don't try broken auth if rresvport failed; try to give some more
informative error messages git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10439 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -50,6 +50,17 @@ des_cblock iv;
|
||||
#endif
|
||||
int sock_debug = 0;
|
||||
|
||||
#ifdef KRB4
|
||||
static int use_v4 = -1;
|
||||
#endif
|
||||
static int use_v5 = -1;
|
||||
static int use_only_broken = 0;
|
||||
static int use_broken = 1;
|
||||
static char *port_str;
|
||||
static const char *user;
|
||||
static int do_version;
|
||||
static int do_help;
|
||||
static int do_errsock = 1;
|
||||
|
||||
/*
|
||||
*
|
||||
@@ -151,7 +162,7 @@ send_krb4_auth(int s,
|
||||
(struct sockaddr_in *)thataddr,
|
||||
KCMD_VERSION);
|
||||
if (status != KSUCCESS) {
|
||||
warnx ("%s: %s", hostname, krb_get_err_text(status));
|
||||
warnx("%s: %s", hostname, krb_get_err_text(status));
|
||||
return 1;
|
||||
}
|
||||
memcpy (iv, cred.session, sizeof(iv));
|
||||
@@ -296,7 +307,7 @@ send_krb5_auth(int s,
|
||||
NULL,
|
||||
NULL);
|
||||
if (status) {
|
||||
warnx ("%s: %s", hostname, krb5_get_err_text(context, status));
|
||||
warnx("%s: %s", hostname, krb5_get_err_text(context, status));
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -595,11 +606,6 @@ doit_broken (int argc,
|
||||
int error;
|
||||
char portstr[NI_MAXSERV];
|
||||
|
||||
if (priv_socket1 < 0) {
|
||||
warnx ("unable to bind reserved port: is rsh setuid root?");
|
||||
return 1;
|
||||
}
|
||||
|
||||
memset (&hints, 0, sizeof(hints));
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
hints.ai_protocol = IPPROTO_TCP;
|
||||
@@ -692,6 +698,7 @@ doit (const char *hostname,
|
||||
struct addrinfo hints;
|
||||
int error;
|
||||
char portstr[NI_MAXSERV];
|
||||
int socketfailed = 1;
|
||||
int ret;
|
||||
|
||||
memset (&hints, 0, sizeof(hints));
|
||||
@@ -711,10 +718,16 @@ doit (const char *hostname,
|
||||
int errsock;
|
||||
|
||||
s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
|
||||
if (s < 0)
|
||||
if (s < 0)
|
||||
continue;
|
||||
socketfailed = 0;
|
||||
if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
|
||||
warn ("connect(%s)", hostname);
|
||||
char addr[128];
|
||||
if(getnameinfo(a->ai_addr, a->ai_addrlen,
|
||||
addr, sizeof(addr), NULL, 0, NI_NUMERICHOST) == 0)
|
||||
warn ("connect(%s [%s])", hostname, addr);
|
||||
else
|
||||
warn ("connect(%s)", hostname);
|
||||
close (s);
|
||||
continue;
|
||||
}
|
||||
@@ -756,29 +769,18 @@ doit (const char *hostname,
|
||||
close (s);
|
||||
return ret;
|
||||
}
|
||||
warnx ("failed to contact %s", hostname);
|
||||
if(socketfailed)
|
||||
warnx ("failed to contact %s", hostname);
|
||||
freeaddrinfo (ai);
|
||||
return -1;
|
||||
}
|
||||
|
||||
#ifdef KRB4
|
||||
static int use_v4 = -1;
|
||||
#endif
|
||||
static int use_v5 = -1;
|
||||
static int use_only_broken = 0;
|
||||
static int use_broken = 1;
|
||||
static char *port_str;
|
||||
static const char *user;
|
||||
static int do_version;
|
||||
static int do_help;
|
||||
static int do_errsock = 1;
|
||||
|
||||
struct getargs args[] = {
|
||||
#ifdef KRB4
|
||||
{ "krb4", '4', arg_flag, &use_v4, "Use Kerberos V4" },
|
||||
#endif
|
||||
{ "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5" },
|
||||
{ "broken", 'K', arg_flag, &use_only_broken, "Use priv port" },
|
||||
{ "broken", 'K', arg_flag, &use_only_broken, "Use only priv port" },
|
||||
{ NULL, 'd', arg_flag, &sock_debug, "Enable socket debugging" },
|
||||
{ "input", 'n', arg_negative_flag, &input, "Close stdin" },
|
||||
{ "encrypt", 'x', arg_flag, &do_encrypt, "Encrypt connection" },
|
||||
@@ -853,6 +855,14 @@ main(int argc, char **argv)
|
||||
&optind))
|
||||
usage (1);
|
||||
|
||||
if (do_help)
|
||||
usage (0);
|
||||
|
||||
if (do_version) {
|
||||
print_version (NULL);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (do_forwardable == -1)
|
||||
do_forwardable = krb5_config_get_bool (context, NULL,
|
||||
"libdefaults",
|
||||
@@ -867,11 +877,15 @@ main(int argc, char **argv)
|
||||
else if (do_forward == 0)
|
||||
do_forwardable = 0;
|
||||
|
||||
if (do_encrypt == -1)
|
||||
do_encrypt = krb5_config_get_bool (context, NULL,
|
||||
"libdefaults",
|
||||
"encrypt",
|
||||
NULL);
|
||||
if (do_encrypt == -1) {
|
||||
/* we want to tell the -x flag from the default encryption
|
||||
option */
|
||||
if(!krb5_config_get_bool (context, NULL,
|
||||
"libdefaults",
|
||||
"encrypt",
|
||||
NULL))
|
||||
do_encrypt = 0;
|
||||
}
|
||||
|
||||
if (do_forwardable)
|
||||
do_forward = 1;
|
||||
@@ -890,14 +904,16 @@ main(int argc, char **argv)
|
||||
use_v5 = 0;
|
||||
}
|
||||
|
||||
if (do_help)
|
||||
usage (0);
|
||||
|
||||
if (do_version) {
|
||||
print_version (NULL);
|
||||
return 0;
|
||||
if(priv_socket1 < 0) {
|
||||
if (use_only_broken)
|
||||
errx ("unable to bind reserved port: is rsh setuid root?");
|
||||
use_broken = 0;
|
||||
}
|
||||
|
||||
|
||||
if (do_encrypt == 1 && use_broken)
|
||||
errx (1, "encryption not supported with old style authentication");
|
||||
|
||||
|
||||
if (do_unique_tkfile && unique_tkfile != NULL)
|
||||
errx (1, "Only one of -u and -U allowed.");
|
||||
|
||||
@@ -956,7 +972,7 @@ main(int argc, char **argv)
|
||||
user = local_user;
|
||||
|
||||
cmd_len = construct_command(&cmd, argc - optind, argv + optind);
|
||||
|
||||
|
||||
/*
|
||||
* Try all different authentication methods
|
||||
*/
|
||||
@@ -999,8 +1015,6 @@ main(int argc, char **argv)
|
||||
else
|
||||
tmp_port = krb5_getportbyname(context, "shell", "tcp", 514);
|
||||
auth_method = AUTH_BROKEN;
|
||||
if (do_encrypt)
|
||||
errx (1, "encryption not supported with priv port authentication");
|
||||
ret = doit_broken (argc, argv, host_index, host,
|
||||
user, local_user,
|
||||
tmp_port,
|
||||
|
||||
Reference in New Issue
Block a user