diff options
author | gibbs <gibbs@FreeBSD.org> | 1995-10-05 21:30:21 +0000 |
---|---|---|
committer | gibbs <gibbs@FreeBSD.org> | 1995-10-05 21:30:21 +0000 |
commit | 2734551417f3e16093c4cc8de51248dd743fa17b (patch) | |
tree | 9410ca0cafe506eca75c35934448a29ad19a6482 | |
parent | 73c29c06751229bf5749b8422047cf613fb47bbc (diff) | |
download | FreeBSD-src-2734551417f3e16093c4cc8de51248dd743fa17b.zip FreeBSD-src-2734551417f3e16093c4cc8de51248dd743fa17b.tar.gz |
Kerberos can now deal with multi-homed clients.
Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions. This ensures
that packets only leave the *authenticated* interface. Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos. krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.
Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
-rw-r--r-- | eBones/include/krb.h | 13 | ||||
-rw-r--r-- | eBones/lib/libkadm/kadm_cli_wrap.c | 25 | ||||
-rw-r--r-- | eBones/lib/libkrb/Makefile | 5 | ||||
-rw-r--r-- | eBones/lib/libkrb/krb.3 | 58 | ||||
-rw-r--r-- | eBones/lib/libkrb/krb_err.et | 14 | ||||
-rw-r--r-- | eBones/lib/libkrb/krb_err_txt.c | 12 | ||||
-rw-r--r-- | eBones/lib/libkrb/krb_sendauth.3 | 12 | ||||
-rw-r--r-- | eBones/lib/libkrb/send_to_kdc.c | 140 | ||||
-rw-r--r-- | eBones/lib/librkinit/rk_rpc.c | 17 | ||||
-rw-r--r-- | eBones/usr.sbin/kprop/kprop.c | 56 | ||||
-rw-r--r-- | libexec/rlogind/rlogind.c | 2 | ||||
-rw-r--r-- | usr.bin/rlogin/kcmd.c | 9 | ||||
-rw-r--r-- | usr.bin/rlogin/rlogin.c | 2 | ||||
-rw-r--r-- | usr.bin/rsh/rsh.c | 4 | ||||
-rw-r--r-- | usr.bin/su/su.c | 9 |
15 files changed, 313 insertions, 65 deletions
diff --git a/eBones/include/krb.h b/eBones/include/krb.h index 0b1ae09..d7b77f7 100644 --- a/eBones/include/krb.h +++ b/eBones/include/krb.h @@ -6,7 +6,7 @@ * Include file for the Kerberos library. * * from: krb.h,v 4.26 89/08/08 17:55:25 jtkohl Exp $ - * $Id: krb.h,v 1.7 1995/09/07 20:50:36 mark Exp $ + * $Id: krb.h,v 1.6 1995/09/13 17:23:47 markm Exp $ */ /* Only one time, please */ @@ -259,6 +259,15 @@ typedef struct msg_dat MSG_DAT; /* Error code returned by kparse_name */ #define KNAME_FMT 81 /* Bad Kerberos name format */ +/* Error codes returned by get_local_addr and bind_local_addr */ +#define GT_LADDR_NOSOCK 82 /* Can't open socket */ +#define GT_LADDR_IFLIST 83 /* + * Can't retrieve local interface + * configuration list + */ +#define GT_LADDR_NVI 84 /* No valid local interface found */ +#define BND_LADDR_BIND 85 /* Can't bind local address */ + /* Error code returned by krb_mk_safe */ #define SAFE_PRIV_ERROR -1 /* syscall error */ @@ -456,6 +465,8 @@ int read_service_key __P((char *service, char *instance, char *realm, int kvno, char *file, char *key)); int get_ad_tkt __P((char *service, char *sinstance, char *realm, int lifetime)); int send_to_kdc __P((KTEXT pkt, KTEXT rpkt, char *realm)); +int krb_bind_local_addr __P((int s)); +int krb_get_local_addr __P((struct sockaddr_in *returned_addr)); int krb_create_ticket __P((KTEXT tkt, unsigned char flags, char *pname, char *pinstance, char *prealm, long paddress, char *session, short life, long time_sec, char *sname, char *sinstance, C_Block key)); diff --git a/eBones/lib/libkadm/kadm_cli_wrap.c b/eBones/lib/libkadm/kadm_cli_wrap.c index e25439d..c3eb730 100644 --- a/eBones/lib/libkadm/kadm_cli_wrap.c +++ b/eBones/lib/libkadm/kadm_cli_wrap.c @@ -12,7 +12,7 @@ static char rcsid_kadm_cli_wrap_c[] = "from: Id: kadm_cli_wrap.c,v 4.6 89/12/30 20:09:45 qjb Exp"; static const char rcsid[] = - "$Id: kadm_cli_wrap.c,v 1.1 1995/07/18 16:40:23 mark Exp $"; + "$Id: kadm_cli_wrap.c,v 1.4 1995/09/07 21:38:47 markm Exp $"; #endif lint #endif @@ -422,10 +422,24 @@ int kadm_cli_conn() { /* this connects and sets my_addr */ int on = 1; + int kerror; if ((client_parm.admin_fd = socket(client_parm.admin_addr.sin_family, SOCK_STREAM,0)) < 0) return KADM_NO_SOCK; /* couldnt create the socket */ + client_parm.my_addr_len = sizeof(client_parm.my_addr); + if ((kerror = krb_get_local_addr(&client_parm.my_addr)) != KSUCCESS) { + (void) close(client_parm.admin_fd); + client_parm.admin_fd = -1; + return KADM_NO_HERE; + } + if (bind(client_parm.admin_fd, + (struct sockaddr *) & client_parm.admin_addr, + sizeof(client_parm.my_addr))) { + (void) close(client_parm.admin_fd); + client_parm.admin_fd = -1; + return KADM_NO_HERE; + } if (connect(client_parm.admin_fd, (struct sockaddr *) & client_parm.admin_addr, sizeof(client_parm.admin_addr))) { @@ -434,15 +448,6 @@ kadm_cli_conn() return KADM_NO_CONN; /* couldnt get the connect */ } opipe = signal(SIGPIPE, SIG_IGN); - client_parm.my_addr_len = sizeof(client_parm.my_addr); - if (getsockname(client_parm.admin_fd, - (struct sockaddr *) & client_parm.my_addr, - &client_parm.my_addr_len) < 0) { - (void) close(client_parm.admin_fd); - client_parm.admin_fd = -1; - (void) signal(SIGPIPE, opipe); - return KADM_NO_HERE; /* couldnt find out who we are */ - } if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0) { (void) close(client_parm.admin_fd); diff --git a/eBones/lib/libkrb/Makefile b/eBones/lib/libkrb/Makefile index eefe1a5..829fbea 100644 --- a/eBones/lib/libkrb/Makefile +++ b/eBones/lib/libkrb/Makefile @@ -1,5 +1,5 @@ # From: @(#)Makefile 5.1 (Berkeley) 6/25/90 -# $Id: Makefile,v 1.8 1995/09/13 17:23:55 markm Exp $ +# $Id: Makefile,v 1.9 1995/09/14 04:05:02 gibbs Exp $ LIB= krb CFLAGS+=-DKERBEROS -DCRYPT -DDEBUG -DBSD42 @@ -31,7 +31,8 @@ MAN3= krb.3 krb_realmofhost.3 krb_sendauth.3 krb_set_tkt_string.3 \ MLINKS= krb.3 krb_mk_req.3 krb.3 krb_rd_req.3 krb.3 krb_kntoln.3 \ krb.3 krb_set_key.3 krb.3 krb_get_cred.3 krb.3 krb_mk_priv.3 \ krb.3 krb_rd_priv.3 krb.3 krb_mk_safe.3 krb.3 krb_rd_safe.3 \ - krb.3 krb_mk_err.3 krb.3 krb_rd_err.3 krb.3 krb_ck_repl.3 + krb.3 krb_mk_err.3 krb.3 krb_rd_err.3 krb.3 krb_ck_repl.3 \ + krb.3 krb_get_local_addr.3 krb.3 krb_bind_local_addr.3 MLINKS+=krb_realmofhost.3 krb_get_phost.3 krb_realmofhost.3 krb_get_krbhst.3 \ krb_realmofhost.3 krb_get_admhst.3 krb_realmofhost.3 krb_get_lrealm.3 diff --git a/eBones/lib/libkrb/krb.3 b/eBones/lib/libkrb/krb.3 index 10e20e9..f2061cd 100644 --- a/eBones/lib/libkrb/krb.3 +++ b/eBones/lib/libkrb/krb.3 @@ -1,6 +1,6 @@ -.