add option to disable kerberos 4 kadmin
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11489 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
@@ -62,12 +62,15 @@ add_kadm_port(krb5_context context, const char *service, unsigned int port)
|
||||
kadm_ports = p;
|
||||
}
|
||||
|
||||
extern int do_kerberos4;
|
||||
|
||||
static void
|
||||
add_standard_ports (krb5_context context)
|
||||
{
|
||||
add_kadm_port(context, "kerberos-adm", 749);
|
||||
#ifdef KRB4
|
||||
add_kadm_port(context, "kerberos-master", 751);
|
||||
if(do_kerberos4)
|
||||
add_kadm_port(context, "kerberos-master", 751);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
@@ -26,6 +26,7 @@
|
||||
.Fl -ports= Ns Ar port
|
||||
.Xc
|
||||
.Oc
|
||||
.Op Fl -no-kerberos4
|
||||
.Sh DESCRIPTION
|
||||
.Nm
|
||||
listens for requests for changes to the Kerberos database and performs
|
||||
@@ -118,11 +119,16 @@ enable debugging
|
||||
.Fl -ports= Ns Ar port
|
||||
.Xc
|
||||
ports to listen to. By default, if run as a daemon, it listen to ports
|
||||
749, and 751 (if built with Kerberos 4 support), but you can add any
|
||||
number of ports with this option. The port string is a whitespace
|
||||
separated list of port specifications, with the special string
|
||||
749, and 751 (if Kerberos 4 support is built and enabled), but you can
|
||||
add any number of ports with this option. The port string is a
|
||||
whitespace separated list of port specifications, with the special
|
||||
string
|
||||
.Dq +
|
||||
representing the default set of ports.
|
||||
.It Fl -no-kerberos4
|
||||
make
|
||||
.Nm
|
||||
ignore Kerberos 4 kadmin requests.
|
||||
.El
|
||||
.\".Sh ENVIRONMENT
|
||||
.Sh FILES
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
|
||||
* Copyright (c) 1997-2002 Kungliga Tekniska H<>gskolan
|
||||
* (Royal Institute of Technology, Stockholm, Sweden).
|
||||
* All rights reserved.
|
||||
*
|
||||
@@ -45,6 +45,9 @@ static int version_flag;
|
||||
static int debug_flag;
|
||||
static char *port_str;
|
||||
char *realm;
|
||||
#ifdef KRB4
|
||||
int do_kerberos4 = 1;
|
||||
#endif
|
||||
|
||||
static struct getargs args[] = {
|
||||
{
|
||||
@@ -71,6 +74,11 @@ static struct getargs args[] = {
|
||||
{ "debug", 'd', arg_flag, &debug_flag,
|
||||
"enable debugging"
|
||||
},
|
||||
#ifdef KRB4
|
||||
{ "kerberos4", 0, arg_negative_flag, &do_kerberos4,
|
||||
"don't respond to kerberos 4 requests"
|
||||
},
|
||||
#endif
|
||||
{ "ports", 'p', arg_string, &port_str,
|
||||
"ports to listen to", "port" },
|
||||
{ "help", 'h', arg_flag, &help_flag },
|
||||
|
||||
@@ -532,6 +532,8 @@ handle_v5(krb5_context context,
|
||||
v5_loop (context, ac, initial, kadm_handle, fd);
|
||||
}
|
||||
|
||||
extern int do_kerberos4;
|
||||
|
||||
krb5_error_code
|
||||
kadmind_loop(krb5_context context,
|
||||
krb5_auth_context ac,
|
||||
@@ -551,7 +553,10 @@ kadmind_loop(krb5_context context,
|
||||
if(len > 0xffff && (len & 0xffff) == ('K' << 8) + 'A') {
|
||||
len >>= 16;
|
||||
#ifdef KRB4
|
||||
handle_v4(context, keytab, len, fd);
|
||||
if(do_kerberos4)
|
||||
handle_v4(context, keytab, len, fd);
|
||||
else
|
||||
krb5_errx(context, 1, "version 4 kadmin is disabled");
|
||||
#else
|
||||
krb5_errx(context, 1, "packet appears to be version 4");
|
||||
#endif
|
||||
|
||||
Reference in New Issue
Block a user