d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

KerberosIV deorbit sequence: Re-entry. Thank you, faithful friend.

Browse Source 
Enjoy your retirement in ports.
This commit is contained in:
Mark Murray 2003-03-08 12:55:48 +00:00
parent b7d3fc8d5b
commit 4d20ef3ca0
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=111993
703 changed files with 0 additions and 150778 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

161
crypto/kerberosIV/COPYRIGHT
View File

@ -1,161 +0,0 @@
Copyright (c) 1995-1999 Kungliga Tekniska Högskolan
(Royal Institute of Technology, Stockholm, Sweden).
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. Neither the name of the Institute nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by Eric Young (eay@mincom.oz.au)
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
Copyright (c) 1983, 1990 The Regents of the University of California.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by the University of
California, Berkeley and its contributors.
4. Neither the name of the University nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
Copyright (C) 1990 by the Massachusetts Institute of Technology
Export of this software from the United States of America is assumed
to require a specific license from the United States Government.
It is the responsibility of any person or organization contemplating
export to obtain such a license before exporting.
WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
distribute this software and its documentation for any purpose and
without fee is hereby granted, provided that the above copyright
notice appear in all copies and that both that copyright notice and
this permission notice appear in supporting documentation, and that
the name of M.I.T. not be used in advertising or publicity pertaining
to distribution of the software without specific, written prior
permission. M.I.T. makes no representations about the suitability of
this software for any purpose. It is provided "as is" without express
or implied warranty.
Copyright 1987, 1989 by the Student Information Processing Board
of the Massachusetts Institute of Technology
Permission to use, copy, modify, and distribute this software
and its documentation for any purpose and without fee is
hereby granted, provided that the above copyright notice
appear in all copies and that both that copyright notice and
this permission notice appear in supporting documentation,
and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
used in advertising or publicity pertaining to distribution
of the software without specific, written prior permission.
M.I.T. and the M.I.T. S.I.P.B. make no representations about
the suitability of this software for any purpose. It is
provided "as is" without express or implied warranty.
Copyright 1992 Simmule Turner and Rich Salz. All rights reserved.
This software is not subject to any license of the American Telephone
and Telegraph Company or of the Regents of the University of California.
Permission is granted to anyone to use this software for any purpose on
any computer system, and to alter it and redistribute it freely, subject
to the following restrictions:
1. The authors are not responsible for the consequences of use of this
software, no matter how awful, even if they arise from flaws in it.
2. The origin of this software must not be misrepresented, either by
explicit claim or by omission. Since few users ever read sources,
credits must appear in the documentation.
3. Altered versions must be plainly marked as such, and must not be
misrepresented as being the original software. Since few users
ever read sources, credits must appear in the documentation.
4. This notice may not be removed or altered.

5519
crypto/kerberosIV/ChangeLog
View File

File diff suppressed because it is too large Load Diff

73
crypto/kerberosIV/Makefile.in
View File

@ -1,73 +0,0 @@
# $Id: Makefile.in,v 1.36 1999/03/01 13:04:23 joda Exp $
srcdir = @srcdir@
prefix = @prefix@
VPATH = @srcdir@
SHELL = /bin/sh
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
TRAVELKIT = appl/kauth/kauth kuser/klist appl/telnet/telnet/telnet \
appl/ftp/ftp/ftp appl/kx/kx appl/kx/rxtelnet
@SET_MAKE@
SUBDIRS = include lib kuser server slave admin kadmin appl man doc
all:
for i in $(SUBDIRS); \
do (cd $$i && $(MAKE) $(MFLAGS) all); done
Wall:
make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
check:
cd lib && $(MAKE) $(MFLAGS) check
install:
$(MKINSTALLDIRS) $(DESTDIR)$(prefix)
for i in $(SUBDIRS); \
do (cd $$i && $(MAKE) $(MFLAGS) install); done
install-strip:
$(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' install
uninstall:
for i in $(SUBDIRS); \
do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
travelkit: all
$(MKINSTALLDIRS) tmp
for i in $(TRAVELKIT); \
do $(INSTALL_PROGRAM) $$i tmp; done
(cd tmp; tar cf ../travelkit.tar `for i in $(TRAVELKIT); do basename $$i; done`)
rm -rf tmp
travelkit-strip:
$(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' travelkit
TAGS:
find . -name '*.[chyl]' -print | etags -
clean:
for i in $(SUBDIRS); \
do (cd $$i && $(MAKE) $(MFLAGS) clean); done
mostlyclean: clean
distclean:
$(MAKE) clean
for i in $(SUBDIRS); \
do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
rm -f Makefile config.status config.cache config.log version.h newversion.h.in version.h.in *~
realclean:
for i in $(SUBDIRS); \
do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
$(srcdir)/aclocal.m4:
cd $(srcdir) && aclocal -I cf
.PHONY: all Wall check install install-strip uninstall travelkit travelkit-strip clean mostlyclean distclean realclean

755
crypto/kerberosIV/NEWS
View File

@ -1,755 +0,0 @@
Changes in release 1.0.5:
* Remember to update version string.
* Build fixes
* multiple local realm fix in krb_verify_user
Changes in release 1.0.4:
* Only allow a small list of environment variables in telnetd
* Fix one buffer overflow in libkrb
* Make su handle multiple local realms
* Build pic-ed archives (to be used with the pam module)
* do not handle environment variables, use krb.extra instead
* Disable KRBCONFDIR environment variable for root
* fix shared libraries building on solaris
Changes in release 1.0.3:
* Handle DoS attacks in the KDC and the admin server better.
* updated config.guess and config.sub
* better db/gdbm discovery
* bug fixes
Changes in release 1.0.2:
* Fix syslog(LOG_FOO, bug) calls in kauthd, kipd
* Fix bug with systems have a 64bit `time_t'
* Port to Solaris 8 (aka SunOS 5.8), HP-UX 11
* Add AIX fix for shared libraries
* Make afslog work with Arla
* Be more paranoid about setuid for the sake of Linux 2.2.15
* Make rshd afslog to the cell of the home directory
* Improved kip/kipd
* syslog with correct level in popper
* install libraries correctly in lib/sl
* more paranoia when overwriting and removing ticket files
Changes in release 1.0.1:
* Fix bug in ftpd when accepting connections
* Make `-d' in kauth not imply `-a'
* Adapt sia to new TKT_ROOT
* Define `sockaddr_storage' in a fashion that works on
alignment-restricted architectures
* Rewrite PAM module to work better.
* Make all files in libdes build with CFLAGS
Changes in release 1.0:
* A new configuration option `nat_in_use' in krb.extra to ease use
through Network Address Translators.
* Support configuration value of KEYFILE and TKT_ROOT in krb.extra
* Easier building on some platforms
* built-in ls in ftpd.
* Bug fixes.
Changes in release 0.10:
* Some support for Irix 6.5 capabilities
* Improved kadmin interface; you can get more info via kadmin.
* Some improved support for OSF C2.
* General bug-fixes and improvements, including a large number of
potential buffer overrun fixes. A large number of portability
improvements.
* Support for multiple local realms.
* Support batch kadmin operation.
* Heimdal support in push.
* Removed `--with-shared' configure option (use `--enable-shared'.)
* Now uses Autoconf 2.13.
Changes in release 0.9.9:
* New configuration file /etc/krb.extra
* New program `push' for popping mail.
* Add (still little tested) support for maildir spool files in popper.
* Added `delete' to ksrvutil.
* Support the strange X11 sockets used on HP-UX and some versions of
Solaris.
* Arla compatibility in libkafs.
* More compatibility with the Solaris version of libkrb.
* New configure option `--with-mips-abi'
* Support `/etc/securetty' in login.
* Bug fixes and improvements to the Win32 telnet.
* Add support for installing with DESTDIR
* SIA module with added support for password changing, and
reauthentication.
* Add better support for MIT `compile_et' and `mk_cmds', this should
make it easier to build things like `zephyr'.
* Bug fixes:
- Krb: fixed dangling references to flock in libkrb
- FTP: fixed `logwtmp' name conflict
- Telnet: fix a few literal IP-number bugs
- Telnet: hopefully fixed stair-stepping bug
- Kafs: don't store expired tokens in the kernel
- Kafs: fix broken installation of afslib.so in AIX
Changes in release 0.9.8:
* several bug fixes; some which deserve mentioning:
- fix non-working `kauth -h'
- the sia-module should work again
- don't leave tickets in popper
Changes in release 0.9.7:
* new configure option --disable-otp
* new configure option --with-afsws
* includes rxkad implementation
* ftp client is more careful with suspicious filenames (|, .., /)
* fixed setuid-vulnerability of rcp, rlogin, and rsh.
* removed use of tgetent from telnetd (thereby eliminating buffer-overflow)
* new commands in ftp and ftpd: kdestroy, krbtkfile, and afslog.
* implement HTTP transport in libkrb and KDC.
* win32 terminal program much improved. also implemented ticket
management program.
* introduce `-i' option to kerberos server for listening only on one
interface.
* updated otp applications and man pages.
* merged in libdes 4.01
* popper is more resilient to badly formatted mails.
* minor fixes for Cray support.
* fix popen bug i ftpd.
* lots of bug fixes and portability fixes.
* better compatibility with Heimdal.
Minor changes in release 0.9.6:
* utmp(x) works correctly on systems with utmpx.
* A security-related bug in ftpd fixed.
* Compiles on solaris 2.4, 2.6 and on WinNT/95 with cygwin32 beta18.
* New option `-w' to rxtelnet, rxterm.
Major changes in release 0.9.5:
* We made some changes to be compatible with the other kerberised ftp
implementations and this means that an old kerberised ftp client will
not be able to talk to a new ftp server. So try to upgrade your ftp
clients and servers at the same time. The reason for this change is
described in more detail below.
* The interpretation of /etc/ftpusers has changed slightly, see
ftpusers(5). These changes come from NetBSD.
* The function `des_quad_cksum', which is used by `krb_rd_safe', and
`krb_mk_safe', has never been compatible with MIT's DES
library. This has now been fixed.
This fix will however break some programs that used those functions,
for instance `ftp'. In this version `krb_rd_safe' is modified to
accept checksums of both the new and the old format; `krb_mk_safe'
will always emit checksums of the new type *unless* `krb_rd_safe'
has detected that the client is using the old checksum (this feature
may be removed in some future release).
If you have programs that use `krb_mk_safe' and `krb_rd_safe' you
should upgrade all clients before upgrading your servers. Client is
here defined as the program that first calls `krb_rd_safe'.
If you are using some protocol that talks to more than one client or
server in one session, the heuristics to detect which kind of
checksum to use might fail.
The problem with `des_quad_cksum' was just a byte-order problem, so
there are no security problems with using the old versions. Thanks
to Derrick J Brashear <shadow@DEMENTIA.ORG> for pointing in the
right general direction.
* Rewrote kx to work always open TCP connections in the same
direction. This was needed to make it work through NATs and is
generally a cleaner way of doing it. Also added `tenletxr'.
Unfortunately the new protocol is not compatible with the old one.
The new kx and kxd programs try to figure out if they are talking to
old versions.
* Quite a bit of new functionality in otp. Changed default hash
function to `md5'. Fixed implementation of SHA and added downcasing
of seed to conform with `draft-ietf-otp-01.txt'. All verification
examples in the draft now work.
* Fixed buffer overflows.
* Add history/line editing in kadmin and ftp.
* utmp/utmpx and wtmp/wtmpx might work better on strange machines.
* Bug fixes for `rsh -n' and `rcp -x'.
* reget now works in ftp and ftpd. Passive mode works. Other minor
bug fixes as well.
* New option `-g umask' to ftpd for specifying the umask for anonymous users.
* Fix for `-l' option in rxtelnet and rxterm.
* XOVER support in popper.
* Better support for building shared libraries.
* Better support for talking to the KDC over TCP. This could make it
easier to use brain-damaged firewalls.
* Support FreeBSD-style MD5 /etc/passwd.
* New option `-createuser' to afslog.
* Upgraded to work with socks5-v1.0r1.
* Almost compiles and works on OS/2 with EMX, and Win95/NT with gnu-win32.
* Merged in win32-telnet, see README-WIN32 for more details.
* Possibly fixed telnet bug on HP-UX 10.
* Updated man-pages.
* Support for NetBSD/OpenBSD manual page circus.
* Bug fixes.
Major changes in release 0.9.3:
* kx has been rewritten and is now a lot easier to use. Two new
scripts: rxtelnet and rxterm. It also works on machines such as
Cray where the X-libraries cannot talk unix sockets.
* experimental OTP (RFC1938). Included in login, ftpd, and popper.
* authentication modules: PAM for linux, SIA for OSF/1, and
afskauthlib for Irix.
* popper now has the UIDL command.
* ftpd can now tar and compress files and directories on the fly, also
added a find site command.
* updated documentation and man pages.
* Change kuserok so that it acts as if luser@LOCALREALM is always an
entry of .klogin, even when it's not possible to verify that there
is no such file or the file is unreadable.
* Support for SRV-records.
* Socks v5 support.
* rcp is AFS-aware.
* allow for other transport mechanisms than udp (useful for firewall
tormented souls); as a side effect the format of krb.conf had to
become more flexible
* sample programs included.
* work arounds for Linux networking bugs in rlogind and rlogin.
* more portable
* quite a number of improvments/bugfixes
* New platforms: HP-UX 10, Irix 6.2
Major changes in release 0.9.2a:
* fix annoying bug with kauth (et al) returning incorrect error
Major changes in release 0.9.2:
* service `kerberos-iv' and port 750 has been registered with IANA.
* Bugfixes.
- Compiles with gcc on AIX.
- Compiles with really old resolvers.
- ftp works with afs string-to-key.
- shared libraries should work on Linux/ELF.
- some potential buffer overruns.
- general code clean-up.
* Better Cray/UNICOS support.
* New platforms: AIX 4.2, IRIX 6.1, and Linux 2.0
Major changes in release 0.9.1:
* Mostly bugfixes.
- No hardcoded references to /usr/athena
- Better Linux support with rlogin
- Fix for broken handling of NULL password in kadmind (such as with
`ksrvutil change')
- AFS-aware programs should work on AIX systems without AFS
* New platforms: Digital UNIX 4.0 and Fujitsu UXP/V
* New mechanism to determine realm from hostname based on DNS. To find
the realm of a.b.c.d it tries to find krb4-realm.a.b.c.d and then
krb4-realm.b.c.d and so on. The entry in DNS should be a TXT record
with the realm name.
krb4-realm.pdc.kth.se. 7200 TXT "NADA.KTH.SE"
Major changes in release 0.9:
* Tested platforms:
Dec Alpha OSF/1 3.2 with cc -std1
HP 9000/735 HP/UX 9.05 with gcc
DEC Pmax Ultrix 4.4 with gcc (cc does not work)
IBM RS/6000 AIX 4.1 with xlc (gcc works, cc does not)
SGI IRIX 5.3 with cc
Sun SunOS 4.1.4 with gcc (cc is not ANSI and does not work)
Sun SunOS 5.5 with gcc
Intel i386 NetBSD 1.2 with gcc
Intel i386 Linux 1.3.95 with gcc
Cray J90 Unicos 9 with cc
* Mostly ported to Crays running Unicos 9.
* S/Key-support in ftpd.
* Delete operation supported in kerberos database.
* Cleaner and more portable code.
* Even less bugs than before.
* kpopper now supports the old pop3 protocol and has been renamed to popper.
* rsh can be renamed remsh.
* Experimental program for forwarding IP over a kerberos tunnel.
* Updated to libdes 3.23.
Major changes in release 0.8:
* New programs: ftp & ftpd.
* New programs: kx & kxd. These programs forward X connections over
kerberos-encrypted connections.
* Incorporated version 3.21 of libdes.
* login: No double utmp-entries on Solaris.
* kafs
* Better guessing of what realm a cell belongs to.
* Support for authenticating to several cells. Reads
/usr/vice/etc/TheseCells, if present.
* ksrvutil: Support for generating AFS keys.
* login, su, rshd, rlogind: tries to counter possible NIS-attack.
* xnlock: several bug fixes and support for more than one screen.
* Default port number for ekshell changed from 2106 to 545. kauth
port changed from 4711 to 2120.
* Rumored to work on Fujitsu UXP/V and Cray UNICOS.
Major changes in release 0.7:
* New experimental masterkey generation. Enable with
--enable-random-mkey. Also the default place for the master key has
moved from /.k to /var/kerberos/master-key. This is customizable
with --with-mkey=file. If you don't want you master key to be on the
same backup medium as your database, remember to use this flag. All
relevant programs still checks for /.k.
* `-t' option to kadmin.
* Kpopper uses kuserok to verify if user is allowed to pop mail.
* Kpopper tries to locate the mail spool directory: /var/mail or
/var/spool/mail.
* kauth has ability to get ticket on a remove host with the `-h' option.
* afslog (aklog clone) and pagsh included.
* New format for /etc/krb.equiv.
* Better multi-homed hosts support in kauth, rcp, rlogin, rlogind,
rshd, telnet, telnetd.
* rlogind works on ultrix and aix 3.2.
* lots of bug fixes.
Major changes in release 0.6:
* Tested platforms:
DEC/Alpha OSF3.2
HP700 HPux 9.x
Dec/Pmax Ultrix 4.4 (rlogind not working)
IBM RS/6000 AIX 3.2 (rlogind not working)
IBM RS/6000 AIX 4.1
SGI Irix 5.3
Sun Sunos 4.1.x
Sun Sunos 5.4
386 BSD/OS 2.0.1
386 NetBSD 1.1
386 Linux 1.2.13
It is rumored to work to some extent on NextStep 3.3.
* ksrvutil get to create new keys and put them in the database at the
same time.
* Support for S/Key in login.
* kstring2key: new program to show string to key conversion.
* Kerberos server should now listen on all available network
interfaces and on both port 88 and 750.
* Timeout in kpopper.
* Support password quality checks in kadmind. Use --with-crack-lib to
link kadmind with cracklib. The patches in cracklib.patch are needed.
* Movemail from emacs 19.30.
* Logging format uses four digits for years.
* Fallback if port numbers are not listed in /etc/services.
* Relesed version 0.5
* lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the
same code is used both for posix termios and others.
* rsh, rlogin: Add environment variable RSTAR_NO_WARN which when
set to "yes" make warnings about "rlogin: warning, using standard
rlogin: remote host doesn't support Kerberos." go away.
* admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update):
Optimized so that it can handle large databases, previously a
10000 entry DB would take *many* minutes, this can now be done in
under a minute.
* Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64
bit machines. Source should now be free of 64 bit assumptions.
* admin/copykey.c (copy_from_key): New functions for copying to
and from keys. Neccessary to solve som problems with longs on 64
bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab.
* lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems
with longs on 64 bit machines.
* appl/bsd/login.c (main): Lots of stuff to support Psoriasis
login. Courtesy of gertz@lysator.liu.se.
* configure.in, all Makefile.in's: Support for Linux shared
libraries. Courtesy of svedja@lysator.liu.se.
* lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno
= KRB_PROT_VERSION; from server kode to libkrb where it really
belongs.
* appl/bsd/forkpty.c (forkpty): New function that allocates master
and slave ptys in a portable way. Used by rlogind.
* appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the
same utmpx slot got used by sevral sessions. Courtesy of
gertz@lysator.liu.se.
* util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of
svedja@lysator.liu.se.
* Fix the above Makefiles to work around bugs in Solaris and OSF/1
make rules that was triggered by VPATH functionality in the yacc
and lex rules.
* appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg):
Use stdarg instead of varargs. The code is still broken though,
you'll realize that on a machine with 64 bit pointers and 32 bit
int:s and no vsprintf, let's hope there will be no such beasts ;-).
* appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems
have (or need) modules ttcompat and pckt so don't flag it as a
fatal error if they don't exist.
* kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c
(kadm_listen): Add kludge for kadmind running on a multihomed
server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h
if you need this feature.
* appl/Makefile.in (SUBDIRS): Add applications movemail kpopper
and xnlock.
* appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not
implemented yet though.
* appl/xnlock/Makefile.in: Some stubs for X11 programs in
configure.in as well as a kerberized version of xnlock.
* appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback
port numbers if they can not be found using getservbyname.
* appl/bsd/klogin.c (klogin): Use differnet ticket files for each
login so that a malicous user won't be able to destroy our tickets
with a failed login attempt.
* lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if
there is no such thing try afs@CELL instead. There is now two
arguments to k_afslog(char *cell, char *realm).
* kadmin/admin_server.c (kadm_listen): If we are multihomed we
need to figure out which local address that is used this time
since it is used in "direction" comparison.
* kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default
port number.
* lib/krb/send_to_kdc.c (send_to_kdc): Default port number
(KRB_PORT) was not in network byte order.
* lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct
when selecting.
* appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c:
Now does fallback if there isn't any entries in /etc/services for
klogin/kshell. This also made the code a bit more pretty.
* appl/bsd/login.c: Added support for lots of more struct utmp fields.
If there is no ttyslot() use setutent and friends.
* appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c:
Added extern iruserok().
* appl/bsd/iruserok.c: Initial revision
* appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis.
* appl/bsd/Makefile.in: New install
* appl/bsd/pathnames.h: Fix default path, rsh and rlogin.
* appl/bsd/rshd.c: Extend default PATH with bindir to find rcp.
* appl/bsd/login.c (login): If there is no ttyslot use setutent
and friends. Added support for lots of more struct utmp fields.
* server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h:
Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros.
* appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than
_PATH_DEF.
* appl/bsd/login.c, su.c (main): Use fallback to bourne shell if
running as root.
* appl/bsd/su.c (main): Update usage message to reflect that '-'
option must come after the ordinary options and before login-id.
* appl/telnet/telnetd/telnetd.c (doit): If remote host name is to
long to fit into utmp try to remove domain part if it does match
our local domain.
(main): Add new option -L /bin/login so that it is possible to
specify an alternate login program.
* appl/telnet/telnet/commands.c (env_init): When exporting
variable DISPLAY and if hostname is not the full name, try to get
the full name from DNS.
* appl/telnet/telnet/main.c (main): Option -k realm was broken due
to a bogous external declaration.
* kadmin/kadmin.c (add_new_key): Kadmin now properly sets
lifetime, expiration date and attributes in add_new_key command.
* appl/bsd/su.c (main): Don't handle '-' option with getopt.
* appl/telnet/telnet/externs.h: Removed protection for multiple
inclusions of termio(s).h since it broke definition of termio
macro on POSIX systems.
* lib/krb/lifetime.c (krb_life_to_time): If you want to disable
AFS compatible long lifetimes set krb_no_long_lifetimes = 1.
Please note that the long lifetimes are 100% compatible up to
10h so this should rarely be necessary.
* lib/krb/krb_equiv.c (krb_equiv): If you don't want to use
ipaddress protection of tickets set krb_ignore_ip_address. This
makes it possible for an intruder to steal a ticket and then use
it from som other machine anywhere on the net.
* kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one
local address. Accept request on all interfaces.
* admin/kdb_edit.c (change_principal): Don't accept illegal
dates. Courtesy of gertz@lysator.liu.se.
* configure.in: AIX specific libraries needed when using standard
libc routine getttyent, IBM should be ashamed!
* lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t
problem.
* Added strdup for su and rlogin.
* Fix for old syslog macros in appl/bsd/bsd_locl.
* lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New
ifdef HAVE_NEW_DB for new databases residing in one file only.
* appl/bsd/rlogin.c (oob): Add workaround for Linux.
* appl/bsd/getpass.c: New routine that reads up to 127 char
passwords. Used in su.c and login.c.
* appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY
should not be used on HP-UX.
==========================*** Released 0.2? ***=============================
ksrvutil
If there is a dot in the about to be added principals name there is
no need to ask for instance name.
kerberos & kadmind
Logfiles are created with small permissions (600).
krb.conf and krb.realms
Use domain part as realm name if there is no match in krb.realms.
Use kerberos.REALMNAME if there is no match in krb.realms.
rlogin
The rlogin client is supported both with and without encryption,
there is no rlogind yet though.
login
There is login program that supports the -f option. Both kerberos
and /etc/passwd authentication is enabled.
Vendors login programs typically have no -f option (needed by
telnetd) and also does not know how to verify passwords againts
kerberos.
appl/bsd/*
Now uses POSIX signals.
kdb_edit, kadmin
Generate random passwords if administrator enters empty password.
lib/kafs
New library to support AFS. Routines:
int k_hasafs(void);
int k_afsklog(...); or some other name
int k_setpag(void);
int k_unlog(void);
int k_pioctl(char *, int, struct ViceIoctl *, int);
Library supports more than one single entry point AFS syscalls
(needed be HP/UX and OSF/1 when running DFS). Doesn't rely on
transarc headers or library code. Same binaries can be used both on
machines running AFS and others.
This library is used in telnetd, login and the r* programs.
telnet & telnetd
Based on telnet.95.05.31.NE but with the encryption hacks from
ftp.funet.fi:/pub/unix/security/esrasrc-1.0 added. This encryption
stuff needed some more modifications (done by joda@nada.kth.se)
before it was usable. Telnet has also been modified to use GNU
autoconf.
Numerous other changes that are long since forgotten.

147
crypto/kerberosIV/PROBLEMS
View File

@ -1,147 +0,0 @@
Problems compiling Kerberos
===========================
Many compilers require a switch to become ANSI compliant. Since krb4 is
written in ANSI C it is necessary to specify the name of the compiler
to be used and the required switch to make it ANSI compliant. This is
most easily done when running configure using the `env' command. For
instance to build under HP-UX using the native compiler do:
datan$ env CC="cc -Ae" ./configure
In general `gcc' works. The following combinations have also been
verified to successfully compile the distribution:
`HP-UX'
`cc -Ae'
`Digital UNIX'
`cc -std1'
`AIX'
`xlc'
`Solaris 2.x'
`cc' (unbundled one)
`IRIX'
`cc'
Linux problems
--------------
The libc functions gethostby*() under RedHat4.2 can sometimes cause
core dumps. If you experience these problems make sure that the file
`/etc/nsswitch.conf' contains a hosts entry no more complex than the
line
hosts: files dns
Some systems have lost `/usr/include/ndbm.h' which is necessary to
build krb4 correctly. There is a `ndbm.h.Linux' right next to the
source distribution.
There has been reports of non-working `libdb' on some Linux
distributions. If that happens, use the `--without-berkeley-db' when
configuring.
SunOS 5 (aka Solaris 2) problems
--------------------------------
When building shared libraries and using some combinations of GNU gcc/ld
you better set the environment variable RUN_PATH to /usr/athena/lib
(your target libdir). If you don't, then you will have to set
LD_LIBRARY_PATH during runtime and the PAM module will not work.
HP-UX problems
--------------
The shared library `/usr/lib/libndbm.sl' doesn't exist on all systems.
To make problems even worse, there is never an archive version for
static linking either. Therefore, when building "truly portable"
binaries first install GNU gdbm or Berkeley DB, and make sure that you
are linking against that library.
Cray problems
-------------
`rlogind' won't work on Crays until `forkpty()' has been ported, in the
mean time use `telnetd'.
IRIX problems
-------------
IRIX has three different ABI:s (Application Binary Interface), there's
an old 32 bit interface (known as O32, or just 32), a new 32 bit
interface (N32), and a 64 bit interface (64). O32 and N32 are both 32
bits, but they have different calling conventions, and alignment
constraints, and similar. The N32 format is the default format from IRIX
6.4.
You select ABI at compile time, and you can do this with the
`--with-mips-abi' configure option. The valid arguments are `o32',
`n32', and `64', N32 is the default. Libraries for the three different
ABI:s are normally installed installed in different directories (`lib',
`lib32', and `lib64'). If you want more than one set of libraries you
have to reconfigure and recompile for each ABI, but you should probably
install only N32 binaries.
GCC had had some known problems with the different ABI:s. Old GCC could
only handle O32, newer GCC can handle N32, and 64, but not O32, but in
some versions of GCC the structure alignment was broken in N32.
This confusion with different ABI:s can cause some trouble. For
instance, the `afskauthlib.so' library has to use the same ABI as
`xdm', and `login'. The easiest way to check what ABI to use is to run
`file' on `/usr/bin/X11/xdm'.
Another problem that you might encounter if you run AFS is that Transarc
apparently doesn't support the 64-bit ABI, and because of this you can't
get tokens with a 64 bit application. If you really need to do this,
there is a kernel module that provides this functionality at
<ftp://ftp.pdc.kth.se/home/joda/irix-afs64.tar.gz>.
AIX problems
------------
`gcc' version 2.7.2.* has a bug which makes it miscompile
`appl/telnet/telnetd/sys_term.c' (and possibily `appl/bsd/forkpty.c'),
if used with too much optimization.
Some versions of the `xlc' preprocessor doesn't recognise the
(undocumented) `-qnolm' option. If this option is passed to the
preprocessor (like via the configuration file `/etc/ibmcxx.cfg',
configure will fail.
The solution is to remove this option from the configuration file,
either globally, or for just the preprocessor:
$ cp /etc/ibmcxx.cfg /tmp
$ed /tmp/ibmcxx.cfg
8328
/nolm
options = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000,-qnolm
s/,-qnolm//p
options = -D_AIX,-D_AIX32,-D_AIX41,-D_AIX43,-D_IBMR2,-D_POWER,-bpT:0x10000000,-bpD:0x20000000
w
8321
q
$ env CC=xlc CPP="xlc -E -F/tmp/ibmcxx.cfg" configure
There is a bug in AFS 3.4 version 5.38 for AIX 4.3 that causes the
kernel to panic in some cases. There is a hack for this in `login', but
other programs could be affected also. This seems to be fixed in
version 5.55.
C2 problems
-----------
The programs that checks passwords works with `passwd', OTP, and
Kerberos paswords. This is problem if you use C2 security (or use some
other password database), that normally keeps passwords in some obscure
place. If you want to use Kerberos with C2 security you will have to
think about what kind of changes are necessary. See also the discussion
about Digital's SIA and C2 security, see *Note Digital SIA::.

47
crypto/kerberosIV/README
View File

@ -1,47 +0,0 @@
*** PLEASE REPORT BUGS AND PROBLEMS TO kth-krb-bugs@nada.kth.se ***
This is a severly hacked up version of Eric Young's eBones-p9 kerberos
version. The DES library has been updated with his 3.23 version and
numerous patches collected over the years have been applied to both
the kerberos and DES sources, most notably the CMU patches for extended
lifetimes that AFS uses. There is also support for AFS built into most
programs.
The source has been changed to use ANSI C and POSIX to the largest
possible extent. The code in util/et and appl/bsd have not been
updated in this way though (they really need it).
Telnet and telnetd are based on the telnet.95.10.23.NE.tar.Z. Kerberos
authentication is the default and warnings are issued by telnetd if
the telnet client does not turn on encryption.
The r* programs in appl/bsd have been updated with newer sources from
NetBSD and FreeBSD. NOTE: use of telnet is prefered to the use of
rlogin which is a temporary hack and not an Internet standard (and has
only been documented quite recently). Telnet uses kerberos
authentication to prevent the passing of cleartext passwords and is
thus superior to rlogin.
The distribution has been configured to primarily use kerberos
authentication with a fallback to /etc/passwd passwords. This should
make it easy to do a slow migration to kerberos. OTP support is also
included in login, popper, and ftpd.
All programs in this distribution follow these conventions:
/usr/athena/bin: User programs
/usr/athena/sbin: Administrator programs
/usr/athena/libexec: Daemons
/etc: Configuration files
/var/log: Logfiles
/var/kerberos: Kerberos database and ACL files
A W3-page is at http://www.pdc.kth.se/kth-krb/
You can get some documentation from ftp://ftp.pdc.kth.se/pub/krb/doc.
Please report bugs and problems to kth-krb-bugs@nada.kth.se
There is a mailing list discussing kerberos at krb4@sics.se, send a
message to majordomo@sics.se to subscribe.

42
crypto/kerberosIV/TODO
View File

@ -1,42 +0,0 @@
-*- indented-text -*-
rlogind, rshd, popper, ftpd (telnetd uses nonce?)
Add a replay cache.
rcp
figure out how it should really behave with -r
telnet, rlogin, rsh, rcp
Some form of support for ticket forwarding, perhaps only for AFS tickets.
telnet, telnetd
Add negotiation for keep-alives.
rlogind
Fix utmp logging.
documentation
Write more info on:
* how to use
rshd
Read default environment from /etc/default/login and other files.
Encryption without secondary port is bugged, it currently does no
encryption. But, nobody uses it anyway.
autoconf
libraries
generate archive and shared libraries in some portable way.
ftpd
kx
Compress and recode X protocol?
kip
Other kinds of encapsulations?
Tunnel device as loadable kernel module.
Speed?
BUGS
Where?

172
crypto/kerberosIV/acconfig.h
View File

@ -1,172 +0,0 @@
/* $Id: acconfig.h,v 1.105 1999/12/02 13:09:41 joda Exp $ */
@BOTTOM@
#undef HAVE_INT8_T
#undef HAVE_INT16_T
#undef HAVE_INT32_T
#undef HAVE_INT64_T
#undef HAVE_U_INT8_T
#undef HAVE_U_INT16_T
#undef HAVE_U_INT32_T
#undef HAVE_U_INT64_T
/* This for compat with heimdal (or something) */
#define KRB_PUT_INT(f, t, l, s) krb_put_int((f), (t), (l), (s))
#define HAVE_KRB_ENABLE_DEBUG 1
#define HAVE_KRB_DISABLE_DEBUG 1
#define HAVE_KRB_GET_OUR_IP_FOR_REALM 1
#define RCSID(msg) \
static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
/*
* Set ORGANIZATION to be the desired organization string printed
* by the 'kinit' program. It may have spaces.
*/
#define ORGANIZATION "eBones International"
#if 0
#undef BINDIR
#undef LIBDIR
#undef LIBEXECDIR
#undef SBINDIR
#endif
#if 0
#define KRB_CNF_FILES { "/etc/krb.conf", "/etc/kerberosIV/krb.conf", 0}
#define KRB_RLM_FILES { "/etc/krb.realms", "/etc/kerberosIV/krb.realms", 0}
#define KRB_EQUIV "/etc/krb.equiv"
#define KEYFILE "/etc/srvtab"
#define KRBDIR "/var/kerberos"
#define DBM_FILE KRBDIR "/principal"
#define DEFAULT_ACL_DIR KRBDIR
#define KRBLOG "/var/log/kerberos.log" /* master server */
#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */
#define KADM_SYSLOG "/var/log/admin_server.syslog"
#define K_LOGFIL "/var/log/kpropd.log"
#endif
/* Maximum values on all known systems */
#define MaxHostNameLen (64+4)
#define MaxPathLen (1024+4)
/* ftp stuff -------------------------------------------------- */
#define KERBEROS
/* telnet stuff ----------------------------------------------- */
/* define this for OTP support */
#undef OTP
/* define this if you have kerberos 4 */
#undef KRB4
/* define this if you want encryption */
#undef ENCRYPTION
/* define this if you want authentication */
#undef AUTHENTICATION
#if defined(ENCRYPTION) && !defined(AUTHENTICATION)
#define AUTHENTICATION 1
#endif
/* Set this if you want des encryption */
#undef DES_ENCRYPTION
/* Set this to the default system lead string for telnetd
* can contain %-escapes: %s=sysname, %m=machine, %r=os-release
* %v=os-version, %t=tty, %h=hostname, %d=date and time
*/
#undef USE_IM
/* define this if you want diagnostics in telnetd */
#undef DIAGNOSTICS
/* define this if you want support for broken ENV_{VALUE,VAR} systems */
#undef ENV_HACK
/* */
#undef OLD_ENVIRON
/* Used with login -p */
#undef LOGIN_ARGS
/* set this to a sensible login */
#ifndef LOGIN_PATH
#define LOGIN_PATH BINDIR "/login"
#endif
/* ------------------------------------------------------------ */
#ifdef BROKEN_REALLOC
#define realloc(X, Y) isoc_realloc((X), (Y))
#define isoc_realloc(X, Y) ((X) ? realloc((X), (Y)) : malloc(Y))
#endif
#ifdef VOID_RETSIGTYPE
#define SIGRETURN(x) return
#else
#define SIGRETURN(x) return (RETSIGTYPE)(x)
#endif
/* Temporary fixes for krb_{rd,mk}_safe */
#define DES_QUAD_GUESS 0
#define DES_QUAD_NEW 1
#define DES_QUAD_OLD 2
/*
* All these are system-specific defines that I would rather not have at all.
*/
/*
* AIX braindamage!
*/
#if _AIX
#define _ALL_SOURCE
/* XXX this is gross, but kills about a gazillion warnings */
struct ether_addr;
struct sockaddr;
struct sockaddr_dl;
struct sockaddr_in;
#endif
#if defined(__sgi) || defined(sgi)
#if defined(__SYSTYPE_SVR4) || defined(_SYSTYPE_SVR4)
#define IRIX 5
#else
#define IRIX 4
#endif
#endif
/* IRIX 4 braindamage */
#if IRIX == 4 && !defined(__STDC__)
#define __STDC__ 0
#endif
/*
* Defining this enables lots of useful (and used) extensions on
* glibc-based systems such as Linux
*/
#define _GNU_SOURCE
/* some strange OS/2 stuff. From <d96-mst@nada.kth.se> */
#ifdef __EMX__
#define _EMX_TCPIP
#define MAIL_USE_SYSTEM_LOCK
#endif
#ifdef ROKEN_RENAME
#include "roken_rename.h"
#endif

9
crypto/kerberosIV/acinclude.m4
View File

@ -1,9 +0,0 @@
dnl $Id: acinclude.m4,v 1.2 1999/03/01 13:06:21 joda Exp $
dnl
dnl Only put things that for some reason can't live in the `cf'
dnl directory in this file.
dnl
dnl $xId: misc.m4,v 1.1 1997/12/14 15:59:04 joda Exp $
dnl
define(upcase,`echo $1 | tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ`)dnl

1372
crypto/kerberosIV/aclocal.m4 vendored
View File

File diff suppressed because it is too large Load Diff

102
crypto/kerberosIV/admin/Makefile.in
View File

@ -1,102 +0,0 @@
# $Id: Makefile.in,v 1.32 1999/03/10 19:01:10 joda Exp $
SHELL = /bin/sh
srcdir = @srcdir@
VPATH = @srcdir@
CC = @CC@
LINK = @LINK@
AR = ar
RANLIB = @RANLIB@
DEFS = @DEFS@
CFLAGS = @CFLAGS@ $(WFLAGS)
WFLAGS = @WFLAGS@
LD_FLAGS = @LD_FLAGS@
LIBS = @LIBS@
LIB_DBM = @LIB_DBM@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
prefix = @prefix@
exec_prefix = @exec_prefix@
libdir = @libdir@
sbindir = @sbindir@
transform=@program_transform_name@
EXECSUFFIX=@EXECSUFFIX@
PROGS = ext_srvtab$(EXECSUFFIX) \
kdb_destroy$(EXECSUFFIX) \
kdb_edit$(EXECSUFFIX) \
kdb_init$(EXECSUFFIX) \
kdb_util$(EXECSUFFIX) \
kstash$(EXECSUFFIX)
SOURCES = ext_srvtab.c kdb_destroy.c kdb_edit.c \
kdb_init.c kdb_util.c kstash.c
OBJECTS = ext_srvtab.o kdb_destroy.o kdb_edit.o \
kdb_init.o kdb_util.o kstash.o
all: $(PROGS)
Wall:
make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
.c.o:
$(CC) -c $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
install: all
$(MKINSTALLDIRS) $(DESTDIR)$(sbindir)
for x in $(PROGS); do \
$(INSTALL_PROGRAM) $$x $(DESTDIR)$(sbindir)/`echo $$x|sed '$(transform)'`; \
done
uninstall:
for x in $(PROGS); do \
rm -f $(DESTDIR)$(sbindir)/`echo $$x|sed '$(transform)'`; \
done
TAGS: $(SOURCES)
etags $(SOURCES)
check:
clean:
rm -f *.a *.o $(PROGS)
mostlyclean: clean
distclean: clean
rm -f Makefile *.tab.c *~
realclean: distclean
rm -f TAGS
KLIB=-L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes
LIBROKEN= -L../lib/roken -lroken
ext_srvtab$(EXECSUFFIX): ext_srvtab.o
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ ext_srvtab.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
kdb_destroy$(EXECSUFFIX): kdb_destroy.o
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_destroy.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
kdb_edit$(EXECSUFFIX): kdb_edit.o
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_edit.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
kdb_init$(EXECSUFFIX): kdb_init.o
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_init.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
kdb_util$(EXECSUFFIX): kdb_util.o
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_util.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
kstash$(EXECSUFFIX): kstash.o
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kstash.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
$(OBJECTS): ../include/config.h
.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean

88
crypto/kerberosIV/admin/adm_locl.h
View File

@ -1,88 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: adm_locl.h,v 1.17 1999/12/02 16:58:27 joda Exp $ */
/* $FreeBSD$ */
#ifndef __adm_locl_h
#define __adm_locl_h
#include "config.h"
#include "protos.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <assert.h>
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef TIME_WITH_SYS_TIME
#include <sys/time.h>
#include <time.h>
#elif defined(HAVE_SYS_TIME_H)
#include <sys/time.h>
#else
#include <time.h>
#endif /* !TIME_WITH_SYS_TIME */
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#include <signal.h>
#include <errno.h>
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#include <err.h>
#include <roken.h>
#define OPENSSL_DES_LIBDES_COMPATIBILITY
#include <openssl/des.h>
#include <krb.h>
#include <krb_db.h>
#include <kdc.h>
#include <kadm.h>
#endif /* __adm_locl_h */

140
crypto/kerberosIV/admin/ext_srvtab.c
View File

@ -1,140 +0,0 @@
/*
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
*
* For copying and distribution information, please see the file
* <mit-copyright.h>.
*
* Description
*/
#include "adm_locl.h"
RCSID("$Id: ext_srvtab.c,v 1.18 1999/09/16 20:37:20 assar Exp $");
static des_cblock master_key;
static des_cblock session_key;
static des_key_schedule master_key_schedule;
static char realm[REALM_SZ];
static void
StampOutSecrets(void)
{
memset(master_key, 0, sizeof master_key);
memset(session_key, 0, sizeof session_key);
memset(master_key_schedule, 0, sizeof master_key_schedule);
}
static void
usage(void)
{
fprintf(stderr,
"Usage: %s [-n] [-r realm] instance [instance ...]\n",
__progname);
StampOutSecrets();
exit(1);
}
static void
FWrite(void *p, int size, int n, FILE *f)
{
if (fwrite(p, size, n, f) != n) {
StampOutSecrets();
errx(1, "Error writing output file. Terminating.\n");
}
}
int
main(int argc, char **argv)
{
FILE *fout;
char fname[1024];
int fopen_errs = 0;
int arg;
Principal princs[40];
int more;
int prompt = KDB_GET_PROMPT;
int n, i;
set_progname (argv[0]);
memset(realm, 0, sizeof(realm));
#ifdef HAVE_ATEXIT
atexit(StampOutSecrets);
#endif
/* Parse commandline arguments */
if (argc < 2)
usage();
else {
for (i = 1; i < argc; i++) {
if (strcmp(argv[i], "-n") == 0)
prompt = FALSE;
else if (strcmp(argv[i], "-r") == 0) {
if (++i >= argc)
usage();
else {
strlcpy(realm, argv[i], REALM_SZ);
/*
* This is to humor the broken way commandline
* argument parsing is done. Later, this
* program ignores everything that starts with -.
*/
argv[i][0] = '-';
}
}
else if (argv[i][0] == '-')
usage();
else
if (!k_isinst(argv[i])) {
warnx("bad instance name: %s", argv[i]);
usage();
}
}
}
if (kdb_get_master_key (prompt, &master_key, master_key_schedule) != 0)
errx (1, "Couldn't read master key.");
if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) {
exit(1);
}
/* For each arg, search for instances of arg, and produce */
/* srvtab file */
if (!realm[0])
if (krb_get_lrealm(realm, 1) != KSUCCESS) {
StampOutSecrets();
errx (1, "couldn't get local realm");
}
umask(077);
for (arg = 1; arg < argc; arg++) {
if (argv[arg][0] == '-')
continue;
snprintf(fname, sizeof(fname), "%s-new-srvtab", argv[arg]);
if ((fout = fopen(fname, "w")) == NULL) {
warn("Couldn't create file '%s'.", fname);
fopen_errs++;
continue;
}
printf("Generating '%s'....\n", fname);
n = kerb_get_principal("*", argv[arg], &princs[0], 40, &more);
if (more)
fprintf(stderr, "More than 40 found...\n");
for (i = 0; i < n; i++) {
FWrite(princs[i].name, strlen(princs[i].name) + 1, 1, fout);
FWrite(princs[i].instance, strlen(princs[i].instance) + 1,
1, fout);
FWrite(realm, strlen(realm) + 1, 1, fout);
FWrite(&princs[i].key_version,
sizeof(princs[i].key_version), 1, fout);
copy_to_key(&princs[i].key_low, &princs[i].key_high, session_key);
kdb_encrypt_key (&session_key, &session_key,
&master_key, master_key_schedule, DES_DECRYPT);
FWrite(session_key, sizeof session_key, 1, fout);
}
fclose(fout);
}
StampOutSecrets();
return fopen_errs; /* 0 errors if successful */
}

56
crypto/kerberosIV/admin/kdb_destroy.c
View File

@ -1,56 +0,0 @@
/*
* Copyright 1988 by the Massachusetts Institute of Technology.
*
* For copying and distribution information, please see the file
* <mit-copyright.h>.
*
* Description.
*/
#include "adm_locl.h"
RCSID("$Id: kdb_destroy.c,v 1.9 1998/06/09 19:24:13 joda Exp $");
int
main(int argc, char **argv)
{
char answer[10]; /* user input */
#ifdef HAVE_NEW_DB
char *file; /* database file names */
#else
char *file1, *file2; /* database file names */
#endif
set_progname (argv[0]);
#ifdef HAVE_NEW_DB
asprintf(&file, "%s.db", DBM_FILE);
if (file == NULL)
err (1, "malloc");
#else
asprintf(&file1, "%s.dir", DBM_FILE);
asprintf(&file2, "%s.pag", DBM_FILE);
if (file1 == NULL || file2 == NULL)
err (1, "malloc");
#endif
printf("You are about to destroy the Kerberos database ");
printf("on this machine.\n");
printf("Are you sure you want to do this (y/n)? ");
if (fgets(answer, sizeof(answer), stdin) != NULL
&& (answer[0] == 'y' || answer[0] == 'Y')) {
#ifdef HAVE_NEW_DB
if (unlink(file) == 0)
#else
if (unlink(file1) == 0 && unlink(file2) == 0)
#endif
{
warnx ("Database deleted at %s", DBM_FILE);
return 0;
}
else
warn ("Database cannot be deleted at %s", DBM_FILE);
} else
warnx ("Database not deleted at %s", DBM_FILE);
return 1;
}

401
crypto/kerberosIV/admin/kdb_edit.c
View File

@ -1,401 +0,0 @@
/*
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
* of Technology.
*
* For copying and distribution information, please see the file
* <mit-copyright.h>.
*
* This routine changes the Kerberos encryption keys for principals,
* i.e., users or services.
*/
/* $FreeBSD$ */
/*
* exit returns 0 ==> success -1 ==> error
*/
#include "adm_locl.h"
RCSID("$Id: kdb_edit.c,v 1.28 1999/09/16 20:37:21 assar Exp $");
#ifdef DEBUG
extern kerb_debug;
#endif
static int nflag = 0;
static int debug;
static des_cblock new_key;
static int i, j;
static int more;
static char input_name[ANAME_SZ];
static char input_instance[INST_SZ];
#define MAX_PRINCIPAL 10
static Principal principal_data[MAX_PRINCIPAL];
static Principal old_principal;
static Principal default_princ;
static des_cblock master_key;
static des_cblock session_key;
static des_key_schedule master_key_schedule;
static char pw_str[255];
static long master_key_version;
static void
Usage(void)
{
fprintf(stderr, "Usage: %s [-n]\n", __progname);
exit(1);
}
static char *
n_gets(char *buf, int size)
{
char *p;
char *ret;
ret = fgets(buf, size, stdin);
if (ret && (p = strchr(buf, '\n')))
*p = 0;
return ret;
}
static int
change_principal(void)
{
static char temp[255];
int creating = 0;
int editpw = 0;
int changed = 0;
long temp_long; /* Don't change to int32_t, used by scanf */
struct tm edate;
fprintf(stdout, "\nPrincipal name: ");
fflush(stdout);
if (!n_gets(input_name, sizeof(input_name)) || *input_name == '\0')
return 0;
fprintf(stdout, "Instance: ");
fflush(stdout);
/* instance can be null */
n_gets(input_instance, sizeof(input_instance));
j = kerb_get_principal(input_name, input_instance, principal_data,
MAX_PRINCIPAL, &more);
if (!j) {
fprintf(stdout, "\n\07\07<Not found>, Create [y] ? ");
fflush(stdout);
n_gets(temp, sizeof(temp)); /* Default case should work, it didn't */
if (temp[0] != 'y' && temp[0] != 'Y' && temp[0] != '\0')
return -1;
/* make a new principal, fill in defaults */
j = 1;
creating = 1;
strlcpy(principal_data[0].name,
input_name,
ANAME_SZ);
strlcpy(principal_data[0].instance,
input_instance,
INST_SZ);
principal_data[0].old = NULL;
principal_data[0].exp_date = default_princ.exp_date;
if (strcmp(input_instance, "admin") == 0)
principal_data[0].max_life = 1 + (CLOCK_SKEW/(5*60)); /*5+5 minutes*/
else if (strcmp(input_instance, "root") == 0)
principal_data[0].max_life = 96; /* 8 hours */
else
principal_data[0].max_life = default_princ.max_life;
principal_data[0].attributes = default_princ.attributes;
principal_data[0].kdc_key_ver = (unsigned char) master_key_version;
principal_data[0].key_version = 0; /* bumped up later */
}
*principal_data[0].exp_date_txt = '\0';
for (i = 0; i < j; i++) {
for (;;) {
fprintf(stdout,
"\nPrincipal: %s, Instance: %s, kdc_key_ver: %d",
principal_data[i].name, principal_data[i].instance,
principal_data[i].kdc_key_ver);
fflush(stdout);
editpw = 1;
changed = 0;
if (!creating) {
/*
* copy the existing data so we can use the old values
* for the qualifier clause of the replace
*/
principal_data[i].old = (char *) &old_principal;
memcpy(&old_principal, &principal_data[i],
sizeof(old_principal));
printf("\nChange password [n] ? ");
n_gets(temp, sizeof(temp));
if (strcmp("y", temp) && strcmp("Y", temp))
editpw = 0;
}
/* password */
if (editpw) {
#ifdef NOENCRYPTION
placebo_read_pw_string(pw_str, sizeof pw_str,
"\nNew Password: ", TRUE);
#else
if(des_read_pw_string(pw_str, sizeof pw_str,
"\nNew Password: ", TRUE))
continue;
#endif
if ( strcmp(pw_str, "RANDOM") == 0
|| strcmp(pw_str, "") == 0) {
printf("\nRandom password [y] ? ");
n_gets(temp, sizeof(temp));
if (!strcmp("n", temp) || !strcmp("N", temp)) {
/* no, use literal */
#ifdef NOENCRYPTION
memset(new_key, 0, sizeof(des_cblock));
new_key[0] = 127;
#else
des_string_to_key(pw_str, &new_key);
#endif
memset(pw_str, 0, sizeof pw_str); /* "RANDOM" */
} else {
#ifdef NOENCRYPTION
memset(new_key, 0, sizeof(des_cblock));
new_key[0] = 127;
#else
des_random_key(new_key);
#endif
memset(pw_str, 0, sizeof pw_str);
}
} else if (!strcmp(pw_str, "NULL")) {
printf("\nNull Key [y] ? ");
n_gets(temp, sizeof(temp));
if (!strcmp("n", temp) || !strcmp("N", temp)) {
/* no, use literal */
#ifdef NOENCRYPTION
memset(new_key, 0, sizeof(des_cblock));
new_key[0] = 127;
#else
des_string_to_key(pw_str, &new_key);
#endif
memset(pw_str, 0, sizeof pw_str); /* "NULL" */
} else {
principal_data[i].key_low = 0;
principal_data[i].key_high = 0;
goto null_key;
}
} else {
#ifdef NOENCRYPTION
memset(new_key, 0, sizeof(des_cblock));
new_key[0] = 127;
#else
des_string_to_key(pw_str, &new_key);
#endif
memset(pw_str, 0, sizeof pw_str);
}
/* seal it under the kerberos master key */
kdb_encrypt_key (&new_key, &new_key,
&master_key, master_key_schedule,
DES_ENCRYPT);
copy_from_key(new_key,
&principal_data[i].key_low,
&principal_data[i].key_high);
memset(new_key, 0, sizeof(new_key));
null_key:
/* set master key version */
principal_data[i].kdc_key_ver =
(unsigned char) master_key_version;
/* bump key version # */
principal_data[i].key_version++;
fprintf(stdout,
"\nPrincipal's new key version = %d\n",
principal_data[i].key_version);
fflush(stdout);
changed = 1;
}
/* expiration date */
{
char d[DATE_SZ];
struct tm *tm;
tm = k_localtime(&principal_data[i].exp_date);
strftime(d, sizeof(d), "%Y-%m-%d", tm);
while(1) {
printf("Expiration date (yyyy-mm-dd) [ %s ] ? ", d);
fflush(stdout);
if(n_gets(temp, sizeof(temp)) == NULL) {
printf("Invalid date.\n");
continue;
}
if (*temp) {
memset(&edate, 0, sizeof(edate));
if (sscanf(temp, "%d-%d-%d", &edate.tm_year,
&edate.tm_mon, &edate.tm_mday) != 3) {
printf("Invalid date.\n");
continue;
}
edate.tm_mon--; /* January is 0, not 1 */
edate.tm_hour = 23; /* at the end of the */
edate.tm_min = 59; /* specified day */
if (krb_check_tm (edate)) {
printf("Invalid date.\n");
continue;
}
edate.tm_year -= 1900;
principal_data[i].exp_date = tm2time (edate, 1);
changed = 1;
}
break;
}
}
/* maximum lifetime */
fprintf(stdout, "Max ticket lifetime (*5 minutes) [ %d ] ? ",
principal_data[i].max_life);
fflush(stdout);
while (n_gets(temp, sizeof(temp)) && *temp) {
if (sscanf(temp, "%ld", &temp_long) != 1)
goto bad_life;
if (temp_long > 255 || (temp_long < 0)) {
bad_life:
fprintf(stdout, "\07\07Invalid, choose 0-255\n");
fprintf(stdout,
"Max ticket lifetime (*5 minutes) [ %d ] ? ",
principal_data[i].max_life);
fflush(stdout);
continue;
}
changed = 1;
/* dont clobber */
principal_data[i].max_life = (unsigned short) temp_long;
break;
}
/* attributes */
fprintf(stdout, "Attributes [ %d ] ? ",
principal_data[i].attributes);
fflush(stdout);
while (n_gets(temp, sizeof(temp)) && *temp) {
if (sscanf(temp, "%ld", &temp_long) != 1)
goto bad_att;
if (temp_long > 65535 || (temp_long < 0)) {
bad_att:
fprintf(stdout, "Invalid, choose 0-65535\n");
fprintf(stdout, "Attributes [ %d ] ? ",
principal_data[i].attributes);
fflush(stdout);
continue;
}
changed = 1;
/* dont clobber */
principal_data[i].attributes =
(unsigned short) temp_long;
break;
}
/*
* remaining fields -- key versions and mod info, should
* not be directly manipulated
*/
if (changed) {
if (kerb_put_principal(&principal_data[i], 1)) {
fprintf(stdout,
"\nError updating Kerberos database");
} else {
fprintf(stdout, "Edit O.K.");
}
} else {
fprintf(stdout, "Unchanged");
}
memset(&principal_data[i].key_low, 0, 4);
memset(&principal_data[i].key_high, 0, 4);
fflush(stdout);
break;
}
}
if (more) {
fprintf(stdout, "\nThere were more tuples found ");
fprintf(stdout, "than there were space for");
}
return 1;
}
static void
cleanup(void)
{
memset(master_key, 0, sizeof(master_key));
memset(session_key, 0, sizeof(session_key));
memset(master_key_schedule, 0, sizeof(master_key_schedule));
memset(principal_data, 0, sizeof(principal_data));
memset(new_key, 0, sizeof(new_key));
memset(pw_str, 0, sizeof(pw_str));
}
int
main(int argc, char **argv)
{
/* Local Declarations */
long n;
set_progname (argv[0]);
while (--argc > 0 && (*++argv)[0] == '-')
for (i = 1; argv[0][i] != '\0'; i++) {
switch (argv[0][i]) {
/* debug flag */
case 'd':
debug = 1;
continue;
/* debug flag */
#ifdef DEBUG
case 'l':
kerb_debug |= 1;
continue;
#endif
case 'n': /* read MKEYFILE for master key */
nflag = 1;
continue;
default:
warnx ("illegal flag \"%c\"", argv[0][i]);
Usage(); /* Give message and die */
}
}
fprintf(stdout, "Opening database...\n");
fflush(stdout);
kerb_init();
if (argc > 0)
if (kerb_db_set_name(*argv) != 0)
errx (1, "Could not open altername database name");
if (kdb_get_master_key ((nflag == 0) ? KDB_GET_PROMPT : 0,
&master_key, master_key_schedule) != 0)
errx (1, "Couldn't read master key.");
if ((master_key_version = kdb_verify_master_key(&master_key,
master_key_schedule,
stdout)) < 0)
return 1;
/* lookup the default values */
n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST,
&default_princ, 1, &more);
if (n != 1)
errx (1, "Kerberos error on default value lookup, %ld found.", n);
fprintf(stdout, "Previous or default values are in [brackets] ,\n");
fprintf(stdout, "enter return to leave the same, or new value.\n");
while (change_principal()) {
}
cleanup();
return 0;
}

