4 files changed, 35 insertions, 39 deletions

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index 527407bf16..d786903a65 100644
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,3 +1,14 @@
+Thu Apr 11 00:22:51 1996  Richard Basch  <basch@lehman.com>
+
+	* kcmd.c: Cleaned up whitespace and removed commented & unused cruft
+
+	* krlogind.c, krshd.c: Allow the recvauth routine to find any key
+	in the keytab for which the user is trying to login.  The host may
+	be known as many names.  Additionally, for krlogind, clean up the
+	error handling for bad authentication (potential null dereference
+	and a misleading message because of the wrong authentication system
+	being used)
+
 Sun Apr  7 22:46:07 1996  Ezra Peisach  <epeisach@kangaroo.mit.edu>
 
 	* krshd.c: Add an option -L to pass certain environment variables
diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c
index d343054b9c..c446541b76 100644
--- a/src/appl/bsd/kcmd.c
+++ b/src/appl/bsd/kcmd.c
@@ -66,8 +66,6 @@ char *default_service = "host";
 
 extern krb5_context bsd_context;
 
-krb5_enctype bsd_ktypes[] = { ENCTYPE_DES_CBC_CRC , 0 };
-
 
 kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
      cred, seqno, server_seqno, laddr, faddr, authopts, anyport)
@@ -109,15 +107,16 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm,
     krb5_auth_context auth_context = NULL;
     char *cksumbuf;
     krb5_data cksumdat;
+
     if ((cksumbuf = malloc(strlen(cmd)+strlen(remuser)+64)) == 0 ) {
-      fprintf(stderr, "Unable to allocate memory for checksum buffer.\n");
-      return(-1);
+	fprintf(stderr, "Unable to allocate memory for checksum buffer.\n");
+	return(-1);
     }
-sprintf(cksumbuf, "%u:", ntohs(rport));
+    sprintf(cksumbuf, "%u:", ntohs(rport));
     strcat(cksumbuf, cmd);
     strcat(cksumbuf, remuser);
     cksumdat.data = cksumbuf;
-	cksumdat.length = strlen(cksumbuf);
+    cksumdat.length = strlen(cksumbuf);
 	
     pid = getpid();
     hp = gethostbyname(*ahost);
@@ -144,7 +143,7 @@ sprintf(cksumbuf, "%u:", ntohs(rport));
         fprintf(stderr,"kcmd: no memory\n");
         return(-1);
     }
-    status = krb5_sname_to_principal(bsd_context, host_save,service,
+    status = krb5_sname_to_principal(bsd_context, host_save, service,
 				     KRB5_NT_SRV_HST, &get_cred->server);
     if (status) {
 	    fprintf(stderr, "kcmd: krb5_sname_to_principal failed: %s\n",
@@ -278,9 +277,6 @@ sprintf(cksumbuf, "%u:", ntohs(rport));
     if (status = krb5_cc_default(bsd_context, &cc))
     	goto bad2;
 
-/*     if (krb5_set_default_tgs_ktypes(bsd_context, bsd_ktypes)) */
-/* 	goto bad2; */
-    
     if (status = krb5_cc_get_principal(bsd_context, cc, &get_cred->client)) {
     	(void) krb5_cc_close(bsd_context, cc);
     	goto bad2;
diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c
index 5de2f5faad..d78ab6fbc2 100644
--- a/src/appl/bsd/krlogind.c
+++ b/src/appl/bsd/krlogind.c
@@ -1062,7 +1062,7 @@ do_krb_login(host)
 {
     krb5_error_code status;
     struct passwd *pwd;
-    char *msg_fail;
+    char *msg_fail = NULL;
 int valid_checksum;
 
