ap->cleanup)
143 + (*ap->cleanup) (ap);
144 if (!(authenticated = ap))
145 authenticated = &NoAuth;
146 validuser = result;
147 Index: libtelnet/auth.h
148 ===================================================================
149 RCS file: /cvsroot/inetutils/inetutils/libtelnet/auth.h,v
150 retrieving revision 1.4
151 diff -u -p -r1.4 auth.h
152 --- libtelnet/auth.h 6 Dec 2002 16:09:06 -0000 1.4
153 +++ libtelnet/auth.h 9 Aug 2003 21:10:35 -0000
154 @@ -75,6 +75,7 @@ typedef struct XauthP {
155 void (*reply) P((struct XauthP *, unsigned char *, int));
156 int (*status) P((struct XauthP *, char *, int));
157 void (*printsub) P((unsigned char *, int, unsigned char *, int));
158 + void (*cleanup) P((struct XauthP *));
159 } TN_Authenticator;
161 #include "auth-proto.h"
162 Index: libtelnet/shishi.c
163 ===================================================================
164 RCS file: libtelnet/shishi.c
165 diff -N libtelnet/shishi.c
166 --- /dev/null 1 Jan 1970 00:00:00 -0000
167 +++ libtelnet/shishi.c 9 Aug 2003 21:10:35 -0000
168 @@ -0,0 +1,498 @@
169 +/* Copyright (C) 2002, 2003 Free Software Foundation, Inc.
170 +
171 +This file is part of GNU Inetutils.
172 +
173 +GNU Inetutils is free software; you can redistribute it and/or modify
174 +it under the terms of the GNU General Public License as published by
175 +the Free Software Foundation; either version 2, or (at your option)
176 +any later version.
177 +
178 +GNU Inetutils is distributed in the hope that it will be useful,
179 +but WITHOUT ANY WARRANTY; without even the implied warranty of
180 +MERCHANTABILITY or FITNESS FOR PARTICULAR PURPOSE. See the
181 +GNU General Public License for more details.
182 +
183 +You should have received a copy of the GNU General Public License
184 +along with GNU Inetutils; see the file COPYING. If not, write to
185 +the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
186 +Boston, MA 02111-1307, USA. */
187 +
188 +#ifdef HAVE_CONFIG_H
189 +#include <config.h>
190 +#endif
191 +
192 +#ifdef SHISHI
193 +#include <stdlib.h>
194 +#include <stdio.h>
195 +#include <arpa/telnet.h>
196 +#include <shishi.h>
197 +#include <assert.h>
198 +
199 +#include <netdb.h>
200 +#include <ctype.h>
201 +#include <syslog.h>
202 +#ifdef HAVE_STRING_H
203 +# include <string.h>
204 +#else
205 +# include <strings.h>
206 +#endif
207 +
208 +#include "auth.h"
209 +#include "misc.h"
210 +
211 +static unsigned char str_data[2048] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
212 + AUTHTYPE_KERBEROS_V5,
213 +};
214 +
215 +#define KRB_AUTH 0 /* Authentication data follows */
216 +#define KRB_REJECT 1 /* Rejected (reason might follow) */
217 +#define KRB_ACCEPT 2 /* Accepted */
218 +#define KRB_RESPONSE 3 /* Response for mutual auth. */
219 +
220 +Shishi *shishi_handle = 0;
221 +Shishi_ap *auth_handle;
222 +
223 +#define DEBUG(c) if (auth_debug_mode) printf c
224 +
225 +static int
226 +Data (TN_Authenticator * ap, int type, unsigned char *d, int c)
227 +{
228 + unsigned char *p = str_data + 4;
229 + unsigned char *cd = (unsigned char *) d;
230 +
231 + if (c == -1)
232 + c = strlen (cd);
233 +
234 + if (auth_debug_mode)
235 + {
236 + printf ("%s:%d: [%d] (%d)",
237 + str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
238 + str_data[3], type, c);
239 + printd (d, c);
240 + printf ("\r\n");
241 + }
242 +
243 + *p++ = ap->type;
244 + *p++ = ap->way;
245 + *p++ = type;
246 +
247 + while (c-- > 0)
248 + {
249 + if ((*p++ = *cd++) == IAC)
250 + *p++ = IAC;
251 + }
252 + *p++ = IAC;
253 + *p++ = SE;
254 + if (str_data[3] == TELQUAL_IS)
255 + printsub ('>', &str_data[2], p - &str_data[2]);
256 + return (net_write (str_data, p - str_data));
257 +}
258 +
259 +/* FIXME: Reverse return code! */
260 +int
261 +krb5shishi_init (TN_Authenticator * ap, int server)