171
crypto/kerberosIV/admin/kdb_init.c
View File

@ -1,171 +0,0 @@
/*
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
*
* For copying and distribution information, please see the file
* <mit-copyright.h>.
*
* program to initialize the database, reports error if database file
* already exists.
*/
/* $FreeBSD$ */
#include "adm_locl.h"
RCSID("$Id: kdb_init.c,v 1.25 1999/09/16 20:37:21 assar Exp $");
enum ap_op {
NULL_KEY, /* setup null keys */
MASTER_KEY, /* use master key as new key */
RANDOM_KEY /* choose a random key */
};
static des_cblock master_key;
static des_key_schedule master_key_schedule;
/* use a return code to indicate success or failure. check the return */
/* values of the routines called by this routine. */
static int
add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife)
{
Principal principal;
des_cblock new_key;
memset(&principal, 0, sizeof(principal));
strlcpy(principal.name, name, ANAME_SZ);
strlcpy(principal.instance, instance, INST_SZ);
switch (aap_op) {
case NULL_KEY:
principal.key_low = 0;
principal.key_high = 0;
break;
case RANDOM_KEY:
#ifdef NOENCRYPTION
memset(new_key, 0, sizeof(des_cblock));
new_key[0] = 127;
#else
des_random_key(new_key);
#endif
kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule,
DES_ENCRYPT);
copy_from_key(new_key, &principal.key_low, &principal.key_high);
memset(new_key, 0, sizeof(new_key));
break;
case MASTER_KEY:
memcpy(new_key, master_key, sizeof (des_cblock));
kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule,
DES_ENCRYPT);
copy_from_key(new_key, &principal.key_low, &principal.key_high);
break;
}
principal.mod_date = time(0);
*principal.mod_date_txt = '\0';
principal.exp_date = principal.mod_date + 5 * 365 * 24 * 60 * 60;
*principal.exp_date_txt = '\0';
principal.attributes = 0;
principal.max_life = maxlife;
principal.kdc_key_ver = 1;
principal.key_version = 1;
strlcpy(principal.mod_name, "db_creation", ANAME_SZ);
strlcpy(principal.mod_instance, "", INST_SZ);
principal.old = 0;
if (kerb_db_put_principal(&principal, 1) != 1)
return -1; /* FAIL */
/* let's play it safe */
memset(new_key, 0, sizeof (des_cblock));
memset(&principal.key_low, 0, 4);
memset(&principal.key_high, 0, 4);
return 0;
}
int
main(int argc, char **argv)
{
char realm[REALM_SZ];
char *cp;
int code;
char *database;
set_progname (argv[0]);
if (argc > 3) {
fprintf(stderr, "Usage: %s [realm-name] [database-name]\n", argv[0]);
return 1;
}
if (argc == 3) {
database = argv[2];
--argc;
} else
database = DBM_FILE;
/* Do this first, it'll fail if the database exists */
if ((code = kerb_db_create(database)) != 0)
err (1, "Couldn't create database %s", database);
kerb_db_set_name(database);
if (argc == 2)
strlcpy(realm, argv[1], REALM_SZ);
else {
if (krb_get_lrealm(realm, 1) != KSUCCESS)
strlcpy(realm, KRB_REALM, REALM_SZ);
fprintf(stderr, "Realm name [default %s ]: ", realm);
if (fgets(realm, sizeof(realm), stdin) == NULL)
errx (1, "\nEOF reading realm");
if ((cp = strchr(realm, '\n')))
*cp = '\0';
if (!*realm) /* no realm given */
if (krb_get_lrealm(realm, 1) != KSUCCESS)
strlcpy(realm, KRB_REALM, REALM_SZ);
}
if (!k_isrealm(realm))
errx (1, "Bad kerberos realm name \"%s\"", realm);
#ifndef RANDOM_MKEY
printf("You will be prompted for the database Master Password.\n");
printf("It is important that you NOT FORGET this password.\n");
#else
printf("To generate a master key, please enter some random data.\n");
printf("You do not have to remember this.\n");
#endif
fflush(stdout);
if (kdb_get_master_key (KDB_GET_TWICE, &master_key,
master_key_schedule) != 0)
errx (1, "Couldn't read master key.");
#ifdef RANDOM_MKEY
if(kdb_kstash(&master_key, MKEYFILE) < 0)
err (1, "Error writing master key");
fprintf(stderr, "Wrote master key to %s\n", MKEYFILE);
#endif
/* Maximum lifetime for changepw.kerberos (kadmin) tickets, 10 minutes */
#define ADMLIFE (1 + (CLOCK_SKEW/(5*60)))
/* Maximum lifetime for ticket granting tickets, 4 days or 21.25h */
#define TGTLIFE ((krb_life_to_time(0, 162) >= 24*60*60) ? 161 : 255)
/* This means that default lifetimes have not been initialized */
#define DEFLIFE 255
#define NOLIFE 0
if (
add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY, NOLIFE) ||
add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY,DEFLIFE)||
add_principal(KRB_TICKET_GRANTING_TICKET, realm, RANDOM_KEY, TGTLIFE)||
add_principal(PWSERV_NAME, KRB_MASTER, RANDOM_KEY, ADMLIFE)
) {
putc ('\n', stderr);
errx (1, "couldn't initialize database.");
}
/* play it safe */
memset(master_key, 0, sizeof (des_cblock));
memset(master_key_schedule, 0, sizeof (des_key_schedule));
return 0;
}

522
crypto/kerberosIV/admin/kdb_util.c
View File

@ -1,522 +0,0 @@
/*
* Copyright 1987, 1988 by the Massachusetts Institute of Technology.
*
* For copying and distribution information, please see the file
* <mit-copyright.h>.
*
* Kerberos database manipulation utility. This program allows you to
* dump a kerberos database to an ascii readable file and load this
* file into the database. Read locking of the database is done during a
* dump operation. NO LOCKING is done during a load operation. Loads
* should happen with other processes shutdown.
*
* Written July 9, 1987 by Jeffrey I. Schiller
*/
#include "adm_locl.h"
RCSID("$Id: kdb_util.c,v 1.42.2.1 2000/10/10 12:59:16 assar Exp $");
static des_cblock master_key, new_master_key;
static des_key_schedule master_key_schedule, new_master_key_schedule;
/* cv_key is a procedure which takes a principle and changes its key,
either for a new method of encrypting the keys, or a new master key.
if cv_key is null no transformation of key is done (other than net byte
order). */
struct callback_args {
void (*cv_key)(Principal *);
FILE *output_file;
};
static void
print_time(FILE *file, time_t timeval)
{
struct tm *tm;
tm = gmtime(&timeval);
fprintf(file, " %04d%02d%02d%02d%02d",
tm->tm_year + 1900,
tm->tm_mon + 1,
tm->tm_mday,
tm->tm_hour,
tm->tm_min);
}
static long
time_explode(char *cp)
{
char wbuf[5];
struct tm tp;
int local;
memset(&tp, 0, sizeof(tp)); /* clear out the struct */
if (strlen(cp) > 10) { /* new format */
strlcpy(wbuf, cp, sizeof(wbuf));
tp.tm_year = atoi(wbuf) - 1900;
cp += 4; /* step over the year */
local = 0; /* GMT */
} else { /* old format: local time,
year is 2 digits, assuming 19xx */
wbuf[0] = *cp++;
wbuf[1] = *cp++;
wbuf[2] = 0;
tp.tm_year = atoi(wbuf);
local = 1; /* local */
}
wbuf[0] = *cp++;
wbuf[1] = *cp++;
wbuf[2] = 0;
tp.tm_mon = atoi(wbuf)-1;
wbuf[0] = *cp++;
wbuf[1] = *cp++;
tp.tm_mday = atoi(wbuf);
wbuf[0] = *cp++;
wbuf[1] = *cp++;
tp.tm_hour = atoi(wbuf);
wbuf[0] = *cp++;
wbuf[1] = *cp++;
tp.tm_min = atoi(wbuf);
return(tm2time(tp, local));
}
static int
dump_db_1(void *arg,
Principal *principal) /* replace null strings with "*" */
{
struct callback_args *a = (struct callback_args *)arg;
if (principal->instance[0] == '\0') {
principal->instance[0] = '*';
principal->instance[1] = '\0';
}
if (principal->mod_name[0] == '\0') {
principal->mod_name[0] = '*';
principal->mod_name[1] = '\0';
}
if (principal->mod_instance[0] == '\0') {
principal->mod_instance[0] = '*';
principal->mod_instance[1] = '\0';
}
if (a->cv_key != NULL) {
(*a->cv_key) (principal);
}
fprintf(a->output_file, "%s %s %d %d %d %d %x %x",
principal->name,
principal->instance,
principal->max_life,
principal->kdc_key_ver,
principal->key_version,
principal->attributes,
(int)htonl (principal->key_low),
(int)htonl (principal->key_high));
print_time(a->output_file, principal->exp_date);
print_time(a->output_file, principal->mod_date);
fprintf(a->output_file, " %s %s\n",
principal->mod_name,
principal->mod_instance);
return 0;
}
static int
dump_db (char *db_file, FILE *output_file, void (*cv_key) (Principal *))
{
struct callback_args a;
a.cv_key = cv_key;
a.output_file = output_file;
kerb_db_iterate (dump_db_1, &a);
return fflush(output_file);
}
static int
add_file(void *db, FILE *file)
{
int ret;
int lineno = 0;
char line[1024];
unsigned long key[2]; /* yes, long */
Principal pr;
char exp_date[64], mod_date[64];
int life, kkvno, kvno;
while(1){
memset(&pr, 0, sizeof(pr));
errno = 0;
if(fgets(line, sizeof(line), file) == NULL){
if(errno != 0)
err (1, "fgets");
break;
}
lineno++;
ret = sscanf(line, "%s %s %d %d %d %hd %lx %lx %s %s %s %s",
pr.name, pr.instance,
&life, &kkvno, &kvno,
&pr.attributes,
&key[0], &key[1],
exp_date, mod_date,
pr.mod_name, pr.mod_instance);
if(ret != 12){
warnx("Line %d malformed (ignored)", lineno);
continue;
}
pr.key_low = ntohl (key[0]);
pr.key_high = ntohl (key[1]);
pr.max_life = life;
pr.kdc_key_ver = kkvno;
pr.key_version = kvno;
pr.exp_date = time_explode(exp_date);
pr.mod_date = time_explode(mod_date);
if (pr.instance[0] == '*')
pr.instance[0] = 0;
if (pr.mod_name[0] == '*')
pr.mod_name[0] = 0;
if (pr.mod_instance[0] == '*')
pr.mod_instance[0] = 0;
if (kerb_db_update(db, &pr, 1) != 1) {
warn ("store %s.%s aborted",
pr.name, pr.instance);
return 1;
}
}
return 0;
}
static void
load_db (char *db_file, FILE *input_file)
{
long *db;
int code;
char *temp_db_file;
asprintf (&temp_db_file, "%s~", db_file);
if(temp_db_file == NULL)
errx (1, "out of memory");
/* Create the database */
if ((code = kerb_db_create(temp_db_file)) != 0)
err (1, "creating temp database %s", temp_db_file);
kerb_db_set_name(temp_db_file);
db = kerb_db_begin_update();
if (db == NULL)
err (1, "opening temp database %s", temp_db_file);
if(add_file(db, input_file))
errx (1, "Load aborted");
kerb_db_end_update(db);
if ((code = kerb_db_rename(temp_db_file, db_file)) != 0)
warn("database rename failed");
fclose(input_file);
free(temp_db_file);
}
static void
merge_db(char *db_file, FILE *input_file)
{
void *db;
db = kerb_db_begin_update();
if(db == NULL)
err (1, "Couldn't open database");
if(add_file(db, input_file))
errx (1, "Merge aborted");
kerb_db_end_update(db);
}
static void
update_ok_file (char *file_name)
{
/* handle slave locking/failure stuff */
char *file_ok;
int fd;
asprintf (&file_ok, "%s.dump_ok", file_name);
if (file_ok == NULL)
errx (1, "out of memory");
if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0)
err (1, "Error creating %s", file_ok);
free(file_ok);
close(fd);
/*
* Some versions of BSD don't update the mtime in the above open so
* we call utimes just in case.
*/
if (utime(file_name, NULL) < 0)
err (1, "utime %s", file_name);
}
static void
convert_key_new_master (Principal *p)
{
des_cblock key;
/* leave null keys alone */
if ((p->key_low == 0) && (p->key_high == 0)) return;
/* move current key to des_cblock for encryption, special case master key
since that's changing */
if ((strncmp (p->name, KERB_M_NAME, ANAME_SZ) == 0) &&
(strncmp (p->instance, KERB_M_INST, INST_SZ) == 0)) {
memcpy (key, new_master_key, sizeof(des_cblock));
(p->key_version)++;
} else {
copy_to_key(&p->key_low, &p->key_high, key);
kdb_encrypt_key (&key, &key, &master_key,
master_key_schedule, DES_DECRYPT);
}
kdb_encrypt_key (&key, &key, &new_master_key,
new_master_key_schedule, DES_ENCRYPT);
copy_from_key(key, &(p->key_low), &(p->key_high));
memset(key, 0, sizeof (key)); /* a little paranoia ... */
(p->kdc_key_ver)++;
}
static void
clear_secrets (void)
{
memset(master_key, 0, sizeof (des_cblock));
memset(master_key_schedule, 0, sizeof (des_key_schedule));
memset(new_master_key, 0, sizeof (des_cblock));
memset(new_master_key_schedule, 0, sizeof (des_key_schedule));
}
static void
convert_new_master_key (char *db_file, FILE *out)
{
#ifdef RANDOM_MKEY
errx (1, "Sorry, this function is not available with "
"the new master key scheme.");
#else
printf ("\n\nEnter the CURRENT master key.");
if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
master_key_schedule) != 0) {
clear_secrets ();
errx (1, "Couldn't get master key.");
}
if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) {
clear_secrets ();
exit (1);
}
printf ("\n\nNow enter the NEW master key. Do not forget it!!");
if (kdb_get_master_key (KDB_GET_TWICE, &new_master_key,
new_master_key_schedule) != 0) {
clear_secrets ();
errx (1, "Couldn't get new master key.");
}
dump_db (db_file, out, convert_key_new_master);
{
char *fname;
asprintf(&fname, "%s.new", MKEYFILE);
if(fname == NULL) {
clear_secrets();
errx(1, "malloc: failed");
}
kdb_kstash(&new_master_key, fname);
free(fname);
}
#endif /* RANDOM_MKEY */
}
static void
convert_key_old_db (Principal *p)
{
des_cblock key;
/* leave null keys alone */
if ((p->key_low == 0) && (p->key_high == 0)) return;
copy_to_key(&p->key_low, &p->key_high, key);
#ifndef NOENCRYPTION
des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key,
(long)sizeof(des_cblock),master_key_schedule,
(des_cblock *)master_key_schedule, DES_DECRYPT);
#endif
/* make new key, new style */
kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_ENCRYPT);
copy_from_key(key, &(p->key_low), &(p->key_high));
memset(key, 0, sizeof (key)); /* a little paranoia ... */
}
static void
convert_old_format_db (char *db_file, FILE *out)
{
des_cblock key_from_db;
Principal principal_data[1];
int n, more;
if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
master_key_schedule) != 0L) {
clear_secrets();
errx (1, "Couldn't get master key.");
}
/* can't call kdb_verify_master_key because this is an old style db */
/* lookup the master key version */
n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data,
1 /* only one please */, &more);
if ((n != 1) || more)
errx (1, "verify_master_key: Kerberos error on master key lookup, %d found.\n", n);
/* set up the master key */
fprintf(stderr, "Current Kerberos master key version is %d.\n",
principal_data[0].kdc_key_ver);
/*
* now use the master key to decrypt (old style) the key in the db, had better
* be the same!
*/
copy_to_key(&principal_data[0].key_low,
&principal_data[0].key_high,
key_from_db);
#ifndef NOENCRYPTION
des_pcbc_encrypt(&key_from_db,&key_from_db,(long)sizeof(key_from_db),
master_key_schedule,(des_cblock *)master_key_schedule, DES_DECRYPT);
#endif
/* the decrypted database key had better equal the master key */
n = memcmp(master_key, key_from_db, sizeof(master_key));
memset(key_from_db, 0, sizeof(key_from_db));
if (n) {
fprintf(stderr, "\n\07\07verify_master_key: Invalid master key, ");
fprintf(stderr, "does not match database.\n");
exit (1);
}
fprintf(stderr, "Master key verified.\n");
dump_db (db_file, out, convert_key_old_db);
}
int
main(int argc, char **argv)
{
int ret;
FILE *file;
enum {
OP_LOAD,
OP_MERGE,
OP_DUMP,
OP_SLAVE_DUMP,
OP_NEW_MASTER,
OP_CONVERT_OLD_DB
} op;
char *file_name;
char *db_name;
set_progname (argv[0]);
if (argc != 3 && argc != 4) {
fprintf(stderr, "Usage: %s operation file [database name].\n",
argv[0]);
fprintf(stderr, "Operation is one of: "
"load, merge, dump, slave_dump, new_master_key, "
"convert_old_db\n");
fprintf(stderr, "use file `-' for stdout\n");
exit(1);
}
if (argc == 3)
db_name = DBM_FILE;
else
db_name = argv[3];
ret = kerb_db_set_name (db_name);
/* this makes starting slave servers ~14.3 times easier */
if(ret && strcmp(argv[1], "load") == 0)
ret = kerb_db_create (db_name);
if(ret)
err (1, "Can't open database");
if (!strcmp(argv[1], "load"))
op = OP_LOAD;
else if (!strcmp(argv[1], "merge"))
op = OP_MERGE;
else if (!strcmp(argv[1], "dump"))
op = OP_DUMP;
else if (!strcmp(argv[1], "slave_dump"))
op = OP_SLAVE_DUMP;
else if (!strcmp(argv[1], "new_master_key"))
op = OP_NEW_MASTER;
else if (!strcmp(argv[1], "convert_old_db"))
op = OP_CONVERT_OLD_DB;
else {
warnx ("%s is an invalid operation.", argv[1]);
warnx ("Valid operations are \"load\", \"merge\", "
"\"dump\", \"slave_dump\", \"new_master_key\", "
"and \"convert_old_db\"");
return 1;
}
file_name = argv[2];
if (strcmp (file_name, "-") == 0
&& op != OP_LOAD
&& op != OP_MERGE)
file = stdout;
else {
char *mode;
if (op == OP_LOAD || op == OP_MERGE)
mode = "r";
else
mode = "w";
file = fopen (file_name, mode);
}
if (file == NULL)
err (1, "open %s", argv[2]);
switch (op) {
case OP_DUMP:
if ((dump_db(db_name, file, (void (*)(Principal *)) 0) == EOF)
|| (fflush(file) != 0)
|| (fsync(fileno(file)) != 0)
|| (fclose(file) == EOF))
err(1, "%s", file_name);
break;
case OP_SLAVE_DUMP:
if ((dump_db(db_name, file, (void (*)(Principal *)) 0) == EOF)
|| (fflush(file) != 0)
|| (fsync(fileno(file)) != 0)
|| (fclose(file) == EOF))
err(1, "%s", file_name);
update_ok_file(file_name);
break;
case OP_LOAD:
load_db (db_name, file);
break;
case OP_MERGE:
merge_db (db_name, file);
break;
case OP_NEW_MASTER:
convert_new_master_key (db_name, file);
printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);
break;
case OP_CONVERT_OLD_DB:
convert_old_format_db (db_name, file);
printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name);
break;
}
return 0;
}

56
crypto/kerberosIV/admin/kstash.c
View File

@ -1,56 +0,0 @@
/*
* Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute
* of Technology
*
* For copying and distribution information, please see the file
* <mit-copyright.h>.
*
* Description.
*/
#include "adm_locl.h"
RCSID("$Id: kstash.c,v 1.10 1997/03/30 17:35:37 assar Exp $");
/* change this later, but krblib_dbm needs it for now */
static des_cblock master_key;
static des_key_schedule master_key_schedule;
static void
clear_secrets(void)
{
memset(master_key_schedule, 0, sizeof(master_key_schedule));
memset(master_key, 0, sizeof(master_key));
}
int
main(int argc, char **argv)
{
long n;
int ret = 0;
set_progname (argv[0]);
if ((n = kerb_init()))
errx(1, "Kerberos db and cache init failed = %ld\n", n);
if (kdb_get_master_key (KDB_GET_PROMPT, &master_key,
master_key_schedule) != 0) {
clear_secrets();
errx(1, "Couldn't read master key.");
}
if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) {
clear_secrets();
return 1;
}
ret = kdb_kstash(&master_key, MKEYFILE);
if(ret < 0)
warn("writing master key");
else
fprintf(stderr, "Wrote master key to %s\n", MKEYFILE);
clear_secrets();
return ret;
}

43
crypto/kerberosIV/appl/Makefile.in
View File

@ -1,43 +0,0 @@
# $Id: Makefile.in,v 1.31.6.1 2000/06/23 04:30:11 assar Exp $
srcdir = @srcdir@
VPATH = @srcdir@
SHELL = /bin/sh
@SET_MAKE@
SUBDIRS = sample kauth bsd movemail push afsutil \
popper xnlock kx kip @OTP_dir@ ftp telnet
all:
for i in $(SUBDIRS); \
do (cd $$i && $(MAKE) $(MFLAGS) all); done
Wall:
make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
install:
for i in $(SUBDIRS); \
do (cd $$i && $(MAKE) $(MFLAGS) install); done
uninstall:
for i in $(SUBDIRS); \
do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
clean:
for i in $(SUBDIRS); \
do (cd $$i && $(MAKE) $(MFLAGS) clean); done
mostlyclean: clean
distclean:
for i in $(SUBDIRS);\
do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
rm -f Makefile *~
realclean:
for i in $(SUBDIRS); \
do (cd $$i && $(MAKE) $(MFLAGS) realclean); done
.PHONY: all Wall install uninstall clean mostlyclean distclean realclean

89
crypto/kerberosIV/appl/afsutil/Makefile.in
View File

@ -1,89 +0,0 @@
# $Id: Makefile.in,v 1.27 1999/03/10 19:01:10 joda Exp $
SHELL = /bin/sh
srcdir = @srcdir@
VPATH = @srcdir@
top_builddir = ../..
CC = @CC@
LINK = @LINK@
AR = ar
RANLIB = @RANLIB@
DEFS = @DEFS@
CFLAGS = @CFLAGS@ $(WFLAGS)
WFLAGS = @WFLAGS@
LD_FLAGS= @LD_FLAGS@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
LIBROKEN = -L../../lib/roken -lroken
LIBS = @KRB_KAFS_LIB@ -L../../lib/krb -lkrb -L../../lib/des -ldes $(LIBROKEN) @LIBS@ $(LIBROKEN)
MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
prefix = @prefix@
exec_prefix = @exec_prefix@
libdir = @libdir@
libexecdir = @libexecdir@
bindir = @bindir@
transform=@program_transform_name@
EXECSUFFIX=@EXECSUFFIX@
PROG_BIN = pagsh$(EXECSUFFIX) \
afslog$(EXECSUFFIX) \
kstring2key$(EXECSUFFIX)
PROG_LIBEXEC =
PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
SOURCES = pagsh.c aklog.c kstring2key.c
OBJECTS = pagsh.o aklog.o kstring2key.o
all: $(PROGS)
Wall:
make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
.c.o:
$(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
install: all
$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
for x in $(PROG_BIN); do \
$(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
done
uninstall:
for x in $(PROG_BIN); do \
rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
done
TAGS: $(SOURCES)
etags $(SOURCES)
check:
clean:
rm -f *.a *.o $(PROGS)
mostlyclean: clean
distclean: clean
rm -f Makefile *.tab.c *~
realclean: distclean
rm -f TAGS
pagsh$(EXECSUFFIX): pagsh.o
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ pagsh.o $(LIBS)
afslog$(EXECSUFFIX): aklog.o
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ aklog.o $(LIBS)
kstring2key$(EXECSUFFIX): kstring2key.o
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ kstring2key.o $(LIBS)
$(OBJECTS): ../../include/config.h
.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean

250
crypto/kerberosIV/appl/afsutil/aklog.c
View File

@ -1,250 +0,0 @@
/*
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <ctype.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
#include <sys/ioctl.h>
#endif
#ifdef HAVE_SYS_IOCCOM_H
#include <sys/ioccom.h>
#endif
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
#include <err.h>
#include <krb.h>
#include <kafs.h>
#include <roken.h>
RCSID("$Id: aklog.c,v 1.24.2.1 2000/06/23 02:31:15 assar Exp $");
static int debug = 0;
static void
DEBUG(const char *, ...)
#ifdef __GNUC__
__attribute__ ((format (printf, 1, 2)))
#endif
;
static void
DEBUG(const char *fmt, ...)
{
va_list ap;
if (debug) {
va_start(ap, fmt);
vwarnx(fmt, ap);
va_end(ap);
}
}
static char *
expand_1 (const char *cell, const char *filename)
{
FILE *f;
static char buf[128];
char *p;
f = fopen(filename, "r");
if(f == NULL)
return NULL;
while(fgets(buf, sizeof(buf), f) != NULL) {
if(buf[0] == '>') {
for(p=buf; *p && !isspace(*p) && *p != '#'; p++)
;
*p = '\0';
if(strstr(buf, cell)){
fclose(f);
return buf + 1;
}
}
buf[0] = 0;
}
fclose(f);
return NULL;
}
static const char *
expand_cell_name(const char *cell)
{
char *ret;
ret = expand_1(cell, _PATH_CELLSERVDB);
if (ret != NULL)
return ret;
ret = expand_1(cell, _PATH_ARLA_CELLSERVDB);
if (ret != NULL)
return ret;
return cell;
}
static int
createuser (const char *cell)
{
char cellbuf[64];
char name[ANAME_SZ];
char instance[INST_SZ];
char realm[REALM_SZ];
char cmd[1024];
if (cell == NULL) {
FILE *f;
int len;
f = fopen (_PATH_THISCELL, "r");
if (f == NULL)
f = fopen (_PATH_ARLA_THISCELL, "r");
if (f == NULL)
err (1, "open(%s, %s)", _PATH_THISCELL, _PATH_ARLA_THISCELL);
if (fgets (cellbuf, sizeof(cellbuf), f) == NULL)
err (1, "read cellname from %s %s", _PATH_THISCELL, _PATH_ARLA_THISCELL);
fclose (f);
len = strlen(cellbuf);
if (cellbuf[len-1] == '\n')
cellbuf[len-1] = '\0';
cell = cellbuf;
}
if(krb_get_default_principal(name, instance, realm))
errx (1, "Could not even figure out who you are");
snprintf (cmd, sizeof(cmd),
"pts createuser %s%s%s@%s -cell %s",
name, *instance ? "." : "", instance, strlwr(realm),
cell);
DEBUG("Executing %s", cmd);
return system(cmd);
}
int
main(int argc, char **argv)
{
int i;
int do_aklog = -1;
int do_createuser = -1;
const char *cell = NULL;
char *realm = NULL;
char cellbuf[64];
set_progname (argv[0]);
if(!k_hasafs())
exit(1);
for(i = 1; i < argc; i++){
if(!strncmp(argv[i], "-createuser", 11)){
do_createuser = do_aklog = 1;
}else if(!strncmp(argv[i], "-c", 2) && i + 1 < argc){
cell = expand_cell_name(argv[++i]);
do_aklog = 1;
}else if(!strncmp(argv[i], "-k", 2) && i + 1 < argc){
realm = argv[++i];
}else if(!strncmp(argv[i], "-p", 2) && i + 1 < argc){
if(k_afs_cell_of_file(argv[++i], cellbuf, sizeof(cellbuf)))
errx (1, "No cell found for file \"%s\".", argv[i]);
else
cell = cellbuf;
do_aklog = 1;
}else if(!strncmp(argv[i], "-unlog", 6)){
exit(k_unlog());
}else if(!strncmp(argv[i], "-hosts", 6)){
warnx ("Argument -hosts is not implemented.");
}else if(!strncmp(argv[i], "-zsubs", 6)){
warnx("Argument -zsubs is not implemented.");
}else if(!strncmp(argv[i], "-noprdb", 6)){
warnx("Argument -noprdb is not implemented.");
}else if(!strncmp(argv[i], "-d", 6)){
debug = 1;
}else{
if(!strcmp(argv[i], ".") ||
!strcmp(argv[i], "..") ||
strchr(argv[i], '/')){
DEBUG("I guess that \"%s\" is a filename.", argv[i]);
if(k_afs_cell_of_file(argv[i], cellbuf, sizeof(cellbuf)))
errx (1, "No cell found for file \"%s\".", argv[i]);
else {
cell = cellbuf;
DEBUG("The file \"%s\" lives in cell \"%s\".", argv[i], cell);
}
}else{
cell = expand_cell_name(argv[i]);
DEBUG("I guess that %s is cell %s.", argv[i], cell);
}
do_aklog = 1;
}
if(do_aklog == 1){
do_aklog = 0;
if(krb_afslog(cell, realm))
errx (1, "Failed getting tokens for cell %s in realm %s.",
cell?cell:"(local cell)", realm?realm:"(local realm)");
}
if(do_createuser == 1) {
do_createuser = 0;
if(createuser(cell))
errx (1, "Failed creating user in cell %s", cell?cell:"(local cell)");
}
}
if(do_aklog == -1 && do_createuser == -1 && krb_afslog(0, realm))
errx (1, "Failed getting tokens for cell %s in realm %s.",
cell?cell:"(local cell)", realm?realm:"(local realm)");
return 0;
}

139
crypto/kerberosIV/appl/afsutil/kstring2key.c
View File

@ -1,139 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $FreeBSD$ */
#include "config.h"
RCSID("$Id: kstring2key.c,v 1.16 1999/12/02 16:58:28 joda Exp $");
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <err.h>
#include <roken.h>
#define OPENSSL_DES_LIBDES_COMPATIBILITY
#include <openssl/des.h>
#include <krb.h>
#define VERIFY 0
static void
usage(void)
{
fprintf(stderr,
"Usage: %s [-c AFS cellname] [ -5 krb5salt ] [ password ]\n",
__progname);
fprintf(stderr,
" krb5salt is realmname APPEND principal APPEND instance\n");
exit(1);
}
static
void
krb5_string_to_key(char *str,
char *salt,
des_cblock *key)
{
char *foo;
asprintf(&foo, "%s%s", str, salt);
if (foo == NULL)
errx (1, "malloc: out of memory");
des_string_to_key(foo, key);
free (foo);
}
int
main(int argc, char **argv)
{
des_cblock key;
char buf[1024];
char *cellname = 0, *salt = 0;
set_progname (argv[0]);
if (argc >= 3 && argv[1][0] == '-' && argv[1][1] == 'c')
{
cellname = argv[2];
argv += 2;
argc -= 2;
}
else if (argc >= 3 && argv[1][0] == '-' && argv[1][1] == '5')
{
salt = argv[2];
argv += 2;
argc -= 2;
}
if (argc >= 2 && argv[1][0] == '-')
usage();
switch (argc) {
case 1:
if (des_read_pw_string(buf, sizeof(buf)-1, "password: ", VERIFY))
errx (1, "Error reading password.");
break;
case 2:
strlcpy(buf, argv[1], sizeof(buf));
break;
default:
usage();
break;
}
if (cellname != 0)
afs_string_to_key(buf, cellname, &key);
else if (salt != 0)
krb5_string_to_key(buf, salt, &key);
else
des_string_to_key(buf, &key);
{
int j;
unsigned char *tkey = (unsigned char *) &key;
printf("ascii = ");
for(j = 0; j < 8; j++)
if(tkey[j] != '\\' && isalpha(tkey[j]) != 0)
printf("%c", tkey[j]);
else
printf("\\%03o",(unsigned char)tkey[j]);
printf("\n");
printf("hex = ");
for(j = 0; j < 8; j++)
printf("%02x",(unsigned char)tkey[j]);
printf("\n");
}
exit(0);
}

136
crypto/kerberosIV/appl/afsutil/pagsh.c
View File

@ -1,136 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
RCSID("$Id: pagsh.c,v 1.22 1999/12/02 16:58:28 joda Exp $");
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#include <time.h>
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
#include <err.h>
#include <roken.h>
#include <krb.h>
#include <kafs.h>
int
main(int argc, char **argv)
{
int f;
char tf[1024];
char *p;
char *path;
char **args;
int i;
do {
snprintf(tf, sizeof(tf), "%s%u_%u", TKT_ROOT, (unsigned int)getuid(),
(unsigned int)(getpid()*time(0)));
f = open(tf, O_CREAT|O_EXCL|O_RDWR);
} while(f < 0);
close(f);
unlink(tf);
setenv("KRBTKFILE", tf, 1);
i = 0;
args = (char **) malloc((argc + 10)*sizeof(char *));
if (args == NULL)
errx (1, "Out of memory allocating %lu bytes",
(unsigned long)((argc + 10)*sizeof(char *)));
argv++;
if(*argv == NULL) {
path = getenv("SHELL");
if(path == NULL){
struct passwd *pw = k_getpwuid(geteuid());
path = strdup(pw->pw_shell);
}
} else {
if(strcmp(*argv, "-c") == 0) argv++;
path = strdup(*argv++);
}
if (path == NULL)
errx (1, "Out of memory copying path");
p=strrchr(path, '/');
if(p)
args[i] = strdup(p+1);
else
args[i] = strdup(path);
if (args[i++] == NULL)
errx (1, "Out of memory copying arguments");
while(*argv)
args[i++] = *argv++;
args[i++] = NULL;
if(k_hasafs())
k_setpag();
execvp(path, args);
if (errno == ENOENT) {
char **sh_args = malloc ((i + 2) * sizeof(char *));
int j;
if (sh_args == NULL)
errx (1, "Out of memory copying sh arguments");
for (j = 1; j < i; ++j)
sh_args[j + 2] = args[j];
sh_args[0] = "sh";
sh_args[1] = "-c";
sh_args[2] = path;
execv ("/bin/sh", sh_args);
}
perror("execvp");
exit(1);
}

136
crypto/kerberosIV/appl/bsd/Makefile.in
View File

@ -1,136 +0,0 @@
# $Id: Makefile.in,v 1.68 1999/03/27 17:05:34 joda Exp $
SHELL = /bin/sh
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
top_builddir = ../..
CC = @CC@
LINK = @LINK@
AR = ar
RANLIB = @RANLIB@
DEFS = @DEFS@ -DBINDIR='"$(bindir)"'
CFLAGS = @CFLAGS@ $(WFLAGS)
WFLAGS = @WFLAGS@
LD_FLAGS = @LD_FLAGS@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
LIBS = @LIBS@
LIB_DBM = @LIB_DBM@
MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
prefix = @prefix@
exec_prefix = @exec_prefix@
libdir = @libdir@
libexecdir = @libexecdir@
bindir = @bindir@
transform=@program_transform_name@
EXECSUFFIX=@EXECSUFFIX@
# Beware, these are all setuid root programs
PROG_SUIDBIN = rsh$(EXECSUFFIX) \
rcp$(EXECSUFFIX) \
rlogin$(EXECSUFFIX) \
su$(EXECSUFFIX)
PROG_BIN = login$(EXECSUFFIX)
PROG_LIBEXEC = rshd$(EXECSUFFIX) \
rlogind$(EXECSUFFIX)
PROGS = $(PROG_SUIDBIN) $(PROG_BIN) $(PROG_LIBEXEC)
SOURCES = rsh.c kcmd.c krcmd.c rlogin.c rcp.c rcp_util.c rshd.c \
login.c klogin.c login_access.c su.c rlogind.c \
login_fbtab.c forkpty.c sysv_default.c sysv_environ.c sysv_shadow.c \
utmp_login.c utmpx_login.c stty_default.c encrypt.c rcmd_util.c tty.c \
osfc2.c
rsh_OBJS = rsh.o kcmd.o krcmd.o encrypt.o rcmd_util.o
rcp_OBJS = rcp.o rcp_util.o kcmd.o krcmd.o encrypt.o rcmd_util.o osfc2.o
rlogin_OBJS = rlogin.o kcmd.o krcmd.o encrypt.o rcmd_util.o
login_OBJS = login.o klogin.o login_fbtab.o login_access.o \
sysv_default.o sysv_environ.o sysv_shadow.o \
utmp_login.o utmpx_login.o stty_default.o tty.o osfc2.o
su_OBJS = su.o
rshd_OBJS = rshd.o encrypt.o rcmd_util.o osfc2.o
rlogind_OBJS = rlogind.o forkpty.o encrypt.o rcmd_util.o tty.o
all: $(PROGS)
Wall:
make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
.c.o:
$(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $<
install: all
$(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
for x in $(PROG_LIBEXEC); do \
$(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x| sed '$(transform)'`; \
done
$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
for x in $(PROG_BIN); do \
$(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
done
-for x in $(PROG_SUIDBIN); do \
$(INSTALL_PROGRAM) -o root -m 04555 $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
done
uninstall:
for x in $(PROG_LIBEXEC); do \
rm -f $(DESTDIR)$(libexecdir)/`echo $$x| sed '$(transform)'`; \
done
for x in $(PROG_BIN); do \
rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
done
for x in $(PROG_SUIDBIN); do \
rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
done
TAGS: $(SOURCES)
etags $(SOURCES)
check:
clean:
rm -f *.a *.o $(PROGS)
mostlyclean: clean
distclean: clean
rm -f Makefile *.tab.c *~
realclean: distclean
rm -f TAGS
KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes
KLIB_AFS=@KRB_KAFS_LIB@ $(KLIB)
OTPLIB=@LIB_otp@
LIBROKEN=-L../../lib/roken -lroken
LIB_security=@LIB_security@
rcp$(EXECSUFFIX): $(rcp_OBJS)
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rcp_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) $(LIB_security)
rsh$(EXECSUFFIX): $(rsh_OBJS)
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rsh_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
rshd$(EXECSUFFIX): $(rshd_OBJS)
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rshd_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) $(LIB_security)
rlogin$(EXECSUFFIX): $(rlogin_OBJS)
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogin_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN)
rlogind$(EXECSUFFIX): $(rlogind_OBJS)
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogind_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
login$(EXECSUFFIX): $(login_OBJS)
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(login_OBJS) $(OTPLIB) $(KLIB_AFS) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) $(LIB_security)
su$(EXECSUFFIX): $(su_OBJS)
$(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(su_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN)
.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean

20
crypto/kerberosIV/appl/bsd/README.login
View File

@ -1,20 +0,0 @@
This login has additional functionalities. They are all based on (part of)
Wietse Venema's logdaemon package.
The following defines can be used:
1) LOGIN_ACCESS to allow access control on a per tty/user combination
2) LOGALL to log all logins
-Guido
This login has some of Berkeley's paranoid/broken (depending on your point
of view) Kerberos code conditionalized out, so that by default it works like
klogin does at MIT-LCS. You can define KLOGIN_PARANOID to re-enable this code.
This define also controls whether a warning message is printed when logging
into a system with no krb.conf file, which usually means that Kerberos is
not configured.
-GAWollman
(removed S/Key, /assar)

401
crypto/kerberosIV/appl/bsd/bsd_locl.h
View File

@ -1,401 +0,0 @@
/*
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: bsd_locl.h,v 1.111 1999/12/02 16:58:28 joda Exp $ */
/* $FreeBSD$ */
#define LOGALL
#ifndef KERBEROS
#define KERBEROS
#endif
#define KLOGIN_PARANOID
#define LOGIN_ACCESS
#define PASSWD_FALLBACK
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
/* Any better way to test NO_MOTD? */
#if (SunOS >= 50) || defined(__hpux)
#define NO_MOTD
#endif
#ifdef HAVE_SHADOW_H
#define SYSV_SHADOW
#endif
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <ctype.h>
#include <setjmp.h>
#include <limits.h>
#include <stdarg.h>
#include <errno.h>
#ifdef HAVE_IO_H
#include <io.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_LIBUTIL_H
#include <libutil.h>
#endif
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef TIME_WITH_SYS_TIME
#include <sys/time.h>
#include <time.h>
#elif defined(HAVE_SYS_TIME_H)
#include <sys/time.h>
#else
#include <time.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifndef S_ISTXT
#ifdef S_ISVTX
#define S_ISTXT S_ISVTX
#else
#define S_ISTXT 0
#endif
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_DIRENT_H
#include <dirent.h>
#endif
#include <signal.h>
#ifdef HAVE_SYS_RESOURCE_H
#include <sys/resource.h>
#endif /* HAVE_SYS_RESOURCE_H */
#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
#endif
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endif
#ifndef NCARGS
#define NCARGS 0x100000 /* (absolute) max # characters in exec arglist */
#endif
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
#ifdef HAVE_GRP_H
#include <grp.h>
#endif
#ifdef HAVE_UTIME_H
#include <utime.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_NETINET_IN_SYSTM_H
#include <netinet/in_systm.h>
#endif
#ifdef HAVE_NETINET_IP_H
#include <netinet/ip.h>
#endif
#ifdef HAVE_NETINET_TCP_H
#include <netinet/tcp.h>
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
#include <sys/ioctl.h>
#endif
#ifdef HAVE_SYS_IOCCOM_H
#include <sys/ioccom.h>
#endif
#ifdef HAVE_SYS_SOCKIO_H
#include <sys/sockio.h>
#endif
#ifdef HAVE_SYS_SELECT_H
#include <sys/select.h>
#endif
#ifdef HAVE_SYS_FILIO_H
#include <sys/filio.h>
#endif
#ifdef HAVE_SYS_STREAM_H
#ifdef HAVE_SYS_UIO_H
#include <sys/uio.h>
#endif /* HAVE_SYS_UIO_H */
#include <sys/stream.h>
#endif /* HAVE_SYS_STREAM_H */
#ifdef HAVE_SYS_PTYVAR_H
#ifdef HAVE_SYS_PROC_H
#include <sys/proc.h>
#endif
#ifdef HAVE_SYS_TTY_H
#include <sys/tty.h>
#endif
#ifdef HAVE_SYS_PTYIO_H
#include <sys/ptyio.h>
#endif
#include <sys/ptyvar.h>
#endif /* HAVE_SYS_PTYVAR_H */
/* Cray stuff */
#ifdef HAVE_UDB_H
#include <udb.h>
#endif
#ifdef HAVE_SYS_CATEGORY_H
#include <sys/category.h>
#endif
/* Strange ioctls that are not always defined */
#ifndef TIOCPKT_FLUSHWRITE
#define TIOCPKT_FLUSHWRITE 0x02
#endif
#ifndef TIOCPKT_NOSTOP
#define TIOCPKT_NOSTOP 0x10
#endif
#ifndef TIOCPKT_DOSTOP
#define TIOCPKT_DOSTOP 0x20
#endif
#ifndef TIOCPKT
#define TIOCPKT _IOW('t', 112, int) /* pty: set/clear packet mode */
#endif
#ifdef HAVE_LASTLOG_H
#include <lastlog.h>
#endif
#ifdef HAVE_LOGIN_H
#include <login.h>
#endif
#ifdef HAVE_TTYENT_H
#include <ttyent.h>
#endif
#ifdef HAVE_STROPTS_H
#include <stropts.h>
#endif
#ifdef HAVE_UTMP_H
#include <utmp.h>
#ifndef UT_NAMESIZE
#define UT_NAMESIZE sizeof(((struct utmp *)0)->ut_name)
#endif
#endif
#ifdef HAVE_UTMPX_H
#include <utmpx.h>
#endif
#ifdef HAVE_USERPW_H
#include <userpw.h>
#endif /* HAVE_USERPW_H */
#ifdef HAVE_USERSEC_H
struct aud_rec;
#include <usersec.h>
#endif /* HAVE_USERSEC_H */
#ifdef HAVE_OSFC2
#include "/usr/include/prot.h"
#endif
#ifndef PRIO_PROCESS
#define PRIO_PROCESS 0
#endif
#include <err.h>
#include <roken.h>
#ifdef SOCKS
#include <socks.h>
/* This doesn't belong here. */
struct tm *localtime(const time_t *);
struct hostent *gethostbyname(const char *);
#endif
#define OPENSSL_DES_LIBDES_COMPATIBILITY
#include <openssl/des.h>
#include <krb.h>
#include <kafs.h>
int kcmd(int *sock, char **ahost, u_int16_t rport, char *locuser,
char *remuser, char *cmd, int *fd2p, KTEXT ticket,
char *service, char *realm, CREDENTIALS *cred,
Key_schedule schedule, MSG_DAT *msg_data,
struct sockaddr_in *laddr, struct sockaddr_in *faddr,
int32_t authopts);
int krcmd(char **ahost, u_int16_t rport, char *remuser, char *cmd,
int *fd2p, char *realm);
int krcmd_mutual(char **ahost, u_int16_t rport, char *remuser,
char *cmd,int *fd2p, char *realm,
CREDENTIALS *cred, Key_schedule sched);
int klogin(struct passwd *pw, char *instance, char *localhost, char *password);
#if 0
typedef struct {
int cnt;
char *buf;
} BUF;
#endif
char *colon(char *cp);
int okname(char *cp0);
int susystem(char *s, int userid);
int forkpty(int *amaster, char *name,
struct termios *termp, struct winsize *winp);
int forkpty_truncate(int *amaster, char *name, size_t name_sz,
struct termios *termp, struct winsize *winp);
#ifndef MODEMASK
#define MODEMASK (S_ISUID|S_ISGID|S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO)
#endif
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
#ifdef HAVE_MAILLOCK_H
#include <maillock.h>
#endif
#include "pathnames.h"
void stty_default (void);
int utmpx_login(char *line, char *user, char *host);
extern char **environ;
void sysv_newenv(int argc, char **argv, struct passwd *pwd,
char *term, int pflag);
int login_access(struct passwd *user, char *from);
void fatal(int f, const char *msg, int syserr);
extern int LEFT_JUSTIFIED;
/* used in des_read and des_write */
#define DES_RW_MAXWRITE (1024*16)
#define DES_RW_BSIZE (DES_RW_MAXWRITE+4)
void sysv_defaults(void);
void utmp_login(char *tty, char *username, char *hostname);
void sleepexit (int);
#ifndef HAVE_SETPRIORITY
#define setpriority(which, who, niceval) 0
#endif
#ifndef HAVE_GETPRIORITY
#define getpriority(which, who) 0
#endif
#ifdef HAVE_TERMIOS_H
#include <termios.h>
#endif
#ifndef _POSIX_VDISABLE
#define _POSIX_VDISABLE 0
#endif /* _POSIX_VDISABLE */
#if SunOS == 40
#include <sys/ttold.h>
#endif
#if defined(HAVE_SYS_TERMIO_H) && !defined(HAVE_TERMIOS_H)
#include <sys/termio.h>
#endif
#ifndef CEOF
#define CEOF 04
#endif
/* concession to Sun */
#ifndef SIGUSR1
#define SIGUSR1 30
#endif
#ifndef TIOCPKT_WINDOW
#define TIOCPKT_WINDOW 0x80
#endif
int get_shell_port(int kerberos, int encryption);
int get_login_port(int kerberos, int encryption);
int speed_t2int (speed_t);
speed_t int2speed_t (int);
void ip_options_and_die (int sock, struct sockaddr_in *);
void warning(const char *fmt, ...)
#ifdef __GNUC__
__attribute__ ((format (printf, 1, 2)))
#endif
;
char *clean_ttyname (char *tty);
char *make_id (char *tty);
#ifdef HAVE_UTMP_H
void prepare_utmp (struct utmp *utmp, char *tty, char *username,
char *hostname);
#endif
int do_osfc2_magic(uid_t);
void paranoid_setuid (uid_t uid);

305
crypto/kerberosIV/appl/bsd/encrypt.c
View File

@ -1,305 +0,0 @@
/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
* by Eric Young (eay@mincom.oz.au).
* The implementation was written so as to conform with Netscapes SSL
* specification. This library and applications are
* FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
* as long as the following conditions are aheared to.
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed. If this code is used in a product,
* Eric Young should be given attribution as the author of the parts used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by Eric Young (eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include "bsd_locl.h"
RCSID("$Id: encrypt.c,v 1.4 1999/06/17 18:47:26 assar Exp $");
/* replacements for htonl and ntohl since I have no idea what to do
* when faced with machines with 8 byte longs. */
#define HDRSIZE 4
#define n2l(c,l) (l =((u_int32_t)(*((c)++)))<<24, \
l|=((u_int32_t)(*((c)++)))<<16, \
l|=((u_int32_t)(*((c)++)))<< 8, \
l|=((u_int32_t)(*((c)++))))
#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
*((c)++)=(unsigned char)(((l)>>16)&0xff), \
*((c)++)=(unsigned char)(((l)>> 8)&0xff), \
*((c)++)=(unsigned char)(((l) )&0xff))
/* This has some uglies in it but it works - even over sockets. */
extern int errno;
int des_rw_mode=DES_PCBC_MODE;
int LEFT_JUSTIFIED = 0;
int
des_enc_read(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv)
{
/* data to be unencrypted */
int net_num=0;
unsigned char net[DES_RW_BSIZE];
/* extra unencrypted data
* for when a block of 100 comes in but is des_read one byte at
* a time. */
static char unnet[DES_RW_BSIZE];
static int unnet_start=0;
static int unnet_left=0;
int i;
long num=0,rnum;
unsigned char *p;
/* left over data from last decrypt */
if (unnet_left != 0)
{
if (unnet_left < len)
{
/* we still still need more data but will return
* with the number of bytes we have - should always
* check the return value */
memcpy(buf,&(unnet[unnet_start]),unnet_left);
/* eay 26/08/92 I had the next 2 lines
* reversed :-( */
i=unnet_left;
unnet_start=unnet_left=0;
}
else
{
memcpy(buf,&(unnet[unnet_start]),len);
unnet_start+=len;
unnet_left-=len;
i=len;
}
return(i);
}
/* We need to get more data. */
if (len > DES_RW_MAXWRITE) len=DES_RW_MAXWRITE;
/* first - get the length */
net_num=0;
while (net_num < HDRSIZE)
{
i=read(fd,&(net[net_num]),(unsigned int)HDRSIZE-net_num);
if ((i == -1) && (errno == EINTR)) continue;
if (i <= 0) return(0);
net_num+=i;
}
/* we now have at net_num bytes in net */
p=net;
num=0;
n2l(p,num);
/* num should be rounded up to the next group of eight
* we make sure that we have read a multiple of 8 bytes from the net.
*/
if ((num > DES_RW_MAXWRITE) || (num < 0)) /* error */
return(-1);
rnum=(num < 8)?8:((num+7)/8*8);
net_num=0;
while (net_num < rnum)
{
i=read(fd,&(net[net_num]),(unsigned int)rnum-net_num);
if ((i == -1) && (errno == EINTR)) continue;
if (i <= 0) return(0);
net_num+=i;
}
/* Check if there will be data left over. */
if (len < num)
{
if (des_rw_mode & DES_PCBC_MODE)
des_pcbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
num,sched,iv,DES_DECRYPT);
else
des_cbc_encrypt((des_cblock *)net,(des_cblock *)unnet,
num,sched,iv,DES_DECRYPT);
memcpy(buf,unnet,len);
unnet_start=len;
unnet_left=num-len;
/* The following line is done because we return num
* as the number of bytes read. */
num=len;
}
else
{
/* >output is a multiple of 8 byes, if len < rnum
* >we must be careful. The user must be aware that this
* >routine will write more bytes than he asked for.
* >The length of the buffer must be correct.
* FIXED - Should be ok now 18-9-90 - eay */
if (len < rnum)
{
char tmpbuf[DES_RW_BSIZE];
if (des_rw_mode & DES_PCBC_MODE)
des_pcbc_encrypt((des_cblock *)net,
(des_cblock *)tmpbuf,
num,sched,iv,DES_DECRYPT);
else
des_cbc_encrypt((des_cblock *)net,
(des_cblock *)tmpbuf,
num,sched,iv,DES_DECRYPT);
/* eay 26/08/92 fix a bug that returned more
* bytes than you asked for (returned len bytes :-( */
if (LEFT_JUSTIFIED || (len >= 8))
memcpy(buf,tmpbuf,num);
else
memcpy(buf,tmpbuf+(8-num),num); /* Right justified */
}
else if (num >= 8)
{
if (des_rw_mode & DES_PCBC_MODE)
des_pcbc_encrypt((des_cblock *)net,
(des_cblock *)buf,num,sched,iv,
DES_DECRYPT);
else
des_cbc_encrypt((des_cblock *)net,
(des_cblock *)buf,num,sched,iv,
DES_DECRYPT);
}
else
{
if (des_rw_mode & DES_PCBC_MODE)
des_pcbc_encrypt((des_cblock *)net,
(des_cblock *)buf,8,sched,iv,
DES_DECRYPT);
else
des_cbc_encrypt((des_cblock *)net,
(des_cblock *)buf,8,sched,iv,
DES_DECRYPT);
if (!LEFT_JUSTIFIED)
memcpy(buf, buf+(8-num), num); /* Right justified */
}
}
return(num);
}
int
des_enc_write(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv)
{
long rnum;
int i,j,k,outnum;
char outbuf[DES_RW_BSIZE+HDRSIZE];
char shortbuf[8];
char *p;
static int start=1;
/* If we are sending less than 8 bytes, the same char will look
* the same if we don't pad it out with random bytes */
if (start)
{
start=0;
srand(time(NULL));
}
/* lets recurse if we want to send the data in small chunks */
if (len > DES_RW_MAXWRITE)
{
j=0;
for (i=0; i<len; i+=k)
{
k=des_enc_write(fd,&(buf[i]),
((len-i) > DES_RW_MAXWRITE)?DES_RW_MAXWRITE:(len-i),sched,iv);
if (k < 0)
return(k);
else
j+=k;
}
return(j);
}
/* write length first */
p=outbuf;
l2n(len,p);
/* pad short strings */
if (len < 8)
{
if (LEFT_JUSTIFIED)
{
p=shortbuf;
memcpy(shortbuf,buf,(unsigned int)len);
for (i=len; i<8; i++)
shortbuf[i]=rand();
rnum=8;
}
else
{
p=shortbuf;
for (i=0; i<8-len; i++)
shortbuf[i]=rand();
memcpy(shortbuf + 8 - len, buf, len);
rnum=8;
}
}
else
{
p=buf;
rnum=((len+7)/8*8); /* round up to nearest eight */
}
if (des_rw_mode & DES_PCBC_MODE)
des_pcbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]),
(long)((len<8)?8:len),sched,iv,DES_ENCRYPT);
else
des_cbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]),
(long)((len<8)?8:len),sched,iv,DES_ENCRYPT);
/* output */
outnum=rnum+HDRSIZE;
for (j=0; j<outnum; j+=i)
{
/* eay 26/08/92 I was not doing writing from where we
* got upto. */
i=write(fd,&(outbuf[j]),(unsigned int)(outnum-j));
if (i == -1)
{
if (errno == EINTR)
i=0;
else /* This is really a bad error - very bad
* It will stuff-up both ends. */
return(-1);
}
}
return(len);
}

477
crypto/kerberosIV/appl/bsd/forkpty.c
View File

@ -1,477 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "bsd_locl.h"
#ifndef HAVE_FORKPTY
RCSID("$Id: forkpty.c,v 1.57 1999/12/02 16:58:28 joda Exp $");
/* Only CRAY is known to have problems with forkpty(). */
#if defined(CRAY)
static int forkpty_ok = 0;
#else
static int forkpty_ok = 1;
#endif
#ifndef HAVE_PTSNAME
static char *ptsname(int fd)
{
#ifdef HAVE_TTYNAME
return ttyname(fd);
#else
return NULL;
#endif
}
#endif
#ifndef HAVE_GRANTPT
#define grantpt(fdm) (0)
#endif
#ifndef HAVE_UNLOCKPT
#define unlockpt(fdm) (0)
#endif
#ifndef HAVE_VHANGUP
#define vhangup() (0)
#endif
#ifndef HAVE_REVOKE
static
void
revoke(char *line)
{
int slave;
RETSIGTYPE (*ofun)();
if ( (slave = open(line, O_RDWR)) < 0)
return;
ofun = signal(SIGHUP, SIG_IGN);
vhangup();
signal(SIGHUP, ofun);
/*
* Some systems (atleast SunOS4) want to have the slave end open
* at all times to prevent a race in the child. Login will close
* it so it should really not be a problem. However for the
* paranoid we use the close on exec flag so it will only be open
* in the parent. Additionally since this will be the controlling
* tty of rlogind the final vhangup() in rlogind should hangup all
* processes. A working revoke would of course have been prefered
* though (sigh).
*/
fcntl(slave, F_SETFD, 1);
/* close(slave); */
}
#endif
static int pty_major, pty_minor;
static void
pty_scan_start(void)
{
pty_major = -1;
pty_minor = 0;
}
static char *bsd_1 = "0123456789abcdefghijklmnopqrstuv";
/* there are many more */
static char *bsd_2 = "pqrstuvwxyzabcdefghijklmnoABCDEFGHIJKLMNOPQRSTUVWXYZ";
static int
pty_scan_next(char *buf, size_t sz)
{
#ifdef CRAY
if(++pty_major >= sysconf(_SC_CRAY_NPTY))
return -1;
snprintf(buf, sz, "/dev/pty/%03d", pty_major);
#else
if(++pty_major == strlen(bsd_1)){
pty_major = 0;
if(++pty_minor == strlen(bsd_2))
return -1;
}
#ifdef __hpux
snprintf(buf, sz, "/dev/ptym/pty%c%c", bsd_2[pty_major], bsd_1[pty_minor]);
#else
snprintf(buf, sz, "/dev/pty%c%c", bsd_2[pty_major], bsd_1[pty_minor]);
#endif /* __hpux */
#endif /* CRAY */
return 0;
}
static void
pty_scan_tty(char *buf, size_t sz)
{
#ifdef CRAY
snprintf(buf, sz, "/dev/ttyp%03d", pty_major);
#elif defined(__hpux)
snprintf(buf, sz, "/dev/pty/tty%c%c", bsd_2[pty_major], bsd_1[pty_minor]);
#else
snprintf(buf, sz, "/dev/tty%c%c", bsd_2[pty_major], bsd_1[pty_minor]);
#endif
}
static int
ptym_open_streams_flavor(char *pts_name,
size_t pts_name_sz,
int *streams_pty)
{
/* Try clone device master ptys */
const char *const clone[] = { "/dev/ptc", "/dev/ptmx",
"/dev/ptm", "/dev/ptym/clone", 0 };
int fdm;
const char *const *q;
for (q = clone; *q; q++) {
fdm = open(*q, O_RDWR);
if (fdm >= 0)
break;
}
if (fdm >= 0) {
char *ptr1;
if ((ptr1 = ptsname(fdm)) != NULL) /* Get slave's name */
/* Return name of slave */
strlcpy(pts_name, ptr1, pts_name_sz);
else {
close(fdm);
return(-4);
}
if (grantpt(fdm) < 0) { /* Grant access to slave */
close(fdm);
return(-2);
}
if (unlockpt(fdm) < 0) { /* Clear slave's lock flag */
close(fdm);
return(-3);
}
return(fdm); /* return fd of master */
}
return -1;
}
static int
ptym_open_bsd_flavor(char *pts_name, size_t pts_name_sz, int *streams_pty)
{
int fdm;
char ptm[MaxPathLen];
pty_scan_start();
while (pty_scan_next(ptm, sizeof(ptm)) != -1) {
fdm = open(ptm, O_RDWR);
if (fdm < 0)
continue;
#if SunOS == 40
/* Avoid a bug in SunOS4 ttydriver */
if (fdm > 0) {
int pgrp;
if ((ioctl(fdm, TIOCGPGRP, &pgrp) == -1)
&& (errno == EIO))
/* All fine */;
else {
close(fdm);
continue;
}
}
#endif
pty_scan_tty(pts_name, sizeof(ptm));
#if CRAY
/* this is some magic from the telnet code */
{
struct stat sb;
if(stat(pts_name, &sb) < 0) {
close(fdm);
continue;
}
if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) {
chown(pts_name, 0, 0);
chmod(pts_name, 0600);
close(fdm);
fdm = open(ptm, 2);
if (fdm < 0)
continue;
}
}
/*
* Now it should be safe...check for accessability.
*/
if (access(pts_name, 6) != 0){
/* no tty side to pty so skip it */
close(fdm);
continue;
}
#endif
return fdm; /* All done! */
}
/* We failed to find BSD style pty */
errno = ENOENT;
return -1;
}
/*
*
* Open a master pty either using the STREAM flavor or the BSD flavor.
* Depending on if there are any free ptys in the different classes we
* need to try both. Normally try STREAMS first and then BSD.
*
* Kludge alert: Under HP-UX 10 and perhaps other systems STREAM ptys
* doesn't get initialized properly so we try them in different order
* until the problem has been resolved.
*
*/
static int
ptym_open(char *pts_name, size_t pts_name_sz, int *streams_pty)
{
int fdm;
#ifdef HAVE__GETPTY
{
char *p = _getpty(&fdm, O_RDWR, 0600, 1);
if (p) {
*streams_pty = 1;
strlcpy (pts_name, p, pts_name_sz);
return fdm;
}
}
#endif
#ifdef STREAMSPTY
fdm = ptym_open_streams_flavor(pts_name, pts_name_sz, streams_pty);
if (fdm >= 0)
{
*streams_pty = 1;
return fdm;
}
#endif
fdm = ptym_open_bsd_flavor(pts_name, pts_name_sz, streams_pty);
if (fdm >= 0)
{
*streams_pty = 0;
return fdm;
}
#ifndef STREAMSPTY
fdm = ptym_open_streams_flavor(pts_name, pts_name_sz, streams_pty);
if (fdm >= 0)
{
*streams_pty = 1;
return fdm;
}
#endif
return -1;
}
static int
maybe_push_modules(int fd, char **modules)
{
#ifdef I_PUSH
char **p;
int err;
for(p=modules; *p; p++){
err=ioctl(fd, I_FIND, *p);
if(err == 1)
break;
if(err < 0 && errno != EINVAL)
return -17;
/* module not pushed or does not exist */
}
/* p points to null or to an already pushed module, now push all
modules before this one */
for(p--; p >= modules; p--){
err = ioctl(fd, I_PUSH, *p);
if(err < 0 && errno != EINVAL)
return -17;
}
#endif
return 0;
}
static int
ptys_open(int fdm, char *pts_name, int streams_pty)
{
int fds;
if (streams_pty) {
/* Streams style slave ptys */
if ( (fds = open(pts_name, O_RDWR)) < 0) {
close(fdm);
return(-5);
}
{
char *ttymodules[] = { "ttcompat", "ldterm", "ptem", NULL };
char *ptymodules[] = { "pckt", NULL };
if(maybe_push_modules(fds, ttymodules)<0){
close(fdm);
close(fds);
return -6;
}
if(maybe_push_modules(fdm, ptymodules)<0){
close(fdm);
close(fds);
return -7;
}
}
} else {
/* BSD style slave ptys */
struct group *grptr;
int gid;
if ( (grptr = getgrnam("tty")) != NULL)
gid = grptr->gr_gid;
else
gid = -1; /* group tty is not in the group file */
/* Grant access to slave */
if (chown(pts_name, getuid(), gid) < 0)
fatal(0, "chown slave tty failed", 1);
if (chmod(pts_name, S_IRUSR | S_IWUSR | S_IWGRP) < 0)
fatal(0, "chmod slave tty failed", 1);
if ( (fds = open(pts_name, O_RDWR)) < 0) {
close(fdm);
return(-1);
}
}
return(fds);
}
int
forkpty_truncate(int *ptrfdm,
char *slave_name,
size_t slave_name_sz,
struct termios *slave_termios,
struct winsize *slave_winsize)
{
int fdm, fds, streams_pty;
pid_t pid;
char pts_name[20];
if (!forkpty_ok)
fatal(0, "Protocol not yet supported, use telnet", 0);
if ( (fdm = ptym_open(pts_name, sizeof(pts_name), &streams_pty)) < 0)
return -1;
if (slave_name != NULL)
/* Return name of slave */
strlcpy(slave_name, pts_name, slave_name_sz);
pid = fork();
if (pid < 0)
return(-1);
else if (pid == 0) { /* Child */
if (setsid() < 0)
fatal(0, "setsid() failure", errno);
revoke(slave_name);
#if defined(NeXT) || defined(ultrix)
/* The NeXT is severely broken, this makes things slightly
* better but we still doesn't get a working pty. If there
* where a TIOCSCTTY we could perhaps fix things but... The
* same problem also exists in xterm! */
if (setpgrp(0, 0) < 0)
fatal(0, "NeXT kludge failed setpgrp", errno);
#endif
/* SVR4 acquires controlling terminal on open() */
if ( (fds = ptys_open(fdm, pts_name, streams_pty)) < 0)
return -1;
close(fdm); /* All done with master in child */
#if defined(TIOCSCTTY) && !defined(CIBAUD) && !defined(__hpux)
/* 44BSD way to acquire controlling terminal */
/* !CIBAUD to avoid doing this under SunOS */
if (ioctl(fds, TIOCSCTTY, (char *) 0) < 0)
return -1;
#endif
#if defined(NeXT)
{
int t = open("/dev/tty", O_RDWR);
if (t < 0)
fatal(0, "Failed to open /dev/tty", errno);
close(fds);
fds = t;
}
#endif
/* Set slave's termios and window size */
if (slave_termios != NULL) {
if (tcsetattr(fds, TCSANOW, slave_termios) < 0)
return -1;
}
#ifdef TIOCSWINSZ
if (slave_winsize != NULL) {
if (ioctl(fds, TIOCSWINSZ, slave_winsize) < 0)
return -1;
}
#endif
/* slave becomes stdin/stdout/stderr of child */
if (dup2(fds, STDIN_FILENO) != STDIN_FILENO)
return -1;
if (dup2(fds, STDOUT_FILENO) != STDOUT_FILENO)
return -1;
if (dup2(fds, STDERR_FILENO) != STDERR_FILENO)
return -1;
if (fds > STDERR_FILENO)
close(fds);
return(0); /* child returns 0 just like fork() */
}
else { /* Parent */
*ptrfdm = fdm; /* Return fd of master */
return(pid); /* Parent returns pid of child */
}
}
int
forkpty(int *ptrfdm,
char *slave_name,
struct termios *slave_termios,
struct winsize *slave_winsize)
{
return forkpty_truncate (ptrfdm,
slave_name,
MaxPathLen,
slave_termios,
slave_winsize);
}
#endif /* HAVE_FORKPTY */

280
crypto/kerberosIV/appl/bsd/kcmd.c
View File

@ -1,280 +0,0 @@
/*
* Copyright (c) 1983, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "bsd_locl.h"
RCSID("$Id: kcmd.c,v 1.20.4.1 2000/10/10 12:55:55 assar Exp $");
#define START_PORT 5120 /* arbitrary */
static int
getport(int *alport)
{
struct sockaddr_in sin;
int s;
sin.sin_family = AF_INET;
sin.sin_addr.s_addr = INADDR_ANY;
s = socket(AF_INET, SOCK_STREAM, 0);
if (s < 0)
return (-1);
for (;;) {
sin.sin_port = htons((u_short)*alport);
if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
return (s);
if (errno != EADDRINUSE) {
close(s);
return (-1);
}
(*alport)--;
#ifdef ATHENA_COMPAT
if (*alport == IPPORT_RESERVED/2) {
#else
if (*alport == IPPORT_RESERVED) {
#endif
close(s);
errno = EAGAIN; /* close */
return (-1);
}
}
}
int
kcmd(int *sock,
char **ahost,
u_int16_t rport,
char *locuser,
char *remuser,
char *cmd,
int *fd2p,
KTEXT ticket,
char *service,
char *realm,
CREDENTIALS *cred,
Key_schedule schedule,
MSG_DAT *msg_data,
struct sockaddr_in *laddr,
struct sockaddr_in *faddr,
int32_t authopts)
{
int s, timo = 1;
pid_t pid;
struct sockaddr_in sin, from;
char c;
#ifdef ATHENA_COMPAT
int lport = IPPORT_RESERVED - 1;
#else
int lport = START_PORT;
#endif
struct hostent *hp;
int rc;
char *host_save;
int status;
char **h_addr_list;
pid = getpid();
hp = gethostbyname(*ahost);
if (hp == NULL) {
/* fprintf(stderr, "%s: unknown host\n", *ahost); */
return (-1);
}
host_save = strdup(hp->h_name);
if (host_save == NULL)
return -1;
*ahost = host_save;
h_addr_list = hp->h_addr_list;
/* If realm is null, look up from table */
if (realm == NULL || realm[0] == '\0')
realm = krb_realmofhost(host_save);
for (;;) {
s = getport(&lport);
if (s < 0) {
if (errno == EAGAIN)
warnx("kcmd(socket): All ports in use\n");
else
warn("kcmd: socket");
return (-1);
}
sin.sin_family = hp->h_addrtype;
memcpy (&sin.sin_addr, h_addr_list[0], sizeof(sin.sin_addr));
sin.sin_port = rport;
if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0)
break;
close(s);
if (errno == EADDRINUSE) {
lport--;
continue;
}
/*
* don't wait very long for Kerberos rcmd.
*/
if (errno == ECONNREFUSED && timo <= 4) {
/* sleep(timo); don't wait at all here */
timo *= 2;
continue;
}
if (h_addr_list[1] != NULL) {
warn ("kcmd: connect (%s)",
inet_ntoa(sin.sin_addr));
h_addr_list++;
memcpy(&sin.sin_addr,
*h_addr_list,
sizeof(sin.sin_addr));
fprintf(stderr, "Trying %s...\n",
inet_ntoa(sin.sin_addr));
continue;
}
if (errno != ECONNREFUSED)
warn ("connect(%s)", hp->h_name);
return (-1);
}
lport--;
if (fd2p == 0) {
write(s, "", 1);
lport = 0;
} else {
char num[8];
int s2 = getport(&lport), s3;
int len = sizeof(from);
if (s2 < 0) {
status = -1;
goto bad;
}
listen(s2, 1);
snprintf(num, sizeof(num), "%d", lport);
if (write(s, num, strlen(num) + 1) != strlen(num) + 1) {
warn("kcmd(write): setting up stderr");
close(s2);
status = -1;
goto bad;
}
{
fd_set fds;
FD_ZERO(&fds);
if (s >= FD_SETSIZE || s2 >= FD_SETSIZE) {
warnx("file descriptor too large");
close(s);
close(s2);
status = -1;
goto bad;
}
FD_SET(s, &fds);
FD_SET(s2, &fds);
status = select(FD_SETSIZE, &fds, NULL, NULL, NULL);
if(FD_ISSET(s, &fds)){
warnx("kcmd: connection unexpectedly closed.");
close(s2);
status = -1;
goto bad;
}
}
s3 = accept(s2, (struct sockaddr *)&from, &len);
close(s2);
if (s3 < 0) {
warn ("kcmd: accept");
lport = 0;
status = -1;
goto bad;
}
*fd2p = s3;
from.sin_port = ntohs((u_short)from.sin_port);
if (from.sin_family != AF_INET ||
from.sin_port >= IPPORT_RESERVED) {
warnx("kcmd(socket): "
"protocol failure in circuit setup.");
status = -1;
goto bad2;
}
}
/*
* Kerberos-authenticated service. Don't have to send locuser,
* since its already in the ticket, and we'll extract it on
* the other side.
*/
/* write(s, locuser, strlen(locuser)+1); */
/* set up the needed stuff for mutual auth, but only if necessary */
if (authopts & KOPT_DO_MUTUAL) {
int sin_len;
*faddr = sin;
sin_len = sizeof(struct sockaddr_in);
if (getsockname(s, (struct sockaddr *)laddr, &sin_len) < 0) {
warn("kcmd(getsockname)");
status = -1;
goto bad2;
}
}
if ((status = krb_sendauth(authopts, s, ticket, service, *ahost,
realm, (unsigned long) getpid(), msg_data,
cred, schedule,
laddr,
faddr,
"KCMDV0.1")) != KSUCCESS)
goto bad2;
write(s, remuser, strlen(remuser)+1);
write(s, cmd, strlen(cmd)+1);
if ((rc = read(s, &c, 1)) != 1) {
if (rc == -1)
warn("read(%s)", *ahost);
else
warnx("kcmd: bad connection with remote host");
status = -1;
goto bad2;
}
if (c != '\0') {
while (read(s, &c, 1) == 1) {
write(2, &c, 1);
if (c == '\n')
break;
}
status = -1;
goto bad2;
}
*sock = s;
return (KSUCCESS);
bad2:
if (lport)
close(*fd2p);
bad:
close(s);
return (status);
}

229
crypto/kerberosIV/appl/bsd/klogin.c
View File

@ -1,229 +0,0 @@
/*-
* Copyright (c) 1990, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "bsd_locl.h"
RCSID("$Id: klogin.c,v 1.27 1999/10/04 16:11:48 bg Exp $");
#ifdef KERBEROS
#define VERIFY_SERVICE "rcmd"
extern int notickets;
extern char *krbtkfile_env;
static char tkt_location[MaxPathLen];
static int
multiple_get_tkt(char *name,
char *instance,
char *realm,
char *service,
char *sinstance,
int life,
char *password)
{
int ret;
int n;
char rlm[256];
/* First try to verify against the supplied realm. */
ret = krb_get_pw_in_tkt(name, instance, realm, service, realm, life,
password);
if(ret == KSUCCESS)
return KSUCCESS;
/* Verify all local realms, except the supplied realm. */
for (n = 1; krb_get_lrealm(rlm, n) == KSUCCESS; n++)
if (strcmp(rlm, realm) != 0) {
ret = krb_get_pw_in_tkt(name, instance, rlm,service, rlm,life, password);
if (ret == KSUCCESS)
return KSUCCESS;
}
return ret;
}
/*
* Attempt to log the user in using Kerberos authentication
*
* return 0 on success (will be logged in)
* 1 if Kerberos failed (try local password in login)
*/
int
klogin(struct passwd *pw, char *instance, char *localhost, char *password)
{
int kerror;
AUTH_DAT authdata;
KTEXT_ST ticket;
struct hostent *hp;
u_int32_t faddr;
char realm[REALM_SZ], savehost[MaxHostNameLen];
extern int noticketsdontcomplain;
#ifdef KLOGIN_PARANOID
noticketsdontcomplain = 0; /* enable warning message */
#endif
/*
* Root logins don't use Kerberos.
* If we have a realm, try getting a ticket-granting ticket
* and using it to authenticate. Otherwise, return
* failure so that we can try the normal passwd file
* for a password. If that's ok, log the user in
* without issuing any tickets.
*/
if (strcmp(pw->pw_name, "root") == 0 ||
krb_get_lrealm(realm, 1) != KSUCCESS)
return (1);
noticketsdontcomplain = 0; /* enable warning message */
/*
* get TGT for local realm
* tickets are stored in a file named TKT_ROOT plus uid
* except for user.root tickets.
*/
if (strcmp(instance, "root") != 0)
snprintf(tkt_location, sizeof(tkt_location),
"%s%u_%u",
TKT_ROOT, (unsigned)pw->pw_uid, (unsigned)getpid());
else {
snprintf(tkt_location, sizeof(tkt_location),
"%s_root_%d", TKT_ROOT,
(unsigned)pw->pw_uid);
}
krbtkfile_env = tkt_location;
krb_set_tkt_string(tkt_location);
/*
* Set real as well as effective ID to 0 for the moment,
* to make the kerberos library do the right thing.
*/
if (setuid(0) < 0) {
warnx("setuid");
return (1);
}
/*
* Get ticket
*/
kerror = multiple_get_tkt(pw->pw_name,
instance,
realm,
KRB_TICKET_GRANTING_TICKET,
realm,
DEFAULT_TKT_LIFE,
password);
/*
* If we got a TGT, get a local "rcmd" ticket and check it so as to
* ensure that we are not talking to a bogus Kerberos server.
*
* There are 2 cases where we still allow a login:
* 1: the VERIFY_SERVICE doesn't exist in the KDC
* 2: local host has no srvtab, as (hopefully) indicated by a
* return value of RD_AP_UNDEC from krb_rd_req().
*/
if (kerror != INTK_OK) {
if (kerror != INTK_BADPW && kerror != KDC_PR_UNKNOWN) {
syslog(LOG_ERR, "Kerberos intkt error: %s",
krb_get_err_text(kerror));
dest_tkt();
}
return (1);
}
if (chown(TKT_FILE, pw->pw_uid, pw->pw_gid) < 0)
syslog(LOG_ERR, "chown tkfile (%s): %m", TKT_FILE);
strlcpy(savehost, krb_get_phost(localhost), sizeof(savehost));
#ifdef KLOGIN_PARANOID
/*
* if the "VERIFY_SERVICE" doesn't exist in the KDC for this host,
* don't allow kerberos login, also log the error condition.
*/
kerror = krb_mk_req(&ticket, VERIFY_SERVICE, savehost, realm, 33);
if (kerror == KDC_PR_UNKNOWN) {
syslog(LOG_NOTICE,
"warning: TGT not verified (%s); %s.%s not registered, or srvtab is wrong?",
krb_get_err_text(kerror), VERIFY_SERVICE, savehost);
notickets = 0;
return (1);
}
if (kerror != KSUCCESS) {
warnx("unable to use TGT: (%s)", krb_get_err_text(kerror));
syslog(LOG_NOTICE, "unable to use TGT: (%s)",
krb_get_err_text(kerror));
dest_tkt();
return (1);
}
if (!(hp = gethostbyname(localhost))) {
syslog(LOG_ERR, "couldn't get local host address");
dest_tkt();
return (1);
}
memcpy(&faddr, hp->h_addr, sizeof(faddr));
kerror = krb_rd_req(&ticket, VERIFY_SERVICE, savehost, faddr,
&authdata, "");
if (kerror == KSUCCESS) {
notickets = 0;
return (0);
}
/* undecipherable: probably didn't have a srvtab on the local host */
if (kerror == RD_AP_UNDEC) {
syslog(LOG_NOTICE, "krb_rd_req: (%s)\n", krb_get_err_text(kerror));
dest_tkt();
return (1);
}
/* failed for some other reason */
warnx("unable to verify %s ticket: (%s)", VERIFY_SERVICE,
krb_get_err_text(kerror));
syslog(LOG_NOTICE, "couldn't verify %s ticket: %s", VERIFY_SERVICE,
krb_get_err_text(kerror));
dest_tkt();
return (1);
#else
notickets = 0;
return (0);
#endif
}
#endif

117
crypto/kerberosIV/appl/bsd/krcmd.c
View File

@ -1,117 +0,0 @@
/*
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "bsd_locl.h"
RCSID("$Id: krcmd.c,v 1.10 1997/03/30 18:20:18 joda Exp $");
#define SERVICE_NAME "rcmd"
/*
* krcmd: simplified version of Athena's "kcmd"
* returns a socket attached to the destination, -1 or krb error on error
* if fd2p is non-NULL, another socket is filled in for it
*/
int
krcmd(char **ahost, u_short rport, char *remuser, char *cmd, int *fd2p, char *realm)
{
int sock = -1, err = 0;
KTEXT_ST ticket;
long authopts = 0L;
err = kcmd(
&sock,
ahost,
rport,
NULL, /* locuser not used */
remuser,
cmd,
fd2p,
&ticket,
SERVICE_NAME,
realm,
(CREDENTIALS *) NULL, /* credentials not used */
0, /* key schedule not used */
(MSG_DAT *) NULL, /* MSG_DAT not used */
(struct sockaddr_in *) NULL, /* local addr not used */
(struct sockaddr_in *) NULL, /* foreign addr not used */
authopts
);
if (err > KSUCCESS && err < MAX_KRB_ERRORS) {
warning("krcmd: %s", krb_get_err_text(err));
return(-1);
}
if (err < 0)
return(-1);
return(sock);
}
int
krcmd_mutual(char **ahost, u_short rport, char *remuser, char *cmd, int *fd2p, char *realm, CREDENTIALS *cred, Key_schedule sched)
{
int sock, err;
KTEXT_ST ticket;
MSG_DAT msg_dat;
struct sockaddr_in laddr, faddr;
long authopts = KOPT_DO_MUTUAL;
err = kcmd(
&sock,
ahost,
rport,
NULL, /* locuser not used */
remuser,
cmd,
fd2p,
&ticket,
SERVICE_NAME,
realm,
cred, /* filled in */
sched, /* filled in */
&msg_dat, /* filled in */
&laddr, /* filled in */
&faddr, /* filled in */
authopts
);
if (err > KSUCCESS && err < MAX_KRB_ERRORS) {
warnx("krcmd_mutual: %s", krb_get_err_text(err));
return(-1);
}
if (err < 0)
return (-1);
return(sock);
}

1118
crypto/kerberosIV/appl/bsd/login.c
View File

File diff suppressed because it is too large Load Diff

264
crypto/kerberosIV/appl/bsd/login_access.c
View File

@ -1,264 +0,0 @@
/*
* This module implements a simple but effective form of login access
* control based on login names and on host (or domain) names, internet
* addresses (or network numbers), or on terminal line names in case of
* non-networked logins. Diagnostics are reported through syslog(3).
*
* Author: Wietse Venema, Eindhoven University of Technology, The Netherlands.
*/
#include "bsd_locl.h"
RCSID("$Id: login_access.c,v 1.19 1999/05/14 22:02:14 assar Exp $");
#ifdef LOGIN_ACCESS
/* Delimiters for fields and for lists of users, ttys or hosts. */
static char fs[] = ":"; /* field separator */
static char sep[] = ", \t"; /* list-element separator */
/* Constants to be used in assignments only, not in comparisons... */
#define YES 1
#define NO 0
/*
* A structure to bundle up all login-related information to keep the
* functional interfaces as generic as possible.
*/
struct login_info {
struct passwd *user;
char *from;
};
static int list_match(char *list, struct login_info *item,
int (*match_fn)(char *, struct login_info *));
static int user_match(char *tok, struct login_info *item);
static int from_match(char *tok, struct login_info *item);
static int string_match(char *tok, char *string);
/* login_access - match username/group and host/tty with access control file */
int login_access(struct passwd *user, char *from)
{
struct login_info item;
FILE *fp;
char line[BUFSIZ];
char *perm; /* becomes permission field */
char *users; /* becomes list of login names */
char *froms; /* becomes list of terminals or hosts */
int match = NO;
int end;
int lineno = 0; /* for diagnostics */
char *foo;
/*
* Bundle up the arguments to avoid unnecessary clumsiness lateron.
*/
item.user = user;
item.from = from;
/*
* Process the table one line at a time and stop at the first match.
* Blank lines and lines that begin with a '#' character are ignored.
* Non-comment lines are broken at the ':' character. All fields are
* mandatory. The first field should be a "+" or "-" character. A
* non-existing table means no access control.
*/
if ((fp = fopen(_PATH_LOGACCESS, "r")) != 0) {
while (!match && fgets(line, sizeof(line), fp)) {
lineno++;
if (line[end = strlen(line) - 1] != '\n') {
syslog(LOG_ERR, "%s: line %d: missing newline or line too long",
_PATH_LOGACCESS, lineno);
continue;
}
if (line[0] == '#')
continue; /* comment line */
while (end > 0 && isspace((unsigned char)line[end - 1]))
end--;
line[end] = 0; /* strip trailing whitespace */
if (line[0] == 0) /* skip blank lines */
continue;
foo = NULL;
if (!(perm = strtok_r(line, fs, &foo))
|| !(users = strtok_r(NULL, fs, &foo))
|| !(froms = strtok_r(NULL, fs, &foo))
|| strtok_r(NULL, fs, &foo)) {
syslog(LOG_ERR, "%s: line %d: bad field count",
_PATH_LOGACCESS,
lineno);
continue;
}
if (perm[0] != '+' && perm[0] != '-') {
syslog(LOG_ERR, "%s: line %d: bad first field",
_PATH_LOGACCESS,
lineno);
continue;
}
match = (list_match(froms, &item, from_match)
&& list_match(users, &item, user_match));
}
fclose(fp);
} else if (errno != ENOENT) {
syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS);
}
return (match == 0 || (line[0] == '+'));
}
/* list_match - match an item against a list of tokens with exceptions */
static int
list_match(char *list,
struct login_info *item,
int (*match_fn)(char *, struct login_info *))
{
char *tok;
int match = NO;
char *foo = NULL;
/*
* Process tokens one at a time. We have exhausted all possible matches
* when we reach an "EXCEPT" token or the end of the list. If we do find
* a match, look for an "EXCEPT" list and recurse to determine whether
* the match is affected by any exceptions.
*/
for (tok = strtok_r(list, sep, &foo);
tok != NULL;
tok = strtok_r(NULL, sep, &foo)) {
if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */
break;
if ((match = (*match_fn) (tok, item)) != 0) /* YES */
break;
}
/* Process exceptions to matches. */
if (match != NO) {
while ((tok = strtok_r(NULL, sep, &foo)) && strcasecmp(tok, "EXCEPT"))
/* VOID */ ;
if (tok == 0 || list_match(NULL, item, match_fn) == NO)
return (match);
}
return (NO);
}
/* myhostname - figure out local machine name */
static char *myhostname(void)
{
static char name[MAXHOSTNAMELEN + 1] = "";
if (name[0] == 0) {
gethostname(name, sizeof(name));
name[MAXHOSTNAMELEN] = 0;
}
return (name);
}
/* netgroup_match - match group against machine or user */
static int netgroup_match(char *group, char *machine, char *user)
{
#ifdef HAVE_YP_GET_DEFAULT_DOMAIN
static char *mydomain = 0;
if (mydomain == 0)
yp_get_default_domain(&mydomain);
return (innetgr(group, machine, user, mydomain));
#else
syslog(LOG_ERR, "NIS netgroup support not configured");
return 0;
#endif
}
/* user_match - match a username against one token */
static int user_match(char *tok, struct login_info *item)
{
char *string = item->user->pw_name;
struct login_info fake_item;
struct group *group;
int i;
char *at;
/*
* If a token has the magic value "ALL" the match always succeeds.
* Otherwise, return YES if the token fully matches the username, if the
* token is a group that contains the username, or if the token is the
* name of the user's primary group.
*/
if ((at = strchr(tok + 1, '@')) != 0) { /* split user@host pattern */
*at = 0;
fake_item.from = myhostname();
return (user_match(tok, item) && from_match(at + 1, &fake_item));
} else if (tok[0] == '@') { /* netgroup */
return (netgroup_match(tok + 1, (char *) 0, string));
} else if (string_match(tok, string)) { /* ALL or exact match */
return (YES);
} else if ((group = getgrnam(tok)) != 0) { /* try group membership */
if (item->user->pw_gid == group->gr_gid)
return (YES);
for (i = 0; group->gr_mem[i]; i++)
if (strcasecmp(string, group->gr_mem[i]) == 0)
return (YES);
}
return (NO);
}
/* from_match - match a host or tty against a list of tokens */
static int from_match(char *tok, struct login_info *item)
{
char *string = item->from;
int tok_len;
int str_len;
/*
* If a token has the magic value "ALL" the match always succeeds. Return
* YES if the token fully matches the string. If the token is a domain
* name, return YES if it matches the last fields of the string. If the
* token has the magic value "LOCAL", return YES if the string does not
* contain a "." character. If the token is a network number, return YES
* if it matches the head of the string.
*/
if (tok[0] == '@') { /* netgroup */
return (netgroup_match(tok + 1, string, (char *) 0));
} else if (string_match(tok, string)) { /* ALL or exact match */
return (YES);
} else if (tok[0] == '.') { /* domain: match last fields */
if ((str_len = strlen(string)) > (tok_len = strlen(tok))
&& strcasecmp(tok, string + str_len - tok_len) == 0)
return (YES);
} else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */
if (strchr(string, '.') == 0)
return (YES);
} else if (tok[(tok_len = strlen(tok)) - 1] == '.' /* network */
&& strncmp(tok, string, tok_len) == 0) {
return (YES);
}
return (NO);
}
/* string_match - match a string against one token */
static int string_match(char *tok, char *string)
{
/*
* If the token has the magic value "ALL" the match always succeeds.
* Otherwise, return YES if the token fully matches the string.
*/
if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */
return (YES);
} else if (strcasecmp(tok, string) == 0) { /* try exact match */
return (YES);
}
return (NO);
}
#endif /* LOGIN_ACCES */

154
crypto/kerberosIV/appl/bsd/login_fbtab.c
View File

@ -1,154 +0,0 @@
/************************************************************************
* Copyright 1995 by Wietse Venema. All rights reserved.
*
* This material was originally written and compiled by Wietse Venema at
* Eindhoven University of Technology, The Netherlands, in 1990, 1991,
* 1992, 1993, 1994 and 1995.
*
* Redistribution and use in source and binary forms are permitted
* provided that this entire copyright notice is duplicated in all such
* copies.
*
* This software is provided "as is" and without any expressed or implied
* warranties, including, without limitation, the implied warranties of
* merchantibility and fitness for any particular purpose.
************************************************************************/
/*
SYNOPSIS
void login_fbtab(tty, uid, gid)
char *tty;
uid_t uid;
gid_t gid;
DESCRIPTION
This module implements device security as described in the
SunOS 4.1.x fbtab(5) and SunOS 5.x logindevperm(4) manual
pages. The program first looks for /etc/fbtab. If that file
cannot be opened it attempts to process /etc/logindevperm.
We expect entries with the folowing format:
Comments start with a # and extend to the end of the line.
Blank lines or lines with only a comment are ignored.
All other lines consist of three fields delimited by
whitespace: a login device (/dev/console), an octal
permission number (0600), and a ":"-delimited list of
devices (/dev/kbd:/dev/mouse). All device names are
absolute paths. A path that ends in "/*" refers to all
directory entries except "." and "..".
If the tty argument (relative path) matches a login device
name (absolute path), the permissions of the devices in the
":"-delimited list are set as specified in the second
field, and their ownership is changed to that of the uid
and gid arguments.
DIAGNOSTICS
Problems are reported via the syslog daemon with severity
LOG_ERR.
BUGS
AUTHOR
Wietse Venema (wietse@wzv.win.tue.nl)
Eindhoven University of Technology
The Netherlands
*/
#include "bsd_locl.h"
RCSID("$Id: login_fbtab.c,v 1.14 1999/09/16 20:37:24 assar Exp $");
void login_protect (char *, char *, int, uid_t, gid_t);
void login_fbtab (char *tty, uid_t uid, gid_t gid);
#define WSPACE " \t\n"
/* login_fbtab - apply protections specified in /etc/fbtab or logindevperm */
void
login_fbtab(char *tty, uid_t uid, gid_t gid)
{
FILE *fp;
char buf[BUFSIZ];
char *devname;
char *cp;
int prot;
char *table;
char *foo;
if ((fp = fopen(table = _PATH_FBTAB, "r")) == 0
&& (fp = fopen(table = _PATH_LOGINDEVPERM, "r")) == 0)
return;
while (fgets(buf, sizeof(buf), fp)) {
if ((cp = strchr(buf, '#')) != 0)
*cp = 0; /* strip comment */
foo = NULL;
if ((cp = devname = strtok_r(buf, WSPACE, &foo)) == 0)
continue; /* empty or comment */
if (strncmp(devname, "/dev/", 5) != 0
|| (cp = strtok_r(NULL, WSPACE, &foo)) == 0
|| *cp != '0'
|| sscanf(cp, "%o", &prot) == 0
|| prot == 0
|| (prot & 0777) != prot
|| (cp = strtok_r(NULL, WSPACE, &foo)) == 0) {
syslog(LOG_ERR, "%s: bad entry: %s", table, cp ? cp : "(null)");
continue;
}
if (strcmp(devname + 5, tty) == 0) {
foo = NULL;
for (cp = strtok_r(cp, ":", &foo);
cp;
cp = strtok_r(NULL, ":", &foo)) {
login_protect(table, cp, prot, uid, gid);
}
}
}
fclose(fp);
}
/* login_protect - protect one device entry */
void
login_protect(char *table, char *path, int mask, uid_t uid, gid_t gid)
{
char buf[BUFSIZ];
int pathlen = strlen(path);
struct dirent *ent;
DIR *dir;
if (strcmp("/*", path + pathlen - 2) != 0) {
if (chmod(path, mask) && errno != ENOENT)
syslog(LOG_ERR, "%s: chmod(%s): %m", table, path);
if (chown(path, uid, gid) && errno != ENOENT)
syslog(LOG_ERR, "%s: chown(%s): %m", table, path);
} else {
strlcpy (buf, path, sizeof(buf));
if (sizeof(buf) > pathlen)
buf[pathlen - 2] = '\0';
/* Solaris evidently operates on the directory as well */
login_protect(table, buf, mask | ((mask & 0444) >> 2), uid, gid);
if ((dir = opendir(buf)) == 0) {
syslog(LOG_ERR, "%s: opendir(%s): %m", table, path);
} else {
if (sizeof(buf) > pathlen) {
buf[pathlen - 2] = '/';
buf[pathlen - 1] = '\0';
}
while ((ent = readdir(dir)) != 0) {
if (strcmp(ent->d_name, ".") != 0
&& strcmp(ent->d_name, "..") != 0) {
strlcpy (buf + pathlen - 1,
ent->d_name,
sizeof(buf) - (pathlen + 1));
login_protect(table, buf, mask, uid, gid);
}
}
closedir(dir);
}
}
}

79
crypto/kerberosIV/appl/bsd/osfc2.c
View File

@ -1,79 +0,0 @@
/*
* Copyright (c) 1998 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "bsd_locl.h"
RCSID("$Id: osfc2.c,v 1.2 1999/12/02 16:58:28 joda Exp $");
int
do_osfc2_magic(uid_t uid)
{
#ifdef HAVE_OSFC2
struct es_passwd *epw;
char *argv[2];
/* fake */
argv[0] = (char*)__progname;
argv[1] = NULL;
set_auth_parameters(1, argv);
epw = getespwuid(uid);
if(epw == NULL) {
syslog(LOG_AUTHPRIV|LOG_NOTICE,
"getespwuid failed for %d", uid);
printf("Sorry.\n");
return 1;
}
/* We don't check for auto-retired, foo-retired,
bar-retired, or any other kind of retired accounts
here; neither do we check for time-locked accounts, or
any other kind of serious C2 mumbo-jumbo. We do,
however, call setluid, since failing to do so it not
very good (take my word for it). */
if(!epw->uflg->fg_uid) {
syslog(LOG_AUTHPRIV|LOG_NOTICE,
"attempted login by %s (has no uid)", epw->ufld->fd_name);
printf("Sorry.\n");
return 1;
}
setluid(epw->ufld->fd_uid);
if(getluid() != epw->ufld->fd_uid) {
syslog(LOG_AUTHPRIV|LOG_NOTICE,
"failed to set LUID for %s (%d)",
epw->ufld->fd_name, epw->ufld->fd_uid);
printf("Sorry.\n");
return 1;
}
#endif /* HAVE_OSFC2 */
return 0;
}

1
crypto/kerberosIV/appl/bsd/pathnames.h
View File

@ -1 +0,0 @@
/* $FreeBSD$ */

201
crypto/kerberosIV/appl/bsd/pathnames.h_
View File

@ -1,201 +0,0 @@
/*
* Copyright (c) 1989 The Regents of the University of California.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* from: @(#)pathnames.h 5.2 (Berkeley) 4/9/90
* $Id: pathnames.h,v 1.25 1998/02/03 23:29:30 assar Exp $
* $FreeBSD$
*/
/******* First fix default path, we stick to _PATH_DEFPATH everywhere */
#if !defined(_PATH_DEFPATH) && defined(_PATH_USERPATH)
#define _PATH_DEFPATH _PATH_USERPATH
#endif
#if defined(_PATH_DEFPATH) && !defined(_DEF_PATH)
#define _DEF_PATH _PATH_DEFPATH
#endif
#if !defined(_PATH_DEFPATH) && defined(_DEF_PATH)
#define _PATH_DEFPATH _DEF_PATH
#endif
#ifndef _PATH_DEFPATH
#define _PATH_DEFPATH "/usr/ucb:/usr/bin:/bin"
#define _DEF_PATH _PATH_DEFPATH
#endif /* !_PATH_DEFPATH */
#ifndef _PATH_DEFSUPATH
#define _PATH_DEFSUPATH "/usr/sbin:" _DEF_PATH
#endif /* _PATH_DEFSUPATH */
/******* Default PATH fixed! */
#undef _PATH_RLOGIN /* Redifine rlogin */
#define _PATH_RLOGIN BINDIR "/rlogin"
#undef _PATH_RSH /* Redifine rsh */
#define _PATH_RSH BINDIR "/rsh"
#undef _PATH_RCP /* Redifine rcp */
#define _PATH_RCP BINDIR "/rcp"
#undef _PATH_LOGIN
#define _PATH_LOGIN BINDIR "/login"
/******* The rest is fallback defaults */
#ifndef _PATH_DEV
#define _PATH_DEV "/dev/"
#endif
#ifndef _PATH_CP
#define _PATH_CP "/bin/cp"
#endif /* _PATH_CP */
#ifndef _PATH_SHELLS
#define _PATH_SHELLS "/etc/shells"
#endif /* _PATH_SHELLS */
#ifndef _PATH_BSHELL
#define _PATH_BSHELL "/bin/sh"
#endif /* _PATH_BSHELL */
#ifndef _PATH_CSHELL
#define _PATH_CSHELL "/bin/csh"
#endif /* _PATH_CSHELL */
#ifndef _PATH_NOLOGIN
#define _PATH_NOLOGIN "/etc/nologin"
#endif /* _PATH_NOLOGIN */
#ifndef _PATH_TTY
#define _PATH_TTY "/dev/tty"
#endif /* _PATH_TTY */
#ifndef _PATH_HUSHLOGIN
#define _PATH_HUSHLOGIN ".hushlogin"
#endif /* _PATH_HUSHLOGIN */
#ifndef _PATH_NOMAILCHECK
#define _PATH_NOMAILCHECK ".nomailcheck"
#endif /* _PATH_NOMAILCHECK */
#ifndef _PATH_MOTDFILE
#define _PATH_MOTDFILE "/etc/motd"
#endif /* _PATH_MOTDFILE */
#ifndef _PATH_LOGACCESS
#define _PATH_LOGACCESS "/etc/login.access"
#endif /* _PATH_LOGACCESS */
#ifndef _PATH_HEQUIV
#define _PATH_HEQUIV "/etc/hosts.equiv"
#endif
#ifndef _PATH_FBTAB
#define _PATH_FBTAB "/etc/fbtab"
#endif /* _PATH_FBTAB */
#ifndef _PATH_LOGINDEVPERM
#define _PATH_LOGINDEVPERM "/etc/logindevperm"
#endif /* _PATH_LOGINDEVPERM */
#ifndef _PATH_CHPASS
#define _PATH_CHPASS "/usr/bin/passwd"
#endif /* _PATH_CHPASS */
#if defined(__hpux)
#define __FALLBACK_MAILDIR__ "/usr/mail"
#else
#define __FALLBACK_MAILDIR__ "/usr/spool/mail"
#endif
#ifndef KRB4_MAILDIR
#ifndef _PATH_MAILDIR
#ifdef MAILDIR
#define _PATH_MAILDIR MAILDIR
#else
#define _PATH_MAILDIR __FALLBACK_MAILDIR__
#endif
#endif /* _PATH_MAILDIR */
#define KRB4_MAILDIR _PATH_MAILDIR
#endif
#ifndef _PATH_LASTLOG
#define _PATH_LASTLOG "/var/adm/lastlog"
#endif
#if defined(UTMP_FILE) && !defined(_PATH_UTMP)
#define _PATH_UTMP UTMP_FILE
#endif
#ifndef _PATH_UTMP
#define _PATH_UTMP "/etc/utmp"
#endif
#if defined(WTMP_FILE) && !defined(_PATH_WTMP)
#define _PATH_WTMP WTMP_FILE
#endif
#ifndef _PATH_WTMP
#define _PATH_WTMP "/usr/adm/wtmp"
#endif
#ifndef _PATH_ETC_DEFAULT_LOGIN
#define _PATH_ETC_DEFAULT_LOGIN "/etc/default/login"
#endif
#ifndef _PATH_ETC_ENVIRONMENT
#define _PATH_ETC_ENVIRONMENT "/etc/environment"
#endif
#ifndef _PATH_ETC_SECURETTY
#define _PATH_ETC_SECURETTY "/etc/securetty"
#endif
/*
* NeXT KLUDGE ALERT!!!!!!!!!!!!!!!!!!
* Some sort of bug in the NEXTSTEP cpp.
*/
#ifdef NeXT
#undef _PATH_DEFSUPATH
#define _PATH_DEFSUPATH "/usr/sbin:/usr/ucb:/usr/bin:/bin"
#undef _PATH_RLOGIN
#define _PATH_RLOGIN "/usr/athena/bin/rlogin"
#undef _PATH_RSH
#define _PATH_RSH "/usr/athena/bin/rsh"
#undef _PATH_RCP
#define _PATH_RCP "/usr/athena/bin/rcp"
#undef _PATH_LOGIN
#define _PATH_LOGIN "/usr/athena/bin/login"
#endif

263
crypto/kerberosIV/appl/bsd/rcmd_util.c
View File

@ -1,263 +0,0 @@
/*
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "bsd_locl.h"
RCSID("$Id: rcmd_util.c,v 1.19.2.1 2000/06/23 02:34:48 assar Exp $");
int
get_login_port(int kerberos, int encryption)
{
char *service="login";
int port=htons(513);
if(kerberos && encryption){
service="eklogin";
port=htons(2105);
}
if(kerberos && !encryption){
service="klogin";
port=htons(543);
}
return k_getportbyname (service, "tcp", port);
}
int
get_shell_port(int kerberos, int encryption)
{
char *service="shell";
int port=htons(514);
if(kerberos && encryption){
service="ekshell";
port=htons(545);
}
if(kerberos && !encryption){
service="kshell";
port=htons(544);
}
return k_getportbyname (service, "tcp", port);
}
/*
* On reasonable systems, `cf[gs]et[io]speed' use values of bit/s
* directly, and the following functions are just identity functions.
* This is however a slower way of doing those
* should-be-but-are-not-always idenity functions.
*/
static struct { int speed; int bps; } conv[] = {
#ifdef B0
{B0, 0},
#endif
#ifdef B50
{B50, 50},
#endif
#ifdef B75
{B75, 75},
#endif
#ifdef B110
{B110, 110},
#endif
#ifdef B134
{B134, 134},
#endif
#ifdef B150
{B150, 150},
#endif
#ifdef B200
{B200, 200},
#endif
#ifdef B300
{B300, 300},
#endif
#ifdef B600
{B600, 600},
#endif
#ifdef B1200
{B1200, 1200},
#endif
#ifdef B1800
{B1800, 1800},
#endif
#ifdef B2400
{B2400, 2400},
#endif
#ifdef B4800
{B4800, 4800},
#endif
#ifdef B9600
{B9600, 9600},
#endif
#ifdef B19200
{B19200, 19200},
#endif
#ifdef EXTA
{EXTA, 19200},
#endif
#ifdef B38400
{B38400, 38400},
#endif
#ifdef EXTB
{EXTB, 38400},
#endif
#ifdef B57600
{B57600, 57600},
#endif
#ifdef B115200
{B115200, 115200},
#endif
#ifdef B153600
{B153600, 153600},
#endif
#ifdef B230400
{B230400, 230400},
#endif
#ifdef B307200
{B307200, 307200},
#endif
#ifdef B460800
{B460800, 460800},
#endif
};
#define N (sizeof(conv)/sizeof(*conv))
int
speed_t2int (speed_t s)
{
int l, r, m;
l = 0;
r = N - 1;
while(l <= r) {
m = (l + r) / 2;
if (conv[m].speed == s)
return conv[m].bps;
else if(conv[m].speed < s)
l = m + 1;
else
r = m - 1;
}
return -1;
}
/*
*
*/
speed_t
int2speed_t (int i)
{
int l, r, m;
l = 0;
r = N - 1;
while(l <= r) {
m = (l + r) / 2;
if (conv[m].bps == i)
return conv[m].speed;
else if(conv[m].bps < i)
l = m + 1;
else
r = m - 1;
}
return -1;
}
/*
* If there are any IP options on `sock', die.
*/
void
ip_options_and_die (int sock, struct sockaddr_in *fromp)
{
#if defined(IP_OPTIONS) && defined(HAVE_GETSOCKOPT)
u_char optbuf[BUFSIZ/3], *cp;
char lbuf[BUFSIZ], *lp;
int optsize = sizeof(optbuf), ipproto;
struct protoent *ip;
if ((ip = getprotobyname("ip")) != NULL)
ipproto = ip->p_proto;
else
ipproto = IPPROTO_IP;
if (getsockopt(sock, ipproto, IP_OPTIONS,
(void *)optbuf, &optsize) == 0 &&
optsize != 0) {
lp = lbuf;
for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3)
snprintf(lp, sizeof(lbuf) - (lp - lbuf), " %2.2x", *cp);
syslog(LOG_NOTICE,
"Connection received from %s using IP options (dead):%s",
inet_ntoa(fromp->sin_addr), lbuf);
exit(1);
}
#endif
}
void
warning(const char *fmt, ...)
{
char *rstar_no_warn = getenv("RSTAR_NO_WARN");
va_list args;
va_start(args, fmt);
if (rstar_no_warn == NULL)
rstar_no_warn = "";
if (strncmp(rstar_no_warn, "yes", 3) != 0) {
/* XXX */
fprintf(stderr, "%s: warning, using standard ", __progname);
vwarnx(fmt, args);
}
va_end(args);
}
/*
* setuid but work-around Linux 2.2.15 bug with setuid and capabilities
*/
void
paranoid_setuid (uid_t uid)
{
if (setuid (uid) < 0)
err (1, "setuid");
if (uid != 0 && setuid (0) == 0) {
syslog(LOG_ALERT | LOG_AUTH,
"Failed to drop privileges for uid %u", (unsigned)uid);
err (1, "setuid");
}
}

1047
crypto/kerberosIV/appl/bsd/rcp.c
View File

File diff suppressed because it is too large Load Diff

99
crypto/kerberosIV/appl/bsd/rcp_util.c
View File

@ -1,99 +0,0 @@
/*-
* Copyright (c) 1992, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "bsd_locl.h"
RCSID("$Id: rcp_util.c,v 1.8 1998/09/28 11:45:21 joda Exp $");
char *
colon(char *cp)
{
if (*cp == ':') /* Leading colon is part of file name. */
return (0);
for (; *cp; ++cp) {
if (*cp == ':')
return (cp);
if (*cp == '/')
return (0);
}
return (0);
}
int
okname(char *cp0)
{
int c;
char *cp;
cp = cp0;
do {
c = *cp;
if (c & 0200)
goto bad;
if (!isalpha(c) && !isdigit(c) && c != '_' && c != '-')
goto bad;
} while (*++cp);
return (1);
bad: warnx("%s: invalid user name", cp0);
return (0);
}
int
susystem(char *s, int userid)
{
RETSIGTYPE (*istat)(), (*qstat)();
int status;
pid_t pid;
pid = fork();
switch (pid) {
case -1:
return (127);
case 0:
if(do_osfc2_magic(userid))
exit(1);
setuid(userid);
execl(_PATH_BSHELL, "sh", "-c", s, NULL);
_exit(127);
}
istat = signal(SIGINT, SIG_IGN);
qstat = signal(SIGQUIT, SIG_IGN);
if (waitpid(pid, &status, 0) < 0)
status = -1;
signal(SIGINT, istat);
signal(SIGQUIT, qstat);
return (status);
}

711
crypto/kerberosIV/appl/bsd/rlogin.c
View File

@ -1,711 +0,0 @@
/*
* Copyright (c) 1983, 1990, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* rlogin - remote login
*/
#include "bsd_locl.h"
RCSID("$Id: rlogin.c,v 1.67.2.2 2000/10/10 12:54:26 assar Exp $");
CREDENTIALS cred;
Key_schedule schedule;
int use_kerberos = 1, doencrypt;
char dst_realm_buf[REALM_SZ], *dest_realm = NULL;
#ifndef CCEQ
#define c2uc(x) ((unsigned char) x)
#define CCEQ__(val, c) (c == val ? val != c2uc(_POSIX_VDISABLE) : 0)
#define CCEQ(val, c) CCEQ__(c2uc(val), c2uc(c))
#endif
int eight, rem;
struct termios deftty;
int noescape;
char escapechar = '~';
struct winsize winsize;
int parent, rcvcnt;
char rcvbuf[8 * 1024];
int child;
static void
echo(char c)
{
char *p;
char buf[8];
p = buf;
c &= 0177;
*p++ = escapechar;
if (c < ' ') {
*p++ = '^';
*p++ = c + '@';
} else if (c == 0177) {
*p++ = '^';
*p++ = '?';
} else
*p++ = c;
*p++ = '\r';
*p++ = '\n';
write(STDOUT_FILENO, buf, p - buf);
}
static void
mode(int f)
{
struct termios tty;
switch (f) {
case 0:
tcsetattr(0, TCSANOW, &deftty);
break;
case 1:
tcgetattr(0, &deftty);
tty = deftty;
/* This is loosely derived from sys/compat/tty_compat.c. */
tty.c_lflag &= ~(ECHO|ICANON|ISIG|IEXTEN);
tty.c_iflag &= ~ICRNL;
tty.c_oflag &= ~OPOST;
tty.c_cc[VMIN] = 1;
tty.c_cc[VTIME] = 0;
if (eight) {
tty.c_iflag &= IXOFF;
tty.c_cflag &= ~(CSIZE|PARENB);
tty.c_cflag |= CS8;
}
tcsetattr(0, TCSANOW, &tty);
break;
default:
return;
}
}
static void
done(int status)
{
int w, wstatus;
mode(0);
if (child > 0) {
/* make sure catch_child does not snap it up */
signal(SIGCHLD, SIG_DFL);
if (kill(child, SIGKILL) >= 0)
while ((w = wait(&wstatus)) > 0 && w != child);
}
exit(status);
}
static
RETSIGTYPE
catch_child(int foo)
{
int status;
int pid;
for (;;) {
pid = waitpid(-1, &status, WNOHANG|WUNTRACED);
if (pid == 0)
return;
/* if the child (reader) dies, just quit */
if (pid < 0 || (pid == child && !WIFSTOPPED(status)))
done(WTERMSIG(status) | WEXITSTATUS(status));
}
/* NOTREACHED */
}
/*
* There is a race in the SunOS5 rlogind. If the slave end has not yet
* been opened by the child when setting tty size the size is reset to
* zero when the child opens it. Therefore we send the window update
* twice.
*/
static int tty_kludge = 1;
/* Return the number of OOB bytes processed. */
static int
oob_real(void)
{
struct termios tty;
int atmark, n, out, rcvd;
char waste[BUFSIZ], mark;
out = O_RDWR;
rcvd = 0;
if (recv(rem, &mark, 1, MSG_OOB) < 0) {
return -1;
}
if (mark & TIOCPKT_WINDOW) {
/* Let server know about window size changes */
kill(parent, SIGUSR1);
} else if (tty_kludge) {
/* Let server know about window size changes */
kill(parent, SIGUSR1);
tty_kludge = 0;
}
if (!eight && (mark & TIOCPKT_NOSTOP)) {
tcgetattr(0, &tty);
tty.c_iflag &= ~IXON;
tcsetattr(0, TCSANOW, &tty);
}
if (!eight && (mark & TIOCPKT_DOSTOP)) {
tcgetattr(0, &tty);
tty.c_iflag |= (deftty.c_iflag & IXON);
tcsetattr(0, TCSANOW, &tty);
}
if (mark & TIOCPKT_FLUSHWRITE) {
#ifdef TCOFLUSH
tcflush(1, TCOFLUSH);
#else
ioctl(1, TIOCFLUSH, (char *)&out);
#endif
for (;;) {
if (ioctl(rem, SIOCATMARK, &atmark) < 0) {
warn("ioctl");
break;
}
if (atmark)
break;
n = read(rem, waste, sizeof (waste));
if (n <= 0)
break;
}
/*
* Don't want any pending data to be output, so clear the recv
* buffer. If we were hanging on a write when interrupted,
* don't want it to restart. If we were reading, restart
* anyway.
*/
rcvcnt = 0;
}
/* oob does not do FLUSHREAD (alas!) */
return 1;
}
/* reader: read from remote: line -> 1 */
static int
reader(void)
{
int n, remaining;
char *bufp;
int kludgep = 1;
bufp = rcvbuf;
for (;;) {
fd_set readfds, exceptfds;
while ((remaining = rcvcnt - (bufp - rcvbuf)) > 0) {
n = write(STDOUT_FILENO, bufp, remaining);
if (n < 0) {
if (errno != EINTR)
return (-1);
continue;
}
bufp += n;
}
bufp = rcvbuf;
rcvcnt = 0;
FD_ZERO (&readfds);
if (rem >= FD_SETSIZE)
errx (1, "fd too large");
FD_SET (rem, &readfds);
FD_ZERO (&exceptfds);
if (kludgep)
FD_SET (rem, &exceptfds);
if (select(rem+1, &readfds, 0, &exceptfds, 0) == -1) {
if (errno == EINTR)
continue; /* Got signal */
else
errx(1, "select failed mysteriously");
}
if (!FD_ISSET(rem, &exceptfds) && !FD_ISSET(rem, &readfds)) {
warnx("select: nothing to read?");
continue;
}
if (FD_ISSET(rem, &exceptfds)) {
int foo = oob_real ();
if (foo >= 1)
continue; /* First check if there is more OOB data. */
else if (foo < 0)
kludgep = 0;
}
if (!FD_ISSET(rem, &readfds))
continue; /* Nothing to read. */
kludgep = 1;
#ifndef NOENCRYPTION
if (doencrypt)
rcvcnt = des_enc_read(rem, rcvbuf,
sizeof(rcvbuf),
schedule, &cred.session);
else
#endif
rcvcnt = read(rem, rcvbuf, sizeof (rcvbuf));
if (rcvcnt == 0)
return (0);
if (rcvcnt < 0) {
if (errno == EINTR)
continue;
warn("read");
return (-1);
}
}
}
/*
* Send the window size to the server via the magic escape
*/
static void
sendwindow(void)
{
char obuf[4 + 4 * sizeof (u_int16_t)];
unsigned short *p;
p = (u_int16_t *)(obuf + 4);
obuf[0] = 0377;
obuf[1] = 0377;
obuf[2] = 's';
obuf[3] = 's';
*p++ = htons(winsize.ws_row);
*p++ = htons(winsize.ws_col);
#ifdef HAVE_WS_XPIXEL
*p++ = htons(winsize.ws_xpixel);
#else
*p++ = htons(0);
#endif
#ifdef HAVE_WS_YPIXEL
*p++ = htons(winsize.ws_ypixel);
#else
*p++ = htons(0);
#endif
#ifndef NOENCRYPTION
if(doencrypt)
des_enc_write(rem, obuf, sizeof(obuf), schedule,
&cred.session);
else
#endif
write(rem, obuf, sizeof(obuf));
}
static
RETSIGTYPE
sigwinch(int foo)
{
struct winsize ws;
if (get_window_size(0, &ws) == 0 &&
memcmp(&ws, &winsize, sizeof(ws))) {
winsize = ws;
sendwindow();
}
}
static void
stop(int all)
{
mode(0);
signal(SIGCHLD, SIG_IGN);
kill(all ? 0 : getpid(), SIGTSTP);
signal(SIGCHLD, catch_child);
mode(1);
#ifdef SIGWINCH
kill(SIGWINCH, getpid()); /* check for size changes, if caught */
#endif
}
/*
* writer: write to remote: 0 -> line.
* ~. terminate
* ~^Z suspend rlogin process.
* ~<delayed-suspend char> suspend rlogin process, but leave reader alone.
*/
static void
writer(void)
{
int bol, local, n;
char c;
bol = 1; /* beginning of line */
local = 0;
for (;;) {
n = read(STDIN_FILENO, &c, 1);
if (n <= 0) {
if (n < 0 && errno == EINTR)
continue;
break;
}
/*
* If we're at the beginning of the line and recognize a
* command character, then we echo locally. Otherwise,
* characters are echo'd remotely. If the command character
* is doubled, this acts as a force and local echo is
* suppressed.
*/
if (bol) {
bol = 0;
if (!noescape && c == escapechar) {
local = 1;
continue;
}
} else if (local) {
local = 0;
if (c == '.' || CCEQ(deftty.c_cc[VEOF], c)) {
echo(c);
break;
}
if (CCEQ(deftty.c_cc[VSUSP], c)) {
bol = 1;
echo(c);
stop(1);
continue;
}
#ifdef VDSUSP
/* Is VDSUSP called something else on Linux?
* Perhaps VDELAY is a better thing? */
if (CCEQ(deftty.c_cc[VDSUSP], c)) {
bol = 1;
echo(c);
stop(0);
continue;
}
#endif /* VDSUSP */
if (c != escapechar) {
#ifndef NOENCRYPTION
if (doencrypt)
des_enc_write(rem, &escapechar,1, schedule, &cred.session);
else
#endif
write(rem, &escapechar, 1);
}
}
if (doencrypt) {
#ifdef NOENCRYPTION
if (write(rem, &c, 1) == 0) {
#else
if (des_enc_write(rem, &c, 1, schedule, &cred.session) == 0) {
#endif
warnx("line gone");
break;
}
} else
if (write(rem, &c, 1) == 0) {
warnx("line gone");
break;
}
bol = CCEQ(deftty.c_cc[VKILL], c) ||
CCEQ(deftty.c_cc[VEOF], c) ||
CCEQ(deftty.c_cc[VINTR], c) ||
CCEQ(deftty.c_cc[VSUSP], c) ||
c == '\r' || c == '\n';
}
}
static
RETSIGTYPE
lostpeer(int foo)
{
signal(SIGPIPE, SIG_IGN);
warnx("\aconnection closed.\r");
done(1);
}
/*
* This is called in the parent when the reader process gets the
* out-of-band (urgent) request to turn on the window-changing
* protocol. It is signalled from the child(reader).
*/
static
RETSIGTYPE
sigusr1(int foo)
{
/*
* Now we now daemon supports winsize hack,
*/
sendwindow();
#ifdef SIGWINCH
signal(SIGWINCH, sigwinch); /* so we start to support it */
#endif
SIGRETURN(0);
}
static void
doit(void)
{
signal(SIGINT, SIG_IGN);
signal(SIGHUP, SIG_IGN);
signal(SIGQUIT, SIG_IGN);
signal(SIGCHLD, catch_child);
/*
* Child sends parent this signal for window size hack.
*/
signal(SIGUSR1, sigusr1);
signal(SIGPIPE, lostpeer);
mode(1);
parent = getpid();
child = fork();
if (child == -1) {
warn("fork");
done(1);
}
if (child == 0) {
signal(SIGCHLD, SIG_IGN);
signal(SIGTTOU, SIG_IGN);
if (reader() == 0)
errx(1, "connection closed.\r");
sleep(1);
errx(1, "\aconnection closed.\r");
}
writer();
warnx("closed connection.\r");
done(0);
}
static void
usage(void)
{
fprintf(stderr,
"usage: rlogin [ -%s]%s[-e char] [ -l username ] host\n",
"8DEKLdx", " [-k realm] ");
exit(1);
}
static u_int
getescape(char *p)
{
long val;
int len;
if ((len = strlen(p)) == 1) /* use any single char, including '\' */
return ((u_int)*p);
/* otherwise, \nnn */
if (*p == '\\' && len >= 2 && len <= 4) {
val = strtol(++p, NULL, 8);
for (;;) {
if (!*++p)
return ((u_int)val);
if (*p < '0' || *p > '8')
break;
}
}
warnx("illegal option value -- e");
usage();
return 0;
}
int
main(int argc, char **argv)
{
struct passwd *pw;
int sv_port, user_port = 0;
int argoff, ch, dflag, Dflag, one, uid;
char *host, *user, term[1024];
argoff = dflag = Dflag = 0;
one = 1;
host = user = NULL;
set_progname(argv[0]);
/* handle "rlogin host flags" */
if (argc > 2 && argv[1][0] != '-') {
host = argv[1];
argoff = 1;
}
#define OPTIONS "8DEKLde:k:l:xp:"
while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1)
switch(ch) {
case '8':
eight = 1;
break;
case 'D':
Dflag = 1;
break;
case 'E':
noescape = 1;
break;
case 'K':
use_kerberos = 0;
break;
case 'd':
dflag = 1;
break;
case 'e':
noescape = 0;
escapechar = getescape(optarg);
break;
case 'k':
dest_realm = dst_realm_buf;
strlcpy(dest_realm, optarg, REALM_SZ);
break;
case 'l':
user = optarg;
break;
case 'x':
doencrypt = 1;
break;
case 'p': {
char *endptr;
user_port = strtol (optarg, &endptr, 0);
if (user_port == 0 && optarg == endptr)
errx (1, "Bad port `%s'", optarg);
user_port = htons(user_port);
break;
}
case '?':
default:
usage();
}
optind += argoff;
/* if haven't gotten a host yet, do so */
if (!host && !(host = argv[optind++]))
usage();
if (argv[optind])
usage();
if (!(pw = k_getpwuid(uid = getuid())))
errx(1, "unknown user id.");
if (!user)
user = pw->pw_name;
if (user_port)
sv_port = user_port;
else
sv_port = get_login_port(use_kerberos, doencrypt);
{
char *p = getenv("TERM");
struct termios tty;
int i;
if (p == NULL)
p = "network";
if (tcgetattr(0, &tty) == 0
&& (i = speed_t2int (cfgetospeed(&tty))) > 0)
snprintf (term, sizeof(term),
"%s/%d",
p, i);
else
snprintf (term, sizeof(term),
"%s",
p);
}
get_window_size(0, &winsize);
if (use_kerberos) {
paranoid_setuid(getuid());
rem = KSUCCESS;
errno = 0;
if (dest_realm == NULL)
dest_realm = krb_realmofhost(host);
if (doencrypt)
rem = krcmd_mutual(&host, sv_port, user, term, 0,
dest_realm, &cred, schedule);
else
rem = krcmd(&host, sv_port, user, term, 0,
dest_realm);
if (rem < 0) {
int i;
char **newargv;
if (errno == ECONNREFUSED)
warning("remote host doesn't support Kerberos");
if (errno == ENOENT)
warning("can't provide Kerberos auth data");
newargv = malloc((argc + 2) * sizeof(*newargv));
if (newargv == NULL)
err(1, "malloc");
newargv[0] = argv[0];
newargv[1] = "-K";
for(i = 1; i < argc; ++i)
newargv[i + 1] = argv[i];
newargv[argc + 1] = NULL;
execv(_PATH_RLOGIN, newargv);
}
} else {
if (doencrypt)
errx(1, "the -x flag requires Kerberos authentication.");
if (geteuid() != 0)
errx(1, "not installed setuid root, "
"only root may use non kerberized rlogin");
rem = rcmd(&host, sv_port, pw->pw_name, user, term, 0);
}
if (rem < 0)
exit(1);
#ifdef HAVE_SETSOCKOPT
#ifdef SO_DEBUG
if (dflag &&
setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one,
sizeof(one)) < 0)
warn("setsockopt");
#endif
#ifdef TCP_NODELAY
if (Dflag &&
setsockopt(rem, IPPROTO_TCP, TCP_NODELAY, (void *)&one,
sizeof(one)) < 0)
warn("setsockopt(TCP_NODELAY)");
#endif
#ifdef IP_TOS
one = IPTOS_LOWDELAY;
if (setsockopt(rem, IPPROTO_IP, IP_TOS, (void *)&one, sizeof(int)) < 0)
warn("setsockopt(IP_TOS)");
#endif /* IP_TOS */
#endif /* HAVE_SETSOCKOPT */
paranoid_setuid(uid);
doit();
return 0;
}

970
crypto/kerberosIV/appl/bsd/rlogind.c
View File

@ -1,970 +0,0 @@
/*-
* Copyright (c) 1983, 1988, 1989, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* remote login server:
* \0
* remuser\0
* locuser\0
* terminal_type/speed\0
* data
*/
#include "bsd_locl.h"
RCSID("$Id: rlogind.c,v 1.109.2.2 2000/06/23 02:37:06 assar Exp $");
extern int __check_rhosts_file;
char *INSECURE_MESSAGE =
"\r\n*** Connection not encrypted! Communication may be eavesdropped. ***"
"\r\n*** Use telnet or rlogin -x instead! ***\r\n";
#ifndef NOENCRYPTION
char *SECURE_MESSAGE =
"This rlogin session is using DES encryption for all transmissions.\r\n";
#else
#define SECURE_MESSAGE INSECURE_MESSAGE
#endif
AUTH_DAT *kdata;
KTEXT ticket;
u_char auth_buf[sizeof(AUTH_DAT)];
u_char tick_buf[sizeof(KTEXT_ST)];
Key_schedule schedule;
int doencrypt, retval, use_kerberos, vacuous;
#define ARGSTR "Daip:lnkvxL:"
char *env[2];
#define NMAX 30
char lusername[NMAX+1], rusername[NMAX+1];
static char term[64] = "TERM=";
#define ENVSIZE (sizeof("TERM=")-1) /* skip null for concatenation */
int keepalive = 1;
int check_all = 0;
int no_delay = 0;
struct passwd *pwd;
static const char *new_login = _PATH_LOGIN;
static void doit (int, struct sockaddr_in *);
static int control (int, char *, int);
static void protocol (int, int);
static RETSIGTYPE cleanup (int);
void fatal (int, const char *, int);
static int do_rlogin (struct sockaddr_in *);
static void setup_term (int);
static int do_krb_login (struct sockaddr_in *);
static void usage (void);
static int
readstream(int p, char *ibuf, int bufsize)
{
#ifndef HAVE_GETMSG
return read(p, ibuf, bufsize);
#else
static int flowison = -1; /* current state of flow: -1 is unknown */
static struct strbuf strbufc, strbufd;
static unsigned char ctlbuf[BUFSIZ];
static int use_read = 1;
int flags = 0;
int ret;
struct termios tsp;
struct iocblk ip;
char vstop, vstart;
int ixon;
int newflow;
if (use_read)
{
ret = read(p, ibuf, bufsize);
if (ret < 0 && errno == EBADMSG)
use_read = 0;
else
return ret;
}
strbufc.maxlen = BUFSIZ;
strbufc.buf = (char *)ctlbuf;
strbufd.maxlen = bufsize-1;
strbufd.len = 0;
strbufd.buf = ibuf+1;
ibuf[0] = 0;
ret = getmsg(p, &strbufc, &strbufd, &flags);
if (ret < 0) /* error of some sort -- probably EAGAIN */
return(-1);
if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) {
/* data message */
if (strbufd.len > 0) { /* real data */
return(strbufd.len + 1); /* count header char */
} else {
/* nothing there */
errno = EAGAIN;
return(-1);
}
}
/*
* It's a control message. Return 1, to look at the flag we set
*/
switch (ctlbuf[0]) {
case M_FLUSH:
if (ibuf[1] & FLUSHW)
ibuf[0] = TIOCPKT_FLUSHWRITE;
return(1);
case M_IOCTL:
memcpy(&ip, (ibuf+1), sizeof(ip));
switch (ip.ioc_cmd) {
#ifdef TCSETS
case TCSETS:
case TCSETSW:
case TCSETSF:
memcpy(&tsp,
(ibuf+1 + sizeof(struct iocblk)),
sizeof(tsp));
vstop = tsp.c_cc[VSTOP];
vstart = tsp.c_cc[VSTART];
ixon = tsp.c_iflag & IXON;
break;
#endif
default:
errno = EAGAIN;
return(-1);
}
newflow = (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0;
if (newflow != flowison) { /* it's a change */
flowison = newflow;
ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP;
return(1);
}
}
/* nothing worth doing anything about */
errno = EAGAIN;
return(-1);
#endif
}
#ifdef HAVE_UTMPX_H
static int
rlogind_logout(const char *line)
{
struct utmpx utmpx, *utxp;
int ret = 1;
setutxent ();
memset(&utmpx, 0, sizeof(utmpx));
utmpx.ut_type = USER_PROCESS;
strncpy(utmpx.ut_line, line, sizeof(utmpx.ut_line));
utxp = getutxline(&utmpx);
if (utxp) {
utxp->ut_user[0] = '\0';
utxp->ut_type = DEAD_PROCESS;
#ifdef HAVE_STRUCT_UTMPX_UT_EXIT
#ifdef _STRUCT___EXIT_STATUS
utxp->ut_exit.__e_termination = 0;
utxp->ut_exit.__e_exit = 0;
#elif defined(__osf__) /* XXX */
utxp->ut_exit.ut_termination = 0;
utxp->ut_exit.ut_exit = 0;
#else
utxp->ut_exit.e_termination = 0;
utxp->ut_exit.e_exit = 0;
#endif
#endif
gettimeofday(&utxp->ut_tv, NULL);
pututxline(utxp);
#ifdef WTMPX_FILE
updwtmpx(WTMPX_FILE, utxp);
#else
ret = 0;
#endif
}
endutxent();
return ret;
}
#else
static int
rlogind_logout(const char *line)
{
FILE *fp;
struct utmp ut;
int rval;
if (!(fp = fopen(_PATH_UTMP, "r+")))
return(0);
rval = 1;
while (fread(&ut, sizeof(struct utmp), 1, fp) == 1) {
if (!ut.ut_name[0] ||
strncmp(ut.ut_line, line, sizeof(ut.ut_line)))
continue;
memset(ut.ut_name, 0, sizeof(ut.ut_name));
#ifdef HAVE_STRUCT_UTMP_UT_HOST
memset(ut.ut_host, 0, sizeof(ut.ut_host));
#endif
#ifdef HAVE_STRUCT_UTMP_UT_TYPE
ut.ut_type = DEAD_PROCESS;
#endif
#ifdef HAVE_STRUCT_UTMP_UT_EXIT
#ifdef _STRUCT___EXIT_STATUS
ut.ut_exit.__e_termination = 0;
ut.ut_exit.__e_exit = 0;
#elif defined(__osf__) /* XXX */
ut.ut_exit.ut_termination = 0;
ut.ut_exit.ut_exit = 0;
#else
ut.ut_exit.e_termination = 0;
ut.ut_exit.e_exit = 0;
#endif
#endif
ut.ut_time = time(NULL);
fseek(fp, (long)-sizeof(struct utmp), SEEK_CUR);
fwrite(&ut, sizeof(struct utmp), 1, fp);
fseek(fp, (long)0, SEEK_CUR);
rval = 0;
}
fclose(fp);
return(rval);
}
#endif
#ifndef HAVE_LOGWTMP
static void
logwtmp(const char *line, const char *name, const char *host)
{
struct utmp ut;
struct stat buf;
int fd;
memset (&ut, 0, sizeof(ut));
if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) < 0)
return;
if (!fstat(fd, &buf)) {
strncpy(ut.ut_line, line, sizeof(ut.ut_line));
strncpy(ut.ut_name, name, sizeof(ut.ut_name));
#ifdef HAVE_STRUCT_UTMP_UT_ID
strncpy(ut.ut_id, make_id((char *)line), sizeof(ut.ut_id));
#endif
#ifdef HAVE_STRUCT_UTMP_UT_HOST
strncpy(ut.ut_host, host, sizeof(ut.ut_host));
#endif
#ifdef HAVE_STRUCT_UTMP_UT_PID
ut.ut_pid = getpid();
#endif
#ifdef HAVE_STRUCT_UTMP_UT_TYPE
if(name[0])
ut.ut_type = USER_PROCESS;
else
ut.ut_type = DEAD_PROCESS;
#endif
ut.ut_time = time(NULL);
if (write(fd, &ut, sizeof(struct utmp)) !=
sizeof(struct utmp))
ftruncate(fd, buf.st_size);
}
close(fd);
}
#endif
int
main(int argc, char **argv)
{
struct sockaddr_in from;
int ch, fromlen, on;
int interactive = 0;
int portnum = 0;
set_progname(argv[0]);
openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH);
opterr = 0;
while ((ch = getopt(argc, argv, ARGSTR)) != -1)
switch (ch) {
case 'D':
no_delay = 1;
break;
case 'a':
break;
case 'i':
interactive = 1;
break;
case 'p':
portnum = htons(atoi(optarg));
break;
case 'l':
__check_rhosts_file = 0;
break;
case 'n':
keepalive = 0;
break;
case 'k':
use_kerberos = 1;
break;
case 'v':
vacuous = 1;
break;
case 'x':
doencrypt = 1;
break;
case 'L':
new_login = optarg;
break;
case '?':
default:
usage();
break;
}
argc -= optind;
argv += optind;
if (use_kerberos && vacuous) {
usage();
fatal(STDERR_FILENO, "only one of -k and -v allowed", 0);
}
if (interactive) {
if(portnum == 0)
portnum = get_login_port (use_kerberos, doencrypt);
mini_inetd (portnum);
}
fromlen = sizeof (from);
if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
syslog(LOG_ERR,"Can't get peer name of remote host: %m");
fatal(STDERR_FILENO, "Can't get peer name of remote host", 1);
}
on = 1;
#ifdef HAVE_SETSOCKOPT
#ifdef SO_KEEPALIVE
if (keepalive &&
setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
sizeof (on)) < 0)
syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
#endif
#ifdef TCP_NODELAY
if (no_delay &&
setsockopt(0, IPPROTO_TCP, TCP_NODELAY, (void *)&on,
sizeof(on)) < 0)
syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m");
#endif
#ifdef IP_TOS
on = IPTOS_LOWDELAY;
if (setsockopt(0, IPPROTO_IP, IP_TOS, (void *)&on, sizeof(int)) < 0)
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
#endif
#endif /* HAVE_SETSOCKOPT */
doit(0, &from);
return 0;
}
int child;
int netf;
char line[MaxPathLen];
int confirmed;
struct winsize win = { 0, 0, 0, 0 };
static void
doit(int f, struct sockaddr_in *fromp)
{
int master, pid, on = 1;
int authenticated = 0;
char hostname[2 * MaxHostNameLen + 1];
char c;
alarm(60);
read(f, &c, 1);
if (c != 0)
exit(1);
if (vacuous)
fatal(f, "Remote host requires Kerberos authentication", 0);
alarm(0);
inaddr2str (fromp->sin_addr, hostname, sizeof(hostname));
if (use_kerberos) {
retval = do_krb_login(fromp);
if (retval == 0)
authenticated++;
else if (retval > 0)
fatal(f, krb_get_err_text(retval), 0);
write(f, &c, 1);
confirmed = 1; /* we sent the null! */
} else {
fromp->sin_port = ntohs((u_short)fromp->sin_port);
if (fromp->sin_family != AF_INET ||
fromp->sin_port >= IPPORT_RESERVED ||
fromp->sin_port < IPPORT_RESERVED/2) {
syslog(LOG_NOTICE, "Connection from %s on illegal port",
inet_ntoa(fromp->sin_addr));
fatal(f, "Permission denied", 0);
}
ip_options_and_die (0, fromp);
if (do_rlogin(fromp) == 0)
authenticated++;
}
if (confirmed == 0) {
write(f, "", 1);
confirmed = 1; /* we sent the null! */
}
#ifndef NOENCRYPTION
if (doencrypt)
des_enc_write(f, SECURE_MESSAGE,
strlen(SECURE_MESSAGE),
schedule, &kdata->session);
else
#endif
write(f, INSECURE_MESSAGE, strlen(INSECURE_MESSAGE));
netf = f;
#ifdef HAVE_FORKPTY
pid = forkpty(&master, line, NULL, NULL);
#else
pid = forkpty_truncate(&master, line, sizeof(line), NULL, NULL);
#endif
if (pid < 0) {
if (errno == ENOENT)
fatal(f, "Out of ptys", 0);
else
fatal(f, "Forkpty", 1);
}
if (pid == 0) {
if (f > 2) /* f should always be 0, but... */
close(f);
setup_term(0);
if (lusername[0] == '-'){
syslog(LOG_ERR, "tried to pass user \"%s\" to login",
lusername);
fatal(STDERR_FILENO, "invalid user", 0);
}
if (authenticated) {
if (use_kerberos && (pwd->pw_uid == 0))
syslog(LOG_INFO|LOG_AUTH,
"ROOT Kerberos login from %s on %s\n",
krb_unparse_name_long(kdata->pname,
kdata->pinst,
kdata->prealm),
hostname);
execl(new_login, "login", "-p",
"-h", hostname, "-f", "--", lusername, 0);
} else if (use_kerberos) {
fprintf(stderr, "User `%s' is not authorized to login as `%s'!\n",
krb_unparse_name_long(kdata->pname,
kdata->pinst,
kdata->prealm),
lusername);
exit(1);
} else
execl(new_login, "login", "-p",
"-h", hostname, "--", lusername, 0);
fatal(STDERR_FILENO, new_login, 1);
/*NOTREACHED*/
}
/*
* If encrypted, don't turn on NBIO or the des read/write
* routines will croak.
*/
if (!doencrypt)
ioctl(f, FIONBIO, &on);
ioctl(master, FIONBIO, &on);
ioctl(master, TIOCPKT, &on);
#ifdef SIGTSTP
signal(SIGTSTP, SIG_IGN);
#endif
signal(SIGCHLD, cleanup);
setsid();
protocol(f, master);
signal(SIGCHLD, SIG_IGN);
cleanup(0);
}
const char magic[2] = { 0377, 0377 };
/*
* Handle a "control" request (signaled by magic being present)
* in the data stream. For now, we are only willing to handle
* window size changes.
*/
static int
control(int master, char *cp, int n)
{
struct winsize w;
char *p;
u_int32_t tmp;
if (n < 4 + 4 * sizeof (u_int16_t) || cp[2] != 's' || cp[3] != 's')
return (0);
#ifdef TIOCSWINSZ
p = cp + 4;
p += krb_get_int(p, &tmp, 2, 0);
w.ws_row = tmp;
p += krb_get_int(p, &tmp, 2, 0);
w.ws_col = tmp;
p += krb_get_int(p, &tmp, 2, 0);
#ifdef HAVE_WS_XPIXEL
w.ws_xpixel = tmp;
#endif
p += krb_get_int(p, &tmp, 2, 0);
#ifdef HAVE_WS_YPIXEL
w.ws_ypixel = tmp;
#endif
ioctl(master, TIOCSWINSZ, &w);
#endif
return p - cp;
}
static
void
send_oob(int fd, char c)
{
static char last_oob = 0xFF;
#if (SunOS >= 50) || defined(__hpux)
/*
* PSoriasis and HP-UX always send TIOCPKT_DOSTOP at startup so we
* can avoid sending OOB data and thus not break on Linux by merging
* TIOCPKT_DOSTOP into the first TIOCPKT_WINDOW.
*/
static int oob_kludge = 2;
if (oob_kludge == 2)
{
oob_kludge--; /* First time send nothing */
return;
}
else if (oob_kludge == 1)
{
oob_kludge--; /* Second time merge TIOCPKT_WINDOW */
c |= TIOCPKT_WINDOW;
}
#endif
#define pkcontrol(c) ((c)&(TIOCPKT_FLUSHWRITE|TIOCPKT_NOSTOP|TIOCPKT_DOSTOP))
c = pkcontrol(c);
/* Multiple OOB data breaks on Linux, avoid it when possible. */
if (c != last_oob)
send(fd, &c, 1, MSG_OOB);
last_oob = c;
}
/*
* rlogin "protocol" machine.
*/
static void
protocol(int f, int master)
{
char pibuf[1024+1], fibuf[1024], *pbp, *fbp;
int pcc = 0, fcc = 0;
int cc, nfd, n;
char cntl;
unsigned char oob_queue = 0;
#ifdef SIGTTOU
/*
* Must ignore SIGTTOU, otherwise we'll stop
* when we try and set slave pty's window shape
* (our controlling tty is the master pty).
*/
signal(SIGTTOU, SIG_IGN);
#endif
send_oob(f, TIOCPKT_WINDOW); /* indicate new rlogin */
if (f > master)
nfd = f + 1;
else
nfd = master + 1;
if (nfd > FD_SETSIZE) {
syslog(LOG_ERR, "select mask too small, increase FD_SETSIZE");
fatal(f, "internal error (select mask too small)", 0);
}
for (;;) {
fd_set ibits, obits, ebits, *omask;
FD_ZERO(&ebits);
FD_ZERO(&ibits);
FD_ZERO(&obits);
omask = (fd_set *)NULL;
if (fcc) {
FD_SET(master, &obits);
omask = &obits;
} else
FD_SET(f, &ibits);
if (pcc >= 0) {
if (pcc) {
FD_SET(f, &obits);
omask = &obits;
} else
FD_SET(master, &ibits);
}
FD_SET(master, &ebits);
if ((n = select(nfd, &ibits, omask, &ebits, 0)) < 0) {
if (errno == EINTR)
continue;
fatal(f, "select", 1);
}
if (n == 0) {
/* shouldn't happen... */
sleep(5);
continue;
}
if (FD_ISSET(master, &ebits)) {
cc = readstream(master, &cntl, 1);
if (cc == 1 && pkcontrol(cntl)) {
#if 0 /* Kludge around */
send_oob(f, cntl);
#endif
oob_queue = cntl;
if (cntl & TIOCPKT_FLUSHWRITE) {
pcc = 0;
FD_CLR(master, &ibits);
}
}
}
if (FD_ISSET(f, &ibits)) {
#ifndef NOENCRYPTION
if (doencrypt)
fcc = des_enc_read(f, fibuf,
sizeof(fibuf),
schedule, &kdata->session);
else
#endif
fcc = read(f, fibuf, sizeof(fibuf));
if (fcc < 0 && errno == EWOULDBLOCK)
fcc = 0;
else {
char *cp;
int left, n;
if (fcc <= 0)
break;
fbp = fibuf;
top:
for (cp = fibuf; cp < fibuf+fcc-1; cp++)
if (cp[0] == magic[0] &&
cp[1] == magic[1]) {
left = fcc - (cp-fibuf);
n = control(master, cp, left);
if (n) {
left -= n;
if (left > 0)
memmove(cp, cp+n, left);
fcc -= n;
goto top; /* n^2 */
}
}
FD_SET(master, &obits); /* try write */
}
}
if (FD_ISSET(master, &obits) && fcc > 0) {
cc = write(master, fbp, fcc);
if (cc > 0) {
fcc -= cc;
fbp += cc;
}
}
if (FD_ISSET(master, &ibits)) {
pcc = readstream(master, pibuf, sizeof (pibuf));
pbp = pibuf;
if (pcc < 0 && errno == EWOULDBLOCK)
pcc = 0;
else if (pcc <= 0)
break;
else if (pibuf[0] == 0) {
pbp++, pcc--;
if (!doencrypt)
FD_SET(f, &obits); /* try write */
} else {
if (pkcontrol(pibuf[0])) {
oob_queue = pibuf[0];
#if 0 /* Kludge around */
send_oob(f, pibuf[0]);
#endif
}
pcc = 0;
}
}
if ((FD_ISSET(f, &obits)) && pcc > 0) {
#ifndef NOENCRYPTION
if (doencrypt)
cc = des_enc_write(f, pbp, pcc, schedule, &kdata->session);
else
#endif
cc = write(f, pbp, pcc);
if (cc < 0 && errno == EWOULDBLOCK) {
/*
* This happens when we try write after read
* from p, but some old kernels balk at large
* writes even when select returns true.
*/
if (!FD_ISSET(master, &ibits))
sleep(5);
continue;
}
if (cc > 0) {
pcc -= cc;
pbp += cc;
/* Only send urg data when normal data
* has just been sent.
* Linux has deep problems with more
* than one byte of OOB data.
*/
if (oob_queue) {
send_oob (f, oob_queue);
oob_queue = 0;
}
}
}
}
}
static RETSIGTYPE
cleanup(int signo)
{
char *p = clean_ttyname (line);
if (rlogind_logout(p) == 0)
logwtmp(p, "", "");
chmod(line, 0666);
chown(line, 0, 0);
*p = 'p';
chmod(line, 0666);
chown(line, 0, 0);
shutdown(netf, 2);
signal(SIGHUP, SIG_IGN);
#ifdef HAVE_VHANGUP
vhangup();
#endif /* HAVE_VHANGUP */
exit(1);
}
void
fatal(int f, const char *msg, int syserr)
{
int len;
char buf[BUFSIZ], *bp = buf;
/*
* Prepend binary one to message if we haven't sent
* the magic null as confirmation.
*/
if (!confirmed)
*bp++ = '\01'; /* error indicator */
if (syserr)
snprintf(bp, sizeof(buf) - (bp - buf),
"rlogind: %s: %s.\r\n",
msg, strerror(errno));
else
snprintf(bp, sizeof(buf) - (bp - buf),
"rlogind: %s.\r\n", msg);
len = strlen(bp);
#ifndef NOENCRYPTION
if (doencrypt)
des_enc_write(f, buf, bp + len - buf, schedule, &kdata->session);
else
#endif
write(f, buf, bp + len - buf);
exit(1);
}
static void
xgetstr(char *buf, int cnt, char *errmsg)
{
char c;
do {
if (read(0, &c, 1) != 1)
exit(1);
if (--cnt < 0)
fatal(STDOUT_FILENO, errmsg, 0);
*buf++ = c;
} while (c != 0);
}
static int
do_rlogin(struct sockaddr_in *dest)
{
xgetstr(rusername, sizeof(rusername), "remuser too long");
xgetstr(lusername, sizeof(lusername), "locuser too long");
xgetstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long");
pwd = k_getpwnam(lusername);
if (pwd == NULL)
return (-1);
if (pwd->pw_uid == 0 && strcmp("root", lusername) != 0)
{
syslog(LOG_ALERT, "NIS attack, user %s has uid 0", lusername);
return (-1);
}
return (iruserok(dest->sin_addr.s_addr,
(pwd->pw_uid == 0),
rusername,
lusername));
}
static void
setup_term(int fd)
{
char *cp = strchr(term+ENVSIZE, '/');
char *speed;
struct termios tt;
tcgetattr(fd, &tt);
if (cp) {
int s;
*cp++ = '\0';
speed = cp;
cp = strchr(speed, '/');
if (cp)
*cp++ = '\0';
s = int2speed_t (atoi (speed));
if (s > 0) {
cfsetospeed (&tt, s);
cfsetispeed (&tt, s);
}
}
tt.c_iflag &= ~INPCK;
tt.c_iflag |= ICRNL|IXON;
tt.c_oflag |= OPOST|ONLCR;
#ifdef TAB3
tt.c_oflag |= TAB3;
#endif /* TAB3 */
#ifdef ONLRET
tt.c_oflag &= ~ONLRET;
#endif /* ONLRET */
tt.c_lflag |= (ECHO|ECHOE|ECHOK|ISIG|ICANON);
tt.c_cflag &= ~PARENB;
tt.c_cflag |= CS8;
tt.c_cc[VMIN] = 1;
tt.c_cc[VTIME] = 0;
tt.c_cc[VEOF] = CEOF;
tcsetattr(fd, TCSAFLUSH, &tt);
env[0] = term;
env[1] = 0;
environ = env;
}
#define VERSION_SIZE 9
/*
* Do the remote kerberos login to the named host with the
* given inet address
*
* Return 0 on valid authorization
* Return -1 on valid authentication, no authorization
* Return >0 for error conditions
*/
static int
do_krb_login(struct sockaddr_in *dest)
{
int rc;
char instance[INST_SZ], version[VERSION_SIZE];
long authopts = 0L; /* !mutual */
struct sockaddr_in faddr;
kdata = (AUTH_DAT *) auth_buf;
ticket = (KTEXT) tick_buf;
k_getsockinst(0, instance, sizeof(instance));
if (doencrypt) {
rc = sizeof(faddr);
if (getsockname(0, (struct sockaddr *)&faddr, &rc))
return (-1);
authopts = KOPT_DO_MUTUAL;
rc = krb_recvauth(
authopts, 0,
ticket, "rcmd",
instance, dest, &faddr,
kdata, "", schedule, version);
des_set_key(&kdata->session, schedule);
} else
rc = krb_recvauth(
authopts, 0,
ticket, "rcmd",
instance, dest, (struct sockaddr_in *) 0,
kdata, "", 0, version);
if (rc != KSUCCESS)
return (rc);
xgetstr(lusername, sizeof(lusername), "locuser");
/* get the "cmd" in the rcmd protocol */
xgetstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type");
pwd = k_getpwnam(lusername);
if (pwd == NULL)
return (-1);
if (pwd->pw_uid == 0 && strcmp("root", lusername) != 0)
{
syslog(LOG_ALERT, "NIS attack, user %s has uid 0", lusername);
return (-1);
}
/* returns nonzero for no access */
if (kuserok(kdata, lusername) != 0)
return (-1);
return (0);
}
static void
usage(void)
{
syslog(LOG_ERR,
"usage: rlogind [-Dailn] [-p port] [-x] [-L login] [-k | -v]");
exit(1);
}

384
crypto/kerberosIV/appl/bsd/rsh.c
View File

@ -1,384 +0,0 @@
/*-
* Copyright (c) 1983, 1990 The Regents of the University of California.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "bsd_locl.h"
RCSID("$Id: rsh.c,v 1.43.2.2 2000/10/10 12:53:50 assar Exp $");
CREDENTIALS cred;
Key_schedule schedule;
int use_kerberos = 1, doencrypt;
char dst_realm_buf[REALM_SZ], *dest_realm;
/*
* rsh - remote shell
*/
int rfd2;
static void
usage(void)
{
fprintf(stderr,
"usage: rsh [-ndKx] [-k realm] [-p port] [-l login] host [command]\n");
exit(1);
}
static char *
copyargs(char **argv)
{
int cc;
char **ap, *p;
char *args;
cc = 0;
for (ap = argv; *ap; ++ap)
cc += strlen(*ap) + 1;
args = malloc(cc);
if (args == NULL)
errx(1, "Out of memory.");
for (p = args, ap = argv; *ap; ++ap) {
strcpy(p, *ap);
while(*p)
++p;
if (ap[1])
*p++ = ' ';
}
return(args);
}
static RETSIGTYPE
sendsig(int signo_)
{
char signo = signo_;
#ifndef NOENCRYPTION
if (doencrypt)
des_enc_write(rfd2, &signo, 1, schedule, &cred.session);
else
#endif
write(rfd2, &signo, 1);
}
static void
talk(int nflag, sigset_t omask, int pid, int rem)
{
int cc, wc;
char *bp;
fd_set readfrom, ready, rembits;
char buf[DES_RW_MAXWRITE];
if (pid == 0) {
if (nflag)
goto done;
close(rfd2);
reread: errno = 0;
if ((cc = read(0, buf, sizeof buf)) <= 0)
goto done;
bp = buf;
rewrite:
FD_ZERO(&rembits);
if (rem >= FD_SETSIZE)
errx(1, "fd too large");
FD_SET(rem, &rembits);
if (select(rem + 1, 0, &rembits, 0, 0) < 0) {
if (errno != EINTR)
err(1, "select");
goto rewrite;
}
if (!FD_ISSET(rem, &rembits))
goto rewrite;
#ifndef NOENCRYPTION
if (doencrypt)
wc = des_enc_write(rem, bp, cc, schedule, &cred.session);
else
#endif
wc = write(rem, bp, cc);
if (wc < 0) {
if (errno == EWOULDBLOCK)
goto rewrite;
goto done;
}
bp += wc;
cc -= wc;
if (cc == 0)
goto reread;
goto rewrite;
done:
shutdown(rem, 1);
exit(0);
}
if (sigprocmask(SIG_SETMASK, &omask, 0) != 0)
warn("sigprocmask");
FD_ZERO(&readfrom);
if (rem >= FD_SETSIZE || rfd2 >= FD_SETSIZE)
errx(1, "fd too large");
FD_SET(rem, &readfrom);
FD_SET(rfd2, &readfrom);
do {
ready = readfrom;
if (select(max(rem,rfd2)+1, &ready, 0, 0, 0) < 0) {
if (errno != EINTR)
err(1, "select");
continue;
}
if (FD_ISSET(rfd2, &ready)) {
errno = 0;
#ifndef NOENCRYPTION
if (doencrypt)
cc = des_enc_read(rfd2, buf, sizeof buf,
schedule, &cred.session);
else
#endif
cc = read(rfd2, buf, sizeof buf);
if (cc <= 0) {
if (errno != EWOULDBLOCK)
FD_CLR(rfd2, &readfrom);
} else
write(2, buf, cc);
}
if (FD_ISSET(rem, &ready)) {
errno = 0;
#ifndef NOENCRYPTION
if (doencrypt)
cc = des_enc_read(rem, buf, sizeof buf,
schedule, &cred.session);
else
#endif
cc = read(rem, buf, sizeof buf);
if (cc <= 0) {
if (errno != EWOULDBLOCK)
FD_CLR(rem, &readfrom);
} else
write(1, buf, cc);
}
} while (FD_ISSET(rfd2, &readfrom) || FD_ISSET(rem, &readfrom));
}
int
main(int argc, char **argv)
{
struct passwd *pw;
int sv_port, user_port = 0;
sigset_t omask;
int argoff, ch, dflag, nflag, nfork, one, pid, rem, uid;
char *args, *host, *user, *local_user;
argoff = dflag = nflag = nfork = 0;
one = 1;
host = user = NULL;
pid = 1;
set_progname(argv[0]);
/* handle "rsh host flags" */
if (argc > 2 && argv[1][0] != '-') {
host = argv[1];
argoff = 1;
}
#define OPTIONS "+8KLde:k:l:np:wx"
while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != -1)
switch(ch) {
case 'K':
use_kerberos = 0;
break;
case 'L': /* -8Lew are ignored to allow rlogin aliases */
case 'e':
case 'w':
case '8':
break;
case 'd':
dflag = 1;
break;
case 'l':
user = optarg;
break;
case 'k':
dest_realm = dst_realm_buf;
strlcpy(dest_realm, optarg, REALM_SZ);
break;
case 'n':
nflag = nfork = 1;
break;
case 'x':
doencrypt = 1;
break;
case 'p': {
char *endptr;
user_port = strtol (optarg, &endptr, 0);
if (user_port == 0 && optarg == endptr)
errx (1, "Bad port `%s'", optarg);
user_port = htons(user_port);
break;
}
case '?':
default:
usage();
}
optind += argoff;
/* if haven't gotten a host yet, do so */
if (!host && !(host = argv[optind++]))
usage();
/* if no further arguments, must have been called as rlogin. */
if (!argv[optind]) {
*argv = "rlogin";
paranoid_setuid (getuid ());
execv(_PATH_RLOGIN, argv);
err(1, "can't exec %s", _PATH_RLOGIN);
}
#ifndef __CYGWIN32__
if (!(pw = k_getpwuid(uid = getuid())))
errx(1, "unknown user id.");
local_user = pw->pw_name;
if (!user)
user = local_user;
#else
if (!user)
errx(1, "Sorry, you need to specify the username (with -l)");
local_user = user;
#endif
/* -n must still fork but does not turn of the -n functionality */
if (doencrypt)
nfork = 0;
args = copyargs(argv+optind);
if (user_port)
sv_port = user_port;
else
sv_port = get_shell_port(use_kerberos, doencrypt);
if (use_kerberos) {
paranoid_setuid(getuid());
rem = KSUCCESS;
errno = 0;
if (dest_realm == NULL)
dest_realm = krb_realmofhost(host);
if (doencrypt)
rem = krcmd_mutual(&host, sv_port, user, args,
&rfd2, dest_realm, &cred, schedule);
else
rem = krcmd(&host, sv_port, user, args, &rfd2,
dest_realm);
if (rem < 0) {
int i = 0;
char **newargv;
if (errno == ECONNREFUSED)
warning("remote host doesn't support Kerberos");
if (errno == ENOENT)
warning("can't provide Kerberos auth data");
newargv = malloc((argc + 2) * sizeof(*newargv));
if (newargv == NULL)
err(1, "malloc");
newargv[i] = argv[i];
++i;
if (argv[i][0] != '-') {
newargv[i] = argv[i];
++i;
}
newargv[i++] = "-K";
for(; i <= argc; ++i)
newargv[i] = argv[i - 1];
newargv[argc + 1] = NULL;
execv(_PATH_RSH, newargv);
}
} else {
if (doencrypt)
errx(1, "the -x flag requires Kerberos authentication.");
if (geteuid() != 0)
errx(1, "not installed setuid root, "
"only root may use non kerberized rsh");
rem = rcmd(&host, sv_port, local_user, user, args, &rfd2);
}
if (rem < 0)
exit(1);
if (rfd2 < 0)
errx(1, "can't establish stderr.");
#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT)
if (dflag) {
if (setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one,
sizeof(one)) < 0)
warn("setsockopt");
if (setsockopt(rfd2, SOL_SOCKET, SO_DEBUG, (void *)&one,
sizeof(one)) < 0)
warn("setsockopt");
}
#endif
paranoid_setuid(uid);
{
sigset_t sigmsk;
sigemptyset(&sigmsk);
sigaddset(&sigmsk, SIGINT);
sigaddset(&sigmsk, SIGQUIT);
sigaddset(&sigmsk, SIGTERM);
if (sigprocmask(SIG_BLOCK, &sigmsk, &omask) != 0)
warn("sigprocmask");
}
if (signal(SIGINT, SIG_IGN) != SIG_IGN)
signal(SIGINT, sendsig);
if (signal(SIGQUIT, SIG_IGN) != SIG_IGN)
signal(SIGQUIT, sendsig);
if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
signal(SIGTERM, sendsig);
signal(SIGPIPE, SIG_IGN);
if (!nfork) {
pid = fork();
if (pid < 0)
err(1, "fork");
}
if (!doencrypt) {
ioctl(rfd2, FIONBIO, &one);
ioctl(rem, FIONBIO, &one);
}
talk(nflag, omask, pid, rem);
if (!nflag)
kill(pid, SIGKILL);
exit(0);
}

652
crypto/kerberosIV/appl/bsd/rshd.c
View File

@ -1,652 +0,0 @@
/*-
* Copyright (c) 1988, 1989, 1992, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* remote shell server:
* [port]\0
* remuser\0
* locuser\0
* command\0
* data
*/
#include "bsd_locl.h"
RCSID("$Id: rshd.c,v 1.60.2.3 2000/10/18 20:39:12 assar Exp $");
extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */
extern int __check_rhosts_file;
static int keepalive = 1;
static int log_success; /* If TRUE, log all successful accesses */
static int new_pag = 1; /* Put process in new PAG by default */
static int no_inetd = 0;
static int sent_null;
static void doit (struct sockaddr_in *);
static void error (const char *, ...)
#ifdef __GNUC__
__attribute__ ((format (printf, 1, 2)))
#endif
;
static void usage (void);
#define VERSION_SIZE 9
#define SECURE_MESSAGE "This rsh session is using DES encryption for all transmissions.\r\n"
#define OPTIONS "alnkvxLp:Pi"
AUTH_DAT authbuf;
KTEXT_ST tickbuf;
int doencrypt, use_kerberos, vacuous;
Key_schedule schedule;
int
main(int argc, char *argv[])
{
struct linger linger;
int ch, on = 1, fromlen;
struct sockaddr_in from;
int portnum = 0;
set_progname(argv[0]);
openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
opterr = 0;
while ((ch = getopt(argc, argv, OPTIONS)) != -1)
switch (ch) {
case 'a':
break;
case 'l':
__check_rhosts_file = 0;
break;
case 'n':
keepalive = 0;
break;
case 'k':
use_kerberos = 1;
break;
case 'v':
vacuous = 1;
break;
case 'x':
doencrypt = 1;
break;
case 'L':
log_success = 1;
break;
case 'p':
portnum = htons(atoi(optarg));
break;
case 'P':
new_pag = 0;
break;
case 'i':
no_inetd = 1;
break;
case '?':
default:
usage();
break;
}
argc -= optind;
argv += optind;
if (use_kerberos && vacuous) {
syslog(LOG_ERR, "only one of -k and -v allowed");
exit(2);
}
if (doencrypt && !use_kerberos) {
syslog(LOG_ERR, "-k is required for -x");
exit(2);
}
if (no_inetd) {
if(portnum == 0)
portnum = get_shell_port (use_kerberos, doencrypt);
mini_inetd (portnum);
}
fromlen = sizeof (from);
if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) {
syslog(LOG_ERR, "getpeername: %m");
_exit(1);
}
#ifdef HAVE_SETSOCKOPT
#ifdef SO_KEEPALIVE
if (keepalive &&
setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (void *)&on,
sizeof(on)) < 0)
syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
#endif
#ifdef SO_LINGER
linger.l_onoff = 1;
linger.l_linger = 60; /* XXX */
if (setsockopt(0, SOL_SOCKET, SO_LINGER, (void *)&linger,
sizeof (linger)) < 0)
syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m");
#endif
#endif /* HAVE_SETSOCKOPT */
doit(&from);
/* NOTREACHED */
return 0;
}
char username[20] = "USER=";
char homedir[64] = "HOME=";
char shell[64] = "SHELL=";
char path[100] = "PATH=";
char *envinit[] =
{homedir, shell, path, username, 0};
static void
xgetstr(char *buf, int cnt, char *err)
{
char c;
do {
if (read(STDIN_FILENO, &c, 1) != 1)
exit(1);
*buf++ = c;
if (--cnt == 0) {
error("%s too long\n", err);
exit(1);
}
} while (c != 0);
}
static void
doit(struct sockaddr_in *fromp)
{
struct passwd *pwd;
u_short port;
fd_set ready, readfrom;
int cc, nfd, pv[2], pid, s;
int one = 1;
const char *errorhost = "";
char *errorstr;
char *cp, sig, buf[DES_RW_MAXWRITE];
char cmdbuf[NCARGS+1], locuser[16], remuser[16];
char remotehost[2 * MaxHostNameLen + 1];
uid_t uid;
char shell_path[MAXPATHLEN];
AUTH_DAT *kdata;
KTEXT ticket;
char instance[INST_SZ], version[VERSION_SIZE];
struct sockaddr_in fromaddr;
int rc;
long authopts;
int pv1[2], pv2[2];
fd_set wready, writeto;
fromaddr = *fromp;
signal(SIGINT, SIG_DFL);
signal(SIGQUIT, SIG_DFL);
signal(SIGTERM, SIG_DFL);
#ifdef DEBUG
{ int t = open(_PATH_TTY, 2);
if (t >= 0) {
ioctl(t, TIOCNOTTY, (char *)0);
close(t);
}
}
#endif
fromp->sin_port = ntohs((u_short)fromp->sin_port);
if (fromp->sin_family != AF_INET) {
syslog(LOG_ERR, "malformed \"from\" address (af %d)\n",
fromp->sin_family);
exit(1);
}
if (!use_kerberos) {
ip_options_and_die (0, fromp);
if (fromp->sin_port >= IPPORT_RESERVED ||
fromp->sin_port < IPPORT_RESERVED/2) {
syslog(LOG_NOTICE|LOG_AUTH,
"Connection from %s on illegal port %u",
inet_ntoa(fromp->sin_addr),
fromp->sin_port);
exit(1);
}
}
alarm(60);
port = 0;
for (;;) {
char c;
if ((cc = read(STDIN_FILENO, &c, 1)) != 1) {
if (cc < 0)
syslog(LOG_NOTICE, "read: %m");
shutdown(0, 1+1);
exit(1);
}
if (c== 0)
break;
port = port * 10 + c - '0';
}
alarm(0);
if (port != 0) {
int lport = IPPORT_RESERVED - 1;
s = rresvport(&lport);
if (s < 0) {
syslog(LOG_ERR, "can't get stderr port: %m");
exit(1);
}
if (!use_kerberos)
if (port >= IPPORT_RESERVED) {
syslog(LOG_ERR, "2nd port not reserved\n");
exit(1);
}
fromp->sin_port = htons(port);
if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) {
syslog(LOG_INFO, "connect second port %d: %m", port);
exit(1);
}
}
if (vacuous) {
error("rshd: Remote host requires Kerberos authentication.\n");
exit(1);
}
errorstr = NULL;
inaddr2str (fromp->sin_addr, remotehost, sizeof(remotehost));
if (use_kerberos) {
kdata = &authbuf;
ticket = &tickbuf;
authopts = 0L;
k_getsockinst(0, instance, sizeof(instance));
version[VERSION_SIZE - 1] = '\0';
if (doencrypt) {
struct sockaddr_in local_addr;
rc = sizeof(local_addr);
if (getsockname(0, (struct sockaddr *)&local_addr,
&rc) < 0) {
syslog(LOG_ERR, "getsockname: %m");
error("rshd: getsockname: %m");
exit(1);
}
authopts = KOPT_DO_MUTUAL;
rc = krb_recvauth(authopts, 0, ticket,
"rcmd", instance, &fromaddr,
&local_addr, kdata, "", schedule,
version);
#ifndef NOENCRYPTION
des_set_key(&kdata->session, schedule);
#else
memset(schedule, 0, sizeof(schedule));
#endif
} else
rc = krb_recvauth(authopts, 0, ticket, "rcmd",
instance, &fromaddr,
(struct sockaddr_in *) 0,
kdata, "", 0, version);
if (rc != KSUCCESS) {
error("Kerberos authentication failure: %s\n",
krb_get_err_text(rc));
exit(1);
}
} else
xgetstr(remuser, sizeof(remuser), "remuser");
xgetstr(locuser, sizeof(locuser), "locuser");
xgetstr(cmdbuf, sizeof(cmdbuf), "command");
setpwent();
pwd = k_getpwnam(locuser);
if (pwd == NULL) {
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: unknown login. cmd='%.80s'",
remuser, remotehost, locuser, cmdbuf);
if (errorstr == NULL)
errorstr = "Login incorrect.\n";
goto fail;
}
if (pwd->pw_uid == 0 && strcmp("root", locuser) != 0)
{
syslog(LOG_ALERT, "NIS attack, user %s has uid 0", locuser);
if (errorstr == NULL)
errorstr = "Login incorrect.\n";
goto fail;
}
if (chdir(pwd->pw_dir) < 0) {
chdir("/");
#ifdef notdef
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: no home directory. cmd='%.80s'",
remuser, remotehost, locuser, cmdbuf);
error("No remote directory.\n");
exit(1);
#endif
}
if (use_kerberos) {
if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') {
if (kuserok(kdata, locuser) != 0) {
syslog(LOG_INFO|LOG_AUTH,
"Kerberos rsh denied to %s",
krb_unparse_name_long(kdata->pname,
kdata->pinst,
kdata->prealm));
error("Permission denied.\n");
exit(1);
}
}
} else
if (errorstr ||
(pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' &&
iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0,
remuser, locuser) < 0)) {
if (__rcmd_errstr)
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: permission denied (%s). cmd='%.80s'",
remuser, remotehost, locuser,
__rcmd_errstr, cmdbuf);
else
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: permission denied. cmd='%.80s'",
remuser, remotehost, locuser, cmdbuf);
fail:
if (errorstr == NULL)
errorstr = "Permission denied.\n";
error(errorstr, errorhost);
exit(1);
}
if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) {
error("Logins currently disabled.\n");
exit(1);
}
write(STDERR_FILENO, "\0", 1);
sent_null = 1;
if (port) {
if (pipe(pv) < 0) {
error("Can't make pipe.\n");
exit(1);
}
if (doencrypt) {
if (pipe(pv1) < 0) {
error("Can't make 2nd pipe.\n");
exit(1);
}
if (pipe(pv2) < 0) {
error("Can't make 3rd pipe.\n");
exit(1);
}
}
pid = fork();
if (pid == -1) {
error("Can't fork; try again.\n");
exit(1);
}
if (pid) {
if (doencrypt) {
static char msg[] = SECURE_MESSAGE;
close(pv1[1]);
close(pv2[0]);
#ifndef NOENCRYPTION
des_enc_write(s, msg, sizeof(msg) - 1, schedule, &kdata->session);
#else
write(s, msg, sizeof(msg) - 1);
#endif
} else {
close(0);
close(1);
}
close(2);
close(pv[1]);
if (s >= FD_SETSIZE || pv[0] >= FD_SETSIZE) {
error ("fd too large\n");
exit (1);
}
FD_ZERO(&readfrom);
FD_SET(s, &readfrom);
FD_SET(pv[0], &readfrom);
if (pv[0] > s)
nfd = pv[0];
else
nfd = s;
if (doencrypt) {
if (pv2[1] >= FD_SETSIZE || pv1[0] >= FD_SETSIZE) {
error ("fd too large\n");
exit (1);
}
FD_ZERO(&writeto);
FD_SET(pv2[1], &writeto);
FD_SET(pv1[0], &readfrom);
FD_SET(STDIN_FILENO, &readfrom);
nfd = max(nfd, pv2[1]);
nfd = max(nfd, pv1[0]);
} else
ioctl(pv[0], FIONBIO, (char *)&one);
/* should set s nbio! */
nfd++;
do {
ready = readfrom;
if (doencrypt) {
wready = writeto;
if (select(nfd, &ready,
&wready, 0,
(struct timeval *) 0) < 0)
break;
} else
if (select(nfd, &ready, 0,
0, (struct timeval *)0) < 0)
break;
if (FD_ISSET(s, &ready)) {
int ret;
if (doencrypt)
#ifndef NOENCRYPTION
ret = des_enc_read(s, &sig, 1, schedule, &kdata->session);
#else
ret = read(s, &sig, 1);
#endif
else
ret = read(s, &sig, 1);
if (ret <= 0)
FD_CLR(s, &readfrom);
else
kill(-pid, sig);
}
if (FD_ISSET(pv[0], &ready)) {
errno = 0;
cc = read(pv[0], buf, sizeof(buf));
if (cc <= 0) {
shutdown(s, 1+1);
FD_CLR(pv[0], &readfrom);
} else {
if (doencrypt)
#ifndef NOENCRYPTION
des_enc_write(s, buf, cc, schedule, &kdata->session);
#else
write(s, buf, cc);
#endif
else
(void)
write(s, buf, cc);
}
}
if (doencrypt && FD_ISSET(pv1[0], &ready)) {
errno = 0;
cc = read(pv1[0], buf, sizeof(buf));
if (cc <= 0) {
shutdown(pv1[0], 1+1);
FD_CLR(pv1[0], &readfrom);
} else
#ifndef NOENCRYPTION
des_enc_write(STDOUT_FILENO, buf, cc, schedule, &kdata->session);
#else
write(STDOUT_FILENO, buf, cc);
#endif
}
if (doencrypt
&& FD_ISSET(STDIN_FILENO, &ready)
&& FD_ISSET(pv2[1], &wready)) {
errno = 0;
#ifndef NOENCRYPTION
cc = des_enc_read(STDIN_FILENO, buf, sizeof(buf), schedule, &kdata->session);
#else
cc = read(STDIN_FILENO, buf, sizeof(buf));
#endif
if (cc <= 0) {
shutdown(STDIN_FILENO, 0);
FD_CLR(STDIN_FILENO, &readfrom);
close(pv2[1]);
FD_CLR(pv2[1], &writeto);
} else
write(pv2[1], buf, cc);
}
} while (FD_ISSET(s, &readfrom) ||
(doencrypt && FD_ISSET(pv1[0], &readfrom)) ||
FD_ISSET(pv[0], &readfrom));
exit(0);
}
setsid();
close(s);
close(pv[0]);
if (doencrypt) {
close(pv1[0]);
close(pv2[1]);
dup2(pv1[1], 1);
dup2(pv2[0], 0);
close(pv1[1]);
close(pv2[0]);
}
dup2(pv[1], 2);
close(pv[1]);
}
if (*pwd->pw_shell == '\0')
pwd->pw_shell = _PATH_BSHELL;
#ifdef HAVE_SETLOGIN
if (setlogin(pwd->pw_name) < 0)
syslog(LOG_ERR, "setlogin() failed: %m");
#endif
#ifdef HAVE_SETPCRED
if (setpcred (pwd->pw_name, NULL) == -1)
syslog(LOG_ERR, "setpcred() failure: %m");
#endif /* HAVE_SETPCRED */
if(do_osfc2_magic(pwd->pw_uid))
exit(1);
setgid((gid_t)pwd->pw_gid);
initgroups(pwd->pw_name, pwd->pw_gid);
setuid((uid_t)pwd->pw_uid);
strlcat(homedir, pwd->pw_dir, sizeof(homedir));
/* Need to prepend path with BINDIR (/usr/athena/bin) to find rcp */
snprintf(path, sizeof(path), "PATH=%s:%s", BINDIR, _PATH_DEFPATH);
strlcat(shell, pwd->pw_shell, sizeof(shell));
strlcpy(shell_path, pwd->pw_shell, sizeof(shell_path));
strlcat(username, pwd->pw_name, sizeof(username));
uid = pwd->pw_uid;
cp = strrchr(pwd->pw_shell, '/');
if (cp)
cp++;
else
cp = pwd->pw_shell;
endpwent();
if (log_success || uid == 0) {
if (use_kerberos)
syslog(LOG_INFO|LOG_AUTH,
"Kerberos shell from %s on %s as %s, cmd='%.80s'",
krb_unparse_name_long(kdata->pname,
kdata->pinst,
kdata->prealm),
remotehost, locuser, cmdbuf);
else
syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'",
remuser, remotehost, locuser, cmdbuf);
}
if (k_hasafs()) {
char cell[64];
if (new_pag)
k_setpag(); /* Put users process in an new pag */
if (k_afs_cell_of_file (homedir, cell, sizeof(cell)) == 0)
krb_afslog_uid_home (cell, NULL, uid, homedir);
krb_afslog_uid_home(NULL, NULL, uid, homedir);
}
execle(shell_path, cp, "-c", cmdbuf, 0, envinit);
err(1, "%s", shell_path);
}
/*
* Report error to client. Note: can't be used until second socket has
* connected to client, or older clients will hang waiting for that
* connection first.
*/
static void
error(const char *fmt, ...)
{
va_list ap;
int len;
char *bp, buf[BUFSIZ];
va_start(ap, fmt);
bp = buf;
if (sent_null == 0) {
*bp++ = 1;
len = 1;
} else
len = 0;
len += vsnprintf(bp, sizeof(buf) - len, fmt, ap);
write(STDERR_FILENO, buf, len);
va_end(ap);
}
static void
usage()
{
syslog(LOG_ERR,
"usage: rshd [-alnkvxLPi] [-p port]");
exit(2);
}

100
crypto/kerberosIV/appl/bsd/stty_default.c
View File

@ -1,100 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "bsd_locl.h"
RCSID("$Id: stty_default.c,v 1.7 1999/12/02 16:58:28 joda Exp $");
#include <termios.h>
/* HP-UX 9.0 termios doesn't define these */
#ifndef FLUSHO
#define FLUSHO 0
#endif
#ifndef XTABS
#define XTABS 0
#endif
#ifndef OXTABS
#define OXTABS XTABS
#endif
/* Ultrix... */
#ifndef ECHOPRT
#define ECHOPRT 0
#endif
#ifndef ECHOCTL
#define ECHOCTL 0
#endif
#ifndef ECHOKE
#define ECHOKE 0
#endif
#ifndef IMAXBEL
#define IMAXBEL 0
#endif
#define Ctl(x) ((x) ^ 0100)
void
stty_default(void)
{
struct termios termios;
/*
* Finalize the terminal settings. Some systems default to 8 bits,
* others to 7, so we should leave that alone.
*/
tcgetattr(0, &termios);
termios.c_iflag |= (BRKINT|IGNPAR|ICRNL|IXON|IMAXBEL);
termios.c_iflag &= ~IXANY;
termios.c_lflag |= (ISIG|IEXTEN|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE);
termios.c_lflag &= ~(ECHOPRT|TOSTOP|FLUSHO);
termios.c_oflag |= (OPOST|ONLCR);
termios.c_oflag &= ~OXTABS;
termios.c_cc[VINTR] = Ctl('C');
termios.c_cc[VERASE] = Ctl('H');
termios.c_cc[VKILL] = Ctl('U');
termios.c_cc[VEOF] = Ctl('D');
termios.c_cc[VSUSP] = Ctl('Z');
tcsetattr(0, TCSANOW, &termios);
}

504
crypto/kerberosIV/appl/bsd/su.c
View File

@ -1,504 +0,0 @@
/*
* Copyright (c) 1988 The Regents of the University of California.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "bsd_locl.h"
RCSID ("$Id: su.c,v 1.70.2.2 2000/12/07 14:04:19 assar Exp $");
#ifdef SYSV_SHADOW
#include "sysv_shadow.h"
#endif
static int kerberos (char *username, char *user, char *realm, int uid);
static int chshell (char *sh);
static char *ontty (void);
static int koktologin (char *name, char *realm, char *toname);
static int chshell (char *sh);
/* Handle '-' option after all the getopt options */
#define ARGSTR "Kkflmti:r:"
int destroy_tickets = 0;
static int use_kerberos = 1;
static char *root_inst = "root";
int
main (int argc, char **argv)
{
struct passwd *pwd;
char *p, **g;
struct group *gr;
uid_t ruid;
int asme, ch, asthem, fastlogin, prio;
enum { UNSET, YES, NO } iscsh = UNSET;
char *user, *shell, *avshell, *username, **np;
char shellbuf[MaxPathLen], avshellbuf[MaxPathLen];
char *realm = NULL;
set_progname (argv[0]);
if (getuid() == 0)
use_kerberos = 0;
asme = asthem = fastlogin = 0;
while ((ch = getopt (argc, argv, ARGSTR)) != -1)
switch ((char) ch) {
case 'K':
use_kerberos = 0;
break;
case 'k':
use_kerberos = 1;
break;
case 'f':
fastlogin = 1;
break;
case 'l':
asme = 0;
asthem = 1;
break;
case 'm':
asme = 1;
asthem = 0;
break;
case 't':
destroy_tickets = 1;
break;
case 'i':
root_inst = optarg;
break;
case 'r':
realm = optarg;
break;
case '?':
default:
fprintf (stderr,
"usage: su [-Kkflmt] [-i root-instance] [-r realm] [-] [login]\n");
exit (1);
}
/* Don't handle '-' option with getopt */
if (optind < argc && strcmp (argv[optind], "-") == 0) {
asme = 0;
asthem = 1;
optind++;
}
argv += optind;
if (use_kerberos) {
int fd = open (KEYFILE, O_RDONLY);
if (fd >= 0)
close (fd);
else
use_kerberos = 0;
}
errno = 0;
prio = getpriority (PRIO_PROCESS, 0);
if (errno)
prio = 0;
setpriority (PRIO_PROCESS, 0, -2);
openlog ("su", LOG_CONS, LOG_AUTH);
/* get current login name and shell */
ruid = getuid ();
username = getlogin ();
if (username == NULL || (pwd = k_getpwnam (username)) == NULL ||
pwd->pw_uid != ruid)
pwd = k_getpwuid (ruid);
if (pwd == NULL)
errx (1, "who are you?");
username = strdup (pwd->pw_name);
if (username == NULL)
errx (1, "strdup: out of memory");
if (asme) {
if (pwd->pw_shell && *pwd->pw_shell) {
strlcpy (shellbuf, pwd->pw_shell, sizeof(shellbuf));
shell = shellbuf;
} else {
shell = _PATH_BSHELL;
iscsh = NO;
}
}
/* get target login information, default to root */
user = *argv ? *argv : "root";
np = *argv ? argv : argv - 1;
pwd = k_getpwnam (user);
if (pwd == NULL)
errx (1, "unknown login %s", user);
if (pwd->pw_uid == 0 && strcmp ("root", user) != 0) {
syslog (LOG_ALERT, "NIS attack, user %s has uid 0", user);
errx (1, "unknown login %s", user);
}
if (!use_kerberos || kerberos (username, user, realm, pwd->pw_uid)) {
#ifndef PASSWD_FALLBACK
errx (1, "won't use /etc/passwd authentication");
#endif
/* getpwnam() is not reentrant and kerberos might use it! */
pwd = k_getpwnam (user);
if (pwd == NULL)
errx (1, "unknown login %s", user);
/* only allow those in group zero to su to root. */
if (pwd->pw_uid == 0 && (gr = getgrgid ((gid_t) 0)))
for (g = gr->gr_mem;; ++g) {
if (!*g) {
#if 1
/* if group 0 is empty or only
contains root su is still ok. */
if (gr->gr_mem[0] == 0)
break; /* group 0 is empty */
if (gr->gr_mem[1] == 0 &&
strcmp (gr->gr_mem[0], "root") == 0)
break; /* only root in group 0 */
#endif
errx (1, "you are not in the correct group to su %s.",
user);
}
if (!strcmp (username, *g))
break;
}
/* if target requires a password, verify it */
if (ruid && *pwd->pw_passwd) {
char prompt[128];
char passwd[256];
snprintf (prompt, sizeof(prompt), "%s's Password: ", pwd->pw_name);
if (des_read_pw_string (passwd, sizeof (passwd),
prompt, 0)) {
memset (passwd, 0, sizeof (passwd));
exit (1);
}
if (strcmp (pwd->pw_passwd,
crypt (passwd, pwd->pw_passwd))) {
memset (passwd, 0, sizeof (passwd));
syslog (LOG_AUTH | LOG_WARNING,
"BAD SU %s to %s%s", username,
user, ontty ());
errx (1, "Sorry");
}
memset (passwd, 0, sizeof (passwd));
}
}
if (asme) {
/* if asme and non-standard target shell, must be root */
if (!chshell (pwd->pw_shell) && ruid)
errx (1, "permission denied (shell '%s' not in /etc/shells).",
pwd->pw_shell);
} else if (pwd->pw_shell && *pwd->pw_shell) {
shell = pwd->pw_shell;
iscsh = UNSET;
} else {
shell = _PATH_BSHELL;
iscsh = NO;
}
if ((p = strrchr (shell, '/')) != 0)
avshell = p + 1;
else
avshell = shell;
/* if we're forking a csh, we want to slightly muck the args */
if (iscsh == UNSET)
iscsh = strcmp (avshell, "csh") ? NO : YES;
/* set permissions */
if (setgid (pwd->pw_gid) < 0)
err (1, "setgid");
if (initgroups (user, pwd->pw_gid)) {
if (errno == E2BIG) /* Member of too many groups! */
warn("initgroups failed.");
else
errx(1, "initgroups failed.");
}
if (setuid (pwd->pw_uid) < 0)
err (1, "setuid");
if (pwd->pw_uid != 0 && setuid(0) != -1) {
syslog(LOG_ALERT | LOG_AUTH,
"Failed to drop privileges for user %s", pwd->pw_name);
errx(1, "Sorry");
}
if (!asme) {
if (asthem) {
char *k = getenv ("KRBTKFILE");
char *t = getenv ("TERM");
environ = malloc (10 * sizeof (char *));
if (environ == NULL)
err (1, "malloc");
environ[0] = NULL;
setenv ("PATH", _PATH_DEFPATH, 1);
if (t)
setenv ("TERM", t, 1);
if (k)
setenv ("KRBTKFILE", k, 1);
if (chdir (pwd->pw_dir) < 0)
errx (1, "no directory");
}
if (asthem || pwd->pw_uid)
setenv ("USER", pwd->pw_name, 1);
setenv ("HOME", pwd->pw_dir, 1);
setenv ("SHELL", shell, 1);
}
if (iscsh == YES) {
if (fastlogin)
*np-- = "-f";
if (asme)
*np-- = "-m";
}
if (asthem) {
snprintf (avshellbuf, sizeof(avshellbuf),
"-%s", avshell);
avshell = avshellbuf;
} else if (iscsh == YES) {
/* csh strips the first character... */
snprintf (avshellbuf, sizeof(avshellbuf),
"_%s", avshell);
avshell = avshellbuf;
}
*np = avshell;
if (ruid != 0)
syslog (LOG_NOTICE | LOG_AUTH, "%s to %s%s",
username, user, ontty ());
setpriority (PRIO_PROCESS, 0, prio);
if (k_hasafs ()) {
int code;
if (k_setpag () != 0)
warn ("setpag");
code = krb_afslog (0, 0);
if (code != KSUCCESS && code != KDC_PR_UNKNOWN)
warnx ("afsklog: %s", krb_get_err_text (code));
}
if (destroy_tickets)
dest_tkt ();
execv (shell, np);
warn ("execv(%s)", shell);
if (getuid () == 0) {
execv (_PATH_BSHELL, np);
warn ("execv(%s)", _PATH_BSHELL);
}
exit (1);
}
static int
chshell (char *sh)
{
char *cp;
while ((cp = getusershell ()) != NULL)
if (!strcmp (cp, sh))
return (1);
return (0);
}
static char *
ontty (void)
{
char *p;
static char buf[MaxPathLen + 4];
buf[0] = 0;
if ((p = ttyname (STDERR_FILENO)) != 0)
snprintf (buf, sizeof(buf), " on %s", p);
return (buf);
}
static int
kerberos (char *username, char *user, char *lrealm, int uid)
{
KTEXT_ST ticket;
AUTH_DAT authdata;
struct hostent *hp;
int kerno;
u_long faddr;
char tmp_realm[REALM_SZ], krbtkfile[MaxPathLen];
char hostname[MaxHostNameLen], savehost[MaxHostNameLen];
int n;
int allowed = 0;
if (lrealm != NULL) {
allowed = koktologin (username, lrealm, user) == 0;
} else {
for (n = 1; !allowed && krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n)
allowed = koktologin (username, tmp_realm, user) == 0;
lrealm = tmp_realm;
}
if (!allowed && !uid) {
#ifndef PASSWD_FALLBACK
warnx ("not in %s's ACL.", user);
#endif
return (1);
}
snprintf (krbtkfile, sizeof(krbtkfile),
"%s_%s_to_%s_%u", TKT_ROOT, username, user,
(unsigned) getpid ());
setenv ("KRBTKFILE", krbtkfile, 1);
krb_set_tkt_string (krbtkfile);
/*
* Set real as well as effective ID to 0 for the moment,
* to make the kerberos library do the right thing.
*/
if (setuid(0) < 0) {
warn("setuid");
return (1);
}
/*
* Little trick here -- if we are su'ing to root, we need to get a ticket
* for "xxx.root", where xxx represents the name of the person su'ing.
* Otherwise (non-root case), we need to get a ticket for "yyy.", where
* yyy represents the name of the person being su'd to, and the instance
* is null
*
* We should have a way to set the ticket lifetime, with a system default
* for root.
*/
{
char prompt[128];
char passw[256];
snprintf (prompt, sizeof(prompt),
"%s's Password: ",
krb_unparse_name_long ((uid == 0 ? username : user),
(uid == 0 ? root_inst : ""),
lrealm));
if (des_read_pw_string (passw, sizeof (passw), prompt, 0)) {
memset (passw, 0, sizeof (passw));
return (1);
}
if (strlen(passw) == 0)
return (1); /* Empty passwords is not allowed */
kerno = krb_get_pw_in_tkt ((uid == 0 ? username : user),
(uid == 0 ? root_inst : ""), lrealm,
KRB_TICKET_GRANTING_TICKET,
lrealm,
DEFAULT_TKT_LIFE,
passw);
memset (passw, 0, strlen (passw));
}
if (kerno != KSUCCESS) {
if (kerno == KDC_PR_UNKNOWN) {
warnx ("principal unknown: %s",
krb_unparse_name_long ((uid == 0 ? username : user),
(uid == 0 ? root_inst : ""),
lrealm));
return (1);
}
warnx ("unable to su: %s", krb_get_err_text (kerno));
syslog (LOG_NOTICE | LOG_AUTH,
"BAD SU: %s to %s%s: %s",
username, user, ontty (), krb_get_err_text (kerno));
return (1);
}
if (chown (krbtkfile, uid, -1) < 0) {
warn ("chown");
unlink (krbtkfile);
return (1);
}
setpriority (PRIO_PROCESS, 0, -2);
if (gethostname (hostname, sizeof (hostname)) == -1) {
warn ("gethostname");
dest_tkt ();
return (1);
}
strlcpy (savehost, krb_get_phost (hostname), sizeof (savehost));
for (n = 1; krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n) {
kerno = krb_mk_req (&ticket, "rcmd", savehost, tmp_realm, 33);
if (kerno == 0)
break;
}
if (kerno == KDC_PR_UNKNOWN) {
warnx ("Warning: TGT not verified.");
syslog (LOG_NOTICE | LOG_AUTH,
"%s to %s%s, TGT not verified (%s); "
"%s.%s not registered?",
username, user, ontty (), krb_get_err_text (kerno),
"rcmd", savehost);
#ifdef KLOGIN_PARANOID
/*
* if the "VERIFY_SERVICE" doesn't exist in the KDC for this host, *
* don't allow kerberos login, also log the error condition.
*/
warnx ("Trying local password!");
return (1);
#endif
} else if (kerno != KSUCCESS) {
warnx ("Unable to use TGT: %s", krb_get_err_text (kerno));
syslog (LOG_NOTICE | LOG_AUTH, "failed su: %s to %s%s: %s",
username, user, ontty (), krb_get_err_text (kerno));
dest_tkt ();
return (1);
} else {
if (!(hp = gethostbyname (hostname))) {
warnx ("can't get addr of %s", hostname);
dest_tkt ();
return (1);
}
memcpy (&faddr, hp->h_addr, sizeof (faddr));
if ((kerno = krb_rd_req (&ticket, "rcmd", savehost, faddr,
&authdata, "")) != KSUCCESS) {
warnx ("unable to verify rcmd ticket: %s",
krb_get_err_text (kerno));
syslog (LOG_NOTICE | LOG_AUTH,
"failed su: %s to %s%s: %s", username,
user, ontty (), krb_get_err_text (kerno));
dest_tkt ();
return (1);
}
}
if (!destroy_tickets)
fprintf (stderr, "Don't forget to kdestroy before exiting the shell.\n");
return (0);
}
static int
koktologin (char *name, char *realm, char *toname)
{
return krb_kuserok (name,
strcmp (toname, "root") == 0 ? root_inst : "",
realm,
toname);
}

95
crypto/kerberosIV/appl/bsd/sysv_default.c
View File

@ -1,95 +0,0 @@
/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
#include "bsd_locl.h"
RCSID("$Id: sysv_default.c,v 1.11 1999/03/13 21:15:24 assar Exp $");
#include "sysv_default.h"
/*
* Default values for stuff that can be read from the defaults file. The
* SunOS 5.1 documentation is incomplete and often disagrees with reality.
*/
static char default_umask_value[] = "022";
char *default_console = 0;
char *default_altsh = "YES";
char *default_passreq = "NO";
char *default_timezone= 0;
char *default_hz = 0;
char *default_path = _PATH_DEFPATH;
char *default_supath = _PATH_DEFSUPATH;
char *default_ulimit = 0;
char *default_timeout = "180";
char *default_umask = default_umask_value;
char *default_sleep = "4";
char *default_maxtrys = "5";
static struct sysv_default {
char **valptr;
char *prefix;
int prefix_len;
} defaults[] = {
{&default_console, "CONSOLE=", sizeof("CONSOLE=") -1},
{&default_altsh, "ALTSHELL=", sizeof("ALTSHELL=") -1},
{&default_passreq, "PASSREQ=", sizeof("PASSREQ=") -1},
{&default_timezone, "TIMEZONE=", sizeof("TIMEZONE=") -1},
{&default_hz, "HZ=", sizeof("HZ=") -1},
{&default_path, "PATH=", sizeof("PATH=") -1},
{&default_supath, "SUPATH=", sizeof("SUPATH=") -1},
{&default_ulimit, "ULIMIT=", sizeof("ULIMIT=") -1},
{&default_timeout, "TIMEOUT=", sizeof("TIMEOUT=") -1},
{&default_umask, "UMASK=", sizeof("UMASK=") -1},
{&default_sleep, "SLEEPTIME=", sizeof("SLEEPTIME=") -1},
{&default_maxtrys, "MAXTRYS=", sizeof("MAXTRYS=") -1},
{0},
};
#define trim(s) { \
char *cp = s + strlen(s); \
while (cp > s && isspace((unsigned char)cp[-1])) \
cp--; \
*cp = 0; \
}
/* sysv_defaults - read login defaults file */
void
sysv_defaults()
{
struct sysv_default *dp;
FILE *fp;
char buf[BUFSIZ];
if ((fp = fopen(_PATH_ETC_DEFAULT_LOGIN, "r"))) {
/* Stupid quadratic algorithm. */
while (fgets(buf, sizeof(buf), fp)) {
/* Skip comments and blank lines. */
if (buf[0] == '#')
continue;
trim(buf);
if (buf[0] == 0)
continue;
/* Assign defaults from file. */
#define STREQN(x,y,l) (x[0] == y[0] && strncmp(x,y,l) == 0)
for (dp = defaults; dp->valptr; dp++) {
if (STREQN(buf, dp->prefix, dp->prefix_len)) {
if ((*(dp->valptr) = strdup(buf + dp->prefix_len)) == 0) {
warnx("Insufficient memory resources - try later.");
sleepexit(1);
}
break;
}
}
}
fclose(fp);
}
}

18
crypto/kerberosIV/appl/bsd/sysv_default.h
View File

@ -1,18 +0,0 @@
/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
/* $Id: sysv_default.h,v 1.5 1996/10/27 23:51:14 assar Exp $ */
extern char *default_console;
extern char *default_altsh;
extern char *default_passreq;
extern char *default_timezone;
extern char *default_hz;
extern char *default_path;
extern char *default_supath;
extern char *default_ulimit;
extern char *default_timeout;
extern char *default_umask;
extern char *default_sleep;
extern char *default_maxtrys;
void sysv_defaults(void);

193
crypto/kerberosIV/appl/bsd/sysv_environ.c
View File

@ -1,193 +0,0 @@
/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
#include "bsd_locl.h"
RCSID("$Id: sysv_environ.c,v 1.23 1997/12/14 23:50:44 assar Exp $");
#ifdef HAVE_ULIMIT_H
#include <ulimit.h>
#endif
#ifndef UL_SETFSIZE
#define UL_SETFSIZE 2
#endif
#include "sysv_default.h"
/*
* Set
*/
static void
read_etc_environment (void)
{
FILE *f;
char buf[BUFSIZ];
f = fopen(_PATH_ETC_ENVIRONMENT, "r");
if (f) {
char *val;
while (fgets (buf, sizeof(buf), f) != NULL) {
if (buf[0] == '\n' || buf[0] == '#')
continue;
buf[strlen(buf) - 1] = '\0';
val = strchr (buf, '=');
if (val == NULL)
continue;
*val = '\0';
setenv(buf, val + 1, 1);
}
fclose (f);
}
}
/*
* Environment variables that are preserved (but may still be overruled by
* other means). Only TERM and TZ appear to survive (SunOS 5.1). These are
* typically inherited from the ttymon process.
*/
static struct preserved {
char *name;
char *value;
} preserved[] = {
{"TZ", 0},
{"TERM", 0},
{0},
};
/*
* Environment variables that are not preserved and that cannot be specified
* via commandline or stdin. Except for the LD_xxx (runtime linker) stuff,
* the list applies to most SYSV systems. The manpage mentions only that
* SHELL and PATH are censored. HOME, LOGNAME and MAIL are always
* overwritten; they are in the list to make the censoring explicit.
*/
static struct censored {
char *prefix;
int length;
} censored[] = {
{"SHELL=", sizeof("SHELL=") - 1},
{"HOME=", sizeof("HOME=") - 1},
{"LOGNAME=", sizeof("LOGNAME=") - 1},
{"MAIL=", sizeof("MAIL=") - 1},
{"CDPATH=", sizeof("CDPATH=") - 1},
{"IFS=", sizeof("IFS=") - 1},
{"PATH=", sizeof("PATH=") - 1},
{"LD_", sizeof("LD_") - 1},
{0},
};
/* sysv_newenv - set up final environment after logging in */
void sysv_newenv(int argc, char **argv, struct passwd *pwd,
char *term, int pflag)
{
unsigned umask_val;
char buf[BUFSIZ];
int count = 0;
struct censored *cp;
struct preserved *pp;
/* Preserve a selection of the environment. */
for (pp = preserved; pp->name; pp++)
pp->value = getenv(pp->name);
/*
* Note: it is a bad idea to assign a static array to the global environ
* variable. Reason is that putenv() can run into problems when it tries
* to realloc() the environment table. Instead, we just clear environ[0]
* and let putenv() work things out.
*/
if (!pflag && environ)
environ[0] = 0;
/* Restore preserved environment variables. */
for (pp = preserved; pp->name; pp++)
if (pp->value)
setenv(pp->name, pp->value, 1);
/* The TERM definition from e.g. rlogind can override an existing one. */
if (term[0])
setenv("TERM", term, 1);
/*
* Environment definitions from the command line overrule existing ones,
* but can be overruled by definitions from stdin. Some variables are
* censored.
*
* Omission: we do not support environment definitions from stdin.
*/
#define STREQN(x,y,l) (x[0] == y[0] && strncmp(x,y,l) == 0)
while (argc && *argv) {
if (strchr(*argv, '=') == 0) {
snprintf(buf, sizeof(buf), "L%d", count++);
setenv(buf, *argv, 1);
} else {
for (cp = censored; cp->prefix; cp++)
if (STREQN(*argv, cp->prefix, cp->length))
break;
if (cp->prefix == 0)
putenv(*argv);
}
argc--, argv++;
}
/* PATH is always reset. */
setenv("PATH", pwd->pw_uid ? default_path : default_supath, 1);
/* Undocumented: HOME, MAIL and LOGNAME are always reset (SunOS 5.1). */
setenv("HOME", pwd->pw_dir, 1);
{
char *sep = "/";
if(KRB4_MAILDIR[strlen(KRB4_MAILDIR) - 1] == '/')
sep = "";
roken_concat(buf, sizeof(buf), KRB4_MAILDIR, sep, pwd->pw_name, NULL);
}
setenv("MAIL", buf, 1);
setenv("LOGNAME", pwd->pw_name, 1);
setenv("USER", pwd->pw_name, 1);
/*
* Variables that may be set according to specifications in the defaults
* file. HZ and TZ are set only if they are still uninitialized.
*
* Extension: when ALTSHELL=YES, we set the SHELL variable even if it is
* /bin/sh.
*/
if (strcasecmp(default_altsh, "YES") == 0)
setenv("SHELL", pwd->pw_shell, 1);
if (default_hz)
setenv("HZ", default_hz, 0);
if (default_timezone)
setenv("TZ", default_timezone, 0);
/* Non-environment stuff. */
if (default_umask) {
if (sscanf(default_umask, "%o", &umask_val) == 1 && umask_val)
umask(umask_val);
}
#ifdef HAVE_ULIMIT
if (default_ulimit) {
long limit_val;
if (sscanf(default_ulimit, "%ld", &limit_val) == 1 && limit_val)
if (ulimit(UL_SETFSIZE, limit_val) < 0)
warn ("ulimit(UL_SETFSIZE, %ld)", limit_val);
}
#endif
read_etc_environment();
}

45
crypto/kerberosIV/appl/bsd/sysv_shadow.c
View File

@ -1,45 +0,0 @@
/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
#include "bsd_locl.h"
RCSID("$Id: sysv_shadow.c,v 1.8 1997/12/29 19:56:07 bg Exp $");
#ifdef SYSV_SHADOW
#include <sysv_shadow.h>
/* sysv_expire - check account and password expiration times */
int
sysv_expire(struct spwd *spwd)
{
long today;
tzset();
today = time(0)/(60*60*24); /* In days since Jan. 1, 1970 */
if (spwd->sp_expire > 0) {
if (today > spwd->sp_expire) {
printf("Your account has expired.\n");
sleepexit(1);
} else if (spwd->sp_expire - today < 14) {
printf("Your account will expire in %d days.\n",
(int)(spwd->sp_expire - today));
return (0);
}
}
if (spwd->sp_max > 0) {
if (today > (spwd->sp_lstchg + spwd->sp_max)) {
printf("Your password has expired. Choose a new one.\n");
return (1);
} else if (spwd->sp_warn > 0
&& (today > (spwd->sp_lstchg + spwd->sp_max - spwd->sp_warn))) {
printf("Your password will expire in %d days.\n",
(int)(spwd->sp_lstchg + spwd->sp_max - today));
return (0);
}
}
return (0);
}
#endif /* SYSV_SHADOW */

5
crypto/kerberosIV/appl/bsd/sysv_shadow.h
View File

@ -1,5 +0,0 @@
/* $Id: sysv_shadow.h,v 1.7 1999/03/13 21:15:43 assar Exp $ */
#include <shadow.h>
int sysv_expire(struct spwd *);

70
crypto/kerberosIV/appl/bsd/tty.c
View File

@ -1,70 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "bsd_locl.h"
RCSID("$Id: tty.c,v 1.3 1999/12/02 16:58:28 joda Exp $");
/*
* Clean the tty name. Return a pointer to the cleaned version.
*/
char *
clean_ttyname (char *tty)
{
char *res = tty;
if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0)
res += strlen(_PATH_DEV);
if (strncmp (res, "pty/", 4) == 0)
res += 4;
if (strncmp (res, "ptym/", 5) == 0)
res += 5;
return res;
}
/*
* Generate a name usable as an `ut_id', typically without `tty'.
*/
char *
make_id (char *tty)
{
char *res = tty;
if (strncmp (res, "pts/", 4) == 0)
res += 4;
if (strncmp (res, "tty", 3) == 0)
res += 3;
return res;
}

118
crypto/kerberosIV/appl/bsd/utmp_login.c
View File

@ -1,118 +0,0 @@
/*
* Copyright (c) 1995-1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "bsd_locl.h"
RCSID("$Id: utmp_login.c,v 1.16 1999/12/02 16:58:29 joda Exp $");
#ifdef HAVE_UTMP_H
void
prepare_utmp (struct utmp *utmp, char *tty, char *username, char *hostname)
{
char *ttyx = clean_ttyname (tty);
memset(utmp, 0, sizeof(*utmp));
utmp->ut_time = time(NULL);
strncpy(utmp->ut_line, ttyx, sizeof(utmp->ut_line));
strncpy(utmp->ut_name, username, sizeof(utmp->ut_name));
# ifdef HAVE_STRUCT_UTMP_UT_USER
strncpy(utmp->ut_user, username, sizeof(utmp->ut_user));
# endif
# ifdef HAVE_STRUCT_UTMP_UT_ADDR
if (hostname[0]) {
struct hostent *he;
if ((he = gethostbyname(hostname)))
memcpy(&utmp->ut_addr, he->h_addr_list[0],
sizeof(utmp->ut_addr));
}
# endif
# ifdef HAVE_STRUCT_UTMP_UT_HOST
strncpy(utmp->ut_host, hostname, sizeof(utmp->ut_host));
# endif
# ifdef HAVE_STRUCT_UTMP_UT_TYPE
utmp->ut_type = USER_PROCESS;
# endif
# ifdef HAVE_STRUCT_UTMP_UT_PID
utmp->ut_pid = getpid();
# endif
# ifdef HAVE_STRUCT_UTMP_UT_ID
strncpy(utmp->ut_id, make_id(ttyx), sizeof(utmp->ut_id));
# endif
}
#endif
#ifdef HAVE_UTMPX_H
void utmp_login(char *tty, char *username, char *hostname) { return; }
#else
/* update utmp and wtmp - the BSD way */
void utmp_login(char *tty, char *username, char *hostname)
{
struct utmp utmp;
int fd;
prepare_utmp (&utmp, tty, username, hostname);
#ifdef HAVE_SETUTENT
utmpname(_PATH_UTMP);
setutent();
pututline(&utmp);
endutent();
#else
#ifdef HAVE_TTYSLOT
{
int ttyno;
ttyno = ttyslot();
if (ttyno > 0 && (fd = open(_PATH_UTMP, O_WRONLY, 0)) >= 0) {
lseek(fd, (long)(ttyno * sizeof(struct utmp)), SEEK_SET);
write(fd, &utmp, sizeof(struct utmp));
close(fd);
}
}
#endif /* HAVE_TTYSLOT */
#endif /* HAVE_SETUTENT */
if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
write(fd, &utmp, sizeof(struct utmp));
close(fd);
}
}
#endif /* !HAVE_UTMPX_H */

88
crypto/kerberosIV/appl/bsd/utmpx_login.c
View File

@ -1,88 +0,0 @@
/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */
#include "bsd_locl.h"
RCSID("$Id: utmpx_login.c,v 1.21 1999/03/29 17:57:31 joda Exp $");
/* utmpx_login - update utmp and wtmp after login */
#ifndef HAVE_UTMPX_H
int utmpx_login(char *line, char *user, char *host) { return 0; }
#else
static void
utmpx_update(struct utmpx *ut, char *line, char *user, char *host)
{
struct timeval tmp;
char *clean_tty = clean_ttyname(line);
strncpy(ut->ut_line, clean_tty, sizeof(ut->ut_line));
#ifdef HAVE_STRUCT_UTMPX_UT_ID
strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id));
#endif
strncpy(ut->ut_user, user, sizeof(ut->ut_user));
strncpy(ut->ut_host, host, sizeof(ut->ut_host));
#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
ut->ut_syslen = strlen(host) + 1;
if (ut->ut_syslen > sizeof(ut->ut_host))
ut->ut_syslen = sizeof(ut->ut_host);
#endif
ut->ut_type = USER_PROCESS;
gettimeofday (&tmp, 0);
ut->ut_tv.tv_sec = tmp.tv_sec;
ut->ut_tv.tv_usec = tmp.tv_usec;
pututxline(ut);
#ifdef WTMPX_FILE
updwtmpx(WTMPX_FILE, ut);
#elif defined(WTMP_FILE)
{
struct utmp utmp;
int fd;
prepare_utmp (&utmp, line, user, host);
if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) {
write(fd, &utmp, sizeof(struct utmp));
close(fd);
}
}
#endif
}
int
utmpx_login(char *line, char *user, char *host)
{
struct utmpx *ut;
pid_t mypid = getpid();
int ret = (-1);
/*
* SYSV4 ttymon and login use tty port names with the "/dev/" prefix
* stripped off. Rlogind and telnetd, on the other hand, make utmpx
* entries with device names like /dev/pts/nnn. We therefore cannot use
* getutxline(). Return nonzero if no utmp entry was found with our own
* process ID for a login or user process.
*/
while ((ut = getutxent())) {
/* Try to find a reusable entry */
if (ut->ut_pid == mypid
&& ( ut->ut_type == INIT_PROCESS
|| ut->ut_type == LOGIN_PROCESS
|| ut->ut_type == USER_PROCESS)) {
utmpx_update(ut, line, user, host);
ret = 0;
break;
}
}
if (ret == -1) {
/* Grow utmpx file by one record. */
struct utmpx newut;
memset(&newut, 0, sizeof(newut));
newut.ut_pid = mypid;
utmpx_update(&newut, line, user, host);
ret = 0;
}
endutxent();
return (ret);
}
#endif /* HAVE_UTMPX_H */

384
crypto/kerberosIV/appl/ftp/ChangeLog
View File

@ -1,384 +0,0 @@
2000-03-26 Assar Westerlund <assar@sics.se>
* ftpd/ls.c, ftpd/ftpcmd.y, ftp/cmds.c: make sure to always call
time, ctime, and gmtime with `time_t's. there were some types
(like in lastlog) that we believed to always be time_t. this has
proven wrong on Solaris 8 in 64-bit mode, where they are stored as
32-bit quantities but time_t has gone up to 64 bits
1999-11-30 Assar Westerlund <assar@sics.se>
* ftpd/ftpd.c (getdatasock): make sure to keep the port-number of
the outgoing connections. It has to be `ftp-data' or some people
might get upset.
* ftpd/ftpd.c (args): set correct variable when `-l' so that
logging actually works
1999-11-29 Assar Westerlund <assar@sics.se>
* ftp/security.c (sec_login): check return value from realloc
(sec_end): set app_data to NULL
1999-11-25 Assar Westerlund <assar@sics.se>
* ftp/krb4.c (krb4_auth): obtain the `local' address when doing
NAT. also turn on passive mode. From <thn@stacken.kth.se>
1999-11-20 Assar Westerlund <assar@sics.se>
* ftpd/ls.c (make_fileinfo): cast to allow for non-const
prototypes of readlink
1999-11-12 Assar Westerlund <assar@sics.se>
* ftpd/ftpd.c (args): use arg_counter for `l'
1999-11-04 Assar Westerlund <assar@sics.se>
* ftpd/ls.c (S_ISSOCK, S_ISLNK): fallback definitions for systems
that don't have them (such as ultrix)
1999-10-29 Assar Westerlund <assar@sics.se>
* ftpd/ls.c (make_fileinfo): cast uid's and gid's to unsigned in
printf, we don't know what types they might be.
(lstat_file): conditionalize the kafs part on KRB4
* ftpd/ftpd_locl.h: <sys/ioccom.h> is needed for kafs.h
1999-10-28 Assar Westerlund <assar@sics.se>
* ftpd/ls.c (lstat_file): don't set st_mode, it should already be
correct
* ftpd/ls.c: don't use warnx to print errors
* ftpd/ls.c (builtin_ls): fix typo, 'd' shouldn't imply 'f'
* ftpd/ls.c (lstat_file): new function for avoiding stating AFS
mount points. From Love <lha@s3.kth.se>
(list_files): use `lstat_file'
* ftpd/ftpd.c: some const-poisoning
* ftpd/ftpd.c (args): add `-B' as an alias for `--builtin-ls' to
allow for stupid inetds that only support two arguments. From
Love <lha@s3.kth.se>
1999-10-26 Assar Westerlund <assar@sics.se>
* ftpd/ftpcmd.y (help): it's unnecessary to interpret help strings
as printf commands
* ftpd/ftpd.c (show_issue): don't interpret contents of
/etc/issue* as printf commands. From Brian A May
<bmay@dgs.monash.edu.au>
1999-10-21 Johan Danielsson <joda@pdc.kth.se>
* ftpd/kauth.c (kauth): complain if protection level isn't
`private'
* ftp/krb4.c (krb4_decode): syslog failure reason
* ftp/kauth.c (kauth): set private level earlier
* ftp/security.c: get_command_prot; (sec_prot): partially match
`command' and `data'
1999-10-18 Johan Danielsson <joda@pdc.kth.se>
* ftpd/ftpd.c: change `-l' flag to use arg_collect (this makes
`-ll' work again)
* ftpd/ftpd.c (list_file): pass filename to ls
1999-10-04 Johan Danielsson <joda@pdc.kth.se>
* ftpd/ftpcmd.y: FEAT
1999-10-03 Assar Westerlund <assar@sics.se>
* ftpd/ls.c: fall-back definitions for constans and casts for
printfs
1999-10-03 Johan Danielsson <joda@pdc.kth.se>
* ftpd/ftpd.c (main): make this use getarg; add `list_file'
* ftpd/ftpcmd.y (LIST): call list_file
* ftpd/ls.c: add simple built-in ls
* ftp/security.c: add `sec_vfprintf2' and `sec_fprintf2' that
prints to the data stream
* ftp/kauth.c (kauth): make sure we're using private protection
level
* ftp/security.c (set_command_prot): set command protection level
* ftp/security.c: make it possible to set the command protection
level with `prot'
1999-09-30 Assar Westerlund <assar@sics.se>
* ftpd/ftpd_locl.h: add prototype for fclose to make sunos happy
1999-08-19 Johan Danielsson <joda@pdc.kth.se>
* ftpd/ftpd.c (do_login): show issue-file
(send_data): change handling of zero-byte files
1999-08-18 Assar Westerlund <assar@sics.se>
* ftp/cmds.c (getit): be more suspicious when parsing the result
of MDTM. Do the comparison of timestamps correctly.
1999-08-13 Assar Westerlund <assar@sics.se>
* ftpd/ftpd.c (send_data): avoid calling mmap with `len == 0'.
Some mmap:s rather dislike that (Solaris) and some munmap (Linux)
get grumpy later.
* ftp/ftp.c (copy_stream): avoid calling mmap with `len == 0'.
Some mmap:s rather dislike that (Solaris) and some munmap (Linux)
get grumpy later.
1999-08-03 Assar Westerlund <assar@sics.se>
* ftp/ftp.c (active_mode): hide failure of EPRT by setting verbose
* ftp/gssapi.c (gss_auth): initialize application_data in bindings
1999-08-02 Assar Westerlund <assar@sics.se>
* ftpd/ftpcmd.y: save file names when doing commands that might
get aborted (and longjmp:ed out of) to avoid overwriting them also
remove extra closing brace
1999-08-01 Johan Danielsson <joda@pdc.kth.se>
* ftpd/ftpcmd.y: change `site find' to `site locate' (to match
what it does, and other implementations) keep find as an alias
1999-07-28 Assar Westerlund <assar@sics.se>
* common/socket.c: moved to roken
* common/socket.c: new file with generic socket functions
* ftpd/ftpd.c: make it more AF-neutral and v6-capable
* ftpd/ftpcmd.y: add EPRT and EPSV
* ftpd/extern.h: update prototypes and variables
* ftp/krb4.c: update to new types of addresses
* ftp/gssapi.c: add support for both AF_INET and AF_INET6
addresses
* ftp/ftp.c: make it more AF-neutral and v6-capable
* ftp/extern.h (hookup): change prototype
* common/common.h: add prototypes for functions in socket.c
* common/Makefile.am (libcommon_a_SOURCES): add socket.c
* ftp/gssapi.c (gss_auth): check return value from
`gss_import_name' and print error messages if it fails
1999-06-15 Assar Westerlund <assar@sics.se>
* ftp/krb4.c (krb4_auth): type correctness
1999-06-02 Johan Danielsson <joda@pdc.kth.se>
* ftp/ftp.c (sendrequest): lmode != rmode
1999-05-21 Assar Westerlund <assar@sics.se>
* ftp/extern.h (sendrequest): update prototype
* ftp/cmds.c: update calls to sendrequest and recvrequest to send
"b" when appropriate
* ftp/ftp.c (sendrequest): add argument for mode to open file in.
1999-05-08 Assar Westerlund <assar@sics.se>
* ftpd/ftpcmd.y: rename getline -> ftpd_getline
* ftp/main.c (makeargv): fill in unused slots with NULL
Thu Apr 8 15:06:40 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* ftpd/ftpd.c: remove definition of KRB_VERIFY_USER (moved to
config.h)
Wed Apr 7 16:15:21 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* ftp/gssapi.c (gss_auth): call gss_display_status to get a sane
error message; return AUTH_{CONTINUE,ERROR}, where appropriate
* ftp/krb4.c: return AUTH_{CONTINUE,ERROR}, where appropriate
* ftp/security.c (sec_login): if mechanism returns AUTH_CONTINUE,
just continue with the next mechanism, this fixes the case of
having GSSAPI fail because of non-existant of expired tickets
* ftp/security.h: add AUTH_{OK,CONTINUE,ERROR}
Thu Apr 1 16:59:04 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* ftpd/Makefile.am: don't run check-local
* ftp/Makefile.am: don't run check-local
Mon Mar 22 22:15:18 1999 Assar Westerlund <assar@sics.se>
* ftpd/ftpd.c (pass): fall-back for KRB_VERIFY_SECURE
* ftpd/ftpd.c (pass): 1 -> KRB_VERIFY_SECURE
Thu Mar 18 12:07:09 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* ftpd/Makefile.am: clean ftpcmd.c
* ftpd/ftpd_locl.h: remove krb5.h (breaks in ftpcmd.y)
* ftpd/ftpd.c: move include of krb5.h here
* ftpd/Makefile.am: include Makefile.am.common
* Makefile.am: include Makefile.am.common
* ftp/Makefile.am: include Makefile.am.common
* common/Makefile.am: include Makefile.am.common
Tue Mar 16 22:28:37 1999 Assar Westerlund <assar@sics.se>
* ftpd/ftpd_locl.h: add krb5.h to get heimdal_version
* ftpd/ftpd.c: krb_verify_user_multiple -> krb_verify_user
Thu Mar 11 14:54:59 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* ftp/Makefile.in: WFLAGS
* ftp/ruserpass.c: add some if-braces
Wed Mar 10 20:02:55 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* ftpd/ftpd_locl.h: remove ifdef HAVE_FNMATCH
Mon Mar 8 21:29:24 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* ftpd/ftpd.c: re-add version in greeting message
Mon Mar 1 10:49:38 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* ftpd/logwtmp.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
Mon Feb 22 19:20:51 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* common/Makefile.in: remove glob
Sat Feb 13 17:19:35 1999 Assar Westerlund <assar@sics.se>
* ftpd/ftpd.c (match): remove #ifdef HAVE_FNMATCH. We have a
fnmatch implementation in roken and therefore always have it.
* ftp/ftp.c (copy_stream): initialize `werr'
Wed Jan 13 23:52:57 1999 Assar Westerlund <assar@sics.se>
* ftpd/ftpcmd.y: moved all check_login and check_login_no_guest to
the end of the rules to ensure we don't generate several
(independent) error messages. once again, having a yacc-grammar
for FTP with embedded actions doesn't strike me as the most
optimal way of doing it.
Tue Dec 1 14:44:29 1998 Johan Danielsson <joda@hella.pdc.kth.se>
* ftpd/Makefile.am: link with extra libs for aix
Sun Nov 22 10:28:20 1998 Assar Westerlund <assar@sics.se>
* ftpd/ftpd.c (retrying): support on-the-fly decompression
* ftpd/Makefile.in (WFLAGS): set
* ftp/ruserpass.c (guess_domain): new function
(ruserpass): use it
* common/Makefile.in (WFLAGS): set
* Makefile.in (WFLAGS): set
Sat Nov 21 23:13:03 1998 Assar Westerlund <assar@sics.se>
* ftp/security.c: some more type correctness.
* ftp/gssapi.c (gss_adat): more braces to shut up warnings
Wed Nov 18 21:47:55 1998 Assar Westerlund <assar@sics.se>
* ftp/main.c (main): new option `-p' for enable passive mode.
Mon Nov 2 01:57:49 1998 Assar Westerlund <assar@sics.se>
* ftp/ftp.c (getreply): remove extra `break'
* ftp/gssapi.c (gss_auth): fixo typo(copyo?)
* ftp/security.c (sec_login): fix loop and return value
Tue Sep 1 16:56:42 1998 Johan Danielsson <joda@emma.pdc.kth.se>
* ftp/cmds.c (quote1): fix % quoting bug
Fri Aug 14 17:10:06 1998 Johan Danielsson <joda@emma.pdc.kth.se>
* ftp/krb4.c: krb_put_int -> KRB_PUT_INT
Tue Jun 30 18:07:15 1998 Assar Westerlund <assar@sics.se>
* ftp/security.c (auth): free `app_data'
(sec_end): only destroy if it was initialized
Tue Jun 9 21:01:59 1998 Johan Danielsson <joda@emma.pdc.kth.se>
* ftp/krb4.c: pass client address to krb_rd_req
Sat May 16 00:02:07 1998 Assar Westerlund <assar@sics.se>
* ftpd/Makefile.am: link with DBLIB
Tue May 12 14:15:32 1998 Johan Danielsson <joda@emma.pdc.kth.se>
* ftp/gssapi.c: Save client name for userok().
* ftpd/gss_userok.c: Userok for gssapi.
Fri May 1 07:15:01 1998 Assar Westerlund <assar@sics.se>
* ftp/ftp.c: unifdef -DHAVE_H_ERRNO
Fri Mar 27 00:46:07 1998 Johan Danielsson <joda@emma.pdc.kth.se>
* Make compile w/o krb4.
Thu Mar 26 03:49:12 1998 Johan Danielsson <joda@emma.pdc.kth.se>
* ftp/*, ftpd/*: Changes for new framework.
* ftp/gssapi.c: GSS-API backend for the new security framework.
* ftp/krb4.c: Updated for new framework.
* ftp/security.{c,h}: New unified security framework.

5
crypto/kerberosIV/appl/ftp/Makefile.am
View File

@ -1,5 +0,0 @@
# $Id: Makefile.am,v 1.5 1999/03/20 13:58:14 joda Exp $
include $(top_srcdir)/Makefile.am.common
SUBDIRS = common ftp ftpd

44
crypto/kerberosIV/appl/ftp/Makefile.in
View File

@ -1,44 +0,0 @@
# $Id: Makefile.in,v 1.12 1999/03/10 19:01:11 joda Exp $
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
SHELL = /bin/sh
@SET_MAKE@
CC = @CC@
RANLIB = @RANLIB@
DEFS = @DEFS@
CFLAGS = @CFLAGS@ $(WFLAGS)
WFLAGS = @WFLAGS@
INSTALL = @INSTALL@
prefix = @prefix@
SUBDIRS=common ftp ftpd
all:
for i in $(SUBDIRS); \
do (cd $$i && $(MAKE) $(MFLAGS) all); done
install: all
for i in $(SUBDIRS); \
do (cd $$i && $(MAKE) $(MFLAGS) install); done
uninstall:
for i in $(SUBDIRS); \
do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done
clean cleandir:
for i in $(SUBDIRS); \
do (cd $$i && $(MAKE) $(MFLAGS) clean); done
distclean:
for i in $(SUBDIRS); \
do (cd $$i && $(MAKE) $(MFLAGS) distclean); done
rm -f Makefile *~
.PHONY: all install uninstall clean cleandir distclean

12
crypto/kerberosIV/appl/ftp/common/Makefile.am
View File

@ -1,12 +0,0 @@
# $Id: Makefile.am,v 1.9 1999/07/28 21:15:06 assar Exp $
include $(top_srcdir)/Makefile.am.common
INCLUDES += $(INCLUDE_krb4)
noinst_LIBRARIES = libcommon.a
libcommon_a_SOURCES = \
sockbuf.c \
buffer.c \
common.h

55
crypto/kerberosIV/appl/ftp/common/Makefile.in
View File

@ -1,55 +0,0 @@
# $Id: Makefile.in,v 1.23 1999/03/10 19:01:11 joda Exp $
SHELL = /bin/sh
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
CC = @CC@
AR = ar
RANLIB = @RANLIB@
DEFS = @DEFS@
CFLAGS = @CFLAGS@ $(WFLAGS)
WFLAGS = @WFLAGS@
INSTALL = @INSTALL@
prefix = @prefix@
SOURCES = sockbuf.c buffer.c
OBJECTS = $(libcommon_OBJS)
libcommon_OBJS = sockbuf.o buffer.o
LIBNAME = $(LIBPREFIX)common
LIBEXT = a
LIBPREFIX = @LIBPREFIX@
LIB = $(LIBNAME).$(LIBEXT)
all: $(LIB)
.c.o:
$(CC) -c -I$(srcdir) -I../../../include $(DEFS) $(CFLAGS) $(CPPFLAGS) $<
$(LIB): $(libcommon_OBJS)
rm -f $@
ar cr $@ $(libcommon_OBJS)
-$(RANLIB) $@
install:
uninstall:
TAGS: $(SOURCES)
etags $(SOURCES)
clean cleandir:
rm -f *~ *.o libcommon.a core \#*
distclean:
rm -f Makefile
$(OBJECTS): ../../../include/config.h
.PHONY: all install uninstall clean cleandir distclean

149
crypto/kerberosIV/appl/ftp/common/base64.c
View File

@ -1,149 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: base64.c,v 1.6 1997/05/30 17:24:06 assar Exp $");
#endif
#include <stdlib.h>
#include <string.h>
#include "base64.h"
static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
static int pos(char c)
{
char *p;
for(p = base64; *p; p++)
if(*p == c)
return p - base64;
return -1;
}
int base64_encode(const void *data, int size, char **str)
{
char *s, *p;
int i;
int c;
unsigned char *q;
p = s = (char*)malloc(size*4/3+4);
q = (unsigned char*)data;
i=0;
for(i = 0; i < size;){
c=q[i++];
c*=256;
if(i < size)
c+=q[i];
i++;
c*=256;
if(i < size)
c+=q[i];
i++;
p[0]=base64[(c&0x00fc0000) >> 18];
p[1]=base64[(c&0x0003f000) >> 12];
p[2]=base64[(c&0x00000fc0) >> 6];
p[3]=base64[(c&0x0000003f) >> 0];
if(i > size)
p[3]='=';
if(i > size+1)
p[2]='=';
p+=4;
}
*p=0;
*str = s;
return strlen(s);
}
int base64_decode(const char *str, void *data)
{
const char *p;
unsigned char *q;
int c;
int x;
int done = 0;
q=(unsigned char*)data;
for(p=str; *p && !done; p+=4){
x = pos(p[0]);
if(x >= 0)
c = x;
else{
done = 3;
break;
}
c*=64;
x = pos(p[1]);
if(x >= 0)
c += x;
else
return -1;
c*=64;
if(p[2] == '=')
done++;
else{
x = pos(p[2]);
if(x >= 0)
c += x;
else
return -1;
}
c*=64;
if(p[3] == '=')
done++;
else{
if(done)
return -1;
x = pos(p[3]);
if(x >= 0)
c += x;
else
return -1;
}
if(done < 3)
*q++=(c&0x00ff0000)>>16;
if(done < 2)
*q++=(c&0x0000ff00)>>8;
if(done < 1)
*q++=(c&0x000000ff)>>0;
}
return q - (unsigned char*)data;
}

47
crypto/kerberosIV/appl/ftp/common/base64.h
View File

@ -1,47 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: base64.h,v 1.5 1997/04/01 08:17:19 joda Exp $ */
#ifndef _BASE64_H_
#define _BASE64_H_
int base64_encode(const void *data, int size, char **str);
int base64_decode(const char *str, void *data);
#endif

69
crypto/kerberosIV/appl/ftp/common/buffer.c
View File

@ -1,69 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "common.h"
#include <stdio.h>
#include <err.h>
#include "roken.h"
RCSID("$Id: buffer.c,v 1.3 1999/12/02 16:58:29 joda Exp $");
/*
* Allocate a buffer enough to handle st->st_blksize, if
* there is such a field, otherwise BUFSIZ.
*/
void *
alloc_buffer (void *oldbuf, size_t *sz, struct stat *st)
{
size_t new_sz;
new_sz = BUFSIZ;
#ifdef HAVE_ST_BLKSIZE
if (st)
new_sz = max(BUFSIZ, st->st_blksize);
#endif
if(new_sz > *sz) {
if (oldbuf)
free (oldbuf);
oldbuf = malloc (new_sz);
if (oldbuf == NULL) {
warn ("malloc");
*sz = 0;
return NULL;
}
*sz = new_sz;
}
return oldbuf;
}

60
crypto/kerberosIV/appl/ftp/common/common.h
View File

@ -1,60 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: common.h,v 1.12 1999/12/02 16:58:29 joda Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifndef __COMMON_H__
#define __COMMON_H__
#include "base64.h"
void set_buffer_size(int, int);
#include <stdlib.h>
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
void *alloc_buffer (void *oldbuf, size_t *sz, struct stat *st);
#endif /* __COMMON_H__ */

835
crypto/kerberosIV/appl/ftp/common/glob.c
View File

@ -1,835 +0,0 @@
/*
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Guido van Rossum.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* glob(3) -- a superset of the one defined in POSIX 1003.2.
*
* The [!...] convention to negate a range is supported (SysV, Posix, ksh).
*
* Optional extra services, controlled by flags not defined by POSIX:
*
* GLOB_QUOTE:
* Escaping convention: \ inhibits any special meaning the following
* character might have (except \ at end of string is retained).
* GLOB_MAGCHAR:
* Set in gl_flags if pattern contained a globbing character.
* GLOB_NOMAGIC:
* Same as GLOB_NOCHECK, but it will only append pattern if it did
* not contain any magic characters. [Used in csh style globbing]
* GLOB_ALTDIRFUNC:
* Use alternately specified directory access functions.
* GLOB_TILDE:
* expand ~user/foo to the /home/dir/of/user/foo
* GLOB_BRACE:
* expand {1,2}{a,b} to 1a 1b 2a 2b
* gl_matchc:
* Number of matches in the current invocation of glob.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endif
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#include <ctype.h>
#ifdef HAVE_DIRENT_H
#include <dirent.h>
#endif
#include <errno.h>
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include "glob.h"
#include "roken.h"
#define CHAR_DOLLAR '$'
#define CHAR_DOT '.'
#define CHAR_EOS '\0'
#define CHAR_LBRACKET '['
#define CHAR_NOT '!'
#define CHAR_QUESTION '?'
#define CHAR_QUOTE '\\'
#define CHAR_RANGE '-'
#define CHAR_RBRACKET ']'
#define CHAR_SEP '/'
#define CHAR_STAR '*'
#define CHAR_TILDE '~'
#define CHAR_UNDERSCORE '_'
#define CHAR_LBRACE '{'
#define CHAR_RBRACE '}'
#define CHAR_SLASH '/'
#define CHAR_COMMA ','
#ifndef DEBUG
#define M_QUOTE 0x8000
#define M_PROTECT 0x4000
#define M_MASK 0xffff
#define M_ASCII 0x00ff
typedef u_short Char;
#else
#define M_QUOTE 0x80
#define M_PROTECT 0x40
#define M_MASK 0xff
#define M_ASCII 0x7f
typedef char Char;
#endif
#define CHAR(c) ((Char)((c)&M_ASCII))
#define META(c) ((Char)((c)|M_QUOTE))
#define M_ALL META('*')
#define M_END META(']')
#define M_NOT META('!')
#define M_ONE META('?')
#define M_RNG META('-')
#define M_SET META('[')
#define ismeta(c) (((c)&M_QUOTE) != 0)
static int compare (const void *, const void *);
static void g_Ctoc (const Char *, char *);
static int g_lstat (Char *, struct stat *, glob_t *);
static DIR *g_opendir (Char *, glob_t *);
static Char *g_strchr (Char *, int);
#ifdef notdef
static Char *g_strcat (Char *, const Char *);
#endif
static int g_stat (Char *, struct stat *, glob_t *);
static int glob0 (const Char *, glob_t *);
static int glob1 (Char *, glob_t *);
static int glob2 (Char *, Char *, Char *, glob_t *);
static int glob3 (Char *, Char *, Char *, Char *, glob_t *);
static int globextend (const Char *, glob_t *);
static const Char * globtilde (const Char *, Char *, glob_t *);
static int globexp1 (const Char *, glob_t *);
static int globexp2 (const Char *, const Char *, glob_t *, int *);
static int match (Char *, Char *, Char *);
#ifdef DEBUG
static void qprintf (const char *, Char *);
#endif
int
glob(const char *pattern,
int flags,
int (*errfunc)(const char *, int),
glob_t *pglob)
{
const u_char *patnext;
int c;
Char *bufnext, *bufend, patbuf[MaxPathLen+1];
patnext = (u_char *) pattern;
if (!(flags & GLOB_APPEND)) {
pglob->gl_pathc = 0;
pglob->gl_pathv = NULL;
if (!(flags & GLOB_DOOFFS))
pglob->gl_offs = 0;
}
pglob->gl_flags = flags & ~GLOB_MAGCHAR;
pglob->gl_errfunc = errfunc;
pglob->gl_matchc = 0;
bufnext = patbuf;
bufend = bufnext + MaxPathLen;
if (flags & GLOB_QUOTE) {
/* Protect the quoted characters. */
while (bufnext < bufend && (c = *patnext++) != CHAR_EOS)
if (c == CHAR_QUOTE) {
if ((c = *patnext++) == CHAR_EOS) {
c = CHAR_QUOTE;
--patnext;
}
*bufnext++ = c | M_PROTECT;
}
else
*bufnext++ = c;
}
else
while (bufnext < bufend && (c = *patnext++) != CHAR_EOS)
*bufnext++ = c;
*bufnext = CHAR_EOS;
if (flags & GLOB_BRACE)
return globexp1(patbuf, pglob);
else
return glob0(patbuf, pglob);
}
/*
* Expand recursively a glob {} pattern. When there is no more expansion
* invoke the standard globbing routine to glob the rest of the magic
* characters
*/
static int globexp1(const Char *pattern, glob_t *pglob)
{
const Char* ptr = pattern;
int rv;
/* Protect a single {}, for find(1), like csh */
if (pattern[0] == CHAR_LBRACE && pattern[1] == CHAR_RBRACE && pattern[2] == CHAR_EOS)
return glob0(pattern, pglob);
while ((ptr = (const Char *) g_strchr((Char *) ptr, CHAR_LBRACE)) != NULL)
if (!globexp2(ptr, pattern, pglob, &rv))
return rv;
return glob0(pattern, pglob);
}
/*
* Recursive brace globbing helper. Tries to expand a single brace.
* If it succeeds then it invokes globexp1 with the new pattern.
* If it fails then it tries to glob the rest of the pattern and returns.
*/
static int globexp2(const Char *ptr, const Char *pattern,
glob_t *pglob, int *rv)
{
int i;
Char *lm, *ls;
const Char *pe, *pm, *pl;
Char patbuf[MaxPathLen + 1];
/* copy part up to the brace */
for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
continue;
ls = lm;
/* Find the balanced brace */
for (i = 0, pe = ++ptr; *pe; pe++)
if (*pe == CHAR_LBRACKET) {
/* Ignore everything between [] */
for (pm = pe++; *pe != CHAR_RBRACKET && *pe != CHAR_EOS; pe++)
continue;
if (*pe == CHAR_EOS) {
/*
* We could not find a matching CHAR_RBRACKET.
* Ignore and just look for CHAR_RBRACE
*/
pe = pm;
}
}
else if (*pe == CHAR_LBRACE)
i++;
else if (*pe == CHAR_RBRACE) {
if (i == 0)
break;
i--;
}
/* Non matching braces; just glob the pattern */
if (i != 0 || *pe == CHAR_EOS) {
*rv = glob0(patbuf, pglob);
return 0;
}
for (i = 0, pl = pm = ptr; pm <= pe; pm++)
switch (*pm) {
case CHAR_LBRACKET:
/* Ignore everything between [] */
for (pl = pm++; *pm != CHAR_RBRACKET && *pm != CHAR_EOS; pm++)
continue;
if (*pm == CHAR_EOS) {
/*
* We could not find a matching CHAR_RBRACKET.
* Ignore and just look for CHAR_RBRACE
*/
pm = pl;
}
break;
case CHAR_LBRACE:
i++;
break;
case CHAR_RBRACE:
if (i) {
i--;
break;
}
/* FALLTHROUGH */
case CHAR_COMMA:
if (i && *pm == CHAR_COMMA)
break;
else {
/* Append the current string */
for (lm = ls; (pl < pm); *lm++ = *pl++)
continue;
/*
* Append the rest of the pattern after the
* closing brace
*/
for (pl = pe + 1; (*lm++ = *pl++) != CHAR_EOS;)
continue;
/* Expand the current pattern */
#ifdef DEBUG
qprintf("globexp2:", patbuf);
#endif
*rv = globexp1(patbuf, pglob);
/* move after the comma, to the next string */
pl = pm + 1;
}
break;
default:
break;
}
*rv = 0;
return 0;
}
/*
* expand tilde from the passwd file.
*/
static const Char *
globtilde(const Char *pattern, Char *patbuf, glob_t *pglob)
{
struct passwd *pwd;
char *h;
const Char *p;
Char *b;
if (*pattern != CHAR_TILDE || !(pglob->gl_flags & GLOB_TILDE))
return pattern;
/* Copy up to the end of the string or / */
for (p = pattern + 1, h = (char *) patbuf; *p && *p != CHAR_SLASH;
*h++ = *p++)
continue;
*h = CHAR_EOS;
if (((char *) patbuf)[0] == CHAR_EOS) {
/*
* handle a plain ~ or ~/ by expanding $HOME
* first and then trying the password file
*/
if ((h = getenv("HOME")) == NULL) {
if ((pwd = k_getpwuid(getuid())) == NULL)
return pattern;
else
h = pwd->pw_dir;
}
}
else {
/*
* Expand a ~user
*/
if ((pwd = k_getpwnam((char*) patbuf)) == NULL)
return pattern;
else
h = pwd->pw_dir;
}
/* Copy the home directory */
for (b = patbuf; *h; *b++ = *h++)
continue;
/* Append the rest of the pattern */
while ((*b++ = *p++) != CHAR_EOS)
continue;
return patbuf;
}
/*
* The main glob() routine: compiles the pattern (optionally processing
* quotes), calls glob1() to do the real pattern matching, and finally
* sorts the list (unless unsorted operation is requested). Returns 0
* if things went well, nonzero if errors occurred. It is not an error
* to find no matches.
*/
static int
glob0(const Char *pattern, glob_t *pglob)
{
const Char *qpatnext;
int c, err, oldpathc;
Char *bufnext, patbuf[MaxPathLen+1];
qpatnext = globtilde(pattern, patbuf, pglob);
oldpathc = pglob->gl_pathc;
bufnext = patbuf;
/* We don't need to check for buffer overflow any more. */
while ((c = *qpatnext++) != CHAR_EOS) {
switch (c) {
case CHAR_LBRACKET:
c = *qpatnext;
if (c == CHAR_NOT)
++qpatnext;
if (*qpatnext == CHAR_EOS ||
g_strchr((Char *) qpatnext+1, CHAR_RBRACKET) == NULL) {
*bufnext++ = CHAR_LBRACKET;
if (c == CHAR_NOT)
--qpatnext;
break;
}
*bufnext++ = M_SET;
if (c == CHAR_NOT)
*bufnext++ = M_NOT;
c = *qpatnext++;
do {
*bufnext++ = CHAR(c);
if (*qpatnext == CHAR_RANGE &&
(c = qpatnext[1]) != CHAR_RBRACKET) {
*bufnext++ = M_RNG;
*bufnext++ = CHAR(c);
qpatnext += 2;
}
} while ((c = *qpatnext++) != CHAR_RBRACKET);
pglob->gl_flags |= GLOB_MAGCHAR;
*bufnext++ = M_END;
break;
case CHAR_QUESTION:
pglob->gl_flags |= GLOB_MAGCHAR;
*bufnext++ = M_ONE;
break;
case CHAR_STAR:
pglob->gl_flags |= GLOB_MAGCHAR;
/* collapse adjacent stars to one,
* to avoid exponential behavior
*/
if (bufnext == patbuf || bufnext[-1] != M_ALL)
*bufnext++ = M_ALL;
break;
default:
*bufnext++ = CHAR(c);
break;
}
}
*bufnext = CHAR_EOS;
#ifdef DEBUG
qprintf("glob0:", patbuf);
#endif
if ((err = glob1(patbuf, pglob)) != 0)
return(err);
/*
* If there was no match we are going to append the pattern
* if GLOB_NOCHECK was specified or if GLOB_NOMAGIC was specified
* and the pattern did not contain any magic characters
* GLOB_NOMAGIC is there just for compatibility with csh.
*/
if (pglob->gl_pathc == oldpathc &&
((pglob->gl_flags & GLOB_NOCHECK) ||
((pglob->gl_flags & GLOB_NOMAGIC) &&
!(pglob->gl_flags & GLOB_MAGCHAR))))
return(globextend(pattern, pglob));
else if (!(pglob->gl_flags & GLOB_NOSORT))
qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
pglob->gl_pathc - oldpathc, sizeof(char *), compare);
return(0);
}
static int
compare(const void *p, const void *q)
{
return(strcmp(*(char **)p, *(char **)q));
}
static int
glob1(Char *pattern, glob_t *pglob)
{
Char pathbuf[MaxPathLen+1];
/* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
if (*pattern == CHAR_EOS)
return(0);
return(glob2(pathbuf, pathbuf, pattern, pglob));
}
/*
* The functions glob2 and glob3 are mutually recursive; there is one level
* of recursion for each segment in the pattern that contains one or more
* meta characters.
*/
#ifndef S_ISLNK
#if defined(S_IFLNK) && defined(S_IFMT)
#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK)
#else
#define S_ISLNK(mode) 0
#endif
#endif
static int
glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob)
{
struct stat sb;
Char *p, *q;
int anymeta;
/*
* Loop over pattern segments until end of pattern or until
* segment with meta character found.
*/
for (anymeta = 0;;) {
if (*pattern == CHAR_EOS) { /* End of pattern? */
*pathend = CHAR_EOS;
if (g_lstat(pathbuf, &sb, pglob))
return(0);
if (((pglob->gl_flags & GLOB_MARK) &&
pathend[-1] != CHAR_SEP) && (S_ISDIR(sb.st_mode)
|| (S_ISLNK(sb.st_mode) &&
(g_stat(pathbuf, &sb, pglob) == 0) &&
S_ISDIR(sb.st_mode)))) {
*pathend++ = CHAR_SEP;
*pathend = CHAR_EOS;
}
++pglob->gl_matchc;
return(globextend(pathbuf, pglob));
}
/* Find end of next segment, copy tentatively to pathend. */
q = pathend;
p = pattern;
while (*p != CHAR_EOS && *p != CHAR_SEP) {
if (ismeta(*p))
anymeta = 1;
*q++ = *p++;
}
if (!anymeta) { /* No expansion, do next segment. */
pathend = q;
pattern = p;
while (*pattern == CHAR_SEP)
*pathend++ = *pattern++;
} else /* Need expansion, recurse. */
return(glob3(pathbuf, pathend, pattern, p, pglob));
}
/* CHAR_NOTREACHED */
}
static int
glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern,
glob_t *pglob)
{
struct dirent *dp;
DIR *dirp;
int err;
char buf[MaxPathLen];
/*
* The readdirfunc declaration can't be prototyped, because it is
* assigned, below, to two functions which are prototyped in glob.h
* and dirent.h as taking pointers to differently typed opaque
* structures.
*/
struct dirent *(*readdirfunc)(void *);
*pathend = CHAR_EOS;
errno = 0;
if ((dirp = g_opendir(pathbuf, pglob)) == NULL) {
/* TODO: don't call for ENOENT or ENOTDIR? */
if (pglob->gl_errfunc) {
g_Ctoc(pathbuf, buf);
if (pglob->gl_errfunc(buf, errno) ||
pglob->gl_flags & GLOB_ERR)
return (GLOB_ABEND);
}
return(0);
}
err = 0;
/* Search directory for matching names. */
if (pglob->gl_flags & GLOB_ALTDIRFUNC)
readdirfunc = pglob->gl_readdir;
else
readdirfunc = (struct dirent *(*)(void *))readdir;
while ((dp = (*readdirfunc)(dirp))) {
u_char *sc;
Char *dc;
/* Initial CHAR_DOT must be matched literally. */
if (dp->d_name[0] == CHAR_DOT && *pattern != CHAR_DOT)
continue;
for (sc = (u_char *) dp->d_name, dc = pathend;
(*dc++ = *sc++) != CHAR_EOS;)
continue;
if (!match(pathend, pattern, restpattern)) {
*pathend = CHAR_EOS;
continue;
}
err = glob2(pathbuf, --dc, restpattern, pglob);
if (err)
break;
}
if (pglob->gl_flags & GLOB_ALTDIRFUNC)
(*pglob->gl_closedir)(dirp);
else
closedir(dirp);
return(err);
}
/*
* Extend the gl_pathv member of a glob_t structure to accomodate a new item,
* add the new item, and update gl_pathc.
*
* This assumes the BSD realloc, which only copies the block when its size
* crosses a power-of-two boundary; for v7 realloc, this would cause quadratic
* behavior.
*
* Return 0 if new item added, error code if memory couldn't be allocated.
*
* Invariant of the glob_t structure:
* Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and
* gl_pathv points to (gl_offs + gl_pathc + 1) items.
*/
static int
globextend(const Char *path, glob_t *pglob)
{
char **pathv;
int i;
u_int newsize;
char *copy;
const Char *p;
newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
pathv = pglob->gl_pathv ?
realloc(pglob->gl_pathv, newsize) :
malloc(newsize);
if (pathv == NULL)
return(GLOB_NOSPACE);
if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
/* first time around -- clear initial gl_offs items */
pathv += pglob->gl_offs;
for (i = pglob->gl_offs; --i >= 0; )
*--pathv = NULL;
}
pglob->gl_pathv = pathv;
for (p = path; *p++;)
continue;
if ((copy = malloc(p - path)) != NULL) {
g_Ctoc(path, copy);
pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
}
pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
return(copy == NULL ? GLOB_NOSPACE : 0);
}
/*
* pattern matching function for filenames. Each occurrence of the *
* pattern causes a recursion level.
*/
static int
match(Char *name, Char *pat, Char *patend)
{
int ok, negate_range;
Char c, k;
while (pat < patend) {
c = *pat++;
switch (c & M_MASK) {
case M_ALL:
if (pat == patend)
return(1);
do
if (match(name, pat, patend))
return(1);
while (*name++ != CHAR_EOS);
return(0);
case M_ONE:
if (*name++ == CHAR_EOS)
return(0);
break;
case M_SET:
ok = 0;
if ((k = *name++) == CHAR_EOS)
return(0);
if ((negate_range = ((*pat & M_MASK) == M_NOT)) != CHAR_EOS)
++pat;
while (((c = *pat++) & M_MASK) != M_END)
if ((*pat & M_MASK) == M_RNG) {
if (c <= k && k <= pat[1])
ok = 1;
pat += 2;
} else if (c == k)
ok = 1;
if (ok == negate_range)
return(0);
break;
default:
if (*name++ != c)
return(0);
break;
}
}
return(*name == CHAR_EOS);
}
/* Free allocated data belonging to a glob_t structure. */
void
globfree(glob_t *pglob)
{
int i;
char **pp;
if (pglob->gl_pathv != NULL) {
pp = pglob->gl_pathv + pglob->gl_offs;
for (i = pglob->gl_pathc; i--; ++pp)
if (*pp)
free(*pp);
free(pglob->gl_pathv);
}
}
static DIR *
g_opendir(Char *str, glob_t *pglob)
{
char buf[MaxPathLen];
if (!*str)
strcpy(buf, ".");
else
g_Ctoc(str, buf);
if (pglob->gl_flags & GLOB_ALTDIRFUNC)
return((*pglob->gl_opendir)(buf));
return(opendir(buf));
}
static int
g_lstat(Char *fn, struct stat *sb, glob_t *pglob)
{
char buf[MaxPathLen];
g_Ctoc(fn, buf);
if (pglob->gl_flags & GLOB_ALTDIRFUNC)
return((*pglob->gl_lstat)(buf, sb));
return(lstat(buf, sb));
}
static int
g_stat(Char *fn, struct stat *sb, glob_t *pglob)
{
char buf[MaxPathLen];
g_Ctoc(fn, buf);
if (pglob->gl_flags & GLOB_ALTDIRFUNC)
return((*pglob->gl_stat)(buf, sb));
return(stat(buf, sb));
}
static Char *
g_strchr(Char *str, int ch)
{
do {
if (*str == ch)
return (str);
} while (*str++);
return (NULL);
}
#ifdef notdef
static Char *
g_strcat(Char *dst, const Char *src)
{
Char *sdst = dst;
while (*dst++)
continue;
--dst;
while((*dst++ = *src++) != CHAR_EOS)
continue;
return (sdst);
}
#endif
static void
g_Ctoc(const Char *str, char *buf)
{
char *dc;
for (dc = buf; (*dc++ = *str++) != CHAR_EOS;)
continue;
}
#ifdef DEBUG
static void
qprintf(const Char *str, Char *s)
{
Char *p;
printf("%s:\n", str);
for (p = s; *p; p++)
printf("%c", CHAR(*p));
printf("\n");
for (p = s; *p; p++)
printf("%c", *p & M_PROTECT ? '"' : ' ');
printf("\n");
for (p = s; *p; p++)
printf("%c", ismeta(*p) ? '_' : ' ');
printf("\n");
}
#endif

84
crypto/kerberosIV/appl/ftp/common/glob.h
View File

@ -1,84 +0,0 @@
/*
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Guido van Rossum.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)glob.h 8.1 (Berkeley) 6/2/93
*/
#ifndef _GLOB_H_
#define _GLOB_H_
struct stat;
typedef struct {
int gl_pathc; /* Count of total paths so far. */
int gl_matchc; /* Count of paths matching pattern. */
int gl_offs; /* Reserved at beginning of gl_pathv. */
int gl_flags; /* Copy of flags parameter to glob. */
char **gl_pathv; /* List of paths matching pattern. */
/* Copy of errfunc parameter to glob. */
int (*gl_errfunc) (const char *, int);
/*
* Alternate filesystem access methods for glob; replacement
* versions of closedir(3), readdir(3), opendir(3), stat(2)
* and lstat(2).
*/
void (*gl_closedir) (void *);
struct dirent *(*gl_readdir) (void *);
void *(*gl_opendir) (const char *);
int (*gl_lstat) (const char *, struct stat *);
int (*gl_stat) (const char *, struct stat *);
} glob_t;
#define GLOB_APPEND 0x0001 /* Append to output from previous call. */
#define GLOB_DOOFFS 0x0002 /* Use gl_offs. */
#define GLOB_ERR 0x0004 /* Return on error. */
#define GLOB_MARK 0x0008 /* Append / to matching directories. */
#define GLOB_NOCHECK 0x0010 /* Return pattern itself if nothing matches. */
#define GLOB_NOSORT 0x0020 /* Don't sort. */
#define GLOB_ALTDIRFUNC 0x0040 /* Use alternately specified directory funcs. */
#define GLOB_BRACE 0x0080 /* Expand braces ala csh. */
#define GLOB_MAGCHAR 0x0100 /* Pattern had globbing characters. */
#define GLOB_NOMAGIC 0x0200 /* GLOB_NOCHECK without magic chars (csh). */
#define GLOB_QUOTE 0x0400 /* Quote special chars with \. */
#define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd file. */
#define GLOB_NOSPACE (-1) /* Malloc call failed. */
#define GLOB_ABEND (-2) /* Unignored error. */
int glob (const char *, int, int (*)(const char *, int), glob_t *);
void globfree (glob_t *);
#endif /* !_GLOB_H_ */

56
crypto/kerberosIV/appl/ftp/common/sockbuf.c
View File

@ -1,56 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "common.h"
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
RCSID("$Id: sockbuf.c,v 1.3 1999/12/02 16:58:29 joda Exp $");
void
set_buffer_size(int fd, int read)
{
#if defined(SO_RCVBUF) && defined(SO_SNDBUF) && defined(HAVE_SETSOCKOPT)
size_t size = 4194304;
while(size >= 131072 &&
setsockopt(fd, SOL_SOCKET, read ? SO_RCVBUF : SO_SNDBUF,
(void *)&size, sizeof(size)) < 0)
size /= 2;
#endif
}

44
crypto/kerberosIV/appl/ftp/ftp/Makefile.am
View File

@ -1,44 +0,0 @@
# $Id: Makefile.am,v 1.12 1999/04/09 18:22:08 assar Exp $
include $(top_srcdir)/Makefile.am.common
INCLUDES += -I$(srcdir)/../common $(INCLUDE_readline) $(INCLUDE_krb4)
bin_PROGRAMS = ftp
CHECK_LOCAL =
if KRB4
krb4_sources = krb4.c kauth.c
endif
if KRB5
krb5_sources = gssapi.c
endif
ftp_SOURCES = \
cmds.c \
cmdtab.c \
extern.h \
ftp.c \
ftp_locl.h \
ftp_var.h \
main.c \
pathnames.h \
ruserpass.c \
domacro.c \
globals.c \
security.c \
security.h \
$(krb4_sources) \
$(krb5_sources)
EXTRA_ftp_SOURCES = krb4.c kauth.c gssapi.c
LDADD = \
../common/libcommon.a \
$(LIB_gssapi) \
$(LIB_krb5) \
$(LIB_krb4) \
$(top_builddir)/lib/des/libdes.la \
$(LIB_roken) \
$(LIB_readline)

102
crypto/kerberosIV/appl/ftp/ftp/Makefile.in
View File

@ -1,102 +0,0 @@
#
# $Id: Makefile.in,v 1.32 1999/03/11 13:58:09 joda Exp $
#
SHELL = /bin/sh
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
top_builddir = ../../..
CC = @CC@
RANLIB = @RANLIB@
DEFS = @DEFS@
CFLAGS = @CFLAGS@ $(WFLAGS)
WFLAGS = @WFLAGS@
CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) -I$(top_builddir) -I$(top_srcdir) -I$(top_builddir)/include -I$(top_srcdir)/include -I$(srcdir)/../common @INCLUDE_readline@
LD_FLAGS = @LD_FLAGS@
LIB_tgetent = @LIB_tgetent@
LIBS = @LIBS@ @LIB_readline@
MKINSTALLDIRS = $(top_srcdir)/mkinstalldirs
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
libdir = @libdir@
transform=@program_transform_name@
EXECSUFFIX=@EXECSUFFIX@
INCTOP = $(top_builddir)/include
LIBTOP = $(top_builddir)/lib
PROGS = ftp$(EXECSUFFIX)
ftp_SOURCES = \
cmds.c \
cmdtab.c \
domacro.c \
ftp.c \
globals.c \
kauth.c \
krb4.c \
main.c \
ruserpass.c \
security.c
ftp_OBJS = \
cmds.o \
cmdtab.o \
domacro.o \
ftp.o \
globals.o \
kauth.o \
krb4.o \
main.o \
ruserpass.o \
security.o
OBJECTS = $(ftp_OBJS)
SOURCES = $(ftp_SOURCES)
all: $(PROGS)
.c.o:
$(CC) -c -I$(srcdir) -I../../../include $(DEFS) $(CFLAGS) $(CPPFLAGS) $<
install: all
$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
for x in $(PROGS); do \
$(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
done
uninstall:
for x in $(PROGS); do \
rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \
done
ftp$(EXECSUFFIX): $(ftp_OBJS)
$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(ftp_OBJS) -L../common -lcommon -L$(LIBTOP)/krb -lkrb -L$(LIBTOP)/des -ldes -L$(LIBTOP)/roken -lroken $(LIBS) -L$(LIBTOP)/roken -lroken
TAGS: $(SOURCES)
etags $(SOURCES)
clean:
rm -f *~ *.o core ftp$(EXECSUFFIX) \#*
mostlyclean: clean
distclean: clean
rm -f Makefile
realclean: distclean
rm -f TAGS
$(OBJECTS): ../../../include/config.h
.PHONY: all install uninstall clean cleandir distclean

2117
crypto/kerberosIV/appl/ftp/ftp/cmds.c
View File

File diff suppressed because it is too large Load Diff

202
crypto/kerberosIV/appl/ftp/ftp/cmdtab.c
View File

@ -1,202 +0,0 @@
/*
* Copyright (c) 1985, 1989, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "ftp_locl.h"
/*
* User FTP -- Command Tables.
*/
char accounthelp[] = "send account command to remote server";
char appendhelp[] = "append to a file";
char asciihelp[] = "set ascii transfer type";
char beephelp[] = "beep when command completed";
char binaryhelp[] = "set binary transfer type";
char casehelp[] = "toggle mget upper/lower case id mapping";
char cdhelp[] = "change remote working directory";
char cduphelp[] = "change remote working directory to parent directory";
char chmodhelp[] = "change file permissions of remote file";
char connecthelp[] = "connect to remote tftp";
char crhelp[] = "toggle carriage return stripping on ascii gets";
char deletehelp[] = "delete remote file";
char debughelp[] = "toggle/set debugging mode";
char dirhelp[] = "list contents of remote directory";
char disconhelp[] = "terminate ftp session";
char domachelp[] = "execute macro";
char formhelp[] = "set file transfer format";
char globhelp[] = "toggle metacharacter expansion of local file names";
char hashhelp[] = "toggle printing `#' for each buffer transferred";
char helphelp[] = "print local help information";
char idlehelp[] = "get (set) idle timer on remote side";
char lcdhelp[] = "change local working directory";
char lshelp[] = "list contents of remote directory";
char macdefhelp[] = "define a macro";
char mdeletehelp[] = "delete multiple files";
char mdirhelp[] = "list contents of multiple remote directories";
char mgethelp[] = "get multiple files";
char mkdirhelp[] = "make directory on the remote machine";
char mlshelp[] = "list contents of multiple remote directories";
char modtimehelp[] = "show last modification time of remote file";
char modehelp[] = "set file transfer mode";
char mputhelp[] = "send multiple files";
char newerhelp[] = "get file if remote file is newer than local file ";
char nlisthelp[] = "nlist contents of remote directory";
char nmaphelp[] = "set templates for default file name mapping";
char ntranshelp[] = "set translation table for default file name mapping";
char porthelp[] = "toggle use of PORT cmd for each data connection";
char prompthelp[] = "force interactive prompting on multiple commands";
char proxyhelp[] = "issue command on alternate connection";
char pwdhelp[] = "print working directory on remote machine";
char quithelp[] = "terminate ftp session and exit";
char quotehelp[] = "send arbitrary ftp command";
char receivehelp[] = "receive file";
char regethelp[] = "get file restarting at end of local file";
char remotehelp[] = "get help from remote server";
char renamehelp[] = "rename file";
char restarthelp[]= "restart file transfer at bytecount";
char rmdirhelp[] = "remove directory on the remote machine";
char rmtstatushelp[]="show status of remote machine";
char runiquehelp[] = "toggle store unique for local files";
char resethelp[] = "clear queued command replies";
char sendhelp[] = "send one file";
char passivehelp[] = "enter passive transfer mode";
char sitehelp[] = "send site specific command to remote server\n\t\tTry \"rhelp site\" or \"site help\" for more information";
char shellhelp[] = "escape to the shell";
char sizecmdhelp[] = "show size of remote file";
char statushelp[] = "show current status";
char structhelp[] = "set file transfer structure";
char suniquehelp[] = "toggle store unique on remote machine";
char systemhelp[] = "show remote system type";
char tenexhelp[] = "set tenex file transfer type";
char tracehelp[] = "toggle packet tracing";
char typehelp[] = "set file transfer type";
char umaskhelp[] = "get (set) umask on remote side";
char userhelp[] = "send new user information";
char verbosehelp[] = "toggle verbose mode";
char prothelp[] = "set protection level";
#ifdef KRB4
char kauthhelp[] = "get remote tokens";
char klisthelp[] = "show remote tickets";
char kdestroyhelp[] = "destroy remote tickets";
char krbtkfilehelp[] = "set filename of remote tickets";
char afsloghelp[] = "obtain remote AFS tokens";
#endif
struct cmd cmdtab[] = {
{ "!", shellhelp, 0, 0, 0, shell },
{ "$", domachelp, 1, 0, 0, domacro },
{ "account", accounthelp, 0, 1, 1, account},
{ "append", appendhelp, 1, 1, 1, put },
{ "ascii", asciihelp, 0, 1, 1, setascii },
{ "bell", beephelp, 0, 0, 0, setbell },
{ "binary", binaryhelp, 0, 1, 1, setbinary },
{ "bye", quithelp, 0, 0, 0, quit },
{ "case", casehelp, 0, 0, 1, setcase },
{ "cd", cdhelp, 0, 1, 1, cd },
{ "cdup", cduphelp, 0, 1, 1, cdup },
{ "chmod", chmodhelp, 0, 1, 1, do_chmod },
{ "close", disconhelp, 0, 1, 1, disconnect },
{ "cr", crhelp, 0, 0, 0, setcr },
{ "delete", deletehelp, 0, 1, 1, delete },
{ "debug", debughelp, 0, 0, 0, setdebug },
{ "dir", dirhelp, 1, 1, 1, ls },
{ "disconnect", disconhelp, 0, 1, 1, disconnect },
{ "form", formhelp, 0, 1, 1, setform },
{ "get", receivehelp, 1, 1, 1, get },
{ "glob", globhelp, 0, 0, 0, setglob },
{ "hash", hashhelp, 0, 0, 0, sethash },
{ "help", helphelp, 0, 0, 1, help },
{ "idle", idlehelp, 0, 1, 1, ftp_idle },
{ "image", binaryhelp, 0, 1, 1, setbinary },
{ "lcd", lcdhelp, 0, 0, 0, lcd },
{ "ls", lshelp, 1, 1, 1, ls },
{ "macdef", macdefhelp, 0, 0, 0, macdef },
{ "mdelete", mdeletehelp, 1, 1, 1, mdelete },
{ "mdir", mdirhelp, 1, 1, 1, mls },
{ "mget", mgethelp, 1, 1, 1, mget },
{ "mkdir", mkdirhelp, 0, 1, 1, makedir },
{ "mls", mlshelp, 1, 1, 1, mls },
{ "mode", modehelp, 0, 1, 1, setftmode },
{ "modtime", modtimehelp, 0, 1, 1, modtime },
{ "mput", mputhelp, 1, 1, 1, mput },
{ "newer", newerhelp, 1, 1, 1, newer },
{ "nmap", nmaphelp, 0, 0, 1, setnmap },
{ "nlist", nlisthelp, 1, 1, 1, ls },
{ "ntrans", ntranshelp, 0, 0, 1, setntrans },
{ "open", connecthelp, 0, 0, 1, setpeer },
{ "passive", passivehelp, 0, 0, 0, setpassive },
{ "prompt", prompthelp, 0, 0, 0, setprompt },
{ "proxy", proxyhelp, 0, 0, 1, doproxy },
{ "sendport", porthelp, 0, 0, 0, setport },
{ "put", sendhelp, 1, 1, 1, put },
{ "pwd", pwdhelp, 0, 1, 1, pwd },
{ "quit", quithelp, 0, 0, 0, quit },
{ "quote", quotehelp, 1, 1, 1, quote },
{ "recv", receivehelp, 1, 1, 1, get },
{ "reget", regethelp, 1, 1, 1, reget },
{ "rstatus", rmtstatushelp, 0, 1, 1, rmtstatus },
{ "rhelp", remotehelp, 0, 1, 1, rmthelp },
{ "rename", renamehelp, 0, 1, 1, renamefile },
{ "reset", resethelp, 0, 1, 1, reset },
{ "restart", restarthelp, 1, 1, 1, restart },
{ "rmdir", rmdirhelp, 0, 1, 1, removedir },
{ "runique", runiquehelp, 0, 0, 1, setrunique },
{ "send", sendhelp, 1, 1, 1, put },
{ "site", sitehelp, 0, 1, 1, site },
{ "size", sizecmdhelp, 1, 1, 1, sizecmd },
{ "status", statushelp, 0, 0, 1, status },
{ "struct", structhelp, 0, 1, 1, setstruct },
{ "system", systemhelp, 0, 1, 1, syst },
{ "sunique", suniquehelp, 0, 0, 1, setsunique },
{ "tenex", tenexhelp, 0, 1, 1, settenex },
{ "trace", tracehelp, 0, 0, 0, settrace },
{ "type", typehelp, 0, 1, 1, settype },
{ "user", userhelp, 0, 1, 1, user },
{ "umask", umaskhelp, 0, 1, 1, do_umask },
{ "verbose", verbosehelp, 0, 0, 0, setverbose },
{ "?", helphelp, 0, 0, 1, help },
{ "prot", prothelp, 0, 1, 0, sec_prot },
#ifdef KRB4
{ "kauth", kauthhelp, 0, 1, 0, kauth },
{ "klist", klisthelp, 0, 1, 0, klist },
{ "kdestroy", kdestroyhelp, 0, 1, 0, kdestroy },
{ "krbtkfile", krbtkfilehelp, 0, 1, 0, krbtkfile },
{ "afslog", afsloghelp, 0, 1, 0, afslog },
#endif
{ 0 },
};
int NCMDS = (sizeof (cmdtab) / sizeof (cmdtab[0])) - 1;

138
crypto/kerberosIV/appl/ftp/ftp/domacro.c
View File

@ -1,138 +0,0 @@
/*
* Copyright (c) 1985, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "ftp_locl.h"
RCSID("$Id: domacro.c,v 1.7 1999/09/16 20:37:29 assar Exp $");
void
domacro(int argc, char **argv)
{
int i, j, count = 2, loopflg = 0;
char *cp1, *cp2, line2[200];
struct cmd *c;
if (argc < 2 && !another(&argc, &argv, "macro name")) {
printf("Usage: %s macro_name.\n", argv[0]);
code = -1;
return;
}
for (i = 0; i < macnum; ++i) {
if (!strncmp(argv[1], macros[i].mac_name, 9)) {
break;
}
}
if (i == macnum) {
printf("'%s' macro not found.\n", argv[1]);
code = -1;
return;
}
strlcpy(line2, line, sizeof(line2));
TOP:
cp1 = macros[i].mac_start;
while (cp1 != macros[i].mac_end) {
while (isspace(*cp1)) {
cp1++;
}
cp2 = line;
while (*cp1 != '\0') {
switch(*cp1) {
case '\\':
*cp2++ = *++cp1;
break;
case '$':
if (isdigit(*(cp1+1))) {
j = 0;
while (isdigit(*++cp1)) {
j = 10*j + *cp1 - '0';
}
cp1--;
if (argc - 2 >= j) {
strcpy(cp2, argv[j+1]);
cp2 += strlen(argv[j+1]);
}
break;
}
if (*(cp1+1) == 'i') {
loopflg = 1;
cp1++;
if (count < argc) {
strcpy(cp2, argv[count]);
cp2 += strlen(argv[count]);
}
break;
}
/* intentional drop through */
default:
*cp2++ = *cp1;
break;
}
if (*cp1 != '\0') {
cp1++;
}
}
*cp2 = '\0';
makeargv();
c = getcmd(margv[0]);
if (c == (struct cmd *)-1) {
printf("?Ambiguous command\n");
code = -1;
}
else if (c == 0) {
printf("?Invalid command\n");
code = -1;
}
else if (c->c_conn && !connected) {
printf("Not connected.\n");
code = -1;
}
else {
if (verbose) {
printf("%s\n",line);
}
(*c->c_handler)(margc, margv);
if (bell && c->c_bell) {
putchar('\007');
}
strcpy(line, line2);
makeargv();
argc = margc;
argv = margv;
}
if (cp1 != macros[i].mac_end) {
cp1++;
}
}
if (loopflg && ++count < argc) {
goto TOP;
}
}

173
crypto/kerberosIV/appl/ftp/ftp/extern.h
View File

@ -1,173 +0,0 @@
/*-
* Copyright (c) 1994 The Regents of the University of California.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)extern.h 8.3 (Berkeley) 10/9/94
*/
/* $Id: extern.h,v 1.18 1999/10/28 20:49:10 assar Exp $ */
#include <setjmp.h>
#include <stdlib.h>
#ifdef TIME_WITH_SYS_TIME
#include <sys/time.h>
#include <time.h>
#elif defined(HAVE_SYS_TIME_H)
#include <sys/time.h>
#else
#include <time.h>
#endif
#ifdef HAVE_SYS_SELECT_H
#include <sys/select.h>
#endif
void abort_remote (FILE *);
void abortpt (int);
void abortrecv (int);
void account (int, char **);
int another (int *, char ***, char *);
void blkfree (char **);
void cd (int, char **);
void cdup (int, char **);
void changetype (int, int);
void cmdabort (int);
void cmdscanner (int);
int command (char *fmt, ...);
int confirm (char *, char *);
FILE *dataconn (const char *);
void delete (int, char **);
void disconnect (int, char **);
void do_chmod (int, char **);
void do_umask (int, char **);
void domacro (int, char **);
char *domap (char *);
void doproxy (int, char **);
char *dotrans (char *);
int empty (fd_set *, int);
void fatal (char *);
void get (int, char **);
struct cmd *getcmd (char *);
int getit (int, char **, int, char *);
int getreply (int);
int globulize (char **);
char *gunique (char *);
void help (int, char **);
char *hookup (const char *, int);
void ftp_idle (int, char **);
int initconn (void);
void intr (int);
void lcd (int, char **);
int login (char *);
RETSIGTYPE lostpeer (int);
void ls (int, char **);
void macdef (int, char **);
void makeargv (void);
void makedir (int, char **);
void mdelete (int, char **);
void mget (int, char **);
void mls (int, char **);
void modtime (int, char **);
void mput (int, char **);
char *onoff (int);
void newer (int, char **);
void proxtrans (char *, char *, char *);
void psabort (int);
void pswitch (int);
void ptransfer (char *, long, struct timeval *, struct timeval *);
void put (int, char **);
void pwd (int, char **);
void quit (int, char **);
void quote (int, char **);
void quote1 (char *, int, char **);
void recvrequest (char *, char *, char *, char *, int, int);
void reget (int, char **);
char *remglob (char **, int);
void removedir (int, char **);
void renamefile (int, char **);
void reset (int, char **);
void restart (int, char **);
void rmthelp (int, char **);
void rmtstatus (int, char **);
int ruserpass (char *, char **, char **, char **);
void sendrequest (char *, char *, char *, char *, int);
void setascii (int, char **);
void setbell (int, char **);
void setbinary (int, char **);
void setcase (int, char **);
void setcr (int, char **);
void setdebug (int, char **);
void setform (int, char **);
void setftmode (int, char **);
void setglob (int, char **);
void sethash (int, char **);
void setnmap (int, char **);
void setntrans (int, char **);
void setpassive (int, char **);
void setpeer (int, char **);
void setport (int, char **);
void setprompt (int, char **);
void setrunique (int, char **);
void setstruct (int, char **);
void setsunique (int, char **);
void settenex (int, char **);
void settrace (int, char **);
void settype (int, char **);
void setverbose (int, char **);
void shell (int, char **);
void site (int, char **);
void sizecmd (int, char **);
char *slurpstring (void);
void status (int, char **);
void syst (int, char **);
void tvsub (struct timeval *, struct timeval *, struct timeval *);
void user (int, char **);
extern jmp_buf abortprox;
extern int abrtflag;
extern struct cmd cmdtab[];
extern FILE *cout;
extern int data;
extern char *home;
extern jmp_buf jabort;
extern int proxy;
extern char reply_string[];
extern off_t restart_point;
extern int NCMDS;
extern char username[32];
extern char myhostname[];
extern char *mydomain;
void afslog (int, char **);
void kauth (int, char **);
void kdestroy (int, char **);
void klist (int, char **);
void krbtkfile (int, char **);

1752
crypto/kerberosIV/appl/ftp/ftp/ftp.c
View File

File diff suppressed because it is too large Load Diff

141
crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h
View File

@ -1,141 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: ftp_locl.h,v 1.34 1999/12/02 16:58:29 joda Exp $ */
/* $FreeBSD$ */
#ifndef __FTP_LOCL_H__
#define __FTP_LOCL_H__
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#ifdef TIME_WITH_SYS_TIME
#include <sys/time.h>
#include <time.h>
#elif defined(HAVE_SYS_TIME_H)
#include <sys/time.h>
#else
#include <time.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endif
#ifdef HAVE_SYS_RESOURCE_H
#include <sys/resource.h>
#endif
#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_NETINET_IN_SYSTM_H
#include <netinet/in_systm.h>
#endif
#ifdef HAVE_NETINET_IP_H
#include <netinet/ip.h>
#endif
#ifdef HAVE_ARPA_FTP_H
#include <arpa/ftp.h>
#endif
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_ARPA_TELNET_H
#include <arpa/telnet.h>
#endif
#include <errno.h>
#include <ctype.h>
#include <glob.h>
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
#ifdef HAVE_SYS_MMAN_H
#include <sys/mman.h>
#endif
#include <err.h>
#ifdef SOCKS
#include <socks.h>
extern int LIBPREFIX(fclose) (FILE *);
/* This doesn't belong here. */
struct tm *localtime(const time_t *);
struct hostent *gethostbyname(const char *);
#endif
#include "ftp_var.h"
#include "extern.h"
#include "common.h"
#include "pathnames.h"
#include "roken.h"
#include "security.h"
#define OPENSSL_DES_LIBDES_COMPATIBILITY
#include <openssl/des.h> /* for des_read_pw_string */
#if defined(__sun__) && !defined(__svr4)
int fclose(FILE*);
int pclose(FILE*);
#endif
#endif /* __FTP_LOCL_H__ */

127
crypto/kerberosIV/appl/ftp/ftp/ftp_var.h
View File

@ -1,127 +0,0 @@
/*
* Copyright (c) 1985, 1989, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)ftp_var.h 8.4 (Berkeley) 10/9/94
*/
/*
* FTP global variables.
*/
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endif
#include <setjmp.h>
/*
* Options and other state info.
*/
extern int trace; /* trace packets exchanged */
extern int hash; /* print # for each buffer transferred */
extern int sendport; /* use PORT cmd for each data connection */
extern int verbose; /* print messages coming back from server */
extern int connected; /* connected to server */
extern int fromatty; /* input is from a terminal */
extern int interactive; /* interactively prompt on m* cmds */
extern int debug; /* debugging level */
extern int bell; /* ring bell on cmd completion */
extern int doglob; /* glob local file names */
extern int autologin; /* establish user account on connection */
extern int proxy; /* proxy server connection active */
extern int proxflag; /* proxy connection exists */
extern int sunique; /* store files on server with unique name */
extern int runique; /* store local files with unique name */
extern int mcase; /* map upper to lower case for mget names */
extern int ntflag; /* use ntin ntout tables for name translation */
extern int mapflag; /* use mapin mapout templates on file names */
extern int code; /* return/reply code for ftp command */
extern int crflag; /* if 1, strip car. rets. on ascii gets */
extern char pasv[64]; /* passive port for proxy data connection */
extern int passivemode; /* passive mode enabled */
extern char *altarg; /* argv[1] with no shell-like preprocessing */
extern char ntin[17]; /* input translation table */
extern char ntout[17]; /* output translation table */
extern char mapin[MaxPathLen]; /* input map template */
extern char mapout[MaxPathLen]; /* output map template */
extern char typename[32]; /* name of file transfer type */
extern int type; /* requested file transfer type */
extern int curtype; /* current file transfer type */
extern char structname[32]; /* name of file transfer structure */
extern int stru; /* file transfer structure */
extern char formname[32]; /* name of file transfer format */
extern int form; /* file transfer format */
extern char modename[32]; /* name of file transfer mode */
extern int mode; /* file transfer mode */
extern char bytename[32]; /* local byte size in ascii */
extern int bytesize; /* local byte size in binary */
extern char *hostname; /* name of host connected to */
extern int unix_server; /* server is unix, can use binary for ascii */
extern int unix_proxy; /* proxy is unix, can use binary for ascii */
extern jmp_buf toplevel; /* non-local goto stuff for cmd scanner */
extern char line[200]; /* input line buffer */
extern char *stringbase; /* current scan point in line buffer */
extern char argbuf[200]; /* argument storage buffer */
extern char *argbase; /* current storage point in arg buffer */
extern int margc; /* count of arguments on input line */
extern char **margv; /* args parsed from input line */
extern int margvlen; /* how large margv is currently */
extern int cpend; /* flag: if != 0, then pending server reply */
extern int mflag; /* flag: if != 0, then active multi command */
extern int options; /* used during socket creation */
/*
* Format of command table.
*/
struct cmd {
char *c_name; /* name of command */
char *c_help; /* help string */
char c_bell; /* give bell when command completes */
char c_conn; /* must be connected to use command */
char c_proxy; /* proxy server may execute */
void (*c_handler) (int, char **); /* function to call */
};
struct macel {
char mac_name[9]; /* macro name */
char *mac_start; /* start of macro in macbuf */
char *mac_end; /* end of macro in macbuf */
};
extern int macnum; /* number of defined macros */
extern struct macel macros[16];
extern char macbuf[4096];

76
crypto/kerberosIV/appl/ftp/ftp/globals.c
View File

@ -1,76 +0,0 @@
#include "ftp_locl.h"
RCSID("$Id: globals.c,v 1.6 1996/08/26 22:46:26 assar Exp $");
/*
* Options and other state info.
*/
int trace; /* trace packets exchanged */
int hash; /* print # for each buffer transferred */
int sendport; /* use PORT cmd for each data connection */
int verbose; /* print messages coming back from server */
int connected; /* connected to server */
int fromatty; /* input is from a terminal */
int interactive; /* interactively prompt on m* cmds */
int debug; /* debugging level */
int bell; /* ring bell on cmd completion */
int doglob; /* glob local file names */
int autologin; /* establish user account on connection */
int proxy; /* proxy server connection active */
int proxflag; /* proxy connection exists */
int sunique; /* store files on server with unique name */
int runique; /* store local files with unique name */
int mcase; /* map upper to lower case for mget names */
int ntflag; /* use ntin ntout tables for name translation */
int mapflag; /* use mapin mapout templates on file names */
int code; /* return/reply code for ftp command */
int crflag; /* if 1, strip car. rets. on ascii gets */
char pasv[64]; /* passive port for proxy data connection */
int passivemode; /* passive mode enabled */
char *altarg; /* argv[1] with no shell-like preprocessing */
char ntin[17]; /* input translation table */
char ntout[17]; /* output translation table */
char mapin[MaxPathLen]; /* input map template */
char mapout[MaxPathLen]; /* output map template */
char typename[32]; /* name of file transfer type */
int type; /* requested file transfer type */
int curtype; /* current file transfer type */
char structname[32]; /* name of file transfer structure */
int stru; /* file transfer structure */
char formname[32]; /* name of file transfer format */
int form; /* file transfer format */
char modename[32]; /* name of file transfer mode */
int mode; /* file transfer mode */
char bytename[32]; /* local byte size in ascii */
int bytesize; /* local byte size in binary */
char *hostname; /* name of host connected to */
int unix_server; /* server is unix, can use binary for ascii */
int unix_proxy; /* proxy is unix, can use binary for ascii */
jmp_buf toplevel; /* non-local goto stuff for cmd scanner */
char line[200]; /* input line buffer */
char *stringbase; /* current scan point in line buffer */
char argbuf[200]; /* argument storage buffer */
char *argbase; /* current storage point in arg buffer */
int margc; /* count of arguments on input line */
char **margv; /* args parsed from input line */
int margvlen; /* how large margv is currently */
int cpend; /* flag: if != 0, then pending server reply */
int mflag; /* flag: if != 0, then active multi command */
int options; /* used during socket creation */
/*
* Format of command table.
*/
int macnum; /* number of defined macros */
struct macel macros[16];
char macbuf[4096];
char username[32];
/* these are set in ruserpass */
char myhostname[MaxHostNameLen];
char *mydomain;

379
crypto/kerberosIV/appl/ftp/ftp/gssapi.c
View File

@ -1,379 +0,0 @@
/*
* Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef FTP_SERVER
#include "ftpd_locl.h"
#else
#include "ftp_locl.h"
#endif
#include <gssapi.h>
RCSID("$Id: gssapi.c,v 1.13 1999/12/02 16:58:29 joda Exp $");
struct gss_data {
gss_ctx_id_t context_hdl;
char *client_name;
};
static int
gss_init(void *app_data)
{
struct gss_data *d = app_data;
d->context_hdl = GSS_C_NO_CONTEXT;
return 0;
}
static int
gss_check_prot(void *app_data, int level)
{
if(level == prot_confidential)
return -1;
return 0;
}
static int
gss_decode(void *app_data, void *buf, int len, int level)
{
OM_uint32 maj_stat, min_stat;
gss_buffer_desc input, output;
gss_qop_t qop_state;
int conf_state;
struct gss_data *d = app_data;
input.length = len;
input.value = buf;
maj_stat = gss_unwrap (&min_stat,
d->context_hdl,
&input,
&output,
&conf_state,
&qop_state);
if(GSS_ERROR(maj_stat))
return -1;
memmove(buf, output.value, output.length);
return output.length;
}
static int
gss_overhead(void *app_data, int level, int len)
{
return 100; /* dunno? */
}
static int
gss_encode(void *app_data, void *from, int length, int level, void **to)
{
OM_uint32 maj_stat, min_stat;
gss_buffer_desc input, output;
int conf_state;
struct gss_data *d = app_data;
input.length = length;
input.value = from;
maj_stat = gss_wrap (&min_stat,
d->context_hdl,
level == prot_private,
GSS_C_QOP_DEFAULT,
&input,
&conf_state,
&output);
*to = output.value;
return output.length;
}
static void
sockaddr_to_gss_address (const struct sockaddr *sa,
OM_uint32 *addr_type,
gss_buffer_desc *gss_addr)
{
switch (sa->sa_family) {
#ifdef HAVE_IPV6
case AF_INET6 : {
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sa;
gss_addr->length = 16;
gss_addr->value = &sin6->sin6_addr;
*addr_type = GSS_C_AF_INET6;
break;
}
#endif
case AF_INET : {
struct sockaddr_in *sin = (struct sockaddr_in *)sa;
gss_addr->length = 4;
gss_addr->value = &sin->sin_addr;
*addr_type = GSS_C_AF_INET;
break;
}
default :
errx (1, "unknown address family %d", sa->sa_family);
}
}
/* end common stuff */
#ifdef FTP_SERVER
static int
gss_adat(void *app_data, void *buf, size_t len)
{
char *p = NULL;
gss_buffer_desc input_token, output_token;
OM_uint32 maj_stat, min_stat;
gss_name_t client_name;
struct gss_data *d = app_data;
gss_channel_bindings_t bindings = malloc(sizeof(*bindings));
sockaddr_to_gss_address (his_addr,
&bindings->initiator_addrtype,
&bindings->initiator_address);
sockaddr_to_gss_address (ctrl_addr,
&bindings->acceptor_addrtype,
&bindings->acceptor_address);
bindings->application_data.length = 0;
bindings->application_data.value = NULL;
input_token.value = buf;
input_token.length = len;
maj_stat = gss_accept_sec_context (&min_stat,
&d->context_hdl,
GSS_C_NO_CREDENTIAL,
&input_token,
bindings,
&client_name,
NULL,
&output_token,
NULL,
NULL,
NULL);
if(output_token.length) {
if(base64_encode(output_token.value, output_token.length, &p) < 0) {
reply(535, "Out of memory base64-encoding.");
return -1;
}
}
if(maj_stat == GSS_S_COMPLETE){
char *name;
gss_buffer_desc export_name;
maj_stat = gss_export_name(&min_stat, client_name, &export_name);
if(maj_stat != 0) {
reply(500, "Error exporting name");
goto out;
}
name = realloc(export_name.value, export_name.length + 1);
if(name == NULL) {
reply(500, "Out of memory");
free(export_name.value);
goto out;
}
name[export_name.length] = '\0';
d->client_name = name;
if(p)
reply(235, "ADAT=%s", p);
else
reply(235, "ADAT Complete");
sec_complete = 1;
} else if(maj_stat == GSS_S_CONTINUE_NEEDED) {
if(p)
reply(335, "ADAT=%s", p);
else
reply(335, "OK, need more data");
} else
reply(535, "foo?");
out:
free(p);
return 0;
}
int gss_userok(void*, char*);
struct sec_server_mech gss_server_mech = {
"GSSAPI",
sizeof(struct gss_data),
gss_init, /* init */
NULL, /* end */
gss_check_prot,
gss_overhead,
gss_encode,
gss_decode,
/* */
NULL,
gss_adat,
NULL, /* pbsz */
NULL, /* ccc */
gss_userok
};
#else /* FTP_SERVER */
extern struct sockaddr *hisctladdr, *myctladdr;
static int
gss_auth(void *app_data, char *host)
{
OM_uint32 maj_stat, min_stat;
gss_buffer_desc name;
gss_name_t target_name;
gss_buffer_desc input, output_token;
int context_established = 0;
char *p;
int n;
gss_channel_bindings_t bindings;
struct gss_data *d = app_data;
name.length = asprintf((char**)&name.value, "ftp@%s", host);
maj_stat = gss_import_name(&min_stat,
&name,
GSS_C_NT_HOSTBASED_SERVICE,
&target_name);
if (GSS_ERROR(maj_stat)) {
OM_uint32 new_stat;
OM_uint32 msg_ctx = 0;
gss_buffer_desc status_string;
gss_display_status(&new_stat,
min_stat,
GSS_C_MECH_CODE,
GSS_C_NO_OID,
&msg_ctx,
&status_string);
printf("Error importing name %s: %s\n",
(char *)name.value,
(char *)status_string.value);
gss_release_buffer(&new_stat, &status_string);
return AUTH_ERROR;
}
free(name.value);
input.length = 0;
input.value = NULL;
bindings = malloc(sizeof(*bindings));
sockaddr_to_gss_address (myctladdr,
&bindings->initiator_addrtype,
&bindings->initiator_address);
sockaddr_to_gss_address (hisctladdr,
&bindings->acceptor_addrtype,
&bindings->acceptor_address);
bindings->application_data.length = 0;
bindings->application_data.value = NULL;
while(!context_established) {
maj_stat = gss_init_sec_context(&min_stat,
GSS_C_NO_CREDENTIAL,
&d->context_hdl,
target_name,
GSS_C_NO_OID,
GSS_C_MUTUAL_FLAG | GSS_C_SEQUENCE_FLAG,
0,
bindings,
&input,
NULL,
&output_token,
NULL,
NULL);
if (GSS_ERROR(maj_stat)) {
OM_uint32 new_stat;
OM_uint32 msg_ctx = 0;
gss_buffer_desc status_string;
gss_display_status(&new_stat,
min_stat,
GSS_C_MECH_CODE,
GSS_C_NO_OID,
&msg_ctx,
&status_string);
printf("Error initializing security context: %s\n",
(char*)status_string.value);
gss_release_buffer(&new_stat, &status_string);
return AUTH_CONTINUE;
}
gss_release_buffer(&min_stat, &input);
if (output_token.length != 0) {
base64_encode(output_token.value, output_token.length, &p);
gss_release_buffer(&min_stat, &output_token);
n = command("ADAT %s", p);
free(p);
}
if (GSS_ERROR(maj_stat)) {
if (d->context_hdl != GSS_C_NO_CONTEXT)
gss_delete_sec_context (&min_stat,
&d->context_hdl,
GSS_C_NO_BUFFER);
break;
}
if (maj_stat & GSS_S_CONTINUE_NEEDED) {
p = strstr(reply_string, "ADAT=");
if(p == NULL){
printf("Error: expected ADAT in reply.\n");
return AUTH_ERROR;
} else {
p+=5;
input.value = malloc(strlen(p));
input.length = base64_decode(p, input.value);
}
} else {
if(code != 235) {
printf("Unrecognized response code: %d\n", code);
return AUTH_ERROR;
}
context_established = 1;
}
}
return AUTH_OK;
}
struct sec_client_mech gss_client_mech = {
"GSSAPI",
sizeof(struct gss_data),
gss_init,
gss_auth,
NULL, /* end */
gss_check_prot,
gss_overhead,
gss_encode,
gss_decode,
};
#endif /* FTP_SERVER */

198
crypto/kerberosIV/appl/ftp/ftp/kauth.c
View File

@ -1,198 +0,0 @@
/*
* Copyright (c) 1995-1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "ftp_locl.h"
#include <krb.h>
RCSID("$Id: kauth.c,v 1.20 1999/12/02 16:58:29 joda Exp $");
void
kauth(int argc, char **argv)
{
int ret;
char buf[1024];
des_cblock key;
des_key_schedule schedule;
KTEXT_ST tkt, tktcopy;
char *name;
char *p;
int overbose;
char passwd[100];
int tmp;
int save;
if(argc > 2){
printf("usage: %s [principal]\n", argv[0]);
code = -1;
return;
}
if(argc == 2)
name = argv[1];
else
name = username;
overbose = verbose;
verbose = 0;
save = set_command_prot(prot_private);
ret = command("SITE KAUTH %s", name);
if(ret != CONTINUE){
verbose = overbose;
set_command_prot(save);
code = -1;
return;
}
verbose = overbose;
p = strstr(reply_string, "T=");
if(!p){
printf("Bad reply from server.\n");
set_command_prot(save);
code = -1;
return;
}
p += 2;
tmp = base64_decode(p, &tkt.dat);
if(tmp < 0){
printf("Failed to decode base64 in reply.\n");
set_command_prot(save);
code = -1;
return;
}
tkt.length = tmp;
tktcopy.length = tkt.length;
p = strstr(reply_string, "P=");
if(!p){
printf("Bad reply from server.\n");
verbose = overbose;
set_command_prot(save);
code = -1;
return;
}
name = p + 2;
for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++);
*p = 0;
snprintf(buf, sizeof(buf), "Password for %s:", name);
if (des_read_pw_string (passwd, sizeof(passwd)-1, buf, 0))
*passwd = '\0';
des_string_to_key (passwd, &key);
des_key_sched(&key, schedule);
des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat,
tkt.length,
schedule, &key, DES_DECRYPT);
if (strcmp ((char*)tktcopy.dat + 8,
KRB_TICKET_GRANTING_TICKET) != 0) {
afs_string_to_key (passwd, krb_realmofhost(hostname), &key);
des_key_sched (&key, schedule);
des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat,
tkt.length,
schedule, &key, DES_DECRYPT);
}
memset(key, 0, sizeof(key));
memset(schedule, 0, sizeof(schedule));
memset(passwd, 0, sizeof(passwd));
if(base64_encode(tktcopy.dat, tktcopy.length, &p) < 0) {
printf("Out of memory base64-encoding.\n");
set_command_prot(save);
code = -1;
return;
}
memset (tktcopy.dat, 0, tktcopy.length);
ret = command("SITE KAUTH %s %s", name, p);
free(p);
set_command_prot(save);
if(ret != COMPLETE){
code = -1;
return;
}
code = 0;
}
void
klist(int argc, char **argv)
{
int ret;
if(argc != 1){
printf("usage: %s\n", argv[0]);
code = -1;
return;
}
ret = command("SITE KLIST");
code = (ret == COMPLETE);
}
void
kdestroy(int argc, char **argv)
{
int ret;
if (argc != 1) {
printf("usage: %s\n", argv[0]);
code = -1;
return;
}
ret = command("SITE KDESTROY");
code = (ret == COMPLETE);
}
void
krbtkfile(int argc, char **argv)
{
int ret;
if(argc != 2) {
printf("usage: %s tktfile\n", argv[0]);
code = -1;
return;
}
ret = command("SITE KRBTKFILE %s", argv[1]);
code = (ret == COMPLETE);
}
void
afslog(int argc, char **argv)
{
int ret;
if(argc > 2) {
printf("usage: %s [cell]\n", argv[0]);
code = -1;
return;
}
if(argc == 2)
ret = command("SITE AFSLOG %s", argv[1]);
else
ret = command("SITE AFSLOG");
code = (ret == COMPLETE);
}

334
crypto/kerberosIV/appl/ftp/ftp/krb4.c
View File

@ -1,334 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef FTP_SERVER
#include "ftpd_locl.h"
#else
#include "ftp_locl.h"
#endif
#include <krb.h>
RCSID("$Id: krb4.c,v 1.36.2.1 1999/12/06 17:29:45 assar Exp $");
#ifdef FTP_SERVER
#define LOCAL_ADDR ctrl_addr
#define REMOTE_ADDR his_addr
#else
#define LOCAL_ADDR myctladdr
#define REMOTE_ADDR hisctladdr
#endif
extern struct sockaddr *LOCAL_ADDR, *REMOTE_ADDR;
struct krb4_data {
des_cblock key;
des_key_schedule schedule;
char name[ANAME_SZ];
char instance[INST_SZ];
char realm[REALM_SZ];
};
static int
krb4_check_prot(void *app_data, int level)
{
if(level == prot_confidential)
return -1;
return 0;
}
static int
krb4_decode(void *app_data, void *buf, int len, int level)
{
MSG_DAT m;
int e;
struct krb4_data *d = app_data;
if(level == prot_safe)
e = krb_rd_safe(buf, len, &d->key,
(struct sockaddr_in *)REMOTE_ADDR,
(struct sockaddr_in *)LOCAL_ADDR, &m);
else
e = krb_rd_priv(buf, len, d->schedule, &d->key,
(struct sockaddr_in *)REMOTE_ADDR,
(struct sockaddr_in *)LOCAL_ADDR, &m);
if(e){
syslog(LOG_ERR, "krb4_decode: %s", krb_get_err_text(e));
return -1;
}
memmove(buf, m.app_data, m.app_length);
return m.app_length;
}
static int
krb4_overhead(void *app_data, int level, int len)
{
return 31;
}
static int
krb4_encode(void *app_data, void *from, int length, int level, void **to)
{
struct krb4_data *d = app_data;
*to = malloc(length + 31);
if(level == prot_safe)
return krb_mk_safe(from, *to, length, &d->key,
(struct sockaddr_in *)LOCAL_ADDR,
(struct sockaddr_in *)REMOTE_ADDR);
else if(level == prot_private)
return krb_mk_priv(from, *to, length, d->schedule, &d->key,
(struct sockaddr_in *)LOCAL_ADDR,
(struct sockaddr_in *)REMOTE_ADDR);
else
return -1;
}
#ifdef FTP_SERVER
static int
krb4_adat(void *app_data, void *buf, size_t len)
{
KTEXT_ST tkt;
AUTH_DAT auth_dat;
char *p;
int kerror;
u_int32_t cs;
char msg[35]; /* size of encrypted block */
int tmp_len;
struct krb4_data *d = app_data;
char inst[INST_SZ];
struct sockaddr_in *his_addr_sin = (struct sockaddr_in *)his_addr;
memcpy(tkt.dat, buf, len);
tkt.length = len;
k_getsockinst(0, inst, sizeof(inst));
kerror = krb_rd_req(&tkt, "ftp", inst,
his_addr_sin->sin_addr.s_addr, &auth_dat, "");
if(kerror == RD_AP_UNDEC){
k_getsockinst(0, inst, sizeof(inst));
kerror = krb_rd_req(&tkt, "rcmd", inst,
his_addr_sin->sin_addr.s_addr, &auth_dat, "");
}
if(kerror){
reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
return -1;
}
memcpy(d->key, auth_dat.session, sizeof(d->key));
des_set_key(&d->key, d->schedule);
strlcpy(d->name, auth_dat.pname, sizeof(d->name));
strlcpy(d->instance, auth_dat.pinst, sizeof(d->instance));
strlcpy(d->realm, auth_dat.prealm, sizeof(d->instance));
cs = auth_dat.checksum + 1;
{
unsigned char tmp[4];
KRB_PUT_INT(cs, tmp, 4, sizeof(tmp));
tmp_len = krb_mk_safe(tmp, msg, 4, &d->key,
(struct sockaddr_in *)LOCAL_ADDR,
(struct sockaddr_in *)REMOTE_ADDR);
}
if(tmp_len < 0){
reply(535, "Error creating reply: %s.", strerror(errno));
return -1;
}
len = tmp_len;
if(base64_encode(msg, len, &p) < 0) {
reply(535, "Out of memory base64-encoding.");
return -1;
}
reply(235, "ADAT=%s", p);
sec_complete = 1;
free(p);
return 0;
}
static int
krb4_userok(void *app_data, char *user)
{
struct krb4_data *d = app_data;
return krb_kuserok(d->name, d->instance, d->realm, user);
}
struct sec_server_mech krb4_server_mech = {
"KERBEROS_V4",
sizeof(struct krb4_data),
NULL, /* init */
NULL, /* end */
krb4_check_prot,
krb4_overhead,
krb4_encode,
krb4_decode,
/* */
NULL,
krb4_adat,
NULL, /* pbsz */
NULL, /* ccc */
krb4_userok
};
#else /* FTP_SERVER */
static int
mk_auth(struct krb4_data *d, KTEXT adat,
char *service, char *host, int checksum)
{
int ret;
CREDENTIALS cred;
char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ];
strlcpy(sname, service, sizeof(sname));
strlcpy(inst, krb_get_phost(host), sizeof(inst));
strlcpy(realm, krb_realmofhost(host), sizeof(realm));
ret = krb_mk_req(adat, sname, inst, realm, checksum);
if(ret)
return ret;
strlcpy(sname, service, sizeof(sname));
strlcpy(inst, krb_get_phost(host), sizeof(inst));
strlcpy(realm, krb_realmofhost(host), sizeof(realm));
ret = krb_get_cred(sname, inst, realm, &cred);
memmove(&d->key, &cred.session, sizeof(des_cblock));
des_key_sched(&d->key, d->schedule);
memset(&cred, 0, sizeof(cred));
return ret;
}
static int
krb4_auth(void *app_data, char *host)
{
int ret;
char *p;
int len;
KTEXT_ST adat;
MSG_DAT msg_data;
int checksum;
u_int32_t cs;
struct krb4_data *d = app_data;
struct sockaddr_in *localaddr = (struct sockaddr_in *)LOCAL_ADDR;
struct sockaddr_in *remoteaddr = (struct sockaddr_in *)REMOTE_ADDR;
checksum = getpid();
ret = mk_auth(d, &adat, "ftp", host, checksum);
if(ret == KDC_PR_UNKNOWN)
ret = mk_auth(d, &adat, "rcmd", host, checksum);
if(ret){
printf("%s\n", krb_get_err_text(ret));
return AUTH_CONTINUE;
}
#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM
if (krb_get_config_bool("nat_in_use")) {
struct in_addr natAddr;
if (krb_get_our_ip_for_realm(krb_realmofhost(host),
&natAddr) != KSUCCESS
&& krb_get_our_ip_for_realm(NULL, &natAddr) != KSUCCESS)
printf("Can't get address for realm %s\n",
krb_realmofhost(host));
else {
if (natAddr.s_addr != localaddr->sin_addr.s_addr) {
printf("Using NAT IP address (%s) for kerberos 4\n",
inet_ntoa(natAddr));
localaddr->sin_addr = natAddr;
/*
* This not the best place to do this, but it
* is here we know that (probably) NAT is in
* use!
*/
passivemode = 1;
printf("Setting: Passive mode on.\n");
}
}
}
#endif
printf("Local address is %s\n", inet_ntoa(localaddr->sin_addr));
printf("Remote address is %s\n", inet_ntoa(remoteaddr->sin_addr));
if(base64_encode(adat.dat, adat.length, &p) < 0) {
printf("Out of memory base64-encoding.\n");
return AUTH_CONTINUE;
}
ret = command("ADAT %s", p);
free(p);
if(ret != COMPLETE){
printf("Server didn't accept auth data.\n");
return AUTH_ERROR;
}
p = strstr(reply_string, "ADAT=");
if(!p){
printf("Remote host didn't send adat reply.\n");
return AUTH_ERROR;
}
p += 5;
len = base64_decode(p, adat.dat);
if(len < 0){
printf("Failed to decode base64 from server.\n");
return AUTH_ERROR;
}
adat.length = len;
ret = krb_rd_safe(adat.dat, adat.length, &d->key,
(struct sockaddr_in *)hisctladdr,
(struct sockaddr_in *)myctladdr, &msg_data);
if(ret){
printf("Error reading reply from server: %s.\n",
krb_get_err_text(ret));
return AUTH_ERROR;
}
krb_get_int(msg_data.app_data, &cs, 4, 0);
if(cs - checksum != 1){
printf("Bad checksum returned from server.\n");
return AUTH_ERROR;
}
return AUTH_OK;
}
struct sec_client_mech krb4_client_mech = {
"KERBEROS_V4",
sizeof(struct krb4_data),
NULL, /* init */
krb4_auth,
NULL, /* end */
krb4_check_prot,
krb4_overhead,
krb4_encode,
krb4_decode
};
#endif /* FTP_SERVER */

81
crypto/kerberosIV/appl/ftp/ftp/krb4.h
View File

@ -1,81 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: krb4.h,v 1.10 1997/04/01 08:17:22 joda Exp $ */
#ifndef __KRB4_H__
#define __KRB4_H__
#include <stdio.h>
#include <stdarg.h>
extern int auth_complete;
void sec_status(void);
enum { prot_clear, prot_safe, prot_confidential, prot_private };
void sec_prot(int, char**);
int sec_getc(FILE *F);
int sec_putc(int c, FILE *F);
int sec_fflush(FILE *F);
int sec_read(int fd, void *data, int length);
int sec_write(int fd, char *data, int length);
int krb4_getc(FILE *F);
int krb4_read(int fd, char *data, int length);
void sec_set_protection_level(void);
int sec_request_prot(char *level);
void kauth(int, char **);
void klist(int, char **);
void krb4_quit(void);
int krb4_write_enc(FILE *F, char *fmt, va_list ap);
int krb4_read_msg(char *s, int priv);
int krb4_read_mic(char *s);
int krb4_read_enc(char *s);
int do_klogin(char *host);
#endif /* __KRB4_H__ */

551
crypto/kerberosIV/appl/ftp/ftp/main.c
View File

@ -1,551 +0,0 @@
/*
* Copyright (c) 1985, 1989, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* FTP User Program -- Command Interface.
*/
#include "ftp_locl.h"
RCSID("$Id: main.c,v 1.27.2.1 2000/10/10 13:01:50 assar Exp $");
int
main(int argc, char **argv)
{
int ch, top;
struct passwd *pw = NULL;
char homedir[MaxPathLen];
struct servent *sp;
set_progname(argv[0]);
sp = getservbyname("ftp", "tcp");
if (sp == 0)
errx(1, "ftp/tcp: unknown service");
doglob = 1;
interactive = 1;
autologin = 1;
passivemode = 0; /* passive mode not active */
while ((ch = getopt(argc, argv, "dginptv")) != -1) {
switch (ch) {
case 'd':
options |= SO_DEBUG;
debug++;
break;
case 'g':
doglob = 0;
break;
case 'i':
interactive = 0;
break;
case 'n':
autologin = 0;
break;
case 'p':
passivemode = 1;
break;
case 't':
trace++;
break;
case 'v':
verbose++;
break;
default:
fprintf(stderr,
"usage: ftp [-dginptv] [host [port]]\n");
exit(1);
}
}
argc -= optind;
argv += optind;
fromatty = isatty(fileno(stdin));
if (fromatty)
verbose++;
cpend = 0; /* no pending replies */
proxy = 0; /* proxy not active */
crflag = 1; /* strip c.r. on ascii gets */
sendport = -1; /* not using ports */
/*
* Set up the home directory in case we're globbing.
*/
pw = k_getpwuid(getuid());
if (pw != NULL) {
strlcpy(homedir, pw->pw_dir, sizeof(homedir));
home = homedir;
}
if (argc > 0) {
char *xargv[5];
if (setjmp(toplevel))
exit(0);
signal(SIGINT, intr);
signal(SIGPIPE, lostpeer);
xargv[0] = (char*)__progname;
xargv[1] = argv[0];
xargv[2] = argv[1];
xargv[3] = argv[2];
xargv[4] = NULL;
setpeer(argc+1, xargv);
}
if(setjmp(toplevel) == 0)
top = 1;
else
top = 0;
if (top) {
signal(SIGINT, intr);
signal(SIGPIPE, lostpeer);
}
for (;;) {
cmdscanner(top);
top = 1;
}
}
void
intr(int sig)
{
longjmp(toplevel, 1);
}
#ifndef SHUT_RDWR
#define SHUT_RDWR 2
#endif
RETSIGTYPE
lostpeer(int sig)
{
if (connected) {
if (cout != NULL) {
shutdown(fileno(cout), SHUT_RDWR);
fclose(cout);
cout = NULL;
}
if (data >= 0) {
shutdown(data, SHUT_RDWR);
close(data);
data = -1;
}
connected = 0;
}
pswitch(1);
if (connected) {
if (cout != NULL) {
shutdown(fileno(cout), SHUT_RDWR);
fclose(cout);
cout = NULL;
}
connected = 0;
}
proxflag = 0;
pswitch(0);
sec_end();
SIGRETURN(0);
}
/*
char *
tail(filename)
char *filename;
{
char *s;
while (*filename) {
s = strrchr(filename, '/');
if (s == NULL)
break;
if (s[1])
return (s + 1);
*s = '\0';
}
return (filename);
}
*/
#ifndef HAVE_READLINE
static char *
readline(char *prompt)
{
char buf[BUFSIZ];
printf ("%s", prompt);
fflush (stdout);
if(fgets(buf, sizeof(buf), stdin) == NULL)
return NULL;
if (buf[strlen(buf) - 1] == '\n')
buf[strlen(buf) - 1] = '\0';
return strdup(buf);
}
static void
add_history(char *p)
{
}
#else
/* These should not really be here */
char *readline(char *);
void add_history(char *);
#endif
/*
* Command parser.
*/
void
cmdscanner(int top)
{
struct cmd *c;
int l;
if (!top)
putchar('\n');
for (;;) {
if (fromatty) {
char *p;
p = readline("ftp> ");
if(p == NULL) {
printf("\n");
quit(0, 0);
}
strlcpy(line, p, sizeof(line));
add_history(p);
free(p);
} else{
if (fgets(line, sizeof line, stdin) == NULL)
quit(0, 0);
}
/* XXX will break on long lines */
l = strlen(line);
if (l == 0)
break;
if (line[--l] == '\n') {
if (l == 0)
break;
line[l] = '\0';
} else if (l == sizeof(line) - 2) {
printf("sorry, input line too long\n");
while ((l = getchar()) != '\n' && l != EOF)
/* void */;
break;
} /* else it was a line without a newline */
makeargv();
if (margc == 0) {
continue;
}
c = getcmd(margv[0]);
if (c == (struct cmd *)-1) {
printf("?Ambiguous command\n");
continue;
}
if (c == 0) {
printf("?Invalid command\n");
continue;
}
if (c->c_conn && !connected) {
printf("Not connected.\n");
continue;
}
(*c->c_handler)(margc, margv);
if (bell && c->c_bell)
putchar('\007');
if (c->c_handler != help)
break;
}
signal(SIGINT, intr);
signal(SIGPIPE, lostpeer);
}
struct cmd *
getcmd(char *name)
{
char *p, *q;
struct cmd *c, *found;
int nmatches, longest;
longest = 0;
nmatches = 0;
found = 0;
for (c = cmdtab; (p = c->c_name); c++) {
for (q = name; *q == *p++; q++)
if (*q == 0) /* exact match? */
return (c);
if (!*q) { /* the name was a prefix */
if (q - name > longest) {
longest = q - name;
nmatches = 1;
found = c;
} else if (q - name == longest)
nmatches++;
}
}
if (nmatches > 1)
return ((struct cmd *)-1);
return (found);
}
/*
* Slice a string up into argc/argv.
*/
int slrflag;
void
makeargv(void)
{
char **argp;
argp = margv;
stringbase = line; /* scan from first of buffer */
argbase = argbuf; /* store from first of buffer */
slrflag = 0;
for (margc = 0; ; margc++) {
/* Expand array if necessary */
if (margc == margvlen) {
int i;
margv = (margvlen == 0)
? (char **)malloc(20 * sizeof(char *))
: (char **)realloc(margv,
(margvlen + 20)*sizeof(char *));
if (margv == NULL)
errx(1, "cannot realloc argv array");
for(i = margvlen; i < margvlen + 20; ++i)
margv[i] = NULL;
margvlen += 20;
argp = margv + margc;
}
if ((*argp++ = slurpstring()) == NULL)
break;
}
}
/*
* Parse string into argbuf;
* implemented with FSM to
* handle quoting and strings
*/
char *
slurpstring(void)
{
int got_one = 0;
char *sb = stringbase;
char *ap = argbase;
char *tmp = argbase; /* will return this if token found */
if (*sb == '!' || *sb == '$') { /* recognize ! as a token for shell */
switch (slrflag) { /* and $ as token for macro invoke */
case 0:
slrflag++;
stringbase++;
return ((*sb == '!') ? "!" : "$");
/* NOTREACHED */
case 1:
slrflag++;
altarg = stringbase;
break;
default:
break;
}
}
S0:
switch (*sb) {
case '\0':
goto OUT;
case ' ':
case '\t':
sb++; goto S0;
default:
switch (slrflag) {
case 0:
slrflag++;
break;
case 1:
slrflag++;
altarg = sb;
break;
default:
break;
}
goto S1;
}
S1:
switch (*sb) {
case ' ':
case '\t':
case '\0':
goto OUT; /* end of token */
case '\\':
sb++; goto S2; /* slurp next character */
case '"':
sb++; goto S3; /* slurp quoted string */
default:
*ap++ = *sb++; /* add character to token */
got_one = 1;
goto S1;
}
S2:
switch (*sb) {
case '\0':
goto OUT;
default:
*ap++ = *sb++;
got_one = 1;
goto S1;
}
S3:
switch (*sb) {
case '\0':
goto OUT;
case '"':
sb++; goto S1;
default:
*ap++ = *sb++;
got_one = 1;
goto S3;
}
OUT:
if (got_one)
*ap++ = '\0';
argbase = ap; /* update storage pointer */
stringbase = sb; /* update scan pointer */
if (got_one) {
return (tmp);
}
switch (slrflag) {
case 0:
slrflag++;
break;
case 1:
slrflag++;
altarg = (char *) 0;
break;
default:
break;
}
return NULL;
}
#define HELPINDENT ((int) sizeof ("directory"))
/*
* Help command.
* Call each command handler with argc == 0 and argv[0] == name.
*/
void
help(int argc, char **argv)
{
struct cmd *c;
if (argc == 1) {
int i, j, w, k;
int columns, width = 0, lines;
printf("Commands may be abbreviated. Commands are:\n\n");
for (c = cmdtab; c < &cmdtab[NCMDS]; c++) {
int len = strlen(c->c_name);
if (len > width)
width = len;
}
width = (width + 8) &~ 7;
columns = 80 / width;
if (columns == 0)
columns = 1;
lines = (NCMDS + columns - 1) / columns;
for (i = 0; i < lines; i++) {
for (j = 0; j < columns; j++) {
c = cmdtab + j * lines + i;
if (c->c_name && (!proxy || c->c_proxy)) {
printf("%s", c->c_name);
}
else if (c->c_name) {
for (k=0; k < strlen(c->c_name); k++) {
putchar(' ');
}
}
if (c + lines >= &cmdtab[NCMDS]) {
printf("\n");
break;
}
w = strlen(c->c_name);
while (w < width) {
w = (w + 8) &~ 7;
putchar('\t');
}
}
}
return;
}
while (--argc > 0) {
char *arg;
arg = *++argv;
c = getcmd(arg);
if (c == (struct cmd *)-1)
printf("?Ambiguous help command %s\n", arg);
else if (c == (struct cmd *)0)
printf("?Invalid help command %s\n", arg);
else
printf("%-*s\t%s\n", HELPINDENT,
c->c_name, c->c_help);
}
}

44
crypto/kerberosIV/appl/ftp/ftp/pathnames.h
View File

@ -1,44 +0,0 @@
/*
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)pathnames.h 8.1 (Berkeley) 6/6/93
*/
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
#define _PATH_TMP_XXX "/tmp/ftpXXXXXX"
#ifndef _PATH_BSHELL
#define _PATH_BSHELL "/bin/sh"
#endif

312
crypto/kerberosIV/appl/ftp/ftp/ruserpass.c
View File

@ -1,312 +0,0 @@
/*
* Copyright (c) 1985, 1993, 1994
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "ftp_locl.h"
RCSID("$Id: ruserpass.c,v 1.16 1999/09/16 20:37:31 assar Exp $");
static int token (void);
static FILE *cfile;
#define DEFAULT 1
#define LOGIN 2
#define PASSWD 3
#define ACCOUNT 4
#define MACDEF 5
#define PROT 6
#define ID 10
#define MACH 11
static char tokval[100];
static struct toktab {
char *tokstr;
int tval;
} toktab[]= {
{ "default", DEFAULT },
{ "login", LOGIN },
{ "password", PASSWD },
{ "passwd", PASSWD },
{ "account", ACCOUNT },
{ "machine", MACH },
{ "macdef", MACDEF },
{ "prot", PROT },
{ NULL, 0 }
};
/*
* Write a copy of the hostname into `hostname, sz' and return a guess
* as to the `domain' of that hostname.
*/
static char *
guess_domain (char *hostname, size_t sz)
{
struct hostent *he;
char *dot;
char *a;
char **aliases;
if (gethostname (hostname, sz) < 0) {
strlcpy (hostname, "", sz);
return "";
}
dot = strchr (hostname, '.');
if (dot != NULL)
return dot + 1;
he = gethostbyname (hostname);
if (he == NULL)
return hostname;
dot = strchr (he->h_name, '.');
if (dot != NULL) {
strlcpy (hostname, he->h_name, sz);
return dot + 1;
}
for (aliases = he->h_aliases; (a = *aliases) != NULL; ++aliases) {
dot = strchr (a, '.');
if (dot != NULL) {
strlcpy (hostname, a, sz);
return dot + 1;
}
}
return hostname;
}
int
ruserpass(char *host, char **aname, char **apass, char **aacct)
{
char *hdir, buf[BUFSIZ], *tmp;
int t, i, c, usedefault = 0;
struct stat stb;
mydomain = guess_domain (myhostname, MaxHostNameLen);
hdir = getenv("HOME");
if (hdir == NULL)
hdir = ".";
snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
cfile = fopen(buf, "r");
if (cfile == NULL) {
if (errno != ENOENT)
warn("%s", buf);
return (0);
}
next:
while ((t = token())) switch(t) {
case DEFAULT:
usedefault = 1;
/* FALL THROUGH */
case MACH:
if (!usedefault) {
if (token() != ID)
continue;
/*
* Allow match either for user's input host name
* or official hostname. Also allow match of
* incompletely-specified host in local domain.
*/
if (strcasecmp(host, tokval) == 0)
goto match;
if (strcasecmp(hostname, tokval) == 0)
goto match;
if ((tmp = strchr(hostname, '.')) != NULL &&
tmp++ &&
strcasecmp(tmp, mydomain) == 0 &&
strncasecmp(hostname, tokval, tmp-hostname) == 0 &&
tokval[tmp - hostname] == '\0')
goto match;
if ((tmp = strchr(host, '.')) != NULL &&
tmp++ &&
strcasecmp(tmp, mydomain) == 0 &&
strncasecmp(host, tokval, tmp - host) == 0 &&
tokval[tmp - host] == '\0')
goto match;
continue;
}
match:
while ((t = token()) && t != MACH && t != DEFAULT) switch(t) {
case LOGIN:
if (token()) {
if (*aname == 0) {
*aname = strdup(tokval);
} else {
if (strcmp(*aname, tokval))
goto next;
}
}
break;
case PASSWD:
if ((*aname == NULL || strcmp(*aname, "anonymous")) &&
fstat(fileno(cfile), &stb) >= 0 &&
(stb.st_mode & 077) != 0) {
warnx("Error: .netrc file is readable by others.");
warnx("Remove password or make file unreadable by others.");
goto bad;
}
if (token() && *apass == 0) {
*apass = strdup(tokval);
}
break;
case ACCOUNT:
if (fstat(fileno(cfile), &stb) >= 0
&& (stb.st_mode & 077) != 0) {
warnx("Error: .netrc file is readable by others.");
warnx("Remove account or make file unreadable by others.");
goto bad;
}
if (token() && *aacct == 0) {
*aacct = strdup(tokval);
}
break;
case MACDEF:
if (proxy) {
fclose(cfile);
return (0);
}
while ((c=getc(cfile)) != EOF &&
(c == ' ' || c == '\t'));
if (c == EOF || c == '\n') {
printf("Missing macdef name argument.\n");
goto bad;
}
if (macnum == 16) {
printf("Limit of 16 macros have already been defined\n");
goto bad;
}
tmp = macros[macnum].mac_name;
*tmp++ = c;
for (i=0; i < 8 && (c=getc(cfile)) != EOF &&
!isspace(c); ++i) {
*tmp++ = c;
}
if (c == EOF) {
printf("Macro definition missing null line terminator.\n");
goto bad;
}
*tmp = '\0';
if (c != '\n') {
while ((c=getc(cfile)) != EOF && c != '\n');
}
if (c == EOF) {
printf("Macro definition missing null line terminator.\n");
goto bad;
}
if (macnum == 0) {
macros[macnum].mac_start = macbuf;
}
else {
macros[macnum].mac_start = macros[macnum-1].mac_end + 1;
}
tmp = macros[macnum].mac_start;
while (tmp != macbuf + 4096) {
if ((c=getc(cfile)) == EOF) {
printf("Macro definition missing null line terminator.\n");
goto bad;
}
*tmp = c;
if (*tmp == '\n') {
if (*(tmp-1) == '\0') {
macros[macnum++].mac_end = tmp - 1;
break;
}
*tmp = '\0';
}
tmp++;
}
if (tmp == macbuf + 4096) {
printf("4K macro buffer exceeded\n");
goto bad;
}
break;
case PROT:
token();
if(sec_request_prot(tokval) < 0)
warnx("Unknown protection level \"%s\"", tokval);
break;
default:
warnx("Unknown .netrc keyword %s", tokval);
break;
}
goto done;
}
done:
fclose(cfile);
return (0);
bad:
fclose(cfile);
return (-1);
}
static int
token(void)
{
char *cp;
int c;
struct toktab *t;
if (feof(cfile) || ferror(cfile))
return (0);
while ((c = getc(cfile)) != EOF &&
(c == '\n' || c == '\t' || c == ' ' || c == ','))
continue;
if (c == EOF)
return (0);
cp = tokval;
if (c == '"') {
while ((c = getc(cfile)) != EOF && c != '"') {
if (c == '\\')
c = getc(cfile);
*cp++ = c;
}
} else {
*cp++ = c;
while ((c = getc(cfile)) != EOF
&& c != '\n' && c != '\t' && c != ' ' && c != ',') {
if (c == '\\')
c = getc(cfile);
*cp++ = c;
}
}
*cp = 0;
if (tokval[0] == 0)
return (0);
for (t = toktab; t->tokstr; t++)
if (!strcmp(t->tokstr, tokval))
return (t->tval);
return (ID);
}

785
crypto/kerberosIV/appl/ftp/ftp/security.c
View File

@ -1,785 +0,0 @@
/*
* Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef FTP_SERVER
#include "ftpd_locl.h"
#else
#include "ftp_locl.h"
#endif
RCSID("$Id: security.c,v 1.15 1999/12/02 16:58:30 joda Exp $");
static enum protection_level command_prot;
static enum protection_level data_prot;
static size_t buffer_size;
struct buffer {
void *data;
size_t size;
size_t index;
int eof_flag;
};
static struct buffer in_buffer, out_buffer;
int sec_complete;
static struct {
enum protection_level level;
const char *name;
} level_names[] = {
{ prot_clear, "clear" },
{ prot_safe, "safe" },
{ prot_confidential, "confidential" },
{ prot_private, "private" }
};
static const char *
level_to_name(enum protection_level level)
{
int i;
for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
if(level_names[i].level == level)
return level_names[i].name;
return "unknown";
}
#ifndef FTP_SERVER /* not used in server */
static enum protection_level
name_to_level(const char *name)
{
int i;
for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++)
if(!strncasecmp(level_names[i].name, name, strlen(name)))
return level_names[i].level;
return (enum protection_level)-1;
}
#endif
#ifdef FTP_SERVER
static struct sec_server_mech *mechs[] = {
#ifdef KRB5
&gss_server_mech,
#endif
#ifdef KRB4
&krb4_server_mech,
#endif
NULL
};
static struct sec_server_mech *mech;
#else
static struct sec_client_mech *mechs[] = {
#ifdef KRB5
&gss_client_mech,
#endif
#ifdef KRB4
&krb4_client_mech,
#endif
NULL
};
static struct sec_client_mech *mech;
#endif
static void *app_data;
int
sec_getc(FILE *F)
{
if(sec_complete && data_prot) {
char c;
if(sec_read(fileno(F), &c, 1) <= 0)
return EOF;
return c;
} else
return getc(F);
}
static int
block_read(int fd, void *buf, size_t len)
{
unsigned char *p = buf;
int b;
while(len) {
b = read(fd, p, len);
if (b == 0)
return 0;
else if (b < 0)
return -1;
len -= b;
p += b;
}
return p - (unsigned char*)buf;
}
static int
block_write(int fd, void *buf, size_t len)
{
unsigned char *p = buf;
int b;
while(len) {
b = write(fd, p, len);
if(b < 0)
return -1;
len -= b;
p += b;
}
return p - (unsigned char*)buf;
}
static int
sec_get_data(int fd, struct buffer *buf, int level)
{
int len;
int b;
b = block_read(fd, &len, sizeof(len));
if (b == 0)
return 0;
else if (b < 0)
return -1;
len = ntohl(len);
buf->data = realloc(buf->data, len);
b = block_read(fd, buf->data, len);
if (b == 0)
return 0;
else if (b < 0)
return -1;
buf->size = (*mech->decode)(app_data, buf->data, len, data_prot);
buf->index = 0;
return 0;
}
static size_t
buffer_read(struct buffer *buf, void *data, size_t len)
{
len = min(len, buf->size - buf->index);
memcpy(data, (char*)buf->data + buf->index, len);
buf->index += len;
return len;
}
static size_t
buffer_write(struct buffer *buf, void *data, size_t len)
{
if(buf->index + len > buf->size) {
void *tmp;
if(buf->data == NULL)
tmp = malloc(1024);
else
tmp = realloc(buf->data, buf->index + len);
if(tmp == NULL)
return -1;
buf->data = tmp;
buf->size = buf->index + len;
}
memcpy((char*)buf->data + buf->index, data, len);
buf->index += len;
return len;
}
int
sec_read(int fd, void *data, int length)
{
size_t len;
int rx = 0;
if(sec_complete == 0 || data_prot == 0)
return read(fd, data, length);
if(in_buffer.eof_flag){
in_buffer.eof_flag = 0;
return 0;
}
len = buffer_read(&in_buffer, data, length);
length -= len;
rx += len;
data = (char*)data + len;
while(length){
if(sec_get_data(fd, &in_buffer, data_prot) < 0)
return -1;
if(in_buffer.size == 0) {
if(rx)
in_buffer.eof_flag = 1;
return rx;
}
len = buffer_read(&in_buffer, data, length);
length -= len;
rx += len;
data = (char*)data + len;
}
return rx;
}
static int
sec_send(int fd, char *from, int length)
{
int bytes;
void *buf;
bytes = (*mech->encode)(app_data, from, length, data_prot, &buf);
bytes = htonl(bytes);
block_write(fd, &bytes, sizeof(bytes));
block_write(fd, buf, ntohl(bytes));
free(buf);
return length;
}
int
sec_fflush(FILE *F)
{
if(data_prot != prot_clear) {
if(out_buffer.index > 0){
sec_write(fileno(F), out_buffer.data, out_buffer.index);
out_buffer.index = 0;
}
sec_send(fileno(F), NULL, 0);
}
fflush(F);
return 0;
}
int
sec_write(int fd, char *data, int length)
{
int len = buffer_size;
int tx = 0;
if(data_prot == prot_clear)
return write(fd, data, length);
len -= (*mech->overhead)(app_data, data_prot, len);
while(length){
if(length < len)
len = length;
sec_send(fd, data, len);
length -= len;
data += len;
tx += len;
}
return tx;
}
int
sec_vfprintf2(FILE *f, const char *fmt, va_list ap)
{
char *buf;
int ret;
if(data_prot == prot_clear)
return vfprintf(f, fmt, ap);
else {
vasprintf(&buf, fmt, ap);
ret = buffer_write(&out_buffer, buf, strlen(buf));
free(buf);
return ret;
}
}
int
sec_fprintf2(FILE *f, const char *fmt, ...)
{
int ret;
va_list ap;
va_start(ap, fmt);
ret = sec_vfprintf2(f, fmt, ap);
va_end(ap);
return ret;
}
int
sec_putc(int c, FILE *F)
{
char ch = c;
if(data_prot == prot_clear)
return putc(c, F);
buffer_write(&out_buffer, &ch, 1);
if(c == '\n' || out_buffer.index >= 1024 /* XXX */) {
sec_write(fileno(F), out_buffer.data, out_buffer.index);
out_buffer.index = 0;
}
return c;
}
int
sec_read_msg(char *s, int level)
{
int len;
char *buf;
int code;
buf = malloc(strlen(s));
len = base64_decode(s + 4, buf); /* XXX */
len = (*mech->decode)(app_data, buf, len, level);
if(len < 0)
return -1;
buf[len] = '\0';
if(buf[3] == '-')
code = 0;
else
sscanf(buf, "%d", &code);
if(buf[len-1] == '\n')
buf[len-1] = '\0';
strcpy(s, buf);
free(buf);
return code;
}
int
sec_vfprintf(FILE *f, const char *fmt, va_list ap)
{
char *buf;
void *enc;
int len;
if(!sec_complete)
return vfprintf(f, fmt, ap);
vasprintf(&buf, fmt, ap);
len = (*mech->encode)(app_data, buf, strlen(buf), command_prot, &enc);
free(buf);
if(len < 0) {
printf("Failed to encode command.\n");
return -1;
}
if(base64_encode(enc, len, &buf) < 0){
printf("Out of memory base64-encoding.\n");
return -1;
}
#ifdef FTP_SERVER
if(command_prot == prot_safe)
fprintf(f, "631 %s\r\n", buf);
else if(command_prot == prot_private)
fprintf(f, "632 %s\r\n", buf);
else if(command_prot == prot_confidential)
fprintf(f, "633 %s\r\n", buf);
#else
if(command_prot == prot_safe)
fprintf(f, "MIC %s", buf);
else if(command_prot == prot_private)
fprintf(f, "ENC %s", buf);
else if(command_prot == prot_confidential)
fprintf(f, "CONF %s", buf);
#endif
free(buf);
return 0;
}
int
sec_fprintf(FILE *f, const char *fmt, ...)
{
va_list ap;
int ret;
va_start(ap, fmt);
ret = sec_vfprintf(f, fmt, ap);
va_end(ap);
return ret;
}
/* end common stuff */
#ifdef FTP_SERVER
void
auth(char *auth_name)
{
int i;
for(i = 0; (mech = mechs[i]) != NULL; i++){
if(!strcasecmp(auth_name, mech->name)){
app_data = realloc(app_data, mech->size);
if(mech->init && (*mech->init)(app_data) != 0) {
reply(431, "Unable to accept %s at this time", mech->name);
return;
}
if(mech->auth) {
(*mech->auth)(app_data);
return;
}
if(mech->adat)
reply(334, "Send authorization data.");
else
reply(234, "Authorization complete.");
return;
}
}
free (app_data);
reply(504, "%s is unknown to me", auth_name);
}
void
adat(char *auth_data)
{
if(mech && !sec_complete) {
void *buf = malloc(strlen(auth_data));
size_t len;
len = base64_decode(auth_data, buf);
(*mech->adat)(app_data, buf, len);
free(buf);
} else
reply(503, "You must %sissue an AUTH first.", mech ? "re-" : "");
}
void pbsz(int size)
{
size_t new = size;
if(!sec_complete)
reply(503, "Incomplete security data exchange.");
if(mech->pbsz)
new = (*mech->pbsz)(app_data, size);
if(buffer_size != new){
buffer_size = size;
}
if(new != size)
reply(200, "PBSZ=%lu", (unsigned long)new);
else
reply(200, "OK");
}
void
prot(char *pl)
{
int p = -1;
if(buffer_size == 0){
reply(503, "No protection buffer size negotiated.");
return;
}
if(!strcasecmp(pl, "C"))
p = prot_clear;
else if(!strcasecmp(pl, "S"))
p = prot_safe;
else if(!strcasecmp(pl, "E"))
p = prot_confidential;
else if(!strcasecmp(pl, "P"))
p = prot_private;
else {
reply(504, "Unrecognized protection level.");
return;
}
if(sec_complete){
if((*mech->check_prot)(app_data, p)){
reply(536, "%s does not support %s protection.",
mech->name, level_to_name(p));
}else{
data_prot = (enum protection_level)p;
reply(200, "Data protection is %s.", level_to_name(p));
}
}else{
reply(503, "Incomplete security data exchange.");
}
}
void ccc(void)
{
if(sec_complete){
if(mech->ccc && (*mech->ccc)(app_data) == 0)
command_prot = data_prot = prot_clear;
else
reply(534, "You must be joking.");
}else
reply(503, "Incomplete security data exchange.");
}
void mec(char *msg, enum protection_level level)
{
void *buf;
size_t len;
if(!sec_complete) {
reply(503, "Incomplete security data exchange.");
return;
}
buf = malloc(strlen(msg) + 2); /* XXX go figure out where that 2
comes from :-) */
len = base64_decode(msg, buf);
command_prot = level;
if(len == (size_t)-1) {
reply(501, "Failed to base64-decode command");
return;
}
len = (*mech->decode)(app_data, buf, len, level);
if(len == (size_t)-1) {
reply(535, "Failed to decode command");
return;
}
((char*)buf)[len] = '\0';
if(strstr((char*)buf, "\r\n") == NULL)
strcat((char*)buf, "\r\n");
new_ftp_command(buf);
}
/* ------------------------------------------------------------ */
int
sec_userok(char *user)
{
if(sec_complete)
return (*mech->userok)(app_data, user);
return 0;
}
char *ftp_command;
void
new_ftp_command(char *command)
{
ftp_command = command;
}
void
delete_ftp_command(void)
{
free(ftp_command);
ftp_command = NULL;
}
int
secure_command(void)
{
return ftp_command != NULL;
}
enum protection_level
get_command_prot(void)
{
return command_prot;
}
#else /* FTP_SERVER */
void
sec_status(void)
{
if(sec_complete){
printf("Using %s for authentication.\n", mech->name);
printf("Using %s command channel.\n", level_to_name(command_prot));
printf("Using %s data channel.\n", level_to_name(data_prot));
if(buffer_size > 0)
printf("Protection buffer size: %lu.\n",
(unsigned long)buffer_size);
}else{
printf("Not using any security mechanism.\n");
}
}
static int
sec_prot_internal(int level)
{
int ret;
char *p;
unsigned int s = 1048576;
int old_verbose = verbose;
verbose = 0;
if(!sec_complete){
printf("No security data exchange has taken place.\n");
return -1;
}
if(level){
ret = command("PBSZ %u", s);
if(ret != COMPLETE){
printf("Failed to set protection buffer size.\n");
return -1;
}
buffer_size = s;
p = strstr(reply_string, "PBSZ=");
if(p)
sscanf(p, "PBSZ=%u", &s);
if(s < buffer_size)
buffer_size = s;
}
verbose = old_verbose;
ret = command("PROT %c", level["CSEP"]); /* XXX :-) */
if(ret != COMPLETE){
printf("Failed to set protection level.\n");
return -1;
}
data_prot = (enum protection_level)level;
return 0;
}
enum protection_level
set_command_prot(enum protection_level level)
{
enum protection_level old = command_prot;
command_prot = level;
return old;
}
void
sec_prot(int argc, char **argv)
{
int level = -1;
if(argc < 2 || argc > 3)
goto usage;
if(!sec_complete) {
printf("No security data exchange has taken place.\n");
code = -1;
return;
}
level = name_to_level(argv[argc - 1]);
if(level == -1)
goto usage;
if((*mech->check_prot)(app_data, level)) {
printf("%s does not implement %s protection.\n",
mech->name, level_to_name(level));
code = -1;
return;
}
if(argc == 2 || strncasecmp(argv[1], "data", strlen(argv[1])) == 0) {
if(sec_prot_internal(level) < 0){
code = -1;
return;
}
} else if(strncasecmp(argv[1], "command", strlen(argv[1])) == 0)
set_command_prot(level);
else
goto usage;
code = 0;
return;
usage:
printf("usage: %s [command|data] [clear|safe|confidential|private]\n",
argv[0]);
code = -1;
}
static enum protection_level request_data_prot;
void
sec_set_protection_level(void)
{
if(sec_complete && data_prot != request_data_prot)
sec_prot_internal(request_data_prot);
}
int
sec_request_prot(char *level)
{
int l = name_to_level(level);
if(l == -1)
return -1;
request_data_prot = (enum protection_level)l;
return 0;
}
int
sec_login(char *host)
{
int ret;
struct sec_client_mech **m;
int old_verbose = verbose;
verbose = -1; /* shut up all messages this will produce (they
are usually not very user friendly) */
for(m = mechs; *m && (*m)->name; m++) {
void *tmp;
tmp = realloc(app_data, (*m)->size);
if (tmp == NULL) {
warnx ("realloc %u failed", (*m)->size);
return -1;
}
app_data = tmp;
if((*m)->init && (*(*m)->init)(app_data) != 0) {
printf("Skipping %s...\n", (*m)->name);
continue;
}
printf("Trying %s...\n", (*m)->name);
ret = command("AUTH %s", (*m)->name);
if(ret != CONTINUE){
if(code == 504){
printf("%s is not supported by the server.\n", (*m)->name);
}else if(code == 534){
printf("%s rejected as security mechanism.\n", (*m)->name);
}else if(ret == ERROR) {
printf("The server doesn't support the FTP "
"security extensions.\n");
verbose = old_verbose;
return -1;
}
continue;
}
ret = (*(*m)->auth)(app_data, host);
if(ret == AUTH_CONTINUE)
continue;
else if(ret != AUTH_OK){
/* mechanism is supposed to output error string */
verbose = old_verbose;
return -1;
}
mech = *m;
sec_complete = 1;
command_prot = prot_safe;
break;
}
verbose = old_verbose;
return *m == NULL;
}
void
sec_end(void)
{
if (mech != NULL) {
if(mech->end)
(*mech->end)(app_data);
memset(app_data, 0, mech->size);
free(app_data);
app_data = NULL;
}
sec_complete = 0;
data_prot = (enum protection_level)0;
}
#endif /* FTP_SERVER */

131
crypto/kerberosIV/appl/ftp/ftp/security.h
View File

@ -1,131 +0,0 @@
/*
* Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: security.h,v 1.7 1999/12/02 16:58:30 joda Exp $ */
#ifndef __security_h__
#define __security_h__
enum protection_level {
prot_clear,
prot_safe,
prot_confidential,
prot_private
};
struct sec_client_mech {
char *name;
size_t size;
int (*init)(void *);
int (*auth)(void *, char*);
void (*end)(void *);
int (*check_prot)(void *, int);
int (*overhead)(void *, int, int);
int (*encode)(void *, void*, int, int, void**);
int (*decode)(void *, void*, int, int);
};
struct sec_server_mech {
char *name;
size_t size;
int (*init)(void *);
void (*end)(void *);
int (*check_prot)(void *, int);
int (*overhead)(void *, int, int);
int (*encode)(void *, void*, int, int, void**);
int (*decode)(void *, void*, int, int);
int (*auth)(void *);
int (*adat)(void *, void*, size_t);
size_t (*pbsz)(void *, size_t);
int (*ccc)(void*);
int (*userok)(void*, char*);
};
#define AUTH_OK 0
#define AUTH_CONTINUE 1
#define AUTH_ERROR 2
#ifdef FTP_SERVER
extern struct sec_server_mech krb4_server_mech, gss_server_mech;
#else
extern struct sec_client_mech krb4_client_mech, gss_client_mech;
#endif
extern int sec_complete;
#ifdef FTP_SERVER
extern char *ftp_command;
void new_ftp_command(char*);
void delete_ftp_command(void);
#endif
/* ---- */
int sec_fflush (FILE *);
int sec_fprintf (FILE *, const char *, ...);
int sec_getc (FILE *);
int sec_putc (int, FILE *);
int sec_read (int, void *, int);
int sec_read_msg (char *, int);
int sec_vfprintf (FILE *, const char *, va_list);
int sec_fprintf2(FILE *f, const char *fmt, ...);
int sec_vfprintf2(FILE *, const char *, va_list);
int sec_write (int, char *, int);
#ifdef FTP_SERVER
void adat (char *);
void auth (char *);
void ccc (void);
void mec (char *, enum protection_level);
void pbsz (int);
void prot (char *);
void delete_ftp_command (void);
void new_ftp_command (char *);
int sec_userok (char *);
int secure_command (void);
enum protection_level get_command_prot(void);
#else
void sec_end (void);
int sec_login (char *);
void sec_prot (int, char **);
int sec_request_prot (char *);
void sec_set_protection_level (void);
void sec_status (void);
enum protection_level set_command_prot(enum protection_level);
#endif
#endif /* __security_h__ */

54
crypto/kerberosIV/appl/ftp/ftpd/Makefile.am
View File

@ -1,54 +0,0 @@
# $Id: Makefile.am,v 1.20 1999/10/03 16:38:53 joda Exp $
include $(top_srcdir)/Makefile.am.common
INCLUDES += -I$(srcdir)/../common $(INCLUDE_krb4) -DFTP_SERVER
libexec_PROGRAMS = ftpd
CHECK_LOCAL =
if KRB4
krb4_sources = krb4.c kauth.c
endif
if KRB5
krb5_sources = gssapi.c gss_userok.c
endif
ftpd_SOURCES = \
extern.h \
ftpcmd.y \
ftpd.c \
ftpd_locl.h \
logwtmp.c \
ls.c \
pathnames.h \
popen.c \
security.c \
$(krb4_sources) \
$(krb5_sources)
EXTRA_ftpd_SOURCES = krb4.c kauth.c gssapi.c gss_userok.c
$(ftpd_OBJECTS): security.h
security.c:
@test -f security.c || $(LN_S) $(srcdir)/../ftp/security.c .
security.h:
@test -f security.h || $(LN_S) $(srcdir)/../ftp/security.h .
krb4.c:
@test -f krb4.c || $(LN_S) $(srcdir)/../ftp/krb4.c .
gssapi.c:
@test -f gssapi.c || $(LN_S) $(srcdir)/../ftp/gssapi.c .
CLEANFILES = security.c security.h krb4.c gssapi.c ftpcmd.c
LDADD = ../common/libcommon.a \
$(LIB_kafs) \
$(LIB_gssapi) \
$(LIB_krb5) \
$(LIB_krb4) \
$(LIB_otp) \
$(top_builddir)/lib/des/libdes.la \
$(LIB_roken) \
$(DBLIB)

102
crypto/kerberosIV/appl/ftp/ftpd/Makefile.in
View File

@ -1,102 +0,0 @@
#
# $Id: Makefile.in,v 1.41 1999/10/03 16:39:27 joda Exp $
#
srcdir = @srcdir@
top_srcdir = @top_srcdir@
VPATH = @srcdir@
top_builddir = ../../..
SHELL = /bin/sh
CC = @CC@
YACC = @YACC@
RANLIB = @RANLIB@
DEFS = @DEFS@
WFLAGS = @WFLAGS@
CFLAGS = @CFLAGS@ $(WFLAGS)
LD_FLAGS = @LD_FLAGS@
LIBS = @LIBS@
LIB_DBM = @LIB_DBM@
MKINSTALLDIRS = $(top_srcdir)/mkinstalldirs
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
LN_S = @LN_S@
prefix = @prefix@
exec_prefix = @exec_prefix@
libdir = @libdir@
libexecdir = @libexecdir@
transform=@program_transform_name@
EXECSUFFIX=@EXECSUFFIX@
ATHENA = ../../..
INCTOP = $(ATHENA)/include
LIBTOP = $(ATHENA)/lib
LIBKAFS = @KRB_KAFS_LIB@
LIBKRB = -L$(LIBTOP)/krb -lkrb
LIBDES = -L$(LIBTOP)/des -ldes
LIBOTP = @LIB_otp@
LIBROKEN= -L$(LIBTOP)/roken -lroken
PROGS = ftpd$(EXECSUFFIX)
ftpd_SOURCES = ftpd.c ftpcmd.c logwtmp.c ls.c popen.c security.c krb4.c kauth.c
ftpd_OBJS = ftpd.o ftpcmd.o logwtmp.o ls.o popen.o security.o krb4.o kauth.o
SOURCES = $(ftpd_SOURCES)
OBJECTS = $(ftpd_OBJS)
all: $(PROGS)
$(ftpd_OBJS): security.h
security.c:
$(LN_S) $(srcdir)/../ftp/security.c .
security.h:
$(LN_S) $(srcdir)/../ftp/security.h .
krb4.c:
$(LN_S) $(srcdir)/../ftp/krb4.c .
gssapi.c:
$(LN_S) $(srcdir)/../ftp/gssapi.c .
.c.o:
$(CC) -c -DFTP_SERVER -I. -I$(srcdir) -I$(srcdir)/../common -I$(INCTOP) $(DEFS) $(CFLAGS) $(CPPFLAGS) $<
install: all
$(MKINSTALLDIRS) $(DESTDIR)$(libexecdir)
for x in $(PROGS); do \
$(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
done
uninstall:
for x in $(PROGS); do \
rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
done
ftpd$(EXECSUFFIX): $(ftpd_OBJS)
$(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(ftpd_OBJS) -L../common -lcommon $(LIBKAFS) $(LIBKRB) $(LIBOTP) $(LIBDES) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN)
ftpcmd.c: ftpcmd.y
$(YACC) $(YFLAGS) $<
chmod a-w y.tab.c
mv -f y.tab.c ftpcmd.c
TAGS: $(SOURCES)
etags $(SOURCES)
CLEANFILES = ftpd$(EXECSUFFIX) ftpcmd.c security.c security.h krb4.c gssapi.c
clean cleandir:
rm -f *~ *.o core \#* $(CLEANFILES)
distclean:
rm -f Makefile
.PHONY: all install uninstall clean cleandir distclean

249
crypto/kerberosIV/appl/ftp/ftpd/auth.c
View File

@ -1,249 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: auth.c,v 1.11 1997/05/04 23:09:00 assar Exp $");
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4
#include <sys/ioctl.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#include "extern.h"
#include "krb4.h"
#include "auth.h"
static struct at auth_types [] = {
{ "KERBEROS_V4", krb4_auth, krb4_adat, krb4_pbsz, krb4_prot, krb4_ccc,
krb4_mic, krb4_conf, krb4_enc, krb4_read, krb4_write, krb4_userok,
krb4_vprintf },
{ 0, 0, 0, 0, 0, 0, 0, 0, 0 }
};
struct at *ct;
int data_protection;
int buffer_size;
unsigned char *data_buffer;
int auth_complete;
char *protection_names[] = {
"clear", "safe",
"confidential", "private"
};
void auth_init(void)
{
}
char *ftp_command;
int prot_level;
void new_ftp_command(char *command)
{
ftp_command = command;
}
void delete_ftp_command(void)
{
if(ftp_command){
free(ftp_command);
ftp_command = NULL;
}
}
int auth_ok(void)
{
return ct && auth_complete;
}
void auth(char *auth)
{
for(ct=auth_types; ct->name; ct++){
if(!strcasecmp(auth, ct->name)){
ct->auth(auth);
return;
}
}
reply(504, "%s is not a known security mechanism", auth);
}
void adat(char *auth)
{
if(ct && !auth_complete)
ct->adat(auth);
else
reply(503, "You must (re)issue an AUTH first.");
}
void pbsz(int size)
{
int old = buffer_size;
if(auth_ok())
ct->pbsz(size);
else
reply(503, "Incomplete security data exchange.");
if(buffer_size != old){
if(data_buffer)
free(data_buffer);
data_buffer = malloc(buffer_size + 4);
}
}
void prot(char *pl)
{
int p = -1;
if(buffer_size == 0){
reply(503, "No protection buffer size negotiated.");
return;
}
if(!strcasecmp(pl, "C"))
p = prot_clear;
if(!strcasecmp(pl, "S"))
p = prot_safe;
if(!strcasecmp(pl, "E"))
p = prot_confidential;
if(!strcasecmp(pl, "P"))
p = prot_private;
if(p == -1){
reply(504, "Unrecognized protection level.");
return;
}
if(auth_ok()){
if(ct->prot(p)){
reply(536, "%s does not support %s protection.",
ct->name, protection_names[p]);
}else{
data_protection = p;
reply(200, "Data protection is %s.",
protection_names[data_protection]);
}
}else{
reply(503, "Incomplete security data exchange.");
}
}
void ccc(void)
{
if(auth_ok()){
if(!ct->ccc())
prot_level = prot_clear;
}else
reply(503, "Incomplete security data exchange.");
}
void mic(char *msg)
{
if(auth_ok()){
if(!ct->mic(msg))
prot_level = prot_safe;
}else
reply(503, "Incomplete security data exchange.");
}
void conf(char *msg)
{
if(auth_ok()){
if(!ct->conf(msg))
prot_level = prot_confidential;
}else
reply(503, "Incomplete security data exchange.");
}
void enc(char *msg)
{
if(auth_ok()){
if(!ct->enc(msg))
prot_level = prot_private;
}else
reply(503, "Incomplete security data exchange.");
}
int auth_read(int fd, void *data, int length)
{
if(auth_ok() && data_protection)
return ct->read(fd, data, length);
else
return read(fd, data, length);
}
int auth_write(int fd, void *data, int length)
{
if(auth_ok() && data_protection)
return ct->write(fd, data, length);
else
return write(fd, data, length);
}
void auth_vprintf(const char *fmt, va_list ap)
{
if(auth_ok() && prot_level){
ct->vprintf(fmt, ap);
}else
vprintf(fmt, ap);
}
void auth_printf(const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
auth_vprintf(fmt, ap);
va_end(ap);
}

109
crypto/kerberosIV/appl/ftp/ftpd/auth.h
View File

@ -1,109 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: auth.h,v 1.9 1997/05/11 11:04:28 assar Exp $ */
#ifndef __AUTH_H__
#define __AUTH_H__
#include <stdarg.h>
struct at {
char *name;
int (*auth)(char*);
int (*adat)(char*);
int (*pbsz)(int);
int (*prot)(int);
int (*ccc)(void);
int (*mic)(char*);
int (*conf)(char*);
int (*enc)(char*);
int (*read)(int, void*, int);
int (*write)(int, void*, int);
int (*userok)(char*);
int (*vprintf)(const char*, va_list);
};
extern struct at *ct;
enum protection_levels {
prot_clear, prot_safe, prot_confidential, prot_private
};
extern char *protection_names[];
extern char *ftp_command;
extern int prot_level;
void delete_ftp_command(void);
extern int data_protection;
extern int buffer_size;
extern unsigned char *data_buffer;
extern int auth_complete;
void auth_init(void);
int auth_ok(void);
void auth(char*);
void adat(char*);
void pbsz(int);
void prot(char*);
void ccc(void);
void mic(char*);
void conf(char*);
void enc(char*);
int auth_read(int, void*, int);
int auth_write(int, void*, int);
void auth_vprintf(const char *fmt, va_list ap)
#ifdef __GNUC__
__attribute__ ((format (printf, 1, 0)))
#endif
;
void auth_printf(const char *fmt, ...)
#ifdef __GNUC__
__attribute__ ((format (printf, 1, 2)))
#endif
;
void new_ftp_command(char *command);
#endif /* __AUTH_H__ */

160
crypto/kerberosIV/appl/ftp/ftpd/extern.h
View File

@ -1,160 +0,0 @@
/*-
* Copyright (c) 1992, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)extern.h 8.2 (Berkeley) 4/4/94
*/
#ifndef _EXTERN_H_
#define _EXTERN_H_
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
#include <stdio.h>
#include <stdarg.h>
#include <setjmp.h>
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
#ifdef HAVE_LIMITS_H
#include <limits.h>
#endif
#ifndef NBBY
#define NBBY CHAR_BIT
#endif
void abor(void);
void blkfree(char **);
char **copyblk(char **);
void cwd(char *);
void do_delete(char *);
void dologout(int);
void eprt(char *);
void epsv(char *);
void fatal(char *);
int filename_check(char *);
int ftpd_pclose(FILE *);
FILE *ftpd_popen(char *, char *, int, int);
char *ftpd_getline(char *, int);
void ftpd_logwtmp(char *, char *, char *);
void lreply(int, const char *, ...)
#ifdef __GNUC__
__attribute__ ((format (printf, 2, 3)))
#endif
;
void makedir(char *);
void nack(char *);
void nreply(const char *, ...)
#ifdef __GNUC__
__attribute__ ((format (printf, 1, 2)))
#endif
;
void pass(char *);
void pasv(void);
void perror_reply(int, const char *);
void pwd(void);
void removedir(char *);
void renamecmd(char *, char *);
char *renamefrom(char *);
void reply(int, const char *, ...)
#ifdef __GNUC__
__attribute__ ((format (printf, 2, 3)))
#endif
;
void retrieve(const char *, char *);
void send_file_list(char *);
void setproctitle(const char *, ...)
#ifdef __GNUC__
__attribute__ ((format (printf, 1, 2)))
#endif
;
void statcmd(void);
void statfilecmd(char *);
void do_store(char *, char *, int);
void upper(char *);
void user(char *);
void yyerror(char *);
void list_file(char*);
void kauth(char *, char*);
void klist(void);
void cond_kdestroy(void);
void kdestroy(void);
void krbtkfile(const char *tkfile);
void afslog(const char *cell);
void afsunlog(void);
int find(char *);
void builtin_ls(FILE*, const char*);
int do_login(int code, char *passwd);
int klogin(char *name, char *password);
const char *ftp_rooted(const char *path);
extern struct sockaddr *ctrl_addr, *his_addr;
extern char hostname[];
extern struct sockaddr *data_dest;
extern int logged_in;
extern struct passwd *pw;
extern int guest;
extern int logging;
extern int type;
extern int oobflag;
extern off_t file_size;
extern off_t byte_count;
extern jmp_buf urgcatch;
extern int form;
extern int debug;
extern int ftpd_timeout;
extern int maxtimeout;
extern int pdata;
extern char hostname[], remotehost[];
extern char proctitle[];
extern int usedefault;
extern int transflag;
extern char tmpline[];
#endif /* _EXTERN_H_ */

1457
crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y
View File

File diff suppressed because it is too large Load Diff

2250
crypto/kerberosIV/appl/ftp/ftpd/ftpd.c
View File

File diff suppressed because it is too large Load Diff

170
crypto/kerberosIV/appl/ftp/ftpd/ftpd_locl.h
View File

@ -1,170 +0,0 @@
/*
* Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: ftpd_locl.h,v 1.9 1999/12/02 16:58:30 joda Exp $ */
#ifndef __ftpd_locl_h__
#define __ftpd_locl_h__
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
/*
* FTP server.
*/
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endif
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
#include <sys/ioctl.h>
#endif
#ifdef HAVE_SYS_IOCCOM_H
#include <sys/ioccom.h>
#endif
#ifdef TIME_WITH_SYS_TIME
#include <sys/time.h>
#include <time.h>
#elif defined(HAVE_SYS_TIME_H)
#include <sys/time.h>
#else
#include <time.h>
#endif
#ifdef HAVE_SYS_RESOURCE_H
#include <sys/resource.h>
#endif
#ifdef HAVE_SYS_WAIT_H
#include <sys/wait.h>
#endif
#ifdef HAVE_NETINET_IN_H
#include <netinet/in.h>
#endif
#ifdef HAVE_NETINET_IN_SYSTM_H
#include <netinet/in_systm.h>
#endif
#ifdef HAVE_NETINET_IP_H
#include <netinet/ip.h>
#endif
#ifdef HAVE_SYS_MMAN_H
#include <sys/mman.h>
#endif
#include <arpa/ftp.h>
#ifdef HAVE_ARPA_INET_H
#include <arpa/inet.h>
#endif
#ifdef HAVE_ARPA_TELNET_H
#include <arpa/telnet.h>
#endif
#include <ctype.h>
#ifdef HAVE_DIRENT_H
#include <dirent.h>
#endif
#include <errno.h>
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#include <glob.h>
#include <limits.h>
#ifdef HAVE_PWD_H
#include <pwd.h>
#endif
#include <setjmp.h>
#include <signal.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#ifdef HAVE_SYSLOG_H
#include <syslog.h>
#endif
#include <time.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_GRP_H
#include <grp.h>
#endif
#include <fnmatch.h>
#ifdef HAVE_BSD_BSD_H
#include <bsd/bsd.h>
#endif
#include <err.h>
#include "pathnames.h"
#include "extern.h"
#include "common.h"
#include "security.h"
#include "roken.h"
#ifdef KRB4
#include <krb.h>
#include <kafs.h>
#endif
#ifdef OTP
#include <otp.h>
#endif
#ifdef SOCKS
#include <socks.h>
extern int LIBPREFIX(fclose) (FILE *);
#endif
/* SunOS doesn't have any declaration of fclose */
int fclose(FILE *stream);
int yyparse();
#ifndef LOG_FTP
#define LOG_FTP LOG_DAEMON
#endif
#endif /* __ftpd_locl_h__ */

69
crypto/kerberosIV/appl/ftp/ftpd/gss_userok.c
View File

@ -1,69 +0,0 @@
/*
* Copyright (c) 1998 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "ftpd_locl.h"
#include <gssapi.h>
#include <krb5.h>
RCSID("$Id: gss_userok.c,v 1.2 1999/12/02 16:58:31 joda Exp $");
/* XXX a bit too much of krb5 dependency here...
What is the correct way to do this?
*/
extern krb5_context gssapi_krb5_context;
/* XXX sync with gssapi.c */
struct gss_data {
gss_ctx_id_t context_hdl;
char *client_name;
};
int gss_userok(void*, char*); /* to keep gcc happy */
int
gss_userok(void *app_data, char *username)
{
struct gss_data *data = app_data;
if(gssapi_krb5_context) {
krb5_principal client;
krb5_error_code ret;
ret = krb5_parse_name(gssapi_krb5_context, data->client_name, &client);
if(ret)
return 1;
ret = krb5_kuserok(gssapi_krb5_context, client, username);
krb5_free_principal(gssapi_krb5_context, client);
return !ret;
}
return 1;
}

365
crypto/kerberosIV/appl/ftp/ftpd/kauth.c
View File

@ -1,365 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "ftpd_locl.h"
RCSID("$Id: kauth.c,v 1.25 1999/12/02 16:58:31 joda Exp $");
static KTEXT_ST cip;
static unsigned int lifetime;
static time_t local_time;
static krb_principal pr;
static int do_destroy_tickets = 1;
static int
save_tkt(const char *user,
const char *instance,
const char *realm,
const void *arg,
key_proc_t key_proc,
KTEXT *cipp)
{
local_time = time(0);
memmove(&cip, *cipp, sizeof(cip));
return -1;
}
static int
store_ticket(KTEXT cip)
{
char *ptr;
des_cblock session;
krb_principal sp;
unsigned char kvno;
KTEXT_ST tkt;
int left = cip->length;
int len;
int kerror;
ptr = (char *) cip->dat;
/* extract session key */
memmove(session, ptr, 8);
ptr += 8;
left -= 8;
len = strnlen(ptr, left);
if (len == left)
return(INTK_BADPW);
/* extract server's name */
strlcpy(sp.name, ptr, sizeof(sp.name));
ptr += len + 1;
left -= len + 1;
len = strnlen(ptr, left);
if (len == left)
return(INTK_BADPW);
/* extract server's instance */
strlcpy(sp.instance, ptr, sizeof(sp.instance));
ptr += len + 1;
left -= len + 1;
len = strnlen(ptr, left);
if (len == left)
return(INTK_BADPW);
/* extract server's realm */
strlcpy(sp.realm, ptr, sizeof(sp.realm));
ptr += len + 1;
left -= len + 1;
if(left < 3)
return INTK_BADPW;
/* extract ticket lifetime, server key version, ticket length */
/* be sure to avoid sign extension on lifetime! */
lifetime = (unsigned char) ptr[0];
kvno = (unsigned char) ptr[1];
tkt.length = (unsigned char) ptr[2];
ptr += 3;
left -= 3;
if (tkt.length > left)
return(INTK_BADPW);
/* extract ticket itself */
memmove(tkt.dat, ptr, tkt.length);
ptr += tkt.length;
left -= tkt.length;
/* Here is where the time should be verified against the KDC.
* Unfortunately everything is sent in host byte order (receiver
* makes wrong) , and at this stage there is no way for us to know
* which byteorder the KDC has. So we simply ignore the time,
* there are no security risks with this, the only thing that can
* happen is that we might receive a replayed ticket, which could
* at most be useless.
*/
#if 0
/* check KDC time stamp */
{
time_t kdc_time;
memmove(&kdc_time, ptr, sizeof(kdc_time));
if (swap_bytes) swap_u_long(kdc_time);
ptr += 4;
if (abs((int)(local_time - kdc_time)) > CLOCK_SKEW) {
return(RD_AP_TIME); /* XXX should probably be better
code */
}
}
#endif
/* initialize ticket cache */
if (tf_create(TKT_FILE) != KSUCCESS)
return(INTK_ERR);
if (tf_put_pname(pr.name) != KSUCCESS ||
tf_put_pinst(pr.instance) != KSUCCESS) {
tf_close();
return(INTK_ERR);
}
kerror = tf_save_cred(sp.name, sp.instance, sp.realm, session,
lifetime, kvno, &tkt, local_time);
tf_close();
return(kerror);
}
void
kauth(char *principal, char *ticket)
{
char *p;
int ret;
if(get_command_prot() != prot_private) {
reply(500, "Request denied (bad protection level)");
return;
}
ret = krb_parse_name(principal, &pr);
if(ret){
reply(500, "Bad principal: %s.", krb_get_err_text(ret));
return;
}
if(pr.realm[0] == 0)
krb_get_lrealm(pr.realm, 1);
if(ticket){
cip.length = base64_decode(ticket, &cip.dat);
if(cip.length == -1){
reply(500, "Failed to decode data.");
return;
}
ret = store_ticket(&cip);
if(ret){
reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
memset(&cip, 0, sizeof(cip));
return;
}
do_destroy_tickets = 1;
if(k_hasafs())
krb_afslog(0, 0);
reply(200, "Tickets will be destroyed on exit.");
return;
}
ret = krb_get_in_tkt (pr.name,
pr.instance,
pr.realm,
KRB_TICKET_GRANTING_TICKET,
pr.realm,
DEFAULT_TKT_LIFE,
NULL, save_tkt, NULL);
if(ret != INTK_BADPW){
reply(500, "Kerberos error: %s.", krb_get_err_text(ret));
return;
}
if(base64_encode(cip.dat, cip.length, &p) < 0) {
reply(500, "Out of memory while base64-encoding.");
return;
}
reply(300, "P=%s T=%s", krb_unparse_name(&pr), p);
free(p);
memset(&cip, 0, sizeof(cip));
}
static char *
short_date(int32_t dp)
{
char *cp;
time_t t = (time_t)dp;
if (t == (time_t)(-1L)) return "*** Never *** ";
cp = ctime(&t) + 4;
cp[15] = '\0';
return (cp);
}
void
klist(void)
{
int err;
char *file = tkt_string();
krb_principal pr;
char buf1[128], buf2[128];
int header = 1;
CREDENTIALS c;
err = tf_init(file, R_TKT_FIL);
if(err != KSUCCESS){
reply(500, "%s", krb_get_err_text(err));
return;
}
tf_close();
/*
* We must find the realm of the ticket file here before calling
* tf_init because since the realm of the ticket file is not
* really stored in the principal section of the file, the
* routine we use must itself call tf_init and tf_close.
*/
err = krb_get_tf_realm(file, pr.realm);
if(err != KSUCCESS){
reply(500, "%s", krb_get_err_text(err));
return;
}
err = tf_init(file, R_TKT_FIL);
if(err != KSUCCESS){
reply(500, "%s", krb_get_err_text(err));
return;
}
err = tf_get_pname(pr.name);
if(err != KSUCCESS){
reply(500, "%s", krb_get_err_text(err));
return;
}
err = tf_get_pinst(pr.instance);
if(err != KSUCCESS){
reply(500, "%s", krb_get_err_text(err));
return;
}
/*
* You may think that this is the obvious place to get the
* realm of the ticket file, but it can't be done here as the
* routine to do this must open the ticket file. This is why
* it was done before tf_init.
*/
lreply(200, "Ticket file: %s", tkt_string());
lreply(200, "Principal: %s", krb_unparse_name(&pr));
while ((err = tf_get_cred(&c)) == KSUCCESS) {
if (header) {
lreply(200, "%-15s %-15s %s",
" Issued", " Expires", " Principal (kvno)");
header = 0;
}
strlcpy(buf1, short_date(c.issue_date), sizeof(buf1));
c.issue_date = krb_life_to_time(c.issue_date, c.lifetime);
if (time(0) < (unsigned long) c.issue_date)
strlcpy(buf2, short_date(c.issue_date), sizeof(buf2));
else
strlcpy(buf2, ">>> Expired <<< ", sizeof(buf2));
lreply(200, "%s %s %s (%d)", buf1, buf2,
krb_unparse_name_long(c.service, c.instance, c.realm), c.kvno);
}
if (header && err == EOF) {
lreply(200, "No tickets in file.");
}
reply(200, " ");
}
/*
* Only destroy if we created the tickets
*/
void
cond_kdestroy(void)
{
if (do_destroy_tickets)
dest_tkt();
afsunlog();
}
void
kdestroy(void)
{
dest_tkt();
afsunlog();
reply(200, "Tickets destroyed");
}
void
krbtkfile(const char *tkfile)
{
do_destroy_tickets = 0;
krb_set_tkt_string(tkfile);
reply(200, "Using ticket file %s", tkfile);
}
void
afslog(const char *cell)
{
if(k_hasafs()) {
krb_afslog(cell, 0);
reply(200, "afslog done");
} else {
reply(200, "no AFS present");
}
}
void
afsunlog(void)
{
if(k_hasafs())
k_unlog();
}

372
crypto/kerberosIV/appl/ftp/ftpd/krb4.c
View File

@ -1,372 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: krb4.c,v 1.19 1997/05/11 09:00:07 assar Exp $");
#endif
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endif
#ifdef HAVE_NETINET_IN_h
#include <netinet/in.h>
#endif
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <krb.h>
#include "base64.h"
#include "extern.h"
#include "auth.h"
#include "krb4.h"
#include <roken.h>
static AUTH_DAT auth_dat;
static des_key_schedule schedule;
int krb4_auth(char *auth)
{
auth_complete = 0;
reply(334, "Using authentication type %s; ADAT must follow", auth);
return 0;
}
int krb4_adat(char *auth)
{
KTEXT_ST tkt;
char *p;
int kerror;
u_int32_t cs;
char msg[35]; /* size of encrypted block */
int len;
char inst[INST_SZ];
memset(&tkt, 0, sizeof(tkt));
len = base64_decode(auth, tkt.dat);
if(len < 0){
reply(501, "Failed to decode base64 data.");
return -1;
}
tkt.length = len;
k_getsockinst(0, inst, sizeof(inst));
kerror = krb_rd_req(&tkt, "ftp", inst, 0, &auth_dat, "");
if(kerror == RD_AP_UNDEC){
k_getsockinst(0, inst, sizeof(inst));
kerror = krb_rd_req(&tkt, "rcmd", inst, 0, &auth_dat, "");
}
if(kerror){
reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
return -1;
}
des_set_key(&auth_dat.session, schedule);
cs = auth_dat.checksum + 1;
{
unsigned char tmp[4];
tmp[0] = (cs >> 24) & 0xff;
tmp[1] = (cs >> 16) & 0xff;
tmp[2] = (cs >> 8) & 0xff;
tmp[3] = cs & 0xff;
len = krb_mk_safe(tmp, msg, 4, &auth_dat.session,
&ctrl_addr, &his_addr);
}
if(len < 0){
reply(535, "Error creating reply: %s.", strerror(errno));
return -1;
}
base64_encode(msg, len, &p);
reply(235, "ADAT=%s", p);
auth_complete = 1;
free(p);
return 0;
}
int krb4_pbsz(int size)
{
if(size > 1048576) /* XXX arbitrary number */
size = 1048576;
buffer_size = size;
reply(200, "OK PBSZ=%d", buffer_size);
return 0;
}
int krb4_prot(int level)
{
if(level == prot_confidential)
return -1;
return 0;
}
int krb4_ccc(void)
{
reply(534, "Don't event think about it.");
return -1;
}
int krb4_mic(char *msg)
{
int len;
int kerror;
MSG_DAT m_data;
char *tmp, *cmd;
cmd = strdup(msg);
len = base64_decode(msg, cmd);
if(len < 0){
reply(501, "Failed to decode base 64 data.");
free(cmd);
return -1;
}
kerror = krb_rd_safe(cmd, len, &auth_dat.session,
&his_addr, &ctrl_addr, &m_data);
if(kerror){
reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
free(cmd);
return -1;
}
tmp = malloc(strlen(msg) + 1);
snprintf(tmp, strlen(msg) + 1, "%.*s", (int)m_data.app_length, m_data.app_data);
if(!strstr(tmp, "\r\n"))
strcat(tmp, "\r\n");
new_ftp_command(tmp);
free(cmd);
return 0;
}
int krb4_conf(char *msg)
{
prot_level = prot_safe;
reply(537, "Protection level not supported.");
return -1;
}
int krb4_enc(char *msg)
{
int len;
int kerror;
MSG_DAT m_data;
char *tmp, *cmd;
cmd = strdup(msg);
len = base64_decode(msg, cmd);
if(len < 0){
reply(501, "Failed to decode base 64 data.");
free(cmd);
return -1;
}
kerror = krb_rd_priv(cmd, len, schedule, &auth_dat.session,
&his_addr, &ctrl_addr, &m_data);
if(kerror){
reply(535, "Error reading request: %s.", krb_get_err_text(kerror));
free(cmd);
return -1;
}
tmp = strdup(msg);
snprintf(tmp, strlen(msg) + 1, "%.*s", (int)m_data.app_length, m_data.app_data);
if(!strstr(tmp, "\r\n"))
strcat(tmp, "\r\n");
new_ftp_command(tmp);
free(cmd);
return 0;
}
int krb4_read(int fd, void *data, int length)
{
static int left;
static char *extra;
static int eof;
int len, bytes, tx = 0;
MSG_DAT m_data;
int kerror;
if(eof){ /* if we haven't reported an end-of-file, do so */
eof = 0;
return 0;
}
if(left){
if(length > left)
bytes = left;
else
bytes = length;
memmove(data, extra, bytes);
left -= bytes;
if(left)
memmove(extra, extra + bytes, left);
else
free(extra);
length -= bytes;
tx += bytes;
}
while(length){
unsigned char tmp[4];
if(krb_net_read(fd, tmp, 4) < 4){
reply(400, "Unexpected end of file.\n");
return -1;
}
len = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3];
krb_net_read(fd, data_buffer, len);
if(data_protection == prot_safe)
kerror = krb_rd_safe(data_buffer, len, &auth_dat.session,
&his_addr, &ctrl_addr, &m_data);
else
kerror = krb_rd_priv(data_buffer, len, schedule, &auth_dat.session,
&his_addr, &ctrl_addr, &m_data);
if(kerror){
reply(400, "Failed to read data: %s.", krb_get_err_text(kerror));
return -1;
}
bytes = m_data.app_length;
if(bytes == 0){
if(tx) eof = 1;
return tx;
}
if(bytes > length){
left = bytes - length;
bytes = length;
extra = malloc(left);
memmove(extra, m_data.app_data + bytes, left);
}
memmove((unsigned char*)data + tx, m_data.app_data, bytes);
tx += bytes;
length -= bytes;
}
return tx;
}
int krb4_write(int fd, void *data, int length)
{
int len, bytes, tx = 0;
len = buffer_size;
if(data_protection == prot_safe)
len -= 31; /* always 31 bytes overhead */
else
len -= 26; /* at most 26 bytes */
do{
if(length < len)
len = length;
if(data_protection == prot_safe)
bytes = krb_mk_safe(data, data_buffer+4, len, &auth_dat.session,
&ctrl_addr, &his_addr);
else
bytes = krb_mk_priv(data, data_buffer+4, len, schedule,
&auth_dat.session,
&ctrl_addr, &his_addr);
if(bytes == -1){
reply(535, "Failed to make packet: %s.", strerror(errno));
return -1;
}
data_buffer[0] = (bytes >> 24) & 0xff;
data_buffer[1] = (bytes >> 16) & 0xff;
data_buffer[2] = (bytes >> 8) & 0xff;
data_buffer[3] = bytes & 0xff;
if(krb_net_write(fd, data_buffer, bytes+4) < 0)
return -1;
length -= len;
data = (unsigned char*)data + len;
tx += len;
}while(length);
return tx;
}
int krb4_userok(char *name)
{
if(!kuserok(&auth_dat, name)){
do_login(232, name);
}else{
reply(530, "User %s access denied.", name);
}
return 0;
}
int
krb4_vprintf(const char *fmt, va_list ap)
{
char buf[10240];
char *p;
char *enc;
int code;
int len;
vsnprintf (buf, sizeof(buf), fmt, ap);
enc = malloc(strlen(buf) + 31);
if(prot_level == prot_safe){
len = krb_mk_safe((u_char*)buf, (u_char*)enc, strlen(buf), &auth_dat.session,
&ctrl_addr, &his_addr);
code = 631;
}else if(prot_level == prot_private){
len = krb_mk_priv((u_char*)buf, (u_char*)enc, strlen(buf), schedule,
&auth_dat.session, &ctrl_addr, &his_addr);
code = 632;
}else{
len = 0; /* XXX */
code = 631;
}
base64_encode(enc, len, &p);
fprintf(stdout, "%d %s\r\n", code, p);
free(enc);
free(p);
return 0;
}

61
crypto/kerberosIV/appl/ftp/ftpd/krb4.h
View File

@ -1,61 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: krb4.h,v 1.6 1997/04/01 08:17:29 joda Exp $ */
#ifndef __KRB4_H__
#define __KRB4_H__
#include <stdarg.h>
int krb4_auth(char *auth);
int krb4_adat(char *auth);
int krb4_pbsz(int size);
int krb4_prot(int level);
int krb4_ccc(void);
int krb4_mic(char *msg);
int krb4_conf(char *msg);
int krb4_enc(char *msg);
int krb4_read(int fd, void *data, int length);
int krb4_write(int fd, void *data, int length);
int krb4_userok(char *name);
int krb4_vprintf(const char *fmt, va_list ap);
#endif /* __KRB4_H__ */

137
crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c
View File

@ -1,137 +0,0 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: logwtmp.c,v 1.14 1999/12/02 16:58:31 joda Exp $");
#endif
#include <stdio.h>
#include <string.h>
#ifdef TIME_WITH_SYS_TIME
#include <sys/time.h>
#include <time.h>
#elif defined(HAVE_SYS_TIME_H)
#include <sys/time.h>
#else
#include <time.h>
#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
#endif
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
#ifdef HAVE_UTMP_H
#include <utmp.h>
#endif
#ifdef HAVE_UTMPX_H
#include <utmpx.h>
#endif
#include "extern.h"
#ifndef WTMP_FILE
#ifdef _PATH_WTMP
#define WTMP_FILE _PATH_WTMP
#else
#define WTMP_FILE "/var/adm/wtmp"
#endif
#endif
void
ftpd_logwtmp(char *line, char *name, char *host)
{
static int init = 0;
static int fd;
#ifdef WTMPX_FILE
static int fdx;
#endif
struct utmp ut;
#ifdef WTMPX_FILE
struct utmpx utx;
#endif
memset(&ut, 0, sizeof(struct utmp));
#ifdef HAVE_STRUCT_UTMP_UT_TYPE
if(name[0])
ut.ut_type = USER_PROCESS;
else
ut.ut_type = DEAD_PROCESS;
#endif
strncpy(ut.ut_line, line, sizeof(ut.ut_line));
strncpy(ut.ut_name, name, sizeof(ut.ut_name));
#ifdef HAVE_STRUCT_UTMP_UT_PID
ut.ut_pid = getpid();
#endif
#ifdef HAVE_STRUCT_UTMP_UT_HOST
strncpy(ut.ut_host, host, sizeof(ut.ut_host));
#endif
ut.ut_time = time(NULL);
#ifdef WTMPX_FILE
strncpy(utx.ut_line, line, sizeof(utx.ut_line));
strncpy(utx.ut_user, name, sizeof(utx.ut_user));
strncpy(utx.ut_host, host, sizeof(utx.ut_host));
#ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN
utx.ut_syslen = strlen(host) + 1;
if (utx.ut_syslen > sizeof(utx.ut_host))
utx.ut_syslen = sizeof(utx.ut_host);
#endif
{
struct timeval tv;
gettimeofday (&tv, 0);
utx.ut_tv.tv_sec = tv.tv_sec;
utx.ut_tv.tv_usec = tv.tv_usec;
}
if(name[0])
utx.ut_type = USER_PROCESS;
else
utx.ut_type = DEAD_PROCESS;
#endif
if(!init){
fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0);
#ifdef WTMPX_FILE
fdx = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0);
#endif
init = 1;
}
if(fd >= 0) {
write(fd, &ut, sizeof(struct utmp)); /* XXX */
#ifdef WTMPX_FILE
write(fdx, &utx, sizeof(struct utmpx));
#endif
}
}

573
crypto/kerberosIV/appl/ftp/ftpd/ls.c
View File

@ -1,573 +0,0 @@
/*
* Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of KTH nor the names of its contributors may be
* used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
* EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
#include "ftpd_locl.h"
RCSID("$Id: ls.c,v 1.13.2.2 2000/06/23 02:51:09 assar Exp $");
struct fileinfo {
struct stat st;
int inode;
int bsize;
char mode[11];
int n_link;
char *user;
char *group;
char *size;
char *major;
char *minor;
char *date;
char *filename;
char *link;
};
#define LS_DIRS 1
#define LS_IGNORE_DOT 2
#define LS_SORT_MODE 12
#define SORT_MODE(f) ((f) & LS_SORT_MODE)
#define LS_SORT_NAME 4
#define LS_SORT_MTIME 8
#define LS_SORT_SIZE 12
#define LS_SORT_REVERSE 16
#define LS_SIZE 32
#define LS_INODE 64
#ifndef S_ISTXT
#define S_ISTXT S_ISVTX
#endif
#ifndef S_ISSOCK
#define S_ISSOCK(mode) (((mode) & _S_IFMT) == S_IFSOCK)
#endif
#ifndef S_ISLNK
#define S_ISLNK(mode) (((mode) & _S_IFMT) == S_IFLNK)
#endif
static void
make_fileinfo(const char *filename, struct fileinfo *file, int flags)
{
char buf[128];
struct stat *st = &file->st;
file->inode = st->st_ino;
#ifdef S_BLKSIZE
file->bsize = st->st_blocks * S_BLKSIZE / 1024;
#else
file->bsize = st->st_blocks * 512 / 1024;
#endif
if(S_ISDIR(st->st_mode))
file->mode[0] = 'd';
else if(S_ISCHR(st->st_mode))
file->mode[0] = 'c';
else if(S_ISBLK(st->st_mode))
file->mode[0] = 'b';
else if(S_ISREG(st->st_mode))
file->mode[0] = '-';
else if(S_ISFIFO(st->st_mode))
file->mode[0] = 'p';
else if(S_ISLNK(st->st_mode))
file->mode[0] = 'l';
else if(S_ISSOCK(st->st_mode))
file->mode[0] = 's';
#ifdef S_ISWHT
else if(S_ISWHT(st->st_mode))
file->mode[0] = 'w';
#endif
else
file->mode[0] = '?';
{
char *x[] = { "---", "--x", "-w-", "-wx",
"r--", "r-x", "rw-", "rwx" };
strcpy(file->mode + 1, x[(st->st_mode & S_IRWXU) >> 6]);
strcpy(file->mode + 4, x[(st->st_mode & S_IRWXG) >> 3]);
strcpy(file->mode + 7, x[(st->st_mode & S_IRWXO) >> 0]);
if((st->st_mode & S_ISUID)) {
if((st->st_mode & S_IXUSR))
file->mode[3] = 's';
else
file->mode[3] = 'S';
}
if((st->st_mode & S_ISGID)) {
if((st->st_mode & S_IXGRP))
file->mode[6] = 's';
else
file->mode[6] = 'S';
}
if((st->st_mode & S_ISTXT)) {
if((st->st_mode & S_IXOTH))
file->mode[9] = 't';
else
file->mode[9] = 'T';
}
}
file->n_link = st->st_nlink;
{
struct passwd *pwd;
pwd = getpwuid(st->st_uid);
if(pwd == NULL)
asprintf(&file->user, "%u", (unsigned)st->st_uid);
else
file->user = strdup(pwd->pw_name);
}
{
struct group *grp;
grp = getgrgid(st->st_gid);
if(grp == NULL)
asprintf(&file->group, "%u", (unsigned)st->st_gid);
else
file->group = strdup(grp->gr_name);
}
if(S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode)) {
#if defined(major) && defined(minor)
asprintf(&file->major, "%u", (unsigned)major(st->st_rdev));
asprintf(&file->minor, "%u", (unsigned)minor(st->st_rdev));
#else
/* Don't want to use the DDI/DKI crap. */
asprintf(&file->major, "%u", (unsigned)st->st_rdev);
asprintf(&file->minor, "%u", 0);
#endif
} else
asprintf(&file->size, "%lu", (unsigned long)st->st_size);
{
time_t t = time(NULL);
time_t mtime = st->st_mtime;
struct tm *tm = localtime(&mtime);
if((t - mtime > 6*30*24*60*60) ||
(mtime - t > 6*30*24*60*60))
strftime(buf, sizeof(buf), "%b %e %Y", tm);
else
strftime(buf, sizeof(buf), "%b %e %H:%M", tm);
file->date = strdup(buf);
}
{
const char *p = strrchr(filename, '/');
if(p)
p++;
else
p = filename;
file->filename = strdup(p);
}
if(S_ISLNK(st->st_mode)) {
int n;
n = readlink((char *)filename, buf, sizeof(buf));
if(n >= 0) {
buf[n] = '\0';
file->link = strdup(buf);
} else
warn("%s: readlink", filename);
}
}
static void
print_file(FILE *out,
int flags,
struct fileinfo *f,
int max_inode,
int max_bsize,
int max_n_link,
int max_user,
int max_group,
int max_size,
int max_major,
int max_minor,
int max_date)
{
if(f->filename == NULL)
return;
if(flags & LS_INODE) {
sec_fprintf2(out, "%*d", max_inode, f->inode);
sec_fprintf2(out, " ");
}
if(flags & LS_SIZE) {
sec_fprintf2(out, "%*d", max_bsize, f->bsize);
sec_fprintf2(out, " ");
}
sec_fprintf2(out, "%s", f->mode);
sec_fprintf2(out, " ");
sec_fprintf2(out, "%*d", max_n_link, f->n_link);
sec_fprintf2(out, " ");
sec_fprintf2(out, "%-*s", max_user, f->user);
sec_fprintf2(out, " ");
sec_fprintf2(out, "%-*s", max_group, f->group);
sec_fprintf2(out, " ");
if(f->major != NULL && f->minor != NULL)
sec_fprintf2(out, "%*s, %*s", max_major, f->major, max_minor, f->minor);
else
sec_fprintf2(out, "%*s", max_size, f->size);
sec_fprintf2(out, " ");
sec_fprintf2(out, "%*s", max_date, f->date);
sec_fprintf2(out, " ");
sec_fprintf2(out, "%s", f->filename);
if(f->link)
sec_fprintf2(out, " -> %s", f->link);
sec_fprintf2(out, "\r\n");
}
static int
compare_filename(struct fileinfo *a, struct fileinfo *b)
{
if(a->filename == NULL)
return 1;
if(b->filename == NULL)
return -1;
return strcmp(a->filename, b->filename);
}
static int
compare_mtime(struct fileinfo *a, struct fileinfo *b)
{
if(a->filename == NULL)
return 1;
if(b->filename == NULL)
return -1;
return a->st.st_mtime - b->st.st_mtime;
}
static int
compare_size(struct fileinfo *a, struct fileinfo *b)
{
if(a->filename == NULL)
return 1;
if(b->filename == NULL)
return -1;
return a->st.st_size - b->st.st_size;
}
static void
list_dir(FILE *out, const char *directory, int flags);
static int
log10(int num)
{
int i = 1;
while(num > 10) {
i++;
num /= 10;
}
return i;
}
/*
* Operate as lstat but fake up entries for AFS mount points so we don't
* have to fetch them.
*/
static int
lstat_file (const char *file, struct stat *sb)
{
#ifdef KRB4
if (k_hasafs()
&& strcmp(file, ".")
&& strcmp(file, ".."))
{
struct ViceIoctl a_params;
char *last;
char *path_bkp;
static ino_t ino_counter = 0, ino_last = 0;
int ret;
const int maxsize = 2048;
path_bkp = strdup (file);
if (path_bkp == NULL)
return -1;
a_params.out = malloc (maxsize);
if (a_params.out == NULL) {
free (path_bkp);
return -1;
}
/* If path contains more than the filename alone - split it */
last = strrchr (path_bkp, '/');
if (last != NULL) {
*last = '\0';
a_params.in = last + 1;
} else
a_params.in = (char *)file;
a_params.in_size = strlen (a_params.in) + 1;
a_params.out_size = maxsize;
ret = k_pioctl (last ? path_bkp : "." ,
VIOC_AFS_STAT_MT_PT, &a_params, 0);
free (a_params.out);
if (ret < 0) {
free (path_bkp);
if (errno != EINVAL)
return ret;
else
/* if we get EINVAL this is probably not a mountpoint */
return lstat (file, sb);
}
/*
* wow this was a mountpoint, lets cook the struct stat
* use . as a prototype
*/
ret = lstat (path_bkp, sb);
free (path_bkp);
if (ret < 0)
return ret;
if (ino_last == sb->st_ino)
ino_counter++;
else {
ino_last = sb->st_ino;
ino_counter = 0;
}
sb->st_ino += ino_counter;
sb->st_nlink = 3;
return 0;
}
#endif /* KRB4 */
return lstat (file, sb);
}
static void
list_files(FILE *out, char **files, int n_files, int flags)
{
struct fileinfo *fi;
int i;
fi = calloc(n_files, sizeof(*fi));
if (fi == NULL) {
sec_fprintf2(out, "ouf of memory\r\n");
return;
}
for(i = 0; i < n_files; i++) {
if(lstat_file(files[i], &fi[i].st) < 0) {
sec_fprintf2(out, "%s: %s\r\n", files[i], strerror(errno));
fi[i].filename = NULL;
} else {
if((flags & LS_DIRS) == 0 && S_ISDIR(fi[i].st.st_mode)) {
if(n_files > 1)
sec_fprintf2(out, "%s:\r\n", files[i]);
list_dir(out, files[i], flags);
} else {
make_fileinfo(files[i], &fi[i], flags);
}
}
}
switch(SORT_MODE(flags)) {
case LS_SORT_NAME:
qsort(fi, n_files, sizeof(*fi),
(int (*)(const void*, const void*))compare_filename);
break;
case LS_SORT_MTIME:
qsort(fi, n_files, sizeof(*fi),
(int (*)(const void*, const void*))compare_mtime);
break;
case LS_SORT_SIZE:
qsort(fi, n_files, sizeof(*fi),
(int (*)(const void*, const void*))compare_size);
break;
}
{
int max_inode = 0;
int max_bsize = 0;
int max_n_link = 0;
int max_user = 0;
int max_group = 0;
int max_size = 0;
int max_major = 0;
int max_minor = 0;
int max_date = 0;
for(i = 0; i < n_files; i++) {
if(fi[i].filename == NULL)
continue;
if(fi[i].inode > max_inode)
max_inode = fi[i].inode;
if(fi[i].bsize > max_bsize)
max_bsize = fi[i].bsize;
if(fi[i].n_link > max_n_link)
max_n_link = fi[i].n_link;
if(strlen(fi[i].user) > max_user)
max_user = strlen(fi[i].user);
if(strlen(fi[i].group) > max_group)
max_group = strlen(fi[i].group);
if(fi[i].major != NULL && strlen(fi[i].major) > max_major)
max_major = strlen(fi[i].major);
if(fi[i].minor != NULL && strlen(fi[i].minor) > max_minor)
max_minor = strlen(fi[i].minor);
if(fi[i].size != NULL && strlen(fi[i].size) > max_size)
max_size = strlen(fi[i].size);
if(strlen(fi[i].date) > max_date)
max_date = strlen(fi[i].date);
}
if(max_size < max_major + max_minor + 2)
max_size = max_major + max_minor + 2;
else if(max_size - max_minor - 2 > max_major)
max_major = max_size - max_minor - 2;
max_inode = log10(max_inode);
max_bsize = log10(max_bsize);
max_n_link = log10(max_n_link);
if(flags & LS_SORT_REVERSE)
for(i = n_files - 1; i >= 0; i--)
print_file(out,
flags,
&fi[i],
max_inode,
max_bsize,
max_n_link,
max_user,
max_group,
max_size,
max_major,
max_minor,
max_date);
else
for(i = 0; i < n_files; i++)
print_file(out,
flags,
&fi[i],
max_inode,
max_bsize,
max_n_link,
max_user,
max_group,
max_size,
max_major,
max_minor,
max_date);
}
}
static void
free_files (char **files, int n)
{
int i;
for (i = 0; i < n; ++i)
free (files[i]);
free (files);
}
static void
list_dir(FILE *out, const char *directory, int flags)
{
DIR *d = opendir(directory);
struct dirent *ent;
char **files = NULL;
int n_files = 0;
if(d == NULL) {
sec_fprintf2(out, "%s: %s\r\n", directory, strerror(errno));
return;
}
while((ent = readdir(d)) != NULL) {
void *tmp;
if(ent->d_name[0] == '.') {
if (flags & LS_IGNORE_DOT)
continue;
if (ent->d_name[1] == 0) /* Ignore . */
continue;
if (ent->d_name[1] == '.' && ent->d_name[2] == 0) /* Ignore .. */
continue;
}
tmp = realloc(files, (n_files + 1) * sizeof(*files));
if (tmp == NULL) {
sec_fprintf2(out, "%s: out of memory\r\n", directory);
free_files (files, n_files);
closedir (d);
return;
}
files = tmp;
asprintf(&files[n_files], "%s/%s", directory, ent->d_name);
if (files[n_files] == NULL) {
sec_fprintf2(out, "%s: out of memory\r\n", directory);
free_files (files, n_files);
closedir (d);
return;
}
++n_files;
}
closedir(d);
list_files(out, files, n_files, flags | LS_DIRS);
}
void
builtin_ls(FILE *out, const char *file)
{
int flags = LS_SORT_NAME;
if(*file == '-') {
const char *p;
for(p = file + 1; *p; p++) {
switch(*p) {
case 'a':
case 'A':
flags &= ~LS_IGNORE_DOT;
break;
case 'C':
break;
case 'd':
flags |= LS_DIRS;
break;
case 'f':
flags = (flags & ~LS_SORT_MODE);
break;
case 'i':
flags |= flags | LS_INODE;
break;
case 'l':
break;
case 't':
flags = (flags & ~LS_SORT_MODE) | LS_SORT_MTIME;
break;
case 's':
flags |= LS_SIZE;
break;
case 'S':
flags = (flags & ~LS_SORT_MODE) | LS_SORT_SIZE;
break;
case 'r':
flags |= LS_SORT_REVERSE;
break;
}
}
file = ".";
}
list_files(out, &file, 1, flags);
sec_fflush(out);
}

58
crypto/kerberosIV/appl/ftp/ftpd/pathnames.h
View File

@ -1,58 +0,0 @@
/*
* Copyright (c) 1989, 1993
* The Regents of the University of California. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the University of
* California, Berkeley and its contributors.
* 4. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* @(#)pathnames.h 8.1 (Berkeley) 6/4/93
*/
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
#ifndef _PATH_DEVNULL
#define _PATH_DEVNULL "/dev/null"
#endif
#ifndef _PATH_NOLOGIN
#define _PATH_NOLOGIN "/etc/nologin"
#endif
#ifndef _PATH_BSHELL
#define _PATH_BSHELL "/bin/sh"
#endif
#define _PATH_FTPUSERS "/etc/ftpusers"
#define _PATH_FTPCHROOT "/etc/ftpchroot"
#define _PATH_FTPWELCOME "/etc/ftpwelcome"
#define _PATH_FTPLOGINMESG "/etc/motd"
#define _PATH_ISSUE "/etc/issue"
#define _PATH_ISSUE_NET "/etc/issue.net"

Some files were not shown because too many files have changed in this diff Show More