diff options
author | markm <markm@FreeBSD.org> | 1997-09-04 06:04:33 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 1997-09-04 06:04:33 +0000 |
commit | a8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8 (patch) | |
tree | 0b84977f19022a965f8c6145f067f951173f6290 | |
download | FreeBSD-src-a8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8.zip FreeBSD-src-a8a89cfaf983bc64f4b42f7c35209a5a36dd0fe8.tar.gz |
Initial import of KTH eBones. This has been cleaned up to only include
the "core" Kerberos functionality. The rest of the userland will get their
own changes later.
368 files changed, 82832 insertions, 0 deletions
diff --git a/crypto/kerberosIV/COPYRIGHT b/crypto/kerberosIV/COPYRIGHT new file mode 100644 index 0000000..1ec6394 --- /dev/null +++ b/crypto/kerberosIV/COPYRIGHT @@ -0,0 +1,166 @@ +Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan +(Royal Institute of Technology, Stockholm, Sweden). +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by the Kungliga Tekniska + Högskolan and its contributors. + +4. Neither the name of the Institute nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + + +Copyright (C) 1995 Eric Young (eay@mincom.oz.au) +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by Eric Young (eay@mincom.oz.au) + +THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + + +Copyright (c) 1983, 1990 The Regents of the University of California. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by the University of + California, Berkeley and its contributors. + +4. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + + + +Copyright (C) 1990 by the Massachusetts Institute of Technology + +Export of this software from the United States of America is assumed +to require a specific license from the United States Government. +It is the responsibility of any person or organization contemplating +export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + + +Copyright 1987, 1989 by the Student Information Processing Board + of the Massachusetts Institute of Technology + +Permission to use, copy, modify, and distribute this software +and its documentation for any purpose and without fee is +hereby granted, provided that the above copyright notice +appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, +and that the names of M.I.T. and the M.I.T. S.I.P.B. not be +used in advertising or publicity pertaining to distribution +of the software without specific, written prior permission. +M.I.T. and the M.I.T. S.I.P.B. make no representations about +the suitability of this software for any purpose. It is +provided "as is" without express or implied warranty. + + + +Copyright 1992 Simmule Turner and Rich Salz. All rights reserved. + +This software is not subject to any license of the American Telephone +and Telegraph Company or of the Regents of the University of California. + +Permission is granted to anyone to use this software for any purpose on +any computer system, and to alter it and redistribute it freely, subject +to the following restrictions: + +1. The authors are not responsible for the consequences of use of this + software, no matter how awful, even if they arise from flaws in it. + +2. The origin of this software must not be misrepresented, either by + explicit claim or by omission. Since few users ever read sources, + credits must appear in the documentation. + +3. Altered versions must be plainly marked as such, and must not be + misrepresented as being the original software. Since few users + ever read sources, credits must appear in the documentation. + +4. This notice may not be removed or altered. + diff --git a/crypto/kerberosIV/ChangeLog b/crypto/kerberosIV/ChangeLog new file mode 100644 index 0000000..1467488 --- /dev/null +++ b/crypto/kerberosIV/ChangeLog @@ -0,0 +1,3761 @@ +Tue Jun 3 1997 + + * Release 0.9.6 + + * appl/kx/rxtelnet.in, appl/kx/rxterm.in: new argument '-w + term_emulator' for specifiying which terminal emulator to use. + Based on a patch from <arve@nada.kth.se>. + +Mon Jun 2 1997 + + * appl/xnlock/Makefile.in, appl/kx/Makefile.in, + lib/auth/Makefile.in: fix the Makefile to do the for loops the + automake way. + +Sun Jun 1 1997 + + * appl/xnlock/Makefile.in, appl/kx/Makefile.in: do install + correctly even if there are no programs to install + + * configure.in: Check for `h_nerr'. + + * lib/auth/pam/pam.c: Include <security/pam_appl.h> to make it + compile on Solaris 2.6 + + lib/sl/sl.c, lib/krb/realm_parse.c, appl/ftp/ftpd/popen.c, + appl/ftp/ftpd/ftpd.c, appl/bsd/login_fbtab.c, + appl/bsd/login_access.c: Initialize the `lasts' to NULL before + calling strtok_r the first time. With our strtok_r it's not + necessary, but the man-page on SGIs says it should be done. + +Fri May 30 1997 + + * lib/krb/mk_req.c (krb_mk_req, get_ad_tkt): Support for + multi-realm ticket files by using the best matching TGT to define + the realm of the ticket holder. + + + * appl/bsd/utmpx_login.c (utmpx_update): Set `ut_id' if we're + using utmpx + + * appl/telnet/telnetd/sys_term.c (start_login): Set `ut_id' if + we're using utmpx + +Wed May 28 1997 + + * lib/roken/daemon.c: New file. + + * include/protos.H: <sys/types.h> needed on solaris 2.4 + +Mon May 26 1997 + + * appl/bsd/su.c (kerberos): If kerberos password is zero length + immediately try next scheme. + + + * lib/kafs/afskrb.c (k_afsklog_uid): Token lifetime should be even + if we don't know the proper ViceId. + + + * Release 0.9.5 + + * man/Makefile.in: Install preformatted manual pages with correct + suffix on *BSD. + +Sun May 25 1997 + + * appl/kpopper/popper.h: Remove XTND, and XTND XMIT. Rename XTND + XOVER to XOVER. + + + * appl/telnet/telnetd/sys_term.c: Only include <utmp.h> and + <utmpx.h> once + + * fix-export: Also create cat manpages. + + * appl/ftp/ftpd/logwtmp.c: Check for `_PATH_WTMP' + + * appl/telnet/telnetd/sys_term.c: Ditto. + Remove stupid macros. + + * appl/ftp/ftp/cmds.c (setpeer): Check for `__unix'. This is + (apparently) a standard with many representations. + + * appl/ftp/ftpd/ftpcmd.y (SYST): Ditto. + + * appl/ftp/ftpd/ftpd.c (retrieve): file must exist to apply a + command to it. + + * appl/ftp/ftpd/ftpd.c (retrieve): Generalise list of commands and + basename argument. + + * appl/ftp/ftpd/popen.c (ftpd_popen): Try standard binary if the + one in ~ftp fails. + + * appl/telnet/telnetd/sys_term.c: Use `_getpty' if there's one + + * appl/bsd/forkpty.c: Use `_getpty' if there's one + + * configure.in: check for `_getpty' + + * acconfig.h: correct test for IRIX + + * lib/roken/snprintf.c: code for checking the correct functioning + of *nprintf is now #ifdef PARANOIA + + * appl/bsd/rlogind.c: fix logging in wtmp and parsing of winsize + + * appl/bsd/rlogin.c: New option `-p'. + + * lib/des/fcrypt.c: removed `inline' from `des_set_key' + +Thu May 22 1997 + + * lib/des/md5.c (MD5Final): Made signature compliant with FreeBSD. + + * lib/des/md5.h: Remove digest from MD5_CTX, it is now an argument + to MD5Final instead. + + * lib/des/fcrypt.c: Also support MD5 style crypt(2). + +Tue May 20 1997 + + * appl/telnet/telnetd/sys_term.c: utmp stuff now seems to be + compatible with login + + * appl/ftp/ftpd/logwtmp.c: Add support for logging to wtmpx + + + * (*/)*/Makefile.in:s (install): Avoid redundant multiple + recursion in install targets. + + * Made things compile with socks5-v1.0r1. + + + * appl/telnet/telnetd/sys_term.c: changed utmp-stuff not to use + ut_id at all + + * appl/bsd/utmpx_login.c: handle case where there's no wtmpx (such + as HP-UX 10) + + * appl/bsd/rlogind.c: Added support for utmpx + +Sun May 18 1997 + + * lib/roken: removed herror, strchr, and strrchr + + * lib/krb/dest_tkt.c(dest_tkt): Only use `lstat' iff HAVE_LSTAT + + * lib/krb: snprintf, strdup, strtok_r, and strcasecmp always live + in lib/roken and get linked here when needed. + + * lib/roken: removed strchr, strrchr. + + * appl/telnet/telnet/telnet.c: Always use our own `setupterm' for + compatibility reasons. + + * appl/telnet/telnetd/telnetd.c: Removed <curses.h> and <term.h>. + They doesn't seem to be used and breaks on fujitsu. + + * appl/kx/kx.c: try to give a better error message (than a core + dump :-) when talking to an old kxd. + + * appl/kx/kxd.c, appl/kip/kipd.c, appl/kauth/kauthd.c: corrected + fencepost error with KRB_SENDAUTH_VLEN. + + * appl/ftp/common/buffer.c: new file. + + * configure.in: cray hides their bitypes in <bind/bitypes.h>. + Also check for this file. + + * appl/telnet/telnet/telnet_locl.h: moved termios.h before + curses.h. This was needed to compile on cray, but will probably + break on some other host. + +Thu May 15 1997 + + * server/kerberos.c: Implement changes to the tcp protocol, while + being compatible with the old protocol. + + * lib/krb/send_to_kdc.c: The old method to signal end of + transmission by closing the sending side of the socket does not + work well through some firewalls. This is now changed so that the + client instead sends the length of the request as a four byte + integer (in network byte order) before sending the data. + +Wed May 14 1997 + + * appl/telnet/telnetd/sys_term.c: HAVE_UTMPX -> HAVE_UTMPX_H. Fix + for OSF1. + + * appl/bsd/utmp_login.c: UTMPX_DOES_UTMP_LOGGING -> HAVE_UTMPX_H + + * appl/bsd/sysv_environ.c: Use k_concat rather than snprintf. + +Tue May 13 1997 + + * kuser/klist.c: updated usage string + + * lib/otp/otp_print.c: make word table and reverse word table + constant + +Sun May 11 1997 + + * */*: Added some __attribute__ ((format (printf))) and fixes + where needed. + + * appl/ftp/common/sockbuf.c: start probing at 4Mb + + * appl/ftp/ftpd/ftpd.c: use MAP_FAILED + + * appl/ftp/ftp/ftp.c: Use MAP_FAILED. + (alloc_buffer): new function for allocating a buffer of size + max(BUFSIZ, st.st_blksize) (Based on a patch from + <haba@pdc.kth.se>) + + * appl/ftpd/ftpdcmd.y: hack for reget. + + * appl/kx/kxd.c: Give a error message to old-version kx. + + * replaced vsprintf with vsnprintf. + + * lib/roken/vsyslog.c: not used. removed. + + * Changed <sys/bitypes.h> -> <ktypes.h> + + * include/Makefile.in: Added ktypes.h + + * include/sys/Makefile.in: removed bitypes.h + +Wed May 7 1997 + + * appl/ftp/ftp/ftp.c: Open files in binary mode. + + * appl/ftp/ftpd/ftpd.c (checkaccess): Changed to make absent file + mean `allow'. Added shell matching to names (if fnmatch is + available). + + + * appl/ftp/ftpd/kauth.c (kauth): Use `DEFAULT_TKT_LIFE' + + * appl/ftp/ftpd/ftpcmd.y, appl/ftp/ftpd/ftpd.c: always cast to + (long) before printing out an `off_t' + + * lib/kdb/print_princ.c (krb_print_principal), + lib/kdb/krb_lib.c (kerb_put_principal), + admin/kdb_edit.c (change_principal), + admin/kdb_util.c (print_time) : gmtime should never return + tm_year > 1900 + + * appl/ftp/ftpd/ftpcmd.y: Year 2000 fix + + * appl/telnet/telnetd/telnetd.c: removed code that used `getent' + + * lib/roken/getent.c: removed + +Mon May 5 1997 + + * appl/ftp/ftpd/ftpd.c: fix for mmap and restart_point + + * kadmin/ksrvutil_get.c (ksrvutil_get): get correct default realm + +Sun May 4 1997 + + * configure.in (REAL_PICFLAGS): Use `-fPIC' instead of `-fpic', + otherwise it's not possible to make libotp on hpux. + + * configure.in: try sending picflags even when linking a shared + library with $CC + + * lib/roken/getent.c: remove getstr + + * configure.in: removed unneeded REAL_-variables working shared + libraries on *bsd* + + * appl/kip/kip.h: Added <net/if_var.h> + + * */Makefile.in: Use @LDSHARED@ + + * configure.in: Fix shared libraries on HP/UX. + check for curses.h + check for `getstr' and `cgetstr' in curses + + * appl/telnet/telnet: clean-up + + * lib/kafs/afssys.c: ifdef-out the code that is not used to avoid + referencing `syscall' on AIX. + + * lib/krb/et_list.c: s/WEAK_PRAGMA/PRAGMA_WEAK/ + + * aclocal.m4 (AC_HAVE_PRAGMA_WEAK): redirect output + + * lib/roken/snprintf.c: fix for the case of max_sz == 0 + + * doc/kth-krb.texi: Add @dircategory and @direntry to enable + `install-info' to install this entry in `dir'. + + * appl/telnet/telnetd/Makefile.in: Don't link with getstr + + + * lib/auth/sia/krb4_matrix.conf: Fix entries for ses_release and + chk_user. + +Sat May 3 1997 + + * lib/auth/sia/sia.c: Some cleanup. + +Fri May 2 1997 + + * configure.in: only link the programs that need it with the + db/dbm library + + + * lib/auth/sia/sia.c: Merge code for for normal and su + authentication. + + + * Replaced sprintf with snprintf and asprintf all over the place. + + * lib/roken/snprintf.c: Added asnprintf and vasnprintf + + * lib/roken/snprintf.c: implemented asprintf, vasprintf + + * lib/roken/snprintf.c: new file + +Thu May 1 1997 + + * lib/kafs/afskrb.c (k_afsklog_all_local_cells): Use `k_concat' + +Wed Apr 30 1997 + + * lib/krb/{get_host,get_krbrlm,getrealm,realm_parse}.c: Fix some + potential buffer overruns. + + * lib/krb/k_concat.c: Safely concatenate two strings. + +Sat Apr 26 1997 + + * appl/telnet/libtelnet/kerberos.c: removed stupid #if 0 + + * appl/bsd/rlogind.c (send_oob): different default for `last_oob' + to avoid losing first OOB packet + +Fri Apr 25 1997 + + * appl/voodoo/AuthOption.cpp: provoke the telnetd in turning on + encryption + +Wed Apr 23 1997 + + * lib/kafs/afskrb.c (realm_of_cell): don't overflow buffer with + result from `gethostbyaddr' + + * lib/krb/name2name.c (krb_name_to_name): new parameter + `phost_size' to disable buffer overflowing. Changed all callers. + + * lib/krb/k_getsockinst.c: New parameter `inst_size' to disable + buffer overflowing. Changed all callers. + + * appl/kpopper/Makefile.in: soriasis make stupidity + + * appl/kx/Makefile.in: don't include encdata.c in SOURCES_COMMON, + otherwise DEC make gets upset. + +Tue Apr 22 1997 + + * lib/krb/k_getsockinst.c: Use same name as in krb_get_phost. + + + * acconfig.h: hp-ux 10 also has `pututxline' that writes both to + utmp and utmpx. + +Sun Apr 20 1997 + + * include/win32/config.h: adapted to win95/NT + + * appl/voodoo: Merged in win32-telnet from <d93-jka@nada.kth.se> + + * lib/krb/tkt_string.c: dummy `getuid' function. + + * lib/krb/ticket_memory.c (tf_setup): implement + + * lib/roken/roken.mak, roken.def: new files + + * lib/des/des.def: Removed des_random_{seed,key} + + * lib/krb/dllmain.c: Rewrote `msg'. + Better explanation when it fails to spawn `krbmanager'. + + * lib/krb/tf_util.c: backwards `in_tkt' added. + + * lib/krb/in_tkt.c: removed + + * lib/kclient/KClient: Reformatted and fixed. + +Sat Apr 19 1997 + + * appl/ftp/ftpd/ftpd.c: Incorporate /etc/ftpusers changes from + NetBSD. + + * appl/ftp/ftpd/ftpd.c: Handle oob-stuff better. + +Fri Apr 18 1997 + + * appl/kpopper/pop_{dropinfo,send,updt}.c: Fix 'From ' line + parsing bug. + + * appl/kpopper/pop_dropinfo.c: Add support for xover. + + * appl/kpopper/pop_xover.c: Add some kind of xover support. + + * appl/kpopper/pop_debug.c: New tiny popper debugging program. + +Tue Apr 15 1997 + + * lib/krb/kdc_reply.c (kdc_reply_cred): fix sanity checks. + + * appl/bsd/rshd.c: k_afsklog so that remote command gets a token. + fix usage string. + +Sat Apr 12 1997 + + * appl/bsd/rcp.c (main): Rcp implements encrypted file transfer + without using the kshell service. + + + * lib/krb/mk_safe.c: Emit new checksum. + + * lib/krb/rd_safe.c: New code to handle both new and old + checksums. + + * lib/des/qud_cksm.c: Fix compatibility with mit deslib. + +Fri Apr 11 1997 + + * lib/sl/sl.c (sl_match): initialize `partial_cmd' + +Sun Apr 6 1997 + + * lib/kafs/kafs.h: Ugly addition of `_P' + + * lib/kafs/afssys.c: <sys/socket.h> contains the definition of + `_IOW' on cygwin32. + + * appl/telnet/telnet/utilities.c: <sys/socket.h> needed by + cygwin32 + + * doc/Makefile.in: always run $(MAKEINFO). + + * lib/otp/otp_md.c (sha_finito_little_endian): byte-swap + correctly. + + * include/sys/bitypes.H: Added #ifndef for types + + * configure.in: test for types + + * aclocal.m4: Stolen AC_GROK_TYPES? from heimdal + + + * appl/ftp/ftp/ftp.c: Fix passive mode. + +Sat Apr 5 1997 + + * appl/kauth/ksrvtgt.in: New ksrvtgt script. + +Fri Apr 4 1997 + + * lib/krb/kdc_reply.c: Add some range checking. + + + * lib/otp/otptest.c: Updated tests from `draft-ietf-otp-01.txt'. + Passes verification examples from appendix C. + + * admin/kdb_util.c: All usage strings are now consistent (and even + with the code)! + +Thu Apr 3 1997 + + * lib/kafs/afssys.c (k_pioctl): Separate syscall functionality and + kerberos convenience routines into afssys.c and afskrb.c. This to + make it possible to use k_pioctl() without linking in all + libraries in the world. + +Tue Apr 1 1997 + + * appl/telnet/telnet/commands.c: Rename suspend to telnetsuspend, + since Unicos has one of its own. + +Sun Mar 30 1997 + + * appl/bsd/{rsh,rlogin}.c: Don't look at argv[0]. + + + * man/tenletxr.1: new file + + * appl/kx/rxtelnet.in, appl/kx/rxterm.in, appl/kx/tenletxr.in: + Support `-k' + + * appl/kx/tenletxr.in: new script for running kx in backwards + mode. + + * appl/kx: New version of protocol. + + * appl/kauth: Use err & c:o + + * appl/kauth/encdata.c (read_encrypted): Give better return code + for EOF + + + * appl/ftp/ftp/krb4.c: Use stdout rather than stderr. Add newlines + to many strings. + + * kuser/kdestroy.c: Use set_progname, make -q equal to -f, remove + bell. + + * lib/roken/warnerr.c: New function set_progname. + * aclocal.m4: Invert test of AC_NEED_DECLARATION and rename it to + AC_CHECK_DECLARATION. Add new function AC_CHECK_VAR, that looks + for a variable, including a declaration. + + * lib/roken/roken.h: Add optional declaration for __progname. + + * lib/roken/*{err,warn}.c: Restructure err and warn functions. + +Sat Mar 29 1997 + + * appl/telnet/telnet/sys_bsd.c: Maybe-fix for HP-UX 10: Ifdef + SO_OOBINLINE, don't even select for exceptional conditions. + + * lib/otp/otp_md.c: always downcase the seed. + byte-swap the SHA result. + +Thu Mar 27 1997 + + * appl/otp/otp.c: removed bad free of global data + +Sun Mar 23 1997 + + * configure.in: moved version.h and config.h to include + + + * acconfig.h: Fix utmp/utmpx stuff on OSF/1. + + + * appl/bsd/rlogind.c (control): Rewritten to handle the case of + there being no `ws_xpixel' and `ws_ypixel' + + * appl/bsd/rlogin.c (sendwindow): Rewritten to handle the case of + there being no `ws_xpixel' and `ws_ypixel' + + * aclocal.m4 (AC_KRB_STRUCT_WINSIZE): Also test for `ws_xpixel' + and `ws_ypixel' + + * lib/otp/otp.h: Change default global timeout + + * lib/krb/tf_util.c (tf_setup): Also take `pname' and `pinst' + + * appl/telnet/telnetd/sys_term.c, appl/bsd/utmpx_login.c: Do + gettimeofday and then copy the data for the sake of those systems + like SGI that can have different timevals in file and memory. + + * configure.in: Allow `--with-readline' + + * lib/editline/edit_compat.c (readline): strdup data before + returning it. + + + * appl/telnet/telnetd/state.c: Change size of subbuffer to 2k. + +Thu Mar 20 1997 + + * lib/krb/decomp_ticket.c: Add some range checking. + + * appl/ftp/ftpd/krb4.c: Check return value from krb_net_write. + + * appl/ftp/ftp/ftp.c: Fix hash mark printing. + +Wed Mar 19 1997 + + * appl/kauth/kauthd.c: more logging + + * man/kx.1, man/kxd.8: Updated. + + * appl/kx/kx.c, kxd.c: Hacked so that all TCP-connections are kx + -> kxd + + + * lib/editline/edit_compat.c: BSD libedit comatibility. + +Wed Mar 12 1997 + + * appl/ftp/ftpd/ftpd.c: Set `byte_count' even when using mmap. + Log foreign IP address together with hostname. + +Mon Mar 10 1997 + + * server/kerberos.c: Fix log file muddle. + +Sun Mar 9 1997 + + * appl/bsd/kcmd.c (kcmd): check malloc for failure. + +Tue Feb 25 1997 + + * man/ftpd.8: Documented the `-g' option. + + * appl/ftp/ftpd/ftpd.c: New option `-g umask' for specifying the + umask for anonymous users. + + * appl/ftp/ftpd/ftpd.c: conditionalize SIGURG + + * appl/otp/otp.c: More fixes from Fabien COELHO + <coelho@cri.ensmp.fr>. Check for current OTP before allowing the + update. + +Wed Feb 19 1997 + + * appl/otp/otp.c: updated help string + + * appl/bsd/Makefile.in: Fixed installation of suid programs. + + * appl/telnet/libtelnet/kerberos.c: fix some stuff to get + forwarding code to compile + + * lib/otp/otp_db.c: fix for signed char overflow. + + + * lib/krb/resolve.c: Patch from Jörgen Wahlsten + <wahlsten@pathfinder.com>: Zero out resource record, and send + correct length to dn_expand. + +Mon Feb 17 1997 + + * lib/roken/roken.h: Check for `_setsid' + + * appl/ftp/ftp/ftp.c: s/__CYGWIN32__/HAVE_H_ERRNO/ + + * include/Makefile.in: Generete krb_err.h and kadm_err.h before + linking/copying them + + * aclocal.m4: AC_FIND_FUNC: Add the library at the beginning of + the list. + + * configure.in: Use AC_PROG_RANLIB + Always use EMXOMF under OS/2 + Check for sys/termio.h and _setsid + + + * configure.in: A preliminary fix for editline. + + * appl/telnet/libtelnet/kerberos.c: Include ticket forwarding + stuff. + + * lib/krb/krb_get_in_tkt.c: Use tf_setup. + + * lib/krb/krb_get_in_tkt.c: New function tf_setup. + +Sat Feb 15 1997 + + * man/otp.1: updated + + * appl/otp/otp.c: New options `-d' and `-r'. From Fabien COELHO + <coelho@cri.ensmp.fr> + + * lib/otp/otp.h: Changed default from md4 to md5 + * lib/otp/otp_db.c (otp_get, otp_simple_get): New functions. + +Thu Feb 13 1997 + + * appl/kx/rxtelnet.in: allow specification of port number + + * appl/otp/otp.c: Add `-u' option + +Sun Feb 9 1997 + + * appl/ftp/common/glob.c: Rename FOO -> CHAR_FOO to avoid + collision with symbol in sys/ioctl.h + +Fri Feb 7 1997 + + * man/kpropd.8: updated + + * appl/bsd/rcmd_util.c: warning needs to know what program is + used. + + * slave/kpropd.c: New explicit flag `-i' for interactive. Don't + use AI to figure out if we have been started by inetd or not. + +Thu Feb 6 1997 + + * appl/kx/rxtelnet.in, appl/kx/rxterm.in: Patch for sending -l to + kx. From <map@stacken.kth.se> + + * kuser/klist.c: corrected alignment of `expired' + + * appl/telnet/telnet/commands.c: replaced lots of \n by \r\n + +Mon Feb 3 1997 + + * configure.in (socket, gethostbyname, getsockopt, setsockopt): + Better tests. + (HAVE_H_ERRNO): New test + + * lib/roken/herror.c (herror): Check HAVE_H_ERRNO + lots of other files as well. + +Sat Feb 1 1997 + + * appl/bsd/rcp.c: Work around the non-working getpw* in cygwin32 + + * lib/krb/logging.c: Init function for `std_log´ + + * appl/telnet/telnet/utilities.c: Remove `upcase´ + Check HAVE_SETSOCKOPT + + * appl/telnet/telnet/telnet.c: Use `strupr´ instead of `upcase´ + + * appl/telnet/telnet/commands.c, appl/movemail/pop.c, + appl/kauth/rkinit.c, appl/ftp/ftp/ftp.c, + appl/sample/sample_client.c: Ifdef around for the non-existence of + `h_errno' in cygwin32. + + * lib/des/read_pwd.c: work-around for cygwin32 + + * appl/telnet/telnet/sys_bsd.c: work-around for cygwin32 + +Fri Jan 31 1997 + + * lib/krb/tf_util.c: gnu-win32 needs to open files with O_BINARY. + +Sun Jan 26 1997 + + * configure.in: removed duplicate of initgroups and lstat + Use AC_KRB_STRUCT_WINSIZE + + * aclocal.m4 (AC_KRB_STRUCT_WINSIZE): New test + + * lib/krb/getaddrs.c: Check for SIOCGIFFLAGS and SIOCGIFADDR + + * appl/bsd/rlogin.c: conditional on SIGWINCH + + * appl/bsd/rcmd_util.c et al: conditional getsockopt + + * configure.in (cygwin32): New target + (getsockopt, getsockopt): Test for + (herror, hstrerror): Better tests + + * aclocal.m4 (AC_FIND_IF_NOT_BROKEN): Pass arguments to + AC_FIND_FUNC + +Thu Jan 23 1997 + + * configure.in: Add EXECSUFFIX + + * appl/kx/rxterm.in: rsh -n + + * lib/krb/unparse_name.c (krb_unparse_name_long_r): new function + + + * lib/auth/sia/sia.c: Fix a bug with ticket filename. Add afs + support. + + * lib/krb/get_host.c: Use KRB_SERVICE. + +Wed Jan 22 1997 + + * lib/auth/sia/Makefile.in: Add linker magic fix for broken, + conflicting kerberos code in xdm. + +Tue Jan 21 1997 + + * appl/xnlock/xnlock.c (verify): Change the "LOGOUT" password to + be manageable as X-resource XNlock*logoutPasswd. The password is + stored in UNIX crypt format so that it can be stored in a global + resource file for sites that whish to keep it a secret. + + + * configure.in: Check for winsize in sys/ioctl.h also. + +Sat Jan 18 1997 + + * lib/krb/get_default_principal.c: Use principal from + KRB4PRINCIPAL before using uid. + +Wed Jan 15 1997 + + * appl/telnet/telnet/sys_bsd.c: Use `get_window_size' + + * lib/roken/get_window_size.c: New file + + * appl/bsd/rlogin.c: Use `get_window_size' + + * appl/bsd/forkpty.c, appl/bsd/rlogind.c: conditionalize on + TIOCSWINSZ + + * configure.in: Check for `_scrsize' and `struct winsize' + +Tue Jan 14 1997 + + * Makefile.in (install-strip, travelkit-strip): New targets. + +Thu Jan 9 1997 + + * */Makefile.in: Use @foo_prefix@ and @program_transform_name@ + Add code to uninstall target + +Thu Dec 19 1996 + + * configure.in: Set LIBPREFIX + + * config.sub: Add os2 as a system + + * config.guess: Try to recognize i386-pc-os2_emx + + * configure.in: case for *-*-os2_emx + NEED_PROTO for `strtok_r' + + * aclocal.m4: ranlib is apparently calld EMXOMF on OS/2 + (AC_KRB_PROG_LN_S): New test that uses cp if ln fails + +Wed Dec 18 1996 + + * appl/bsd/login.c (main): First try to verify password using + standard UNIX method and if it fails try kerberos authentication. + +Sat Dec 14 1996 + + * appl/bsd/rcp.c: consider case of no fchmod + + * appl/kpopper/pop_init.c: Use k_getsockinst. + + * lib/roken/{strupr,strlwr,strchr,strrchr,lstat,initgroups,chown, + fchown,rcmd}.c: new files + + * appl/kpopper/pop_lower.c: Removed. + + * Makefile.in (travelkit): New target. + +Tue Dec 10 1996 + + * lib/krb/parse_name.c (kname_parse): Only copy realm if it is + specified. + + * lib/krb/get_host.c (krb_get_host): Treat no realm as local + realm. + +Mon Dec 9 1996 + + * appl/ftp/ftpd/ftpd.c: Get afs-tokens when logging in with + password. + + + * slave/kprop.c: flock with K_LOCK_SH + +Wed Dec 4 1996 + + * appl/telnet/telnet/commands.c: Also export XAUTHORITY + +Sun Dec 1 1996 + + * kadmin/ksrvutil.c: If realm is not specified, use the local one. + +Sat Nov 30 1996 + + * appl/kauth/kauthd.c: Use KAUTH_VERSION. Try to give correct + error messages back to kauth. + + * config.sub, config.guess: Merged in changes from autoconf 2.12 + + * appl/bsd/rsh.c: quick hack to make `-n' to the right thing. + + * kadmin/kadm_locl.h: Add prototype for FascistCheck. + +Thu Nov 28 1996 + + * man/afslog.1: Documented `-createuser' + + * appl/afsutil/aklog.c: removed `cell_of_file' Added option + `-createuser' to run pts to create a foreign principal. + +Tue Nov 26 1996 + + * lib/otp/otp_challenge.c: Initialize error string and check for + NULL from strdup. + + * lib/roken/mini_inetd.c: Initialize `sin_family' + + * appl/kpopper/pop_init.c: Add `-p' option and make `-a' + auth-style + + * appl/bsd/rshd.c: Add `-p' option. + + * appl/bsd/rlogind.c: Handle `-p' correctly. + + * appl/bsd/login.c: Removed confusing initialization of + `login_timeout' + + * appl/kpopper/pop_dropinfo.c: Remove white-space at the beginning + of UIDL-string. + +Sun Nov 24 1996 + + * Release 0.9.3 + +Sat Nov 23 1996 + + * kadmin/ksrvutil_get.c: Use `krb_unparse_name_long' Better + defaults. + + * lib/krb/krb.h: Added *_to_key + + * lib/krb/get_svc_in_tkt.c (srvtab_to_key): Make public + + * kadmin/kadmin.c (do_init): `-p' is a synonym for `-u' + (do_init): more logical defaults + (help): removed old code + better error messages + + * lib/krb/get_in_tkt.c (passwd_to_key, passwd_to_afskey): Export + and remove functionality for reading passwords. + + * lib/sl/sl.c: Nicer help output. + + * lib/otp/otp_challenge.c: Initialize `challengep' + + * lib/krb/Makefile.in: Removed get_pw_tkt.c + +Fri Nov 22 1996 + + * lib/auth/sia/sia.c: Now compiles under Digital UNIX 4.0. + +Wed Nov 20 1996 + + * lib/auth/pam/pam.c: Chown ticketfile to correct GID. + +Tue Nov 19 1996 + + * appl/kx/rxtelnet.in: Try to set the screen number as well. + + * Be careful not to thrust `h_length' from gethostby{name,addr} + + * appl/bsd/rcmd_util.c (ip_options_and_die): New function. + + * configure.in: moved headers before functions. + call AC_PATH_XTRA_XTRA. + Add strchr, index, rindex, and strrchr to AC_CHECK_FUNCS. + remove strchr and strrchr, add strtok_r from/to AC_BROKEN. + + * aclocal.m4 (AC_PATH_XTRA_XTRA): New macro. + + * aclocal.m4 (AC_FIND_FUNC, AC_FIND_FUNC_NO_LIBS): Two new + arguments: includes and arguments) + + * configure.in: Need to supply arguments and includes to test for + `res_search' and `dn_expand' + + * lib/kafs/afssys.c (k_setpag): Handle AFS_SYSCALL3 + + * Use `k_getpw{nam,uid}' instead of getpw{nam,uid}. + + * Replace lots of `strtok' with `strtok_r'. + + * lib/sl/sl.c: Allow unlimited number of arguments. Use + `strtok_r' to divide up string into arguments. + + * lib/roken/roken.h: Added `strtok_r' + + * configure.in: Test for `strtok_r' + + * include/Makefile.in: Don't build in ss + + * Makefile.export: Fixed ChangeLog-generation + + * lib/sl/sl.c: Let `readline' to the \n-removal. Handle empty + lines. Don't store empty lines in the history. + +Mon Nov 18 1996 + + * lib/sl/sl.c: Use readline compatible i/o. + + + * lib/otp/otp_locl.h: Changed location of otp database to /etc + + * appl/otp/Makefile.in: Install otp setuid root. + + * util/Makefile.in: don't build SS + + * lib/sl: New directory. + + * kadmin/kadmin.c: Replaced SS by SL. + +Sun Nov 17 1996 + + * kadmin/kadm_funcs.c: Improved log messages. + + + * Use KRB_TICKET_GRANTING_TICKET. + + + * server/kerberos.c: Don't do any special logging when running as + slave. + + + * Lots of files: remove unnecessary `(void)' + + * Lots of files: remove unnecessary `register' declaration. + + + * lib/krb/get_host.c: Only keep list of hosts from requested + realm. + + + * man/otpprint.1, otp.1: New files. + + * appl/otp/otp.c: `-s' is now default. + + * appl/otp/otp.c: removed count + + * lib/des/destest.c: more general quad_cksum test. + + * lib/otp/otp_print.c (otp_print_stddict_extended, + otp_print_hex_extended): New functions. + + * lib/otp/otptest.c: New file. + + + * appl/ftp/ftpd/ftpd.c: Change default auth level to what was + formerly known as `user'. + + * appl/ftp/ftpd/ftpd.c: Orthogonalize arguments to -a + + + * appl/kip/kip.c: Try all addresses we get back from the name + server. + + * kadmin/kpasswd.c: updated to new functions. + + * lib/otp/otp_db.c (otp_db_open): Do a few retries. Unlock in + case this file cannot be opened. + + * doc/kth-krb.texi: New chapter about OTPs. + + * appl/otp/otpprint.c, appl/otp/otp.c: Use OTP_ALG_DEFAULT. + Consistent language Check return value from des_read_pw_string. + + * lib/otp/otp.h: Add OTP_ALG_DEFAULT + + + * lib/krb/parse_name.c: New function krb_parse_name + +Sat Nov 16 1996 + + * appl/bsd/login.c: removed S/Key. + Added OTP with option `-a otp' + Reorganized verification loop. + + * appl/bsd/Makefile.in (login): Remove skey and add OTP + + * configure.in: Test for `uid_t' and `off_t' + + * appl/telnet/telnetd/telnetd.c: Removed `-s' for securID and + added `-a otp' for OTP. + + * appl/kpopper: removed s/key and added OTP support. Updated + man-page. + + * lib/otp/otp.h: more fields in the struct and a new function. + + * appl/ftp/ftpd/ftpd.c: Full OTP support. + + * appl/kx/rxterm.in: Add options: -l username, -r args_to_rsh, and + -x args_to_xterm + + * appl/kx/rxtelnet.in: Add options: -l username, -t + args_to_telnet, and -x args_to_xterm + + * man/kx.cat1: regenerated + + * man/kx.1: Added `-l' option. + + * appl/kx/kxd.c: Accept username from `kx' + + * appl/kx/kx.c: Introduced option `-l user' to be able to login as + some other user. + +Fri Nov 15 1996 + + * appl/kx/kx.c: Print out display and not display_nr + + * lib/auth/Makefile.in: Fix the case with empty SUBDIRS. + + * */Makefile.in: Use $(LN_S) instead of ln -s + + * */Makefile.in: Add @SET_MAKE@ + + * doc/latin1.tex: New file. + + * doc/kth-krb.texi: Use latin1.tex to be able to use one letter + that some bear seem to think is important. + + * doc/kth-krb.texi: Added acknowledgements. + + * lib/auth/Makefile.in: Only build relevant subdirectories. + + * configure.in: Set @LIB_AUTH_SUBDIRS@ to the subdirectories of + lib/auth that should be built. + + + * lib/kafs/afssys.c: Only get tokens for each cell once. + +Thu Nov 14 1996 + + * man: Added man pages for movemail(1) and kerberos(8). + + + * kadmin/kadmin_cmds.ct: Add `add' for add_new_key and `passwd' + for change_password. + + + * lib/krb/logging.c: Now actually compiles! + + + * config.{guess,sub}: Merge changes from Autoconf + + + * lib/krb/{recv,send}auth.c: Don't return errno if there is a + system error. + +Wed Nov 13 1996 + + * util/ss/Makefile.in: Now even compiles with BSD make! + + * appl/kx: Now send the complete display from `kxd' to `kx'. This + should enable it to work better with Xlibraries that don't support + unix sockets. + + * kuser/klist.c: conditionally include <sys/ioctl.h> and + <sys/ioccom.h> before <kafs.h> + + * lib/krb/resolve.h: Add fallback for `T_TXT'. + + * appl/otp/otp.c: removed print-functionality. + + * appl/otp/otpprint.c: New file. + + * appl/otp/Makefile.in: New program `otpprint' + + * lots of Makefile.in: Now should be possible to build with makes + that have broken VPATH-handling. + + * configure.in: Always replace REAL_SHARED & c:o so that some + libraries may be built as shared. + Removed unused AC_SUBST. + Only build afskauthlib on irix. + + * lib/auth/afskauthlib/Makefile.in, lib/auth/sia/Makefile.in, + lib/auth/pam/Makefile.in: Always build as a shared library. + + * appl/kx/rxtelnet.in, appl/kx/rxterm.in: export PATH (from + <jas@pdc.kth.se>). + + + * lib/krb/{pkt_cipher,fgetst}.c: Removed + + * lib/krb/name2name.c: Renamed k_name_to_name to krb_name_to_name + +Mon Nov 11 1996 + + * appl/telnet/telnetd/sys_term.c: Really remove bad stuff from + environment. + +Fri Nov 8 1996 + + * appl/bsd/rlogind.c (main): `portnum' should be int. + + * appl/bsd/sysv_environ.c: Use _PATH_ETC_ENVIRONMENT + + * appl/bsd/pathnames.h: _PATH_ETC_ENVIRONMENT: new + + * lib/krb/get_host.c (srv_find_realm): New parameter `service' + + + * lib/krb/unparse_name.c: New function. + +Tue Nov 5 1996 + + * lib/auth/pam/pam.c: Add PAM Kerberos module. + +Mon Nov 4 1996 + + * configure.in: configure in lib/auth/afskauthlib + + * lib/kafs/afssys.c: New function `k_afsklog_uid'. + + * lib/auth/afskauthlib: New library that works like + `afskauthlib.so' from Transarc. + + + *lib/krb/get_host.c, lib/krb/getrealm.c, lib/kafs/afssys.c: Use + dns_lookup(). + + * lib/krb/resolve.c (dns_lookup): Replaced several different + resolver functions with one more generalized. + +Sun Nov 3 1996 + + * Add check target in lib/krb. + + * appl/bsd/login.c (main): Sleep 10 seconds before bailing out so + that there is a chance of reading the error message. + + * appl/bsd/rsh.c (main): When invoked as rlogin equivalent change + to real uid before execing rlogin. + +Sat Nov 2 1996 + + * appl/bsd/utmp_login.c: Do the right thing on systems where + UTMPX_DOES_UTMP_LOGGING is defined. + + + * lib/krb/krb.h: names for `krb_kuserok' prototype + + * lib/krb/get_host.c: Add tcp/kerberos.REALM as well. + + * appl/bsd/su.c: Replace call to `kuserok' by `krb_kuserok'. + + * lib/otp/otp_parse.c: Add support for parsing extended responses + (draft-ietf-otp-ext-01). + + * lib/otp/otp.h: Define OTP_HEXPREFIX and OTP_WORDPREFIX. + + * appl/otp/otp.c: Add option `-e' for printing responses in + extended mode (according to draft-ietf-otp-ext-01.txt). + + + * lib/krb/kuserok.c: Function krb_kuserok now takes name, + instance, realm rather than an AUTH_DAT. + +Fri Nov 1 1996 + + * lib/auth/sia: Add SIA Kerberos module. + + + * lib/roken/roken.h: Need to include signal.h prior to defining + SIG_ERR. + + * appl/bsd/utmpx_login.c (utmpx_update): Minor restructuring for + simplified maintainability. + + * appl/bsd/utmp_login.c (utmp_login): Even when there are utmpx + files on this system we should also log to the utmp files. If + there are no utmp files we of course don't have to log to them. + + + * Makefile.export: now generate PROBLEMS and COPYRIGHT as well. + + * PROBLEMS, COPYRIGHT, doc/kth-krb.info: removed + + * doc/kth-krb.texi: Put copyrights in marketing order. + + * appl/kpopper/popper.h: client and ipaddr should be char [] so + that we can store the names there. + + * appl/kpopper/pop_init.c: save copies of addresses that otherwise + get overwritten. + +Mon Oct 28 1996 + + * lib/krb/send_to_kdc.c (send_recv_it): Use `recv' not `recvfrom' + to make winsock happy. Also don't care anymore about from which + address we got the answer since we do a `connect'. + + * admin/adm_locl.h, lib/kdb/kdb_locl.h, kadmin/kadm_locl.h, + lib/krb/krb_locl.h, lib/roken/strftime.c, server/kerberos.c: Do + not use #if, use #ifdef. + + * configure.in: Test for `rand' and `getuid' + + + * slave/kprop.c: Don't terminate on trivial errors in slaves-file. + +Sun Oct 27 1996 + + * doc/Makefile.in: Install from source directory if necessary. + + * lib/krb/kuserok.c: Do not use `k_getpwnam' in libkrb. + + * configure.in: You can't even use `unset', Ultrix sh does not + have it. + + + * several files: Check status from des_read_pw_string. + + + * server/kerberos.c: Make sure all data is recieved on a tcp + socket before trying to reply. + + + * lib/krb/krb.h: Add <time.h> for `struct tm' + + * appl/kx/Makefile.in: Both kx and kxd requires @XauWriteAuth@ + + * configure.in: Fix test for `XauReadAuth' + +Fri Oct 25 1996 + + * lib/krb/get_host.c (init_hosts): Must ntohs(KRB_PORT) on + machines running backwards. + + * More consistent use of CRLF in telnet and telnetd. + + * Removed redundant -I$(srcsdir)/../../include from compiler args. + + + * appl/ftp/ftpd/ftpd.c: New option `-a otp' to allow OTPs but no + ordinary passwords in cleartext. + + * appl/ftp/ftpd/Makefile.in: Link `ftpd' with -lotp + + * lib/Makefile.in: Add otp + + * include/Makefile.in: Add otp.h + + * configure.in: Test for ndbm.h + Generate Makefiles in lib/otp and appl/otp + + * appl/otp: New program to set up and generate OTPs. + + * lib/otp: New library for one-time passwords (RFC1938). + + * lib/krb/get_host.c (srv_find_realm): Added parameter `proto' + + * lib/des/Makefile.in: Add md4 and sha. run `mdtest' from check. + + * lib/des/md4.h, lib/des/md4.c, lib/des/sha.c, lib/des/sha.h, + lib/des/mdtest.c: New files. + + * appl/kauth/Makefile.in: Make $(libexedir) as well. + +Thu Oct 24 1996 + + * appl/bsd/rlogind.c (setup_term): Actually set the speed of the + terminal. + + * appl/bsd/rlogin.c (main): Do a `speed_t2int' before putting the + speed in the TERM variable. + + * appl/bsd/rcmd_util.c: New functions: `speed_t2int' and + `int2speed_t'. + + * appl/bsd/bsd_locl.h: Added prototype of `speed_t2int' and + `int2speed_t'. + +Sun Oct 20 1996 + + * appl/bsd/login.c: Do `getspnam' before change the UID. Also call + `endspent' + + * appl/krbmanager: New program used on PCs by kclient. + + * lib/kclient: New library. + + * lib/des, lib/krb: Added some PC-specific files. + + * doc/kth-krb.info: Regenerated. + + * doc/Makefile.in (kth-krb.info): Some stupid makes don't + understand $< + (kth-krb.html): New rule. + + * doc/kth-krb.texi (Compiling from source): Added some references + about Socks. + +Sat Oct 19 1996 + + * doc/kth-krb.texi: Added text about ``--with-socks''. + + * configure.in: Use `AC_TEST_PACKAGE' for skey and socks. + + * aclocal.m4: Replaced `AC_TEST_SOCKS' and `AC_TEST_SKEY' with the + more general `AC_TEST_PACKAGE'. + +Fri Oct 18 1996 + + * configure.in: call AC_TEST_SOCKS + + * acconfig.h: SOCKS + + * aclocal.m4: Added AC_TEST_SOCKS + + * lib/krb/send_to_kdc.c (send_to_kdc): Removed unused `f' and + close. + +Thu Oct 17 1996 + + * man/popper.8: Option `-i' + + * appl/kpopper/pop_send.c: clean-up + + * appl/kpopper/popper.h: Removed old garbage and added SKEY. + + * appl/kpopper/pop_xmit.c: clean up + + * appl/kpopper/pop_user.c: SKEY-support + + * appl/kpopper/pop_pass.c: Added support for spaces in passwords + and S/Key. + + * appl/kpopper/pop_init.c: Moved some variables into struct pop + (main): Added support for `-i' + + * appl/kpopper/pop_get_command.c: New command "HELP". + + * appl/kpopper/Makefile.in: Add SKEY-stuff. + + * lib/krb/get_host.c: Use `k_getportbyname(KRB_SERVICE,...)' as a + default instead of KRB_PORT + + * lib/krb/getaddrs.c (k_get_all_addrs): Add + gethostbyname(k_gethostname()) as a fallback. + + * lib/krb/k_getport.c (k_getportbyname): proto can be NULL + + * lib/krb/krb.h: Only include <sys/types.h> if HAVE_SYS_TYPES_H + + * lib/krb/prot.h: KRB_SERVICE: Added + + + * server/kerberos.c: Replaced linked list with a vector. + +Wed Oct 16 1996 + + * server/kerberos.c: Add support for TCP connections. + + * lib/krb/send_to_kdc.c: On stream sockets, use krb_net_read + rather than recvfrom. + +Mon Oct 14 1996 + + * doc/kth-krb.texi: Only use `kdb_edit' to add the initial + `nisse.admin'. Add all other users with `kadmin'. + + * doc/kth-krb.info: new file. + + * doc/kth-krb.texi: Added some text about kx and ftp. + + * appl/ftp/ftpd/ftpcmd.y, + util/ss/ct.y, + util/et/error_table.y : + Added code for handling the case of using `bison' and having no + `alloca'. Alloca is usually never called anyway, so we just use + `malloc'. + + * appl/kx/kxd.c: All static variables are now global and in + common.c. + (doit_conn, doit): Turn on TCP_NODELAY. + (create_and_write_cookie, suspicious_address): Moved to common.c + + * appl/kx/kx.c (connect_host): Try all addresses of `host'. Turn + on TCP_NODELAY. + (doit): prepare for TCP-only hosts. + (usage,main): add `-t' + (main): Passive mode is possible again. + + * appl/kx/kx.h: More #ifdefs for include files. Declarations for + global variables. + + * appl/kx/common.c (get_xsockets): Try to chmod + dirname(`X_UNIX_PATH') + (get_xsockets): Turn on TCP_NODELAY on TCP connections. + + * doc/Makefile.in: New file + + * Makefile.in: Added `doc' to `SUBDIRS' + + * configure.in: Generate `doc/Makefile' + +Sun Oct 13 1996 + + * appl/bsd/rcp.c (main): Made rcp AFS aware. + + * lib/krb/kuserok.c (kuserok): Act as if luser@LOCALREALM is + always an entry of .klogin. + +Sat Oct 12 1996 + + * appl/kx/rxtelnet.in: Start the `xterm' process correctly. + + * lib/des/rnd_keys.c (sumFile): consider the case that `res' is + not longword-aligned. + + * lib/krb/get_host.c (parse_address): `getservbyname' should + really get proto = NULL + + * lib/krb/send_to_kdc.c (krb_udp_port): removed + (send_to_kdc): removed `addrlist' + + * lib/krb/send_to_kdc.c: Support not only UDP. + + * lib/krb/get_host.c (krb_get_admhst): Really ask for a admin host + if that's what we want. + +Thu Oct 10 1996 + + * lib/krb/get_host.c: Simplified some code. Added stub-support for + SRV-records. + +Wed Oct 9 1996 + + * appl/kx/rxtelnet.in, appl/kx/rxterm.in: PDC are unable to give + correct instructions to their users and therefore we have to add + strange directories to the PATH. + + * appl/kx/rxtelnet.in: Support sending arguments to telnet. + + * appl/kx/rxterm.in: rsh can reside in path or %bindir% support + extra arguments to xterm (from <jas@pdc.kth.se>). + + * appl/kx/rxtelnet.in: Try to find some kind of terminal emulator + for X. + + * appl/kx/rxterm.in, appl/kx/rxtelnet.in: Look for kx in $PATH and + %bindir%. + + * appl/kx/common.c (get_xsockets): `mkdir' the correct directory. + From <jas@pdc.kth.se> + + + * lib/krb/send_to_kdc.c: Changes to allow other than udp port 750 + connections. + + * lib/krb/get_host.c: rewrite of krb_get_{adm,krb}hst. + +Sun Oct 6 1996 + + * appl/ftp/ftpd/ftpd.c (retrieve): Got rid of `sprintf'. + + * configure.in: Fix order for x libs. From <jas@pdc.kth.se>. + Check for `fcntl', `alloca', `winsock.h', and `io.h'. + + * lib/krb/krb_locl.h: Check for <io.h> and <winsock.h> + + * lib/krb/krb.h: Check for winsock.h + + * lib/krb/k_flock.c: Better test for `fcntl' with locking. + + * lib/krb/et_list.c: Hopefully correct pragma this time. From + <jas@pdc.kth.se> + +Thu Oct 3 1996 + + * lib/krb/klog.c (klog): Do not forget to print the text. + + * lib/krb/log.c (krb_log): Print space after time in log. + +Wed Oct 2 1996 + + * appl/kpopper/popper.h: Add field msg_id to hold Message-Id for + UIDL command. + + * appl/kpopper/pop_dropinfo.c (pop_dropinfo): Support for UIDL + command. Saves Message-Id to be used as unique id. Everything is + #ifdef:ed UIDL. + + * appl/kpopper/pop_get_command.c: Recognize UIDL command. + + * appl/kpopper/pop_uidl.c (pop_uidl): POP3 UIDL command + implementation. + + * appl/kpopper/Makefile.in: New file pop_uidl.c. + + + * configure.in: Made some of the tests into macros defined in + aclocal.m4 + + * appl/telnet/libtelnet/kerberos.c: Given better error message + when user is not authorized to login. + + * lib/roken/k_getpwuid.c, lib/roken/k_getpwnam.c: Call `endpwent'. + If we are using a BSD-kind of system we should not leave the + shadow password database open. + + * appl/xnlock/xnlock.c: Got rid of all `register' declarations. + + * appl/kx/rxterm.in, appl/kx/rxtelnet.in: Use `set --' + +Mon Sep 30 1996 + + * lib/roken/k_getpwnam.c, lib/roken_k_getpwuid.c: Call `endspent' + to try to close the shadow password file. + + * appl/ftp/ftpd/ftpd.c (retrieve): Cut the argument to the command + and the first character of the extension. + + * lib/krb/send_to_kdc.c: Sun doesn't have any strerror so we can't + use that here. We are only printing debug messages anyway, so + just print errno for now. + + * appl/kx/rxtelnet.in: Now using SIGUSR2. + + * appl/kx/kx.c: Now using SIGUSR1 to mean `exit when number of + children goes down to zero'. SIGUSR2 is `exit when number of + children is equal to zero'. + + * appl/xnlock/xnlock.c: More fixup of old code. + + * appl/ftp/ftpd/ftpd.c: Only call `filename_check' for guest + users. + + * configure.in: Added tests for more header files. Also added + more ifdefs when actually including those files. + + * appl/kx/Makefile.in: Do not build programs if we have no X11. + +Sun Sep 29 1996 + + * appl/xnlock/xnlock.c (main): Support for shadow passwords. + + * lib/roken/k_getpwuid.c: New file, better support for shadow + passwords. + + + * appl/telnet/Makefile.in: Use SET_MAKE + + + * appl/ftp/ftpd/ftpcmd.y: Remove access to several commands for + anonymous users. + + * lib/krb/get_krbhst.c: Look for kerberos-#.realm. + + * appl/ftp/ftpd/popen.c: Execute files from ~ftp if possible. + + * appl/ftp/ftpd/ftpd.c: Add find site command. + + * appl/ftp/ftpd/ftpd.c: Add special handling of nonexistant files + with extensions {,.tar}{,.gz,Z}. + +Sat Sep 28 1996 + + * configure.in: Check for sys/times.h, sys/param.h, and + sys/timeb.h + + * lib/des: autoconfed a little to make it compile. + + * lib/roken/roken.h: Add `max', `min', and definitions for broken + syslogs. + + * appl/bsd/bsd_locl.h: Removed SYSLOG-garbage and max. + + * appl/kx/kx.h: Remove prototype of childhandler. + + * appl/kx/common.c: Remove childhandler. Not common any more. + + * appl/kx/rxterm.in: Send SIGUSR1 to kx before starting xterm. + + * appl/kx/rxtelnet.in: Send USR1 to kx at appropriate moment. + + * appl/kx/kx.c: Die after receiving SIGUSR1 and when number of + children goes to zero. + + * lib/roken/roken.h: Add STDERR_FILENO + + * lib/roken/mini_inetd.c (mini_inetd): Also dup onto stderr. + + * lib/kafs/Makefile.in (afslib.so): Change argument so they work + with `ld' instead of `cc' + + * appl/kx/kxd.c: writeauth.c as separate file. + + * appl/kx/kx.c: `-d' option to disable forking. + + * appl/kx/Makefile.in: Compile and link writeauth.c if necessary. + For some stupid reason $< does not work correctly in BSD make. + Use $(srcdir) instead. + + * appl/ftp/ftp/ftp_locl.h: Only include <roken.h> once. + + * configure.in: Use strange X flags when looking for XauReadAuth. + Add XauWriteAuth if we need to include it. + +Fri Sep 27 1996 + + * appl/sample: Sample programs work again. + + + * appl/kx/kxd.c (main): use `mini_inetd' + + * appl/kx/kx.c: Use KX_PORT + + * appl/kx/kx.h: Remove SOMAXCONN and add KX_PORT + + * appl/kauth/kauthd.c (main): use `mini_inetd' + + * appl/ftp/ftpd/ftpd.c: Removed `conn_wait' and use `mini_inetd' + instead. + + * appl/bsd/bsd_locl.h: Prototypes for `get_shell_port' and + `get_login_port' + + * appl/bsd/rcmd_util.c: New file. + + * appl/bsd/Makefile.in: Added rcmd_util.c + + * appl/bsd/rcp.c: Moved `get_shell_port' to rcmd_util.c + + * appl/bsd/rsh.c: Moved `get_shell_port' to rcmd_util.c + + * appl/bsd/rlogind.c (main): Use `mini_inetd' + + * appl/bsd/rshd.c (main): Add support for interactive mode with + `-i'. + + * appl/telnet/telnetd/telnetd.c (main): use `mini_inetd' + + * lib/roken/roken.h: Added prototype for `mini_inetd', and + fallback definitions for SOMAXCONN, STDIN_FILENO, and + STDOUT_FILENO. + + * lib/roken/Makefile.in: Added mini_inetd.o + + * lib/roken/mini_inetd.c: New file. + +Thu Sep 26 1996 + + * appl/kx/kxd.c (doit): read port number in ascii. + + * appl/kx/kx.c (doit): write port number in ascii. + + * appl/kauth/rkinit.c (doit_host): Check return value from + `read_encrypted'. + + * appl/kauth/kauthd.c (doit): Removed unnecessary sprintf's before + syslog. + + * lib/krb/krb_get_in_tkt.c (krb_get_in_tkt): Return error code + from `tf_create' and not always INTK_ERR. + + * lib/krb/tf_util.c (tf_create): Correct check for return value + from `open'. + + * lib/des/rnd_keys.c (des_rand_data): Try /dev/urandom as well. + +Wed Sep 25 1996 + + * appl/afsutil/pagsh.c (main): One-of error hopefully fixed this + time. + + * configure.in: Add test for <sys/un.h> + + * kadmin/Makefile.in: Add back $(CRACKLIB) + +Mon Sep 16 1996 + + * appl/kx/Makefile.in: Create rxterm and rxtelnet at compile time. + + * kstring2key moved to appl/afsutil. + +Sun Sep 15 1996 + + * appl/kx/kx.c (main): For now always use passive mode. That's + the only thing that has been tested and not a lot of people are + going to use non-passive anyways. + + * appl/kx/kx.c (connect_host): write display_number in ascii. + + * appl/kx/kxd.c (doit): read display_number in ascii. + + * appl/kx/common.c (get_local_xsocket): Generate the + /tmp/.X11-unix directory with the sticky bit set. + + * configure.in: Generate appl/kx/rxterm and appl/kx/rxtelnet. + + * appl/kx/Makefile.in: Install rxterm and rxtelnet. + + * appl/kx/rxterm.in, appl/kx/rxtelnet.in: New files. + + * appl/kx/common.c (get_local_xsocket): try to bind the socket + instead of checking for existence with lstat. + + + * appl/kx/kxd.c: Detect remote termination and cleanup on exit. + +Sat Sep 14 1996 + + * lib/des/rnd_keys.c: Hack for systems that lack setitimer (like + crays). + + + * appl/kx/kxd.c (doit): Send over the display number and the + authority file actually used to kx. + + (create_and_write_cookie): New function to generate and write into a + file a local cookie used between this pseudo-server and the + clients on this host. + + (start_session): New function to check and remove the local cookie + before the data is sent over to `kx'. + + * appl/kx/kx.c (display_num, xauthfile): New variables. Now `kx' + prints out the values of those two variables and then goes to the + background to enable some script to set these on the other host. + + (start_session): New function that adds a local cookie before sending + the rest of the connection to the local X-server. + + (main): Also recognize "unix" as a local DISPLAY. + + * appl/kx/kx.h: <X11/Xauth.h> used. + (get_local_xsocket): Changed parameter. + + * appl/kx/common.c (get_local_xsocket): Now try to allocate the + first free socket in /tmp/.X11-unix. Also `mkdir' this directory + first. Return the number of the display opened. + + * appl/kx/Makefile.in: Added X libraries. + + * lib/des/des.h: Added prototype for `des_rand_data'. + + * lib/des/rnd_keys.c: Made `des_rand_data' non-static. This + function is useful and now even used. + +Wed Sep 11 1996 + + * appl/bsd/login.c: Use k_afs_cell_of_file() to get tokens for the + cell of the home catalog rather than the local cell. + + * lib/kafs/afssys.c: Add k_afs_cell_of_file. + +Tue Sep 10 1996 + + * appl/telnet/telnetd/telnetd.c, appl/telnet/telnetd/sys_term.c: + Removed all convex code. + +Mon Sep 9 1996 + + * appl/telnet/telnetd/termstat.c: UNICOS5: removed + + * appl/telnet/telnetd/telnetd.c, appl/telnet/telnetd/sys_term.c: + NEWINIT, UNICOS7x, UNICOS5: removed + + STREAMSPTY: added variable `really_stream' Now able to handle the + case where the OS supports stream ptys but we run out of them and + start using ordinary BSD ones. + + * appl/telnet/telnetd/state.c: UNICOS5: removed + + * appl/telnet/telnetd/pathnames.h: BFTPPATH: removed + + * appl/telnet/telnetd/ext.h, appl/telnet/telnetd/global.c: + BFTPDAEMON: removed. + UNICOS5: removed. + + * appl/telnet/telnetd/ext.h: STREAMSPTY: added variable + `really_stream'. + + * lib/krb/stime.c (krb_stime): argument should be `time_t'. + lib/krb/krb_locl.h: changed prototype. + +Sun Sep 8 1996 + + * configure.in: Also generate `appl/sample/Makefile' + + * appl/Makefile.in: Use @SET_MAKE@. + Include sample + + * lib/krb/Makefile.in: Add krb_stime, krb_mk_auth, and + krb_check_auth. + + * util/et/compile_et.c (main): Include <foo.h> in foo.c + + * slave/kprop.c: exit with return code == 1 to indicate failure. + + * server/kerberos.c (usage): Fixed usage string. + + * lib/krb/tkt_string.c (tkt_string): Removed bogus extern + declaration of `getuid'. + + * lib/krb/tf_util.c (tf_save_cred): Removed bogus extern + declaration of `lseek'. + + * lib/krb/stime.c (stime): Renamed to `krb_stime' + + * lib/krb/sendauth.c (krb_sendauth): reimplemented using + `krb_mk_auth' and `krb_check_auth'. + + * lib/krb/send_to_kdc.c (send_recv): Removed stupid cast. + + * lib/krb/recvauth.c: Removed KRB_SENDAUTH_VERS + + * lib/krb/prot.h: create_auth_reply: correct prototype. + krb_create_death_packet: ditto. + KRB_SENDAUTH_VERS: moved here from sendauth.c and recvauth.c + + * lib/krb/month_sname.c: Made `month_sname' const. + + * lib/krb/mk_req.c: Remove stupid `register' + + * lib/krb/log.c (krb_log): Use `krb_stime' + + * lib/krb/kuserok.c (kuserok): Nightmare Filesystem might return + ESTALE. Treat it the same way as ENOENT. + + * lib/krb/krb_locl.h: Added prototype for `krb_stime' + + * lib/krb/krb_check_auth.c: New file with `krb_check_auth', + implemented for compatibility with CNS. + lib/krb/krb_mk_auth.c: Ditto. + + * lib/krb/krb.h: Removed duplicate declarations of `get_request' + and `krb_get_admhst'. + Added declarations for `krb_mk_auth' and `krb_check_auth'. + + * lib/krb/kparse.h: removed prototype for `strsave' + + * lib/krb/kparse.c (fGetParameterSet): Use `strdup' instead of + `strsave'. + (strsave): Removed. + + * lib/krb/kname_parse.c: Removed stupid `register' declarations. + + * lib/krb/klog.c (klog): Use `krb_stime' + + * lib/krb/get_phost.c: Handle the case where the name has no dots + in it by just returning it as-is. + + * lib/knet/Imakefile, lib/knet/getkdata.c, lib/knet/phost.c, + lib/knet/sendkdata.c: removed unused files. + + * lib/kadm/kadm_cli_wrap.c (kadm_init_link): use `k_getportbyname' + + * kadmin/ksrvutil_get.c (get_srvtab_ent): Erase the key if + something goes wrong. Include realm in the message when writing a + key. + (parseinput): New function that removes quotes and backslashes + from input. + (ksrvutil_get): Use `parseinput' to read input. + + * kadmin/ksrvutil.c (safe_read_stdin): Correct use of printf. + Removed bogus casts and fflush of stdin. + (main): Use `return' instead of `exit'. + + * kadmin/kpasswd.c (main): Use `return' instead of `exit'. + + * kadmin/admin_server.c: exit with return code == 1 to indicate + failure. + + * appl/sample/sample_server.c: Rewrote to use all new functions. + + * appl/sample/sample_client.c: Rewrote to use all new functions. + + * appl/sample/sample.h: new file. + + * appl/sample/Makefile.in: new file. + + * appl/movemail/pop.c (socket_connection): use `k_getportbyname' + + * appl/kpopper/pop_init.c: exit with return code == 1 to indicate + failure. + + * appl/kauth/kauth.c (doexec): new-style definition. ret should + be a `pid_t'. + (main): new-style definition. Use `prog' instead of `argv[0]' + + * appl/ftp/ftp/extern.h: Removed unused `abortsend' + + * appl/ftp/Makefile.in: Use @SET_MAKE@ + + * appl/bsd/rsh.c: get_shell_port: use `k_getportbyname' + + * appl/bsd/rlogin.c: get_login_port: use `k_getportbyname' + + * appl/bsd/kcmd.c: Removed bogus casts to `caddr_t' + + * admin/kstash.c: Removed bogus flushing of stderr. Replaced lots + of `exit(-1)' by `return 1' + + * admin/kdb_util.c: Removed unused variable `aprinc'. + Removed bogus flushing of stderr. + Replaced lots of `exit(-1)' by `return 1'. + + * admin/kdb_edit.c, admin/kdb_init.c: use `return' instead of + calling `exit' and use 1, not -1, for failure. + + * Makefile.in: Use @SET_MAKE@ + + * aclocal.m4: AC_NEED_PROTO: need macro to determine if we need to + define a prototype for a function. + + * configure.in: Reordered. Removed unused stuff. Start using + AC_NEED_PROTO. + + * config.guess: merged in FSF version from 960908. + +Tue Sep 3 1996 + + * include/protos.H: Added optarg, opterr, optind, optopt and + (fclose under Sunos 4). Removed these declarations from lots of + other files. + + * acconfig.h: Add undefs for h_errno, h_errlist, optarg, optind, + opterr, and optopt. + + * configure.in: Use `AC_NEED_DECLARATION' for h_errno, h_errlist, + optarg, optind, opterr, and optopt. + + * aclocal.m4: New macro `AC_NEED_DECLARATION' to figure out if we + need to have an external declaration of a variable. + +Mon Sep 2 1996 + + * lib/krb/krb.h: Removed unused `req_act_vno' and `k_log'. + Changed all callers. + + * lib/krb/krb.h: Removed definition of `MAX_HSTNM'. + + * lib/krb/send_to_kdc.c: Removed use of `MAX_HSTNM'. + + * appl/afsutil/pagsh.c: Some reformatting and fixed the off-by-one + args bug. + +Sat Aug 31 1996 + + * lib/krb/{send_to_kdc.c, getrealm.c}, appl/xnlock/xnlock.c, + appl/kauthkauth.c, appl/bsd/{rshd.c,rlogind.c}: Removed '#if 0'-ed + code. + + * lib/krb/get_in_tkt.c: Removed '#if 0'-ed code and now compiles + with NOENCRYPTION. + + * kadmin/ksrvutil.c: Now compiles with NOENCRYPTION. + + * appl/ftp/ftpd/ftpcmd.y: Throw away passwd after use. + + * appl/ftp/ftpd/ftpd.c: Fixed old comment. + + * slave/kpropd.c: s/sa_len/salen/ Irix has a #define for sa_len. + + * lib/kdb/krb_dbm.c: If key->dptr is not a `char *' we have to + cast it before adding to it. + + * configure.in: Old test for `sa_len' in `struct sockaddr' fails + on IRIX 6.2. Try to compile a program refering to that field + instead of grepping for it in <sys/socket.h>. + + * appl/bsd/kcmd.c: Removed old and broken code. + + * configure.in: Check for `gethostname', `uname', and + <sys/utsname.h> + + * lib/krb/k_gethostname.c: Try to use `uname' if we have no + `gethostname'. + + * appl/ftp/ftpd/klogin.c: Incorrect use of `gethostname' replaced + by correct use of `k_gethostname'. + + + * lib/roken/verify.c: Change name verify_unix_user -> + unix_verify_user in analogy with krb_verify_user. + +Fri Aug 30 1996 + + * appl/xnlock/Makefile.in: Install man-page. + + * configure.in, */Makefile.in: Replace `-shared' with some other + option when not using gcc. + + * lib/kafs/afssys.c: Do not start by checking if we have AFS in + `k_afsklog'. + + * appl/bsd/rlogin.c: More kludges to make it work with rlogin on + linux: Do not select for an exceptional condition on `rem' after + having received EINVAL. + + Also rewrote ifndef NOENCRYPTION stuff. + + * appl/bsd/rlogind.c: More kludges to make it work with rlogin on + linux: Only send oob data just after having sent normal data to + make sure we never send two consecutive bytes of oob data. + + Also rewrote ifndef NOENCRYPTION stuff. + +Thu Aug 29 1996 + + * lib/kafs/Makefile.in: Use `ld' instead of `cc' for linking + afslib.so. Not everybody has cc. + +Wed Aug 28 1996 + + * Release 0.9.2a + +Mon Aug 26 1996 + + * appl/bsd/login.c: Clean-up. Made static a lot of functions and + variables. Rewrote some function definitions to ANSI-style. + + * appl/bsd/sysv_environ.c: KRB4_MAILDIR may and may not contain a + trailing slash. We need to be very careful to make sure the + contents of $MAIL does not contain two, because RMAIL in emacs + uses it and emacs is no friend with double slashing. + + + * lib/kafs/afssys.c (k_afsklog_all_local_cells): Now should return + correct value. + +Sun Aug 25 1996 + + * Release 0.9.2. + +Sat Aug 24 1996 + + * lib/roken/hstrerror.c: Check for h_errlist prototype. + +Thu Aug 22 1996 + + * lib/krb/send_to_kdc.c, etc/services.append, server/kerberos.c: + Changed `kerberos' to `kerberos-iv' now that it has been + registered with IANA. + + * man/rshd.8, man/rlogind.8: updated documentation of `-a' + + * lib/roken/roken.h: Added declaration of `h_errno' + + * kuser/Makefile.in: Link kdestroy with KRB_KAFS_LIB + + * appl/kauth/kauth.h: Stupid declarations for syslog. + + * appl/kauth/kauthd.c: syslog errors and success. + + * include/protos.H: Removed `h_errno', now in roken.h Declare + `getusershell' under solaris. + + * configure.in, acconfig.h: Figure out if we have to declare + `h_errno'. + + * appl/ftp/ftp/kauth.c: Added support for afs_string_to_key. + +Wed Aug 21 1996 + + * lib/kafs/afssys.c: Look for AFS database servers in dns also. + + * lib/kafs/afssys.c: Add support for a ~/.TheseCells-file. + +Sun Aug 18 1996 + + * appl/bsd/rlogind.c: Removed unused `check_all' variable. Use + `inaddr2str'. + + * appl/bsd/rshd.c: Use `inaddr2str'. + + * appl/bsd/iruserok.c: Removed potential buffer overrun after + `gethostbyaddr'. + + * lib/roken/inet_aton.c: Some const-ness. + + * lib/roken/Makefile.in: Add `inaddr2str.o'. + + * appl/ftp/ftpd/ftpd.c: Use `inaddr2str'. + + * lib/roken/inaddr2str.c, lib/roken/roken.h: New function + `inaddr2str' to convert an IP address into a verified hostname or + a string of the form x.y.z.a + + * lib/krb/{krb_locl.h, krb.h, k_name_to_name.c, k_getsockinst.c, + getrealm.c}: Some const-ness. + + * appl/bsd/bsd_locl.h: Removed another prototype for `crypt'. + + * appl/kpopper/popper.h: Some const-ness to get rid of a warning. + + * appl/bsd/rshd.c: Always check reverse mapping. Removed + `local_domain' and `top_domain'. Added some const-ness. + +Sat Aug 17 1996 + + * include/Makefile.in: Removed VPATH. With it this makefile does + not work correctly. + + * lib/krb/rw.c, lib/krb/krb_locl.h: Changed parameters to + `krb_{get,put}'-functions to void *. + + * include/protos.H: Add `getusershell' in solaris. + + * appl/kauth/kauthd.c, appl/bsd/{rlogin.c,rlogind.c}: Less + warnings because of arguments to `setsockopt'. + + * lib/roken/roken.h: Fixed prototype of `inet_aton' + +Wed Aug 14 1996 + + * lib/roken/verify.c: Use <crypt.h> if there is one. + + * lib/kafs/Makefile.in: AFS_EXTRA_LIBS is always called + `afslib.so'. Otherwise some makes get upset when there is no such + library to be made. + + * appl/telnet/telnetd/telnetd.h: <protos.h> are needed to get + prototype for `ptsname'. + + * appl/bsd/rlogind.c, appl/kpopper/pop_dropinfo.c, + appl/telnet/libtelnet/{auth.h,enc_des.c,kerberos.c}, + appl/telnet/telnet/utilities.c, appl/telnet/telnetd/{sys_term.c, + telnetd.h, kadmin/admin_server.c, kuser/klist.c, + lib/kdb/{krb_cache.c, krb_dbm.c}, lib/krb/{fgetst.c, getst.c, + log.c, tf_util.c}: Include type `int' on all definitions and + remove unnecessary `register'. + + * appl/bsd/login_access.c: Fix parameter declaration to + `netgroup_match'. + + * appl/bsd/forkpty.c, include/protos.h: s/__sgi__/__sgi//g + + * admin/kdb_util.c: Use `errno' for error message instead of + uninitialized variable. + +Tue Aug 13 1996 + + * appl/kauth/rkinit.c: Default port should be the same in kauth + and kauthd. + +Sun Aug 11 1996 + + * configure.in: Added `AC_REVISION' + + * slave/kpropd.c: Cleaned up structure. Now returns useful value. + + * lib/roken/verify.c: Broken OSes need declartion of `crypt'. + + * lib/roken/roken.h: Added prototype for `verify_unix_user'. + + * lib/krb/lsb_addr_comp.h: Added prototype for `lsb_time'. + + * lib/krb/{get_admhst.c, get_default_principal.c, get_krbhst.c, + get_krbrlm.c, getrealm.c, realm_parse.c} : Check for buffer + overwrite correctly. + + * lib/krb/rw.c, lib/krb/krb_locl.h: Prepended `krb_' to `get_int', + `put_int', `get_address', `put_address', `put_string', + `get_string', `get_nir', and `put_nir'. Changed all callers. + + * lib/kdb/krb_db.h: Added prototype for `kerb_delete_principal' + and `kerb_db_delete_principal'. + + * lib/kadm/kadm_cli_wrap.c: Removed unused variable. + + * appl/telnet/telnetd/telnetd.c: Changed bogus `strncpy' to + `strcpy'. + + * appl/bsd/su.c: Fixed error messages from execv. + + * appl/bsd/rlogin.c: Fixed potential buffer overrun when reading + "TERM". + +Thu Aug 8 1996 + + * appl/telnet/telnet/commands.c, appl/kauth/rkinit.c: Replaced + `herror' by `hstrerror'. + + * appl/bsd/login.c: chmod the tty so that it is writable for group + tty. + + * configure.in: Use AC_FIND_IF_NOT_BROKEN for herror and + hstrerror. + + * aclocal.m4: New macro `AC_FIND_IF_NOT_BROKEN' + + * config.guess: Add 686 + +Tue Aug 6 1996 + + * lib/krb/getrealm.c: Fallback for `T_TXT' + + * configure.in: Look for `res_search' and `dn_expand' in + libresolv. + +Mon Aug 5 1996 + + * */Makefile.in: Add Id to those missing it. + + * configure.in: Small fix in comment. + + + * Release 0.9.1. + + + * appl/ftp/ftpd/ftpcmd.y: s/timeout/ftpd_timeout/ + + * appl/kstring2key/kstring2key.c: `usage' changed to void. + + * lib/krb/mk_req.c: `build_request' changed to void. + + * appl/ftp/ftp/ftp_locl.h: Changed order of includes. + + * appl/bsd/login.c, appl/ftp/ftpd/*: s/timeout/login_timeout/ + + * lib/kafs/afssysdefs.h: undef AFS_SYSCALL if we are defining it. + +Sun Aug 4 1996 + + * lib/kafs/afssys.c: AIX systems will now correctly (I hope) + detect whether AFS is loaded or not. This is currently a bit + kludgy, and involves loading an external shared library, + afslib.so, which can be put in athena/lib or pointed to with + environment variable AFSLIBPATH. This is only tested on AIX 4 + (due to lack of an AIX 3 system). + + + * lib/krb/getrealm.c: Range-check the result from the DNS. + + * lib/krb/get_krbrlm.c: Try to use the DNS to find out which realm + this host belongs to. + + * kadmin/ksrvutil_get.c: Fixed error message. + + + * lib/kafs/*: Fix aix/afs brokenness. + + * lib/kadm/kadm_stream.c (stv_string): Range check. + +Fri Jul 26 1996 + + * appl/ftp/common/{ftp,ruserpass}.c: Less bogus domain name + handling. + +Mon Jul 22 1996 + + * lib/krb/mk_req.c: Use encrypt_ktext() + + * configure.in, lib/kafs/afssys.c: Add option to exclude AFS + support (this is useful only on AIX systems that doesn't have + AFS). + + * configure.in: Removed configuration from subdirectories. + +Sat Jul 13 1996 + + * appl/ftp/ftp/extern.h, appl/ftp/ftp/ftp.c: Substitute `struct + fd_set' with `fd_set'. + +Mon Jul 8 1996 + + * Makefile.in: install should depend on all. + +Sun Jul 7 1996 + + * appl/bsd/su.c: Allow root to set the uid without entering a + password. + +Fri Jul 5 1996 + + * lib/krb/getrealm.c: Add automatic dns realm search. + +Thu Jul 4 1996 + + * lib/krb/log.c (krb_log): Renamed k_log(...) to krb_log(...) for + compatibility with CNS. There is still a #define k_log krb_log. + + * util/et/et_list.c: Hack to resolve _et_list in shared libraries. + +Fri Jun 28 1996 + + * appl/bsd/rlogin.c (reader): If after a select rlogin fails to + read expected OOB data try to read ordinary data before continuing. + + * appl/bsd/rlogin.c (oob_real): SunOS5 tty race kludge. + + * appl/bsd/rlogind.c: Cleanup oobdata stuff. + +Thu Jun 27 1996 + + * appl/bsd/login.c (main): Also check for complete tty name with + `rootterm'. + + * lib/krb/check_time.c: New function `krb_check_tm'. + + * lib/roken/tm2time.c: New function `tm2time', mktime generalized + to local timezone and UTC. + + * kadmin, admin: Use `tm2time' and `krb_check_time' instead of + `maketime'. + +Tue Jun 25 1996 + + * lib/krb/mk_priv.c (krb_mk_priv): Send correct address. + + * appl/kauth/kauthd.c: Set ticket file to some sane default, and + add -i debugging switch. + +Mon Jun 24 1996 + + * appl/xnlock, appl/kauth, appl/telnet/telnetd: Use BINDIR and not + `/usr/athena/bin'. + +Wed Jun 19 1996 + + * appl/bsd/rlogin.c: consistent usage of oob_real. + + * appl/bsd/rlogind.c: Do not send oob garbage when running + solaris? Seems that linux is unable to handle the duplicate + urgent data that is the result. + + * appl/bsd/rlogind.c: Fix usage. + + * appl/bsd/kcmd.c: Don't F_SETOWN. + +Mon Jun 17 1996 + + * lib/krb/rw.c: Add get_address() and put_address(). + + + * appl/telnet/telnetd/telnetd.c: updated usage + + * appl/bsd/su.c: Replaced getpass by des_read_pw_string + + * appl/bsd/forkpty.c (ptym_open): Removed unused `ptr2'. + + * appl/bsd/rlogind.c: Removed unused functions and made others + static. + +Sun Jun 16 1996 + + * Release 0.9. + + + * appl/ftp/ftpd/ftpd.c: Don't just send data in plain when doing + NLST. + + + * configure.in: test for setresgid. + + * kadmin/ksrvutil_get.c: Fixed byte manipulations of keys. + +Sat Jun 15 1996 + + * lib/des/rnd_keys.c (des_rand_data): At least `srandom'. + + * appl/ftp/ftp/cmds.c: Support longer passwords when retrying + login. + + * kadmin/admin_server.c, man/kadmind.8, kth-krb.texi: Reading key + file from file is now the default. Use `-m' to enter it manually. + `-n' is currently a no-op. + + * appl/ftp/ftpd/ftpd.c: Add S/Key support. + + * appl/ftp/ftpd/Makefile.in: Link with S/Key. + + * appl/ftp/configure.in: Test for S/key. + + * configure.in, aclocal.m4: Moved skey test + to aclocal.m4. + + * appl/bsd/login.c: Correct argument to `skeyaccess'. + +Fri Jun 14 1996 + + * lib/krb/verify_user.c: New parameter to specify service key + instance, NULL means "rcmd". + + * lots of files: All ticket filenames uses `TKT_ROOT'. + + * appl/bsd/rlogind.c: Check for uid == 0 and user != "root". + +Tue Jun 11 1996 + + * appl/kpopper/pop_init.c(pop_init): Got rid of some old ifdef'ed + code. + + * lib/kdb/krb_dbm.c: Add macro for `dbm_delete' for the people + that are ndbm challenged. + +Mon Jun 10 1996 + + * lib/krb/kname_parse.c: Got rid of duplicate defintions. + + * appl/ftp/ftp/ruserpass.c: Get hostname even if user has no + '.netrc' file. + + + * lib/kadm, lib/kdb, kadmin: Add database delete operation. + + * lib/krb/kname_parse.c: Allow dots in instances. + + + * appl/bsd/rlogind.c (logwtmp): Only define `logwtmp' if it does + not exist. Log more garbage. + +Sun Jun 9 1996 + + * appl/telnet/configure.in: Check for `logwtmp'. + + * appl/ftp/configure.in: Use `AC_FUNC_MMAP' + + + * appl/bsd/forkpty.c: Removed all ugly pty search stuff from + ptym_open(). + + * configure.in: Modified the creation of version.h, now actually + shows up with ident.It is now also slightly more keen on creating + a new version.h. + +Sat Jun 8 1996 + + * lib/roken/verify.c: <stdio.h> for NULL. + + * appl/xnlock/xnlock.c (leave): Call XCloseDisplay, otherwise + screen saver changes are not updated before closing the X + connection. + + + * appl/bsd/utmp_login.c: Remove tty-prefix from ut_id; this field + is usually very short. + +Fri Jun 7 1996 + + * slave/kpropd.c: Add option -m to merge rather then load + database. + +Thu Jun 6 1996 + + * admin/kdb_util.c: Add a merge operation. (One day it might be + used to propagate only patches to the database) + +Wed Jun 5 1996 + + * appl/kpopper: Support both POP3 and KPOP3. + + * appl/xnlock/xnlock.c: Use `verify_unix_user' + + * lib/roken/verify.c: verify_unix_user: New function from xnlock + for checking passwd in `/etc/passwd'. + + * appl/telnet/telnetd/sys_term.c: gettimeofday buglet + + + * slave/kpropd.c: Rewrite of kpropd. + + * admin/kdb_util.c: Sanity check on input to load_db. + + * slave/kpropd.c: Use default value for fname. + + * slave/kprop.c: Use some sane default values for data_file and + slaves_file. + + * admin/kdb_util.c: If there isn't any database when loading, + create an empty one. + +Mon Jun 3 1996 + + * appl/telnet/telnetd/sys_term.c: Somewhat changed the way utmpx + entries are created. It should now work on both Solaris and IRIX, + without stale login information. + +Sat Jun 1 1996 + + * lib/krb/k_gethostname.c (k_gethostname): Fallback. + + * lib/krb/send_to_kdc.c (send_to_kdc), + kadmin/kadm_ser_wrap.c (kadm_ser_init), + slave/kprop.c (prop_to_slaves), + slave/kpropd.c (main): Use `k_getportbyname'. + +Fri May 31 1996 + + * Lots of files: more #includes ifdefad and cleaned up. + +Thu May 30 1996 + + * Lots of files: Replaced bcopy/bzero/bcmp with + memcpy/memset/memcmp. + + + * lib/krb/get_default_principal.c: Use getlogin() if it is the BSD + variant that actually gives some information. + + * lib/krb/create_ticket.c: Write correct address byteorder. + + * lib/kadm/kadm_stream.c,kadm_cli_wrap.c: Don't assume int32_t is + four bytes. + + * kadmin/kpasswd.c: Allow principal without -n. + + * kadmin/kadmin.c: Use krb_get_default_principal. + + * appl/ftp/ftpd/ftpd.c: Fix bare newline bug. + + * appl/bsd/rlogind.c: Add -i and -p options to start rlogind from + command line (for debugging). + + * INSTALL: Rewritten. + +Wed May 29 1996 + + * appl/ftp/ftp/krb4.c: Handle different sizes of returned + checksum. + + + * appl/bsd/Makefile.in: Don't install login setuid. + +Fri May 24 1996 + + * appl/bsd/rsh.c: Don't run away yelling if someone calls you + `remsh'. + +Sun May 19 1996 + + * lib/krb/kdc_reply.c: Remove unused function decrypt_tkt. Sanity + check on decrypted ticket. + +Wed May 15 1996 + + * server/kerberos.c: Should work with the new libkrb + + * appl/kip: Support more than one tunnel device. + + + * lib/krb/*.c: All functions that create or decode kerberos + packets have been rewritten. Hopefully, everything still + works. This is to eliminate problems with wierd systems, like + Crays, that doesn't have any two or four byte integers. Some of + these changes could be a lot more pretty, and *many* assumptions + that sizeof(int32) == 4 still exist in the rest of the code, + though. + + As a side effect, all packets sent are now in network byte order. + +Mon May 13 1996 + + * configure.in: Shared libraries for Irix + + + * Several fixes for UNICOS. + + * appl/ftp/ftp/krb4.c: Allow default data protection level through + a "prot level" in .netrc. This really should be done in a more + useful manner. + +Sun May 12 1996 + + * appl/xnlock/xnlock.c: Cleaned up user verification code. Now + uses new function krb_verify_user. Also fixed a few problems with + the password prompt box. + + * lib/krb/verify_user.c: New function krb_verify_user to verify a + user with kerberos. + + + * appl/kip: New program for forwarding IP packets over kerberised + connections using tunnel devices. + + * appl/kauth/kauth.c, kadmin/ksrvutil.c: Use + krb_get_default_principal + + * appl/bsd/rlogind.c: Do not change portnumber to host order if + using kerberos. This will cause the magic + `reverse-time-if-port-is-less-than' to fail. + + * lib/des/GNUmakefile: Removed file. This file causes problem + when building in the source directory and when using GNU make + which prefers this file to the generated Makefile. + + * appl/bsd/login.c: More careful when handling returned value from + `getspnam'. + +Sat May 11 1996 + + * lib/krb/realm_parse.c: New function to expand a non-complete + realm to its official name, e.g nada -> NADA.KTH.SE. + + * lib/krb/get_default_principal.c: New function to guess the + default principal to use. Looks at any existing ticket file first, + then at uid/logname etc. + + + * kadmin/kadmin.c: Use kname_parse and allow different instances + and realms. + + * lib/roken/k_getpwnam.c: New function k_getpwnam that should work + with and without shadow passwords. + + * Lots of files: s/getpwnam/k_&/g. + +Tue May 7 1996 + + * lib/des/des_locl.h: DES library updated to version 3.23, + des_locl.h now includes configure.h to get HAVE_TERMIOS etc. + + * lib/des/des.h: On the alpha define DES_LONG to unsigned int. + + + * kuser/kinit.c: Handle passwords longer than 16 characters. + + * appl/xnlock/xnlock.c (GetPasswd): Handle longer passwords than + 16 characters. + +Sun May 5 1996 + + * Release 0.8. + + + * appl/ftp/ftpd/kauth.c: Klist command. + + + * appl/ftp/ftpd: Removed `-g' from calls to ls. + + * appl/ftp/ftp/cmds.c (setpeer): Fix so that opening a second + connection to a specified port works. + + * appl/telnet/telnet: Default is binary. + + * appl: Now build under Ultrix. + + * appl/kx: Now even builds on AIX. + +Sat May 4 1996 + + * lib/des: Now merged in libdes 3.21 on main branch. + + + * appl/ftp/ftpd/logwtmp.c: Slightly different functionality. Works + on systems that has more fields in struct utmp such as OSF/1. + Still some questions about Solaris. + + * lib/krb/lsb_addr_comp.c: Now byteorder independent. + + + * appl/kx: Rewrote kx & kxd to share more code. They are also now + able to talk both ways. + + * lib/kdb/krb_dbm.c (kerb_db_rename): Now works properly when + using berkeley DB. + +Thu Apr 25 1996 + + * lib/krb/get_krbrlm.c (krb_get_default_realm): New function for + SunOS5 compat. + + * When building shared libraries link libkrb with libdes to be + compatible with SunOS5. + + * Move lib/krb/krb_err.et to lib/kadm since it is only used there, + no longer need to link libkrb against libcom_err. + +Wed Apr 24 1996 + + * lib/krb/lsb_addr_comp.h: Renamed ugly lsb_addr_comp. + + * Some porting to UNICOS. + +Tue Apr 23 1996 + + * Moved some junk from appl/bsd to libroken. + + * lib/roken/Makefile.in (LIBNAME): Added header file roken.h for + library libroken.a. + + + * Add kerberized ftp. + + * Add libroken. + +Mon Apr 22 1996 + + * appl/kauth/kauth.c: When commands are given to kauth, a new + ticket file is used. + +Sat Apr 20 1996 + + * appl/xnlock/xnlock.c: Fixed a potential overwrite bug. Also + works with more than one screen, only fancy stuff on screen 0, + though. + +Fri Apr 19 1996 + + * appl/bsd/login.c, su.c, rshd.c, rlogind.c: Syslog and abort when + getpwnam returns uid == 0 but user is not root. This is usually + the result of an attack on NIS (former YP). + +Wed Apr 17 1996 + + * kadmin/ksrvutil.c (get_key_from_password): Support for + generating AFS keys. From <flag@it.kth.se> + +Sun Apr 14 1996 + + * appl/kx: New program for forwarding a X connection. + +Mon Apr 8 1996 + + * appl/bsd/rsh.c (get_shell_port): Default port number for ekshell + changed from 2106 to 545. + + * appl/bsd/login.c (doremotelogin): Remove terminal speed from the + value of $TERM in the case of an ancient rlogind being used. + +Thu Apr 4 1996 + + * lib/kafs/afssys.c (k_afsklog): Try to read from + /usr/vice/etc/TheseCells for list of cells we should try to obtain + tokens for. + + * appl/kauth/kauth.c (renew): Use cell even when renewing. + + * appl/kauth/kauth.c, appl/xnlock/xnlock.c: Always call k_afsklog + with realm == NULL. + + + * lib/kafs/afssys.c: More thorough guessing of what realm a cell + belongs to. + +Wed Apr 3 1996 + + * appl/bsd/login.c: If setuid() failes and not logging in as root, + exit. + +Tue Apr 2 1996 + + * server/kerberos.c: Set name, inst, and realm to NULL in + APPL_REQUEST, error replies tend to look a bit funny otherwise. + +Thu Mar 28 1996 + + * appl/bsd/iruserok.c (iruserok): Imported iruserok() FreeBSD. + +Tue Mar 26 1996 + + * lib/des/Makefile.in: Removed enc_read.c enc_writ.c. + + * appl/bsd/Makefile.in: New file with the old functions from + libdes. + + + * appl/bsd/utmp_login.c: Fixed (hopefully) double utmp-entries in + Solaris. Only put entries in one of utmp/utmpx, since they both + get updated by putut*ent() anyway. + +Mon Mar 25 1996 + + * kuser/klist.c (main): Use verbose option (-v) to list key + version numbers. + + + * Release 0.7. + +Sun Mar 24 1996 + + * appl/bsd/rlogin.c (doit): Moved signal junk (as far as possible) + to doit(). + + + * configure.in: Check for getmsg with AC_TRY_RUN instead. + Otherwise it fails under AIx 3.2. Now rlogind works on this + so-called OS. Also cache value of berkeley db check. + + + * lib/kdb/krb_kdb_utils.c: New experimental masterkey generation, + enabled with --enable-random-mkey. This makes kdb_init et al + generate random master keys, based on random input from the + user. This comes in a package with auto-kstash, and possibility to + enter lost master keys as base64. + + Moved default master key file from /.k to + /var/kerberos/master-key, override with --with-mkey=file. + + + * kadmin/kadmin.c (do_init): Handle the `-t' option to kadmin, + meaning do not get a new ticket file. (From CNS). + +Fri Mar 22 1996 + + * appl/xnlock/xnlock.c: Removed some dead code, and a few unused + header files. + + + * kadmin/pw_check.c (kadm_pw_check): If kadm_pw_check() + fails *pw_msg can't be 0! At the very least use the + empty string but a descriptive error-message is preferred. + + * libtelnet: add nonbroken signal() function. + +Wed Mar 20 1996 + + * appl/kpopper/pop_pass.c (pop_pass): Use kuserok to determine if + user is allowed to fetch mail. + + * appl/kpopper/*. Got rid of some ugly codes and some warnings. + + * appl/bsd/Makefile.in: signal.o was not included in OBJECTS, + which made strange makes not doing what they should. + + * configure.in, appl/kpopper/popper.h, appl/bsd/pathnames.h: Now + should work on systems that do not have mail spool files in + /var/spool/mail. Looks for MAILDIR or _PATH_MAILDIR, usually from + <paths.h> or <maillock.h>. Defaults to /var/spool/mail. + +Mon Mar 18 1996 + + * appl/bsd/bsd_locl.h: TIOCPKT for those systems missing it. + +Fri Mar 15 1996 + + * lib/kafs/kafs.h: Use <sys/ioctl.h> instead of <sys/ioccom.h> + + * appl/bsd/rshd.c (doit): Don't set environ, send it as an + argument to execle instead. + + * lib/kafs/kafs.h: Find definition of _IOW. + + * configure.in: Check for random. + + * appl/bsd/bsd_locl.h: Including <crypt.h> gives too many conflicts. + + * appl/afsutil/pagsh.c: Check for random. + +Thu Mar 14 1996 + + * appl/bsd/bsd_locl.h, appl/telnet/telnetd/defs.h: Default values + of `TIOCPKT_FLUSHWRITE' & c:o. + + * appl/telnet/telnet{,d}/Makefile.in (telnetd): Change order of + linking in libraries. + + * configure.in: Check for interesting functions in libsocket and + libnsl and not strange soriasis inventions. + +Wed Mar 13 1996 + + * appl/bsd/bsd_locl.h (fatal): Only use prototype or iruserok if + the function does not exist. + +Mon Mar 11 1996 + + * lib/krb/krb_err_txt.c (krb_get_err_text): Changed name of + krb_err_msg to krb_get_err_text(int) to be compatible with the CNS + distribution. This function is used for instance by CVS-1.7. + +Sun Mar 10 1996 + + * configure.in, appl/Makefile.in: removed rkinit + + * etc/inetd.conf.changes, etc/services.append: Added kauth. + + * appl/kauth: Integrated rkinit into kauth. + + * appl/kauth/kauth.c (main): Only look for principal name if no -p + has been given. + + * lots of files: prototypes and other small fixes. + + * appl/bsd/sysv_shadow.h: spwd multiple defined. + + * appl/bsd/bsd_locl.h: include <crypt.h> + + * configure.in: Added afsutil and rkinit. + + * */Makefile.in: Do cd $$i && $(MAKE). Otherwise, if cd fails you + end up with an infinite recursion. + + * kuser/klist.c (display_tktfile): Another warning removed. + +Tue Mar 5 1996 + + * appl/bsd/forkpty.c (forkpty): Kludge for Ultrix, rlogind now + works properly also under this system. + + + * appl/afsutil: New aklog and pagsh + + + * lib/krb/krb_equiv.c (krb_equiv): Fix bugs with '\\'. + + * lib/des/rnd_keys.c: Include <sys/time.h>. + +Mon Mar 4 1996 + + * appl/kauth/kauth.c (main): Handle name when given after options. + +Sun Mar 3 1996 + + * appl/rkinit/rkinit.c (getalladdrs): Check for herror. Solaris + apparently does not have any. + (main): Use memset instead of bzero. + + * appl/rkinit/rkinitd.c (decrypt_remote_tkt): bcopy -> memcpy. + + * kuser/kinit.c (main): Corrected lifetime. + + * lib/krb/krb_equiv.c (krb_equiv): Now handles longer lines, + continuation lines and addresses of the form 193.10.156.0/24. + + + * kuser/Makefile.in (kdestroy): Link kdestroy with libkafs. + +Wed Feb 28 1996 + + * Replaced all occurencies of krb_err_txt[] with new function + krb_err_msg(), that does some sanity checks before indexing + krb_err_txt. + +Mon Feb 26 1996 + + * appl/telnet/telnetd: Added flags -z to have telnetd log + unauthenticated logins, such as when using an old telnet + client. Unfortunately in most of these cases, the user name is not + known. + + There should also be a way to tell the difference between bad + authentication (such as with expired tickets) and no attempt to + provide authentication (such as with an old client). + +Sun Feb 25 1996 + + * kuser/kdestroy.c: Remove afs-tokens as well as tickets, -t flags + added to prevent this. + +Thu Feb 22 1996 + + * appl/rkinit/rkinitd.c (doit): Use k_getsockinst to make it work + correctly for multi-homed hosts. + + * appl/rkinit: New program with rkinit functionality. + + * lib/krb/k_getport.c: Function for finding port in /etc/services + with fallback. + + * lib/krb/netread.c,netwrite.c (krb_net_{read,write}): Now correct + prototype with void * and size_t. + +Wed Feb 21 1996 + + * kadmin/new_pwd.c (get_pw_new_pwd): Moved get_pw_new_pwd to + seperate file. Now called both from kadmin and kpasswd. + + * kadmin/pw_check.c (kadm_pw_check): Handle the case of no + password provided. This is really a policy decision. The server + should be able to say `use a client that sends the password'. + + * appl/bsd/rlogind.c (local_domain): MAXHOSTNAMELEN -> MaxHostNameLen. + +Sun Feb 18 1996 + + * appl/bsd/rcp.c (answer_auth): Made rcp multihome aware. + + * appl/bsd/rlogind.c (do_krb_login): Made rlogind multihome aware. + + * appl/bsd/rshd.c (doit): Made rshd multihome aware. + + * lib/krb/k_getsockinst.c (k_getsockinst): New function to figure + out the instance name of interfaces on multihomed hosts. Use this + function when making daemons multihome aware. + + * appl/telnet/libtelnet/kerberos.c (kerberos4_is): Made telnetd + multihome aware. + +Mon Feb 12 1996 + + * Release 0.6. + +Sun Feb 11 1996 + + * lots of files: hacks to make it all compile. + + * configure.in, appl/telnet/configure.in: More broken AIX. + + + * appl/bsd/bsd_locl.h: Fix for old syslogs (as in Ultrix). + + + * appl/telnet/libtelnet/encrypt.c: encrypt_verbose by default. + + + * appl/telnet/libtelnet/kerberos.c: Show difference between + MUTUAL and ONE_WAY KERBEROS4. + + * appl/telnet/libtelnet/encrypt.c: + Print message about not encrypting when receiving WONT or DONT encrypt. + + + * configure.in: Automatic check for HAVE_NEW_DB. + + + * lib/krb/getaddrs.c (k_get_all_addrs): Fixed for systems with + SOCKADDR_HAS_SA_LEN, aka 4.4BSD-based. + + * appl/telnet/telnetd/global.c: Removed some multiple defined + variables. + + * appl/bsd/rlogind.c (cleanup): ifndef HAVE_VHANGUP. + + * appl/bsd/sysv_shadow.h: Add DAY and DAY_NOW ifndef. + + * configure.in: Check if `struct sockaddr' has `sa_len'. + +Sat Feb 10 1996 + + * appl/telnet/telnetd/telnetd.c (recv_ayt): pty -> ourpty. + + * appl/bsd/bsd_locl.h: More include-files: <sys/uio.h> and <userpw.h> + + * appl/kpopper/popper.c (catchSIGHUP): Got rid of some warnings. + + * lib/krb/log.c (new_log): Yet another year 2000. + + * appl/bsd/sysv_environ.c (read_etc_environment): Support setting + environment variables from /etc/environment. + + * appl/bsd/bsd_locl.h: <usersec.h> + + * configure.in: check for setpcred, libs.a and <usersec.h>. + + * appl/bsd/login.c (main): setpcred is used on AIX. + + * appl/bsd/rshd.c (doit): Added setpcred for AIX. + + * lib/krb/getaddrs.c: <sys/sockio.h> is sometimes needed. + + * admin/kdb_init.c (main): Now verifies master key. + + * lib/kdb/krb_kdb_utils.c (kdb_get_master_key): Added possibility + of asking for verfication. + + * appl/bsd/bsd_locl.h: Try to include <sys/stream.h> + + * appl/telnet/telnetd/utility.c (printsub): Mismatch arguments. + + * lib/krb/send_to_kdc.c (send_to_kdc): Send to all A records and + accept an answer from anything we have sent to. + + * appl/kauth/kauth.c (renew): Use strange return types for strange + OSes. + (doexec): Remove tokens. + + * server/kerberos.c (main): Uses k_get_all_addrs and binds to each + of these addresses. + + * kadmin/ksrvutil_get.c (ksrvutil_get): Added support for + specifying key to create on command line to get. + +Wed Feb 7 1996 + + * lib/krb/log.c (k_log): Now using YYYY for years. + + * lib/krb/klog.c (klog): Preparing for the year 2000. + + * kuser/kinit.c (main): Added option -p to get changepw-tickets. + + * lib/krb/getaddrs.c: New file to get all the addresses of all the + interfaces on this machine. + +Tue Feb 6 1996 + + * configure.in: Support for S/Key in login.c. Use --with-skeylib + switch to configure. The code assumes that the skeylib.a comes + from logdaemon. + + * General support for shadow password files if there is an + shadow.h. + + * appl/bsd/su.c: Arrange so that it supports shadow passords. + +Sun Feb 4 1996 + + * appl/telnet/*: Hacks to make it work on strange OSes. + + * appl/bsd/bsd_locl.h: Check for sys/ptyvar.h + + * appl/telnet/configure.in (telnet_msg): sys/str_tty.h, sys/uio.h + + * configure.in: test for crypt.h and sys/ptyvar.h + + * appl/telnet/telnetd/*.c: pty -> ourpty. + + + * telnetd: Changes to make more systems work better, specifically + AIX 4. Hopefully this will work on both STREAM and BSD + systems. Not tested on some systems, like CRAY and Linux. + + + * util/ss/mk_cmds.c: Generating cleaner code. + + * lib/krb/krb_err_txt.c (krb_err_txt): Clarification. + + * kadmin/admin_server.c: Less varnings. + + * appl/xnlock/xnlock.c: Changed some types and added some casts. + + * appl/movemail/movemail.c: Not using syswait.h anymore. + + * appl/xnlock/xnlock.c: God rid of some warnings. + + * util/ss/*.