mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-17 15:27:36 +00:00
Code Issues Releases Activity

This commit was generated by cvs2svn to compensate for changes in r55643,

Browse Source 
which included commits to RCS files with non-trunk default branches.
This commit is contained in:
Mark Murray 2000-01-09 08:31:47 +00:00
commit 38392ffddd
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=55644
358 changed files with 14251 additions and 4137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
crypto/kerberosIV/COPYRIGHT
View File

@ -13,12 +13,7 @@ are met:
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by the Kungliga Tekniska
Högskolan and its contributors.
4. Neither the name of the Institute nor the names of its contributors
3. Neither the name of the Institute nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.

169
crypto/kerberosIV/ChangeLog
View File

@ -1,43 +1,168 @@
1999-08-22
1999-11-29
* release 0.10
* lib/krb/krb-protos.h (tf_get_cred_addr): add prototype
* lib/krb/tf_util.c (tf_get_cred_addr): new function for fetching
the NAT addresses stored in the ticket file. From
<thn@stacken.kth.se>
* configure.in (VERSION): bump to 0.10
* kuser/klist.c (display_tktfile): dump the IP address being used
when in NAT-mode. From <thn@stacken.kth.se>
1999-08-19
1999-11-25
* release 0.10pre5
* appl/bsd/rlogind.c (main): getopt returns -1 and not EOF. From
<art@stacken.kth.se>
* configure.in (VERSION): bump to 0.10pre5
* lib/krb/krb_ip_realm.c (krb_add_our_ip_for_realm): new function
for obtaining the IP address that the KDC sees us as coming from.
From <thn@stacken.kth.se>
* lib/krb/tf_util.c (tf_get_addr, tf_store_addr): new functions
for storing the NAT-ed address per realm
(tf_get_cred): make sure to ignore all magic credentials
* lib/krb/get_in_tkt.c (krb_get_pw_in_tkt2): if using NAT, store
the address the the KDC saw. (krb_add_our_ip_for_realm)
* lib/krb/send_to_kdc.c: rewrite some. Make sure that we do not
do any hostname lookups when using http through a proxy (the proxy
is supposed to do that in the `real' name-space).
1999-11-19
* appl/bsd/rcmd_util.c (conv): add EXTA and EXTB
Tue Nov 16 1999
* lib/krb/defaults.c (krb_get_default_keyfile): Get value of
KEYFILE from /etc/krb.extra.
1999-11-13
* **/*.c (main): getopt returns -1 not EOF. From
<art@stacken.kth.se>
* configure.in: check for fields in `struct tm' and variable
`timezone', used by strftime
* configure.in (AC_BROKEN): strptime is a new function in roken
opt*: more header files for the tests
Tue Nov 2 1999
* lib/krb/krb.h (TKT_ROOT): Change the definition of TKT_ROOT to a
function call. The returned value is settable in /etc/krb.extra
with the construct krb_default_tkt_root = /tmp/tkt_.
1999-10-06
* lib/krb/verify_user.c: remove ERICSSON_COMPAT, it's apparently
no longer needed
Mon Oct 4 1999
* appl/bsd/klogin.c (multiple_get_tkt): Must use appropiate realm
name when calling krb_get_pw_in_tkt or else you will receive an
inter-realm TGT.
1999-10-03
* doc/problems.texi: add blurb about irix abi:s
1999-09-27
* lib/krb/tf_util.c (tf_init): cygwin work-around
1999-09-16
* configure.in: test for strlcpy, strlcat
* admin/kdb_util.c (main): support `-' as an alias for stdout.
originally from Fredrik Ljungberg <flag@astrogator.se>
1999-09-15
* include/Makefile.in: remove duplicate parse_time.h
* kadmin/ksrvutil_get.c (get_srvtab_ent): better error messages
1999-09-12
* configure.in: revert back awk test, now worked around in
roken.awk
1999-09-06
* doc/problems.texi: document a really working fix for the xlc
-qnolm bug
1999-09-04
* doc/problems.texi: comment about xlc -E brokenness
1999-09-01
* lib/krb/get_krbrlm.c (krb_get_lrealm_f): treat n = 0 the same as
if it were 1 (this should make it backwards compatible with apps
that pass 0 for n)
1999-08-25
* appl/bsd/login.c: surround SGI capability stuff with
`defined(HAVE_CAP_SET_PROC)'
1999-08-24
* kadmin/kadmin.c (add_new_key): add missing space when printing
generated passwords. bug reported by Per Eriksson DMC
<perixon@dsv.su.se>
* lib/krb/verify_user.c (krb_verify_user_srvtab): return last
error instead of KFAILURE when everything fails.
* appl/bsd/klogin.c (multiple_get_tkt): return last error instead
of KFAILURE when everything fails.
1999-08-18
* release 0.10pre4
* doc/problems.texi: some y2k stuff
* configure.in (VERSION): bump to 0.10pre4
* doc/kth-krb.texi: update copyright, and menu
1999-08-16
* doc/intro.texi: remove unix-system section, since it's
impossible to keep up to date
* release 0.10pre3
1999-08-13
* configure.in (VERSION): bump to 0.10pre3
* configure.in: test for inet_pton include <sys/types.h> in all
utmp tests
1999-07-27
* configure.in: test for struct sockaddr_storage and sa_family
brokenize inet_ntop
1999-07-24
* kadmin/ksrvutil_get.c (get_srvtab_ent): try to print better
error messages
* configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \#
in lib/roken/roken.awk
1999-07-22
* release 0.10pre2
* configure.in (VERSION): bump to 0.10pre2
* acconfig.h (SunOS): remove definition
* configure.in: define SunOS to xy for SunOS x.y
1999-07-08
1999-07-19
* Release 0.10pre1.
* configure.in (AC_BROKEN): check for copyhostent, freehostent,
getipnodebyname, getipnodebyaddr
* configure.in (VERSION): bump to 0.10pre1
1999-07-13
* configure.in: use AC_FUNC_GETLOGIN
1999-07-07
@ -116,6 +241,12 @@
* lib/krb/send_to_kdc.c (http_recv): handle both HTTP/1.0 and
HTTP/1.1 in reply
1999-06-06
* configure.in: use KRB_CHECK_X
* kuser/kdestroy.c: use print_version
Wed Jun 2 1999
* kadmin/kadmin.c: use print_version; (mod_entry): add command

18
crypto/kerberosIV/NEWS
View File

@ -1,11 +1,15 @@
Changes in release 0.10.1:
Changes in release 1.0:
* Bug fixes:
- krb_get_lrealm now works with zero `n'
- kadmin cosmetic fix
- login now compiles on IRIX < 6.5
- kxd fix for solaris waitpid breakage, fix for unicos setjob
breakage, better handling of fork failures
* A new configuration option `nat_in_use' in krb.extra to ease use
through Network Address Translators.
* Support configuration value of KEYFILE and TKT_ROOT in krb.extra
* Easier building on some platforms
* built-in ls in ftpd.
* Bug fixes.
Changes in release 0.10:

41
crypto/kerberosIV/PROBLEMS
View File

@ -46,6 +46,14 @@ There has been reports of non-working `libdb' on some Linux
distributions. If that happens, use the `--without-berkeley-db' when
configuring.
SunOS 5 (aka Solaris 2) problems
--------------------------------
When building shared libraries and using some combinations of GNU gcc/ld
you better set the environment variable RUN_PATH to /usr/athena/lib
(your target libdir). If you don't, then you will have to set
LD_LIBRARY_PATH during runtime and the PAM module will not work.
HP-UX problems
--------------
@ -61,6 +69,39 @@ Cray problems
`rlogind' won't work on Crays until `forkpty()' has been ported, in the
mean time use `telnetd'.
IRIX problems
-------------
IRIX has three different ABI:s (Application Binary Interface), there's
an old 32 bit interface (known as O32, or just 32), a new 32 bit
interface (N32), and a 64 bit interface (64). O32 and N32 are both 32
bits, but they have different calling conventions, and alignment
constraints, and similar. The N32 format is the default format from IRIX
6.4.
You select ABI at compile time, and you can do this with the
`--with-mips-abi' configure option. The valid arguments are `o32',
`n32', and `64', N32 is the default. Libraries for the three different
ABI:s are normally installed installed in different directories (`lib',
`lib32', and `lib64'). If you want more than one set of libraries you
have to reconfigure and recompile for each ABI, but you should probably
install only N32 binaries.
GCC had had some known problems with the different ABI:s. Old GCC could
only handle O32, newer GCC can handle N32, and 64, but not O32, but in
some versions of GCC the structure alignment was broken in N32.
This confusion with different ABI:s can cause some trouble. For
instance, the `afskauthlib.so' library has to use the same ABI as
`xdm', and `login'. The easiest way to check what ABI to use is to run
`file' on `/usr/bin/X11/xdm'.
Another problem that you might encounter if you run AFS is that Transarc
apparently doesn't support the 64-bit ABI, and because of this you can't
get tokens with a 64 bit application. If you really need to do this,
there is a kernel module that provides this functionality at
<ftp://ftp.pdc.kth.se/home/joda/irix-afs64.tar.gz>.
AIX problems
------------

4
crypto/kerberosIV/acconfig.h
View File

@ -1,4 +1,4 @@
/* $Id: acconfig.h,v 1.103.2.1 1999/07/22 03:12:42 assar Exp $ */
/* $Id: acconfig.h,v 1.105 1999/12/02 13:09:41 joda Exp $ */
@BOTTOM@
@ -18,6 +18,8 @@
#define HAVE_KRB_DISABLE_DEBUG 1
#define HAVE_KRB_GET_OUR_IP_FOR_REALM 1
#define RCSID(msg) \
static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }

108
crypto/kerberosIV/aclocal.m4 vendored
View File

@ -251,7 +251,7 @@ esac
])
dnl
dnl $Id: shared-libs.m4,v 1.3 1999/04/09 15:34:25 assar Exp $
dnl $Id: shared-libs.m4,v 1.4 1999/07/13 17:47:09 assar Exp $
dnl
dnl Shared library stuff has to be different everywhere
dnl
@ -316,9 +316,10 @@ case "${host}" in
install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
;;
*-*-freebsd3*)
changequote(,)dnl
*-*-freebsd[34]*)
changequote([,])dnl
REAL_SHLIBEXT=so.$SHLIB_VERSION
LDSHARED='ld -Bshareable'
REAL_LD_FLAGS='-Wl,-R$(libdir)'
build_symlink_command='$(LN_S) -f [$][@] $(LIBNAME).so'
install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
@ -507,23 +508,23 @@ AC_EGREP_CPP(yes,
AC_MSG_RESULT($krb_cv_sys_aix)
])
dnl $Id: find-func-no-libs.m4,v 1.3 1998/06/04 02:06:50 assar Exp $
dnl $Id: find-func-no-libs.m4,v 1.5 1999/10/30 21:08:18 assar Exp $
dnl
dnl
dnl Look for function in any of the specified libraries
dnl
dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments)
dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra args)
AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [
AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4])])
AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])])
dnl $Id: find-func-no-libs2.m4,v 1.1 1998/06/04 02:07:12 assar Exp $
dnl $Id: find-func-no-libs2.m4,v 1.3 1999/10/30 21:09:53 assar Exp $
dnl
dnl
dnl Look for function in any of the specified libraries
dnl
dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments)
dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments, extra libs, extra args)
AC_DEFUN(AC_FIND_FUNC_NO_LIBS2, [
AC_MSG_CHECKING([for $1])
@ -537,7 +538,7 @@ if eval "test \"\$ac_cv_func_$1\" != yes" ; then
else
ac_lib=""
fi
LIBS="$ac_lib $ac_save_LIBS"
LIBS="$6 $ac_lib $5 $ac_save_LIBS"
AC_TRY_LINK([$3],[$1($4)],eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break)
done
eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}"
@ -620,11 +621,14 @@ END
])
dnl $Id: grok-type.m4,v 1.3 1999/03/21 18:59:56 joda Exp $
dnl $Id: grok-type.m4,v 1.4 1999/11/29 11:16:48 joda Exp $
dnl
AC_DEFUN(AC_GROK_TYPE, [
AC_CACHE_VAL(ac_cv_type_$1,
AC_TRY_COMPILE([
#ifdef HAVE_INTTYPES_H
#include <inttypes.h>
#endif
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
@ -669,7 +673,7 @@ fi
dnl
dnl See if there is any X11 present
dnl
dnl $Id: check-x.m4,v 1.1 1999/06/03 00:22:10 joda Exp $
dnl $Id: check-x.m4,v 1.2 1999/11/05 04:25:23 assar Exp $
AC_DEFUN(KRB_CHECK_X,[
AC_PATH_XTRA
@ -699,7 +703,7 @@ if test "$no_x" != yes; then
esac
done
fi
LIBS="$ac_save_libs $foo -lX11"
LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS"
AC_TRY_RUN([
#include <X11/Xlib.h>
foo()
@ -998,6 +1002,21 @@ AC_NEED_PROTO([#include <stdio.h>
fi
])
dnl
dnl $Id: capabilities.m4,v 1.2 1999/09/01 11:02:26 joda Exp $
dnl
dnl
dnl Test SGI capabilities
dnl
AC_DEFUN(KRB_CAPABILITIES,[
AC_CHECK_HEADERS(capability.h sys/capability.h)
AC_CHECK_FUNCS(sgi_getcapabilitybyname cap_set_proc)
])
dnl $Id: check-getpwnam_r-posix.m4,v 1.2 1999/03/23 16:47:31 joda Exp $
dnl
dnl check for getpwnam_r, and if it's posix or not
@ -1022,6 +1041,29 @@ if test "$ac_cv_func_getpwnam_r_posix" = yes; then
fi
fi
])
dnl
dnl $Id: krb-func-getlogin.m4,v 1.1 1999/07/13 17:45:30 assar Exp $
dnl
dnl test for POSIX (broken) getlogin
dnl
AC_DEFUN(AC_FUNC_GETLOGIN, [
AC_CHECK_FUNCS(getlogin setlogin)
if test "$ac_cv_func_getlogin" = yes; then
AC_CACHE_CHECK(if getlogin is posix, ac_cv_func_getlogin_posix, [
if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then
ac_cv_func_getlogin_posix=no
else
ac_cv_func_getlogin_posix=yes
fi
])
if test "$ac_cv_func_getlogin_posix" = yes; then
AC_DEFINE(POSIX_GETLOGIN, 1, [Define if getlogin has POSIX flavour (and not BSD).])
fi
fi
])
dnl $Id: find-if-not-broken.m4,v 1.2 1998/03/16 22:16:27 joda Exp $
dnl
dnl
@ -1168,7 +1210,7 @@ fi
undefine([foo])
])
dnl $Id: have-struct-field.m4,v 1.5 1999/03/01 13:10:35 joda Exp $
dnl $Id: have-struct-field.m4,v 1.6 1999/07/29 01:44:32 assar Exp $
dnl
dnl check for fields in a structure
dnl
@ -1183,18 +1225,50 @@ cache_val=no)])
if test "$cache_val" = yes; then
define(foo, translit(HAVE_$1_$2, [a-z ], [A-Z_]))
AC_DEFINE(foo, 1, [Define if $1 has field $2.])
undefine(foo)
undefine([foo])
fi
undefine(cache_val)
undefine([cache_val])
])
dnl $Id
dnl $Id: have-type.m4,v 1.4 1999/07/24 19:23:01 assar Exp $
dnl
dnl check for existance of a type
dnl AC_HAVE_TYPE(TYPE,INCLUDES)
AC_DEFUN(AC_HAVE_TYPE, [
cv=`echo "$1" | sed 'y%./+- %__p__%'`
AC_MSG_CHECKING(for $1)
AC_CACHE_VAL([ac_cv_type_$cv],
AC_TRY_COMPILE(
[#include <sys/types.h>
#if STDC_HEADERS
#include <stdlib.h>
#include <stddef.h>
#endif
$2],
[$1 foo;],
eval "ac_cv_type_$cv=yes",
eval "ac_cv_type_$cv=no"))dnl
AC_MSG_RESULT(`eval echo \\$ac_cv_type_$cv`)
if test `eval echo \\$ac_cv_type_$cv` = yes; then
ac_tr_hdr=HAVE_`echo $1 | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
dnl autoheader tricks *sigh*
define(foo,translit($1, [ ], [_]))
: << END
@@@funcs="$funcs foo"@@@
END
undefine([foo])
AC_DEFINE_UNQUOTED($ac_tr_hdr, 1)
fi
])
dnl $Id: krb-struct-spwd.m4,v 1.3 1999/07/13 21:04:11 assar Exp $
dnl
dnl Test for `struct spwd'
AC_DEFUN(AC_KRB_STRUCT_SPWD, [
AC_MSG_CHECKING(for struct spwd)
AC_CACHE_VAL(ac_cv_type_struct_spwd, [
AC_CACHE_VAL(ac_cv_struct_spwd, [
AC_TRY_COMPILE(
[#include <pwd.h>
#ifdef HAVE_SHADOW_H

9
crypto/kerberosIV/admin/adm_locl.h
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -36,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: adm_locl.h,v 1.16 1997/04/20 05:46:14 assar Exp $ */
/* $Id: adm_locl.h,v 1.17 1999/12/02 16:58:27 joda Exp $ */
#ifndef __adm_locl_h
#define __adm_locl_h

4
crypto/kerberosIV/admin/ext_srvtab.c
View File

@ -9,7 +9,7 @@
#include "adm_locl.h"
RCSID("$Id: ext_srvtab.c,v 1.17 1998/06/09 19:24:13 joda Exp $");
RCSID("$Id: ext_srvtab.c,v 1.18 1999/09/16 20:37:20 assar Exp $");
static des_cblock master_key;
static des_cblock session_key;
@ -73,7 +73,7 @@ main(int argc, char **argv)
if (++i >= argc)
usage();
else {
strcpy_truncate(realm, argv[i], REALM_SZ);
strlcpy(realm, argv[i], REALM_SZ);
/*
* This is to humor the broken way commandline
* argument parsing is done. Later, this

6
crypto/kerberosIV/admin/kdb_edit.c
View File

@ -15,7 +15,7 @@
#include "adm_locl.h"
RCSID("$Id: kdb_edit.c,v 1.27 1998/11/22 09:26:31 assar Exp $");
RCSID("$Id: kdb_edit.c,v 1.28 1999/09/16 20:37:21 assar Exp $");
#ifdef DEBUG
extern kerb_debug;
@ -93,10 +93,10 @@ change_principal(void)
/* make a new principal, fill in defaults */
j = 1;
creating = 1;
strcpy_truncate(principal_data[0].name,
strlcpy(principal_data[0].name,
input_name,
ANAME_SZ);
strcpy_truncate(principal_data[0].instance,
strlcpy(principal_data[0].instance,
input_instance,
INST_SZ);
principal_data[0].old = NULL;

16
crypto/kerberosIV/admin/kdb_init.c
View File

@ -10,7 +10,7 @@
#include "adm_locl.h"
RCSID("$Id: kdb_init.c,v 1.24 1998/06/09 19:24:13 joda Exp $");
RCSID("$Id: kdb_init.c,v 1.25 1999/09/16 20:37:21 assar Exp $");
enum ap_op {
NULL_KEY, /* setup null keys */
@ -31,8 +31,8 @@ add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife)
des_cblock new_key;
memset(&principal, 0, sizeof(principal));
strcpy_truncate(principal.name, name, ANAME_SZ);
strcpy_truncate(principal.instance, instance, INST_SZ);
strlcpy(principal.name, name, ANAME_SZ);
strlcpy(principal.instance, instance, INST_SZ);
switch (aap_op) {
case NULL_KEY:
principal.key_low = 0;
@ -68,8 +68,8 @@ add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife)
principal.kdc_key_ver = 1;
principal.key_version = 1;
strcpy_truncate(principal.mod_name, "db_creation", ANAME_SZ);
strcpy_truncate(principal.mod_instance, "", INST_SZ);
strlcpy(principal.mod_name, "db_creation", ANAME_SZ);
strlcpy(principal.mod_instance, "", INST_SZ);
principal.old = 0;
if (kerb_db_put_principal(&principal, 1) != 1)
@ -108,10 +108,10 @@ main(int argc, char **argv)
kerb_db_set_name(database);
if (argc == 2)
strcpy_truncate(realm, argv[1], REALM_SZ);
strlcpy(realm, argv[1], REALM_SZ);
else {
if (krb_get_lrealm(realm, 1) != KSUCCESS)
strcpy_truncate(realm, KRB_REALM, REALM_SZ);
strlcpy(realm, KRB_REALM, REALM_SZ);
fprintf(stderr, "Realm name [default %s ]: ", realm);
if (fgets(realm, sizeof(realm), stdin) == NULL)
errx (1, "\nEOF reading realm");
@ -119,7 +119,7 @@ main(int argc, char **argv)
*cp = '\0';
if (!*realm) /* no realm given */
if (krb_get_lrealm(realm, 1) != KSUCCESS)
strcpy_truncate(realm, KRB_REALM, REALM_SZ);
strlcpy(realm, KRB_REALM, REALM_SZ);
}
if (!k_isrealm(realm))
errx (1, "Bad kerberos realm name \"%s\"", realm);

20
crypto/kerberosIV/admin/kdb_util.c
View File

@ -15,7 +15,7 @@
#include "adm_locl.h"
RCSID("$Id: kdb_util.c,v 1.40 1999/07/05 21:43:52 assar Exp $");
RCSID("$Id: kdb_util.c,v 1.42 1999/09/16 20:37:21 assar Exp $");
static des_cblock master_key, new_master_key;
static des_key_schedule master_key_schedule, new_master_key_schedule;
@ -53,7 +53,7 @@ time_explode(char *cp)
memset(&tp, 0, sizeof(tp)); /* clear out the struct */
if (strlen(cp) > 10) { /* new format */
strcpy_truncate(wbuf, cp, sizeof(wbuf));
strlcpy(wbuf, cp, sizeof(wbuf));
tp.tm_year = atoi(wbuf) - 1900;
cp += 4; /* step over the year */
local = 0; /* GMT */
@ -432,6 +432,7 @@ main(int argc, char **argv)
fprintf(stderr, "Operation is one of: "
"load, merge, dump, slave_dump, new_master_key, "
"convert_old_db\n");
fprintf(stderr, "use file `-' for stdout\n");
exit(1);
}
if (argc == 3)
@ -469,7 +470,20 @@ main(int argc, char **argv)
}
file_name = argv[2];
file = fopen(file_name, (op == OP_LOAD || op == OP_MERGE) ? "r" : "w");
if (strcmp (file_name, "-") == 0
&& op != OP_LOAD
&& op != OP_MERGE)
file = stdout;
else {
char *mode;
if (op == OP_LOAD || op == OP_MERGE)
mode = "r";
else
mode = "w";
file = fopen (file_name, mode);
}
if (file == NULL)
err (1, "open %s", argv[2]);

9
crypto/kerberosIV/appl/afsutil/aklog.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -71,7 +66,7 @@
#include <roken.h>
RCSID("$Id: aklog.c,v 1.22.2.1 1999/07/22 03:13:22 assar Exp $");
RCSID("$Id: aklog.c,v 1.24 1999/12/02 16:58:28 joda Exp $");
static int debug = 0;

11
crypto/kerberosIV/appl/afsutil/kstring2key.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -38,7 +33,7 @@
#include "config.h"
RCSID("$Id: kstring2key.c,v 1.14 1998/06/09 19:24:14 joda Exp $");
RCSID("$Id: kstring2key.c,v 1.16 1999/12/02 16:58:28 joda Exp $");
#include <stdio.h>
#include <string.h>
@ -109,7 +104,7 @@ main(int argc, char **argv)
errx (1, "Error reading password.");
break;
case 2:
strcpy_truncate(buf, argv[1], sizeof(buf));
strlcpy(buf, argv[1], sizeof(buf));
break;
default:
usage();

9
crypto/kerberosIV/appl/afsutil/pagsh.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -40,7 +35,7 @@
#include <config.h>
#endif
RCSID("$Id: pagsh.c,v 1.21 1999/03/11 13:56:55 joda Exp $");
RCSID("$Id: pagsh.c,v 1.22 1999/12/02 16:58:28 joda Exp $");
#include <stdio.h>
#include <stdlib.h>

15
crypto/kerberosIV/appl/bsd/forkpty.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -40,7 +35,7 @@
#ifndef HAVE_FORKPTY
RCSID("$Id: forkpty.c,v 1.53.2.2 1999/08/19 13:37:16 assar Exp $");
RCSID("$Id: forkpty.c,v 1.57 1999/12/02 16:58:28 joda Exp $");
/* Only CRAY is known to have problems with forkpty(). */
#if defined(CRAY)
@ -169,7 +164,7 @@ ptym_open_streams_flavor(char *pts_name,
char *ptr1;
if ((ptr1 = ptsname(fdm)) != NULL) /* Get slave's name */
/* Return name of slave */
strcpy_truncate(pts_name, ptr1, pts_name_sz);
strlcpy(pts_name, ptr1, pts_name_sz);
else {
close(fdm);
return(-4);
@ -268,7 +263,7 @@ ptym_open(char *pts_name, size_t pts_name_sz, int *streams_pty)
char *p = _getpty(&fdm, O_RDWR, 0600, 1);
if (p) {
*streams_pty = 1;
strcpy_truncate (pts_name, p, pts_name_sz);
strlcpy (pts_name, p, pts_name_sz);
return fdm;
}
}
@ -398,7 +393,7 @@ forkpty_truncate(int *ptrfdm,
if (slave_name != NULL)
/* Return name of slave */
strcpy_truncate(slave_name, pts_name, slave_name_sz);
strlcpy(slave_name, pts_name, slave_name_sz);
pid = fork();
if (pid < 0)

49
crypto/kerberosIV/appl/bsd/klogin.c
View File

@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: klogin.c,v 1.24 1999/03/15 13:34:12 bg Exp $");
RCSID("$Id: klogin.c,v 1.27 1999/10/04 16:11:48 bg Exp $");
#ifdef KERBEROS
@ -53,52 +53,25 @@ multiple_get_tkt(char *name,
int life,
char *password)
{
int ret;
int n;
char rlm[256];
#define ERICSSON_COMPAT 1
#ifdef ERICSSON_COMPAT
FILE *f;
f = fopen("/etc/krb.localrealms", "r");
if (f != NULL) {
while (fgets(rlm, sizeof(rlm), f) != NULL) {
if (rlm[strlen(rlm) - 1] == '\n')
rlm[strlen(rlm) - 1] = '\0';
if (krb_get_pw_in_tkt(name,
instance,
rlm,
service,
realm,
life,
password) == KSUCCESS) {
fclose(f);
return KSUCCESS;
}
}
return krb_get_pw_in_tkt(name,
instance,
realm,
service,
realm,
life,
password);
}
#endif
/* First try to verify against the supplied realm. */
if (krb_get_pw_in_tkt(name, instance, realm, service, realm, life, password)
== KSUCCESS)
ret = krb_get_pw_in_tkt(name, instance, realm, service, realm, life,
password);
if(ret == KSUCCESS)
return KSUCCESS;
/* Verify all local realms, except the supplied realm. */
for (n = 1; krb_get_lrealm(rlm, n) == KSUCCESS; n++)
if (strcmp(rlm, realm) != 0)
if (krb_get_pw_in_tkt(name, instance, rlm,service, realm, life, password)
== KSUCCESS)
if (strcmp(rlm, realm) != 0) {
ret = krb_get_pw_in_tkt(name, instance, rlm,service, rlm,life, password);
if (ret == KSUCCESS)
return KSUCCESS;
}
return KFAILURE;
return ret;
}
/*
@ -194,7 +167,7 @@ klogin(struct passwd *pw, char *instance, char *localhost, char *password)
if (chown(TKT_FILE, pw->pw_uid, pw->pw_gid) < 0)
syslog(LOG_ERR, "chown tkfile (%s): %m", TKT_FILE);
strcpy_truncate(savehost, krb_get_phost(localhost), sizeof(savehost));
strlcpy(savehost, krb_get_phost(localhost), sizeof(savehost));
#ifdef KLOGIN_PARANOID
/*

