Mercurial > illumos > illumos-gate
changeset 1347:c9528d741a36
6317227 telnet doesn't like default_tgs_enctypes = des-cbc-md5
author | mp153739 |
---|---|
date | Sat, 28 Jan 2006 05:05:29 -0800 |
parents | 58dee239bb42 |
children | 11df8410c452 |
files | usr/src/cmd/cmd-inet/usr.bin/telnet/kerberos5.c |
diffstat | 1 files changed, 45 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/usr/src/cmd/cmd-inet/usr.bin/telnet/kerberos5.c Fri Jan 27 21:48:55 2006 -0800 +++ b/usr/src/cmd/cmd-inet/usr.bin/telnet/kerberos5.c Sat Jan 28 05:05:29 2006 -0800 @@ -1,5 +1,5 @@ /* - * Copyright 2002 Sun Microsystems, Inc. All rights reserved. + * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ @@ -84,8 +84,8 @@ extern boolean_t auth_debug_mode; extern int net; -#define DEFAULT_ENCTYPE ENCTYPE_DES_CBC_CRC -#define ACCEPT_ENCTYPES (ENCTYPE_DES_CBC_CRC | ENCTYPE_DES_CBC_MD5) +#define ACCEPTED_ENCTYPE(a) \ + (a == ENCTYPE_DES_CBC_CRC || a == ENCTYPE_DES_CBC_MD5) /* for comapatibility with non-Solaris KDC's, this has to be big enough */ #define KERBEROS_BUFSIZ 8192 @@ -205,6 +205,9 @@ krb5_keyblock *newkey = 0; + int i; + krb5_enctype *ktypes; + if (!UserNameRequested) { if (auth_debug_mode) (void) printf(gettext("telnet: Kerberos V5: " @@ -256,8 +259,44 @@ krb5_free_cred_contents(telnet_context, &creds); return (0); } +/* + * Check to to confirm that at least one of the supported + * encryption types (des-cbc-md5, des-cbc-crc is available. If + * one is available then use it to obtain credentials. + */ - creds.keyblock.enctype = DEFAULT_ENCTYPE; + if ((retval = krb5_get_tgs_ktypes(telnet_context, creds.server, + &ktypes))) { + if (auth_debug_mode) { + (void) printf(gettext( + "telnet: Kerberos V5: could not determine " + "TGS encryption types " + "(see default_tgs_enctypes in krb5.conf) " + "(%s)\r\n"), error_message(retval)); + } + krb5_free_cred_contents(telnet_context, &creds); + return (0); + } + + for (i = 0; ktypes[i]; i++) { + if (ACCEPTED_ENCTYPE(ktypes[i])) + break; + } + + if (ktypes[i] == 0) { + if (auth_debug_mode) { + (void) printf(gettext( + "telnet: Kerberos V5: " + "failure on encryption types. " + "Cannot find des-cbc-md5 or des-cbc-crc " + "in list of TGS encryption types " + "(see default_tgs_enctypes in krb5.conf)\n")); + } + krb5_free_cred_contents(telnet_context, &creds); + return (0); + } + + creds.keyblock.enctype = ktypes[i]; if ((retval = krb5_get_credentials(telnet_context, 0, ccache, &creds, &new_creds))) { if (auth_debug_mode) { @@ -310,8 +349,8 @@ * keep the key in our private storage, but don't use it * yet---see kerberos5_reply() below */ - if (!(newkey->enctype & ACCEPT_ENCTYPES)) { - if (!(new_creds->keyblock.enctype & ACCEPT_ENCTYPES)) + if (!(ACCEPTED_ENCTYPE(newkey->enctype))) { + if (!(ACCEPTED_ENCTYPE(new_creds->keyblock.enctype))) /* use the session key in credentials instead */ krb5_copy_keyblock(telnet_context, &new_creds->keyblock, &session_key);