=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshconnect2.c,v retrieving revision 1.121 retrieving revision 1.122 diff -u -r1.121 -r1.122 --- src/usr.bin/ssh/sshconnect2.c 2003/08/22 10:56:09 1.121 +++ src/usr.bin/ssh/sshconnect2.c 2003/08/22 13:20:03 1.122 @@ -23,12 +23,8 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.121 2003/08/22 10:56:09 markus Exp $"); +RCSID("$OpenBSD: sshconnect2.c,v 1.122 2003/08/22 13:20:03 markus Exp $"); -#ifdef KRB5 -#include -#endif - #include "ssh.h" #include "ssh2.h" #include "xmalloc.h" @@ -233,12 +229,6 @@ userauth_hostbased, &options.hostbased_authentication, NULL}, -#if KRB5 - {"kerberos-2@ssh.com", - userauth_kerberos, - &options.kerberos_authentication, - NULL}, -#endif {"publickey", userauth_pubkey, &options.pubkey_authentication, @@ -1367,94 +1357,6 @@ packet_send(); return 1; } - -#if KRB5 -static int -ssh_krb5_helper(krb5_data *ap) -{ - krb5_context xcontext = NULL; /* XXX share with ssh1 */ - krb5_auth_context xauth_context = NULL; - - krb5_context *context; - krb5_auth_context *auth_context; - krb5_error_code problem; - const char *tkfile; - struct stat buf; - krb5_ccache ccache = NULL; - const char *remotehost; - int ret; - - memset(ap, 0, sizeof(*ap)); - - context = &xcontext; - auth_context = &xauth_context; - - problem = krb5_init_context(context); - if (problem) { - debug("Kerberos v5: krb5_init_context failed"); - ret = 0; - goto out; - } - - tkfile = krb5_cc_default_name(*context); - if (strncmp(tkfile, "FILE:", 5) == 0) - tkfile += 5; - - if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) { - debug("Kerberos v5: could not get default ccache (permission denied)."); - ret = 0; - goto out; - } - - problem = krb5_cc_default(*context, &ccache); - if (problem) { - debug("Kerberos v5: krb5_cc_default failed: %s", - krb5_get_err_text(*context, problem)); - ret = 0; - goto out; - } - - remotehost = get_canonical_hostname(1); - - problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED, - "host", remotehost, NULL, ccache, ap); - if (problem) { - debug("Kerberos v5: krb5_mk_req failed: %s", - krb5_get_err_text(*context, problem)); - ret = 0; - goto out; - } - ret = 1; - - out: - if (ccache != NULL) - krb5_cc_close(*context, ccache); - if (*auth_context) - krb5_auth_con_free(*context, *auth_context); - if (*context) - krb5_free_context(*context); - return (ret); -} - -int -userauth_kerberos(Authctxt *authctxt) -{ - krb5_data ap; - - if (ssh_krb5_helper(&ap) == 0) - return (0); - - packet_start(SSH2_MSG_USERAUTH_REQUEST); - packet_put_cstring(authctxt->server_user); - packet_put_cstring(authctxt->service); - packet_put_cstring(authctxt->method->name); - packet_put_string(ap.data, ap.length); - packet_send(); - - krb5_data_free(&ap); - return (1); -} -#endif /* find auth method */