[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal client/server with w2k kdc



Here is a patch for heimdal 0.6.1 to make telnet and ftp work with pac fields when a MS kdc is used.
 
 
Markus

MAAAAA MOOOR <huaraz@btinternet.com> wrote:
The crash is definitly related to the pac field. I tested it by using MIT 1.3.1 with the kinit patch from http://mailman.mit.edu/pipermail/krbdev/2003-August/001917.html to get credentials without the pac field.  The telnet client doesn't crash if I don't use the pac field.

Markus

MAAAAA MOOOR <huaraz@btinternet.com> wrote:
I try to use Heimdal 0.61 clients together  with a w2k kdc and rc4-hmac.
Most parts work fine except that there are some buffer overflows because of the bigger ticket as windows send the pac field details. In ftpd the command  buffer has to be increased in ftpcmd.c from 2048 to something much bigger (e.g. 2048*16) so that the ADAT command can't send the whole ticket. Also the telnet client crashes, but I didn't find yet where. Does anbody have checked this before ?

Thanks
Markus

>telnet -x server1.test.com
Encryption is verbose
Trying 10.110.11.206...
Connected to server1.test.com.
Escape character is '^]'.
Waiting for encryption to be negotiated...
[ Trying mutual KERBEROS5 (host/server1.test.com@TEST.COM)... ]
[ Mutual authentication failed: Key size is incompatible with encryption type ]
[ Trying KERBEROS5 (host/server1.test.com@TEST.COM)... ]
Segmentation fault

diff -c -r heimdal-0.6.1/appl/ftp/ftpd/ftpcmd.y heimdal-0.6.1-new/appl/ftp/ftpd/ftpcmd.y
*** heimdal-0.6.1/appl/ftp/ftpd/ftpcmd.y	2001-08-05 07:39:29.000000000 +0100
--- heimdal-0.6.1-new/appl/ftp/ftpd/ftpcmd.y	2004-06-20 15:50:20.000000000 +0100
***************
*** 50,56 ****
  static	int cmd_type;
  static	int cmd_form;
  static	int cmd_bytesz;
! char	cbuf[2048];
  char	*fromname;
  
  struct tab {
--- 50,56 ----
  static	int cmd_type;
  static	int cmd_form;
  static	int cmd_bytesz;
! char	cbuf[2048*64];
  char	*fromname;
  
  struct tab {
diff -c -r heimdal-0.6.1/appl/telnet/libtelnet/kerberos.c heimdal-0.6.1-new/appl/telnet/libtelnet/kerberos.c
*** heimdal-0.6.1/appl/telnet/libtelnet/kerberos.c	2001-08-22 21:30:22.000000000 +0100
--- heimdal-0.6.1-new/appl/telnet/libtelnet/kerberos.c	2004-06-20 15:58:14.000000000 +0100
***************
*** 82,88 ****
  int kerberos4_cksum (unsigned char *, int);
  extern int auth_debug_mode;
  
! static unsigned char str_data[2048] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
  			  		AUTHTYPE_KERBEROS_V4, };
  
  #define	KRB_AUTH	0		/* Authentication data follows */
--- 82,88 ----
  int kerberos4_cksum (unsigned char *, int);
  extern int auth_debug_mode;
  
! static unsigned char str_data[2048*64] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
  			  		AUTHTYPE_KERBEROS_V4, };
  
  #define	KRB_AUTH	0		/* Authentication data follows */
diff -c -r heimdal-0.6.1/appl/telnet/libtelnet/kerberos5.c heimdal-0.6.1-new/appl/telnet/libtelnet/kerberos5.c
*** heimdal-0.6.1/appl/telnet/libtelnet/kerberos5.c	2002-09-20 15:37:46.000000000 +0100
--- heimdal-0.6.1-new/appl/telnet/libtelnet/kerberos5.c	2004-06-20 15:58:30.000000000 +0100
***************
*** 97,103 ****
  
  void kerberos5_forward (Authenticator *);
  
! static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
  			  		AUTHTYPE_KERBEROS_V5, };
  
  #define	KRB_AUTH		0	/* Authentication data follows */
--- 97,103 ----
  
  void kerberos5_forward (Authenticator *);
  
! static unsigned char str_data[1024*128] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
  			  		AUTHTYPE_KERBEROS_V5, };
  
  #define	KRB_AUTH		0	/* Authentication data follows */
diff -c -r heimdal-0.6.1/appl/telnet/telnet/network.c heimdal-0.6.1-new/appl/telnet/telnet/network.c
*** heimdal-0.6.1/appl/telnet/telnet/network.c	2000-10-08 14:28:21.000000000 +0100
--- heimdal-0.6.1-new/appl/telnet/telnet/network.c	2004-06-20 15:51:22.000000000 +0100
***************
*** 36,42 ****
  RCSID("$Id: network.c,v 1.11 2000/10/08 13:28:21 assar Exp $");
  
  Ring		netoring, netiring;
! unsigned char	netobuf[2*BUFSIZ], netibuf[BUFSIZ];
  
  /*
   * Initialize internal network data structures.
--- 36,42 ----
  RCSID("$Id: network.c,v 1.11 2000/10/08 13:28:21 assar Exp $");
  
  Ring		netoring, netiring;
! unsigned char	netobuf[2*BUFSIZ*64], netibuf[BUFSIZ*64];
  
  /*
   * Initialize internal network data structures.
diff -c -r heimdal-0.6.1/appl/telnet/telnetd/state.c heimdal-0.6.1-new/appl/telnet/telnetd/state.c
*** heimdal-0.6.1/appl/telnet/telnetd/state.c	2000-10-02 06:06:02.000000000 +0100
--- heimdal-0.6.1-new/appl/telnet/telnetd/state.c	2004-06-20 15:55:27.000000000 +0100
***************
*** 45,51 ****
   * Buffer for sub-options, and macros
   * for suboptions buffer manipulations
   */
! unsigned char subbuffer[2048], *subpointer= subbuffer, *subend= subbuffer;
  
  #define	SB_CLEAR()	subpointer = subbuffer
  #define	SB_TERM()	{ subend = subpointer; SB_CLEAR(); }
--- 45,51 ----
   * Buffer for sub-options, and macros
   * for suboptions buffer manipulations
   */
! unsigned char subbuffer[2048*64], *subpointer= subbuffer, *subend= subbuffer;
  
  #define	SB_CLEAR()	subpointer = subbuffer
  #define	SB_TERM()	{ subend = subpointer; SB_CLEAR(); }