added Rolf's kerberos patches

macssh/source/Headers/Preferences.h

@@ -147,7 +147,7 @@ typedef	struct {
 		authenticate,			// Kerberos authentication
 		encrypt,				// Encrypted session
 		localecho,				// Force local echo on?
-		reserved1;				// Reserved by JMB - NCSA
+		forward;				// Reserved by JMB - NCSA
 	
 	short
 		NetBlockSize,			// Size of read buffer (2.7 CCP)

macssh/source/Headers/dialog_resrcdefs.h

@@ -49,7 +49,9 @@
 #define NCencrypt		9
 #define NCfavoritename	10
 #define NCssh2			11
-#define NCtermpopup		12
+//#define NCtermpopup		12
+#define NCforward		12
+#define NCusername		13
 
 #define TermPopupMenu	1004	
 #define SessPopupMenu	1005	

macssh/source/Screens/wind.h

@@ -233,7 +233,8 @@ char
 
 Boolean
 	authenticate,	// true if authenticating connection wanted
-	encrypt;		// true if encrypting connection wanted
+	encrypt,		// true if encrypting connection wanted
+	forward;                // true if fowarding wanted
 
 NewMacroInfo sessmacros;
 

macssh/source/config/configure.c

@@ -1751,6 +1751,7 @@ void ShowSessPanel(DialogPtr dptr, short panel)
 		case 4:
 		ShowDialogItemRange(dptr, 15, 16);
 		ShowDialogItemRange(dptr, 53, 61);
+		ShowDialogItem(dptr, 92);
 		break;
 
 		case 5:
@@ -1810,6 +1811,7 @@ void HideSessPanel(DialogPtr dptr, short panel)
 		case 4:
 		HideDialogItemRange(dptr, 15, 16);
 		HideDialogItemRange(dptr, 53, 61);
+		HideDialogItem(dptr, 92);
 		break;
 
 		case 5:
@@ -1906,6 +1908,7 @@ Boolean EditSession(StringPtr PrefRecordNamePtr)
 	SetCntrl(dptr, SessHalfDuplex, SessPrefsPtr->halfdup);
 	SetCntrl(dptr, SessAuthenticate, SessPrefsPtr->authenticate);
 	SetCntrl(dptr, SessEncrypt, SessPrefsPtr->encrypt);
+	SetCntrl(dptr, 92, SessPrefsPtr->forward);
 	SetCntrl(dptr, SessLocalEcho, SessPrefsPtr->localecho);
 	SetCntrl(dptr, 46, SessPrefsPtr->otpauto);
 	SetCntrl(dptr, 47, SessPrefsPtr->otpmulti);
@@ -1941,14 +1944,18 @@ Boolean EditSession(StringPtr PrefRecordNamePtr)
 	if (!authOK) {
 		Hilite( dptr, SessAuthenticate, 255);
 		Hilite( dptr, SessEncrypt, 255);
+		Hilite( dptr, 92, 255);
 	} else if (!encryptOK) {
 		Hilite( dptr, SessEncrypt, 255);
 	}
 	if (GetCntlVal(dptr, SessAuthenticate)) {
 		Hilite(dptr, SessEncrypt, (encryptOK)? 0 : 255);
+		Hilite(dptr, 92, 0);
 	} else {
 		Hilite(dptr, SessEncrypt, 255);
+		Hilite( dptr, 92, 255);
 		SetCntrl(dptr, SessEncrypt, false);
+		SetCntrl(dptr, 92, false);
 	}
 
 	configPassword[0] = 0;
@@ -2097,9 +2104,12 @@ Boolean EditSession(StringPtr PrefRecordNamePtr)
 					FlipCheckBox(dptr, ditem);
 					if (GetCntlVal(dptr, SessAuthenticate)) {
 						Hilite(dptr, SessEncrypt, (encryptOK)? 0 : 255);
+						Hilite(dptr, 92, 0);
 					} else {
 						Hilite(dptr, SessEncrypt, 255);
+						Hilite(dptr, 92, 255);
 						SetCntrl(dptr, SessEncrypt, false);
+						SetCntrl(dptr, 92, false);
 					}
 					break;
 
@@ -2127,6 +2137,7 @@ Boolean EditSession(StringPtr PrefRecordNamePtr)
 				case	78:
 				case	87:
 				case	91:
+				case	92:
 /* NONO */
 					FlipCheckBox(dptr, ditem);
 					break;
@@ -2380,6 +2391,7 @@ void SetSessionData(DialogPtr dptr, SessionPrefs *SessPrefsPtr,
 	SessPrefsPtr->halfdup = GetCntlVal(dptr, SessHalfDuplex);
 	SessPrefsPtr->authenticate = GetCntlVal(dptr, SessAuthenticate);
 	SessPrefsPtr->encrypt = GetCntlVal(dptr, SessEncrypt);
+	SessPrefsPtr->forward = GetCntlVal(dptr, 92);
 	SessPrefsPtr->localecho = GetCntlVal(dptr, SessLocalEcho);
 	SessPrefsPtr->otpauto = GetCntlVal(dptr, 46);
 	SessPrefsPtr->otpmulti = GetCntlVal(dptr, 47);

macssh/source/main/Connections.c

@@ -142,6 +142,10 @@ pascal short POCdlogfilter( DialogPtr dptr, EventRecord *evt, short *item)
 				*item = NCssh2;
 				return -1;
 			}
+			if ( key == 'F' || key == 'f' ) {
+				*item = NCforward;
+				return -1;
+			}
 		}
 	}
 	if ((evt->what == keyDown) || (evt->what == autoKey)) {
@@ -223,6 +227,7 @@ static void SetCurrentSession(DialogPtr dptr, Str255 scratchPstring)
 		SelectDialogItemText(dptr, NChostname, 0, 32767);
 		SetCntrl(dptr, NCauthenticate, (**tempSessHdl).authenticate);//update the auth status
 		SetCntrl(dptr, NCencrypt, (**tempSessHdl).encrypt);
+		SetCntrl(dptr, NCforward, (**tempSessHdl).forward);
 		SetCntrl(dptr, NCssh2, (**tempSessHdl).protocol == 4);
 		setSessStates(dptr);//encrypt cant be on w/o authenticate
 		ReleaseResource((Handle)tempSessHdl);
@@ -316,6 +321,7 @@ Boolean PresentOpenConnectionDialog(void)
 	if (!authOK) {
 		Hilite( dptr, NCauthenticate, 255);
 		Hilite( dptr, NCencrypt, 255);
+		Hilite( dptr, NCforward, 255);
 	} else if (!encryptOK) {
 		Hilite( dptr, NCencrypt, 255);
 	}
@@ -344,6 +350,7 @@ Boolean PresentOpenConnectionDialog(void)
 		{
 			case	NCauthenticate:
 			case	NCencrypt:
+			case	NCforward:
 				GetDialogItem(dptr, ditem, &scratchshort, &ItemHandle, &scratchRect);
 				if ((**(ControlHandle)ItemHandle).contrlHilite == 0) {	// if control not disabled
 					FlipCheckBox(dptr, ditem);
@@ -509,6 +516,7 @@ Boolean PresentOpenConnectionDialog(void)
 
   	(**(**InitParams).session).authenticate = GetCntlVal(dptr, NCauthenticate);
   	(**(**InitParams).session).encrypt = GetCntlVal(dptr, NCencrypt);
+  	(**(**InitParams).session).forward = GetCntlVal(dptr, NCforward);
 
  	if ( GetCntlVal(dptr, NCssh2) ) {
 		if ((**(**InitParams).session).protocol != 4) {
@@ -559,9 +567,12 @@ static	void setSessStates (DialogPtr dptr)
 {		
 	if (GetCntlVal(dptr, NCauthenticate)) {
 		Hilite(dptr, NCencrypt, (encryptOK)? 0 : 255);
+		Hilite(dptr, NCforward, 0);
 	} else {
 		Hilite(dptr, NCencrypt, 255);
 		SetCntrl(dptr, NCencrypt, false);
+		Hilite(dptr, NCforward, 255);
+		SetCntrl(dptr, NCforward, false);
 	}
 }
 
