181cb6ddcSMark Murray /*-
281cb6ddcSMark Murray * Copyright (c) 1992, 1993
381cb6ddcSMark Murray * The Regents of the University of California. All rights reserved.
481cb6ddcSMark Murray *
581cb6ddcSMark Murray * Redistribution and use in source and binary forms, with or without
681cb6ddcSMark Murray * modification, are permitted provided that the following conditions
781cb6ddcSMark Murray * are met:
881cb6ddcSMark Murray * 1. Redistributions of source code must retain the above copyright
981cb6ddcSMark Murray * notice, this list of conditions and the following disclaimer.
1081cb6ddcSMark Murray * 2. Redistributions in binary form must reproduce the above copyright
1181cb6ddcSMark Murray * notice, this list of conditions and the following disclaimer in the
1281cb6ddcSMark Murray * documentation and/or other materials provided with the distribution.
1383129c0bSEd Maste * 3. Neither the name of the University nor the names of its contributors
1481cb6ddcSMark Murray * may be used to endorse or promote products derived from this software
1581cb6ddcSMark Murray * without specific prior written permission.
1681cb6ddcSMark Murray *
1781cb6ddcSMark Murray * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
1881cb6ddcSMark Murray * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1981cb6ddcSMark Murray * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
2081cb6ddcSMark Murray * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
2181cb6ddcSMark Murray * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
2281cb6ddcSMark Murray * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2381cb6ddcSMark Murray * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2481cb6ddcSMark Murray * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2581cb6ddcSMark Murray * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
2681cb6ddcSMark Murray * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2781cb6ddcSMark Murray * SUCH DAMAGE.
2881cb6ddcSMark Murray */
2981cb6ddcSMark Murray
3081cb6ddcSMark Murray #ifndef lint
3181cb6ddcSMark Murray static char sccsid[] = "@(#)rsaencpwd.c 8.3 (Berkeley) 5/30/95";
3281cb6ddcSMark Murray #endif /* not lint */
3381cb6ddcSMark Murray
3481cb6ddcSMark Murray
3581cb6ddcSMark Murray #ifdef RSA_ENCPWD
3681cb6ddcSMark Murray /*
3781cb6ddcSMark Murray * COPYRIGHT (C) 1990 DIGITAL EQUIPMENT CORPORATION
3881cb6ddcSMark Murray * ALL RIGHTS RESERVED
3981cb6ddcSMark Murray *
4081cb6ddcSMark Murray * "Digital Equipment Corporation authorizes the reproduction,
4181cb6ddcSMark Murray * distribution and modification of this software subject to the following
4281cb6ddcSMark Murray * restrictions:
4381cb6ddcSMark Murray *
4481cb6ddcSMark Murray * 1. Any partial or whole copy of this software, or any modification
4581cb6ddcSMark Murray * thereof, must include this copyright notice in its entirety.
4681cb6ddcSMark Murray *
4781cb6ddcSMark Murray * 2. This software is supplied "as is" with no warranty of any kind,
4881cb6ddcSMark Murray * expressed or implied, for any purpose, including any warranty of fitness
4981cb6ddcSMark Murray * or merchantibility. DIGITAL assumes no responsibility for the use or
5081cb6ddcSMark Murray * reliability of this software, nor promises to provide any form of
5181cb6ddcSMark Murray * support for it on any basis.
5281cb6ddcSMark Murray *
5381cb6ddcSMark Murray * 3. Distribution of this software is authorized only if no profit or
5481cb6ddcSMark Murray * remuneration of any kind is received in exchange for such distribution.
5581cb6ddcSMark Murray *
5681cb6ddcSMark Murray * 4. This software produces public key authentication certificates
5781cb6ddcSMark Murray * bearing an expiration date established by DIGITAL and RSA Data
5881cb6ddcSMark Murray * Security, Inc. It may cease to generate certificates after the expiration
5981cb6ddcSMark Murray * date. Any modification of this software that changes or defeats
6081cb6ddcSMark Murray * the expiration date or its effect is unauthorized.
