src - FreeBSD source tree

diff options


context:
space:
mode:

author	Mark Murray <markm@FreeBSD.org>	2002-10-16 16:10:46 +0000
committer	Mark Murray <markm@FreeBSD.org>	2002-10-16 16:10:46 +0000
commit	d8456c7ada044eb8dadd84f52a956cdb139bc4ff (patch)
tree	cd41dc85498e7fda3661479849d032fb6269a101 /usr.bin/rsh
parent	31f3117741179f7fd9750320c67cc7ba82af2fce (diff)
download	src-d8456c7ada044eb8dadd84f52a956cdb139bc4ff.tar.gz src-d8456c7ada044eb8dadd84f52a956cdb139bc4ff.zip

Dekerberise. The corresponding userland stuff has been dekerberised

for ages, and no-one seems to have noticed. Viva PAM!

Notes

Notes: svn path=/head/; revision=105269

Diffstat (limited to 'usr.bin/rsh')

-rw-r--r--

usr.bin/rsh/Makefile

-rw-r--r--

usr.bin/rsh/rsh.c

166

2 files changed, 7 insertions, 172 deletions

diff --git a/usr.bin/rsh/Makefile b/usr.bin/rsh/Makefile
index 844c1f225b13..fd4644e26bf7 100644
--- a/usr.bin/rsh/Makefile
+++ b/usr.bin/rsh/Makefile

@@ -5,19 +5,6 @@ PROG= rsh

SRCS= rsh.c

CFLAGS+=-I${.CURDIR}/../../libexec/rlogind

-.if defined(MAKE_KERBEROS4) && !defined(NO_OPENSSL) && !defined(NOCRYPT)

-SRCS+= krcmd.c kcmd.c rcmd_util.c

-CFLAGS+=-DKERBEROS -DCRYPT -DHAVE_CONFIG_H -I- \

- -I${.CURDIR}/../../kerberosIV/include \

- -I${.CURDIR}/../../crypto/kerberosIV/include \

- -I${.CURDIR}/../../crypto/kerberosIV/lib/roken \

- -I${.CURDIR}/../../crypto/kerberosIV/appl/bsd

-DPADD= ${LIBUTIL} ${LIBKRB} ${LIBCRYPTO} ${LIBCRYPT} ${LIBCOM_ERR}

-LDADD= -lutil -lkrb -lcrypto -lcrypt -lcom_err

-DISTRIBUTION= krb4

-.PATH: ${.CURDIR}/../../crypto/kerberosIV/appl/bsd

-.endif

BINOWN= root

BINMODE=4555

INSTALLFLAGS=-fschg

diff --git a/usr.bin/rsh/rsh.c b/usr.bin/rsh/rsh.c
index a4a3a7405c1b..2830f136c425 100644
--- a/usr.bin/rsh/rsh.c
+++ b/usr.bin/rsh/rsh.c

@@ -73,18 +73,6 @@ __FBSDID("$FreeBSD$");

#include <unistd.h>

#include <err.h>

-#ifdef KERBEROS

-#include <openssl/des.h>

-#include <krb.h>

-#include "krb.h"

-CREDENTIALS cred;

-Key_schedule schedule;

-int use_kerberos = 1, doencrypt;

-char dst_realm_buf[REALM_SZ], *dest_realm;

-extern char *krb_realmofhost();

-#endif

* rsh - remote shell

@@ -110,9 +98,6 @@ main(int argc, char *argv[])

uid_t uid;

char *args, *host, *p, *user;

int timeout = 0;

-#ifdef KERBEROS

- const char *k;

-#endif

argoff = asrsh = dflag = nflag = 0;

one = 1;

@@ -134,15 +119,7 @@ main(int argc, char *argv[])

argoff = 1;

}

-#ifdef KERBEROS

-#ifdef CRYPT

-#define OPTIONS "468KLde:k:l:nt:wx"

-#else

-#define OPTIONS "468KLde:k:l:nt:w"

-#endif

-#else

#define OPTIONS "468KLde:l:nt:w"

-#endif

while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1)

switch(ch) {

case '4':

@@ -153,11 +130,6 @@ main(int argc, char *argv[])

family = PF_INET6;

break;

- case 'K':

-#ifdef KERBEROS

- use_kerberos = 0;

-#endif

- break;

case 'L': /* -8Lew are ignored to allow rlogin aliases */

case 'e':

case 'w':

@@ -169,22 +141,9 @@ main(int argc, char *argv[])

case 'l':

user = optarg;

break;

-#ifdef KERBEROS

- case 'k':

- dest_realm = dst_realm_buf;

- strncpy(dest_realm, optarg, REALM_SZ);

- break;

-#endif

case 'n':

nflag = 1;

break;

-#ifdef KERBEROS

-#ifdef CRYPT

- case 'x':

- doencrypt = 1;

- break;

-#endif

case 't':

timeout = atoi(optarg);

break;

@@ -214,80 +173,14 @@ main(int argc, char *argv[])

if (!user)

user = pw->pw_name;

-#ifdef KERBEROS

-#ifdef CRYPT

- /* -x turns off -n */

- if (doencrypt)

- nflag = 0;

-#endif

args = copyargs(argv);

sp = NULL;

-#ifdef KERBEROS

- k = auth_getval("auth_list");

- if (k && !strstr(k, "kerberos"))

