don't show options that doesn't apply
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10847 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -35,13 +35,15 @@
|
||||
RCSID("$Id$");
|
||||
|
||||
enum auth_method auth_method;
|
||||
#if defined(KRB4) || defined(KRB5)
|
||||
int do_encrypt = -1;
|
||||
int do_forward = -1;
|
||||
int do_forwardable = -1;
|
||||
#endif
|
||||
#ifdef KRB5
|
||||
int do_unique_tkfile = 0;
|
||||
char *unique_tkfile = NULL;
|
||||
char tkfile[MAXPATHLEN];
|
||||
#ifdef KRB5
|
||||
int do_forward = -1;
|
||||
int do_forwardable = -1;
|
||||
krb5_context context;
|
||||
krb5_keyblock *keyblock;
|
||||
krb5_crypto crypto;
|
||||
@@ -55,7 +57,9 @@ int sock_debug = 0;
|
||||
#ifdef KRB4
|
||||
static int use_v4 = -1;
|
||||
#endif
|
||||
#ifdef KRB5
|
||||
static int use_v5 = -1;
|
||||
#endif
|
||||
static int use_only_broken = 0;
|
||||
static int use_broken = 1;
|
||||
static char *port_str;
|
||||
@@ -748,24 +752,30 @@ struct getargs args[] = {
|
||||
#ifdef KRB4
|
||||
{ "krb4", '4', arg_flag, &use_v4, "Use Kerberos V4" },
|
||||
#endif
|
||||
#ifdef KRB5
|
||||
{ "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5" },
|
||||
{ "broken", 'K', arg_flag, &use_only_broken, "Use only priv port" },
|
||||
{ NULL, 'd', arg_flag, &sock_debug, "Enable socket debugging" },
|
||||
{ "input", 'n', arg_negative_flag, &input, "Close stdin" },
|
||||
{ "encrypt", 'x', arg_flag, &do_encrypt, "Encrypt connection" },
|
||||
{ NULL, 'z', arg_negative_flag, &do_encrypt,
|
||||
"Don't encrypt connection", NULL },
|
||||
{ "forward", 'f', arg_flag, &do_forward, "Forward credentials"},
|
||||
{ "forward", 'f', arg_flag, &do_forward, "Forward credentials (krb5)"},
|
||||
{ NULL, 'G', arg_negative_flag,&do_forward, "Don't forward credentials" },
|
||||
{ "forwardable", 'F', arg_flag, &do_forwardable,
|
||||
"Forward forwardable credentials" },
|
||||
#endif
|
||||
#if defined(KRB4) || defined(KRB5)
|
||||
{ "broken", 'K', arg_flag, &use_only_broken, "Use only priv port" },
|
||||
{ "encrypt", 'x', arg_flag, &do_encrypt, "Encrypt connection" },
|
||||
{ NULL, 'z', arg_negative_flag, &do_encrypt,
|
||||
"Don't encrypt connection", NULL },
|
||||
#endif
|
||||
#ifdef KRB5
|
||||
{ "unique", 'u', arg_flag, &do_unique_tkfile,
|
||||
"Use unique remote tkfile" },
|
||||
"Use unique remote tkfile (krb5)" },
|
||||
{ "tkfile", 'U', arg_string, &unique_tkfile,
|
||||
"Use that remote tkfile" },
|
||||
"Use that remote tkfile (krb5)" },
|
||||
#endif
|
||||
{ NULL, 'd', arg_flag, &sock_debug, "Enable socket debugging" },
|
||||
{ "input", 'n', arg_negative_flag, &input, "Close stdin" },
|
||||
{ "port", 'p', arg_string, &port_str, "Use this port",
|
||||
"number-or-service" },
|
||||
{ "user", 'l', arg_string, &user, "Run as this user" },
|
||||
"port" },
|
||||
{ "user", 'l', arg_string, &user, "Run as this user", "login" },
|
||||
{ "stderr", 'e', arg_negative_flag, &do_errsock, "Don't open stderr"},
|
||||
{ "version", 0, arg_flag, &do_version, NULL },
|
||||
{ "help", 0, arg_flag, &do_help, NULL }
|
||||
@@ -777,7 +787,7 @@ usage (int ret)
|
||||
arg_printusage (args,
|
||||
sizeof(args) / sizeof(args[0]),
|
||||
NULL,
|
||||
"host [command]");
|
||||
"[login@]host [command]");
|
||||
exit (ret);
|
||||
}
|
||||
|
||||
@@ -854,20 +864,24 @@ main(int argc, char **argv)
|
||||
else if (do_forward == 0)
|
||||
do_forwardable = 0;
|
||||
|
||||
if (do_forwardable)
|
||||
do_forward = 1;
|
||||
#endif
|
||||
#if defined(KRB4) || defined(KRB5)
|
||||
if (do_encrypt == -1) {
|
||||
/* we want to tell the -x flag from the default encryption
|
||||
option */
|
||||
#ifdef KRB5
|
||||
/* the normal default for krb4 should be to disable encryption */
|
||||
if(!krb5_config_get_bool (context, NULL,
|
||||
"libdefaults",
|
||||
"encrypt",
|
||||
NULL))
|
||||
#endif
|
||||
do_encrypt = 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (do_forwardable)
|
||||
do_forward = 1;
|
||||
|
||||
#if defined(KRB4) && defined(KRB5)
|
||||
if(use_v4 == -1 && use_v5 == 1)
|
||||
use_v4 = 0;
|
||||
@@ -879,7 +893,9 @@ main(int argc, char **argv)
|
||||
#ifdef KRB4
|
||||
use_v4 = 0;
|
||||
#endif
|
||||
#ifdef KRB5
|
||||
use_v5 = 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
if(priv_socket1 < 0) {
|
||||
@@ -888,10 +904,14 @@ main(int argc, char **argv)
|
||||
use_broken = 0;
|
||||
}
|
||||
|
||||
#if defined(KRB4) || defined(KRB5)
|
||||
if (do_encrypt == 1 && use_only_broken)
|
||||
errx (1, "encryption not supported with old style authentication");
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
#ifdef KRB5
|
||||
if (do_unique_tkfile && unique_tkfile != NULL)
|
||||
errx (1, "Only one of -u and -U allowed.");
|
||||
|
||||
@@ -905,6 +925,7 @@ main(int argc, char **argv)
|
||||
do_unique_tkfile = 1;
|
||||
snprintf (tkfile, sizeof(tkfile), "-U %s ", unique_tkfile);
|
||||
}
|
||||
#endif
|
||||
|
||||
if (host == NULL) {
|
||||
if (argc - optind < 1)
|
||||
|
@@ -68,7 +68,9 @@ static int do_kerberos = 0;
|
||||
#define DO_KRB5 4
|
||||
static int do_vacuous = 0;
|
||||
static int do_log = 1;
|
||||
#ifdef KRB4
|
||||
static int do_newpag = 1;
|
||||
#endif
|
||||
static int do_addr_verify = 0;
|
||||
static int do_keepalive = 1;
|
||||
static int do_version;
|
||||
@@ -601,7 +603,7 @@ setup_environment (char ***env, const struct passwd *pwd)
|
||||
}
|
||||
|
||||
static void
|
||||
doit (int do_kerberos, int check_rhosts)
|
||||
doit (void)
|
||||
{
|
||||
u_char buf[BUFSIZ];
|
||||
u_char *p;
|
||||
@@ -865,18 +867,22 @@ struct getargs args[] = {
|
||||
{ "keepalive", 'n', arg_negative_flag, &do_keepalive },
|
||||
{ "inetd", 'i', arg_negative_flag, &do_inetd,
|
||||
"Not started from inetd" },
|
||||
#if defined(KRB4) || defined(KRB5)
|
||||
{ "kerberos", 'k', arg_flag, &do_kerberos,
|
||||
"Implement kerberised services" },
|
||||
{ "encrypt", 'x', arg_flag, &do_encrypt,
|
||||
"Implement encrypted service" },
|
||||
#endif
|
||||
{ "rhosts", 'l', arg_negative_flag, &do_rhosts,
|
||||
"Don't check users .rhosts" },
|
||||
{ "port", 'p', arg_string, &port_str, "Use this port",
|
||||
"port" },
|
||||
{ "vacuous", 'v', arg_flag, &do_vacuous,
|
||||
"Don't accept non-kerberised connections" },
|
||||
#ifdef KRB4
|
||||
{ NULL, 'P', arg_negative_flag, &do_newpag,
|
||||
"Don't put process in new PAG" },
|
||||
#endif
|
||||
/* compatibility flag: */
|
||||
{ NULL, 'L', arg_flag, &do_log },
|
||||
{ "version", 0, arg_flag, &do_version },
|
||||
@@ -918,11 +924,13 @@ main(int argc, char **argv)
|
||||
exit(0);
|
||||
}
|
||||
|
||||
#if defined(KRB4) || defined(KRB5)
|
||||
if (do_encrypt)
|
||||
do_kerberos = 1;
|
||||
|
||||
if(do_kerberos)
|
||||
do_kerberos = DO_KRB4 | DO_KRB5;
|
||||
#endif
|
||||
|
||||
if (do_keepalive &&
|
||||
setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
|
||||
@@ -952,6 +960,7 @@ main(int argc, char **argv)
|
||||
errx (1, "getaddrinfo: %s", gai_strerror (error));
|
||||
}
|
||||
if (ai == NULL) {
|
||||
#if defined(KRB4) || defined(KRB5)
|
||||
if (do_kerberos) {
|
||||
if (do_encrypt) {
|
||||
error = getaddrinfo(NULL, "ekshell", &hints, &ai);
|
||||
@@ -970,15 +979,17 @@ main(int argc, char **argv)
|
||||
if(error)
|
||||
errx (1, "getaddrinfo: %s", gai_strerror (error));
|
||||
}
|
||||
} else {
|
||||
error = getaddrinfo(NULL, "shell", &hints, &ai);
|
||||
if(error == EAI_NONAME) {
|
||||
snprintf(portstr, sizeof(portstr), "%d", 514);
|
||||
error = getaddrinfo(NULL, portstr, &hints, &ai);
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
error = getaddrinfo(NULL, "shell", &hints, &ai);
|
||||
if(error == EAI_NONAME) {
|
||||
snprintf(portstr, sizeof(portstr), "%d", 514);
|
||||
error = getaddrinfo(NULL, portstr, &hints, &ai);
|
||||
}
|
||||
if(error)
|
||||
errx (1, "getaddrinfo: %s", gai_strerror (error));
|
||||
}
|
||||
if(error)
|
||||
errx (1, "getaddrinfo: %s", gai_strerror (error));
|
||||
}
|
||||
}
|
||||
mini_inetd_addrinfo (ai);
|
||||
freeaddrinfo(ai);
|
||||
@@ -986,6 +997,6 @@ main(int argc, char **argv)
|
||||
|
||||
signal (SIGPIPE, SIG_IGN);
|
||||
|
||||
doit (do_kerberos, do_rhosts);
|
||||
doit ();
|
||||
return 0;
|
||||
}
|
||||
|
Reference in New Issue
Block a user