From 1982ee69fdfc44dcd1e011ac5cd45fd614f5cdae Mon Sep 17 00:00:00 2001
From: Garrett Wollman <wollman@FreeBSD.org>
Date: Tue, 29 Apr 1997 17:46:27 +0000
Subject: [PATCH] Implement Kerberized rcmd for rdump/rrestore.   This is
 lacking  the options one would normally expect to set the realm, enable
 encryption, and whatnot, but this actually is able to contact the remote
 server, so at least it's a start.  (As a bonus, the stripped static binary is
 unquestionably exportable.)

---
 sbin/dump/Makefile    |  7 +++++++
 sbin/dump/dump.8      |  9 +++++++--
 sbin/dump/dumprmt.c   | 20 +++++++++++++++-----
 sbin/dump/main.c      | 25 +++++++++++++++++++++----
 sbin/restore/Makefile |  7 +++++++
 sbin/restore/main.c   | 23 +++++++++++++++++------
 6 files changed, 74 insertions(+), 17 deletions(-)

diff --git a/sbin/dump/Makefile b/sbin/dump/Makefile
index 0912d8ddb313..764a7d6e763f 100644
--- a/sbin/dump/Makefile
+++ b/sbin/dump/Makefile
@@ -22,4 +22,11 @@ BINMODE=2555
 MAN8=	dump.8
 MLINKS+=dump.8 rdump.8
 
+.if exists(${DESTDIR}/usr/lib/libkrb.a) && defined(MAKE_EBONES)
+.PATH:	${.CURDIR}/../../usr.bin/rlogin
+SRCS+=	krcmd.c kcmd.c
+LDADD+=	-lkrb -ldes
+CFLAGS+=-DKERBEROS
+.endif
+
 .include <bsd.prog.mk>
diff --git a/sbin/dump/dump.8 b/sbin/dump/dump.8
index c7a5be8c31ad..b05d1da10f80 100644
--- a/sbin/dump/dump.8
+++ b/sbin/dump/dump.8
@@ -31,7 +31,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     @(#)dump.8	8.3 (Berkeley) 5/1/95
-.\"	$Id: dump.8,v 1.13 1997/03/11 12:09:31 peter Exp $
+.\"	$Id: dump.8,v 1.14 1997/03/15 06:23:57 peter Exp $
 .\"
 .Dd May 1, 1995
 .Dt DUMP 8
@@ -41,7 +41,7 @@
 .Nd filesystem backup
 .Sh SYNOPSIS
 .Nm dump
-.Op Fl 0123456789acnu
+.Op Fl 0123456789acknu
 .Op Fl B Ar records
 .Op Fl b Ar blocksize
 .Op Fl d Ar density
@@ -164,6 +164,11 @@ program is
 .Pa /etc/rmt ;
 this can be overridden by the environment variable
 .Ev RMT .
+.It Fl k
+Use Kerberos authentication to talk to remote tape servers.  (Only
+available if this option was enabled when
+.Nm dump
+was compiled.)
 .It Fl n
 Whenever
 .Nm dump
diff --git a/sbin/dump/dumprmt.c b/sbin/dump/dumprmt.c
index 59597897d5ce..0be78667984e 100644
--- a/sbin/dump/dumprmt.c
+++ b/sbin/dump/dumprmt.c
@@ -83,9 +83,12 @@ static	int rmtgetb __P((void));
 static	void rmtgetconn __P((void));
 static	void rmtgets __P((char *, int));
 static	int rmtreply __P((char *));
+#ifdef KERBEROS
+int	krcmd __P((char **, int /*u_short*/, char *, char *, int *, char *));
+#endif
 
 static	int errfd = -1;
-
+extern	int dokerberos;
 extern	int ntrec;		/* blocking factor on tape */
 
 int
@@ -147,9 +150,10 @@ rmtgetconn()
 	int throughput;
 
 	if (sp == NULL) {
-		sp = getservbyname("shell", "tcp");
+		sp = getservbyname(dokerberos ? "kshell" : "shell", "tcp");
 		if (sp == NULL) {
-			msg("shell/tcp: unknown service\n");
+			msg("%s/tcp: unknown service\n",
+			    dokerberos ? "kshell" : "shell");
 			exit(X_ABORT);
 		}
 		pwd = getpwuid(getuid());
@@ -169,8 +173,14 @@ rmtgetconn()
 	if ((rmt = getenv("RMT")) == NULL)
 		rmt = _PATH_RMT;
 	msg("");
-	rmtape = rcmd(&rmtpeer, (u_short)sp->s_port, pwd->pw_name, tuser,
-	    rmt, &errfd);
+#ifdef KERBEROS
+	if (dokerberos)
+		rmtape = krcmd(&rmtpeer, sp->s_port, tuser, rmt, &errfd,
+			       (char *)0);
+	else
+#endif
+		rmtape = rcmd(&rmtpeer, (u_short)sp->s_port, pwd->pw_name,
+			      tuser, rmt, &errfd);
 	if (rmtape < 0) {
 		msg("login to %s as %s failed.\n", rmtpeer, tuser);
 		return;
diff --git a/sbin/dump/main.c b/sbin/dump/main.c
index 5257efb7478a..1b6553bc7ea3 100644
--- a/sbin/dump/main.c
+++ b/sbin/dump/main.c
@@ -79,6 +79,7 @@ int	tapeno = 0;	/* current tape number */
 int	density = 0;	/* density in bytes/0.1" " <- this is for hilit19 */
 int	ntrec = NTREC;	/* # tape blocks in each tape record */
 int	cartridge = 0;	/* Assume non-cartridge tape */
+int	dokerberos = 0;	/* Use Kerberos authentication */
 long	dev_bsize = 1;	/* recalculated below */
 long	blocksperfile;	/* output blocks per file */
 char	*host = NULL;	/* remote host (if any) */
@@ -117,7 +118,13 @@ main(argc, argv)
 		usage();
 
 	obsolete(&argc, &argv);
-	while ((ch = getopt(argc, argv, "0123456789aB:b:cd:f:h:ns:T:uWw")) != -1)
+#ifdef KERBEROS
+#define optstring "0123456789aB:b:cd:f:h:kns:T:uWw"
+#else
+#define optstring "0123456789aB:b:cd:f:h:ns:T:uWw"
+#endif
+	while ((ch = getopt(argc, argv, optstring)) != -1)
+#undef optstring
 		switch (ch) {
 		/* dump level */
 		case '0': case '1': case '2': case '3': case '4':
@@ -171,6 +178,12 @@ main(argc, argv)
 			honorlevel = numarg("honor level", 0L, 10L);
 			break;
 
+#ifdef KERBEROS
+		case 'k':
+			dokerberos = 1;
+			break;
+#endif
+
 		case 'n':		/* notify operators */
 			notify = 1;
 			break;
@@ -481,9 +494,13 @@ main(argc, argv)
 static void
 usage()
 {
-
-	(void)fprintf(stderr, "usage: dump [-0123456789acnu] [-B records] [-b blocksize] [-d density] [-f file]\n            [-h level] [-s feet] [-T date] filesystem\n");
-	(void)fprintf(stderr, "       dump [-W | -w]\n");
+	fprintf(stderr, "usage: dump [-0123456789ac"
+#ifdef KERBEROS
+		"k"
+#endif
+		"nu] [-B records] [-b blocksize] [-d density] [-f file]\n"
+		"		[-h level] [-s feet] [-T date] filesystem\n"
+		"	dump [-W | -w]\n");
 	exit(1);
 }
 
diff --git a/sbin/restore/Makefile b/sbin/restore/Makefile
index 916e6f009490..65f0d5594622 100644
--- a/sbin/restore/Makefile
+++ b/sbin/restore/Makefile
@@ -12,4 +12,11 @@ MAN8=	restore.8
 MLINKS+=restore.8 rrestore.8
 .PATH:	${.CURDIR}/../dump
 
+.if exists(${DESTDIR}/usr/lib/libkrb.a) && defined(MAKE_EBONES)
+.PATH:	${.CURDIR}/../../usr.bin/rlogin
+SRCS+=	krcmd.c kcmd.c
+LDADD+=	-lkrb -ldes
+CFLAGS+=-DKERBEROS
+.endif
+
 .include <bsd.prog.mk>
diff --git a/sbin/restore/main.c b/sbin/restore/main.c
index dbb895b1afd2..6cb87d8e1327 100644
--- a/sbin/restore/main.c
+++ b/sbin/restore/main.c
@@ -62,6 +62,7 @@ static char sccsid[] = "@(#)main.c	8.6 (Berkeley) 5/4/95";
 
 int	bflag = 0, cvtflag = 0, dflag = 0, vflag = 0, yflag = 0;
 int	hflag = 1, mflag = 1, Nflag = 0;
+int	dokerberos = 0;
 char	command = '\0';
 long	dumpnum = 1;
 long	volno = 0;
@@ -96,7 +97,12 @@ main(argc, argv)
 	if ((inputdev = getenv("TAPE")) == NULL)
 		inputdev = _PATH_DEFTAPE;
 	obsolete(&argc, &argv);
-	while ((ch = getopt(argc, argv, "b:cdf:himNRrs:tvxy")) != -1)
+#ifdef KERBEROS
+#define	optlist "b:cdf:hikmNRrs:tvxy"
+#else
+#define	optlist "b:cdf:himNRrs:tvxy"
+#endif
+	while ((ch = getopt(argc, argv, optlist)) != -1)
 		switch(ch) {
 		case 'b':
 			/* Change default tape blocksize. */
@@ -119,6 +125,11 @@ main(argc, argv)
 		case 'h':
 			hflag = 0;
 			break;
+#ifdef KERBEROS
+		case 'k':
+			dokerberos = 1;
+			break;
+#endif
 		case 'i':
 		case 'R':
 		case 'r':
@@ -278,11 +289,11 @@ static void
 usage()
 {
 	(void)fprintf(stderr, "usage:\t%s\n\t%s\n\t%s\n\t%s\n\t%s\n",
-	  "restore -i [-chmvy] [-b blocksize] [-f file] [-s fileno]",
-	  "restore -r [-cvy] [-b blocksize] [-f file] [-s fileno]",
-	  "restore -R [-cvy] [-b blocksize] [-f file] [-s fileno]",
-	  "restore -x [-chmvy] [-b blocksize] [-f file] [-s fileno] [file ...]",
-	  "restore -t [-chvy] [-b blocksize] [-f file] [-s fileno] [file ...]");
+	  "restore -i [-chkmvy] [-b blocksize] [-f file] [-s fileno]",
+	  "restore -r [-ckvy] [-b blocksize] [-f file] [-s fileno]",
+	  "restore -R [-ckvy] [-b blocksize] [-f file] [-s fileno]",
+	  "restore -x [-chkmvy] [-b blocksize] [-f file] [-s fileno] [file ...]",
+	  "restore -t [-chkvy] [-b blocksize] [-f file] [-s fileno] [file ...]");
 	done(1);
 }