make this build without krb5; also use the addrinfo interface to

mini_inetd, and set the keepalive option if requested git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10844 ec53bebd-3082-4978-b11e-865c3cabbd6b
2002-02-18 19:19:36 +00:00
parent 2a478083b6
commit bee8db420e
1 changed files with 77 additions and 39 deletions
--- a/appl/rsh/rshd.c
+++ b/appl/rsh/rshd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
+ * Copyright (c) 1997-2002 Kungliga Tekniska H<>gskolan
 * (Royal Institute of Technology, Stockholm, Sweden). 
 * All rights reserved. 
 *
@@ -39,17 +39,21 @@ login_access( struct passwd *user, char *from);
 enum auth_method auth_method;
 #ifdef KRB5
 krb5_context context;
 krb5_keyblock *keyblock;
 krb5_crypto crypto;
 #endif
 #ifdef KRB4
 des_key_schedule schedule;
 des_cblock iv;
 #endif
 #ifdef KRB5
 krb5_ccache ccache, ccache2;
 int kerberos_status = 0;
 #endif
 int do_encrypt = 0;
@@ -60,6 +64,8 @@ static int do_inetd = 1;
 static char *port_str;
 static int do_rhosts = 1;
 static int do_kerberos = 0;
 #define DO_KRB4 2
 #define DO_KRB5 4
 static int do_vacuous = 0;
 static int do_log = 1;
 static int do_newpag = 1;
@@ -68,7 +74,7 @@ static int do_keepalive = 1;
 static int do_version;
 static int do_help = 0;
-#if defined(DCE)
+#if defined(KRB5) && defined(DCE)
 int dfsk5ok = 0;
 int dfspag = 0;
 int dfsfwd = 0;
@@ -214,6 +220,7 @@ recv_krb4_auth (int s, u_char *buf,
 #endif /* KRB4 */
 #ifdef KRB5
 static int 
 save_krb5_creds (int s,
                 krb5_auth_context auth_context,
@@ -413,6 +420,7 @@ recv_krb5_auth (int s, u_char *buf,
    return 0;
 }
 #endif /* KRB5 */
 static void
 loop (int from0, int to0,
@@ -621,7 +629,9 @@ doit (int do_kerberos, int check_rhosts)
    if (getpeername (s, thataddr, &thataddr_len) < 0)
 	syslog_and_die ("getpeername: %m");
-    if (!do_kerberos && !is_reserved(socket_get_port(thataddr)))
+    /* check for V4MAPPED addresses? */
    if (do_kerberos == 0 && !is_reserved(socket_get_port(thataddr)))
 	fatal(s, NULL, "Permission denied.");
    p = buf;
@@ -637,7 +647,7 @@ doit (int do_kerberos, int check_rhosts)
 	    syslog_and_die ("non-digit in port number: %c", *p);
    }
-    if (!do_kerberos && !is_reserved(htons(port)))
+    if (do_kerberos  == 0 && !is_reserved(htons(port)))
 	fatal(s, NULL, "Permission denied.");
    if (port) {
@@ -677,19 +687,23 @@ doit (int do_kerberos, int check_rhosts)
 	    syslog_and_die ("reading auth info: %m");
 #ifdef KRB4
-	if (recv_krb4_auth (s, buf, thisaddr, thataddr,
+	if ((do_kerberos & DO_KRB4) && 
 	    recv_krb4_auth (s, buf, thisaddr, thataddr,
 			    client_user,
 			    server_user,
 			    cmd) == 0)
 	    auth_method = AUTH_KRB4;
 	else
 #endif /* KRB4 */
-	    if(recv_krb5_auth (s, buf, thisaddr, thataddr,
+#ifdef KRB5
 	    if((do_kerberos & DO_KRB5) &&
 	       recv_krb5_auth (s, buf, thisaddr, thataddr,
 			       client_user,
 			       server_user,
 			       cmd) == 0)
