Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

usr.bin/rlogin from Lite

This commit is contained in:
cgd 1995-03-21 07:48:23 +00:00
parent e553431826
commit 0e535da105
4 changed files with 719 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

203
usr.bin/rlogin/des_rw.c Normal file
View File

@ -0,0 +1,203 @@
/*-
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
static char sccsid[] = "@(#)des_rw.c 8.1 (Berkeley) 6/6/93";
#endif /* not lint */
#ifdef CRYPT
#ifdef KERBEROS
#include <sys/param.h>
#include <kerberosIV/des.h>
#include <kerberosIV/krb.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
static unsigned char des_inbuf[10240], storage[10240], *store_ptr;
static bit_64 *key;
static u_char *key_schedule;
/* XXX these should be in a kerberos include file */
int krb_net_read __P((int, char *, int));
#ifdef notdef
/* XXX too hard to make this work */
int des_pcbc_encrypt __P((des_cblock *, des_cblock *, long,
des_key_schedule, des_cblock *, int));
#endif
/*
* NB: These routines will not function properly if NBIO
* is set
*/
/*
* des_set_key
*
* Set des encryption/decryption key for use by the des_read and
* des_write routines
*
* The inkey parameter is actually the DES initial vector,
* and the insched is the DES Key unwrapped for faster decryption
*/
void
des_set_key(inkey, insched)
bit_64 *inkey;
u_char *insched;
{
key = inkey;
key_schedule = insched;
}
void
des_clear_key()
{
bzero((char *) key, sizeof(C_Block));
bzero((char *) key_schedule, sizeof(Key_schedule));
}
int
des_read(fd, buf, len)
int fd;
register char *buf;
int len;
{
int nreturned = 0;
long net_len, rd_len;
int nstored = 0;
if (nstored >= len) {
(void) bcopy(store_ptr, buf, len);
store_ptr += len;
nstored -= len;
return(len);
} else if (nstored) {
(void) bcopy(store_ptr, buf, nstored);
nreturned += nstored;
buf += nstored;
len -= nstored;
nstored = 0;
}
if (krb_net_read(fd, (char *)&net_len, sizeof(net_len)) !=
sizeof(net_len)) {
/* XXX can't read enough, pipe
must have closed */
return(0);
}
net_len = ntohl(net_len);
if (net_len <= 0 || net_len > sizeof(des_inbuf)) {
/* preposterous length; assume out-of-sync; only
recourse is to close connection, so return 0 */
return(0);
}
/* the writer tells us how much real data we are getting, but
we need to read the pad bytes (8-byte boundary) */
rd_len = roundup(net_len, 8);
if (krb_net_read(fd, (char *)des_inbuf, rd_len) != rd_len) {
/* pipe must have closed, return 0 */
return(0);
}
(void) des_pcbc_encrypt(des_inbuf, /* inbuf */
storage, /* outbuf */
net_len, /* length */
key_schedule, /* DES key */
key, /* IV */
DECRYPT); /* direction */
if(net_len < 8)
store_ptr = storage + 8 - net_len;
else
store_ptr = storage;
nstored = net_len;
if (nstored > len) {
(void) bcopy(store_ptr, buf, len);
nreturned += len;
store_ptr += len;
nstored -= len;
} else {
(void) bcopy(store_ptr, buf, nstored);
nreturned += nstored;
nstored = 0;
}
return(nreturned);
}
static unsigned char des_outbuf[10240]; /* > longest write */
int
des_write(fd, buf, len)
int fd;
char *buf;
int len;
{
static int seeded = 0;
static char garbage_buf[8];
long net_len, garbage;
if(len < 8) {
if(!seeded) {
seeded = 1;
srandom((int) time((long *)0));
}
garbage = random();
/* insert random garbage */
(void) bcopy(&garbage, garbage_buf, MIN(sizeof(long),8));
/* this "right-justifies" the data in the buffer */
(void) bcopy(buf, garbage_buf + 8 - len, len);
}
/* pcbc_encrypt outputs in 8-byte (64 bit) increments */
(void) des_pcbc_encrypt((len < 8) ? garbage_buf : buf,
des_outbuf,
(len < 8) ? 8 : len,
key_schedule, /* DES key */
key, /* IV */
ENCRYPT);
/* tell the other end the real amount, but send an 8-byte padded
packet */
net_len = htonl(len);
(void) write(fd, &net_len, sizeof(net_len));
(void) write(fd, des_outbuf, roundup(len,8));
return(len);
}
#endif /* KERBEROS */
#endif /* CRYPT */

