mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 04:43:53 +00:00
Unbreak Kerberos 5 authentication in telnet.
(Credential forwarding is still broken.) PR: bin/45397
This commit is contained in:
parent
1303bfb807
commit
81d1ffee08
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=111946
|
@ -192,6 +192,7 @@ kerberos5_send(const char *name, Authenticator *ap)
|
|||
ap_opts = AP_OPTS_MUTUAL_REQUIRED;
|
||||
else
|
||||
ap_opts = 0;
|
||||
ap_opts |= AP_OPTS_USE_SUBKEY;
|
||||
|
||||
ret = krb5_auth_con_init (context, &auth_context);
|
||||
if (ret) {
|
||||
|
@ -409,6 +410,29 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
|
|||
return;
|
||||
}
|
||||
|
||||
if (key_block == NULL) {
|
||||
ret = krb5_auth_con_getkey(context,
|
||||
auth_context,
|
||||
&key_block);
|
||||
}
|
||||
if (ret) {
|
||||
Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
|
||||
auth_finished(ap, AUTH_REJECT);
|
||||
if (auth_debug_mode)
|
||||
printf("Kerberos V5: "
|
||||
"krb5_auth_con_getkey failed (%s)\r\n",
|
||||
krb5_get_err_text(context, ret));
|
||||
return;
|
||||
}
|
||||
if (key_block == NULL) {
|
||||
Data(ap, KRB_REJECT, "no subkey received", -1);
|
||||
auth_finished(ap, AUTH_REJECT);
|
||||
if (auth_debug_mode)
|
||||
printf("Kerberos V5: "
|
||||
"krb5_auth_con_getremotesubkey returned NULL key\r\n");
|
||||
return;
|
||||
}
|
||||
|
||||
if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
|
||||
ret = krb5_mk_rep(context, auth_context, &outbuf);
|
||||
if (ret) {
|
||||
|
|
|
@ -192,6 +192,7 @@ kerberos5_send(const char *name, Authenticator *ap)
|
|||
ap_opts = AP_OPTS_MUTUAL_REQUIRED;
|
||||
else
|
||||
ap_opts = 0;
|
||||
ap_opts |= AP_OPTS_USE_SUBKEY;
|
||||
|
||||
ret = krb5_auth_con_init (context, &auth_context);
|
||||
if (ret) {
|
||||
|
@ -409,6 +410,29 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
|
|||
return;
|
||||
}
|
||||
|
||||
if (key_block == NULL) {
|
||||
ret = krb5_auth_con_getkey(context,
|
||||
auth_context,
|
||||
&key_block);
|
||||
}
|
||||
if (ret) {
|
||||
Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
|
||||
auth_finished(ap, AUTH_REJECT);
|
||||
if (auth_debug_mode)
|
||||
printf("Kerberos V5: "
|
||||
"krb5_auth_con_getkey failed (%s)\r\n",
|
||||
krb5_get_err_text(context, ret));
|
||||
return;
|
||||
}
|
||||
if (key_block == NULL) {
|
||||
Data(ap, KRB_REJECT, "no subkey received", -1);
|
||||
auth_finished(ap, AUTH_REJECT);
|
||||
if (auth_debug_mode)
|
||||
printf("Kerberos V5: "
|
||||
"krb5_auth_con_getremotesubkey returned NULL key\r\n");
|
||||
return;
|
||||
}
|
||||
|
||||
if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
|
||||
ret = krb5_mk_rep(context, auth_context, &outbuf);
|
||||
if (ret) {
|
||||
|
|
|
@ -16,6 +16,7 @@ SRCS+= kerberos5.c
|
|||
|
||||
CFLAGS+= -DENCRYPTION -DAUTHENTICATION -DSRA -I${TELNETDIR}
|
||||
CFLAGS+= -DKRB5 -I${KRB5DIR}/lib/krb5 -I${KRB5OBJDIR} -I${ASN1OBJDIR}
|
||||
CFLAGS+= -DFORWARD -Dnet_write=telnet_net_write
|
||||
|
||||
INCS= ${TELNETDIR}/arpa/telnet.h
|
||||
INCSDIR= ${INCLUDEDIR}/arpa
|
||||
|
|
|
@ -12,7 +12,7 @@ SRCS= global.c slc.c state.c sys_term.c telnetd.c \
|
|||
CFLAGS+= -DLINEMODE -DUSE_TERMIO -DDIAGNOSTICS -DOLD_ENVIRON \
|
||||
-DENV_HACK -DAUTHENTICATION -DENCRYPTION \
|
||||
-I${TELNETDIR} -DINET6
|
||||
CFLAGS+= -DKRB5
|
||||
CFLAGS+= -DKRB5 -DFORWARD -Dnet_write=telnet_net_write
|
||||
|
||||
WARNS?= 2
|
||||
|
||||
|
|
|
@ -9,7 +9,7 @@ CFLAGS+= -DKLUDGELINEMODE -DUSE_TERMIO -DENV_HACK -DOPIE \
|
|||
-DENCRYPTION -DAUTHENTICATION -DIPSEC -DINET6 \
|
||||
-I${TELNETDIR} -I${TELNETDIR}/libtelnet/
|
||||
|
||||
CFLAGS+= -DKRB5
|
||||
CFLAGS+= -DKRB5 -DFORWARD -Dnet_write=telnet_net_write
|
||||
|
||||
WARNS?= 2
|
||||
|
||||
|
|
Loading…
Reference in a new issue