@@ -721,6 +732,7 @@ Boolean CreateConnectionFromParams( ConnInitParams **Params)
 
   	theScreen->authenticate = SessPtr->authenticate;
   	theScreen->encrypt = SessPtr->encrypt;
+  	theScreen->forward = SessPtr->forward;
  
     theScreen->aedata = NULL;
  	

macssh/source/network/network.c

@@ -478,15 +478,8 @@ short	netread(short pnum, void *buffer, short n)
 	}
 
  	/* Decrypt data */
-	if (p->aedata && ((tnParams *)p->aedata)->decrypting) {
- 		unsigned char *cp = (unsigned char *)buffer;
- 		short len = reqdamt;
- 		
- 		while (len-- > 0) {
-			*cp = decrypt((tnParams *)p->aedata, (long)(*cp));
-			cp++;
-		}
-	}
+	if (p->aedata && ((tnParams *)p->aedata)->decrypting)
+		decrypt((tnParams *)p->aedata, buffer, (long)reqdamt);
  
 	MyPBreturn(pbp);
 	return(reqdamt);

macssh/source/parse/authencrypt.c

@@ -33,7 +33,14 @@ enum {
 	    | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(long)))
 		| STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(Ptr)))
 };
-#endif
+
+#define PluginProc(userRoutine, code, pointer)		\
+			CallUniversalProc((UniversalProcPtr)(userRoutine), uppModule, code, pointer)
+#else /* powerc */
+
+#define PluginProc(userRoutine, code, pointer)		\
+		(*(userRoutine))(code, pointer)
+#endif /* powerc */
 
 #ifdef __MWERKS__
 #pragma profile off
@@ -90,13 +97,9 @@ void auth_encrypt_end(tnParams **aedata)
 	int i;
 	OSErr s;
 	tnParams *tn = *aedata;		
-	
-#ifdef powerc
-		s = CallUniversalProc((UniversalProcPtr)tn->entry, uppModule, 
-								  TNFUNC_END_SESSION, tn);
-#else
-		s = (tn->entry)(TNFUNC_END_SESSION, tn);
-#endif
+
+	if (tn->entry)
+		s = PluginProc(tn->entry, TNFUNC_END_SESSION, tn);
 }
 
