From a948d8a850e18c880e61ae93e87f6d1256d42ebb Mon Sep 17 00:00:00 2001
From: nectar <nectar@ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f>
Date: Thu, 6 Mar 2003 13:41:53 +0000
Subject: [PATCH] Unbreak Kerberos 5 authentication in telnet. (Credential
 forwarding is still broken.)

PR:	bin/45397


git-svn-id: http://svn0.us-east.freebsd.org/base/head/contrib/telnet@111946 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f
---
 libtelnet/kerberos5.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/libtelnet/kerberos5.c b/libtelnet/kerberos5.c
index d75fcc2..ab7b2dc 100644
--- a/libtelnet/kerberos5.c
+++ b/libtelnet/kerberos5.c
@@ -192,6 +192,7 @@ kerberos5_send(const char *name, Authenticator *ap)
 	ap_opts = AP_OPTS_MUTUAL_REQUIRED;
     else
 	ap_opts = 0;
+    ap_opts |= AP_OPTS_USE_SUBKEY;
     
     ret = krb5_auth_con_init (context, &auth_context);
     if (ret) {
@@ -409,6 +410,29 @@ kerberos5_is(Authenticator *ap, unsigned char *data, int cnt)
 	    return;
 	}
 
+	if (key_block == NULL) {
+	    ret = krb5_auth_con_getkey(context,
+				       auth_context,
+				       &key_block);
+	}
+	if (ret) {
+	    Data(ap, KRB_REJECT, "krb5_auth_con_getkey failed", -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    if (auth_debug_mode)
+		printf("Kerberos V5: "
+		       "krb5_auth_con_getkey failed (%s)\r\n",
+		       krb5_get_err_text(context, ret));
+	    return;
+	}
+	if (key_block == NULL) {
+	    Data(ap, KRB_REJECT, "no subkey received", -1);
+	    auth_finished(ap, AUTH_REJECT);
+	    if (auth_debug_mode)
+		printf("Kerberos V5: "
+		       "krb5_auth_con_getremotesubkey returned NULL key\r\n");
+	    return;
+	}
+
 	if ((ap->way & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) {
 	    ret = krb5_mk_rep(context, auth_context, &outbuf);
 	    if (ret) {