14
crypto/kerberosIV/appl/bsd/login.c
View File

@ -45,7 +45,7 @@
#include <sys/capability.h>
#endif
RCSID("$Id: login.c,v 1.120.2.2 1999/09/02 08:55:26 joda Exp $");
RCSID("$Id: login.c,v 1.125 1999/11/30 19:24:01 bg Exp $");
#ifdef OTP
#include <otp.h>
@ -225,7 +225,7 @@ main(int argc, char **argv)
fflag = hflag = pflag = rflag = 0;
uid = getuid();
while ((ch = getopt(argc, argv, "a:d:fh:pr:")) != EOF)
while ((ch = getopt(argc, argv, "a:d:fh:pr:")) != -1)
switch (ch) {
case 'a':
if (strcmp (optarg, "none") == 0)
@ -250,7 +250,7 @@ main(int argc, char **argv)
if (uid)
errx(1, "-h option: %s", strerror(EPERM));
hflag = 1;
strcpy_truncate(full_hostname,
strlcpy(full_hostname,
optarg,
sizeof(full_hostname));
if (domain && (p = strchr(optarg, '.')) &&
@ -275,7 +275,7 @@ main(int argc, char **argv)
exit(1);
}
rflag = 1;
strcpy_truncate(full_hostname,
strlcpy(full_hostname,
optarg,
sizeof(full_hostname));
if (domain && (p = strchr(optarg, '.')) &&
@ -383,7 +383,7 @@ main(int argc, char **argv)
badlogin(tbuf);
failures = 0;
}
strcpy_truncate(tbuf, username, sizeof(tbuf));
strlcpy(tbuf, username, sizeof(tbuf));
pwd = paranoid_getpwnam (username);
@ -654,7 +654,7 @@ main(int argc, char **argv)
* that LD_* and IFS are never preserved.
*/
if (term[0] == '\0')
strcpy_truncate(term, stypeof(tty), sizeof(term));
strlcpy(term, stypeof(tty), sizeof(term));
/* set up a somewhat censored environment. */
sysv_newenv(argc, argv, pwd, term, pflag);
#ifdef KERBEROS
@ -950,7 +950,7 @@ checknologin(void)
static void
dolastlog(int quiet)
{
#if defined(HAVE_LASTLOG_H) || defined(HAVE_LOGIN_H) || defined(SYSV_SHADOW)
#if defined(HAVE_LASTLOG_H) || defined(HAVE_LOGIN_H)
struct lastlog ll;
int fd;

6
crypto/kerberosIV/appl/bsd/login_fbtab.c
View File

@ -58,7 +58,7 @@
#include "bsd_locl.h"
RCSID("$Id: login_fbtab.c,v 1.13 1999/01/14 00:37:59 assar Exp $");
RCSID("$Id: login_fbtab.c,v 1.14 1999/09/16 20:37:24 assar Exp $");
void login_protect (char *, char *, int, uid_t, gid_t);
void login_fbtab (char *tty, uid_t uid, gid_t gid);
@ -126,7 +126,7 @@ login_protect(char *table, char *path, int mask, uid_t uid, gid_t gid)
if (chown(path, uid, gid) && errno != ENOENT)
syslog(LOG_ERR, "%s: chown(%s): %m", table, path);
} else {
strcpy_truncate (buf, path, sizeof(buf));
strlcpy (buf, path, sizeof(buf));
if (sizeof(buf) > pathlen)
buf[pathlen - 2] = '\0';
/* Solaris evidently operates on the directory as well */
@ -142,7 +142,7 @@ login_protect(char *table, char *path, int mask, uid_t uid, gid_t gid)
while ((ent = readdir(dir)) != 0) {
if (strcmp(ent->d_name, ".") != 0
&& strcmp(ent->d_name, "..") != 0) {
strcpy_truncate (buf + pathlen - 1,
strlcpy (buf + pathlen - 1,
ent->d_name,
sizeof(buf) - (pathlen + 1));
login_protect(table, buf, mask, uid, gid);

9
crypto/kerberosIV/appl/bsd/osfc2.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -37,7 +32,7 @@
*/
#include "bsd_locl.h"
RCSID("$Id: osfc2.c,v 1.1 1998/09/28 11:47:36 joda Exp $");
RCSID("$Id: osfc2.c,v 1.2 1999/12/02 16:58:28 joda Exp $");
int
do_osfc2_magic(uid_t uid)

15
crypto/kerberosIV/appl/bsd/rcmd_util.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -38,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: rcmd_util.c,v 1.17 1997/09/24 21:14:23 assar Exp $");
RCSID("$Id: rcmd_util.c,v 1.19 1999/12/02 16:58:28 joda Exp $");
int
get_login_port(int kerberos, int encryption)
@ -130,9 +125,15 @@ static struct { int speed; int bps; } conv[] = {
#ifdef B19200
{B19200, 19200},
#endif
#ifdef EXTA
{EXTA, 19200},
#endif
#ifdef B38400
{B38400, 38400},
#endif
#ifdef EXTB
{EXTB, 38400},
#endif
#ifdef B57600
{B57600, 57600},
#endif

21
crypto/kerberosIV/appl/bsd/rcp.c
View File

@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: rcp.c,v 1.49 1999/07/06 03:17:58 assar Exp $");
RCSID("$Id: rcp.c,v 1.52 1999/11/16 16:54:16 bg Exp $");
/* Globals */
static char dst_realm_buf[REALM_SZ];
@ -41,7 +41,9 @@ static char *dest_realm = NULL;
static int use_kerberos = 1;
static int doencrypt = 0;
#define OPTIONS "dfKk:prtx"
#define OPTIONS "dfKk:prtxl:"
static char *user_name = NULL; /* Given as -l option. */
static int errs, rem;
static struct passwd *pwd;
@ -146,11 +148,11 @@ run_err(const char *fmt, ...)
va_start(args, fmt);
++errs;
#define RCPERR "\001rcp: "
strcpy_truncate (errbuf, RCPERR, sizeof(errbuf));
strlcpy (errbuf, RCPERR, sizeof(errbuf));
vsnprintf (errbuf + strlen(errbuf),
sizeof(errbuf) - strlen(errbuf),
fmt, args);
strcat_truncate (errbuf, "\n", sizeof(errbuf));
strlcat (errbuf, "\n", sizeof(errbuf));
des_write (rem, errbuf, strlen(errbuf));
if (!iamremote)
vwarnx(fmt, args);
@ -490,7 +492,7 @@ toremote(char *targ, int argc, char **argv)
exit(1);
} else {
thost = argv[argc - 1];
tuser = NULL;
tuser = user_name;
}
for (i = 0; i < argc - 1; i++) {
@ -854,6 +856,8 @@ tolocal(int argc, char **argv)
#else
host = argv[i];
suser = pwd->pw_name;
if (user_name)
suser = user_name;
#endif
} else {
*host++ = 0;
@ -937,14 +941,14 @@ main(int argc, char **argv)
fflag = tflag = 0;
while ((ch = getopt(argc, argv, OPTIONS)) != EOF)
while ((ch = getopt(argc, argv, OPTIONS)) != -1)
switch(ch) { /* User-visible flags. */
case 'K':
use_kerberos = 0;
break;
case 'k':
dest_realm = dst_realm_buf;
strcpy_truncate(dst_realm_buf, optarg, REALM_SZ);
strlcpy(dst_realm_buf, optarg, REALM_SZ);
break;
case 'x':
doencrypt = 1;
@ -968,6 +972,9 @@ main(int argc, char **argv)
iamremote = 1;
tflag = 1;
break;
case 'l':
user_name = optarg;
break;
case '?':
default:
usage();

6
crypto/kerberosIV/appl/bsd/rlogin.c
View File

@ -36,7 +36,7 @@
*/
#include "bsd_locl.h"
RCSID("$Id: rlogin.c,v 1.65 1999/03/13 21:13:54 assar Exp $");
RCSID("$Id: rlogin.c,v 1.67 1999/11/13 06:13:02 assar Exp $");
CREDENTIALS cred;
Key_schedule schedule;
@ -556,7 +556,7 @@ main(int argc, char **argv)
}
#define OPTIONS "8DEKLde:k:l:xp:"
while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != EOF)
while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1)
switch(ch) {
case '8':
eight = 1;
@ -579,7 +579,7 @@ main(int argc, char **argv)
break;
case 'k':
dest_realm = dst_realm_buf;
strcpy_truncate(dest_realm, optarg, REALM_SZ);
strlcpy(dest_realm, optarg, REALM_SZ);
break;
case 'l':
user = optarg;

4
crypto/kerberosIV/appl/bsd/rlogind.c
View File

@ -42,7 +42,7 @@
#include "bsd_locl.h"
RCSID("$Id: rlogind.c,v 1.107.2.1 1999/07/22 03:14:39 assar Exp $");
RCSID("$Id: rlogind.c,v 1.109 1999/11/25 05:27:38 assar Exp $");
extern int __check_rhosts_file;
@ -319,7 +319,7 @@ main(int argc, char **argv)
openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH);
opterr = 0;
while ((ch = getopt(argc, argv, ARGSTR)) != EOF)
while ((ch = getopt(argc, argv, ARGSTR)) != -1)
switch (ch) {
case 'D':
no_delay = 1;

6
crypto/kerberosIV/appl/bsd/rsh.c
View File

@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: rsh.c,v 1.41 1999/06/17 18:49:18 assar Exp $");
RCSID("$Id: rsh.c,v 1.43 1999/11/13 06:13:34 assar Exp $");
CREDENTIALS cred;
Key_schedule schedule;
@ -205,7 +205,7 @@ main(int argc, char **argv)
}
#define OPTIONS "+8KLde:k:l:np:wx"
while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != EOF)
while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1)
switch(ch) {
case 'K':
use_kerberos = 0;
@ -223,7 +223,7 @@ main(int argc, char **argv)
break;
case 'k':
dest_realm = dst_realm_buf;
strcpy_truncate(dest_realm, optarg, REALM_SZ);
strlcpy(dest_realm, optarg, REALM_SZ);
break;
case 'n':
nflag = nfork = 1;

10
crypto/kerberosIV/appl/bsd/rshd.c
View File

@ -42,7 +42,7 @@
#include "bsd_locl.h"
RCSID("$Id: rshd.c,v 1.58 1999/06/17 18:49:43 assar Exp $");
RCSID("$Id: rshd.c,v 1.60 1999/11/13 06:13:53 assar Exp $");
extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */
extern int __check_rhosts_file;
@ -82,7 +82,7 @@ main(int argc, char *argv[])
openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
opterr = 0;
while ((ch = getopt(argc, argv, OPTIONS)) != EOF)
while ((ch = getopt(argc, argv, OPTIONS)) != -1)
switch (ch) {
case 'a':
break;
@ -565,13 +565,13 @@ doit(struct sockaddr_in *fromp)
setgid((gid_t)pwd->pw_gid);
initgroups(pwd->pw_name, pwd->pw_gid);
setuid((uid_t)pwd->pw_uid);
strcat_truncate(homedir, pwd->pw_dir, sizeof(homedir));
strlcat(homedir, pwd->pw_dir, sizeof(homedir));
/* Need to prepend path with BINDIR (/usr/athena/bin) to find rcp */
snprintf(path, sizeof(path), "PATH=%s:%s", BINDIR, _PATH_DEFPATH);
strcat_truncate(shell, pwd->pw_shell, sizeof(shell));
strcat_truncate(username, pwd->pw_name, sizeof(username));
strlcat(shell, pwd->pw_shell, sizeof(shell));
strlcat(username, pwd->pw_name, sizeof(username));
cp = strrchr(pwd->pw_shell, '/');
if (cp)
cp++;

9
crypto/kerberosIV/appl/bsd/stty_default.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -38,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: stty_default.c,v 1.6 1997/04/01 08:17:17 joda Exp $");
RCSID("$Id: stty_default.c,v 1.7 1999/12/02 16:58:28 joda Exp $");
#include <termios.h>

21
crypto/kerberosIV/appl/bsd/su.c
View File

@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID ("$Id: su.c,v 1.66 1999/03/11 13:57:58 joda Exp $");
RCSID ("$Id: su.c,v 1.70 1999/11/13 06:14:11 assar Exp $");
#ifdef SYSV_SHADOW
#include "sysv_shadow.h"
@ -46,8 +46,9 @@ static int koktologin (char *name, char *realm, char *toname);
static int chshell (char *sh);
/* Handle '-' option after all the getopt options */
#define ARGSTR "Kflmi:"
#define ARGSTR "Kflmti:"
int destroy_tickets = 0;
static int use_kerberos = 1;
static char *root_inst = "root";
@ -66,7 +67,7 @@ main (int argc, char **argv)
set_progname (argv[0]);
asme = asthem = fastlogin = 0;
while ((ch = getopt (argc, argv, ARGSTR)) != EOF)
while ((ch = getopt (argc, argv, ARGSTR)) != -1)
switch ((char) ch) {
case 'K':
use_kerberos = 0;
@ -82,13 +83,16 @@ main (int argc, char **argv)
asme = 1;
asthem = 0;
break;
case 't':
destroy_tickets = 1;
break;
case 'i':
root_inst = optarg;
break;
case '?':
default:
fprintf (stderr,
"usage: su [-Kflm] [-i root-instance] [-] [login]\n");
"usage: su [-Kflmt] [-i root-instance] [-] [login]\n");
exit (1);
}
/* Don't handle '-' option with getopt */
@ -127,7 +131,7 @@ main (int argc, char **argv)
errx (1, "strdup: out of memory");
if (asme) {
if (pwd->pw_shell && *pwd->pw_shell) {
strcpy_truncate (shellbuf, pwd->pw_shell, sizeof(shellbuf));
strlcpy (shellbuf, pwd->pw_shell, sizeof(shellbuf));
shell = shellbuf;
} else {
shell = _PATH_BSHELL;
@ -282,6 +286,8 @@ main (int argc, char **argv)
if (code != KSUCCESS && code != KDC_PR_UNKNOWN)
warnx ("afsklog: %s", krb_get_err_text (code));
}
if (destroy_tickets)
dest_tkt ();
execv (shell, np);
warn ("execv(%s)", shell);
if (getuid () == 0) {
@ -408,7 +414,7 @@ kerberos (char *username, char *user, int uid)
dest_tkt ();
return (1);
}
strcpy_truncate (savehost, krb_get_phost (hostname), sizeof (savehost));
strlcpy (savehost, krb_get_phost (hostname), sizeof (savehost));
kerno = krb_mk_req (&ticket, "rcmd", savehost, lrealm, 33);
@ -452,7 +458,8 @@ kerberos (char *username, char *user, int uid)
return (1);
}
}
fprintf (stderr, "Don't forget to kdestroy before exiting the shell.\n");
if (!destroy_tickets)
fprintf (stderr, "Don't forget to kdestroy before exiting the shell.\n");
return (0);
}

9
crypto/kerberosIV/appl/bsd/tty.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -38,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: tty.c,v 1.2 1997/05/25 01:14:22 assar Exp $");
RCSID("$Id: tty.c,v 1.3 1999/12/02 16:58:28 joda Exp $");
/*
* Clean the tty name. Return a pointer to the cleaned version.

9
crypto/kerberosIV/appl/bsd/utmp_login.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -38,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: utmp_login.c,v 1.15 1999/03/29 17:57:16 joda Exp $");
RCSID("$Id: utmp_login.c,v 1.16 1999/12/02 16:58:29 joda Exp $");
#ifdef HAVE_UTMP_H
void

180
crypto/kerberosIV/appl/ftp/ChangeLog
View File

@ -1,8 +1,188 @@
1999-11-30 Assar Westerlund <assar@sics.se>
* ftpd/ftpd.c (getdatasock): make sure to keep the port-number of
the outgoing connections. It has to be `ftp-data' or some people
might get upset.
* ftpd/ftpd.c (args): set correct variable when `-l' so that
logging actually works
1999-11-29 Assar Westerlund <assar@sics.se>
* ftp/security.c (sec_login): check return value from realloc
(sec_end): set app_data to NULL
1999-11-25 Assar Westerlund <assar@sics.se>
* ftp/krb4.c (krb4_auth): obtain the `local' address when doing
NAT. also turn on passive mode. From <thn@stacken.kth.se>
1999-11-20 Assar Westerlund <assar@sics.se>
* ftpd/ls.c (make_fileinfo): cast to allow for non-const
prototypes of readlink
1999-11-12 Assar Westerlund <assar@sics.se>
* ftpd/ftpd.c (args): use arg_counter for `l'
1999-11-04 Assar Westerlund <assar@sics.se>
* ftpd/ls.c (S_ISSOCK, S_ISLNK): fallback definitions for systems
that don't have them (such as ultrix)
1999-10-29 Assar Westerlund <assar@sics.se>
* ftpd/ls.c (make_fileinfo): cast uid's and gid's to unsigned in
printf, we don't know what types they might be.
(lstat_file): conditionalize the kafs part on KRB4
* ftpd/ftpd_locl.h: <sys/ioccom.h> is needed for kafs.h
1999-10-28 Assar Westerlund <assar@sics.se>
* ftpd/ls.c (lstat_file): don't set st_mode, it should already be
correct
* ftpd/ls.c: don't use warnx to print errors
* ftpd/ls.c (builtin_ls): fix typo, 'd' shouldn't imply 'f'
* ftpd/ls.c (lstat_file): new function for avoiding stating AFS
mount points. From Love <lha@s3.kth.se>
(list_files): use `lstat_file'
* ftpd/ftpd.c: some const-poisoning
* ftpd/ftpd.c (args): add `-B' as an alias for `--builtin-ls' to
allow for stupid inetds that only support two arguments. From
Love <lha@s3.kth.se>
1999-10-26 Assar Westerlund <assar@sics.se>
* ftpd/ftpcmd.y (help): it's unnecessary to interpret help strings
as printf commands
* ftpd/ftpd.c (show_issue): don't interpret contents of
/etc/issue* as printf commands. From Brian A May
<bmay@dgs.monash.edu.au>
1999-10-21 Johan Danielsson <joda@pdc.kth.se>
* ftpd/kauth.c (kauth): complain if protection level isn't
`private'
* ftp/krb4.c (krb4_decode): syslog failure reason
* ftp/kauth.c (kauth): set private level earlier
* ftp/security.c: get_command_prot; (sec_prot): partially match
`command' and `data'
1999-10-18 Johan Danielsson <joda@pdc.kth.se>
* ftpd/ftpd.c: change `-l' flag to use arg_collect (this makes
`-ll' work again)
* ftpd/ftpd.c (list_file): pass filename to ls
1999-10-04 Johan Danielsson <joda@pdc.kth.se>
* ftpd/ftpcmd.y: FEAT
1999-10-03 Assar Westerlund <assar@sics.se>
* ftpd/ls.c: fall-back definitions for constans and casts for
printfs
1999-10-03 Johan Danielsson <joda@pdc.kth.se>
* ftpd/ftpd.c (main): make this use getarg; add `list_file'
* ftpd/ftpcmd.y (LIST): call list_file
* ftpd/ls.c: add simple built-in ls
* ftp/security.c: add `sec_vfprintf2' and `sec_fprintf2' that
prints to the data stream
* ftp/kauth.c (kauth): make sure we're using private protection
level
* ftp/security.c (set_command_prot): set command protection level
* ftp/security.c: make it possible to set the command protection
level with `prot'
1999-09-30 Assar Westerlund <assar@sics.se>
* ftpd/ftpd_locl.h: add prototype for fclose to make sunos happy
1999-08-19 Johan Danielsson <joda@pdc.kth.se>
* ftpd/ftpd.c (do_login): show issue-file
(send_data): change handling of zero-byte files
1999-08-18 Assar Westerlund <assar@sics.se>
* ftp/cmds.c (getit): be more suspicious when parsing the result
of MDTM. Do the comparison of timestamps correctly.
1999-08-13 Assar Westerlund <assar@sics.se>
* ftpd/ftpd.c (send_data): avoid calling mmap with `len == 0'.
Some mmap:s rather dislike that (Solaris) and some munmap (Linux)
get grumpy later.
* ftp/ftp.c (copy_stream): avoid calling mmap with `len == 0'.
Some mmap:s rather dislike that (Solaris) and some munmap (Linux)
get grumpy later.
1999-08-03 Assar Westerlund <assar@sics.se>
* ftp/ftp.c (active_mode): hide failure of EPRT by setting verbose
* ftp/gssapi.c (gss_auth): initialize application_data in bindings
1999-08-02 Assar Westerlund <assar@sics.se>
* ftpd/ftpcmd.y: save file names when doing commands that might
get aborted (and longjmp:ed out of) to avoid overwriting them also
remove extra closing brace
1999-08-01 Johan Danielsson <joda@pdc.kth.se>
* ftpd/ftpcmd.y: change `site find' to `site locate' (to match
what it does, and other implementations) keep find as an alias
1999-07-28 Assar Westerlund <assar@sics.se>
* common/socket.c: moved to roken
* common/socket.c: new file with generic socket functions
* ftpd/ftpd.c: make it more AF-neutral and v6-capable
* ftpd/ftpcmd.y: add EPRT and EPSV
* ftpd/extern.h: update prototypes and variables
* ftp/krb4.c: update to new types of addresses
* ftp/gssapi.c: add support for both AF_INET and AF_INET6
addresses
* ftp/ftp.c: make it more AF-neutral and v6-capable
* ftp/extern.h (hookup): change prototype
* common/common.h: add prototypes for functions in socket.c
* common/Makefile.am (libcommon_a_SOURCES): add socket.c
* ftp/gssapi.c (gss_auth): check return value from
`gss_import_name' and print error messages if it fails
1999-06-15 Assar Westerlund <assar@sics.se>
* ftp/krb4.c (krb4_auth): type correctness

2
crypto/kerberosIV/appl/ftp/common/Makefile.am
View File

@ -1,4 +1,4 @@
# $Id: Makefile.am,v 1.7 1999/03/20 13:58:14 joda Exp $
# $Id: Makefile.am,v 1.9 1999/07/28 21:15:06 assar Exp $
include $(top_srcdir)/Makefile.am.common

9
crypto/kerberosIV/appl/ftp/common/buffer.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -41,7 +36,7 @@
#include <err.h>
#include "roken.h"
RCSID("$Id: buffer.c,v 1.2 1997/12/14 23:51:45 assar Exp $");
RCSID("$Id: buffer.c,v 1.3 1999/12/02 16:58:29 joda Exp $");
/*
* Allocate a buffer enough to handle st->st_blksize, if

14
crypto/kerberosIV/appl/ftp/common/common.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -36,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: common.h,v 1.9 1997/05/18 19:59:58 assar Exp $ */
/* $Id: common.h,v 1.12 1999/12/02 16:58:29 joda Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>
@ -56,6 +51,9 @@ void set_buffer_size(int, int);
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
void *alloc_buffer (void *oldbuf, size_t *sz, struct stat *st);

9
crypto/kerberosIV/appl/ftp/common/sockbuf.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -44,7 +39,7 @@
#include <sys/socket.h>
#endif
RCSID("$Id: sockbuf.c,v 1.2 1997/05/11 10:01:48 assar Exp $");
RCSID("$Id: sockbuf.c,v 1.3 1999/12/02 16:58:29 joda Exp $");
void
set_buffer_size(int fd, int read)

38
crypto/kerberosIV/appl/ftp/ftp/cmds.c
View File

@ -36,7 +36,7 @@
*/
#include "ftp_locl.h"
RCSID("$Id: cmds.c,v 1.34.2.1 1999/08/18 18:19:44 assar Exp $");
RCSID("$Id: cmds.c,v 1.36 1999/09/16 20:37:28 assar Exp $");
typedef void (*sighand)(int);
@ -119,16 +119,16 @@ setpeer(int argc, char **argv)
/*
* Set up defaults for FTP.
*/
strcpy_truncate(typename, "ascii", sizeof(typename));
strlcpy(typename, "ascii", sizeof(typename));
type = TYPE_A;
curtype = TYPE_A;
strcpy_truncate(formname, "non-print", sizeof(formname));
strlcpy(formname, "non-print", sizeof(formname));
form = FORM_N;
strcpy_truncate(modename, "stream", sizeof(modename));
strlcpy(modename, "stream", sizeof(modename));
mode = MODE_S;
strcpy_truncate(structname, "file", sizeof(structname));
strlcpy(structname, "file", sizeof(structname));
stru = STRU_F;
strcpy_truncate(bytename, "8", sizeof(bytename));
strlcpy(bytename, "8", sizeof(bytename));
bytesize = 8;
if (autologin)
login(argv[1]);
@ -170,7 +170,7 @@ setpeer(int argc, char **argv)
* for text files unless changed by the user.
*/
type = 0;
strcpy_truncate(typename, "binary", sizeof(typename));
strlcpy(typename, "binary", sizeof(typename));
if (overbose)
printf("Using %s mode to transfer files.\n",
typename);
@ -243,7 +243,7 @@ settype(int argc, char **argv)
else
comret = command("TYPE %s", p->t_mode);
if (comret == COMPLETE) {
strcpy_truncate(typename, p->t_name, sizeof(typename));
strlcpy(typename, p->t_name, sizeof(typename));
curtype = type = p->t_type;
}
}
@ -784,7 +784,7 @@ remglob(char **argv, int doswitch)
}
if (ftemp == NULL) {
int fd;
strcpy_truncate(temp, _PATH_TMP_XXX, sizeof(temp));
strlcpy(temp, _PATH_TMP_XXX, sizeof(temp));
fd = mkstemp(temp);
if(fd < 0){
warn("unable to create temporary file %s", temp);
@ -1419,11 +1419,11 @@ quote1(char *initial, int argc, char **argv)
int i;
char buf[BUFSIZ]; /* must be >= sizeof(line) */
strcpy_truncate(buf, initial, sizeof(buf));
strlcpy(buf, initial, sizeof(buf));
for(i = 1; i < argc; i++) {
if(i > 1)
strcat_truncate(buf, " ", sizeof(buf));
strcat_truncate(buf, argv[i], sizeof(buf));
strlcat(buf, " ", sizeof(buf));
strlcat(buf, argv[i], sizeof(buf));
}
if (command("%s", buf) == PRELIM) {
while (getreply(0) == PRELIM)
@ -1575,11 +1575,11 @@ account(int argc, char **argv)
if (argc > 1) {
++argv;
--argc;
strcpy_truncate (acct, *argv, sizeof(acct));
strlcpy (acct, *argv, sizeof(acct));
while (argc > 1) {
--argc;
++argv;
strcat_truncate(acct, *argv, sizeof(acct));
strlcat(acct, *argv, sizeof(acct));
}
}
else {
@ -1691,12 +1691,12 @@ setntrans(int argc, char **argv)
}
ntflag++;
code = ntflag;
strcpy_truncate (ntin, argv[1], 17);
strlcpy (ntin, argv[1], 17);
if (argc == 2) {
ntout[0] = '\0';
return;
}
strcpy_truncate (ntout, argv[2], 17);
strlcpy (ntout, argv[2], 17);
}
char *
@ -1753,10 +1753,10 @@ setnmap(int argc, char **argv)
cp = strchr(altarg, ' ');
}
*cp = '\0';
strcpy_truncate(mapin, altarg, MaxPathLen);
strlcpy(mapin, altarg, MaxPathLen);
while (*++cp == ' ')
continue;
strcpy_truncate(mapout, cp, MaxPathLen);
strlcpy(mapout, cp, MaxPathLen);
}
char *
@ -2008,7 +2008,7 @@ macdef(int argc, char **argv)
if (interactive) {
printf("Enter macro line by line, terminating it with a null line\n");
}
strcpy_truncate(macros[macnum].mac_name,
strlcpy(macros[macnum].mac_name,
argv[1],
sizeof(macros[macnum].mac_name));
if (macnum == 0) {

4
crypto/kerberosIV/appl/ftp/ftp/domacro.c
View File

@ -32,7 +32,7 @@
*/
#include "ftp_locl.h"
RCSID("$Id: domacro.c,v 1.6 1998/06/09 19:24:21 joda Exp $");
RCSID("$Id: domacro.c,v 1.7 1999/09/16 20:37:29 assar Exp $");
void
domacro(int argc, char **argv)
@ -56,7 +56,7 @@ domacro(int argc, char **argv)
code = -1;
return;
}
strcpy_truncate(line2, line, sizeof(line2));
strlcpy(line2, line, sizeof(line2));
TOP:
cp1 = macros[i].mac_start;
while (cp1 != macros[i].mac_end) {

6
crypto/kerberosIV/appl/ftp/ftp/extern.h
View File

@ -33,7 +33,7 @@
* @(#)extern.h 8.3 (Berkeley) 10/9/94
*/
/* $Id: extern.h,v 1.16 1999/05/21 09:21:51 assar Exp $ */
/* $Id: extern.h,v 1.18 1999/10/28 20:49:10 assar Exp $ */
#include <setjmp.h>
#include <stdlib.h>
@ -62,7 +62,7 @@ void cmdabort (int);
void cmdscanner (int);
int command (char *fmt, ...);
int confirm (char *, char *);
FILE *dataconn (char *);
FILE *dataconn (const char *);
void delete (int, char **);
void disconnect (int, char **);
void do_chmod (int, char **);
@ -80,7 +80,7 @@ int getreply (int);
int globulize (char **);
char *gunique (char *);
void help (int, char **);
char *hookup (char *, int);
char *hookup (const char *, int);
void ftp_idle (int, char **);
int initconn (void);
void intr (int);

534
crypto/kerberosIV/appl/ftp/ftp/ftp.c
View File

@ -32,16 +32,19 @@
*/
#include "ftp_locl.h"
RCSID ("$Id: ftp.c,v 1.55 1999/06/02 20:12:22 joda Exp $");
RCSID ("$Id: ftp.c,v 1.60 1999/10/28 19:32:17 assar Exp $");
struct sockaddr_in hisctladdr;
struct sockaddr_in data_addr;
struct sockaddr_storage hisctladdr_ss;
struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss;
struct sockaddr_storage data_addr_ss;
struct sockaddr *data_addr = (struct sockaddr *)&data_addr_ss;
struct sockaddr_storage myctladdr_ss;
struct sockaddr *myctladdr = (struct sockaddr *)&myctladdr_ss;
int data = -1;
int abrtflag = 0;
jmp_buf ptabort;
int ptabflg;
int ptflag = 0;
struct sockaddr_in myctladdr;
off_t restart_point = 0;
@ -50,77 +53,76 @@ FILE *cin, *cout;
typedef void (*sighand) (int);
char *
hookup (char *host, int port)
hookup (const char *host, int port)
{
struct hostent *hp = 0;
struct hostent *hp = NULL;
int s, len;
static char hostnamebuf[MaxHostNameLen];
int error;
int af;
char **h;
int ret;
memset (&hisctladdr, 0, sizeof (hisctladdr));
if (inet_aton (host, &hisctladdr.sin_addr)) {
hisctladdr.sin_family = AF_INET;
strcpy_truncate (hostnamebuf, host, sizeof (hostnamebuf));
} else {
hp = gethostbyname (host);
if (hp == NULL) {
warnx("%s: %s", host, hstrerror(h_errno));
code = -1;
return NULL;
}
hisctladdr.sin_family = hp->h_addrtype;
memmove(&hisctladdr.sin_addr,
hp->h_addr_list[0],
sizeof(hisctladdr.sin_addr));
strcpy_truncate (hostnamebuf, hp->h_name, sizeof (hostnamebuf));
}
hostname = hostnamebuf;
s = socket (hisctladdr.sin_family, SOCK_STREAM, 0);
if (s < 0) {
warn ("socket");
#ifdef HAVE_IPV6
if (hp == NULL)
hp = getipnodebyname (host, AF_INET6, 0, &error);
#endif
if (hp == NULL)
hp = getipnodebyname (host, AF_INET, 0, &error);
if (hp == NULL) {
warnx ("%s: %s", host, hstrerror(error));
code = -1;
return (0);
return NULL;
}
hisctladdr.sin_port = port;
while (connect (s, (struct sockaddr *) & hisctladdr, sizeof (hisctladdr)) < 0) {
if (hp && hp->h_addr_list[1]) {
int oerrno = errno;
char *ia;
strlcpy (hostnamebuf, hp->h_name, sizeof(hostnamebuf));
hostname = hostnamebuf;
af = hisctladdr->sa_family = hp->h_addrtype;
ia = inet_ntoa (hisctladdr.sin_addr);
errno = oerrno;
warn ("connect to address %s", ia);
hp->h_addr_list++;
memmove (&hisctladdr.sin_addr,
hp->h_addr_list[0],
sizeof (hisctladdr.sin_addr));
fprintf (stdout, "Trying %s...\n",
inet_ntoa (hisctladdr.sin_addr));
for (h = hp->h_addr_list;
*h != NULL;
++h) {
s = socket (af, SOCK_STREAM, 0);
if (s < 0) {
warn ("socket");
code = -1;
freehostent (hp);
return (0);
}
socket_set_address_and_port (hisctladdr, *h, port);
ret = connect (s, hisctladdr, socket_sockaddr_size(hisctladdr));
if (ret < 0) {
char addr[256];
if (inet_ntop (af, socket_get_address(hisctladdr),
addr, sizeof(addr)) == NULL)
strlcpy (addr, "unknown address",
sizeof(addr));
warn ("connect %s", addr);
close (s);
s = socket (hisctladdr.sin_family, SOCK_STREAM, 0);
if (s < 0) {
warn ("socket");
code = -1;
return (0);
}
continue;
}
warn ("connect");
code = -1;
goto bad;
break;
}
len = sizeof (myctladdr);
if (getsockname (s, (struct sockaddr *) & myctladdr, &len) < 0) {
freehostent (hp);
if (ret < 0) {
code = -1;
close (s);
return NULL;
}
len = sizeof(myctladdr_ss);
if (getsockname (s, myctladdr, &len) < 0) {
warn ("getsockname");
code = -1;
goto bad;
}
#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
{
int tos = IPTOS_LOWDELAY;
if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0)
warn("setsockopt TOS (ignored)");
close (s);
return NULL;
}
#ifdef IPTOS_LOWDELAY
socket_set_tos (s, IPTOS_LOWDELAY);
#endif
cin = fdopen (s, "r");
cout = fdopen (s, "w");
@ -198,7 +200,7 @@ login (char *host)
else
user = tmp;
}
strcpy_truncate(username, user, sizeof(username));
strlcpy(username, user, sizeof(username));
n = command("USER %s", user);
if (n == CONTINUE) {
if(sec_complete)
@ -238,7 +240,7 @@ login (char *host)
return (1);
for (n = 0; n < macnum; ++n) {
if (!strcmp("init", macros[n].mac_name)) {
strcpy_truncate (line, "$init", sizeof (line));
strlcpy (line, "$init", sizeof (line));
makeargv();
domacro(margc, margv);
break;
@ -375,7 +377,7 @@ getreply (int expecteof)
osa.sa_handler != SIG_IGN)
osa.sa_handler (SIGINT);
#endif
if (code == 227) {
if (code == 227 || code == 229) {
char *p, *q;
pasv[0] = 0;
@ -565,6 +567,11 @@ copy_stream (FILE * from, FILE * to)
#endif
if (fstat (fileno (from), &st) == 0 && S_ISREG (st.st_mode)) {
/*
* mmap zero bytes has potential of loosing, don't do it.
*/
if (st.st_size == 0)
return 0;
chunk = mmap (0, st.st_size, PROT_READ, MAP_SHARED, fileno (from), 0);
if (chunk != (void *) MAP_FAILED) {
int res;
@ -1120,6 +1127,225 @@ recvrequest (char *cmd, char *local, char *remote,
signal (SIGINT, oldintr);
}
static int
parse_epsv (const char *str)
{
char sep;
char *end;
int port;
if (*str == '\0')
return -1;
sep = *str++;
if (sep != *str++)
return -1;
if (sep != *str++)
return -1;
port = strtol (str, &end, 0);
if (str == end)
return -1;
if (end[0] != sep || end[1] != '\0')
return -1;
return htons(port);
}
static int
parse_pasv (struct sockaddr_in *sin, const char *str)
{
int a0, a1, a2, a3, p0, p1;
/*
* What we've got at this point is a string of comma separated
* one-byte unsigned integer values. The first four are the an IP
* address. The fifth is the MSB of the port number, the sixth is the
* LSB. From that we'll prepare a sockaddr_in.
*/
if (sscanf (str, "%d,%d,%d,%d,%d,%d",
&a0, &a1, &a2, &a3, &p0, &p1) != 6) {
printf ("Passive mode address scan failure. "
"Shouldn't happen!\n");
return -1;
}
if (a0 < 0 || a0 > 255 ||
a1 < 0 || a1 > 255 ||
a2 < 0 || a2 > 255 ||
a3 < 0 || a3 > 255 ||
p0 < 0 || p0 > 255 ||
p1 < 0 || p1 > 255) {
printf ("Can't parse passive mode string.\n");
return -1;
}
memset (sin, 0, sizeof(*sin));
sin->sin_family = AF_INET;
sin->sin_addr.s_addr = htonl ((a0 << 24) | (a1 << 16) |
(a2 << 8) | a3);
sin->sin_port = htons ((p0 << 8) | p1);
return 0;
}
static int
passive_mode (void)
{
int port;
data = socket (myctladdr->sa_family, SOCK_STREAM, 0);
if (data < 0) {
warn ("socket");
return (1);
}
if (options & SO_DEBUG)
socket_set_debug (data);
if (command ("EPSV") != COMPLETE) {
if (command ("PASV") != COMPLETE) {
printf ("Passive mode refused.\n");
goto bad;
}
}
/*
* Parse the reply to EPSV or PASV
*/
port = parse_epsv (pasv);
if (port > 0) {
data_addr->sa_family = myctladdr->sa_family;
socket_set_address_and_port (data_addr,
socket_get_address (hisctladdr),
port);
} else {
if (parse_pasv ((struct sockaddr_in *)data_addr, pasv) < 0)
goto bad;
}
if (connect (data, data_addr, socket_sockaddr_size (data_addr)) < 0) {
warn ("connect");
goto bad;
}
#ifdef IPTOS_THROUGHPUT
socket_set_tos (data, IPTOS_THROUGHPUT);
#endif
return (0);
bad:
close (data);
data = -1;
sendport = 1;
return (1);
}
static int
active_mode (void)
{
int tmpno = 0;
int len;
int result;
noport:
data_addr->sa_family = myctladdr->sa_family;
socket_set_address_and_port (data_addr, socket_get_address (myctladdr),
sendport ? 0 : socket_get_port (myctladdr));
if (data != -1)
close (data);
data = socket (data_addr->sa_family, SOCK_STREAM, 0);
if (data < 0) {
warn ("socket");
if (tmpno)
sendport = 1;
return (1);
}
if (!sendport)
socket_set_reuseaddr (data, 1);
if (bind (data, data_addr, socket_sockaddr_size (data_addr)) < 0) {
warn ("bind");
goto bad;
}
if (options & SO_DEBUG)
socket_set_debug (data);
len = sizeof (data_addr_ss);
if (getsockname (data, data_addr, &len) < 0) {
warn ("getsockname");
goto bad;
}
if (listen (data, 1) < 0)
warn ("listen");
if (sendport) {
char *cmd;
char addr_str[256];
int inet_af;
int overbose;
if (inet_ntop (data_addr->sa_family, socket_get_address (data_addr),
addr_str, sizeof(addr_str)) == NULL)
errx (1, "inet_ntop failed");
switch (data_addr->sa_family) {
case AF_INET :
inet_af = 1;
break;
#ifdef HAVE_IPV6
case AF_INET6 :
inet_af = 2;
break;
#endif
default :
errx (1, "bad address family %d", data_addr->sa_family);
}
asprintf (&cmd, "EPRT |%d|%s|%d|",
inet_af, addr_str, ntohs(socket_get_port (data_addr)));
overbose = verbose;
if (debug == 0)
verbose = -1;
result = command (cmd);
verbose = overbose;
if (result == ERROR) {
struct sockaddr_in *sin = (struct sockaddr_in *)data_addr;
unsigned int a = ntohl(sin->sin_addr.s_addr);
unsigned int p = ntohs(sin->sin_port);
if (data_addr->sa_family != AF_INET) {
warnx ("remote server doesn't support EPRT");
goto bad;
}
result = command("PORT %d,%d,%d,%d,%d,%d",
(a >> 24) & 0xff,
(a >> 16) & 0xff,
(a >> 8) & 0xff,
a & 0xff,
(p >> 8) & 0xff,
p & 0xff);
if (result == ERROR && sendport == -1) {
sendport = 0;
tmpno = 1;
goto noport;
}
return (result != COMPLETE);
}
return result != COMPLETE;
}
if (tmpno)
sendport = 1;
#ifdef IPTOS_THROUGHPUT
socket_set_tos (data, IPTOS_THROUGHPUT);
#endif
return (0);
bad:
close (data);
data = -1;
if (tmpno)
sendport = 1;
return (1);
}
/*
* Need to start a listen on the data channel before we send the command,
* otherwise the server's connect may fail.
@ -1127,147 +1353,23 @@ recvrequest (char *cmd, char *local, char *remote,
int
initconn (void)
{
int result, len, tmpno = 0;
int on = 1;
int a0, a1, a2, a3, p0, p1;
if (passivemode) {
data = socket (AF_INET, SOCK_STREAM, 0);
if (data < 0) {
perror ("ftp: socket");
return (1);
}
#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
if ((options & SO_DEBUG) &&
setsockopt (data, SOL_SOCKET, SO_DEBUG, (char *) &on,
sizeof (on)) < 0)
perror ("ftp: setsockopt (ignored)");
#endif
if (command ("PASV") != COMPLETE) {
printf ("Passive mode refused.\n");
goto bad;
}
/*
* What we've got at this point is a string of comma separated
* one-byte unsigned integer values. The first four are the an IP
* address. The fifth is the MSB of the port number, the sixth is the
* LSB. From that we'll prepare a sockaddr_in.
*/
if (sscanf (pasv, "%d,%d,%d,%d,%d,%d",
&a0, &a1, &a2, &a3, &p0, &p1) != 6) {
printf ("Passive mode address scan failure. "
"Shouldn't happen!\n");
goto bad;
}
if (a0 < 0 || a0 > 255 ||
a1 < 0 || a1 > 255 ||
a2 < 0 || a2 > 255 ||
a3 < 0 || a3 > 255 ||
p0 < 0 || p0 > 255 ||
p1 < 0 || p1 > 255) {
printf ("Can't parse passive mode string.\n");
goto bad;
}
memset(&data_addr, 0, sizeof(data_addr));
data_addr.sin_family = AF_INET;
data_addr.sin_addr.s_addr = htonl ((a0 << 24) | (a1 << 16) |
(a2 << 8) | a3);
data_addr.sin_port = htons ((p0 << 8) | p1);
if (connect (data, (struct sockaddr *) & data_addr,
sizeof (data_addr)) < 0) {
perror ("ftp: connect");
goto bad;
}
#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
on = IPTOS_THROUGHPUT;
if (setsockopt (data, IPPROTO_IP, IP_TOS, (char *) &on,
sizeof (int)) < 0)
perror ("ftp: setsockopt TOS (ignored)");
#endif
return (0);
}
noport:
data_addr = myctladdr;
if (sendport)
data_addr.sin_port = 0; /* let system pick one */
if (data != -1)
close (data);
data = socket (AF_INET, SOCK_STREAM, 0);
if (data < 0) {
warn ("socket");
if (tmpno)
sendport = 1;
return (1);
}
#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
if (!sendport)
if (setsockopt (data, SOL_SOCKET, SO_REUSEADDR, (char *) &on, sizeof (on)) < 0) {
warn ("setsockopt (reuse address)");
goto bad;
}
#endif
if (bind (data, (struct sockaddr *) & data_addr, sizeof (data_addr)) < 0) {
warn ("bind");
goto bad;
}
#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
if (options & SO_DEBUG &&
setsockopt (data, SOL_SOCKET, SO_DEBUG, (char *) &on, sizeof (on)) < 0)
warn ("setsockopt (ignored)");
#endif
len = sizeof (data_addr);
if (getsockname (data, (struct sockaddr *) & data_addr, &len) < 0) {
warn ("getsockname");
goto bad;
}
if (listen (data, 1) < 0)
warn ("listen");
if (sendport) {
unsigned int a = ntohl(data_addr.sin_addr.s_addr);
unsigned int p = ntohs(data_addr.sin_port);
result = command("PORT %d,%d,%d,%d,%d,%d",
(a >> 24) & 0xff,
(a >> 16) & 0xff,
(a >> 8) & 0xff,
a & 0xff,
(p >> 8) & 0xff,
p & 0xff);
if (result == ERROR && sendport == -1) {
sendport = 0;
tmpno = 1;
goto noport;
}
return (result != COMPLETE);
}
if (tmpno)
sendport = 1;
#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
on = IPTOS_THROUGHPUT;
if (setsockopt (data, IPPROTO_IP, IP_TOS, (char *) &on, sizeof (int)) < 0)
warn ("setsockopt TOS (ignored)");
#endif
return (0);
bad:
close (data), data = -1;
if (tmpno)
sendport = 1;
return (1);
if (passivemode)
return passive_mode ();
else
return active_mode ();
}
FILE *
dataconn (char *lmode)
dataconn (const char *lmode)
{
struct sockaddr_in from;
int s, fromlen = sizeof (from), tos;
struct sockaddr_storage from_ss;
struct sockaddr *from = (struct sockaddr *)&from_ss;
int s, fromlen = sizeof (from_ss);
if (passivemode)
return (fdopen (data, lmode));
s = accept (data, (struct sockaddr *) & from, &fromlen);
s = accept (data, from, &fromlen);
if (s < 0) {
warn ("accept");
close (data), data = -1;
@ -1275,10 +1377,8 @@ dataconn (char *lmode)
}
close (data);
data = s;
#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT)
tos = IPTOS_THROUGHPUT;
if (setsockopt (s, IPPROTO_IP, IP_TOS, (char *) &tos, sizeof (int)) < 0)
warn ("setsockopt TOS (ignored)");
#ifdef IPTOS_THROUGHPUT
socket_set_tos (s, IPTOS_THROUGHPUT);
#endif
return (fdopen (data, lmode));
}
@ -1334,8 +1434,8 @@ pswitch (int flag)
static struct comvars {
int connect;
char name[MaxHostNameLen];
struct sockaddr_in mctl;
struct sockaddr_in hctl;
struct sockaddr_storage mctl;
struct sockaddr_storage hctl;
FILE *in;
FILE *out;
int tpe;
@ -1371,14 +1471,14 @@ pswitch (int flag)
ip->connect = connected;
connected = op->connect;
if (hostname) {
strcpy_truncate (ip->name, hostname, sizeof (ip->name));
strlcpy (ip->name, hostname, sizeof (ip->name));
} else
ip->name[0] = 0;
hostname = op->name;
ip->hctl = hisctladdr;
hisctladdr = op->hctl;
ip->mctl = myctladdr;
myctladdr = op->mctl;
ip->hctl = hisctladdr_ss;
hisctladdr_ss = op->hctl;
ip->mctl = myctladdr_ss;
myctladdr_ss = op->mctl;
ip->in = cin;
cin = op->in;
ip->out = cout;
@ -1397,16 +1497,16 @@ pswitch (int flag)
mcase = op->mcse;
ip->ntflg = ntflag;
ntflag = op->ntflg;
strcpy_truncate (ip->nti, ntin, sizeof (ip->nti));
strcpy_truncate (ntin, op->nti, 17);
strcpy_truncate (ip->nto, ntout, sizeof (ip->nto));
strcpy_truncate (ntout, op->nto, 17);
strlcpy (ip->nti, ntin, sizeof (ip->nti));
strlcpy (ntin, op->nti, 17);
strlcpy (ip->nto, ntout, sizeof (ip->nto));
strlcpy (ntout, op->nto, 17);
ip->mapflg = mapflag;
mapflag = op->mapflg;
strcpy_truncate (ip->mi, mapin, MaxPathLen);
strcpy_truncate (mapin, op->mi, MaxPathLen);
strcpy_truncate (ip->mo, mapout, MaxPathLen);
strcpy_truncate (mapout, op->mo, MaxPathLen);
strlcpy (ip->mi, mapin, MaxPathLen);
strlcpy (mapin, op->mi, MaxPathLen);
strlcpy (ip->mo, mapout, MaxPathLen);
strlcpy (mapout, op->mo, MaxPathLen);
signal(SIGINT, oldintr);
if (abrtflag) {
abrtflag = 0;
@ -1580,7 +1680,7 @@ gunique (char *local)
warn ("local: %s", local);
return NULL;
}
strcpy_truncate (new, local, sizeof(new));
strlcpy (new, local, sizeof(new));
cp = new + strlen(new);
*cp++ = '.';
while (!d) {

9
crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -36,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: ftp_locl.h,v 1.33 1998/06/13 00:06:40 assar Exp $ */
/* $Id: ftp_locl.h,v 1.34 1999/12/02 16:58:29 joda Exp $ */
#ifndef __FTP_LOCL_H__
#define __FTP_LOCL_H__

89
crypto/kerberosIV/appl/ftp/ftp/gssapi.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -43,7 +38,7 @@
#endif
#include <gssapi.h>
RCSID("$Id: gssapi.c,v 1.7 1999/04/10 15:08:39 assar Exp $");
RCSID("$Id: gssapi.c,v 1.13 1999/12/02 16:58:29 joda Exp $");
struct gss_data {
gss_ctx_id_t context_hdl;
@ -117,6 +112,36 @@ gss_encode(void *app_data, void *from, int length, int level, void **to)
return output.length;
}
static void
sockaddr_to_gss_address (const struct sockaddr *sa,
OM_uint32 *addr_type,
gss_buffer_desc *gss_addr)
{
switch (sa->sa_family) {
#ifdef HAVE_IPV6
case AF_INET6 : {
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
gss_addr->length = 16;
gss_addr->value = &sin6->sin6_addr;
*addr_type = GSS_C_AF_INET6;
break;
}
#endif
case AF_INET : {
struct sockaddr_in *sin = (struct sockaddr_in *)sa;
gss_addr->length = 4;
gss_addr->value = &sin->sin_addr;
*addr_type = GSS_C_AF_INET;
break;
}
default :
errx (1, "unknown address family %d", sa->sa_family);
}
}
/* end common stuff */
#ifdef FTP_SERVER
@ -131,12 +156,13 @@ gss_adat(void *app_data, void *buf, size_t len)
struct gss_data *d = app_data;
gss_channel_bindings_t bindings = malloc(sizeof(*bindings));
bindings->initiator_addrtype = GSS_C_AF_INET;
bindings->initiator_address.length = 4;
bindings->initiator_address.value = &his_addr.sin_addr;
bindings->acceptor_addrtype = GSS_C_AF_INET;
bindings->acceptor_address.length = 4;
bindings->acceptor_address.value = &ctrl_addr.sin_addr;
sockaddr_to_gss_address (his_addr,
&bindings->initiator_addrtype,
&bindings->initiator_address);
sockaddr_to_gss_address (ctrl_addr,
&bindings->acceptor_addrtype,
&bindings->acceptor_address);
bindings->application_data.length = 0;
bindings->application_data.value = NULL;
@ -216,7 +242,7 @@ struct sec_server_mech gss_server_mech = {
#else /* FTP_SERVER */
extern struct sockaddr_in hisctladdr, myctladdr;
extern struct sockaddr *hisctladdr, *myctladdr;
static int
gss_auth(void *app_data, char *host)
@ -237,6 +263,23 @@ gss_auth(void *app_data, char *host)
&name,
GSS_C_NT_HOSTBASED_SERVICE,
&target_name);
if (GSS_ERROR(maj_stat)) {
OM_uint32 new_stat;
OM_uint32 msg_ctx = 0;
gss_buffer_desc status_string;
gss_display_status(&new_stat,
min_stat,
GSS_C_MECH_CODE,
GSS_C_NO_OID,
&msg_ctx,
&status_string);
printf("Error importing name %s: %s\n",
(char *)name.value,
(char *)status_string.value);
gss_release_buffer(&new_stat, &status_string);
return AUTH_ERROR;
}
free(name.value);
@ -244,12 +287,14 @@ gss_auth(void *app_data, char *host)
input.value = NULL;
bindings = malloc(sizeof(*bindings));
bindings->initiator_addrtype = GSS_C_AF_INET;
bindings->initiator_address.length = 4;
bindings->initiator_address.value = &myctladdr.sin_addr;
bindings->acceptor_addrtype = GSS_C_AF_INET;
bindings->acceptor_address.length = 4;
bindings->acceptor_address.value = &hisctladdr.sin_addr;
sockaddr_to_gss_address (myctladdr,
&bindings->initiator_addrtype,
&bindings->initiator_address);
sockaddr_to_gss_address (hisctladdr,
&bindings->acceptor_addrtype,
&bindings->acceptor_address);
bindings->application_data.length = 0;
bindings->application_data.value = NULL;
@ -268,8 +313,8 @@ gss_auth(void *app_data, char *host)
NULL,
NULL);
if (GSS_ERROR(maj_stat)) {
int new_stat;
int msg_ctx = 0;
OM_uint32 new_stat;
OM_uint32 msg_ctx = 0;
gss_buffer_desc status_string;
gss_display_status(&new_stat,

20
crypto/kerberosIV/appl/ftp/ftp/kauth.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* Copyright (c) 1995-1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -38,7 +33,7 @@
#include "ftp_locl.h"
#include <krb.h>
RCSID("$Id: kauth.c,v 1.17 1998/03/26 02:55:38 joda Exp $");
RCSID("$Id: kauth.c,v 1.20 1999/12/02 16:58:29 joda Exp $");
void
kauth(int argc, char **argv)
@ -54,6 +49,8 @@ kauth(int argc, char **argv)
char passwd[100];
int tmp;
int save;
if(argc > 2){
printf("usage: %s [principal]\n", argv[0]);
code = -1;
@ -67,9 +64,11 @@ kauth(int argc, char **argv)
overbose = verbose;
verbose = 0;
save = set_command_prot(prot_private);
ret = command("SITE KAUTH %s", name);
if(ret != CONTINUE){
verbose = overbose;
set_command_prot(save);
code = -1;
return;
}
@ -77,6 +76,7 @@ kauth(int argc, char **argv)
p = strstr(reply_string, "T=");
if(!p){
printf("Bad reply from server.\n");
set_command_prot(save);
code = -1;
return;
}
@ -84,6 +84,7 @@ kauth(int argc, char **argv)
tmp = base64_decode(p, &tkt.dat);
if(tmp < 0){
printf("Failed to decode base64 in reply.\n");
set_command_prot(save);
code = -1;
return;
}
@ -94,6 +95,7 @@ kauth(int argc, char **argv)
if(!p){
printf("Bad reply from server.\n");
verbose = overbose;
set_command_prot(save);
code = -1;
return;
}
@ -124,12 +126,14 @@ kauth(int argc, char **argv)
memset(passwd, 0, sizeof(passwd));
if(base64_encode(tktcopy.dat, tktcopy.length, &p) < 0) {
printf("Out of memory base64-encoding.\n");
set_command_prot(save);
code = -1;
return;
}
memset (tktcopy.dat, 0, tktcopy.length);
ret = command("SITE KAUTH %s %s", name, p);
free(p);
set_command_prot(save);
if(ret != COMPLETE){
code = -1;
return;

