summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorgibbs <gibbs@FreeBSD.org>1995-10-05 21:30:21 +0000
committergibbs <gibbs@FreeBSD.org>1995-10-05 21:30:21 +0000
commit2734551417f3e16093c4cc8de51248dd743fa17b (patch)
tree9410ca0cafe506eca75c35934448a29ad19a6482
parent73c29c06751229bf5749b8422047cf613fb47bbc (diff)
downloadFreeBSD-src-2734551417f3e16093c4cc8de51248dd743fa17b.zip
FreeBSD-src-2734551417f3e16093c4cc8de51248dd743fa17b.tar.gz
Kerberos can now deal with multi-homed clients.
Kerberos obtains a network address for the local host from the routing tables and uses it consistently for all Kerberos transactions. This ensures that packets only leave the *authenticated* interface. Clients who open and use their own sockets for encrypted or authenticated correspondance to kerberos services should bind their sockets to the same address as that used by kerberos. krb_get_local_addr() and krb_bind_local_addr() allow clients to obtain the local address or bind a socket to the local address used by Kerberos respectively. Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman> Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
-rw-r--r--eBones/include/krb.h13
-rw-r--r--eBones/lib/libkadm/kadm_cli_wrap.c25
-rw-r--r--eBones/lib/libkrb/Makefile5
-rw-r--r--eBones/lib/libkrb/krb.358
-rw-r--r--eBones/lib/libkrb/krb_err.et14
-rw-r--r--eBones/lib/libkrb/krb_err_txt.c12
-rw-r--r--eBones/lib/libkrb/krb_sendauth.312
-rw-r--r--eBones/lib/libkrb/send_to_kdc.c140
-rw-r--r--eBones/lib/librkinit/rk_rpc.c17
-rw-r--r--eBones/usr.sbin/kprop/kprop.c56
-rw-r--r--libexec/rlogind/rlogind.c2
-rw-r--r--usr.bin/rlogin/kcmd.c9
-rw-r--r--usr.bin/rlogin/rlogin.c2
-rw-r--r--usr.bin/rsh/rsh.c4
-rw-r--r--usr.bin/su/su.c9
15 files changed, 313 insertions, 65 deletions
diff --git a/eBones/include/krb.h b/eBones/include/krb.h
index 0b1ae09..d7b77f7 100644
--- a/eBones/include/krb.h
+++ b/eBones/include/krb.h
@@ -6,7 +6,7 @@
* Include file for the Kerberos library.
*
* from: krb.h,v 4.26 89/08/08 17:55:25 jtkohl Exp $
- * $Id: krb.h,v 1.7 1995/09/07 20:50:36 mark Exp $
+ * $Id: krb.h,v 1.6 1995/09/13 17:23:47 markm Exp $
*/
/* Only one time, please */
@@ -259,6 +259,15 @@ typedef struct msg_dat MSG_DAT;
/* Error code returned by kparse_name */
#define KNAME_FMT 81 /* Bad Kerberos name format */
+/* Error codes returned by get_local_addr and bind_local_addr */
+#define GT_LADDR_NOSOCK 82 /* Can't open socket */
+#define GT_LADDR_IFLIST 83 /*
+ * Can't retrieve local interface
+ * configuration list
+ */
+#define GT_LADDR_NVI 84 /* No valid local interface found */
+#define BND_LADDR_BIND 85 /* Can't bind local address */
+
/* Error code returned by krb_mk_safe */
#define SAFE_PRIV_ERROR -1 /* syscall error */
@@ -456,6 +465,8 @@ int read_service_key __P((char *service, char *instance, char *realm, int kvno,
char *file, char *key));
int get_ad_tkt __P((char *service, char *sinstance, char *realm, int lifetime));
int send_to_kdc __P((KTEXT pkt, KTEXT rpkt, char *realm));
+int krb_bind_local_addr __P((int s));
+int krb_get_local_addr __P((struct sockaddr_in *returned_addr));
int krb_create_ticket __P((KTEXT tkt, unsigned char flags, char *pname,
char *pinstance, char *prealm, long paddress, char *session, short life,
long time_sec, char *sname, char *sinstance, C_Block key));
diff --git a/eBones/lib/libkadm/kadm_cli_wrap.c b/eBones/lib/libkadm/kadm_cli_wrap.c
index e25439d..c3eb730 100644
--- a/eBones/lib/libkadm/kadm_cli_wrap.c
+++ b/eBones/lib/libkadm/kadm_cli_wrap.c
@@ -12,7 +12,7 @@
static char rcsid_kadm_cli_wrap_c[] =
"from: Id: kadm_cli_wrap.c,v 4.6 89/12/30 20:09:45 qjb Exp";
static const char rcsid[] =
- "$Id: kadm_cli_wrap.c,v 1.1 1995/07/18 16:40:23 mark Exp $";
+ "$Id: kadm_cli_wrap.c,v 1.4 1995/09/07 21:38:47 markm Exp $";
#endif lint
#endif
@@ -422,10 +422,24 @@ int
kadm_cli_conn()
{ /* this connects and sets my_addr */
int on = 1;
+ int kerror;
if ((client_parm.admin_fd =
socket(client_parm.admin_addr.sin_family, SOCK_STREAM,0)) < 0)
return KADM_NO_SOCK; /* couldnt create the socket */
+ client_parm.my_addr_len = sizeof(client_parm.my_addr);
+ if ((kerror = krb_get_local_addr(&client_parm.my_addr)) != KSUCCESS) {
+ (void) close(client_parm.admin_fd);
+ client_parm.admin_fd = -1;
+ return KADM_NO_HERE;
+ }
+ if (bind(client_parm.admin_fd,
+ (struct sockaddr *) & client_parm.admin_addr,
+ sizeof(client_parm.my_addr))) {
+ (void) close(client_parm.admin_fd);
+ client_parm.admin_fd = -1;
+ return KADM_NO_HERE;
+ }
if (connect(client_parm.admin_fd,
(struct sockaddr *) & client_parm.admin_addr,
sizeof(client_parm.admin_addr))) {
@@ -434,15 +448,6 @@ kadm_cli_conn()
return KADM_NO_CONN; /* couldnt get the connect */
}
opipe = signal(SIGPIPE, SIG_IGN);
- client_parm.my_addr_len = sizeof(client_parm.my_addr);
- if (getsockname(client_parm.admin_fd,
- (struct sockaddr *) & client_parm.my_addr,
- &client_parm.my_addr_len) < 0) {
- (void) close(client_parm.admin_fd);
- client_parm.admin_fd = -1;
- (void) signal(SIGPIPE, opipe);
- return KADM_NO_HERE; /* couldnt find out who we are */
- }
if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, &on,
sizeof(on)) < 0) {
(void) close(client_parm.admin_fd);
diff --git a/eBones/lib/libkrb/Makefile b/eBones/lib/libkrb/Makefile
index eefe1a5..829fbea 100644
--- a/eBones/lib/libkrb/Makefile
+++ b/eBones/lib/libkrb/Makefile
@@ -1,5 +1,5 @@
# From: @(#)Makefile 5.1 (Berkeley) 6/25/90
-# $Id: Makefile,v 1.8 1995/09/13 17:23:55 markm Exp $
+# $Id: Makefile,v 1.9 1995/09/14 04:05:02 gibbs Exp $
LIB= krb
CFLAGS+=-DKERBEROS -DCRYPT -DDEBUG -DBSD42
@@ -31,7 +31,8 @@ MAN3= krb.3 krb_realmofhost.3 krb_sendauth.3 krb_set_tkt_string.3 \
MLINKS= krb.3 krb_mk_req.3 krb.3 krb_rd_req.3 krb.3 krb_kntoln.3 \
krb.3 krb_set_key.3 krb.3 krb_get_cred.3 krb.3 krb_mk_priv.3 \
krb.3 krb_rd_priv.3 krb.3 krb_mk_safe.3 krb.3 krb_rd_safe.3 \
- krb.3 krb_mk_err.3 krb.3 krb_rd_err.3 krb.3 krb_ck_repl.3
+ krb.3 krb_mk_err.3 krb.3 krb_rd_err.3 krb.3 krb_ck_repl.3 \
+ krb.3 krb_get_local_addr.3 krb.3 krb_bind_local_addr.3
MLINKS+=krb_realmofhost.3 krb_get_phost.3 krb_realmofhost.3 krb_get_krbhst.3 \
krb_realmofhost.3 krb_get_admhst.3 krb_realmofhost.3 krb_get_lrealm.3
diff --git a/eBones/lib/libkrb/krb.3 b/eBones/lib/libkrb/krb.3
index 10e20e9..f2061cd 100644
--- a/eBones/lib/libkrb/krb.3
+++ b/eBones/lib/libkrb/krb.3
@@ -1,6 +1,6 @@
-.\" $Source: /usr/cvs/src/eBones/krb/krb.3,v $
-.\" $Author: mark $
-.\" $Header: /usr/cvs/src/eBones/krb/krb.3,v 1.2 1995/07/18 16:40:57 mark Exp $
+.\" $Source: /home/ncvs/src/eBones/lib/libkrb/krb.3,v $
+.\" $Author: markm $
+.\" $Header: /home/ncvs/src/eBones/lib/libkrb/krb.3,v 1.3 1995/09/13 17:23:55 markm Exp $
.\" Copyright 1989 by the Massachusetts Institute of Technology.
.\"
.\" For copying and distribution information,
@@ -8,9 +8,12 @@
.\"
.TH KERBEROS 3 "Kerberos Version 4.0" "MIT Project Athena"
.SH NAME
-krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, krb_get_cred,
-krb_mk_priv, krb_rd_priv, krb_mk_safe, krb_rd_safe, krb_mk_err,
-krb_rd_err, krb_ck_repl \- Kerberos authentication library
+Kerberos authentication library
+.PP
+krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key,
+krb_get_cred, krb_mk_priv, krb_rd_priv, krb_mk_safe,
+krb_rd_safe, krb_mk_err, krb_rd_err, krb_ck_repl
+krb_get_local_addr, krb_bind_local_addr
.SH SYNOPSIS
.nf
.nj
@@ -105,6 +108,14 @@ u_char *in;
u_long length;
long code;
MSG_DAT *msg_data;
+.PP
+.ft B
+int krb_get_local_addr(address)
+struct sockaddr_in *address;
+.PP
+.ft B
+int krb_bind_local_addr(socket)
+int socket;
.fi
.ft R
.SH DESCRIPTION
@@ -114,6 +125,17 @@ in this man page, but they are not intended to be used directly.
Instead, they are called by the routines that are described, the
authentication server and the login program.
.PP
+The original MIT implementation of the krb library could fail when used on
+multi-homed client machines. Two functions,
+.I krb_get_local_addr
+and
+.I krb_bind_local_addr,
+are provided to overcome this limitation. Any
+application expected to function in a multi-homed environment (clients
+with more than one network interface) that opens sockets to perform
+authenticated or encrypted transactions must use one of these functions
+to bind its sockets to the local address used and authenticated by Kerberos.
+.PP
.I krb_err_txt[]
contains text string descriptions of various Kerberos error codes returned
by some of the routines below.
@@ -412,6 +434,30 @@ care of).
The routine returns zero if the error message has been successfully received,
or a Kerberos error code.
.PP
+.I krb_get_local_addr
+retrieves the address of the local interface used for
+all kerberos transactions and copies it to the sockaddr_in pointed to
+by
+.I address.
+This information is usually used to bind additional sockets in client
+programs to the kerberos authenticated local address so transactions
+to kerberos services on remote machines succeed. This routine may be called
+at any time and the address returned will not change during the lifetime of
+the program.
+
+The routine returns zero on success or a Kerberos error code.
+.PP
+.I krb_bind_local_addr
+binds
+.I socket
+to the address of the local interface used for all kerberos
+transactions. The bind allows the system to assign a port for the socket,
+so programs wishing to specify an explicit port should use
+.I krb_get_local_addr
+and perform the bind manually.
+
+The routine returns zero on success or a Kerberos error code.
+.PP
The
.I KTEXT
structure is used to pass around text of varying lengths. It consists
diff --git a/eBones/lib/libkrb/krb_err.et b/eBones/lib/libkrb/krb_err.et
index 7d2baef..6200280 100644
--- a/eBones/lib/libkrb/krb_err.et
+++ b/eBones/lib/libkrb/krb_err.et
@@ -3,7 +3,7 @@
# "Copyright.MIT".
#
# from: krb_err.et,v 4.1 89/09/26 09:24:20 jtkohl Exp $
-# $Id: krb_err.et,v 1.3 1995/07/18 16:39:00 mark Exp $
+# $Id: krb_err.et,v 1.3 1995/09/07 21:38:09 markm Exp $
#
error_table krb
@@ -253,5 +253,17 @@
ec KRBET_KNAME_FMT,
"Bad Kerberos name format"
+ ec KRBET_GT_LADDR_NOSOCK,
+ "Can't open socket"
+
+ ec KRBET_GT_LADDR_IFLIST,
+ "Can't retrieve local interface list"
+
+ ec KRBET_GT_LADDR_NVI,
+ "No valid local interface found"
+
+ ec KRBET_BND_LADDR_BIND,
+ "Can't bind local address"
+
end
diff --git a/eBones/lib/libkrb/krb_err_txt.c b/eBones/lib/libkrb/krb_err_txt.c
index 2c8c0ca..040727b 100644
--- a/eBones/lib/libkrb/krb_err_txt.c
+++ b/eBones/lib/libkrb/krb_err_txt.c
@@ -4,13 +4,13 @@
* <Copyright.MIT>.
*
* from: krb_err_txt.c,v 4.7 88/12/01 14:10:14 jtkohl Exp $
- * $Id: krb_err_txt.c,v 1.3 1995/07/18 16:39:02 mark Exp $
+ * $Id: krb_err_txt.c,v 1.3 1995/09/07 21:38:10 markm Exp $
*/
#if 0
#ifndef lint
static char rcsid[] =
-"$Id: krb_err_txt.c,v 1.3 1995/07/18 16:39:02 mark Exp $";
+"$Id: krb_err_txt.c,v 1.3 1995/09/07 21:38:10 markm Exp $";
#endif lint
#endif
@@ -103,10 +103,10 @@ char *krb_err_txt[256] = {
"Bad ticket file format (tf_util)", /* 079 */
"Read ticket file before tf_init (tf_util)", /* 080 */
"Bad Kerberos name format (kname_parse)", /* 081 */
- "(reserved)",
- "(reserved)",
- "(reserved)",
- "(reserved)",
+ "Can't open socket", /* 082 */
+ "Can't retrieve local interface list", /* 083 */
+ "No valid local interface found", /* 084 */
+ "Can't bind local address", /* 085 */
"(reserved)",
"(reserved)",
"(reserved)",
diff --git a/eBones/lib/libkrb/krb_sendauth.3 b/eBones/lib/libkrb/krb_sendauth.3
index 5608255..8f250a5 100644
--- a/eBones/lib/libkrb/krb_sendauth.3
+++ b/eBones/lib/libkrb/krb_sendauth.3
@@ -1,5 +1,5 @@
.\" from: krb_sendauth.3,v 4.1 89/01/23 11:10:58 jtkohl Exp $
-.\" $Id: krb_sendauth.3,v 1.3 1995/07/18 16:41:03 mark Exp $
+.\" $Id: krb_sendauth.3,v 1.3 1995/09/13 17:23:57 markm Exp $
.\" Copyright 1988 by the Massachusetts Institute of Technology.
.\"
.\" For copying and distribution information,
@@ -82,6 +82,13 @@ The
function receives the ticket from the client by
reading from a network socket.
+To ensure proper behavior on multi-homed systems (machines with more
+than one network interface) all sockets used with these routines should
+be bound to the same address as that used by the Kerberos library via
+.I krb_get_local_addr
+or
+.I krb_bind_local_addr.
+
.SH KRB_SENDAUTH
.PP
This function writes the ticket to
@@ -338,7 +345,8 @@ will not work properly on sockets set to non-blocking I/O mode.
.SH SEE ALSO
-krb_mk_req(3), krb_rd_req(3), krb_get_phost(3)
+krb_mk_req(3), krb_rd_req(3), krb_get_phost(3), krb_get_local_addr(3),
+krb_bind_local_addr(3)
.SH AUTHOR
John T. Kohl, MIT Project Athena
diff --git a/eBones/lib/libkrb/send_to_kdc.c b/eBones/lib/libkrb/send_to_kdc.c
index 521ba9a..c9f4355 100644
--- a/eBones/lib/libkrb/send_to_kdc.c
+++ b/eBones/lib/libkrb/send_to_kdc.c
@@ -4,7 +4,7 @@
* <Copyright.MIT>.
