oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

clean the last bits of KRB4 support in KDC

Browse Source
This commit is contained in:
Love Hornquist Astrand
2011-05-07 11:44:15 -07:00
parent 1a77d64a97
commit 657297a738
4 changed files with 0 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
kdc/config.c
View File

@@ -50,10 +50,6 @@ static int require_preauth = -1; /* 1 == require preauth for all principals */
static char *max_request_str; /* `max_request' as a string */
static int disable_des = -1;
static int enable_v4 = -1;
static int enable_kaserver = -1;
static int enable_524 = -1;
static int enable_v4_cross_realm = -1;
static int builtin_hdb_flag;
static int help_flag;
@@ -61,8 +57,6 @@ static int version_flag;
static struct getarg_strings addresses_str; /* addresses to listen on */
static char *v4_realm;
char *runas_string;
char *chroot_string;
@@ -82,24 +76,6 @@ static struct getargs args[] = {
},
{ "enable-http", 'H', arg_flag, &enable_http, "turn on HTTP support",
NULL },
{ "524", 0, arg_negative_flag, &enable_524,
"don't respond to 524 requests", NULL
},
{
"kaserver", 'K', arg_flag, &enable_kaserver,
"enable kaserver support", NULL
},
{ "kerberos4", 0, arg_flag, &enable_v4,
"respond to kerberos 4 requests", NULL
},
{
"v4-realm", 'r', arg_string, &v4_realm,
"realm to serve v4-requests for", NULL
},
{ "kerberos4-cross-realm", 0, arg_flag,
&enable_v4_cross_realm,
"respond to kerberos 4 requests from foreign realms", NULL
},
{ "ports", 'P', arg_string, rk_UNCONST(&port_str),
"ports to listen to", "portspec"
},
@@ -262,15 +238,6 @@ configure(krb5_context context, int argc, char **argv)
}
}
if(enable_v4 != -1)
config->enable_v4 = enable_v4;
if(enable_v4_cross_realm != -1)
config->enable_v4_cross_realm = enable_v4_cross_realm;
if(enable_524 != -1)
config->enable_524 = enable_524;
if(enable_http == -1)
enable_http = krb5_config_get_bool(context, NULL, "kdc",
"enable-http", NULL);
@@ -286,9 +253,6 @@ configure(krb5_context context, int argc, char **argv)
krb5_errx(context, 1, "enforce-transited-policy deprecated, "
"use [kdc]transited-policy instead");
if (enable_kaserver != -1)
config->enable_kaserver = enable_kaserver;
#ifdef SUPPORT_DETACH
if(detach_from_console == -1)
detach_from_console = krb5_config_get_bool_default(context, NULL,
@@ -305,12 +269,6 @@ configure(krb5_context context, int argc, char **argv)
if (port_str == NULL)
port_str = "+";
if (v4_realm)
config->v4_realm = v4_realm;
if(config->v4_realm == NULL && (config->enable_kaserver || config->enable_v4))
krb5_errx(context, 1, "Kerberos 4 enabled but no realm configured");
if(disable_des == -1)
disable_des = krb5_config_get_bool_default(context, NULL,
FALSE,
@@ -323,13 +281,6 @@ configure(krb5_context context, int argc, char **argv)
krb5_enctype_disable(context, ETYPE_DES_CBC_NONE);
krb5_enctype_disable(context, ETYPE_DES_CFB64_NONE);
krb5_enctype_disable(context, ETYPE_DES_PCBC_NONE);
kdc_log(context, config,
0, "DES was disabled, turned off Kerberos V4, 524 "
"and kaserver");
config->enable_v4 = 0;
config->enable_524 = 0;
config->enable_kaserver = 0;
}
krb5_kdc_windc_init(context);

10
kdc/connect.c
View File

@@ -148,16 +148,6 @@ add_standard_ports (krb5_context context,
add_port_service(context, family, "kerberos-sec", 88, "tcp");
if(enable_http)
add_port_service(context, family, "http", 80, "tcp");
if(config->enable_524) {
add_port_service(context, family, "krb524", 4444, "udp");
add_port_service(context, family, "krb524", 4444, "tcp");
}
if(config->enable_v4) {
add_port_service(context, family, "kerberos-iv", 750, "udp");
add_port_service(context, family, "kerberos-iv", 750, "tcp");
}
if (config->enable_kaserver)
add_port_service(context, family, "afs3-kaserver", 7004, "udp");
if(config->enable_kx509) {
add_port_service(context, family, "kca_service", 9878, "udp");
add_port_service(context, family, "kca_service", 9878, "tcp");

39
kdc/default_config.c
View File

@@ -55,10 +55,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
c->allow_null_ticket_addresses = TRUE;
c->allow_anonymous = FALSE;
c->trpolicy = TRPOLICY_ALWAYS_CHECK;
c->enable_v4 = FALSE;
c->enable_kaserver = FALSE;
c->enable_524 = FALSE;
c->enable_v4_cross_realm = FALSE;
c->enable_pkinit = FALSE;
c->pkinit_princ_in_cert = TRUE;
c->pkinit_require_binding = TRUE;
@@ -70,19 +66,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
krb5_config_get_bool_default(context, NULL,
c->require_preauth,
"kdc", "require-preauth", NULL);
c->enable_v4 =
krb5_config_get_bool_default(context, NULL,
c->enable_v4,
"kdc", "enable-kerberos4", NULL);
c->enable_v4_cross_realm =
krb5_config_get_bool_default(context, NULL,
c->enable_v4_cross_realm,
"kdc",
"enable-kerberos4-cross-realm", NULL);
c->enable_524 =
krb5_config_get_bool_default(context, NULL,
c->enable_v4,
"kdc", "enable-524", NULL);
#ifdef DIGEST
c->enable_digest =
krb5_config_get_bool_default(context, NULL,
@@ -180,28 +163,6 @@ krb5_kdc_get_config(krb5_context context, krb5_kdc_configuration **config)
}
}
{
const char *p;
p = krb5_config_get_string (context, NULL,
"kdc",
"v4-realm",
NULL);
if(p != NULL) {
c->v4_realm = strdup(p);
if (c->v4_realm == NULL)
krb5_errx(context, 1, "out of memory");
} else {
c->v4_realm = NULL;
}
}
c->enable_kaserver =
krb5_config_get_bool_default(context,
NULL,
c->enable_kaserver,
"kdc", "enable-kaserver", NULL);
c->encode_as_rep_as_tgs_rep =
krb5_config_get_bool_default(context, NULL,
c->encode_as_rep_as_tgs_rep,

9
kdc/kdc.h
View File

@@ -64,15 +64,6 @@ typedef struct krb5_kdc_configuration {
krb5_boolean allow_anonymous;
enum krb5_kdc_trpolicy trpolicy;
char *v4_realm;
krb5_boolean enable_v4;
krb5_boolean enable_v4_cross_realm;
krb5_boolean enable_v4_per_principal;
krb5_boolean enable_kaserver;
krb5_boolean enable_524;
krb5_boolean enable_pkinit;
krb5_boolean pkinit_princ_in_cert;
const char *pkinit_kdc_identity;