From 9742b65930b8abd4b6bb0418e50cbca5331b631d Mon Sep 17 00:00:00 2001
From: shin <shin@FreeBSD.org>
Date: Tue, 1 Feb 2000 15:55:56 +0000
Subject: sync iruserok() extension API with other BSDs

  Some of rcmd related function is need to be updated to
  support IPv6. Some of them are already updated as standard
  document. But there is also several de-facto functions and
  they are not listed in standard documents.
  They are,

    iruserok()  (used by rlogind, rshd)
    ruserok()   (used by kerberos, etc)

  KAME package updated those functions in original way.

    iruserok_af()
    ruserok_af()

  But recently there was discussion on IETF IPng mailing
  list about how to sync those API, and it is decided,

    -Those function is not standard and not documented.
    -But let BSDs sync their API as de-facto.

  And after some discussion, it is announced that

    -add update to iruserok() as iruserok_sa()
    -no ruserok() API change(it is only updated internaly)

So I sync those API before 4.0 is released.
The changes are,
   -prototype changes
   -ruserok() internal update (use iruserok_sa() inside)
   -removal of ruserok_af()
   -change iruserok_af() as static functioin, and also prefix the name with __.
   -add iruserok_sa() (Just call __iruserok_af() inside)
   -adding flag AI_ALL to getipnodebyaddr() called from __icheckhost().
    This is necessary to support IPv4 communication via AF_INET6 socket
    could be correctly authenticated via iruserok_sa()
   -irusreok_af() call is replaced to iruserok_sa() call
    in rlogind, and rshd.

Approved by: jkh
---
 libexec/rlogind/rlogind.c | 17 ++---------------
 libexec/rshd/rshd.c       | 10 ++--------
 2 files changed, 4 insertions(+), 23 deletions(-)

(limited to 'libexec')

diff --git a/libexec/rlogind/rlogind.c b/libexec/rlogind/rlogind.c
index 817f6c8..11cf1c1 100644
--- a/libexec/rlogind/rlogind.c
+++ b/libexec/rlogind/rlogind.c
@@ -597,21 +597,8 @@ do_rlogin(dest)
 		return (-1);
 	/* XXX why don't we syslog() failure? */
 
-	af = dest->su_family;
-	switch (af) {
-	case AF_INET:
-		addr = (char *)&dest->su_sin.sin_addr;
-		break;
-#ifdef INET6
-	case AF_INET6:
-		addr = (char *)&dest->su_sin6.sin6_addr;
-		break;
-#endif
-	default:
-		return -1;	/*EAFNOSUPPORT*/
-	}
-	
-	return (iruserok_af(addr, pwd->pw_uid == 0, rusername, lusername, af));
+	return (iruserok_sa(dest, dest->su_len, pwd->pw_uid == 0, rusername,
+			    lusername));
 }
 
 void
diff --git a/libexec/rshd/rshd.c b/libexec/rshd/rshd.c
index e5e07a4..cdc2ce1 100644
--- a/libexec/rshd/rshd.c
+++ b/libexec/rshd/rshd.c
@@ -408,14 +408,8 @@ doit(fromp)
 		if (errorstr ||
 		    (pwd->pw_expire && time(NULL) >= pwd->pw_expire) ||
 		    (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
-		    iruserok_af(
-#ifdef INET6
-				(af == AF_INET6)
-				? (void *)&fromp->su_sin6.sin6_addr :
-#endif
-				(void *)&fromp->su_sin.sin_addr,
-				pwd->pw_uid == 0,
-		    remuser, locuser, af) < 0)) {
+		     iruserok_sa(fromp, fromp->su_len, pwd->pw_uid == 0,
+				 remuser, locuser) < 0)) {
 			if (__rcmd_errstr)
 				syslog(LOG_INFO|LOG_AUTH,
 			    "%s@%s as %s: permission denied (%s). cmd='%.80s'",
-- 
cgit v1.1