telnet: Service and realm for libshishi.

ChangeLog

@@ -1,3 +1,21 @@
+2012-07-13  Mats Erik Andersson  <gnu@gisladisker.se>
+
+	telnet, telnetd: Set service name for libshishi
+	in server and allow client to specify realm.
+
+	* libtelnet/shishi.c (dest_realm): New variable.
+	(krb5shishi_send): Call shishi_realm_default_set()
+	whenever `dest_realm' is set.
+	(krb5shishi_is_auth): New variable SERVER.  Construct
+	a service name from `LocalHostName' and use it in a
+	call to shishi_hostkeys_for_server().
+	* telnet/main.c (dest_realm) [KRB4 || SHISHI]:
+	New external variable.
+	(argp_options) [AUTHENTICATION && (KRB4 || SHISHI)]:
+	Activate the option `-k/--realm' also whith SHISHI.
+	(parse_opt) [AUTHENTICATION && (KRB4 || SHISHI)]:
+	Likewise.
+
 2012-07-11  Mats Erik Andersson  <gnu@gisladisker.se>
 
 	Allow builds on OpenSolaris with libshishi.

libtelnet/shishi.c

@@ -40,6 +40,8 @@
 #  include "encrypt.h"
 # endif
 
+char *dest_realm = NULL;
+
 Shishi_key *enckey = NULL;
 
 static unsigned char str_data[2048] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
@@ -168,6 +170,10 @@ krb5shishi_send (TN_Authenticator * ap)
   sprintf (tmp, "host/%s", RemoteHostName);
   memset (&hint, 0, sizeof (hint));
   hint.server = tmp;
+
+  if (dest_realm && *dest_realm)
+    shishi_realm_default_set (shishi_handle, dest_realm);
+
   tkt = shishi_tkts_get (shishi_tkts_default (shishi_handle), &hint);
   free (tmp);
   if (!tkt)
@@ -398,7 +404,7 @@ krb5shishi_is_auth (TN_Authenticator * a, unsigned char *data, int cnt,
 {
   Shishi_key *key, *key2;
   int rc;
-  char *cnamerealm;
+  char *cnamerealm, *server;
   int cnamerealmlen;
 # ifdef ENCRYPTION
   Session_Key skey;
@@ -428,7 +434,16 @@ krb5shishi_is_auth (TN_Authenticator * a, unsigned char *data, int cnt,
       return 1;
     }
 
-  key = shishi_hostkeys_for_localservice (shishi_handle, "host");
+  server = malloc (strlen ("host/") + strlen (LocalHostName) + 1);
+  if (server)
+    {
+      sprintf (server, "host/%s", LocalHostName);
+      key = shishi_hostkeys_for_server (shishi_handle, server);
+      free (server);
+    }
+  else
+    key = shishi_hostkeys_for_localservice (shishi_handle, "host");
+
   if (key == NULL)
     {
       snprintf (errbuf, errbuflen, "Could not find key:\n%s\n",

telnet/main.c

@@ -111,6 +111,10 @@ enum {
   OPTION_NOASYNCNET
 };
 
+#if defined KRB4 || defined SHISHI
+extern char *dest_realm;
+#endif
+
 static struct argp_option argp_options[] = {
 #define GRID 10
   { NULL, 0, NULL, 0,
@@ -160,7 +164,7 @@ static struct argp_option argp_options[] = {
     "Authentication and Kerberos options:", GRID },
   { "disable-auth", 'X', "ATYPE", 0,
     "disable type ATYPE authentication", GRID+1 },
-# if defined KRB4
+# if defined KRB4 || defined SHISHI
   { "realm", 'k', "REALM", 0,
     "obtain tickets for the remote host in REALM "
     "instead of the remote host's realm", GRID+1 },
@@ -257,7 +261,8 @@ parse_opt (int key, char *arg, struct argp_state *state)
       break;
 #endif
 
-#if defined AUTHENTICATION && defined KRB4
+#if defined AUTHENTICATION && \
+      ( defined KRB4 || defined SHISHI )
     case 'k':
       dest_realm = arg;
       break;