From joelh@beastie.mayfield.hp.com Tue Jun 20 11:17:38 2000 Return-Path: Received: from palrel3.hp.com (palrel3.hp.com [156.153.255.226]) by hub.freebsd.org (Postfix) with ESMTP id BBE4837B9C0 for ; Tue, 20 Jun 2000 11:17:37 -0700 (PDT) (envelope-from joelh@beastie.mayfield.hp.com) Received: from beastie.mayfield.hp.com (beastie.mayfield.hp.com [15.37.242.90]) by palrel3.hp.com (Postfix) with ESMTP id 58D2D320 for ; Tue, 20 Jun 2000 11:17:17 -0700 (PDT) Received: (from joelh@localhost) by beastie.mayfield.hp.com (8.9.3/8.9.3) id LAA64066; Tue, 20 Jun 2000 11:17:25 -0700 (PDT) (envelope-from joelh) Message-Id: <200006201817.LAA64066@beastie.mayfield.hp.com> Date: Tue, 20 Jun 2000 11:17:25 -0700 (PDT) From: joelh@gnu.org Sender: joelh@beastie.mayfield.hp.com Reply-To: joelh@gnu.org To: FreeBSD-gnats-submit@freebsd.org Subject: telnetd sends DO AUTHENTICATION w/ authentication disabled [PATCH] X-Send-Pr-Version: 3.2 >Number: 19405 >Category: bin >Synopsis: telnetd(8) sends DO AUTHENTICATION even if authentication is disabled >Confidential: no >Severity: serious >Priority: medium >Responsible: jhb >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Jun 20 11:20:00 PDT 2000 >Closed-Date: Wed Aug 27 13:59:28 UTC 2008 >Last-Modified: Wed Aug 27 13:59:28 UTC 2008 >Originator: Joel Ray Holveck >Release: FreeBSD 4.0-STABLE i386 >Organization: >Environment: FreeBSD 4.0 w/ crypto. inetd.conf lists: telnet stream tcp nowait root /home/joelh/telnetd/telnetd telnetd -a off >Description: telnetd sends DO AUTHENTICATION even when authentication is disabled. With HP-UX 11.0 telnet, this causes a deadlock condition, in which the server is waiting for a WILL/WONT AUTHENTICATION, and the client... well I don't know what the client is thinking. Here's a trace for the interested. The boxes in question are tonga (HP-UX 11.0) and beastie (FreeBSD 4.0). 10:58:21.015413 tonga.49417 > beastie.telnet: S 2767829556:2767829556(0) win 32768 (ttl 64, id 38837) 10:58:21.015985 beastie.telnet > tonga.49417: S 3941562774:3941562774(0) ack 2767829557 win 17520 (DF) (ttl 64, id 2711) 10:58:21.026234 tonga.49417 > beastie.telnet: P 1:16(15) ack 1 win 32768 [telnet DO SUPPRESS GO AHEAD, WILL TERMINAL TYPE, WILL TSPEED, WILL LFLOW, WILL NAWS] (ttl 64, id 38838) 10:58:21.118078 beastie.telnet > tonga.49417: P 1:4(3) ack 16 win 17505 [telnet DO AUTHENTICATION] (DF) [tos 0x10] (ttl 64, id 2715) 10:58:21.187846 tonga.49417 > beastie.telnet: . 16:16(0) ack 4 win 32768 (ttl 64, id 38839) 10:58:21.188154 beastie.telnet > tonga.49417: P 4:19(15) ack 16 win 17520 [telnet WILL SUPPRESS GO AHEAD, DO TERMINAL TYPE, DO TSPEED, DO LFLOW, DO NAWS] (DF) [tos 0x10] (ttl 64, id 2718) 10:58:21.189491 tonga.49417 > beastie.telnet: P 16:25(9) ack 19 win 32768 [telnet SB NAWS IS 'P' SE] (ttl 64, id 38840) 10:58:21.280924 beastie.telnet > tonga.49417: . 19:19(0) ack 25 win 17520 (DF) [tos 0x10] (ttl 64, id 2719) === wait for a while, then close telnet === 10:58:28.942639 tonga.49417 > beastie.telnet: F 25:25(0) ack 19 win 32768 (ttl 64, id 38841) 10:58:28.942987 beastie.telnet > tonga.49417: . 19:19(0) ack 26 win 17520 (DF) [tos 0x10] (ttl 64, id 2771) 10:58:28.946987 beastie.telnet > tonga.49417: F 19:19(0) ack 26 win 17520 (DF) [tos 0x10] (ttl 64, id 2772) 10:58:28.948412 tonga.49417 > beastie.telnet: . 26:26(0) ack 20 win 32768 (ttl 64, id 38842) >How-To-Repeat: Take a stock HP-UX 11.0 box and a FreeBSD 4.0 box with crypto installed. Edit inetd.conf and add "-a off" to the end, and SIGHUP inetd. Start a tcpdump -v if you like. Telnet from the HP to the BSD box. Watch a whole lot of nothing happen. >Fix: For the problem of telnetd incorrectly sending DO AUTHENTICATE: Apply the below patch to /usr/src/crypto/telnet/telnetd/telnetd.c (The non-crypto telnetd has this code #ifdef'd out anyway. The heimdal and krb4 telnetd's are much different; I don't know if they suffer the same symptoms.) -----cut here----- --- telnetd.c.orig Tue Jun 20 11:08:41 2000 +++ telnetd.c Fri Jun 9 18:38:27 2000 @@ -643,11 +643,13 @@ /* * Handle the Authentication option before we do anything else. */ - send_do(TELOPT_AUTHENTICATION, 1); - while (his_will_wont_is_changing(TELOPT_AUTHENTICATION)) - ttloop(); - if (his_state_is_will(TELOPT_AUTHENTICATION)) { - retval = auth_wait(name); + if (auth_level >= 0) { + send_do(TELOPT_AUTHENTICATION, 1); + while (his_will_wont_is_changing(TELOPT_AUTHENTICATION)) + ttloop(); + if (his_state_is_will(TELOPT_AUTHENTICATION)) { + retval = auth_wait(name); + } } #endif -----cut here----- If you're having the problem with HP/BSD communication, apply the above patch and disable authentication (described in How-To-Repeat, above). >Release-Note: >Audit-Trail: State-Changed-From-To: open->feedback State-Changed-By: mike State-Changed-When: Sat Jul 21 21:12:16 PDT 2001 State-Changed-Why: Does this problem still occur in newer versions of FreeBSD, such as 4.3-RELEASE? http://www.FreeBSD.org/cgi/query-pr.cgi?pr=19405 From: Mike Barcroft To: freebsd-gnats-submit@FreeBSD.org Cc: Subject: Re: bin/19405: telnetd sends DO AUTHENTICATION even if authentication is disabled Date: Mon, 23 Jul 2001 12:21:39 -0400 Adding to Audit-Trail. ----- Forwarded message from Joel Ray Holveck ----- Delivered-To: mike@freebsd.org To: Cc: freebsd-bugs@FreeBSD.org Subject: Re: bin/19405: telnetd sends DO AUTHENTICATION even if authentication is disabled From: Joel Ray Holveck Precedence: first-class Date: 23 Jul 2001 00:37:23 -0700 In-Reply-To: 's message of "Sat, 21 Jul 2001 21:12:31 -0700 (PDT)" X-Mailer: Gnus v5.7/Emacs 20.7 > Synopsis: telnetd sends DO AUTHENTICATION even if authentication is disabled > State-Changed-From-To: open->feedback > State-Changed-By: mike > State-Changed-When: Sat Jul 21 21:12:16 PDT 2001 > State-Changed-Why: > Does this problem still occur in newer versions of FreeBSD, > such as 4.3-RELEASE? > http://www.FreeBSD.org/cgi/query-pr.cgi?pr=19405 Yes, it does on my 4.3-STABLE box. joelh -- Joel Ray Holveck - joelh@gnu.org Fourth law of programming: Anything that can go wrong wi sendmail: segmentation violation - core dumped ----- End forwarded message ----- State-Changed-From-To: feedback->suspended State-Changed-By: mike State-Changed-When: Mon Jul 23 16:53:38 PDT 2001 State-Changed-Why: Still a problem in 4.3-STABLE. Awaiting fix and committer. http://www.FreeBSD.org/cgi/query-pr.cgi?pr=19405 Responsible-Changed-From-To: freebsd-bugs->markm Responsible-Changed-By: johan Responsible-Changed-When: Thu Aug 22 18:20:53 PDT 2002 Responsible-Changed-Why: Over to telnet maintainer. http://www.freebsd.org/cgi/query-pr.cgi?pr=19405 State-Changed-From-To: suspended->patched State-Changed-By: jhb State-Changed-When: Mon Jul 28 18:58:26 UTC 2008 State-Changed-Why: Extended patch (had to disable it in one other place as well) committed to HEAD. Responsible-Changed-From-To: markm->jhb Responsible-Changed-By: jhb Responsible-Changed-When: Mon Jul 28 18:58:26 UTC 2008 Responsible-Changed-Why: Extended patch (had to disable it in one other place as well) committed to HEAD. http://www.freebsd.org/cgi/query-pr.cgi?pr=19405 From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: bin/19405: commit references a PR Date: Mon, 28 Jul 2008 18:59:17 +0000 (UTC) jhb 2008-07-28 18:58:16 UTC FreeBSD src repository Modified files: contrib/telnet/telnetd state.c telnetd.c Log: SVN rev 180931 on 2008-07-28 18:58:16Z by jhb Don't attempt authentication at all if it has been disabled via '-a off'. This works around a bug in HP-UX's telnet client and also gives a much saner user experience when using FreeBSD's telnet client. PR: bin/19405 Submitted by: Joel Ray Holveck joelh of gnu.org MFC after: 1 month Revision Changes Path 1.15 +4 -2 src/contrib/telnet/telnetd/state.c 1.30 +7 -5 src/contrib/telnet/telnetd/telnetd.c _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" State-Changed-From-To: patched->closed State-Changed-By: jhb State-Changed-When: Wed Aug 27 13:59:12 UTC 2008 State-Changed-Why: Merged to 6.x and 7.x. http://www.freebsd.org/cgi/query-pr.cgi?pr=19405 >Unformatted: