summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/sshconnect2.c
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2003-08-22 13:20:04 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2003-08-22 13:20:04 +0000
commitb1c7e4abb19963bd133795ce25ac05febc347139 (patch)
tree5b99006c885d58e6b9f36295068c596de3e98f14 /usr.bin/ssh/sshconnect2.c
parentcfd592f5faad574e259b5cafea01226e4e039d2b (diff)
remove support for "kerberos-2@ssh.com"
Diffstat (limited to 'usr.bin/ssh/sshconnect2.c')
-rw-r--r--usr.bin/ssh/sshconnect2.c100
1 files changed, 1 insertions, 99 deletions
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index 6cf43ac1a00..1680d4d37dc 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -23,11 +23,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.121 2003/08/22 10:56:09 markus Exp $");
-
-#ifdef KRB5
-#include <krb5.h>
-#endif
+RCSID("$OpenBSD: sshconnect2.c,v 1.122 2003/08/22 13:20:03 markus Exp $");
#include "ssh.h"
#include "ssh2.h"
@@ -233,12 +229,6 @@ Authmethod authmethods[] = {
userauth_hostbased,
&options.hostbased_authentication,
NULL},
-#if KRB5
- {"kerberos-2@ssh.com",
- userauth_kerberos,
- &options.kerberos_authentication,
- NULL},
-#endif
{"publickey",
userauth_pubkey,
&options.pubkey_authentication,
@@ -1368,94 +1358,6 @@ userauth_hostbased(Authctxt *authctxt)
return 1;
}
-#if KRB5
-static int
-ssh_krb5_helper(krb5_data *ap)
-{
- krb5_context xcontext = NULL; /* XXX share with ssh1 */
- krb5_auth_context xauth_context = NULL;
-
- krb5_context *context;
- krb5_auth_context *auth_context;
- krb5_error_code problem;
- const char *tkfile;
- struct stat buf;
- krb5_ccache ccache = NULL;
- const char *remotehost;
- int ret;
-
- memset(ap, 0, sizeof(*ap));
-
- context = &xcontext;
- auth_context = &xauth_context;
-
- problem = krb5_init_context(context);
- if (problem) {
- debug("Kerberos v5: krb5_init_context failed");
- ret = 0;
- goto out;
- }
-
- tkfile = krb5_cc_default_name(*context);
- if (strncmp(tkfile, "FILE:", 5) == 0)
- tkfile += 5;
-
- if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) {
- debug("Kerberos v5: could not get default ccache (permission denied).");
- ret = 0;
- goto out;
- }
-
- problem = krb5_cc_default(*context, &ccache);
- if (problem) {
- debug("Kerberos v5: krb5_cc_default failed: %s",
- krb5_get_err_text(*context, problem));
- ret = 0;
- goto out;
- }
-
- remotehost = get_canonical_hostname(1);
-
- problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED,
- "host", remotehost, NULL, ccache, ap);
- if (problem) {
- debug("Kerberos v5: krb5_mk_req failed: %s",
- krb5_get_err_text(*context, problem));
- ret = 0;
- goto out;
- }
- ret = 1;
-
- out:
- if (ccache != NULL)
- krb5_cc_close(*context, ccache);
- if (*auth_context)
- krb5_auth_con_free(*context, *auth_context);
- if (*context)
- krb5_free_context(*context);
- return (ret);
-}
-
-int
-userauth_kerberos(Authctxt *authctxt)
-{
- krb5_data ap;
-
- if (ssh_krb5_helper(&ap) == 0)
- return (0);
-
- packet_start(SSH2_MSG_USERAUTH_REQUEST);
- packet_put_cstring(authctxt->server_user);
- packet_put_cstring(authctxt->service);
- packet_put_cstring(authctxt->method->name);
- packet_put_string(ap.data, ap.length);
- packet_send();
-
- krb5_data_free(&ap);
- return (1);
-}
-#endif
-
/* find auth method */
/*