diff options
| author | nectar <nectar@FreeBSD.org> | 2003-03-06 13:41:53 +0000 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2003-03-06 13:41:53 +0000 |
| commit | c4f823a8ba441f68ef368cee31f9b5a6b8bba410 (patch) | |
| tree | 5d777f34f296bdcd7f264de895a7d4dc318906f4 | |
| parent | 82ed5e94ee42037d9b8b97e5608fe7c2875a2282 (diff) | |
| download | FreeBSD-src-c4f823a8ba441f68ef368cee31f9b5a6b8bba410.zip FreeBSD-src-c4f823a8ba441f68ef368cee31f9b5a6b8bba410.tar.gz | |
Unbreak Kerberos 5 authentication in telnet.
(Credential forwarding is still broken.)
PR: bin/45397
| -rw-r--r-- | contrib/telnet/libtelnet/kerberos5.c | 24 | ||||
| -rw-r--r-- | crypto/telnet/libtelnet/kerberos5.c | 24 | ||||
| -rw-r--r-- | kerberos5/lib/libtelnet/Makefile | 1 | ||||
| -rw-r--r-- | kerberos5/libexec/telnetd/Makefile | 2 | ||||
| -rw-r--r-- | kerberos5/usr.bin/telnet/Makefile | 2 |
5 files changed, 51 insertions, 2 deletions
diff --git a/contrib/telnet/libtelnet/kerberos5.c b/contrib/telnet/libtelnet/kerberos5.c index d75fcc2..ab7b2dc 100644 --- a/contrib/telnet/libtelnet/kerberos5.c +++ b/contrib/telnet/libtelnet/kerberos5.c @@ -192,6 +192,7 @@ kerberos5_send(const char *name, Authenticator *ap) ap_opts = AP_OPTS_MUTUAL_REQUIRED; else ap_opts = 0; + ap_opts |= AP_OPTS_USE_SUBKEY; ret = krb5_auth_con_init (context, &auth_context); if (ret) { @@ -409,6 +410,29 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) return; } + if (key_block == NULL) { + ret = krb5_auth_con_getkey(context, + auth_context, + &key_block); + } + if (ret) { + Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1); + auth_finished(ap, AUTH_REJECT); + if (auth_debug_mode) + printf("Kerberos V5: " + "krb5_auth_con_getkey failed (%s)\r\n", + krb5_get_err_text(context, ret)); + return; + } + if (key_block == NULL) { + Data(ap, KRB_REJECT, "no subkey received", -1); + auth_finished(ap, AUTH_REJECT); + if (auth_debug_mode) + printf("Kerberos V5: " + "krb5_auth_con_getremotesubkey returned NULL key\r\n"); + return; + } + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { ret = krb5_mk_rep(context, auth_context, &outbuf); if (ret) { diff --git a/crypto/telnet/libtelnet/kerberos5.c b/crypto/telnet/libtelnet/kerberos5.c index d75fcc2..ab7b2dc 100644 --- a/crypto/telnet/libtelnet/kerberos5.c +++ b/crypto/telnet/libtelnet/kerberos5.c @@ -192,6 +192,7 @@ kerberos5_send(const char *name, Authenticator *ap) ap_opts = AP_OPTS_MUTUAL_REQUIRED; else ap_opts = 0; + ap_opts |= AP_OPTS_USE_SUBKEY; ret = krb5_auth_con_init (context, &auth_context); if (ret) { @@ -409,6 +410,29 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt) return; } + if (key_block == NULL) { + ret = krb5_auth_con_getkey(context, + auth_context, + &key_block); + } + if (ret) { + Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1); + auth_finished(ap, AUTH_REJECT); + if (auth_debug_mode) + printf("Kerberos V5: " + "krb5_auth_con_getkey failed (%s)\r\n", + krb5_get_err_text(context, ret)); + return; + } + if (key_block == NULL) { + Data(ap, KRB_REJECT, "no subkey received", -1); + auth_finished(ap, AUTH_REJECT); + if (auth_debug_mode) + printf("Kerberos V5: " + "krb5_auth_con_getremotesubkey returned NULL key\r\n"); + return; + } + if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) { ret = krb5_mk_rep(context, auth_context, &outbuf); if (ret) { diff --git a/kerberos5/lib/libtelnet/Makefile b/kerberos5/lib/libtelnet/Makefile index d78e65f..c5ef16e 100644 --- a/kerberos5/lib/libtelnet/Makefile +++ b/kerberos5/lib/libtelnet/Makefile @@ -16,6 +16,7 @@ SRCS+= kerberos5.c CFLAGS+= -DENCRYPTION -DAUTHENTICATION -DSRA -I${TELNETDIR} CFLAGS+= -DKRB5 -I${KRB5DIR}/lib/krb5 -I${KRB5OBJDIR} -I${ASN1OBJDIR} +CFLAGS+= -DFORWARD -Dnet_write=telnet_net_write INCS= ${TELNETDIR}/arpa/telnet.h INCSDIR= ${INCLUDEDIR}/arpa diff --git a/kerberos5/libexec/telnetd/Makefile b/kerberos5/libexec/telnetd/Makefile index 623cbfb..9b12a00 100644 --- a/kerberos5/libexec/telnetd/Makefile +++ b/kerberos5/libexec/telnetd/Makefile @@ -12,7 +12,7 @@ SRCS= global.c slc.c state.c sys_term.c telnetd.c \ CFLAGS+= -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON \ -DENV_HACK -DAUTHENTICATION -DENCRYPTION \ -I${TELNETDIR} -DINET6 -CFLAGS+= -DKRB5 +CFLAGS+= -DKRB5 -DFORWARD -Dnet_write=telnet_net_write WARNS?= 2 diff --git a/kerberos5/usr.bin/telnet/Makefile b/kerberos5/usr.bin/telnet/Makefile index 79f7f11..00d5f11 100644 --- a/kerberos5/usr.bin/telnet/Makefile +++ b/kerberos5/usr.bin/telnet/Makefile @@ -9,7 +9,7 @@ CFLAGS+= -DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK -DOPIE \ -DENCRYPTION -DAUTHENTICATION -DIPSEC -DINET6 \ -I${TELNETDIR} -I${TELNETDIR}/libtelnet/ -CFLAGS+= -DKRB5 +CFLAGS+= -DKRB5 -DFORWARD -Dnet_write=telnet_net_write WARNS?= 2 |