262 +{
263 + if (server)
264 + {
265 + str_data[3] = TELQUAL_REPLY;
266 + if (!shishi_handle && shishi_init_server (&shishi_handle) != SHISHI_OK)
267 + return 0;
268 + }
269 + else
270 + {
271 + str_data[3] = TELQUAL_IS;
272 + if (!shishi_handle && shishi_init (&shishi_handle) != SHISHI_OK)
273 + return 0;
274 + }
275 +
276 + return 1;
277 +}
278 +
279 +void
280 +krb5shishi_cleanup (TN_Authenticator * ap)
281 +{
282 + if (shishi_handle == 0)
283 + return;
284 +
285 + shishi_done (shishi_handle);
286 + shishi_handle = 0;
287 +}
288 +
289 +int
290 +krb5shishi_send (TN_Authenticator * ap)
291 +{
292 + int ap_opts;
293 + char type_check[2];
294 + Shishi_tkt *tkt;
295 + Shishi_tkts_hint hint;
296 + int rc;
297 + char *tmp;
298 + char apreq[4096];
299 + int apreq_len;
300 +
301 + tmp = malloc (strlen ("host/") + strlen (RemoteHostName) + 1);
302 + sprintf (tmp, "host/%s", RemoteHostName);
303 + memset (&hint, 0, sizeof (hint));
304 + hint.server = tmp;
305 + hint.etype = SHISHI_DES_CBC_MD5;
306 + tkt = shishi_tkts_get (shishi_tkts_default (shishi_handle), &hint);
307 + free (tmp);
308 + if (!tkt)
309 + {
310 + DEBUG (("telnet: Kerberos V5: no shishi ticket for server\r\n"));
311 + return 0;
312 + }
313 +
314 + if (auth_debug_mode)
315 + shishi_tkt_pretty_print (tkt, stdout);
316 +
317 + if (!UserNameRequested)
318 + {
319 + DEBUG (("telnet: Kerberos V5: no user name supplied\r\n"));
320 + return 0;
321 + }
322 +
323 + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
324 + ap_opts = SHISHI_APOPTIONS_MUTUAL_REQUIRED;
325 + else
326 + ap_opts = 0;
327 +
328 + type_check[0] = ap->type;
329 + type_check[1] = ap->way;
330 +
331 + if (tkt)
332 + {
333 + rc = shishi_ap_tktoptionsdata (shishi_handle, &auth_handle, tkt,
334 + ap_opts, (char *) &type_check, 2);
335 + if (rc != SHISHI_OK)
336 + {
337 + DEBUG (("telnet: Kerberos V5: Could not make AP-REQ (%s)\r\n",
338 + shishi_strerror (rc)));
339 + return 0;
340 + }
341 +
342 + apreq_len = sizeof (apreq);
343 + rc = shishi_ap_req_der (auth_handle, apreq, &apreq_len);
344 + if (rc != SHISHI_OK)
345 + {
346 + DEBUG (("telnet: Kerberos V5: could not DER encode (%s)\r\n",
347 + shishi_strerror (rc)));
348 + return 0;
349 + }
350 +
351 + if (auth_debug_mode)
352 + {
353 + shishi_authenticator_print
354 + (shishi_handle, stdout, shishi_ap_authenticator (auth_handle));
355 + shishi_apreq_print (shishi_handle, stdout,
356 + shishi_ap_req (auth_handle));
357 + }
358 + }
359 +
360 + if (!auth_sendname (UserNameRequested, strlen (UserNameRequested)))
361 + {
362 + DEBUG (("telnet: Not enough room for user name\r\n"));
363 + return 0;
364 + }
365 +
366 + if (!Data (ap, KRB_AUTH, apreq, apreq_len))
367 + {
368 + DEBUG (("telnet: Not enough room for authentication data\r\n"));
369 + return 0;
370 + }
371 +
372 + DEBUG (("telnet: Sent Kerberos V5 credentials to server\r\n"));
373 +
374 + return 1;
375 +}
376 +
377 +void
378 +krb5shishi_reply (TN_Authenticator * ap, unsigned char *data, int cnt)
379 +{
380 + static int mutual_complete = 0;
381 +
382 + if (cnt-- < 1)
383 + return;
384 +
385 + switch (*data++)
386 + {
387 + case KRB_REJECT:
388 + if (cnt > 0)
389 + printf ("[ Kerberos V5 refuses authentication because %.*s ]\r\n",
390 + cnt, data);
391 + else
392 + printf ("[ Kerberos V5 refuses authentication ]\r\n");
393 + auth_send_retry ();
394 + return;
395 +
396 + case KRB_ACCEPT:
397 + if (!mutual_complete)
398 + {
399 + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
400 + {
401 + printf ("[ Kerberos V5 accepted you, "
402 + "but didn't provide mutual authentication! ]\r\n");
403 + auth_send_retry ();
404 + break;
405 + }
406 + }
407 +
408 + if (cnt)
409 + printf ("[ Kerberos V5 accepts you as ``%.*s''%s ]\r\n", cnt, data,
410 + mutual_complete ?
