2 files changed, 5 insertions, 107 deletions
diff --git a/ChangeLog b/ChangeLog
index 042334b01..3c32afb87 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,9 @@
     ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
     support GSS API user authentication; patches from Simon Wilkinson,
     stripped down and tested by Jakob and myself.
+   - markus@cvs.openbsd.org 2003/08/22 13:20:03
+     [sshconnect2.c]
+     remove support for "kerberos-2@ssh.com"
 - (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h
   configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
   sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
@@ -885,4 +888,4 @@
 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
   Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.2908 2003/08/26 01:58:16 dtucker Exp $
+$Id: ChangeLog,v 1.2909 2003/08/26 02:04:31 dtucker Exp $
diff --git a/sshconnect2.c b/sshconnect2.c
index 549853907..558a0a749 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -23,11 +23,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshconnect2.c,v 1.121 2003/08/22 10:56:09 markus Exp $");
+RCSID("$OpenBSD: sshconnect2.c,v 1.122 2003/08/22 13:20:03 markus Exp $");
-#ifdef KRB5
-#include <krb5.h>
-#endif
 #include "openbsd-compat/sys-queue.h"
@@ -235,12 +231,6 @@ Authmethod authmethods[] = {
                userauth_hostbased,
                &options.hostbased_authentication,
                NULL},
-#if KRB5
-        {"kerberos-2@ssh.com",
-                userauth_kerberos,
-                &options.kerberos_authentication,
-                NULL},
-#endif
        {"publickey",
                userauth_pubkey,
                &options.pubkey_authentication,
@@ -1370,101 +1360,6 @@ userauth_hostbased(Authctxt *authctxt)
        return 1;
 }
-#if KRB5
-static int
-ssh_krb5_helper(krb5_data *ap, krb5_context *context)
-{
-        krb5_context xcontext = NULL;   /* XXX share with ssh1 */
-        krb5_auth_context xauth_context = NULL;
-        krb5_auth_context *auth_context;
-        krb5_error_code problem;
-        const char *tkfile;
-        struct stat buf;
-        krb5_ccache ccache = NULL;
-        const char *remotehost;
-        int ret;
-        memset(ap, 0, sizeof(*ap));
-        context = &xcontext;
-        auth_context = &xauth_context;
-        problem = krb5_init_context(context);
-        if (problem) {
-                debug("Kerberos v5: krb5_init_context failed");
-                ret = 0;
-                goto out;
-        }
-        tkfile = krb5_cc_default_name(*context);
-        if (strncmp(tkfile, "FILE:", 5) == 0)
-                tkfile += 5;
-        if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) {
-                debug("Kerberos v5: could not get default ccache (permission denied).");
-                ret = 0;
-                goto out;
-        }
-        problem = krb5_cc_default(*context, &ccache);
-        if (problem) {
-                debug("Kerberos v5: krb5_cc_default failed: %s",
-                    krb5_get_err_text(*context, problem));
-                ret = 0;
-                goto out;
-        }
-        remotehost = get_canonical_hostname(1);
-        problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED,
-            "host", remotehost, NULL, ccache, ap);
-        if (problem) {
-                debug("Kerberos v5: krb5_mk_req failed: %s",
-                    krb5_get_err_text(*context, problem));
-                ret = 0;
-                goto out;
-        }
-        ret = 1;
- out:
-        if (ccache != NULL)
-                krb5_cc_close(*context, ccache);
-        if (*auth_context)
-                krb5_auth_con_free(*context, *auth_context);
-        return (ret);
-}
-int
-userauth_kerberos(Authctxt *authctxt)
-{
-        krb5_data ap;
-        krb5_context *context;
-        int ret = 0;
-        if (ssh_krb5_helper(&ap, context) == 0)
-                goto out;
-        packet_start(SSH2_MSG_USERAUTH_REQUEST);
-        packet_put_cstring(authctxt->server_user);
-        packet_put_cstring(authctxt->service);
-        packet_put_cstring(authctxt->method->name);
-        packet_put_string(ap.data, ap.length);
-        packet_send();
-#ifdef HEIMDAL
-        krb5_data_free(&ap);
-#else
-        krb5_free_data_contents(*context, &ap);
-#endif
-        ret = 1;
-out:
-        if (*context)
-                krb5_free_context(*context);
-        return ret;
-}
-#endif
 /* find auth method */
 /*

diff --git a/ChangeLog b/ChangeLog index 042334b01..3c32afb87 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -10,6 +10,9 @@
10	ssh_config.5 sshconnect2.c sshd_config sshd_config.5]	10	ssh_config.5 sshconnect2.c sshd_config sshd_config.5]
11	support GSS API user authentication; patches from Simon Wilkinson,	11	support GSS API user authentication; patches from Simon Wilkinson,
12	stripped down and tested by Jakob and myself.	12	stripped down and tested by Jakob and myself.
		13	- markus@cvs.openbsd.org 2003/08/22 13:20:03
		14	[sshconnect2.c]
		15	remove support for "kerberos-2@ssh.com"
13	- (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h	16	- (dtucker) [Makefile.in acconfig.h auth-krb5.c auth-pam.c auth-pam.h
14	configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c	17	configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c
15	sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.	18	sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson.
