From 762fa2cfa43388ab0990013b3b8ba903d4d7e8d9 Mon Sep 17 00:00:00 2001 From: chombier <> Date: Sun, 29 Jul 2001 09:01:11 +0000 Subject: [PATCH] added Rolf's kerberos patches --- macssh/source/Headers/Preferences.h | 2 +- macssh/source/Headers/dialog_resrcdefs.h | 4 +- macssh/source/Screens/wind.h | 3 +- macssh/source/config/configure.c | 12 ++ macssh/source/main/Connections.c | 12 ++ macssh/source/network/network.c | 11 +- macssh/source/parse/authencrypt.c | 176 ++++++++++------------- macssh/source/parse/authencrypt.proto.h | 4 +- macssh/source/parse/parse.c | 128 ++++++++++++++++- macssh/source/parse/parse.h | 6 + macssh/source/parse/tnae.h | 9 +- macssh/source/telnet.rsrc | Bin 163844 -> 164139 bytes 12 files changed, 247 insertions(+), 120 deletions(-) diff --git a/macssh/source/Headers/Preferences.h b/macssh/source/Headers/Preferences.h index 084abb1..9d5a259 100755 --- a/macssh/source/Headers/Preferences.h +++ b/macssh/source/Headers/Preferences.h @@ -147,7 +147,7 @@ typedef struct { authenticate, // Kerberos authentication encrypt, // Encrypted session localecho, // Force local echo on? - reserved1; // Reserved by JMB - NCSA + forward; // Reserved by JMB - NCSA short NetBlockSize, // Size of read buffer (2.7 CCP) diff --git a/macssh/source/Headers/dialog_resrcdefs.h b/macssh/source/Headers/dialog_resrcdefs.h index 469cac6..d7953c2 100755 --- a/macssh/source/Headers/dialog_resrcdefs.h +++ b/macssh/source/Headers/dialog_resrcdefs.h @@ -49,7 +49,9 @@ #define NCencrypt 9 #define NCfavoritename 10 #define NCssh2 11 -#define NCtermpopup 12 +//#define NCtermpopup 12 +#define NCforward 12 +#define NCusername 13 #define TermPopupMenu 1004 #define SessPopupMenu 1005 diff --git a/macssh/source/Screens/wind.h b/macssh/source/Screens/wind.h index 677480b..0fd40ff 100755 --- a/macssh/source/Screens/wind.h +++ b/macssh/source/Screens/wind.h @@ -233,7 +233,8 @@ char Boolean authenticate, // true if authenticating connection wanted - encrypt; // true if encrypting connection wanted + encrypt, // true if encrypting connection wanted + forward; // true if fowarding wanted NewMacroInfo sessmacros; diff --git a/macssh/source/config/configure.c b/macssh/source/config/configure.c index beb0463..563f655 100755 --- a/macssh/source/config/configure.c +++ b/macssh/source/config/configure.c @@ -1751,6 +1751,7 @@ void ShowSessPanel(DialogPtr dptr, short panel) case 4: ShowDialogItemRange(dptr, 15, 16); ShowDialogItemRange(dptr, 53, 61); + ShowDialogItem(dptr, 92); break; case 5: @@ -1810,6 +1811,7 @@ void HideSessPanel(DialogPtr dptr, short panel) case 4: HideDialogItemRange(dptr, 15, 16); HideDialogItemRange(dptr, 53, 61); + HideDialogItem(dptr, 92); break; case 5: @@ -1906,6 +1908,7 @@ Boolean EditSession(StringPtr PrefRecordNamePtr) SetCntrl(dptr, SessHalfDuplex, SessPrefsPtr->halfdup); SetCntrl(dptr, SessAuthenticate, SessPrefsPtr->authenticate); SetCntrl(dptr, SessEncrypt, SessPrefsPtr->encrypt); + SetCntrl(dptr, 92, SessPrefsPtr->forward); SetCntrl(dptr, SessLocalEcho, SessPrefsPtr->localecho); SetCntrl(dptr, 46, SessPrefsPtr->otpauto); SetCntrl(dptr, 47, SessPrefsPtr->otpmulti); @@ -1941,14 +1944,18 @@ Boolean EditSession(StringPtr PrefRecordNamePtr) if (!authOK) { Hilite( dptr, SessAuthenticate, 255); Hilite( dptr, SessEncrypt, 255); + Hilite( dptr, 92, 255); } else if (!encryptOK) { Hilite( dptr, SessEncrypt, 255); } if (GetCntlVal(dptr, SessAuthenticate)) { Hilite(dptr, SessEncrypt, (encryptOK)? 0 : 255); + Hilite(dptr, 92, 0); } else { Hilite(dptr, SessEncrypt, 255); + Hilite( dptr, 92, 255); SetCntrl(dptr, SessEncrypt, false); + SetCntrl(dptr, 92, false); } configPassword[0] = 0; @@ -2097,9 +2104,12 @@ Boolean EditSession(StringPtr PrefRecordNamePtr) FlipCheckBox(dptr, ditem); if (GetCntlVal(dptr, SessAuthenticate)) { Hilite(dptr, SessEncrypt, (encryptOK)? 