146800Sdab /*-
261381Sbostic * Copyright (c) 1991, 1993
361381Sbostic * The Regents of the University of California. All rights reserved.
446800Sdab *
546800Sdab * %sccs.include.redist.c%
646800Sdab */
746800Sdab
846800Sdab #ifndef lint
9*69784Sdab static char sccsid[] = "@(#)auth.c 8.3 (Berkeley) 05/30/95";
1046800Sdab #endif /* not lint */
1146800Sdab
1246800Sdab /*
1346800Sdab * Copyright (C) 1990 by the Massachusetts Institute of Technology
1446800Sdab *
1546800Sdab * Export of this software from the United States of America is assumed
1646800Sdab * to require a specific license from the United States Government.
1746800Sdab * It is the responsibility of any person or organization contemplating
1846800Sdab * export to obtain such a license before exporting.
1946800Sdab *
2046800Sdab * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
2146800Sdab * distribute this software and its documentation for any purpose and
2246800Sdab * without fee is hereby granted, provided that the above copyright
2346800Sdab * notice appear in all copies and that both that copyright notice and
2446800Sdab * this permission notice appear in supporting documentation, and that
2546800Sdab * the name of M.I.T. not be used in advertising or publicity pertaining
2646800Sdab * to distribution of the software without specific, written prior
2746800Sdab * permission. M.I.T. makes no representations about the suitability of
2846800Sdab * this software for any purpose. It is provided "as is" without express
2946800Sdab * or implied warranty.
3046800Sdab */
3146800Sdab
3246800Sdab
3357214Sdab #if defined(AUTHENTICATION)
3446800Sdab #include <stdio.h>
3546800Sdab #include <sys/types.h>
3646800Sdab #include <signal.h>
3746800Sdab #define AUTH_NAMES
3846800Sdab #include <arpa/telnet.h>
3946800Sdab #ifdef __STDC__
4046800Sdab #include <stdlib.h>
4146800Sdab #endif
4246800Sdab #ifdef NO_STRING_H
4346800Sdab #include <strings.h>
4446800Sdab #else
4546800Sdab #include <string.h>
4646800Sdab #endif
4746800Sdab
4846800Sdab #include "encrypt.h"
4946800Sdab #include "auth.h"
5046800Sdab #include "misc-proto.h"
5146800Sdab #include "auth-proto.h"
5246800Sdab
5346800Sdab #define typemask(x) (1<<((x)-1))
5446800Sdab
5557214Sdab #ifdef KRB4_ENCPWD
5657214Sdab extern krb4encpwd_init();
5757214Sdab extern krb4encpwd_send();
5857214Sdab extern krb4encpwd_is();
5957214Sdab extern krb4encpwd_reply();
6057214Sdab extern krb4encpwd_status();
6157214Sdab extern krb4encpwd_printsub();
6257214Sdab #endif
6357214Sdab
6457214Sdab #ifdef RSA_ENCPWD
6557214Sdab extern rsaencpwd_init();
6657214Sdab extern rsaencpwd_send();
6757214Sdab extern rsaencpwd_is();
6857214Sdab extern rsaencpwd_reply();
6957214Sdab extern rsaencpwd_status();
7057214Sdab extern rsaencpwd_printsub();
7157214Sdab #endif
7257214Sdab
7346800Sdab int auth_debug_mode = 0;
7446800Sdab static char *Name = "Noname";
7546800Sdab static int Server = 0;
7646800Sdab static Authenticator *authenticated = 0;
7746800Sdab static int authenticating = 0;
7846800Sdab static int validuser = 0;
7946800Sdab static unsigned char _auth_send_data[256];
8046800Sdab static unsigned char *auth_send_data;
8146800Sdab static int auth_send_cnt = 0;
8246800Sdab
8346800Sdab /*
8446800Sdab * Authentication types supported. Plese note that these are stored
8546800Sdab * in priority order, i.e. try the first one first.
8646800Sdab */
8746800Sdab Authenticator authenticators[] = {
8857214Sdab #ifdef SPX
8957214Sdab { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
9057214Sdab spx_init,
9157214Sdab spx_send,
9257214Sdab spx_is,
9357214Sdab spx_reply,
9457214Sdab spx_status,
9557214Sdab spx_printsub },
9657214Sdab { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
9757214Sdab spx_init,
9857214Sdab spx_send,
9957214Sdab spx_is,
10057214Sdab spx_reply,
10157214Sdab spx_status,
10257214Sdab spx_printsub },
10357214Sdab #endif
10446800Sdab #ifdef KRB5
10557214Sdab # ifdef ENCRYPTION
10647612Sdab { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
10747612Sdab kerberos5_init,
10847612Sdab kerberos5_send,
10947612Sdab kerberos5_is,
11047612Sdab kerberos5_reply,
11147612Sdab kerberos5_status,
11247612Sdab kerberos5_printsub },
11360150Sdab # endif /* ENCRYPTION */
11446800Sdab { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
11546800Sdab kerberos5_init,
11646800Sdab kerberos5_send,
11746800Sdab kerberos5_is,
11846800Sdab kerberos5_reply,
11946800Sdab kerberos5_status,
12046800Sdab kerberos5_printsub },
12146800Sdab #endif
12246800Sdab #ifdef KRB4
12357214Sdab # ifdef ENCRYPTION
12447612Sdab { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
12547612Sdab kerberos4_init,
12647612Sdab kerberos4_send,
12747612Sdab kerberos4_is,
12847612Sdab kerberos4_reply,
12947612Sdab kerberos4_status,
13047612Sdab kerberos4_printsub },
13160150Sdab # endif /* ENCRYPTION */
13246800Sdab { AUTHTYPE_KERBEROS_V4, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
13346800Sdab kerberos4_init,
13446800Sdab kerberos4_send,
13546800Sdab kerberos4_is,
13646800Sdab kerberos4_reply,
13746800Sdab kerberos4_status,
13846800Sdab kerberos4_printsub },
13946800Sdab #endif
14057214Sdab #ifdef KRB4_ENCPWD
14157214Sdab { AUTHTYPE_KRB4_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
14257214Sdab krb4encpwd_init,
14357214Sdab krb4encpwd_send,
14457214Sdab krb4encpwd_is,
14557214Sdab krb4encpwd_reply,
14657214Sdab krb4encpwd_status,
14757214Sdab krb4encpwd_printsub },
14857214Sdab #endif
14957214Sdab #ifdef RSA_ENCPWD
15057214Sdab { AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
15157214Sdab rsaencpwd_init,
15257214Sdab rsaencpwd_send,
15357214Sdab rsaencpwd_is,
15457214Sdab rsaencpwd_reply,
15557214Sdab rsaencpwd_status,
15657214Sdab rsaencpwd_printsub },
15757214Sdab #endif
15846800Sdab { 0, },
15946800Sdab };
16046800Sdab
16146800Sdab static Authenticator NoAuth = { 0 };
16246800Sdab
16346800Sdab static int i_support = 0;
16446800Sdab static int i_wont_support = 0;
16546800Sdab
16646800Sdab Authenticator *
findauthenticator(type,way)16746800Sdab findauthenticator(type, way)
16846800Sdab int type;
16946800Sdab int way;
17046800Sdab {
17146800Sdab Authenticator *ap = authenticators;
17246800Sdab
17346800Sdab while (ap->type && (ap->type != type || ap->way != way))
17446800Sdab ++ap;
17546800Sdab return(ap->type ? ap : 0);
17646800Sdab }
