Make it work for multi-homed servers by default; remove need for krb.equiv

diff --git a/kerberosIV/include/kerberosIV/site.h b/kerberosIV/include/kerberosIV/site.h
index 179a579..834777a 100644 (file)
--- a/kerberosIV/include/kerberosIV/site.h
+++ b/kerberosIV/include/kerberosIV/site.h
@@ -1,4 +1,4 @@
-/*     $Id: site.h,v 1.2 1995/12/14 08:43:43 tholo Exp $       */
+/*     $Id: site.h,v 1.3 1996/01/29 19:18:40 tholo Exp $       */
 
 /* 
  * Site-specific definitions.
@@ -12,7 +12,6 @@
  */
 #define        KRB_CONF        "/etc/kerberosIV/krb.conf"
 #define        KRB_RLM_TRANS   "/etc/kerberosIV/krb.realms"
-#define        KRB_EQUIV       "/etc/kerberosIV/krb.equiv"
 #define KRB_ACL                "/etc/kerberosIV/kerberos.acl"
 #define MKEYFILE       "/etc/kerberosIV/master_key"
 #define KEYFILE                "/etc/kerberosIV/srvtab"

diff --git a/kerberosIV/krb/Makefile b/kerberosIV/krb/Makefile
index 80fc074..260bc68 100644 (file)
--- a/kerberosIV/krb/Makefile
+++ b/kerberosIV/krb/Makefile
@@ -8,7 +8,7 @@ SRCS=   cr_err_reply.c create_auth_reply.c create_ciph.c \
        get_cred.c get_in_tkt.c get_krbhst.c get_krbrlm.c get_phost.c \
        get_pw_tkt.c get_request.c get_svc_in_tkt.c get_tf_fullname.c \
        get_tf_realm.c getrealm.c getst.c in_tkt.c k_localtime.c klog.c \
-       kname_parse.c kntoln.c kparse.c krb_equiv.c krb_err.c krb_err_txt.c \
+       kname_parse.c kntoln.c kparse.c krb_err.c krb_err_txt.c \
        krb_get_in_tkt.c kuserok.c lifetime.c log.c mk_err.c mk_priv.c \
        mk_req.c mk_safe.c month_sname.c netread.c netwrite.c one.c \
        pkt_cipher.c pkt_clen.c rd_err.c rd_priv.c rd_req.c rd_safe.c \

diff --git a/kerberosIV/krb/krb_equiv.c b/kerberosIV/krb/krb_equiv.c
deleted file mode 100644 (file)
index 0cc13a6..0000000
--- a/kerberosIV/krb/krb_equiv.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * int krb_equiv(u_int32_t ipaddr_a, u_int32_t ipaddr_b);
- *
- * Given two IP adresses return true if they match
- * or are considered to belong to the same host.
- *
- * For example if /etc/krb.equiv looks like
- *
- *    130.237.223.3   192.16.126.3    # alv alv1
- *    130.237.223.4   192.16.126.4    # byse byse1
- *    130.237.228.152 192.16.126.9    # topsy topsy1
- *
- * krb_equiv(alv, alv1) would return true but
- * krb_equiv(alv, byse1) would not.
- *
- * A comment starts with an '#' and ends with '\n'.
- *
- */
-#include "krb_locl.h"
-
-int
-krb_equiv(a, b)
-       u_int32_t a;
-       u_int32_t b;
-{
-#ifdef NO_IPADDR_CHECK
-  return 1;
-#else
-
-  FILE *fil;
-  int result = 0;
-  char line[256];
-  
-  if (a == b)                  /* trivial match */
-    return 1;
-  
-  fil = fopen(KRB_EQUIV, "r");
-  if (fil == NULL)             /* open failed */
-    return 0;
-  
-  while (fgets(line, sizeof(line)-1, fil) != NULL) /* for each line */
-    {
-      int hit_a = 0, hit_b = 0;
-      char *t = line;
-      
-      /* for each item on this line */
-      while (*t != 0)          /* more addresses on this line? */
-       if (*t == '#')          /* rest is comment */
-         *t = 0;
-       else if (isspace(*t))   /* skip space */
-         t++;
-       else if (isdigit(*t))   /* an address? */
-         {
-           u_int32_t tmp = inet_addr(t);
-           if (tmp == -1)
-             ;                 /* not an address (or broadcast) */
-           else if (tmp == a)
-             hit_a = 1;
-           else if (tmp == b)
-             hit_b = 1;
-           
-           while (*t == '.' || isdigit(*t)) /* done with this address */
-             t++;
-         }
-       else
-         *t = 0;               /* garbage on this line, skip it */
-
-      /* line is now parsed, if we found 2 matches were done */
-      if (hit_a && hit_b)
-       {
-         result = 1;
-         goto done;
-       }
-    }
-
- done:
-  fclose(fil);
-  return result;
-#endif /* !NO_IPADDR_CHECK */
-}

