diff options
Diffstat (limited to 'src/appl')
38 files changed, 530 insertions, 304 deletions
diff --git a/src/appl/ChangeLog b/src/appl/ChangeLog index 572f2b3..265179e 100644 --- a/src/appl/ChangeLog +++ b/src/appl/ChangeLog @@ -1,3 +1,7 @@ +2004-02-09 Ken Raeburn <raeburn@mit.edu> + + * configure.in: Check for sys/time.h and time.h. + 2003-01-10 Ken Raeburn <raeburn@mit.edu> * configure.in: Use V5_AC_OUTPUT_MAKEFILE instead of diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index 3034001..d072fa7 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,3 +1,32 @@ +2003-08-29 Ken Raeburn <raeburn@mit.edu> + + * krshd.c (ignore_signals): Split out from cleanup(). + (doit): Call it when the shell process has completed, before + calling syslog. + +2003-05-23 Ken Raeburn <raeburn@mit.edu> + + * configure.in: Don't use libkrb524.a any more. + * login.c: Don't include krb524.h. + (try_convert524): Don't call krb524_init_ets. + +2003-05-09 Tom Yu <tlyu@mit.edu> + + * krcp.c (main): Rename getlocalsubkey -> getsendsubkey. + + * krlogin.c (main): Rename getlocalsubkey -> getsendsubkey. + + * krlogind.c (recvauth): Rename getremotesubkey -> getrecvsubkey. + + * krsh.c (main): Rename getlocalsubkey -> getsendsubkey. + + * krshd.c (recvauth): Rename getremotesubkey -> getrecvsubkey. + +2003-04-08 Ken Raeburn <raeburn@mit.edu> + + * krshd.c (main): Use LOG_AUTH syslog facility, not LOG_DAEMON, + for consistency with krlogind.c. + 2003-03-04 Ken Raeburn <raeburn@mit.edu> * compat_recv.c: Only include krb.h if KRB5_KRB4_COMPAT. diff --git a/src/appl/bsd/Makefile.in b/src/appl/bsd/Makefile.in index 0b08025..5abbaba 100644 --- a/src/appl/bsd/Makefile.in +++ b/src/appl/bsd/Makefile.in @@ -105,56 +105,60 @@ $(OUTPRE)krcp.$(OBJEXT): krcp.c $(BUILDTOP)/include/krb5.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h defines.h \ $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/socket-utils.h + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-platform.h $(OUTPRE)krlogin.$(OBJEXT): krlogin.c $(BUILDTOP)/include/krb5.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ $(BUILDTOP)/include/profile.h defines.h $(SRCTOP)/include/fake-addrinfo.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/socket-utils.h rpaths.h + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-platform.h \ + rpaths.h $(OUTPRE)krsh.$(OBJEXT): krsh.c $(BUILDTOP)/include/krb5.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ $(BUILDTOP)/include/profile.h defines.h $(SRCTOP)/include/fake-addrinfo.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/socket-utils.h + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-platform.h $(OUTPRE)kcmd.$(OBJEXT): kcmd.c $(BUILDTOP)/include/krb5.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ $(BUILDTOP)/include/profile.h defines.h $(SRCTOP)/include/fake-addrinfo.h \ $(SRCTOP)/include/port-sockets.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(SRCTOP)/include/socket-utils.h + $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/k5-platform.h $(OUTPRE)forward.$(OBJEXT): forward.c $(SRCTOP)/include/k5-int.h \ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/profile.h defines.h $(SRCTOP)/include/fake-addrinfo.h + defines.h $(SRCTOP)/include/fake-addrinfo.h $(OUTPRE)compat_recv.$(OBJEXT): compat_recv.c $(SRCTOP)/include/k5-int.h \ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ - defines.h $(SRCTOP)/include/fake-addrinfo.h + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(KRB_ERR_H_DEP) defines.h $(SRCTOP)/include/fake-addrinfo.h $(OUTPRE)login.$(OBJEXT): login.c $(BUILDTOP)/include/libpty.h \ $(SRCTOP)/include/syslog.h $(SRCTOP)/include/k5-int.h \ $(BUILDTOP)/include/krb5/osconf.h $(BUILDTOP)/include/krb5/autoconf.h \ - $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \ + $(COM_ERR_DEPS) $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ $(SRCTOP)/include/socket-utils.h $(SRCTOP)/include/krb5/kdb.h \ - $(BUILDTOP)/include/profile.h $(SRCTOP)/include/kerberosIV/krb.h \ - $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ - $(KRB524_H_DEP) $(KRB524_ERR_H_DEP) loginpaths.h + $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/kerberosIV/des.h \ + $(KRB_ERR_H_DEP) loginpaths.h $(OUTPRE)krshd.$(OBJEXT): krshd.c $(BUILDTOP)/include/libpty.h \ $(SRCTOP)/include/syslog.h $(BUILDTOP)/include/krb5.h \ $(COM_ERR_DEPS) loginpaths.h $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ $(BUILDTOP)/include/profile.h $(SRCTOP)/include/k5-util.h \ $(BUILDTOP)/include/krb5/autoconf.h defines.h $(SRCTOP)/include/fake-addrinfo.h \ - $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h + $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/include/k5-platform.h $(OUTPRE)krlogind.$(OBJEXT): krlogind.c $(SRCTOP)/include/syslog.h \ $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ - $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \ + $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/libpty.h \ $(SRCTOP)/include/k5-util.h defines.h diff --git a/src/appl/bsd/configure.in b/src/appl/bsd/configure.in index 8f4a16b..7bfc68e 100644 --- a/src/appl/bsd/configure.in +++ b/src/appl/bsd/configure.in @@ -62,8 +62,7 @@ if test $withval = no; then V4RCP= V4RCPO= else - AC_MSG_RESULT(Adding in krb4 support) - LOGINLIBS="../../krb524/libkrb524.a $LOGINLIBS" + AC_MSG_RESULT(Adding in krb4 rcp support) V4RCP=v4rcp V4RCPO=v4rcp.o fi diff --git a/src/appl/bsd/krcp.c b/src/appl/bsd/krcp.c index 5ad6a25..707985a 100644 --- a/src/appl/bsd/krcp.c +++ b/src/appl/bsd/krcp.c @@ -480,9 +480,9 @@ int main(argc, argv) try_normal(orig_argv); /* doesn't return */ if (!similar) { - status = krb5_auth_con_getlocalsubkey (bsd_context, - auth_context, - &key); + status = krb5_auth_con_getsendsubkey (bsd_context, + auth_context, + &key); if ((status || !key) && encryptflag) try_normal(orig_argv); } @@ -599,9 +599,9 @@ int main(argc, argv) krb5_keyblock *key = &cred->keyblock; if (kcmd_proto == KCMD_NEW_PROTOCOL) { - status = krb5_auth_con_getlocalsubkey (bsd_context, - auth_context, - &key); + status = krb5_auth_con_getsendsubkey (bsd_context, + auth_context, + &key); if (status) { com_err (argv[0], status, "determining subkey for session"); diff --git a/src/appl/bsd/krlogin.c b/src/appl/bsd/krlogin.c index c497dc2..a1e63a6 100644 --- a/src/appl/bsd/krlogin.c +++ b/src/appl/bsd/krlogin.c @@ -702,8 +702,8 @@ main(argc, argv) if (kcmd_proto == KCMD_NEW_PROTOCOL) { do_inband = 1; - status = krb5_auth_con_getlocalsubkey (bsd_context, auth_context, - &key); + status = krb5_auth_con_getsendsubkey (bsd_context, auth_context, + &key); if ((status || !key) && encrypt_flag) try_normal(orig_argv); } diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c index 82e5601..d2979e1 100644 --- a/src/appl/bsd/krlogind.c +++ b/src/appl/bsd/krlogind.c @@ -1537,7 +1537,7 @@ recvauth(valid_checksum) return status; key = 0; - status = krb5_auth_con_getremotesubkey (bsd_context, auth_context, &key); + status = krb5_auth_con_getrecvsubkey (bsd_context, auth_context, &key); if (status) fatal (netf, "Server can't get session subkey"); if (!key && do_encrypt && kcmd_proto == KCMD_NEW_PROTOCOL) diff --git a/src/appl/bsd/krsh.c b/src/appl/bsd/krsh.c index 3f8273e..bd9c205 100644 --- a/src/appl/bsd/krsh.c +++ b/src/appl/bsd/krsh.c @@ -411,8 +411,8 @@ main(argc, argv0) krb5_keyblock *key = &cred->keyblock; if (kcmd_proto == KCMD_NEW_PROTOCOL) { - status = krb5_auth_con_getlocalsubkey (bsd_context, auth_context, - &key); + status = krb5_auth_con_getsendsubkey (bsd_context, auth_context, + &key); if (status) { com_err (argv[0], status, "determining subkey for session"); exit (1); diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c index 2a67b76..9fde43d 100644 --- a/src/appl/bsd/krshd.c +++ b/src/appl/bsd/krshd.c @@ -303,10 +303,10 @@ int main(argc, argv) #ifndef LOG_ODELAY /* 4.2 syslog */ openlog(progname, LOG_PID); #else -#ifndef LOG_DAEMON -#define LOG_DAEMON 0 +#ifndef LOG_AUTH +#define LOG_AUTH 0 #endif - openlog(progname, LOG_PID | LOG_ODELAY, LOG_DAEMON); + openlog(progname, LOG_PID | LOG_ODELAY, LOG_AUTH); #endif /* 4.2 syslog */ #ifdef KERBEROS @@ -535,9 +535,8 @@ int auth_sys = 0; /* Which version of Kerberos used to authenticate */ #define KRB5_RECVAUTH_V4 4 #define KRB5_RECVAUTH_V5 5 -static krb5_sigtype -cleanup(signumber) - int signumber; +static void +ignore_signals() { #ifdef POSIX_SIGNALS struct sigaction sa; @@ -561,6 +560,13 @@ cleanup(signumber) killpg(pid, SIGTERM); #endif +} + +static krb5_sigtype +cleanup(signumber) + int signumber; +{ + ignore_signals(); wait(0); pty_logwtmp(ttyn,"",""); @@ -1302,13 +1308,14 @@ void doit(f, fromp) } else if (wcc != cc) { syslog(LOG_INFO, "only wrote %d/%d to child", wcc, cc); - } - } + } + } } } while ((port&&FD_ISSET(s, &readfrom)) || FD_ISSET(f, &readfrom) || (port&&FD_ISSET(pv[0], &readfrom) )|| FD_ISSET(pw[0], &readfrom)); + ignore_signals(); #ifdef KERBEROS syslog(LOG_INFO , "Shell process completed."); @@ -1962,8 +1969,8 @@ recvauth(netfd, peersin, valid_checksum) { krb5_keyblock *key; - status = krb5_auth_con_getremotesubkey (bsd_context, auth_context, - &key); + status = krb5_auth_con_getrecvsubkey (bsd_context, auth_context, + &key); if (status) fatal (netfd, "Server can't get session subkey"); if (!key && do_encrypt && kcmd_proto == KCMD_NEW_PROTOCOL) diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c index 5b56037..8259046 100644 --- a/src/appl/bsd/login.c +++ b/src/appl/bsd/login.c @@ -181,10 +181,6 @@ typedef sigtype (*handler)(); #include <arpa/resolv.h> #endif /* BIND_HACK */ -#ifdef KRB4_CONVERT -#include <krb524.h> -#endif - /* Hacks to maintain compatability with Athena libkrb*/ #ifndef HAVE_KRB_SAVE_CREDENTIALS #define krb_save_credentials save_credentials @@ -654,9 +650,6 @@ try_convert524(kctx, me, use_ccache) CREDENTIALS v4creds; - /* or do this directly with krb524_convert_creds_kdc */ - krb524_init_ets(kctx); - /* If we have forwarded v5 tickets, retrieve the credentials from * the cache; otherwise, the v5 credentials are in my_creds. */ diff --git a/src/appl/configure.in b/src/appl/configure.in index ab7559f..abee28d 100644 --- a/src/appl/configure.in +++ b/src/appl/configure.in @@ -3,6 +3,8 @@ CONFIG_RULES AC_PROG_INSTALL AC_CHECK_HEADERS(unistd.h stdlib.h string.h) AC_C_CONST +dnl gss-misc.c needs this: +AC_CHECK_HEADERS(sys/time.h time.h) dnl dnl Kludge for simple server --- FIXME is this the best way to do this? dnl diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog index 50b003c..fae9684 100644 --- a/src/appl/gss-sample/ChangeLog +++ b/src/appl/gss-sample/ChangeLog @@ -1,8 +1,35 @@ +2004-02-10 Jeffrey Altman <jaltman@mit.edu> + + * gss-client.c: Remove extraneous parameters from + client_establish_context() + +2004-02-06 Jeffrey Altman <jaltman@mit.edu> + + * Update usage() for gss-client + +2004-02-06 Jeffrey Altman <jaltman@mit.edu> + + * Add new command line switches to the gss-client + to support the use of GSS_C_SEQUENCE_FLAG or to + disable the use of either GSS_C_MUTUAL_FLAG or + GSS_C_REPLAY_FLAG + +2004-01-31 Ken Raeburn <raeburn@mit.edu> + + * gss-misc.c: Include sys/time.h or time.h, to get struct timeval + declaration. + +2004-01-30 Jeffrey Altman <jaltman@mit.edu> + + * gss-misc.c (read_all): Add call to select() so we don't block forever + + * gss-server.c (main): Add missing "export" parameter to second sign_server() + 2003-01-08 Sam Hartman <hartmans@mit.edu> * gss-misc.c (recv_token): Support reading 0 token flags as part of length - * gss-client.c : Support a -v1 argument meaning that no token flags are used o, + * gss-client.c : Support a -v1 argument meaning that no token flags are used, * gss-misc.c (send_token): If token flags are null, do not send them. diff --git a/src/appl/gss-sample/README b/src/appl/gss-sample/README index 8fc7cfe..dc51fca 100644 --- a/src/appl/gss-sample/README +++ b/src/appl/gss-sample/README @@ -84,7 +84,8 @@ is used). The command-line options have the following meanings: The client's command line usage is gss-client [-port port] [-mech mechanism] [-d] [-f] [-q] - [-ccount count] [-mcount count] [-na] [-nw] [-nx] [-nm] + [-seq] [-noreplay] [-nomutual] + [-ccount count] [-mcount count] [-na] [-nw] [-nx] [-nm] host service_name msg where host is the host running the server, service_name is the service @@ -105,6 +106,14 @@ the following meanings: credential cache (you must have acquired your tickets with "kinit -f" for this to work). +-seq Tells the client to enforce ordered message delivery via + sequencing. + +-noreplay Tells the client to disable the use of replay + detection. + +-nomutual Tells the client to disable the use of mutual authentication. + -f Tells the client that the "msg" argument is actually the name of a file whose contents should be used as the message. diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c index a66c0c9..93b5eb3 100644 --- a/src/appl/gss-sample/gss-client.c +++ b/src/appl/gss-sample/gss-client.c @@ -19,6 +19,29 @@ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ +/* + * Copyright (C) 2003, 2004 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ #include <stdio.h> #include <stdlib.h> @@ -46,6 +69,7 @@ static int verbose = 1; static void usage() { fprintf(stderr, "Usage: gss-client [-port port] [-mech mechanism] [-d]\n"); + fprintf(stderr, " [-seq] [-noreplay] [-nomutual]\n"); fprintf(stderr, " [-f] [-q] [-ccount count] [-mcount count]\n"); fprintf(stderr, " [-v1] [-na] [-nw] [-nx] [-nm] host service msg\n"); exit(1); @@ -106,11 +130,12 @@ static int connect_to_server(host, port) * * Arguments: * - * s (r) an established TCP connection to the service - * service_name (r) the ASCII service name of the service - * deleg_flag (r) GSS-API delegation flag (if any) + * s (r) an established TCP connection to the service + * service_name(r) the ASCII service name of the service + * gss_flags (r) GSS-API delegation flag (if any) * auth_flag (r) whether to actually do authentication - * oid (r) OID of the mechanism to use + * v1_format (r) whether the v1 sample protocol should be used + * oid (r) OID of the mechanism to use * context (w) the established GSS-API context * ret_flags (w) the returned flags from init_sec_context * @@ -128,12 +153,12 @@ static int connect_to_server(host, port) * unsuccessful, the GSS-API error messages are displayed on stderr * and -1 is returned. */ -static int client_establish_context(s, service_name, deleg_flag, auth_flag, +static int client_establish_context(s, service_name, gss_flags, auth_flag, v1_format, oid, gss_context, ret_flags) int s; char *service_name; gss_OID oid; - OM_uint32 deleg_flag; + OM_uint32 gss_flags; int auth_flag; int v1_format; gss_ctx_id_t *gss_context; @@ -191,8 +216,7 @@ static int client_establish_context(s, service_name, deleg_flag, auth_flag, gss_context, target_name, oid, - GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG | - deleg_flag, + gss_flags, 0, NULL, /* no channel bindings */ token_ptr, @@ -301,7 +325,7 @@ static void read_file(file_name, in_buf) * host (r) the host providing the service * port (r) the port to connect to on host * service_name (r) the GSS-API service name to authenticate to - * deleg_flag (r) GSS-API delegation flag (if any) + * gss_flags (r) GSS-API delegation flag (if any) * auth_flag (r) whether to do authentication * wrap_flag (r) whether to do message wrapping at all * encrypt_flag (r) whether to do encryption while wrapping @@ -320,14 +344,14 @@ static void read_file(file_name, in_buf) * reads back a GSS-API signature block for msg from the server, and * verifies it with gss_verify. -1 is returned if any step fails, * otherwise 0 is returned. */ -static int call_server(host, port, oid, service_name, deleg_flag, auth_flag, +static int call_server(host, port, oid, service_name, gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file, mcount) char *host; u_short port; gss_OID oid; char *service_name; - OM_uint32 deleg_flag; + OM_uint32 gss_flags; int auth_flag, wrap_flag, encrypt_flag, mic_flag; int v1_format; char *msg; @@ -357,7 +381,7 @@ static int call_server(host, port, oid, service_name, deleg_flag, auth_flag, return -1; /* Establish context */ - if (client_establish_context(s, service_name, deleg_flag, auth_flag, + if (client_establish_context(s, service_name, gss_flags, auth_flag, v1_format, oid, &context, &ret_flags) < 0) { (void) close(s); @@ -581,7 +605,8 @@ int main(argc, argv) char *mechanism = 0; u_short port = 4444; int use_file = 0; - OM_uint32 deleg_flag = 0, min_stat; + OM_uint32 gss_flags = GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG; + OM_uint32 min_stat; gss_OID oid = GSS_C_NULL_OID; int mcount = 1, ccount = 1; int i; @@ -603,7 +628,13 @@ int main(argc, argv) if (!argc) usage(); mechanism = *argv; } else if (strcmp(*argv, "-d") == 0) { - deleg_flag = GSS_C_DELEG_FLAG; + gss_flags |= GSS_C_DELEG_FLAG; + } else if (strcmp(*argv, "-seq") == 0) { + gss_flags |= GSS_C_SEQUENCE_FLAG; + } else if (strcmp(*argv, "-noreplay") == 0) { + gss_flags &= ~GSS_C_REPLAY_FLAG; + } else if (strcmp(*argv, "-nomutual") == 0) { + gss_flags &= ~GSS_C_MUTUAL_FLAG; } else if (strcmp(*argv, "-f") == 0) { use_file = 1; } else if (strcmp(*argv, "-q") == 0) { @@ -644,7 +675,7 @@ int main(argc, argv) for (i = 0; i < ccount; i++) { if (call_server(server_host, port, oid, service_name, - deleg_flag, auth_flag, wrap_flag, encrypt_flag, mic_flag, + gss_flags, auth_flag, wrap_flag, encrypt_flag, mic_flag, v1_format, msg, use_file, mcount) < 0) exit(1); } diff --git a/src/appl/gss-sample/gss-misc.c b/src/appl/gss-sample/gss-misc.c index 183306c..1347a54 100644 --- a/src/appl/gss-sample/gss-misc.c +++ b/src/appl/gss-sample/gss-misc.c @@ -19,6 +19,29 @@ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ +/* + * Copyright (C) 2003, 2004 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ #if !defined(lint) && !defined(__CODECENTER__) static char *rcsid = "$Header$"; @@ -39,6 +62,13 @@ static char *rcsid = "$Header$"; #endif #include <string.h> +/* need struct timeval */ +#ifdef HAVE_SYS_TIME_H +#include <sys/time.h> +#else +#include <time.h> +#endif + #include <gssapi/gssapi_generic.h> #include "gss-misc.h" @@ -77,21 +107,31 @@ static int