Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import krb4-1.0.5

This commit is contained in:
assar 2000-12-29 01:42:08 +00:00
parent 79f0bd6e1f
commit 2d80b20be2
686 changed files with 4379 additions and 2012 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
crypto/dist/krb4/ChangeLog vendored
View File

@ -1,3 +1,131 @@
2000-12-25
* configure.in (VERSION): bump to 1.0.5
2000-10-19
* include/Makefile.in (HEADERS): add md4.h, md5.h, sha.h and rc4.h
* appl/kip/common.c (WCOREDUMP): add fallback definition
2000-10-18
* lib/krb/dest_tkt.c (dest_tkt): only return valid error codes
back
* kadmin/admin_server.c: re-structure code to handle DoS attacks
better only allow a constant number of children (100 currently)
keep track of which children have gotten authentication
information and kill the non-authenticated children when there are
new connections
2000-10-16
* server/kerberos.c: handle a fixed number (100) of TCP
connections and kill some randomly if all are busy to try to
mitigate the effects of DoS attacks
2000-10-08
* lib/krb/send_to_kdc.c (send_recv): check that fds are not too
large to select on
* kadmin/admin_server.c (kadm_listen): check that fds are not too
large to select on
* appl/kip/common.c (*): check that fds are not too large to
select on
* appl/bsd/rshd.c (doit): check that fds are not too large to
select on
* appl/bsd/rsh.c (talk): check that fds are not too large to
select on
* appl/bsd/rlogin.c (reader): check that fds are not too large to
select on
* appl/bsd/kcmd.c (kcmd): check that fds are not too large to
select on
2000-09-25
* config.guess: update to version 2000-09-05 (aka 1.156) from
subversions.gnu.org plus some minor tweaks
* config.sub: update to version 2000-09-11 (aka 1.181) from
subversions.gnu.org
2000-09-09
* appl/kip/kipd.c: add back droped slash in kip-control
2000-08-16
* configure.in (getmsg): re-do so it possibly works on redhat 7.0
2000-08-09
* kuser/klist.c (display_srvtab): do not call warn with a variable
as format string
* appl/bsd/rshd.c (doit): do not call warnx with a variable as
format string
2000-07-30
* doc/install.texi: say something about siacfg
2000-06-28
* lib/krb/dest_tkt.c (dest_tkt): rewrite to lstat and compare
numbers
2000-06-10
* appl/bsd: work-around setuid and capabilities bug fixed in Linux
2.2.16
2000-06-08
* configure.in: do not use streams ptys on HP-UX 11
2000-05-15
* lib/krb/rw.c (krb_get_nir): add explicit lengths to the
parameters. before this the function `knew'. change callers.
2000-05-14
* appl/afsutil/aklog.c: look not only in /usr/vice/etc but also in
/usr/arla/etc for configuration files
2000-04-25
* lib/krb/tf_util.c (tf_create): just remove the over-writing of
the old ticket file.
2000-04-09
* lib/krb/getaddrs.c (k_get_all_addrs): apperently solaris can
return EINVAL when the buffer is too small. cope.
* appl/bsd/rshd.c (doit): exec the correct shell
2000-03-26
* config.guess, config.sub: update to current version from
:pserver:anoncvs@subversions.gnu.org:/home/cvs
* appl/bsd/rlogind.c (rlogind_logout, logwtmp): make sure to
always call time and ctime with `time_t's. there were some types
(like in lastlog) that we believed to always be time_t. this has
proven wrong on Solaris 8 in 64-bit mode, where they are stored as
32-bit quantities but time_t has gone up to 64 bits
* appl/bsd/login.c: dito
2000-03-20
* configure.in: add solaris2.8
2000-03-15
* configure.in: on all versions of aix, add `-bnolibpath' to the
linker. otherwise ld will interpret -L as run-time path for where
to find shared libraries and looking in ../../foo is a bad idea.
bug report from Niklas Edmundsson <nikke@ing.umu.se>
2000-03-09
* Release 1.0.1

2
crypto/dist/krb4/Makefile.in vendored
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
# $Id: Makefile.in,v 1.1.1.2 2000/12/29 01:42:08 assar Exp $
srcdir = @srcdir@
prefix = @prefix@

58
crypto/dist/krb4/NEWS vendored
View File

@ -1,3 +1,61 @@
Changes in release 1.0.5:
* Remember to update version string.
* Build fixes
* multiple local realm fix in krb_verify_user
Changes in release 1.0.4:
* Only allow a small list of environment variables in telnetd
* Fix one buffer overflow in libkrb
* Make su handle multiple local realms
* Build pic-ed archives (to be used with the pam module)
* do not handle environment variables, use krb.extra instead
* Disable KRBCONFDIR environment variable for root
* fix shared libraries building on solaris
Changes in release 1.0.3:
* Handle DoS attacks in the KDC and the admin server better.
* updated config.guess and config.sub
* better db/gdbm discovery
* bug fixes
Changes in release 1.0.2:
* Fix syslog(LOG_FOO, bug) calls in kauthd, kipd
* Fix bug with systems have a 64bit `time_t'
* Port to Solaris 8 (aka SunOS 5.8), HP-UX 11
* Add AIX fix for shared libraries
* Make afslog work with Arla
* Be more paranoid about setuid for the sake of Linux 2.2.15
* Make rshd afslog to the cell of the home directory
* Improved kip/kipd
* syslog with correct level in popper
* install libraries correctly in lib/sl
* more paranoia when overwriting and removing ticket files
Changes in release 1.0.1:
* Fix bug in ftpd when accepting connections

2
crypto/dist/krb4/acconfig.h vendored
View File

@ -1,4 +1,4 @@
/* $Id: acconfig.h,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $ */
/* $Id: acconfig.h,v 1.1.1.2 2000/12/29 01:42:09 assar Exp $ */
@BOTTOM@

2
crypto/dist/krb4/acinclude.m4 vendored
View File

@ -1,4 +1,4 @@
dnl $Id: acinclude.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: acinclude.m4,v 1.1.1.2 2000/12/29 01:42:09 assar Exp $
dnl
dnl Only put things that for some reason can't live in the `cf'
dnl directory in this file.

83
crypto/dist/krb4/aclocal.m4 vendored
View File

@ -10,7 +10,7 @@ dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without
dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A
dnl PARTICULAR PURPOSE.
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl Only put things that for some reason can't live in the `cf'
dnl directory in this file.
@ -20,7 +20,7 @@ dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
dnl
define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
dnl Better test for ln -s, ln or cp
@ -49,7 +49,7 @@ AC_SUBST(LN_S)dnl
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
dnl We prefer byacc or yacc because they do not use `alloca'
@ -58,7 +58,7 @@ dnl
AC_DEFUN(AC_KRB_PROG_YACC,
[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y')])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl AC_TEST_PACKAGE_NEW(package,headers,libraries,extra libs,default locations)
@ -147,7 +147,7 @@ AC_SUBST(INCLUDE_$1)
AC_SUBST(LIB_$1)
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl enable OSF C2 stuff
@ -162,7 +162,7 @@ fi
AC_SUBST(LIB_security)
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
dnl Check for MIPS/IRIX ABI flags. Sets $abi and $abilibdirext to some
@ -251,7 +251,7 @@ esac
])
dnl
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl Shared library stuff has to be different everywhere
dnl
@ -317,7 +317,7 @@ case "${host}" in
install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
;;
changequote(,)dnl
*-*-freebsd[34]*)
*-*-freebsd[345]* | *-*-freebsdelf[345]*)
changequote([,])dnl
REAL_SHLIBEXT=so.$SHLIB_VERSION
REAL_LD_FLAGS='-Wl,-R$(libdir)'
@ -336,9 +336,14 @@ changequote([,])dnl
LDSHARED='ld -shared -expect_unresolved \*'
;;
*-*-solaris2*)
LDSHARED='$(CC) -shared -Wl,-h$(LIBNAME).so.'"${SHLIB_SONAME}"
REAL_SHLIBEXT=so.$SHLIB_VERSION
build_symlink_command='$(LN_S) [$][@] $(LIBNAME).so'
install_symlink_command='$(LN_S) $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
install_symlink_command2='$(LN_S) $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
REAL_LD_FLAGS='-Wl,-R$(libdir)'
if test -z "$GCC"; then
LDSHARED='$(CC) -G'
LDSHARED='$(CC) -G -h$(LIBNAME).so.'"${SHLIB_SONAME}"
REAL_PICFLAGS="-Kpic"
fi
;;
@ -439,7 +444,7 @@ AC_SUBST(install_symlink_command2)dnl
])
dnl
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
@ -470,7 +475,7 @@ AC_MSG_RESULT($ac_cv___attribute__)
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
dnl NEXTSTEP is not posix compliant by default,
@ -492,7 +497,7 @@ fi
AC_MSG_RESULT($krb_cv_sys_nextstep)
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
dnl AIX have a very different syscall convention
@ -508,7 +513,7 @@ AC_EGREP_CPP(yes,
AC_MSG_RESULT($krb_cv_sys_aix)
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
dnl Look for function in any of the specified libraries
@ -518,7 +523,7 @@ dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra
AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [
AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
dnl Look for function in any of the specified libraries
@ -583,7 +588,7 @@ AC_SUBST(LIB_$1)
])
dnl
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl extra magic check for netinet/{ip.h,tcp.h} because on irix 6.5.3
@ -621,7 +626,7 @@ END
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
AC_DEFUN(AC_GROK_TYPE, [
AC_CACHE_VAL(ac_cv_type_$1,
@ -660,7 +665,7 @@ for i in $1; do
done
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl AC_FIND_FUNC(func, libraries, includes, arguments)
AC_DEFUN(AC_FIND_FUNC, [
@ -673,7 +678,7 @@ fi
dnl
dnl See if there is any X11 present
dnl
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
AC_DEFUN(KRB_CHECK_X,[
AC_PATH_XTRA
@ -723,7 +728,7 @@ if test "$no_x" != yes; then
fi
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl check for Xau{Read,Write}Auth and XauFileName
dnl
@ -795,7 +800,7 @@ else
$1_FALSE=
fi])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl find a suitable database library
dnl
@ -825,6 +830,8 @@ for i in $1; do
#include <fcntl.h>
#if defined(HAVE_NDBM_H)
#include <ndbm.h>
#elif defined(HAVE_GDBM_NDBM_H)
#include <gdbm/ndbm.h>
#elif defined(HAVE_DBM_H)
#include <dbm.h>
#elif defined(HAVE_RPCSVC_DBM_H)
@ -894,7 +901,7 @@ AC_MSG_RESULT($ac_res)
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
AC_DEFUN(AC_BROKEN_SNPRINTF, [
AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working,
@ -953,7 +960,7 @@ AC_NEED_PROTO([#include <stdio.h>],vsnprintf)
fi
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
dnl Check if we need the prototype for a function
@ -979,7 +986,7 @@ undefine([foo])
fi
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl check for glob(3)
dnl
@ -1003,7 +1010,7 @@ fi
])
dnl
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
@ -1017,7 +1024,7 @@ AC_CHECK_HEADERS(capability.h sys/capability.h)
AC_CHECK_FUNCS(sgi_getcapabilitybyname cap_set_proc)
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl check for getpwnam_r, and if it's posix or not
@ -1042,7 +1049,7 @@ fi
fi
])
dnl
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl test for POSIX (broken) getlogin
dnl
@ -1064,7 +1071,7 @@ fi
fi
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
dnl Mix between AC_FIND_FUNC and AC_BROKEN
@ -1078,7 +1085,7 @@ fi
AC_SUBST(LIBOBJS)dnl
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal
@ -1098,7 +1105,7 @@ done
AC_SUBST(LIBOBJS)dnl
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
dnl test for broken getcwd in (SunOS braindamage)
@ -1141,7 +1148,7 @@ fi
fi
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
dnl Check if the prototype of a function is compatible with another one
@ -1163,7 +1170,7 @@ if test "$ac_cv_func_$2_proto_compat" = yes; then
fi
undefine([foo])
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl AC_CHECK_VAR(includes, variable)
AC_DEFUN(AC_CHECK_VAR, [
@ -1184,7 +1191,7 @@ fi
undefine([foo])
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
dnl Check if we need the declaration of a variable
@ -1210,7 +1217,7 @@ fi
undefine([foo])
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl check for fields in a structure
dnl
@ -1230,7 +1237,7 @@ fi
undefine([cache_val])
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl check for existance of a type
@ -1262,7 +1269,7 @@ undefine([foo])
fi
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl Test for `struct spwd'
@ -1285,7 +1292,7 @@ if test "$ac_cv_struct_spwd" = "yes"; then
fi
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
dnl Search for struct winsize
@ -1313,7 +1320,7 @@ AC_EGREP_HEADER(ws_ypixel, termios.h,
AC_DEFINE(HAVE_WS_YPIXEL, 1, [define if struct winsize has ws_ypixel]))
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl ac_check_type + extra headers
@ -1337,7 +1344,7 @@ if test $ac_cv_type_$1 = no; then
fi
])
dnl $Id: aclocal.m4,v 1.1.1.1 2000/06/16 18:45:32 thorpej Exp $
dnl $Id: aclocal.m4,v 1.1.1.2 2000/12/29 01:42:11 assar Exp $
dnl
dnl
dnl output a C header-file with some version strings