0 : 255); + Hilite(dptr, 92, 0); } else { Hilite(dptr, SessEncrypt, 255); + Hilite(dptr, 92, 255); SetCntrl(dptr, SessEncrypt, false); + SetCntrl(dptr, 92, false); } break; @@ -2127,6 +2137,7 @@ Boolean EditSession(StringPtr PrefRecordNamePtr) case 78: case 87: case 91: + case 92: /* NONO */ FlipCheckBox(dptr, ditem); break; @@ -2380,6 +2391,7 @@ void SetSessionData(DialogPtr dptr, SessionPrefs *SessPrefsPtr, SessPrefsPtr->halfdup = GetCntlVal(dptr, SessHalfDuplex); SessPrefsPtr->authenticate = GetCntlVal(dptr, SessAuthenticate); SessPrefsPtr->encrypt = GetCntlVal(dptr, SessEncrypt); + SessPrefsPtr->forward = GetCntlVal(dptr, 92); SessPrefsPtr->localecho = GetCntlVal(dptr, SessLocalEcho); SessPrefsPtr->otpauto = GetCntlVal(dptr, 46); SessPrefsPtr->otpmulti = GetCntlVal(dptr, 47); diff --git a/macssh/source/main/Connections.c b/macssh/source/main/Connections.c index c137e6b..452b9d5 100755 --- a/macssh/source/main/Connections.c +++ b/macssh/source/main/Connections.c @@ -142,6 +142,10 @@ pascal short POCdlogfilter( DialogPtr dptr, EventRecord *evt, short *item) *item = NCssh2; return -1; } + if ( key == 'F' || key == 'f' ) { + *item = NCforward; + return -1; + } } } if ((evt->what == keyDown) || (evt->what == autoKey)) { @@ -223,6 +227,7 @@ static void SetCurrentSession(DialogPtr dptr, Str255 scratchPstring) SelectDialogItemText(dptr, NChostname, 0, 32767); SetCntrl(dptr, NCauthenticate, (**tempSessHdl).authenticate);//update the auth status SetCntrl(dptr, NCencrypt, (**tempSessHdl).encrypt); + SetCntrl(dptr, NCforward, (**tempSessHdl).forward); SetCntrl(dptr, NCssh2, (**tempSessHdl).protocol == 4); setSessStates(dptr);//encrypt cant be on w/o authenticate ReleaseResource((Handle)tempSessHdl); @@ -316,6 +321,7 @@ Boolean PresentOpenConnectionDialog(void) if (!authOK) { Hilite( dptr, NCauthenticate, 255); Hilite( dptr, NCencrypt, 255); + Hilite( dptr, NCforward, 255); } else if (!encryptOK) { Hilite( dptr, NCencrypt, 255); } @@ -344,6 +350,7 @@ Boolean PresentOpenConnectionDialog(void) { case NCauthenticate: case NCencrypt: + case NCforward: GetDialogItem(dptr, ditem, &scratchshort, &ItemHandle, &scratchRect); if ((**(ControlHandle)ItemHandle).contrlHilite == 0) { // if control not disabled FlipCheckBox(dptr, ditem); @@ -509,6 +516,7 @@ Boolean PresentOpenConnectionDialog(void) (**(**InitParams).session).authenticate = GetCntlVal(dptr, NCauthenticate); (**(**InitParams).session).encrypt = GetCntlVal(dptr, NCencrypt); + (**(**InitParams).session).forward = GetCntlVal(dptr, NCforward); if ( GetCntlVal(dptr, NCssh2) ) { if ((**(**InitParams).session).protocol != 4) { @@ -559,9 +567,12 @@ static void setSessStates (DialogPtr dptr) { if (GetCntlVal(dptr, NCauthenticate)) { Hilite(dptr, NCencrypt, (encryptOK)? 0 : 255); + Hilite(dptr, NCforward, 0); } else { Hilite(dptr, NCencrypt, 255); SetCntrl(dptr, NCencrypt, false); + Hilite(dptr, NCforward, 255); + SetCntrl(dptr, NCforward, false); } } @@ -721,6 +732,7 @@ Boolean CreateConnectionFromParams( ConnInitParams **Params) theScreen->authenticate = SessPtr->authenticate; theScreen->encrypt = SessPtr->encrypt; + theScreen->forward = SessPtr->forward; theScreen->aedata = NULL; diff --git a/macssh/source/network/network.c b/macssh/source/network/network.c index d6a795d..33813fe 100755 --- a/macssh/source/network/network.c +++ b/macssh/source/network/network.c @@ -478,15 +478,8 @@ short netread(short pnum, void *buffer, short n) } /* Decrypt data */ - if (p->aedata && ((tnParams *)p->aedata)->decrypting) { - unsigned char *cp = (unsigned char *)buffer; - short len = reqdamt; - - while (len-- > 0) { - *cp = decrypt((tnParams *)p->aedata, (long)(*cp)); - cp++; - } - } + if (p->aedata && ((tnParams *)p->aedata)->decrypting) + decrypt((tnParams *)p->aedata, buffer, (long)reqdamt); MyPBreturn(pbp); return(reqdamt); diff --git a/macssh/source/parse/authencrypt.c b/macssh/source/parse/authencrypt.c index 8a40db7..2d3c635 100755 --- a/macssh/source/parse/authencrypt.c +++ b/macssh/source/parse/authencrypt.c @@ -33,7 +33,14 @@ enum { | STACK_ROUTINE_PARAMETER(1, SIZE_CODE(sizeof(long))) | STACK_ROUTINE_PARAMETER(2, SIZE_CODE(sizeof(Ptr))) }; -#endif + +#define PluginProc(userRoutine, code, pointer) \ + CallUniversalProc((UniversalProcPtr)(userRoutine), uppModule, code, pointer) +#else /* powerc */ + +#define PluginProc(userRoutine, code, pointer) \ + (*(userRoutine))(code, pointer) +#endif /* powerc */ #ifdef __MWERKS__ #pragma profile off @@ -90,13 +97,9 @@ void auth_encrypt_end(tnParams **aedata) int i; OSErr s; tnParams *tn = *aedata; - -#ifdef powerc - s = CallUniversalProc((UniversalProcPtr)tn->entry, uppModule, - TNFUNC_END_SESSION, tn); -#else - s = (tn->entry)(TNFUNC_END_SESSION, tn); -#endif + + if (tn->entry) + s = PluginProc(tn->entry, TNFUNC_END_SESSION, tn); } static void scanFolder(short vRef, long dirID) @@ -161,15 +164,10 @@ void loadCode (HParamBlockRec *pb, long dirid, Str255 name, OSType type, codemod * It should preset the type/pairs list and return the number of * pairs entered. */ -#ifdef powerc - code->npairs = CallUniversalProc((UniversalProcPtr)code->entry, uppModule, - TNFUNC_INIT_CODE, &code->pairs); - code->encryptok = CallUniversalProc((UniversalProcPtr)code->entry, uppModule, - TNFUNC_QUERY_ENCRYPT, 0); -#else - code->npairs = (*code->entry)(TNFUNC_INIT_CODE, &code->pairs); - code->encryptok = (*code->entry)(TNFUNC_QUERY_ENCRYPT, 0); -#endif + + code->npairs = PluginProc(code->entry, TNFUNC_INIT_CODE, &code->pairs); + code->encryptok = PluginProc(code->entry, TNFUNC_QUERY_ENCRYPT, 0); + qlink((void **)header, code); } else ReleaseResource(h); @@ -187,7 +185,7 @@ void loadCode (HParamBlockRec *pb, long dirid, Str255 name, OSType type, codemod */ void auth_suboption (tnParams **aedata, unsigned char *subbuffer, long sublength, unsigned char *sendbuffer, unsigned long *sendlength, char *cname, Boolean hisencrypt, - Boolean myencrypt, unsigned short port) + Boolean myencrypt, unsigned short port, Boolean forward, char *username) { int i; OSErr s; @@ -252,34 +250,23 @@ void auth_suboption (tnParams **aedata, unsigned char *subbuffer, long sublength * If no auth data, initialize it now. */ if (!(tn->authdata)) { - netgetip(tn->ipaddr); - tn->port = netgetport(port); switch (code->authType) { case 'TNae': -#ifdef powerc - s = CallUniversalProc((UniversalProcPtr)code->entry, uppModule, - TNFUNC_INIT_SESSION_AUTH, &tn->authdata); - if ((s == 0) && !tn->encryptdata) - s = CallUniversalProc((UniversalProcPtr)code->entry, uppModule, - TNFUNC_INIT_SESSION_ENCRYPT, &tn->encryptdata); -#else - s = (*code->entry)(TNFUNC_INIT_SESSION_AUTH, &tn->authdata); - if ((s == 0) && !tn->encryptdata) - s = (*code->entry)(TNFUNC_INIT_SESSION_ENCRYPT, &tn->encryptdata); -#endif - break; + s = PluginProc(code->entry, TNFUNC_INIT_SESSION_AUTH, &tn->authdata); + if ((s == 0) && !tn->encryptdata) { + s = PluginProc(code->entry, TNFUNC_INIT_SESSION_ENCRYPT, &tn->encryptdata); + tn->encrType = code->authType; + } + break; default: -#ifdef powerc - s = CallUniversalProc((UniversalProcPtr)code->entry, uppModule, - TNFUNC_INIT_SESSION_AUTH, tn); - if ((s == 0) && !tn->encryptdata) - s = CallUniversalProc((UniversalProcPtr)code->entry, uppModule, - TNFUNC_INIT_SESSION_ENCRYPT, tn); -#else - s = (*code->entry)(TNFUNC_INIT_SESSION_AUTH, tn); - if ((s == 0) && !tn->encryptdata) - s = (*code->entry)(TNFUNC_INIT_SESSION_ENCRYPT, tn); -#endif + netgetip(tn->ipaddr); + tn->port = netgetport(port); + tn->username = username; + s = PluginProc(code->entry, TNFUNC_INIT_SESSION_AUTH, tn); + if ((s == 0) && !tn->encryptdata) { + s = PluginProc(code->entry, TNFUNC_INIT_SESSION_ENCRYPT, tn); + tn->encrType = code->authType; + } } if (s) { /* if no memory, etc */ @@ -300,12 +287,7 @@ void auth_suboption (tnParams **aedata, unsigned char *subbuffer, long sublength tn->cname = cname; tn->hisencrypt = hisencrypt; tn->myencrypt = myencrypt; -#ifdef powerc - s = CallUniversalProc((UniversalProcPtr)tn->entry, uppModule, - TNFUNC_AUTH_SEND, tn); -#else - s = (*tn->entry)(TNFUNC_AUTH_SEND, tn); -#endif + s = PluginProc(tn->entry, TNFUNC_AUTH_SEND, tn); if (s) { /* ddd null probably wrong here ??? */ BlockMoveData((Ptr)nullbuf, (Ptr)sendbuffer, sizeof(nullbuf)); @@ -326,14 +308,10 @@ void auth_suboption (tnParams **aedata, unsigned char *subbuffer, long sublength tn->sendbuffer = sendbuffer; tn->sendlength = sendlength; tn->cname = cname; + tn->forward = forward ? 1 : -1; tn->hisencrypt = hisencrypt; tn->myencrypt = myencrypt; -#ifdef powerc - s = CallUniversalProc((UniversalProcPtr)tn->entry, uppModule, - TNFUNC_AUTH_REPLY, tn); -#else - s = (*tn->entry)(TNFUNC_AUTH_REPLY, tn); -#endif + s = PluginProc(tn->entry, TNFUNC_AUTH_REPLY, tn); switch (s) { case TNREP_OK: return; @@ -379,34 +357,25 @@ short encrypt_suboption (tnParams **aedata, unsigned char *subbuffer, long suble break; } if (!code) { - DisposePtr(*aedata); - *aedata = NULL; + //DisposePtr(*aedata); + //*aedata = NULL; return 0; } switch (code->authType) { case 'TNae': -#ifdef powerc - s = CallUniversalProc((UniversalProcPtr)code->entry, uppModule, - TNFUNC_INIT_SESSION_ENCRYPT, &tn->encryptdata); -#else - s = (*code->entry)(TNFUNC_INIT_SESSION_ENCRYPT, &tn->encryptdata); -#endif - break; + s = PluginProc(code->entry, TNFUNC_INIT_SESSION_ENCRYPT, &tn->encryptdata); + break; default: -#ifdef powerc - s = CallUniversalProc((UniversalProcPtr)code->entry, uppModule, - TNFUNC_INIT_SESSION_ENCRYPT, tn); -#else - s = (*code->entry)(TNFUNC_INIT_SESSION_ENCRYPT, tn); -#endif + s = PluginProc(code->entry, TNFUNC_INIT_SESSION_ENCRYPT, tn); } if (s) return TNREP_ERROR; tn->entry = code->entry; + tn->encrType = code->authType; } tn->subbuffer = subbuffer; @@ -416,26 +385,30 @@ short encrypt_suboption (tnParams **aedata, unsigned char *subbuffer, long suble tn->cname = cname; tn->hisencrypt = hisencrypt; tn->myencrypt = myencrypt; -#ifdef powerc - s = CallUniversalProc((UniversalProcPtr)tn->entry, uppModule, - TNFUNC_ENCRYPT_SB, tn); -#else - s = (*tn->entry)(TNFUNC_ENCRYPT_SB, tn); -#endif + s = PluginProc(tn->entry, TNFUNC_ENCRYPT_SB, tn); return s; } -unsigned char decrypt (tnParams *tn, long value) +void decrypt (tnParams *tn, unsigned char *buf, long len) { - tn->data = value; -#ifdef powerc - CallUniversalProc((UniversalProcPtr)tn->entry, uppModule, - TNFUNC_DECRYPT, tn); -#else - (*tn->entry)(TNFUNC_DECRYPT, tn); -#endif - return (unsigned char)tn->data; + short s; + + tn->data = len; + tn->ebuf = buf; + if (tn->encrType == 'TNae') + s = TNREP_ERROR; + else + s = PluginProc(tn->entry, TNFUNC_DECRYPT2, tn); + if (s == TNREP_ERROR) // plugin must not support TNFUNC_DECRYPT2 + { + while (len-- > 0) { + tn->data = (long)*buf; + PluginProc(tn->entry, TNFUNC_DECRYPT, tn); + *buf = (unsigned char)tn->data; + buf++; + } + } } @@ -443,12 +416,7 @@ void encrypt (tnParams *tn, unsigned char *buf, long len) { tn->data = len; tn->ebuf = buf; -#ifdef powerc - CallUniversalProc((UniversalProcPtr)tn->entry, uppModule, - TNFUNC_ENCRYPT, tn); -#else - (*tn->entry)(TNFUNC_ENCRYPT, tn); -#endif + PluginProc(tn->entry, TNFUNC_ENCRYPT, tn); } @@ -528,18 +496,30 @@ short hicall (long cscode, krbHiParmBlock *khipb, short kdriver) void DestroyTickets(void) { + struct codemodule *code = NULL; OSErr err; //short authRefNumkrb; krbHiParmBlock khpb, *khipb = &khpb; short kdriver; - if (!