+Thu Apr 11 00:22:51 1996 Richard Basch <basch@lehman.com>
+
+ * kcmd.c: Cleaned up whitespace and removed commented & unused cruft
+
+ * krlogind.c, krshd.c: Allow the recvauth routine to find any key
+ in the keytab for which the user is trying to login. The host may
+ be known as many names. Additionally, for krlogind, clean up the
+ error handling for bad authentication (potential null dereference
+ and a misleading message because of the wrong authentication system
+ being used)
+
Sun Apr 7 22:46:07 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* krshd.c: Add an option -L to pass certain environment variables
extern krb5_context bsd_context;
-krb5_enctype bsd_ktypes[] = { ENCTYPE_DES_CBC_CRC , 0 };
-
kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
cred, seqno, server_seqno, laddr, faddr, authopts, anyport)
krb5_auth_context auth_context = NULL;
char *cksumbuf;
krb5_data cksumdat;
+
if ((cksumbuf = malloc(strlen(cmd)+strlen(remuser)+64)) == 0 ) {
- fprintf(stderr, "Unable to allocate memory for checksum buffer.\n");
- return(-1);
+ fprintf(stderr, "Unable to allocate memory for checksum buffer.\n");
+ return(-1);
}
-sprintf(cksumbuf, "%u:", ntohs(rport));
+ sprintf(cksumbuf, "%u:", ntohs(rport));
strcat(cksumbuf, cmd);
strcat(cksumbuf, remuser);
cksumdat.data = cksumbuf;
- cksumdat.length = strlen(cksumbuf);
+ cksumdat.length = strlen(cksumbuf);
pid = getpid();
hp = gethostbyname(*ahost);
fprintf(stderr,"kcmd: no memory\n");
return(-1);
}
- status = krb5_sname_to_principal(bsd_context, host_save,service,
+ status = krb5_sname_to_principal(bsd_context, host_save, service,
KRB5_NT_SRV_HST, &get_cred->server);
if (status) {
fprintf(stderr, "kcmd: krb5_sname_to_principal failed: %s\n",
if (status = krb5_cc_default(bsd_context, &cc))
goto bad2;
-/* if (krb5_set_default_tgs_ktypes(bsd_context, bsd_ktypes)) */
-/* goto bad2; */
-
if (status = krb5_cc_get_principal(bsd_context, cc, &get_cred->client)) {
(void) krb5_cc_close(bsd_context, cc);
goto bad2;
{
krb5_error_code status;
struct passwd *pwd;
- char *msg_fail;
+ char *msg_fail = NULL;
int valid_checksum;
syslog(LOG_WARNING, "Client did not supply required checksum.");
fatal(netf, "You are using an old Kerberos5 without initial connection support; only newer clients are authorized.");
+ }
+ else {
+ syslog(LOG_WARNING, "Checksums are only required for v5 clients; other clients cannot produce initial authenticator checksums.");
+ }
}
- else {
- syslog(LOG_WARNING, "Checksums are only required for v5 clients; other clients cannot produce initial authenticator checksums.");
- }
- }
- if
-(auth_ok&auth_sent) /* This should be bitwise.*/
+ if (auth_ok&auth_sent) /* This should be bitwise.*/
return;
if (ticket)
krb5_free_ticket(bsd_context, ticket);
- msg_fail = (char *) malloc( strlen(krusername) + strlen(lusername) + 80 );
+ if (krusername)
+ msg_fail = (char *)malloc(strlen(krusername) + strlen(lusername) + 80);
if (!msg_fail)
- fatal(netf, "User is not authorized to login to specified account");
- sprintf(msg_fail, "User %s is not authorized to login to account %s",
- krusername, lusername);
+ fatal(netf, "User is not authorized to login to specified account");
+
+ if (auth_sent)
+ sprintf(msg_fail, "Access denied because of improper credentials");
+ else
+ sprintf(msg_fail, "User %s is not authorized to login to account %s",
+ krusername, lusername);
+
fatal(netf, msg_fail);
/* NOTREACHED */
}
struct sockaddr_in peersin, laddr;
char krb_vers[KRB_SENDAUTH_VLEN + 1];
int len;
- krb5_principal server;
krb5_data inbuf;
char v4_instance[INST_SZ]; /* V4 Instance */
char v4_version[9];
exit(1);
}
- if (status = krb5_sname_to_principal(bsd_context, NULL, "host",
- KRB5_NT_SRV_HST, &server)) {
- syslog(LOG_ERR, "parse server name %s: %s", "host",
- error_message(status));
- exit(1);
- }
-
strcpy(v4_instance, "*");
if (status = krb5_auth_con_init(bsd_context, &auth_context))
if (status = krb5_compat_recvauth(bsd_context, &auth_context, &netf,
"KCMDV0.1",
- server, /* Specify daemon principal */
+ NULL, /* Specify daemon principal */
0, /* no flags */
keytab, /* normally NULL to use v5srvtab */
struct sockaddr_in laddr;
char krb_vers[KRB_SENDAUTH_VLEN + 1];
int len;
- krb5_principal server;
krb5_data inbuf;
char v4_instance[INST_SZ]; /* V4 Instance */
char v4_version[9];
#define SIZEOF_INADDR sizeof(struct in_addr)
#endif
- if (status = krb5_sname_to_principal(bsd_context, NULL, "host",
- KRB5_NT_SRV_HST, &server)) {
- syslog(LOG_ERR, "parse server name %s: %s", "host",
- error_message(status));
- exit(1);
- }
-
strcpy(v4_instance, "*");
if (status = krb5_auth_con_init(bsd_context, &auth_context))
status = krb5_compat_recvauth(bsd_context, &auth_context, &netf,
"KCMDV0.1",
- server, /* Specify daemon principal */
+ NULL, /* Specify daemon principal */
0, /* no flags */
keytab, /* normally NULL to use v5srvtab */
0, /* v4_opts */