oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

drop krbv4 support

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24505 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2009-01-26 01:11:26 +00:00
parent f1691a4553
commit f7cb5e1aee
1 changed files with 7 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
appl/rsh/rshd.c
View File

@@ -52,11 +52,6 @@ krb5_keyblock *keyblock;
krb5_crypto crypto; krb5_crypto crypto;
#endif #endif
#ifdef KRB4
des_key_schedule schedule;
des_cblock iv;
#endif
#ifdef KRB5 #ifdef KRB5
krb5_ccache ccache, ccache2; krb5_ccache ccache, ccache2;
int kerberos_status = 0; int kerberos_status = 0;
@@ -71,7 +66,6 @@ static int do_inetd = 1;
static char *port_str; static char *port_str;
static int do_rhosts = 1; static int do_rhosts = 1;
static int do_kerberos = 0; static int do_kerberos = 0;
#define DO_KRB4 2
#define DO_KRB5 4 #define DO_KRB5 4
static int do_vacuous = 0; static int do_vacuous = 0;
static int do_log = 1; static int do_log = 1;
@@ -159,70 +153,6 @@ recv_bsd_auth (int s, u_char *buf,
return 0; return 0;
} }
#ifdef KRB4
static int
recv_krb4_auth (int s, u_char *buf,
struct sockaddr *thisaddr,
struct sockaddr *thataddr,
char **client_username,
char **server_username,
char **cmd)
{
int status;
int32_t options;
KTEXT_ST ticket;
AUTH_DAT auth;
char instance[INST_SZ + 1];
char version[KRB_SENDAUTH_VLEN + 1];
if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0)
return -1;
if (net_read (s, buf + 4, KRB_SENDAUTH_VLEN - 4) !=
KRB_SENDAUTH_VLEN - 4)
syslog_and_die ("reading auth info: %m");
if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0)
syslog_and_die("unrecognized auth protocol: %.8s", buf);
options = KOPT_IGNORE_PROTOCOL;
if (do_encrypt)
options |= KOPT_DO_MUTUAL;
k_getsockinst (s, instance, sizeof(instance));
status = krb_recvauth (options,
s,
&ticket,
"rcmd",
instance,
(struct sockaddr_in *)thataddr,
(struct sockaddr_in *)thisaddr,
&auth,
"",
schedule,
version);
if (status != KSUCCESS)
syslog_and_die ("recvauth: %s", krb_get_err_text(status));
if (strncmp (version, KCMD_OLD_VERSION, KRB_SENDAUTH_VLEN) != 0)
syslog_and_die ("bad version: %s", version);
*server_username = read_str (s, USERNAME_SZ, "remote username");
if (kuserok (&auth, *server_username) != 0)
fatal (s, NULL, "Permission denied.");
*cmd = read_str (s, ARG_MAX + 1, "command");
syslog(LOG_INFO|LOG_AUTH,
"kerberos v4 shell from %s on %s as %s, cmd '%.80s'",
krb_unparse_name_long(auth.pname, auth.pinst, auth.prealm),
inet_ntoa(((struct sockaddr_in *)thataddr)->sin_addr),
*server_username,
*cmd);
memcpy (iv, auth.session, sizeof(iv));
return 0;
}
#endif /* KRB4 */
#ifdef KRB5 #ifdef KRB5
static int static int
save_krb5_creds (int s, save_krb5_creds (int s,
@@ -745,15 +675,6 @@ doit (void)
if (net_read (s, buf, 4) != 4) if (net_read (s, buf, 4) != 4)
syslog_and_die ("reading auth info: %m"); syslog_and_die ("reading auth info: %m");
#ifdef KRB4
if ((do_kerberos & DO_KRB4) &&
recv_krb4_auth (s, buf, thisaddr, thataddr,
&client_user,
