From jhawk@MIT.EDU Sun Oct 6 17:58:33 1996
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id RAA05433 for <bugs@RT-11.MIT.EDU>; Sun, 6 Oct 1996 17:58:33 -0400
Received: from LOLA-GRANOLA.MIT.EDU by MIT.EDU with SMTP
id AA08564; Sun, 6 Oct 96 17:58:32 EDT
Received: (from jhawk@localhost) by lola-granola.MIT.EDU (8.6.12/8.6.12) id RAA24818; Sun, 6 Oct 1996 17:58:29 -0400
Message-Id: <199610062158.RAA24818@lola-granola.MIT.EDU>
Date: Sun, 6 Oct 1996 17:58:29 -0400
From: John Hawkinson <jhawk@bbnplanet.com>
To: krb5-bugs@MIT.EDU
Subject: telnetd AUTHENTICATION debugging doesn't know about ENCRYPTION
Architecture: sun4
This telnetd includes support for encryption; part of this is the use
of a 3rd bit in the AUTHENTICATION subnegotiation
authentication-type-pair-list (see RFC1416). This 3rd bit is not
defined in RFC1416, but is used by the telnet ENCRYPTION option.
The telnetd debugging routines do not print out this bit when they
set and send it, presumably because they were never modified from
RFC1416.
arpa/telnet.h has:
/*
* should we be encrypting? (not yet formally standardized)
*/
#define AUTH_ENCRYPT_OFF 0
#define AUTH_ENCRYPT_ON 4
#define AUTH_ENCRYPT_MASK 4
Compare the output displayed by the IOS telnet client:
[TN: recv SB 37 1 ^B^F^B^B^B]
To the output displayed by the telnetd with -B option:
td: send suboption AUTHENTICATION SEND KERBEROS_V5 CLIENT|MUTUAL KERBEROS_V5 CLIENT|MUTUAL KERBEROS_V5 CLIENT|ONE-WAY
Note that ^F is 0x6 which is 4+2, and 4 is AUTH_ENCRYPT_ON.
*** src/appl/telnet/telnetd/utility.c 1996/10/06 18:33:27 1.2
--- utility.c 1996/10/06 21:51:43 1.3
***************
*** 979,989 ****
nfrontp += strlen(nfrontp);
break;
}
! sprintf(nfrontp, "%s|%s",
((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
"CLIENT" : "SERVER",
((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
! "MUTUAL" : "ONE-WAY");
nfrontp += strlen(nfrontp);
auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
--- 979,991 ----
nfrontp += strlen(nfrontp);
break;
}
! sprintf(nfrontp, "%s|%s%s",
((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
"CLIENT" : "SERVER",
((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
! "MUTUAL" : "ONE-WAY",
! ((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON) ?
! "|ENCRYPT" : "");
nfrontp += strlen(nfrontp);
auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
***************
*** 1006,1016 ****
nfrontp += strlen(nfrontp);
break;
}
! sprintf(nfrontp, "%s|%s ",
((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
"CLIENT" : "SERVER",
((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
! "MUTUAL" : "ONE-WAY");
nfrontp += strlen(nfrontp);
++i;
}
--- 1008,1020 ----
nfrontp += strlen(nfrontp);
break;
}
! sprintf(nfrontp, "%s|%s%s ",
((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
"CLIENT" : "SERVER",
((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
! "MUTUAL" : "ONE-WAY",
! ((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON) ?
