- markus@cvs.openbsd.org 2003/08/22 13:20:03

[sshconnect2.c] remove support for "kerberos-2@ssh.com"
2003-08-26 12:04:31 +10:00 · 2003-08-26 12:04:31 +10:00 · be1a901f99
parent 49aaf4ad52
commit be1a901f99
2 changed files with 5 additions and 107 deletions
--- a/5
+++ b/5
@ -10,6 +10,9 @@
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
+   - markus@cvs.openbsd.org 2003/08/22 13:20:03
+     [sshconnect2.c]
+     remove support for "kerberos-2@ssh.com"
 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h
   configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
   sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
@ -885,4 +888,4 @@
 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
   Report from murple@murple.net, diagnosis from dtucker@zip.com.au

-$Id: ChangeLog,v 1.2908 2003/08/26 01:58:16 dtucker Exp $
+$Id: ChangeLog,v 1.2909 2003/08/26 02:04:31 dtucker Exp $
--- a/sshconnect2.c
+++ b/sshconnect2.c
@ -23,11 +23,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.121 2003/08/22 10:56:09 markus Exp $");
-
-#ifdef KRB5
-#include <krb5.h>
-#endif
+RCSID("$OpenBSD: sshconnect2.c,v 1.122 2003/08/22 13:20:03 markus Exp $");

 #include "openbsd-compat/sys-queue.h"

@ -235,12 +231,6 @@ Authmethod authmethods[] = {
 		userauth_hostbased,
 		&options.hostbased_authentication,
 		NULL},
-#if KRB5
-	{"kerberos-2@ssh.com",
-		userauth_kerberos,
-		&options.kerberos_authentication,
-		NULL},
-#endif
 	{"publickey",
 		userauth_pubkey,
 		&options.pubkey_authentication,
@ -1370,101 +1360,6 @@ userauth_hostbased(Authctxt *authctxt)
 	return 1;
 }

-#if KRB5
-static int
-ssh_krb5_helper(krb5_data *ap, krb5_context *context)
-{
-	krb5_context xcontext = NULL;	/* XXX share with ssh1 */
-	krb5_auth_context xauth_context = NULL;
-	krb5_auth_context *auth_context;
-	krb5_error_code problem;
-	const char *tkfile;
-	struct stat buf;
-	krb5_ccache ccache = NULL;
-	const char *remotehost;
-	int ret;
-
-	memset(ap, 0, sizeof(*ap));
-
-	context = &xcontext;
-	auth_context = &xauth_context;
-
-	problem = krb5_init_context(context);
-	if (problem) {
-		debug("Kerberos v5: krb5_init_context failed");
-		ret = 0;
-		goto out;
-	}
-
-	tkfile = krb5_cc_default_name(*context);
-	if (strncmp(tkfile, "FILE:", 5) == 0)
-		tkfile += 5;
-
-	if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) {
-		debug("Kerberos v5: could not get default ccache (permission denied).");
-		ret = 0;
-		goto out;
-	}
-
-	problem = krb5_cc_default(*context, &ccache);
-	if (problem) {
-		debug("Kerberos v5: krb5_cc_default failed: %s",
-		    krb5_get_err_text(*context, problem));
-		ret = 0;
-		goto out;
-	}
-
-	remotehost = get_canonical_hostname(1);
-
-	problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED,
-	    "host", remotehost, NULL, ccache, ap);
-	if (problem) {
-		debug("Kerberos v5: krb5_mk_req failed: %s",
-		    krb5_get_err_text(*context, problem));
-		ret = 0;
-		goto out;
-	}
-	ret = 1;
-
- out:
-	if (ccache != NULL)
-		krb5_cc_close(*context, ccache);
-	if (*auth_context)
-		krb5_auth_con_free(*context, *auth_context);
-	return (ret);
-}
-
-int
-userauth_kerberos(Authctxt *authctxt)
-{
-	krb5_data ap;
-	krb5_context *context;
-	int ret = 0;
-
-	if (ssh_krb5_helper(&ap, context) == 0)
-		goto out;
-
-	packet_start(SSH2_MSG_USERAUTH_REQUEST);
-	packet_put_cstring(authctxt->server_user);
-	packet_put_cstring(authctxt->service);
-	packet_put_cstring(authctxt->method->name);
-	packet_put_string(ap.data, ap.length);
-	packet_send();
-
-#ifdef HEIMDAL
-	krb5_data_free(&ap);
-#else
-	krb5_free_data_contents(*context, &ap);
-#endif
-	ret = 1;
-
-out:
-	if (*context)
-		krb5_free_context(*context);
-	return ret;
-}
-#endif
-
 /* find auth method */

 /*