write_all(int fildes, char *buf, unsigned int nbyte) static int read_all(int fildes, char *buf, unsigned int nbyte) { - int ret; - char *ptr; + int ret; + char *ptr; + fd_set rfds; + struct timeval tv; - for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) { - ret = recv(fildes, ptr, nbyte, 0); - if (ret < 0) { - if (errno == EINTR) - continue; - return(ret); - } else if (ret == 0) { - return(ptr-buf); - } - } + FD_ZERO(&rfds); + FD_SET(fildes, &rfds); + tv.tv_sec = 10; + tv.tv_usec = 0; - return(ptr-buf); + for (ptr = buf; nbyte; ptr += ret, nbyte -= ret) { + if (select(FD_SETSIZE, &rfds, NULL, NULL, &tv) <= 0 + || !FD_ISSET(fildes, &rfds)) + return(ptr-buf); + ret = recv(fildes, ptr, nbyte, 0); + if (ret < 0) { + if (errno == EINTR) + continue; + return(ret); + } else if (ret == 0) { + return(ptr-buf); + } + } + + return(ptr-buf); } /* diff --git a/src/appl/gss-sample/gss-server.c b/src/appl/gss-sample/gss-server.c index b3229f1..e5adc61 100644 --- a/src/appl/gss-sample/gss-server.c +++ b/src/appl/gss-sample/gss-server.c @@ -19,6 +19,29 @@ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR * PERFORMANCE OF THIS SOFTWARE. */ +/* + * Copyright (C) 2004 by the Massachusetts Institute of Technology. + * All rights reserved. + * + * Export of this software from the United States of America may + * require a specific license from the United States Government. + * It is the responsibility of any person or organization contemplating + * export to obtain such a license before exporting. + * + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + * distribute this software and its documentation for any purpose and + * without fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright notice and + * this permission notice appear in supporting documentation, and that + * the name of M.I.T. not be used in advertising or publicity pertaining + * to distribution of the software without specific, written prior + * permission. Furthermore if you modify this software you must label + * your software as modified software and not distribute it in such a + * fashion that it might be confused with the original M.I.T. software. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" without express + * or implied warranty. + */ #include <stdio.h> #ifdef _WIN32 @@ -388,147 +411,147 @@ static int sign_server(s, server_creds, export) gss_cred_id_t server_creds; int export; { - gss_buffer_desc client_name, xmit_buf, msg_buf; - gss_ctx_id_t context; - OM_uint32 maj_stat, min_stat; - int i, conf_state, ret_flags; - char *cp; - int token_flags; - - /* Establish a context with the client */ - if (server_establish_context(s, server_creds, &context, - &client_name, &ret_flags) < 0) - return(-1); - - if (context == GSS_C_NO_CONTEXT) { - printf("Accepted unauthenticated connection.\n"); - } - else { - printf("Accepted connection: \"%.*s\"\n", - (int) client_name.length, (char *) client_name.value); - (void) gss_release_buffer(&min_stat, &client_name); - - if (export) { - for (i=0; i < 3; i++) - if (test_import_export_context(&context)) - return -1; - } - } - - do { - /* Receive the message token */ - if (recv_token(s, &token_flags, &xmit_buf) < 0) - return(-1); - - if (token_flags & TOKEN_NOOP) { - if (log) - fprintf(log, "NOOP token\n"); - if(xmit_buf.value) { - free(xmit_buf.value); - xmit_buf.value = 0; - } - break; - } - - if (verbose && log) { - fprintf(log, "Message token (flags=%d):\n", token_flags); - print_token(&xmit_buf); - } - - if ((context == GSS_C_NO_CONTEXT) && - (token_flags & (TOKEN_WRAPPED|TOKEN_ENCRYPTED|TOKEN_SEND_MIC))) { - if (log) - fprintf(log, - "Unauthenticated client requested authenticated services!\n"); - if(xmit_buf.value) { - free (xmit_buf.value); - xmit_buf.value = 0; - } - return(-1); - } - - if (token_flags & TOKEN_WRAPPED) { - maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf, - &conf_state, (gss_qop_t *) NULL); - if (maj_stat != GSS_S_COMPLETE) { - display_status("unsealing message", maj_stat, min_stat); - if(xmit_buf.value) { - free (xmit_buf.value); - xmit_buf.value = 0; - } - return(-1); - } else if (! conf_state && (token_flags & TOKEN_ENCRYPTED)) { - fprintf(stderr, "Warning! Message not encrypted.\n"); - } - - if(xmit_buf.value) { - free (xmit_buf.value); - xmit_buf.value = 0; - } - } - else { - msg_buf = xmit_buf; - } - - if (log) { - fprintf(log, "Received message: "); - cp = msg_buf.value; - if ((isprint((int) cp[0]) || isspace((int) cp[0])) && - (isprint((int) cp[1]) || isspace((int) cp[1]))) { - fprintf(log, "\"%.*s\"\n", (int) msg_buf.length, - (char *) msg_buf.value); - } else { - fprintf(log, "\n"); - print_token(&msg_buf); - } - } - - if (token_flags & TOKEN_SEND_MIC) { - /* Produce a signature block for the message */ - maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT, - &msg_buf, &xmit_buf); - if (maj_stat != GSS_S_COMPLETE) { - display_status("signing message", maj_stat, min_stat); - return(-1); - } - - if(msg_buf.value) { - free (msg_buf.value); - msg_buf.value = 0; - } - - /* Send the signature block to the client */ - if (send_token(s, TOKEN_MIC, &xmit_buf) < 0) - return(-1); - - if(xmit_buf.value) { - free (xmit_buf.value); - xmit_buf.value = 0; - } - } - else { - if(msg_buf.value) { - free (msg_buf.value); - msg_buf.value = 0; - } - if (send_token(s, TOKEN_NOOP, empty_token) < 0) - return(-1); - } - } while (1 /* loop will break if NOOP received */); - - if (context != GSS_C_NO_CONTEXT) { - /* Delete context */ - maj_stat = gss_delete_sec_context(&min_stat, &context, NULL); - if (maj_stat != GSS_S_COMPLETE) { - display_status("deleting context", maj_stat, min_stat); - return(-1); - } - } - - if (log) - fflush(log); - - return(0); + gss_buffer_desc client_name, xmit_buf, msg_buf; + gss_ctx_id_t context; + OM_uint32 maj_stat, min_stat; + int i, conf_state, ret_flags; + char *cp; + int token_flags; + + /* Establish a context with the client */ + if (server_establish_context(s, server_creds, &context, + &client_name, &ret_flags) < 0) + return(-1); + + if (context == GSS_C_NO_CONTEXT) { + printf("Accepted unauthenticated connection.