@@ -885,4 +888,4 @@
885	- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.	888	- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
886	Report from murple@murple.net, diagnosis from dtucker@zip.com.au	889	Report from murple@murple.net, diagnosis from dtucker@zip.com.au
887		890
888	$Id: ChangeLog,v 1.2908 2003/08/26 01:58:16 dtucker Exp $	891	$Id: ChangeLog,v 1.2909 2003/08/26 02:04:31 dtucker Exp $


diff --git a/sshconnect2.c b/sshconnect2.c index 549853907..558a0a749 100644 --- a/sshconnect2.c +++ b/sshconnect2.c
@@ -23,11 +23,7 @@
23	*/	23	*/
24		24
25	#include "includes.h"	25	#include "includes.h"
26	RCSID("$OpenBSD: sshconnect2.c,v 1.121 2003/08/22 10:56:09 markus Exp $");	26	RCSID("$OpenBSD: sshconnect2.c,v 1.122 2003/08/22 13:20:03 markus Exp $");
27
28	#ifdef KRB5
29	#include <krb5.h>
30	#endif
31		27
32	#include "openbsd-compat/sys-queue.h"	28	#include "openbsd-compat/sys-queue.h"
33		29
@@ -235,12 +231,6 @@ Authmethod authmethods[] = {
235	userauth_hostbased,	231	userauth_hostbased,
236	&options.hostbased_authentication,	232	&options.hostbased_authentication,
237	NULL},	233	NULL},
238	#if KRB5
239	{"kerberos-2@ssh.com",
240	userauth_kerberos,
241	&options.kerberos_authentication,
242	NULL},
243	#endif
244	{"publickey",	234	{"publickey",
245	userauth_pubkey,	235	userauth_pubkey,
246	&options.pubkey_authentication,	236	&options.pubkey_authentication,
@@ -1370,101 +1360,6 @@ userauth_hostbased(Authctxt *authctxt)
1370	return 1;	1360	return 1;
1371	}	1361	}
1372		1362
1373	#if KRB5
1374	static int
1375	ssh_krb5_helper(krb5_data ap, krb5_context context)
1376	{
1377	krb5_context xcontext = NULL; /* XXX share with ssh1 */
1378	krb5_auth_context xauth_context = NULL;
1379	krb5_auth_context *auth_context;
1380	krb5_error_code problem;
1381	const char *tkfile;
1382	struct stat buf;
1383	krb5_ccache ccache = NULL;
1384	const char *remotehost;
1385	int ret;
1386
1387	memset(ap, 0, sizeof(*ap));
1388
1389	context = &xcontext;
1390	auth_context = &xauth_context;
1391
1392	problem = krb5_init_context(context);
1393	if (problem) {
1394	debug("Kerberos v5: krb5_init_context failed");
1395	ret = 0;
1396	goto out;
1397	}
1398
1399	tkfile = krb5_cc_default_name(*context);
1400	if (strncmp(tkfile, "FILE:", 5) == 0)
1401	tkfile += 5;
1402
1403	if (stat(tkfile, &buf) == 0 && getuid() != buf.st_uid) {
1404	debug("Kerberos v5: could not get default ccache (permission denied).");
1405	ret = 0;
1406	goto out;
1407	}
1408
1409	problem = krb5_cc_default(*context, &ccache);
1410	if (problem) {
1411	debug("Kerberos v5: krb5_cc_default failed: %s",
1412	krb5_get_err_text(*context, problem));
1413	ret = 0;
1414	goto out;
1415	}
1416
1417	remotehost = get_canonical_hostname(1);
1418
1419	problem = krb5_mk_req(*context, auth_context, AP_OPTS_MUTUAL_REQUIRED,
1420	"host", remotehost, NULL, ccache, ap);
1421	if (problem) {
1422	debug("Kerberos v5: krb5_mk_req failed: %s",
1423	krb5_get_err_text(*context, problem));
1424	ret = 0;
1425	goto out;
1426	}
1427	ret = 1;
1428
1429	out:
1430	if (ccache != NULL)
1431	krb5_cc_close(*context, ccache);
1432	if (*auth_context)
1433	krb5_auth_con_free(context, auth_context);
1434	return (ret);
1435	}
1436
1437	int
1438	userauth_kerberos(Authctxt *authctxt)
1439	{
1440	krb5_data ap;
1441	krb5_context *context;
1442	int ret = 0;
1443
1444	if (ssh_krb5_helper(&ap, context) == 0)
1445	goto out;
1446
1447	packet_start(SSH2_MSG_USERAUTH_REQUEST);
1448	packet_put_cstring(authctxt->server_user);
1449	packet_put_cstring(authctxt->service);
1450	packet_put_cstring(authctxt->method->name);
1451	packet_put_string(ap.data, ap.length);
1452	packet_send();
1453
1454	#ifdef HEIMDAL
1455	krb5_data_free(&ap);
1456	#else
1457	krb5_free_data_contents(*context, &ap);
1458	#endif
1459	ret = 1;
1460
1461	out:
1462	if (*context)
1463	krb5_free_context(*context);
1464	return ret;
1465	}
1466	#endif
1467
1468	/* find auth method */	1363	/* find auth method */
1469		1364
1470	/*	1365	/*