411 + " (server authenticated)" : " (server NOT authenticated)");
412 + else
413 + printf ("[ Kerberos V5 accepts you ]\r\n");
414 + auth_finished (ap, AUTH_USER);
415 + break;
416 +
417 + case KRB_RESPONSE:
418 + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL)
419 + {
420 + if (shishi_ap_rep_verify_der (auth_handle, data, cnt) != SHISHI_OK)
421 + {
422 + printf ("[ Mutual authentication failed ]\r\n");
423 + auth_send_retry ();
424 + break;
425 + }
426 +
427 + if (auth_debug_mode)
428 + {
429 + shishi_aprep_print (shishi_handle, stdout,
430 + shishi_ap_rep (auth_handle));
431 + shishi_encapreppart_print (shishi_handle, stdout,
432 + shishi_ap_encapreppart
433 + (auth_handle));
434 + }
435 +
436 + mutual_complete = 1;
437 + }
438 + break;
439 +
440 + default:
441 + DEBUG (("Unknown Kerberos option %d\r\n", data[-1]));
442 + }
443 +}
444 +
445 +int
446 +krb5shishi_status (TN_Authenticator * ap, char *name, int level)
447 +{
448 + char cname[BUFSIZ];
449 + int cnamelen;
450 + int rc;
451 +
452 + if (level < AUTH_USER)
453 + return level;
454 +
455 + cnamelen = sizeof (cname);
456 + rc = shishi_encticketpart_cname_get
457 + (shishi_handle, shishi_tkt_encticketpart (shishi_ap_tkt (auth_handle)),
458 + cname, &cnamelen);
459 +
460 + if (UserNameRequested && rc == SHISHI_OK &&
461 + cnamelen == strlen (UserNameRequested) &&
462 + memcmp (UserNameRequested, cname, cnamelen) == 0)
463 + {
464 + /* FIXME: Check buffer length */
465 + strcpy (name, UserNameRequested);
466 + return AUTH_VALID;
467 + }
468 +
469 + return AUTH_USER;
470 +}
471 +
472 +int
473 +krb5shishi_is_auth (TN_Authenticator * a, unsigned char *data, int cnt,
474 + char *errbuf, int errbuflen)
475 +{
476 + Shishi_key *key, *key2;
477 + int rc;
478 + char cnamerealm[BUFSIZ];
479 + int cnamerealmlen;
480 +
481 + rc = shishi_ap (shishi_handle, &auth_handle);
482 + if (rc != SHISHI_OK)
483 + {
484 + snprintf (errbuf, errbuflen,
485 + "Cannot allocate authentication structures: %s",
486 + shishi_strerror (rc));
487 + return 1;
488 + }
489 +
490 + rc = shishi_ap_req_der_set (auth_handle, data, cnt);
491 + if (rc != SHISHI_OK)
492 + {
493 + snprintf (errbuf, errbuflen,
494 + "Cannot parse authentication information: %s",
495 + shishi_strerror (rc));
496 + return 1;
497 + }
498 +
499 + key = shishi_hostkeys_for_localservice (shishi_handle, "host");
500 + if (key == NULL)
501 + {
502 + snprintf (errbuf, errbuflen, "Could not find key:\n%s\n",
503 + shishi_strerror_details (shishi_handle));
504 + return 1;
505 + }
506 +
507 + rc = shishi_ap_req_process (auth_handle, key);
508 + if (rc != SHISHI_OK)
509 + {
510 + snprintf (errbuf, errbuflen, "Could not process AP-REQ: %s\n",
511 + shishi_strerror (rc));
512 + return 1;
513 + }
514 +
515 + if (shishi_apreq_mutual_required_p
516 + (shishi_handle, shishi_ap_req (auth_handle)))
517 + {
518 + Shishi_asn1 aprep;
519 + char der[BUFSIZ];
520 + int derlen = BUFSIZ;;
521 +
522 + rc = shishi_ap_rep_asn1 (auth_handle, &aprep);
523 + if (rc != SHISHI_OK)
524 + {
525 + snprintf (errbuf, errbuflen, "Error creating AP-REP: %s\n",
526 + shishi_strerror (rc));
527 + return 1;
528 + }
529 +
530 + rc = shishi_a2d (shishi_handle, aprep, der, &derlen);
