From 2ef7560359a4a8dc4df549aa484cd0c696417cee Mon Sep 17 00:00:00 2001 From: Thorsten Lockert Date: Mon, 29 Jan 1996 19:18:50 +0000 Subject: Make it work for multi-homed servers by default; remove need for krb.equiv --- kerberosIV/krb/Makefile | 2 +- kerberosIV/krb/krb_equiv.c | 80 ---------------------------------------------- kerberosIV/krb/rd_priv.c | 3 -- kerberosIV/krb/rd_req.c | 2 -- kerberosIV/krb/rd_safe.c | 3 -- 5 files changed, 1 insertion(+), 89 deletions(-) delete mode 100644 kerberosIV/krb/krb_equiv.c (limited to 'kerberosIV/krb') diff --git a/kerberosIV/krb/Makefile b/kerberosIV/krb/Makefile index 80fc074bfae..260bc68c811 100644 --- a/kerberosIV/krb/Makefile +++ b/kerberosIV/krb/Makefile @@ -8,7 +8,7 @@ SRCS= cr_err_reply.c create_auth_reply.c create_ciph.c \ get_cred.c get_in_tkt.c get_krbhst.c get_krbrlm.c get_phost.c \ get_pw_tkt.c get_request.c get_svc_in_tkt.c get_tf_fullname.c \ get_tf_realm.c getrealm.c getst.c in_tkt.c k_localtime.c klog.c \ - kname_parse.c kntoln.c kparse.c krb_equiv.c krb_err.c krb_err_txt.c \ + kname_parse.c kntoln.c kparse.c krb_err.c krb_err_txt.c \ krb_get_in_tkt.c kuserok.c lifetime.c log.c mk_err.c mk_priv.c \ mk_req.c mk_safe.c month_sname.c netread.c netwrite.c one.c \ pkt_cipher.c pkt_clen.c rd_err.c rd_priv.c rd_req.c rd_safe.c \ diff --git a/kerberosIV/krb/krb_equiv.c b/kerberosIV/krb/krb_equiv.c deleted file mode 100644 index 0cc13a61a84..00000000000 --- a/kerberosIV/krb/krb_equiv.c +++ /dev/null @@ -1,80 +0,0 @@ -/* - * int krb_equiv(u_int32_t ipaddr_a, u_int32_t ipaddr_b); - * - * Given two IP adresses return true if they match - * or are considered to belong to the same host. - * - * For example if /etc/krb.equiv looks like - * - * 130.237.223.3 192.16.126.3 # alv alv1 - * 130.237.223.4 192.16.126.4 # byse byse1 - * 130.237.228.152 192.16.126.9 # topsy topsy1 - * - * krb_equiv(alv, alv1) would return true but - * krb_equiv(alv, byse1) would not. - * - * A comment starts with an '#' and ends with '\n'. - * - */ -#include "krb_locl.h" - -int -krb_equiv(a, b) - u_int32_t a; - u_int32_t b; -{ -#ifdef NO_IPADDR_CHECK - return 1; -#else - - FILE *fil; - int result = 0; - char line[256]; - - if (a == b) /* trivial match */ - return 1; - - fil = fopen(KRB_EQUIV, "r"); - if (fil == NULL) /* open failed */ - return 0; - - while (fgets(line, sizeof(line)-1, fil) != NULL) /* for each line */ - { - int hit_a = 0, hit_b = 0; - char *t = line; - - /* for each item on this line */ - while (*t != 0) /* more addresses on this line? */ - if (*t == '#') /* rest is comment */ - *t = 0; - else if (isspace(*t)) /* skip space */ - t++; - else if (isdigit(*t)) /* an address? */ - { - u_int32_t tmp = inet_addr(t); - if (tmp == -1) - ; /* not an address (or broadcast) */ - else if (tmp == a) - hit_a = 1; - else if (tmp == b) - hit_b = 1; - - while (*t == '.' || isdigit(*t)) /* done with this address */ - t++; - } - else - *t = 0; /* garbage on this line, skip it */ - - /* line is now parsed, if we found 2 matches were done */ - if (hit_a && hit_b) - { - result = 1; - goto done; - } - } - - done: - fclose(fil); - return result; -#endif /* !NO_IPADDR_CHECK */ -} diff --git a/kerberosIV/krb/rd_priv.c b/kerberosIV/krb/rd_priv.c index 25906e567a6..be52843cb95 100644 --- a/kerberosIV/krb/rd_priv.c +++ b/kerberosIV/krb/rd_priv.c @@ -154,9 +154,6 @@ krb_rd_priv(in, in_length, schedule, key, sender, receiver, m_data) /* don't swap, net order always */ p += sizeof(src_addr); - if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) - return RD_AP_MODIFIED; - /* safely get time_sec */ bcopy((char *) p, (char *)&(m_data->time_sec), sizeof(m_data->time_sec)); diff --git a/kerberosIV/krb/rd_req.c b/kerberosIV/krb/rd_req.c index c6128b11cf5..b1875f34198 100644 --- a/kerberosIV/krb/rd_req.c +++ b/kerberosIV/krb/rd_req.c @@ -311,8 +311,6 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn) if (krb_ap_req_debug) log("Address: %d %d",ad->address,from_addr); - if (from_addr && (!krb_equiv(ad->address, from_addr))) - return(RD_AP_BADD); (void) gettimeofday(&t_local,(struct timezone *) 0); delta_t = abs((int)(t_local.tv_sec - r_time_sec)); diff --git a/kerberosIV/krb/rd_safe.c b/kerberosIV/krb/rd_safe.c index a7ea1ff2043..5d868fa1459 100644 --- a/kerberosIV/krb/rd_safe.c +++ b/kerberosIV/krb/rd_safe.c @@ -132,9 +132,6 @@ krb_rd_safe protocol err sizeof(src_addr) != sizeof(struct in_addr)"); /* don't swap, net order always */ p += sizeof(src_addr); - if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) - return RD_AP_MODIFIED; - /* safely get time_sec */ bcopy((char *)p, (char *)&(m_data->time_sec), sizeof(m_data->time_sec)); -- cgit v1.2.3