 static	void	scanFolder(short vRef, long dirID)
@@ -161,15 +164,10 @@ void loadCode (HParamBlockRec *pb, long dirid, Str255 name, OSType type, codemod
 			 * It should preset the type/pairs list and return the number of
 			 * pairs entered.
 			 */
-#ifdef powerc
-			code->npairs = CallUniversalProc((UniversalProcPtr)code->entry, uppModule, 
-											 TNFUNC_INIT_CODE, &code->pairs);
-			code->encryptok = CallUniversalProc((UniversalProcPtr)code->entry, uppModule, 
-												TNFUNC_QUERY_ENCRYPT, 0);
-#else
-			code->npairs = (*code->entry)(TNFUNC_INIT_CODE, &code->pairs);
-			code->encryptok = (*code->entry)(TNFUNC_QUERY_ENCRYPT, 0);
-#endif
+
+			code->npairs = PluginProc(code->entry, TNFUNC_INIT_CODE, &code->pairs);
+			code->encryptok = PluginProc(code->entry, TNFUNC_QUERY_ENCRYPT, 0);
+
 			qlink((void **)header, code);
 		} else
 			ReleaseResource(h);
@@ -187,7 +185,7 @@ void loadCode (HParamBlockRec *pb, long dirid, Str255 name, OSType type, codemod
  */
 void auth_suboption (tnParams **aedata, unsigned char *subbuffer, long sublength,
 	unsigned char *sendbuffer, unsigned long *sendlength, char *cname, Boolean hisencrypt,
-	Boolean myencrypt, unsigned short port)
+	Boolean myencrypt, unsigned short port, Boolean forward, char *username)
 {
 	int i;
 	OSErr s;
@@ -252,34 +250,23 @@ void auth_suboption (tnParams **aedata, unsigned char *subbuffer, long sublength
 		 * If no auth data, initialize it now.
 		 */
 		if (!(tn->authdata)) {
-			netgetip(tn->ipaddr);
-			tn->port = netgetport(port);
 			switch (code->authType) {
 			case 'TNae':
-#ifdef powerc
-				s = CallUniversalProc((UniversalProcPtr)code->entry, uppModule, 
-									  TNFUNC_INIT_SESSION_AUTH, &tn->authdata);
-				if ((s == 0) && !tn->encryptdata)
-					s = CallUniversalProc((UniversalProcPtr)code->entry, uppModule, 
-										  TNFUNC_INIT_SESSION_ENCRYPT, &tn->encryptdata);
-#else
-				s = (*code->entry)(TNFUNC_INIT_SESSION_AUTH, &tn->authdata);
-				if ((s == 0) && !tn->encryptdata)
-					s = (*code->entry)(TNFUNC_INIT_SESSION_ENCRYPT, &tn->encryptdata);
-#endif
-			break;
+				s = PluginProc(code->entry, TNFUNC_INIT_SESSION_AUTH, &tn->authdata);
+				if ((s == 0) && !tn->encryptdata) {
+					s = PluginProc(code->entry, TNFUNC_INIT_SESSION_ENCRYPT, &tn->encryptdata);
+					tn->encrType = code->authType;
+				}
+				break;
 			default:
-#ifdef powerc
-				s = CallUniversalProc((UniversalProcPtr)code->entry, uppModule, 
-								  TNFUNC_INIT_SESSION_AUTH, tn);
-				if ((s == 0) && !tn->encryptdata)
-					s = CallUniversalProc((UniversalProcPtr)code->entry, uppModule, 
-									  TNFUNC_INIT_SESSION_ENCRYPT, tn);
-#else
-				s = (*code->entry)(TNFUNC_INIT_SESSION_AUTH, tn);
-				if ((s == 0) && !tn->encryptdata)
-					s = (*code->entry)(TNFUNC_INIT_SESSION_ENCRYPT, tn);
-#endif
+				netgetip(tn->ipaddr);
+				tn->port = netgetport(port);
+				tn->username = username;
+				s = PluginProc(code->entry, TNFUNC_INIT_SESSION_AUTH, tn);
+				if ((s == 0) && !tn->encryptdata) {
+					s = PluginProc(code->entry, TNFUNC_INIT_SESSION_ENCRYPT, tn);
+					tn->encrType = code->authType;
+				}
 			}
 
