Fix handling of session key for Kerberos5. I don't think this should

fix the mutual authentication bug with beta 4, but this should help
forwarding credentials and should also help if someone actually
defines ENCRYPTION.


If user defines ENCRYPTION, telnetd has the nasty behavior of
encrypting one side of the conversation, without telling the user; in
particular, only server output is encrypted.  Fixed by sending a do
encrypt if encryption defined; fix taken from Athena telnetd.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6955 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 10 insertions, 0 deletions

diff --git a/src/appl/telnet/telnetd/ChangeLog b/src/appl/telnet/telnetd/ChangeLog
index 727cfa1be..da63e0e12 100644
--- a/src/appl/telnet/telnetd/ChangeLog
+++ b/src/appl/telnet/telnetd/ChangeLog
@@ -1,3 +1,8 @@
+Mon Oct  9 23:01:36 1995  Sam Hartman  <hartmans@tertius.mit.edu>
+
+	* telnetd.c (getterminaltype): If ENCRYPTION defined, send do
+        encryption, *not* just will encrypt. if you don't do this, then you won't encrypt the input to the server; your password prompt is encrypted, but your password isn't.
+
 Tue Aug  8 11:26:54 1995  Sam Hartman  <hartmans@pao.mit.edu>
 
 	* sys_term.c: Fail if the slave side dies.
diff --git a/src/appl/telnet/telnetd/authenc.c b/src/appl/telnet/telnetd/authenc.c
index 3aec7f9d2..573669894 100644
--- a/src/appl/telnet/telnetd/authenc.c
+++ b/src/appl/telnet/telnetd/authenc.c
@@ -87,3 +87,7 @@ telnet_gets(prompt, result, length, echo)
 	return((char *)0);
 }
 #endif	/* defined(AUTHENTICATION) || defined(ENCRYPTION) */
+
+
+
+
diff --git a/src/appl/telnet/telnetd/telnetd.c b/src/appl/telnet/telnetd/telnetd.c
index 9fc2bd8a4..b91343ebf 100644
--- a/src/appl/telnet/telnetd/telnetd.c
+++ b/src/appl/telnet/telnetd/telnetd.c
@@ -650,6 +650,7 @@ getterminaltype(name)
 
 #ifdef	ENCRYPTION
     send_will(TELOPT_ENCRYPT, 1);
+    send_do(TELOPT_ENCRYPT, 1);
 #endif	/* ENCRYPTION */
     send_do(TELOPT_TTYPE, 1);
     send_do(TELOPT_TSPEED, 1);