oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

drop krbv4 support

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24507 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-01-26 01:11:53 +00:00
parent 2d5457348e
commit 75033a80fd
1 changed files with 6 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
appl/rsh/rsh.c
View File

@@ -35,7 +35,7 @@
RCSID("$Id$"); RCSID("$Id$");
enum auth_method auth_method; enum auth_method auth_method;
#if defined(KRB4) || defined(KRB5) #if defined(KRB5)
int do_encrypt = -1; int do_encrypt = -1;
#endif #endif
#ifdef KRB5 #ifdef KRB5
@@ -48,19 +48,12 @@ krb5_context context;
krb5_keyblock *keyblock; krb5_keyblock *keyblock;
krb5_crypto crypto; krb5_crypto crypto;
#endif #endif
#ifdef KRB4
des_key_schedule schedule;
des_cblock iv;
#endif
int sock_debug = 0; int sock_debug = 0;
#ifdef KRB4
static int use_v4 = -1;
#endif
#ifdef KRB5 #ifdef KRB5
static int use_v5 = -1; static int use_v5 = -1;
#endif #endif
#if defined(KRB4) || defined(KRB5) #if defined(KRB5)
static int use_only_broken = 0; static int use_only_broken = 0;
#else #else
static int use_only_broken = 1; static int use_only_broken = 1;
@@ -156,50 +149,6 @@ rsh_loop (int s, int errsock)
} }
} }
#ifdef KRB4
static int
send_krb4_auth(int s,
struct sockaddr *thisaddr,
struct sockaddr *thataddr,
const char *hostname,
const char *remote_user,
const char *local_user,
size_t cmd_len,
const char *cmd)
{
KTEXT_ST text;
CREDENTIALS cred;
MSG_DAT msg;
int status;
size_t len;
/* the normal default for krb4 should be to disable encryption */
status = krb_sendauth ((do_encrypt == 1) ? KOPT_DO_MUTUAL : 0,
s, &text, "rcmd",
(char *)hostname, krb_realmofhost (hostname),
getpid(), &msg, &cred, schedule,
(struct sockaddr_in *)thisaddr,
(struct sockaddr_in *)thataddr,
KCMD_OLD_VERSION);
if (status != KSUCCESS) {
warnx("%s: %s", hostname, krb_get_err_text(status));
return 1;
}
memcpy (iv, cred.session, sizeof(iv));
len = strlen(remote_user) + 1;
if (net_write (s, remote_user, len) != len) {
warn("write");
return 1;
}
if (net_write (s, cmd, cmd_len) != cmd_len) {
warn("write");
return 1;
}
return 0;
}
#endif /* KRB4 */
#ifdef KRB5 #ifdef KRB5
/* /*
* Send forward information on `s' for host `hostname', them being * Send forward information on `s' for host `hostname', them being
@@ -754,7 +703,7 @@ doit_broken (int argc,
} }
} }
#if defined(KRB4) || defined(KRB5) #if defined(KRB5)
static int static int
doit (const char *hostname, doit (const char *hostname,
struct addrinfo *ai, struct addrinfo *ai,
@@ -832,12 +781,9 @@ doit (const char *hostname,
warnx ("failed to contact %s", hostname); warnx ("failed to contact %s", hostname);
return -1; return -1;
} }
#endif /* KRB4 || KRB5 */ #endif /* KRB5 */
struct getargs args[] = { struct getargs args[] = {
#ifdef KRB4
{ "krb4", '4', arg_flag, &use_v4, "Use Kerberos V4" },
#endif
#ifdef KRB5 #ifdef KRB5
{ "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5" }, { "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5" },
{ "forward", 'f', arg_flag, &do_forward, "Forward credentials [krb5]"}, { "forward", 'f', arg_flag, &do_forward, "Forward credentials [krb5]"},
@@ -852,7 +798,7 @@ struct getargs args[] = {
"Protocol version [krb5]", "protocol" }, "Protocol version [krb5]", "protocol" },
#endif #endif
{ "broken", 'K', arg_flag, &use_only_broken, "Use only priv port" }, { "broken", 'K', arg_flag, &use_only_broken, "Use only priv port" },
#if defined(KRB4) || defined(KRB5) #if defined(KRB5)
{ "encrypt", 'x', arg_flag, &do_encrypt, "Encrypt connection" }, { "encrypt", 'x', arg_flag, &do_encrypt, "Encrypt connection" },
{ NULL, 'z', arg_negative_flag, &do_encrypt, { NULL, 'z', arg_negative_flag, &do_encrypt,
"Don't encrypt connection", NULL }, "Don't encrypt connection", NULL },
@@ -962,17 +908,7 @@ main(int argc, char **argv)
#endif #endif
#if defined(KRB4) && defined(KRB5)
if(use_v4 == -1 && use_v5 == 1)
use_v4 = 0;
if(use_v5 == -1 && use_v4 == 1)
use_v5 = 0;
#endif
if (use_only_broken) { if (use_only_broken) {
#ifdef KRB4
use_v4 = 0;
#endif
#ifdef KRB5 #ifdef KRB5
use_v5 = 0; use_v5 = 0;
#endif #endif
@@ -984,7 +920,7 @@ main(int argc, char **argv)
use_broken = 0; use_broken = 0;
} }
#if defined(KRB4) || defined(KRB5) #if defined(KRB5)
if (do_encrypt == 1 && use_only_broken) if (do_encrypt == 1 && use_only_broken)
errx (1, "encryption not supported with old style authentication"); errx (1, "encryption not supported with old style authentication");
#endif #endif
@@ -1068,33 +1004,6 @@ main(int argc, char **argv)
} }
freeaddrinfo(ai); freeaddrinfo(ai);
} }
#endif
#ifdef KRB4
if (ret && use_v4) {
memset (&hints, 0, sizeof(hints));
hints.ai_socktype = SOCK_STREAM;
hints.ai_protocol = IPPROTO_TCP;
if(port_str == NULL) {
if(do_encrypt) {
error = getaddrinfo(host, "ekshell", &hints, &ai);
if(error == EAI_NONAME)
error = getaddrinfo(host, "545", &hints, &ai);
} else {
error = getaddrinfo(host, "kshell", &hints, &ai);
if(error == EAI_NONAME)
error = getaddrinfo(host, "544", &hints, &ai);
}
} else
error = getaddrinfo(host, port_str, &hints, &ai);
if(error)
errx (1, "getaddrinfo: %s", gai_strerror(error));
auth_method = AUTH_KRB4;
ret = doit (host, ai, user, local_user, cmd, cmd_len,
send_krb4_auth);
freeaddrinfo(ai);
}
#endif #endif
if (ret && use_broken) { if (ret && use_broken) {
memset (&hints, 0, sizeof(hints)); memset (&hints, 0, sizeof(hints));