Date: Tue, 20 Jun 2000 11:17:25 -0700 (PDT) From: joelh@gnu.org To: FreeBSD-gnats-submit@freebsd.org Subject: bin/19405: telnetd sends DO AUTHENTICATION w/ authentication disabled [PATCH] Message-ID: <200006201817.LAA64066@beastie.mayfield.hp.com>
next in thread | raw e-mail | index | archive | help
>Number: 19405
>Category: bin
>Synopsis: telnetd sends DO AUTHENTICATION even if authentication is disabled
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jun 20 11:20:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Joel Ray Holveck
>Release: FreeBSD 4.0-STABLE i386
>Organization:
>Environment:
FreeBSD 4.0 w/ crypto.
inetd.conf lists:
telnet stream tcp nowait root /home/joelh/telnetd/telnetd telnetd -a off
>Description:
telnetd sends DO AUTHENTICATION even when authentication is disabled. With
HP-UX 11.0 telnet, this causes a deadlock condition, in which the server is
waiting for a WILL/WONT AUTHENTICATION, and the client... well I don't know
what the client is thinking. Here's a trace for the interested. The boxes
in question are tonga (HP-UX 11.0) and beastie (FreeBSD 4.0).
10:58:21.015413 tonga.49417 > beastie.telnet: S 2767829556:2767829556(0) win 32768 <mss 1460,wscale 0,nop> (ttl 64, id 38837)
10:58:21.015985 beastie.telnet > tonga.49417: S 3941562774:3941562774(0) ack 2767829557 win 17520 <mss 1460,nop,wscale 0> (DF) (ttl 64, id 2711)
10:58:21.026234 tonga.49417 > beastie.telnet: P 1:16(15) ack 1 win 32768 [telnet DO SUPPRESS GO AHEAD, WILL TERMINAL TYPE, WILL TSPEED, WILL LFLOW, WILL NAWS] (ttl 64, id 38838)
10:58:21.118078 beastie.telnet > tonga.49417: P 1:4(3) ack 16 win 17505 [telnet DO AUTHENTICATION] (DF) [tos 0x10] (ttl 64, id 2715)
10:58:21.187846 tonga.49417 > beastie.telnet: . 16:16(0) ack 4 win 32768 (ttl 64, id 38839)
10:58:21.188154 beastie.telnet > tonga.49417: P 4:19(15) ack 16 win 17520 [telnet WILL SUPPRESS GO AHEAD, DO TERMINAL TYPE, DO TSPEED, DO LFLOW, DO NAWS] (DF) [tos 0x10] (ttl 64, id 2718)
10:58:21.189491 tonga.49417 > beastie.telnet: P 16:25(9) ack 19 win 32768 [telnet SB NAWS IS 'P' SE] (ttl 64, id 38840)
10:58:21.280924 beastie.telnet > tonga.49417: . 19:19(0) ack 25 win 17520 (DF) [tos 0x10] (ttl 64, id 2719)
=== wait for a while, then close telnet ===
10:58:28.942639 tonga.49417 > beastie.telnet: F 25:25(0) ack 19 win 32768 (ttl 64, id 38841)
10:58:28.942987 beastie.telnet > tonga.49417: . 19:19(0) ack 26 win 17520 (DF) [tos 0x10] (ttl 64, id 2771)
10:58:28.946987 beastie.telnet > tonga.49417: F 19:19(0) ack 26 win 17520 (DF) [tos 0x10] (ttl 64, id 2772)
10:58:28.948412 tonga.49417 > beastie.telnet: . 26:26(0) ack 20 win 32768 (ttl 64, id 38842)
>How-To-Repeat:
Take a stock HP-UX 11.0 box and a FreeBSD 4.0 box with crypto installed. Edit
inetd.conf and add "-a off" to the end, and SIGHUP inetd. Start a tcpdump -v
if you like. Telnet from the HP to the BSD box. Watch a whole lot of nothing
happen.
>Fix:
For the problem of telnetd incorrectly sending DO AUTHENTICATE:
Apply the below patch to /usr/src/crypto/telnet/telnetd/telnetd.c
(The non-crypto telnetd has this code #ifdef'd out anyway. The heimdal and
krb4 telnetd's are much different; I don't know if they suffer the same
symptoms.)
-----cut here-----
--- telnetd.c.orig Tue Jun 20 11:08:41 2000
+++ telnetd.c Fri Jun 9 18:38:27 2000
@@ -643,11 +643,13 @@
/*
* Handle the Authentication option before we do anything else.
*/
- send_do(TELOPT_AUTHENTICATION, 1);
- while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
- ttloop();
- if (his_state_is_will(TELOPT_AUTHENTICATION)) {
- retval = auth_wait(name);
+ if (auth_level >= 0) {
+ send_do(TELOPT_AUTHENTICATION, 1);
+ while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
+ ttloop();
+ if (his_state_is_will(TELOPT_AUTHENTICATION)) {
+ retval = auth_wait(name);
+ }
}
#endif
-----cut here-----
If you're having the problem with HP/BSD communication, apply the above patch
and disable authentication (described in How-To-Repeat, above).
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200006201817.LAA64066>