[krbdev.mit.edu #1362] -a user flag still doesn't work on telnetd
The RT System itself via RT
rt-comment at krbdev.mit.edu
Wed Feb 26 14:20:40 EST 2003
>From nneul at umr.edu Wed Feb 26 14:20:36 2003
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by krbdev.mit.edu (8.9.3) with ESMTP
id OAA28207; Wed, 26 Feb 2003 14:20:36 -0500 (EST)
From: nneul at umr.edu
Received: from smtp.umr.edu (mrelay1.cc.umr.edu [131.151.1.120])
by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id OAA22301
for <krb5-bugs at mit.edu>; Wed, 26 Feb 2003 14:20:35 -0500 (EST)
Received: from infinity.cc.umr.edu (root at infinity.cc.umr.edu [131.151.32.21]) via ESMTP by mrelay1.cc.umr.edu (8.12.1/) id h1QJKY9i020442; Wed, 26 Feb 2003 13:20:34 -0600
Received: (from nneul at localhost)
by infinity.cc.umr.edu (8.12.1/8.12.0.Beta7) id h1QJKX3B005920;
Wed, 26 Feb 2003 13:20:33 -0600
Date: Wed, 26 Feb 2003 13:20:33 -0600
Message-Id: <200302261920.h1QJKX3B005920 at infinity.cc.umr.edu>
To: krb5-bugs at mit.edu
Subject: telnetd -a user still non-functional
Reply-To: nneul at umr.edu
X-send-pr-version: 3.99
>Submitter-Id: net
>Originator: Nathan Neulinger
>Organization:
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul at umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
>Confidential: no
>Synopsis: -a user flag still doesn't work on telnetd
>Severity: serious
>Priority: medium
>Category: telnet
>Class: sw-bug
>Release: krb5-current-20030226
>Environment:
System: Linux infinity.cc.umr.edu 2.4.20-pre7 #1 SMP Wed Sep 25 12:43:17 CDT 2002 i686 unknown
Architecture: i686
>Description:
Patch mentioned in krb5 faq still necessary. The -a user flag still does not work unless you
add this. It just says authorization failed.
>How-To-Repeat:
Add -a user flag to telnetd, try telnetting to a user that doesn't let you in with .k5login.
Should prompt for password. Instead, it is failing and terminating the session.
>Fix:
diff --exclude=copyright.texinfo --exclude=admin-guide.ps --exclude=CVS --exclude=ChangeLog --exclude=configure --exclude=autom4te.cache -ur krb5-current-orig/src/appl/telnet/libtelnet/kerberos5.c krb5-current/src/appl/telnet/libtelnet/kerberos5.c
--- krb5-current-orig/src/appl/telnet/libtelnet/kerberos5.c 2002-11-16 02:00:16.000000000 -0600
+++ krb5-current/src/appl/telnet/libtelnet/kerberos5.c 2003-02-26 13:04:44.000000000 -0600
@@ -727,13 +735,20 @@
if (level < AUTH_USER)
return(level);
+ /*
+ * Always copy in UserNameRequested if the authentication
+ * is valid, because the higher level routines need it.
+ * the name buffer comes from telnetd/telnetd{-ktd}.c
+ */
+ if (UserNameRequested) {
+ strncpy(name, UserNameRequested, 255);
+ name[255] = '\0';
+ }
+
if (UserNameRequested &&
krb5_kuserok(telnet_context, ticket->enc_part2->client,
UserNameRequested))
{
- /* the name buffer comes from telnetd/telnetd{-ktd}.c */
- strncpy(name, UserNameRequested, 255);
- name[255] = '\0';
return(AUTH_VALID);
} else
return(AUTH_USER);
diff --exclude=copyright.texinfo --exclude=admin-guide.ps --exclude=CVS --exclude=ChangeLog --exclude=configure --exclude=autom4te.cache -ur krb5-current-orig/src/appl/telnet/libtelnet/kerberos.c krb5-current/src/appl/telnet/libtelnet/kerberos.c
--- krb5-current-orig/src/appl/telnet/libtelnet/kerberos.c 2002-12-13 02:00:17.000000000 -0600
+++ krb5-current/src/appl/telnet/libtelnet/kerberos.c 2003-02-26 13:05:41.000000000 -0600
@@ -612,10 +612,17 @@
if (level < AUTH_USER)
return(level);
- if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
+ /*
+ * Always copy in UserNameRequested if the authentication
+ * is valid, because the higher level routines need it.
+ */
+ if (UserNameRequested) {
/* the name buffer comes from telnetd/telnetd{-ktd}.c */
strncpy(kname, UserNameRequested, 255);
name[255] = '\0';
+ }
+
+ if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
return(AUTH_VALID);
} else
return(AUTH_USER);
More information about the krb5-bugs
mailing list