Return to BSD News archive
Newsgroups: comp.unix.bsd.freebsd.misc
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!nntp.coast.net!oleane!jussieu.fr!math.ohio-state.edu!uwm.edu!spool.mu.edu!usenet.eel.ufl.edu!psgrain!quack!quack.kfu.com!nsayer
From: nsayer@quack.kfu.com (Nick Sayer)
Subject: Re: 2.2-960801-SNAP telnet/telnetd SRA patches
Message-ID: <nyt1dK2@quack.kfu.com>
Sender: news@quack.kfu.com (0000-News(0000))
Organization: The Duck Pond public unix, +1 408 249 9630, log in as guest.
References: <nyq21XO@quack.kfu.com>
Date: Tue, 3 Sep 1996 21:40:15 UTC
Lines: 931
That's what I get for hacking in the middle of the night.
This whole exercise turned out to be much simpler than I
gave it credit for.
I originally ftp'd this code from Germany. Don't ask me how it works.
Don't ask me whether to trust it or not. My security needs are
relatively low key (avoiding pimple-headed larval stage hackers
who just learned about etherfind). It _IS_ vulnerable to
monkey-in-the-middle, but in my case the cost:benefit of attempting
to be the monkey is very, very high (the fix for MiM is some shared
information on both sides of the link -- the precise thing I am trying
to avoid having to deal with).
Here's the final result:
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# README
# pk.c
# pk.h
# sra.c
# telnet.patch
#
echo x - README
sed 's/^X//' >README << 'END-of-README'
XEnclosed is the SRA add-on to telnet for FreeBSD 2.2.
X
XStep 1. Place sra.c, pk.c and pk.h in /usr/src/secure/lib/libtelnet
X
XStep 2. Apply telnet.patch to /usr/src.
X
XStep 3. Copy /usr/src/include/arpa/telnet.h to /usr/include/arpa
X
XStep 4. rebuild libtelnet, telnetd and telnet
X
END-of-README
echo x - pk.c
sed 's/^X//' >pk.c << 'END-of-pk.c'
X/* public key routines */
X/* functions:
X genkeys(char *public, char *secret)
X common_key(char *secret, char *public, desData *deskey)
X pk_encode(char *in, *out, DesData *deskey);
X pk_decode(char *in, *out, DesData *deskey);
X where
X char public[HEXKEYBYTES + 1];
X char secret[HEXKEYBYTES + 1];
X */
X
X#include <stdio.h>
X#include <sys/time.h>
X#include <string.h>
X#include "mp.h"
X#include "pk.h"
X#if defined(SOLARIS2) || defined(LINUX)
X#include <stdlib.h>
X#endif
X
X/*
X * Choose middle 64 bits of the common key to use as our des key, possibly
X * overwriting the lower order bits by setting parity.
X */
Xstatic
Xextractdeskey(ck, deskey)
X MINT *ck;
X DesData *deskey;
X{
X MINT *a;
X MINT *z;
X short r;
X int i;
X short base = (1 << 8);
X char *k;
X
X z = itom(0);
X a = itom(0);
X madd(ck, z, a);
X for (i = 0; i < ((KEYSIZE - 64) / 2) / 8; i++) {
X sdiv(a, base, a, &r);
X }
X k = (char *)deskey;
X for (i = 0; i < 8; i++) {
X sdiv(a, base, a, &r);
X *k++ = r;
X }
X mfree(z);
X mfree(a);
X}
X
X/*
X * get common key from my secret key and his public key
X */
Xvoid common_key(char *xsecret, char *xpublic, DesData *deskey)
X{
X MINT *public;
X MINT *secret;
X MINT *common;
X MINT *modulus = xtom(HEXMODULUS);
X
X public = xtom(xpublic);
X secret = xtom(xsecret);
X common = itom(0);
X pow(public, secret, modulus, common);
X extractdeskey(common, deskey);
X#if DES_OSTHOLM
X des_fixup_key_parity(deskey);
X#else
X des_set_odd_parity(deskey);
X#endif
X mfree(common);
X mfree(secret);
X mfree(public);
X mfree(modulus);
X}
X
X
X/*
X * Generate a seed
X */
Xvoid getseed(seed, seedsize)
X char *seed;
X int seedsize;
X{
X int i;
X int rseed;
X struct timeval tv;
X
X (void)gettimeofday(&tv, (struct timezone *)NULL);
X rseed = tv.tv_sec + tv.tv_usec;
X for (i = 0; i < 8; i++) {
X rseed ^= (rseed << 8);
X }
X srand48((long)rseed);
X
X for (i = 0; i < seedsize; i++) {
X seed[i] = (lrand48() & 0xff);
X }
X}
X
X
X/*
X * Generate a random public/secret key pair
X */
Xvoid genkeys(public, secret)
X char *public;
X char *secret;
X{
X int i;
X
X# define BASEBITS (8*sizeof(short) - 1)
X# define BASE (1 << BASEBITS)
X
X MINT *pk = itom(0);
X MINT *sk = itom(0);
X MINT *tmp;
X MINT *base = itom(BASE);
X MINT *root = itom(PROOT);
X MINT *modulus = xtom(HEXMODULUS);
X short r;
X unsigned short seed[KEYSIZE/BASEBITS + 1];
X char *xkey;
X
X getseed((char *)seed, sizeof(seed));
X for (i = 0; i < KEYSIZE/BASEBITS + 1; i++) {
X r = seed[i] % BASE;
X tmp = itom(r);
X mult(sk, base, sk);
X madd(sk, tmp, sk);
X mfree(tmp);
X }
X tmp = itom(0);
X mdiv(sk, modulus, tmp, sk);
X mfree(tmp);
X pow(root, sk, modulus, pk);
X xkey = mtox(sk);
X adjust(secret, xkey);
X xkey = mtox(pk);
X adjust(public, xkey);
X mfree(sk);
X mfree(base);
X mfree(pk);
X mfree(root);
X mfree(modulus);
X}
X
X/*
X * Adjust the input key so that it is 0-filled on the left
X */
Xadjust(keyout, keyin)
X char keyout[HEXKEYBYTES+1];
X char *keyin;
X{
X char *p;
X char *s;
X
X for (p = keyin; *p; p++)
X ;
X for (s = keyout + HEXKEYBYTES; p >= keyin; p--, s--) {
X *s = *p;
X }
X while (s >= keyout) {
X *s-- = '0';
X }
X}
X
Xstatic char hextab[17] = "0123456789ABCDEF";
X
X/* given a DES key, cbc encrypt and translate input to terminated hex */
Xvoid pk_encode(in, out, key)
Xchar *in,*out;
XDesData *key;
X{
X char buf[256];
X DesData i;
X DesKeys k;
X int l,op,deslen;
X
X memset(&i,0,sizeof(i));
X memset(buf,0,sizeof(buf));
X deslen = ((strlen(in) + 7)/8)*8;
X des_key_sched(key,&k);
X des_cbc_encrypt(in,buf,deslen,&k,&i,DES_ENCRYPT);
X for (l=0,op=0;l<deslen;l++) {
X out[op++] = hextab[(buf[l] & 0xf0) >> 4];
X out[op++] = hextab[(buf[l] & 0x0f)];
X }
X out[op] = '\0';
X}
X
X/* given a DES key, translate input from hex and decrypt */
Xvoid pk_decode(in, out, key)
Xchar *in,*out;
XDesData *key;
X{
X char buf[256];
X DesData i;
X DesKeys k;
X int l,n1,n2,op;
X
X memset(&i,0,sizeof(i));
X memset(buf,0,sizeof(buf));
X for (l=0,op=0;l<strlen(in)/2;l++,op+=2) {
X if(in[op] == '0' && in[op+1] == '0') {
X buf[l] = '\0';
X break;
X }
X if (in[op] > '9')
X n1 = in[op] - 'A' + 10;
X else
X n1 = in[op] - '0';
X if (in[op+1] > '9')
X n2 = in[op+1] - 'A' + 10;
X else
X n2 = in[op+1] - '0';
X buf[l] = n1*16 +n2;
X }
X des_key_sched(key,&k);
X des_cbc_encrypt(buf,out,strlen(in)/2,&k,&i,DES_DECRYPT);
