Commit Graph

167 Commits

Author SHA1 Message Date
ache
ad266c215d Fix original patch error with ! before strncmp
Zap only needed LD_* variables
1995-10-20 22:17:35 +00:00
ache
c0765b5449 Don't allow LD_* env. variables to be tricked
Submitted by: Sam Hartman <hartmans@mit.edu>
1995-10-20 17:16:58 +00:00
gibbs
651cbee0db Remove MAKE_EBONES conditionals. They were originally placed here because
of missing functionality in our libkrb which is no longer a problem.
1995-10-11 00:04:09 +00:00
gibbs
6c453c40e2 Bump SHLIB_MINOR for krb_get_local_addr() and krb_bind_local_addr() 1995-10-06 17:37:54 +00:00
gibbs
2734551417 Kerberos can now deal with multi-homed clients.
Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions.  This ensures
that packets only leave the *authenticated* interface.  Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos.  krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.

Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
1995-10-05 21:30:21 +00:00
gibbs
c24015b33a Add -L paths for all locally built eBones libraries. Many of the programs
already did this, but this catches the straglers.
1995-09-26 02:36:08 +00:00
gibbs
1ca520567d Remove duplicate rkinit_err.c entry in the SRCS line. 1995-09-24 02:33:42 +00:00
markm
33b2777297 Correct a lie in the man pages: /etc/athena/srvtab -> /etc/kerberosIV/srvtab 1995-09-17 07:58:21 +00:00
gibbs
de534c054e The problem. If the first request to kerberos is not a ticket
request, it cores due to using the unitialized global req_name_ptr
pointer.  -Wall does not reveal this.

Repeat by having an old valid ticket and start kerberos.  rsh to
a non-realm system.

Also intialize lifetime to DEFAULT_TKT_LIFE and kerno to KSUCCESS since
they can be refernced before being initialized.

Submitted by:	John Capo <jc@irbs.com>
1995-09-17 00:39:00 +00:00
gibbs
ba56b5eab2 Fix printf formatting error %ls -> %s. 1995-09-16 23:11:25 +00:00
markm
4ce7c21e07 Bring in a hand written replacement for MIT's file of the same name.
Reviewed by:Justin Gibbs
1995-09-16 20:44:27 +00:00
gibbs
8d7d06f373 Add TELNETOBJDIR and CRYPTOBJDIR for use in LDADD entries. This makes
secure reference the libraries that were just build instead of in /usr/lib.
1995-09-16 03:04:10 +00:00
gibbs
8129a3ad8a Integrate rkinit into the build. 1995-09-15 06:20:48 +00:00
gibbs
3914c1eb2c Integrate rkinitd into the build. 1995-09-15 06:20:38 +00:00
gibbs
229fa11c1c Fix this file for the last time. My last diff was screwed up. 1995-09-15 06:20:23 +00:00
gibbs
3e43ac2079 Integrate librkinit into the build. 1995-09-15 06:19:31 +00:00
gibbs
fb67be7d56 Header files for the rkinit suite. 1995-09-15 06:19:14 +00:00
gibbs
af49d3bfec Fix the most blatant -Wall errors. 1995-09-15 06:18:56 +00:00
gibbs
6669165a88 This commit was generated by cvs2svn to compensate for changes in r10768,
which included commits to RCS files with non-trunk default branches.
1995-09-15 06:13:43 +00:00
gibbs
2dea3346f8 Server side of the rkinit package.
Obtained from: MIT
1995-09-15 06:13:43 +00:00
gibbs
a4d149d00d This commit was generated by cvs2svn to compensate for changes in r10766,
which included commits to RCS files with non-trunk default branches.
1995-09-15 06:11:53 +00:00
gibbs
fc1c0beceb Rkinit allows you to safely forward tickets to other kerberos hosts.
Obtained from: MIT
1995-09-15 06:11:53 +00:00
gibbs
5dd04a74e2 This commit was generated by cvs2svn to compensate for changes in r10764,
which included commits to RCS files with non-trunk default branches.
1995-09-15 06:09:30 +00:00
gibbs
3796a8e458 MIT's librkinit. Part of the rkinit suite. Rkinit allows you to forward
tickets to other kerberos hosts safely in one easy step.
1995-09-15 06:09:30 +00:00
gibbs
958c14faa7 Enable kerberosIV authentication/encryption conditionalized on MAKE_EBONES. 1995-09-14 21:29:21 +00:00
gibbs
684e425bda Enable kerberosIV authentication/encryption conditionalized on MAKE_EBONES.
Fix up some of the des calls to be compatible with eBones.
1995-09-14 21:29:08 +00:00
gibbs
cf0a73f08e Prototypes for the function in new_rnd_key.c from the mit des library. 1995-09-14 21:12:42 +00:00
gibbs
14686b252e Bring in new_rnd_key.c from the mit des library. This gives folks in the
U.S. the ability to build a secure telnet.  Mark is already working on
emultating these function in the export tree, but it will be a while yet.

Kill MISSING since the missing functions are here now.
1995-09-14 21:12:16 +00:00
gibbs
2844f37986 Bring back the multi-homed server fixes from revision 1.6. They got
klobered when the formating changes were "undone".
1995-09-14 20:58:35 +00:00
gibbs
7bb3401166 Forgot to bring this patch over. 1995-09-14 19:52:28 +00:00
gibbs
599a0e919c Fix a few problems with the depend target.
Pointed out by: Mark Murray <markm>
1995-09-14 18:16:18 +00:00
gibbs
cc805a44bb Bmake fixes for eBones. 1995-09-14 04:11:21 +00:00
gibbs
1c0f9ec334 Don't cast die with (__sighandler_t *) when its passed to signal(). Instead
have die take an int arg that it never uses.
1995-09-14 04:08:58 +00:00
gibbs
f0975436e0 Bmake fixes for the eBones tree. 1995-09-14 04:06:18 +00:00
gibbs
52c50c3fbd Actually install des.h. We haven't been for a while now. 1995-09-14 04:04:24 +00:00
gibbs
659217d7b0 des_check_key_parity and des_fixup_key_parity go by other names in eBones'
des.  I've added #defines for them, so they are no longer "missing".
1995-09-14 04:02:38 +00:00
gibbs
9f3a6c1d50 Bring back Makefile.inc and give it a better rules for dealing with the
.et files.
1995-09-14 04:00:59 +00:00
markm
6158455f1e added Makefile.inc in the necessary places.
Pointed out by: Garrett Wollman
Obtained from: equivalent directoies rooted in src/
1995-09-13 17:47:41 +00:00
markm
a0abe974dc After the Great eBones Repository Copy (tm), make ebones actually
compile
1) remove rubbish no longer needed
2) correct existing Makefiles
3) add new makefiles where needed
4) correct code, header files and man pages where necessary

PLEASE NOTE - after this you will need to make install in eBones/include,
and mamake obj depend all install in eBones/lib before doing a
make obj depend all install in eBones/. (I am going 6to fix src/Makefile
next)
PS - I hate slow international links - apologies for all the typos
1995-09-13 17:24:36 +00:00
dg
1ae004d611 sys_term.c: killed sleep(1) as this should no longer be a problem with
the move of startslave().
telnetd.c: fix bug introduced with the move of startslave()...the number
of arguments was wrong and "level" and "user_name" had to be made globals.
1995-09-11 21:02:02 +00:00
markm
2539acf77b Major cleanup of eBones code:
- Get all functions prototyped or at least defined before use.
- Make code compile (Mostly) clean with -Wall set
- Start to reduce the degree to which DES aka libdes is built in.
- get all functions to the same uniform standard of definition:
int
foo(a, b)
int a;
int *b;
{
   :
}
- fix numerous bugs exposed by above processes.

Note - this replaces the previous work which used an unpopular function
 definition style.
1995-09-07 21:39:00 +00:00
gibbs
1ca77c224f Save and check against all address of kerberos servers. This completes
the fixes for multi-homed kerberos servers.  We're still debating on how
we want to fix the client side.

