[BACK]Return to auth.c CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / lib / libtelnet

Annotation of src/lib/libtelnet/auth.c, Revision 1.20

1.20    ! christos    1: /*     $NetBSD: auth.c,v 1.19 2006/03/20 04:03:22 christos Exp $       */
1.7       christos    2:
1.1       cgd         3: /*-
1.3       cgd         4:  * Copyright (c) 1991, 1993
                      5:  *     The Regents of the University of California.  All rights reserved.
1.1       cgd         6:  *
                      7:  * Redistribution and use in source and binary forms, with or without
                      8:  * modification, are permitted provided that the following conditions
                      9:  * are met:
                     10:  * 1. Redistributions of source code must retain the above copyright
                     11:  *    notice, this list of conditions and the following disclaimer.
                     12:  * 2. Redistributions in binary form must reproduce the above copyright
                     13:  *    notice, this list of conditions and the following disclaimer in the
                     14:  *    documentation and/or other materials provided with the distribution.
1.16      agc        15:  * 3. Neither the name of the University nor the names of its contributors
1.1       cgd        16:  *    may be used to endorse or promote products derived from this software
                     17:  *    without specific prior written permission.
                     18:  *
                     19:  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
                     20:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
                     21:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
                     22:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
                     23:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
                     24:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
                     25:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
                     26:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
                     27:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
                     28:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
                     29:  * SUCH DAMAGE.
                     30:  */
                     31:
1.6       lukem      32: #include <sys/cdefs.h>
1.1       cgd        33: #ifndef lint
1.6       lukem      34: #if 0
                     35: static char sccsid[] = "@(#)auth.c     8.3 (Berkeley) 5/30/95"
                     36: #else
1.20    ! christos   37: __RCSID("$NetBSD: auth.c,v 1.19 2006/03/20 04:03:22 christos Exp $");
1.6       lukem      38: #endif
1.1       cgd        39: #endif /* not lint */
                     40:
                     41: /*
                     42:  * Copyright (C) 1990 by the Massachusetts Institute of Technology
                     43:  *
                     44:  * Export of this software from the United States of America is assumed
                     45:  * to require a specific license from the United States Government.
                     46:  * It is the responsibility of any person or organization contemplating
                     47:  * export to obtain such a license before exporting.
                     48:  *
                     49:  * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
                     50:  * distribute this software and its documentation for any purpose and
                     51:  * without fee is hereby granted, provided that the above copyright
                     52:  * notice appear in all copies and that both that copyright notice and
                     53:  * this permission notice appear in supporting documentation, and that
                     54:  * the name of M.I.T. not be used in advertising or publicity pertaining
                     55:  * to distribution of the software without specific, written prior
                     56:  * permission.  M.I.T. makes no representations about the suitability of
                     57:  * this software for any purpose.  It is provided "as is" without express
                     58:  * or implied warranty.
                     59:  */
                     60:
                     61:
1.13      itojun     62: #ifdef AUTHENTICATION
1.1       cgd        63: #include <stdio.h>
                     64: #include <sys/types.h>
                     65: #include <signal.h>
                     66: #define        AUTH_NAMES
                     67: #include <arpa/telnet.h>
                     68: #include <stdlib.h>
1.11      thorpej    69: #include <unistd.h>
1.1       cgd        70: #ifdef NO_STRING_H
                     71: #include <strings.h>
                     72: #else
                     73: #include <string.h>
                     74: #endif
                     75:
                     76: #include "encrypt.h"
                     77: #include "auth.h"
                     78: #include "misc-proto.h"
                     79: #include "auth-proto.h"
                     80:
                     81: #define        typemask(x)             (1<<((x)-1))
                     82:
1.3       cgd        83: #ifdef RSA_ENCPWD
                     84: extern rsaencpwd_init();
                     85: extern rsaencpwd_send();
                     86: extern rsaencpwd_is();
                     87: extern rsaencpwd_reply();
                     88: extern rsaencpwd_status();
                     89: extern rsaencpwd_printsub();
                     90: #endif
                     91:
1.1       cgd        92: int auth_debug_mode = 0;
1.9       mycroft    93: static         const char      *Name = "Noname";
1.1       cgd        94: static int     Server = 0;
                     95: static Authenticator   *authenticated = 0;
                     96: static int     authenticating = 0;
                     97: static int     validuser = 0;
                     98: static unsigned char   _auth_send_data[256];
                     99: static unsigned char   *auth_send_data;
                    100: static int     auth_send_cnt = 0;
                    101:
1.17      perry     102: static void auth_intr(int);
1.11      thorpej   103:
1.1       cgd       104: /*
                    105:  * Authentication types supported.  Plese note that these are stored
                    106:  * in priority order, i.e. try the first one first.
