* kcmd.c: Cleaned up whitespace and removed commented & unused cruft

        * krlogind.c, krshd.c: Allow the recvauth routine to find any key
        in the keytab for which the user is trying to login.  The host may
        be known as many names.  Additionally, for krlogind, clean up the
        error handling for bad authentication (potential null dereference
        and a misleading message because of the wrong authentication system
        being used)

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7791 dc483132-0cff-0310-8789-dd5450dbe970

4 files changed, 35 insertions, 39 deletions

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index 527407bf16..d786903a65 100644
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,3 +1,14 @@
+Thu Apr 11 00:22:51 1996  Richard Basch  <basch@lehman.com>
+
+	* kcmd.c: Cleaned up whitespace and removed commented & unused cruft
+
+	* krlogind.c, krshd.c: Allow the recvauth routine to find any key
+	in the keytab for which the user is trying to login.  The host may
+	be known as many names.  Additionally, for krlogind, clean up the
+	error handling for bad authentication (potential null dereference
+	and a misleading message because of the wrong authentication system
+	being used)
+
 Sun Apr  7 22:46:07 1996  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
 	* krshd.c: Add an option -L to pass certain environment variables
diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c
index d343054b9c..c446541b76 100644
--- a/src/appl/bsd/kcmd.c
+++ b/src/appl/bsd/kcmd.c
@@ -66,8 +66,6 @@ char *default_service = "host";
 
 extern krb5_context bsd_context;
 
-krb5_enctype bsd_ktypes[] = { ENCTYPE_DES_CBC_CRC , 0 };
-
 
 kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
      cred, seqno, server_seqno, laddr, faddr, authopts, anyport)
@@ -109,15 +107,16 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
     krb5_auth_context auth_context = NULL;
     char *cksumbuf;
     krb5_data cksumdat;
+
     if ((cksumbuf = malloc(strlen(cmd)+strlen(remuser)+64)) == 0 ) {
-      fprintf(stderr, "Unable to allocate memory for checksum buffer.\n");
-      return(-1);
+	fprintf(stderr, "Unable to allocate memory for checksum buffer.\n");
+	return(-1);
     }
-sprintf(cksumbuf, "%u:", ntohs(rport));
+    sprintf(cksumbuf, "%u:", ntohs(rport));
     strcat(cksumbuf, cmd);
     strcat(cksumbuf, remuser);
     cksumdat.data = cksumbuf;
-	cksumdat.length = strlen(cksumbuf);
+    cksumdat.length = strlen(cksumbuf);
 	
     pid = getpid();
     hp = gethostbyname(*ahost);
@@ -144,7 +143,7 @@ sprintf(cksumbuf, "%u:", ntohs(rport));
         fprintf(stderr,"kcmd: no memory\n");
         return(-1);
     }
-    status = krb5_sname_to_principal(bsd_context, host_save,service,
+    status = krb5_sname_to_principal(bsd_context, host_save, service,
 				     KRB5_NT_SRV_HST, &get_cred->server);
     if (status) {
 	    fprintf(stderr, "kcmd: krb5_sname_to_principal failed: %s\n",
@@ -278,9 +277,6 @@ sprintf(cksumbuf, "%u:", ntohs(rport));
     if (status = krb5_cc_default(bsd_context, &cc))
     	goto bad2;
 
-/*     if (krb5_set_default_tgs_ktypes(bsd_context, bsd_ktypes)) */
-/* 	goto bad2; */
-    
     if (status = krb5_cc_get_principal(bsd_context, cc, &get_cred->client)) {
     	(void) krb5_cc_close(bsd_context, cc);
     	goto bad2;
diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c
index 5de2f5faad..d78ab6fbc2 100644
--- a/src/appl/bsd/krlogind.c
+++ b/src/appl/bsd/krlogind.c
@@ -1062,7 +1062,7 @@ do_krb_login(host)
 {
     krb5_error_code status;
     struct passwd *pwd;
-    char *msg_fail;
+    char *msg_fail = NULL;
 int valid_checksum;
 