! "|ENCRYPT" : "");
nfrontp += strlen(nfrontp);
++i;
}
State-Changed-By: hartmans
State-Changed-When: Mon Oct 14 02:09:45 EDT 1996
State-Changed-Why:
Fixed by applying supplied patch
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id RAA05433 for <bugs@RT-11.MIT.EDU>; Sun, 6 Oct 1996 17:58:33 -0400
Received: from LOLA-GRANOLA.MIT.EDU by MIT.EDU with SMTP
id AA08564; Sun, 6 Oct 96 17:58:32 EDT
Received: (from jhawk@localhost) by lola-granola.MIT.EDU (8.6.12/8.6.12) id RAA24818; Sun, 6 Oct 1996 17:58:29 -0400
Message-Id: <199610062158.RAA24818@lola-granola.MIT.EDU>
Date: Sun, 6 Oct 1996 17:58:29 -0400
From: John Hawkinson <jhawk@bbnplanet.com>
To: krb5-bugs@MIT.EDU
Subject: telnetd AUTHENTICATION debugging doesn't know about ENCRYPTION
Show quoted text
>Number: 74
>Category: telnet
>Synopsis: telnetd AUTHENTICATION debugging doesn't know about ENCRYPTION
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: hartmans
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sun Oct e 17:59:01 EDT 1996
>Last-Modified: Mon Oct e 02:11:29 EDT 1996
>Originator:
>Organization:
BBN Planet>Category: telnet
>Synopsis: telnetd AUTHENTICATION debugging doesn't know about ENCRYPTION
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: hartmans
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sun Oct e 17:59:01 EDT 1996
>Last-Modified: Mon Oct e 02:11:29 EDT 1996
>Originator:
>Organization:
Show quoted text
>Release: beta-7
>Environment:
System: SunOS all-purpo 4.1.4 4 sun4m>Environment:
Architecture: sun4
Show quoted text
>Description:
This telnetd includes support for encryption; part of this is the use
of a 3rd bit in the AUTHENTICATION subnegotiation
authentication-type-pair-list (see RFC1416). This 3rd bit is not
defined in RFC1416, but is used by the telnet ENCRYPTION option.
The telnetd debugging routines do not print out this bit when they
set and send it, presumably because they were never modified from
RFC1416.
arpa/telnet.h has:
/*
* should we be encrypting? (not yet formally standardized)
*/
#define AUTH_ENCRYPT_OFF 0
#define AUTH_ENCRYPT_ON 4
#define AUTH_ENCRYPT_MASK 4
Show quoted text
>How-To-Repeat:
Compare the output displayed by the IOS telnet client:
[TN: recv SB 37 1 ^B^F^B^B^B]
To the output displayed by the telnetd with -B option:
td: send suboption AUTHENTICATION SEND KERBEROS_V5 CLIENT|MUTUAL KERBEROS_V5 CLIENT|MUTUAL KERBEROS_V5 CLIENT|ONE-WAY
Note that ^F is 0x6 which is 4+2, and 4 is AUTH_ENCRYPT_ON.
Show quoted text
>Fix:
*** src/appl/telnet/telnetd/utility.c 1996/10/06 18:33:27 1.2
--- utility.c 1996/10/06 21:51:43 1.3
***************
*** 979,989 ****
nfrontp += strlen(nfrontp);
break;
}
! sprintf(nfrontp, "%s|%s",
((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
"CLIENT" : "SERVER",
((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
! "MUTUAL" : "ONE-WAY");
nfrontp += strlen(nfrontp);
auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
--- 979,991 ----
nfrontp += strlen(nfrontp);
break;
}
! sprintf(nfrontp, "%s|%s%s",
((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
"CLIENT" : "SERVER",
((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
! "MUTUAL" : "ONE-WAY",
! ((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON) ?
! "|ENCRYPT" : "");
nfrontp += strlen(nfrontp);
auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
***************
*** 1006,1016 ****
nfrontp += strlen(nfrontp);
break;
}
! sprintf(nfrontp, "%s|%s ",
((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
"CLIENT" : "SERVER",
((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
! "MUTUAL" : "ONE-WAY");
nfrontp += strlen(nfrontp);
++i;
}
--- 1008,1020 ----
nfrontp += strlen(nfrontp);
break;
}
! sprintf(nfrontp, "%s|%s%s ",
((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
"CLIENT" : "SERVER",
((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
! "MUTUAL" : "ONE-WAY",
! ((pointer[3] & AUTH_ENCRYPT_MASK) == AUTH_ENCRYPT_ON) ?
! "|ENCRYPT" : "");
nfrontp += strlen(nfrontp);
++i;
}
Show quoted text
>Audit-Trail:
State-Changed-From-To: open-closed State-Changed-By: hartmans
State-Changed-When: Mon Oct 14 02:09:45 EDT 1996
State-Changed-Why:
Fixed by applying supplied patch
Show quoted text
>Unformatted: