summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authornectar <nectar@FreeBSD.org>2003-03-06 13:41:53 +0000
committernectar <nectar@FreeBSD.org>2003-03-06 13:41:53 +0000
commitc4f823a8ba441f68ef368cee31f9b5a6b8bba410 (patch)
tree5d777f34f296bdcd7f264de895a7d4dc318906f4 /crypto
parent82ed5e94ee42037d9b8b97e5608fe7c2875a2282 (diff)
downloadFreeBSD-src-c4f823a8ba441f68ef368cee31f9b5a6b8bba410.zip
FreeBSD-src-c4f823a8ba441f68ef368cee31f9b5a6b8bba410.tar.gz
Unbreak Kerberos 5 authentication in telnet.
(Credential forwarding is still broken.) PR: bin/45397
Diffstat (limited to 'crypto')
-rw-r--r--crypto/telnet/libtelnet/kerberos5.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/crypto/telnet/libtelnet/kerberos5.c b/crypto/telnet/libtelnet/kerberos5.c
index d75fcc2..ab7b2dc 100644
--- a/crypto/telnet/libtelnet/kerberos5.c
+++ b/crypto/telnet/libtelnet/kerberos5.c
@@ -192,6 +192,7 @@ kerberos5_send(const char *name, Authenticator *ap)
ap_opts = AP_OPTS_MUTUAL_REQUIRED;
else
ap_opts = 0;
+ ap_opts |= AP_OPTS_USE_SUBKEY;
ret = krb5_auth_con_init (context, &auth_context);
if (ret) {
@@ -409,6 +410,29 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
return;
}
+ if (key_block == NULL) {
+ ret = krb5_auth_con_getkey(context,
+ auth_context,
+ &key_block);
+ }
+ if (ret) {
+ Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
+ auth_finished(ap, AUTH_REJECT);
+ if (auth_debug_mode)
+ printf("Kerberos V5: "
+ "krb5_auth_con_getkey failed (%s)\r\n",
+ krb5_get_err_text(context, ret));
+ return;
+ }
+ if (key_block == NULL) {
+ Data(ap, KRB_REJECT, "no subkey received", -1);
+ auth_finished(ap, AUTH_REJECT);
+ if (auth_debug_mode)
+ printf("Kerberos V5: "
+ "krb5_auth_con_getremotesubkey returned NULL key\r\n");
+ return;
+ }
+
if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
ret = krb5_mk_rep(context, auth_context, &outbuf);
if (ret) {
OpenPOWER on IntegriCloud