107 Commits

Author SHA1 Message Date
Justin T. Gibbs
f4390542d7 Kerberos can now deal with multi-homed clients.
Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions.  This ensures
that packets only leave the *authenticated* interface.  Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos.  krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.

Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
1995-10-05 21:30:21 +00:00
Justin T. Gibbs
e2bfbbc955 Add -L paths for all locally built eBones libraries. Many of the programs
already did this, but this catches the straglers.
1995-09-26 02:36:08 +00:00
Justin T. Gibbs
69c1a301a3 Remove duplicate rkinit_err.c entry in the SRCS line. 1995-09-24 02:33:42 +00:00
Mark Murray
fce03bf4b4 Correct a lie in the man pages: /etc/athena/srvtab -> /etc/kerberosIV/srvtab 1995-09-17 07:58:21 +00:00
Justin T. Gibbs
2157145c1e The problem. If the first request to kerberos is not a ticket
request, it cores due to using the unitialized global req_name_ptr
pointer.  -Wall does not reveal this.

Repeat by having an old valid ticket and start kerberos.  rsh to
a non-realm system.

Also intialize lifetime to DEFAULT_TKT_LIFE and kerno to KSUCCESS since
they can be refernced before being initialized.

Submitted by:	John Capo <jc@irbs.com>
1995-09-17 00:39:00 +00:00
Justin T. Gibbs
adad30bca2 Fix printf formatting error %ls -> %s. 1995-09-16 23:11:25 +00:00
Mark Murray
87c66f4cc7 Bring in a hand written replacement for MIT's file of the same name.
Reviewed by:Justin Gibbs
1995-09-16 20:44:27 +00:00
Justin T. Gibbs
b7f41e3f67 Add TELNETOBJDIR and CRYPTOBJDIR for use in LDADD entries. This makes
secure reference the libraries that were just build instead of in /usr/lib.
1995-09-16 03:04:10 +00:00
Justin T. Gibbs
aee030f52c Integrate rkinit into the build. 1995-09-15 06:20:48 +00:00
Justin T. Gibbs
dabcad5f04 Integrate rkinitd into the build. 1995-09-15 06:20:38 +00:00
Justin T. Gibbs
1d36423686 Fix this file for the last time. My last diff was screwed up. 1995-09-15 06:20:23 +00:00
Justin T. Gibbs
95081b095a Integrate librkinit into the build. 1995-09-15 06:19:31 +00:00
Justin T. Gibbs
d61b48d4da Header files for the rkinit suite. 1995-09-15 06:19:14 +00:00
Justin T. Gibbs
1a5eab9072 Fix the most blatant -Wall errors. 1995-09-15 06:18:56 +00:00
Justin T. Gibbs
c344ca9395 Server side of the rkinit package.
Obtained from: MIT
1995-09-15 06:13:43 +00:00
Justin T. Gibbs
43dcd8e508 Rkinit allows you to safely forward tickets to other kerberos hosts.
Obtained from: MIT
1995-09-15 06:11:53 +00:00
Justin T. Gibbs
b00d18e592 MIT's librkinit. Part of the rkinit suite. Rkinit allows you to forward
tickets to other kerberos hosts safely in one easy step.
1995-09-15 06:09:30 +00:00
Justin T. Gibbs
790136a438 Enable kerberosIV authentication/encryption conditionalized on MAKE_EBONES. 1995-09-14 21:29:21 +00:00
Justin T. Gibbs
9d6965ac06 Enable kerberosIV authentication/encryption conditionalized on MAKE_EBONES.
Fix up some of the des calls to be compatible with eBones.
1995-09-14 21:29:08 +00:00
Justin T. Gibbs
075a578e23 Prototypes for the function in new_rnd_key.c from the mit des library. 1995-09-14 21:12:42 +00:00
Justin T. Gibbs
828e0c47c8 Bring in new_rnd_key.c from the mit des library. This gives folks in the
U.S. the ability to build a secure telnet.  Mark is already working on
emultating these function in the export tree, but it will be a while yet.

Kill MISSING since the missing functions are here now.
1995-09-14 21:12:16 +00:00
Justin T. Gibbs
794087e9b8 Bring back the multi-homed server fixes from revision 1.6. They got
klobered when the formating changes were "undone".
1995-09-14 20:58:35 +00:00
Justin T. Gibbs
a7c8d68774 Forgot to bring this patch over. 1995-09-14 19:52:28 +00:00
Justin T. Gibbs
a032b44df6 Fix a few problems with the depend target.
Pointed out by: Mark Murray <markm>
1995-09-14 18:16:18 +00:00
Justin T. Gibbs
f3ebe76761 Bmake fixes for eBones. 1995-09-14 04:11:21 +00:00
Justin T. Gibbs
8fbd000c5d Don't cast die with (__sighandler_t *) when its passed to signal(). Instead
have die take an int arg that it never uses.
1995-09-14 04:08:58 +00:00
Justin T. Gibbs
a7c207ecf4 Bmake fixes for the eBones tree. 1995-09-14 04:06:18 +00:00
Justin T. Gibbs
b30c068c58 Actually install des.h. We haven't been for a while now. 1995-09-14 04:04:24 +00:00
Justin T. Gibbs
20e8750f5e des_check_key_parity and des_fixup_key_parity go by other names in eBones'
des.  I've added #defines for them, so they are no longer "missing".
1995-09-14 04:02:38 +00:00
Justin T. Gibbs
ccf0ac68a9 Bring back Makefile.inc and give it a better rules for dealing with the
.et files.
1995-09-14 04:00:59 +00:00
Mark Murray
c103e9bd14 added Makefile.inc in the necessary places.
Pointed out by: Garrett Wollman
Obtained from: equivalent directoies rooted in src/
1995-09-13 17:47:41 +00:00
Mark Murray
02c78a9c21 After the Great eBones Repository Copy (tm), make ebones actually
compile
1) remove rubbish no longer needed
2) correct existing Makefiles
3) add new makefiles where needed
4) correct code, header files and man pages where necessary

PLEASE NOTE - after this you will need to make install in eBones/include,
and mamake obj depend all install in eBones/lib before doing a
make obj depend all install in eBones/. (I am going 6to fix src/Makefile
next)
PS - I hate slow international links - apologies for all the typos
1995-09-13 17:24:36 +00:00
David Greenman
b834e407de sys_term.c: killed sleep(1) as this should no longer be a problem with
the move of startslave().
telnetd.c: fix bug introduced with the move of startslave()...the number
of arguments was wrong and "level" and "user_name" had to be made globals.
1995-09-11 21:02:02 +00:00
Mark Murray
d79d4a7ced Major cleanup of eBones code:
- Get all functions prototyped or at least defined before use.
- Make code compile (Mostly) clean with -Wall set
- Start to reduce the degree to which DES aka libdes is built in.
- get all functions to the same uniform standard of definition:
int
foo(a, b)
int a;
int *b;
{
   :
}
- fix numerous bugs exposed by above processes.

Note - this replaces the previous work which used an unpopular function
 definition style.
1995-09-07 21:39:00 +00:00
Justin T. Gibbs
233cd1e776 Save and check against all address of kerberos servers. This completes
the fixes for multi-homed kerberos servers.  We're still debating on how
we want to fix the client side.

Reviewed by: Garrett Wollman <wollman>, Mark Murray <markm>
Obtained from: Dieter Dworkin Muller <dworkin@village.org> (small changes by me)
1995-09-06 03:47:14 +00:00
Paul Traina
b74fc1026f Move erase cleanup outside linemode conditional 1995-09-06 02:03:36 +00:00
Paul Traina
a06a8a9829 Avoid race condition with telnet options processing (login: prompt lost).
Submitted by:	John Capo & Peter Wemm
1995-09-05 19:31:06 +00:00
Paul Traina
d0d1fb6198 Set erase character for login: prompt.
Submitted by:	Peter Wemm & John Capo
1995-09-05 19:30:05 +00:00
Paul Traina
a4a142bd15 Do NOT compile with -DKLUDGELINEMODE...hoses many telnet clients 1995-08-28 17:55:08 +00:00
Mark Murray
bb462e80e7 Remove register, registerd & make_keypair until thedes library is moved. m 1995-08-26 13:46:12 +00:00
Mark Murray
b0e6df47f9 Allow the kerberos utilities and kerberised code to still find des.h in
the old place. This corrects an upgrade that sneaked through too early.
1995-08-26 12:45:06 +00:00
Mark Murray
b1ebdd50cb Start the eBones cleanup ball rolling.
These are the start of a lot of work to clean up the FreeBSD eBones code.
these changes include, but are not limited to:
- Create prototypes for all the library routines
- Make all the libraries compile clean with -Wall set
- Fix numerous small bugs shown up in the above process
- Prepare the code for libdes's removal to secure/
- add register, registerd and make_keypair to the make
Lots more will follow in days to come.

OK'ed by: rgrimes
1995-08-25 22:52:32 +00:00
Andrey A. Chernov
0a06628ab2 Comment out LDADD+=-ldescrypt, it is not yet active due to
missng defines for krb4encpwd and rsaencpwd and missing rsa library too.
1995-08-05 19:10:25 +00:00
Andrey A. Chernov
d2245bac95 Nuke one __FreeBSD__ left out
Reviewed by:
Submitted by:
Obtained from:
1995-08-04 03:02:30 +00:00
Andrey A. Chernov
ba60b431ca Change default banner to FreeBSD, properly ifdefed by __FreeBSD__
Reviewed by:
Submitted by:
Obtained from:
1995-08-04 00:12:08 +00:00
Paul Traina
a98348f35c Update manual page to reflect "empty password" usage. 1995-08-03 16:23:12 +00:00
Paul Traina
4a1842c971 Null password should ask for random 1995-08-02 23:15:12 +00:00
Paul Traina
278022fad4 Make the DB/DBM routines generic (ifdef FreeBSD considered evil), and
also fix a string allocation bug.

Submitted by: Havard Eidnes
1995-08-02 23:08:18 +00:00
Paul Traina
f97a38cd65 Program to receive and process a new kerberos database (this is run on
the slave server).

NOTE: This code should not be built, there is no documentation, and this
      method of database transfer is highly suboptimal.  It's here just
      for those of us who actually have multiple K4 servers and want
      something more secure than the other distribution mechanisms.

Obtained from: MIT Project Athena
1995-08-02 22:14:27 +00:00
Paul Traina
fa84c42025 Import an updated revision of the MIT kprop program for distributing
kerberos databases to slave servers.

NOTE: This method was abandoned by MIT long ago, this code is close to
      garbage,  but it is slightly more secure than using rdist.
      There is no documentation available on how to use it, and
      it should -not- be built by default.

Obtained from:	MIT Project Athena
1995-08-02 22:11:44 +00:00