Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

kill kerberos and stream encryption support, so it's exportable.

This commit is contained in:
cgd 1994-06-05 13:57:51 +00:00
parent 13514eadce
commit 2642138ed1
2 changed files with 4 additions and 168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libexec/rlogind/Makefile
View File

@ -1,12 +1,9 @@
# from: @(#)Makefile 8.1 (Berkeley) 6/4/93
# $Id: Makefile,v 1.3 1994/06/05 13:49:01 cgd Exp $
# $Id: Makefile,v 1.4 1994/06/05 13:57:51 cgd Exp $
PROG= rlogind
CFLAGS+=-DKERBEROS -DCRYPT
SRCS= rlogind.c des_rw.c
MAN8= rlogind.0
DPADD= ${LIBUTIL} ${LIBKRB} ${LIBDES}
LDADD= -lutil -lkrb -ldes
.PATH: ${.CURDIR}/../../usr.bin/rlogin
DPADD= ${LIBUTIL}
LDADD= -lutil
.include <bsd.prog.mk>

163
libexec/rlogind/rlogind.c
View File

@ -39,7 +39,7 @@ static char copyright[] =
#ifndef lint
/* from: static char sccsid[] = "@(#)rlogind.c 8.1 (Berkeley) 6/4/93"; */
static char *rcsid = "$Id: rlogind.c,v 1.5 1994/06/05 13:49:05 cgd Exp $";
static char *rcsid = "$Id: rlogind.c,v 1.6 1994/06/05 13:57:52 cgd Exp $";
#endif /* not lint */
/*
@ -78,22 +78,7 @@ static char *rcsid = "$Id: rlogind.c,v 1.5 1994/06/05 13:49:05 cgd Exp $";
#define TIOCPKT_WINDOW 0x80
#endif
#ifdef KERBEROS
#include <kerberosIV/des.h>
#include <kerberosIV/krb.h>
#define SECURE_MESSAGE "This rlogin session is using DES encryption for all transmissions.\r\n"
AUTH_DAT *kdata;
KTEXT ticket;
u_char auth_buf[sizeof(AUTH_DAT)];
u_char tick_buf[sizeof(KTEXT_ST)];
Key_schedule schedule;
int doencrypt, retval, use_kerberos, vacuous;
#define ARGSTR "alnkvx"
#else
#define ARGSTR "aln"
#endif /* KERBEROS */
char *env[2];
#define NMAX 30
@ -141,19 +126,6 @@ main(argc, argv)
case 'n':
keepalive = 0;
break;
#ifdef KERBEROS
case 'k':
use_kerberos = 1;
break;
case 'v':
vacuous = 1;
break;
#ifdef CRYPT
case 'x':
doencrypt = 1;
break;
#endif
#endif
case '?':
default:
usage();
@ -162,12 +134,6 @@ main(argc, argv)
argc -= optind;
argv += optind;
#ifdef KERBEROS
if (use_kerberos && vacuous) {
usage();
fatal(STDERR_FILENO, "only one of -k and -v allowed", 0);
}
#endif
fromlen = sizeof (from);
if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
syslog(LOG_ERR,"Can't get peer name of remote host: %m");
@ -207,10 +173,6 @@ doit(f, fromp)
if (c != 0)
exit(1);
#ifdef KERBEROS
if (vacuous)
fatal(f, "Remote host requires Kerberos authentication", 0);
#endif
alarm(0);
fromp->sin_port = ntohs((u_short)fromp->sin_port);
@ -221,17 +183,6 @@ doit(f, fromp)
else
(void)strcpy(hostname, inet_ntoa(fromp->sin_addr));
#ifdef KERBEROS
if (use_kerberos) {
retval = do_krb_login(fromp);
if (retval == 0)
authenticated++;
else if (retval > 0)
fatal(f, krb_err_txt[retval], 0);
write(f, &c, 1);
confirmed = 1; /* we sent the null! */
} else
#endif
{
if (fromp->sin_family != AF_INET ||
fromp->sin_port >= IPPORT_RESERVED ||
@ -275,12 +226,6 @@ doit(f, fromp)
write(f, "", 1);
confirmed = 1; /* we sent the null! */
}
#ifdef KERBEROS
#ifdef CRYPT
if (doencrypt)
