add option to disable kerberos 4 kadmin

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11489 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
2002-10-21 13:21:24 +00:00
parent 34f20b4fef
commit fed79b33b9
4 changed files with 28 additions and 6 deletions

View File

@@ -62,12 +62,15 @@ add_kadm_port(krb5_context context, const char *service, unsigned int port)
kadm_ports = p;
}
extern int do_kerberos4;
static void
add_standard_ports (krb5_context context)
{
add_kadm_port(context, "kerberos-adm", 749);
#ifdef KRB4
add_kadm_port(context, "kerberos-master", 751);
if(do_kerberos4)
add_kadm_port(context, "kerberos-master", 751);
#endif
}

View File

@@ -26,6 +26,7 @@
.Fl -ports= Ns Ar port
.Xc
.Oc
.Op Fl -no-kerberos4
.Sh DESCRIPTION
.Nm
listens for requests for changes to the Kerberos database and performs
@@ -118,11 +119,16 @@ enable debugging
.Fl -ports= Ns Ar port
.Xc
ports to listen to. By default, if run as a daemon, it listen to ports
749, and 751 (if built with Kerberos 4 support), but you can add any
number of ports with this option. The port string is a whitespace
separated list of port specifications, with the special string
749, and 751 (if Kerberos 4 support is built and enabled), but you can
add any number of ports with this option. The port string is a
whitespace separated list of port specifications, with the special
string
.Dq +
representing the default set of ports.
.It Fl -no-kerberos4
make
.Nm
ignore Kerberos 4 kadmin requests.
.El
.\".Sh ENVIRONMENT
.Sh FILES

View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan
* Copyright (c) 1997-2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@@ -45,6 +45,9 @@ static int version_flag;
static int debug_flag;
static char *port_str;
char *realm;
#ifdef KRB4
int do_kerberos4 = 1;
#endif
static struct getargs args[] = {
{
@@ -71,6 +74,11 @@ static struct getargs args[] = {
{ "debug", 'd', arg_flag, &debug_flag,
"enable debugging"
},
#ifdef KRB4
{ "kerberos4", 0, arg_negative_flag, &do_kerberos4,
"don't respond to kerberos 4 requests"
},
#endif
{ "ports", 'p', arg_string, &port_str,
"ports to listen to", "port" },
{ "help", 'h', arg_flag, &help_flag },

View File

@@ -532,6 +532,8 @@ handle_v5(krb5_context context,
v5_loop (context, ac, initial, kadm_handle, fd);
}
extern int do_kerberos4;
krb5_error_code
kadmind_loop(krb5_context context,
krb5_auth_context ac,
@@ -551,7 +553,10 @@ kadmind_loop(krb5_context context,
if(len > 0xffff && (len & 0xffff) == ('K' << 8) + 'A') {
len >>= 16;
#ifdef KRB4
handle_v4(context, keytab, len, fd);
if(do_kerberos4)
handle_v4(context, keytab, len, fd);
else
krb5_errx(context, 1, "version 4 kadmin is disabled");
#else
krb5_errx(context, 1, "packet appears to be version 4");
#endif