diff options
Diffstat (limited to 'libexec')
-rw-r--r-- | libexec/telnetd/Makefile | 16 | ||||
-rw-r--r-- | libexec/telnetd/authenc.c | 15 | ||||
-rw-r--r-- | libexec/telnetd/defs.h | 77 | ||||
-rw-r--r-- | libexec/telnetd/ext.h | 10 | ||||
-rw-r--r-- | libexec/telnetd/global.c | 22 | ||||
-rw-r--r-- | libexec/telnetd/state.c | 100 | ||||
-rw-r--r-- | libexec/telnetd/sys_term.c | 14 | ||||
-rw-r--r-- | libexec/telnetd/telnetd.c | 29 | ||||
-rw-r--r-- | libexec/telnetd/utility.c | 121 |
9 files changed, 288 insertions, 116 deletions
diff --git a/libexec/telnetd/Makefile b/libexec/telnetd/Makefile index 5d04c5c1193..1571d928ba6 100644 --- a/libexec/telnetd/Makefile +++ b/libexec/telnetd/Makefile @@ -1,8 +1,9 @@ -# $OpenBSD: Makefile,v 1.3 1997/03/26 00:34:38 deraadt Exp $ +# $OpenBSD: Makefile,v 1.4 1998/03/12 04:53:06 art Exp $ # from: @(#)Makefile 8.2 (Berkeley) 12/15/93 # $NetBSD: Makefile,v 1.6 1996/02/24 01:22:12 jtk Exp $ PROG= telnetd + CFLAGS+=-DLINEMODE -DKLUDGELINEMODE -DUSE_TERMIO -DDIAGNOSTICS CFLAGS+=-DOLD_ENVIRON -DENV_HACK -I${.CURDIR} SRCS= authenc.c global.c slc.c state.c sys_term.c telnetd.c \ @@ -11,13 +12,12 @@ DPADD= ${LIBUTIL} ${LIBTERM} ${LIBTELNET} LDADD+= -lutil -ltermcap -ltelnet MAN= telnetd.8 +.include <bsd.own.mk> # for KERBEROS -# These are the sources that have encryption stuff in them. -CRYPT_SRC= authenc.c ext.h state.c telnetd.c termstat.c -CRYPT_SRC+= utility.c Makefile -NOCRYPT_DIR=${.CURDIR}/Nocrypt +.if (${KERBEROS} == "yes") +CFLAGS+=-DENCRYPTION -DAUTHENTICATION -DKRB4 -I${.CURDIR}/../../lib +LDADD+= -lkrb -ldes +DPADD+= ${LIBDES} ${LIBKRB} +.endif .include <bsd.prog.mk> - -nocrypt: - @echo "Encryption code already removed." diff --git a/libexec/telnetd/authenc.c b/libexec/telnetd/authenc.c index 4cea82cc7fe..f8e0b2d9ef2 100644 --- a/libexec/telnetd/authenc.c +++ b/libexec/telnetd/authenc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: authenc.c,v 1.2 1996/03/28 23:21:54 niklas Exp $ */ +/* $OpenBSD: authenc.c,v 1.3 1998/03/12 04:53:07 art Exp $ */ /* $NetBSD: authenc.c,v 1.3 1996/02/28 20:38:08 thorpej Exp $ */ /*- @@ -39,7 +39,7 @@ static char sccsid[] = "@(#)authenc.c 8.2 (Berkeley) 5/30/95"; static char rcsid[] = "$NetBSD: authenc.c,v 1.3 1996/02/28 20:38:08 thorpej Exp $"; #else -static char rcsid[] = "$OpenBSD: authenc.c,v 1.2 1996/03/28 23:21:54 niklas Exp $"; +static char rcsid[] = "$OpenBSD: authenc.c,v 1.3 1998/03/12 04:53:07 art Exp $"; #endif #endif /* not lint */ @@ -63,6 +63,13 @@ net_write(str, len) void net_encrypt() { +#ifdef ENCRYPTION + char *s = (nclearto > nbackp) ? nclearto : nbackp; + if (s < nfrontp && encrypt_output) { + (*encrypt_output)((unsigned char *)s, nfrontp - s); + } + nclearto = nfrontp; +#endif } int @@ -76,7 +83,7 @@ telnet_spin() telnet_getenv(val) char *val; { - extern char *getenv(); + extern char *getenv(const char *); return(getenv(val)); } @@ -87,6 +94,6 @@ telnet_gets(prompt, result, length, echo) int length; int echo; { - return((char *)0); + return NULL; } #endif /* defined(AUTHENTICATION) */ diff --git a/libexec/telnetd/defs.h b/libexec/telnetd/defs.h index a6a47ff10fa..12f450eadfc 100644 --- a/libexec/telnetd/defs.h +++ b/libexec/telnetd/defs.h @@ -1,4 +1,4 @@ -/* $OpenBSD: defs.h,v 1.2 1996/03/28 23:21:55 niklas Exp $ */ +/* $OpenBSD: defs.h,v 1.3 1998/03/12 04:53:09 art Exp $ */ /* $NetBSD: defs.h,v 1.6 1996/02/28 20:38:10 thorpej Exp $ */ /* @@ -46,55 +46,26 @@ # define BSD 43 #endif -#if defined(CRAY) && !defined(LINEMODE) -# define SYSV_TERMIO -# define LINEMODE -# define KLUDGELINEMODE -# define DIAGNOSTICS -# if defined(UNICOS50) && !defined(UNICOS5) -# define UNICOS5 -# endif -# if !defined(UNICOS5) -# define BFTPDAEMON -# define HAS_IP_TOS -# endif -#endif /* CRAY */ -#if defined(UNICOS5) && !defined(NO_SETSID) -# define NO_SETSID -#endif - #if defined(PRINTOPTIONS) && defined(DIAGNOSTICS) #define TELOPTS #define TELCMDS #define SLC_NAMES #endif -#if defined(SYSV_TERMIO) && !defined(USE_TERMIO) -# define USE_TERMIO -#endif - #include <sys/socket.h> -#ifndef CRAY #include <sys/wait.h> -#endif /* CRAY */ #include <fcntl.h> #include <sys/file.h> #include <sys/stat.h> #include <sys/time.h> -#ifndef FILIO_H #include <sys/ioctl.h> -#else -#include <sys/filio.h> -#endif #include <netinet/in.h> #include <arpa/telnet.h> #include <stdio.h> -#ifdef __STDC__ #include <stdlib.h> -#endif #include <signal.h> #include <errno.h> #include <netdb.h> @@ -106,11 +77,7 @@ #define LOG_ODELAY 0 #endif #include <ctype.h> -#ifndef NO_STRING_H #include <string.h> -#else -#include <strings.h> -#endif #ifndef USE_TERMIO #include <sgtty.h> @@ -124,50 +91,24 @@ #if !defined(USE_TERMIO) || defined(NO_CC_T) typedef unsigned char cc_t; #endif - -#ifdef __STDC__ #include <unistd.h> -#endif -#ifndef _POSIX_VDISABLE -# ifdef VDISABLE -# define _POSIX_VDISABLE VDISABLE -# else -# define _POSIX_VDISABLE ((unsigned char)'\377') -# endif +#if !defined(TIOCSCTTY) && defined(TCSETCTTY) +# define TIOCSCTTY TCSETCTTY #endif - -#ifdef CRAY -# ifdef CRAY1 -# include <sys/pty.h> -# ifndef FD_ZERO -# include <sys/select.h> -# endif /* FD_ZERO */ -# endif /* CRAY1 */ - -#include <memory.h> -#endif /* CRAY */ - -#ifdef __hpux -#include <sys/ptyio.h> +#ifndef TIOCPKT_FLUSHWRITE +#define TIOCPKT_FLUSHWRITE 0x02 #endif -#if !defined(TIOCSCTTY) && defined(TCSETCTTY) -# define TIOCSCTTY TCSETCTTY +#ifndef TIOCPKT_NOSTOP +#define TIOCPKT_NOSTOP 0x10 #endif -#ifndef FD_SET -#ifndef HAVE_fd_set -typedef struct fd_set { int fds_bits[1]; } fd_set; +#ifndef TIOCPKT_DOSTOP +#define TIOCPKT_DOSTOP 0x20 #endif -#define FD_SET(n, p) ((p)->fds_bits[0] |= (1<<(n))) -#define FD_CLR(n, p) ((p)->fds_bits[0] &= ~(1<<(n))) -#define FD_ISSET(n, p) ((p)->fds_bits[0] & (1<<(n))) -#define FD_ZERO(p) ((p)->fds_bits[0] = 0) -#endif /* FD_SET */ - /* * I/O data buffers defines */ diff --git a/libexec/telnetd/ext.h b/libexec/telnetd/ext.h index 4b352bb71ab..b059393c6a0 100644 --- a/libexec/telnetd/ext.h +++ b/libexec/telnetd/ext.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ext.h,v 1.3 1997/07/14 01:40:38 millert Exp $ */ +/* $OpenBSD: ext.h,v 1.4 1998/03/12 04:53:10 art Exp $ */ /* $NetBSD: ext.h,v 1.6 1996/02/28 20:38:13 thorpej Exp $ */ /* @@ -123,7 +123,7 @@ extern void #ifdef DIAGNOSTICS printoption P((char *, int)), printdata P((char *, char *, int)), - printsub P((int, unsigned char *, int)), + printsub P((char, unsigned char *, int)), #endif ptyflush P((void)), putchr P((int)), @@ -190,7 +190,11 @@ extern void wontoption P((int)), writenet P((unsigned char *, int)); - +#ifdef ENCRYPTION +extern void (*encrypt_output) (unsigned char *, int); +extern int (*decrypt_input) (int); +extern char *nclearto; +#endif /* * The following are some clocks used to decide how to interpret diff --git a/libexec/telnetd/global.c b/libexec/telnetd/global.c index 9250a129cc7..11b2cd5ed0f 100644 --- a/libexec/telnetd/global.c +++ b/libexec/telnetd/global.c @@ -1,4 +1,4 @@ -/* $OpenBSD: global.c,v 1.2 1996/03/28 23:21:57 niklas Exp $ */ +/* $OpenBSD: global.c,v 1.3 1998/03/12 04:53:11 art Exp $ */ /* $NetBSD: global.c,v 1.6 1996/02/28 20:38:14 thorpej Exp $ */ /* @@ -39,7 +39,7 @@ static char sccsid[] = "@(#)global.c 8.1 (Berkeley) 6/4/93"; static char rcsid[] = "$NetBSD: global.c,v 1.6 1996/02/28 20:38:14 thorpej Exp $"; #else -static char rcsid[] = "$OpenBSD: global.c,v 1.2 1996/03/28 23:21:57 niklas Exp $"; +static char rcsid[] = "$OpenBSD: global.c,v 1.3 1998/03/12 04:53:11 art Exp $"; #endif #endif /* not lint */ @@ -51,6 +51,24 @@ static char rcsid[] = "$OpenBSD: global.c,v 1.2 1996/03/28 23:21:57 niklas Exp $ * we will actually allocate the space. */ +#include <stdarg.h> #include <defs.h> #define extern #include <ext.h> + +int +output_data (const char *format, ...) +{ + va_list args; + size_t remaining, ret; + + va_start(args, format); + remaining = BUFSIZ - (nfrontp - netobuf); + ret = vsnprintf (nfrontp, + remaining, + format, + args); + nfrontp += ret; + va_end(args); + return ret; +} diff --git a/libexec/telnetd/state.c b/libexec/telnetd/state.c index c74ae4635e2..8cea155050a 100644 --- a/libexec/telnetd/state.c +++ b/libexec/telnetd/state.c @@ -1,4 +1,4 @@ -/* $OpenBSD: state.c,v 1.5 1996/08/24 09:03:42 deraadt Exp $ */ +/* $OpenBSD: state.c,v 1.6 1998/03/12 04:53:12 art Exp $ */ /* $NetBSD: state.c,v 1.9 1996/02/28 20:38:19 thorpej Exp $ */ /* @@ -39,7 +39,7 @@ static char sccsid[] = "@(#)state.c 8.5 (Berkeley) 5/30/95"; static char rcsid[] = "$NetBSD: state.c,v 1.9 1996/02/28 20:38:19 thorpej Exp $"; #else -static char rcsid[] = "$OpenBSD: state.c,v 1.5 1996/08/24 09:03:42 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: state.c,v 1.6 1998/03/12 04:53:12 art Exp $"; #endif #endif /* not lint */ @@ -94,14 +94,15 @@ telrcv() { register int c; static int state = TS_DATA; -#if defined(CRAY2) && defined(UNICOS5) - char *opfrontp = pfrontp; -#endif while (ncc > 0) { if ((&ptyobuf[BUFSIZ] - pfrontp) < 2) break; c = *netip++ & 0377, ncc--; +#ifdef ENCRYPTION + if (decrypt_input) + c = (*decrypt_input)(c); +#endif switch (state) { case TS_CR: @@ -141,7 +142,15 @@ telrcv() c = '\n'; } else #endif +#ifdef ENCRYPTION + if (decrypt_input) + nc = (*decrypt_input)(nc & 0xff); +#endif { +#ifdef ENCRYPTION + if (decrypt_input) + (void)(*decrypt_input)(-1); +#endif state = TS_CR; } } @@ -356,21 +365,6 @@ gotiac: switch (c) { exit(1); } } -#if defined(CRAY2) && defined(UNICOS5) - if (!linemode) { - char xptyobuf[BUFSIZ+NETSLOP]; - char xbuf2[BUFSIZ]; - register char *cp; - int n = pfrontp - opfrontp, oc; - memmove(xptyobuf, opfrontp, n); - pfrontp = opfrontp; - pfrontp += term_input(xptyobuf, pfrontp, n, BUFSIZ+NETSLOP, - xbuf2, &oc, BUFSIZ); - for (cp = xbuf2; oc > 0; --oc) - if ((*nfrontp++ = *cp++) == IAC) - *nfrontp++ = IAC; - } -#endif /* defined(CRAY2) && defined(UNICOS5) */ } /* end of telrcv */ /* @@ -455,11 +449,15 @@ send_do(option, init) } #ifdef AUTHENTICATION -extern void auth_request(); +extern void auth_request(void); #endif #ifdef LINEMODE extern void doclientstat(); #endif +#ifdef ENCRYPTION +extern void encrypt_send_support(); +#endif + void willoption(option) @@ -573,6 +571,12 @@ willoption(option) break; #endif +#ifdef ENCRYPTION + case TELOPT_ENCRYPT: + func = encrypt_send_support; + changeok++; + break; +#endif default: break; @@ -632,6 +636,12 @@ willoption(option) break; #endif +#ifdef ENCRYPTION + case TELOPT_ENCRYPT: + func = encrypt_send_support; + break; +#endif + case TELOPT_LFLOW: func = flowstat; break; @@ -920,6 +930,11 @@ dooption(option) cleanup(0); /* NOT REACHED */ break; +#ifdef ENCRYPTION + case TELOPT_ENCRYPT: + changeok++; + break; +#endif case TELOPT_LINEMODE: case TELOPT_TTYPE: @@ -1485,6 +1500,49 @@ suboption() } break; #endif +#ifdef ENCRYPTION + case TELOPT_ENCRYPT: + if (SB_EOF()) + break; + switch(SB_GET()) { + case ENCRYPT_SUPPORT: + encrypt_support(subpointer, SB_LEN()); + break; + case ENCRYPT_IS: + encrypt_is(subpointer, SB_LEN()); + break; + case ENCRYPT_REPLY: + encrypt_reply(subpointer, SB_LEN()); + break; + case ENCRYPT_START: + encrypt_start(subpointer, SB_LEN()); + break; + case ENCRYPT_END: + encrypt_end(); + break; + case ENCRYPT_REQSTART: + encrypt_request_start(subpointer, SB_LEN()); + break; + case ENCRYPT_REQEND: + /* + * We can always send an REQEND so that we cannot + * get stuck encrypting. We should only get this + * if we have been able to get in the correct mode + * anyhow. + */ + encrypt_request_end(); + break; + case ENCRYPT_ENC_KEYID: + encrypt_enc_keyid(subpointer, SB_LEN()); + break; + case ENCRYPT_DEC_KEYID: + encrypt_dec_keyid(subpointer, SB_LEN()); + break; + default: + break; + } + break; +#endif default: break; diff --git a/libexec/telnetd/sys_term.c b/libexec/telnetd/sys_term.c index 5e86141b09c..b4c07d09e4f 100644 --- a/libexec/telnetd/sys_term.c +++ b/libexec/telnetd/sys_term.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sys_term.c,v 1.8 1997/07/23 20:36:35 kstailey Exp $ */ +/* $OpenBSD: sys_term.c,v 1.9 1998/03/12 04:53:14 art Exp $ */ /* $NetBSD: sys_term.c,v 1.9 1996/03/20 04:25:53 tls Exp $ */ /* @@ -39,7 +39,7 @@ static char sccsid[] = "@(#)sys_term.c 8.4+1 (Berkeley) 5/30/95"; static char rcsid[] = "$NetBSD: sys_term.c,v 1.8 1996/02/28 20:38:21 thorpej Exp $"; #else -static char rcsid[] = "$OpenBSD: sys_term.c,v 1.8 1997/07/23 20:36:35 kstailey Exp $"; +static char rcsid[] = "$OpenBSD: sys_term.c,v 1.9 1998/03/12 04:53:14 art Exp $"; #endif #endif /* not lint */ @@ -1415,6 +1415,16 @@ startslave(host, autologin, autoname) #endif #ifndef NEWINIT + { + char *tbuf = + "\r\n*** Connection not encrypted! " + "Communication may be eavesdropped. ***\r\n"; +#ifdef ENCRYPTION + if (encrypt_output == 0 || decrypt_input == 0) +#endif + writenet((unsigned char*)tbuf, strlen(tbuf)); + } + # ifdef PARENT_DOES_UTMP utmp_sig_init(); # endif /* PARENT_DOES_UTMP */ diff --git