Reviewed by: Garrett Wollman <wollman>, Mark Murray <markm>
Obtained from: Dieter Dworkin Muller <dworkin@village.org> (small changes by me)
1995-09-06 03:47:14 +00:00
pst
14ad5aa657 Move erase cleanup outside linemode conditional 1995-09-06 02:03:36 +00:00
pst
8693020356 Avoid race condition with telnet options processing (login: prompt lost).
Submitted by:	John Capo & Peter Wemm
1995-09-05 19:31:06 +00:00
pst
b68227ec08 Set erase character for login: prompt.
Submitted by:	Peter Wemm & John Capo
1995-09-05 19:30:05 +00:00
pst
059d76f5fe Do NOT compile with -DKLUDGELINEMODE...hoses many telnet clients 1995-08-28 17:55:08 +00:00
markm
22605bdc30 Remove register, registerd & make_keypair until thedes library is moved. m 1995-08-26 13:46:12 +00:00
markm
a7aa8d3019 Allow the kerberos utilities and kerberised code to still find des.h in
the old place. This corrects an upgrade that sneaked through too early.
1995-08-26 12:45:06 +00:00
markm
a83b802bad Start the eBones cleanup ball rolling.
These are the start of a lot of work to clean up the FreeBSD eBones code.
these changes include, but are not limited to:
- Create prototypes for all the library routines
- Make all the libraries compile clean with -Wall set
- Fix numerous small bugs shown up in the above process
- Prepare the code for libdes's removal to secure/
- add register, registerd and make_keypair to the make
Lots more will follow in days to come.

OK'ed by: rgrimes
1995-08-25 22:52:32 +00:00
ache
f87a14f2ec Comment out LDADD+=-ldescrypt, it is not yet active due to
missng defines for krb4encpwd and rsaencpwd and missing rsa library too.
1995-08-05 19:10:25 +00:00
ache
3e9799b158 Nuke one __FreeBSD__ left out
Reviewed by:
Submitted by:
Obtained from:
1995-08-04 03:02:30 +00:00
ache
25dcf9aae3 Change default banner to FreeBSD, properly ifdefed by __FreeBSD__
Reviewed by:
Submitted by:
Obtained from:
1995-08-04 00:12:08 +00:00
pst
4f18ad34c1 Update manual page to reflect "empty password" usage. 1995-08-03 16:23:12 +00:00
pst
f1d988f454 Null password should ask for random 1995-08-02 23:15:12 +00:00
pst
8d218a37bd Make the DB/DBM routines generic (ifdef FreeBSD considered evil), and
also fix a string allocation bug.

Submitted by: Havard Eidnes
1995-08-02 23:08:18 +00:00
pst
109eb67c2a Program to receive and process a new kerberos database (this is run on
the slave server).

NOTE: This code should not be built, there is no documentation, and this
      method of database transfer is highly suboptimal.  It's here just
      for those of us who actually have multiple K4 servers and want
      something more secure than the other distribution mechanisms.

Obtained from: MIT Project Athena
1995-08-02 22:14:27 +00:00
pst
4273a0f56f This commit was generated by cvs2svn to compensate for changes in r9866,
which included commits to RCS files with non-trunk default branches.
1995-08-02 22:14:27 +00:00
pst
ca1e73f49a Import an updated revision of the MIT kprop program for distributing
kerberos databases to slave servers.

NOTE: This method was abandoned by MIT long ago, this code is close to
      garbage,  but it is slightly more secure than using rdist.
      There is no documentation available on how to use it, and
      it should -not- be built by default.