91
crypto/kerberosIV/appl/ftp/ftp/krb4.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -43,7 +38,7 @@
#endif
#include <krb.h>
RCSID("$Id: krb4.c,v 1.30 1999/06/15 03:50:28 assar Exp $");
RCSID("$Id: krb4.c,v 1.36.2.1 1999/12/06 17:29:45 assar Exp $");
#ifdef FTP_SERVER
#define LOCAL_ADDR ctrl_addr
@ -52,7 +47,8 @@ RCSID("$Id: krb4.c,v 1.30 1999/06/15 03:50:28 assar Exp $");
#define LOCAL_ADDR myctladdr
#define REMOTE_ADDR hisctladdr
#endif
extern struct sockaddr_in LOCAL_ADDR, REMOTE_ADDR;
extern struct sockaddr *LOCAL_ADDR, *REMOTE_ADDR;
struct krb4_data {
des_cblock key;
@ -78,11 +74,15 @@ krb4_decode(void *app_data, void *buf, int len, int level)
struct krb4_data *d = app_data;
if(level == prot_safe)
e = krb_rd_safe(buf, len, &d->key, &REMOTE_ADDR, &LOCAL_ADDR, &m);
e = krb_rd_safe(buf, len, &d->key,
(struct sockaddr_in *)REMOTE_ADDR,
(struct sockaddr_in *)LOCAL_ADDR, &m);
else
e = krb_rd_priv(buf, len, d->schedule, &d->key,
&REMOTE_ADDR, &LOCAL_ADDR, &m);
(struct sockaddr_in *)REMOTE_ADDR,
(struct sockaddr_in *)LOCAL_ADDR, &m);
if(e){
syslog(LOG_ERR, "krb4_decode: %s", krb_get_err_text(e));
return -1;
}
memmove(buf, m.app_data, m.app_length);
@ -102,10 +102,12 @@ krb4_encode(void *app_data, void *from, int length, int level, void **to)
*to = malloc(length + 31);
if(level == prot_safe)
return krb_mk_safe(from, *to, length, &d->key,
&LOCAL_ADDR, &REMOTE_ADDR);
(struct sockaddr_in *)LOCAL_ADDR,
(struct sockaddr_in *)REMOTE_ADDR);
else if(level == prot_private)
return krb_mk_priv(from, *to, length, d->schedule, &d->key,
&LOCAL_ADDR, &REMOTE_ADDR);
(struct sockaddr_in *)LOCAL_ADDR,
(struct sockaddr_in *)REMOTE_ADDR);
else
return -1;
}
@ -124,17 +126,18 @@ krb4_adat(void *app_data, void *buf, size_t len)
int tmp_len;
struct krb4_data *d = app_data;
char inst[INST_SZ];
struct sockaddr_in *his_addr_sin = (struct sockaddr_in *)his_addr;
memcpy(tkt.dat, buf, len);
tkt.length = len;
k_getsockinst(0, inst, sizeof(inst));
kerror = krb_rd_req(&tkt, "ftp", inst,
his_addr.sin_addr.s_addr, &auth_dat, "");
his_addr_sin->sin_addr.s_addr, &auth_dat, "");
if(kerror == RD_AP_UNDEC){
k_getsockinst(0, inst, sizeof(inst));
kerror = krb_rd_req(&tkt, "rcmd", inst,
his_addr.sin_addr.s_addr, &auth_dat, "");
his_addr_sin->sin_addr.s_addr, &auth_dat, "");
}
if(kerror){
@ -145,15 +148,17 @@ krb4_adat(void *app_data, void *buf, size_t len)
memcpy(d->key, auth_dat.session, sizeof(d->key));
des_set_key(&d->key, d->schedule);
strcpy_truncate(d->name, auth_dat.pname, sizeof(d->name));
strcpy_truncate(d->instance, auth_dat.pinst, sizeof(d->instance));
strcpy_truncate(d->realm, auth_dat.prealm, sizeof(d->instance));
strlcpy(d->name, auth_dat.pname, sizeof(d->name));
strlcpy(d->instance, auth_dat.pinst, sizeof(d->instance));
strlcpy(d->realm, auth_dat.prealm, sizeof(d->instance));
cs = auth_dat.checksum + 1;
{
unsigned char tmp[4];
KRB_PUT_INT(cs, tmp, 4, sizeof(tmp));
tmp_len = krb_mk_safe(tmp, msg, 4, &d->key, &LOCAL_ADDR, &REMOTE_ADDR);
tmp_len = krb_mk_safe(tmp, msg, 4, &d->key,
(struct sockaddr_in *)LOCAL_ADDR,
(struct sockaddr_in *)REMOTE_ADDR);
}
if(tmp_len < 0){
reply(535, "Error creating reply: %s.", strerror(errno));
@ -204,15 +209,15 @@ mk_auth(struct krb4_data *d, KTEXT adat,
CREDENTIALS cred;
char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ];
strcpy_truncate(sname, service, sizeof(sname));
strcpy_truncate(inst, krb_get_phost(host), sizeof(inst));
strcpy_truncate(realm, krb_realmofhost(host), sizeof(realm));
strlcpy(sname, service, sizeof(sname));
strlcpy(inst, krb_get_phost(host), sizeof(inst));
strlcpy(realm, krb_realmofhost(host), sizeof(realm));
ret = krb_mk_req(adat, sname, inst, realm, checksum);
if(ret)
return ret;
strcpy_truncate(sname, service, sizeof(sname));
strcpy_truncate(inst, krb_get_phost(host), sizeof(inst));
strcpy_truncate(realm, krb_realmofhost(host), sizeof(realm));
strlcpy(sname, service, sizeof(sname));
strlcpy(inst, krb_get_phost(host), sizeof(inst));
strlcpy(realm, krb_realmofhost(host), sizeof(realm));
ret = krb_get_cred(sname, inst, realm, &cred);
memmove(&d->key, &cred.session, sizeof(des_cblock));
des_key_sched(&d->key, d->schedule);
@ -231,6 +236,8 @@ krb4_auth(void *app_data, char *host)
int checksum;
u_int32_t cs;
struct krb4_data *d = app_data;
struct sockaddr_in *localaddr = (struct sockaddr_in *)LOCAL_ADDR;
struct sockaddr_in *remoteaddr = (struct sockaddr_in *)REMOTE_ADDR;
checksum = getpid();
ret = mk_auth(d, &adat, "ftp", host, checksum);
@ -241,7 +248,38 @@ krb4_auth(void *app_data, char *host)
return AUTH_CONTINUE;
}
if(base64_encode(adat.dat, adat.length, &p) < 0) {
#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
if (krb_get_config_bool("nat_in_use")) {
struct in_addr natAddr;
if (krb_get_our_ip_for_realm(krb_realmofhost(host),
&natAddr) != KSUCCESS
&& krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS)
printf("Can't get address for realm %s\n",
krb_realmofhost(host));
else {
if (natAddr.s_addr != localaddr->sin_addr.s_addr) {
printf("Using NAT IP address (%s) for kerberos 4\n",
inet_ntoa(natAddr));
localaddr->sin_addr = natAddr;
/*
* This not the best place to do this, but it
* is here we know that (probably) NAT is in
* use!
*/
passivemode = 1;
printf("Setting: Passive mode on.\n");
}
}
}
#endif
printf("Local address is %s\n", inet_ntoa(localaddr->sin_addr));
printf("Remote address is %s\n", inet_ntoa(remoteaddr->sin_addr));
if(base64_encode(adat.dat, adat.length, &p) < 0) {
printf("Out of memory base64-encoding.\n");
return AUTH_CONTINUE;
}
@ -266,7 +304,8 @@ krb4_auth(void *app_data, char *host)
}
adat.length = len;
ret = krb_rd_safe(adat.dat, adat.length, &d->key,
&hisctladdr, &myctladdr, &msg_data);
(struct sockaddr_in *)hisctladdr,
(struct sockaddr_in *)myctladdr, &msg_data);
if(ret){
printf("Error reading reply from server: %s.\n",
krb_get_err_text(ret));

8
crypto/kerberosIV/appl/ftp/ftp/main.c
View File

@ -36,7 +36,7 @@
*/
#include "ftp_locl.h"
RCSID("$Id: main.c,v 1.25 1999/05/08 02:22:09 assar Exp $");
RCSID("$Id: main.c,v 1.27 1999/11/13 06:18:02 assar Exp $");
int
main(int argc, char **argv)
@ -56,7 +56,7 @@ main(int argc, char **argv)
autologin = 1;
passivemode = 0; /* passive mode not active */
while ((ch = getopt(argc, argv, "dginptv")) != EOF) {
while ((ch = getopt(argc, argv, "dginptv")) != -1) {
switch (ch) {
case 'd':
options |= SO_DEBUG;
@ -107,7 +107,7 @@ main(int argc, char **argv)
*/
pw = k_getpwuid(getuid());
if (pw != NULL) {
strcpy_truncate(homedir, pw->pw_dir, sizeof(homedir));
strlcpy(homedir, pw->pw_dir, sizeof(homedir));
home = homedir;
}
if (argc > 0) {
@ -246,7 +246,7 @@ cmdscanner(int top)
p = readline("ftp> ");
if(p == NULL)
quit(0, 0);
strcpy_truncate(line, p, sizeof(line));
strlcpy(line, p, sizeof(line));
add_history(p);
free(p);
} else{

8
crypto/kerberosIV/appl/ftp/ftp/ruserpass.c
View File

@ -32,7 +32,7 @@
*/
#include "ftp_locl.h"
RCSID("$Id: ruserpass.c,v 1.15 1999/03/11 13:54:58 joda Exp $");
RCSID("$Id: ruserpass.c,v 1.16 1999/09/16 20:37:31 assar Exp $");
static int token (void);
static FILE *cfile;
@ -77,7 +77,7 @@ guess_domain (char *hostname, size_t sz)
char **aliases;
if (gethostname (hostname, sz) < 0) {
strcpy_truncate (hostname, "", sz);
strlcpy (hostname, "", sz);
return "";
}
dot = strchr (hostname, '.');
@ -90,13 +90,13 @@ guess_domain (char *hostname, size_t sz)
dot = strchr (he->h_name, '.');
if (dot != NULL) {
strcpy_truncate (hostname, he->h_name, sz);
strlcpy (hostname, he->h_name, sz);
return dot + 1;
}
for (aliases = he->h_aliases; (a = *aliases) != NULL; ++aliases) {
dot = strchr (a, '.');
if (dot != NULL) {
strcpy_truncate (hostname, a, sz);
strlcpy (hostname, a, sz);
return dot + 1;
}
}

117
crypto/kerberosIV/appl/ftp/ftp/security.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -42,7 +37,7 @@
#include "ftp_locl.h"
#endif
RCSID("$Id: security.c,v 1.8 1999/04/07 14:16:48 joda Exp $");
RCSID("$Id: security.c,v 1.15 1999/12/02 16:58:30 joda Exp $");
static enum protection_level command_prot;
static enum protection_level data_prot;
@ -127,7 +122,7 @@ sec_getc(FILE *F)
{
if(sec_complete && data_prot) {
char c;
if(sec_read(fileno(F), &c, 1) == 0)
if(sec_read(fileno(F), &c, 1) <= 0)
return EOF;
return c;
} else
@ -141,7 +136,9 @@ block_read(int fd, void *buf, size_t len)
int b;
while(len) {
b = read(fd, p, len);
if(b <= 0)
if (b == 0)
return 0;
else if (b < 0)
return -1;
len -= b;
p += b;
@ -168,12 +165,19 @@ static int
sec_get_data(int fd, struct buffer *buf, int level)
{
int len;
if(block_read(fd, &len, sizeof(len)) < 0)
int b;
b = block_read(fd, &len, sizeof(len));
if (b == 0)
return 0;
else if (b < 0)
return -1;
len = ntohl(len);
buf->data = realloc(buf->data, len);
if(block_read(fd, buf->data, len) < 0)
b = block_read(fd, buf->data, len);
if (b == 0)
return 0;
else if (b < 0)
return -1;
buf->size = (*mech->decode)(app_data, buf->data, len, data_prot);
buf->index = 0;
@ -291,6 +295,32 @@ sec_write(int fd, char *data, int length)
return tx;
}
int
sec_vfprintf2(FILE *f, const char *fmt, va_list ap)
{
char *buf;
int ret;
if(data_prot == prot_clear)
return vfprintf(f, fmt, ap);
else {
vasprintf(&buf, fmt, ap);
ret = buffer_write(&out_buffer, buf, strlen(buf));
free(buf);
return ret;
}
}
int
sec_fprintf2(FILE *f, const char *fmt, ...)
{
int ret;
va_list ap;
va_start(ap, fmt);
ret = sec_vfprintf2(f, fmt, ap);
va_end(ap);
return ret;
}
int
sec_putc(int c, FILE *F)
{
@ -547,6 +577,12 @@ secure_command(void)
return ftp_command != NULL;
}
enum protection_level
get_command_prot(void)
{
return command_prot;
}
#else /* FTP_SERVER */
void
@ -603,30 +639,30 @@ sec_prot_internal(int level)
return 0;
}
enum protection_level
set_command_prot(enum protection_level level)
{
enum protection_level old = command_prot;
command_prot = level;
return old;
}
void
sec_prot(int argc, char **argv)
{
int level = -1;
if(argc != 2){
printf("usage: %s (clear | safe | confidential | private)\n",
argv[0]);
code = -1;
return;
}
if(!sec_complete){
if(argc < 2 || argc > 3)
goto usage;
if(!sec_complete) {
printf("No security data exchange has taken place.\n");
code = -1;
return;
}
level = name_to_level(argv[1]);
level = name_to_level(argv[argc - 1]);
if(level == -1){
printf("usage: %s (clear | safe | confidential | private)\n",
argv[0]);
code = -1;
return;
}
if(level == -1)
goto usage;
if((*mech->check_prot)(app_data, level)) {
printf("%s does not implement %s protection.\n",
@ -635,11 +671,21 @@ sec_prot(int argc, char **argv)
return;
}
if(sec_prot_internal(level) < 0){
code = -1;
return;
}
if(argc == 2 || strncasecmp(argv[1], "data", strlen(argv[1])) == 0) {
if(sec_prot_internal(level) < 0){
code = -1;
return;
}
} else if(strncasecmp(argv[1], "command", strlen(argv[1])) == 0)
set_command_prot(level);
else
goto usage;
code = 0;
return;
usage:
printf("usage: %s [command|data] [clear|safe|confidential|private]\n",
argv[0]);
code = -1;
}
static enum protection_level request_data_prot;
@ -673,7 +719,15 @@ sec_login(char *host)
are usually not very user friendly) */
for(m = mechs; *m && (*m)->name; m++) {
app_data = realloc(app_data, (*m)->size);
void *tmp;
tmp = realloc(app_data, (*m)->size);
if (tmp == NULL) {
warnx ("realloc %u failed", (*m)->size);
return -1;
}
app_data = tmp;
if((*m)->init && (*(*m)->init)(app_data) != 0) {
printf("Skipping %s...\n", (*m)->name);
continue;
@ -721,6 +775,7 @@ sec_end(void)
(*mech->end)(app_data);
memset(app_data, 0, mech->size);
free(app_data);
app_data = NULL;
}
sec_complete = 0;
data_prot = (enum protection_level)0;

15
crypto/kerberosIV/appl/ftp/ftp/security.h
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -36,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: security.h,v 1.3 1999/04/07 14:15:20 joda Exp $ */
/* $Id: security.h,v 1.7 1999/12/02 16:58:30 joda Exp $ */
#ifndef __security_h__
#define __security_h__
@ -105,6 +100,8 @@ int sec_putc (int, FILE *);
int sec_read (int, void *, int);
int sec_read_msg (char *, int);
int sec_vfprintf (FILE *, const char *, va_list);
int sec_fprintf2(FILE *f, const char *fmt, ...);
int sec_vfprintf2(FILE *, const char *, va_list);
int sec_write (int, char *, int);
#ifdef FTP_SERVER
@ -118,6 +115,7 @@ void delete_ftp_command (void);
void new_ftp_command (char *);
int sec_userok (char *);
int secure_command (void);
enum protection_level get_command_prot(void);
#else
void sec_end (void);
int sec_login (char *);
@ -125,6 +123,9 @@ void sec_prot (int, char **);
int sec_request_prot (char *);
void sec_set_protection_level (void);
void sec_status (void);
enum protection_level set_command_prot(enum protection_level);
#endif
#endif /* __security_h__ */

3
crypto/kerberosIV/appl/ftp/ftpd/Makefile.am
View File

@ -1,4 +1,4 @@
# $Id: Makefile.am,v 1.19 1999/04/25 13:24:55 assar Exp $
# $Id: Makefile.am,v 1.20 1999/10/03 16:38:53 joda Exp $
include $(top_srcdir)/Makefile.am.common
@ -21,6 +21,7 @@ ftpd_SOURCES = \
ftpd.c \
ftpd_locl.h \
logwtmp.c \
ls.c \
pathnames.h \
popen.c \
security.c \

6
crypto/kerberosIV/appl/ftp/ftpd/Makefile.in
View File

@ -1,5 +1,5 @@
#
# $Id: Makefile.in,v 1.40 1999/03/10 19:01:11 joda Exp $
# $Id: Makefile.in,v 1.41 1999/10/03 16:39:27 joda Exp $
#
srcdir = @srcdir@
@ -47,8 +47,8 @@ LIBROKEN= -L$(LIBTOP)/roken -lroken
PROGS = ftpd$(EXECSUFFIX)
ftpd_SOURCES = ftpd.c ftpcmd.c logwtmp.c popen.c security.c krb4.c kauth.c
ftpd_OBJS = ftpd.o ftpcmd.o logwtmp.o popen.o security.o krb4.o kauth.o
ftpd_SOURCES = ftpd.c ftpcmd.c logwtmp.c ls.c popen.c security.c krb4.c kauth.c
ftpd_OBJS = ftpd.o ftpcmd.o logwtmp.o ls.o popen.o security.o krb4.o kauth.o
SOURCES = $(ftpd_SOURCES)
OBJECTS = $(ftpd_OBJS)

16
crypto/kerberosIV/appl/ftp/ftpd/extern.h
View File

@ -67,6 +67,8 @@ char **copyblk(char **);
void cwd(char *);
void do_delete(char *);
void dologout(int);
void eprt(char *);
void epsv(char *);
void fatal(char *);
int filename_check(char *);
int ftpd_pclose(FILE *);
@ -86,8 +88,8 @@ __attribute__ ((format (printf, 1, 2)))
#endif
;
void pass(char *);
void passive(void);
void perror_reply(int, char *);
void pasv(void);
void perror_reply(int, const char *);
void pwd(void);
void removedir(char *);
void renamecmd(char *, char *);
@ -97,7 +99,7 @@ void reply(int, const char *, ...)
__attribute__ ((format (printf, 2, 3)))
#endif
;
void retrieve(char *, char *);
void retrieve(const char *, char *);
void send_file_list(char *);
void setproctitle(const char *, ...)
#ifdef __GNUC__
@ -111,6 +113,8 @@ void upper(char *);
void user(char *);
void yyerror(char *);
void list_file(char*);
void kauth(char *, char*);
void klist(void);
void cond_kdestroy(void);
@ -121,15 +125,17 @@ void afsunlog(void);
int find(char *);
void builtin_ls(FILE*, const char*);
int do_login(int code, char *passwd);
int klogin(char *name, char *password);
const char *ftp_rooted(const char *path);
extern struct sockaddr_in ctrl_addr, his_addr;
extern struct sockaddr *ctrl_addr, *his_addr;
extern char hostname[];
extern struct sockaddr_in data_dest;
extern struct sockaddr *data_dest;
extern int logged_in;
extern struct passwd *pw;
extern int guest;

134
crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y
View File

@ -43,7 +43,7 @@
%{
#include "ftpd_locl.h"
RCSID("$Id: ftpcmd.y,v 1.48 1999/05/08 02:22:43 assar Exp $");
RCSID("$Id: ftpcmd.y,v 1.56 1999/10/26 11:56:23 assar Exp $");
off_t restart_point;
@ -98,6 +98,7 @@ static int yylex (void);
ABOR DELE CWD LIST NLST SITE
sTAT HELP NOOP MKD RMD PWD
CDUP STOU SMNT SYST SIZE MDTM
EPRT EPSV
UMASK IDLE CHMOD
@ -105,7 +106,9 @@ static int yylex (void);
CONF ENC
KAUTH KLIST KDESTROY KRBTKFILE AFSLOG
FIND URL
LOCATE URL
FEAT OPTS
LEXERR
@ -151,9 +154,23 @@ cmd
}
reply(200, "PORT command successful.");
}
| EPRT SP STRING CRLF
{
eprt ($3);
free ($3);
}
| PASV CRLF
{
passive();
pasv ();
}
| EPSV CRLF
{
epsv (NULL);
}
| EPSV SP STRING CRLF
{
epsv ($3);
free ($3);
}
| TYPE SP type_code CRLF
{
@ -224,24 +241,30 @@ cmd
}
| RETR SP pathname CRLF check_login
{
if ($5 && $3 != NULL)
retrieve(0, $3);
if ($3 != NULL)
free($3);
char *name = $3;
if ($5 && name != NULL)
retrieve(0, name);
if (name != NULL)
free(name);
}
| STOR SP pathname CRLF check_login
{
if ($5 && $3 != NULL)
do_store($3, "w", 0);
if ($3 != NULL)
free($3);
char *name = $3;
if ($5 && name != NULL)
do_store(name, "w", 0);
if (name != NULL)
free(name);
}
| APPE SP pathname CRLF check_login
{
if ($5 && $3 != NULL)
do_store($3, "a", 0);
if ($3 != NULL)
free($3);
char *name = $3;
if ($5 && name != NULL)
do_store(name, "a", 0);
if (name != NULL)
free(name);
}
| NLST CRLF check_login
{
@ -250,33 +273,23 @@ cmd
}
| NLST SP STRING CRLF check_login
{
if ($5 && $3 != NULL)
send_file_list($3);
if ($3 != NULL)
free($3);
char *name = $3;
if ($5 && name != NULL)
send_file_list(name);
if (name != NULL)
free(name);
}
| LIST CRLF check_login
{
#ifdef HAVE_LS_A
char *cmd = "/bin/ls -lA";
#else
char *cmd = "/bin/ls -la";
#endif
if ($3)
retrieve(cmd, "");
if($3)
list_file(".");
}
| LIST SP pathname CRLF check_login
{
#ifdef HAVE_LS_A
char *cmd = "/bin/ls -lA %s";
#else
char *cmd = "/bin/ls -la %s";
#endif
if ($5 && $3 != NULL)
retrieve(cmd, $3);
if ($3 != NULL)
free($3);
if($5)
list_file($3);
free($3);
}
| sTAT SP pathname CRLF check_login
{
@ -388,6 +401,20 @@ cmd
if ($3)
cwd("..");
}
| FEAT CRLF
{
lreply(211, "Supported features:");
lreply(0, " MDTM");
lreply(0, " REST STREAM");
lreply(0, " SIZE");
reply(211, "End");
}
| OPTS SP STRING CRLF
{
free ($3);
reply(501, "Bad options");
}
| SITE SP HELP CRLF
{
help(sitetab, (char *) 0);
@ -522,16 +549,15 @@ cmd
#ifdef KRB4
if(guest)
reply(500, "Can't be done as guest.");
else if($7){
else if($7)
afslog($5);
}
if($5)
free($5);
#else
reply(500, "Command not implemented.");
#endif
}
| SITE SP FIND SP STRING CRLF check_login
| SITE SP LOCATE SP STRING CRLF check_login
{
if($7 && $5 != NULL)
find($5);
@ -696,9 +722,11 @@ host_port
: NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA
NUMBER COMMA NUMBER
{
data_dest.sin_family = AF_INET;
data_dest.sin_port = htons($9 * 256 + $11);
data_dest.sin_addr.s_addr =
struct sockaddr_in *sin = (struct sockaddr_in *)data_dest;
sin->sin_family = AF_INET;
sin->sin_port = htons($9 * 256 + $11);
sin->sin_addr.s_addr =
htonl(($1 << 24) | ($3 << 16) | ($5 << 8) | $7);
}
;
@ -901,7 +929,9 @@ struct tab cmdtab[] = { /* In order defined in RFC 765 */
{ "REIN", REIN, ARGS, 0, "(reinitialize server state)" },
{ "QUIT", QUIT, ARGS, 1, "(terminate service)", },
{ "PORT", PORT, ARGS, 1, "<sp> b0, b1, b2, b3, b4" },
{ "EPRT", EPRT, STR1, 1, "<sp> string" },
{ "PASV", PASV, ARGS, 1, "(set server in passive mode)" },
{ "EPSV", EPSV, OSTR, 1, "[<sp> foo]" },
{ "TYPE", TYPE, ARGS, 1, "<sp> [ A | E | I | L ]" },
{ "STRU", STRU, ARGS, 1, "(specify file structure)" },
{ "MODE", MODE, ARGS, 1, "(specify transfer mode)" },
@ -952,6 +982,10 @@ struct tab cmdtab[] = { /* In order defined in RFC 765 */
{ "CONF", CONF, STR1, 1, "<sp> confidentiality command" },
{ "ENC", ENC, STR1, 1, "<sp> privacy command" },
/* RFC2389 */
{ "FEAT", FEAT, ARGS, 1, "" },
{ "OPTS", OPTS, ARGS, 1, "<sp> command [<sp> options]" },
{ NULL, 0, 0, 0, 0 }
};
@ -967,7 +1001,8 @@ struct tab sitetab[] = {
{ "KRBTKFILE", KRBTKFILE, STR1, 1, "<sp> ticket-file" },
{ "AFSLOG", AFSLOG, OSTR, 1, "[<sp> cell]" },
{ "FIND", FIND, STR1, 1, "<sp> globexpr" },
{ "LOCATE", LOCATE, STR1, 1, "<sp> globexpr" },
{ "FIND", LOCATE, STR1, 1, "<sp> globexpr" },
{ "URL", URL, ARGS, 1, "?" },
@ -996,7 +1031,7 @@ ftpd_getline(char *s, int n)
cs = s;
/* tmpline may contain saved command from urgent mode interruption */
if(ftp_command){
strcpy_truncate(s, ftp_command, n);
strlcpy(s, ftp_command, n);
if (debug)
syslog(LOG_DEBUG, "command: %s", s);
#ifdef XXX
@ -1162,7 +1197,10 @@ yylex(void)
dostr1:
if (cbuf[cpos] == ' ') {
cpos++;
state = state == OSTR ? STR2 : ++state;
if(state == OSTR)
state = STR2;
else
state++;
return (SP);
}
break;
@ -1335,7 +1373,7 @@ help(struct tab *ctab, char *s)
columns = 1;
lines = (NCMDS + columns - 1) / columns;
for (i = 0; i < lines; i++) {
strcpy_truncate (buf, " ", sizeof(buf));
strlcpy (buf, " ", sizeof(buf));
for (j = 0; j < columns; j++) {
c = ctab + j * lines + i;
snprintf (buf + strlen(buf),
@ -1347,13 +1385,13 @@ help(struct tab *ctab, char *s)
break;
w = strlen(c->name) + 1;
while (w < width) {
strcat_truncate (buf,
strlcat (buf,
" ",
sizeof(buf));
w++;
}
}
lreply(214, buf);
lreply(214, "%s", buf);
}
reply(214, "Direct comments to kth-krb-bugs@pdc.kth.se");
return;

16
crypto/kerberosIV/appl/ftp/ftpd/ftpd_locl.h
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -36,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: ftpd_locl.h,v 1.5.2.1 1999/07/22 03:24:42 assar Exp $ */
/* $Id: ftpd_locl.h,v 1.9 1999/12/02 16:58:30 joda Exp $ */
#ifndef __ftpd_locl_h__
#define __ftpd_locl_h__
@ -63,6 +58,9 @@
#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
#include <sys/ioctl.h>
#endif
#ifdef HAVE_SYS_IOCCOM_H
#include <sys/ioccom.h>
#endif
#ifdef TIME_WITH_SYS_TIME
#include <sys/time.h>
#include <time.h>
@ -159,6 +157,10 @@
extern int LIBPREFIX(fclose) (FILE *);
#endif
/* SunOS doesn't have any declaration of fclose */
int fclose(FILE *stream);
int yyparse();
#ifndef LOG_FTP

9
crypto/kerberosIV/appl/ftp/ftpd/gss_userok.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -40,7 +35,7 @@
#include <gssapi.h>
#include <krb5.h>
RCSID("$Id: gss_userok.c,v 1.1 1998/05/12 12:15:22 joda Exp $");
RCSID("$Id: gss_userok.c,v 1.2 1999/12/02 16:58:31 joda Exp $");
/* XXX a bit too much of krb5 dependency here...
What is the correct way to do this?

25
crypto/kerberosIV/appl/ftp/ftpd/kauth.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -38,7 +33,7 @@
#include "ftpd_locl.h"
RCSID("$Id: kauth.c,v 1.22 1999/06/29 21:19:33 bg Exp $");
RCSID("$Id: kauth.c,v 1.25 1999/12/02 16:58:31 joda Exp $");
static KTEXT_ST cip;
static unsigned int lifetime;
@ -85,7 +80,7 @@ store_ticket(KTEXT cip)
return(INTK_BADPW);
/* extract server's name */
strcpy_truncate(sp.name, ptr, sizeof(sp.name));
strlcpy(sp.name, ptr, sizeof(sp.name));
ptr += len + 1;
left -= len + 1;
@ -94,7 +89,7 @@ store_ticket(KTEXT cip)
return(INTK_BADPW);
/* extract server's instance */
strcpy_truncate(sp.instance, ptr, sizeof(sp.instance));
strlcpy(sp.instance, ptr, sizeof(sp.instance));
ptr += len + 1;
left -= len + 1;
@ -103,7 +98,7 @@ store_ticket(KTEXT cip)
return(INTK_BADPW);
/* extract server's realm */
strcpy_truncate(sp.realm, ptr, sizeof(sp.realm));
strlcpy(sp.realm, ptr, sizeof(sp.realm));
ptr += len + 1;
left -= len + 1;
@ -176,6 +171,10 @@ kauth(char *principal, char *ticket)
char *p;
int ret;
if(get_command_prot() != prot_private) {
reply(500, "Request denied (bad protection level)");
return;
}
ret = krb_parse_name(principal, &pr);
if(ret){
reply(500, "Bad principal: %s.", krb_get_err_text(ret));
@ -304,12 +303,12 @@ klist(void)
" Issued", " Expires", " Principal (kvno)");
header = 0;
}
strcpy_truncate(buf1, short_date(c.issue_date), sizeof(buf1));
strlcpy(buf1, short_date(c.issue_date), sizeof(buf1));
c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
if (time(0) < (unsigned long) c.issue_date)
strcpy_truncate(buf2, short_date(c.issue_date), sizeof(buf2));
strlcpy(buf2, short_date(c.issue_date), sizeof(buf2));
else
strcpy_truncate(buf2, ">>> Expired <<< ", sizeof(buf2));
strlcpy(buf2, ">>> Expired <<< ", sizeof(buf2));
lreply(200, "%s %s %s (%d)", buf1, buf2,
krb_unparse_name_long(c.service, c.instance, c.realm), c.kvno);
}

9
crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -38,7 +33,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: logwtmp.c,v 1.13 1999/03/01 09:49:37 joda Exp $");
RCSID("$Id: logwtmp.c,v 1.14 1999/12/02 16:58:31 joda Exp $");
#endif
#include <stdio.h>

572
crypto/kerberosIV/appl/ftp/ftpd/ls.c Normal file
View File

@ -0,0 +1,572 @@
/*
* Copyright (c) 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of KTH nor the names of its contributors may be
* used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
#include "ftpd_locl.h"
RCSID("$Id: ls.c,v 1.13 1999/11/20 20:49:41 assar Exp $");
struct fileinfo {
struct stat st;
int inode;
int bsize;
char mode[11];
int n_link;
char *user;
char *group;
char *size;
char *major;
char *minor;
char *date;
char *filename;
char *link;
};
#define LS_DIRS 1
#define LS_IGNORE_DOT 2
#define LS_SORT_MODE 12
#define SORT_MODE(f) ((f) & LS_SORT_MODE)
#define LS_SORT_NAME 4
#define LS_SORT_MTIME 8
#define LS_SORT_SIZE 12
#define LS_SORT_REVERSE 16
#define LS_SIZE 32
#define LS_INODE 64
#ifndef S_ISTXT
#define S_ISTXT S_ISVTX
#endif
#ifndef S_ISSOCK
#define S_ISSOCK(mode) (((mode) & _S_IFMT) == S_IFSOCK)
#endif
#ifndef S_ISLNK
#define S_ISLNK(mode) (((mode) & _S_IFMT) == S_IFLNK)
#endif
static void
make_fileinfo(const char *filename, struct fileinfo *file, int flags)
{
char buf[128];
struct stat *st = &file->st;
file->inode = st->st_ino;
#ifdef S_BLKSIZE
file->bsize = st->st_blocks * S_BLKSIZE / 1024;
#else
file->bsize = st->st_blocks * 512 / 1024;
#endif
if(S_ISDIR(st->st_mode))
file->mode[0] = 'd';
else if(S_ISCHR(st->st_mode))
file->mode[0] = 'c';
else if(S_ISBLK(st->st_mode))
file->mode[0] = 'b';
else if(S_ISREG(st->st_mode))
file->mode[0] = '-';
else if(S_ISFIFO(st->st_mode))
file->mode[0] = 'p';
else if(S_ISLNK(st->st_mode))
file->mode[0] = 'l';
else if(S_ISSOCK(st->st_mode))
file->mode[0] = 's';
#ifdef S_ISWHT
else if(S_ISWHT(st->st_mode))
file->mode[0] = 'w';
#endif
else
file->mode[0] = '?';
{
char *x[] = { "---", "--x", "-w-", "-wx",
"r--", "r-x", "rw-", "rwx" };
strcpy(file->mode + 1, x[(st->st_mode & S_IRWXU) >> 6]);
strcpy(file->mode + 4, x[(st->st_mode & S_IRWXG) >> 3]);
strcpy(file->mode + 7, x[(st->st_mode & S_IRWXO) >> 0]);
if((st->st_mode & S_ISUID)) {
if((st->st_mode & S_IXUSR))
file->mode[3] = 's';
else
file->mode[3] = 'S';
}
if((st->st_mode & S_ISGID)) {
if((st->st_mode & S_IXGRP))
file->mode[6] = 's';
else
file->mode[6] = 'S';
}
if((st->st_mode & S_ISTXT)) {
if((st->st_mode & S_IXOTH))
file->mode[9] = 't';
else
file->mode[9] = 'T';
}
}
file->n_link = st->st_nlink;
{
struct passwd *pwd;
pwd = getpwuid(st->st_uid);
if(pwd == NULL)
asprintf(&file->user, "%u", (unsigned)st->st_uid);
else
file->user = strdup(pwd->pw_name);
}
{
struct group *grp;
grp = getgrgid(st->st_gid);
if(grp == NULL)
asprintf(&file->group, "%u", (unsigned)st->st_gid);
else
file->group = strdup(grp->gr_name);
}
if(S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode)) {
#if defined(major) && defined(minor)
asprintf(&file->major, "%u", (unsigned)major(st->st_rdev));
asprintf(&file->minor, "%u", (unsigned)minor(st->st_rdev));
#else
/* Don't want to use the DDI/DKI crap. */
asprintf(&file->major, "%u", (unsigned)st->st_rdev);
asprintf(&file->minor, "%u", 0);
#endif
} else
asprintf(&file->size, "%lu", (unsigned long)st->st_size);
{
time_t t = time(NULL);
struct tm *tm = localtime(&st->st_mtime);
if((t - st->st_mtime > 6*30*24*60*60) ||
(st->st_mtime - t > 6*30*24*60*60))
strftime(buf, sizeof(buf), "%b %e %Y", tm);
else
strftime(buf, sizeof(buf), "%b %e %H:%M", tm);
file->date = strdup(buf);
}
{
const char *p = strrchr(filename, '/');
if(p)
p++;
else
p = filename;
file->filename = strdup(p);
}
if(S_ISLNK(st->st_mode)) {
int n;
n = readlink((char *)filename, buf, sizeof(buf));
if(n >= 0) {
buf[n] = '\0';
file->link = strdup(buf);
} else
warn("%s: readlink", filename);
}
}
static void
print_file(FILE *out,
int flags,
struct fileinfo *f,
int max_inode,
int max_bsize,
int max_n_link,
int max_user,
int max_group,
int max_size,
int max_major,
int max_minor,
int max_date)
{
if(f->filename == NULL)
return;
if(flags & LS_INODE) {
sec_fprintf2(out, "%*d", max_inode, f->inode);
sec_fprintf2(out, " ");
}
if(flags & LS_SIZE) {
sec_fprintf2(out, "%*d", max_bsize, f->bsize);
sec_fprintf2(out, " ");
}
sec_fprintf2(out, "%s", f->mode);
sec_fprintf2(out, " ");
sec_fprintf2(out, "%*d", max_n_link, f->n_link);
sec_fprintf2(out, " ");
sec_fprintf2(out, "%-*s", max_user, f->user);
sec_fprintf2(out, " ");
sec_fprintf2(out, "%-*s", max_group, f->group);
sec_fprintf2(out, " ");
if(f->major != NULL && f->minor != NULL)
sec_fprintf2(out, "%*s, %*s", max_major, f->major, max_minor, f->minor);
else
sec_fprintf2(out, "%*s", max_size, f->size);
sec_fprintf2(out, " ");
sec_fprintf2(out, "%*s", max_date, f->date);
sec_fprintf2(out, " ");
sec_fprintf2(out, "%s", f->filename);
if(f->link)
sec_fprintf2(out, " -> %s", f->link);
sec_fprintf2(out, "\r\n");
}
static int
compare_filename(struct fileinfo *a, struct fileinfo *b)
{
if(a->filename == NULL)
return 1;
if(b->filename == NULL)
return -1;
return strcmp(a->filename, b->filename);
}
static int
compare_mtime(struct fileinfo *a, struct fileinfo *b)
{
if(a->filename == NULL)
return 1;
if(b->filename == NULL)
return -1;
return a->st.st_mtime - b->st.st_mtime;
}
static int
compare_size(struct fileinfo *a, struct fileinfo *b)
{
if(a->filename == NULL)
return 1;
if(b->filename == NULL)
return -1;
return a->st.st_size - b->st.st_size;
}
static void
list_dir(FILE *out, const char *directory, int flags);
static int
log10(int num)
{
int i = 1;
while(num > 10) {
i++;
num /= 10;
}
return i;
}
/*
* Operate as lstat but fake up entries for AFS mount points so we don't
* have to fetch them.
*/
static int
lstat_file (const char *file, struct stat *sb)
{
#ifdef KRB4
if (k_hasafs()
&& strcmp(file, ".")
&& strcmp(file, ".."))
{
struct ViceIoctl a_params;
char *last;
char *path_bkp;
static ino_t ino_counter = 0, ino_last = 0;
int ret;
const int maxsize = 2048;
path_bkp = strdup (file);
if (path_bkp == NULL)
return -1;
a_params.out = malloc (maxsize);
if (a_params.out == NULL) {
free (path_bkp);
return -1;
}
/* If path contains more than the filename alone - split it */
last = strrchr (path_bkp, '/');
if (last != NULL) {
*last = '\0';
a_params.in = last + 1;
} else
a_params.in = (char *)file;
a_params.in_size = strlen (a_params.in) + 1;
a_params.out_size = maxsize;
ret = k_pioctl (last ? path_bkp : "." ,
VIOC_AFS_STAT_MT_PT, &a_params, 0);
free (a_params.out);
if (ret < 0) {
free (path_bkp);
if (errno != EINVAL)
return ret;
else
/* if we get EINVAL this is probably not a mountpoint */
return lstat (file, sb);
}
/*
* wow this was a mountpoint, lets cook the struct stat
* use . as a prototype
*/
ret = lstat (path_bkp, sb);
free (path_bkp);
if (ret < 0)
return ret;
if (ino_last == sb->st_ino)
ino_counter++;
else {
ino_last = sb->st_ino;
ino_counter = 0;
}
sb->st_ino += ino_counter;
sb->st_nlink = 3;
return 0;
}
#endif /* KRB4 */
return lstat (file, sb);
}
static void
list_files(FILE *out, char **files, int n_files, int flags)
{
struct fileinfo *fi;
int i;
fi = calloc(n_files, sizeof(*fi));
if (fi == NULL) {
sec_fprintf2(out, "ouf of memory\r\n");
return;
}
for(i = 0; i < n_files; i++) {
if(lstat_file(files[i], &fi[i].st) < 0) {
sec_fprintf2(out, "%s: %s\r\n", files[i], strerror(errno));
fi[i].filename = NULL;
} else {
if((flags & LS_DIRS) == 0 && S_ISDIR(fi[i].st.st_mode)) {
if(n_files > 1)
sec_fprintf2(out, "%s:\r\n", files[i]);
list_dir(out, files[i], flags);
} else {
make_fileinfo(files[i], &fi[i], flags);
}
}
}
switch(SORT_MODE(flags)) {
case LS_SORT_NAME:
qsort(fi, n_files, sizeof(*fi),
(int (*)(const void*, const void*))compare_filename);
break;
case LS_SORT_MTIME:
qsort(fi, n_files, sizeof(*fi),
(int (*)(const void*, const void*))compare_mtime);
break;
case LS_SORT_SIZE:
qsort(fi, n_files, sizeof(*fi),
(int (*)(const void*, const void*))compare_size);
break;
}
{
int max_inode = 0;
int max_bsize = 0;
int max_n_link = 0;
int max_user = 0;
int max_group = 0;
int max_size = 0;
int max_major = 0;
int max_minor = 0;
int max_date = 0;
for(i = 0; i < n_files; i++) {
if(fi[i].filename == NULL)
continue;
if(fi[i].inode > max_inode)
max_inode = fi[i].inode;
if(fi[i].bsize > max_bsize)
max_bsize = fi[i].bsize;
if(fi[i].n_link > max_n_link)
max_n_link = fi[i].n_link;
if(strlen(fi[i].user) > max_user)
max_user = strlen(fi[i].user);
if(strlen(fi[i].group) > max_group)
max_group = strlen(fi[i].group);
if(fi[i].major != NULL && strlen(fi[i].major) > max_major)
max_major = strlen(fi[i].major);
if(fi[i].minor != NULL && strlen(fi[i].minor) > max_minor)
max_minor = strlen(fi[i].minor);
if(fi[i].size != NULL && strlen(fi[i].size) > max_size)
max_size = strlen(fi[i].size);
if(strlen(fi[i].date) > max_date)
max_date = strlen(fi[i].date);
}
if(max_size < max_major + max_minor + 2)
max_size = max_major + max_minor + 2;
else if(max_size - max_minor - 2 > max_major)
max_major = max_size - max_minor - 2;
max_inode = log10(max_inode);
max_bsize = log10(max_bsize);
max_n_link = log10(max_n_link);
if(flags & LS_SORT_REVERSE)
for(i = n_files - 1; i >= 0; i--)
print_file(out,
flags,
&fi[i],
max_inode,
max_bsize,
max_n_link,
max_user,
max_group,
max_size,
max_major,
max_minor,
max_date);
else
for(i = 0; i < n_files; i++)
print_file(out,
flags,
&fi[i],
max_inode,
max_bsize,
max_n_link,
max_user,
max_group,
max_size,
max_major,
max_minor,
max_date);
}
}
static void
free_files (char **files, int n)
{
int i;
for (i = 0; i < n; ++i)
free (files[i]);
free (files);
}
static void
list_dir(FILE *out, const char *directory, int flags)
{
DIR *d = opendir(directory);
struct dirent *ent;
char **files = NULL;
int n_files = 0;
if(d == NULL) {
sec_fprintf2(out, "%s: %s\r\n", directory, strerror(errno));
return;
}
while((ent = readdir(d)) != NULL) {
void *tmp;
if(ent->d_name[0] == '.') {
if (flags & LS_IGNORE_DOT)
continue;
if (ent->d_name[1] == 0) /* Ignore . */
continue;
if (ent->d_name[1] == '.' && ent->d_name[2] == 0) /* Ignore .. */
continue;
}
tmp = realloc(files, (n_files + 1) * sizeof(*files));
if (tmp == NULL) {
sec_fprintf2(out, "%s: out of memory\r\n", directory);
free_files (files, n_files);
closedir (d);
return;
}
files = tmp;
asprintf(&files[n_files], "%s/%s", directory, ent->d_name);
if (files[n_files] == NULL) {
sec_fprintf2(out, "%s: out of memory\r\n", directory);
free_files (files, n_files);
closedir (d);
return;
}
++n_files;
}
closedir(d);
list_files(out, files, n_files, flags | LS_DIRS);
}
void
builtin_ls(FILE *out, const char *file)
{
int flags = LS_SORT_NAME;
if(*file == '-') {
const char *p;
for(p = file + 1; *p; p++) {
switch(*p) {
case 'a':
case 'A':
flags &= ~LS_IGNORE_DOT;
break;
case 'C':
break;
case 'd':
flags |= LS_DIRS;
break;
case 'f':
flags = (flags & ~LS_SORT_MODE);
break;
case 'i':
flags |= flags | LS_INODE;
break;
case 'l':
break;
case 't':
flags = (flags & ~LS_SORT_MODE) | LS_SORT_MTIME;
break;
case 's':
flags |= LS_SIZE;
break;
case 'S':
flags = (flags & ~LS_SORT_MODE) | LS_SORT_SIZE;
break;
case 'r':
flags |= LS_SORT_REVERSE;
break;
}
}
file = ".";
}
list_files(out, &file, 1, flags);
sec_fflush(out);
}

6
crypto/kerberosIV/appl/ftp/ftpd/popen.c
View File

@ -37,7 +37,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: popen.c,v 1.18 1998/06/09 19:24:24 joda Exp $");
RCSID("$Id: popen.c,v 1.19 1999/09/16 20:38:45 assar Exp $");
#endif
#include <sys/types.h>
@ -89,10 +89,10 @@ ftp_rooted(const char *path)
if(!home[0])
if((pwd = k_getpwnam("ftp")))
strcpy_truncate(home, pwd->pw_dir, sizeof(home));
strlcpy(home, pwd->pw_dir, sizeof(home));
snprintf(newpath, sizeof(newpath), "%s/%s", home, path);
if(access(newpath, X_OK))
strcpy_truncate(newpath, path, sizeof(newpath));
strlcpy(newpath, path, sizeof(newpath));
return newpath;
}

6
crypto/kerberosIV/appl/kauth/ChangeLog
View File

@ -1,3 +1,9 @@
1999-08-31 Johan Danielsson <joda@pdc.kth.se>
* kauth.c: cleanup usage string; handle `kauth -h' gracefully
(print usage); add `-a' flag to get the ticket address (useful for
firewall configurations)
Thu Apr 15 15:05:33 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* kauth.c: add `-v'

9
crypto/kerberosIV/appl/kauth/encdata.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -38,7 +33,7 @@
#include "kauth.h"
RCSID("$Id: encdata.c,v 1.9 1997/04/01 08:17:30 joda Exp $");
RCSID("$Id: encdata.c,v 1.10 1999/12/02 16:58:31 joda Exp $");
int
write_encrypted (int fd, void *buf, size_t len, des_key_schedule schedule,

102
crypto/kerberosIV/appl/kauth/kauth.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -46,7 +41,7 @@
#include "kauth.h"
RCSID("$Id: kauth.c,v 1.92 1999/06/29 21:19:35 bg Exp $");
RCSID("$Id: kauth.c,v 1.97 1999/12/02 16:58:31 joda Exp $");
krb_principal princ;
static char srvtab[MaxPathLen];
@ -59,11 +54,16 @@ static void
usage(void)
{
fprintf(stderr,
"Usage: %s -n <name> [-r remoteuser] [-t remote ticketfile] "
"[-l lifetime (in minutes) ] [-f srvtab ] "
"[-c AFS cell name ] [-h hosts... [--]] [command ... ]\n",
__progname);
fprintf(stderr, "\nA fully qualified name can be given user[.instance][@realm]\nRealm is converted to uppercase!\n");
"Usage:\n"
" %s [name]\n"
"or\n"
" %s [-ad] [-n name] [-r remoteuser] [-t remote ticketfile]\n"
" [-l lifetime (in minutes) ] [-f srvtab ] [-c AFS cell name ]\n"
" [-h hosts... [--]] [command ... ]\n\n",
__progname, __progname);
fprintf(stderr,
"A fully qualified name can be given: user[.instance][@realm]\n"
"Realm is converted to uppercase!\n");
exit(1);
}
@ -139,6 +139,56 @@ key_to_key(const char *user,
return 0;
}
static int
get_ticket_address(krb_principal *princ, des_cblock *key)
{
int code;
unsigned char flags;
krb_principal service;
u_int32_t addr;
struct in_addr addr2;
des_cblock session;
int life;
u_int32_t time_sec;
des_key_schedule schedule;
CREDENTIALS c;
code = get_ad_tkt(princ->name, princ->instance, princ->realm, 0);
if(code) {
warnx("get_ad_tkt: %s\n", krb_get_err_text(code));
return code;
}
code = krb_get_cred(princ->name, princ->instance, princ->realm, &c);
if(code) {
warnx("krb_get_cred: %s\n", krb_get_err_text(code));
return code;
}
des_set_key(key, schedule);
code = decomp_ticket(&c.ticket_st,
&flags,
princ->name,
princ->instance,
princ->realm,
&addr,
session,
&life,
&time_sec,
service.name,
service.instance,
key,
schedule);
if(code) {
warnx("decomp_ticket: %s\n", krb_get_err_text(code));
return code;
}
memset(&session, 0, sizeof(session));
memset(schedule, 0, sizeof(schedule));
addr2.s_addr = addr;
fprintf(stdout, "ticket address = %s\n", inet_ntoa(addr2));
}
int
main(int argc, char **argv)
{
@ -147,6 +197,7 @@ main(int argc, char **argv)
int c;
char *file;
int pflag = 0;
int aflag = 0;
int version_flag = 0;
char passwd[100];
des_cblock key;
@ -174,20 +225,24 @@ main(int argc, char **argv)
strupr(princ.realm);
}
while ((c = getopt(argc, argv, "r:t:f:hdl:n:c:v")) != EOF)
while ((c = getopt(argc, argv, "ar:t:f:hdl:n:c:v")) != -1)
switch (c) {
case 'a':
aflag++;
break;
case 'd':
krb_enable_debug();
_kafs_debug = 1;
aflag++;
break;
case 'f':
strcpy_truncate(srvtab, optarg, sizeof(srvtab));
strlcpy(srvtab, optarg, sizeof(srvtab));
break;
case 't':
strcpy_truncate(remote_tktfile, optarg, sizeof(remote_tktfile));
strlcpy(remote_tktfile, optarg, sizeof(remote_tktfile));
break;
case 'r':
strcpy_truncate(remoteuser, optarg, sizeof(remoteuser));
strlcpy(remoteuser, optarg, sizeof(remoteuser));
break;
case 'l':
lifetime = atoi(optarg);
@ -215,6 +270,8 @@ main(int argc, char **argv)
host = argv + optind;
for(nhost = 0; optind < argc && *argv[optind] != '-'; ++optind)
++nhost;
if(nhost == 0)
usage();
break;
case 'v':
version_flag++;
@ -238,24 +295,22 @@ main(int argc, char **argv)
/* With root tickets assume remote user is root */
if (*remoteuser == '\0') {
if (strcmp(princ.instance, "root") == 0)
strcpy_truncate(remoteuser, princ.instance, sizeof(remoteuser));
strlcpy(remoteuser, princ.instance, sizeof(remoteuser));
else
strcpy_truncate(remoteuser, princ.name, sizeof(remoteuser));
strlcpy(remoteuser, princ.name, sizeof(remoteuser));
}
more_args = argc - optind;
if (princ.realm[0] == '\0')
if (krb_get_lrealm(princ.realm, 1) != KSUCCESS)
strcpy_truncate(princ.realm, KRB_REALM, REALM_SZ);
strlcpy(princ.realm, KRB_REALM, REALM_SZ);
if (more_args) {
int f;
do{
snprintf(tf, sizeof(tf),
TKT_ROOT "%u_%u",
(unsigned)getuid(),
snprintf(tf, sizeof(tf), "%s%u_%u", TKT_ROOT, (unsigned)getuid(),
(unsigned)(getpid()*time(0)));
f = open(tf, O_CREAT|O_EXCL|O_RDWR);
}while(f < 0);
@ -297,6 +352,9 @@ main(int argc, char **argv)
errx (1, "%s", krb_get_err_text(code));
}
if(aflag)
get_ticket_address(&princ, &key);
if (k_hasafs()) {
if (more_args)
k_setpag();

9
crypto/kerberosIV/appl/kauth/kauth.h
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -36,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: kauth.h,v 1.20 1998/06/13 00:06:45 assar Exp $ */
/* $Id: kauth.h,v 1.21 1999/12/02 16:58:31 joda Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>

9
crypto/kerberosIV/appl/kauth/kauthd.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -38,7 +33,7 @@
#include "kauth.h"
RCSID("$Id: kauthd.c,v 1.24 1999/06/29 21:19:35 bg Exp $");
RCSID("$Id: kauthd.c,v 1.25 1999/12/02 16:58:31 joda Exp $");
krb_principal princ;
static char locuser[SNAME_SZ];

19
crypto/kerberosIV/appl/kauth/marshall.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -38,7 +33,7 @@
#include "kauth.h"
RCSID("$Id: marshall.c,v 1.8 1998/06/09 19:24:26 joda Exp $");
RCSID("$Id: marshall.c,v 1.10 1999/12/02 16:58:31 joda Exp $");
int
pack_args (char *buf,
@ -104,28 +99,28 @@ unpack_args (const char *buf, krb_principal *pr, int *lifetime,
len = strlen(buf);
if (len >= SNAME_SZ)
return -1;
strcpy_truncate (pr->name, buf, ANAME_SZ);
strlcpy (pr->name, buf, ANAME_SZ);
buf += len + 1;
len = strlen (buf);
if (len >= INST_SZ)
return -1;
strcpy_truncate (pr->instance, buf, INST_SZ);
strlcpy (pr->instance, buf, INST_SZ);
buf += len + 1;
len = strlen (buf);
if (len >= REALM_SZ)
return -1;
strcpy_truncate (pr->realm, buf, REALM_SZ);
strlcpy (pr->realm, buf, REALM_SZ);
buf += len + 1;
*lifetime = (unsigned char)*buf++;
len = strlen(buf);
if (len >= SNAME_SZ)
return -1;
strcpy_truncate (locuser, buf, SNAME_SZ);
strlcpy (locuser, buf, SNAME_SZ);
buf += len + 1;
len = strlen(buf);
if (len >= MaxPathLen)
return -1;
strcpy_truncate (tktfile, buf, MaxPathLen);
strlcpy (tktfile, buf, MaxPathLen);
buf += len + 1;
return 0;
}

18
crypto/kerberosIV/appl/kauth/rkinit.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -38,7 +33,7 @@
#include "kauth.h"
RCSID("$Id: rkinit.c,v 1.21 1998/06/09 19:24:26 joda Exp $");
RCSID("$Id: rkinit.c,v 1.22.2.1 1999/12/06 17:27:56 assar Exp $");
static struct in_addr *
getalladdrs (char *hostname, unsigned *count)
@ -113,6 +108,15 @@ doit_host (krb_principal *princ, int lifetime, char *locuser,
return 1;
}
if (krb_get_config_bool("nat_in_use")) {
struct in_addr natAddr;
if (krb_get_our_ip_for_realm(krb_realmofhost(hostname),
&natAddr) == KSUCCESS
|| krb_get_our_ip_for_realm (NULL, &natAddr) == KSUCCESS)
thisaddr.sin_addr = natAddr;
}
status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd",
hostname, krb_realmofhost (hostname),
getpid(), &msg, &cred, schedule,

9
crypto/kerberosIV/appl/kip/common.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -38,7 +33,7 @@
#include "kip.h"
RCSID("$Id: common.c,v 1.12 1997/05/02 14:28:06 assar Exp $");
RCSID("$Id: common.c,v 1.13 1999/12/02 16:58:31 joda Exp $");
/*
* Copy packets from `tundev' to `netdev' or vice versa.

9
crypto/kerberosIV/appl/kip/kip.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -38,7 +33,7 @@
#include "kip.h"
RCSID("$Id: kip.c,v 1.17 1998/05/01 05:20:11 assar Exp $");
RCSID("$Id: kip.c,v 1.18 1999/12/02 16:58:31 joda Exp $");
static void
usage(void)

9
crypto/kerberosIV/appl/kip/kip.h
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -36,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: kip.h,v 1.17 1997/12/14 23:57:21 assar Exp $ */
/* $Id: kip.h,v 1.18 1999/12/02 16:58:31 joda Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"

9
crypto/kerberosIV/appl/kip/kipd.c
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -38,7 +33,7 @@
#include "kip.h"
RCSID("$Id: kipd.c,v 1.15 1999/03/10 18:33:24 joda Exp $");
RCSID("$Id: kipd.c,v 1.16 1999/12/02 16:58:31 joda Exp $");
static int
fatal (int fd, char *s)

135
crypto/kerberosIV/appl/push/ChangeLog Normal file
View File

@ -0,0 +1,135 @@
1999-11-13 Assar Westerlund <assar@sics.se>
* push.c: make `-v' a arg_counter
1999-11-02 Assar Westerlund <assar@sics.se>
* push.c (main): redo the v4/v5 selection for consistency. -4 ->
try only v4 -5 -> try only v5 none, -45 -> try v5, v4
1999-08-19 Assar Westerlund <assar@sics.se>
* push.c (doit): remember to step over the error message when we
discover that XDELE is not supported
1999-08-12 Johan Danielsson <joda@pdc.kth.se>
* push.c: use XDELE
1999-08-05 Assar Westerlund <assar@sics.se>
* push.c (do_connect): v6-ify
1999-06-15 Assar Westerlund <assar@sics.se>
* push.c: get_default_username and the resulting const propagation
1999-05-21 Assar Westerlund <assar@sics.se>
* push.c (parse_pobox): try $USERNAME
1999-05-11 Assar Westerlund <assar@sics.se>
* push.c (do_v5): remove unused and non-working code
1999-05-10 Assar Westerlund <assar@sics.se>
* push.c (do_v5): call krb5_sendauth with ccache == NULL
Wed Apr 7 23:40:00 1999 Assar Westerlund <assar@sics.se>
* Makefile.in: fix names of hesiod variables
Wed Mar 24 04:37:04 1999 Assar Westerlund <assar@sics.se>
* Makefile.am (pfrom): fix typo
* push.c (get_pobox): try to handle old and new hesiod APIs
Mon Mar 22 22:19:40 1999 Assar Westerlund <assar@sics.se>
* Makefile.am: hesoid -> hesiod
Sun Mar 21 18:02:10 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* Makefile.am: bindir -> libexecdir
Sat Mar 20 00:12:26 1999 Assar Westerlund <assar@sics.se>
* Makefile.am: LDADD: add missing backslash
Thu Mar 18 15:28:35 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* Makefile.am: clean pfrom
* Makefile.am: include Makefile.am.common
Mon Mar 15 18:26:16 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
* push.c: strncasecmp headers
Mon Feb 15 22:22:09 1999 Assar Westerlund <assar@sics.se>
* Makefile.in (pfrom): use libexecdir
* Makefile.am: build and install pfrom
* push.c (do_connect): init `s'
(pop_state): spell-check enums
Tue Nov 24 23:20:54 1998 Assar Westerlund <assar@sics.se>
* Makefile.in: build and install pfrom
* pfrom.in: bindir -> libexecdir
Sun Nov 22 15:33:52 1998 Johan Danielsson <joda@hella.pdc.kth.se>
* push.c: eliminate some warnings
Sun Nov 22 10:34:54 1998 Assar Westerlund <assar@sics.se>
* Makefile.in (WFLAGS): set
Thu Nov 19 01:17:33 1998 Assar Westerlund <assar@sics.se>
* push_locl.h: add <hesiod.h>
* Makefile.am, Makefile.in: link and include hesiod
* push.c (get_pobox): new function. add hesiod support.
1998-11-07 Assar Westerlund <assar@sics.se>
* push.8: updated
* push.c: --from implementation from <lha@stacken.kth.se>
Fri Jul 10 01:14:45 1998 Assar Westerlund <assar@sics.se>
* push.c (net_{read,write}): remove
Wed Jun 24 14:41:41 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
* push.c: allow `po:user@host' mailbox syntax
Tue Jun 2 17:35:06 1998 Johan Danielsson <joda@emma.pdc.kth.se>
* push.c: quote '^From ' properly
Mon May 25 05:22:47 1998 Assar Westerlund <assar@sics.se>
* Makefile.in (clean): PROGS -> PROGRAMS
Sun Apr 26 11:42:13 1998 Assar Westerlund <assar@sics.se>
* push.c (main): better default for v4 and v5
* push.c (main): init context correctly
* push.c: should work with krb4
* push_locl.h: krb4 compat
* Makefile.in: new file

27
crypto/kerberosIV/appl/push/Makefile.am Normal file
View File

@ -0,0 +1,27 @@
# $Id: Makefile.am,v 1.15 1999/04/09 18:29:48 assar Exp $
include $(top_srcdir)/Makefile.am.common
INCLUDES += $(INCLUDE_krb4) $(INCLUDE_hesiod)
bin_SCRIPTS = pfrom
libexec_PROGRAMS = push
push_SOURCES = push.c push_locl.h
pfrom: pfrom.in
sed -e "s!%libexecdir%!$(libexecdir)!" $(srcdir)/pfrom.in > $@
chmod +x $@
man_MANS = push.8
CLEANFILES = pfrom
EXTRA_DIST = pfrom.in $(man_MANS)
LDADD = $(LIB_krb5) \
$(LIB_krb4) \
$(top_builddir)/lib/des/libdes.la \
$(LIB_roken) \
$(LIB_hesiod)

95
crypto/kerberosIV/appl/push/Makefile.in Normal file
View File

@ -0,0 +1,95 @@
# $Id: Makefile.in,v 1.10 1999/04/07 18:39:56 assar Exp $
SHELL = /bin/sh
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
CC = @CC@
LINK = @LINK@
RANLIB = @RANLIB@
DEFS = @DEFS@ @INCLUDE_hesiod@
CFLAGS = @CFLAGS@ $(WFLAGS)
WFLAGS = @WFLAGS@
LD_FLAGS = @LD_FLAGS@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
LIBS = @LIB_hesiod@ @LIBS@
LIB_DBM = @LIB_DBM@
MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
prefix = @prefix@
exec_prefix = @exec_prefix@
libdir = @libdir@
libexecdir = @libexecdir@
bindir = @bindir@
transform=@program_transform_name@
EXECSUFFIX=@EXECSUFFIX@
bin_PROGRAMS = pfrom
libexec_PROGRAMS = push$(EXECSUFFIX)
PROGRAMS = $(libexec_PROGRAMS) $(bin_PROGRAMS)
push_SOURCES = push.c
push_OBJECTS = push.o
SOURCES = $(push_SOURCES)
OBJECTS = $(push_OBJECTS)
all: $(PROGRAMS)
.c.o:
$(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
install: all
$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
for x in $(bin_PROGRAMS); do \
$(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
done
$(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
for x in $(libexec_PROGRAMS); do \
$(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
done
uninstall:
for x in $(bin_PROGRAMS); do \
rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
done
for x in $(libexec_PROGRAMS); do \
rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
done
TAGS: $(SOURCES)
etags $(SOURCES)
check:
clean:
rm -f *.a *.o $(PROGRAMS)
mostlyclean: clean
distclean: clean
rm -f Makefile *~
realclean: distclean
rm -f TAGS
KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes
LIBROKEN=-L../../lib/roken -lroken
push$(EXECSUFFIX): $(push_OBJECTS)
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(push_OBJECTS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
pfrom: pfrom.in
sed -e "s!%libexecdir%!$(libexecdir)!" $(srcdir)/pfrom.in > $@
chmod +x $@
$(OBJECTS): ../../include/config.h
.PHONY: all install uninstall check clean mostlyclean distclean realclean

6
crypto/kerberosIV/appl/push/pfrom.in Normal file
View File

@ -0,0 +1,6 @@
#!/bin/sh
# $Id: pfrom.in,v 1.2 1998/11/24 13:25:47 assar Exp $
libexecdir=%libexecdir%
PATH=$libexecdir:$PATH
export PATH
push --from $*

138
crypto/kerberosIV/appl/push/push.8 Normal file
View File

@ -0,0 +1,138 @@
.\" $Id: push.8,v 1.3.16.1 1999/12/06 17:25:27 assar Exp $
.\"
.Dd May 31, 1998
.Dt PUSH 8
.Os HEIMDAL
.Sh NAME
.Nm push
.Nd
fetch mail via POP
.Sh SYNOPSIS
.Nm
.Op Fl 4 | Fl -krb4
.Op Fl 5 | Fl -krb5
.Op Fl v | Fl -verbose
.Op Fl f | Fl -fork
.Op Fl l | -leave
.Op Fl -from
.Op Fl c | -count
.Op Fl -header
.Oo Fl p Ar port-spec \*(Ba Xo
.Fl -port= Ns Ar port-spec Oc
.Xc
.Ar po-box
.Pa filename
.Sh DESCRIPTION
.Nm
retrieves mail from the post office box
.Ar po-box ,
and stores the mail in mbox format in
.Pa filename .
The
.Ar po-box
can have any of the following formats:
.Bl -hang -compact -offset indent
.It Ql hostname:username
.It Ql po:hostname:username
.It Ql username@hostname
.It Ql po:username@hostname
.It Ql hostname
.It Ql po:username
.El
If no username is specified,
.Nm
assumes that it's the same as on the local machine;
.Ar hostname
defaults to the value of the
.Ev MAILHOST
environment variable.
Supported options:
.Bl -tag -width Ds
.It Xo
.Fl 4 Ns ,
.Fl -krb4
.Xc
use Kerberos 4 (if compiled with support for Kerberos 4)
.It Xo
.Fl 5 Ns ,
.Fl -krb5
.Xc
use Kerberos 5 (if compiled with support for Kerberos 5)
.It Xo
.Fl f Ns ,
.Fl -fork
.Xc
fork before starting to delete messages
.It Xo
.Fl l Ns ,
.Fl -leave
.Xc
don't delete fetched mail
.It Xo
.Fl -from
.Xc
behave like from.
.It Xo
.Fl c Ns ,
.Fl -count
.Xc
first print how many messages and bytes there are.
.It Xo
.Fl -header
.Xc
which header from should print.
.It Xo
.Fl p Ar port-spec Ns ,
.Fl -port= Ns Ar port-spec
.Xc
use this port instead of the default
.Ql kpop
or
.Ql 1109 .
.El
The default is to first try Kerberos 5 authentication and then, if
that fails, Kerberos 4.
.Sh ENVIRONMENT
.Bl -tag -width Ds
.It Ev MAILHOST
points to the post office, if no other hostname is specified.
.El
.\".Sh FILES
.Sh EXAMPLES
.Bd -literal -offset indent
$ push cornfield:roosta ~/.gnus-crash-box
.Ed
tries to fetch mail for the user
.Ar roosta
from the post office at
.Dq cornfield ,
and stores the mail in
.Pa ~/.gnus-crash-box
(you are using Gnus, aren't you?)
.Bd -literal -offset indent
$ push --from -5 havregryn
.Ed
tries to fetch
.Nm From:
lines for current user at post office
.Dq havregryn
using Kerberos 5.
.\".Sh DIAGNOSTICS
.Sh SEE ALSO
.Xr movemail 8 ,
.Xr popper 8 ,
.Xr from 1
.\".Sh STANDARDS
.Sh HISTORY
.Nm
was written while waiting for
.Nm movemail
to finish getting the mail.
.\".Sh AUTHORS
.\".Sh BUGS

795
crypto/kerberosIV/appl/push/push.c Normal file
View File

@ -0,0 +1,795 @@
/*
* Copyright (c) 1997-1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "push_locl.h"
RCSID("$Id: push.c,v 1.34.2.1 1999/12/06 17:25:28 assar Exp $");
#ifdef KRB4
static int use_v4 = -1;
#endif
#ifdef KRB5
static int use_v5 = -1;
static krb5_context context;
#endif
static char *port_str;
static int verbose_level;
static int do_fork;
static int do_leave;
static int do_version;
static int do_help;
static int do_from;
static int do_count;
static char *header_str;
struct getargs args[] = {
#ifdef KRB4
{ "krb4", '4', arg_flag, &use_v4, "Use Kerberos V4",
NULL },
#endif
#ifdef KRB5
{ "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5",
NULL },
#endif
{ "verbose",'v', arg_counter, &verbose_level, "Verbose",
NULL },
{ "fork", 'f', arg_flag, &do_fork, "Fork deleting proc",
NULL },
{ "leave", 'l', arg_flag, &do_leave, "Leave mail on server",
NULL },
{ "port", 'p', arg_string, &port_str, "Use this port",
"number-or-service" },
{ "from", 0, arg_flag, &do_from, "Behave like from",
NULL },
{ "header", 0, arg_string, &header_str, "Header string to print", NULL },
{ "count", 'c', arg_flag, &do_count, "Print number of messages", NULL},
{ "version", 0, arg_flag, &do_version, "Print version",
NULL },
{ "help", 0, arg_flag, &do_help, NULL,
NULL }
};
static void
usage (int ret)
{
arg_printusage (args,
sizeof(args) / sizeof(args[0]),
NULL,
"[[{po:username[@hostname] | hostname[:username]}] ...]"
"filename");
exit (ret);
}
static int
do_connect (const char *hostname, int port, int nodelay)
{
struct hostent *hostent = NULL;
char **h;
int error;
int af;
int s;
#ifdef HAVE_IPV6
if (hostent == NULL)
hostent = getipnodebyname (hostname, AF_INET6, 0, &error);
#endif
if (hostent == NULL)
hostent = getipnodebyname (hostname, AF_INET, 0, &error);
if (hostent == NULL)
errx(1, "gethostbyname '%s' failed: %s", hostname, hstrerror(error));
af = hostent->h_addrtype;
for (h = hostent->h_addr_list; *h != NULL; ++h) {
struct sockaddr_storage sa_ss;
struct sockaddr *sa = (struct sockaddr *)&sa_ss;
sa->sa_family = af;
socket_set_address_and_port (sa, *h, port);
s = socket (af, SOCK_STREAM, 0);
if (s < 0)
err (1, "socket");
if (connect(s, sa, socket_sockaddr_size(sa)) < 0) {
warn ("connect(%s)", hostname);
close (s);
continue;
} else {
break;
}
}
freehostent (hostent);
if (*h == NULL)
return -1;
if(setsockopt(s, IPPROTO_TCP, TCP_NODELAY,
(void *)&nodelay, sizeof(nodelay)) < 0)
err (1, "setsockopt TCP_NODELAY");
return s;
}
typedef enum { INIT = 0, GREET, USER, PASS, STAT, RETR, TOP,
DELE, XDELE, QUIT} pop_state;
#define PUSH_BUFSIZ 65536
#define STEP 16
struct write_state {
struct iovec *iovecs;
size_t niovecs, maxiovecs, allociovecs;
int fd;
};
static void
write_state_init (struct write_state *w, int fd)
{
#ifdef UIO_MAXIOV
w->maxiovecs = UIO_MAXIOV;
#else
w->maxiovecs = 16;
#endif
w->allociovecs = min(STEP, w->maxiovecs);
w->niovecs = 0;
w->iovecs = malloc(w->allociovecs * sizeof(*w->iovecs));
if (w->iovecs == NULL)
err (1, "malloc");
w->fd = fd;
}
static void
write_state_add (struct write_state *w, void *v, size_t len)
{
if(w->niovecs == w->allociovecs) {
if(w->niovecs == w->maxiovecs) {
if(writev (w->fd, w->iovecs, w->niovecs) < 0)
err(1, "writev");
w->niovecs = 0;
} else {
w->allociovecs = min(w->allociovecs + STEP, w->maxiovecs);
w->iovecs = realloc (w->iovecs,
w->allociovecs * sizeof(*w->iovecs));
if (w->iovecs == NULL)
errx (1, "realloc");
}
}
w->iovecs[w->niovecs].iov_base = v;
w->iovecs[w->niovecs].iov_len = len;
++w->niovecs;
}
static void
write_state_flush (struct write_state *w)
{
if (w->niovecs) {
if (writev (w->fd, w->iovecs, w->niovecs) < 0)
err (1, "writev");
w->niovecs = 0;
}
}
static void
write_state_destroy (struct write_state *w)
{
free (w->iovecs);
}
static int
doit(int s,
const char *host,
const char *user,
const char *outfilename,
const char *header_str,
int leavep,
int verbose,
int forkp)
{
int ret;
char out_buf[PUSH_BUFSIZ];
size_t out_len = 0;
char in_buf[PUSH_BUFSIZ + 1]; /* sentinel */
size_t in_len = 0;
char *in_ptr = in_buf;
pop_state state = INIT;
unsigned count, bytes;
unsigned asked_for = 0, retrieved = 0, asked_deleted = 0, deleted = 0;
unsigned sent_xdele = 0;
int out_fd;
char from_line[128];
size_t from_line_length;
time_t now;
struct write_state write_state;
if (do_from) {
out_fd = -1;
if (verbose)
fprintf (stderr, "%s@%s\n", user, host);
} else {
out_fd = open(outfilename, O_WRONLY | O_APPEND | O_CREAT, 0666);
if (out_fd < 0)
err (1, "open %s", outfilename);
if (verbose)
fprintf (stderr, "%s@%s -> %s\n", user, host, outfilename);
}
now = time(NULL);
from_line_length = snprintf (from_line, sizeof(from_line),
"From %s %s", "push", ctime(&now));
out_len = snprintf (out_buf, sizeof(out_buf),
"USER %s\r\nPASS hej\r\nSTAT\r\n",
user);
if (net_write (s, out_buf, out_len) != out_len)
err (1, "write");
if (verbose > 1)
write (STDERR_FILENO, out_buf, out_len);
if (!do_from)
write_state_init (&write_state, out_fd);
while(state != QUIT) {
fd_set readset, writeset;
FD_ZERO(&readset);
FD_ZERO(&writeset);
FD_SET(s,&readset);
if (((state == STAT || state == RETR || state == TOP)
&& asked_for < count)
|| (state == XDELE && !sent_xdele)
|| (state == DELE && asked_deleted < count))
FD_SET(s,&writeset);
ret = select (s + 1, &readset, &writeset, NULL, NULL);
if (ret < 0) {
if (errno == EAGAIN)
continue;
else
err (1, "select");
}
if (FD_ISSET(s, &readset)) {
char *beg, *p;
size_t rem;
int blank_line = 0;
ret = read (s, in_ptr, sizeof(in_buf) - in_len - 1);
if (ret < 0)
err (1, "read");
else if (ret == 0)
errx (1, "EOF during read");
in_len += ret;
in_ptr += ret;
*in_ptr = '\0';
beg = in_buf;
rem = in_len;
while(rem > 1
&& (p = strstr(beg, "\r\n")) != NULL) {
if (state == TOP) {
char *copy = beg;
if (strncasecmp(copy,
header_str,
min(p - copy + 1, strlen(header_str))) == 0) {
fprintf (stdout, "%.*s\n", (int)(p - copy), copy);
}
if (beg[0] == '.' && beg[1] == '\r' && beg[2] == '\n') {
state = STAT;
if (++retrieved == count) {
state = QUIT;
net_write (s, "QUIT\r\n", 6);
if (verbose > 1)
net_write (STDERR_FILENO, "QUIT\r\n", 6);
}
}
rem -= p - beg + 2;
beg = p + 2;
} else if (state == RETR) {
char *copy = beg;
if (beg[0] == '.') {
if (beg[1] == '\r' && beg[2] == '\n') {
if(!blank_line)
write_state_add(&write_state, "\n", 1);
state = STAT;
rem -= p - beg + 2;
beg = p + 2;
if (++retrieved == count) {
write_state_flush (&write_state);
if (fsync (out_fd) < 0)
err (1, "fsync");
close(out_fd);
if (leavep) {
state = QUIT;
net_write (s, "QUIT\r\n", 6);
if (verbose > 1)
net_write (STDERR_FILENO, "QUIT\r\n", 6);
} else {
if (forkp) {
pid_t pid;
pid = fork();
if (pid < 0)
warn ("fork");
else if(pid != 0) {
if(verbose)
fprintf (stderr,
"(exiting)");
return 0;
}
}
state = XDELE;
if (verbose)
fprintf (stderr, "deleting... ");
}
}
continue;
} else
++copy;
}
*p = '\n';
if(blank_line &&
strncmp(copy, "From ", min(p - copy + 1, 5)) == 0)
write_state_add(&write_state, ">", 1);
write_state_add(&write_state, copy, p - copy + 1);
blank_line = (*copy == '\n');
rem -= p - beg + 2;
beg = p + 2;
} else if (rem >= 3 && strncmp (beg, "+OK", 3) == 0) {
if (state == STAT) {
if (!do_from)
write_state_add(&write_state,
from_line, from_line_length);
blank_line = 0;
if (do_from)
state = TOP;
else
state = RETR;
} else if (state == XDELE) {
state = QUIT;
net_write (s, "QUIT\r\n", 6);
if (verbose > 1)
net_write (STDERR_FILENO, "QUIT\r\n", 6);
break;
} else if (state == DELE) {
if (++deleted == count) {
state = QUIT;
net_write (s, "QUIT\r\n", 6);
if (verbose > 1)
net_write (STDERR_FILENO, "QUIT\r\n", 6);
break;
}
} else if (++state == STAT) {
if(sscanf (beg + 4, "%u %u", &count, &bytes) != 2)
errx(1, "Bad STAT-line: %.*s", (int)(p - beg), beg);
if (verbose) {
fprintf (stderr, "%u message(s) (%u bytes). "
"fetching... ",
count, bytes);
if (do_from)
fprintf (stderr, "\n");
} else if (do_count) {
fprintf (stderr, "%u message(s) (%u bytes).\n",
count, bytes);
}
if (count == 0) {
state = QUIT;
net_write (s, "QUIT\r\n", 6);
if (verbose > 1)
net_write (STDERR_FILENO, "QUIT\r\n", 6);
break;
}
}
rem -= p - beg + 2;
beg = p + 2;
} else {
if(state == XDELE) {
state = DELE;
rem -= p - beg + 2;
beg = p + 2;
} else
errx (1, "Bad response: %.*s", (int)(p - beg), beg);
}
}
if (!do_from)
write_state_flush (&write_state);
memmove (in_buf, beg, rem);
in_len = rem;
in_ptr = in_buf + rem;
}
if (FD_ISSET(s, &writeset)) {
if ((state == STAT && !do_from) || state == RETR)
out_len = snprintf (out_buf, sizeof(out_buf),
"RETR %u\r\n", ++asked_for);
else if ((state == STAT && do_from) || state == TOP)
out_len = snprintf (out_buf, sizeof(out_buf),
"TOP %u 0\r\n", ++asked_for);
else if(state == XDELE) {
out_len = snprintf(out_buf, sizeof(out_buf),
"XDELE %u %u\r\n", 1, count);
sent_xdele++;
}
else if(state == DELE)
out_len = snprintf (out_buf, sizeof(out_buf),
"DELE %u\r\n", ++asked_deleted);
if (net_write (s, out_buf, out_len) != out_len)
err (1, "write");
if (verbose > 1)
write (STDERR_FILENO, out_buf, out_len);
}
}
if (verbose)
fprintf (stderr, "Done\n");
if (!do_from)
write_state_destroy (&write_state);
return 0;
}
#ifdef KRB5
static int
do_v5 (const char *host,
int port,
const char *user,
const char *filename,
const char *header_str,
int leavep,
int verbose,
int forkp)
{
krb5_error_code ret;
krb5_auth_context auth_context = NULL;
krb5_principal server;
int s;
s = do_connect (host, port, 1);
if (s < 0)
return 1;
ret = krb5_sname_to_principal (context,
host,
"pop",
KRB5_NT_SRV_HST,
&server);
if (ret) {
warnx ("krb5_sname_to_principal: %s",
krb5_get_err_text (context, ret));
return 1;
}
ret = krb5_sendauth (context,
&auth_context,
&s,
"KPOPV1.0",
NULL,
server,
0,
NULL,
NULL,
NULL,
NULL,
NULL,
NULL);
krb5_free_principal (context, server);
if (ret) {
warnx ("krb5_sendauth: %s",
krb5_get_err_text (context, ret));
return 1;
}
return doit (s, host, user, filename, header_str, leavep, verbose, forkp);
}
#endif
#ifdef KRB4
static int
do_v4 (const char *host,
int port,
const char *user,
const char *filename,
const char *header_str,
int leavep,
int verbose,
int forkp)
{
KTEXT_ST ticket;
MSG_DAT msg_data;
CREDENTIALS cred;
des_key_schedule sched;
int s;
int ret;
s = do_connect (host, port, 1);
if (s < 0)
return 1;
ret = krb_sendauth(0,
s,
&ticket,
"pop",
(char *)host,
krb_realmofhost(host),
getpid(),
&msg_data,
&cred,
sched,
NULL,
NULL,
"KPOPV0.1");
if(ret) {
warnx("krb_sendauth: %s", krb_get_err_text(ret));
return 1;
}
return doit (s, host, user, filename, header_str, leavep, verbose, forkp);
}
#endif /* KRB4 */
#ifdef HESIOD
#ifdef HESIOD_INTERFACES
static char *
hesiod_get_pobox (const char **user)
{
void *context;
struct hesiod_postoffice *hpo;
char *ret = NULL;
if(hesiod_init (&context) != 0)
err (1, "hesiod_init");
hpo = hesiod_getmailhost (context, *user);
if (hpo == NULL) {
warn ("hesiod_getmailhost %s", *user);
} else {
if (strcasecmp(hpo->hesiod_po_type, "pop") != 0)
errx (1, "Unsupported po type %s", hpo->hesiod_po_type);
ret = strdup(hpo->hesiod_po_host);
if(ret == NULL)
errx (1, "strdup: out of memory");
*user = strdup(hpo->hesiod_po_name);
if (*user == NULL)
errx (1, "strdup: out of memory");
hesiod_free_postoffice (context, hpo);
}
hesiod_end (context);
return ret;
}
#else /* !HESIOD_INTERFACES */
static char *
hesiod_get_pobox (const char **user)
{
char *ret = NULL;
struct hes_postoffice *hpo;
hpo = hes_getmailhost (*user);
if (hpo == NULL) {
warn ("hes_getmailhost %s", *user);
} else {
if (strcasecmp(hpo->po_type, "pop") != 0)
errx (1, "Unsupported po type %s", hpo->po_type);
ret = strdup(hpo->po_host);
if(ret == NULL)
errx (1, "strdup: out of memory");
*user = strdup(hpo->po_name);
if (*user == NULL)
errx (1, "strdup: out of memory");
}
return ret;
}
#endif /* HESIOD_INTERFACES */
#endif /* HESIOD */
static char *
get_pobox (const char **user)
{
char *ret = NULL;
#ifdef HESIOD
ret = hesiod_get_pobox (user);
#endif
if (ret == NULL)
ret = getenv("MAILHOST");
if (ret == NULL)
errx (1, "MAILHOST not set");
return ret;
}
static void
parse_pobox (char *a0, const char **host, const char **user)
{
const char *h, *u;
char *p;
int po = 0;
if (a0 == NULL) {
*user = getenv ("USERNAME");
if (*user == NULL) {
struct passwd *pwd = getpwuid (getuid ());
if (pwd == NULL)
errx (1, "Who are you?");
*user = strdup (pwd->pw_name);
if (*user == NULL)
errx (1, "strdup: out of memory");
}
*host = get_pobox (user);
return;
}
/* if the specification starts with po:, remember this information */
if(strncmp(a0, "po:", 3) == 0) {
a0 += 3;
po++;
}
/* if there is an `@', the hostname is after it, otherwise at the
beginning of the string */
p = strchr(a0, '@');
if(p != NULL) {
*p++ = '\0';
h = p;
} else {
h = a0;
}
/* if there is a `:', the username comes before it, otherwise at
the beginning of the string */
p = strchr(a0, ':');
if(p != NULL) {
*p++ = '\0';
u = p;
} else {
u = a0;
}
if(h == u) {
/* some inconsistent compatibility with various mailers */
if(po) {
h = get_pobox (&u);
} else {
u = get_default_username ();
if (u == NULL)
errx (1, "Who are you?");
}
}
*host = h;
*user = u;
}
int
main(int argc, char **argv)
{
int port = 0;
int optind = 0;
int ret = 1;
const char *host, *user, *filename = NULL;
char *pobox = NULL;
set_progname (argv[0]);
#ifdef KRB5
krb5_init_context (&context);
#endif
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
&optind))
usage (1);
argc -= optind;
argv += optind;
#if defined(KRB4) && defined(KRB5)
if(use_v4 == -1 && use_v5 == 1)
use_v4 = 0;
if(use_v5 == -1 && use_v4 == 1)
use_v5 = 0;
#endif
if (do_help)
usage (0);
if (do_version) {
print_version(NULL);
return 0;
}
if (do_from && header_str == NULL)
header_str = "From:";
else if (header_str != NULL)
do_from = 1;
if (do_from) {
if (argc == 0)
pobox = NULL;
else if (argc == 1)
pobox = argv[0];
else
usage (1);
} else {
if (argc == 1) {
filename = argv[0];
pobox = NULL;
} else if (argc == 2) {
filename = argv[1];
pobox = argv[0];
} else
usage (1);
}
if (port_str) {
struct servent *s = roken_getservbyname (port_str, "tcp");
if (s)
port = s->s_port;
else {
char *ptr;
port = strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
errx (1, "Bad port `%s'", port_str);
port = htons(port);
}
}
if (port == 0)
#ifdef KRB5
port = krb5_getportbyname (context, "kpop", "tcp", 1109);
#elif defined(KRB4)
port = k_getportbyname ("kpop", "tcp", 1109);
#else
#error must define KRB4 or KRB5
#endif
parse_pobox (pobox, &host, &user);
#ifdef KRB5
if (ret && use_v5) {
ret = do_v5 (host, port, user, filename, header_str,
do_leave, verbose_level, do_fork);
}
#endif
#ifdef KRB4
if (ret && use_v4) {
ret = do_v4 (host, port, user, filename, header_str,
do_leave, verbose_level, do_fork);
}
#endif /* KRB4 */
return ret;
}

77
crypto/kerberosIV/appl/push/push.cat8 Normal file
View File

@ -0,0 +1,77 @@
PUSH(8) UNIX System Manager's Manual PUSH(8)
NNAAMMEE
ppuusshh - fetch mail via POP
SSYYNNOOPPSSIISS
ppuusshh [--44 | ----kkrrbb44] [--55 | ----kkrrbb55] [--vv | ----vveerrbboossee] [--ff | ----ffoorrkk] [--ll |
----lleeaavvee] [----ffrroomm] [--cc | ----ccoouunntt] [----hheeaaddeerr] [--pp _p_o_r_t_-_s_p_e_c | ----ppoorrtt==_p_o_r_t_-
_s_p_e_c] _p_o_-_b_o_x _f_i_l_e_n_a_m_e
DDEESSCCRRIIPPTTIIOONN
ppuusshh retrieves mail from the post office box _p_o_-_b_o_x, and stores the mail
in mbox format in _f_i_l_e_n_a_m_e. The _p_o_-_b_o_x can have any of the following for-
mats:
`hostname:username'
`po:hostname:username'
`username@hostname'
`po:username@hostname'
`hostname'
`po:username'
If no username is specified, ppuusshh assumes that it's the same as on the
local machine; _h_o_s_t_n_a_m_e defaults to the value of the MAILHOST environment
variable.
Supported options:
--44, ----kkrrbb44
use Kerberos 4 (if compiled with support for Kerberos 4)
--55, ----kkrrbb55
use Kerberos 5 (if compiled with support for Kerberos 5)
--ff, ----ffoorrkk
fork before starting to delete messages
--ll, ----lleeaavvee
don't delete fetched mail
----ffrroomm behave like from.
--cc, ----ccoouunntt
first print how many messages and bytes there are.
----hheeaaddeerr
which header from should print.
--pp _p_o_r_t_-_s_p_e_c, ----ppoorrtt==_p_o_r_t_-_s_p_e_c
use this port instead of the default `kpop' or `1109'.
The default is to first try Kerberos 5 authentication and then, if that
fails, Kerberos 4.
EENNVVIIRROONNMMEENNTT
MAILHOST
points to the post office, if no other hostname is specified.
EEXXAAMMPPLLEESS
$ push cornfield:roosta ~/.gnus-crash-box
tries to fetch mail for the user _r_o_o_s_t_a from the post office at
``cornfield'', and stores the mail in _~_/_._g_n_u_s_-_c_r_a_s_h_-_b_o_x (you are using
Gnus, aren't you?)
$ push --from -5 havregryn
tries to fetch FFrroomm:: lines for current user at post office ``havregryn''
using Kerberos 5.
SSEEEE AALLSSOO
movemail(8), popper(8), from(1)
HHIISSTTOORRYY
ppuusshh was written while waiting for mmoovveemmaaiill to finish getting the mail.
HEIMDAL May 31, 1998 2

98
crypto/kerberosIV/appl/push/push_locl.h Normal file
View File

@ -0,0 +1,98 @@
/*
* Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: push_locl.h,v 1.6 1999/12/02 16:58:33 joda Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_ERRNO_H
#include <errno.h>
#endif
#include <ctype.h>
#include <limits.h>
#include <time.h>
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SELECT_H
#include <sys/select.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_SYS_UIO_H
#include <sys/uio.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_NETINET_IN6_H
#include <netinet/in6.h>
#endif
#ifdef HAVE_NETINET6_IN6_H
#include <netinet6/in6.h>
#endif
#ifdef HAVE_NETINET_TCP_H
#include <netinet/tcp.h>
#endif
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
#ifdef HESIOD
#include <hesiod.h>
#endif
#include <roken.h>
#include <err.h>
#include <getarg.h>
#ifdef KRB5
#include <krb5.h>
#endif
#ifdef KRB4
#include <krb.h>
#endif

9
crypto/kerberosIV/appl/sample/sample.h
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -36,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: sample.h,v 1.10 1998/06/13 00:06:49 assar Exp $ */
/* $Id: sample.h,v 1.11 1999/12/02 16:58:33 joda Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>

8
crypto/kerberosIV/appl/sample/sample_client.c
View File

@ -23,7 +23,7 @@
#include "sample.h"
RCSID("$Id: sample_client.c,v 1.19 1999/05/08 02:23:43 assar Exp $");
RCSID("$Id: sample_client.c,v 1.21 1999/11/13 06:27:01 assar Exp $");
static void
usage (void)
@ -56,13 +56,13 @@ main(int argc, char **argv)
char **h_addr_list;
set_progname (argv[0]);
strcpy_truncate (service, SAMPLE_SERVICE, sizeof(service));
strlcpy (service, SAMPLE_SERVICE, sizeof(service));
port = 0;
while ((c = getopt(argc, argv, "s:p:")) != EOF)
while ((c = getopt(argc, argv, "s:p:")) != -1)
switch(c) {
case 's' :
strcpy_truncate (service, optarg, sizeof(service));
strlcpy (service, optarg, sizeof(service));
break;
case 'p' :
serv = getservbyname (optarg, "tcp");

12
crypto/kerberosIV/appl/sample/sample_server.c
View File

@ -18,7 +18,7 @@
#include "sample.h"
RCSID("$Id: sample_server.c,v 1.12 1999/03/10 18:33:53 joda Exp $");
RCSID("$Id: sample_server.c,v 1.14 1999/11/13 06:28:49 assar Exp $");
static void
usage (void)
@ -53,16 +53,16 @@ main(int argc, char **argv)
roken_openlog(__progname, LOG_ODELAY, LOG_DAEMON);
strcpy_truncate (service, SAMPLE_SERVICE, sizeof(service));
strlcpy (service, SAMPLE_SERVICE, sizeof(service));
*srvtab = '\0';
while ((c = getopt (argc, argv, "s:t:i")) != EOF)
while ((c = getopt (argc, argv, "s:t:i")) != -1)
switch (c) {
case 's' :
strcpy_truncate (service, optarg, sizeof(service));
strlcpy (service, optarg, sizeof(service));
break;
case 't' :
strcpy_truncate (srvtab, optarg, sizeof(srvtab));
strlcpy (srvtab, optarg, sizeof(srvtab));
break;
case 'i':
no_inetd = 1;
@ -122,7 +122,7 @@ main(int argc, char **argv)
/* now that we have decoded the authenticator, translate
the kerberos principal.instance@realm into a local name */
if (krb_kntoln(&auth_data, lname) != KSUCCESS)
strcpy_truncate(lname,
strlcpy(lname,
"*No local name returned by krb_kntoln*",
sizeof(lname));
/* compose the reply */

8
crypto/kerberosIV/appl/sample/simple_client.c
View File

@ -10,7 +10,7 @@
*/
#include "sample.h"
RCSID("$Id: simple_client.c,v 1.13 1998/06/09 19:24:39 joda Exp $");
RCSID("$Id: simple_client.c,v 1.15 1999/11/13 06:29:01 assar Exp $");
#define MSG "hi, Jennifer!" /* message text */
@ -174,12 +174,12 @@ main(int argc, char **argv)
set_progname (argv[0]);
strcpy_truncate (service, SAMPLE_SERVICE, sizeof(service));
strlcpy (service, SAMPLE_SERVICE, sizeof(service));
while ((c = getopt(argc, argv, "s:p:")) != EOF)
while ((c = getopt(argc, argv, "s:p:")) != -1)
switch(c) {
case 's' :
strcpy_truncate (service, optarg, sizeof(service));
strlcpy (service, optarg, sizeof(service));
break;
case 'p' :
serv = getservbyname (optarg, "tcp");

12
crypto/kerberosIV/appl/sample/simple_server.c
View File

@ -11,7 +11,7 @@
#include "sample.h"
RCSID("$Id: simple_server.c,v 1.9 1998/06/09 19:24:39 joda Exp $");
RCSID("$Id: simple_server.c,v 1.11 1999/11/13 06:29:24 assar Exp $");
static void
usage (void)
@ -40,12 +40,12 @@ main(int argc, char **argv)
des_key_schedule sched;
set_progname (argv[0]);
strcpy_truncate (service, SAMPLE_SERVICE, sizeof(service));
strcpy_truncate (instance, "*", sizeof(instance));
strlcpy (service, SAMPLE_SERVICE, sizeof(service));
strlcpy (instance, "*", sizeof(instance));
*srvtab = '\0';
port = 0;
while ((c = getopt (argc, argv, "p:s:t:")) != EOF)
while ((c = getopt (argc, argv, "p:s:t:")) != -1)
switch (c) {
case 'p' : {
struct servent *sp;
@ -58,10 +58,10 @@ main(int argc, char **argv)
break;
}
case 's' :
strcpy_truncate (service, optarg, sizeof(service));
strlcpy (service, optarg, sizeof(service));
break;
case 't' :
strcpy_truncate (srvtab, optarg, sizeof(srvtab));
strlcpy (srvtab, optarg, sizeof(srvtab));
break;
case '?' :
default :

58
crypto/kerberosIV/cf/ChangeLog
View File

@ -1,3 +1,61 @@
1999-11-05 Assar Westerlund <assar@sics.se>
* check-x.m4: include X_PRE_LIBS and X_EXTRA_LIBS when testing
1999-11-01 Assar Westerlund <assar@sics.se>
* Makefile.am.common (install-build-headers): use `cp' instead of
INSTALL_DATA for copying header files inside the build tree. The
user might have redefined INSTALL_DATA to specify owners and other
information.
1999-10-30 Assar Westerlund <assar@sics.se>
* find-func-no-libs2.m4: add yet another argument to allow specify
linker flags that will be added _before_ the library when trying
to link
* find-func-no-libs.m4: add yet another argument to allow specify
linker flags that will be added _before_ the library when trying
to link
1999-10-12 Assar Westerlund <assar@sics.se>
* find-func-no-libs2.m4 (AC_FIND_FUNC_NO_LIBS2): new argument
`extra libs'
* find-func-no-libs.m4 (AC_FIND_FUNC_NO_LIBS): new argument `extra
libs'
1999-09-01 Johan Danielsson <joda@pdc.kth.se>
* capabilities.m4: sgi capabilities
1999-07-29 Assar Westerlund <assar@sics.se>
* have-struct-field.m4: quote macros when undefining
1999-07-28 Assar Westerlund <assar@sics.se>
* Makefile.am.common (install-build-headers): add dependencies
1999-07-24 Assar Westerlund <assar@sics.se>
* have-type.m4: try to get autoheader to co-operate
* have-type.m4: stolen from Arla
* krb-struct-sockaddr-sa-len.m4: not used any longer. removed.
1999-06-13 Assar Westerlund <assar@sics.se>
* krb-struct-spwd.m4: consequent name of cache variables
* krb-func-getlogin.m4: new file for testing for posix (broken)
getlogin
* shared-libs.m4 (freebsd[34]): don't use ld -Bshareable
1999-06-02 Johan Danielsson <joda@pdc.kth.se>
* check-x.m4: extended test for X

8
crypto/kerberosIV/cf/Makefile.am.common
View File

@ -1,4 +1,4 @@
# $Id: Makefile.am.common,v 1.11 1999/05/26 08:42:55 assar Exp $
# $Id: Makefile.am.common,v 1.13 1999/11/01 03:19:58 assar Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies
@ -60,7 +60,7 @@ install-suid-programs:
install-exec-hook: install-suid-programs
install-build-headers::
install-build-headers:: $(include_HEADERS) $(build_HEADERZ)
@foo='$(include_HEADERS) $(build_HEADERZ)'; \
for f in $$foo; do \
f=`basename $$f`; \
@ -68,8 +68,8 @@ install-build-headers::
else file="$$f"; fi; \
if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \
: ; else \
echo " $(INSTALL_DATA) $$file $(buildinclude)/$$f"; \
$(INSTALL_DATA) $$file $(buildinclude)/$$f; \
echo " cp $$file $(buildinclude)/$$f"; \
cp $$file $(buildinclude)/$$f; \
fi ; \
done

14
crypto/kerberosIV/cf/capabilities.m4 Normal file
View File

@ -0,0 +1,14 @@
dnl
dnl $Id: capabilities.m4,v 1.2 1999/09/01 11:02:26 joda Exp $
dnl
dnl
dnl Test SGI capabilities
dnl
AC_DEFUN(KRB_CAPABILITIES,[
AC_CHECK_HEADERS(capability.h sys/capability.h)
AC_CHECK_FUNCS(sgi_getcapabilitybyname cap_set_proc)
])

4
crypto/kerberosIV/cf/check-x.m4
View File

@ -1,7 +1,7 @@
dnl
dnl See if there is any X11 present
dnl
dnl $Id: check-x.m4,v 1.1 1999/06/03 00:22:10 joda Exp $
dnl $Id: check-x.m4,v 1.2 1999/11/05 04:25:23 assar Exp $
AC_DEFUN(KRB_CHECK_X,[
AC_PATH_XTRA
@ -31,7 +31,7 @@ if test "$no_x" != yes; then
esac
done
fi
LIBS="$ac_save_libs $foo -lX11"
LIBS="$ac_save_libs $foo $X_PRE_LIBS -lX11 $X_EXTRA_LIBS"
AC_TRY_RUN([
#include <X11/Xlib.h>
foo()

6
crypto/kerberosIV/cf/find-func-no-libs.m4
View File

@ -1,9 +1,9 @@
dnl $Id: find-func-no-libs.m4,v 1.3 1998/06/04 02:06:50 assar Exp $
dnl $Id: find-func-no-libs.m4,v 1.5 1999/10/30 21:08:18 assar Exp $
dnl
dnl
dnl Look for function in any of the specified libraries
dnl
dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments)
dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments, extra libs, extra args)
AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [
AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4])])
AC_FIND_FUNC_NO_LIBS2([$1], ["" $2], [$3], [$4], [$5], [$6])])

6
crypto/kerberosIV/cf/find-func-no-libs2.m4
View File

@ -1,10 +1,10 @@
dnl $Id: find-func-no-libs2.m4,v 1.1 1998/06/04 02:07:12 assar Exp $
dnl $Id: find-func-no-libs2.m4,v 1.3 1999/10/30 21:09:53 assar Exp $
dnl
dnl
dnl Look for function in any of the specified libraries
dnl
dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments)
dnl AC_FIND_FUNC_NO_LIBS2(func, libraries, includes, arguments, extra libs, extra args)
AC_DEFUN(AC_FIND_FUNC_NO_LIBS2, [
AC_MSG_CHECKING([for $1])
@ -18,7 +18,7 @@ if eval "test \"\$ac_cv_func_$1\" != yes" ; then
else
ac_lib=""
fi
LIBS="$ac_lib $ac_save_LIBS"
LIBS="$6 $ac_lib $5 $ac_save_LIBS"
AC_TRY_LINK([$3],[$1($4)],eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break)
done
eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}"

5
crypto/kerberosIV/cf/grok-type.m4
View File

@ -1,8 +1,11 @@
dnl $Id: grok-type.m4,v 1.3 1999/03/21 18:59:56 joda Exp $
dnl $Id: grok-type.m4,v 1.4 1999/11/29 11:16:48 joda Exp $
dnl
AC_DEFUN(AC_GROK_TYPE, [
AC_CACHE_VAL(ac_cv_type_$1,
AC_TRY_COMPILE([
#ifdef HAVE_INTTYPES_H
#include <inttypes.h>
#endif
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif

6
crypto/kerberosIV/cf/have-struct-field.m4
View File

@ -1,4 +1,4 @@
dnl $Id: have-struct-field.m4,v 1.5 1999/03/01 13:10:35 joda Exp $
dnl $Id: have-struct-field.m4,v 1.6 1999/07/29 01:44:32 assar Exp $
dnl
dnl check for fields in a structure
dnl
@ -13,7 +13,7 @@ cache_val=no)])
if test "$cache_val" = yes; then
define(foo, translit(HAVE_$1_$2, [a-z ], [A-Z_]))
AC_DEFINE(foo, 1, [Define if $1 has field $2.])
undefine(foo)
undefine([foo])
fi
undefine(cache_val)
undefine([cache_val])
])

31
crypto/kerberosIV/cf/have-type.m4 Normal file
View File

@ -0,0 +1,31 @@
dnl $Id: have-type.m4,v 1.4 1999/07/24 19:23:01 assar Exp $
dnl
dnl check for existance of a type
dnl AC_HAVE_TYPE(TYPE,INCLUDES)
AC_DEFUN(AC_HAVE_TYPE, [
cv=`echo "$1" | sed 'y%./+- %__p__%'`
AC_MSG_CHECKING(for $1)
AC_CACHE_VAL([ac_cv_type_$cv],
AC_TRY_COMPILE(
[#include <sys/types.h>
#if STDC_HEADERS
#include <stdlib.h>
#include <stddef.h>
#endif
$2],
[$1 foo;],
eval "ac_cv_type_$cv=yes",
eval "ac_cv_type_$cv=no"))dnl
AC_MSG_RESULT(`eval echo \\$ac_cv_type_$cv`)
if test `eval echo \\$ac_cv_type_$cv` = yes; then
ac_tr_hdr=HAVE_`echo $1 | sed 'y%abcdefghijklmnopqrstuvwxyz./- %ABCDEFGHIJKLMNOPQRSTUVWXYZ____%'`
dnl autoheader tricks *sigh*
define(foo,translit($1, [ ], [_]))
: << END
@@@funcs="$funcs foo"@@@
END
undefine([foo])
AC_DEFINE_UNQUOTED($ac_tr_hdr, 1)
fi
])

14
crypto/kerberosIV/cf/have-types.m4 Normal file
View File

@ -0,0 +1,14 @@
dnl
dnl $Id: have-types.m4,v 1.1 1999/07/24 18:38:58 assar Exp $
dnl
AC_DEFUN(AC_HAVE_TYPES, [
for i in $1; do
AC_HAVE_TYPE($i)
done
: << END
changequote(`,')dnl
@@@funcs="$funcs $1"@@@
changequote([,])dnl
END
])

22
crypto/kerberosIV/cf/krb-func-getlogin.m4 Normal file
View File

@ -0,0 +1,22 @@
dnl
dnl $Id: krb-func-getlogin.m4,v 1.1 1999/07/13 17:45:30 assar Exp $
dnl
dnl test for POSIX (broken) getlogin
dnl
AC_DEFUN(AC_FUNC_GETLOGIN, [
AC_CHECK_FUNCS(getlogin setlogin)
if test "$ac_cv_func_getlogin" = yes; then
AC_CACHE_CHECK(if getlogin is posix, ac_cv_func_getlogin_posix, [
if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then
ac_cv_func_getlogin_posix=no
else
ac_cv_func_getlogin_posix=yes
fi
])
if test "$ac_cv_func_getlogin_posix" = yes; then
AC_DEFINE(POSIX_GETLOGIN, 1, [Define if getlogin has POSIX flavour (and not BSD).])
fi
fi
])

4
crypto/kerberosIV/cf/krb-struct-spwd.m4
View File

@ -1,10 +1,10 @@
dnl $Id
dnl $Id: krb-struct-spwd.m4,v 1.3 1999/07/13 21:04:11 assar Exp $
dnl
dnl Test for `struct spwd'
AC_DEFUN(AC_KRB_STRUCT_SPWD, [
AC_MSG_CHECKING(for struct spwd)
AC_CACHE_VAL(ac_cv_type_struct_spwd, [
AC_CACHE_VAL(ac_cv_struct_spwd, [
AC_TRY_COMPILE(
[#include <pwd.h>
#ifdef HAVE_SHADOW_H

7
crypto/kerberosIV/cf/shared-libs.m4
View File

@ -1,5 +1,5 @@
dnl
dnl $Id: shared-libs.m4,v 1.3 1999/04/09 15:34:25 assar Exp $
dnl $Id: shared-libs.m4,v 1.4 1999/07/13 17:47:09 assar Exp $
dnl
dnl Shared library stuff has to be different everywhere
dnl
@ -64,9 +64,10 @@ case "${host}" in
install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
;;
*-*-freebsd3*)
changequote(,)dnl
*-*-freebsd[34]*)
changequote([,])dnl
REAL_SHLIBEXT=so.$SHLIB_VERSION
LDSHARED='ld -Bshareable'
REAL_LD_FLAGS='-Wl,-R$(libdir)'
build_symlink_command='$(LN_S) -f [$][@] $(LIBNAME).so'
install_symlink_command='$(LN_S) -f $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'

2150
crypto/kerberosIV/configure vendored
View File

File diff suppressed because it is too large Load Diff

175
crypto/kerberosIV/configure.in
View File

@ -8,7 +8,7 @@ dnl
dnl Process this file with autoconf to produce a configure script.
dnl
AC_REVISION($Revision: 1.415.2.9 $)
AC_REVISION($Revision: 1.432.2.2 $)
AC_INIT(lib/krb/getrealm.c)
AC_CONFIG_HEADER(include/config.h)
@ -18,7 +18,7 @@ dnl
PACKAGE=krb4
AC_SUBST(PACKAGE)dnl
VERSION=0.10.1
VERSION=1.0
AC_SUBST(VERSION)dnl
AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])dnl
AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])dnl
@ -67,9 +67,7 @@ AC_KRB_PROG_YACC
AC_PROG_LEX
AC_PROG_RANLIB
AC_PROG_INSTALL
dnl AC_PROG_AWK
dnl mawk seems to mishandle \# in lib/roken/roken.awk
AC_CHECK_PROGS(AWK, gawk nawk awk, )
AC_PROG_AWK
AC_CHECK_PROG(MAKEINFO, makeinfo, makeinfo, :)
dnl Use make Wall or make WFLAGS=".."
@ -329,9 +327,13 @@ fi
# AIX414
#
case "${host}" in
*-*-aix4.1*)
if test -f /lib/pse.exp ;then
LIBS="$LIBS -Wl,-bnolibpath -Wl,-bI:/lib/pse.exp"
fi
;;
esac
dnl
dnl Various checks for headers and their contents
@ -384,7 +386,6 @@ AC_CHECK_HEADERS([arpa/ftp.h \
signal.h \
stropts.h \
sys/bitypes.h \
sys/capability.h \
sys/category.h \
sys/file.h \
sys/filio.h \
@ -548,21 +549,66 @@ if test "$ac_cv_func_glob_working" != yes; then
LIBOBJS="$LIBOBJS glob.o"
fi
AC_CHECK_FUNCS(asnprintf asprintf vasprintf vasnprintf vsnprintf)
AC_CHECK_FUNCS([ \
_getpty \
_scrsize \
_setsid \
_stricmp \
asnprintf \
asprintf \
atexit \
cgetent \
chroot \
fattach \
fchmod \
fcntl \
forkpty \
frevoke \
getpriority \
getrlimit \
getservbyname \
getspnam \
gettimeofday \
gettosbyname \
getuid \
grantpt \
mktime \
on_exit \
parsetos \
ptsname \
rand \
random \
revoke \
setitimer \
setpgid \
setpriority \
setproctitle \
setregid \
setresgid \
setresuid \
setreuid \
setsid \
setutent \
sigaction \
sysconf \
sysctl \
ttyname \
ttyslot \
ulimit \
uname \
unlockpt \
vasnprintf \
vasprintf \
vhangup \
vsnprintf \
yp_get_default_domain \
])
AC_CHECK_FUNCS(atexit _getpty _scrsize _setsid _stricmp chroot fattach fchmod)
AC_CHECK_FUNCS(fcntl forkpty frevoke getlogin getpriority)
AC_CHECK_FUNCS(getrlimit getservbyname getspnam getspuid gettimeofday)
AC_CHECK_FUNCS(gettosbyname getuid grantpt mktime parsetos ptsname)
AC_CHECK_FUNCS(rand random revoke setitimer setlogin setpgid setpriority)
AC_CHECK_FUNCS(setproctitle setregid setresgid setresuid setreuid setsid)
AC_CHECK_FUNCS(setutent sigaction sysconf sysctl ttyname ttyslot)
AC_CHECK_FUNCS(ulimit uname unlockpt vhangup yp_get_default_domain)
AC_CHECK_FUNCS(on_exit sgi_getcapabilitybyname cap_set_proc)
KRB_CAPABILITIES
AC_CHECK_GETPWNAM_R_POSIX
AC_FIND_FUNC_NO_LIBS(getsockopt, ,
AC_FIND_FUNC_NO_LIBS(getsockopt,,
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
@ -570,7 +616,7 @@ AC_FIND_FUNC_NO_LIBS(getsockopt, ,
#include <sys/socket.h>
#endif],
[0,0,0,0,0])
AC_FIND_FUNC_NO_LIBS(setsockopt, ,
AC_FIND_FUNC_NO_LIBS(setsockopt,,
[#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
@ -624,22 +670,7 @@ AC_SUBST(LIB_dn_expand)dnl
AC_FUNC_MMAP
AC_FUNC_ALLOCA
#
# Test for POSIX (broken) getlogin
#
if test "$ac_cv_func_getlogin" = yes; then
AC_CACHE_CHECK(if getlogin is posix, ac_cv_func_getlogin_posix, [
if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then
ac_cv_func_getlogin_posix=no
else
ac_cv_func_getlogin_posix=yes
fi
])
if test "$ac_cv_func_getlogin_posix" = yes; then
AC_DEFINE(POSIX_GETLOGIN, 1, [Define if getlogin has POSIX flavour (and not BSD).])
fi
fi
AC_FUNC_GETLOGIN
AC_FIND_IF_NOT_BROKEN(hstrerror, resolv,
[#ifdef HAVE_NETDB_H
@ -654,12 +685,16 @@ AC_NEED_PROTO([
hstrerror)
fi
AC_BROKEN(chown daemon err errx fchown flock fnmatch)
AC_BROKEN(getcwd getdtablesize gethostname geteuid getgid getegid)
AC_BROKEN(getopt getusershell inet_aton initgroups innetgr iruserok lstat)
AC_BROKEN(memmove mkstemp putenv rcmd readv setegid setenv seteuid)
AC_BROKEN(strcasecmp strncasecmp strdup strerror strftime strlwr)
AC_BROKEN(strndup strnlen strsep strtok_r strupr)
AC_BROKEN(chown copyhostent daemon err errx fchown flock fnmatch freehostent)
AC_BROKEN(getcwd getdtablesize gethostname getipnodebyaddr getipnodebyname)
AC_BROKEN(geteuid getgid getegid)
AC_BROKEN(getopt getusershell)
AC_BROKEN(inet_aton inet_ntop inet_pton initgroups innetgr iruserok lstat)
AC_BROKEN(memmove)
AC_BROKEN(mkstemp putenv rcmd readv recvmsg sendmsg setegid setenv seteuid)
AC_BROKEN(strcasecmp strncasecmp strdup strerror strftime)
AC_BROKEN(strlcat strlcpy strlwr)
AC_BROKEN(strndup strnlen strptime strsep strtok_r strupr)
AC_BROKEN(swab unsetenv verr verrx vsyslog)
AC_BROKEN(vwarn vwarnx warn warnx writev)
@ -879,10 +914,22 @@ AC_CHECK_VAR([#ifdef HAVE_ERR_H
#include <err.h>
#endif],[__progname])
AC_CHECK_DECLARATION([#include <stdlib.h>], optarg)
AC_CHECK_DECLARATION([#include <stdlib.h>], optind)
AC_CHECK_DECLARATION([#include <stdlib.h>], opterr)
AC_CHECK_DECLARATION([#include <stdlib.h>], optopt)
AC_CHECK_DECLARATION([#include <stdlib.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif], optarg)
AC_CHECK_DECLARATION([#include <stdlib.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif], optind)
AC_CHECK_DECLARATION([#include <stdlib.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif], opterr)
AC_CHECK_DECLARATION([#include <stdlib.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif], optopt)
AC_CHECK_DECLARATION([#include <stdlib.h>], environ)
@ -932,6 +979,25 @@ AC_HAVE_STRUCT_FIELD(struct utmpx, ut_syslen,
[#include <sys/types.h>
#include <utmp.h>])
dnl
dnl Check for fields in struct tm
dnl
AC_HAVE_STRUCT_FIELD(struct tm, tm_gmtoff, [#include <time.h>])
AC_HAVE_STRUCT_FIELD(struct tm, tm_zone, [#include <time.h>])
dnl
dnl or do we have a variable `timezone' ?
dnl
AC_CHECK_VAR(
[#include <time.h>],
timezone)
AC_HAVE_TYPE([sa_family_t],[#include <sys/socket.h>])
AC_HAVE_TYPE([struct sockaddr_storage], [#include <sys/socket.h>])
AC_KRB_STRUCT_SPWD
AC_STRUCT_ST_BLKSIZE
@ -971,6 +1037,24 @@ krb_cv_header_sys_socket_h_broken=yes)])
AC_MSG_RESULT($krb_cv_header_sys_socket_h_broken)
AC_SUBST(krb_cv_header_sys_socket_h_broken)
dnl
dnl Check for broken ultrix netdb.h
dnl
AC_MSG_CHECKING(for broken netdb.h)
AC_CACHE_VAL(krb_cv_header_netdb_h_broken, [
AC_TRY_COMPILE(
[#include <sys/types.h>
#include <netdb.h>
#include <netdb.h>],[],
krb_cv_header_netdb_h_broken=no,
krb_cv_header_netdb_h_broken=yes)])
AC_MSG_RESULT($krb_cv_header_netdb_h_broken)
AC_SUBST(krb_cv_header_netdb_h_broken)
if test "$krb_cv_header_netdb_h_broken" = "yes"; then
EXTRA_HEADERS="$EXTRA_HEADERS netdb.h"
fi
dnl
dnl Check for sa_len in sys/socket.h
dnl
@ -1016,7 +1100,7 @@ dnl
dnl el_init
AC_FIND_FUNC_NO_LIBS(el_init, edit)
AC_FIND_FUNC_NO_LIBS(el_init, edit, [], [], [$LIB_tgetent])
if test "$ac_cv_func_el_init" = yes ; then
AC_CACHE_CHECK(for four argument el_init, ac_cv_func_el_init_four,[
AC_TRY_COMPILE([#include <stdio.h>
@ -1195,6 +1279,7 @@ appl/kx/Makefile \
appl/kip/Makefile \
appl/otp/Makefile \
doc/Makefile \
etc/inetd.conf.changes \
) dnl end of AC_OUTPUT
AC_KRB_VERSION

18
crypto/kerberosIV/doc/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.18 1998/04/19 08:37:12 assar Exp $
# $Id: Makefile.in,v 1.19 1999/09/28 12:35:11 assar Exp $
SHELL = /bin/sh
@ -15,6 +15,16 @@ TEXI2HTML = texi2html
prefix = @prefix@
infodir = @infodir@
TEXI_SOURCES = ack.texi \
index.texi \
install.texi \
intro.texi \
kth-krb.texi \
otp.texi \
problems.texi \
setup.texi \
whatis.texi
all: info
install: all installdirs
@ -40,17 +50,17 @@ installdirs:
info: kth-krb.info
kth-krb.info: kth-krb.texi
kth-krb.info: $(TEXI_SOURCES)
$(MAKEINFO) --no-split -I$(srcdir) -o $@ $(srcdir)/kth-krb.texi
dvi: kth-krb.dvi
kth-krb.dvi: kth-krb.texi
kth-krb.dvi: $(TEXI_SOURCES)
$(TEXI2DVI) $(srcdir)/kth-krb.texi
html: kth-krb.html
kth-krb.html: kth-krb.texi
kth-krb.html: $(TEXI_SOURCES)
$(TEXI2HTML) $(srcdir)/kth-krb.texi
clean:

2
crypto/kerberosIV/doc/ack.texi
View File

@ -85,6 +85,8 @@ Bugfixes and code has been contributed by:
@code{<toddr@@rpi.edu>}
@item Åke Sandgren
@code{<ake@@cs.umu.se>}
@item Thomas Nyström
@code{<thn@@stacken.kth.se>}
@item and we hope that those not mentioned here will forgive us.
@end table

116
crypto/kerberosIV/doc/install.texi
View File

@ -15,6 +15,7 @@ from source.
* Installing from source::
* Installing a binary distribution::
* Finishing the installation::
* .klogin::
* Authentication modules::
@end menu
@ -59,7 +60,7 @@ Use cracklib for password quality control in
@code{kadmind}. This option requires
@cindex cracklib
cracklib with the patch from
@code{ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch}.
@url{ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch}.
@item @kbd{--with-dictpath=}@var{dictpath}
This is the dictionary that cracklib should use.
@ -76,7 +77,7 @@ about socks see @url{http://www.socks.nec.com/}.
@cindex readline
To enable history/line editing in @code{ftp} and @code{kadmin}, any
present version of readline will be used. If you have readline
installed but in a place where configure does not managed to find it,
installed but in a place where configure does not manage to find it,
you can use this option. The code also looks for @code{libedit}. If
there is no library at all, the bundled version of @code{editline} will
be used.
@ -92,12 +93,23 @@ spool directory is located. This directory is only accessed by
@pindex login
@code{login}.
@item @kbd{--with-hesiod=}@var{dir}
@cindex Hesiod
Enable the Hesiod support in
@pindex push
@code{push}. With this option, it will try
to use the hesiod library to locate the mail post-office for the user.
@c @item @kbd{--enable-random-mkey}
@c Do not use this option unless you think you know what you are doing.
@item @kbd{--with-mkey=}@var{file}
Put the master key here, the default is @file{/.k}.
@item @kbd{--with-db-dir=}@var{dir}
Where the kerberos database should be stored. The default is
@file{/var/kerberos}.
@item @kbd{--without-berkeley-db}
If you have
@cindex Berkeley DB
@ -108,20 +120,54 @@ since there currently isn't an easy way to convert a dbm database to a
db one (you have to dump the old database and then load it with the new
binaries).
@item @kbd{--disable-shared-afs}
@item @kbd{--without-afs-support}
Do not include AFS support.
@item @kbd{--with-afsws=}@var{dir}
Where your AFS client installation resides. The default is
@file{/usr/afsws}.
@item @kbd{--enable-rxkad}
Build the rxkad library. Normally automatically included if there is AFS.
@item @kbd{--disable-dynamic-afs}
The AFS support in AIX consists of a shared library that is loaded at
runtime. This option disables this, and links with static system
calls. Doing this will make the built binaries crash on a machine that
doesn't have AFS in the kernel (for instance if the AFS module fails to
load at boot).
@item @kbd{--with-mips-api=api}
@item @kbd{--with-mips-api=}@var{api}
This option enables creation of different types of binaries on Irix.
The allowed values are @kbd{32}, @kbd{n32}, and @kbd{64}.
@item @kbd{--enable-legacy-kdestroy}
This compile-time option creates a @code{kdestroy} that does not destroy
any AFS tokens.
@item @kbd{--disable-otp}
Do not build the OTP (@pxref{One-Time Passwords}) library and programs,
and do not include OTP support in the application programs.
@item @kbd{--enable-match-subdomains}
Normally, the host @samp{host.domain} will be considered to be part of
the realm @samp{DOMAIN}. With this option will also enable hosts of the
form @samp{host.sub.domain}, @samp{host.sub1.sub2.domain}, and so on to
be considered part of the realm @samp{DOMAIN}.
@item @kbd{--enable-osfc2}
Enable the use of enhanced C2 security on OSF/1. @xref{Digital SIA}.
@item @kbd{--disable-mmap}
Do not use the mmap system call. Normally, configure detects if there
is a working mmap and it is only used if there is one. Only try this
option if it fails to work anyhow.
@item @kbd{--disable-cat-manpages}
Do not install preformatted man pages.
@c --with-des-quad-checksum
@end table
@node Installing a binary distribution, Finishing the installation, Installing from source, Installing programs
@ -133,7 +179,7 @@ The binary distribution is supposed to be installed in
recommended. A symlink from @file{/usr/athena} to the install directory
should be fine.
@node Finishing the installation, Authentication modules, Installing a binary distribution, Installing programs
@node Finishing the installation, .klogin, Installing a binary distribution, Installing programs
@section Finishing the installation
@pindex su
@ -236,19 +282,64 @@ ttys. (From Wietse Venema)
@end table
@menu
* .klogin::
* Authentication modules::
@end menu
@node Authentication modules, , Finishing the installation, Installing programs
@node .klogin, Authentication modules, Finishing the installation, Installing programs
@comment node-name, next, previous, up
Each user can have an authorization file @file{~@var{user}/.klogin}
@pindex .klogin
that
determines what principals can login as that user. It is similar to the
@file{~user/.rhosts} except that it does not use IP and privileged-port
based authentication. If this file does not exist, the user herself
@samp{user@@LOCALREALM} will be allowed to login. Supplementary local
realms (@pxref{Install the configuration files}) also apply here. If the
file exists, it should contain the additional principals that are to
be allowed to login as the local user @var{user}.
This file is consulted by most of the daemons (@code{rlogind},
@code{rshd}, @code{ftpd}, @code{telnetd}, @code{popper}, @code{kauthd}, and
@code{kxd})
@pindex rlogind
@pindex rshd
@pindex ftpd
@pindex telnetd
@pindex popper
@pindex kauthd
@pindex kxd
to determine if the
principal requesting a service is allowed to receive it. It is also
used by
@pindex su
@code{su}, which is a good way of keeping an access control list (ACL)
on who is allowed to become root. Assuming that @file{~root/.klogin}
contains:
@example
nisse.root@@FOO.SE
lisa.root@@FOO.SE
@end example
both nisse and lisa will be able to su to root by entering the password
of their root instance. If that fails or if the user is not listed in
@file{~root/.klogin}, @code{su} falls back to the normal policy of who
is permitted to su. Also note that that nisse and lisa can login
with e.g. @code{telnet} as root provided that they have tickets for
their root instance.
@node Authentication modules, , .klogin, Installing programs
@comment node-name, next, previous, up
@section Authentication modules
The problem of having different authentication mechanisms has been
recognised by several vendors, and several solutions has appeared. In
most cases these solutions involve some kind of shared modules that are
loaded at run-time. Modules for some of these systems can be found in
@file{lib/auth}. Presently there are modules for Digital's SIA, Linux'
PAM (might also work on Solaris, when PAM gets supported), and IRIX'
@code{login} and @code{xdm} (in @file{lib/auth/afskauthlib}).
@file{lib/auth}. Presently there are modules for Digital's SIA,
Solaris' and Linux' PAM, and IRIX' @code{login} and @code{xdm} (in
@file{lib/auth/afskauthlib}).
@menu
* Digital SIA::
@ -382,9 +473,8 @@ files.
@subsection PAM
The PAM module was written more out of curiosity that anything else. It
has not been updated for quite a while, since none of us are using
Linux, and Solaris does not support PAM yet. We've had positive reports
from at least one person using the module, though.
has not been updated for quite a while, but it seems to mostly work on
both Linux and Solaris.
To use this module you should:
@ -402,5 +492,5 @@ There is currently no support for changing kerberos passwords. Use
kpasswd instead.
See also Derrick J Brashear's @code{<shadow@@dementia.org>} Kerberos PAM
module at @kbd{ftp://ftp.dementia.org/pub/pam}. It has a lot more
module at @* @url{ftp://ftp.dementia.org/pub/pam}. It has a lot more
features, and it is also more in line with other PAM modules.

49
crypto/kerberosIV/doc/problems.texi
View File

@ -23,6 +23,7 @@ datan$ env CC="cc -Ae" ./configure
@end example
@end cartouche
@cindex GCC
In general @kbd{gcc} works. The following combinations have also been
verified to successfully compile the distribution:
@ -56,12 +57,23 @@ Some systems have lost @file{/usr/include/ndbm.h} which is necessary to
build krb4 correctly. There is a @file{ndbm.h.Linux} right next to
the source distribution.
@cindex Linux
There has been reports of non-working @file{libdb} on some Linux
distributions. If that happens, use the @kbd{--without-berkeley-db}
when configuring.
@subheading SunOS 5 (aka Solaris 2) problems
@cindex SunOS 5
When building shared libraries and using some combinations of GNU gcc/ld
you better set the environment variable RUN_PATH to /usr/athena/lib
(your target libdir). If you don't, then you will have to set
LD_LIBRARY_PATH during runtime and the PAM module will not work.
@subheading HP-UX problems
@cindex HP-UX
The shared library @file{/usr/lib/libndbm.sl} doesn't exist on all
systems. To make problems even worse, there is never an archive version
for static linking either. Therefore, when building ``truly portable''
@ -73,8 +85,45 @@ are linking against that library.
@kbd{rlogind} won't work on Crays until @code{forkpty()} has been
ported, in the mean time use @kbd{telnetd}.
@subheading IRIX problems
@cindex IRIX
IRIX has three different ABI:s (Application Binary Interface), there's
an old 32 bit interface (known as O32, or just 32), a new 32 bit
interface (N32), and a 64 bit interface (64). O32 and N32 are both 32
bits, but they have different calling conventions, and alignment
constraints, and similar. The N32 format is the default format from IRIX
6.4.
You select ABI at compile time, and you can do this with the
@samp{--with-mips-abi} configure option. The valid arguments are
@samp{o32}, @samp{n32}, and @samp{64}, N32 is the default. Libraries for
the three different ABI:s are normally installed installed in different
directories (@samp{lib}, @samp{lib32}, and @samp{lib64}). If you want
more than one set of libraries you have to reconfigure and recompile for
each ABI, but you should probably install only N32 binaries.
@cindex GCC
GCC had had some known problems with the different ABI:s. Old GCC could
only handle O32, newer GCC can handle N32, and 64, but not O32, but in
some versions of GCC the structure alignment was broken in N32.
This confusion with different ABI:s can cause some trouble. For
instance, the @file{afskauthlib.so} library has to use the same ABI as
@file{xdm}, and @file{login}. The easiest way to check what ABI to use
is to run @samp{file} on @file{/usr/bin/X11/xdm}.
@cindex AFS
Another problem that you might encounter if you run AFS is that Transarc
apparently doesn't support the 64-bit ABI, and because of this you can't
get tokens with a 64 bit application. If you really need to do this,
there is a kernel module that provides this functionality at
@url{ftp://ftp.pdc.kth.se/home/joda/irix-afs64.tar.gz}.
@subheading AIX problems
@cindex GCC
@kbd{gcc} version 2.7.2.* has a bug which makes it miscompile
@file{appl/telnet/telnetd/sys_term.c} (and possibily
@file{appl/bsd/forkpty.c}), if used with too much optimization.

117
crypto/kerberosIV/doc/setup.texi
View File

@ -92,7 +92,9 @@ ANOTHER.REALM kerberos.another.realm
@end example
The first line defines the name of the local realm. The next few lines
optionally defines supplementary local realms. The rest of the file
optionally defines supplementary local realms.
@cindex supplementary local realms
The rest of the file
defines the names of the kerberos servers and the database
administration servers for all known realms. You can define any number
of kerberos slave servers similar to the one defined on line
@ -111,7 +113,7 @@ support has been added for ports other than the default (750), and
protocols other than UDP.
The formal syntax for an entry is now
@samp{@var{[proto}/@var{]host[}:@var{port]}}. @var{proto} is either
@samp{[@var{proto}/]@var{host}[:@var{port}]}. @var{proto} is either
@samp{UDP}, @samp{TCP}, or @samp{HTTP}, and @var{port} is the port to
talk to. Default value for @var{proto} is @samp{UDP} and for @var{port}
whatever @samp{kerberos-iv} is defined to be in @file{/etc/services} or
@ -145,6 +147,14 @@ server), and then @samp{kerberos-1.@var{REALM}},
@samp{kerberos-2.@var{REALM}}, and so on.
@end enumerate
SRV records have been supported in BIND since 4.9.5T2A. An example
would look like the following in the zone file:
@example
kerberos-iv.udp.foo.se. 1M IN SRV 1 0 750 kerberos-1.foo.se.
kerberos-iv.udp.foo.se. 1M IN SRV 0 0 750 kerberos.foo.se.
@end example
We strongly recommend that you add a CNAME @samp{kerberos.@var{REALM}}
pointing to your kerberos master server.
@ -190,31 +200,43 @@ beginning with a hash (#) are ignored.
The currently defined variables are:
@table @samp
@item krb4_proxy
@cindex krb4_proxy
When getting tickets via HTTP, this specifies the proxy to use. The
default is to speak directly to the KDC.
@item kdc_time_sync
@cindex kdc_time_sync
@item kdc_timeout
@cindex kdc_timeout
The time in seconds to wait for an answer from the KDC (the default is 4
seconds).
@item kdc_timesync
@cindex kdc_timesync
This flag enables storing of the time differential to the KDC when
getting an initial ticket. This differential is used later on to compute
the correct time. This can help if your machine doesn't have a working
clock.
@item kdc_timeout
@cindex kdc_timeout
This allows you to change the default (4 seconds) timeout when talking
to the KDC.
@item firewall_address
@cindex firewall_address
The IP address that hosts outside the firewall see when connecting from
within the firewall. If this is specified, the code will try to compute
the value for @samp{reverse_lsb_test}.
@item krb4_proxy
@cindex krb4_proxy
When getting tickets via HTTP, this specifies the proxy to use. The
default is to speak directly to the KDC.
@item krb_default_tkt_root
@cindex krb_default_tkt_root
The default prefix for ticket files. The default is @file{/tmp/tkt}.
Normally the uid or tty is appended to this prefix.
@item krb_default_keyfile
@cindex krb_default_keyfile
The file where the server keys are stored, the default is @file{/etc/srvtab}.
@item nat_in_use
@cindex nat_in_use
If the client is behind a Network Address Translator (NAT).
@cindex Network Address Translator
@cindex NAT
@item reverse_lsb_test
@cindex reverse_lsb_test
Reverses the test used by @code{krb_mk_safe}, @code{krb_rd_safe},
@code{krb_mk_priv}, and @code{krb_rd_priv} to compute the ordering of
the communicating hosts. This test can cause truble when using
firewalls.
@item firewall_address
@cindex firewall_address
The IP address that hosts outside the firewall see when connecting from
within the firewall. If this is specified, the code will try to compute
the value for @samp{reverse_lsb_test}.
@end table
@node Install the /etc/services, Install the kerberos server, Install the configuration files, How to set up the kerberos server
@ -242,12 +264,15 @@ for the realm @samp{FOO.SE} on a machine called @samp{hemlig.foo.se}.
@subsection Setup the server
Login as root on the console of the kerberos server. Add
@file{/usr/athena/bin} and @file{/usr/athena/sbin} to your path. Run
@file{/usr/athena/bin} and @file{/usr/athena/sbin} to your path. Create
the directory @file{/var/kerberos} (@kbd{mkdir /var/kerberos}), which is
where the database will be stored. Then, to create the database, run
@kbd{kdb_init}:
@pindex kdb_init
@example
@cartouche
hemlig# mkdir /var/kerberos
hemlig# kdb_init
Realm name [default FOO.SE ]:
You will be prompted for the database Master Password.
@ -366,6 +391,8 @@ Principal name: <>
@code{kdb_edit} will loop until you hit the @kbd{return} key at the
``Principal name'' prompt. Now you have added nisse as an administrator.
@page
@node Start the server, Try to get tickets, Add a few important principals, How to set up the kerberos server
@subsection Start the server
@ -470,7 +497,7 @@ Use the @code{kadmin} client to add users to the database:
@example
@cartouche
hemlig# kadmin -u nisse.admin -m
hemlig# kadmin -p nisse.admin -m
Welcome to the Kerberos Administration Program, version 2
Type "help" if you need it.
admin: <add nisse>
@ -669,11 +696,34 @@ the kerberos server, every service needs to have a shared key with the
kerberos server. The service keys are stored in a file, usually called
@file{/etc/srvtab}. This file should not be readable to anyone but
root, in order to keep the key from being divulged. The name of this principal
in the kerberos database is usually the service and the host. The key
for the pop service is called @samp{pop.@var{hostname}}. The one for
rsh/rlogin/telnet is named @samp{rcmd.@var{hostname}}. (rcmd comes from
``remote command''). To create these keys you will use the the
@code{ksrvutil} program. Perform the
in the kerberos database is usually the service name and the hostname. Examples
of such principals are @samp{pop.@var{hostname}} and
@samp{rcmd.@var{hostname}}. (rcmd comes from ``remote command''.) Here
is a list of the most commonly used srvtab types and what programs use them.
@table @asis
@item rcmd.@var{hostname}
rsh, rcp, rlogin, telnet, kauth, su, kx
@item rcmd.kerberos
kprop
@item pop.@var{hostname}
popper, movemail, push
@item sample.@var{hostname}
sample_server, simple_server
@item changepw.kerberos
kadmin, kpasswd
@item krbtgt.@var{realm}
kerberos (not stored in any srvtab)
@item ftp.@var{hostname}
ftp (also tries with rcmd.@var{hostname})
@item zephyr.zephyr
Zephyr
@item afs or afs.@var{cellname}
Andrew File System
@end table
To create these keys you will use the the @code{ksrvutil} program.
Perform the
@pindex ksrvutil
following:
@ -733,9 +783,7 @@ master server fails. It is possible to have any number of such slave
servers but more than three usually doesn't buy much more redundancy.
First select a good server machine. (@pxref{Choose a kerberos
server}). Since the master and slave servers will use copies of the same
database, they need to use the same master key. Add the master key on
the slave with @code{kstash}. (@pxref{Set up the server})
server}).
On the master, add a @samp{rcmd.kerberos} (note, it should be literally
``kerberos'') principal (using @samp{ksrvutil get}). The
@ -760,8 +808,13 @@ that contains the hostnames of your kerberos slave servers.
Start @code{kpropd} with @samp{kpropd -i} on your slave servers.
On your master server, create a dump of the database with @samp{kdb_util
slave_dump /var/kerberos/slave_dump}, and then run @code{kprop}.
On your master server, create a dump of the database and then propagate
it.
@example
foo# kdb_util slave_dump /var/kerberos/slave_dump
foo# kprop
@end example
You should now have copies of the database on your slave servers. You
can verify this by issuing @samp{kdb_util dump @var{file}} on your
@ -771,6 +824,10 @@ server. Note that the entries will not be in the same order.
This procedure should be automated with a script run regularly by cron,
for instance once an hour.
Since the master and slave servers will use copies of the same
database, they need to use the same master key. Add the master key on
the slave with @code{kstash}. (@pxref{Set up the server})
To start the kerberos server on slaves, you first have to copy the
master key from the master server. You can do this either by remembering
the master password and issuing @samp{kstash}, or you can just copy the
@ -815,6 +872,8 @@ principals should be @samp{krbtgt.OTHER.REALM} in @samp{MY.REALM}, and
principals should have the same key (and key version number). Remember
to transfer this key in a safe manner. This is all that is required.
@page
@example
@cartouche
blubb$ klist

Some files were not shown because too many files have changed in this diff Show More