2
crypto/dist/krb4/admin/Makefile.in vendored
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.1.1.1 2000/06/16 18:46:05 thorpej Exp $
# $Id: Makefile.in,v 1.1.1.2 2000/12/29 01:42:18 assar Exp $
SHELL = /bin/sh

2
crypto/dist/krb4/admin/adm_locl.h vendored
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: adm_locl.h,v 1.1.1.1 2000/06/16 18:46:05 thorpej Exp $ */
/* $Id: adm_locl.h,v 1.1.1.2 2000/12/29 01:42:18 assar Exp $ */
#ifndef __adm_locl_h
#define __adm_locl_h

2
crypto/dist/krb4/admin/ext_srvtab.c vendored
View File

@ -9,7 +9,7 @@
#include "adm_locl.h"
RCSID("$Id: ext_srvtab.c,v 1.1.1.1 2000/06/16 18:46:05 thorpej Exp $");
RCSID("$Id: ext_srvtab.c,v 1.1.1.2 2000/12/29 01:42:18 assar Exp $");
static des_cblock master_key;
static des_cblock session_key;

2
crypto/dist/krb4/admin/kdb_destroy.c vendored
View File

@ -9,7 +9,7 @@
#include "adm_locl.h"
RCSID("$Id: kdb_destroy.c,v 1.1.1.1 2000/06/16 18:46:05 thorpej Exp $");
RCSID("$Id: kdb_destroy.c,v 1.1.1.2 2000/12/29 01:42:18 assar Exp $");
int
main(int argc, char **argv)

2
crypto/dist/krb4/admin/kdb_edit.c vendored
View File

@ -15,7 +15,7 @@
#include "adm_locl.h"
RCSID("$Id: kdb_edit.c,v 1.1.1.1 2000/06/16 18:46:05 thorpej Exp $");
RCSID("$Id: kdb_edit.c,v 1.1.1.2 2000/12/29 01:42:18 assar Exp $");
#ifdef DEBUG
extern kerb_debug;

2
crypto/dist/krb4/admin/kdb_init.c vendored
View File

@ -10,7 +10,7 @@
#include "adm_locl.h"
RCSID("$Id: kdb_init.c,v 1.1.1.1 2000/06/16 18:46:05 thorpej Exp $");
RCSID("$Id: kdb_init.c,v 1.1.1.2 2000/12/29 01:42:18 assar Exp $");
enum ap_op {
NULL_KEY, /* setup null keys */

20
crypto/dist/krb4/admin/kdb_util.c vendored
View File

@ -15,7 +15,7 @@
#include "adm_locl.h"
RCSID("$Id: kdb_util.c,v 1.1.1.1 2000/06/16 18:46:05 thorpej Exp $");
RCSID("$Id: kdb_util.c,v 1.1.1.2 2000/12/29 01:42:19 assar Exp $");
static des_cblock master_key, new_master_key;
static des_key_schedule master_key_schedule, new_master_key_schedule;
@ -489,15 +489,19 @@ main(int argc, char **argv)
switch (op) {
case OP_DUMP:
if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
(fclose(file) == EOF))
err (1, "%s", file_name);
if ((dump_db(db_name, file, (void (*)(Principal *)) 0) == EOF)
|| (fflush(file) != 0)
|| (fsync(fileno(file)) != 0)
|| (fclose(file) == EOF))
err(1, "%s", file_name);
break;
case OP_SLAVE_DUMP:
if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
(fclose(file) == EOF))
err (1, "%s", file_name);
update_ok_file (file_name);
if ((dump_db(db_name, file, (void (*)(Principal *)) 0) == EOF)
|| (fflush(file) != 0)
|| (fsync(fileno(file)) != 0)
|| (fclose(file) == EOF))
err(1, "%s", file_name);
update_ok_file(file_name);
break;
case OP_LOAD:
load_db (db_name, file);

2
crypto/dist/krb4/admin/kstash.c vendored
View File

@ -10,7 +10,7 @@
#include "adm_locl.h"
RCSID("$Id: kstash.c,v 1.1.1.1 2000/06/16 18:46:05 thorpej Exp $");
RCSID("$Id: kstash.c,v 1.1.1.2 2000/12/29 01:42:19 assar Exp $");
/* change this later, but krblib_dbm needs it for now */

4
crypto/dist/krb4/appl/Makefile.in vendored
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.1.1.1 2000/06/16 18:46:12 thorpej Exp $
# $Id: Makefile.in,v 1.1.1.2 2000/12/29 01:42:19 assar Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -8,7 +8,7 @@ SHELL = /bin/sh
@SET_MAKE@
SUBDIRS = sample kauth bsd movemail push afsutil \
popper xnlock kx @OTP_dir@ @APPL_KIP_DIR@ ftp telnet
popper xnlock kx kip @OTP_dir@ ftp telnet
all:
for i in $(SUBDIRS); \

2
crypto/dist/krb4/appl/afsutil/Makefile.in vendored
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.1.1.1 2000/06/16 18:46:14 thorpej Exp $
# $Id: Makefile.in,v 1.1.1.2 2000/12/29 01:42:19 assar Exp $
SHELL = /bin/sh

34
crypto/dist/krb4/appl/afsutil/aklog.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -66,7 +66,7 @@
#include <roken.h>
RCSID("$Id: aklog.c,v 1.1.1.1 2000/06/16 18:46:14 thorpej Exp $");
RCSID("$Id: aklog.c,v 1.1.1.2 2000/12/29 01:42:19 assar Exp $");
static int debug = 0;
@ -89,15 +89,15 @@ DEBUG(const char *fmt, ...)
}
static char *
expand_cell_name(char *cell)
expand_1 (const char *cell, const char *filename)
{
FILE *f;
static char buf[128];
char *p;
f = fopen(_PATH_CELLSERVDB, "r");
f = fopen(filename, "r");
if(f == NULL)
return cell;
return NULL;
while(fgets(buf, sizeof(buf), f) != NULL) {
if(buf[0] == '>') {
for(p=buf; *p && !isspace(*p) && *p != '#'; p++)
@ -111,11 +111,25 @@ expand_cell_name(char *cell)
buf[0] = 0;
}
fclose(f);
return NULL;
}
static const char *
expand_cell_name(const char *cell)
{
char *ret;
ret = expand_1(cell, _PATH_CELLSERVDB);
if (ret != NULL)
return ret;
ret = expand_1(cell, _PATH_ARLA_CELLSERVDB);
if (ret != NULL)
return ret;
return cell;
}
static int
createuser (char *cell)
createuser (const char *cell)
{
char cellbuf[64];
char name[ANAME_SZ];
@ -129,9 +143,11 @@ createuser (char *cell)
f = fopen (_PATH_THISCELL, "r");
if (f == NULL)
err (1, "open(%s)", _PATH_THISCELL);
f = fopen (_PATH_ARLA_THISCELL, "r");
if (f == NULL)
err (1, "open(%s, %s)", _PATH_THISCELL, _PATH_ARLA_THISCELL);
if (fgets (cellbuf, sizeof(cellbuf), f) == NULL)
err (1, "read cellname from %s", _PATH_THISCELL);
err (1, "read cellname from %s %s", _PATH_THISCELL, _PATH_ARLA_THISCELL);
fclose (f);
len = strlen(cellbuf);
if (cellbuf[len-1] == '\n')
@ -156,7 +172,7 @@ main(int argc, char **argv)
int i;
int do_aklog = -1;
int do_createuser = -1;
char *cell = NULL;
const char *cell = NULL;
char *realm = NULL;
char cellbuf[64];

2
crypto/dist/krb4/appl/afsutil/kstring2key.c vendored
View File

@ -33,7 +33,7 @@
#include "config.h"
RCSID("$Id: kstring2key.c,v 1.1.1.1 2000/06/16 18:46:14 thorpej Exp $");
RCSID("$Id: kstring2key.c,v 1.1.1.2 2000/12/29 01:42:19 assar Exp $");
#include <stdio.h>
#include <string.h>

2
crypto/dist/krb4/appl/afsutil/pagsh.c vendored
View File

@ -35,7 +35,7 @@
#include <config.h>
#endif
RCSID("$Id: pagsh.c,v 1.1.1.1 2000/06/16 18:46:14 thorpej Exp $");
RCSID("$Id: pagsh.c,v 1.1.1.2 2000/12/29 01:42:19 assar Exp $");
#include <stdio.h>
#include <stdlib.h>

2
crypto/dist/krb4/appl/bsd/Makefile.in vendored
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $
# $Id: Makefile.in,v 1.1.1.2 2000/12/29 01:42:19 assar Exp $
SHELL = /bin/sh

6
crypto/dist/krb4/appl/bsd/bsd_locl.h vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: bsd_locl.h,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $ */
/* $Id: bsd_locl.h,v 1.1.1.2 2000/12/29 01:42:19 assar Exp $ */
#define LOGALL
#define KERBEROS
@ -395,3 +395,5 @@ void prepare_utmp (struct utmp *utmp, char *tty, char *username,
#endif
int do_osfc2_magic(uid_t);
void paranoid_setuid (uid_t uid);

2
crypto/dist/krb4/appl/bsd/encrypt.c vendored
View File

@ -46,7 +46,7 @@
#include "bsd_locl.h"
RCSID("$Id: encrypt.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: encrypt.c,v 1.1.1.2 2000/12/29 01:42:20 assar Exp $");
/* replacements for htonl and ntohl since I have no idea what to do
* when faced with machines with 8 byte longs. */

2
crypto/dist/krb4/appl/bsd/forkpty.c vendored
View File

@ -35,7 +35,7 @@
#ifndef HAVE_FORKPTY
RCSID("$Id: forkpty.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: forkpty.c,v 1.1.1.2 2000/12/29 01:42:20 assar Exp $");
/* Only CRAY is known to have problems with forkpty(). */
#if defined(CRAY)

10
crypto/dist/krb4/appl/bsd/kcmd.c vendored
View File

@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: kcmd.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: kcmd.c,v 1.1.1.2 2000/12/29 01:42:20 assar Exp $");
#define START_PORT 5120 /* arbitrary */
@ -185,6 +185,14 @@ kcmd(int *sock,
{
fd_set fds;
FD_ZERO(&fds);
if (s >= FD_SETSIZE || s2 >= FD_SETSIZE) {
warnx("file descriptor too large");
close(s);
close(s2);
status = -1;
goto bad;
}
FD_SET(s, &fds);
FD_SET(s2, &fds);
status = select(FD_SETSIZE, &fds, NULL, NULL, NULL);