Obtained from:	MIT Project Athena
1995-08-02 22:11:44 +00:00
pst
019d88ee9f This commit was generated by cvs2svn to compensate for changes in r9864,
which included commits to RCS files with non-trunk default branches.
1995-08-02 22:11:44 +00:00
gibbs
81842686f9 Make kadmind safe to run on multi-homed machines.
Reviewed by: Garrett A. Wollman (wollman@FreeBSD.org)
1995-08-02 18:31:08 +00:00
ache
5bd836c190 Final cleanup pass through Makefiles, now this stuff
autodetect kerberos/eBones and work even with eBones,
but with reduced functionality (don't pick up des/krb stuff
in this case)
1995-07-24 22:55:59 +00:00
ache
2abb3f187a Add -ldescrypt, or wrong crypt version can be picked from libc
Reviewed by:
Submitted by:
Obtained from:
1995-07-24 22:01:01 +00:00
ache
02f285eeb1 Add LDADD+= -ldescrypt
Reviewed by:
Submitted by:
Obtained from:
1995-07-24 21:57:58 +00:00
ache
7e1e5231a4 Move -ldes under kerb stuff, my fault
Reviewed by:
Submitted by:
Obtained from:
1995-07-24 21:49:06 +00:00
ache
8d6cb97e95 Since this stuff not works with eBones, ifdef kerberos stuff
with MAKE_KERBEROS to allow other things to live
Reviewed by:
Submitted by:
Obtained from:
1995-07-24 21:47:30 +00:00
ache
96d8cee523 Since this stuff not works with eBones, ifdef kerberos stuff
with MAKE_KERBEROS to allow other things to live
Submitted by:
Obtained from:
1995-07-24 21:38:32 +00:00
ache
cb87a42d33 Add comment about new_rnd_key.c module needed from original
libdes (and not present in eBones libdes)
1995-07-24 21:12:57 +00:00
ache
dcde8b5f80 Add comment about new_rbd_key.c module needed from
original libdes
1995-07-24 21:10:47 +00:00
ache
0551b03e78 Fix dependances, typing errors, etc.
Note: this thing need original libdes not Eric Young libdes from eBones
Submitted by:
Obtained from:
1995-07-24 20:40:03 +00:00
ache
2bad985464 Fix many bogus things, typing error, dependance errors, etc.,
now it compiles.
Note: this stuff requires original libdes, not libdes from
Eric Yang which we have in eBones.
1995-07-24 20:29:12 +00:00
rgrimes
8a414a2663 date: 1995/07/12 13:10:58; author: jkh; state: Exp; lines: +3 -2
Sync with Mark M's latest suggestions.
Submitted by:   markm

[This is being pulled from RELENG_2_0_5, it was commited there after the
release, and we need it here and in RELENG_2_1_0, it will be cvs admin -o'ed
off the RELENG_2_0_5 branch after this commit.]
1995-07-22 04:24:05 +00:00
pst
5b689f15e4 When hostname len > 8, name replaced with dot notation when -u flag
not specified (default case).
Use _PATH_* for utmp/wtmp.

Support for >32 PTYs.
>Submitted by:   Heikki Suonsivu <hsu@cs.hut.fi>

Plug already known security hole. (Brought over from 1.1.5):
Fixed security problem with telnetd, which allowed
   telnet -l -hcert.org localhost
to change the user's host in utmp.
Thanks to Matthew Green <mrgreen@@mame.mu.oz.au> for showing me this one.

>Reviewed by:    karl, guido
>Submitted by:   mrgreen@mame.mu.oz.au

Obtained from:	FreeBSD insecure telnetd
1995-07-20 12:35:01 +00:00
pst
d1a257b33a The final negotiation of DO_BINARY in the LINEMODE portion of the telnetd code
causes some clients that do not support linemode to mis-interpret the return
key (i.e. double returns).
The fix is to only do the state check for binary options if linemode will
be used.
Closes PR#505.

Submitted by:   Charles Henrich
Obtained from:	FreeBSD insecure telnetd
1995-07-20 12:32:40 +00:00
pst
d6b93135e2 Update telnet to the 95.05.31 release.
Obtained from:	Dave Borman <dab@cray.com>
1995-07-20 11:40:06 +00:00
rgrimes
1b1ee55538 Merge RELENG_2_0_5 into HEAD 1995-06-11 19:33:05 +00:00
rgrimes
a14d555c87 Remove trailing whitespace. 1995-05-30 06:41:30 +00:00
rgrimes
f3a2b348da Remove trailing whitespace. 1995-05-30 06:12:45 +00:00
wollman
bf8c6b4473 Make certain that random keys havethe correct parity, for interoperation with
MIT v4 implementations.

