Kerberized Telnet Badly Broken (Patch enclosed)

Jacques A. Vidrine nectar at FreeBSD.org
Thu Apr 24 05:07:28 PDT 2003


On Wed, Apr 23, 2003 at 11:43:29PM -0700, Tim Kientzle wrote:
> Ugh.
> 
> With MAKE_KERBEROS5=yes, on a recent STABLE,
> I get the following trying to use Kerberized telnet:

This was fixed in -CURRENT in early March.  

  1.7  src/crypto/telnet/libtelnet/kerberos5.c
  1.17 src/kerberos5/lib/libtelnet/Makefile
  1.16 src/kerberos5/libexec/telnetd/Makefile
  1.17 src/kerberos5/usr.bin/telnet/Makefile

If you would be so kind as to try the attached patch, I will
MFC.

Cheers,
-- 
Jacques A. Vidrine <nectar at celabo.org>          http://www.celabo.org/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine at verio.net     .  nectar at FreeBSD.org  .          nectar at kth.se
-------------- next part --------------
Index: crypto/telnet/libtelnet/kerberos5.c
===================================================================
RCS file: /home/ncvs/src/crypto/telnet/libtelnet/kerberos5.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -c -c -r1.6 -r1.7
*** crypto/telnet/libtelnet/kerberos5.c	19 Feb 2002 15:53:30 -0000	1.6
--- crypto/telnet/libtelnet/kerberos5.c	6 Mar 2003 13:41:53 -0000	1.7
***************
*** 192,197 ****
--- 192,198 ----
  	ap_opts = AP_OPTS_MUTUAL_REQUIRED;
      else
  	ap_opts = 0;
+     ap_opts |= AP_OPTS_USE_SUBKEY;
      
      ret = krb5_auth_con_init (context, &auth_context);
      if (ret) {
***************
*** 406,411 ****
--- 407,435 ----
  		printf("Kerberos V5: "
  		       "krb5_auth_con_getremotesubkey failed (%s)\r\n",
  		       krb5_get_err_text(context, ret));
+ 	    return;
+ 	}
+ 
+ 	if (key_block == NULL) {
+ 	    ret = krb5_auth_con_getkey(context,
+ 				       auth_context,
+ 				       &key_block);
+ 	}
+ 	if (ret) {
+ 	    Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
+ 	    auth_finished(ap, AUTH_REJECT);
+ 	    if (auth_debug_mode)
+ 		printf("Kerberos V5: "
+ 		       "krb5_auth_con_getkey failed (%s)\r\n",
+ 		       krb5_get_err_text(context, ret));
+ 	    return;
+ 	}
+ 	if (key_block == NULL) {
+ 	    Data(ap, KRB_REJECT, "no subkey received", -1);
+ 	    auth_finished(ap, AUTH_REJECT);
+ 	    if (auth_debug_mode)
+ 		printf("Kerberos V5: "
+ 		       "krb5_auth_con_getremotesubkey returned NULL key\r\n");
  	    return;
  	}
  
Index: kerberos5/lib/libtelnet/Makefile
===================================================================
RCS file: /home/ncvs/src/kerberos5/lib/libtelnet/Makefile,v
retrieving revision 1.16
retrieving revision 1.17
diff -c -c -r1.16 -r1.17
*** kerberos5/lib/libtelnet/Makefile	13 May 2002 11:09:04 -0000	1.16
--- kerberos5/lib/libtelnet/Makefile	6 Mar 2003 13:41:52 -0000	1.17
***************
*** 16,21 ****
--- 16,22 ----
  
  CFLAGS+=	-DENCRYPTION -DAUTHENTICATION -DSRA -I${TELNETDIR}
  CFLAGS+=	-DKRB5 -I${KRB5DIR}/lib/krb5 -I${KRB5OBJDIR} -I${ASN1OBJDIR}
+ CFLAGS+=	-DFORWARD -Dnet_write=telnet_net_write
  
  INCS=		${TELNETDIR}/arpa/telnet.h
  INCSDIR=	${INCLUDEDIR}/arpa
Index: kerberos5/usr.bin/telnet/Makefile
===================================================================
RCS file: /home/ncvs/src/kerberos5/usr.bin/telnet/Makefile,v
retrieving revision 1.16
retrieving revision 1.17
diff -c -c -r1.16 -r1.17
*** kerberos5/usr.bin/telnet/Makefile	17 Dec 2001 01:33:20 -0000	1.16
--- kerberos5/usr.bin/telnet/Makefile	6 Mar 2003 13:41:52 -0000	1.17
***************
*** 9,15 ****
  		-DENCRYPTION -DAUTHENTICATION -DIPSEC -DINET6 \
  		-I${TELNETDIR} -I${TELNETDIR}/libtelnet/
  
! CFLAGS+=	-DKRB5
  
  WARNS?=		2
  
--- 9,15 ----
  		-DENCRYPTION -DAUTHENTICATION -DIPSEC -DINET6 \
  		-I${TELNETDIR} -I${TELNETDIR}/libtelnet/
  
! CFLAGS+=	-DKRB5 -DFORWARD -Dnet_write=telnet_net_write
  
  WARNS?=		2
  
Index: kerberos5/libexec/telnetd/Makefile
===================================================================
RCS file: /home/ncvs/src/kerberos5/libexec/telnetd/Makefile,v
retrieving revision 1.15
retrieving revision 1.16
diff -c -c -r1.15 -r1.16
*** kerberos5/libexec/telnetd/Makefile	17 Dec 2001 01:33:20 -0000	1.15
--- kerberos5/libexec/telnetd/Makefile	6 Mar 2003 13:41:52 -0000	1.16
***************
*** 12,18 ****
  CFLAGS+=	-DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON \
  		-DENV_HACK -DAUTHENTICATION -DENCRYPTION \
  		-I${TELNETDIR} -DINET6
! CFLAGS+=	-DKRB5
  
  WARNS?=		2
  
--- 12,18 ----
  CFLAGS+=	-DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON \
  		-DENV_HACK -DAUTHENTICATION -DENCRYPTION \
  		-I${TELNETDIR} -DINET6
! CFLAGS+=	-DKRB5 -DFORWARD -Dnet_write=telnet_net_write
  
  WARNS?=		2
  


More information about the freebsd-stable mailing list