[874] in Kerberos-V5-bugs
Kerberos 5-B4-pl3 bug report (libtelnet/auth.c)
daemon@ATHENA.MIT.EDU (Craig Leres)
Wed Oct 19 06:08:34 1994
To: krb5-bugs@MIT.EDU, dab@cray.com
Cc: hobbit@asylum.sf.ca.us
Date: Wed, 19 Oct 94 03:08:19 PDT
From: Craig Leres <leres@ee.lbl.gov>
There are a couple of bugs in this guy.
- getauthmask() was looking for the wrong sense of a string
compare.
- auth_onoff() was clobbering the mask with a boolean return
status.
The symptom of these bugs were that you could only ever enable or
disable auth type 1 (KERBEROS_V4).
My appended context diff also includes code to only print the auth type
string once in auth_onoff() and auth_status(). (I also nuked an unused
variable.)
Craig
------
*** kerberosV.virgin/src/appl/telnet/libtelnet/auth.c Thu Aug 18 14:06:45 1994
--- kerberosV/src/appl/telnet/libtelnet/auth.c Wed Oct 19 02:53:02 1994
***************
*** 244,250 ****
{
register int x;
! if (strcasecmp(type, AUTHTYPE_NAME(0))) {
*maskp = -1;
return(1);
}
--- 244,250 ----
{
register int x;
! if (strcasecmp(type, AUTHTYPE_NAME(0)) == 0) {
*maskp = -1;
return(1);
}
***************
*** 277,283 ****
char *type;
int on;
{
! int mask = -1;
Authenticator *ap;
if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
--- 277,283 ----
char *type;
int on;
{
! int i, mask = -1;
Authenticator *ap;
if (!strcasecmp(type, "?") || !strcasecmp(type, "help")) {
***************
*** 284,291 ****
printf("auth %s 'type'\n", on ? "enable" : "disable");
printf("Where 'type' is one of:\n");
printf("\t%s\n", AUTHTYPE_NAME(0));
! for (ap = authenticators; ap->type; ap++)
printf("\t%s\n", AUTHTYPE_NAME(ap->type));
return(0);
}
--- 284,296 ----
printf("auth %s 'type'\n", on ? "enable" : "disable");
printf("Where 'type' is one of:\n");
printf("\t%s\n", AUTHTYPE_NAME(0));
! mask = 0;
! for (ap = authenticators; ap->type; ap++) {
! if ((mask & (i = typemask(ap->type))) != 0)
! continue;
! mask |= i;
printf("\t%s\n", AUTHTYPE_NAME(ap->type));
+ }
return(0);
}
***************
*** 293,299 ****
printf("%s: invalid authentication type\n", type);
return(0);
}
- mask = getauthmask(type, &mask);
if (on)
i_wont_support &= ~mask;
else
--- 298,303 ----
***************
*** 317,322 ****
--- 321,327 ----
auth_status()
{
Authenticator *ap;
+ int i, mask;
if (i_wont_support == -1)
printf("Authentication disabled\n");
***************
*** 323,332 ****
else
printf("Authentication enabled\n");
! for (ap = authenticators; ap->type; ap++)
printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
(i_wont_support & typemask(ap->type)) ?
"disabled" : "enabled");
return(1);
}
--- 328,342 ----
else
printf("Authentication enabled\n");
! mask = 0;
! for (ap = authenticators; ap->type; ap++) {
! if ((mask & (i = typemask(ap->type))) != 0)
! continue;
! mask |= i;
printf("%s: %s\n", AUTHTYPE_NAME(ap->type),
(i_wont_support & typemask(ap->type)) ?
"disabled" : "enabled");
+ }
return(1);
}
***************
*** 519,524 ****
--- 529,535 ----
unsigned char *data;
int cnt;
{
+ Authenticator *ap;
unsigned char savename[256];
if (cnt < 1) {