Submitted by: Reece R. Pollack <reece@eco.twg.com>
1995-05-09 18:05:15 +00:00
dima
937577d030 Security fixes.
CERT Advisory CA-95:03.telnet.encryption

Obtained from: CERT
1995-02-17 03:57:00 +00:00
ache
e9a95dfcb4 Build kpasswd from normal passwd sources now
Submitted by: mark@grondar.za
1995-02-11 18:25:38 +00:00
jkh
3e142d3ad3 Various documentation changes.
Submitted by:	Mark Murray <mark@grondar.za>
1995-02-08 10:54:30 +00:00
ache
b987bbd152 Fix database deletion, we don't have .dir & .pag, use .db instead 1995-01-25 19:57:27 +00:00
ache
ef8fdd5889 Fix database rename, we don't have .dr & .pag, use .db instead 1995-01-25 19:45:25 +00:00
gibbs
98c3cd0728 Less expensive fix for the freeing of uninitialized fields in the hostdata
struct.  Simply test the "no_host" variable, which if true implies that
the hostdata contains bogus data, and act accordingly.
1995-01-25 06:37:33 +00:00
gibbs
a7eba01d13 bzero hostdata in send_to_kdc so that if we immediately jump to the
cleanup routine, we don't look at bogus data to determine wheter or not
to free the fields of the hostdata struct.  This cures the "klogin segfaults
when no kerberos servers are availible" problem.
1995-01-25 05:40:00 +00:00
ache
b25561d1a5 Add missing newline (or messages concatenated) 1995-01-25 02:27:00 +00:00
wollman
fed6081509 Print out error messages from libkadm correctly (i.e., using com_err). 1995-01-23 22:54:08 +00:00
wollman
f9ad4845f2 Add ksrvutil. 1995-01-20 22:40:02 +00:00
wollman
6e5293dd67 Add last piece in fully-functional Kerberos implementation: ksrvutil,
a program to manage /etc/srvtab.
1995-01-20 22:38:30 +00:00
wollman
6ba13d9dd9 Added Kerberized passwd. 1995-01-20 22:16:47 +00:00
wollman
c74adccd45 Password-changing program with Kerberos support via the `kadmin'
protocol.  Replaces passwd(1) when eBones is installed.  As before, HOW-TO
explains the gory details.
1995-01-20 22:14:14 +00:00
wollman
3ea71288af Fix bonehead /usr/lib -> /usr/bin. 1995-01-20 22:08:14 +00:00
wollman
726f15bcce Add kadmind. 1995-01-20 03:13:48 +00:00
wollman
cba76fbeed Add kadmind. HOW-TO documents how to get here from raw eBones. 1995-01-20 03:13:00 +00:00
wollman
736fb60fc3 Add kadmin. 1995-01-20 02:49:47 +00:00
wollman
0ad24dc095 The user side of the kadmin protocol. HOW-TO describes how to recreate
this based just on the eBones distribution.
1995-01-20 02:47:50 +00:00
wollman
c0e7198471 Add the library used by kadmin' and kadmind'. Oddly enough, this
little library is actually exportable (we think) even though it's pretty
useless iwithout the (non-exportable) clients.
1995-01-20 02:02:54 +00:00
wollman
97daf1a19a Don't install kadm.h from here; it's done by the libkadm directory. 1995-01-20 02:01:11 +00:00
wollman
fdec3ba7fb Do all libraries first. Don't do `include' twice. 1995-01-20 02:00:34 +00:00
wollman
b907b7bf50 Don't break existing users of libkrb.so.2.0 who aren't using libcom_err. 1995-01-20 01:44:47 +00:00