6181cb6ddcSMark Murray *
6281cb6ddcSMark Murray * 5. Software that will renew or extend the expiration date of
6381cb6ddcSMark Murray * authentication certificates produced by this software may be obtained
6481cb6ddcSMark Murray * from RSA Data Security, Inc., 10 Twin Dolphin Drive, Redwood City, CA
6581cb6ddcSMark Murray * 94065, (415)595-8782, or from DIGITAL"
6681cb6ddcSMark Murray *
6781cb6ddcSMark Murray */
6881cb6ddcSMark Murray
6981cb6ddcSMark Murray #include <sys/types.h>
7081cb6ddcSMark Murray #include <arpa/telnet.h>
7181cb6ddcSMark Murray #include <pwd.h>
7281cb6ddcSMark Murray #include <stdio.h>
7381cb6ddcSMark Murray #include <stdlib.h>
7481cb6ddcSMark Murray #include <string.h>
7581cb6ddcSMark Murray
7681cb6ddcSMark Murray #include "encrypt.h"
7781cb6ddcSMark Murray #include "auth.h"
7881cb6ddcSMark Murray #include "misc.h"
7981cb6ddcSMark Murray #include "cdc.h"
8081cb6ddcSMark Murray
8181cb6ddcSMark Murray extern auth_debug_mode;
8281cb6ddcSMark Murray
8381cb6ddcSMark Murray static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
8481cb6ddcSMark Murray AUTHTYPE_RSA_ENCPWD, };
8581cb6ddcSMark Murray static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
8681cb6ddcSMark Murray TELQUAL_NAME, };
8781cb6ddcSMark Murray
8881cb6ddcSMark Murray #define RSA_ENCPWD_AUTH 0 /* Authentication data follows */
8981cb6ddcSMark Murray #define RSA_ENCPWD_REJECT 1 /* Rejected (reason might follow) */
9081cb6ddcSMark Murray #define RSA_ENCPWD_ACCEPT 2 /* Accepted */
9181cb6ddcSMark Murray #define RSA_ENCPWD_CHALLENGEKEY 3 /* Challenge and public key */
9281cb6ddcSMark Murray
9381cb6ddcSMark Murray #define NAME_SZ 40
9481cb6ddcSMark Murray #define CHAL_SZ 20
9581cb6ddcSMark Murray #define PWD_SZ 40
9681cb6ddcSMark Murray
9781cb6ddcSMark Murray static KTEXT_ST auth;
9881cb6ddcSMark Murray static char name[NAME_SZ];
9981cb6ddcSMark Murray static char user_passwd[PWD_SZ];
10081cb6ddcSMark Murray static char key_file[2*NAME_SZ];
10181cb6ddcSMark Murray static char lhostname[NAME_SZ];
10281cb6ddcSMark Murray static char challenge[CHAL_SZ];
10381cb6ddcSMark Murray static int challenge_len;
10481cb6ddcSMark Murray
10581cb6ddcSMark Murray static int
Data(ap,type,d,c)10681cb6ddcSMark Murray Data(ap, type, d, c)
10781cb6ddcSMark Murray Authenticator *ap;
10881cb6ddcSMark Murray int type;
10981cb6ddcSMark Murray void *d;
11081cb6ddcSMark Murray int c;
11181cb6ddcSMark Murray {
11281cb6ddcSMark Murray unsigned char *p = str_data + 4;
11381cb6ddcSMark Murray unsigned char *cd = (unsigned char *)d;
11481cb6ddcSMark Murray
11581cb6ddcSMark Murray if (c == -1)
11681cb6ddcSMark Murray c = strlen((char *)cd);
11781cb6ddcSMark Murray
11881cb6ddcSMark Murray if (0) {
11981cb6ddcSMark Murray printf("%s:%d: [%d] (%d)",
12081cb6ddcSMark Murray str_data[3] == TELQUAL_IS ? ">>>IS" : ">>>REPLY",
12181cb6ddcSMark Murray str_data[3],
12281cb6ddcSMark Murray type, c);
12381cb6ddcSMark Murray printd(d, c);
12481cb6ddcSMark Murray printf("\r\n");
12581cb6ddcSMark Murray }
12681cb6ddcSMark Murray *p++ = ap->type;
