From: Sam Hartman Date: Tue, 10 Oct 1995 03:13:48 +0000 (+0000) Subject: Fix handling of session key for Kerberos5. I don't think this should X-Git-Tag: krb5-1.0-beta6~913 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=440213c56399401a0274b942cb66c92ce76e098f;p=krb5.git Fix handling of session key for Kerberos5. I don't think this should fix the mutual authentication bug with beta 4, but this should help forwarding credentials and should also help if someone actually defines ENCRYPTION. If user defines ENCRYPTION, telnetd has the nasty behavior of encrypting one side of the conversation, without telling the user; in particular, only server output is encrypted. Fixed by sending a do encrypt if encryption defined; fix taken from Athena telnetd. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@6955 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/telnet/telnetd/ChangeLog b/src/appl/telnet/telnetd/ChangeLog index 727cfa1be..da63e0e12 100644 --- a/src/appl/telnet/telnetd/ChangeLog +++ b/src/appl/telnet/telnetd/ChangeLog @@ -1,3 +1,8 @@ +Mon Oct 9 23:01:36 1995 Sam Hartman + + * telnetd.c (getterminaltype): If ENCRYPTION defined, send do + encryption, *not* just will encrypt. if you don't do this, then you won't encrypt the input to the server; your password prompt is encrypted, but your password isn't. + Tue Aug 8 11:26:54 1995 Sam Hartman * sys_term.c: Fail if the slave side dies. diff --git a/src/appl/telnet/telnetd/authenc.c b/src/appl/telnet/telnetd/authenc.c index 3aec7f9d2..573669894 100644 --- a/src/appl/telnet/telnetd/authenc.c +++ b/src/appl/telnet/telnetd/authenc.c @@ -87,3 +87,7 @@ telnet_gets(prompt, result, length, echo) return((char *)0); } #endif /* defined(AUTHENTICATION) || defined(ENCRYPTION) */ + + + + diff --git a/src/appl/telnet/telnetd/telnetd.c b/src/appl/telnet/telnetd/telnetd.c index 9fc2bd8a4..b91343ebf 100644 --- a/src/appl/telnet/telnetd/telnetd.c +++ b/src/appl/telnet/telnetd/telnetd.c @@ -650,6 +650,7 @@ getterminaltype(name) #ifdef ENCRYPTION send_will(TELOPT_ENCRYPT, 1); + send_do(TELOPT_ENCRYPT, 1); #endif /* ENCRYPTION */ send_do(TELOPT_TTYPE, 1); send_do(TELOPT_TSPEED, 1);