From 3cd03d297e5878d66fe53c59da4734acd85ceed5 Mon Sep 17 00:00:00 2001
From: tholo <tholo@openbsd.org>
Date: Mon, 29 Jan 1996 19:18:40 +0000
Subject: [PATCH] Make it work for multi-homed servers by default; remove need
 for krb.equiv

---
 kerberosIV/include/kerberosIV/site.h |  3 +-
 kerberosIV/krb/Makefile              |  2 +-
 kerberosIV/krb/krb_equiv.c           | 80 ----------------------------
 kerberosIV/krb/rd_priv.c             |  3 --
 kerberosIV/krb/rd_req.c              |  2 -
 kerberosIV/krb/rd_safe.c             |  3 --
 kerberosIV/man/Makefile              |  4 +-
 kerberosIV/man/krb.equiv.5           | 25 ---------
 8 files changed, 4 insertions(+), 118 deletions(-)
 delete mode 100644 kerberosIV/krb/krb_equiv.c
 delete mode 100644 kerberosIV/man/krb.equiv.5

diff --git a/kerberosIV/include/kerberosIV/site.h b/kerberosIV/include/kerberosIV/site.h
index 179a579c5bf..834777a19b3 100644
--- a/kerberosIV/include/kerberosIV/site.h
+++ b/kerberosIV/include/kerberosIV/site.h
@@ -1,4 +1,4 @@
-/*	$Id: site.h,v 1.2 1995/12/14 08:43:43 tholo Exp $	*/
+/*	$Id: site.h,v 1.3 1996/01/29 19:18:40 tholo Exp $	*/
 
 /* 
  * Site-specific definitions.
@@ -12,7 +12,6 @@
  */
 #define	KRB_CONF	"/etc/kerberosIV/krb.conf"
 #define	KRB_RLM_TRANS	"/etc/kerberosIV/krb.realms"
-#define	KRB_EQUIV	"/etc/kerberosIV/krb.equiv"
 #define KRB_ACL		"/etc/kerberosIV/kerberos.acl"
 #define MKEYFILE	"/etc/kerberosIV/master_key"
 #define KEYFILE		"/etc/kerberosIV/srvtab"
diff --git a/kerberosIV/krb/Makefile b/kerberosIV/krb/Makefile
index 80fc074bfae..260bc68c811 100644
--- a/kerberosIV/krb/Makefile
+++ b/kerberosIV/krb/Makefile
@@ -8,7 +8,7 @@ SRCS=	cr_err_reply.c create_auth_reply.c create_ciph.c \
 	get_cred.c get_in_tkt.c get_krbhst.c get_krbrlm.c get_phost.c \
 	get_pw_tkt.c get_request.c get_svc_in_tkt.c get_tf_fullname.c \
 	get_tf_realm.c getrealm.c getst.c in_tkt.c k_localtime.c klog.c \
-	kname_parse.c kntoln.c kparse.c krb_equiv.c krb_err.c krb_err_txt.c \
+	kname_parse.c kntoln.c kparse.c krb_err.c krb_err_txt.c \
 	krb_get_in_tkt.c kuserok.c lifetime.c log.c mk_err.c mk_priv.c \
 	mk_req.c mk_safe.c month_sname.c netread.c netwrite.c one.c \
 	pkt_cipher.c pkt_clen.c rd_err.c rd_priv.c rd_req.c rd_safe.c \
diff --git a/kerberosIV/krb/krb_equiv.c b/kerberosIV/krb/krb_equiv.c
deleted file mode 100644
index 0cc13a61a84..00000000000
--- a/kerberosIV/krb/krb_equiv.c
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * int krb_equiv(u_int32_t ipaddr_a, u_int32_t ipaddr_b);
- *
- * Given two IP adresses return true if they match
- * or are considered to belong to the same host.
- *
- * For example if /etc/krb.equiv looks like
- *
- *    130.237.223.3   192.16.126.3    # alv alv1
- *    130.237.223.4   192.16.126.4    # byse byse1
- *    130.237.228.152 192.16.126.9    # topsy topsy1
- *
- * krb_equiv(alv, alv1) would return true but
- * krb_equiv(alv, byse1) would not.
- *
- * A comment starts with an '#' and ends with '\n'.
- *
- */
-#include "krb_locl.h"
-
-int
-krb_equiv(a, b)
-	u_int32_t a;
-	u_int32_t b;
-{
-#ifdef NO_IPADDR_CHECK
-  return 1;
-#else
-
-  FILE *fil;
-  int result = 0;
-  char line[256];
-  
-  if (a == b)			/* trivial match */
-    return 1;
-  
-  fil = fopen(KRB_EQUIV, "r");
-  if (fil == NULL)		/* open failed */
-    return 0;
-  
-  while (fgets(line, sizeof(line)-1, fil) != NULL) /* for each line */
-    {
-      int hit_a = 0, hit_b = 0;
-      char *t = line;
-      
-      /* for each item on this line */
-      while (*t != 0)		/* more addresses on this line? */
-	if (*t == '#')		/* rest is comment */
-	  *t = 0;
-	else if (isspace(*t))	/* skip space */
-	  t++;
-	else if (isdigit(*t))	/* an address? */
-	  {
-	    u_int32_t tmp = inet_addr(t);
-	    if (tmp == -1)
-	      ;			/* not an address (or broadcast) */
-	    else if (tmp == a)
-	      hit_a = 1;
-	    else if (tmp == b)
-	      hit_b = 1;
-	    
-	    while (*t == '.' || isdigit(*t)) /* done with this address */
-	      t++;
-	  }
-	else
-	  *t = 0;		/* garbage on this line, skip it */
-
-      /* line is now parsed, if we found 2 matches were done */
-      if (hit_a && hit_b)
-	{
-	  result = 1;
-	  goto done;
-	}
-    }
-
- done:
-  fclose(fil);
-  return result;
-#endif /* !NO_IPADDR_CHECK */
-}
diff --git a/kerberosIV/krb/rd_priv.c b/kerberosIV/krb/rd_priv.c
index 21c959e34c9..dd1db1bc9b9 100644
--- a/kerberosIV/krb/rd_priv.c
+++ b/kerberosIV/krb/rd_priv.c
@@ -154,9 +154,6 @@ krb_rd_priv(in, in_length, schedule, key, sender, receiver, m_data)
     /* don't swap, net order always */
     p += sizeof(src_addr);
 
-    if (!krb_equiv(src_addr, sender->sin_addr.s_addr))
-	return RD_AP_MODIFIED;
-
     /* safely get time_sec */
     bcopy((char *) p, (char *)&(m_data->time_sec),
 	  sizeof(m_data->time_sec));
diff --git a/kerberosIV/krb/rd_req.c b/kerberosIV/krb/rd_req.c
index 4d281461a87..1da48124e30 100644
--- a/kerberosIV/krb/rd_req.c
+++ b/kerberosIV/krb/rd_req.c
@@ -311,8 +311,6 @@ krb_rd_req(authent, service, instance, from_addr, ad, fn)
 
     if (krb_ap_req_debug)
         log("Address: %d %d",ad->address,from_addr);
-    if (from_addr && (!krb_equiv(ad->address, from_addr)))
-        return(RD_AP_BADD);
 
     (void) gettimeofday(&t_local,(struct timezone *) 0);
     delta_t = abs((int)(t_local.tv_sec - r_time_sec));
diff --git a/kerberosIV/krb/rd_safe.c b/kerberosIV/krb/rd_safe.c
index aeb829a8887..c889063a458 100644
--- a/kerberosIV/krb/rd_safe.c
+++ b/kerberosIV/krb/rd_safe.c
@@ -132,9 +132,6 @@ krb_rd_safe protocol err sizeof(src_addr) != sizeof(struct in_addr)");
     /* don't swap, net order always */
     p += sizeof(src_addr);
 
-    if (!krb_equiv(src_addr, sender->sin_addr.s_addr))
-        return RD_AP_MODIFIED;
-
     /* safely get time_sec */
     bcopy((char *)p, (char *)&(m_data->time_sec),
           sizeof(m_data->time_sec));
diff --git a/kerberosIV/man/Makefile b/kerberosIV/man/Makefile
index 57197dc7179..19dc8a7f4a5 100644
--- a/kerberosIV/man/Makefile
+++ b/kerberosIV/man/Makefile
@@ -1,6 +1,6 @@
 #	from @(#)Makefile	8.1 (Berkeley) 6/1/93
-#	$Id: Makefile,v 1.1.1.1 1995/12/14 06:52:35 tholo Exp $
+#	$Id: Makefile,v 1.2 1996/01/29 19:18:49 tholo Exp $
 
-MAN=	kerberos.1 krb.conf.5 krb.equiv.5 krb.realms.5
+MAN=	kerberos.1 krb.conf.5 krb.realms.5
 
 .include <bsd.prog.mk>
diff --git a/kerberosIV/man/krb.equiv.5 b/kerberosIV/man/krb.equiv.5
deleted file mode 100644
index edc438b1409..00000000000
--- a/kerberosIV/man/krb.equiv.5
+++ /dev/null
@@ -1,25 +0,0 @@
-.\" Copyright 1989 by the Massachusetts Institute of Technology.
-.\"
-.\" For copying and distribution information,
-.\" please see the file <mit-copyright.h>.
-.\"
-.\"	$Id: krb.equiv.5,v 1.1.1.1 1995/12/14 06:52:35 tholo Exp $
-.TH KRB.EQUIV 5 "Kerberos Version 4.0" "MIT Project Athena"
-.SH NAME
-/etc/kerberosIV/krb.equiv \- Kerberos equivalent hosts file
-.SH DESCRIPTION
-.I krb.equiv
-contains a list of IP address pairs that is to be considered being
-the same host for Kerberos purposes.
-.PP
-.I krb.equiv
-contains one pair of IP addresses per line.
-For example:
-.nf
-.in +1i
-130.237.223.3   192.16.126.3   # alv alv1
-130.237.223.4   192.16.126.4   # byse byse1
-130.237.228.152 192.16.126.9   # topsy topsy1
-.in -1i
-.SH SEE ALSO
-krb.conf(5), krb.realms(5), krb_equiv(3)
-- 
2.20.1