oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

add option to disable kerberos 4 kadmin

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11489 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Johan Danielsson
2002-10-21 13:21:24 +00:00
parent 34f20b4fef
commit fed79b33b9
4 changed files with 28 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
kadmin/kadm_conn.c
View File

@@ -62,12 +62,15 @@ add_kadm_port(krb5_context context, const char *service, unsigned int port)
kadm_ports = p; kadm_ports = p;
} }
extern int do_kerberos4;
static void static void
add_standard_ports (krb5_context context) add_standard_ports (krb5_context context)
{ {
add_kadm_port(context, "kerberos-adm", 749); add_kadm_port(context, "kerberos-adm", 749);
#ifdef KRB4 #ifdef KRB4
add_kadm_port(context, "kerberos-master", 751); if(do_kerberos4)
add_kadm_port(context, "kerberos-master", 751);
#endif #endif
} }

12
kadmin/kadmind.8
View File

@@ -26,6 +26,7 @@
.Fl -ports= Ns Ar port .Fl -ports= Ns Ar port
.Xc .Xc
.Oc .Oc
.Op Fl -no-kerberos4
.Sh DESCRIPTION .Sh DESCRIPTION
.Nm .Nm
listens for requests for changes to the Kerberos database and performs listens for requests for changes to the Kerberos database and performs
@@ -118,11 +119,16 @@ enable debugging
.Fl -ports= Ns Ar port .Fl -ports= Ns Ar port
.Xc .Xc
ports to listen to. By default, if run as a daemon, it listen to ports ports to listen to. By default, if run as a daemon, it listen to ports
749, and 751 (if built with Kerberos 4 support), but you can add any 749, and 751 (if Kerberos 4 support is built and enabled), but you can
number of ports with this option. The port string is a whitespace add any number of ports with this option. The port string is a
separated list of port specifications, with the special string whitespace separated list of port specifications, with the special
string
.Dq + .Dq +
representing the default set of ports. representing the default set of ports.
.It Fl -no-kerberos4
make
.Nm
ignore Kerberos 4 kadmin requests.
.El .El
.\".Sh ENVIRONMENT .\".Sh ENVIRONMENT
.Sh FILES .Sh FILES

10
kadmin/kadmind.c
View File

@@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997-2001 Kungliga Tekniska H<>gskolan * Copyright (c) 1997-2002 Kungliga Tekniska H<>gskolan
* (Royal Institute of Technology, Stockholm, Sweden). * (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved. * All rights reserved.
* *
@@ -45,6 +45,9 @@ static int version_flag;
static int debug_flag; static int debug_flag;
static char *port_str; static char *port_str;
char *realm; char *realm;
#ifdef KRB4
int do_kerberos4 = 1;
#endif
static struct getargs args[] = { static struct getargs args[] = {
{ {
@@ -71,6 +74,11 @@ static struct getargs args[] = {
{ "debug", 'd', arg_flag, &debug_flag, { "debug", 'd', arg_flag, &debug_flag,
"enable debugging" "enable debugging"
}, },
#ifdef KRB4
{ "kerberos4", 0, arg_negative_flag, &do_kerberos4,
"don't respond to kerberos 4 requests"
},
#endif
{ "ports", 'p', arg_string, &port_str, { "ports", 'p', arg_string, &port_str,
"ports to listen to", "port" }, "ports to listen to", "port" },
{ "help", 'h', arg_flag, &help_flag }, { "help", 'h', arg_flag, &help_flag },

7
kadmin/server.c
View File

@@ -532,6 +532,8 @@ handle_v5(krb5_context context,
v5_loop (context, ac, initial, kadm_handle, fd); v5_loop (context, ac, initial, kadm_handle, fd);
} }
extern int do_kerberos4;
krb5_error_code krb5_error_code
kadmind_loop(krb5_context context, kadmind_loop(krb5_context context,
krb5_auth_context ac, krb5_auth_context ac,
@@ -551,7 +553,10 @@ kadmind_loop(krb5_context context,
if(len > 0xffff && (len & 0xffff) == ('K' << 8) + 'A') { if(len > 0xffff && (len & 0xffff) == ('K' << 8) + 'A') {
len >>= 16; len >>= 16;
#ifdef KRB4 #ifdef KRB4
handle_v4(context, keytab, len, fd); if(do_kerberos4)
handle_v4(context, keytab, len, fd);
else
krb5_errx(context, 1, "version 4 kadmin is disabled");
#else #else
krb5_errx(context, 1, "packet appears to be version 4"); krb5_errx(context, 1, "packet appears to be version 4");
#endif #endif