d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Unbreak Kerberos 5 authentication in telnet.

Browse Source 
(Credential forwarding is still broken.)

PR:	bin/45397
This commit is contained in:
Jacques Vidrine 2003-03-06 13:41:53 +00:00
parent 1303bfb807
commit 81d1ffee08
5 changed files with 51 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
contrib/telnet/libtelnet/kerberos5.c
View File

@ -192,6 +192,7 @@ kerberos5_send(const char *name, Authenticator *ap)
ap_opts = AP_OPTS_MUTUAL_REQUIRED;
else
ap_opts = 0;
ap_opts |= AP_OPTS_USE_SUBKEY;
ret = krb5_auth_con_init (context, &auth_context);
if (ret) {
@ -409,6 +410,29 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
return;
}
if (key_block == NULL) {
ret = krb5_auth_con_getkey(context,
auth_context,
&key_block);
}
if (ret) {
Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
auth_finished(ap, AUTH_REJECT);
if (auth_debug_mode)
printf("Kerberos V5: "
"krb5_auth_con_getkey failed (%s)\r\n",
krb5_get_err_text(context, ret));
return;
}
if (key_block == NULL) {
Data(ap, KRB_REJECT, "no subkey received", -1);
auth_finished(ap, AUTH_REJECT);
if (auth_debug_mode)
printf("Kerberos V5: "
"krb5_auth_con_getremotesubkey returned NULL key\r\n");
return;
}
if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
ret = krb5_mk_rep(context, auth_context, &outbuf);
if (ret) {

24
crypto/telnet/libtelnet/kerberos5.c
View File

@ -192,6 +192,7 @@ kerberos5_send(const char *name, Authenticator *ap)
ap_opts = AP_OPTS_MUTUAL_REQUIRED;
else
ap_opts = 0;
ap_opts |= AP_OPTS_USE_SUBKEY;
ret = krb5_auth_con_init (context, &auth_context);
if (ret) {
@ -409,6 +410,29 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
return;
}
if (key_block == NULL) {
ret = krb5_auth_con_getkey(context,
auth_context,
&key_block);
}
if (ret) {
Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
auth_finished(ap, AUTH_REJECT);
if (auth_debug_mode)
printf("Kerberos V5: "
"krb5_auth_con_getkey failed (%s)\r\n",
krb5_get_err_text(context, ret));
return;
}
if (key_block == NULL) {
Data(ap, KRB_REJECT, "no subkey received", -1);
auth_finished(ap, AUTH_REJECT);
if (auth_debug_mode)
printf("Kerberos V5: "
"krb5_auth_con_getremotesubkey returned NULL key\r\n");
return;
}
if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
ret = krb5_mk_rep(context, auth_context, &outbuf);
if (ret) {

1
kerberos5/lib/libtelnet/Makefile
View File

@ -16,6 +16,7 @@ SRCS+= kerberos5.c
CFLAGS+= -DENCRYPTION -DAUTHENTICATION -DSRA -I${TELNETDIR}
CFLAGS+= -DKRB5 -I${KRB5DIR}/lib/krb5 -I${KRB5OBJDIR} -I${ASN1OBJDIR}
CFLAGS+= -DFORWARD -Dnet_write=telnet_net_write
INCS= ${TELNETDIR}/arpa/telnet.h
INCSDIR= ${INCLUDEDIR}/arpa

2
kerberos5/libexec/telnetd/Makefile
View File

@ -12,7 +12,7 @@ SRCS= global.c slc.c state.c sys_term.c telnetd.c \
CFLAGS+= -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON \
-DENV_HACK -DAUTHENTICATION -DENCRYPTION \
-I${TELNETDIR} -DINET6
CFLAGS+= -DKRB5
CFLAGS+= -DKRB5 -DFORWARD -Dnet_write=telnet_net_write
WARNS?= 2

2
kerberos5/usr.bin/telnet/Makefile
View File

@ -9,7 +9,7 @@ CFLAGS+= -DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK -DOPIE \
-DENCRYPTION -DAUTHENTICATION -DIPSEC -DINET6 \
-I${TELNETDIR} -I${TELNETDIR}/libtelnet/
CFLAGS+= -DKRB5
CFLAGS+= -DKRB5 -DFORWARD -Dnet_write=telnet_net_write
WARNS?= 2