Kerberized Telnet Badly Broken (Patch enclosed)
Jacques A. Vidrine
nectar at FreeBSD.org
Thu Apr 24 05:07:28 PDT 2003
On Wed, Apr 23, 2003 at 11:43:29PM -0700, Tim Kientzle wrote:
> Ugh.
>
> With MAKE_KERBEROS5=yes, on a recent STABLE,
> I get the following trying to use Kerberized telnet:
This was fixed in -CURRENT in early March.
1.7 src/crypto/telnet/libtelnet/kerberos5.c
1.17 src/kerberos5/lib/libtelnet/Makefile
1.16 src/kerberos5/libexec/telnetd/Makefile
1.17 src/kerberos5/usr.bin/telnet/Makefile
If you would be so kind as to try the attached patch, I will
MFC.
Cheers,
--
Jacques A. Vidrine <nectar at celabo.org> http://www.celabo.org/
NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos
jvidrine at verio.net . nectar at FreeBSD.org . nectar at kth.se
-------------- next part --------------
Index: crypto/telnet/libtelnet/kerberos5.c
===================================================================
RCS file: /home/ncvs/src/crypto/telnet/libtelnet/kerberos5.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -c -c -r1.6 -r1.7
*** crypto/telnet/libtelnet/kerberos5.c 19 Feb 2002 15:53:30 -0000 1.6
--- crypto/telnet/libtelnet/kerberos5.c 6 Mar 2003 13:41:53 -0000 1.7
***************
*** 192,197 ****
--- 192,198 ----
ap_opts = AP_OPTS_MUTUAL_REQUIRED;
else
ap_opts = 0;
+ ap_opts |= AP_OPTS_USE_SUBKEY;
ret = krb5_auth_con_init (context, &auth_context);
if (ret) {
***************
*** 406,411 ****
--- 407,435 ----
printf("Kerberos V5: "
"krb5_auth_con_getremotesubkey failed (%s)\r\n",
krb5_get_err_text(context, ret));
+ return;
+ }
+
+ if (key_block == NULL) {
+ ret = krb5_auth_con_getkey(context,
+ auth_context,
+ &key_block);
+ }
+ if (ret) {
+ Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
+ auth_finished(ap, AUTH_REJECT);
+ if (auth_debug_mode)
+ printf("Kerberos V5: "
+ "krb5_auth_con_getkey failed (%s)\r\n",
+ krb5_get_err_text(context, ret));
+ return;
+ }
+ if (key_block == NULL) {
+ Data(ap, KRB_REJECT, "no subkey received", -1);
+ auth_finished(ap, AUTH_REJECT);
+ if (auth_debug_mode)
+ printf("Kerberos V5: "
+ "krb5_auth_con_getremotesubkey returned NULL key\r\n");
return;
}
Index: kerberos5/lib/libtelnet/Makefile
===================================================================
RCS file: /home/ncvs/src/kerberos5/lib/libtelnet/Makefile,v
retrieving revision 1.16
retrieving revision 1.17
diff -c -c -r1.16 -r1.17
*** kerberos5/lib/libtelnet/Makefile 13 May 2002 11:09:04 -0000 1.16
--- kerberos5/lib/libtelnet/Makefile 6 Mar 2003 13:41:52 -0000 1.17
***************
*** 16,21 ****
--- 16,22 ----
CFLAGS+= -DENCRYPTION -DAUTHENTICATION -DSRA -I${TELNETDIR}
CFLAGS+= -DKRB5 -I${KRB5DIR}/lib/krb5 -I${KRB5OBJDIR} -I${ASN1OBJDIR}
+ CFLAGS+= -DFORWARD -Dnet_write=telnet_net_write
INCS= ${TELNETDIR}/arpa/telnet.h
INCSDIR= ${INCLUDEDIR}/arpa
Index: kerberos5/usr.bin/telnet/Makefile
===================================================================
RCS file: /home/ncvs/src/kerberos5/usr.bin/telnet/Makefile,v
retrieving revision 1.16
retrieving revision 1.17
diff -c -c -r1.16 -r1.17
*** kerberos5/usr.bin/telnet/Makefile 17 Dec 2001 01:33:20 -0000 1.16
--- kerberos5/usr.bin/telnet/Makefile 6 Mar 2003 13:41:52 -0000 1.17
***************
*** 9,15 ****
-DENCRYPTION -DAUTHENTICATION -DIPSEC -DINET6 \
-I${TELNETDIR} -I${TELNETDIR}/libtelnet/
! CFLAGS+= -DKRB5
WARNS?= 2
--- 9,15 ----
-DENCRYPTION -DAUTHENTICATION -DIPSEC -DINET6 \
-I${TELNETDIR} -I${TELNETDIR}/libtelnet/
! CFLAGS+= -DKRB5 -DFORWARD -Dnet_write=telnet_net_write
WARNS?= 2
Index: kerberos5/libexec/telnetd/Makefile
===================================================================
RCS file: /home/ncvs/src/kerberos5/libexec/telnetd/Makefile,v
retrieving revision 1.15
retrieving revision 1.16
diff -c -c -r1.15 -r1.16
*** kerberos5/libexec/telnetd/Makefile 17 Dec 2001 01:33:20 -0000 1.15
--- kerberos5/libexec/telnetd/Makefile 6 Mar 2003 13:41:52 -0000 1.16
***************
*** 12,18 ****
CFLAGS+= -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON \
-DENV_HACK -DAUTHENTICATION -DENCRYPTION \
-I${TELNETDIR} -DINET6
! CFLAGS+= -DKRB5
WARNS?= 2
--- 12,18 ----
CFLAGS+= -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON \
-DENV_HACK -DAUTHENTICATION -DENCRYPTION \
-I${TELNETDIR} -DINET6
! CFLAGS+= -DKRB5 -DFORWARD -Dnet_write=telnet_net_write
WARNS?= 2
More information about the freebsd-stable
mailing list