summaryrefslogtreecommitdiffstats
path: root/src/appl
diff options
context:
space:
mode:
authorSam Hartman <hartmans@mit.edu>1995-10-10 03:11:08 +0000
committerSam Hartman <hartmans@mit.edu>1995-10-10 03:11:08 +0000
commit2c3df8f5da068eef7d515b6c3d38f767824a1cd5 (patch)
tree78f2fc1ad13059cc16347a779deb510f334f4887 /src/appl
parent995ef6259b3f58d88dbec6487df3baef74d1da74 (diff)
downloadkrb5-2c3df8f5da068eef7d515b6c3d38f767824a1cd5.tar.gz
krb5-2c3df8f5da068eef7d515b6c3d38f767824a1cd5.tar.xz
krb5-2c3df8f5da068eef7d515b6c3d38f767824a1cd5.zip
Fix handling of session key for Kerberos5. I don't think this should
fix the mutual authentication bug with beta 4, but this should help forwarding credentials and should also help if someone actually defines ENCRYPTION. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6954 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/appl')
-rw-r--r--src/appl/telnet/libtelnet/ChangeLog11
-rw-r--r--src/appl/telnet/libtelnet/kerberos5.c63
2 files changed, 44 insertions, 30 deletions
diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog
index 112652159..041bed8a2 100644
--- a/src/appl/telnet/libtelnet/ChangeLog
+++ b/src/appl/telnet/libtelnet/ChangeLog
@@ -1,3 +1,14 @@
+Mon Oct 9 23:03:48 1995 Sam Hartman <hartmans@tertius.mit.edu>
+
+ * kerberos5.c: make session_key a pointer, and use
+ krb5_copy_keyblock not krb5_copy_keyblock_contents; there was no
+ reason to violate this abstraction.
+
+Sun Sep 24 12:33:03 1995 Sam Hartman <hartmans@tertius.mit.edu>
+
+ * kerberos5.c: Initialize session key from the subsession key we get from krb5_mk_req_extended, using ticket key as a fallback.
+ (kerberos5_send): Use appropriate enctypes when encryption defined.
+
Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu)
* encrypt.h, kerberos5.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c
index dbc9c7f80..1488edf0c 100644
--- a/src/appl/telnet/libtelnet/kerberos5.c
+++ b/src/appl/telnet/libtelnet/kerberos5.c
@@ -31,7 +31,7 @@
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN I<F ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
@@ -124,7 +124,7 @@ static krb5_ticket * ticket = NULL;
#define Voidptr krb5_pointer
-krb5_keyblock session_key;
+krb5_keyblock *session_key = 0;
char * telnet_srvtab = NULL;
char * telnet_krb5_realm = NULL;
@@ -173,8 +173,6 @@ kerberos5_init(ap, server)
str_data[3] = TELQUAL_REPLY;
else
str_data[3] = TELQUAL_IS;
- memset(&session_key, 0, sizeof(session_key));
- session_key.magic = KV5M_KEYBLOCK;
if (telnet_context == 0)
krb5_init_context(&telnet_context);
krb5_init_ets(telnet_context);
@@ -275,25 +273,25 @@ kerberos5_send(ap)
#ifdef ENCRYPTION
krb5_auth_con_getlocalsubkey(telnet_context, auth_context, &newkey);
- if (session_key.contents)
- free(session_key.contents);
- /*
- * keep the key in our private storage, but don't use it yet
- * ---see kerberos5_reply() below
- */
- if (newkey) {
- if (new_creds->keyblock.enctype == ENCTYPE_DES)
- /* use the session key in credentials instead */
- krb5_copy_keyblock_contents(telnet_context,
- &new_creds->keyblock,
- &session_key);
- else
- /* XXX ? */;
- } else {
- krb5_copy_keyblock_contents(telnet_context, newkey, &session_key);
+ if (session_key) {
+krb5_free_keyblock(telnet_context, session_key);
+session_key = 0;
}
- if (newkey)
+
+ if (newkey) {
+ /* keep the key in our private storage, but don't use it
+ yet---see kerberos5_reply() below */
+ if ((newkey->enctype != ENCTYPE_DES_CBC_CRC) && (newkey-> enctype != ENCTYPE_DES_CBC_MD5)) {
+ if ((new_creds->keyblock.enctype == ENCTYPE_DES_CBC_CRC)||( new_creds->keyblock.enctype == ENCTYPE_DES_CBC_MD5))
+ /* use the session key in credentials instead */
+ krb5_copy_keyblock(telnet_context,&new_creds->keyblock, &session_key);
+ else
+ /* XXX ? */;
+ } else {
+ krb5_copy_keyblock(telnet_context, newkey, &session_key);
+ }
krb5_free_keyblock(telnet_context, newkey);
+ }
#endif /* ENCRYPTION */
krb5_free_cred_contents(telnet_context, &creds);
krb5_free_creds(telnet_context, new_creds);
@@ -403,15 +401,20 @@ kerberos5_is(ap, data, cnt)
krb5_auth_con_getremotesubkey(telnet_context, auth_context,
&newkey);
if (newkey) {
- if (session_key.contents)
- free(session_key.contents);
- krb5_copy_keyblock_contents(telnet_context, newkey,
+ if (session_key) {
+ krb5_free_keyblock(telnet_context, session_key);
+ session_key = 0;
+ }
+
+ krb5_copy_keyblock(telnet_context, newkey,
&session_key);
krb5_free_keyblock(telnet_context, newkey);
} else {
- if (session_key.contents)
- free(session_key.contents);
- krb5_copy_keyblock_contents(telnet_context,
+ if (session_key){
+ krb5_free_keyblock(telnet_context, session_key);
+session_key = 0;
+ }
+ krb5_copy_keyblock(telnet_context,
ticket->enc_part2->session,
&session_key);
}
@@ -419,7 +422,7 @@ kerberos5_is(ap, data, cnt)
#ifdef ENCRYPTION
skey.type = SK_DES;
skey.length = 8;
- skey.data = session_key.contents;
+ skey.data = session_key->contents;
encrypt_session_key(&skey, 1);
#endif
break;
@@ -512,10 +515,10 @@ kerberos5_reply(ap, data, cnt)
}
krb5_free_ap_rep_enc_part(telnet_context, reply);
#ifdef ENCRYPTION
- if (!session_key.contents) {
+ if (session_key) {
skey.type = SK_DES;
skey.length = 8;
- skey.data = session_key.contents;
+ skey.data = session_key->contents;
encrypt_session_key(&skey, 0);
}
#endif /* ENCRYPTION */
generated by cgit (git 2.34.1) at 2024-10-11 05:21:09 +0000