 		auth_method = AUTH_KRB5;
 	    else
 #endif /* KRB5 */
 		syslog_and_die ("unrecognized auth protocol: %x %x %x %x",
 				buf[0], buf[1], buf[2], buf[3]);
    } else {
@@ -887,7 +901,7 @@ int
 main(int argc, char **argv)
 {
    int optind = 0;
-    int port = 0;
+    int on = 1;
    setprogname (argv[0]);
    roken_openlog ("rshd", LOG_ODELAY | LOG_PID, LOG_AUTH);
@@ -904,46 +918,70 @@ main(int argc, char **argv)
 	exit(0);
    }
 #ifdef KRB5
    {
 	krb5_error_code ret;
 	ret = krb5_init_context (&context);
 	if (ret)
 	    errx (1, "krb5_init_context failed: %d", ret);
    }	
 #endif
    if(port_str) {
 	struct servent *s = roken_getservbyname (port_str, "tcp");
 	if (s)
 	    port = s->s_port;
 	else {
 	    char *ptr;
 	    port = strtol (port_str, &ptr, 10);
 	    if (port == 0 && ptr == port_str)
 		syslog_and_die("Bad port `%s'", port_str);
 	    port = htons(port);
 	}
    }
    if (do_encrypt)
 	do_kerberos = 1;
    if(do_kerberos)
 	do_kerberos = DO_KRB4 | DO_KRB5;
    if (do_keepalive &&
 	setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
 		   sizeof(on)) < 0)
 	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
    /* set SO_LINGER? */
 #ifdef KRB5
    if((do_kerberos & DO_KRB5) && krb5_init_context (&context) != 0)
 	do_kerberos &= ~DO_KRB5;
 #endif
    if (!do_inetd) {
-	if (port == 0) {
+	int error;
 	struct addrinfo *ai = NULL, hints;
 	char portstr[NI_MAXSERV];
 	memset (&hints, 0, sizeof(hints));
 	hints.ai_flags    = AI_PASSIVE;
 	hints.ai_socktype = SOCK_STREAM;
 	hints.ai_family   = PF_UNSPEC;
 	if(port_str != NULL) {
 	    error = getaddrinfo (NULL, port_str, &hints, &ai);
 	    if (error)
 		errx (1, "getaddrinfo: %s", gai_strerror (error));
 	}
 	if (ai == NULL) {
 	    if (do_kerberos) {
-		if (do_encrypt)
+		if (do_encrypt) {
-		    port = krb5_getportbyname (context, "ekshell", "tcp", 545);
+		    error = getaddrinfo(NULL, "ekshell", &hints, &ai);
-		else
+		    if(error == EAI_NONAME) {
-		    port = krb5_getportbyname (context, "kshell",  "tcp", 544);
+			snprintf(portstr, sizeof(portstr), "%d", 545);
 			error = getaddrinfo(NULL, portstr, &hints, &ai);
 		    }
 		    if(error) 
 			errx (1, "getaddrinfo: %s", gai_strerror (error));
 		} else {
 		    error = getaddrinfo(NULL, "kshell", &hints, &ai);
 		    if(error == EAI_NONAME) {
 			snprintf(portstr, sizeof(portstr), "%d", 544);
 			error = getaddrinfo(NULL, portstr, &hints, &ai);
 		    }
 		    if(error) 
 			errx (1, "getaddrinfo: %s", gai_strerror (error));
 		}
 	    } else {
-		port = krb5_getportbyname(context, "shell", "tcp", 514);
+		error = getaddrinfo(NULL, "shell", &hints, &ai);
 		if(error == EAI_NONAME) {
 		    snprintf(portstr, sizeof(portstr), "%d", 514);
 		    error = getaddrinfo(NULL, portstr, &hints, &ai);
 		}
 		if(error) 
 		    errx (1, "getaddrinfo: %s", gai_strerror (error));
 	    }
 	}
-	mini_inetd (port);
+	mini_inetd_addrinfo (ai);
 	freeaddrinfo(ai);
    }
    signal (SIGPIPE, SIG_IGN);