diff options
| author | Thorsten Lockert <tholo@cvs.openbsd.org> | 1996-01-29 19:18:50 +0000 |
|---|---|---|
| committer | Thorsten Lockert <tholo@cvs.openbsd.org> | 1996-01-29 19:18:50 +0000 |
| commit | 2ef7560359a4a8dc4df549aa484cd0c696417cee (patch) | |
| tree | 2a0ec5bc0611f8d48d9483bc63c8e4073cf142b8 | |
| parent | c5ca282b6a9fda06d6d8b45c6740c8c889626a3d (diff) | |
Make it work for multi-homed servers by default; remove need for krb.equiv
| -rw-r--r-- | kerberosIV/include/kerberosIV/site.h | 3 | ||||
| -rw-r--r-- | kerberosIV/krb/Makefile | 2 | ||||
| -rw-r--r-- | kerberosIV/krb/krb_equiv.c | 80 | ||||
| -rw-r--r-- | kerberosIV/krb/rd_priv.c | 3 | ||||
| -rw-r--r-- | kerberosIV/krb/rd_req.c | 2 | ||||
| -rw-r--r-- | kerberosIV/krb/rd_safe.c | 3 | ||||
| -rw-r--r-- | kerberosIV/man/Makefile | 4 | ||||
| -rw-r--r-- | kerberosIV/man/krb.equiv.5 | 25 |
8 files changed, 4 insertions, 118 deletions
diff --git a/kerberosIV/include/kerberosIV/site.h b/kerberosIV/include/kerberosIV/site.h index 179a579c5bf..834777a19b3 100644 --- a/kerberosIV/include/kerberosIV/site.h +++ b/kerberosIV/include/kerberosIV/site.h @@ -1,4 +1,4 @@ -/* $Id: site.h,v 1.2 1995/12/14 08:43:43 tholo Exp $ */ +/* $Id: site.h,v 1.3 1996/01/29 19:18:40 tholo Exp $ */ /* * Site-specific definitions. @@ -12,7 +12,6 @@ */ #define KRB_CONF "/etc/kerberosIV/krb.conf" #define KRB_RLM_TRANS "/etc/kerberosIV/krb.realms" -#define KRB_EQUIV "/etc/kerberosIV/krb.equiv" #define KRB_ACL "/etc/kerberosIV/kerberos.acl" #define MKEYFILE "/etc/kerberosIV/master_key" #define KEYFILE "/etc/kerberosIV/srvtab" diff --git a/kerberosIV/krb/Makefile b/kerberosIV/krb/Makefile index 80fc074bfae..260bc68c811 100644 --- a/kerberosIV/krb/Makefile +++ b/kerberosIV/krb/Makefile @@ -8,7 +8,7 @@ SRCS= cr_err_reply.c create_auth_reply.c create_ciph.c \ get_cred.c get_in_tkt.c get_krbhst.c get_krbrlm.c get_phost.c \ get_pw_tkt.c get_request.c get_svc_in_tkt.c get_tf_fullname.c \ get_tf_realm.c getrealm.c getst.c in_tkt.c k_localtime.c klog.c \ - kname_parse.c kntoln.c kparse.c krb_equiv.c krb_err.c krb_err_txt.c \ + kname_parse.c kntoln.c kparse.c krb_err.c krb_err_txt.c \ krb_get_in_tkt.c kuserok.c lifetime.c log.c mk_err.c mk_priv.c \ mk_req.c mk_safe.c month_sname.c netread.c netwrite.c one.c \ pkt_cipher.c pkt_clen.c rd_err.c rd_priv.c rd_req.c rd_safe.c \ diff --git a/kerberosIV/krb/krb_equiv.c b/kerberosIV/krb/krb_equiv.c deleted file mode 100644 index 0cc13a61a84..00000000000 --- a/kerberosIV/krb/krb_equiv.c +++ /dev/null @@ -1,80 +0,0 @@ -/* - * int krb_equiv(u_int32_t ipaddr_a, u_int32_t ipaddr_b); - * - * Given two IP adresses return true if they match - * or are considered to belong to the same host. - * - * For example if /etc/krb.equiv looks like - * - * 130.237.223.3 192.16.126.3 # alv alv1 - * 130.237.223.4 192.16.126.4 # byse byse1 - * 130.237.228.152 192.16.126.9 # topsy topsy1 - * - * krb_equiv(alv, alv1) would return true but - * krb_equiv(alv, byse1) would not. - * - * A comment starts with an '#' and ends with '\n'. - * - */ -#include "krb_locl.h" - -int -krb_equiv(a, b) - u_int32_t a; - u_int32_t b; -{ -#ifdef NO_IPADDR_CHECK - return 1; -#else - - FILE *fil; - int result = 0; - char line[256]; - - if (a == b) /* trivial match */ - return 1; - - fil = fopen(KRB_EQUIV, "r"); - if (fil == NULL) /* open failed */ - return 0; - - while (fgets(line, sizeof(line)-1, fil) != NULL) /* for each line */ - { - int hit_a = 0, hit_b = 0; - char *t = line; - - /* for each item on this line */ - while (*t != 0) /* more addresses on this line? */ - if (*t == '#') /* rest is comment */ - *t = 0; - else if (isspace(*t)) /* skip space */ - t++; - else if (isdigit(*t)) /* an address? */ - { - u_int32_t tmp = inet_addr(t); - if (tmp == -1) - ; /* not an address (or broadcast) */ - else if (tmp == a) - hit_a = 1; - else if (tmp == b) - hit_b = 1; - - while (*t == '.' || isdigit(*t)) /* done with this address */ - t++; - } - else - *t = 0; /* garbage on this line, skip it */ - - /* line is now parsed, if we found 2 matches were done */ - if (hit_a && hit_b) - { - result = 1; - goto done; - } - } - - done: - fclose(fil); - return result; -#endif /* !NO_IPADDR_CHECK */ -} diff --git a/kerberosIV/krb/rd_priv.c b/kerberosIV/krb/rd_priv.c index 25906e567a6..be52843cb95 100644 --- a/kerberosIV/krb/rd_priv.c +++ b/kerberosIV/krb/rd_priv.c @@ -154,9 +154,6 @@ krb_rd_priv(in, in_length, schedule, key, sender, receiver, m_data) /* don't swap, net order always */ p += sizeof(src_addr); - if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) - return RD_AP_MODIFIED; - /* safely get time_sec */ bcopy((char *) p, (char *)&(m_data->time_sec), sizeof(m_data->time_sec)); diff --git a/kerberosIV/krb/rd_req.c b/kerberosIV/krb/rd_req.c index c6128b11cf5..b1875f34198 100644 --- a/kerberosIV/krb/rd_req.c +++ b/kerberosIV/krb/rd_req.c @@ -311,8 +311,6 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn) if (krb_ap_req_debug) log("Address: %d %d",ad->address,from_addr); - if (from_addr && (!krb_equiv(ad->address, from_addr))) - return(RD_AP_BADD); (void) gettimeofday(&t_local,(struct timezone *) 0); delta_t = abs((int)(t_local.tv_sec - r_time_sec)); diff --git a/kerberosIV/krb/rd_safe.c b/kerberosIV/krb/rd_safe.c index a7ea1ff2043..5d868fa1459 100644 --- a/kerberosIV/krb/rd_safe.c +++ b/kerberosIV/krb/rd_safe.c @@ -132,9 +132,6 @@ krb_rd_safe protocol err sizeof(src_addr) != sizeof(struct in_addr)"); /* don't swap, net order always */ p += sizeof(src_addr); - if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) - return RD_AP_MODIFIED; - /* safely get time_sec */ bcopy((char *)p, (char *)&(m_data->time_sec), sizeof(m_data->time_sec)); diff --git a/kerberosIV/man/Makefile b/kerberosIV/man/Makefile index 79373597d10..19dc8a7f4a5 100644 --- a/kerberosIV/man/Makefile +++ b/kerberosIV/man/Makefile @@ -1,6 +1,6 @@ # from @(#)Makefile 8.1 (Berkeley) 6/1/93 -# $Id: Makefile,v 1.1 1995/12/14 06:52:35 tholo Exp $ +# $Id: Makefile,v 1.2 1996/01/29 19:18:49 tholo Exp $ -MAN= kerberos.1 krb.conf.5 krb.equiv.5 krb.realms.5 +MAN= kerberos.1 krb.conf.5 krb.realms.5 .include <bsd.prog.mk> diff --git a/kerberosIV/man/krb.equiv.5 b/kerberosIV/man/krb.equiv.5 deleted file mode 100644 index a01adeab4d0..00000000000 --- a/kerberosIV/man/krb.equiv.5 +++ /dev/null @@ -1,25 +0,0 @@ -.\" Copyright 1989 by the Massachusetts Institute of Technology. -.\" -.\" For copying and distribution information, -.\" please see the file <mit-copyright.h>. -.\" -.\" $Id: krb.equiv.5,v 1.1 1995/12/14 06:52:35 tholo Exp $ -.TH KRB.EQUIV 5 "Kerberos Version 4.0" "MIT Project Athena" -.SH NAME -/etc/kerberosIV/krb.equiv \- Kerberos equivalent hosts file -.SH DESCRIPTION -.I krb.equiv -contains a list of IP address pairs that is to be considered being -the same host for Kerberos purposes. -.PP -.I krb.equiv -contains one pair of IP addresses per line. -For example: -.nf -.in +1i -130.237.223.3 192.16.126.3 # alv alv1 -130.237.223.4 192.16.126.4 # byse byse1 -130.237.228.152 192.16.126.9 # topsy topsy1 -.in -1i -.SH SEE ALSO -krb.conf(5), krb.realms(5), krb_equiv(3) |