12781cb6ddcSMark Murray *p++ = ap->way;
12881cb6ddcSMark Murray if (type != NULL) *p++ = type;
12981cb6ddcSMark Murray while (c-- > 0) {
13081cb6ddcSMark Murray if ((*p++ = *cd++) == IAC)
13181cb6ddcSMark Murray *p++ = IAC;
13281cb6ddcSMark Murray }
13381cb6ddcSMark Murray *p++ = IAC;
13481cb6ddcSMark Murray *p++ = SE;
13581cb6ddcSMark Murray if (str_data[3] == TELQUAL_IS)
13681cb6ddcSMark Murray printsub('>', &str_data[2], p - (&str_data[2]));
13781cb6ddcSMark Murray return(net_write(str_data, p - str_data));
13881cb6ddcSMark Murray }
13981cb6ddcSMark Murray
14081cb6ddcSMark Murray int
rsaencpwd_init(ap,server)14181cb6ddcSMark Murray rsaencpwd_init(ap, server)
14281cb6ddcSMark Murray Authenticator *ap;
14381cb6ddcSMark Murray int server;
14481cb6ddcSMark Murray {
14581cb6ddcSMark Murray char *cp;
14681cb6ddcSMark Murray FILE *fp;
14781cb6ddcSMark Murray
14881cb6ddcSMark Murray if (server) {
14981cb6ddcSMark Murray str_data[3] = TELQUAL_REPLY;
15081cb6ddcSMark Murray memset(key_file, 0, sizeof(key_file));
15181cb6ddcSMark Murray gethostname(lhostname, sizeof(lhostname));
15281cb6ddcSMark Murray if ((cp = strchr(lhostname, '.')) != 0) *cp = '\0';
15381cb6ddcSMark Murray strcpy(key_file, "/etc/.");
15481cb6ddcSMark Murray strcat(key_file, lhostname);
15581cb6ddcSMark Murray strcat(key_file, "_privkey");
15681cb6ddcSMark Murray if ((fp=fopen(key_file, "r"))==NULL) return(0);
15781cb6ddcSMark Murray fclose(fp);
15881cb6ddcSMark Murray } else {
15981cb6ddcSMark Murray str_data[3] = TELQUAL_IS;
16081cb6ddcSMark Murray }
16181cb6ddcSMark Murray return(1);
16281cb6ddcSMark Murray }
16381cb6ddcSMark Murray
16481cb6ddcSMark Murray int
rsaencpwd_send(ap)16581cb6ddcSMark Murray rsaencpwd_send(ap)
16681cb6ddcSMark Murray Authenticator *ap;
16781cb6ddcSMark Murray {
16881cb6ddcSMark Murray
16981cb6ddcSMark Murray printf("[ Trying RSAENCPWD ... ]\n");
17081cb6ddcSMark Murray if (!UserNameRequested) {
17181cb6ddcSMark Murray return(0);
17281cb6ddcSMark Murray }
17381cb6ddcSMark Murray if (!auth_sendname(UserNameRequested, strlen(UserNameRequested))) {
17481cb6ddcSMark Murray return(0);
17581cb6ddcSMark Murray }
17681cb6ddcSMark Murray if (!Data(ap, NULL, (void *)NULL, 0)) {
17781cb6ddcSMark Murray return(0);
17881cb6ddcSMark Murray }
17981cb6ddcSMark Murray
18081cb6ddcSMark Murray
18181cb6ddcSMark Murray return(1);
18281cb6ddcSMark Murray }
18381cb6ddcSMark Murray
18481cb6ddcSMark Murray void
rsaencpwd_is(ap,data,cnt)18581cb6ddcSMark Murray rsaencpwd_is(ap, data, cnt)
18681cb6ddcSMark Murray Authenticator *ap;
18781cb6ddcSMark Murray unsigned char *data;
18881cb6ddcSMark Murray int cnt;
18981cb6ddcSMark Murray {
19081cb6ddcSMark Murray Session_Key skey;
19181cb6ddcSMark Murray Block datablock;
19281cb6ddcSMark Murray char r_passwd[PWD_SZ], r_user[NAME_SZ];
19381cb6ddcSMark Murray char *cp, key[160];
19481cb6ddcSMark Murray char chalkey[160], *ptr;
19581cb6ddcSMark Murray FILE *fp;
19681cb6ddcSMark Murray int r, i, j, chalkey_len, len;
19781cb6ddcSMark Murray time_t now;
19881cb6ddcSMark Murray
19981cb6ddcSMark Murray cnt--;
