kill kerberos and stream encryption support, so it's exportable.
This commit is contained in:
parent
13514eadce
commit
2642138ed1
|
@ -1,12 +1,9 @@
|
|||
# from: @(#)Makefile 8.1 (Berkeley) 6/4/93
|
||||
# $Id: Makefile,v 1.3 1994/06/05 13:49:01 cgd Exp $
|
||||
# $Id: Makefile,v 1.4 1994/06/05 13:57:51 cgd Exp $
|
||||
|
||||
PROG= rlogind
|
||||
CFLAGS+=-DKERBEROS -DCRYPT
|
||||
SRCS= rlogind.c des_rw.c
|
||||
MAN8= rlogind.0
|
||||
DPADD= ${LIBUTIL} ${LIBKRB} ${LIBDES}
|
||||
LDADD= -lutil -lkrb -ldes
|
||||
.PATH: ${.CURDIR}/../../usr.bin/rlogin
|
||||
DPADD= ${LIBUTIL}
|
||||
LDADD= -lutil
|
||||
|
||||
.include <bsd.prog.mk>
|
||||
|
|
|
@ -39,7 +39,7 @@ static char copyright[] =
|
|||
|
||||
#ifndef lint
|
||||
/* from: static char sccsid[] = "@(#)rlogind.c 8.1 (Berkeley) 6/4/93"; */
|
||||
static char *rcsid = "$Id: rlogind.c,v 1.5 1994/06/05 13:49:05 cgd Exp $";
|
||||
static char *rcsid = "$Id: rlogind.c,v 1.6 1994/06/05 13:57:52 cgd Exp $";
|
||||
#endif /* not lint */
|
||||
|
||||
/*
|
||||
|
@ -78,22 +78,7 @@ static char *rcsid = "$Id: rlogind.c,v 1.5 1994/06/05 13:49:05 cgd Exp $";
|
|||
#define TIOCPKT_WINDOW 0x80
|
||||
#endif
|
||||
|
||||
#ifdef KERBEROS
|
||||
#include <kerberosIV/des.h>
|
||||
#include <kerberosIV/krb.h>
|
||||
#define SECURE_MESSAGE "This rlogin session is using DES encryption for all transmissions.\r\n"
|
||||
|
||||
AUTH_DAT *kdata;
|
||||
KTEXT ticket;
|
||||
u_char auth_buf[sizeof(AUTH_DAT)];
|
||||
u_char tick_buf[sizeof(KTEXT_ST)];
|
||||
Key_schedule schedule;
|
||||
int doencrypt, retval, use_kerberos, vacuous;
|
||||
|
||||
#define ARGSTR "alnkvx"
|
||||
#else
|
||||
#define ARGSTR "aln"
|
||||
#endif /* KERBEROS */
|
||||
|
||||
char *env[2];
|
||||
#define NMAX 30
|
||||
|
@ -141,19 +126,6 @@ main(argc, argv)
|
|||
case 'n':
|
||||
keepalive = 0;
|
||||
break;
|
||||
#ifdef KERBEROS
|
||||
case 'k':
|
||||
use_kerberos = 1;
|
||||
break;
|
||||
case 'v':
|
||||
vacuous = 1;
|
||||
break;
|
||||
#ifdef CRYPT
|
||||
case 'x':
|
||||
doencrypt = 1;
|
||||
break;
|
||||
#endif
|
||||
#endif
|
||||
case '?':
|
||||
default:
|
||||
usage();
|
||||
|
@ -162,12 +134,6 @@ main(argc, argv)
|
|||
argc -= optind;
|
||||
argv += optind;
|
||||
|
||||
#ifdef KERBEROS
|
||||
if (use_kerberos && vacuous) {
|
||||
usage();
|
||||
fatal(STDERR_FILENO, "only one of -k and -v allowed", 0);
|
||||
}
|
||||
#endif
|
||||
fromlen = sizeof (from);
|
||||
if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
|
||||
syslog(LOG_ERR,"Can't get peer name of remote host: %m");
|
||||
|
@ -207,10 +173,6 @@ doit(f, fromp)
|
|||
|
||||
if (c != 0)
|
||||
exit(1);
|
||||
#ifdef KERBEROS
|
||||
if (vacuous)
|
||||
fatal(f, "Remote host requires Kerberos authentication", 0);
|
||||
#endif
|
||||
|
||||
alarm(0);
|
||||
fromp->sin_port = ntohs((u_short)fromp->sin_port);
|
||||
|
@ -221,17 +183,6 @@ doit(f, fromp)
|
|||
else
|
||||
(void)strcpy(hostname, inet_ntoa(fromp->sin_addr));
|
||||
|
||||
#ifdef KERBEROS
|
||||
if (use_kerberos) {
|
||||
retval = do_krb_login(fromp);
|
||||
if (retval == 0)
|
||||
authenticated++;
|
||||
else if (retval > 0)
|
||||
fatal(f, krb_err_txt[retval], 0);
|
||||
write(f, &c, 1);
|
||||
confirmed = 1; /* we sent the null! */
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
if (fromp->sin_family != AF_INET ||
|
||||
fromp->sin_port >= IPPORT_RESERVED ||
|
||||
|
@ -275,12 +226,6 @@ doit(f, fromp)
|
|||
write(f, "", 1);
|
||||
confirmed = 1; /* we sent the null! */
|
||||
}
|
||||
#ifdef KERBEROS
|
||||
#ifdef CRYPT
|
||||
if (doencrypt)
|
||||
(void) des_write(f, SECURE_MESSAGE, sizeof(SECURE_MESSAGE) - 1);
|
||||
#endif
|
||||
#endif
|
||||
netf = f;
|
||||
|
||||
pid = forkpty(&master, line, NULL, &win);
|
||||
|
@ -295,13 +240,6 @@ doit(f, fromp)
|
|||
(void) close(f);
|
||||
setup_term(0);
|
||||
if (authenticated) {
|
||||
#ifdef KERBEROS
|
||||
if (use_kerberos && (pwd->pw_uid == 0))
|
||||
syslog(LOG_INFO|LOG_AUTH,
|
||||
"ROOT Kerberos login from %s.%s@%s on %s\n",
|
||||
kdata->pname, kdata->pinst, kdata->prealm,
|
||||
hostname);
|
||||
#endif
|
||||
|
||||
execl(_PATH_LOGIN, "login", "-p",
|
||||
"-h", hostname, "-f", lusername, (char *)NULL);
|
||||
|
@ -311,16 +249,6 @@ doit(f, fromp)
|
|||
fatal(STDERR_FILENO, _PATH_LOGIN, 1);
|
||||
/*NOTREACHED*/
|
||||
}
|
||||
#ifdef CRYPT
|
||||
#ifdef KERBEROS
|
||||
/*
|
||||
* If encrypted, don't turn on NBIO or the des read/write
|
||||
* routines will croak.
