* klogind.M: Document things a little better, including new

	options controlling hostname manipulation.

	* krlogind.c: Make use of pty_make_sane_hostname() for purposes of
	manipulating hostname to pass to login.  Also unconditionally
	syslog IP address and full hostname of remote host.  Add command
	line options to control such behavior.

	* configure.in: Add arpa/nameser.h to CHECK_HEADERS.

[pullup from trunk]

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/V1_0_BRANCH@11177 dc483132-0cff-0310-8789-dd5450dbe970

4 files changed, 90 insertions, 32 deletions

diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog
index 5e8964a..c8338b3 100644
--- a/src/appl/bsd/ChangeLog
+++ b/src/appl/bsd/ChangeLog
@@ -1,3 +1,15 @@
+Wed Feb 17 17:24:11 1999  Tom Yu  <tlyu@mit.edu>
+
+	* klogind.M: Document things a little better, including new
+	options controlling hostname manipulation.
+
+	* krlogind.c: Make use of pty_make_sane_hostname() for purposes of
+	manipulating hostname to pass to login.  Also unconditionally
+	syslog IP address and full hostname of remote host.  Add command
+	line options to control such behavior.
+
+	* configure.in: Add arpa/nameser.h to CHECK_HEADERS.
+
 Fri Feb 12 10:20:20 1999  Theodore Y. Ts'o  <tytso@mit.edu>
 
 	* login.c (read_env_vars_from_file): Fix so that it uses
diff --git a/src/appl/bsd/configure.in b/src/appl/bsd/configure.in
index 8f53b87..3621985 100644
--- a/src/appl/bsd/configure.in
+++ b/src/appl/bsd/configure.in
@@ -82,7 +82,7 @@ AC_FUNC_CHECK(tcsetpgrp,AC_DEFINE(HAVE_TCSETPGRP))
 AC_FUNC_CHECK(setpgid,AC_DEFINE(HAVE_SETPGID))
 AC_CHECK_HEADERS(unistd.h stdlib.h string.h sys/filio.h sys/sockio.h )
 AC_CHECK_HEADERS(sys/label.h sys/tty.h ttyent.h lastlog.h sys/select.h )
-AC_CHECK_HEADERS(sys/ptyvar.h utmp.h sys/time.h)
+AC_CHECK_HEADERS(sys/ptyvar.h utmp.h sys/time.h arpa/nameser.h)
 AC_HEADER_STDARG
 AC_REPLACE_FUNCS(getdtablesize)
 KRB5_SIGTYPE
diff --git a/src/appl/bsd/klogind.M b/src/appl/bsd/klogind.M
index 3db26c8..d03a538 100644
--- a/src/appl/bsd/klogind.M
+++ b/src/appl/bsd/klogind.M
@@ -10,7 +10,11 @@ klogind \- remote login server
 .SH SYNOPSIS
 .B klogind
 [
-.B \-kr54cpPe
+.B \-kr54cpPesI
+]
+[
+.B \-u
+.I utmp_hostname_length
 ]
 .SH DESCRIPTION
 .I Klogind
@@ -124,6 +128,21 @@ size changes from the client are propagated to the pseudo terminal.
 
 .PP
 .I Klogind
+supports the following options to control the form of the hostname
+passed to the login program:
+
+.IP \fB-u\ utmp_hostname_length\fP
+Set the maximum length of hostname passed to login to
+\fIutmp_hostname_length\fP bytes, including terminating nul.
+
+.IP \fB-I\fP
+Always pass a numeric IP address to login.
+
+.IP \fB-s\fP
+Don't strip the local domain off hostnames.
+
+.PP
+.I Klogind
 supports three options which are used for testing
 purposes:
 
diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c
index e260aac..131cdcb 100644
--- a/src/appl/bsd/krlogind.c
+++ b/src/appl/bsd/krlogind.c
@@ -246,7 +246,7 @@ krb5_ccache ccache = NULL;
 
 krb5_keytab keytab = NULL;
 
-#define ARGSTR	"k54ciepPD:S:M:L:?"
+#define ARGSTR	"k54ciepPD:S:M:L:u:Is?"
 #else /* !KERBEROS */
 #define ARGSTR	"rpPD:?"
 #define (*des_read)  read
@@ -274,11 +274,20 @@ char *login_program = LOGIN_PROGRAM;
 #define	UT_NAMESIZE	sizeof(((struct utmp *)0)->ut_name)
 #endif
 
+#if HAVE_ARPA_NAMESER_H
+#include <arpa/nameser.h>
+#endif
+
+#ifndef MAXDNAME
+#define MAXDNAME 256 /*per the rfc*/
+#endif
+
 char		lusername[UT_NAMESIZE+1];
 char		rusername[UT_NAMESIZE+1];
 char            *krusername = 0;
 char		term[64];
-char            rhost_name[128];
+char            rhost_name[MAXDNAME];
+char		rhost_addra[16];
 krb5_principal  client;
 
 int	reapchild();
@@ -314,6 +323,10 @@ int auth_ok = 0, auth_sent = 0;
 int do_encrypt = 0, passwd_if_fail = 0, passwd_req = 0;
 int checksum_required = 0, checksum_ignored = 0;
 