531 + if (rc != SHISHI_OK)
532 + {
533 + snprintf (errbuf, errbuflen, "Error der encoding aprep: %s\n",
534 + shishi_strerror (rc));
535 + return 1;
536 + }
537 +
538 + Data (a, KRB_RESPONSE, der, derlen);
539 + }
540 +
541 + cnamerealmlen = sizeof (cnamerealm);
542 + rc = shishi_encticketpart_cnamerealm_get
543 + (shishi_handle, shishi_tkt_encticketpart (shishi_ap_tkt (auth_handle)),
544 + cnamerealm, &cnamerealmlen);
545 + if (rc != SHISHI_OK)
546 + {
547 + snprintf (errbuf, errbuflen, "Error getting authenticator name: %s\n",
548 + shishi_strerror (rc));
549 + return 1;
550 + }
551 + cnamerealm[cnamerealmlen] = '\0';
552 +
553 + Data (a, KRB_ACCEPT, cnamerealm, cnamerealm ? -1 : 0);
554 + DEBUG (("telnetd: Kerberos5 identifies him as ``%s''\r\n",
555 + cnamerealm ? cnamerealm : ""));
556 + auth_finished (a, AUTH_USER);
557 +
558 + return 0;
559 +}
560 +
561 +void
562 +krb5shishi_is (TN_Authenticator * ap, unsigned char *data, int cnt)
563 +{
564 + int r = 0;
565 + char errbuf[512];
566 +
567 + puts ("krb5shishi_is");
568 +
569 + if (cnt-- < 1)
570 + return;
571 + errbuf[0] = 0;
572 + switch (*data++)
573 + {
574 + case KRB_AUTH:
575 + r = krb5shishi_is_auth (ap, data, cnt, errbuf, sizeof errbuf);
576 + break;
577 +
578 + default:
579 + DEBUG (("Unknown Kerberos option %d\r\n", data[-1]));
580 + Data (ap, KRB_REJECT, 0, 0);
581 + break;
582 + }
583 +
584 + if (r)
585 + {
586 + if (!errbuf[0])
587 + snprintf (errbuf, sizeof errbuf, "kerberos_is: error");
588 + Data (ap, KRB_REJECT, errbuf, -1);
589 + DEBUG (("%s\r\n", errbuf));
590 + syslog (LOG_ERR, "%s", errbuf);
591 + }
592 +}
593 +
594 +static char *
595 +req_type_str (int type)
596 +{
597 + switch (type)
598 + {
599 + case KRB_REJECT:
600 + return "REJECT";
601 +
602 + case KRB_ACCEPT:
603 + return "ACCEPT";
604 +
605 + case KRB_AUTH:
606 + return "AUTH";
607 +
608 + case KRB_RESPONSE:
609 + return "RESPONSE";
610 +
611 + }
612 + return NULL;
613 +}
614 +
615 +#define ADDC(p,l,c) if ((l) > 0) {*(p)++ = (c); --(l);}
616 +
617 +void
618 +krb5shishi_printsub (unsigned char *data, int cnt,
619 + unsigned char *buf, int buflen)
620 +{
621 + char *p;
622 + int i;
623 +
624 + puts ("krb5shishi_printsub");
625 +
626 + buf[buflen - 1] = '\0'; /* make sure its NULL terminated */
627 + buflen -= 1;
628 +
629 + p = req_type_str (data[3]);
630 + if (!p)
631 + {
632 + int l = snprintf (buf, buflen, " %d (unknown)", data[3]);
633 + buf += l;
634 + buflen -= l;
635 + }
636 + else
637 + {
638 + while (buflen > 0 && (*buf++ = *p++) != 0)
639 + buflen--;
640 + }
641 +
642 + switch (data[3])
643 + {
644 + case KRB_REJECT: /* Rejected (reason might follow) */
645 + case KRB_ACCEPT: /* Accepted (username might follow) */
646 + if (cnt <= 4)
647 + break;
648 + ADDC (buf, buflen, '"');
649 + for (i = 4; i < cnt; i++)
650 + ADDC (buf, buflen, data[i]);
651 + ADDC (buf, buflen, '"');
652 + ADDC (buf, buflen, '\0');
653 + break;
654 +
655 + case KRB_AUTH:
656 + case KRB_RESPONSE:
657 + for (i = 4; buflen > 0 && i < cnt; i++)
658 + {
659 + int l = snprintf (buf, buflen, " %d", data[i]);
660 + buf += l;
661 + buflen -= l;
662 + }
663 + }
664 +}
665 +
666 +#endif /* SHISHI */