2
crypto/dist/krb4/appl/bsd/klogin.c vendored
View File

@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: klogin.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: klogin.c,v 1.1.1.2 2000/12/29 01:42:20 assar Exp $");
#ifdef KERBEROS

2
crypto/dist/krb4/appl/bsd/krcmd.c vendored
View File

@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: krcmd.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: krcmd.c,v 1.1.1.2 2000/12/29 01:42:20 assar Exp $");
#define SERVICE_NAME "rcmd"

34
crypto/dist/krb4/appl/bsd/login.c vendored
View File

@ -45,7 +45,7 @@
#include <sys/capability.h>
#endif
RCSID("$Id: login.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: login.c,v 1.1.1.2 2000/12/29 01:42:21 assar Exp $");
#ifdef OTP
#include <otp.h>
@ -596,22 +596,28 @@ main(int argc, char **argv)
if (pwd->pw_change || pwd->pw_expire)
gettimeofday(&tp, (struct timezone *)NULL);
if (pwd->pw_change)
if (pwd->pw_change) {
time_t t;
if (tp.tv_sec >= pwd->pw_change) {
printf("Sorry -- your password has expired.\n");
changepass=1;
} else if (pwd->pw_change - tp.tv_sec <
2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
2 * DAYSPERWEEK * SECSPERDAY && !quietlog) {
t = pwd->pw_change;
printf("Warning: your password expires on %s",
ctime(&pwd->pw_change));
ctime(&t));
}
if (pwd->pw_expire)
if (tp.tv_sec >= pwd->pw_expire) {
printf("Sorry -- your account has expired.\n");
sleepexit(1);
} else if (pwd->pw_expire - tp.tv_sec <
2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
2 * DAYSPERWEEK * SECSPERDAY && !quietlog) {
t = pwd->pw_expire;
printf("Warning: your account expires on %s",
ctime(&pwd->pw_expire));
ctime(&t));
}
#endif /* defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) */
/* Nothing else left to fail -- really log in. */
@ -788,6 +794,11 @@ main(int argc, char **argv)
if(!rootlogin)
exit(1);
}
if (uid != 0 && setuid(0) != -1) {
syslog(LOG_ALERT | LOG_AUTH,
"Failed to drop privileges for user %d", uid);
errx(1, "Sorry");
}
}
@ -953,6 +964,7 @@ dolastlog(int quiet)
#if defined(HAVE_LASTLOG_H) || defined(HAVE_LOGIN_H)
struct lastlog ll;
int fd;
time_t t;
if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
@ -966,8 +978,8 @@ dolastlog(int quiet)
sleepexit(1);
}
if (!quiet) {
printf("Last login: %.*s ",
24-5, ctime(&ll.ll_time));
t = ll.ll_time;
printf("Last login: %.*s ", 24-5, ctime(&t));
if (*ll.ll_host != '\0') {
printf("from %.*s\n",
(int)sizeof(ll.ll_host),
@ -983,8 +995,8 @@ dolastlog(int quiet)
if (!quiet) {
if (read(fd, &ll, sizeof(ll)) == sizeof(ll) &&
ll.ll_time != 0) {
printf("Last login: %.*s ",
24-5, ctime(&ll.ll_time));
t = ll.ll_time;
printf("Last login: %.*s ", 24-5, ctime(&t));
if (*ll.ll_host != '\0')
printf("from %.*s\n",
(int)sizeof(ll.ll_host),
@ -998,7 +1010,7 @@ dolastlog(int quiet)
}
#endif /* SYSV_SHADOW */
memset(&ll, 0, sizeof(ll));
time(&ll.ll_time);
ll.ll_time = time(NULL);
strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
if (hostname)
strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));

2
crypto/dist/krb4/appl/bsd/login_access.c vendored
View File

@ -9,7 +9,7 @@
#include "bsd_locl.h"
RCSID("$Id: login_access.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: login_access.c,v 1.1.1.2 2000/12/29 01:42:21 assar Exp $");
#ifdef LOGIN_ACCESS

2
crypto/dist/krb4/appl/bsd/login_fbtab.c vendored
View File

@ -58,7 +58,7 @@
#include "bsd_locl.h"
RCSID("$Id: login_fbtab.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: login_fbtab.c,v 1.1.1.2 2000/12/29 01:42:21 assar Exp $");
void login_protect (char *, char *, int, uid_t, gid_t);
void login_fbtab (char *tty, uid_t uid, gid_t gid);

2
crypto/dist/krb4/appl/bsd/osfc2.c vendored
View File

@ -32,7 +32,7 @@
*/
#include "bsd_locl.h"
RCSID("$Id: osfc2.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: osfc2.c,v 1.1.1.2 2000/12/29 01:42:21 assar Exp $");
int
do_osfc2_magic(uid_t uid)

2
crypto/dist/krb4/appl/bsd/pathnames.h vendored
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* from: @(#)pathnames.h 5.2 (Berkeley) 4/9/90
* $Id: pathnames.h,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $
* $Id: pathnames.h,v 1.1.1.2 2000/12/29 01:42:21 assar Exp $
*/
/******* First fix default path, we stick to _PATH_DEFPATH everywhere */

20
crypto/dist/krb4/appl/bsd/rcmd_util.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: rcmd_util.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: rcmd_util.c,v 1.1.1.2 2000/12/29 01:42:21 assar Exp $");
int
get_login_port(int kerberos, int encryption)
@ -245,3 +245,19 @@ warning(const char *fmt, ...)
}
va_end(args);
}
/*
* setuid but work-around Linux 2.2.15 bug with setuid and capabilities
*/
void
paranoid_setuid (uid_t uid)
{
if (setuid (uid) < 0)
err (1, "setuid");
if (uid != 0 && setuid (0) == 0) {
syslog(LOG_ALERT | LOG_AUTH,
"Failed to drop privileges for uid %u", (unsigned)uid);
err (1, "setuid");
}
}

8
crypto/dist/krb4/appl/bsd/rcp.c vendored
View File

@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: rcp.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: rcp.c,v 1.1.1.2 2000/12/29 01:42:22 assar Exp $");
/* Globals */
static char dst_realm_buf[REALM_SZ];
@ -415,7 +415,7 @@ kerberos(char **host, char *bp, char *locuser, char *user)
int sock = -1, err;
if (use_kerberos) {
setuid(getuid());
paranoid_setuid(getuid());
rem = KSUCCESS;
errno = 0;
if (dest_realm == NULL)
@ -559,7 +559,7 @@ toremote(char *targ, int argc, char **argv)
if (response() < 0)
exit(1);
free(bp);
setuid(userid);
paranoid_setuid(userid);
}
source(1, argv+i);
}
@ -1002,7 +1002,7 @@ main(int argc, char **argv)
response();
if(do_osfc2_magic(pwd->pw_uid))
exit(1);
setuid(userid);
paranoid_setuid(userid);
if (k_hasafs()) {
/* Sometimes we will need cell specific tokens
* to be able to read and write files, thus,

2
crypto/dist/krb4/appl/bsd/rcp_util.c vendored
View File

@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: rcp_util.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: rcp_util.c,v 1.1.1.2 2000/12/29 01:42:22 assar Exp $");
char *
colon(char *cp)

8
crypto/dist/krb4/appl/bsd/rlogin.c vendored
View File

@ -36,7 +36,7 @@
*/
#include "bsd_locl.h"
RCSID("$Id: rlogin.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: rlogin.c,v 1.1.1.2 2000/12/29 01:42:22 assar Exp $");
CREDENTIALS cred;
Key_schedule schedule;
@ -241,6 +241,8 @@ reader(void)
rcvcnt = 0;
FD_ZERO (&readfds);
if (rem >= FD_SETSIZE)
errx (1, "fd too large");
FD_SET (rem, &readfds);
FD_ZERO (&exceptfds);
if (kludgep)
@ -641,7 +643,7 @@ main(int argc, char **argv)
get_window_size(0, &winsize);
if (use_kerberos) {
setuid(getuid());
paranoid_setuid(getuid());
rem = KSUCCESS;
errno = 0;
if (dest_realm == NULL)
@ -703,7 +705,7 @@ main(int argc, char **argv)
#endif /* IP_TOS */
#endif /* HAVE_SETSOCKOPT */
setuid(uid);
paranoid_setuid(uid);
doit();
return 0;
}

13
crypto/dist/krb4/appl/bsd/rlogind.c vendored
View File

@ -42,7 +42,7 @@
#include "bsd_locl.h"
RCSID("$Id: rlogind.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: rlogind.c,v 1.1.1.2 2000/12/29 01:42:23 assar Exp $");
extern int __check_rhosts_file;
@ -257,7 +257,7 @@ rlogind_logout(const char *line)
ut.ut_exit.e_exit = 0;
#endif
#endif
time(&ut.ut_time);
ut.ut_time = time(NULL);
fseek(fp, (long)-sizeof(struct utmp), SEEK_CUR);
fwrite(&ut, sizeof(struct utmp), 1, fp);
fseek(fp, (long)0, SEEK_CUR);
@ -297,7 +297,7 @@ logwtmp(const char *line, const char *name, const char *host)
else
ut.ut_type = DEAD_PROCESS;
#endif
time(&ut.ut_time);
ut.ut_time = time(NULL);
if (write(fd, &ut, sizeof(struct utmp)) !=
sizeof(struct utmp))
ftruncate(fd, buf.st_size);
@ -491,6 +491,13 @@ doit(int f, struct sockaddr_in *fromp)
execl(new_login, "login", "-p",
"-h", hostname, "-f", "--", lusername, 0);
} else if (use_kerberos) {
fprintf(stderr, "User `%s' is not authorized to login as `%s'!\n",
krb_unparse_name_long(kdata->pname,
kdata->pinst,
kdata->prealm),
lusername);
exit(1);
} else
execl(new_login, "login", "-p",
"-h", hostname, "--", lusername, 0);

16
crypto/dist/krb4/appl/bsd/rsh.c vendored
View File

@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: rsh.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: rsh.c,v 1.1.1.2 2000/12/29 01:42:23 assar Exp $");
CREDENTIALS cred;
Key_schedule schedule;
@ -107,7 +107,10 @@ talk(int nflag, sigset_t omask, int pid, int rem)
goto done;
bp = buf;
rewrite: FD_ZERO(&rembits);
rewrite:
FD_ZERO(&rembits);
if (rem >= FD_SETSIZE)
errx(1, "fd too large");
FD_SET(rem, &rembits);
if (select(rem + 1, 0, &rembits, 0, 0) < 0) {
if (errno != EINTR)
@ -140,6 +143,8 @@ talk(int nflag, sigset_t omask, int pid, int rem)
if (sigprocmask(SIG_SETMASK, &omask, 0) != 0)
warn("sigprocmask");
FD_ZERO(&readfrom);
if (rem >= FD_SETSIZE || rfd2 >= FD_SETSIZE)
errx(1, "fd too large");
FD_SET(rem, &readfrom);
FD_SET(rfd2, &readfrom);
do {
@ -253,7 +258,7 @@ main(int argc, char **argv)
/* if no further arguments, must have been called as rlogin. */
if (!argv[optind]) {
*argv = "rlogin";
setuid(getuid());
paranoid_setuid (getuid ());
execv(_PATH_RLOGIN, argv);
err(1, "can't exec %s", _PATH_RLOGIN);
}
@ -282,7 +287,7 @@ main(int argc, char **argv)
sv_port = get_shell_port(use_kerberos, doencrypt);
if (use_kerberos) {
setuid(getuid());
paranoid_setuid(getuid());
rem = KSUCCESS;
errno = 0;
if (dest_realm == NULL)
@ -342,7 +347,7 @@ main(int argc, char **argv)
}
#endif
setuid(uid);
paranoid_setuid(uid);
{
sigset_t sigmsk;
sigemptyset(&sigmsk);
@ -358,6 +363,7 @@ main(int argc, char **argv)
signal(SIGQUIT, sendsig);
if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
signal(SIGTERM, sendsig);
signal(SIGPIPE, SIG_IGN);
if (!nfork) {
pid = fork();