&server_user,
&cmd) == 0)
auth_method = AUTH_KRB4;
else
#endif /* KRB4 */
#ifdef KRB5 #ifdef KRB5
if((do_kerberos & DO_KRB5) && if((do_kerberos & DO_KRB5) &&
recv_krb5_auth (s, buf, thisaddr, thataddr, recv_krb5_auth (s, buf, thisaddr, thataddr,
@@ -888,19 +809,13 @@ doit (void)
fatal (s, "net_write", "write failed"); fatal (s, "net_write", "write failed");
} }
#if defined(KRB4) || defined(KRB5) #if defined(KRB5)
if(k_hasafs()) { if(k_hasafs()) {
char cell[64]; char cell[64];
if(do_newpag) if(do_newpag)
k_setpag(); k_setpag();
#ifdef KRB4
if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0)
krb_afslog_uid_home (cell, NULL, pwd->pw_uid, pwd->pw_dir);
krb_afslog_uid_home(NULL, NULL, pwd->pw_uid, pwd->pw_dir);
#endif
#ifdef KRB5
/* XXX */ /* XXX */
if (kerberos_status) { if (kerberos_status) {
krb5_ccache ccache; krb5_ccache ccache;
@@ -916,9 +831,8 @@ doit (void)
krb5_cc_close (context, ccache); krb5_cc_close (context, ccache);
} }
} }
#endif /* KRB5 */
} }
#endif /* KRB5 || KRB4 */ #endif /* KRB5 */
execle (pwd->pw_shell, pwd->pw_shell, "-c", cmd, NULL, env); execle (pwd->pw_shell, pwd->pw_shell, "-c", cmd, NULL, env);
err(1, "exec %s", pwd->pw_shell); err(1, "exec %s", pwd->pw_shell);
} }
@@ -928,7 +842,7 @@ struct getargs args[] = {
{ "keepalive", 'n', arg_negative_flag, &do_keepalive }, { "keepalive", 'n', arg_negative_flag, &do_keepalive },
{ "inetd", 'i', arg_negative_flag, &do_inetd, { "inetd", 'i', arg_negative_flag, &do_inetd,
"Not started from inetd" }, "Not started from inetd" },
#if defined(KRB4) || defined(KRB5) #if defined(KRB5)
{ "kerberos", 'k', arg_flag, &do_kerberos, { "kerberos", 'k', arg_flag, &do_kerberos,
"Implement kerberised services" }, "Implement kerberised services" },
{ "encrypt", 'x', arg_flag, &do_encrypt, { "encrypt", 'x', arg_flag, &do_encrypt,
@@ -940,7 +854,7 @@ struct getargs args[] = {
"port" }, "port" },
{ "vacuous", 'v', arg_flag, &do_vacuous, { "vacuous", 'v', arg_flag, &do_vacuous,
"Don't accept non-kerberised connections" }, "Don't accept non-kerberised connections" },
#if defined(KRB4) || defined(KRB5) #if defined(KRB5)
{ NULL, 'P', arg_negative_flag, &do_newpag, { NULL, 'P', arg_negative_flag, &do_newpag,
"Don't put process in new PAG" }, "Don't put process in new PAG" },
#endif #endif
@@ -985,12 +899,12 @@ main(int argc, char **argv)
exit(0); exit(0);
} }
#if defined(KRB4) || defined(KRB5) #if defined(KRB5)
if (do_encrypt) if (do_encrypt)
do_kerberos = 1; do_kerberos = 1;
if(do_kerberos) if(do_kerberos)
do_kerberos = DO_KRB4 | DO_KRB5; do_kerberos = DO_KRB5;
#endif #endif
#ifdef KRB5 #ifdef KRB5
@@ -1014,7 +928,7 @@ main(int argc, char **argv)
errx (1, "getaddrinfo: %s", gai_strerror (error)); errx (1, "getaddrinfo: %s", gai_strerror (error));
} }
if (ai == NULL) { if (ai == NULL) {
#if defined(KRB4) || defined(KRB5) #if defined(KRB5)
if (do_kerberos) { if (do_kerberos) {
if (do_encrypt) { if (do_encrypt) {
error = getaddrinfo(NULL, "ekshell", &hints, &ai); error = getaddrinfo(NULL, "ekshell", &hints, &ai);