RT RT/krbdev.mit.edu: Ticket #841 telnetd should have a way to require encrypted sessions Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
841
Status
resolved
Worked
0 min
Priority
50/
Queue
krb5
 

 Keyword Selections  
Component
  • krb5-appl
Tags
  • enhancement
Version_reported
  • 1.1.1
Version_Fixed
  • 1.4
Target_Version
  • 1.4
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Fri Apr 14 12:38:01 2000
Starts: Not set
Started: Fri Nov 5 21:23:39 2004
Last Contact: Wed Nov 17 19:02:52 2004
Due: Not set
Updated: Wed Dec 16 18:02:38 2015 by tlyu
 

 People  
Owner
 tlyu
Requestors
 djm@web.us.uu.net
Cc
 
AdminCc
 
 

 More about djm@web.us.uu.net  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Mon Aug 19 14:18:30 2002  RT_System - Default: Import/ changed from to    
     
From djm@web.us.uu.net  Fri Apr 14 12:37:05 2000
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2])
	by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id MAA03242
	for <bugs@RT-11.MIT.EDU>; Fri, 14 Apr 2000 12:37:04 -0400 (EDT)
Received: from jenkins.web.us.uu.net by MIT.EDU with SMTP
	id AA06276; Fri, 14 Apr 00 12:37:00 EDT
Received: from dagger.web.us.uu.net by jenkins.web.us.uu.net with ESMTP
	(peer crosschecked as: dagger.web.us.uu.net [208.211.134.28])
	id MAA11601; Fri, 14 Apr 2000 12:37:03 -0400 (EDT)
Received: by dagger.web.us.uu.net
	id MAA28618; Fri, 14 Apr 2000 12:36:40 -0400
Message-Id: <MAA28618.200004141636@dagger.web.us.uu.net>
Date: Fri, 14 Apr 2000 12:36:40 -0400
From: djm@web.us.uu.net (David J. MacKenzie)
Reply-To: djm@web.us.uu.net
To: krb5-bugs@MIT.EDU
Cc: djm@web.us.uu.net
Subject: telnetd patch to require encryption
X-Send-Pr-Version: 3.99

>Number:         841
>Category:       krb5-appl
>Synopsis:       telnetd should have a way to require encrypted sessions
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    krb5-unassigned
>State:          open
>Class:          change-request
>Submitter-Id:   unknown
>Arrival-Date:   Fri Apr 14 12:38:01 EDT 2000
>Last-Modified:
>Originator:     David MacKenzie
>Organization:
UUNET Technologies
>Release:        krb5-1.1.1
>Environment:

System: Linux dagger.web.us.uu.net 2.2.14-15mdk #2 Sat Mar 11 19:32:26 EST 2000 i686
unknown
Architecture: i686

>Description:
	On our administrative hosts (KDC's, for example), we only
	want to allow encrypted (in both directions) logins.

>How-To-Repeat:
	telnet -a kerberos

>Fix:

This patch is from cross@eng.us.uu.net (Chris Ross).

--- /homes/elves/djm/src/krb5-1.1.1/src/appl/telnet/telnetd/state.c	Fri Dec 17
15:44:25 1999
+++ src/appl/telnet/telnetd/state.c	Tue Mar 28 03:09:54 2000
@@ -124,6 +124,21 @@
 				state = TS_IAC;
 				break;
 			}
+#ifdef	ENCRYPTION
+			/*
+			 * Check to make sure we have a connection
+			 * encrypted in both directions if we've been
+			 * told to require as much...
+			 */
+			{
+				extern int encrypt_required;
+				if (encrypt_required &&
+				    (!encrypt_output || !decrypt_input)) {
+					fatal(net, "Encryption required");
+					exit(1);
+				}
+			}
+#endif	/* ENCRYPTION */
 			/*
 			 * We now map \r\n ==> \r for pragmatic reasons.
 			 * Many client implementations send \r\n when
--- /homes/elves/djm/src/krb5-1.1.1/src/appl/telnet/telnetd/telnetd.c	Fri Dec 17
15:44:26 1999
+++ src/appl/telnet/telnetd/telnetd.c	Tue Mar 28 03:15:14 2000
@@ -144,6 +144,12 @@
 int always_ip = 0;
 int stripdomain = 1;

+#ifdef	ENCRYPTION
+/* Require encryption?  If this is on, any unencrypted connection */
+/* will be refused... */
+int encrypt_required = 0;
+#endif
+
 extern void usage P((void));

