Date: Mon, 22 Jul 96 14:16 PDT From: pete@ns.altadena.net (Pete Carah) To: questions@freebsd.org Cc: hackers@freebsd.org, jkh@freebsd.org Subject: Re: Kerberized/encrypted rlogins - 2.1.5 incompatible with everything else? Message-ID: <m0uiSL4-0003ggC@ns.altadena.net> In-Reply-To: <m0uiNLw-0000RhC@pelican.altadena.net>
index | next in thread | previous in thread | raw e-mail
In article <m0uiNLw-0000RhC@pelican.altadena.net> you write:
>
>In article <Pine.OSF.3.95.960719113354.19663A-100000@alpha.dsu.edu> you write:
>>
>>I just upgraded two 2.1 machines to 2.1.5 yesterday, and now when I try to
>>login to them from my FreeBSD 2.1 workstation via kerberos-encrypted
>>rlogin sessions, I get gibberish! Non-encrypted kerberos rlogin sessions
>>work fine between 2.1 and 2.1.5 systems, but encrypted sessions, my
>>prefered method, do not work in either direction between 2.1.5 and
>>anything other system. ldd of rlogin and rlogind on the 2.1.5 systems
>>show:
>
>>/usr/bin/rlogin:
>> -lcom_err.2 => /usr/lib/libcom_err.so.2.0 (0x8034000)
>> -lkrb.2 => /usr/lib/libkrb.so.2.1 (0x801e000)
>> -ldes.2 => /usr/lib/libdes.so.2.1 (0x8043000)
>> -lc.2 => /usr/lib/libc.so.2.2 (0x804f000)
>>/usr/libexec/rlogind:
>> -lutil.2 => /usr/lib/libutil.so.2.1 (0x801d000)
>> -lcom_err.2 => /usr/lib/libcom_err.so.2.0 (0x8018000)
>> -lkrb.2 => /usr/lib/libkrb.so.2.1 (0x802c000)
>> -ldes.2 => /usr/lib/libdes.so.2.1 (0x8042000)
>> -lc.2 => /usr/lib/libc.so.2.2 (0x804e000)
>
>>Very strange... I see no significant difference in the rlogind code, so I
>>guess I'll have to dig into libdes :-( Any thoughts?
>
>Well, I just rebuilt all of eBones without the rest of secure with no
>effect (of course the bug could be in the source so that wouldn't matter).
>
>Could be a missing/extra 'endian' indication somewhere but somehow I don't
>think so or the logins shouldn't work either...
>
>I sent a note to Jordan the night after the release which he supposedly
>forwarded to someone but haven't heard anything back. This is a pain
>since that has never gotten broken before and I use it heavily. At
>least I've only installed one machine so far.
>When I get time :-) I'll cdiff the last snap (which worked) from the release
>sources (at least if I haven't nuked the last snap's source from where it
>was...).
Hope there is time to get this into the CD; probably not :-(
!!!Fixed!!! - CVS to the rescue. It seems that des_rw.c was one of the
few places in eBones which changed; des_set_key changed to des_set_key_krb
to avoid a library conflict with libdes. The invocations of that routine
in rlogin and rlogind didn't get changed. Just adding _krb to both of
those and remaking (remember if you aren't doing a make world to define
MAKE_EBONES while doing the rlogin and rlogind makes) make it all work.
This change probably is needed in the secure telnet too but I've never seen
that work so don't know...
I'll come up with a cdiff here:
*** rlogin.c.old Mon Jul 22 14:13:01 1996
--- rlogin.c Mon Jul 22 13:53:01 1996
***************
*** 301,307 ****
if (doencrypt) {
rem = krcmd_mutual(&host, sp->s_port, user, term, 0,
dest_realm, &cred, schedule);
! des_set_key(cred.session, schedule);
} else
#endif /* CRYPT */
rem = krcmd(&host, sp->s_port, user, term, 0,
--- 301,307 ----
if (doencrypt) {
rem = krcmd_mutual(&host, sp->s_port, user, term, 0,
dest_realm, &cred, schedule);
! des_set_key_krb(cred.session, schedule);
} else
#endif /* CRYPT */
rem = krcmd(&host, sp->s_port, user, term, 0,
*** rlogind.c.old Mon Jul 22 14:13:53 1996
--- rlogind.c Mon Jul 22 13:54:01 1996
***************
*** 681,687 ****
ticket, "rcmd",
instance, dest, &faddr,
kdata, "", schedule, version);
! des_set_key(kdata->session, schedule);
} else
#endif
--- 681,687 ----
ticket, "rcmd",
instance, dest, &faddr,
kdata, "", schedule, version);
! des_set_key_krb(kdata->session, schedule);
} else
#endif
------------------------------------------------------------------
If I can figure out how, I'll post this to the bugs list (need to learn
the gnats system :-)
-- Pete
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m0uiSL4-0003ggC>