\n"); + } + else { + printf("Accepted connection: \"%.*s\"\n", + (int) client_name.length, (char *) client_name.value); + (void) gss_release_buffer(&min_stat, &client_name); + + if (export) { + for (i=0; i < 3; i++) + if (test_import_export_context(&context)) + return -1; + } + } + + do { + /* Receive the message token */ + if (recv_token(s, &token_flags, &xmit_buf) < 0) + return(-1); + + if (token_flags & TOKEN_NOOP) { + if (log) + fprintf(log, "NOOP token\n"); + if(xmit_buf.value) { + free(xmit_buf.value); + xmit_buf.value = 0; + } + break; + } + + if (verbose && log) { + fprintf(log, "Message token (flags=%d):\n", token_flags); + print_token(&xmit_buf); + } + + if ((context == GSS_C_NO_CONTEXT) && + ( token_flags & (TOKEN_WRAPPED|TOKEN_ENCRYPTED|TOKEN_SEND_MIC))) { + if (log) + fprintf(log, + "Unauthenticated client requested authenticated services!\n"); + if(xmit_buf.value) { + free (xmit_buf.value); + xmit_buf.value = 0; + } + return(-1); + } + + if (token_flags & TOKEN_WRAPPED) { + maj_stat = gss_unwrap(&min_stat, context, &xmit_buf, &msg_buf, + &conf_state, (gss_qop_t *) NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("unsealing message", maj_stat, min_stat); + if(xmit_buf.value) { + free (xmit_buf.value); + xmit_buf.value = 0; + } + return(-1); + } else if (! conf_state && (token_flags & TOKEN_ENCRYPTED)) { + fprintf(stderr, "Warning! Message not encrypted.\n"); + } + + if(xmit_buf.value) { + free (xmit_buf.value); + xmit_buf.value = 0; + } + } + else { + msg_buf = xmit_buf; + } + + if (log) { + fprintf(log, "Received message: "); + cp = msg_buf.value; + if ((isprint((int) cp[0]) || isspace((int) cp[0])) && + (isprint((int) cp[1]) || isspace((int) cp[1]))) { + fprintf(log, "\"%.*s\"\n", (int) msg_buf.length, + (char *) msg_buf.value); + } else { + fprintf(log, "\n"); + print_token(&msg_buf); + } + } + + if (token_flags & TOKEN_SEND_MIC) { + /* Produce a signature block for the message */ + maj_stat = gss_get_mic(&min_stat, context, GSS_C_QOP_DEFAULT, + &msg_buf, &xmit_buf); + if (maj_stat != GSS_S_COMPLETE) { + display_status("signing message", maj_stat, min_stat); + return(-1); + } + + if(msg_buf.value) { + free (msg_buf.value); + msg_buf.value = 0; + } + + /* Send the signature block to the client */ + if (send_token(s, TOKEN_MIC, &xmit_buf) < 0) + return(-1); + + if(xmit_buf.value) { + free (xmit_buf.value); + xmit_buf.value = 0; + } + } + else { + if(msg_buf.value) { + free (msg_buf.value); + msg_buf.value = 0; + } + if (send_token(s, TOKEN_NOOP, empty_token) < 0) + return(-1); + } + } while (1 /* loop will break if NOOP received */); + + if (context != GSS_C_NO_CONTEXT) { + /* Delete context */ + maj_stat = gss_delete_sec_context(&min_stat, &context, NULL); + if (maj_stat != GSS_S_COMPLETE) { + display_status("deleting context", maj_stat, min_stat); + return(-1); + } + } + + if (log) + fflush(log); + + return(0); } int @@ -612,7 +635,7 @@ main(argc, argv) } /* this return value is not checked, because there's not really anything to do if it fails */ - sign_server(s, server_creds); + sign_server(s, server_creds, export); close(s); } while (!once); diff --git a/src/appl/gssftp/ChangeLog b/src/appl/gssftp/ChangeLog index 9f184f7..2a6a5fd 100644 --- a/src/appl/gssftp/ChangeLog +++ b/src/appl/gssftp/ChangeLog @@ -1,3 +1,13 @@ +2003-06-05 Sam Hartman <hartmans@mit.edu> + + * configure.in: Don't check for vfork as we no longer use it + +2003-05-23 Ken Raeburn <raeburn@mit.edu> + + * configure.in: Don't use libkrb524.a any more. + * ftpd.c: Don't include krb524.h. + (main): Don't call krb524_init_ets. + 2003-01-10 Ken Raeburn <raeburn@mit.edu> * configure.in: Use V5_AC_OUTPUT_MAKEFILE instead of diff --git a/src/appl/gssftp/configure.in b/src/appl/gssftp/configure.in index 35ca40e..bf6d3b8 100644 --- a/src/appl/gssftp/configure.in +++ b/src/appl/gssftp/configure.in @@ -12,7 +12,6 @@ DECLARE_SYS_ERRLIST AC_CHECK_SIZEOF(short) AC_CHECK_SIZEOF(int) AC_CHECK_SIZEOF(long) -AC_FUNC_VFORK AC_HEADER_STDARG AC_CHECK_HEADER(termios.h,[AC_CHECK_FUNC(cfsetispeed,AC_DEFINE(POSIX_TERMIOS))]) AC_CHECK_HEADERS(unistd.h stdlib.h string.h sys/select.h sys/sockio.h paths.h) @@ -53,19 +52,6 @@ AC_MSG_RESULT($krb5_cv_shadow_pwd) if test $krb5_cv_shadow_pwd = yes; then AC_DEFINE(HAVE_SHADOW) fi -AC_ARG_WITH([krb4], -[ --without-krb4 don't include Kerberos V4 backwards compatibility - --with-krb4 use V4 libraries included with V5 (default) - --with-krb4=KRB4DIR use preinstalled V4 libraries], -, -withval=yes -)dnl -if test $withval = no; then - AC_MSG_RESULT(no krb4 support) -else - AC_MSG_RESULT(Adding in krb4 support) - FTPD_LIBS="../../../krb524/libkrb524.a" -fi case $krb5_cv_host in alpha*-dec-osf*) AC_CHECK_LIB(security,setluid, diff --git a/src/appl/gssftp/ftp/ChangeLog b/src/appl/gssftp/ftp/ChangeLog index ba67eb5..445734f 100644 --- a/src/appl/gssftp/ftp/ChangeLog +++ b/src/appl/gssftp/ftp/ChangeLog @@ -1,3 +1,16 @@ +2003-06-16 Ken Raeburn <raeburn@mit.edu> + + * ftp.c (recvrequest): Add new argument indicating whether "-" and + "|..." special treatment should be disabled. + * ftp_var.h (recvrequest): Update declaration. + * cmds.c (remglob, ls, mls): Pass 0 as the extra argument. + (mget): Pass 1. + (getit): Pass 1 iff only one filename was supplied. + +2003-06-05 Sam Hartman <hartmans@mit.edu> + + * pclose.c (mypopen): use fork not vfork + 2003-01-09 Ken Raeburn <raeburn@mit.edu> * ftp.c (hookup, initconn, dataconn): Use socklen_t when passing diff --git a/src/appl/gssftp/ftp/cmds.c b/src/appl/gssftp/ftp/cmds.c index 38d7214..b9cb2a2 100644 --- a/src/appl/gssftp/ftp/cmds.c +++ b/src/appl/gssftp/ftp/cmds.c @@ -940,7 +940,7 @@ usage: } recvrequest("RETR", argv[2], argv[1], rmode, - argv[1] != oldargv1 || argv[2] != oldargv2); + argv[1] != oldargv1 || argv[2] != oldargv2, loc); restart_point = 0; return (0); } @@ -1017,7 +1017,7 @@ void mget(argc, argv) tp = domap(tp); } recvrequest("RETR", tp, cp, "w", - tp != cp || !interactive); + tp != cp || !interactive, 1); if (!mflag && fromatty) { ointer = interactive; interactive = 1; @@ -1085,7 +1085,7 @@ remglob(argv,doswitch) pswitch(!proxy); } for (rmode = "w"; *++argv != NULL; rmode = "a") - recvrequest ("NLST", temp, *argv, rmode, 0); + recvrequest ("NLST", temp, *argv, rmode, 0, 0); if (doswitch) { pswitch(!proxy); } @@ -1455,7 +1455,7 @@ void ls(argc, argv) code = -1; return; } - recvrequest(cmd, argv[2], argv[1], "w", 0); + recvrequest(cmd, argv[2], argv[1], "w", 0, 0); } /* @@ -1493,7 +1493,7 @@ usage: (void) setjmp(jabort); for (i = 1; mflag && i < argc-1; ++i) { *rmode = (i == 1) ? 