back out some changes that weren't ready

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14576 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 45 insertions, 68 deletions

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index 6970a6988..e7d289378 100644
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -13,15 +13,6 @@
 	* krlogind.c (princ_maps_to_lname, default_realm): ...from here.
 	(recvauth): Use sockaddr_storage to hold addresses.
 	* krshd.c (default_realm, princ_maps_to_lname): Deleted.
-	(recvauth): Take sockaddr pointer argument instead of
-	sockaddr_in.  Use getnameinfo to extract port number string.
-	(remote_addr, remote_port, local_addr, local_port): Make buffers
-	bigger.
-	(doit): Use sockaddr_storage for local address.  Get rid of all
-	settings of non_privileged, since it's never used.  Don't copy
-	remote address to local variable.  Use getnameinfo instead of
-	inet_ntoa to format addresses and port numbers for environment
-	variables.
 
 	* krsh.c (SECURE_MESSAGE): Only indicate that input/output data
 	are being encrypted, and don't automatically say it's with DES.
diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c
index 0bb3f69c1..30aa669fa 100644
--- a/src/appl/bsd/krshd.c
+++ b/src/appl/bsd/krshd.c
@@ -200,6 +200,10 @@ krb5_context bsd_context;
 char *srvtab = NULL;
 krb5_keytab keytab = NULL;
 krb5_ccache ccache = NULL;
+int default_realm(krb5_principal principal);
+#if defined(KERBEROS) && defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS) 
+static int princ_maps_to_lname(krb5_principal principal, char *luser);
+#endif
 
 void fatal(int, const char *);
 
@@ -212,7 +216,7 @@ int maxhostlen = 0;
 int stripdomain = 1;
 int always_ip = 0;
 
-static krb5_error_code recvauth(int netfd, struct sockaddr *peersin,
+static krb5_error_code recvauth(int netfd, struct sockaddr_in peersin,
 				int *valid_checksum);
 
 #else /* !KERBEROS */
@@ -260,7 +264,7 @@ void 	error (char *fmt, ...)
      ;
 
 void usage(void), getstr(int, char *, int, char *), 
-    doit(int, struct sockaddr *);
+    doit(int, struct sockaddr_in *);
 
 #ifndef HAVE_INITGROUPS
 int initgroups(char* name, gid_t basegid) {
@@ -488,7 +492,7 @@ int main(argc, argv)
 	fatal(fd, "Configuration error: mutually exclusive options specified");
     }
 
-    doit(dup(fd), (struct sockaddr *) &from);
+    doit(dup(fd), &from);
     return 0;
 }
 
@@ -505,10 +509,10 @@ char	shell[64] = "SHELL=";
 char    term[64] = "TERM=network";
 char	path_rest[] = RPATH;
 
-char	remote_addr[64+NI_MAXHOST]; /* = "KRB5REMOTEADDR=" */
-char	remote_port[64+NI_MAXSERV]; /* = "KRB5REMOTEPORT=" */
-char	local_addr[64+NI_MAXHOST]; /* = "KRB5LOCALADDR=" */
-char	local_port[64+NI_MAXSERV]; /* = "KRB5LOCALPORT=" */
+char	remote_addr[64];	/* = "KRB5REMOTEADDR=" */
+char	remote_port[64];	/* = "KRB5REMOTEPORT=" */
+char	local_addr[64];		/* = "KRB5LOCALADDR=" */
+char	local_port[64];		/* = "KRB5LOCALPORT=" */
 #define ADDRPAD 0,0,0,0
 #define KRBPAD 0		/* KRB5CCNAME, optional */
 
@@ -605,7 +609,7 @@ cleanup(signumber)
 
 void doit(f, fromp)
      int f;
-     struct sockaddr *fromp;
+     struct sockaddr_in *fromp;
 {
     char *cp;
 #ifdef KERBEROS
@@ -644,7 +648,9 @@ void doit(f, fromp)
     int pv[2], pw[2], px[2], cc;
     fd_set ready, readfrom;
     char buf[RCMD_BUFSIZ], sig;
-    struct sockaddr_storage localaddr;
+    struct sockaddr_in fromaddr;
+    struct sockaddr_in localaddr;
+    int non_privileged = 0;
 #ifdef POSIX_SIGNALS
     struct sigaction sa;
 #endif
@@ -665,12 +671,13 @@ void doit(f, fromp)
 #endif /* IP_TOS */
     
     { 
-      int sin_len = sizeof (localaddr);
+      int sin_len = sizeof (struct sockaddr_in);
       if (getsockname(f, (struct sockaddr*)&localaddr, &sin_len) < 0) {
 	perror("getsockname");
 	exit(1);
       }
     }
+    fromaddr = *fromp;
 
 #ifdef POSIX_SIGNALS
     (void)sigemptyset(&sa.sa_mask);
@@ -699,6 +706,9 @@ void doit(f, fromp)
     }
 #ifdef KERBEROS
     netf = f;
+    if ( (fromp->sin_port >= IPPORT_RESERVED ||
+	    fromp->sin_port < IPPORT_RESERVED/2))
+      non_privileged = 1;
 #else
     if (fromp->sin_port >= IPPORT_RESERVED ||
 	    fromp->sin_port < IPPORT_RESERVED/2) {
@@ -769,7 +779,10 @@ void doit(f, fromp)
 		   "can't get stderr port: %m");
 	    exit(1);
 	}
-#ifndef KERBEROS
+#ifdef KERBEROS
+	if ( port >= IPPORT_RESERVED)
+	    non_privileged = 1;
+#else
 	if (port >= IPPORT_RESERVED) {
 	    syslog(LOG_ERR , "2nd port not reserved\n");
 	    exit(1);
@@ -804,7 +817,7 @@ void doit(f, fromp)
 	exit(1);
     }
 