28
crypto/dist/krb4/appl/bsd/rshd.c vendored
View File

@ -42,7 +42,7 @@
#include "bsd_locl.h"
RCSID("$Id: rshd.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: rshd.c,v 1.1.1.2 2000/12/29 01:42:23 assar Exp $");
extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */
extern int __check_rhosts_file;
@ -200,6 +200,8 @@ doit(struct sockaddr_in *fromp)
char *cp, sig, buf[DES_RW_MAXWRITE];
char cmdbuf[NCARGS+1], locuser[16], remuser[16];
char remotehost[2 * MaxHostNameLen + 1];
uid_t uid;
char shell_path[MAXPATHLEN];
AUTH_DAT *kdata;
KTEXT ticket;
@ -433,6 +435,11 @@ doit(struct sockaddr_in *fromp)
close(2);
close(pv[1]);
if (s >= FD_SETSIZE || pv[0] >= FD_SETSIZE) {
error ("fd too large\n");
exit (1);
}
FD_ZERO(&readfrom);
FD_SET(s, &readfrom);
FD_SET(pv[0], &readfrom);
@ -441,6 +448,11 @@ doit(struct sockaddr_in *fromp)
else
nfd = s;
if (doencrypt) {
if (pv2[1] >= FD_SETSIZE || pv1[0] >= FD_SETSIZE) {
error ("fd too large\n");
exit (1);
}
FD_ZERO(&writeto);
FD_SET(pv2[1], &writeto);
FD_SET(pv1[0], &readfrom);
@ -571,14 +583,16 @@ doit(struct sockaddr_in *fromp)
snprintf(path, sizeof(path), "PATH=%s:%s", BINDIR, _PATH_DEFPATH);
strlcat(shell, pwd->pw_shell, sizeof(shell));
strlcpy(shell_path, pwd->pw_shell, sizeof(shell_path));
strlcat(username, pwd->pw_name, sizeof(username));
uid = pwd->pw_uid;
cp = strrchr(pwd->pw_shell, '/');
if (cp)
cp++;
else
cp = pwd->pw_shell;
endpwent();
if (log_success || pwd->pw_uid == 0) {
if (log_success || uid == 0) {
if (use_kerberos)
syslog(LOG_INFO|LOG_AUTH,
"Kerberos shell from %s on %s as %s, cmd='%.80s'",
@ -591,12 +605,16 @@ doit(struct sockaddr_in *fromp)
remuser, remotehost, locuser, cmdbuf);
}
if (k_hasafs()) {
char cell[64];
if (new_pag)
k_setpag(); /* Put users process in an new pag */
krb_afslog(0, 0);
if (k_afs_cell_of_file (homedir, cell, sizeof(cell)) == 0)
krb_afslog_uid_home (cell, NULL, uid, homedir);
krb_afslog_uid_home(NULL, NULL, uid, homedir);
}
execle(pwd->pw_shell, cp, "-c", cmdbuf, 0, envinit);
err(1, pwd->pw_shell);
execle(shell_path, cp, "-c", cmdbuf, 0, envinit);
err(1, "%s", shell_path);
}
/*

2
crypto/dist/krb4/appl/bsd/stty_default.c vendored
View File

@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: stty_default.c,v 1.1.1.1 2000/06/16 18:46:16 thorpej Exp $");
RCSID("$Id: stty_default.c,v 1.1.1.2 2000/12/29 01:42:23 assar Exp $");
#include <termios.h>

57
crypto/dist/krb4/appl/bsd/su.c vendored
View File

@ -33,20 +33,20 @@
#include "bsd_locl.h"
RCSID ("$Id: su.c,v 1.1.1.1 2000/06/16 18:46:17 thorpej Exp $");
RCSID ("$Id: su.c,v 1.1.1.2 2000/12/29 01:42:23 assar Exp $");
#ifdef SYSV_SHADOW
#include "sysv_shadow.h"
#endif
static int kerberos (char *username, char *user, int uid);
static int kerberos (char *username, char *user, char *realm, int uid);
static int chshell (char *sh);
static char *ontty (void);
static int koktologin (char *name, char *realm, char *toname);
static int chshell (char *sh);
/* Handle '-' option after all the getopt options */
#define ARGSTR "Kflmti:"
#define ARGSTR "Kkflmti:r:"
int destroy_tickets = 0;
static int use_kerberos = 1;
@ -63,15 +63,22 @@ main (int argc, char **argv)
enum { UNSET, YES, NO } iscsh = UNSET;
char *user, *shell, *avshell, *username, **np;
char shellbuf[MaxPathLen], avshellbuf[MaxPathLen];
char *realm = NULL;
set_progname (argv[0]);
if (getuid() == 0)
use_kerberos = 0;
asme = asthem = fastlogin = 0;
while ((ch = getopt (argc, argv, ARGSTR)) != -1)
switch ((char) ch) {
case 'K':
use_kerberos = 0;
break;
case 'k':
use_kerberos = 1;
break;
case 'f':
fastlogin = 1;
break;
@ -89,10 +96,13 @@ main (int argc, char **argv)
case 'i':
root_inst = optarg;
break;
case 'r':
realm = optarg;
break;
case '?':
default:
fprintf (stderr,
"usage: su [-Kflmt] [-i root-instance] [-] [login]\n");
"usage: su [-Kkflmt] [-i root-instance] [-r realm] [-] [login]\n");
exit (1);
}
/* Don't handle '-' option with getopt */
@ -150,7 +160,7 @@ main (int argc, char **argv)
syslog (LOG_ALERT, "NIS attack, user %s has uid 0", user);
errx (1, "unknown login %s", user);
}
if (!use_kerberos || kerberos (username, user, pwd->pw_uid)) {
if (!use_kerberos || kerberos (username, user, realm, pwd->pw_uid)) {
#ifndef PASSWD_FALLBACK
errx (1, "won't use /etc/passwd authentication");
#endif
@ -225,12 +235,22 @@ main (int argc, char **argv)
if (setgid (pwd->pw_gid) < 0)
err (1, "setgid");
if (initgroups (user, pwd->pw_gid))
errx (1, "initgroups failed.");
if (initgroups (user, pwd->pw_gid)) {
if (errno == E2BIG) /* Member of too many groups! */
warn("initgroups failed.");
else
errx(1, "initgroups failed.");
}
if (setuid (pwd->pw_uid) < 0)
err (1, "setuid");
if (pwd->pw_uid != 0 && setuid(0) != -1) {
syslog(LOG_ALERT | LOG_AUTH,
"Failed to drop privileges for user %s", pwd->pw_name);
errx(1, "Sorry");
}
if (!asme) {
if (asthem) {
char *k = getenv ("KRBTKFILE");
@ -321,19 +341,26 @@ ontty (void)
}
static int
kerberos (char *username, char *user, int uid)
kerberos (char *username, char *user, char *lrealm, int uid)
{
KTEXT_ST ticket;
AUTH_DAT authdata;
struct hostent *hp;
int kerno;
u_long faddr;
char lrealm[REALM_SZ], krbtkfile[MaxPathLen];
char tmp_realm[REALM_SZ], krbtkfile[MaxPathLen];
char hostname[MaxHostNameLen], savehost[MaxHostNameLen];
int n;
int allowed = 0;
if (krb_get_lrealm (lrealm, 1) != KSUCCESS)
return (1);
if (koktologin (username, lrealm, user) && !uid) {
if (lrealm != NULL) {
allowed = koktologin (username, lrealm, user) == 0;
} else {
for (n = 1; !allowed && krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n)
allowed = koktologin (username, tmp_realm, user) == 0;
lrealm = tmp_realm;
}
if (!allowed && !uid) {
#ifndef PASSWD_FALLBACK
warnx ("not in %s's ACL.", user);
#endif
@ -416,7 +443,11 @@ kerberos (char *username, char *user, int uid)
}
strlcpy (savehost, krb_get_phost (hostname), sizeof (savehost));
kerno = krb_mk_req (&ticket, "rcmd", savehost, lrealm, 33);
for (n = 1; krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n) {
kerno = krb_mk_req (&ticket, "rcmd", savehost, tmp_realm, 33);
if (kerno == 0)
break;
}
if (kerno == KDC_PR_UNKNOWN) {
warnx ("Warning: TGT not verified.");

2
crypto/dist/krb4/appl/bsd/sysv_default.c vendored
View File

@ -2,7 +2,7 @@
#include "bsd_locl.h"
RCSID("$Id: sysv_default.c,v 1.1.1.1 2000/06/16 18:46:17 thorpej Exp $");
RCSID("$Id: sysv_default.c,v 1.1.1.2 2000/12/29 01:42:23 assar Exp $");
#include "sysv_default.h"

2
crypto/dist/krb4/appl/bsd/sysv_default.h vendored
View File

@ -1,6 +1,6 @@
/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
/* $Id: sysv_default.h,v 1.1.1.1 2000/06/16 18:46:17 thorpej Exp $ */
/* $Id: sysv_default.h,v 1.1.1.2 2000/12/29 01:42:23 assar Exp $ */
extern char *default_console;
extern char *default_altsh;

2
crypto/dist/krb4/appl/bsd/sysv_environ.c vendored
View File

@ -2,7 +2,7 @@
#include "bsd_locl.h"
RCSID("$Id: sysv_environ.c,v 1.1.1.1 2000/06/16 18:46:17 thorpej Exp $");
RCSID("$Id: sysv_environ.c,v 1.1.1.2 2000/12/29 01:42:24 assar Exp $");
#ifdef HAVE_ULIMIT_H
#include <ulimit.h>

2
crypto/dist/krb4/appl/bsd/sysv_shadow.c vendored
View File

@ -2,7 +2,7 @@
#include "bsd_locl.h"
RCSID("$Id: sysv_shadow.c,v 1.1.1.1 2000/06/16 18:46:17 thorpej Exp $");
RCSID("$Id: sysv_shadow.c,v 1.1.1.2 2000/12/29 01:42:24 assar Exp $");
#ifdef SYSV_SHADOW

2
crypto/dist/krb4/appl/bsd/sysv_shadow.h vendored
View File

@ -1,4 +1,4 @@
/* $Id: sysv_shadow.h,v 1.1.1.1 2000/06/16 18:46:17 thorpej Exp $ */
/* $Id: sysv_shadow.h,v 1.1.1.2 2000/12/29 01:42:24 assar Exp $ */
#include <shadow.h>

2
crypto/dist/krb4/appl/bsd/tty.c vendored
View File

@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: tty.c,v 1.1.1.1 2000/06/16 18:46:17 thorpej Exp $");
RCSID("$Id: tty.c,v 1.1.1.2 2000/12/29 01:42:24 assar Exp $");
/*
* Clean the tty name. Return a pointer to the cleaned version.

