From owner-freebsd-bugs Thu Jan 2 11:20:10 2003 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E462C37B401 for ; Thu, 2 Jan 2003 11:20:03 -0800 (PST) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 68A4D43E4A for ; Thu, 2 Jan 2003 11:20:03 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.6/8.12.6) with ESMTP id h02JK3NS069503 for ; Thu, 2 Jan 2003 11:20:03 -0800 (PST) (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.6/8.12.6/Submit) id h02JK3Zc069502; Thu, 2 Jan 2003 11:20:03 -0800 (PST) Date: Thu, 2 Jan 2003 11:20:03 -0800 (PST) Message-Id: <200301021920.h02JK3Zc069502@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Bjorn Gronvall Subject: Re: bin/45397: Telnet dumps core when MAKE_KERBEROS5=yes is enabled Reply-To: Bjorn Gronvall Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR bin/45397; it has been noted by GNATS. From: Bjorn Gronvall To: freebsd-gnats-submit@FreeBSD.org, ari.suutari@syncrontech.com, roam@ringlet.net, bug-followup@FreeBSD.org, markm@FreeBSD.org Cc: Subject: Re: bin/45397: Telnet dumps core when MAKE_KERBEROS5=yes is enabled Date: Thu, 02 Jan 2003 20:16:36 +0100 This is a multi-part message in MIME format. --------------D1C7367BBBD2CF5FAB51F35F Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit This patch also renames net_write to telnet_net_write (as Peter suggested). It also includes changes to crypto/telnet/libtelnet/kerberos5.c to ensure that subkeys are properly used (incorporated from heimdal). After these two changes my telnet and telnetd interoperates correctly with the heimdal ditos and and also with the old FreeBSD telnetd. Cheers, Björn --------------D1C7367BBBD2CF5FAB51F35F Content-Type: text/plain; charset=us-ascii; name="telnet.patch" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="telnet.patch" diff -ur crypto/telnet.orig/libtelnet/auth.c crypto/telnet/libtelnet/auth.c --- crypto/telnet.orig/libtelnet/auth.c Sat Apr 13 12:59:07 2002 +++ crypto/telnet/libtelnet/auth.c Thu Jan 2 18:06:48 2003 @@ -359,7 +359,7 @@ } *e++ = IAC; *e++ = SE; - net_write(str_request, e - str_request); + telnet_net_write(str_request, e - str_request); printsub('>', &str_request[2], e - str_request - 2); } } @@ -444,7 +444,7 @@ } auth_send_data += 2; } - net_write(str_none, sizeof(str_none)); + telnet_net_write(str_none, sizeof(str_none)); printsub('>', &str_none[2], sizeof(str_none) - 2); if (auth_debug_mode) printf(">>>%s: Sent failure message\r\n", Name); @@ -537,7 +537,7 @@ } *e++ = IAC; *e++ = SE; - net_write(str_request, e - str_request); + telnet_net_write(str_request, e - str_request); printsub('>', &str_request[2], e - &str_request[2]); return(1); } diff -ur crypto/telnet.orig/libtelnet/enc_des.c crypto/telnet/libtelnet/enc_des.c --- crypto/telnet.orig/libtelnet/enc_des.c Sat Apr 13 12:59:07 2002 +++ crypto/telnet/libtelnet/enc_des.c Thu Jan 2 18:06:50 2003 @@ -225,7 +225,7 @@ *p++ = IAC; *p++ = SE; printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); - net_write(fbp->fb_feed, p - fbp->fb_feed); + telnet_net_write(fbp->fb_feed, p - fbp->fb_feed); break; default: return(FAILED); @@ -284,7 +284,7 @@ *p++ = IAC; *p++ = SE; printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); - net_write(fbp->fb_feed, p - fbp->fb_feed); + telnet_net_write(fbp->fb_feed, p - fbp->fb_feed); state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS; break; @@ -309,7 +309,7 @@ *p++ = IAC; *p++ = SE; printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]); - net_write(fbp->fb_feed, p - fbp->fb_feed); + telnet_net_write(fbp->fb_feed, p - fbp->fb_feed); break; } diff -ur crypto/telnet.orig/libtelnet/encrypt.c crypto/telnet/libtelnet/encrypt.c --- crypto/telnet.orig/libtelnet/encrypt.c Sat Apr 13 12:59:07 2002 +++ crypto/telnet/libtelnet/encrypt.c Thu Jan 2 18:06:50 2003 @@ -427,7 +427,7 @@ */ if (!Server && autodecrypt) encrypt_send_request_start(); - net_write(str_send, str_suplen); + telnet_net_write(str_send, str_suplen); printsub('>', &str_send[2], str_suplen - 2); str_suplen = 0; } @@ -773,7 +773,7 @@ } *strp++ = IAC; *strp++ = SE; - net_write(str_keyid, strp - str_keyid); + telnet_net_write(str_keyid, strp - str_keyid); printsub('>', &str_keyid[2], strp - str_keyid - 2); } @@ -832,7 +832,7 @@ } *p++ = IAC; *p++ = SE; - net_write(str_start, p - str_start); + telnet_net_write(str_start, p - str_start); net_encrypt(); printsub('>', &str_start[2], p - &str_start[2]); /* @@ -858,7 +858,7 @@ return; str_end[3] = ENCRYPT_END; - net_write(str_end, sizeof(str_end)); + telnet_net_write(str_end, sizeof(str_end)); net_encrypt(); printsub('>', &str_end[2], sizeof(str_end) - 2); /* @@ -886,7 +886,7 @@ } *p++ = IAC; *p++ = SE; - net_write(str_start, p - str_start); + telnet_net_write(str_start, p - str_start); printsub('>', &str_start[2], p - &str_start[2]); if (encrypt_debug_mode) printf(">>>%s: Request input to be encrypted\r\n", Name); @@ -896,7 +896,7 @@ encrypt_send_request_end(void) { str_end[3] = ENCRYPT_REQEND; - net_write(str_end, sizeof(str_end)); + telnet_net_write(str_end, sizeof(str_end)); printsub('>', &str_end[2], sizeof(str_end) - 2); if (encrypt_debug_mode) diff -ur crypto/telnet.orig/libtelnet/kerberos.c crypto/telnet/libtelnet/kerberos.c --- crypto/telnet.orig/libtelnet/kerberos.c Sat Apr 13 12:59:07 2002 +++ crypto/telnet/libtelnet/kerberos.c Thu Jan 2 18:06:51 2003 @@ -126,7 +126,7 @@ *p++ = SE; if (str_data[3] == TELQUAL_IS) printsub('>', &str_data[2], p - (&str_data[2])); - return(net_write(str_data, p - str_data)); + return(telnet_net_write(str_data, p - str_data)); } int diff -ur crypto/telnet.orig/libtelnet/kerberos5.c crypto/telnet/libtelnet/kerberos5.c --- crypto/telnet.orig/libtelnet/kerberos5.c Sat Apr 13 12:59:07 2002 +++ crypto/telnet/libtelnet/kerberos5.c Thu Jan 2 18:06:51 2003 @@ -128,7 +128,7 @@ *p++ = SE; if (str_data[3] == TELQUAL_IS) printsub('>', &str_data[2], p - &str_data[2]); - return(net_write(str_data, p - str_data)); + return(telnet_net_write(str_data, p - str_data)); } int @@ -193,6 +193,8 @@ else ap_opts = 0; + ap_opts |= AP_OPTS_USE_SUBKEY; + ret = krb5_auth_con_init (context, &auth_context); if (ret) { if (auth_debug_mode) { @@ -406,6 +408,29 @@ printf("Kerberos V5: " "krb5_auth_con_getremotesubkey failed (%s)\r\n", krb5_get_err_text(context, ret)); + return; + } + + if (key_block == NULL) { + ret = krb5_auth_con_getkey(context, + auth_context, + &key_block); + } + if (ret) { + Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1); + auth_finished(ap, AUTH_REJECT); + if (auth_debug_mode) + printf("Kerberos V5: " + "krb5_auth_con_getkey failed (%s)\r\n", + krb5_get_err_text(context, ret)); + return; + } + if (key_block == NULL) { + Data(ap, KRB_REJECT, "no subkey received", -1); + auth_finished(ap, AUTH_REJECT); + if (auth_debug_mode) + printf("Kerberos V5: " + "krb5_auth_con_getremotesubkey returned NULL key\r\n"); return; } diff -ur crypto/telnet.orig/libtelnet/krb4encpwd.c crypto/telnet/libtelnet/krb4encpwd.c --- crypto/telnet.orig/libtelnet/krb4encpwd.c Sat Apr 13 12:59:07 2002 +++ crypto/telnet/libtelnet/krb4encpwd.c Thu Jan 2 18:06:52 2003 @@ -146,7 +146,7 @@ *p++ = SE; if (str_data[3] == TELQUAL_IS) printsub('>', &str_data[2], p - (&str_data[2])); - return(net_write(str_data, p - str_data)); + return(telnet_net_write(str_data, p - str_data)); } int diff -ur crypto/telnet.orig/libtelnet/misc-proto.h crypto/telnet/libtelnet/misc-proto.h --- crypto/telnet.orig/libtelnet/misc-proto.h Sat Apr 13 12:59:07 2002 +++ crypto/telnet/libtelnet/misc-proto.h Thu Jan 2 18:06:52 2003 @@ -71,7 +71,7 @@ /* * These functions are imported from the application */ -int net_write(unsigned char *, int); +int telnet_net_write(unsigned char *, int); void net_encrypt(void); int telnet_spin(void); char *telnet_getenv(char *); diff -ur crypto/telnet.orig/libtelnet/rsaencpwd.c crypto/telnet/libtelnet/rsaencpwd.c --- crypto/telnet.orig/libtelnet/rsaencpwd.c Sat Apr 13 12:59:07 2002 +++ crypto/telnet/libtelnet/rsaencpwd.c Thu Jan 2 18:06:52 2003 @@ -142,7 +142,7 @@ *p++ = SE; if (str_data[3] == TELQUAL_IS) printsub('>', &str_data[2], p - (&str_data[2])); - return(net_write(str_data, p - str_data)); + return(telnet_net_write(str_data, p - str_data)); } int diff -ur crypto/telnet.orig/libtelnet/sra.c crypto/telnet/libtelnet/sra.c --- crypto/telnet.orig/libtelnet/sra.c Thu May 16 10:46:49 2002 +++ crypto/telnet/libtelnet/sra.c Thu Jan 2 18:06:53 2003 @@ -106,7 +106,7 @@ *p++ = SE; if (str_data[3] == TELQUAL_IS) printsub('>', &str_data[2], p - (&str_data[2])); - return(net_write(str_data, p - str_data)); + return(telnet_net_write(str_data, p - str_data)); } int diff -ur crypto/telnet.orig/telnet/authenc.c crypto/telnet/telnet/authenc.c --- crypto/telnet.orig/telnet/authenc.c Sat Apr 13 12:59:08 2002 +++ crypto/telnet/telnet/authenc.c Thu Jan 2 18:06:53 2003 @@ -55,7 +55,7 @@ #include "types.h" int -net_write(unsigned char *str, int len) +telnet_net_write(unsigned char *str, int len) { if (NETROOM() > len) { ring_supply_data(&netoring, str, len); diff -ur crypto/telnet.orig/telnetd/authenc.c crypto/telnet/telnetd/authenc.c --- crypto/telnet.orig/telnetd/authenc.c Sat Apr 13 12:59:08 2002 +++ crypto/telnet/telnetd/authenc.c Thu Jan 2 18:06:54 2003 @@ -47,7 +47,7 @@ #include int -net_write(unsigned char *str, int len) +telnet_net_write(unsigned char *str, int len) { if (nfrontp + len < netobuf + BUFSIZ) { output_datalen(str, len); --------------D1C7367BBBD2CF5FAB51F35F-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message