20081cb6ddcSMark Murray switch (*data++) {
20181cb6ddcSMark Murray case RSA_ENCPWD_AUTH:
20281cb6ddcSMark Murray memmove((void *)auth.dat, (void *)data, auth.length = cnt);
20381cb6ddcSMark Murray
20481cb6ddcSMark Murray if ((fp=fopen(key_file, "r"))==NULL) {
20581cb6ddcSMark Murray Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1);
20681cb6ddcSMark Murray auth_finished(ap, AUTH_REJECT);
20781cb6ddcSMark Murray return;
20881cb6ddcSMark Murray }
20981cb6ddcSMark Murray /*
21081cb6ddcSMark Murray * get privkey
21181cb6ddcSMark Murray */
21281cb6ddcSMark Murray fscanf(fp, "%x;", &len);
21381cb6ddcSMark Murray for (i=0;i<len;i++) {
21481cb6ddcSMark Murray j = getc(fp); key[i]=j;
21581cb6ddcSMark Murray }
21681cb6ddcSMark Murray fclose(fp);
21781cb6ddcSMark Murray
21881cb6ddcSMark Murray r = accept_rsa_encpwd(&auth, key, challenge,
21981cb6ddcSMark Murray challenge_len, r_passwd);
22081cb6ddcSMark Murray if (r < 0) {
22181cb6ddcSMark Murray Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1);
22281cb6ddcSMark Murray auth_finished(ap, AUTH_REJECT);
22381cb6ddcSMark Murray return;
22481cb6ddcSMark Murray }
22581cb6ddcSMark Murray auth_encrypt_userpwd(r_passwd);
22681cb6ddcSMark Murray if (rsaencpwd_passwdok(UserNameRequested, UserPassword) == 0) {
22781cb6ddcSMark Murray /*
22881cb6ddcSMark Murray * illegal username and password
22981cb6ddcSMark Murray */
23081cb6ddcSMark Murray Data(ap, RSA_ENCPWD_REJECT, (void *)"Illegal password", -1);
23181cb6ddcSMark Murray auth_finished(ap, AUTH_REJECT);
23281cb6ddcSMark Murray return;
23381cb6ddcSMark Murray }
23481cb6ddcSMark Murray
23581cb6ddcSMark Murray Data(ap, RSA_ENCPWD_ACCEPT, (void *)0, 0);
23681cb6ddcSMark Murray auth_finished(ap, AUTH_USER);
23781cb6ddcSMark Murray break;
23881cb6ddcSMark Murray
23981cb6ddcSMark Murray
24081cb6ddcSMark Murray case IAC:
24181cb6ddcSMark Murray
24281cb6ddcSMark Murray /*
24381cb6ddcSMark Murray * If we are doing mutual authentication, get set up to send
24481cb6ddcSMark Murray * the challenge, and verify it when the response comes back.
24581cb6ddcSMark Murray */
24681cb6ddcSMark Murray if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_ONE_WAY) {
24781cb6ddcSMark Murray register int i;
24881cb6ddcSMark Murray
24981cb6ddcSMark Murray
25081cb6ddcSMark Murray time(&now);
25181cb6ddcSMark Murray if ((now % 2) == 0) {
25281cb6ddcSMark Murray sprintf(challenge, "%x", now);
25381cb6ddcSMark Murray challenge_len = strlen(challenge);
25481cb6ddcSMark Murray } else {
25581cb6ddcSMark Murray strcpy(challenge, "randchal");
25681cb6ddcSMark Murray challenge_len = 8;
25781cb6ddcSMark Murray }
25881cb6ddcSMark Murray
25981cb6ddcSMark Murray if ((fp=fopen(key_file, "r"))==NULL) {
26081cb6ddcSMark Murray Data(ap, RSA_ENCPWD_REJECT, (void *)"Auth failed", -1);
26181cb6ddcSMark Murray auth_finished(ap, AUTH_REJECT);
26281cb6ddcSMark Murray return;
26381cb6ddcSMark Murray }
26481cb6ddcSMark Murray /*
26581cb6ddcSMark Murray * skip privkey
26681cb6ddcSMark Murray */
26781cb6ddcSMark Murray fscanf(fp, "%x;", &len);