X out[strlen(in)/2] = '\0';
X}
END-of-pk.c
echo x - pk.h
sed 's/^X//' >pk.h << 'END-of-pk.h'
X/* header for the des routines that we will use */
X
Xtypedef unsigned char byte, DesData[ 8];
Xtypedef unsigned long word, DesKeys[32];
X
X#define DES_DECRYPT 0
X#define DES_ENCRYPT 1
X
Xextern void des_fixup_key_parity(); /* (DesData *key) */
Xextern int des_key_sched(); /* (DesData *key, DesKeys *m) */
Xextern int des_ecb_encrypt(); /* (DesData *src, *dst, DesKeys *m, int mode) */
Xextern int des_cbc_encrypt(); /* (char *src, *dst, int length,
X DesKeys *m, DesData *init, int mode) */
X
X/* public key routines */
X/* functions:
X genkeys(char *public, char *secret)
X common_key(char *secret, char *public, desData *deskey)
X where
X char public[HEXKEYBYTES + 1];
X char secret[HEXKEYBYTES + 1];
X */
X
X#define HEXMODULUS "d4a0ba0250b6fd2ec626e7efd637df76c716e22d0944b88b"
X#define HEXKEYBYTES 48
X#define KEYSIZE 192
X#define KEYBYTES 24
X#define PROOT 3
X
Xextern void genkeys(char *public, char *secret);
Xextern void common_key(char *secret, char *public, DesData *deskey);
Xextern void pk_encode(char *in, char *out, DesData *deskey);
Xextern void pk_decode(char *in, char *out, DesData *deskey);
X
END-of-pk.h
echo x - sra.c
sed 's/^X//' >sra.c << 'END-of-sra.c'
X#ifdef SRA
X#include <sys/types.h>
X#include <arpa/telnet.h>
X#include <stdio.h>
X#ifdef __STDC__
X#include <stdlib.h>
X#endif
X#ifdef NO_STRING_H
X#include <strings.h>
X#else
X#include <string.h>
X#endif
X
X#include "auth.h"
X#include "misc.h"
X#include "encrypt.h"
X#include "pk.h"
X
Xchar pka[HEXKEYBYTES+1], ska[HEXKEYBYTES+1], pkb[HEXKEYBYTES+1];
Xchar *user,*pass,*xuser,*xpass;
XDesData ck;
X
Xextern int auth_debug_mode;
Xstatic sra_valid = 0;
Xstatic passwd_sent = 0;
X
Xstatic unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
X AUTHTYPE_SRA, };
X
X#define SRA_KEY 0
X#define SRA_USER 1
X#define SRA_CONTINUE 2
X#define SRA_PASS 3
X#define SRA_ACCEPT 4
X#define SRA_REJECT 5
X
X/* support routine to send out authentication message */
Xstatic int Data(ap, type, d, c)
XAuthenticator *ap;
Xint type;
Xvoid *d;
Xint c;
X{
X unsigned char *p = str_data + 4;
X unsigned char *cd = (unsigned char *)d;
X
X if (c == -1)
X c = strlen((char *)cd);
X
X if (auth_debug_mode) {
X printf("%s:%d: [%d] (%d)",
X str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
X str_data[3],
X type, c);
X printd(d, c);
X printf("\r\n");
X }
X *p++ = ap->type;
X *p++ = ap->way;
X *p++ = type;
X while (c-- > 0) {
X if ((*p++ = *cd++) == IAC)
X *p++ = IAC;
X }
X *p++ = IAC;
X *p++ = SE;
X if (str_data[3] == TELQUAL_IS)
X printsub('>', &str_data[2], p - (&str_data[2]));
X return(net_write(str_data, p - str_data));
X}
X
Xint sra_init(ap, server)
XAuthenticator *ap;
Xint server;
X{
X if (server)
X str_data[3] = TELQUAL_REPLY;
X else
X str_data[3] = TELQUAL_IS;
X
X user = (char *)malloc(256);
X xuser = (char *)malloc(512);
X pass = (char *)malloc(256);
X xpass = (char *)malloc(512);
X passwd_sent = 0;
X
X genkeys(pka,ska);
X return(1);
X}
X
X/* client received a go-ahead for sra */
Xint sra_send(ap)
XAuthenticator *ap;
X{
X /* send PKA */
X
X if (auth_debug_mode)
X printf("Sent PKA to server.\r\n" );
X printf("Trying SRA secure login:\r\n");
X if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) {
X if (auth_debug_mode)
X printf("Not enough room for authentication data\r\n");
X return(0);
X }
X
X return(1);
X}
X
X/* server received an IS -- could be SRA KEY, USER, or PASS */
Xvoid sra_is(ap, data, cnt)
XAuthenticator *ap;
Xunsigned char *data;
Xint cnt;
X{
X int valid;
X Session_Key skey;
X
X if (cnt-- < 1)
X return;
X switch (*data++) {
X
X case SRA_KEY:
X if (cnt < HEXKEYBYTES) {
X Data(ap, SRA_REJECT, (void *)0, 0);
X auth_finished(ap, AUTH_USER);
X if (auth_debug_mode) {
X printf("SRA user rejected for bad PKB\r\n");
X }
X return;
X }
X if (auth_debug_mode)
X printf("Sent pka\r\n");
X if (!Data(ap, SRA_KEY, (void *)pka, HEXKEYBYTES)) {
X if (auth_debug_mode)
X printf("Not enough room\r\n");
X return;
X }
X memcpy(pkb,data,HEXKEYBYTES);
X pkb[HEXKEYBYTES] = '\0';
X common_key(ska,pkb,&ck);
X break;
X
X case SRA_USER:
X /* decode KAB(u) */
X memcpy(xuser,data,cnt);
X xuser[cnt] = '\0';
X pk_decode(xuser,user,&ck);
X auth_encrypt_user(user);
X Data(ap, SRA_CONTINUE, (void *)0, 0);
X
X break;
X
X case SRA_PASS:
X /* decode KAB(P) */
X memcpy(xpass,data,cnt);
X xpass[cnt] = '\0';
X pk_decode(xpass,pass,&ck);
X
X /* check user's password */
X valid = check_user(user,pass);
X
X if(valid) {
X Data(ap, SRA_ACCEPT, (void *)0, 0);
X#ifdef DES_ENCRYPTION
X skey.type = SK_DES;
X skey.length = 8;
X skey.data = ck;
X encrypt_session_key(&skey, 1);
X#endif
X
X sra_valid = 1;
X auth_finished(ap, AUTH_VALID);
X if (auth_debug_mode) {
X printf("SRA user accepted\r\n");
X }
X }
X else {
X Data(ap, SRA_CONTINUE, (void *)0, 0);
X/*
X Data(ap, SRA_REJECT, (void *)0, 0);
X sra_valid = 0;
X auth_finished(ap, AUTH_REJECT);
X*/
X if (auth_debug_mode) {
X printf("SRA user failed\r\n");
X }
X }
X break;
X
X default:
X if (auth_debug_mode)
X printf("Unknown SRA option %d\r\n", data[-1]);
X Data(ap, SRA_REJECT, 0, 0);
X sra_valid = 0;
X auth_finished(ap, AUTH_REJECT);
X break;
X }
X}
X
Xextern char *getpass();
X
X/* client received REPLY -- could be SRA KEY, CONTINUE, ACCEPT, or REJECT */
Xvoid sra_reply(ap, data, cnt)
XAuthenticator *ap;
Xunsigned char *data;
Xint cnt;
X{
X extern char *telnet_gets();
X char uprompt[256],tuser[256];
X Session_Key skey;
X int i;
X
X if (cnt-- < 1)
X return;
X switch (*data++) {
X
X case SRA_KEY:
X /* calculate common key */
X if (cnt < HEXKEYBYTES) {
X if (auth_debug_mode) {
X printf("SRA user rejected for bad PKB\r\n");
X }
X return;
X }
X memcpy(pkb,data,HEXKEYBYTES);
X pkb[HEXKEYBYTES] = '\0';
X
X common_key(ska,pkb,&ck);
X
X enc_user:
X
X /* encode user */
X memset(tuser,0,sizeof(tuser));
X sprintf(uprompt,"User (%s): ",UserNameRequested);
X telnet_gets(uprompt,tuser,255,1);
X if (tuser[0] == '\n' || tuser[0] == '\r' )
X strcpy(user,UserNameRequested);
X else {
X /* telnet_gets leaves the newline on */
X for(i=0;i<sizeof(tuser);i++) {
X if (tuser[i] == '\n') {
X tuser[i] = '\0';
X break;
X }
X }
X strcpy(user,tuser);
X }
X pk_encode(user,xuser,&ck);
X
X /* send it off */
X if (auth_debug_mode)
X printf("Sent KAB(U)\r\n");
X if (!Data(ap, SRA_USER, (void *)xuser, strlen(xuser))) {
X if (auth_debug_mode)
X printf("Not enough room\r\n");
X return;
X }
X break;
X
X case SRA_CONTINUE:
X if (passwd_sent) {
X passwd_sent = 0;
X printf("[ SRA login failed ]\r\n");
X goto enc_user;
X }
X /* encode password */
X memset(pass,0,sizeof(pass));
X telnet_gets("Password: ",pass,255,0);
X pk_encode(pass,xpass,&ck);
X /* send it off */
X if (auth_debug_mode)
X printf("Sent KAB(P)\r\n");
X if (!Data(ap, SRA_PASS, (void *)xpass, strlen(xpass))) {
X if (auth_debug_mode)
X printf("Not enough room\r\n");
X return;
X }
X passwd_sent = 1;
X break;
X
X case SRA_REJECT:
X printf("[ SRA refuses authentication ]\r\n");
X printf("Trying plaintext login:\r\n");
X auth_finished(0,AUTH_REJECT);
X return;
X
X case SRA_ACCEPT:
X printf("[ SRA accepts you ]\r\n");
X#if defined(DES_ENCRYPTION)
X skey.type = SK_DES;
X skey.length = 8;
X skey.data = ck;
X encrypt_session_key(&skey, 0);
X#endif
X
X auth_finished(ap, AUTH_VALID);
X return;
X default:
X if (auth_debug_mode)
X printf("Unknown SRA option %d\r\n", data[-1]);
X return;
X }
X}
X
Xint sra_status(ap, name, level)
XAuthenticator *ap;
Xchar *name;
Xint level;
X{
X if (level < AUTH_USER)
X return(level);
X if (UserNameRequested && sra_valid) {
X strcpy(name, UserNameRequested);
X return(AUTH_VALID);
X } else
X return(AUTH_USER);
X}
X
X#define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
X#define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
X
Xvoid sra_printsub(data, cnt, buf, buflen)
Xunsigned char *data, *buf;
Xint cnt, buflen;
X{
X char lbuf[32];
X register int i;
X
X buf[buflen-1] = '\0'; /* make sure its NULL terminated */
X buflen -= 1;
X
X switch(data[3]) {
X
X case SRA_CONTINUE:
X strncpy((char *)buf, " CONTINUE ", buflen);
X goto common;
X
X case SRA_REJECT: /* Rejected (reason might follow) */
X strncpy((char *)buf, " REJECT ", buflen);
X goto common;
X
X case SRA_ACCEPT: /* Accepted (name might follow) */
X strncpy((char *)buf, " ACCEPT ", buflen);
X
X common:
X BUMP(buf, buflen);
X if (cnt <= 4)
X break;
X ADDC(buf, buflen, '"');
X for (i = 4; i < cnt; i++)
X ADDC(buf, buflen, data[i]);
X ADDC(buf, buflen, '"');
X ADDC(buf, buflen, '\0');
X break;
X
X case SRA_KEY: /* Authentication data follows */
X strncpy((char *)buf, " KEY ", buflen);
X goto common2;
X
X case SRA_USER:
X strncpy((char *)buf, " USER ", buflen);
X goto common2;
X
X case SRA_PASS:
X strncpy((char *)buf, " PASS ", buflen);
X goto common2;
X
X default:
X sprintf(lbuf, " %d (unknown)", data[3]);
X strncpy((char *)buf, lbuf, buflen);
X common2:
X BUMP(buf, buflen);
X for (i = 4; i < cnt; i++) {
X sprintf(lbuf, " %d", data[i]);
X strncpy((char *)buf, lbuf, buflen);
X BUMP(buf, buflen);
X }
X break;
X }
X}
X
Xstruct passwd *pw;
X
X/*
X * Helper function for sgetpwnam().