[ch]: cleanup + + * util/et/*.[ch]: cleanup + + * appl/bsd/rcp.c: Less warnings. + + * kadmin/admin_server.c (kadm_listen): Get rid of another warning. + + * kadmin/pw_check.c (kadm_pw_check): Support for letting cracklib + check the quality of the password. + + * kadmin/pw_check.h (kadm_pw_check): New argument to + kadm_pw_check: list of useful strings to check for. + + * kadmin/kadm_server.c (kadm_ser_cpw): Send a few `useful' strings + to kadm_pw_check (name, instance, and realm). + + * kadmin/Makefile.in (kadmind): Linking with -lcrack. + + * configure.in: Support for --with-cracklib and --with-dictpath. + + * kadmin/ksrvutil_get.c: Now seems to be working. + + * kadmin/ksrvutil.h: Some new parameters. + + * kadmin/ksrvutil.c: Some reorganisation and uses a working + ksrvutil_get. + + * appl/movemail/movemail.c: Some more include-files. + + * appl/bsd/rlogind.c: Testing for the existence of vhangup. + +Wed Jan 31 1996 + + * configure.in: Massaged the configure files so that we can build + under NEXTSTEP 3.3. Some kludges to prevent cpp bugs and link + errors where also neccessary. + +Tue Jan 30 1996 + + * appl/xnlock/xnlock.c (main): Improved user feedback on password + input. + + * appl/xnlock/xnlock.c: Applied patch made by flag@it.kth.se that + enables C-u to erase the password field. + + * lib/krb/lifetime.c: configure now creates a version string which + is referenced here. Use what and grep version to figure out where, + when and by whom binaries where created. + + * appl/bsd/forkpty.c (ptys_open): Call revoke before pty slave is + opened. Add revoke using vhangup for those system lacking revoke. + Also call vhangup when rlogind exits. + +Mon Jan 29 1996 + + * lib/krb/send_to_kdc.c (send_to_kdc): Removed kludge for SunOS + 3.2 and Ultrix 2.2 that prevented multihomed kerberos servers to + operate correctly. + + * kadmin/kadmin.c (change_key): Add new subcommand change_key so + that it is possible to enter keys in the DB on binary form. Most + usefull for sites running AFS. + +Fri Jan 26 1996 + + * appl/bsd/su.c (koktologin): New option -i root-instance. If you + want a user.afs ticket in a root shell and user.afs is on root's + ACL then do a "su -i afs". + + * Makefile.in: Rearrange the order of object files to make shared + libraries slightly more efficient. + + * appl/kauth/kauth.c (main): Always up case realm. Better error + messages on failed exec. + +Mon Jan 22 1996 + + * appl/bsd/rshd.c (main): New option -P to prevent rshd from using + a new PAG. Expert use only! + + * appl/bsd/rlogind.c (doit): Avoid race when setting tty size. + + * appl/bsd/rlogin.c (reader): Use select rather than horrible + signal hacks to handle OOB data. + + * appl/bsd/login.c (main) sysv_environ.c (sysv_newenv): Login does + now honor the -p switch when invoked by root. This is used by + telnetd to export environment variables. + +Fri Jan 5 1996 + + * appl/bsd/signal.c (signal): New BSD compatible signal + function. Most r* applications assume reliable signals. + + + * appl/bsd/login.c (main): Check HAVE_ULIMIT. + + * appl/bsd/bsd_locl.h: Include sys/ioctl.h. + + * configure.in: Check for ulimit. + + * admin/kdb_edit.c: Flush stdout after printing prompts. + + * appl/kpopper/pop_xmit.c: Remember to include config.h. + +Tue Jan 2 1996 + + * appl/bsd/login.c (main): New function stty_default to setup + default tty settings. + +Fri Dec 29 1995 + + * appl/kstring2key/kstring2key.c (main): New program that converts + passwords to DES keys, either using des_string_to_key or + afs_string_to_key. + + * server/kerberos.c: Kerberos server now listen on 2 ports, + kerberos/udp and kerberos-sec/udp. + +Wed Dec 27 1995 + + * appl/bsd/rcp.c (main): Integrated -x option to rcp. This + required some real horrible hacks in lib/des/enc_{read,write}.c + + * acconfig.h: Enabled MULTIHOMED_KADMIN in acconfig.h. + + * Add RCSID stuff to telnet files. + +Fri Dec 22 1995 + + * appl/bsd/login.c (main): The login program does now by default + read /etc/default/login, even on non Psoriasis systems. Unifdef + SYSV4, this was essentially only for prompting. + +Mon Dec 18 1995 + + * appl/kpopper/popper.c (main): Integrate default timeout of 120 + seconds from Qualcomm popper. Timeout is also set able with -T + seconds. + + + * lib/kadm/kadm_cli_wrap.c (kadm_change_pw_plain): If there's no + password, don't even send the empty string. + +Thu Dec 7 1995 + + * lots of files: all debug messages now printed to stderr (from + <lama@pdc.kth.se>) + + * lib/krb/tf_util.c (tf_create): New method for creating a new + ticket file. Remove the old old and then open with O_CREAT and + O_EXCL. + + * server/kerberos.c, slave/kpropd.c: Some casts to get rid of warnings. + + * configure.in: Added checks for unistd.h, memmove and const. + + * appl/telnet/telnet/commands.c: Changed types of functions to + confirm with struct Command. + + * appl/telnet/configure.in: Check for setpgid. + + * appl/bsd/rlogin.c: Get rid of another warning. + + * appl/bsd/bsd_locl.h, appl/telnet/acconfig.h: New synonym for + solaris. + +Wed Dec 6 1995 + + * (movemail): Now from emacs-19.30. If you have a newish emacs + there is no reason to use this movemail. + + * (kadm): Added support for server side password checks. Hopefully + this is compatible with kerberos 4.10. Old kpasswd:s will give + funny error messages. For examples of checks, see + kadmin/pw_check.c. Since this is mostly political matters, + kadm_pw_check() should probably return KADM_SUCCESS by default. + +Mon Nov 27 1995 + + * appl/telnet/telnetd/telnetd.c (main): Kludge to fix encryption + problem with Mac NCSA telnet 2.6. + + + * lib/krb/stime.c: Now using YYYY for years. (2000 is soon here). + + * appl/bsd/rsh.c, rcp.c, rlogin.c: Fixed fallback for port number + (added missing ntohs). + +Sun Nov 12 1995 + + * (many files): More ANSI/ISO 9899-1990 to the people! + Now actually builds (not including util) with DEC "cc -std1" and + Sun "acc -Xc". There are still major prototype conflicts, but + there isn't much to do about this. + +Sat Oct 28 1995 + + * lib/kadm/kadm_cli_wrap.c: Fallback for kerberos and + kerberos_master services. + +Fri Oct 27 1995 + + * Released version 0.5 + + + * lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the + same code is used both for posix termios and others. + + * rsh, rlogin: Add environment variable RSTAR_NO_WARN which when + set to "yes" make warnings about "rlogin: warning, using standard + rlogin: remote host doesn't support Kerberos." go away. + +Tue Oct 24 1995 + + * admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update): + Optimized so that it can handle large databases, previously a + 10000 entry DB would take *many* minutes, this can now be done in + under a minute. + +Sat Oct 21 1995 + + * Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64 + bit machines. Source should now be free of 64 bit assumptions. + + * admin/copykey.c (copy_from_key): New functions for copying to + and from keys. Neccessary to solve som problems with longs on 64 + bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab. + + * lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems + with longs on 64 bit machines. + +Mon Oct 16 1995 + + * appl/bsd/login.c (main): Lots of stuff to support Psoriasis + login. Courtesy of gertz@lysator.liu.se. + + * configure.in, all Makefile.in's: Support for Linux shared + libraries. Courtesy of svedja@lysator.liu.se. + + * lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno + = KRB_PROT_VERSION; from server kode to libkrb where it really + belongs. + + * appl/bsd/forkpty.c (forkpty): New function that allocates master + and slave ptys in a portable way. Used by rlogind. + + * appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the + same utmpx slot got used by sevral sessions. Courtesy of + gertz@lysator.liu.se. + +Wed Oct 4 1995 + + * util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of + svedja@lysator.liu.se. + + * Fix the above Makefiles to work around bugs in Solaris and OSF/1 + make rules that was triggered by VPATH functionality in the yacc + and lex rules. + +Mon Oct 2 1995 + + * appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg): + Use stdarg instead of varargs. The code is still broken though, + you'll realize that on a machine with 64 bit pointers and 32 bit + int:s and no vsprintf, let's hope there will be no such beasts ;-). + + * appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems + have (or need) modules ttcompat and pckt so don't flag it as a + fatal error if they don't exist. + +Mon Sep 25 1995 + + * kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c + (kadm_listen): Add kludge for kadmind running on a multihomed + server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h + if you need this feature. + + * appl/Makefile.in (SUBDIRS): Add applications movemail kpopper + and xnlock. + +Wed Sep 20 1995 + + * appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not + implemented yet though. + +Wed Sep 13 1995 + + * appl/xnlock/Makefile.in: Some stubs for X11 programs in + configure.in as well as a kerberized version of xnlock. + + * appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback + port numbers if they can not be found using getservbyname. + +Tue Sep 12 1995 + + * appl/bsd/klogin.c (klogin): Use differnet ticket files for each + login so that a malicous user won't be able to destroy our tickets + with a failed login attempt. + + * lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if + there is no such thing try afs@CELL instead. There is now two + arguments to k_afslog(char *cell, char *realm). + +Mon Sep 11 1995 + + * kadmin/admin_server.c (kadm_listen): If we are multihomed we + need to figure out which local address that is used this time + since it is used in "direction" comparison. + +Wed Sep 6 1995 + + * kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default + port number. + + * lib/krb/send_to_kdc.c (send_to_kdc): Default port number + (KRB_PORT) was not in network byte order. + +Tue Sep 5 1995 + + * lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct + when selecting. + + +Mon Sep 4 1995 + + * appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c: + Now does fallback if there isn't any entries in /etc/services for + klogin/kshell. This also made the code a bit more pretty. + + + * appl/bsd/login.c: Added support for lots of more struct utmp fields. + If there is no ttyslot() use setutent and friends. + + * appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c: + Added extern iruserok(). + + * appl/bsd/iruserok.c: Initial revision + + * appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis. + + * appl/bsd/Makefile.in: New install + + * appl/bsd/pathnames.h: Fix default path, rsh and rlogin. + + * appl/bsd/rshd.c: Extend default PATH with bindir to find rcp. + + + * appl/bsd/login.c (login): If there is no ttyslot use setutent + and friends. Added support for lots of more struct utmp fields. + + * server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h: + Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros. + + * appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than + _PATH_DEF. + + * appl/bsd/login.c, su.c (main): Use fallback to bourne shell if + running as root. + + * appl/bsd/su.c (main): Update usage message to reflect that '-' + option must come after the ordinary options and before login-id. + +Sat Sep 2 1995 + + * appl/telnet/telnetd/telnetd.c (doit): If remote host name is to + long to fit into utmp try to remove domain part if it does match + our local domain. + + (main): Add new option -L /bin/login so that it is possible to + specify an alternate login program. + + * appl/telnet/telnet/commands.c (env_init): When exporting + variable DISPLAY and if hostname is not the full name, try to get + the full name from DNS. + + * appl/telnet/telnet/main.c (main): Option -k realm was broken due + to a bogous external declaration. + +Fri Sep 1 1995 + + * kadmin/kadmin.c (add_new_key): Kadmin now properly sets + lifetime, expiration date and attributes in add_new_key command. + +Wed Aug 30 1995 + + * appl/bsd/su.c (main): Don't handle '-' option with getopt. + + * appl/telnet/telnet/externs.h: Removed protection for multiple + inclusions of termio(s).h since it broke definition of termio + macro on POSIX systems. + +Tue Aug 29 1995 + + * lib/krb/lifetime.c (krb_life_to_time): If you want to disable + AFS compatible long lifetimes set krb_no_long_lifetimes = 1. + + Please note that the long lifetimes are 100% compatible up to + 10h so this should rarely be necessary. + + * lib/krb/krb_equiv.c (krb_equiv): If you don't want to use + ipaddress protection of tickets set krb_ignore_ip_address. This + makes it possible for an intruder to steal a ticket and then use + it from som other machine anywhere on the net. + +Mon Aug 28 1995 + + * kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one + local address. Accept request on all interfaces. + + * admin/kdb_edit.c (change_principal): Don't accept illegal + dates. Courtesy of gertz@lysator.liu.se. + +Sat Aug 26 1995 + + * configure.in: AIX specific libraries needed when using standard + libc routine getttyent, IBM should be ashamed! + + * lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t + problem. + + * Added strdup for su and rlogin. + + * Fix for old syslog macros in appl/bsd/bsd_locl. + +Fri Aug 25 1995 + + * lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New + ifdef HAVE_NEW_DB for new databases residing in one file only. + + * appl/bsd/rlogin.c (oob): Add workaround for Linux. + +Mon Aug 21 1995 + + * appl/bsd/getpass.c: New routine that reads up to 127 char + passwords. Used in su.c and login.c. + +Tue Aug 15 1995 + + * appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY + should not be used on HP-UX. + +Mon Aug 14 1995 + + * appl/bsd/rlogin.c (main): Added dummy rlogind that tells user to + rather use telnet. + +Thu Aug 10 1995 + + * lib/krb/ krb.h, decomp_ticket.c, getrealm.c, get_krbhst.c, + get_krbrlm.c, get_admhst.c: + + Use multiple configuration directories for krb.conf and + krb.realms, KRB_CONF and KRB_REALM_TRANS macros substituted with + KRB_CNF_FILES and KRB_RLM_FILES. Currently /etc and + /etc/kerberosIV are searched. Directory specified by envioronment + variable KRBCONFDIR is searched first if set. No hardcoded + realmname or kerberos server. Instead use domainname for deafult + realm and kerberos.domain as kerberos server if they are not + listed in krb.conf and/or krb.realms. In the normal case there + should be no need for configuration files if administrators add a + CNAME pointing to the kerberos server. + + * appl/bsd/Makefile.in and friends: GNU make should no longer be + neccessary unless building with VPATH. + +Wed Aug 9 1995 + + * appl/bsd/klogin.c (klogin): Old ticket file need to be removed + before we call krb_get_pw_in_tkt or we might get a Kerberos intkt + error because the wrong user owns the file. + +Tue Aug 8 1995 + + * configure.in : Telnet.beta2 is now official and has been moved + to appl/telnet. + + * appl/bsd/su.c (main): Reenable -K flag, won't work if not + PASSWD_FALLBACK is enabled. Cosmetics for Password prompt. + +Fri Aug 4 1995 + + * appl/bsd/su.c (kerberos): Don't allow su from possibly bogous + kerberos server. Controlled by #ifdef KLOGIN_PARANOID. + + * lib/kafs/afssys.c (SIGSYS_handler): Need to reinstall handler on + SYSV. + +Mon Jul 24 1995 + + * lib/kafs/afssys.c (k_afsklog): Use default realm on null argument. + + * appl/bsd/rlogin.c, login.c: New programs. + +Fri Jul 21 1995 + + * appl/bsd/kcmd.c rsh.c rlogin.c: Use POSIX signals. + + * appl/telnet.95.05.31.NE/telnetd/sys_term.c, telnetd.c: Port to + IRIX. + +Tue Jul 11 1995 + + * admin/kdb_init.c (main): Use new random generator. Dito in + admin/kdb_edit.c. Use master key to initialize random sequence. + +Mon Jul 10 1995 + + * kadmin/kadmin.c (get_password): Fix for random passwords. + Dito for admin/kdb_edit.c + + * appl/kauth/kauth.c (main): Updated for krb distribution, now + uses new library libkafs. + + * appl/telnet.beta/telnet/main.c (main): New telnet with + encryption hacks from ftp.funet.fi:/pub/unix/security/esrasrc-1.0. + Encryption does not currently work though. + +Tue Jun 20 1995 + + * New library to support AFS. Routines: + + int k_hasafs(void); + int k_afsklog(...); + int k_setpag(void); + int k_unlog(void); + int k_pioctl(char *, int, struct ViceIoctl *, int); + + Modified it to support more than one single entry point AFS + syscalls (needed by HPUX and OSF/1 when running DFS). Don't rely + on transarc headers or library code. + + This has not been tested and will most probably need some + serious violence to get working under AIX. (AIX has since been + fixed to. /bg) + +Fri Jun 16 1995 + + * lib/krb/krb_equiv.c (krb_equiv): Compare IP adresses using + krb_equiv() to allow for hosts with more than one address in files + rd_priv.c rd_req.c and rd_safe.c. + + * slave/kpropd.c (main): Fix uninitialized variables and rewind + file in kprop.c. + +Thu Jun 15 1995 + + * appl/bsd/rcp.c (allocbuf): Fix various bugs. + + * slave/kpropd.c (main): Responder uses + KPROP_SERVICE_NAME.`hostname' and requestor always uses + KPROP_SERVICE_NAME.KRB_MASTER, i.e rcmd.kerberos in kprop/kpropd + protocol. + +Wed Jun 14 1995 + + * appl/bsd/rshd.c (doit): Encryption should now work both ways. + +Tue Jun 13 1995 + + * appl/bsd/pathnames.h: Fixup paths. + + * server/Makefile.in and friends (install): Install daemons in in + libexec and administrator programs in sbin. + + + * Makefile.in: Joda (d91-jda) added install target + +Wed Jun 7 1995 + + * lib/krb/k_strerror.c: New function k_strerror() to use instead + of the non portable sys_errlist[]. diff --git a/crypto/kerberosIV/Makefile.in b/crypto/kerberosIV/Makefile.in new file mode 100644 index 0000000..afa77fb --- /dev/null +++ b/crypto/kerberosIV/Makefile.in @@ -0,0 +1,70 @@ +# $Id: Makefile.in,v 1.30 1997/05/20 18:58:34 bg Exp $ + +srcdir = @srcdir@ +prefix = @prefix@ +VPATH = @srcdir@ + +SHELL = /bin/sh +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs +TRAVELKIT = appl/kauth/kauth kuser/klist appl/telnet/telnet/telnet \ + appl/ftp/ftp/ftp appl/kx/kx appl/kx/rxtelnet + +@SET_MAKE@ + +SUBDIRS = util include lib kuser server slave admin kadmin appl man doc + +all: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) all); done + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +check: + cd lib && $(MAKE) $(MFLAGS) check + +install: + $(MKINSTALLDIRS) $(prefix) + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) install); done + +install-strip: + $(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' install + +uninstall: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done + +travelkit: all + $(MKINSTALLDIRS) tmp + for i in $(TRAVELKIT); \ + do $(INSTALL_PROGRAM) $$i tmp; done + (cd tmp; tar cf ../travelkit.tar `for i in $(TRAVELKIT); do basename $$i; done`) + rm -rf tmp + +travelkit-strip: + $(MAKE) INSTALL_PROGRAM='$(INSTALL_PROGRAM) -s' travelkit + +TAGS: + find . -name '*.[chyl]' -print | etags - + +clean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) clean); done + +mostlyclean: clean + +distclean: + $(MAKE) clean + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) distclean); done + rm -f Makefile config.status config.cache config.log version.h newversion.h.in version.h.in *~ + +realclean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) realclean); done + +.PHONY: all install install-strip uninstall travelkit travelkit-strip clean distclean realclean mostlyclean diff --git a/crypto/kerberosIV/NEWS b/crypto/kerberosIV/NEWS new file mode 100644 index 0000000..cddbb22 --- /dev/null +++ b/crypto/kerberosIV/NEWS @@ -0,0 +1,563 @@ +Minor changes in release 0.9.6: + +* utmp(x) works correctly on systems with utmpx. + +* A security-related bug in ftpd fixed. + +* Compiles on solaris 2.4, 2.6 and on WinNT/95 with cygwin32 beta18. + +* New option `-w' to rxtelnet, rxterm. + +Major changes in release 0.9.5: + +* We made some changes to be compatible with the other kerberised ftp + implementations and this means that an old kerberised ftp client will + not be able to talk to a new ftp server. So try to upgrade your ftp + clients and servers at the same time. The reason for this change is + described in more detail below. + +* The interpretation of /etc/ftpusers has changed slightly, see + ftpusers(5). These changes come from NetBSD. + +* The function `des_quad_cksum', which is used by `krb_rd_safe', and + `krb_mk_safe', has never been compatible with MIT's DES + library. This has now been fixed. + + This fix will however break some programs that used those functions, + for instance `ftp'. In this version `krb_rd_safe' is modified to + accept checksums of both the new and the old format; `krb_mk_safe' + will always emit checksums of the new type *unless* `krb_rd_safe' + has detected that the client is using the old checksum (this feature + may be removed in some future release). + + If you have programs that use `krb_mk_safe' and `krb_rd_safe' you + should upgrade all clients before upgrading your servers. Client is + here defined as the program that first calls `krb_rd_safe'. + + If you are using some protocol that talks to more than one client or + server in one session, the heuristics to detect which kind of + checksum to use might fail. + + The problem with `des_quad_cksum' was just a byte-order problem, so + there are no security problems with using the old versions. Thanks + to Derrick J Brashear <shadow@DEMENTIA.ORG> for pointing in the + right general direction. + +* Rewrote kx to work always open TCP connections in the same + direction. This was needed to make it work through NATs and is + generally a cleaner way of doing it. Also added `tenletxr'. + Unfortunately the new protocol is not compatible with the old one. + The new kx and kxd programs try to figure out if they are talking to + old versions. + +* Quite a bit of new functionality in otp. Changed default hash + function to `md5'. Fixed implementation of SHA and added downcasing + of seed to conform with `draft-ietf-otp-01.txt'. All verification + examples in the draft now work. + +* Fixed buffer overflows. + +* Add history/line editing in kadmin and ftp. + +* utmp/utmpx and wtmp/wtmpx might work better on strange machines. + +* Bug fixes for `rsh -n' and `rcp -x'. + +* reget now works in ftp and ftpd. Passive mode works. Other minor + bug fixes as well. + +* New option `-g umask' to ftpd for specifying the umask for anonymous users. + +* Fix for `-l' option in rxtelnet and rxterm. + +* XOVER support in popper. + +* Better support for building shared libraries. + +* Better support for talking to the KDC over TCP. This could make it + easier to use brain-damaged firewalls. + +* Support FreeBSD-style MD5 /etc/passwd. + +* New option `-createuser' to afslog. + +* Upgraded to work with socks5-v1.0r1. + +* Almost compiles and works on OS/2 with EMX, and Win95/NT with gnu-win32. + +* Merged in win32-telnet, see README-WIN32 for more details. + +* Possibly fixed telnet bug on HP-UX 10. + +* Updated man-pages. + +* Support for NetBSD/OpenBSD manual page circus. + +* Bug fixes. + +Major changes in release 0.9.3: + +* kx has been rewritten and is now a lot easier to use. Two new + scripts: rxtelnet and rxterm. It also works on machines such as + Cray where the X-libraries cannot talk unix sockets. + +* experimental OTP (RFC1938). Included in login, ftpd, and popper. + +* authentication modules: PAM for linux, SIA for OSF/1, and + afskauthlib for Irix. + +* popper now has the UIDL command. + +* ftpd can now tar and compress files and directories on the fly, also + added a find site command. + +* updated documentation and man pages. + +* Change kuserok so that it acts as if luser@LOCALREALM is always an + entry of .klogin, even when it's not possible to verify that there + is no such file or the file is unreadable. + +* Support for SRV-records. + +* Socks v5 support. + +* rcp is AFS-aware. + +* allow for other transport mechanisms than udp (useful for firewall + tormented souls); as a side effect the format of krb.conf had to + become more flexible + +* sample programs included. + +* work arounds for Linux networking bugs in rlogind and rlogin. + +* more portable + +* quite a number of improvments/bugfixes + +* New platforms: HP-UX 10, Irix 6.2 + +Major changes in release 0.9.2a: + +* fix annoying bug with kauth (et al) returning incorrect error + +Major changes in release 0.9.2: + +* service `kerberos-iv' and port 750 has been registered with IANA. + +* Bugfixes. + + - Compiles with gcc on AIX. + + - Compiles with really old resolvers. + + - ftp works with afs string-to-key. + + - shared libraries should work on Linux/ELF. + + - some potential buffer overruns. + + - general code clean-up. + +* Better Cray/UNICOS support. + +* New platforms: AIX 4.2, IRIX 6.1, and Linux 2.0 + +Major changes in release 0.9.1: + +* Mostly bugfixes. + + - No hardcoded references to /usr/athena + + - Better Linux support with rlogin + + - Fix for broken handling of NULL password in kadmind (such as with + `ksrvutil change') + + - AFS-aware programs should work on AIX systems without AFS + +* New platforms: Digital UNIX 4.0 and Fujitsu UXP/V + +* New mechanism to determine realm from hostname based on DNS. To find + the realm of a.b.c.d it tries to find krb4-realm.a.b.c.d and then + krb4-realm.b.c.d and so on. The entry in DNS should be a TXT record + with the realm name. + + krb4-realm.pdc.kth.se. 7200 TXT "NADA.KTH.SE" + +Major changes in release 0.9: + +* Tested platforms: + +Dec Alpha OSF/1 3.2 with cc -std1 +HP 9000/735 HP/UX 9.05 with gcc +DEC Pmax Ultrix 4.4 with gcc (cc does not work) +IBM RS/6000 AIX 4.1 with xlc (gcc works, cc does not) +SGI IRIX 5.3 with cc +Sun SunOS 4.1.4 with gcc (cc is not ANSI and does not work) +Sun SunOS 5.5 with gcc +Intel i386 NetBSD 1.2 with gcc +Intel i386 Linux 1.3.95 with gcc +Cray J90 Unicos 9 with cc + +* Mostly ported to Crays running Unicos 9. + +* S/Key-support in ftpd. + +* Delete operation supported in kerberos database. + +* Cleaner and more portable code. + +* Even less bugs than before. + +* kpopper now supports the old pop3 protocol and has been renamed to popper. + +* rsh can be renamed remsh. + +* Experimental program for forwarding IP over a kerberos tunnel. + +* Updated to libdes 3.23. + +Major changes in release 0.8: + +* New programs: ftp & ftpd. + +* New programs: kx & kxd. These programs forward X connections over + kerberos-encrypted connections. + +* Incorporated version 3.21 of libdes. + +* login: No double utmp-entries on Solaris. + +* kafs + + * Better guessing of what realm a cell belongs to. + + * Support for authenticating to several cells. Reads + /usr/vice/etc/TheseCells, if present. + +* ksrvutil: Support for generating AFS keys. + +* login, su, rshd, rlogind: tries to counter possible NIS-attack. + +* xnlock: several bug fixes and support for more than one screen. + +* Default port number for ekshell changed from 2106 to 545. kauth + port changed from 4711 to 2120. + +* Rumored to work on Fujitsu UXP/V and Cray UNICOS. + +Major changes in release 0.7: + +* New experimental masterkey generation. Enable with + --enable-random-mkey. Also the default place for the master key has + moved from /.k to /var/kerberos/master-key. This is customizable + with --with-mkey=file. If you don't want you master key to be on the + same backup medium as your database, remember to use this flag. All + relevant programs still checks for /.k. + +* `-t' option to kadmin. + +* Kpopper uses kuserok to verify if user is allowed to pop mail. + +* Kpopper tries to locate the mail spool directory: /var/mail or + /var/spool/mail. + +* kauth has ability to get ticket on a remove host with the `-h' option. + +* afslog (aklog clone) and pagsh included. + +* New format for /etc/krb.equiv. + +* Better multi-homed hosts support in kauth, rcp, rlogin, rlogind, + rshd, telnet, telnetd. + +* rlogind works on ultrix and aix 3.2. + +* lots of bug fixes. + +Major changes in release 0.6: + +* Tested platforms: + +DEC/Alpha OSF3.2 +HP700 HPux 9.x +Dec/Pmax Ultrix 4.4 (rlogind not working) +IBM RS/6000 AIX 3.2 (rlogind not working) +IBM RS/6000 AIX 4.1 +SGI Irix 5.3 +Sun Sunos 4.1.x +Sun Sunos 5.4 +386 BSD/OS 2.0.1 +386 NetBSD 1.1 +386 Linux 1.2.13 + +It is rumored to work to some extent on NextStep 3.3. + +* ksrvutil get to create new keys and put them in the database at the +same time. + +* Support for S/Key in login. + +* kstring2key: new program to show string to key conversion. + +* Kerberos server should now listen on all available network +interfaces and on both port 88 and 750. + +* Timeout in kpopper. + +* Support password quality checks in kadmind. Use --with-crack-lib to +link kadmind with cracklib. The patches in cracklib.patch are needed. + +* Movemail from emacs 19.30. + +* Logging format uses four digits for years. + +* Fallback if port numbers are not listed in /etc/services. + + + * Relesed version 0.5 + + * lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the + same code is used both for posix termios and others. + + * rsh, rlogin: Add environment variable RSTAR_NO_WARN which when + set to "yes" make warnings about "rlogin: warning, using standard + rlogin: remote host doesn't support Kerberos." go away. + + * admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update): + Optimized so that it can handle large databases, previously a + 10000 entry DB would take *many* minutes, this can now be done in + under a minute. + + * Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64 + bit machines. Source should now be free of 64 bit assumptions. + + * admin/copykey.c (copy_from_key): New functions for copying to + and from keys. Neccessary to solve som problems with longs on 64 + bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab. + + * lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems + with longs on 64 bit machines. + + * appl/bsd/login.c (main): Lots of stuff to support Psoriasis + login. Courtesy of gertz@lysator.liu.se. + + * configure.in, all Makefile.in's: Support for Linux shared + libraries. Courtesy of svedja@lysator.liu.se. + + * lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno + = KRB_PROT_VERSION; from server kode to libkrb where it really + belongs. + + * appl/bsd/forkpty.c (forkpty): New function that allocates master + and slave ptys in a portable way. Used by rlogind. + + * appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the + same utmpx slot got used by sevral sessions. Courtesy of + gertz@lysator.liu.se. + + * util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of + svedja@lysator.liu.se. + + * Fix the above Makefiles to work around bugs in Solaris and OSF/1 + make rules that was triggered by VPATH functionality in the yacc + and lex rules. + + * appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg): + Use stdarg instead of varargs. The code is still broken though, + you'll realize that on a machine with 64 bit pointers and 32 bit + int:s and no vsprintf, let's hope there will be no such beasts ;-). + + * appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems + have (or need) modules ttcompat and pckt so don't flag it as a + fatal error if they don't exist. + + * kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c + (kadm_listen): Add kludge for kadmind running on a multihomed + server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h + if you need this feature. + + * appl/Makefile.in (SUBDIRS): Add applications movemail kpopper + and xnlock. + + * appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not + implemented yet though. + + * appl/xnlock/Makefile.in: Some stubs for X11 programs in + configure.in as well as a kerberized version of xnlock. + + * appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback + port numbers if they can not be found using getservbyname. + + * appl/bsd/klogin.c (klogin): Use differnet ticket files for each + login so that a malicous user won't be able to destroy our tickets + with a failed login attempt. + + * lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if + there is no such thing try afs@CELL instead. There is now two + arguments to k_afslog(char *cell, char *realm). + + * kadmin/admin_server.c (kadm_listen): If we are multihomed we + need to figure out which local address that is used this time + since it is used in "direction" comparison. + + * kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default + port number. + + * lib/krb/send_to_kdc.c (send_to_kdc): Default port number + (KRB_PORT) was not in network byte order. + + * lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct + when selecting. + + * appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c: + Now does fallback if there isn't any entries in /etc/services for + klogin/kshell. This also made the code a bit more pretty. + + * appl/bsd/login.c: Added support for lots of more struct utmp fields. + If there is no ttyslot() use setutent and friends. + + * appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c: + Added extern iruserok(). + + * appl/bsd/iruserok.c: Initial revision + + * appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis. + + * appl/bsd/Makefile.in: New install + + * appl/bsd/pathnames.h: Fix default path, rsh and rlogin. + + * appl/bsd/rshd.c: Extend default PATH with bindir to find rcp. + + * appl/bsd/login.c (login): If there is no ttyslot use setutent + and friends. Added support for lots of more struct utmp fields. + + * server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h: + Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros. + + * appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than + _PATH_DEF. + + * appl/bsd/login.c, su.c (main): Use fallback to bourne shell if + running as root. + + * appl/bsd/su.c (main): Update usage message to reflect that '-' + option must come after the ordinary options and before login-id. + + * appl/telnet/telnetd/telnetd.c (doit): If remote host name is to + long to fit into utmp try to remove domain part if it does match + our local domain. + + (main): Add new option -L /bin/login so that it is possible to + specify an alternate login program. + + * appl/telnet/telnet/commands.c (env_init): When exporting + variable DISPLAY and if hostname is not the full name, try to get + the full name from DNS. + + * appl/telnet/telnet/main.c (main): Option -k realm was broken due + to a bogous external declaration. + + * kadmin/kadmin.c (add_new_key): Kadmin now properly sets + lifetime, expiration date and attributes in add_new_key command. + + * appl/bsd/su.c (main): Don't handle '-' option with getopt. + + * appl/telnet/telnet/externs.h: Removed protection for multiple + inclusions of termio(s).h since it broke definition of termio + macro on POSIX systems. + + * lib/krb/lifetime.c (krb_life_to_time): If you want to disable + AFS compatible long lifetimes set krb_no_long_lifetimes = 1. + + Please note that the long lifetimes are 100% compatible up to + 10h so this should rarely be necessary. + + * lib/krb/krb_equiv.c (krb_equiv): If you don't want to use + ipaddress protection of tickets set krb_ignore_ip_address. This + makes it possible for an intruder to steal a ticket and then use + it from som other machine anywhere on the net. + + * kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one + local address. Accept request on all interfaces. + + * admin/kdb_edit.c (change_principal): Don't accept illegal + dates. Courtesy of gertz@lysator.liu.se. + + * configure.in: AIX specific libraries needed when using standard + libc routine getttyent, IBM should be ashamed! + + * lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t + problem. + + * Added strdup for su and rlogin. + + * Fix for old syslog macros in appl/bsd/bsd_locl. + + * lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New + ifdef HAVE_NEW_DB for new databases residing in one file only. + + * appl/bsd/rlogin.c (oob): Add workaround for Linux. + + * appl/bsd/getpass.c: New routine that reads up to 127 char + passwords. Used in su.c and login.c. + + * appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY + should not be used on HP-UX. + +==========================*** Released 0.2? ***============================= + +ksrvutil + If there is a dot in the about to be added principals name there is + no need to ask for instance name. + +kerberos & kadmind + Logfiles are created with small permissions (600). + +krb.conf and krb.realms + Use domain part as realm name if there is no match in krb.realms. + Use kerberos.REALMNAME if there is no match in krb.realms. + +rlogin + The rlogin client is supported both with and without encryption, + there is no rlogind yet though. + +login + There is login program that supports the -f option. Both kerberos + and /etc/passwd authentication is enabled. + + Vendors login programs typically have no -f option (needed by + telnetd) and also does not know how to verify passwords againts + kerberos. + +appl/bsd/* + Now uses POSIX signals. + +kdb_edit, kadmin + Generate random passwords if administrator enters empty password. + +lib/kafs + New library to support AFS. Routines: + int k_hasafs(void); + int k_afsklog(...); or some other name + int k_setpag(void); + int k_unlog(void); + int k_pioctl(char *, int, struct ViceIoctl *, int); + + Library supports more than one single entry point AFS syscalls + (needed be HP/UX and OSF/1 when running DFS). Doesn't rely on + transarc headers or library code. Same binaries can be used both on + machines running AFS and others. + + This library is used in telnetd, login and the r* programs. + +telnet & telnetd + Based on telnet.95.05.31.NE but with the encryption hacks from + ftp.funet.fi:/pub/unix/security/esrasrc-1.0 added. This encryption + stuff needed some more modifications (done by joda@nada.kth.se) + before it was usable. Telnet has also been modified to use GNU + autoconf. + +Numerous other changes that are long since forgotten. diff --git a/crypto/kerberosIV/PROBLEMS b/crypto/kerberosIV/PROBLEMS new file mode 100644 index 0000000..f6eeeef --- /dev/null +++ b/crypto/kerberosIV/PROBLEMS @@ -0,0 +1,74 @@ + +Problems compiling Kerberos +=========================== + +Many compilers require a switch to become ANSI compliant. Since kth-krb +is written in ANSI C it is necessary to specify the name of the compiler +to be used and the required switch to make it ANSI compliant. This is +most easily done when running configure using the `env' command. For +instance to build under HP-UX using the native compiler do: + + datan$ env CC="cc -Ae" ./configure + +In general `gcc' works. The following combinations have also been +verified to successfully compile the distribution: + +`HP-UX' + `cc -Ae' + +`Digital UNIX' + `cc -std1' + +`AIX' + `xlc' + +`Solaris 2.x' + `cc' (unbundled one) + +`IRIX' + `cc' + +Linux problems +-------------- + +Some systems have lost `/usr/include/ndbm.h' which is necessary to +build kth-krb correctly. There is a `ndbm.h.Linux' right next to the +source distribution. + +There has been reports of non-working `libdb' on some Linux +distributions. If that happens, use the `--without-berkeley-db' when +configuring. + +HP-UX problems +-------------- + +The shared library `/usr/lib/libndbm.sl' doesn't exist on all systems. +To make problems even worse, there is never an archive version for +static linking either. Therefore, when building "truly portable" +binaries first install GNU gdbm or Berkeley DB, and make sure that you +are linking against that library. + +Cray problems +------------- + +`rlogind' won't work on Crays until `forkpty()' has been ported, in the +mean time use `telnetd'. + +AIX problems +------------ + +`gcc' version 2.7.2.1 has a bug which makes it miscompile +`appl/telnet/telnetd/sys_term.c' (and possibily `appl/bsd/forkpty.c'), +if used with too much optimization. + +C2 problems +----------- + +The programs that checks passwords works with `passwd', OTP, and +Kerberos paswords. This is problem if you use C2 security (or use some +other password database), that normally keeps passwords in some obscure +place. If you want to use Kerberos with C2 security you will have to +think about what kind of changes are necessary. See also the discussion +about Digital's SIA and C2 security, see *Note Digital SIA::. + + diff --git a/crypto/kerberosIV/README b/crypto/kerberosIV/README new file mode 100644 index 0000000..0647614 --- /dev/null +++ b/crypto/kerberosIV/README @@ -0,0 +1,44 @@ +This is a severly hacked up version of Eric Young's eBones-p9 kerberos +version. The DES library has been updated with his 3.23 version and +numerous patches collected over the years have been applied to both +the kerberos and DES sources, most notably the CMU patches for extended +lifetimes that AFS uses. There is also support for AFS built into most +programs. + +The source has been changed to use ANSI C and POSIX to the largest +possible extent. The code in util/et and appl/bsd have not been +updated in this way though (they really need it). + +Telnet and telnetd are based on the telnet.95.10.23.NE.tar.Z. Kerberos +authentication is the default and warnings are issued by telnetd if +the telnet client does not turn on encryption. + +The r* programs in appl/bsd have been updated with newer sources from +NetBSD and FreeBSD. NOTE: use of telnet is prefered to the use of +rlogin which is a temporary hack and not an Internet standard (and has +only been documented quite recently). Telnet uses kerberos +authentication to prevent the passing of cleartext passwords and is +thus superior to rlogin. + +The distribution has been configured to primarily use kerberos +authentication with a fallback to /etc/passwd passwords. This should +make it easy to do a slow migration to kerberos. OTP support is also +included in login, popper, and ftpd. + +All programs in this distribution follow these conventions: + +/usr/athena/bin: User programs +/usr/athena/sbin: Administrator programs +/usr/athena/libexec: Daemons +/etc: Configuration files +/var/log: Logfiles +/var/kerberos: Kerberos database and ACL files + +A W3-page is at http://www.pdc.kth.se/kth-krb/ + +You can get some documentation from ftp://ftp.pdc.kth.se/pub/krb/doc. + +Please report bugs and problems to kth-krb-bugs@nada.kth.se + +There is a mailing list discussing kerberos at krb4@sics.se, send a +message to majordomo@sics.se to subscribe. diff --git a/crypto/kerberosIV/README-WIN32 b/crypto/kerberosIV/README-WIN32 new file mode 100644 index 0000000..ba74c46 --- /dev/null +++ b/crypto/kerberosIV/README-WIN32 @@ -0,0 +1,30 @@ +It should be possible to build several of the libraries and the GUI +telnet ``voodoo'' on Win95/NT. In case you don't want to try there +are binaries available at +ftp://ftp.pdc.kth.se/pub/krb/binaries/i386-unknown-winnt4.0. + +In case you want to build from source and possibly hack some on them +yourself here's a short guide: + +You need to build the libraries (DLLs) first and in this order: + +lib/roken +lib/des +lib/krb +lib/kclient + +And then the two applications: + +appl/krbmanager +appl/voodoo + +In each case there is a Visual-C++ generated makefile with the name +*.mak in the corresponding directory. You might be able to load that +into Microsoft whatever Studio and you might be able to just run nmake +on them. + +Once you have ended up with 4 DLLs and 2 EXEs you only have to place +them in a directory in your PATH and start voodoo. + +In case it doesn't work, you have discovered bugs or added some more +features the mail address to use is <kth-krb-bugs@nada.kth.se> diff --git a/crypto/kerberosIV/TODO b/crypto/kerberosIV/TODO new file mode 100644 index 0000000..66aa1f1 --- /dev/null +++ b/crypto/kerberosIV/TODO @@ -0,0 +1,42 @@ +-*- indented-text -*- +rlogind, rshd, popper, ftpd (telnetd uses nonce?) + Add a replay cache. + +telnet, rlogin, rsh, rcp + Some form of support for ticket forwarding, perhaps only for AFS tickets. + +telnet, telnetd + Add negotiation for keep-alives. + +rlogind + Fix utmp logging. + +documentation + Write more info on: + * how to use + +rshd + Read default environment from /etc/default/login and other files. + Encryption without secondary port is bugged, it currently does no + encryption. But, nobody uses it anyway. + +autoconf + +libraries + generate archive and shared libraries in some portable way. + +k_get_all_addrs + for Cray UNICOS + +ftpd + +kx + Compress and recode X protocol? + +kip + Other kinds of encapsulations? + Tunnel device as loadable kernel module. + Speed? + +BUGS + Where? diff --git a/crypto/kerberosIV/acconfig.h b/crypto/kerberosIV/acconfig.h new file mode 100644 index 0000000..bb7b7aa --- /dev/null +++ b/crypto/kerberosIV/acconfig.h @@ -0,0 +1,282 @@ +/* $Id: acconfig.h,v 1.71 1997/06/01 22:32:24 assar Exp $ */ + +/* Define this if RETSIGTYPE == void */ +#undef VOID_RETSIGTYPE + +/* Define this if struct utmp have ut_user */ +#undef HAVE_UT_USER + +/* Define this if struct utmp have ut_host */ +#undef HAVE_UT_HOST + +/* Define this if struct utmp have ut_addr */ +#undef HAVE_UT_ADDR + +/* Define this if struct utmp have ut_type */ +#undef HAVE_UT_TYPE + +/* Define this if struct utmp have ut_pid */ +#undef HAVE_UT_PID + +/* Define this if struct utmp have ut_id */ +#undef HAVE_UT_ID + +/* Define this if struct utmpx have ut_syslen */ +#undef HAVE_UT_SYSLEN + +/* Define this if struct winsize is declared in sys/termios.h */ +#undef HAVE_STRUCT_WINSIZE + +/* Define this if struct winsize have ws_xpixel */ +#undef HAVE_WS_XPIXEL + +/* Define this if struct winsize have ws_ypixel */ +#undef HAVE_WS_YPIXEL + +/* Define this to be the directory where the dictionary for cracklib */ +/* resides */ +#undef DICTPATH + +/* Define this if you want to use SOCKS v5 */ +#undef SOCKS + +/* Define this to the path of the mail spool directory */ +#undef KRB4_MAILDIR + +/* Define this if `struct sockaddr' includes sa_len */ +#undef SOCKADDR_HAS_SA_LEN + +/* Define this if `struct siaentity' includes ouid */ +#undef SIAENTITY_HAS_OUID + +/* Define if getlogin has POSIX flavour, as opposed to BSD */ +#undef POSIX_GETLOGIN + +/* Define if getpwnam_r has POSIX flavour */ +#undef POSIX_GETPWNAM_R + +/* define if getcwd() is broken (such as in SunOS) */ +#undef BROKEN_GETCWD + +/* define if the system is missing a prototype for crypt() */ +#undef NEED_CRYPT_PROTO + +/* define if the system is missing a prototype for strtok_r() */ +#undef NEED_STRTOK_R_PROTO + +/* define if /bin/ls takes -A */ +#undef HAVE_LS_A + +/* define if you have h_errno */ +#undef HAVE_H_ERRNO + +/* define if you have h_errlist but not hstrerror */ +#undef HAVE_H_ERRLIST + +/* define if you have h_nerr but not hstrerror */ +#undef HAVE_H_NERR + +/* define if your system doesn't declare h_errlist */ +#undef HAVE_H_ERRLIST_DECLARATION + +/* define if your system doesn't declare h_nerr */ +#undef HAVE_H_NERR_DECLARATION + +/* define this if you need a declaration for h_errno */ +#undef HAVE_H_ERRNO_DECLARATION + +/* define if you need a declaration for optarg */ +#undef HAVE_OPTARG_DECLARATION + +/* define if you need a declaration for optind */ +#undef HAVE_OPTIND_DECLARATION + +/* define if you need a declaration for opterr */ +#undef HAVE_OPTERR_DECLARATION + +/* define if you need a declaration for optopt */ +#undef HAVE_OPTOPT_DECLARATION + +/* define if you need a declaration for __progname */ +#undef HAVE___PROGNAME_DECLARATION + +@BOTTOM@ + +#undef HAVE_INT8_T +#undef HAVE_INT16_T +#undef HAVE_INT32_T +#undef HAVE_INT64_T +#undef HAVE_U_INT8_T +#undef HAVE_U_INT16_T +#undef HAVE_U_INT32_T +#undef HAVE_U_INT64_T + +#define RCSID(msg) \ +static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } + +/* + * Set ORGANIZATION to be the desired organization string printed + * by the 'kinit' program. It may have spaces. + */ +#define ORGANIZATION "eBones International" + +#if 0 +#undef BINDIR +#undef LIBDIR +#undef LIBEXECDIR +#undef SBINDIR +#endif + +#if 0 +#define KRB_CNF_FILES { "/etc/krb.conf", "/etc/kerberosIV/krb.conf", 0} +#define KRB_RLM_FILES { "/etc/krb.realms", "/etc/kerberosIV/krb.realms", 0} +#define KRB_EQUIV "/etc/krb.equiv" + +#define KEYFILE "/etc/srvtab" + +#define KRBDIR "/var/kerberos" +#define DBM_FILE KRBDIR "/principal" +#define DEFAULT_ACL_DIR KRBDIR + +#define KRBLOG "/var/log/kerberos.log" /* master server */ +#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */ +#define KADM_SYSLOG "/var/log/admin_server.syslog" +#define K_LOGFIL "/var/log/kpropd.log" +#endif + +/* Maximum values on all known systems */ +#define MaxHostNameLen (64+4) +#define MaxPathLen (1024+4) + +/* + * Define NDBM if you are using the 4.3 ndbm library (which is part of + * libc). If not defined, 4.2 dbm will be assumed. + */ +#if defined(HAVE_DBM_FIRSTKEY) +#define NDBM +#endif + +/* ftp stuff -------------------------------------------------- */ + +#define KERBEROS + +/* telnet stuff ----------------------------------------------- */ + +/* define this if you have kerberos 4 */ +#undef KRB4 + +/* define this if you want encryption */ +#undef ENCRYPTION + +/* define this if you want authentication */ +#undef AUTHENTICATION + +#if defined(ENCRYPTION) && !defined(AUTHENTICATION) +#define AUTHENTICATION 1 +#endif + +/* Set this if you want des encryption */ +#undef DES_ENCRYPTION + +/* Set this to the default system lead string for telnetd + * can contain %-escapes: %s=sysname, %m=machine, %r=os-release + * %v=os-version, %t=tty, %h=hostname, %d=date and time + */ +#undef USE_IM + +/* define this if you want diagnostics in telnetd */ +#undef DIAGNOSTICS + +/* define this if you want support for broken ENV_{VALUE,VAR} systems */ +#undef ENV_HACK + +/* */ +#undef OLD_ENVIRON + +/* Used with login -p */ +#undef LOGIN_ARGS + +/* Define if there are working stream ptys */ +#undef STREAMSPTY + +/* set this to a sensible login */ +#ifndef LOGIN_PATH +#define LOGIN_PATH BINDIR "/login" +#endif + + +/* ------------------------------------------------------------ */ + +/* + * Define this if your ndbm-library really is berkeley db and creates + * files that ends in .db. + */ +#undef HAVE_NEW_DB + +/* Define this if you have a working getmsg */ +#undef HAVE_GETMSG + +/* Define to enable new master key code */ +#undef RANDOM_MKEY + +/* Location of the master key file, default value lives in <kdc.h> */ +#undef MKEYFILE + +/* Define if you don't want support for afs, might be a good idea on + AIX if you don't have afs */ +#undef NO_AFS + +/* Define if you have a readline compatible library */ +#undef HAVE_READLINE + +#ifdef VOID_RETSIGTYPE +#define SIGRETURN(x) return +#else +#define SIGRETURN(x) return (RETSIGTYPE)(x) +#endif + +/* Define this if your compiler supports '#pragma weak' */ +#undef HAVE_PRAGMA_WEAK + +/* Temporary fixes for krb_{rd,mk}_safe */ +#define DES_QUAD_GUESS 0 +#define DES_QUAD_NEW 1 +#define DES_QUAD_OLD 2 + +/* Set this to one of the constants above to specify default checksum + type to emit */ +#undef DES_QUAD_DEFAULT + +/* + * AIX braindamage! + */ +#if _AIX +#define _ALL_SOURCE +#define _POSIX_SOURCE +/* this is left for hysteric reasons :-) */ +#define unix /* well, ok... */ +#endif + +/* + * SunOS braindamage! (Sun include files are generally braindead) + */ +#if (defined(sun) || defined(__sun)) +#if defined(__svr4__) || defined(__SVR4) +#define SunOS 5 +#else +#define SunOS 4 +#endif +#endif + +#if defined(__sgi) || defined(sgi) +#if defined(__SYSTYPE_SVR4) || defined(_SYSTYPE_SVR4) +#define IRIX 5 +#else +#define IRIX 4 +#endif +#endif + +/* IRIX 4 braindamage */ +#if IRIX == 4 && !defined(__STDC__) +#define __STDC__ 0 +#endif diff --git a/crypto/kerberosIV/aclocal.m4 b/crypto/kerberosIV/aclocal.m4 new file mode 100644 index 0000000..133e19d --- /dev/null +++ b/crypto/kerberosIV/aclocal.m4 @@ -0,0 +1,543 @@ +dnl +dnl $Id: aclocal.m4,v 1.38 1997/05/18 18:47:30 assar Exp $ +dnl + +dnl +dnl General tests +dnl + +dnl +dnl Look for function in any of the specified libraries +dnl + +dnl AC_FIND_FUNC_NO_LIBS(func, libraries, includes, arguments) +AC_DEFUN(AC_FIND_FUNC_NO_LIBS, [ + +AC_MSG_CHECKING([for $1]) +AC_CACHE_VAL(ac_cv_funclib_$1, +[ +if eval "test \"\$ac_cv_func_$1\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" $2; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + AC_TRY_LINK([$3],[$1($4)],eval "if test -n \"$ac_lib\";then ac_cv_funclib_$1=$ac_lib; else ac_cv_funclib_$1=yes; fi";break) + done + eval "ac_cv_funclib_$1=\${ac_cv_funclib_$1-no}" + LIBS="$ac_save_LIBS" +fi +]) + +eval "ac_res=\$ac_cv_funclib_$1" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs $1"@@@ +@@@libs="$libs $2"@@@ +END + +changequote(, )dnl +eval "ac_tr_func=HAVE_`echo $1 | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_$1=$ac_res" +changequote([, ])dnl + +case "$ac_res" in + yes) + eval "ac_cv_func_$1=yes" + eval "LIB_$1=" + AC_DEFINE_UNQUOTED($ac_tr_func) + AC_MSG_RESULT([yes]) + ;; + no) + eval "ac_cv_func_$1=no" + eval "LIB_$1=" + AC_MSG_RESULT([no]) + ;; + *) + eval "ac_cv_func_$1=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + AC_DEFINE_UNQUOTED($ac_tr_func) + AC_DEFINE_UNQUOTED($ac_tr_lib) + AC_MSG_RESULT([yes, in $ac_res]) + ;; +esac +AC_SUBST(LIB_$1) +]) + +dnl AC_FIND_FUNC(func, libraries, includes, arguments) +AC_DEFUN(AC_FIND_FUNC, [ +AC_FIND_FUNC_NO_LIBS([$1], [$2], [$3], [$4]) +if test -n "$LIB_$1"; then + LIBS="$LIB_$1 $LIBS" +fi +]) + +dnl +dnl Same as AC _REPLACE_FUNCS, just define HAVE_func if found in normal +dnl libraries + +AC_DEFUN(AC_BROKEN, +[for ac_func in $1 +do +AC_CHECK_FUNC($ac_func, [ +changequote(, )dnl +ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` +changequote([, ])dnl +AC_DEFINE_UNQUOTED($ac_tr_func)],[LIBOBJS="$LIBOBJS ${ac_func}.o"]) +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs $1"@@@ +END +done +AC_SUBST(LIBOBJS)dnl +]) + +dnl +dnl Mix between AC_FIND_FUNC and AC_BROKEN +dnl + +AC_DEFUN(AC_FIND_IF_NOT_BROKEN, +[AC_FIND_FUNC([$1], [$2], [$3], [$4]) +if eval "test \"$ac_cv_func_$1\" != yes"; then +LIBOBJS="$LIBOBJS $1.o" +fi +AC_SUBST(LIBOBJS)dnl +]) + +dnl +dnl +dnl + +dnl AC_TEST_PACKAGE(package,header,lib,linkline) +AC_DEFUN(AC_TEST_PACKAGE, +[ +AC_MSG_CHECKING(for $1) +AC_ARG_WITH($1, +[ --with-$1=dir use $1 in dir], +[if test "$with_$1" = "no"; then + with_$1= +fi] +) +AC_ARG_WITH($1-lib, +[ --with-$1-lib=dir use $1-lib in dir], +[if test "$withval" = "yes" -o "$withval" = "no"; then + AC_MSG_ERROR([No argument for --with-$1-lib]) +elif test "X$with_$1" = "X"; then + with_$1=yes +fi] +) +AC_ARG_WITH($1-include, +[ --with-$1-include=dir use $1-include in dir], +[if test "$withval" = "yes" -o "$withval" = "no"; then + AC_MSG_ERROR([No argument for --with-$1-include]) +elif test "X$with_$1" = "X"; then + with_$1=yes +fi] +) + +define([foo], translit($1, [a-z], [A-Z])) +: << END +@@@syms="$syms foo"@@@ +END + +if test -n "$with_$1"; then + AC_DEFINE([foo]) + if test "$with_$1" != "yes"; then + $1_dir=$with_$1 + fi +dnl Try to find include + if test -n "$with_$1_include"; then + trydir=$with_$1_include + elif test "$with_$1" != "yes"; then + trydir="$with_$1 $with_$1/include" + else + trydir= + fi + found= + for i in $trydir ""; do + if test -n "$i"; then + if test -f $i/$2; then + found=yes; res=$i; break + fi + else + AC_TRY_CPP([#include <$2>], [found=yes; res=$i; break]) + fi + done + if test -n "$found"; then + $1_include=$res + else + AC_MSG_ERROR(Cannot find $2) + fi +dnl Try to find lib + if test -n "$with_$1_lib"; then + trydir=$with_$1_lib + elif test "$with_$1" != "yes"; then + trydir="$with_$1 $with_$1/lib" + else + trydir= + fi + found= + for i in $trydir ""; do + if test -n "$i"; then + if test -f $i/$3; then + found=yes; res=$i; break + fi + else + old_LIBS=$LIBS + LIBS="$4 $LIBS" + AC_TRY_LINK([], [], [found=yes; res=$i; LIBS=$old_LIBS; break]) + LIBS=$old_LIBS + fi + done + if test -n "$found"; then + $1_lib=$res + else + AC_MSG_ERROR(Cannot find $3) + fi + AC_MSG_RESULT([headers $$1_include, libraries $$1_lib]) + AC_DEFINE_UNQUOTED(foo) + if test -n "$$1_include"; then + foo[INCLUDE]="-I$$1_include" + fi + AC_SUBST(foo[INCLUDE]) + if test -n "$$1_lib"; then + foo[LIB]="-L$$1_lib" + fi + foo[LIB]="$foo[LIB] $4" + AC_SUBST(foo[LIB]) +else + AC_MSG_RESULT(no) +fi +undefine([foo]) +]) + +dnl +dnl Check if we need the declaration of a variable +dnl + +dnl AC_HAVE_DECLARATION(includes, variable) +AC_DEFUN(AC_CHECK_DECLARATION, [ +AC_MSG_CHECKING([if $2 is properly declared]) +AC_CACHE_VAL(ac_cv_var_$2_declaration, [ +AC_TRY_COMPILE([$1 +extern struct { int foo; } $2;], +[$2.foo = 1;], +eval "ac_cv_var_$2_declaration=no", +eval "ac_cv_var_$2_declaration=yes") +]) + +ac_tr_var=[HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION] + +define([foo], [HAVE_]translit($2, [a-z], [A-Z])[_DECLARATION]) +: << END +@@@syms="$syms foo"@@@ +END +undefine([foo]) + +AC_MSG_RESULT($ac_cv_var_$2_declaration) +if eval "test \"\$ac_cv_var_$2_declaration\" = yes"; then + AC_DEFINE_UNQUOTED($ac_tr_var) +fi +]) + +dnl +dnl +dnl + +dnl AC_CHECK_VAR(includes, variable) +AC_DEFUN(AC_CHECK_VAR, [ +AC_MSG_CHECKING(for $2) +AC_CACHE_VAL(ac_cv_var_$2, [ +AC_TRY_LINK([extern int $2; +int foo() { return $2; }], + [foo()], + ac_cv_var_$2=yes, ac_cv_var_$2=no) +]) +eval "ac_tr_var=[HAVE_]translit($2,[a-z],[A-Z])" + +define([foo], [HAVE_]translit($2, [a-z], [A-Z])) +: << END +@@@syms="$syms foo"@@@ +END +undefine([foo]) + +AC_MSG_RESULT(`eval echo \\$ac_cv_var_$2`) +if test `eval echo \\$ac_cv_var_$2` = yes; then + AC_DEFINE_UNQUOTED($ac_tr_var) + AC_CHECK_DECLARATION([$1],[$2]) +fi +]) + +dnl +dnl Check if we need the prototype for a function +dnl + +dnl AC_NEED_PROTO(includes, function) + +AC_DEFUN(AC_NEED_PROTO, [ +AC_CACHE_CHECK([if $2 needs a prototype], ac_cv_func_$2_noproto, +AC_TRY_COMPILE([$1], +[struct foo { int foo; } xx; +extern int $2 (struct foo*); +$2(&xx); +], +eval "ac_cv_func_$2_noproto=yes", +eval "ac_cv_func_$2_noproto=no")) +define([foo], [NEED_]translit($2, [a-z], [A-Z])[_PROTO]) +if test "$ac_cv_func_$2_noproto" = yes; then + AC_DEFINE(foo) +fi +: << END +@@@syms="$syms foo"@@@ +END +undefine([foo]) +]) + +dnl AC_MSG_RESULT($ac_cv_func_$3_proto) +dnl if eval "test \"\$ac_cv_func_$3_proto\" = yes"; then +dnl AC_DEFINE_UNQUOTED($ac_tr_func) +dnl fi +dnl ]) +dnl +dnl AC_DEFUN(AC_NEED_PROTO, [ +dnl AC_MSG_CHECKING([if $3 needs a proto]) +dnl AC_CACHE_VAL(ac_cv_func_$3_proto, [ +dnl AC_TRY_COMPILE([$1], +dnl [$2], +dnl eval "ac_cv_func_$3_proto=no", +dnl eval "ac_cv_func_$3_proto=yes") +dnl ]) +dnl changequote(, )dnl +dnl eval "ac_tr_func=NEED_`echo $3 | tr '[a-z]' '[A-Z]'`_PROTO" +dnl changequote([, ])dnl +dnl +dnl define([foo], [NEED_]translit($3, [a-z], [A-Z])[_PROTO]) +dnl : << END +dnl @@@syms="$syms foo"@@@ +dnl END +dnl undefine([foo]) +dnl +dnl AC_MSG_RESULT($ac_cv_func_$3_proto) +dnl if eval "test \"\$ac_cv_func_$3_proto\" = yes"; then +dnl AC_DEFINE_UNQUOTED($ac_tr_func) +dnl fi +dnl ]) + +AC_DEFUN(AC_GROK_TYPE, [ +AC_CACHE_VAL(ac_cv_type_$1, +AC_TRY_COMPILE([ +#include "confdefs.h" +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_BITYPES_H +#include <sys/bitypes.h> +#endif +#ifdef HAVE_BIND_BITYPES_H +#include <bind/bitypes.h> +#endif +#ifdef HAVE_NETINET_IN6_MACHTYPES_H +#include <netinet/in6_machtypes.h> +#endif +], +$i x; +, +eval ac_cv_type_$1=yes, +eval ac_cv_type_$1=no))]) + + +AC_DEFUN(AC_GROK_TYPES, [ +for i in $1; do + AC_MSG_CHECKING(for $i) + AC_GROK_TYPE($i) + eval ac_res=\$ac_cv_type_$i + if test "$ac_res" = yes; then + type=HAVE_`echo $i | tr '[a-z]' '[A-Z]'` + AC_DEFINE_UNQUOTED($type) + fi + AC_MSG_RESULT($ac_res) +done +]) + +dnl +dnl Specific tests +dnl + +dnl +dnl We prefer byacc or yacc because they do not use `alloca' +dnl + +AC_DEFUN(AC_KRB_PROG_YACC, +[AC_CHECK_PROGS(YACC, byacc yacc 'bison -y')]) + +dnl +dnl Also look for EMXOMF for OS/2 +dnl + +AC_DEFUN(AC_KRB_PROG_RANLIB, +[AC_CHECK_PROGS(RANLIB, ranlib EMXOMF, :)]) + +dnl +dnl Better test for ln -s, ln or cp +dnl + +AC_DEFUN(AC_KRB_PROG_LN_S, +[AC_MSG_CHECKING(for ln -s or something else) +AC_CACHE_VAL(ac_cv_prog_LN_S, +[rm -f conftestdata +if ln -s X conftestdata 2>/dev/null +then + rm -f conftestdata + ac_cv_prog_LN_S="ln -s" +else + touch conftestdata1 + if ln conftestdata1 conftestdata2; then + rm -f conftestdata* + ac_cv_prog_LN_S=ln + else + ac_cv_prog_LN_S=cp + fi +fi])dnl +LN_S="$ac_cv_prog_LN_S" +AC_MSG_RESULT($ac_cv_prog_LN_S) +AC_SUBST(LN_S)dnl +]) + +dnl +dnl NEXTSTEP is not posix compliant by default, +dnl you need a switch -posix to the compiler +dnl + +AC_DEFUN(AC_KRB_SYS_NEXTSTEP, [ +AC_MSG_CHECKING(for NEXTSTEP) +AC_CACHE_VAL(krb_cv_sys_nextstep, +AC_EGREP_CPP(yes, +[#ifdef NeXT + yes +#endif +], krb_cv_sys_nextstep=yes, krb_cv_sys_nextstep=no) ) +if test "$krb_cv_sys_nextstep" = "yes"; then + CFLAGS="$CFLAGS -posix" + LIBS="$LIBS -posix" +fi +AC_MSG_RESULT($krb_cv_sys_nextstep) +]) + +dnl +dnl AIX have a very different syscall convention +dnl +AC_DEFUN(AC_KRB_SYS_AIX, [ +AC_MSG_CHECKING(for AIX) +AC_CACHE_VAL(krb_cv_sys_aix, +AC_EGREP_CPP(yes, +[#ifdef _AIX + yes +#endif +], krb_cv_sys_aix=yes, krb_cv_sys_aix=no) ) +AC_MSG_RESULT($krb_cv_sys_aix) +]) + +dnl +dnl test for broken getcwd in (SunOS braindamage) +dnl + +AC_DEFUN(AC_KRB_FUNC_GETCWD_BROKEN, [ +if test "$ac_cv_func_getcwd" = yes; then +AC_MSG_CHECKING(if getcwd is broken) +AC_CACHE_VAL(ac_cv_func_getcwd_broken, [ +ac_cv_func_getcwd_broken=no + +AC_TRY_RUN([ +#include <errno.h> +char *getcwd(char*, int); + +void *popen(char *cmd, char *mode) +{ + errno = ENOTTY; + return 0; +} + +int main() +{ + char *ret; + ret = getcwd(0, 1024); + if(ret == 0 && errno == ENOTTY) + return 0; + return 1; +} +], ac_cv_func_getcwd_broken=yes,:,:) +]) +if test "$ac_cv_func_getcwd_broken" = yes; then + AC_DEFINE(BROKEN_GETCWD, 1)dnl + LIBOBJS="$LIBOBJS getcwd.o" + AC_SUBST(LIBOBJS)dnl + AC_MSG_RESULT($ac_cv_func_getcwd_broken) +else + AC_MSG_RESULT([seems ok]) +fi +fi +]) + + +AC_DEFUN(AC_HAVE_PRAGMA_WEAK, [ +if test "${with_shared}" = "yes"; then +AC_MSG_CHECKING(for pragma weak) +AC_CACHE_VAL(ac_have_pragma_weak, [ +ac_have_pragma_weak=no +cat > conftest_foo.$ac_ext <<'EOF' +[#]line __oline__ "configure" +#include "confdefs.h" +#pragma weak foo = _foo +int _foo = 17; +EOF +cat > conftest_bar.$ac_ext <<'EOF' +[#]line __oline__ "configure" +#include "confdefs.h" +extern int foo; + +int t() { + return foo; +} + +int main() { + return t(); +} +EOF +if AC_TRY_EVAL('CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&AC_FD_CC'); then +ac_have_pragma_weak=yes +fi +rm -rf conftest* +]) +if test "$ac_have_pragma_weak" = "yes"; then + AC_DEFINE(HAVE_PRAGMA_WEAK, 1)dnl +fi +AC_MSG_RESULT($ac_have_pragma_weak) +fi +]) + +dnl +dnl Search for struct winsize +dnl + +AC_DEFUN(AC_KRB_STRUCT_WINSIZE, [ +AC_MSG_CHECKING(for struct winsize) +AC_CACHE_VAL(ac_cv_struct_winsize, [ +ac_cv_struct_winsize=no +for i in sys/termios.h sys/ioctl.h; do +AC_EGREP_HEADER( +changequote(, )dnl +struct[ ]*winsize,dnl +changequote([,])dnl +$i, ac_cv_struct_winsize=yes; break)dnl +done +]) +if test "$ac_cv_struct_winsize" = "yes"; then + AC_DEFINE(HAVE_STRUCT_WINSIZE, 1)dnl +fi +AC_MSG_RESULT($ac_cv_struct_winsize) +AC_EGREP_HEADER(ws_xpixel, termios.h, AC_DEFINE(HAVE_WS_XPIXEL)) +AC_EGREP_HEADER(ws_ypixel, termios.h, AC_DEFINE(HAVE_WS_YPIXEL)) +]) diff --git a/crypto/kerberosIV/admin/Makefile.in b/crypto/kerberosIV/admin/Makefile.in new file mode 100644 index 0000000..d0b68b1 --- /dev/null +++ b/crypto/kerberosIV/admin/Makefile.in @@ -0,0 +1,104 @@ +# $Id: Makefile.in,v 1.26 1997/05/04 08:33:50 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +LIBS = @LIBS@ +LIB_DBM = @LIB_DBM@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ + +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ +sbindir = @sbindir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +PROGS = ext_srvtab$(EXECSUFFIX) \ + kdb_destroy$(EXECSUFFIX) \ + kdb_edit$(EXECSUFFIX) \ + kdb_init$(EXECSUFFIX) \ + kdb_util$(EXECSUFFIX) \ + kstash$(EXECSUFFIX) + +SOURCES = ext_srvtab.c kdb_destroy.c kdb_edit.c \ + kdb_init.c kdb_util.c kstash.c + +OBJECTS = ext_srvtab.o kdb_destroy.o kdb_edit.o \ + kdb_init.o kdb_util.o kstash.o + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(sbindir) + for x in $(PROGS); do \ + $(INSTALL_PROGRAM) $$x $(sbindir)/`echo $$x|sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROGS); do \ + rm -f $(sbindir)/`echo $$x|sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +KLIB=-L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes +LIBROKEN= -L../lib/roken -lroken + +ext_srvtab$(EXECSUFFIX): ext_srvtab.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ ext_srvtab.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +kdb_destroy$(EXECSUFFIX): kdb_destroy.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_destroy.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +kdb_edit$(EXECSUFFIX): kdb_edit.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_edit.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +kdb_init$(EXECSUFFIX): kdb_init.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_init.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +kdb_util$(EXECSUFFIX): kdb_util.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdb_util.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +kstash$(EXECSUFFIX): kstash.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kstash.o $(KLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +$(OBJECTS): ../include/config.h diff --git a/crypto/kerberosIV/admin/adm_locl.h b/crypto/kerberosIV/admin/adm_locl.h new file mode 100644 index 0000000..6cbd20d --- /dev/null +++ b/crypto/kerberosIV/admin/adm_locl.h @@ -0,0 +1,91 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: adm_locl.h,v 1.16 1997/04/20 05:46:14 assar Exp $ */ + +#ifndef __adm_locl_h +#define __adm_locl_h + +#include "config.h" +#include "protos.h" + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <assert.h> + +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif + +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif /* !TIME_WITH_SYS_TIME */ + +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#include <signal.h> +#include <errno.h> + +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif + +#include <err.h> + +#include <roken.h> + +#include <des.h> +#include <krb.h> +#include <krb_db.h> +#include <kdc.h> +#include <kadm.h> + +#endif /* __adm_locl_h */ diff --git a/crypto/kerberosIV/admin/ext_srvtab.c b/crypto/kerberosIV/admin/ext_srvtab.c new file mode 100644 index 0000000..9c02921 --- /dev/null +++ b/crypto/kerberosIV/admin/ext_srvtab.c @@ -0,0 +1,143 @@ +/* + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Description + */ + +#include "adm_locl.h" + +RCSID("$Id: ext_srvtab.c,v 1.13 1997/05/02 14:27:33 assar Exp $"); + +static des_cblock master_key; +static des_cblock session_key; +static des_key_schedule master_key_schedule; +static char realm[REALM_SZ]; + +static void +usage(void) +{ + fprintf(stderr, + "Usage: %s [-n] [-r realm] instance [instance ...]\n", + __progname); + exit(1); +} + +static void +StampOutSecrets(void) +{ + memset(master_key, 0, sizeof master_key); + memset(session_key, 0, sizeof session_key); + memset(master_key_schedule, 0, sizeof master_key_schedule); +} + +static void +Die(void) +{ + StampOutSecrets(); + exit(1); +} + +static void +FWrite(void *p, int size, int n, FILE *f) +{ + if (fwrite(p, size, n, f) != n) { + printf("Error writing output file. Terminating.\n"); + Die(); + } +} + +int +main(int argc, char **argv) +{ + FILE *fout; + char fname[1024]; + int fopen_errs = 0; + int arg; + Principal princs[40]; + int more; + int prompt = KDB_GET_PROMPT; + int n, i; + + set_progname (argv[0]); + memset(realm, 0, sizeof(realm)); + + /* Parse commandline arguments */ + if (argc < 2) + usage(); + else { + for (i = 1; i < argc; i++) { + if (strcmp(argv[i], "-n") == 0) + prompt = FALSE; + else if (strcmp(argv[i], "-r") == 0) { + if (++i >= argc) + usage(); + else { + strcpy(realm, argv[i]); + /* + * This is to humor the broken way commandline + * argument parsing is done. Later, this + * program ignores everything that starts with -. + */ + argv[i][0] = '-'; + } + } + else if (argv[i][0] == '-') + usage(); + else + if (!k_isinst(argv[i])) { + warnx("bad instance name: %s", argv[i]); + usage(); + } + } + } + + if (kdb_get_master_key (prompt, &master_key, master_key_schedule) != 0) + errx (1, "Couldn't read master key."); + + if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) { + exit(1); + } + + /* For each arg, search for instances of arg, and produce */ + /* srvtab file */ + if (!realm[0]) + if (krb_get_lrealm(realm, 1) != KSUCCESS) + errx (1, "couldn't get local realm"); + umask(077); + + for (arg = 1; arg < argc; arg++) { + if (argv[arg][0] == '-') + continue; + snprintf(fname, sizeof(fname), "%s-new-srvtab", argv[arg]); + if ((fout = fopen(fname, "w")) == NULL) { + warn("Couldn't create file '%s'.", fname); + fopen_errs++; + continue; + } + printf("Generating '%s'....\n", fname); + n = kerb_get_principal("*", argv[arg], &princs[0], 40, &more); + if (more) + fprintf(stderr, "More than 40 found...\n"); + for (i = 0; i < n; i++) { + FWrite(princs[i].name, strlen(princs[i].name) + 1, 1, fout); + FWrite(princs[i].instance, strlen(princs[i].instance) + 1, + 1, fout); + FWrite(realm, strlen(realm) + 1, 1, fout); + FWrite(&princs[i].key_version, + sizeof(princs[i].key_version), 1, fout); + copy_to_key(&princs[i].key_low, &princs[i].key_high, session_key); + kdb_encrypt_key (&session_key, &session_key, + &master_key, master_key_schedule, DES_DECRYPT); + FWrite(session_key, sizeof session_key, 1, fout); + } + fclose(fout); + } + + StampOutSecrets(); + + return fopen_errs; /* 0 errors if successful */ + +} diff --git a/crypto/kerberosIV/admin/kdb_destroy.c b/crypto/kerberosIV/admin/kdb_destroy.c new file mode 100644 index 0000000..fca339f --- /dev/null +++ b/crypto/kerberosIV/admin/kdb_destroy.c @@ -0,0 +1,57 @@ +/* + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Description. + */ + +#include "adm_locl.h" + +RCSID("$Id: kdb_destroy.c,v 1.7 1997/03/31 02:25:21 assar Exp $"); + +int +main(int argc, char **argv) +{ + char answer[10]; /* user input */ + char dbm[256]; /* database path and name */ + char dbm1[256]; /* database path and name */ +#ifdef HAVE_NEW_DB + char *file; /* database file names */ +#else + char *file1, *file2; /* database file names */ +#endif + + set_progname (argv[0]); + + strcpy(dbm, DBM_FILE); +#ifdef HAVE_NEW_DB + file = strcat(dbm, ".db"); +#else + strcpy(dbm1, DBM_FILE); + file1 = strcat(dbm, ".dir"); + file2 = strcat(dbm1, ".pag"); +#endif + + printf("You are about to destroy the Kerberos database "); + printf("on this machine.