From 96fba87959f67e95bfea9cdab77e43bd6f28c36a Mon Sep 17 00:00:00 2001
From: Assar Westerlund <assar@sics.se>
Date: Thu, 13 Feb 1997 23:23:15 +0000
Subject: [PATCH] I hope these modifications are better.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@1236 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 appl/telnet/libtelnet/kerberos5.c | 66 ++++++++++++++++++++++---------
 1 file changed, 47 insertions(+), 19 deletions(-)

diff --git a/appl/telnet/libtelnet/kerberos5.c b/appl/telnet/libtelnet/kerberos5.c
index 29c78b54b..1ee3b0dd0 100644
--- a/appl/telnet/libtelnet/kerberos5.c
+++ b/appl/telnet/libtelnet/kerberos5.c
@@ -129,7 +129,7 @@ static	krb5_authenticator authenticator;
 static	k5_Authenticator authenticator;
 
 static krb5_context context;
-static krb5_auth_context *auth_context;
+static krb5_auth_context auth_context;
 
 /* some compilers can't hack void *, so we use the Kerberos krb5_pointer,
    which is either void * or char *, depending on the compiler. */
@@ -178,13 +178,14 @@ kerberos5_init(Authenticator *ap, int server)
     return(1);
 }
 
-int
-kerberos5_send(Authenticator *ap)
+static int
+kerberos5_send(char *name, Authenticator *ap)
 {
     krb5_error_code r;
     krb5_ccache ccache;
     int ap_opts;
     
+    printf("[ Trying %s ... ]\r\n", name);
     if (!UserNameRequested) {
 	if (auth_debug_mode) {
 	    printf("Kerberos V5: no user name supplied\r\n");
@@ -213,7 +214,7 @@ kerberos5_send(Authenticator *ap)
     if (r) {
 	if (auth_debug_mode) {
 	    printf("Kerberos V5: mk_req failed (%s)\r\n",
-		   krb5_get_err_text(r));
+		   krb5_get_err_text(context, r));
 	}
 	return(0);
     }
@@ -234,14 +235,26 @@ kerberos5_send(Authenticator *ap)
     return(1);
 }
 
+int
+kerberos5_send_mutual(Authenticator *ap)
+{
+    return kerberos5_send("mutual KERBEROS5", ap);
+}
+
+int
+kerberos5_send_oneway(Authenticator *ap)
+{
+    return kerberos5_send("KERBEROS5", ap);
+}
+
 void
 kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 {
     int r;
     krb5_data outbuf;
     krb5_ticket *ticket;
-    
     krb5_keyblock *key_block;
+    char *name;
 
     if (cnt-- < 1)
 	return;
@@ -267,40 +280,41 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 		printf("%s\r\n", errbuf);
 	    return;
 	}
-#if 0
 	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
-	    r = krb5_mk_rep(context, auth_context, &outbuf);
+	    r = krb5_mk_rep(context, &auth_context, &outbuf);
 	    if(r){
-
+	      abort ();
 	    }
 	    Data(ap, KRB_RESPONSE, outbuf.data, outbuf.length);
 	}
-	if (krb5_unparse_name(context, ticket->enc_part2->client, &name))
+	if (krb5_unparse_name(context, ticket->enc_part2.client, &name))
 	    name = 0;
-#endif
-#if 0
 	Data(ap, KRB_ACCEPT, name, name ? -1 : 0);
 	if (auth_debug_mode) {
 	    printf("Kerberos5 identifies him as ``%s''\r\n",
 		   name ? name : "");
 	}
-#endif
 	auth_finished(ap, AUTH_USER);
 
-#if 0
 	r = krb5_auth_con_getkey(context, auth_context, &key_block);
 	if(r){
+	  abort ();
 	}
-#endif
 	
 	if(key_block->keytype == KEYTYPE_DES){
+	  Session_Key skey;
+
+	  skey.type = SK_DES;
+	  skey.length = 8;
+	  skey.data = key_block->contents.data;
+	  encrypt_session_key(&skey, 0);
+#if 0
 	    memcpy(&session_key, key_block->contents.data,
 		   sizeof(session_key));
+#endif
 	}
 
-#if 0
 	krb5_free_keyblock(context, key_block);
-#endif
 	
 	break;
 #ifdef	FORWARD
@@ -393,6 +407,22 @@ kerberos5_reply(Authenticator *ap, unsigned char *data, int cnt)
 	    }
 #endif
 	    krb5_free_ap_rep_enc_part(context, reply);
+	    {
+	      Session_Key skey;
+	      krb5_keyblock *keyblock;
+	      
+	      if (r = krb5_auth_con_getkey (context,
+					    auth_context,
+					    &keyblock)) {
+		abort ();
+	      }
+	      
+	      skey.type = SK_DES;
+	      skey.length = 8;
+	      skey.data = keyblock->contents.data;
+	      encrypt_session_key(&skey, 0);
+	      krb5_free_keyblock (context, keyblock);
+	    }
 	    mutual_complete = 1;
 	}
 	return;
@@ -418,15 +448,13 @@ kerberos5_status(Authenticator *ap, char *name, int level)
     if (level < AUTH_USER)
 	return(level);
 
-#if 0
     if (UserNameRequested &&
-	krb5_kuserok(context, authdat->ticket->enc_part2->client, UserNameRequested))
+	/*krb5_kuserok(context, authdat->ticket->enc_part2->client, UserNameRequested)*/ 1)
 	{
 	    strcpy(name, UserNameRequested);
 	    return(AUTH_VALID);
 	} else
 	    return(AUTH_USER);
-#endif
 }
 
 #define	BUMP(buf, len)		while (*(buf)) {++(buf), --(len);}