(void) des_write(f, SECURE_MESSAGE, sizeof(SECURE_MESSAGE) - 1);
#endif
#endif
netf = f;
pid = forkpty(&master, line, NULL, &win);
@ -295,13 +240,6 @@ doit(f, fromp)
(void) close(f);
setup_term(0);
if (authenticated) {
#ifdef KERBEROS
if (use_kerberos && (pwd->pw_uid == 0))
syslog(LOG_INFO|LOG_AUTH,
"ROOT Kerberos login from %s.%s@%s on %s\n",
kdata->pname, kdata->pinst, kdata->prealm,
hostname);
#endif
execl(_PATH_LOGIN, "login", "-p",
"-h", hostname, "-f", lusername, (char *)NULL);
@ -311,16 +249,6 @@ doit(f, fromp)
fatal(STDERR_FILENO, _PATH_LOGIN, 1);
/*NOTREACHED*/
}
#ifdef CRYPT
#ifdef KERBEROS
/*
* If encrypted, don't turn on NBIO or the des read/write
* routines will croak.
*/
if (!doencrypt)
#endif
#endif
ioctl(f, FIONBIO, &on);
ioctl(master, FIONBIO, &on);
ioctl(master, TIOCPKT, &on);
@ -427,13 +355,6 @@ protocol(f, p)
}
}
if (FD_ISSET(f, &ibits)) {
#ifdef CRYPT
#ifdef KERBEROS
if (doencrypt)
fcc = des_read(f, fibuf, sizeof(fibuf));
else
#endif
#endif
fcc = read(f, fibuf, sizeof(fibuf));
if (fcc < 0 && errno == EWOULDBLOCK)
fcc = 0;
@ -480,11 +401,6 @@ protocol(f, p)
break;
else if (pibuf[0] == 0) {
pbp++, pcc--;
#ifdef CRYPT
#ifdef KERBEROS
if (!doencrypt)
#endif
#endif
FD_SET(f, &obits); /* try write */
} else {
if (pkcontrol(pibuf[0])) {
@ -495,13 +411,6 @@ protocol(f, p)
}
}
if ((FD_ISSET(f, &obits)) && pcc > 0) {
#ifdef CRYPT
#ifdef KERBEROS
if (doencrypt)
cc = des_write(f, pbp, pcc);
else
#endif
#endif
cc = write(f, pbp, pcc);
if (cc < 0 && errno == EWOULDBLOCK) {
/*
@ -640,81 +549,11 @@ setup_term(fd)
environ = env;
}
#ifdef KERBEROS
#define VERSION_SIZE 9
/*
* Do the remote kerberos login to the named host with the
* given inet address
*
* Return 0 on valid authorization
* Return -1 on valid authentication, no authorization
* Return >0 for error conditions
*/
int
do_krb_login(dest)
struct sockaddr_in *dest;
{
int rc;
char instance[INST_SZ], version[VERSION_SIZE];
long authopts = 0L; /* !mutual */
struct sockaddr_in faddr;
kdata = (AUTH_DAT *) auth_buf;
ticket = (KTEXT) tick_buf;
instance[0] = '*';
instance[1] = '\0';
#ifdef CRYPT
if (doencrypt) {
rc = sizeof(faddr);
if (getsockname(0, (struct sockaddr *)&faddr, &rc))
return (-1);
authopts = KOPT_DO_MUTUAL;
rc = krb_recvauth(
authopts, 0,
ticket, "rcmd",
instance, dest, &faddr,
kdata, "", schedule, version);
des_set_key(kdata->session, schedule);
} else
#endif
rc = krb_recvauth(
authopts, 0,
ticket, "rcmd",
instance, dest, (struct sockaddr_in *) 0,
kdata, "", (bit_64 *) 0, version);
if (rc != KSUCCESS)
return (rc);
getstr(lusername, sizeof(lusername), "locuser");
/* get the "cmd" in the rcmd protocol */
getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type");
pwd = getpwnam(lusername);
if (pwd == NULL)
return (-1);
/* returns nonzero for no access */
if (kuserok(kdata, lusername) != 0)
return (-1);
return (0);
}
#endif /* KERBEROS */
void
usage()
{
#ifdef KERBEROS
syslog(LOG_ERR, "usage: rlogind [-aln] [-k | -v]");
#else
syslog(LOG_ERR, "usage: rlogind [-aln]");
#endif
}
/*