Dekerberise. The corresponding userland stuff has been dekerberised

for ages, and no-one seems to have noticed. Viva PAM!
svn path=/head/; revision=105269
2025-01-29 16:44:03 +00:00 · 2002-10-16 16:10:46 +00:00 · 2002-10-16 16:10:46 +00:00 · d8456c7ada · 2020-12-20 02:59:44 +00:00
commit d8456c7ada
parent 31f3117741
5 changed files with 13 additions and 341 deletions
--- a/bin/rcp/Makefile
+++ b/bin/rcp/Makefile
@ -5,20 +5,6 @@ PROG=	rcp
 SRCS=	rcp.c util.c
 CFLAGS+=-DBINDIR=${BINDIR}

-.if defined(MAKE_KERBEROS4) && !defined(NO_OPENSSL) && !defined(NOCRYPT)
-SRCS+=	krcmd.c kcmd.c rcmd_util.c
-DPADD=	${LIBUTIL} ${LIBKRB} ${LIBCRYPTO}
-CFLAGS+=-DCRYPT -DHAVE_CONFIG_H \
-	-I${.CURDIR}/../../kerberosIV/include \
-	-I${.CURDIR}/../../crypto/kerberosIV/include \
-	-I${.CURDIR}/../../crypto/kerberosIV/lib/roken \
-	-I${.CURDIR}/../../crypto/kerberosIV/appl/bsd \
-	-I${.CURDIR}
-LDADD=	-lutil -lkrb -lcrypto
-DISTRIBUTION=	krb4
-.PATH:	${.CURDIR}/../../crypto/kerberosIV/appl/bsd
-.endif
-
 BINOWN=	root
 BINMODE=4555
 INSTALLFLAGS=-fschg
--- a/bin/rcp/rcp.c
+++ b/bin/rcp/rcp.c
@ -81,26 +81,7 @@ __FBSDID("$FreeBSD$");

 #include "extern.h"

-#ifdef KERBEROS
-#include <openssl/des.h>
-#include <krb.h>
-#include "bsd_locl.h"
-
-char	dst_realm_buf[REALM_SZ];
-char	*dest_realm = NULL;
-int	use_kerberos = 1;
-CREDENTIALS	cred;
-Key_schedule	schedule;
-extern	char	*krb_realmofhost();
-#ifdef CRYPT
-int	doencrypt = 0;
-#define	OPTIONS	"46dfKk:prtx"
-#else
-#define	OPTIONS	"46dfKk:prt"
-#endif
-#else
 #define	OPTIONS "46dfprt"
-#endif

 struct passwd *pwd;
 u_short	port;
@ -115,10 +96,6 @@ static char **argv_copy;
 #define	CMDNEEDS	64
 char cmd[CMDNEEDS];		/* must hold "rcp -r -p -d\0" */

-#ifdef KERBEROS
-int	 kerberos(char **, char *, char *, char *);
-void	 oldw(const char *, ...) __printflike(1, 2);
-#endif
 int	 response(void);
 void	 rsource(char *, struct stat *);
 void	 run_err(const char *, ...) __printflike(1, 2);
@ -134,9 +111,6 @@ main(int argc, char *argv[])
 	struct servent *sp;
 	int ch, fflag, i, tflag;
 	char *targ, *shell;
-#ifdef KERBEROS
-	char *k;
-#endif

 	/*
 	 * Prepare for execing ourselves.
@ -165,24 +139,6 @@ main(int argc, char *argv[])
 			family = PF_INET6;
 			break;

-		case 'K':
-#ifdef KERBEROS
-			use_kerberos = 0;
-#endif
-			break;
-#ifdef	KERBEROS
-		case 'k':
-			dest_realm = dst_realm_buf;
-			(void)strncpy(dst_realm_buf, optarg, REALM_SZ - 1);
-			dst_realm_buf[REALM_SZ - 1] = '\0';
-			break;
-#ifdef CRYPT
-		case 'x':
-			doencrypt = 1;
-			/* des_set_key(cred.session, schedule); */
-			break;
-#endif
-#endif
 		case 'p':
 			pflag = 1;
 			break;
@ -208,26 +164,7 @@ main(int argc, char *argv[])
 	argc -= optind;
 	argv += optind;

