- markus@cvs.openbsd.org 2003/08/28 12:54:34

[auth-krb5.c auth.h auth1.c monitor.c monitor.h monitor_wrap.c] [monitor_wrap.h readconf.c servconf.c session.c ssh_config.5] [sshconnect1.c sshd.c sshd_config sshd_config.5] remove kerberos support from ssh1, since it has been replaced with GSSAPI; but keep kerberos passwd auth for ssh1 and 2; ok djm, hin, henning, ...
author: Damien Miller <djm@mindrot.org> 2003-09-02 22:51:17 +1000
committer: Damien Miller <djm@mindrot.org> 2003-09-02 22:51:17 +1000
commit: 1a0c0b96219b037865d624079a81ab7d88bbccc1 (patch)
tree: ad24303a17d1f49c98b66d5bfe014103019411af /auth1.c
parent: 55c47edc81accd3118fc0fda2c37765631c0aef0 (diff)
1 files changed, 1 insertions, 56 deletions
diff --git a/auth1.c b/auth1.c
index d8b5836ba..5b1922a11 100644
--- a/auth1.c
+++ b/auth1.c
@@ -10,7 +10,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: auth1.c,v 1.50 2003/08/13 08:46:30 markus Exp $");
+RCSID("$OpenBSD: auth1.c,v 1.52 2003/08/28 12:54:34 markus Exp $");
 #include "xmalloc.h"
 #include "rsa.h"
@@ -49,10 +49,6 @@ get_authname(int type)
        case SSH_CMSG_AUTH_TIS:
        case SSH_CMSG_AUTH_TIS_RESPONSE:
                return "challenge-response";
-#ifdef KRB5
-        case SSH_CMSG_AUTH_KERBEROS:
-                return "kerberos";
-#endif
        }
        snprintf(buf, sizeof buf, "bad-auth-msg-%d", type);
        return buf;
@@ -119,47 +115,6 @@ do_authloop(Authctxt *authctxt)
                /* Process the packet. */
                switch (type) {
-#ifdef KRB5
-                case SSH_CMSG_AUTH_KERBEROS:
-                        if (!options.kerberos_authentication) {
-                                verbose("Kerberos authentication disabled.");
-                        } else {
-                                char *kdata = packet_get_string(&dlen);
-                                packet_check_eom();
-                                if (kdata[0] != 4) { /* KRB_PROT_VERSION */
-                                        krb5_data tkt, reply;
-                                        tkt.length = dlen;
-                                        tkt.data = kdata;
-                                        if (PRIVSEP(auth_krb5(authctxt, &tkt,
-                                            &client_user, &reply))) {
-                                                authenticated = 1;
-                                                snprintf(info, sizeof(info),
-                                                    " tktuser %.100s",
-                                                    client_user);
-                                                /* Send response to client */
-                                                packet_start(
-                                                    SSH_SMSG_AUTH_KERBEROS_RESPONSE);
-                                                packet_put_string((char *)
-                                                    reply.data, reply.length);
-                                                packet_send();
-                                                packet_write_wait();
-                                                if (reply.length)
-                                                        xfree(reply.data);
-                                        }
-                                }
-                                xfree(kdata);
-                        }
-                        break;
-                case SSH_CMSG_HAVE_KERBEROS_TGT:
-                        packet_send_debug("Kerberos TGT passing disabled before authentication.");
-                        break;
-#endif
                case SSH_CMSG_AUTH_RHOSTS_RSA:
                        if (!options.rhosts_rsa_authentication) {