a/libexec/telnetd/telnetd.c b/libexec/telnetd/telnetd.c index ef7d3d38b2b..87dc2f14c80 100644 --- a/libexec/telnetd/telnetd.c +++ b/libexec/telnetd/telnetd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: telnetd.c,v 1.7 1997/07/14 01:40:39 millert Exp $ */ +/* $OpenBSD: telnetd.c,v 1.8 1998/03/12 04:53:15 art Exp $ */ /* $NetBSD: telnetd.c,v 1.6 1996/03/20 04:25:57 tls Exp $ */ /* @@ -45,7 +45,7 @@ static char copyright[] = static char sccsid[] = "@(#)telnetd.c 8.4 (Berkeley) 5/30/95"; static char rcsid[] = "$NetBSD: telnetd.c,v 1.5 1996/02/28 20:38:23 thorpej Exp $"; #else -static char rcsid[] = "$OpenBSD: telnetd.c,v 1.7 1997/07/14 01:40:39 millert Exp $"; +static char rcsid[] = "$OpenBSD: telnetd.c,v 1.8 1998/03/12 04:53:15 art Exp $"; #endif #endif /* not lint */ @@ -189,11 +189,19 @@ main(argc, argv) int tos = -1; #endif +#ifdef ENCRYPTION + extern int des_check_key; + des_check_key = 1; /* Kludge for Mac NCSA telnet 2.6 /bg */ +#endif + pfrontp = pbackp = ptyobuf; netip = netibuf; nfrontp = nbackp = netobuf; progname = *argv; +#ifdef ENCRYPTION + nclearto = 0; +#endif #ifdef CRAY /* @@ -212,7 +220,6 @@ main(argc, argv) * Check for required authentication level */ if (strcmp(optarg, "debug") == 0) { - extern int auth_debug_mode; auth_debug_mode = 1; } else if (strcasecmp(optarg, "none") == 0) { auth_level = 0; @@ -610,12 +617,19 @@ getterminaltype(name) } #endif +#ifdef ENCRYPTION + send_will(TELOPT_ENCRYPT, 1); + send_do(TELOPT_ENCRYPT, 1); /* esc@magic.fi */ +#endif send_do(TELOPT_TTYPE, 1); send_do(TELOPT_TSPEED, 1); send_do(TELOPT_XDISPLOC, 1); send_do(TELOPT_NEW_ENVIRON, 1); send_do(TELOPT_OLD_ENVIRON, 1); while ( +#ifdef ENCRYPTION + his_do_dont_is_changing(TELOPT_ENCRYPT) || +#endif his_will_wont_is_changing(TELOPT_TTYPE) || his_will_wont_is_changing(TELOPT_TSPEED) || his_will_wont_is_changing(TELOPT_XDISPLOC) || @@ -623,6 +637,15 @@ getterminaltype(name) his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) { ttloop(); } +#ifdef ENCRYPTION + /* + * Wait for the negotiation of what type of encryption we can + * send with. If autoencrypt is not set, this will just return. + */ + if (his_state_is_will(TELOPT_ENCRYPT)) { + encrypt_wait(); + } +#endif if (his_state_is_will(TELOPT_TSPEED)) { static unsigned char sb[] = { IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE }; diff --git a/libexec/telnetd/utility.c b/libexec/telnetd/utility.c index 1cd559966e6..85e01b9e1ff 100644 --- a/libexec/telnetd/utility.c +++ b/libexec/telnetd/utility.c @@ -1,4 +1,4 @@ -/* $OpenBSD: utility.c,v 1.9 1998/02/16 04:57:55 jason Exp $ */ +/* $OpenBSD: utility.c,v 1.10 1998/03/12 04:53:17 art Exp $ */ /* $NetBSD: utility.c,v 1.9 1996/02/28 20:38:29 thorpej Exp $ */ /* @@ -39,7 +39,7 @@ static char sccsid[] = "@(#)utility.c 8.4 (Berkeley) 5/30/95"; static char rcsid[] = "$NetBSD: utility.c,v 1.9 1996/02/28 20:38:29 thorpej Exp $"; #else -static char rcsid[] = "$OpenBSD: utility.c,v 1.9 1998/02/16 04:57:55 jason Exp $"; +static char rcsid[] = "$OpenBSD: utility.c,v 1.10 1998/03/12 04:53:17 art Exp $"; #endif #endif /* not lint */ @@ -202,8 +202,11 @@ netclear() char *good; #define wewant(p) ((nfrontp > p) && ((*p&0xff) == IAC) && \ ((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL)) - +#ifdef ENCRYPTION + thisitem = nclearto > netobuf ? nclearto : netobuf; +#else thisitem = netobuf; +#endif while ((next = nextitem(thisitem)) <= nbackp) { thisitem = next; @@ -211,7 +214,11 @@ netclear() /* Now, thisitem is first before/at boundary. */ +#ifdef ENCRYPTION + good = nclearto > netobuf ? nclearto : netobuf; +#else good = netobuf; /* where the good bytes go */ +#endif while (nfrontp > thisitem) { if (wewant(thisitem)) { @@ -252,6 +259,15 @@ netflush() n += strlen(nfrontp); /* get count first */ nfrontp += strlen(nfrontp); /* then move pointer */ }); +#ifdef ENCRYPTION + if (encrypt_output) { + char *s = nclearto ? nclearto : nbackp; + if (nfrontp - s > 0) { + (*encrypt_output)((unsigned char *)s, nfrontp-s); + nclearto = nfrontp; + } + } +#endif /* * if no urgent data, or if the other side appears to be an * old 4.2 client (and thus unable to survive TCP urgent data), @@ -282,11 +298,18 @@ netflush() cleanup(0); } nbackp += n; +#ifdef ENCRYPTION + if (nbackp > nclearto) + nclearto = 0; +#endif if (nbackp >= neturg) { neturg = 0; } if (nbackp == nfrontp) { nbackp = nfrontp = netobuf; +#ifdef ENCRYPTION + nclearto = 0; +#endif } return; } /* end of netflush */ @@ -331,8 +354,19 @@ fatal(f, msg) { char buf[BUFSIZ]; - (void) sprintf(buf, "telnetd: %s.\r\n", msg); - (void) write(f, buf, (int)strlen(buf)); + snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg); +#ifdef ENCRYPTION + if (encrypt_output) { + /* + * Better turn off encryption first.... + * Hope it flushes... + */ + encrypt_send_end(); + netflush(); + } +#endif + write(f, buf, (int)strlen(buf)); + sleep(1); /*XXX*/ exit(1); } @@ -1038,6 +1072,83 @@ printsub(direction, pointer, length) break; #endif +#ifdef ENCRYPTION + case TELOPT_ENCRYPT: + output_data("ENCRYPT"); + if (length < 2) { + output_data(" (empty suboption?)"); + break; + } + switch (pointer[1]) { + case ENCRYPT_START: + output_data(" START"); + break; + + case ENCRYPT_END: + output_data(" END"); + break; + + case ENCRYPT_REQSTART: + output_data(" REQUEST-START"); + break; + + case ENCRYPT_REQEND: + output_data(" REQUEST-END"); + break; + + case ENCRYPT_IS: + case ENCRYPT_REPLY: + output_data(" %s ", + (pointer[1] == ENCRYPT_IS) ? + "IS" : "REPLY"); + if (length < 3) { + output_data(" (partial suboption?)"); + break; + } + if (ENCTYPE_NAME_OK(pointer[2])) + output_data("%s ", + ENCTYPE_NAME(pointer[2])); + else + output_data(" %d (unknown)", + pointer[2]); + + encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf)); + output_data("%s", + buf); + break; + + case ENCRYPT_SUPPORT: + i = 2; + output_data(" SUPPORT "); + while (i < length) { + if (ENCTYPE_NAME_OK(pointer[i])) + output_data("%s ", + ENCTYPE_NAME(pointer[i])); + else + output_data("%d ", + pointer[i]); + i++; + } + break; + + case ENCRYPT_ENC_KEYID: + output_data(" ENC_KEYID %d", pointer[1]); + goto encommon; + + case ENCRYPT_DEC_KEYID: + output_data(" DEC_KEYID %d", pointer[1]); + goto encommon; + + default: + output_data(" %d (unknown)", pointer[1]); + encommon: + for (i = 2; i < length; i++) { + output_data(" %d", pointer[i]); + } + break; + } + break; +#endif /* ENCRYPTION */ default: if (TELOPT_OK(pointer[0])) |