From: Richard Basch Date: Thu, 11 Apr 1996 04:26:22 +0000 (+0000) Subject: * kcmd.c: Cleaned up whitespace and removed commented & unused cruft X-Git-Tag: krb5-1.0-beta6~224 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=fc8ace14b79af515ec2ed11a04520e8cfa3f4c17;p=krb5.git * kcmd.c: Cleaned up whitespace and removed commented & unused cruft * krlogind.c, krshd.c: Allow the recvauth routine to find any key in the keytab for which the user is trying to login. The host may be known as many names. Additionally, for krlogind, clean up the error handling for bad authentication (potential null dereference and a misleading message because of the wrong authentication system being used) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7791 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index 527407bf1..d786903a6 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,3 +1,14 @@ +Thu Apr 11 00:22:51 1996 Richard Basch + + * kcmd.c: Cleaned up whitespace and removed commented & unused cruft + + * krlogind.c, krshd.c: Allow the recvauth routine to find any key + in the keytab for which the user is trying to login. The host may + be known as many names. Additionally, for krlogind, clean up the + error handling for bad authentication (potential null dereference + and a misleading message because of the wrong authentication system + being used) + Sun Apr 7 22:46:07 1996 Ezra Peisach * krshd.c: Add an option -L to pass certain environment variables diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index d343054b9..c446541b7 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -66,8 +66,6 @@ char *default_service = "host"; extern krb5_context bsd_context; -krb5_enctype bsd_ktypes[] = { ENCTYPE_DES_CBC_CRC , 0 }; - kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, cred, seqno, server_seqno, laddr, faddr, authopts, anyport) @@ -109,15 +107,16 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, krb5_auth_context auth_context = NULL; char *cksumbuf; krb5_data cksumdat; + if ((cksumbuf = malloc(strlen(cmd)+strlen(remuser)+64)) == 0 ) { - fprintf(stderr, "Unable to allocate memory for checksum buffer.\n"); - return(-1); + fprintf(stderr, "Unable to allocate memory for checksum buffer.\n"); + return(-1); } -sprintf(cksumbuf, "%u:", ntohs(rport)); + sprintf(cksumbuf, "%u:", ntohs(rport)); strcat(cksumbuf, cmd); strcat(cksumbuf, remuser); cksumdat.data = cksumbuf; - cksumdat.length = strlen(cksumbuf); + cksumdat.length = strlen(cksumbuf); pid = getpid(); hp = gethostbyname(*ahost); @@ -144,7 +143,7 @@ sprintf(cksumbuf, "%u:", ntohs(rport)); fprintf(stderr,"kcmd: no memory\n"); return(-1); } - status = krb5_sname_to_principal(bsd_context, host_save,service, + status = krb5_sname_to_principal(bsd_context, host_save, service, KRB5_NT_SRV_HST, &get_cred->server); if (status) { fprintf(stderr, "kcmd: krb5_sname_to_principal failed: %s\n", @@ -278,9 +277,6 @@ sprintf(cksumbuf, "%u:", ntohs(rport)); if (status = krb5_cc_default(bsd_context, &cc)) goto bad2; -/* if (krb5_set_default_tgs_ktypes(bsd_context, bsd_ktypes)) */ -/* goto bad2; */ - if (status = krb5_cc_get_principal(bsd_context, cc, &get_cred->client)) { (void) krb5_cc_close(bsd_context, cc); goto bad2; diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c index 5de2f5faa..d78ab6fbc 100644 --- a/src/appl/bsd/krlogind.c +++ b/src/appl/bsd/krlogind.c @@ -1062,7 +1062,7 @@ do_krb_login(host) { krb5_error_code status; struct passwd *pwd; - char *msg_fail; + char *msg_fail = NULL; int valid_checksum; @@ -1127,23 +1127,28 @@ int valid_checksum; syslog(LOG_WARNING, "Client did not supply required checksum."); fatal(netf, "You are using an old Kerberos5 without initial connection support; only newer clients are authorized."); + } + else { + syslog(LOG_WARNING, "Checksums are only required for v5 clients; other clients cannot produce initial authenticator checksums."); + } } - else { - syslog(LOG_WARNING, "Checksums are only required for v5 clients; other clients cannot produce initial authenticator checksums."); - } - } - if -(auth_ok&auth_sent) /* This should be bitwise.*/ + if (auth_ok&auth_sent) /* This should be bitwise.*/ return; if (ticket) krb5_free_ticket(bsd_context, ticket); - msg_fail = (char *) malloc( strlen(krusername) + strlen(lusername) + 80 ); + if (krusername) + msg_fail = (char *)malloc(strlen(krusername) + strlen(lusername) + 80); if (!msg_fail) - fatal(netf, "User is not authorized to login to specified account"); - sprintf(msg_fail, "User %s is not authorized to login to account %s", - krusername, lusername); + fatal(netf, "User is not authorized to login to specified account"); + + if (auth_sent) + sprintf(msg_fail, "Access denied because of improper credentials"); + else + sprintf(msg_fail, "User %s is not authorized to login to account %s", + krusername, lusername); + fatal(netf, msg_fail); /* NOTREACHED */ } @@ -1472,7 +1477,6 @@ recvauth(valid_checksum) struct sockaddr_in peersin, laddr; char krb_vers[KRB_SENDAUTH_VLEN + 1]; int len; - krb5_principal server; krb5_data inbuf; char v4_instance[INST_SZ]; /* V4 Instance */ char v4_version[9]; @@ -1489,13 +1493,6 @@ recvauth(valid_checksum) exit(1); } - if (status = krb5_sname_to_principal(bsd_context, NULL, "host", - KRB5_NT_SRV_HST, &server)) { - syslog(LOG_ERR, "parse server name %s: %s", "host", - error_message(status)); - exit(1); - } - strcpy(v4_instance, "*"); if (status = krb5_auth_con_init(bsd_context, &auth_context)) @@ -1508,7 +1505,7 @@ recvauth(valid_checksum) if (status = krb5_compat_recvauth(bsd_context, &auth_context, &netf, "KCMDV0.1", - server, /* Specify daemon principal */ + NULL, /* Specify daemon principal */ 0, /* no flags */ keytab, /* normally NULL to use v5srvtab */ diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index 867319700..e4073bfdd 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -1696,7 +1696,6 @@ recvauth(netf, peersin, valid_checksum) struct sockaddr_in laddr; char krb_vers[KRB_SENDAUTH_VLEN + 1]; int len; - krb5_principal server; krb5_data inbuf; char v4_instance[INST_SZ]; /* V4 Instance */ char v4_version[9]; @@ -1715,13 +1714,6 @@ krb5_authenticator *authenticator; #define SIZEOF_INADDR sizeof(struct in_addr) #endif - if (status = krb5_sname_to_principal(bsd_context, NULL, "host", - KRB5_NT_SRV_HST, &server)) { - syslog(LOG_ERR, "parse server name %s: %s", "host", - error_message(status)); - exit(1); - } - strcpy(v4_instance, "*"); if (status = krb5_auth_con_init(bsd_context, &auth_context)) @@ -1733,7 +1725,7 @@ krb5_authenticator *authenticator; status = krb5_compat_recvauth(bsd_context, &auth_context, &netf, "KCMDV0.1", - server, /* Specify daemon principal */ + NULL, /* Specify daemon principal */ 0, /* no flags */ keytab, /* normally NULL to use v5srvtab */ 0, /* v4_opts */