'w' : 'a'; - recvrequest(cmd, dest, argv[i], rmode, 0); + recvrequest(cmd, dest, argv[i], rmode, 0, 0); if (!mflag && fromatty) { ointer = interactive; interactive = 1; diff --git a/src/appl/gssftp/ftp/ftp.c b/src/appl/gssftp/ftp/ftp.c index ffbb42c..155f857 100644 --- a/src/appl/gssftp/ftp/ftp.c +++ b/src/appl/gssftp/ftp/ftp.c @@ -1103,7 +1103,7 @@ abortrecv(int sig) } void recvrequest(char *cmd, char *volatile local, char *remote, char *lmode, - int printnames) + int printnames, int fnameonly) { FILE *volatile fout, *volatile din = 0, *popen(); int (*volatile closefunc)(), pclose(), fclose(); @@ -1149,7 +1149,7 @@ void recvrequest(char *cmd, char *volatile local, char *remote, char *lmode, return; } oldintr = signal(SIGINT, abortrecv); - if (strcmp(local, "-") && *local != '|') { + if (fnameonly || (strcmp(local, "-") && *local != '|')) { if (access(local, 2) < 0) { char *dir = strrchr(local, '/'); @@ -1223,9 +1223,9 @@ void recvrequest(char *cmd, char *volatile local, char *remote, char *lmode, din = dataconn("r"); if (din == NULL) goto die; - if (strcmp(local, "-") == 0) + if (strcmp(local, "-") == 0 && !fnameonly) fout = stdout; - else if (*local == '|') { + else if (*local == '|' && !fnameonly) { #ifdef SIGPIPE oldintp = signal(SIGPIPE, SIG_IGN); #endif diff --git a/src/appl/gssftp/ftp/ftp_var.h b/src/appl/gssftp/ftp/ftp_var.h index 4448448..9baa047 100644 --- a/src/appl/gssftp/ftp/ftp_var.h +++ b/src/appl/gssftp/ftp/ftp_var.h @@ -249,7 +249,7 @@ void setpassive (void); /* ftp.c */ void sendrequest (char *, char *, char *, int); -void recvrequest (char *, char *volatile, char *, char *, int); +void recvrequest (char *, char *volatile, char *, char *, int, int); int login (char *); void setpbsz (unsigned int); void pswitch (int); diff --git a/src/appl/gssftp/ftp/pclose.c b/src/appl/gssftp/ftp/pclose.c index 04e481b..5d6a5aa 100644 --- a/src/appl/gssftp/ftp/pclose.c +++ b/src/appl/gssftp/ftp/pclose.c @@ -15,9 +15,6 @@ static char sccsid[] = "@(#)pclose.c 1.1 90/04/28 SMI"; /* from UCB 1.2 3/7/86 * #include <signal.h> #include <sys/param.h> #include <sys/wait.h> -#ifdef HAVE_VFORK_H -#include <vfork.h> -#endif #define sig_t my_sig_t #define sigtype krb5_sigtype typedef sigtype (*sig_t)(); @@ -60,7 +57,7 @@ mypopen(cmd,mode) return (NULL); myside = tst(p[WTR], p[RDR]); hisside = tst(p[RDR], p[WTR]); - if ((pid = vfork()) == 0) { + if ((pid = fork()) == 0) { /* myside and hisside reverse roles in child */ (void) close(myside); if (hisside != tst(0, 1)) { diff --git a/src/appl/gssftp/ftpd/ChangeLog b/src/appl/gssftp/ftpd/ChangeLog index c940e01..7381476 100644 --- a/src/appl/gssftp/ftpd/ChangeLog +++ b/src/appl/gssftp/ftpd/ChangeLog @@ -1,3 +1,11 @@ +2003-06-05 Sam Hartman <hartmans@mit.edu> + + * popen.c (ftpd_popen): Use fork not vfork + +2003-04-23 Ken Raeburn <raeburn@mit.edu> + + * ftpd.c: Don't declare errno. + 2003-01-03 Ken Raeburn <raeburn@mit.edu> * ftpd.c (auth_data): Kerberos v4 checksum must be a 32-bit diff --git a/src/appl/gssftp/ftpd/Makefile.in b/src/appl/gssftp/ftpd/Makefile.in index e62ae10..ba68b22 100644 --- a/src/appl/gssftp/ftpd/Makefile.in +++ b/src/appl/gssftp/ftpd/Makefile.in @@ -85,8 +85,7 @@ $(OUTPRE)ftpd.$(OBJEXT): ftpd.c $(srcdir)/../arpa/ftp.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/port-sockets.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/krb.h \ $(SRCTOP)/include/kerberosIV/des.h $(KRB_ERR_H_DEP) \ - $(BUILDTOP)/include/profile.h $(KRB524_H_DEP) $(KRB524_ERR_H_DEP) \ - $(SRCTOP)/include/socket-utils.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/profile.h $(BUILDTOP)/include/gssapi/gssapi.h \ $(BUILDTOP)/include/gssapi/gssapi_generic.h $(BUILDTOP)/include/gssapi/gssapi_krb5.h \ ftpd_var.h secure.h $(OUTPRE)ftpcmd.$(OBJEXT): ftpcmd.c $(srcdir)/../arpa/ftp.h \ diff --git a/src/appl/gssftp/ftpd/ftpd.c b/src/appl/gssftp/ftpd/ftpd.c index 7fd7899..2a09bf3 100644 --- a/src/appl/gssftp/ftpd/ftpd.c +++ b/src/appl/gssftp/ftpd/ftpd.c @@ -130,7 +130,6 @@ extern int yyparse(void); #ifdef KRB5_KRB4_COMPAT #include <krb5.h> #include <krb.h> -#include <krb524.h> AUTH_DAT kdata; KTEXT_ST ticket; @@ -170,7 +169,6 @@ int have_creds; /* User has credentials on disk */ #include "ftpd_var.h" #include "secure.h" -extern int errno; extern char *crypt(); extern char version[]; extern char *home; /* pointer to home directory for glob */ @@ -315,9 +313,6 @@ main(argc, argv, envp) #ifdef GSSAPI krb5_init_context(&kcontext); -#ifdef KRB5_KRB4_COMPAT - krb524_init_ets(kcontext); -#endif #endif while ((c = getopt(argc, argv, option_string)) != -1) { diff --git a/src/appl/gssftp/ftpd/popen.c b/src/appl/gssftp/ftpd/popen.c index 317b6fa..e9e5895 100644 --- a/src/appl/gssftp/ftpd/popen.c +++ b/src/appl/gssftp/ftpd/popen.c @@ -46,9 +46,6 @@ static char sccsid[] = "@(#)popen.c 5.9 (Berkeley) 2/25/91"; #include <stdio.h> #include <stdlib.h> #include <string.h> -#ifdef HAVE_VFORK_H -#include <vfork.h> -#endif #include "ftpd_var.h" /* @@ -109,7 +106,7 @@ ftpd_popen(program, type) gargv[gargc] = NULL; iop = NULL; - switch(pid = vfork()) { + switch(pid = fork()) { case -1: /* error */ (void)close(pdes[0]); (void)close(pdes[1]); diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog index 8999274..4f9de7a 100644 --- a/src/appl/telnet/libtelnet/ChangeLog +++ b/src/appl/telnet/libtelnet/ChangeLog @@ -1,3 +1,29 @@ +2003-05-09 Tom Yu <tlyu@mit.edu> + + * kerberos5.c (kerberos5_send): Rename getlocalsubkey -> + getsendsubkey. + (kerberos5_is): Rename getremotesubkey -> getrecvsubkey. + +2003-04-10 