26881cb6ddcSMark Murray for (i=0;i<len;i++) {
26981cb6ddcSMark Murray j = getc(fp);
27081cb6ddcSMark Murray }
27181cb6ddcSMark Murray /*
27281cb6ddcSMark Murray * get pubkey
27381cb6ddcSMark Murray */
27481cb6ddcSMark Murray fscanf(fp, "%x;", &len);
27581cb6ddcSMark Murray for (i=0;i<len;i++) {
27681cb6ddcSMark Murray j = getc(fp); key[i]=j;
27781cb6ddcSMark Murray }
27881cb6ddcSMark Murray fclose(fp);
27981cb6ddcSMark Murray chalkey[0] = 0x30;
28081cb6ddcSMark Murray ptr = (char *) &chalkey[1];
28181cb6ddcSMark Murray chalkey_len = 1+NumEncodeLengthOctets(i)+i+1+NumEncodeLengthOctets(challenge_len)+challenge_len;
28281cb6ddcSMark Murray EncodeLength(ptr, chalkey_len);
28381cb6ddcSMark Murray ptr +=NumEncodeLengthOctets(chalkey_len);
28481cb6ddcSMark Murray *ptr++ = 0x04; /* OCTET STRING */
28581cb6ddcSMark Murray *ptr++ = challenge_len;
28681cb6ddcSMark Murray memmove(ptr, challenge, challenge_len);
28781cb6ddcSMark Murray ptr += challenge_len;
28881cb6ddcSMark Murray *ptr++ = 0x04; /* OCTET STRING */
28981cb6ddcSMark Murray EncodeLength(ptr, i);
29081cb6ddcSMark Murray ptr += NumEncodeLengthOctets(i);
29181cb6ddcSMark Murray memmove(ptr, key, i);
29281cb6ddcSMark Murray chalkey_len = 1+NumEncodeLengthOctets(chalkey_len)+chalkey_len;
29381cb6ddcSMark Murray Data(ap, RSA_ENCPWD_CHALLENGEKEY, (void *)chalkey, chalkey_len);
29481cb6ddcSMark Murray }
29581cb6ddcSMark Murray break;
29681cb6ddcSMark Murray
29781cb6ddcSMark Murray default:
29881cb6ddcSMark Murray Data(ap, RSA_ENCPWD_REJECT, 0, 0);
29981cb6ddcSMark Murray break;
30081cb6ddcSMark Murray }
30181cb6ddcSMark Murray }
30281cb6ddcSMark Murray
30381cb6ddcSMark Murray
30481cb6ddcSMark Murray void
rsaencpwd_reply(ap,data,cnt)30581cb6ddcSMark Murray rsaencpwd_reply(ap, data, cnt)
30681cb6ddcSMark Murray Authenticator *ap;
30781cb6ddcSMark Murray unsigned char *data;
30881cb6ddcSMark Murray int cnt;
30981cb6ddcSMark Murray {
31081cb6ddcSMark Murray Session_Key skey;
31181cb6ddcSMark Murray KTEXT_ST token;
31281cb6ddcSMark Murray Block enckey;
31381cb6ddcSMark Murray int r, pubkey_len;
31481cb6ddcSMark Murray char randchal[CHAL_SZ], *cp;
31581cb6ddcSMark Murray char chalkey[160], pubkey[128], *ptr;
31681cb6ddcSMark Murray
31781cb6ddcSMark Murray if (cnt-- < 1)
31881cb6ddcSMark Murray return;
31981cb6ddcSMark Murray switch (*data++) {
32081cb6ddcSMark Murray case RSA_ENCPWD_REJECT:
32181cb6ddcSMark Murray if (cnt > 0) {
32281cb6ddcSMark Murray printf("[ RSA_ENCPWD refuses authentication because %.*s ]\r\n",
32381cb6ddcSMark Murray cnt, data);
32481cb6ddcSMark Murray } else
32581cb6ddcSMark Murray printf("[ RSA_ENCPWD refuses authentication ]\r\n");
32681cb6ddcSMark Murray auth_send_retry();
32781cb6ddcSMark Murray return;
32881cb6ddcSMark Murray case RSA_ENCPWD_ACCEPT:
32981cb6ddcSMark Murray printf("[ RSA_ENCPWD accepts you ]\n");
33081cb6ddcSMark Murray auth_finished(ap, AUTH_USER);
33181cb6ddcSMark Murray return;
33281cb6ddcSMark Murray case RSA_ENCPWD_CHALLENGEKEY:
33381cb6ddcSMark Murray /*
33481cb6ddcSMark Murray * Verify that the response to the challenge is correct.
