diff options
| -rw-r--r-- | lib/libtelnet/auth.c | 5 | ||||
| -rw-r--r-- | lib/libtelnet/enc-proto.h | 3 | ||||
| -rw-r--r-- | lib/libtelnet/encrypt.c | 14 | ||||
| -rw-r--r-- | usr.bin/telnet/authenc.c | 15 | ||||
| -rw-r--r-- | usr.bin/telnet/externs.h | 5 | ||||
| -rw-r--r-- | usr.bin/telnet/main.c | 10 | ||||
| -rw-r--r-- | usr.bin/telnet/sys_bsd.c | 9 | ||||
| -rw-r--r-- | usr.bin/telnet/telnet.1 | 7 | ||||
| -rw-r--r-- | usr.bin/telnet/telnet.c | 74 |
9 files changed, 126 insertions, 16 deletions
diff --git a/lib/libtelnet/auth.c b/lib/libtelnet/auth.c index cdeb1b3e484..ad22cdcd93d 100644 --- a/lib/libtelnet/auth.c +++ b/lib/libtelnet/auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.4 2001/05/25 10:23:05 hin Exp $ */ +/* $OpenBSD: auth.c,v 1.5 2002/03/22 13:49:27 hin Exp $ */ /*- * Copyright (c) 1991, 1993 @@ -108,6 +108,8 @@ extern rsaencpwd_printsub(); #endif int auth_debug_mode = 0; +int auth_has_failed = 0; +int auth_enable_encrypt = 0; static const char *Name = "Noname"; static int Server = 0; static Authenticator *authenticated = 0; @@ -476,6 +478,7 @@ auth_send(unsigned char *data, int cnt) if (auth_debug_mode) printf(">>>%s: Sent failure message\r\n", Name); auth_finished(0, AUTH_REJECT); + auth_has_failed = 1; #ifdef KANNAN /* * We requested strong authentication, however no mechanisms worked. diff --git a/lib/libtelnet/enc-proto.h b/lib/libtelnet/enc-proto.h index 3663556b034..6fe5181e0de 100644 --- a/lib/libtelnet/enc-proto.h +++ b/lib/libtelnet/enc-proto.h @@ -67,7 +67,7 @@ * or implied warranty. */ -/* $KTH: enc-proto.h,v 1.10 2000/01/18 03:09:56 assar Exp $ */ +/* $KTH: enc-proto.h,v 1.10.8.1 2002/02/06 03:38:05 assar Exp $ */ #if defined(ENCRYPTION) Encryptions *findencryption (int); @@ -105,6 +105,7 @@ void encrypt_request_start(unsigned char*, int); void encrypt_send_end(void); void encrypt_send_keyid(int, unsigned char*, int, int); void encrypt_send_request_end(void); +int encrypt_is_encrypting(void); void encrypt_send_request_start(void); void encrypt_send_support(void); void encrypt_session_key(Session_Key*, int); diff --git a/lib/libtelnet/encrypt.c b/lib/libtelnet/encrypt.c index 8c0404f3ef7..4aeaf93106d 100644 --- a/lib/libtelnet/encrypt.c +++ b/lib/libtelnet/encrypt.c @@ -1,5 +1,4 @@ -/* $OpenBSD: encrypt.c,v 1.6 2001/09/18 00:48:58 jcs Exp $ */ -/* $KTH: encrypt.c,v 1.19 1997/11/02 03:58:03 assar Exp $ */ +/* $OpenBSD: encrypt.c,v 1.7 2002/03/22 13:49:28 hin Exp $ */ /*- * Copyright (c) 1991, 1993 @@ -66,7 +65,9 @@ * or implied warranty. */ -/* $KTH: encrypt.c,v 1.22 2000/01/18 03:10:35 assar Exp $ */ +/* +RCSID("$KTH: encrypt.c,v 1.22.8.1 2002/02/06 03:39:13 assar Exp $"); +*/ #if defined(ENCRYPTION) @@ -958,6 +959,13 @@ encrypt_delay(void) return 0; } +int encrypt_is_encrypting() +{ + if (encrypt_output && decrypt_input) + return 1; + return 0; +} + void encrypt_debug(int mode) { diff --git a/usr.bin/telnet/authenc.c b/usr.bin/telnet/authenc.c index ba86eea4416..6742bb051f7 100644 --- a/usr.bin/telnet/authenc.c +++ b/usr.bin/telnet/authenc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authenc.c,v 1.4 2001/05/25 10:24:25 hin Exp $ */ +/* $OpenBSD: authenc.c,v 1.5 2002/03/22 13:49:28 hin Exp $ */ /* $NetBSD: authenc.c,v 1.5 1996/02/28 21:03:52 thorpej Exp $ */ /*- @@ -34,6 +34,10 @@ * SUCH DAMAGE. */ +/* +RCSID("$Id: authenc.c,v 1.5 2002/03/22 13:49:28 hin Exp $"); +*/ + #include "telnet_locl.h" #if defined(AUTHENTICATION) || defined(ENCRYPTION) @@ -66,7 +70,14 @@ net_encrypt() int telnet_spin() { - return(-1); + extern int scheduler_lockout_tty; + + scheduler_lockout_tty = 1; + Scheduler(0); + scheduler_lockout_tty = 0; + + return 0; + } char * diff --git a/usr.bin/telnet/externs.h b/usr.bin/telnet/externs.h index 7e898681cfa..a6e2bab6f4c 100644 --- a/usr.bin/telnet/externs.h +++ b/usr.bin/telnet/externs.h @@ -1,4 +1,4 @@ -/* $OpenBSD: externs.h,v 1.8 2002/02/17 17:20:49 millert Exp $ */ +/* $OpenBSD: externs.h,v 1.9 2002/03/22 13:49:28 hin Exp $ */ /* $KTH: externs.h,v 1.16 1997/11/29 02:28:35 joda Exp $ */ /* @@ -68,6 +68,7 @@ extern int localchars, /* we recognize interrupt/quit */ donelclchars, /* the user has set "localchars" */ showoptions, + wantencryption, /* User has requested encryption */ net, /* Network file descriptor */ tin, /* Terminal input file descriptor */ tout, /* Terminal output file descriptor */ @@ -87,6 +88,8 @@ extern int termdata, /* Print out terminal data flow */ debug; /* Debug level */ +extern sig_atomic_t intr_happened, intr_waiting; /* for interrupt handling */ + extern cc_t escape; /* Escape to command mode */ extern cc_t rlogin; /* Rlogin mode escape character */ #ifdef KLUDGELINEMODE diff --git a/usr.bin/telnet/main.c b/usr.bin/telnet/main.c index 78237353a55..6f8833eaa9a 100644 --- a/usr.bin/telnet/main.c +++ b/usr.bin/telnet/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.12 2001/11/03 00:07:53 hin Exp $ */ +/* $OpenBSD: main.c,v 1.13 2002/03/22 13:49:28 hin Exp $ */ /* $NetBSD: main.c,v 1.5 1996/02/28 21:04:05 thorpej Exp $ */ /* @@ -140,6 +140,7 @@ krb5_init(void) "libdefaults", "encrypt", NULL)) { encrypt_auto(1); decrypt_auto(1); + wantencryption = 1; EncryptVerbose(1); } #endif @@ -337,6 +338,7 @@ main(argc, argv) #ifdef ENCRYPTION encrypt_auto(1); decrypt_auto(1); + wantencryption = 1; EncryptVerbose(1); #else fprintf(stderr, @@ -353,15 +355,15 @@ main(argc, argv) if (autologin == -1) { #if defined(AUTHENTICATION) - if(check_krb4_tickets() || check_krb5_tickets()) - autologin = 1; + if(check_krb4_tickets() || check_krb5_tickets()) + autologin = 1; #endif #if defined(ENCRYPTION) encrypt_auto(1); decrypt_auto(1); #endif } - + if (autologin == -1) autologin = (rlogin == _POSIX_VDISABLE) ? 0 : 1; diff --git a/usr.bin/telnet/sys_bsd.c b/usr.bin/telnet/sys_bsd.c index 9871de567a6..0d83dcbf6c2 100644 --- a/usr.bin/telnet/sys_bsd.c +++ b/usr.bin/telnet/sys_bsd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_bsd.c,v 1.10 2001/11/19 19:02:16 mpech Exp $ */ +/* $OpenBSD: sys_bsd.c,v 1.11 2002/03/22 13:49:28 hin Exp $ */ /* $NetBSD: sys_bsd.c,v 1.11 1996/02/28 21:04:10 thorpej Exp $ */ /* @@ -844,11 +844,18 @@ deadpeer(sig) longjmp(peerdied, -1); } +sig_atomic_t intr_happened = 0; +sig_atomic_t intr_waiting = 0; + /* ARGSUSED */ void intr(sig) int sig; { + if (intr_waiting) { + intr_happened = 1; + return; + } if (localchars) { intp(); return; diff --git a/usr.bin/telnet/telnet.1 b/usr.bin/telnet/telnet.1 index cffff7782d4..1ce44cd8c30 100644 --- a/usr.bin/telnet/telnet.1 +++ b/usr.bin/telnet/telnet.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: telnet.1,v 1.28 2001/06/23 22:14:27 hin Exp $ +.\" $OpenBSD: telnet.1,v 1.29 2002/03/22 13:49:28 hin Exp $ .