Bug#423944: /usr/bin/inetutils-telnet: Complains about ~/.shishi/tickets and creates ~/.shishi, for all connections

[Simon Josefsson]

Hi!

I've pondered this issue, and have reached these conclusions:

1) libshishi should create the directory and user configuration file.
   This is needed because the sysadmin may make site-local customization
   in the user skeleton file, and for those to take effect, libshishi
   needs to copy it to the user home directory.

   I did consider whether possibly the command line tool 'shishi' could
   be responsible for creating the directory and copying the user
   configuration file, but this is not a good idea: it should be
   possible to use libshishi from other application, in particular GUI
   applications.  Invoking the command line tool shouldn't be required.

2) we should minimize the amount of output related to this.  With the
   shishi in git, I get the following output when running telnet without
   a ~/.shishi/:

address@hidden:~$ inetutils-telnet my.nada.kth.se
Trying 130.237.226.234...
Automatic encryption of output is enabled
Will send login name and/or authentication information.
Connected to my.nada.kth.se.
Escape character is '^]'.
libshishi: info: created `/home/jas/.shishi/shishi.conf'
...

After the first invocation, I get:

address@hidden:~$ inetutils-telnet my.nada.kth.se
Trying 130.237.226.234...
Automatic encryption of output is enabled
Will send login name and/or authentication information.
Connected to my.nada.kth.se.
Escape character is '^]'.
...

This seems OK to me, if it would only be printed when the user requests
a Kerberos connection.  Which brings us to:

3) telnet should delay initialization of Shishi until it knows that
   Kerberos is needed.  The patch below achieves this, and the output
   when there is no ~/.shishi/ will be:

address@hidden:~/src/inetutils/telnet$ ./telnet my.nada.kth.se
Trying 130.237.226.234...
Encryption is verbose
Connected to my.nada.kth.se.
Escape character is '^]'.
telnetd: Authorization failed.
Connection closed by foreign host.
address@hidden:~/src/inetutils/telnet$ ./telnet -a my.nada.kth.se
Trying 130.237.226.234...
Encryption is verbose
Connected to my.nada.kth.se.
Escape character is '^]'.
libshishi: info: created `/home/jas/.shishi/shishi.conf'
telnetd: Authorization failed.
^CConnection closed by foreign host.
address@hidden:~/src/inetutils/telnet$ ./telnet -a my.nada.kth.se
Trying 130.237.226.234...
Encryption is verbose
Connected to my.nada.kth.se.
Escape character is '^]'.
telnetd: Authorization failed.
^CCConnection closed by foreign host.
address@hidden:~/src/inetutils/telnet$ 

Thoughts?

/Simon

Index: libtelnet/shishi.c
===================================================================
RCS file: /sources/inetutils/inetutils/libtelnet/shishi.c,v
retrieving revision 1.4
diff -u -p -r1.4 shishi.c
--- libtelnet/shishi.c  29 Jun 2007 16:29:31 -0000      1.4
+++ libtelnet/shishi.c  17 Jan 2008 16:14:19 -0000
@@ -1,4 +1,4 @@
-/* Copyright (C) 2003, 2007 Free Software Foundation, Inc.
+/* Copyright (C) 2003, 2007, 2008 Free Software Foundation, Inc.
 
 This file is part of Shishi / GNU Inetutils.
 
@@ -58,7 +58,7 @@ static unsigned char str_data[2048] = { 
 # define KRB_ACCEPT           2        /* Accepted */
 # define KRB_RESPONSE         3        /* Response for mutual auth. */
 
-Shishi *shishi_handle = 0;
+Shishi *shishi_handle = NULL;
 Shishi_ap *auth_handle;
 
 # define DEBUG(c) if (auth_debug_mode) printf c
@@ -104,14 +104,29 @@ int
 krb5shishi_init (TN_Authenticator * ap, int server)
 {
   if (server)
+    str_data[3] = TELQUAL_REPLY;
+  else
+    str_data[3] = TELQUAL_IS;
+
+  if (!shishi_check_version (SHISHI_VERSION))
+    return 0;
+
+  return 1;
+}
+
+static int
+delayed_shishi_init (void)
+{
+  if (shishi_handle)
+    return 1;
+
+  if (str_data[3] == TELQUAL_REPLY)
     {
-      str_data[3] = TELQUAL_REPLY;
       if (!shishi_handle && shishi_init_server (&shishi_handle) != SHISHI_OK)
        return 0;
     }
   else
     {
-      str_data[3] = TELQUAL_IS;
       if (!shishi_handle && shishi_init (&shishi_handle) != SHISHI_OK)
        return 0;
     }
@@ -122,11 +137,11 @@ krb5shishi_init (TN_Authenticator * ap, 
 void
 krb5shishi_cleanup (TN_Authenticator * ap)
 {
-  if (shishi_handle == 0)
+  if (shishi_handle == NULL)
     return;
 
   shishi_done (shishi_handle);
-  shishi_handle = 0;
+  shishi_handle = NULL;
 }
 
 int
@@ -142,6 +157,12 @@ krb5shishi_send (TN_Authenticator * ap)
   char *apreq;
   size_t apreq_len;
 
+  if (!delayed_shishi_init ())
+    {
+      DEBUG (("telnet: Kerberos V5: shishi initialization failed\r\n"));
+      return 0;
+    }
+
   tmp = malloc (strlen ("host/") + strlen (RemoteHostName) + 1);
   sprintf (tmp, "host/%s", RemoteHostName);
   memset (&hint, 0, sizeof (hint));
@@ -382,6 +403,12 @@ krb5shishi_is_auth (TN_Authenticator * a
   Session_Key skey;
 # endif
 
+  if (!delayed_shishi_init ())
+    {
+      DEBUG (("telnet: Kerberos V5: shishi initialization failed\r\n"));
+      return 0;
+    }
+
   rc = shishi_ap (shishi_handle, &auth_handle);
   if (rc != SHISHI_OK)
     {