=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/auth-krb4.c,v retrieving revision 1.14.2.4 retrieving revision 1.15 diff -u -r1.14.2.4 -r1.15 --- src/usr.bin/ssh/Attic/auth-krb4.c 2001/03/21 18:52:32 1.14.2.4 +++ src/usr.bin/ssh/Attic/auth-krb4.c 2000/06/22 23:54:59 1.15 @@ -1,41 +1,15 @@ /* - * Copyright (c) 1999 Dug Song. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * Dug Song + * Kerberos v4 authentication and ticket-passing routines. */ #include "includes.h" -RCSID("$OpenBSD: auth-krb4.c,v 1.14.2.4 2001/03/21 18:52:32 jason Exp $"); - -#include "ssh.h" -#include "ssh1.h" #include "packet.h" #include "xmalloc.h" -#include "log.h" +#include "ssh.h" #include "servconf.h" -#include "auth.h" -#ifdef AFS -#include "radix.h" -#endif +RCSID("$OpenBSD: auth-krb4.c,v 1.15 2000/06/22 23:54:59 djm Exp $"); #ifdef KRB4 char *ticket = NULL; @@ -53,7 +27,7 @@ AUTH_DAT adata; KTEXT_ST tkt; struct hostent *hp; - u_long faddr; + unsigned long faddr; char localhost[MAXHOSTNAMELEN]; char phost[INST_SZ]; char realm[REALM_SZ]; @@ -108,12 +82,11 @@ if (r == RD_AP_UNDEC) { /* * Probably didn't have a srvtab on - * localhost. Disallow login. + * localhost. Allow login. */ log("Kerberos V4 TGT for %s unverifiable, " "no srvtab installed? krb_rd_req: %s", pw->pw_name, krb_err_txt[r]); - goto kerberos_auth_failure; } else if (r != KSUCCESS) { log("Kerberos V4 %s ticket unverifiable: %s", KRB4_SERVICE_NAME, krb_err_txt[r]); @@ -121,13 +94,12 @@ } } else if (r == KDC_PR_UNKNOWN) { /* - * Disallow login if no rcmd service exists, and + * Allow login if no rcmd service exists, but * log the error. */ log("Kerberos V4 TGT for %s unverifiable: %s; %s.%s " "not registered, or srvtab is wrong?", pw->pw_name, krb_err_txt[r], KRB4_SERVICE_NAME, phost); - goto kerberos_auth_failure; } else { /* * TGT is bad, forget it. Possibly spoofed! @@ -180,7 +152,7 @@ if (lstat("/ticket", &st) != -1) tkt_root = "/ticket/"; #endif /* AFS */ - snprintf(ticket, MAXPATHLEN, "%s%u_%d", tkt_root, uid, getpid()); + snprintf(ticket, MAXPATHLEN, "%s%d_%d", tkt_root, uid, getpid()); (void) krb_set_tkt_string(ticket); } /* Register ticket cleanup in case of fatal error. */ @@ -287,8 +259,6 @@ { CREDENTIALS creds; - if (pw == NULL) - goto auth_kerberos_tgt_failure; if (!radix_to_creds(string, &creds)) { log("Protocol error decoding Kerberos V4 tgt"); packet_send_debug("Protocol error decoding Kerberos V4 tgt"); @@ -343,16 +313,8 @@ auth_afs_token(struct passwd *pw, const char *token_string) { CREDENTIALS creds; - uid_t uid; + uid_t uid = pw->pw_uid; - if (pw == NULL) { - /* XXX fake protocol error */ - packet_send_debug("Protocol error decoding AFS token"); - packet_start(SSH_SMSG_FAILURE); - packet_send(); - packet_write_wait(); - return 0; - } if (!radix_to_creds(token_string, &creds)) { log("Protocol error decoding AFS token"); packet_send_debug("Protocol error decoding AFS token"); @@ -366,8 +328,6 @@ if (strncmp(creds.pname, "AFS ID ", 7) == 0) uid = atoi(creds.pname + 7); - else - uid = pw->pw_uid; if (kafs_settoken(creds.realm, uid, &creds)) { log("AFS token (%s@%s) rejected for %s", creds.pname, creds.realm,