 			if (s) {					/* if no memory, etc */
@@ -300,12 +287,7 @@ void auth_suboption (tnParams **aedata, unsigned char *subbuffer, long sublength
 		tn->cname = cname;
 		tn->hisencrypt = hisencrypt;
 		tn->myencrypt = myencrypt;
-#ifdef powerc
-		s = CallUniversalProc((UniversalProcPtr)tn->entry, uppModule, 
-							  TNFUNC_AUTH_SEND, tn);		
-#else
-		s = (*tn->entry)(TNFUNC_AUTH_SEND, tn);
-#endif
+		s = PluginProc(tn->entry, TNFUNC_AUTH_SEND, tn);		
 		if (s) {
 			/* ddd null probably wrong here ??? */
 			BlockMoveData((Ptr)nullbuf, (Ptr)sendbuffer, sizeof(nullbuf));
@@ -326,14 +308,10 @@ void auth_suboption (tnParams **aedata, unsigned char *subbuffer, long sublength
 		tn->sendbuffer = sendbuffer;
 		tn->sendlength = sendlength;
 		tn->cname = cname;
+		tn->forward = forward ? 1 : -1;
 		tn->hisencrypt = hisencrypt;
 		tn->myencrypt = myencrypt;
-#ifdef powerc
-		s = CallUniversalProc((UniversalProcPtr)tn->entry, uppModule, 
-							  TNFUNC_AUTH_REPLY, tn);
-#else
-		s = (*tn->entry)(TNFUNC_AUTH_REPLY, tn);
-#endif
+		s = PluginProc(tn->entry, TNFUNC_AUTH_REPLY, tn);
 		switch (s) {
 		case TNREP_OK:
 			return;
@@ -379,34 +357,25 @@ short encrypt_suboption (tnParams **aedata, unsigned char *subbuffer, long suble
 				break;
 		}
 		if (!code) {
-			DisposePtr(*aedata);
-			*aedata = NULL;
+			//DisposePtr(*aedata);
+			//*aedata = NULL;
 			return 0;
 		}
 
 		switch (code->authType)
 		{
 		case 'TNae':
-#ifdef powerc
-			s = CallUniversalProc((UniversalProcPtr)code->entry, uppModule, 
-								  TNFUNC_INIT_SESSION_ENCRYPT, &tn->encryptdata);
-#else
-			s = (*code->entry)(TNFUNC_INIT_SESSION_ENCRYPT, &tn->encryptdata);
-#endif
-		break;
+			s = PluginProc(code->entry, TNFUNC_INIT_SESSION_ENCRYPT, &tn->encryptdata);
+			break;
 		default:
-#ifdef powerc
-			s = CallUniversalProc((UniversalProcPtr)code->entry, uppModule, 
-								  TNFUNC_INIT_SESSION_ENCRYPT, tn);
-#else
-			s = (*code->entry)(TNFUNC_INIT_SESSION_ENCRYPT, tn);
-#endif
+			s = PluginProc(code->entry, TNFUNC_INIT_SESSION_ENCRYPT, tn);
 		}
 
 		if (s)
 			return TNREP_ERROR;
 
 		tn->entry = code->entry;
+		tn->encrType = code->authType;
 	}
 
 	tn->subbuffer = subbuffer;
@@ -416,26 +385,30 @@ short encrypt_suboption (tnParams **aedata, unsigned char *subbuffer, long suble
 	tn->cname = cname;
 	tn->hisencrypt = hisencrypt;
 	tn->myencrypt = myencrypt;
-#ifdef powerc
-	s = CallUniversalProc((UniversalProcPtr)tn->entry, uppModule, 
-						  TNFUNC_ENCRYPT_SB, tn);
-#else
-	s = (*tn->entry)(TNFUNC_ENCRYPT_SB, tn);
-#endif
+	s = PluginProc(tn->entry, TNFUNC_ENCRYPT_SB, tn);
 	return s;
 }
 
 
-unsigned char decrypt (tnParams *tn, long value)
+void decrypt (tnParams *tn, unsigned char *buf, long len)
 {
-	tn->data = value;
-#ifdef powerc
-	CallUniversalProc((UniversalProcPtr)tn->entry, uppModule, 
-						  TNFUNC_DECRYPT, tn);
-#else
-	(*tn->entry)(TNFUNC_DECRYPT, tn);
-#endif
-	return (unsigned char)tn->data;
+	short s;
+	
+	tn->data = len;
+	tn->ebuf = buf;
+	if (tn->encrType == 'TNae')
+		s = TNREP_ERROR;
+	else
+	s = PluginProc(tn->entry, TNFUNC_DECRYPT2, tn);
+	if (s == TNREP_ERROR)		// plugin must not support TNFUNC_DECRYPT2
+	{
+		while (len-- > 0) {
+ 			tn->data = (long)*buf;
+ 			PluginProc(tn->entry, TNFUNC_DECRYPT, tn);
+ 			*buf = (unsigned char)tn->data;
+			buf++;
+		}
+	}
 }
 
 
@@ -443,12 +416,7 @@ void encrypt (tnParams *tn, unsigned char *buf, long len)
 {
 	tn->data = len;
 	tn->ebuf = buf;
-#ifdef powerc
-	CallUniversalProc((UniversalProcPtr)tn->entry, uppModule, 
-						  TNFUNC_ENCRYPT, tn);
-#else
-	(*tn->entry)(TNFUNC_ENCRYPT, tn);
-#endif
+	PluginProc(tn->entry, TNFUNC_ENCRYPT, tn);
 }
 
 
@@ -528,18 +496,30 @@ short hicall (long cscode, krbHiParmBlock *khipb, short kdriver)
 
 void	DestroyTickets(void)
 {
+	struct codemodule *code = NULL;
 	OSErr			err;
 	//short authRefNumkrb;
 	krbHiParmBlock khpb, *khipb = &khpb;
 	short kdriver;
 
-	if (!(err = OpenDriver("\p.Kerberos", &kdriver)))
+	for (code = authmodules; code; code = code->next)
 	{
-		WriteZero((Ptr)khipb, sizeof(krbHiParmBlock));
-		if (err = hicall(cKrbDeleteAllSessions, khipb, kdriver))
-			return;
+		switch(code->authType)
+		{
+			case 'TNae':
+			
+				if (!(err = OpenDriver("\p.Kerberos", &kdriver)))
+				{
+					WriteZero((Ptr)khipb, sizeof(krbHiParmBlock));
+					if (err = hicall(cKrbDeleteAllSessions, khipb, kdriver))
+					return;
+				}
+				//else if (!(err=openAuthMan(&authRefNum,&authAPIversion)))
+				//	if (err=expireV4Ticket(authRefNum,NULL,NULL,NULL))
+				//		return;
+				break;
+			default:
+				PluginProc(code->entry, TNFUNC_DESTROY_CREDS, 0);
+		}
 	}
-	//else if (!(err=openAuthMan(&authRefNum,&authAPIversion)))
-	//	if (err=expireV4Ticket(authRefNum,NULL,NULL,NULL))
-	//		return;
 }

macssh/source/parse/authencrypt.proto.h

@@ -2,10 +2,10 @@
  * :main:authencrypt.c
  */
 Boolean auth_encrypt_init(void);
-void auth_suboption(tnParams **aedata, unsigned char *subbuffer, long sublength, unsigned char *sendbuffer, unsigned long *sendlength, char *cname, Boolean hisencrypt, Boolean myencrypt, unsigned short port);
+void auth_suboption(tnParams **aedata, unsigned char *subbuffer, long sublength, unsigned char *sendbuffer, unsigned long *sendlength, char *cname, Boolean hisencrypt, Boolean myencrypt, unsigned short port, Boolean forward, char *username);
 void auth_encrypt_end(tnParams **aedata);
 short encrypt_suboption(tnParams **aedata, unsigned char *subbuffer, long sublength, unsigned char *sendbuffer, unsigned long *sendlength, char *cname, Boolean hisencrypt, Boolean myencrypt);
-unsigned char decrypt(tnParams *tn, long value);
+void decrypt(tnParams *tn, unsigned char *buf, long value);
 void encrypt(tnParams *tn, unsigned char *buf, long len);
 void qlink(void **flist, void *fentry);
 void *qunlink(void **flist, void *fentry);

macssh/source/parse/parse.c

@@ -63,6 +63,10 @@ static	void	telnet_do(struct WindRec *tw, short option);
 static	void	telnet_dont(struct WindRec *tw, short option);
 static	void	telnet_will(struct WindRec *tw, short option);
 static	void	telnet_wont(struct WindRec *tw, short option);
+static void		env_opt_start(void);
+static void		env_opt_add(char *, char *);
+static void		env_opt_end(void);
+static int		opt_welldefined(char *);
 
 void	Parseunload(void) {}
 
@@ -575,9 +579,81 @@ void	SendNAWSinfo(WindRec *s, short horiz, short vert)
 }
 
 /*
- * Implementation specific Kerberos routines
+ * telnet environment passing routines
  */
 