 /*
@@ -310,6 +316,9 @@
 				extern int encrypt_debug_mode;
 				encrypt_debug_mode = 1;
 				break;
+			} else if (strcmp(optarg, "require") == 0) {
+				encrypt_required = 1;
+				break;
 			}
 			usage();
 			/* NOTREACHED */
@@ -1493,6 +1502,13 @@
 #endif	/* defined(CRAY2) && defined(UNICOS5) */
 			}
 		}
+
+#ifdef	ENCRYPTION
+		if (encrypt_required && (!encrypt_output || !decrypt_input)) {
+			fatal(net, "Encryption required");
+			exit(1);
+		}
+#endif	/* ENCRYPTION */

 		while (pcc > 0) {
 			if ((&netobuf[BUFSIZ] - nfrontp) < 2)
>Audit-Trail:
>Unformatted:


Download (untitled) 3.3k
      Mon Aug 19 14:18:30 2002  RT_System - Tags enhancement added    
      Mon Aug 19 14:18:30 2002  RT_System - Component krb5-appl added    
      Mon Aug 19 14:18:30 2002  RT_System - Version_reported 1.1.1 added    
      Fri Jan  9 16:56:28 2004  hartmans - Subject changed from telnetd should have a way to require encrypted sessions to preauth    
      Fri Nov  5 21:23:39 2004  tlyu - Subject changed from telnetd should have a way to require encrypted sessions to telnetd should have a way to require encrypted sessions    
      Fri Nov  5 21:23:39 2004  tlyu - Status changed from new to open    
      Fri Nov  5 21:23:40 2004  tlyu - Target_Version 1.4 added    
      Mon Nov 15 16:25:46 2004  tlyu - Status changed from open to resolved    
      Mon Nov 15 16:25:47 2004  tlyu - Tags pullup added    
      Mon Nov 15 16:25:47 2004  tlyu - Given to tlyu    
      Mon Nov 15 16:25:48 2004  tlyu - Correspondence added    
     
From: tlyu@mit.edu
Subject: CVS Commit

Merge Athena changes for requiring encrypted connections.


To generate a diff of this commit:



	cvs diff -r5.100 -r5.101 krb5/src/appl/telnet/libtelnet/ChangeLog
	cvs diff -r5.8 -r5.9 krb5/src/appl/telnet/libtelnet/auth-proto.h
	cvs diff -r5.16 -r5.17 krb5/src/appl/telnet/libtelnet/auth.c
	cvs diff -r5.123 -r5.124 krb5/src/appl/telnet/telnetd/ChangeLog
	cvs diff -r5.12 -r5.13 krb5/src/appl/telnet/telnetd/ext.h
	cvs diff -r5.8 -r5.9 krb5/src/appl/telnet/telnetd/telnetd.8
	cvs diff -r5.44 -r5.45 krb5/src/appl/telnet/telnetd/telnetd.c
	cvs diff -r5.18 -r5.19 krb5/src/appl/telnet/telnetd/utility.c
	cvs diff -r1.12 -r1.13 krb5/src/tests/dejagnu/krb-root/ChangeLog
	cvs diff -r1.9 -r1.10 krb5/src/tests/dejagnu/krb-root/telnet.exp


Download (untitled) 736b
      Mon Nov 15 22:21:51 2004  tlyu - Version_Fixed 1.4 added    
      Wed Nov 17 16:10:06 2004  tlyu - Keyword 1.4 deleted    
      Wed Nov 17 19:02:49 2004  tlyu - Version_Fixed 1.4 added    
      Wed Nov 17 19:02:49 2004  tlyu - Correspondence added    
     
From: tlyu@mit.edu
Subject: CVS Commit

pullup from trunk


To generate a diff of this commit:



	cvs diff -r5.100 -r5.100.4.1
		krb5/src/appl/telnet/libtelnet/ChangeLog
	cvs diff -r5.8 -r5.8.10.1
		krb5/src/appl/telnet/libtelnet/auth-proto.h
	cvs diff -r5.16 -r5.16.10.1 krb5/src/appl/telnet/libtelnet/auth.c
	cvs diff -r5.123 -r5.123.4.1 krb5/src/appl/telnet/telnetd/ChangeLog
	cvs diff -r5.12 -r5.12.10.1 krb5/src/appl/telnet/telnetd/ext.h
	cvs diff -r5.8 -r5.8.10.1 krb5/src/appl/telnet/telnetd/telnetd.8
	cvs diff -r5.44 -r5.44.10.1 krb5/src/appl/telnet/telnetd/telnetd.c
	cvs diff -r5.18 -r5.18.10.1 krb5/src/appl/telnet/telnetd/utility.c
	cvs diff -r1.12 -r1.12.6.1
		krb5/src/tests/dejagnu/krb-root/ChangeLog
	cvs diff -r1.9 -r1.9.6.1 krb5/src/tests/dejagnu/krb-root/telnet.exp


Download (untitled) 747b
      Wed Dec 16 18:02:38 2015  tlyu - Keyword pullup deleted