\n"); + printf("Are you sure you want to do this (y/n)? "); + fgets(answer, sizeof(answer), stdin); + + if (answer[0] == 'y' || answer[0] == 'Y') { +#ifdef HAVE_NEW_DB + if (unlink(file) == 0) +#else + if (unlink(file1) == 0 && unlink(file2) == 0) +#endif + { + warnx ("Database deleted at %s", DBM_FILE); + return 0; + } + else + warn ("Database cannot be deleted at %s", DBM_FILE); + } else + warnx ("Database not deleted at %s", DBM_FILE); + return 1; +} diff --git a/crypto/kerberosIV/admin/kdb_edit.c b/crypto/kerberosIV/admin/kdb_edit.c new file mode 100644 index 0000000..5d07135 --- /dev/null +++ b/crypto/kerberosIV/admin/kdb_edit.c @@ -0,0 +1,404 @@ +/* + * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * This routine changes the Kerberos encryption keys for principals, + * i.e., users or services. + */ + +/* + * exit returns 0 ==> success -1 ==> error + */ + +#include "adm_locl.h" + +RCSID("$Id: kdb_edit.c,v 1.25 1997/05/07 01:34:05 assar Exp $"); + +#ifdef DEBUG +extern kerb_debug; +#endif + +#define zaptime(foo) memset((foo), 0, sizeof(*(foo))) + +static int nflag = 0; +static int debug; + +static des_cblock new_key; + +static int i, j; +static int more; + +static char input_name[ANAME_SZ]; +static char input_instance[INST_SZ]; + +#define MAX_PRINCIPAL 10 +static Principal principal_data[MAX_PRINCIPAL]; + +static Principal old_principal; +static Principal default_princ; + +static des_cblock master_key; +static des_cblock session_key; +static des_key_schedule master_key_schedule; +static char pw_str[255]; +static long master_key_version; + +static void +Usage(void) +{ + fprintf(stderr, "Usage: %s [-n]\n", __progname); + exit(1); +} + +static char * +n_gets(char *buf, int size) +{ + char *p; + char *ret; + ret = fgets(buf, size, stdin); + + if (ret && (p = strchr(buf, '\n'))) + *p = 0; + return ret; +} + + +static int +change_principal(void) +{ + static char temp[255]; + int creating = 0; + int editpw = 0; + int changed = 0; + long temp_long; /* Don't change to int32_t, used by scanf */ + int n; + struct tm *tp, edate; + + fprintf(stdout, "\nPrincipal name: "); + fflush(stdout); + if (!n_gets(input_name, sizeof(input_name)) || *input_name == '\0') + return 0; + fprintf(stdout, "Instance: "); + fflush(stdout); + /* instance can be null */ + n_gets(input_instance, sizeof(input_instance)); + j = kerb_get_principal(input_name, input_instance, principal_data, + MAX_PRINCIPAL, &more); + if (!j) { + fprintf(stdout, "\n\07\07<Not found>, Create [y] ? "); + fflush(stdout); + n_gets(temp, sizeof(temp)); /* Default case should work, it didn't */ + if (temp[0] != 'y' && temp[0] != 'Y' && temp[0] != '\0') + return -1; + /* make a new principal, fill in defaults */ + j = 1; + creating = 1; + strcpy(principal_data[0].name, input_name); + strcpy(principal_data[0].instance, input_instance); + principal_data[0].old = NULL; + principal_data[0].exp_date = default_princ.exp_date; + if (strcmp(input_instance, "admin") == 0) + principal_data[0].max_life = 1 + (CLOCK_SKEW/(5*60)); /*5+5 minutes*/ + else if (strcmp(input_instance, "root") == 0) + principal_data[0].max_life = 96; /* 8 hours */ + else + principal_data[0].max_life = default_princ.max_life; + principal_data[0].attributes = default_princ.attributes; + principal_data[0].kdc_key_ver = (unsigned char) master_key_version; + principal_data[0].key_version = 0; /* bumped up later */ + } + tp = k_localtime(&principal_data[0].exp_date); + snprintf(principal_data[0].exp_date_txt, + sizeof(principal_data[0].exp_date_txt), + "%4d-%02d-%02d", + tp->tm_year + 1900, + tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */ + for (i = 0; i < j; i++) { + for (;;) { + fprintf(stdout, + "\nPrincipal: %s, Instance: %s, kdc_key_ver: %d", + principal_data[i].name, principal_data[i].instance, + principal_data[i].kdc_key_ver); + fflush(stdout); + editpw = 1; + changed = 0; + if (!creating) { + /* + * copy the existing data so we can use the old values + * for the qualifier clause of the replace + */ + principal_data[i].old = (char *) &old_principal; + memcpy(&old_principal, &principal_data[i], + sizeof(old_principal)); + printf("\nChange password [n] ? "); + n_gets(temp, sizeof(temp)); + if (strcmp("y", temp) && strcmp("Y", temp)) + editpw = 0; + } + /* password */ + if (editpw) { +#ifdef NOENCRYPTION + placebo_read_pw_string(pw_str, sizeof pw_str, + "\nNew Password: ", TRUE); +#else + if(des_read_pw_string(pw_str, sizeof pw_str, + "\nNew Password: ", TRUE)) + continue; +#endif + if ( strcmp(pw_str, "RANDOM") == 0 + || strcmp(pw_str, "") == 0) { + printf("\nRandom password [y] ? "); + n_gets(temp, sizeof(temp)); + if (!strcmp("n", temp) || !strcmp("N", temp)) { + /* no, use literal */ +#ifdef NOENCRYPTION + memset(new_key, 0, sizeof(des_cblock)); + new_key[0] = 127; +#else + des_string_to_key(pw_str, &new_key); +#endif + memset(pw_str, 0, sizeof pw_str); /* "RANDOM" */ + } else { +#ifdef NOENCRYPTION + memset(new_key, 0, sizeof(des_cblock)); + new_key[0] = 127; +#else + des_new_random_key(&new_key); +#endif + memset(pw_str, 0, sizeof pw_str); + } + } else if (!strcmp(pw_str, "NULL")) { + printf("\nNull Key [y] ? "); + n_gets(temp, sizeof(temp)); + if (!strcmp("n", temp) || !strcmp("N", temp)) { + /* no, use literal */ +#ifdef NOENCRYPTION + memset(new_key, 0, sizeof(des_cblock)); + new_key[0] = 127; +#else + des_string_to_key(pw_str, &new_key); +#endif + memset(pw_str, 0, sizeof pw_str); /* "NULL" */ + } else { + + principal_data[i].key_low = 0; + principal_data[i].key_high = 0; + goto null_key; + } + } else { +#ifdef NOENCRYPTION + memset(new_key, 0, sizeof(des_cblock)); + new_key[0] = 127; +#else + des_string_to_key(pw_str, &new_key); +#endif + memset(pw_str, 0, sizeof pw_str); + } + + /* seal it under the kerberos master key */ + kdb_encrypt_key (&new_key, &new_key, + &master_key, master_key_schedule, + DES_ENCRYPT); + copy_from_key(new_key, + &principal_data[i].key_low, + &principal_data[i].key_high); + memset(new_key, 0, sizeof(new_key)); + null_key: + /* set master key version */ + principal_data[i].kdc_key_ver = + (unsigned char) master_key_version; + /* bump key version # */ + principal_data[i].key_version++; + fprintf(stdout, + "\nPrincipal's new key version = %d\n", + principal_data[i].key_version); + fflush(stdout); + changed = 1; + } + /* expiration date */ + fprintf(stdout, "Expiration date (enter yyyy-mm-dd) [ %s ] ? ", + principal_data[i].exp_date_txt); + fflush(stdout); + zaptime(&edate); + while (n_gets(temp, sizeof(temp)) && ((n = strlen(temp)) > + sizeof(principal_data[0].exp_date_txt))) { + bad_date: + fprintf(stdout, "\07\07Date Invalid\n"); + fprintf(stdout, + "Expiration date (enter yyyy-mm-dd) [ %s ] ? ", + principal_data[i].exp_date_txt); + fflush(stdout); + zaptime(&edate); + } + + if (*temp) { + if (sscanf(temp, "%d-%d-%d", &edate.tm_year, + &edate.tm_mon, &edate.tm_mday) != 3) + goto bad_date; + edate.tm_mon--; /* January is 0, not 1 */ + edate.tm_hour = 23; /* nearly midnight at the end of the */ + edate.tm_min = 59; /* specified day */ + if (krb_check_tm (edate)) + goto bad_date; + edate.tm_year -= 1900; + temp_long = tm2time (edate, 1); + strcpy(principal_data[i].exp_date_txt, temp); + principal_data[i].exp_date = temp_long; + changed = 1; + } + + /* maximum lifetime */ + fprintf(stdout, "Max ticket lifetime (*5 minutes) [ %d ] ? ", + principal_data[i].max_life); + fflush(stdout); + while (n_gets(temp, sizeof(temp)) && *temp) { + if (sscanf(temp, "%ld", &temp_long) != 1) + goto bad_life; + if (temp_long > 255 || (temp_long < 0)) { + bad_life: + fprintf(stdout, "\07\07Invalid, choose 0-255\n"); + fprintf(stdout, + "Max ticket lifetime (*5 minutes) [ %d ] ? ", + principal_data[i].max_life); + fflush(stdout); + continue; + } + changed = 1; + /* dont clobber */ + principal_data[i].max_life = (unsigned short) temp_long; + break; + } + + /* attributes */ + fprintf(stdout, "Attributes [ %d ] ? ", + principal_data[i].attributes); + fflush(stdout); + while (n_gets(temp, sizeof(temp)) && *temp) { + if (sscanf(temp, "%ld", &temp_long) != 1) + goto bad_att; + if (temp_long > 65535 || (temp_long < 0)) { + bad_att: + fprintf(stdout, "\07\07Invalid, choose 0-65535\n"); + fprintf(stdout, "Attributes [ %d ] ? ", + principal_data[i].attributes); + fflush(stdout); + continue; + } + changed = 1; + /* dont clobber */ + principal_data[i].attributes = + (unsigned short) temp_long; + break; + } + + /* + * remaining fields -- key versions and mod info, should + * not be directly manipulated + */ + if (changed) { + if (kerb_put_principal(&principal_data[i], 1)) { + fprintf(stdout, + "\nError updating Kerberos database"); + } else { + fprintf(stdout, "Edit O.K."); + } + } else { + fprintf(stdout, "Unchanged"); + } + + + memset(&principal_data[i].key_low, 0, 4); + memset(&principal_data[i].key_high, 0, 4); + fflush(stdout); + break; + } + } + if (more) { + fprintf(stdout, "\nThere were more tuples found "); + fprintf(stdout, "than there were space for"); + } + return 1; +} + +static void +cleanup(void) +{ + + memset(master_key, 0, sizeof(master_key)); + memset(session_key, 0, sizeof(session_key)); + memset(master_key_schedule, 0, sizeof(master_key_schedule)); + memset(principal_data, 0, sizeof(principal_data)); + memset(new_key, 0, sizeof(new_key)); + memset(pw_str, 0, sizeof(pw_str)); +} + +int +main(int argc, char **argv) +{ + /* Local Declarations */ + + long n; + + set_progname (argv[0]); + + while (--argc > 0 && (*++argv)[0] == '-') + for (i = 1; argv[0][i] != '\0'; i++) { + switch (argv[0][i]) { + + /* debug flag */ + case 'd': + debug = 1; + continue; + + /* debug flag */ +#ifdef DEBUG + case 'l': + kerb_debug |= 1; + continue; +#endif + case 'n': /* read MKEYFILE for master key */ + nflag = 1; + continue; + + default: + warnx ("illegal flag \"%c\"", argv[0][i]); + Usage(); /* Give message and die */ + } + } + + fprintf(stdout, "Opening database...\n"); + fflush(stdout); + kerb_init(); + if (argc > 0) + if (kerb_db_set_name(*argv) != 0) + errx (1, "Could not open altername database name"); + + if (kdb_get_master_key ((nflag == 0) ? KDB_GET_PROMPT : 0, + &master_key, master_key_schedule) != 0) + errx (1, "Couldn't read master key."); + + if ((master_key_version = kdb_verify_master_key(&master_key, + master_key_schedule, + stdout)) < 0) + return 1; + + /* Initialize non shared random sequence */ + des_init_random_number_generator(&master_key); + + /* lookup the default values */ + n = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, + &default_princ, 1, &more); + if (n != 1) + errx (1, "Kerberos error on default value lookup, %ld found.", n); + fprintf(stdout, "Previous or default values are in [brackets] ,\n"); + fprintf(stdout, "enter return to leave the same, or new value.\n"); + + while (change_principal()) { + } + + cleanup(); + return 0; +} diff --git a/crypto/kerberosIV/admin/kdb_init.c b/crypto/kerberosIV/admin/kdb_init.c new file mode 100644 index 0000000..b9ea009 --- /dev/null +++ b/crypto/kerberosIV/admin/kdb_init.c @@ -0,0 +1,174 @@ +/* + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * program to initialize the database, reports error if database file + * already exists. + */ + +#include "adm_locl.h" + +RCSID("$Id: kdb_init.c,v 1.23 1997/03/30 17:45:05 assar Exp $"); + +enum ap_op { + NULL_KEY, /* setup null keys */ + MASTER_KEY, /* use master key as new key */ + RANDOM_KEY /* choose a random key */ +}; + +static des_cblock master_key; +static des_key_schedule master_key_schedule; + +/* use a return code to indicate success or failure. check the return */ +/* values of the routines called by this routine. */ + +static int +add_principal(char *name, char *instance, enum ap_op aap_op, int maxlife) +{ + Principal principal; + struct tm *tm; + des_cblock new_key; + + memset(&principal, 0, sizeof(principal)); + strncpy(principal.name, name, ANAME_SZ); + strncpy(principal.instance, instance, INST_SZ); + switch (aap_op) { + case NULL_KEY: + principal.key_low = 0; + principal.key_high = 0; + break; + case RANDOM_KEY: +#ifdef NOENCRYPTION + memset(new_key, 0, sizeof(des_cblock)); + new_key[0] = 127; +#else + des_new_random_key(&new_key); +#endif + kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule, + DES_ENCRYPT); + copy_from_key(new_key, &principal.key_low, &principal.key_high); + memset(new_key, 0, sizeof(new_key)); + break; + case MASTER_KEY: + memcpy(new_key, master_key, sizeof (des_cblock)); + kdb_encrypt_key (&new_key, &new_key, &master_key, master_key_schedule, + DES_ENCRYPT); + copy_from_key(new_key, &principal.key_low, &principal.key_high); + break; + } + principal.exp_date = 946702799; /* Happy new century */ + strncpy(principal.exp_date_txt, "12/31/99", DATE_SZ); + principal.mod_date = time(0); + + tm = k_localtime(&principal.mod_date); + principal.attributes = 0; + principal.max_life = maxlife; + + principal.kdc_key_ver = 1; + principal.key_version = 1; + + strncpy(principal.mod_name, "db_creation", ANAME_SZ); + strncpy(principal.mod_instance, "", INST_SZ); + principal.old = 0; + + if (kerb_db_put_principal(&principal, 1) != 1) + return -1; /* FAIL */ + + /* let's play it safe */ + memset(new_key, 0, sizeof (des_cblock)); + memset(&principal.key_low, 0, 4); + memset(&principal.key_high, 0, 4); + return 0; +} + +int +main(int argc, char **argv) +{ + char realm[REALM_SZ]; + char *cp; + int code; + char *database; + + set_progname (argv[0]); + + if (argc > 3) { + fprintf(stderr, "Usage: %s [realm-name] [database-name]\n", argv[0]); + return 1; + } + if (argc == 3) { + database = argv[2]; + --argc; + } else + database = DBM_FILE; + + /* Do this first, it'll fail if the database exists */ + if ((code = kerb_db_create(database)) != 0) + err (1, "Couldn't create database %s", database); + kerb_db_set_name(database); + + if (argc == 2) + strncpy(realm, argv[1], REALM_SZ); + else { + if (krb_get_lrealm(realm, 1) != KSUCCESS) + strcpy(realm, KRB_REALM); + fprintf(stderr, "Realm name [default %s ]: ", realm); + if (fgets(realm, sizeof(realm), stdin) == NULL) + errx (1, "\nEOF reading realm"); + if ((cp = strchr(realm, '\n'))) + *cp = '\0'; + if (!*realm) /* no realm given */ + if (krb_get_lrealm(realm, 1) != KSUCCESS) + strcpy(realm, KRB_REALM); + } + if (!k_isrealm(realm)) + errx (1, "Bad kerberos realm name \"%s\"", realm); +#ifndef RANDOM_MKEY + printf("You will be prompted for the database Master Password.\n"); + printf("It is important that you NOT FORGET this password.\n"); +#else + printf("To generate a master key, please enter some random data.\n"); + printf("You do not have to remember this.\n"); +#endif + fflush(stdout); + + if (kdb_get_master_key (KDB_GET_TWICE, &master_key, + master_key_schedule) != 0) + errx (1, "Couldn't read master key."); + +#ifdef RANDOM_MKEY + if(kdb_kstash(&master_key, MKEYFILE) < 0) + err (1, "Error writing master key"); + fprintf(stderr, "Wrote master key to %s\n", MKEYFILE); +#endif + + /* Initialize non shared random sequence */ + des_init_random_number_generator(&master_key); + + /* Maximum lifetime for changepw.kerberos (kadmin) tickets, 10 minutes */ +#define ADMLIFE (1 + (CLOCK_SKEW/(5*60))) + + /* Maximum lifetime for ticket granting tickets, 4 days or 21.25h */ +#define TGTLIFE ((krb_life_to_time(0, 162) >= 24*60*60) ? 161 : 255) + + /* This means that default lifetimes have not been initialized */ +#define DEFLIFE 255 + +#define NOLIFE 0 + + if ( + add_principal(KERB_M_NAME, KERB_M_INST, MASTER_KEY, NOLIFE) || + add_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, NULL_KEY,DEFLIFE)|| + add_principal(KRB_TICKET_GRANTING_TICKET, realm, RANDOM_KEY, TGTLIFE)|| + add_principal(PWSERV_NAME, KRB_MASTER, RANDOM_KEY, ADMLIFE) + ) { + putc ('\n', stderr); + errx (1, "couldn't initialize database."); + } + + /* play it safe */ + memset(master_key, 0, sizeof (des_cblock)); + memset(master_key_schedule, 0, sizeof (des_key_schedule)); + return 0; +} diff --git a/crypto/kerberosIV/admin/kdb_util.c b/crypto/kerberosIV/admin/kdb_util.c new file mode 100644 index 0000000..b221fdd --- /dev/null +++ b/crypto/kerberosIV/admin/kdb_util.c @@ -0,0 +1,496 @@ +/* + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Kerberos database manipulation utility. This program allows you to + * dump a kerberos database to an ascii readable file and load this + * file into the database. Read locking of the database is done during a + * dump operation. NO LOCKING is done during a load operation. Loads + * should happen with other processes shutdown. + * + * Written July 9, 1987 by Jeffrey I. Schiller + */ + +#include "adm_locl.h" + +RCSID("$Id: kdb_util.c,v 1.35 1997/05/07 00:57:45 assar Exp $"); + +static des_cblock master_key, new_master_key; +static des_key_schedule master_key_schedule, new_master_key_schedule; + +#define zaptime(foo) memset((foo), 0, sizeof(*(foo))) + +/* cv_key is a procedure which takes a principle and changes its key, + either for a new method of encrypting the keys, or a new master key. + if cv_key is null no transformation of key is done (other than net byte + order). */ + +struct callback_args { + void (*cv_key)(Principal *); + FILE *output_file; +}; + +static void +print_time(FILE *file, time_t timeval) +{ + struct tm *tm; + tm = gmtime(&timeval); + fprintf(file, " %04d%02d%02d%02d%02d", + tm->tm_year + 1900, + tm->tm_mon + 1, + tm->tm_mday, + tm->tm_hour, + tm->tm_min); +} + +static long +time_explode(char *cp) +{ + char wbuf[5]; + struct tm tp; + int local; + + zaptime(&tp); /* clear out the struct */ + + if (strlen(cp) > 10) { /* new format */ + strncpy(wbuf, cp, 4); + wbuf[4] = 0; + tp.tm_year = atoi(wbuf) - 1900; + cp += 4; /* step over the year */ + local = 0; /* GMT */ + } else { /* old format: local time, + year is 2 digits, assuming 19xx */ + wbuf[0] = *cp++; + wbuf[1] = *cp++; + wbuf[2] = 0; + tp.tm_year = atoi(wbuf); + local = 1; /* local */ + } + + wbuf[0] = *cp++; + wbuf[1] = *cp++; + wbuf[2] = 0; + tp.tm_mon = atoi(wbuf)-1; + + wbuf[0] = *cp++; + wbuf[1] = *cp++; + tp.tm_mday = atoi(wbuf); + + wbuf[0] = *cp++; + wbuf[1] = *cp++; + tp.tm_hour = atoi(wbuf); + + wbuf[0] = *cp++; + wbuf[1] = *cp++; + tp.tm_min = atoi(wbuf); + + + return(tm2time(tp, local)); +} + +static int +dump_db_1(void *arg, Principal *principal) +{ /* replace null strings with "*" */ + struct callback_args *a = (struct callback_args *)arg; + + if (principal->instance[0] == '\0') { + principal->instance[0] = '*'; + principal->instance[1] = '\0'; + } + if (principal->mod_name[0] == '\0') { + principal->mod_name[0] = '*'; + principal->mod_name[1] = '\0'; + } + if (principal->mod_instance[0] == '\0') { + principal->mod_instance[0] = '*'; + principal->mod_instance[1] = '\0'; + } + if (a->cv_key != NULL) { + (*a->cv_key) (principal); + } + fprintf(a->output_file, "%s %s %d %d %d %d %x %x", + principal->name, + principal->instance, + principal->max_life, + principal->kdc_key_ver, + principal->key_version, + principal->attributes, + (int)htonl (principal->key_low), + (int)htonl (principal->key_high)); + print_time(a->output_file, principal->exp_date); + print_time(a->output_file, principal->mod_date); + fprintf(a->output_file, " %s %s\n", + principal->mod_name, + principal->mod_instance); + return 0; +} + +static int +dump_db (char *db_file, FILE *output_file, void (*cv_key) (Principal *)) +{ + struct callback_args a; + + a.cv_key = cv_key; + a.output_file = output_file; + + kerb_db_iterate ((k_iter_proc_t)dump_db_1, &a); + return fflush(output_file); +} + +static int +add_file(void *db, FILE *file) +{ + int ret; + int lineno = 0; + char line[1024]; + unsigned long key[2]; /* yes, long */ + Principal pr; + + char exp_date[64], mod_date[64]; + + int life, kkvno, kvno; + + while(1){ + memset(&pr, 0, sizeof(pr)); + errno = 0; + if(fgets(line, sizeof(line), file) == NULL){ + if(errno != 0) + err (1, "fgets"); + break; + } + lineno++; + ret = sscanf(line, "%s %s %d %d %d %hd %lx %lx %s %s %s %s", + pr.name, pr.instance, + &life, &kkvno, &kvno, + &pr.attributes, + &key[0], &key[1], + exp_date, mod_date, + pr.mod_name, pr.mod_instance); + if(ret != 12){ + warnx("Line %d malformed (ignored)", lineno); + continue; + } + pr.key_low = ntohl (key[0]); + pr.key_high = ntohl (key[1]); + pr.max_life = life; + pr.kdc_key_ver = kkvno; + pr.key_version = kvno; + pr.exp_date = time_explode(exp_date); + pr.mod_date = time_explode(mod_date); + if (pr.instance[0] == '*') + pr.instance[0] = 0; + if (pr.mod_name[0] == '*') + pr.mod_name[0] = 0; + if (pr.mod_instance[0] == '*') + pr.mod_instance[0] = 0; + if (kerb_db_update(db, &pr, 1) != 1) { + warn ("store %s.%s aborted", + pr.name, pr.instance); + return 1; + } + } + return 0; +} + +static void +load_db (char *db_file, FILE *input_file) +{ + long *db; + int temp1; + int code; + char *temp_db_file; + + temp1 = strlen(db_file)+2; + temp_db_file = malloc (temp1); + strcpy(temp_db_file, db_file); + strcat(temp_db_file, "~"); + + /* Create the database */ + if ((code = kerb_db_create(temp_db_file)) != 0) + err (1, "creating temp database %s", temp_db_file); + kerb_db_set_name(temp_db_file); + db = kerb_db_begin_update(); + if (db == NULL) + err (1, "opening temp database %s", temp_db_file); + + if(add_file(db, input_file)) + errx (1, "Load aborted"); + + kerb_db_end_update(db); + if ((code = kerb_db_rename(temp_db_file, db_file)) != 0) + warn("database rename failed"); + fclose(input_file); + free(temp_db_file); +} + +static void +merge_db(char *db_file, FILE *input_file) +{ + void *db; + + db = kerb_db_begin_update(); + if(db == NULL) + err (1, "Couldn't open database"); + if(add_file(db, input_file)) + errx (1, "Merge aborted"); + kerb_db_end_update(db); +} + +static void +update_ok_file (char *file_name) +{ + /* handle slave locking/failure stuff */ + char *file_ok; + int fd; + static char ok[]=".dump_ok"; + + asprintf (&file_ok, "%s%s", file_name, ok); + if (file_ok == NULL) + errx (1, "out of memory"); + if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0400)) < 0) + err (1, "Error creating %s", file_ok); + free(file_ok); + close(fd); +} + +static void +convert_key_new_master (Principal *p) +{ + des_cblock key; + + /* leave null keys alone */ + if ((p->key_low == 0) && (p->key_high == 0)) return; + + /* move current key to des_cblock for encryption, special case master key + since that's changing */ + if ((strncmp (p->name, KERB_M_NAME, ANAME_SZ) == 0) && + (strncmp (p->instance, KERB_M_INST, INST_SZ) == 0)) { + memcpy (key, new_master_key, sizeof(des_cblock)); + (p->key_version)++; + } else { + copy_to_key(&p->key_low, &p->key_high, key); + kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_DECRYPT); + } + + kdb_encrypt_key (&key, &key, &new_master_key, new_master_key_schedule, DES_ENCRYPT); + + copy_from_key(key, &(p->key_low), &(p->key_high)); + memset(key, 0, sizeof (key)); /* a little paranoia ... */ + + (p->kdc_key_ver)++; +} + +static void +clear_secrets (void) +{ + memset(master_key, 0, sizeof (des_cblock)); + memset(master_key_schedule, 0, sizeof (des_key_schedule)); + memset(new_master_key, 0, sizeof (des_cblock)); + memset(new_master_key_schedule, 0, sizeof (des_key_schedule)); +} + +static void +convert_new_master_key (char *db_file, FILE *out) +{ +#ifdef RANDOM_MKEY + errx (1, "Sorry, this function is not available with " + "the new master key scheme."); +#else + printf ("\n\nEnter the CURRENT master key."); + if (kdb_get_master_key (KDB_GET_PROMPT, &master_key, + master_key_schedule) != 0) { + clear_secrets (); + errx (1, "Couldn't get master key."); + } + + if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) { + clear_secrets (); + exit (1); + } + + printf ("\n\nNow enter the NEW master key. Do not forget it!!"); + if (kdb_get_master_key (KDB_GET_TWICE, &new_master_key, + new_master_key_schedule) != 0) { + clear_secrets (); + errx (1, "Couldn't get new master key."); + } + + dump_db (db_file, out, convert_key_new_master); + { + char fname[128]; + snprintf(fname, sizeof(fname), "%s.new", MKEYFILE); + kdb_kstash(&new_master_key, fname); + } +#endif /* RANDOM_MKEY */ +} + +static void +convert_key_old_db (Principal *p) +{ + des_cblock key; + + /* leave null keys alone */ + if ((p->key_low == 0) && (p->key_high == 0)) return; + + copy_to_key(&p->key_low, &p->key_high, key); + +#ifndef NOENCRYPTION + des_pcbc_encrypt((des_cblock *)key,(des_cblock *)key, + (long)sizeof(des_cblock),master_key_schedule, + (des_cblock *)master_key_schedule, DES_DECRYPT); +#endif + + /* make new key, new style */ + kdb_encrypt_key (&key, &key, &master_key, master_key_schedule, DES_ENCRYPT); + + copy_from_key(key, &(p->key_low), &(p->key_high)); + memset(key, 0, sizeof (key)); /* a little paranoia ... */ +} + +static void +convert_old_format_db (char *db_file, FILE *out) +{ + des_cblock key_from_db; + Principal principal_data[1]; + int n, more; + + if (kdb_get_master_key (KDB_GET_PROMPT, &master_key, + master_key_schedule) != 0L) { + clear_secrets(); + errx (1, "Couldn't get master key."); + } + + /* can't call kdb_verify_master_key because this is an old style db */ + /* lookup the master key version */ + n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, + 1 /* only one please */, &more); + if ((n != 1) || more) + errx (1, "verify_master_key: Kerberos error on master key lookup, %d found.\n", n); + + /* set up the master key */ + fprintf(stderr, "Current Kerberos master key version is %d.\n", + principal_data[0].kdc_key_ver); + + /* + * now use the master key to decrypt (old style) the key in the db, had better + * be the same! + */ + copy_to_key(&principal_data[0].key_low, + &principal_data[0].key_high, + key_from_db); +#ifndef NOENCRYPTION + des_pcbc_encrypt(&key_from_db,&key_from_db,(long)sizeof(key_from_db), + master_key_schedule,(des_cblock *)master_key_schedule, DES_DECRYPT); +#endif + /* the decrypted database key had better equal the master key */ + + n = memcmp(master_key, key_from_db, sizeof(master_key)); + memset(key_from_db, 0, sizeof(key_from_db)); + + if (n) { + fprintf(stderr, "\n\07\07verify_master_key: Invalid master key, "); + fprintf(stderr, "does not match database.\n"); + exit (1); + } + + fprintf(stderr, "Master key verified.\n"); + + dump_db (db_file, out, convert_key_old_db); +} + +int +main(int argc, char **argv) +{ + int ret; + FILE *file; + enum { + OP_LOAD, + OP_MERGE, + OP_DUMP, + OP_SLAVE_DUMP, + OP_NEW_MASTER, + OP_CONVERT_OLD_DB + } op; + char *file_name; + char *db_name; + + set_progname (argv[0]); + + if (argc != 3 && argc != 4) { + fprintf(stderr, "Usage: %s operation file [database name].\n", + argv[0]); + fprintf(stderr, "Operation is one of: " + "load, merge, dump, slave_dump, new_master_key, " + "convert_old_db\n"); + exit(1); + } + if (argc == 3) + db_name = DBM_FILE; + else + db_name = argv[3]; + + ret = kerb_db_set_name (db_name); + + /* this makes starting slave servers ~14.3 times easier */ + if(ret && strcmp(argv[1], "load") == 0) + ret = kerb_db_create (db_name); + + if(ret) + err (1, "Can't open database"); + + if (!strcmp(argv[1], "load")) + op = OP_LOAD; + else if (!strcmp(argv[1], "merge")) + op = OP_MERGE; + else if (!strcmp(argv[1], "dump")) + op = OP_DUMP; + else if (!strcmp(argv[1], "slave_dump")) + op = OP_SLAVE_DUMP; + else if (!strcmp(argv[1], "new_master_key")) + op = OP_NEW_MASTER; + else if (!strcmp(argv[1], "convert_old_db")) + op = OP_CONVERT_OLD_DB; + else { + warnx ("%s is an invalid operation.", argv[1]); + warnx ("Valid operations are \"load\", \"merge\", " + "\"dump\", \"slave_dump\", \"new_master_key\", " + "and \"convert_old_db\""); + return 1; + } + + file_name = argv[2]; + file = fopen(file_name, (op == OP_LOAD || op == OP_MERGE) ? "r" : "w"); + if (file == NULL) + err (1, "open %s", argv[2]); + + switch (op) { + case OP_DUMP: + if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) || + (fclose(file) == EOF)) + err (1, "%s", file_name); + break; + case OP_SLAVE_DUMP: + if ((dump_db (db_name, file, (void (*)(Principal *)) 0) == EOF) || + (fclose(file) == EOF)) + err (1, "%s", file_name); + update_ok_file (file_name); + break; + case OP_LOAD: + load_db (db_name, file); + break; + case OP_MERGE: + merge_db (db_name, file); + break; + case OP_NEW_MASTER: + convert_new_master_key (db_name, file); + printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); + break; + case OP_CONVERT_OLD_DB: + convert_old_format_db (db_name, file); + printf("Don't forget to do a `kdb_util load %s' to reload the database!\n", file_name); + break; + } + return 0; +} diff --git a/crypto/kerberosIV/admin/kstash.c b/crypto/kerberosIV/admin/kstash.c new file mode 100644 index 0000000..4595de5 --- /dev/null +++ b/crypto/kerberosIV/admin/kstash.c @@ -0,0 +1,56 @@ +/* + * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * of Technology + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Description. + */ + +#include "adm_locl.h" + +RCSID("$Id: kstash.c,v 1.10 1997/03/30 17:35:37 assar Exp $"); + +/* change this later, but krblib_dbm needs it for now */ + +static des_cblock master_key; +static des_key_schedule master_key_schedule; + +static void +clear_secrets(void) +{ + memset(master_key_schedule, 0, sizeof(master_key_schedule)); + memset(master_key, 0, sizeof(master_key)); +} + +int +main(int argc, char **argv) +{ + long n; + int ret = 0; + set_progname (argv[0]); + + if ((n = kerb_init())) + errx(1, "Kerberos db and cache init failed = %ld\n", n); + + if (kdb_get_master_key (KDB_GET_PROMPT, &master_key, + master_key_schedule) != 0) { + clear_secrets(); + errx(1, "Couldn't read master key."); + } + + if (kdb_verify_master_key (&master_key, master_key_schedule, stderr) < 0) { + clear_secrets(); + return 1; + } + + ret = kdb_kstash(&master_key, MKEYFILE); + if(ret < 0) + warn("writing master key"); + else + fprintf(stderr, "Wrote master key to %s\n", MKEYFILE); + + clear_secrets(); + return ret; +} diff --git a/crypto/kerberosIV/appl/Makefile.in b/crypto/kerberosIV/appl/Makefile.in new file mode 100644 index 0000000..c951258 --- /dev/null +++ b/crypto/kerberosIV/appl/Makefile.in @@ -0,0 +1,43 @@ +# $Id: Makefile.in,v 1.27 1997/05/20 18:58:37 bg Exp $ + +srcdir = @srcdir@ +VPATH = @srcdir@ + +SHELL = /bin/sh + +@SET_MAKE@ + +SUBDIRS = sample kauth bsd movemail afsutil \ + kpopper xnlock kx otp @APPL_KIP_DIR@ ftp telnet + +all: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) all); done + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +install: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) install); done + +uninstall: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done + +clean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) clean); done + +mostlyclean: clean + +distclean: + for i in $(SUBDIRS);\ + do (cd $$i && $(MAKE) $(MFLAGS) distclean); done + rm -f Makefile *~ + +realclean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) realclean); done + +.PHONY: all install uninstall clean distclean realclean mostlyclean diff --git a/crypto/kerberosIV/appl/bsd/Makefile.in b/crypto/kerberosIV/appl/bsd/Makefile.in new file mode 100644 index 0000000..57a8108 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/Makefile.in @@ -0,0 +1,135 @@ +# $Id: Makefile.in,v 1.56 1997/05/20 20:35:04 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ + +topdir = ../.. + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ -DBINDIR='"$(bindir)"' +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +LIBS = @LIBS@ +LIB_DBM = @LIB_DBM@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ +libexecdir = @libexecdir@ +bindir = @bindir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +# Beware, these are all setuid root programs +PROG_SUIDBIN = rsh$(EXECSUFFIX) \ + rcp$(EXECSUFFIX) \ + rlogin$(EXECSUFFIX) \ + su$(EXECSUFFIX) +PROG_BIN = login$(EXECSUFFIX) +PROG_LIBEXEC = rshd$(EXECSUFFIX) \ + rlogind$(EXECSUFFIX) +PROGS = $(PROG_SUIDBIN) $(PROG_BIN) $(PROG_LIBEXEC) + +SOURCES = rsh.c kcmd.c krcmd.c rlogin.c rcp.c rcp_util.c rshd.c \ + login.c klogin.c login_access.c su.c rlogind.c iruserok.c \ + login_fbtab.c forkpty.c sysv_default.c sysv_environ.c sysv_shadow.c \ + utmp_login.c utmpx_login.c stty_default.c encrypt.c rcmd_util.c tty.c + +rsh_OBJS = rsh.o kcmd.o krcmd.o encrypt.o rcmd_util.o +rcp_OBJS = rcp.o rcp_util.o kcmd.o krcmd.o encrypt.o rcmd_util.o +rlogin_OBJS = rlogin.o kcmd.o krcmd.o encrypt.o rcmd_util.o +login_OBJS = login.o klogin.o login_fbtab.o login_access.o \ + sysv_default.o sysv_environ.o sysv_shadow.o \ + utmp_login.o utmpx_login.o stty_default.o tty.o +su_OBJS = su.o +rshd_OBJS = rshd.o iruserok.o encrypt.o rcmd_util.o +rlogind_OBJS = rlogind.o iruserok.o forkpty.o encrypt.o rcmd_util.o tty.o + + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libexecdir) + for x in $(PROG_LIBEXEC); do \ + $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x| sed '$(transform)'`; \ + done + $(MKINSTALLDIRS) $(bindir) + for x in $(PROG_BIN); do \ + $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x| sed '$(transform)'`; \ + done + -for x in $(PROG_SUIDBIN); do \ + $(INSTALL_PROGRAM) -o root -m 04555 $$x $(bindir)/`echo $$x| sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROG_LIBEXEC); do \ + rm -f $(libexecdir)/`echo $$x| sed '$(transform)'`; \ + done + for x in $(PROG_BIN); do \ + rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \ + done + for x in $(PROG_SUIDBIN); do \ + rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes +KLIB_AFS=@KRB_KAFS_LIB@ $(KLIB) +OTPLIB=-L../../lib/otp -lotp +LIBROKEN=-L../../lib/roken -lroken + +rcp$(EXECSUFFIX): $(rcp_OBJS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rcp_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +rsh$(EXECSUFFIX): $(rsh_OBJS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rsh_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +rshd$(EXECSUFFIX): $(rshd_OBJS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rshd_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +rlogin$(EXECSUFFIX): $(rlogin_OBJS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogin_OBJS) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +rlogind$(EXECSUFFIX): $(rlogind_OBJS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(rlogind_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +login$(EXECSUFFIX): $(login_OBJS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(login_OBJS) $(OTPLIB) $(KLIB_AFS) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +su$(EXECSUFFIX): $(su_OBJS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(su_OBJS) $(KLIB_AFS) $(LIBROKEN) $(LIBS) $(LIBROKEN) diff --git a/crypto/kerberosIV/appl/bsd/README.login b/crypto/kerberosIV/appl/bsd/README.login new file mode 100644 index 0000000..c072969 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/README.login @@ -0,0 +1,20 @@ +This login has additional functionalities. They are all based on (part of) +Wietse Venema's logdaemon package. + + +The following defines can be used: +1) LOGIN_ACCESS to allow access control on a per tty/user combination +2) LOGALL to log all logins + +-Guido + +This login has some of Berkeley's paranoid/broken (depending on your point +of view) Kerberos code conditionalized out, so that by default it works like +klogin does at MIT-LCS. You can define KLOGIN_PARANOID to re-enable this code. +This define also controls whether a warning message is printed when logging +into a system with no krb.conf file, which usually means that Kerberos is +not configured. + +-GAWollman + +(removed S/Key, /assar) diff --git a/crypto/kerberosIV/appl/bsd/bsd_locl.h b/crypto/kerberosIV/appl/bsd/bsd_locl.h new file mode 100644 index 0000000..d0b37aa --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/bsd_locl.h @@ -0,0 +1,380 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: bsd_locl.h,v 1.98 1997/05/25 01:14:17 assar Exp $ */ + +#define LOGALL +#define KERBEROS +#define KLOGIN_PARANOID +#define LOGIN_ACCESS +#define PASSWD_FALLBACK + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +/* Any better way to test NO_MOTD? */ +#if (SunOS == 5) || defined(__hpux) +#define NO_MOTD +#endif + +#ifdef HAVE_SHADOW_H +#define SYSV_SHADOW +#endif + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <ctype.h> +#include <setjmp.h> + +#include <stdarg.h> + +#include <errno.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + +#ifndef S_ISTXT +#ifdef S_ISVTX +#define S_ISTXT S_ISVTX +#else +#define S_ISTXT 0 +#endif +#endif + +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_DIRENT_H +#include <dirent.h> +#endif +#include <signal.h> +#ifdef HAVE_SYS_RESOURCE_H +#include <sys/resource.h> +#endif /* HAVE_SYS_RESOURCE_H */ +#ifdef HAVE_SYS_WAIT_H +#include <sys/wait.h> +#endif +#ifdef HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif + +#ifndef NCARGS +#define NCARGS 0x100000 /* (absolute) max # characters in exec arglist */ +#endif +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif + +#ifdef HAVE_GRP_H +#include <grp.h> +#endif +#ifdef HAVE_UTIME_H +#include <utime.h> +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_NETINET_IN_SYSTM_H +#include <netinet/in_systm.h> +#endif +#ifdef HAVE_NETINET_IP_H +#include <netinet/ip.h> +#endif +#ifdef HAVE_NETINET_TCP_H +#include <netinet/tcp.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif + +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include <sys/ioctl.h> +#endif +#ifdef HAVE_SYS_IOCCOM_H +#include <sys/ioccom.h> +#endif + +#ifdef HAVE_SYS_SOCKIO_H +#include <sys/sockio.h> +#endif + +#ifdef HAVE_SYS_SELECT_H +#include <sys/select.h> +#endif + +#ifdef HAVE_SYS_FILIO_H +#include <sys/filio.h> +#endif + +#ifdef HAVE_SYS_STREAM_H +#ifdef HAVE_SYS_UIO_H +#include <sys/uio.h> +#endif /* HAVE_SYS_UIO_H */ +#include <sys/stream.h> +#endif /* HAVE_SYS_STREAM_H */ + +#ifdef HAVE_SYS_PTYVAR_H +#ifdef HAVE_SYS_PROC_H +#include <sys/proc.h> +#endif +#ifdef HAVE_SYS_TTY_H +#include <sys/tty.h> +#endif +#ifdef HAVE_SYS_PTYIO_H +#include <sys/ptyio.h> +#endif +#include <sys/ptyvar.h> +#endif /* HAVE_SYS_PTYVAR_H */ + +/* Cray stuff */ +#ifdef HAVE_UDB_H +#include <udb.h> +#endif +#ifdef HAVE_SYS_CATEGORY_H +#include <sys/category.h> +#endif + +/* Strange ioctls that are not always defined */ + +#ifndef TIOCPKT_FLUSHWRITE +#define TIOCPKT_FLUSHWRITE 0x02 +#endif + +#ifndef TIOCPKT_NOSTOP +#define TIOCPKT_NOSTOP 0x10 +#endif + +#ifndef TIOCPKT_DOSTOP +#define TIOCPKT_DOSTOP 0x20 +#endif + +#ifndef TIOCPKT +#define TIOCPKT _IOW('t', 112, int) /* pty: set/clear packet mode */ +#endif + +#ifdef HAVE_LASTLOG_H +#include <lastlog.h> +#endif + +#ifdef HAVE_LOGIN_H +#include <login.h> +#endif + +#ifdef HAVE_TTYENT_H +#include <ttyent.h> +#endif + +#ifdef HAVE_STROPTS_H +#include <stropts.h> +#endif + +#ifdef HAVE_UTMP_H +#include <utmp.h> +#endif +#ifndef UT_NAMESIZE +#define UT_NAMESIZE sizeof(((struct utmp *)0)->ut_name) +#endif + +#ifdef HAVE_UTMPX_H +#include <utmpx.h> +#endif + +#ifdef HAVE_USERPW_H +#include <userpw.h> +#endif /* HAVE_USERPW_H */ + +#ifdef HAVE_USERSEC_H +#include <usersec.h> +#endif /* HAVE_USERSEC_H */ + +#ifndef PRIO_PROCESS +#define PRIO_PROCESS 0 +#endif + +#include <err.h> + +#include <roken.h> + +#ifdef SOCKS +#include <socks.h> +#endif + +#include <des.h> +#include <krb.h> +#include <kafs.h> + +int kcmd(int *sock, char **ahost, u_int16_t rport, char *locuser, + char *remuser, char *cmd, int *fd2p, KTEXT ticket, + char *service, char *realm, CREDENTIALS *cred, + Key_schedule schedule, MSG_DAT *msg_data, + struct sockaddr_in *laddr, struct sockaddr_in *faddr, + int32_t authopts); + +int krcmd(char **ahost, u_int16_t rport, char *remuser, char *cmd, + int *fd2p, char *realm); + +int krcmd_mutual(char **ahost, u_int16_t rport, char *remuser, + char *cmd,int *fd2p, char *realm, + CREDENTIALS *cred, Key_schedule sched); + +int klogin(struct passwd *pw, char *instance, char *localhost, char *password); + +typedef struct { + int cnt; + char *buf; +} BUF; + +char *colon(char *cp); +int okname(char *cp0); +int susystem(char *s, int userid); + +int forkpty(int *amaster, char *name, + struct termios *termp, struct winsize *winp); + +#ifndef MODEMASK +#define MODEMASK (S_ISUID|S_ISGID|S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO) +#endif + +#ifdef HAVE_PATHS_H +#include <paths.h> +#endif +#ifdef HAVE_MAILLOCK_H +#include <maillock.h> +#endif +#include "pathnames.h" + +void stty_default (void); + +int utmpx_login(char *line, char *user, char *host); + +extern char **environ; + +void sysv_newenv(int argc, char **argv, struct passwd *pwd, + char *term, int pflag); + +int login_access(char *user, char *from); +#ifndef HAVE_IRUSEROK +int iruserok(u_int32_t raddr, int superuser, const char *ruser, + const char *luser); +#endif +void fatal(int f, const char *msg, int syserr); + +extern int LEFT_JUSTIFIED; +int des_enc_read(int fd,char *buf,int len,des_key_schedule sched, + des_cblock *iv); +int des_enc_write(int fd,char *buf,int len,des_key_schedule sched, + des_cblock *iv); + +void sysv_defaults(void); +void utmp_login(char *tty, char *username, char *hostname); +void sleepexit (int); + +#ifndef HAVE_SETPRIORITY +#define setpriority(which, who, niceval) 0 +#endif + +#ifndef HAVE_GETPRIORITY +#define getpriority(which, who) 0 +#endif + +#ifdef HAVE_TERMIOS_H +#include <termios.h> +#endif + +#ifndef _POSIX_VDISABLE +#define _POSIX_VDISABLE 0 +#endif /* _POSIX_VDISABLE */ +#if SunOS == 4 +#include <sys/ttold.h> +#endif + +#if defined(_AIX) +#include <sys/termio.h> +#endif + +#ifndef CEOF +#define CEOF 04 +#endif + +/* concession to Sun */ +#ifndef SIGUSR1 +#define SIGUSR1 30 +#endif + +#ifndef TIOCPKT_WINDOW +#define TIOCPKT_WINDOW 0x80 +#endif + +int get_shell_port(int kerberos, int encryption); +int get_login_port(int kerberos, int encryption); +int speed_t2int (speed_t); +speed_t int2speed_t (int); +void ip_options_and_die (int sock, struct sockaddr_in *); +void warning(const char *fmt, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; + +char *clean_ttyname (char *tty); +char *make_id (char *tty); +void prepare_utmp (struct utmp *utmp, char *tty, char *username, + char *hostname); diff --git a/crypto/kerberosIV/appl/bsd/encrypt.c b/crypto/kerberosIV/appl/bsd/encrypt.c new file mode 100644 index 0000000..b74f329 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/encrypt.c @@ -0,0 +1,311 @@ +/* Copyright (C) 1995 Eric Young (eay@mincom.oz.au) + * All rights reserved. + * + * This file is part of an SSL implementation written + * by Eric Young (eay@mincom.oz.au). + * The implementation was written so as to conform with Netscapes SSL + * specification. This library and applications are + * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE + * as long as the following conditions are aheared to. + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. If this code is used in a product, + * Eric Young should be given attribution as the author of the parts used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Eric Young (eay@mincom.oz.au) + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include "bsd_locl.h" + +RCSID("$Id: encrypt.c,v 1.3 1996/04/30 13:50:54 bg Exp $"); + +#undef BSIZE + +/* used in des_read and des_write */ +#define MAXWRITE (1024*16) +#define BSIZE (MAXWRITE+4) + +/* replacements for htonl and ntohl since I have no idea what to do + * when faced with machines with 8 byte longs. */ +#define HDRSIZE 4 + +#define n2l(c,l) (l =((u_int32_t)(*((c)++)))<<24, \ + l|=((u_int32_t)(*((c)++)))<<16, \ + l|=((u_int32_t)(*((c)++)))<< 8, \ + l|=((u_int32_t)(*((c)++)))) + +#define l2n(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16)&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ + *((c)++)=(unsigned char)(((l) )&0xff)) + +/* This has some uglies in it but it works - even over sockets. */ +extern int errno; +int des_rw_mode=DES_PCBC_MODE; +int LEFT_JUSTIFIED = 0; + +int +des_enc_read(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv) +{ + /* data to be unencrypted */ + int net_num=0; + unsigned char net[BSIZE]; + /* extra unencrypted data + * for when a block of 100 comes in but is des_read one byte at + * a time. */ + static char unnet[BSIZE]; + static int unnet_start=0; + static int unnet_left=0; + int i; + long num=0,rnum; + unsigned char *p; + + /* left over data from last decrypt */ + if (unnet_left != 0) + { + if (unnet_left < len) + { + /* we still still need more data but will return + * with the number of bytes we have - should always + * check the return value */ + memcpy(buf,&(unnet[unnet_start]),unnet_left); + /* eay 26/08/92 I had the next 2 lines + * reversed :-( */ + i=unnet_left; + unnet_start=unnet_left=0; + } + else + { + memcpy(buf,&(unnet[unnet_start]),len); + unnet_start+=len; + unnet_left-=len; + i=len; + } + return(i); + } + + /* We need to get more data. */ + if (len > MAXWRITE) len=MAXWRITE; + + /* first - get the length */ + net_num=0; + while (net_num < HDRSIZE) + { + i=read(fd,&(net[net_num]),(unsigned int)HDRSIZE-net_num); + if ((i == -1) && (errno == EINTR)) continue; + if (i <= 0) return(0); + net_num+=i; + } + + /* we now have at net_num bytes in net */ + p=net; + num=0; + n2l(p,num); + /* num should be rounded up to the next group of eight + * we make sure that we have read a multiple of 8 bytes from the net. + */ + if ((num > MAXWRITE) || (num < 0)) /* error */ + return(-1); + rnum=(num < 8)?8:((num+7)/8*8); + + net_num=0; + while (net_num < rnum) + { + i=read(fd,&(net[net_num]),(unsigned int)rnum-net_num); + if ((i == -1) && (errno == EINTR)) continue; + if (i <= 0) return(0); + net_num+=i; + } + + /* Check if there will be data left over. */ + if (len < num) + { + if (des_rw_mode & DES_PCBC_MODE) + des_pcbc_encrypt((des_cblock *)net,(des_cblock *)unnet, + num,sched,iv,DES_DECRYPT); + else + des_cbc_encrypt((des_cblock *)net,(des_cblock *)unnet, + num,sched,iv,DES_DECRYPT); + memcpy(buf,unnet,len); + unnet_start=len; + unnet_left=num-len; + + /* The following line is done because we return num + * as the number of bytes read. */ + num=len; + } + else + { + /* >output is a multiple of 8 byes, if len < rnum + * >we must be careful. The user must be aware that this + * >routine will write more bytes than he asked for. + * >The length of the buffer must be correct. + * FIXED - Should be ok now 18-9-90 - eay */ + if (len < rnum) + { + char tmpbuf[BSIZE]; + + if (des_rw_mode & DES_PCBC_MODE) + des_pcbc_encrypt((des_cblock *)net, + (des_cblock *)tmpbuf, + num,sched,iv,DES_DECRYPT); + else + des_cbc_encrypt((des_cblock *)net, + (des_cblock *)tmpbuf, + num,sched,iv,DES_DECRYPT); + + /* eay 26/08/92 fix a bug that returned more + * bytes than you asked for (returned len bytes :-( */ + if (LEFT_JUSTIFIED || (len >= 8)) + memcpy(buf,tmpbuf,num); + else + memcpy(buf,tmpbuf+(8-num),num); /* Right justified */ + } + else if (num >= 8) + { + if (des_rw_mode & DES_PCBC_MODE) + des_pcbc_encrypt((des_cblock *)net, + (des_cblock *)buf,num,sched,iv, + DES_DECRYPT); + else + des_cbc_encrypt((des_cblock *)net, + (des_cblock *)buf,num,sched,iv, + DES_DECRYPT); + } + else + { + if (des_rw_mode & DES_PCBC_MODE) + des_pcbc_encrypt((des_cblock *)net, + (des_cblock *)buf,8,sched,iv, + DES_DECRYPT); + else + des_cbc_encrypt((des_cblock *)net, + (des_cblock *)buf,8,sched,iv, + DES_DECRYPT); + if (!LEFT_JUSTIFIED) + memcpy(buf, buf+(8-num), num); /* Right justified */ + } + } + return(num); +} + +int +des_enc_write(int fd, char *buf, int len, struct des_ks_struct *sched, des_cblock *iv) +{ + long rnum; + int i,j,k,outnum; + char outbuf[BSIZE+HDRSIZE]; + char shortbuf[8]; + char *p; + static int start=1; + + /* If we are sending less than 8 bytes, the same char will look + * the same if we don't pad it out with random bytes */ + if (start) + { + start=0; + srand(time(NULL)); + } + + /* lets recurse if we want to send the data in small chunks */ + if (len > MAXWRITE) + { + j=0; + for (i=0; i<len; i+=k) + { + k=des_enc_write(fd,&(buf[i]), + ((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv); + if (k < 0) + return(k); + else + j+=k; + } + return(j); + } + + /* write length first */ + p=outbuf; + l2n(len,p); + + /* pad short strings */ + if (len < 8) + { + if (LEFT_JUSTIFIED) + { + p=shortbuf; + memcpy(shortbuf,buf,(unsigned int)len); + for (i=len; i<8; i++) + shortbuf[i]=rand(); + rnum=8; + } + else + { + p=shortbuf; + for (i=0; i<8-len; i++) + shortbuf[i]=rand(); + memcpy(shortbuf + 8 - len, buf, len); + rnum=8; + } + } + else + { + p=buf; + rnum=((len+7)/8*8); /* round up to nearest eight */ + } + + if (des_rw_mode & DES_PCBC_MODE) + des_pcbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]), + (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); + else + des_cbc_encrypt((des_cblock *)p,(des_cblock *)&(outbuf[HDRSIZE]), + (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); + + /* output */ + outnum=rnum+HDRSIZE; + + for (j=0; j<outnum; j+=i) + { + /* eay 26/08/92 I was not doing writing from where we + * got upto. */ + i=write(fd,&(outbuf[j]),(unsigned int)(outnum-j)); + if (i == -1) + { + if (errno == EINTR) + i=0; + else /* This is really a bad error - very bad + * It will stuff-up both ends. */ + return(-1); + } + } + + return(len); +} diff --git a/crypto/kerberosIV/appl/bsd/forkpty.c b/crypto/kerberosIV/appl/bsd/forkpty.c new file mode 100644 index 0000000..5c0aaaf --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/forkpty.c @@ -0,0 +1,461 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +#ifndef HAVE_FORKPTY + +RCSID("$Id: forkpty.c,v 1.52 1997/05/25 07:37:01 assar Exp $"); + +/* Only CRAY is known to have problems with forkpty(). */ +#if defined(CRAY) +static int forkpty_ok = 0; +#else +static int forkpty_ok = 1; +#endif + +#ifndef HAVE_PTSNAME +static char *ptsname(int fd) +{ +#ifdef HAVE_TTYNAME + return ttyname(fd); +#else + return NULL; +#endif +} +#endif + +#ifndef HAVE_GRANTPT +#define grantpt(fdm) (0) +#endif + +#ifndef HAVE_UNLOCKPT +#define unlockpt(fdm) (0) +#endif + +#ifndef HAVE_VHANGUP +#define vhangup() (0) +#endif + +#ifndef HAVE_REVOKE +static +void +revoke(char *line) +{ + int slave; + RETSIGTYPE (*ofun)(); + + if ( (slave = open(line, O_RDWR)) < 0) + return; + + ofun = signal(SIGHUP, SIG_IGN); + vhangup(); + signal(SIGHUP, ofun); + /* + * Some systems (atleast SunOS4) want to have the slave end open + * at all times to prevent a race in the child. Login will close + * it so it should really not be a problem. However for the + * paranoid we use the close on exec flag so it will only be open + * in the parent. Additionally since this will be the controlling + * tty of rlogind the final vhangup() in rlogind should hangup all + * processes. A working revoke would of course have been prefered + * though (sigh). + */ + fcntl(slave, F_SETFD, 1); + /* close(slave); */ +} +#endif + + +static int pty_major, pty_minor; + +static void +pty_scan_start(void) +{ + pty_major = -1; + pty_minor = 0; +} + +static char *bsd_1 = "0123456789abcdefghijklmnopqrstuv"; +/* there are many more */ +static char *bsd_2 = "pqrstuvwxyzabcdefghijklmnoABCDEFGHIJKLMNOPQRSTUVWXYZ"; + +static int +pty_scan_next(char *buf, size_t sz) +{ +#ifdef CRAY + if(++pty_major >= sysconf(_SC_CRAY_NPTY)) + return -1; + snprintf(buf, sz, "/dev/pty/%03d", pty_major); +#else + if(++pty_major == strlen(bsd_1)){ + pty_major = 0; + if(++pty_minor == strlen(bsd_2)) + return -1; + } +#ifdef __hpux + snprintf(buf, sz, "/dev/ptym/pty%c%c", bsd_2[pty_major], bsd_1[pty_minor]); +#else + snprintf(buf, sz, "/dev/pty%c%c", bsd_2[pty_major], bsd_1[pty_minor]); +#endif /* __hpux */ +#endif /* CRAY */ + return 0; +} + +static void +pty_scan_tty(char *buf, size_t sz) +{ +#ifdef CRAY + snprintf(buf, sz, "/dev/ttyp%03d", pty_major); +#elif defined(__hpux) + snprintf(buf, sz, "/dev/pty/tty%c%c", bsd_2[pty_major], bsd_1[pty_minor]); +#else + snprintf(buf, sz, "/dev/tty%c%c", bsd_2[pty_major], bsd_1[pty_minor]); +#endif +} + +static int +ptym_open_streams_flavor(char *pts_name, int *streams_pty) +{ + /* Try clone device master ptys */ + const char *const clone[] = { "/dev/ptc", "/dev/ptmx", + "/dev/ptm", "/dev/ptym/clone", 0 }; + int fdm; + const char *const *q; + + for (q = clone; *q; q++) { + fdm = open(*q, O_RDWR); + if (fdm >= 0) + break; + } + if (fdm >= 0) { + char *ptr1; + if ((ptr1 = ptsname(fdm)) != NULL) /* Get slave's name */ + strcpy(pts_name, ptr1); /* Return name of slave */ + else { + close(fdm); + return(-4); + } + if (grantpt(fdm) < 0) { /* Grant access to slave */ + close(fdm); + return(-2); + } + if (unlockpt(fdm) < 0) { /* Clear slave's lock flag */ + close(fdm); + return(-3); + } + return(fdm); /* return fd of master */ + } + return -1; +} + +static int +ptym_open_bsd_flavor(char *pts_name, int *streams_pty) +{ + int fdm; + char ptm[MaxPathLen]; + + pty_scan_start(); + + while (pty_scan_next(ptm, sizeof(ptm)) != -1) { + fdm = open(ptm, O_RDWR); + if (fdm < 0) + continue; +#if SunOS == 4 + /* Avoid a bug in SunOS4 ttydriver */ + if (fdm > 0) { + int pgrp; + if ((ioctl(fdm, TIOCGPGRP, &pgrp) == -1) + && (errno == EIO)) + /* All fine */; + else { + close(fdm); + continue; + } + } +#endif + pty_scan_tty(pts_name, sizeof(ptm)); +#if CRAY + /* this is some magic from the telnet code */ + { + struct stat sb; + if(stat(pts_name, &sb) < 0) { + close(fdm); + continue; + } + if(sb.st_uid || sb.st_gid || sb.st_mode != 0600) { + chown(pts_name, 0, 0); + chmod(pts_name, 0600); + close(fdm); + fdm = open(ptm, 2); + if (fdm < 0) + continue; + } + } + /* + * Now it should be safe...check for accessability. + */ + if (access(pts_name, 6) != 0){ + /* no tty side to pty so skip it */ + close(fdm); + continue; + } +#endif + return fdm; /* All done! */ + } + + /* We failed to find BSD style pty */ + errno = ENOENT; + return -1; +} + +/* + * + * Open a master pty either using the STREAM flavor or the BSD flavor. + * Depending on if there are any free ptys in the different classes we + * need to try both. Normally try STREAMS first and then BSD. + * + * Kludge alert: Under HP-UX 10 and perhaps other systems STREAM ptys + * doesn't get initialized properly so we try them in different order + * until the problem has been resolved. + * + */ +static int +ptym_open(char *pts_name, size_t pts_name_sz, int *streams_pty) +{ + int fdm; + +#ifdef HAVE__GETPTY + { + char *p = _getpty(&fdm, O_RDWR, 0600, 1); + if (p) { + *streams_pty = 1; + strcpy (pts_name, p); + return fdm; + } + } +#endif + +#ifdef STREAMSPTY + fdm = ptym_open_streams_flavor(pts_name, streams_pty); + if (fdm >= 0) + { + *streams_pty = 1; + return fdm; + } +#endif + + fdm = ptym_open_bsd_flavor(pts_name, streams_pty); + if (fdm >= 0) + { + *streams_pty = 0; + return fdm; + } + +#ifndef STREAMSPTY + fdm = ptym_open_streams_flavor(pts_name, streams_pty); + if (fdm >= 0) + { + *streams_pty = 1; + return fdm; + } +#endif + + return -1; +} + +static int +maybe_push_modules(int fd, char **modules) +{ +#ifdef I_PUSH + char **p; + int err; + + for(p=modules; *p; p++){ + err=ioctl(fd, I_FIND, *p); + if(err == 1) + break; + if(err < 0 && errno != EINVAL) + return -17; + /* module not pushed or does not exist */ + } + /* p points to null or to an already pushed module, now push all + modules before this one */ + + for(p--; p >= modules; p--){ + err = ioctl(fd, I_PUSH, *p); + if(err < 0 && errno != EINVAL) + return -17; + } +#endif + return 0; +} + +static int +ptys_open(int fdm, char *pts_name, int streams_pty) +{ + int fds; + + if (streams_pty) { + /* Streams style slave ptys */ + if ( (fds = open(pts_name, O_RDWR)) < 0) { + close(fdm); + return(-5); + } + + { + char *ttymodules[] = { "ttcompat", "ldterm", "ptem", NULL }; + char *ptymodules[] = { "pckt", NULL }; + + if(maybe_push_modules(fds, ttymodules)<0){ + close(fdm); + close(fds); + return -6; + } + if(maybe_push_modules(fdm, ptymodules)<0){ + close(fdm); + close(fds); + return -7; + } + } + } else { + /* BSD style slave ptys */ + struct group *grptr; + int gid; + if ( (grptr = getgrnam("tty")) != NULL) + gid = grptr->gr_gid; + else + gid = -1; /* group tty is not in the group file */ + + /* Grant access to slave */ + chown(pts_name, getuid(), gid); + chmod(pts_name, S_IRUSR | S_IWUSR | S_IWGRP); + + if ( (fds = open(pts_name, O_RDWR)) < 0) { + close(fdm); + return(-1); + } + } + return(fds); +} + +int +forkpty(int *ptrfdm, + char *slave_name, + struct termios *slave_termios, + struct winsize *slave_winsize) +{ + int fdm, fds, streams_pty; + pid_t pid; + char pts_name[20]; + + if (!forkpty_ok) + fatal(0, "Protocol not yet supported, use telnet", 0); + + if ( (fdm = ptym_open(pts_name, sizeof(pts_name), &streams_pty)) < 0) + return -1; + + if (slave_name != NULL) + strcpy(slave_name, pts_name); /* Return name of slave */ + + pid = fork(); + if (pid < 0) + return(-1); + else if (pid == 0) { /* Child */ + if (setsid() < 0) + fatal(0, "setsid() failure", errno); + + revoke(slave_name); + +#if defined(NeXT) || defined(ultrix) + /* The NeXT is severely broken, this makes things slightly + * better but we still doesn't get a working pty. If there + * where a TIOCSCTTY we could perhaps fix things but... The + * same problem also exists in xterm! */ + if (setpgrp(0, 0) < 0) + fatal(0, "NeXT kludge failed setpgrp", errno); +#endif + + /* SVR4 acquires controlling terminal on open() */ + if ( (fds = ptys_open(fdm, pts_name, streams_pty)) < 0) + return -1; + close(fdm); /* All done with master in child */ + +#if defined(TIOCSCTTY) && !defined(CIBAUD) && !defined(__hpux) + /* 44BSD way to acquire controlling terminal */ + /* !CIBAUD to avoid doing this under SunOS */ + if (ioctl(fds, TIOCSCTTY, (char *) 0) < 0) + return -1; +#endif +#if defined(NeXT) + { + int t = open("/dev/tty", O_RDWR); + if (t < 0) + fatal(0, "Failed to open /dev/tty", errno); + close(fds); + fds = t; + } +#endif + /* Set slave's termios and window size */ + if (slave_termios != NULL) { + if (tcsetattr(fds, TCSANOW, slave_termios) < 0) + return -1; + } +#ifdef TIOCSWINSZ + if (slave_winsize != NULL) { + if (ioctl(fds, TIOCSWINSZ, slave_winsize) < 0) + return -1; + } +#endif + /* slave becomes stdin/stdout/stderr of child */ + if (dup2(fds, STDIN_FILENO) != STDIN_FILENO) + return -1; + if (dup2(fds, STDOUT_FILENO) != STDOUT_FILENO) + return -1; + if (dup2(fds, STDERR_FILENO) != STDERR_FILENO) + return -1; + if (fds > STDERR_FILENO) + close(fds); + return(0); /* child returns 0 just like fork() */ + } + else { /* Parent */ + *ptrfdm = fdm; /* Return fd of master */ + return(pid); /* Parent returns pid of child */ + } +} +#endif /* HAVE_FORKPTY */ diff --git a/crypto/kerberosIV/appl/bsd/iruserok.c b/crypto/kerberosIV/appl/bsd/iruserok.c new file mode 100644 index 0000000..8349d85 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/iruserok.c @@ -0,0 +1,279 @@ +/* + * Copyright (c) 1983, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: iruserok.c,v 1.15 1997/03/23 04:54:00 assar Exp $"); + +#ifndef HAVE_IRUSEROK + +int __check_rhosts_file = 1; +char *__rcmd_errstr = 0; + +/* + * Returns "true" if match, 0 if no match. + */ +static +int +__icheckhost(u_int32_t raddr, const char *lhost) +{ + struct hostent *hp; + u_long laddr; + char **pp; + + /* Try for raw ip address first. */ + if (isdigit(*lhost) && (long)(laddr = inet_addr(lhost)) != -1) + return (raddr == laddr); + + /* Better be a hostname. */ + if ((hp = gethostbyname(lhost)) == NULL) + return (0); + + /* Spin through ip addresses. */ + for (pp = hp->h_addr_list; *pp; ++pp) + if (memcmp(&raddr, *pp, sizeof(u_long)) == 0) + return (1); + + /* No match. */ + return (0); +} + +#ifndef HAVE_INNETGR +static int +innetgr(const char *netgroup, const char *machine, + const char *user, const char *domain) +{ + return 0; +} +#endif + +/* + * Returns 0 if ok, -1 if not ok. + */ +static +int +__ivaliduser(FILE *hostf, u_int32_t raddr, const char *luser, + const char *ruser) +{ + char *user, *p; + int ch; + char buf[MaxHostNameLen + 128]; /* host + login */ + char hname[MaxHostNameLen]; + struct hostent *hp; + /* Presumed guilty until proven innocent. */ + int userok = 0, hostok = 0; +#ifdef HAVE_YP_GET_DEFAULT_DOMAIN + char *ypdomain; + + if (yp_get_default_domain(&ypdomain)) + ypdomain = NULL; +#else +#define ypdomain NULL +#endif + /* We need to get the damn hostname back for netgroup matching. */ + if ((hp = gethostbyaddr((char *)&raddr, + sizeof(u_long), + AF_INET)) == NULL) + return (-1); + strncpy(hname, hp->h_name, sizeof(hname)); + hname[sizeof(hname) - 1] = '\0'; + + while (fgets(buf, sizeof(buf), hostf)) { + p = buf; + /* Skip lines that are too long. */ + if (strchr(p, '\n') == NULL) { + while ((ch = getc(hostf)) != '\n' && ch != EOF); + continue; + } + if (*p == '\n' || *p == '#') { + /* comment... */ + continue; + } + while (*p != '\n' && *p != ' ' && *p != '\t' && *p != '\0') { + *p = isupper(*p) ? tolower(*p) : *p; + p++; + } + if (*p == ' ' || *p == '\t') { + *p++ = '\0'; + while (*p == ' ' || *p == '\t') + p++; + user = p; + while (*p != '\n' && *p != ' ' && + *p != '\t' && *p != '\0') + p++; + } else + user = p; + *p = '\0'; + /* + * Do +/- and +@/-@ checking. This looks really nasty, + * but it matches SunOS's behavior so far as I can tell. + */ + switch(buf[0]) { + case '+': + if (!buf[1]) { /* '+' matches all hosts */ + hostok = 1; + break; + } + if (buf[1] == '@') /* match a host by netgroup */ + hostok = innetgr((char *)&buf[2], + (char *)&hname, NULL, ypdomain); + else /* match a host by addr */ + hostok = __icheckhost(raddr,(char *)&buf[1]); + break; + case '-': /* reject '-' hosts and all their users */ + if (buf[1] == '@') { + if (innetgr((char *)&buf[2], + (char *)&hname, NULL, ypdomain)) + return(-1); + } else { + if (__icheckhost(raddr,(char *)&buf[1])) + return(-1); + } + break; + default: /* if no '+' or '-', do a simple match */ + hostok = __icheckhost(raddr, buf); + break; + } + switch(*user) { + case '+': + if (!*(user+1)) { /* '+' matches all users */ + userok = 1; + break; + } + if (*(user+1) == '@') /* match a user by netgroup */ + userok = innetgr(user+2, NULL, (char *)ruser, + ypdomain); + else /* match a user by direct specification */ + userok = !(strcmp(ruser, user+1)); + break; + case '-': /* if we matched a hostname, */ + if (hostok) { /* check for user field rejections */ + if (!*(user+1)) + return(-1); + if (*(user+1) == '@') { + if (innetgr(user+2, NULL, + (char *)ruser, ypdomain)) + return(-1); + } else { + if (!strcmp(ruser, user+1)) + return(-1); + } + } + break; + default: /* no rejections: try to match the user */ + if (hostok) + userok = !(strcmp(ruser,*user ? user : luser)); + break; + } + if (hostok && userok) + return(0); + } + return (-1); +} + +/* + * New .rhosts strategy: We are passed an ip address. We spin through + * hosts.equiv and .rhosts looking for a match. When the .rhosts only + * has ip addresses, we don't have to trust a nameserver. When it + * contains hostnames, we spin through the list of addresses the nameserver + * gives us and look for a match. + * + * Returns 0 if ok, -1 if not ok. + */ +int +iruserok(u_int32_t raddr, int superuser, const char *ruser, const char *luser) +{ + char *cp; + struct stat sbuf; + struct passwd *pwd; + FILE *hostf; + uid_t uid; + int first; + char pbuf[MaxPathLen]; + + first = 1; + hostf = superuser ? NULL : fopen(_PATH_HEQUIV, "r"); +again: + if (hostf) { + if (__ivaliduser(hostf, raddr, luser, ruser) == 0) { + fclose(hostf); + return (0); + } + fclose(hostf); + } + if (first == 1 && (__check_rhosts_file || superuser)) { + first = 0; + if ((pwd = k_getpwnam((char*)luser)) == NULL) + return (-1); + strcpy(pbuf, pwd->pw_dir); + strcat(pbuf, "/.rhosts"); + + /* + * Change effective uid while opening .rhosts. If root and + * reading an NFS mounted file system, can't read files that + * are protected read/write owner only. + */ + uid = geteuid(); + seteuid(pwd->pw_uid); + hostf = fopen(pbuf, "r"); + seteuid(uid); + + if (hostf == NULL) + return (-1); + /* + * If not a regular file, or is owned by someone other than + * user or root or if writeable by anyone but the owner, quit. + */ + cp = NULL; + if (lstat(pbuf, &sbuf) < 0) + cp = ".rhosts lstat failed"; + else if (!S_ISREG(sbuf.st_mode)) + cp = ".rhosts not regular file"; + else if (fstat(fileno(hostf), &sbuf) < 0) + cp = ".rhosts fstat failed"; + else if (sbuf.st_uid && sbuf.st_uid != pwd->pw_uid) + cp = "bad .rhosts owner"; + else if (sbuf.st_mode & (S_IWGRP|S_IWOTH)) + cp = ".rhosts writeable by other than owner"; + /* If there were any problems, quit. */ + if (cp) { + __rcmd_errstr = cp; + fclose(hostf); + return (-1); + } + goto again; + } + return (-1); +} + +#endif /* !HAVE_IRUSEROK */ diff --git a/crypto/kerberosIV/appl/bsd/kcmd.c b/crypto/kerberosIV/appl/bsd/kcmd.c new file mode 100644 index 0000000..9fa7ab2 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/kcmd.c @@ -0,0 +1,270 @@ +/* + * Copyright (c) 1983, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: kcmd.c,v 1.19 1997/05/02 14:27:42 assar Exp $"); + +#define START_PORT 5120 /* arbitrary */ + +static int +getport(int *alport) +{ + struct sockaddr_in sin; + int s; + + sin.sin_family = AF_INET; + sin.sin_addr.s_addr = INADDR_ANY; + s = socket(AF_INET, SOCK_STREAM, 0); + if (s < 0) + return (-1); + for (;;) { + sin.sin_port = htons((u_short)*alport); + if (bind(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0) + return (s); + if (errno != EADDRINUSE) { + close(s); + return (-1); + } + (*alport)--; +#ifdef ATHENA_COMPAT + if (*alport == IPPORT_RESERVED/2) { +#else + if (*alport == IPPORT_RESERVED) { +#endif + close(s); + errno = EAGAIN; /* close */ + return (-1); + } + } +} + +int +kcmd(int *sock, + char **ahost, + u_int16_t rport, + char *locuser, + char *remuser, + char *cmd, + int *fd2p, + KTEXT ticket, + char *service, + char *realm, + CREDENTIALS *cred, + Key_schedule schedule, + MSG_DAT *msg_data, + struct sockaddr_in *laddr, + struct sockaddr_in *faddr, + int32_t authopts) +{ + int s, timo = 1; + pid_t pid; + struct sockaddr_in sin, from; + char c; +#ifdef ATHENA_COMPAT + int lport = IPPORT_RESERVED - 1; +#else + int lport = START_PORT; +#endif + struct hostent *hp; + int rc; + char *host_save; + int status; + + pid = getpid(); + hp = gethostbyname(*ahost); + if (hp == NULL) { + /* fprintf(stderr, "%s: unknown host\n", *ahost); */ + return (-1); + } + + host_save = strdup(hp->h_name); + if (host_save == NULL) + return -1; + *ahost = host_save; + + /* If realm is null, look up from table */ + if (realm == NULL || realm[0] == '\0') + realm = krb_realmofhost(host_save); + + for (;;) { + s = getport(&lport); + if (s < 0) { + if (errno == EAGAIN) + warnx("kcmd(socket): All ports in use\n"); + else + warn("kcmd: socket"); + return (-1); + } + sin.sin_family = hp->h_addrtype; + memcpy (&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr)); + sin.sin_port = rport; + if (connect(s, (struct sockaddr *)&sin, sizeof(sin)) >= 0) + break; + close(s); + if (errno == EADDRINUSE) { + lport--; + continue; + } + /* + * don't wait very long for Kerberos rcmd. + */ + if (errno == ECONNREFUSED && timo <= 4) { + /* sleep(timo); don't wait at all here */ + timo *= 2; + continue; + } + if (hp->h_addr_list[1] != NULL) { + warn ("kcmd: connect (%s)", + inet_ntoa(sin.sin_addr)); + hp->h_addr_list++; + memcpy(&sin.sin_addr, + hp->h_addr_list[0], + sizeof(sin.sin_addr)); + fprintf(stderr, "Trying %s...\n", + inet_ntoa(sin.sin_addr)); + continue; + } + if (errno != ECONNREFUSED) + warn ("connect(%s)", hp->h_name); + return (-1); + } + lport--; + if (fd2p == 0) { + write(s, "", 1); + lport = 0; + } else { + char num[8]; + int s2 = getport(&lport), s3; + int len = sizeof(from); + + if (s2 < 0) { + status = -1; + goto bad; + } + listen(s2, 1); + snprintf(num, sizeof(num), "%d", lport); + if (write(s, num, strlen(num) + 1) != strlen(num) + 1) { + warn("kcmd(write): setting up stderr"); + close(s2); + status = -1; + goto bad; + } + { + fd_set fds; + FD_ZERO(&fds); + FD_SET(s, &fds); + FD_SET(s2, &fds); + status = select(FD_SETSIZE, &fds, NULL, NULL, NULL); + if(FD_ISSET(s, &fds)){ + warnx("kcmd: connection unexpectedly closed."); + close(s2); + status = -1; + goto bad; + } + } + s3 = accept(s2, (struct sockaddr *)&from, &len); + close(s2); + if (s3 < 0) { + warn ("kcmd: accept"); + lport = 0; + status = -1; + goto bad; + } + + *fd2p = s3; + from.sin_port = ntohs((u_short)from.sin_port); + if (from.sin_family != AF_INET || + from.sin_port >= IPPORT_RESERVED) { + warnx("kcmd(socket): " + "protocol failure in circuit setup."); + status = -1; + goto bad2; + } + } + /* + * Kerberos-authenticated service. Don't have to send locuser, + * since its already in the ticket, and we'll extract it on + * the other side. + */ + /* write(s, locuser, strlen(locuser)+1); */ + + /* set up the needed stuff for mutual auth, but only if necessary */ + if (authopts & KOPT_DO_MUTUAL) { + int sin_len; + *faddr = sin; + + sin_len = sizeof(struct sockaddr_in); + if (getsockname(s, (struct sockaddr *)laddr, &sin_len) < 0) { + warn("kcmd(getsockname)"); + status = -1; + goto bad2; + } + } + if ((status = krb_sendauth(authopts, s, ticket, service, *ahost, + realm, (unsigned long) getpid(), msg_data, + cred, schedule, + laddr, + faddr, + "KCMDV0.1")) != KSUCCESS) + goto bad2; + + write(s, remuser, strlen(remuser)+1); + write(s, cmd, strlen(cmd)+1); + + if ((rc = read(s, &c, 1)) != 1) { + if (rc == -1) + warn("read(%s)", *ahost); + else + warnx("kcmd: bad connection with remote host"); + status = -1; + goto bad2; + } + if (c != '\0') { + while (read(s, &c, 1) == 1) { + write(2, &c, 1); + if (c == '\n') + break; + } + status = -1; + goto bad2; + } + *sock = s; + return (KSUCCESS); +bad2: + if (lport) + close(*fd2p); +bad: + close(s); + return (status); +} diff --git a/crypto/kerberosIV/appl/bsd/klogin.c b/crypto/kerberosIV/appl/bsd/klogin.c new file mode 100644 index 0000000..321da64 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/klogin.c @@ -0,0 +1,184 @@ +/*- + * Copyright (c) 1990, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: klogin.c,v 1.20 1997/05/02 14:27:42 assar Exp $"); + +#ifdef KERBEROS + +#define VERIFY_SERVICE "rcmd" + +extern int notickets; +extern char *krbtkfile_env; + +static char tkt_location[MaxPathLen]; + +/* + * Attempt to log the user in using Kerberos authentication + * + * return 0 on success (will be logged in) + * 1 if Kerberos failed (try local password in login) + */ +int +klogin(struct passwd *pw, char *instance, char *localhost, char *password) +{ + int kerror; + AUTH_DAT authdata; + KTEXT_ST ticket; + struct hostent *hp; + u_int32_t faddr; + char realm[REALM_SZ], savehost[MaxHostNameLen]; + extern int noticketsdontcomplain; + +#ifdef KLOGIN_PARANOID + noticketsdontcomplain = 0; /* enable warning message */ +#endif + /* + * Root logins don't use Kerberos. + * If we have a realm, try getting a ticket-granting ticket + * and using it to authenticate. Otherwise, return + * failure so that we can try the normal passwd file + * for a password. If that's ok, log the user in + * without issuing any tickets. + */ + if (strcmp(pw->pw_name, "root") == 0 || + krb_get_lrealm(realm, 0) != KSUCCESS) + return (1); + + noticketsdontcomplain = 0; /* enable warning message */ + + /* + * get TGT for local realm + * tickets are stored in a file named TKT_ROOT plus uid + * except for user.root tickets. + */ + + if (strcmp(instance, "root") != 0) + snprintf(tkt_location, sizeof(tkt_location), + "%s%u_%u", + TKT_ROOT, (unsigned)pw->pw_uid, (unsigned)getpid()); + else { + snprintf(tkt_location, sizeof(tkt_location), + "%s_root_%d", TKT_ROOT, + (unsigned)pw->pw_uid); + } + krbtkfile_env = tkt_location; + krb_set_tkt_string(tkt_location); + + kerror = krb_get_pw_in_tkt(pw->pw_name, instance, + realm, KRB_TICKET_GRANTING_TICKET, realm, + DEFAULT_TKT_LIFE, password); + + /* + * If we got a TGT, get a local "rcmd" ticket and check it so as to + * ensure that we are not talking to a bogus Kerberos server. + * + * There are 2 cases where we still allow a login: + * 1: the VERIFY_SERVICE doesn't exist in the KDC + * 2: local host has no srvtab, as (hopefully) indicated by a + * return value of RD_AP_UNDEC from krb_rd_req(). + */ + if (kerror != INTK_OK) { + if (kerror != INTK_BADPW && kerror != KDC_PR_UNKNOWN) { + syslog(LOG_ERR, "Kerberos intkt error: %s", + krb_get_err_text(kerror)); + dest_tkt(); + } + return (1); + } + + if (chown(TKT_FILE, pw->pw_uid, pw->pw_gid) < 0) + syslog(LOG_ERR, "chown tkfile (%s): %m", TKT_FILE); + + strncpy(savehost, krb_get_phost(localhost), sizeof(savehost)); + savehost[sizeof(savehost)-1] = '\0'; + +#ifdef KLOGIN_PARANOID + /* + * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host, + * don't allow kerberos login, also log the error condition. + */ + + kerror = krb_mk_req(&ticket, VERIFY_SERVICE, savehost, realm, 33); + if (kerror == KDC_PR_UNKNOWN) { + syslog(LOG_NOTICE, + "warning: TGT not verified (%s); %s.%s not registered, or srvtab is wrong?", + krb_get_err_text(kerror), VERIFY_SERVICE, savehost); + notickets = 0; + return (1); + } + + if (kerror != KSUCCESS) { + warnx("unable to use TGT: (%s)", krb_get_err_text(kerror)); + syslog(LOG_NOTICE, "unable to use TGT: (%s)", + krb_get_err_text(kerror)); + dest_tkt(); + return (1); + } + + if (!(hp = gethostbyname(localhost))) { + syslog(LOG_ERR, "couldn't get local host address"); + dest_tkt(); + return (1); + } + + memcpy(&faddr, hp->h_addr, sizeof(faddr)); + + kerror = krb_rd_req(&ticket, VERIFY_SERVICE, savehost, faddr, + &authdata, ""); + + if (kerror == KSUCCESS) { + notickets = 0; + return (0); + } + + /* undecipherable: probably didn't have a srvtab on the local host */ + if (kerror == RD_AP_UNDEC) { + syslog(LOG_NOTICE, "krb_rd_req: (%s)\n", krb_get_err_text(kerror)); + dest_tkt(); + return (1); + } + /* failed for some other reason */ + warnx("unable to verify %s ticket: (%s)", VERIFY_SERVICE, + krb_get_err_text(kerror)); + syslog(LOG_NOTICE, "couldn't verify %s ticket: %s", VERIFY_SERVICE, + krb_get_err_text(kerror)); + dest_tkt(); + return (1); +#else + notickets = 0; + return (0); +#endif +} +#endif diff --git a/crypto/kerberosIV/appl/bsd/krcmd.c b/crypto/kerberosIV/appl/bsd/krcmd.c new file mode 100644 index 0000000..8c3c6f3 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/krcmd.c @@ -0,0 +1,117 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: krcmd.c,v 1.10 1997/03/30 18:20:18 joda Exp $"); + +#define SERVICE_NAME "rcmd" + +/* + * krcmd: simplified version of Athena's "kcmd" + * returns a socket attached to the destination, -1 or krb error on error + * if fd2p is non-NULL, another socket is filled in for it + */ + +int +krcmd(char **ahost, u_short rport, char *remuser, char *cmd, int *fd2p, char *realm) +{ + int sock = -1, err = 0; + KTEXT_ST ticket; + long authopts = 0L; + + err = kcmd( + &sock, + ahost, + rport, + NULL, /* locuser not used */ + remuser, + cmd, + fd2p, + &ticket, + SERVICE_NAME, + realm, + (CREDENTIALS *) NULL, /* credentials not used */ + 0, /* key schedule not used */ + (MSG_DAT *) NULL, /* MSG_DAT not used */ + (struct sockaddr_in *) NULL, /* local addr not used */ + (struct sockaddr_in *) NULL, /* foreign addr not used */ + authopts + ); + + if (err > KSUCCESS && err < MAX_KRB_ERRORS) { + warning("krcmd: %s", krb_get_err_text(err)); + return(-1); + } + if (err < 0) + return(-1); + return(sock); +} + +int +krcmd_mutual(char **ahost, u_short rport, char *remuser, char *cmd, int *fd2p, char *realm, CREDENTIALS *cred, Key_schedule sched) +{ + int sock, err; + KTEXT_ST ticket; + MSG_DAT msg_dat; + struct sockaddr_in laddr, faddr; + long authopts = KOPT_DO_MUTUAL; + + err = kcmd( + &sock, + ahost, + rport, + NULL, /* locuser not used */ + remuser, + cmd, + fd2p, + &ticket, + SERVICE_NAME, + realm, + cred, /* filled in */ + sched, /* filled in */ + &msg_dat, /* filled in */ + &laddr, /* filled in */ + &faddr, /* filled in */ + authopts + ); + + if (err > KSUCCESS && err < MAX_KRB_ERRORS) { + warnx("krcmd_mutual: %s", krb_get_err_text(err)); + return(-1); + } + + if (err < 0) + return (-1); + return(sock); +} diff --git a/crypto/kerberosIV/appl/bsd/login.c b/crypto/kerberosIV/appl/bsd/login.c new file mode 100644 index 0000000..c436f8d --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/login.c @@ -0,0 +1,990 @@ +/*- + * Copyright (c) 1980, 1987, 1988, 1991, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * login [ name ] + * login -h hostname (for telnetd, etc.) + * login -f name (for pre-authenticated login: datakit, xterm, etc.) + */ + +#include "bsd_locl.h" + +RCSID("$Id: login.c,v 1.104 1997/05/20 20:35:06 assar Exp $"); + +#include <otp.h> + +#include "sysv_default.h" +#ifdef SYSV_SHADOW +#include "sysv_shadow.h" +#endif + +static void badlogin (char *); +static void checknologin (void); +static void dolastlog (int); +static void getloginname (int); +static int rootterm (char *); +static char *stypeof (char *); +static RETSIGTYPE timedout (int); +static int doremotelogin (char *); +void login_fbtab (char *, uid_t, gid_t); +#ifdef KERBEROS +int klogin (struct passwd *, char *, char *, char *); +#endif + +#define TTYGRPNAME "tty" /* name of group to own ttys */ + +/* + * This bounds the time given to login. Change it in + * `/etc/default/login'. + */ + +static u_int login_timeout; + +#ifdef KERBEROS +int notickets = 1; +int noticketsdontcomplain = 1; +char *instance; +char *krbtkfile_env; +int authok; +#endif + +#ifdef HAVE_SHADOW_H +static struct spwd *spwd = NULL; +#endif + +static char *ttyprompt; + +static struct passwd *pwd; +static int failures; +static char term[64], *hostname, *username, *tty; + +static char rusername[100], lusername[100]; + +static int +change_passwd(struct passwd *who) +{ + int status; + int pid; + int wpid; + + switch (pid = fork()) { + case -1: + warn("fork /bin/passwd"); + sleepexit(1); + case 0: + execlp("/bin/passwd", "passwd", who->pw_name, (char *) 0); + _exit(1); + default: + while ((wpid = wait(&status)) != -1 && wpid != pid) + /* void */ ; + return (status); + } +} + +#ifndef NO_MOTD /* message of the day stuff */ + +jmp_buf motdinterrupt; + +static RETSIGTYPE +sigint(int signo) +{ + longjmp(motdinterrupt, 1); +} + +static void +motd(void) +{ + int fd, nchars; + RETSIGTYPE (*oldint)(); + char tbuf[8192]; + + if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0) + return; + oldint = signal(SIGINT, sigint); + if (setjmp(motdinterrupt) == 0) + while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) + write(fileno(stdout), tbuf, nchars); + signal(SIGINT, oldint); + close(fd); +} + +#endif /* !NO_MOTD */ + +#define AUTH_NONE 0 +#define AUTH_OTP 1 + +/* + * getpwnam and try to detect the worst form of NIS attack. + */ + +static struct passwd * +paranoid_getpwnam (char *user) +{ + struct passwd *p; + + p = k_getpwnam (user); + if (p == NULL) + return p; + if (p->pw_uid == 0 && strcmp (username, "root") != 0) { + syslog (LOG_ALERT, + "NIS attack, user %s has uid 0", username); + return NULL; + } + return p; +} + +int +main(int argc, char **argv) +{ + struct group *gr; + int ask, ch, cnt, fflag, hflag, pflag, quietlog, nomailcheck; + int rootlogin, rval; + int rflag; + int changepass = 0; + uid_t uid; + char *domain, *p, passwd[128], *ttyn; + char tbuf[MaxPathLen + 2], tname[sizeof(_PATH_TTY) + 10]; + char localhost[MaxHostNameLen]; + char full_hostname[MaxHostNameLen]; + int auth_level = AUTH_NONE; + OtpContext otp_ctx; + int mask = 022; /* Default umask (set below) */ + int maxtrys = 5; /* Default number of allowed failed logins */ + + set_progname(argv[0]); + + openlog("login", LOG_ODELAY, LOG_AUTH); + + /* Read defaults file and set the login timeout period. */ + sysv_defaults(); + login_timeout = atoi(default_timeout); + maxtrys = atoi(default_maxtrys); + if (sscanf(default_umask, "%o", &mask) != 1 || (mask & ~0777)) + syslog(LOG_WARNING, "bad umask default: %s", default_umask); + else + umask(mask); + + signal(SIGALRM, timedout); + alarm(login_timeout); + signal(SIGQUIT, SIG_IGN); + signal(SIGINT, SIG_IGN); + setpriority(PRIO_PROCESS, 0, 0); + + /* + * -p is used by getty to tell login not to destroy the environment + * -f is used to skip a second login authentication + * -h is used by other servers to pass the name of the remote + * host to login so that it may be placed in utmp and wtmp + * -r is used by old-style rlogind to execute the autologin protocol + */ + + *full_hostname = '\0'; + domain = NULL; + if (k_gethostname(localhost, sizeof(localhost)) < 0) + syslog(LOG_ERR, "couldn't get local hostname: %m"); + else + domain = strchr(localhost, '.'); + + fflag = hflag = pflag = rflag = 0; + uid = getuid(); + while ((ch = getopt(argc, argv, "a:d:fh:pr:")) != EOF) + switch (ch) { + case 'a': + if (strcmp (optarg, "none") == 0) + auth_level = AUTH_NONE; + else if (strcmp (optarg, "otp") == 0) + auth_level = AUTH_OTP; + else + warnx ("bad value for -a: %s", optarg); + break; + case 'd': + break; + case 'f': + fflag = 1; + break; + case 'h': + if (rflag || hflag) { + printf("Only one of -r and -h allowed\n"); + exit(1); + } + if (uid) + errx(1, "-h option: %s", strerror(EPERM)); + hflag = 1; + strncpy(full_hostname, optarg, sizeof(full_hostname)-1); + if (domain && (p = strchr(optarg, '.')) && + strcasecmp(p, domain) == 0) + *p = 0; + hostname = optarg; + break; + case 'p': + if (getuid()) { + warnx("-p for super-user only."); + exit(1); + } + pflag = 1; + break; + case 'r': + if (rflag || hflag) { + warnx("Only one of -r and -h allowed\n"); + exit(1); + } + if (getuid()) { + warnx("-r for super-user only."); + exit(1); + } + rflag = 1; + strncpy(full_hostname, optarg, sizeof(full_hostname)-1); + if (domain && (p = strchr(optarg, '.')) && + strcasecmp(p, domain) == 0) + *p = 0; + hostname = optarg; + fflag = (doremotelogin(full_hostname) == 0); + break; + case '?': + default: + if (!uid) + syslog(LOG_ERR, "invalid flag %c", ch); + fprintf(stderr, + "usage: login [-fp] [-a otp]" + "[-h hostname | -r hostname] [username]\n"); + exit(1); + } + argc -= optind; + argv += optind; + + if (geteuid() != 0) { + warnx("only root may use login, use su"); + /* Or install login setuid root, which is not necessary */ + sleep(10); + exit(1); + } + /* + * Figure out if we should ask for the username or not. The name + * may be given on the command line or via the environment, and + * it may even be in the terminal input queue. + */ + if (rflag) { + username = lusername; + ask = 0; + } else + if (*argv && strchr(*argv, '=')) { + ask = 1; + } else + if (*argv && strcmp(*argv, "-") == 0) { + argc--; + argv++; + ask = 1; + } else + if (*argv) { + username = *argv; + ask = 0; + argc--; + argv++; + } else if ((ttyprompt = getenv("TTYPROMPT")) && *ttyprompt) { + getloginname(0); + ask = 0; + } else + ask = 1; + + /* Default tty settings. */ + stty_default(); + + for (cnt = getdtablesize(); cnt > 2; cnt--) + close(cnt); + + /* + * Determine the tty name. BSD takes the basename, SYSV4 takes + * whatever remains after stripping the "/dev/" prefix. The code + * below should produce sensible results in either environment. + */ + ttyn = ttyname(STDIN_FILENO); + if (ttyn == NULL || *ttyn == '\0') { + snprintf(tname, sizeof(tname), "%s??", _PATH_TTY); + ttyn = tname; + } + if ((tty = strchr(ttyn + 1, '/'))) + ++tty; + else + tty = ttyn; + + for (cnt = 0;; ask = 1) { + char prompt[128], ss[256]; + if (ask) { + fflag = 0; + getloginname(1); + } + rootlogin = 0; + rval = 1; +#ifdef KERBEROS + if ((instance = strchr(username, '.')) != NULL) { + if (strcmp(instance, ".root") == 0) + rootlogin = 1; + *instance++ = '\0'; + } else + instance = ""; +#endif + if (strlen(username) > UT_NAMESIZE) + username[UT_NAMESIZE] = '\0'; + + /* + * Note if trying multiple user names; log failures for + * previous user name, but don't bother logging one failure + * for nonexistent name (mistyped username). + */ + if (failures && strcmp(tbuf, username)) { + if (failures > (pwd ? 0 : 1)) + badlogin(tbuf); + failures = 0; + } + strcpy(tbuf, username); + + pwd = paranoid_getpwnam (username); + + /* + * if we have a valid account name, and it doesn't have a + * password, or the -f option was specified and the caller + * is root or the caller isn't changing their uid, don't + * authenticate. + */ + if (pwd) { + if (pwd->pw_uid == 0) + rootlogin = 1; + + if (fflag && (uid == 0 || uid == pwd->pw_uid)) { + /* already authenticated */ + break; + } else if (pwd->pw_passwd[0] == '\0') { + /* pretend password okay */ + rval = 0; + goto ttycheck; + } + } + + fflag = 0; + + setpriority(PRIO_PROCESS, 0, -4); + + if (otp_challenge (&otp_ctx, username, + ss, sizeof(ss)) == 0) + snprintf (prompt, sizeof(prompt), "%s's %s Password: ", + username, ss); + else { + if (auth_level == AUTH_NONE) + snprintf(prompt, sizeof(prompt), "%s's Password: ", + username); + else { + char *s; + + rval = 1; + s = otp_error(&otp_ctx); + if(s) + printf ("OTP: %s\n", s); + continue; + } + } + + if (des_read_pw_string (passwd, sizeof(passwd) - 1, prompt, 0)) + continue; + passwd[sizeof(passwd) - 1] = '\0'; + + /* Verify it somehow */ + + if (otp_verify_user (&otp_ctx, passwd) == 0) + rval = 0; + else if (pwd == NULL) + ; + else if (auth_level == AUTH_NONE) { + uid_t pwd_uid = pwd->pw_uid; + + rval = unix_verify_user (username, passwd); + + if (rval == 0) + { + if (rootlogin && pwd_uid != 0) + rootlogin = 0; + } + else + { + rval = klogin(pwd, instance, localhost, passwd); + if (rval != 0 && rootlogin && pwd_uid != 0) + rootlogin = 0; + if (rval == 0) + authok = 1; + } + } else { + char *s; + + rval = 1; + if ((s = otp_error(&otp_ctx))) + printf ("OTP: %s\n", s); + } + + memset (passwd, 0, sizeof(passwd)); + setpriority (PRIO_PROCESS, 0, 0); + + /* + * Santa Claus, give me a portable and reentrant getpwnam. + */ + pwd = paranoid_getpwnam (username); + + ttycheck: + /* + * If trying to log in as root without Kerberos, + * but with insecure terminal, refuse the login attempt. + */ +#ifdef KERBEROS + if (authok == 0) +#endif + if (pwd && !rval && rootlogin && !rootterm(tty) + && !rootterm(ttyn)) { + warnx("%s login refused on this terminal.", + pwd->pw_name); + if (hostname) + syslog(LOG_NOTICE, + "LOGIN %s REFUSED FROM %s ON TTY %s", + pwd->pw_name, hostname, tty); + else + syslog(LOG_NOTICE, + "LOGIN %s REFUSED ON TTY %s", + pwd->pw_name, tty); + continue; + } + + if (rval == 0) + break; + + printf("Login incorrect\n"); + failures++; + + /* max number of attemps and delays taken from defaults file */ + /* we allow maxtrys tries, but after 2 we start backing off */ + if (++cnt > 2) { + if (cnt >= maxtrys) { + badlogin(username); + sleepexit(1); + } + sleep((u_int)((cnt - 2) * atoi(default_sleep))); + } + } + + /* committed to login -- turn off timeout */ + alarm(0); + + endpwent(); + +#if defined(HAVE_GETUDBNAM) && defined(HAVE_SETLIM) + { + struct udb *udb; + long t; + const long maxcpu = 46116860184; /* some random constant */ + udb = getudbnam(pwd->pw_name); + if(udb == UDB_NULL){ + warnx("Failed to get UDB entry."); + exit(1); + } + t = udb->ue_pcpulim[UDBRC_INTER]; + if(t == 0 || t > maxcpu) + t = CPUUNLIM; + else + t *= 100 * CLOCKS_PER_SEC; + + if(limit(C_PROC, 0, L_CPU, t) < 0) + warn("limit C_PROC"); + + t = udb->ue_jcpulim[UDBRC_INTER]; + if(t == 0 || t > maxcpu) + t = CPUUNLIM; + else + t *= 100 * CLOCKS_PER_SEC; + + if(limit(C_JOBPROCS, 0, L_CPU, t) < 0) + warn("limit C_JOBPROCS"); + + nice(udb->ue_nice[UDBRC_INTER]); + } +#endif + /* if user not super-user, check for disabled logins */ + if (!rootlogin) + checknologin(); + + if (chdir(pwd->pw_dir) < 0) { + printf("No home directory %s!\n", pwd->pw_dir); + if (chdir("/")) + exit(0); + pwd->pw_dir = "/"; + printf("Logging in with home = \"/\".\n"); + } + + quietlog = access(_PATH_HUSHLOGIN, F_OK) == 0; + nomailcheck = access(_PATH_NOMAILCHECK, F_OK) == 0; + +#if defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) + if (pwd->pw_change || pwd->pw_expire) + gettimeofday(&tp, (struct timezone *)NULL); + + if (pwd->pw_change) + if (tp.tv_sec >= pwd->pw_change) { + printf("Sorry -- your password has expired.\n"); + changepass=1; + } else if (pwd->pw_change - tp.tv_sec < + 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) + printf("Warning: your password expires on %s", + ctime(&pwd->pw_change)); + if (pwd->pw_expire) + if (tp.tv_sec >= pwd->pw_expire) { + printf("Sorry -- your account has expired.\n"); + sleepexit(1); + } else if (pwd->pw_expire - tp.tv_sec < + 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) + printf("Warning: your account expires on %s", + ctime(&pwd->pw_expire)); +#endif /* defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) */ + + /* Nothing else left to fail -- really log in. */ + + /* + * Update the utmp files, both BSD and SYSV style. + */ + if (utmpx_login(tty, username, hostname ? hostname : "") != 0 + && !fflag) { + printf("No utmpx entry. You must exec \"login\" from the lowest level \"sh\".\n"); + sleepexit(0); + } + utmp_login(ttyn, username, hostname ? hostname : ""); + dolastlog(quietlog); + + /* + * Set device protections, depending on what terminal the + * user is logged in. This feature is used on Suns to give + * console users better privacy. + */ + login_fbtab(tty, pwd->pw_uid, pwd->pw_gid); + + chown(ttyn, pwd->pw_uid, + (gr = getgrnam(TTYGRPNAME)) ? gr->gr_gid : pwd->pw_gid); + chmod(ttyn, S_IRUSR | S_IWUSR | S_IWGRP); + setgid(pwd->pw_gid); + + initgroups(username, pwd->pw_gid); + + if (*pwd->pw_shell == '\0') + pwd->pw_shell = _PATH_BSHELL; + + /* + * Set up a new environment. With SYSV, some variables are always + * preserved; some varables are never preserved, and some variables + * are always clobbered. With BSD, nothing is always preserved, and + * some variables are always clobbered. We add code to make sure + * that LD_* and IFS are never preserved. + */ + if (term[0] == '\0') + strncpy(term, stypeof(tty), sizeof(term)); + /* set up a somewhat censored environment. */ + sysv_newenv(argc, argv, pwd, term, pflag); +#ifdef KERBEROS + if (krbtkfile_env) + setenv("KRBTKFILE", krbtkfile_env, 1); +#endif + + if (tty[sizeof("tty")-1] == 'd') + syslog(LOG_INFO, "DIALUP %s, %s", tty, pwd->pw_name); + + /* If fflag is on, assume caller/authenticator has logged root login. */ + if (rootlogin && fflag == 0) + if (hostname) + syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s FROM %s", + username, tty, hostname); + else + syslog(LOG_NOTICE, "ROOT LOGIN (%s) ON %s", username, tty); + +#ifdef KERBEROS + if (!quietlog && notickets == 1 && !noticketsdontcomplain) + printf("Warning: no Kerberos tickets issued.\n"); +#endif + +#ifdef LOGALL + /* + * Syslog each successful login, so we don't have to watch hundreds + * of wtmp or lastlogin files. + */ + if (hostname) { + syslog(LOG_INFO, "login from %s as %s", hostname, pwd->pw_name); + } else { + syslog(LOG_INFO, "login on %s as %s", tty, pwd->pw_name); + } +#endif + +#ifndef NO_MOTD + /* + * Optionally show the message of the day. System V login leaves + * motd and mail stuff up to the shell startup file. + */ + if (!quietlog) { + struct stat st; +#if 0 + printf("%s\n\t%s %s\n\n", + "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994", + "The Regents of the University of California. ", + "All rights reserved."); +#endif + motd(); + if(!nomailcheck){ + snprintf(tbuf, sizeof(tbuf), "%s/%s", _PATH_MAILDIR, pwd->pw_name); + if (stat(tbuf, &st) == 0 && st.st_size != 0) + printf("You have %smail.\n", + (st.st_mtime > st.st_atime) ? "new " : ""); + } + } +#endif /* NO_MOTD */ + +#ifdef LOGIN_ACCESS + if (login_access(pwd->pw_name, hostname ? full_hostname : tty) == 0) { + printf("Permission denied\n"); + if (hostname) + syslog(LOG_NOTICE, "%s LOGIN REFUSED FROM %s", + pwd->pw_name, hostname); + else + syslog(LOG_NOTICE, "%s LOGIN REFUSED ON %s", + pwd->pw_name, tty); + sleepexit(1); + } +#endif + + signal(SIGALRM, SIG_DFL); + signal(SIGQUIT, SIG_DFL); + signal(SIGINT, SIG_DFL); + signal(SIGTSTP, SIG_IGN); + + tbuf[0] = '-'; + strcpy(tbuf + 1, (p = strrchr(pwd->pw_shell, '/')) ? + p + 1 : pwd->pw_shell); + +#ifdef HAVE_SETLOGIN + if (setlogin(pwd->pw_name) < 0) + syslog(LOG_ERR, "setlogin() failure: %m"); +#endif + +#ifdef HAVE_SETPCRED + if (setpcred (pwd->pw_name, NULL) == -1) + syslog(LOG_ERR, "setpcred() failure: %m"); +#endif /* HAVE_SETPCRED */ + +#if defined(SYSV_SHADOW) && defined(HAVE_GETSPNAM) + spwd = getspnam (username); + endspent (); +#endif + /* Discard permissions last so can't get killed and drop core. */ + { + int uid = rootlogin ? 0 : pwd->pw_uid; + if(setuid(uid) != 0){ + warn("setuid(%d)", uid); + if(!rootlogin) + exit(1); + } + } + + + /* + * After dropping privileges and after cleaning up the environment, + * optionally run, as the user, /bin/passwd. + */ + + if (pwd->pw_passwd[0] == 0 && + strcasecmp(default_passreq, "YES") == 0) { + printf("You don't have a password. Choose one.\n"); + if (change_passwd(pwd)) + sleepexit(0); + changepass = 0; + } + +#ifdef SYSV_SHADOW + if (spwd && sysv_expire(spwd)) { + if (change_passwd(pwd)) + sleepexit(0); + changepass = 0; + } +#endif /* SYSV_SHADOW */ + if (changepass) { + int res; + if ((res=system(_PATH_CHPASS))) + sleepexit(1); + } + + if (k_hasafs()) { + char cell[64]; + k_setpag(); + if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0) + k_afsklog(cell, 0); + k_afsklog(0, 0); + } + + execlp(pwd->pw_shell, tbuf, 0); + if (getuid() == 0) { + warnx("Can't exec %s, trying %s\n", + pwd->pw_shell, _PATH_BSHELL); + execlp(_PATH_BSHELL, tbuf, 0); + err(1, "%s", _PATH_BSHELL); + } + err(1, "%s", pwd->pw_shell); + return 1; +} + +#ifdef KERBEROS +#define NBUFSIZ (UT_NAMESIZE + 1 + 5) /* .root suffix */ +#else +#define NBUFSIZ (UT_NAMESIZE + 1) +#endif + +static void +getloginname(int prompt) +{ + int ch; + char *p; + static char nbuf[NBUFSIZ]; + + for (;;) { + if (prompt) + if (ttyprompt && *ttyprompt) + printf("%s", ttyprompt); + else + printf("login: "); + prompt = 1; + for (p = nbuf; (ch = getchar()) != '\n'; ) { + if (ch == EOF) { + badlogin(username); + exit(0); + } + if (p < nbuf + (NBUFSIZ - 1)) + *p++ = ch; + } + if (p > nbuf) + if (nbuf[0] == '-') + warnx("login names may not start with '-'."); + else { + *p = '\0'; + username = nbuf; + break; + } + } +} + +static int +rootterm(char *ttyn) +{ +#ifndef HAVE_TTYENT_H + return (default_console == 0 || strcmp(default_console, ttyname(0)) == 0); +#else + struct ttyent *t; + + return ((t = getttynam(ttyn)) && t->ty_status & TTY_SECURE); +#endif +} + +static RETSIGTYPE +timedout(int signo) +{ + fprintf(stderr, "Login timed out after %d seconds\n", + login_timeout); + exit(0); +} + +static void +checknologin(void) +{ + int fd, nchars; + char tbuf[8192]; + + if ((fd = open(_PATH_NOLOGIN, O_RDONLY, 0)) >= 0) { + while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0) + write(fileno(stdout), tbuf, nchars); + sleepexit(0); + } +} + +static void +dolastlog(int quiet) +{ +#if defined(HAVE_LASTLOG_H) || defined(HAVE_LOGIN_H) || defined(SYSV_SHADOW) + struct lastlog ll; + int fd; + + if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { + lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET); +#ifdef SYSV_SHADOW + if (read(fd, &ll, sizeof(ll)) == sizeof(ll) && + ll.ll_time != 0) { + if (pwd->pw_uid && spwd && spwd->sp_inact > 0 + && ll.ll_time / (24 * 60 * 60) + + spwd->sp_inact < time(0)) { + printf("Your account has been inactive too long.\n"); + sleepexit(1); + } + if (!quiet) { + printf("Last login: %.*s ", + 24-5, ctime(&ll.ll_time)); + if (*ll.ll_host != '\0') { + printf("from %.*s\n", + (int)sizeof(ll.ll_host), + ll.ll_host); + } else + printf("on %.*s\n", + (int)sizeof(ll.ll_line), + ll.ll_line); + } + } + lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET); +#else /* SYSV_SHADOW */ + if (!quiet) { + if (read(fd, &ll, sizeof(ll)) == sizeof(ll) && + ll.ll_time != 0) { + printf("Last login: %.*s ", + 24-5, ctime(&ll.ll_time)); + if (*ll.ll_host != '\0') + printf("from %.*s\n", + (int)sizeof(ll.ll_host), + ll.ll_host); + else + printf("on %.*s\n", + (int)sizeof(ll.ll_line), + ll.ll_line); + } + lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET); + } +#endif /* SYSV_SHADOW */ + memset(&ll, 0, sizeof(ll)); + time(&ll.ll_time); + strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); + if (hostname) + strncpy(ll.ll_host, hostname, sizeof(ll.ll_host)); + write(fd, &ll, sizeof(ll)); + close(fd); + } +#endif /* DOLASTLOG */ +} + +static void +badlogin(char *name) +{ + + if (failures == 0) + return; + if (hostname) { + syslog(LOG_NOTICE, "%d LOGIN FAILURE%s FROM %s", + failures, failures > 1 ? "S" : "", hostname); + syslog(LOG_AUTHPRIV|LOG_NOTICE, + "%d LOGIN FAILURE%s FROM %s, %s", + failures, failures > 1 ? "S" : "", hostname, name); + } else { + syslog(LOG_NOTICE, "%d LOGIN FAILURE%s ON %s", + failures, failures > 1 ? "S" : "", tty); + syslog(LOG_AUTHPRIV|LOG_NOTICE, + "%d LOGIN FAILURE%s ON %s, %s", + failures, failures > 1 ? "S" : "", tty, name); + } +} + +#undef UNKNOWN +#define UNKNOWN "su" + +static char * +stypeof(char *ttyid) +{ + /* TERM is probably a better guess than anything else. */ + char *term = getenv("TERM"); + + if (term != 0 && term[0] != 0) + return term; + + { +#ifndef HAVE_TTYENT_H + return UNKNOWN; +#else + struct ttyent *t; + return (ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN); +#endif + } +} + +static void +xgetstr(char *buf, int cnt, char *err) +{ + char ch; + + do { + if (read(0, &ch, sizeof(ch)) != sizeof(ch)) + exit(1); + if (--cnt < 0) { + fprintf(stderr, "%s too long\r\n", err); + sleepexit(1); + } + *buf++ = ch; + } while (ch); +} + +/* + * Some old rlogind's unknowingly pass remuser, locuser and + * terminal_type/speed so we need to take care of that part of the + * protocol here. Also, we can't make a getpeername(2) on the socket + * so we have to trust that rlogind resolved the name correctly. + */ + +static int +doremotelogin(char *host) +{ + int code; + char *cp; + + xgetstr(rusername, sizeof (rusername), "remuser"); + xgetstr(lusername, sizeof (lusername), "locuser"); + xgetstr(term, sizeof(term), "Terminal type"); + cp = strchr(term, '/'); + if (cp != 0) + *cp = 0; /* For now ignore speed/bg */ + pwd = k_getpwnam(lusername); + if (pwd == NULL) + return(-1); + code = ruserok(host, (pwd->pw_uid == 0), rusername, lusername); + if (code == 0) + syslog(LOG_NOTICE, + "Warning: An old rlogind accepted login probably from host %s", + host); + return(code); +} + +void +sleepexit(int eval) +{ + + sleep(5); + exit(eval); +} diff --git a/crypto/kerberosIV/appl/bsd/login_access.c b/crypto/kerberosIV/appl/bsd/login_access.c new file mode 100644 index 0000000..0e017b1 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/login_access.c @@ -0,0 +1,221 @@ + /* + * This module implements a simple but effective form of login access + * control based on login names and on host (or domain) names, internet + * addresses (or network numbers), or on terminal line names in case of + * non-networked logins. Diagnostics are reported through syslog(3). + * + * Author: Wietse Venema, Eindhoven University of Technology, The Netherlands. + */ + +#include "bsd_locl.h" + +RCSID("$Id: login_access.c,v 1.15 1997/06/01 03:12:28 assar Exp $"); + +#ifdef LOGIN_ACCESS + + /* Delimiters for fields and for lists of users, ttys or hosts. */ + +static char fs[] = ":"; /* field separator */ +static char sep[] = ", \t"; /* list-element separator */ + + /* Constants to be used in assignments only, not in comparisons... */ + +#define YES 1 +#define NO 0 + +static int list_match(char *list, char *item, int (*match_fn)(char *, char *)); +static int user_match(char *tok, char *string); +static int from_match(char *tok, char *string); +static int string_match(char *tok, char *string); + +/* login_access - match username/group and host/tty with access control file */ + +int login_access(char *user, char *from) +{ + FILE *fp; + char line[BUFSIZ]; + char *perm; /* becomes permission field */ + char *users; /* becomes list of login names */ + char *froms; /* becomes list of terminals or hosts */ + int match = NO; + int end; + int lineno = 0; /* for diagnostics */ + char *foo; + + /* + * Process the table one line at a time and stop at the first match. + * Blank lines and lines that begin with a '#' character are ignored. + * Non-comment lines are broken at the ':' character. All fields are + * mandatory. The first field should be a "+" or "-" character. A + * non-existing table means no access control. + */ + + if ((fp = fopen(_PATH_LOGACCESS, "r")) != 0) { + while (!match && fgets(line, sizeof(line), fp)) { + lineno++; + if (line[end = strlen(line) - 1] != '\n') { + syslog(LOG_ERR, "%s: line %d: missing newline or line too long", + _PATH_LOGACCESS, lineno); + continue; + } + if (line[0] == '#') + continue; /* comment line */ + while (end > 0 && isspace(line[end - 1])) + end--; + line[end] = 0; /* strip trailing whitespace */ + if (line[0] == 0) /* skip blank lines */ + continue; + foo = NULL; + if (!(perm = strtok_r(line, fs, &foo)) + || !(users = strtok_r(NULL, fs, &foo)) + || !(froms = strtok_r(NULL, fs, &foo)) + || strtok_r(NULL, fs, &foo)) { + syslog(LOG_ERR, "%s: line %d: bad field count", + _PATH_LOGACCESS, + lineno); + continue; + } + if (perm[0] != '+' && perm[0] != '-') { + syslog(LOG_ERR, "%s: line %d: bad first field", + _PATH_LOGACCESS, + lineno); + continue; + } + match = (list_match(froms, from, from_match) + && list_match(users, user, user_match)); + } + fclose(fp); + } else if (errno != ENOENT) { + syslog(LOG_ERR, "cannot open %s: %m", _PATH_LOGACCESS); + } + return (match == 0 || (line[0] == '+')); +} + +/* list_match - match an item against a list of tokens with exceptions */ + +static int +list_match(char *list, char *item, int (*match_fn)(char *, char *)) +{ + char *tok; + int match = NO; + char *foo = NULL; + + /* + * Process tokens one at a time. We have exhausted all possible matches + * when we reach an "EXCEPT" token or the end of the list. If we do find + * a match, look for an "EXCEPT" list and recurse to determine whether + * the match is affected by any exceptions. + */ + + for (tok = strtok_r(list, sep, &foo); + tok != NULL; + tok = strtok_r(NULL, sep, &foo)) { + if (strcasecmp(tok, "EXCEPT") == 0) /* EXCEPT: give up */ + break; + if ((match = (*match_fn) (tok, item)) != 0) /* YES */ + break; + } + /* Process exceptions to matches. */ + + if (match != NO) { + while ((tok = strtok_r(NULL, sep, &foo)) && strcasecmp(tok, "EXCEPT")) + /* VOID */ ; + if (tok == 0 || list_match(NULL, item, match_fn) == NO) + return (match); + } + return (NO); +} + +/* netgroup_match - match group against machine or user */ + +static int netgroup_match(char *group, char *machine, char *user) +{ +#ifdef HAVE_YP_GET_DEFAULT_DOMAIN + static char *mydomain = 0; + + if (mydomain == 0) + yp_get_default_domain(&mydomain); + return (innetgr(group, machine, user, mydomain)); +#else + syslog(LOG_ERR, "NIS netgroup support not configured"); + return 0; +#endif +} + +/* user_match - match a username against one token */ + +static int user_match(char *tok, char *string) +{ + struct group *group; + int i; + + /* + * If a token has the magic value "ALL" the match always succeeds. + * Otherwise, return YES if the token fully matches the username, or if + * the token is a group that contains the username. + */ + + if (tok[0] == '@') { /* netgroup */ + return (netgroup_match(tok + 1, (char *) 0, string)); + } else if (string_match(tok, string)) { /* ALL or exact match */ + return (YES); + } else if ((group = getgrnam(tok)) != 0) { /* try group membership */ + for (i = 0; group->gr_mem[i]; i++) + if (strcasecmp(string, group->gr_mem[i]) == 0) + return (YES); + } + return (NO); +} + +/* from_match - match a host or tty against a list of tokens */ + +static int from_match(char *tok, char *string) +{ + int tok_len; + int str_len; + + /* + * If a token has the magic value "ALL" the match always succeeds. Return + * YES if the token fully matches the string. If the token is a domain + * name, return YES if it matches the last fields of the string. If the + * token has the magic value "LOCAL", return YES if the string does not + * contain a "." character. If the token is a network number, return YES + * if it matches the head of the string. + */ + + if (tok[0] == '@') { /* netgroup */ + return (netgroup_match(tok + 1, string, (char *) 0)); + } else if (string_match(tok, string)) { /* ALL or exact match */ + return (YES); + } else if (tok[0] == '.') { /* domain: match last fields */ + if ((str_len = strlen(string)) > (tok_len = strlen(tok)) + && strcasecmp(tok, string + str_len - tok_len) == 0) + return (YES); + } else if (strcasecmp(tok, "LOCAL") == 0) { /* local: no dots */ + if (strchr(string, '.') == 0) + return (YES); + } else if (tok[(tok_len = strlen(tok)) - 1] == '.' /* network */ + && strncmp(tok, string, tok_len) == 0) { + return (YES); + } + return (NO); +} + +/* string_match - match a string against one token */ + +static int string_match(char *tok, char *string) +{ + + /* + * If the token has the magic value "ALL" the match always succeeds. + * Otherwise, return YES if the token fully matches the string. + */ + + if (strcasecmp(tok, "ALL") == 0) { /* all: always matches */ + return (YES); + } else if (strcasecmp(tok, string) == 0) { /* try exact match */ + return (YES); + } + return (NO); +} +#endif /* LOGIN_ACCES */ diff --git a/crypto/kerberosIV/appl/bsd/login_fbtab.c b/crypto/kerberosIV/appl/bsd/login_fbtab.c new file mode 100644 index 0000000..f7f53aa --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/login_fbtab.c @@ -0,0 +1,144 @@ +/************************************************************************ +* Copyright 1995 by Wietse Venema. All rights reserved. +* +* This material was originally written and compiled by Wietse Venema at +* Eindhoven University of Technology, The Netherlands, in 1990, 1991, +* 1992, 1993, 1994 and 1995. +* +* Redistribution and use in source and binary forms are permitted +* provided that this entire copyright notice is duplicated in all such +* copies. +* +* This software is provided "as is" and without any expressed or implied +* warranties, including, without limitation, the implied warranties of +* merchantibility and fitness for any particular purpose. +************************************************************************/ +/* + SYNOPSIS + void login_fbtab(tty, uid, gid) + char *tty; + uid_t uid; + gid_t gid; + + DESCRIPTION + This module implements device security as described in the + SunOS 4.1.x fbtab(5) and SunOS 5.x logindevperm(4) manual + pages. The program first looks for /etc/fbtab. If that file + cannot be opened it attempts to process /etc/logindevperm. + We expect entries with the folowing format: + + Comments start with a # and extend to the end of the line. + + Blank lines or lines with only a comment are ignored. + + All other lines consist of three fields delimited by + whitespace: a login device (/dev/console), an octal + permission number (0600), and a ":"-delimited list of + devices (/dev/kbd:/dev/mouse). All device names are + absolute paths. A path that ends in "/*" refers to all + directory entries except "." and "..". + + If the tty argument (relative path) matches a login device + name (absolute path), the permissions of the devices in the + ":"-delimited list are set as specified in the second + field, and their ownership is changed to that of the uid + and gid arguments. + + DIAGNOSTICS + Problems are reported via the syslog daemon with severity + LOG_ERR. + + BUGS + + AUTHOR + Wietse Venema (wietse@wzv.win.tue.nl) + Eindhoven University of Technology + The Netherlands + */ + +#include "bsd_locl.h" + +RCSID("$Id: login_fbtab.c,v 1.10 1997/06/01 03:12:54 assar Exp $"); + +void login_protect (char *, char *, int, uid_t, gid_t); +void login_fbtab (char *tty, uid_t uid, gid_t gid); + +#define WSPACE " \t\n" + +/* login_fbtab - apply protections specified in /etc/fbtab or logindevperm */ + +void +login_fbtab(char *tty, uid_t uid, gid_t gid) +{ + FILE *fp; + char buf[BUFSIZ]; + char *devname; + char *cp; + int prot; + char *table; + char *foo; + + if ((fp = fopen(table = _PATH_FBTAB, "r")) == 0 + && (fp = fopen(table = _PATH_LOGINDEVPERM, "r")) == 0) + return; + + while (fgets(buf, sizeof(buf), fp)) { + if ((cp = strchr(buf, '#')) != 0) + *cp = 0; /* strip comment */ + foo = NULL; + if ((cp = devname = strtok_r(buf, WSPACE, &foo)) == 0) + continue; /* empty or comment */ + if (strncmp(devname, "/dev/", 5) != 0 + || (cp = strtok_r(NULL, WSPACE, &foo)) == 0 + || *cp != '0' + || sscanf(cp, "%o", &prot) == 0 + || prot == 0 + || (prot & 0777) != prot + || (cp = strtok_r(NULL, WSPACE, &foo)) == 0) { + syslog(LOG_ERR, "%s: bad entry: %s", table, cp ? cp : "(null)"); + continue; + } + if (strcmp(devname + 5, tty) == 0) { + foo = NULL; + for (cp = strtok_r(cp, ":", &foo); + cp; + cp = strtok_r(NULL, ":", &foo)) { + login_protect(table, cp, prot, uid, gid); + } + } + } + fclose(fp); +} + +/* login_protect - protect one device entry */ + +void +login_protect(char *table, char *path, int mask, uid_t uid, gid_t gid) +{ + char buf[BUFSIZ]; + int pathlen = strlen(path); + struct dirent *ent; + DIR *dir; + + if (strcmp("/*", path + pathlen - 2) != 0) { + if (chmod(path, mask) && errno != ENOENT) + syslog(LOG_ERR, "%s: chmod(%s): %m", table, path); + if (chown(path, uid, gid) && errno != ENOENT) + syslog(LOG_ERR, "%s: chown(%s): %m", table, path); + } else { + strcpy(buf, path); + buf[pathlen - 1] = 0; + if ((dir = opendir(buf)) == 0) { + syslog(LOG_ERR, "%s: opendir(%s): %m", table, path); + } else { + while ((ent = readdir(dir)) != 0) { + if (strcmp(ent->d_name, ".") != 0 + && strcmp(ent->d_name, "..") != 0) { + strcpy(buf + pathlen - 1, ent->d_name); + login_protect(table, buf, mask, uid, gid); + } + } + closedir(dir); + } + } +} diff --git a/crypto/kerberosIV/appl/bsd/pathnames.h b/crypto/kerberosIV/appl/bsd/pathnames.h new file mode 100644 index 0000000..3c10bff --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/pathnames.h @@ -0,0 +1,191 @@ +/* + * Copyright (c) 1989 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * from: @(#)pathnames.h 5.2 (Berkeley) 4/9/90 + * $Id: pathnames.h,v 1.23 1996/11/17 06:36:42 joda Exp $ + */ + +/******* First fix default path, we stick to _PATH_DEFPATH everywhere */ + +#if !defined(_PATH_DEFPATH) && defined(_PATH_USERPATH) +#define _PATH_DEFPATH _PATH_USERPATH +#endif + +#if defined(_PATH_DEFPATH) && !defined(_DEF_PATH) +#define _DEF_PATH _PATH_DEFPATH +#endif + +#if !defined(_PATH_DEFPATH) && defined(_DEF_PATH) +#define _PATH_DEFPATH _DEF_PATH +#endif + +#ifndef _PATH_DEFPATH +#define _PATH_DEFPATH "/usr/ucb:/usr/bin:/bin" +#define _DEF_PATH _PATH_DEFPATH +#endif /* !_PATH_DEFPATH */ + +#ifndef _PATH_DEFSUPATH +#define _PATH_DEFSUPATH "/usr/sbin:" _DEF_PATH +#endif /* _PATH_DEFSUPATH */ + +/******* Default PATH fixed! */ + +#undef _PATH_RLOGIN /* Redifine rlogin */ +#define _PATH_RLOGIN BINDIR "/rlogin" + +#undef _PATH_RSH /* Redifine rsh */ +#define _PATH_RSH BINDIR "/rsh" + +#undef _PATH_LOGIN +#define _PATH_LOGIN BINDIR "/login" + +/******* The rest is fallback defaults */ + +#ifndef _PATH_DEV +#define _PATH_DEV "/dev/" +#endif + +#ifndef _PATH_CP +#define _PATH_CP "/bin/cp" +#endif /* _PATH_CP */ + +#ifndef _PATH_SHELLS +#define _PATH_SHELLS "/etc/shells" +#endif /* _PATH_SHELLS */ + +#ifndef _PATH_BSHELL +#define _PATH_BSHELL "/bin/sh" +#endif /* _PATH_BSHELL */ + +#ifndef _PATH_CSHELL +#define _PATH_CSHELL "/bin/csh" +#endif /* _PATH_CSHELL */ + +#ifndef _PATH_NOLOGIN +#define _PATH_NOLOGIN "/etc/nologin" +#endif /* _PATH_NOLOGIN */ + +#ifndef _PATH_TTY +#define _PATH_TTY "/dev/tty" +#endif /* _PATH_TTY */ + +#ifndef _PATH_HUSHLOGIN +#define _PATH_HUSHLOGIN ".hushlogin" +#endif /* _PATH_HUSHLOGIN */ + +#ifndef _PATH_NOMAILCHECK +#define _PATH_NOMAILCHECK ".nomailcheck" +#endif /* _PATH_NOMAILCHECK */ + +#ifndef _PATH_MOTDFILE +#define _PATH_MOTDFILE "/etc/motd" +#endif /* _PATH_MOTDFILE */ + +#ifndef _PATH_LOGACCESS +#define _PATH_LOGACCESS "/etc/login.access" +#endif /* _PATH_LOGACCESS */ + +#ifndef _PATH_HEQUIV +#define _PATH_HEQUIV "/etc/hosts.equiv" +#endif + +#ifndef _PATH_FBTAB +#define _PATH_FBTAB "/etc/fbtab" +#endif /* _PATH_FBTAB */ + +#ifndef _PATH_LOGINDEVPERM +#define _PATH_LOGINDEVPERM "/etc/logindevperm" +#endif /* _PATH_LOGINDEVPERM */ + +#ifndef _PATH_CHPASS +#define _PATH_CHPASS "/usr/bin/passwd" +#endif /* _PATH_CHPASS */ + +#if defined(__hpux) +#define __FALLBACK_MAILDIR__ "/usr/mail" +#else +#define __FALLBACK_MAILDIR__ "/usr/spool/mail" +#endif + +#ifndef KRB4_MAILDIR +#ifndef _PATH_MAILDIR +#ifdef MAILDIR +#define _PATH_MAILDIR MAILDIR +#else +#define _PATH_MAILDIR __FALLBACK_MAILDIR__ +#endif +#endif /* _PATH_MAILDIR */ +#define KRB4_MAILDIR _PATH_MAILDIR +#endif + +#ifndef _PATH_LASTLOG +#define _PATH_LASTLOG "/var/adm/lastlog" +#endif + +#if defined(UTMP_FILE) && !defined(_PATH_UTMP) +#define _PATH_UTMP UTMP_FILE +#endif + +#ifndef _PATH_UTMP +#define _PATH_UTMP "/etc/utmp" +#endif + +#if defined(WTMP_FILE) && !defined(_PATH_WTMP) +#define _PATH_WTMP WTMP_FILE +#endif + +#ifndef _PATH_WTMP +#define _PATH_WTMP "/usr/adm/wtmp" +#endif + +#ifndef _PATH_ETC_DEFAULT_LOGIN +#define _PATH_ETC_DEFAULT_LOGIN "/etc/default/login" +#endif + +#ifndef _PATH_ETC_ENVIRONMENT +#define _PATH_ETC_ENVIRONMENT "/etc/environment" +#endif + +/* + * NeXT KLUDGE ALERT!!!!!!!!!!!!!!!!!! + * Some sort of bug in the NEXTSTEP cpp. + */ +#ifdef NeXT +#undef _PATH_DEFSUPATH +#define _PATH_DEFSUPATH "/usr/sbin:/usr/ucb:/usr/bin:/bin" +#undef _PATH_RLOGIN +#define _PATH_RLOGIN "/usr/athena/bin/rlogin" +#undef _PATH_RSH +#define _PATH_RSH "/usr/athena/bin/rsh" +#undef _PATH_LOGIN +#define _PATH_LOGIN "/usr/athena/bin/login" +#endif diff --git a/crypto/kerberosIV/appl/bsd/rcmd_util.c b/crypto/kerberosIV/appl/bsd/rcmd_util.c new file mode 100644 index 0000000..4669009 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/rcmd_util.c @@ -0,0 +1,246 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: rcmd_util.c,v 1.15 1997/05/02 14:27:44 assar Exp $"); + +int +get_login_port(int kerberos, int encryption) +{ + char *service="login"; + int port=htons(513); + + if(kerberos && encryption){ + service="eklogin"; + port=htons(2105); + } + + if(kerberos && !encryption){ + service="klogin"; + port=htons(543); + } + return k_getportbyname (service, "tcp", port); +} + +int +get_shell_port(int kerberos, int encryption) +{ + char *service="shell"; + int port=htons(514); + + if(kerberos && encryption){ + service="ekshell"; + port=htons(545); + } + + if(kerberos && !encryption){ + service="kshell"; + port=htons(544); + } + + return k_getportbyname (service, "tcp", port); +} + +/* + * On reasonable systems, `cf[gs]et[io]speed' use values of bit/s + * directly, and the following functions are just identity functions. + * This is however a slower way of doing those + * should-be-but-are-not-always idenity functions. + */ + +static struct { int speed; int bps; } conv[] = { +#ifdef B0 + {B0, 0}, +#endif +#ifdef B50 + {B50, 50}, +#endif +#ifdef B75 + {B75, 75}, +#endif +#ifdef B110 + {B110, 110}, +#endif +#ifdef B134 + {B134, 134}, +#endif +#ifdef B150 + {B150, 150}, +#endif +#ifdef B200 + {B200, 200}, +#endif +#ifdef B300 + {B300, 300}, +#endif +#ifdef B600 + {B600, 600}, +#endif +#ifdef B1200 + {B1200, 1200}, +#endif +#ifdef B1800 + {B1800, 1800}, +#endif +#ifdef B2400 + {B2400, 2400}, +#endif +#ifdef B4800 + {B4800, 4800}, +#endif +#ifdef B9600 + {B9600, 9600}, +#endif +#ifdef B19200 + {B19200, 19200}, +#endif +#ifdef B38400 + {B38400, 38400}, +#endif +#ifdef B57600 + {B57600, 57600}, +#endif +#ifdef B115200 + {B115200, 115200}, +#endif +#ifdef B153600 + {B153600, 153600}, +#endif +#ifdef B230400 + {B230400, 230400}, +#endif +#ifdef B307200 + {B307200, 307200}, +#endif +#ifdef B460800 + {B460800, 460800}, +#endif +}; + +#define N (sizeof(conv)/sizeof(*conv)) + +int +speed_t2int (speed_t s) +{ + int l, r, m; + + l = 0; + r = N - 1; + while(l <= r) { + m = (l + r) / 2; + if (conv[m].speed == s) + return conv[m].bps; + else if(conv[m].speed < s) + l = m + 1; + else + r = m - 1; + } + return -1; +} + +/* + * + */ + +speed_t +int2speed_t (int i) +{ + int l, r, m; + + l = 0; + r = N - 1; + while(l <= r) { + m = (l + r) / 2; + if (conv[m].bps == i) + return conv[m].speed; + else if(conv[m].bps < i) + l = m + 1; + else + r = m - 1; + } + return -1; +} + +/* + * If there are any IP options on `sock', die. + */ + +void +ip_options_and_die (int sock, struct sockaddr_in *fromp) +{ +#if defined(IP_OPTIONS) && defined(HAVE_GETSOCKOPT) + u_char optbuf[BUFSIZ/3], *cp; + char lbuf[BUFSIZ], *lp; + int optsize = sizeof(optbuf), ipproto; + struct protoent *ip; + + if ((ip = getprotobyname("ip")) != NULL) + ipproto = ip->p_proto; + else + ipproto = IPPROTO_IP; + if (getsockopt(sock, ipproto, IP_OPTIONS, + (void *)optbuf, &optsize) == 0 && + optsize != 0) { + lp = lbuf; + for (cp = optbuf; optsize > 0; cp++, optsize--, lp += 3) + snprintf(lp, sizeof(lbuf) - (lp - lbuf), " %2.2x", *cp); + syslog(LOG_NOTICE, + "Connection received from %s using IP options (dead):%s", + inet_ntoa(fromp->sin_addr), lbuf); + exit(1); + } +#endif +} + +void +warning(const char *fmt, ...) +{ + char *rstar_no_warn = getenv("RSTAR_NO_WARN"); + va_list args; + + va_start(args, fmt); + if (rstar_no_warn == NULL) + rstar_no_warn = ""; + if (strncmp(rstar_no_warn, "yes", 3) != 0) { + /* XXX */ + fprintf(stderr, "%s: warning, using standard ", __progname); + warnx(fmt, args); + } + va_end(args); +} diff --git a/crypto/kerberosIV/appl/bsd/rcp.c b/crypto/kerberosIV/appl/bsd/rcp.c new file mode 100644 index 0000000..6dfb472 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/rcp.c @@ -0,0 +1,1019 @@ +/* + * Copyright (c) 1983, 1990, 1992, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: rcp.c,v 1.43 1997/05/13 09:41:26 bg Exp $"); + +/* Globals */ +static char dst_realm_buf[REALM_SZ]; +static char *dest_realm = NULL; +static int use_kerberos = 1; + +static int doencrypt = 0; +#define OPTIONS "dfKk:prtx" + +static int errs, rem; +static struct passwd *pwd; +static u_short port; +static uid_t userid; +static int pflag, iamremote, iamrecursive, targetshouldbedirectory; + +#define CMDNEEDS 64 +static char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ + +void rsource(char *name, struct stat *statp); + +#define SERVICE_NAME "rcmd" + +CREDENTIALS cred; +MSG_DAT msg_data; +struct sockaddr_in foreign, local; +Key_schedule schedule; + +KTEXT_ST ticket; +AUTH_DAT kdata; + +static void +send_auth(char *h, char *r) +{ + int lslen, fslen, status; + long opts; + + lslen = sizeof(struct sockaddr_in); + if (getsockname(rem, (struct sockaddr *)&local, &lslen) < 0) + err(1, "getsockname"); + fslen = sizeof(struct sockaddr_in); + if (getpeername(rem, (struct sockaddr *)&foreign, &fslen) < 0) + err(1, "getpeername"); + if ((r == NULL) || (*r == '\0')) + r = krb_realmofhost(h); + opts = KOPT_DO_MUTUAL; + if ((status = krb_sendauth(opts, rem, &ticket, SERVICE_NAME, h, r, + (unsigned long)getpid(), &msg_data, &cred, + schedule, &local, + &foreign, "KCMDV0.1")) != KSUCCESS) + errx(1, "krb_sendauth failure: %s", krb_get_err_text(status)); +} + +static void +answer_auth(void) +{ + int lslen, fslen, status; + long opts; + char inst[INST_SZ], v[9]; + + lslen = sizeof(struct sockaddr_in); + if (getsockname(rem, (struct sockaddr *)&local, &lslen) < 0) + err(1, "getsockname"); + fslen = sizeof(struct sockaddr_in); + if(getpeername(rem, (struct sockaddr *)&foreign, &fslen) < 0) + err(1, "getperrname"); + k_getsockinst(rem, inst, sizeof(inst)); + opts = KOPT_DO_MUTUAL; + if ((status = krb_recvauth(opts, rem, &ticket, SERVICE_NAME, inst, + &foreign, &local, + &kdata, "", schedule, v)) != KSUCCESS) + errx(1, "krb_recvauth failure: %s", krb_get_err_text(status)); +} + +static int +des_read(int fd, char *buf, int len) +{ + if (doencrypt) + return(des_enc_read(fd, buf, len, schedule, + (iamremote? &kdata.session : &cred.session))); + else + return(read(fd, buf, len)); +} + +static int +des_write(int fd, char *buf, int len) +{ + if (doencrypt) + return(des_enc_write(fd, buf, len, schedule, + (iamremote? &kdata.session : &cred.session))); + else + return(write(fd, buf, len)); +} + +static void run_err(const char *fmt, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; + + +static void +run_err(const char *fmt, ...) +{ + char errbuf[1024]; + + va_list args; + va_start(args, fmt); + ++errs; +#define RCPERR "\001rcp: " + strcpy (errbuf, RCPERR); + vsnprintf (errbuf + strlen(RCPERR), sizeof(errbuf) - strlen(RCPERR), + fmt, args); + strcat (errbuf, "\n"); + des_write (rem, errbuf, strlen(errbuf)); + if (!iamremote) + vwarnx(fmt, args); + va_end(args); +} + +static void +verifydir(char *cp) +{ + struct stat stb; + + if (!stat(cp, &stb)) { + if (S_ISDIR(stb.st_mode)) + return; + errno = ENOTDIR; + } + run_err("%s: %s", cp, strerror(errno)); + exit(1); +} + +#define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) + +static BUF * +allocbuf(BUF *bp, int fd, int blksize) +{ + struct stat stb; + size_t size; + + if (fstat(fd, &stb) < 0) { + run_err("fstat: %s", strerror(errno)); + return (0); + } +#ifdef HAVE_ST_BLKSIZE + size = ROUNDUP(stb.st_blksize, blksize); +#else + size = blksize; +#endif + if (size == 0) + size = blksize; + if (bp->cnt >= size) + return (bp); + if (bp->buf == NULL) + bp->buf = malloc(size); + else + bp->buf = realloc(bp->buf, size); + if (bp->buf == NULL) { + bp->cnt = 0; + run_err("%s", strerror(errno)); + return (0); + } + bp->cnt = size; + return (bp); +} + +static void +usage(void) +{ + fprintf(stderr, "%s\n\t%s\n", + "usage: rcp [-Kpx] [-k realm] f1 f2", + "or: rcp [-Kprx] [-k realm] f1 ... fn directory"); + exit(1); +} + +static void +oldw(const char *s) +{ + char *rstar_no_warn = getenv("RSTAR_NO_WARN"); + if (rstar_no_warn == 0) + rstar_no_warn = ""; + if (strncmp(rstar_no_warn, "yes", 3) != 0) + warnx("%s, using standard rcp", s); +} + +static RETSIGTYPE +lostconn(int signo) +{ + if (!iamremote) + warnx("lost connection"); + exit(1); +} + +static int +response(void) +{ + char ch, *cp, resp, rbuf[BUFSIZ]; + + if (des_read(rem, &resp, sizeof(resp)) != sizeof(resp)) + lostconn(0); + + cp = rbuf; + switch(resp) { + case 0: /* ok */ + return (0); + default: + *cp++ = resp; + /* FALLTHROUGH */ + case 1: /* error, followed by error msg */ + case 2: /* fatal error, "" */ + do { + if (des_read(rem, &ch, sizeof(ch)) != sizeof(ch)) + lostconn(0); + *cp++ = ch; + } while (cp < &rbuf[BUFSIZ] && ch != '\n'); + + if (!iamremote) + write(STDERR_FILENO, rbuf, cp - rbuf); + ++errs; + if (resp == 1) + return (-1); + exit(1); + } + /* NOTREACHED */ +} + +static void +source(int argc, char **argv) +{ + struct stat stb; + static BUF buffer; + BUF *bp; + off_t i; + int amt, fd, haderr, indx, result; + char *last, *name, buf[BUFSIZ]; + + for (indx = 0; indx < argc; ++indx) { + name = argv[indx]; + if ((fd = open(name, O_RDONLY, 0)) < 0) + goto syserr; + if (fstat(fd, &stb)) { +syserr: run_err("%s: %s", name, strerror(errno)); + goto next; + } + switch (stb.st_mode & S_IFMT) { + case S_IFREG: + break; + case S_IFDIR: + if (iamrecursive) { + rsource(name, &stb); + goto next; + } + /* FALLTHROUGH */ + default: + run_err("%s: not a regular file", name); + goto next; + } + if ((last = strrchr(name, '/')) == NULL) + last = name; + else + ++last; + if (pflag) { + /* + * Make it compatible with possible future + * versions expecting microseconds. + */ + snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n", + (long)stb.st_mtime, (long)stb.st_atime); + des_write(rem, buf, strlen(buf)); + if (response() < 0) + goto next; + } + snprintf(buf, sizeof(buf), "C%04o %ld %s\n", + (int)stb.st_mode & MODEMASK, (long) stb.st_size, last); + des_write(rem, buf, strlen(buf)); + if (response() < 0) + goto next; + if ((bp = allocbuf(&buffer, fd, BUFSIZ)) == NULL) { +next: close(fd); + continue; + } + + /* Keep writing after an error so that we stay sync'd up. */ + for (haderr = i = 0; i < stb.st_size; i += bp->cnt) { + amt = bp->cnt; + if (i + amt > stb.st_size) + amt = stb.st_size - i; + if (!haderr) { + result = read(fd, bp->buf, amt); + if (result != amt) + haderr = result >= 0 ? EIO : errno; + } + if (haderr) + des_write(rem, bp->buf, amt); + else { + result = des_write(rem, bp->buf, amt); + if (result != amt) + haderr = result >= 0 ? EIO : errno; + } + } + if (close(fd) && !haderr) + haderr = errno; + if (!haderr) + des_write(rem, "", 1); + else + run_err("%s: %s", name, strerror(haderr)); + response(); + } +} + +void +rsource(char *name, struct stat *statp) +{ + DIR *dirp; + struct dirent *dp; + char *last, *vect[1], path[MaxPathLen]; + + if (!(dirp = opendir(name))) { + run_err("%s: %s", name, strerror(errno)); + return; + } + last = strrchr(name, '/'); + if (last == 0) + last = name; + else + last++; + if (pflag) { + snprintf(path, sizeof(path), "T%ld 0 %ld 0\n", + (long)statp->st_mtime, (long)statp->st_atime); + des_write(rem, path, strlen(path)); + if (response() < 0) { + closedir(dirp); + return; + } + } + snprintf(path, sizeof(path), + "D%04o %d %s\n", (int)statp->st_mode & MODEMASK, 0, last); + des_write(rem, path, strlen(path)); + if (response() < 0) { + closedir(dirp); + return; + } + while ((dp = readdir(dirp))) { + if (dp->d_ino == 0) + continue; + if (!strcmp(dp->d_name, ".") || !strcmp(dp->d_name, "..")) + continue; + if (strlen(name) + 1 + strlen(dp->d_name) >= MaxPathLen - 1) { + run_err("%s/%s: name too long", name, dp->d_name); + continue; + } + if (snprintf(path, sizeof(path), + "%s/%s", name, dp->d_name) >= sizeof(path)) { + run_err("%s/%s: name too long", name, dp->d_name); + continue; + } + vect[0] = path; + source(1, vect); + } + closedir(dirp); + des_write(rem, "E\n", 2); + response(); +} + +static int +kerberos(char **host, char *bp, char *locuser, char *user) +{ + int sock = -1, err; +again: + if (use_kerberos) { + rem = KSUCCESS; + errno = 0; + if (dest_realm == NULL) + dest_realm = krb_realmofhost(*host); + +#if 0 + rem = krcmd(host, port, user, bp, 0, dest_realm); +#else + err = kcmd( + &sock, + host, + port, + NULL, /* locuser not used */ + user, + bp, + 0, + &ticket, + SERVICE_NAME, + dest_realm, + (CREDENTIALS *) NULL, /* credentials not used */ + 0, /* key schedule not used */ + (MSG_DAT *) NULL, /* MSG_DAT not used */ + (struct sockaddr_in *) NULL, /* local addr not used */ + (struct sockaddr_in *) NULL, /* foreign addr not used */ + 0L); /* authopts */ + if (err > KSUCCESS && err < MAX_KRB_ERRORS) { + warnx("kcmd: %s", krb_get_err_text(err)); + rem = -1; + } else if (err < 0) + rem = -1; + else + rem = sock; +#endif + if (rem < 0) { + use_kerberos = 0; + port = get_shell_port(use_kerberos, 0); + if (errno == ECONNREFUSED) + oldw("remote host doesn't support Kerberos"); + else if (errno == ENOENT) + oldw("can't provide Kerberos authentication data"); + goto again; + } + } else { + if (doencrypt) + errx(1, + "the -x option requires Kerberos authentication"); + if (geteuid() != 0) { + errx(1, "not installed setuid root, " + "only root may use non kerberized rcp"); + } + rem = rcmd(host, port, locuser, user, bp, 0); + } + return (rem); +} + +static void +toremote(char *targ, int argc, char **argv) +{ + int i, len; +#ifdef IP_TOS + int tos; +#endif + char *bp, *host, *src, *suser, *thost, *tuser; + + *targ++ = 0; + if (*targ == 0) + targ = "."; + + if ((thost = strchr(argv[argc - 1], '@'))) { + /* user@host */ + *thost++ = 0; + tuser = argv[argc - 1]; + if (*tuser == '\0') + tuser = NULL; + else if (!okname(tuser)) + exit(1); + } else { + thost = argv[argc - 1]; + tuser = NULL; + } + + for (i = 0; i < argc - 1; i++) { + src = colon(argv[i]); + if (src) { /* remote to remote */ + *src++ = 0; + if (*src == 0) + src = "."; + host = strchr(argv[i], '@'); + len = strlen(_PATH_RSH) + strlen(argv[i]) + + strlen(src) + (tuser ? strlen(tuser) : 0) + + strlen(thost) + strlen(targ) + CMDNEEDS + 20; + if (!(bp = malloc(len))) + err(1, " "); + if (host) { + *host++ = 0; + suser = argv[i]; + if (*suser == '\0') + suser = pwd->pw_name; + else if (!okname(suser)) + continue; + snprintf(bp, len, + "%s %s -l %s -n %s %s '%s%s%s:%s'", + _PATH_RSH, host, suser, cmd, src, + tuser ? tuser : "", tuser ? "@" : "", + thost, targ); + } else + snprintf(bp, len, + "exec %s %s -n %s %s '%s%s%s:%s'", + _PATH_RSH, argv[i], cmd, src, + tuser ? tuser : "", tuser ? "@" : "", + thost, targ); + susystem(bp, userid); + free(bp); + } else { /* local to remote */ + if (rem == -1) { + len = strlen(targ) + CMDNEEDS + 20; + if (!(bp = malloc(len))) + err(1, " "); + snprintf(bp, len, "%s -t %s", cmd, targ); + host = thost; + if (use_kerberos) + rem = kerberos(&host, bp, +#ifdef __CYGWIN32__ + tuser, +#else + pwd->pw_name, +#endif + tuser ? tuser : pwd->pw_name); + else + rem = rcmd(&host, port, +#ifdef __CYGWIN32__ + tuser, +#else + pwd->pw_name, +#endif + tuser ? tuser : pwd->pw_name, + bp, 0); + if (rem < 0) + exit(1); +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + tos = IPTOS_THROUGHPUT; + if (setsockopt(rem, IPPROTO_IP, IP_TOS, + (void *)&tos, sizeof(int)) < 0) + warn("TOS (ignored)"); +#endif /* IP_TOS */ + if (doencrypt) + send_auth(host, dest_realm); + if (response() < 0) + exit(1); + free(bp); + setuid(userid); + } + source(1, argv+i); + } + } +} + +static void +sink(int argc, char **argv) +{ + static BUF buffer; + struct stat stb; + struct timeval tv[2]; + enum { YES, NO, DISPLAYED } wrerr; + BUF *bp; + off_t i, j; + int amt, count, exists, first, mask, mode, ofd, omode; + int setimes, size, targisdir, wrerrno=0; + char ch, *cp, *np, *targ, *why, *vect[1], buf[BUFSIZ]; + +#define atime tv[0] +#define mtime tv[1] +#define SCREWUP(str) { why = str; goto screwup; } + + setimes = targisdir = 0; + mask = umask(0); + if (!pflag) + umask(mask); + if (argc != 1) { + run_err("ambiguous target"); + exit(1); + } + targ = *argv; + if (targetshouldbedirectory) + verifydir(targ); + des_write(rem, "", 1); + if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) + targisdir = 1; + for (first = 1;; first = 0) { + cp = buf; + if (des_read(rem, cp, 1) <= 0) + return; + if (*cp++ == '\n') + SCREWUP("unexpected <newline>"); + do { + if (des_read(rem, &ch, sizeof(ch)) != sizeof(ch)) + SCREWUP("lost connection"); + *cp++ = ch; + } while (cp < &buf[BUFSIZ - 1] && ch != '\n'); + *cp = 0; + + if (buf[0] == '\01' || buf[0] == '\02') { + if (iamremote == 0) + write(STDERR_FILENO, + buf + 1, strlen(buf + 1)); + if (buf[0] == '\02') + exit(1); + ++errs; + continue; + } + if (buf[0] == 'E') { + des_write(rem, "", 1); + return; + } + + if (ch == '\n') + *--cp = 0; + +#define getnum(t) (t) = 0; while (isdigit(*cp)) (t) = (t) * 10 + (*cp++ - '0'); + cp = buf; + if (*cp == 'T') { + setimes++; + cp++; + getnum(mtime.tv_sec); + if (*cp++ != ' ') + SCREWUP("mtime.sec not delimited"); + getnum(mtime.tv_usec); + if (*cp++ != ' ') + SCREWUP("mtime.usec not delimited"); + getnum(atime.tv_sec); + if (*cp++ != ' ') + SCREWUP("atime.sec not delimited"); + getnum(atime.tv_usec); + if (*cp++ != '\0') + SCREWUP("atime.usec not delimited"); + des_write(rem, "", 1); + continue; + } + if (*cp != 'C' && *cp != 'D') { + /* + * Check for the case "rcp remote:foo\* local:bar". + * In this case, the line "No match." can be returned + * by the shell before the rcp command on the remote is + * executed so the ^Aerror_message convention isn't + * followed. + */ + if (first) { + run_err("%s", cp); + exit(1); + } + SCREWUP("expected control record"); + } + mode = 0; + for (++cp; cp < buf + 5; cp++) { + if (*cp < '0' || *cp > '7') + SCREWUP("bad mode"); + mode = (mode << 3) | (*cp - '0'); + } + if (*cp++ != ' ') + SCREWUP("mode not delimited"); + + for (size = 0; isdigit(*cp);) + size = size * 10 + (*cp++ - '0'); + if (*cp++ != ' ') + SCREWUP("size not delimited"); + if (targisdir) { + static char *namebuf; + static int cursize; + size_t need; + + need = strlen(targ) + strlen(cp) + 250; + if (need > cursize) { + if (!(namebuf = malloc(need))) + run_err("%s", strerror(errno)); + } + snprintf(namebuf, need, "%s%s%s", targ, + *targ ? "/" : "", cp); + np = namebuf; + } else + np = targ; + exists = stat(np, &stb) == 0; + if (buf[0] == 'D') { + int mod_flag = pflag; + if (exists) { + if (!S_ISDIR(stb.st_mode)) { + errno = ENOTDIR; + goto bad; + } + if (pflag) + chmod(np, mode); + } else { + /* Handle copying from a read-only directory */ + mod_flag = 1; + if (mkdir(np, mode | S_IRWXU) < 0) + goto bad; + } + vect[0] = np; + sink(1, vect); + if (setimes) { + struct utimbuf times; + times.actime = atime.tv_sec; + times.modtime = mtime.tv_sec; + setimes = 0; + if (utime(np, ×) < 0) + run_err("%s: set times: %s", + np, strerror(errno)); + } + if (mod_flag) + chmod(np, mode); + continue; + } + omode = mode; + mode |= S_IWRITE; + if ((ofd = open(np, O_WRONLY|O_CREAT, mode)) < 0) { +bad: run_err("%s: %s", np, strerror(errno)); + continue; + } + des_write(rem, "", 1); + if ((bp = allocbuf(&buffer, ofd, BUFSIZ)) == NULL) { + close(ofd); + continue; + } + cp = bp->buf; + wrerr = NO; + for (count = i = 0; i < size; i += BUFSIZ) { + amt = BUFSIZ; + if (i + amt > size) + amt = size - i; + count += amt; + do { + j = des_read(rem, cp, amt); + if (j <= 0) { + run_err("%s", j ? strerror(errno) : + "dropped connection"); + exit(1); + } + amt -= j; + cp += j; + } while (amt > 0); + if (count == bp->cnt) { + /* Keep reading so we stay sync'd up. */ + if (wrerr == NO) { + j = write(ofd, bp->buf, count); + if (j != count) { + wrerr = YES; + wrerrno = j >= 0 ? EIO : errno; + } + } + count = 0; + cp = bp->buf; + } + } + if (count != 0 && wrerr == NO && + (j = write(ofd, bp->buf, count)) != count) { + wrerr = YES; + wrerrno = j >= 0 ? EIO : errno; + } + if (ftruncate(ofd, size)) { + run_err("%s: truncate: %s", np, strerror(errno)); + wrerr = DISPLAYED; + } + if (pflag) { + if (exists || omode != mode) +#ifdef HAVE_FCHMOD + if (fchmod(ofd, omode)) +#else + if (chmod(np, omode)) +#endif + run_err("%s: set mode: %s", + np, strerror(errno)); + } else { + if (!exists && omode != mode) +#ifdef HAVE_FCHMOD + if (fchmod(ofd, omode & ~mask)) +#else + if (chmod(np, omode & ~mask)) +#endif + run_err("%s: set mode: %s", + np, strerror(errno)); + } + close(ofd); + response(); + if (setimes && wrerr == NO) { + struct utimbuf times; + times.actime = atime.tv_sec; + times.modtime = mtime.tv_sec; + setimes = 0; + if (utime(np, ×) < 0) { + run_err("%s: set times: %s", + np, strerror(errno)); + wrerr = DISPLAYED; + } + } + switch(wrerr) { + case YES: + run_err("%s: %s", np, strerror(wrerrno)); + break; + case NO: + des_write(rem, "", 1); + break; + case DISPLAYED: + break; + } + } +screwup: + run_err("protocol error: %s", why); + exit(1); +} + +static void +tolocal(int argc, char **argv) +{ + int i, len; +#ifdef IP_TOS + int tos; +#endif + char *bp, *host, *src, *suser; + + for (i = 0; i < argc - 1; i++) { + if (!(src = colon(argv[i]))) { /* Local to local. */ + len = strlen(_PATH_CP) + strlen(argv[i]) + + strlen(argv[argc - 1]) + 20; + if (!(bp = malloc(len))) + err(1, " "); + snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP, + iamrecursive ? " -r" : "", pflag ? " -p" : "", + argv[i], argv[argc - 1]); + if (susystem(bp, userid)) + ++errs; + free(bp); + continue; + } + *src++ = 0; + if (*src == 0) + src = "."; + if ((host = strchr(argv[i], '@')) == NULL) { +#ifdef __CYGWIN32__ + errx (1, "Sorry, you need to specify the username"); +#else + host = argv[i]; + suser = pwd->pw_name; +#endif + } else { + *host++ = 0; + suser = argv[i]; + if (*suser == '\0') +#ifdef __CYGWIN32__ + errx (1, "Sorry, you need to specify the username"); +#else + suser = pwd->pw_name; +#endif + else if (!okname(suser)) + continue; + } + len = strlen(src) + CMDNEEDS + 20; + if ((bp = malloc(len)) == NULL) + err(1, " "); + snprintf(bp, len, "%s -f %s", cmd, src); + rem = + use_kerberos ? + kerberos(&host, bp, +#ifndef __CYGWIN32__ + pwd->pw_name, +#else + suser, +#endif + suser) : + rcmd(&host, port, +#ifndef __CYGWIN32__ + pwd->pw_name, +#else + suser, +#endif + suser, bp, 0); + free(bp); + if (rem < 0) { + ++errs; + continue; + } + seteuid(userid); +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + tos = IPTOS_THROUGHPUT; + if (setsockopt(rem, IPPROTO_IP, IP_TOS, (void *)&tos, + sizeof(int)) < 0) + warn("TOS (ignored)"); +#endif /* IP_TOS */ + if (doencrypt) + send_auth(host, dest_realm); + sink(1, argv + argc - 1); + seteuid(0); + close(rem); + rem = -1; + } +} + + +int +main(int argc, char **argv) +{ + int ch, fflag, tflag; + char *targ; + + set_progname(argv[0]); + fflag = tflag = 0; + while ((ch = getopt(argc, argv, OPTIONS)) != EOF) + switch(ch) { /* User-visible flags. */ + case 'K': + use_kerberos = 0; + break; + case 'k': + dest_realm = dst_realm_buf; + strncpy(dst_realm_buf, optarg, REALM_SZ); + break; + case 'x': + doencrypt = 1; + LEFT_JUSTIFIED = 1; + break; + case 'p': + pflag = 1; + break; + case 'r': + iamrecursive = 1; + break; + /* Server options. */ + case 'd': + targetshouldbedirectory = 1; + break; + case 'f': /* "from" */ + iamremote = 1; + fflag = 1; + break; + case 't': /* "to" */ + iamremote = 1; + tflag = 1; + break; + case '?': + default: + usage(); + } + argc -= optind; + argv += optind; + + /* Rcp implements encrypted file transfer without using the + * kshell service, pass 0 for no encryption */ + port = get_shell_port(use_kerberos, 0); + +#ifndef __CYGWIN32__ + if ((pwd = k_getpwuid(userid = getuid())) == NULL) + errx(1, "unknown user %d", (int)userid); +#endif + + rem = STDIN_FILENO; /* XXX */ + + if (fflag) { /* Follow "protocol", send data. */ + if (doencrypt) + answer_auth(); + response(); + setuid(userid); + if (k_hasafs()) { + /* Sometimes we will need cell specific tokens + * to be able to read and write files, thus, + * the token stuff done in rshd might not + * suffice. + */ + char cell[64]; + if (k_afs_cell_of_file(pwd->pw_dir, + cell, sizeof(cell)) == 0) + k_afsklog(cell, 0); + k_afsklog(0, 0); + } + source(argc, argv); + exit(errs); + } + + if (tflag) { /* Receive data. */ + if (doencrypt) + answer_auth(); + setuid(userid); + if (k_hasafs()) { + char cell[64]; + if (k_afs_cell_of_file(pwd->pw_dir, + cell, sizeof(cell)) == 0) + k_afsklog(cell, 0); + k_afsklog(0, 0); + } + sink(argc, argv); + exit(errs); + } + + if (argc < 2) + usage(); + if (argc > 2) + targetshouldbedirectory = 1; + + rem = -1; + /* Command to be executed on remote system using "rsh". */ + snprintf(cmd, sizeof(cmd), + "rcp%s%s%s%s", iamrecursive ? " -r" : "", + (doencrypt && use_kerberos ? " -x" : ""), + pflag ? " -p" : "", targetshouldbedirectory ? " -d" : ""); + + signal(SIGPIPE, lostconn); + + if ((targ = colon(argv[argc - 1]))) /* Dest is remote host. */ + toremote(targ, argc, argv); + else { + tolocal(argc, argv); /* Dest is local host. */ + if (targetshouldbedirectory) + verifydir(argv[argc - 1]); + } + exit(errs); +} diff --git a/crypto/kerberosIV/appl/bsd/rcp_util.c b/crypto/kerberosIV/appl/bsd/rcp_util.c new file mode 100644 index 0000000..6f0c5f0 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/rcp_util.c @@ -0,0 +1,97 @@ +/*- + * Copyright (c) 1992, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: rcp_util.c,v 1.7 1996/11/17 20:23:05 assar Exp $"); + +char * +colon(char *cp) +{ + if (*cp == ':') /* Leading colon is part of file name. */ + return (0); + + for (; *cp; ++cp) { + if (*cp == ':') + return (cp); + if (*cp == '/') + return (0); + } + return (0); +} + +int +okname(char *cp0) +{ + int c; + char *cp; + + cp = cp0; + do { + c = *cp; + if (c & 0200) + goto bad; + if (!isalpha(c) && !isdigit(c) && c != '_' && c != '-') + goto bad; + } while (*++cp); + return (1); + +bad: warnx("%s: invalid user name", cp0); + return (0); +} + +int +susystem(char *s, int userid) +{ + RETSIGTYPE (*istat)(), (*qstat)(); + int status; + pid_t pid; + + pid = fork(); + switch (pid) { + case -1: + return (127); + + case 0: + setuid(userid); + execl(_PATH_BSHELL, "sh", "-c", s, NULL); + _exit(127); + } + istat = signal(SIGINT, SIG_IGN); + qstat = signal(SIGQUIT, SIG_IGN); + if (waitpid(pid, &status, 0) < 0) + status = -1; + signal(SIGINT, istat); + signal(SIGQUIT, qstat); + return (status); +} diff --git a/crypto/kerberosIV/appl/bsd/rlogin.c b/crypto/kerberosIV/appl/bsd/rlogin.c new file mode 100644 index 0000000..27aa8f0 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/rlogin.c @@ -0,0 +1,707 @@ +/* + * Copyright (c) 1983, 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * rlogin - remote login + */ +#include "bsd_locl.h" + +RCSID("$Id: rlogin.c,v 1.61 1997/05/25 01:14:47 assar Exp $"); + +CREDENTIALS cred; +Key_schedule schedule; +int use_kerberos = 1, doencrypt; +char dst_realm_buf[REALM_SZ], *dest_realm = NULL; + +#ifndef CCEQ +#define c2uc(x) ((unsigned char) x) +#define CCEQ__(val, c) (c == val ? val != c2uc(_POSIX_VDISABLE) : 0) +#define CCEQ(val, c) CCEQ__(c2uc(val), c2uc(c)) +#endif + +int eight, rem; +struct termios deftty; + +int noescape; +char escapechar = '~'; + +struct winsize winsize; + +int parent, rcvcnt; +char rcvbuf[8 * 1024]; + +int child; + +static void +echo(char c) +{ + char *p; + char buf[8]; + + p = buf; + c &= 0177; + *p++ = escapechar; + if (c < ' ') { + *p++ = '^'; + *p++ = c + '@'; + } else if (c == 0177) { + *p++ = '^'; + *p++ = '?'; + } else + *p++ = c; + *p++ = '\r'; + *p++ = '\n'; + write(STDOUT_FILENO, buf, p - buf); +} + +static void +mode(int f) +{ + struct termios tty; + + switch (f) { + case 0: + tcsetattr(0, TCSANOW, &deftty); + break; + case 1: + tcgetattr(0, &deftty); + tty = deftty; + /* This is loosely derived from sys/compat/tty_compat.c. */ + tty.c_lflag &= ~(ECHO|ICANON|ISIG|IEXTEN); + tty.c_iflag &= ~ICRNL; + tty.c_oflag &= ~OPOST; + tty.c_cc[VMIN] = 1; + tty.c_cc[VTIME] = 0; + if (eight) { + tty.c_iflag &= IXOFF; + tty.c_cflag &= ~(CSIZE|PARENB); + tty.c_cflag |= CS8; + } + tcsetattr(0, TCSANOW, &tty); + break; + default: + return; + } +} + +static void +done(int status) +{ + int w, wstatus; + + mode(0); + if (child > 0) { + /* make sure catch_child does not snap it up */ + signal(SIGCHLD, SIG_DFL); + if (kill(child, SIGKILL) >= 0) + while ((w = wait(&wstatus)) > 0 && w != child); + } + exit(status); +} + +static +RETSIGTYPE +catch_child(int foo) +{ + int status; + int pid; + + for (;;) { + pid = waitpid(-1, &status, WNOHANG|WUNTRACED); + if (pid == 0) + return; + /* if the child (reader) dies, just quit */ + if (pid < 0 || (pid == child && !WIFSTOPPED(status))) + done(WTERMSIG(status) | WEXITSTATUS(status)); + } + /* NOTREACHED */ +} + +/* + * There is a race in the SunOS5 rlogind. If the slave end has not yet + * been opened by the child when setting tty size the size is reset to + * zero when the child opens it. Therefore we send the window update + * twice. + */ + +static int tty_kludge = 1; + +/* Return the number of OOB bytes processed. */ +static int +oob_real(void) +{ + struct termios tty; + int atmark, n, out, rcvd; + char waste[BUFSIZ], mark; + + out = O_RDWR; + rcvd = 0; + if (recv(rem, &mark, 1, MSG_OOB) < 0) { + return -1; + } + if (mark & TIOCPKT_WINDOW) { + /* Let server know about window size changes */ + kill(parent, SIGUSR1); + } else if (tty_kludge) { + /* Let server know about window size changes */ + kill(parent, SIGUSR1); + tty_kludge = 0; + } + if (!eight && (mark & TIOCPKT_NOSTOP)) { + tcgetattr(0, &tty); + tty.c_iflag &= ~IXON; + tcsetattr(0, TCSANOW, &tty); + } + if (!eight && (mark & TIOCPKT_DOSTOP)) { + tcgetattr(0, &tty); + tty.c_iflag |= (deftty.c_iflag & IXON); + tcsetattr(0, TCSANOW, &tty); + } + if (mark & TIOCPKT_FLUSHWRITE) { +#ifdef TCOFLUSH + tcflush(1, TCOFLUSH); +#else + ioctl(1, TIOCFLUSH, (char *)&out); +#endif + for (;;) { + if (ioctl(rem, SIOCATMARK, &atmark) < 0) { + warn("ioctl"); + break; + } + if (atmark) + break; + n = read(rem, waste, sizeof (waste)); + if (n <= 0) + break; + } + /* + * Don't want any pending data to be output, so clear the recv + * buffer. If we were hanging on a write when interrupted, + * don't want it to restart. If we were reading, restart + * anyway. + */ + rcvcnt = 0; + } + + /* oob does not do FLUSHREAD (alas!) */ + return 1; +} + +/* reader: read from remote: line -> 1 */ +static int +reader(void) +{ + int n, remaining; + char *bufp; + int kludgep = 1; + + bufp = rcvbuf; + for (;;) { + fd_set readfds, exceptfds; + while ((remaining = rcvcnt - (bufp - rcvbuf)) > 0) { + n = write(STDOUT_FILENO, bufp, remaining); + if (n < 0) { + if (errno != EINTR) + return (-1); + continue; + } + bufp += n; + } + bufp = rcvbuf; + rcvcnt = 0; + + FD_ZERO (&readfds); + FD_SET (rem, &readfds); + FD_ZERO (&exceptfds); + if (kludgep) + FD_SET (rem, &exceptfds); + if (select(rem+1, &readfds, 0, &exceptfds, 0) == -1) { + if (errno == EINTR) + continue; /* Got signal */ + else + errx(1, "select failed mysteriously"); + } + + if (!FD_ISSET(rem, &exceptfds) && !FD_ISSET(rem, &readfds)) { + warnx("select: nothing to read?"); + continue; + } + + if (FD_ISSET(rem, &exceptfds)) { + int foo = oob_real (); + if (foo >= 1) + continue; /* First check if there is more OOB data. */ + else if (foo < 0) + kludgep = 0; + } + + if (!FD_ISSET(rem, &readfds)) + continue; /* Nothing to read. */ + + kludgep = 1; +#ifndef NOENCRYPTION + if (doencrypt) + rcvcnt = des_enc_read(rem, rcvbuf, + sizeof(rcvbuf), + schedule, &cred.session); + else +#endif + rcvcnt = read(rem, rcvbuf, sizeof (rcvbuf)); + if (rcvcnt == 0) + return (0); + if (rcvcnt < 0) { + if (errno == EINTR) + continue; + warn("read"); + return (-1); + } + } +} + +/* + * Send the window size to the server via the magic escape + */ +static void +sendwindow(void) +{ + char obuf[4 + 4 * sizeof (u_int16_t)]; + unsigned short *p; + + p = (u_int16_t *)(obuf + 4); + obuf[0] = 0377; + obuf[1] = 0377; + obuf[2] = 's'; + obuf[3] = 's'; + *p++ = htons(winsize.ws_row); + *p++ = htons(winsize.ws_col); +#ifdef HAVE_WS_XPIXEL + *p++ = htons(winsize.ws_xpixel); +#else + *p++ = htons(0); +#endif +#ifdef HAVE_WS_YPIXEL + *p++ = htons(winsize.ws_ypixel); +#else + *p++ = htons(0); +#endif + +#ifndef NOENCRYPTION + if(doencrypt) + des_enc_write(rem, obuf, sizeof(obuf), schedule, + &cred.session); + else +#endif + write(rem, obuf, sizeof(obuf)); +} + +static +RETSIGTYPE +sigwinch(int foo) +{ + struct winsize ws; + + if (get_window_size(0, &ws) == 0 && + memcmp(&ws, &winsize, sizeof(ws))) { + winsize = ws; + sendwindow(); + } +} + +static void +stop(int all) +{ + mode(0); + signal(SIGCHLD, SIG_IGN); + kill(all ? 0 : getpid(), SIGTSTP); + signal(SIGCHLD, catch_child); + mode(1); +#ifdef SIGWINCH + kill(SIGWINCH, getpid()); /* check for size changes, if caught */ +#endif +} + +/* + * writer: write to remote: 0 -> line. + * ~. terminate + * ~^Z suspend rlogin process. + * ~<delayed-suspend char> suspend rlogin process, but leave reader alone. + */ +static void +writer(void) +{ + int bol, local, n; + char c; + + bol = 1; /* beginning of line */ + local = 0; + for (;;) { + n = read(STDIN_FILENO, &c, 1); + if (n <= 0) { + if (n < 0 && errno == EINTR) + continue; + break; + } + /* + * If we're at the beginning of the line and recognize a + * command character, then we echo locally. Otherwise, + * characters are echo'd remotely. If the command character + * is doubled, this acts as a force and local echo is + * suppressed. + */ + if (bol) { + bol = 0; + if (!noescape && c == escapechar) { + local = 1; + continue; + } + } else if (local) { + local = 0; + if (c == '.' || CCEQ(deftty.c_cc[VEOF], c)) { + echo(c); + break; + } + if (CCEQ(deftty.c_cc[VSUSP], c)) { + bol = 1; + echo(c); + stop(1); + continue; + } +#ifdef VDSUSP + /* Is VDSUSP called something else on Linux? + * Perhaps VDELAY is a better thing? */ + if (CCEQ(deftty.c_cc[VDSUSP], c)) { + bol = 1; + echo(c); + stop(0); + continue; + } +#endif /* VDSUSP */ + if (c != escapechar) +#ifndef NOENCRYPTION + if (doencrypt) + des_enc_write(rem, &escapechar,1, schedule, &cred.session); + else +#endif + write(rem, &escapechar, 1); + } + + if (doencrypt) { +#ifdef NOENCRYPTION + if (write(rem, &c, 1) == 0) { +#else + if (des_enc_write(rem, &c, 1, schedule, &cred.session) == 0) { +#endif + warnx("line gone"); + break; + } + } else + if (write(rem, &c, 1) == 0) { + warnx("line gone"); + break; + } + bol = CCEQ(deftty.c_cc[VKILL], c) || + CCEQ(deftty.c_cc[VEOF], c) || + CCEQ(deftty.c_cc[VINTR], c) || + CCEQ(deftty.c_cc[VSUSP], c) || + c == '\r' || c == '\n'; + } +} + +static +RETSIGTYPE +lostpeer(int foo) +{ + signal(SIGPIPE, SIG_IGN); + warnx("\aconnection closed.\r"); + done(1); +} + +/* + * This is called in the parent when the reader process gets the + * out-of-band (urgent) request to turn on the window-changing + * protocol. It is signalled from the child(reader). + */ +static +RETSIGTYPE +sigusr1(int foo) +{ + /* + * Now we now daemon supports winsize hack, + */ + sendwindow(); +#ifdef SIGWINCH + signal(SIGWINCH, sigwinch); /* so we start to support it */ +#endif + SIGRETURN(0); +} + +static void +doit(void) +{ + signal(SIGINT, SIG_IGN); + signal(SIGHUP, SIG_IGN); + signal(SIGQUIT, SIG_IGN); + + signal(SIGCHLD, catch_child); + + /* + * Child sends parent this signal for window size hack. + */ + signal(SIGUSR1, sigusr1); + + signal(SIGPIPE, lostpeer); + + mode(1); + parent = getpid(); + child = fork(); + if (child == -1) { + warn("fork"); + done(1); + } + if (child == 0) { + signal(SIGCHLD, SIG_IGN); + signal(SIGTTOU, SIG_IGN); + if (reader() == 0) + errx(1, "connection closed.\r"); + sleep(1); + errx(1, "\aconnection closed.\r"); + } + + writer(); + warnx("closed connection.\r"); + done(0); +} + +static void +usage(void) +{ + fprintf(stderr, + "usage: rlogin [ -%s]%s[-e char] [ -l username ] host\n", + "8DEKLdx", " [-k realm] "); + exit(1); +} + +static u_int +getescape(char *p) +{ + long val; + int len; + + if ((len = strlen(p)) == 1) /* use any single char, including '\' */ + return ((u_int)*p); + /* otherwise, \nnn */ + if (*p == '\\' && len >= 2 && len <= 4) { + val = strtol(++p, NULL, 8); + for (;;) { + if (!*++p) + return ((u_int)val); + if (*p < '0' || *p > '8') + break; + } + } + warnx("illegal option value -- e"); + usage(); + return 0; +} + +int +main(int argc, char **argv) +{ + struct passwd *pw; + int sv_port, user_port = 0; + int argoff, ch, dflag, Dflag, one, uid; + char *host, *user, term[1024]; + + argoff = dflag = Dflag = 0; + one = 1; + host = user = NULL; + + set_progname(argv[0]); + + /* handle "rlogin host flags" */ + if (argc > 2 && argv[1][0] != '-') { + host = argv[1]; + argoff = 1; + } + +#define OPTIONS "8DEKLde:k:l:xp:" + while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != EOF) + switch(ch) { + case '8': + eight = 1; + break; + case 'D': + Dflag = 1; + break; + case 'E': + noescape = 1; + break; + case 'K': + use_kerberos = 0; + break; + case 'd': + dflag = 1; + break; + case 'e': + noescape = 0; + escapechar = getescape(optarg); + break; + case 'k': + dest_realm = dst_realm_buf; + strncpy(dest_realm, optarg, REALM_SZ); + break; + case 'l': + user = optarg; + break; + case 'x': + doencrypt = 1; + break; + case 'p': + user_port = htons(atoi(optarg)); + break; + case '?': + default: + usage(); + } + optind += argoff; + argc -= optind; + argv += optind; + + /* if haven't gotten a host yet, do so */ + if (!host && !(host = *argv++)) + usage(); + + if (*argv) + usage(); + + if (!(pw = k_getpwuid(uid = getuid()))) + errx(1, "unknown user id."); + if (!user) + user = pw->pw_name; + + + if (user_port) + sv_port = user_port; + else + sv_port = get_login_port(use_kerberos, doencrypt); + + { + char *p = getenv("TERM"); + struct termios tty; + int i; + + if (p == NULL) + p = "network"; + + if (tcgetattr(0, &tty) == 0 + && (i = speed_t2int (cfgetospeed(&tty))) > 0) + snprintf (term, sizeof(term), + "%s/%d", + p, i); + else + snprintf (term, sizeof(term), + "%s", + p); + } + + get_window_size(0, &winsize); + + try_connect: + if (use_kerberos) { + struct hostent *hp; + + /* Fully qualify hostname (needed for krb_realmofhost). */ + hp = gethostbyname(host); + if (hp != NULL && !(host = strdup(hp->h_name))) { + errno = ENOMEM; + err(1, NULL); + } + + rem = KSUCCESS; + errno = 0; + if (dest_realm == NULL) + dest_realm = krb_realmofhost(host); + + if (doencrypt) + rem = krcmd_mutual(&host, sv_port, user, term, 0, + dest_realm, &cred, schedule); + else + rem = krcmd(&host, sv_port, user, term, 0, + dest_realm); + if (rem < 0) { + use_kerberos = 0; + if (user_port == 0) + sv_port = get_login_port(use_kerberos, + doencrypt); + if (errno == ECONNREFUSED) + warning("remote host doesn't support Kerberos"); + if (errno == ENOENT) + warning("can't provide Kerberos auth data"); + goto try_connect; + } + } else { + if (doencrypt) + errx(1, "the -x flag requires Kerberos authentication."); + if (geteuid() != 0) + errx(1, "not installed setuid root, " + "only root may use non kerberized rlogin"); + rem = rcmd(&host, sv_port, pw->pw_name, user, term, 0); + } + + if (rem < 0) + exit(1); + +#ifdef HAVE_SETSOCKOPT +#ifdef SO_DEBUG + if (dflag && + setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one, + sizeof(one)) < 0) + warn("setsockopt"); +#endif +#ifdef TCP_NODELAY + if (Dflag && + setsockopt(rem, IPPROTO_TCP, TCP_NODELAY, (void *)&one, + sizeof(one)) < 0) + warn("setsockopt(TCP_NODELAY)"); +#endif +#ifdef IP_TOS + one = IPTOS_LOWDELAY; + if (setsockopt(rem, IPPROTO_IP, IP_TOS, (void *)&one, sizeof(int)) < 0) + warn("setsockopt(IP_TOS)"); +#endif /* IP_TOS */ +#endif /* HAVE_SETSOCKOPT */ + + setuid(uid); + doit(); + return 0; +} diff --git a/crypto/kerberosIV/appl/bsd/rlogind.c b/crypto/kerberosIV/appl/bsd/rlogind.c new file mode 100644 index 0000000..c5d80774 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/rlogind.c @@ -0,0 +1,934 @@ +/*- + * Copyright (c) 1983, 1988, 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * remote login server: + * \0 + * remuser\0 + * locuser\0 + * terminal_type/speed\0 + * data + */ + +#include "bsd_locl.h" + +RCSID("$Id: rlogind.c,v 1.100 1997/05/25 01:15:20 assar Exp $"); + +extern int __check_rhosts_file; + +char *INSECURE_MESSAGE = +"\r\n*** Connection not encrypted! Communication may be eavesdropped. ***" +"\r\n*** Use telnet or rlogin -x instead! ***\r\n"; + +#ifndef NOENCRYPTION +char *SECURE_MESSAGE = +"This rlogin session is using DES encryption for all transmissions.\r\n"; +#else +#define SECURE_MESSAGE INSECURE_MESSAGE +#endif + +AUTH_DAT *kdata; +KTEXT ticket; +u_char auth_buf[sizeof(AUTH_DAT)]; +u_char tick_buf[sizeof(KTEXT_ST)]; +Key_schedule schedule; +int doencrypt, retval, use_kerberos, vacuous; + +#define ARGSTR "Daip:lnkvxL:" + +char *env[2]; +#define NMAX 30 +char lusername[NMAX+1], rusername[NMAX+1]; +static char term[64] = "TERM="; +#define ENVSIZE (sizeof("TERM=")-1) /* skip null for concatenation */ +int keepalive = 1; +int check_all = 0; +int no_delay = 0; + +struct passwd *pwd; + +static const char *new_login = _PATH_LOGIN; + +static void doit (int, struct sockaddr_in *); +static int control (int, char *, int); +static void protocol (int, int); +static RETSIGTYPE cleanup (int); +void fatal (int, const char *, int); +static int do_rlogin (struct sockaddr_in *); +static void setup_term (int); +static int do_krb_login (struct sockaddr_in *); +static void usage (void); + +static int +readstream(int p, char *ibuf, int bufsize) +{ +#ifndef HAVE_GETMSG + return read(p, ibuf, bufsize); +#else + static int flowison = -1; /* current state of flow: -1 is unknown */ + static struct strbuf strbufc, strbufd; + static unsigned char ctlbuf[BUFSIZ]; + static int use_read = 1; + + int flags = 0; + int ret; + struct termios tsp; + + struct iocblk ip; + char vstop, vstart; + int ixon; + int newflow; + + if (use_read) + { + ret = read(p, ibuf, bufsize); + if (ret < 0 && errno == EBADMSG) + use_read = 0; + else + return ret; + } + + strbufc.maxlen = BUFSIZ; + strbufc.buf = (char *)ctlbuf; + strbufd.maxlen = bufsize-1; + strbufd.len = 0; + strbufd.buf = ibuf+1; + ibuf[0] = 0; + + ret = getmsg(p, &strbufc, &strbufd, &flags); + if (ret < 0) /* error of some sort -- probably EAGAIN */ + return(-1); + + if (strbufc.len <= 0 || ctlbuf[0] == M_DATA) { + /* data message */ + if (strbufd.len > 0) { /* real data */ + return(strbufd.len + 1); /* count header char */ + } else { + /* nothing there */ + errno = EAGAIN; + return(-1); + } + } + + /* + * It's a control message. Return 1, to look at the flag we set + */ + + switch (ctlbuf[0]) { + case M_FLUSH: + if (ibuf[1] & FLUSHW) + ibuf[0] = TIOCPKT_FLUSHWRITE; + return(1); + + case M_IOCTL: + memcpy(&ip, (ibuf+1), sizeof(ip)); + + switch (ip.ioc_cmd) { +#ifdef TCSETS + case TCSETS: + case TCSETSW: + case TCSETSF: + memcpy(&tsp, + (ibuf+1 + sizeof(struct iocblk)), + sizeof(tsp)); + vstop = tsp.c_cc[VSTOP]; + vstart = tsp.c_cc[VSTART]; + ixon = tsp.c_iflag & IXON; + break; +#endif + default: + errno = EAGAIN; + return(-1); + } + + newflow = (ixon && (vstart == 021) && (vstop == 023)) ? 1 : 0; + if (newflow != flowison) { /* it's a change */ + flowison = newflow; + ibuf[0] = newflow ? TIOCPKT_DOSTOP : TIOCPKT_NOSTOP; + return(1); + } + } + + /* nothing worth doing anything about */ + errno = EAGAIN; + return(-1); +#endif +} + +#ifdef HAVE_UTMPX_H +static int +logout(const char *line) +{ + struct utmpx utmpx, *utxp; + int ret = 1; + + setutxent (); + memset(&utmpx, 0, sizeof(utmpx)); + utmpx.ut_type = USER_PROCESS; + strncpy(utmpx.ut_line, line, sizeof(utmpx.ut_line)); + utxp = getutxline(&utmpx); + if (utxp) { + strcpy(utxp->ut_user, ""); + utxp->ut_type = DEAD_PROCESS; +#ifdef _STRUCT___EXIT_STATUS + utxp->ut_exit.__e_termination = 0; + utxp->ut_exit.__e_exit = 0; +#elif defined(__osf__) /* XXX */ + utxp->ut_exit.ut_termination = 0; + utxp->ut_exit.ut_exit = 0; +#else + utxp->ut_exit.e_termination = 0; + utxp->ut_exit.e_exit = 0; +#endif + gettimeofday(&utxp->ut_tv, NULL); + pututxline(utxp); +#ifdef WTMPX_FILE + updwtmpx(WTMPX_FILE, utxp); +#else + ret = 0; +#endif + } + endutxent(); + return ret; +} +#else +static int +logout(const char *line) +{ + FILE *fp; + struct utmp ut; + int rval; + + if (!(fp = fopen(_PATH_UTMP, "r+"))) + return(0); + rval = 1; + while (fread(&ut, sizeof(struct utmp), 1, fp) == 1) { + if (!ut.ut_name[0] || + strncmp(ut.ut_line, line, sizeof(ut.ut_line))) + continue; + memset(ut.ut_name, 0, sizeof(ut.ut_name)); +#ifdef HAVE_UT_HOST + memset(ut.ut_host, 0, sizeof(ut.ut_host)); +#endif + time(&ut.ut_time); + fseek(fp, (long)-sizeof(struct utmp), SEEK_CUR); + fwrite(&ut, sizeof(struct utmp), 1, fp); + fseek(fp, (long)0, SEEK_CUR); + rval = 0; + } + fclose(fp); + return(rval); +} +#endif + +#ifndef HAVE_LOGWTMP +static void +logwtmp(const char *line, const char *name, const char *host) +{ + struct utmp ut; + struct stat buf; + int fd; + + memset (&ut, 0, sizeof(ut)); + if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) < 0) + return; + if (!fstat(fd, &buf)) { + strncpy(ut.ut_line, line, sizeof(ut.ut_line)); + strncpy(ut.ut_name, name, sizeof(ut.ut_name)); +#ifdef HAVE_UT_HOST + strncpy(ut.ut_host, host, sizeof(ut.ut_host)); +#endif +#ifdef HAVE_UT_PID + ut.ut_pid = getpid(); +#endif +#ifdef HAVE_UT_TYPE + if(name[0]) + ut.ut_type = USER_PROCESS; + else + ut.ut_type = DEAD_PROCESS; +#endif + time(&ut.ut_time); + if (write(fd, &ut, sizeof(struct utmp)) != + sizeof(struct utmp)) + ftruncate(fd, buf.st_size); + } + close(fd); +} +#endif + +int +main(int argc, char **argv) +{ + struct sockaddr_in from; + int ch, fromlen, on; + int interactive = 0; + int portnum = 0; + + set_progname(argv[0]); + + openlog("rlogind", LOG_PID | LOG_CONS, LOG_AUTH); + + opterr = 0; + while ((ch = getopt(argc, argv, ARGSTR)) != EOF) + switch (ch) { + case 'D': + no_delay = 1; + break; + case 'a': + break; + case 'i': + interactive = 1; + break; + case 'p': + portnum = htons(atoi(optarg)); + break; + case 'l': + __check_rhosts_file = 0; + break; + case 'n': + keepalive = 0; + break; + case 'k': + use_kerberos = 1; + break; + case 'v': + vacuous = 1; + break; + case 'x': + doencrypt = 1; + break; + case 'L': + new_login = optarg; + break; + case '?': + default: + usage(); + break; + } + argc -= optind; + argv += optind; + + if (use_kerberos && vacuous) { + usage(); + fatal(STDERR_FILENO, "only one of -k and -v allowed", 0); + } + if (interactive) { + if(portnum == 0) + portnum = get_login_port (use_kerberos, doencrypt); + mini_inetd (portnum); + } + + fromlen = sizeof (from); + if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { + syslog(LOG_ERR,"Can't get peer name of remote host: %m"); + fatal(STDERR_FILENO, "Can't get peer name of remote host", 1); + } + on = 1; +#ifdef HAVE_SETSOCKOPT +#ifdef SO_KEEPALIVE + if (keepalive && + setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, + sizeof (on)) < 0) + syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); +#endif +#ifdef TCP_NODELAY + if (no_delay && + setsockopt(0, IPPROTO_TCP, TCP_NODELAY, (void *)&on, + sizeof(on)) < 0) + syslog(LOG_WARNING, "setsockopt (TCP_NODELAY): %m"); +#endif + +#ifdef IP_TOS + on = IPTOS_LOWDELAY; + if (setsockopt(0, IPPROTO_IP, IP_TOS, (void *)&on, sizeof(int)) < 0) + syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); +#endif +#endif /* HAVE_SETSOCKOPT */ + doit(0, &from); + return 0; +} + +int child; +int netf; +char line[MaxPathLen]; +int confirmed; + +struct winsize win = { 0, 0, 0, 0 }; + + +static void +doit(int f, struct sockaddr_in *fromp) +{ + int master, pid, on = 1; + int authenticated = 0; + char hostname[2 * MaxHostNameLen + 1]; + char c; + + alarm(60); + read(f, &c, 1); + + if (c != 0) + exit(1); + if (vacuous) + fatal(f, "Remote host requires Kerberos authentication", 0); + + alarm(0); + inaddr2str (fromp->sin_addr, hostname, sizeof(hostname)); + + if (use_kerberos) { + retval = do_krb_login(fromp); + if (retval == 0) + authenticated++; + else if (retval > 0) + fatal(f, krb_get_err_text(retval), 0); + write(f, &c, 1); + confirmed = 1; /* we sent the null! */ + } else { + fromp->sin_port = ntohs((u_short)fromp->sin_port); + if (fromp->sin_family != AF_INET || + fromp->sin_port >= IPPORT_RESERVED || + fromp->sin_port < IPPORT_RESERVED/2) { + syslog(LOG_NOTICE, "Connection from %s on illegal port", + inet_ntoa(fromp->sin_addr)); + fatal(f, "Permission denied", 0); + } + ip_options_and_die (0, fromp); + if (do_rlogin(fromp) == 0) + authenticated++; + } + if (confirmed == 0) { + write(f, "", 1); + confirmed = 1; /* we sent the null! */ + } +#ifndef NOENCRYPTION + if (doencrypt) + des_enc_write(f, SECURE_MESSAGE, + strlen(SECURE_MESSAGE), + schedule, &kdata->session); + else +#endif + write(f, INSECURE_MESSAGE, strlen(INSECURE_MESSAGE)); + netf = f; + + pid = forkpty(&master, line, NULL, NULL); + if (pid < 0) { + if (errno == ENOENT) + fatal(f, "Out of ptys", 0); + else + fatal(f, "Forkpty", 1); + } + if (pid == 0) { + if (f > 2) /* f should always be 0, but... */ + close(f); + setup_term(0); + if (lusername[0] == '-'){ + syslog(LOG_ERR, "tried to pass user \"%s\" to login", + lusername); + fatal(STDERR_FILENO, "invalid user", 0); + } + if (authenticated) { + if (use_kerberos && (pwd->pw_uid == 0)) + syslog(LOG_INFO|LOG_AUTH, + "ROOT Kerberos login from %s on %s\n", + krb_unparse_name_long(kdata->pname, + kdata->pinst, + kdata->prealm), + hostname); + + execl(new_login, "login", "-p", + "-h", hostname, "-f", "--", lusername, 0); + } else + execl(new_login, "login", "-p", + "-h", hostname, "--", lusername, 0); + fatal(STDERR_FILENO, new_login, 1); + /*NOTREACHED*/ + } + /* + * If encrypted, don't turn on NBIO or the des read/write + * routines will croak. + */ + + if (!doencrypt) + ioctl(f, FIONBIO, &on); + ioctl(master, FIONBIO, &on); + ioctl(master, TIOCPKT, &on); + signal(SIGTSTP, SIG_IGN); + signal(SIGCHLD, cleanup); + setsid(); + protocol(f, master); + signal(SIGCHLD, SIG_IGN); + cleanup(0); +} + +const char magic[2] = { 0377, 0377 }; + +/* + * Handle a "control" request (signaled by magic being present) + * in the data stream. For now, we are only willing to handle + * window size changes. + */ +static int +control(int master, char *cp, int n) +{ + struct winsize w; + char *p; + u_int32_t tmp; + + if (n < 4 + 4 * sizeof (u_int16_t) || cp[2] != 's' || cp[3] != 's') + return (0); +#ifdef TIOCSWINSZ + p = cp + 4; + p += krb_get_int(p, &tmp, 2, 0); + w.ws_row = tmp; + p += krb_get_int(p, &tmp, 2, 0); + w.ws_col = tmp; + + p += krb_get_int(p, &tmp, 2, 0); +#ifdef HAVE_WS_XPIXEL + w.ws_xpixel = tmp; +#endif + p += krb_get_int(p, &tmp, 2, 0); +#ifdef HAVE_WS_YPIXEL + w.ws_ypixel = tmp; +#endif + ioctl(master, TIOCSWINSZ, &w); +#endif + return p - cp; +} + +static +void +send_oob(int fd, char c) +{ + static char last_oob = 0xFF; + +#if (SunOS == 5) || defined(__hpux) + /* + * PSoriasis and HP-UX always send TIOCPKT_DOSTOP at startup so we + * can avoid sending OOB data and thus not break on Linux by merging + * TIOCPKT_DOSTOP into the first TIOCPKT_WINDOW. + */ + static int oob_kludge = 2; + if (oob_kludge == 2) + { + oob_kludge--; /* First time send nothing */ + return; + } + else if (oob_kludge == 1) + { + oob_kludge--; /* Second time merge TIOCPKT_WINDOW */ + c |= TIOCPKT_WINDOW; + } +#endif + +#define pkcontrol(c) ((c)&(TIOCPKT_FLUSHWRITE|TIOCPKT_NOSTOP|TIOCPKT_DOSTOP)) + c = pkcontrol(c); + /* Multiple OOB data breaks on Linux, avoid it when possible. */ + if (c != last_oob) + send(fd, &c, 1, MSG_OOB); + last_oob = c; +} + +/* + * rlogin "protocol" machine. + */ +static void +protocol(int f, int master) +{ + char pibuf[1024+1], fibuf[1024], *pbp, *fbp; + int pcc = 0, fcc = 0; + int cc, nfd, n; + char cntl; + unsigned char oob_queue = 0; + + /* + * Must ignore SIGTTOU, otherwise we'll stop + * when we try and set slave pty's window shape + * (our controlling tty is the master pty). + */ + signal(SIGTTOU, SIG_IGN); + + send_oob(f, TIOCPKT_WINDOW); /* indicate new rlogin */ + + if (f > master) + nfd = f + 1; + else + nfd = master + 1; + if (nfd > FD_SETSIZE) { + syslog(LOG_ERR, "select mask too small, increase FD_SETSIZE"); + fatal(f, "internal error (select mask too small)", 0); + } + for (;;) { + fd_set ibits, obits, ebits, *omask; + + FD_ZERO(&ebits); + FD_ZERO(&ibits); + FD_ZERO(&obits); + omask = (fd_set *)NULL; + if (fcc) { + FD_SET(master, &obits); + omask = &obits; + } else + FD_SET(f, &ibits); + if (pcc >= 0) + if (pcc) { + FD_SET(f, &obits); + omask = &obits; + } else + FD_SET(master, &ibits); + FD_SET(master, &ebits); + if ((n = select(nfd, &ibits, omask, &ebits, 0)) < 0) { + if (errno == EINTR) + continue; + fatal(f, "select", 1); + } + if (n == 0) { + /* shouldn't happen... */ + sleep(5); + continue; + } + if (FD_ISSET(master, &ebits)) { + cc = readstream(master, &cntl, 1); + if (cc == 1 && pkcontrol(cntl)) { +#if 0 /* Kludge around */ + send_oob(f, cntl); +#endif + oob_queue = cntl; + if (cntl & TIOCPKT_FLUSHWRITE) { + pcc = 0; + FD_CLR(master, &ibits); + } + } + } + if (FD_ISSET(f, &ibits)) { +#ifndef NOENCRYPTION + if (doencrypt) + fcc = des_enc_read(f, fibuf, + sizeof(fibuf), + schedule, &kdata->session); + else +#endif + fcc = read(f, fibuf, sizeof(fibuf)); + if (fcc < 0 && errno == EWOULDBLOCK) + fcc = 0; + else { + char *cp; + int left, n; + + if (fcc <= 0) + break; + fbp = fibuf; + + top: + for (cp = fibuf; cp < fibuf+fcc-1; cp++) + if (cp[0] == magic[0] && + cp[1] == magic[1]) { + left = fcc - (cp-fibuf); + n = control(master, cp, left); + if (n) { + left -= n; + if (left > 0) + memmove(cp, cp+n, left); + fcc -= n; + goto top; /* n^2 */ + } + } + FD_SET(master, &obits); /* try write */ + } + } + + if (FD_ISSET(master, &obits) && fcc > 0) { + cc = write(master, fbp, fcc); + if (cc > 0) { + fcc -= cc; + fbp += cc; + } + } + + if (FD_ISSET(master, &ibits)) { + pcc = readstream(master, pibuf, sizeof (pibuf)); + pbp = pibuf; + if (pcc < 0 && errno == EWOULDBLOCK) + pcc = 0; + else if (pcc <= 0) + break; + else if (pibuf[0] == 0) { + pbp++, pcc--; + if (!doencrypt) + FD_SET(f, &obits); /* try write */ + } else { + if (pkcontrol(pibuf[0])) { + oob_queue = pibuf[0]; +#if 0 /* Kludge around */ + send_oob(f, pibuf[0]); +#endif + } + pcc = 0; + } + } + if ((FD_ISSET(f, &obits)) && pcc > 0) { +#ifndef NOENCRYPTION + if (doencrypt) + cc = des_enc_write(f, pbp, pcc, schedule, &kdata->session); + else +#endif + cc = write(f, pbp, pcc); + if (cc < 0 && errno == EWOULDBLOCK) { + /* + * This happens when we try write after read + * from p, but some old kernels balk at large + * writes even when select returns true. + */ + if (!FD_ISSET(master, &ibits)) + sleep(5); + continue; + } + if (cc > 0) { + pcc -= cc; + pbp += cc; + /* Only send urg data when normal data + * has just been sent. + * Linux has deep problems with more + * than one byte of OOB data. + */ + if (oob_queue) { + send_oob (f, oob_queue); + oob_queue = 0; + } + } + } + } +} + +static RETSIGTYPE +cleanup(int signo) +{ + char *p = clean_ttyname (line); + + if (logout(p) == 0) + logwtmp(p, "", ""); + chmod(line, 0666); + chown(line, 0, 0); + *p = 'p'; + chmod(line, 0666); + chown(line, 0, 0); + shutdown(netf, 2); + signal(SIGHUP, SIG_IGN); +#ifdef HAVE_VHANGUP + vhangup(); +#endif /* HAVE_VHANGUP */ + exit(1); +} + +void +fatal(int f, const char *msg, int syserr) +{ + int len; + char buf[BUFSIZ], *bp = buf; + + /* + * Prepend binary one to message if we haven't sent + * the magic null as confirmation. + */ + if (!confirmed) + *bp++ = '\01'; /* error indicator */ + if (syserr) + snprintf(bp, sizeof(buf) - (bp - buf), + "rlogind: %s: %s.\r\n", + msg, strerror(errno)); + else + snprintf(bp, sizeof(buf) - (bp - buf), + "rlogind: %s.