Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 17 Mar 2001 17:35:29 -0800 (PST)
From:      Cy.Schubert@uumail.gov.bc.ca
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   bin/25885: telnetd -a off broken
Message-ID:  <200103180135.f2I1ZTx13105@cwsys.cwsent.com>
next in thread | raw e-mail | index | archive | help 

>Number:         25885
>Category:       bin
>Synopsis:       telnet -a off still uses SRA authentication
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 17 17:40:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     
>Release:        FreeBSD 4.3-BETA i386
>Organization:
ITSD Province of BC
>Environment:
System: FreeBSD cwsys 4.3-BETA FreeBSD 4.3-BETA #0: Fri Mar 16 18:50:45 PST 2001 root@cwsys:/opt/cvs-430b/src/sys/compile/CWSYS i386


>Description:
	"telnetd -a off" continues to use SRA.  The man page documents
	it should not.
>How-To-Repeat:
	Telnet from a FreeBSD system to a FreeBSD system which has
	"telnetd -a off" specified in inetd.conf.
>Fix:

The following patch fixes src/libexec/telnetd and src/crypto/telnet/telnetd.

--- src/libexec/telnetd/state.c.orig	Mon Mar  5 03:25:26 2001
+++ src/libexec/telnetd/state.c	Sat Mar 17 16:45:15 2001
@@ -564,8 +564,10 @@
 
 #ifdef	AUTHENTICATION
 		case TELOPT_AUTHENTICATION:
-			func = auth_request;
-			changeok++;
+			if (auth_level >= 0) {
+				func = auth_request;
+				changeok++;
+			}
 			break;
 #endif
 
@@ -624,7 +626,8 @@
 
 #ifdef	AUTHENTICATION
 		case TELOPT_AUTHENTICATION:
-			func = auth_request;
+			if (auth_level >= 0)
+				func = auth_request;
 			break;
 #endif
 
@@ -724,7 +727,8 @@
 
 #if	defined(AUTHENTICATION)
 		case TELOPT_AUTHENTICATION:
-			auth_finished(0, AUTH_REJECT);
+			if (auth_level >= 0)
+				auth_finished(0, AUTH_REJECT);
 			break;
 #endif
 
@@ -777,7 +781,8 @@
 
 #if	defined(AUTHENTICATION)
 		case TELOPT_AUTHENTICATION:
-			auth_finished(0, AUTH_REJECT);
+			if (auth_level >= 0)
+				auth_finished(0, AUTH_REJECT);
 			break;
 #endif
 		default:
@@ -1418,6 +1423,8 @@
     }  /* end of case TELOPT_NEW_ENVIRON */
 #if	defined(AUTHENTICATION)
     case TELOPT_AUTHENTICATION:
+	if (auth_level < 0)
+		break;
 	if (SB_EOF())
 		break;
 	switch(SB_GET()) {
--- src/libexec/telnetd/telnetd.c.orig	Mon Mar  5 03:26:45 2001
+++ src/libexec/telnetd/telnetd.c	Sat Mar 17 16:28:56 2001
@@ -616,14 +616,16 @@
 
     settimer(baseline);
 #if	defined(AUTHENTICATION)
-    /*
-     * Handle the Authentication option before we do anything else.
-     */
-    send_do(TELOPT_AUTHENTICATION, 1);
-    while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
-	ttloop();
-    if (his_state_is_will(TELOPT_AUTHENTICATION)) {
-	retval = auth_wait(name);
+    if (auth_level >= 0) 
+	/*
+	 * Handle the Authentication option before we do anything else.
+	 */
+	send_do(TELOPT_AUTHENTICATION, 1);
+	while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
+	    ttloop();
+	if (his_state_is_will(TELOPT_AUTHENTICATION)) {
+	    retval = auth_wait(name);
+	}
     }
 #endif
 
--- src/libexec/telnetd/utility.c.orig	Mon Oct 30 21:31:47 2000
+++ src/libexec/telnetd/utility.c	Sat Mar 17 16:45:25 2001
@@ -971,6 +971,8 @@
 
 #if	defined(AUTHENTICATION)
 	case TELOPT_AUTHENTICATION:
+	    if (auth_level < 0)
+		break;
 	    sprintf(nfrontp, "AUTHENTICATION");
 	    nfrontp += strlen(nfrontp);
 
--- src/crypto/telnet/telnetd/state.c.orig	Fri Aug 27 18:26:15 1999
+++ src/crypto/telnet/telnetd/state.c	Sat Mar 17 16:52:41 2001
@@ -582,8 +582,10 @@
 
 #ifdef	AUTHENTICATION
 		case TELOPT_AUTHENTICATION:
-			func = auth_request;
-			changeok++;
+			if (auth_level >= 0) {
+				func = auth_request;
+				changeok++;
+			}
 			break;
 #endif
 
@@ -648,7 +650,8 @@
 
 #ifdef	AUTHENTICATION
 		case TELOPT_AUTHENTICATION:
-			func = auth_request;
+			if (auth_level >= 0)
+				func = auth_request;
 			break;
 #endif
 
@@ -752,7 +755,8 @@
 
 #if	defined(AUTHENTICATION)
 		case TELOPT_AUTHENTICATION:
-			auth_finished(0, AUTH_REJECT);
+			if (auth_level >= 0)
+				auth_finished(0, AUTH_REJECT);
 			break;
 #endif
 
@@ -805,7 +809,9 @@
 
 #if	defined(AUTHENTICATION)
 		case TELOPT_AUTHENTICATION:
-			auth_finished(0, AUTH_REJECT);
+			if (auth_level >= 0) {
+				auth_finished(0, AUTH_REJECT);
+			}
 			break;
 #endif
 		default:
@@ -1451,6 +1457,8 @@
     }  /* end of case TELOPT_NEW_ENVIRON */
 #if	defined(AUTHENTICATION)
     case TELOPT_AUTHENTICATION:
+	if (auth_level < 0)
+		break;
 	if (SB_EOF())
 		break;
 	switch(SB_GET()) {
--- src/crypto/telnet/telnetd/telnetd.c.orig	Mon Mar  5 03:35:42 2001
+++ src/crypto/telnet/telnetd/telnetd.c	Sat Mar 17 17:08:49 2001
@@ -640,14 +640,16 @@
 
     settimer(baseline);
 #if	defined(AUTHENTICATION)
-    /*
-     * Handle the Authentication option before we do anything else.
-     */
-    send_do(TELOPT_AUTHENTICATION, 1);
-    while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
-	ttloop();
-    if (his_state_is_will(TELOPT_AUTHENTICATION)) {
-	retval = auth_wait(name);
+	if (auth_level >= 0)
+	/*
+	 * Handle the Authentication option before we do anything else.
+	 */
+	send_do(TELOPT_AUTHENTICATION, 1);
+	while (his_will_wont_is_changing(TELOPT_AUTHENTICATION))
+	    ttloop();
+	if (his_state_is_will(TELOPT_AUTHENTICATION)) {
+	    retval = auth_wait(name);
+	}
     }
 #endif
 
--- src/crypto/telnet/telnetd/utility.c.orig	Mon Mar  5 03:37:25 2001
+++ src/crypto/telnet/telnetd/utility.c	Sat Mar 17 16:54:59 2001
@@ -1012,6 +1012,8 @@
 
 #if	defined(AUTHENTICATION)
 	case TELOPT_AUTHENTICATION:
+	    if (auth_level < 0)
+		break;
 	    sprintf(nfrontp, "AUTHENTICATION");
 	    nfrontp += strlen(nfrontp);
 
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103180135.f2I1ZTx13105>