- markus@cvs.openbsd.org 2003/08/22 13:20:03

[sshconnect2.c] remove support for "kerberos-2@ssh.com"
2025-07-28 08:14:24 +02:00 · 2003-08-26 12:04:31 +10:00 · 2003-08-26 12:04:31 +10:00 · be1a901f99
commit be1a901f99
parent 49aaf4ad52
2 changed files with 5 additions and 107 deletions
--- a/5
+++ b/5
@ -10,6 +10,9 @@
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
   - markus@cvs.openbsd.org 2003/08/22 13:20:03
     [sshconnect2.c]
     remove support for "kerberos-2@ssh.com"
 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h
   configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
   sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
@ -885,4 +888,4 @@
 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
   Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.2908 2003/08/26 01:58:16 dtucker Exp $
+$Id: ChangeLog,v 1.2909 2003/08/26 02:04:31 dtucker Exp $
--- a/sshconnect2.c
+++ b/sshconnect2.c
@ -23,11 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.121 2003/08/22 10:56:09 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.122 2003/08/22 13:20:03 markus Exp $");
 #ifdef KRB5
 #include <krb5.h>
 #endif
 #include "openbsd-compat/sys-queue.h"
@ -235,12 +231,6 @@ Authmethod authmethods[] = {
 		userauth_hostbased,
 		&options.hostbased_authentication,
 		NULL},
 #if KRB5
 	{"kerberos-2@ssh.com",
 		userauth_kerberos,
 		&options.kerberos_authentication,
 		NULL},
 #endif
 	{"publickey",
 		userauth_pubkey,
 		&options.pubkey_authentication,
@ -1370,101 +1360,6 @@ userauth_hostbased(Authctxt *authctxt)
 	return 1;
 }
 #if KRB5
 static int
 ssh_krb5_helper(krb5_data *ap, krb5_context *context)
 {
 	krb5_context xcontext = NULL;	/* XXX share with ssh1 */
 	krb5_auth_context xauth_context = NULL;
 	krb5_auth_context *auth_context;
 	krb5_error_code problem;
 	const char *tkfile;
 	struct stat buf;
 	krb5_ccache ccache = NULL;
 	const char *remotehost;
 	int ret;
 	memset(ap, 0, sizeof(*ap));
 	context = &xcontext;
 	auth_context = &xauth_context;
 	problem = krb5_init_context(context);
 	if (problem) {
 		debug("Kerberos v5: krb5_init_context failed");
 		ret = 0;
 		goto out;
 	}
 	tkfile = krb5_cc_default_name(*context);
 	if (strncmp(tkfile, "FILE:", 5) == 0)
 		tkfile += 5;
 	if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) {
 		debug("Kerberos v5: could not get default ccache (permission denied).");
 		ret = 0;
 		goto out;
 	}
 	problem = krb5_cc_default(*context, &ccache);
 	if (problem) {
 		debug("Kerberos v5: krb5_cc_default failed: %s",
 		    krb5_get_err_text(*context, problem));
 		ret = 0;
 		goto out;
 	}
 	remotehost = get_canonical_hostname(1);
 	problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED,
 	    "host", remotehost, NULL, ccache, ap);
 	if (problem) {
 		debug("Kerberos v5: krb5_mk_req failed: %s",
 		    krb5_get_err_text(*context, problem));
 		ret = 0;
 		goto out;
 	}
 	ret = 1;
 out:
 	if (ccache != NULL)
 		krb5_cc_close(*context, ccache);
 	if (*auth_context)
 		krb5_auth_con_free(*context, *auth_context);
 	return (ret);
 }
 int
 userauth_kerberos(Authctxt *authctxt)
 {
 	krb5_data ap;
 	krb5_context *context;
 	int ret = 0;
 	if (ssh_krb5_helper(&ap, context) == 0)
 		goto out;
 	packet_start(SSH2_MSG_USERAUTH_REQUEST);
 	packet_put_cstring(authctxt->server_user);
 	packet_put_cstring(authctxt->service);
 	packet_put_cstring(authctxt->method->name);
 	packet_put_string(ap.data, ap.length);
 	packet_send();
 #ifdef HEIMDAL
 	krb5_data_free(&ap);
 #else
 	krb5_free_data_contents(*context, &ap);
 #endif
 	ret = 1;
 out:
 	if (*context)
 		krb5_free_context(*context);
 	return ret;
 }
 #endif
 /* find auth method */
 /*