\" $Source: /usr/cvs/src/eBones/krb/krb.3,v $ -.\" $Author: mark $ -.\" $Header: /usr/cvs/src/eBones/krb/krb.3,v 1.2 1995/07/18 16:40:57 mark Exp $ +.\" $Source: /home/ncvs/src/eBones/lib/libkrb/krb.3,v $ +.\" $Author: markm $ +.\" $Header: /home/ncvs/src/eBones/lib/libkrb/krb.3,v 1.3 1995/09/13 17:23:55 markm Exp $ .\" Copyright 1989 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -8,9 +8,12 @@ .\" .TH KERBEROS 3 "Kerberos Version 4.0" "MIT Project Athena" .SH NAME -krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, krb_get_cred, -krb_mk_priv, krb_rd_priv, krb_mk_safe, krb_rd_safe, krb_mk_err, -krb_rd_err, krb_ck_repl \- Kerberos authentication library +Kerberos authentication library +.PP +krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, +krb_get_cred, krb_mk_priv, krb_rd_priv, krb_mk_safe, +krb_rd_safe, krb_mk_err, krb_rd_err, krb_ck_repl +krb_get_local_addr, krb_bind_local_addr .SH SYNOPSIS .nf .nj @@ -105,6 +108,14 @@ u_char *in; u_long length; long code; MSG_DAT *msg_data; +.PP +.ft B +int krb_get_local_addr(address) +struct sockaddr_in *address; +.PP +.ft B +int krb_bind_local_addr(socket) +int socket; .fi .ft R .SH DESCRIPTION @@ -114,6 +125,17 @@ in this man page, but they are not intended to be used directly. Instead, they are called by the routines that are described, the authentication server and the login program. .PP +The original MIT implementation of the krb library could fail when used on +multi-homed client machines. Two functions, +.I krb_get_local_addr +and +.I krb_bind_local_addr, +are provided to overcome this limitation. Any +application expected to function in a multi-homed environment (clients +with more than one network interface) that opens sockets to perform +authenticated or encrypted transactions must use one of these functions +to bind its sockets to the local address used and authenticated by Kerberos. +.PP .I krb_err_txt[] contains text string descriptions of various Kerberos error codes returned by some of the routines below. @@ -412,6 +434,30 @@ care of). The routine returns zero if the error message has been successfully received, or a Kerberos error code. .PP +.I krb_get_local_addr +retrieves the address of the local interface used for +all kerberos transactions and copies it to the sockaddr_in pointed to +by +.I address. +This information is usually used to bind additional sockets in client +programs to the kerberos authenticated local address so transactions +to kerberos services on remote machines succeed. This routine may be called +at any time and the address returned will not change during the lifetime of +the program. + +The routine returns zero on success or a Kerberos error code. +.PP +.I krb_bind_local_addr +binds +.I socket +to the address of the local interface used for all kerberos +transactions. The bind allows the system to assign a port for the socket, +so programs wishing to specify an explicit port should use +.I