2
crypto/dist/krb4/appl/bsd/utmp_login.c vendored
View File

@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: utmp_login.c,v 1.1.1.1 2000/06/16 18:46:17 thorpej Exp $");
RCSID("$Id: utmp_login.c,v 1.1.1.2 2000/12/29 01:42:24 assar Exp $");
#ifdef HAVE_UTMP_H
void

2
crypto/dist/krb4/appl/bsd/utmpx_login.c vendored
View File

@ -2,7 +2,7 @@
#include "bsd_locl.h"
RCSID("$Id: utmpx_login.c,v 1.1.1.1 2000/06/16 18:46:17 thorpej Exp $");
RCSID("$Id: utmpx_login.c,v 1.1.1.2 2000/12/29 01:42:24 assar Exp $");
/* utmpx_login - update utmp and wtmp after login */

8
crypto/dist/krb4/appl/ftp/ChangeLog vendored
View File

@ -1,3 +1,11 @@
2000-03-26 Assar Westerlund <assar@sics.se>
* ftpd/ls.c, ftpd/ftpcmd.y, ftp/cmds.c: make sure to always call
time, ctime, and gmtime with `time_t's. there were some types
(like in lastlog) that we believed to always be time_t. this has
proven wrong on Solaris 8 in 64-bit mode, where they are stored as
32-bit quantities but time_t has gone up to 64 bits
1999-11-30 Assar Westerlund <assar@sics.se>
* ftpd/ftpd.c (getdatasock): make sure to keep the port-number of

2
crypto/dist/krb4/appl/ftp/Makefile.am vendored
View File

@ -1,4 +1,4 @@
# $Id: Makefile.am,v 1.1.1.1 2000/06/16 18:46:17 thorpej Exp $
# $Id: Makefile.am,v 1.1.1.2 2000/12/29 01:42:52 assar Exp $
include $(top_srcdir)/Makefile.am.common

2
crypto/dist/krb4/appl/ftp/Makefile.in vendored
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.1.1.1 2000/06/16 18:46:17 thorpej Exp $
# $Id: Makefile.in,v 1.1.1.2 2000/12/29 01:42:52 assar Exp $
srcdir = @srcdir@
top_srcdir = @top_srcdir@

2
crypto/dist/krb4/appl/ftp/common/Makefile.am vendored
View File

@ -1,4 +1,4 @@
# $Id: Makefile.am,v 1.1.1.1 2000/06/16 18:46:18 thorpej Exp $
# $Id: Makefile.am,v 1.1.1.2 2000/12/29 01:42:52 assar Exp $
include $(top_srcdir)/Makefile.am.common

2
crypto/dist/krb4/appl/ftp/common/Makefile.in vendored
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.1.1.1 2000/06/16 18:46:18 thorpej Exp $
# $Id: Makefile.in,v 1.1.1.2 2000/12/29 01:42:52 assar Exp $
SHELL = /bin/sh

2
crypto/dist/krb4/appl/ftp/common/buffer.c vendored
View File

@ -36,7 +36,7 @@
#include <err.h>
#include "roken.h"
RCSID("$Id: buffer.c,v 1.1.1.1 2000/06/16 18:46:18 thorpej Exp $");
RCSID("$Id: buffer.c,v 1.1.1.2 2000/12/29 01:42:52 assar Exp $");
/*
* Allocate a buffer enough to handle st->st_blksize, if

2
crypto/dist/krb4/appl/ftp/common/common.h vendored
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: common.h,v 1.1.1.1 2000/06/16 18:46:18 thorpej Exp $ */
/* $Id: common.h,v 1.1.1.2 2000/12/29 01:42:52 assar Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>

2
crypto/dist/krb4/appl/ftp/common/sockbuf.c vendored
View File

@ -39,7 +39,7 @@
#include <sys/socket.h>
#endif
RCSID("$Id: sockbuf.c,v 1.1.1.1 2000/06/16 18:46:18 thorpej Exp $");
RCSID("$Id: sockbuf.c,v 1.1.1.2 2000/12/29 01:42:53 assar Exp $");
void
set_buffer_size(int fd, int read)

2
crypto/dist/krb4/appl/ftp/ftp/Makefile.am vendored
View File

@ -1,4 +1,4 @@
# $Id: Makefile.am,v 1.1.1.1 2000/06/16 18:46:18 thorpej Exp $
# $Id: Makefile.am,v 1.1.1.2 2000/12/29 01:42:53 assar Exp $
include $(top_srcdir)/Makefile.am.common

2
crypto/dist/krb4/appl/ftp/ftp/Makefile.in vendored
View File

@ -1,5 +1,5 @@
#
# $Id: Makefile.in,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $
# $Id: Makefile.in,v 1.1.1.2 2000/12/29 01:42:53 assar Exp $
#
SHELL = /bin/sh

5
crypto/dist/krb4/appl/ftp/ftp/cmds.c vendored
View File

@ -36,7 +36,7 @@
*/
#include "ftp_locl.h"
RCSID("$Id: cmds.c,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $");
RCSID("$Id: cmds.c,v 1.1.1.2 2000/12/29 01:42:53 assar Exp $");
typedef void (*sighand)(int);
@ -647,6 +647,7 @@ getit(int argc, char **argv, int restartit, char *mode)
int cmdret;
int yy, mo, day, hour, min, sec;
struct tm *tm;
time_t mtime = stbuf.st_mtime;
overbose = verbose;
if (debug == 0)
@ -665,7 +666,7 @@ getit(int argc, char **argv, int restartit, char *mode)
return (0);
}
tm = gmtime(&stbuf.st_mtime);
tm = gmtime(&mtime);
tm->tm_mon++;
tm->tm_year += 1900;

2
crypto/dist/krb4/appl/ftp/ftp/domacro.c vendored
View File

@ -32,7 +32,7 @@
*/
#include "ftp_locl.h"
RCSID("$Id: domacro.c,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $");
RCSID("$Id: domacro.c,v 1.1.1.2 2000/12/29 01:42:54 assar Exp $");
void
domacro(int argc, char **argv)

2
crypto/dist/krb4/appl/ftp/ftp/extern.h vendored
View File

@ -33,7 +33,7 @@
* @(#)extern.h 8.3 (Berkeley) 10/9/94
*/
/* $Id: extern.h,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $ */
/* $Id: extern.h,v 1.1.1.2 2000/12/29 01:42:54 assar Exp $ */
#include <setjmp.h>
#include <stdlib.h>

27
crypto/dist/krb4/appl/ftp/ftp/ftp.c vendored
View File

@ -32,7 +32,7 @@
*/
#include "ftp_locl.h"
RCSID ("$Id: ftp.c,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $");
RCSID ("$Id: ftp.c,v 1.1.1.2 2000/12/29 01:42:55 assar Exp $");
struct sockaddr_storage hisctladdr_ss;
struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss;
@ -193,8 +193,9 @@ login (char *host)
printf ("Name (%s:%s): ", host, myname);
else
printf ("Name (%s): ", host);
fgets (tmp, sizeof (tmp) - 1, stdin);
tmp[strlen (tmp) - 1] = '\0';
*tmp = '\0';
if (fgets (tmp, sizeof (tmp) - 1, stdin) != NULL)
tmp[strlen (tmp) - 1] = '\0';
if (*tmp == '\0')
user = myname;
else
@ -203,24 +204,26 @@ login (char *host)
strlcpy(username, user, sizeof(username));
n = command("USER %s", user);
if (n == CONTINUE) {
if(sec_complete)
pass = myname;
else if (pass == NULL) {
if (pass == NULL) {
char prompt[128];
if(myname &&
(!strcmp(user, "ftp") || !strcmp(user, "anonymous"))){
(!strcmp(user, "ftp") || !strcmp(user, "anonymous"))) {
snprintf(defaultpass, sizeof(defaultpass),
"%s@%s", myname, mydomain);
snprintf(prompt, sizeof(prompt),
"Password (%s): ", defaultpass);
}else{
} else if (sec_complete) {
pass = myname;
} else {
*defaultpass = '\0';
snprintf(prompt, sizeof(prompt), "Password: ");
}
pass = defaultpass;
des_read_pw_string (tmp, sizeof (tmp), prompt, 0);
if (tmp[0])
pass = tmp;
if (pass == NULL) {
pass = defaultpass;
des_read_pw_string (tmp, sizeof (tmp), prompt, 0);
if (tmp[0])
pass = tmp;
}
}
n = command ("PASS %s", pass);
}

2
crypto/dist/krb4/appl/ftp/ftp/ftp_locl.h vendored
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: ftp_locl.h,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $ */
/* $Id: ftp_locl.h,v 1.1.1.2 2000/12/29 01:42:55 assar Exp $ */
#ifndef __FTP_LOCL_H__
#define __FTP_LOCL_H__

2
crypto/dist/krb4/appl/ftp/ftp/globals.c vendored
View File

@ -1,5 +1,5 @@
#include "ftp_locl.h"
RCSID("$Id: globals.c,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $");
RCSID("$Id: globals.c,v 1.1.1.2 2000/12/29 01:42:55 assar Exp $");
/*
* Options and other state info.

2
crypto/dist/krb4/appl/ftp/ftp/gssapi.c vendored
View File

@ -38,7 +38,7 @@
#endif
#include <gssapi.h>
RCSID("$Id: gssapi.c,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $");
RCSID("$Id: gssapi.c,v 1.1.1.2 2000/12/29 01:42:55 assar Exp $");
struct gss_data {
gss_ctx_id_t context_hdl;

2
crypto/dist/krb4/appl/ftp/ftp/kauth.c vendored
View File

@ -33,7 +33,7 @@
#include "ftp_locl.h"
#include <krb.h>
RCSID("$Id: kauth.c,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $");
RCSID("$Id: kauth.c,v 1.1.1.2 2000/12/29 01:42:55 assar Exp $");
void
kauth(int argc, char **argv)

2
crypto/dist/krb4/appl/ftp/ftp/krb4.c vendored
View File

@ -38,7 +38,7 @@
#endif
#include <krb.h>
RCSID("$Id: krb4.c,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $");
RCSID("$Id: krb4.c,v 1.1.1.2 2000/12/29 01:42:55 assar Exp $");
#ifdef FTP_SERVER
#define LOCAL_ADDR ctrl_addr

6
crypto/dist/krb4/appl/ftp/ftp/main.c vendored
View File

@ -36,7 +36,7 @@
*/
#include "ftp_locl.h"
RCSID("$Id: main.c,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $");
RCSID("$Id: main.c,v 1.1.1.2 2000/12/29 01:42:56 assar Exp $");
int
main(int argc, char **argv)
@ -244,8 +244,10 @@ cmdscanner(int top)
if (fromatty) {
char *p;
p = readline("ftp> ");
if(p == NULL)
if(p == NULL) {
printf("\n");
quit(0, 0);
}
strlcpy(line, p, sizeof(line));
add_history(p);
free(p);

2
crypto/dist/krb4/appl/ftp/ftp/ruserpass.c vendored
View File

@ -32,7 +32,7 @@
*/
#include "ftp_locl.h"
RCSID("$Id: ruserpass.c,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $");
RCSID("$Id: ruserpass.c,v 1.1.1.2 2000/12/29 01:42:56 assar Exp $");
static int token (void);
static FILE *cfile;

2
crypto/dist/krb4/appl/ftp/ftp/security.c vendored
View File

@ -37,7 +37,7 @@
#include "ftp_locl.h"
#endif
RCSID("$Id: security.c,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $");
RCSID("$Id: security.c,v 1.1.1.2 2000/12/29 01:42:56 assar Exp $");
static enum protection_level command_prot;
static enum protection_level data_prot;

2
crypto/dist/krb4/appl/ftp/ftp/security.h vendored
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: security.h,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $ */
/* $Id: security.h,v 1.1.1.2 2000/12/29 01:42:56 assar Exp $ */
#ifndef __security_h__
#define __security_h__

2
crypto/dist/krb4/appl/ftp/ftpd/Makefile.am vendored
View File

@ -1,4 +1,4 @@
# $Id: Makefile.am,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $
# $Id: Makefile.am,v 1.1.1.2 2000/12/29 01:42:56 assar Exp $
include $(top_srcdir)/Makefile.am.common

2
crypto/dist/krb4/appl/ftp/ftpd/Makefile.in vendored
View File

@ -1,5 +1,5 @@
#
# $Id: Makefile.in,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $
# $Id: Makefile.in,v 1.1.1.2 2000/12/29 01:42:56 assar Exp $
#
srcdir = @srcdir@