Tom Yu <tlyu@mit.edu> + + * Makefile.in: Use library build framework. + + * configure.in: Add support for library build framework. Remove + old explicit checks for ranlib, etc. + +2003-04-09 Tom Yu <tlyu@mit.edu> + + * kerberos.c (kerberos4_status): Always copy in username if + present. Patch from Nathan Neulinger to make "-a user" work. + + * kerberos5.c (kerberos5_status): Always copy in username if + present. Patch from Nathan Neulinger to make "-a user" work. + +2003-04-01 Nalin Dahyabhai <nalin@redhat.com> + + * kerberos5.c (kerberos5_is): Check principal name length before + examining components. + 2003-01-07 Ken Raeburn <raeburn@mit.edu> * Makefile.orig: Deleted. diff --git a/src/appl/telnet/libtelnet/Makefile.in b/src/appl/telnet/libtelnet/Makefile.in index 93986e0..783415b 100644 --- a/src/appl/telnet/libtelnet/Makefile.in +++ b/src/appl/telnet/libtelnet/Makefile.in @@ -32,7 +32,12 @@ LIBOBJS=@LIBOBJS@ SETENVSRC=@SETENVSRC@ SETENVOBJ=@SETENVOBJ@ -LIB= libtelnet.a +LIB=telnet +LIBMAJOR=0 +LIBMINOR=0 +RELDIR=../../../appl/telnet/libtelnet +STOBJLISTS=OBJS.ST + SRCS= $(srcdir)/auth.c \ $(srcdir)/encrypt.c \ $(srcdir)/genget.c \ @@ -52,20 +57,15 @@ SRCS= $(srcdir)/auth.c \ $(srcdir)/strftime.c \ $(srcdir)/strerror.c -OBJS= auth.o encrypt.o genget.o \ +STLIBOBJS= auth.o encrypt.o genget.o \ misc.o kerberos.o kerberos5.o forward.o spx.o enc_des.o \ $(LIBOBJS) getent.o $(SETENVOBJ) TELNET_H= $(srcdir)/../arpa/telnet.h -all:: $(LIB) -$(LIB): $(OBJS) - $(RM) $(LIB) - $(ARADD) $@ $(OBJS) - $(RANLIB) $@ +all:: all-libs -clean:: - $(RM) $(LIB) +clean:: clean-libs clean-libobjs auth.o: $(TELNET_H) auth.o: encrypt.h @@ -88,40 +88,44 @@ enc_des.o: encrypt.h enc_des.o: key-proto.h enc_des.o: misc-proto.h install:: + +# @lib_frag@ +# @libobj_frag@ + # +++ Dependency line eater +++ # # Makefile dependencies follow. This must be the last section in # the Makefile.in file # -$(OUTPRE)auth.$(OBJEXT): auth.c $(srcdir)/../arpa/telnet.h \ +auth.so auth.po $(OUTPRE)auth.$(OBJEXT): auth.c $(srcdir)/../arpa/telnet.h \ encrypt.h enc-proto.h auth.h auth-proto.h misc-proto.h -$(OUTPRE)encrypt.$(OBJEXT): encrypt.c $(srcdir)/../arpa/telnet.h \ +encrypt.so encrypt.po $(OUTPRE)encrypt.$(OBJEXT): encrypt.c $(srcdir)/../arpa/telnet.h \ encrypt.h enc-proto.h misc.h misc-proto.h -$(OUTPRE)genget.$(OBJEXT): genget.c misc.h misc-proto.h -$(OUTPRE)misc.$(OBJEXT): misc.c misc.h misc-proto.h \ +genget.so genget.po $(OUTPRE)genget.$(OBJEXT): genget.c misc.h misc-proto.h +misc.so misc.po $(OUTPRE)misc.$(OBJEXT): misc.c misc.h misc-proto.h \ auth.h auth-proto.h encrypt.h enc-proto.h -$(OUTPRE)kerberos.$(OBJEXT): kerberos.c $(BUILDTOP)/include/krb5.h \ +kerberos.so kerberos.po $(OUTPRE)kerberos.$(OBJEXT): kerberos.c $(BUILDTOP)/include/krb5.h \ $(COM_ERR_DEPS) $(srcdir)/../arpa/telnet.h $(SRCTOP)/include/kerberosIV/des.h \ $(SRCTOP)/include/kerberosIV/krb.h $(KRB_ERR_H_DEP) \ $(BUILDTOP)/include/profile.h encrypt.h enc-proto.h \ auth.h auth-proto.h misc.h misc-proto.h -$(OUTPRE)kerberos5.$(OBJEXT): kerberos5.c $(srcdir)/../arpa/telnet.h \ +kerberos5.so kerberos5.po $(OUTPRE)kerberos5.$(OBJEXT): kerberos5.c $(srcdir)/../arpa/telnet.h \ $(BUILDTOP)/include/krb5.h $(COM_ERR_DEPS) $(SRCTOP)/include/syslog.h \ encrypt.h enc-proto.h auth.h auth-proto.h misc.h misc-proto.h \ krb5forw.h -$(OUTPRE)forward.$(OBJEXT): forward.c $(BUILDTOP)/include/krb5.h \ +forward.so forward.po $(OUTPRE)forward.$(OBJEXT): forward.c $(BUILDTOP)/include/krb5.h \ $(COM_ERR_DEPS) krb5forw.h -$(OUTPRE)spx.$(OBJEXT): spx.c misc-proto.h -$(OUTPRE)enc_des.$(OBJEXT): enc_des.c $(BUILDTOP)/include/krb5.h \ +spx.so spx.po $(OUTPRE)spx.$(OBJEXT): spx.c misc-proto.h +enc_des.so enc_des.po $(OUTPRE)enc_des.$(OBJEXT): enc_des.c $(BUILDTOP)/include/krb5.h \ $(COM_ERR_DEPS) $(srcdir)/../arpa/telnet.h encrypt.h \ enc-proto.h key-proto.h misc-proto.h -$(OUTPRE)setenv.$(OBJEXT): setenv.c misc-proto.h -$(OUTPRE)getent.$(OBJEXT): getent.c gettytab.h -$(OUTPRE)parsetos.$(OBJEXT): parsetos.c misc-proto.h -$(OUTPRE)strdup.$(OBJEXT): strdup.c -$(OUTPRE)strcasecmp.$(OBJEXT): strcasecmp.c -$(OUTPRE)strchr.$(OBJEXT): strchr.c -$(OUTPRE)strrchr.$(OBJEXT): strrchr.c -$(OUTPRE)strftime.$(OBJEXT): strftime.c -$(OUTPRE)strerror.$(OBJEXT): strerror.c +setenv.so setenv.po $(OUTPRE)setenv.$(OBJEXT): setenv.c misc-proto.h +getent.so getent.po $(OUTPRE)getent.$(OBJEXT): getent.c gettytab.h +parsetos.so parsetos.po $(OUTPRE)parsetos.$(OBJEXT): parsetos.c misc-proto.h +strdup.so strdup.po $(OUTPRE)strdup.$(OBJEXT): strdup.c +strcasecmp.so strcasecmp.po $(OUTPRE)strcasecmp.$(OBJEXT): strcasecmp.c +strchr.so strchr.po $(OUTPRE)strchr.$(OBJEXT): strchr.c +strrchr.so strrchr.po $(OUTPRE)strrchr.$(OBJEXT): strrchr.c +strftime.so strftime.po $(OUTPRE)strftime.$(OBJEXT): strftime.c +strerror.so strerror.po $(OUTPRE)strerror.$(OBJEXT): strerror.c diff --git a/src/appl/telnet/libtelnet/configure.in b/src/appl/telnet/libtelnet/configure.in index 8f2434e..8767cd7 100644 --- a/src/appl/telnet/libtelnet/configure.in +++ b/src/appl/telnet/libtelnet/configure.in @@ -1,8 +1,5 @@ AC_INIT(auth.c) CONFIG_RULES -AC_PROG_ARCHIVE -AC_PROG_ARCHIVE_ADD -AC_PROG_RANLIB AC_REPLACE_FUNCS([strcasecmp strdup setsid strerror strftime getopt herror parsetos]) AC_CHECK_FUNCS(setenv unsetenv getenv gettosbyname cgetent) AC_CHECK_HEADERS(stdlib.h string.h unistd.h) @@ -23,4 +20,6 @@ else AC_MSG_RESULT(Kerberos 4 authentication enabled) AC_DEFINE(KRB4) fi +KRB5_BUILD_LIBRARY_STATIC +KRB5_BUILD_LIBOBJS V5_AC_OUTPUT_MAKEFILE diff --git a/src/appl/telnet/libtelnet/kerberos.c b/src/appl/telnet/libtelnet/kerberos.c index 56a0731..8d4c7f3 100644 --- a/src/appl/telnet/libtelnet/kerberos.c +++ b/src/appl/telnet/libtelnet/kerberos.c @@ -612,10 +612,17 @@ kerberos4_status(ap, kname, level) if (level < AUTH_USER) return(level); - if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { + /* + * Always copy in UserNameRequested if the authentication + * is valid, because the higher level routines need it. + */ + if (UserNameRequested) { /* the name buffer comes from telnetd/telnetd{-ktd}.c */ strncpy(kname, UserNameRequested, 255); name[255] = '\0'; + } + + if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { return(AUTH_VALID); } else return(AUTH_USER); diff --git a/src/appl/telnet/libtelnet/kerberos5.c b/src/appl/telnet/libtelnet/kerberos5.c index 3a1c8f2..ad36aed 100644 --- a/src/appl/telnet/libtelnet/kerberos5.c +++ b/src/appl/telnet/libtelnet/kerberos5.c @@ -327,7 +327,7 @@ kerberos5_send(ap) &check_data, new_creds, &auth); #ifdef ENCRYPTION - krb5_auth_con_getlocalsubkey(telnet_context, auth_context, &newkey); + krb5_auth_con_getsendsubkey(telnet_context, auth_context, &newkey); if (session_key) { krb5_free_keyblock(telnet_context, session_key); session_key = 0; @@ -446,6 +446,10 @@ kerberos5_is(ap, data, cnt) * first component of a service name especially since * the default is of length 4. */ + if (krb5_princ_size(telnet_context,ticket->server) < 1) { + (void) strcpy(errbuf, "malformed service name"); + goto errout; + } if (krb5_princ_component(telnet_context,ticket->server,0)->length < 256) { char princ[256]; strncpy(princ, @@ -548,7 +552,7 @@ kerberos5_is(ap, data, cnt) if (name) free(name); - krb5_auth_con_getremotesubkey(telnet_context, auth_context, + krb5_auth_con_getrecvsubkey(telnet_context, auth_context, &newkey); if (session_key) { krb5_free_keyblock(telnet_context, session_key); @@ -727,13 +731,20 @@ kerberos5_status(ap, name, level) if (level < AUTH_USER) return(level); + /* + * Always copy in UserNameRequested if the authentication + * is valid, because the higher level routines need it. + * the name buffer comes from telnetd/telnetd{-ktd}.c + */ + if (UserNameRequested) { + strncpy(name, UserNameRequested, 255); + name[255] = '\0'; + } + if (UserNameRequested && krb5_kuserok(telnet_context, ticket->enc_part2->client, UserNameRequested)) { - /* the name buffer comes from telnetd/telnetd{-ktd}.c */ - strncpy(name, UserNameRequested, 255); - name[255] = '\0'; return(AUTH_VALID); } else return(AUTH_USER); diff --git a/src/appl/telnet/telnet/ChangeLog b/src/appl/telnet/telnet/ChangeLog index bcc3617..60f9bf1 100644 --- a/src/appl/telnet/telnet/ChangeLog +++ b/src/appl/telnet/telnet/ChangeLog @@ -1,3 +1,7 @@ +2003-04-23 Ken Raeburn <raeburn@mit.edu> + + * externs.h: Don't declare errno. + 2003-01-07 Ken Raeburn <raeburn@mit.edu> * Makefile.orig: Deleted. diff --git a/src/appl/telnet/telnet/Makefile.in b/src/appl/telnet/telnet/Makefile.in index 31fb87a..20a9ae7 100644 --- a/src/appl/telnet/telnet/Makefile.in +++ b/src/appl/telnet/telnet/Makefile.in @@ -84,7 +84,8 @@ $(OUTPRE)commands.$(OBJEXT): commands.c $(srcdir)/../arpa/telnet.h \ $(srcdir)/../libtelnet/auth-proto.h $(srcdir)/../libtelnet/encrypt.h \ $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/misc-proto.h \ $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h + $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/socket-utils.h \ + $(SRCTOP)/include/k5-platform.h $(OUTPRE)main.$(OBJEXT): main.c $(srcdir)/../libtelnet/auth.h \ $(srcdir)/../libtelnet/auth-proto.h $(srcdir)/../libtelnet/encrypt.h \ $(srcdir)/../libtelnet/enc-proto.h ring.h externs.h \ diff --git a/src/appl/telnet/telnet/externs.h b/src/appl/telnet/telnet/externs.h index 65a1c67..dccb424 100644 --- a/src/appl/telnet/telnet/externs.h +++ b/src/appl/telnet/telnet/externs.h @@ -111,10 +111,6 @@ extern char *malloc(), *calloc(), *realloc(); #define SUBBUFSIZE 256 -#ifndef CRAY -extern int errno; /* outside this world */ -#endif /* !CRAY */ - extern int autologin, /* Autologin enabled */ skiprc, /* Don't process the ~/.telnetrc file */ diff --git a/src/appl/telnet/telnetd/ChangeLog b/src/appl/telnet/telnetd/ChangeLog index c380d11..b343e9c 100644 --- a/src/appl/telnet/telnetd/ChangeLog +++ b/src/appl/telnet/telnetd/ChangeLog @@ -1,3 +1,7 @@ +2003-04-23 Ken Raeburn <raeburn@mit.edu> + + * telnetd.h: Don't declare errno. + 2003-01-09 Ken Raeburn <raeburn@mit.edu> * telnetd.c (main): Use socklen_t when passing address to socket diff --git a/src/appl/telnet/telnetd/Makefile.in b/src/appl/telnet/telnetd/Makefile.in index 4a3e0a6..ecf235c 100644 --- a/src/appl/telnet/telnetd/Makefile.in +++ b/src/appl/telnet/telnetd/Makefile.in @@ -90,9 +90,10 @@ $(OUTPRE)telnetd.$(OBJEXT): telnetd.c telnetd.h defs.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/syslog.h \ ext.h pathnames.h $(BUILDTOP)/include/libpty.h $(COM_ERR_DEPS) \ $(SRCTOP)/include/fake-addrinfo.h $(SRCTOP)/include/port-sockets.h \ - $(BUILDTOP)/include/krb5.h $(srcdir)/../libtelnet/auth.h \ - $(srcdir)/../libtelnet/auth-proto.h $(srcdir)/../libtelnet/encrypt.h \ - $(srcdir)/../libtelnet/enc-proto.h $(srcdir)/../libtelnet/misc-proto.h + $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \ + $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/auth-proto.h \ + $(srcdir)/../libtelnet/encrypt.h $(srcdir)/../libtelnet/enc-proto.h \ + $(srcdir)/../libtelnet/misc-proto.h $(OUTPRE)termio-tn.$(OBJEXT): termio-tn.c $(OUTPRE)termios-tn.$(OBJEXT): termios-tn.c $(OUTPRE)state.$(OBJEXT): state.c telnetd.h defs.h \ @@ -113,8 +114,9 @@ $(OUTPRE)sys_term.$(OBJEXT): sys_term.c telnetd.h defs.h \ ext.h pathnames.h $(COM_ERR_DEPS) $(BUILDTOP)/include/libpty.h \ $(srcdir)/../libtelnet/auth.h $(srcdir)/../libtelnet/auth-proto.h \ $(SRCTOP)/include/k5-int.h $(BUILDTOP)/include/krb5/osconf.h \ - $(BUILDTOP)/include/krb5.h $(SRCTOP)/include/port-sockets.h \ - $(SRCTOP)/include/krb5/kdb.h $(BUILDTOP)/include/profile.h + $(SRCTOP)/include/k5-platform.h $(BUILDTOP)/include/krb5.h \ + $(BUILDTOP)/include/profile.h $(SRCTOP)/include/port-sockets.h \ + $(SRCTOP)/include/krb5/kdb.h $(OUTPRE)utility.$(OBJEXT): utility.c telnetd.h defs.h \ $(srcdir)/../arpa/telnet.h $(SRCTOP)/include/socket-utils.h \ $(BUILDTOP)/include/krb5/autoconf.h $(SRCTOP)/include/syslog.h \ diff --git a/src/appl/telnet/telnetd/telnetd.h b/src/appl/telnet/telnetd/telnetd.h index 234b973..f21f617 100644 --- a/src/appl/telnet/telnetd/telnetd.h +++ b/src/appl/telnet/telnetd/telnetd.h @@ -45,5 +45,4 @@ /* other external variables */ extern char **environ; -extern int errno; |