|
| From: | shishi-commit |
| Subject: | Remove most harding coding of etypes, and add comment explaining the [...] |
| Date: | Sat, 13 Dec 2003 13:45:12 +0100 |
| Commit from jas | 2003-12-13 13:45 CET |
Remove most harding coding of etypes, and add comment explaining the situation for the only remaining occurance.
| Module | File name | Revision | |||
|---|---|---|---|---|---|
| inetutils | libtelnet/shishi.c | 1.4 | >>> | 1.5 | |
| inetutils/libtelnet/shishi.c 1.4 >>> 1.5 |
|---|
| Line 147 |
|
sprintf (tmp, "host/%s", RemoteHostName); memset (&hint, 0, sizeof (hint)); hint.server = tmp; |
|
+ /* First look specifically for DES keys to interop with non-RFC 2952 + compliant telnetd's (i.e., many telnetd, including this one). + The problem is that instead of truncating overlong keys and + fixing the parity bits, as RFC 2952 describe, they simply reject + the encryption request. See enc_des.c:fb64_session, but even + after fixing this implementation you would still have problems + talking to other implementations that aren't fixed. */ |
|
hint.etype = SHISHI_DES_CBC_MD5; tkt = shishi_tkts_get (shishi_tkts_default (shishi_handle), &hint); |
|
+ if (!tkt) + { + /* No DES key found, just get any key and hope for the best. */ + hint.etype = 0; + tkt = shishi_tkts_get (shishi_tkts_default (shishi_handle), &hint); + } |
|
free (tmp); if (!tkt) { |
| Line 173 |
|
type_check[0] = ap->type; type_check[1] = ap->way; |
|
- rc = shishi_ap_etype (shishi_handle, &auth_handle, SHISHI_DES_CBC_MD5); - if (rc != SHISHI_OK) - { - DEBUG (("telnet: Kerberos V5: Could not make AP-REQ (%s)\r\n", - shishi_strerror (rc))); - return 0; - } - - rc = shishi_ap_set_tktoptionsdata (auth_handle, tkt, ap_opts, - (char *) &type_check, 2); |
|
+ rc = shishi_ap_tktoptionsdata (shishi_handle, &auth_handle, + tkt, ap_opts, (char *) &type_check, 2); |
|
if (rc != SHISHI_OK) { DEBUG (("telnet: Kerberos V5: Could not make AP-REQ (%s)\r\n", |
| Line 199 |
|
rc = shishi_authenticator_get_subkey (shishi_handle, shishi_ap_authenticator (auth_handle), &enckey); |
|
- if ((rc != SHISHI_OK) || (shishi_key_type (enckey) != SHISHI_DES_CBC_MD5)) |
|
+ if (rc != SHISHI_OK) |
|
{ DEBUG (("telnet: Kerberos V5: could not get encryption key (%s)\r\n", shishi_strerror (rc))); |
| Line 244 |
|
void shishi_init_key (Session_Key * skey, int type) { |
|
- skey->type = SK_DES; - skey->length = 8; |
|
+ int32_t etype = shishi_key_type (enckey); + + if (etype == SHISHI_DES_CBC_CRC || + etype == SHISHI_DES_CBC_MD4 || + etype == SHISHI_DES_CBC_MD5) + skey->type = SK_DES; + else + skey->type = SK_OTHER; + skey->length = shishi_key_length (enckey); |
|
skey->data = shishi_key_value (enckey); |
|
+ |
|
encrypt_session_key (skey, type); } #endif |
| Line 451 |
|
enckey = NULL; } |
|
- rc = shishi_authenticator_get_subkey (shishi_handle, shishi_ap_authenticator (auth_handle), &enckey); - if ((rc != SHISHI_OK) || ((shishi_key_type (enckey) != SHISHI_DES_CBC_CRC) && - (shishi_key_type (enckey) != SHISHI_DES_CBC_MD5))) |
|
+ rc = shishi_authenticator_get_subkey (shishi_handle, + shishi_ap_authenticator (auth_handle), + &enckey); + if (rc != SHISHI_OK) |
|
{ Shishi_tkt * tkt; |
|
- |
|
+ |
|
tkt = shishi_ap_tkt (auth_handle); |
|
- if (tkt == NULL) |
|
+ if (tkt) |
|
{ |
|
- snprintf (errbuf, errbuflen, "telnet: Kerberos V5: could get encryption key (%s)\r\n", - shishi_strerror (rc)); - return 1; - } |
|
+ rc = shishi_encticketpart_get_key (shishi_handle, + shishi_tkt_encticketpart (tkt), + &enckey); + if (rc != SHISHI_OK) + enckey = NULL; |
|
|
|
- rc = shishi_encticketpart_get_key (shishi_handle, shishi_tkt_encticketpart (tkt), &enckey); - if ((rc != SHISHI_OK) || ((shishi_key_type (enckey) != SHISHI_DES_CBC_CRC) && - (shishi_key_type (enckey) != SHISHI_DES_CBC_MD5))) - { - snprintf (errbuf, errbuflen, "telnet: Kerberos V5: could get encryption key (%s)\r\n", - shishi_strerror (rc)); - return 1; |
|
+ shishi_tkt_done (tkt); |
|
} |
|
- - shishi_tkt_done (tkt); - } - - shishi_init_key (&skey, 1); |
|
+ } + + if (enckey == NULL) + { + snprintf (errbuf, errbuflen, + "telnet: Kerberos V5: could not get encryption key (%s)\r\n", + shishi_strerror (rc)); + return 1; + } + + shishi_init_key (&skey, 1); |
|
#endif |
|
- |
|
+ |
|
return 0; } |
| [Prev in Thread] | Current Thread | [Next in Thread] |