(err = OpenDriver("\p.Kerberos", &kdriver))) + for (code = authmodules; code; code = code->next) { - WriteZero((Ptr)khipb, sizeof(krbHiParmBlock)); - if (err = hicall(cKrbDeleteAllSessions, khipb, kdriver)) - return; + switch(code->authType) + { + case 'TNae': + + if (!(err = OpenDriver("\p.Kerberos", &kdriver))) + { + WriteZero((Ptr)khipb, sizeof(krbHiParmBlock)); + if (err = hicall(cKrbDeleteAllSessions, khipb, kdriver)) + return; + } + //else if (!(err=openAuthMan(&authRefNum,&authAPIversion))) + // if (err=expireV4Ticket(authRefNum,NULL,NULL,NULL)) + // return; + break; + default: + PluginProc(code->entry, TNFUNC_DESTROY_CREDS, 0); + } } - //else if (!(err=openAuthMan(&authRefNum,&authAPIversion))) - // if (err=expireV4Ticket(authRefNum,NULL,NULL,NULL)) - // return; } diff --git a/macssh/source/parse/authencrypt.proto.h b/macssh/source/parse/authencrypt.proto.h index 236c2e2..c1c1ed4 100755 --- a/macssh/source/parse/authencrypt.proto.h +++ b/macssh/source/parse/authencrypt.proto.h @@ -2,10 +2,10 @@ * :main:authencrypt.c */ Boolean auth_encrypt_init(void); -void auth_suboption(tnParams **aedata, unsigned char *subbuffer, long sublength, unsigned char *sendbuffer, unsigned long *sendlength, char *cname, Boolean hisencrypt, Boolean myencrypt, unsigned short port); +void auth_suboption(tnParams **aedata, unsigned char *subbuffer, long sublength, unsigned char *sendbuffer, unsigned long *sendlength, char *cname, Boolean hisencrypt, Boolean myencrypt, unsigned short port, Boolean forward, char *username); void auth_encrypt_end(tnParams **aedata); short encrypt_suboption(tnParams **aedata, unsigned char *subbuffer, long sublength, unsigned char *sendbuffer, unsigned long *sendlength, char *cname, Boolean hisencrypt, Boolean myencrypt); -unsigned char decrypt(tnParams *tn, long value); +void decrypt(tnParams *tn, unsigned char *buf, long value); void encrypt(tnParams *tn, unsigned char *buf, long len); void qlink(void **flist, void *fentry); void *qunlink(void **flist, void *fentry); diff --git a/macssh/source/parse/parse.c b/macssh/source/parse/parse.c index b712502..fded693 100755 --- a/macssh/source/parse/parse.c +++ b/macssh/source/parse/parse.c @@ -63,6 +63,10 @@ static void telnet_do(struct WindRec *tw, short option); static void telnet_dont(struct WindRec *tw, short option); static void telnet_will(struct WindRec *tw, short option); static void telnet_wont(struct WindRec *tw, short option); +static void env_opt_start(void); +static void env_opt_add(char *, char *); +static void env_opt_end(void); +static int opt_welldefined(char *); void Parseunload(void) {} @@ -575,9 +579,81 @@ void SendNAWSinfo(WindRec *s, short horiz, short vert) } /* - * Implementation specific Kerberos routines + * telnet environment passing routines */ +#define OPT_REPLY_SIZE 256 +unsigned char opt_reply[OPT_REPLY_SIZE]; +unsigned char *opt_replyp; + +void +env_opt_start(void) +{ + opt_replyp = opt_reply; + + *opt_replyp++ = IAC; + *opt_replyp++ = SB; + *opt_replyp++ = N_NEW_ENVIRON; + *opt_replyp++ = TNQ_IS; +} + +void +env_opt_add(char *ep, char *vp) +{ + unsigned char c; + + if (opt_welldefined(ep)) + *opt_replyp++ = NEW_ENV_VAR; + else + *opt_replyp++ = ENV_USERVAR; + + for (;;) { + while (c = *ep++) { + switch(c&0xff) { + case IAC: + *opt_replyp++ = IAC; + break; + case NEW_ENV_VAR: + case NEW_ENV_VALUE: + case ENV_ESC: + case ENV_USERVAR: + *opt_replyp++ = ENV_ESC; + break; + } + *opt_replyp++ = c; + } + + if (ep = vp) { + *opt_replyp++ = NEW_ENV_VALUE; + vp = NULL; + } else + break; + } +} + +int +opt_welldefined(char *ep) +{ + if ((strcmp(ep, "USER") == 0) || + (strcmp(ep, "DISPLAY") == 0) || + (strcmp(ep, "PRINTER") == 0) || + (strcmp(ep, "SYSTEMTYPE") == 0) || + (strcmp(ep, "JOB") == 0) || + (strcmp(ep, "ACCT") == 0)) + return(1); + return(0); +} + +void +env_opt_end() +{ + *opt_replyp++ = IAC; + *opt_replyp++ = SE; +} + +/* + * Implementation specific Kerberos routines + */ /* * getcname @@ -739,11 +815,7 @@ static void process_suboption(struct WindRec *tw, unsigned char *start, unsigned * If we turned on encryption, we must decrypt the rest of the buffer. */ if (s == TNREP_START_DECRYPT) { - unsigned char *cp = start; - while (cp < end) { - *cp = decrypt((tnParams *)tw->aedata, (long)(*cp)); - cp++; - } + decrypt((tnParams *)tw->aedata, start, (long)(end-start)); } if (sizeof(sendbuffer) - sendlength) @@ -771,7 +843,7 @@ static void process_suboption(struct WindRec *tw, unsigned char *start, unsigned sendbuffer, &sendlength, getcname(tw), tw->hisopts[OPT_ENCRYPT-MHOPTS_BASE], tw->myopts[OPT_ENCRYPT-MHOPTS_BASE], - tw->port); + tw->port, tw->forward, tw->username); if (sizeof(sendbuffer) - sendlength) { netwrite(tw->port, sendbuffer, sizeof(sendbuffer)-sendlength); } @@ -827,6 +899,41 @@ static void process_suboption(struct WindRec *tw, unsigned char *start, unsigned default: break; } + break; + /*------------------------------------------------------------------------------* + * SUBNegotiate Environment: pass username as USER + * + *------------------------------------------------------------------------------*/ + case N_NEW_ENVIRON: + switch (tw->parsedat[1]) + { + case TNQ_SEND: +#ifdef OPTS_DEBUG + sprintf(munger, "RECV: SB NEW_ENVIRON SEND"); + opts_debug_print(munger); +#endif + env_opt_start(); + + p2cstr((unsigned char *)tw->username); + env_opt_add("USER", tw->username); + c2pstr(tw->username); + + env_opt_end(); + + netwrite(tw->port, opt_reply, opt_replyp - opt_reply); + netpush(tw->port); +#ifdef OPTS_DEBUG + sprintf(munger, "SENT: SB NEW_ENVIRON IS USER "); + opts_debug_print(munger); +#endif + break; + default: +#ifdef OPTS_DEBUG + sprintf(munger, "RECV: SB NEW_ENVIRON unsupported suboption"); + opts_debug_print(munger); +#endif + } + break; default: //dont know this subnegotiation!! break; @@ -897,6 +1004,13 @@ static void telnet_do(struct WindRec *tw, short option) } break; + case N_NEW_ENVIRON: + if (tw->username[0]) + send_will(tw->port, N_NEW_ENVIRON); + else + send_wont(tw->port, option); + break; + case N_REMOTEFLOW: if (!tw->remote_flow) { diff --git a/macssh/source/parse/parse.h b/macssh/source/parse/parse.h index d078a66..f14c015 100755 --- a/macssh/source/parse/parse.h +++ b/macssh/source/parse/parse.h @@ -60,7 +60,13 @@ #define N_XDISPLOC 35 #define N_AUTHENTICATION 37 /* Authentication */ #define N_ENCRYPT 38 /* Encryption */ +#define N_NEW_ENVIRON 39 +/* values for NEW ENVIRON */ +#define NEW_ENV_VAR 0 +#define NEW_ENV_VALUE 1 +#define ENV_ESC 2 +#define ENV_USERVAR 3 /* Values for LINEMODE MODE */ #define L_EDIT 1 diff --git a/macssh/source/parse/tnae.h b/macssh/source/parse/tnae.h index 952db59..b316adf 100755 --- a/macssh/source/parse/tnae.h +++ b/macssh/source/parse/tnae.h @@ -102,7 +102,9 @@ enum { TNFUNC_ENCRYPT_SB, /* process encryption sub-options */ TNFUNC_DECRYPT, /* decrypt data */ TNFUNC_ENCRYPT, /* encrypt data */ - TNFUNC_END_SESSION /* cleanup session data */ + TNFUNC_END_SESSION, /* cleanup session data */ + TNFUNC_DESTROY_CREDS, /* destroy credentials */ + TNFUNC_DECRYPT2 /* more efficient decrypt data */ }; @@ -141,11 +143,16 @@ typedef struct tnParams_ { Boolean encrypting; /* we are encrypting */ Boolean startencrypting; /* time to start encrypting */ Boolean decrypting; /* we are decrypting */ + char forward; /* forward credentials, -1 = don't forward */ long data; /* for encrypt/decrypt */ unsigned char *ebuf; /* encrypt buf */ unsigned char ipaddr[4]; /* for authentication forwarding in kerberos5 */ unsigned short port; /* for authentication forwarding in kerberos5 */ + + char *username; /* alternate username */ + unsigned char padding[8]; /* for the future... */ + OSType encrType; /* internal only: type from code struct */ } tnParams; #if PRAGMA_ALIGN_SUPPORTED diff --git a/macssh/source/telnet.rsrc b/macssh/source/telnet.rsrc index 077db3019457d721076722fb892fdacc991e3923..65a04b7f42d14ec559e9c10d1eed6ba673da77b0 100755 GIT binary patch delta 7444 zcma)>33yaRwt!DnFSnPFJrL3m$`BHW>>?uY*aBh6LQDck!jdLwl7=K5x;yMc2g0VK z2wvp6Km?x8;X_Ao5@|t(i85>o3nmKiD9DK}s@0RXy zI(2U4W_h*kwPm)oz2mEo0e}_wQaj!S00ZFDKLI}N6KsB`u8S0JR-7`aRo1?$$@Z~< zx3sAL9iC(wjN0kyme_~tmPDTTqq@GKkGiQLzV1LnNmyOpiASt;)6WZ5cjUs4wmQex z!y?t%M2q_E+3t1U-W_VFoAL7rv)bma&1yj_bOnDlvAWq>VJ0`L&qSBki6iTnR=AP1 zMf%o&z5A&HyA-R}lMiT}4l+gi?tNxdd-h3E#gWF~)J4qDBY1fmvvCc7M+FzW#=4nI zBX&Z&Ip|`qVD+19kXg%mmGw}=&RT+7ce9_D1dk2nFIa=qGx_%>b(ncw4^ECGg9!$} zz}2P-XSr*jF3W(&z{%p)T1OST{UXmb-_O-w%!aWo zgZQ5fYNyafCe+pEb_RFOVeOe(a5pI;t$r4OrueppeBZk_}(_eSQrPZ;R1UL z7?W8gucZK8ZE8$pci!8kb$XL^<=EUAG0eP^dZ>lrZ6~&NE`tol*zR9@V(0Au|L3zE z|9mzJroh*1s~oiTs+Z5Sx@{~aK_3SG)%O0@{t4&wgQr z_a+y%MMg&3Gl+MMr=GDm-eA_7ZMmo8$S0lJp*-bRoeWsU%xum*j~r70w%OGF=M$y# z2fZwXWAoX&iE>T>Ba4&G#TUk4Q+@ZViL_E|4CpKRJTt=UY?x6=^;A^2iu|DMH?rvr zw9Y2h*;E4Iut-Zs3@k)k1A9#|=`QaKm)GMHqbiEL3o8AhYs9E-df1J)4$*96>ki+H zJ?debDLU6xRONMv+)`IrnV8!bJLKveo<@x=u-nu&&EuWt^cIV`4~sl^(QKFB*EJ%o z)u?XThJG>@i;aG`z58=Ezb@j)BBqUhm35DA2fsie3x!)$%48B)0hB{{H@^*2wF$ZW zdRy3~a9Bmg(m=pOy&asK$DcN^ox!gs@tf?SG}sFhSVYLLb5zy@=x9mGEGjPsyLC-w zk=FxYi_c2S$^*MCC3|dYUI5ItJ=r;_dBE(U+1^nz0qjY+Xc_N)bMtZp%7@^+Gep}b z=DKn#fQ97b`bzr(gv`pz%+3IF$lSb~+zgbzpXbWyi}%Zu#-hV4n&4?klKq-h}JjTuXexybaiMZ6z}>cGRvpd7l9MP$C7% z4jGOg@XdhSff&6+?kM@jP{~kjStCAz%}QJvrPsK)~CRrG9dRIZLp)wEoGFNyQnd9D8oEXg;;g3yPkWKrVZChRqyI$Q!TNW>N0W|Y3g!f#cty&g+KOvG zhN1{dZK23m;qaoI7~?12U~7kRniy!dBxH&%Y_<&v2tHO%mhHCj$SKrehbTEG-R-Fki;#Qc|#3+Z%~|EKPv5hnFx( z<+28VCD`5*d|VuL?qzF4rZr|aY@Z{~BKb`_W^zU;@hw{u%Ab|Yt8KT9eB2(%mvP-~Hld60&A(1$p}JWa59Lx>}l zQG(UR5C@{nM!~YPs1a?Sf`(|nCdb*`$Y)6Iuvg*iIdKR3a^$X(VVt=_u=)C)PUojE zq>o5(yE*2EjI5R-F?_A^Ht>#EA_0bPR(1e)bdn5u`8_K04^O(X$ejI%7!wEiGI0%Y zGcgtxl;4r89ON&cg#waSn`3}wFC<=S#O?OsUgBkVgn|zLNn8WCL>(zwupIFC8vh!} zSF{AsXeX+Au+sPV6EjwTa(Yp4&YZY3G#PHN zIE?|`lV-q;Y={x+pOGC5->?n<4;~N5CgryeNjWnh z^B#*ObDdw6tmsb6C)S`Bo2>lna%{&j-d`w7`hnQ=C)zI2^c|zF;?4(D^$5;cFa9}$wQNw2G z0PNiFi9;;ifPM9Yd{=nX$fzyXuh5Qln1bs{{`5(5R%t$Owj8;5-(R~ z0~h;=SMbjOo}k(QEBTiIPu7xrmC_5?#&wbz@O&dIrs%Q&<8C7?iIWeML;MK9k>kXN zl}bGBQn|$rO9fQNOF3hF9rAxjhQl(UZvS0ka$HMGINVqz8Dy@o*|dXzO8E6U63Y_K zUU`#vrR@8`@&Gktx#i=(l5Dsl9~`?TS+5OODKQn=ip>;iy*4y^Nr$%L`Xxi!emquNUd|H&=M3^$%wp;5)s>PRlO-G06BoeacplkAEDuX?Js=t1&IbYNC})$U zT{ya0%9A4{-+qudO7az2<>YA6*-LT^Fpgy;4$x`+>IiDkY5nGNl3{~Xs>j`l*FI#X zg-N7IK>ZxzSkj@&tp~e)s+1d=NM0hjbzl3RVN?brXV*}Knnbqe??leq3*wtCG zKC@#9#5A)j!-(~njU%R+9g8K_XEuOXpA4oUUe#!mO?Zl!P6)>zC$4D;;9yu?rNGELM98i9p8%;X&Hg{6}A*1jmEuWqWC#H}NxJbz zV!8d8leU)r72qnpB=xTVH&02O)lLf4ylF4EW6#~|Nsx|m{nf6i@ zPoiJJL34SXLHlU|PY$sUudFO{7dicIPldK*A$Mp87V-ny@kM;Mwq-GYMJxXu@2Q>m z9gmT}25S#3;VZRUOZWn9Wq|k9diZ&4IQ@eKzdp}&mx#Otl`bu`inr6Us?b=WpC@KU zrItD?N?c-+yQ0`L55Eul%Uoe2vvR~Juh-)h!^>P=e?;roYji{8`knqNU)Xqmsmm+U zJQaSC>t5&zOZ8Nh6<26Ss(7bf;i+XFpG(~9q~yB%_(|Vu%XGRcM7Gy8(`Uo4m{J4X z(*CxD#|C73f)8!#!jKG43F&&uEB$RoyDD5>r{5*gT?>4n)N&W;9{TQknB($!%I2aS z^4}uOx+`XSLMaZpr5>-psLJnaH?m5PEPgk4`Fw7VQlU>(%dFxcpZF`2GncU8HVgx{z0L~5z4X!Z=x Sd@UH@@tP-qIrd?I_xcB(+cPKt delta 7260 zcmZ{p33OCN)_`x-d)=>>tR!JcSZYY11=&Po`&kka!j_G6>#zlAk_I9nopg6(_az}f zK+h;fc#1j#3Mi`>nINN}AdoZv{73)+L1#o@R1`tSAd8y+)_v_kIWzB^bbWQ})_u2b z-Ma5}XIr(Srqc0rpN{%w0I&nsFJUVH7yzGo33vha#lgBNyVzZN(qioD$DbbQMHK)S zSYRLwuCfZ68@w910P=Jp5S)OXi2oyi&1Ec>??#4;0hVlt()A$9%&(nA@Hd!Nhhc@P%o$zPa4~J^C z^nlMB@&~}E9KqWgk7V+bs94&c>qgoTUK(p^J0KpqL%;PLxbeY5yqi;sc}oj^b}~X^ zxM&ZM0AryR&a*whm<*k~s^mw4kvEpN)}=-XWHH9x{&g4!x01$x7}#YFJPK3b3${_( z3}0{kw;6}zKqr_E3*iH{@2(dt%8}!nXNYm!R_E5buujJEaa<_U^`8*PbvgAHHvO(+ z(Ho>F!T3`aZ{1e9o(0v+%F6GWO)3DxF_x!xk&1ZVNstNu$Nqj-L2Hut6&c0e68|jY z%`v=(gH(s$=Qzx!2kYO^j_)wGjpNCDWMtf4iB;$ zJxB2!#`P@TnFG{6dMue4%d+`M?pRpA>cgKM#<6Vfsb6|7qm}XR(Y$NyOLUXFI|fE- zHczQP_|1H!PD$)nKlu7_tI=}|ACWr;HLau_iJxuZ9PD9(*&49?8fzEEhAvyU#fGH- z?LIumRM^f^RW03LTIwqdaU(T{Ph;FzpTm6uWXACs%xYZi#Z!nHklweb*0nI%C?C(iZOsO09F|fLGC{y2X5T3H@Pvj{ z`Fy^@)-@=P@Mac1tWbr4N}7Uk-e}xEfsbcXjF+EaZH&DW_%p`N33!`fQ+P^4=|t{U z+IoE^ViX$Uy)C2%aR7O_rDClNM%*@Tn099+1nLjcU+nh{K z9$MB`jY-c*22EQ#COtO?`!}*jq~!zHcy9juO>dHLxcU{0PF7&#NbndnB#*miY$@&(HKVw(){&arNvyA)VN zraL&hFF?dpPj+4wSR)?w%WW&P@hOOaR+{*zUu2AXs8~abYkStg&OUMg7=6V~hH+-xo`J39T~c%GMs2Q&tiR z0mK~%d80;TK~&rcXtX_`vWXt!f)|VRrAE2U>cf_RfY;@=15`sR{FHwHOSRnqcTN)5 zIQ+o&P9$CivKsazUT#eXIDJgA@}=c1;nE*z4Pfdo!B=`+DLZ9J2-c%Oc`t>wE#{hDqj?tgQ<6FC{Bq z*}Z~odV=_h{YSyJ(l#h9))!OYGSx7xiA_&|s6J9BdINI_aCDZOuvoVr5bU)k*-4t{ zXcl|`?l1Br)?0vc1o332Q}Dr?iKjUKEqFc^y`%y*SU?0tt5d2aOTZQiyDP?WN5G+6 zsqc!l-4ty3LE=`9u7d4MBaX8z6|CSa#vhg9ty2Y@9ZLg=wnKuIl@TXdFRE}ek+{8f zL@@rH6MOUhCOP z9Vc|8&Q`V#c>wV)wh1|p_${^%nf46xU=8kN1<4PwqbRSI%oKJ;z<#+FU{ThOQ2qjO zto<#FuDPvkwHql+T}|?K>=NqiN7jLLwtsE!J(A2YaMkYvR*VAcjss^ah?H zK#y_BfrQ2O|3xP#S&}9?0rz{clqXH%JuqCU#FL$!1s^t@cuE8pykI}a-ZGx?!1-M!{2HBd3jGffSMxWJIq_0{1o?kt z{sGh|4i(IE56dj00JfM#37qGFXa7M?V2qywSlx=4^IIybr!8ZO^C0l7Ajwq=z63q< zo@5Tr&s3f>mzXIXRapHMF;`M>YbbBH;ykA6JnL^Xpejs-1Ir{UU-Ewf^sghn!vBT5 zmG~RE1p{acl&i#Jq+B~L`C|&N)+G5xf0Ca-<{4h%lTv;rnfMgx_mQk?A7O{7hiTxf zWJ@OTIjQs`tzJ8C9}Vo4+foip>R7iBD#$#mlVonP>5%C}gp_Nh6I53;a^f^aLNlGv zDbd1C9H0rO<&AIeC6*4s9m;l%9J+Cmt`{u=fO3H-UJi1HUa^`dad6yY8F`>`(!99L@l+s~T~HQwMh2FL_+5^GRUG{z{zY zTnp@DI@5V}XFBlYp;DgbaOMEF#Suq1Cjn1*Ub1vfz;McT268c;$E8^LQb`jqbtdJX za>ce=u$h!}$}b8QlT@h#Du!AxEkUx)oE$G1Cyxdw8%cb{hTl5<(XxYwWGGFf=wDkeB2h&u``xBO|~{F`=d^L!uc=3bKfRDrQ`}I??!yq<`B&C zvE=CW%4q?QZ;~8Wt6V_dCOK)M?XqAspA%0~HVIg=n|QM0CBfeRo_LCLo8Y6nBI}S; zpzO!V6qclSoEw0T3`wO)f3;#HKBN^-dPkWdAV81QN$)Ci1O(@k&QWJyEXhw2H!5WU z7R@3)p)3*br&!{X$_kWkC;muTBVaLYrFPVUWm-R)A_ufaM;)+z-6iAq(<1=Q;WDYV z6|nq$5?86!z&6mafu-sSfS)>(yv9)jyx(x*Whxe>XZsQ_S6>5IQ$oDLfyuaoBEdlI zpu+M?QqFXy_E4erOWDzms<@I<-w-!CR^l5jMFJ;e2v|jO##E1hC#beVqdW!HCaLdA zY-x#MY?ow^xxyBaO`sBfXA6mC31@qI5-*p@czR=z>?mK!&d2|dOh*xJo+YN^cN@cm zayovuXA;x#+Y}`^oM;#^yy!V{2yNk284-)WVl9aXp7$6(&&BVkj2$&Pl=5DQo9XN^ z#quJ)SyD2wSn1j3rwkvC^K%YkO)2lJU#5^IESApQTqtcOO_Z!WOFS7S;7i9GV);e{ zcj(;XBX}j+rNneeyKrW+)N!>!W>$)vD^ALr*ONS+bg;aeQN*J69I-B6$>B#@y^CJS z`MYue)=K$-Ma27&*_J($X%TRM5|FheopLERqkF(je1+sxZ^8>ZCgtYB4m?CWnRJHh z)S;Cfpt9O2RSvx0PRh-dolPZ{D}&}!#OBIqD_yj*v;9eq`GJf1J25Rrp^|KFUr~va zo7;DeqKkQ>(?nvj`NcoYM>81>?xg`T`Wfa7UX<0z6h_mzkeYm zj+r;)(0mWcr5!eXDltXt^PeQ^<|^;6q5<;mesg7Hw1=JKWb|9J=9AHd?MY6~eTzj3 zFEV;Dm6%rC!`wcy*@Nnbxvf3T?I4@ibhF5qMyJzcGJ5SPV$S`q|?N9nvpY4(+1LM)MZ#Si|mB!!y#fiT6exB?ksh-(q#67B!gm75OIH;S1Vi*GQC=zsV0`McW_H3Hs7W=F_rThKTCE++Xn$#Z|2Qb z%Vn%F$tc$GRZv|3@MNS^Vw#F=&AY^Qx@J8o#aS!@j8}={E$sz7 z{~B?E;+;>p2(?~JHr=< z4gYRj>@OAWkT+BjG|DP?J3TtxUr|z28WQ30s8POBAO6l|8VYJ|UkHCw4><5QK&djb zcviH;hl9RAxSxi`_(GmH7eg1^p`w_)5t}ev{GEk zXZnqGOYmPIy>;F>=H3+;Lo0Y!Ta4+V%Wyr;JGr$WdQ=qlsPI2})aI^7ZeK7cmrMa^ zbFWWfUmI3d@OmXOBHN2USO!J5zsOr+3|YWk!y>Z$vx-YaUcf)MEcCmMb7qM*IJ=j3 zhQA{8J5DPzqk(rd^h(}wl=C-|sN8uNT@k=gR0Ilrk>*Z>-MA<8_jHX_3;5v-yO6(~_{rAb7YSSB>#Hk2gQIFXFvKbZ%%ix|iw4 zd~g>p^xfMxt}WsT@?(fAhW_7XW`yu8DDy>;z&+a^2o+X@f>tw_#{G-=@}Z7wFGbNe zGx!^9?ePWX7MFTU!iiK7@P;sI(f5dr-HZ8x)~$ct$?z@Rp+IrzETh{J{-DuV$vYT7 IRr22d4|+-FX#fBK