diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2003-08-22 13:20:04 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2003-08-22 13:20:04 +0000 |
commit | b1c7e4abb19963bd133795ce25ac05febc347139 (patch) | |
tree | 5b99006c885d58e6b9f36295068c596de3e98f14 /usr.bin/ssh/sshconnect2.c | |
parent | cfd592f5faad574e259b5cafea01226e4e039d2b (diff) |
remove support for "kerberos-2@ssh.com"
Diffstat (limited to 'usr.bin/ssh/sshconnect2.c')
-rw-r--r-- | usr.bin/ssh/sshconnect2.c | 100 |
1 files changed, 1 insertions, 99 deletions
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 6cf43ac1a00..1680d4d37dc 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -23,11 +23,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshconnect2.c,v 1.121 2003/08/22 10:56:09 markus Exp $"); - -#ifdef KRB5 -#include <krb5.h> -#endif +RCSID("$OpenBSD: sshconnect2.c,v 1.122 2003/08/22 13:20:03 markus Exp $"); #include "ssh.h" #include "ssh2.h" @@ -233,12 +229,6 @@ Authmethod authmethods[] = { userauth_hostbased, &options.hostbased_authentication, NULL}, -#if KRB5 - {"kerberos-2@ssh.com", - userauth_kerberos, - &options.kerberos_authentication, - NULL}, -#endif {"publickey", userauth_pubkey, &options.pubkey_authentication, @@ -1368,94 +1358,6 @@ userauth_hostbased(Authctxt *authctxt) return 1; } -#if KRB5 -static int -ssh_krb5_helper(krb5_data *ap) -{ - krb5_context xcontext = NULL; /* XXX share with ssh1 */ - krb5_auth_context xauth_context = NULL; - - krb5_context *context; - krb5_auth_context *auth_context; - krb5_error_code problem; - const char *tkfile; - struct stat buf; - krb5_ccache ccache = NULL; - const char *remotehost; - int ret; - - memset(ap, 0, sizeof(*ap)); - - context = &xcontext; - auth_context = &xauth_context; - - problem = krb5_init_context(context); - if (problem) { - debug("Kerberos v5: krb5_init_context failed"); - ret = 0; - goto out; - } - - tkfile = krb5_cc_default_name(*context); - if (strncmp(tkfile, "FILE:", 5) == 0) - tkfile += 5; - - if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) { - debug("Kerberos v5: could not get default ccache (permission denied)."); - ret = 0; - goto out; - } - - problem = krb5_cc_default(*context, &ccache); - if (problem) { - debug("Kerberos v5: krb5_cc_default failed: %s", - krb5_get_err_text(*context, problem)); - ret = 0; - goto out; - } - - remotehost = get_canonical_hostname(1); - - problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED, - "host", remotehost, NULL, ccache, ap); - if (problem) { - debug("Kerberos v5: krb5_mk_req failed: %s", - krb5_get_err_text(*context, problem)); - ret = 0; - goto out; - } - ret = 1; - - out: - if (ccache != NULL) - krb5_cc_close(*context, ccache); - if (*auth_context) - krb5_auth_con_free(*context, *auth_context); - if (*context) - krb5_free_context(*context); - return (ret); -} - -int -userauth_kerberos(Authctxt *authctxt) -{ - krb5_data ap; - - if (ssh_krb5_helper(&ap) == 0) - return (0); - - packet_start(SSH2_MSG_USERAUTH_REQUEST); - packet_put_cstring(authctxt->server_user); - packet_put_cstring(authctxt->service); - packet_put_cstring(authctxt->method->name); - packet_put_string(ap.data, ap.length); - packet_send(); - - krb5_data_free(&ap); - return (1); -} -#endif - /* find auth method */ /* |