\r\n", msg); + len = strlen(bp); +#ifndef NOENCRYPTION + if (doencrypt) + des_enc_write(f, buf, bp + len - buf, schedule, &kdata->session); + else +#endif + write(f, buf, bp + len - buf); + exit(1); +} + +static void +xgetstr(char *buf, int cnt, char *errmsg) +{ + char c; + + do { + if (read(0, &c, 1) != 1) + exit(1); + if (--cnt < 0) + fatal(STDOUT_FILENO, errmsg, 0); + *buf++ = c; + } while (c != 0); +} + +static int +do_rlogin(struct sockaddr_in *dest) +{ + xgetstr(rusername, sizeof(rusername), "remuser too long"); + xgetstr(lusername, sizeof(lusername), "locuser too long"); + xgetstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long"); + + pwd = k_getpwnam(lusername); + if (pwd == NULL) + return (-1); + if (pwd->pw_uid == 0 && strcmp("root", lusername) != 0) + { + syslog(LOG_ALERT, "NIS attack, user %s has uid 0", lusername); + return (-1); + } + return (iruserok(dest->sin_addr.s_addr, + (pwd->pw_uid == 0), + rusername, + lusername)); +} + +static void +setup_term(int fd) +{ + char *cp = strchr(term+ENVSIZE, '/'); + char *speed; + struct termios tt; + + tcgetattr(fd, &tt); + if (cp) { + int s; + + *cp++ = '\0'; + speed = cp; + cp = strchr(speed, '/'); + if (cp) + *cp++ = '\0'; + s = int2speed_t (atoi (speed)); + if (s > 0) { + cfsetospeed (&tt, s); + cfsetispeed (&tt, s); + } + } + + tt.c_iflag &= ~INPCK; + tt.c_iflag |= ICRNL|IXON; + tt.c_oflag |= OPOST|ONLCR; +#ifdef TAB3 + tt.c_oflag |= TAB3; +#endif /* TAB3 */ +#ifdef ONLRET + tt.c_oflag &= ~ONLRET; +#endif /* ONLRET */ + tt.c_lflag |= (ECHO|ECHOE|ECHOK|ISIG|ICANON); + tt.c_cflag &= ~PARENB; + tt.c_cflag |= CS8; + tt.c_cc[VMIN] = 1; + tt.c_cc[VTIME] = 0; + tt.c_cc[VEOF] = CEOF; + tcsetattr(fd, TCSAFLUSH, &tt); + + env[0] = term; + env[1] = 0; + environ = env; +} + +#define VERSION_SIZE 9 + +/* + * Do the remote kerberos login to the named host with the + * given inet address + * + * Return 0 on valid authorization + * Return -1 on valid authentication, no authorization + * Return >0 for error conditions + */ +static int +do_krb_login(struct sockaddr_in *dest) +{ + int rc; + char instance[INST_SZ], version[VERSION_SIZE]; + long authopts = 0L; /* !mutual */ + struct sockaddr_in faddr; + + kdata = (AUTH_DAT *) auth_buf; + ticket = (KTEXT) tick_buf; + + k_getsockinst(0, instance, sizeof(instance)); + + if (doencrypt) { + rc = sizeof(faddr); + if (getsockname(0, (struct sockaddr *)&faddr, &rc)) + return (-1); + authopts = KOPT_DO_MUTUAL; + rc = krb_recvauth( + authopts, 0, + ticket, "rcmd", + instance, dest, &faddr, + kdata, "", schedule, version); + des_set_key(&kdata->session, schedule); + + } else + rc = krb_recvauth( + authopts, 0, + ticket, "rcmd", + instance, dest, (struct sockaddr_in *) 0, + kdata, "", 0, version); + + if (rc != KSUCCESS) + return (rc); + + xgetstr(lusername, sizeof(lusername), "locuser"); + /* get the "cmd" in the rcmd protocol */ + xgetstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type"); + + pwd = k_getpwnam(lusername); + if (pwd == NULL) + return (-1); + if (pwd->pw_uid == 0 && strcmp("root", lusername) != 0) + { + syslog(LOG_ALERT, "NIS attack, user %s has uid 0", lusername); + return (-1); + } + + /* returns nonzero for no access */ + if (kuserok(kdata, lusername) != 0) + return (-1); + + return (0); + +} + +static void +usage(void) +{ + syslog(LOG_ERR, + "usage: rlogind [-Dailn] [-p port] [-x] [-L login] [-k | -v]"); + exit(1); +} diff --git a/crypto/kerberosIV/appl/bsd/rsh.c b/crypto/kerberosIV/appl/bsd/rsh.c new file mode 100644 index 0000000..329ebf7 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/rsh.c @@ -0,0 +1,353 @@ +/*- + * Copyright (c) 1983, 1990 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: rsh.c,v 1.35 1997/03/30 18:20:22 joda Exp $"); + +CREDENTIALS cred; +Key_schedule schedule; +int use_kerberos = 1, doencrypt; +char dst_realm_buf[REALM_SZ], *dest_realm; + +/* + * rsh - remote shell + */ +int rfd2; + +static void +usage(void) +{ + fprintf(stderr, + "usage: rsh [-ndKx] [-k realm] [-l login] host [command]\n"); + exit(1); +} + +static char * +copyargs(char **argv) +{ + int cc; + char **ap, *p; + char *args; + + cc = 0; + for (ap = argv; *ap; ++ap) + cc += strlen(*ap) + 1; + if (!(args = malloc(cc))) + errx(1, "Out of memory."); + for (p = args, ap = argv; *ap; ++ap) { + strcpy(p, *ap); + for (p = strcpy(p, *ap); *p; ++p); + if (ap[1]) + *p++ = ' '; + } + return(args); +} + +static RETSIGTYPE +sendsig(int signo_) +{ + char signo = signo_; +#ifndef NOENCRYPTION + if (doencrypt) + des_enc_write(rfd2, &signo, 1, schedule, &cred.session); + else +#endif + write(rfd2, &signo, 1); +} + +static void +talk(int nflag, sigset_t omask, int pid, int rem) +{ + int cc, wc; + char *bp; + fd_set readfrom, ready, rembits; + char buf[BUFSIZ]; + + if (pid == 0) { + if (nflag) + goto done; + + close(rfd2); + + reread: errno = 0; + if ((cc = read(0, buf, sizeof buf)) <= 0) + goto done; + bp = buf; + + rewrite: FD_ZERO(&rembits); + FD_SET(rem, &rembits); + if (select(16, 0, &rembits, 0, 0) < 0) { + if (errno != EINTR) + err(1, "select"); + goto rewrite; + } + if (!FD_ISSET(rem, &rembits)) + goto rewrite; +#ifndef NOENCRYPTION + if (doencrypt) + wc = des_enc_write(rem, bp, cc, schedule, &cred.session); + else +#endif + wc = write(rem, bp, cc); + if (wc < 0) { + if (errno == EWOULDBLOCK) + goto rewrite; + goto done; + } + bp += wc; + cc -= wc; + if (cc == 0) + goto reread; + goto rewrite; + done: + shutdown(rem, 1); + exit(0); + } + + if (sigprocmask(SIG_SETMASK, &omask, 0) != 0) + warn("sigprocmask"); + FD_ZERO(&readfrom); + FD_SET(rem, &readfrom); + FD_SET(rfd2, &readfrom); + do { + ready = readfrom; + if (select(16, &ready, 0, 0, 0) < 0) { + if (errno != EINTR) + err(1, "select"); + continue; + } + if (FD_ISSET(rfd2, &ready)) { + errno = 0; +#ifndef NOENCRYPTION + if (doencrypt) + cc = des_enc_read(rfd2, buf, sizeof buf, + schedule, &cred.session); + else +#endif + cc = read(rfd2, buf, sizeof buf); + if (cc <= 0) { + if (errno != EWOULDBLOCK) + FD_CLR(rfd2, &readfrom); + } else + write(2, buf, cc); + } + if (FD_ISSET(rem, &ready)) { + errno = 0; +#ifndef NOENCRYPTION + if (doencrypt) + cc = des_enc_read(rem, buf, sizeof buf, + schedule, &cred.session); + else +#endif + cc = read(rem, buf, sizeof buf); + if (cc <= 0) { + if (errno != EWOULDBLOCK) + FD_CLR(rem, &readfrom); + } else + write(1, buf, cc); + } + } while (FD_ISSET(rfd2, &readfrom) || FD_ISSET(rem, &readfrom)); +} + +int +main(int argc, char **argv) +{ + struct passwd *pw; + int sv_port; + sigset_t omask; + int argoff, ch, dflag, nflag, nfork, one, pid, rem, uid; + char *args, *host, *user, *local_user; + + argoff = dflag = nflag = nfork = 0; + one = 1; + host = user = NULL; + pid = 1; + + set_progname(argv[0]); + + /* handle "rsh host flags" */ + if (!host && argc > 2 && argv[1][0] != '-') { + host = argv[1]; + argoff = 1; + } + +#define OPTIONS "+8KLde:k:l:nwx" + while ((ch = getopt(argc - argoff, argv + argoff, OPTIONS)) != EOF) + switch(ch) { + case 'K': + use_kerberos = 0; + break; + case 'L': /* -8Lew are ignored to allow rlogin aliases */ + case 'e': + case 'w': + case '8': + break; + case 'd': + dflag = 1; + break; + case 'l': + user = optarg; + break; + case 'k': + dest_realm = dst_realm_buf; + strncpy(dest_realm, optarg, REALM_SZ); + break; + case 'n': + nflag = nfork = 1; + break; + case 'x': + doencrypt = 1; + break; + case '?': + default: + usage(); + } + optind += argoff; + + /* if haven't gotten a host yet, do so */ + if (!host && !(host = argv[optind++])) + usage(); + + /* if no further arguments, must have been called as rlogin. */ + if (!argv[optind]) { + *argv = "rlogin"; + setuid(getuid()); + execv(_PATH_RLOGIN, argv); + err(1, "can't exec %s", _PATH_RLOGIN); + } + + argc -= optind; + argv += optind; + +#ifndef __CYGWIN32__ + if (!(pw = k_getpwuid(uid = getuid()))) + errx(1, "unknown user id."); + local_user = pw->pw_name; + if (!user) + user = local_user; +#else + if (!user) + errx(1, "Sorry, you need to specify the username (with -l)"); + local_user = user; +#endif + + /* -n must still fork but does not turn of the -n functionality */ + if (doencrypt) + nfork = 0; + + args = copyargs(argv); + + sv_port=get_shell_port(use_kerberos, doencrypt); + +try_connect: + if (use_kerberos) { + rem = KSUCCESS; + errno = 0; + if (dest_realm == NULL) + dest_realm = krb_realmofhost(host); + + if (doencrypt) + rem = krcmd_mutual(&host, sv_port, user, args, + &rfd2, dest_realm, &cred, schedule); + else + rem = krcmd(&host, sv_port, user, args, &rfd2, + dest_realm); + if (rem < 0) { + if (errno == ECONNREFUSED) + warning("remote host doesn't support Kerberos"); + if (errno == ENOENT) + warning("can't provide Kerberos auth data"); + use_kerberos = 0; + sv_port=get_shell_port(use_kerberos, doencrypt); + goto try_connect; + } + } else { + if (doencrypt) + errx(1, "the -x flag requires Kerberos authentication."); + if (geteuid() != 0) + errx(1, "not installed setuid root, " + "only root may use non kerberized rsh"); + rem = rcmd(&host, sv_port, local_user, user, args, &rfd2); + } + + if (rem < 0) + exit(1); + + if (rfd2 < 0) + errx(1, "can't establish stderr."); +#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT) + if (dflag) { + if (setsockopt(rem, SOL_SOCKET, SO_DEBUG, (void *)&one, + sizeof(one)) < 0) + warn("setsockopt"); + if (setsockopt(rfd2, SOL_SOCKET, SO_DEBUG, (void *)&one, + sizeof(one)) < 0) + warn("setsockopt"); + } +#endif + + setuid(uid); + { + sigset_t sigmsk; + sigemptyset(&sigmsk); + sigaddset(&sigmsk, SIGINT); + sigaddset(&sigmsk, SIGQUIT); + sigaddset(&sigmsk, SIGTERM); + if (sigprocmask(SIG_BLOCK, &sigmsk, &omask) != 0) + warn("sigprocmask"); + } + if (signal(SIGINT, SIG_IGN) != SIG_IGN) + signal(SIGINT, sendsig); + if (signal(SIGQUIT, SIG_IGN) != SIG_IGN) + signal(SIGQUIT, sendsig); + if (signal(SIGTERM, SIG_IGN) != SIG_IGN) + signal(SIGTERM, sendsig); + + if (!nfork) { + pid = fork(); + if (pid < 0) + err(1, "fork"); + } + + if (!doencrypt) { + ioctl(rfd2, FIONBIO, &one); + ioctl(rem, FIONBIO, &one); + } + + talk(nflag, omask, pid, rem); + + if (!nflag) + kill(pid, SIGKILL); + exit(0); +} diff --git a/crypto/kerberosIV/appl/bsd/rshd.c b/crypto/kerberosIV/appl/bsd/rshd.c new file mode 100644 index 0000000..75ca1df --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/rshd.c @@ -0,0 +1,635 @@ +/*- + * Copyright (c) 1988, 1989, 1992, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * remote shell server: + * [port]\0 + * remuser\0 + * locuser\0 + * command\0 + * data + */ + +#include "bsd_locl.h" + +RCSID("$Id: rshd.c,v 1.51 1997/05/13 09:42:39 bg Exp $"); + +extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ +extern int __check_rhosts_file; + +static int keepalive = 1; +static int log_success; /* If TRUE, log all successful accesses */ +static int new_pag = 1; /* Put process in new PAG by default */ +static int no_inetd = 0; +static int sent_null; + +static void doit (struct sockaddr_in *); +static void error (const char *, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; +static void usage (void); + +#define VERSION_SIZE 9 +#define SECURE_MESSAGE "This rsh session is using DES encryption for all transmissions.\r\n" +#define OPTIONS "alnkvxLp:Pi" +AUTH_DAT authbuf; +KTEXT_ST tickbuf; +int doencrypt, use_kerberos, vacuous; +Key_schedule schedule; + +int +main(int argc, char *argv[]) +{ + struct linger linger; + int ch, on = 1, fromlen; + struct sockaddr_in from; + int portnum = 0; + + set_progname(argv[0]); + + openlog("rshd", LOG_PID | LOG_ODELAY, LOG_DAEMON); + + opterr = 0; + while ((ch = getopt(argc, argv, OPTIONS)) != EOF) + switch (ch) { + case 'a': + break; + case 'l': + __check_rhosts_file = 0; + break; + case 'n': + keepalive = 0; + break; + case 'k': + use_kerberos = 1; + break; + + case 'v': + vacuous = 1; + break; + + case 'x': + doencrypt = 1; + break; + case 'L': + log_success = 1; + break; + case 'p': + portnum = htons(atoi(optarg)); + break; + case 'P': + new_pag = 0; + break; + case 'i': + no_inetd = 1; + break; + case '?': + default: + usage(); + break; + } + + argc -= optind; + argv += optind; + + if (use_kerberos && vacuous) { + syslog(LOG_ERR, "only one of -k and -v allowed"); + exit(2); + } + if (doencrypt && !use_kerberos) { + syslog(LOG_ERR, "-k is required for -x"); + exit(2); + } + + if (no_inetd) { + if(portnum == 0) + portnum = get_shell_port (use_kerberos, doencrypt); + mini_inetd (portnum); + } + + fromlen = sizeof (from); + if (getpeername(0, (struct sockaddr *)&from, &fromlen) < 0) { + syslog(LOG_ERR, "getpeername: %m"); + _exit(1); + } +#ifdef HAVE_SETSOCKOPT +#ifdef SO_KEEPALIVE + if (keepalive && + setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, + sizeof(on)) < 0) + syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); +#endif +#ifdef SO_LINGER + linger.l_onoff = 1; + linger.l_linger = 60; /* XXX */ + if (setsockopt(0, SOL_SOCKET, SO_LINGER, (void *)&linger, + sizeof (linger)) < 0) + syslog(LOG_WARNING, "setsockopt (SO_LINGER): %m"); +#endif +#endif /* HAVE_SETSOCKOPT */ + doit(&from); + /* NOTREACHED */ + return 0; +} + +char username[20] = "USER="; +char homedir[64] = "HOME="; +char shell[64] = "SHELL="; +char path[100] = "PATH="; +char *envinit[] = +{homedir, shell, path, username, 0}; + +static void +xgetstr(char *buf, int cnt, char *err) +{ + char c; + + do { + if (read(STDIN_FILENO, &c, 1) != 1) + exit(1); + *buf++ = c; + if (--cnt == 0) { + error("%s too long\n", err); + exit(1); + } + } while (c != 0); +} + +static void +doit(struct sockaddr_in *fromp) +{ + struct passwd *pwd; + u_short port; + fd_set ready, readfrom; + int cc, nfd, pv[2], pid, s; + int one = 1; + const char *errorhost = ""; + char *errorstr; + char *cp, sig, buf[BUFSIZ]; + char cmdbuf[NCARGS+1], locuser[16], remuser[16]; + char remotehost[2 * MaxHostNameLen + 1]; + + AUTH_DAT *kdata; + KTEXT ticket; + char instance[INST_SZ], version[VERSION_SIZE]; + struct sockaddr_in fromaddr; + int rc; + long authopts; + int pv1[2], pv2[2]; + fd_set wready, writeto; + + fromaddr = *fromp; + + signal(SIGINT, SIG_DFL); + signal(SIGQUIT, SIG_DFL); + signal(SIGTERM, SIG_DFL); +#ifdef DEBUG + { int t = open(_PATH_TTY, 2); + if (t >= 0) { + ioctl(t, TIOCNOTTY, (char *)0); + close(t); + } + } +#endif + fromp->sin_port = ntohs((u_short)fromp->sin_port); + if (fromp->sin_family != AF_INET) { + syslog(LOG_ERR, "malformed \"from\" address (af %d)\n", + fromp->sin_family); + exit(1); + } + + + if (!use_kerberos) { + ip_options_and_die (0, fromp); + if (fromp->sin_port >= IPPORT_RESERVED || + fromp->sin_port < IPPORT_RESERVED/2) { + syslog(LOG_NOTICE|LOG_AUTH, + "Connection from %s on illegal port %u", + inet_ntoa(fromp->sin_addr), + fromp->sin_port); + exit(1); + } + } + + alarm(60); + port = 0; + for (;;) { + char c; + if ((cc = read(STDIN_FILENO, &c, 1)) != 1) { + if (cc < 0) + syslog(LOG_NOTICE, "read: %m"); + shutdown(0, 1+1); + exit(1); + } + if (c== 0) + break; + port = port * 10 + c - '0'; + } + + alarm(0); + if (port != 0) { + int lport = IPPORT_RESERVED - 1; + s = rresvport(&lport); + if (s < 0) { + syslog(LOG_ERR, "can't get stderr port: %m"); + exit(1); + } + if (!use_kerberos) + if (port >= IPPORT_RESERVED) { + syslog(LOG_ERR, "2nd port not reserved\n"); + exit(1); + } + fromp->sin_port = htons(port); + if (connect(s, (struct sockaddr *)fromp, sizeof (*fromp)) < 0) { + syslog(LOG_INFO, "connect second port %d: %m", port); + exit(1); + } + } + + if (vacuous) { + error("rshd: remote host requires Kerberos authentication\n"); + exit(1); + } + + errorstr = NULL; + inaddr2str (fromp->sin_addr, remotehost, sizeof(remotehost)); + + if (use_kerberos) { + kdata = &authbuf; + ticket = &tickbuf; + authopts = 0L; + k_getsockinst(0, instance, sizeof(instance)); + version[VERSION_SIZE - 1] = '\0'; + if (doencrypt) { + struct sockaddr_in local_addr; + rc = sizeof(local_addr); + if (getsockname(0, (struct sockaddr *)&local_addr, + &rc) < 0) { + syslog(LOG_ERR, "getsockname: %m"); + error("rlogind: getsockname: %m"); + exit(1); + } + authopts = KOPT_DO_MUTUAL; + rc = krb_recvauth(authopts, 0, ticket, + "rcmd", instance, &fromaddr, + &local_addr, kdata, "", schedule, + version); +#ifndef NOENCRYPTION + des_set_key(&kdata->session, schedule); +#else + memset(schedule, 0, sizeof(schedule)); +#endif + } else + rc = krb_recvauth(authopts, 0, ticket, "rcmd", + instance, &fromaddr, + (struct sockaddr_in *) 0, + kdata, "", 0, version); + if (rc != KSUCCESS) { + error("Kerberos authentication failure: %s\n", + krb_get_err_text(rc)); + exit(1); + } + } else + xgetstr(remuser, sizeof(remuser), "remuser"); + + xgetstr(locuser, sizeof(locuser), "locuser"); + xgetstr(cmdbuf, sizeof(cmdbuf), "command"); + setpwent(); + pwd = k_getpwnam(locuser); + if (pwd == NULL) { + syslog(LOG_INFO|LOG_AUTH, + "%s@%s as %s: unknown login. cmd='%.80s'", + remuser, remotehost, locuser, cmdbuf); + if (errorstr == NULL) + errorstr = "Login incorrect.\n"; + goto fail; + } + if (pwd->pw_uid == 0 && strcmp("root", locuser) != 0) + { + syslog(LOG_ALERT, "NIS attack, user %s has uid 0", locuser); + if (errorstr == NULL) + errorstr = "Login incorrect.\n"; + goto fail; + } + if (chdir(pwd->pw_dir) < 0) { + chdir("/"); +#ifdef notdef + syslog(LOG_INFO|LOG_AUTH, + "%s@%s as %s: no home directory. cmd='%.80s'", + remuser, remotehost, locuser, cmdbuf); + error("No remote directory.\n"); + exit(1); +#endif + } + + if (use_kerberos) { + if (pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0') { + if (kuserok(kdata, locuser) != 0) { + syslog(LOG_INFO|LOG_AUTH, + "Kerberos rsh denied to %s", + krb_unparse_name_long(kdata->pname, + kdata->pinst, + kdata->prealm)); + error("Permission denied.\n"); + exit(1); + } + } + } else + + if (errorstr || + pwd->pw_passwd != 0 && *pwd->pw_passwd != '\0' && + iruserok(fromp->sin_addr.s_addr, pwd->pw_uid == 0, + remuser, locuser) < 0) { + if (__rcmd_errstr) + syslog(LOG_INFO|LOG_AUTH, + "%s@%s as %s: permission denied (%s). cmd='%.80s'", + remuser, remotehost, locuser, + __rcmd_errstr, cmdbuf); + else + syslog(LOG_INFO|LOG_AUTH, + "%s@%s as %s: permission denied. cmd='%.80s'", + remuser, remotehost, locuser, cmdbuf); + fail: + if (errorstr == NULL) + errorstr = "Permission denied.\n"; + error(errorstr, errorhost); + exit(1); + } + + if (pwd->pw_uid && !access(_PATH_NOLOGIN, F_OK)) { + error("Logins currently disabled.\n"); + exit(1); + } + + write(STDERR_FILENO, "\0", 1); + sent_null = 1; + + if (port) { + if (pipe(pv) < 0) { + error("Can't make pipe.\n"); + exit(1); + } + if (doencrypt) { + if (pipe(pv1) < 0) { + error("Can't make 2nd pipe.\n"); + exit(1); + } + if (pipe(pv2) < 0) { + error("Can't make 3rd pipe.\n"); + exit(1); + } + } + pid = fork(); + if (pid == -1) { + error("Can't fork; try again.\n"); + exit(1); + } + if (pid) { + if (doencrypt) { + static char msg[] = SECURE_MESSAGE; + close(pv1[1]); + close(pv2[0]); +#ifndef NOENCRYPTION + des_enc_write(s, msg, sizeof(msg) - 1, schedule, &kdata->session); +#else + write(s, msg, sizeof(msg) - 1); +#endif + } else { + close(0); + close(1); + } + close(2); + close(pv[1]); + + FD_ZERO(&readfrom); + FD_SET(s, &readfrom); + FD_SET(pv[0], &readfrom); + if (pv[0] > s) + nfd = pv[0]; + else + nfd = s; + if (doencrypt) { + FD_ZERO(&writeto); + FD_SET(pv2[1], &writeto); + FD_SET(pv1[0], &readfrom); + FD_SET(STDIN_FILENO, &readfrom); + + nfd = max(nfd, pv2[1]); + nfd = max(nfd, pv1[0]); + } else + ioctl(pv[0], FIONBIO, (char *)&one); + + /* should set s nbio! */ + nfd++; + do { + ready = readfrom; + if (doencrypt) { + wready = writeto; + if (select(nfd, &ready, + &wready, 0, + (struct timeval *) 0) < 0) + break; + } else + if (select(nfd, &ready, 0, + 0, (struct timeval *)0) < 0) + break; + if (FD_ISSET(s, &ready)) { + int ret; + if (doencrypt) +#ifndef NOENCRYPTION + ret = des_enc_read(s, &sig, 1, schedule, &kdata->session); +#else + ret = read(s, &sig, 1); +#endif + else + ret = read(s, &sig, 1); + if (ret <= 0) + FD_CLR(s, &readfrom); + else + kill(-pid, sig); + } + if (FD_ISSET(pv[0], &ready)) { + errno = 0; + cc = read(pv[0], buf, sizeof(buf)); + if (cc <= 0) { + shutdown(s, 1+1); + FD_CLR(pv[0], &readfrom); + } else { + if (doencrypt) +#ifndef NOENCRYPTION + des_enc_write(s, buf, cc, schedule, &kdata->session); +#else + write(s, buf, cc); +#endif + else + (void) + write(s, buf, cc); + } + } + if (doencrypt && FD_ISSET(pv1[0], &ready)) { + errno = 0; + cc = read(pv1[0], buf, sizeof(buf)); + if (cc <= 0) { + shutdown(pv1[0], 1+1); + FD_CLR(pv1[0], &readfrom); + } else +#ifndef NOENCRYPTION + des_enc_write(STDOUT_FILENO, buf, cc, schedule, &kdata->session); +#else + write(STDOUT_FILENO, buf, cc); +#endif + } + + if (doencrypt + && FD_ISSET(STDIN_FILENO, &ready) + && FD_ISSET(pv2[1], &wready)) { + errno = 0; +#ifndef NOENCRYPTION + cc = des_enc_read(STDIN_FILENO, buf, sizeof(buf), schedule, &kdata->session); +#else + cc = read(STDIN_FILENO, buf, sizeof(buf)); +#endif + if (cc <= 0) { + shutdown(STDIN_FILENO, 0); + FD_CLR(STDIN_FILENO, &readfrom); + close(pv2[1]); + FD_CLR(pv2[1], &writeto); + } else + write(pv2[1], buf, cc); + } + + } while (FD_ISSET(s, &readfrom) || + (doencrypt && FD_ISSET(pv1[0], &readfrom)) || + FD_ISSET(pv[0], &readfrom)); + exit(0); + } + setsid(); + close(s); + close(pv[0]); + if (doencrypt) { + close(pv1[0]); + close(pv2[1]); + dup2(pv1[1], 1); + dup2(pv2[0], 0); + close(pv1[1]); + close(pv2[0]); + } + dup2(pv[1], 2); + close(pv[1]); + } + if (*pwd->pw_shell == '\0') + pwd->pw_shell = _PATH_BSHELL; +#ifdef HAVE_SETLOGIN + if (setlogin(pwd->pw_name) < 0) + syslog(LOG_ERR, "setlogin() failed: %m"); +#endif + +#ifdef HAVE_SETPCRED + if (setpcred (pwd->pw_name, NULL) == -1) + syslog(LOG_ERR, "setpcred() failure: %m"); +#endif /* HAVE_SETPCRED */ + setgid((gid_t)pwd->pw_gid); + initgroups(pwd->pw_name, pwd->pw_gid); + setuid((uid_t)pwd->pw_uid); + strncat(homedir, pwd->pw_dir, sizeof(homedir)-6); + + /* Need to extend path to find rcp */ + strncat(path, BINDIR, sizeof(path)-1); + strncat(path, ":", sizeof(path)-1); + strncat(path, _PATH_DEFPATH, sizeof(path)-1); + path[sizeof(path)-1] = '\0'; + + strncat(shell, pwd->pw_shell, sizeof(shell)-7); + strncat(username, pwd->pw_name, sizeof(username)-6); + cp = strrchr(pwd->pw_shell, '/'); + if (cp) + cp++; + else + cp = pwd->pw_shell; + endpwent(); + if (log_success || pwd->pw_uid == 0) { + if (use_kerberos) + syslog(LOG_INFO|LOG_AUTH, + "Kerberos shell from %s on %s as %s, cmd='%.80s'", + krb_unparse_name_long(kdata->pname, + kdata->pinst, + kdata->prealm), + remotehost, locuser, cmdbuf); + else + syslog(LOG_INFO|LOG_AUTH, "%s@%s as %s: cmd='%.80s'", + remuser, remotehost, locuser, cmdbuf); + } + if (k_hasafs()) { + if (new_pag) + k_setpag(); /* Put users process in an new pag */ + k_afsklog(0, 0); + } + execle(pwd->pw_shell, cp, "-c", cmdbuf, 0, envinit); + err(1, pwd->pw_shell); +} + +/* + * Report error to client. Note: can't be used until second socket has + * connected to client, or older clients will hang waiting for that + * connection first. + */ + +static void +error(const char *fmt, ...) +{ + va_list ap; + int len; + char *bp, buf[BUFSIZ]; + + va_start(ap, fmt); + bp = buf; + if (sent_null == 0) { + *bp++ = 1; + len = 1; + } else + len = 0; + len = vsnprintf (bp, sizeof(buf) - len, fmt, ap); + write (STDERR_FILENO, buf, len); + va_end(ap); +} + +static void +usage() +{ + + syslog(LOG_ERR, + "usage: rshd [-alnkvxLPi] [-p port]"); + exit(2); +} diff --git a/crypto/kerberosIV/appl/bsd/stty_default.c b/crypto/kerberosIV/appl/bsd/stty_default.c new file mode 100644 index 0000000..b7112c1 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/stty_default.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: stty_default.c,v 1.6 1997/04/01 08:17:17 joda Exp $"); + +#include <termios.h> + +/* HP-UX 9.0 termios doesn't define these */ +#ifndef FLUSHO +#define FLUSHO 0 +#endif + +#ifndef XTABS +#define XTABS 0 +#endif + +#ifndef OXTABS +#define OXTABS XTABS +#endif + +/* Ultrix... */ +#ifndef ECHOPRT +#define ECHOPRT 0 +#endif + +#ifndef ECHOCTL +#define ECHOCTL 0 +#endif + +#ifndef ECHOKE +#define ECHOKE 0 +#endif + +#ifndef IMAXBEL +#define IMAXBEL 0 +#endif + +#define Ctl(x) ((x) ^ 0100) + +void +stty_default(void) +{ + struct termios termios; + + /* + * Finalize the terminal settings. Some systems default to 8 bits, + * others to 7, so we should leave that alone. + */ + tcgetattr(0, &termios); + + termios.c_iflag |= (BRKINT|IGNPAR|ICRNL|IXON|IMAXBEL); + termios.c_iflag &= ~IXANY; + + termios.c_lflag |= (ISIG|IEXTEN|ICANON|ECHO|ECHOE|ECHOK|ECHOCTL|ECHOKE); + termios.c_lflag &= ~(ECHOPRT|TOSTOP|FLUSHO); + + termios.c_oflag |= (OPOST|ONLCR); + termios.c_oflag &= ~OXTABS; + + termios.c_cc[VINTR] = Ctl('C'); + termios.c_cc[VERASE] = Ctl('H'); + termios.c_cc[VKILL] = Ctl('U'); + termios.c_cc[VEOF] = Ctl('D'); + + termios.c_cc[VSUSP] = Ctl('Z'); + + tcsetattr(0, TCSANOW, &termios); +} diff --git a/crypto/kerberosIV/appl/bsd/su.c b/crypto/kerberosIV/appl/bsd/su.c new file mode 100644 index 0000000..8c610e1 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/su.c @@ -0,0 +1,452 @@ +/* + * Copyright (c) 1988 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID ("$Id: su.c,v 1.59 1997/05/26 17:45:54 bg Exp $"); + +#ifdef SYSV_SHADOW +#include "sysv_shadow.h" +#endif + +static int kerberos (char *username, char *user, int uid); +static int chshell (char *sh); +static char *ontty (void); +static int koktologin (char *name, char *realm, char *toname); +static int chshell (char *sh); + +/* Handle '-' option after all the getopt options */ +#define ARGSTR "Kflmi:" + +static int use_kerberos = 1; +static char *root_inst = "root"; + +int +main (int argc, char **argv) +{ + struct passwd *pwd; + char *p, **g; + struct group *gr; + uid_t ruid; + int asme, ch, asthem, fastlogin, prio; + enum { UNSET, YES, NO } iscsh = UNSET; + char *user, *shell, *avshell, *username, **np; + char shellbuf[MaxPathLen], avshellbuf[MaxPathLen]; + + set_progname (argv[0]); + + asme = asthem = fastlogin = 0; + while ((ch = getopt (argc, argv, ARGSTR)) != EOF) + switch ((char) ch) { + case 'K': + use_kerberos = 0; + break; + case 'f': + fastlogin = 1; + break; + case 'l': + asme = 0; + asthem = 1; + break; + case 'm': + asme = 1; + asthem = 0; + break; + case 'i': + root_inst = optarg; + break; + case '?': + default: + fprintf (stderr, + "usage: su [-Kflm] [-i root-instance] [-] [login]\n"); + exit (1); + } + /* Don't handle '-' option with getopt */ + if (optind < argc && strcmp (argv[optind], "-") == 0) { + asme = 0; + asthem = 1; + optind++; + } + argv += optind; + + if (use_kerberos) { + int fd = open (KEYFILE, O_RDONLY); + + if (fd >= 0) + close (fd); + else + use_kerberos = 0; + } + errno = 0; + prio = getpriority (PRIO_PROCESS, 0); + if (errno) + prio = 0; + setpriority (PRIO_PROCESS, 0, -2); + openlog ("su", LOG_CONS, 0); + + /* get current login name and shell */ + ruid = getuid (); + username = getlogin (); + if (username == NULL || (pwd = k_getpwnam (username)) == NULL || + pwd->pw_uid != ruid) + pwd = k_getpwuid (ruid); + if (pwd == NULL) + errx (1, "who are you?"); + username = strdup (pwd->pw_name); + if (asme) + if (pwd->pw_shell && *pwd->pw_shell) + shell = strcpy (shellbuf, pwd->pw_shell); + else { + shell = _PATH_BSHELL; + iscsh = NO; + } + + /* get target login information, default to root */ + user = *argv ? *argv : "root"; + np = *argv ? argv : argv - 1; + + pwd = k_getpwnam (user); + if (pwd == NULL) + errx (1, "unknown login %s", user); + if (pwd->pw_uid == 0 && strcmp ("root", user) != 0) { + syslog (LOG_ALERT, "NIS attack, user %s has uid 0", user); + errx (1, "unknown login %s", user); + } + if (!use_kerberos || kerberos (username, user, pwd->pw_uid)) { +#ifndef PASSWD_FALLBACK + errx (1, "won't use /etc/passwd authentication"); +#endif + /* getpwnam() is not reentrant and kerberos might use it! */ + pwd = k_getpwnam (user); + if (pwd == NULL) + errx (1, "unknown login %s", user); + /* only allow those in group zero to su to root. */ + if (pwd->pw_uid == 0 && (gr = getgrgid ((gid_t) 0))) + for (g = gr->gr_mem;; ++g) { + if (!*g) { +#if 1 + /* if group 0 is empty or only + contains root su is still ok. */ + if (gr->gr_mem[0] == 0) + break; /* group 0 is empty */ + if (gr->gr_mem[1] == 0 && + strcmp (gr->gr_mem[0], "root") == 0) + break; /* only root in group 0 */ +#endif + errx (1, "you are not in the correct group to su %s.", + user); + } + if (!strcmp (username, *g)) + break; + } + /* if target requires a password, verify it */ + if (ruid && *pwd->pw_passwd) { + char prompt[128]; + char passwd[256]; + + snprintf (prompt, sizeof(prompt), "%s's Password: ", pwd->pw_name); + if (des_read_pw_string (passwd, sizeof (passwd), + prompt, 0)) { + memset (passwd, 0, sizeof (passwd)); + exit (1); + } + if (strcmp (pwd->pw_passwd, + crypt (passwd, pwd->pw_passwd))) { + memset (passwd, 0, sizeof (passwd)); + syslog (LOG_AUTH | LOG_WARNING, + "BAD SU %s to %s%s", username, + user, ontty ()); + errx (1, "Sorry"); + } + memset (passwd, 0, sizeof (passwd)); + } + } + if (asme) { + /* if asme and non-standard target shell, must be root */ + if (!chshell (pwd->pw_shell) && ruid) + errx (1, "permission denied (shell '%s' not in /etc/shells).", + pwd->pw_shell); + } else if (pwd->pw_shell && *pwd->pw_shell) { + shell = pwd->pw_shell; + iscsh = UNSET; + } else { + shell = _PATH_BSHELL; + iscsh = NO; + } + + if ((p = strrchr (shell, '/')) != 0) + avshell = p + 1; + else + avshell = shell; + + /* if we're forking a csh, we want to slightly muck the args */ + if (iscsh == UNSET) + iscsh = strcmp (avshell, "csh") ? NO : YES; + + /* set permissions */ + + if (setgid (pwd->pw_gid) < 0) + err (1, "setgid"); + if (initgroups (user, pwd->pw_gid)) + errx (1, "initgroups failed."); + + if (setuid (pwd->pw_uid) < 0) + err (1, "setuid"); + + if (!asme) { + if (asthem) { + char *k = getenv ("KRBTKFILE"); + char *t = getenv ("TERM"); + + environ = malloc (10 * sizeof (char *)); + environ[0] = NULL; + setenv ("PATH", _PATH_DEFPATH, 1); + if (t) + setenv ("TERM", t, 1); + if (k) + setenv ("KRBTKFILE", k, 1); + if (chdir (pwd->pw_dir) < 0) + errx (1, "no directory"); + } + if (asthem || pwd->pw_uid) + setenv ("USER", pwd->pw_name, 1); + setenv ("HOME", pwd->pw_dir, 1); + setenv ("SHELL", shell, 1); + } + if (iscsh == YES) { + if (fastlogin) + *np-- = "-f"; + if (asme) + *np-- = "-m"; + } + if (asthem) { + avshellbuf[0] = '-'; + strcpy (avshellbuf + 1, avshell); + avshell = avshellbuf; + } else if (iscsh == YES) { + /* csh strips the first character... */ + avshellbuf[0] = '_'; + strcpy (avshellbuf + 1, avshell); + avshell = avshellbuf; + } + *np = avshell; + + if (ruid != 0) + syslog (LOG_NOTICE | LOG_AUTH, "%s to %s%s", + username, user, ontty ()); + + setpriority (PRIO_PROCESS, 0, prio); + + if (k_hasafs ()) { + int code; + + if (k_setpag () != 0) + warn ("setpag"); + code = k_afsklog (0, 0); + if (code != KSUCCESS && code != KDC_PR_UNKNOWN) + warnx ("afsklog: %s", krb_get_err_text (code)); + } + execv (shell, np); + warn ("execv(%s)", shell); + if (getuid () == 0) { + execv (_PATH_BSHELL, np); + warn ("execv(%s)", _PATH_BSHELL); + } + exit (1); +} + +static int +chshell (char *sh) +{ + char *cp; + + while ((cp = getusershell ()) != NULL) + if (!strcmp (cp, sh)) + return (1); + return (0); +} + +static char * +ontty (void) +{ + char *p; + static char buf[MaxPathLen + 4]; + + buf[0] = 0; + if ((p = ttyname (STDERR_FILENO)) != 0) + snprintf (buf, sizeof(buf), " on %s", p); + return (buf); +} + +static int +kerberos (char *username, char *user, int uid) +{ + KTEXT_ST ticket; + AUTH_DAT authdata; + struct hostent *hp; + int kerno; + u_long faddr; + char lrealm[REALM_SZ], krbtkfile[MaxPathLen]; + char hostname[MaxHostNameLen], savehost[MaxHostNameLen]; + + if (krb_get_lrealm (lrealm, 1) != KSUCCESS) + return (1); + if (koktologin (username, lrealm, user) && !uid) { +#ifndef PASSWD_FALLBACK + warnx ("not in %s's ACL.", user); +#endif + return (1); + } + snprintf (krbtkfile, sizeof(krbtkfile), + "%s_%s_to_%s_%u", TKT_ROOT, username, user, + (unsigned) getpid ()); + + setenv ("KRBTKFILE", krbtkfile, 1); + krb_set_tkt_string (krbtkfile); + /* + * Little trick here -- if we are su'ing to root, we need to get a ticket + * for "xxx.root", where xxx represents the name of the person su'ing. + * Otherwise (non-root case), we need to get a ticket for "yyy.", where + * yyy represents the name of the person being su'd to, and the instance + * is null + * + * We should have a way to set the ticket lifetime, with a system default + * for root. + */ + { + char prompt[128]; + char passw[256]; + + snprintf (prompt, sizeof(prompt), + "%s's Password: ", + krb_unparse_name_long ((uid == 0 ? username : user), + (uid == 0 ? root_inst : ""), + lrealm)); + if (des_read_pw_string (passw, sizeof (passw), prompt, 0)) { + memset (passw, 0, sizeof (passw)); + return (1); + } + if (strlen(passw) == 0) + return (1); /* Empty passwords is not allowed */ + kerno = krb_get_pw_in_tkt ((uid == 0 ? username : user), + (uid == 0 ? root_inst : ""), lrealm, + KRB_TICKET_GRANTING_TICKET, + lrealm, + DEFAULT_TKT_LIFE, + passw); + memset (passw, 0, strlen (passw)); + } + + if (kerno != KSUCCESS) { + if (kerno == KDC_PR_UNKNOWN) { + warnx ("principal unknown: %s", + krb_unparse_name_long ((uid == 0 ? username : user), + (uid == 0 ? root_inst : ""), + lrealm)); + return (1); + } + warnx ("unable to su: %s", krb_get_err_text (kerno)); + syslog (LOG_NOTICE | LOG_AUTH, + "BAD SU: %s to %s%s: %s", + username, user, ontty (), krb_get_err_text (kerno)); + return (1); + } + if (chown (krbtkfile, uid, -1) < 0) { + warn ("chown"); + unlink (krbtkfile); + return (1); + } + setpriority (PRIO_PROCESS, 0, -2); + + if (k_gethostname (hostname, sizeof (hostname)) == -1) { + warn ("gethostname"); + dest_tkt (); + return (1); + } + strncpy (savehost, krb_get_phost (hostname), sizeof (savehost)); + savehost[sizeof (savehost) - 1] = '\0'; + + kerno = krb_mk_req (&ticket, "rcmd", savehost, lrealm, 33); + + if (kerno == KDC_PR_UNKNOWN) { + warnx ("Warning: TGT not verified."); + syslog (LOG_NOTICE | LOG_AUTH, + "%s to %s%s, TGT not verified (%s); " + "%s.%s not registered?", + username, user, ontty (), krb_get_err_text (kerno), + "rcmd", savehost); +#ifdef KLOGIN_PARANOID + /* + * if the "VERIFY_SERVICE" doesn't exist in the KDC for this host, * + * don't allow kerberos login, also log the error condition. + */ + warnx ("Trying local password!"); + return (1); +#endif + } else if (kerno != KSUCCESS) { + warnx ("Unable to use TGT: %s", krb_get_err_text (kerno)); + syslog (LOG_NOTICE | LOG_AUTH, "failed su: %s to %s%s: %s", + username, user, ontty (), krb_get_err_text (kerno)); + dest_tkt (); + return (1); + } else { + if (!(hp = gethostbyname (hostname))) { + warnx ("can't get addr of %s", hostname); + dest_tkt (); + return (1); + } + memcpy (&faddr, hp->h_addr, sizeof (faddr)); + + if ((kerno = krb_rd_req (&ticket, "rcmd", savehost, faddr, + &authdata, "")) != KSUCCESS) { + warnx ("unable to verify rcmd ticket: %s", + krb_get_err_text (kerno)); + syslog (LOG_NOTICE | LOG_AUTH, + "failed su: %s to %s%s: %s", username, + user, ontty (), krb_get_err_text (kerno)); + dest_tkt (); + return (1); + } + } + fprintf (stderr, "Don't forget to kdestroy before exiting the shell.\n"); + return (0); +} + +static int +koktologin (char *name, char *realm, char *toname) +{ + return krb_kuserok (name, + strcmp (toname, "root") == 0 ? root_inst : "", + realm, + toname); +} diff --git a/crypto/kerberosIV/appl/bsd/sysv_default.c b/crypto/kerberosIV/appl/bsd/sysv_default.c new file mode 100644 index 0000000..cb36b84 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/sysv_default.c @@ -0,0 +1,95 @@ +/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */ + +#include "bsd_locl.h" + +RCSID("$Id: sysv_default.c,v 1.9 1997/03/31 01:47:59 assar Exp $"); + +#include "sysv_default.h" + + /* + * Default values for stuff that can be read from the defaults file. The + * SunOS 5.1 documentation is incomplete and often disagrees with reality. + */ + +static char default_umask_value[] = "022"; + +char *default_console = 0; +char *default_altsh = "YES"; +char *default_passreq = "NO"; +char *default_timezone= 0; +char *default_hz = 0; +char *default_path = _PATH_DEFPATH; +char *default_supath = _PATH_DEFSUPATH; +char *default_ulimit = 0; +char *default_timeout = "60"; +char *default_umask = default_umask_value; +char *default_sleep = "4"; +char *default_maxtrys = "5"; + +static struct sysv_default { + char **valptr; + char *prefix; + int prefix_len; +} defaults[] = { + {&default_console, "CONSOLE=", sizeof("CONSOLE=") -1}, + {&default_altsh, "ALTSHELL=", sizeof("ALTSHELL=") -1}, + {&default_passreq, "PASSREQ=", sizeof("PASSREQ=") -1}, + {&default_timezone, "TIMEZONE=", sizeof("TIMEZONE=") -1}, + {&default_hz, "HZ=", sizeof("HZ=") -1}, + {&default_path, "PATH=", sizeof("PATH=") -1}, + {&default_supath, "SUPATH=", sizeof("SUPATH=") -1}, + {&default_ulimit, "ULIMIT=", sizeof("ULIMIT=") -1}, + {&default_timeout, "TIMEOUT=", sizeof("TIMEOUT=") -1}, + {&default_umask, "UMASK=", sizeof("UMASK=") -1}, + {&default_sleep, "SLEEPTIME=", sizeof("SLEEPTIME=") -1}, + {&default_maxtrys, "MAXTRYS=", sizeof("MAXTRYS=") -1}, + {0}, +}; + +#define trim(s) { \ + char *cp = s + strlen(s); \ + while (cp > s && isspace(cp[-1])) \ + cp--; \ + *cp = 0; \ +} + +/* sysv_defaults - read login defaults file */ + +void +sysv_defaults() +{ + struct sysv_default *dp; + FILE *fp; + char buf[BUFSIZ]; + + if ((fp = fopen(_PATH_ETC_DEFAULT_LOGIN, "r"))) { + + /* Stupid quadratic algorithm. */ + + while (fgets(buf, sizeof(buf), fp)) { + + /* Skip comments and blank lines. */ + + if (buf[0] == '#') + continue; + trim(buf); + if (buf[0] == 0) + continue; + + /* Assign defaults from file. */ + +#define STREQN(x,y,l) (x[0] == y[0] && strncmp(x,y,l) == 0) + + for (dp = defaults; dp->valptr; dp++) { + if (STREQN(buf, dp->prefix, dp->prefix_len)) { + if ((*(dp->valptr) = strdup(buf + dp->prefix_len)) == 0) { + warnx("Insufficient memory resources - try later."); + sleepexit(1); + } + break; + } + } + } + fclose(fp); + } +} diff --git a/crypto/kerberosIV/appl/bsd/sysv_default.h b/crypto/kerberosIV/appl/bsd/sysv_default.h new file mode 100644 index 0000000..0056059 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/sysv_default.h @@ -0,0 +1,18 @@ +/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */ + +/* $Id: sysv_default.h,v 1.5 1996/10/27 23:51:14 assar Exp $ */ + +extern char *default_console; +extern char *default_altsh; +extern char *default_passreq; +extern char *default_timezone; +extern char *default_hz; +extern char *default_path; +extern char *default_supath; +extern char *default_ulimit; +extern char *default_timeout; +extern char *default_umask; +extern char *default_sleep; +extern char *default_maxtrys; + +void sysv_defaults(void); diff --git a/crypto/kerberosIV/appl/bsd/sysv_environ.c b/crypto/kerberosIV/appl/bsd/sysv_environ.c new file mode 100644 index 0000000..f5e782d --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/sysv_environ.c @@ -0,0 +1,192 @@ +/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */ + +#include "bsd_locl.h" + +RCSID("$Id: sysv_environ.c,v 1.21 1997/05/14 17:34:15 joda Exp $"); + +#ifdef HAVE_ULIMIT_H +#include <ulimit.h> +#endif + +#ifndef UL_SETFSIZE +#define UL_SETFSIZE 2 +#endif + +#include "sysv_default.h" + +/* + * Set + */ + +static void +read_etc_environment (void) +{ + FILE *f; + char buf[BUFSIZ]; + + f = fopen(_PATH_ETC_ENVIRONMENT, "r"); + if (f) { + char *val; + + while (fgets (buf, sizeof(buf), f) != NULL) { + if (buf[0] == '\n' || buf[0] == '#') + continue; + buf[strlen(buf) - 1] = '\0'; + val = strchr (buf, '='); + if (val == NULL) + continue; + *val = '\0'; + setenv(buf, val + 1, 1); + } + fclose (f); + } +} + + /* + * Environment variables that are preserved (but may still be overruled by + * other means). Only TERM and TZ appear to survive (SunOS 5.1). These are + * typically inherited from the ttymon process. + */ + +static struct preserved { + char *name; + char *value; +} preserved[] = { + {"TZ", 0}, + {"TERM", 0}, + {0}, +}; + + /* + * Environment variables that are not preserved and that cannot be specified + * via commandline or stdin. Except for the LD_xxx (runtime linker) stuff, + * the list applies to most SYSV systems. The manpage mentions only that + * SHELL and PATH are censored. HOME, LOGNAME and MAIL are always + * overwritten; they are in the list to make the censoring explicit. + */ + +static struct censored { + char *prefix; + int length; +} censored[] = { + {"SHELL=", sizeof("SHELL=") - 1}, + {"HOME=", sizeof("HOME=") - 1}, + {"LOGNAME=", sizeof("LOGNAME=") - 1}, + {"MAIL=", sizeof("MAIL=") - 1}, + {"CDPATH=", sizeof("CDPATH=") - 1}, + {"IFS=", sizeof("IFS=") - 1}, + {"PATH=", sizeof("PATH=") - 1}, + {"LD_", sizeof("LD_") - 1}, + {0}, +}; + +/* sysv_newenv - set up final environment after logging in */ + +void sysv_newenv(int argc, char **argv, struct passwd *pwd, + char *term, int pflag) +{ + unsigned umask_val; + long limit_val; + char buf[BUFSIZ]; + int count = 0; + struct censored *cp; + struct preserved *pp; + + /* Preserve a selection of the environment. */ + + for (pp = preserved; pp->name; pp++) + pp->value = getenv(pp->name); + + /* + * Note: it is a bad idea to assign a static array to the global environ + * variable. Reason is that putenv() can run into problems when it tries + * to realloc() the environment table. Instead, we just clear environ[0] + * and let putenv() work things out. + */ + + if (!pflag && environ) + environ[0] = 0; + + /* Restore preserved environment variables. */ + + for (pp = preserved; pp->name; pp++) + if (pp->value) + setenv(pp->name, pp->value, 1); + + /* The TERM definition from e.g. rlogind can override an existing one. */ + + if (term[0]) + setenv("TERM", term, 1); + + /* + * Environment definitions from the command line overrule existing ones, + * but can be overruled by definitions from stdin. Some variables are + * censored. + * + * Omission: we do not support environment definitions from stdin. + */ + +#define STREQN(x,y,l) (x[0] == y[0] && strncmp(x,y,l) == 0) + + while (argc && *argv) { + if (strchr(*argv, '=') == 0) { + snprintf(buf, sizeof(buf), "L%d", count++); + setenv(buf, *argv, 1); + } else { + for (cp = censored; cp->prefix; cp++) + if (STREQN(*argv, cp->prefix, cp->length)) + break; + if (cp->prefix == 0) + putenv(*argv); + } + argc--, argv++; + } + + /* PATH is always reset. */ + + setenv("PATH", pwd->pw_uid ? default_path : default_supath, 1); + + /* Undocumented: HOME, MAIL and LOGNAME are always reset (SunOS 5.1). */ + + setenv("HOME", pwd->pw_dir, 1); + { + char *sep = "/"; + if(KRB4_MAILDIR[strlen(KRB4_MAILDIR) - 1] == '/') + sep = ""; + k_concat(buf, sizeof(buf), KRB4_MAILDIR, sep, pwd->pw_name, NULL); + } + setenv("MAIL", buf, 1); + setenv("LOGNAME", pwd->pw_name, 1); + setenv("USER", pwd->pw_name, 1); + + /* + * Variables that may be set according to specifications in the defaults + * file. HZ and TZ are set only if they are still uninitialized. + * + * Extension: when ALTSHELL=YES, we set the SHELL variable even if it is + * /bin/sh. + */ + + if (strcasecmp(default_altsh, "YES") == 0) + setenv("SHELL", pwd->pw_shell, 1); + if (default_hz) + setenv("HZ", default_hz, 0); + if (default_timezone) + setenv("TZ", default_timezone, 0); + + /* Non-environment stuff. */ + + if (default_umask) { + if (sscanf(default_umask, "%o", &umask_val) == 1 && umask_val) + umask(umask_val); + } +#ifdef HAVE_ULIMIT + if (default_ulimit) { + if (sscanf(default_ulimit, "%ld", &limit_val) == 1 && limit_val) + if (ulimit(UL_SETFSIZE, limit_val) < 0) + warn ("ulimit(UL_SETFSIZE, %ld)", limit_val); + } +#endif + read_etc_environment(); +} + diff --git a/crypto/kerberosIV/appl/bsd/sysv_shadow.c b/crypto/kerberosIV/appl/bsd/sysv_shadow.c new file mode 100644 index 0000000..6839441 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/sysv_shadow.c @@ -0,0 +1,45 @@ +/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */ + +#include "bsd_locl.h" + +RCSID("$Id: sysv_shadow.c,v 1.7 1997/03/23 04:56:05 assar Exp $"); + +#ifdef SYSV_SHADOW + +#include <sysv_shadow.h> + +/* sysv_expire - check account and password expiration times */ + +int +sysv_expire(struct spwd *spwd) +{ + long today; + + tzset(); + today = time(0); + + if (spwd->sp_expire > 0) { + if (today > spwd->sp_expire) { + printf("Your account has expired.\n"); + sleepexit(1); + } else if (spwd->sp_expire - today < 14) { + printf("Your account will expire in %d days.\n", + (int)(spwd->sp_expire - today)); + return (0); + } + } + if (spwd->sp_max > 0) { + if (today > (spwd->sp_lstchg + spwd->sp_max)) { + printf("Your password has expired. Choose a new one.\n"); + return (1); + } else if (spwd->sp_warn > 0 + && (today > (spwd->sp_lstchg + spwd->sp_max - spwd->sp_warn))) { + printf("Your password will expire in %d days.\n", + (int)(spwd->sp_lstchg + spwd->sp_max - today)); + return (0); + } + } + return (0); +} + +#endif /* SYSV_SHADOW */ diff --git a/crypto/kerberosIV/appl/bsd/sysv_shadow.h b/crypto/kerberosIV/appl/bsd/sysv_shadow.h new file mode 100644 index 0000000..4f07b49 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/sysv_shadow.h @@ -0,0 +1,5 @@ +/* $Id: sysv_shadow.h,v 1.6 1997/03/23 04:55:51 assar Exp $ */ + +#include <shadow.h> + +extern sysv_expire(struct spwd *); diff --git a/crypto/kerberosIV/appl/bsd/tty.c b/crypto/kerberosIV/appl/bsd/tty.c new file mode 100644 index 0000000..3192426 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/tty.c @@ -0,0 +1,75 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: tty.c,v 1.2 1997/05/25 01:14:22 assar Exp $"); + +/* + * Clean the tty name. Return a pointer to the cleaned version. + */ + +char * +clean_ttyname (char *tty) +{ + char *res = tty; + + if (strncmp (res, _PATH_DEV, strlen(_PATH_DEV)) == 0) + res += strlen(_PATH_DEV); + if (strncmp (res, "pty/", 4) == 0) + res += 4; + if (strncmp (res, "ptym/", 5) == 0) + res += 5; + return res; +} + +/* + * Generate a name usable as an `ut_id', typically without `tty'. + */ + +char * +make_id (char *tty) +{ + char *res = tty; + + if (strncmp (res, "pts/", 4) == 0) + res += 4; + if (strncmp (res, "tty", 3) == 0) + res += 3; + return res; +} diff --git a/crypto/kerberosIV/appl/bsd/utmp_login.c b/crypto/kerberosIV/appl/bsd/utmp_login.c new file mode 100644 index 0000000..da3f96a --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/utmp_login.c @@ -0,0 +1,121 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "bsd_locl.h" + +RCSID("$Id: utmp_login.c,v 1.13 1997/05/20 13:46:21 assar Exp $"); + +void +prepare_utmp (struct utmp *utmp, char *tty, char *username, char *hostname) +{ + char *ttyx = clean_ttyname (tty); + + memset(utmp, 0, sizeof(*utmp)); + utmp->ut_time = time(NULL); + strncpy(utmp->ut_line, ttyx, sizeof(utmp->ut_line)); + strncpy(utmp->ut_name, username, sizeof(utmp->ut_name)); + +# ifdef HAVE_UT_USER + strncpy(utmp->ut_user, username, sizeof(utmp->ut_user)); +# endif + +# ifdef HAVE_UT_ADDR + if (hostname[0]) { + struct hostent *he; + if ((he = gethostbyname(hostname))) + memcpy(&utmp->ut_addr, he->h_addr_list[0], + sizeof(utmp->ut_addr)); + } +# endif + +# ifdef HAVE_UT_HOST + strncpy(utmp->ut_host, hostname, sizeof(utmp->ut_host)); +# endif + +# ifdef HAVE_UT_TYPE + utmp->ut_type = USER_PROCESS; +# endif + +# ifdef HAVE_UT_PID + utmp->ut_pid = getpid(); +# endif + +# ifdef HAVE_UT_ID + strncpy(utmp->ut_id, make_id(ttyx), sizeof(utmp->ut_id)); +# endif +} + +#ifdef HAVE_UTMPX_H +void utmp_login(char *tty, char *username, char *hostname) { return; } +#else + +/* update utmp and wtmp - the BSD way */ + +void utmp_login(char *tty, char *username, char *hostname) +{ + struct utmp utmp; + int fd; + + prepare_utmp (&utmp, tty, username, hostname); + +#ifdef HAVE_SETUTENT + utmpname(_PATH_UTMP); + setutent(); + pututline(&utmp); + endutent(); +#else + +#ifdef HAVE_TTYSLOT + { + int ttyno; + ttyno = ttyslot(); + if (ttyno > 0 && (fd = open(_PATH_UTMP, O_WRONLY, 0)) >= 0) { + lseek(fd, (long)(ttyno * sizeof(struct utmp)), SEEK_SET); + write(fd, &utmp, sizeof(struct utmp)); + close(fd); + } + } +#endif /* HAVE_TTYSLOT */ +#endif /* HAVE_SETUTENT */ + + if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) { + write(fd, &utmp, sizeof(struct utmp)); + close(fd); + } +} +#endif /* !HAVE_UTMPX_H */ diff --git a/crypto/kerberosIV/appl/bsd/utmpx_login.c b/crypto/kerberosIV/appl/bsd/utmpx_login.c new file mode 100644 index 0000000..005eca5 --- /dev/null +++ b/crypto/kerberosIV/appl/bsd/utmpx_login.c @@ -0,0 +1,88 @@ +/* Author: Wietse Venema <wietse@wzv.win.tue.nl> */ + +#include "bsd_locl.h" + +RCSID("$Id: utmpx_login.c,v 1.20 1997/06/01 03:13:15 assar Exp $"); + +/* utmpx_login - update utmp and wtmp after login */ + +#ifndef HAVE_UTMPX_H +int utmpx_login(char *line, char *user, char *host) { return 0; } +#else + +static void +utmpx_update(struct utmpx *ut, char *line, char *user, char *host) +{ + struct timeval tmp; + char *clean_tty = clean_ttyname(line); + + strncpy(ut->ut_line, clean_tty, sizeof(ut->ut_line)); +#ifdef HAVE_UT_ID + strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id)); +#endif + strncpy(ut->ut_user, user, sizeof(ut->ut_user)); + strncpy(ut->ut_host, host, sizeof(ut->ut_host)); +#ifdef HAVE_UT_SYSLEN + ut->ut_syslen = strlen(host) + 1; + if (ut->ut_syslen > sizeof(ut->ut_host)) + ut->ut_syslen = sizeof(ut->ut_host); +#endif + ut->ut_type = USER_PROCESS; + gettimeofday (&tmp, 0); + ut->ut_tv.tv_sec = tmp.tv_sec; + ut->ut_tv.tv_usec = tmp.tv_usec; + pututxline(ut); +#ifdef WTMPX_FILE + updwtmpx(WTMPX_FILE, ut); +#elif defined(WTMP_FILE) + { + struct utmp utmp; + int fd; + + prepare_utmp (&utmp, line, user, host); + if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) { + write(fd, &utmp, sizeof(struct utmp)); + close(fd); + } + } +#endif +} + +int +utmpx_login(char *line, char *user, char *host) +{ + struct utmpx *ut; + pid_t mypid = getpid(); + int ret = (-1); + + /* + * SYSV4 ttymon and login use tty port names with the "/dev/" prefix + * stripped off. Rlogind and telnetd, on the other hand, make utmpx + * entries with device names like /dev/pts/nnn. We therefore cannot use + * getutxline(). Return nonzero if no utmp entry was found with our own + * process ID for a login or user process. + */ + + while ((ut = getutxent())) { + /* Try to find a reusable entry */ + if (ut->ut_pid == mypid + && ( ut->ut_type == INIT_PROCESS + || ut->ut_type == LOGIN_PROCESS + || ut->ut_type == USER_PROCESS)) { + utmpx_update(ut, line, user, host); + ret = 0; + break; + } + } + if (ret == -1) { + /* Grow utmpx file by one record. */ + struct utmpx newut; + memset(&newut, 0, sizeof(newut)); + newut.ut_pid = mypid; + utmpx_update(&newut, line, user, host); + ret = 0; + } + endutxent(); + return (ret); +} +#endif /* HAVE_UTMPX_H */ diff --git a/crypto/kerberosIV/appl/ftp/Makefile.in b/crypto/kerberosIV/appl/ftp/Makefile.in new file mode 100644 index 0000000..6d0c420 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/Makefile.in @@ -0,0 +1,41 @@ +# $Id: Makefile.in,v 1.9 1997/03/23 13:03:54 assar Exp $ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ + +SHELL = /bin/sh + +@SET_MAKE@ + +CC = @CC@ +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ + +prefix = @prefix@ + +SUBDIRS=common ftp ftpd + +all: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) all); done + +install: all + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) install); done + +uninstall: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done + +clean cleandir: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) clean); done + +distclean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) distclean); done + rm -f Makefile *~ diff --git a/crypto/kerberosIV/appl/ftp/common/Makefile.in b/crypto/kerberosIV/appl/ftp/common/Makefile.in new file mode 100644 index 0000000..9ce1aa5 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/common/Makefile.in @@ -0,0 +1,52 @@ +# $Id: Makefile.in,v 1.17 1997/05/18 20:00:06 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ + +prefix = @prefix@ + +SOURCES = base64.c glob.c sockbuf.c buffer.c +OBJECTS = $(libcommon_OBJS) + +libcommon_OBJS = base64.o glob.o sockbuf.o buffer.o + +LIBNAME = $(LIBPREFIX)common +LIBEXT = a +LIBPREFIX = @LIBPREFIX@ +LIB = $(LIBNAME).$(LIBEXT) + +all: $(LIB) + +.c.o: + $(CC) -c $(CFLAGS) -I$(srcdir) -I../../../include $(DEFS) $< + +$(LIB): $(libcommon_OBJS) + rm -f $@ + ar cr $@ $(libcommon_OBJS) + -$(RANLIB) $@ + +install: + +uninstall: + +TAGS: $(SOURCES) + etags $(SOURCES) + +clean cleandir: + rm -f *~ *.o libcommon.a core \#* + +distclean: + rm -f Makefile + +$(OBJECTS): ../../../include/config.h diff --git a/crypto/kerberosIV/appl/ftp/common/base64.c b/crypto/kerberosIV/appl/ftp/common/base64.c new file mode 100644 index 0000000..648f32d --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/common/base64.c @@ -0,0 +1,149 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: base64.c,v 1.6 1997/05/30 17:24:06 assar Exp $"); +#endif +#include <stdlib.h> +#include <string.h> +#include "base64.h" + +static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +static int pos(char c) +{ + char *p; + for(p = base64; *p; p++) + if(*p == c) + return p - base64; + return -1; +} + +int base64_encode(const void *data, int size, char **str) +{ + char *s, *p; + int i; + int c; + unsigned char *q; + + p = s = (char*)malloc(size*4/3+4); + q = (unsigned char*)data; + i=0; + for(i = 0; i < size;){ + c=q[i++]; + c*=256; + if(i < size) + c+=q[i]; + i++; + c*=256; + if(i < size) + c+=q[i]; + i++; + p[0]=base64[(c&0x00fc0000) >> 18]; + p[1]=base64[(c&0x0003f000) >> 12]; + p[2]=base64[(c&0x00000fc0) >> 6]; + p[3]=base64[(c&0x0000003f) >> 0]; + if(i > size) + p[3]='='; + if(i > size+1) + p[2]='='; + p+=4; + } + *p=0; + *str = s; + return strlen(s); +} + +int base64_decode(const char *str, void *data) +{ + const char *p; + unsigned char *q; + int c; + int x; + int done = 0; + q=(unsigned char*)data; + for(p=str; *p && !done; p+=4){ + x = pos(p[0]); + if(x >= 0) + c = x; + else{ + done = 3; + break; + } + c*=64; + + x = pos(p[1]); + if(x >= 0) + c += x; + else + return -1; + c*=64; + + if(p[2] == '=') + done++; + else{ + x = pos(p[2]); + if(x >= 0) + c += x; + else + return -1; + } + c*=64; + + if(p[3] == '=') + done++; + else{ + if(done) + return -1; + x = pos(p[3]); + if(x >= 0) + c += x; + else + return -1; + } + if(done < 3) + *q++=(c&0x00ff0000)>>16; + + if(done < 2) + *q++=(c&0x0000ff00)>>8; + if(done < 1) + *q++=(c&0x000000ff)>>0; + } + return q - (unsigned char*)data; +} diff --git a/crypto/kerberosIV/appl/ftp/common/base64.h b/crypto/kerberosIV/appl/ftp/common/base64.h new file mode 100644 index 0000000..fe799a2 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/common/base64.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: base64.h,v 1.5 1997/04/01 08:17:19 joda Exp $ */ + +#ifndef _BASE64_H_ +#define _BASE64_H_ + +int base64_encode(const void *data, int size, char **str); +int base64_decode(const char *str, void *data); + +#endif diff --git a/crypto/kerberosIV/appl/ftp/common/buffer.c b/crypto/kerberosIV/appl/ftp/common/buffer.c new file mode 100644 index 0000000..5b7829a --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/common/buffer.c @@ -0,0 +1,73 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "common.h" +#include <stdio.h> +#include "roken.h" + +RCSID("$Id: buffer.c,v 1.1 1997/05/18 19:59:24 assar Exp $"); + +/* + * Allocate a buffer enough to handle st->st_blksize, if + * there is such a field, otherwise BUFSIZ. + */ + +void * +alloc_buffer (void *oldbuf, size_t *sz, struct stat *st) +{ + size_t new_sz; + + new_sz = BUFSIZ; +#ifdef HAVE_ST_BLKSIZE + if (st) + new_sz = max(BUFSIZ, st->st_blksize); +#endif + if(new_sz > *sz) { + if (oldbuf) + free (oldbuf); + oldbuf = malloc (new_sz); + if (oldbuf == NULL) { + warn ("malloc"); + *sz = 0; + return NULL; + } + *sz = new_sz; + } + return oldbuf; +} + diff --git a/crypto/kerberosIV/appl/ftp/common/common.h b/crypto/kerberosIV/appl/ftp/common/common.h new file mode 100644 index 0000000..4ec3149 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/common/common.h @@ -0,0 +1,62 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: common.h,v 1.9 1997/05/18 19:59:58 assar Exp $ */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#ifndef __COMMON_H__ +#define __COMMON_H__ + +#include "base64.h" + +void set_buffer_size(int, int); + +#include <stdlib.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + +void *alloc_buffer (void *oldbuf, size_t *sz, struct stat *st); + +#endif /* __COMMON_H__ */ diff --git a/crypto/kerberosIV/appl/ftp/common/glob.c b/crypto/kerberosIV/appl/ftp/common/glob.c new file mode 100644 index 0000000..8f19d7c --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/common/glob.c @@ -0,0 +1,835 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Guido van Rossum. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * glob(3) -- a superset of the one defined in POSIX 1003.2. + * + * The [!...] convention to negate a range is supported (SysV, Posix, ksh). + * + * Optional extra services, controlled by flags not defined by POSIX: + * + * GLOB_QUOTE: + * Escaping convention: \ inhibits any special meaning the following + * character might have (except \ at end of string is retained). + * GLOB_MAGCHAR: + * Set in gl_flags if pattern contained a globbing character. + * GLOB_NOMAGIC: + * Same as GLOB_NOCHECK, but it will only append pattern if it did + * not contain any magic characters. [Used in csh style globbing] + * GLOB_ALTDIRFUNC: + * Use alternately specified directory access functions. + * GLOB_TILDE: + * expand ~user/foo to the /home/dir/of/user/foo + * GLOB_BRACE: + * expand {1,2}{a,b} to 1a 1b 2a 2b + * gl_matchc: + * Number of matches in the current invocation of glob. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#ifdef HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + +#include <ctype.h> +#ifdef HAVE_DIRENT_H +#include <dirent.h> +#endif +#include <errno.h> +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +#include "glob.h" +#include "roken.h" + +#define CHAR_DOLLAR '$' +#define CHAR_DOT '.' +#define CHAR_EOS '\0' +#define CHAR_LBRACKET '[' +#define CHAR_NOT '!' +#define CHAR_QUESTION '?' +#define CHAR_QUOTE '\\' +#define CHAR_RANGE '-' +#define CHAR_RBRACKET ']' +#define CHAR_SEP '/' +#define CHAR_STAR '*' +#define CHAR_TILDE '~' +#define CHAR_UNDERSCORE '_' +#define CHAR_LBRACE '{' +#define CHAR_RBRACE '}' +#define CHAR_SLASH '/' +#define CHAR_COMMA ',' + +#ifndef DEBUG + +#define M_QUOTE 0x8000 +#define M_PROTECT 0x4000 +#define M_MASK 0xffff +#define M_ASCII 0x00ff + +typedef u_short Char; + +#else + +#define M_QUOTE 0x80 +#define M_PROTECT 0x40 +#define M_MASK 0xff +#define M_ASCII 0x7f + +typedef char Char; + +#endif + + +#define CHAR(c) ((Char)((c)&M_ASCII)) +#define META(c) ((Char)((c)|M_QUOTE)) +#define M_ALL META('*') +#define M_END META(']') +#define M_NOT META('!') +#define M_ONE META('?') +#define M_RNG META('-') +#define M_SET META('[') +#define ismeta(c) (((c)&M_QUOTE) != 0) + + +static int compare (const void *, const void *); +static void g_Ctoc (const Char *, char *); +static int g_lstat (Char *, struct stat *, glob_t *); +static DIR *g_opendir (Char *, glob_t *); +static Char *g_strchr (Char *, int); +#ifdef notdef +static Char *g_strcat (Char *, const Char *); +#endif +static int g_stat (Char *, struct stat *, glob_t *); +static int glob0 (const Char *, glob_t *); +static int glob1 (Char *, glob_t *); +static int glob2 (Char *, Char *, Char *, glob_t *); +static int glob3 (Char *, Char *, Char *, Char *, glob_t *); +static int globextend (const Char *, glob_t *); +static const Char * globtilde (const Char *, Char *, glob_t *); +static int globexp1 (const Char *, glob_t *); +static int globexp2 (const Char *, const Char *, glob_t *, int *); +static int match (Char *, Char *, Char *); +#ifdef DEBUG +static void qprintf (const char *, Char *); +#endif + +int +glob(const char *pattern, + int flags, + int (*errfunc)(const char *, int), + glob_t *pglob) +{ + const u_char *patnext; + int c; + Char *bufnext, *bufend, patbuf[MaxPathLen+1]; + + patnext = (u_char *) pattern; + if (!(flags & GLOB_APPEND)) { + pglob->gl_pathc = 0; + pglob->gl_pathv = NULL; + if (!(flags & GLOB_DOOFFS)) + pglob->gl_offs = 0; + } + pglob->gl_flags = flags & ~GLOB_MAGCHAR; + pglob->gl_errfunc = errfunc; + pglob->gl_matchc = 0; + + bufnext = patbuf; + bufend = bufnext + MaxPathLen; + if (flags & GLOB_QUOTE) { + /* Protect the quoted characters. */ + while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) + if (c == CHAR_QUOTE) { + if ((c = *patnext++) == CHAR_EOS) { + c = CHAR_QUOTE; + --patnext; + } + *bufnext++ = c | M_PROTECT; + } + else + *bufnext++ = c; + } + else + while (bufnext < bufend && (c = *patnext++) != CHAR_EOS) + *bufnext++ = c; + *bufnext = CHAR_EOS; + + if (flags & GLOB_BRACE) + return globexp1(patbuf, pglob); + else + return glob0(patbuf, pglob); +} + +/* + * Expand recursively a glob {} pattern. When there is no more expansion + * invoke the standard globbing routine to glob the rest of the magic + * characters + */ +static int globexp1(const Char *pattern, glob_t *pglob) +{ + const Char* ptr = pattern; + int rv; + + /* Protect a single {}, for find(1), like csh */ + if (pattern[0] == CHAR_LBRACE && pattern[1] == CHAR_RBRACE && pattern[2] == CHAR_EOS) + return glob0(pattern, pglob); + + while ((ptr = (const Char *) g_strchr((Char *) ptr, CHAR_LBRACE)) != NULL) + if (!globexp2(ptr, pattern, pglob, &rv)) + return rv; + + return glob0(pattern, pglob); +} + + +/* + * Recursive brace globbing helper. Tries to expand a single brace. + * If it succeeds then it invokes globexp1 with the new pattern. + * If it fails then it tries to glob the rest of the pattern and returns. + */ +static int globexp2(const Char *ptr, const Char *pattern, + glob_t *pglob, int *rv) +{ + int i; + Char *lm, *ls; + const Char *pe, *pm, *pl; + Char patbuf[MaxPathLen + 1]; + + /* copy part up to the brace */ + for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++) + continue; + ls = lm; + + /* Find the balanced brace */ + for (i = 0, pe = ++ptr; *pe; pe++) + if (*pe == CHAR_LBRACKET) { + /* Ignore everything between [] */ + for (pm = pe++; *pe != CHAR_RBRACKET && *pe != CHAR_EOS; pe++) + continue; + if (*pe == CHAR_EOS) { + /* + * We could not find a matching CHAR_RBRACKET. + * Ignore and just look for CHAR_RBRACE + */ + pe = pm; + } + } + else if (*pe == CHAR_LBRACE) + i++; + else if (*pe == CHAR_RBRACE) { + if (i == 0) + break; + i--; + } + + /* Non matching braces; just glob the pattern */ + if (i != 0 || *pe == CHAR_EOS) { + *rv = glob0(patbuf, pglob); + return 0; + } + + for (i = 0, pl = pm = ptr; pm <= pe; pm++) + switch (*pm) { + case CHAR_LBRACKET: + /* Ignore everything between [] */ + for (pl = pm++; *pm != CHAR_RBRACKET && *pm != CHAR_EOS; pm++) + continue; + if (*pm == CHAR_EOS) { + /* + * We could not find a matching CHAR_RBRACKET. + * Ignore and just look for CHAR_RBRACE + */ + pm = pl; + } + break; + + case CHAR_LBRACE: + i++; + break; + + case CHAR_RBRACE: + if (i) { + i--; + break; + } + /* FALLTHROUGH */ + case CHAR_COMMA: + if (i && *pm == CHAR_COMMA) + break; + else { + /* Append the current string */ + for (lm = ls; (pl < pm); *lm++ = *pl++) + continue; + /* + * Append the rest of the pattern after the + * closing brace + */ + for (pl = pe + 1; (*lm++ = *pl++) != CHAR_EOS;) + continue; + + /* Expand the current pattern */ +#ifdef DEBUG + qprintf("globexp2:", patbuf); +#endif + *rv = globexp1(patbuf, pglob); + + /* move after the comma, to the next string */ + pl = pm + 1; + } + break; + + default: + break; + } + *rv = 0; + return 0; +} + + + +/* + * expand tilde from the passwd file. + */ +static const Char * +globtilde(const Char *pattern, Char *patbuf, glob_t *pglob) +{ + struct passwd *pwd; + char *h; + const Char *p; + Char *b; + + if (*pattern != CHAR_TILDE || !(pglob->gl_flags & GLOB_TILDE)) + return pattern; + + /* Copy up to the end of the string or / */ + for (p = pattern + 1, h = (char *) patbuf; *p && *p != CHAR_SLASH; + *h++ = *p++) + continue; + + *h = CHAR_EOS; + + if (((char *) patbuf)[0] == CHAR_EOS) { + /* + * handle a plain ~ or ~/ by expanding $HOME + * first and then trying the password file + */ + if ((h = getenv("HOME")) == NULL) { + if ((pwd = k_getpwuid(getuid())) == NULL) + return pattern; + else + h = pwd->pw_dir; + } + } + else { + /* + * Expand a ~user + */ + if ((pwd = k_getpwnam((char*) patbuf)) == NULL) + return pattern; + else + h = pwd->pw_dir; + } + + /* Copy the home directory */ + for (b = patbuf; *h; *b++ = *h++) + continue; + + /* Append the rest of the pattern */ + while ((*b++ = *p++) != CHAR_EOS) + continue; + + return patbuf; +} + + +/* + * The main glob() routine: compiles the pattern (optionally processing + * quotes), calls glob1() to do the real pattern matching, and finally + * sorts the list (unless unsorted operation is requested). Returns 0 + * if things went well, nonzero if errors occurred. It is not an error + * to find no matches. + */ +static int +glob0(const Char *pattern, glob_t *pglob) +{ + const Char *qpatnext; + int c, err, oldpathc; + Char *bufnext, patbuf[MaxPathLen+1]; + + qpatnext = globtilde(pattern, patbuf, pglob); + oldpathc = pglob->gl_pathc; + bufnext = patbuf; + + /* We don't need to check for buffer overflow any more. */ + while ((c = *qpatnext++) != CHAR_EOS) { + switch (c) { + case CHAR_LBRACKET: + c = *qpatnext; + if (c == CHAR_NOT) + ++qpatnext; + if (*qpatnext == CHAR_EOS || + g_strchr((Char *) qpatnext+1, CHAR_RBRACKET) == NULL) { + *bufnext++ = CHAR_LBRACKET; + if (c == CHAR_NOT) + --qpatnext; + break; + } + *bufnext++ = M_SET; + if (c == CHAR_NOT) + *bufnext++ = M_NOT; + c = *qpatnext++; + do { + *bufnext++ = CHAR(c); + if (*qpatnext == CHAR_RANGE && + (c = qpatnext[1]) != CHAR_RBRACKET) { + *bufnext++ = M_RNG; + *bufnext++ = CHAR(c); + qpatnext += 2; + } + } while ((c = *qpatnext++) != CHAR_RBRACKET); + pglob->gl_flags |= GLOB_MAGCHAR; + *bufnext++ = M_END; + break; + case CHAR_QUESTION: + pglob->gl_flags |= GLOB_MAGCHAR; + *bufnext++ = M_ONE; + break; + case CHAR_STAR: + pglob->gl_flags |= GLOB_MAGCHAR; + /* collapse adjacent stars to one, + * to avoid exponential behavior + */ + if (bufnext == patbuf || bufnext[-1] != M_ALL) + *bufnext++ = M_ALL; + break; + default: + *bufnext++ = CHAR(c); + break; + } + } + *bufnext = CHAR_EOS; +#ifdef DEBUG + qprintf("glob0:", patbuf); +#endif + + if ((err = glob1(patbuf, pglob)) != 0) + return(err); + + /* + * If there was no match we are going to append the pattern + * if GLOB_NOCHECK was specified or if GLOB_NOMAGIC was specified + * and the pattern did not contain any magic characters + * GLOB_NOMAGIC is there just for compatibility with csh. + */ + if (pglob->gl_pathc == oldpathc && + ((pglob->gl_flags & GLOB_NOCHECK) || + ((pglob->gl_flags & GLOB_NOMAGIC) && + !(pglob->gl_flags & GLOB_MAGCHAR)))) + return(globextend(pattern, pglob)); + else if (!(pglob->gl_flags & GLOB_NOSORT)) + qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc, + pglob->gl_pathc - oldpathc, sizeof(char *), compare); + return(0); +} + +static int +compare(const void *p, const void *q) +{ + return(strcmp(*(char **)p, *(char **)q)); +} + +static int +glob1(Char *pattern, glob_t *pglob) +{ + Char pathbuf[MaxPathLen+1]; + + /* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */ + if (*pattern == CHAR_EOS) + return(0); + return(glob2(pathbuf, pathbuf, pattern, pglob)); +} + +/* + * The functions glob2 and glob3 are mutually recursive; there is one level + * of recursion for each segment in the pattern that contains one or more + * meta characters. + */ + +#ifndef S_ISLNK +#if defined(S_IFLNK) && defined(S_IFMT) +#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK) +#else +#define S_ISLNK(mode) 0 +#endif +#endif + +static int +glob2(Char *pathbuf, Char *pathend, Char *pattern, glob_t *pglob) +{ + struct stat sb; + Char *p, *q; + int anymeta; + + /* + * Loop over pattern segments until end of pattern or until + * segment with meta character found. + */ + for (anymeta = 0;;) { + if (*pattern == CHAR_EOS) { /* End of pattern? */ + *pathend = CHAR_EOS; + if (g_lstat(pathbuf, &sb, pglob)) + return(0); + + if (((pglob->gl_flags & GLOB_MARK) && + pathend[-1] != CHAR_SEP) && (S_ISDIR(sb.st_mode) + || (S_ISLNK(sb.st_mode) && + (g_stat(pathbuf, &sb, pglob) == 0) && + S_ISDIR(sb.st_mode)))) { + *pathend++ = CHAR_SEP; + *pathend = CHAR_EOS; + } + ++pglob->gl_matchc; + return(globextend(pathbuf, pglob)); + } + + /* Find end of next segment, copy tentatively to pathend. */ + q = pathend; + p = pattern; + while (*p != CHAR_EOS && *p != CHAR_SEP) { + if (ismeta(*p)) + anymeta = 1; + *q++ = *p++; + } + + if (!anymeta) { /* No expansion, do next segment. */ + pathend = q; + pattern = p; + while (*pattern == CHAR_SEP) + *pathend++ = *pattern++; + } else /* Need expansion, recurse. */ + return(glob3(pathbuf, pathend, pattern, p, pglob)); + } + /* CHAR_NOTREACHED */ +} + +static int +glob3(Char *pathbuf, Char *pathend, Char *pattern, Char *restpattern, + glob_t *pglob) +{ + struct dirent *dp; + DIR *dirp; + int err; + char buf[MaxPathLen]; + + /* + * The readdirfunc declaration can't be prototyped, because it is + * assigned, below, to two functions which are prototyped in glob.h + * and dirent.h as taking pointers to differently typed opaque + * structures. + */ + struct dirent *(*readdirfunc)(void *); + + *pathend = CHAR_EOS; + errno = 0; + + if ((dirp = g_opendir(pathbuf, pglob)) == NULL) { + /* TODO: don't call for ENOENT or ENOTDIR? */ + if (pglob->gl_errfunc) { + g_Ctoc(pathbuf, buf); + if (pglob->gl_errfunc(buf, errno) || + pglob->gl_flags & GLOB_ERR) + return (GLOB_ABEND); + } + return(0); + } + + err = 0; + + /* Search directory for matching names. */ + if (pglob->gl_flags & GLOB_ALTDIRFUNC) + readdirfunc = pglob->gl_readdir; + else + readdirfunc = (struct dirent *(*)(void *))readdir; + while ((dp = (*readdirfunc)(dirp))) { + u_char *sc; + Char *dc; + + /* Initial CHAR_DOT must be matched literally. */ + if (dp->d_name[0] == CHAR_DOT && *pattern != CHAR_DOT) + continue; + for (sc = (u_char *) dp->d_name, dc = pathend; + (*dc++ = *sc++) != CHAR_EOS;) + continue; + if (!match(pathend, pattern, restpattern)) { + *pathend = CHAR_EOS; + continue; + } + err = glob2(pathbuf, --dc, restpattern, pglob); + if (err) + break; + } + + if (pglob->gl_flags & GLOB_ALTDIRFUNC) + (*pglob->gl_closedir)(dirp); + else + closedir(dirp); + return(err); +} + + +/* + * Extend the gl_pathv member of a glob_t structure to accomodate a new item, + * add the new item, and update gl_pathc. + * + * This assumes the BSD realloc, which only copies the block when its size + * crosses a power-of-two boundary; for v7 realloc, this would cause quadratic + * behavior. + * + * Return 0 if new item added, error code if memory couldn't be allocated. + * + * Invariant of the glob_t structure: + * Either gl_pathc is zero and gl_pathv is NULL; or gl_pathc > 0 and + * gl_pathv points to (gl_offs + gl_pathc + 1) items. + */ +static int +globextend(const Char *path, glob_t *pglob) +{ + char **pathv; + int i; + u_int newsize; + char *copy; + const Char *p; + + newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs); + pathv = pglob->gl_pathv ? + realloc(pglob->gl_pathv, newsize) : + malloc(newsize); + if (pathv == NULL) + return(GLOB_NOSPACE); + + if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) { + /* first time around -- clear initial gl_offs items */ + pathv += pglob->gl_offs; + for (i = pglob->gl_offs; --i >= 0; ) + *--pathv = NULL; + } + pglob->gl_pathv = pathv; + + for (p = path; *p++;) + continue; + if ((copy = malloc(p - path)) != NULL) { + g_Ctoc(path, copy); + pathv[pglob->gl_offs + pglob->gl_pathc++] = copy; + } + pathv[pglob->gl_offs + pglob->gl_pathc] = NULL; + return(copy == NULL ? GLOB_NOSPACE : 0); +} + + +/* + * pattern matching function for filenames. Each occurrence of the * + * pattern causes a recursion level. + */ +static int +match(Char *name, Char *pat, Char *patend) +{ + int ok, negate_range; + Char c, k; + + while (pat < patend) { + c = *pat++; + switch (c & M_MASK) { + case M_ALL: + if (pat == patend) + return(1); + do + if (match(name, pat, patend)) + return(1); + while (*name++ != CHAR_EOS); + return(0); + case M_ONE: + if (*name++ == CHAR_EOS) + return(0); + break; + case M_SET: + ok = 0; + if ((k = *name++) == CHAR_EOS) + return(0); + if ((negate_range = ((*pat & M_MASK) == M_NOT)) != CHAR_EOS) + ++pat; + while (((c = *pat++) & M_MASK) != M_END) + if ((*pat & M_MASK) == M_RNG) { + if (c <= k && k <= pat[1]) + ok = 1; + pat += 2; + } else if (c == k) + ok = 1; + if (ok == negate_range) + return(0); + break; + default: + if (*name++ != c) + return(0); + break; + } + } + return(*name == CHAR_EOS); +} + +/* Free allocated data belonging to a glob_t structure. */ +void +globfree(glob_t *pglob) +{ + int i; + char **pp; + + if (pglob->gl_pathv != NULL) { + pp = pglob->gl_pathv + pglob->gl_offs; + for (i = pglob->gl_pathc; i--; ++pp) + if (*pp) + free(*pp); + free(pglob->gl_pathv); + } +} + +static DIR * +g_opendir(Char *str, glob_t *pglob) +{ + char buf[MaxPathLen]; + + if (!*str) + strcpy(buf, "."); + else + g_Ctoc(str, buf); + + if (pglob->gl_flags & GLOB_ALTDIRFUNC) + return((*pglob->gl_opendir)(buf)); + + return(opendir(buf)); +} + +static int +g_lstat(Char *fn, struct stat *sb, glob_t *pglob) +{ + char buf[MaxPathLen]; + + g_Ctoc(fn, buf); + if (pglob->gl_flags & GLOB_ALTDIRFUNC) + return((*pglob->gl_lstat)(buf, sb)); + return(lstat(buf, sb)); +} + +static int +g_stat(Char *fn, struct stat *sb, glob_t *pglob) +{ + char buf[MaxPathLen]; + + g_Ctoc(fn, buf); + if (pglob->gl_flags & GLOB_ALTDIRFUNC) + return((*pglob->gl_stat)(buf, sb)); + return(stat(buf, sb)); +} + +static Char * +g_strchr(Char *str, int ch) +{ + do { + if (*str == ch) + return (str); + } while (*str++); + return (NULL); +} + +#ifdef notdef +static Char * +g_strcat(Char *dst, const Char *src) +{ + Char *sdst = dst; + + while (*dst++) + continue; + --dst; + while((*dst++ = *src++) != CHAR_EOS) + continue; + + return (sdst); +} +#endif + +static void +g_Ctoc(const Char *str, char *buf) +{ + char *dc; + + for (dc = buf; (*dc++ = *str++) != CHAR_EOS;) + continue; +} + +#ifdef DEBUG +static void +qprintf(const Char *str, Char *s) +{ + Char *p; + + printf("%s:\n", str); + for (p = s; *p; p++) + printf("%c", CHAR(*p)); + printf("\n"); + for (p = s; *p; p++) + printf("%c", *p & M_PROTECT ? '"' : ' '); + printf("\n"); + for (p = s; *p; p++) + printf("%c", ismeta(*p) ? '_' : ' '); + printf("\n"); +} +#endif diff --git a/crypto/kerberosIV/appl/ftp/common/glob.h b/crypto/kerberosIV/appl/ftp/common/glob.h new file mode 100644 index 0000000..bece48a --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/common/glob.h @@ -0,0 +1,84 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * Guido van Rossum. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)glob.h 8.1 (Berkeley) 6/2/93 + */ + +#ifndef _GLOB_H_ +#define _GLOB_H_ + +struct stat; +typedef struct { + int gl_pathc; /* Count of total paths so far. */ + int gl_matchc; /* Count of paths matching pattern. */ + int gl_offs; /* Reserved at beginning of gl_pathv. */ + int gl_flags; /* Copy of flags parameter to glob. */ + char **gl_pathv; /* List of paths matching pattern. */ + /* Copy of errfunc parameter to glob. */ + int (*gl_errfunc) (const char *, int); + + /* + * Alternate filesystem access methods for glob; replacement + * versions of closedir(3), readdir(3), opendir(3), stat(2) + * and lstat(2). + */ + void (*gl_closedir) (void *); + struct dirent *(*gl_readdir) (void *); + void *(*gl_opendir) (const char *); + int (*gl_lstat) (const char *, struct stat *); + int (*gl_stat) (const char *, struct stat *); +} glob_t; + +#define GLOB_APPEND 0x0001 /* Append to output from previous call. */ +#define GLOB_DOOFFS 0x0002 /* Use gl_offs. */ +#define GLOB_ERR 0x0004 /* Return on error. */ +#define GLOB_MARK 0x0008 /* Append / to matching directories. */ +#define GLOB_NOCHECK 0x0010 /* Return pattern itself if nothing matches. */ +#define GLOB_NOSORT 0x0020 /* Don't sort. */ + +#define GLOB_ALTDIRFUNC 0x0040 /* Use alternately specified directory funcs. */ +#define GLOB_BRACE 0x0080 /* Expand braces ala csh. */ +#define GLOB_MAGCHAR 0x0100 /* Pattern had globbing characters. */ +#define GLOB_NOMAGIC 0x0200 /* GLOB_NOCHECK without magic chars (csh). */ +#define GLOB_QUOTE 0x0400 /* Quote special chars with \. */ +#define GLOB_TILDE 0x0800 /* Expand tilde names from the passwd file. */ + +#define GLOB_NOSPACE (-1) /* Malloc call failed. */ +#define GLOB_ABEND (-2) /* Unignored error. */ + +int glob (const char *, int, int (*)(const char *, int), glob_t *); +void globfree (glob_t *); + +#endif /* !_GLOB_H_ */ diff --git a/crypto/kerberosIV/appl/ftp/common/sockbuf.c b/crypto/kerberosIV/appl/ftp/common/sockbuf.c new file mode 100644 index 0000000..ab8c293 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/common/sockbuf.c @@ -0,0 +1,61 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "common.h" +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif + +RCSID("$Id: sockbuf.c,v 1.2 1997/05/11 10:01:48 assar Exp $"); + +void +set_buffer_size(int fd, int read) +{ +#if defined(SO_RCVBUF) && defined(SO_SNDBUF) && defined(HAVE_SETSOCKOPT) + size_t size = 4194304; + while(size >= 131072 && + setsockopt(fd, SOL_SOCKET, read ? SO_RCVBUF : SO_SNDBUF, + (void *)&size, sizeof(size)) < 0) + size /= 2; +#endif +} + + diff --git a/crypto/kerberosIV/appl/ftp/ftp/Makefile.in b/crypto/kerberosIV/appl/ftp/ftp/Makefile.in new file mode 100644 index 0000000..62bde3b --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/Makefile.in @@ -0,0 +1,76 @@ +# +# $Id: Makefile.in,v 1.24 1997/03/23 13:03:55 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ + +topdir = ../../.. + +CC = @CC@ +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +CPPFLAGS= @CPPFLAGS@ -I. -I$(srcdir) -I$(topdir) -I$(top_srcdir) -I$(topdir)/include -I$(top_srcdir)/include -I$(srcdir)/../common @INCLUDE_readline@ +LD_FLAGS = @LD_FLAGS@ +LIB_tgetent = @LIB_tgetent@ +LIBS = @LIBS@ @LIB_readline@ +MKINSTALLDIRS = $(top_srcdir)/mkinstalldirs + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +bindir = @bindir@ +libdir = @libdir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +INCTOP = $(topdir)/include + +LIBTOP = $(topdir)/lib + +PROGS = ftp$(EXECSUFFIX) + +ftp_OBJS = cmds.o cmdtab.o ftp.o krb4.o main.o ruserpass.o domacro.o \ + globals.o kauth.o + +ftp_SOURCES = cmds.c cmdtab.c ftp.c krb4.c main.c ruserpass.c \ + domacro.c globals.c kauth.c + +OBJECTS = $(ftp_OBJS) +SOURCES = $(ftp_SOURCES) + +all: $(PROGS) + +.c.o: + $(CC) -c $(CFLAGS) $(CPPFLAGS) $(DEFS) $< + +install: all + $(MKINSTALLDIRS) $(bindir) + for x in $(PROGS); do \ + $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROGS); do \ + rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + +ftp$(EXECSUFFIX): $(ftp_OBJS) # ../common/libcommon.a + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(ftp_OBJS) -L../common -lcommon -L$(LIBTOP)/krb -lkrb -L$(LIBTOP)/des -ldes -L$(LIBTOP)/roken -lroken $(LIBS) -L$(LIBTOP)/roken -lroken + +TAGS: $(SOURCES) + etags $(SOURCES) + +clean cleandir: + rm -f *~ *.o core ftp \#* + +distclean: + rm -f Makefile + +$(OBJECTS): ../../../include/config.h diff --git a/crypto/kerberosIV/appl/ftp/ftp/cmds.c b/crypto/kerberosIV/appl/ftp/ftp/cmds.c new file mode 100644 index 0000000..5e1980b --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/cmds.c @@ -0,0 +1,2073 @@ +/* + * Copyright (c) 1985, 1989, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * FTP User Program -- Command Routines. + */ + +#include "ftp_locl.h" +RCSID("$Id: cmds.c,v 1.23 1997/06/01 22:52:37 assar Exp $"); + +typedef void (*sighand)(int); + +jmp_buf jabort; +char *mname; +char *home = "/"; + +/* + * `Another' gets another argument, and stores the new argc and argv. + * It reverts to the top level (via main.c's intr()) on EOF/error. + * + * Returns false if no new arguments have been added. + */ +int +another(int *pargc, char ***pargv, char *prompt) +{ + int len = strlen(line), ret; + + if (len >= sizeof(line) - 3) { + printf("sorry, arguments too long\n"); + intr(0); + } + printf("(%s) ", prompt); + line[len++] = ' '; + if (fgets(&line[len], sizeof(line) - len, stdin) == NULL) + intr(0); + len += strlen(&line[len]); + if (len > 0 && line[len - 1] == '\n') + line[len - 1] = '\0'; + makeargv(); + ret = margc > *pargc; + *pargc = margc; + *pargv = margv; + return (ret); +} + +/* + * Connect to peer server and + * auto-login, if possible. + */ +void +setpeer(int argc, char **argv) +{ + char *host; + short port; + struct servent *sp; + + if (connected) { + printf("Already connected to %s, use close first.\n", + hostname); + code = -1; + return; + } + if (argc < 2) + another(&argc, &argv, "to"); + if (argc < 2 || argc > 3) { + printf("usage: %s host-name [port]\n", argv[0]); + code = -1; + return; + } + sp = getservbyname("ftp", "tcp"); + if (sp == NULL) + errx(1, "You bastard. You removed ftp/tcp from services"); + port = sp->s_port; + if (argc > 2) { + port = atoi(argv[2]); + if (port <= 0) { + printf("%s: bad port number-- %s\n", argv[1], argv[2]); + printf ("usage: %s host-name [port]\n", argv[0]); + code = -1; + return; + } + port = htons(port); + } + host = hookup(argv[1], port); + if (host) { + int overbose; + + connected = 1; + /* + * Set up defaults for FTP. + */ + strcpy(typename, "ascii"), type = TYPE_A; + curtype = TYPE_A; + strcpy(formname, "non-print"), form = FORM_N; + strcpy(modename, "stream"), mode = MODE_S; + strcpy(structname, "file"), stru = STRU_F; + strcpy(bytename, "8"), bytesize = 8; + if (autologin) + login(argv[1]); + +#if (defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY)) && NBBY == 8 +/* + * this ifdef is to keep someone form "porting" this to an incompatible + * system and not checking this out. This way they have to think about it. + */ + overbose = verbose; + if (debug == 0) + verbose = -1; + if (command("SYST") == COMPLETE && overbose) { + char *cp, c; + cp = strchr(reply_string+4, ' '); + if (cp == NULL) + cp = strchr(reply_string+4, '\r'); + if (cp) { + if (cp[-1] == '.') + cp--; + c = *cp; + *cp = '\0'; + } + + printf("Remote system type is %s.\n", + reply_string+4); + if (cp) + *cp = c; + } + if (!strncmp(reply_string, "215 UNIX Type: L8", 17)) { + if (proxy) + unix_proxy = 1; + else + unix_server = 1; + /* + * Set type to 0 (not specified by user), + * meaning binary by default, but don't bother + * telling server. We can use binary + * for text files unless changed by the user. + */ + type = 0; + strcpy(typename, "binary"); + if (overbose) + printf("Using %s mode to transfer files.\n", + typename); + } else { + if (proxy) + unix_proxy = 0; + else + unix_server = 0; + if (overbose && + !strncmp(reply_string, "215 TOPS20", 10)) + printf( +"Remember to set tenex mode when transfering binary files from this machine.\n"); + } + verbose = overbose; +#endif /* unix */ + } +} + +struct types { + char *t_name; + char *t_mode; + int t_type; + char *t_arg; +} types[] = { + { "ascii", "A", TYPE_A, 0 }, + { "binary", "I", TYPE_I, 0 }, + { "image", "I", TYPE_I, 0 }, + { "ebcdic", "E", TYPE_E, 0 }, + { "tenex", "L", TYPE_L, bytename }, + { NULL } +}; + +/* + * Set transfer type. + */ +void +settype(int argc, char **argv) +{ + struct types *p; + int comret; + + if (argc > 2) { + char *sep; + + printf("usage: %s [", argv[0]); + sep = " "; + for (p = types; p->t_name; p++) { + printf("%s%s", sep, p->t_name); + sep = " | "; + } + printf(" ]\n"); + code = -1; + return; + } + if (argc < 2) { + printf("Using %s mode to transfer files.