Date: Thu, 24 Apr 2003 11:28:15 -0700 From: Tim Kientzle <kientzle@acm.org> To: "Jacques A. Vidrine" <nectar@FreeBSD.org> Cc: freebsd-stable@FreeBSD.org Subject: Re: Kerberized Telnet Badly Broken (Patch enclosed) Message-ID: <3EA82CBF.3060506@acm.org> References: <3EA78791.6030009@acm.org> <20030424120725.GA76274@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
That seems to fix it. Thanks!
Tim
Jacques A. Vidrine wrote:
> On Wed, Apr 23, 2003 at 11:43:29PM -0700, Tim Kientzle wrote:
>
>>Ugh.
>>
>>With MAKE_KERBEROS5=yes, on a recent STABLE,
>>I get the following trying to use Kerberized telnet:
>>
>
> This was fixed in -CURRENT in early March.
>
> 1.7 src/crypto/telnet/libtelnet/kerberos5.c
> 1.17 src/kerberos5/lib/libtelnet/Makefile
> 1.16 src/kerberos5/libexec/telnetd/Makefile
> 1.17 src/kerberos5/usr.bin/telnet/Makefile
>
> If you would be so kind as to try the attached patch, I will
> MFC.
>
> Cheers,
>
>
> ------------------------------------------------------------------------
>
> Index: crypto/telnet/libtelnet/kerberos5.c
> ===================================================================
> RCS file: /home/ncvs/src/crypto/telnet/libtelnet/kerberos5.c,v
> retrieving revision 1.6
> retrieving revision 1.7
> diff -c -c -r1.6 -r1.7
> *** crypto/telnet/libtelnet/kerberos5.c 19 Feb 2002 15:53:30 -0000 1.6
> --- crypto/telnet/libtelnet/kerberos5.c 6 Mar 2003 13:41:53 -0000 1.7
> ***************
> *** 192,197 ****
> --- 192,198 ----
> ap_opts = AP_OPTS_MUTUAL_REQUIRED;
> else
> ap_opts = 0;
> + ap_opts |= AP_OPTS_USE_SUBKEY;
>
> ret = krb5_auth_con_init (context, &auth_context);
> if (ret) {
> ***************
> *** 406,411 ****
> --- 407,435 ----
> printf("Kerberos V5: "
> "krb5_auth_con_getremotesubkey failed (%s)\r\n",
> krb5_get_err_text(context, ret));
> + return;
> + }
> +
> + if (key_block == NULL) {
> + ret = krb5_auth_con_getkey(context,
> + auth_context,
> + &key_block);
> + }
> + if (ret) {
> + Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
> + auth_finished(ap, AUTH_REJECT);
> + if (auth_debug_mode)
> + printf("Kerberos V5: "
> + "krb5_auth_con_getkey failed (%s)\r\n",
> + krb5_get_err_text(context, ret));
> + return;
> + }
> + if (key_block == NULL) {
> + Data(ap, KRB_REJECT, "no subkey received", -1);
> + auth_finished(ap, AUTH_REJECT);
> + if (auth_debug_mode)
> + printf("Kerberos V5: "
> + "krb5_auth_con_getremotesubkey returned NULL key\r\n");
> return;
> }
>
> Index: kerberos5/lib/libtelnet/Makefile
> ===================================================================
> RCS file: /home/ncvs/src/kerberos5/lib/libtelnet/Makefile,v
> retrieving revision 1.16
> retrieving revision 1.17
> diff -c -c -r1.16 -r1.17
> *** kerberos5/lib/libtelnet/Makefile 13 May 2002 11:09:04 -0000 1.16
> --- kerberos5/lib/libtelnet/Makefile 6 Mar 2003 13:41:52 -0000 1.17
> ***************
> *** 16,21 ****
> --- 16,22 ----
>
> CFLAGS+= -DENCRYPTION -DAUTHENTICATION -DSRA -I${TELNETDIR}
> CFLAGS+= -DKRB5 -I${KRB5DIR}/lib/krb5 -I${KRB5OBJDIR} -I${ASN1OBJDIR}
> + CFLAGS+= -DFORWARD -Dnet_write=telnet_net_write
>
> INCS= ${TELNETDIR}/arpa/telnet.h
> INCSDIR= ${INCLUDEDIR}/arpa
> Index: kerberos5/usr.bin/telnet/Makefile
> ===================================================================
> RCS file: /home/ncvs/src/kerberos5/usr.bin/telnet/Makefile,v
> retrieving revision 1.16
> retrieving revision 1.17
> diff -c -c -r1.16 -r1.17
> *** kerberos5/usr.bin/telnet/Makefile 17 Dec 2001 01:33:20 -0000 1.16
> --- kerberos5/usr.bin/telnet/Makefile 6 Mar 2003 13:41:52 -0000 1.17
> ***************
> *** 9,15 ****
> -DENCRYPTION -DAUTHENTICATION -DIPSEC -DINET6 \
> -I${TELNETDIR} -I${TELNETDIR}/libtelnet/
>
> ! CFLAGS+= -DKRB5
>
> WARNS?= 2
>
> --- 9,15 ----
> -DENCRYPTION -DAUTHENTICATION -DIPSEC -DINET6 \
> -I${TELNETDIR} -I${TELNETDIR}/libtelnet/
>
> ! CFLAGS+= -DKRB5 -DFORWARD -Dnet_write=telnet_net_write
>
> WARNS?= 2
>
> Index: kerberos5/libexec/telnetd/Makefile
> ===================================================================
> RCS file: /home/ncvs/src/kerberos5/libexec/telnetd/Makefile,v
> retrieving revision 1.15
> retrieving revision 1.16
> diff -c -c -r1.15 -r1.16
> *** kerberos5/libexec/telnetd/Makefile 17 Dec 2001 01:33:20 -0000 1.15
> --- kerberos5/libexec/telnetd/Makefile 6 Mar 2003 13:41:52 -0000 1.16
> ***************
> *** 12,18 ****
> CFLAGS+= -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON \
> -DENV_HACK -DAUTHENTICATION -DENCRYPTION \
> -I${TELNETDIR} -DINET6
> ! CFLAGS+= -DKRB5
>
> WARNS?= 2
>
> --- 12,18 ----
> CFLAGS+= -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON \
> -DENV_HACK -DAUTHENTICATION -DENCRYPTION \
> -I${TELNETDIR} -DINET6
> ! CFLAGS+= -DKRB5 -DFORWARD -Dnet_write=telnet_net_write
>
> WARNS?= 2
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EA82CBF.3060506>