                                verbose("Rhosts with RSA authentication disabled.");
@@ -337,16 +292,6 @@ do_authentication(void)
        if ((style = strchr(user, ':')) != NULL)
                *style++ = '\0';
-#ifdef KRB5
-        /* XXX - SSH.com Kerberos v5 braindeath. */
-        if ((datafellows & SSH_BUG_K5USER) &&
-            options.kerberos_authentication) {
-                char *p;
-                if ((p = strchr(user, '@')) != NULL)
-                        *p = '\0';
-        }
-#endif
        authctxt = authctxt_new();
        authctxt->user = user;
        authctxt->style = style;
author	Damien Miller <djm@mindrot.org>	2003-09-02 22:51:17 +1000
committer	Damien Miller <djm@mindrot.org>	2003-09-02 22:51:17 +1000
commit	1a0c0b96219b037865d624079a81ab7d88bbccc1 (patch)
tree	ad24303a17d1f49c98b66d5bfe014103019411af /auth1.c
parent	55c47edc81accd3118fc0fda2c37765631c0aef0 (diff)

diff --git a/auth1.c b/auth1.c index d8b5836ba..5b1922a11 100644 --- a/auth1.c +++ b/auth1.c
@@ -10,7 +10,7 @@
10	*/	10	*/
11		11
12	#include "includes.h"	12	#include "includes.h"
13	RCSID("$OpenBSD: auth1.c,v 1.50 2003/08/13 08:46:30 markus Exp $");	13	RCSID("$OpenBSD: auth1.c,v 1.52 2003/08/28 12:54:34 markus Exp $");
14		14
15	#include "xmalloc.h"	15	#include "xmalloc.h"
16	#include "rsa.h"	16	#include "rsa.h"
@@ -49,10 +49,6 @@ get_authname(int type)
49	case SSH_CMSG_AUTH_TIS:	49	case SSH_CMSG_AUTH_TIS:
50	case SSH_CMSG_AUTH_TIS_RESPONSE:	50	case SSH_CMSG_AUTH_TIS_RESPONSE:
51	return "challenge-response";	51	return "challenge-response";
52	#ifdef KRB5
53	case SSH_CMSG_AUTH_KERBEROS:
54	return "kerberos";
55	#endif
56	}	52	}
57	snprintf(buf, sizeof buf, "bad-auth-msg-%d", type);	53	snprintf(buf, sizeof buf, "bad-auth-msg-%d", type);
58	return buf;	54	return buf;
@@ -119,47 +115,6 @@ do_authloop(Authctxt *authctxt)
119		115
120	/* Process the packet. */	116	/* Process the packet. */
121	switch (type) {	117	switch (type) {
122
123	#ifdef KRB5
124	case SSH_CMSG_AUTH_KERBEROS:
125	if (!options.kerberos_authentication) {
126	verbose("Kerberos authentication disabled.");
127	} else {
128	char *kdata = packet_get_string(&dlen);
129	packet_check_eom();
130
131	if (kdata[0] != 4) { /* KRB_PROT_VERSION */
132	krb5_data tkt, reply;
133	tkt.length = dlen;
134	tkt.data = kdata;
135
136	if (PRIVSEP(auth_krb5(authctxt, &tkt,
137	&client_user, &reply))) {
138	authenticated = 1;
139	snprintf(info, sizeof(info),
140	" tktuser %.100s",
141	client_user);
142
143	/* Send response to client */
144	packet_start(
145	SSH_SMSG_AUTH_KERBEROS_RESPONSE);
146	packet_put_string((char *)
147	reply.data, reply.length);
148	packet_send();
149	packet_write_wait();
150
151	if (reply.length)
152	xfree(reply.data);
153	}
154	}
155	xfree(kdata);
156	}
157	break;
158	case SSH_CMSG_HAVE_KERBEROS_TGT:
159	packet_send_debug("Kerberos TGT passing disabled before authentication.");
160	break;
161	#endif
162
163	case SSH_CMSG_AUTH_RHOSTS_RSA:	118	case SSH_CMSG_AUTH_RHOSTS_RSA:
164	if (!options.rhosts_rsa_authentication) {	119	if (!options.rhosts_rsa_authentication) {
165	verbose("Rhosts with RSA authentication disabled.");	120	verbose("Rhosts with RSA authentication disabled.");
@@ -337,16 +292,6 @@ do_authentication(void)
337	if ((style = strchr(user, ':')) != NULL)	292	if ((style = strchr(user, ':')) != NULL)
338	*style++ = '\0';	293	*style++ = '\0';
339		294
340	#ifdef KRB5
341	/* XXX - SSH.com Kerberos v5 braindeath. */
342	if ((datafellows & SSH_BUG_K5USER) &&
343	options.kerberos_authentication) {
344	char *p;
345	if ((p = strchr(user, '@')) != NULL)
346	*p = '\0';
347	}
348	#endif
349
350	authctxt = authctxt_new();	295	authctxt = authctxt_new();
351	authctxt->user = user;	296	authctxt->user = user;
352	authctxt->style = style;	297	authctxt->style = style;