Remove the scary bits from telnetd - no more encryption left here.

Only crypt.c in libc remains.
Reviewed by:	Geoff Rehmet
This commit is contained in:
Geoff Rehmet 1994-08-12 23:00:04 +00:00
parent daf079cb54
commit 46592ab983
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=2054
6 changed files with 3 additions and 274 deletions

View File

@ -5,33 +5,13 @@ CFLAGS+=-DLINEMODE -DKLUDGELINEMODE -DUSE_TERMIO -DDIAGNOSTICS
CFLAGS+=-DOLD_ENVIRON -DENV_HACK
CFLAGS+=-I${.CURDIR}/../../lib
#CFLAGS+=-DAUTHENTICATION -DENCRYPTION
SRCS= authenc.c global.c slc.c state.c sys_term.c telnetd.c \
SRCS= global.c slc.c state.c sys_term.c telnetd.c \
termstat.c utility.c
#SRCS+= authenc.c
DPADD= ${LIBUTIL} ${LIBTERM}
LDADD= -lutil -ltermcap -ltelnet
#LDADD+= -lkrb -ldes
MAN8= telnetd.8
# These are the sources that have encryption stuff in them.
CRYPT_SRC= authenc.c ext.h state.c telnetd.c termstat.c
CRYPT_SRC+= utility.c Makefile
NOCRYPT_DIR=${.CURDIR}/Nocrypt
.include <bsd.prog.mk>
nocrypt:
#ifdef ENCRYPTION
@for i in ${CRYPT_SRC}; do \
if [ ! -d ${NOCRYPT_DIR} ]; then \
echo Creating subdirectory ${NOCRYPT_DIR}; \
mkdir ${NOCRYPT_DIR}; \
fi; \
echo ${NOCRYPT_DIR}/$$i; \
unifdef -UENCRYPTION ${.CURDIR}/$$i | \
sed "s/ || defined(ENCRYPTION)//" > ${NOCRYPT_DIR}/$$i; \
done
placeholder:
#else /* ENCRYPTION */
@echo "Encryption code already removed."
#endif /* ENCRYPTION */

View File

@ -191,11 +191,6 @@ extern void
wontoption P((int)),
writenet P((unsigned char *, int));
#ifdef ENCRYPTION
extern void (*encrypt_output) P((unsigned char *, int));
extern int (*decrypt_input) P((int));
extern char *nclearto;
#endif /* ENCRYPTION */
/*

View File

@ -94,10 +94,6 @@ telrcv()
if ((&ptyobuf[BUFSIZ] - pfrontp) < 2)
break;
c = *netip++ & 0377, ncc--;
#ifdef ENCRYPTION
if (decrypt_input)
c = (*decrypt_input)(c);
#endif /* ENCRYPTION */
switch (state) {
case TS_CR:
@ -126,10 +122,6 @@ telrcv()
*/
if ((c == '\r') && his_state_is_wont(TELOPT_BINARY)) {
int nc = *netip;
#ifdef ENCRYPTION
if (decrypt_input)
nc = (*decrypt_input)(nc & 0xff);
#endif /* ENCRYPTION */
#ifdef LINEMODE
/*
* If we are operating in linemode,
@ -142,10 +134,6 @@ telrcv()
} else
#endif
{
#ifdef ENCRYPTION
if (decrypt_input)
(void)(*decrypt_input)(-1);
#endif /* ENCRYPTION */
state = TS_CR;
}
}
@ -464,9 +452,6 @@ extern void auth_request();
#ifdef LINEMODE
extern void doclientstat();
#endif
#ifdef ENCRYPTION
extern void encrypt_send_support();
#endif /* ENCRYPTION */
void
willoption(option)
@ -580,12 +565,6 @@ willoption(option)
break;
#endif
#ifdef ENCRYPTION
case TELOPT_ENCRYPT:
func = encrypt_send_support;
changeok++;
break;
#endif /* ENCRYPTION */
default:
break;
@ -645,11 +624,6 @@ willoption(option)
break;
#endif
#ifdef ENCRYPTION
case TELOPT_ENCRYPT:
func = encrypt_send_support;
break;
#endif /* ENCRYPTION */
case TELOPT_LFLOW:
func = flowstat;
break;
@ -940,11 +914,6 @@ dooption(option)
/* NOT REACHED */
break;
#ifdef ENCRYPTION
case TELOPT_ENCRYPT:
changeok++;
break;
#endif /* ENCRYPTION */
case TELOPT_LINEMODE:
case TELOPT_TTYPE:
case TELOPT_NAWS:
@ -1464,49 +1433,6 @@ suboption()
}
break;
#endif
#ifdef ENCRYPTION
case TELOPT_ENCRYPT:
if (SB_EOF())
break;
switch(SB_GET()) {
case ENCRYPT_SUPPORT:
encrypt_support(subpointer, SB_LEN());
break;
case ENCRYPT_IS:
encrypt_is(subpointer, SB_LEN());
break;
case ENCRYPT_REPLY:
encrypt_reply(subpointer, SB_LEN());
break;
case ENCRYPT_START:
encrypt_start(subpointer, SB_LEN());
break;
case ENCRYPT_END:
encrypt_end();
break;
case ENCRYPT_REQSTART:
encrypt_request_start(subpointer, SB_LEN());
break;
case ENCRYPT_REQEND:
/*
* We can always send an REQEND so that we cannot
* get stuck encrypting. We should only get this
* if we have been able to get in the correct mode
* anyhow.
*/
encrypt_request_end();
break;
case ENCRYPT_ENC_KEYID:
encrypt_enc_keyid(subpointer, SB_LEN());
break;
case ENCRYPT_DEC_KEYID:
encrypt_dec_keyid(subpointer, SB_LEN());
break;
default:
break;
}
break;
#endif /* ENCRYPTION */
default:
break;

