d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import krb4-1.0.5

Browse Source
This commit is contained in:
Assar Westerlund 2000-12-29 21:00:22 +00:00
parent ee695f07e2
commit 5ad8ddfb6f
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor-crypto/kerberosIV/dist/; revision=70494
124 changed files with 5670 additions and 1637 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

135
crypto/kerberosIV/ChangeLog
View File

@ -1,6 +1,141 @@
2000-12-25
* configure.in (VERSION): bump to 1.0.5
2000-10-19
* include/Makefile.in (HEADERS): add md4.h, md5.h, sha.h and rc4.h
* appl/kip/common.c (WCOREDUMP): add fallback definition
2000-10-18
* lib/krb/dest_tkt.c (dest_tkt): only return valid error codes
back
* kadmin/admin_server.c: re-structure code to handle DoS attacks
better only allow a constant number of children (100 currently)
keep track of which children have gotten authentication
information and kill the non-authenticated children when there are
new connections
2000-10-16
* server/kerberos.c: handle a fixed number (100) of TCP
connections and kill some randomly if all are busy to try to
mitigate the effects of DoS attacks
2000-10-08
* lib/krb/send_to_kdc.c (send_recv): check that fds are not too
large to select on
* kadmin/admin_server.c (kadm_listen): check that fds are not too
large to select on
* appl/kip/common.c (*): check that fds are not too large to
select on
* appl/bsd/rshd.c (doit): check that fds are not too large to
select on
* appl/bsd/rsh.c (talk): check that fds are not too large to
select on
* appl/bsd/rlogin.c (reader): check that fds are not too large to
select on
* appl/bsd/kcmd.c (kcmd): check that fds are not too large to
select on
2000-09-25
* config.guess: update to version 2000-09-05 (aka 1.156) from
subversions.gnu.org plus some minor tweaks
* config.sub: update to version 2000-09-11 (aka 1.181) from
subversions.gnu.org
2000-09-09
* appl/kip/kipd.c: add back droped slash in kip-control
2000-08-16
* configure.in (getmsg): re-do so it possibly works on redhat 7.0
2000-08-09
* kuser/klist.c (display_srvtab): do not call warn with a variable
as format string
* appl/bsd/rshd.c (doit): do not call warnx with a variable as
format string
2000-07-30
* doc/install.texi: say something about siacfg
2000-06-28
* lib/krb/dest_tkt.c (dest_tkt): rewrite to lstat and compare
numbers
2000-06-10
* appl/bsd: work-around setuid and capabilities bug fixed in Linux
2.2.16
2000-06-08
* configure.in: do not use streams ptys on HP-UX 11
2000-05-15
* lib/krb/rw.c (krb_get_nir): add explicit lengths to the
parameters. before this the function `knew'. change callers.
2000-05-14
* appl/afsutil/aklog.c: look not only in /usr/vice/etc but also in
/usr/arla/etc for configuration files
2000-04-25
* lib/krb/tf_util.c (tf_create): just remove the over-writing of
the old ticket file.
2000-04-09
* lib/krb/getaddrs.c (k_get_all_addrs): apperently solaris can
return EINVAL when the buffer is too small. cope.
* appl/bsd/rshd.c (doit): exec the correct shell
2000-03-26
* config.guess, config.sub: update to current version from
:pserver:anoncvs@subversions.gnu.org:/home/cvs
* appl/bsd/rlogind.c (rlogind_logout, logwtmp): make sure to
always call time and ctime with `time_t's. there were some types
(like in lastlog) that we believed to always be time_t. this has
proven wrong on Solaris 8 in 64-bit mode, where they are stored as
32-bit quantities but time_t has gone up to 64 bits
* appl/bsd/login.c: dito
2000-03-20
* configure.in: add solaris2.8
2000-03-15
* configure.in: on all versions of aix, add `-bnolibpath' to the
linker. otherwise ld will interpret -L as run-time path for where
to find shared libraries and looking in ../../foo is a bad idea.
bug report from Niklas Edmundsson <nikke@ing.umu.se>
2000-03-09
* Release 1.0.1
1999-11-29
* Release 1.0
* lib/krb/krb-protos.h (tf_get_cred_addr): add prototype
* lib/krb/tf_util.c (tf_get_cred_addr): new function for fetching
the NAT addresses stored in the ticket file. From
<thn@stacken.kth.se>

73
crypto/kerberosIV/NEWS
View File

@ -1,3 +1,76 @@
Changes in release 1.0.5:
* Remember to update version string.
* Build fixes
* multiple local realm fix in krb_verify_user
Changes in release 1.0.4:
* Only allow a small list of environment variables in telnetd
* Fix one buffer overflow in libkrb
* Make su handle multiple local realms
* Build pic-ed archives (to be used with the pam module)
* do not handle environment variables, use krb.extra instead
* Disable KRBCONFDIR environment variable for root
* fix shared libraries building on solaris
Changes in release 1.0.3:
* Handle DoS attacks in the KDC and the admin server better.
* updated config.guess and config.sub
* better db/gdbm discovery
* bug fixes
Changes in release 1.0.2:
* Fix syslog(LOG_FOO, bug) calls in kauthd, kipd
* Fix bug with systems have a 64bit `time_t'
* Port to Solaris 8 (aka SunOS 5.8), HP-UX 11
* Add AIX fix for shared libraries
* Make afslog work with Arla
* Be more paranoid about setuid for the sake of Linux 2.2.15
* Make rshd afslog to the cell of the home directory
* Improved kip/kipd
* syslog with correct level in popper
* install libraries correctly in lib/sl
* more paranoia when overwriting and removing ticket files
Changes in release 1.0.1:
* Fix bug in ftpd when accepting connections
* Make `-d' in kauth not imply `-a'
* Adapt sia to new TKT_ROOT
* Define `sockaddr_storage' in a fashion that works on
alignment-restricted architectures
* Rewrite PAM module to work better.
* Make all files in libdes build with CFLAGS
Changes in release 1.0:
* A new configuration option `nat_in_use' in krb.extra to ease use

15
crypto/kerberosIV/aclocal.m4 vendored
View File

@ -251,7 +251,7 @@ esac
])
dnl
dnl $Id: shared-libs.m4,v 1.4 1999/07/13 17:47:09 assar Exp $
dnl $Id: shared-libs.m4,v 1.4.14.3 2000/12/07 18:03:00 bg Exp $
dnl
dnl Shared library stuff has to be different everywhere
dnl
@ -317,7 +317,7 @@ case "${host}" in
install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
;;
changequote(,)dnl
*-*-freebsd[34]*)
*-*-freebsd[345]* | *-*-freebsdelf[345]*)
changequote([,])dnl
REAL_SHLIBEXT=so.$SHLIB_VERSION
REAL_LD_FLAGS='-Wl,-R$(libdir)'
@ -336,9 +336,14 @@ changequote([,])dnl
LDSHARED='ld -shared -expect_unresolved \*'
;;
*-*-solaris2*)
LDSHARED='$(CC) -shared -Wl,-h$(LIBNAME).so.'"${SHLIB_SONAME}"
REAL_SHLIBEXT=so.$SHLIB_VERSION
build_symlink_command='$(LN_S) [$][@] $(LIBNAME).so'
install_symlink_command='$(LN_S) $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
install_symlink_command2='$(LN_S) $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
REAL_LD_FLAGS='-Wl,-R$(libdir)'
if test -z "$GCC"; then
LDSHARED='$(CC) -G'
LDSHARED='$(CC) -G -h$(LIBNAME).so.'"${SHLIB_SONAME}"
REAL_PICFLAGS="-Kpic"
fi
;;
@ -795,7 +800,7 @@ else
$1_FALSE=
fi])
dnl $Id: krb-find-db.m4,v 1.5 1999/05/08 02:24:04 assar Exp $
dnl $Id: krb-find-db.m4,v 1.5.16.1 2000/08/16 04:11:57 assar Exp $
dnl
dnl find a suitable database library
dnl
@ -825,6 +830,8 @@ for i in $1; do
#include <fcntl.h>
#if defined(HAVE_NDBM_H)
#include <ndbm.h>
#elif defined(HAVE_GDBM_NDBM_H)
#include <gdbm/ndbm.h>
#elif defined(HAVE_DBM_H)
#include <dbm.h>
#elif defined(HAVE_RPCSVC_DBM_H)

20
crypto/kerberosIV/admin/kdb_util.c
View File

@ -15,7 +15,7 @@
#include "adm_locl.h"
RCSID("$Id: kdb_util.c,v 1.42 1999/09/16 20:37:21 assar Exp $");
RCSID("$Id: kdb_util.c,v 1.42.2.1 2000/10/10 12:59:16 assar Exp $");
static des_cblock master_key, new_master_key;
static des_key_schedule master_key_schedule, new_master_key_schedule;
@ -489,15 +489,19 @@ main(int argc, char **argv)
switch (op) {
case OP_DUMP:
if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
(fclose(file) == EOF))
err (1, "%s", file_name);
if ((dump_db(db_name, file, (void (*)(Principal *)) 0) == EOF)
|| (fflush(file) != 0)
|| (fsync(fileno(file)) != 0)
|| (fclose(file) == EOF))
err(1, "%s", file_name);
break;
case OP_SLAVE_DUMP:
if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) ||
(fclose(file) == EOF))
err (1, "%s", file_name);
update_ok_file (file_name);
if ((dump_db(db_name, file, (void (*)(Principal *)) 0) == EOF)
|| (fflush(file) != 0)
|| (fsync(fileno(file)) != 0)
|| (fclose(file) == EOF))
err(1, "%s", file_name);
update_ok_file(file_name);
break;
case OP_LOAD:
load_db (db_name, file);

4
crypto/kerberosIV/appl/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.31 1998/04/26 09:59:31 assar Exp $
# $Id: Makefile.in,v 1.31.6.1 2000/06/23 04:30:11 assar Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -8,7 +8,7 @@ SHELL = /bin/sh
@SET_MAKE@
SUBDIRS = sample kauth bsd movemail push afsutil \
popper xnlock kx @OTP_dir@ @APPL_KIP_DIR@ ftp telnet
popper xnlock kx kip @OTP_dir@ ftp telnet
all:
for i in $(SUBDIRS); \

34
crypto/kerberosIV/appl/afsutil/aklog.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -66,7 +66,7 @@
#include <roken.h>
RCSID("$Id: aklog.c,v 1.24 1999/12/02 16:58:28 joda Exp $");
RCSID("$Id: aklog.c,v 1.24.2.1 2000/06/23 02:31:15 assar Exp $");
static int debug = 0;
@ -89,15 +89,15 @@ DEBUG(const char *fmt, ...)
}
static char *
expand_cell_name(char *cell)
expand_1 (const char *cell, const char *filename)
{
FILE *f;
static char buf[128];
char *p;
f = fopen(_PATH_CELLSERVDB, "r");
f = fopen(filename, "r");
if(f == NULL)
return cell;
return NULL;
while(fgets(buf, sizeof(buf), f) != NULL) {
if(buf[0] == '>') {
for(p=buf; *p && !isspace(*p) && *p != '#'; p++)
@ -111,11 +111,25 @@ expand_cell_name(char *cell)
buf[0] = 0;
}
fclose(f);
return NULL;
}
static const char *
expand_cell_name(const char *cell)
{
char *ret;
ret = expand_1(cell, _PATH_CELLSERVDB);
if (ret != NULL)
return ret;
ret = expand_1(cell, _PATH_ARLA_CELLSERVDB);
if (ret != NULL)
return ret;
return cell;
}
static int
createuser (char *cell)
createuser (const char *cell)
{
char cellbuf[64];
char name[ANAME_SZ];
@ -129,9 +143,11 @@ createuser (char *cell)
f = fopen (_PATH_THISCELL, "r");
if (f == NULL)
err (1, "open(%s)", _PATH_THISCELL);
f = fopen (_PATH_ARLA_THISCELL, "r");
if (f == NULL)
err (1, "open(%s, %s)", _PATH_THISCELL, _PATH_ARLA_THISCELL);
if (fgets (cellbuf, sizeof(cellbuf), f) == NULL)
err (1, "read cellname from %s", _PATH_THISCELL);
err (1, "read cellname from %s %s", _PATH_THISCELL, _PATH_ARLA_THISCELL);
fclose (f);
len = strlen(cellbuf);
if (cellbuf[len-1] == '\n')
@ -156,7 +172,7 @@ main(int argc, char **argv)
int i;
int do_aklog = -1;
int do_createuser = -1;
char *cell = NULL;
const char *cell = NULL;
char *realm = NULL;
char cellbuf[64];

6
crypto/kerberosIV/appl/bsd/bsd_locl.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: bsd_locl.h,v 1.111 1999/12/02 16:58:28 joda Exp $ */
/* $Id: bsd_locl.h,v 1.111.2.1 2000/06/23 02:34:20 assar Exp $ */
#define LOGALL
#define KERBEROS
@ -395,3 +395,5 @@ void prepare_utmp (struct utmp *utmp, char *tty, char *username,
#endif
int do_osfc2_magic(uid_t);
void paranoid_setuid (uid_t uid);

10
crypto/kerberosIV/appl/bsd/kcmd.c
View File

@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: kcmd.c,v 1.20 1998/07/13 13:54:07 assar Exp $");
RCSID("$Id: kcmd.c,v 1.20.4.1 2000/10/10 12:55:55 assar Exp $");
#define START_PORT 5120 /* arbitrary */
@ -185,6 +185,14 @@ kcmd(int *sock,
{
fd_set fds;
FD_ZERO(&fds);
if (s >= FD_SETSIZE || s2 >= FD_SETSIZE) {
warnx("file descriptor too large");
close(s);
close(s2);
status = -1;
goto bad;
}
FD_SET(s, &fds);
FD_SET(s2, &fds);
status = select(FD_SETSIZE, &fds, NULL, NULL, NULL);

34
crypto/kerberosIV/appl/bsd/login.c
View File

@ -45,7 +45,7 @@
#include <sys/capability.h>
#endif
RCSID("$Id: login.c,v 1.125 1999/11/30 19:24:01 bg Exp $");
RCSID("$Id: login.c,v 1.125.2.2 2000/06/23 02:33:07 assar Exp $");
#ifdef OTP
#include <otp.h>
@ -596,22 +596,28 @@ main(int argc, char **argv)
if (pwd->pw_change || pwd->pw_expire)
gettimeofday(&tp, (struct timezone *)NULL);
if (pwd->pw_change)
if (pwd->pw_change) {
time_t t;
if (tp.tv_sec >= pwd->pw_change) {
printf("Sorry -- your password has expired.\n");
changepass=1;
} else if (pwd->pw_change - tp.tv_sec <
2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
2 * DAYSPERWEEK * SECSPERDAY && !quietlog) {
t = pwd->pw_change;
printf("Warning: your password expires on %s",
ctime(&pwd->pw_change));
ctime(&t));
}
if (pwd->pw_expire)
if (tp.tv_sec >= pwd->pw_expire) {
printf("Sorry -- your account has expired.\n");
sleepexit(1);
} else if (pwd->pw_expire - tp.tv_sec <
2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
2 * DAYSPERWEEK * SECSPERDAY && !quietlog) {
t = pwd->pw_expire;
printf("Warning: your account expires on %s",
ctime(&pwd->pw_expire));
ctime(&t));
}
#endif /* defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) */
/* Nothing else left to fail -- really log in. */
@ -788,6 +794,11 @@ main(int argc, char **argv)
if(!rootlogin)
exit(1);
}
if (uid != 0 && setuid(0) != -1) {
syslog(LOG_ALERT | LOG_AUTH,
"Failed to drop privileges for user %d", uid);
errx(1, "Sorry");
}
}
@ -953,6 +964,7 @@ dolastlog(int quiet)
#if defined(HAVE_LASTLOG_H) || defined(HAVE_LOGIN_H)
struct lastlog ll;
int fd;
time_t t;
if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) {
lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET);
@ -966,8 +978,8 @@ dolastlog(int quiet)
sleepexit(1);
}
if (!quiet) {
printf("Last login: %.*s ",
24-5, ctime(&ll.ll_time));
t = ll.ll_time;
printf("Last login: %.*s ", 24-5, ctime(&t));
if (*ll.ll_host != '\0') {
printf("from %.*s\n",
(int)sizeof(ll.ll_host),
@ -983,8 +995,8 @@ dolastlog(int quiet)
if (!quiet) {
if (read(fd, &ll, sizeof(ll)) == sizeof(ll) &&
ll.ll_time != 0) {
printf("Last login: %.*s ",
24-5, ctime(&ll.ll_time));
t = ll.ll_time;
printf("Last login: %.*s ", 24-5, ctime(&t));
if (*ll.ll_host != '\0')
printf("from %.*s\n",
(int)sizeof(ll.ll_host),
@ -998,7 +1010,7 @@ dolastlog(int quiet)
}
#endif /* SYSV_SHADOW */
memset(&ll, 0, sizeof(ll));
time(&ll.ll_time);
ll.ll_time = time(NULL);
strncpy(ll.ll_line, tty, sizeof(ll.ll_line));
if (hostname)
strncpy(ll.ll_host, hostname, sizeof(ll.ll_host));

20
crypto/kerberosIV/appl/bsd/rcmd_util.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: rcmd_util.c,v 1.19 1999/12/02 16:58:28 joda Exp $");
RCSID("$Id: rcmd_util.c,v 1.19.2.1 2000/06/23 02:34:48 assar Exp $");
int
get_login_port(int kerberos, int encryption)
@ -245,3 +245,19 @@ warning(const char *fmt, ...)
}
va_end(args);
}
/*
* setuid but work-around Linux 2.2.15 bug with setuid and capabilities
*/
void
paranoid_setuid (uid_t uid)
{
if (setuid (uid) < 0)
err (1, "setuid");
if (uid != 0 && setuid (0) == 0) {
syslog(LOG_ALERT | LOG_AUTH,
"Failed to drop privileges for uid %u", (unsigned)uid);
err (1, "setuid");
}
}

8
crypto/kerberosIV/appl/bsd/rcp.c
View File

@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: rcp.c,v 1.52 1999/11/16 16:54:16 bg Exp $");
RCSID("$Id: rcp.c,v 1.52.2.1 2000/06/23 02:35:16 assar Exp $");
/* Globals */
static char dst_realm_buf[REALM_SZ];
@ -415,7 +415,7 @@ kerberos(char **host, char *bp, char *locuser, char *user)
int sock = -1, err;
if (use_kerberos) {
setuid(getuid());
paranoid_setuid(getuid());
rem = KSUCCESS;
errno = 0;
if (dest_realm == NULL)
@ -559,7 +559,7 @@ toremote(char *targ, int argc, char **argv)
if (response() < 0)
exit(1);
free(bp);
setuid(userid);
paranoid_setuid(userid);
}
source(1, argv+i);
}
@ -1002,7 +1002,7 @@ main(int argc, char **argv)
response();
if(do_osfc2_magic(pwd->pw_uid))
exit(1);
setuid(userid);
paranoid_setuid(userid);
if (k_hasafs()) {
/* Sometimes we will need cell specific tokens
* to be able to read and write files, thus,

8
crypto/kerberosIV/appl/bsd/rlogin.c
View File

@ -36,7 +36,7 @@
*/
#include "bsd_locl.h"
RCSID("$Id: rlogin.c,v 1.67 1999/11/13 06:13:02 assar Exp $");
RCSID("$Id: rlogin.c,v 1.67.2.2 2000/10/10 12:54:26 assar Exp $");
CREDENTIALS cred;
Key_schedule schedule;
@ -241,6 +241,8 @@ reader(void)
rcvcnt = 0;
FD_ZERO (&readfds);
if (rem >= FD_SETSIZE)
errx (1, "fd too large");
FD_SET (rem, &readfds);
FD_ZERO (&exceptfds);
if (kludgep)
@ -641,7 +643,7 @@ main(int argc, char **argv)
get_window_size(0, &winsize);
if (use_kerberos) {
setuid(getuid());
paranoid_setuid(getuid());
rem = KSUCCESS;
errno = 0;
if (dest_realm == NULL)
@ -703,7 +705,7 @@ main(int argc, char **argv)
#endif /* IP_TOS */
#endif /* HAVE_SETSOCKOPT */
setuid(uid);
paranoid_setuid(uid);
doit();
return 0;
}

13
crypto/kerberosIV/appl/bsd/rlogind.c
View File

@ -42,7 +42,7 @@
#include "bsd_locl.h"
RCSID("$Id: rlogind.c,v 1.109 1999/11/25 05:27:38 assar Exp $");
RCSID("$Id: rlogind.c,v 1.109.2.2 2000/06/23 02:37:06 assar Exp $");
extern int __check_rhosts_file;
@ -257,7 +257,7 @@ rlogind_logout(const char *line)
ut.ut_exit.e_exit = 0;
#endif
#endif
time(&ut.ut_time);
ut.ut_time = time(NULL);
fseek(fp, (long)-sizeof(struct utmp), SEEK_CUR);
fwrite(&ut, sizeof(struct utmp), 1, fp);
fseek(fp, (long)0, SEEK_CUR);
@ -297,7 +297,7 @@ logwtmp(const char *line, const char *name, const char *host)
else
ut.ut_type = DEAD_PROCESS;
#endif
time(&ut.ut_time);
ut.ut_time = time(NULL);
if (write(fd, &ut, sizeof(struct utmp)) !=
sizeof(struct utmp))
ftruncate(fd, buf.st_size);
@ -491,6 +491,13 @@ doit(int f, struct sockaddr_in *fromp)
execl(new_login, "login", "-p",
"-h", hostname, "-f", "--", lusername, 0);
} else if (use_kerberos) {
fprintf(stderr, "User `%s' is not authorized to login as `%s'!\n",
krb_unparse_name_long(kdata->pname,
kdata->pinst,
kdata->prealm),
lusername);
exit(1);
} else
execl(new_login, "login", "-p",
"-h", hostname, "--", lusername, 0);

16
crypto/kerberosIV/appl/bsd/rsh.c
View File

@ -33,7 +33,7 @@
#include "bsd_locl.h"
RCSID("$Id: rsh.c,v 1.43 1999/11/13 06:13:34 assar Exp $");
RCSID("$Id: rsh.c,v 1.43.2.2 2000/10/10 12:53:50 assar Exp $");
CREDENTIALS cred;
Key_schedule schedule;
@ -107,7 +107,10 @@ talk(int nflag, sigset_t omask, int pid, int rem)
goto done;
bp = buf;
rewrite: FD_ZERO(&rembits);
rewrite:
FD_ZERO(&rembits);
if (rem >= FD_SETSIZE)
errx(1, "fd too large");
FD_SET(rem, &rembits);
if (select(rem + 1, 0, &rembits, 0, 0) < 0) {
if (errno != EINTR)
@ -140,6 +143,8 @@ talk(int nflag, sigset_t omask, int pid, int rem)
if (sigprocmask(SIG_SETMASK, &omask, 0) != 0)
warn("sigprocmask");
FD_ZERO(&readfrom);
if (rem >= FD_SETSIZE || rfd2 >= FD_SETSIZE)
errx(1, "fd too large");
FD_SET(rem, &readfrom);
FD_SET(rfd2, &readfrom);
do {
@ -253,7 +258,7 @@ main(int argc, char **argv)
/* if no further arguments, must have been called as rlogin. */
if (!argv[optind]) {
*argv = "rlogin";
setuid(getuid());
paranoid_setuid (getuid ());
execv(_PATH_RLOGIN, argv);
err(1, "can't exec %s", _PATH_RLOGIN);
}
@ -282,7 +287,7 @@ main(int argc, char **argv)
sv_port = get_shell_port(use_kerberos, doencrypt);
if (use_kerberos) {
setuid(getuid());
paranoid_setuid(getuid());
rem = KSUCCESS;
errno = 0;
if (dest_realm == NULL)
@ -342,7 +347,7 @@ main(int argc, char **argv)
}
#endif
setuid(uid);
paranoid_setuid(uid);
{
sigset_t sigmsk;
sigemptyset(&sigmsk);
@ -358,6 +363,7 @@ main(int argc, char **argv)
signal(SIGQUIT, sendsig);
if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
signal(SIGTERM, sendsig);
signal(SIGPIPE, SIG_IGN);
if (!nfork) {
pid = fork();

28
crypto/kerberosIV/appl/bsd/rshd.c
View File

@ -42,7 +42,7 @@
#include "bsd_locl.h"
RCSID("$Id: rshd.c,v 1.60 1999/11/13 06:13:53 assar Exp $");
RCSID("$Id: rshd.c,v 1.60.2.3 2000/10/18 20:39:12 assar Exp $");
extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */
extern int __check_rhosts_file;
@ -200,6 +200,8 @@ doit(struct sockaddr_in *fromp)
char *cp, sig, buf[DES_RW_MAXWRITE];
char cmdbuf[NCARGS+1], locuser[16], remuser[16];
char remotehost[2 * MaxHostNameLen + 1];
uid_t uid;
char shell_path[MAXPATHLEN];
AUTH_DAT *kdata;
KTEXT ticket;
@ -433,6 +435,11 @@ doit(struct sockaddr_in *fromp)
close(2);
close(pv[1]);
if (s >= FD_SETSIZE || pv[0] >= FD_SETSIZE) {
error ("fd too large\n");
exit (1);
}
FD_ZERO(&readfrom);
FD_SET(s, &readfrom);
FD_SET(pv[0], &readfrom);
@ -441,6 +448,11 @@ doit(struct sockaddr_in *fromp)
else
nfd = s;
if (doencrypt) {
if (pv2[1] >= FD_SETSIZE || pv1[0] >= FD_SETSIZE) {
error ("fd too large\n");
exit (1);
}
FD_ZERO(&writeto);
FD_SET(pv2[1], &writeto);
FD_SET(pv1[0], &readfrom);
@ -571,14 +583,16 @@ doit(struct sockaddr_in *fromp)
snprintf(path, sizeof(path), "PATH=%s:%s", BINDIR, _PATH_DEFPATH);
strlcat(shell, pwd->pw_shell, sizeof(shell));
strlcpy(shell_path, pwd->pw_shell, sizeof(shell_path));
strlcat(username, pwd->pw_name, sizeof(username));
uid = pwd->pw_uid;
cp = strrchr(pwd->pw_shell, '/');
if (cp)
cp++;
else
cp = pwd->pw_shell;
endpwent();
if (log_success || pwd->pw_uid == 0) {
if (log_success || uid == 0) {
if (use_kerberos)
syslog(LOG_INFO|LOG_AUTH,
"Kerberos shell from %s on %s as %s, cmd='%.80s'",
@ -591,12 +605,16 @@ doit(struct sockaddr_in *fromp)
remuser, remotehost, locuser, cmdbuf);
}
if (k_hasafs()) {
char cell[64];
if (new_pag)
k_setpag(); /* Put users process in an new pag */
krb_afslog(0, 0);
if (k_afs_cell_of_file (homedir, cell, sizeof(cell)) == 0)
krb_afslog_uid_home (cell, NULL, uid, homedir);
krb_afslog_uid_home(NULL, NULL, uid, homedir);
}
execle(pwd->pw_shell, cp, "-c", cmdbuf, 0, envinit);
err(1, "%s", pwd->pw_shell);
execle(shell_path, cp, "-c", cmdbuf, 0, envinit);
err(1, "%s", shell_path);
}
/*

57
crypto/kerberosIV/appl/bsd/su.c
View File

@ -33,20 +33,20 @@
#include "bsd_locl.h"
RCSID ("$Id: su.c,v 1.70 1999/11/13 06:14:11 assar Exp $");
RCSID ("$Id: su.c,v 1.70.2.2 2000/12/07 14:04:19 assar Exp $");
#ifdef SYSV_SHADOW
#include "sysv_shadow.h"
#endif
static int kerberos (char *username, char *user, int uid);
static int kerberos (char *username, char *user, char *realm, int uid);
static int chshell (char *sh);
static char *ontty (void);
static int koktologin (char *name, char *realm, char *toname);
static int chshell (char *sh);
/* Handle '-' option after all the getopt options */
#define ARGSTR "Kflmti:"
#define ARGSTR "Kkflmti:r:"
int destroy_tickets = 0;
static int use_kerberos = 1;
@ -63,15 +63,22 @@ main (int argc, char **argv)
enum { UNSET, YES, NO } iscsh = UNSET;
char *user, *shell, *avshell, *username, **np;
char shellbuf[MaxPathLen], avshellbuf[MaxPathLen];
char *realm = NULL;
set_progname (argv[0]);
if (getuid() == 0)
use_kerberos = 0;
asme = asthem = fastlogin = 0;
while ((ch = getopt (argc, argv, ARGSTR)) != -1)
switch ((char) ch) {
case 'K':
use_kerberos = 0;
break;
case 'k':
use_kerberos = 1;
break;
case 'f':
fastlogin = 1;
break;
@ -89,10 +96,13 @@ main (int argc, char **argv)
case 'i':
root_inst = optarg;
break;
case 'r':
realm = optarg;
break;
case '?':
default:
fprintf (stderr,
"usage: su [-Kflmt] [-i root-instance] [-] [login]\n");
"usage: su [-Kkflmt] [-i root-instance] [-r realm] [-] [login]\n");
exit (1);
}
/* Don't handle '-' option with getopt */
@ -150,7 +160,7 @@ main (int argc, char **argv)
syslog (LOG_ALERT, "NIS attack, user %s has uid 0", user);
errx (1, "unknown login %s", user);
}
if (!use_kerberos || kerberos (username, user, pwd->pw_uid)) {
if (!use_kerberos || kerberos (username, user, realm, pwd->pw_uid)) {
#ifndef PASSWD_FALLBACK
errx (1, "won't use /etc/passwd authentication");
#endif
@ -225,12 +235,22 @@ main (int argc, char **argv)
if (setgid (pwd->pw_gid) < 0)
err (1, "setgid");
if (initgroups (user, pwd->pw_gid))
errx (1, "initgroups failed.");
if (initgroups (user, pwd->pw_gid)) {
if (errno == E2BIG) /* Member of too many groups! */
warn("initgroups failed.");
else
errx(1, "initgroups failed.");
}
if (setuid (pwd->pw_uid) < 0)
err (1, "setuid");
if (pwd->pw_uid != 0 && setuid(0) != -1) {
syslog(LOG_ALERT | LOG_AUTH,
"Failed to drop privileges for user %s", pwd->pw_name);
errx(1, "Sorry");
}
if (!asme) {
if (asthem) {
char *k = getenv ("KRBTKFILE");
@ -321,19 +341,26 @@ ontty (void)
}
static int
kerberos (char *username, char *user, int uid)
kerberos (char *username, char *user, char *lrealm, int uid)
{
KTEXT_ST ticket;
AUTH_DAT authdata;
struct hostent *hp;
int kerno;
u_long faddr;
char lrealm[REALM_SZ], krbtkfile[MaxPathLen];
char tmp_realm[REALM_SZ], krbtkfile[MaxPathLen];
char hostname[MaxHostNameLen], savehost[MaxHostNameLen];
int n;
int allowed = 0;
if (krb_get_lrealm (lrealm, 1) != KSUCCESS)
return (1);
if (koktologin (username, lrealm, user) && !uid) {
if (lrealm != NULL) {
allowed = koktologin (username, lrealm, user) == 0;
} else {
for (n = 1; !allowed && krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n)
allowed = koktologin (username, tmp_realm, user) == 0;
lrealm = tmp_realm;
}
if (!allowed && !uid) {
#ifndef PASSWD_FALLBACK
warnx ("not in %s's ACL.", user);
#endif
@ -416,7 +443,11 @@ kerberos (char *username, char *user, int uid)
}
strlcpy (savehost, krb_get_phost (hostname), sizeof (savehost));
kerno = krb_mk_req (&ticket, "rcmd", savehost, lrealm, 33);
for (n = 1; krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n) {
kerno = krb_mk_req (&ticket, "rcmd", savehost, tmp_realm, 33);
if (kerno == 0)
break;
}
if (kerno == KDC_PR_UNKNOWN) {
warnx ("Warning: TGT not verified.");

8
crypto/kerberosIV/appl/ftp/ChangeLog
View File

@ -1,3 +1,11 @@
2000-03-26 Assar Westerlund <assar@sics.se>
* ftpd/ls.c, ftpd/ftpcmd.y, ftp/cmds.c: make sure to always call
time, ctime, and gmtime with `time_t's. there were some types
(like in lastlog) that we believed to always be time_t. this has
proven wrong on Solaris 8 in 64-bit mode, where they are stored as
32-bit quantities but time_t has gone up to 64 bits
1999-11-30 Assar Westerlund <assar@sics.se>
* ftpd/ftpd.c (getdatasock): make sure to keep the port-number of

5
crypto/kerberosIV/appl/ftp/ftp/cmds.c
View File

@ -36,7 +36,7 @@
*/
#include "ftp_locl.h"
RCSID("$Id: cmds.c,v 1.36 1999/09/16 20:37:28 assar Exp $");
RCSID("$Id: cmds.c,v 1.36.2.2 2000/06/23 02:43:49 assar Exp $");
typedef void (*sighand)(int);
@ -647,6 +647,7 @@ getit(int argc, char **argv, int restartit, char *mode)
int cmdret;
int yy, mo, day, hour, min, sec;
struct tm *tm;
time_t mtime = stbuf.st_mtime;
overbose = verbose;
if (debug == 0)
@ -665,7 +666,7 @@ getit(int argc, char **argv, int restartit, char *mode)
return (0);
}
tm = gmtime(&stbuf.st_mtime);
tm = gmtime(&mtime);
tm->tm_mon++;
tm->tm_year += 1900;

27
crypto/kerberosIV/appl/ftp/ftp/ftp.c
View File

@ -32,7 +32,7 @@
*/
#include "ftp_locl.h"
RCSID ("$Id: ftp.c,v 1.60 1999/10/28 19:32:17 assar Exp $");
RCSID ("$Id: ftp.c,v 1.60.2.1 2000/06/23 02:45:40 assar Exp $");
struct sockaddr_storage hisctladdr_ss;
struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss;
@ -193,8 +193,9 @@ login (char *host)
printf ("Name (%s:%s): ", host, myname);
else
printf ("Name (%s): ", host);
fgets (tmp, sizeof (tmp) - 1, stdin);
tmp[strlen (tmp) - 1] = '\0';
*tmp = '\0';
if (fgets (tmp, sizeof (tmp) - 1, stdin) != NULL)
tmp[strlen (tmp) - 1] = '\0';
if (*tmp == '\0')
user = myname;
else
@ -203,24 +204,26 @@ login (char *host)
strlcpy(username, user, sizeof(username));
n = command("USER %s", user);
if (n == CONTINUE) {
if(sec_complete)
pass = myname;
else if (pass == NULL) {
if (pass == NULL) {
char prompt[128];
if(myname &&
(!strcmp(user, "ftp") || !strcmp(user, "anonymous"))){
(!strcmp(user, "ftp") || !strcmp(user, "anonymous"))) {
snprintf(defaultpass, sizeof(defaultpass),
"%s@%s", myname, mydomain);
snprintf(prompt, sizeof(prompt),
"Password (%s): ", defaultpass);
}else{
} else if (sec_complete) {
pass = myname;
} else {
*defaultpass = '\0';
snprintf(prompt, sizeof(prompt), "Password: ");
}
pass = defaultpass;
des_read_pw_string (tmp, sizeof (tmp), prompt, 0);
if (tmp[0])
pass = tmp;
if (pass == NULL) {
pass = defaultpass;
des_read_pw_string (tmp, sizeof (tmp), prompt, 0);
if (tmp[0])
pass = tmp;
}
}
n = command ("PASS %s", pass);
}

6
crypto/kerberosIV/appl/ftp/ftp/main.c
View File

@ -36,7 +36,7 @@
*/
#include "ftp_locl.h"
RCSID("$Id: main.c,v 1.27 1999/11/13 06:18:02 assar Exp $");
RCSID("$Id: main.c,v 1.27.2.1 2000/10/10 13:01:50 assar Exp $");
int
main(int argc, char **argv)
@ -244,8 +244,10 @@ cmdscanner(int top)
if (fromatty) {
char *p;
p = readline("ftp> ");
if(p == NULL)
if(p == NULL) {
printf("\n");
quit(0, 0);
}
strlcpy(line, p, sizeof(line));
add_history(p);
free(p);

8
crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y
View File

@ -43,7 +43,7 @@
%{
#include "ftpd_locl.h"
RCSID("$Id: ftpcmd.y,v 1.56 1999/10/26 11:56:23 assar Exp $");
RCSID("$Id: ftpcmd.y,v 1.56.2.2 2000/06/23 02:48:19 assar Exp $");
off_t restart_point;
@ -577,7 +577,7 @@ cmd
}
| SYST CRLF
{
#if defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY)
#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
reply(215, "UNIX Type: L%d", NBBY);
#else
reply(215, "UNKNOWN Type: L%d", NBBY);
@ -620,7 +620,9 @@ cmd
"%s: not a plain file.", $3);
} else {
struct tm *t;
t = gmtime(&stbuf.st_mtime);
time_t mtime = stbuf.st_mtime;
t = gmtime(&mtime);
reply(213,
"%04d%02d%02d%02d%02d%02d",
t->tm_year + 1900,

116
crypto/kerberosIV/appl/ftp/ftpd/ftpd.c
View File

@ -38,7 +38,7 @@
#endif
#include "getarg.h"
RCSID("$Id: ftpd.c,v 1.131 1999/11/30 19:18:38 assar Exp $");
RCSID("$Id: ftpd.c,v 1.131.2.4 2000/09/26 09:30:26 assar Exp $");
static char version[] = "Version 6.00";
@ -195,14 +195,13 @@ parse_auth_level(char *str)
* Print usage and die.
*/
static int debug_flag;
static int interactive_flag;
static char *guest_umask_string;
static char *port_string;
static char *umask_string;
static char *auth_string;
int use_builtin_ls;
int use_builtin_ls = -1;
static int help_flag;
static int version_flag;
@ -216,8 +215,8 @@ struct getargs args[] = {
{ NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" },
{ NULL, 'T', arg_integer, &maxtimeout, "max timeout" },
{ NULL, 'u', arg_string, &umask_string, "umask for user logins" },
{ NULL, 'd', arg_flag, &debug_flag, "enable debugging" },
{ NULL, 'v', arg_flag, &debug_flag, "enable debugging" },
{ NULL, 'd', arg_flag, &debug, "enable debugging" },
{ NULL, 'v', arg_flag, &debug, "enable debugging" },
{ "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" },
{ "version", 0, arg_flag, &version_flag },
{ "help", 'h', arg_flag, &help_flag }
@ -232,6 +231,24 @@ usage (int code)
exit (code);
}
/* output contents of a file */
static int
show_file(const char *file, int code)
{
FILE *f;
char buf[128];
f = fopen(file, "r");
if(f == NULL)
return -1;
while(fgets(buf, sizeof(buf), f)){
buf[strcspn(buf, "\r\n")] = '\0';
lreply(code, "%s", buf);
}
fclose(f);
return 0;
}
int
main(int argc, char **argv)
{
@ -377,27 +394,12 @@ main(int argc, char **argv)
tmpline[0] = '\0';
/* If logins are disabled, print out the message. */
if ((fd = fopen(_PATH_NOLOGIN,"r")) != NULL) {
while (fgets(line, sizeof(line), fd) != NULL) {
if ((cp = strchr(line, '\n')) != NULL)
*cp = '\0';
lreply(530, "%s", line);
}
fflush(stdout);
fclose(fd);
if(show_file(_PATH_NOLOGIN, 530) == 0) {
reply(530, "System not available.");
exit(0);
}
if ((fd = fopen(_PATH_FTPWELCOME, "r")) != NULL) {
while (fgets(line, sizeof(line), fd) != NULL) {
if ((cp = strchr(line, '\n')) != NULL)
*cp = '\0';
lreply(220, "%s", line);
}
fflush(stdout);
fclose(fd);
/* reply(220,) must follow */
}
show_file(_PATH_FTPWELCOME, 220);
/* reply(220,) must follow */
gethostname(hostname, sizeof(hostname));
reply(220, "%s FTP server (%s"
@ -704,24 +706,6 @@ checkaccess(char *name)
#undef ALLOWED
#undef NOT_ALLOWED
/* output contents of /etc/issue.net, or /etc/issue */
static void
show_issue(int code)
{
FILE *f;
char buf[128];
f = fopen("/etc/issue.net", "r");
if(f == NULL)
f = fopen("/etc/issue", "r");
if(f){
while(fgets(buf, sizeof(buf), f)){
buf[strcspn(buf, "\r\n")] = '\0';
lreply(code, "%s", buf);
}
fclose(f);
}
}
int do_login(int code, char *passwd)
{
@ -765,28 +749,33 @@ int do_login(int code, char *passwd)
reply(550, "Can't set uid.");
return -1;
}
if(use_builtin_ls == -1) {
struct stat st;
/* if /bin/ls exist and is a regular file, use it, otherwise
use built-in ls */
if(stat("/bin/ls", &st) == 0 &&
S_ISREG(st.st_mode))
use_builtin_ls = 0;
else
use_builtin_ls = 1;
}
/*
* Display a login message, if it exists.
* N.B. reply(code,) must follow the message.
*/
if ((fd = fopen(_PATH_FTPLOGINMESG, "r")) != NULL) {
char *cp, line[LINE_MAX];
while (fgets(line, sizeof(line), fd) != NULL) {
if ((cp = strchr(line, '\n')) != NULL)
*cp = '\0';
lreply(code, "%s", line);
}
}
show_file(_PATH_FTPLOGINMESG, code);
if(show_file(_PATH_ISSUE_NET, code) != 0)
show_file(_PATH_ISSUE, code);
if (guest) {
show_issue(code);
reply(code, "Guest login ok, access restrictions apply.");
#ifdef HAVE_SETPROCTITLE
snprintf (proctitle, sizeof(proctitle),
"%s: anonymous/%s",
remotehost,
passwd);
setproctitle(proctitle);
setproctitle("%s", proctitle);
#endif /* HAVE_SETPROCTITLE */
if (logging) {
char data_addr[256];
@ -803,11 +792,10 @@ int do_login(int code, char *passwd)
passwd);
}
} else {
show_issue(code);
reply(code, "User %s logged in.", pw->pw_name);
#ifdef HAVE_SETPROCTITLE
snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name);
setproctitle(proctitle);
setproctitle("%s", proctitle);
#endif /* HAVE_SETPROCTITLE */
if (logging) {
char data_addr[256];
@ -957,8 +945,8 @@ retrieve(const char *cmd, char *name)
{".tar", "/bin/gtar cPf - %s", NULL},
{".tar.gz", "/bin/gtar zcPf - %s", NULL},
{".tar.Z", "/bin/gtar ZcPf - %s", NULL},
{".gz", "/bin/gzip -c %s", "/bin/gzip -c -d %s"},
{".Z", "/bin/compress -c %s", "/bin/uncompress -c -d %s"},
{".gz", "/bin/gzip -c -- %s", "/bin/gzip -c -d -- %s"},
{".Z", "/bin/compress -c -- %s", "/bin/uncompress -c -- %s"},
{NULL, NULL}
};
struct cmds *p;
@ -1211,7 +1199,7 @@ dataconn(const char *name, off_t size, const char *mode)
*sizebuf = '\0';
if (pdata >= 0) {
struct sockaddr_storage from_ss;
struct sockaddr *from = (struct sockaddr *)&from;
struct sockaddr *from = (struct sockaddr *)&from_ss;
int s;
int fromlen = sizeof(from_ss);
@ -1501,7 +1489,7 @@ statfilecmd(char *filename)
int c;
char line[LINE_MAX];
snprintf(line, sizeof(line), "/bin/ls -la %s", filename);
snprintf(line, sizeof(line), "/bin/ls -la -- %s", filename);
fin = ftpd_popen(line, "r", 1, 0);
lreply(211, "status of %s:", filename);
while ((c = getc(fin)) != EOF) {
@ -1782,7 +1770,7 @@ dolog(struct sockaddr *sa)
inaddr2str (sin->sin_addr, remotehost, sizeof(remotehost));
#ifdef HAVE_SETPROCTITLE
snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost);
setproctitle(proctitle);
setproctitle("%s", proctitle);
#endif /* HAVE_SETPROCTITLE */
if (logging) {
@ -2093,9 +2081,9 @@ list_file(char *file)
pdata = -1;
} else {
#ifdef HAVE_LS_A
const char *cmd = "/bin/ls -lA %s";
const char *cmd = "/bin/ls -lA -- %s";
#else
const char *cmd = "/bin/ls -la %s";
const char *cmd = "/bin/ls -la -- %s";
#endif
retrieve(cmd, file);
}
@ -2146,8 +2134,8 @@ send_file_list(char *whichf)
*/
if (dirname[0] == '-' && *dirlist == NULL &&
transflag == 0) {
retrieve("/bin/ls %s", dirname);
goto out;
list_file(dirname);
goto out;
}
perror_reply(550, whichf);
if (dout != NULL) {
@ -2241,7 +2229,7 @@ find(char *pattern)
FILE *f;
snprintf(line, sizeof(line),
"/bin/locate -d %s %s",
"/bin/locate -d %s -- %s",
ftp_rooted("/etc/locatedb"),
pattern);
f = ftpd_popen(line, "r", 1, 1);

11
crypto/kerberosIV/appl/ftp/ftpd/ls.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,7 +32,7 @@
#include "ftpd_locl.h"
RCSID("$Id: ls.c,v 1.13 1999/11/20 20:49:41 assar Exp $");
RCSID("$Id: ls.c,v 1.13.2.2 2000/06/23 02:51:09 assar Exp $");
struct fileinfo {
struct stat st;
@ -164,9 +164,10 @@ make_fileinfo(const char *filename, struct fileinfo *file, int flags)
{
time_t t = time(NULL);
struct tm *tm = localtime(&st->st_mtime);
if((t - st->st_mtime > 6*30*24*60*60) ||
(st->st_mtime - t > 6*30*24*60*60))
time_t mtime = st->st_mtime;
struct tm *tm = localtime(&mtime);
if((t - mtime > 6*30*24*60*60) ||
(mtime - t > 6*30*24*60*60))
strftime(buf, sizeof(buf), "%b %e %Y", tm);
else
strftime(buf, sizeof(buf), "%b %e %H:%M", tm);

3
crypto/kerberosIV/appl/ftp/ftpd/pathnames.h
View File

@ -53,3 +53,6 @@
#define _PATH_FTPCHROOT "/etc/ftpchroot"
#define _PATH_FTPWELCOME "/etc/ftpwelcome"
#define _PATH_FTPLOGINMESG "/etc/motd"
#define _PATH_ISSUE "/etc/issue"
#define _PATH_ISSUE_NET "/etc/issue.net"

11
crypto/kerberosIV/appl/kauth/ChangeLog
View File

@ -1,3 +1,14 @@
2000-02-28 Assar Westerlund <assar@sics.se>
* kauth.c (main): don't enable aflag with `-d'. this breaks with
kaservers that don't let you get a ticket for a user and besides,
adding debugging should not change the functionality
1999-12-06 Assar Westerlund <assar@sics.se>
* rkinit.c (doit_host): NAT work-around
* kauthd.c (doit): type correctness
1999-08-31 Johan Danielsson <joda@pdc.kth.se>
* kauth.c: cleanup usage string; handle `kauth -h' gracefully

13
crypto/kerberosIV/appl/kauth/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.40 1999/03/10 19:01:11 joda Exp $
# $Id: Makefile.in,v 1.40.16.1 2000/06/23 02:52:31 assar Exp $
SHELL = /bin/sh
@ -17,6 +17,7 @@ WFLAGS = @WFLAGS@
LD_FLAGS = @LD_FLAGS@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
LIBS = @LIBS@
MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
@ -28,9 +29,10 @@ bindir = @bindir@
transform=@program_transform_name@
EXECSUFFIX=@EXECSUFFIX@
PROG_BIN = kauth$(EXECSUFFIX) ksrvtgt
PROG_BIN = kauth$(EXECSUFFIX)
SCRIPT_BIN = ksrvtgt
PROG_LIBEXEC = kauthd$(EXECSUFFIX)
PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
PROGS = $(PROG_BIN) $(SCRIPT_BIN) $(PROG_LIBEXEC)
SOURCES_KAUTH = kauth.c rkinit.c
SOURCES_KAUTHD = kauthd.c
@ -58,6 +60,9 @@ install: all
for x in $(PROG_BIN); do \
$(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
done
for x in $(SCRIPT_BIN); do \
$(INSTALL_SCRIPT) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
done
if test -f $(DESTDIR)$(bindir)/zrefresh -o -r $(DESTDIR)$(bindir)/zrefresh; then \
true; \
else \
@ -68,7 +73,7 @@ install: all
done
uninstall:
for x in $(PROG_BIN); do \
for x in $(PROG_BIN) $(SCRIPT_BIN); do \
rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \
done
for x in $(PROG_LIBEXEC); do \

5
crypto/kerberosIV/appl/kauth/kauth.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -41,7 +41,7 @@
#include "kauth.h"
RCSID("$Id: kauth.c,v 1.97 1999/12/02 16:58:31 joda Exp $");
RCSID("$Id: kauth.c,v 1.97.2.1 2000/02/28 03:42:51 assar Exp $");
krb_principal princ;
static char srvtab[MaxPathLen];
@ -233,7 +233,6 @@ main(int argc, char **argv)
case 'd':
krb_enable_debug();
_kafs_debug = 1;
aflag++;
break;
case 'f':
strlcpy(srvtab, optarg, sizeof(srvtab));

10
crypto/kerberosIV/appl/kauth/kauthd.c
View File

@ -33,7 +33,7 @@
#include "kauth.h"
RCSID("$Id: kauthd.c,v 1.25 1999/12/02 16:58:31 joda Exp $");
RCSID("$Id: kauthd.c,v 1.25.2.1 2000/06/28 19:07:58 assar Exp $");
krb_principal princ;
static char locuser[SNAME_SZ];
@ -128,7 +128,7 @@ doit(int sock)
if( kuserok(&auth, locuser) != 0) {
snprintf(buf, sizeof(buf), "%s cannot get tickets for %s",
locuser, krb_unparse_name(&princ));
syslog (LOG_ERR, buf);
syslog (LOG_ERR, "%s", buf);
write_encrypted (sock, buf, strlen(buf), schedule,
&auth.session, &thisaddr, &thataddr);
return 1;
@ -136,7 +136,7 @@ doit(int sock)
passwd = k_getpwnam (locuser);
if (passwd == NULL) {
snprintf (buf, sizeof(buf), "No user '%s'", locuser);
syslog (LOG_ERR, buf);
syslog (LOG_ERR, "%s", buf);
write_encrypted (sock, buf, strlen(buf), schedule,
&auth.session, &thisaddr, &thataddr);
return 1;
@ -145,7 +145,7 @@ doit(int sock)
initgroups(passwd->pw_name, passwd->pw_gid) ||
setuid(passwd->pw_uid)) {
snprintf (buf, sizeof(buf), "Could not change user");
syslog (LOG_ERR, buf);
syslog (LOG_ERR, "%s", buf);
write_encrypted (sock, buf, strlen(buf), schedule,
&auth.session, &thisaddr, &thataddr);
return 1;
@ -182,7 +182,7 @@ doit(int sock)
return 0;
} else {
snprintf (buf, sizeof(buf), "TGT failed: %s", krb_get_err_text(status));
syslog (LOG_NOTICE, buf);
syslog (LOG_NOTICE, "%s", buf);
write_encrypted (sock, buf, strlen(buf), schedule,
&auth.session, &thisaddr, &thataddr);
return 1;

22
crypto/kerberosIV/appl/kip/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.18 1999/03/10 19:01:11 joda Exp $
# $Id: Makefile.in,v 1.18.4.1 2000/06/23 02:54:59 assar Exp $
SHELL = /bin/sh
@ -8,12 +8,13 @@ VPATH = @srcdir@
CC = @CC@
LINK = @LINK@
AR = ar
DEFS = @DEFS@
DEFS = @DEFS@ -DLIBEXECDIR="\"$(libexecdir)\""
CFLAGS = @CFLAGS@ $(WFLAGS)
WFLAGS = @WFLAGS@
LD_FLAGS = @LD_FLAGS@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
LIBS = @LIBS@
MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
@ -27,7 +28,8 @@ EXECSUFFIX=@EXECSUFFIX@
PROG_BIN = kip$(EXECSUFFIX)
PROG_LIBEXEC = kipd$(EXECSUFFIX)
PROGS = $(PROG_BIN) $(PROG_LIBEXEC)
SCRIPT_LIBEXEC = kip-join-network kipd-control
PROGS = $(PROG_BIN) $(PROG_LIBEXEC) $(SCRIPT_LIBEXEC)
SOURCES_KIP = kip.c
SOURCES_KIPD = kipd.c
@ -55,6 +57,9 @@ install: all
for x in $(PROG_LIBEXEC); do \
$(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
done
for x in $(SCRIPT_LIBEXEC); do \
$(INSTALL_SCRIPT) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
done
uninstall:
for x in $(PROG_BIN); do \
@ -63,6 +68,9 @@ uninstall:
for x in $(PROG_LIBEXEC); do \
rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
done
for x in $(SCRIPT_LIBEXEC); do \
rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \
done
TAGS: $(SOURCES)
etags $(SOURCES)
@ -91,4 +99,12 @@ kipd$(EXECSUFFIX): $(OBJECTS_KIPD)
$(OBJECTS): ../../include/config.h
kip-join-network: kip-join-network.in
sed -e "s!%bindir%!$(bindir)!" $(srcdir)/kip-join-network.in > $@
chmod +x $@
kipd-control: kipd-control.in
sed -e "s!%bindir%!$(bindir)!" $(srcdir)/kipd-control.in > $@
chmod +x $@
.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean

145
crypto/kerberosIV/appl/kip/common.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,10 @@
#include "kip.h"
RCSID("$Id: common.c,v 1.13 1999/12/02 16:58:31 joda Exp $");
RCSID("$Id: common.c,v 1.13.2.4 2000/10/18 23:31:51 assar Exp $");
sig_atomic_t disconnect = 0;
int isserver = 0;
/*
* Copy packets from `tundev' to `netdev' or vice versa.
@ -56,16 +59,23 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
memcpy (&iv1, iv, sizeof(iv1));
memcpy (&iv2, iv, sizeof(iv2));
for (;;) {
while(!disconnect) {
fd_set fdset;
int ret, len;
if (tundev >= FD_SETSIZE || netdev >= FD_SETSIZE) {
warnx ("fd too large");
return 1;
}
FD_ZERO(&fdset);
FD_SET(tundev, &fdset);
FD_SET(netdev, &fdset);
ret = select (max(tundev, netdev)+1, &fdset, NULL, NULL, NULL);
if (ret < 0 && errno != EINTR) {
if (ret < 0) {
if (errno == EINTR)
continue;
warn ("select");
return 1;
}
@ -107,6 +117,21 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
des_cfb64_encrypt (buf, buf, 2, schedule,
&iv2, &num2, DES_DECRYPT);
len = (buf[0] << 8 ) | buf[1];
if (len > mtu) {
fatal (-1, "buffer too large", schedule, &iv2);
return -1;
}
if (len == 0) {
len = read (netdev, buf, mtu);
if (len < 1)
len = 1;
buf[len-1] = '\0';
fatal (-1, buf, schedule, &iv2);
return -1;
}
ret = krb_net_read (netdev, buf + 2, len);
if (ret == 0)
return 0;
@ -127,6 +152,7 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
}
}
}
return 0;
}
/*
@ -148,18 +174,19 @@ childhandler (int sig)
/*
* Find a free tunnel device and open it.
* Return the interface name in `name, len'.
*/
int
tunnel_open (void)
tunnel_open (char *name, size_t len)
{
int fd;
int i;
char name[64];
char devname[256];
for (i = 0; i < 256; ++i) {
snprintf (name, sizeof(name), "%s%s%d", _PATH_DEV, TUNDEV, i);
fd = open (name, O_RDWR, 0);
snprintf (devname, len, "%s%s%d", _PATH_DEV, TUNDEV, i);
fd = open (devname, O_RDWR, 0);
if (fd >= 0)
break;
if (errno == ENOENT || errno == ENODEV) {
@ -169,5 +196,107 @@ tunnel_open (void)
}
if (fd < 0)
warn("open %s" ,name);
else
snprintf (name, len, "%s%d", TUNDEV, i);
return fd;
}
/*
* run the command `cmd' with (...). return 0 if succesful or error
* otherwise (and copy an error messages into `msg, len')
*/
int
kip_exec (const char *cmd, char *msg, size_t len, ...)
{
pid_t pid;
char **argv;
va_list ap;
va_start(ap, len);
argv = vstrcollect(&ap);
va_end(ap);
pid = fork();
switch (pid) {
case -1:
snprintf (msg, len, "fork: %s", strerror(errno));
return errno;
case 0: {
int fd = open (_PATH_DEVNULL, O_RDWR, 0600);
if (fd < 0) {
snprintf (msg, len, "open " _PATH_DEVNULL ": %s", strerror(errno));
return errno;
}
close (STDIN_FILENO);
close (STDOUT_FILENO);
close (STDERR_FILENO);
dup2 (fd, STDIN_FILENO);
dup2 (fd, STDOUT_FILENO);
dup2 (fd, STDERR_FILENO);
execvp (cmd, argv);
snprintf (msg, len, "execvp %s: %s", cmd, strerror(errno));
return errno;
}
default: {
int status;
while (waitpid(pid, &status, 0) < 0)
if (errno != EINTR) {
snprintf (msg, len, "waitpid: %s", strerror(errno));
return errno;
}
if (WIFEXITED(status)) {
if (WEXITSTATUS(status) == 0) {
return 0;
} else {
snprintf (msg, len, "child returned with %d",
WEXITSTATUS(status));
return 1;
}
} else if (WIFSIGNALED(status)) {
#ifndef WCOREDUMP
#define WCOREDUMP(X) 0
#endif
snprintf (msg, len, "terminated by signal num %d %s",
WTERMSIG(status),
WCOREDUMP(status) ? " coredumped" : "");
return 1;
} else if (WIFSTOPPED(status)) {
snprintf (msg, len, "process stoped by signal %d",
WSTOPSIG(status));
return 1;
} else {
snprintf (msg, len, "child died in mysterious circumstances");
return 1;
}
}
}
}
/*
* fatal error `s' occured.
*/
void
fatal (int fd, const char *s, des_key_schedule schedule, des_cblock *iv)
{
int16_t err = 0;
int num = 0;
if (fd != -1) {
des_cfb64_encrypt ((unsigned char*) &err, (unsigned char*) &err,
sizeof(err), schedule, iv, &num, DES_ENCRYPT);
write (fd, &err, sizeof(err));
write (fd, s, strlen(s)+1);
}
if (isserver)
syslog(LOG_ERR, "%s", s);
else
warnx ("fatal error: %s", s);
}

53
crypto/kerberosIV/appl/kip/kip-join-network.in Normal file
View File

@ -0,0 +1,53 @@
#!/bin/sh
# $Id$
#
# Join a network, see kipd-control from more comments.
#
PATH=/usr/sbin:/sbin:/usr/bin:/bin:%bindir%
endpointhost=130.237.43.201
thispointhost=130.237.43.17
fakepoint=10.0.0.1
dev=tun0
case $# in
0)
modprobe tun
def=$(route -n | awk '$1 ~ /0.0.0.0/ && $3 ~ /0.0.0.0/ { print $2 }')
if test "X$def" = "X" ; then
echo "missing default route"
exit 1
fi
exec kip -c $0 -a $def $endpointhost
;;
*)
state=$1
dev=$2
host=$3
arg=$4
case $state in
up)
ifconfig $dev $thispointhost pointopoint $fakepoint
route delete default
route add -host $endpointhost gw $arg
route add default gw $fakepoint
;;
down)
echo $dev $arg > /tmp/kip-down
ifconfig $dev down
route delete default
route delete $endpointhost
route add default gw $arg
;;
*)
exit 17
;;
esac
esac

127
crypto/kerberosIV/appl/kip/kip.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,14 +33,31 @@
#include "kip.h"
RCSID("$Id: kip.c,v 1.18 1999/12/02 16:58:31 joda Exp $");
RCSID("$Id: kip.c,v 1.18.2.1 2000/06/23 02:55:01 assar Exp $");
static void
usage(void)
static char *cmd_str = NULL;
static char *arg_str = NULL;
static char *port_str = NULL;
static int version_flag = 0;
static int help_flag = 0;
struct getargs args[] = {
{ "port", 'p', arg_string, &port_str, "Use this port",
"port" },
{ "cmd", 'c', arg_string, &cmd_str,
"command to run when starting", "cmd"},
{ "arg", 'a', arg_string, &arg_str,
"argument to above command", "arg"},
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
static RETSIGTYPE
disconnecthandler (int sig)
{
fprintf (stderr, "Usage: %s host\n",
__progname);
exit (1);
disconnect = 1;
SIGRETURN(0);
}
/*
@ -48,7 +65,8 @@ usage(void)
*/
static int
connect_host (char *host, des_cblock *key, des_key_schedule schedule)
connect_host (char *host, int port,
des_cblock *key, des_key_schedule schedule)
{
CREDENTIALS cred;
KTEXT_ST text;
@ -70,7 +88,7 @@ connect_host (char *host, des_cblock *key, des_key_schedule schedule)
memset (&thataddr, 0, sizeof(thataddr));
thataddr.sin_family = AF_INET;
thataddr.sin_port = k_getportbyname ("kip", "tcp", htons(KIPPORT));
thataddr.sin_port = port;
for(p = hostent->h_addr_list; *p; ++p) {
memcpy (&thataddr.sin_addr, *p, sizeof(thataddr.sin_addr));
@ -139,19 +157,50 @@ connect_host (char *host, des_cblock *key, des_key_schedule schedule)
*/
static int
doit (char *host)
doit (char *host, int port)
{
char tun_if_name[64];
des_key_schedule schedule;
des_cblock iv;
int other, this;
int other, this, ret;
other = connect_host (host, &iv, schedule);
other = connect_host (host, port, &iv, schedule);
if (other < 0)
return 1;
this = tunnel_open ();
this = tunnel_open (tun_if_name, sizeof(tun_if_name));
if (this < 0)
return 1;
return copy_packets (this, other, TUNMTU, &iv, schedule);
if (cmd_str) {
char buf[1024];
ret = kip_exec (cmd_str, buf, sizeof(buf),
"kip-control", "up", tun_if_name, host, arg_str,
NULL);
if (ret)
errx (1, "%s (up) failed: %s", cmd_str, buf);
}
ret = copy_packets (this, other, TUNMTU, &iv, schedule);
if (cmd_str) {
char buf[1024];
ret = kip_exec (cmd_str, buf, sizeof(buf),
"kip-control", "down", tun_if_name, host, arg_str,
NULL);
if (ret)
errx (1, "%s (down) failed: %s", cmd_str, buf);
}
return 0;
}
static void
usage(int ret)
{
arg_printusage (args,
sizeof(args) / sizeof(args[0]),
NULL,
"hostname");
exit (ret);
}
/*
@ -162,9 +211,51 @@ doit (char *host)
int
main(int argc, char **argv)
{
set_progname (argv[0]);
int port;
int optind = 0;
char *hostname;
if (argc != 2)
usage ();
return doit (argv[1]);
set_progname (argv[0]);
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
&optind))
usage (1);
if (help_flag)
usage (0);
if (version_flag) {
print_version (NULL);
return 0;
}
argv += optind;
argc -= optind;
if (argc != 1)
usage (1);
hostname = argv[0];
if(port_str) {
struct servent *s = roken_getservbyname (port_str, "tcp");
if (s)
port = s->s_port;
else {
char *ptr;
port = strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
errx (1, "bad port `%s'", port_str);
port = htons(port);
}
} else {
port = k_getportbyname ("kip", "tcp", htons(KIPPORT));
}
signal (SIGCHLD, childhandler);
signal (SIGHUP, disconnecthandler);
signal (SIGTERM, disconnecthandler);
return doit (hostname, port);
}

26
crypto/kerberosIV/appl/kip/kip.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: kip.h,v 1.18 1999/12/02 16:58:31 joda Exp $ */
/* $Id: kip.h,v 1.18.2.1 2000/06/23 02:55:01 assar Exp $ */
#ifdef HAVE_CONFIG_H
#include "config.h"
@ -44,7 +44,6 @@
#include <errno.h>
#include <pwd.h>
#include <signal.h>
#include <paths.h>
#include <fcntl.h>
#ifdef HAVE_SYSLOG_H
#include <syslog.h>
@ -72,14 +71,20 @@
#include <netinet/tcp.h>
#endif
#include <netdb.h>
#ifdef HAVE_SYS_SOCKIO_H
#include <sys/sockio.h>
#endif
#include <net/if.h>
#ifdef HAVE_NET_IF_VAR_H
#include <net/if_var.h>
#endif
#ifdef HAVE_NET_IF_TUN_H
#include <net/if_tun.h>
#endif
#include <err.h>
#include <getarg.h>
#ifdef SOCKS
#include <socks.h>
#endif
@ -90,6 +95,10 @@
#define TUNDEV "tun"
#ifndef TUNMTU
#define TUNMTU 1500 /* everything is ethernet :) */
#endif
#define KIPPORT 2112
#define KIP_VERSION "KIPSRV.0"
@ -100,5 +109,14 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv,
RETSIGTYPE childhandler (int);
extern sig_atomic_t disconnect;
extern int isserver;
int
tunnel_open (void);
tunnel_open (char *, size_t);
void
fatal (int fd, const char *s, des_key_schedule schedule, des_cblock *iv);
int
kip_exec (const char *cmd, char *msg, size_t len, ...);

54
crypto/kerberosIV/appl/kip/kipd-control.in Normal file
View File

@ -0,0 +1,54 @@
#!/bin/sh
#
# $Id$
#
# Simple example how you can missuse kip to provide "mobile-ip".
# This is since there is no way to tunnel ip over udp or any other
# protocol. There is also problems to get thru firewalls and NATs
# with mobile-ip since (today) they usully doesn't support IPIP or
# GRE.
#
# All commands are for linux (redhat6.1) but it should be quite
# simple to fix it to support other OS.
#
PATH=/sbin:/usr/sbin:/usr/bin:/bin
# arguments are: [up|down] dev remote-peer-addr user
state=$1
dev=$2
remote=$3
user=$4
outdevice=eth0
case "$state" in
up)
case "$user" in
lha.root@E.KTH.SE)
ifconfig $dev 10.0.0.1 pointopoint 130.237.43.17
route add -host 130.237.43.17 gw 10.0.0.1
arp -H ether -i $outdevice \
-s 130.237.43.17 00:80:c8:82:83:61 pub
;;
esac
;;
down)
case "$user" in
lha.root@E.KTH.SE)
ifconfig $dev 0.0.0.0
ifconfig $dev down
arp -i $outdevice -d 130.237.43.17
arp -d 130.237.43.17
true
;;
*)
ifconfig $dev down
;;
esac
;;
*)
exit 17
;;
esac

129
crypto/kerberosIV/appl/kip/kipd.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,22 +33,11 @@
#include "kip.h"
RCSID("$Id: kipd.c,v 1.16 1999/12/02 16:58:31 joda Exp $");
static int
fatal (int fd, char *s)
{
u_char err = 1;
write (fd, &err, sizeof(err));
write (fd, s, strlen(s)+1);
syslog(LOG_ERR, s);
return err;
}
RCSID("$Id: kipd.c,v 1.16.2.3 2000/10/18 20:46:45 assar Exp $");
static int
recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
struct sockaddr_in *retaddr)
struct sockaddr_in *retaddr, char *user, size_t len)
{
int status;
KTEXT_ST ticket;
@ -80,13 +69,21 @@ recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
return 1;
}
passwd = k_getpwnam ("root");
if (passwd == NULL)
return fatal (sock, "Cannot find root");
if (kuserok(&auth, "root") != 0)
return fatal (sock, "Permission denied");
if (passwd == NULL) {
fatal (sock, "Cannot find root", schedule, &auth.session);
return 1;
}
if (kuserok(&auth, "root") != 0) {
fatal (sock, "Permission denied", schedule, &auth.session);
return 1;
}
if (write (sock, &ok, sizeof(ok)) != sizeof(ok))
return 1;
snprintf (user, len, "%s%s%s@%s", auth.pname,
auth.pinst[0] != '\0' ? "." : "",
auth.pinst, auth.prealm);
memcpy(key, &auth.session, sizeof(des_cblock));
*retaddr = thataddr;
return 0;
@ -95,17 +92,64 @@ recv_conn (int sock, des_cblock *key, des_key_schedule schedule,
static int
doit(int sock)
{
char msg[1024];
char cmd[MAXPATHLEN];
char tun_if_name[64];
char user[MAX_K_NAME_SZ];
struct sockaddr_in thataddr;
des_key_schedule schedule;
des_cblock key;
int this;
int this, ret, ret2;
if (recv_conn (sock, &key, schedule, &thataddr))
isserver = 1;
if (recv_conn (sock, &key, schedule, &thataddr, user, sizeof(user)))
return 1;
this = tunnel_open ();
this = tunnel_open (tun_if_name, sizeof(tun_if_name));
if (this < 0)
fatal (sock, "Cannot open " _PATH_DEV TUNDEV);
return copy_packets (this, sock, TUNMTU, &key, schedule);
fatal (sock, "Cannot open " _PATH_DEV TUNDEV, schedule, &key);
strlcpy(cmd, LIBEXECDIR "/kipd-control", sizeof(cmd));
ret = kip_exec (cmd, msg, sizeof(msg), "kipd-control",
"up", tun_if_name, inet_ntoa(thataddr.sin_addr), user,
NULL);
if (ret) {
fatal (sock, msg, schedule, &key);
return -1;
}
ret = copy_packets (this, sock, TUNMTU, &key, schedule);
ret2 = kip_exec (cmd, msg, sizeof(msg), "kipd-control",
"down", tun_if_name, user, NULL);
if (ret2)
syslog(LOG_ERR, "%s", msg);
return ret;
}
static char *port_str = NULL;
static int inetd_flag = 1;
static int version_flag = 0;
static int help_flag = 0;
struct getargs args[] = {
{ "inetd", 'i', arg_negative_flag, &inetd_flag,
"Not started from inetd" },
{ "port", 'p', arg_string, &port_str, "Use this port",
"port" },
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
static void
usage(int ret)
{
arg_printusage (args,
sizeof(args) / sizeof(args[0]),
NULL,
"");
exit (ret);
}
/*
@ -115,9 +159,44 @@ doit(int sock)
int
main (int argc, char **argv)
{
set_progname (argv[0]);
int port;
int optind = 0;
set_progname (argv[0]);
roken_openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON);
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
&optind))
usage (1);
if (help_flag)
usage (0);
if (version_flag) {
print_version (NULL);
return 0;
}
if(port_str) {
struct servent *s = roken_getservbyname (port_str, "tcp");
if (s)
port = s->s_port;
else {
char *ptr;
port = strtol (port_str, &ptr, 10);
if (port == 0 && ptr == port_str)
errx (1, "bad port `%s'", port_str);
port = htons(port);
}
} else {
port = k_getportbyname ("kip", "tcp", htons(KIPPORT));
}
if (!inetd_flag)
mini_inetd (port);
signal (SIGCHLD, childhandler);
return doit(0);
return doit(STDIN_FILENO);
}

5
crypto/kerberosIV/appl/push/push.8
View File

@ -1,4 +1,4 @@
.\" $Id: push.8,v 1.3.16.1 1999/12/06 17:25:27 assar Exp $
.\" $Id: push.8,v 1.3.16.2 2000/06/23 03:06:11 assar Exp $
.\"
.Dd May 31, 1998
.Dt PUSH 8
@ -127,7 +127,8 @@ using Kerberos 5.
.Sh SEE ALSO
.Xr movemail 8 ,
.Xr popper 8 ,
.Xr from 1
.Xr from 1 ,
.Xr pfrom 1
.\".Sh STANDARDS
.Sh HISTORY
.Nm

4
crypto/kerberosIV/appl/push/push.cat8
View File

@ -1,5 +1,5 @@
PUSH(8) UNIX System Manager's Manual PUSH(8)
PUSH(8) System Manager's Manual PUSH(8)
NNAAMMEE
ppuusshh - fetch mail via POP
@ -69,7 +69,7 @@ EEXXAAMMPPLLEESS
using Kerberos 5.
SSEEEE AALLSSOO
movemail(8), popper(8), from(1)
movemail(8), popper(8), from(1), pfrom(1)
HHIISSTTOORRYY
ppuusshh was written while waiting for mmoovveemmaaiill to finish getting the mail.

4
crypto/kerberosIV/appl/sample/sample_server.c
View File

@ -18,7 +18,7 @@
#include "sample.h"
RCSID("$Id: sample_server.c,v 1.14 1999/11/13 06:28:49 assar Exp $");
RCSID("$Id: sample_server.c,v 1.14.2.1 2000/06/28 19:08:00 assar Exp $");
static void
usage (void)
@ -108,7 +108,7 @@ main(int argc, char **argv)
snprintf(retbuf, sizeof(retbuf),
"Kerberos error: %s\n",
krb_get_err_text(status));
syslog(LOG_ERR, retbuf);
syslog(LOG_ERR, "%s", retbuf);
} else {
/* Check the version string (KRB_SENDAUTH_VLEN chars) */
if (strncmp(version, SAMPLE_VERSION, KRB_SENDAUTH_VLEN)) {

54
crypto/kerberosIV/appl/telnet/ChangeLog
View File

@ -1,3 +1,57 @@
2000-03-26 Assar Westerlund <assar@sics.se>
* telnetd/sys_term.c (*): make sure to always call time, ctime,
and gmtime with `time_t's. there were some types (like in
lastlog) that we believed to always be time_t. this has proven
wrong on Solaris 8 in 64-bit mode, where they are stored as 32-bit
quantities but time_t has gone up to 64 bits
1999-09-16 Assar Westerlund <assar@sics.se>
* telnet/commands.c: revert 1.54, get_default_username should DTRT
now
1999-09-05 Assar Westerlund <assar@sics.se>
* telnetd/utility.c (ttloop): make it return 1 if interrupted by a
signal, which must have been what was meant from the beginning
* telnetd/ext.h (ttloop): update prototype
* telnetd/authenc.c (telnet_spin): actually return the value from
ttloop (otherwise it's kind of bogus)
1999-08-05 Assar Westerlund <assar@sics.se>
* telnetd/sys_term.c (rmut): free utxp
1999-08-04 Assar Westerlund <assar@sics.se>
* telnet/main.c: add -G and config file support. From Miroslav
Ruda <ruda@ics.muni.cz>
* telnetd/sys_term.c (rmut): work around utmpx strangness. From
Miroslav Ruda <ruda@ics.muni.cz>
1999-08-02 Assar Westerlund <assar@sics.se>
* telnetd/telnetd.c (doit): only free hp if != NULL. From: Jonas
Oberg <jonas@coyote.org>
1999-07-29 Assar Westerlund <assar@sics.se>
* telnetd/telnetd.c (doit): remove unused variable mapped_sin
1999-07-26 Assar Westerlund <assar@sics.se>
* telnetd/ext.h: update prototypes
* telnetd/telnetd.c: make it handle v4 and v6 sockets. (it
doesn't handle being given a v6 socket that's really talking to an
v4 adress (mapped) because the rest of the code in telnetd is not
able to handle it anyway). please run two telnetd from your
inetd, one for v4 and one for v6.
1999-07-07 Assar Westerlund <assar@sics.se>
* telnet/commands.c (tn): extra bogus const-cast

16
crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c
View File

@ -55,7 +55,7 @@
#include <config.h>
#endif
RCSID("$Id: kerberos.c,v 1.45 1999/03/13 21:18:55 assar Exp $");
RCSID("$Id: kerberos.c,v 1.46 1999/09/16 20:41:33 assar Exp $");
#ifdef KRB4
#ifdef HAVE_SYS_TYPES_H
@ -180,7 +180,7 @@ kerberos4_send(char *name, Authenticator *ap)
memset(instance, 0, sizeof(instance));
strcpy_truncate (instance,
strlcpy (instance,
krb_get_phost(RemoteHostName),
INST_SZ);
@ -521,7 +521,7 @@ kerberos4_status(Authenticator *ap, char *name, size_t name_sz, int level)
return(level);
if (UserNameRequested && !kuserok(&adat, UserNameRequested)) {
strcpy_truncate(name, UserNameRequested, name_sz);
strlcpy(name, UserNameRequested, name_sz);
return(AUTH_VALID);
} else
return(AUTH_USER);
@ -540,11 +540,11 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
switch(data[3]) {
case KRB_REJECT: /* Rejected (reason might follow) */
strcpy_truncate((char *)buf, " REJECT ", buflen);
strlcpy((char *)buf, " REJECT ", buflen);
goto common;
case KRB_ACCEPT: /* Accepted (name might follow) */
strcpy_truncate((char *)buf, " ACCEPT ", buflen);
strlcpy((char *)buf, " ACCEPT ", buflen);
common:
BUMP(buf, buflen);
if (cnt <= 4)
@ -557,15 +557,15 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
break;
case KRB_AUTH: /* Authentication data follows */
strcpy_truncate((char *)buf, " AUTH", buflen);
strlcpy((char *)buf, " AUTH", buflen);
goto common2;
case KRB_CHALLENGE:
strcpy_truncate((char *)buf, " CHALLENGE", buflen);
strlcpy((char *)buf, " CHALLENGE", buflen);
goto common2;
case KRB_RESPONSE:
strcpy_truncate((char *)buf, " RESPONSE", buflen);
strlcpy((char *)buf, " RESPONSE", buflen);
goto common2;
default:

18
crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c
View File

@ -53,7 +53,7 @@
#include <config.h>
RCSID("$Id: kerberos5.c,v 1.37 1999/06/24 17:09:10 assar Exp $");
RCSID("$Id: kerberos5.c,v 1.38 1999/09/16 20:41:33 assar Exp $");
#ifdef KRB5
@ -587,7 +587,7 @@ kerberos5_status(Authenticator *ap, char *name, size_t name_sz, int level)
ticket->client,
UserNameRequested))
{
strcpy_truncate(name, UserNameRequested, name_sz);
strlcpy(name, UserNameRequested, name_sz);
return(AUTH_VALID);
} else
return(AUTH_USER);
@ -606,11 +606,11 @@ kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
switch(data[3]) {
case KRB_REJECT: /* Rejected (reason might follow) */
strcpy_truncate((char *)buf, " REJECT ", buflen);
strlcpy((char *)buf, " REJECT ", buflen);
goto common;
case KRB_ACCEPT: /* Accepted (name might follow) */
strcpy_truncate((char *)buf, " ACCEPT ", buflen);
strlcpy((char *)buf, " ACCEPT ", buflen);
common:
BUMP(buf, buflen);
if (cnt <= 4)
@ -624,24 +624,24 @@ kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen)
case KRB_AUTH: /* Authentication data follows */
strcpy_truncate((char *)buf, " AUTH", buflen);
strlcpy((char *)buf, " AUTH", buflen);
goto common2;
case KRB_RESPONSE:
strcpy_truncate((char *)buf, " RESPONSE", buflen);
strlcpy((char *)buf, " RESPONSE", buflen);
goto common2;
case KRB_FORWARD: /* Forwarded credentials follow */
strcpy_truncate((char *)buf, " FORWARD", buflen);
strlcpy((char *)buf, " FORWARD", buflen);
goto common2;
case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */
strcpy_truncate((char *)buf, " FORWARD_ACCEPT", buflen);
strlcpy((char *)buf, " FORWARD_ACCEPT", buflen);
goto common2;
case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */
/* (reason might follow) */
strcpy_truncate((char *)buf, " FORWARD_REJECT", buflen);
strlcpy((char *)buf, " FORWARD_REJECT", buflen);
goto common2;
default:

16
crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c
View File

@ -33,7 +33,7 @@
#include <config.h>
RCSID("$Id: krb4encpwd.c,v 1.17 1998/07/09 23:16:29 assar Exp $");
RCSID("$Id: krb4encpwd.c,v 1.18 1999/09/16 20:41:34 assar Exp $");
#ifdef KRB4_ENCPWD
/*
@ -308,7 +308,7 @@ krb4encpwd_reply(ap, data, cnt)
des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0);
UserPassword = user_passwd;
Challenge = challenge;
strcpy_truncate(instance, RemoteHostName, sizeof(instance));
strlcpy(instance, RemoteHostName, sizeof(instance));
if ((cp = strchr(instance, '.')) != 0) *cp = '\0';
if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) {
@ -338,7 +338,7 @@ krb4encpwd_status(ap, name, name_sz, level)
return(level);
if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) {
strcpy_truncate(name, UserNameRequested, name_sz);
strlcpy(name, UserNameRequested, name_sz);
return(AUTH_VALID);
} else {
return(AUTH_USER);
@ -360,11 +360,11 @@ krb4encpwd_printsub(data, cnt, buf, buflen)
switch(data[3]) {
case KRB4_ENCPWD_REJECT: /* Rejected (reason might follow) */
strcpy_truncate((char *)buf, " REJECT ", buflen);
strlcpy((char *)buf, " REJECT ", buflen);
goto common;
case KRB4_ENCPWD_ACCEPT: /* Accepted (name might follow) */
strcpy_truncate((char *)buf, " ACCEPT ", buflen);
strlcpy((char *)buf, " ACCEPT ", buflen);
common:
BUMP(buf, buflen);
if (cnt <= 4)
@ -377,15 +377,15 @@ krb4encpwd_printsub(data, cnt, buf, buflen)
break;
case KRB4_ENCPWD_AUTH: /* Authentication data follows */
strcpy_truncate((char *)buf, " AUTH", buflen);
strlcpy((char *)buf, " AUTH", buflen);
goto common2;
case KRB4_ENCPWD_CHALLENGE:
strcpy_truncate((char *)buf, " CHALLENGE", buflen);
strlcpy((char *)buf, " CHALLENGE", buflen);
goto common2;
case KRB4_ENCPWD_ACK:
strcpy_truncate((char *)buf, " ACK", buflen);
strlcpy((char *)buf, " ACK", buflen);
goto common2;
default:

14
crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c
View File

@ -33,7 +33,7 @@
#include <config.h>
RCSID("$Id: rsaencpwd.c,v 1.17 1998/07/09 23:16:32 assar Exp $");
RCSID("$Id: rsaencpwd.c,v 1.18 1999/09/16 20:41:34 assar Exp $");
#ifdef RSA_ENCPWD
/*
@ -260,7 +260,7 @@ rsaencpwd_is(ap, data, cnt)
snprintf(challenge, sizeof(challenge), "%x", now);
challenge_len = strlen(challenge);
} else {
strcpy_truncate(challenge, "randchal", sizeof(challenge));
strlcpy(challenge, "randchal", sizeof(challenge));
challenge_len = 8;
}
@ -392,7 +392,7 @@ rsaencpwd_status(ap, name, name_sz, level)
return(level);
if (UserNameRequested && rsaencpwd_passwdok(UserNameRequested, UserPassword)) {
strcpy_truncate(name, UserNameRequested, name_sz);
strlcpy(name, UserNameRequested, name_sz);
return(AUTH_VALID);
} else {
return(AUTH_USER);
@ -414,11 +414,11 @@ rsaencpwd_printsub(data, cnt, buf, buflen)
switch(data[3]) {
case RSA_ENCPWD_REJECT: /* Rejected (reason might follow) */
strcpy_truncate((char *)buf, " REJECT ", buflen);
strlcpy((char *)buf, " REJECT ", buflen);
goto common;
case RSA_ENCPWD_ACCEPT: /* Accepted (name might follow) */
strcpy_truncate((char *)buf, " ACCEPT ", buflen);
strlcpy((char *)buf, " ACCEPT ", buflen);
common:
BUMP(buf, buflen);
if (cnt <= 4)
@ -431,11 +431,11 @@ rsaencpwd_printsub(data, cnt, buf, buflen)
break;
case RSA_ENCPWD_AUTH: /* Authentication data follows */
strcpy_truncate((char *)buf, " AUTH", buflen);
strlcpy((char *)buf, " AUTH", buflen);
goto common2;
case RSA_ENCPWD_CHALLENGEKEY:
strcpy_truncate((char *)buf, " CHALLENGEKEY", buflen);
strlcpy((char *)buf, " CHALLENGEKEY", buflen);
goto common2;
default:

10
crypto/kerberosIV/appl/telnet/libtelnet/spx.c
View File

@ -33,7 +33,7 @@
#include <config.h>
RCSID("$Id: spx.c,v 1.16 1998/07/09 23:16:33 assar Exp $");
RCSID("$Id: spx.c,v 1.17 1999/09/16 20:41:34 assar Exp $");
#ifdef SPX
/*
@ -514,7 +514,7 @@ spx_status(ap, name, name_sz, level)
&acl_file_buffer);
if (major_status == GSS_S_COMPLETE) {
strcpy_truncate(name, UserNameRequested, name_sz);
strlcpy(name, UserNameRequested, name_sz);
return(AUTH_VALID);
} else {
return(AUTH_USER);
@ -537,11 +537,11 @@ spx_printsub(data, cnt, buf, buflen)
switch(data[3]) {
case SPX_REJECT: /* Rejected (reason might follow) */
strcpy_truncate((char *)buf, " REJECT ", buflen);
strlcpy((char *)buf, " REJECT ", buflen);
goto common;
case SPX_ACCEPT: /* Accepted (name might follow) */
strcpy_truncate((char *)buf, " ACCEPT ", buflen);
strlcpy((char *)buf, " ACCEPT ", buflen);
common:
BUMP(buf, buflen);
if (cnt <= 4)
@ -554,7 +554,7 @@ spx_printsub(data, cnt, buf, buflen)
break;
case SPX_AUTH: /* Authentication data follows */
strcpy_truncate((char *)buf, " AUTH", buflen);
strlcpy((char *)buf, " AUTH", buflen);
goto common2;
default:

4
crypto/kerberosIV/appl/telnet/telnet/authenc.c
View File

@ -33,7 +33,7 @@
#include "telnet_locl.h"
RCSID("$Id: authenc.c,v 1.9 1999/03/19 23:13:51 assar Exp $");
RCSID("$Id: authenc.c,v 1.10 1999/09/16 20:41:35 assar Exp $");
#if defined(AUTHENTICATION) || defined(ENCRYPTION)
int
@ -82,7 +82,7 @@ telnet_gets(char *prompt, char *result, int length, int echo)
printf("%s", prompt);
res = fgets(result, length, stdin);
} else if ((res = getpass(prompt))) {
strcpy_truncate(result, res, length);
strlcpy(result, res, length);
res = result;
}
TerminalNewMode(om);

16
crypto/kerberosIV/appl/telnet/telnet/commands.c
View File

@ -33,7 +33,7 @@
#include "telnet_locl.h"
RCSID("$Id: commands.c,v 1.53 1999/07/07 14:56:17 assar Exp $");
RCSID("$Id: commands.c,v 1.56 1999/09/16 20:41:35 assar Exp $");
#if defined(IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
@ -67,7 +67,7 @@ makeargv()
cp = line;
if (*cp == '!') { /* Special case shell escape */
/* save for shell command */
strcpy_truncate(saveline, line, sizeof(saveline));
strlcpy(saveline, line, sizeof(saveline));
*argp++ = "!"; /* No room in string to get this */
margc++;
cp++;
@ -1583,7 +1583,7 @@ env_init(void)
if (strchr(hbuf, '.') == 0) {
struct hostent *he = roken_gethostbyname(hbuf);
if (he != NULL)
strcpy_truncate(hbuf, he->h_name, 256);
strlcpy(hbuf, he->h_name, 256);
}
asprintf (&cp, "%s%s", hbuf, cp2);
@ -1981,7 +1981,7 @@ cmdrc(char *m1, char *m2)
if (skiprc)
return;
strcpy_truncate(m1save, m1, sizeof(m1save));
strlcpy(m1save, m1, sizeof(m1save));
m1 = m1save;
if (rcname[0] == 0) {
@ -2075,7 +2075,7 @@ tn(int argc, char **argv)
return 0;
}
if (argc < 2) {
strcpy_truncate(line, "open ", sizeof(line));
strlcpy(line, "open ", sizeof(line));
printf("(to) ");
fgets(&line[strlen(line)], sizeof(line) - strlen(line), stdin);
makeargv();
@ -2146,7 +2146,7 @@ tn(int argc, char **argv)
sin6.sin6_family = family = AF_INET6;
sa = (struct sockaddr *)&sin6;
sa_size = sizeof(sin6);
strcpy_truncate(_hostname, hostp, sizeof(_hostname));
strlcpy(_hostname, hostp, sizeof(_hostname));
hostname =_hostname;
} else
#endif
@ -2154,7 +2154,7 @@ tn(int argc, char **argv)
sin.sin_family = family = AF_INET;
sa = (struct sockaddr *)&sin;
sa_size = sizeof(sin);
strcpy_truncate(_hostname, hostp, sizeof(_hostname));
strlcpy(_hostname, hostp, sizeof(_hostname));
hostname = _hostname;
} else {
#ifdef HAVE_GETHOSTBYNAME2
@ -2167,7 +2167,7 @@ tn(int argc, char **argv)
host = roken_gethostbyname(hostp);
#endif
if (host) {
strcpy_truncate(_hostname, host->h_name, sizeof(_hostname));
strlcpy(_hostname, host->h_name, sizeof(_hostname));
family = host->h_addrtype;
addr_list = host->h_addr_list;

57
crypto/kerberosIV/appl/telnet/telnet/main.c
View File

@ -38,7 +38,7 @@ static char *copyright[] = {
};
#include "telnet_locl.h"
RCSID("$Id: main.c,v 1.27 1999/03/11 13:49:23 joda Exp $");
RCSID("$Id: main.c,v 1.30 1999/11/13 06:30:11 assar Exp $");
/* These values need to be the same as defined in libtelnet/kerberos5.c */
/* Either define them in both places, or put in some common header file. */
@ -69,7 +69,7 @@ usage(void)
{
fprintf(stderr, "Usage: %s %s%s%s%s\n", prompt,
#ifdef AUTHENTICATION
"[-8] [-E] [-K] [-L] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]",
"[-8] [-E] [-K] [-L] [-G] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]",
"\n\t[-k realm] [-l user] [-f/-F] [-n tracefile] ",
#else
"[-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user]",
@ -90,6 +90,11 @@ usage(void)
*/
#ifdef FORWARD
extern int forward_flags;
static int default_forward=0;
#endif /* FORWARD */
#ifdef KRB5
/* XXX ugly hack to setup dns-proxy stuff */
#define Authenticator asn1_Authenticator
@ -99,8 +104,29 @@ krb5_init(void)
{
krb5_context context;
krb5_init_context(&context);
#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
if (krb5_config_get_bool (context, NULL,
"libdefaults", "forward", NULL)) {
forward_flags |= OPTS_FORWARD_CREDS;
default_forward=1;
}
if (krb5_config_get_bool (context, NULL,
"libdefaults", "forwardable", NULL)) {
forward_flags |= OPTS_FORWARDABLE_CREDS;
default_forward=1;
}
#endif
#ifdef ENCRYPTION
if (krb5_config_get_bool (context, NULL,
"libdefaults", "encrypt", NULL)) {
encrypt_auto(1);
decrypt_auto(1);
EncryptVerbose(1);
}
#endif
krb5_free_context(context);
}
#endif
@ -109,9 +135,6 @@ main(int argc, char **argv)
{
int ch;
char *user;
#ifdef FORWARD
extern int forward_flags;
#endif /* FORWARD */
#ifdef KRB5
krb5_init();
@ -137,7 +160,8 @@ main(int argc, char **argv)
*/
autologin = -1;
while((ch = getopt(argc, argv, "78DEKLS:X:abcde:fFk:l:n:rx")) != EOF) {
while((ch = getopt(argc, argv,
"78DEKLS:X:abcde:fFk:l:n:rxG")) != -1) {
switch(ch) {
case '8':
eight = 3; /* binary output and input */
@ -202,7 +226,8 @@ main(int argc, char **argv)
break;
case 'f':
#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
if (forward_flags & OPTS_FORWARD_CREDS) {
if ((forward_flags & OPTS_FORWARD_CREDS) &&
!default_forward) {
fprintf(stderr,
"%s: Only one of -f and -F allowed.\n",
prompt);
@ -217,7 +242,8 @@ main(int argc, char **argv)
break;
case 'F':
#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
if (forward_flags & OPTS_FORWARD_CREDS) {
if ((forward_flags & OPTS_FORWARD_CREDS) &&
!default_forward) {
fprintf(stderr,
"%s: Only one of -f and -F allowed.\n",
prompt);
@ -237,7 +263,7 @@ main(int argc, char **argv)
extern char *dest_realm, dst_realm_buf[];
extern int dst_realm_sz;
dest_realm = dst_realm_buf;
strcpy_truncate(dest_realm, optarg, dst_realm_sz);
strlcpy(dest_realm, optarg, dst_realm_sz);
}
#else
fprintf(stderr,
@ -269,6 +295,17 @@ main(int argc, char **argv)
prompt);
#endif
break;
case 'G':
#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD)
forward_flags ^= OPTS_FORWARD_CREDS;
forward_flags ^= OPTS_FORWARDABLE_CREDS;
#else
fprintf(stderr,
"%s: Warning: -G ignored, no Kerberos V5 support.\n",
prompt);
#endif
break;
case '?':
default:
usage();

4
crypto/kerberosIV/appl/telnet/telnet/network.c
View File

@ -33,7 +33,7 @@
#include "telnet_locl.h"
RCSID("$Id: network.c,v 1.10 1997/05/04 04:01:08 assar Exp $");
RCSID("$Id: network.c,v 1.10.28.1 2000/10/10 13:08:27 assar Exp $");
Ring netoring, netiring;
unsigned char netobuf[2*BUFSIZ], netibuf[BUFSIZ];
@ -69,6 +69,8 @@ stilloob(void)
do {
FD_ZERO(&excepts);
if (net >= FD_SETSIZE)
errx (1, "fd too large");
FD_SET(net, &excepts);
value = select(net+1, 0, 0, &excepts, &timeout);
} while ((value == -1) && (errno == EINTR));

9
crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c
View File

@ -33,7 +33,7 @@
#include "telnet_locl.h"
RCSID("$Id: sys_bsd.c,v 1.23 1998/06/09 19:24:46 joda Exp $");
RCSID("$Id: sys_bsd.c,v 1.23.18.2 2000/10/19 21:21:21 assar Exp $");
/*
* The following routines try to encapsulate what is system dependent
@ -774,6 +774,11 @@ process_rings(int netin,
int returnValue = 0;
static struct timeval TimeValue = { 0 };
if (net >= FD_SETSIZE
|| tout >= FD_SETSIZE
|| tin >= FD_SETSIZE)
errx (1, "fd too large");
if (netout) {
FD_SET(net, &obits);
}
@ -791,7 +796,7 @@ process_rings(int netin,
FD_SET(net, &xbits);
}
#endif
if ((c = select(16, &ibits, &obits, &xbits,
if ((c = select(FD_SETSIZE, &ibits, &obits, &xbits,
(poll == 0)? (struct timeval *)0 : &TimeValue)) < 0) {
if (c == -1) {
/*

9
crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h
View File

@ -14,12 +14,7 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the Kungliga Tekniska
* Högskolan and its contributors.
*
* 4. Neither the name of the Institute nor the names of its contributors
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
@ -36,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: telnet_locl.h,v 1.16.8.1 1999/07/22 03:22:52 assar Exp $ */
/* $Id: telnet_locl.h,v 1.18 1999/12/02 16:58:34 joda Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>

9
crypto/kerberosIV/appl/telnet/telnet/utilities.c
View File

@ -37,7 +37,7 @@
#include "telnet_locl.h"
RCSID("$Id: utilities.c,v 1.21 1998/06/09 19:24:47 joda Exp $");
RCSID("$Id: utilities.c,v 1.22.2.1 2000/10/10 13:10:27 assar Exp $");
FILE *NetTrace = 0; /* Not in bss, since needs to stay */
int prettydump;
@ -82,13 +82,13 @@ SetNetTrace(char *file)
if (file && (strcmp(file, "-") != 0)) {
NetTrace = fopen(file, "w");
if (NetTrace) {
strcpy_truncate(NetTraceFile, file, sizeof(NetTraceFile));
strlcpy(NetTraceFile, file, sizeof(NetTraceFile));
return;
}
fprintf(stderr, "Cannot open %s.\n", file);
}
NetTrace = stdout;
strcpy_truncate(NetTraceFile, "(standard output)", sizeof(NetTraceFile));
strlcpy(NetTraceFile, "(standard output)", sizeof(NetTraceFile));
}
void
@ -817,6 +817,9 @@ EmptyTerminal(void)
FD_ZERO(&outs);
if (tout >= FD_SETSIZE)
ExitString("fd too large", 1);
if (TTYBYTES() == 0) {
FD_SET(tout, &outs);
select(tout+1, 0, &outs, 0,

5
crypto/kerberosIV/appl/telnet/telnetd/authenc.c
View File

@ -33,7 +33,7 @@
#include "telnetd.h"
RCSID("$Id: authenc.c,v 1.8 1998/07/09 23:16:37 assar Exp $");
RCSID("$Id: authenc.c,v 1.9 1999/09/05 19:14:50 assar Exp $");
#ifdef AUTHENTICATION
@ -63,8 +63,7 @@ net_encrypt(void)
int
telnet_spin(void)
{
ttloop();
return(0);
return ttloop();
}
char *

6
crypto/kerberosIV/appl/telnet/telnetd/ext.h
View File

@ -33,7 +33,7 @@
* @(#)ext.h 8.2 (Berkeley) 12/15/93
*/
/* $Id: ext.h,v 1.17 1998/07/09 23:16:38 assar Exp $ */
/* $Id: ext.h,v 1.19 1999/09/05 19:15:21 assar Exp $ */
#ifndef __EXT_H__
#define __EXT_H__
@ -121,11 +121,9 @@ void init_env (void);
void start_login (char *host, int autologin, char *name);
void cleanup (int sig);
int main (int argc, char **argv);
void usage (void);
int getterminaltype (char *name, size_t);
void _gettermname (void);
int terminaltypeok (char *s);
void doit (struct sockaddr_in *who);
void my_telnet (int f, int p, char*, int, char*);
void interrupt (void);
void sendbrk (void);
@ -134,7 +132,7 @@ void recv_ayt (void);
void doeof (void);
void flowstat (void);
void clientstat (int code, int parm1, int parm2);
void ttloop (void);
int ttloop (void);
int stilloob (int s);
void ptyflush (void);
char *nextitem (char *current);

72
crypto/kerberosIV/appl/telnet/telnetd/sys_term.c
View File

@ -33,7 +33,7 @@
#include "telnetd.h"
RCSID("$Id: sys_term.c,v 1.85.2.1 1999/07/22 03:23:19 assar Exp $");
RCSID("$Id: sys_term.c,v 1.89.2.6 2000/12/08 23:34:05 assar Exp $");
#if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H))
# define PARENT_DOES_UTMP
@ -388,7 +388,7 @@ int getpty(int *ptynum)
p = _getpty(&master, O_RDWR, 0600, 1);
if(p == NULL)
return -1;
strcpy_truncate(line, p, sizeof(Xline));
strlcpy(line, p, sizeof(Xline));
return master;
#else
@ -420,7 +420,7 @@ int getpty(int *ptynum)
#ifdef HAVE_UNLOCKPT
unlockpt(p);
#endif
strcpy_truncate(line, ptsname(p), sizeof(Xline));
strlcpy(line, ptsname(p), sizeof(Xline));
really_stream = 1;
return p;
}
@ -1154,7 +1154,7 @@ startslave(char *host, int autologin, char *autoname)
/*
* Create utmp entry for child
*/
time(&wtmp.ut_time);
wtmp.ut_time = time(NULL);
wtmp.ut_type = LOGIN_PROCESS;
wtmp.ut_pid = pid;
strncpy(wtmp.ut_user, "LOGIN", sizeof(wtmp.ut_user));
@ -1205,26 +1205,50 @@ init_env(void)
/*
* scrub_env()
*
* Remove variables from the environment that might cause login to
* behave in a bad manner. To avoid this, login should be staticly
* linked.
* We only accept the environment variables listed below.
*/
static void scrub_env(void)
static void
scrub_env(void)
{
static char *remove[] = { "LD_", "_RLD_", "LIBPATH=", "IFS=", NULL };
static const char *reject[] = {
"TERMCAP=/",
NULL
};
static const char *accept[] = {
"XAUTH=", "XAUTHORITY=", "DISPLAY=",
"TERM=",
"EDITOR=",
"PAGER=",
"PRINTER=",
"LOGNAME=",
"POSIXLY_CORRECT=",
"TERMCAP=",
NULL
};
char **cpp, **cpp2;
char **p;
const char **p;
for (cpp2 = cpp = environ; *cpp; cpp++) {
for(p = remove; *p; p++)
int reject_it = 0;
for(p = reject; *p; p++)
if(strncmp(*cpp, *p, strlen(*p)) == 0) {
reject_it = 1;
break;
}
if (reject_it)
continue;
for(p = accept; *p; p++)
if(strncmp(*cpp, *p, strlen(*p)) == 0)
break;
if(*p == NULL)
if(*p != NULL)
*cpp2++ = *cpp;
}
*cpp2 = 0;
*cpp2 = NULL;
}
@ -1376,7 +1400,7 @@ static int addarg(struct arg_val *argv, char *val)
static void
rmut(void)
{
struct utmpx *utxp, utmpx;
struct utmpx utmpx, *non_save_utxp;
char *clean_tty = clean_ttyname(line);
/*
@ -1387,8 +1411,14 @@ rmut(void)
memset(&utmpx, 0, sizeof(utmpx));
strncpy(utmpx.ut_line, clean_tty, sizeof(utmpx.ut_line));
utmpx.ut_type = LOGIN_PROCESS;
utxp = getutxline(&utmpx);
if (utxp) {
non_save_utxp = getutxline(&utmpx);
if (non_save_utxp) {
struct utmpx *utxp;
char user0;
utxp = malloc(sizeof(struct utmpx));
*utxp = *non_save_utxp;
user0 = utxp->ut_user[0];
utxp->ut_user[0] = '\0';
utxp->ut_type = DEAD_PROCESS;
#ifdef HAVE_STRUCT_UTMPX_UT_EXIT
@ -1406,6 +1436,7 @@ rmut(void)
gettimeofday(&utxp->ut_tv, NULL);
pututxline(utxp);
#ifdef WTMPX_FILE
utxp->ut_user[0] = user0;
updwtmpx(WTMPX_FILE, utxp);
#elif defined(WTMP_FILE)
/* This is a strange system with a utmpx and a wtmp! */
@ -1418,14 +1449,13 @@ rmut(void)
#ifdef HAVE_STRUCT_UTMP_UT_HOST
strncpy(wtmp.ut_host, "", sizeof(wtmp.ut_host));
#endif
time(&wtmp.ut_time);
wtmp.ut_time = time(NULL);
write(f, &wtmp, sizeof(wtmp));
close(f);
}
}
#else
#endif
free (utxp);
}
endutxent();
} /* end of rmut */
@ -1463,7 +1493,7 @@ rmut(void)
#ifdef HAVE_STRUCT_UTMP_UT_HOST
strncpy(u->ut_host, "", sizeof(u->ut_host));
#endif
time(&u->ut_time);
u->ut_time = time(NULL);
write(f, u, sizeof(wtmp));
found++;
}
@ -1478,7 +1508,7 @@ rmut(void)
#ifdef HAVE_STRUCT_UTMP_UT_HOST
strncpy(wtmp.ut_host, "", sizeof(wtmp.ut_host));
#endif
time(&wtmp.ut_time);
wtmp.ut_time = time(NULL);
write(f, &wtmp, sizeof(wtmp));
close(f);
}

104
crypto/kerberosIV/appl/telnet/telnetd/telnetd.c
View File

@ -33,7 +33,7 @@
#include "telnetd.h"
RCSID("$Id: telnetd.c,v 1.53 1999/03/15 16:40:52 joda Exp $");
RCSID("$Id: telnetd.c,v 1.58.2.1 2000/10/10 13:12:08 assar Exp $");
#ifdef _SC_CRAY_SECURE_SYS
#include <sys/sysv.h>
@ -117,7 +117,7 @@ int debug = 0;
int keepalive = 1;
char *progname;
extern void usage (void);
static void usage (void);
/*
* The string to pass to getopt(). We do it this way so
@ -136,12 +136,14 @@ char valid_opts[] = "Bd:hklnS:u:UL:y"
#endif
;
void doit(struct sockaddr_in*);
static void doit(struct sockaddr*, int);
int main(int argc, char **argv)
int
main(int argc, char **argv)
{
struct sockaddr_in from;
int on = 1, fromlen;
struct sockaddr_storage __ss;
struct sockaddr *sa = (struct sockaddr *)&__ss;
int on = 1, sa_size;
int ch;
#if defined(IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
@ -167,7 +169,7 @@ int main(int argc, char **argv)
highpty = getnpty();
#endif /* CRAY */
while ((ch = getopt(argc, argv, valid_opts)) != EOF) {
while ((ch = getopt(argc, argv, valid_opts)) != -1) {
switch(ch) {
#ifdef AUTHENTICATION
@ -406,14 +408,14 @@ int main(int argc, char **argv)
#endif /* _SC_CRAY_SECURE_SYS */
roken_openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON);
fromlen = sizeof (from);
if (getpeername(STDIN_FILENO, (struct sockaddr *)&from, &fromlen) < 0) {
sa_size = sizeof (__ss);
if (getpeername(STDIN_FILENO, sa, &sa_size) < 0) {
fprintf(stderr, "%s: ", progname);
perror("getpeername");
_exit(1);
}
if (keepalive &&
setsockopt(0, SOL_SOCKET, SO_KEEPALIVE,
setsockopt(STDIN_FILENO, SOL_SOCKET, SO_KEEPALIVE,
(void *)&on, sizeof (on)) < 0) {
syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m");
}
@ -428,20 +430,21 @@ int main(int argc, char **argv)
if (tos < 0)
tos = 020; /* Low Delay bit */
if (tos
&& (setsockopt(0, IPPROTO_IP, IP_TOS,
&& sa->sa_family == AF_INET
&& (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS,
(void *)&tos, sizeof(tos)) < 0)
&& (errno != ENOPROTOOPT) )
syslog(LOG_WARNING, "setsockopt (IP_TOS): %m");
}
#endif /* defined(IPPROTO_IP) && defined(IP_TOS) */
net = 0;
doit(&from);
net = STDIN_FILENO;
doit(sa, sa_size);
/* NOTREACHED */
return 0;
} /* end of main */
void
usage()
static void
usage(void)
{
fprintf(stderr, "Usage: telnetd");
#ifdef AUTHENTICATION
@ -591,12 +594,12 @@ getterminaltype(char *name, size_t name_sz)
* we have to just go with what we (might) have already gotten.
*/
if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) {
strcpy_truncate(first, terminaltype, sizeof(first));
strlcpy(first, terminaltype, sizeof(first));
for(;;) {
/*
* Save the unknown name, and request the next name.
*/
strcpy_truncate(last, terminaltype, sizeof(last));
strlcpy(last, terminaltype, sizeof(last));
_gettermname();
if (terminaltypeok(terminaltype))
break;
@ -656,14 +659,20 @@ char remote_host_name[MaxHostNameLen];
/*
* Get a pty, scan input lines.
*/
void
doit(struct sockaddr_in *who)
static void
doit(struct sockaddr *who, int who_len)
{
char *host = NULL;
struct hostent *hp;
struct hostent *hp = NULL;
int level;
int ptynum;
char user_name[256];
int error;
char host_addr[256];
void *addr;
int addr_sz;
const char *tmp;
int af;
/*
* Find an available pty to use.
@ -688,24 +697,52 @@ doit(struct sockaddr_in *who)
}
#endif /* _SC_CRAY_SECURE_SYS */
/* get name of connected client */
hp = roken_gethostbyaddr((const char *)&who->sin_addr,
sizeof (struct in_addr),
who->sin_family);
af = who->sa_family;
switch (af) {
case AF_INET : {
struct sockaddr_in *sin = (struct sockaddr_in *)who;
addr = &sin->sin_addr;
addr_sz = sizeof(sin->sin_addr);
break;
}
#ifdef HAVE_IPV6
case AF_INET6 : {
struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)who;
addr = &sin6->sin6_addr;
addr_sz = sizeof(sin6->sin6_addr);
break;
}
#endif
default :
fatal (net, "Unknown address family\r\n");
break;
}
hp = getipnodebyaddr (addr, addr_sz, af, &error);
if (hp == NULL && registerd_host_only) {
fatal(net, "Couldn't resolve your address into a host name.\r\n\
Please contact your net administrator");
} else if (hp) {
} else if (hp != NULL) {
host = hp->h_name;
} else {
host = inet_ntoa(who->sin_addr);
}
tmp = inet_ntop(af, addr, host_addr, sizeof(host_addr));
if (tmp == NULL)
strlcpy (host_addr, "unknown address", sizeof(host_addr));
if (host == NULL)
host = host_addr;
/*
* We must make a copy because Kerberos is probably going
* to also do a gethost* and overwrite the static data...
*/
strcpy_truncate(remote_host_name, host, sizeof(remote_host_name));
strlcpy(remote_host_name, host, sizeof(remote_host_name));
if (hp != NULL)
freehostent (hp);
host = remote_host_name;
/* XXX - should be k_gethostname? */
@ -725,9 +762,9 @@ Please contact your net administrator");
* If hostname still doesn't fit utmp, use ipaddr.
*/
if (strlen(remote_host_name) > abs(utmp_len))
strcpy_truncate(remote_host_name,
inet_ntoa(who->sin_addr),
sizeof(remote_host_name));
strlcpy(remote_host_name,
host_addr,
sizeof(remote_host_name));
#ifdef AUTHENTICATION
auth_encrypt_init(hostname, host, "TELNETD", 1);
@ -970,6 +1007,11 @@ my_telnet(int f, int p, char *host, int level, char *autoname)
FD_ZERO(&ibits);
FD_ZERO(&obits);
FD_ZERO(&xbits);
if (f >= FD_SETSIZE
|| p >= FD_SETSIZE)
fatal(net, "fd too large");
/*
* Never look for input if there's still
* stuff in the corresponding output buffer

12
crypto/kerberosIV/appl/telnet/telnetd/telnetd.h
View File

@ -124,10 +124,6 @@
#include "defs.h"
#ifdef HAVE_ARPA_TELNET_H
#include <arpa/telnet.h>
#endif
#ifndef _POSIX_VDISABLE
# ifdef VDISABLE
# define _POSIX_VDISABLE VDISABLE
@ -152,12 +148,16 @@
#include <sys/utsname.h>
#endif
#include "ext.h"
#ifdef HAVE_PATHS_H
#include <paths.h>
#endif
#ifdef HAVE_ARPA_TELNET_H
#include <arpa/telnet.h>
#endif
#include "ext.h"
#ifdef SOCKS
#include <socks.h>
/* This doesn't belong here. */

16
crypto/kerberosIV/appl/telnet/telnetd/utility.c
View File

@ -34,7 +34,7 @@
#define PRINTOPTIONS
#include "telnetd.h"
RCSID("$Id: utility.c,v 1.20 1998/06/13 00:06:56 assar Exp $");
RCSID("$Id: utility.c,v 1.22.2.1 2000/10/10 13:12:34 assar Exp $");
/*
* utility functions performing io related tasks
@ -47,9 +47,11 @@ RCSID("$Id: utility.c,v 1.20 1998/06/13 00:06:56 assar Exp $");
* data from the network, and pass it through the telnet state
* machine. We also flush the pty input buffer (by dropping its data)
* if it becomes too full.
*
* return 0 if OK or 1 if interrupted by a signal.
*/
void
int
ttloop(void)
{
void netflush(void);
@ -61,10 +63,12 @@ ttloop(void)
netflush();
ncc = read(net, netibuf, sizeof netibuf);
if (ncc < 0) {
if (errno == EINTR)
return 1;
syslog(LOG_INFO, "ttloop: read: %m\n");
exit(1);
} else if (ncc == 0) {
syslog(LOG_INFO, "ttloop: peer died: %m\n");
syslog(LOG_INFO, "ttloop: peer died\n");
exit(1);
}
DIAG(TD_REPORT, {
@ -76,6 +80,7 @@ ttloop(void)
pfrontp = pbackp = ptyobuf;
telrcv();
}
return 0;
} /* end of ttloop */
/*
@ -88,6 +93,9 @@ stilloob(int s)
fd_set excepts;
int value;
if (s >= FD_SETSIZE)
fatal(ourpty, "fd too large");
do {
FD_ZERO(&excepts);
FD_SET(s, &excepts);
@ -395,7 +403,7 @@ void edithost(char *pat, char *host)
pat++;
}
if (*host)
strcpy_truncate (res, host,
strlcpy (res, host,
sizeof editedhost - (res - editedhost));
else
*res = '\0';

4
crypto/kerberosIV/cf/krb-find-db.m4
View File

@ -1,4 +1,4 @@
dnl $Id: krb-find-db.m4,v 1.5 1999/05/08 02:24:04 assar Exp $
dnl $Id: krb-find-db.m4,v 1.5.16.1 2000/08/16 04:11:57 assar Exp $
dnl
dnl find a suitable database library
dnl
@ -28,6 +28,8 @@ for i in $1; do
#include <fcntl.h>
#if defined(HAVE_NDBM_H)
#include <ndbm.h>
#elif defined(HAVE_GDBM_NDBM_H)
#include <gdbm/ndbm.h>
#elif defined(HAVE_DBM_H)
#include <dbm.h>
#elif defined(HAVE_RPCSVC_DBM_H)

11
crypto/kerberosIV/cf/shared-libs.m4
View File

@ -1,5 +1,5 @@
dnl
dnl $Id: shared-libs.m4,v 1.4 1999/07/13 17:47:09 assar Exp $
dnl $Id: shared-libs.m4,v 1.4.14.3 2000/12/07 18:03:00 bg Exp $
dnl
dnl Shared library stuff has to be different everywhere
dnl
@ -65,7 +65,7 @@ case "${host}" in
install_symlink_command2='$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) -f $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
;;
changequote(,)dnl
*-*-freebsd[34]*)
*-*-freebsd[345]* | *-*-freebsdelf[345]*)
changequote([,])dnl
REAL_SHLIBEXT=so.$SHLIB_VERSION
REAL_LD_FLAGS='-Wl,-R$(libdir)'
@ -84,9 +84,14 @@ changequote([,])dnl
LDSHARED='ld -shared -expect_unresolved \*'
;;
*-*-solaris2*)
LDSHARED='$(CC) -shared -Wl,-h$(LIBNAME).so.'"${SHLIB_SONAME}"
REAL_SHLIBEXT=so.$SHLIB_VERSION
build_symlink_command='$(LN_S) [$][@] $(LIBNAME).so'
install_symlink_command='$(LN_S) $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so.'"${SHLIB_SONAME}"';$(LN_S) $(LIB) $(DESTDIR)$(libdir)/$(LIBNAME).so'
install_symlink_command2='$(LN_S) $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so.'"${SHLIB_SONAME}"';$(LN_S) $(LIB2) $(DESTDIR)$(libdir)/$(LIBNAME2).so'
REAL_LD_FLAGS='-Wl,-R$(libdir)'
if test -z "$GCC"; then
LDSHARED='$(CC) -G'
LDSHARED='$(CC) -G -h$(LIBNAME).so.'"${SHLIB_SONAME}"
REAL_PICFLAGS="-Kpic"
fi
;;

727
crypto/kerberosIV/config.guess vendored
View File

File diff suppressed because it is too large Load Diff

487
crypto/kerberosIV/config.sub vendored
View File

@ -1,6 +1,10 @@
#! /bin/sh
# Configuration validation subroutine script, version 1.1.
# Copyright (C) 1991, 92-97, 1998 Free Software Foundation, Inc.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000
# Free Software Foundation, Inc.
version='2000-09-11'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
# can handle that machine. It does not imply ALL GNU software can.
@ -25,6 +29,8 @@
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# Please send patches to <config-patches@gnu.org>.
#
# Configuration subroutine to validate and canonicalize a configuration type.
# Supply the specified configuration type as an argument.
# If it is invalid, we print an error message on stderr and exit with code 1.
@ -45,30 +51,61 @@
# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
# It is wrong to echo any other type of specification.
if [ x$1 = x ]
then
echo Configuration name missing. 1>&2
echo "Usage: $0 CPU-MFR-OPSYS" 1>&2
echo "or $0 ALIAS" 1>&2
echo where ALIAS is a recognized configuration type. 1>&2
exit 1
fi
me=`echo "$0" | sed -e 's,.*/,,'`
# First pass through any local machine types.
case $1 in
*local*)
echo $1
exit 0
;;
*)
;;
usage="\
Usage: $0 [OPTION] CPU-MFR-OPSYS
$0 [OPTION] ALIAS
Canonicalize a configuration name.
Operation modes:
-h, --help print this help, then exit
-V, --version print version number, then exit"
help="
Try \`$me --help' for more information."
# Parse command line
while test $# -gt 0 ; do
case "$1" in
--version | --vers* | -V )
echo "$version" ; exit 0 ;;
--help | --h* | -h )
echo "$usage"; exit 0 ;;
-- ) # Stop option processing
shift; break ;;
- ) # Use stdin as input.
break ;;
-* )
exec >&2
echo "$me: invalid option $1"
echo "$help"
exit 1 ;;
*local*)
# First pass through any local machine types.
echo $1
exit 0;;
* )
break ;;
esac
done
case $# in
0) echo "$me: missing argument$help" >&2
exit 1;;
1) ;;
*) echo "$me: too many arguments$help" >&2
exit 1;;
esac
# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
linux-gnu*)
nto-qnx* | linux-gnu*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
@ -94,15 +131,25 @@ case $os in
-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
-apple)
-apple | -axis)
os=
basic_machine=$1
;;
-sim | -cisco | -oki | -wec | -winbond)
os=
basic_machine=$1
;;
-scout)
;;
-wrs)
os=-vxworks
basic_machine=$1
;;
-hiux*)
os=-hiuxwe2
;;
-sco5)
os=sco3.2v5
os=-sco3.2v5
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-sco4)
@ -121,6 +168,9 @@ case $os in
os=-sco3.2v2
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-udk*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
;;
-isc)
os=-isc2.2
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
@ -143,26 +193,46 @@ case $os in
-psos*)
os=-psos
;;
-mint | -mint[0-9]*)
basic_machine=m68k-atari
os=-mint
;;
esac
# Decode aliases for certain CPU-COMPANY combinations.
case $basic_machine in
# Recognize the basic CPU types without company name.
# Some are omitted here because they have special meanings below.
tahoe | i860 | m32r | m68k | m68000 | m88k | ns32k | arc | arm \
| arme[lb] | pyramid | mn10200 | mn10300 \
| tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \
| alpha | alphaev5 | alphaev56 | we32k | ns16k | clipper \
| i370 | sh | powerpc | powerpcle | 1750a | dsp16xx | pdp11 \
| mips64 | mipsel | mips64el | mips64orion | mips64orionel \
| mipstx39 | mipstx39el \
| sparc | sparclet | sparclite | sparc64 | v850)
tahoe | i860 | ia64 | m32r | m68k | m68000 | m88k | ns32k | arc | arm \
| arme[lb] | armv[2345] | armv[345][lb] | pyramid | mn10200 | mn10300 | tron | a29k \
| 580 | i960 | h8300 \
| x86 | ppcbe | mipsbe | mipsle | shbe | shle | armbe | armle \
| hppa | hppa1.0 | hppa1.1 | hppa2.0 | hppa2.0w | hppa2.0n \
| hppa64 \
| alpha | alphaev[4-8] | alphaev56 | alphapca5[67] \
| alphaev6[78] \
| we32k | ns16k | clipper | i370 | sh | sh[34] \
| powerpc | powerpcle \
| 1750a | dsp16xx | pdp11 | mips16 | mips64 | mipsel | mips64el \
| mips64orion | mips64orionel | mipstx39 | mipstx39el \
| mips64vr4300 | mips64vr4300el | mips64vr4100 | mips64vr4100el \
| mips64vr5000 | miprs64vr5000el | mcore \
| sparc | sparclet | sparclite | sparc64 | sparcv9 | v850 | c4x \
| thumb | d10v | d30v | fr30 | avr)
basic_machine=$basic_machine-unknown
;;
m6811 | m68hc11 | m6812 | m68hc12)
# Motorola 68HC11/12.
basic_machine=$basic_machine-unknown
os=-none
;;
m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | z8k | v70 | h8500 | w65 | pj | pjl)
;;
# We use `pc' rather than `unknown'
# because (1) that's what they normally are, and
# (2) the word "unknown" tends to confuse beginning users.
i[34567]86)
i[234567]86 | x86_64)
basic_machine=$basic_machine-pc
;;
# Object if more than one company name word.
@ -171,27 +241,49 @@ case $basic_machine in
exit 1
;;
# Recognize the basic CPU types with company name.
vax-* | tahoe-* | i[34567]86-* | i860-* | m32r-* | m68k-* | m68000-* \
# FIXME: clean up the formatting here.
vax-* | tahoe-* | i[234567]86-* | i860-* | ia64-* | m32r-* | m68k-* | m68000-* \
| m88k-* | sparc-* | ns32k-* | fx80-* | arc-* | arm-* | c[123]* \
| mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* \
| power-* | none-* | 580-* | cray2-* | h8300-* | i960-* \
| xmp-* | ymp-* | hppa-* | hppa1.0-* | hppa1.1-* \
| alpha-* | alphaev5-* | alphaev56-* | we32k-* | cydra-* \
| ns16k-* | pn-* | np1-* | xps100-* | clipper-* | orion-* \
| power-* | none-* | 580-* | cray2-* | h8300-* | h8500-* | i960-* \
| xmp-* | ymp-* \
| x86-* | ppcbe-* | mipsbe-* | mipsle-* | shbe-* | shle-* | armbe-* | armle-* \
| hppa-* | hppa1.0-* | hppa1.1-* | hppa2.0-* | hppa2.0w-* \
| hppa2.0n-* | hppa64-* \
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphapca5[67]-* \
| alphaev6[78]-* \
| we32k-* | cydra-* | ns16k-* | pn-* | np1-* | xps100-* \
| clipper-* | orion-* \
| sparclite-* | pdp11-* | sh-* | powerpc-* | powerpcle-* \
| sparc64-* | mips64-* | mipsel-* \
| mips64el-* | mips64orion-* | mips64orionel-* \
| mipstx39-* | mipstx39el-* \
| f301-*)
| sparc64-* | sparcv9-* | sparc86x-* | mips16-* | mips64-* | mipsel-* \
| mips64el-* | mips64orion-* | mips64orionel-* \
| mips64vr4100-* | mips64vr4100el-* | mips64vr4300-* | mips64vr4300el-* \
| mipstx39-* | mipstx39el-* | mcore-* \
| f301-* | armv*-* | s390-* | sv1-* | t3e-* \
| m88110-* | m680[01234]0-* | m683?2-* | m68360-* | z8k-* | d10v-* \
| thumb-* | v850-* | d30v-* | tic30-* | c30-* | fr30-* \
| bs2000-* | tic54x-* | c54x-* | x86_64-*)
;;
# Recognize the various machine names and aliases which stand
# for a CPU type and a company and sometimes even an OS.
386bsd)
basic_machine=i386-unknown
os=-bsd
;;
3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
basic_machine=m68000-att
;;
3b*)
basic_machine=we32k-att
;;
a29khif)
basic_machine=a29k-amd
os=-udi
;;
adobe68k)
basic_machine=m68010-adobe
os=-scout
;;
alliant | fx80)
basic_machine=fx80-alliant
;;
@ -207,20 +299,24 @@ case $basic_machine in
os=-sysv
;;
amiga | amiga-*)
basic_machine=m68k-cbm
basic_machine=m68k-unknown
;;
amigaos | amigados)
basic_machine=m68k-cbm
basic_machine=m68k-unknown
os=-amigaos
;;
amigaunix | amix)
basic_machine=m68k-cbm
basic_machine=m68k-unknown
os=-sysv4
;;
apollo68)
basic_machine=m68k-apollo
os=-sysv
;;
apollo68bsd)
basic_machine=m68k-apollo
os=-bsd
;;
aux)
basic_machine=m68k-apple
os=-aux
@ -258,12 +354,15 @@ case $basic_machine in
os=-unicos
;;
[ctj]90-cray)
#basic_machine=c90-cray
basic_machine=c90-cray
os=-unicos
;;
crds | unos)
basic_machine=m68k-crds
;;
cris | cris-* | etrax*)
basic_machine=cris-axis
;;
da30 | da30-*)
basic_machine=m68k-da30
;;
@ -297,6 +396,10 @@ case $basic_machine in
encore | umax | mmax)
basic_machine=ns32k-encore
;;
es1800 | OSE68k | ose68k | ose | OSE)
basic_machine=m68k-ericsson
os=-ose
;;
fx2800)
basic_machine=i860-alliant
;;
@ -315,6 +418,14 @@ case $basic_machine in
basic_machine=h8300-hitachi
os=-hms
;;
h8300xray)
basic_machine=h8300-hitachi
os=-xray
;;
h8500hms)
basic_machine=h8500-hitachi
os=-hms
;;
harris)
basic_machine=m88k-harris
os=-sysv3
@ -330,13 +441,30 @@ case $basic_machine in
basic_machine=m68k-hp
os=-hpux
;;
hp3k9[0-9][0-9] | hp9[0-9][0-9])
basic_machine=hppa1.0-hp
;;
hp9k2[0-9][0-9] | hp9k31[0-9])
basic_machine=m68000-hp
;;
hp9k3[2-9][0-9])
basic_machine=m68k-hp
;;
hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7)
hp9k6[0-9][0-9] | hp6[0-9][0-9])
basic_machine=hppa1.0-hp
;;
hp9k7[0-79][0-9] | hp7[0-79][0-9])
basic_machine=hppa1.1-hp
;;
hp9k78[0-9] | hp78[0-9])
# FIXME: really hppa2.0-hp
basic_machine=hppa1.1-hp
;;
hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
# FIXME: really hppa2.0-hp
basic_machine=hppa1.1-hp
;;
hp9k8[0-9][13679] | hp8[0-9][13679])
basic_machine=hppa1.1-hp
;;
hp9k8[0-9][0-9] | hp8[0-9][0-9])
@ -345,9 +473,16 @@ case $basic_machine in
hppa-next)
os=-nextstep3
;;
hppaosf)
basic_machine=hppa1.1-hp
os=-osf
;;
hppro)
basic_machine=hppa1.1-hp
os=-proelf
;;
i370-ibm* | ibm*)
basic_machine=i370-ibm
os=-mvs
;;
# I'm not sure what "Sysv32" means. Should this be sysv3.2?
i[34567]86v32)
@ -366,6 +501,26 @@ case $basic_machine in
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
os=-solaris2
;;
i386mach)
basic_machine=i386-mach
os=-mach
;;
i386-vsta | vsta)
basic_machine=i386-unknown
os=-vsta
;;
i386-go32 | go32)
basic_machine=i386-unknown
os=-go32
;;
i386-mingw32 | mingw32)
basic_machine=i386-unknown
os=-mingw32
;;
i[34567]86-pw32 | pw32)
basic_machine=i586-unknown
os=-pw32
;;
iris | iris4d)
basic_machine=mips-sgi
case $os in
@ -394,6 +549,10 @@ case $basic_machine in
miniframe)
basic_machine=m68000-convergent
;;
*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
basic_machine=m68k-atari
os=-mint
;;
mipsel*-linux*)
basic_machine=mipsel-unknown
os=-linux-gnu
@ -408,10 +567,34 @@ case $basic_machine in
mips3*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
;;
mmix*)
basic_machine=mmix-knuth
os=-mmixware
;;
monitor)
basic_machine=m68k-rom68k
os=-coff
;;
msdos)
basic_machine=i386-unknown
os=-msdos
;;
mvs)
basic_machine=i370-ibm
os=-mvs
;;
ncr3000)
basic_machine=i486-ncr
os=-sysv4
;;
netbsd386)
basic_machine=i386-unknown
os=-netbsd
;;
netwinder)
basic_machine=armv4l-rebel
os=-linux
;;
news | news700 | news800 | news900)
basic_machine=m68k-sony
os=-newsos
@ -424,6 +607,10 @@ case $basic_machine in
basic_machine=mips-sony
os=-newsos
;;
necv70)
basic_machine=v70-nec
os=-sysv
;;
next | m*-next )
basic_machine=m68k-next
case $os in
@ -449,9 +636,28 @@ case $basic_machine in
basic_machine=i960-intel
os=-nindy
;;
mon960)
basic_machine=i960-intel
os=-mon960
;;
np1)
basic_machine=np1-gould
;;
nsr-tandem)
basic_machine=nsr-tandem
;;
op50n-* | op60c-*)
basic_machine=hppa1.1-oki
os=-proelf
;;
OSE68000 | ose68000)
basic_machine=m68000-ericsson
os=-ose
;;
os68k)
basic_machine=m68k-none
os=-os68k
;;
pa-hitachi)
basic_machine=hppa1.1-hitachi
os=-hiuxwe2
@ -469,19 +675,19 @@ case $basic_machine in
pc532 | pc532-*)
basic_machine=ns32k-pc532
;;
pentium | p5 | k5 | nexen)
pentium | p5 | k5 | k6 | nexen)
basic_machine=i586-pc
;;
pentiumpro | p6 | k6 | 6x86)
pentiumpro | p6 | 6x86 | athlon)
basic_machine=i686-pc
;;
pentiumii | pentium2)
basic_machine=i786-pc
;;
pentium-* | p5-* | k5-* | nexen-*)
pentium-* | p5-* | k5-* | k6-* | nexen-*)
basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pentiumpro-* | p6-* | k6-* | 6x86-*)
pentiumpro-* | p6-* | 6x86-* | athlon-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
;;
pentiumii-* | pentium2-*)
@ -505,12 +711,20 @@ case $basic_machine in
ps2)
basic_machine=i386-ibm
;;
rom68k)
basic_machine=m68k-rom68k
os=-coff
;;
rm[46]00)
basic_machine=mips-siemens
;;
rtpc | rtpc-*)
basic_machine=romp-ibm
;;
sa29200)
basic_machine=a29k-amd
os=-udi
;;
sequent)
basic_machine=i386-sequent
;;
@ -518,6 +732,10 @@ case $basic_machine in
basic_machine=sh-hitachi
os=-hms
;;
sparclite-wrs)
basic_machine=sparclite-wrs
os=-vxworks
;;
sps7)
basic_machine=m68k-bull
os=-sysv2
@ -525,6 +743,13 @@ case $basic_machine in
spur)
basic_machine=spur-unknown
;;
st2000)
basic_machine=m68k-tandem
;;
stratus)
basic_machine=i860-stratus
os=-sysv4
;;
sun2)
basic_machine=m68000-sun
;;
@ -565,10 +790,22 @@ case $basic_machine in
sun386 | sun386i | roadrunner)
basic_machine=i386-sun
;;
sv1)
basic_machine=sv1-cray
os=-unicos
;;
symmetry)
basic_machine=i386-sequent
os=-dynix
;;
t3e)
basic_machine=t3e-cray
os=-unicos
;;
tic54x | c54x*)
basic_machine=tic54x-unknown
os=-coff
;;
tx39)
basic_machine=mipstx39-unknown
;;
@ -586,13 +823,14 @@ case $basic_machine in
basic_machine=a29k-nyu
os=-sym1
;;
v810 | necv810)
basic_machine=v810-nec
os=-none
;;
vaxv)
basic_machine=vax-dec
os=-sysv
;;
vpp*|vx|vx-*)
basic_machine=f301-fujitsu
;;
vms)
basic_machine=vax-dec
os=-vms
@ -612,6 +850,14 @@ case $basic_machine in
basic_machine=a29k-wrs
os=-vxworks
;;
w65*)
basic_machine=w65-wdc
os=-none
;;
w89k-*)
basic_machine=hppa1.1-winbond
os=-proelf
;;
xmp)
basic_machine=xmp-cray
os=-unicos
@ -619,6 +865,10 @@ case $basic_machine in
xps | xps100)
basic_machine=xps100-honeywell
;;
z8k-*-coff)
basic_machine=z8k-unknown
os=-sim
;;
none)
basic_machine=none-none
os=-none
@ -626,6 +876,15 @@ case $basic_machine in
# Here we handle the default manufacturer of certain CPU types. It is in
# some cases the only manufacturer, in others, it is the most popular.
w89k)
basic_machine=hppa1.1-winbond
;;
op50n)
basic_machine=hppa1.1-oki
;;
op60c)
basic_machine=hppa1.1-oki
;;
mips)
if [ x$os = x-linux-gnu ]; then
basic_machine=mips-unknown
@ -648,7 +907,10 @@ case $basic_machine in
we32k)
basic_machine=we32k-att
;;
sparc)
sh3 | sh4)
base_machine=sh-unknown
;;
sparc | sparcv9)
basic_machine=sparc-sun
;;
cydra)
@ -660,6 +922,16 @@ case $basic_machine in
orion105)
basic_machine=clipper-highlevel
;;
mac | mpw | mac-mpw)
basic_machine=m68k-apple
;;
pmac | pmac-mpw)
basic_machine=powerpc-apple
;;
c4x*)
basic_machine=c4x-none
os=-coff
;;
*)
echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
exit 1
@ -713,13 +985,34 @@ case $os in
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \
| -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \
| -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -linux-gnu* | -uxpv*)
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \
| -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \
| -openstep* | -oskit* | -conix* | -pw32*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
case $basic_machine in
x86-* | i[34567]86-*)
;;
*)
os=-nto$os
;;
esac
;;
-nto*)
os=-nto-qnx
;;
-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
| -windows* | -osx | -abug | -netware* | -os9* | -beos* \
| -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
;;
-mac*)
os=`echo $os | sed -e 's|mac|macos|'`
;;
-linux*)
os=`echo $os | sed -e 's|linux|linux-gnu|'`
;;
@ -729,6 +1022,12 @@ case $os in
-sunos6*)
os=`echo $os | sed -e 's|sunos6|solaris3|'`
;;
-opened*)
os=-openedition
;;
-wince*)
os=-wince
;;
-osfrose*)
os=-osfrose
;;
@ -744,12 +1043,18 @@ case $os in
-acis*)
os=-aos
;;
-386bsd)
os=-bsd
;;
-ctix* | -uts*)
os=-sysv
;;
-ns2 )
os=-nextstep2
;;
-nsk*)
os=-nsk
;;
# Preserve the version number of sinix5.
-sinix5.*)
os=`echo $os | sed -e 's|sinix|sysv|'`
@ -775,12 +1080,17 @@ case $os in
# This must come after -sysvr4.
-sysv*)
;;
-ose*)
os=-ose
;;
-es1800*)
os=-ose
;;
-xenix)
os=-xenix
;;
-os2*)
;;
-rhapsody*)
-*mint | -*MiNT)
os=-mint
;;
-none)
;;
@ -807,6 +1117,9 @@ case $basic_machine in
*-acorn)
os=-riscix1.2
;;
arm*-rebel)
os=-linux
;;
arm*-semi)
os=-aout
;;
@ -828,15 +1141,36 @@ case $basic_machine in
# default.
# os=-sunos4
;;
m68*-cisco)
os=-aout
;;
mips*-cisco)
os=-elf
;;
mips*-*)
os=-elf
;;
*-tti) # must be before sparc entry or we get the wrong os.
os=-sysv3
;;
sparc-* | *-sun)
os=-sunos4.1.1
;;
*-be)
os=-beos
;;
*-ibm)
os=-aix
;;
*-wec)
os=-proelf
;;
*-winbond)
os=-proelf
;;
*-oki)
os=-proelf
;;
*-hp)
os=-hpux
;;
@ -900,6 +1234,18 @@ case $basic_machine in
f301-fujitsu)
os=-uxpv
;;
*-rom68k)
os=-coff
;;
*-*bug)
os=-coff
;;
*-apple)
os=-macos
;;
*-atari*)
os=-mint
;;
*)
os=-none
;;
@ -921,9 +1267,15 @@ case $basic_machine in
-aix*)
vendor=ibm
;;
-beos*)
vendor=be
;;
-hpux*)
vendor=hp
;;
-mpeix*)
vendor=hp
;;
-hiux*)
vendor=hitachi
;;
@ -939,7 +1291,7 @@ case $basic_machine in
-genix*)
vendor=ns
;;
-mvs*)
-mvs* | -opened*)
vendor=ibm
;;
-ptx*)
@ -951,9 +1303,26 @@ case $basic_machine in
-aux*)
vendor=apple
;;
-hms*)
vendor=hitachi
;;
-mpw* | -macos*)
vendor=apple
;;
-*mint | -*MiNT)
vendor=atari
;;
esac
basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
;;
esac
echo $basic_machine$os
exit 0
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "version='"
# time-stamp-format: "%:y-%02m-%02d"
# time-stamp-end: "'"
# End:

1149
crypto/kerberosIV/configure vendored
View File

File diff suppressed because it is too large Load Diff

61
crypto/kerberosIV/configure.in
View File

@ -8,7 +8,7 @@ dnl
dnl Process this file with autoconf to produce a configure script.
dnl
AC_REVISION($Revision: 1.432.2.2 $)
AC_REVISION($Revision: 1.432.2.14 $)
AC_INIT(lib/krb/getrealm.c)
AC_CONFIG_HEADER(include/config.h)
@ -18,7 +18,7 @@ dnl
PACKAGE=krb4
AC_SUBST(PACKAGE)dnl
VERSION=1.0
VERSION=1.0.5
AC_SUBST(VERSION)dnl
AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])dnl
AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])dnl
@ -40,6 +40,9 @@ case "$host" in
*-*-solaris2.7)
sunos=57
;;
*-*-solaris2.8)
sunos=58
;;
*-*-solaris2*)
sunos=50
;;
@ -232,9 +235,7 @@ test "$AFSWS" = "yes" && AFSWS=/usr/afsws
AC_SUBST(AFSWS)
AC_ARG_ENABLE(rxkad,
[ --enable-rxkad build rxkad library],,[
test -f $AFSWS/include/rx/rx.h && enable_rxkad=yes
])
[ --enable-rxkad build rxkad library])
if test "$afs_support" = yes -a "$enable_rxkad" = yes; then
LIB_SUBDIRS="$LIB_SUBDIRS rxkad"
@ -333,6 +334,9 @@ if test -f /lib/pse.exp ;then
LIBS="$LIBS -Wl,-bnolibpath -Wl,-bI:/lib/pse.exp"
fi
;;
*-*-aix*)
LIBS="$LIBS -Wl,-bnolibpath"
;;
esac
dnl
@ -357,6 +361,7 @@ AC_CHECK_HEADERS([arpa/ftp.h \
errno.h \
fcntl.h \
fnmatch.h \
gdbm/ndbm.h \
grp.h \
inttypes.h \
io.h \
@ -523,12 +528,15 @@ dnl
KRB_CHECK_X
if test "$no_x" = "yes" ; then
MAKE_X_PROGS_BIN=""
MAKE_X_SCRIPTS_BIN=""
MAKE_X_PROGS_LIBEXEC=""
else
MAKE_X_PROGS_BIN='$(X_PROGS_BIN)'
MAKE_X_SCRIPTS_BIN='$(X_SCRIPTS_BIN)'
MAKE_X_PROGS_LIBEXEC='$(X_PROGS_LIBEXEC)'
fi
AC_SUBST(MAKE_X_PROGS_BIN)dnl
AC_SUBST(MAKE_X_SCRIPTS_BIN)dnl
AC_SUBST(MAKE_X_PROGS_LIBEXEC)dnl
AC_CHECK_XAU
@ -771,22 +779,6 @@ AC_MSG_RESULT($LIB_AUTH_SUBDIRS)
AC_SUBST(LIB_AUTH_SUBDIRS)dnl
dnl
dnl Figure out if we have tunnels
dnl
AC_MSG_CHECKING(for tunnel devices)
APPL_KIP_DIR=
if test "$ac_cv_header_net_if_tun_h" = "yes"; then
APPL_KIP_DIR=kip
fi
AC_MSG_RESULT($ac_cv_header_net_if_tun_h)
AC_SUBST(APPL_KIP_DIR)dnl
dnl
dnl Checks for prototypes and declarations
dnl
@ -996,6 +988,8 @@ timezone)
AC_HAVE_TYPE([sa_family_t],[#include <sys/socket.h>])
AC_HAVE_TYPE([socklen_t],[#include <sys/socket.h>])
AC_HAVE_TYPE([struct sockaddr_storage], [#include <sys/socket.h>])
AC_KRB_STRUCT_SPWD
@ -1022,6 +1016,8 @@ AC_CHECK_TYPE_EXTRA(ssize_t, int, [
#include <unistd.h>
#endif])
AC_CHECK_TYPE_EXTRA(sig_atomic_t, int, [#include <signal.h>])
dnl
dnl Check for broken ultrix sys/socket.h
dnl
@ -1074,22 +1070,27 @@ dnl
dnl you can link with getmsg on AIX 3.2 but you cannot run the program
dnl
AC_CHECK_FUNCS(getmsg)
AC_CHECK_FUNC(getmsg)
if test "$ac_cf_func_getmsg" = "yes"; then
if test "$ac_cv_func_getmsg" = "yes"; then
AC_CACHE_CHECK(for working getmsg, ac_cv_func_getmsg,
AC_CACHE_CHECK(for working getmsg, ac_cv_func_getmsg_work,
AC_TRY_RUN(
[
#include <stdio.h>
#include <errno.h>
int main()
{
getmsg(open("/dev/null", 0), NULL, NULL, NULL);
int ret;
ret = getmsg(open("/dev/null", 0), NULL, NULL, NULL);
if(ret < 0 && errno == ENOSYS)
return 1;
return 0;
}
], ac_cv_func_getmsg=yes, ac_cv_func_getmsg=no, ac_cv_func_getmsg=no))
test "$ac_cv_func_getmsg" = "yes" &&
], ac_cv_func_getmsg_work=yes, ac_cv_func_getmsg_work=no,
ac_cv_func_getmsg_work=no))
test "$ac_cv_func_getmsg_work" = "yes" &&
AC_DEFINE(HAVE_GETMSG, 1, [Define if you have a working getmsg.])
fi
@ -1154,7 +1155,7 @@ AC_DEFINE(OLD_ENVIRON)dnl
AC_MSG_CHECKING(for streamspty)
case "`uname -sr`" in
SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.10.*)
SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.1[[01]].*)
krb_cv_sys_streamspty=no
;;
AIX*)
@ -1162,11 +1163,11 @@ AIX*)
if expr "$os_rel" : "3*" >/dev/null 2>&1; then
krb_cv_sys_streamspty=no
else
krb_cv_sys_streamspty="$ac_cv_func_getmsg"
krb_cv_sys_streamspty="$ac_cv_func_getmsg_work"
fi
;;
*)
krb_cv_sys_streamspty="$ac_cv_func_getmsg"
krb_cv_sys_streamspty="$ac_cv_func_getmsg_work"
;;
esac
if test "$krb_cv_sys_streamspty" = yes; then

19
crypto/kerberosIV/include/Makefile.in
View File

@ -1,4 +1,4 @@
# $Id: Makefile.in,v 1.59.2.1 1999/12/06 17:23:06 assar Exp $
# $Id: Makefile.in,v 1.59.2.3 2000/12/13 14:41:37 assar Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@ -31,7 +31,8 @@ libdir = @libdir@
HEADERS = \
acl.h com_err.h com_right.h des.h kadm.h kafs.h kdc.h \
klog.h krb.h krb-protos.h krb-archaeology.h krb_db.h \
ktypes.h otp.h prot.h sl.h @EXTRA_HEADERS@
ktypes.h otp.h prot.h sl.h \
md4.h md5.h sha.h rc4.h @EXTRA_HEADERS@
LOCL_HEADERS = \
base64.h roken-common.h protos.h resolve.h xdbm.h \
@ -96,6 +97,18 @@ com_right.h:
des.h:
$(LN_S) $(srcdir)/../lib/des/des.h .
md4.h:
$(LN_S) $(srcdir)/../lib/des/md4.h .
md5.h:
$(LN_S) $(srcdir)/../lib/des/md5.h .
sha.h:
$(LN_S) $(srcdir)/../lib/des/sha.h .
rc4.h:
$(LN_S) $(srcdir)/../lib/des/rc4.h .
kadm.h:
$(LN_S) $(srcdir)/../lib/kadm/kadm.h .
@ -147,7 +160,7 @@ sl.h:
$(LN_S) $(srcdir)/../lib/sl/sl.h .
protos.h:
$(LN_S) $(srcdir)/protos.H protos.h
$(LN_S) $(srcdir)/protos.hin protos.h
netdb.h:
$(LN_S) $(srcdir)/netdb.x netdb.h

12
crypto/kerberosIV/include/config.h.in
View File

@ -197,9 +197,6 @@
/* Define if you have the getlogin function. */
#undef HAVE_GETLOGIN
/* Define if you have the getmsg function. */
#undef HAVE_GETMSG
/* Define if you have the getopt function. */
#undef HAVE_GETOPT
@ -386,6 +383,9 @@
/* Define if you have the socket function. */
#undef HAVE_SOCKET
/* Define if you have the socklen_t function. */
#undef HAVE_SOCKLEN_T
/* Define if you have the strcasecmp function. */
#undef HAVE_STRCASECMP
@ -551,6 +551,9 @@
/* Define if you have the <fnmatch.h> header file. */
#undef HAVE_FNMATCH_H
/* Define if you have the <gdbm/ndbm.h> header file. */
#undef HAVE_GDBM_NDBM_H
/* Define if you have the <grp.h> header file. */
#undef HAVE_GRP_H
@ -1082,6 +1085,9 @@
/* Define this to what the type ssize_t should be. */
#undef ssize_t
/* Define this to what the type sig_atomic_t should be. */
#undef sig_atomic_t
/* Define if struct sockaddr has field sa_len. */
#undef HAVE_STRUCT_SOCKADDR_SA_LEN

277
crypto/kerberosIV/include/protos.hin Normal file
View File

@ -0,0 +1,277 @@
/* -*- C -*-
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* Add here functions that don't have a prototype on your system.
*
* $Id: protos.hin,v 1.46.2.1 2000/12/13 14:41:38 assar Exp $
*/
#ifdef NEED_CRYPT_PROTO
char *crypt(const char*, const char*);
#endif
#ifdef NEED_STRTOK_R_PROTO
char *strtok_r (char *s1, const char *s2, char **lasts);
#endif
#ifndef HAVE_OPTARG_DECLARATION
extern char *optarg;
#endif
#ifndef HAVE_OPTERR_DECLARATION
extern int opterr;
#endif
#ifndef HAVE_OPTIND_DECLARATION
extern int optind;
#endif
#ifndef HAVE_OPTOPT_DECLARATION
extern int optopt;
#endif
#if defined(__GNUC__) && SunOS == 4
/* To get type fd_set */
#include <sys/types.h>
#include <sys/time.h>
/* To get struct sockaddr, struct in_addr and struct hostent */
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
/* To get struct stat */
#include <sys/stat.h>
/* To get struct utimbuf */
#include <utime.h>
#if !defined(HAVE_ATEXIT) && defined(HAVE_ON_EXIT)
#define atexit(X) on_exit(X, NULL)
#define HAVE_ATEXIT 1
#endif
#ifdef NEED_UTIME_PROTO
int utime(const char *, const struct utimbuf *);
#endif
int syscall(int, ...);
pid_t getpid(void);
int ftruncate(int, off_t);
int fchmod(int, mode_t);
int fchown(int fd, int owner, int group);
int fsync(int);
int seteuid(uid_t);
int setreuid(int, int);
int flock(int, int);
int gettimeofday(struct timeval *tp, struct timezone *tzp);
int lstat(const char *, struct stat *);
int ioctl(int, int, void *);
int getpriority(int which, int who);
int setpriority(int which, int who, int priority);
int getdtablesize(void);
int initgroups(const char *name, int basegid);
long ulimit(int cmd, long newlimit);
int vhangup(void);
int sigblock(int);
int sigsetmask(int);
int setitimer(int which, struct itimerval *value, struct itimerval *ovalue);
int munmap(caddr_t addr, int len);
int socket(int, int, int);
int setsockopt(int, int, int, void *, int);
int bind(int, void *, int);
int getsockname(int, struct sockaddr *, int *);
int accept(int, struct sockaddr *, int *);
int connect(int, struct sockaddr *, int);
int listen(int, int);
int recv(int s, void *buf, int len, int flags);
int recvfrom(int, char *, int, int, void *, int *);
int sendto(int, const char *, int, int, void *, int);
int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
int shutdown(int, int);
int getpeername(int, struct sockaddr *, int *);
int getsockopt(int, int, int, void *, int *);
int send(int s, const void *msg, int len, int flags);
struct strbuf;
int getmsg(int fd, struct strbuf *ctlptr, struct strbuf *dataptr, int *flags);
char *inet_ntoa(struct in_addr in);
unsigned long inet_addr(const char *cp);
int gethostname(char *, int);
struct hostent *gethostbyname(const char *);
int dn_expand(const u_char *msg,
const u_char *eomorig,
const u_char *comp_dn,
char *exp_dn,
int length);
int res_search(const char *dname,
int class,
int type,
u_char *answer,
int anslen);
int yp_get_default_domain (char **outdomain);
int innetgr(const char *netgroup, const char *machine,
const char *user, const char *domain);
char *getwd(char *pathname);
void bzero(char *b, int length);
int strcasecmp(const char *, const char *);
void swab(const char *, char *, int);
int atoi(const char *str);
char *mktemp(char *);
void srandom(int seed);
int random(void);
int rcmd(char **, unsigned short, char *, char *, char *, int *);
int rresvport(int *);
int openlog(const char *ident, int logopt, int facility);
int syslog(int priority, const char *message, ...);
int ttyslot(void);
char *getpass(const char *);
char *getusershell(void);
void setpwent();
void endpwent();
#include <stdio.h>
int fclose(FILE *);
#endif /* SunOS4 */
#if SunOS == 5
#include <sys/types.h>
#include <sys/resource.h>
char *getusershell(void);
char *strtok_r(char *, const char *, char **);
int getpriority (int which, id_t who);
int setpriority (int which, id_t who, int prio);
int getdtablesize (void);
char *getusershell(void);
void setusershell(void);
void endusershell(void);
#if defined(__GNUC__)
int syscall(int, ...);
int gethostname(char *, int);
struct timeval;
int gettimeofday(struct timeval *tp, void *);
#endif
#endif
#if defined(__osf__) /* OSF/1 */
#if 0
/* To get type fd_set */
#include <sys/types.h>
#include <sys/time.h>
int select(int, fd_set *, fd_set *, fd_set *, struct timeval *);
int fsync(int fildes);
int gethostname(char *address, int address_len);
int setreuid(int ruid, int euid);
int ioctl(int d, unsigned long request, void * arg);
#endif
int flock(int fildes, int operation);
int syscall(int, ...);
unsigned short htons(unsigned short hostshort);
unsigned int htonl(unsigned int hostint);
unsigned short ntohs(unsigned short netshort);
unsigned int ntohl(unsigned int netint);
char *mktemp(char *template);
char *getusershell(void);
int rcmd(char **, unsigned short, char *, char *, char *, int *);
int rresvport (int *port);
#endif /* OSF/1 */
#if defined(__sgi)
#include <sys/types.h>
char *ptsname(int fd);
struct spwd *getspuid(uid_t);
#endif /* IRIX */
#if defined(__GNUC__) && defined(_AIX) /* AIX */
struct timeval;
struct timezone;
int gettimeofday (struct timeval *Tp, void *Tzp);
#endif /* AIX */
#if defined(__GNUC__) && defined(__hpux) /* HP-UX */
int syscall(int, ...);
int vhangup(void);
char *ptsname(int fildes);
void utmpname(const char *file);
int innetgr(const char *netgroup, const char *machine,
const char *user, const char *domain);
int dn_comp(char *exp_dn, char *comp_dn, int length,
char **dnptrs, char **lastdnptr);
int res_query(char *dname, int class, int type,
unsigned char *answer, int anslen);
int dn_expand(char *msg, char *eomorig, char *comp_dn,
char *exp_dn, int length);
int res_search(char *dname, int class, int type,
unsigned char *answer, int anslen);
#endif /* HP-UX */
#if defined(WIN32) /* Visual C++ 4.0 (Windows95/NT) */
int open(const char *, int, ...);
int close(int);
int read(int, void *, unsigned int);
int write(int, const void *, unsigned int);
#endif /* WIN32 */

356
crypto/kerberosIV/kadmin/admin_server.c
View File

@ -30,7 +30,7 @@ or implied warranty.
#include "kadm_locl.h"
RCSID("$Id: admin_server.c,v 1.49 1999/11/13 06:32:19 assar Exp $");
RCSID("$Id: admin_server.c,v 1.49.2.2 2000/10/18 20:24:57 assar Exp $");
/* Almost all procs and such need this, so it is global */
admin_params prm; /* The command line parameters struct */
@ -39,8 +39,16 @@ admin_params prm; /* The command line parameters struct */
char *acldir = DEFAULT_ACL_DIR;
static char krbrlm[REALM_SZ];
static unsigned pidarraysize = 0;
static int *pidarray = NULL;
#define MAXCHILDREN 100
struct child {
pid_t pid;
int pipe_fd;
int authenticated;
};
static unsigned nchildren = 0;
static struct child children[MAXCHILDREN];
static int exit_now = 0;
@ -52,46 +60,26 @@ doexit(int sig)
SIGRETURN(0);
}
static sig_atomic_t do_wait;
static
RETSIGTYPE
do_child(int sig)
{
int pid;
int i, j;
int status;
pid = wait(&status);
/* Reinstall signal handlers for SysV. Must be done *after* wait */
signal(SIGCHLD, do_child);
for (i = 0; i < pidarraysize; i++)
if (pidarray[i] == pid) {
/* found it */
for (j = i; j < pidarraysize-1; j++)
/* copy others down */
pidarray[j] = pidarray[j+1];
pidarraysize--;
if ((WIFEXITED(status) && WEXITSTATUS(status) != 0)
|| WIFSIGNALED(status))
krb_log("child %d: termsig %d, retcode %d", pid,
WTERMSIG(status), WEXITSTATUS(status));
SIGRETURN(0);
}
krb_log("child %d not in list: termsig %d, retcode %d", pid,
WTERMSIG(status), WEXITSTATUS(status));
do_wait = 1;
SIGRETURN(0);
}
static void
kill_children(void)
{
int i;
for (i = 0; i < pidarraysize; i++) {
kill(pidarray[i], SIGINT);
krb_log("killing child %d", pidarray[i]);
for (i = 0; i < nchildren; i++) {
kill(children[i].pid, SIGINT);
close (children[i].pipe_fd);
krb_log("killing child %d", children[i].pid);
}
}
@ -117,11 +105,6 @@ clear_secrets(void)
server_parm.master_key_version = 0L;
}
#ifdef DEBUG
#define cleanexit(code) {kerb_fini(); return;}
#endif
#ifndef DEBUG
static void
cleanexit(int val)
{
@ -129,10 +112,21 @@ cleanexit(int val)
clear_secrets();
exit(val);
}
#endif
static RETSIGTYPE
sigalrm(int sig)
{
cleanexit(1);
}
/*
* handle the client on the socket `fd' from `who'
* `signal_fd' is a pipe on which to signal when the user has been
* authenticated
*/
static void
process_client(int fd, struct sockaddr_in *who)
process_client(int fd, struct sockaddr_in *who, int signal_fd)
{
u_char *dat;
int dat_len;
@ -142,6 +136,13 @@ process_client(int fd, struct sockaddr_in *who)
des_cblock skey;
int more;
int status;
int authenticated = 0;
/* make this connection time-out after 1 second if the user has
not managed one transaction succesfully in kadm_ser_in */
signal(SIGALRM, sigalrm);
alarm(2);
#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT)
{
@ -230,8 +231,19 @@ process_client(int fd, struct sockaddr_in *who)
if (exit_now) {
cleanexit(0);
}
if ((retval = kadm_ser_in(&dat, &dat_len, errpkt)) != KADM_SUCCESS)
retval = kadm_ser_in(&dat, &dat_len, errpkt);
if (retval == KADM_SUCCESS) {
if (!authenticated) {
unsigned char one = 1;
authenticated = 1;
alarm (0);
write (signal_fd, &one, 1);
}
} else {
krb_log("processing request: %s", error_message(retval));
}
/* kadm_ser_in did the processing and returned stuff in
dat & dat_len , return the appropriate data */
@ -255,6 +267,175 @@ process_client(int fd, struct sockaddr_in *who)
/*NOTREACHED*/
}
static void
accept_client (int admin_fd)
{
int pipe_fd[2];
int addrlen;
struct sockaddr_in peer;
pid_t pid;
int peer_fd;
/* using up the maximum number of children, try to get rid
of one unauthenticated one */
if (nchildren >= MAXCHILDREN) {
int i, nunauth = 0;
int victim;
for (;;) {
for (i = 0; i < nchildren; ++i)
if (children[i].authenticated == 0)
++nunauth;
if (nunauth == 0)
return;
victim = rand() % nchildren;
if (children[victim].authenticated == 0) {
kill(children[victim].pid, SIGINT);
close(children[victim].pipe_fd);
for (i = victim; i < nchildren; ++i)
children[i] = children[i + 1];
--nchildren;
break;
}
}
}
/* accept the conn */
addrlen = sizeof(peer);
peer_fd = accept(admin_fd, (struct sockaddr *)&peer, &addrlen);
if (peer_fd < 0) {
krb_log("accept: %s",error_message(errno));
return;
}
if (pipe (pipe_fd) < 0) {
krb_log ("pipe: %s", error_message(errno));
return;
}
if (pipe_fd[0] >= FD_SETSIZE
|| pipe_fd[1] >= FD_SETSIZE) {
krb_log ("pipe fds too large");
close (pipe_fd[0]);
close (pipe_fd[1]);
return;
}
pid = fork ();
if (pid < 0) {
krb_log ("fork: %s", error_message(errno));
close (pipe_fd[0]);
close (pipe_fd[1]);
return;
}
if (pid != 0) {
/* parent */
/* fork succeded: keep tabs on child */
close(peer_fd);
children[nchildren].pid = pid;
children[nchildren].pipe_fd = pipe_fd[0];
children[nchildren].authenticated = 0;
++nchildren;
close (pipe_fd[1]);
} else {
int i;
/* child */
close(admin_fd);
close(pipe_fd[0]);
for (i = 0; i < nchildren; ++i)
close (children[i].pipe_fd);
/*
* If we are multihomed we need to figure out which
* local address that is used this time since it is
* used in "direction" comparison.
*/
getsockname(peer_fd,
(struct sockaddr *)&server_parm.admin_addr,
&addrlen);
/* do stuff */
process_client (peer_fd, &peer, pipe_fd[1]);
}
}
/*
* handle data signaled from child `child' kadmind
*/
static void
handle_child_signal (int child)
{
int ret;
unsigned char data[1];
ret = read (children[child].pipe_fd, data, 1);
if (ret < 0) {
if (errno != EINTR)
krb_log ("read from child %d: %s", child,
error_message(errno));
return;
}
if (ret == 0) {
close (children[child].pipe_fd);
children[child].pipe_fd = -1;
return;
}
if (data)
children[child].authenticated = 1;
}
/*
* handle dead children
*/
static void
handle_sigchld (void)
{
pid_t pid;
int status;
int i, j;
for (;;) {
int found = 0;
pid = waitpid(-1, &status, WNOHANG|WUNTRACED);
if (pid == 0 || (pid < 0 && errno == ECHILD))
break;
if (pid < 0) {
krb_log("waitpid: %s", error_message(errno));
break;
}
for (i = 0; i < nchildren; i++)
if (children[i].pid == pid) {
/* found it */
close(children[i].pipe_fd);
for (j = i; j < nchildren; j++)
/* copy others down */
children[j] = children[j+1];
--nchildren;
#if 0
if ((WIFEXITED(status) && WEXITSTATUS(status) != 0)
|| WIFSIGNALED(status))
krb_log("child %d: termsig %d, retcode %d", pid,
WTERMSIG(status), WEXITSTATUS(status));
#endif
found = 1;
}
#if 0
if (!found)
krb_log("child %d not in list: termsig %d, retcode %d", pid,
WTERMSIG(status), WEXITSTATUS(status));
#endif
}
do_wait = 0;
}
/*
kadm_listen
listen on the admin servers port for a request
@ -264,11 +445,7 @@ kadm_listen(void)
{
int found;
int admin_fd;
int peer_fd;
fd_set mask, readfds;
struct sockaddr_in peer;
int addrlen;
int pid;
fd_set readfds;
signal(SIGINT, doexit);
signal(SIGTERM, doexit);
@ -282,9 +459,15 @@ kadm_listen(void)
if ((admin_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
return KADM_NO_SOCK;
if (admin_fd >= FD_SETSIZE) {
krb_log("admin_fd too big");
return KADM_NO_BIND;
}
#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT)
{
int one=1;
int one = 1;
setsockopt(admin_fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one,
sizeof(one));
}
@ -292,76 +475,43 @@ kadm_listen(void)
if (bind(admin_fd, (struct sockaddr *)&server_parm.admin_addr,
sizeof(struct sockaddr_in)) < 0)
return KADM_NO_BIND;
listen(admin_fd, 1);
FD_ZERO(&mask);
FD_SET(admin_fd, &mask);
if (listen(admin_fd, SOMAXCONN) < 0)
return KADM_NO_BIND;
for (;;) { /* loop nearly forever */
int i;
int maxfd = -1;
if (exit_now) {
clear_secrets();
kill_children();
return(0);
}
readfds = mask;
if ((found = select(admin_fd+1, &readfds, 0,
0, (struct timeval *)0)) == 0)
continue; /* no things read */
if (do_wait)
handle_sigchld ();
FD_ZERO(&readfds);
FD_SET(admin_fd, &readfds);
maxfd = max(maxfd, admin_fd);
for (i = 0; i < nchildren; ++i)
if (children[i].pipe_fd >= 0) {
FD_SET(children[i].pipe_fd, &readfds);
maxfd = max(maxfd, children[i].pipe_fd);
}
found = select(maxfd + 1, &readfds, NULL, NULL, NULL);
if (found < 0) {
if (errno != EINTR)
krb_log("select: %s",error_message(errno));
continue;
}
if (FD_ISSET(admin_fd, &readfds)) {
/* accept the conn */
addrlen = sizeof(peer);
if ((peer_fd = accept(admin_fd, (struct sockaddr *)&peer,
&addrlen)) < 0) {
krb_log("accept: %s",error_message(errno));
continue;
}
#ifndef DEBUG
/* if you want a sep daemon for each server */
if ((pid = fork())) {
void *tmp;
/* parent */
if (pid < 0) {
krb_log("fork: %s",error_message(errno));
close(peer_fd);
continue;
}
/* fork succeded: keep tabs on child */
close(peer_fd);
tmp = realloc(pidarray,
(pidarraysize + 1) * sizeof(*pidarray));
if(tmp == NULL) {
krb_log ("malloc: no memory. pid %u on its own",
(unsigned)pid);
} else {
pidarray = tmp;
pidarray[pidarraysize++] = pid;
}
} else {
/* child */
close(admin_fd);
#endif /* DEBUG */
/*
* If we are multihomed we need to figure out which
* local address that is used this time since it is
* used in "direction" comparison.
*/
getsockname(peer_fd,
(struct sockaddr *)&server_parm.admin_addr,
&addrlen);
/* do stuff */
process_client (peer_fd, &peer);
#ifndef DEBUG
}
#endif
} else {
krb_log("something else woke me up!");
return(0);
}
if (FD_ISSET(admin_fd, &readfds))
accept_client (admin_fd);
for (i = 0; i < nchildren; ++i)
if (children[i].pipe_fd >= 0
&& FD_ISSET(children[i].pipe_fd, &readfds)) {
handle_child_signal (i);
}
}
/*NOTREACHED*/
}

2
crypto/kerberosIV/kuser/klist.c
View File

@ -22,7 +22,7 @@
#include <parse_time.h>
RCSID("$Id: klist.c,v 1.44.2.2 1999/12/07 00:20:43 assar Exp $");
RCSID("$Id: klist.c,v 1.44.2.3 2000/10/18 20:38:29 assar Exp $");
static int option_verbose = 0;

4
crypto/kerberosIV/lib/acl/Makefile.in
View File

@ -1,5 +1,5 @@
#
# $Id: Makefile.in,v 1.29 1999/03/10 19:01:14 joda Exp $
# $Id: Makefile.in,v 1.29.4.1 2000/06/23 03:20:00 assar Exp $
#
SHELL = /bin/sh
@ -48,7 +48,7 @@ Wall:
install: all
$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB)
$(INSTALL_DATA) $(LIB) $(DESTDIR)$(libdir)/$(LIB)
uninstall:
rm -f $(DESTDIR)$(libdir)/$(LIB)

4
crypto/kerberosIV/lib/auth/afskauthlib/Makefile.in
View File

@ -1,5 +1,5 @@
#
# $Id: Makefile.in,v 1.25 1999/11/15 10:20:46 assar Exp $
# $Id: Makefile.in,v 1.25.2.1 2000/06/23 03:20:05 assar Exp $
#
SHELL = /bin/sh
@ -54,7 +54,7 @@ Wall:
install: all
$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
-if test "$(LIB)" != ""; then \
$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
$(INSTALL_DATA) $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
fi
uninstall:

11
crypto/kerberosIV/lib/auth/pam/Makefile.in
View File

@ -1,5 +1,5 @@
#
# $Id: Makefile.in,v 1.25 1999/11/15 10:20:48 assar Exp $
# $Id: Makefile.in,v 1.25.2.2 2000/12/07 16:44:11 assar Exp $
#
SHELL = /bin/sh
@ -31,8 +31,8 @@ LD_FLAGS = @REAL_LD_FLAGS@
LIB_res_search = @LIB_res_search@
LIB_dn_expand = @LIB_dn_expand@
@lib_deps_yes@LIB_DEPS = -L../../kafs -L../../krb -L../../des \
@lib_deps_yes@ -lkafs -lkrb -ldes \
@lib_deps_yes@LIB_DEPS = ../../kafs/libkafs_pic.a \
@lib_deps_yes@ ../../krb/libkrb_pic.a ../../des/libdes_pic.a \
@lib_deps_yes@ $(LIB_res_search) $(LIB_dn_expand) -lpam -lc
@lib_deps_no@LIB_DEPS =
@ -54,7 +54,7 @@ Wall:
install: all
$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
-if test "$(LIB)" != ""; then \
$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
$(INSTALL_DATA) $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
fi
uninstall:
@ -82,7 +82,6 @@ $(OBJECTS): ../../../include/config.h
$(LIB): $(OBJECTS)
rm -f $@
$(LDSHARED) -o $@ $(OBJECTS) $(LD_FLAGS) $(LIB_DEPS)
# $(LINK) -shared -Wl,-x -o $(LIB) $(OBJECTS) ../../kafs/libkafs.a ../../krb/libkrb.a ../../des/libdes.a
$(LDSHARED) -Wl,-Bsymbolic -o $@ $(OBJECTS) $(LD_FLAGS) $(LIB_DEPS)
.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean

508
crypto/kerberosIV/lib/auth/pam/pam.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -31,13 +31,9 @@
* SUCH DAMAGE.
*/
/* This code is extremely ugly, and would probably be better off
beeing completely rewritten */
#ifdef HAVE_CONFIG_H
#include<config.h>
RCSID("$Id: pam.c,v 1.22 1999/12/02 16:58:37 joda Exp $");
RCSID("$Id: pam.c,v 1.22.2.2 2000/10/13 15:41:09 assar Exp $");
#endif
#include <stdio.h>
@ -46,198 +42,402 @@ RCSID("$Id: pam.c,v 1.22 1999/12/02 16:58:37 joda Exp $");
#include <pwd.h>
#include <unistd.h>
#include <sys/types.h>
#include <syslog.h>
#define PAM_SM_AUTH
#define PAM_SM_SESSION
#include <security/pam_appl.h>
#include <security/pam_modules.h>
#ifndef PAM_AUTHTOK_RECOVERY_ERR /* Fix linsux typo. */
#define PAM_AUTHTOK_RECOVERY_ERR PAM_AUTHTOK_RECOVER_ERR
#endif
#include <netinet/in.h>
#include <krb.h>
#include <kafs.h>
static int
cleanup(pam_handle_t *pamh, void *data, int error_code)
#if 0
/* Debugging PAM modules is a royal pain, truss helps. */
#define DEBUG(msg) (access(msg " at line", __LINE__))
#endif
static void
psyslog(int level, const char *format, ...)
{
if(error_code != PAM_SUCCESS)
dest_tkt();
free(data);
va_list args;
va_start(args, format);
openlog("pam_krb4", LOG_CONS|LOG_PID, LOG_AUTH);
vsyslog(level, format, args);
va_end(args);
closelog();
}
enum {
KRB4_DEBUG,
KRB4_USE_FIRST_PASS,
KRB4_TRY_FIRST_PASS,
KRB4_IGNORE_ROOT,
KRB4_NO_VERIFY,
KRB4_REAFSLOG,
KRB4_CTRLS /* Number of ctrl arguments defined. */
};
#define KRB4_DEFAULTS 0
static int ctrl_flags = KRB4_DEFAULTS;
#define ctrl_on(x) (krb4_args[x].flag & ctrl_flags)
#define ctrl_off(x) (!ctrl_on(x))
typedef struct
{
const char *token;
unsigned int flag;
} krb4_ctrls_t;
static krb4_ctrls_t krb4_args[KRB4_CTRLS] =
{
/* KRB4_DEBUG */ { "debug", 0x01 },
/* KRB4_USE_FIRST_PASS */ { "use_first_pass", 0x02 },
/* KRB4_TRY_FIRST_PASS */ { "try_first_pass", 0x04 },
/* KRB4_IGNORE_ROOT */ { "ignore_root", 0x08 },
/* KRB4_NO_VERIFY */ { "no_verify", 0x10 },
/* KRB4_REAFSLOG */ { "reafslog", 0x20 },
};
static void
parse_ctrl(int argc, const char **argv)
{
int i, j;
ctrl_flags = KRB4_DEFAULTS;
for (i = 0; i < argc; i++)
{
for (j = 0; j < KRB4_CTRLS; j++)
if (strcmp(argv[i], krb4_args[j].token) == 0)
break;
if (j >= KRB4_CTRLS)
psyslog(LOG_ALERT, "unrecognized option [%s]", *argv);
else
ctrl_flags |= krb4_args[j].flag;
}
}
static void
pdeb(const char *format, ...)
{
va_list args;
if (ctrl_off(KRB4_DEBUG))
return;
va_start(args, format);
openlog("pam_krb4", LOG_CONS|LOG_PID, LOG_AUTH);
vsyslog(LOG_DEBUG, format, args);
va_end(args);
closelog();
}
#define ENTRY(func) pdeb("%s() flags = %d ruid = %d euid = %d", func, flags, getuid(), geteuid())
static void
set_tkt_string(uid_t uid)
{
char buf[128];
snprintf(buf, sizeof(buf), "%s%u", TKT_ROOT, (unsigned)uid);
krb_set_tkt_string(buf);
#if 0
/* pam_set_data+pam_get_data are not guaranteed to work, grr. */
pam_set_data(pamh, "KRBTKFILE", strdup(t), cleanup);
if (pam_get_data(pamh, "KRBTKFILE", (const void**)&tkt) == PAM_SUCCESS)
{
pam_putenv(pamh, var);
}
#endif
/* We don't want to inherit this variable.
* If we still do, it must have a sane value. */
if (getenv("KRBTKFILE") != 0)
{
char *var = malloc(sizeof(buf));
snprintf(var, sizeof(buf), "KRBTKFILE=%s", tkt_string());
putenv(var);
/* free(var); XXX */
}
}
static int
verify_pass(pam_handle_t *pamh,
const char *name,
const char *inst,
const char *pass)
{
char realm[REALM_SZ];
int ret, krb_verify, old_euid, old_ruid;
krb_get_lrealm(realm, 1);
if (ctrl_on(KRB4_NO_VERIFY))
krb_verify = KRB_VERIFY_SECURE_FAIL;
else
krb_verify = KRB_VERIFY_SECURE;
old_ruid = getuid();
old_euid = geteuid();
setreuid(0, 0);
ret = krb_verify_user(name, inst, realm, pass, krb_verify, NULL);
pdeb("krb_verify_user(`%s', `%s', `%s', pw, %d, NULL) returns %s",
name, inst, realm, krb_verify,
krb_get_err_text(ret));
setreuid(old_ruid, old_euid);
if (getuid() != old_ruid || geteuid() != old_euid)
{
psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d",
old_ruid, old_euid, __LINE__);
exit(1);
}
switch(ret) {
case KSUCCESS:
return PAM_SUCCESS;
case KDC_PR_UNKNOWN:
return PAM_USER_UNKNOWN;
case SKDC_CANT:
case SKDC_RETRY:
case RD_AP_TIME:
return PAM_AUTHINFO_UNAVAIL;
default:
return PAM_AUTH_ERR;
}
}
static int
doit(pam_handle_t *pamh, char *name, char *inst, char *pwd, char *tkt)
krb4_auth(pam_handle_t *pamh,
int flags,
const char *name,
const char *inst,
struct pam_conv *conv)
{
char realm[REALM_SZ];
int ret;
struct pam_response *resp;
char prompt[128];
struct pam_message msg, *pmsg = &msg;
int ret;
pam_set_data(pamh, "KRBTKFILE", strdup(tkt), cleanup);
krb_set_tkt_string(tkt);
krb_get_lrealm(realm, 1);
ret = krb_verify_user(name, inst, realm, pwd, KRB_VERIFY_SECURE, NULL);
memset(pwd, 0, strlen(pwd));
switch(ret){
case KSUCCESS:
if (ctrl_on(KRB4_TRY_FIRST_PASS) || ctrl_on(KRB4_USE_FIRST_PASS))
{
char *pass = 0;
ret = pam_get_item(pamh, PAM_AUTHTOK, (void **) &pass);
if (ret != PAM_SUCCESS)
{
psyslog(LOG_ERR , "pam_get_item returned error to get-password");
return ret;
}
else if (pass != 0 && verify_pass(pamh, name, inst, pass) == PAM_SUCCESS)
return PAM_SUCCESS;
case KDC_PR_UNKNOWN:
return PAM_USER_UNKNOWN;
case SKDC_CANT:
case SKDC_RETRY:
case RD_AP_TIME:
return PAM_AUTHINFO_UNAVAIL;
default:
return PAM_AUTH_ERR;
else if (ctrl_on(KRB4_USE_FIRST_PASS))
return PAM_AUTHTOK_RECOVERY_ERR; /* Wrong password! */
else
/* We tried the first password but it didn't work, cont. */;
}
}
static int
auth_login(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
{
int ret;
struct pam_message msg, *pmsg;
struct pam_response *resp;
char prompt[128];
msg.msg_style = PAM_PROMPT_ECHO_OFF;
if (*inst == 0)
snprintf(prompt, sizeof(prompt), "%s's Password: ", name);
else
snprintf(prompt, sizeof(prompt), "%s.%s's Password: ", name, inst);
msg.msg = prompt;
pmsg = &msg;
msg.msg_style = PAM_PROMPT_ECHO_OFF;
snprintf(prompt, sizeof(prompt), "%s's Password: ", user);
msg.msg = prompt;
ret = conv->conv(1, (const struct pam_message**)&pmsg,
&resp, conv->appdata_ptr);
if(ret != PAM_SUCCESS)
return ret;
{
char tkt[1024];
struct passwd *pw = getpwnam(user);
if(pw){
snprintf(tkt, sizeof(tkt),
"%s%u", TKT_ROOT, (unsigned)pw->pw_uid);
ret = doit(pamh, user, "", resp->resp, tkt);
if(ret == PAM_SUCCESS)
chown(tkt, pw->pw_uid, pw->pw_gid);
}else
ret = PAM_USER_UNKNOWN;
memset(resp->resp, 0, strlen(resp->resp));
free(resp->resp);
free(resp);
}
ret = conv->conv(1, &pmsg, &resp, conv->appdata_ptr);
if (ret != PAM_SUCCESS)
return ret;
}
static int
auth_su(pam_handle_t *pamh, int flags, char *user, struct pam_conv *conv)
{
int ret;
struct passwd *pw;
struct pam_message msg, *pmsg;
struct pam_response *resp;
char prompt[128];
krb_principal pr;
pr.realm[0] = 0;
ret = pam_get_user(pamh, &user, "login: ");
if(ret != PAM_SUCCESS)
return ret;
pw = getpwuid(getuid());
if(strcmp(user, "root") == 0){
strlcpy(pr.name, pw->pw_name, sizeof(pr.name));
strlcpy(pr.instance, "root", sizeof(pr.instance));
}else{
strlcpy(pr.name, user, sizeof(pr.name));
pr.instance[0] = 0;
}
pmsg = &msg;
msg.msg_style = PAM_PROMPT_ECHO_OFF;
snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&pr));
msg.msg = prompt;
ret = conv->conv(1, (const struct pam_message**)&pmsg,
&resp, conv->appdata_ptr);
if(ret != PAM_SUCCESS)
return ret;
ret = verify_pass(pamh, name, inst, resp->resp);
if (ret == PAM_SUCCESS)
{
char tkt[1024];
snprintf(tkt, sizeof(tkt),"%s_%s_to_%s",
TKT_ROOT, pw->pw_name, user);
ret = doit(pamh, pr.name, pr.instance, resp->resp, tkt);
if(ret == PAM_SUCCESS)
chown(tkt, pw->pw_uid, pw->pw_gid);
memset(resp->resp, 0, strlen(resp->resp));
free(resp->resp);
free(resp);
memset(resp->resp, 0, strlen(resp->resp)); /* Erase password! */
free(resp->resp);
free(resp);
}
return ret;
else
{
pam_set_item(pamh, PAM_AUTHTOK, resp->resp); /* Save password. */
/* free(resp->resp); XXX */
/* free(resp); XXX */
}
return ret;
}
int
pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv)
pam_sm_authenticate(pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
char *user;
int ret;
struct pam_conv *conv;
ret = pam_get_user(pamh, &user, "login: ");
if(ret != PAM_SUCCESS)
return ret;
char *user;
int ret;
struct pam_conv *conv;
struct passwd *pw;
uid_t uid = -1;
const char *name, *inst;
char realm[REALM_SZ];
realm[0] = 0;
ret = pam_get_item(pamh, PAM_CONV, (void*)&conv);
if(ret != PAM_SUCCESS)
return ret;
parse_ctrl(argc, argv);
ENTRY("pam_sm_authenticate");
ret = pam_get_user(pamh, &user, "login: ");
if (ret != PAM_SUCCESS)
return ret;
if (ctrl_on(KRB4_IGNORE_ROOT) && strcmp(user, "root") == 0)
return PAM_AUTHINFO_UNAVAIL;
ret = pam_get_item(pamh, PAM_CONV, (void*)&conv);
if (ret != PAM_SUCCESS)
return ret;
pw = getpwnam(user);
if (pw != 0)
{
uid = pw->pw_uid;
set_tkt_string(uid);
}
if(getuid() != geteuid())
return auth_su(pamh, flags, user, conv);
else
return auth_login(pamh, flags, user, conv);
if (strcmp(user, "root") == 0 && getuid() != 0)
{
pw = getpwuid(getuid());
if (pw != 0)
{
name = strdup(pw->pw_name);
inst = "root";
}
}
else
{
name = user;
inst = "";
}
ret = krb4_auth(pamh, flags, name, inst, conv);
/*
* The realm was lost inside krb_verify_user() so we can't simply do
* a krb_kuserok() when inst != "".
*/
if (ret == PAM_SUCCESS && inst[0] != 0)
{
uid_t old_euid = geteuid();
uid_t old_ruid = getuid();
setreuid(0, 0); /* To read ticket file. */
if (krb_get_tf_fullname(tkt_string(), 0, 0, realm) != KSUCCESS)
ret = PAM_SERVICE_ERR;
else if (krb_kuserok(name, inst, realm, user) != KSUCCESS)
{
setreuid(0, uid); /* To read ~/.klogin. */
if (krb_kuserok(name, inst, realm, user) != KSUCCESS)
ret = PAM_PERM_DENIED;
}
if (ret != PAM_SUCCESS)
{
dest_tkt(); /* Passwd known, ok to kill ticket. */
psyslog(LOG_NOTICE,
"%s.%s@%s is not allowed to log in as %s",
name, inst, realm, user);
}
setreuid(old_ruid, old_euid);
if (getuid() != old_ruid || geteuid() != old_euid)
{
psyslog(LOG_ALERT , "setreuid(%d, %d) failed at line %d",
old_ruid, old_euid, __LINE__);
exit(1);
}
}
if (ret == PAM_SUCCESS)
{
psyslog(LOG_INFO,
"%s.%s@%s authenticated as user %s",
name, inst, realm, user);
if (chown(tkt_string(), uid, -1) == -1)
{
dest_tkt();
psyslog(LOG_ALERT , "chown(%s, %d, -1) failed", tkt_string(), uid);
exit(1);
}
}
/*
* Kludge alert!!! Sun dtlogin unlock screen fails to call
* pam_setcred(3) with PAM_REFRESH_CRED after a successful
* authentication attempt, sic.
*
* This hack is designed as a workaround to that problem.
*/
if (ctrl_on(KRB4_REAFSLOG))
if (ret == PAM_SUCCESS)
pam_sm_setcred(pamh, PAM_REFRESH_CRED, argc, argv);
return ret;
}
int
pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
return PAM_SUCCESS;
}
parse_ctrl(argc, argv);
ENTRY("pam_sm_setcred");
switch (flags & ~PAM_SILENT) {
case 0:
case PAM_ESTABLISH_CRED:
if (k_hasafs())
k_setpag();
/* Fall through, fill PAG with credentials below. */
case PAM_REINITIALIZE_CRED:
case PAM_REFRESH_CRED:
if (k_hasafs())
{
void *user = 0;
if (pam_get_item(pamh, PAM_USER, &user) == PAM_SUCCESS)
{
struct passwd *pw = getpwnam((char *)user);
if (pw != 0)
krb_afslog_uid_home(/*cell*/ 0,/*realm_hint*/ 0,
pw->pw_uid, pw->pw_dir);
}
}
break;
case PAM_DELETE_CRED:
dest_tkt();
if (k_hasafs())
k_unlog();
break;
default:
psyslog(LOG_ALERT , "pam_sm_setcred: unknown flags 0x%x", flags);
break;
}
return PAM_SUCCESS;
}
int
pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
{
char *tkt, *var;
void *user;
const char *homedir = NULL;
parse_ctrl(argc, argv);
ENTRY("pam_sm_open_session");
if(pam_get_item (pamh, PAM_USER, &user) == PAM_SUCCESS) {
struct passwd *pwd;
pwd = getpwnam ((char *)user);
if (pwd != NULL)
homedir = pwd->pw_dir;
}
pam_get_data(pamh, "KRBTKFILE", (const void**)&tkt);
var = malloc(strlen("KRBTKFILE=") + strlen(tkt) + 1);
strcpy(var, "KRBTKFILE=");
strcat(var, tkt);
putenv(var);
pam_putenv(pamh, var);
if(k_hasafs()){
k_setpag();
krb_afslog_home(0, 0, homedir);
}
return PAM_SUCCESS;
return PAM_SUCCESS;
}
int
pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv)
pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char**argv)
{
dest_tkt();
if(k_hasafs())
k_unlog();
return PAM_SUCCESS;
parse_ctrl(argc, argv);
ENTRY("pam_sm_close_session");
/* This isn't really kosher, but it's handy. */
pam_sm_setcred(pamh, PAM_DELETE_CRED, argc, argv);
return PAM_SUCCESS;
}

15
crypto/kerberosIV/lib/auth/pam/pam.conf.add
View File

@ -1,8 +1,8 @@
To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch:
--- /etc/pam.conf.DIST Mon Jul 20 15:37:46 1998
+++ /etc/pam.conf Tue Nov 30 18:47:22 1999
@@ -4,12 +4,14 @@
+++ /etc/pam.conf Tue Feb 15 19:39:12 2000
@@ -4,15 +4,19 @@
#
# Authentication management
#
@ -17,12 +17,17 @@ To enable PAM in dtlogin and /bin/login under SunOS 5.6 apply this patch:
dtlogin auth required /usr/lib/security/pam_unix.so.1
#
rsh auth required /usr/lib/security/pam_rhosts_auth.so.1
@@ -24,6 +26,8 @@
+# Reafslog is for dtlogin lock display
+other auth sufficient /usr/athena/lib/pam_krb4.so reafslog
other auth required /usr/lib/security/pam_unix.so.1
#
# Account management
@@ -24,6 +28,8 @@
#
# Session management
#
+dtlogin session required /usr/athena/lib/pam_krb4.so
+login session required /usr/athena/lib/pam_krb4.so
+dtlogin session required /usr/athena/lib/pam_krb4.so
+login session required /usr/athena/lib/pam_krb4.so
other session required /usr/lib/security/pam_unix.so.1
#
# Password management

4
crypto/kerberosIV/lib/auth/sia/Makefile.in
View File

@ -1,5 +1,5 @@
#
# $Id: Makefile.in,v 1.30 1999/11/15 10:20:50 assar Exp $
# $Id: Makefile.in,v 1.30.2.1 2000/06/23 03:20:06 assar Exp $
#
SHELL = /bin/sh
@ -57,7 +57,7 @@ Wall:
install: all
$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
-if test "$(LIB)" != ""; then \
$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
$(INSTALL_DATA) $(LIB) $(DESTDIR)$(libdir)/$(LIB) ; \
fi
uninstall:

10
crypto/kerberosIV/lib/auth/sia/sia.c
View File

@ -33,7 +33,7 @@
#include "sia_locl.h"
RCSID("$Id: sia.c,v 1.32 1999/10/03 15:49:36 joda Exp $");
RCSID("$Id: sia.c,v 1.32.2.1 1999/12/20 09:49:30 joda Exp $");
int
siad_init(void)
@ -145,7 +145,7 @@ doauth(SIAENTITY *entity, int pkgind, char *name)
#ifdef SIA_KRB4
snprintf(s->ticket, sizeof(s->ticket),
TKT_ROOT "%u_%u", (unsigned)pwd->pw_uid, (unsigned)getpid());
"%s%u_%u", TKT_ROOT, (unsigned)pwd->pw_uid, (unsigned)getpid());
krb_get_lrealm(realm, 1);
toname = name;
toinst = "";
@ -160,8 +160,8 @@ doauth(SIAENTITY *entity, int pkgind, char *name)
SIA_DEBUG(("DEBUG", "failed to getpwuid(%u)", ouid));
return SIADFAIL;
}
snprintf(s->ticket, sizeof(s->ticket), TKT_ROOT "_%s_to_%s_%d",
fpwd->pw_name, pwd->pw_name, getpid());
snprintf(s->ticket, sizeof(s->ticket), "%s_%s_to_%s_%d",
TKT_ROOT, fpwd->pw_name, pwd->pw_name, getpid());
if(strcmp(pwd->pw_name, "root") == 0){
toname = fpwd->pw_name;
toinst = pwd->pw_name;
@ -454,7 +454,7 @@ init_change(sia_collect_func_t *collect, krb_principal *princ)
if(ret != SIACOLSUCCESS)
return SIADFAIL;
snprintf(tktstring, sizeof(tktstring),
TKT_ROOT "_cpw_%u", (unsigned)getpid());
"%s_cpw_%u", TKT_ROOT, (unsigned)getpid());
krb_set_tkt_string(tktstring);
ret = krb_get_pw_in_tkt(princ->name, princ->instance, princ->realm,

106
crypto/kerberosIV/lib/com_err/ChangeLog Normal file
View File

@ -0,0 +1,106 @@
1999-07-03 Assar Westerlund <assar@sics.se>
* parse.y (statement): use asprintf
1999-06-13 Assar Westerlund <assar@sics.se>
* Makefile.in: make it solaris make vpath-safe
Thu Apr 1 11:13:53 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* compile_et.c: use getargs
Sat Mar 20 00:16:30 1999 Assar Westerlund <assar@sics.se>
* compile_et.c: static-ize
Thu Mar 18 11:22:13 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* Makefile.am: include Makefile.am.common
Tue Mar 16 22:30:05 1999 Assar Westerlund <assar@sics.se>
* parse.y: use YYACCEPT instead of return
Sat Mar 13 22:22:56 1999 Assar Westerlund <assar@sics.se>
* compile_et.c (generate_h): cast when calling is* to get rid of a
warning
Thu Mar 11 15:00:51 1999 Johan Danielsson <joda@hella.pdc.kth.se>
* parse.y: prototype for error_message
Sun Nov 22 10:39:02 1998 Assar Westerlund <assar@sics.se>
* compile_et.h: include ctype and roken
* compile_et.c: include err.h
(generate_h): remove unused variable
* Makefile.in (WFLAGS): set
Fri Nov 20 06:58:59 1998 Assar Westerlund <assar@sics.se>
* lex.l: undef ECHO to work around AIX lex bug
Sun Sep 27 02:23:59 1998 Johan Danielsson <joda@hella.pdc.kth.se>
* com_err.c (error_message): try to pass code to strerror, to see
if it might be an errno code (this if broken, but some MIT code
seems to expect this behaviour)
Sat Sep 26 17:42:39 1998 Johan Danielsson <joda@hella.pdc.kth.se>
* compile_et.c: <foo_err.h> -> "foo_err.h"
Tue Jun 30 17:17:36 1998 Assar Westerlund <assar@sics.se>
* Makefile.in: add str{cpy,cat}_truncate
Mon May 25 05:24:39 1998 Assar Westerlund <assar@sics.se>
* Makefile.in (clean): try to remove shared library debris
Sun Apr 19 09:50:17 1998 Assar Westerlund <assar@sics.se>
* Makefile.in: add symlink magic for linux
Sun Apr 5 09:22:11 1998 Assar Westerlund <assar@sics.se>
* parse.y: define alloca to malloc in case we're using bison but
don't have alloca
Tue Mar 24 05:13:01 1998 Assar Westerlund <assar@sics.se>
* Makefile.in: link with snprintf (From Derrick J Brashear
<shadow@dementia.org>)
Fri Feb 27 05:01:42 1998 Assar Westerlund <assar@sics.se>
* parse.y: initialize ec->next
Thu Feb 26 02:22:25 1998 Assar Westerlund <assar@sics.se>
* Makefile.am: @LEXLIB@
Sat Feb 21 15:18:54 1998 assar westerlund <assar@sics.se>
* Makefile.in: set YACC and LEX
Tue Feb 17 22:20:27 1998 Bjoern Groenvall <bg@sics.se>
* com_right.h: Change typedefs so that one may mix MIT compile_et
generated code with krb4 dito.
Tue Feb 17 16:30:55 1998 Johan Danielsson <joda@emma.pdc.kth.se>
* compile_et.c (generate): Always return a value.
* parse.y: Files don't have to end with `end'.
Mon Feb 16 16:09:20 1998 Johan Danielsson <joda@emma.pdc.kth.se>
* lex.l (getstring): Replace getc() with input().
* Makefile.am: Fixes for new compile_et.

24
crypto/kerberosIV/lib/com_err/Makefile.am Normal file
View File

@ -0,0 +1,24 @@
# $Id: Makefile.am,v 1.23 1999/04/09 18:26:55 assar Exp $
include $(top_srcdir)/Makefile.am.common
YFLAGS = -d
lib_LTLIBRARIES = libcom_err.la
libcom_err_la_LDFLAGS = -version-info 1:0:0
bin_PROGRAMS = compile_et
include_HEADERS = com_err.h com_right.h
compile_et_SOURCES = compile_et.c compile_et.h parse.y lex.l
libcom_err_la_SOURCES = error.c com_err.c roken_rename.h
CLEANFILES = lex.c parse.c parse.h
$(compile_et_OBJECTS): parse.h
compile_et_LDADD = \
$(LIB_roken) \
$(LEXLIB)

151
crypto/kerberosIV/lib/com_err/Makefile.in Normal file
View File

@ -0,0 +1,151 @@
#
# $Id: Makefile.in,v 1.30.2.1 2000/10/10 14:34:33 assar Exp $
#
SHELL = /bin/sh
srcdir = @srcdir@
VPATH = @srcdir@
CC = @CC@
LINK = @LINK@
AR = ar
RANLIB = @RANLIB@
LN_S = @LN_S@
DEFS = @DEFS@ -DROKEN_RENAME
CFLAGS = @CFLAGS@ $(WFLAGS)
WFLAGS = @WFLAGS@
LD_FLAGS = @LD_FLAGS@
EXECSUFFIX=@EXECSUFFIX@
YACC = @YACC@
LEX = @LEX@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
MKINSTALLDIRS = @top_srcdir@/mkinstalldirs
prefix = @prefix@
exec_prefix = @exec_prefix@
libdir = @libdir@
bindir = @bindir@
includedir = @includedir@
PICFLAGS = @PICFLAGS@
LIB_DEPS = @lib_deps_yes@ -lc
build_symlink_command = @build_symlink_command@
#install_symlink_command = @install_symlink_command@
install_symlink_command = @true
LIBNAME = $(LIBPREFIX)com_err
#LIBEXT = @LIBEXT@ Always build archive library!
LIBEXT = a
SHLIBEXT = @SHLIBEXT@
LIBPREFIX = @LIBPREFIX@
LDSHARED = @LDSHARED@
LIB = $(LIBNAME).$(LIBEXT)
lib_LIBRARIES = $(LIBNAME).$(LIBEXT)
bin_PROGRAMS = compile_et$(EXECSUFFIX)
include_HEADERS = com_right.h com_err.h
SOURCES = error.c com_err.c compile_et.c
OBJECTS = error.o com_err.o $(LIBADD)
EXTRA_SOURCES =
LIBADD =
all: $(lib_LIBRARIES) $(bin_PROGRAMS) $(include_HEADERS)
Wall:
make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__"
.c.o:
$(CC) -c $(DEFS) -I../../include -I. -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $(PICFLAGS) $<
install: all
$(MKINSTALLDIRS) $(DESTDIR)$(includedir)
@for i in $(include_HEADERS); do \
f=`basename $$i`; \
if test -f "$(srcdir)/$$f" ; then x="$(srcdir)/$$f"; \
else x="$$f"; fi ;\
echo "$(INSTALL_DATA) $$x $(DESTDIR)$(includedir)/$$f" ;\
$(INSTALL_DATA) $$x $(DESTDIR)$(includedir)/$$f ; done
$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
@for i in $(lib_LIBRARIES); do \
echo "$(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i" ;\
$(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i ; done
@install_symlink_command@
$(MKINSTALLDIRS) $(DESTDIR)$(bindir)
@for i in $(bin_PROGRAMS); do \
echo "$(INSTALL) -m 0555 $$i $(DESTDIR)$(bindir)/$$i" ;\
$(INSTALL) -m 0555 $$i $(DESTDIR)$(bindir)/$$i ; done
uninstall:
@for i in $(include_HEADERS); do \
f=`basename $$i`; \
echo "rm -f $(DESTDIR)$(includedir)/$$f" ;\
rm -f $(DESTDIR)$(includedir)/$$f ; done
@for i in $(lib_LIBRARIES); do \
echo "rm -f $(DESTDIR)$(libdir)/$$i" ;\
rm -f $(DESTDIR)$(libdir)/$$i ; done
@for i in $(bin_PROGRAMS); do \
echo "rm -f $(DESTDIR)$(bindir)/$$i" ;\
rm -f $(DESTDIR)$(bindir)/$$i ; done
TAGS: $(SOURCES)
etags $(SOURCES)
clean:
rm -f $(LIB) *.o *.a *.so *.so.* so_locations \
krb_err.c krb_err.h parse.h parse.c lex.c \
$(lib_LIBRARIES) $(bin_PROGRAMS) $(EXTRA_SOURCES)
mostlyclean: clean
distclean: clean
rm -f Makefile *.tab.c *~
realclean: distclean
rm -f TAGS
$(LIBNAME).a: $(OBJECTS)
rm -f $@
$(AR) cr $@ $(OBJECTS)
-$(RANLIB) $@
$(LIBNAME).$(SHLIBEXT): $(OBJECTS)
rm -f $@
$(LDSHARED) -o $@ $(OBJECTS) $(LIB_DEPS)
@build_symlink_command@
COBJ = compile_et.o parse.o lex.o
$(COBJ): parse.h
compile_et$(EXECSUFFIX): $(COBJ)
$(LINK) $(CFLAGS) -o $@ $(COBJ) -L../roken -lroken
parse.c: parse.h
parse.h: $(srcdir)/parse.y
$(YACC) -d $(srcdir)/parse.y
mv -f y.tab.h parse.h
mv -f y.tab.c parse.c
lex.c: $(srcdir)/lex.l
$(LEX) $(srcdir)/lex.l
mv -f lex.yy.c lex.c
snprintf.c:
$(LN_S) $(srcdir)/../roken/snprintf.c .
strlcat.c:
$(LN_S) $(srcdir)/../roken/strlcat.c .
strlcpy.c:
$(LN_S) $(srcdir)/../roken/strlcpy.c .
.PHONY: all Wall install uninstall clean mostlyclean distclean realclean

151
crypto/kerberosIV/lib/com_err/com_err.c Normal file
View File

@ -0,0 +1,151 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: com_err.c,v 1.14.2.1 2000/06/23 03:22:13 assar Exp $");
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <roken.h>
#include "com_err.h"
struct et_list *_et_list = NULL;
const char *
error_message (long code)
{
static char msg[128];
const char *p = com_right(_et_list, code);
if (p == NULL)
p = strerror(code);
if (p != NULL && *p != '\0') {
strncpy(msg, p, sizeof(msg) - 1);
msg[sizeof(msg) - 1] = 0;
} else
sprintf(msg, "Unknown error %ld", code);
return msg;
}
int
init_error_table(const char **msgs, long base, int count)
{
initialize_error_table_r(&_et_list, msgs, count, base);
return 0;
}
static void
default_proc (const char *whoami, long code, const char *fmt, va_list args)
{
if (whoami)
fprintf(stderr, "%s: ", whoami);
if (code)
fprintf(stderr, "%s ", error_message(code));
if (fmt)
vfprintf(stderr, fmt, args);
fprintf(stderr, "\r\n"); /* ??? */
}
static errf com_err_hook = default_proc;
void
com_err_va (const char *whoami,
long code,
const char *fmt,
va_list args)
{
(*com_err_hook) (whoami, code, fmt, args);
}
void
com_err (const char *whoami,
long code,
const char *fmt,
...)
{
va_list ap;
va_start(ap, fmt);
com_err_va (whoami, code, fmt, ap);
va_end(ap);
}
errf
set_com_err_hook (errf new)
{
errf old = com_err_hook;
if (new)
com_err_hook = new;
else
com_err_hook = default_proc;
return old;
}
errf
reset_com_err_hook (void)
{
return set_com_err_hook(NULL);
}
#define ERRCODE_RANGE 8 /* # of bits to shift table number */
#define BITS_PER_CHAR 6 /* # bits to shift per character in name */
static const char char_set[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_";
static char buf[6];
const char *
error_table_name(int num)
{
int ch;
int i;
char *p;
/* num = aa aaa abb bbb bcc ccc cdd ddd d?? ??? ??? */
p = buf;
num >>= ERRCODE_RANGE;
/* num = ?? ??? ??? aaa aaa bbb bbb ccc ccc ddd ddd */
num &= 077777777;
/* num = 00 000 000 aaa aaa bbb bbb ccc ccc ddd ddd */
for (i = 4; i >= 0; i--) {
ch = (num >> BITS_PER_CHAR * i) & ((1 << BITS_PER_CHAR) - 1);
if (ch != 0)
*p++ = char_set[ch-1];
}
*p = '\0';
return(buf);
}

56
crypto/kerberosIV/lib/com_err/com_err.h Normal file
View File

@ -0,0 +1,56 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: com_err.h,v 1.4.2.1 2000/06/23 03:23:05 assar Exp $ */
/* MIT compatible com_err library */
#ifndef __COM_ERR_H__
#define __COM_ERR_H__
#include <com_right.h>
typedef void (*errf) __P((const char *, long, const char *, va_list));
const char * error_message __P((long));
int init_error_table __P((const char**, long, int));
void com_err_va __P((const char *, long, const char *, va_list));
void com_err __P((const char *, long, const char *, ...));
errf set_com_err_hook __P((errf));
errf reset_com_err_hook __P((void));
const char *error_table_name __P((int num));
#endif /* __COM_ERR_H__ */

66
crypto/kerberosIV/lib/com_err/com_right.h Normal file
View File

@ -0,0 +1,66 @@
/*
* Copyright (c) 1997 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: com_right.h,v 1.9.2.1 2000/06/23 03:23:44 assar Exp $ */
#ifndef __COM_RIGHT_H__
#define __COM_RIGHT_H__
#ifdef __STDC__
#include <stdarg.h>
#endif
#ifndef __P
#ifdef __STDC__
#define __P(X) X
#else
#define __P(X) ()
#endif
#endif
struct error_table {
char const * const * msgs;
long base;
int n_msgs;
};
struct et_list {
struct et_list *next;
struct error_table *table;
};
extern struct et_list *_et_list;
const char *com_right __P((struct et_list *list, long code));
void initialize_error_table_r __P((struct et_list **, const char **, int, long);)
void free_error_table __P((struct et_list *));
#endif /* __COM_RIGHT_H__ */

235
crypto/kerberosIV/lib/com_err/compile_et.c Normal file
View File

@ -0,0 +1,235 @@
/*
* Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#undef ROKEN_RENAME
#include "compile_et.h"
#include <getarg.h>
RCSID("$Id: compile_et.c,v 1.13 1999/12/02 16:58:38 joda Exp $");
#include <roken.h>
#include <err.h>
#include "parse.h"
int numerror;
extern FILE *yyin;
extern void yyparse(void);
long base;
int number;
char *prefix;
char *id_str;
char name[128];
char Basename[128];
#ifdef YYDEBUG
extern int yydebug = 1;
#endif
char *filename;
char hfn[128];
char cfn[128];
struct error_code *codes = NULL;
static int
generate_c(void)
{
int n;
struct error_code *ec;
FILE *c_file = fopen(cfn, "w");
if(c_file == NULL)
return 1;
fprintf(c_file, "/* Generated from %s */\n", filename);
if(id_str)
fprintf(c_file, "/* %s */\n", id_str);
fprintf(c_file, "\n");
fprintf(c_file, "#include <stddef.h>\n");
fprintf(c_file, "#include <com_err.h>\n");
fprintf(c_file, "#include \"%s\"\n", hfn);
fprintf(c_file, "\n");
fprintf(c_file, "static const char *text[] = {\n");
for(ec = codes, n = 0; ec; ec = ec->next, n++) {
while(n < ec->number) {
fprintf(c_file, "\t/* %03d */ \"Reserved %s error (%d)\",\n",
n, name, n);
n++;
}
fprintf(c_file, "\t/* %03d */ \"%s\",\n", ec->number, ec->string);
}
fprintf(c_file, "\tNULL\n");
fprintf(c_file, "};\n");
fprintf(c_file, "\n");
fprintf(c_file,
"void initialize_%s_error_table_r(struct et_list **list)\n",
name);
fprintf(c_file, "{\n");
fprintf(c_file,
" initialize_error_table_r(list, text, "
"%s_num_errors, ERROR_TABLE_BASE_%s);\n", name, name);
fprintf(c_file, "}\n");
fprintf(c_file, "\n");
fprintf(c_file, "void initialize_%s_error_table(void)\n", name);
fprintf(c_file, "{\n");
fprintf(c_file,
" init_error_table(text, ERROR_TABLE_BASE_%s, "
"%s_num_errors);\n", name, name);
fprintf(c_file, "}\n");
fclose(c_file);
return 0;
}
static int
generate_h(void)
{
struct error_code *ec;
char fn[128];
FILE *h_file = fopen(hfn, "w");
char *p;
if(h_file == NULL)
return 1;
snprintf(fn, sizeof(fn), "__%s__", hfn);
for(p = fn; *p; p++)
if(!isalnum((unsigned char)*p))
*p = '_';
fprintf(h_file, "/* Generated from %s */\n", filename);
if(id_str)
fprintf(h_file, "/* %s */\n", id_str);
fprintf(h_file, "\n");
fprintf(h_file, "#ifndef %s\n", fn);
fprintf(h_file, "#define %s\n", fn);
fprintf(h_file, "\n");
fprintf(h_file, "#include <com_right.h>\n");
fprintf(h_file, "\n");
fprintf(h_file,
"void initialize_%s_error_table_r(struct et_list **);\n",
name);
fprintf(h_file, "\n");
fprintf(h_file, "void initialize_%s_error_table(void);\n", name);
fprintf(h_file, "#define init_%s_err_tbl initialize_%s_error_table\n",
name, name);
fprintf(h_file, "\n");
fprintf(h_file, "typedef enum %s_error_number{\n", name);
fprintf(h_file, "\tERROR_TABLE_BASE_%s = %ld,\n", name, base);
fprintf(h_file, "\t%s_err_base = %ld,\n", name, base);
for(ec = codes; ec; ec = ec->next) {
fprintf(h_file, "\t%s = %ld,\n", ec->name, base + ec->number);
}
fprintf(h_file, "\t%s_num_errors = %d\n", name, number);
fprintf(h_file, "} %s_error_number;\n", name);
fprintf(h_file, "\n");
fprintf(h_file, "#endif /* %s */\n", fn);
fclose(h_file);
return 0;
}
static int
generate(void)
{
return generate_c() || generate_h();
}
int version_flag;
int help_flag;
struct getargs args[] = {
{ "version", 0, arg_flag, &version_flag },
{ "help", 0, arg_flag, &help_flag }
};
int num_args = sizeof(args) / sizeof(args[0]);
static void
usage(int code)
{
arg_printusage(args, num_args, NULL, "error-table");
exit(code);
}
int
main(int argc, char **argv)
{
char *p;
int optind = 0;
set_progname(argv[0]);
if(getarg(args, num_args, argc, argv, &optind))
usage(1);
if(help_flag)
usage(0);
if(version_flag) {
print_version(NULL);
exit(0);
}
if(optind == argc)
usage(1);
filename = argv[optind];
yyin = fopen(filename, "r");
if(yyin == NULL)
err(1, "%s", filename);
p = strrchr(filename, '/');
if(p)
p++;
else
p = filename;
strncpy(Basename, p, sizeof(Basename));
Basename[sizeof(Basename) - 1] = '\0';
Basename[strcspn(Basename, ".")] = '\0';
snprintf(hfn, sizeof(hfn), "%s.h", Basename);
snprintf(cfn, sizeof(cfn), "%s.c", Basename);
yyparse();
if(numerror)
return 1;
return generate();
}

80
crypto/kerberosIV/lib/com_err/compile_et.h Normal file
View File

@ -0,0 +1,80 @@
/*
* Copyright (c) 1998 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: compile_et.h,v 1.4 1999/12/02 16:58:38 joda Exp $ */
#ifndef __COMPILE_ET_H__
#define __COMPILE_ET_H__
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <stdarg.h>
#include <ctype.h>
#include <roken.h>
extern long base;
extern int number;
extern char *prefix;
extern char name[128];
extern char *id_str;
extern char *filename;
extern int numerror;
struct error_code {
unsigned number;
char *name;
char *string;
struct error_code *next, **tail;
};
extern struct error_code *codes;
#define APPEND(L, V) \
do { \
if((L) == NULL) { \
(L) = (V); \
(L)->tail = &(V)->next; \
(L)->next = NULL; \
}else{ \
*(L)->tail = (V); \
(L)->tail = &(V)->next; \
} \
}while(0)
#endif /* __COMPILE_ET_H__ */

91
crypto/kerberosIV/lib/com_err/error.c Normal file
View File

@ -0,0 +1,91 @@
/*
* Copyright (c) 1997, 1998 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: error.c,v 1.14 1999/12/02 16:58:38 joda Exp $");
#endif
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <com_right.h>
const char *
com_right(struct et_list *list, long code)
{
struct et_list *p;
for (p = list; p; p = p->next) {
if (code >= p->table->base && code < p->table->base + p->table->n_msgs)
return p->table->msgs[code - p->table->base];
}
return NULL;
}
struct foobar {
struct et_list etl;
struct error_table et;
};
void
initialize_error_table_r(struct et_list **list,
const char **messages,
int num_errors,
long base)
{
struct et_list *et;
struct foobar *f;
for (et = *list; et; et = et->next)
if (et->table->msgs == messages)
return;
f = malloc(sizeof(*f));
if (f == NULL)
return;
et = &f->etl;
et->table = &f->et;
et->table->msgs = messages;
et->table->n_msgs = num_errors;
et->table->base = base;
et->next = *list;
*list = et;
}
void
free_error_table(struct et_list *et)
{
while(et){
struct et_list *p = et;
et = et->next;
free(p);
}
}

122
crypto/kerberosIV/lib/com_err/lex.l Normal file
View File

@ -0,0 +1,122 @@
%{
/*
* Copyright (c) 1998 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/*
* This is to handle the definition of this symbol in some AIX
* headers, which will conflict with the definition that lex will
* generate for it. It's only a problem for AIX lex.
*/
#undef ECHO
#include "compile_et.h"
#include "parse.h"
RCSID("$Id: lex.l,v 1.5 1999/12/02 16:58:38 joda Exp $");
static unsigned lineno = 1;
void error_message(char *, ...);
int getstring(void);
%}
%%
et { return ET; }
error_table { return ET; }
ec { return EC; }
error_code { return EC; }
prefix { return PREFIX; }
index { return INDEX; }
id { return ID; }
end { return END; }
[0-9]+ { yylval.number = atoi(yytext); return NUMBER; }
#[^\n]* ;
[ \t] ;
\n { lineno++; }
\" { return getstring(); }
[a-zA-Z0-9_]+ { yylval.string = strdup(yytext); return STRING; }
. { return *yytext; }
%%
#ifndef yywrap /* XXX */
int
yywrap ()
{
return 1;
}
#endif
int
getstring(void)
{
char x[128];
int i = 0;
int c;
int quote = 0;
while((c = input()) != EOF){
if(quote) {
x[i++] = c;
quote = 0;
continue;
}
if(c == '\n'){
error_message("unterminated string");
lineno++;
break;
}
if(c == '\\'){
quote++;
continue;
}
if(c == '\"')
break;
x[i++] = c;
}
x[i] = '\0';
yylval.string = strdup(x);
return STRING;
}
void
error_message (char *format, ...)
{
va_list args;
va_start (args, format);
fprintf (stderr, "%s:%d:", filename, lineno);
vfprintf (stderr, format, args);
va_end (args);
numerror++;
}

166
crypto/kerberosIV/lib/com_err/parse.y Normal file
View File

@ -0,0 +1,166 @@
%{
/*
* Copyright (c) 1998, 1999 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "compile_et.h"
RCSID("$Id: parse.y,v 1.10 1999/12/02 16:58:38 joda Exp $");
void yyerror (char *s);
long name2number(const char *str);
void error_message(char *, ...);
extern char *yytext;
/* This is for bison */
#if !defined(alloca) && !defined(HAVE_ALLOCA)
#define alloca(x) malloc(x)
#endif
%}
%union {
char *string;
int number;
}
%token ET INDEX PREFIX EC ID END
%token <string> STRING
%token <number> NUMBER
%%
file : /* */
| header statements
;
header : id et
| et
;
id : ID STRING
{
id_str = $2;
}
;
et : ET STRING
{
base = name2number($2);
strncpy(name, $2, sizeof(name));
name[sizeof(name) - 1] = '\0';
free($2);
}
| ET STRING STRING
{
base = name2number($2);
strncpy(name, $3, sizeof(name));
name[sizeof(name) - 1] = '\0';
free($2);
free($3);
}
;
statements : statement
| statements statement
;
statement : INDEX NUMBER
{
number = $2;
}
| PREFIX STRING
{
prefix = realloc(prefix, strlen($2) + 2);
strcpy(prefix, $2);
strcat(prefix, "_");
free($2);
}
| PREFIX
{
prefix = realloc(prefix, 1);
*prefix = '\0';
}
| EC STRING ',' STRING
{
struct error_code *ec = malloc(sizeof(*ec));
ec->next = NULL;
ec->number = number;
if(prefix && *prefix != '\0') {
asprintf (&ec->name, "%s%s", prefix, $2);
free($2);
} else
ec->name = $2;
ec->string = $4;
APPEND(codes, ec);
number++;
}
| END
{
YYACCEPT;
}
;
%%
long
name2number(const char *str)
{
const char *p;
long base = 0;
const char *x = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz0123456789_";
if(strlen(str) > 4) {
yyerror("table name too long");
return 0;
}
for(p = str; *p; p++){
char *q = strchr(x, *p);
if(q == NULL) {
yyerror("invalid character in table name");
return 0;
}
base = (base << 6) + (q - x) + 1;
}
base <<= 8;
if(base > 0x7fffffff)
base = -(0xffffffff - base + 1);
return base;
}
void
yyerror (char *s)
{
error_message ("%s\n", s);
}

39
crypto/kerberosIV/lib/com_err/roken_rename.h Normal file
View File

@ -0,0 +1,39 @@
/*
* Copyright (c) 1998 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. Neither the name of the Institute nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
/* $Id: roken_rename.h,v 1.3 1999/12/02 16:58:38 joda Exp $ */
#ifndef __roken_rename_h__
#define __roken_rename_h__
#endif /* __roken_rename_h__ */

9
crypto/kerberosIV/lib/kadm/Makefile.in
View File

@ -1,5 +1,5 @@
#
# $Id: Makefile.in,v 1.47 1998/10/13 16:50:44 joda Exp $
# $Id: Makefile.in,v 1.47.4.1 2000/06/23 03:20:01 assar Exp $
#
SHELL = /bin/sh
@ -11,6 +11,7 @@ CC = @CC@
LINK = @LINK@
AR = ar
RANLIB = @RANLIB@
CP = cp
LN_S = @LN_S@
DEFS = @DEFS@ -DROKEN_RENAME
CFLAGS = @CFLAGS@ $(WFLAGS)
@ -66,7 +67,7 @@ Wall:
install: all
$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB)
$(INSTALL_DATA) $(LIB) $(DESTDIR)$(libdir)/$(LIB)
@install_symlink_command@
$(MKINSTALLDIRS) $(DESTDIR)$(includedir)
@for i in $(inc_DATA); do \
@ -117,8 +118,8 @@ roken_rename.h:
all-local: $(inc_DATA)
@for i in $(inc_DATA); do \
if cmp -s $$i $(idir)/$$i 2> /dev/null ; then :; else\
echo " $(INSTALL_DATA) $$i $(idir)/$$i"; \
$(INSTALL_DATA) $$i $(idir)/$$i; \
echo " $(CP) $$i $(idir)/$$i"; \
$(CP) $$i $(idir)/$$i; \
fi ; \
done

10
crypto/kerberosIV/lib/kafs/ChangeLog
View File

@ -1,3 +1,13 @@
2000-03-20 Assar Westerlund <assar@sics.se>
* afssysdefs.h: make versions later than 5.7 of solaris also use
73
2000-03-13 Assar Westerlund <assar@sics.se>
* afssysdefs.h: add 230 for MacOS X per information from
<warner.c@apple.com>
1999-11-22 Assar Westerlund <assar@sics.se>
* afskrb5.c (afslog_uid_int): handle d->realm == NULL

14
crypto/kerberosIV/lib/kafs/Makefile.in
View File

@ -1,5 +1,5 @@
#
# $Id: Makefile.in,v 1.50 1999/09/16 20:41:46 assar Exp $
# $Id: Makefile.in,v 1.50.2.2 2000/12/07 16:44:12 assar Exp $
#
SHELL = /bin/sh
@ -58,8 +58,8 @@ Wall:
install: all
$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
@for i in $(LIB); do \
echo "$(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i" ;\
$(INSTALL) -m 0555 $$i $(DESTDIR)$(libdir)/$$i ; done
echo "$(INSTALL) $$i $(DESTDIR)$(libdir)/$$i" ;\
$(INSTALL) $$i $(DESTDIR)$(libdir)/$$i ; done
@install_symlink_command@
uninstall:
@ -83,13 +83,17 @@ distclean: clean
realclean: distclean
rm -f TAGS
$(LIBNAME)_pic.a: $(OBJECTS)
rm -f $@
$(AR) cr $@ $(OBJECTS)
-$(RANLIB) $@
$(LIBNAME).a: $(OBJECTS)
rm -f $@
$(AR) cr $@ $(OBJECTS)
-$(RANLIB) $@
$(LIBNAME).$(SHLIBEXT): $(OBJECTS)
$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(LIBNAME)_pic.a
rm -f $@
$(LDSHARED) -o $@ $(OBJECTS) $(LIB_DEPS)
@build_symlink_command@

14
crypto/kerberosIV/lib/kafs/afskrb.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "kafs_locl.h"
RCSID("$Id: afskrb.c,v 1.13 1999/12/02 16:58:39 joda Exp $");
RCSID("$Id: afskrb.c,v 1.13.2.1 2000/06/23 03:26:53 assar Exp $");
struct krb_kafs_data {
const char *realm;
@ -69,13 +69,9 @@ afslog_uid_int(kafs_data *data,
return _kafs_afslog_all_local_cells (data, uid, homedir);
/* Extract realm from ticket file. */
{
char name[ANAME_SZ], inst[INST_SZ];
ret = krb_get_default_principal(name, inst, realm);
if (ret != KSUCCESS)
return ret;
}
ret = krb_get_tf_fullname(tkt_string(), NULL, NULL, realm);
if (ret != KSUCCESS)
return ret;
ret = _kafs_get_cred(data, cell, realm_hint, realm, &c);

5
crypto/kerberosIV/lib/kafs/afssys.c
View File

@ -33,7 +33,7 @@
#include "kafs_locl.h"
RCSID("$Id: afssys.c,v 1.65 1999/12/02 16:58:40 joda Exp $");
RCSID("$Id: afssys.c,v 1.65.2.1 2000/06/23 03:27:23 assar Exp $");
int _kafs_debug; /* this should be done in a better way */
@ -113,6 +113,9 @@ map_syscall_name_to_number (const char *str, int *res)
if (f == NULL)
return -1;
while (fgets (buf, sizeof(buf), f) != NULL) {
if (buf[0] == '#')
continue;
if (strncmp (str, buf, str_len) == 0) {
char *begptr = buf + str_len;
char *endptr;

10
crypto/kerberosIV/lib/kafs/afssysdefs.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: afssysdefs.h,v 1.21 1999/12/02 16:58:40 joda Exp $ */
/* $Id: afssysdefs.h,v 1.21.2.2 2000/03/26 20:10:11 assar Exp $ */
/*
* This section is for machines using single entry point AFS syscalls!
@ -50,7 +50,7 @@
#define AFS_SYSCALL 105
#endif
#if SunOS == 57
#if SunOS >= 57
#define AFS_SYSCALL 73
#endif
@ -82,6 +82,10 @@
#define AFS_SYSCALL 210
#endif
#ifdef __APPLE__ /* MacOS X */
#define AFS_SYSCALL 230
#endif
#ifdef SYS_afs_syscall
#define AFS_SYSCALL3 SYS_afs_syscall
#endif

4
crypto/kerberosIV/lib/kafs/dlfcn.c
View File

@ -115,12 +115,12 @@ void *dlopen(const char *path, int mode)
}
if ((mp = (ModulePtr)calloc(1, sizeof(*mp))) == NULL) {
errvalid++;
snprintf (errbuf, "calloc: %s", strerror(errno));
snprintf (errbuf, sizeof(errbuf), "calloc: %s", strerror(errno));
return NULL;
}
if ((mp->name = strdup(path)) == NULL) {
errvalid++;
snprintf (errbuf, "strdup: %s", strerror(errno));
snprintf (errbuf, sizeof(errbuf), "strdup: %s", strerror(errno));
free(mp);
return NULL;
}

4
crypto/kerberosIV/lib/kdb/Makefile.in
View File

@ -1,5 +1,5 @@
#
# $Id: Makefile.in,v 1.40 1999/03/10 19:01:15 joda Exp $
# $Id: Makefile.in,v 1.40.4.1 2000/06/23 03:20:00 assar Exp $
#
SHELL = /bin/sh
@ -54,7 +54,7 @@ Wall:
install: all
$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB)
$(INSTALL_DATA) $(LIB) $(DESTDIR)$(libdir)/$(LIB)
@install_symlink_command@
uninstall:

16
crypto/kerberosIV/lib/krb/Makefile.in
View File

@ -1,5 +1,5 @@
#
# $Id: Makefile.in,v 1.113 1999/11/25 05:26:26 assar Exp $
# $Id: Makefile.in,v 1.113.2.2 2000/12/07 16:44:12 assar Exp $
#
SHELL = /bin/sh
@ -10,6 +10,7 @@ CC = @CC@
LINK = @LINK@
AR = ar
RANLIB = @RANLIB@
CP = cp
LN_S = @LN_S@
DEFS = @DEFS@ -DROKEN_RENAME
CFLAGS = @CFLAGS@ $(WFLAGS)
@ -254,7 +255,7 @@ Wall:
install: all
$(MKINSTALLDIRS) $(DESTDIR)$(libdir)
$(INSTALL_DATA) -m 0555 $(LIB) $(DESTDIR)$(libdir)/$(LIB)
$(INSTALL_DATA) $(LIB) $(DESTDIR)$(libdir)/$(LIB)
@install_symlink_command@
$(MKINSTALLDIRS) $(DESTDIR)$(includedir)
@for i in $(inc_DATA); do \
@ -291,12 +292,17 @@ distclean: clean
realclean: distclean
rm -f TAGS
$(LIBNAME)_pic.a: $(OBJECTS) $(SHLIB_LIBADD)
rm -f $@
$(AR) cr $@ $(OBJECTS) $(SHLIB_LIBADD)
-$(RANLIB) $@
$(LIBNAME).a: $(OBJECTS)
rm -f $@
$(AR) cr $@ $(OBJECTS)
-$(RANLIB) $@
$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(SHLIB_LIBADD)
$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(SHLIB_LIBADD) $(LIBNAME)_pic.a
rm -f $@
$(LDSHARED) -o $@ $(OBJECTS) $(SHLIB_LIBADD) $(LIB_DEPS)
@build_symlink_command@
@ -359,8 +365,8 @@ rw.o: ../../include/version.h
all-local: $(inc_DATA)
@for i in $(inc_DATA); do \
if cmp -s $$i $(idir)/$$i 2> /dev/null ; then :; else\
echo " $(INSTALL_DATA) $$i $(idir)/$$i"; \
$(INSTALL_DATA) $$i $(idir)/$$i; \
echo " $(CP) $$i $(idir)/$$i"; \
$(CP) $$i $(idir)/$$i; \
fi ; \
done

80
crypto/kerberosIV/lib/krb/dest_tkt.c
View File

@ -21,7 +21,11 @@ or implied warranty.
#include "krb_locl.h"
RCSID("$Id: dest_tkt.c,v 1.11 1997/05/19 03:03:40 assar Exp $");
RCSID("$Id: dest_tkt.c,v 1.11.14.2 2000/10/18 20:26:42 assar Exp $");
#ifndef O_BINARY
#define O_BINARY 0
#endif
/*
* dest_tkt() is used to destroy the ticket store upon logout.
@ -35,48 +39,70 @@ RCSID("$Id: dest_tkt.c,v 1.11 1997/05/19 03:03:40 assar Exp $");
int
dest_tkt(void)
{
char *file = TKT_FILE;
int i,fd;
struct stat statb;
const char *filename = TKT_FILE;
int i, fd;
struct stat sb1, sb2;
char buf[BUFSIZ];
int error = 0;
errno = 0;
if (
#ifdef HAVE_LSTAT
lstat
#else
stat
#endif
(file, &statb) < 0)
if (lstat (filename, &sb1) < 0) {
error = errno;
goto out;
}
if (!(statb.st_mode & S_IFREG)
#ifdef notdef
|| statb.st_mode & 077
#endif
)
fd = open (filename, O_RDWR | O_BINARY);
if (fd < 0) {
error = errno;
goto out;
}
if ((fd = open(file, O_RDWR, 0)) < 0)
if (unlink (filename) < 0) {
error = errno;
close(fd);
goto out;
}
memset(buf, 0, BUFSIZ);
if (fstat (fd, &sb2) < 0) {
error = errno;
close(fd);
goto out;
}
for (i = 0; i < statb.st_size; i += sizeof(buf))
if (write(fd, buf, sizeof(buf)) != sizeof(buf)) {
if (sb1.st_dev != sb2.st_dev || sb1.st_ino != sb2.st_ino) {
close (fd);
error = EPERM;
goto out;
}
if (sb2.st_nlink != 0) {
close (fd);
error = EPERM;
goto out;
}
for (i = 0; i < sb2.st_size; i += sizeof(buf)) {
int ret;
ret = write(fd, buf, sizeof(buf));
if (ret != sizeof(buf)) {
if (ret < 0)
error = errno;
else
error = EINVAL;
fsync(fd);
close(fd);
goto out;
}
}
fsync(fd);
close(fd);
unlink(file);
out:
if (errno == ENOENT) return RET_TKFIL;
else if (errno != 0) return KFAILURE;
return(KSUCCESS);
if (error == ENOENT)
return RET_TKFIL;
else if (error != 0)
return KFAILURE;
else
return(KSUCCESS);
}

4
crypto/kerberosIV/lib/krb/extra.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998 Kungliga Tekniska Högskolan
* Copyright (c) 1998 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "krb_locl.h"
RCSID("$Id: extra.c,v 1.7 1999/12/02 16:58:41 joda Exp $");
RCSID("$Id: extra.c,v 1.7.2.1 2000/12/07 16:06:09 assar Exp $");
struct value {
char *variable;

5
crypto/kerberosIV/lib/krb/get_default_principal.c
View File

@ -33,7 +33,7 @@
#include "krb_locl.h"
RCSID("$Id: get_default_principal.c,v 1.14 1999/12/02 16:58:41 joda Exp $");
RCSID("$Id: get_default_principal.c,v 1.14.2.1 2000/06/23 03:29:10 assar Exp $");
int
krb_get_default_principal(char *name, char *instance, char *realm)
@ -42,8 +42,7 @@ krb_get_default_principal(char *name, char *instance, char *realm)
int ret;
char *p;
if ((file = getenv("KRBTKFILE")) == NULL)
file = TKT_FILE;
file = tkt_string ();
ret = krb_get_tf_fullname(file, name, instance, realm);
if(ret == KSUCCESS)

10
crypto/kerberosIV/lib/krb/getaddrs.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan
* Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "krb_locl.h"
RCSID("$Id: getaddrs.c,v 1.28 1999/12/02 16:58:42 joda Exp $");
RCSID("$Id: getaddrs.c,v 1.28.2.1 2000/06/23 03:29:53 assar Exp $");
#if defined(HAVE_SYS_IOCTL_H) && SunOS != 40
#include <sys/ioctl.h>
@ -100,7 +100,11 @@ k_get_all_addrs (struct in_addr **l)
ifconf.ifc_len = in_len;
ifconf.ifc_buf = inbuf;
if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0)
/*
* Solaris returns EINVAL when the buffer is too small.
*/
if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0 && errno != EINVAL)
goto fail;
if(ifconf.ifc_len + sizeof(ifreq) < in_len)
break;

Some files were not shown because too many files have changed in this diff Show More