10
crypto/dist/krb4/appl/ftp/ftpd/ftpcmd.y vendored
View File

@ -1,4 +1,4 @@
/* $NetBSD: ftpcmd.y,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $ */
/* $NetBSD: ftpcmd.y,v 1.1.1.2 2000/12/29 01:42:57 assar Exp $ */
/*
* Copyright (c) 1985, 1988, 1993, 1994
@ -43,7 +43,7 @@
%{
#include "ftpd_locl.h"
RCSID("$Id: ftpcmd.y,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $");
RCSID("$Id: ftpcmd.y,v 1.1.1.2 2000/12/29 01:42:57 assar Exp $");
off_t restart_point;
@ -577,7 +577,7 @@ cmd
}
| SYST CRLF
{
#if defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY)
#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
reply(215, "UNIX Type: L%d", NBBY);
#else
reply(215, "UNKNOWN Type: L%d", NBBY);
@ -620,7 +620,9 @@ cmd
"%s: not a plain file.", $3);
} else {
struct tm *t;
t = gmtime(&stbuf.st_mtime);
time_t mtime = stbuf.st_mtime;
t = gmtime(&mtime);
reply(213,
"%04d%02d%02d%02d%02d%02d",
t->tm_year + 1900,

13
crypto/dist/krb4/appl/ftp/ftpd/ftpd.c vendored
View File

@ -38,7 +38,7 @@
#endif
#include "getarg.h"
RCSID("$Id: ftpd.c,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $");
RCSID("$Id: ftpd.c,v 1.1.1.2 2000/12/29 01:42:58 assar Exp $");
static char version[] = "Version 6.00";
@ -195,7 +195,6 @@ parse_auth_level(char *str)
* Print usage and die.
*/
static int debug_flag;
static int interactive_flag;
static char *guest_umask_string;
static char *port_string;
@ -216,8 +215,8 @@ struct getargs args[] = {
{ NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" },
{ NULL, 'T', arg_integer, &maxtimeout, "max timeout" },
{ NULL, 'u', arg_string, &umask_string, "umask for user logins" },
{ NULL, 'd', arg_flag, &debug_flag, "enable debugging" },
{ NULL, 'v', arg_flag, &debug_flag, "enable debugging" },
{ NULL, 'd', arg_flag, &debug, "enable debugging" },
{ NULL, 'v', arg_flag, &debug, "enable debugging" },
{ "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" },
{ "version", 0, arg_flag, &version_flag },
{ "help", 'h', arg_flag, &help_flag }
@ -776,7 +775,7 @@ int do_login(int code, char *passwd)
"%s: anonymous/%s",
remotehost,
passwd);
setproctitle(proctitle);
setproctitle("%s", proctitle);
#endif /* HAVE_SETPROCTITLE */
if (logging) {
char data_addr[256];
@ -796,7 +795,7 @@ int do_login(int code, char *passwd)
reply(code, "User %s logged in.", pw->pw_name);
#ifdef HAVE_SETPROCTITLE
snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
setproctitle(proctitle);
setproctitle("%s", proctitle);
#endif /* HAVE_SETPROCTITLE */
if (logging) {
char data_addr[256];
@ -1771,7 +1770,7 @@ dolog(struct sockaddr *sa)
inaddr2str (sin->sin_addr, remotehost, sizeof(remotehost));
#ifdef HAVE_SETPROCTITLE
snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
setproctitle(proctitle);
setproctitle("%s", proctitle);
#endif /* HAVE_SETPROCTITLE */
if (logging) {

2
crypto/dist/krb4/appl/ftp/ftpd/ftpd_locl.h vendored
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: ftpd_locl.h,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $ */
/* $Id: ftpd_locl.h,v 1.1.1.2 2000/12/29 01:42:58 assar Exp $ */
#ifndef __ftpd_locl_h__
#define __ftpd_locl_h__

2
crypto/dist/krb4/appl/ftp/ftpd/gss_userok.c vendored
View File

@ -35,7 +35,7 @@
#include <gssapi.h>
#include <krb5.h>
RCSID("$Id: gss_userok.c,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $");
RCSID("$Id: gss_userok.c,v 1.1.1.2 2000/12/29 01:42:58 assar Exp $");
/* XXX a bit too much of krb5 dependency here...
What is the correct way to do this?

2
crypto/dist/krb4/appl/ftp/ftpd/kauth.c vendored
View File

@ -33,7 +33,7 @@
#include "ftpd_locl.h"
RCSID("$Id: kauth.c,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $");
RCSID("$Id: kauth.c,v 1.1.1.2 2000/12/29 01:42:58 assar Exp $");
static KTEXT_ST cip;
static unsigned int lifetime;

2
crypto/dist/krb4/appl/ftp/ftpd/logwtmp.c vendored
View File

@ -33,7 +33,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: logwtmp.c,v 1.1.1.1 2000/06/16 18:46:19 thorpej Exp $");
RCSID("$Id: logwtmp.c,v 1.1.1.2 2000/12/29 01:42:58 assar Exp $");
#endif
#include <stdio.h>

11
crypto/dist/krb4/appl/ftp/ftpd/ls.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,7 +32,7 @@
#include "ftpd_locl.h"
RCSID("$Id: ls.c,v 1.1.1.1 2000/06/16 18:46:20 thorpej Exp $");
RCSID("$Id: ls.c,v 1.1.1.2 2000/12/29 01:42:59 assar Exp $");
struct fileinfo {
struct stat st;
@ -164,9 +164,10 @@ make_fileinfo(const char *filename, struct fileinfo *file, int flags)
{
time_t t = time(NULL);
struct tm *tm = localtime(&st->st_mtime);
if((t - st->st_mtime > 6*30*24*60*60) ||
(st->st_mtime - t > 6*30*24*60*60))
time_t mtime = st->st_mtime;
struct tm *tm = localtime(&mtime);
if((t - mtime > 6*30*24*60*60) ||
(mtime - t > 6*30*24*60*60))
strftime(buf, sizeof(buf), "%b %e %Y", tm);
else
strftime(buf, sizeof(buf), "%b %e %H:%M", tm);

2
crypto/dist/krb4/appl/ftp/ftpd/popen.c vendored
View File

@ -37,7 +37,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: popen.c,v 1.1.1.1 2000/06/16 18:46:20 thorpej Exp $");
RCSID("$Id: popen.c,v 1.1.1.2 2000/12/29 01:42:59 assar Exp $");
#endif
#include <sys/types.h>

2
crypto/dist/krb4/appl/kauth/Makefile.am vendored
View File

@ -1,4 +1,4 @@
# $Id: Makefile.am,v 1.1.1.1 2000/06/16 18:46:20 thorpej Exp $
# $Id: Makefile.am,v 1.1.1.2 2000/12/29 01:42:51 assar Exp $
include $(top_srcdir)/Makefile.am.common

13
crypto/dist/krb4/appl/kauth/Makefile.in vendored
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.1.1.1 2000/06/16 18:46:20 thorpej Exp $
# $Id: Makefile.in,v 1.1.1.2 2000/12/29 01:42:51 assar Exp $
SHELL = /bin/sh
@ -17,6 +17,7 @@ WFLAGS = @WFLAGS@
LD_FLAGS = @LD_FLAGS@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
LIBS = @LIBS@
MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
@ -28,9 +29,10 @@ bindir = @bindir@
transform=@program_transform_name@
EXECSUFFIX=@EXECSUFFIX@
PROG_BIN = kauth$(EXECSUFFIX) ksrvtgt
PROG_BIN = kauth$(EXECSUFFIX)
SCRIPT_BIN = ksrvtgt
PROG_LIBEXEC = kauthd$(EXECSUFFIX)
PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
PROGS = $(PROG_BIN) $(SCRIPT_BIN) $(PROG_LIBEXEC)
SOURCES_KAUTH = kauth.c rkinit.c
SOURCES_KAUTHD = kauthd.c
@ -58,6 +60,9 @@ install: all
for x in $(PROG_BIN); do \
$(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
done
for x in $(SCRIPT_BIN); do \
$(INSTALL_SCRIPT) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
done
if test -f $(DESTDIR)$(bindir)/zrefresh -o -r $(DESTDIR)$(bindir)/zrefresh; then \
true; \
else \
@ -68,7 +73,7 @@ install: all
done
uninstall:
for x in $(PROG_BIN); do \
for x in $(PROG_BIN) $(SCRIPT_BIN); do \
rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
done
for x in $(PROG_LIBEXEC); do \

2
crypto/dist/krb4/appl/kauth/encdata.c vendored
View File

@ -33,7 +33,7 @@
#include "kauth.h"
RCSID("$Id: encdata.c,v 1.1.1.1 2000/06/16 18:46:20 thorpej Exp $");
RCSID("$Id: encdata.c,v 1.1.1.2 2000/12/29 01:42:52 assar Exp $");
int
write_encrypted (int fd, void *buf, size_t len, des_key_schedule schedule,

2
crypto/dist/krb4/appl/kauth/kauth.c vendored
View File

@ -41,7 +41,7 @@
#include "kauth.h"
RCSID("$Id: kauth.c,v 1.1.1.1 2000/06/16 18:46:20 thorpej Exp $");
RCSID("$Id: kauth.c,v 1.1.1.2 2000/12/29 01:42:52 assar Exp $");
krb_principal princ;
static char srvtab[MaxPathLen];

2
crypto/dist/krb4/appl/kauth/kauth.h vendored
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: kauth.h,v 1.1.1.1 2000/06/16 18:46:20 thorpej Exp $ */
/* $Id: kauth.h,v 1.1.1.2 2000/12/29 01:42:52 assar Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>

10
crypto/dist/krb4/appl/kauth/kauthd.c vendored
View File

@ -33,7 +33,7 @@
#include "kauth.h"
RCSID("$Id: kauthd.c,v 1.1.1.1 2000/06/16 18:46:20 thorpej Exp $");
RCSID("$Id: kauthd.c,v 1.1.1.2 2000/12/29 01:42:52 assar Exp $");
krb_principal princ;
static char locuser[SNAME_SZ];
@ -128,7 +128,7 @@ doit(int sock)
if( kuserok(&auth, locuser) != 0) {
snprintf(buf, sizeof(buf), "%s cannot get tickets for %s",
locuser, krb_unparse_name(&princ));
syslog (LOG_ERR, buf);
syslog (LOG_ERR, "%s", buf);
write_encrypted (sock, buf, strlen(buf), schedule,
&auth.session, &thisaddr, &thataddr);
return 1;
@ -136,7 +136,7 @@ doit(int sock)
passwd = k_getpwnam (locuser);
if (passwd == NULL) {
snprintf (buf, sizeof(buf), "No user '%s'", locuser);
syslog (LOG_ERR, buf);
syslog (LOG_ERR, "%s", buf);
write_encrypted (sock, buf, strlen(buf), schedule,
&auth.session, &thisaddr, &thataddr);
return 1;
@ -145,7 +145,7 @@ doit(int sock)
initgroups(passwd->pw_name, passwd->pw_gid) ||
setuid(passwd->pw_uid)) {
snprintf (buf, sizeof(buf), "Could not change user");
syslog (LOG_ERR, buf);
syslog (LOG_ERR, "%s", buf);
write_encrypted (sock, buf, strlen(buf), schedule,
&auth.session, &thisaddr, &thataddr);
return 1;
@ -182,7 +182,7 @@ doit(int sock)
return 0;
} else {
snprintf (buf, sizeof(buf), "TGT failed: %s", krb_get_err_text(status));
syslog (LOG_NOTICE, buf);
syslog (LOG_NOTICE, "%s", buf);
write_encrypted (sock, buf, strlen(buf), schedule,
&auth.session, &thisaddr, &thataddr);
return 1;

2
crypto/dist/krb4/appl/kauth/ksrvtgt.in vendored
View File

@ -1,5 +1,5 @@
#! /bin/sh
# $Id: ksrvtgt.in,v 1.1.1.1 2000/06/16 18:46:20 thorpej Exp $
# $Id: ksrvtgt.in,v 1.1.1.2 2000/12/29 01:42:52 assar Exp $
usage="Usage: `basename $0` name instance [[realm] srvtab]"

2
crypto/dist/krb4/appl/kauth/marshall.c vendored
View File

@ -33,7 +33,7 @@
#include "kauth.h"
RCSID("$Id: marshall.c,v 1.1.1.1 2000/06/16 18:46:20 thorpej Exp $");
RCSID("$Id: marshall.c,v 1.1.1.2 2000/12/29 01:42:52 assar Exp $");
int
pack_args (char *buf,