17746800Sdab
17846800Sdab void
auth_init(name,server)17946800Sdab auth_init(name, server)
18046800Sdab char *name;
18146800Sdab int server;
18246800Sdab {
18346800Sdab Authenticator *ap = authenticators;
18446800Sdab
18546800Sdab Server = server;
18646800Sdab Name = name;
18746800Sdab
18846800Sdab i_support = 0;
18946800Sdab authenticated = 0;
19046800Sdab authenticating = 0;
19146800Sdab while (ap->type) {
19246800Sdab if (!ap->init || (*ap->init)(ap, server)) {
19346800Sdab i_support |= typemask(ap->type);
19446800Sdab if (auth_debug_mode)
19547612Sdab printf(">>>%s: I support auth type %d %d\r\n",
19646800Sdab Name,
19747612Sdab ap->type, ap->way);
19846800Sdab }
19968342Sdab else if (auth_debug_mode)
20068342Sdab printf(">>>%s: Init failed: auth type %d %d\r\n",
20168342Sdab Name, ap->type, ap->way);
20246800Sdab ++ap;
20346800Sdab }
20446800Sdab }
20546800Sdab
20646800Sdab void
auth_disable_name(name)20746800Sdab auth_disable_name(name)
20846800Sdab char *name;
20946800Sdab {
21046800Sdab int x;
21146800Sdab for (x = 0; x < AUTHTYPE_CNT; ++x) {
21246800Sdab if (!strcasecmp(name, AUTHTYPE_NAME(x))) {
21346800Sdab i_wont_support |= typemask(x);
21446800Sdab break;
21546800Sdab }
21646800Sdab }
21746800Sdab }
21846800Sdab
21946800Sdab int
getauthmask(type,maskp)22046800Sdab getauthmask(type, maskp)
22146800Sdab char *type;
22246800Sdab int *maskp;
22346800Sdab {
22446800Sdab register int x;
22546800Sdab
22668342Sdab if (!strcasecmp(type, AUTHTYPE_NAME(0))) {
22746800Sdab *maskp = -1;
22846800Sdab return(1);
22946800Sdab }
23046800Sdab
23146800Sdab for (x = 1; x < AUTHTYPE_CNT; ++x) {
23246800Sdab if (!strcasecmp(type, AUTHTYPE_NAME(x))) {
23346800Sdab *maskp = typemask(x);
23446800Sdab return(1);
23546800Sdab }
23646800Sdab }
23746800Sdab return(0);
23846800Sdab }
23946800Sdab
24046800Sdab int
auth_enable(type)24146800Sdab auth_enable(type)
24268342Sdab char *type;
24346800Sdab {
24446800Sdab return(auth_onoff(type, 1));
24546800Sdab }
24646800Sdab
24746800Sdab int
auth_disable(type)24846800Sdab auth_disable(type)
24968342Sdab char *type;
25046800Sdab {
25146800Sdab return(auth_onoff(type, 0));
25246800Sdab }
25346800Sdab
25446800Sdab int
auth_onoff(type,on)25546800Sdab auth_onoff(type, on)
25646800Sdab char *type;
25746800Sdab int on;
25846800Sdab {
25968342Sdab int i, mask = -1;
26046800Sdab Authenticator *ap;
26146800Sdab
26246800Sdab if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
263*69784Sdab printf("auth %s 'type'\n", on ? "enable" : "disable");
26446800Sdab printf("Where 'type' is one of:\n");
26546800Sdab printf("\t%s\n", AUTHTYPE_NAME(0));
26668342Sdab mask = 0;
26768342Sdab for (ap = authenticators; ap->type; ap++) {
26868342Sdab if ((mask & (i = typemask(ap->type))) != 0)
26968342Sdab continue;
27068342Sdab mask |= i;
27146800Sdab printf("\t%s\n", AUTHTYPE_NAME(ap->type));
27268342Sdab }
27346800Sdab return(0);
27446800Sdab }
27546800Sdab
27646800Sdab if (!getauthmask(type, &mask)) {