- use_kerberos = 0;

- if (use_kerberos) {

- sp = getservbyname((doencrypt ? "ekshell" : "kshell"), "tcp");

- if (sp == NULL) {

- use_kerberos = 0;

- warnx(

- "warning, using standard rsh: can't get entry for %s/tcp service",

- doencrypt ? "ekshell" : "kshell");

- }

-#endif

if (sp == NULL)

sp = getservbyname("shell", "tcp");

if (sp == NULL)

errx(1, "shell/tcp: unknown service");

-#ifdef KERBEROS

-try_connect:

- if (use_kerberos) {

- struct hostent *hp;

- /* fully qualify hostname (needed for krb_realmofhost) */

- hp = gethostbyname(host);

- if (hp != NULL && !(host = strdup(hp->h_name)))

- err(1, NULL);

- rem = KSUCCESS;

- errno = 0;

- if (dest_realm == NULL)

- dest_realm = krb_realmofhost(host);

-#ifdef CRYPT

- if (doencrypt) {

- rem = krcmd_mutual(&host, sp->s_port, user, args,

- &rfd2, dest_realm, &cred, schedule);

- des_set_key(&cred.session, schedule);

- } else

-#endif

- rem = krcmd(&host, sp->s_port, user, args, &rfd2,

- dest_realm);

- if (rem < 0) {

- use_kerberos = 0;

- sp = getservbyname("shell", "tcp");

- if (sp == NULL)

- errx(1, "shell/tcp: unknown service");

- if (errno == ECONNREFUSED)

- warnx(

- "warning, using standard rsh: remote host doesn't support Kerberos");

- if (errno == ENOENT)

- warnx(

- "warning, using standard rsh: can't provide Kerberos auth data");

- goto try_connect;

- }

- } else {

- if (doencrypt)

- errx(1, "the -x flag requires Kerberos authentication");

- rem = rcmd_af(&host, sp->s_port, pw->pw_name, user, args,

- &rfd2, family);

- }

-#else

if (timeout) {

signal(SIGALRM, connect_timeout);

alarm(timeout);

@@ -298,7 +191,6 @@ try_connect:

signal(SIGALRM, SIG_DFL);

alarm(0);

}

-#endif

if (rem < 0)

exit(1);

@@ -331,15 +223,8 @@ try_connect:

else

(void)shutdown(rem, 1);

-#ifdef KERBEROS

-#ifdef CRYPT

- if (!doencrypt)

-#endif

- {

- (void)ioctl(rfd2, FIONBIO, &one);

- (void)ioctl(rem, FIONBIO, &one);

- }

+ (void)ioctl(rfd2, FIONBIO, &one);

+ (void)ioctl(rem, FIONBIO, &one);

talk(nflag, omask, pid, rem, timeout);

@@ -379,14 +264,7 @@ rewrite:

}

if (!FD_ISSET(rem, &rembits))

goto rewrite;

-#ifdef KERBEROS

-#ifdef CRYPT

- if (doencrypt)

- wc = des_enc_write(rem, bp, cc, schedule, &cred.session);

- else

-#endif

- wc = write(rem, bp, cc);

+ wc = write(rem, bp, cc);

if (wc < 0) {

if (errno == EWOULDBLOCK)

goto rewrite;

@@ -429,14 +307,7 @@ done:

errx(1, "timeout reached (%d seconds)\n", timeout);

if (FD_ISSET(rfd2, &ready)) {

errno = 0;

-#ifdef KERBEROS

-#ifdef CRYPT

- if (doencrypt)

- cc = des_enc_read(rfd2, buf, sizeof buf, schedule, &cred.session);

- else

-#endif

- cc = read(rfd2, buf, sizeof buf);

+ cc = read(rfd2, buf, sizeof buf);

if (cc <= 0) {

if (errno != EWOULDBLOCK)

FD_CLR(rfd2, &readfrom);

@@ -445,14 +316,7 @@ done:

}

if (FD_ISSET(rem, &ready)) {

errno = 0;

-#ifdef KERBEROS

-#ifdef CRYPT

- if (doencrypt)

- cc = des_enc_read(rem, buf, sizeof buf, schedule, &cred.session);

- else

-#endif

- cc = read(rem, buf, sizeof buf);

+ cc = read(rem, buf, sizeof buf);

if (cc <= 0) {

if (errno != EWOULDBLOCK)

FD_CLR(rem, &readfrom);

@@ -477,14 +341,7 @@ sendsig(int sig)

char signo;

signo = sig;

-#ifdef KERBEROS

-#ifdef CRYPT

- if (doencrypt)

- (void)des_enc_write(rfd2, &signo, 1, schedule, &cred.session);

- else

-#endif

- (void)write(rfd2, &signo, 1);

+ (void)write(rfd2, &signo, 1);

}

char *

@@ -513,15 +370,6 @@ usage(void)

{

(void)fprintf(stderr,

- "usage: rsh [-46] [-ndK%s]%s[-l login] [-t timeout] host [command]\n",

-#ifdef KERBEROS

-#ifdef CRYPT

- "x", " [-k realm] ");

-#else

- "", " [-k realm] ");

-#endif

-#else

- "", " ");

-#endif

+ "usage: rsh [-46] [-nd] [-l login] [-t timeout] host [command]\n");

exit(1);

}