-#ifdef KERBEROS
-	k = auth_getval("auth_list");
-	if (k && !strstr(k, "kerberos"))
-	    use_kerberos = 0;
-	if (use_kerberos) {
-#ifdef CRYPT
-		shell = doencrypt ? "ekshell" : "kshell";
-#else
-		shell = "kshell";
-#endif
-		if ((sp = getservbyname(shell, "tcp")) == NULL) {
-			use_kerberos = 0;
-			oldw("can't get entry for %s/tcp service", shell);
-			sp = getservbyname(shell = "shell", "tcp");
-		}
-	} else
-		sp = getservbyname(shell = "shell", "tcp");
-#else
 	sp = getservbyname(shell = "shell", "tcp");
-#endif
 	if (sp == NULL)
 		errx(1, "%s/tcp: unknown service", shell);
 	port = sp->s_port;
@ -257,20 +194,9 @@ main(int argc, char *argv[])

 	rem = -1;
 	/* Command to be executed on remote system using "rsh". */
-#ifdef	KERBEROS
-	(void)snprintf(cmd, sizeof(cmd),
-	    "rcp%s%s%s%s", iamrecursive ? " -r" : "",
-#ifdef CRYPT
-	    (doencrypt && use_kerberos ? " -x" : ""),
-#else
-	    "",
-#endif
-	    pflag ? " -p" : "", targetshouldbedirectory ? " -d" : "");
-#else
 	(void)snprintf(cmd, sizeof(cmd), "rcp%s%s%s",
 	    iamrecursive ? " -r" : "", pflag ? " -p" : "",
 	    targetshouldbedirectory ? " -d" : "");
-#endif

 	(void)signal(SIGPIPE, lostconn);

@ -348,17 +274,10 @@ toremote(char *targ, int argc, char *argv[])
 					err(1, "malloc");
 				(void)snprintf(bp, len, "%s -t %s", cmd, targ);
 				host = thost;
-#ifdef KERBEROS
-				if (use_kerberos)
-					rem = kerberos(&host, bp,
-					    pwd->pw_name,
-					    tuser ? tuser : pwd->pw_name);
-				else
-#endif
-					rem = rcmd_af(&host, port,
-					    pwd->pw_name,
-					    tuser ? tuser : pwd->pw_name,
-					    bp, 0, family);
+				rem = rcmd_af(&host, port,
+				    pwd->pw_name,
+				    tuser ? tuser : pwd->pw_name,
+				    bp, 0, family);
 				if (rem < 0)
 					exit(1);
 				if (family == PF_INET) {
@ -417,12 +336,7 @@ tolocal(int argc, char *argv[])
 		if ((bp = malloc(len)) == NULL)
 			err(1, "malloc");
 		(void)snprintf(bp, len, "%s -f %s", cmd, src);
-		rem =
-#ifdef KERBEROS
-		    use_kerberos ?
-			kerberos(&host, bp, pwd->pw_name, suser) :
-#endif
-			rcmd_af(&host, port, pwd->pw_name, suser, bp, 0,
+		rem = rcmd_af(&host, port, pwd->pw_name, suser, bp, 0,
 			    family);
 		(void)free(bp);
 		if (rem < 0) {
@ -814,44 +728,6 @@ bad:			run_err("%s: %s", np, strerror(errno));
 	exit(1);
 }