27746800Sdab printf("%s: invalid authentication type\n", type);
27846800Sdab return(0);
27946800Sdab }
28046800Sdab if (on)
28146800Sdab i_wont_support &= ~mask;
28246800Sdab else
28346800Sdab i_wont_support |= mask;
28446800Sdab return(1);
28546800Sdab }
28646800Sdab
28746800Sdab int
auth_togdebug(on)28847612Sdab auth_togdebug(on)
28947612Sdab int on;
29046800Sdab {
29147612Sdab if (on < 0)
29247612Sdab auth_debug_mode ^= 1;
29347612Sdab else
29447612Sdab auth_debug_mode = on;
29546800Sdab printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
29646800Sdab return(1);
29746800Sdab }
29846800Sdab
29946800Sdab int
auth_status()30046800Sdab auth_status()
30146800Sdab {
30246800Sdab Authenticator *ap;
30368342Sdab int i, mask;
30446800Sdab
30546800Sdab if (i_wont_support == -1)
30646800Sdab printf("Authentication disabled\n");
30746800Sdab else
30846800Sdab printf("Authentication enabled\n");
30946800Sdab
31068342Sdab mask = 0;
31168342Sdab for (ap = authenticators; ap->type; ap++) {
31268342Sdab if ((mask & (i = typemask(ap->type))) != 0)
31368342Sdab continue;
31468342Sdab mask |= i;
31546800Sdab printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
31646800Sdab (i_wont_support & typemask(ap->type)) ?
31746800Sdab "disabled" : "enabled");
31868342Sdab }
31946800Sdab return(1);
32046800Sdab }
32146800Sdab
32246800Sdab /*
32346800Sdab * This routine is called by the server to start authentication
32446800Sdab * negotiation.
32546800Sdab */
32646800Sdab void
auth_request()32746800Sdab auth_request()
32846800Sdab {
32946800Sdab static unsigned char str_request[64] = { IAC, SB,
33046800Sdab TELOPT_AUTHENTICATION,
33146800Sdab TELQUAL_SEND, };
33246800Sdab Authenticator *ap = authenticators;
33346800Sdab unsigned char *e = str_request + 4;
33446800Sdab
33546800Sdab if (!authenticating) {
33646800Sdab authenticating = 1;
33746800Sdab while (ap->type) {
33846800Sdab if (i_support & ~i_wont_support & typemask(ap->type)) {
33946800Sdab if (auth_debug_mode) {
34047612Sdab printf(">>>%s: Sending type %d %d\r\n",
34147612Sdab Name, ap->type, ap->way);
34246800Sdab }
34346800Sdab *e++ = ap->type;
34446800Sdab *e++ = ap->way;
34546800Sdab }
34646800Sdab ++ap;
34746800Sdab }
34846800Sdab *e++ = IAC;
34946800Sdab *e++ = SE;
35046800Sdab net_write(str_request, e - str_request);
35146800Sdab printsub('>', &str_request[2], e - str_request - 2);
35246800Sdab }
35346800Sdab }
35446800Sdab
35546800Sdab /*
35646800Sdab * This is called when an AUTH SEND is received.
35746800Sdab * It should never arrive on the server side (as only the server can
35846800Sdab * send an AUTH SEND).
35946800Sdab * You should probably respond to it if you can...
36046800Sdab *
36146800Sdab * If you want to respond to the types out of order (i.e. even
36246800Sdab * if he sends LOGIN KERBEROS and you support both, you respond
36346800Sdab * with KERBEROS instead of LOGIN (which is against what the
36446800Sdab * protocol says)) you will have to hack this code...