\" $NetBSD: telnet.1,v 1.5 1996/02/28 21:04:12 thorpej Exp $ .\" .\" Copyright (c) 1983, 1990, 1993 @@ -186,7 +186,10 @@ unless modified by the .Fl e option. .It Fl x -Turns on encryption of the data stream if Kerberos is used. +Turn on encryption of the data stream. When this option is turned on, +.Nm +will exit with an error if authentication cannot be negotiated or if +encryption cannot be turned on. .It Ar host Indicates the official name, an alias, or the Internet address of a remote host. diff --git a/usr.bin/telnet/telnet.c b/usr.bin/telnet/telnet.c index 9b0b1c82dcc..b31928f5574 100644 --- a/usr.bin/telnet/telnet.c +++ b/usr.bin/telnet/telnet.c @@ -1,4 +1,4 @@ -/* $OpenBSD: telnet.c,v 1.14 2002/02/17 17:20:49 millert Exp $ */ +/* $OpenBSD: telnet.c,v 1.15 2002/03/22 13:49:28 hin Exp $ */ /* $NetBSD: telnet.c,v 1.7 1996/02/28 21:04:15 thorpej Exp $ */ /* @@ -76,6 +76,7 @@ int askedSGA = 0, /* We have talked about suppress go ahead */ #endif /* defined(TN3270) */ telnetport, + wantencryption = 0, SYNCHing, /* we are in TELNET SYNCH mode */ flushout, /* flush output */ autoflush = 0, /* flush output when interrupting? */ @@ -91,6 +92,8 @@ int char *prompt = 0; +int scheduler_lockout_tty = 0; + cc_t escape; cc_t rlogin; #ifdef KLUDGELINEMODE @@ -2110,6 +2113,11 @@ Scheduler(block) netex = !SYNCHing; /* If we have seen a signal recently, reset things */ + + if (scheduler_lockout_tty) { + ttyin = ttyout = 0; + } + # if defined(TN3270) && defined(unix) if (HaveInput) { HaveInput = 0; @@ -2159,6 +2167,8 @@ Scheduler(block) telnet(user) char *user; { + int printed_encrypt = 0; + sys_telnet_init(); #if defined(AUTHENTICATION) || defined(ENCRYPTION) @@ -2198,6 +2208,68 @@ telnet(user) } # endif /* !defined(TN3270) */ +#ifdef ENCRYPTION + /* + * Note: we assume a tie to the authentication option here. This + * is necessary so that authentication fails, we don't spin + * forever. + */ + if (wantencryption) { + extern int auth_has_failed; + time_t timeout = time(0) + 60; + + send_do(TELOPT_ENCRYPT, 1); + send_will(TELOPT_ENCRYPT, 1); + while (1) { + if (my_want_state_is_wont(TELOPT_AUTHENTICATION)) { + if (wantencryption == -1) { + break; + } else { + printf("\nServer refused to negotiate authentication,"); + printf(" which is required for encryption.\n"); + Exit(1); + } + } + if (auth_has_failed) { + printf("\nAuthentication negotation has failed,"); + printf(" which is required for encryption.\n"); + Exit(1); + } + if (my_want_state_is_dont(TELOPT_ENCRYPT) || + my_want_state_is_wont(TELOPT_ENCRYPT)) { + printf("\nServer refused to negotiate encryption.\n"); + Exit(1); + } + if (encrypt_is_encrypting()) + break; + if (time(0) > timeout) { + printf("\nEncryption could not be enabled.\n"); + Exit(1); + } + if (printed_encrypt == 0) { + printed_encrypt = 1; + printf("Waiting for encryption to be negotiated...\n"); + /* + * Turn on MODE_TRAPSIG and then turn off localchars + * so that ^C will cause telnet to exit. + */ + TerminalNewMode(getconnmode()|MODE_TRAPSIG); + intr_waiting = 1; + } + if (intr_happened) { + printf("\nUser interrupt.\n"); + Exit(1); + } + telnet_spin(); + } + if (printed_encrypt) { + printf("Encryption negotiated.\n"); + intr_waiting = 0; + setconnmode(0); + } + } +#endif + # if !defined(TN3270) for (;;) { int schedValue; |