X */
Xchar *
Xsgetsave(s)
X char *s;
X{
X char *new = malloc((unsigned) strlen(s) + 1);
X
X if (new == NULL) {
X return(NULL);
X }
X (void) strcpy(new, s);
X return (new);
X}
X
X#include <pwd.h>
X#include <syslog.h>
X#ifdef USE_SHADOW
X#include <shadow.h>
X#endif
X
X
Xstruct passwd *
Xsgetpwnam(name)
X char *name;
X{
X static struct passwd save;
X register struct passwd *p;
X char *sgetsave();
X
X if ((p = getpwnam(name)) == NULL)
X return (p);
X if (save.pw_name) {
X free(save.pw_name);
X free(save.pw_passwd);
X free(save.pw_gecos);
X free(save.pw_dir);
X free(save.pw_shell);
X }
X save = *p;
X save.pw_name = sgetsave(p->pw_name);
X save.pw_passwd = sgetsave(p->pw_passwd);
X save.pw_gecos = sgetsave(p->pw_gecos);
X save.pw_dir = sgetsave(p->pw_dir);
X save.pw_shell = sgetsave(p->pw_shell);
X#if 0
Xsyslog(LOG_WARNING,"%s\n",save.pw_name);
Xsyslog(LOG_WARNING,"%s\n",save.pw_passwd);
Xsyslog(LOG_WARNING,"%s\n",save.pw_gecos);
Xsyslog(LOG_WARNING,"%s\n",save.pw_dir);
X#endif
X#ifdef USE_SHADOW
X {
X struct spwd *sp;
X sp = getspnam(name);
X free(save.pw_passwd);
X save.pw_passwd = sgetsave(sp->sp_pwdp);
X }
X#endif
X return (&save);
X}
X
Xchar *crypt();
X
Xint check_user(name, pass)
Xchar *name;
Xchar *pass;
X{
X register char *cp;
X char *xpasswd, *salt;
X
X if (pw = sgetpwnam(name)) {
X if (pw->pw_shell == NULL) {
X pw = (struct passwd *) NULL;
X return(0);
X }
X
X salt = pw->pw_passwd;
X xpasswd = crypt(pass, salt);
X /* The strcmp does not catch null passwords! */
X if (pw == NULL || *pw->pw_passwd == '\0' ||
X strcmp(xpasswd, pw->pw_passwd)) {
X pw = (struct passwd *) NULL;
X return(0);
X }
X return(1);
X }
X return(0);
X}
X
X
X#endif
X
END-of-sra.c
echo x - telnet.patch
sed 's/^X//' >telnet.patch << 'END-of-telnet.patch'
X*** old/telnet.h Tue Sep 3 14:16:31 1996
X--- include/arpa/telnet.h Tue Sep 3 02:06:05 1996
X***************
X*** 263,274 ****
X #define AUTHTYPE_SPX 3
X #define AUTHTYPE_MINK 4
X #define AUTHTYPE_CNT 5
X
X #define AUTHTYPE_TEST 99
X
X #ifdef AUTH_NAMES
X char *authtype_names[] = {
X! "NULL", "KERBEROS_V4", "KERBEROS_V5", "SPX", "MINK", 0,
X };
X #else
X extern char *authtype_names[];
X--- 263,275 ----
X #define AUTHTYPE_SPX 3
X #define AUTHTYPE_MINK 4
X #define AUTHTYPE_CNT 5
X+ #define AUTHTYPE_SRA 6
X
X #define AUTHTYPE_TEST 99
X
X #ifdef AUTH_NAMES
X char *authtype_names[] = {
X! "NULL", "KERBEROS_V4", "KERBEROS_V5", "SPX", "MINK", "CNT", "SRA", 0,
X };
X #else
X extern char *authtype_names[];
X*** old/auth.c Thu Jul 20 04:39:17 1995
X--- secure/lib/libtelnet/auth.c Tue Sep 3 00:59:47 1996
X***************
X*** 96,101 ****
X--- 96,110 ----
X extern rsaencpwd_printsub();
X #endif
X
X+ #ifdef SRA
X+ extern sra_init();
X+ extern sra_send();
X+ extern sra_is();
X+ extern sra_reply();
X+ extern sra_status();
X+ extern sra_printsub();
X+ #endif
X+
X int auth_debug_mode = 0;
X static char *Name = "Noname";
X static int Server = 0;
X***************
X*** 111,116 ****
X--- 120,134 ----
X * in priority order, i.e. try the first one first.
