Don't use V4 Kerberos routines unless compiled with V4 compatibility mode

author Theodore Tso <tytso@mit.edu>

Fri, 14 Jan 1994 20:42:26 +0000 (20:42 +0000)

committer Theodore Tso <tytso@mit.edu>

Fri, 14 Jan 1994 20:42:26 +0000 (20:42 +0000)
author Theodore Tso <tytso@mit.edu>
Fri, 14 Jan 1994 20:42:26 +0000 (20:42 +0000)
committer Theodore Tso <tytso@mit.edu>
Fri, 14 Jan 1994 20:42:26 +0000 (20:42 +0000)
diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c

index fdd3a31dafcc43c051e85230f78f706dca147332..bd49f7feb8bd06a08f62e6a7b0c77aa569ece0b8 100644 (file)
--- a/src/appl/bsd/krlogind.c
+++ b/src/appl/bsd/krlogind.c
@@ -107,7 +107,9 @@ static char sccsid[] = "@(#)rlogind.c       5.17 (Berkeley) 8/31/88";
   */
  #define LOG_REMOTE_REALM
  #define CRYPT
+#ifdef KRB5_KRB4_COMPAT
  #define SERVE_V4
+#endif
  
  #include <stdio.h>
  #include <sys/types.h>
@@ -1061,8 +1063,14 @@ do_krb_login(host)
      /* OK we have authenticated this user - now check authorization. */
      /* The Kerberos authenticated programs must use krb5_kuserok or kuserok*/
      
+#ifdef SERVE_V4
+    if (auth_sys == KRB5_RECVAUTH_V4) {
+         fatal(netf, "This server does not support Kerberos V4");
+  }
+#endif
+    
      if (must_pass_k5 || must_pass_one) {
-#ifdef ALWAYS_V5_KUSEROK
+#if (defined(ALWAYS_V5_KUSEROK) || !defined(SERVE_V4))
         /* krb5_kuserok returns 1 if OK */
         if (client && krb5_kuserok(client, lusername))
             passed_krb++;
@@ -1458,6 +1466,7 @@ recvauth()
      getstr(netf, lusername, sizeof (lusername), "locuser");
      getstr(netf, term, sizeof(term), "Terminal type");
  
+#ifdef SERVE_V4
      if (auth_sys == KRB5_RECVAUTH_V4) {
  
         des_read  = v4_des_read;
@@ -1478,6 +1487,7 @@ recvauth()
           return(status);
         return 0;
      }
+#endif
  
      /* Must be V5  */
         
diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c

index 6e4cf677c5af0694c7b4bc3bf4cb7514cf49b6fd..c98c92129393958c0bf10437d9ea438937c6c4c5 100644 (file)
--- a/src/appl/bsd/krshd.c
+++ b/src/appl/bsd/krshd.c
@@ -870,7 +870,7 @@ doit(f, fromp)
  
  #ifdef KERBEROS
      if (must_pass_k5 || must_pass_one) {
-#ifdef ALWAYS_V5_KUSEROK
+#if (defined(ALWAYS_V5_KUSEROK) || !defined(KRB5_KRB4_COMPAT))
         if (!krb5_kuserok(client,locuser)) {
             syslog(LOG_ERR ,
                    "Principal %s (%s@%s) for local user %s failed krb5_kuserok.\n",
author	Theodore Tso <tytso@mit.edu>
	Fri, 14 Jan 1994 20:42:26 +0000 (20:42 +0000)
committer	Theodore Tso <tytso@mit.edu>
	Fri, 14 Jan 1994 20:42:26 +0000 (20:42 +0000)
src/appl/bsd/krlogind.c		patch \| blob \| history
src/appl/bsd/krshd.c		patch \| blob \| history