 
@@ -1127,23 +1127,28 @@ int valid_checksum;
 	    syslog(LOG_WARNING, "Client did not supply required checksum.");
 	
 	    fatal(netf, "You are using an old Kerberos5 without initial connection support; only newer clients are authorized.");
+	}
+	else {
+	    syslog(LOG_WARNING, "Checksums are only required for v5 clients; other clients cannot produce initial authenticator checksums.");
+	}
     }
-    else {
-	syslog(LOG_WARNING, "Checksums are only required for v5 clients; other clients cannot produce initial authenticator checksums.");
-    }
-      }
-    if 
-(auth_ok&auth_sent) /* This should be bitwise.*/
+    if (auth_ok&auth_sent) /* This should be bitwise.*/
 	return;
     
     if (ticket)
 	krb5_free_ticket(bsd_context, ticket);
 
-    msg_fail =  (char *) malloc( strlen(krusername) + strlen(lusername) + 80 );
+    if (krusername)
+	msg_fail = (char *)malloc(strlen(krusername) + strlen(lusername) + 80);
     if (!msg_fail)
-    fatal(netf, "User is not authorized to login to specified account");
-    sprintf(msg_fail, "User %s is not authorized to login to account %s",
-	    krusername, lusername);
+	fatal(netf, "User is not authorized to login to specified account");
+
+    if (auth_sent)
+	sprintf(msg_fail, "Access denied because of improper credentials");
+    else
+	sprintf(msg_fail, "User %s is not authorized to login to account %s",
+		krusername, lusername);
+    
     fatal(netf, msg_fail);
     /* NOTREACHED */
 }
@@ -1472,7 +1477,6 @@ recvauth(valid_checksum)
     struct sockaddr_in peersin, laddr;
     char krb_vers[KRB_SENDAUTH_VLEN + 1];
     int len;
-    krb5_principal server;
     krb5_data inbuf;
     char v4_instance[INST_SZ];	/* V4 Instance */
     char v4_version[9];
@@ -1489,13 +1493,6 @@ recvauth(valid_checksum)
 	exit(1);
     }
 
-    if (status = krb5_sname_to_principal(bsd_context, NULL, "host", 
-					 KRB5_NT_SRV_HST, &server)) {
-	    syslog(LOG_ERR, "parse server name %s: %s", "host",
-		   error_message(status));
-	    exit(1);
-    }
-
     strcpy(v4_instance, "*");
 
     if (status = krb5_auth_con_init(bsd_context, &auth_context))
@@ -1508,7 +1505,7 @@ recvauth(valid_checksum)
 
     if (status = krb5_compat_recvauth(bsd_context, &auth_context, &netf,
 				  "KCMDV0.1",
-				  server, 	/* Specify daemon principal */
+				  NULL, 	/* Specify daemon principal */
 				  0, 		/* no flags */
 				  keytab, /* normally NULL to use v5srvtab */
 
diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c
index 867319700d..e4073bfdd1 100644
--- a/src/appl/bsd/krshd.c
+++ b/src/appl/bsd/krshd.c
@@ -1696,7 +1696,6 @@ recvauth(netf, peersin, valid_checksum)
     struct sockaddr_in laddr;
     char krb_vers[KRB_SENDAUTH_VLEN + 1];
     int len;
-    krb5_principal server;
     krb5_data inbuf;
     char v4_instance[INST_SZ];	/* V4 Instance */
     char v4_version[9];
@@ -1715,13 +1714,6 @@ krb5_authenticator *authenticator;
 #define SIZEOF_INADDR sizeof(struct in_addr)
 #endif
 
-    if (status = krb5_sname_to_principal(bsd_context, NULL, "host", 
-					 KRB5_NT_SRV_HST, &server)) {
-	    syslog(LOG_ERR, "parse server name %s: %s", "host",
-		   error_message(status));
-	    exit(1);
-    }
-
     strcpy(v4_instance, "*");
 
     if (status = krb5_auth_con_init(bsd_context, &auth_context))
@@ -1733,7 +1725,7 @@ krb5_authenticator *authenticator;
 
     status = krb5_compat_recvauth(bsd_context, &auth_context, &netf,
 				  "KCMDV0.1",
-				  server, /* Specify daemon principal */
+				  NULL,		/* Specify daemon principal */
 				  0, 		/* no flags */
 				  keytab, /* normally NULL to use v5srvtab */
 				  0, 		/* v4_opts */