Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 3982 From nneul@umr.edu Wed Feb 26 14:20:36 2003 Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by krbdev.mit.edu (8.9.3) with ESMTP id OAA28207; Wed, 26 Feb 2003 14:20:36 -0500 (EST) From: nneul@umr.edu Received: from smtp.umr.edu (mrelay1.cc.umr.edu [131.151.1.120]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id OAA22301 for ; Wed, 26 Feb 2003 14:20:35 -0500 (EST) Received: from infinity.cc.umr.edu (root@infinity.cc.umr.edu [131.151.32.21]) via ESMTP by mrelay1.cc.umr.edu (8.12.1/) id h1QJKY9i020442; Wed, 26 Feb 2003 13:20:34 -0600 Received: (from nneul@localhost) by infinity.cc.umr.edu (8.12.1/8.12.0.Beta7) id h1QJKX3B005920; Wed, 26 Feb 2003 13:20:33 -0600 Date: Wed, 26 Feb 2003 13:20:33 -0600 Message-Id: <200302261920.h1QJKX3B005920@infinity.cc.umr.edu> To: krb5-bugs@mit.edu Subject: telnetd -a user still non-functional Reply-To: nneul@umr.edu X-send-pr-version: 3.99 >Submitter-Id: net >Originator: Nathan Neulinger >Organization: -- Nathan ------------------------------------------------------------ Nathan Neulinger EMail: nneul@umr.edu University of Missouri - Rolla Phone: (573) 341-4841 Computing Services Fax: (573) 341-4216 >Confidential: no >Synopsis: -a user flag still doesn't work on telnetd >Severity: serious >Priority: medium >Category: telnet >Class: sw-bug >Release: krb5-current-20030226 >Environment: System: Linux infinity.cc.umr.edu 2.4.20-pre7 #1 SMP Wed Sep 25 12:43:17 CDT 2002 i686 unknown Architecture: i686 >Description: Patch mentioned in krb5 faq still necessary. The -a user flag still does not work unless you add this. It just says authorization failed. >How-To-Repeat: Add -a user flag to telnetd, try telnetting to a user that doesn't let you in with .k5login. Should prompt for password. Instead, it is failing and terminating the session. >Fix: diff --exclude=copyright.texinfo --exclude=admin-guide.ps --exclude=CVS --exclude=ChangeLog --exclude=configure --exclude=autom4te.cache -ur krb5-current-orig/src/appl/telnet/libtelnet/kerberos5.c krb5-current/src/appl/telnet/libtelnet/kerberos5.c --- krb5-current-orig/src/appl/telnet/libtelnet/kerberos5.c 2002-11-16 02:00:16.000000000 -0600 +++ krb5-current/src/appl/telnet/libtelnet/kerberos5.c 2003-02-26 13:04:44.000000000 -0600 @@ -727,13 +735,20 @@ if (level < AUTH_USER) return(level); + /* + * Always copy in UserNameRequested if the authentication + * is valid, because the higher level routines need it. + * the name buffer comes from telnetd/telnetd{-ktd}.c + */ + if (UserNameRequested) { + strncpy(name, UserNameRequested, 255); + name[255] = '\0'; + } + if (UserNameRequested && krb5_kuserok(telnet_context, ticket->enc_part2->client, UserNameRequested)) { - /* the name buffer comes from telnetd/telnetd{-ktd}.c */ - strncpy(name, UserNameRequested, 255); - name[255] = '\0'; return(AUTH_VALID); } else return(AUTH_USER); diff --exclude=copyright.texinfo --exclude=admin-guide.ps --exclude=CVS --exclude=ChangeLog --exclude=configure --exclude=autom4te.cache -ur krb5-current-orig/src/appl/telnet/libtelnet/kerberos.c krb5-current/src/appl/telnet/libtelnet/kerberos.c --- krb5-current-orig/src/appl/telnet/libtelnet/kerberos.c 2002-12-13 02:00:17.000000000 -0600 +++ krb5-current/src/appl/telnet/libtelnet/kerberos.c 2003-02-26 13:05:41.000000000 -0600 @@ -612,10 +612,17 @@ if (level < AUTH_USER) return(level); - if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { + /* + * Always copy in UserNameRequested if the authentication + * is valid, because the higher level routines need it. + */ + if (UserNameRequested) { /* the name buffer comes from telnetd/telnetd{-ktd}.c */ strncpy(kname, UserNameRequested, 255); name[255] = '\0'; + } + + if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { return(AUTH_VALID); } else return(AUTH_USER);