 
@@ -1127,23 +1127,28 @@ int valid_checksum;
 	    syslog(LOG_WARNING, "Client did not supply required checksum.");
 	
 	    fatal(netf, "You are using an old Kerberos5 without initial connection support; only newer clients are authorized.");
+	}
+	else {
+	    syslog(LOG_WARNING, "Checksums are only required for v5 clients; other clients cannot produce initial authenticator checksums.");
+	}
     }
-    else {
-	syslog(LOG_WARNING, "Checksums are only required for v5 clients; other clients cannot produce initial authenticator checksums.");
-    }
-      }
-    if 
-(auth_ok&auth_sent) /* This should be bitwise.*/
+    if (auth_ok&auth_sent) /* This should be bitwise.*/
 	return;
     
     if (ticket)
 	krb5_free_ticket(bsd_context, ticket);
 
-    msg_fail =  (char *) malloc( strlen(krusername) + strlen(lusername) + 80 );
+    if (krusername)
+	msg_fail = (char *)malloc(strlen(krusername) + strlen(lusername) + 80);
     if (!msg_fail)
-    fatal(netf, "User is not authorized to login to specified account");
-    sprintf(msg_fail, "User %s is not authorized to login to account %s",
-	    krusername, lusername);
+	fatal(netf, "User is not authorized to login to specified account");
+
+    if (auth_sent)
+	sprintf(msg_fail, "Access denied because of improper credentials");
+    else
+	sprintf(msg_fail, "User %s is not authorized to login to account %s",
+		krusername, lusername);
+    
     fatal(netf, msg_fail);
     /* NOTREACHED */
 }
@@ -1472,7 +1477,6 @@ recvauth(valid_checksum)
     struct sockaddr_in peersin, laddr;
     char krb_vers[KRB_SENDAUTH_VLEN + 1];
     int len;
-    krb5_principal server;
     krb5_data inbuf;
     char v4_instance[INST_SZ];	/* V4 Instance */
     char v4_version[9];
@@ -1489,13 +1493,6 @@ recvauth(valid_checksum)
 	exit(1);
     }
 
-    if (status = krb5_sname_to_principal(bsd_context, NULL, "host", 
-					 KRB5_NT_SRV_HST, &server)) {
-	    syslog(LOG_ERR, "parse server name %s: %s", "host",
-		   error_message(status));
-	    exit(1);
-    }
-
     strcpy(v4_instance, "*");
 
     if (status = krb5_auth_con_init(bsd_context, &auth_context))
@@ -1508,7 +1505,7 @@ recvauth(valid_checksum)
 
     if (status = krb5_compat_recvauth(bsd_context, &auth_context, &netf,
 				  "KCMDV0.1",
-				  server, 	/* Specify daemon principal */
+				  NULL, 	/* Specify daemon principal */
 				  0, 		/* no flags */
 				  keytab, /* normally NULL to use v5srvtab */
 
diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c
index 867319700d..e4073bfdd1 100644
--- a/src/appl/bsd/krshd.c
+++ b/src/appl/bsd/krshd.c
@@ -1696,7 +1696,6 @@ recvauth(netf, peersin, valid_checksum)
     struct sockaddr_in laddr;
     char krb_vers[KRB_SENDAUTH_VLEN + 1];
     int len;
-    krb5_principal server;
     krb5_data inbuf;
     char v4_instance[INST_SZ];	/* V4 Instance */
     char v4_version[9];
@@ -1715,13 +1714,6 @@ krb5_authenticator *authenticator;
 #define SIZEOF_INADDR sizeof(struct in_addr)
 #endif
 
-    if (status = krb5_sname_to_principal(bsd_context, NULL, "host", 
-					 KRB5_NT_SRV_HST, &server)) {
-	    syslog(LOG_ERR, "parse server name %s: %s", "host",
-		   error_message(status));
-	    exit(1);
-    }
-
     strcpy(v4_instance, "*");
 
     if (status = krb5_auth_con_init(bsd_context, &auth_context))
@@ -1733,7 +1725,7 @@ krb5_authenticator *authenticator;
 
     status = krb5_compat_recvauth(bsd_context, &auth_context, &netf,
 				  "KCMDV0.1",
-				  server, /* Specify daemon principal */
+				  NULL,		/* Specify daemon principal */
 				  0, 		/* no flags */
 				  keytab, /* normally NULL to use v5srvtab */
 				  0, 		/* v4_opts */