krb_get_local_addr +and perform the bind manually. + +The routine returns zero on success or a Kerberos error code. +.PP The .I KTEXT structure is used to pass around text of varying lengths. It consists diff --git a/eBones/lib/libkrb/krb_err.et b/eBones/lib/libkrb/krb_err.et index 7d2baef..6200280 100644 --- a/eBones/lib/libkrb/krb_err.et +++ b/eBones/lib/libkrb/krb_err.et @@ -3,7 +3,7 @@ # "Copyright.MIT". # # from: krb_err.et,v 4.1 89/09/26 09:24:20 jtkohl Exp $ -# $Id: krb_err.et,v 1.3 1995/07/18 16:39:00 mark Exp $ +# $Id: krb_err.et,v 1.3 1995/09/07 21:38:09 markm Exp $ # error_table krb @@ -253,5 +253,17 @@ ec KRBET_KNAME_FMT, "Bad Kerberos name format" + ec KRBET_GT_LADDR_NOSOCK, + "Can't open socket" + + ec KRBET_GT_LADDR_IFLIST, + "Can't retrieve local interface list" + + ec KRBET_GT_LADDR_NVI, + "No valid local interface found" + + ec KRBET_BND_LADDR_BIND, + "Can't bind local address" + end diff --git a/eBones/lib/libkrb/krb_err_txt.c b/eBones/lib/libkrb/krb_err_txt.c index 2c8c0ca..040727b 100644 --- a/eBones/lib/libkrb/krb_err_txt.c +++ b/eBones/lib/libkrb/krb_err_txt.c @@ -4,13 +4,13 @@ * <Copyright.MIT>. * * from: krb_err_txt.c,v 4.7 88/12/01 14:10:14 jtkohl Exp $ - * $Id: krb_err_txt.c,v 1.3 1995/07/18 16:39:02 mark Exp $ + * $Id: krb_err_txt.c,v 1.3 1995/09/07 21:38:10 markm Exp $ */ #if 0 #ifndef lint static char rcsid[] = -"$Id: krb_err_txt.c,v 1.3 1995/07/18 16:39:02 mark Exp $"; +"$Id: krb_err_txt.c,v 1.3 1995/09/07 21:38:10 markm Exp $"; #endif lint #endif @@ -103,10 +103,10 @@ char *krb_err_txt[256] = { "Bad ticket file format (tf_util)", /* 079 */ "Read ticket file before tf_init (tf_util)", /* 080 */ "Bad Kerberos name format (kname_parse)", /* 081 */ - "(reserved)", - "(reserved)", - "(reserved)", - "(reserved)", + "Can't open socket", /* 082 */ + "Can't retrieve local interface list", /* 083 */ + "No valid local interface found", /* 084 */ + "Can't bind local address", /* 085 */ "(reserved)", "(reserved)", "(reserved)", diff --git a/eBones/lib/libkrb/krb_sendauth.3 b/eBones/lib/libkrb/krb_sendauth.3 index 5608255..8f250a5 100644 --- a/eBones/lib/libkrb/krb_sendauth.3 +++ b/eBones/lib/libkrb/krb_sendauth.3 @@ -1,5 +1,5 @@ .\" from: krb_sendauth.3,v 4.1 89/01/23 11:10:58 jtkohl Exp $ -.\" $Id: krb_sendauth.3,v 1.3 1995/07/18 16:41:03 mark Exp $ +.\" $Id: krb_sendauth.3,v 1.3 1995/09/13 17:23:57 markm Exp $ .\" Copyright 1988 by the Massachusetts Institute of Technology. .\" .\" For copying and distribution information, @@ -82,6 +82,13 @@ The function receives the ticket from the client by reading from a network socket. +To ensure proper behavior on multi-homed systems (machines with more +than one network interface) all sockets used with these routines should +be bound to the same address as that used by the Kerberos library via +.I krb_get_local_addr +or +.I krb_bind_local_addr. + .SH KRB_SENDAUTH .PP This function writes the ticket to @@ -338,7 +345,8 @@ will not work properly on sockets set to non-blocking I/O mode. .SH SEE ALSO -krb_mk_req(3), krb_rd_req(3), krb_get_phost(3) +krb_mk_req(3), krb_rd_req(3), krb_get_phost(3), krb_get_local_addr(3), +krb_bind_local_addr(3) .SH AUTHOR John T. Kohl, MIT Project Athena diff --git a/eBones/lib/libkrb/send_to_kdc.c b/eBones/lib/libkrb/send_to_kdc.c index 521ba9a..c9f4355 100644 --- a/eBones/lib/libkrb/send_to_kdc.c +++ b/eBones/lib/libkrb/send_to_kdc.c @@ -4,7 +4,7 @@ * <Copyright.MIT>. * * from: send_to_kdc.c,v 4.20 90/01/02 13:40:37 jtkohl Exp $ - * $Id: send_to_kdc.c,v 1.8 1995/09/14 20:58:35 gibbs Exp $ + * $Id: send_to_kdc.c,v 1.9 1995/09/16 23:11:25 gibbs Exp $ */ #if 0 @@ -22,11 +22,15 @@ static char rcsid_send_to_kdc_c[] = #include <stdio.h> #include <errno.h> #include <sys/time.h> +#include <sys/param.h> #include <sys/types.h> #ifdef lint #include <sys/uio.h> /* struct iovec to make lint happy */ #endif /* lint */ +#include <sys/sysctl.h> #include <sys/socket.h> +#include <net/if.h> +#include <net/route.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netdb.h> @@ -34,6 +38,11 @@ static char rcsid_send_to_kdc_c[] = #define S_AD_SZ sizeof(struct sockaddr_in) +/* Used for extracting addresses from routing messages */ +#define ROUNDUP(a) \ + ((a) > 0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long)) +#define ADVANCE(x, n) (x += ROUNDUP((n)->sin_len)) + extern int errno; extern int krb_debug; @@ -41,6 +50,10 @@ extern char *malloc(), *calloc(), *realloc(); int krb_udp_port = 0; +static struct sockaddr_in local_addr = { S_AD_SZ, + AF_INET + }; + /* CLIENT_KRB_TIMEOUT indicates the time to wait before * retrying a server. It's defined in "krb.h". */ @@ -222,6 +235,11 @@ send_to_kdc(pkt,rpkt,realm) bcopy(host->h_addr, (char *)&to.sin_addr, host->h_length); to.sin_port = krb_udp_port; + if ((retval = krb_bind_local_addr(f)) != KSUCCESS) { + fprintf(stderr, "krb_bind_local_addr: %s", krb_err_txt[retval]); + retval = SKDC_CANT; + goto rtn; + } if (send_recv(pkt, rpkt, f, &to, hostlist)) { retval = KSUCCESS; goto rtn; @@ -389,3 +407,123 @@ send_recv(pkt,rpkt,f,_to,addrs) "send_to_kdc(send_rcv)", inet_ntoa(from.sin_addr)); return 0; } + + +static int +setfixedaddr(s) + int s; +{ + struct ifa_msghdr *ifa, *ifa0, *ifa_end; + struct sockaddr_in *cur_addr; + int tries; + int i; + u_long loopback; + int mib[6] = { CTL_NET, PF_ROUTE, 0, AF_INET, NET_RT_IFLIST, 0 }; + size_t len; + + /* Get information about our interfaces */ +#define NUMTRIES 10 + tries = 0; + +retry: + len = 0; + if (sysctl(mib, 6, NULL, &len, NULL, 0) < 0) { + perror("setfixedaddr: Can't get size of interface table: sysctl"); + return GT_LADDR_IFLIST; + } + ifa = (struct ifa_msghdr *)malloc(len); + if (!ifa) { + fprintf(stderr, "setfixedaddr: Cannot malloc\n"); + return (KFAILURE); + } + if (sysctl(mib, 6, ifa, &len, NULL, 0) < 0) { + free(ifa); + if (errno == ENOMEM && tries < NUMTRIES) { + /* Table grew between calls */ + tries++; + goto retry; + } + else { + perror("setfixedaddr: Can't get interface table: sysctl"); + return GT_LADDR_IFLIST; + } + } + loopback = inet_addr("127.0.0.1"); + + ifa0 = ifa; + for(ifa_end = (struct ifa_msghdr *)((caddr_t)ifa + len); + ifa < ifa_end; + (caddr_t)ifa += ifa->ifam_msglen) { + /* Ignore interface name messages and ensure we have an address */ + if (ifa->ifam_type == RTM_IFINFO || !