make this build without krb5; also use the addrinfo interface to

mini_inetd, and set the keepalive option if requested git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10844 ec53bebd-3082-4978-b11e-865c3cabbd6b
2002-02-18 19:19:36 +00:00
parent 2a478083b6
commit bee8db420e
1 changed files with 77 additions and 39 deletions
--- a/appl/rsh/rshd.c
+++ b/appl/rsh/rshd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
+ * Copyright (c) 1997-2002 Kungliga Tekniska H<>gskolan
 * (Royal Institute of Technology, Stockholm, Sweden). 
 * All rights reserved. 
 *
@@ -39,17 +39,21 @@ login_access( struct passwd *user, char *from);

 enum auth_method auth_method;

+#ifdef KRB5
 krb5_context context;
 krb5_keyblock *keyblock;
 krb5_crypto crypto;
+#endif

 #ifdef KRB4
 des_key_schedule schedule;
 des_cblock iv;
 #endif

+#ifdef KRB5
 krb5_ccache ccache, ccache2;
 int kerberos_status = 0;
+#endif

 int do_encrypt = 0;

@@ -60,6 +64,8 @@ static int do_inetd = 1;
 static char *port_str;
 static int do_rhosts = 1;
 static int do_kerberos = 0;
+#define DO_KRB4 2
+#define DO_KRB5 4
 static int do_vacuous = 0;
 static int do_log = 1;
 static int do_newpag = 1;
@@ -68,7 +74,7 @@ static int do_keepalive = 1;
 static int do_version;
 static int do_help = 0;

-#if defined(DCE)
+#if defined(KRB5) && defined(DCE)
 int dfsk5ok = 0;
 int dfspag = 0;
 int dfsfwd = 0;
@@ -214,6 +220,7 @@ recv_krb4_auth (int s, u_char *buf,

 #endif /* KRB4 */

+#ifdef KRB5
 static int 
 save_krb5_creds (int s,
                 krb5_auth_context auth_context,
@@ -413,6 +420,7 @@ recv_krb5_auth (int s, u_char *buf,

    return 0;
 }
+#endif /* KRB5 */

 static void
 loop (int from0, int to0,
@@ -621,7 +629,9 @@ doit (int do_kerberos, int check_rhosts)
    if (getpeername (s, thataddr, &thataddr_len) < 0)
 	syslog_and_die ("getpeername: %m");

-    if (!do_kerberos && !is_reserved(socket_get_port(thataddr)))
+    /* check for V4MAPPED addresses? */
+
+    if (do_kerberos == 0 && !is_reserved(socket_get_port(thataddr)))
 	fatal(s, NULL, "Permission denied.");

    p = buf;
@@ -637,7 +647,7 @@ doit (int do_kerberos, int check_rhosts)
 	    syslog_and_die ("non-digit in port number: %c", *p);
    }

-    if (!do_kerberos && !is_reserved(htons(port)))
+    if (do_kerberos  == 0 && !is_reserved(htons(port)))
 	fatal(s, NULL, "Permission denied.");

    if (port) {
@@ -677,19 +687,23 @@ doit (int do_kerberos, int check_rhosts)
 	    syslog_and_die ("reading auth info: %m");
    
 #ifdef KRB4
-	if (recv_krb4_auth (s, buf, thisaddr, thataddr,
+	if ((do_kerberos & DO_KRB4) && 
+	    recv_krb4_auth (s, buf, thisaddr, thataddr,
 			    client_user,
 			    server_user,
 			    cmd) == 0)
 	    auth_method = AUTH_KRB4;
 	else
 #endif /* KRB4 */
-	    if(recv_krb5_auth (s, buf, thisaddr, thataddr,
+#ifdef KRB5
+	    if((do_kerberos & DO_KRB5) &&
+	       recv_krb5_auth (s, buf, thisaddr, thataddr,
 			       client_user,
 			       server_user,
 			       cmd) == 0)
 		auth_method = AUTH_KRB5;
 	    else
+#endif /* KRB5 */
 		syslog_and_die ("unrecognized auth protocol: %x %x %x %x",
 				buf[0], buf[1], buf[2], buf[3]);
    } else {
@@ -887,7 +901,7 @@ int
 main(int argc, char **argv)
 {
    int optind = 0;
-    int port = 0;
+    int on = 1;

    setprogname (argv[0]);
    roken_openlog ("rshd", LOG_ODELAY | LOG_PID, LOG_AUTH);
@@ -904,46 +918,70 @@ main(int argc, char **argv)
 	exit(0);
    }