*
* from: send_to_kdc.c,v 4.20 90/01/02 13:40:37 jtkohl Exp $
- * $Id: send_to_kdc.c,v 1.8 1995/09/14 20:58:35 gibbs Exp $
+ * $Id: send_to_kdc.c,v 1.9 1995/09/16 23:11:25 gibbs Exp $
*/
#if 0
@@ -22,11 +22,15 @@ static char rcsid_send_to_kdc_c[] =
#include <stdio.h>
#include <errno.h>
#include <sys/time.h>
+#include <sys/param.h>
#include <sys/types.h>
#ifdef lint
#include <sys/uio.h> /* struct iovec to make lint happy */
#endif /* lint */
+#include <sys/sysctl.h>
#include <sys/socket.h>
+#include <net/if.h>
+#include <net/route.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <netdb.h>
@@ -34,6 +38,11 @@ static char rcsid_send_to_kdc_c[] =
#define S_AD_SZ sizeof(struct sockaddr_in)
+/* Used for extracting addresses from routing messages */
+#define ROUNDUP(a) \
+ ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
+#define ADVANCE(x, n) (x += ROUNDUP((n)->sin_len))
+
extern int errno;
extern int krb_debug;
@@ -41,6 +50,10 @@ extern char *malloc(), *calloc(), *realloc();
int krb_udp_port = 0;
+static struct sockaddr_in local_addr = { S_AD_SZ,
+ AF_INET
+ };
+
/* CLIENT_KRB_TIMEOUT indicates the time to wait before
* retrying a server. It's defined in "krb.h".
*/
@@ -222,6 +235,11 @@ send_to_kdc(pkt,rpkt,realm)
bcopy(host->h_addr, (char *)&to.sin_addr,
host->h_length);
to.sin_port = krb_udp_port;
+ if ((retval = krb_bind_local_addr(f)) != KSUCCESS) {
+ fprintf(stderr, "krb_bind_local_addr: %s", krb_err_txt[retval]);
+ retval = SKDC_CANT;
+ goto rtn;
+ }
if (send_recv(pkt, rpkt, f, &to, hostlist)) {
retval = KSUCCESS;
goto rtn;
@@ -389,3 +407,123 @@ send_recv(pkt,rpkt,f,_to,addrs)
"send_to_kdc(send_rcv)", inet_ntoa(from.sin_addr));
return 0;
}
+
+
+static int
+setfixedaddr(s)
+ int s;
+{
+ struct ifa_msghdr *ifa, *ifa0, *ifa_end;
+ struct sockaddr_in *cur_addr;
+ int tries;
+ int i;
+ u_long loopback;
+ int mib[6] = { CTL_NET, PF_ROUTE, 0, AF_INET, NET_RT_IFLIST, 0 };
+ size_t len;
+
+ /* Get information about our interfaces */
+#define NUMTRIES 10
+ tries = 0;
+
+retry:
+ len = 0;
+ if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0) {
+ perror("setfixedaddr: Can't get size of interface table: sysctl");
+ return GT_LADDR_IFLIST;
+ }
+ ifa = (struct ifa_msghdr *)malloc(len);
+ if (!ifa) {
+ fprintf(stderr, "setfixedaddr: Cannot malloc\n");
+ return (KFAILURE);
+ }
+ if (sysctl(mib, 6, ifa, &len, NULL, 0) < 0) {
+ free(ifa);
+ if (errno == ENOMEM && tries < NUMTRIES) {
+ /* Table grew between calls */
+ tries++;
+ goto retry;
+ }
+ else {
+ perror("setfixedaddr: Can't get interface table: sysctl");
+ return GT_LADDR_IFLIST;
+ }
+ }
+ loopback = inet_addr("127.0.0.1");
+
+ ifa0 = ifa;
+ for(ifa_end = (struct ifa_msghdr *)((caddr_t)ifa + len);
+ ifa < ifa_end;
+ (caddr_t)ifa += ifa->ifam_msglen) {
+ /* Ignore interface name messages and ensure we have an address */
+ if (ifa->ifam_type == RTM_IFINFO || !(ifa->ifam_addrs & RTAX_IFA))
+ continue;
+ cur_addr = (struct sockaddr_in *)(ifa + 1);
+ for (i = 0; i < RTAX_IFA; i++) {
+ if (ifa->ifam_addrs & (1 << i))
+ ADVANCE((caddr_t)cur_addr, cur_addr);
+ }
+ if (cur_addr->sin_addr.s_addr != loopback) {
+ local_addr.sin_addr.s_addr = cur_addr->sin_addr.s_addr;
+ break;
+ }
+ }
+ free(ifa0);
+ if (ifa >= ifa_end) {
+ return GT_LADDR_NVI;
+ }
+ if (krb_debug) {
+ fprintf(stderr, "setfixedaddr: using local address %s\n",
+ inet_ntoa(local_addr.sin_addr));
+ }
+ return (KSUCCESS);
+}
+
+int
+krb_bind_local_addr(s)
+ int s;
+{
+ int retval;
+ if (local_addr.sin_addr.s_addr == INADDR_ANY) {
+ /*
+ * We haven't determined the local interface to use
+ * for kerberos server interactions. Do so now.