                    107:  */
                    108: Authenticator authenticators[] = {
1.3       cgd       109: #ifdef SPX
                    110:        { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
                    111:                                spx_init,
                    112:                                spx_send,
                    113:                                spx_is,
                    114:                                spx_reply,
                    115:                                spx_status,
                    116:                                spx_printsub },
                    117:        { AUTHTYPE_SPX, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
                    118:                                spx_init,
                    119:                                spx_send,
                    120:                                spx_is,
                    121:                                spx_reply,
                    122:                                spx_status,
                    123:                                spx_printsub },
                    124: #endif
1.1       cgd       125: #ifdef KRB5
1.11      thorpej   126: # ifdef        ENCRYPTION
                    127:        { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_MUTUAL,
                    128:                                kerberos5_init,
                    129:                                kerberos5_send,
                    130:                                kerberos5_is,
                    131:                                kerberos5_reply,
                    132:                                kerberos5_status,
                    133:                                kerberos5_printsub },
                    134: # endif        /* ENCRYPTION */
1.1       cgd       135:        { AUTHTYPE_KERBEROS_V5, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
                    136:                                kerberos5_init,
                    137:                                kerberos5_send,
                    138:                                kerberos5_is,
                    139:                                kerberos5_reply,
                    140:                                kerberos5_status,
                    141:                                kerberos5_printsub },
                    142: #endif
1.3       cgd       143: #ifdef RSA_ENCPWD
                    144:        { AUTHTYPE_RSA_ENCPWD, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
                    145:                                rsaencpwd_init,
                    146:                                rsaencpwd_send,
                    147:                                rsaencpwd_is,
                    148:                                rsaencpwd_reply,
                    149:                                rsaencpwd_status,
                    150:                                rsaencpwd_printsub },
                    151: #endif
1.18      christos  152: #ifdef SRA
                    153:        { AUTHTYPE_SRA, AUTH_WHO_CLIENT|AUTH_HOW_ONE_WAY,
                    154:                                sra_init,
                    155:                                sra_send,
                    156:                                sra_is,
                    157:                                sra_reply,
                    158:                                sra_status,
                    159:                                sra_printsub },
                    160:
                    161: #endif
                    162:        { 0, 0, 0, 0, 0, 0, 0, 0 },
1.1       cgd       163: };
                    164:
1.20    ! christos  165: static Authenticator NoAuth = { .type = 0 };
1.1       cgd       166:
                    167: static int     i_support = 0;
                    168: static int     i_wont_support = 0;
                    169:
                    170:        Authenticator *
                    171: findauthenticator(type, way)
                    172:        int type;
                    173:        int way;
                    174: {
                    175:        Authenticator *ap = authenticators;
                    176:
                    177:        while (ap->type && (ap->type != type || ap->way != way))
                    178:                ++ap;
                    179:        return(ap->type ? ap : 0);
                    180: }
                    181:
                    182:        void
                    183: auth_init(name, server)
1.9       mycroft   184:        const char *name;
1.1       cgd       185:        int server;
                    186: {
                    187:        Authenticator *ap = authenticators;
                    188:
                    189:        Server = server;
                    190:        Name = name;
                    191:
                    192:        i_support = 0;
                    193:        authenticated = 0;
                    194:        authenticating = 0;
                    195:        while (ap->type) {
                    196:                if (!ap->init || (*ap->init)(ap, server)) {
                    197:                        i_support |= typemask(ap->type);
                    198:                        if (auth_debug_mode)
                    199:                                printf(">>>%s: I support auth type %d %d\r\n",
                    200:                                        Name,
                    201:                                        ap->type, ap->way);
                    202:                }
1.5       jtk       203:                else if (auth_debug_mode)
                    204:                        printf(">>>%s: Init failed: auth type %d %d\r\n",
                    205:                                Name, ap->type, ap->way);
1.1       cgd       206:                ++ap;
                    207:        }
                    208: }
                    209:
                    210:        void
                    211: auth_disable_name(name)
                    212:        char *name;
                    213: {
                    214:        int x;
                    215:        for (x = 0; x < AUTHTYPE_CNT; ++x) {
1.18      christos  216:                if (AUTHTYPE_NAME(x) && !strcasecmp(name, AUTHTYPE_NAME(x))) {
1.1       cgd       217:                        i_wont_support |= typemask(x);
                    218:                        break;
                    219:                }
                    220:        }
                    221: }
                    222:
                    223:        int
                    224: getauthmask(type, maskp)
                    225:        char *type;
                    226:        int *maskp;
                    227: {
                    228:        register int x;
                    229:
1.18      christos  230:        if (AUTHTYPE_NAME(0) && !strcasecmp(type, AUTHTYPE_NAME(0))) {
1.1       cgd       231:                *maskp = -1;
                    232:                return(1);
                    233:        }
                    234:
                    235:        for (x = 1; x < AUTHTYPE_CNT; ++x) {
1.18      christos  236:                if (AUTHTYPE_NAME(x) && !strcasecmp(type, AUTHTYPE_NAME(x))) {
1.1       cgd       237:                        *maskp = typemask(x);
                    238:                        return(1);
                    239:                }
                    240:        }
                    241:        return(0);
                    242: }
                    243:
                    244:        int
                    245: auth_enable(type)
1.4       pk        246:        char *type;
1.1       cgd       247: {
                    248:        return(auth_onoff(type, 1));
                    249: }
                    250:
                    251:        int
                    252: auth_disable(type)
1.4       pk        253:        char *type;
1.1       cgd       254: {
                    255:        return(auth_onoff(type, 0));
                    256: }
                    257:
                    258:        int
                    259: auth_onoff(type, on)
                    260:        char *type;
                    261:        int on;
                    262: {
1.5       jtk       263:        int i, mask = -1;
1.1       cgd       264:        Authenticator *ap;
                    265:
                    266:        if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
1.5       jtk       267:                printf("auth %s 'type'\n", on ? "enable" : "disable");
1.1       cgd       268:                printf("Where 'type' is one of:\n");
                    269:                printf("\t%s\n", AUTHTYPE_NAME(0));
1.5       jtk       270:                mask = 0;
                    271:                for (ap = authenticators; ap->type; ap++) {
                    272:                        if ((mask & (i = typemask(ap->type))) != 0)
                    273:                                continue;
                    274:                        mask |= i;
1.1       cgd       275:                        printf("\t%s\n", AUTHTYPE_NAME(ap->type));
1.5       jtk       276:                }
1.1       cgd       277:                return(0);
                    278:        }
                    279:
                    280:        if (!getauthmask(type, &mask)) {
                    281:                printf("%s: invalid authentication type\n", type);
                    282:                return(0);
                    283:        }
                    284:        if (on)
                    285:                i_wont_support &= ~mask;
                    286:        else
                    287:                i_wont_support |= mask;
                    288:        return(1);
                    289: }
                    290:
                    291:        int
                    292: auth_togdebug(on)
                    293:        int on;
                    294: {
                    295:        if (on < 0)
                    296:                auth_debug_mode ^= 1;
                    297:        else
                    298:                auth_debug_mode = on;
                    299:        printf("auth debugging %s\n", auth_debug_mode ? "enabled" : "disabled");
                    300:        return(1);
                    301: }
                    302:
                    303:        int
1.11      thorpej   304: auth_status(s)
                    305:        char *s;
1.1       cgd       306: {
                    307:        Authenticator *ap;
1.5       jtk       308:        int i, mask;
1.1       cgd       309:
                    310:        if (i_wont_support == -1)
                    311:                printf("Authentication disabled\n");
                    312:        else
                    313:                printf("Authentication enabled\n");
                    314:
1.5       jtk       315:        mask = 0;
                    316:        for (ap = authenticators; ap->type; ap++) {
                    317:                if ((mask & (i = typemask(ap->type))) != 0)
                    318:                        continue;
                    319:                mask |= i;
1.1       cgd       320:                printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
                    321:                        (i_wont_support & typemask(ap->type)) ?
                    322:                                        "disabled" : "enabled");
1.5       jtk       323:        }
1.1       cgd       324:        return(1);
                    325: }
                    326:
                    327: /*
                    328:  * This routine is called by the server to start authentication
                    329:  * negotiation.
                    330:  */
                    331:        void
                    332: auth_request()
                    333: {
                    334:        static unsigned char str_request[64] = { IAC, SB,
                    335:                                                 TELOPT_AUTHENTICATION,
                    336:                                                 TELQUAL_SEND, };
                    337:        Authenticator *ap = authenticators;
                    338:        unsigned char *e = str_request + 4;
                    339:
                    340:        if (!authenticating) {
                    341:                authenticating = 1;
                    342:                while (ap->type) {
                    343:                        if (i_support & ~i_wont_support & typemask(ap->type)) {
                    344:                                if (auth_debug_mode) {
                    345:                                        printf(">>>%s: Sending type %d %d\r\n",
                    346:                                                Name, ap->type, ap->way);
                    347:                                }
                    348:                                *e++ = ap->type;
                    349:                                *e++ = ap->way;
                    350:                        }
                    351:                        ++ap;
                    352:                }
                    353:                *e++ = IAC;
                    354:                *e++ = SE;
1.10      thorpej   355:                telnet_net_write(str_request, e - str_request);
1.1       cgd       356:                printsub('>', &str_request[2], e - str_request - 2);
                    357:        }
                    358: }
                    359:
                    360: /*
                    361:  * This is called when an AUTH SEND is received.
                    362:  * It should never arrive on the server side (as only the server can
                    363:  * send an AUTH SEND).
                    364:  * You should probably respond to it if you can...
                    365:  *
                    366:  * If you want to respond to the types out of order (i.e. even
                    367:  * if he sends  LOGIN KERBEROS and you support both, you respond
                    368:  * with KERBEROS instead of LOGIN (which is against what the
                    369:  * protocol says)) you will have to hack this code...
                    370:  */
                    371:        void
                    372: auth_send(data, cnt)
                    373:        unsigned char *data;
                    374:        int cnt;
                    375: {
                    376:        Authenticator *ap;
                    377:        static unsigned char str_none[] = { IAC, SB, TELOPT_AUTHENTICATION,
                    378:                                            TELQUAL_IS, AUTHTYPE_NULL, 0,
                    379:                                            IAC, SE };
                    380:        if (Server) {
                    381:                if (auth_debug_mode) {
                    382:                        printf(">>>%s: auth_send called!\r\n", Name);
                    383:                }
                    384:                return;
                    385:        }
                    386:
                    387:        if (auth_debug_mode) {
                    388:                printf(">>>%s: auth_send got:", Name);
                    389:                printd(data, cnt); printf("\r\n");
                    390:        }
                    391:
                    392:        /*
                    393:         * Save the data, if it is new, so that we can continue looking
                    394:         * at it if the authorization we try doesn't work
                    395:         */
                    396:        if (data < _auth_send_data ||
                    397:            data > _auth_send_data + sizeof(_auth_send_data)) {
1.20    ! christos  398:                auth_send_cnt = (size_t)cnt > sizeof(_auth_send_data)
1.1       cgd       399:                                        ? sizeof(_auth_send_data)
1.20    ! christos  400:                                        : (size_t)cnt;
        !           401:                memmove(_auth_send_data, data, auth_send_cnt);
1.1       cgd       402:                auth_send_data = _auth_send_data;
                    403:        } else {
                    404:                /*
                    405:                 * This is probably a no-op, but we just make sure
                    406:                 */
                    407:                auth_send_data = data;
                    408:                auth_send_cnt = cnt;
                    409:        }
                    410:        while ((auth_send_cnt -= 2) >= 0) {
                    411:                if (auth_debug_mode)
                    412:                        printf(">>>%s: He supports %d\r\n",
                    413:                                Name, *auth_send_data);
                    414:                if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) {
                    415:                        ap = findauthenticator(auth_send_data[0],
                    416:                                               auth_send_data[1]);
1.3       cgd       417:                        if (ap && ap->send) {
1.1       cgd       418:                                if (auth_debug_mode)
                    419:                                        printf(">>>%s: Trying %d %d\r\n",
                    420:                                                Name, auth_send_data[0],
                    421:                                                        auth_send_data[1]);
                    422:                                if ((*ap->send)(ap)) {
                    423:                                        /*
                    424:                                         * Okay, we found one we like
                    425:                                         * and did it.
                    426:                                         * we can go home now.
                    427:                                         */
                    428:                                        if (auth_debug_mode)
                    429:                                                printf(">>>%s: Using type %d\r\n",
                    430:                                                        Name, *auth_send_data);
                    431:                                        auth_send_data += 2;
                    432:                                        return;
                    433:                                }
                    434:                        }
                    435:                        /* else
                    436:                         *      just continue on and look for the
                    437:                         *      next one if we didn't do anything.
                    438:                         */
                    439:                }
                    440:                auth_send_data += 2;
                    441:        }
1.10      thorpej   442:        telnet_net_write(str_none, sizeof(str_none));
1.1       cgd       443:        printsub('>', &str_none[2], sizeof(str_none) - 2);
                    444:        if (auth_debug_mode)
                    445:                printf(">>>%s: Sent failure message\r\n", Name);
                    446:        auth_finished(0, AUTH_REJECT);
1.3       cgd       447: #ifdef KANNAN
                    448:        /*
                    449:         *  We requested strong authentication, however no mechanisms worked.
                    450:         *  Therefore, exit on client end.
                    451:         */
1.5       jtk       452:        printf("Unable to securely authenticate user ... exit\n");
1.3       cgd       453:        exit(0);
                    454: #endif /* KANNAN */
1.1       cgd       455: }
                    456:
                    457:        void
                    458: auth_send_retry()
                    459: {
                    460:        /*
                    461:         * if auth_send_cnt <= 0 then auth_send will end up rejecting
                    462:         * the authentication and informing the other side of this.
                    463:         */
                    464:        auth_send(auth_send_data, auth_send_cnt);
                    465: }
                    466:
                    467:        void
                    468: auth_is(data, cnt)
                    469:        unsigned char *data;
                    470:        int cnt;
                    471: {
                    472:        Authenticator *ap;
                    473:
                    474:        if (cnt < 2)
                    475:                return;
                    476:
                    477:        if (data[0] == AUTHTYPE_NULL) {
                    478:                auth_finished(0, AUTH_REJECT);
                    479:                return;
                    480:        }
                    481:
1.11      thorpej   482:        if ((ap = findauthenticator(data[0], data[1])) != NULL) {
1.1       cgd       483:                if (ap->is)
                    484:                        (*ap->is)(ap, data+2, cnt-2);
                    485:        } else if (auth_debug_mode)
                    486:                printf(">>>%s: Invalid authentication in IS: %d\r\n",
                    487:                        Name, *data);
                    488: }
                    489:
                    490:        void
                    491: auth_reply(data, cnt)
                    492:        unsigned char *data;
                    493:        int cnt;
                    494: {
                    495:        Authenticator *ap;
                    496:
                    497:        if (cnt < 2)
                    498:                return;
                    499:
1.11      thorpej   500:        if ((ap = findauthenticator(data[0], data[1])) != NULL) {
1.1       cgd       501:                if (ap->reply)
                    502:                        (*ap->reply)(ap, data+2, cnt-2);
                    503:        } else if (auth_debug_mode)
                    504:                printf(">>>%s: Invalid authentication in SEND: %d\r\n",
                    505:                        Name, *data);
                    506: }
                    507:
                    508:        void
                    509: auth_name(data, cnt)
                    510:        unsigned char *data;
                    511:        int cnt;
                    512: {
                    513:        unsigned char savename[256];
                    514:
                    515:        if (cnt < 1) {
                    516:                if (auth_debug_mode)
                    517:                        printf(">>>%s: Empty name in NAME\r\n", Name);
                    518:                return;
                    519:        }
1.20    ! christos  520:        if ((size_t)cnt > sizeof(savename) - 1) {
1.1       cgd       521:                if (auth_debug_mode)
1.8       thorpej   522:                        printf(">>>%s: Name in NAME (%d) exceeds %ld length\r\n",
                    523:                                        Name, cnt, (long)sizeof(savename)-1);
1.1       cgd       524:                return;
                    525:        }
1.5       jtk       526:        memmove((void *)savename, (void *)data, cnt);
1.1       cgd       527:        savename[cnt] = '\0';   /* Null terminate */
                    528:        if (auth_debug_mode)
                    529:                printf(">>>%s: Got NAME [%s]\r\n", Name, savename);
                    530:        auth_encrypt_user(savename);
                    531: }
                    532:
                    533:        int
                    534: auth_sendname(cp, len)
                    535:        unsigned char *cp;
                    536:        int len;
                    537: {
                    538:        static unsigned char str_request[256+6]
                    539:                        = { IAC, SB, TELOPT_AUTHENTICATION, TELQUAL_NAME, };
                    540:        register unsigned char *e = str_request + 4;
                    541:        register unsigned char *ee = &str_request[sizeof(str_request)-2];
                    542:
                    543:        while (--len >= 0) {
                    544:                if ((*e++ = *cp++) == IAC)
                    545:                        *e++ = IAC;
                    546:                if (e >= ee)
                    547:                        return(0);
                    548:        }
                    549:        *e++ = IAC;
                    550:        *e++ = SE;
1.10      thorpej   551:        telnet_net_write(str_request, e - str_request);
1.1       cgd       552:        printsub('>', &str_request[2], e - &str_request[2]);
                    553:        return(1);
                    554: }
                    555:
                    556:        void
                    557: auth_finished(ap, result)
                    558:        Authenticator *ap;
                    559:        int result;
                    560: {
                    561:        if (!(authenticated = ap))
                    562:                authenticated = &NoAuth;
                    563:        validuser = result;
                    564: }
                    565:
                    566:        /* ARGSUSED */
                    567:        static void
                    568: auth_intr(sig)
                    569:        int sig;
                    570: {
                    571:        auth_finished(0, AUTH_REJECT);
                    572: }
                    573:
                    574:        int
1.15      itojun    575: auth_wait(name, l)
1.1       cgd       576:        char *name;
1.15      itojun    577:        size_t l;
1.1       cgd       578: {
                    579:        if (auth_debug_mode)
                    580:                printf(">>>%s: in auth_wait.\r\n", Name);
                    581:
                    582:        if (Server && !authenticating)
                    583:                return(0);
                    584:
                    585:        (void) signal(SIGALRM, auth_intr);
                    586:        alarm(30);
                    587:        while (!authenticated)
                    588:                if (telnet_spin())
                    589:                        break;
                    590:        alarm(0);
                    591:        (void) signal(SIGALRM, SIG_DFL);
                    592:
                    593:        /*
                    594:         * Now check to see if the user is valid or not
                    595:         */
                    596:        if (!authenticated || authenticated == &NoAuth)
                    597:                return(AUTH_REJECT);
                    598:
                    599:        if (validuser == AUTH_VALID)
                    600:                validuser = AUTH_USER;
                    601:
                    602:        if (authenticated->status)
                    603:                validuser = (*authenticated->status)(authenticated,
1.15      itojun    604:                                                     name, l, validuser);
1.1       cgd       605:        return(validuser);
                    606: }
                    607:
                    608:        void
                    609: auth_debug(mode)
                    610:        int mode;
                    611: {
                    612:        auth_debug_mode = mode;
                    613: }
                    614:
                    615:        void
                    616: auth_printsub(data, cnt, buf, buflen)
                    617:        unsigned char *data, *buf;
                    618:        int cnt, buflen;
                    619: {
                    620:        Authenticator *ap;
                    621:
                    622:        if ((ap = findauthenticator(data[1], data[2])) && ap->printsub)
                    623:                (*ap->printsub)(data, cnt, buf, buflen);
                    624:        else
                    625:                auth_gen_printsub(data, cnt, buf, buflen);
                    626: }
                    627:
                    628:        void
                    629: auth_gen_printsub(data, cnt, buf, buflen)
                    630:        unsigned char *data, *buf;
                    631:        int cnt, buflen;
                    632: {
                    633:        register unsigned char *cp;
                    634:        unsigned char tbuf[16];
                    635:
                    636:        cnt -= 3;
                    637:        data += 3;
                    638:        buf[buflen-1] = '\0';
                    639:        buf[buflen-2] = '*';
                    640:        buflen -= 2;
                    641:        for (; cnt > 0; cnt--, data++) {
1.14      itojun    642:                snprintf((char *)tbuf, sizeof(tbuf), " %d", *data);
1.1       cgd       643:                for (cp = tbuf; *cp && buflen > 0; --buflen)
                    644:                        *buf++ = *cp++;
                    645:                if (buflen <= 0)
                    646:                        return;
                    647:        }
                    648:        *buf = '\0';
                    649: }
                    650: #endif

CVSweb <webmaster@jp.NetBSD.org>