|
||||
*/
|
||||
|
||||
if (!doencrypt)
|
||||
#endif
|
||||
#endif
|
||||
ioctl(f, FIONBIO, &on);
|
||||
ioctl(master, FIONBIO, &on);
|
||||
ioctl(master, TIOCPKT, &on);
|
||||
|
@ -427,13 +355,6 @@ protocol(f, p)
|
|||
}
|
||||
}
|
||||
if (FD_ISSET(f, &ibits)) {
|
||||
#ifdef CRYPT
|
||||
#ifdef KERBEROS
|
||||
if (doencrypt)
|
||||
fcc = des_read(f, fibuf, sizeof(fibuf));
|
||||
else
|
||||
#endif
|
||||
#endif
|
||||
fcc = read(f, fibuf, sizeof(fibuf));
|
||||
if (fcc < 0 && errno == EWOULDBLOCK)
|
||||
fcc = 0;
|
||||
|
@ -480,11 +401,6 @@ protocol(f, p)
|
|||
break;
|
||||
else if (pibuf[0] == 0) {
|
||||
pbp++, pcc--;
|
||||
#ifdef CRYPT
|
||||
#ifdef KERBEROS
|
||||
if (!doencrypt)
|
||||
#endif
|
||||
#endif
|
||||
FD_SET(f, &obits); /* try write */
|
||||
} else {
|
||||
if (pkcontrol(pibuf[0])) {
|
||||
|
@ -495,13 +411,6 @@ protocol(f, p)
|
|||
}
|
||||
}
|
||||
if ((FD_ISSET(f, &obits)) && pcc > 0) {
|
||||
#ifdef CRYPT
|
||||
#ifdef KERBEROS
|
||||
if (doencrypt)
|
||||
cc = des_write(f, pbp, pcc);
|
||||
else
|
||||
#endif
|
||||
#endif
|
||||
cc = write(f, pbp, pcc);
|
||||
if (cc < 0 && errno == EWOULDBLOCK) {
|
||||
/*
|
||||
|
@ -640,81 +549,11 @@ setup_term(fd)
|
|||
environ = env;
|
||||
}
|
||||
|
||||
#ifdef KERBEROS
|
||||
#define VERSION_SIZE 9
|
||||
|
||||
/*
|
||||
* Do the remote kerberos login to the named host with the
|
||||
* given inet address
|
||||
*
|
||||
* Return 0 on valid authorization
|
||||
* Return -1 on valid authentication, no authorization
|
||||
* Return >0 for error conditions
|
||||
*/
|
||||
int
|
||||
do_krb_login(dest)
|
||||
struct sockaddr_in *dest;
|
||||
{
|
||||
int rc;
|
||||
char instance[INST_SZ], version[VERSION_SIZE];
|
||||
long authopts = 0L; /* !mutual */
|
||||
struct sockaddr_in faddr;
|
||||
|
||||
kdata = (AUTH_DAT *) auth_buf;
|
||||
ticket = (KTEXT) tick_buf;
|
||||
|
||||
instance[0] = '*';
|
||||
instance[1] = '\0';
|
||||
|
||||
#ifdef CRYPT
|
||||
if (doencrypt) {
|
||||
rc = sizeof(faddr);
|
||||
if (getsockname(0, (struct sockaddr *)&faddr, &rc))
|
||||
return (-1);
|
||||
authopts = KOPT_DO_MUTUAL;
|
||||
rc = krb_recvauth(
|
||||
authopts, 0,
|
||||
ticket, "rcmd",
|
||||
instance, dest, &faddr,
|
||||
kdata, "", schedule, version);
|
||||
des_set_key(kdata->session, schedule);
|
||||
|
||||
} else
|
||||
#endif
|
||||
rc = krb_recvauth(
|
||||
authopts, 0,
|
||||
ticket, "rcmd",
|
||||
instance, dest, (struct sockaddr_in *) 0,
|
||||
kdata, "", (bit_64 *) 0, version);
|
||||
|
||||
if (rc != KSUCCESS)
|
||||
return (rc);
|
||||
|
||||
getstr(lusername, sizeof(lusername), "locuser");
|
||||
/* get the "cmd" in the rcmd protocol */
|
||||
getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type");
|
||||
|
||||
pwd = getpwnam(lusername);
|
||||
if (pwd == NULL)
|
||||
return (-1);
|
||||
|
||||
/* returns nonzero for no access */
|
||||
if (kuserok(kdata, lusername) != 0)
|
||||
return (-1);
|
||||
|
||||
return (0);
|
||||
|
||||
}
|
||||
#endif /* KERBEROS */
|
||||
|
||||
void
|
||||
usage()
|
||||
{
|
||||
#ifdef KERBEROS
|
||||
syslog(LOG_ERR, "usage: rlogind [-aln] [-k | -v]");
|
||||
#else
|
||||
syslog(LOG_ERR, "usage: rlogind [-aln]");
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
Loading…
Reference in New Issue