-#ifdef KERBEROS
-int
-kerberos(char **host, char *bp, char *locuser, char *user)
-{
-	if (use_kerberos) {
-		setuid(getuid());
-		rem = KSUCCESS;
-		errno = 0;
-		if (dest_realm == NULL)
-			dest_realm = krb_realmofhost(*host);
-		rem =
-#ifdef CRYPT
-		    doencrypt ?
-			krcmd_mutual(host,
-			    port, user, bp, 0, dest_realm, &cred, schedule) :
-#endif
-			krcmd(host, port, user, bp, 0, dest_realm);
-
-		if (rem < 0) {
-			if (errno == ECONNREFUSED)
-			    oldw("remote host doesn't support Kerberos");
-			else if (errno == ENOENT)
-			    oldw("can't provide Kerberos authentication data");
-			execv(_PATH_RCP, argv_copy);
-			err(1, "execv: %s", _PATH_RCP);
-		}
-	} else {
-#ifdef CRYPT
-		if (doencrypt)
-			errx(1,
-			   "the -x option requires Kerberos authentication");
-#endif
-		rem = rcmd_af(host, port, locuser, user, bp, 0, family);
-	}
-	return (rem);
-}
-#endif /* KERBEROS */
-
 int
 response(void)
 {
@ -888,39 +764,14 @@ response(void)
 void
 usage(void)
 {
-#ifdef KERBEROS
-#ifdef CRYPT
-	(void)fprintf(stderr, "%s\n%s\n",
-	    "usage: rcp [-46Kpx] [-k realm] f1 f2",
-	    "       rcp [-46Kprx] [-k realm] f1 ... fn directory");
-#else
-	(void)fprintf(stderr, "%s\n%s\n",
-	    "usage: rcp [-46Kp] [-k realm] f1 f2",
-	    "       rcp [-46Kpr] [-k realm] f1 ... fn directory");
-#endif
-#else
 	(void)fprintf(stderr, "%s\n%s\n",
 	    "usage: rcp [-46p] f1 f2",
 	    "       rcp [-46pr] f1 ... fn directory");
-#endif
 	exit(1);
 }

 #include <stdarg.h>

-#ifdef KERBEROS
-void
-oldw(const char *fmt, ...)
-{
-	va_list ap;
-	va_start(ap, fmt);
-	(void)fprintf(stderr, "rcp: ");
-	(void)vfprintf(stderr, fmt, ap);
-	(void)fprintf(stderr, ", using standard rcp\n");
-	va_end(ap);
-}
-#endif
-
 void
 run_err(const char *fmt, ...)
 {
--- a/bin/rcp/util.c
+++ b/bin/rcp/util.c
@ -33,7 +33,7 @@

 #ifndef lint
 #if 0
-static char sccsid[] = "@(#)util.c	8.2 (Berkeley) 4/2/94";
+static const char sccsid[] = "@(#)util.c	8.2 (Berkeley) 4/2/94";
 #endif
 #endif /* not lint */
 #include <sys/cdefs.h>
--- a/usr.bin/rsh/Makefile
+++ b/usr.bin/rsh/Makefile
@ -5,19 +5,6 @@ PROG=	rsh
 SRCS=	rsh.c
 CFLAGS+=-I${.CURDIR}/../../libexec/rlogind

-.if defined(MAKE_KERBEROS4) && !defined(NO_OPENSSL) && !defined(NOCRYPT)
-SRCS+=	krcmd.c kcmd.c rcmd_util.c
-CFLAGS+=-DKERBEROS -DCRYPT -DHAVE_CONFIG_H -I- \
-	-I${.CURDIR}/../../kerberosIV/include \
-	-I${.CURDIR}/../../crypto/kerberosIV/include \
-	-I${.CURDIR}/../../crypto/kerberosIV/lib/roken \
-	-I${.CURDIR}/../../crypto/kerberosIV/appl/bsd
-DPADD=	${LIBUTIL} ${LIBKRB} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR}
-LDADD=	-lutil -lkrb -lcrypto -lcrypt -lcom_err
-DISTRIBUTION=	krb4
-.PATH:	${.CURDIR}/../../crypto/kerberosIV/appl/bsd
-.endif
-
 BINOWN=	root
 BINMODE=4555
 INSTALLFLAGS=-fschg
--- a/usr.bin/rsh/rsh.c
+++ b/usr.bin/rsh/rsh.c
@ -73,18 +73,6 @@ __FBSDID("$FreeBSD$");
 #include <unistd.h>
 #include <err.h>