-#ifdef KRB5
-    {
-	krb5_error_code ret;
-
-	ret = krb5_init_context (&context);
-	if (ret)
-	    errx (1, "krb5_init_context failed: %d", ret);
-    }	
-#endif
-
-    if(port_str) {
-	struct servent *s = roken_getservbyname (port_str, "tcp");
-
-	if (s)
-	    port = s->s_port;
-	else {
-	    char *ptr;
-
-	    port = strtol (port_str, &ptr, 10);
-	    if (port == 0 && ptr == port_str)
-		syslog_and_die("Bad port `%s'", port_str);
-	    port = htons(port);
-	}
-    }
-
    if (do_encrypt)
 	do_kerberos = 1;

+    if(do_kerberos)
+	do_kerberos = DO_KRB4 | DO_KRB5;
+
+    if (do_keepalive &&
+	setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (char *)&on,
+		   sizeof(on)) < 0)
+	syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
+
+    /* set SO_LINGER? */
+
+#ifdef KRB5
+    if((do_kerberos & DO_KRB5) && krb5_init_context (&context) != 0)
+	do_kerberos &= ~DO_KRB5;
+#endif
+
    if (!do_inetd) {
-	if (port == 0) {
+	int error;
+	struct addrinfo *ai = NULL, hints;
+	char portstr[NI_MAXSERV];
+	
+	memset (&hints, 0, sizeof(hints));
+	hints.ai_flags    = AI_PASSIVE;
+	hints.ai_socktype = SOCK_STREAM;
+	hints.ai_family   = PF_UNSPEC;
+	
+	if(port_str != NULL) {
+	    error = getaddrinfo (NULL, port_str, &hints, &ai);
+	    if (error)
+		errx (1, "getaddrinfo: %s", gai_strerror (error));
+	}
+	if (ai == NULL) {
 	    if (do_kerberos) {
-		if (do_encrypt)
-		    port = krb5_getportbyname (context, "ekshell", "tcp", 545);
-		else
-		    port = krb5_getportbyname (context, "kshell",  "tcp", 544);
+		if (do_encrypt) {
+		    error = getaddrinfo(NULL, "ekshell", &hints, &ai);
+		    if(error == EAI_NONAME) {
+			snprintf(portstr, sizeof(portstr), "%d", 545);
+			error = getaddrinfo(NULL, portstr, &hints, &ai);
+		    }
+		    if(error) 
+			errx (1, "getaddrinfo: %s", gai_strerror (error));
 		} else {
-		port = krb5_getportbyname(context, "shell", "tcp", 514);
+		    error = getaddrinfo(NULL, "kshell", &hints, &ai);
+		    if(error == EAI_NONAME) {
+			snprintf(portstr, sizeof(portstr), "%d", 544);
+			error = getaddrinfo(NULL, portstr, &hints, &ai);
+		    }
+		    if(error) 
+			errx (1, "getaddrinfo: %s", gai_strerror (error));
+		}
+	    } else {
+		error = getaddrinfo(NULL, "shell", &hints, &ai);
+		if(error == EAI_NONAME) {
+		    snprintf(portstr, sizeof(portstr), "%d", 514);
+		    error = getaddrinfo(NULL, portstr, &hints, &ai);
+		}
+		if(error) 
+		    errx (1, "getaddrinfo: %s", gai_strerror (error));
 	    }
 	}
-	mini_inetd (port);
+	mini_inetd_addrinfo (ai);
+	freeaddrinfo(ai);
    }

    signal (SIGPIPE, SIG_IGN);