View File

@ -143,9 +143,6 @@ char valid_opts[] = {
#ifdef DIAGNOSTICS
'D', ':',
#endif
#ifdef ENCRYPTION
'e', ':',
#endif
#if defined(CRAY) && defined(NEWINIT)
'I', ':',
#endif
@ -176,9 +173,6 @@ main(argc, argv)
pfrontp = pbackp = ptyobuf;
netip = netibuf;
nfrontp = nbackp = netobuf;
#ifdef ENCRYPTION
nclearto = 0;
#endif /* ENCRYPTION */
progname = *argv;
@ -258,17 +252,6 @@ main(argc, argv)
break;
#endif /* DIAGNOSTICS */
#ifdef ENCRYPTION
case 'e':
if (strcmp(optarg, "debug") == 0) {
extern int encrypt_debug_mode;
encrypt_debug_mode = 1;
break;
}
usage();
/* NOTREACHED */
break;
#endif /* ENCRYPTION */
case 'h':
hostinfo = 0;
@ -605,18 +588,12 @@ getterminaltype(name)
}
#endif
#ifdef ENCRYPTION
send_will(TELOPT_ENCRYPT, 1);
#endif /* ENCRYPTION */
send_do(TELOPT_TTYPE, 1);
send_do(TELOPT_TSPEED, 1);
send_do(TELOPT_XDISPLOC, 1);
send_do(TELOPT_NEW_ENVIRON, 1);
send_do(TELOPT_OLD_ENVIRON, 1);
while (
#ifdef ENCRYPTION
his_do_dont_is_changing(TELOPT_ENCRYPT) ||
#endif /* ENCRYPTION */
his_will_wont_is_changing(TELOPT_TTYPE) ||
his_will_wont_is_changing(TELOPT_TSPEED) ||
his_will_wont_is_changing(TELOPT_XDISPLOC) ||
@ -624,15 +601,6 @@ getterminaltype(name)
his_will_wont_is_changing(TELOPT_OLD_ENVIRON)) {
ttloop();
}
#ifdef ENCRYPTION
/*
* Wait for the negotiation of what type of encryption we can
* send with. If autoencrypt is not set, this will just return.
*/
if (his_state_is_will(TELOPT_ENCRYPT)) {
encrypt_wait();
}
#endif /* ENCRYPTION */
if (his_state_is_will(TELOPT_TSPEED)) {
static unsigned char sb[] =
{ IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
@ -854,7 +822,7 @@ doit(who)
(void) gethostname(host_name, sizeof (host_name));
hostname = host_name;
#if defined(AUTHENTICATION) || defined(ENCRYPTION)
#if defined(AUTHENTICATION)
auth_encrypt_init(hostname, host, "TELNETD", 1);
#endif

View File

@ -181,25 +181,6 @@ localstat()
tty_setlinemode(uselinemode);
}
#ifdef ENCRYPTION
/*
* If the terminal is not echoing, but editing is enabled,
* something like password input is going to happen, so
* if we the other side is not currently sending encrypted
* data, ask the other side to start encrypting.
*/
if (his_state_is_will(TELOPT_ENCRYPT)) {
static int enc_passwd = 0;
if (uselinemode && !tty_isecho() && tty_isediting()
&& (enc_passwd == 0) && !decrypt_input) {
encrypt_send_request_start();
enc_passwd = 1;
} else if (enc_passwd) {
encrypt_send_request_end();
enc_passwd = 0;
}
}
#endif /* ENCRYPTION */
/*
* Do echo mode handling as soon as we know what the

