[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: kerberos telnet?
|
From: |
Simon Josefsson |
|
Subject: |
Re: kerberos telnet? |
|
Date: |
Fri, 06 Dec 2002 07:51:30 +0100 |
|
User-agent: |
Gnus/5.090008 (Oort Gnus v0.08) Emacs/21.3.50 (i686-pc-linux-gnu) |
Sergey Poznyakoff <address@hidden> writes:
>> With the patch below I got it to compile, but it does not do kerberos
>> authentication (same behaviour as in original report). I will try to
>> investigate more at some point in time...
>
> Try enabling debugging to get more information: Invoke telnetd with
> --debug=report,options,ptydata,netdata, then it will print its
> debug info to /tmp/telnet.debug file. Also add the following
> line to your $HOME/.telnetrc file:
>
> DEFAULT toggle authdebug
I forgot to add -a, it now works (the patch from
address@hidden is still needed though).
What do you think of the patch below? It makes Kerberos Telnet logon
somewhat clearer (especially the part about server authentication).
? config.h
? stamp-h1
Index: libtelnet/auth.c
===================================================================
RCS file: /cvsroot/inetutils/inetutils/libtelnet/auth.c,v
retrieving revision 1.5
diff -u -p -r1.5 auth.c
--- libtelnet/auth.c 6 Jul 2000 04:21:08 -0000 1.5
+++ libtelnet/auth.c 6 Dec 2002 06:48:23 -0000
@@ -217,9 +217,18 @@ auth_init(name, server)
if (!ap->init || (*ap->init)(ap, server)) {
i_support |= typemask(ap->type);
if (auth_debug_mode)
- printf(">>>%s: I support auth type %d %d\r\n",
+ printf(">>>%s: I support auth type %s (%d) %s
(%d)\r\n",
Name,
- ap->type, ap->way);
+ AUTHTYPE_NAME_OK(ap->type) ?
+ AUTHTYPE_NAME(ap->type) :
+ "unknown",
+ ap->type,
+ ap->way &
+ AUTH_HOW_MASK &
+ AUTH_HOW_MUTUAL ?
+ "MUTUAL" :
+ "ONEWAY",
+ ap->way);
}
else if (auth_debug_mode)
printf(">>>%s: Init failed: auth type %d %d\r\n",
@@ -429,16 +438,34 @@ auth_send(data, cnt)
}
while ((auth_send_cnt -= 2) >= 0) {
if (auth_debug_mode)
- printf(">>>%s: He supports %d\r\n",
- Name, *auth_send_data);
+ printf(">>>%s: He supports %s (%d) %s (%d)\r\n",
+ Name, AUTHTYPE_NAME_OK(auth_send_data[0]) ?
+ AUTHTYPE_NAME(auth_send_data[0]) :
+ "unknown",
+ auth_send_data[0],
+ auth_send_data[1] &
+ AUTH_HOW_MASK &
+ AUTH_HOW_MUTUAL ?
+ "MUTUAL" :
+ "ONEWAY",
+ auth_send_data[1]);
if ((i_support & ~i_wont_support) & typemask(*auth_send_data)) {
ap = findauthenticator(auth_send_data[0],
auth_send_data[1]);
if (ap && ap->send) {
if (auth_debug_mode)
- printf(">>>%s: Trying %d %d\r\n",
- Name, auth_send_data[0],
- auth_send_data[1]);
+ printf(">>>%s: Trying %s (%d) %s
(%d)\r\n",
+ Name,
+
AUTHTYPE_NAME_OK(auth_send_data[0]) ?
+ AUTHTYPE_NAME(auth_send_data[0])
:
+ "unknown",
+ auth_send_data[0],
+ auth_send_data[1] &
+ AUTH_HOW_MASK &
+ AUTH_HOW_MUTUAL ?
+ "MUTUAL" :
+ "ONEWAY",
+ auth_send_data[1]);
if ((*ap->send)(ap)) {
/*
* Okay, we found one we like
@@ -446,8 +473,12 @@ auth_send(data, cnt)
* we can go home now.
*/
if (auth_debug_mode)
- printf(">>>%s: Using type
%d\r\n",
- Name, *auth_send_data);
+ printf(">>>%s: Using type %s
(%d)\r\n",
+ Name,
+
AUTHTYPE_NAME_OK(*auth_send_data) ?
+
AUTHTYPE_NAME(*auth_send_data) :
+ "unknown",
+ *auth_send_data);
auth_send_data += 2;
return;
}
Index: libtelnet/kerberos5.c
===================================================================
RCS file: /cvsroot/inetutils/inetutils/libtelnet/kerberos5.c,v
retrieving revision 1.7
diff -u -p -r1.7 kerberos5.c
--- libtelnet/kerberos5.c 13 Sep 2002 10:46:49 -0000 1.7
+++ libtelnet/kerberos5.c 6 Dec 2002 06:48:23 -0000
@@ -45,6 +45,10 @@
# define KRB5_ENV_CCNAME "KRB5CCNAME"
#endif
+#ifdef ENCRYPTION
+#include "encrypt.h"
+#endif
+
#ifdef FORWARD
/* FIXME: This is set directly from telnet/main.c */
int forward_flags = 0;
@@ -361,9 +365,12 @@ kerberos5_reply (Authenticator *ap, unsi
}
telnet_encrypt_key (&skey);
}
-
+
if (cnt)
- printf ("[ Kerberos V5 accepts you as ``%.*s'' ]\r\n", cnt, data);
+ printf ("[ Kerberos V5 accepts you as ``%.*s''%s ]\r\n", cnt, data,
+ mutual_complete ?
+ " (server authenticated)" :
+ " (server NOT authenticated)");
else
printf ("[ Kerberos V5 accepts you ]\r\n");
auth_finished(ap, AUTH_USER);
- Re: kerberos telnet?,
Simon Josefsson <=