+ */
+ if ((retval = setfixedaddr(s)) != KSUCCESS)
+ return (retval);
+ }
+ if (bind(s, (struct sockaddr *)&local_addr, sizeof(local_addr)) < 0) {
+ perror("krb_bind_local_addr: bind");
+ return BND_LADDR_BIND;
+ }
+ if (krb_debug)
+ printf("local_addr = %s\n", inet_ntoa(local_addr.sin_addr));
+ return(KSUCCESS);
+}
+
+int
+krb_get_local_addr(returned_addr)
+ struct sockaddr_in *returned_addr;
+{
+ int retval;
+ if (local_addr.sin_addr.s_addr == INADDR_ANY) {
+ /*
+ * We haven't determined the local interface to use
+ * for kerberos server interactions. Do so now.
+ */
+ int s;
+ if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+ return GT_LADDR_NOSOCK;
+ }
+ if ((retval = setfixedaddr(s)) != KSUCCESS) {
+ close(s);
+ return (retval);
+ }
+ close(s);
+ }
+ if (!returned_addr)
+ return(KFAILURE);
+ *returned_addr = local_addr;
+ if (krb_debug)
+ printf("local_addr = %s\n", inet_ntoa(local_addr.sin_addr));
+ return (KSUCCESS);
+}
diff --git a/eBones/lib/librkinit/rk_rpc.c b/eBones/lib/librkinit/rk_rpc.c
index dd61327..d931899 100644
--- a/eBones/lib/librkinit/rk_rpc.c
+++ b/eBones/lib/librkinit/rk_rpc.c
@@ -1,7 +1,7 @@
/*
- * $Id: rk_rpc.c,v 1.1 1993/12/10 19:36:09 dglo Exp gibbs $
- * $Source: /usr/src/eBones/librkinit/RCS/rk_rpc.c,v $
- * $Author: dglo $
+ * $Id: rk_rpc.c,v 1.1.1.1 1995/09/15 06:09:30 gibbs Exp $
+ * $Source: /home/ncvs/src/eBones/lib/librkinit/rk_rpc.c,v $
+ * $Author: gibbs $
*
* This file contains functions that are used for network communication.