33581cb6ddcSMark Murray */
33681cb6ddcSMark Murray
33781cb6ddcSMark Murray memmove((void *)chalkey, (void *)data, cnt);
33881cb6ddcSMark Murray ptr = (char *) &chalkey[0];
33981cb6ddcSMark Murray ptr += DecodeHeaderLength(chalkey);
34081cb6ddcSMark Murray if (*ptr != 0x04) {
34181cb6ddcSMark Murray return;
34281cb6ddcSMark Murray }
34381cb6ddcSMark Murray *ptr++;
34481cb6ddcSMark Murray challenge_len = DecodeValueLength(ptr);
34581cb6ddcSMark Murray ptr += NumEncodeLengthOctets(challenge_len);
34681cb6ddcSMark Murray memmove(challenge, ptr, challenge_len);
34781cb6ddcSMark Murray ptr += challenge_len;
34881cb6ddcSMark Murray if (*ptr != 0x04) {
34981cb6ddcSMark Murray return;
35081cb6ddcSMark Murray }
35181cb6ddcSMark Murray *ptr++;
35281cb6ddcSMark Murray pubkey_len = DecodeValueLength(ptr);
35381cb6ddcSMark Murray ptr += NumEncodeLengthOctets(pubkey_len);
35481cb6ddcSMark Murray memmove(pubkey, ptr, pubkey_len);
35581cb6ddcSMark Murray memset(user_passwd, 0, sizeof(user_passwd));
35681cb6ddcSMark Murray local_des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
35781cb6ddcSMark Murray UserPassword = user_passwd;
35881cb6ddcSMark Murray Challenge = challenge;
35981cb6ddcSMark Murray r = init_rsa_encpwd(&token, user_passwd, challenge, challenge_len, pubkey);
36081cb6ddcSMark Murray if (r < 0) {
36181cb6ddcSMark Murray token.length = 1;
36281cb6ddcSMark Murray }
36381cb6ddcSMark Murray
36481cb6ddcSMark Murray if (!Data(ap, RSA_ENCPWD_AUTH, (void *)token.dat, token.length)) {
36581cb6ddcSMark Murray return;
36681cb6ddcSMark Murray }
36781cb6ddcSMark Murray
36881cb6ddcSMark Murray break;
36981cb6ddcSMark Murray
37081cb6ddcSMark Murray default:
37181cb6ddcSMark Murray return;
37281cb6ddcSMark Murray }
37381cb6ddcSMark Murray }
37481cb6ddcSMark Murray
37581cb6ddcSMark Murray int
rsaencpwd_status(ap,name,level)37681cb6ddcSMark Murray rsaencpwd_status(ap, name, level)
37781cb6ddcSMark Murray Authenticator *ap;
37881cb6ddcSMark Murray char *name;
37981cb6ddcSMark Murray int level;
38081cb6ddcSMark Murray {
38181cb6ddcSMark Murray
38281cb6ddcSMark Murray if (level < AUTH_USER)
38381cb6ddcSMark Murray return(level);
38481cb6ddcSMark Murray
38581cb6ddcSMark Murray if (UserNameRequested && rsaencpwd_passwdok(UserNameRequested, UserPassword)) {
38681cb6ddcSMark Murray strcpy(name, UserNameRequested);
38781cb6ddcSMark Murray return(AUTH_VALID);
38881cb6ddcSMark Murray } else {
38981cb6ddcSMark Murray return(AUTH_USER);
39081cb6ddcSMark Murray }
39181cb6ddcSMark Murray }
39281cb6ddcSMark Murray
39381cb6ddcSMark Murray #define BUMP(buf, len) while (*(buf)) {++(buf), --(len);}
39481cb6ddcSMark Murray #define ADDC(buf, len, c) if ((len) > 0) {*(buf)++ = (c); --(len);}
39581cb6ddcSMark Murray
39681cb6ddcSMark Murray void
rsaencpwd_printsub(data,cnt,buf,buflen)39781cb6ddcSMark Murray rsaencpwd_printsub(data, cnt, buf, buflen)
39881cb6ddcSMark Murray unsigned char *data, *buf;
39981cb6ddcSMark Murray int cnt, buflen;