36546800Sdab */
36646800Sdab void
auth_send(data,cnt)36746800Sdab auth_send(data, cnt)
36846800Sdab unsigned char *data;
36946800Sdab int cnt;
37046800Sdab {
37146800Sdab Authenticator *ap;
37246800Sdab static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION,
37346800Sdab TELQUAL_IS, AUTHTYPE_NULL, 0,
37446800Sdab IAC, SE };
37546800Sdab if (Server) {
37646800Sdab if (auth_debug_mode) {
37746800Sdab printf(">>>%s: auth_send called!\r\n", Name);
37846800Sdab }
37946800Sdab return;
38046800Sdab }
38146800Sdab
38246800Sdab if (auth_debug_mode) {
38346800Sdab printf(">>>%s: auth_send got:", Name);
38446800Sdab printd(data, cnt); printf("\r\n");
38546800Sdab }
38646800Sdab
38746800Sdab /*
38846800Sdab * Save the data, if it is new, so that we can continue looking
38946800Sdab * at it if the authorization we try doesn't work
39046800Sdab */
39146800Sdab if (data < _auth_send_data ||
39246800Sdab data > _auth_send_data + sizeof(_auth_send_data)) {
39346800Sdab auth_send_cnt = cnt > sizeof(_auth_send_data)
39446800Sdab ? sizeof(_auth_send_data)
39546800Sdab : cnt;
396*69784Sdab memmove((void *)_auth_send_data, (void *)data, auth_send_cnt);
39746800Sdab auth_send_data = _auth_send_data;
39846800Sdab } else {
39946800Sdab /*
40046800Sdab * This is probably a no-op, but we just make sure
40146800Sdab */
40246800Sdab auth_send_data = data;
40346800Sdab auth_send_cnt = cnt;
40446800Sdab }
40546800Sdab while ((auth_send_cnt -= 2) >= 0) {
40646800Sdab if (auth_debug_mode)
40746800Sdab printf(">>>%s: He supports %d\r\n",
40846800Sdab Name, *auth_send_data);
40946800Sdab if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) {
41046800Sdab ap = findauthenticator(auth_send_data[0],
41146800Sdab auth_send_data[1]);
41257214Sdab if (ap && ap->send) {
41346800Sdab if (auth_debug_mode)
41447612Sdab printf(">>>%s: Trying %d %d\r\n",
41547612Sdab Name, auth_send_data[0],
41647612Sdab auth_send_data[1]);
41746800Sdab if ((*ap->send)(ap)) {
41846800Sdab /*
41946800Sdab * Okay, we found one we like
42046800Sdab * and did it.
42146800Sdab * we can go home now.
42246800Sdab */
42346800Sdab if (auth_debug_mode)
42446800Sdab printf(">>>%s: Using type %d\r\n",
42546800Sdab Name, *auth_send_data);
42646800Sdab auth_send_data += 2;
42746800Sdab return;
42846800Sdab }
42946800Sdab }
43046800Sdab /* else
43146800Sdab * just continue on and look for the
43246800Sdab * next one if we didn't do anything.
43346800Sdab */
43446800Sdab }
43546800Sdab auth_send_data += 2;
43646800Sdab }
43746800Sdab net_write(str_none, sizeof(str_none));
43846800Sdab printsub('>', &str_none[2], sizeof(str_none) - 2);
43946800Sdab if (auth_debug_mode)
44046800Sdab printf(">>>%s: Sent failure message\r\n", Name);
44146800Sdab auth_finished(0, AUTH_REJECT);
44257214Sdab #ifdef KANNAN
44357214Sdab /*
44457214Sdab * We requested strong authentication, however no mechanisms worked.
44557214Sdab * Therefore, exit on client end.
44657214Sdab */
447*69784Sdab printf("Unable to securely authenticate user ... exit\n");
44857214Sdab exit(0);
44957214Sdab #endif /* KANNAN */
45046800Sdab }
45146800Sdab
45246800Sdab void
auth_send_retry()45346800Sdab auth_send_retry()
45446800Sdab {
45546800Sdab /*
45646800Sdab * if auth_send_cnt <= 0 then auth_send will end up rejecting
45746800Sdab * the authentication and informing the other side of this.