* See the comment at the top of rk_lib.c for a description of the naming
@@ -9,7 +9,7 @@
*/
#if !defined(lint) && !defined(SABER) && !defined(LOCORE) && defined(RCS_HDRS)
-static char *rcsid = "$Id: rk_rpc.c,v 1.1 1993/12/10 19:36:09 dglo Exp gibbs $";
+static char *rcsid = "$Id: rk_rpc.c,v 1.1.1.1 1995/09/15 06:09:30 gibbs Exp $";
#endif /* lint || SABER || LOCORE || RCS_HDRS */
#include <stdio.h>
@@ -187,7 +187,7 @@ int rki_setup_rpc(host)
{
struct hostent *hp;
struct servent *sp;
- int port;
+ int port, retval;
SBCLEAR(saddr);
SBCLEAR(hp);
@@ -214,7 +214,12 @@ int rki_setup_rpc(host)
rkinit_errmsg(errbuf);
return(RKINIT_SOCKET);
}
-
+ if ((retval = krb_bind_local_addr(sock)) != KSUCCESS) {
+ sprintf(errbuf, "krb_bind_local_addr: %s", krb_err_txt[retval]);
+ rkinit_errmsg(errbuf);
+ close(sock);
+ return(RKINIT_SOCKET);
+ }
if (connect(sock, (struct sockaddr *)&saddr, sizeof (saddr)) < 0) {
sprintf(errbuf, "connect: %s", sys_errlist[errno]);
rkinit_errmsg(errbuf);
diff --git a/eBones/usr.sbin/kprop/kprop.c b/eBones/usr.sbin/kprop/kprop.c
index 23bb893..4307330 100644
--- a/eBones/usr.sbin/kprop/kprop.c
+++ b/eBones/usr.sbin/kprop/kprop.c
@@ -5,14 +5,33 @@
* For copying and distribution information,
* please see the file <mit-copyright.h>.
*
- * $Revision: 1.1.1.1 $
- * $Date: 1995/08/03 07:36:18 $
+ * $Revision: 1.3 $
+ * $Date: 1995/09/07 21:37:34 $
* $State: Exp $
- * $Source: /usr/cvs/src/eBones/kprop/kprop.c,v $
- * $Author: mark $
+ * $Source: /home/ncvs/src/eBones/usr.sbin/kprop/kprop.c,v $
+ * $Author: markm $
* $Locker: $
*
* $Log: kprop.c,v $
+ * Revision 1.3 1995/09/07 21:37:34 markm
+ * Major cleanup of eBones code:
+ *
+ * - Get all functions prototyped or at least defined before use.
+ * - Make code compile (Mostly) clean with -Wall set
+ * - Start to reduce the degree to which DES aka libdes is built in.
+ * - get all functions to the same uniform standard of definition:
+ * int
+ * foo(a, b)
+ * int a;
+ * int *b;
+ * {
+ * :
+ * }
+ * - fix numerous bugs exposed by above processes.
+ *
+ * Note - this replaces the previous work which used an unpopular function
+ * definition style.
+ *
* Revision 1.1.1.1 1995/08/03 07:36:18 mark
* Import an updated revision of the MIT kprop program for distributing
* kerberos databases to slave servers.
@@ -73,7 +92,7 @@
#if 0
#ifndef lint
static char rcsid_kprop_c[] =
-"$Id: kprop.c,v 1.1.1.1 1995/08/03 07:36:18 mark Exp $";
+"$Id: kprop.c,v 1.3 1995/09/07 21:37:34 markm Exp $";
#endif lint
#endif
@@ -333,26 +352,25 @@ prop_to_slaves(sl, fd, fslv)
}
bcopy(&cs->net_addr, &sin.sin_addr,
sizeof cs->net_addr);
-
- if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) {
- fprintf(stderr, "%s: ", cs->name);
- perror("connect");
- close(s);
- continue; /*** NEXT SLAVE ***/
- }
-
/* for krb_mk_{priv, safe} */
bzero (&my_sin, sizeof my_sin);
n = sizeof my_sin;
- if (getsockname (s, (struct sockaddr *) &my_sin, &n) != 0) {
- fprintf (stderr, "kprop: can't get socketname.");
- perror ("getsockname");
+ if ((kerror = krb_get_local_addr (&my_sin)) != KSUCCESS) {
+ fprintf (stderr, "kprop: can't get local address: %s\n",
+ krb_err_txt[kerror]);
close (s);
continue; /*** NEXT SLAVE ***/
}
- if (n != sizeof (my_sin)) {
- fprintf (stderr, "kprop: can't get socketname. len");
- close (s);
+ if (bind(s, (struct sockaddr *) &my_sin, sizeof my_sin) < 0) {