307
usr.bin/rlogin/kcmd.c Normal file
View File

@ -0,0 +1,307 @@
/*
* Copyright (c) 1983, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
static char Xsccsid[] = "derived from @(#)rcmd.c 5.17 (Berkeley) 6/27/88";
static char sccsid[] = "@(#)kcmd.c 8.2 (Berkeley) 8/19/93";
#endif /* not lint */
#include <sys/param.h>
#include <sys/file.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <kerberosIV/des.h>
#include <kerberosIV/krb.h>
#include <kerberosIV/kparse.h>
#include <ctype.h>
#include <errno.h>
#include <netdb.h>
#include <pwd.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "krb.h"
#ifndef MAXHOSTNAMELEN
#define MAXHOSTNAMELEN 64
#endif
#define START_PORT 5120 /* arbitrary */
int getport __P((int *));
int
kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, ticket, service, realm,
cred, schedule, msg_data, laddr, faddr, authopts)
int *sock;
char **ahost;
u_short rport;
char *locuser, *remuser, *cmd;
int *fd2p;
KTEXT ticket;
char *service;
char *realm;
CREDENTIALS *cred;
Key_schedule schedule;
MSG_DAT *msg_data;
struct sockaddr_in *laddr, *faddr;
long authopts;
{
int s, timo = 1, pid;
long oldmask;
struct sockaddr_in sin, from;
char c;
#ifdef ATHENA_COMPAT
int lport = IPPORT_RESERVED - 1;
#else
int lport = START_PORT;
#endif
struct hostent *hp;
int rc;
char *host_save;
int status;
pid = getpid();
hp = gethostbyname(*ahost);
if (hp == NULL) {
/* fprintf(stderr, "%s: unknown host\n", *ahost); */
return (-1);
}
host_save = malloc(strlen(hp->h_name) + 1);
strcpy(host_save, hp->h_name);
*ahost = host_save;
#ifdef KERBEROS
/* If realm is null, look up from table */
if (realm == NULL || realm[0] == '\0')
realm = krb_realmofhost(host_save);
#endif /* KERBEROS */
oldmask = sigblock(sigmask(SIGURG));
for (;;) {
s = getport(&lport);
if (s < 0) {
if (errno == EAGAIN)
fprintf(stderr,
"kcmd(socket): All ports in use\n");
else
perror("kcmd: socket");
sigsetmask(oldmask);
return (-1);
}
fcntl(s, F_SETOWN, pid);
sin.sin_family = hp->h_addrtype;
#if defined(ultrix) || defined(sun)
bcopy(hp->h_addr, (caddr_t)&sin.sin_addr, hp->h_length);
#else
bcopy(hp->h_addr_list[0], (caddr_t)&sin.sin_addr, hp->h_length);
#endif
sin.sin_port = rport;
if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
break;
(void) close(s);
if (errno == EADDRINUSE) {
lport--;
continue;
}
/*
* don't wait very long for Kerberos rcmd.
*/
if (errno == ECONNREFUSED && timo <= 4) {
/* sleep(timo); don't wait at all here */
timo *= 2;
continue;
}
#if !(defined(ultrix) || defined(sun))
if (hp->h_addr_list[1] != NULL) {
int oerrno = errno;
fprintf(stderr,
"kcmd: connect to address %s: ",
inet_ntoa(sin.sin_addr));
errno = oerrno;
perror(NULL);
hp->h_addr_list++;
bcopy(hp->h_addr_list[0], (caddr_t)&sin.sin_addr,
hp->h_length);
fprintf(stderr, "Trying %s...\n",
inet_ntoa(sin.sin_addr));
continue;
}
#endif /* !(defined(ultrix) || defined(sun)) */
if (errno != ECONNREFUSED)
perror(hp->h_name);
sigsetmask(oldmask);
return (-1);
}
lport--;
if (fd2p == 0) {
write(s, "", 1);
lport = 0;
} else {
char num[8];
int s2 = getport(&lport), s3;
int len = sizeof(from);
if (s2 < 0) {
status = -1;
goto bad;