X */
X Authenticator authenticators[] = {
X+ #ifdef SRA
X+ { AUTHTYPE_SRA, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
X+ sra_init,
X+ sra_send,
X+ sra_is,
X+ sra_reply,
X+ sra_status,
X+ sra_printsub },
X+ #endif
X #ifdef SPX
X { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
X spx_init,
X*** old/encrypt.c Thu Jul 20 04:39:19 1995
X--- secure/lib/libtelnet/encrypt.c Tue Sep 3 14:12:31 1996
X***************
X*** 82,90 ****
X int encrypt_debug_mode = 0;
X static int decrypt_mode = 0;
X static int encrypt_mode = 0;
X! static int encrypt_verbose = 0;
X! static int autoencrypt = 0;
X! static int autodecrypt = 0;
X static int havesessionkey = 0;
X static int Server = 0;
X static char *Name = "Noname";
X--- 82,90 ----
X int encrypt_debug_mode = 0;
X static int decrypt_mode = 0;
X static int encrypt_mode = 0;
X! static int encrypt_verbose = 1;
X! static int autoencrypt = 1;
X! static int autodecrypt = 1;
X static int havesessionkey = 0;
X static int Server = 0;
X static char *Name = "Noname";
X*** old/libtelnet/Makefile Mon Mar 11 08:17:17 1996
X--- secure/lib/libtelnet/Makefile Tue Sep 3 13:52:40 1996
X***************
X*** 13,18 ****
X--- 13,23 ----
X DPADD+= ${LIBDES} ${LIBKRB}
X .endif
X
X+ # SRA authentication
X+ CFLAGS+= -DDES_ENCRYPTION -DAUTHENTICATION -DSRA
X+ SRCS+= auth.c enc_des.c sra.c pk.c
X+ LDADD+= -ldescrypt -lmp
X+
X # Not Yet
X #SRCS += spx.c rsaencpwd.c read_password.c
X
X*** old/telnet/Makefile Wed Jun 5 15:48:03 1996
X--- secure/usr.bin/telnet/Makefile Tue Sep 3 13:55:12 1996
X***************
X*** 44,49 ****
X--- 44,53 ----
X LDADD+= -L${TELNETOBJDIR} -ltermcap -ltelnet
X DPADD+= ${TELNETOBJDIR}/libtelnet.a ${LIBTERMCAP}
X
X+ # SRA authentication
X+ CFLAGS+=-DAUTHENTICATION
X+ LDADD+= -ldes -lmp
X+
X .if exists(${DESTDIR}/usr/lib/libkrb.a) && (defined(MAKE_EBONES))
X CFLAGS+=-DAUTHENTICATION -DKRB4
X LDADD+= -ldes -lkrb
X*** old/telnetd/Makefile Mon Mar 11 08:17:53 1996
X--- secure/libexec/telnetd/Makefile Tue Sep 3 13:53:49 1996
X***************
X*** 16,21 ****
X--- 16,25 ----
X CFLAGS+= -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON -DENV_HACK
X CFLAGS+= -DENCRYPTION -I${.CURDIR}/../../lib
X
X+ # SRA authentication
X+ CFLAGS+=-DAUTHENTICATION
X+ LDADD+= -ldes -ldescrypt -lmp
X+
X .if exists(${DESTDIR}/usr/lib/libkrb.a) && (defined(MAKE_EBONES))
X CFLAGS+=-DAUTHENTICATION
X LDADD+= -ldes -lkrb
END-of-telnet.patch
exit
--
Nick Sayer <nsayer@quack.kfu.com> |
N6QQQ @ N0ARY.#NORCAL.CA.USA.NOAM | "Love is a many-splintered thing."
+1 408 249 9630, log in as 'guest' | -- Pepe Le Pew
URL: http://www.kfu.com/~nsayer/ |