+ fprintf(stderr, "Unable to bind local address: ");
+ perror("bind");
+ close(s);
+ continue;
+ }
+ if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) {
+ fprintf(stderr, "%s: ", cs->name);
+ perror("connect");
+ close(s);
continue; /*** NEXT SLAVE ***/
}
diff --git a/libexec/rlogind/rlogind.c b/libexec/rlogind/rlogind.c
index 4ff0af7..37a974d 100644
--- a/libexec/rlogind/rlogind.c
+++ b/libexec/rlogind/rlogind.c
@@ -681,7 +681,7 @@ do_krb_login(dest)
ticket, "rcmd",
instance, dest, &faddr,
kdata, "", schedule, version);
- des_set_key(kdata->session, schedule);
+ des_set_key(&kdata->session, schedule);
} else
#endif
diff --git a/usr.bin/rlogin/kcmd.c b/usr.bin/rlogin/kcmd.c
index 3f6a138..14c0367 100644
--- a/usr.bin/rlogin/kcmd.c
+++ b/usr.bin/rlogin/kcmd.c
@@ -278,11 +278,14 @@ getport(alport)
int *alport;
{
struct sockaddr_in sin;
- int s;
+ int s, retval;
- sin.sin_family = AF_INET;
- sin.sin_addr.s_addr = INADDR_ANY;
s = socket(AF_INET, SOCK_STREAM, 0);
+ if ((retval = krb_get_local_addr(&sin)) != KSUCCESS) {
+ fprintf(stderr, "krb_get_local_addr: %s\n",krb_err_txt[retval]);
+ close(s);
+ return (-1);
+ }
if (s < 0)
return (-1);
for (;;) {
diff --git a/usr.bin/rlogin/rlogin.c b/usr.bin/rlogin/rlogin.c
index 9de1daf..320844f 100644
--- a/usr.bin/rlogin/rlogin.c
+++ b/usr.bin/rlogin/rlogin.c
@@ -301,7 +301,7 @@ try_connect:
if (doencrypt) {
rem = krcmd_mutual(&host, sp->s_port, user, term, 0,
dest_realm, &cred, schedule);
- des_set_key(cred.session, schedule);
+ des_set_key(&cred.session, schedule);
} else
#endif /* CRYPT */
rem = krcmd(&host, sp->s_port, user, term, 0,
diff --git a/usr.bin/rsh/rsh.c b/usr.bin/rsh/rsh.c
index e2297d5..6b6c396 100644
--- a/usr.bin/rsh/rsh.c
+++ b/usr.bin/rsh/rsh.c
@@ -40,7 +40,7 @@ static char copyright[] =
#ifndef lint
static char sccsid[] = "From: @(#)rsh.c 8.3 (Berkeley) 4/6/94";
static char rcsid[] =
- "$Id: rsh.c,v 1.3 1995/01/14 20:36:22 wollman Exp $";
+ "$Id: rsh.c,v 1.4 1995/05/30 06:33:24 rgrimes Exp $";
#endif /* not lint */
#include <sys/types.h>
@@ -233,7 +233,7 @@ try_connect:
if (doencrypt) {
rem = krcmd_mutual(&host, sp->s_port, user, args,
&rfd2, dest_realm, &cred, schedule);
- des_set_key(cred.session, schedule);
+ des_set_key(&cred.session, schedule);
} else
#endif
rem = krcmd(&host, sp->s_port, user, args, &rfd2,
diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c
index e8afb37..521d88a 100644
--- a/usr.bin/su/su.c
+++ b/usr.bin/su/su.c
@@ -340,6 +340,7 @@ kerberos(username, user, uid)
char *p;
int kerno;
u_long faddr;
+ struct sockaddr_in local_addr;
char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN];
char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN];
char *krb_get_phost();
@@ -423,13 +424,13 @@ kerberos(username, user, uid)
dest_tkt();
return (1);
} else {
- if (!(hp = gethostbyname(hostname))) {
- warnx("can't get addr of %s", hostname);
+ if ((kerno = krb_get_local_addr(&local_addr)) != KSUCCESS) {
+ warnx("Unable to get our local address: %s",
+ krb_err_txt[kerno]);
dest_tkt();
return (1);
}
- memmove((char *)&faddr, (char *)hp->h_addr, sizeof(faddr));
-
+ faddr = local_addr.sin_addr.s_addr;
if ((kerno = krb_rd_req(&ticket, "rcmd", savehost, faddr,
&authdata, "")) != KSUCCESS) {
warnx("kerberos: unable to verify rcmd ticket: %s\n",
OpenPOWER on IntegriCloud