45846800Sdab */
45946800Sdab auth_send(auth_send_data, auth_send_cnt);
46046800Sdab }
46146800Sdab
46246800Sdab void
auth_is(data,cnt)46346800Sdab auth_is(data, cnt)
46446800Sdab unsigned char *data;
46546800Sdab int cnt;
46646800Sdab {
46746800Sdab Authenticator *ap;
46846800Sdab
46946800Sdab if (cnt < 2)
47046800Sdab return;
47146800Sdab
47246800Sdab if (data[0] == AUTHTYPE_NULL) {
47346800Sdab auth_finished(0, AUTH_REJECT);
47446800Sdab return;
47546800Sdab }
47646800Sdab
47746800Sdab if (ap = findauthenticator(data[0], data[1])) {
47846800Sdab if (ap->is)
47946800Sdab (*ap->is)(ap, data+2, cnt-2);
48046800Sdab } else if (auth_debug_mode)
48146800Sdab printf(">>>%s: Invalid authentication in IS: %d\r\n",
48246800Sdab Name, *data);
48346800Sdab }
48446800Sdab
48546800Sdab void
auth_reply(data,cnt)48646800Sdab auth_reply(data, cnt)
48746800Sdab unsigned char *data;
48846800Sdab int cnt;
48946800Sdab {
49046800Sdab Authenticator *ap;
49146800Sdab
49246800Sdab if (cnt < 2)
49346800Sdab return;
49446800Sdab
49546800Sdab if (ap = findauthenticator(data[0], data[1])) {
49646800Sdab if (ap->reply)
49746800Sdab (*ap->reply)(ap, data+2, cnt-2);
49846800Sdab } else if (auth_debug_mode)
49946800Sdab printf(">>>%s: Invalid authentication in SEND: %d\r\n",
50046800Sdab Name, *data);
50146800Sdab }
50246800Sdab
50346800Sdab void
auth_name(data,cnt)50447612Sdab auth_name(data, cnt)
50547612Sdab unsigned char *data;
50647612Sdab int cnt;
50747612Sdab {
50847612Sdab Authenticator *ap;
50947612Sdab unsigned char savename[256];
51047612Sdab
51147612Sdab if (cnt < 1) {
51247612Sdab if (auth_debug_mode)
51347612Sdab printf(">>>%s: Empty name in NAME\r\n", Name);
51447612Sdab return;
51547612Sdab }
51647612Sdab if (cnt > sizeof(savename) - 1) {
51747612Sdab if (auth_debug_mode)
51847612Sdab printf(">>>%s: Name in NAME (%d) exceeds %d length\r\n",
51947612Sdab Name, cnt, sizeof(savename)-1);
52047612Sdab return;
52147612Sdab }
522*69784Sdab memmove((void *)savename, (void *)data, cnt);
52347612Sdab savename[cnt] = '\0'; /* Null terminate */
52447612Sdab if (auth_debug_mode)
52547612Sdab printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
52647612Sdab auth_encrypt_user(savename);
52747612Sdab }
52847612Sdab
52947612Sdab int
auth_sendname(cp,len)53047612Sdab auth_sendname(cp, len)
53147612Sdab unsigned char *cp;
53247612Sdab int len;
53347612Sdab {
53447612Sdab static unsigned char str_request[256+6]
53547612Sdab = { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, };
53647612Sdab register unsigned char *e = str_request + 4;
53747612Sdab register unsigned char *ee = &str_request[sizeof(str_request)-2];
53847612Sdab
53947612Sdab while (--len >= 0) {
54047612Sdab if ((*e++ = *cp++) == IAC)
54147612Sdab *e++ = IAC;
54247612Sdab if (e >= ee)
54347612Sdab return(0);
54447612Sdab }
54547612Sdab *e++ = IAC;
54647612Sdab *e++ = SE;
54747612Sdab net_write(str_request, e - str_request);
54847612Sdab printsub('>', &str_request[2], e - &str_request[2]);