40081cb6ddcSMark Murray {
40181cb6ddcSMark Murray char lbuf[32];
40281cb6ddcSMark Murray register int i;
40381cb6ddcSMark Murray
40481cb6ddcSMark Murray buf[buflen-1] = '\0'; /* make sure its NULL terminated */
40581cb6ddcSMark Murray buflen -= 1;
40681cb6ddcSMark Murray
40781cb6ddcSMark Murray switch(data[3]) {
40881cb6ddcSMark Murray case RSA_ENCPWD_REJECT: /* Rejected (reason might follow) */
40981cb6ddcSMark Murray strncpy((char *)buf, " REJECT ", buflen);
41081cb6ddcSMark Murray goto common;
41181cb6ddcSMark Murray
41281cb6ddcSMark Murray case RSA_ENCPWD_ACCEPT: /* Accepted (name might follow) */
41381cb6ddcSMark Murray strncpy((char *)buf, " ACCEPT ", buflen);
41481cb6ddcSMark Murray common:
41581cb6ddcSMark Murray BUMP(buf, buflen);
41681cb6ddcSMark Murray if (cnt <= 4)
41781cb6ddcSMark Murray break;
41881cb6ddcSMark Murray ADDC(buf, buflen, '"');
41981cb6ddcSMark Murray for (i = 4; i < cnt; i++)
42081cb6ddcSMark Murray ADDC(buf, buflen, data[i]);
42181cb6ddcSMark Murray ADDC(buf, buflen, '"');
42281cb6ddcSMark Murray ADDC(buf, buflen, '\0');
42381cb6ddcSMark Murray break;
42481cb6ddcSMark Murray
42581cb6ddcSMark Murray case RSA_ENCPWD_AUTH: /* Authentication data follows */
42681cb6ddcSMark Murray strncpy((char *)buf, " AUTH", buflen);
42781cb6ddcSMark Murray goto common2;
42881cb6ddcSMark Murray
42981cb6ddcSMark Murray case RSA_ENCPWD_CHALLENGEKEY:
43081cb6ddcSMark Murray strncpy((char *)buf, " CHALLENGEKEY", buflen);
43181cb6ddcSMark Murray goto common2;
43281cb6ddcSMark Murray
43381cb6ddcSMark Murray default:
43481cb6ddcSMark Murray sprintf(lbuf, " %d (unknown)", data[3]);
43581cb6ddcSMark Murray strncpy((char *)buf, lbuf, buflen);
43681cb6ddcSMark Murray common2:
43781cb6ddcSMark Murray BUMP(buf, buflen);
43881cb6ddcSMark Murray for (i = 4; i < cnt; i++) {
43981cb6ddcSMark Murray sprintf(lbuf, " %d", data[i]);
44081cb6ddcSMark Murray strncpy((char *)buf, lbuf, buflen);
44181cb6ddcSMark Murray BUMP(buf, buflen);
44281cb6ddcSMark Murray }
44381cb6ddcSMark Murray break;
44481cb6ddcSMark Murray }
44581cb6ddcSMark Murray }
44681cb6ddcSMark Murray
rsaencpwd_passwdok(name,passwd)44781cb6ddcSMark Murray int rsaencpwd_passwdok(name, passwd)
44881cb6ddcSMark Murray char *name, *passwd;
44981cb6ddcSMark Murray {
45081cb6ddcSMark Murray char *crypt();
45181cb6ddcSMark Murray char *salt, *p;
45281cb6ddcSMark Murray struct passwd *pwd;
45381cb6ddcSMark Murray int passwdok_status = 0;
45481cb6ddcSMark Murray
45581cb6ddcSMark Murray if (pwd = getpwnam(name))
45681cb6ddcSMark Murray salt = pwd->pw_passwd;
45781cb6ddcSMark Murray else salt = "xx";
45881cb6ddcSMark Murray
45981cb6ddcSMark Murray p = crypt(passwd, salt);
46081cb6ddcSMark Murray
46181cb6ddcSMark Murray if (pwd && !strcmp(p, pwd->pw_passwd)) {
46281cb6ddcSMark Murray passwdok_status = 1;
46381cb6ddcSMark Murray } else passwdok_status = 0;
46481cb6ddcSMark Murray return(passwdok_status);
46581cb6ddcSMark Murray }
46681cb6ddcSMark Murray
46781cb6ddcSMark Murray #endif
468