diff options
Diffstat (limited to 'src/appl/bsd/krlogind.c')
-rw-r--r-- | src/appl/bsd/krlogind.c | 31 |
1 files changed, 4 insertions, 27 deletions
diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c index d878e1ebaf..2df7c80709 100644 --- a/src/appl/bsd/krlogind.c +++ b/src/appl/bsd/krlogind.c @@ -41,7 +41,6 @@ char copyright[] = * 1) Check authentication. * 2) Check authorization via the access-control files: * ~/.k5login (using krb5_kuserok) and/or - * ~/.rhosts (using ruserok). * 3) Prompt for password if any checks fail, or if so configured. * Allow login if all goes well either by calling the accompanying * login.krb5 or /bin/login, according to the definition of @@ -53,7 +52,6 @@ char copyright[] = * -k means trust krb4 or krb5 * -5 means trust krb5 * -4 means trust krb4 - * -r means trust .rhosts (using ruserok). * -p and -P means prompt for password. * If the -P option is passed, then the password is verified in * addition to all other checks. If -p is not passed with -k or -r, @@ -72,9 +70,7 @@ char copyright[] = * KERBEROS - Define this if application is to be kerberised. * CRYPT - Define this if encryption is to be an option. * DO_NOT_USE_K_LOGIN - Define this if you want to use /bin/login - * instead of the accompanying login.krb5. In that case, - * the remote user's name must be present in the local - * .rhosts file, regardless of any options specified. + * instead of the accompanying login.krb5. * KRB5_KRB4_COMPAT - Define this if v4 rlogin clients are also to be served. * ALWAYS_V5_KUSEROK - Define this if you want .k5login to be * checked even for v4 clients (instead of .klogin). @@ -250,7 +246,7 @@ krb5_ccache ccache = NULL; krb5_keytab keytab = NULL; -#define ARGSTR "rk54ciepPD:S:M:L:?" +#define ARGSTR "k54ciepPD:S:M:L:?" #else /* !KERBEROS */ #define ARGSTR "rpPD:?" #define (*des_read) read @@ -314,7 +310,6 @@ krb5_error_code recvauth(); */ #define AUTH_KRB4 (0x1) #define AUTH_KRB5 (0x2) -#define AUTH_RHOSTS (0x4) int auth_ok = 0, auth_sent = 0; int do_encrypt = 0, passwd_if_fail = 0, passwd_req = 0; int checksum_required = 0, checksum_ignored = 0; @@ -357,9 +352,6 @@ int main(argc, argv) opterr = 0; while ((ch = getopt(argc, argv, ARGSTR)) != EOF) switch (ch) { - case 'r': - auth_ok |= AUTH_RHOSTS; - break; #ifdef KERBEROS case 'k': #ifdef KRB5_KRB4_COMPAT @@ -562,11 +554,6 @@ int syncpipe[2]; desinbuf.data = des_inbuf; desoutbuf.data = des_outpkt+4; /* Set up des buffers */ - /* Must come from privileged port when .rhosts is being looked into */ - if ((auth_ok&AUTH_RHOSTS) - && (fromp->sin_port >= IPPORT_RESERVED || - fromp->sin_port < IPPORT_RESERVED/2)) - non_privileged = 1; #else /* !KERBEROS */ if (fromp->sin_port >= IPPORT_RESERVED || fromp->sin_port < IPPORT_RESERVED/2) @@ -627,7 +614,7 @@ int syncpipe[2]; new_termio.c_iflag &= ~(IXON|IXANY|BRKINT|INLCR|ICRNL); #else new_termio.c_lflag |= (ICANON|ECHO|ISIG|IEXTEN); - new_termio.c_oflag |= (ONLCR|OPOST|TAB3); + new_termio.c_oflag |= (ONLCR|OPOST); new_termio.c_iflag|= (IXON|IXANY|BRKINT|INLCR|ICRNL); #endif /*Do we need binary stream?*/ new_termio.c_iflag &= ~(ISTRIP); @@ -1117,16 +1104,6 @@ do_krb_login(host) #endif -/* See if we pass .rhosts.*/ - if (auth_ok&AUTH_RHOSTS) { - /* Cannot check .rhosts unless connection from a privileged port. */ - if (!non_privileged) { - pwd = (struct passwd *) getpwnam(lusername); - if (pwd && - !ruserok(rhost_name, pwd->pw_uid == 0, rusername, lusername)) - auth_sent |= AUTH_RHOSTS; - } - } if (checksum_required && !valid_checksum) { if (auth_sent & AUTH_KRB5) { @@ -1348,7 +1325,7 @@ void usage() { #ifdef KERBEROS syslog(LOG_ERR, - "usage: klogind [-rke45pP] [-D port] or [r/R][k/K][x/e][p/P]logind"); + "usage: klogind [-ke45pP] [-D port] or [r/R][k/K][x/e][p/P]logind"); #else syslog(LOG_ERR, "usage: rlogind [-rpP] [-D port] or [r/R][p/P]logind"); |