-    if ((status = recvauth(f, fromp, &valid_checksum))) {
+    if ((status = recvauth(f, fromaddr,&valid_checksum))) {
 	error("Authentication failed: %s\n", error_message(status));
 	exit(1);
     }
@@ -1425,37 +1438,21 @@ if(port)
     {
       int i;
       /* these four are covered by ADDRPAD */
-      int aierr;
-      char hbuf[NI_MAXHOST], sbuf[NI_MAXSERV];
-
+      sprintf(local_addr,  "KRB5LOCALADDR=%s", inet_ntoa(localaddr.sin_addr));
       for (i = 0; envinit[i]; i++);
+      envinit[i] =local_addr;
+
+      sprintf(local_port,  "KRB5LOCALPORT=%d", ntohs(localaddr.sin_port));
+      for (; envinit[i]; i++);
+      envinit[i] =local_port;
 
-      aierr = getnameinfo((struct sockaddr *)&localaddr,
-			  socklen((struct sockaddr *)&localaddr),
-			  hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
-			  NI_NUMERICHOST | NI_NUMERICSERV);
-      if (aierr)
-	  goto skip_localaddr_env;
-      sprintf(local_addr,  "KRB5LOCALADDR=%s", hbuf);
-      envinit[i++] =local_addr;
-
-      sprintf(local_port,  "KRB5LOCALPORT=%s", sbuf);
-      envinit[i++] =local_port;
-    skip_localaddr_env:
-
-      aierr = getnameinfo(fromp, socklen(fromp),
-			  hbuf, sizeof(hbuf), sbuf, sizeof(sbuf),
-			  NI_NUMERICHOST | NI_NUMERICSERV);
-      if (aierr)
-	  goto skip_remoteaddr_env;
-      sprintf(remote_addr, "KRB5REMOTEADDR=%s", hbuf);
-      envinit[i++] =remote_addr;
-
-      sprintf(remote_port, "KRB5REMOTEPORT=%s", sbuf);
-      envinit[i++] =remote_port;
-
-    skip_remoteaddr_env:
-      ;
+      sprintf(remote_addr, "KRB5REMOTEADDR=%s", inet_ntoa(fromp->sin_addr));
+      for (; envinit[i]; i++);
+      envinit[i] =remote_addr;
+
+      sprintf(remote_port, "KRB5REMOTEPORT=%d", ntohs(fromp->sin_port));
+      for (; envinit[i]; i++);
+      envinit[i] =remote_port;
     }
 
     /* If we do anything else, make sure there is space in the array. */
@@ -1763,6 +1760,7 @@ void usage()
 }
 
 
+
 #ifdef KERBEROS
 
 #ifndef KRB_SENDAUTH_VLEN
@@ -1775,7 +1773,7 @@ void usage()
 static krb5_error_code
 recvauth(netfd, peersin, valid_checksum)
      int netfd;
-     struct sockaddr *peersin;
+     struct sockaddr_in peersin;
      int *valid_checksum;
 {
     krb5_auth_context auth_context = NULL;
@@ -1848,7 +1846,7 @@ recvauth(netfd, peersin, valid_checksum)
 				  0, 		/* v4_opts */
 				  "rcmd", 	/* v4_service */
 				  v4_instance, 	/* v4_instance */
-				  peersin, 	/* foreign address */
+				  &peersin, 	/* foreign address */
 				  &laddr, 	/* our local address */
 				  "", 		/* use default srvtab */
 
@@ -1925,28 +1923,16 @@ recvauth(netfd, peersin, valid_checksum)
       return status;
     
     if (authenticator->checksum && !checksum_ignored) {
-	struct sockaddr_storage adr;
-	unsigned int adr_length = sizeof(adr);
-	int e;
-	unsigned int buflen = strlen(cmdbuf)+strlen(locuser)+32;
-	char * chksumbuf = (char *) malloc(buflen);
+	struct sockaddr_in adr;
+	int adr_length = sizeof(adr);
+	char * chksumbuf = (char *) malloc(strlen(cmdbuf)+strlen(locuser)+32);
 
 	if (chksumbuf == 0)
 	    goto error_cleanup;
 	if (getsockname(netfd, (struct sockaddr *) &adr, &adr_length) != 0)
 	    goto error_cleanup;
 
-	e = getnameinfo((struct sockaddr *)&adr, adr_length, 0, 0,
-			chksumbuf, buflen, NI_NUMERICSERV);
-	if (e) {
-	    free(chksumbuf);
-	    fatal(netfd, "local error: can't examine port number");
-	}
-	if (strlen(chksumbuf) > 30) {
-	    free(chksumbuf);
-	    fatal(netfd, "wacky local port number?!");
-	}
-	strcat(chksumbuf, ":");
+	sprintf(chksumbuf,"%u:", ntohs(adr.sin_port));
 	strcat(chksumbuf,cmdbuf);
 	strcat(chksumbuf,locuser);