Commit Graph

12 Commits

Author SHA1 Message Date
Mark Murray
8fa113e5fc Very large style makeover.
1) ANSIfy.
2) Clean up ifdefs so that
   a) ones that never/always apply are appropriately either
      fully removed, or just the #if junk is removed.
   b) change #if defined(FOO) for appropiate values of FOO.
      (currently AUTHENTICATION and ENCRYPTION)
3) WARNS=2 fixing
4) GC other unused stuff

This code can now be unifdef(1)ed to make non-crypto telnet.
2001-11-30 21:06:38 +00:00
Nick Sayer
3737d6dfe3 Add Berkeley copyright to SRA.
This is by the kind permission of Dave Safford, formerly of TAMU who wrote the
original code. Here is an excerpt of the e-mail exchange concerning this
issue:

Dave Safford wrote:
>Nick Sayer wrote:
>> Some time ago we spoke about SRA and importing it into FreeBSD. I forgot to
>> ask if you had a prefered license boilerplate for the top of the files. It
>> has come up recently, and the SRA code in FreeBSD doesn't have one.

>I really have no preference - use whatever is most convenient in the
>FreeBSD environment.

>dave safford

This is the standard BSD license with clause 3 removed and clause 4
suitably renumbered.

MFC after:	1 day
2001-10-29 16:12:16 +00:00
Mark Murray
f2ac7de925 Add __FBSDID() to diff-reduce with "base" telnet. 2001-10-01 16:04:55 +00:00
Mark Murray
21f083c0a6 Code merge and diff reduce with "base" telnet. This is the "later"
telnet, so it was treated as the reference code, except where later
commits were made to "base" telnet.
2001-08-20 12:28:40 +00:00
Nick Sayer
9286fd701f Make the PAM user-override actually override the correect thing. 2001-05-17 16:28:11 +00:00
Nick Sayer
166b3cb9a0 Make sure the protocol actively rejects bad data rather than
(potentially) not responding to an invalid SRA 'auth is' message.
2001-05-16 20:24:58 +00:00
Nick Sayer
60f581768d Catch any attempted buffer overflows. The magic numbers in this code
(512) are a little distressing, but the method really needs to be
extended to allow server-supplied DH parameters anyway.

Submitted by:	kris
2001-05-16 18:27:09 +00:00
Nick Sayer
e7157113a9 Catch malloc return failures. This should help avoid dereferencing NULL on
low-memory situations.

Submitted by:	kris
2001-05-16 18:17:55 +00:00
Nick Sayer
c7be24c970 If the uid of the attempted authentication is 0 and if the pty is
insecure, do not succeed. Copied from login.c. This functionality really
should be a PAM module.
2001-05-15 04:47:14 +00:00
Nick Sayer
053c5b3a9e Pointy hat fix -- reapply the SRA PAM patch. To -current this time. 2001-05-07 20:42:02 +00:00
Peter Wemm
ecece7e319 Add missing $FreeBSD$ to files that are NOT still on vendor a branch. 2000-07-16 05:48:49 +00:00
Nick Sayer
0f8c8396c5 Add SRA authentication to src/crypto/telnet.
SRA does a Diffie-Hellmen exchange and then DES-encrypts the
authentication data. If the authentication is successful, it also
sets up a session key for DES encryption.

SRA was originally developed at Texas A&M University.

This code is probably export restricted (despite the fact that I
originally found it at a University in Germany).

SRA is not perfect. It is vulnerable to monkey-in-the-middle attacks
and does not use tremendously large DH constants (and thus an individual
exchange probably could be factored in a few days on modern CPU
horsepower). It does not, however, require any changes in user or
administrative behavior and foils session hijacking and sniffing.
The goal of this commit is that telnet and telnetd end up in the DES
distribution and that therefore an encrypted session telnet becomes
standard issue for FreeBSD.
1999-08-16 11:24:29 +00:00