(ifa->ifam_addrs & RTAX_IFA)) + continue; + cur_addr = (struct sockaddr_in *)(ifa + 1); + for (i = 0; i < RTAX_IFA; i++) { + if (ifa->ifam_addrs & (1 << i)) + ADVANCE((caddr_t)cur_addr, cur_addr); + } + if (cur_addr->sin_addr.s_addr != loopback) { + local_addr.sin_addr.s_addr = cur_addr->sin_addr.s_addr; + break; + } + } + free(ifa0); + if (ifa >= ifa_end) { + return GT_LADDR_NVI; + } + if (krb_debug) { + fprintf(stderr, "setfixedaddr: using local address %s\n", + inet_ntoa(local_addr.sin_addr)); + } + return (KSUCCESS); +} + +int +krb_bind_local_addr(s) + int s; +{ + int retval; + if (local_addr.sin_addr.s_addr == INADDR_ANY) { + /* + * We haven't determined the local interface to use + * for kerberos server interactions. Do so now. + */ + if ((retval = setfixedaddr(s)) != KSUCCESS) + return (retval); + } + if (bind(s, (struct sockaddr *)&local_addr, sizeof(local_addr)) < 0) { + perror("krb_bind_local_addr: bind"); + return BND_LADDR_BIND; + } + if (krb_debug) + printf("local_addr = %s\n", inet_ntoa(local_addr.sin_addr)); + return(KSUCCESS); +} + +int +krb_get_local_addr(returned_addr) + struct sockaddr_in *returned_addr; +{ + int retval; + if (local_addr.sin_addr.s_addr == INADDR_ANY) { + /* + * We haven't determined the local interface to use + * for kerberos server interactions. Do so now. + */ + int s; + if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { + return GT_LADDR_NOSOCK; + } + if ((retval = setfixedaddr(s)) != KSUCCESS) { + close(s); + return (retval); + } + close(s); + } + if (!returned_addr) + return(KFAILURE); + *returned_addr = local_addr; + if (krb_debug) + printf("local_addr = %s\n", inet_ntoa(local_addr.sin_addr)); + return (KSUCCESS); +} diff --git a/eBones/lib/librkinit/rk_rpc.c b/eBones/lib/librkinit/rk_rpc.c index dd61327..d931899 100644 --- a/eBones/lib/librkinit/rk_rpc.c +++ b/eBones/lib/librkinit/rk_rpc.c @@ -1,7 +1,7 @@ /* - * $Id: rk_rpc.c,v 1.1 1993/12/10 19:36:09 dglo Exp gibbs $ - * $Source: /usr/src/eBones/librkinit/RCS/rk_rpc.c,v $ - * $Author: dglo $ + * $Id: rk_rpc.c,v 1.1.1.1 1995/09/15 06:09:30 gibbs Exp $ + * $Source: /home/ncvs/src/eBones/lib/librkinit/rk_rpc.c,v $ + * $Author: gibbs $ * * This file contains functions that are used for network communication. * See the comment at the top of rk_lib.c for a description of the naming @@ -9,7 +9,7 @@ */ #if !defined(lint) && !defined(SABER) && !defined(LOCORE) && defined(RCS_HDRS) -static char *rcsid = "$Id: rk_rpc.c,v 1.1 1993/12/10 19:36:09 dglo Exp gibbs $"; +static char *rcsid = "$Id: rk_rpc.c,v 1.1.1.1 1995/09/15 06:09:30 gibbs Exp $"; #endif /* lint || SABER || LOCORE || RCS_HDRS */ #include <stdio.h> @@ -187,7 +187,7 @@ int rki_setup_rpc(host) { struct hostent *hp; struct servent *sp; - int port; + int port, retval; SBCLEAR(saddr); SBCLEAR(hp); @@ -214,7 +214,12 @@ int rki_setup_rpc(host) rkinit_errmsg(errbuf); return(RKINIT_SOCKET); } - + if ((retval = krb_bind_local_addr(sock)) != KSUCCESS) { + sprintf(errbuf, "krb_bind_local_addr: %s", krb_err_txt[retval]); + rkinit_errmsg(errbuf); + close(sock); + return(RKINIT_SOCKET); + } if (connect(sock, (struct sockaddr *)&saddr, sizeof (saddr)) < 0) { sprintf(errbuf, "connect: %s", sys_errlist[errno]); rkinit_errmsg(errbuf); diff --git a/eBones/usr.sbin/kprop/kprop.c b/eBones/usr.sbin/kprop/kprop.c index 23bb893..4307330 100644 --- a/eBones/usr.sbin/kprop/kprop.c +++ b/eBones/usr.sbin/kprop/kprop.c @@ -5,14 +5,33 @@ * For copying and distribution information, * please see the file <mit-copyright.h>. * - * $Revision: 1.1.1.1 $ - * $Date: 1995/08/03 07:36:18 $ + * $Revision: 1.3 $ + * $Date: 1995/09/07 21:37:34 $ * $State: Exp $ - * $Source: /usr/cvs/src/eBones/kprop/kprop.c,v $ - * $Author: mark $ + * $Source: /home/ncvs/src/eBones/usr.sbin/kprop/kprop.c,v $ + * $Author: markm $ * $Locker: $ * * $Log: kprop.c,v $ + * Revision 1.3 1995/09/07 21:37:34 markm + * Major cleanup of eBones code: + * + * - Get all functions prototyped or at least defined before use. + * - Make code compile (Mostly) clean with -Wall set + * - Start to reduce the degree to which DES aka libdes is built in. + * - get all functions to the same uniform standard of definition: + * int + * foo(a, b) + * int a; + * int *b; + * { + * : + * } + * - fix numerous bugs exposed by above processes. + * + * Note - this replaces the previous work which used an unpopular function + * definition style. + * * Revision 1.1.1.1 1995/08/03 07:36:18 mark * Import an updated revision of the MIT kprop program for distributing * kerberos databases to slave servers. @@ -73,7 +92,7 @@ #if 0 #ifndef lint static char rcsid_kprop_c[] = -"$Id: kprop.c,v 1.1.1.1 1995/08/03 07:36:18 mark Exp $"; +"$Id: kprop.c,v 1.3 1995/09/07 21:37:34 markm Exp $"; #endif lint #endif @@ -333,26 +352,25 @@ prop_to_slaves(sl, fd, fslv) } bcopy(&cs->net_addr, &sin.sin_addr, sizeof cs->net_addr); - - if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) { - fprintf(stderr, "%s: ", cs->name); - perror("connect"); - close(s); - continue; /*** NEXT SLAVE ***/ - } - /* for krb_mk_{priv, safe} */ bzero (&my_sin, sizeof my_sin); n = sizeof my_sin; - if (getsockname (s, (struct sockaddr *) &my_sin, &n) != 0) { - fprintf (stderr, "kprop: can't get socketname."); - perror ("getsockname"); + if ((kerror = krb_get_local_addr (&my_sin)) != KSUCCESS) { + fprintf (stderr, "kprop: can't get local address: %s\n", + krb_err_txt[kerror]); close (s); continue; /*** NEXT SLAVE ***/ } - if (n != sizeof (my_sin)) { - fprintf (stderr, "kprop: can't get socketname. len"); - close (s); + if (bind(s, (struct sockaddr *) &my_sin, sizeof my_sin) < 0) { + fprintf(stderr, "Unable to bind local address: "); + perror("bind"); + close(s); + continue; + } + if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) { + fprintf(stderr, "%s: ", cs->name); + perror("connect"); + close(s); continue; /*** NEXT