Ticket History #841: telnetd should have a way to require encrypted sessions

# Mon Aug 19 14:18:30 2002 The RT System itself - Default: Import/ changed from (no value) to (no value)

Download (untitled) / with headers
text/plain 3.3KiB

From djm@web.us.uu.net Fri Apr 14 12:37:05 2000
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2])
by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id MAA03242
for <bugs@RT-11.MIT.EDU>; Fri, 14 Apr 2000 12:37:04 -0400 (EDT)
Received: from jenkins.web.us.uu.net by MIT.EDU with SMTP
id AA06276; Fri, 14 Apr 00 12:37:00 EDT
Received: from dagger.web.us.uu.net by jenkins.web.us.uu.net with ESMTP
(peer crosschecked as: dagger.web.us.uu.net [208.211.134.28])
id MAA11601; Fri, 14 Apr 2000 12:37:03 -0400 (EDT)
Received: by dagger.web.us.uu.net
id MAA28618; Fri, 14 Apr 2000 12:36:40 -0400
Message-Id: <MAA28618.200004141636@dagger.web.us.uu.net>
Date: Fri, 14 Apr 2000 12:36:40 -0400
From: djm@web.us.uu.net (David J. MacKenzie)
Reply-To: djm@web.us.uu.net
To: krb5-bugs@MIT.EDU
Cc: djm@web.us.uu.net
Subject: telnetd patch to require encryption
X-Send-Pr-Version: 3.99

Show quoted text

>Number: 841
>Category: krb5-appl
>Synopsis: telnetd should have a way to require encrypted sessions
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Fri Apr 14 12:38:01 EDT 2000
>Last-Modified:
>Originator: David MacKenzie
>Organization:

UUNET Technologies

Show quoted text

>Release: krb5-1.1.1
>Environment:

System: Linux dagger.web.us.uu.net 2.2.14-15mdk #2 Sat Mar 11 19:32:26 EST 2000 i686 unknown
Architecture: i686

Show quoted text

>Description:

On our administrative hosts (KDC's, for example), we only
want to allow encrypted (in both directions) logins.

Show quoted text

>How-To-Repeat:

telnet -a kerberos

Show quoted text

>Fix:

This patch is from cross@eng.us.uu.net (Chris Ross).

--- /homes/elves/djm/src/krb5-1.1.1/src/appl/telnet/telnetd/state.c Fri Dec 17 15:44:25 1999
+++ src/appl/telnet/telnetd/state.c Tue Mar 28 03:09:54 2000
@@ -124,6 +124,21 @@
state = TS_IAC;
break;
}
+#ifdef ENCRYPTION
+ /*
+ * Check to make sure we have a connection
+ * encrypted in both directions if we've been
+ * told to require as much...
+ */
+ {
+ extern int encrypt_required;
+ if (encrypt_required &&
+ (!encrypt_output || !decrypt_input)) {
+ fatal(net, "Encryption required");
+ exit(1);
+ }
+ }
+#endif /* ENCRYPTION */
/*
* We now map \r\n ==> \r for pragmatic reasons.
* Many client implementations send \r\n when
--- /homes/elves/djm/src/krb5-1.1.1/src/appl/telnet/telnetd/telnetd.c Fri Dec 17 15:44:26 1999
+++ src/appl/telnet/telnetd/telnetd.c Tue Mar 28 03:15:14 2000
@@ -144,6 +144,12 @@
int always_ip = 0;
int stripdomain = 1;

+#ifdef ENCRYPTION
+/* Require encryption? If this is on, any unencrypted connection */
+/* will be refused... */
+int encrypt_required = 0;
+#endif
+
extern void usage P((void));

/*
@@ -310,6 +316,9 @@
extern int encrypt_debug_mode;
encrypt_debug_mode = 1;
break;
+ } else if (strcmp(optarg, "require") == 0) {
+ encrypt_required = 1;
+ break;
}
usage();
/* NOTREACHED */
@@ -1493,6 +1502,13 @@
#endif /* defined(CRAY2) && defined(UNICOS5) */
}
}
+
+#ifdef ENCRYPTION
+ if (encrypt_required && (!encrypt_output || !decrypt_input)) {
+ fatal(net, "Encryption required");
+ exit(1);
+ }
+#endif /* ENCRYPTION */

while (pcc > 0) {
if ((&netobuf[BUFSIZ] - nfrontp) < 2)

Show quoted text

>Audit-Trail:
>Unformatted:

# Mon Aug 19 14:18:30 2002 The RT System itself - Tags enhancement added

# Mon Aug 19 14:18:30 2002 The RT System itself - Component krb5-appl added

# Mon Aug 19 14:18:30 2002 The RT System itself - Version_reported 1.1.1 added

# Fri Jan 09 16:56:28 2004 hartmans (Sam Hartman) - Subject changed from 'telnetd should have a way to require encrypted sessions ' to 'preauth'

# Fri Nov 05 21:23:39 2004 tlyu (Taylor Yu) - Subject changed from 'telnetd should have a way to require encrypted sessions ' to 'telnetd should have a way to require encrypted sessions'

# Fri Nov 05 21:23:39 2004 tlyu (Taylor Yu) - Status changed from 'new' to 'open'

# Fri Nov 05 21:23:40 2004 tlyu (Taylor Yu) - Target_Version 1.4 added

# Mon Nov 15 16:25:46 2004 tlyu (Taylor Yu) - Status changed from 'open' to 'resolved'

# Mon Nov 15 16:25:47 2004 tlyu (Taylor Yu) - Tags pullup added

# Mon Nov 15 16:25:47 2004 tlyu (Taylor Yu) - Given to tlyu (Taylor Yu)

# Mon Nov 15 16:25:48 2004 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	CVS Commit

Download (untitled) / with headers
text/plain 736B

Merge Athena changes for requiring encrypted connections.

To generate a diff of this commit:

cvs diff -r5.100 -r5.101 krb5/src/appl/telnet/libtelnet/ChangeLog
cvs diff -r5.8 -r5.9 krb5/src/appl/telnet/libtelnet/auth-proto.h
cvs diff -r5.16 -r5.17 krb5/src/appl/telnet/libtelnet/auth.c
cvs diff -r5.123 -r5.124 krb5/src/appl/telnet/telnetd/ChangeLog
cvs diff -r5.12 -r5.13 krb5/src/appl/telnet/telnetd/ext.h
cvs diff -r5.8 -r5.9 krb5/src/appl/telnet/telnetd/telnetd.8
cvs diff -r5.44 -r5.45 krb5/src/appl/telnet/telnetd/telnetd.c
cvs diff -r5.18 -r5.19 krb5/src/appl/telnet/telnetd/utility.c
cvs diff -r1.12 -r1.13 krb5/src/tests/dejagnu/krb-root/ChangeLog
cvs diff -r1.9 -r1.10 krb5/src/tests/dejagnu/krb-root/telnet.exp

# Mon Nov 15 22:21:51 2004 tlyu (Taylor Yu) - Version_Fixed 1.4 added

# Wed Nov 17 16:10:06 2004 tlyu (Taylor Yu) - CustomField 1.4 deleted

# Wed Nov 17 19:02:49 2004 tlyu (Taylor Yu) - Version_Fixed 1.4 added

# Wed Nov 17 19:02:49 2004 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	CVS Commit

Download (untitled) / with headers
text/plain 747B

pullup from trunk

To generate a diff of this commit:

cvs diff -r5.100 -r5.100.4.1
krb5/src/appl/telnet/libtelnet/ChangeLog
cvs diff -r5.8 -r5.8.10.1
krb5/src/appl/telnet/libtelnet/auth-proto.h
cvs diff -r5.16 -r5.16.10.1 krb5/src/appl/telnet/libtelnet/auth.c
cvs diff -r5.123 -r5.123.4.1 krb5/src/appl/telnet/telnetd/ChangeLog
cvs diff -r5.12 -r5.12.10.1 krb5/src/appl/telnet/telnetd/ext.h
cvs diff -r5.8 -r5.8.10.1 krb5/src/appl/telnet/telnetd/telnetd.8
cvs diff -r5.44 -r5.44.10.1 krb5/src/appl/telnet/telnetd/telnetd.c
cvs diff -r5.18 -r5.18.10.1 krb5/src/appl/telnet/telnetd/utility.c
cvs diff -r1.12 -r1.12.6.1
krb5/src/tests/dejagnu/krb-root/ChangeLog
cvs diff -r1.9 -r1.9.6.1 krb5/src/tests/dejagnu/krb-root/telnet.exp

# Wed Dec 16 18:02:38 2015 tlyu (Taylor Yu) - CustomField pullup deleted