View File

@ -193,11 +193,7 @@ netclear()
#define wewant(p) ((nfrontp > p) && ((*p&0xff) == IAC) && \
((*(p+1)&0xff) != EC) && ((*(p+1)&0xff) != EL))
#ifdef ENCRYPTION
thisitem = nclearto > netobuf ? nclearto : netobuf;
#else /* ENCRYPTION */
thisitem = netobuf;
#endif /* ENCRYPTION */
while ((next = nextitem(thisitem)) <= nbackp) {
thisitem = next;
@ -205,11 +201,7 @@ netclear()
/* Now, thisitem is first before/at boundary. */
#ifdef ENCRYPTION
good = nclearto > netobuf ? nclearto : netobuf;
#else /* ENCRYPTION */
good = netobuf; /* where the good bytes go */
#endif /* ENCRYPTION */
while (nfrontp > thisitem) {
if (wewant(thisitem)) {
@ -250,15 +242,6 @@ netflush()
n += strlen(nfrontp); /* get count first */
nfrontp += strlen(nfrontp); /* then move pointer */
});
#ifdef ENCRYPTION
if (encrypt_output) {
char *s = nclearto ? nclearto : nbackp;
if (nfrontp - s > 0) {
(*encrypt_output)((unsigned char *)s, nfrontp-s);
nclearto = nfrontp;
}
}
#endif /* ENCRYPTION */
/*
* if no urgent data, or if the other side appears to be an
* old 4.2 client (and thus unable to survive TCP urgent data),
@ -289,18 +272,11 @@ netflush()
cleanup(0);
}
nbackp += n;
#ifdef ENCRYPTION
if (nbackp > nclearto)
nclearto = 0;
#endif /* ENCRYPTION */
if (nbackp >= neturg) {
neturg = 0;
}
if (nbackp == nfrontp) {
nbackp = nfrontp = netobuf;
#ifdef ENCRYPTION
nclearto = 0;
#endif /* ENCRYPTION */
}
return;
} /* end of netflush */
@ -346,16 +322,6 @@ fatal(f, msg)
char buf[BUFSIZ];
(void) sprintf(buf, "telnetd: %s.\r\n", msg);
#ifdef ENCRYPTION
if (encrypt_output) {
/*
* Better turn off encryption first....
* Hope it flushes...
*/
encrypt_send_end();
netflush();
}
#endif /* ENCRYPTION */
(void) write(f, buf, (int)strlen(buf));
sleep(1); /*XXX*/
exit(1);
@ -1044,93 +1010,6 @@ printsub(direction, pointer, length)
break;
#endif
#ifdef ENCRYPTION
case TELOPT_ENCRYPT:
sprintf(nfrontp, "ENCRYPT");
nfrontp += strlen(nfrontp);
if (length < 2) {
sprintf(nfrontp, " (empty suboption??\?)");
nfrontp += strlen(nfrontp);
break;
}
switch (pointer[1]) {
case ENCRYPT_START:
sprintf(nfrontp, " START");
nfrontp += strlen(nfrontp);
break;
case ENCRYPT_END:
sprintf(nfrontp, " END");
nfrontp += strlen(nfrontp);
break;
case ENCRYPT_REQSTART:
sprintf(nfrontp, " REQUEST-START");
nfrontp += strlen(nfrontp);
break;
case ENCRYPT_REQEND:
sprintf(nfrontp, " REQUEST-END");
nfrontp += strlen(nfrontp);
break;
case ENCRYPT_IS:
case ENCRYPT_REPLY:
sprintf(nfrontp, " %s ", (pointer[1] == ENCRYPT_IS) ?
"IS" : "REPLY");
nfrontp += strlen(nfrontp);
if (length < 3) {
sprintf(nfrontp, " (partial suboption??\?)");
nfrontp += strlen(nfrontp);
break;
}
if (ENCTYPE_NAME_OK(pointer[2]))
sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[2]));
else
sprintf(nfrontp, " %d (unknown)", pointer[2]);
nfrontp += strlen(nfrontp);
encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
sprintf(nfrontp, "%s", buf);
nfrontp += strlen(nfrontp);
break;
case ENCRYPT_SUPPORT:
i = 2;
sprintf(nfrontp, " SUPPORT ");
nfrontp += strlen(nfrontp);
while (i < length) {
if (ENCTYPE_NAME_OK(pointer[i]))
sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[i]));
else
sprintf(nfrontp, "%d ", pointer[i]);
nfrontp += strlen(nfrontp);
i++;
}
break;
case ENCRYPT_ENC_KEYID:
sprintf(nfrontp, " ENC_KEYID", pointer[1]);
nfrontp += strlen(nfrontp);
goto encommon;
case ENCRYPT_DEC_KEYID:
sprintf(nfrontp, " DEC_KEYID", pointer[1]);
nfrontp += strlen(nfrontp);
goto encommon;
default:
sprintf(nfrontp, " %d (unknown)", pointer[1]);
nfrontp += strlen(nfrontp);
encommon:
for (i = 2; i < length; i++) {
sprintf(nfrontp, " %d", pointer[i]);
nfrontp += strlen(nfrontp);
}
break;
}
break;
#endif /* ENCRYPTION */
default:
if (TELOPT_OK(pointer[0]))