+#define OPT_REPLY_SIZE  256
+unsigned char opt_reply[OPT_REPLY_SIZE];
+unsigned char *opt_replyp;
+
+void
+env_opt_start(void)
+{
+        opt_replyp = opt_reply;
+
+        *opt_replyp++ = IAC;
+        *opt_replyp++ = SB;
+        *opt_replyp++ = N_NEW_ENVIRON;
+        *opt_replyp++ = TNQ_IS;
+}
+
+void
+env_opt_add(char *ep, char *vp)
+{
+        unsigned char c;
+
+        if (opt_welldefined(ep))
+                *opt_replyp++ = NEW_ENV_VAR;
+        else
+                *opt_replyp++ = ENV_USERVAR;
+
+        for (;;) {
+                while (c = *ep++) {
+                        switch(c&0xff) {
+                        case IAC:
+                                *opt_replyp++ = IAC;
+                                break;
+                        case NEW_ENV_VAR:
+                        case NEW_ENV_VALUE:
+                        case ENV_ESC:
+                        case ENV_USERVAR:
+                                *opt_replyp++ = ENV_ESC;
+                                break;
+                        }
+                        *opt_replyp++ = c;
+                }
+
+                if (ep = vp) {
+                        *opt_replyp++ = NEW_ENV_VALUE;
+                        vp = NULL;
+                } else
+                        break;
+        }
+}
+
+int
+opt_welldefined(char *ep)
+{
+        if ((strcmp(ep, "USER") == 0) ||
+            (strcmp(ep, "DISPLAY") == 0) ||
+            (strcmp(ep, "PRINTER") == 0) ||
+            (strcmp(ep, "SYSTEMTYPE") == 0) ||
+            (strcmp(ep, "JOB") == 0) ||
+            (strcmp(ep, "ACCT") == 0))
+                return(1);
+        return(0);
+}
+
+void
+env_opt_end()
+{
+        *opt_replyp++ = IAC;
+        *opt_replyp++ = SE;
+}
+
+/*
+ * Implementation specific Kerberos routines
+ */
 
 /*
  * getcname
@@ -739,11 +815,7 @@ static	void	process_suboption(struct WindRec *tw, unsigned char *start, unsigned
 				 * If we turned on encryption, we must decrypt the rest of the buffer.
 				 */
 				if (s == TNREP_START_DECRYPT) {
-					unsigned char *cp = start;
-					while (cp < end) {
-						*cp = decrypt((tnParams *)tw->aedata, (long)(*cp));
-						cp++;
-					}
+					decrypt((tnParams *)tw->aedata, start, (long)(end-start));
 				}
 