\n", typename); + code = 0; + return; + } + for (p = types; p->t_name; p++) + if (strcmp(argv[1], p->t_name) == 0) + break; + if (p->t_name == 0) { + printf("%s: unknown mode\n", argv[1]); + code = -1; + return; + } + if ((p->t_arg != NULL) && (*(p->t_arg) != '\0')) + comret = command ("TYPE %s %s", p->t_mode, p->t_arg); + else + comret = command("TYPE %s", p->t_mode); + if (comret == COMPLETE) { + strcpy(typename, p->t_name); + curtype = type = p->t_type; + } +} + +/* + * Internal form of settype; changes current type in use with server + * without changing our notion of the type for data transfers. + * Used to change to and from ascii for listings. + */ +void +changetype(int newtype, int show) +{ + struct types *p; + int comret, oldverbose = verbose; + + if (newtype == 0) + newtype = TYPE_I; + if (newtype == curtype) + return; + if (debug == 0 && show == 0) + verbose = 0; + for (p = types; p->t_name; p++) + if (newtype == p->t_type) + break; + if (p->t_name == 0) { + printf("ftp: internal error: unknown type %d\n", newtype); + return; + } + if (newtype == TYPE_L && bytename[0] != '\0') + comret = command("TYPE %s %s", p->t_mode, bytename); + else + comret = command("TYPE %s", p->t_mode); + if (comret == COMPLETE) + curtype = newtype; + verbose = oldverbose; +} + +char *stype[] = { + "type", + "", + 0 +}; + +/* + * Set binary transfer type. + */ +/*VARARGS*/ +void +setbinary(int argc, char **argv) +{ + + stype[1] = "binary"; + settype(2, stype); +} + +/* + * Set ascii transfer type. + */ +/*VARARGS*/ +void +setascii(int argc, char **argv) +{ + + stype[1] = "ascii"; + settype(2, stype); +} + +/* + * Set tenex transfer type. + */ +/*VARARGS*/ +void +settenex(int argc, char **argv) +{ + + stype[1] = "tenex"; + settype(2, stype); +} + +/* + * Set file transfer mode. + */ +/*ARGSUSED*/ +void +setftmode(int argc, char **argv) +{ + + printf("We only support %s mode, sorry.\n", modename); + code = -1; +} + +/* + * Set file transfer format. + */ +/*ARGSUSED*/ +void +setform(int argc, char **argv) +{ + + printf("We only support %s format, sorry.\n", formname); + code = -1; +} + +/* + * Set file transfer structure. + */ +/*ARGSUSED*/ +void +setstruct(int argc, char **argv) +{ + + printf("We only support %s structure, sorry.\n", structname); + code = -1; +} + +/* + * Send a single file. + */ +void +put(int argc, char **argv) +{ + char *cmd; + int loc = 0; + char *oldargv1, *oldargv2; + + if (argc == 2) { + argc++; + argv[2] = argv[1]; + loc++; + } + if (argc < 2 && !another(&argc, &argv, "local-file")) + goto usage; + if (argc < 3 && !another(&argc, &argv, "remote-file")) { +usage: + printf("usage: %s local-file remote-file\n", argv[0]); + code = -1; + return; + } + oldargv1 = argv[1]; + oldargv2 = argv[2]; + if (!globulize(&argv[1])) { + code = -1; + return; + } + /* + * If "globulize" modifies argv[1], and argv[2] is a copy of + * the old argv[1], make it a copy of the new argv[1]. + */ + if (argv[1] != oldargv1 && argv[2] == oldargv1) { + argv[2] = argv[1]; + } + cmd = (argv[0][0] == 'a') ? "APPE" : ((sunique) ? "STOU" : "STOR"); + if (loc && ntflag) { + argv[2] = dotrans(argv[2]); + } + if (loc && mapflag) { + argv[2] = domap(argv[2]); + } + sendrequest(cmd, argv[1], argv[2], + argv[1] != oldargv1 || argv[2] != oldargv2); +} + +/* ARGSUSED */ +static RETSIGTYPE +mabort(int signo) +{ + int ointer; + + printf("\n"); + fflush(stdout); + if (mflag && fromatty) { + ointer = interactive; + interactive = 1; + if (confirm("Continue with", mname)) { + interactive = ointer; + longjmp(jabort,0); + } + interactive = ointer; + } + mflag = 0; + longjmp(jabort,0); +} + +/* + * Send multiple files. + */ +void +mput(int argc, char **argv) +{ + int i; + RETSIGTYPE (*oldintr)(); + int ointer; + char *tp; + + if (argc < 2 && !another(&argc, &argv, "local-files")) { + printf("usage: %s local-files\n", argv[0]); + code = -1; + return; + } + mname = argv[0]; + mflag = 1; + oldintr = signal(SIGINT, mabort); + setjmp(jabort); + if (proxy) { + char *cp, *tp2, tmpbuf[MaxPathLen]; + + while ((cp = remglob(argv,0)) != NULL) { + if (*cp == 0) { + mflag = 0; + continue; + } + if (mflag && confirm(argv[0], cp)) { + tp = cp; + if (mcase) { + while (*tp && !islower(*tp)) { + tp++; + } + if (!*tp) { + tp = cp; + tp2 = tmpbuf; + while ((*tp2 = *tp) != '\0') { + if (isupper(*tp2)) { + *tp2 = 'a' + *tp2 - 'A'; + } + tp++; + tp2++; + } + } + tp = tmpbuf; + } + if (ntflag) { + tp = dotrans(tp); + } + if (mapflag) { + tp = domap(tp); + } + sendrequest((sunique) ? "STOU" : "STOR", + cp, tp, cp != tp || !interactive); + if (!mflag && fromatty) { + ointer = interactive; + interactive = 1; + if (confirm("Continue with","mput")) { + mflag++; + } + interactive = ointer; + } + } + } + signal(SIGINT, oldintr); + mflag = 0; + return; + } + for (i = 1; i < argc; i++) { + char **cpp; + glob_t gl; + int flags; + + if (!doglob) { + if (mflag && confirm(argv[0], argv[i])) { + tp = (ntflag) ? dotrans(argv[i]) : argv[i]; + tp = (mapflag) ? domap(tp) : tp; + sendrequest((sunique) ? "STOU" : "STOR", + argv[i], tp, tp != argv[i] || !interactive); + if (!mflag && fromatty) { + ointer = interactive; + interactive = 1; + if (confirm("Continue with","mput")) { + mflag++; + } + interactive = ointer; + } + } + continue; + } + + memset(&gl, 0, sizeof(gl)); + flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; + if (glob(argv[i], flags, NULL, &gl) || gl.gl_pathc == 0) { + warnx("%s: not found", argv[i]); + globfree(&gl); + continue; + } + for (cpp = gl.gl_pathv; cpp && *cpp != NULL; cpp++) { + if (mflag && confirm(argv[0], *cpp)) { + tp = (ntflag) ? dotrans(*cpp) : *cpp; + tp = (mapflag) ? domap(tp) : tp; + sendrequest((sunique) ? "STOU" : "STOR", + *cpp, tp, *cpp != tp || !interactive); + if (!mflag && fromatty) { + ointer = interactive; + interactive = 1; + if (confirm("Continue with","mput")) { + mflag++; + } + interactive = ointer; + } + } + } + globfree(&gl); + } + signal(SIGINT, oldintr); + mflag = 0; +} + +void +reget(int argc, char **argv) +{ + + getit(argc, argv, 1, "r+w"); +} + +void +get(int argc, char **argv) +{ + + getit(argc, argv, 0, restart_point ? "r+w" : "w" ); +} + +/* + * Receive one file. + */ +int +getit(int argc, char **argv, int restartit, char *mode) +{ + int loc = 0; + char *oldargv1, *oldargv2; + + if (argc == 2) { + argc++; + argv[2] = argv[1]; + loc++; + } + if (argc < 2 && !another(&argc, &argv, "remote-file")) + goto usage; + if (argc < 3 && !another(&argc, &argv, "local-file")) { +usage: + printf("usage: %s remote-file [ local-file ]\n", argv[0]); + code = -1; + return (0); + } + oldargv1 = argv[1]; + oldargv2 = argv[2]; + if (!globulize(&argv[2])) { + code = -1; + return (0); + } + if (loc && mcase) { + char *tp = argv[1], *tp2, tmpbuf[MaxPathLen]; + + while (*tp && !islower(*tp)) { + tp++; + } + if (!*tp) { + tp = argv[2]; + tp2 = tmpbuf; + while ((*tp2 = *tp) != '\0') { + if (isupper(*tp2)) { + *tp2 = 'a' + *tp2 - 'A'; + } + tp++; + tp2++; + } + argv[2] = tmpbuf; + } + } + if (loc && ntflag) + argv[2] = dotrans(argv[2]); + if (loc && mapflag) + argv[2] = domap(argv[2]); + if (restartit) { + struct stat stbuf; + int ret; + + ret = stat(argv[2], &stbuf); + if (restartit == 1) { + if (ret < 0) { + warn("local: %s", argv[2]); + return (0); + } + restart_point = stbuf.st_size; + } else { + if (ret == 0) { + int overbose; + + overbose = verbose; + if (debug == 0) + verbose = -1; + if (command("MDTM %s", argv[1]) == COMPLETE) { + int yy, mo, day, hour, min, sec; + struct tm *tm; + verbose = overbose; + sscanf(reply_string, + "%*s %04d%02d%02d%02d%02d%02d", + &yy, &mo, &day, &hour, &min, &sec); + tm = gmtime(&stbuf.st_mtime); + tm->tm_mon++; + if (tm->tm_year > yy%100) + return (1); + if ((tm->tm_year == yy%100 && + tm->tm_mon > mo) || + (tm->tm_mon == mo && + tm->tm_mday > day) || + (tm->tm_mday == day && + tm->tm_hour > hour) || + (tm->tm_hour == hour && + tm->tm_min > min) || + (tm->tm_min == min && + tm->tm_sec > sec)) + return (1); + } else { + printf("%s\n", reply_string); + verbose = overbose; + return (0); + } + } + } + } + + recvrequest("RETR", argv[2], argv[1], mode, + argv[1] != oldargv1 || argv[2] != oldargv2); + restart_point = 0; + return (0); +} + +/* + * Get multiple files. + */ +void +mget(int argc, char **argv) +{ + sighand oldintr; + int ch, ointer; + char *cp, *tp, *tp2, tmpbuf[MaxPathLen]; + + if (argc < 2 && !another(&argc, &argv, "remote-files")) { + printf("usage: %s remote-files\n", argv[0]); + code = -1; + return; + } + mname = argv[0]; + mflag = 1; + oldintr = signal(SIGINT, mabort); + setjmp(jabort); + while ((cp = remglob(argv,proxy)) != NULL) { + if (*cp == '\0') { + mflag = 0; + continue; + } + if (mflag && confirm(argv[0], cp)) { + tp = cp; + if (mcase) { + for (tp2 = tmpbuf; (ch = *tp++);) + *tp2++ = isupper(ch) ? tolower(ch) : ch; + *tp2 = '\0'; + tp = tmpbuf; + } + if (ntflag) { + tp = dotrans(tp); + } + if (mapflag) { + tp = domap(tp); + } + recvrequest("RETR", tp, cp, "w", + tp != cp || !interactive); + if (!mflag && fromatty) { + ointer = interactive; + interactive = 1; + if (confirm("Continue with","mget")) { + mflag++; + } + interactive = ointer; + } + } + } + signal(SIGINT,oldintr); + mflag = 0; +} + +char * +remglob(char **argv, int doswitch) +{ + char temp[16]; + static char buf[MaxPathLen]; + static FILE *ftemp = NULL; + static char **args; + int oldverbose, oldhash; + char *cp, *mode; + + if (!mflag) { + if (!doglob) { + args = NULL; + } + else { + if (ftemp) { + fclose(ftemp); + ftemp = NULL; + } + } + return (NULL); + } + if (!doglob) { + if (args == NULL) + args = argv; + if ((cp = *++args) == NULL) + args = NULL; + return (cp); + } + if (ftemp == NULL) { + strcpy(temp, _PATH_TMP_XXX); + mktemp(temp); + oldverbose = verbose, verbose = 0; + oldhash = hash, hash = 0; + if (doswitch) { + pswitch(!proxy); + } + for (mode = "w"; *++argv != NULL; mode = "a") + recvrequest ("NLST", temp, *argv, mode, 0); + if (doswitch) { + pswitch(!proxy); + } + verbose = oldverbose; hash = oldhash; + ftemp = fopen(temp, "r"); + unlink(temp); + if (ftemp == NULL) { + printf("can't find list of remote files, oops\n"); + return (NULL); + } + } + if (fgets(buf, sizeof (buf), ftemp) == NULL) { + fclose(ftemp); + ftemp = NULL; + return (NULL); + } + if ((cp = strchr(buf, '\n')) != NULL) + *cp = '\0'; + return (buf); +} + +char * +onoff(int bool) +{ + + return (bool ? "on" : "off"); +} + +/* + * Show status. + */ +/*ARGSUSED*/ +void +status(int argc, char **argv) +{ + int i; + + if (connected) + printf("Connected to %s.\n", hostname); + else + printf("Not connected.\n"); + if (!proxy) { + pswitch(1); + if (connected) { + printf("Connected for proxy commands to %s.\n", hostname); + } + else { + printf("No proxy connection.\n"); + } + pswitch(0); + } + sec_status(); + printf("Mode: %s; Type: %s; Form: %s; Structure: %s\n", + modename, typename, formname, structname); + printf("Verbose: %s; Bell: %s; Prompting: %s; Globbing: %s\n", + onoff(verbose), onoff(bell), onoff(interactive), + onoff(doglob)); + printf("Store unique: %s; Receive unique: %s\n", onoff(sunique), + onoff(runique)); + printf("Case: %s; CR stripping: %s\n",onoff(mcase),onoff(crflag)); + if (ntflag) { + printf("Ntrans: (in) %s (out) %s\n", ntin,ntout); + } + else { + printf("Ntrans: off\n"); + } + if (mapflag) { + printf("Nmap: (in) %s (out) %s\n", mapin, mapout); + } + else { + printf("Nmap: off\n"); + } + printf("Hash mark printing: %s; Use of PORT cmds: %s\n", + onoff(hash), onoff(sendport)); + if (macnum > 0) { + printf("Macros:\n"); + for (i=0; i<macnum; i++) { + printf("\t%s\n",macros[i].mac_name); + } + } + code = 0; +} + +/* + * Set beep on cmd completed mode. + */ +/*VARARGS*/ +void +setbell(int argc, char **argv) +{ + + bell = !bell; + printf("Bell mode %s.\n", onoff(bell)); + code = bell; +} + +/* + * Turn on packet tracing. + */ +/*VARARGS*/ +void +settrace(int argc, char **argv) +{ + + trace = !trace; + printf("Packet tracing %s.\n", onoff(trace)); + code = trace; +} + +/* + * Toggle hash mark printing during transfers. + */ +/*VARARGS*/ +void +sethash(int argc, char **argv) +{ + + hash = !hash; + printf("Hash mark printing %s", onoff(hash)); + code = hash; + if (hash) + printf(" (%d bytes/hash mark)", 1024); + printf(".\n"); +} + +/* + * Turn on printing of server echo's. + */ +/*VARARGS*/ +void +setverbose(int argc, char **argv) +{ + + verbose = !verbose; + printf("Verbose mode %s.\n", onoff(verbose)); + code = verbose; +} + +/* + * Toggle PORT cmd use before each data connection. + */ +/*VARARGS*/ +void +setport(int argc, char **argv) +{ + + sendport = !sendport; + printf("Use of PORT cmds %s.\n", onoff(sendport)); + code = sendport; +} + +/* + * Turn on interactive prompting + * during mget, mput, and mdelete. + */ +/*VARARGS*/ +void +setprompt(int argc, char **argv) +{ + + interactive = !interactive; + printf("Interactive mode %s.\n", onoff(interactive)); + code = interactive; +} + +/* + * Toggle metacharacter interpretation + * on local file names. + */ +/*VARARGS*/ +void +setglob(int argc, char **argv) +{ + + doglob = !doglob; + printf("Globbing %s.\n", onoff(doglob)); + code = doglob; +} + +/* + * Set debugging mode on/off and/or + * set level of debugging. + */ +/*VARARGS*/ +void +setdebug(int argc, char **argv) +{ + int val; + + if (argc > 1) { + val = atoi(argv[1]); + if (val < 0) { + printf("%s: bad debugging value.\n", argv[1]); + code = -1; + return; + } + } else + val = !debug; + debug = val; + if (debug) + options |= SO_DEBUG; + else + options &= ~SO_DEBUG; + printf("Debugging %s (debug=%d).\n", onoff(debug), debug); + code = debug > 0; +} + +/* + * Set current working directory + * on remote machine. + */ +void +cd(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "remote-directory")) { + printf("usage: %s remote-directory\n", argv[0]); + code = -1; + return; + } + if (command("CWD %s", argv[1]) == ERROR && code == 500) { + if (verbose) + printf("CWD command not recognized, trying XCWD\n"); + command("XCWD %s", argv[1]); + } +} + +/* + * Set current working directory + * on local machine. + */ +void +lcd(int argc, char **argv) +{ + char buf[MaxPathLen]; + + if (argc < 2) + argc++, argv[1] = home; + if (argc != 2) { + printf("usage: %s local-directory\n", argv[0]); + code = -1; + return; + } + if (!globulize(&argv[1])) { + code = -1; + return; + } + if (chdir(argv[1]) < 0) { + warn("local: %s", argv[1]); + code = -1; + return; + } + if (getcwd(buf, sizeof(buf)) != NULL) + printf("Local directory now %s\n", buf); + else + warnx("getwd: %s", buf); + code = 0; +} + +/* + * Delete a single file. + */ +void +delete(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "remote-file")) { + printf("usage: %s remote-file\n", argv[0]); + code = -1; + return; + } + command("DELE %s", argv[1]); +} + +/* + * Delete multiple files. + */ +void +mdelete(int argc, char **argv) +{ + sighand oldintr; + int ointer; + char *cp; + + if (argc < 2 && !another(&argc, &argv, "remote-files")) { + printf("usage: %s remote-files\n", argv[0]); + code = -1; + return; + } + mname = argv[0]; + mflag = 1; + oldintr = signal(SIGINT, mabort); + setjmp(jabort); + while ((cp = remglob(argv,0)) != NULL) { + if (*cp == '\0') { + mflag = 0; + continue; + } + if (mflag && confirm(argv[0], cp)) { + command("DELE %s", cp); + if (!mflag && fromatty) { + ointer = interactive; + interactive = 1; + if (confirm("Continue with", "mdelete")) { + mflag++; + } + interactive = ointer; + } + } + } + signal(SIGINT, oldintr); + mflag = 0; +} + +/* + * Rename a remote file. + */ +void +renamefile(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "from-name")) + goto usage; + if (argc < 3 && !another(&argc, &argv, "to-name")) { +usage: + printf("%s from-name to-name\n", argv[0]); + code = -1; + return; + } + if (command("RNFR %s", argv[1]) == CONTINUE) + command("RNTO %s", argv[2]); +} + +/* + * Get a directory listing + * of remote files. + */ +void +ls(int argc, char **argv) +{ + char *cmd; + + if (argc < 2) + argc++, argv[1] = NULL; + if (argc < 3) + argc++, argv[2] = "-"; + if (argc > 3) { + printf("usage: %s remote-directory local-file\n", argv[0]); + code = -1; + return; + } + cmd = argv[0][0] == 'n' ? "NLST" : "LIST"; + if (strcmp(argv[2], "-") && !globulize(&argv[2])) { + code = -1; + return; + } + if (strcmp(argv[2], "-") && *argv[2] != '|') + if (!globulize(&argv[2]) || !confirm("output to local-file:", argv[2])) { + code = -1; + return; + } + recvrequest(cmd, argv[2], argv[1], "w", 0); +} + +/* + * Get a directory listing + * of multiple remote files. + */ +void +mls(int argc, char **argv) +{ + sighand oldintr; + int ointer, i; + char *cmd, mode[1], *dest; + + if (argc < 2 && !another(&argc, &argv, "remote-files")) + goto usage; + if (argc < 3 && !another(&argc, &argv, "local-file")) { +usage: + printf("usage: %s remote-files local-file\n", argv[0]); + code = -1; + return; + } + dest = argv[argc - 1]; + argv[argc - 1] = NULL; + if (strcmp(dest, "-") && *dest != '|') + if (!globulize(&dest) || + !confirm("output to local-file:", dest)) { + code = -1; + return; + } + cmd = argv[0][1] == 'l' ? "NLST" : "LIST"; + mname = argv[0]; + mflag = 1; + oldintr = signal(SIGINT, mabort); + setjmp(jabort); + for (i = 1; mflag && i < argc-1; ++i) { + *mode = (i == 1) ? 'w' : 'a'; + recvrequest(cmd, dest, argv[i], mode, 0); + if (!mflag && fromatty) { + ointer = interactive; + interactive = 1; + if (confirm("Continue with", argv[0])) { + mflag ++; + } + interactive = ointer; + } + } + signal(SIGINT, oldintr); + mflag = 0; +} + +/* + * Do a shell escape + */ +/*ARGSUSED*/ +void +shell(int argc, char **argv) +{ + pid_t pid; + RETSIGTYPE (*old1)(), (*old2)(); + char shellnam[40], *shell, *namep; + int status; + + old1 = signal (SIGINT, SIG_IGN); + old2 = signal (SIGQUIT, SIG_IGN); + if ((pid = fork()) == 0) { + for (pid = 3; pid < 20; pid++) + close(pid); + signal(SIGINT, SIG_DFL); + signal(SIGQUIT, SIG_DFL); + shell = getenv("SHELL"); + if (shell == NULL) + shell = _PATH_BSHELL; + namep = strrchr(shell,'/'); + if (namep == NULL) + namep = shell; + strcpy(shellnam,"-"); + strcat(shellnam, ++namep); + if (strcmp(namep, "sh") != 0) + shellnam[0] = '+'; + if (debug) { + printf ("%s\n", shell); + fflush (stdout); + } + if (argc > 1) { + execl(shell,shellnam,"-c",altarg,(char *)0); + } + else { + execl(shell,shellnam,(char *)0); + } + warn("%s", shell); + code = -1; + exit(1); + } + if (pid > 0) + while (waitpid(-1, &status, 0) != pid) + ; + signal(SIGINT, old1); + signal(SIGQUIT, old2); + if (pid == -1) { + warn("%s", "Try again later"); + code = -1; + } + else { + code = 0; + } +} + +/* + * Send new user information (re-login) + */ +void +user(int argc, char **argv) +{ + char acct[80]; + int n, aflag = 0; + char tmp[256]; + + if (argc < 2) + another(&argc, &argv, "username"); + if (argc < 2 || argc > 4) { + printf("usage: %s username [password] [account]\n", argv[0]); + code = -1; + return; + } + n = command("USER %s", argv[1]); + if (n == CONTINUE) { + if (argc < 3 ) { + des_read_pw_string (tmp, + sizeof(tmp), + "Password: ", 0); + argv[2] = tmp; + argc++; + } + n = command("PASS %s", argv[2]); + } + if (n == CONTINUE) { + if (argc < 4) { + printf("Account: "); fflush(stdout); + fgets(acct, sizeof(acct) - 1, stdin); + acct[strlen(acct) - 1] = '\0'; + argv[3] = acct; argc++; + } + n = command("ACCT %s", argv[3]); + aflag++; + } + if (n != COMPLETE) { + fprintf(stdout, "Login failed.\n"); + return; + } + if (!aflag && argc == 4) { + command("ACCT %s", argv[3]); + } +} + +/* + * Print working directory. + */ +/*VARARGS*/ +void +pwd(int argc, char **argv) +{ + int oldverbose = verbose; + + /* + * If we aren't verbose, this doesn't do anything! + */ + verbose = 1; + if (command("PWD") == ERROR && code == 500) { + printf("PWD command not recognized, trying XPWD\n"); + command("XPWD"); + } + verbose = oldverbose; +} + +/* + * Make a directory. + */ +void +makedir(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "directory-name")) { + printf("usage: %s directory-name\n", argv[0]); + code = -1; + return; + } + if (command("MKD %s", argv[1]) == ERROR && code == 500) { + if (verbose) + printf("MKD command not recognized, trying XMKD\n"); + command("XMKD %s", argv[1]); + } +} + +/* + * Remove a directory. + */ +void +removedir(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "directory-name")) { + printf("usage: %s directory-name\n", argv[0]); + code = -1; + return; + } + if (command("RMD %s", argv[1]) == ERROR && code == 500) { + if (verbose) + printf("RMD command not recognized, trying XRMD\n"); + command("XRMD %s", argv[1]); + } +} + +/* + * Send a line, verbatim, to the remote machine. + */ +void +quote(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "command line to send")) { + printf("usage: %s line-to-send\n", argv[0]); + code = -1; + return; + } + quote1("", argc, argv); +} + +/* + * Send a SITE command to the remote machine. The line + * is sent verbatim to the remote machine, except that the + * word "SITE" is added at the front. + */ +void +site(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "arguments to SITE command")) { + printf("usage: %s line-to-send\n", argv[0]); + code = -1; + return; + } + quote1("SITE ", argc, argv); +} + +/* + * Turn argv[1..argc) into a space-separated string, then prepend initial text. + * Send the result as a one-line command and get response. + */ +void +quote1(char *initial, int argc, char **argv) +{ + int i, len; + char buf[BUFSIZ]; /* must be >= sizeof(line) */ + + strcpy(buf, initial); + if (argc > 1) { + len = strlen(buf); + len += strlen(strcpy(&buf[len], argv[1])); + for (i = 2; i < argc; i++) { + buf[len++] = ' '; + len += strlen(strcpy(&buf[len], argv[i])); + } + } + if (command(buf) == PRELIM) { + while (getreply(0) == PRELIM) + continue; + } +} + +void +do_chmod(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "mode")) + goto usage; + if (argc < 3 && !another(&argc, &argv, "file-name")) { +usage: + printf("usage: %s mode file-name\n", argv[0]); + code = -1; + return; + } + command("SITE CHMOD %s %s", argv[1], argv[2]); +} + +void +do_umask(int argc, char **argv) +{ + int oldverbose = verbose; + + verbose = 1; + command(argc == 1 ? "SITE UMASK" : "SITE UMASK %s", argv[1]); + verbose = oldverbose; +} + +void +ftp_idle(int argc, char **argv) +{ + int oldverbose = verbose; + + verbose = 1; + command(argc == 1 ? "SITE IDLE" : "SITE IDLE %s", argv[1]); + verbose = oldverbose; +} + +/* + * Ask the other side for help. + */ +void +rmthelp(int argc, char **argv) +{ + int oldverbose = verbose; + + verbose = 1; + command(argc == 1 ? "HELP" : "HELP %s", argv[1]); + verbose = oldverbose; +} + +/* + * Terminate session and exit. + */ +/*VARARGS*/ +void +quit(int argc, char **argv) +{ + + if (connected) + disconnect(0, 0); + pswitch(1); + if (connected) { + disconnect(0, 0); + } + exit(0); +} + +/* + * Terminate session, but don't exit. + */ +void +disconnect(int argc, char **argv) +{ + + if (!connected) + return; + command("QUIT"); + if (cout) { + fclose(cout); + } + cout = NULL; + connected = 0; + krb4_quit(); + data = -1; + if (!proxy) { + macnum = 0; + } +} + +int +confirm(char *cmd, char *file) +{ + char line[BUFSIZ]; + + if (!interactive) + return (1); + printf("%s %s? ", cmd, file); + fflush(stdout); + if (fgets(line, sizeof line, stdin) == NULL) + return (0); + return (*line != 'n' && *line != 'N'); +} + +void +fatal(char *msg) +{ + + errx(1, "%s", msg); +} + +/* + * Glob a local file name specification with + * the expectation of a single return value. + * Can't control multiple values being expanded + * from the expression, we return only the first. + */ +int +globulize(char **cpp) +{ + glob_t gl; + int flags; + + if (!doglob) + return (1); + + flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; + memset(&gl, 0, sizeof(gl)); + if (glob(*cpp, flags, NULL, &gl) || + gl.gl_pathc == 0) { + warnx("%s: not found", *cpp); + globfree(&gl); + return (0); + } + *cpp = strdup(gl.gl_pathv[0]); /* XXX - wasted memory */ + globfree(&gl); + return (1); +} + +void +account(int argc, char **argv) +{ + char acct[50]; + + if (argc > 1) { + ++argv; + --argc; + strncpy(acct,*argv,49); + acct[49] = '\0'; + while (argc > 1) { + --argc; + ++argv; + strncat(acct,*argv, 49-strlen(acct)); + } + } + else { + des_read_pw_string(acct, sizeof(acct), "Account:", 0); + } + command("ACCT %s", acct); +} + +jmp_buf abortprox; + +static RETSIGTYPE +proxabort(int sig) +{ + + if (!proxy) { + pswitch(1); + } + if (connected) { + proxflag = 1; + } + else { + proxflag = 0; + } + pswitch(0); + longjmp(abortprox,1); +} + +void +doproxy(int argc, char **argv) +{ + struct cmd *c; + RETSIGTYPE (*oldintr)(); + + if (argc < 2 && !another(&argc, &argv, "command")) { + printf("usage: %s command\n", argv[0]); + code = -1; + return; + } + c = getcmd(argv[1]); + if (c == (struct cmd *) -1) { + printf("?Ambiguous command\n"); + fflush(stdout); + code = -1; + return; + } + if (c == 0) { + printf("?Invalid command\n"); + fflush(stdout); + code = -1; + return; + } + if (!c->c_proxy) { + printf("?Invalid proxy command\n"); + fflush(stdout); + code = -1; + return; + } + if (setjmp(abortprox)) { + code = -1; + return; + } + oldintr = signal(SIGINT, proxabort); + pswitch(1); + if (c->c_conn && !connected) { + printf("Not connected\n"); + fflush(stdout); + pswitch(0); + signal(SIGINT, oldintr); + code = -1; + return; + } + (*c->c_handler)(argc-1, argv+1); + if (connected) { + proxflag = 1; + } + else { + proxflag = 0; + } + pswitch(0); + signal(SIGINT, oldintr); +} + +void +setcase(int argc, char **argv) +{ + + mcase = !mcase; + printf("Case mapping %s.\n", onoff(mcase)); + code = mcase; +} + +void +setcr(int argc, char **argv) +{ + + crflag = !crflag; + printf("Carriage Return stripping %s.\n", onoff(crflag)); + code = crflag; +} + +void +setntrans(int argc, char **argv) +{ + if (argc == 1) { + ntflag = 0; + printf("Ntrans off.\n"); + code = ntflag; + return; + } + ntflag++; + code = ntflag; + strncpy(ntin, argv[1], 16); + ntin[16] = '\0'; + if (argc == 2) { + ntout[0] = '\0'; + return; + } + strncpy(ntout, argv[2], 16); + ntout[16] = '\0'; +} + +char * +dotrans(char *name) +{ + static char new[MaxPathLen]; + char *cp1, *cp2 = new; + int i, ostop, found; + + for (ostop = 0; *(ntout + ostop) && ostop < 16; ostop++) + continue; + for (cp1 = name; *cp1; cp1++) { + found = 0; + for (i = 0; *(ntin + i) && i < 16; i++) { + if (*cp1 == *(ntin + i)) { + found++; + if (i < ostop) { + *cp2++ = *(ntout + i); + } + break; + } + } + if (!found) { + *cp2++ = *cp1; + } + } + *cp2 = '\0'; + return (new); +} + +void +setnmap(int argc, char **argv) +{ + char *cp; + + if (argc == 1) { + mapflag = 0; + printf("Nmap off.\n"); + code = mapflag; + return; + } + if (argc < 3 && !another(&argc, &argv, "mapout")) { + printf("Usage: %s [mapin mapout]\n",argv[0]); + code = -1; + return; + } + mapflag = 1; + code = 1; + cp = strchr(altarg, ' '); + if (proxy) { + while(*++cp == ' ') + continue; + altarg = cp; + cp = strchr(altarg, ' '); + } + *cp = '\0'; + strncpy(mapin, altarg, MaxPathLen - 1); + while (*++cp == ' ') + continue; + strncpy(mapout, cp, MaxPathLen - 1); +} + +char * +domap(char *name) +{ + static char new[MaxPathLen]; + char *cp1 = name, *cp2 = mapin; + char *tp[9], *te[9]; + int i, toks[9], toknum = 0, match = 1; + + for (i=0; i < 9; ++i) { + toks[i] = 0; + } + while (match && *cp1 && *cp2) { + switch (*cp2) { + case '\\': + if (*++cp2 != *cp1) { + match = 0; + } + break; + case '$': + if (*(cp2+1) >= '1' && (*cp2+1) <= '9') { + if (*cp1 != *(++cp2+1)) { + toks[toknum = *cp2 - '1']++; + tp[toknum] = cp1; + while (*++cp1 && *(cp2+1) + != *cp1); + te[toknum] = cp1; + } + cp2++; + break; + } + /* FALLTHROUGH */ + default: + if (*cp2 != *cp1) { + match = 0; + } + break; + } + if (match && *cp1) { + cp1++; + } + if (match && *cp2) { + cp2++; + } + } + if (!match && *cp1) /* last token mismatch */ + { + toks[toknum] = 0; + } + cp1 = new; + *cp1 = '\0'; + cp2 = mapout; + while (*cp2) { + match = 0; + switch (*cp2) { + case '\\': + if (*(cp2 + 1)) { + *cp1++ = *++cp2; + } + break; + case '[': +LOOP: + if (*++cp2 == '$' && isdigit(*(cp2+1))) { + if (*++cp2 == '0') { + char *cp3 = name; + + while (*cp3) { + *cp1++ = *cp3++; + } + match = 1; + } + else if (toks[toknum = *cp2 - '1']) { + char *cp3 = tp[toknum]; + + while (cp3 != te[toknum]) { + *cp1++ = *cp3++; + } + match = 1; + } + } + else { + while (*cp2 && *cp2 != ',' && + *cp2 != ']') { + if (*cp2 == '\\') { + cp2++; + } + else if (*cp2 == '$' && + isdigit(*(cp2+1))) { + if (*++cp2 == '0') { + char *cp3 = name; + + while (*cp3) { + *cp1++ = *cp3++; + } + } + else if (toks[toknum = + *cp2 - '1']) { + char *cp3=tp[toknum]; + + while (cp3 != + te[toknum]) { + *cp1++ = *cp3++; + } + } + } + else if (*cp2) { + *cp1++ = *cp2++; + } + } + if (!*cp2) { + printf("nmap: unbalanced brackets\n"); + return (name); + } + match = 1; + cp2--; + } + if (match) { + while (*++cp2 && *cp2 != ']') { + if (*cp2 == '\\' && *(cp2 + 1)) { + cp2++; + } + } + if (!*cp2) { + printf("nmap: unbalanced brackets\n"); + return (name); + } + break; + } + switch (*++cp2) { + case ',': + goto LOOP; + case ']': + break; + default: + cp2--; + goto LOOP; + } + break; + case '$': + if (isdigit(*(cp2 + 1))) { + if (*++cp2 == '0') { + char *cp3 = name; + + while (*cp3) { + *cp1++ = *cp3++; + } + } + else if (toks[toknum = *cp2 - '1']) { + char *cp3 = tp[toknum]; + + while (cp3 != te[toknum]) { + *cp1++ = *cp3++; + } + } + break; + } + /* intentional drop through */ + default: + *cp1++ = *cp2; + break; + } + cp2++; + } + *cp1 = '\0'; + if (!*new) { + return (name); + } + return (new); +} + +void +setpassive(int argc, char **argv) +{ + + passivemode = !passivemode; + printf("Passive mode %s.\n", onoff(passivemode)); + code = passivemode; +} + +void +setsunique(int argc, char **argv) +{ + + sunique = !sunique; + printf("Store unique %s.\n", onoff(sunique)); + code = sunique; +} + +void +setrunique(int argc, char **argv) +{ + + runique = !runique; + printf("Receive unique %s.\n", onoff(runique)); + code = runique; +} + +/* change directory to perent directory */ +void +cdup(int argc, char **argv) +{ + + if (command("CDUP") == ERROR && code == 500) { + if (verbose) + printf("CDUP command not recognized, trying XCUP\n"); + command("XCUP"); + } +} + +/* restart transfer at specific point */ +void +restart(int argc, char **argv) +{ + + if (argc != 2) + printf("restart: offset not specified\n"); + else { + restart_point = atol(argv[1]); + printf("restarting at %ld. %s\n", (long)restart_point, + "execute get, put or append to initiate transfer"); + } +} + +/* show remote system type */ +void +syst(int argc, char **argv) +{ + + command("SYST"); +} + +void +macdef(int argc, char **argv) +{ + char *tmp; + int c; + + if (macnum == 16) { + printf("Limit of 16 macros have already been defined\n"); + code = -1; + return; + } + if (argc < 2 && !another(&argc, &argv, "macro name")) { + printf("Usage: %s macro_name\n",argv[0]); + code = -1; + return; + } + if (interactive) { + printf("Enter macro line by line, terminating it with a null line\n"); + } + strncpy(macros[macnum].mac_name, argv[1], 8); + if (macnum == 0) { + macros[macnum].mac_start = macbuf; + } + else { + macros[macnum].mac_start = macros[macnum - 1].mac_end + 1; + } + tmp = macros[macnum].mac_start; + while (tmp != macbuf+4096) { + if ((c = getchar()) == EOF) { + printf("macdef:end of file encountered\n"); + code = -1; + return; + } + if ((*tmp = c) == '\n') { + if (tmp == macros[macnum].mac_start) { + macros[macnum++].mac_end = tmp; + code = 0; + return; + } + if (*(tmp-1) == '\0') { + macros[macnum++].mac_end = tmp - 1; + code = 0; + return; + } + *tmp = '\0'; + } + tmp++; + } + while (1) { + while ((c = getchar()) != '\n' && c != EOF) + /* LOOP */; + if (c == EOF || getchar() == '\n') { + printf("Macro not defined - 4k buffer exceeded\n"); + code = -1; + return; + } + } +} + +/* + * get size of file on remote machine + */ +void +sizecmd(int argc, char **argv) +{ + + if (argc < 2 && !another(&argc, &argv, "filename")) { + printf("usage: %s filename\n", argv[0]); + code = -1; + return; + } + command("SIZE %s", argv[1]); +} + +/* + * get last modification time of file on remote machine + */ +void +modtime(int argc, char **argv) +{ + int overbose; + + if (argc < 2 && !another(&argc, &argv, "filename")) { + printf("usage: %s filename\n", argv[0]); + code = -1; + return; + } + overbose = verbose; + if (debug == 0) + verbose = -1; + if (command("MDTM %s", argv[1]) == COMPLETE) { + int yy, mo, day, hour, min, sec; + sscanf(reply_string, "%*s %04d%02d%02d%02d%02d%02d", &yy, &mo, + &day, &hour, &min, &sec); + /* might want to print this in local time */ + printf("%s\t%02d/%02d/%04d %02d:%02d:%02d GMT\n", argv[1], + mo, day, yy, hour, min, sec); + } else + printf("%s\n", reply_string); + verbose = overbose; +} + +/* + * show status on reomte machine + */ +void +rmtstatus(int argc, char **argv) +{ + + command(argc > 1 ? "STAT %s" : "STAT" , argv[1]); +} + +/* + * get file if modtime is more recent than current file + */ +void +newer(int argc, char **argv) +{ + + if (getit(argc, argv, -1, "w")) + printf("Local file \"%s\" is newer than remote file \"%s\"\n", + argv[2], argv[1]); +} diff --git a/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c b/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c new file mode 100644 index 0000000..9567e3c --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/cmdtab.c @@ -0,0 +1,193 @@ +/* + * Copyright (c) 1985, 1989, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ftp_locl.h" + +/* + * User FTP -- Command Tables. + */ + +char accounthelp[] = "send account command to remote server"; +char appendhelp[] = "append to a file"; +char asciihelp[] = "set ascii transfer type"; +char beephelp[] = "beep when command completed"; +char binaryhelp[] = "set binary transfer type"; +char casehelp[] = "toggle mget upper/lower case id mapping"; +char cdhelp[] = "change remote working directory"; +char cduphelp[] = "change remote working directory to parent directory"; +char chmodhelp[] = "change file permissions of remote file"; +char connecthelp[] = "connect to remote tftp"; +char crhelp[] = "toggle carriage return stripping on ascii gets"; +char deletehelp[] = "delete remote file"; +char debughelp[] = "toggle/set debugging mode"; +char dirhelp[] = "list contents of remote directory"; +char disconhelp[] = "terminate ftp session"; +char domachelp[] = "execute macro"; +char formhelp[] = "set file transfer format"; +char globhelp[] = "toggle metacharacter expansion of local file names"; +char hashhelp[] = "toggle printing `#' for each buffer transferred"; +char helphelp[] = "print local help information"; +char idlehelp[] = "get (set) idle timer on remote side"; +char lcdhelp[] = "change local working directory"; +char lshelp[] = "list contents of remote directory"; +char macdefhelp[] = "define a macro"; +char mdeletehelp[] = "delete multiple files"; +char mdirhelp[] = "list contents of multiple remote directories"; +char mgethelp[] = "get multiple files"; +char mkdirhelp[] = "make directory on the remote machine"; +char mlshelp[] = "list contents of multiple remote directories"; +char modtimehelp[] = "show last modification time of remote file"; +char modehelp[] = "set file transfer mode"; +char mputhelp[] = "send multiple files"; +char newerhelp[] = "get file if remote file is newer than local file "; +char nlisthelp[] = "nlist contents of remote directory"; +char nmaphelp[] = "set templates for default file name mapping"; +char ntranshelp[] = "set translation table for default file name mapping"; +char porthelp[] = "toggle use of PORT cmd for each data connection"; +char prompthelp[] = "force interactive prompting on multiple commands"; +char proxyhelp[] = "issue command on alternate connection"; +char pwdhelp[] = "print working directory on remote machine"; +char quithelp[] = "terminate ftp session and exit"; +char quotehelp[] = "send arbitrary ftp command"; +char receivehelp[] = "receive file"; +char regethelp[] = "get file restarting at end of local file"; +char remotehelp[] = "get help from remote server"; +char renamehelp[] = "rename file"; +char restarthelp[]= "restart file transfer at bytecount"; +char rmdirhelp[] = "remove directory on the remote machine"; +char rmtstatushelp[]="show status of remote machine"; +char runiquehelp[] = "toggle store unique for local files"; +char resethelp[] = "clear queued command replies"; +char sendhelp[] = "send one file"; +char passivehelp[] = "enter passive transfer mode"; +char sitehelp[] = "send site specific command to remote server\n\t\tTry \"rhelp site\" or \"site help\" for more information"; +char shellhelp[] = "escape to the shell"; +char sizecmdhelp[] = "show size of remote file"; +char statushelp[] = "show current status"; +char structhelp[] = "set file transfer structure"; +char suniquehelp[] = "toggle store unique on remote machine"; +char systemhelp[] = "show remote system type"; +char tenexhelp[] = "set tenex file transfer type"; +char tracehelp[] = "toggle packet tracing"; +char typehelp[] = "set file transfer type"; +char umaskhelp[] = "get (set) umask on remote side"; +char userhelp[] = "send new user information"; +char verbosehelp[] = "toggle verbose mode"; + +char prothelp[] = "set protection level"; +char kauthhelp[] = "get remote tokens"; +char klisthelp[] = "show remote tickets"; +char aklog[] = "obtain remote AFS tokens"; + +struct cmd cmdtab[] = { + { "!", shellhelp, 0, 0, 0, shell }, + { "$", domachelp, 1, 0, 0, domacro }, + { "account", accounthelp, 0, 1, 1, account}, + { "append", appendhelp, 1, 1, 1, put }, + { "ascii", asciihelp, 0, 1, 1, setascii }, + { "bell", beephelp, 0, 0, 0, setbell }, + { "binary", binaryhelp, 0, 1, 1, setbinary }, + { "bye", quithelp, 0, 0, 0, quit }, + { "case", casehelp, 0, 0, 1, setcase }, + { "cd", cdhelp, 0, 1, 1, cd }, + { "cdup", cduphelp, 0, 1, 1, cdup }, + { "chmod", chmodhelp, 0, 1, 1, do_chmod }, + { "close", disconhelp, 0, 1, 1, disconnect }, + { "cr", crhelp, 0, 0, 0, setcr }, + { "delete", deletehelp, 0, 1, 1, delete }, + { "debug", debughelp, 0, 0, 0, setdebug }, + { "dir", dirhelp, 1, 1, 1, ls }, + { "disconnect", disconhelp, 0, 1, 1, disconnect }, + { "form", formhelp, 0, 1, 1, setform }, + { "get", receivehelp, 1, 1, 1, get }, + { "glob", globhelp, 0, 0, 0, setglob }, + { "hash", hashhelp, 0, 0, 0, sethash }, + { "help", helphelp, 0, 0, 1, help }, + { "idle", idlehelp, 0, 1, 1, ftp_idle }, + { "image", binaryhelp, 0, 1, 1, setbinary }, + { "lcd", lcdhelp, 0, 0, 0, lcd }, + { "ls", lshelp, 1, 1, 1, ls }, + { "macdef", macdefhelp, 0, 0, 0, macdef }, + { "mdelete", mdeletehelp, 1, 1, 1, mdelete }, + { "mdir", mdirhelp, 1, 1, 1, mls }, + { "mget", mgethelp, 1, 1, 1, mget }, + { "mkdir", mkdirhelp, 0, 1, 1, makedir }, + { "mls", mlshelp, 1, 1, 1, mls }, + { "mode", modehelp, 0, 1, 1, setftmode }, + { "modtime", modtimehelp, 0, 1, 1, modtime }, + { "mput", mputhelp, 1, 1, 1, mput }, + { "newer", newerhelp, 1, 1, 1, newer }, + { "nmap", nmaphelp, 0, 0, 1, setnmap }, + { "nlist", nlisthelp, 1, 1, 1, ls }, + { "ntrans", ntranshelp, 0, 0, 1, setntrans }, + { "open", connecthelp, 0, 0, 1, setpeer }, + { "passive", passivehelp, 0, 0, 0, setpassive }, + { "prompt", prompthelp, 0, 0, 0, setprompt }, + { "proxy", proxyhelp, 0, 0, 1, doproxy }, + { "sendport", porthelp, 0, 0, 0, setport }, + { "put", sendhelp, 1, 1, 1, put }, + { "pwd", pwdhelp, 0, 1, 1, pwd }, + { "quit", quithelp, 0, 0, 0, quit }, + { "quote", quotehelp, 1, 1, 1, quote }, + { "recv", receivehelp, 1, 1, 1, get }, + { "reget", regethelp, 1, 1, 1, reget }, + { "rstatus", rmtstatushelp, 0, 1, 1, rmtstatus }, + { "rhelp", remotehelp, 0, 1, 1, rmthelp }, + { "rename", renamehelp, 0, 1, 1, renamefile }, + { "reset", resethelp, 0, 1, 1, reset }, + { "restart", restarthelp, 1, 1, 1, restart }, + { "rmdir", rmdirhelp, 0, 1, 1, removedir }, + { "runique", runiquehelp, 0, 0, 1, setrunique }, + { "send", sendhelp, 1, 1, 1, put }, + { "site", sitehelp, 0, 1, 1, site }, + { "size", sizecmdhelp, 1, 1, 1, sizecmd }, + { "status", statushelp, 0, 0, 1, status }, + { "struct", structhelp, 0, 1, 1, setstruct }, + { "system", systemhelp, 0, 1, 1, syst }, + { "sunique", suniquehelp, 0, 0, 1, setsunique }, + { "tenex", tenexhelp, 0, 1, 1, settenex }, + { "trace", tracehelp, 0, 0, 0, settrace }, + { "type", typehelp, 0, 1, 1, settype }, + { "user", userhelp, 0, 1, 1, user }, + { "umask", umaskhelp, 0, 1, 1, do_umask }, + { "verbose", verbosehelp, 0, 0, 0, setverbose }, + { "?", helphelp, 0, 0, 1, help }, + + { "prot", prothelp, 0, 1, 0, sec_prot }, + { "kauth", kauthhelp, 0, 1, 0, kauth }, + { "klist", klisthelp, 0, 1, 0, klist }, + + { 0 }, +}; + +int NCMDS = (sizeof (cmdtab) / sizeof (cmdtab[0])) - 1; diff --git a/crypto/kerberosIV/appl/ftp/ftp/domacro.c b/crypto/kerberosIV/appl/ftp/ftp/domacro.c new file mode 100644 index 0000000..f5a89b9 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/domacro.c @@ -0,0 +1,138 @@ +/* + * Copyright (c) 1985, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ftp_locl.h" +RCSID("$Id: domacro.c,v 1.5 1996/11/17 20:23:10 assar Exp $"); + +void +domacro(int argc, char **argv) +{ + int i, j, count = 2, loopflg = 0; + char *cp1, *cp2, line2[200]; + struct cmd *c; + + if (argc < 2 && !another(&argc, &argv, "macro name")) { + printf("Usage: %s macro_name.\n", argv[0]); + code = -1; + return; + } + for (i = 0; i < macnum; ++i) { + if (!strncmp(argv[1], macros[i].mac_name, 9)) { + break; + } + } + if (i == macnum) { + printf("'%s' macro not found.\n", argv[1]); + code = -1; + return; + } + strcpy(line2, line); +TOP: + cp1 = macros[i].mac_start; + while (cp1 != macros[i].mac_end) { + while (isspace(*cp1)) { + cp1++; + } + cp2 = line; + while (*cp1 != '\0') { + switch(*cp1) { + case '\\': + *cp2++ = *++cp1; + break; + case '$': + if (isdigit(*(cp1+1))) { + j = 0; + while (isdigit(*++cp1)) { + j = 10*j + *cp1 - '0'; + } + cp1--; + if (argc - 2 >= j) { + strcpy(cp2, argv[j+1]); + cp2 += strlen(argv[j+1]); + } + break; + } + if (*(cp1+1) == 'i') { + loopflg = 1; + cp1++; + if (count < argc) { + strcpy(cp2, argv[count]); + cp2 += strlen(argv[count]); + } + break; + } + /* intentional drop through */ + default: + *cp2++ = *cp1; + break; + } + if (*cp1 != '\0') { + cp1++; + } + } + *cp2 = '\0'; + makeargv(); + c = getcmd(margv[0]); + if (c == (struct cmd *)-1) { + printf("?Ambiguous command\n"); + code = -1; + } + else if (c == 0) { + printf("?Invalid command\n"); + code = -1; + } + else if (c->c_conn && !connected) { + printf("Not connected.\n"); + code = -1; + } + else { + if (verbose) { + printf("%s\n",line); + } + (*c->c_handler)(margc, margv); + if (bell && c->c_bell) { + putchar('\007'); + } + strcpy(line, line2); + makeargv(); + argc = margc; + argv = margv; + } + if (cp1 != macros[i].mac_end) { + cp1++; + } + } + if (loopflg && ++count < argc) { + goto TOP; + } +} diff --git a/crypto/kerberosIV/appl/ftp/ftp/extern.h b/crypto/kerberosIV/appl/ftp/ftp/extern.h new file mode 100644 index 0000000..b830999 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/extern.h @@ -0,0 +1,167 @@ +/*- + * Copyright (c) 1994 The Regents of the University of California. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)extern.h 8.3 (Berkeley) 10/9/94 + */ + +/* $Id: extern.h,v 1.13 1997/04/20 05:46:48 assar Exp $ */ + +#include <setjmp.h> +#include <stdlib.h> +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif +#ifdef HAVE_SYS_SELECT_H +#include <sys/select.h> +#endif + +void abort_remote (FILE *); +void abortpt (int); +void abortrecv (int); +void account (int, char **); +int another (int *, char ***, char *); +void blkfree (char **); +void cd (int, char **); +void cdup (int, char **); +void changetype (int, int); +void cmdabort (int); +void cmdscanner (int); +int command (char *fmt, ...); +int confirm (char *, char *); +FILE *dataconn (char *); +void delete (int, char **); +void disconnect (int, char **); +void do_chmod (int, char **); +void do_umask (int, char **); +void domacro (int, char **); +char *domap (char *); +void doproxy (int, char **); +char *dotrans (char *); +int empty (fd_set *, int); +void fatal (char *); +void get (int, char **); +struct cmd *getcmd (char *); +int getit (int, char **, int, char *); +int getreply (int); +int globulize (char **); +char *gunique (char *); +void help (int, char **); +char *hookup (char *, int); +void ftp_idle (int, char **); +int initconn (void); +void intr (int); +void lcd (int, char **); +int login (char *); +RETSIGTYPE lostpeer (int); +void ls (int, char **); +void macdef (int, char **); +void makeargv (void); +void makedir (int, char **); +void mdelete (int, char **); +void mget (int, char **); +void mls (int, char **); +void modtime (int, char **); +void mput (int, char **); +char *onoff (int); +void newer (int, char **); +void proxtrans (char *, char *, char *); +void psabort (int); +void pswitch (int); +void ptransfer (char *, long, struct timeval *, struct timeval *); +void put (int, char **); +void pwd (int, char **); +void quit (int, char **); +void quote (int, char **); +void quote1 (char *, int, char **); +void recvrequest (char *, char *, char *, char *, int); +void reget (int, char **); +char *remglob (char **, int); +void removedir (int, char **); +void renamefile (int, char **); +void reset (int, char **); +void restart (int, char **); +void rmthelp (int, char **); +void rmtstatus (int, char **); +int ruserpass (char *, char **, char **, char **); +void sendrequest (char *, char *, char *, int); +void setascii (int, char **); +void setbell (int, char **); +void setbinary (int, char **); +void setcase (int, char **); +void setcr (int, char **); +void setdebug (int, char **); +void setform (int, char **); +void setftmode (int, char **); +void setglob (int, char **); +void sethash (int, char **); +void setnmap (int, char **); +void setntrans (int, char **); +void setpassive (int, char **); +void setpeer (int, char **); +void setport (int, char **); +void setprompt (int, char **); +void setrunique (int, char **); +void setstruct (int, char **); +void setsunique (int, char **); +void settenex (int, char **); +void settrace (int, char **); +void settype (int, char **); +void setverbose (int, char **); +void shell (int, char **); +void site (int, char **); +void sizecmd (int, char **); +char *slurpstring (void); +void status (int, char **); +void syst (int, char **); +void tvsub (struct timeval *, struct timeval *, struct timeval *); +void user (int, char **); + +extern jmp_buf abortprox; +extern int abrtflag; +extern struct cmd cmdtab[]; +extern FILE *cout; +extern int data; +extern char *home; +extern jmp_buf jabort; +extern int proxy; +extern char reply_string[]; +extern off_t restart_point; +extern int NCMDS; + +extern char username[32]; +extern char myhostname[]; +extern char *mydomain; diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp.c b/crypto/kerberosIV/appl/ftp/ftp/ftp.c new file mode 100644 index 0000000..cfabda6 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/ftp.c @@ -0,0 +1,1658 @@ +/* + * Copyright (c) 1985, 1989, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ftp_locl.h" +RCSID("$Id: ftp.c,v 1.44 1997/05/18 20:00:31 assar Exp $"); + +struct sockaddr_in hisctladdr; +struct sockaddr_in data_addr; +int data = -1; +int abrtflag = 0; +jmp_buf ptabort; +int ptabflg; +int ptflag = 0; +struct sockaddr_in myctladdr; +off_t restart_point = 0; + + +FILE *cin, *cout; + +typedef void (*sighand)(int); + +char * +hookup(char *host, int port) +{ + struct hostent *hp = 0; + int s, len, tos; + static char hostnamebuf[80]; + + memset(&hisctladdr, 0, sizeof (hisctladdr)); + if(inet_aton(host, &hisctladdr.sin_addr)){ + hisctladdr.sin_family = AF_INET; + strncpy(hostnamebuf, host, sizeof(hostnamebuf)); + } else { + hp = gethostbyname(host); + if (hp == NULL) { +#ifdef HAVE_H_ERRNO + warnx("%s: %s", host, hstrerror(h_errno)); +#else + warnx("%s: %s", host, "unknown error"); +#endif + code = -1; + return NULL; + } + hisctladdr.sin_family = hp->h_addrtype; + memmove(&hisctladdr.sin_addr, + hp->h_addr_list[0], + sizeof(hisctladdr.sin_addr)); + strncpy(hostnamebuf, hp->h_name, sizeof(hostnamebuf)); + hostnamebuf[sizeof(hostnamebuf) - 1] = '\0'; + } + hostname = hostnamebuf; + s = socket(hisctladdr.sin_family, SOCK_STREAM, 0); + if (s < 0) { + warn("socket"); + code = -1; + return (0); + } + hisctladdr.sin_port = port; + while (connect(s, (struct sockaddr *)&hisctladdr, sizeof (hisctladdr)) < 0) { + if (hp && hp->h_addr_list[1]) { + int oerrno = errno; + char *ia; + + ia = inet_ntoa(hisctladdr.sin_addr); + errno = oerrno; + warn("connect to address %s", ia); + hp->h_addr_list++; + memmove(&hisctladdr.sin_addr, + hp->h_addr_list[0], + sizeof(hisctladdr.sin_addr)); + fprintf(stdout, "Trying %s...\n", + inet_ntoa(hisctladdr.sin_addr)); + close(s); + s = socket(hisctladdr.sin_family, SOCK_STREAM, 0); + if (s < 0) { + warn("socket"); + code = -1; + return (0); + } + continue; + } + warn("connect"); + code = -1; + goto bad; + } + len = sizeof (myctladdr); + if (getsockname(s, (struct sockaddr *)&myctladdr, &len) < 0) { + warn("getsockname"); + code = -1; + goto bad; + } +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + tos = IPTOS_LOWDELAY; + if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0) + warn("setsockopt TOS (ignored)"); +#endif + cin = fdopen(s, "r"); + cout = fdopen(s, "w"); + if (cin == NULL || cout == NULL) { + warnx("fdopen failed."); + if (cin) + fclose(cin); + if (cout) + fclose(cout); + code = -1; + goto bad; + } + if (verbose) + printf("Connected to %s.\n", hostname); + if (getreply(0) > 2) { /* read startup message from server */ + if (cin) + fclose(cin); + if (cout) + fclose(cout); + code = -1; + goto bad; + } +#if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT) + { + int on = 1; + + if (setsockopt(s, SOL_SOCKET, SO_OOBINLINE, (char *)&on, sizeof(on)) + < 0 && debug) { + warn("setsockopt"); + } + } +#endif /* SO_OOBINLINE */ + + return (hostname); +bad: + close(s); + return NULL; +} + +int +login(char *host) +{ + char tmp[80]; + char defaultpass[128]; + char *user, *pass, *acct; + int n, aflag = 0; + + char *myname = NULL; + struct passwd *pw = k_getpwuid(getuid()); + if (pw != NULL) + myname = pw->pw_name; + + user = pass = acct = 0; + + if(do_klogin(host)) + printf("\n*** Using plaintext user and password ***\n\n"); + else{ + printf("Kerberos authentication successful.\n\n"); + } + + if (ruserpass(host, &user, &pass, &acct) < 0) { + code = -1; + return (0); + } + while (user == NULL) { + if (myname) + printf("Name (%s:%s): ", host, myname); + else + printf("Name (%s): ", host); + fgets(tmp, sizeof(tmp) - 1, stdin); + tmp[strlen(tmp) - 1] = '\0'; + if (*tmp == '\0') + user = myname; + else + user = tmp; + } + strcpy(username, user); + n = command("USER %s", user); + if (n == CONTINUE) { + if(auth_complete) + pass = myname; + else if (pass == NULL) { + char prompt[128]; + if(myname && + (!strcmp(user, "ftp") || !strcmp(user, "anonymous"))){ + snprintf(defaultpass, sizeof(defaultpass), "%s@%s", myname, mydomain); + snprintf(prompt, sizeof(prompt), "Password (%s): ", defaultpass); + }else{ + strcpy(defaultpass, ""); + snprintf(prompt, sizeof(prompt), "Password: "); + } + pass = defaultpass; + des_read_pw_string (tmp, sizeof(tmp), prompt, 0); + if(tmp[0]) + pass = tmp; + } + n = command("PASS %s", pass); + } + if (n == CONTINUE) { + aflag++; + acct = tmp; + des_read_pw_string(acct, 128, "Account:", 0); + n = command("ACCT %s", acct); + } + if (n != COMPLETE) { + warnx("Login failed."); + return (0); + } + if (!aflag && acct != NULL) + command("ACCT %s", acct); + if (proxy) + return (1); + for (n = 0; n < macnum; ++n) { + if (!strcmp("init", macros[n].mac_name)) { + strcpy(line, "$init"); + makeargv(); + domacro(margc, margv); + break; + } + } + sec_set_protection_level(); + return (1); +} + +void +cmdabort(int sig) +{ + + printf("\n"); + fflush(stdout); + abrtflag++; + if (ptflag) + longjmp(ptabort,1); +} + +int +command(char *fmt, ...) +{ + va_list ap; + int r; + sighand oldintr; + + abrtflag = 0; + if (cout == NULL) { + warn("No control connection for command"); + code = -1; + return (0); + } + oldintr = signal(SIGINT, cmdabort); + va_start(ap, fmt); + if(debug){ + printf("---> "); + if (strncmp("PASS ", fmt, 5) == 0) + printf("PASS XXXX"); + else + vfprintf(stdout, fmt, ap); + va_start(ap, fmt); + } + if(auth_complete) + krb4_write_enc(cout, fmt, ap); + else + vfprintf(cout, fmt, ap); + va_end(ap); + if(debug){ + printf("\n"); + fflush(stdout); + } + fprintf(cout, "\r\n"); + fflush(cout); + cpend = 1; + r = getreply(!strcmp(fmt, "QUIT")); + if (abrtflag && oldintr != SIG_IGN) + (*oldintr)(SIGINT); + signal(SIGINT, oldintr); + return (r); +} + +char reply_string[BUFSIZ]; /* last line of previous reply */ + +int +getreply(int expecteof) +{ + char *p; + char *lead_string; + int c; + struct sigaction sa, osa; + char buf[1024]; + + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; + sa.sa_handler = cmdabort; + sigaction(SIGINT, &sa, &osa); + + p = buf; + + while(1){ + c = getc(cin); + switch(c){ + case EOF: + if (expecteof) { + sigaction(SIGINT,&osa, NULL); + code = 221; + return 0; + } + lostpeer(0); + if (verbose) { + printf("421 Service not available, " + "remote server has closed connection\n"); + fflush(stdout); + } + code = 421; + return (4); + break; + case IAC: + c = getc(cin); + if(c == WILL || c == WONT) + fprintf(cout, "%c%c%c", IAC, DONT, getc(cin)); + if(c == DO || c == DONT) + fprintf(cout, "%c%c%c", IAC, WONT, getc(cin)); + continue; + case '\n': + *p++ = 0; + if(isdigit(buf[0])){ + sscanf(buf, "%d", &code); + if(code == 631){ + krb4_read_mic(buf); + sscanf(buf, "%d", &code); + lead_string = "S:"; + } else if(code == 632){ + krb4_read_enc(buf); + sscanf(buf, "%d", &code); + lead_string = "P:"; + }else if(code == 633){ + printf("Received confidential reply!\n"); + }else if(auth_complete) + lead_string = "!!"; + else + lead_string = ""; + if(verbose > 0 || (verbose > -1 && code > 499)) + fprintf(stdout, "%s%s\n", lead_string, buf); + if(buf[3] == ' '){ + strcpy(reply_string, buf); + if (code >= 200) + cpend = 0; + sigaction(SIGINT, &osa, NULL); + if (code == 421) + lostpeer(0); +#if 1 + if (abrtflag && + osa.sa_handler != cmdabort && + osa.sa_handler != SIG_IGN) + osa.sa_handler(SIGINT); +#endif + if(code == 227){ + char *p, *q; + pasv[0] = 0; + p = strchr(reply_string, '('); + if(p){ + p++; + q = strchr(p, ')'); + if(q){ + strncpy(pasv, p, q - p); + pasv[q - p] = 0; + } + } + } + return code / 100; + } + }else{ + if(verbose > 0 || (verbose > -1 && code > 499)){ + if(auth_complete) + fprintf(stdout, "!!"); + fprintf(stdout, "%s\n", buf); + } + } + p = buf; + continue; + default: + *p++ = c; + } + } + +} + + +#if 0 +int +getreply(int expecteof) +{ + int c, n; + int dig; + int originalcode = 0, continuation = 0; + sighand oldintr; + int pflag = 0; + char *cp, *pt = pasv; + + oldintr = signal(SIGINT, cmdabort); + for (;;) { + dig = n = code = 0; + cp = reply_string; + while ((c = getc(cin)) != '\n') { + if (c == IAC) { /* handle telnet commands */ + switch (c = getc(cin)) { + case WILL: + case WONT: + c = getc(cin); + fprintf(cout, "%c%c%c", IAC, DONT, c); + fflush(cout); + break; + case DO: + case DONT: + c = getc(cin); + fprintf(cout, "%c%c%c", IAC, WONT, c); + fflush(cout); + break; + default: + break; + } + continue; + } + dig++; + if (c == EOF) { + if (expecteof) { + signal(SIGINT,oldintr); + code = 221; + return (0); + } + lostpeer(0); + if (verbose) { + printf("421 Service not available, remote server has closed connection\n"); + fflush(stdout); + } + code = 421; + return (4); + } + if (c != '\r' && (verbose > 0 || + (verbose > -1 && n == '5' && dig > 4))) { + if (proxflag && + (dig == 1 || dig == 5 && verbose == 0)) + printf("%s:",hostname); + putchar(c); + } + if (dig < 4 && isdigit(c)) + code = code * 10 + (c - '0'); + if (!pflag && code == 227) + pflag = 1; + if (dig > 4 && pflag == 1 && isdigit(c)) + pflag = 2; + if (pflag == 2) { + if (c != '\r' && c != ')') + *pt++ = c; + else { + *pt = '\0'; + pflag = 3; + } + } + if (dig == 4 && c == '-') { + if (continuation) + code = 0; + continuation++; + } + if (n == 0) + n = c; + if (cp < &reply_string[sizeof(reply_string) - 1]) + *cp++ = c; + } + if (verbose > 0 || verbose > -1 && n == '5') { + putchar(c); + fflush (stdout); + } + if (continuation && code != originalcode) { + if (originalcode == 0) + originalcode = code; + continue; + } + *cp = '\0'; + if(auth_complete){ + if(code == 631) + krb4_read_mic(reply_string); + else + krb4_read_enc(reply_string); + n = code / 100 + '0'; + } + + if (n != '1') + cpend = 0; + signal(SIGINT,oldintr); + if (code == 421 || originalcode == 421) + lostpeer(0); + if (abrtflag && oldintr != cmdabort && oldintr != SIG_IGN) + (*oldintr)(SIGINT); + return (n - '0'); + } +} +#endif + +int +empty(fd_set *mask, int sec) +{ + struct timeval t; + + t.tv_sec = (long) sec; + t.tv_usec = 0; + return (select(32, mask, NULL, NULL, &t)); +} + +jmp_buf sendabort; + +static RETSIGTYPE +abortsend(int sig) +{ + + mflag = 0; + abrtflag = 0; + printf("\nsend aborted\nwaiting for remote to finish abort\n"); + fflush(stdout); + longjmp(sendabort, 1); +} + +#define HASHBYTES 1024 + +static int +copy_stream(FILE *from, FILE *to) +{ + static size_t bufsize; + static char *buf; + int n; + int bytes = 0; + int werr; + int hashbytes = HASHBYTES; + struct stat st; + +#ifdef HAVE_MMAP + void *chunk; + +#ifndef MAP_FAILED +#define MAP_FAILED (-1) +#endif + + if(fstat(fileno(from), &st) == 0 && S_ISREG(st.st_mode)){ + chunk = mmap(0, st.st_size, PROT_READ, MAP_SHARED, fileno(from), 0); + if (chunk != (void *)MAP_FAILED) { + int res; + + res = sec_write(fileno(to), chunk, st.st_size); + if (munmap(chunk, st.st_size) < 0) + warn ("munmap"); + sec_fflush(to); + return res; + } + } +#endif + + buf = alloc_buffer (buf, &bufsize, + fstat(fileno(from), &st) >= 0 ? &st : NULL); + if (buf == NULL) + return -1; + + while((n = read(fileno(from), buf, bufsize)) > 0){ + werr = sec_write(fileno(to), buf, n); + if(werr < 0) + break; + bytes += werr; + while(hash && bytes > hashbytes){ + putchar('#'); + hashbytes += HASHBYTES; + } + } + sec_fflush(to); + if(n < 0) + warn("local"); + + if(werr < 0){ + if(errno != EPIPE) + warn("netout"); + bytes = -1; + } + return bytes; +} + +void +sendrequest(char *cmd, char *local, char *remote, int printnames) +{ + struct stat st; + struct timeval start, stop; + int c, d; + FILE *fin, *dout = 0; + int (*closefunc) (FILE *); + RETSIGTYPE (*oldintr)(), (*oldintp)(); + long bytes = 0, hashbytes = HASHBYTES; + char *lmode; + + if (verbose && printnames) { + if (local && *local != '-') + printf("local: %s ", local); + if (remote) + printf("remote: %s\n", remote); + } + if (proxy) { + proxtrans(cmd, local, remote); + return; + } + if (curtype != type) + changetype(type, 0); + closefunc = NULL; + oldintr = NULL; + oldintp = NULL; + lmode = "w"; + if (setjmp(sendabort)) { + while (cpend) { + getreply(0); + } + if (data >= 0) { + close(data); + data = -1; + } + if (oldintr) + signal(SIGINT,oldintr); + if (oldintp) + signal(SIGPIPE,oldintp); + code = -1; + return; + } + oldintr = signal(SIGINT, abortsend); + if (strcmp(local, "-") == 0) + fin = stdin; + else if (*local == '|') { + oldintp = signal(SIGPIPE,SIG_IGN); + fin = popen(local + 1, "r"); + if (fin == NULL) { + warn("%s", local + 1); + signal(SIGINT, oldintr); + signal(SIGPIPE, oldintp); + code = -1; + return; + } + closefunc = pclose; + } else { + fin = fopen(local, "r"); + if (fin == NULL) { + warn("local: %s", local); + signal(SIGINT, oldintr); + code = -1; + return; + } + closefunc = fclose; + if (fstat(fileno(fin), &st) < 0 || + (st.st_mode&S_IFMT) != S_IFREG) { + fprintf(stdout, "%s: not a plain file.\n", local); + signal(SIGINT, oldintr); + fclose(fin); + code = -1; + return; + } + } + if (initconn()) { + signal(SIGINT, oldintr); + if (oldintp) + signal(SIGPIPE, oldintp); + code = -1; + if (closefunc != NULL) + (*closefunc)(fin); + return; + } + if (setjmp(sendabort)) + goto abort; + + if (restart_point && + (strcmp(cmd, "STOR") == 0 || strcmp(cmd, "APPE") == 0)) { + int rc; + + switch (curtype) { + case TYPE_A: + rc = fseek(fin, (long) restart_point, SEEK_SET); + break; + case TYPE_I: + case TYPE_L: + rc = lseek(fileno(fin), restart_point, SEEK_SET); + break; + } + if (rc < 0) { + warn("local: %s", local); + restart_point = 0; + if (closefunc != NULL) + (*closefunc)(fin); + return; + } + if (command("REST %ld", (long) restart_point) + != CONTINUE) { + restart_point = 0; + if (closefunc != NULL) + (*closefunc)(fin); + return; + } + restart_point = 0; + lmode = "r+w"; + } + if (remote) { + if (command("%s %s", cmd, remote) != PRELIM) { + signal(SIGINT, oldintr); + if (oldintp) + signal(SIGPIPE, oldintp); + if (closefunc != NULL) + (*closefunc)(fin); + return; + } + } else + if (command("%s", cmd) != PRELIM) { + signal(SIGINT, oldintr); + if (oldintp) + signal(SIGPIPE, oldintp); + if (closefunc != NULL) + (*closefunc)(fin); + return; + } + dout = dataconn(lmode); + if (dout == NULL) + goto abort; + set_buffer_size(fileno(dout), 0); + gettimeofday(&start, (struct timezone *)0); + oldintp = signal(SIGPIPE, SIG_IGN); + switch (curtype) { + + case TYPE_I: + case TYPE_L: + errno = d = c = 0; + bytes = copy_stream(fin, dout); + break; + + case TYPE_A: + while ((c = getc(fin)) != EOF) { + if (c == '\n') { + while (hash && (bytes >= hashbytes)) { + putchar('#'); + fflush(stdout); + hashbytes += HASHBYTES; + } + if (ferror(dout)) + break; + sec_putc('\r', dout); + bytes++; + } + sec_putc(c, dout); + bytes++; + } + sec_fflush(dout); + if (hash) { + if (bytes < hashbytes) + putchar('#'); + putchar('\n'); + fflush(stdout); + } + if (ferror(fin)) + warn("local: %s", local); + if (ferror(dout)) { + if (errno != EPIPE) + warn("netout"); + bytes = -1; + } + break; + } + if (closefunc != NULL) + (*closefunc)(fin); + fclose(dout); + gettimeofday(&stop, (struct timezone *)0); + getreply(0); + signal(SIGINT, oldintr); + if (oldintp) + signal(SIGPIPE, oldintp); + if (bytes > 0) + ptransfer("sent", bytes, &start, &stop); + return; +abort: + signal(SIGINT, oldintr); + if (oldintp) + signal(SIGPIPE, oldintp); + if (!cpend) { + code = -1; + return; + } + if (data >= 0) { + close(data); + data = -1; + } + if (dout) + fclose(dout); + getreply(0); + code = -1; + if (closefunc != NULL && fin != NULL) + (*closefunc)(fin); + gettimeofday(&stop, (struct timezone *)0); + if (bytes > 0) + ptransfer("sent", bytes, &start, &stop); +} + +jmp_buf recvabort; + +void +abortrecv(int sig) +{ + + mflag = 0; + abrtflag = 0; + printf("\nreceive aborted\nwaiting for remote to finish abort\n"); + fflush(stdout); + longjmp(recvabort, 1); +} + +void +recvrequest(char *cmd, char *local, char *remote, char *lmode, int printnames) +{ + FILE *fout, *din = 0; + int (*closefunc) (FILE *); + sighand oldintr, oldintp; + int c, d, is_retr, tcrflag, bare_lfs = 0; + static size_t bufsize; + static char *buf; + long bytes = 0, hashbytes = HASHBYTES; + struct timeval start, stop; + struct stat st; + + is_retr = strcmp(cmd, "RETR") == 0; + if (is_retr && verbose && printnames) { + if (local && *local != '-') + printf("local: %s ", local); + if (remote) + printf("remote: %s\n", remote); + } + if (proxy && is_retr) { + proxtrans(cmd, local, remote); + return; + } + closefunc = NULL; + oldintr = NULL; + oldintp = NULL; + tcrflag = !crflag && is_retr; + if (setjmp(recvabort)) { + while (cpend) { + getreply(0); + } + if (data >= 0) { + close(data); + data = -1; + } + if (oldintr) + signal(SIGINT, oldintr); + code = -1; + return; + } + oldintr = signal(SIGINT, abortrecv); + if (strcmp(local, "-") && *local != '|') { + if (access(local, 2) < 0) { + char *dir = strrchr(local, '/'); + + if (errno != ENOENT && errno != EACCES) { + warn("local: %s", local); + signal(SIGINT, oldintr); + code = -1; + return; + } + if (dir != NULL) + *dir = 0; + d = access(dir ? local : ".", 2); + if (dir != NULL) + *dir = '/'; + if (d < 0) { + warn("local: %s", local); + signal(SIGINT, oldintr); + code = -1; + return; + } + if (!runique && errno == EACCES && + chmod(local, 0600) < 0) { + warn("local: %s", local); + signal(SIGINT, oldintr); + signal(SIGINT, oldintr); + code = -1; + return; + } + if (runique && errno == EACCES && + (local = gunique(local)) == NULL) { + signal(SIGINT, oldintr); + code = -1; + return; + } + } + else if (runique && (local = gunique(local)) == NULL) { + signal(SIGINT, oldintr); + code = -1; + return; + } + } + if (!is_retr) { + if (curtype != TYPE_A) + changetype(TYPE_A, 0); + } else if (curtype != type) + changetype(type, 0); + if (initconn()) { + signal(SIGINT, oldintr); + code = -1; + return; + } + if (setjmp(recvabort)) + goto abort; + if (is_retr && restart_point && + command("REST %ld", (long) restart_point) != CONTINUE) + return; + if (remote) { + if (command("%s %s", cmd, remote) != PRELIM) { + signal(SIGINT, oldintr); + return; + } + } else { + if (command("%s", cmd) != PRELIM) { + signal(SIGINT, oldintr); + return; + } + } + din = dataconn("r"); + if (din == NULL) + goto abort; + set_buffer_size(fileno(din), 1); + if (strcmp(local, "-") == 0) + fout = stdout; + else if (*local == '|') { + oldintp = signal(SIGPIPE, SIG_IGN); + fout = popen(local + 1, "w"); + if (fout == NULL) { + warn("%s", local+1); + goto abort; + } + closefunc = pclose; + } else { + fout = fopen(local, lmode); + if (fout == NULL) { + warn("local: %s", local); + goto abort; + } + closefunc = fclose; + } + buf = alloc_buffer (buf, &bufsize, + fstat(fileno(fout), &st) >= 0 ? &st : NULL); + if (buf == NULL) + goto abort; + + gettimeofday(&start, (struct timezone *)0); + switch (curtype) { + + case TYPE_I: + case TYPE_L: + if (restart_point && + lseek(fileno(fout), restart_point, SEEK_SET) < 0) { + warn("local: %s", local); + if (closefunc != NULL) + (*closefunc)(fout); + return; + } + errno = d = 0; + while ((c = sec_read(fileno(din), buf, bufsize)) > 0) { + if ((d = write(fileno(fout), buf, c)) != c) + break; + bytes += c; + if (hash) { + while (bytes >= hashbytes) { + putchar('#'); + hashbytes += HASHBYTES; + } + fflush(stdout); + } + } + if (hash && bytes > 0) { + if (bytes < HASHBYTES) + putchar('#'); + putchar('\n'); + fflush(stdout); + } + if (c < 0) { + if (errno != EPIPE) + warn("netin"); + bytes = -1; + } + if (d < c) { + if (d < 0) + warn("local: %s", local); + else + warnx("%s: short write", local); + } + break; + + case TYPE_A: + if (restart_point) { + int i, n, ch; + + if (fseek(fout, 0L, SEEK_SET) < 0) + goto done; + n = restart_point; + for (i = 0; i++ < n;) { + if ((ch = sec_getc(fout)) == EOF) + goto done; + if (ch == '\n') + i++; + } + if (fseek(fout, 0L, SEEK_CUR) < 0) { + done: + warn("local: %s", local); + if (closefunc != NULL) + (*closefunc)(fout); + return; + } + } + + while ((c = sec_getc(din)) != EOF) { + if (c == '\n') + bare_lfs++; + while (c == '\r') { + while (hash && (bytes >= hashbytes)) { + putchar('#'); + fflush(stdout); + hashbytes += HASHBYTES; + } + bytes++; + if ((c = sec_getc(din)) != '\n' || tcrflag) { + if (ferror(fout)) + goto break2; + putc('\r', fout); + if (c == '\0') { + bytes++; + goto contin2; + } + if (c == EOF) + goto contin2; + } + } + putc(c, fout); + bytes++; + contin2: ; + } + break2: + if (bare_lfs) { + printf("WARNING! %d bare linefeeds received in ASCII mode\n", + bare_lfs); + printf("File may not have transferred correctly.\n"); + } + if (hash) { + if (bytes < hashbytes) + putchar('#'); + putchar('\n'); + fflush(stdout); + } + if (ferror(din)) { + if (errno != EPIPE) + warn("netin"); + bytes = -1; + } + if (ferror(fout)) + warn("local: %s", local); + break; + } + if (closefunc != NULL) + (*closefunc)(fout); + signal(SIGINT, oldintr); + if (oldintp) + signal(SIGPIPE, oldintp); + fclose(din); + gettimeofday(&stop, (struct timezone *)0); + getreply(0); + if (bytes > 0 && is_retr) + ptransfer("received", bytes, &start, &stop); + return; +abort: + + /* abort using RFC959 recommended IP,SYNC sequence */ + + if (oldintp) + signal(SIGPIPE, oldintr); + signal(SIGINT, SIG_IGN); + if (!cpend) { + code = -1; + signal(SIGINT, oldintr); + return; + } + + abort_remote(din); + code = -1; + if (data >= 0) { + close(data); + data = -1; + } + if (closefunc != NULL && fout != NULL) + (*closefunc)(fout); + if (din) + fclose(din); + gettimeofday(&stop, (struct timezone *)0); + if (bytes > 0) + ptransfer("received", bytes, &start, &stop); + signal(SIGINT, oldintr); +} + +/* + * Need to start a listen on the data channel before we send the command, + * otherwise the server's connect may fail. + */ +int +initconn(void) +{ + int result, len, tmpno = 0; + int on = 1; + int a0, a1, a2, a3, p0, p1; + + if (passivemode) { + data = socket(AF_INET, SOCK_STREAM, 0); + if (data < 0) { + perror("ftp: socket"); + return(1); + } +#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT) + if ((options & SO_DEBUG) && + setsockopt(data, SOL_SOCKET, SO_DEBUG, (char *)&on, + sizeof (on)) < 0) + perror("ftp: setsockopt (ignored)"); +#endif + if (command("PASV") != COMPLETE) { + printf("Passive mode refused.\n"); + goto bad; + } + + /* + * What we've got at this point is a string of comma + * separated one-byte unsigned integer values. + * The first four are the an IP address. The fifth is + * the MSB of the port number, the sixth is the LSB. + * From that we'll prepare a sockaddr_in. + */ + + if (sscanf(pasv,"%d,%d,%d,%d,%d,%d", + &a0, &a1, &a2, &a3, &p0, &p1) != 6) { + printf("Passive mode address scan failure. " + "Shouldn't happen!\n"); + goto bad; + } + if(a0 < 0 || a0 > 255 || + a1 < 0 || a1 > 255 || + a2 < 0 || a2 > 255 || + a3 < 0 || a3 > 255 || + p0 < 0 || p0 > 255 || + p1 < 0 || p1 > 255){ + printf("Can't parse passive mode string.\n"); + goto bad; + } + + memset(&data_addr, 0, sizeof(data_addr)); + data_addr.sin_family = AF_INET; + data_addr.sin_addr.s_addr = htonl((a0 << 24) | (a1 << 16) | + (a2 << 8) | a3); + data_addr.sin_port = htons((p0 << 8) | p1); + + if (connect(data, (struct sockaddr *)&data_addr, + sizeof(data_addr)) < 0) { + perror("ftp: connect"); + goto bad; + } +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + on = IPTOS_THROUGHPUT; + if (setsockopt(data, IPPROTO_IP, IP_TOS, (char *)&on, + sizeof(int)) < 0) + perror("ftp: setsockopt TOS (ignored)"); +#endif + return(0); + } + +noport: + data_addr = myctladdr; + if (sendport) + data_addr.sin_port = 0; /* let system pick one */ + if (data != -1) + close(data); + data = socket(AF_INET, SOCK_STREAM, 0); + if (data < 0) { + warn("socket"); + if (tmpno) + sendport = 1; + return (1); + } +#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) + if (!sendport) + if (setsockopt(data, SOL_SOCKET, SO_REUSEADDR, (char *)&on, sizeof (on)) < 0) { + warn("setsockopt (reuse address)"); + goto bad; + } +#endif + if (bind(data, (struct sockaddr *)&data_addr, sizeof (data_addr)) < 0) { + warn("bind"); + goto bad; + } +#if defined(SO_DEBUG) && defined(HAVE_SETSOCKOPT) + if (options & SO_DEBUG && + setsockopt(data, SOL_SOCKET, SO_DEBUG, (char *)&on, sizeof (on)) < 0) + warn("setsockopt (ignored)"); +#endif + len = sizeof (data_addr); + if (getsockname(data, (struct sockaddr *)&data_addr, &len) < 0) { + warn("getsockname"); + goto bad; + } + if (listen(data, 1) < 0) + warn("listen"); + if (sendport) { + unsigned int a = ntohl(data_addr.sin_addr.s_addr); + unsigned int p = ntohs(data_addr.sin_port); + result = command("PORT %d,%d,%d,%d,%d,%d", + (a >> 24) & 0xff, + (a >> 16) & 0xff, + (a >> 8) & 0xff, + a & 0xff, + (p >> 8) & 0xff, + p & 0xff); + if (result == ERROR && sendport == -1) { + sendport = 0; + tmpno = 1; + goto noport; + } + return (result != COMPLETE); + } + if (tmpno) + sendport = 1; +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + on = IPTOS_THROUGHPUT; + if (setsockopt(data, IPPROTO_IP, IP_TOS, (char *)&on, sizeof(int)) < 0) + warn("setsockopt TOS (ignored)"); +#endif + return (0); +bad: + close(data), data = -1; + if (tmpno) + sendport = 1; + return (1); +} + +FILE * +dataconn(char *lmode) +{ + struct sockaddr_in from; + int s, fromlen = sizeof (from), tos; + + if (passivemode) + return (fdopen(data, lmode)); + + s = accept(data, (struct sockaddr *) &from, &fromlen); + if (s < 0) { + warn("accept"); + close(data), data = -1; + return (NULL); + } + close(data); + data = s; +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + tos = IPTOS_THROUGHPUT; + if (setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)) < 0) + warn("setsockopt TOS (ignored)"); +#endif + return (fdopen(data, lmode)); +} + +void +ptransfer(char *direction, long int bytes, + struct timeval *t0, struct timeval *t1) +{ + struct timeval td; + float s; + float bs; + int prec; + char *unit; + + if (verbose) { + td.tv_sec = t1->tv_sec - t0->tv_sec; + td.tv_usec = t1->tv_usec - t0->tv_usec; + if(td.tv_usec < 0){ + td.tv_sec--; + td.tv_usec += 1000000; + } + s = td.tv_sec + (td.tv_usec / 1000000.); + bs = bytes / (s?s:1); + if(bs >= 1048576){ + bs /= 1048576; + unit = "M"; + prec = 2; + }else if(bs >= 1024){ + bs /= 1024; + unit = "k"; + prec = 1; + }else{ + unit = ""; + prec = 0; + } + + printf("%ld bytes %s in %.3g seconds (%.*f %sbyte/s)\n", + bytes, direction, s, prec, bs, unit); + } +} + +void +psabort(int sig) +{ + + abrtflag++; +} + +void +pswitch(int flag) +{ + sighand oldintr; + static struct comvars { + int connect; + char name[MaxHostNameLen]; + struct sockaddr_in mctl; + struct sockaddr_in hctl; + FILE *in; + FILE *out; + int tpe; + int curtpe; + int cpnd; + int sunqe; + int runqe; + int mcse; + int ntflg; + char nti[17]; + char nto[17]; + int mapflg; + char mi[MaxPathLen]; + char mo[MaxPathLen]; + } proxstruct, tmpstruct; + struct comvars *ip, *op; + + abrtflag = 0; + oldintr = signal(SIGINT, psabort); + if (flag) { + if (proxy) + return; + ip = &tmpstruct; + op = &proxstruct; + proxy++; + } else { + if (!proxy) + return; + ip = &proxstruct; + op = &tmpstruct; + proxy = 0; + } + ip->connect = connected; + connected = op->connect; + if (hostname) { + strncpy(ip->name, hostname, sizeof(ip->name) - 1); + ip->name[strlen(ip->name)] = '\0'; + } else + ip->name[0] = 0; + hostname = op->name; + ip->hctl = hisctladdr; + hisctladdr = op->hctl; + ip->mctl = myctladdr; + myctladdr = op->mctl; + ip->in = cin; + cin = op->in; + ip->out = cout; + cout = op->out; + ip->tpe = type; + type = op->tpe; + ip->curtpe = curtype; + curtype = op->curtpe; + ip->cpnd = cpend; + cpend = op->cpnd; + ip->sunqe = sunique; + sunique = op->sunqe; + ip->runqe = runique; + runique = op->runqe; + ip->mcse = mcase; + mcase = op->mcse; + ip->ntflg = ntflag; + ntflag = op->ntflg; + strncpy(ip->nti, ntin, 16); + (ip->nti)[strlen(ip->nti)] = '\0'; + strcpy(ntin, op->nti); + strncpy(ip->nto, ntout, 16); + (ip->nto)[strlen(ip->nto)] = '\0'; + strcpy(ntout, op->nto); + ip->mapflg = mapflag; + mapflag = op->mapflg; + strncpy(ip->mi, mapin, MaxPathLen - 1); + (ip->mi)[strlen(ip->mi)] = '\0'; + strcpy(mapin, op->mi); + strncpy(ip->mo, mapout, MaxPathLen - 1); + (ip->mo)[strlen(ip->mo)] = '\0'; + strcpy(mapout, op->mo); + signal(SIGINT, oldintr); + if (abrtflag) { + abrtflag = 0; + (*oldintr)(SIGINT); + } +} + +void +abortpt(int sig) +{ + + printf("\n"); + fflush(stdout); + ptabflg++; + mflag = 0; + abrtflag = 0; + longjmp(ptabort, 1); +} + +void +proxtrans(char *cmd, char *local, char *remote) +{ + sighand oldintr; + int secndflag = 0, prox_type, nfnd; + char *cmd2; + fd_set mask; + + if (strcmp(cmd, "RETR")) + cmd2 = "RETR"; + else + cmd2 = runique ? "STOU" : "STOR"; + if ((prox_type = type) == 0) { + if (unix_server && unix_proxy) + prox_type = TYPE_I; + else + prox_type = TYPE_A; + } + if (curtype != prox_type) + changetype(prox_type, 1); + if (command("PASV") != COMPLETE) { + printf("proxy server does not support third party transfers.\n"); + return; + } + pswitch(0); + if (!connected) { + printf("No primary connection\n"); + pswitch(1); + code = -1; + return; + } + if (curtype != prox_type) + changetype(prox_type, 1); + if (command("PORT %s", pasv) != COMPLETE) { + pswitch(1); + return; + } + if (setjmp(ptabort)) + goto abort; + oldintr = signal(SIGINT, abortpt); + if (command("%s %s", cmd, remote) != PRELIM) { + signal(SIGINT, oldintr); + pswitch(1); + return; + } + sleep(2); + pswitch(1); + secndflag++; + if (command("%s %s", cmd2, local) != PRELIM) + goto abort; + ptflag++; + getreply(0); + pswitch(0); + getreply(0); + signal(SIGINT, oldintr); + pswitch(1); + ptflag = 0; + printf("local: %s remote: %s\n", local, remote); + return; +abort: + signal(SIGINT, SIG_IGN); + ptflag = 0; + if (strcmp(cmd, "RETR") && !proxy) + pswitch(1); + else if (!strcmp(cmd, "RETR") && proxy) + pswitch(0); + if (!cpend && !secndflag) { /* only here if cmd = "STOR" (proxy=1) */ + if (command("%s %s", cmd2, local) != PRELIM) { + pswitch(0); + if (cpend) + abort_remote((FILE *) NULL); + } + pswitch(1); + if (ptabflg) + code = -1; + signal(SIGINT, oldintr); + return; + } + if (cpend) + abort_remote((FILE *) NULL); + pswitch(!proxy); + if (!cpend && !secndflag) { /* only if cmd = "RETR" (proxy=1) */ + if (command("%s %s", cmd2, local) != PRELIM) { + pswitch(0); + if (cpend) + abort_remote((FILE *) NULL); + pswitch(1); + if (ptabflg) + code = -1; + signal(SIGINT, oldintr); + return; + } + } + if (cpend) + abort_remote((FILE *) NULL); + pswitch(!proxy); + if (cpend) { + FD_ZERO(&mask); + FD_SET(fileno(cin), &mask); + if ((nfnd = empty(&mask, 10)) <= 0) { + if (nfnd < 0) { + warn("abort"); + } + if (ptabflg) + code = -1; + lostpeer(0); + } + getreply(0); + getreply(0); + } + if (proxy) + pswitch(0); + pswitch(1); + if (ptabflg) + code = -1; + signal(SIGINT, oldintr); +} + +void +reset(int argc, char **argv) +{ + fd_set mask; + int nfnd = 1; + + FD_ZERO(&mask); + while (nfnd > 0) { + FD_SET(fileno(cin), &mask); + if ((nfnd = empty(&mask,0)) < 0) { + warn("reset"); + code = -1; + lostpeer(0); + } + else if (nfnd) { + getreply(0); + } + } +} + +char * +gunique(char *local) +{ + static char new[MaxPathLen]; + char *cp = strrchr(local, '/'); + int d, count=0; + char ext = '1'; + + if (cp) + *cp = '\0'; + d = access(cp ? local : ".", 2); + if (cp) + *cp = '/'; + if (d < 0) { + warn("local: %s", local); + return NULL; + } + strcpy(new, local); + cp = new + strlen(new); + *cp++ = '.'; + while (!d) { + if (++count == 100) { + printf("runique: can't find unique file name.\n"); + return NULL; + } + *cp++ = ext; + *cp = '\0'; + if (ext == '9') + ext = '0'; + else + ext++; + if ((d = access(new, 0)) < 0) + break; + if (ext != '0') + cp--; + else if (*(cp - 2) == '.') + *(cp - 1) = '1'; + else { + *(cp - 2) = *(cp - 2) + 1; + cp--; + } + } + return (new); +} + +void +abort_remote(FILE *din) +{ + char buf[BUFSIZ]; + int nfnd; + fd_set mask; + + /* + * send IAC in urgent mode instead of DM because 4.3BSD places oob mark + * after urgent byte rather than before as is protocol now + */ + snprintf(buf, sizeof(buf), "%c%c%c", IAC, IP, IAC); + if (send(fileno(cout), buf, 3, MSG_OOB) != 3) + warn("abort"); + fprintf(cout,"%cABOR\r\n", DM); + fflush(cout); + FD_ZERO(&mask); + FD_SET(fileno(cin), &mask); + if (din) { + FD_SET(fileno(din), &mask); + } + if ((nfnd = empty(&mask, 10)) <= 0) { + if (nfnd < 0) { + warn("abort"); + } + if (ptabflg) + code = -1; + lostpeer(0); + } + if (din && FD_ISSET(fileno(din), &mask)) { + while (read(fileno(din), buf, BUFSIZ) > 0) + /* LOOP */; + } + if (getreply(0) == ERROR && code == 552) { + /* 552 needed for nic style abort */ + getreply(0); + } + getreply(0); +} diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h b/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h new file mode 100644 index 0000000..6ead793 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/ftp_locl.h @@ -0,0 +1,145 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: ftp_locl.h,v 1.29 1997/05/20 18:40:28 bg Exp $ */ + +#ifndef __FTP_LOCL_H__ +#define __FTP_LOCL_H__ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <sys/cdefs.h> + +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif +#include <signal.h> +#include <stdio.h> +#include <stdlib.h> +#include <stdarg.h> +#include <string.h> +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif +#ifdef HAVE_SYS_RESOURCE_H +#include <sys/resource.h> +#endif +#ifdef HAVE_SYS_WAIT_H +#include <sys/wait.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif + +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_NETINET_IN_SYSTM_H +#include <netinet/in_systm.h> +#endif +#ifdef HAVE_NETINET_IP_H +#include <netinet/ip.h> +#endif + +#ifdef HAVE_ARPA_FTP_H +#include <arpa/ftp.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#ifdef HAVE_ARPA_TELNET_H +#include <arpa/telnet.h> +#endif + +#include <errno.h> +#include <ctype.h> +#include <glob.h> +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif + +#ifdef HAVE_SYS_MMAN_H +#include <sys/mman.h> +#endif + +#include <err.h> + +#ifdef SOCKS +#include <socks.h> +extern int LIBPREFIX(fclose) __P((FILE *)); +#endif + +#include "ftp_var.h" +#include "extern.h" +#include "common.h" +#include "pathnames.h" + +#include <des.h> + +#include <krb.h> + +#include "krb4.h" + +#include "roken.h" + +#if defined(__sun__) && !defined(__svr4) +int fclose(FILE*); +int pclose(FILE*); +#endif + +#endif /* __FTP_LOCL_H__ */ diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp_var.h b/crypto/kerberosIV/appl/ftp/ftp/ftp_var.h new file mode 100644 index 0000000..ffac59a --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/ftp_var.h @@ -0,0 +1,127 @@ +/* + * Copyright (c) 1985, 1989, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)ftp_var.h 8.4 (Berkeley) 10/9/94 + */ + +/* + * FTP global variables. + */ + +#ifdef HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif +#include <setjmp.h> + +/* + * Options and other state info. + */ +extern int trace; /* trace packets exchanged */ +extern int hash; /* print # for each buffer transferred */ +extern int sendport; /* use PORT cmd for each data connection */ +extern int verbose; /* print messages coming back from server */ +extern int connected; /* connected to server */ +extern int fromatty; /* input is from a terminal */ +extern int interactive; /* interactively prompt on m* cmds */ +extern int debug; /* debugging level */ +extern int bell; /* ring bell on cmd completion */ +extern int doglob; /* glob local file names */ +extern int autologin; /* establish user account on connection */ +extern int proxy; /* proxy server connection active */ +extern int proxflag; /* proxy connection exists */ +extern int sunique; /* store files on server with unique name */ +extern int runique; /* store local files with unique name */ +extern int mcase; /* map upper to lower case for mget names */ +extern int ntflag; /* use ntin ntout tables for name translation */ +extern int mapflag; /* use mapin mapout templates on file names */ +extern int code; /* return/reply code for ftp command */ +extern int crflag; /* if 1, strip car. rets. on ascii gets */ +extern char pasv[64]; /* passive port for proxy data connection */ +extern int passivemode; /* passive mode enabled */ +extern char *altarg; /* argv[1] with no shell-like preprocessing */ +extern char ntin[17]; /* input translation table */ +extern char ntout[17]; /* output translation table */ +extern char mapin[MaxPathLen]; /* input map template */ +extern char mapout[MaxPathLen]; /* output map template */ +extern char typename[32]; /* name of file transfer type */ +extern int type; /* requested file transfer type */ +extern int curtype; /* current file transfer type */ +extern char structname[32]; /* name of file transfer structure */ +extern int stru; /* file transfer structure */ +extern char formname[32]; /* name of file transfer format */ +extern int form; /* file transfer format */ +extern char modename[32]; /* name of file transfer mode */ +extern int mode; /* file transfer mode */ +extern char bytename[32]; /* local byte size in ascii */ +extern int bytesize; /* local byte size in binary */ + +extern char *hostname; /* name of host connected to */ +extern int unix_server; /* server is unix, can use binary for ascii */ +extern int unix_proxy; /* proxy is unix, can use binary for ascii */ + +extern jmp_buf toplevel; /* non-local goto stuff for cmd scanner */ + +extern char line[200]; /* input line buffer */ +extern char *stringbase; /* current scan point in line buffer */ +extern char argbuf[200]; /* argument storage buffer */ +extern char *argbase; /* current storage point in arg buffer */ +extern int margc; /* count of arguments on input line */ +extern char **margv; /* args parsed from input line */ +extern int margvlen; /* how large margv is currently */ +extern int cpend; /* flag: if != 0, then pending server reply */ +extern int mflag; /* flag: if != 0, then active multi command */ + +extern int options; /* used during socket creation */ + +/* + * Format of command table. + */ +struct cmd { + char *c_name; /* name of command */ + char *c_help; /* help string */ + char c_bell; /* give bell when command completes */ + char c_conn; /* must be connected to use command */ + char c_proxy; /* proxy server may execute */ + void (*c_handler) (int, char **); /* function to call */ +}; + +struct macel { + char mac_name[9]; /* macro name */ + char *mac_start; /* start of macro in macbuf */ + char *mac_end; /* end of macro in macbuf */ +}; + +extern int macnum; /* number of defined macros */ +extern struct macel macros[16]; +extern char macbuf[4096]; + + diff --git a/crypto/kerberosIV/appl/ftp/ftp/globals.c b/crypto/kerberosIV/appl/ftp/ftp/globals.c new file mode 100644 index 0000000..7199e65 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/globals.c @@ -0,0 +1,76 @@ +#include "ftp_locl.h" +RCSID("$Id: globals.c,v 1.6 1996/08/26 22:46:26 assar Exp $"); + +/* + * Options and other state info. + */ +int trace; /* trace packets exchanged */ +int hash; /* print # for each buffer transferred */ +int sendport; /* use PORT cmd for each data connection */ +int verbose; /* print messages coming back from server */ +int connected; /* connected to server */ +int fromatty; /* input is from a terminal */ +int interactive; /* interactively prompt on m* cmds */ +int debug; /* debugging level */ +int bell; /* ring bell on cmd completion */ +int doglob; /* glob local file names */ +int autologin; /* establish user account on connection */ +int proxy; /* proxy server connection active */ +int proxflag; /* proxy connection exists */ +int sunique; /* store files on server with unique name */ +int runique; /* store local files with unique name */ +int mcase; /* map upper to lower case for mget names */ +int ntflag; /* use ntin ntout tables for name translation */ +int mapflag; /* use mapin mapout templates on file names */ +int code; /* return/reply code for ftp command */ +int crflag; /* if 1, strip car. rets. on ascii gets */ +char pasv[64]; /* passive port for proxy data connection */ +int passivemode; /* passive mode enabled */ +char *altarg; /* argv[1] with no shell-like preprocessing */ +char ntin[17]; /* input translation table */ +char ntout[17]; /* output translation table */ +char mapin[MaxPathLen]; /* input map template */ +char mapout[MaxPathLen]; /* output map template */ +char typename[32]; /* name of file transfer type */ +int type; /* requested file transfer type */ +int curtype; /* current file transfer type */ +char structname[32]; /* name of file transfer structure */ +int stru; /* file transfer structure */ +char formname[32]; /* name of file transfer format */ +int form; /* file transfer format */ +char modename[32]; /* name of file transfer mode */ +int mode; /* file transfer mode */ +char bytename[32]; /* local byte size in ascii */ +int bytesize; /* local byte size in binary */ + +char *hostname; /* name of host connected to */ +int unix_server; /* server is unix, can use binary for ascii */ +int unix_proxy; /* proxy is unix, can use binary for ascii */ + +jmp_buf toplevel; /* non-local goto stuff for cmd scanner */ + +char line[200]; /* input line buffer */ +char *stringbase; /* current scan point in line buffer */ +char argbuf[200]; /* argument storage buffer */ +char *argbase; /* current storage point in arg buffer */ +int margc; /* count of arguments on input line */ +char **margv; /* args parsed from input line */ +int margvlen; /* how large margv is currently */ +int cpend; /* flag: if != 0, then pending server reply */ +int mflag; /* flag: if != 0, then active multi command */ + +int options; /* used during socket creation */ + +/* + * Format of command table. + */ + +int macnum; /* number of defined macros */ +struct macel macros[16]; +char macbuf[4096]; + +char username[32]; + +/* these are set in ruserpass */ +char myhostname[MaxHostNameLen]; +char *mydomain; diff --git a/crypto/kerberosIV/appl/ftp/ftp/kauth.c b/crypto/kerberosIV/appl/ftp/ftp/kauth.c new file mode 100644 index 0000000..8bc9b9b --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/kauth.c @@ -0,0 +1,145 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ftp_locl.h" +RCSID("$Id: kauth.c,v 1.14 1997/05/11 04:08:04 assar Exp $"); + +void kauth(int argc, char **argv) +{ + int ret; + char buf[1024]; + des_cblock key; + des_key_schedule schedule; + KTEXT_ST tkt, tktcopy; + char *name; + char *p; + int overbose; + char passwd[100]; + int tmp; + + if(argc > 2){ + printf("usage: %s [principal]\n", argv[0]); + code = -1; + return; + } + if(argc == 2) + name = argv[1]; + else + name = username; + + overbose = verbose; + verbose = 0; + + ret = command("SITE KAUTH %s", name); + if(ret != CONTINUE){ + verbose = overbose; + code = -1; + return; + } + verbose = overbose; + p = strstr(reply_string, "T="); + if(!p){ + printf("Bad reply from server.\n"); + code = -1; + return; + } + p += 2; + tmp = base64_decode(p, &tkt.dat); + if(tmp < 0){ + printf("Failed to decode base64 in reply.\n"); + code = -1; + return; + } + tkt.length = tmp; + tktcopy.length = tkt.length; + + p = strstr(reply_string, "P="); + if(!p){ + printf("Bad reply from server.\n"); + verbose = overbose; + code = -1; + return; + } + name = p + 2; + for(; *p && *p != ' ' && *p != '\r' && *p != '\n'; p++); + *p = 0; + + snprintf(buf, sizeof(buf), "Password for %s:", name); + if (des_read_pw_string (passwd, sizeof(passwd)-1, buf, 0)) + *passwd = '\0'; + des_string_to_key (passwd, &key); + + des_key_sched(&key, schedule); + + des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat, + tkt.length, + schedule, &key, DES_DECRYPT); + if (strcmp ((char*)tktcopy.dat + 8, + KRB_TICKET_GRANTING_TICKET) != 0) { + afs_string_to_key (passwd, krb_realmofhost(hostname), &key); + des_key_sched (&key, schedule); + des_pcbc_encrypt((des_cblock*)tkt.dat, (des_cblock*)tktcopy.dat, + tkt.length, + schedule, &key, DES_DECRYPT); + } + memset(key, 0, sizeof(key)); + memset(schedule, 0, sizeof(schedule)); + memset(passwd, 0, sizeof(passwd)); + base64_encode(tktcopy.dat, tktcopy.length, &p); + memset (tktcopy.dat, 0, tktcopy.length); + ret = command("SITE KAUTH %s %s", name, p); + free(p); + if(ret != COMPLETE){ + code = -1; + return; + } + code = 0; +} + +void klist(int argc, char **argv) +{ + int ret; + if(argc != 1){ + printf("usage: %s\n", argv[0]); + code = -1; + return; + } + + ret = command("SITE KLIST"); + code = (ret == COMPLETE); +} diff --git a/crypto/kerberosIV/appl/ftp/ftp/krb4.c b/crypto/kerberosIV/appl/ftp/ftp/krb4.c new file mode 100644 index 0000000..872c5bc --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/krb4.c @@ -0,0 +1,567 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ftp_locl.h" + +RCSID("$Id: krb4.c,v 1.18 1997/05/11 04:08:05 assar Exp $"); + +static KTEXT_ST krb4_adat; + +static des_cblock key; +static des_key_schedule schedule; + +static char *data_buffer; + +extern struct sockaddr_in hisctladdr, myctladdr; + +int auth_complete; + +static int command_prot; + +static int auth_pbsz; +static int data_prot; + +static int request_data_prot; + + +static struct { + int level; + char *name; +} level_names[] = { + { prot_clear, "clear" }, + { prot_safe, "safe" }, + { prot_confidential, "confidential" }, + { prot_private, "private" } +}; + +static char *level_to_name(int level) +{ + int i; + for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++) + if(level_names[i].level == level) + return level_names[i].name; + return "unknown"; +} + +static int name_to_level(char *name) +{ + int i; + for(i = 0; i < sizeof(level_names) / sizeof(level_names[0]); i++) + if(!strncasecmp(level_names[i].name, name, strlen(name))) + return level_names[i].level; + return -1; +} + +void sec_status(void) +{ + if(auth_complete){ + printf("Using KERBEROS_V4 for authentication.\n"); + + command_prot = prot_private; /* this variable is not used */ + + printf("Using %s command channel.\n", + level_to_name(command_prot)); + + printf("Using %s data channel.\n", + level_to_name(data_prot)); + if(auth_pbsz > 0) + printf("Protection buffer size: %d.\n", auth_pbsz); + }else{ + printf("Not using any security mechanism.\n"); + } +} + +static int +sec_prot_internal(int level) +{ + int ret; + char *p; + int s = 1048576; + + int old_verbose = verbose; + verbose = 0; + + if(!auth_complete){ + printf("No security data exchange has taken place.\n"); + return -1; + } + + if(level){ + ret = command("PBSZ %d", s); + if(ret != COMPLETE){ + printf("Failed to set protection buffer size.\n"); + return -1; + } + auth_pbsz = s; + p = strstr(reply_string, "PBSZ="); + if(p) + sscanf(p, "PBSZ=%d", &s); + if(s < auth_pbsz) + auth_pbsz = s; + if(data_buffer) + free(data_buffer); + data_buffer = malloc(auth_pbsz); + } + verbose = old_verbose; + ret = command("PROT %c", level["CSEP"]); /* XXX :-) */ + if(ret != COMPLETE){ + printf("Failed to set protection level.\n"); + return -1; + } + + data_prot = level; + return 0; +} + + +void +sec_prot(int argc, char **argv) +{ + int level = -1; + + if(argc != 2){ + printf("usage: %s (clear | safe | confidential | private)\n", + argv[0]); + code = -1; + return; + } + if(!auth_complete){ + printf("No security data exchange has taken place.\n"); + code = -1; + return; + } + level = name_to_level(argv[1]); + + if(level == -1){ + printf("usage: %s (clear | safe | confidential | private)\n", + argv[0]); + code = -1; + return; + } + + if(level == prot_confidential){ + printf("Confidential protection is not defined with Kerberos.\n"); + code = -1; + return; + } + + if(sec_prot_internal(level) < 0){ + code = -1; + return; + } + code = 0; +} + +void +sec_set_protection_level(void) +{ + if(auth_complete && data_prot != request_data_prot) + sec_prot_internal(request_data_prot); +} + + +int +sec_request_prot(char *level) +{ + int l = name_to_level(level); + if(l == -1) + return -1; + request_data_prot = l; + return 0; +} + + +int sec_getc(FILE *F) +{ + if(auth_complete && data_prot) + return krb4_getc(F); + else + return getc(F); +} + +int sec_read(int fd, void *data, int length) +{ + if(auth_complete && data_prot) + return krb4_read(fd, data, length); + else + return read(fd, data, length); +} + +static int +krb4_recv(int fd) +{ + int len; + MSG_DAT m; + int kerror; + + krb_net_read(fd, &len, sizeof(len)); + len = ntohl(len); + krb_net_read(fd, data_buffer, len); + if(data_prot == prot_safe) + kerror = krb_rd_safe(data_buffer, len, &key, + &hisctladdr, &myctladdr, &m); + else + kerror = krb_rd_priv(data_buffer, len, schedule, &key, + &hisctladdr, &myctladdr, &m); + if(kerror){ + return -1; + } + memmove(data_buffer, m.app_data, m.app_length); + return m.app_length; +} + + +int krb4_getc(FILE *F) +{ + static int bytes; + static int index; + if(bytes == 0){ + bytes = krb4_recv(fileno(F)); + index = 0; + } + if(bytes){ + bytes--; + return (unsigned char)data_buffer[index++]; + } + return EOF; +} + +int krb4_read(int fd, char *data, int length) +{ + static int left; + static int index; + static int eof; + int len = left; + int rx = 0; + + if(eof){ + eof = 0; + return 0; + } + + if(left){ + if(length < len) + len = length; + memmove(data, data_buffer + index, len); + length -= len; + index += len; + rx += len; + left -= len; + } + + while(length){ + len = krb4_recv(fd); + if(len == 0){ + if(rx) + eof = 1; + return rx; + } + if(len > length){ + left = len - length; + len = index = length; + } + memmove(data, data_buffer, len); + length -= len; + data += len; + rx += len; + } + return rx; +} + + +static int +krb4_encode(char *from, char *to, int length) +{ + if(data_prot == prot_safe) + return krb_mk_safe(from, to, length, &key, + &myctladdr, &hisctladdr); + else + return krb_mk_priv(from, to, length, schedule, &key, + &myctladdr, &hisctladdr); +} + +static int +krb4_overhead(int len) +{ + if(data_prot == prot_safe) + return 31; + else + return 26; +} + +static char p_buf[1024]; +static int p_index; + +int +sec_putc(int c, FILE *F) +{ + if(data_prot){ + if((c == '\n' && p_index) || p_index == sizeof(p_buf)){ + sec_write(fileno(F), p_buf, p_index); + p_index = 0; + } + p_buf[p_index++] = c; + return c; + } + return putc(c, F); +} + +static int +sec_send(int fd, char *from, int length) +{ + int bytes; + bytes = krb4_encode(from, data_buffer, length); + bytes = htonl(bytes); + krb_net_write(fd, &bytes, sizeof(bytes)); + krb_net_write(fd, data_buffer, ntohl(bytes)); + return length; +} + +int +sec_fflush(FILE *F) +{ + if(data_prot){ + if(p_index){ + sec_write(fileno(F), p_buf, p_index); + p_index = 0; + } + sec_send(fileno(F), NULL, 0); + } + fflush(F); + return 0; +} + +int +sec_write(int fd, char *data, int length) +{ + int len = auth_pbsz; + int tx = 0; + + if(data_prot == prot_clear) + return write(fd, data, length); + + len -= krb4_overhead(len); + while(length){ + if(length < len) + len = length; + sec_send(fd, data, len); + length -= len; + data += len; + tx += len; + } + return tx; +} + +static int +do_auth(char *service, char *host, int checksum) +{ + int ret; + CREDENTIALS cred; + char sname[SNAME_SZ], inst[INST_SZ], realm[REALM_SZ]; + strcpy(sname, service); + strcpy(inst, krb_get_phost(host)); + strcpy(realm, krb_realmofhost(host)); + ret = krb_mk_req(&krb4_adat, sname, inst, realm, checksum); + if(ret) + return ret; + strcpy(sname, service); + strcpy(inst, krb_get_phost(host)); + strcpy(realm, krb_realmofhost(host)); + ret = krb_get_cred(sname, inst, realm, &cred); + memmove(&key, &cred.session, sizeof(des_cblock)); + des_key_sched(&key, schedule); + memset(&cred, 0, sizeof(cred)); + return ret; +} + + +int +do_klogin(char *host) +{ + int ret; + char *p; + int len; + char adat[1024]; + MSG_DAT msg_data; + int checksum; + + int old_verbose = verbose; + + verbose = 0; + printf("Trying KERBEROS_V4...\n"); + ret = command("AUTH KERBEROS_V4"); + if(ret != CONTINUE){ + if(code == 504){ + printf("Kerberos 4 is not supported by the server.\n"); + }else if(code == 534){ + printf("KERBEROS_V4 rejected as security mechanism.\n"); + }else if(ret == ERROR) + printf("The server doesn't understand the FTP " + "security extensions.\n"); + verbose = old_verbose; + return -1; + } + + checksum = getpid(); + ret = do_auth("ftp", host, checksum); + if(ret == KDC_PR_UNKNOWN) + ret = do_auth("rcmd", host, checksum); + if(ret){ + printf("%s\n", krb_get_err_text(ret)); + verbose = old_verbose; + return ret; + } + + base64_encode(krb4_adat.dat, krb4_adat.length, &p); + ret = command("ADAT %s", p); + free(p); + + if(ret != COMPLETE){ + printf("Server didn't accept auth data.\n"); + verbose = old_verbose; + return -1; + } + + p = strstr(reply_string, "ADAT="); + if(!p){ + printf("Remote host didn't send adat reply.\n"); + verbose = old_verbose; + return -1; + } + p+=5; + len = base64_decode(p, adat); + if(len < 0){ + printf("Failed to decode base64 from server.\n"); + verbose = old_verbose; + return -1; + } + ret = krb_rd_safe(adat, len, &key, + &hisctladdr, &myctladdr, &msg_data); + if(ret){ + printf("Error reading reply from server: %s.\n", + krb_get_err_text(ret)); + verbose = old_verbose; + return -1; + } + { + /* the draft doesn't tell what size the return has */ + int i; + u_int32_t cs = 0; + for(i = 0; i < msg_data.app_length; i++) + cs = (cs<<8) + msg_data.app_data[i]; + if(cs - checksum != 1){ + printf("Bad checksum returned from server.\n"); + verbose = old_verbose; + return -1; + } + } + auth_complete = 1; + verbose = old_verbose; + return 0; +} + +void +krb4_quit(void) +{ + auth_complete = 0; +} + +int krb4_write_enc(FILE *F, char *fmt, va_list ap) +{ + int len; + char *p; + char buf[1024]; + char enc[1024]; + + vsnprintf(buf, sizeof(buf), fmt, ap); + len = krb_mk_priv(buf, enc, strlen(buf), schedule, &key, + &myctladdr, &hisctladdr); + base64_encode(enc, len, &p); + + fprintf(F, "ENC %s", p); + free (p); + return 0; +} + + +int krb4_read_msg(char *s, int priv) +{ + int len; + int ret; + char buf[1024]; + MSG_DAT m; + int code; + + len = base64_decode(s + 4, buf); + if(priv) + ret = krb_rd_priv(buf, len, schedule, &key, + &hisctladdr, &myctladdr, &m); + else + ret = krb_rd_safe(buf, len, &key, &hisctladdr, &myctladdr, &m); + if(ret){ + printf("%s\n", krb_get_err_text(ret)); + return -1; + } + + m.app_data[m.app_length] = 0; + if(m.app_data[3] == '-') + code = 0; + else + sscanf((char*)m.app_data, "%d", &code); + strncpy(s, (char*)m.app_data, strlen((char*)m.app_data)); + + s[m.app_length] = 0; + len = strlen(s); + if(s[len-1] == '\n') + s[len-1] = 0; + + return code; +} + +int +krb4_read_mic(char *s) +{ + return krb4_read_msg(s, 0); +} + +int +krb4_read_enc(char *s) +{ + return krb4_read_msg(s, 1); +} + diff --git a/crypto/kerberosIV/appl/ftp/ftp/krb4.h b/crypto/kerberosIV/appl/ftp/ftp/krb4.h new file mode 100644 index 0000000..7cf8cec --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/krb4.h @@ -0,0 +1,81 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: krb4.h,v 1.10 1997/04/01 08:17:22 joda Exp $ */ + +#ifndef __KRB4_H__ +#define __KRB4_H__ + +#include <stdio.h> +#include <stdarg.h> + +extern int auth_complete; + +void sec_status(void); + +enum { prot_clear, prot_safe, prot_confidential, prot_private }; + +void sec_prot(int, char**); + +int sec_getc(FILE *F); +int sec_putc(int c, FILE *F); +int sec_fflush(FILE *F); +int sec_read(int fd, void *data, int length); +int sec_write(int fd, char *data, int length); + +int krb4_getc(FILE *F); +int krb4_read(int fd, char *data, int length); + + + +void sec_set_protection_level(void); +int sec_request_prot(char *level); + +void kauth(int, char **); +void klist(int, char **); + +void krb4_quit(void); + +int krb4_write_enc(FILE *F, char *fmt, va_list ap); +int krb4_read_msg(char *s, int priv); +int krb4_read_mic(char *s); +int krb4_read_enc(char *s); + +int do_klogin(char *host); + +#endif /* __KRB4_H__ */ diff --git a/crypto/kerberosIV/appl/ftp/ftp/main.c b/crypto/kerberosIV/appl/ftp/ftp/main.c new file mode 100644 index 0000000..4d1b6a5 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/main.c @@ -0,0 +1,542 @@ +/* + * Copyright (c) 1985, 1989, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * FTP User Program -- Command Interface. + */ + +#include "ftp_locl.h" +RCSID("$Id: main.c,v 1.20 1997/04/20 16:14:55 joda Exp $"); + +int +main(int argc, char **argv) +{ + int ch, top; + struct passwd *pw = NULL; + char homedir[MaxPathLen]; + struct servent *sp; + + set_progname(argv[0]); + + sp = getservbyname("ftp", "tcp"); + if (sp == 0) + errx(1, "ftp/tcp: unknown service"); + doglob = 1; + interactive = 1; + autologin = 1; + + while ((ch = getopt(argc, argv, "dgintv")) != EOF) { + switch (ch) { + case 'd': + options |= SO_DEBUG; + debug++; + break; + + case 'g': + doglob = 0; + break; + + case 'i': + interactive = 0; + break; + + case 'n': + autologin = 0; + break; + + case 't': + trace++; + break; + + case 'v': + verbose++; + break; + + default: + fprintf(stderr, + "usage: ftp [-dgintv] [host [port]]\n"); + exit(1); + } + } + argc -= optind; + argv += optind; + + fromatty = isatty(fileno(stdin)); + if (fromatty) + verbose++; + cpend = 0; /* no pending replies */ + proxy = 0; /* proxy not active */ + passivemode = 0; /* passive mode not active */ + crflag = 1; /* strip c.r. on ascii gets */ + sendport = -1; /* not using ports */ + /* + * Set up the home directory in case we're globbing. + */ + pw = k_getpwuid(getuid()); + if (pw != NULL) { + home = homedir; + strcpy(home, pw->pw_dir); + } + if (argc > 0) { + char *xargv[5]; + + if (setjmp(toplevel)) + exit(0); + signal(SIGINT, intr); + signal(SIGPIPE, lostpeer); + xargv[0] = (char*)__progname; + xargv[1] = argv[0]; + xargv[2] = argv[1]; + xargv[3] = argv[2]; + xargv[4] = NULL; + setpeer(argc+1, xargv); + } + if(setjmp(toplevel) == 0) + top = 1; + else + top = 0; + if (top) { + signal(SIGINT, intr); + signal(SIGPIPE, lostpeer); + } + for (;;) { + cmdscanner(top); + top = 1; + } +} + +void +intr(int sig) +{ + + longjmp(toplevel, 1); +} + +#ifndef SHUT_RDWR +#define SHUT_RDWR 2 +#endif + +RETSIGTYPE +lostpeer(int sig) +{ + + if (connected) { + if (cout != NULL) { + shutdown(fileno(cout), SHUT_RDWR); + fclose(cout); + cout = NULL; + } + if (data >= 0) { + shutdown(data, SHUT_RDWR); + close(data); + data = -1; + } + connected = 0; + } + pswitch(1); + if (connected) { + if (cout != NULL) { + shutdown(fileno(cout), SHUT_RDWR); + fclose(cout); + cout = NULL; + } + connected = 0; + } + proxflag = 0; + pswitch(0); + SIGRETURN(0); +} + +/* +char * +tail(filename) + char *filename; +{ + char *s; + + while (*filename) { + s = strrchr(filename, '/'); + if (s == NULL) + break; + if (s[1]) + return (s + 1); + *s = '\0'; + } + return (filename); +} +*/ + +#ifndef HAVE_READLINE + +static char * +readline(char *prompt) +{ + char buf[BUFSIZ]; + printf ("%s", prompt); + fflush (stdout); + if(fgets(buf, sizeof(buf), stdin) == NULL) + return NULL; + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = '\0'; + return strdup(buf); +} + +static void +add_history(char *p) +{ +} + +#else + +/* These should not really be here */ + +char *readline(char *); +void add_history(char *); + +#endif + +/* + * Command parser. + */ +void +cmdscanner(int top) +{ + struct cmd *c; + int l; + + if (!top) + putchar('\n'); + for (;;) { + if (fromatty) { + char *p; + p = readline("ftp> "); + if(p == NULL) + quit(0, 0); + strncpy(line, p, sizeof(line)); + line[sizeof(line) - 1] = 0; + add_history(p); + free(p); + } else{ + if (fgets(line, sizeof line, stdin) == NULL) + quit(0, 0); + } + /* XXX will break on long lines */ + l = strlen(line); + if (l == 0) + break; + if (line[--l] == '\n') { + if (l == 0) + break; + line[l] = '\0'; + } else if (l == sizeof(line) - 2) { + printf("sorry, input line too long\n"); + while ((l = getchar()) != '\n' && l != EOF) + /* void */; + break; + } /* else it was a line without a newline */ + makeargv(); + if (margc == 0) { + continue; + } + c = getcmd(margv[0]); + if (c == (struct cmd *)-1) { + printf("?Ambiguous command\n"); + continue; + } + if (c == 0) { + printf("?Invalid command\n"); + continue; + } + if (c->c_conn && !connected) { + printf("Not connected.\n"); + continue; + } + (*c->c_handler)(margc, margv); + if (bell && c->c_bell) + putchar('\007'); + if (c->c_handler != help) + break; + } + signal(SIGINT, intr); + signal(SIGPIPE, lostpeer); +} + +struct cmd * +getcmd(char *name) +{ + char *p, *q; + struct cmd *c, *found; + int nmatches, longest; + + longest = 0; + nmatches = 0; + found = 0; + for (c = cmdtab; (p = c->c_name); c++) { + for (q = name; *q == *p++; q++) + if (*q == 0) /* exact match? */ + return (c); + if (!*q) { /* the name was a prefix */ + if (q - name > longest) { + longest = q - name; + nmatches = 1; + found = c; + } else if (q - name == longest) + nmatches++; + } + } + if (nmatches > 1) + return ((struct cmd *)-1); + return (found); +} + +/* + * Slice a string up into argc/argv. + */ + +int slrflag; + +void +makeargv(void) +{ + char **argp; + + argp = margv; + stringbase = line; /* scan from first of buffer */ + argbase = argbuf; /* store from first of buffer */ + slrflag = 0; + for (margc = 0; ; margc++) { + /* Expand array if necessary */ + if (margc == margvlen) { + margv = (margvlen == 0) + ? (char **)malloc(20 * sizeof(char *)) + : (char **)realloc(margv, + (margvlen + 20)*sizeof(char *)); + if (margv == NULL) + errx(1, "cannot realloc argv array"); + margvlen += 20; + argp = margv + margc; + } + + if ((*argp++ = slurpstring()) == NULL) + break; + } + +} + +/* + * Parse string into argbuf; + * implemented with FSM to + * handle quoting and strings + */ +char * +slurpstring(void) +{ + int got_one = 0; + char *sb = stringbase; + char *ap = argbase; + char *tmp = argbase; /* will return this if token found */ + + if (*sb == '!' || *sb == '$') { /* recognize ! as a token for shell */ + switch (slrflag) { /* and $ as token for macro invoke */ + case 0: + slrflag++; + stringbase++; + return ((*sb == '!') ? "!" : "$"); + /* NOTREACHED */ + case 1: + slrflag++; + altarg = stringbase; + break; + default: + break; + } + } + +S0: + switch (*sb) { + + case '\0': + goto OUT; + + case ' ': + case '\t': + sb++; goto S0; + + default: + switch (slrflag) { + case 0: + slrflag++; + break; + case 1: + slrflag++; + altarg = sb; + break; + default: + break; + } + goto S1; + } + +S1: + switch (*sb) { + + case ' ': + case '\t': + case '\0': + goto OUT; /* end of token */ + + case '\\': + sb++; goto S2; /* slurp next character */ + + case '"': + sb++; goto S3; /* slurp quoted string */ + + default: + *ap++ = *sb++; /* add character to token */ + got_one = 1; + goto S1; + } + +S2: + switch (*sb) { + + case '\0': + goto OUT; + + default: + *ap++ = *sb++; + got_one = 1; + goto S1; + } + +S3: + switch (*sb) { + + case '\0': + goto OUT; + + case '"': + sb++; goto S1; + + default: + *ap++ = *sb++; + got_one = 1; + goto S3; + } + +OUT: + if (got_one) + *ap++ = '\0'; + argbase = ap; /* update storage pointer */ + stringbase = sb; /* update scan pointer */ + if (got_one) { + return (tmp); + } + switch (slrflag) { + case 0: + slrflag++; + break; + case 1: + slrflag++; + altarg = (char *) 0; + break; + default: + break; + } + return NULL; +} + +#define HELPINDENT ((int) sizeof ("directory")) + +/* + * Help command. + * Call each command handler with argc == 0 and argv[0] == name. + */ +void +help(int argc, char **argv) +{ + struct cmd *c; + + if (argc == 1) { + int i, j, w, k; + int columns, width = 0, lines; + + printf("Commands may be abbreviated. Commands are:\n\n"); + for (c = cmdtab; c < &cmdtab[NCMDS]; c++) { + int len = strlen(c->c_name); + + if (len > width) + width = len; + } + width = (width + 8) &~ 7; + columns = 80 / width; + if (columns == 0) + columns = 1; + lines = (NCMDS + columns - 1) / columns; + for (i = 0; i < lines; i++) { + for (j = 0; j < columns; j++) { + c = cmdtab + j * lines + i; + if (c->c_name && (!proxy || c->c_proxy)) { + printf("%s", c->c_name); + } + else if (c->c_name) { + for (k=0; k < strlen(c->c_name); k++) { + putchar(' '); + } + } + if (c + lines >= &cmdtab[NCMDS]) { + printf("\n"); + break; + } + w = strlen(c->c_name); + while (w < width) { + w = (w + 8) &~ 7; + putchar('\t'); + } + } + } + return; + } + while (--argc > 0) { + char *arg; + arg = *++argv; + c = getcmd(arg); + if (c == (struct cmd *)-1) + printf("?Ambiguous help command %s\n", arg); + else if (c == (struct cmd *)0) + printf("?Invalid help command %s\n", arg); + else + printf("%-*s\t%s\n", HELPINDENT, + c->c_name, c->c_help); + } +} diff --git a/crypto/kerberosIV/appl/ftp/ftp/pathnames.h b/crypto/kerberosIV/appl/ftp/ftp/pathnames.h new file mode 100644 index 0000000..f7c1fb3 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/pathnames.h @@ -0,0 +1,44 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)pathnames.h 8.1 (Berkeley) 6/6/93 + */ + +#ifdef HAVE_PATHS_H +#include <paths.h> +#endif + +#define _PATH_TMP_XXX "/tmp/ftpXXXXXX" + +#ifndef _PATH_BSHELL +#define _PATH_BSHELL "/bin/sh" +#endif diff --git a/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c b/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c new file mode 100644 index 0000000..8cea6d4 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftp/ruserpass.c @@ -0,0 +1,274 @@ +/* + * Copyright (c) 1985, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "ftp_locl.h" +RCSID("$Id: ruserpass.c,v 1.10 1997/05/02 14:27:55 assar Exp $"); + +static int token (void); +static FILE *cfile; + +#define DEFAULT 1 +#define LOGIN 2 +#define PASSWD 3 +#define ACCOUNT 4 +#define MACDEF 5 +#define PROT 6 +#define ID 10 +#define MACH 11 + +static char tokval[100]; + +static struct toktab { + char *tokstr; + int tval; +} toktab[]= { + { "default", DEFAULT }, + { "login", LOGIN }, + { "password", PASSWD }, + { "passwd", PASSWD }, + { "account", ACCOUNT }, + { "machine", MACH }, + { "macdef", MACDEF }, + { "prot", PROT }, + { NULL, 0 } +}; + +int +ruserpass(char *host, char **aname, char **apass, char **aacct) +{ + char *hdir, buf[BUFSIZ], *tmp; + int t, i, c, usedefault = 0; + struct stat stb; + + if(k_gethostname(myhostname, MaxHostNameLen) < 0) + strcpy(myhostname, ""); + if((mydomain = strchr(myhostname, '.')) == NULL) + mydomain = myhostname; + else + mydomain++; + hdir = getenv("HOME"); + if (hdir == NULL) + hdir = "."; + snprintf(buf, sizeof(buf), "%s/.netrc", hdir); + cfile = fopen(buf, "r"); + if (cfile == NULL) { + if (errno != ENOENT) + warn("%s", buf); + return (0); + } + +next: + while ((t = token())) switch(t) { + + case DEFAULT: + usedefault = 1; + /* FALL THROUGH */ + + case MACH: + if (!usedefault) { + if (token() != ID) + continue; + /* + * Allow match either for user's input host name + * or official hostname. Also allow match of + * incompletely-specified host in local domain. + */ + if (strcasecmp(host, tokval) == 0) + goto match; + if (strcasecmp(hostname, tokval) == 0) + goto match; + if ((tmp = strchr(hostname, '.')) != NULL && + tmp++ && + strcasecmp(tmp, mydomain) == 0 && + strncasecmp(hostname, tokval, tmp-hostname) == 0 && + tokval[tmp - hostname] == '\0') + goto match; + if ((tmp = strchr(host, '.')) != NULL && + tmp++ && + strcasecmp(tmp, mydomain) == 0 && + strncasecmp(host, tokval, tmp - host) == 0 && + tokval[tmp - host] == '\0') + goto match; + continue; + } + match: + while ((t = token()) && t != MACH && t != DEFAULT) switch(t) { + + case LOGIN: + if (token()) + if (*aname == 0) { + *aname = strdup(tokval); + } else { + if (strcmp(*aname, tokval)) + goto next; + } + break; + case PASSWD: + if ((*aname == NULL || strcmp(*aname, "anonymous")) && + fstat(fileno(cfile), &stb) >= 0 && + (stb.st_mode & 077) != 0) { + warnx("Error: .netrc file is readable by others."); + warnx("Remove password or make file unreadable by others."); + goto bad; + } + if (token() && *apass == 0) { + *apass = strdup(tokval); + } + break; + case ACCOUNT: + if (fstat(fileno(cfile), &stb) >= 0 + && (stb.st_mode & 077) != 0) { + warnx("Error: .netrc file is readable by others."); + warnx("Remove account or make file unreadable by others."); + goto bad; + } + if (token() && *aacct == 0) { + *aacct = strdup(tokval); + } + break; + case MACDEF: + if (proxy) { + fclose(cfile); + return (0); + } + while ((c=getc(cfile)) != EOF && c == ' ' || c == '\t'); + if (c == EOF || c == '\n') { + printf("Missing macdef name argument.\n"); + goto bad; + } + if (macnum == 16) { + printf("Limit of 16 macros have already been defined\n"); + goto bad; + } + tmp = macros[macnum].mac_name; + *tmp++ = c; + for (i=0; i < 8 && (c=getc(cfile)) != EOF && + !isspace(c); ++i) { + *tmp++ = c; + } + if (c == EOF) { + printf("Macro definition missing null line terminator.\n"); + goto bad; + } + *tmp = '\0'; + if (c != '\n') { + while ((c=getc(cfile)) != EOF && c != '\n'); + } + if (c == EOF) { + printf("Macro definition missing null line terminator.\n"); + goto bad; + } + if (macnum == 0) { + macros[macnum].mac_start = macbuf; + } + else { + macros[macnum].mac_start = macros[macnum-1].mac_end + 1; + } + tmp = macros[macnum].mac_start; + while (tmp != macbuf + 4096) { + if ((c=getc(cfile)) == EOF) { + printf("Macro definition missing null line terminator.\n"); + goto bad; + } + *tmp = c; + if (*tmp == '\n') { + if (*(tmp-1) == '\0') { + macros[macnum++].mac_end = tmp - 1; + break; + } + *tmp = '\0'; + } + tmp++; + } + if (tmp == macbuf + 4096) { + printf("4K macro buffer exceeded\n"); + goto bad; + } + break; + case PROT: + token(); + if(sec_request_prot(tokval) < 0) + warnx("Unknown protection level \"%s\"", tokval); + break; + default: + warnx("Unknown .netrc keyword %s", tokval); + break; + } + goto done; + } +done: + fclose(cfile); + return (0); +bad: + fclose(cfile); + return (-1); +} + +static int +token(void) +{ + char *cp; + int c; + struct toktab *t; + + if (feof(cfile) || ferror(cfile)) + return (0); + while ((c = getc(cfile)) != EOF && + (c == '\n' || c == '\t' || c == ' ' || c == ',')) + continue; + if (c == EOF) + return (0); + cp = tokval; + if (c == '"') { + while ((c = getc(cfile)) != EOF && c != '"') { + if (c == '\\') + c = getc(cfile); + *cp++ = c; + } + } else { + *cp++ = c; + while ((c = getc(cfile)) != EOF + && c != '\n' && c != '\t' && c != ' ' && c != ',') { + if (c == '\\') + c = getc(cfile); + *cp++ = c; + } + } + *cp = 0; + if (tokval[0] == 0) + return (0); + for (t = toktab; t->tokstr; t++) + if (!strcmp(t->tokstr, tokval)) + return (t->tval); + return (ID); +} diff --git a/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in b/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in new file mode 100644 index 0000000..55981de --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/Makefile.in @@ -0,0 +1,84 @@ +# +# $Id: Makefile.in,v 1.31 1997/05/02 17:49:27 assar Exp $ +# + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ + +topdir = ../../.. + +SHELL = /bin/sh + +CC = @CC@ +YACC = @YACC@ +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +LIBS = @LIBS@ +LIB_DBM = @LIB_DBM@ +MKINSTALLDIRS = $(top_srcdir)/mkinstalldirs + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ +libexecdir = @libexecdir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +ATHENA = ../../.. + +INCTOP = $(ATHENA)/include + +LIBTOP = $(ATHENA)/lib + +LIBKAFS = @KRB_KAFS_LIB@ +LIBKRB = -L$(LIBTOP)/krb -lkrb +LIBDES = -L$(LIBTOP)/des -ldes +LIBOTP = -L$(LIBTOP)/otp -lotp +LIBROKEN= -L$(LIBTOP)/roken -lroken + +PROGS = ftpd$(EXECSUFFIX) + +ftpd_SOURCES = ftpd.c ftpcmd.c logwtmp.c popen.c auth.c krb4.c kauth.c +ftpd_OBJS = ftpd.o ftpcmd.o logwtmp.o popen.o auth.o krb4.o kauth.o + +SOURCES = $(ftpd_SOURCES) +OBJECTS = $(ftpd_OBJS) + +all: $(PROGS) + +.c.o: + $(CC) -c $(CFLAGS) -I$(srcdir) -I$(srcdir)/../common -I$(INCTOP) $(DEFS) $< + +install: all + $(MKINSTALLDIRS) $(libexecdir) + for x in $(PROGS); do \ + $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROGS); do \ + rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +ftpd$(EXECSUFFIX): $(ftpd_OBJS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(ftpd_OBJS) -L../common -lcommon $(LIBKAFS) $(LIBKRB) $(LIBOTP) $(LIBDES) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +ftpcmd.c: ftpcmd.y + $(YACC) $(YFLAGS) $< + chmod a-w y.tab.c + mv -f y.tab.c ftpcmd.c + +TAGS: $(SOURCES) + etags $(SOURCES) + +clean cleandir: + rm -f *~ *.o core ftpd ftpcmd.c \#* + +distclean: + rm -f Makefile diff --git a/crypto/kerberosIV/appl/ftp/ftpd/auth.c b/crypto/kerberosIV/appl/ftp/ftpd/auth.c new file mode 100644 index 0000000..862eb6d --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/auth.c @@ -0,0 +1,249 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: auth.c,v 1.11 1997/05/04 23:09:00 assar Exp $"); +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include <sys/ioctl.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +#include "extern.h" +#include "krb4.h" +#include "auth.h" + +static struct at auth_types [] = { + { "KERBEROS_V4", krb4_auth, krb4_adat, krb4_pbsz, krb4_prot, krb4_ccc, + krb4_mic, krb4_conf, krb4_enc, krb4_read, krb4_write, krb4_userok, + krb4_vprintf }, + { 0, 0, 0, 0, 0, 0, 0, 0, 0 } +}; + +struct at *ct; + +int data_protection; +int buffer_size; +unsigned char *data_buffer; +int auth_complete; + + +char *protection_names[] = { + "clear", "safe", + "confidential", "private" +}; + + +void auth_init(void) +{ +} + +char *ftp_command; +int prot_level; + +void new_ftp_command(char *command) +{ + ftp_command = command; +} + +void delete_ftp_command(void) +{ + if(ftp_command){ + free(ftp_command); + ftp_command = NULL; + } +} + +int auth_ok(void) +{ + return ct && auth_complete; +} + +void auth(char *auth) +{ + for(ct=auth_types; ct->name; ct++){ + if(!strcasecmp(auth, ct->name)){ + ct->auth(auth); + return; + } + } + reply(504, "%s is not a known security mechanism", auth); +} + +void adat(char *auth) +{ + if(ct && !auth_complete) + ct->adat(auth); + else + reply(503, "You must (re)issue an AUTH first."); +} + +void pbsz(int size) +{ + int old = buffer_size; + if(auth_ok()) + ct->pbsz(size); + else + reply(503, "Incomplete security data exchange."); + if(buffer_size != old){ + if(data_buffer) + free(data_buffer); + data_buffer = malloc(buffer_size + 4); + } +} + +void prot(char *pl) +{ + int p = -1; + + if(buffer_size == 0){ + reply(503, "No protection buffer size negotiated."); + return; + } + + if(!strcasecmp(pl, "C")) + p = prot_clear; + + if(!strcasecmp(pl, "S")) + p = prot_safe; + + if(!strcasecmp(pl, "E")) + p = prot_confidential; + + if(!strcasecmp(pl, "P")) + p = prot_private; + + if(p == -1){ + reply(504, "Unrecognized protection level."); + return; + } + + if(auth_ok()){ + if(ct->prot(p)){ + reply(536, "%s does not support %s protection.", + ct->name, protection_names[p]); + }else{ + data_protection = p; + reply(200, "Data protection is %s.", + protection_names[data_protection]); + } + }else{ + reply(503, "Incomplete security data exchange."); + } +} + +void ccc(void) +{ + if(auth_ok()){ + if(!ct->ccc()) + prot_level = prot_clear; + }else + reply(503, "Incomplete security data exchange."); +} + +void mic(char *msg) +{ + if(auth_ok()){ + if(!ct->mic(msg)) + prot_level = prot_safe; + }else + reply(503, "Incomplete security data exchange."); +} + +void conf(char *msg) +{ + if(auth_ok()){ + if(!ct->conf(msg)) + prot_level = prot_confidential; + }else + reply(503, "Incomplete security data exchange."); +} + +void enc(char *msg) +{ + if(auth_ok()){ + if(!ct->enc(msg)) + prot_level = prot_private; + }else + reply(503, "Incomplete security data exchange."); +} + +int auth_read(int fd, void *data, int length) +{ + if(auth_ok() && data_protection) + return ct->read(fd, data, length); + else + return read(fd, data, length); +} + +int auth_write(int fd, void *data, int length) +{ + if(auth_ok() && data_protection) + return ct->write(fd, data, length); + else + return write(fd, data, length); +} + +void auth_vprintf(const char *fmt, va_list ap) +{ + if(auth_ok() && prot_level){ + ct->vprintf(fmt, ap); + }else + vprintf(fmt, ap); +} + +void auth_printf(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + auth_vprintf(fmt, ap); + va_end(ap); +} diff --git a/crypto/kerberosIV/appl/ftp/ftpd/auth.h b/crypto/kerberosIV/appl/ftp/ftpd/auth.h new file mode 100644 index 0000000..17d9a13 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/auth.h @@ -0,0 +1,109 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: auth.h,v 1.9 1997/05/11 11:04:28 assar Exp $ */ + +#ifndef __AUTH_H__ +#define __AUTH_H__ + +#include <stdarg.h> + +struct at { + char *name; + int (*auth)(char*); + int (*adat)(char*); + int (*pbsz)(int); + int (*prot)(int); + int (*ccc)(void); + int (*mic)(char*); + int (*conf)(char*); + int (*enc)(char*); + int (*read)(int, void*, int); + int (*write)(int, void*, int); + int (*userok)(char*); + int (*vprintf)(const char*, va_list); +}; + +extern struct at *ct; + +enum protection_levels { + prot_clear, prot_safe, prot_confidential, prot_private +}; + +extern char *protection_names[]; + +extern char *ftp_command; +extern int prot_level; + +void delete_ftp_command(void); + +extern int data_protection; +extern int buffer_size; +extern unsigned char *data_buffer; +extern int auth_complete; + +void auth_init(void); + +int auth_ok(void); + +void auth(char*); +void adat(char*); +void pbsz(int); +void prot(char*); +void ccc(void); +void mic(char*); +void conf(char*); +void enc(char*); + +int auth_read(int, void*, int); +int auth_write(int, void*, int); + +void auth_vprintf(const char *fmt, va_list ap) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 0))) +#endif +; +void auth_printf(const char *fmt, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; + +void new_ftp_command(char *command); + +#endif /* __AUTH_H__ */ diff --git a/crypto/kerberosIV/appl/ftp/ftpd/extern.h b/crypto/kerberosIV/appl/ftp/ftpd/extern.h new file mode 100644 index 0000000..f9b800f --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/extern.h @@ -0,0 +1,141 @@ +/*- + * Copyright (c) 1992, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)extern.h 8.2 (Berkeley) 4/4/94 + */ + +#ifndef _EXTERN_H_ +#define _EXTERN_H_ + +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif + +#include <stdio.h> +#include <stdarg.h> +#include <setjmp.h> +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif + +void abor(void); +void blkfree(char **); +char **copyblk(char **); +void cwd(char *); +void do_delete(char *); +void dologout(int); +void fatal(char *); +int filename_check(char *); +int ftpd_pclose(FILE *); +FILE *ftpd_popen(char *, char *, int, int); +char *getline(char *, int); +void logwtmp(char *, char *, char *); +void lreply(int, const char *, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 3))) +#endif +; +void makedir(char *); +void nack(char *); +void nreply(const char *, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; +void pass(char *); +void passive(void); +void perror_reply(int, char *); +void pwd(void); +void removedir(char *); +void renamecmd(char *, char *); +char *renamefrom(char *); +void reply(int, const char *, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 3))) +#endif +; +void retrieve(char *, char *); +void send_file_list(char *); +void setproctitle(const char *, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; +void statcmd(void); +void statfilecmd(char *); +void do_store(char *, char *, int); +void upper(char *); +void user(char *); +void yyerror(char *); + +void kauth(char *, char*); +void klist(void); + +int find(char *); + +int do_login(int code, char *passwd); +int klogin(char *name, char *password); + +const char *ftp_rooted(const char *path); + +extern struct sockaddr_in ctrl_addr, his_addr; +extern char hostname[]; + +extern struct sockaddr_in data_dest; +extern int logged_in; +extern struct passwd *pw; +extern int guest; +extern int logging; +extern int type; +extern int oobflag; +extern off_t file_size; +extern off_t byte_count; +extern jmp_buf urgcatch; + +extern int form; +extern int debug; +extern int ftpd_timeout; +extern int maxtimeout; +extern int pdata; +extern char hostname[], remotehost[]; +extern char proctitle[]; +extern int usedefault; +extern int transflag; +extern char tmpline[]; + +#endif /* _EXTERN_H_ */ diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y b/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y new file mode 100644 index 0000000..9368cdb --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y @@ -0,0 +1,1408 @@ +/* $NetBSD: ftpcmd.y,v 1.6 1995/06/03 22:46:45 mycroft Exp $ */ + +/* + * Copyright (c) 1985, 1988, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)ftpcmd.y 8.3 (Berkeley) 4/6/94 + */ + +/* + * Grammar for FTP commands. + * See RFC 959. + */ + +%{ + + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +RCSID("$Id: ftpcmd.y,v 1.35 1997/05/25 14:38:49 assar Exp $"); + +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif + +#ifdef HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_ARPA_FTP_H +#include <arpa/ftp.h> +#endif + +#include <ctype.h> +#include <errno.h> +#include <glob.h> +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif +#include <setjmp.h> +#include <signal.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#ifdef HAVE_SYSLOG_H +#include <syslog.h> +#endif +#include <time.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +#ifdef HAVE_BSD_BSD_H +#include <bsd/bsd.h> +#endif + +#include <roken.h> + +#ifdef SOCKS +#include <socks.h> +extern int LIBPREFIX(fclose) __P((FILE *)); +#endif + +#include "extern.h" +#include "auth.h" + +off_t restart_point; + +static int cmd_type; +static int cmd_form; +static int cmd_bytesz; +char cbuf[512]; +char *fromname; + +struct tab { + char *name; + short token; + short state; + short implemented; /* 1 if command is implemented */ + char *help; +}; + +extern struct tab cmdtab[]; +extern struct tab sitetab[]; + +static char *copy (char *); +static void help (struct tab *, char *); +static struct tab * + lookup (struct tab *, char *); +static void sizecmd (char *); +static void toolong (int); +static int yylex (void); + +/* This is for bison */ + +#if !defined(alloca) && !defined(HAVE_ALLOCA) +#define alloca(x) malloc(x) +#endif + +%} + +%union { + int i; + char *s; +} + +%token + A B C E F I + L N P R S T + + SP CRLF COMMA + + USER PASS ACCT REIN QUIT PORT + PASV TYPE STRU MODE RETR STOR + APPE MLFL MAIL MSND MSOM MSAM + MRSQ MRCP ALLO REST RNFR RNTO + ABOR DELE CWD LIST NLST SITE + STAT HELP NOOP MKD RMD PWD + CDUP STOU SMNT SYST SIZE MDTM + + UMASK IDLE CHMOD + + AUTH ADAT PROT PBSZ CCC MIC + CONF ENC + + KAUTH KLIST FIND URL + + LEXERR + +%token <s> STRING +%token <i> NUMBER + +%type <i> check_login check_login_no_guest octal_number byte_size +%type <i> struct_code mode_code type_code form_code +%type <s> pathstring pathname password username + +%start cmd_list + +%% + +cmd_list + : /* empty */ + | cmd_list cmd + { + fromname = (char *) 0; + restart_point = (off_t) 0; + } + | cmd_list rcmd + ; + +cmd + : USER SP username CRLF + { + user($3); + free($3); + } + | AUTH SP STRING CRLF + { + auth($3); + free($3); + } + | ADAT SP STRING CRLF + { + adat($3); + free($3); + } + | PBSZ SP NUMBER CRLF + { + pbsz($3); + } + | PROT SP STRING CRLF + { + prot($3); + } + | CCC CRLF + { + ccc(); + } + | MIC SP STRING CRLF + { + mic($3); + free($3); + } + | CONF SP STRING CRLF + { + conf($3); + free($3); + } + | PASS SP password CRLF + { + pass($3); + memset ($3, 0, strlen($3)); + free($3); + } + | PORT SP host_port CRLF + { + usedefault = 0; + if (pdata >= 0) { + close(pdata); + pdata = -1; + } + reply(200, "PORT command successful."); + } + | PASV CRLF + { + passive(); + } + | TYPE SP type_code CRLF + { + switch (cmd_type) { + + case TYPE_A: + if (cmd_form == FORM_N) { + reply(200, "Type set to A."); + type = cmd_type; + form = cmd_form; + } else + reply(504, "Form must be N."); + break; + + case TYPE_E: + reply(504, "Type E not implemented."); + break; + + case TYPE_I: + reply(200, "Type set to I."); + type = cmd_type; + break; + + case TYPE_L: +#if NBBY == 8 + if (cmd_bytesz == 8) { + reply(200, + "Type set to L (byte size 8)."); + type = cmd_type; + } else + reply(504, "Byte size must be 8."); +#else /* NBBY == 8 */ + UNIMPLEMENTED for NBBY != 8 +#endif /* NBBY == 8 */ + } + } + | STRU SP struct_code CRLF + { + switch ($3) { + + case STRU_F: + reply(200, "STRU F ok."); + break; + + default: + reply(504, "Unimplemented STRU type."); + } + } + | MODE SP mode_code CRLF + { + switch ($3) { + + case MODE_S: + reply(200, "MODE S ok."); + break; + + default: + reply(502, "Unimplemented MODE type."); + } + } + | ALLO SP NUMBER CRLF + { + reply(202, "ALLO command ignored."); + } + | ALLO SP NUMBER SP R SP NUMBER CRLF + { + reply(202, "ALLO command ignored."); + } + | RETR check_login SP pathname CRLF + { + if ($2 && $4 != NULL) + retrieve((char *) 0, $4); + if ($4 != NULL) + free($4); + } + | STOR check_login SP pathname CRLF + { + if ($2 && $4 != NULL) + do_store($4, "w", 0); + if ($4 != NULL) + free($4); + } + | APPE check_login SP pathname CRLF + { + if ($2 && $4 != NULL) + do_store($4, "a", 0); + if ($4 != NULL) + free($4); + } + | NLST check_login CRLF + { + if ($2) + send_file_list("."); + } + | NLST check_login SP STRING CRLF + { + if ($2 && $4 != NULL) + send_file_list($4); + if ($4 != NULL) + free($4); + } + | LIST check_login CRLF + { +#ifdef HAVE_LS_A + char *cmd = "/bin/ls -lA"; +#else + char *cmd = "/bin/ls -la"; +#endif + if ($2) + retrieve(cmd, ""); + + } + | LIST check_login SP pathname CRLF + { +#ifdef HAVE_LS_A + char *cmd = "/bin/ls -lA %s"; +#else + char *cmd = "/bin/ls -la %s"; +#endif + if ($2 && $4 != NULL) + retrieve(cmd, $4); + if ($4 != NULL) + free($4); + } + | STAT check_login SP pathname CRLF + { + if ($2 && $4 != NULL) + statfilecmd($4); + if ($4 != NULL) + free($4); + } + | STAT CRLF + { + if(oobflag){ + if (file_size != (off_t) -1) + reply(213, "Status: %ld of %ld bytes transferred", + byte_count, file_size); + else + reply(213, "Status: %ld bytes transferred", byte_count); + }else + statcmd(); + } + | DELE check_login_no_guest SP pathname CRLF + { + if ($2 && $4 != NULL) + do_delete($4); + if ($4 != NULL) + free($4); + } + | RNTO check_login_no_guest SP pathname CRLF + { + if($2){ + if (fromname) { + renamecmd(fromname, $4); + free(fromname); + fromname = (char *) 0; + } else { + reply(503, "Bad sequence of commands."); + } + } + if ($4 != NULL) + free($4); + } + | ABOR CRLF + { + if(oobflag){ + reply(426, "Transfer aborted. Data connection closed."); + reply(226, "Abort successful"); + oobflag = 0; + longjmp(urgcatch, 1); + }else + reply(225, "ABOR command successful."); + } + | CWD check_login CRLF + { + if ($2) + cwd(pw->pw_dir); + } + | CWD check_login SP pathname CRLF + { + if ($2 && $4 != NULL) + cwd($4); + if ($4 != NULL) + free($4); + } + | HELP CRLF + { + help(cmdtab, (char *) 0); + } + | HELP SP STRING CRLF + { + char *cp = $3; + + if (strncasecmp(cp, "SITE", 4) == 0) { + cp = $3 + 4; + if (*cp == ' ') + cp++; + if (*cp) + help(sitetab, cp); + else + help(sitetab, (char *) 0); + } else + help(cmdtab, $3); + } + | NOOP CRLF + { + reply(200, "NOOP command successful."); + } + | MKD check_login SP pathname CRLF + { + if ($2 && $4 != NULL) + makedir($4); + if ($4 != NULL) + free($4); + } + | RMD check_login_no_guest SP pathname CRLF + { + if ($2 && $4 != NULL) + removedir($4); + if ($4 != NULL) + free($4); + } + | PWD check_login CRLF + { + if ($2) + pwd(); + } + | CDUP check_login CRLF + { + if ($2) + cwd(".."); + } + | SITE SP HELP CRLF + { + help(sitetab, (char *) 0); + } + | SITE SP HELP SP STRING CRLF + { + help(sitetab, $5); + } + | SITE SP UMASK check_login CRLF + { + int oldmask; + + if ($4) { + oldmask = umask(0); + umask(oldmask); + reply(200, "Current UMASK is %03o", oldmask); + } + } + | SITE SP UMASK check_login_no_guest SP octal_number CRLF + { + int oldmask; + + if ($4) { + if (($6 == -1) || ($6 > 0777)) { + reply(501, "Bad UMASK value"); + } else { + oldmask = umask($6); + reply(200, + "UMASK set to %03o (was %03o)", + $6, oldmask); + } + } + } + | SITE SP CHMOD check_login_no_guest SP octal_number SP pathname CRLF + { + if ($4 && $8 != NULL) { + if ($6 > 0777) + reply(501, + "CHMOD: Mode value must be between 0 and 0777"); + else if (chmod($8, $6) < 0) + perror_reply(550, $8); + else + reply(200, "CHMOD command successful."); + } + if ($8 != NULL) + free($8); + } + | SITE SP IDLE CRLF + { + reply(200, + "Current IDLE time limit is %d seconds; max %d", + ftpd_timeout, maxtimeout); + } + | SITE SP IDLE SP NUMBER CRLF + { + if ($5 < 30 || $5 > maxtimeout) { + reply(501, + "Maximum IDLE time must be between 30 and %d seconds", + maxtimeout); + } else { + ftpd_timeout = $5; + alarm((unsigned) ftpd_timeout); + reply(200, + "Maximum IDLE time set to %d seconds", + ftpd_timeout); + } + } + + | SITE SP KAUTH check_login SP STRING CRLF + { + char *p; + + if(guest) + reply(500, "Can't be done as guest."); + else{ + if($4 && $6 != NULL){ + p = strpbrk($6, " \t"); + if(p){ + *p++ = 0; + kauth($6, p + strspn(p, " \t")); + }else + kauth($6, NULL); + } + } + if($6 != NULL) + free($6); + } + | SITE SP KLIST check_login CRLF + { + if($4) + klist(); + } + | SITE SP FIND check_login SP STRING CRLF + { + if($4 && $6 != NULL) + find($6); + if($6 != NULL) + free($6); + } + | SITE SP URL CRLF + { + reply(200, "http://www.pdc.kth.se/kth-krb/"); + } + | STOU check_login SP pathname CRLF + { + if ($2 && $4 != NULL) + do_store($4, "w", 1); + if ($4 != NULL) + free($4); + } + | SYST CRLF + { +#if defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY) + reply(215, "UNIX Type: L%d", NBBY); +#else + reply(215, "UNKNOWN Type: L%d", NBBY); +#endif + } + + /* + * SIZE is not in RFC959, but Postel has blessed it and + * it will be in the updated RFC. + * + * Return size of file in a format suitable for + * using with RESTART (we just count bytes). + */ + | SIZE check_login SP pathname CRLF + { + if ($2 && $4 != NULL) + sizecmd($4); + if ($4 != NULL) + free($4); + } + + /* + * MDTM is not in RFC959, but Postel has blessed it and + * it will be in the updated RFC. + * + * Return modification time of file as an ISO 3307 + * style time. E.g. YYYYMMDDHHMMSS or YYYYMMDDHHMMSS.xxx + * where xxx is the fractional second (of any precision, + * not necessarily 3 digits) + */ + | MDTM check_login SP pathname CRLF + { + if ($2 && $4 != NULL) { + struct stat stbuf; + if (stat($4, &stbuf) < 0) + reply(550, "%s: %s", + $4, strerror(errno)); + else if (!S_ISREG(stbuf.st_mode)) { + reply(550, "%s: not a plain file.", $4); + } else { + struct tm *t; + t = gmtime(&stbuf.st_mtime); + reply(213, + "%04d%02d%02d%02d%02d%02d", + t->tm_year + 1900, + t->tm_mon + 1, + t->tm_mday, + t->tm_hour, + t->tm_min, + t->tm_sec); + } + } + if ($4 != NULL) + free($4); + } + | QUIT CRLF + { + reply(221, "Goodbye."); + dologout(0); + } + | error CRLF + { + yyerrok; + } + ; +rcmd + : RNFR check_login_no_guest SP pathname CRLF + { + restart_point = (off_t) 0; + if ($2 && $4) { + fromname = renamefrom($4); + if (fromname == (char *) 0 && $4) { + free($4); + } + } + } + | REST SP byte_size CRLF + { + fromname = (char *) 0; + restart_point = $3; /* XXX $3 is only "int" */ + reply(350, "Restarting at %ld. %s", + (long)restart_point, + "Send STORE or RETRIEVE to initiate transfer."); + } + | ENC SP STRING CRLF + { + enc($3); + free($3); + } + ; + +username + : STRING + ; + +password + : /* empty */ + { + $$ = (char *)calloc(1, sizeof(char)); + } + | STRING + ; + +byte_size + : NUMBER + ; + +host_port + : NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA + NUMBER COMMA NUMBER + { + data_dest.sin_family = AF_INET; + data_dest.sin_port = htons($9 * 256 + $11); + data_dest.sin_addr.s_addr = + htonl(($1 << 24) | ($3 << 16) | ($5 << 8) | $7); + } + ; + +form_code + : N + { + $$ = FORM_N; + } + | T + { + $$ = FORM_T; + } + | C + { + $$ = FORM_C; + } + ; + +type_code + : A + { + cmd_type = TYPE_A; + cmd_form = FORM_N; + } + | A SP form_code + { + cmd_type = TYPE_A; + cmd_form = $3; + } + | E + { + cmd_type = TYPE_E; + cmd_form = FORM_N; + } + | E SP form_code + { + cmd_type = TYPE_E; + cmd_form = $3; + } + | I + { + cmd_type = TYPE_I; + } + | L + { + cmd_type = TYPE_L; + cmd_bytesz = NBBY; + } + | L SP byte_size + { + cmd_type = TYPE_L; + cmd_bytesz = $3; + } + /* this is for a bug in the BBN ftp */ + | L byte_size + { + cmd_type = TYPE_L; + cmd_bytesz = $2; + } + ; + +struct_code + : F + { + $$ = STRU_F; + } + | R + { + $$ = STRU_R; + } + | P + { + $$ = STRU_P; + } + ; + +mode_code + : S + { + $$ = MODE_S; + } + | B + { + $$ = MODE_B; + } + | C + { + $$ = MODE_C; + } + ; + +pathname + : pathstring + { + /* + * Problem: this production is used for all pathname + * processing, but only gives a 550 error reply. + * This is a valid reply in some cases but not in others. + */ + if (logged_in && $1 && *$1 == '~') { + glob_t gl; + int flags = + GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; + + memset(&gl, 0, sizeof(gl)); + if (glob($1, flags, NULL, &gl) || + gl.gl_pathc == 0) { + reply(550, "not found"); + $$ = NULL; + } else { + $$ = strdup(gl.gl_pathv[0]); + } + globfree(&gl); + free($1); + } else + $$ = $1; + } + ; + +pathstring + : STRING + ; + +octal_number + : NUMBER + { + int ret, dec, multby, digit; + + /* + * Convert a number that was read as decimal number + * to what it would be if it had been read as octal. + */ + dec = $1; + multby = 1; + ret = 0; + while (dec) { + digit = dec%10; + if (digit > 7) { + ret = -1; + break; + } + ret += digit * multby; + multby *= 8; + dec /= 10; + } + $$ = ret; + } + ; + + +check_login_no_guest : check_login + { + $$ = $1 && !guest; + if($1 && !$$) + reply(550, "Permission denied"); + } + ; + +check_login + : /* empty */ + { + if(auth_complete && prot_level == prot_clear){ + reply(533, "Command protection level denied for paranoid reasons."); + $$ = 0; + }else + if (logged_in) + $$ = 1; + else { + reply(530, "Please login with USER and PASS."); + $$ = 0; + } + } + ; + +%% + +extern jmp_buf errcatch; + +#define CMD 0 /* beginning of command */ +#define ARGS 1 /* expect miscellaneous arguments */ +#define STR1 2 /* expect SP followed by STRING */ +#define STR2 3 /* expect STRING */ +#define OSTR 4 /* optional SP then STRING */ +#define ZSTR1 5 /* SP then optional STRING */ +#define ZSTR2 6 /* optional STRING after SP */ +#define SITECMD 7 /* SITE command */ +#define NSTR 8 /* Number followed by a string */ + +struct tab cmdtab[] = { /* In order defined in RFC 765 */ + { "USER", USER, STR1, 1, "<sp> username" }, + { "PASS", PASS, ZSTR1, 1, "<sp> password" }, + { "ACCT", ACCT, STR1, 0, "(specify account)" }, + { "SMNT", SMNT, ARGS, 0, "(structure mount)" }, + { "REIN", REIN, ARGS, 0, "(reinitialize server state)" }, + { "QUIT", QUIT, ARGS, 1, "(terminate service)", }, + { "PORT", PORT, ARGS, 1, "<sp> b0, b1, b2, b3, b4" }, + { "PASV", PASV, ARGS, 1, "(set server in passive mode)" }, + { "TYPE", TYPE, ARGS, 1, "<sp> [ A | E | I | L ]" }, + { "STRU", STRU, ARGS, 1, "(specify file structure)" }, + { "MODE", MODE, ARGS, 1, "(specify transfer mode)" }, + { "RETR", RETR, STR1, 1, "<sp> file-name" }, + { "STOR", STOR, STR1, 1, "<sp> file-name" }, + { "APPE", APPE, STR1, 1, "<sp> file-name" }, + { "MLFL", MLFL, OSTR, 0, "(mail file)" }, + { "MAIL", MAIL, OSTR, 0, "(mail to user)" }, + { "MSND", MSND, OSTR, 0, "(mail send to terminal)" }, + { "MSOM", MSOM, OSTR, 0, "(mail send to terminal or mailbox)" }, + { "MSAM", MSAM, OSTR, 0, "(mail send to terminal and mailbox)" }, + { "MRSQ", MRSQ, OSTR, 0, "(mail recipient scheme question)" }, + { "MRCP", MRCP, STR1, 0, "(mail recipient)" }, + { "ALLO", ALLO, ARGS, 1, "allocate storage (vacuously)" }, + { "REST", REST, ARGS, 1, "<sp> offset (restart command)" }, + { "RNFR", RNFR, STR1, 1, "<sp> file-name" }, + { "RNTO", RNTO, STR1, 1, "<sp> file-name" }, + { "ABOR", ABOR, ARGS, 1, "(abort operation)" }, + { "DELE", DELE, STR1, 1, "<sp> file-name" }, + { "CWD", CWD, OSTR, 1, "[ <sp> directory-name ]" }, + { "XCWD", CWD, OSTR, 1, "[ <sp> directory-name ]" }, + { "LIST", LIST, OSTR, 1, "[ <sp> path-name ]" }, + { "NLST", NLST, OSTR, 1, "[ <sp> path-name ]" }, + { "SITE", SITE, SITECMD, 1, "site-cmd [ <sp> arguments ]" }, + { "SYST", SYST, ARGS, 1, "(get type of operating system)" }, + { "STAT", STAT, OSTR, 1, "[ <sp> path-name ]" }, + { "HELP", HELP, OSTR, 1, "[ <sp> <string> ]" }, + { "NOOP", NOOP, ARGS, 1, "" }, + { "MKD", MKD, STR1, 1, "<sp> path-name" }, + { "XMKD", MKD, STR1, 1, "<sp> path-name" }, + { "RMD", RMD, STR1, 1, "<sp> path-name" }, + { "XRMD", RMD, STR1, 1, "<sp> path-name" }, + { "PWD", PWD, ARGS, 1, "(return current directory)" }, + { "XPWD", PWD, ARGS, 1, "(return current directory)" }, + { "CDUP", CDUP, ARGS, 1, "(change to parent directory)" }, + { "XCUP", CDUP, ARGS, 1, "(change to parent directory)" }, + { "STOU", STOU, STR1, 1, "<sp> file-name" }, + { "SIZE", SIZE, OSTR, 1, "<sp> path-name" }, + { "MDTM", MDTM, OSTR, 1, "<sp> path-name" }, + + /* extensions from draft-ietf-cat-ftpsec-08 */ + { "AUTH", AUTH, STR1, 1, "<sp> auth-type" }, + { "ADAT", ADAT, STR1, 1, "<sp> auth-data" }, + { "PBSZ", PBSZ, ARGS, 1, "<sp> buffer-size" }, + { "PROT", PROT, STR1, 1, "<sp> prot-level" }, + { "CCC", CCC, ARGS, 1, "" }, + { "MIC", MIC, STR1, 1, "<sp> integrity command" }, + { "CONF", CONF, STR1, 1, "<sp> confidentiality command" }, + { "ENC", ENC, STR1, 1, "<sp> privacy command" }, + + { NULL, 0, 0, 0, 0 } +}; + +struct tab sitetab[] = { + { "UMASK", UMASK, ARGS, 1, "[ <sp> umask ]" }, + { "IDLE", IDLE, ARGS, 1, "[ <sp> maximum-idle-time ]" }, + { "CHMOD", CHMOD, NSTR, 1, "<sp> mode <sp> file-name" }, + { "HELP", HELP, OSTR, 1, "[ <sp> <string> ]" }, + + { "KAUTH", KAUTH, STR1, 1, "<sp> principal [ <sp> ticket ]" }, + { "KLIST", KLIST, ARGS, 1, "(show ticket file)" }, + + { "FIND", FIND, STR1, 1, "<sp> globexpr" }, + + { "URL", URL, ARGS, 1, "?" }, + + { NULL, 0, 0, 0, 0 } +}; + +static struct tab * +lookup(struct tab *p, char *cmd) +{ + + for (; p->name != NULL; p++) + if (strcmp(cmd, p->name) == 0) + return (p); + return (0); +} + +#include <arpa/telnet.h> + +/* + * getline - a hacked up version of fgets to ignore TELNET escape codes. + */ +char * +getline(char *s, int n) +{ + int c; + char *cs; + + cs = s; +/* tmpline may contain saved command from urgent mode interruption */ + if(ftp_command){ + strncpy(s, ftp_command, n); + if (debug) + syslog(LOG_DEBUG, "command: %s", s); +#ifdef XXX + fprintf(stderr, "%s\n", s); +#endif + return s; + } + prot_level = prot_clear; + while ((c = getc(stdin)) != EOF) { + c &= 0377; + if (c == IAC) { + if ((c = getc(stdin)) != EOF) { + c &= 0377; + switch (c) { + case WILL: + case WONT: + c = getc(stdin); + printf("%c%c%c", IAC, DONT, 0377&c); + fflush(stdout); + continue; + case DO: + case DONT: + c = getc(stdin); + printf("%c%c%c", IAC, WONT, 0377&c); + fflush(stdout); + continue; + case IAC: + break; + default: + continue; /* ignore command */ + } + } + } + *cs++ = c; + if (--n <= 0 || c == '\n') + break; + } + if (c == EOF && cs == s) + return (NULL); + *cs++ = '\0'; + if (debug) { + if (!guest && strncasecmp("pass ", s, 5) == 0) { + /* Don't syslog passwords */ + syslog(LOG_DEBUG, "command: %.5s ???", s); + } else { + char *cp; + int len; + + /* Don't syslog trailing CR-LF */ + len = strlen(s); + cp = s + len - 1; + while (cp >= s && (*cp == '\n' || *cp == '\r')) { + --cp; + --len; + } + syslog(LOG_DEBUG, "command: %.*s", len, s); + } + } +#ifdef XXX + fprintf(stderr, "%s\n", s); +#endif + return (s); +} + +static RETSIGTYPE +toolong(int signo) +{ + + reply(421, + "Timeout (%d seconds): closing control connection.", + ftpd_timeout); + if (logging) + syslog(LOG_INFO, "User %s timed out after %d seconds", + (pw ? pw -> pw_name : "unknown"), ftpd_timeout); + dologout(1); + SIGRETURN(0); +} + +static int +yylex(void) +{ + static int cpos, state; + char *cp, *cp2; + struct tab *p; + int n; + char c; + + for (;;) { + switch (state) { + + case CMD: + signal(SIGALRM, toolong); + alarm((unsigned) ftpd_timeout); + if (getline(cbuf, sizeof(cbuf)-1) == NULL) { + reply(221, "You could at least say goodbye."); + dologout(0); + } + alarm(0); +#ifdef HASSETPROCTITLE + if (strncasecmp(cbuf, "PASS", 4) != NULL) + setproctitle("%s: %s", proctitle, cbuf); +#endif /* HASSETPROCTITLE */ + if ((cp = strchr(cbuf, '\r'))) { + *cp++ = '\n'; + *cp = '\0'; + } + if ((cp = strpbrk(cbuf, " \n"))) + cpos = cp - cbuf; + if (cpos == 0) + cpos = 4; + c = cbuf[cpos]; + cbuf[cpos] = '\0'; + strupr(cbuf); + p = lookup(cmdtab, cbuf); + cbuf[cpos] = c; + if (p != 0) { + if (p->implemented == 0) { + nack(p->name); + longjmp(errcatch,0); + /* NOTREACHED */ + } + state = p->state; + yylval.s = p->name; + return (p->token); + } + break; + + case SITECMD: + if (cbuf[cpos] == ' ') { + cpos++; + return (SP); + } + cp = &cbuf[cpos]; + if ((cp2 = strpbrk(cp, " \n"))) + cpos = cp2 - cbuf; + c = cbuf[cpos]; + cbuf[cpos] = '\0'; + strupr(cp); + p = lookup(sitetab, cp); + cbuf[cpos] = c; + if (p != 0) { + if (p->implemented == 0) { + state = CMD; + nack(p->name); + longjmp(errcatch,0); + /* NOTREACHED */ + } + state = p->state; + yylval.s = p->name; + return (p->token); + } + state = CMD; + break; + + case OSTR: + if (cbuf[cpos] == '\n') { + state = CMD; + return (CRLF); + } + /* FALLTHROUGH */ + + case STR1: + case ZSTR1: + dostr1: + if (cbuf[cpos] == ' ') { + cpos++; + state = state == OSTR ? STR2 : ++state; + return (SP); + } + break; + + case ZSTR2: + if (cbuf[cpos] == '\n') { + state = CMD; + return (CRLF); + } + /* FALLTHROUGH */ + + case STR2: + cp = &cbuf[cpos]; + n = strlen(cp); + cpos += n - 1; + /* + * Make sure the string is nonempty and \n terminated. + */ + if (n > 1 && cbuf[cpos] == '\n') { + cbuf[cpos] = '\0'; + yylval.s = copy(cp); + cbuf[cpos] = '\n'; + state = ARGS; + return (STRING); + } + break; + + case NSTR: + if (cbuf[cpos] == ' ') { + cpos++; + return (SP); + } + if (isdigit(cbuf[cpos])) { + cp = &cbuf[cpos]; + while (isdigit(cbuf[++cpos])) + ; + c = cbuf[cpos]; + cbuf[cpos] = '\0'; + yylval.i = atoi(cp); + cbuf[cpos] = c; + state = STR1; + return (NUMBER); + } + state = STR1; + goto dostr1; + + case ARGS: + if (isdigit(cbuf[cpos])) { + cp = &cbuf[cpos]; + while (isdigit(cbuf[++cpos])) + ; + c = cbuf[cpos]; + cbuf[cpos] = '\0'; + yylval.i = atoi(cp); + cbuf[cpos] = c; + return (NUMBER); + } + switch (cbuf[cpos++]) { + + case '\n': + state = CMD; + return (CRLF); + + case ' ': + return (SP); + + case ',': + return (COMMA); + + case 'A': + case 'a': + return (A); + + case 'B': + case 'b': + return (B); + + case 'C': + case 'c': + return (C); + + case 'E': + case 'e': + return (E); + + case 'F': + case 'f': + return (F); + + case 'I': + case 'i': + return (I); + + case 'L': + case 'l': + return (L); + + case 'N': + case 'n': + return (N); + + case 'P': + case 'p': + return (P); + + case 'R': + case 'r': + return (R); + + case 'S': + case 's': + return (S); + + case 'T': + case 't': + return (T); + + } + break; + + default: + fatal("Unknown state in scanner."); + } + yyerror((char *) 0); + state = CMD; + longjmp(errcatch,0); + } +} + +static char * +copy(char *s) +{ + char *p; + + p = strdup(s); + if (p == NULL) + fatal("Ran out of memory."); + return p; +} + +static void +help(struct tab *ctab, char *s) +{ + struct tab *c; + int width, NCMDS; + char *type; + char buf[1024]; + + if (ctab == sitetab) + type = "SITE "; + else + type = ""; + width = 0, NCMDS = 0; + for (c = ctab; c->name != NULL; c++) { + int len = strlen(c->name); + + if (len > width) + width = len; + NCMDS++; + } + width = (width + 8) &~ 7; + if (s == 0) { + int i, j, w; + int columns, lines; + + lreply(214, "The following %scommands are recognized %s.", + type, "(* =>'s unimplemented)"); + columns = 76 / width; + if (columns == 0) + columns = 1; + lines = (NCMDS + columns - 1) / columns; + for (i = 0; i < lines; i++) { + strcpy (buf, " "); + for (j = 0; j < columns; j++) { + c = ctab + j * lines + i; + snprintf (buf + strlen(buf), sizeof(buf) - strlen(buf), + "%s%c", c->name, c->implemented ? ' ' : '*'); + if (c + lines >= &ctab[NCMDS]) + break; + w = strlen(c->name) + 1; + while (w < width) { + strcat(buf, " "); + w++; + } + } + lreply(214, buf); + } + reply(214, "Direct comments to kth-krb-bugs@pdc.kth.se"); + return; + } + strupr(s); + c = lookup(ctab, s); + if (c == (struct tab *)0) { + reply(502, "Unknown command %s.", s); + return; + } + if (c->implemented) + reply(214, "Syntax: %s%s %s", type, c->name, c->help); + else + reply(214, "%s%-*s\t%s; unimplemented.", type, width, + c->name, c->help); +} + +static void +sizecmd(char *filename) +{ + switch (type) { + case TYPE_L: + case TYPE_I: { + struct stat stbuf; + if (stat(filename, &stbuf) < 0 || !S_ISREG(stbuf.st_mode)) + reply(550, "%s: not a plain file.", filename); + else + reply(213, "%lu", (unsigned long)stbuf.st_size); + break; } + case TYPE_A: { + FILE *fin; + int c; + off_t count; + struct stat stbuf; + fin = fopen(filename, "r"); + if (fin == NULL) { + perror_reply(550, filename); + return; + } + if (fstat(fileno(fin), &stbuf) < 0 || !S_ISREG(stbuf.st_mode)) { + reply(550, "%s: not a plain file.", filename); + fclose(fin); + return; + } + + count = 0; + while((c=getc(fin)) != EOF) { + if (c == '\n') /* will get expanded to \r\n */ + count++; + count++; + } + fclose(fin); + + reply(213, "%ld", count); + break; } + default: + reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]); + } +} diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c b/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c new file mode 100644 index 0000000..17cd3b9 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c @@ -0,0 +1,2076 @@ +/* + * Copyright (c) 1985, 1988, 1990, 1992, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: ftpd.c,v 1.88 1997/06/01 03:13:48 assar Exp $"); +#endif + +/* + * FTP server. + */ +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include <sys/ioctl.h> +#endif +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif +#ifdef HAVE_SYS_RESOURCE_H +#include <sys/resource.h> +#endif +#ifdef HAVE_SYS_WAIT_H +#include <sys/wait.h> +#endif + +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_NETINET_IN_SYSTM_H +#include <netinet/in_systm.h> +#endif +#ifdef HAVE_NETINET_IP_H +#include <netinet/ip.h> +#endif + +#ifdef HAVE_SYS_MMAN_H +#include <sys/mman.h> +#endif + +#define FTP_NAMES +#include <arpa/ftp.h> +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#ifdef HAVE_ARPA_TELNET_H +#include <arpa/telnet.h> +#endif + +#include <ctype.h> +#ifdef HAVE_DIRENT_H +#include <dirent.h> +#endif +#include <errno.h> +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#include <glob.h> +#include <limits.h> +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif +#include <setjmp.h> +#include <signal.h> +#include <stdio.h> +#include <stdlib.h> +#include <stdarg.h> +#include <string.h> +#ifdef HAVE_SYSLOG_H +#include <syslog.h> +#endif +#include <time.