54947612Sdab return(1);
55047612Sdab }
55147612Sdab
55247612Sdab void
auth_finished(ap,result)55346800Sdab auth_finished(ap, result)
55446800Sdab Authenticator *ap;
55546800Sdab int result;
55646800Sdab {
55746800Sdab if (!(authenticated = ap))
55846800Sdab authenticated = &NoAuth;
55946800Sdab validuser = result;
56046800Sdab }
56146800Sdab
56246800Sdab /* ARGSUSED */
56346800Sdab static void
auth_intr(sig)56446800Sdab auth_intr(sig)
56546800Sdab int sig;
56646800Sdab {
56746800Sdab auth_finished(0, AUTH_REJECT);
56846800Sdab }
56946800Sdab
57046800Sdab int
auth_wait(name)57146800Sdab auth_wait(name)
57246800Sdab char *name;
57346800Sdab {
57446800Sdab if (auth_debug_mode)
57546800Sdab printf(">>>%s: in auth_wait.\r\n", Name);
57646800Sdab
57746800Sdab if (Server && !authenticating)
57846800Sdab return(0);
57946800Sdab
58046800Sdab (void) signal(SIGALRM, auth_intr);
58146800Sdab alarm(30);
58246800Sdab while (!authenticated)
58346800Sdab if (telnet_spin())
58446800Sdab break;
58546800Sdab alarm(0);
58646800Sdab (void) signal(SIGALRM, SIG_DFL);
58746800Sdab
58846800Sdab /*
58946800Sdab * Now check to see if the user is valid or not
59046800Sdab */
59146800Sdab if (!authenticated || authenticated == &NoAuth)
59246800Sdab return(AUTH_REJECT);
59346800Sdab
59446800Sdab if (validuser == AUTH_VALID)
59546800Sdab validuser = AUTH_USER;
59646800Sdab
59746800Sdab if (authenticated->status)
59846800Sdab validuser = (*authenticated->status)(authenticated,
59946800Sdab name, validuser);
60046800Sdab return(validuser);
60146800Sdab }
60246800Sdab
60346800Sdab void
auth_debug(mode)60446800Sdab auth_debug(mode)
60546800Sdab int mode;
60646800Sdab {
60746800Sdab auth_debug_mode = mode;
60846800Sdab }
60946800Sdab
61046800Sdab void
auth_printsub(data,cnt,buf,buflen)61146800Sdab auth_printsub(data, cnt, buf, buflen)
61246800Sdab unsigned char *data, *buf;
61346800Sdab int cnt, buflen;
61446800Sdab {
61546800Sdab Authenticator *ap;
61646800Sdab
61746800Sdab if ((ap = findauthenticator(data[1], data[2])) && ap->printsub)
61846800Sdab (*ap->printsub)(data, cnt, buf, buflen);
61946800Sdab else
62046800Sdab auth_gen_printsub(data, cnt, buf, buflen);
62146800Sdab }
62246800Sdab
62346800Sdab void
auth_gen_printsub(data,cnt,buf,buflen)62446800Sdab auth_gen_printsub(data, cnt, buf, buflen)
62546800Sdab unsigned char *data, *buf;
62646800Sdab int cnt, buflen;
62746800Sdab {
62846800Sdab register unsigned char *cp;
62946800Sdab unsigned char tbuf[16];
63046800Sdab
63146800Sdab cnt -= 3;
63246800Sdab data += 3;
63346800Sdab buf[buflen-1] = '\0';
63446800Sdab buf[buflen-2] = '*';
63546800Sdab buflen -= 2;
63646800Sdab for (; cnt > 0; cnt--, data++) {
63746800Sdab sprintf((char *)tbuf, " %d", *data);
63846800Sdab for (cp = tbuf; *cp && buflen > 0; --buflen)
63946800Sdab *buf++ = *cp++;
64046800Sdab if (buflen <= 0)
64146800Sdab return;
64246800Sdab }
64346800Sdab *buf = '\0';
64446800Sdab }
64546800Sdab #endif
646