diff --git a/kerberosIV/krb/rd_priv.c b/kerberosIV/krb/rd_priv.c
index 21c959e..dd1db1b 100644 (file)
--- a/kerberosIV/krb/rd_priv.c
+++ b/kerberosIV/krb/rd_priv.c
@@ -154,9 +154,6 @@ krb_rd_priv(in, in_length, schedule, key, sender, receiver, m_data)
     /* don't swap, net order always */
     p += sizeof(src_addr);
 
-    if (!krb_equiv(src_addr, sender->sin_addr.s_addr))
-       return RD_AP_MODIFIED;
-
     /* safely get time_sec */
     bcopy((char *) p, (char *)&(m_data->time_sec),
          sizeof(m_data->time_sec));

diff --git a/kerberosIV/krb/rd_req.c b/kerberosIV/krb/rd_req.c
index 4d28146..1da4812 100644 (file)
--- a/kerberosIV/krb/rd_req.c
+++ b/kerberosIV/krb/rd_req.c
@@ -311,8 +311,6 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn)
 
     if (krb_ap_req_debug)
         log("Address: %d %d",ad->address,from_addr);
-    if (from_addr && (!krb_equiv(ad->address, from_addr)))
-        return(RD_AP_BADD);
 
     (void) gettimeofday(&t_local,(struct timezone *) 0);
     delta_t = abs((int)(t_local.tv_sec - r_time_sec));

diff --git a/kerberosIV/krb/rd_safe.c b/kerberosIV/krb/rd_safe.c
index aeb829a..c889063 100644 (file)
--- a/kerberosIV/krb/rd_safe.c
+++ b/kerberosIV/krb/rd_safe.c
@@ -132,9 +132,6 @@ krb_rd_safe protocol err sizeof(src_addr) != sizeof(struct in_addr)");
     /* don't swap, net order always */
     p += sizeof(src_addr);
 
-    if (!krb_equiv(src_addr, sender->sin_addr.s_addr))
-        return RD_AP_MODIFIED;
-
     /* safely get time_sec */
     bcopy((char *)p, (char *)&(m_data->time_sec),
           sizeof(m_data->time_sec));

diff --git a/kerberosIV/man/Makefile b/kerberosIV/man/Makefile
index 57197dc..19dc8a7 100644 (file)
--- a/kerberosIV/man/Makefile
+++ b/kerberosIV/man/Makefile
@@ -1,6 +1,6 @@
 #      from @(#)Makefile       8.1 (Berkeley) 6/1/93
-#      $Id: Makefile,v 1.1.1.1 1995/12/14 06:52:35 tholo Exp $
+#      $Id: Makefile,v 1.2 1996/01/29 19:18:49 tholo Exp $
 
-MAN=   kerberos.1 krb.conf.5 krb.equiv.5 krb.realms.5
+MAN=   kerberos.1 krb.conf.5 krb.realms.5
 
 .include <bsd.prog.mk>

diff --git a/kerberosIV/man/krb.equiv.5 b/kerberosIV/man/krb.equiv.5
deleted file mode 100644 (file)
index edc438b..0000000
--- a/kerberosIV/man/krb.equiv.5
+++ /dev/null
@@ -1,25 +0,0 @@
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <mit-copyright.h>.
-.\"
-.\"    $Id: krb.equiv.5,v 1.1.1.1 1995/12/14 06:52:35 tholo Exp $
-.TH KRB.EQUIV 5 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-/etc/kerberosIV/krb.equiv \- Kerberos equivalent hosts file
-.SH DESCRIPTION
-.I krb.equiv
-contains a list of IP address pairs that is to be considered being
-the same host for Kerberos purposes.
-.PP
-.I krb.equiv
-contains one pair of IP addresses per line.
-For example:
-.nf
-.in +1i
-130.237.223.3   192.16.126.3   # alv alv1
-130.237.223.4   192.16.126.4   # byse byse1
-130.237.228.152 192.16.126.9   # topsy topsy1
-.in -1i
-.SH SEE ALSO
-krb.conf(5), krb.realms(5), krb_equiv(3)