+int stripdomain = 1;
+int maxhostlen = 0;
+int always_ip = 0;
+
 int main(argc, argv)
      int argc;
      char **argv;
@@ -411,6 +424,15 @@ int main(argc, argv)
 	case 'L':
 	  login_program = optarg;
 	  break;
+        case 'u':
+	  maxhostlen = atoi(optarg);
+	  break;
+        case 'I':
+	  always_ip = 1;
+	  break;
+        case 's':
+	  stripdomain = 0;
+	  break;
 	case '?':
 	default:
 	  usage();
@@ -515,7 +537,9 @@ void doit(f, fromp)
     struct sigaction sa;
 #endif
     int retval;
-int syncpipe[2];
+    char *rhost_sane;
+    int syncpipe[2];
+
     netf = -1;
     alarm(60);
     read(f, &c, 1);
@@ -539,18 +563,14 @@ int syncpipe[2];
     fromp->sin_port = ntohs((u_short)fromp->sin_port);
     hp = gethostbyaddr((char *) &fromp->sin_addr, sizeof (struct in_addr),
 		       fromp->sin_family);
-    if (hp == 0) {
-	/*
-	 * Only the name is used below.
-	 */
-	sprintf(rhost_name,"%s",inet_ntoa(fromp->sin_addr));
-    }
-    
-    /* Save hostent information.... */
-    else {
+    strncpy(rhost_addra, inet_ntoa(fromp->sin_addr), sizeof (rhost_addra));
+    rhost_addra[sizeof (rhost_addra) -1] = '\0';
+    if (hp != NULL) {
+	/* Save hostent information.... */
 	strncpy(rhost_name,hp->h_name,sizeof (rhost_name));
 	rhost_name[sizeof (rhost_name) - 1] = '\0';
-    }
+    } else
+	rhost_name[0] = '\0';
     
     if (fromp->sin_family != AF_INET)
       fatal(f, "Permission denied - Malformed from address\n");
@@ -573,7 +593,7 @@ int syncpipe[2];
     
 #if defined(KERBEROS)
     /* All validation, and authorization goes through do_krb_login() */
-    do_krb_login(rhost_name);
+    do_krb_login(rhost_addra, rhost_name);
 #else
     getstr(f, rusername, sizeof(rusername), "remuser");
     getstr(f, lusername, sizeof(lusername), "locuser");
@@ -663,11 +683,13 @@ int syncpipe[2];
 	pwd = (struct passwd *) getpwnam(lusername);
 	if (pwd && (pwd->pw_uid == 0)) {
 	    if (passwd_req)
-	      syslog(LOG_NOTICE, "ROOT login by %s (%s@%s) forcing password access",
-		     krusername ? krusername : "", rusername, rhost_name);
+	      syslog(LOG_NOTICE, "ROOT login by %s (%s@%s (%s)) forcing password access",
+		     krusername ? krusername : "",
+		     rusername, rhost_addra, rhost_name);
 	    else
-	      syslog(LOG_NOTICE, "ROOT login by %s (%s@%s) ", 
-		     krusername ? krusername : "", rusername, rhost_name);
+	      syslog(LOG_NOTICE, "ROOT login by %s (%s@%s (%s))", 
+		     krusername ? krusername : "",
+		     rusername, rhost_addra, rhost_name);
 	}
 #ifdef KERBEROS
 #if defined(LOG_REMOTE_REALM) && !defined(LOG_OTHER_USERS) && !defined(LOG_ALL_LOGINS)
@@ -688,14 +710,14 @@ int syncpipe[2];
 	{
 	    if (passwd_req)
 	      syslog(LOG_NOTICE,
-		     "login by %s (%s@%s) as %s forcing password access\n",
+		     "login by %s (%s@%s (%s)) as %s forcing password access",
 		     krusername ? krusername : "", rusername,
-		     rhost_name, lusername);
+		     rhost_addra, rhost_name, lusername);
 	    else 
 	      syslog(LOG_NOTICE,
-		     "login by %s (%s@%s) as %s\n",
+		     "login by %s (%s@%s (%s)) as %s",
 		     krusername ? krusername : "", rusername,
-		     rhost_name, lusername); 
+		     rhost_addra, rhost_name, lusername); 
 	}
 #endif /* LOG_REMOTE_REALM || LOG_OTHER_USERS || LOG_ALL_LOGINS */
 #endif /* KERBEROS */
@@ -718,15 +740,20 @@ int syncpipe[2];
             *cp = '\0';
         setenv("TERM",term, 1);
     }
- 
+
+    retval = pty_make_sane_hostname(fromp, maxhostlen,
+				    stripdomain, always_ip,
+				    &rhost_sane);
+    if (retval)
+        fatalperror(2, "failed make_sane_hostname");
     if (passwd_req)
-        execl(login_program, "login", "-p", "-h", rhost_name,
+        execl(login_program, "login", "-p", "-h", rhost_sane,
           lusername, 0);
     else
-        execl(login_program, "login", "-p", "-h", rhost_name,
+        execl(login_program, "login", "-p", "-h", rhost_sane,
              "-f", lusername, 0);
 #else /* USE_LOGIN_F */
-	execl(login_program, "login", "-r", rhost_name, 0);
+	execl(login_program, "login", "-r", rhost_sane, 0);
 #endif /* USE_LOGIN_F */
 	
 	fatalperror(2, login_program);
@@ -1059,8 +1086,8 @@ void fatalperror(f, msg)
 #ifdef KERBEROS
 
 void
-do_krb_login(host)
-     char *host;
+do_krb_login(host_addr, hostname)
+     char *host_addr, *hostname;
 {
     krb5_error_code status;
     struct passwd *pwd;
@@ -1078,8 +1105,8 @@ do_krb_login(host)
 	  krb5_free_ticket(bsd_context, ticket);
 	if (status != 255)
 	  syslog(LOG_ERR,
-		 "Authentication failed from %s: %s\n",
-		 host,error_message(status));
+		 "Authentication failed from %s (%s): %s\n",host_addr,
+		 hostname,error_message(status));
 	fatal(netf, "Kerberos authentication failed");
 	return;
     }