* kerberos5.c Use new calling convention for krb5_mk_req_extended()

author Chris Provenzano <proven@mit.edu>

Fri, 10 Mar 1995 17:32:44 +0000 (17:32 +0000)

committer Chris Provenzano <proven@mit.edu>

Fri, 10 Mar 1995 17:32:44 +0000 (17:32 +0000)
author Chris Provenzano <proven@mit.edu>
Fri, 10 Mar 1995 17:32:44 +0000 (17:32 +0000)
committer Chris Provenzano <proven@mit.edu>
Fri, 10 Mar 1995 17:32:44 +0000 (17:32 +0000)
diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog

index 8c89cf7c917c915d1346a279dd2e974551ba3409..707b4fa1577ae03affecc7aefd8ad5fb0eb9d665 100644 (file)
--- a/src/appl/telnet/libtelnet/ChangeLog
+++ b/src/appl/telnet/libtelnet/ChangeLog
@@ -1,3 +1,7 @@
+Fri Mar 10 11:09:34 1995  Chris Provenzano (proven@mit.edu)
+
+        * kerberos5.c Use new calling convention for krb5_mk_req_extended().
+
  Tue Mar  7 19:52:00 1995  Mark Eichin  <eichin@cygnus.com>
  
         * configure.in: take out ISODE_DEFS, ISODE_INCLUDE.
diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c

index 19689cce13f4a9bc05e6e04a2a77001df6cc1cca..d0ac7875df439a8b11b21407ebd051d1e3820ed9 100644 (file)
--- a/src/appl/telnet/libtelnet/kerberos5.c
+++ b/src/appl/telnet/libtelnet/kerberos5.c
@@ -103,11 +103,12 @@ static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
  #define KRB_FORWARD_REJECT             6       /* Forwarded credentials rejected */
  #endif /* FORWARD */
  
+krb5_auth_context * auth_context;
+
  static krb5_data auth;
         /* telnetd gets session key from here */
  static krb5_tkt_authent *authdat = NULL;
  /* telnet matches the AP_REQ and AP_REP with this */
-static krb5_authenticator authenticator;
  
  /* some compilers can't hack void *, so we use the Kerberos krb5_pointer,
     which is either void * or char *, depending on the compiler. */
@@ -229,36 +230,33 @@ kerberos5_send(ap)
             ap_opts = AP_OPTS_MUTUAL_REQUIRED;
         else
             ap_opts = 0;
-           
-       r = krb5_mk_req_extended(telnet_context, ap_opts,
-                                (krb5_checksum *) NULL, 0,
-#ifdef ENCRYPTION
-                                &newkey,
-#else  /* ENCRYPTION */
-                                0,
+
+#ifdef ENCRYPTION
+       ap_opts |= AP_OPTS_USE_SUBKEY;
  #endif /* ENCRYPTION */
-                                &creds, &authenticator, &auth);
-       /* don't let the key get freed if we clean up the authenticator */
-       authenticator.subkey = 0;
+           
+       r = krb5_mk_req_extended(telnet_context, &auth_context, ap_opts,
+                                NULL, new_creds, &auth);
  
  #ifdef ENCRYPTION
-       if (newkey) {
-           if (session_key.contents)
-               free(session_key.contents);
-           /* keep the key in our private storage, but don't use it
-              yet---see kerberos5_reply() below */
-           if (newkey->keytype != KEYTYPE_DES) {
-               if (new_creds->keyblock.keytype == KEYTYPE_DES)
-                   /* use the session key in credentials instead */
-                   krb5_copy_keyblock_contents(telnet_context, new_creds,
-                                               &session_key);
-               else
-                   /* XXX ? */;
-           } else {
-               krb5_copy_keyblock_contents(telnet_context,newkey,&session_key);
-           }
-           krb5_free_keyblock(telnet_context, newkey);
+       krb5_auth_con_getlocalsubkey(telnet_context, auth_context, newkey);
+       if (session_key.contents)
+           free(session_key.contents);
+       /*
+        * keep the key in our private storage, but don't use it yet
+        * ---see kerberos5_reply() below 
+        * /
+       if (newkey->keytype != KEYTYPE_DES) {
+           if (new_creds->keyblock.keytype == KEYTYPE_DES)
+               /* use the session key in credentials instead */
+               krb5_copy_keyblock_contents(telnet_context, new_creds, 
+                                           &session_key);
+           else
+               /* XXX ? */;
+       } else {
+           krb5_copy_keyblock_contents(telnet_context, newkey, &session_key);
         }
+       krb5_free_keyblock(telnet_context, newkey);
  #endif /* ENCRYPTION */
         krb5_free_cred_contents(telnet_context, &creds);
         krb5_free_creds(telnet_context, new_creds);
@@ -472,19 +470,13 @@ kerberos5_reply(ap, data, cnt)
                         return;
                     }
                         
-                   if (r = krb5_rd_rep(telnet_context, &inbuf, &session_key, 
+                   if (r = krb5_rd_rep(telnet_context, auth_context, &inbuf,
                                         &reply)) {
                         printf("[ Mutual authentication failed: %s ]\n",
                                error_message(r));
                         auth_send_retry();
                         return;
                     }
-                   if (reply->ctime != authenticator.ctime ||
-                       reply->cusec != authenticator.cusec) {
-                       printf("[ Mutual authentication failed (mismatched KRB_AP_REP) ]\n");
-                       auth_send_retry();
-                       return;
-                   }
                     krb5_free_ap_rep_enc_part(telnet_context, reply);
  #ifdef ENCRYPTION
                         skey.type = SK_DES;
author	Chris Provenzano <proven@mit.edu>
	Fri, 10 Mar 1995 17:32:44 +0000 (17:32 +0000)
committer	Chris Provenzano <proven@mit.edu>
	Fri, 10 Mar 1995 17:32:44 +0000 (17:32 +0000)
src/appl/telnet/libtelnet/ChangeLog		patch \| blob \| history
src/appl/telnet/libtelnet/kerberos5.c		patch \| blob \| history