diff options
| author | Kris Kennaway <kris@FreeBSD.org> | 2002-12-09 01:54:18 +0000 |
|---|---|---|
| committer | Kris Kennaway <kris@FreeBSD.org> | 2002-12-09 01:54:18 +0000 |
| commit | 6782ba5dbfaa505af7820b9c7345d5d4cd0188e3 (patch) | |
| tree | dc862447d711611770f8259d87df3497b54bd712 /net/radius/files/patch-ad | |
| parent | This port has been FORBIDDEN for 10 months for security reasons, and (diff) | |
These ports have been forbidden for 10 months for security reasons.
Removal was announced on Oct 12.
Notes
Notes:
svn path=/head/; revision=71457
Diffstat (limited to 'net/radius/files/patch-ad')
| -rw-r--r-- | net/radius/files/patch-ad | 67 |
1 files changed, 0 insertions, 67 deletions
diff --git a/net/radius/files/patch-ad b/net/radius/files/patch-ad deleted file mode 100644 index d6fe8e6628e9..000000000000 --- a/net/radius/files/patch-ad +++ /dev/null @@ -1,67 +0,0 @@ ---- src/rad.kerberos.c~ Fri Jun 26 00:40:50 1998 -+++ src/rad.kerberos.c Thu Sep 17 18:50:28 1998 -@@ -80,8 +80,8 @@ - - #include <krb.h> - --static int krb_pass PROTO((AUTH_REQ *, int, char *, -- int (*) (AUTH_REQ *, int, char *))); -+static int krb_pass (AUTH_REQ *, int, char *, -+ int (*) (AUTH_REQ *, int, char *)); - - extern int debug_flag; - -@@ -225,8 +225,14 @@ - krbval = INTK_BADPW; /* Fail if type is bad somehow */ - - /* get the ticket */ -- krbval = krb_get_in_tkt (userid, "", realm, "krbtgt", realm, -+ krbval = krb_get_in_tkt (userid, KRB_INSTANCE, realm, "krbtgt", realm, - DEFAULT_TKT_LIFE, passwd_to_key, NULL, passwd); -+ /* -+ * XXX -+ * This can be spoofed fairly easily... Should attempt to authenticate -+ * to some service on this machine (e.g., radius.thishost@REALM) -+ * in order to ensure that the ticket we just got is really valid. -+ */ - switch (krbval) - { - case INTK_OK: -@@ -294,6 +300,37 @@ - krbval, userid, realm); - break; - } -+#ifdef M_KERB -+ /* -+ * Ticket verification code based loosely on Berkeley klogin.c 8.3 -+ */ -+ if (krbreturn != EV_ACK) { -+ dest_tkt(); -+ memset(passwd, 0, sizeof passwd); -+ } else { -+ struct sockaddr_in sin; -+ char host[MAXHOSTNAMELEN], *p; -+ AUTH_DAT authdata; -+ KTEXT_ST ticket; -+ -+ krb_get_local_addr(&sin); -+ gethostname(host, sizeof host); -+ if ((p = strchr(host, '.')) != 0) -+ *p = '\0'; -+ krbval = krb_mk_req(&ticket, "radius", host, realm, 33); -+ if (krbval == KSUCCESS) { -+ krbval = krb_rd_req(&ticket, "radius", host, -+ sin.sin_addr.s_addr, &authdata, -+ ""); -+ } -+ if (krbval != KSUCCESS) { -+ logit(LOG_DAEMON, LOG_ERR, -+ "Kerberos error verifying ticket for %s: %s", -+ func, krb_err_txt[krbval]); -+ krbreturn = EV_NAK; -+ } -+ } -+#endif /* M_KERB */ - - dest_tkt (); /* destroy the ticket */ - memset (passwd, 0, sizeof (passwd)); |