Date: Thu, 2 Jan 2003 11:20:03 -0800 (PST) From: Bjorn Gronvall <bg@effnet.com> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/45397: Telnet dumps core when MAKE_KERBEROS5=yes is enabled Message-ID: <200301021920.h02JK3Zc069502@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/45397; it has been noted by GNATS.
From: Bjorn Gronvall <bg@effnet.com>
To: freebsd-gnats-submit@FreeBSD.org, ari.suutari@syncrontech.com,
roam@ringlet.net, bug-followup@FreeBSD.org, markm@FreeBSD.org
Cc:
Subject: Re: bin/45397: Telnet dumps core when MAKE_KERBEROS5=yes is enabled
Date: Thu, 02 Jan 2003 20:16:36 +0100
This is a multi-part message in MIME format.
--------------D1C7367BBBD2CF5FAB51F35F
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
This patch also renames net_write to telnet_net_write (as Peter
suggested). It also includes changes to
crypto/telnet/libtelnet/kerberos5.c to ensure that subkeys are
properly used (incorporated from heimdal).
After these two changes my telnet and telnetd interoperates
correctly with the heimdal ditos and and also with the old
FreeBSD telnetd.
Cheers,
Björn
--------------D1C7367BBBD2CF5FAB51F35F
Content-Type: text/plain; charset=us-ascii;
name="telnet.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="telnet.patch"
diff -ur crypto/telnet.orig/libtelnet/auth.c crypto/telnet/libtelnet/auth.c
--- crypto/telnet.orig/libtelnet/auth.c Sat Apr 13 12:59:07 2002
+++ crypto/telnet/libtelnet/auth.c Thu Jan 2 18:06:48 2003
@@ -359,7 +359,7 @@
}
*e++ = IAC;
*e++ = SE;
- net_write(str_request, e - str_request);
+ telnet_net_write(str_request, e - str_request);
printsub('>', &str_request[2], e - str_request - 2);
}
}
@@ -444,7 +444,7 @@
}
auth_send_data += 2;
}
- net_write(str_none, sizeof(str_none));
+ telnet_net_write(str_none, sizeof(str_none));
printsub('>', &str_none[2], sizeof(str_none) - 2);
if (auth_debug_mode)
printf(">>>%s: Sent failure message\r\n", Name);
@@ -537,7 +537,7 @@
}
*e++ = IAC;
*e++ = SE;
- net_write(str_request, e - str_request);
+ telnet_net_write(str_request, e - str_request);
printsub('>', &str_request[2], e - &str_request[2]);
return(1);
}
diff -ur crypto/telnet.orig/libtelnet/enc_des.c crypto/telnet/libtelnet/enc_des.c
--- crypto/telnet.orig/libtelnet/enc_des.c Sat Apr 13 12:59:07 2002
+++ crypto/telnet/libtelnet/enc_des.c Thu Jan 2 18:06:50 2003
@@ -225,7 +225,7 @@
*p++ = IAC;
*p++ = SE;
printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
- net_write(fbp->fb_feed, p - fbp->fb_feed);
+ telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
break;
default:
return(FAILED);
@@ -284,7 +284,7 @@
*p++ = IAC;
*p++ = SE;
printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
- net_write(fbp->fb_feed, p - fbp->fb_feed);
+ telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
state = fbp->state[DIR_DECRYPT-1] = IN_PROGRESS;
break;
@@ -309,7 +309,7 @@
*p++ = IAC;
*p++ = SE;
printsub('>', &fbp->fb_feed[2], p - &fbp->fb_feed[2]);
- net_write(fbp->fb_feed, p - fbp->fb_feed);
+ telnet_net_write(fbp->fb_feed, p - fbp->fb_feed);
break;
}
diff -ur crypto/telnet.orig/libtelnet/encrypt.c crypto/telnet/libtelnet/encrypt.c
--- crypto/telnet.orig/libtelnet/encrypt.c Sat Apr 13 12:59:07 2002
+++ crypto/telnet/libtelnet/encrypt.c Thu Jan 2 18:06:50 2003
@@ -427,7 +427,7 @@
*/
if (!Server && autodecrypt)
encrypt_send_request_start();
- net_write(str_send, str_suplen);
+ telnet_net_write(str_send, str_suplen);
printsub('>', &str_send[2], str_suplen - 2);
str_suplen = 0;
}
@@ -773,7 +773,7 @@
}
*strp++ = IAC;
*strp++ = SE;
- net_write(str_keyid, strp - str_keyid);
+ telnet_net_write(str_keyid, strp - str_keyid);
printsub('>', &str_keyid[2], strp - str_keyid - 2);
}
@@ -832,7 +832,7 @@
}
*p++ = IAC;
*p++ = SE;
- net_write(str_start, p - str_start);
+ telnet_net_write(str_start, p - str_start);
net_encrypt();
printsub('>', &str_start[2], p - &str_start[2]);
/*
@@ -858,7 +858,7 @@
return;
str_end[3] = ENCRYPT_END;
- net_write(str_end, sizeof(str_end));
+ telnet_net_write(str_end, sizeof(str_end));
net_encrypt();
printsub('>', &str_end[2], sizeof(str_end) - 2);
/*
@@ -886,7 +886,7 @@
}
*p++ = IAC;
*p++ = SE;
- net_write(str_start, p - str_start);
+ telnet_net_write(str_start, p - str_start);
printsub('>', &str_start[2], p - &str_start[2]);
if (encrypt_debug_mode)
printf(">>>%s: Request input to be encrypted\r\n", Name);
@@ -896,7 +896,7 @@
encrypt_send_request_end(void)
{
str_end[3] = ENCRYPT_REQEND;
- net_write(str_end, sizeof(str_end));
+ telnet_net_write(str_end, sizeof(str_end));
printsub('>', &str_end[2], sizeof(str_end) - 2);
if (encrypt_debug_mode)
diff -ur crypto/telnet.orig/libtelnet/kerberos.c crypto/telnet/libtelnet/kerberos.c
--- crypto/telnet.orig/libtelnet/kerberos.c Sat Apr 13 12:59:07 2002
+++ crypto/telnet/libtelnet/kerberos.c Thu Jan 2 18:06:51 2003
@@ -126,7 +126,7 @@
*p++ = SE;
if (str_data[3] == TELQUAL_IS)
printsub('>', &str_data[2], p - (&str_data[2]));
- return(net_write(str_data, p - str_data));
+ return(telnet_net_write(str_data, p - str_data));
}
int
diff -ur crypto/telnet.orig/libtelnet/kerberos5.c crypto/telnet/libtelnet/kerberos5.c
--- crypto/telnet.orig/libtelnet/kerberos5.c Sat Apr 13 12:59:07 2002
+++ crypto/telnet/libtelnet/kerberos5.c Thu Jan 2 18:06:51 2003
@@ -128,7 +128,7 @@
*p++ = SE;
if (str_data[3] == TELQUAL_IS)
printsub('>', &str_data[2], p - &str_data[2]);
- return(net_write(str_data, p - str_data));
+ return(telnet_net_write(str_data, p - str_data));
}
int
@@ -193,6 +193,8 @@
else
ap_opts = 0;
+ ap_opts |= AP_OPTS_USE_SUBKEY;
+
ret = krb5_auth_con_init (context, &auth_context);
if (ret) {
if (auth_debug_mode) {
@@ -406,6 +408,29 @@
printf("Kerberos V5: "
"krb5_auth_con_getremotesubkey failed (%s)\r\n",
krb5_get_err_text(context, ret));
+ return;
+ }
+
+ if (key_block == NULL) {
+ ret = krb5_auth_con_getkey(context,
+ auth_context,
+ &key_block);
+ }
+ if (ret) {
+ Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
+ auth_finished(ap, AUTH_REJECT);
+ if (auth_debug_mode)
+ printf("Kerberos V5: "
