Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 4061 From jhawk@MIT.EDU Sun Oct 6 17:58:33 1996 Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id RAA05433 for ; Sun, 6 Oct 1996 17:58:33 -0400 Received: from LOLA-GRANOLA.MIT.EDU by MIT.EDU with SMTP id AA08564; Sun, 6 Oct 96 17:58:32 EDT Received: (from jhawk@localhost) by lola-granola.MIT.EDU (8.6.12/8.6.12) id RAA24818; Sun, 6 Oct 1996 17:58:29 -0400 Message-Id: <199610062158.RAA24818@lola-granola.MIT.EDU> Date: Sun, 6 Oct 1996 17:58:29 -0400 From: John Hawkinson To: krb5-bugs@MIT.EDU Subject: telnetd AUTHENTICATION debugging doesn't know about ENCRYPTION >Number: 74 >Category: telnet >Synopsis: telnetd AUTHENTICATION debugging doesn't know about ENCRYPTION >Confidential: no >Severity: non-critical >Priority: low >Responsible: hartmans >State: closed >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Sun Oct e 17:59:01 EDT 1996 >Last-Modified: Mon Oct e 02:11:29 EDT 1996 >Originator: >Organization: BBN Planet >Release: beta-7 >Environment: System: SunOS all-purpo 4.1.4 4 sun4m Architecture: sun4 >Description: This telnetd includes support for encryption; part of this is the use of a 3rd bit in the AUTHENTICATION subnegotiation authentication-type-pair-list (see RFC1416). This 3rd bit is not defined in RFC1416, but is used by the telnet ENCRYPTION option. The telnetd debugging routines do not print out this bit when they set and send it, presumably because they were never modified from RFC1416. arpa/telnet.h has: /* * should we be encrypting? (not yet formally standardized) */ #define AUTH_ENCRYPT_OFF 0 #define AUTH_ENCRYPT_ON 4 #define AUTH_ENCRYPT_MASK 4 >How-To-Repeat: Compare the output displayed by the IOS telnet client: [TN: recv SB 37 1 ^B^F^B^B^B] To the output displayed by the telnetd with -B option: td: send suboption AUTHENTICATION SEND KERBEROS_V5 CLIENT|MUTUAL KERBEROS_V5 CLIENT|MUTUAL KERBEROS_V5 CLIENT|ONE-WAY Note that ^F is 0x6 which is 4+2, and 4 is AUTH_ENCRYPT_ON. >Fix: *** src/appl/telnet/telnetd/utility.c 1996/10/06 18:33:27 1.2 --- utility.c 1996/10/06 21:51:43 1.3 *************** *** 979,989 **** nfrontp += strlen(nfrontp); break; } ! sprintf(nfrontp, "%s|%s", ((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? "CLIENT" : "SERVER", ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? ! "MUTUAL" : "ONE-WAY"); nfrontp += strlen(nfrontp); auth_printsub(&pointer[1], length - 1, buf, sizeof(buf)); --- 979,991 ---- nfrontp += strlen(nfrontp); break; } ! sprintf(nfrontp, "%s|%s%s", ((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? "CLIENT" : "SERVER", ((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? ! "MUTUAL" : "ONE-WAY", ! ((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON) ? ! "|ENCRYPT" : ""); nfrontp += strlen(nfrontp); auth_printsub(&pointer[1], length - 1, buf, sizeof(buf)); *************** *** 1006,1016 **** nfrontp += strlen(nfrontp); break; } ! sprintf(nfrontp, "%s|%s ", ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? "CLIENT" : "SERVER", ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? ! "MUTUAL" : "ONE-WAY"); nfrontp += strlen(nfrontp); ++i; } --- 1008,1020 ---- nfrontp += strlen(nfrontp); break; } ! sprintf(nfrontp, "%s|%s%s ", ((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ? "CLIENT" : "SERVER", ((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ? ! "MUTUAL" : "ONE-WAY", ! ((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON) ? ! "|ENCRYPT" : ""); nfrontp += strlen(nfrontp); ++i; } >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: hartmans State-Changed-When: Mon Oct 14 02:09:45 EDT 1996 State-Changed-Why: Fixed by applying supplied patch >Unformatted: