don't try broken auth if rresvport failed; try to give some more
informative error messages git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@10439 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -50,6 +50,17 @@ des_cblock iv;
|
|||||||
#endif
|
#endif
|
||||||
int sock_debug = 0;
|
int sock_debug = 0;
|
||||||
|
|
||||||
|
#ifdef KRB4
|
||||||
|
static int use_v4 = -1;
|
||||||
|
#endif
|
||||||
|
static int use_v5 = -1;
|
||||||
|
static int use_only_broken = 0;
|
||||||
|
static int use_broken = 1;
|
||||||
|
static char *port_str;
|
||||||
|
static const char *user;
|
||||||
|
static int do_version;
|
||||||
|
static int do_help;
|
||||||
|
static int do_errsock = 1;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
*
|
*
|
||||||
@@ -151,7 +162,7 @@ send_krb4_auth(int s,
|
|||||||
(struct sockaddr_in *)thataddr,
|
(struct sockaddr_in *)thataddr,
|
||||||
KCMD_VERSION);
|
KCMD_VERSION);
|
||||||
if (status != KSUCCESS) {
|
if (status != KSUCCESS) {
|
||||||
warnx ("%s: %s", hostname, krb_get_err_text(status));
|
warnx("%s: %s", hostname, krb_get_err_text(status));
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
memcpy (iv, cred.session, sizeof(iv));
|
memcpy (iv, cred.session, sizeof(iv));
|
||||||
@@ -296,7 +307,7 @@ send_krb5_auth(int s,
|
|||||||
NULL,
|
NULL,
|
||||||
NULL);
|
NULL);
|
||||||
if (status) {
|
if (status) {
|
||||||
warnx ("%s: %s", hostname, krb5_get_err_text(context, status));
|
warnx("%s: %s", hostname, krb5_get_err_text(context, status));
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -595,11 +606,6 @@ doit_broken (int argc,
|
|||||||
int error;
|
int error;
|
||||||
char portstr[NI_MAXSERV];
|
char portstr[NI_MAXSERV];
|
||||||
|
|
||||||
if (priv_socket1 < 0) {
|
|
||||||
warnx ("unable to bind reserved port: is rsh setuid root?");
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset (&hints, 0, sizeof(hints));
|
memset (&hints, 0, sizeof(hints));
|
||||||
hints.ai_socktype = SOCK_STREAM;
|
hints.ai_socktype = SOCK_STREAM;
|
||||||
hints.ai_protocol = IPPROTO_TCP;
|
hints.ai_protocol = IPPROTO_TCP;
|
||||||
@@ -692,6 +698,7 @@ doit (const char *hostname,
|
|||||||
struct addrinfo hints;
|
struct addrinfo hints;
|
||||||
int error;
|
int error;
|
||||||
char portstr[NI_MAXSERV];
|
char portstr[NI_MAXSERV];
|
||||||
|
int socketfailed = 1;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
memset (&hints, 0, sizeof(hints));
|
memset (&hints, 0, sizeof(hints));
|
||||||
@@ -711,10 +718,16 @@ doit (const char *hostname,
|
|||||||
int errsock;
|
int errsock;
|
||||||
|
|
||||||
s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
|
s = socket (a->ai_family, a->ai_socktype, a->ai_protocol);
|
||||||
if (s < 0)
|
if (s < 0)
|
||||||
continue;
|
continue;
|
||||||
|
socketfailed = 0;
|
||||||
if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
|
if (connect (s, a->ai_addr, a->ai_addrlen) < 0) {
|
||||||
warn ("connect(%s)", hostname);
|
char addr[128];
|
||||||
|
if(getnameinfo(a->ai_addr, a->ai_addrlen,
|
||||||
|
addr, sizeof(addr), NULL, 0, NI_NUMERICHOST) == 0)
|
||||||
|
warn ("connect(%s [%s])", hostname, addr);
|
||||||
|
else
|
||||||
|
warn ("connect(%s)", hostname);
|
||||||
close (s);
|
close (s);
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@@ -756,29 +769,18 @@ doit (const char *hostname,
|
|||||||
close (s);
|
close (s);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
warnx ("failed to contact %s", hostname);
|
if(socketfailed)
|
||||||
|
warnx ("failed to contact %s", hostname);
|
||||||
freeaddrinfo (ai);
|
freeaddrinfo (ai);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef KRB4
|
|
||||||
static int use_v4 = -1;
|
|
||||||
#endif
|
|
||||||
static int use_v5 = -1;
|
|
||||||
static int use_only_broken = 0;
|
|
||||||
static int use_broken = 1;
|
|
||||||
static char *port_str;
|
|
||||||
static const char *user;
|
|
||||||
static int do_version;
|
|
||||||
static int do_help;
|
|
||||||
static int do_errsock = 1;
|
|
||||||
|
|
||||||
struct getargs args[] = {
|
struct getargs args[] = {
|
||||||
#ifdef KRB4
|
#ifdef KRB4
|
||||||
{ "krb4", '4', arg_flag, &use_v4, "Use Kerberos V4" },
|
{ "krb4", '4', arg_flag, &use_v4, "Use Kerberos V4" },
|
||||||
#endif
|
#endif
|
||||||
{ "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5" },
|
{ "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5" },
|
||||||
{ "broken", 'K', arg_flag, &use_only_broken, "Use priv port" },
|
{ "broken", 'K', arg_flag, &use_only_broken, "Use only priv port" },
|
||||||
{ NULL, 'd', arg_flag, &sock_debug, "Enable socket debugging" },
|
{ NULL, 'd', arg_flag, &sock_debug, "Enable socket debugging" },
|
||||||
{ "input", 'n', arg_negative_flag, &input, "Close stdin" },
|
{ "input", 'n', arg_negative_flag, &input, "Close stdin" },
|
||||||
{ "encrypt", 'x', arg_flag, &do_encrypt, "Encrypt connection" },
|
{ "encrypt", 'x', arg_flag, &do_encrypt, "Encrypt connection" },
|
||||||
@@ -853,6 +855,14 @@ main(int argc, char **argv)
|
|||||||
&optind))
|
&optind))
|
||||||
usage (1);
|
usage (1);
|
||||||
|
|
||||||
|
if (do_help)
|
||||||
|
usage (0);
|
||||||
|
|
||||||
|
if (do_version) {
|
||||||
|
print_version (NULL);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
if (do_forwardable == -1)
|
if (do_forwardable == -1)
|
||||||
do_forwardable = krb5_config_get_bool (context, NULL,
|
do_forwardable = krb5_config_get_bool (context, NULL,
|
||||||
"libdefaults",
|
"libdefaults",
|
||||||
@@ -867,11 +877,15 @@ main(int argc, char **argv)
|
|||||||
else if (do_forward == 0)
|
else if (do_forward == 0)
|
||||||
do_forwardable = 0;
|
do_forwardable = 0;
|
||||||
|
|
||||||
if (do_encrypt == -1)
|
if (do_encrypt == -1) {
|
||||||
do_encrypt = krb5_config_get_bool (context, NULL,
|
/* we want to tell the -x flag from the default encryption
|
||||||
"libdefaults",
|
option */
|
||||||
"encrypt",
|
if(!krb5_config_get_bool (context, NULL,
|
||||||
NULL);
|
"libdefaults",
|
||||||
|
"encrypt",
|
||||||
|
NULL))
|
||||||
|
do_encrypt = 0;
|
||||||
|
}
|
||||||
|
|
||||||
if (do_forwardable)
|
if (do_forwardable)
|
||||||
do_forward = 1;
|
do_forward = 1;
|
||||||
@@ -890,14 +904,16 @@ main(int argc, char **argv)
|
|||||||
use_v5 = 0;
|
use_v5 = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (do_help)
|
if(priv_socket1 < 0) {
|
||||||
usage (0);
|
if (use_only_broken)
|
||||||
|
errx ("unable to bind reserved port: is rsh setuid root?");
|
||||||
if (do_version) {
|
use_broken = 0;
|
||||||
print_version (NULL);
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (do_encrypt == 1 && use_broken)
|
||||||
|
errx (1, "encryption not supported with old style authentication");
|
||||||
|
|
||||||
|
|
||||||
if (do_unique_tkfile && unique_tkfile != NULL)
|
if (do_unique_tkfile && unique_tkfile != NULL)
|
||||||
errx (1, "Only one of -u and -U allowed.");
|
errx (1, "Only one of -u and -U allowed.");
|
||||||
|
|
||||||
@@ -956,7 +972,7 @@ main(int argc, char **argv)
|
|||||||
user = local_user;
|
user = local_user;
|
||||||
|
|
||||||
cmd_len = construct_command(&cmd, argc - optind, argv + optind);
|
cmd_len = construct_command(&cmd, argc - optind, argv + optind);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Try all different authentication methods
|
* Try all different authentication methods
|
||||||
*/
|
*/
|
||||||
@@ -999,8 +1015,6 @@ main(int argc, char **argv)
|
|||||||
else
|
else
|
||||||
tmp_port = krb5_getportbyname(context, "shell", "tcp", 514);
|
tmp_port = krb5_getportbyname(context, "shell", "tcp", 514);
|
||||||
auth_method = AUTH_BROKEN;
|
auth_method = AUTH_BROKEN;
|
||||||
if (do_encrypt)
|
|
||||||
errx (1, "encryption not supported with priv port authentication");
|
|
||||||
ret = doit_broken (argc, argv, host_index, host,
|
ret = doit_broken (argc, argv, host_index, host,
|
||||||
user, local_user,
|
user, local_user,
|
||||||
tmp_port,
|
tmp_port,
|
||||||
|
|||||||
Reference in New Issue
Block a user