}
listen(s2, 1);
(void) sprintf(num, "%d", lport);
if (write(s, num, strlen(num) + 1) != strlen(num) + 1) {
perror("kcmd(write): setting up stderr");
(void) close(s2);
status = -1;
goto bad;
}
s3 = accept(s2, (struct sockaddr *)&from, &len);
(void) close(s2);
if (s3 < 0) {
perror("kcmd:accept");
lport = 0;
status = -1;
goto bad;
}
*fd2p = s3;
from.sin_port = ntohs((u_short)from.sin_port);
if (from.sin_family != AF_INET ||
from.sin_port >= IPPORT_RESERVED) {
fprintf(stderr,
"kcmd(socket): protocol failure in circuit setup.\n");
status = -1;
goto bad2;
}
}
/*
* Kerberos-authenticated service. Don't have to send locuser,
* since its already in the ticket, and we'll extract it on
* the other side.
*/
/* (void) write(s, locuser, strlen(locuser)+1); */
/* set up the needed stuff for mutual auth, but only if necessary */
if (authopts & KOPT_DO_MUTUAL) {
int sin_len;
*faddr = sin;
sin_len = sizeof(struct sockaddr_in);
if (getsockname(s, (struct sockaddr *)laddr, &sin_len) < 0) {
perror("kcmd(getsockname)");
status = -1;
goto bad2;
}
}
#ifdef KERBEROS
if ((status = krb_sendauth(authopts, s, ticket, service, *ahost,
realm, (unsigned long) getpid(), msg_data,
cred, schedule,
laddr,
faddr,
"KCMDV0.1")) != KSUCCESS)
goto bad2;
#endif /* KERBEROS */
(void) write(s, remuser, strlen(remuser)+1);
(void) write(s, cmd, strlen(cmd)+1);
if ((rc = read(s, &c, 1)) != 1) {
if (rc == -1)
perror(*ahost);
else
fprintf(stderr,"kcmd: bad connection with remote host\n");
status = -1;
goto bad2;
}
if (c != '\0') {
while (read(s, &c, 1) == 1) {
(void) write(2, &c, 1);
if (c == '\n')
break;
}
status = -1;
goto bad2;
}
sigsetmask(oldmask);
*sock = s;
return (KSUCCESS);
bad2:
if (lport)
(void) close(*fd2p);
bad:
(void) close(s);
sigsetmask(oldmask);
return (status);
}
int
getport(alport)
int *alport;
{
struct sockaddr_in sin;
int s;
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = INADDR_ANY;
s = socket(AF_INET, SOCK_STREAM, 0);
if (s < 0)
return (-1);
for (;;) {
sin.sin_port = htons((u_short)*alport);
if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
return (s);
if (errno != EADDRINUSE) {
(void) close(s);
return (-1);
}
(*alport)--;
#ifdef ATHENA_COMPAT
if (*alport == IPPORT_RESERVED/2) {
#else
if (*alport == IPPORT_RESERVED) {
#endif
(void) close(s);
errno = EAGAIN; /* close */
return (-1);
}
}
}

51
usr.bin/rlogin/krb.h Normal file
View File

@ -0,0 +1,51 @@
/*-
* Copyright (c) 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)krb.h 8.1 (Berkeley) 6/6/93
*/
/*
* XXX
* These should be in a kerberos include file.
*/
void des_clear_key __P(());
int des_read __P((int, char *, int));
void des_set_key __P((C_Block, Key_schedule));
int des_write __P((int, char *, int));
int krb_net_read __P((int, char *, int));
char *krb_realmofhost __P((char *));
int krb_sendauth __P((long, int, KTEXT, char *, char *, char *,
u_long, MSG_DAT *, CREDENTIALS *, Key_schedule,
struct sockaddr_in *, struct sockaddr_in *, char *));
int krcmd __P((char **, u_short, char *, char *, int *, char *));
int krcmd_mutual __P((char **, u_short, char *, char *, int *,
char *, CREDENTIALS *, Key_schedule));

