diff options
| author | Richard Basch <probe@mit.edu> | 1996-04-28 14:24:08 +0000 |
|---|---|---|
| committer | Richard Basch <probe@mit.edu> | 1996-04-28 14:24:08 +0000 |
| commit | 1ca31e14815913c8cd458646f567fde10a7ec6e0 (patch) | |
| tree | 66f941acf353f554d7ad3ddfd5f6af0c39cb8edd /src | |
| parent | 2270e15f60ea19ff6ed41de62ae5fab0f2bc8482 (diff) | |
| download | krb5-1ca31e14815913c8cd458646f567fde10a7ec6e0.tar.gz krb5-1ca31e14815913c8cd458646f567fde10a7ec6e0.tar.xz krb5-1ca31e14815913c8cd458646f567fde10a7ec6e0.zip | |
The rd_req has to allow any local service principal, as the host may have
multiple names and multiple "host" keys.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7861 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src')
| -rw-r--r-- | src/appl/telnet/libtelnet/ChangeLog | 5 | ||||
| -rw-r--r-- | src/appl/telnet/libtelnet/kerberos5.c | 46 |
2 files changed, 30 insertions, 21 deletions
diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog index 63835ba61..88d8e9a0d 100644 --- a/src/appl/telnet/libtelnet/ChangeLog +++ b/src/appl/telnet/libtelnet/ChangeLog @@ -1,3 +1,8 @@ +Sat Apr 27 16:09:54 1996 Richard Basch <basch@lehman.com> + + * kerberos5.c: a host may have multiple names and multiple keys, + so do not try to resolve the "server" principal before the rd_req + Fri Apr 12 23:36:01 1996 Richard Basch <basch@lehman.com> * forward.c (rd_and_store_for_creds): Consistency with the diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c index 63f54cd3b..db9e5c0a3 100644 --- a/src/appl/telnet/libtelnet/kerberos5.c +++ b/src/appl/telnet/libtelnet/kerberos5.c @@ -112,7 +112,7 @@ static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0, #define KRB_FORWARD_REJECT 6 /* Forwarded credentials rejected */ #endif /* FORWARD */ -krb5_auth_context auth_context; +krb5_auth_context auth_context = 0; static krb5_data auth; /* telnetd gets session key from here */ @@ -364,9 +364,10 @@ kerberos5_is(ap, data, cnt) unsigned char *data; int cnt; { - int r; + int r = 0; krb5_principal server; krb5_keyblock *newkey = NULL; + krb5_keytab keytabid = 0; krb5_data outbuf; #ifdef ENCRYPTION Session_Key skey; @@ -384,30 +385,34 @@ kerberos5_is(ap, data, cnt) auth.data = (char *)data; auth.length = cnt; - r = krb5_sname_to_principal(telnet_context, 0, "host", - KRB5_NT_SRV_HST, - &server); - + if (!r && !auth_context) + r = krb5_auth_con_init(telnet_context, &auth_context); if (!r) { krb5_rcache rcache; - krb5_keytab keytabid = NULL; - - r = krb5_get_server_rcache(telnet_context, + + r = krb5_auth_con_getrcache(telnet_context, auth_context, + &rcache); + if (!r && !rcache) { + r = krb5_sname_to_principal(telnet_context, 0, "host", + KRB5_NT_SRV_HST, &server); + if (!r) { + r = krb5_get_server_rcache(telnet_context, krb5_princ_component(telnet_context, server, 0), - &rcache); - - if (!r) - if (telnet_srvtab) - r = krb5_kt_resolve(telnet_context, - telnet_srvtab, &keytabid); + &rcache); + krb5_free_principal(telnet_context, server); + } + } if (!r) - r = krb5_rd_req(telnet_context, &auth_context, &auth, - server, keytabid, NULL, &ticket); - if (rcache) - krb5_rc_close(telnet_context, rcache); - krb5_free_principal(telnet_context, server); + r = krb5_auth_con_setrcache(telnet_context, + auth_context, rcache); } + if (!r && telnet_srvtab) + r = krb5_kt_resolve(telnet_context, + telnet_srvtab, &keytabid); + if (!r) + r = krb5_rd_req(telnet_context, &auth_context, &auth, + NULL, keytabid, NULL, &ticket); if (r) { (void) strcpy(errbuf, "krb5_rd_req failed: "); (void) strcat(errbuf, error_message(r)); @@ -762,7 +767,6 @@ kerberos5_forward(ap) error_message(r)); goto cleanup; } - if ((r = krb5_auth_con_genaddrs(telnet_context, auth_context, net, KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR))) { |