svn rev #3301: trunk/telnet/libtelnet/

Sat May 22 00:05:07 EDT 2010

Commit By: ghudson
Log Message:
Stop using the obsolete krb5_verify_checksum() function in telnet.
Works around a krb5 1.8 bug where krb5_verify_checksum() always fails
due to not setting the enctype in the keyblock it constructs.  (This
used to work for unkeyed checksums.)



Changed Files:
U   trunk/telnet/libtelnet/kerberos5.c
Modified: trunk/telnet/libtelnet/kerberos5.c
===================================================================

--- trunk/telnet/libtelnet/kerberos5.c	2010-05-22 03:27:18 UTC (rev 3300)
+++ trunk/telnet/libtelnet/kerberos5.c	2010-05-22 04:05:07 UTC (rev 3301)
@@ -498,23 +498,28 @@
 		if (authenticator->checksum) {
 		    char type_check[2];
 		    krb5_checksum *cksum = authenticator->checksum;
-		    krb5_keyblock *key;
+		    krb5_key key;
+		    krb5_boolean valid;
+		    krb5_data d;
 
 		    type_check[0] = ap->type;
 		    type_check[1] = ap->way;
 
-		    r = krb5_auth_con_getkey(telnet_context, auth_context,
-					     &key);
+		    r = krb5_auth_con_getkey_k(telnet_context, auth_context,
+					       &key);
 		    if (r) {
 			(void) snprintf(errbuf, sizeof(errbuf),
 					"krb5_auth_con_getkey failed: %s",
 					error_message(r));
 			goto errout;
 		    }
-		    r = krb5_verify_checksum(telnet_context,
-					     cksum->checksum_type, cksum,
-					     &type_check, 2, key->contents,
-					     key->length);
+
+		    d.magic = KV5M_DATA;
+		    d.data = type_check;
+		    d.length = 2;
+		    r = krb5_k_verify_checksum(telnet_context, key, 
+					       cksum->checksum_type,
+					       &d, cksum, &valid);
 		/*
 		 * Note that krb5_verify_checksum() will fail if a pre-
 		 * MIT Kerberos Beta 5 client is attempting to connect
@@ -524,13 +529,12 @@
 		 * checksums (like in klogind). Such an option is not
 		 * present at this time.
 		 */
-		    if (r) {
+		    if (r != 0 || !valid) {
 			(void) snprintf(errbuf, sizeof(errbuf),
-					"checksum verification failed: %s",
-					error_message(r));
+					"checksum verification failed");
 			goto errout;
 		    }
-		    krb5_free_keyblock(telnet_context, key);
+		    krb5_k_free_key(telnet_context, key);
 		}
 		krb5_free_authenticator(telnet_context, authenticator);
 		if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {


