d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Vendor import of Heimdal 0.6.

Browse Source
This commit is contained in:
nectar 2003-10-09 19:36:20 +00:00
parent 12eb3dee85
commit 5c90662d44
306 changed files with 14015 additions and 3989 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1119
crypto/heimdal/ChangeLog
View File

File diff suppressed because it is too large Load Diff

726
crypto/heimdal/ChangeLog.2002 Normal file
View File

@ -0,0 +1,726 @@
2002-12-19 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/mk_rep.c: free allocated storage; reported by Howard
Chu
2002-12-08 Johan Danielsson <joda@pdc.kth.se>
* kdc/kdc_locl.h: remove old encrypt_v4_ticket prototype
2002-12-02 Johan Danielsson <joda@pdc.kth.se>
* kpasswd/kpasswdd.c (doit): initialise sa_size to size of
sockaddr_storage
* kdc/connect.c (init_socket): initialise sa_size to size of
sockaddr_storage
2002-11-15 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/krb5.h: remove trailing comma in enum
2002-11-07 Johan Danielsson <joda@pdc.kth.se>
* kdc/524.c: implement crude b2 style (non-)conversion for use
with afs
* kdc/kerberos4.c: move encrypt_v4_ticket to 524.c, since that's
where it's used
2002-10-21 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/keytab_keyfile.c: more strcspn
* lib/krb5/store_emem.c (emem_store): limit how much we allocate
(from Olaf Kirch)
* lib/krb5/principal.c: don't allow trailing backslashes in
components
* kdc/connect.c: check that %-quotes are followed by two hex
digits
* lib/krb5/keytab_any.c: properly close the open keytabs (from
Larry Greenfield)
* kdc/kaserver.c: make sure life is positive (from John Godehn)
2002-10-17 Johan Danielsson <joda@pdc.kth.se>
* kuser/klist.c (display_tokens): allow tokens up to size of
buffer (from Magnus Holmberg)
2002-09-29 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/changepw.c (process_reply): fix reply length check
calculation (reported by various people)
2002-09-24 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/keytab_file.c (fkt_remove_entry): check return value
from start_seq_get (from Wynn Wilkes)
2002-09-19 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/context.c (krb5_set_config_files): return ENXIO instead
of ENOENT when "unconfigured"
2002-09-16 Jacques Vidrine <nectar@kth.se>
* lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn
to convert the newline to NUL in fgets results.
2002-09-13 Johan Danielsson <joda@pdc.kth.se>
* kuser/kinit.1: remove unneeded Ns
* lib/krb5/krb5_appdefault.3: remove extra "application"
* fix-export: remove autom4ate.cache
2002-09-10 Johan Danielsson <joda@pdc.kth.se>
* include/make_crypto.c: don't use function macros if possible
* lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
* include/Makefile.am: use make_crypto to create crypto-headers.h
* include/make_crypto.c: crypto header generation tool
* configure.in: move crypto test to just after testing for krb4,
and move roken tests to after both, this speeds up various failure
cases with krb4
* lib/krb5/config_file.c: don't use NULL when we mean 0
* configure.in: we don't set package_libdir anymore, so no point
in testing for it
* tools/Makefile.am: subst INCLUDE_des
* tools/krb5-config.in: add INCLUDE_des to cflags
* configure.in: use AC_CONFIG_SRCDIR
* fix-export: remove some unneeded stuff
* kuser/kinit.c (do_524init): free principals
2002-09-09 Jacques Vidrine <nectar@kth.se>
* kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
kdc/kaserver.c (krb5_ret_xdr_data),
lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
counts: Check that they are non-negative, and that they are small
enough to avoid integer overflow when used in memory allocation
calculations. Potential problem areas pointed out by
Sebastian Krahmer <krahmer@suse.de>.
* lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
creating a new keyfile.
2002-09-09 Johan Danielsson <joda@pdc.kth.se>
* configure.in: don't try to build pam module
2002-09-05 Johan Danielsson <joda@pdc.kth.se>
* appl/kf/kf.c: fix warning string
* lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
know we need it
2002-09-04 Assar Westerlund <assar@kth.se>
* kdc/kerberos5.c (encode_reply): correct error logging
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/sendauth.c: close ccache if we opened it
* appl/kf/kf.c: handle new protocol
* appl/kf/kfd.c: use krb5_err instead of sysloging directly,
handle the new protocol, and bail out if an old client tries to
connect
* appl/kf/kf_locl.h: we need a protocol version string
* lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
* kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
* kdc/hprop.c: set AP_OPTS_USE_SUBKEY
* lib/hdb/common.c: use ASN1_MALLOC_ENCODE
* lib/asn1/gen.c: add convenience macro that allocates a buffer
and encoded into that
* lib/krb5/get_cred.c (init_tgs_req): use
in_creds->session.keytype literally instead of trying to convert
to a list of enctypes (it should already be an enctype)
* lib/krb5/get_cred.c (init_tgs_req): init ret
2002-09-03 Johan Danielsson <joda@pdc.kth.se>
* lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
* lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
* lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
zero ivec in DES3_CBC_encrypt if passed ivec is NULL
* lib/krb5/Makefile.am: back out 1.144, since it will re-create
krb5-protos.h at build-time, which requires perl, which is bad
* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
blindly use the local subkey
* lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
extracts the required blocksize from a crypto context
* lib/krb5/build_auth.c: just get the length of the encoded
authenticator instead of trying to grow a buffer
2002-09-03 Assar Westerlund <assar@kth.se>
* configure.in: add --disable-mmap option, and tests for
sys/mman.h and mmap
2002-09-03 Jacques Vidrine <nectar@kth.se>
* lib/krb5/changepw.c: verify lengths in response
* lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
truncated integers
2002-09-02 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/mk_req_ext.c: generate a local subkey if
AP_OPTS_USE_SUBKEY is set
* lib/krb5/build_auth.c: we don't have enough information about
whether to generate a local subkey here, so don't try to
* lib/krb5/auth_context.c: new function
krb5_auth_con_generatelocalsubkey
* lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
initial ticket
* lib/krb5/context.c (init_context_from_config_file): simplify
initialisation of srv_lookup
* lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
* lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
2002-08-30 Assar Westerlund <assar@kth.se>
* lib/krb5/name-45-test.c: also test krb5_524_conv_principal
* lib/krb5/Makefile.am (TESTS): add name-45-test
* lib/krb5/name-45-test.c: add testcases for
krb5_425_conv_principal
2002-08-29 Assar Westerlund <assar@kth.se>
* lib/krb5/parse-name-test.c: also test unparse_short functions
* lib/asn1/asn1_print.c: use com_err/error_message API
* lib/krb5/Makefile.am: add parse-name-test
* lib/krb5/parse-name-test.c: add a program for testing parsing
and unparsing principal names
2002-08-28 Assar Westerlund <assar@kth.se>
* kdc/config.c: add missing ifdef DAEMON
2002-08-28 Johan Danielsson <joda@pdc.kth.se>
* configure.in: use rk_SUNOS
* kdc/config.c: add detach options
* kdc/main.c: maybe detach from console?
* kdc/kdc.8: markup changes
* configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
* configure.in: use rk_TELNET, rename some other macros, and don't
add -ldes to krb4 link command
* kuser/kinit.1: whitespace fix (from NetBSD)
* include/bits.c: we may need unistd.h for ssize_t
2002-08-26 Assar Westerlund <assar@kth.se>
* lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
rrs before A ones when using the resolver to verify a mapping,
also use getaddrinfo when resolver is not available
* lib/hdb/keytab.c (find_db): const-correctness in parameters to
krb5_config_get_next
* lib/asn1/gen.c: include <string.h> in the generated files (for
memset)
2002-08-22 Assar Westerlund <assar@kth.se>
* lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
getarg so that it can handle --help and --version (and thus make
check can pass)
* lib/asn1/check-der.c: make this build again
2002-08-22 Assar Westerlund <assar@kth.se>
* lib/asn1/der_get.c (der_get_int): handle len == 0. based on a
patch from Love <lha@stacken.kth.se>
2002-08-22 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter
* kdc/kdc.8: add blurb about adding and removing addresses; update
kdc.conf section to match reality
* configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
don't define it
2002-08-21 Assar Westerlund <assar@kth.se>
* lib/asn1/asn1_print.c: print OIDs too, based on a patch from
Love <lha@stacken.kth.se>
2002-08-21 Johan Danielsson <joda@pdc.kth.se>
* kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
since it might not exist, and we don't actually care about the key
2002-08-20 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/krb5.conf.5: correct documentation for
verify_ap_req_nofail
* lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
Mattias Amnefelt)
* kuser/klist.c (display_tokens): increase token buffer size, and
add more checks of the kernel data (from Love)
2002-08-19 Johan Danielsson <joda@pdc.kth.se>
* fix-export: use make to parse Makefile.am instead of perl
* configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
groks AC_INIT with package name etc.
* kpasswd/kpasswdd.c: include <kadm5/private.h>
* lib/asn1/asn1_print.c: include com_right.h
* lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t
* include/bits.c: define krb5_socklen_t type; this should really
go someplace else, but this was easy
* lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
fails, just warn about it
* kdc/log.c (kdc_openlog): no need for a config_file parameter
* kdc/config.c: just treat kdc.conf like any other config file
* lib/krb5/context.c (krb5_get_default_config_files): ignore
duplicate files
2002-08-16 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/krb5.h: turn strings into pointers, so we can assign to
them
* lib/krb5/constants.c: turn strings into pointers, so we can
assign to them
* lib/krb5/get_addrs.c (get_addrs_int): initialise res if
SCAN_INTERFACES is not set
* lib/krb5/context.c: fix various borked stuff in previous commits
2002-08-16 Jacques Vidrine <n@nectar.com>
* lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
the `admin_server' entry for kpasswd, override the `proto' result
to be UDP.
2002-08-15 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/auth_context.c: check return value of
krb5_sockaddr2address
* lib/krb5/addr_families.c: check return value of
krb5_sockaddr2address
* lib/krb5/context.c: get the default keytab from KRB5_KTNAME
2002-08-14 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/verify_krb5_conf.c: allow parsing of more than one file
* lib/krb5/context.c: allow changing config files with the
function krb5_set_config_files, there are also related functions
krb5_get_default_config_files and krb5_free_config_files; these
should work similar to their MIT counterparts
* lib/krb5/config_file.c: allow the use of more than one config
file by using the new function krb5_config_parse_file_multi
2002-08-12 Johan Danielsson <joda@pdc.kth.se>
* use sysconfdir instead of /etc
* configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
to appease automake; force sysconfdir and localstatedir to /etc
and /var/heimdal for now
* kdc/connect.c (addr_to_string): check return value of
sockaddr2address
2002-08-09 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/rd_cred.c: if the remote address isn't an addrport,
don't try comparing to one; this should make old clients work with
new servers
* lib/asn1/gen_decode.c: remove unused variable
2002-07-31 Johan Danielsson <joda@pdc.kth.se>
* kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
Brashear)
* lib/krb5/principal.c: actually lower case the lower case
instance name (spotted by Derrick Brashear)
2002-07-24 Johan Danielsson <joda@pdc.kth.se>
* fix-export: if DATEDVERSION is set, change the version to
current date
* configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
LTLIBOBJS
2002-07-04 Johan Danielsson <joda@pdc.kth.se>
* kdc/connect.c: add some cache-control-foo to the http responses
(from Gombas Gabor)
* lib/krb5/addr_families.c (krb5_print_address): don't copy size
if ret_len == NULL
2002-06-28 Johan Danielsson <joda@pdc.kth.se>
* kuser/klist.c (display_tokens): don't bail out before we get
EDOM (signaling the end of the tokens), the kernel can also return
ENOTCONN, meaning that the index does not exist anymore (for
example if the token has expired)
2002-06-06 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/changepw.c: make sure we return an error if there are
no changepw hosts found; from Wynn Wilkes
2002-05-29 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/cache.c (krb5_cc_register): break out of loop when the
same type is found; spotted by Wynn Wilkes
2002-05-28 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/keytab_file.c: check size of entry before trying to
read 32-bit kvno; also fix typo in previous
2002-05-24 Johan Danielsson <joda@pdc.kth.se>
* include/Makefile.am: only add to INCLUDES
* lib/45/mk_req.c: fix for storage change
* lib/hdb/print.c: fix for storage change
2002-05-15 Johan Danielsson <joda@pdc.kth.se>
* kdc/kerberos5.c: don't free encrypted padata until we're really
done with it
2002-05-07 Johan Danielsson <joda@pdc.kth.se>
* kdc/kerberos5.c: when decrypting pa-data, try all keys matching
enctype
* kuser/kinit.1: document -a
* kuser/kinit.c: add command line switch for extra addresses
2002-04-30 Johan Danielsson <joda@blubb.pdc.kth.se>
* configure.in: remove some duplicate tests
* configure.in: use AC_HELP_STRING
2002-04-29 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
unknown
2002-04-25 Johan Danielsson <joda@pdc.kth.se>
* configure.in: use rk_DESTDIRS
2002-04-22 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
the principal
2002-04-19 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/verify_init.c: fix typo in error string
2002-04-18 Johan Danielsson <joda@pdc.kth.se>
* acconfig.h: remove some stuff that is defined elsewhere
* lib/krb5/krb5_locl.h: include <sys/file.h>
* lib/krb5/acl.c: rename acl_string parameter
* lib/krb5/Makefile.am: remove __P from protos, and put parameter
names in comments
* kuser/klist.c: better align some headers
* kdc/kerberos4.c: storage tweaks
* kdc/kaserver.c: storage tweaks
* kdc/524.c: storage tweaks
* lib/krb5/keytab_krb4.c: storage tweaks
* lib/krb5/keytab_keyfile.c: storage tweaks
* lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
sized keytab files
* lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END
* lib/krb5/fcache.c: storage tweaks
* lib/krb5/store_mem.c: make the krb5_storage opaque, and add
function wrappers for store/fetch/seek, and also make the eof-code
configurable
* lib/krb5/store_fd.c: make the krb5_storage opaque, and add
function wrappers for store/fetch/seek, and also make the eof-code
configurable
* lib/krb5/store_emem.c: make the krb5_storage opaque, and add
function wrappers for store/fetch/seek, and also make the eof-code
configurable
* lib/krb5/store.c: make the krb5_storage opaque, and add function
wrappers for store/fetch/seek, and also make the eof-code
configurable
* lib/krb5/store-int.h: make the krb5_storage opaque, and add
function wrappers for store/fetch/seek, and also make the eof-code
configurable
* lib/krb5/krb5.h: make the krb5_storage opaque, and add function
wrappers for store/fetch/seek, and also make the eof-code
configurable
* include/bits.c: include <sys/socket.h> to get socklen_t
* kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
requested KDC-REQ etypes
* kdc/hpropd.c: constify
* kdc/hprop.c: constify
* kdc/string2key.c: constify
* kdc/kdc_locl.h: make port_str const
* kdc/config.c: constify
* lib/krb5/config_file.c: constify
* kdc/kstash.c: constify
* lib/krb5/verify_user.c: remove unnecessary cast
* lib/krb5/recvauth.c: constify
* lib/krb5/principal.c (krb5_parse_name): const qualify
* lib/krb5/mcache.c (mcc_get_name): constify return type
* lib/krb5/context.c (krb5_free_context): don't try to free the
ccache prefix
* lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
prefix
* lib/krb5/krb5.h: constify some struct members
* lib/krb5/log.c: constify
* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
qualify
* lib/krb5/get_in_tkt.c (krb5_init_etype): constify
* lib/krb5/crypto.c: constify some
* lib/krb5/config_file.c: constify
* lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
constify local variable
* lib/krb5/addr_families.c (ipv4_sockaddr2port): constify
2002-04-17 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/verify_krb5_conf.c: add some log checking
* lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing
2002-04-16 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/crypto.c (krb5_crypto_init): check that the key size
matches the expected length
2002-03-27 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/send_to_kdc.c: rename send parameter to send_data
* lib/krb5/mk_error.c: rename ctime parameter to client_time
2002-03-22 Johan Danielsson <joda@pdc.kth.se>
* kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
Reinoud Zandijk)
2002-03-18 Johan Danielsson <joda@pdc.kth.se>
* lib/asn1/k5.asn1: add the GSS-API checksum type here
2002-03-11 Assar Westerlund <assar@sics.se>
* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
18:3:1
* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0
2002-03-10 Assar Westerlund <assar@sics.se>
* lib/krb5/rd_cred.c: handle addresses with port numbers
* lib/krb5/keytab_file.c, lib/krb5/keytab.c:
store the kvno % 256 as the byte and the complete 32 bit kvno after
the end of the current keytab entry
* lib/krb5/init_creds_pw.c:
handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
handle ports giving for the remote address
* lib/krb5/get_cred.c:
get a ticket with no addresses if no-addresses is set
* lib/krb5/crypto.c:
rename functions DES_* to krb5_* to avoid colliding with modern
openssl
* lib/krb5/addr_families.c:
make all functions taking 'struct sockaddr' actually take a socklen_t
instead of int and that acts as an in-out parameter (indicating the
maximum length of the sockaddr to be written)
* kdc/kerberos4.c:
make the kvno's in the krb4 universe by the real one % 256, since they
cannot only be 8 bit, and the v5 ones are actually 32 bits
2002-02-15 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
before we need to write to it
(from Åke Sandgren)
2002-02-14 Johan Danielsson <joda@pdc.kth.se>
* configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
directly
* lib/krb5/rd_safe.c: actually use the correct key (from Daniel
Kouril)
2002-02-12 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/context.c (krb5_get_err_text): protect against NULL
context
2002-02-11 Johan Danielsson <joda@pdc.kth.se>
* admin/ktutil.c: no need to use the "modify" keytab anymore
* lib/krb5/keytab_any.c: implement add and remove
* lib/krb5/keytab_krb4.c: implement add and remove
* lib/krb5/store_emem.c (emem_free): clear memory before freeing
(this should perhaps be selectable with a flag)
2002-02-04 Johan Danielsson <joda@pdc.kth.se>
* kdc/config.c (get_dbinfo): if there are database specifications
in the config file, don't automatically try to use the default
values (from Gombas Gabor)
* lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
(from Gombas Gabor)
2002-01-30 Johan Danielsson <joda@pdc.kth.se>
* admin/list.c: get the default keytab from krb5.conf, and list
all parts of an ANY type keytab
* lib/krb5/context.c: default default_keytab_modify to NULL
* lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
name is specified take it from the first component of the default
keytab name
2002-01-29 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/keytab.c: compare keytab types case insensitively
2002-01-07 Assar Westerlund <assar@sics.se>
* lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
not really a krb5_key_usage). From Ben Harris <bjh21@netbsd.org>
* lib/krb5/get_in_tkt.c: use krb5_enctype consistently. From Ben
Harris <bjh21@netbsd.org>
* lib/krb5/crypto.c: use krb5_enctype consistently. From Ben
Harris <bjh21@netbsd.org>
* kdc/kerberos5.c: use krb5_enctype consistently. From Ben Harris
<bjh21@netbsd.org>

36
crypto/heimdal/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -236,18 +237,18 @@ all: all-recursive
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)
$(top_builddir)/config.status: $(srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
$(SHELL) ./config.status --recheck
$(srcdir)/configure: $(srcdir)/configure.in $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES)
$(srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(srcdir)/configure.in $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES)
cd $(srcdir) && $(AUTOCONF)
$(ACLOCAL_M4): configure.in acinclude.m4 cf/aix.m4 cf/auth-modules.m4 cf/broken-getaddrinfo.m4 cf/broken-getnameinfo.m4 cf/broken-glob.m4 cf/broken-realloc.m4 cf/broken-snprintf.m4 cf/broken.m4 cf/broken2.m4 cf/c-attribute.m4 cf/c-function.m4 cf/capabilities.m4 cf/check-compile-et.m4 cf/check-declaration.m4 cf/check-getpwnam_r-posix.m4 cf/check-man.m4 cf/check-netinet-ip-and-tcp.m4 cf/check-type-extra.m4 cf/check-var.m4 cf/check-x.m4 cf/check-xau.m4 cf/crypto.m4 cf/db.m4 cf/destdirs.m4 cf/dlopen.m4 cf/find-func-no-libs.m4 cf/find-func-no-libs2.m4 cf/find-func.m4 cf/find-if-not-broken.m4 cf/have-pragma-weak.m4 cf/have-struct-field.m4 cf/have-type.m4 cf/have-types.m4 cf/irix.m4 cf/krb-bigendian.m4 cf/krb-func-getcwd-broken.m4 cf/krb-func-getlogin.m4 cf/krb-ipv6.m4 cf/krb-prog-ln-s.m4 cf/krb-prog-ranlib.m4 cf/krb-prog-yacc.m4 cf/krb-readline.m4 cf/krb-struct-spwd.m4 cf/krb-struct-winsize.m4 cf/krb-sys-aix.m4 cf/krb-sys-nextstep.m4 cf/krb-version.m4 cf/mips-abi.m4 cf/misc.m4 cf/need-proto.m4 cf/osfc2.m4 cf/otp.m4 cf/proto-compat.m4 cf/retsigtype.m4 cf/roken-frag.m4 cf/roken.m4 cf/sunos.m4 cf/telnet.m4 cf/test-package.m4 cf/wflags.m4 cf/with-all.m4
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ configure.in acinclude.m4 cf/aix.m4 cf/auth-modules.m4 cf/broken-getaddrinfo.m4 cf/broken-getnameinfo.m4 cf/broken-glob.m4 cf/broken-realloc.m4 cf/broken-snprintf.m4 cf/broken.m4 cf/broken2.m4 cf/c-attribute.m4 cf/c-function.m4 cf/capabilities.m4 cf/check-compile-et.m4 cf/check-declaration.m4 cf/check-getpwnam_r-posix.m4 cf/check-man.m4 cf/check-netinet-ip-and-tcp.m4 cf/check-type-extra.m4 cf/check-var.m4 cf/check-x.m4 cf/check-xau.m4 cf/crypto.m4 cf/db.m4 cf/destdirs.m4 cf/dlopen.m4 cf/find-func-no-libs.m4 cf/find-func-no-libs2.m4 cf/find-func.m4 cf/find-if-not-broken.m4 cf/have-pragma-weak.m4 cf/have-struct-field.m4 cf/have-type.m4 cf/have-types.m4 cf/irix.m4 cf/krb-bigendian.m4 cf/krb-func-getcwd-broken.m4 cf/krb-func-getlogin.m4 cf/krb-ipv6.m4 cf/krb-prog-ln-s.m4 cf/krb-prog-ranlib.m4 cf/krb-prog-yacc.m4 cf/krb-readline.m4 cf/krb-struct-spwd.m4 cf/krb-struct-winsize.m4 cf/krb-sys-aix.m4 cf/krb-sys-nextstep.m4 cf/krb-version.m4 cf/mips-abi.m4 cf/misc.m4 cf/need-proto.m4 cf/osfc2.m4 cf/otp.m4 cf/proto-compat.m4 cf/retsigtype.m4 cf/roken-frag.m4 cf/roken.m4 cf/sunos.m4 cf/telnet.m4 cf/test-package.m4 cf/wflags.m4 cf/with-all.m4
cd $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
mostlyclean-libtool:
@ -507,7 +508,9 @@ info: info-recursive
info-am:
install-data-am: install-data-local
install-data-am:
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am:
@$(NORMAL_INSTALL)
@ -537,15 +540,14 @@ uninstall-info: uninstall-info-recursive
distclean-libtool distclean-recursive distclean-tags \
distcleancheck distdir dvi dvi-am dvi-recursive info info-am \
info-recursive install install-am install-data install-data-am \
install-data-local install-data-recursive install-exec \
install-exec-am install-exec-recursive install-info \
install-info-am install-info-recursive install-man \
install-recursive install-strip installcheck installcheck-am \
installdirs installdirs-am installdirs-recursive \
maintainer-clean maintainer-clean-generic \
maintainer-clean-recursive mostlyclean mostlyclean-generic \
mostlyclean-libtool mostlyclean-recursive tags tags-recursive \
uninstall uninstall-am uninstall-info-am \
install-data-recursive install-exec install-exec-am \
install-exec-recursive install-info install-info-am \
install-info-recursive install-man install-recursive \
install-strip installcheck installcheck-am installdirs \
installdirs-am installdirs-recursive maintainer-clean \
maintainer-clean-generic maintainer-clean-recursive mostlyclean \
mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \
tags tags-recursive uninstall uninstall-am uninstall-info-am \
uninstall-info-recursive uninstall-recursive
@ -672,7 +674,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

22
crypto/heimdal/NEWS
View File

@ -1,3 +1,25 @@
Changes in release 0.6
* The DES3 GSS-API mechanism has been changed to inter-operate with
other GSSAPI implementations. See man page for gssapi(3) how to turn
on generation of correct MIC messages. Next major release of heimdal
will generate correct MIC by default.
* More complete GSS-API support
* Better AFS support: kdc (524) supports 2b; 524 in kdc and AFS
support in applications no longer requires Kerberos 4 libs
* Kerberos 4 support in kdc defaults to turned off (includes ka and 524)
* other bug fixes
Changes in release 0.5.2
* kdc: add option for disabling v4 cross-realm (defaults to off)
* bug fixes
Changes in release 0.5.1
* kadmind: fix remote exploit

142
crypto/heimdal/aclocal.m4 vendored
View File

@ -853,6 +853,43 @@ AC_CONFIG_COMMANDS_PRE(
Usually this means the macro was only invoked conditionally.])
fi])])
# Add --enable-maintainer-mode option to configure.
# From Jim Meyering
# Copyright 1996, 1998, 2000, 2001 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
# 02111-1307, USA.
# serial 1
AC_DEFUN([AM_MAINTAINER_MODE],
[AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
dnl maintainer-mode is disabled by default
AC_ARG_ENABLE(maintainer-mode,
[ --enable-maintainer-mode enable make rules and dependencies not useful
(and sometimes confusing) to the casual installer],
USE_MAINTAINER_MODE=$enableval,
USE_MAINTAINER_MODE=no)
AC_MSG_RESULT([$USE_MAINTAINER_MODE])
AM_CONDITIONAL(MAINTAINER_MODE, [test $USE_MAINTAINER_MODE = yes])
MAINT=$MAINTAINER_MODE_TRUE
AC_SUBST(MAINT)dnl
]
)
# Copyright 1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
@ -4759,7 +4796,7 @@ esac
AC_SUBST(LIB_$1)
])
dnl $Id: crypto.m4,v 1.13 2002/09/10 19:55:48 joda Exp $
dnl $Id: crypto.m4,v 1.16.2.1 2003/05/05 20:08:32 joda Exp $
dnl
dnl test for crypto libraries:
dnl - libcrypto (from openssl)
@ -4772,8 +4809,10 @@ m4_define([test_headers], [
#include <openssl/md4.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#define OPENSSL_DES_LIBDES_COMPATIBILITY
#include <openssl/des.h>
#include <openssl/rc4.h>
#include <openssl/rand.h>
#else
#include <md4.h>
#include <md5.h>
@ -4805,6 +4844,9 @@ m4_define([test_body], [
MD4_Init(&md4);
MD5_Init(&md5);
SHA1_Init(&sha1);
#ifdef HAVE_OPENSSL
RAND_status();
#endif
des_cbc_encrypt(0, 0, 0, schedule, 0, 0);
RC4(0, 0, 0, 0);])
@ -4836,23 +4878,31 @@ if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
ires=
for i in $INCLUDE_krb4; do
CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS"
AC_TRY_COMPILE(test_headers, test_body,
openssl=yes ires="$i"; break)
for j in $cdirs; do
for k in $clibs; do
LIBS="$j $k $save_LIBS"
AC_TRY_LINK(test_headers, test_body,
openssl=yes ires="$i" lres="$j $k"; break 3)
done
done
CFLAGS="$i $save_CFLAGS"
AC_TRY_COMPILE(test_headers, test_body,
openssl=no ires="$i"; break)
CFLAGS="-DOLD_HASH_NAMES $i $save_CFLAGS"
AC_TRY_COMPILE(test_headers, test_body,
openssl=no ires="$i" old_hash=yes; break)
done
lres=
for i in $cdirs; do
for j in $clibs; do
LIBS="$i $j $save_LIBS"
AC_TRY_LINK(test_headers, test_body,
lres="$i $j"; break 2)
for j in $cdirs; do
for k in $clibs; do
LIBS="$j $k $save_LIBS"
AC_TRY_LINK(test_headers, test_body,
openssl=no ires="$i" lres="$j $k"; break 3)
done
done
CFLAGS="-DHAVE_OLD_HASH_NAMES $i $save_CFLAGS"
for j in $cdirs; do
for k in $clibs; do
LIBS="$j $k $save_LIBS"
AC_TRY_LINK(test_headers, test_body,
openssl=no ires="$i" lres="$j $k"; break 3)
done
done
done
CFLAGS="$save_CFLAGS"
LIBS="$save_LIBS"
if test "$ires" -a "$lres"; then
@ -4872,21 +4922,27 @@ if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
INCLUDE_des=
LIB_des=
if test "$with_openssl_include" != ""; then
INCLUDE_des="-I${with_openssl}/include"
INCLUDE_des="-I${with_openssl_include}"
fi
if test "$with_openssl_lib" != ""; then
LIB_des="-L${with_openssl}/lib"
LIB_des="-L${with_openssl_lib}"
fi
CFLAGS="-DHAVE_OPENSSL ${INCLUDE_des} ${CFLAGS}"
LIB_des="${LIB_des} -lcrypto"
LIB_des_a="$LIB_des"
LIB_des_so="$LIB_des"
LIB_des_appl="$LIB_des"
LIBS="${LIBS} ${LIB_des}"
AC_TRY_LINK(test_headers, test_body, [
crypto_lib=libcrypto openssl=yes
AC_MSG_RESULT([libcrypto])
])
saved_LIB_des="$LIB_des"
for lres in "" "-lnsl -lsocket"; do
LIB_des="${saved_LIB_des} -lcrypto $lres"
LIB_des_a="$LIB_des"
LIB_des_so="$LIB_des"
LIB_des_appl="$LIB_des"
LIBS="${LIBS} ${LIB_des}"
AC_TRY_LINK(test_headers, test_body, [
crypto_lib=libcrypto openssl=yes
AC_MSG_RESULT([libcrypto])
])
if test "$crypto_lib" = libcrypto ; then
break;
fi
done
CFLAGS="$save_CFLAGS"
LIBS="$save_LIBS"
fi
@ -5171,7 +5227,7 @@ AC_SUBST(DBLIB)dnl
AC_SUBST(LIB_NDBM)dnl
])
dnl $Id: roken-frag.m4,v 1.44 2002/09/04 20:57:30 joda Exp $
dnl $Id: roken-frag.m4,v 1.45 2002/12/18 17:34:25 joda Exp $
dnl
dnl some code to get roken working
dnl
@ -5316,7 +5372,7 @@ AC_FIND_FUNC(res_nsearch, resolv,
#include <resolv.h>
#endif
],
[0,0,0,0,0])
[0,0,0,0,0,0])
AC_FIND_FUNC(dn_expand, resolv,
[
@ -6054,16 +6110,23 @@ sin6.sin6_addr = in6addr_loopback;
fi
fi
])
dnl $Id: check-var.m4,v 1.6 2001/08/21 12:00:16 joda Exp $
dnl $Id: check-var.m4,v 1.7 2003/02/17 00:44:57 lha Exp $
dnl
dnl rk_CHECK_VAR(variable, includes)
AC_DEFUN([rk_CHECK_VAR], [
AC_MSG_CHECKING(for $1)
AC_CACHE_VAL(ac_cv_var_$1, [
m4_ifval([$2],[
AC_TRY_LINK([$2
void * foo() { return &$1; }],
[foo()],
ac_cv_var_$1=yes, ac_cv_var_$1=no)])
if test "$ac_cv_var_$1" != yes ; then
AC_TRY_LINK([extern int $1;
int foo() { return $1; }],
[foo()],
ac_cv_var_$1=yes, ac_cv_var_$1=no)
fi
])
ac_foo=`eval echo \\$ac_cv_var_$1`
AC_MSG_RESULT($ac_foo)
@ -6076,6 +6139,7 @@ fi
AC_WARNING_ENABLE([obsolete])
AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo])
dnl $Id: check-declaration.m4,v 1.3 1999/03/01 13:03:08 joda Exp $
dnl
dnl
@ -6719,7 +6783,7 @@ AH_BOTTOM([
])
dnl
dnl $Id: sunos.m4,v 1.1.4.1 2002/10/21 14:29:36 joda Exp $
dnl $Id: sunos.m4,v 1.2 2002/10/16 14:42:13 joda Exp $
dnl
AC_DEFUN([rk_SUNOS],[
@ -7037,7 +7101,7 @@ AH_BOTTOM([
])
])
dnl $Id: check-compile-et.m4,v 1.6 2001/09/02 17:08:48 assar Exp $
dnl $Id: check-compile-et.m4,v 1.7 2003/03/12 16:48:52 lha Exp $
dnl
dnl CHECK_COMPILE_ET
AC_DEFUN([CHECK_COMPILE_ET], [
@ -7045,6 +7109,7 @@ AC_DEFUN([CHECK_COMPILE_ET], [
AC_CHECK_PROG(COMPILE_ET, compile_et, [compile_et])
krb_cv_compile_et="no"
krb_cv_com_err_need_r=""
if test "${COMPILE_ET}" = "compile_et"; then
dnl We have compile_et. Now let's see if it supports `prefix' and `index'.
@ -7073,6 +7138,20 @@ int main(){return (CONFTEST_CODE2 - CONFTEST_CODE1) != 127;}
], [krb_cv_compile_et="yes"],[CPPFLAGS="${save_CPPFLAGS}"])
fi
AC_MSG_RESULT(${krb_cv_compile_et})
if test "${krb_cv_compile_et}" = "yes"; then
AC_MSG_CHECKING(for if com_err needs to have a initialize_error_table_r)
save2_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS"
AC_EGREP_CPP(initialize_error_table_r,[#include "conftest_et.c"],
[krb_cv_com_err_need_r="initialize_error_table_r(0,0,0,0);"
CPPFLAGS="$save2_CPPFLAGS"],
[CPPFLAGS="${save_CPPFLAGS}"])
if test X"$krb_cv_com_err_need_r" = X ; then
AC_MSG_RESULT(no)
else
AC_MSG_RESULT(yes)
fi
fi
rm -fr conftest*
fi
@ -7084,6 +7163,7 @@ if test "${krb_cv_compile_et}" = "yes"; then
AC_TRY_LINK([#include <com_err.h>],[
const char *p;
p = error_message(0);
$krb_cv_com_err_need_r
],[krb_cv_com_err="yes"],[krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}"])
AC_MSG_RESULT(${krb_cv_com_err})
LIBS="${krb_cv_save_LIBS}"

23
crypto/heimdal/admin/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -268,10 +269,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign admin/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
sbinPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
install-sbinPROGRAMS: $(sbin_PROGRAMS)
@ -481,7 +482,9 @@ info: info-am
info-am:
install-data-am: install-data-local install-man
install-data-am: install-man
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am: install-sbinPROGRAMS
@$(NORMAL_INSTALL)
@ -510,10 +513,10 @@ uninstall-man: uninstall-man8
clean-generic clean-libtool clean-sbinPROGRAMS distclean \
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am info info-am install \
install-am install-data install-data-am install-data-local \
install-exec install-exec-am install-info install-info-am \
install-man install-man8 install-sbinPROGRAMS install-strip \
installcheck installcheck-am installdirs maintainer-clean \
install-am install-data install-data-am install-exec \
install-exec-am install-info install-info-am install-man \
install-man8 install-sbinPROGRAMS install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool tags uninstall \
uninstall-am uninstall-info-am uninstall-man uninstall-man8 \
@ -643,7 +646,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

101
crypto/heimdal/admin/change.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2001, 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,11 +33,11 @@
#include "ktutil_locl.h"
RCSID("$Id: change.c,v 1.4 2001/07/23 09:46:40 joda Exp $");
RCSID("$Id: change.c,v 1.5 2003/04/01 15:04:49 lha Exp $");
static void
change_entry (krb5_context context, krb5_keytab keytab,
krb5_keytab_entry *entry,
krb5_principal principal, krb5_kvno kvno,
const char *realm, const char *admin_server, int server_port)
{
krb5_error_code ret;
@ -48,7 +48,7 @@ change_entry (krb5_context context, krb5_keytab keytab,
int num_keys;
int i;
ret = krb5_unparse_name (context, entry->principal, &client_name);
ret = krb5_unparse_name (context, principal, &client_name);
if (ret) {
krb5_warn (context, ret, "krb5_unparse_name");
return;
@ -59,7 +59,7 @@ change_entry (krb5_context context, krb5_keytab keytab,
if(realm)
conf.realm = (char *)realm;
else
conf.realm = *krb5_princ_realm (context, entry->principal);
conf.realm = *krb5_princ_realm (context, principal);
conf.mask |= KADM5_CONFIG_REALM;
if (admin_server) {
@ -83,8 +83,7 @@ change_entry (krb5_context context, krb5_keytab keytab,
krb5_warn (context, ret, "kadm5_c_init_with_skey_ctx");
return;
}
ret = kadm5_randkey_principal (kadm_handle, entry->principal,
&keys, &num_keys);
ret = kadm5_randkey_principal (kadm_handle, principal, &keys, &num_keys);
kadm5_destroy (kadm_handle);
if (ret) {
krb5_warn(context, ret, "kadm5_randkey_principal");
@ -93,9 +92,9 @@ change_entry (krb5_context context, krb5_keytab keytab,
for (i = 0; i < num_keys; ++i) {
krb5_keytab_entry new_entry;
new_entry = *entry;
new_entry.principal = principal;
new_entry.timestamp = time (NULL);
++new_entry.vno;
new_entry.vno = kvno + 1;
new_entry.keyblock = keys[i];
ret = krb5_kt_add_entry (context, keytab, &new_entry);
@ -110,6 +109,11 @@ change_entry (krb5_context context, krb5_keytab keytab,
* their keys, writing the new keys
*/
struct change_set {
krb5_principal principal;
krb5_kvno kvno;
};
int
kt_change (int argc, char **argv)
{
@ -122,8 +126,8 @@ kt_change (int argc, char **argv)
int server_port = 0;
int help_flag = 0;
int optind = 0;
int j, max;
krb5_principal *princs;
int i, j, max;
struct change_set *changeset;
struct getargs args[] = {
{ "realm", 'r', arg_string, NULL,
@ -154,12 +158,8 @@ kt_change (int argc, char **argv)
return 1;
j = 0;
max = 10;
princs = malloc (max * sizeof(*princs));
if (princs == NULL) {
krb5_warnx (context, "malloc: out of memory");
goto out;
}
max = 0;
changeset = NULL;
ret = krb5_kt_start_seq_get(context, keytab, &cursor);
if(ret){
@ -168,20 +168,21 @@ kt_change (int argc, char **argv)
}
while((ret = krb5_kt_next_entry(context, keytab, &entry, &cursor)) == 0) {
int i;
int done = 0;
int add = 0;
for (i = 0; i < j; ++i)
if (krb5_principal_compare (context, princs[i],
entry.principal))
for (i = 0; i < j; ++i) {
if (krb5_principal_compare (context, changeset[i].principal,
entry.principal)) {
if (changeset[i].kvno < entry.vno)
changeset[i].kvno = entry.vno;
break;
}
}
if (i < j)
continue;
if (optind == argc) {
change_entry (context, keytab, &entry, realm, admin_server,
server_port);
done = 1;
add = 1;
} else {
for (i = optind; i < argc; ++i) {
krb5_principal princ;
@ -191,40 +192,64 @@ kt_change (int argc, char **argv)
krb5_warn (context, ret, "krb5_parse_name %s", argv[i]);
continue;
}
if (krb5_principal_compare (context, princ, entry.principal)) {
change_entry (context, keytab, &entry,
realm, admin_server, server_port);
done = 1;
}
if (krb5_principal_compare (context, princ, entry.principal))
add = 1;
krb5_free_principal (context, princ);
}
}
if (done) {
if (add) {
if (j >= max) {
void *tmp;
max *= 2;
tmp = realloc (princs, max * sizeof(*princs));
max = max(max * 2, 1);
tmp = realloc (changeset, max * sizeof(*changeset));
if (tmp == NULL) {
krb5_kt_free_entry (context, &entry);
krb5_warnx (context, "realloc: out of memory");
ret = ENOMEM;
break;
}
princs = tmp;
changeset = tmp;
}
ret = krb5_copy_principal (context, entry.principal, &princs[j]);
ret = krb5_copy_principal (context, entry.principal,
&changeset[j].principal);
if (ret) {
krb5_warn (context, ret, "krb5_copy_principal");
krb5_kt_free_entry (context, &entry);
break;
}
changeset[j].kvno = entry.vno;
++j;
}
krb5_kt_free_entry (context, &entry);
}
while (j-- > 0)
krb5_free_principal (context, princs[j]);
free (princs);
if (ret == KRB5_KT_END) {
for (i = 0; i < j; i++) {
if (verbose_flag) {
char *client_name;
ret = krb5_unparse_name (context, changeset[i].principal,
&client_name);
if (ret) {
krb5_warn (context, ret, "krb5_unparse_name");
} else {
printf("Changing %s kvno %d\n",
client_name, changeset[i].kvno);
free(client_name);
}
}
change_entry (context, keytab,
changeset[i].principal, changeset[i].kvno,
realm, admin_server, server_port);
}
}
for (i = 0; i < j; i++)
krb5_free_principal (context, changeset[i].principal);
free (changeset);
ret = krb5_kt_end_seq_get(context, keytab, &cursor);
out:
krb5_kt_close(context, keytab);

3
crypto/heimdal/admin/copy.c
View File

@ -33,7 +33,7 @@
#include "ktutil_locl.h"
RCSID("$Id: copy.c,v 1.8 2002/08/12 15:09:12 joda Exp $");
RCSID("$Id: copy.c,v 1.9 2003/01/16 18:59:03 lha Exp $");
static krb5_boolean
@ -144,7 +144,6 @@ kt_copy (int argc, char **argv)
int i = 0;
args[i++].value = &help_flag;
args[i++].value = &verbose_flag;
if(getarg(args, num_args, argc, argv, &optind)) {
arg_printusage(args, num_args, "ktutil copy",

16
crypto/heimdal/admin/get.c
View File

@ -33,7 +33,7 @@
#include "ktutil_locl.h"
RCSID("$Id: get.c,v 1.21 2001/10/29 12:53:52 nectar Exp $");
RCSID("$Id: get.c,v 1.22 2003/01/16 19:03:23 lha Exp $");
static void*
open_kadmin_connection(char *principal,
@ -89,7 +89,6 @@ kt_get(int argc, char **argv)
int server_port = 0;
int help_flag = 0;
int optind = 0;
int i, j;
struct getarg_strings etype_strs = {0, NULL};
krb5_enctype *etypes = NULL;
size_t netypes = 0;
@ -111,13 +110,14 @@ kt_get(int argc, char **argv)
},
{ "help", 'h', arg_flag, NULL }
};
int i = 0, j;
args[0].value = &principal;
args[1].value = &etype_strs;
args[2].value = &realm;
args[3].value = &admin_server;
args[4].value = &server_port;
args[5].value = &help_flag;
args[i++].value = &principal;
args[i++].value = &etype_strs;
args[i++].value = &realm;
args[i++].value = &admin_server;
args[i++].value = &server_port;
args[i++].value = &help_flag;
if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)
|| help_flag) {

48
crypto/heimdal/admin/ktutil.8
View File

@ -1,4 +1,35 @@
.\" $Id: ktutil.8,v 1.15 2002/08/20 17:07:00 joda Exp $
.\" Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. Neither the name of the Institute nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: ktutil.8,v 1.19 2003/04/08 20:55:10 lha Exp $
.\"
.Dd December 16, 2000
.Dt KTUTIL 8
@ -20,6 +51,15 @@
.Sh DESCRIPTION
.Nm
is a program for managing keytabs.
Supported options:
.Bl -tag -width Ds
.It Xo
.Fl v ,
.Fl -verbose
.Xc
Verbose output.
.El
.Pp
.Ar command
can be one of the following:
.Bl -tag -width srvconvert
@ -28,7 +68,7 @@ can be one of the following:
.Op Fl -principal= Ns Ar principal
.Op Fl V Ar kvno
.Op Fl -kvno= Ns Ar kvno
.Op Fl e Ar encype
.Op Fl e Ar enctype
.Op Fl -enctype= Ns Ar enctype
.Op Fl w Ar password
.Op Fl -password= Ns Ar password
@ -52,7 +92,7 @@ command, which talks to the kadmin server.
.Op Fl -server-port= Ns Ar port
.Xc
Update one or several keys to new versions. By default, use the admin
server for the realm of an keytab entry. Otherwise it will use the
server for the realm of a keytab entry. Otherwise it will use the
values specified by the options.
.Pp
If no principals are given, all the ones in the keytab are updated.
@ -101,7 +141,7 @@ List the keys stored in the keytab.
.Xc
Removes the specified key or keys. Not specifying a
.Ar kvno
removes keys with any version number. Not specifying a
removes keys with any version number. Not specifying an
.Ar enctype
removes keys of any type.
.It rename Xo

33
crypto/heimdal/appl/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -247,10 +248,10 @@ all: all-recursive
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
mostlyclean-libtool:
@ -448,7 +449,9 @@ info: info-recursive
info-am:
install-data-am: install-data-local
install-data-am:
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am:
@$(NORMAL_INSTALL)
@ -477,15 +480,15 @@ uninstall-info: uninstall-info-recursive
distclean distclean-generic distclean-libtool \
distclean-recursive distclean-tags distdir dvi dvi-am \
dvi-recursive info info-am info-recursive install install-am \
install-data install-data-am install-data-local \
install-data-recursive install-exec install-exec-am \
install-exec-recursive install-info install-info-am \
install-info-recursive install-man install-recursive \
install-strip installcheck installcheck-am installdirs \
installdirs-am installdirs-recursive maintainer-clean \
maintainer-clean-generic maintainer-clean-recursive mostlyclean \
mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \
tags tags-recursive uninstall uninstall-am uninstall-info-am \
install-data install-data-am install-data-recursive \
install-exec install-exec-am install-exec-recursive \
install-info install-info-am install-info-recursive install-man \
install-recursive install-strip installcheck installcheck-am \
installdirs installdirs-am installdirs-recursive \
maintainer-clean maintainer-clean-generic \
maintainer-clean-recursive mostlyclean mostlyclean-generic \
mostlyclean-libtool mostlyclean-recursive tags tags-recursive \
uninstall uninstall-am uninstall-info-am \
uninstall-info-recursive uninstall-recursive
@ -612,7 +615,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

33
crypto/heimdal/appl/afsutil/ChangeLog
View File

@ -1,3 +1,36 @@
2003-04-23 Love Hörnquist Åstrand <lha@it.su.se>
* afslog.c: 1.21->1.22: (log_func): drop the error number
2003-04-14 Love Hörnquist Åstrand <lha@it.su.se>
* afslog.c: set kafs log function if verbose is turned on
2003-03-18 Love Hörnquist Åstrand <lha@it.su.se>
* Makefile.am (LDADD): use LIB_kafs
* afslog.1: --no-v4, --no-v5
* Makefile.am: always build afsutils now
* afslog.c: make build without KRB4
2002-11-26 Johan Danielsson <joda@pdc.kth.se>
* afslog.c: remove plural form in help string
* Makefile.am: add afslog manpage
* afslog.1: manpage
* afslog.c: try more files when trying to expand a cell name
* afslog.c: create a list of cells to get tokens for, before
actually doing anything, and try to get tokens via krb4 if krb5
fails, and give it a chance to work with krb4-only; also some bug
fixes, partially from Tomas Olsson.
2002-08-23 Assar Westerlund <assar@kth.se>
* pagsh.c: make it handle --version/--help

9
crypto/heimdal/appl/afsutil/Makefile.am
View File

@ -1,18 +1,17 @@
# $Id: Makefile.am,v 1.12 2000/11/15 22:51:07 assar Exp $
# $Id: Makefile.am,v 1.15 2003/03/18 13:13:06 lha Exp $
include $(top_srcdir)/Makefile.am.common
INCLUDES += $(INCLUDE_krb4)
if KRB4
AFSPROGS = afslog pagsh
endif
bin_PROGRAMS = $(AFSPROGS)
bin_PROGRAMS = afslog pagsh
afslog_SOURCES = afslog.c
pagsh_SOURCES = pagsh.c
man_MANS = afslog.1
LDADD = $(LIB_kafs) \
$(LIB_krb4) \
$(top_builddir)/lib/krb5/libkrb5.la \

98
crypto/heimdal/appl/afsutil/Makefile.in
View File

@ -14,11 +14,11 @@
@SET_MAKE@
# $Id: Makefile.am,v 1.12 2000/11/15 22:51:07 assar Exp $
# $Id: Makefile.am,v 1.15 2003/03/18 13:13:06 lha Exp $
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -201,13 +202,14 @@ NROFF_MAN = groff -mandoc -Tascii
@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
@KRB4_TRUE@AFSPROGS = afslog pagsh
bin_PROGRAMS = $(AFSPROGS)
bin_PROGRAMS = afslog pagsh
afslog_SOURCES = afslog.c
pagsh_SOURCES = pagsh.c
man_MANS = afslog.1
LDADD = $(LIB_kafs) \
$(LIB_krb4) \
$(top_builddir)/lib/krb5/libkrb5.la \
@ -219,27 +221,22 @@ subdir = appl/afsutil
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = $(top_builddir)/include/config.h
CONFIG_CLEAN_FILES =
@KRB4_TRUE@bin_PROGRAMS = afslog$(EXEEXT) pagsh$(EXEEXT)
@KRB4_FALSE@bin_PROGRAMS =
bin_PROGRAMS = afslog$(EXEEXT) pagsh$(EXEEXT)
PROGRAMS = $(bin_PROGRAMS)
am_afslog_OBJECTS = afslog.$(OBJEXT)
afslog_OBJECTS = $(am_afslog_OBJECTS)
afslog_LDADD = $(LDADD)
@KRB4_TRUE@afslog_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
@KRB4_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@KRB4_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB4_FALSE@afslog_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB4_FALSE@ $(top_builddir)/lib/asn1/libasn1.la
afslog_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
$(top_builddir)/lib/krb5/libkrb5.la \
$(top_builddir)/lib/asn1/libasn1.la
afslog_LDFLAGS =
am_pagsh_OBJECTS = pagsh.$(OBJEXT)
pagsh_OBJECTS = $(am_pagsh_OBJECTS)
pagsh_LDADD = $(LDADD)
@KRB4_TRUE@pagsh_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
@KRB4_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@KRB4_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB4_FALSE@pagsh_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB4_FALSE@ $(top_builddir)/lib/asn1/libasn1.la
pagsh_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
$(top_builddir)/lib/krb5/libkrb5.la \
$(top_builddir)/lib/asn1/libasn1.la
pagsh_LDFLAGS =
DEFS = @DEFS@
@ -258,6 +255,7 @@ LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) -o $@
CFLAGS = @CFLAGS@
DIST_SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES)
MANS = $(man_MANS)
DIST_COMMON = ChangeLog Makefile.am Makefile.in
SOURCES = $(afslog_SOURCES) $(pagsh_SOURCES)
@ -265,10 +263,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/afsutil/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
install-binPROGRAMS: $(bin_PROGRAMS)
@ -329,6 +327,45 @@ distclean-libtool:
-rm -f libtool
uninstall-info-am:
man1dir = $(mandir)/man1
install-man1: $(man1_MANS) $(man_MANS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(man1dir)
@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
case "$$i" in \
*.1*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
else file=$$i; fi; \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
$(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
done
uninstall-man1:
@$(NORMAL_UNINSTALL)
@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
case "$$i" in \
*.1*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
rm -f $(DESTDIR)$(man1dir)/$$inst; \
done
ETAGS = etags
ETAGSFLAGS =
@ -396,10 +433,10 @@ distdir: $(DISTFILES)
check-am: all-am
$(MAKE) $(AM_MAKEFLAGS) check-local
check: check-am
all-am: Makefile $(PROGRAMS) all-local
all-am: Makefile $(PROGRAMS) $(MANS) all-local
installdirs:
$(mkinstalldirs) $(DESTDIR)$(bindir)
$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir)
install: install-am
install-exec: install-exec-am
@ -442,7 +479,9 @@ info: info-am
info-am:
install-data-am: install-data-local
install-data-am: install-man
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am: install-binPROGRAMS
@$(NORMAL_INSTALL)
@ -450,7 +489,7 @@ install-exec-am: install-binPROGRAMS
install-info: install-info-am
install-man:
install-man: install-man1
installcheck-am:
@ -463,19 +502,22 @@ mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool
uninstall-am: uninstall-binPROGRAMS uninstall-info-am
uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
uninstall-man: uninstall-man1
.PHONY: GTAGS all all-am all-local check check-am check-local clean \
clean-binPROGRAMS clean-generic clean-libtool distclean \
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am info info-am install \
install-am install-binPROGRAMS install-data install-data-am \
install-data-local install-exec install-exec-am install-info \
install-info-am install-man install-strip installcheck \
install-exec install-exec-am install-info install-info-am \
install-man install-man1 install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool tags uninstall \
uninstall-am uninstall-binPROGRAMS uninstall-info-am
uninstall-am uninstall-binPROGRAMS uninstall-info-am \
uninstall-man uninstall-man1
install-suid-programs:
@ -601,7 +643,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

137
crypto/heimdal/appl/afsutil/afslog.1 Normal file
View File

@ -0,0 +1,137 @@
.\" Copyright (c) 2002 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. Neither the name of the Institute nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: afslog.1,v 1.3 2003/03/18 04:29:34 lha Exp $
.\"
.Dd November 26, 2002
.Dt AFSLOG 1
.Os HEIMDAL
.Sh NAME
.Nm afslog
.Nd
obtain AFS tokens
.Sh SYNOPSIS
.Nm
.Oo Fl c Ar cell \*(Ba Xo
.Fl -cell= Ns Ar cell
.Xc
.Oc
.Oo Fl p Ar path \*(Ba Xo
.Fl -file= Ns Ar path
.Xc
.Oc
.Oo Fl k Ar realm \*(Ba Xo
.Fl -realm= Ns Ar realm
.Xc
.Oc
.Op Fl -no-v4
.Op Fl -no-v5
.Op Fl u | Fl -unlog
.Op Fl v | Fl -verbose
.Op Fl -version
.Op Fl h | Fl -help
.Op Ar cell | path ...
.Sh DESCRIPTION
.Nm
obtains AFS tokens for a number of cells. What cells to get tokens for
can either be specified as an explicit list, as file paths to get
tokens for, or be left unspecified, in which case
.Nm
will use whatever magic
.Xr krb_afslog 3
decides upon.
.Pp
Supported options:
.Bl -tag -width Ds
.It Xo
.Fl c Ar cell,
.Fl -cell= Ns Ar cell
.Xc
This specified one or more cell names to get tokens for.
.It Xo
.Fl p Ar path ,
.Fl -file= Ns Ar path
.Xc
This specified one or more file paths for which tokens should be
obtained.
.It Xo
.Fl k Ar realm ,
.Fl -realm= Ns Ar realm
.Xc
This is the Kerberos realm the AFS servers live in, this should
normally not be specified.
.It Fl -no-v4
This makes
.Nm
not try using Kerberos 4.
.It Fl -no-v5
This makes
.Nm
not try using Kerberos 5.
.It Xo
.Fl u ,
.Fl -unlog
.Xc
Destroy tokens instead of obtaining new. If this is specified, all
other options are ignored (except for
.Fl -help
and
.Fl -version ) .
.It Xo
.Fl v ,
.Fl -verbose
.Xc
Adds more verbosity for what is actually going on.
.El
Instead of using
.Fl c
and
.Fl p ,
you may also pass a list of cells and file paths after any other
options. These arguments are considered files if they are either
the strings
.Do . Dc
or
.Dq ..
or they contain a slash, or if there exists a file by that name.
.Sh EXAMPLES
Assuming that there is no file called
.Dq openafs.org
in the current directory, and that
.Pa /afs/openafs.org
points to that cell, the follwing should be identical:
.Bd -literal -offset indent
$ afslog -c openafs.org
$ afslog openafs.org
$ afslog /afs/openafs.org/some/file
.Ed
.Sh SEE ALSO
.Xr krb_afslog 3

210
crypto/heimdal/appl/afsutil/afslog.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,10 +33,15 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: afslog.c,v 1.16 2001/05/16 22:10:15 assar Exp $");
RCSID("$Id: afslog.c,v 1.21.2.1 2003/04/23 18:04:26 lha Exp $");
#endif
#include <ctype.h>
#ifdef KRB5
#include <krb5.h>
#endif
#ifdef KRB4
#include <krb.h>
#endif
#include <kafs.h>
#include <roken.h>
#include <getarg.h>
@ -52,12 +57,24 @@ static char *realm;
static getarg_strings files;
static int unlog_flag;
static int verbose;
#ifdef KRB4
static int use_krb4 = 1;
#endif
#ifdef KRB5
static int use_krb5 = 1;
#endif
struct getargs args[] = {
{ "cell", 'c', arg_strings, &cells, "cells to get tokens for", "cells" },
{ "file", 'p', arg_strings, &files, "files to get tokens for", "paths" },
{ "cell", 'c', arg_strings, &cells, "cells to get tokens for", "cell" },
{ "file", 'p', arg_strings, &files, "files to get tokens for", "path" },
{ "realm", 'k', arg_string, &realm, "realm for afs cell", "realm" },
{ "unlog", 'u', arg_flag, &unlog_flag, "remove tokens" },
#ifdef KRB4
{ "v4", 0, arg_negative_flag, &use_krb4, "use Kerberos 4" },
#endif
#ifdef KRB5
{ "v5", 0, arg_negative_flag, &use_krb5, "use Kerberos 5" },
#endif
#if 0
{ "create-user", 0, arg_flag, &create_user, "create user if not found" },
#endif
@ -68,29 +85,49 @@ struct getargs args[] = {
static int num_args = sizeof(args) / sizeof(args[0]);
#ifdef KRB5
krb5_context context;
krb5_ccache id;
#endif
static const char *
expand_one_file(FILE *f, const char *cell)
{
static char buf[1024];
char *p;
while (fgets (buf, sizeof(buf), f) != NULL) {
if(buf[0] == '>') {
for(p = buf; *p && !isspace((unsigned char)*p) && *p != '#'; p++)
;
*p = '\0';
if(strncmp(buf + 1, cell, strlen(cell)) == 0)
return buf + 1;
}
buf[0] = '\0';
}
return NULL;
}
static const char *
expand_cell_name(const char *cell)
{
FILE *f;
static char buf[128];
char *p;
f = fopen(_PATH_CELLSERVDB, "r");
if(f == NULL)
return cell;
while (fgets (buf, sizeof(buf), f) != NULL) {
if(buf[0] == '>'){
for(p=buf; *p && !isspace((unsigned char)*p) && *p != '#'; p++)
;
*p = '\0';
if(strstr(buf, cell)){
fclose(f);
return buf + 1;
}
}
buf[0] = 0;
const char *c;
const char **fn, *files[] = { _PATH_CELLSERVDB,
_PATH_ARLA_CELLSERVDB,
_PATH_OPENAFS_DEBIAN_CELLSERVDB,
_PATH_ARLA_DEBIAN_CELLSERVDB,
NULL };
for(fn = files; *fn; fn++) {
f = fopen(*fn, "r");
if(f == NULL)
continue;
c = expand_one_file(f, cell);
fclose(f);
if(c)
return c;
}
fclose(f);
return cell;
}
@ -134,50 +171,109 @@ createuser (char *cell)
static void
usage(int ecode)
{
arg_printusage(args, num_args, NULL, "[cell]... [path]...");
arg_printusage(args, num_args, NULL, "[cell|path]...");
exit(ecode);
}
struct cell_list {
char *cell;
struct cell_list *next;
} *cell_list;
static int
afslog_cell(krb5_context context, krb5_ccache id,
const char *cell, int expand)
afslog_cell(const char *cell, int expand)
{
struct cell_list *p, **q;
const char *c = cell;
if(expand){
c = expand_cell_name(cell);
if(c == NULL){
krb5_warnx(context, "No cell matching \"%s\" found.", cell);
warnx("No cell matching \"%s\" found.", cell);
return -1;
}
if(verbose)
krb5_warnx(context, "Cell \"%s\" expanded to \"%s\"", cell, c);
if(verbose && strcmp(c, cell) != 0)
warnx("Cell \"%s\" expanded to \"%s\"", cell, c);
}
return krb5_afslog(context, id, c, realm);
/* add to list of cells to get tokens for, and also remove
duplicates; the actual afslog takes place later */
for(p = cell_list, q = &cell_list; p; q = &p->next, p = p->next)
if(strcmp(p->cell, c) == 0)
return 0;
p = malloc(sizeof(*p));
if(p == NULL)
return -1;
p->cell = strdup(c);
if(p->cell == NULL) {
free(p);
return -1;
}
p->next = NULL;
*q = p;
return 0;
}
static int
afslog_file(krb5_context context, krb5_ccache id,
const char *path)
afslog_file(const char *path)
{
char cell[64];
if(k_afs_cell_of_file(path, cell, sizeof(cell))){
krb5_warnx(context, "No cell found for file \"%s\".", path);
warnx("No cell found for file \"%s\".", path);
return -1;
}
if(verbose)
krb5_warnx(context, "File \"%s\" lives in cell \"%s\"", path, cell);
return afslog_cell(context, id, cell, 0);
warnx("File \"%s\" lives in cell \"%s\"", path, cell);
return afslog_cell(cell, 0);
}
static int
do_afslog(const char *cell)
{
int k5ret, k4ret;
k5ret = k4ret = 0;
#ifdef KRB5
if(context != NULL && id != NULL && use_krb5) {
k5ret = krb5_afslog(context, id, cell, NULL);
if(k5ret == 0)
return 0;
}
#endif
#if KRB4
if (use_krb4) {
k4ret = krb_afslog(cell, NULL);
if(k4ret == 0)
return 0;
}
#endif
#ifdef KRB5
if (k5ret)
warnx("krb5_afslog(%s): %s", cell, krb5_get_err_text(context, k5ret));
#endif
#ifdef KRB4
if (k4ret)
warnx("krb_afslog(%s): %s", cell, krb_get_err_text(k4ret));
#endif
if (k5ret || k4ret)
return 1;
return 0;
}
static void
log_func(void *ctx, const char *str)
{
fprintf(stderr, "%s\n", str);
}
int
main(int argc, char **argv)
{
int optind = 0;
krb5_context context;
krb5_ccache id;
int i;
int num;
int ret = 0;
int failed = 0;
struct cell_list *p;
setprogname(argv[0]);
@ -190,42 +286,56 @@ main(int argc, char **argv)
exit(0);
}
ret = krb5_init_context(&context);
if (ret)
errx (1, "krb5_init_context failed: %d", ret);
if(!k_hasafs())
krb5_errx(context, 1,
"AFS doesn't seem to be present on this machine");
errx(1, "AFS does not seem to be present on this machine");
if(unlog_flag){
k_unlog();
exit(0);
}
krb5_cc_default(context, &id);
#ifdef KRB5
ret = krb5_init_context(&context);
if (ret)
context = NULL;
else
if(krb5_cc_default(context, &id) != 0)
id = NULL;
#endif
if (verbose)
kafs_set_verbose(log_func, NULL);
num = 0;
for(i = 0; i < files.num_strings; i++){
afslog_file(context, id, files.strings[i]);
afslog_file(files.strings[i]);
num++;
free_getarg_strings (&files);
}
free_getarg_strings (&files);
for(i = 0; i < cells.num_strings; i++){
afslog_cell(context, id, cells.strings[i], 1);
afslog_cell(cells.strings[i], 1);
num++;
free_getarg_strings (&cells);
}
free_getarg_strings (&cells);
for(i = optind; i < argc; i++){
num++;
if(strcmp(argv[i], ".") == 0 ||
strcmp(argv[i], "..") == 0 ||
strchr(argv[i], '/') ||
access(argv[i], F_OK) == 0)
afslog_file(context, id, argv[i]);
afslog_file(argv[i]);
else
afslog_cell(context, id, argv[i], 1);
afslog_cell(argv[i], 1);
}
if(num == 0) {
krb5_afslog(context, id, NULL, NULL);
if(do_afslog(NULL))
failed++;
} else
for(p = cell_list; p; p = p->next) {
if(verbose)
warnx("Getting tokens for cell \"%s\"", p->cell);
if(do_afslog(p->cell))
failed++;
}
return ret;
return failed;
}

56
crypto/heimdal/appl/ftp/ChangeLog
View File

@ -1,6 +1,58 @@
2002-10-21 Johan Danielsson <joda@pdc.kth.se>
2003-04-16 Love Hörnquist Åstrand <lha@it.su.se>
* ftp/ftp.c: pull up 1.75; fix parsing of epsv ports
* ftpd/ftpd.c: make sure argument to is* functions are unsigned
2003-04-06 Love Hörnquist Åstrand <lha@it.su.se>
* ftpd/ftpd.8: s/kerberos/Kerberos/
2003-03-23 Assar Westerlund <assar@kth.se>
* ftpd/pathnames.h (_PATH_FTPUSERS): conditionalize
2003-03-18 Love Hörnquist Åstrand <lha@it.su.se>
* ftpd/ftpd.c (krb5_verify): always do krb5_afslog, remove setpag
(its done in main)
* ftpd/gss_userok.c: drop setpag
* ftpd/ftpd.c (main): set afs PAG
* ftpd/gss_userok.c: always try krb5_afslog, and while here do a
setpag too
* ftpd/ftpd_locl.h: always include kafs
2003-03-16 Love Hörnquist Åstrand <lha@it.su.se>
* ftp/gssapi.c (gss_adat): now that gss_export_name exports a
principal, bandaid with gss_display_name, and check that oid is
GSS_KRB5_NT_PRINCIPAL_NAME, also free memory
2003-02-25 Love Hörnquist Åstrand <lha@it.su.se>
* ftp/gssapi.c (gss_auth): print out the name we authenticated too
2003-02-25 Love Hörnquist Åstrand <lha@it.su.se>
* ftpd/ls.c: use readlink with bufsize - 1, From NetBSD
* ftp/ftp.1: s/utilizes/uses/ from NetBSD
* ftpd/ftpd.8: s/utilize/use/ from NetBSD
2003-02-10 Assar Westerlund <assar@kth.se>
* ftpd/ftpd.c (accept_with_timeout): use socklen_t
2002-10-29 Johan Danielsson <joda@pdc.kth.se>
* ftp/main.c: reinstate -n flag (from Torbjörn Granlund)
2002-10-16 Johan Danielsson <joda@pdc.kth.se>
* ftp/ftp.c: fix parsing of epsv ports (from Love)
2002-09-05 Johan Danielsson <joda@pdc.kth.se>

33
crypto/heimdal/appl/ftp/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -228,10 +229,10 @@ all: all-recursive
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/ftp/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
mostlyclean-libtool:
@ -429,7 +430,9 @@ info: info-recursive
info-am:
install-data-am: install-data-local
install-data-am:
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am:
@$(NORMAL_INSTALL)
@ -458,15 +461,15 @@ uninstall-info: uninstall-info-recursive
distclean distclean-generic distclean-libtool \
distclean-recursive distclean-tags distdir dvi dvi-am \
dvi-recursive info info-am info-recursive install install-am \
install-data install-data-am install-data-local \
install-data-recursive install-exec install-exec-am \
install-exec-recursive install-info install-info-am \
install-info-recursive install-man install-recursive \
install-strip installcheck installcheck-am installdirs \
installdirs-am installdirs-recursive maintainer-clean \
maintainer-clean-generic maintainer-clean-recursive mostlyclean \
mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \
tags tags-recursive uninstall uninstall-am uninstall-info-am \
install-data install-data-am install-data-recursive \
install-exec install-exec-am install-exec-recursive \
install-info install-info-am install-info-recursive install-man \
install-recursive install-strip installcheck installcheck-am \
installdirs installdirs-am installdirs-recursive \
maintainer-clean maintainer-clean-generic \
maintainer-clean-recursive mostlyclean mostlyclean-generic \
mostlyclean-libtool mostlyclean-recursive tags tags-recursive \
uninstall uninstall-am uninstall-info-am \
uninstall-info-recursive uninstall-recursive
@ -593,7 +596,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

28
crypto/heimdal/appl/ftp/common/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -242,10 +243,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/ftp/common/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
AR = ar
@ -395,7 +396,9 @@ info: info-am
info-am:
install-data-am: install-data-local
install-data-am:
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am:
@$(NORMAL_INSTALL)
@ -422,13 +425,12 @@ uninstall-am: uninstall-info-am
clean-generic clean-libtool clean-noinstLIBRARIES distclean \
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am info info-am install \
install-am install-data install-data-am install-data-local \
install-exec install-exec-am install-info install-info-am \
install-man install-strip installcheck installcheck-am \
installdirs maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool tags uninstall uninstall-am \
uninstall-info-am
install-am install-data install-data-am install-exec \
install-exec-am install-info install-info-am install-man \
install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
tags uninstall uninstall-am uninstall-info-am
install-suid-programs:
@ -554,7 +556,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

21
crypto/heimdal/appl/ftp/ftp/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -285,10 +286,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/ftp/ftp/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
install-binPROGRAMS: $(bin_PROGRAMS)
@ -498,7 +499,9 @@ info: info-am
info-am:
install-data-am: install-data-local install-man
install-data-am: install-man
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am: install-binPROGRAMS
@$(NORMAL_INSTALL)
@ -528,9 +531,9 @@ uninstall-man: uninstall-man1
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am info info-am install \
install-am install-binPROGRAMS install-data install-data-am \
install-data-local install-exec install-exec-am install-info \
install-info-am install-man install-man1 install-strip \
installcheck installcheck-am installdirs maintainer-clean \
install-exec install-exec-am install-info install-info-am \
install-man install-man1 install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool tags uninstall \
uninstall-am uninstall-binPROGRAMS uninstall-info-am \
@ -660,7 +663,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

2
crypto/heimdal/appl/ftp/ftp/ftp.1
View File

@ -1163,7 +1163,7 @@ auto-login process.
.El
.Sh ENVIRONMENT
.Nm Ftp
utilizes the following environment variables.
uses the following environment variables.
.Bl -tag -width Fl
.It Ev HOME
For default location of a

2
crypto/heimdal/appl/ftp/ftp/ftp.c
View File

@ -32,7 +32,7 @@
*/
#include "ftp_locl.h"
RCSID ("$Id: ftp.c,v 1.74.4.1 2002/10/21 14:26:31 joda Exp $");
RCSID ("$Id: ftp.c,v 1.75 2002/10/16 15:46:43 joda Exp $");
struct sockaddr_storage hisctladdr_ss;
struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss;

47
crypto/heimdal/appl/ftp/ftp/gssapi.c
View File

@ -39,7 +39,7 @@
#include <gssapi.h>
#include <krb5_err.h>
RCSID("$Id: gssapi.c,v 1.20 2002/09/04 22:00:50 joda Exp $");
RCSID("$Id: gssapi.c,v 1.22 2003/03/16 19:40:18 lha Exp $");
struct gss_data {
gss_ctx_id_t context_hdl;
@ -214,18 +214,28 @@ gss_adat(void *app_data, void *buf, size_t len)
if(maj_stat == GSS_S_COMPLETE){
char *name;
gss_buffer_desc export_name;
maj_stat = gss_export_name(&min_stat, client_name, &export_name);
gss_OID oid;
maj_stat = gss_display_name(&min_stat, client_name,
&export_name, &oid);
if(maj_stat != 0) {
reply(500, "Error exporting name");
reply(500, "Error displaying name");
goto out;
}
/* XXX kerberos */
if(oid != GSS_KRB5_NT_PRINCIPAL_NAME) {
reply(500, "OID not kerberos principal name");
gss_release_buffer(&min_stat, &export_name);
goto out;
}
name = realloc(export_name.value, export_name.length + 1);
if(name == NULL) {
reply(500, "Out of memory");
free(export_name.value);
gss_release_buffer(&min_stat, &export_name);
goto out;
}
name[export_name.length] = '\0';
gss_release_buffer(&min_stat, &export_name);
d->client_name = name;
if(p)
reply(235, "ADAT=%s", p);
@ -423,6 +433,35 @@ gss_auth(void *app_data, char *host)
context_established = 1;
}
}
{
gss_name_t targ_name;
maj_stat = gss_inquire_context(&min_stat,
d->context_hdl,
NULL,
&targ_name,
NULL,
NULL,
NULL,
NULL,
NULL);
if (GSS_ERROR(maj_stat) == 0) {
gss_buffer_desc name;
maj_stat = gss_display_name (&min_stat,
targ_name,
&name,
NULL);
if (GSS_ERROR(maj_stat) == 0) {
printf("Authenticated to <%s>\n", (char *)name.value);
gss_release_buffer(&min_stat, &name);
}
gss_release_name(&min_stat, &targ_name);
} else
printf("Failed to get gss name of peer.\n");
}
return AUTH_OK;
}

4
crypto/heimdal/appl/ftp/ftp/main.c
View File

@ -38,7 +38,7 @@
#include "ftp_locl.h"
#include <getarg.h>
RCSID("$Id: main.c,v 1.32 2002/08/23 19:11:03 assar Exp $");
RCSID("$Id: main.c,v 1.33 2002/10/29 09:47:51 joda Exp $");
static int help_flag;
static int version_flag;
@ -53,6 +53,8 @@ struct getargs getargs[] = {
"Turn off interactive prompting", NULL},
{ NULL, 'l', arg_negative_flag, &lineedit,
"Turn off line editing", NULL},
{ NULL, 'n', arg_negative_flag, &autologin,
"Turn off auto-login", NULL},
{ NULL, 'p', arg_flag, &passivemode,
"passive mode", NULL},
{ NULL, 't', arg_counter, &trace,

38
crypto/heimdal/appl/ftp/ftpd/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -251,18 +252,13 @@ am_ftpd_OBJECTS = ftpcmd.$(OBJEXT) ftpd.$(OBJEXT) logwtmp.$(OBJEXT) \
$(am__objects_1) $(am__objects_2)
ftpd_OBJECTS = $(am_ftpd_OBJECTS)
ftpd_LDADD = $(LDADD)
@KRB4_FALSE@@KRB5_TRUE@ftpd_DEPENDENCIES = ../common/libcommon.a \
@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/gssapi/libgssapi.la \
@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB4_FALSE@@KRB5_FALSE@ftpd_DEPENDENCIES = ../common/libcommon.a
@KRB4_TRUE@@KRB5_TRUE@ftpd_DEPENDENCIES = ../common/libcommon.a \
@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/gssapi/libgssapi.la \
@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \
@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la
@KRB4_TRUE@@KRB5_FALSE@ftpd_DEPENDENCIES = ../common/libcommon.a \
@KRB4_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la
@KRB5_TRUE@ftpd_DEPENDENCIES = ../common/libcommon.a \
@KRB5_TRUE@ $(top_builddir)/lib/gssapi/libgssapi.la \
@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \
@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la
@KRB5_FALSE@ftpd_DEPENDENCIES = ../common/libcommon.a \
@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la
ftpd_LDFLAGS =
DEFS = @DEFS@
@ -291,10 +287,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj .y
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/ftp/ftpd/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
install-libexecPROGRAMS: $(libexec_PROGRAMS)
@ -565,7 +561,9 @@ info: info-am
info-am:
install-data-am: install-data-local install-man
install-data-am: install-man
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am: install-libexecPROGRAMS
@$(NORMAL_INSTALL)
@ -594,8 +592,8 @@ uninstall-man: uninstall-man5 uninstall-man8
clean-generic clean-libexecPROGRAMS clean-libtool distclean \
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am info info-am install \
install-am install-data install-data-am install-data-local \
install-exec install-exec-am install-info install-info-am \
install-am install-data install-data-am install-exec \
install-exec-am install-info install-info-am \
install-libexecPROGRAMS install-man install-man5 install-man8 \
install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
@ -728,7 +726,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

4
crypto/heimdal/appl/ftp/ftpd/ftpd.8
View File

@ -269,7 +269,7 @@ interprets file names according to the
.Dq globbing
conventions used by
.Xr csh 1 .
This allows users to utilize the metacharacters
This allows users to use the metacharacters
.Dq Li \&*?[]{}~ .
.Pp
.Nm Ftpd
@ -281,7 +281,7 @@ If Kerberos authentication is used, the user must pass valid tickets
and the principal must be allowed to login as the remote user.
.It
The login name must be in the password data base, and not have a null
password (if kerberos is used the password field is not checked). In
password (if Kerberos is used the password field is not checked). In
this case a password must be provided by the client before any file
operations may be performed. If the user has an OTP key, the response
from a successful USER command will include an OTP challenge. The

13
crypto/heimdal/appl/ftp/ftpd/ftpd.c
View File

@ -38,7 +38,7 @@
#endif
#include "getarg.h"
RCSID("$Id: ftpd.c,v 1.161 2002/02/28 15:50:14 joda Exp $");
RCSID("$Id: ftpd.c,v 1.166 2003/04/16 15:02:05 lha Exp $");
static char version[] = "Version 6.00";
@ -322,7 +322,7 @@ main(int argc, char **argv)
if(sp)
port = sp->s_port;
else
if(isdigit(port_string[0]))
if(isdigit((unsigned char)port_string[0]))
port = htons(atoi(port_string));
else
warnx("bad value for -p");
@ -871,12 +871,9 @@ krb5_verify(struct passwd *pwd, char *passwd)
1,
NULL);
krb5_free_principal(context, princ);
#ifdef KRB4
if (k_hasafs()) {
k_setpag();
krb5_afslog_uid_home(context, id,NULL, NULL,pwd->pw_uid, pwd->pw_dir);
}
#endif /* KRB4 */
krb5_cc_destroy(context, id);
krb5_free_context (context);
if(ret)
@ -1106,9 +1103,9 @@ retrieve(const char *cmd, char *name)
int
filename_check(char *filename)
{
char *p;
unsigned char *p;
p = strrchr(filename, '/');
p = (unsigned char *)strrchr(filename, '/');
if(p)
filename = p + 1;
@ -1248,7 +1245,7 @@ getdatasock(const char *mode)
static int
accept_with_timeout(int socket,
struct sockaddr *address,
size_t *address_len,
socklen_t *address_len,
struct timeval *timeout)
{
int ret;

5
crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h
View File

@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: ftpd_locl.h,v 1.12 2000/09/19 13:16:44 assar Exp $ */
/* $Id: ftpd_locl.h,v 1.13 2003/03/18 13:37:13 lha Exp $ */
#ifndef __ftpd_locl_h__
#define __ftpd_locl_h__
@ -148,6 +148,9 @@
#ifdef KRB4
#include <krb.h>
#endif
#if defined(KRB4) || defined(KRB5)
#include <kafs.h>
#endif

6
crypto/heimdal/appl/ftp/ftpd/gss_userok.c
View File

@ -35,7 +35,7 @@
#include <gssapi.h>
#include <krb5.h>
RCSID("$Id: gss_userok.c,v 1.8 2001/08/05 06:38:57 assar Exp $");
RCSID("$Id: gss_userok.c,v 1.10 2003/03/18 13:56:35 lha Exp $");
/* XXX a bit too much of krb5 dependency here...
What is the correct way to do this?
@ -103,11 +103,9 @@ gss_userok(void *app_data, char *username)
chown (ticketfile+5, pw->pw_uid, pw->pw_gid);
#ifdef KRB4
if (k_hasafs()) {
krb5_afslog(gssapi_krb5_context, ccache, 0, 0);
krb5_afslog(gssapi_krb5_context, ccache, 0, 0);
}
#endif
esetenv ("KRB5CCNAME", ticketfile, 1);
fail:

4
crypto/heimdal/appl/ftp/ftpd/ls.c
View File

@ -33,7 +33,7 @@
#ifndef TEST
#include "ftpd_locl.h"
RCSID("$Id: ls.c,v 1.25 2002/08/22 08:31:03 joda Exp $");
RCSID("$Id: ls.c,v 1.26 2003/02/25 10:51:30 lha Exp $");
#else
#include <stdio.h>
@ -268,7 +268,7 @@ make_fileinfo(FILE *out, const char *filename, struct fileinfo *file, int flags)
}
if(S_ISLNK(st->st_mode)) {
int n;
n = readlink((char *)filename, buf, sizeof(buf));
n = readlink((char *)filename, buf, sizeof(buf) - 1);
if(n >= 0) {
buf[n] = '\0';
file->link = strdup(buf);

3
crypto/heimdal/appl/ftp/ftpd/pathnames.h
View File

@ -49,7 +49,10 @@
#define _PATH_BSHELL "/bin/sh"
#endif
#ifndef _PATH_FTPUSERS
#define _PATH_FTPUSERS SYSCONFDIR "/ftpusers"
#endif
#define _PATH_FTPCHROOT SYSCONFDIR "/ftpchroot"
#define _PATH_FTPWELCOME SYSCONFDIR "/ftpwelcome"
#define _PATH_FTPLOGINMESG SYSCONFDIR "/motd"

23
crypto/heimdal/appl/kf/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -261,10 +262,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/kf/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
install-binPROGRAMS: $(bin_PROGRAMS)
@ -544,7 +545,9 @@ info: info-am
info-am:
install-data-am: install-data-local install-man
install-data-am: install-man
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
@$(NORMAL_INSTALL)
@ -575,10 +578,10 @@ uninstall-man: uninstall-man1 uninstall-man8
clean-libtool distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am info \
info-am install install-am install-binPROGRAMS install-data \
install-data-am install-data-local install-exec install-exec-am \
install-info install-info-am install-libexecPROGRAMS \
install-man install-man1 install-man8 install-strip \
installcheck installcheck-am installdirs maintainer-clean \
install-data-am install-exec install-exec-am install-info \
install-info-am install-libexecPROGRAMS install-man \
install-man1 install-man8 install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool tags uninstall \
uninstall-am uninstall-binPROGRAMS uninstall-info-am \
@ -709,7 +712,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

46
crypto/heimdal/appl/kf/kf.1
View File

@ -1,14 +1,42 @@
.\" Things to fix:
.\" * correct section, and operating system
.\" * remove Op from mandatory flags
.\" * use better macros for arguments (like .Pa for files)
.\" Copyright (c) 2000 - 2001 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. Neither the name of the Institute nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: kf.1,v 1.6 2003/04/11 12:43:57 lha Exp $
.\"
.Dd July 2, 2000
.Dt KF 1
.Os Heimdal
.Sh NAME
.Nm kf
.Nd securly forward tickets
.Nd securely forward tickets
.Sh SYNOPSIS
.Nm
.Oo
@ -31,7 +59,7 @@
.Sh DESCRIPTION
The
.Nm
program forwards tickets to a remove host through an authenticated
program forwards tickets to a remote host through an authenticated
and encrypted stream.
Options supported are:
.Bl -tag -width indent
@ -60,16 +88,16 @@ do not forward forwardable credentials
.Pp
.Nm
is useful when you do not want to enter your password on a remote host
but want to have your tickets one for example afs.
but want to have your tickets one for example AFS.
.Pp
In order for
.Nm
to work you will need to acquire your initial ticket with forwardable
flag, ie
flag, i.e.
.Nm kinit Fl -forwardable .
.Pp
.Nm telnet
is able to forward ticket by itself.
is able to forward tickets by itself.
.\".Sh ENVIRONMENT
.\".Sh FILES
.\".Sh EXAMPLES

36
crypto/heimdal/appl/kf/kfd.8
View File

@ -1,7 +1,35 @@
.\" Things to fix:
.\" * correct section, and operating system
.\" * remove Op from mandatory flags
.\" * use better macros for arguments (like .Pa for files)
.\" Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. Neither the name of the Institute nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: kfd.8,v 1.4 2003/02/16 21:10:05 lha Exp $
.\"
.Dd July 2, 2000
.Dt KFD 8

6
crypto/heimdal/appl/kf/kfd.c
View File

@ -32,7 +32,7 @@
*/
#include "kf_locl.h"
RCSID("$Id: kfd.c,v 1.10 2002/09/04 20:31:48 joda Exp $");
RCSID("$Id: kfd.c,v 1.11 2003/04/16 15:40:24 lha Exp $");
krb5_context context;
char krb5_tkfile[MAXPATHLEN];
@ -260,10 +260,10 @@ proto (int sock, const char *service)
(char *)(remotename.data),ccname);
out:
if (status) {
strcpy(ret_string, "no");
strlcpy(ret_string, "no", sizeof(ret_string));
krb5_warnx(context, "failed");
} else {
strcpy(ret_string, "ok");
strlcpy(ret_string, "ok", sizeof(ret_string));
}
krb5_data_free (&tk_file);

15
crypto/heimdal/appl/login/ChangeLog
View File

@ -1,3 +1,18 @@
2003-03-24 Johan Danielsson <joda@pdc.kth.se>
* Makefile.am: install man pages
* login.1: manpage for login
* login.c: allow "welcome" as well as "motd" in login.conf
* login.access.5: login.access manual page
2003-03-18 Love Hörnquist Åstrand <lha@it.su.se>
* login.c: also need pag_set
* login.c: if there is kerberos 5, call krb5_afslog\*
2002-08-23 Johan Danielsson <joda@pdc.kth.se>
* login.c: if motd is set in login.conf, output its contents

4
crypto/heimdal/appl/login/Makefile.am
View File

@ -1,9 +1,11 @@
# $Id: Makefile.am,v 1.20 2002/08/19 17:00:36 joda Exp $
# $Id: Makefile.am,v 1.21 2003/03/24 16:15:48 joda Exp $
include $(top_srcdir)/Makefile.am.common
INCLUDES += $(INCLUDE_krb4)
man_MANS = login.1 login.access.5
bin_PROGRAMS = login
login_SOURCES = \

125
crypto/heimdal/appl/login/Makefile.in
View File

@ -14,11 +14,11 @@
@SET_MAKE@
# $Id: Makefile.am,v 1.20 2002/08/19 17:00:36 joda Exp $
# $Id: Makefile.am,v 1.21 2003/03/24 16:15:48 joda Exp $
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -201,6 +202,8 @@ NROFF_MAN = groff -mandoc -Tascii
@DCE_TRUE@LIB_kdfs = $(top_builddir)/lib/kdfs/libkdfs.la
man_MANS = login.1 login.access.5
bin_PROGRAMS = login
login_SOURCES = \
@ -242,11 +245,9 @@ am_login_OBJECTS = conf.$(OBJEXT) env.$(OBJEXT) login.$(OBJEXT) \
utmp_login.$(OBJEXT) utmpx_login.$(OBJEXT)
login_OBJECTS = $(am_login_OBJECTS)
login_LDADD = $(LDADD)
@KRB4_TRUE@login_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
@KRB4_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@KRB4_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB4_FALSE@login_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB4_FALSE@ $(top_builddir)/lib/asn1/libasn1.la
login_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
$(top_builddir)/lib/krb5/libkrb5.la \
$(top_builddir)/lib/asn1/libasn1.la
login_LDFLAGS =
DEFS = @DEFS@
@ -265,6 +266,7 @@ LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) -o $@
CFLAGS = @CFLAGS@
DIST_SOURCES = $(login_SOURCES)
MANS = $(man_MANS)
DIST_COMMON = ChangeLog Makefile.am Makefile.in
SOURCES = $(login_SOURCES)
@ -272,10 +274,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/login/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
install-binPROGRAMS: $(bin_PROGRAMS)
@ -333,6 +335,84 @@ distclean-libtool:
-rm -f libtool
uninstall-info-am:
man1dir = $(mandir)/man1
install-man1: $(man1_MANS) $(man_MANS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(man1dir)
@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
case "$$i" in \
*.1*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
else file=$$i; fi; \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \
$(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \
done
uninstall-man1:
@$(NORMAL_UNINSTALL)
@list='$(man1_MANS) $(dist_man1_MANS) $(nodist_man1_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
case "$$i" in \
*.1*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \
rm -f $(DESTDIR)$(man1dir)/$$inst; \
done
man5dir = $(mandir)/man5
install-man5: $(man5_MANS) $(man_MANS)
@$(NORMAL_INSTALL)
$(mkinstalldirs) $(DESTDIR)$(man5dir)
@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
case "$$i" in \
*.5*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \
else file=$$i; fi; \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst"; \
$(INSTALL_DATA) $$file $(DESTDIR)$(man5dir)/$$inst; \
done
uninstall-man5:
@$(NORMAL_UNINSTALL)
@list='$(man5_MANS) $(dist_man5_MANS) $(nodist_man5_MANS)'; \
l2='$(man_MANS) $(dist_man_MANS) $(nodist_man_MANS)'; \
for i in $$l2; do \
case "$$i" in \
*.5*) list="$$list $$i" ;; \
esac; \
done; \
for i in $$list; do \
ext=`echo $$i | sed -e 's/^.*\\.//'`; \
inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \
inst=`echo $$inst | sed -e 's/^.*\///'`; \
inst=`echo $$inst | sed '$(transform)'`.$$ext; \
echo " rm -f $(DESTDIR)$(man5dir)/$$inst"; \
rm -f $(DESTDIR)$(man5dir)/$$inst; \
done
ETAGS = etags
ETAGSFLAGS =
@ -400,10 +480,10 @@ distdir: $(DISTFILES)
check-am: all-am
$(MAKE) $(AM_MAKEFLAGS) check-local
check: check-am
all-am: Makefile $(PROGRAMS) all-local
all-am: Makefile $(PROGRAMS) $(MANS) all-local
installdirs:
$(mkinstalldirs) $(DESTDIR)$(bindir)
$(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(man1dir) $(DESTDIR)$(man5dir)
install: install-am
install-exec: install-exec-am
@ -446,7 +526,9 @@ info: info-am
info-am:
install-data-am: install-data-local
install-data-am: install-man
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am: install-binPROGRAMS
@$(NORMAL_INSTALL)
@ -454,7 +536,7 @@ install-exec-am: install-binPROGRAMS
install-info: install-info-am
install-man:
install-man: install-man1 install-man5
installcheck-am:
@ -467,19 +549,22 @@ mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool
uninstall-am: uninstall-binPROGRAMS uninstall-info-am
uninstall-am: uninstall-binPROGRAMS uninstall-info-am uninstall-man
uninstall-man: uninstall-man1 uninstall-man5
.PHONY: GTAGS all all-am all-local check check-am check-local clean \
clean-binPROGRAMS clean-generic clean-libtool distclean \
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am info info-am install \
install-am install-binPROGRAMS install-data install-data-am \
install-data-local install-exec install-exec-am install-info \
install-info-am install-man install-strip installcheck \
installcheck-am installdirs maintainer-clean \
install-exec install-exec-am install-info install-info-am \
install-man install-man1 install-man5 install-strip \
installcheck installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool tags uninstall \
uninstall-am uninstall-binPROGRAMS uninstall-info-am
uninstall-am uninstall-binPROGRAMS uninstall-info-am \
uninstall-man uninstall-man1 uninstall-man5
install-suid-programs:
@ -605,7 +690,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

226
crypto/heimdal/appl/login/login.1 Normal file
View File

@ -0,0 +1,226 @@
.\" $Id: login.1,v 1.1 2003/03/24 16:15:12 joda Exp $
.\"
.Dd March 24, 2003
.Dt LOGIN 1
.Os HEIMDAL
.Sh NAME
.Nm login
.Nd
authenticate a user and start new session
.Sh SYNOPSIS
.Nm
.Op Fl fp
.Op Fl a Ar level
.Op Fl h Ar hostname
.Ar [username]
.Sh DESCRIPTION
This manual page documents the
.Nm login
program distributed with the Heimdal Kerberos 5 implementation, it may
differ in important ways from your system version.
.Pp
The
.Nm login
programs logs users into the system. It is intended to be run by
system daemons like
.Xr getty 8
or
.Xr telnetd 8 .
If you are already logged in, but want to change to another user, you
should use
.Xr su 1 .
.Pp
A username can be given on the command line, else one will be prompted
for.
.Pp
A password is required to login, unless the
.Fl f
option is given (indicating that the calling program has already done
proper authentication). With
.Fl f
the user will be logged in without further questions.
.Pp
For password authentication Kerberos 5, Kerberos 4 (if compiled in),
OTP (if compiled in) and local
.No ( Pa /etc/passwd )
passwords are supported. OTP will be used if the the user is
registered to use it, and
.Nm login
is given the option
.Fl a Li otp .
When using OTP, a challenge is shown to the user.
.Pp
Further options are:
.Bl -tag -width Ds
.It Fl a Ar string
Which authentication mode to use, the only supported value is
currently
.Dq otp .
.It Fl f
Indicates that the user is already authenticated. This happens, for
instance, when login is started by telnetd, and the user has proved
authentic via Kerberos.
.It Fl h Ar hostname
Indicates which host the user is logging in from. This is passed from
telnetd, and is entered into the login database.
.It Fl p
This tells
.Nm login
to preserve all environment variables. If not given, only the
.Dv TERM
and
.Dv TZ
variables are preserved. It could be a security risk to pass random
variables to
.Nm login
or the user shell, so the calling daemon should make sure it only
passes
.Dq safe
variables.
.El
.Pp
The process of logging user in proceeds as follows.
.Pp
First a check is made that logins are allowed at all. This usually
means checking
.Pa /etc/nologin .
If it exists, and the user trying to login is not root, the contents
is printed, and then login exits.
.Pp
Then various system parameters are set up, like changing the owner of
the tty to the user, setting up signals, setting the group list, and
user and group id. Also various machine specific tasks are performed.
.Pp
Next
.Nm login
changes to the users home directory, or if that fails, to
.Pa / .
The environment is setup, by adding some required variables (such as
.Dv PATH ) ,
and also authentication related ones (such as
.Dv KRB5CCNAME ) .
If an environment file exists
.No ( Pa /etc/environment ) ,
variables are set according to
it.
.Pp
If one or more login message files are configured, their contents is
printed to the terminal.
.Pp
If a login time command is configured, it is executed. A logout time
command can also be configured, which makes
.Nm login
fork, and wait for the user shell to exit, and then run the command.
This can be used to clean up user credentials.
.Pp
Finally, the user's shell is executed. If the user logging in is root,
and root's login shell does not exist, a default shell (usually
.Pa /bin/sh )
is also tried before giving up.
.Sh ENVIRONMENT
These environment variables are set by login (not including ones set by
.Pa /etc/environment ) :
.Pp
.Bl -tag -compact -width USERXXLOGNAME
.It Dv PATH
the default system path
.It Dv HOME
the user's home directory (or possibly
.Pa / )
.It Dv USER , Dv LOGNAME
both set to the username
.It Dv SHELL
the user's shell
.It Dv TERM , Dv TZ
set to whatever is passed to
.Nm login
.It Dv KRB5CCNAME
if the password is verified via Kerberos 5, this will point to the
credentials cache file
.It Dv KRBTKFILE
if the password is verified via Kerberos 4, this will point to the
ticket file
.El
.Sh FILES
.Bl -tag -compact -width Ds
.It Pa /etc/environment
Contains a set of environment variables that should be set in addition
to the ones above. It should contain sh-style assignments like
.Dq VARIABLE=value .
Note that they are not parsed the way a shell would. No variable
expansion is performed, and all strings are literal, and quotation
marks should not be used. Everything after a hash mark is considered a
comment. The following are all different (the last will set the
variable
.Dv BAR ,
not
.Dv FOO ) .
.Bd -literal -offset indent
FOO=this is a string
FOO="this is a string"
BAR= FOO='this is a string'
.Ed
.It Pa /etc/login.access
See
.Xr login.access 5 .
.It Pa /etc/login.conf
This is a termcap style configuration file, that contains various
settings used by
.Nm login .
Currently only the
.Dq default
capability record is used. The possible capability strings include:
.Pp
.Bl -tag -compact -width Ds
.It Li environment
This is a comma separated list of environment files that are read in
the order specified. If this is missing the default
.Pa /etc/environment
is used.
.It Li login_program
This program will be executed just before the user's shell is started.
It will be called without arguments.
.It Li logout_program
This program will be executed just after the user's shell has
terminated. It will be called without arguments. This program will be
the parent process of the spawned shell.
.It Li motd
A comma separated list of text files that will be printed to the
user's terminal before starting the shell. The string
.Li welcome
works similarly, but points to a single file.
.El
.It Pa /etc/nologin
If it exists, login is denied to all but root. The contents of this
file is printed before login exits.
.El
.Pp
Other
.Nm login
programs typically print all sorts of information by default, such as
last time you logged in, if you have mail, and system message files.
This version of
.Nm login
does not, so there is no reason for
.Pa .hushlogin
files or similar. We feel that these tasks are best left to the user's
shell, but the
.Li login_program
facility allows for a shell independent solution, if that is desired.
.Sh EXAMPLES
A
.Pa login.conf
file could look like:
.Bd -literal -offset indent
default:\\
:motd=/etc/motd,/etc/motd.local:
.Ed
.Sh SEE ALSO
.Xr su 1 ,
.Xr login.access 5 ,
.Xr getty 8 ,
.Xr telnetd 8
.Sh AUTHORS
This login program was written for the Heimdal Kerberos 5
implementation. The login.access code was written by Wietse Venema.
.\".Sh BUGS

56
crypto/heimdal/appl/login/login.access.5 Normal file
View File

@ -0,0 +1,56 @@
.\" $Id: login.access.5,v 1.1 2003/03/24 15:49:30 joda Exp $
.\"
.Dd March 21, 2003
.Dt LOGIN.ACCESS 5
.Os HEIMDAL
.Sh NAME
.Nm login.access
.Nd
login access control table
.Sh DESCRIPTION
The
.Nm login.access
file specifies on which ttys or from which hosts certain users are
allowed to login.
.Pp
At login, the
.Pa /etc/login.access
file is checked for the first entry that matches a specific user/host
or user/tty combination. That entry can either allow or deny login
access to that user.
.Pp
Each entry have three fields separated by colon:
.Bl -bullet
.It
The first field indicates the permission given if the entry matches.
It can be either
.Dq +
(allow access)
or
.Dq -
(deny access) .
.It
The second field is a comma separated list of users or groups for
which the current entry applies. NIS netgroups can used (if
configured) if preceeded by @. The magic string ALL matches all users.
A group will match if the user is a member of that group, or it is the
user's primary group.
.It
The third field is a list of ttys, or network names. A network name
can be either a hostname, a domain (indicated by a starting period),
or a netgroup. As with the user list, ALL matches anything. LOCAL
matches a string not containing a period.
.El
.Pp
If the string EXCEPT is found in either the user or from list, the
rest of the list are exceptions to the list before EXCEPT.
.Sh BUGS
If there's a user and a group with the same name, there is no way to
make the group match if the user also matches.
.Sh SEE ALSO
.Xr login 1
.Sh AUTHORS
The
.Fn login_access
function was written by
Wietse Venema. This manual page was written for Heimdal.

17
crypto/heimdal/appl/login/login.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -39,7 +39,7 @@
#include <sys/capability.h>
#endif
RCSID("$Id: login.c,v 1.56 2002/08/23 12:11:09 joda Exp $");
RCSID("$Id: login.c,v 1.59 2003/03/24 15:57:10 joda Exp $");
static int login_timeout = 60;
@ -142,9 +142,7 @@ otp_verify(struct passwd *pwd, const char *password)
#endif /* OTP */
#ifdef KRB4
static int pag_set = 0;
#endif
#ifdef KRB5
static krb5_context context;
@ -269,8 +267,6 @@ krb5_finish (void)
krb5_free_context(context);
}
#ifdef KRB4
static void
krb5_get_afs_tokens (const struct passwd *pwd)
{
@ -300,8 +296,6 @@ krb5_get_afs_tokens (const struct passwd *pwd)
}
}
#endif /* KRB4 */
#endif /* KRB5 */
#ifdef KRB4
@ -598,9 +592,10 @@ do_login(const struct passwd *pwd, char *tty, char *ttyn)
krb5_cc_close (context, id);
}
}
#endif /* KRB4 */
krb5_get_afs_tokens (pwd);
#endif /* KRB4 */
krb5_finish ();
#endif /* KRB5 */
@ -634,6 +629,10 @@ do_login(const struct passwd *pwd, char *tty, char *ttyn)
continue;
show_file(buf);
}
} else {
str = login_conf_get_string("welcome");
if(str != NULL)
show_file(str);
}
}
add_env("HOME", home_dir);

9
crypto/heimdal/appl/push/ChangeLog
View File

@ -1,3 +1,12 @@
2003-04-03 Assar Westerlund <assar@kth.se>
* push.c: fixed one incorrect fprintf to stderr
2003-03-18 Love Hörnquist Åstrand <lha@it.su.se>
* push.c: add names of pop states, add some more debugging and use
fprintf(stderr) for all dbg stmts.
2001-09-04 Assar Westerlund <assar@sics.se>
* push.c (doit): check return values from snprintf being negative

32
crypto/heimdal/appl/push/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -260,10 +261,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/push/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
install-libexecPROGRAMS: $(libexec_PROGRAMS)
@ -535,7 +536,9 @@ info: info-am
info-am:
install-data-am: install-data-local install-man
install-data-am: install-man
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am: install-binSCRIPTS install-libexecPROGRAMS
@$(NORMAL_INSTALL)
@ -566,15 +569,14 @@ uninstall-man: uninstall-man1 uninstall-man8
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am info info-am install \
install-am install-binSCRIPTS install-data install-data-am \
install-data-local install-exec install-exec-am install-info \
install-info-am install-libexecPROGRAMS install-man \
install-man1 install-man8 install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool tags uninstall \
uninstall-am uninstall-binSCRIPTS uninstall-info-am \
uninstall-libexecPROGRAMS uninstall-man uninstall-man1 \
uninstall-man8
install-exec install-exec-am install-info install-info-am \
install-libexecPROGRAMS install-man install-man1 install-man8 \
install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
tags uninstall uninstall-am uninstall-binSCRIPTS \
uninstall-info-am uninstall-libexecPROGRAMS uninstall-man \
uninstall-man1 uninstall-man8
install-suid-programs:
@ -700,7 +702,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

33
crypto/heimdal/appl/push/pfrom.1
View File

@ -1,4 +1,35 @@
.\" $Id: pfrom.1,v 1.4 2002/05/30 15:59:59 assar Exp $
.\" Copyright (c) 2000 - 2002 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. Neither the name of the Institute nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: pfrom.1,v 1.5 2003/02/16 21:10:11 lha Exp $
.\"
.Dd March 4, 2000
.Dt PFROM 1

30
crypto/heimdal/appl/push/push.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-2001 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2001, 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,7 +32,7 @@
*/
#include "push_locl.h"
RCSID("$Id: push.c,v 1.45 2001/09/04 09:45:52 assar Exp $");
RCSID("$Id: push.c,v 1.47 2003/04/04 02:10:17 assar Exp $");
#ifdef KRB4
static int use_v4 = -1;
@ -137,6 +137,11 @@ do_connect (const char *hostname, int port, int nodelay)
typedef enum { INIT = 0, GREET, USER, PASS, STAT, RETR, TOP,
DELE, XDELE, QUIT} pop_state;
static char *pop_state_string[] = {
"INIT", "GREET", "USER", "PASS", "STAT", "RETR", "TOP",
"DELE", "XDELE", "QUIT"
};
#define PUSH_BUFSIZ 65536
#define STEP 16
@ -267,7 +272,7 @@ doit(int s,
if (net_write (s, out_buf, out_len) != out_len)
err (1, "write");
if (verbose > 1)
write (STDERR_FILENO, out_buf, out_len);
fprintf (stderr, "%s", out_buf);
if (!do_from)
write_state_init (&write_state, out_fd);
@ -280,6 +285,13 @@ doit(int s,
if (s >= FD_SETSIZE)
errx (1, "fd too large");
FD_SET(s,&readset);
if (verbose > 1)
fprintf (stderr, "state: %s count: %d asked_for: %d "
"retrieved: %d asked_deleted: %d\n",
pop_state_string[state],
count, asked_for, retrieved, asked_deleted);
if (((state == STAT || state == RETR || state == TOP)
&& asked_for < count)
|| (state == XDELE && !sent_xdele)
@ -331,7 +343,7 @@ doit(int s,
state = QUIT;
net_write (s, "QUIT\r\n", 6);
if (verbose > 1)
net_write (STDERR_FILENO, "QUIT\r\n", 6);
fprintf (stderr, "QUIT\r\n");
}
}
rem -= p - beg + 2;
@ -354,7 +366,7 @@ doit(int s,
state = QUIT;
net_write (s, "QUIT\r\n", 6);
if (verbose > 1)
net_write (STDERR_FILENO, "QUIT\r\n", 6);
fprintf (stderr, "QUIT\r\n");
} else {
if (forkp) {
pid_t pid;
@ -401,14 +413,14 @@ doit(int s,
state = QUIT;
net_write (s, "QUIT\r\n", 6);
if (verbose > 1)
net_write (STDERR_FILENO, "QUIT\r\n", 6);
fprintf (stderr, "QUIT\r\n");
break;
} else if (state == DELE) {
if (++deleted == count) {
state = QUIT;
net_write (s, "QUIT\r\n", 6);
if (verbose > 1)
net_write (STDERR_FILENO, "QUIT\r\n", 6);
fprintf (stderr, "QUIT\r\n");
break;
}
} else if (++state == STAT) {
@ -428,7 +440,7 @@ doit(int s,
state = QUIT;
net_write (s, "QUIT\r\n", 6);
if (verbose > 1)
net_write (STDERR_FILENO, "QUIT\r\n", 6);
fprintf (stderr, "QUIT\r\n");
break;
}
}
@ -471,7 +483,7 @@ doit(int s,
if (net_write (s, out_buf, out_len) != out_len)
err (1, "write");
if (verbose > 1)
write (STDERR_FILENO, out_buf, out_len);
fprintf (stderr, "%s", out_buf);
}
}
if (verbose)

8
crypto/heimdal/appl/rcp/ChangeLog
View File

@ -1,3 +1,11 @@
2003-04-16 Johan Danielsson <joda@pdc.kth.se>
* rcp.1: add a HISTORY section
* rcp.1: brief manpage
* rcp.c: add a -4 option
2001-09-24 Johan Danielsson <joda@pdc.kth.se>
* rcp.c: more va_* fixing; from Thomas Klausner

27
crypto/heimdal/appl/rcp/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -242,10 +243,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/rcp/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
install-binPROGRAMS: $(bin_PROGRAMS)
@ -416,7 +417,9 @@ info: info-am
info-am:
install-data-am: install-data-local
install-data-am:
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am: install-binPROGRAMS
@$(NORMAL_INSTALL)
@ -444,12 +447,12 @@ uninstall-am: uninstall-binPROGRAMS uninstall-info-am
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am info info-am install \
install-am install-binPROGRAMS install-data install-data-am \
install-data-local install-exec install-exec-am install-info \
install-info-am install-man install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool tags uninstall \
uninstall-am uninstall-binPROGRAMS uninstall-info-am
install-exec install-exec-am install-info install-info-am \
install-man install-strip installcheck installcheck-am \
installdirs maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool tags uninstall uninstall-am \
uninstall-binPROGRAMS uninstall-info-am
install-suid-programs:
@ -575,7 +578,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

67
crypto/heimdal/appl/rcp/rcp.1 Normal file
View File

@ -0,0 +1,67 @@
.\" $Id: rcp.1,v 1.2 2003/04/16 12:20:43 joda Exp $
.\"
.Dd April 16, 2003
.Dt RCP 1
.Os HEIMDAL
.Sh NAME
.Nm rcp
.Nd
copy file to and from remote machines
.Sh SYNOPSIS
.Nm rcp
.Op Fl 45FKpxz
.Op Fl P Ar port
.Ar file1 file2
.Nm rcp
.Op Fl 45FKprxz
.Op Fl P Ar port
.Ar file... directory
.Sh DESCRIPTION
.Nm rcp
copies files between machines. Each file argument is either a remote file name of the form
.Dq rname@rhost:path
or a local file (containing no colon or with a slash before the first
colon).
.Pp
Supported options:
.Bl -tag -width Ds
.It Xo
.Fl 4 ,
.Fl 5 ,
.Fl K ,
.Fl F ,
.Fl x ,
.Fl z
.Xc
These options are passed on to
.Xr rsh 1 .
.It Fl P Ar port
This will pass the option
.Fl p Ar port
to
.Xr rsh 1 .
.It Fl p
Preserve file permissions.
.It Fl r
Copy source directories recursively.
.El
.\".Sh ENVIRONMENT
.\".Sh FILES
.\".Sh EXAMPLES
.Sh DIAGNOSTICS
.Nm rcp
is implemented as a protocol on top of
.Xr rsh 1 ,
and thus requires a working rsh. If you intend to use Kerberos
authentication, rsh needs to be Kerberos aware, else you may see more
or less strange errors, such as "login incorrect", or "lost
connection".
.\".Sh SEE ALSO
.\".Sh STANDARDS
.Sh HISTORY
The
.Nm rcp
utility first appeared in 4.2BSD. This version is derived from
4.3BSD-Reno.
.\".Sh AUTHORS
.\".Sh BUGS

5
crypto/heimdal/appl/rcp/rcp.c
View File

@ -41,7 +41,7 @@ uid_t userid;
int errs, remin, remout;
int pflag, iamremote, iamrecursive, targetshouldbedirectory;
int doencrypt, noencrypt;
int usebroken, usekrb5, forwardtkt;
int usebroken, usekrb4, usekrb5, forwardtkt;
char *port;
#define CMDNEEDS 64
@ -61,6 +61,7 @@ static int fflag, tflag;
static int version_flag, help_flag;
struct getargs args[] = {
{ NULL, '4', arg_flag, &usekrb4, "use Kerberos 4 authentication" },
{ NULL, '5', arg_flag, &usekrb5, "use Kerberos 5 authentication" },
{ NULL, 'F', arg_flag, &forwardtkt, "forward credentials" },
{ NULL, 'K', arg_flag, &usebroken, "use BSD authentication" },
@ -751,6 +752,8 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout)
i = 0;
args[i++] = RSH_PROGRAM;
if (usekrb4)
args[i++] = "-4";
if (usekrb5)
args[i++] = "-5";
if (usebroken)

29
crypto/heimdal/appl/rsh/ChangeLog
View File

@ -1,3 +1,32 @@
2003-04-16 Johan Danielsson <joda@pdc.kth.se>
* rsh.c: use krb5_appdefault to get defaults for forward and
encrypt
* rshd.c: use ARG_MAX + 1
* rshd.c (read_str): return allocated string
* rsh_locl.h: set NCARGS to 8k if undefined
2003-03-23 Assar Westerlund <assar@kth.se>
* rsh.c (loop): only check errsock if it's valid
2003-03-18 Love Love Hörnquist Åstrand <lha@it.su.se>
* rshd.c: do krb5_afslog when compling with afs support
* rsh_locl.h: always include kafs.h
2002-11-22 Johan Danielsson <joda@pdc.kth.se>
* rshd.8: clarify -x and kerberos 5
2002-11-01 Johan Danielsson <joda@pdc.kth.se>
* rsh_locl.h: bump COMMAND_SZ to NCARGS+1
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
* rsh.c: free some memory

99
crypto/heimdal/appl/rsh/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -229,58 +230,38 @@ PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS)
am_rsh_OBJECTS = rsh.$(OBJEXT) common.$(OBJEXT)
rsh_OBJECTS = $(am_rsh_OBJECTS)
rsh_LDADD = $(LDADD)
@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@rsh_DEPENDENCIES = \
@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@DCE_FALSE@@KRB4_FALSE@@KRB5_FALSE@rsh_DEPENDENCIES =
@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@rsh_DEPENDENCIES = \
@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la \
@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@DCE_FALSE@@KRB4_TRUE@@KRB5_FALSE@rsh_DEPENDENCIES = \
@DCE_FALSE@@KRB4_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la
@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@rsh_DEPENDENCIES = \
@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \
@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/kdfs/libkdfs.la
@DCE_TRUE@@KRB4_FALSE@@KRB5_FALSE@rsh_DEPENDENCIES = \
@DCE_TRUE@@KRB4_FALSE@@KRB5_FALSE@ $(top_builddir)/lib/kdfs/libkdfs.la
@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@rsh_DEPENDENCIES = \
@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la \
@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \
@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kdfs/libkdfs.la
@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@rsh_DEPENDENCIES = \
@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la \
@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kdfs/libkdfs.la
@DCE_FALSE@@KRB5_TRUE@rsh_DEPENDENCIES = \
@DCE_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la \
@DCE_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@DCE_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@DCE_FALSE@@KRB5_FALSE@rsh_DEPENDENCIES = \
@DCE_FALSE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la
@DCE_TRUE@@KRB5_TRUE@rsh_DEPENDENCIES = \
@DCE_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la \
@DCE_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@DCE_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \
@DCE_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kdfs/libkdfs.la
@DCE_TRUE@@KRB5_FALSE@rsh_DEPENDENCIES = \
@DCE_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la \
@DCE_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kdfs/libkdfs.la
rsh_LDFLAGS =
am_rshd_OBJECTS = rshd.$(OBJEXT) common.$(OBJEXT) login_access.$(OBJEXT)
rshd_OBJECTS = $(am_rshd_OBJECTS)
rshd_LDADD = $(LDADD)
@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@rshd_DEPENDENCIES = \
@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@DCE_FALSE@@KRB4_FALSE@@KRB5_FALSE@rshd_DEPENDENCIES =
@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@rshd_DEPENDENCIES = \
@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la \
@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@DCE_FALSE@@KRB4_TRUE@@KRB5_FALSE@rshd_DEPENDENCIES = \
@DCE_FALSE@@KRB4_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la
@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@rshd_DEPENDENCIES = \
@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \
@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/kdfs/libkdfs.la
@DCE_TRUE@@KRB4_FALSE@@KRB5_FALSE@rshd_DEPENDENCIES = \
@DCE_TRUE@@KRB4_FALSE@@KRB5_FALSE@ $(top_builddir)/lib/kdfs/libkdfs.la
@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@rshd_DEPENDENCIES = \
@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la \
@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \
@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kdfs/libkdfs.la
@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@rshd_DEPENDENCIES = \
@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la \
@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kdfs/libkdfs.la
@DCE_FALSE@@KRB5_TRUE@rshd_DEPENDENCIES = \
@DCE_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la \
@DCE_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@DCE_FALSE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@DCE_FALSE@@KRB5_FALSE@rshd_DEPENDENCIES = \
@DCE_FALSE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la
@DCE_TRUE@@KRB5_TRUE@rshd_DEPENDENCIES = \
@DCE_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kafs/libkafs.la \
@DCE_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@DCE_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la \
@DCE_TRUE@@KRB5_TRUE@ $(top_builddir)/lib/kdfs/libkdfs.la
@DCE_TRUE@@KRB5_FALSE@rshd_DEPENDENCIES = \
@DCE_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kafs/libkafs.la \
@DCE_TRUE@@KRB5_FALSE@ $(top_builddir)/lib/kdfs/libkdfs.la
rshd_LDFLAGS =
DEFS = @DEFS@
@ -307,10 +288,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/rsh/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
install-binPROGRAMS: $(bin_PROGRAMS)
@ -590,7 +571,9 @@ info: info-am
info-am:
install-data-am: install-data-local install-man
install-data-am: install-man
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am: install-binPROGRAMS install-libexecPROGRAMS
@$(NORMAL_INSTALL)
@ -621,10 +604,10 @@ uninstall-man: uninstall-man1 uninstall-man8
clean-libtool distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am info \
info-am install install-am install-binPROGRAMS install-data \
install-data-am install-data-local install-exec install-exec-am \
install-info install-info-am install-libexecPROGRAMS \
install-man install-man1 install-man8 install-strip \
installcheck installcheck-am installdirs maintainer-clean \
install-data-am install-exec install-exec-am install-info \
install-info-am install-libexecPROGRAMS install-man \
install-man1 install-man8 install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool tags uninstall \
uninstall-am uninstall-binPROGRAMS uninstall-info-am \
@ -755,7 +738,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

35
crypto/heimdal/appl/rsh/rsh.1
View File

@ -1,4 +1,35 @@
.\" $Id: rsh.1,v 1.4 2002/09/04 13:01:52 joda Exp $
.\" Copyright (c) 2002 - 2003 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. Neither the name of the Institute nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: rsh.1,v 1.6 2003/04/16 19:57:25 lha Exp $
.\"
.Dd September 4, 2002
.Dt RSH 1
@ -158,7 +189,7 @@ selects protocol version 2, while
.Ar O
and
.Ar 1
selects version 1. Version 2 is beleived to be more secure, and is the
selects version 1. Version 2 is believed to be more secure, and is the
default. Unless asked for a specific version,
.Nm
will try both. This behaviour may change in the future.

117
crypto/heimdal/appl/rsh/rsh.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,7 +32,7 @@
*/
#include "rsh_locl.h"
RCSID("$Id: rsh.c,v 1.68 2002/09/04 21:40:04 joda Exp $");
RCSID("$Id: rsh.c,v 1.71 2003/04/16 20:37:20 joda Exp $");
enum auth_method auth_method;
#if defined(KRB4) || defined(KRB5)
@ -87,7 +87,7 @@ loop (int s, int errsock)
init_ivecs(1);
#endif
if (s >= FD_SETSIZE || errsock >= FD_SETSIZE)
if (s >= FD_SETSIZE || (errsock != -1 && errsock >= FD_SETSIZE))
errx (1, "fd too large");
FD_ZERO(&real_readset);
@ -167,7 +167,8 @@ send_krb4_auth(int s,
int status;
size_t len;
status = krb_sendauth (do_encrypt ? KOPT_DO_MUTUAL : 0,
/* the normal default for krb4 should be to disable encryption */
status = krb_sendauth ((do_encrypt == 1) ? KOPT_DO_MUTUAL : 0,
s, &text, "rcmd",
(char *)hostname, krb_realmofhost (hostname),
getpid(), &msg, &cred, schedule,
@ -304,6 +305,14 @@ send_krb5_auth(int s,
return 1;
}
if(do_encrypt == -1) {
krb5_appdefault_boolean(context, NULL,
krb5_principal_get_realm(context, server),
"encrypt",
FALSE,
&do_encrypt);
}
cksum_data.length = asprintf ((char **)&cksum_data.data,
"%u:%s%s%s",
ntohs(socket_get_port(thataddr)),
@ -343,6 +352,19 @@ send_krb5_auth(int s,
NULL,
NULL);
/* do this while we have a principal */
if(do_forward == -1 || do_forwardable == -1) {
krb5_const_realm realm = krb5_principal_get_realm(context, server);
if (do_forwardable == -1)
krb5_appdefault_boolean(context, NULL, realm,
"forwardable", FALSE,
&do_forwardable);
if (do_forward == -1)
krb5_appdefault_boolean(context, NULL, realm,
"forward", FALSE,
&do_forward);
}
krb5_free_principal(context, server);
krb5_data_free(&cksum_data);
@ -625,13 +647,23 @@ construct_command (char **res, int argc, char **argv)
}
static char *
print_addr (const struct sockaddr_in *sin)
print_addr (const struct sockaddr *sa)
{
char addr_str[256];
char *res;
const char *as = NULL;
inet_ntop (AF_INET, &sin->sin_addr, addr_str, sizeof(addr_str));
res = strdup(addr_str);
if(sa->sa_family == AF_INET)
as = inet_ntop (sa->sa_family, &((struct sockaddr_in*)sa)->sin_addr,
addr_str, sizeof(addr_str));
#ifdef HAVE_INET6
else if(sa->sa_family == AF_INET6)
as = inet_ntop (sa->sa_family, &((struct sockaddr_in6*)sa)->sin6_addr,
addr_str, sizeof(addr_str));
#endif
if(as == NULL)
return NULL;
res = strdup(as);
if (res == NULL)
errx (1, "malloc: out of memory");
return res;
@ -640,7 +672,7 @@ print_addr (const struct sockaddr_in *sin)
static int
doit_broken (int argc,
char **argv,
int optind,
int hostindex,
struct addrinfo *ai,
const char *remote_user,
const char *local_user,
@ -652,14 +684,16 @@ doit_broken (int argc,
struct addrinfo *a;
if (connect (priv_socket1, ai->ai_addr, ai->ai_addrlen) < 0) {
if (ai->ai_next == NULL)
return 1;
int save_errno = errno;
close(priv_socket1);
close(priv_socket2);
for (a = ai->ai_next; a != NULL; a = a->ai_next) {
pid_t pid;
char *adr = print_addr(a->ai_addr);
if(adr == NULL)
continue;
pid = fork();
if (pid < 0)
@ -667,25 +701,25 @@ doit_broken (int argc,
else if(pid == 0) {
char **new_argv;
int i = 0;
struct sockaddr_in *sin = (struct sockaddr_in *)a->ai_addr;
new_argv = malloc((argc + 2) * sizeof(*new_argv));
if (new_argv == NULL)
errx (1, "malloc: out of memory");
new_argv[i] = argv[i];
++i;
if (optind == i)
new_argv[i++] = print_addr (sin);
if (hostindex == i)
new_argv[i++] = adr;
new_argv[i++] = "-K";
for(; i <= argc; ++i)
new_argv[i] = argv[i - 1];
if (optind > 1)
new_argv[optind + 1] = print_addr(sin);
if (hostindex > 1)
new_argv[hostindex + 1] = adr;
new_argv[argc + 1] = NULL;
execv(PATH_RSH, new_argv);
err(1, "execv(%s)", PATH_RSH);
} else {
int status;
free(adr);
while(waitpid(pid, &status, 0) < 0)
;
@ -693,12 +727,14 @@ doit_broken (int argc,
return 0;
}
}
errno = save_errno;
warn("%s", argv[hostindex]);
return 1;
} else {
int ret;
ret = proto (priv_socket1, priv_socket2,
argv[optind],
argv[hostindex],
local_user, remote_user,
cmd, cmd_len,
send_broken_auth);
@ -841,7 +877,7 @@ main(int argc, char **argv)
{
int priv_port1, priv_port2;
int priv_socket1, priv_socket2;
int optind = 0;
int argindex = 0;
int error;
struct addrinfo hints, *ai;
int ret = 1;
@ -867,11 +903,11 @@ main(int argc, char **argv)
if (argc >= 2 && argv[1][0] != '-') {
host = argv[host_index = 1];
optind = 1;
argindex = 1;
}
if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv,
&optind))
&argindex))
usage (1);
if (do_help)
@ -907,37 +943,12 @@ main(int argc, char **argv)
else
use_v5 = 0;
}
if (do_forwardable == -1)
do_forwardable = krb5_config_get_bool (context, NULL,
"libdefaults",
"forwardable",
NULL);
if (do_forward == -1)
do_forward = krb5_config_get_bool (context, NULL,
"libdefaults",
"forward",
NULL);
else if (do_forward == 0)
do_forwardable = 0;
if (do_forwardable)
/* request for forwardable on the command line means we should
also forward */
if (do_forwardable == 1)
do_forward = 1;
#endif
#if defined(KRB4) || defined(KRB5)
if (do_encrypt == -1) {
/* we want to tell the -x flag from the default encryption
option */
#ifdef KRB5
/* the normal default for krb4 should be to disable encryption */
if(!krb5_config_get_bool (context, NULL,
"libdefaults",
"encrypt",
NULL))
#endif
do_encrypt = 0;
}
#endif
#if defined(KRB4) && defined(KRB5)
@ -986,10 +997,10 @@ main(int argc, char **argv)
#endif
if (host == NULL) {
if (argc - optind < 1)
if (argc - argindex < 1)
usage (1);
else
host = argv[host_index = optind++];
host = argv[host_index = argindex++];
}
if((tmp = strchr(host, '@')) != NULL) {
@ -998,7 +1009,7 @@ main(int argc, char **argv)
host = tmp;
}
if (optind == argc) {
if (argindex == argc) {
close (priv_socket1);
close (priv_socket2);
argv[0] = "rlogin";
@ -1013,7 +1024,7 @@ main(int argc, char **argv)
if (user == NULL)
user = local_user;
cmd_len = construct_command(&cmd, argc - optind, argv + optind);
cmd_len = construct_command(&cmd, argc - argindex, argv + argindex);
/*
* Try all different authentication methods

13
crypto/heimdal/appl/rsh/rsh_locl.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -31,7 +31,7 @@
* SUCH DAMAGE.
*/
/* $Id: rsh_locl.h,v 1.28 2002/09/03 20:03:46 joda Exp $ */
/* $Id: rsh_locl.h,v 1.33 2003/04/16 20:05:39 lha Exp $ */
#ifdef HAVE_CONFIG_H
#include <config.h>
@ -78,6 +78,9 @@
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
#ifdef HAVE_LIMITS_H
#include <limits.h>
#endif
#include <errno.h>
#ifdef HAVE_SYS_PARAM_H
@ -101,9 +104,7 @@
#include <krb5.h>
#include <krb5-private.h> /* for _krb5_{get,put}_int */
#endif
#ifdef KRB4
#include <kafs.h>
#endif
#ifndef _PATH_NOLOGIN
#define _PATH_NOLOGIN "/etc/nologin"
@ -147,7 +148,9 @@ extern des_cblock iv;
#define KCMD_NEW_VERSION "KCMDV0.2"
#define USERNAME_SZ 16
#define COMMAND_SZ 1024
#ifndef ARG_MAX
#define ARG_MAX 8192
#endif
#define RSH_BUFSIZ (5 * 1024) /* MIT kcmd can't handle larger buffers */

48
crypto/heimdal/appl/rsh/rshd.8
View File

@ -1,8 +1,37 @@
.\" Things to fix:
.\" * remove Op from mandatory flags
.\" * use better macros for arguments (like .Pa for files)
.\" Copyright (c) 2001 - 2002 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
.\" All rights reserved.
.\"
.Dd July 31, 2001
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. Neither the name of the Institute nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: rshd.8,v 1.7 2003/04/16 19:58:42 lha Exp $
.\"
.Dd November 22, 2002
.Dt RSHD 8
.Os HEIMDAL
.Sh NAME
@ -25,9 +54,9 @@ service. Supported options are:
.Fl n ,
.Fl -no-keepalive
.Xc
Disables keep-alive messages. Keep-alives are packets sent a certain
interval to make sure that the client is still there, even when it
doesn't send any data.
Disables keep-alive messages.
Keep-alives are packets sent at certain intervals to make sure that the
client is still there, even when it doesn't send any data.
.It Xo
.Fl k ,
.Fl -kerberos
@ -43,7 +72,10 @@ configuration.
.Fl -encrypt
.Xc
For Kerberos 4 this means that the connections are encrypted. Kerberos
5 will negotiate encryption inline. This option implies
5 can negotiate encryption even without this option, but if it's
present
.Nm
will deny unencrypted connections. This option implies
.Fl k .
.\".It Xo
.\".Fl l ,

147
crypto/heimdal/appl/rsh/rshd.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,7 +32,7 @@
*/
#include "rsh_locl.h"
RCSID("$Id: rshd.c,v 1.47 2002/09/03 20:03:26 joda Exp $");
RCSID("$Id: rshd.c,v 1.51 2003/04/16 19:50:49 joda Exp $");
int
login_access( struct passwd *user, char *from);
@ -68,9 +68,7 @@ static int do_kerberos = 0;
#define DO_KRB5 4
static int do_vacuous = 0;
static int do_log = 1;
#ifdef KRB4
static int do_newpag = 1;
#endif
static int do_addr_verify = 0;
static int do_keepalive = 1;
static int do_version;
@ -100,7 +98,7 @@ syslog_and_die (const char *m, ...)
static void
fatal (int, const char*, const char *, ...)
__attribute__ ((format (printf, 3, 4)));
__attribute__ ((noreturn, format (printf, 3, 4)));
static void
fatal (int sock, const char *what, const char *m, ...)
@ -122,38 +120,41 @@ fatal (int sock, const char *what, const char *m, ...)
exit (1);
}
static void
read_str (int s, char *str, size_t sz, char *expl)
static char *
read_str (int s, size_t sz, char *expl)
{
while (sz > 0) {
if (net_read (s, str, 1) != 1)
syslog_and_die ("read: %m");
if (*str == '\0')
return;
--sz;
++str;
char *str = malloc(sz);
char *p = str;
if(str == NULL)
fatal(s, NULL, "%s too long", expl);
while(p < str + sz) {
if(net_read(s, p, 1) != 1)
syslog_and_die("read: %m");
if(*p == '\0')
return str;
p++;
}
fatal (s, NULL, "%s too long", expl);
fatal(s, NULL, "%s too long", expl);
}
static int
recv_bsd_auth (int s, u_char *buf,
struct sockaddr_in *thisaddr,
struct sockaddr_in *thataddr,
char *client_username,
char *server_username,
char *cmd)
char **client_username,
char **server_username,
char **cmd)
{
struct passwd *pwd;
read_str (s, client_username, USERNAME_SZ, "local username");
read_str (s, server_username, USERNAME_SZ, "remote username");
read_str (s, cmd, COMMAND_SZ, "command");
pwd = getpwnam(server_username);
*client_username = read_str (s, USERNAME_SZ, "local username");
*server_username = read_str (s, USERNAME_SZ, "remote username");
*cmd = read_str (s, ARG_MAX + 1, "command");
pwd = getpwnam(*server_username);
if (pwd == NULL)
fatal(s, NULL, "Login incorrect.");
if (iruserok(thataddr->sin_addr.s_addr, pwd->pw_uid == 0,
client_username, server_username))
*client_username, *server_username))
fatal(s, NULL, "Login incorrect.");
return 0;
}
@ -163,9 +164,9 @@ static int
recv_krb4_auth (int s, u_char *buf,
struct sockaddr *thisaddr,
struct sockaddr *thataddr,
char *client_username,
char *server_username,
char *cmd)
char **client_username,
char **server_username,
char **cmd)
{
int status;
int32_t options;
@ -202,18 +203,18 @@ recv_krb4_auth (int s, u_char *buf,
if (strncmp (version, KCMD_OLD_VERSION, KRB_SENDAUTH_VLEN) != 0)
syslog_and_die ("bad version: %s", version);
read_str (s, server_username, USERNAME_SZ, "remote username");
if (kuserok (&auth, server_username) != 0)
*server_username = read_str (s, USERNAME_SZ, "remote username");
if (kuserok (&auth, *server_username) != 0)
fatal (s, NULL, "Permission denied.");
read_str (s, cmd, COMMAND_SZ, "command");
*cmd = read_str (s, ARG_MAX + 1, "command");
syslog(LOG_INFO|LOG_AUTH,
"kerberos v4 shell from %s on %s as %s, cmd '%.80s'",
krb_unparse_name_long(auth.pname, auth.pinst, auth.prealm),
inet_ntoa(((struct sockaddr_in *)thataddr)->sin_addr),
server_username,
cmd);
*server_username,
*cmd);
memcpy (iv, auth.session, sizeof(iv));
@ -249,6 +250,9 @@ save_krb5_creds (int s,
krb5_cc_initialize(context,ccache,client);
ret = krb5_rd_cred2(context, auth_context, ccache, &remote_cred);
if(ret != 0)
syslog(LOG_INFO|LOG_AUTH,
"reading creds: %s", krb5_get_err_text(context, ret));
krb5_data_free (&remote_cred);
if (ret)
return 0;
@ -299,9 +303,9 @@ static int
recv_krb5_auth (int s, u_char *buf,
struct sockaddr *thisaddr,
struct sockaddr *thataddr,
char *client_username,
char *server_username,
char *cmd)
char **client_username,
char **server_username,
char **cmd)
{
u_int32_t len;
krb5_auth_context auth_context = NULL;
@ -343,9 +347,9 @@ recv_krb5_auth (int s, u_char *buf,
syslog_and_die ("krb5_recvauth: %s",
krb5_get_err_text(context, status));
read_str (s, server_username, USERNAME_SZ, "remote username");
read_str (s, cmd, COMMAND_SZ, "command");
read_str (s, client_username, COMMAND_SZ, "local username");
*server_username = read_str (s, USERNAME_SZ, "remote username");
*cmd = read_str (s, ARG_MAX + 1, "command");
*client_username = read_str (s, ARG_MAX + 1, "local username");
if(protocol_version == 2) {
status = krb5_auth_con_getremotesubkey(context, auth_context,
@ -370,8 +374,8 @@ recv_krb5_auth (int s, u_char *buf,
cksum_data.length = asprintf ((char **)&cksum_data.data,
"%u:%s%s",
ntohs(socket_get_port (thisaddr)),
cmd,
server_username);
*cmd,
*server_username);
status = krb5_verify_authenticator_checksum(context,
auth_context,
@ -384,38 +388,38 @@ recv_krb5_auth (int s, u_char *buf,
free (cksum_data.data);
if (strncmp (client_username, "-u ", 3) == 0) {
if (strncmp (*client_username, "-u ", 3) == 0) {
do_unique_tkfile = 1;
memmove (client_username, client_username + 3,
strlen(client_username) - 2);
memmove (*client_username, *client_username + 3,
strlen(*client_username) - 2);
}
if (strncmp (client_username, "-U ", 3) == 0) {
if (strncmp (*client_username, "-U ", 3) == 0) {
char *end, *temp_tkfile;
do_unique_tkfile = 1;
if (strncmp (server_username + 3, "FILE:", 5) == 0) {
if (strncmp (*client_username + 3, "FILE:", 5) == 0) {
temp_tkfile = tkfile;
} else {
strcpy (tkfile, "FILE:");
temp_tkfile = tkfile + 5;
}
end = strchr(client_username + 3,' ');
strncpy(temp_tkfile, client_username + 3, end - client_username - 3);
temp_tkfile[end - client_username - 3] = '\0';
memmove (client_username, end +1, strlen(end+1)+1);
end = strchr(*client_username + 3,' ');
strncpy(temp_tkfile, *client_username + 3, end - *client_username - 3);
temp_tkfile[end - *client_username - 3] = '\0';
memmove (*client_username, end + 1, strlen(end+1)+1);
}
kerberos_status = save_krb5_creds (s, auth_context, ticket->client);
if(!krb5_kuserok (context,
ticket->client,
server_username))
ticket->client,
*server_username))
fatal (s, NULL, "Permission denied.");
if (strncmp (cmd, "-x ", 3) == 0) {
if (strncmp (*cmd, "-x ", 3) == 0) {
do_encrypt = 1;
memmove (cmd, cmd + 3, strlen(cmd) - 2);
memmove (*cmd, *cmd + 3, strlen(*cmd) - 2);
} else {
if(do_encrypt)
fatal (s, NULL, "Encryption is required.");
@ -438,8 +442,8 @@ recv_krb5_auth (int s, u_char *buf,
"kerberos v5 shell from %s on %s as %s, cmd '%.80s'",
name,
addr_str,
server_username,
cmd);
*server_username,
*cmd);
free (name);
}
}
@ -649,8 +653,7 @@ doit (void)
socklen_t thisaddr_len, thataddr_len;
int port;
int errsock = -1;
char client_user[COMMAND_SZ], server_user[USERNAME_SZ];
char cmd[COMMAND_SZ];
char *client_user, *server_user, *cmd;
struct passwd *pwd;
int s = STDIN_FILENO;
char **env;
@ -724,18 +727,18 @@ doit (void)
#ifdef KRB4
if ((do_kerberos & DO_KRB4) &&
recv_krb4_auth (s, buf, thisaddr, thataddr,
client_user,
server_user,
cmd) == 0)
&client_user,
&server_user,
&cmd) == 0)
auth_method = AUTH_KRB4;
else
#endif /* KRB4 */
#ifdef KRB5
if((do_kerberos & DO_KRB5) &&
recv_krb5_auth (s, buf, thisaddr, thataddr,
client_user,
server_user,
cmd) == 0)
&client_user,
&server_user,
&cmd) == 0)
auth_method = AUTH_KRB5;
else
#endif /* KRB5 */
@ -745,9 +748,9 @@ doit (void)
if(recv_bsd_auth (s, buf,
(struct sockaddr_in *)thisaddr,
(struct sockaddr_in *)thataddr,
client_user,
server_user,
cmd) == 0) {
&client_user,
&server_user,
&cmd) == 0) {
auth_method = AUTH_BROKEN;
if(do_vacuous) {
printf("Remote host requires Kerberos authentication\n");
@ -864,16 +867,17 @@ doit (void)
fatal (s, "net_write", "write failed");
}
#ifdef KRB4
#if defined(KRB4) || defined(KRB5)
if(k_hasafs()) {
char cell[64];
if(do_newpag)
k_setpag();
#ifdef KRB4
if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0)
krb_afslog_uid_home (cell, NULL, pwd->pw_uid, pwd->pw_dir);
krb_afslog_uid_home(NULL, NULL, pwd->pw_uid, pwd->pw_dir);
#endif
#ifdef KRB5
/* XXX */
@ -883,14 +887,17 @@ doit (void)
status = krb5_cc_resolve (context, tkfile, &ccache);
if (!status) {
krb5_afslog_uid_home(context,ccache,NULL,NULL,
if (k_afs_cell_of_file (pwd->pw_dir, cell, sizeof(cell)) == 0)
krb5_afslog_uid_home(context, ccache, cell, NULL,
pwd->pw_uid, pwd->pw_dir);
krb5_afslog_uid_home(context, ccache, NULL, NULL,
pwd->pw_uid, pwd->pw_dir);
krb5_cc_close (context, ccache);
}
}
#endif /* KRB5 */
}
#endif /* KRB4 */
#endif /* KRB5 || KRB4 */
execle (pwd->pw_shell, pwd->pw_shell, "-c", cmd, NULL, env);
err(1, "exec %s", pwd->pw_shell);
}

10
crypto/heimdal/appl/su/ChangeLog
View File

@ -1,3 +1,13 @@
2003-05-06 Johan Danielsson <joda@pdc.kth.se>
* su.c: remove accidentally committed code that prints the command
being executed
2003-03-18 Love Hörnquist Åstrand <lha@it.su.se>
* su.c (krb5_start_session): krb5_afslog doesn't depend on KRB4
any more
2002-02-19 Johan Danielsson <joda@pdc.kth.se>
* su.c: make this build without krb5

35
crypto/heimdal/appl/su/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -222,11 +223,9 @@ PROGRAMS = $(bin_PROGRAMS)
am_su_OBJECTS = su.$(OBJEXT)
su_OBJECTS = $(am_su_OBJECTS)
su_LDADD = $(LDADD)
@KRB4_TRUE@su_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
@KRB4_TRUE@ $(top_builddir)/lib/krb5/libkrb5.la \
@KRB4_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@KRB4_FALSE@su_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB4_FALSE@ $(top_builddir)/lib/asn1/libasn1.la
su_DEPENDENCIES = $(top_builddir)/lib/kafs/libkafs.la \
$(top_builddir)/lib/krb5/libkrb5.la \
$(top_builddir)/lib/asn1/libasn1.la
su_LDFLAGS =
DEFS = @DEFS@
@ -252,10 +251,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/su/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
install-binPROGRAMS: $(bin_PROGRAMS)
@ -426,7 +425,9 @@ info: info-am
info-am:
install-data-am: install-data-local
install-data-am:
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am: install-binPROGRAMS
@$(NORMAL_INSTALL)
@ -454,12 +455,12 @@ uninstall-am: uninstall-binPROGRAMS uninstall-info-am
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am info info-am install \
install-am install-binPROGRAMS install-data install-data-am \
install-data-local install-exec install-exec-am install-info \
install-info-am install-man install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool tags uninstall \
uninstall-am uninstall-binPROGRAMS uninstall-info-am
install-exec install-exec-am install-info install-info-am \
install-man install-strip installcheck installcheck-am \
installdirs maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool tags uninstall uninstall-am \
uninstall-binPROGRAMS uninstall-info-am
install-suid-programs:
@ -585,7 +586,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

14
crypto/heimdal/appl/su/su.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1999 - 2002 Kungliga Tekniska Högskolan
* Copyright (c) 1999 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -32,7 +32,7 @@
#include <config.h>
RCSID("$Id: su.c,v 1.25 2002/09/10 20:03:47 joda Exp $");
RCSID("$Id: su.c,v 1.26.2.1 2003/05/06 12:06:44 joda Exp $");
#include <stdio.h>
#include <stdlib.h>
@ -56,8 +56,8 @@ RCSID("$Id: su.c,v 1.25 2002/09/10 20:03:47 joda Exp $");
#endif
#ifdef KRB4
#include <krb.h>
#include <kafs.h>
#endif
#include <kafs.h>
#include <err.h>
#include <roken.h>
#include <getarg.h>
@ -253,13 +253,11 @@ krb5_start_session(void)
set_tkfile();
esetenv("KRBTKFILE", tkfile, 1);
#ifdef KRB4
/* convert creds? */
if(k_hasafs()) {
if (k_setpag() == 0)
krb5_afslog(context, ccache2, NULL, NULL);
}
#endif
krb5_cc_close(context, ccache2);
krb5_cc_destroy(context, ccache);
@ -546,12 +544,6 @@ main(int argc, char **argv)
if (ok == 4)
krb_start_session();
#endif
{
char **p;
for(p = args; *p; p++)
printf("%s ", *p);
printf("\n");
}
execv(shell, args);
}

7
crypto/heimdal/appl/telnet/ChangeLog
View File

@ -1,10 +1,3 @@
2002-10-21 Johan Danielsson <joda@pdc.kth.se>
* libtelnet/kerberos5.c: pull up 1.52-1.53; also try to use the
session key (if this is really correct is beyond me, RFC2942 in
unclear on this point;
(kerberos5_is): check that the subkey is non-NULL
2002-09-02 Johan Danielsson <joda@pdc.kth.se>
* libtelnet/kerberos5.c: set AP_OPTS_USE_SUBKEY

33
crypto/heimdal/appl/telnet/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -230,10 +231,10 @@ all: all-recursive
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/telnet/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
mostlyclean-libtool:
@ -431,7 +432,9 @@ info: info-recursive
info-am:
install-data-am: install-data-local
install-data-am:
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am:
@$(NORMAL_INSTALL)
@ -460,15 +463,15 @@ uninstall-info: uninstall-info-recursive
distclean distclean-generic distclean-libtool \
distclean-recursive distclean-tags distdir dvi dvi-am \
dvi-recursive info info-am info-recursive install install-am \
install-data install-data-am install-data-local \
install-data-recursive install-exec install-exec-am \
install-exec-recursive install-info install-info-am \
install-info-recursive install-man install-recursive \
install-strip installcheck installcheck-am installdirs \
installdirs-am installdirs-recursive maintainer-clean \
maintainer-clean-generic maintainer-clean-recursive mostlyclean \
mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \
tags tags-recursive uninstall uninstall-am uninstall-info-am \
install-data install-data-am install-data-recursive \
install-exec install-exec-am install-exec-recursive \
install-info install-info-am install-info-recursive install-man \
install-recursive install-strip installcheck installcheck-am \
installdirs installdirs-am installdirs-recursive \
maintainer-clean maintainer-clean-generic \
maintainer-clean-recursive mostlyclean mostlyclean-generic \
mostlyclean-libtool mostlyclean-recursive tags tags-recursive \
uninstall uninstall-am uninstall-info-am \
uninstall-info-recursive uninstall-recursive
@ -595,7 +598,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

28
crypto/heimdal/appl/telnet/libtelnet/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -256,10 +257,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/telnet/libtelnet/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
AR = ar
@ -409,7 +410,9 @@ info: info-am
info-am:
install-data-am: install-data-local
install-data-am:
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am:
@$(NORMAL_INSTALL)
@ -436,13 +439,12 @@ uninstall-am: uninstall-info-am
clean-generic clean-libtool clean-noinstLIBRARIES distclean \
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am info info-am install \
install-am install-data install-data-am install-data-local \
install-exec install-exec-am install-info install-info-am \
install-man install-strip installcheck installcheck-am \
installdirs maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool tags uninstall uninstall-am \
uninstall-info-am
install-am install-data install-data-am install-exec \
install-exec-am install-info install-info-am install-man \
install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
tags uninstall uninstall-am uninstall-info-am
install-suid-programs:
@ -568,7 +570,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

2
crypto/heimdal/appl/telnet/libtelnet/kerberos5.c
View File

@ -53,7 +53,7 @@
#include <config.h>
RCSID("$Id: kerberos5.c,v 1.51.4.1 2002/10/21 14:28:31 joda Exp $");
RCSID("$Id: kerberos5.c,v 1.53 2002/09/20 14:37:46 joda Exp $");
#ifdef KRB5

21
crypto/heimdal/appl/telnet/telnet/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -268,10 +269,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/telnet/telnet/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
install-binPROGRAMS: $(bin_PROGRAMS)
@ -481,7 +482,9 @@ info: info-am
info-am:
install-data-am: install-data-local install-man
install-data-am: install-man
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am: install-binPROGRAMS
@$(NORMAL_INSTALL)
@ -511,9 +514,9 @@ uninstall-man: uninstall-man1
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am info info-am install \
install-am install-binPROGRAMS install-data install-data-am \
install-data-local install-exec install-exec-am install-info \
install-info-am install-man install-man1 install-strip \
installcheck installcheck-am installdirs maintainer-clean \
install-exec install-exec-am install-info install-info-am \
install-man install-man1 install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool tags uninstall \
uninstall-am uninstall-binPROGRAMS uninstall-info-am \
@ -643,7 +646,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

19
crypto/heimdal/appl/telnet/telnetd/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -271,10 +272,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/telnet/telnetd/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
install-libexecPROGRAMS: $(libexec_PROGRAMS)
@ -485,7 +486,9 @@ info: info-am
info-am:
install-data-am: install-data-local install-man
install-data-am: install-man
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am: install-libexecPROGRAMS
@$(NORMAL_INSTALL)
@ -514,8 +517,8 @@ uninstall-man: uninstall-man8
clean-generic clean-libexecPROGRAMS clean-libtool distclean \
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am info info-am install \
install-am install-data install-data-am install-data-local \
install-exec install-exec-am install-info install-info-am \
install-am install-data install-data-am install-exec \
install-exec-am install-info install-info-am \
install-libexecPROGRAMS install-man install-man8 install-strip \
installcheck installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
@ -647,7 +650,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

28
crypto/heimdal/appl/test/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -327,10 +328,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign appl/test/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
clean-noinstPROGRAMS:
@ -498,7 +499,9 @@ info: info-am
info-am:
install-data-am: install-data-local
install-data-am:
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am:
@$(NORMAL_INSTALL)
@ -525,13 +528,12 @@ uninstall-am: uninstall-info-am
clean-generic clean-libtool clean-noinstPROGRAMS distclean \
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am info info-am install \
install-am install-data install-data-am install-data-local \
install-exec install-exec-am install-info install-info-am \
install-man install-strip installcheck installcheck-am \
installdirs maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool tags uninstall uninstall-am \
uninstall-info-am
install-am install-data install-data-am install-exec \
install-exec-am install-info install-info-am install-man \
install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
tags uninstall uninstall-am uninstall-info-am
install-suid-programs:
@ -657,7 +659,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

51
crypto/heimdal/cf/ChangeLog
View File

@ -1,3 +1,54 @@
2003-05-08 Johan Danielsson <joda@pdc.kth.se>
* Makefile.am.common: change install-data-local to
install-data-hook
2003-05-05 Assar Westerlund <assar@kth.se>
* crypto.m4: define OPENSSL_DES_LIBDES_COMPATIBILITY
2003-04-03 Love Hörnquist Åstrand <lha@it.su.se>
* crypto.m4: check if libcrypto needs -lnsl or -lsocket
2003-04-02 Love Hörnquist Åstrand <lha@it.su.se>
* crypto.m4: in the case where se don't link with kerberos 4, use
${with_openssl_include} if its are set (not
${with_openssl}/include) same for with_openssl_lib
2003-03-18 Love Hörnquist Åstrand <lha@it.su.se>
* Makefile.am.common: always define LIB_kafs
2003-03-12 Love Hörnquist Åstrand <lha@it.su.se>
* check-compile-et.m4: check if the output of compile_et needs
initialize_error_table_r
2003-02-17 Love Hörnquist Åstrand <lha@it.su.se>
* check-var.m4: add a check if the variable is avaible when we
include the headerfiles
2002-12-18 Johan Danielsson <joda@pdc.kth.se>
* roken-frag.m4: res_nsearch takes 6 parameters; spotted by Howard
Chu
2002-10-25 Johan Danielsson <joda@pdc.kth.se>
* crypto.m4: do a better job at matching headers to libraries
2002-10-16 Johan Danielsson <joda@pdc.kth.se>
* sunos.m4: more quoting
2002-09-19 Johan Danielsson <joda@pdc.kth.se>
* make-proto.pl: check the processed string for closing ), not the
source
2002-09-10 Johan Danielsson <joda@pdc.kth.se>
* crypto.m4: use m4 macros for test cases, also test for older

6
crypto/heimdal/cf/Makefile.am.common
View File

@ -1,4 +1,4 @@
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
AUTOMAKE_OPTIONS = foreign no-dependencies 1.6
@ -190,7 +190,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
@ -198,9 +198,7 @@ install-data-local: install-cat-mans
.et.c:
$(COMPILE_ET) $<
if KRB4
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
endif
if KRB5
LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \

18
crypto/heimdal/cf/check-compile-et.m4
View File

@ -1,4 +1,4 @@
dnl $Id: check-compile-et.m4,v 1.6 2001/09/02 17:08:48 assar Exp $
dnl $Id: check-compile-et.m4,v 1.7 2003/03/12 16:48:52 lha Exp $
dnl
dnl CHECK_COMPILE_ET
AC_DEFUN([CHECK_COMPILE_ET], [
@ -6,6 +6,7 @@ AC_DEFUN([CHECK_COMPILE_ET], [
AC_CHECK_PROG(COMPILE_ET, compile_et, [compile_et])
krb_cv_compile_et="no"
krb_cv_com_err_need_r=""
if test "${COMPILE_ET}" = "compile_et"; then
dnl We have compile_et. Now let's see if it supports `prefix' and `index'.
@ -34,6 +35,20 @@ int main(){return (CONFTEST_CODE2 - CONFTEST_CODE1) != 127;}
], [krb_cv_compile_et="yes"],[CPPFLAGS="${save_CPPFLAGS}"])
fi
AC_MSG_RESULT(${krb_cv_compile_et})
if test "${krb_cv_compile_et}" = "yes"; then
AC_MSG_CHECKING(for if com_err needs to have a initialize_error_table_r)
save2_CPPFLAGS="$CPPFLAGS"
CPPFLAGS="$CPPFLAGS"
AC_EGREP_CPP(initialize_error_table_r,[#include "conftest_et.c"],
[krb_cv_com_err_need_r="initialize_error_table_r(0,0,0,0);"
CPPFLAGS="$save2_CPPFLAGS"],
[CPPFLAGS="${save_CPPFLAGS}"])
if test X"$krb_cv_com_err_need_r" = X ; then
AC_MSG_RESULT(no)
else
AC_MSG_RESULT(yes)
fi
fi
rm -fr conftest*
fi
@ -45,6 +60,7 @@ if test "${krb_cv_compile_et}" = "yes"; then
AC_TRY_LINK([#include <com_err.h>],[
const char *p;
p = error_message(0);
$krb_cv_com_err_need_r
],[krb_cv_com_err="yes"],[krb_cv_com_err="no"; CPPFLAGS="${save_CPPFLAGS}"])
AC_MSG_RESULT(${krb_cv_com_err})
LIBS="${krb_cv_save_LIBS}"

11
crypto/heimdal/cf/check-var.m4
View File

@ -1,13 +1,20 @@
dnl $Id: check-var.m4,v 1.6 2001/08/21 12:00:16 joda Exp $
dnl $Id: check-var.m4,v 1.7 2003/02/17 00:44:57 lha Exp $
dnl
dnl rk_CHECK_VAR(variable, includes)
AC_DEFUN([rk_CHECK_VAR], [
AC_MSG_CHECKING(for $1)
AC_CACHE_VAL(ac_cv_var_$1, [
m4_ifval([$2],[
AC_TRY_LINK([$2
void * foo() { return &$1; }],
[foo()],
ac_cv_var_$1=yes, ac_cv_var_$1=no)])
if test "$ac_cv_var_$1" != yes ; then
AC_TRY_LINK([extern int $1;
int foo() { return $1; }],
[foo()],
ac_cv_var_$1=yes, ac_cv_var_$1=no)
fi
])
ac_foo=`eval echo \\$ac_cv_var_$1`
AC_MSG_RESULT($ac_foo)
@ -19,4 +26,4 @@ fi
])
AC_WARNING_ENABLE([obsolete])
AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo])
AU_DEFUN([AC_CHECK_VAR], [rk_CHECK_VAR([$2], [$1])], [foo])

71
crypto/heimdal/cf/crypto.m4
View File

@ -1,4 +1,4 @@
dnl $Id: crypto.m4,v 1.13 2002/09/10 19:55:48 joda Exp $
dnl $Id: crypto.m4,v 1.16.2.1 2003/05/05 20:08:32 joda Exp $
dnl
dnl test for crypto libraries:
dnl - libcrypto (from openssl)
@ -11,8 +11,10 @@ m4_define([test_headers], [
#include <openssl/md4.h>
#include <openssl/md5.h>
#include <openssl/sha.h>
#define OPENSSL_DES_LIBDES_COMPATIBILITY
#include <openssl/des.h>
#include <openssl/rc4.h>
#include <openssl/rand.h>
#else
#include <md4.h>
#include <md5.h>
@ -44,6 +46,9 @@ m4_define([test_body], [
MD4_Init(&md4);
MD5_Init(&md5);
SHA1_Init(&sha1);
#ifdef HAVE_OPENSSL
RAND_status();
#endif
des_cbc_encrypt(0, 0, 0, schedule, 0, 0);
RC4(0, 0, 0, 0);])
@ -75,23 +80,31 @@ if test "$crypto_lib" = "unknown" -a "$with_krb4" != "no"; then
ires=
for i in $INCLUDE_krb4; do
CFLAGS="-DHAVE_OPENSSL $i $save_CFLAGS"
AC_TRY_COMPILE(test_headers, test_body,
openssl=yes ires="$i"; break)
for j in $cdirs; do
for k in $clibs; do
LIBS="$j $k $save_LIBS"
AC_TRY_LINK(test_headers, test_body,
openssl=yes ires="$i" lres="$j $k"; break 3)
done
done
CFLAGS="$i $save_CFLAGS"
AC_TRY_COMPILE(test_headers, test_body,
openssl=no ires="$i"; break)
CFLAGS="-DOLD_HASH_NAMES $i $save_CFLAGS"
AC_TRY_COMPILE(test_headers, test_body,
openssl=no ires="$i" old_hash=yes; break)
done
lres=
for i in $cdirs; do
for j in $clibs; do
LIBS="$i $j $save_LIBS"
AC_TRY_LINK(test_headers, test_body,
lres="$i $j"; break 2)
for j in $cdirs; do
for k in $clibs; do
LIBS="$j $k $save_LIBS"
AC_TRY_LINK(test_headers, test_body,
openssl=no ires="$i" lres="$j $k"; break 3)
done
done
CFLAGS="-DHAVE_OLD_HASH_NAMES $i $save_CFLAGS"
for j in $cdirs; do
for k in $clibs; do
LIBS="$j $k $save_LIBS"
AC_TRY_LINK(test_headers, test_body,
openssl=no ires="$i" lres="$j $k"; break 3)
done
done
done
CFLAGS="$save_CFLAGS"
LIBS="$save_LIBS"
if test "$ires" -a "$lres"; then
@ -111,21 +124,27 @@ if test "$crypto_lib" = "unknown" -a "$with_openssl" != "no"; then
INCLUDE_des=
LIB_des=
if test "$with_openssl_include" != ""; then
INCLUDE_des="-I${with_openssl}/include"
INCLUDE_des="-I${with_openssl_include}"
fi
if test "$with_openssl_lib" != ""; then
LIB_des="-L${with_openssl}/lib"
LIB_des="-L${with_openssl_lib}"
fi
CFLAGS="-DHAVE_OPENSSL ${INCLUDE_des} ${CFLAGS}"
LIB_des="${LIB_des} -lcrypto"
LIB_des_a="$LIB_des"
LIB_des_so="$LIB_des"
LIB_des_appl="$LIB_des"
LIBS="${LIBS} ${LIB_des}"
AC_TRY_LINK(test_headers, test_body, [
crypto_lib=libcrypto openssl=yes
AC_MSG_RESULT([libcrypto])
])
saved_LIB_des="$LIB_des"
for lres in "" "-lnsl -lsocket"; do
LIB_des="${saved_LIB_des} -lcrypto $lres"
LIB_des_a="$LIB_des"
LIB_des_so="$LIB_des"
LIB_des_appl="$LIB_des"
LIBS="${LIBS} ${LIB_des}"
AC_TRY_LINK(test_headers, test_body, [
crypto_lib=libcrypto openssl=yes
AC_MSG_RESULT([libcrypto])
])
if test "$crypto_lib" = libcrypto ; then
break;
fi
done
CFLAGS="$save_CFLAGS"
LIBS="$save_LIBS"
fi

6
crypto/heimdal/cf/make-proto.pl
View File

@ -1,5 +1,5 @@
# Make prototypes from .c files
# $Id: make-proto.pl,v 1.15 2002/08/12 16:23:58 joda Exp $
# $Id: make-proto.pl,v 1.16 2002/09/19 19:29:42 joda Exp $
##use Getopt::Std;
require 'getopts.pl';
@ -49,9 +49,9 @@ while(<>) {
s/\/\*(.|\n)*\ca//;
}
s/^\s*//;
s/\s$//;
s/\s*$//;
s/\s+/ /g;
if($line =~ /\)\s$/){
if($_ =~ /\)$/){
if(!/^static/ && !/^PRIVATE/){
if(/(.*)(__attribute__\s?\(.*\))/) {
$attr = $2;

4
crypto/heimdal/cf/roken-frag.m4
View File

@ -1,4 +1,4 @@
dnl $Id: roken-frag.m4,v 1.44 2002/09/04 20:57:30 joda Exp $
dnl $Id: roken-frag.m4,v 1.45 2002/12/18 17:34:25 joda Exp $
dnl
dnl some code to get roken working
dnl
@ -143,7 +143,7 @@ AC_FIND_FUNC(res_nsearch, resolv,
#include <resolv.h>
#endif
],
[0,0,0,0,0])
[0,0,0,0,0,0])
AC_FIND_FUNC(dn_expand, resolv,
[

2
crypto/heimdal/cf/sunos.m4
View File

@ -1,5 +1,5 @@
dnl
dnl $Id: sunos.m4,v 1.1.4.1 2002/10/21 14:29:36 joda Exp $
dnl $Id: sunos.m4,v 1.2 2002/10/16 14:42:13 joda Exp $
dnl
AC_DEFUN([rk_SUNOS],[

862
crypto/heimdal/configure vendored
View File

File diff suppressed because it is too large Load Diff

12
crypto/heimdal/configure.in
View File

@ -1,8 +1,8 @@
dnl Process this file with autoconf to produce a configure script.
AC_REVISION($Revision: 1.325.2.2 $)
AC_REVISION($Revision: 1.331.2.2 $)
AC_PREREQ(2.53)
#test -z "$CFLAGS" && CFLAGS="-g"
AC_INIT(Heimdal, 0.5.1, heimdal-bugs@pdc.kth.se)
##test -z "$CFLAGS" && CFLAGS="-g"
AC_INIT(Heimdal, 0.6, heimdal-bugs@pdc.kth.se)
AC_CONFIG_SRCDIR([kuser/kinit.c])
AM_CONFIG_HEADER(include/config.h)
@ -12,6 +12,7 @@ AC_PROG_CPP
AC_PROG_CC_STDC
AM_INIT_AUTOMAKE
AM_MAINTAINER_MODE
AC_PREFIX_DEFAULT(/usr/heimdal)
@ -23,6 +24,11 @@ CANONICAL_HOST=$host
AC_SUBST(CANONICAL_HOST)
AC_SYS_LARGEFILE
dnl need to set this on the command line, since it might otherwise break
dnl with generated code, such as lex
if test "$enable_largefile" != no -a "$ac_cv_sys_large_files" != no; then
CPPFLAGS="$CPPFLAGS -D_LARGE_FILES=$ac_cv_sys_large_files"
fi
dnl
dnl this is needed to run the configure tests against glibc

27
crypto/heimdal/doc/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -226,10 +227,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .dvi .info .ps .texi
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign doc/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
mostlyclean-libtool:
@ -390,7 +391,9 @@ info: info-am
info-am: $(INFO_DEPS)
install-data-am: install-data-local install-info-am
install-data-am: install-info-am
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am:
@$(NORMAL_INSTALL)
@ -441,12 +444,12 @@ uninstall-am: uninstall-info-am
clean-generic clean-libtool dist-info distclean \
distclean-generic distclean-libtool distdir dvi dvi-am info \
info-am install install-am install-data install-data-am \
install-data-local install-exec install-exec-am install-info \
install-info-am install-man install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-aminfo maintainer-clean-generic mostlyclean \
mostlyclean-aminfo mostlyclean-generic mostlyclean-libtool \
uninstall uninstall-am uninstall-info-am
install-exec install-exec-am install-info install-info-am \
install-man install-strip installcheck installcheck-am \
installdirs maintainer-clean maintainer-clean-aminfo \
maintainer-clean-generic mostlyclean mostlyclean-aminfo \
mostlyclean-generic mostlyclean-libtool uninstall uninstall-am \
uninstall-info-am
install-suid-programs:
@ -572,7 +575,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

4
crypto/heimdal/doc/ack.texi
View File

@ -1,4 +1,4 @@
@c $Id: ack.texi,v 1.15 2002/09/04 01:03:35 assar Exp $
@c $Id: ack.texi,v 1.16 2003/03/15 14:21:41 lha Exp $
@node Acknowledgments, , Migration, Top
@comment node-name, next, previous, up
@ -60,6 +60,8 @@ Bugfixes, documentation, encouragement, and code has been contributed by:
@email{rnyberg@@it.su.se}
@item Frank van der Linden
@email{fvdl@@netbsd.org}
@item Cizzi Storm
@email{cizzi@@it.su.se}
@item and we hope that those not mentioned here will forgive us.
@end table

8
crypto/heimdal/doc/intro.texi
View File

@ -1,4 +1,4 @@
@c $Id: intro.texi,v 1.12 2001/01/28 22:11:22 assar Exp $
@c $Id: intro.texi,v 1.13 2003/03/15 13:42:16 lha Exp $
@node Introduction, What is Kerberos?, Top, Top
@c @node Introduction, What is Kerberos?, Top, Top
@ -93,3 +93,9 @@ There are two mailing lists with talk about
Heimdal. @email{heimdal-announce@@sics.se} is a low-volume announcement
list, while @email{heimdal-discuss@@sics.se} is for general discussion.
Send a message to @email{majordomo@@sics.se} to subscribe.
@heading Heimdal source code, binaries and the manual
The source code for heimdal, links to binaries and the manual (this
document) can be found on our web-page at
@url{http://www.pdc.kth.se/heimdal/}.

68
crypto/heimdal/doc/misc.texi
View File

@ -1,4 +1,4 @@
@c $Id: misc.texi,v 1.6 2001/02/24 05:09:24 assar Exp $
@c $Id: misc.texi,v 1.13 2003/03/30 21:30:59 lha Exp $
@node Things in search for a better place, Kerberos 4 issues, Setting up a realm, Top
@chapter Things in search for a better place
@ -37,7 +37,7 @@ says that people with `admin' instances should be given `enabled' shells
when logging in.
The numbers after the principal on the `srvtab' line are principal type,
timestamp (in seconds since 1970), key version number (4), keytype (1 ==
time stamp (in seconds since 1970), key version number (4), keytype (1 ==
des), key length (always 8 with des), and then the key.
To make the Heimdal KDC produce tickets that the Cisco can decode you
@ -57,8 +57,70 @@ A working solution would be to hook up a machine with a real operating
system to the console of the Cisco and then use it as a backwards
terminal server.
@section Making things work on Transarc AFS
@section Making things work on Transarc/OpenAFS AFS
@subsection How to get a KeyFile
@file{ktutil -k AFSKEYFILE:KeyFile get afs@@MY.REALM}
or you can extract it with kadmin
@example
kadmin> ext -k AFSKEYFILE:/usr/afs/etc/KeyFile afs@@My.CELL.NAME
@end example
You have to make sure you have a @code{des-cbc-md5} encryption type since that
is the key that will be converted.
@subsection How to convert a srvtab to a KeyFile
You need a @file{/usr/vice/etc/ThisCell} containing the cellname of you
AFS-cell.
@file{ktutil copy krb4:/root/afs-srvtab AFSKEYFILE:/usr/afs/etc/KeyFile}.
If keyfile already exists, this will add the new key in afs-srvtab to
KeyFile.
@section Using 2b tokens with AFS
@subsection What is 2b ?
2b is the name of the proposal that was implemented to give basic
Kerberos 5 support to AFS in rxkad. Its not real Kerberos 5 support
since it still uses fcrypt for data encryption and not Kerberos
encryption types.
Its only possible (in all cases) to do this for DES encryption types because
only then the token (the AFS equivalent of a ticket) will be be smaller
than the maximum size that can fit in the token cache in
OpenAFS/Transarc client. Its so tight fit that some extra wrapping on the ASN1/DER encoding is removed from the Kerberos ticket.
2b uses a Kerberos 5 EncTicketPart instead of a Kerberos 4 ditto for
the part of the ticket that is encrypted with the service's key. The
client doesn't know what's inside the encrypted data so to the client it doesn't matter.
To differentiate between Kerberos 4 tickets and Kerberos 5 tickets 2b
uses a special kvno, 213 for 2b tokens and 255 for Kerberos 5 tokens.
Its a requirement that all AFS servers that support 2b also support
native Kerberos 5 in rxkad.
@subsection Configuring Heimdal to use 2b tokens
Support for 2b tokens are turned on for specific principals by adding
them to the string list option @code{[kdc]use_2b} in the kdc's
@file{krb5.conf} file.
@example
[kdc]
use_2b = @{
afs@@SU.SE = yes
afs/it.su.se@@SU.SE = yes
@}
@end example
@subsection Configuring AFS clients
There is no need to configure AFS clients. The only software that
needs to be installed/upgrade is a Kerberos 5 enabled @file{afslog}.

4
crypto/heimdal/doc/programming.texi
View File

@ -1,4 +1,4 @@
@c $Id: programming.texi,v 1.2 2001/05/16 22:11:00 assar Exp $
@c $Id: programming.texi,v 1.2.8.1 2003/04/24 11:55:45 lha Exp $
@node Programming with Kerberos
@chapter Programming with Kerberos
@ -45,7 +45,7 @@ replay cache, and checksum types.
See the manual page for @manpage{krb5_auth_context,3}.
@subsection Keytab managment
@subsection Keytab management
A keytab is a storage for locally stored keys. Heimdal includes keytab
support for Kerberos 5 keytabs, Kerberos 4 srvtab, AFS-KeyFile's,

63
crypto/heimdal/doc/setup.texi
View File

@ -1,4 +1,4 @@
@c $Id: setup.texi,v 1.25 2001/08/24 05:24:33 assar Exp $
@c $Id: setup.texi,v 1.27 2003/03/30 21:43:00 lha Exp $
@node Setting up a realm, Things in search for a better place, Building and Installing, Top
@ -8,6 +8,7 @@
* Configuration file::
* Creating the database::
* keytabs::
* Serving Kerberos 4/524/kaserver::
* Remote administration::
* Password changing::
* Testing clients and servers::
@ -165,7 +166,7 @@ krbtgt/MY.REALM@@MY.REALM 1:0:1:52b53b61c875ce16:-:0:7:c8943be ...
kadmin/changepw@@MY.REALM 1:0:1:f48c8af2b340e9fb:-:0:7:e3e6088 ...
@end smallexample
@node keytabs, Remote administration, Creating the database, Setting up a realm
@node keytabs, Serving Kerberos 4/524/kaserver, Creating the database, Setting up a realm
@section keytabs
To extract a service ticket from the database and put it in a keytab you
@ -187,7 +188,56 @@ Version Type Principal
1 des3-cbc-sha1 host/my.host.name@@MY.REALM
@end example
@node Remote administration, Password changing, keytabs, Setting up a realm
@node Serving Kerberos 4/524/kaserver, Remote administration, keytabs, Setting up a realm
@section Serving Kerberos 4/524/kaserver
Heimdal can be configured to support 524, Kerberos 4 or kaserver. All
theses services are default turned off. Kerberos 4 support also
depends on if Kerberos 4 support is compiled in with heimdal.
@subsection 524
524 is a service that allows the kdc to convert Kerberos 5 tickets to
Kerberos 4 tickets for backward compatibility. See also Using 2b
tokens with AFS in @xref{Things in search for a better place}.
524 can be turned on by adding this to the configuration file
@example
[kdc]
enable-524 = yes
@end example
@subsection Kerberos 4
Kerberos 4 is the predecessor to to Kerberos 5. It only support single
DES. You should only enable Kerberos 4 support if you have a need for
for compatibility with an installed base of Kerberos 4 clients/servers.
Kerberos 4 can be turned on by adding this to the configuration file
@example
[kdc]
enable-kerberos4 = yes
@end example
@subsection kaserver
Kaserver is a Kerberos 4 that is used in AFS, the protocol have some
features over plain Kerberos 4, but like kerberos 4 only use single
DES too.
You should only enable Kerberos 4 support if you have a need for for
compatibility with an installed base of AFS machines.
Kaserver can be turned on by adding this to the configuration file
@example
[kdc]
enable-kaserver = yes
@end example
@node Remote administration, Password changing, Serving Kerberos 4/524/kaserver, Setting up a realm
@section Remote administration
The administration server, @samp{kadmind}, can be started by
@ -314,7 +364,7 @@ Every slave needs a keytab with a principal,
@code{propd}, as follows:
@example
slave# ktutil get -p foo/admin host/`hostname`
slave# ktutil get -p foo/admin hprop/`hostname`
slave# hpropd
@end example
@ -434,8 +484,9 @@ Common types of salting includes
@itemize @bullet
@item @code{v4} (or @code{des:pw-salt:})
The Kerberos 4 salting is using no salt att all. Reson there is colon
that the end is that
The Kerberos 4 salting is using no salt att all. Reason there is colon
that the end or the salt string is that it makes the salt the empty
string (same as no salt).
@item @code{v5} (or @code{pw-salt})

38
crypto/heimdal/include/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -297,10 +298,10 @@ all: config.h
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign include/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
config.h: stamp-h1
@ -313,7 +314,7 @@ stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
@rm -f stamp-h1
cd $(top_builddir) && $(SHELL) ./config.status include/config.h
$(srcdir)/config.h.in: $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && $(AUTOHEADER)
touch $(srcdir)/config.h.in
@ -560,7 +561,9 @@ info: info-recursive
info-am:
install-data-am: install-data-local install-includeHEADERS
install-data-am: install-includeHEADERS
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am:
@$(NORMAL_INSTALL)
@ -591,17 +594,16 @@ uninstall-info: uninstall-info-recursive
distclean-compile distclean-generic distclean-hdr \
distclean-libtool distclean-recursive distclean-tags distdir \
dvi dvi-am dvi-recursive info info-am info-recursive install \
install-am install-data install-data-am install-data-local \
install-data-recursive install-exec install-exec-am \
install-exec-recursive install-includeHEADERS install-info \
install-info-am install-info-recursive install-man \
install-recursive install-strip installcheck installcheck-am \
installdirs installdirs-am installdirs-recursive \
maintainer-clean maintainer-clean-generic \
maintainer-clean-recursive mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool mostlyclean-recursive \
tags tags-recursive uninstall uninstall-am \
uninstall-includeHEADERS uninstall-info-am \
install-am install-data install-data-am install-data-recursive \
install-exec install-exec-am install-exec-recursive \
install-includeHEADERS install-info install-info-am \
install-info-recursive install-man install-recursive \
install-strip installcheck installcheck-am installdirs \
installdirs-am installdirs-recursive maintainer-clean \
maintainer-clean-generic maintainer-clean-recursive mostlyclean \
mostlyclean-compile mostlyclean-generic mostlyclean-libtool \
mostlyclean-recursive tags tags-recursive uninstall \
uninstall-am uninstall-includeHEADERS uninstall-info-am \
uninstall-info-recursive uninstall-recursive
@ -728,7 +730,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

27
crypto/heimdal/include/kadm5/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -222,10 +223,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign include/kadm5/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
mostlyclean-libtool:
@ -317,7 +318,9 @@ info: info-am
info-am:
install-data-am: install-data-local
install-data-am:
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am:
@$(NORMAL_INSTALL)
@ -342,12 +345,12 @@ uninstall-am: uninstall-info-am
.PHONY: all all-am all-local check check-am check-local clean \
clean-generic clean-libtool distclean distclean-generic \
distclean-libtool distdir dvi dvi-am info info-am install \
install-am install-data install-data-am install-data-local \
install-exec install-exec-am install-info install-info-am \
install-man install-strip installcheck installcheck-am \
installdirs maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-generic mostlyclean-libtool uninstall \
uninstall-am uninstall-info-am
install-am install-data install-data-am install-exec \
install-exec-am install-info install-info-am install-man \
install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-generic mostlyclean-libtool uninstall uninstall-am \
uninstall-info-am
install-suid-programs:
@ -473,7 +476,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

8
crypto/heimdal/include/make_crypto.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002 Kungliga Tekniska Högskolan
* Copyright (c) 2002 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#ifdef HAVE_CONFIG_H
#include <config.h>
RCSID("$Id: make_crypto.c,v 1.2.2.1 2002/10/21 14:30:04 joda Exp $");
RCSID("$Id: make_crypto.c,v 1.4.2.1 2003/05/05 20:10:27 joda Exp $");
#endif
#include <stdio.h>
#include <string.h>
@ -60,11 +60,15 @@ main(int argc, char **argv)
fprintf(f, "#ifndef __%s__\n", argv[1]);
fprintf(f, "#define __%s__\n", argv[1]);
#ifdef HAVE_OPENSSL
fputs("#define OPENSSL_DES_LIBDES_COMPATIBILITY\n", f);
fputs("#include <openssl/des.h>\n", f);
fputs("#include <openssl/rc4.h>\n", f);
fputs("#include <openssl/md4.h>\n", f);
fputs("#include <openssl/md5.h>\n", f);
fputs("#include <openssl/sha.h>\n", f);
#if ENABLE_AES
fputs("#include <openssl/aes.h>\n", f);
#endif
#else
fputs("#include <des.h>\n", f);
fputs("#include <md4.h>\n", f);

38
crypto/heimdal/kadmin/ChangeLog
View File

@ -1,6 +1,42 @@
2003-04-14 Love Hörquist Åstrand <lha@it.su.se>
* util.c: cast argument to tolower to unsigned char, from
Christian Biere <christianbiere@gmx.de> via NetBSD
2003-04-06 Love Hörquist Åstrand <lha@it.su.se>
* kadmind.8: s/kerberos/Kerberos/
2003-03-31 Love Hörquist Åstrand <lha@it.su.se>
* kadmin.8: initialises -> initializes, from Perry E. Metzger"
<perry@piermont.com>
* kadmin.c: principal, not pricipal. From Thomas Klausner
<wiz@netbsd.org>
2003-02-04 Love Hörquist Åstrand <lha@it.su.se>
* kadmind.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
* kadmin.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
2003-01-29 Love Hörquist Åstrand <lha@it.su.se>
* server.c (kadmind_dispatch): kadm_chpass: require the password
to pass the password quality check in case the user changes the
user's own password kadm_chpass_with_key: disallow the user to
change it own password to a key, since that password might violate
the password quality check.
2002-10-23 Assar Westerlund <assar@kth.se>
* version4.c (decode_packet): check the length of the version
string and that rlen has a reasonable value
2002-10-21 Johan Danielsson <joda@pdc.kth.se>
* version4.c: pull up 1.27; check size of rlen
* version4.c: check size of rlen
2002-09-10 Johan Danielsson <joda@pdc.kth.se>

19
crypto/heimdal/kadmin/Makefile.in
View File

@ -18,7 +18,7 @@
# $Id: Makefile.am.common,v 1.5 2002/05/19 18:35:37 joda Exp $
# $Id: Makefile.am.common,v 1.36 2002/08/19 16:10:25 joda Exp $
# $Id: Makefile.am.common,v 1.37.2.1 2003/05/08 17:08:09 joda Exp $
SHELL = @SHELL@
srcdir = @srcdir@
@ -114,6 +114,7 @@ LIB_roken = @LIB_roken@
LIB_security = @LIB_security@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAINT = @MAINT@
NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@
NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@
NROFF = @NROFF@
@ -192,7 +193,7 @@ LIB_readline = @LIB_readline@
NROFF_MAN = groff -mandoc -Tascii
@KRB4_TRUE@LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
LIB_kafs = $(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS)
@KRB5_TRUE@LIB_krb5 = $(top_builddir)/lib/krb5/libkrb5.la \
@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la
@ -345,10 +346,10 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .et .h .x .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .c .lo .o .obj
$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ Makefile.am $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common $(top_srcdir)/configure.in $(ACLOCAL_M4)
cd $(top_srcdir) && \
$(AUTOMAKE) --foreign kadmin/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
Makefile: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.in $(top_builddir)/config.status
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)
libexecPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
install-libexecPROGRAMS: $(libexec_PROGRAMS)
@ -595,7 +596,9 @@ info: info-am
info-am:
install-data-am: install-data-local install-man
install-data-am: install-man
@$(NORMAL_INSTALL)
$(MAKE) $(AM_MAKEFLAGS) install-data-hook
install-exec-am: install-libexecPROGRAMS install-sbinPROGRAMS
@$(NORMAL_INSTALL)
@ -626,8 +629,8 @@ uninstall-man: uninstall-man8
clean-noinstPROGRAMS clean-sbinPROGRAMS distclean \
distclean-compile distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am info info-am install \
install-am install-data install-data-am install-data-local \
install-exec install-exec-am install-info install-info-am \
install-am install-data install-data-am install-exec \
install-exec-am install-info install-info-am \
install-libexecPROGRAMS install-man install-man8 \
install-sbinPROGRAMS install-strip installcheck installcheck-am \
installdirs maintainer-clean maintainer-clean-generic \
@ -760,7 +763,7 @@ dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans
install-cat-mans:
$(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS)
install-data-local: install-cat-mans
install-data-hook: install-cat-mans
.et.h:
$(COMPILE_ET) $<

11
crypto/heimdal/kadmin/ank.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,7 +33,7 @@
#include "kadmin_locl.h"
RCSID("$Id: ank.c,v 1.23 2002/06/07 19:05:38 nectar Exp $");
RCSID("$Id: ank.c,v 1.25 2002/12/03 14:11:24 joda Exp $");
/*
* fetch the default principal corresponding to `princ'
@ -112,7 +112,8 @@ add_one_principal (const char *name,
if(use_defaults)
set_defaults(&princ, &mask, default_ent, default_mask);
else
edit_entry(&princ, &mask, default_ent, default_mask);
if(edit_entry(&princ, &mask, default_ent, default_mask))
goto out;
if(rand_key || key_data) {
princ.attributes |= KRB5_KDB_DISALLOW_ALL_TIX;
mask |= KADM5_ATTRIBUTES;
@ -136,8 +137,10 @@ add_one_principal (const char *name,
}
ret = kadm5_create_principal(kadm_handle, &princ, mask, password);
if(ret)
if(ret) {
krb5_warn(context, ret, "kadm5_create_principal");
goto out;
}
if(rand_key) {
krb5_keyblock *new_keys;
int n_keys, i;

27
crypto/heimdal/kadmin/init.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-2000 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -34,7 +34,7 @@
#include "kadmin_locl.h"
#include <kadm5/private.h>
RCSID("$Id: init.c,v 1.27 2000/09/10 19:20:16 joda Exp $");
RCSID("$Id: init.c,v 1.29 2002/12/03 14:08:17 joda Exp $");
static kadm5_ret_t
create_random_entry(krb5_principal princ,
@ -90,6 +90,7 @@ static struct getargs args[] = {
"realm max ticket lifetime" },
{ "realm-max-renewable-life", 0, arg_string, NULL,
"realm max renewable lifetime" },
{ "help", 'h', arg_flag, NULL },
};
static int num_args = sizeof(args) / sizeof(args[0]);
@ -107,14 +108,16 @@ init(int argc, char **argv)
int i;
char *realm_max_life = NULL;
char *realm_max_rlife = NULL;
int help_flag = 0;
HDB *db;
int optind = 0;
krb5_deltat max_life, max_rlife;
args[0].value = &realm_max_life;
args[1].value = &realm_max_rlife;
args[2].value = &help_flag;
if(getarg(args, num_args, argc, argv, &optind)) {
if(getarg(args, num_args, argc, argv, &optind) || help_flag) {
usage();
return 0;
}
@ -150,16 +153,24 @@ init(int argc, char **argv)
const char *realm = argv[i];
/* Create `krbtgt/REALM' */
krb5_make_principal(context, &princ, realm,
KRB5_TGS_NAME, realm, NULL);
ret = krb5_make_principal(context, &princ, realm,
KRB5_TGS_NAME, realm, NULL);
if(ret)
return 0;
if (realm_max_life == NULL) {
max_life = 0;
edit_deltat ("Realm max ticket life", &max_life, NULL, 0);
if(edit_deltat ("Realm max ticket life", &max_life, NULL, 0)) {
krb5_free_principal(context, princ);
return 0;
}
}
if (realm_max_rlife == NULL) {
max_rlife = 0;
edit_deltat("Realm max renewable ticket life", &max_rlife,
NULL, 0);
if(edit_deltat("Realm max renewable ticket life", &max_rlife,
NULL, 0)) {
krb5_free_principal(context, princ);
return 0;
}
}
create_random_entry(princ, max_life, max_rlife, 0);
krb5_free_principal(context, princ);

2
crypto/heimdal/kadmin/kadm_conn.c
View File

@ -36,7 +36,7 @@
#include <sys/wait.h>
#endif
RCSID("$Id: kadm_conn.c,v 1.13.6.1 2002/10/21 14:53:39 joda Exp $");
RCSID("$Id: kadm_conn.c,v 1.14 2002/10/21 13:21:24 joda Exp $");
struct kadm_port {
char *port;

45
crypto/heimdal/kadmin/kadmin.8
View File

@ -1,4 +1,35 @@
.\" $Id: kadmin.8,v 1.7 2002/08/20 17:07:11 joda Exp $
.\" Copyright (c) 2000 - 2003 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. Neither the name of the Institute nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: kadmin.8,v 1.10 2003/03/31 10:42:32 lha Exp $
.\"
.Dd September 10, 2000
.Dt KADMIN 8
@ -43,7 +74,7 @@
.Sh DESCRIPTION
The
.Nm
program is used to make modification to the Kerberos database, either remotely via the
program is used to make modifications to the Kerberos database, either remotely via the
.Xr kadmind 8
daemon, or locally (with the
.Fl l
@ -60,7 +91,7 @@ principal to authenticate as
.Fl K Ar string ,
.Fl -keytab= Ns Ar string
.Xc
keytab for authentication pricipal
keytab for authentication principal
.It Xo
.Fl c Ar file ,
.Fl -config-file= Ns Ar file
@ -145,7 +176,7 @@ removes a principal
.Ar principal enctypes...
.Pp
.Bd -ragged -offset indent
removes some enctypes from a principal, this can be useful the service
removes some enctypes from a principal. This can be useful the service
belonging to the principal is known to not handle certain enctypes
.Ed
.Pp
@ -198,12 +229,12 @@ modifies certain attributes of a principal
.Nm privileges
.Pp
.Bd -ragged -offset indent
lists the operations you are allowd to perform
lists the operations you are allowed to perform
.Ed
.Pp
.Ed
.Pp
When running in local mode, the following commands can also be used.
When running in local mode, the following commands can also be used:
.Bd -ragged -offset indent
.Nm dump
.Op Fl d | Fl -decrypt
@ -221,7 +252,7 @@ form to the specified file, or standard out
.Ar realm
.Pp
.Bd -ragged -offset indent
initialises the Kerberos database with entries for a new realm, it's
initializes the Kerberos database with entries for a new realm. It's
possible to have more than one realm served by one server
.Ed
.Pp

4
crypto/heimdal/kadmin/kadmin.c
View File

@ -34,7 +34,7 @@
#include "kadmin_locl.h"
#include <sl.h>
RCSID("$Id: kadmin.c,v 1.41 2001/08/10 08:06:13 joda Exp $");
RCSID("$Id: kadmin.c,v 1.42 2003/03/31 10:20:19 lha Exp $");
static char *config_file;
static char *keyfile;
@ -51,7 +51,7 @@ static struct getargs args[] = {
{ "principal", 'p', arg_string, &client_name,
"principal to authenticate as" },
{ "keytab", 'K', arg_string, &keytab,
"keytab for authentication pricipal" },
"keytab for authentication principal" },
{
"config-file", 'c', arg_string, &config_file,
"location of config file", "file"

39
crypto/heimdal/kadmin/kadmind.8
View File

@ -1,11 +1,42 @@
.\" $Id: kadmind.8,v 1.10.2.1 2002/10/21 14:53:39 joda Exp $
.\" Copyright (c) 2002 - 2003 Kungliga Tekniska Högskolan
.\" (Royal Institute of Technology, Stockholm, Sweden).
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" 3. Neither the name of the Institute nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $Id: kadmind.8,v 1.14 2003/04/06 17:47:57 lha Exp $
.\"
.Dd March 5, 2002
.Dt KADMIND 8
.Os HEIMDAL
.Sh NAME
.Nm kadmind
.Nd "server for administrative access to kerberos database"
.Nd "server for administrative access to Kerberos database"
.Sh SYNOPSIS
.Nm
.Oo Fl c Ar file \*(Ba Xo
@ -51,7 +82,7 @@ daemon is responsible for the Kerberos 5 password changing protocol
.Xr kpasswd 1 )
.
.Pp
This daemon should only be run on ther master server, and not on any
This daemon should only be run on the master server, and not on any
slaves.
.Pp
Principals are always allowed to change their own password and list
@ -118,7 +149,7 @@ enable debugging
.Fl p Ar port ,
.Fl -ports= Ns Ar port
.Xc
ports to listen to. By default, if run as a daemon, it listen to ports
ports to listen to. By default, if run as a daemon, it listens to ports
749, and 751 (if Kerberos 4 support is built and enabled), but you can
add any number of ports with this option. The port string is a
whitespace separated list of port specifications, with the special

2
crypto/heimdal/kadmin/kadmind.c
View File

@ -33,7 +33,7 @@
#include "kadmin_locl.h"
RCSID("$Id: kadmind.c,v 1.27.6.1 2002/10/21 14:53:39 joda Exp $");
RCSID("$Id: kadmind.c,v 1.28 2002/10/21 13:21:24 joda Exp $");
static char *check_library = NULL;
static char *check_function = NULL;

6
crypto/heimdal/kadmin/mod.c
View File

@ -33,7 +33,7 @@
#include "kadmin_locl.h"
RCSID("$Id: mod.c,v 1.10 2000/07/11 14:34:56 joda Exp $");
RCSID("$Id: mod.c,v 1.11 2002/12/03 14:12:30 joda Exp $");
static int parse_args (krb5_context context, kadm5_principal_ent_t ent,
int argc, char **argv, int *optind, char *name,
@ -136,7 +136,8 @@ mod_entry(int argc, char **argv)
printf ("no such principal: %s\n", argv[0]);
return 0;
}
edit_entry(&princ, &mask, NULL, 0);
if(edit_entry(&princ, &mask, NULL, 0))
goto out;
} else {
princ.principal = princ_ent;
}
@ -144,6 +145,7 @@ mod_entry(int argc, char **argv)
ret = kadm5_modify_principal(kadm_handle, &princ, mask);
if(ret)
krb5_warn(context, ret, "kadm5_modify_principal");
out:
kadm5_free_principal_ent(kadm_handle, &princ);
return 0;
}

40
crypto/heimdal/kadmin/server.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997 - 2002 Kungliga Tekniska Högskolan
* Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -34,7 +34,7 @@
#include "kadmin_locl.h"
#include <krb5-private.h>
RCSID("$Id: server.c,v 1.36.2.1 2002/10/21 14:53:39 joda Exp $");
RCSID("$Id: server.c,v 1.38 2003/01/29 12:33:05 lha Exp $");
static kadm5_ret_t
kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
@ -217,19 +217,36 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
/*
* The change is allowed if at least one of:
* a) it's for the principal him/herself and this was an initial ticket
* a) it's for the principal him/herself and this was an
* initial ticket, but then, check with the password quality
* function.
* b) the user is on the CPW ACL.
*/
if (initial
&& krb5_principal_compare (context->context, context->caller,
princ))
ret = 0;
else
{
krb5_data pwd_data;
const char *pwd_reason;
pwd_data.data = password;
pwd_data.length = strlen(password);
pwd_reason = kadm5_check_password_quality (context->context,
princ, &pwd_data);
if (pwd_reason != NULL)
ret = KADM5_PASS_Q_DICT;
else
ret = 0;
} else
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
if(ret) {
krb5_free_principal(context->context, princ);
memset(password, 0, strlen(password));
free(password);
goto fail;
}
ret = kadm5_chpass_principal(kadm_handle, princ, password);
@ -286,18 +303,11 @@ kadmind_dispatch(void *kadm_handle, krb5_boolean initial,
krb5_warnx(context->context, "%s: %s %s", client, op, name);
/*
* The change is allowed if at least one of:
* a) it's for the principal him/herself and this was an initial ticket
* b) the user is on the CPW ACL.
* The change is only allowed if the user is on the CPW ACL,
* this it to force password quality check on the user.
*/
if (initial
&& krb5_principal_compare (context->context, context->caller,
princ))
ret = 0;
else
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
ret = _kadm5_acl_check_permission(context, KADM5_PRIV_CPW, princ);
if(ret) {
int16_t dummy = n_key_data;

5
crypto/heimdal/kadmin/util.c
View File

@ -34,7 +34,7 @@
#include "kadmin_locl.h"
#include <parse_units.h>
RCSID("$Id: util.c,v 1.37 2002/06/07 18:28:46 joda Exp $");
RCSID("$Id: util.c,v 1.39 2003/04/14 11:55:27 lha Exp $");
/*
* util.c - functions for parsing, unparsing, and editing different
@ -556,6 +556,7 @@ get_response(const char *prompt, const char *def, char *buf, size_t len)
osig = signal(SIGINT, interrupt);
if(setjmp(jmpbuf)) {
signal(SIGINT, osig);
printf("\n");
return 1;
}
@ -586,7 +587,7 @@ hex2n (char c)
static char hexdigits[] = "0123456789abcdef";
const char *p;
p = strchr (hexdigits, tolower((int)c));
p = strchr (hexdigits, tolower((unsigned char)c));
if (p == NULL)
return -1;
else

33
crypto/heimdal/kadmin/version4.c
View File

@ -41,7 +41,7 @@
#include <krb_err.h>
#include <kadm_err.h>
RCSID("$Id: version4.c,v 1.26.2.1 2002/10/21 14:52:59 joda Exp $");
RCSID("$Id: version4.c,v 1.29 2002/10/29 10:33:23 joda Exp $");
#define KADM_NO_OPCODE -1
#define KADM_NO_ENCRYPT -2
@ -51,7 +51,7 @@ RCSID("$Id: version4.c,v 1.26.2.1 2002/10/21 14:52:59 joda Exp $");
*/
static void
make_you_loose_packet(int code, krb5_data *reply)
make_you_lose_packet(int code, krb5_data *reply)
{
krb5_data_alloc(reply, KADM_VERSIZE + 4);
memcpy(reply->data, KADM_ULOSE, KADM_VERSIZE);
@ -812,9 +812,9 @@ decode_packet(krb5_context context,
char *client_str;
krb5_keytab_entry entry;
if(message.length < KADM_VERSIZE
if(message.length < KADM_VERSIZE + 4
|| strncmp(msg, KADM_VERSTR, KADM_VERSIZE) != 0) {
make_you_loose_packet (KADM_BAD_VER, reply);
make_you_lose_packet (KADM_BAD_VER, reply);
return;
}
@ -823,9 +823,10 @@ decode_packet(krb5_context context,
memset(&authent, 0, sizeof(authent));
authent.length = message.length - rlen - KADM_VERSIZE - 4;
if(authent.length >= MAX_KTXT_LEN) {
if(rlen > message.length - KADM_VERSIZE - 4
|| authent.length > MAX_KTXT_LEN) {
krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen);
make_you_loose_packet (KADM_LENGTH_ERROR, reply);
make_you_lose_packet (KADM_LENGTH_ERROR, reply);
return;
}
@ -840,7 +841,7 @@ decode_packet(krb5_context context,
"changepw", "kerberos", NULL);
if (ret) {
krb5_warn (context, ret, "krb5_make_principal");
make_you_loose_packet (KADM_NOMEM, reply);
make_you_lose_packet (KADM_NOMEM, reply);
return;
}
ret = krb5_kt_get_entry (context, keytab, principal, 0,
@ -848,7 +849,7 @@ decode_packet(krb5_context context,
krb5_kt_close (context, keytab);
if (ret) {
krb5_free_principal(context, principal);
make_you_loose_packet (KADM_NO_AUTH, reply);
make_you_lose_packet (KADM_NO_AUTH, reply);
return;
}
ret = krb5_copy_keyblock (context, &entry.keyblock,& key);
@ -856,10 +857,10 @@ decode_packet(krb5_context context,
krb5_free_principal(context, principal);
if(ret) {
if(ret == KRB5_KT_NOTFOUND)
make_you_loose_packet(KADM_NO_AUTH, reply);
make_you_lose_packet(KADM_NO_AUTH, reply);
else
/* XXX */
make_you_loose_packet(KADM_NO_AUTH, reply);
make_you_lose_packet(KADM_NO_AUTH, reply);
krb5_warn(context, ret, "krb5_kt_read_service_key");
return;
}
@ -875,7 +876,7 @@ decode_packet(krb5_context context,
client_addr->sin_addr.s_addr, &ad, NULL);
if(ret) {
make_you_loose_packet(ERROR_TABLE_BASE_krb + ret, reply);
make_you_lose_packet(ERROR_TABLE_BASE_krb + ret, reply);
krb5_warnx(context, "krb_rd_req: %d", ret);
return;
}
@ -884,7 +885,7 @@ decode_packet(krb5_context context,
&client);
if (ret) {
krb5_warnx (context, "krb5_425_conv_principal: %d", ret);
make_you_loose_packet (KADM_NOMEM, reply);
make_you_lose_packet (KADM_NOMEM, reply);
return;
}
@ -898,21 +899,21 @@ decode_packet(krb5_context context,
&kadm_handle);
if (ret) {
krb5_warn (context, ret, "kadm5_init_with_password_ctx");
make_you_loose_packet (KADM_NOMEM, reply);
make_you_lose_packet (KADM_NOMEM, reply);
goto out;
}
checksum = des_quad_cksum((void *)(msg + off), NULL, rlen, 0, &ad.session);
if(checksum != ad.checksum) {
krb5_warnx(context, "decode_packet: bad checksum");
make_you_loose_packet (KADM_BAD_CHK, reply);
make_you_lose_packet (KADM_BAD_CHK, reply);
goto out;
}
des_set_key(&ad.session, schedule);
ret = krb_rd_priv(msg + off, rlen, schedule, &ad.session,
client_addr, admin_addr, &msg_dat);
if (ret) {
make_you_loose_packet (ERROR_TABLE_BASE_krb + ret, reply);
make_you_lose_packet (ERROR_TABLE_BASE_krb + ret, reply);
krb5_warnx(context, "krb_rd_priv: %d", ret);
goto out;
}
@ -931,7 +932,7 @@ decode_packet(krb5_context context,
schedule, &ad.session,
admin_addr, client_addr);
if((ssize_t)reply->length < 0) {
make_you_loose_packet(KADM_NO_ENCRYPT, reply);
make_you_lose_packet(KADM_NO_ENCRYPT, reply);
goto out;
}
}

121
crypto/heimdal/kdc/524.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997-2002 Kungliga Tekniska Högskolan
* Copyright (c) 1997-2003 Kungliga Tekniska Högskolan
* (Royal Institute of Technology, Stockholm, Sweden).
* All rights reserved.
*
@ -33,9 +33,11 @@
#include "kdc_locl.h"
RCSID("$Id: 524.c,v 1.25 2002/07/31 09:43:20 joda Exp $");
RCSID("$Id: 524.c,v 1.29 2003/03/17 05:35:47 assar Exp $");
#ifdef KRB4
#ifndef KRB4
#include <krb5-v4compat.h>
#endif
/*
* fetch the server from `t', returning the name in malloced memory in
@ -173,6 +175,94 @@ set_address (EncTicketPart *et,
return 0;
}
static krb5_error_code
encrypt_v4_ticket(void *buf,
size_t len,
krb5_keyblock *skey,
EncryptedData *reply)
{
krb5_crypto crypto;
krb5_error_code ret;
ret = krb5_crypto_init(context, skey, ETYPE_DES_PCBC_NONE, &crypto);
if (ret) {
free(buf);
kdc_log(0, "krb5_crypto_init failed: %s",
krb5_get_err_text(context, ret));
return ret;
}
ret = krb5_encrypt_EncryptedData(context,
crypto,
KRB5_KU_TICKET,
buf,
len,
0,
reply);
krb5_crypto_destroy(context, crypto);
if(ret) {
kdc_log(0, "Failed to encrypt data: %s",
krb5_get_err_text(context, ret));
return ret;
}
return 0;
}
static krb5_error_code
encode_524_response(const char *spn, const EncTicketPart et, const Ticket *t,
hdb_entry *server, EncryptedData *ticket, int *kvno)
{
krb5_error_code ret;
int use_2b;
size_t len;
use_2b = krb5_config_get_bool(context, NULL, "kdc", "use_2b", spn, NULL);
if(use_2b) {
ASN1_MALLOC_ENCODE(EncryptedData,
ticket->cipher.data, ticket->cipher.length,
&t->enc_part, &len, ret);
if (ret) {
kdc_log(0, "Failed to encode v4 (2b) ticket (%s)", spn);
return ret;
}
ticket->etype = 0;
ticket->kvno = NULL;
*kvno = 213; /* 2b's use this magic kvno */
} else {
unsigned char buf[MAX_KTXT_LEN + 4 * 4];
Key *skey;
if (!enable_v4_cross_realm && strcmp (et.crealm, t->realm) != 0) {
kdc_log(0, "524 cross-realm %s -> %s disabled", et.crealm,
t->realm);
return KRB5KDC_ERR_POLICY;
}
ret = encode_v4_ticket(buf + sizeof(buf) - 1, sizeof(buf),
&et, &t->sname, &len);
if(ret){
kdc_log(0, "Failed to encode v4 ticket (%s)", spn);
return ret;
}
ret = get_des_key(server, TRUE, FALSE, &skey);
if(ret){
kdc_log(0, "no suitable DES key for server (%s)", spn);
return ret;
}
ret = encrypt_v4_ticket(buf + sizeof(buf) - len, len,
&skey->key, ticket);
if(ret){
kdc_log(0, "Failed to encrypt v4 ticket (%s)", spn);
return ret;
}
*kvno = server->kvno;
}
return 0;
}
/*
* process a 5->4 request, based on `t', and received `from, addr',
* returning the reply in `reply'
@ -193,6 +283,7 @@ do_524(const Ticket *t, krb5_data *reply,
char *spn = NULL;
unsigned char buf[MAX_KTXT_LEN + 4 * 4];
size_t len;
int kvno;
if(!enable_524) {
ret = KRB5KDC_ERR_POLICY;
@ -251,31 +342,17 @@ do_524(const Ticket *t, krb5_data *reply,
free_EncTicketPart(&et);
goto out;
}
ret = encode_v4_ticket(buf + sizeof(buf) - 1, sizeof(buf),
&et, &t->sname, &len);
ret = encode_524_response(spn, et, t, server, &ticket, &kvno);
free_EncTicketPart(&et);
if(ret){
kdc_log(0, "Failed to encode v4 ticket (%s)", spn);
goto out;
}
ret = get_des_key(server, TRUE, FALSE, &skey);
if(ret){
kdc_log(0, "no suitable DES key for server (%s)", spn);
goto out;
}
ret = encrypt_v4_ticket(buf + sizeof(buf) - len, len,
skey->key.keyvalue.data, &ticket);
if(ret){
kdc_log(0, "Failed to encrypt v4 ticket (%s)", spn);
goto out;
}
out:
/* make reply */
memset(buf, 0, sizeof(buf));
sp = krb5_storage_from_mem(buf, sizeof(buf));
krb5_store_int32(sp, ret);
if(ret == 0){
krb5_store_int32(sp, server->kvno); /* is this right? */
krb5_store_int32(sp, kvno);
krb5_store_data(sp, ticket.cipher);
/* Aargh! This is coded as a KTEXT_ST. */
krb5_storage_seek(sp, MAX_KTXT_LEN - ticket.cipher.length, SEEK_CUR);
@ -292,5 +369,3 @@ do_524(const Ticket *t, krb5_data *reply,
free_ent (server);
return ret;
}
#endif /* KRB4 */

8
crypto/heimdal/kdc/Makefile.am
View File

@ -1,4 +1,4 @@
# $Id: Makefile.am,v 1.43 2001/08/28 08:31:27 assar Exp $
# $Id: Makefile.am,v 1.44 2003/01/14 05:47:06 lha Exp $
include $(top_srcdir)/Makefile.am.common
@ -20,9 +20,9 @@ kstash_SOURCES = kstash.c headers.h
string2key_SOURCES = string2key.c headers.h
if KRB4
krb4_sources = 524.c kerberos4.c kaserver.c rx.h
krb4_sources = kaserver.c rx.h
else
krb4_sources =
krb4_sources =
endif
kdc_SOURCES = \
@ -33,6 +33,8 @@ kdc_SOURCES = \
log.c \
main.c \
misc.c \
524.c \
kerberos4.c \
$(krb4_sources)

Some files were not shown because too many files have changed in this diff Show More