+ "krb5_auth_con_getkey failed (%s)\r\n",
+ krb5_get_err_text(context, ret));
+ return;
+ }
+ if (key_block == NULL) {
+ Data(ap, KRB_REJECT, "no subkey received", -1);
+ auth_finished(ap, AUTH_REJECT);
+ if (auth_debug_mode)
+ printf("Kerberos V5: "
+ "krb5_auth_con_getremotesubkey returned NULL key\r\n");
return;
}
diff -ur crypto/telnet.orig/libtelnet/krb4encpwd.c crypto/telnet/libtelnet/krb4encpwd.c
--- crypto/telnet.orig/libtelnet/krb4encpwd.c Sat Apr 13 12:59:07 2002
+++ crypto/telnet/libtelnet/krb4encpwd.c Thu Jan 2 18:06:52 2003
@@ -146,7 +146,7 @@
*p++ = SE;
if (str_data[3] == TELQUAL_IS)
printsub('>', &str_data[2], p - (&str_data[2]));
- return(net_write(str_data, p - str_data));
+ return(telnet_net_write(str_data, p - str_data));
}
int
diff -ur crypto/telnet.orig/libtelnet/misc-proto.h crypto/telnet/libtelnet/misc-proto.h
--- crypto/telnet.orig/libtelnet/misc-proto.h Sat Apr 13 12:59:07 2002
+++ crypto/telnet/libtelnet/misc-proto.h Thu Jan 2 18:06:52 2003
@@ -71,7 +71,7 @@
/*
* These functions are imported from the application
*/
-int net_write(unsigned char *, int);
+int telnet_net_write(unsigned char *, int);
void net_encrypt(void);
int telnet_spin(void);
char *telnet_getenv(char *);
diff -ur crypto/telnet.orig/libtelnet/rsaencpwd.c crypto/telnet/libtelnet/rsaencpwd.c
--- crypto/telnet.orig/libtelnet/rsaencpwd.c Sat Apr 13 12:59:07 2002
+++ crypto/telnet/libtelnet/rsaencpwd.c Thu Jan 2 18:06:52 2003
@@ -142,7 +142,7 @@
*p++ = SE;
if (str_data[3] == TELQUAL_IS)
printsub('>', &str_data[2], p - (&str_data[2]));
- return(net_write(str_data, p - str_data));
+ return(telnet_net_write(str_data, p - str_data));
}
int
diff -ur crypto/telnet.orig/libtelnet/sra.c crypto/telnet/libtelnet/sra.c
--- crypto/telnet.orig/libtelnet/sra.c Thu May 16 10:46:49 2002
+++ crypto/telnet/libtelnet/sra.c Thu Jan 2 18:06:53 2003
@@ -106,7 +106,7 @@
*p++ = SE;
if (str_data[3] == TELQUAL_IS)
printsub('>', &str_data[2], p - (&str_data[2]));
- return(net_write(str_data, p - str_data));
+ return(telnet_net_write(str_data, p - str_data));
}
int
diff -ur crypto/telnet.orig/telnet/authenc.c crypto/telnet/telnet/authenc.c
--- crypto/telnet.orig/telnet/authenc.c Sat Apr 13 12:59:08 2002
+++ crypto/telnet/telnet/authenc.c Thu Jan 2 18:06:53 2003
@@ -55,7 +55,7 @@
#include "types.h"
int
-net_write(unsigned char *str, int len)
+telnet_net_write(unsigned char *str, int len)
{
if (NETROOM() > len) {
ring_supply_data(&netoring, str, len);
diff -ur crypto/telnet.orig/telnetd/authenc.c crypto/telnet/telnetd/authenc.c
--- crypto/telnet.orig/telnetd/authenc.c Sat Apr 13 12:59:08 2002
+++ crypto/telnet/telnetd/authenc.c Thu Jan 2 18:06:54 2003
@@ -47,7 +47,7 @@
#include <libtelnet/misc.h>
int
-net_write(unsigned char *str, int len)
+telnet_net_write(unsigned char *str, int len)
{
if (nfrontp + len < netobuf + BUFSIZ) {
output_datalen(str, len);
--------------D1C7367BBBD2CF5FAB51F35F--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301021920.h02JK3Zc069502>