158
usr.bin/rlogin/krcmd.c Normal file
View File

@ -0,0 +1,158 @@
/*
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifndef lint
static char sccsid[] = "@(#)krcmd.c 8.1 (Berkeley) 6/6/93";
#endif /* not lint */
/*
* $Source: /cvsroot/src/usr.bin/rlogin/Attic/krcmd.c,v $
* $Header: /mit/kerberos/ucb/mit/kcmd/RCS/krcmd.c,v 5.1
* 89/07/25 15:38:44 kfall Exp Locker: kfall $
* static char *rcsid_kcmd_c =
* "$Header: /mit/kerberos/ucb/mit/kcmd/RCS/krcmd.c,v 5.1 89/07/25 15:38:44
* kfall Exp Locker: kfall $";
*/
#ifdef KERBEROS
#include <sys/types.h>
#ifdef CRYPT
#include <sys/socket.h>
#endif
#include <netinet/in.h>
#include <kerberosIV/des.h>
#include <kerberosIV/krb.h>
#include <stdio.h>
#define SERVICE_NAME "rcmd"
int kcmd __P((int *, char **, u_short, char *, char *, char *, int *,
KTEXT, char *, char *, CREDENTIALS *, Key_schedule, MSG_DAT *,
struct sockaddr_in *, struct sockaddr_in *, long));
/*
* krcmd: simplified version of Athena's "kcmd"
* returns a socket attached to the destination, -1 or krb error on error
* if fd2p is non-NULL, another socket is filled in for it
*/
int
krcmd(ahost, rport, remuser, cmd, fd2p, realm)
char **ahost;
u_short rport;
char *remuser, *cmd;
int *fd2p;
char *realm;
{
int sock = -1, err = 0;
KTEXT_ST ticket;
long authopts = 0L;
err = kcmd(
&sock,
ahost,
rport,
NULL, /* locuser not used */
remuser,
cmd,
fd2p,
&ticket,
SERVICE_NAME,
realm,
(CREDENTIALS *) NULL, /* credentials not used */
(bit_64 *) NULL, /* key schedule not used */
(MSG_DAT *) NULL, /* MSG_DAT not used */
(struct sockaddr_in *) NULL, /* local addr not used */
(struct sockaddr_in *) NULL, /* foreign addr not used */
authopts
);
if (err > KSUCCESS && err < MAX_KRB_ERRORS) {
fprintf(stderr, "krcmd: %s\n", krb_err_txt[err]);
return(-1);
}
if (err < 0)
return(-1);
return(sock);
}
#ifdef CRYPT
int
krcmd_mutual(ahost, rport, remuser, cmd, fd2p, realm, cred, sched)
char **ahost;
u_short rport;
char *remuser, *cmd;
int *fd2p;
char *realm;
CREDENTIALS *cred;
Key_schedule sched;
{
int sock, err;
KTEXT_ST ticket;
MSG_DAT msg_dat;
struct sockaddr_in laddr, faddr;
long authopts = KOPT_DO_MUTUAL;
err = kcmd(
&sock,
ahost,
rport,
NULL, /* locuser not used */
remuser,
cmd,
fd2p,
&ticket,
SERVICE_NAME,
realm,
cred, /* filled in */
sched, /* filled in */
&msg_dat, /* filled in */
&laddr, /* filled in */
&faddr, /* filled in */
authopts
);
if (err > KSUCCESS && err < MAX_KRB_ERRORS) {
fprintf(stderr, "krcmd_mutual: %s\n", krb_err_txt[err]);
return(-1);
}
if (err < 0)
return (-1);
return(sock);
}
#endif /* CRYPT */
#endif /* KERBEROS */