diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2001-07-04 04:21:14 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-07-04 04:21:14 +0000 |
| commit | ec95ed9b4ca014643a0272f6fa5b24ac9c70d263 (patch) | |
| tree | 91a5c1b319337e52f7cc80742eda081f6dbfd6c2 /sshd.c | |
| parent | b4c774cf8878d9100fde92ff4e938671c3b0301b (diff) | |
- dugsong@cvs.openbsd.org 2001/06/26 16:15:25
[auth1.c auth.h auth-krb4.c auth-passwd.c readconf.c readconf.h
servconf.c servconf.h session.c sshconnect1.c sshd.c]
Kerberos v5 support for SSH1, mostly from Assar Westerlund
<assar@freebsd.org> and Bjorn Gronvall <bg@sics.se>. markus@ ok
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 19 |
1 files changed, 7 insertions, 12 deletions
| @@ -40,7 +40,7 @@ | |||
| 40 | */ | 40 | */ |
| 41 | 41 | ||
| 42 | #include "includes.h" | 42 | #include "includes.h" |
| 43 | RCSID("$OpenBSD: sshd.c,v 1.201 2001/06/23 19:12:43 markus Exp $"); | 43 | RCSID("$OpenBSD: sshd.c,v 1.202 2001/06/26 16:15:25 dugsong Exp $"); |
| 44 | 44 | ||
| 45 | #include <openssl/dh.h> | 45 | #include <openssl/dh.h> |
| 46 | #include <openssl/bn.h> | 46 | #include <openssl/bn.h> |
| @@ -1160,13 +1160,13 @@ main(int ac, char **av) | |||
| 1160 | "originating port not trusted."); | 1160 | "originating port not trusted."); |
| 1161 | options.rhosts_authentication = 0; | 1161 | options.rhosts_authentication = 0; |
| 1162 | } | 1162 | } |
| 1163 | #ifdef KRB4 | 1163 | #if defined(KRB4) && !defined(KRB5) |
| 1164 | if (!packet_connection_is_ipv4() && | 1164 | if (!packet_connection_is_ipv4() && |
| 1165 | options.kerberos_authentication) { | 1165 | options.kerberos_authentication) { |
| 1166 | debug("Kerberos Authentication disabled, only available for IPv4."); | 1166 | debug("Kerberos Authentication disabled, only available for IPv4."); |
| 1167 | options.kerberos_authentication = 0; | 1167 | options.kerberos_authentication = 0; |
| 1168 | } | 1168 | } |
| 1169 | #endif /* KRB4 */ | 1169 | #endif /* KRB4 && !KRB5 */ |
| 1170 | #ifdef AFS | 1170 | #ifdef AFS |
| 1171 | /* If machine has AFS, set process authentication group. */ | 1171 | /* If machine has AFS, set process authentication group. */ |
| 1172 | if (k_hasafs()) { | 1172 | if (k_hasafs()) { |
| @@ -1186,13 +1186,6 @@ main(int ac, char **av) | |||
| 1186 | do_ssh1_kex(); | 1186 | do_ssh1_kex(); |
| 1187 | do_authentication(); | 1187 | do_authentication(); |
| 1188 | } | 1188 | } |
| 1189 | |||
| 1190 | #ifdef KRB4 | ||
| 1191 | /* Cleanup user's ticket cache file. */ | ||
| 1192 | if (options.kerberos_ticket_cleanup) | ||
| 1193 | (void) dest_tkt(); | ||
| 1194 | #endif /* KRB4 */ | ||
| 1195 | |||
| 1196 | /* The connection has been terminated. */ | 1189 | /* The connection has been terminated. */ |
| 1197 | verbose("Closing connection to %.100s", remote_ip); | 1190 | verbose("Closing connection to %.100s", remote_ip); |
| 1198 | 1191 | ||
| @@ -1268,13 +1261,15 @@ do_ssh1_kex(void) | |||
| 1268 | auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA; | 1261 | auth_mask |= 1 << SSH_AUTH_RHOSTS_RSA; |
| 1269 | if (options.rsa_authentication) | 1262 | if (options.rsa_authentication) |
| 1270 | auth_mask |= 1 << SSH_AUTH_RSA; | 1263 | auth_mask |= 1 << SSH_AUTH_RSA; |
| 1271 | #ifdef KRB4 | 1264 | #if defined(KRB4) || defined(KRB5) |
| 1272 | if (options.kerberos_authentication) | 1265 | if (options.kerberos_authentication) |
| 1273 | auth_mask |= 1 << SSH_AUTH_KERBEROS; | 1266 | auth_mask |= 1 << SSH_AUTH_KERBEROS; |
| 1274 | #endif | 1267 | #endif |
| 1275 | #ifdef AFS | 1268 | #if defined(AFS) || defined(KRB5) |
| 1276 | if (options.kerberos_tgt_passing) | 1269 | if (options.kerberos_tgt_passing) |
| 1277 | auth_mask |= 1 << SSH_PASS_KERBEROS_TGT; | 1270 | auth_mask |= 1 << SSH_PASS_KERBEROS_TGT; |
| 1271 | #endif | ||
| 1272 | #ifdef AFS | ||
| 1278 | if (options.afs_token_passing) | 1273 | if (options.afs_token_passing) |
| 1279 | auth_mask |= 1 << SSH_PASS_AFS_TOKEN; | 1274 | auth_mask |= 1 << SSH_PASS_AFS_TOKEN; |
| 1280 | #endif | 1275 | #endif |