diff -r -c telnet/libtelnet/kerberos5.c telnet_new/libtelnet/kerberos5.c *** telnet/libtelnet/kerberos5.c 2003-09-18 17:53:59.000000000 +0100 --- telnet_new/libtelnet/kerberos5.c 2003-09-18 17:52:53.000000000 +0100 *************** *** 91,96 **** --- 91,103 ---- extern auth_debug_mode; extern int net; + /* define possible encryption types strongest first */ + krb5_enctype kenctype_list[] = { + ENCTYPE_ARCFOUR_HMAC, ENCTYPE_DES_CBC_CRC, ENCTYPE_DES_CBC_MD5 + }; + int max_enctypes=3; + krb5_enctype kenctype=0; + int krb5_use_addresses = 1; #ifdef FORWARD *************** *** 233,238 **** --- 240,246 ---- krb5_creds creds; /* telnet gets session key from here */ krb5_creds * new_creds = 0; int ap_opts, auth_flags; + int ik; #ifdef TLS char type_check[32]; #else /* TLS */ *************** *** 293,309 **** return(0); } ! creds.keyblock.enctype=ENCTYPE_DES_CBC_CRC; ! if ((r = krb5_get_credentials(telnet_context, 0, ! ccache, &creds, &new_creds))) { ! if (auth_debug_mode) { ! printf( ! "telnet: Kerberos V5: failure on credentials(%s)\r\n", ! error_message(r)); ! } ! krb5_free_cred_contents(telnet_context, &creds); ! return(0); ! } if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ap_opts = AP_OPTS_MUTUAL_REQUIRED; --- 301,325 ---- return(0); } ! for ( ik=0;ikway & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ap_opts = AP_OPTS_MUTUAL_REQUIRED; *************** *** 366,375 **** if (newkey) { /* keep the key in our private storage, but don't use it yet---see kerberos5_reply() below */ ! if ((newkey->enctype != ENCTYPE_DES_CBC_CRC) && ! (newkey-> enctype != ENCTYPE_DES_CBC_MD5)) { ! if ((new_creds->keyblock.enctype == ENCTYPE_DES_CBC_CRC) || ! (new_creds->keyblock.enctype == ENCTYPE_DES_CBC_MD5)) /* use the session key in credentials instead */ krb5_copy_keyblock(telnet_context,&new_creds->keyblock, &session_key); --- 382,389 ---- if (newkey) { /* keep the key in our private storage, but don't use it yet---see kerberos5_reply() below */ ! if (newkey-> enctype != kenctype) { ! if (new_creds->keyblock.enctype == kenctype ) /* use the session key in credentials instead */ krb5_copy_keyblock(telnet_context,&new_creds->keyblock, &session_key); *************** *** 642,649 **** } #ifdef ENCRYPTION ! skey.type = SK_DES; ! skey.length = 8; skey.data = session_key->contents; encrypt_session_key(&skey, 1); #endif --- 656,666 ---- } #ifdef ENCRYPTION ! skey.length = session_key->length; ! if (skey.length <= 8) ! skey.type = SK_DES; ! else ! skey.type = SK_GENERIC; skey.data = session_key->contents; encrypt_session_key(&skey, 1); #endif *************** *** 741,748 **** } #ifdef ENCRYPTION if (session_key) { ! skey.type = SK_DES; ! skey.length = 8; skey.data = session_key->contents; encrypt_session_key(&skey, 0); } --- 758,768 ---- } #ifdef ENCRYPTION if (session_key) { ! skey.length = session_key->length; ! if (skey.length <= 8) ! skey.type = SK_DES; ! else ! skey.type = SK_GENERIC; skey.data = session_key->contents; encrypt_session_key(&skey, 0); } *************** *** 778,785 **** krb5_free_ap_rep_enc_part(telnet_context, reply); #ifdef ENCRYPTION if (session_key) { ! skey.type = SK_DES; ! skey.length = 8; skey.data = session_key->contents; encrypt_session_key(&skey, 0); } --- 798,808 ---- krb5_free_ap_rep_enc_part(telnet_context, reply); #ifdef ENCRYPTION if (session_key) { ! skey.length = session_key->length; ! if (skey.length <= 8) ! skey.type = SK_DES; ! else ! skey.type = SK_GENERIC; skey.data = session_key->contents; encrypt_session_key(&skey, 0); } diff -r -c telnet/telnetd/Makefile.in telnet_new/telnetd/Makefile.in *** telnet/telnetd/Makefile.in 2003-09-18 17:53:59.000000000 +0100 --- telnet_new/telnetd/Makefile.in 2003-09-18 17:52:53.000000000 +0100 *************** *** 218,225 **** tlsutil.h fwdxutil.h ../libtelnet/misc.h \ ../libtelnet/misc-proto.h fwdxutil.o: fwdxutil.c ../config.h telnetd.h defs.h ../arpa/telnet.h \ ! ext.h tlsutil.h fwdxutil.h Xauth.h ../../libsrp/t_pwd.h \ ! ../../libsrp/cstr.h global.o: global.c ../config.h defs.h ../arpa/telnet.h ext.h parsedpy.o: parsedpy.c ../config.h Xauth.h slc.o: slc.c ../config.h telnetd.h defs.h ../arpa/telnet.h ext.h \ --- 218,226 ---- tlsutil.h fwdxutil.h ../libtelnet/misc.h \ ../libtelnet/misc-proto.h fwdxutil.o: fwdxutil.c ../config.h telnetd.h defs.h ../arpa/telnet.h \ ! ext.h tlsutil.h fwdxutil.h Xauth.h ! #MM ext.h tlsutil.h fwdxutil.h Xauth.h ../../libsrp/t_pwd.h \ ! #MM ../../libsrp/cstr.h global.o: global.c ../config.h defs.h ../arpa/telnet.h ext.h parsedpy.o: parsedpy.c ../config.h Xauth.h slc.o: slc.c ../config.h telnetd.h defs.h ../arpa/telnet.h ext.h \ *************** *** 231,239 **** ext.h tlsutil.h fwdxutil.h pathnames.h ../libtelnet/auth.h \ ../libtelnet/auth-proto.h telnetd.o: telnetd.c ../config.h telnetd.h defs.h ../arpa/telnet.h ext.h \ ! tlsutil.h fwdxutil.h pathnames.h ../../libsrp/srp.h \ ! ../../libsrp/cstr.h ../../libsrp/srp_aux.h ../libtelnet/auth.h \ ../libtelnet/auth-proto.h termstat.o: termstat.c ../config.h telnetd.h defs.h ../arpa/telnet.h \ ext.h tlsutil.h fwdxutil.h tlsutil.o: tlsutil.c ../config.h tls_dh.h fwdxutil.h --- 232,243 ---- ext.h tlsutil.h fwdxutil.h pathnames.h ../libtelnet/auth.h \ ../libtelnet/auth-proto.h telnetd.o: telnetd.c ../config.h telnetd.h defs.h ../arpa/telnet.h ext.h \ ! tlsutil.h fwdxutil.h pathnames.h \ ! ../libtelnet/auth.h \ ../libtelnet/auth-proto.h + #MM tlsutil.h fwdxutil.h pathnames.h ../../libsrp/srp.h \ + #MM ../../libsrp/cstr.h ../../libsrp/srp_aux.h ../libtelnet/auth.h \ + #MM ../libtelnet/auth-proto.h termstat.o: termstat.c ../config.h telnetd.h defs.h ../arpa/telnet.h \ ext.h tlsutil.h fwdxutil.h tlsutil.o: tlsutil.c ../config.h tls_dh.h fwdxutil.h