SLAVE ***/ } diff --git a/libexec/rlogind/rlogind.c b/libexec/rlogind/rlogind.c index 4ff0af7..37a974d 100644 --- a/libexec/rlogind/rlogind.c +++ b/libexec/rlogind/rlogind.c @@ -681,7 +681,7 @@ do_krb_login(dest) ticket, "rcmd", instance, dest, &faddr, kdata, "", schedule, version); - des_set_key(kdata->session, schedule); + des_set_key(&kdata->session, schedule); } else #endif diff --git a/usr.bin/rlogin/kcmd.c b/usr.bin/rlogin/kcmd.c index 3f6a138..14c0367 100644 --- a/usr.bin/rlogin/kcmd.c +++ b/usr.bin/rlogin/kcmd.c @@ -278,11 +278,14 @@ getport(alport) int *alport; { struct sockaddr_in sin; - int s; + int s, retval; - sin.sin_family = AF_INET; - sin.sin_addr.s_addr = INADDR_ANY; s = socket(AF_INET, SOCK_STREAM, 0); + if ((retval = krb_get_local_addr(&sin)) != KSUCCESS) { + fprintf(stderr, "krb_get_local_addr: %s\n",krb_err_txt[retval]); + close(s); + return (-1); + } if (s < 0) return (-1); for (;;) { diff --git a/usr.bin/rlogin/rlogin.c b/usr.bin/rlogin/rlogin.c index 9de1daf..320844f 100644 --- a/usr.bin/rlogin/rlogin.c +++ b/usr.bin/rlogin/rlogin.c @@ -301,7 +301,7 @@ try_connect: if (doencrypt) { rem = krcmd_mutual(&host, sp->s_port, user, term, 0, dest_realm, &cred, schedule); - des_set_key(cred.session, schedule); + des_set_key(&cred.session, schedule); } else #endif /* CRYPT */ rem = krcmd(&host, sp->s_port, user, term, 0, diff --git a/usr.bin/rsh/rsh.c b/usr.bin/rsh/rsh.c index e2297d5..6b6c396 100644 --- a/usr.bin/rsh/rsh.c +++ b/usr.bin/rsh/rsh.c @@ -40,7 +40,7 @@ static char copyright[] = #ifndef lint static char sccsid[] = "From: @(#)rsh.c 8.3 (Berkeley) 4/6/94"; static char rcsid[] = - "$Id: rsh.c,v 1.3 1995/01/14 20:36:22 wollman Exp $"; + "$Id: rsh.c,v 1.4 1995/05/30 06:33:24 rgrimes Exp $"; #endif /* not lint */ #include <sys/types.h> @@ -233,7 +233,7 @@ try_connect: if (doencrypt) { rem = krcmd_mutual(&host, sp->s_port, user, args, &rfd2, dest_realm, &cred, schedule); - des_set_key(cred.session, schedule); + des_set_key(&cred.session, schedule); } else #endif rem = krcmd(&host, sp->s_port, user, args, &rfd2, diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c index e8afb37..521d88a 100644 --- a/usr.bin/su/su.c +++ b/usr.bin/su/su.c @@ -340,6 +340,7 @@ kerberos(username, user, uid) char *p; int kerno; u_long faddr; + struct sockaddr_in local_addr; char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN]; char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN]; char *krb_get_phost(); @@ -423,13 +424,13 @@ kerberos(username, user, uid) dest_tkt(); return (1); } else { - if (!(hp = gethostbyname(hostname))) { - warnx("can't get addr of %s", hostname); + if ((kerno = krb_get_local_addr(&local_addr)) != KSUCCESS) { + warnx("Unable to get our local address: %s", + krb_err_txt[kerno]); dest_tkt(); return (1); } - memmove((char *)&faddr, (char *)hp->h_addr, sizeof(faddr)); - + faddr = local_addr.sin_addr.s_addr; if ((kerno = krb_rd_req(&ticket, "rcmd", savehost, faddr, &authdata, "")) != KSUCCESS) { warnx("kerberos: unable to verify rcmd ticket: %s\n", |