* Remove rhosts support [138]

* Remove tab3 from initial terminal settings.  We don't really care
about horizontal tab delays, do we?  This was breaking on NetBSD.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9282 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 4 insertions, 27 deletions

diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c
index d878e1ebaf..2df7c80709 100644
--- a/src/appl/bsd/krlogind.c
+++ b/src/appl/bsd/krlogind.c
@@ -41,7 +41,6 @@ char copyright[] =
  * 1) Check authentication.
  * 2) Check authorization via the access-control files: 
  *    ~/.k5login (using krb5_kuserok) and/or
- *    ~/.rhosts  (using ruserok).
  * 3) Prompt for password if any checks fail, or if so configured.
  * Allow login if all goes well either by calling the accompanying 
  * login.krb5 or /bin/login, according to the definition of 
@@ -53,7 +52,6 @@ char copyright[] =
  * -k means trust krb4 or krb5
 * -5 means trust krb5
 * -4 means trust krb4
- * -r means trust .rhosts  (using ruserok).
  * -p and -P means prompt for password.
  *    If the -P option is passed, then the password is verified in 
  * addition to all other checks. If -p is not passed with -k or -r,
@@ -72,9 +70,7 @@ char copyright[] =
  *   KERBEROS - Define this if application is to be kerberised.
  *   CRYPT    - Define this if encryption is to be an option.
  *   DO_NOT_USE_K_LOGIN - Define this if you want to use /bin/login
- *              instead  of the accompanying login.krb5. In that case,
- *              the remote user's name must be present in the local
- *              .rhosts file, regardless of any options specified.
+ *              instead  of the accompanying login.krb5. 
  *   KRB5_KRB4_COMPAT - Define this if v4 rlogin clients are also to be served.
  *   ALWAYS_V5_KUSEROK - Define this if you want .k5login to be
  *              checked even for v4 clients (instead of .klogin).
@@ -250,7 +246,7 @@ krb5_ccache ccache = NULL;
 
 krb5_keytab keytab = NULL;
 
-#define ARGSTR	"rk54ciepPD:S:M:L:?"
+#define ARGSTR	"k54ciepPD:S:M:L:?"
 #else /* !KERBEROS */
 #define ARGSTR	"rpPD:?"
 #define (*des_read)  read
@@ -314,7 +310,6 @@ krb5_error_code recvauth();
 */
 #define AUTH_KRB4 (0x1)
 #define AUTH_KRB5 (0x2)
-#define AUTH_RHOSTS (0x4)
 int auth_ok = 0, auth_sent = 0;
 int do_encrypt = 0, passwd_if_fail = 0, passwd_req = 0;
 int checksum_required = 0, checksum_ignored = 0;
@@ -357,9 +352,6 @@ int main(argc, argv)
     opterr = 0;
     while ((ch = getopt(argc, argv, ARGSTR)) != EOF)
       switch (ch) {
-	case 'r':         
-	auth_ok |= AUTH_RHOSTS;
-	  break;
 #ifdef KERBEROS
 	case 'k':
 #ifdef KRB5_KRB4_COMPAT
@@ -562,11 +554,6 @@ int syncpipe[2];
     desinbuf.data = des_inbuf;
     desoutbuf.data = des_outpkt+4;    /* Set up des buffers */
 
-    /* Must come from privileged port when .rhosts is being looked into */
-    if ((auth_ok&AUTH_RHOSTS) 
-	&& (fromp->sin_port >= IPPORT_RESERVED ||
-	    fromp->sin_port < IPPORT_RESERVED/2))
-      non_privileged = 1;
 #else /* !KERBEROS */
     if (fromp->sin_port >= IPPORT_RESERVED ||
 	fromp->sin_port < IPPORT_RESERVED/2)
@@ -627,7 +614,7 @@ int syncpipe[2];
 	new_termio.c_iflag &= ~(IXON|IXANY|BRKINT|INLCR|ICRNL);
 #else
 	new_termio.c_lflag |= (ICANON|ECHO|ISIG|IEXTEN);
-	new_termio.c_oflag |= (ONLCR|OPOST|TAB3);
+	new_termio.c_oflag |= (ONLCR|OPOST);
 	new_termio.c_iflag|= (IXON|IXANY|BRKINT|INLCR|ICRNL);
 #endif /*Do we need binary stream?*/
 	new_termio.c_iflag &= ~(ISTRIP);
@@ -1117,16 +1104,6 @@ do_krb_login(host)
 #endif
 
     
-/* See if we pass .rhosts.*/
-    if (auth_ok&AUTH_RHOSTS) {
-	/* Cannot check .rhosts unless connection from a privileged port. */
-	if (!non_privileged) {
-	    pwd = (struct passwd *) getpwnam(lusername);
-	    if (pwd &&
-		!ruserok(rhost_name, pwd->pw_uid == 0, rusername, lusername))
-		auth_sent |= AUTH_RHOSTS;
-	}
-    }
 
     if (checksum_required && !valid_checksum) {
 	if (auth_sent & AUTH_KRB5) {
@@ -1348,7 +1325,7 @@ void usage()
 {
 #ifdef KERBEROS
     syslog(LOG_ERR, 
-	   "usage: klogind [-rke45pP] [-D port] or [r/R][k/K][x/e][p/P]logind");
+	   "usage: klogind [-ke45pP] [-D port] or [r/R][k/K][x/e][p/P]logind");
 #else
     syslog(LOG_ERR, 
 	   "usage: rlogind [-rpP] [-D port] or [r/R][p/P]logind");