-#ifdef KERBEROS
-#include <openssl/des.h>
-#include <krb.h>
-#include "krb.h"
-
-CREDENTIALS cred;
-Key_schedule schedule;
-int use_kerberos = 1, doencrypt;
-char dst_realm_buf[REALM_SZ], *dest_realm;
-extern char *krb_realmofhost();
-#endif
-
 /*
 * rsh - remote shell
 */
@ -110,9 +98,6 @@ main(int argc, char *argv[])
 	uid_t uid;
 	char *args, *host, *p, *user;
 	int timeout = 0;
-#ifdef KERBEROS
-	const char *k;
-#endif

 	argoff = asrsh = dflag = nflag = 0;
 	one = 1;
@ -134,15 +119,7 @@ main(int argc, char *argv[])
 		argoff = 1;
 	}

-#ifdef KERBEROS
-#ifdef CRYPT
-#define	OPTIONS	"468KLde:k:l:nt:wx"
-#else
-#define	OPTIONS	"468KLde:k:l:nt:w"
-#endif
-#else
 #define	OPTIONS	"468KLde:l:nt:w"
-#endif
 	while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1)
 		switch(ch) {
 		case '4':
@ -153,11 +130,6 @@ main(int argc, char *argv[])
 			family = PF_INET6;
 			break;

-		case 'K':
-#ifdef KERBEROS
-			use_kerberos = 0;
-#endif
-			break;
 		case 'L':	/* -8Lew are ignored to allow rlogin aliases */
 		case 'e':
 		case 'w':
@ -169,22 +141,9 @@ main(int argc, char *argv[])
 		case 'l':
 			user = optarg;
 			break;
-#ifdef KERBEROS
-		case 'k':
-			dest_realm = dst_realm_buf;
-			strncpy(dest_realm, optarg, REALM_SZ);
-			break;
-#endif
 		case 'n':
 			nflag = 1;
 			break;
-#ifdef KERBEROS
-#ifdef CRYPT
-		case 'x':
-			doencrypt = 1;
-			break;
-#endif
-#endif
 		case 't':
 			timeout = atoi(optarg);
 			break;
@ -214,80 +173,14 @@ main(int argc, char *argv[])
 	if (!user)
 		user = pw->pw_name;

-#ifdef KERBEROS
-#ifdef CRYPT
-	/* -x turns off -n */
-	if (doencrypt)
-		nflag = 0;
-#endif
-#endif
-
 	args = copyargs(argv);

 	sp = NULL;
-#ifdef KERBEROS
-	k = auth_getval("auth_list");
-	if (k && !strstr(k, "kerberos"))
-	    use_kerberos = 0;
-	if (use_kerberos) {
-		sp = getservbyname((doencrypt ? "ekshell" : "kshell"), "tcp");
-		if (sp == NULL) {
-			use_kerberos = 0;
-			warnx(
-	"warning, using standard rsh: can't get entry for %s/tcp service",
-			    doencrypt ? "ekshell" : "kshell");
-		}
-	}
-#endif
 	if (sp == NULL)
 		sp = getservbyname("shell", "tcp");
 	if (sp == NULL)
 		errx(1, "shell/tcp: unknown service");

-#ifdef KERBEROS
-try_connect:
-	if (use_kerberos) {
-		struct hostent *hp;
-
-		/* fully qualify hostname (needed for krb_realmofhost) */
-		hp = gethostbyname(host);
-		if (hp != NULL && !(host = strdup(hp->h_name)))
-			err(1, NULL);
-
-		rem = KSUCCESS;
-		errno = 0;
-		if (dest_realm == NULL)
-			dest_realm = krb_realmofhost(host);
-
-#ifdef CRYPT
-		if (doencrypt) {
-			rem = krcmd_mutual(&host, sp->s_port, user, args,
-			    &rfd2, dest_realm, &cred, schedule);
-			des_set_key(&cred.session, schedule);
-		} else
-#endif
-			rem = krcmd(&host, sp->s_port, user, args, &rfd2,
-			    dest_realm);
-		if (rem < 0) {
-			use_kerberos = 0;
-			sp = getservbyname("shell", "tcp");
-			if (sp == NULL)
-				errx(1, "shell/tcp: unknown service");
-			if (errno == ECONNREFUSED)
-				warnx(
-		"warning, using standard rsh: remote host doesn't support Kerberos");
-			if (errno == ENOENT)
-				warnx(
-		"warning, using standard rsh: can't provide Kerberos auth data");
-			goto try_connect;
-		}
-	} else {
-		if (doencrypt)
-			errx(1, "the -x flag requires Kerberos authentication");
-		rem = rcmd_af(&host, sp->s_port, pw->pw_name, user, args,
-			      &rfd2, family);
-	}
-#else
 	if (timeout) {
 		signal(SIGALRM, connect_timeout);
 		alarm(timeout);
@ -298,7 +191,6 @@ main(int argc, char *argv[])
 		signal(SIGALRM, SIG_DFL);
 		alarm(0);
 	}
-#endif

 	if (rem < 0)
 		exit(1);
@ -331,15 +223,8 @@ main(int argc, char *argv[])
 	else
 		(void)shutdown(rem, 1);

-#ifdef KERBEROS
-#ifdef CRYPT
-	if (!doencrypt)
-#endif
-#endif
-	{
-		(void)ioctl(rfd2, FIONBIO, &one);
-		(void)ioctl(rem, FIONBIO, &one);
-	}
+	(void)ioctl(rfd2, FIONBIO, &one);
+	(void)ioctl(rem, FIONBIO, &one);

 	talk(nflag, omask, pid, rem, timeout);

@ -379,14 +264,7 @@ reread:		errno = 0;
 		}
 		if (!FD_ISSET(rem, &rembits))
 			goto rewrite;
-#ifdef KERBEROS
-#ifdef CRYPT
-		if (doencrypt)
-			wc = des_enc_write(rem, bp, cc, schedule, &cred.session);
-		else
-#endif
-#endif
-			wc = write(rem, bp, cc);
+		wc = write(rem, bp, cc);
 		if (wc < 0) {
 			if (errno == EWOULDBLOCK)
 				goto rewrite;
@ -429,14 +307,7 @@ reread:		errno = 0;
 			errx(1, "timeout reached (%d seconds)\n", timeout);
 		if (FD_ISSET(rfd2, &ready)) {
 			errno = 0;
-#ifdef KERBEROS
-#ifdef CRYPT
-			if (doencrypt)
-				cc = des_enc_read(rfd2, buf, sizeof buf, schedule, &cred.session);
-			else
-#endif
-#endif
-				cc = read(rfd2, buf, sizeof buf);
+			cc = read(rfd2, buf, sizeof buf);
 			if (cc <= 0) {
 				if (errno != EWOULDBLOCK)
 					FD_CLR(rfd2, &readfrom);
@ -445,14 +316,7 @@ reread:		errno = 0;
 		}
 		if (FD_ISSET(rem, &ready)) {
 			errno = 0;
-#ifdef KERBEROS
-#ifdef CRYPT
-			if (doencrypt)
-				cc = des_enc_read(rem, buf, sizeof buf, schedule, &cred.session);
-			else
-#endif
-#endif
-				cc = read(rem, buf, sizeof buf);
+			cc = read(rem, buf, sizeof buf);
 			if (cc <= 0) {
 				if (errno != EWOULDBLOCK)
 					FD_CLR(rem, &readfrom);
@ -477,14 +341,7 @@ sendsig(int sig)
 	char signo;

 	signo = sig;
-#ifdef KERBEROS
-#ifdef CRYPT
-	if (doencrypt)
-		(void)des_enc_write(rfd2, &signo, 1, schedule, &cred.session);
-	else
-#endif
-#endif
-		(void)write(rfd2, &signo, 1);
+	(void)write(rfd2, &signo, 1);
 }

 char *
@ -513,15 +370,6 @@ usage(void)
 {

 	(void)fprintf(stderr,
-	    "usage: rsh [-46] [-ndK%s]%s[-l login] [-t timeout] host [command]\n",
-#ifdef KERBEROS
-#ifdef CRYPT
-	    "x", " [-k realm] ");
-#else
-	    "", " [-k realm] ");
-#endif
-#else
-	    "", " ");
-#endif
+	    "usage: rsh [-46] [-nd] [-l login] [-t timeout] host [command]\n");
 	exit(1);
 }