 				if (sizeof(sendbuffer) - sendlength)
@@ -771,7 +843,7 @@ static	void	process_suboption(struct WindRec *tw, unsigned char *start, unsigned
 						   sendbuffer, &sendlength, getcname(tw), 
 						   tw->hisopts[OPT_ENCRYPT-MHOPTS_BASE], 
 						   tw->myopts[OPT_ENCRYPT-MHOPTS_BASE],
-						   tw->port);
+						   tw->port, tw->forward, tw->username);
 			if (sizeof(sendbuffer) - sendlength) {
 				netwrite(tw->port, sendbuffer, sizeof(sendbuffer)-sendlength);
 				}
@@ -827,6 +899,41 @@ static	void	process_suboption(struct WindRec *tw, unsigned char *start, unsigned
 				default:
 				break;	
 			}
+ 			break;
+         /*------------------------------------------------------------------------------*
+         *       SUBNegotiate Environment:  pass username as USER
+         *
+         *------------------------------------------------------------------------------*/
+                 case N_NEW_ENVIRON:
+                         switch (tw->parsedat[1])
+                         {
+                                 case TNQ_SEND:
+#ifdef OPTS_DEBUG
+                                         sprintf(munger, "RECV: SB NEW_ENVIRON SEND");
+                                         opts_debug_print(munger);
+#endif
+                                         env_opt_start();
+ 
+ 										p2cstr((unsigned char *)tw->username);
+ 										env_opt_add("USER", tw->username);
+ 										c2pstr(tw->username);
+ 
+                                         env_opt_end();
+ 
+                                         netwrite(tw->port, opt_reply, opt_replyp - opt_reply);
+                                         netpush(tw->port);
+#ifdef OPTS_DEBUG
+                                         sprintf(munger, "SENT: SB NEW_ENVIRON IS USER <value>");
+                                         opts_debug_print(munger);
+#endif
+                                         break;
+                                 default:
+#ifdef OPTS_DEBUG
+                                         sprintf(munger, "RECV: SB NEW_ENVIRON unsupported suboption");
+                                         opts_debug_print(munger);
+#endif
+                         }
+                         break;
 		
 		default: //dont know this subnegotiation!!
 			break;
@@ -897,6 +1004,13 @@ static	void	telnet_do(struct WindRec *tw, short option)
 			}
 			break;
 		
+ 		case N_NEW_ENVIRON:
+ 			if (tw->username[0])
+ 				send_will(tw->port, N_NEW_ENVIRON);
+ 			else
+ 				send_wont(tw->port, option);
+ 			break;
+ 
 		case N_REMOTEFLOW:
 			if (!tw->remote_flow)
 			{

macssh/source/parse/parse.h

@@ -60,7 +60,13 @@
 #define	N_XDISPLOC			35
 #define N_AUTHENTICATION	37			/* Authentication */
 #define N_ENCRYPT			38			/* Encryption */
+#define N_NEW_ENVIRON		39
 
+/* values for NEW ENVIRON */
+#define NEW_ENV_VAR    0
+#define NEW_ENV_VALUE  1
+#define ENV_ESC        2
+#define ENV_USERVAR    3
 
 /* Values for LINEMODE MODE */
 #define L_EDIT    	1

macssh/source/parse/tnae.h

@@ -102,7 +102,9 @@ enum {
 	TNFUNC_ENCRYPT_SB,					/* process encryption sub-options */
 	TNFUNC_DECRYPT,						/* decrypt data */
 	TNFUNC_ENCRYPT,						/* encrypt data */
-	TNFUNC_END_SESSION					/* cleanup session data */
+	TNFUNC_END_SESSION,					/* cleanup session data */
+	TNFUNC_DESTROY_CREDS,				/* destroy credentials */
+	TNFUNC_DECRYPT2						/* more efficient decrypt data */
 };
 
 
@@ -141,11 +143,16 @@ typedef struct tnParams_ {
 	Boolean encrypting;					/* we are encrypting */
 	Boolean startencrypting;			/* time to start encrypting */
 	Boolean decrypting;					/* we are decrypting */
+	char forward;					/* forward credentials, -1 = don't forward */
 	long data;							/* for encrypt/decrypt */
 	unsigned char *ebuf;				/* encrypt buf */
 
 	unsigned char	ipaddr[4];			/* for authentication forwarding in kerberos5 */
 	unsigned short	port;				/* for authentication forwarding in kerberos5 */
+
+	char *username;					/* alternate username */
+	unsigned char padding[8];			/* for the future... */
+	OSType encrType;				/* internal only: type from code struct */
 } tnParams;
 
 #if PRAGMA_ALIGN_SUPPORTED