2
crypto/dist/krb4/appl/kauth/rkinit.c vendored
View File

@ -33,7 +33,7 @@
#include "kauth.h"
RCSID("$Id: rkinit.c,v 1.1.1.1 2000/06/16 18:46:20 thorpej Exp $");
RCSID("$Id: rkinit.c,v 1.1.1.2 2000/12/29 01:42:52 assar Exp $");
static struct in_addr *
getalladdrs (char *hostname, unsigned *count)

2
crypto/dist/krb4/appl/kauth/zrefresh vendored
View File

@ -1,6 +1,6 @@
#!/bin/sh
#
# @(#) $Id: zrefresh,v 1.1.1.1 2000/06/16 18:46:20 thorpej Exp $
# @(#) $Id: zrefresh,v 1.1.1.2 2000/12/29 01:42:52 assar Exp $
#
# Substitute this script with a real zrefresh if running Zephyr. For
# instance:

22
crypto/dist/krb4/appl/kip/Makefile.in vendored
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.1.1.1 2000/06/16 18:46:20 thorpej Exp $
# $Id: Makefile.in,v 1.1.1.2 2000/12/29 01:42:24 assar Exp $
SHELL = /bin/sh
@ -8,12 +8,13 @@ VPATH = @srcdir@
CC = @CC@
LINK = @LINK@
AR = ar
DEFS = @DEFS@
DEFS = @DEFS@ -DLIBEXECDIR="\"$(libexecdir)\""
CFLAGS = @CFLAGS@ $(WFLAGS)
WFLAGS = @WFLAGS@
LD_FLAGS = @LD_FLAGS@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
LIBS = @LIBS@
MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
@ -27,7 +28,8 @@ EXECSUFFIX=@EXECSUFFIX@
PROG_BIN = kip$(EXECSUFFIX)
PROG_LIBEXEC = kipd$(EXECSUFFIX)
PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
SCRIPT_LIBEXEC = kip-join-network kipd-control
PROGS = $(PROG_BIN) $(PROG_LIBEXEC) $(SCRIPT_LIBEXEC)
SOURCES_KIP = kip.c
SOURCES_KIPD = kipd.c
@ -55,6 +57,9 @@ install: all
for x in $(PROG_LIBEXEC); do \
$(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
done
for x in $(SCRIPT_LIBEXEC); do \
$(INSTALL_SCRIPT) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
done
uninstall:
for x in $(PROG_BIN); do \
@ -63,6 +68,9 @@ uninstall:
for x in $(PROG_LIBEXEC); do \
rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
done
for x in $(SCRIPT_LIBEXEC); do \
rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
done
TAGS: $(SOURCES)
etags $(SOURCES)
@ -91,4 +99,12 @@ kipd$(EXECSUFFIX): $(OBJECTS_KIPD)
$(OBJECTS): ../../include/config.h
kip-join-network: kip-join-network.in
sed -e "s!%bindir%!$(bindir)!" $(srcdir)/kip-join-network.in > $@
chmod +x $@
kipd-control: kipd-control.in
sed -e "s!%bindir%!$(bindir)!" $(srcdir)/kipd-control.in > $@
chmod +x $@
.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean

145
crypto/dist/krb4/appl/kip/common.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,10 @@
#include "kip.h"
RCSID("$Id: common.c,v 1.1.1.1 2000/06/16 18:46:21 thorpej Exp $");
RCSID("$Id: common.c,v 1.1.1.2 2000/12/29 01:42:24 assar Exp $");
sig_atomic_t disconnect = 0;
int isserver = 0;
/*
* Copy packets from `tundev' to `netdev' or vice versa.
@ -56,16 +59,23 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
memcpy (&iv1, iv, sizeof(iv1));
memcpy (&iv2, iv, sizeof(iv2));
for (;;) {
while(!disconnect) {
fd_set fdset;
int ret, len;
if (tundev >= FD_SETSIZE || netdev >= FD_SETSIZE) {
warnx ("fd too large");
return 1;
}
FD_ZERO(&fdset);
FD_SET(tundev, &fdset);
FD_SET(netdev, &fdset);
ret = select (max(tundev, netdev)+1, &fdset, NULL, NULL, NULL);
if (ret < 0 && errno != EINTR) {
if (ret < 0) {
if (errno == EINTR)
continue;
warn ("select");
return 1;
}
@ -107,6 +117,21 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
des_cfb64_encrypt (buf, buf, 2, schedule,
&iv2, &num2, DES_DECRYPT);
len = (buf[0] << 8 ) | buf[1];
if (len > mtu) {
fatal (-1, "buffer too large", schedule, &iv2);
return -1;
}
if (len == 0) {
len = read (netdev, buf, mtu);
if (len < 1)
len = 1;
buf[len-1] = '\0';
fatal (-1, buf, schedule, &iv2);
return -1;
}
ret = krb_net_read (netdev, buf + 2, len);
if (ret == 0)
return 0;
@ -127,6 +152,7 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
}
}
}
return 0;
}
/*
@ -148,18 +174,19 @@ childhandler (int sig)
/*
* Find a free tunnel device and open it.
* Return the interface name in `name, len'.
*/
int
tunnel_open (void)
tunnel_open (char *name, size_t len)
{
int fd;
int i;
char name[64];
char devname[256];
for (i = 0; i < 256; ++i) {
snprintf (name, sizeof(name), "%s%s%d", _PATH_DEV, TUNDEV, i);
fd = open (name, O_RDWR, 0);
snprintf (devname, len, "%s%s%d", _PATH_DEV, TUNDEV, i);
fd = open (devname, O_RDWR, 0);
if (fd >= 0)
break;
if (errno == ENOENT || errno == ENODEV) {
@ -169,5 +196,107 @@ tunnel_open (void)
}
if (fd < 0)
warn("open %s" ,name);
else
snprintf (name, len, "%s%d", TUNDEV, i);
return fd;
}
/*
* run the command `cmd' with (...). return 0 if succesful or error
* otherwise (and copy an error messages into `msg, len')
*/
int
kip_exec (const char *cmd, char *msg, size_t len, ...)
{
pid_t pid;
char **argv;
va_list ap;
va_start(ap, len);
argv = vstrcollect(&ap);
va_end(ap);
pid = fork();
switch (pid) {
case -1:
snprintf (msg, len, "fork: %s", strerror(errno));
return errno;
case 0: {
int fd = open (_PATH_DEVNULL, O_RDWR, 0600);
if (fd < 0) {
snprintf (msg, len, "open " _PATH_DEVNULL ": %s", strerror(errno));
return errno;
}
close (STDIN_FILENO);
close (STDOUT_FILENO);
close (STDERR_FILENO);
dup2 (fd, STDIN_FILENO);
dup2 (fd, STDOUT_FILENO);
dup2 (fd, STDERR_FILENO);
execvp (cmd, argv);
snprintf (msg, len, "execvp %s: %s", cmd, strerror(errno));
return errno;
}
default: {
int status;
while (waitpid(pid, &status, 0) < 0)
if (errno != EINTR) {
snprintf (msg, len, "waitpid: %s", strerror(errno));
return errno;
}
if (WIFEXITED(status)) {
if (WEXITSTATUS(status) == 0) {
return 0;
} else {
snprintf (msg, len, "child returned with %d",
WEXITSTATUS(status));
return 1;
}
} else if (WIFSIGNALED(status)) {
#ifndef WCOREDUMP
#define WCOREDUMP(X) 0
#endif
snprintf (msg, len, "terminated by signal num %d %s",
WTERMSIG(status),
WCOREDUMP(status) ? " coredumped" : "");
return 1;
} else if (WIFSTOPPED(status)) {
snprintf (msg, len, "process stoped by signal %d",
WSTOPSIG(status));
return 1;
} else {
snprintf (msg, len, "child died in mysterious circumstances");
return 1;
}
}
}
}
/*
* fatal error `s' occured.
*/
void
fatal (int fd, const char *s, des_key_schedule schedule, des_cblock *iv)
{
int16_t err = 0;
int num = 0;
if (fd != -1) {
des_cfb64_encrypt ((unsigned char*) &err, (unsigned char*) &err,
sizeof(err), schedule, iv, &num, DES_ENCRYPT);
write (fd, &err, sizeof(err));
write (fd, s, strlen(s)+1);
}
if (isserver)
syslog(LOG_ERR, "%s", s);
else
warnx ("fatal error: %s", s);
}

53
crypto/dist/krb4/appl/kip/kip-join-network.in vendored Normal file
View File

@ -0,0 +1,53 @@
#!/bin/sh
# $Id: kip-join-network.in,v 1.1.1.1 2000/12/29 01:42:24 assar Exp $
#
# Join a network, see kipd-control from more comments.
#
PATH=/usr/sbin:/sbin:/usr/bin:/bin:%bindir%
endpointhost=130.237.43.201
thispointhost=130.237.43.17
fakepoint=10.0.0.1
dev=tun0
case $# in
0)
modprobe tun
def=$(route -n | awk '$1 ~ /0.0.0.0/ && $3 ~ /0.0.0.0/ { print $2 }')
if test "X$def" = "X" ; then
echo "missing default route"
exit 1
fi
exec kip -c $0 -a $def $endpointhost
;;
*)
state=$1
dev=$2
host=$3
arg=$4
case $state in
up)
ifconfig $dev $thispointhost pointopoint $fakepoint
route delete default
route add -host $endpointhost gw $arg
route add default gw $fakepoint
;;
down)
echo $dev $arg > /tmp/kip-down
ifconfig $dev down
route delete default
route delete $endpointhost
route add default gw $arg
;;
*)
exit 17
;;
esac
esac

127
crypto/dist/krb4/appl/kip/kip.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,14 +33,31 @@
#include "kip.h"
RCSID("$Id: kip.c,v 1.1.1.1 2000/06/16 18:46:21 thorpej Exp $");
RCSID("$Id: kip.c,v 1.1.1.2 2000/12/29 01:42:24 assar Exp $");
static void
usage(void)
static char *cmd_str = NULL;
static char *arg_str = NULL;
static char *port_str = NULL;
static int version_flag = 0;
static int help_flag = 0;
struct getargs args[] = {
{ "port", 'p', arg_string, &port_str, "Use this port",
"port" },
{ "cmd", 'c', arg_string, &cmd_str,
"command to run when starting", "cmd"},
{ "arg", 'a', arg_string, &arg_str,
"argument to above command", "arg"},
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
static RETSIGTYPE
disconnecthandler (int sig)
{
fprintf (stderr, "Usage: %s host\n",
__progname);
exit (1);
disconnect = 1;
SIGRETURN(0);
}
/*
@ -48,7 +65,8 @@ usage(void)
*/
static int
connect_host (char *host, des_cblock *key, des_key_schedule schedule)
connect_host (char *host, int port,
des_cblock *key, des_key_schedule schedule)
{
CREDENTIALS cred;
KTEXT_ST text;
@ -70,7 +88,7 @@ connect_host (char *host, des_cblock *key, des_key_schedule schedule)
memset (&thataddr, 0, sizeof(thataddr));
thataddr.sin_family = AF_INET;
thataddr.sin_port = k_getportbyname ("kip", "tcp", htons(KIPPORT));
thataddr.sin_port = port;
for(p = hostent->h_addr_list; *p; ++p) {
memcpy (&thataddr.sin_addr, *p, sizeof(thataddr.sin_addr));
@ -139,19 +157,50 @@ connect_host (char *host, des_cblock *key, des_key_schedule schedule)
*/
static int
doit (char *host)
doit (char *host, int port)
{
char tun_if_name[64];
des_key_schedule schedule;
des_cblock iv;
int other, this;
int other, this, ret;
other = connect_host (host, &iv, schedule);
other = connect_host (host, port, &iv, schedule);
if (other < 0)
return 1;
this = tunnel_open ();
this = tunnel_open (tun_if_name, sizeof(tun_if_name));
if (this < 0)
return 1;
return copy_packets (this, other, TUNMTU, &iv, schedule);
if (cmd_str) {
char buf[1024];
ret = kip_exec (cmd_str, buf, sizeof(buf),
"kip-control", "up", tun_if_name, host, arg_str,
NULL);
if (ret)
errx (1, "%s (up) failed: %s", cmd_str, buf);
}
ret = copy_packets (this, other, TUNMTU, &iv, schedule);
if (cmd_str) {
char buf[1024];
ret = kip_exec (cmd_str, buf, sizeof(buf),
"kip-control", "down", tun_if_name, host, arg_str,
NULL);
if (ret)
errx (1, "%s (down) failed: %s", cmd_str, buf);
}
return 0;
}
static void
usage(int ret)
{
arg_printusage (args,
sizeof(args) / sizeof(args[0]),
NULL,
"hostname");
exit (ret);
}
/*
@ -162,9 +211,51 @@ doit (char *host)
int
main(int argc, char **argv)
{
set_progname (argv[0]);
int port;
int optind = 0;
char *hostname;
if (argc != 2)
usage ();
return doit (argv[1]);
set_progname (argv[0]);
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
&optind))
usage (1);
if (help_flag)
usage (0);
if (version_flag) {
print_version (NULL);
return 0;
}
argv += optind;
argc -= optind;
if (argc != 1)
usage (1);
hostname = argv[0];
if(port_str) {
struct servent *s = roken_getservbyname (port_str, "tcp");
if (s)
port = s->s_port;
else {
char *ptr;
port = strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
errx (1, "bad port `%s'", port_str);
port = htons(port);
}
} else {
port = k_getportbyname ("kip", "tcp", htons(KIPPORT));
}
signal (SIGCHLD, childhandler);
signal (SIGHUP, disconnecthandler);
signal (SIGTERM, disconnecthandler);
return doit (hostname, port);
}

26
crypto/dist/krb4/appl/kip/kip.h vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: kip.h,v 1.1.1.1 2000/06/16 18:46:21 thorpej Exp $ */
/* $Id: kip.h,v 1.1.1.2 2000/12/29 01:42:24 assar Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@ -44,7 +44,6 @@
#include <errno.h>
#include <pwd.h>
#include <signal.h>
#include <paths.h>
#include <fcntl.h>
#ifdef HAVE_SYSLOG_H
#include <syslog.h>
@ -72,14 +71,20 @@
#include <netinet/tcp.h>
#endif
#include <netdb.h>
#ifdef HAVE_SYS_SOCKIO_H
#include <sys/sockio.h>
#endif
#include <net/if.h>
#ifdef HAVE_NET_IF_VAR_H
#include <net/if_var.h>
#endif
#ifdef HAVE_NET_IF_TUN_H
#include <net/if_tun.h>
#endif
#include <err.h>
#include <getarg.h>
#ifdef SOCKS
#include <socks.h>
#endif
@ -90,6 +95,10 @@
#define TUNDEV "tun"
#ifndef TUNMTU
#define TUNMTU 1500 /* everything is ethernet :) */
#endif
#define KIPPORT 2112
#define KIP_VERSION "KIPSRV.0"
@ -100,5 +109,14 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
RETSIGTYPE childhandler (int);
extern sig_atomic_t disconnect;
extern int isserver;
int
tunnel_open (void);
tunnel_open (char *, size_t);
void
fatal (int fd, const char *s, des_key_schedule schedule, des_cblock *iv);
int
kip_exec (const char *cmd, char *msg, size_t len, ...);

54
crypto/dist/krb4/appl/kip/kipd-control.in vendored Normal file
View File

@ -0,0 +1,54 @@
#!/bin/sh
#
# $Id: kipd-control.in,v 1.1.1.1 2000/12/29 01:42:24 assar Exp $
#
# Simple example how you can missuse kip to provide "mobile-ip".
# This is since there is no way to tunnel ip over udp or any other
# protocol. There is also problems to get thru firewalls and NATs
# with mobile-ip since (today) they usully doesn't support IPIP or
# GRE.
#
# All commands are for linux (redhat6.1) but it should be quite
# simple to fix it to support other OS.
#
PATH=/sbin:/usr/sbin:/usr/bin:/bin
# arguments are: [up|down] dev remote-peer-addr user
state=$1
dev=$2
remote=$3
user=$4
outdevice=eth0
case "$state" in
up)
case "$user" in
lha.root@E.KTH.SE)
ifconfig $dev 10.0.0.1 pointopoint 130.237.43.17
route add -host 130.237.43.17 gw 10.0.0.1
arp -H ether -i $outdevice \
-s 130.237.43.17 00:80:c8:82:83:61 pub
;;
esac
;;
down)
case "$user" in
lha.root@E.KTH.SE)
ifconfig $dev 0.0.0.0
ifconfig $dev down
arp -i $outdevice -d 130.237.43.17
arp -d 130.237.43.17
true
;;
*)
ifconfig $dev down
;;
esac
;;
*)
exit 17
;;
esac

129
crypto/dist/krb4/appl/kip/kipd.c vendored
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,22 +33,11 @@
#include "kip.h"
RCSID("$Id: kipd.c,v 1.1.1.1 2000/06/16 18:46:21 thorpej Exp $");
static int
fatal (int fd, char *s)
{
u_char err = 1;
write (fd, &err, sizeof(err));
write (fd, s, strlen(s)+1);
syslog(LOG_ERR, s);
return err;
}
RCSID("$Id: kipd.c,v 1.1.1.2 2000/12/29 01:42:24 assar Exp $");
static int
recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
struct sockaddr_in *retaddr)
struct sockaddr_in *retaddr, char *user, size_t len)
{
int status;
KTEXT_ST ticket;
@ -80,13 +69,21 @@ recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
return 1;
}
passwd = k_getpwnam ("root");
if (passwd == NULL)
return fatal (sock, "Cannot find root");
if (kuserok(&auth, "root") != 0)
return fatal (sock, "Permission denied");
if (passwd == NULL) {
fatal (sock, "Cannot find root", schedule, &auth.session);
return 1;
}
if (kuserok(&auth, "root") != 0) {
fatal (sock, "Permission denied", schedule, &auth.session);
return 1;
}
if (write (sock, &ok, sizeof(ok)) != sizeof(ok))
return 1;
snprintf (user, len, "%s%s%s@%s", auth.pname,
auth.pinst[0] != '\0' ? "." : "",
auth.pinst, auth.prealm);
memcpy(key, &auth.session, sizeof(des_cblock));
*retaddr = thataddr;
return 0;
@ -95,17 +92,64 @@ recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
static int
doit(int sock)
{
char msg[1024];
char cmd[MAXPATHLEN];
char tun_if_name[64];
char user[MAX_K_NAME_SZ];
struct sockaddr_in thataddr;
des_key_schedule schedule;
des_cblock key;
int this;
int this, ret, ret2;
if (recv_conn (sock, &key, schedule, &thataddr))
isserver = 1;
if (recv_conn (sock, &key, schedule, &thataddr, user, sizeof(user)))
return 1;
this = tunnel_open ();
this = tunnel_open (tun_if_name, sizeof(tun_if_name));
if (this < 0)
fatal (sock, "Cannot open " _PATH_DEV TUNDEV);
return copy_packets (this, sock, TUNMTU, &key, schedule);
fatal (sock, "Cannot open " _PATH_DEV TUNDEV, schedule, &key);
strlcpy(cmd, LIBEXECDIR "/kipd-control", sizeof(cmd));
ret = kip_exec (cmd, msg, sizeof(msg), "kipd-control",
"up", tun_if_name, inet_ntoa(thataddr.sin_addr), user,
NULL);
if (ret) {
fatal (sock, msg, schedule, &key);
return -1;
}
ret = copy_packets (this, sock, TUNMTU, &key, schedule);
ret2 = kip_exec (cmd, msg, sizeof(msg), "kipd-control",
"down", tun_if_name, user, NULL);
if (ret2)
syslog(LOG_ERR, "%s", msg);
return ret;
}
static char *port_str = NULL;
static int inetd_flag = 1;
static int version_flag = 0;
static int help_flag = 0;
struct getargs args[] = {
{ "inetd", 'i', arg_negative_flag, &inetd_flag,
"Not started from inetd" },
{ "port", 'p', arg_string, &port_str, "Use this port",
"port" },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
static void
usage(int ret)
{
arg_printusage (args,
sizeof(args) / sizeof(args[0]),
NULL,
"");
exit (ret);
}
/*
@ -115,9 +159,44 @@ doit(int sock)
int
main (int argc, char **argv)
{
set_progname (argv[0]);
int port;
int optind = 0;
set_progname (argv[0]);
roken_openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON);
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
&optind))
usage (1);
if (help_flag)
usage (0);
if (version_flag) {
print_version (NULL);
return 0;
}
if(port_str) {
struct servent *s = roken_getservbyname (port_str, "tcp");
if (s)
port = s->s_port;
else {
char *ptr;
port = strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
errx (1, "bad port `%s'", port_str);
port = htons(port);
}
} else {
port = k_getportbyname ("kip", "tcp", htons(KIPPORT));
}
if (!inetd_flag)
mini_inetd (port);
signal (SIGCHLD, childhandler);
return doit(0);
return doit(STDIN_FILENO);
}

2
crypto/dist/krb4/appl/kx/Makefile.am vendored
View File

@ -1,4 +1,4 @@
# $Id: Makefile.am,v 1.1.1.1 2000/06/16 18:46:32 thorpej Exp $
# $Id: Makefile.am,v 1.1.1.2 2000/12/29 01:42:49 assar Exp $
include $(top_srcdir)/Makefile.am.common

15
crypto/dist/krb4/appl/kx/Makefile.in vendored
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.1.1.1 2000/06/16 18:46:32 thorpej Exp $
# $Id: Makefile.in,v 1.1.1.2 2000/12/29 01:42:49 assar Exp $
SHELL = /bin/sh
@ -18,6 +18,7 @@ CPPFLAGS= $(XINCS)
LD_FLAGS = @LD_FLAGS@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
LN_S = @LN_S@
LIBS = $(XLIBS) @LIBS@
MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
@ -33,12 +34,14 @@ bindir = @bindir@
transform=@program_transform_name@
EXECSUFFIX=@EXECSUFFIX@
X_PROGS_BIN = kx$(EXECSUFFIX) rxterm rxtelnet tenletxr
X_PROGS_BIN = kx$(EXECSUFFIX)
X_SCRIPTS_BIN = rxterm rxtelnet tenletxr
X_PROGS_LIBEXEC = kxd$(EXECSUFFIX)
PROG_BIN = @MAKE_X_PROGS_BIN@
SCRIPTS_BIN = @MAKE_X_SCRIPTS_BIN@
PROG_LIBEXEC = @MAKE_X_PROGS_LIBEXEC@
PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
PROGS = $(PROG_BIN) $(SCRIPTS_BIN) $(PROG_LIBEXEC)
WRITEAUTH = @NEED_WRITEAUTH_TRUE@ writeauth.o
@ -65,6 +68,9 @@ install: all
PROG_BIN='$(PROG_BIN)'; for x in $$PROG_BIN; do \
$(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
done
SCRIPTS_BIN='$(SCRIPTS_BIN)'; for x in $$SCRIPTS_BIN; do \
$(INSTALL_SCRIPT) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
done
PROG_LIBEXEC='$(PROG_LIBEXEC)'; for x in $$PROG_LIBEXEC; do \
$(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
done
@ -73,6 +79,9 @@ uninstall:
PROG_BIN='$(PROG_BIN)'; for x in $$PROG_BIN; do \
rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
done
SCRIPTS_BIN='$(SCRIPTS_BIN)'; for x in $$SCRIPTS_BIN; do \
rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
done
PROG_LIBEXEC='$(PROG_LIBEXEC)'; for x in $$PROG_LIBEXEC; do \
rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
done

Some files were not shown because too many files have changed in this diff Show More