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_GRP_H +#include <grp.h> +#endif + +#include <err.h> + +#include "pathnames.h" +#include "extern.h" +#include "common.h" + +#include "auth.h" + +#include <krb.h> + +#include <kafs.h> +#include "roken.h" + +#include <otp.h> + +#ifdef SOCKS +#include <socks.h> +extern int LIBPREFIX(fclose) __P((FILE *)); +#endif + +void yyparse(); + +#ifndef LOG_FTP +#define LOG_FTP LOG_DAEMON +#endif + +static char version[] = "Version 6.00"; + +extern off_t restart_point; +extern char cbuf[]; + +struct sockaddr_in ctrl_addr; +struct sockaddr_in data_source; +struct sockaddr_in data_dest; +struct sockaddr_in his_addr; +struct sockaddr_in pasv_addr; + +int data; +jmp_buf errcatch, urgcatch; +int oobflag; +int logged_in; +struct passwd *pw; +int debug; +int ftpd_timeout = 900; /* timeout after 15 minutes of inactivity */ +int maxtimeout = 7200;/* don't allow idle time to be set beyond 2 hours */ +int logging; +int guest; +int dochroot; +int type; +int form; +int stru; /* avoid C keyword */ +int mode; +int usedefault = 1; /* for data transfers */ +int pdata = -1; /* for passive mode */ +int transflag; +off_t file_size; +off_t byte_count; +#if !defined(CMASK) || CMASK == 0 +#undef CMASK +#define CMASK 027 +#endif +int defumask = CMASK; /* default umask value */ +int guest_umask = 0777; /* Paranoia for anonymous users */ +char tmpline[10240]; +char hostname[MaxHostNameLen]; +char remotehost[MaxHostNameLen]; +static char ttyline[20]; + +#define AUTH_PLAIN (1 << 0) /* allow sending passwords */ +#define AUTH_OTP (1 << 1) /* passwords are one-time */ +#define AUTH_FTP (1 << 2) /* allow anonymous login */ + +static int auth_level = 0; /* Only allow kerberos login by default */ + +/* + * Timeout intervals for retrying connections + * to hosts that don't accept PORT cmds. This + * is a kludge, but given the problems with TCP... + */ +#define SWAITMAX 90 /* wait at most 90 seconds */ +#define SWAITINT 5 /* interval between retries */ + +int swaitmax = SWAITMAX; +int swaitint = SWAITINT; + +#ifdef HAVE_SETPROCTITLE +char proctitle[BUFSIZ]; /* initial part of title */ +#endif /* HAVE_SETPROCTITLE */ + +#define LOGCMD(cmd, file) \ + if (logging > 1) \ + syslog(LOG_INFO,"%s %s%s", cmd, \ + *(file) == '/' ? "" : curdir(), file); +#define LOGCMD2(cmd, file1, file2) \ + if (logging > 1) \ + syslog(LOG_INFO,"%s %s%s %s%s", cmd, \ + *(file1) == '/' ? "" : curdir(), file1, \ + *(file2) == '/' ? "" : curdir(), file2); +#define LOGBYTES(cmd, file, cnt) \ + if (logging > 1) { \ + if (cnt == (off_t)-1) \ + syslog(LOG_INFO,"%s %s%s", cmd, \ + *(file) == '/' ? "" : curdir(), file); \ + else \ + syslog(LOG_INFO, "%s %s%s = %ld bytes", \ + cmd, (*(file) == '/') ? "" : curdir(), file, (long)cnt); \ + } + +static void ack (char *); +static void myoob (int); +static int checkuser (char *, char *); +static int checkaccess (char *); +static FILE *dataconn (char *, off_t, char *); +static void dolog (struct sockaddr_in *); +static void end_login (void); +static FILE *getdatasock (char *); +static char *gunique (char *); +static RETSIGTYPE lostconn (int); +static int receive_data (FILE *, FILE *); +static void send_data (FILE *, FILE *); +static struct passwd * sgetpwnam (char *); +static void usage(void); + +static char * +curdir(void) +{ + static char path[MaxPathLen+1+1]; /* path + '/' + '\0' */ + + if (getcwd(path, sizeof(path)-2) == NULL) + return (""); + if (path[1] != '\0') /* special case for root dir. */ + strcat(path, "/"); + /* For guest account, skip / since it's chrooted */ + return (guest ? path+1 : path); +} + +#ifndef LINE_MAX +#define LINE_MAX 1024 +#endif + +static int +parse_auth_level(char *str) +{ + char *p; + int ret = 0; + char *foo = NULL; + + for(p = strtok_r(str, ",", &foo); + p; + p = strtok_r(NULL, ",", &foo)) { + if(strcmp(p, "user") == 0) + ; + else if(strcmp(p, "otp") == 0) + ret |= AUTH_PLAIN|AUTH_OTP; + else if(strcmp(p, "ftp") == 0 || + strcmp(p, "safe") == 0) + ret |= AUTH_FTP; + else if(strcmp(p, "plain") == 0) + ret |= AUTH_PLAIN; + else if(strcmp(p, "none") == 0) + ret |= AUTH_PLAIN|AUTH_FTP; + else + warnx("bad value for -a: `%s'", p); + } + return ret; +} + +/* + * Print usage and die. + */ + +static void +usage (void) +{ + fprintf (stderr, + "Usage: %s [-d] [-i] [-g guest_umask] [-l] [-p port]" + " [-t timeout] [-T max_timeout] [-u umask] [-v]" + " [-a auth_level] \n", + __progname); + exit (1); +} + +int +main(int argc, char **argv) +{ + int addrlen, ch, on = 1, tos; + char *cp, line[LINE_MAX]; + FILE *fd; + int not_inetd = 0; + int port; + struct servent *sp; + char tkfile[1024]; + + set_progname (argv[0]); + + /* detach from any tickets and tokens */ + + snprintf(tkfile, sizeof(tkfile), + "/tmp/ftp_%u", (unsigned)getpid()); + krb_set_tkt_string(tkfile); + if(k_hasafs()) + k_setpag(); + + sp = getservbyname("ftp", "tcp"); + if(sp) + port = sp->s_port; + else + port = htons(21); + + while ((ch = getopt(argc, argv, "a:dg:ilp:t:T:u:v")) != EOF) { + switch (ch) { + case 'a': + auth_level = parse_auth_level(optarg); + break; + case 'd': + debug = 1; + break; + + case 'i': + not_inetd = 1; + break; + case 'g': + { + long val = 0; + + val = strtol(optarg, &optarg, 8); + if (*optarg != '\0' || val < 0) + warnx("bad value for -g"); + else + guest_umask = val; + break; + } + case 'l': + logging++; /* > 1 == extra logging */ + break; + + case 'p': + sp = getservbyname(optarg, "tcp"); + if(sp) + port = sp->s_port; + else + if(isdigit(optarg[0])) + port = htons(atoi(optarg)); + else + warnx("bad value for -p"); + break; + + case 't': + ftpd_timeout = atoi(optarg); + if (maxtimeout < ftpd_timeout) + maxtimeout = ftpd_timeout; + break; + + case 'T': + maxtimeout = atoi(optarg); + if (ftpd_timeout > maxtimeout) + ftpd_timeout = maxtimeout; + break; + + case 'u': + { + long val = 0; + + val = strtol(optarg, &optarg, 8); + if (*optarg != '\0' || val < 0) + warnx("bad value for -u"); + else + defumask = val; + break; + } + + case 'v': + debug = 1; + break; + + default: + usage (); + } + } + + if(not_inetd) + mini_inetd (port); + + /* + * LOG_NDELAY sets up the logging connection immediately, + * necessary for anonymous ftp's that chroot and can't do it later. + */ + openlog("ftpd", LOG_PID | LOG_NDELAY, LOG_FTP); + addrlen = sizeof(his_addr); + if (getpeername(0, (struct sockaddr *)&his_addr, &addrlen) < 0) { + syslog(LOG_ERR, "getpeername (%s): %m",argv[0]); + exit(1); + } + addrlen = sizeof(ctrl_addr); + if (getsockname(0, (struct sockaddr *)&ctrl_addr, &addrlen) < 0) { + syslog(LOG_ERR, "getsockname (%s): %m",argv[0]); + exit(1); + } +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + tos = IPTOS_LOWDELAY; + if (setsockopt(0, IPPROTO_IP, IP_TOS, (void *)&tos, sizeof(int)) < 0) + syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); +#endif + data_source.sin_port = htons(ntohs(ctrl_addr.sin_port) - 1); + debug = 0; + + /* set this here so it can be put in wtmp */ + snprintf(ttyline, sizeof(ttyline), "ftp%u", (unsigned)getpid()); + + + /* freopen(_PATH_DEVNULL, "w", stderr); */ + signal(SIGPIPE, lostconn); + signal(SIGCHLD, SIG_IGN); +#ifdef SIGURG + if (signal(SIGURG, myoob) == SIG_ERR) + syslog(LOG_ERR, "signal: %m"); +#endif + + auth_init(); + + /* Try to handle urgent data inline */ +#if defined(SO_OOBINLINE) && defined(HAVE_SETSOCKOPT) + if (setsockopt(0, SOL_SOCKET, SO_OOBINLINE, (void *)&on, + sizeof(on)) < 0) + syslog(LOG_ERR, "setsockopt: %m"); +#endif + +#ifdef F_SETOWN + if (fcntl(fileno(stdin), F_SETOWN, getpid()) == -1) + syslog(LOG_ERR, "fcntl F_SETOWN: %m"); +#endif + dolog(&his_addr); + /* + * Set up default state + */ + data = -1; + type = TYPE_A; + form = FORM_N; + stru = STRU_F; + mode = MODE_S; + tmpline[0] = '\0'; + + /* If logins are disabled, print out the message. */ + if ((fd = fopen(_PATH_NOLOGIN,"r")) != NULL) { + while (fgets(line, sizeof(line), fd) != NULL) { + if ((cp = strchr(line, '\n')) != NULL) + *cp = '\0'; + lreply(530, "%s", line); + } + fflush(stdout); + fclose(fd); + reply(530, "System not available."); + exit(0); + } + if ((fd = fopen(_PATH_FTPWELCOME, "r")) != NULL) { + while (fgets(line, sizeof(line), fd) != NULL) { + if ((cp = strchr(line, '\n')) != NULL) + *cp = '\0'; + lreply(220, "%s", line); + } + fflush(stdout); + fclose(fd); + /* reply(220,) must follow */ + } + k_gethostname(hostname, sizeof(hostname)); + reply(220, "%s FTP server (%s+%s) ready.", hostname, + version, krb4_version); + setjmp(errcatch); + for (;;) + yyparse(); + /* NOTREACHED */ +} + +static RETSIGTYPE +lostconn(int signo) +{ + + if (debug) + syslog(LOG_DEBUG, "lost connection"); + dologout(-1); +} + +/* + * Helper function for sgetpwnam(). + */ +static char * +sgetsave(char *s) +{ + char *new = strdup(s); + + if (new == NULL) { + perror_reply(421, "Local resource failure: malloc"); + dologout(1); + /* NOTREACHED */ + } + return new; +} + +/* + * Save the result of a getpwnam. Used for USER command, since + * the data returned must not be clobbered by any other command + * (e.g., globbing). + */ +static struct passwd * +sgetpwnam(char *name) +{ + static struct passwd save; + struct passwd *p; + + if ((p = k_getpwnam(name)) == NULL) + return (p); + if (save.pw_name) { + free(save.pw_name); + free(save.pw_passwd); + free(save.pw_gecos); + free(save.pw_dir); + free(save.pw_shell); + } + save = *p; + save.pw_name = sgetsave(p->pw_name); + save.pw_passwd = sgetsave(p->pw_passwd); + save.pw_gecos = sgetsave(p->pw_gecos); + save.pw_dir = sgetsave(p->pw_dir); + save.pw_shell = sgetsave(p->pw_shell); + return (&save); +} + +static int login_attempts; /* number of failed login attempts */ +static int askpasswd; /* had user command, ask for passwd */ +static char curname[10]; /* current USER name */ +OtpContext otp_ctx; + +/* + * USER command. + * Sets global passwd pointer pw if named account exists and is acceptable; + * sets askpasswd if a PASS command is expected. If logged in previously, + * need to reset state. If name is "ftp" or "anonymous", the name is not in + * _PATH_FTPUSERS, and ftp account exists, set guest and pw, then just return. + * If account doesn't exist, ask for passwd anyway. Otherwise, check user + * requesting login privileges. Disallow anyone who does not have a standard + * shell as returned by getusershell(). Disallow anyone mentioned in the file + * _PATH_FTPUSERS to allow people such as root and uucp to be avoided. + */ +void +user(char *name) +{ + char *cp, *shell; + + if(auth_level == 0 && !auth_complete){ + reply(530, "No login allowed without authorization."); + return; + } + + if (logged_in) { + if (guest) { + reply(530, "Can't change user from guest login."); + return; + } else if (dochroot) { + reply(530, "Can't change user from chroot user."); + return; + } + end_login(); + } + + guest = 0; + if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) { + if ((auth_level & AUTH_FTP) == 0 || + checkaccess("ftp") || + checkaccess("anonymous")) + reply(530, "User %s access denied.", name); + else if ((pw = sgetpwnam("ftp")) != NULL) { + guest = 1; + defumask = guest_umask; /* paranoia for incoming */ + askpasswd = 1; + reply(331, "Guest login ok, type your name as password."); + } else + reply(530, "User %s unknown.", name); + if (!askpasswd && logging) + syslog(LOG_NOTICE, + "ANONYMOUS FTP LOGIN REFUSED FROM %s(%s)", + remotehost, inet_ntoa(his_addr.sin_addr)); + return; + } + if((auth_level & AUTH_PLAIN) == 0 && !auth_complete){ + reply(530, "Only authorized and anonymous login allowed."); + return; + } + if ((pw = sgetpwnam(name))) { + if ((shell = pw->pw_shell) == NULL || *shell == 0) + shell = _PATH_BSHELL; + while ((cp = getusershell()) != NULL) + if (strcmp(cp, shell) == 0) + break; + endusershell(); + + if (cp == NULL || checkaccess(name)) { + reply(530, "User %s access denied.", name); + if (logging) + syslog(LOG_NOTICE, + "FTP LOGIN REFUSED FROM %s(%s), %s", + remotehost, + inet_ntoa(his_addr.sin_addr), + name); + pw = (struct passwd *) NULL; + return; + } + } + if (logging) + strncpy(curname, name, sizeof(curname)-1); + if(auth_ok()) + ct->userok(name); + else { + char ss[256]; + + if (otp_challenge(&otp_ctx, name, ss, sizeof(ss)) == 0) { + reply(331, "Password %s for %s required.", + ss, name); + askpasswd = 1; + } else if ((auth_level & AUTH_OTP) == 0) { + reply(331, "Password required for %s.", name); + askpasswd = 1; + } else { + char *s; + + if (s = otp_error (&otp_ctx)) + lreply(530, "OTP: %s", s); + reply(530, + "Only authorized, anonymous and OTP " + "login allowed."); + } + + } + /* + * Delay before reading passwd after first failed + * attempt to slow down passwd-guessing programs. + */ + if (login_attempts) + sleep(login_attempts); +} + +/* + * Check if a user is in the file "fname" + */ +static int +checkuser(char *fname, char *name) +{ + FILE *fd; + int found = 0; + char *p, line[BUFSIZ]; + + if ((fd = fopen(fname, "r")) != NULL) { + while (fgets(line, sizeof(line), fd) != NULL) + if ((p = strchr(line, '\n')) != NULL) { + *p = '\0'; + if (line[0] == '#') + continue; + if (strcmp(line, name) == 0) { + found = 1; + break; + } + } + fclose(fd); + } + return (found); +} + + +/* + * Determine whether a user has access, based on information in + * _PATH_FTPUSERS. The users are listed one per line, with `allow' + * or `deny' after the username. If anything other than `allow', or + * just nothing, is given after the username, `deny' is assumed. + * + * If the user is not found in the file, but the pseudo-user `*' is, + * the permission is taken from that line. + * + * This preserves the old semantics where if a user was listed in the + * file he was denied, otherwise he was allowed. + * + * Return 1 if the user is denied, or 0 if he is allowed. */ + +static int +match(const char *pattern, const char *string) +{ +#ifdef HAVE_FNMATCH + return fnmatch(pattern, string, FNM_NOESCAPE); +#else + return strcmp(pattern, "*") != 0 && strcmp(pattern, string) != 0; +#endif +} + +static int +checkaccess(char *name) +{ +#define ALLOWED 0 +#define NOT_ALLOWED 1 + FILE *fd; + int allowed = ALLOWED; + char *user, *perm, line[BUFSIZ]; + char *foo; + + fd = fopen(_PATH_FTPUSERS, "r"); + + if(fd == NULL) + return allowed; + + while (fgets(line, sizeof(line), fd) != NULL) { + foo = NULL; + user = strtok_r(line, " \t\n", &foo); + if (user == NULL || user[0] == '#') + continue; + perm = strtok_r(NULL, " \t\n", &foo); + if (match(user, name) == 0){ + if(perm && strcmp(perm, "allow") == 0) + allowed = ALLOWED; + else + allowed = NOT_ALLOWED; + break; + } + } + fclose(fd); + return allowed; +} +#undef ALLOWED +#undef NOT_ALLOWED + +int do_login(int code, char *passwd) +{ + FILE *fd; + login_attempts = 0; /* this time successful */ + if (setegid((gid_t)pw->pw_gid) < 0) { + reply(550, "Can't set gid."); + return -1; + } + initgroups(pw->pw_name, pw->pw_gid); + + /* open wtmp before chroot */ + logwtmp(ttyline, pw->pw_name, remotehost); + logged_in = 1; + + dochroot = checkuser(_PATH_FTPCHROOT, pw->pw_name); + if (guest) { + /* + * We MUST do a chdir() after the chroot. Otherwise + * the old current directory will be accessible as "." + * outside the new root! + */ + if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { + reply(550, "Can't set guest privileges."); + return -1; + } + } else if (dochroot) { + if (chroot(pw->pw_dir) < 0 || chdir("/") < 0) { + reply(550, "Can't change root."); + return -1; + } + } else if (chdir(pw->pw_dir) < 0) { + if (chdir("/") < 0) { + reply(530, "User %s: can't change directory to %s.", + pw->pw_name, pw->pw_dir); + return -1; + } else + lreply(code, "No directory! Logging in with home=/"); + } + if (seteuid((uid_t)pw->pw_uid) < 0) { + reply(550, "Can't set uid."); + return -1; + } + /* + * Display a login message, if it exists. + * N.B. reply(code,) must follow the message. + */ + if ((fd = fopen(_PATH_FTPLOGINMESG, "r")) != NULL) { + char *cp, line[LINE_MAX]; + + while (fgets(line, sizeof(line), fd) != NULL) { + if ((cp = strchr(line, '\n')) != NULL) + *cp = '\0'; + lreply(code, "%s", line); + } + } + if (guest) { + reply(code, "Guest login ok, access restrictions apply."); +#ifdef HAVE_SETPROCTITLE + snprintf (proctitle, sizeof(proctitle), + "%s: anonymous/%s", + remotehost, + passwd); +#endif /* HAVE_SETPROCTITLE */ + if (logging) + syslog(LOG_INFO, "ANONYMOUS FTP LOGIN FROM %s(%s), %s", + remotehost, + inet_ntoa(his_addr.sin_addr), + passwd); + } else { + reply(code, "User %s logged in.", pw->pw_name); +#ifdef HAVE_SETPROCTITLE + snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name); + setproctitle(proctitle); +#endif /* HAVE_SETPROCTITLE */ + if (logging) + syslog(LOG_INFO, "FTP LOGIN FROM %s(%s) as %s", + remotehost, + inet_ntoa(his_addr.sin_addr), + pw->pw_name); + } + umask(defumask); + return 0; +} + +/* + * Terminate login as previous user, if any, resetting state; + * used when USER command is given or login fails. + */ +static void +end_login(void) +{ + + seteuid((uid_t)0); + if (logged_in) + logwtmp(ttyline, "", ""); + pw = NULL; + logged_in = 0; + guest = 0; + dochroot = 0; +} + +void +pass(char *passwd) +{ + int rval; + + /* some clients insists on sending a password */ + if (logged_in && askpasswd == 0){ + reply(230, "Dumpucko!"); + return; + } + + if (logged_in || askpasswd == 0) { + reply(503, "Login with USER first."); + return; + } + askpasswd = 0; + rval = 1; + if (!guest) { /* "ftp" is only account allowed no password */ + if (pw == NULL) + rval = 1; /* failure below */ + else if (otp_verify_user (&otp_ctx, passwd) == 0) { + rval = 0; + } else if((auth_level & AUTH_OTP) == 0) { + char realm[REALM_SZ]; + if((rval = krb_get_lrealm(realm, 1)) == KSUCCESS) + rval = krb_verify_user(pw->pw_name, "", realm, + passwd, 1, NULL); + if (rval == KSUCCESS ){ + if(k_hasafs()) + k_afsklog(0, 0); + }else + rval = unix_verify_user(pw->pw_name, passwd); + } else { + char *s; + + if (s = otp_error(&otp_ctx)) + lreply(530, "OTP: %s", s); + } + memset (passwd, 0, strlen(passwd)); + + /* + * If rval == 1, the user failed the authentication + * check above. If rval == 0, either Kerberos or + * local authentication succeeded. + */ + if (rval) { + reply(530, "Login incorrect."); + if (logging) + syslog(LOG_NOTICE, + "FTP LOGIN FAILED FROM %s(%s), %s", + remotehost, + inet_ntoa(his_addr.sin_addr), + curname); + pw = NULL; + if (login_attempts++ >= 5) { + syslog(LOG_NOTICE, + "repeated login failures from %s(%s)", + remotehost, + inet_ntoa(his_addr.sin_addr)); + exit(0); + } + return; + } + } + if(!do_login(230, passwd)) + return; + + /* Forget all about it... */ + end_login(); +} + +void +retrieve(char *cmd, char *name) +{ + FILE *fin = NULL, *dout; + struct stat st; + int (*closefunc) (FILE *); + char line[BUFSIZ]; + + + if (cmd == 0) { + fin = fopen(name, "r"); + closefunc = fclose; + st.st_size = 0; + if(fin == NULL){ + struct cmds { + char *ext; + char *cmd; + } cmds[] = { + {".tar", "/bin/gtar cPf - %s"}, + {".tar.gz", "/bin/gtar zcPf - %s"}, + {".tar.Z", "/bin/gtar ZcPf - %s"}, + {".gz", "/bin/gzip -c %s"}, + {".Z", "/bin/compress -c %s"}, + {NULL, NULL} + }; + struct cmds *p; + for(p = cmds; p->ext; p++){ + char *tail = name + strlen(name) - strlen(p->ext); + char c = *tail; + + if(strcmp(tail, p->ext) == 0 && + (*tail = 0) == 0 && + access(name, R_OK) == 0){ + snprintf (line, sizeof(line), p->cmd, name); + *tail = c; + break; + } + *tail = c; + } + if(p->ext){ + fin = ftpd_popen(line, "r", 0, 0); + closefunc = ftpd_pclose; + st.st_size = -1; + cmd = line; + } + } + } else { + snprintf(line, sizeof(line), cmd, name); + name = line; + fin = ftpd_popen(line, "r", 1, 0); + closefunc = ftpd_pclose; + st.st_size = -1; + } + if (fin == NULL) { + if (errno != 0) { + perror_reply(550, name); + if (cmd == 0) { + LOGCMD("get", name); + } + } + return; + } + byte_count = -1; + if (cmd == 0){ + if(fstat(fileno(fin), &st) < 0 || !S_ISREG(st.st_mode)) { + reply(550, "%s: not a plain file.", name); + goto done; + } + } + if (restart_point) { + if (type == TYPE_A) { + off_t i, n; + int c; + + n = restart_point; + i = 0; + while (i++ < n) { + if ((c=getc(fin)) == EOF) { + perror_reply(550, name); + goto done; + } + if (c == '\n') + i++; + } + } else if (lseek(fileno(fin), restart_point, SEEK_SET) < 0) { + perror_reply(550, name); + goto done; + } + } + dout = dataconn(name, st.st_size, "w"); + if (dout == NULL) + goto done; + set_buffer_size(fileno(dout), 0); + send_data(fin, dout); + fclose(dout); + data = -1; + pdata = -1; +done: + if (cmd == 0) + LOGBYTES("get", name, byte_count); + (*closefunc)(fin); +} + +/* filename sanity check */ + +int +filename_check(char *filename) +{ + static const char good_chars[] = "+-=_,."; + char *p; + + p = strrchr(filename, '/'); + if(p) + filename = p + 1; + + p = filename; + + if(isalnum(*p)){ + p++; + while(*p && (isalnum(*p) || strchr(good_chars, *p))) + p++; + if(*p == '\0') + return 0; + } + lreply(553, "\"%s\" is an illegal filename.", filename); + lreply(553, "The filename must start with an alphanumeric " + "character and must only"); + reply(553, "consist of alphanumeric characters or any of the following: %s", + good_chars); + return 1; +} + +void +do_store(char *name, char *mode, int unique) +{ + FILE *fout, *din; + struct stat st; + int (*closefunc) (FILE *); + + if(guest && filename_check(name)) + return; + if (unique && stat(name, &st) == 0 && + (name = gunique(name)) == NULL) { + LOGCMD(*mode == 'w' ? "put" : "append", name); + return; + } + + if (restart_point) + mode = "r+"; + fout = fopen(name, mode); + closefunc = fclose; + if (fout == NULL) { + perror_reply(553, name); + LOGCMD(*mode == 'w' ? "put" : "append", name); + return; + } + byte_count = -1; + if (restart_point) { + if (type == TYPE_A) { + off_t i, n; + int c; + + n = restart_point; + i = 0; + while (i++ < n) { + if ((c=getc(fout)) == EOF) { + perror_reply(550, name); + goto done; + } + if (c == '\n') + i++; + } + /* + * We must do this seek to "current" position + * because we are changing from reading to + * writing. + */ + if (fseek(fout, 0L, SEEK_CUR) < 0) { + perror_reply(550, name); + goto done; + } + } else if (lseek(fileno(fout), restart_point, SEEK_SET) < 0) { + perror_reply(550, name); + goto done; + } + } + din = dataconn(name, (off_t)-1, "r"); + if (din == NULL) + goto done; + set_buffer_size(fileno(din), 1); + if (receive_data(din, fout) == 0) { + if (unique) + reply(226, "Transfer complete (unique file name:%s).", + name); + else + reply(226, "Transfer complete."); + } + fclose(din); + data = -1; + pdata = -1; +done: + LOGBYTES(*mode == 'w' ? "put" : "append", name, byte_count); + (*closefunc)(fout); +} + +static FILE * +getdatasock(char *mode) +{ + int on = 1, s, t, tries; + + if (data >= 0) + return (fdopen(data, mode)); + seteuid((uid_t)0); + s = socket(AF_INET, SOCK_STREAM, 0); + if (s < 0) + goto bad; +#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) + if (setsockopt(s, SOL_SOCKET, SO_REUSEADDR, + (void *) &on, sizeof(on)) < 0) + goto bad; +#endif + /* anchor socket to avoid multi-homing problems */ + data_source.sin_family = AF_INET; + data_source.sin_addr = ctrl_addr.sin_addr; + for (tries = 1; ; tries++) { + if (bind(s, (struct sockaddr *)&data_source, + sizeof(data_source)) >= 0) + break; + if (errno != EADDRINUSE || tries > 10) + goto bad; + sleep(tries); + } + seteuid((uid_t)pw->pw_uid); +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + on = IPTOS_THROUGHPUT; + if (setsockopt(s, IPPROTO_IP, IP_TOS, (void *)&on, sizeof(int)) < 0) + syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); +#endif + return (fdopen(s, mode)); +bad: + /* Return the real value of errno (close may change it) */ + t = errno; + seteuid((uid_t)pw->pw_uid); + close(s); + errno = t; + return (NULL); +} + +static FILE * +dataconn(char *name, off_t size, char *mode) +{ + char sizebuf[32]; + FILE *file; + int retry = 0, tos; + + file_size = size; + byte_count = 0; + if (size != (off_t) -1) + snprintf(sizebuf, sizeof(sizebuf), " (%ld bytes)", size); + else + strcpy(sizebuf, ""); + if (pdata >= 0) { + struct sockaddr_in from; + int s, fromlen = sizeof(from); + + s = accept(pdata, (struct sockaddr *)&from, &fromlen); + if (s < 0) { + reply(425, "Can't open data connection."); + close(pdata); + pdata = -1; + return (NULL); + } + close(pdata); + pdata = s; +#if defined(IP_TOS) && defined(HAVE_SETSOCKOPT) + tos = IPTOS_THROUGHPUT; + setsockopt(s, IPPROTO_IP, IP_TOS, (void *)&tos, + sizeof(int)); +#endif + reply(150, "Opening %s mode data connection for '%s'%s.", + type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); + return (fdopen(pdata, mode)); + } + if (data >= 0) { + reply(125, "Using existing data connection for '%s'%s.", + name, sizebuf); + usedefault = 1; + return (fdopen(data, mode)); + } + if (usedefault) + data_dest = his_addr; + usedefault = 1; + file = getdatasock(mode); + if (file == NULL) { + reply(425, "Can't create data socket (%s,%d): %s.", + inet_ntoa(data_source.sin_addr), + ntohs(data_source.sin_port), strerror(errno)); + return (NULL); + } + data = fileno(file); + while (connect(data, (struct sockaddr *)&data_dest, + sizeof(data_dest)) < 0) { + if (errno == EADDRINUSE && retry < swaitmax) { + sleep((unsigned) swaitint); + retry += swaitint; + continue; + } + perror_reply(425, "Can't build data connection"); + fclose(file); + data = -1; + return (NULL); + } + reply(150, "Opening %s mode data connection for '%s'%s.", + type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); + return (file); +} + +/* + * Tranfer the contents of "instr" to "outstr" peer using the appropriate + * encapsulation of the data subject * to Mode, Structure, and Type. + * + * NB: Form isn't handled. + */ +static void +send_data(FILE *instr, FILE *outstr) +{ + int c, cnt, filefd, netfd; + static char *buf; + static size_t bufsize; + int i = 0; + char s[1024]; + + transflag++; + if (setjmp(urgcatch)) { + transflag = 0; + return; + } + switch (type) { + + case TYPE_A: + while ((c = getc(instr)) != EOF) { + byte_count++; + if(i > 1022){ + auth_write(fileno(outstr), s, i); + i = 0; + } + if(c == '\n') + s[i++] = '\r'; + s[i++] = c; + } + if(i) + auth_write(fileno(outstr), s, i); + auth_write(fileno(outstr), s, 0); + fflush(outstr); + transflag = 0; + if (ferror(instr)) + goto file_err; + if (ferror(outstr)) + goto data_err; + reply(226, "Transfer complete."); + return; + + case TYPE_I: + case TYPE_L: +#ifdef HAVE_MMAP +#ifndef MAP_FAILED +#define MAP_FAILED (-1) +#endif + { + struct stat st; + char *chunk; + int in = fileno(instr); + if(fstat(in, &st) == 0 && S_ISREG(st.st_mode)) { + chunk = mmap(0, st.st_size, PROT_READ, MAP_SHARED, in, 0); + if(chunk != (void *)MAP_FAILED) { + cnt = st.st_size - restart_point; + auth_write(fileno(outstr), + chunk + restart_point, + cnt); + munmap(chunk, st.st_size); + auth_write(fileno(outstr), NULL, 0); + byte_count = cnt; + transflag = 0; + } + } + } + +#endif + if(transflag){ + struct stat st; + + netfd = fileno(outstr); + filefd = fileno(instr); + buf = alloc_buffer (buf, &bufsize, + fstat(filefd, &st) >= 0 ? &st : NULL); + if (buf == NULL) { + transflag = 0; + perror_reply(451, "Local resource failure: malloc"); + return; + } + while ((cnt = read(filefd, buf, bufsize)) > 0 && + auth_write(netfd, buf, cnt) == cnt) + byte_count += cnt; + auth_write(netfd, buf, 0); /* to end an encrypted stream */ + transflag = 0; + if (cnt != 0) { + if (cnt < 0) + goto file_err; + goto data_err; + } + } + reply(226, "Transfer complete."); + return; + default: + transflag = 0; + reply(550, "Unimplemented TYPE %d in send_data", type); + return; + } + +data_err: + transflag = 0; + perror_reply(426, "Data connection"); + return; + +file_err: + transflag = 0; + perror_reply(551, "Error on input file"); +} + +/* + * Transfer data from peer to "outstr" using the appropriate encapulation of + * the data subject to Mode, Structure, and Type. + * + * N.B.: Form isn't handled. + */ +static int +receive_data(FILE *instr, FILE *outstr) +{ + int cnt, bare_lfs = 0; + static char *buf; + static size_t bufsize; + struct stat st; + + transflag++; + if (setjmp(urgcatch)) { + transflag = 0; + return (-1); + } + + buf = alloc_buffer (buf, &bufsize, + fstat(fileno(outstr), &st) >= 0 ? &st : NULL); + if (buf == NULL) { + transflag = 0; + perror_reply(451, "Local resource failure: malloc"); + return -1; + } + + switch (type) { + + case TYPE_I: + case TYPE_L: + while ((cnt = auth_read(fileno(instr), buf, bufsize)) > 0) { + if (write(fileno(outstr), buf, cnt) != cnt) + goto file_err; + byte_count += cnt; + } + if (cnt < 0) + goto data_err; + transflag = 0; + return (0); + + case TYPE_E: + reply(553, "TYPE E not implemented."); + transflag = 0; + return (-1); + + case TYPE_A: + { + char *p, *q; + int cr_flag = 0; + while ((cnt = auth_read(fileno(instr), + buf + cr_flag, + bufsize - cr_flag)) > 0){ + byte_count += cnt; + cnt += cr_flag; + cr_flag = 0; + for(p = buf, q = buf; p < buf + cnt;) { + if(*p == '\n') + bare_lfs++; + if(*p == '\r') + if(p == buf + cnt - 1){ + cr_flag = 1; + p++; + continue; + }else if(p[1] == '\n'){ + *q++ = '\n'; + p += 2; + continue; + } + *q++ = *p++; + } + fwrite(buf, q - buf, 1, outstr); + if(cr_flag) + buf[0] = '\r'; + } + if(cr_flag) + putc('\r', outstr); + fflush(outstr); + if (ferror(instr)) + goto data_err; + if (ferror(outstr)) + goto file_err; + transflag = 0; + if (bare_lfs) { + lreply(226, "WARNING! %d bare linefeeds received in ASCII mode\r\n" + " File may not have transferred correctly.\r\n", + bare_lfs); + } + return (0); + } + default: + reply(550, "Unimplemented TYPE %d in receive_data", type); + transflag = 0; + return (-1); + } + +data_err: + transflag = 0; + perror_reply(426, "Data Connection"); + return (-1); + +file_err: + transflag = 0; + perror_reply(452, "Error writing file"); + return (-1); +} + +void +statfilecmd(char *filename) +{ + FILE *fin; + int c; + char line[LINE_MAX]; + + snprintf(line, sizeof(line), "/bin/ls -la %s", filename); + fin = ftpd_popen(line, "r", 1, 0); + lreply(211, "status of %s:", filename); + while ((c = getc(fin)) != EOF) { + if (c == '\n') { + if (ferror(stdout)){ + perror_reply(421, "control connection"); + ftpd_pclose(fin); + dologout(1); + /* NOTREACHED */ + } + if (ferror(fin)) { + perror_reply(551, filename); + ftpd_pclose(fin); + return; + } + putc('\r', stdout); + } + putc(c, stdout); + } + ftpd_pclose(fin); + reply(211, "End of Status"); +} + +void +statcmd(void) +{ +#if 0 + struct sockaddr_in *sin; + u_char *a, *p; + + lreply(211, "%s FTP server status:", hostname, version); + printf(" %s\r\n", version); + printf(" Connected to %s", remotehost); + if (!isdigit(remotehost[0])) + printf(" (%s)", inet_ntoa(his_addr.sin_addr)); + printf("\r\n"); + if (logged_in) { + if (guest) + printf(" Logged in anonymously\r\n"); + else + printf(" Logged in as %s\r\n", pw->pw_name); + } else if (askpasswd) + printf(" Waiting for password\r\n"); + else + printf(" Waiting for user name\r\n"); + printf(" TYPE: %s", typenames[type]); + if (type == TYPE_A || type == TYPE_E) + printf(", FORM: %s", formnames[form]); + if (type == TYPE_L) +#if NBBY == 8 + printf(" %d", NBBY); +#else + printf(" %d", bytesize); /* need definition! */ +#endif + printf("; STRUcture: %s; transfer MODE: %s\r\n", + strunames[stru], modenames[mode]); + if (data != -1) + printf(" Data connection open\r\n"); + else if (pdata != -1) { + printf(" in Passive mode"); + sin = &pasv_addr; + goto printaddr; + } else if (usedefault == 0) { + printf(" PORT"); + sin = &data_dest; +printaddr: + a = (u_char *) &sin->sin_addr; + p = (u_char *) &sin->sin_port; +#define UC(b) (((int) b) & 0xff) + printf(" (%d,%d,%d,%d,%d,%d)\r\n", UC(a[0]), + UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1])); +#undef UC + } else + printf(" No data connection\r\n"); +#endif + reply(211, "End of status"); +} + +void +fatal(char *s) +{ + + reply(451, "Error in server: %s\n", s); + reply(221, "Closing connection due to server error."); + dologout(0); + /* NOTREACHED */ +} + +static void +int_reply(int, char *, const char *, va_list) +#ifdef __GNUC__ +__attribute__ ((format (printf, 3, 0))) +#endif +; + +static void +int_reply(int n, char *c, const char *fmt, va_list ap) +{ + char buf[10240]; + char *p; + p=buf; + if(n){ + snprintf(p, sizeof(buf), "%d%s", n, c); + p+=strlen(p); + } + vsnprintf(p, sizeof(buf) - strlen(p), fmt, ap); + p+=strlen(p); + snprintf(p, sizeof(buf) - strlen(p), "\r\n"); + p+=strlen(p); + auth_printf("%s", buf); + fflush(stdout); + if (debug) + syslog(LOG_DEBUG, "<--- %s- ", buf); +} + +void +reply(int n, const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + int_reply(n, " ", fmt, ap); + delete_ftp_command(); + va_end(ap); +} + +void +lreply(int n, const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + int_reply(n, "-", fmt, ap); + va_end(ap); +} + +void +nreply(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + int_reply(0, NULL, fmt, ap); + va_end(ap); +} + +static void +ack(char *s) +{ + + reply(250, "%s command successful.", s); +} + +void +nack(char *s) +{ + + reply(502, "%s command not implemented.", s); +} + +/* ARGSUSED */ +void +yyerror(char *s) +{ + char *cp; + + if ((cp = strchr(cbuf,'\n'))) + *cp = '\0'; + reply(500, "'%s': command not understood.", cbuf); +} + +void +do_delete(char *name) +{ + struct stat st; + + LOGCMD("delete", name); + if (stat(name, &st) < 0) { + perror_reply(550, name); + return; + } + if ((st.st_mode&S_IFMT) == S_IFDIR) { + if (rmdir(name) < 0) { + perror_reply(550, name); + return; + } + goto done; + } + if (unlink(name) < 0) { + perror_reply(550, name); + return; + } +done: + ack("DELE"); +} + +void +cwd(char *path) +{ + + if (chdir(path) < 0) + perror_reply(550, path); + else + ack("CWD"); +} + +void +makedir(char *name) +{ + + LOGCMD("mkdir", name); + if(guest && filename_check(name)) + return; + if (mkdir(name, 0777) < 0) + perror_reply(550, name); + else{ + if(guest) + chmod(name, 0700); /* guest has umask 777 */ + reply(257, "MKD command successful."); + } +} + +void +removedir(char *name) +{ + + LOGCMD("rmdir", name); + if (rmdir(name) < 0) + perror_reply(550, name); + else + ack("RMD"); +} + +void +pwd(void) +{ + char path[MaxPathLen + 1]; + char *ret; + + /* SunOS has a broken getcwd that does popen(pwd) (!!!), this + * failes miserably when running chroot + */ + ret = getcwd(path, sizeof(path)); + if (ret == NULL) + reply(550, "%s.", strerror(errno)); + else + reply(257, "\"%s\" is current directory.", path); +} + +char * +renamefrom(char *name) +{ + struct stat st; + + if (stat(name, &st) < 0) { + perror_reply(550, name); + return NULL; + } + reply(350, "File exists, ready for destination name"); + return (name); +} + +void +renamecmd(char *from, char *to) +{ + + LOGCMD2("rename", from, to); + if(guest && filename_check(to)) + return; + if (rename(from, to) < 0) + perror_reply(550, "rename"); + else + ack("RNTO"); +} + +static void +dolog(struct sockaddr_in *sin) +{ + inaddr2str (sin->sin_addr, remotehost, sizeof(remotehost)); +#ifdef HAVE_SETPROCTITLE + snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost); + setproctitle(proctitle); +#endif /* HAVE_SETPROCTITLE */ + + if (logging) + syslog(LOG_INFO, "connection from %s(%s)", + remotehost, + inet_ntoa(his_addr.sin_addr)); +} + +/* + * Record logout in wtmp file + * and exit with supplied status. + */ +void +dologout(int status) +{ + transflag = 0; + if (logged_in) { + seteuid((uid_t)0); + logwtmp(ttyline, "", ""); + dest_tkt(); + if(k_hasafs()) + k_unlog(); + } + /* beware of flushing buffers after a SIGPIPE */ +#ifdef XXX + exit(status); +#else + _exit(status); +#endif +} + +void abor(void) +{ +} + +static void +myoob(int signo) +{ +#if 0 + char *cp; +#endif + + /* only process if transfer occurring */ + if (!transflag) + return; + + /* This is all XXX */ + oobflag = 1; + /* if the command resulted in a new command, + parse that as well */ + do{ + yyparse(); + } while(ftp_command); + oobflag = 0; + +#if 0 + cp = tmpline; + if (getline(cp, 7) == NULL) { + reply(221, "You could at least say goodbye."); + dologout(0); + } + upper(cp); + if (strcmp(cp, "ABOR\r\n") == 0) { + tmpline[0] = '\0'; + reply(426, "Transfer aborted. Data connection closed."); + reply(226, "Abort successful"); + longjmp(urgcatch, 1); + } + if (strcmp(cp, "STAT\r\n") == 0) { + if (file_size != (off_t) -1) + reply(213, "Status: %ld of %ld bytes transferred", + (long)byte_count, + (long)file_size); + else + reply(213, "Status: %ld bytes transferred" + (long)byte_count); + } +#endif +} + +/* + * Note: a response of 425 is not mentioned as a possible response to + * the PASV command in RFC959. However, it has been blessed as + * a legitimate response by Jon Postel in a telephone conversation + * with Rick Adams on 25 Jan 89. + */ +void +passive(void) +{ + int len; + char *p, *a; + + pdata = socket(AF_INET, SOCK_STREAM, 0); + if (pdata < 0) { + perror_reply(425, "Can't open passive connection"); + return; + } + pasv_addr = ctrl_addr; + pasv_addr.sin_port = 0; + seteuid((uid_t)0); + if (bind(pdata, (struct sockaddr *)&pasv_addr, sizeof(pasv_addr)) < 0) { + seteuid((uid_t)pw->pw_uid); + goto pasv_error; + } + seteuid((uid_t)pw->pw_uid); + len = sizeof(pasv_addr); + if (getsockname(pdata, (struct sockaddr *) &pasv_addr, &len) < 0) + goto pasv_error; + if (listen(pdata, 1) < 0) + goto pasv_error; + a = (char *) &pasv_addr.sin_addr; + p = (char *) &pasv_addr.sin_port; + +#define UC(b) (((int) b) & 0xff) + + reply(227, "Entering Passive Mode (%d,%d,%d,%d,%d,%d)", UC(a[0]), + UC(a[1]), UC(a[2]), UC(a[3]), UC(p[0]), UC(p[1])); + return; + +pasv_error: + close(pdata); + pdata = -1; + perror_reply(425, "Can't open passive connection"); + return; +} + +/* + * Generate unique name for file with basename "local". + * The file named "local" is already known to exist. + * Generates failure reply on error. + */ +static char * +gunique(char *local) +{ + static char new[MaxPathLen]; + struct stat st; + int count; + char *cp; + + cp = strrchr(local, '/'); + if (cp) + *cp = '\0'; + if (stat(cp ? local : ".", &st) < 0) { + perror_reply(553, cp ? local : "."); + return NULL; + } + if (cp) + *cp = '/'; + for (count = 1; count < 100; count++) { + snprintf (new, sizeof(new), "%s.%d", local, count); + if (stat(new, &st) < 0) + return (new); + } + reply(452, "Unique file name cannot be created."); + return (NULL); +} + +/* + * Format and send reply containing system error number. + */ +void +perror_reply(int code, char *string) +{ + reply(code, "%s: %s.", string, strerror(errno)); +} + +static char *onefile[] = { + "", + 0 +}; + +void +send_file_list(char *whichf) +{ + struct stat st; + DIR *dirp = NULL; + struct dirent *dir; + FILE *dout = NULL; + char **dirlist, *dirname; + int simple = 0; + int freeglob = 0; + glob_t gl; + char buf[MaxPathLen]; + + if (strpbrk(whichf, "~{[*?") != NULL) { + int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; + + memset(&gl, 0, sizeof(gl)); + freeglob = 1; + if (glob(whichf, flags, 0, &gl)) { + reply(550, "not found"); + goto out; + } else if (gl.gl_pathc == 0) { + errno = ENOENT; + perror_reply(550, whichf); + goto out; + } + dirlist = gl.gl_pathv; + } else { + onefile[0] = whichf; + dirlist = onefile; + simple = 1; + } + + if (setjmp(urgcatch)) { + transflag = 0; + goto out; + } + while ((dirname = *dirlist++)) { + if (stat(dirname, &st) < 0) { + /* + * If user typed "ls -l", etc, and the client + * used NLST, do what the user meant. + */ + if (dirname[0] == '-' && *dirlist == NULL && + transflag == 0) { + retrieve("/bin/ls %s", dirname); + goto out; + } + perror_reply(550, whichf); + if (dout != NULL) { + fclose(dout); + transflag = 0; + data = -1; + pdata = -1; + } + goto out; + } + + if (S_ISREG(st.st_mode)) { + if (dout == NULL) { + dout = dataconn("file list", (off_t)-1, "w"); + if (dout == NULL) + goto out; + transflag++; + } + snprintf(buf, sizeof(buf), "%s%s\n", dirname, + type == TYPE_A ? "\r" : ""); + auth_write(fileno(dout), buf, strlen(buf)); + byte_count += strlen(dirname) + 1; + continue; + } else if (!S_ISDIR(st.st_mode)) + continue; + + if ((dirp = opendir(dirname)) == NULL) + continue; + + while ((dir = readdir(dirp)) != NULL) { + char nbuf[MaxPathLen]; + + if (!strcmp(dir->d_name, ".")) + continue; + if (!strcmp(dir->d_name, "..")) + continue; + + snprintf(nbuf, sizeof(nbuf), "%s/%s", dirname, dir->d_name); + + /* + * We have to do a stat to insure it's + * not a directory or special file. + */ + if (simple || (stat(nbuf, &st) == 0 && + S_ISREG(st.st_mode))) { + if (dout == NULL) { + dout = dataconn("file list", (off_t)-1, "w"); + if (dout == NULL) + goto out; + transflag++; + } + if(strncmp(nbuf, "./", 2) == 0) + snprintf(buf, sizeof(buf), "%s%s\n", nbuf +2, + type == TYPE_A ? "\r" : ""); + else + snprintf(buf, sizeof(buf), "%s%s\n", nbuf, + type == TYPE_A ? "\r" : ""); + auth_write(fileno(dout), buf, strlen(buf)); + byte_count += strlen(nbuf) + 1; + } + } + closedir(dirp); + } + if (dout == NULL) + reply(550, "No files found."); + else if (ferror(dout) != 0) + perror_reply(550, "Data connection"); + else + reply(226, "Transfer complete."); + + transflag = 0; + if (dout != NULL){ + auth_write(fileno(dout), buf, 0); /* XXX flush */ + + fclose(dout); + } + data = -1; + pdata = -1; +out: + if (freeglob) { + freeglob = 0; + globfree(&gl); + } +} + + +int +find(char *pattern) +{ + char line[1024]; + FILE *f; + + snprintf(line, sizeof(line), + "/bin/locate -d %s %s", + ftp_rooted("/etc/locatedb"), + pattern); + f = ftpd_popen(line, "r", 1, 1); + if(f == NULL){ + perror_reply(550, "/bin/locate"); + return 1; + } + lreply(200, "Output from find."); + while(fgets(line, sizeof(line), f)){ + if(line[strlen(line)-1] == '\n') + line[strlen(line)-1] = 0; + nreply("%s", line); + } + reply(200, "Done"); + ftpd_pclose(f); + return 0; +} + diff --git a/crypto/kerberosIV/appl/ftp/ftpd/kauth.c b/crypto/kerberosIV/appl/ftp/ftpd/kauth.c new file mode 100644 index 0000000..02d23d6 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/kauth.c @@ -0,0 +1,325 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +RCSID("$Id: kauth.c,v 1.14 1997/05/07 02:21:30 assar Exp $"); + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <time.h> +#ifdef HAVE_SYS_TIME_H +#include <sys/time.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif + +#include <roken.h> + +#include <des.h> +#include <krb.h> +#include <kafs.h> + +#include "extern.h" +#include "krb4.h" +#include "auth.h" +#include "base64.h" + +static KTEXT_ST cip; +static unsigned int lifetime; +static time_t local_time; + +static krb_principal pr; + +static int +save_tkt(char *user, char *instance, char *realm, void *arg, + int (*key_proc)(char*, char*, char*, void*, des_cblock*), KTEXT *cipp) +{ + local_time = time(0); + memmove(&cip, *cipp, sizeof(cip)); + return -1; +} + +static int +store_ticket(KTEXT cip) +{ + char *ptr; + des_cblock session; + krb_principal sp; + unsigned char kvno; + KTEXT_ST tkt; + int left = cip->length; + + int kerror; + + time_t kdc_time; + + ptr = (char *) cip->dat; + + /* extract session key */ + memmove(session, ptr, 8); + ptr += 8; + left -= 8; + + if (strnlen(ptr, left) == left) + return(INTK_BADPW); + + /* extract server's name */ + strcpy(sp.name, ptr); + ptr += strlen(sp.name) + 1; + left -= strlen(sp.name) + 1; + + if (strnlen(ptr, left) == left) + return(INTK_BADPW); + + /* extract server's instance */ + strcpy(sp.instance, ptr); + ptr += strlen(sp.instance) + 1; + left -= strlen(sp.instance) + 1; + + if (strnlen(ptr, left) == left) + return(INTK_BADPW); + + /* extract server's realm */ + strcpy(sp.realm,ptr); + ptr += strlen(sp.realm) + 1; + left -= strlen(sp.realm) + 1; + + if(left < 3) + return INTK_BADPW; + /* extract ticket lifetime, server key version, ticket length */ + /* be sure to avoid sign extension on lifetime! */ + lifetime = (unsigned char) ptr[0]; + kvno = (unsigned char) ptr[1]; + tkt.length = (unsigned char) ptr[2]; + ptr += 3; + left -= 3; + + if (tkt.length > left) + return(INTK_BADPW); + + /* extract ticket itself */ + memmove(tkt.dat, ptr, tkt.length); + ptr += tkt.length; + left -= tkt.length; + + /* Here is where the time should be verified against the KDC. + * Unfortunately everything is sent in host byte order (receiver + * makes wrong) , and at this stage there is no way for us to know + * which byteorder the KDC has. So we simply ignore the time, + * there are no security risks with this, the only thing that can + * happen is that we might receive a replayed ticket, which could + * at most be useless. + */ + +#if 0 + /* check KDC time stamp */ + memmove(&kdc_time, ptr, sizeof(kdc_time)); + if (swap_bytes) swap_u_long(kdc_time); + + ptr += 4; + + if (abs((int)(local_time - kdc_time)) > CLOCK_SKEW) { + return(RD_AP_TIME); /* XXX should probably be better + code */ + } +#endif + + /* initialize ticket cache */ + + if (tf_create(TKT_FILE) != KSUCCESS) + return(INTK_ERR); + + if (tf_put_pname(pr.name) != KSUCCESS || + tf_put_pinst(pr.instance) != KSUCCESS) { + tf_close(); + return(INTK_ERR); + } + + + kerror = tf_save_cred(sp.name, sp.instance, sp.realm, session, + lifetime, kvno, &tkt, local_time); + tf_close(); + + return(kerror); +} + +void kauth(char *principal, char *ticket) +{ + char *p; + int ret; + + ret = krb_parse_name(principal, &pr); + if(ret){ + reply(500, "Bad principal: %s.", krb_get_err_text(ret)); + return; + } + if(pr.realm[0] == 0) + krb_get_lrealm(pr.realm, 1); + + if(ticket){ + cip.length = base64_decode(ticket, &cip.dat); + if(cip.length == -1){ + reply(500, "Failed to decode data."); + return; + } + ret = store_ticket(&cip); + if(ret){ + reply(500, "Kerberos error: %s.", krb_get_err_text(ret)); + memset(&cip, 0, sizeof(cip)); + return; + } + if(k_hasafs()) + k_afsklog(0, 0); + reply(200, "Tickets will be destroyed on exit."); + return; + } + + ret = krb_get_in_tkt (pr.name, + pr.instance, + pr.realm, + KRB_TICKET_GRANTING_TICKET, + pr.realm, + DEFAULT_TKT_LIFE, + NULL, save_tkt, NULL); + if(ret != INTK_BADPW){ + reply(500, "Kerberos error: %s.", krb_get_err_text(ret)); + return; + } + base64_encode(cip.dat, cip.length, &p); + reply(300, "P=%s T=%s", krb_unparse_name(&pr), p); + free(p); + memset(&cip, 0, sizeof(cip)); +} + + +static char * +short_date(int32_t dp) +{ + char *cp; + time_t t = (time_t)dp; + + if (t == (time_t)(-1L)) return "*** Never *** "; + cp = ctime(&t) + 4; + cp[15] = '\0'; + return (cp); +} + +void klist(void) +{ + int err; + + char *file = tkt_string(); + + krb_principal pr; + + char buf1[128], buf2[128]; + int header = 1; + CREDENTIALS c; + + + + err = tf_init(file, R_TKT_FIL); + if(err != KSUCCESS){ + reply(500, "%s", krb_get_err_text(err)); + return; + } + tf_close(); + + /* + * We must find the realm of the ticket file here before calling + * tf_init because since the realm of the ticket file is not + * really stored in the principal section of the file, the + * routine we use must itself call tf_init and tf_close. + */ + err = krb_get_tf_realm(file, pr.realm); + if(err != KSUCCESS){ + reply(500, "%s", krb_get_err_text(err)); + return; + } + + err = tf_init(file, R_TKT_FIL); + if(err != KSUCCESS){ + reply(500, "%s", krb_get_err_text(err)); + return; + } + + err = tf_get_pname(pr.name); + if(err != KSUCCESS){ + reply(500, "%s", krb_get_err_text(err)); + return; + } + err = tf_get_pinst(pr.instance); + if(err != KSUCCESS){ + reply(500, "%s", krb_get_err_text(err)); + return; + } + + /* + * You may think that this is the obvious place to get the + * realm of the ticket file, but it can't be done here as the + * routine to do this must open the ticket file. This is why + * it was done before tf_init. + */ + + lreply(200, "Principal: %s", krb_unparse_name(&pr)); + while ((err = tf_get_cred(&c)) == KSUCCESS) { + if (header) { + lreply(200, "%-15s %-15s %s", + " Issued", " Expires", " Principal (kvno)"); + header = 0; + } + strcpy(buf1, short_date(c.issue_date)); + c.issue_date = krb_life_to_time(c.issue_date, c.lifetime); + if (time(0) < (unsigned long) c.issue_date) + strcpy(buf2, short_date(c.issue_date)); + else + strcpy(buf2, ">>> Expired <<< "); + lreply(200, "%s %s %s (%d)", buf1, buf2, + krb_unparse_name_long(c.service, c.instance, c.realm), c.kvno); + } + if (header && err == EOF) { + lreply(200, "No tickets in file."); + } + reply(200, ""); +} diff --git a/crypto/kerberosIV/appl/ftp/ftpd/krb4.c b/crypto/kerberosIV/appl/ftp/ftpd/krb4.c new file mode 100644 index 0000000..2457c61 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/krb4.c @@ -0,0 +1,372 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: krb4.c,v 1.19 1997/05/11 09:00:07 assar Exp $"); +#endif + +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif +#ifdef HAVE_NETINET_IN_h +#include <netinet/in.h> +#endif + +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <krb.h> + +#include "base64.h" +#include "extern.h" +#include "auth.h" +#include "krb4.h" + +#include <roken.h> + +static AUTH_DAT auth_dat; +static des_key_schedule schedule; + +int krb4_auth(char *auth) +{ + auth_complete = 0; + reply(334, "Using authentication type %s; ADAT must follow", auth); + return 0; +} + +int krb4_adat(char *auth) +{ + KTEXT_ST tkt; + char *p; + int kerror; + u_int32_t cs; + char msg[35]; /* size of encrypted block */ + int len; + + char inst[INST_SZ]; + + memset(&tkt, 0, sizeof(tkt)); + len = base64_decode(auth, tkt.dat); + + if(len < 0){ + reply(501, "Failed to decode base64 data."); + return -1; + } + tkt.length = len; + + k_getsockinst(0, inst, sizeof(inst)); + kerror = krb_rd_req(&tkt, "ftp", inst, 0, &auth_dat, ""); + if(kerror == RD_AP_UNDEC){ + k_getsockinst(0, inst, sizeof(inst)); + kerror = krb_rd_req(&tkt, "rcmd", inst, 0, &auth_dat, ""); + } + + if(kerror){ + reply(535, "Error reading request: %s.", krb_get_err_text(kerror)); + return -1; + } + + des_set_key(&auth_dat.session, schedule); + + cs = auth_dat.checksum + 1; + { + unsigned char tmp[4]; + tmp[0] = (cs >> 24) & 0xff; + tmp[1] = (cs >> 16) & 0xff; + tmp[2] = (cs >> 8) & 0xff; + tmp[3] = cs & 0xff; + len = krb_mk_safe(tmp, msg, 4, &auth_dat.session, + &ctrl_addr, &his_addr); + } + if(len < 0){ + reply(535, "Error creating reply: %s.", strerror(errno)); + return -1; + } + base64_encode(msg, len, &p); + reply(235, "ADAT=%s", p); + auth_complete = 1; + free(p); + return 0; +} + +int krb4_pbsz(int size) +{ + if(size > 1048576) /* XXX arbitrary number */ + size = 1048576; + buffer_size = size; + reply(200, "OK PBSZ=%d", buffer_size); + return 0; +} + +int krb4_prot(int level) +{ + if(level == prot_confidential) + return -1; + return 0; +} + +int krb4_ccc(void) +{ + reply(534, "Don't event think about it."); + return -1; +} + +int krb4_mic(char *msg) +{ + int len; + int kerror; + MSG_DAT m_data; + char *tmp, *cmd; + + cmd = strdup(msg); + + len = base64_decode(msg, cmd); + if(len < 0){ + reply(501, "Failed to decode base 64 data."); + free(cmd); + return -1; + } + kerror = krb_rd_safe(cmd, len, &auth_dat.session, + &his_addr, &ctrl_addr, &m_data); + + if(kerror){ + reply(535, "Error reading request: %s.", krb_get_err_text(kerror)); + free(cmd); + return -1; + } + + tmp = malloc(strlen(msg) + 1); + snprintf(tmp, strlen(msg) + 1, "%.*s", (int)m_data.app_length, m_data.app_data); + if(!strstr(tmp, "\r\n")) + strcat(tmp, "\r\n"); + new_ftp_command(tmp); + free(cmd); + return 0; +} + +int krb4_conf(char *msg) +{ + prot_level = prot_safe; + + reply(537, "Protection level not supported."); + return -1; +} + +int krb4_enc(char *msg) +{ + int len; + int kerror; + MSG_DAT m_data; + char *tmp, *cmd; + + cmd = strdup(msg); + + len = base64_decode(msg, cmd); + if(len < 0){ + reply(501, "Failed to decode base 64 data."); + free(cmd); + return -1; + } + kerror = krb_rd_priv(cmd, len, schedule, &auth_dat.session, + &his_addr, &ctrl_addr, &m_data); + + if(kerror){ + reply(535, "Error reading request: %s.", krb_get_err_text(kerror)); + free(cmd); + return -1; + } + + tmp = strdup(msg); + snprintf(tmp, strlen(msg) + 1, "%.*s", (int)m_data.app_length, m_data.app_data); + if(!strstr(tmp, "\r\n")) + strcat(tmp, "\r\n"); + new_ftp_command(tmp); + free(cmd); + return 0; +} + +int krb4_read(int fd, void *data, int length) +{ + static int left; + static char *extra; + static int eof; + int len, bytes, tx = 0; + + MSG_DAT m_data; + int kerror; + + if(eof){ /* if we haven't reported an end-of-file, do so */ + eof = 0; + return 0; + } + + if(left){ + if(length > left) + bytes = left; + else + bytes = length; + memmove(data, extra, bytes); + left -= bytes; + if(left) + memmove(extra, extra + bytes, left); + else + free(extra); + length -= bytes; + tx += bytes; + } + + while(length){ + unsigned char tmp[4]; + if(krb_net_read(fd, tmp, 4) < 4){ + reply(400, "Unexpected end of file.\n"); + return -1; + } + len = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3]; + krb_net_read(fd, data_buffer, len); + if(data_protection == prot_safe) + kerror = krb_rd_safe(data_buffer, len, &auth_dat.session, + &his_addr, &ctrl_addr, &m_data); + else + kerror = krb_rd_priv(data_buffer, len, schedule, &auth_dat.session, + &his_addr, &ctrl_addr, &m_data); + + if(kerror){ + reply(400, "Failed to read data: %s.", krb_get_err_text(kerror)); + return -1; + } + + bytes = m_data.app_length; + if(bytes == 0){ + if(tx) eof = 1; + return tx; + } + if(bytes > length){ + left = bytes - length; + bytes = length; + extra = malloc(left); + memmove(extra, m_data.app_data + bytes, left); + } + memmove((unsigned char*)data + tx, m_data.app_data, bytes); + tx += bytes; + length -= bytes; + } + return tx; +} + +int krb4_write(int fd, void *data, int length) +{ + int len, bytes, tx = 0; + + len = buffer_size; + if(data_protection == prot_safe) + len -= 31; /* always 31 bytes overhead */ + else + len -= 26; /* at most 26 bytes */ + + do{ + if(length < len) + len = length; + if(data_protection == prot_safe) + bytes = krb_mk_safe(data, data_buffer+4, len, &auth_dat.session, + &ctrl_addr, &his_addr); + else + bytes = krb_mk_priv(data, data_buffer+4, len, schedule, + &auth_dat.session, + &ctrl_addr, &his_addr); + if(bytes == -1){ + reply(535, "Failed to make packet: %s.", strerror(errno)); + return -1; + } + data_buffer[0] = (bytes >> 24) & 0xff; + data_buffer[1] = (bytes >> 16) & 0xff; + data_buffer[2] = (bytes >> 8) & 0xff; + data_buffer[3] = bytes & 0xff; + if(krb_net_write(fd, data_buffer, bytes+4) < 0) + return -1; + length -= len; + data = (unsigned char*)data + len; + tx += len; + }while(length); + return tx; +} + +int krb4_userok(char *name) +{ + if(!kuserok(&auth_dat, name)){ + do_login(232, name); + }else{ + reply(530, "User %s access denied.", name); + } + return 0; +} + + +int +krb4_vprintf(const char *fmt, va_list ap) +{ + char buf[10240]; + char *p; + char *enc; + int code; + int len; + + vsnprintf (buf, sizeof(buf), fmt, ap); + enc = malloc(strlen(buf) + 31); + if(prot_level == prot_safe){ + len = krb_mk_safe((u_char*)buf, (u_char*)enc, strlen(buf), &auth_dat.session, + &ctrl_addr, &his_addr); + code = 631; + }else if(prot_level == prot_private){ + len = krb_mk_priv((u_char*)buf, (u_char*)enc, strlen(buf), schedule, + &auth_dat.session, &ctrl_addr, &his_addr); + code = 632; + }else{ + len = 0; /* XXX */ + code = 631; + } + base64_encode(enc, len, &p); + fprintf(stdout, "%d %s\r\n", code, p); + free(enc); + free(p); + return 0; +} diff --git a/crypto/kerberosIV/appl/ftp/ftpd/krb4.h b/crypto/kerberosIV/appl/ftp/ftpd/krb4.h new file mode 100644 index 0000000..f777dbd --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/krb4.h @@ -0,0 +1,61 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: krb4.h,v 1.6 1997/04/01 08:17:29 joda Exp $ */ + +#ifndef __KRB4_H__ +#define __KRB4_H__ + +#include <stdarg.h> + +int krb4_auth(char *auth); +int krb4_adat(char *auth); +int krb4_pbsz(int size); +int krb4_prot(int level); +int krb4_ccc(void); +int krb4_mic(char *msg); +int krb4_conf(char *msg); +int krb4_enc(char *msg); + +int krb4_read(int fd, void *data, int length); +int krb4_write(int fd, void *data, int length); + +int krb4_userok(char *name); +int krb4_vprintf(const char *fmt, va_list ap); + +#endif /* __KRB4_H__ */ diff --git a/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c b/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c new file mode 100644 index 0000000..95ab216 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/logwtmp.c @@ -0,0 +1,136 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: logwtmp.c,v 1.10 1997/05/25 15:17:56 assar Exp $"); +#endif + +#include <stdio.h> +#include <string.h> +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_UTMP_H +#include <utmp.h> +#endif +#ifdef HAVE_UTMPX_H +#include <utmpx.h> +#endif +#include "extern.h" + +#ifndef WTMP_FILE +#ifdef _PATH_WTMP +#define WTMP_FILE _PATH_WTMP +#else +#define WTMP_FILE "/var/adm/wtmp" +#endif +#endif + +void +logwtmp(char *line, char *name, char *host) +{ + static int init = 0; + static int fd, fdx; + struct timeval tv; + struct utmp ut; +#ifdef WTMPX_FILE + struct utmpx utx; +#endif + + memset(&ut, 0, sizeof(struct utmp)); +#ifdef HAVE_UT_TYPE + if(name[0]) + ut.ut_type = USER_PROCESS; + else + ut.ut_type = DEAD_PROCESS; +#endif + strncpy(ut.ut_line, line, sizeof(ut.ut_line)); + strncpy(ut.ut_name, name, sizeof(ut.ut_name)); +#ifdef HAVE_UT_PID + ut.ut_pid = getpid(); +#endif +#ifdef HAVE_UT_HOST + strncpy(ut.ut_host, host, sizeof(ut.ut_host)); +#endif + ut.ut_time = time(NULL); + +#ifdef WTMPX_FILE + strncpy(utx.ut_line, line, sizeof(utx.ut_line)); + strncpy(utx.ut_user, name, sizeof(utx.ut_user)); + strncpy(utx.ut_host, host, sizeof(utx.ut_host)); +#ifdef HAVE_UT_SYSLEN + utx.ut_syslen = strlen(host) + 1; + if (utx.ut_syslen > sizeof(utx.ut_host)) + utx.ut_syslen = sizeof(utx.ut_host); +#endif + gettimeofday (&tv, 0); + utx.ut_tv.tv_sec = tv.tv_sec; + utx.ut_tv.tv_usec = tv.tv_usec; + + if(name[0]) + utx.ut_type = USER_PROCESS; + else + utx.ut_type = DEAD_PROCESS; +#endif + + if(!init){ + fd = open(WTMP_FILE, O_WRONLY|O_APPEND, 0); +#ifdef WTMPX_FILE + fdx = open(WTMPX_FILE, O_WRONLY|O_APPEND, 0); +#endif + init = 1; + } + if(fd >= 0) { + write(fd, &ut, sizeof(struct utmp)); /* XXX */ +#ifdef WTMPX_FILE + write(fdx, &utx, sizeof(struct utmpx)); +#endif + } +} diff --git a/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h b/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h new file mode 100644 index 0000000..1bd2be1 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h @@ -0,0 +1,55 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)pathnames.h 8.1 (Berkeley) 6/4/93 + */ + +#ifdef HAVE_PATHS_H +#include <paths.h> +#endif + +#ifndef _PATH_DEVNULL +#define _PATH_DEVNULL "/dev/null" +#endif + +#ifndef _PATH_NOLOGIN +#define _PATH_NOLOGIN "/etc/nologin" +#endif + +#ifndef _PATH_BSHELL +#define _PATH_BSHELL "/bin/sh" +#endif + +#define _PATH_FTPUSERS "/etc/ftpusers" +#define _PATH_FTPCHROOT "/etc/ftpchroot" +#define _PATH_FTPWELCOME "/etc/ftpwelcome" +#define _PATH_FTPLOGINMESG "/etc/motd" diff --git a/crypto/kerberosIV/appl/ftp/ftpd/popen.c b/crypto/kerberosIV/appl/ftp/ftpd/popen.c new file mode 100644 index 0000000..58c4985 --- /dev/null +++ b/crypto/kerberosIV/appl/ftp/ftpd/popen.c @@ -0,0 +1,224 @@ +/* + * Copyright (c) 1988, 1993, 1994 + * The Regents of the University of California. All rights reserved. + * + * This code is derived from software written by Ken Arnold and + * published in UNIX Review, Vol. 6, No. 8. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: popen.c,v 1.16 1997/06/01 03:14:06 assar Exp $"); +#endif + +#include <sys/types.h> +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif +#ifdef HAVE_SYS_RESOURCE_H +#include <sys/resource.h> +#endif +#include <sys/wait.h> + +#include <errno.h> +#include <glob.h> +#include <signal.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include "extern.h" + +#include <roken.h> + +/* + * Special version of popen which avoids call to shell. This ensures + * no one may create a pipe to a hidden program as a side effect of a + * list or dir command. + */ +static int *pids; +static int fds; + +extern int dochroot; + +/* return path prepended with ~ftp if that file exists, otherwise + * return path unchanged + */ + +const char * +ftp_rooted(const char *path) +{ + static char home[MaxPathLen] = ""; + static char newpath[MaxPathLen]; + struct passwd *pwd; + + if(!home[0]) + if((pwd = k_getpwnam("ftp"))) + strcpy(home, pwd->pw_dir); + snprintf(newpath, sizeof(newpath), "%s/%s", home, path); + if(access(newpath, X_OK)) + strcpy(newpath, path); + return newpath; +} + + +FILE * +ftpd_popen(char *program, char *type, int do_stderr, int no_glob) +{ + char *cp; + FILE *iop; + int argc, gargc, pdes[2], pid; + char **pop, *argv[100], *gargv[1000]; + char *foo; + + if (strcmp(type, "r") && strcmp(type, "w")) + return (NULL); + + if (!pids) { + + /* This function is ugly and should be rewritten, in + * modern unices there is no such thing as a maximum + * filedescriptor. + */ + + fds = getdtablesize(); + pids = (int*)calloc(fds, sizeof(int)); + if(!pids) + return NULL; + } + if (pipe(pdes) < 0) + return (NULL); + + /* break up string into pieces */ + for (argc = 0, cp = program;; cp = NULL) { + foo = NULL; + if (!(argv[argc++] = strtok_r(cp, " \t\n", &foo))) + break; + } + + gargv[0] = (char*)ftp_rooted(argv[0]); + /* glob each piece */ + for (gargc = argc = 1; argv[argc]; argc++) { + glob_t gl; + int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; + + memset(&gl, 0, sizeof(gl)); + if (no_glob || glob(argv[argc], flags, NULL, &gl)) + gargv[gargc++] = strdup(argv[argc]); + else + for (pop = gl.gl_pathv; *pop; pop++) + gargv[gargc++] = strdup(*pop); + globfree(&gl); + } + gargv[gargc] = NULL; + + iop = NULL; + switch(pid = fork()) { + case -1: /* error */ + close(pdes[0]); + close(pdes[1]); + goto pfree; + /* NOTREACHED */ + case 0: /* child */ + if (*type == 'r') { + if (pdes[1] != STDOUT_FILENO) { + dup2(pdes[1], STDOUT_FILENO); + close(pdes[1]); + } + if(do_stderr) + dup2(STDOUT_FILENO, STDERR_FILENO); + close(pdes[0]); + } else { + if (pdes[0] != STDIN_FILENO) { + dup2(pdes[0], STDIN_FILENO); + close(pdes[0]); + } + close(pdes[1]); + } + execv(gargv[0], gargv); + gargv[0] = argv[0]; + execv(gargv[0], gargv); + _exit(1); + } + /* parent; assume fdopen can't fail... */ + if (*type == 'r') { + iop = fdopen(pdes[0], type); + close(pdes[1]); + } else { + iop = fdopen(pdes[1], type); + close(pdes[0]); + } + pids[fileno(iop)] = pid; + +pfree: + for (argc = 1; gargv[argc] != NULL; argc++) + free(gargv[argc]); + + + return (iop); +} + +int +ftpd_pclose(FILE *iop) +{ + int fdes, status; + pid_t pid; + sigset_t sigset, osigset; + + /* + * pclose returns -1 if stream is not associated with a + * `popened' command, or, if already `pclosed'. + */ + if (pids == 0 || pids[fdes = fileno(iop)] == 0) + return (-1); + fclose(iop); + sigemptyset(&sigset); + sigaddset(&sigset, SIGINT); + sigaddset(&sigset, SIGQUIT); + sigaddset(&sigset, SIGHUP); + sigprocmask(SIG_BLOCK, &sigset, &osigset); + while ((pid = waitpid(pids[fdes], &status, 0)) < 0 && errno == EINTR) + continue; + sigprocmask(SIG_SETMASK, &osigset, NULL); + pids[fdes] = 0; + if (pid < 0) + return (pid); + if (WIFEXITED(status)) + return (WEXITSTATUS(status)); + return (1); +} diff --git a/crypto/kerberosIV/appl/kauth/Makefile.in b/crypto/kerberosIV/appl/kauth/Makefile.in new file mode 100644 index 0000000..97bfdb4 --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/Makefile.in @@ -0,0 +1,112 @@ +# $Id: Makefile.in,v 1.33 1997/04/05 21:24:35 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +topdir = ../.. + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ -DBINDIR='"$(bindir)"' +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +LIBS = @LIBS@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ +libexecdir = @libexecdir@ +bindir = @bindir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +PROG_BIN = kauth$(EXECSUFFIX) ksrvtgt +PROG_LIBEXEC = kauthd$(EXECSUFFIX) +PROGS = $(PROG_BIN) $(PROG_LIBEXEC) + +SOURCES_KAUTH = kauth.c rkinit.c +SOURCES_KAUTHD = kauthd.c +SOURCES_COMMON = encdata.c marshall.c + +OBJECTS_KAUTH = kauth.o rkinit.o +OBJECTS_KAUTHD = kauthd.o +OBJECTS_COMMON = marshall.o encdata.o + +OBJECTS = $(OBJECTS_KAUTH) $(OBJECTS_KAUTHD) +SOURCES = $(SOURCES_KAUTH) $(SOURCES_KAUTHD) $(SOURCES_COMMON) + +KRB_KAFS_LIB = @KRB_KAFS_LIB@ + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(bindir) $(libexecdir) + for x in $(PROG_BIN); do \ + $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x| sed '$(transform)'`; \ + done + if test -f $(bindir)/zrefresh -o -r $(bindir)/zrefresh; then \ + true; \ + else \ + $(INSTALL_PROGRAM) $(srcdir)/zrefresh $(bindir)/`echo zrefresh | sed '$(transform)'`; \ + fi + for x in $(PROG_LIBEXEC); do \ + $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x| sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROG_BIN); do \ + rm -f $(bindir)/`echo $$x| sed '$(transform)'`; \ + done + for x in $(PROG_LIBEXEC); do \ + rm -f $(libexecdir)/`echo $$x| sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes +LIBROKEN=-L../../lib/roken -lroken + +kauth$(EXECSUFFIX): $(OBJECTS_KAUTH) $(OBJECTS_COMMON) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KAUTH) $(OBJECTS_COMMON) $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +kauthd$(EXECSUFFIX): $(OBJECTS_KAUTHD) $(OBJECTS_COMMON) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KAUTHD) $(OBJECTS_COMMON) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +ksrvtgt: ksrvtgt.in + sed -e "s!%bindir%!$(bindir)!" $(srcdir)/ksrvtgt.in > $@ + chmod +x $@ + + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/appl/kauth/encdata.c b/crypto/kerberosIV/appl/kauth/encdata.c new file mode 100644 index 0000000..800326a --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/encdata.c @@ -0,0 +1,101 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kauth.h" + +RCSID("$Id: encdata.c,v 1.9 1997/04/01 08:17:30 joda Exp $"); + +int +write_encrypted (int fd, void *buf, size_t len, des_key_schedule schedule, + des_cblock *session, struct sockaddr_in *me, + struct sockaddr_in *him) +{ + void *outbuf; + int32_t outlen, l; + int i; + unsigned char tmp[4]; + + outbuf = malloc(len + 30); + if (outbuf == NULL) + return -1; + outlen = krb_mk_priv (buf, outbuf, len, schedule, session, me, him); + if (outlen < 0) { + free(outbuf); + return -1; + } + l = outlen; + for(i = 3; i >= 0; i--, l = l >> 8) + tmp[i] = l & 0xff; + if (krb_net_write (fd, tmp, 4) != 4 || + krb_net_write (fd, outbuf, outlen) != outlen) { + free(outbuf); + return -1; + } + + free(outbuf); + return 0; +} + + +int +read_encrypted (int fd, void *buf, size_t len, void **ret, + des_key_schedule schedule, des_cblock *session, + struct sockaddr_in *him, struct sockaddr_in *me) +{ + int status; + int32_t l; + MSG_DAT msg; + unsigned char tmp[4]; + + l = krb_net_read (fd, tmp, 4); + if (l != 4) + return l; + l = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3]; + if (l > len) + return -1; + if (krb_net_read (fd, buf, l) != l) + return -1; + status = krb_rd_priv (buf, l, schedule, session, him, me, &msg); + if (status != RD_AP_OK) { + fprintf (stderr, "read_encrypted: %s\n", + krb_get_err_text(status)); + return -1; + } + *ret = msg.app_data; + return msg.app_length; +} diff --git a/crypto/kerberosIV/appl/kauth/kauth.c b/crypto/kerberosIV/appl/kauth/kauth.c new file mode 100644 index 0000000..84614b0 --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/kauth.c @@ -0,0 +1,312 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * Little program that reads an srvtab or password and + * creates a suitable ticketfile and associated AFS tokens. + * + * If an optional command is given the command is executed in a + * new PAG and when the command exits the tickets are destroyed. + */ + +#include "kauth.h" + +RCSID("$Id: kauth.c,v 1.75 1997/05/02 15:09:24 assar Exp $"); + +krb_principal princ; +static char srvtab[MaxPathLen + 1]; +static int lifetime = DEFAULT_TKT_LIFE; +static char remote_tktfile[MaxPathLen + 1]; +static char remoteuser[100]; +static char *cell = 0; + +static void +usage(void) +{ + fprintf(stderr, + "Usage: %s [-n <name>] [-r remoteuser] [-t remote ticketfile]" + "[-l lifetime (in minutes) ] [-h hosts... ]" + "[-f srvtab ] [-c AFS cell name ] [command ... ]\n", + __progname); + fprintf(stderr, "\nA fully qualified name can be given user[.instance][@realm]\nRealm is converted to uppercase!\n"); + exit(1); +} + +static void +doexec(int argc, char **argv) +{ + int status; + pid_t ret; + + switch (fork()) { + case -1: + err (1, "fork"); + break; + case 0: + /* in child */ + execvp(argv[0], argv); + err (1, "Can't exec program ``%s''", argv[0]); + break; + default: + /* in parent */ + do { + ret = wait(&status); + } while ((ret > 0 && !WIFEXITED(status)) || (ret < 0 && errno == EINTR)); + if (ret < 0) + perror("wait"); + dest_tkt(); + if (k_hasafs()) + k_unlog(); + break; + } +} + +static RETSIGTYPE +renew(int sig) +{ + int code; + + signal(SIGALRM, renew); + + code = krb_get_svc_in_tkt(princ.name, princ.instance, princ.realm, + KRB_TICKET_GRANTING_TICKET, + princ.realm, lifetime, srvtab); + if (code) + warnx ("%s", krb_get_err_text(code)); + else if (k_hasafs()) + { + if ((code = k_afsklog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) { + warnx ("%s", krb_get_err_text(code)); + } + } + + alarm(krb_life_to_time(0, lifetime)/2 - 60); + SIGRETURN(0); +} + +static int +zrefresh(void) +{ + switch (fork()) { + case -1: + err (1, "Warning: Failed to fork zrefresh"); + return -1; + case 0: + /* Child */ + execlp("zrefresh", "zrefresh", 0); + execl(BINDIR "/zrefresh", "zrefresh", 0); + exit(1); + default: + /* Parent */ + break; + } + return 0; +} + +static int +key_to_key(char *user, char *instance, char *realm, void *arg, + des_cblock *key) +{ + memcpy(key, arg, sizeof(des_cblock)); + return 0; +} + +int +main(int argc, char **argv) +{ + int code, more_args; + int ret; + int c; + char *file; + int pflag = 0; + char passwd[100]; + des_cblock key; + char **host; + int nhost; + char tf[MaxPathLen]; + + set_progname (argv[0]); + + if ((file = getenv("KRBTKFILE")) == 0) + file = TKT_FILE; + + memset(&princ, 0, sizeof(princ)); + memset(srvtab, 0, sizeof(srvtab)); + *remoteuser = '\0'; + nhost = 0; + + while ((c = getopt(argc, argv, "r:t:f:hl:n:c:")) != EOF) + switch (c) { + case 'f': + strncpy(srvtab, optarg, sizeof(srvtab)); + break; + case 't': + strncpy(remote_tktfile, optarg, sizeof(remote_tktfile)); + break; + case 'r': + strncpy(remoteuser, optarg, sizeof(remoteuser)); + break; + case 'l': + lifetime = atoi(optarg); + if (lifetime == -1) + lifetime = 255; + else if (lifetime < 5) + lifetime = 1; + else + lifetime = krb_time_to_life(0, lifetime*60); + if (lifetime > 255) + lifetime = 255; + break; + case 'n': + if ((code = krb_parse_name(optarg, &princ)) != 0) { + warnx ("%s", krb_get_err_text(code)); + usage(); + } + strupr(princ.realm); + pflag = 1; + break; + case 'c': + cell = optarg; + break; + case 'h': + host = argv + optind; + for(nhost = 0; optind < argc && *argv[optind] != '-'; ++optind) + ++nhost; + break; + case '?': + default: + usage(); + break; + } + + /* Look for kerberos name */ + if (!pflag && optind < argc && krb_parse_name(argv[optind], &princ) == 0) { + ++optind; + strupr(princ.realm); + } + + if (princ.name[0] == '\0' && krb_get_default_principal (princ.name, + princ.instance, + princ.realm) < 0) + errx (1, "Could not get default principal"); + + if (*remoteuser == '\0') + strcpy (remoteuser, princ.name); + + more_args = argc - optind; + + if (princ.realm[0] == '\0') + if (krb_get_lrealm(princ.realm, 1) != KSUCCESS) + strcpy(princ.realm, KRB_REALM); + + if (more_args) { + int f; + + do{ + snprintf(tf, sizeof(tf), + TKT_ROOT "%u_%u", + (unsigned)getuid(), + (unsigned)(getpid()*time(0))); + f = open(tf, O_CREAT|O_EXCL|O_RDWR); + }while(f < 0); + close(f); + unlink(tf); + setenv("KRBTKFILE", tf, 1); + krb_set_tkt_string (tf); + } + + if (srvtab[0]) + { + signal(SIGALRM, renew); + + code = read_service_key (princ.name, princ.instance, princ.realm, 0, + srvtab, (char *)&key); + if (code == KSUCCESS) + code = krb_get_in_tkt(princ.name, princ.instance, princ.realm, + KRB_TICKET_GRANTING_TICKET, + princ.realm, lifetime, + key_to_key, NULL, key); + alarm(krb_life_to_time(0, lifetime)/2 - 60); + } + else { + char prompt[128]; + + snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&princ)); + if (des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)){ + memset(passwd, 0, sizeof(passwd)); + exit(1); + } + des_string_to_key (passwd, &key); + code = krb_get_in_tkt (princ.name, princ.instance, princ.realm, + KRB_TICKET_GRANTING_TICKET, + princ.realm, lifetime, + key_to_key, NULL, key); + if(code == INTK_BADPW) { + afs_string_to_key (passwd, princ.realm, &key); + code = krb_get_in_tkt (princ.name, princ.instance, princ.realm, + KRB_TICKET_GRANTING_TICKET, + princ.realm, lifetime, + key_to_key, NULL, key); + } + memset(passwd, 0, sizeof(passwd)); + } + if (code) { + memset (key, 0, sizeof(key)); + errx (1, "%s", krb_get_err_text(code)); + } + + if (k_hasafs()) { + if (more_args) + k_setpag(); + if ((code = k_afsklog(cell, NULL)) != 0 && code != KDC_PR_UNKNOWN) + warnx ("%s", krb_get_err_text(code)); + } + + for(ret = 0; nhost-- > 0; host++) + ret += rkinit(&princ, lifetime, remoteuser, remote_tktfile, &key, *host); + + if (ret) + return ret; + + if (more_args) + doexec(more_args, &argv[optind]); + else + zrefresh(); + + return 0; +} diff --git a/crypto/kerberosIV/appl/kauth/kauth.h b/crypto/kerberosIV/appl/kauth/kauth.h new file mode 100644 index 0000000..2c48fcc --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/kauth.h @@ -0,0 +1,118 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kauth.h,v 1.18 1997/05/20 18:40:31 bg Exp $ */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif /* HAVE_CONFIG_H */ + +#include <stdio.h> +#include <stdlib.h> +#include <ctype.h> +#include <string.h> +#include <signal.h> +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#include <errno.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif +#ifdef HAVE_GRP_H +#include <grp.h> +#endif + +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif +#ifdef HAVE_SYS_RESOURCE_H +#include <sys/resource.h> +#endif /* HAVE_SYS_RESOURCE_H */ +#ifdef HAVE_SYS_WAIT_H +#include <sys/wait.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +#ifdef SOCKS +#include <socks.h> +#endif + +#include <err.h> + +#include <krb.h> +#include <kafs.h> + +#include <roken.h> + +#define KAUTH_PORT 2120 + +#define KAUTH_VERSION "RKINIT.0" + +int rkinit (krb_principal*, int, char*, char*, des_cblock*, char*); + +int write_encrypted (int, void*, size_t, des_key_schedule, + des_cblock*, struct sockaddr_in*, struct sockaddr_in*); + +int read_encrypted (int, void*, size_t, void **, des_key_schedule, + des_cblock*, struct sockaddr_in*, struct sockaddr_in*); + +unsigned pack_args (char *, krb_principal*, int, char*, char*); + +int unpack_args (char*, krb_principal*, int*, char*, char*); diff --git a/crypto/kerberosIV/appl/kauth/kauthd.c b/crypto/kerberosIV/appl/kauth/kauthd.c new file mode 100644 index 0000000..b6a40cf --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/kauthd.c @@ -0,0 +1,201 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kauth.h" + +RCSID("$Id: kauthd.c,v 1.22 1997/05/18 20:37:55 assar Exp $"); + +krb_principal princ; +static char locuser[SNAME_SZ + 1]; +static int lifetime; +static char tktfile[MaxPathLen + 1]; + +struct remote_args { + int sock; + des_key_schedule *schedule; + des_cblock *session; + struct sockaddr_in *me, *her; +}; + +static int +decrypt_remote_tkt (char *user, char *inst, char *realm, void *varg, + key_proc_t key_proc, KTEXT *cipp) +{ + char buf[BUFSIZ]; + void *ptr; + int len; + KTEXT cip = *cipp; + struct remote_args *args = (struct remote_args *)varg; + + write_encrypted (args->sock, cip->dat, cip->length, + *args->schedule, args->session, args->me, + args->her); + len = read_encrypted (args->sock, buf, sizeof(buf), &ptr, *args->schedule, + args->session, args->her, args->me); + memcpy(cip->dat, ptr, cip->length); + + return 0; +} + +static int +doit(int sock) +{ + int status; + KTEXT_ST ticket; + AUTH_DAT auth; + char instance[INST_SZ + 1]; + des_key_schedule schedule; + struct sockaddr_in thisaddr, thataddr; + int addrlen; + int len; + char buf[BUFSIZ]; + void *data; + struct passwd *passwd; + char version[KRB_SENDAUTH_VLEN + 1]; + char remotehost[MaxHostNameLen]; + + addrlen = sizeof(thisaddr); + if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 || + addrlen != sizeof(thisaddr)) { + return 1; + } + addrlen = sizeof(thataddr); + if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 || + addrlen != sizeof(thataddr)) { + return 1; + } + + inaddr2str (thataddr.sin_addr, remotehost, sizeof(remotehost)); + + k_getsockinst (sock, instance, sizeof(instance)); + status = krb_recvauth (KOPT_DO_MUTUAL, sock, &ticket, "rcmd", instance, + &thataddr, &thisaddr, &auth, "", schedule, + version); + if (status != KSUCCESS || + strncmp(version, KAUTH_VERSION, KRB_SENDAUTH_VLEN) != 0) { + return 1; + } + len = read_encrypted (sock, buf, sizeof(buf), &data, schedule, + &auth.session, &thataddr, &thisaddr); + if (len < 0) { + write_encrypted (sock, "read_enc failed", + sizeof("read_enc failed") - 1, schedule, + &auth.session, &thisaddr, &thataddr); + return 1; + } + if (unpack_args(data, &princ, &lifetime, locuser, + tktfile)) { + write_encrypted (sock, "unpack_args failed", + sizeof("unpack_args failed") - 1, schedule, + &auth.session, &thisaddr, &thataddr); + return 1; + } + + if( kuserok(&auth, locuser) != 0) { + snprintf(buf, sizeof(buf), "%s cannot get tickets for %s", + locuser, krb_unparse_name(&princ)); + syslog (LOG_ERR, buf); + write_encrypted (sock, buf, strlen(buf), schedule, + &auth.session, &thisaddr, &thataddr); + return 1; + } + passwd = k_getpwnam (locuser); + if (passwd == NULL) { + snprintf (buf, sizeof(buf), "No user '%s'", locuser); + syslog (LOG_ERR, buf); + write_encrypted (sock, buf, strlen(buf), schedule, + &auth.session, &thisaddr, &thataddr); + return 1; + } + if (setgid (passwd->pw_gid) || + initgroups(passwd->pw_name, passwd->pw_gid) || + setuid(passwd->pw_uid)) { + snprintf (buf, sizeof(buf), "Could not change user"); + syslog (LOG_ERR, buf); + write_encrypted (sock, buf, strlen(buf), schedule, + &auth.session, &thisaddr, &thataddr); + return 1; + } + write_encrypted (sock, "ok", sizeof("ok") - 1, schedule, + &auth.session, &thisaddr, &thataddr); + + if (*tktfile == 0) + snprintf(tktfile, sizeof(tktfile), "%s%u", TKT_ROOT, (unsigned)getuid()); + krb_set_tkt_string (tktfile); + + { + struct remote_args arg; + + arg.sock = sock; + arg.schedule = &schedule; + arg.session = &auth.session; + arg.me = &thisaddr; + arg.her = &thataddr; + + status = krb_get_in_tkt (princ.name, princ.instance, princ.realm, + KRB_TICKET_GRANTING_TICKET, + princ.realm, + lifetime, NULL, decrypt_remote_tkt, &arg); + } + if (status == KSUCCESS) { + syslog (LOG_INFO, "from %s(%s): %s -> %s", + remotehost, + inet_ntoa(thataddr.sin_addr), + locuser, + krb_unparse_name (&princ)); + write_encrypted (sock, "ok", sizeof("ok") - 1, schedule, + &auth.session, &thisaddr, &thataddr); + return 0; + } else { + snprintf (buf, sizeof(buf), "TGT failed: %s", krb_get_err_text(status)); + syslog (LOG_NOTICE, buf); + write_encrypted (sock, buf, strlen(buf), schedule, + &auth.session, &thisaddr, &thataddr); + return 1; + } +} + +int +main (int argc, char **argv) +{ + openlog ("kauthd", LOG_ODELAY, LOG_AUTH); + + if(argc > 1 && strcmp(argv[1], "-i") == 0) + mini_inetd (k_getportbyname("kauth", "tcp", htons(KAUTH_PORT))); + return doit(STDIN_FILENO); +} diff --git a/crypto/kerberosIV/appl/kauth/ksrvtgt.in b/crypto/kerberosIV/appl/kauth/ksrvtgt.in new file mode 100644 index 0000000..30d9e15 --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/ksrvtgt.in @@ -0,0 +1,14 @@ +#! /bin/sh +# $Id: ksrvtgt.in,v 1.2 1997/04/05 21:29:17 assar Exp $ + +usage="Usage: `basename $0` name instance [[realm] srvtab]" + +if [ $# -lt 2 -o $# -gt 4 ]; then + echo "$usage" + exit 1 +fi + +srvtab="${4-${3-/etc/srvtab}}" +realm="${4+@$3}" + +%bindir%/kauth -n "$1.$2$realm" -l 5 -f "$srvtab " diff --git a/crypto/kerberosIV/appl/kauth/marshall.c b/crypto/kerberosIV/appl/kauth/marshall.c new file mode 100644 index 0000000..4f1bfeb --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/marshall.c @@ -0,0 +1,97 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kauth.h" + +RCSID("$Id: marshall.c,v 1.7 1997/04/01 08:17:32 joda Exp $"); + +unsigned +pack_args (char *buf, krb_principal *pr, int lifetime, + char *locuser, char *tktfile) +{ + char *p; + + p = buf; + strcpy (p, pr->name); + p += strlen (pr->name) + 1; + strcpy (p, pr->instance); + p += strlen (pr->instance) + 1; + strcpy (p, pr->realm); + p += strlen (pr->realm) + 1; + *p++ = (unsigned char)lifetime; + strcpy(p, locuser); + p += strlen (locuser) + 1; + strcpy(p, tktfile); + p += strlen(tktfile) + 1; + return p - buf; +} + +int +unpack_args (char *buf, krb_principal *pr, int *lifetime, + char *locuser, char *tktfile) +{ + int len; + + len = strlen(buf); + if (len > SNAME_SZ) + return -1; + strncpy(pr->name, buf, len + 1); + buf += len + 1; + len = strlen (buf); + if (len > INST_SZ) + return -1; + strncpy (pr->instance, buf, len + 1); + buf += len + 1; + len = strlen (buf); + if (len > REALM_SZ) + return -1; + strncpy (pr->realm, buf, len + 1); + buf += len + 1; + *lifetime = (unsigned char)*buf++; + len = strlen(buf); + if (len > SNAME_SZ) + return -1; + strncpy (locuser, buf, len + 1); + buf += len + 1; + len = strlen(buf); + if (len > MaxPathLen) + return -1; + strncpy (tktfile, buf, len + 1); + buf += len + 1; + return 0; +} diff --git a/crypto/kerberosIV/appl/kauth/rkinit.c b/crypto/kerberosIV/appl/kauth/rkinit.c new file mode 100644 index 0000000..ec75d46 --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/rkinit.c @@ -0,0 +1,222 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kauth.h" + +RCSID("$Id: rkinit.c,v 1.19 1997/04/01 08:17:33 joda Exp $"); + +static struct in_addr * +getalladdrs (char *hostname, unsigned *count) +{ + struct hostent *hostent; + struct in_addr **h; + struct in_addr *addr; + unsigned naddr; + unsigned maxaddr; + + hostent = gethostbyname (hostname); + if (hostent == NULL) { + warnx ("gethostbyname '%s' failed: %s\n", + hostname, +#ifdef HAVE_H_ERRNO + hstrerror(h_errno) +#else + "unknown error" +#endif + ); + return NULL; + } + maxaddr = 1; + naddr = 0; + addr = malloc(sizeof(*addr) * maxaddr); + if (addr == NULL) { + warnx ("out of memory"); + return NULL; + } + for (h = (struct in_addr **)(hostent->h_addr_list); + *h != NULL; + h++) { + if (naddr >= maxaddr) { + maxaddr *= 2; + addr = realloc (addr, sizeof(*addr) * maxaddr); + if (addr == NULL) { + warnx ("out of memory"); + return NULL; + } + } + addr[naddr++] = **h; + } + addr = realloc (addr, sizeof(*addr) * naddr); + if (addr == NULL) { + warnx ("out of memory"); + return NULL; + } + *count = naddr; + return addr; +} + +static int +doit_host (krb_principal *princ, int lifetime, char *locuser, + char *tktfile, des_cblock *key, int s, char *hostname) +{ + char buf[BUFSIZ]; + int inlen; + KTEXT_ST text; + CREDENTIALS cred; + MSG_DAT msg; + int status; + des_key_schedule schedule; + struct sockaddr_in thisaddr, thataddr; + int addrlen; + void *ret; + + addrlen = sizeof(thisaddr); + if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0 || + addrlen != sizeof(thisaddr)) { + warn ("getsockname(%s)", hostname); + return 1; + } + addrlen = sizeof(thataddr); + if (getpeername (s, (struct sockaddr *)&thataddr, &addrlen) < 0 || + addrlen != sizeof(thataddr)) { + warn ("getpeername(%s)", hostname); + return 1; + } + + status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd", + hostname, krb_realmofhost (hostname), + getpid(), &msg, &cred, schedule, + &thisaddr, &thataddr, KAUTH_VERSION); + if (status != KSUCCESS) { + warnx ("%s: %s\n", hostname, krb_get_err_text(status)); + return 1; + } + inlen = pack_args (buf, princ, lifetime, locuser, tktfile); + + if (write_encrypted(s, buf, inlen, schedule, &cred.session, + &thisaddr, &thataddr) < 0) { + warn ("write to %s", hostname); + return 1; + } + + inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule, + &cred.session, &thataddr, &thisaddr); + if (inlen < 0) { + warn ("read from %s failed", hostname); + return 1; + } + + if (strncmp(ret, "ok", inlen) != 0) { + warnx ("error from %s: %.*s\n", + hostname, inlen, (char *)ret); + return 1; + } + + inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule, + &cred.session, &thataddr, &thisaddr); + if (inlen < 0) { + warn ("read from %s", hostname); + return 1; + } + + { + des_key_schedule key_s; + + des_key_sched(key, key_s); + des_pcbc_encrypt(ret, ret, inlen, key_s, key, DES_DECRYPT); + memset(key_s, 0, sizeof(key_s)); + } + write_encrypted (s, ret, inlen, schedule, &cred.session, + &thisaddr, &thataddr); + + inlen = read_encrypted (s, buf, sizeof(buf), &ret, schedule, + &cred.session, &thataddr, &thisaddr); + if (inlen < 0) { + warn ("read from %s", hostname); + return 1; + } + + if (strncmp(ret, "ok", inlen) != 0) { + warnx ("error from %s: %.*s\n", + hostname, inlen, (char *)ret); + return 1; + } + return 0; +} + +int +rkinit (krb_principal *princ, int lifetime, char *locuser, + char *tktfile, des_cblock *key, char *hostname) +{ + struct in_addr *addr; + unsigned naddr; + unsigned i; + int port; + int success; + + addr = getalladdrs (hostname, &naddr); + if (addr == NULL) + return 1; + port = k_getportbyname ("kauth", "tcp", htons(KAUTH_PORT)); + success = 0; + for (i = 0; !success && i < naddr; ++i) { + struct sockaddr_in a; + int s; + + memset(&a, 0, sizeof(a)); + a.sin_family = AF_INET; + a.sin_port = port; + a.sin_addr = addr[i]; + + s = socket (AF_INET, SOCK_STREAM, 0); + if (s < 0) { + warn("socket"); + return 1; + } + if (connect(s, (struct sockaddr *)&a, sizeof(a)) < 0) { + warn("connect(%s)", hostname); + continue; + } + + success = success || !doit_host (princ, lifetime, + locuser, tktfile, key, + s, hostname); + close (s); + } + return !success; +} diff --git a/crypto/kerberosIV/appl/kauth/zrefresh b/crypto/kerberosIV/appl/kauth/zrefresh new file mode 100644 index 0000000..8347a1b --- /dev/null +++ b/crypto/kerberosIV/appl/kauth/zrefresh @@ -0,0 +1,12 @@ +#!/bin/sh +# +# @(#) $Id: zrefresh,v 1.3 1996/06/09 19:21:59 joda Exp $ +# +# Substitute this script with a real zrefresh if running Zephyr. For +# instance: +# +# if [ -f "$WGFILE" ] ; then +# zctl load +# fi + +exit 0 diff --git a/crypto/kerberosIV/appl/kip/Makefile.in b/crypto/kerberosIV/appl/kip/Makefile.in new file mode 100644 index 0000000..690a661 --- /dev/null +++ b/crypto/kerberosIV/appl/kip/Makefile.in @@ -0,0 +1,96 @@ +# $Id: Makefile.in,v 1.12 1997/03/23 13:04:03 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +LIBS = @LIBS@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libexecdir = @libexecdir@ +libdir = @libdir@ +bindir = @bindir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +PROG_BIN = kip$(EXECSUFFIX) +PROG_LIBEXEC = kipd$(EXECSUFFIX) +PROGS = $(PROG_BIN) $(PROG_LIBEXEC) + +SOURCES_KIP = kip.c +SOURCES_KIPD = kipd.c +SOURCES_COMMON = common.c + +OBJECTS_KIP = kip.o common.o +OBJECTS_KIPD = kipd.o common.o + +OBJECTS = $(OBJECTS_KIP) $(OBJECTS_KIPD) +SOURCES = $(SOURCES_KIP) $(SOURCES_KIPD) $(SOURCES_COMMON) + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(bindir) $(libexecdir) + for x in $(PROG_BIN); do \ + $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + for x in $(PROG_LIBEXEC); do \ + $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROG_BIN); do \ + rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + for x in $(PROG_LIBEXEC); do \ + rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes +LIBROKEN=-L../../lib/roken -lroken + +kip$(EXECSUFFIX): $(OBJECTS_KIP) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIP) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +kipd$(EXECSUFFIX): $(OBJECTS_KIPD) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIPD) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/appl/kip/common.c b/crypto/kerberosIV/appl/kip/common.c new file mode 100644 index 0000000..b21d03d --- /dev/null +++ b/crypto/kerberosIV/appl/kip/common.c @@ -0,0 +1,178 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kip.h" + +RCSID("$Id: common.c,v 1.12 1997/05/02 14:28:06 assar Exp $"); + +/* + * Copy packets from `tundev' to `netdev' or vice versa. + * Mode is used when reading from `tundev' + */ + +int +copy_packets (int tundev, int netdev, int mtu, des_cblock *iv, + des_key_schedule schedule) +{ + des_cblock iv1, iv2; + int num1 = 0, num2 = 0; + u_char *buf; + + buf = malloc (mtu + 2); + if (buf == NULL) { + warnx("malloc(%d) failed", mtu); + return 1; + } + + memcpy (&iv1, iv, sizeof(iv1)); + memcpy (&iv2, iv, sizeof(iv2)); + for (;;) { + fd_set fdset; + int ret, len; + + FD_ZERO(&fdset); + FD_SET(tundev, &fdset); + FD_SET(netdev, &fdset); + + ret = select (max(tundev, netdev)+1, &fdset, NULL, NULL, NULL); + if (ret < 0 && errno != EINTR) { + warn ("select"); + return 1; + } + if (FD_ISSET(tundev, &fdset)) { + ret = read (tundev, buf + 2, mtu); + if (ret == 0) + return 0; + if (ret < 0) { + if (errno == EINTR) + continue; + else { + warn("read"); + return ret; + } + } + buf[0] = ret >> 8; + buf[1] = ret & 0xFF; + ret += 2; + des_cfb64_encrypt (buf, buf, ret, schedule, + &iv1, &num1, DES_ENCRYPT); + ret = krb_net_write (netdev, buf, ret); + if (ret < 0) { + warn("write"); + return ret; + } + } + if (FD_ISSET(netdev, &fdset)) { + ret = read (netdev, buf, 2); + if (ret == 0) + return 0; + if (ret < 0) { + if (errno == EINTR) + continue; + else { + warn("read"); + return ret; + } + } + des_cfb64_encrypt (buf, buf, 2, schedule, + &iv2, &num2, DES_DECRYPT); + len = (buf[0] << 8 ) | buf[1]; + ret = krb_net_read (netdev, buf + 2, len); + if (ret == 0) + return 0; + if (ret < 0) { + if (errno == EINTR) + continue; + else { + warn("read"); + return ret; + } + } + des_cfb64_encrypt (buf + 2, buf + 2, len, schedule, + &iv2, &num2, DES_DECRYPT); + ret = krb_net_write (tundev, buf + 2, len); + if (ret < 0) { + warn("write"); + return ret; + } + } + } +} + +/* + * Signal handler that justs waits for the children when they die. + */ + +RETSIGTYPE +childhandler (int sig) +{ + pid_t pid; + int status; + + do { + pid = waitpid (-1, &status, WNOHANG|WUNTRACED); + } while(pid > 0); + signal (SIGCHLD, childhandler); + SIGRETURN(0); +} + +/* + * Find a free tunnel device and open it. + */ + +int +tunnel_open (void) +{ + int fd; + int i; + char name[64]; + + for (i = 0; i < 256; ++i) { + snprintf (name, sizeof(name), "%s%s%d", _PATH_DEV, TUNDEV, i); + fd = open (name, O_RDWR, 0); + if (fd >= 0) + break; + if (errno == ENOENT || errno == ENODEV) { + warn("open %s", name); + return fd; + } + } + if (fd < 0) + warn("open %s" ,name); + return fd; +} diff --git a/crypto/kerberosIV/appl/kip/kip.c b/crypto/kerberosIV/appl/kip/kip.c new file mode 100644 index 0000000..e324a28 --- /dev/null +++ b/crypto/kerberosIV/appl/kip/kip.c @@ -0,0 +1,179 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kip.h" + +RCSID("$Id: kip.c,v 1.15 1997/05/11 10:54:51 assar Exp $"); + +static void +usage() +{ + fprintf (stderr, "Usage: %s host\n", + __progname); + exit (1); +} + +/* + * Establish authenticated connection + */ + +static int +connect_host (char *host, des_cblock *key, des_key_schedule schedule) +{ + CREDENTIALS cred; + KTEXT_ST text; + MSG_DAT msg; + int status; + struct sockaddr_in thisaddr, thataddr; + int addrlen; + struct hostent *hostent; + int s; + u_char b; + char **p; + + hostent = gethostbyname (host); + if (hostent == NULL) { + warnx ("gethostbyname '%s': %s", host, +#ifdef HAVE_H_ERRNO + hstrerror(h_errno) +#else + "unknown error" +#endif + ); + return -1; + } + + memset (&thataddr, 0, sizeof(thataddr)); + thataddr.sin_family = AF_INET; + thataddr.sin_port = k_getportbyname ("kip", "tcp", htons(KIPPORT)); + + for(p = hostent->h_addr_list; *p; ++p) { + int one = 1; + + memcpy (&thataddr.sin_addr, *p, sizeof(thataddr.sin_addr)); + + s = socket (AF_INET, SOCK_STREAM, 0); + if (s < 0) { + warn ("socket"); + return -1; + } + +#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT) + setsockopt (s, IPPROTO_TCP, TCP_NODELAY, (void *)&one, sizeof(one)); +#endif + + if (connect (s, (struct sockaddr *)&thataddr, sizeof(thataddr)) < 0) { + warn ("connect(%s)", host); + close (s); + continue; + } else { + break; + } + } + if (*p == NULL) + return -1; + + addrlen = sizeof(thisaddr); + if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0 || + addrlen != sizeof(thisaddr)) { + warn ("getsockname(%s)", host); + return -1; + } + status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd", + host, krb_realmofhost (host), + getpid(), &msg, &cred, schedule, + &thisaddr, &thataddr, KIP_VERSION); + if (status != KSUCCESS) { + warnx("%s: %s", host, + krb_get_err_text(status)); + return -1; + } + if (read (s, &b, sizeof(b)) != sizeof(b)) { + warn ("read"); + return -1; + } + if (b) { + char buf[BUFSIZ]; + + read (s, buf, sizeof(buf)); + buf[BUFSIZ - 1] = '\0'; + + warnx ("%s: %s", host, buf); + return -1; + } + + memcpy(key, &cred.session, sizeof(des_cblock)); + return s; +} + +/* + * Connect to the given host. + */ + +static int +doit (char *host) +{ + des_key_schedule schedule; + des_cblock iv; + int other, this; + struct ifreq ifreq; + int sock; + + other = connect_host (host, &iv, schedule); + if (other < 0) + return 1; + this = tunnel_open (); + if (this < 0) + return 1; + return copy_packets (this, other, TUNMTU, &iv, schedule); +} + +/* + * kip - forward IP packets over a kerberos-encrypted channel. + * + */ + +int +main(int argc, char **argv) +{ + set_progname (argv[0]); + + if (argc != 2) + usage (); + return doit (argv[1]); +} diff --git a/crypto/kerberosIV/appl/kip/kip.h b/crypto/kerberosIV/appl/kip/kip.h new file mode 100644 index 0000000..94e30a5 --- /dev/null +++ b/crypto/kerberosIV/appl/kip/kip.h @@ -0,0 +1,106 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kip.h,v 1.16 1997/05/20 18:40:31 bg Exp $ */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif /* HAVE_CONFIG_H */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <errno.h> +#include <pwd.h> +#include <signal.h> +#include <paths.h> +#include <fcntl.h> +#ifdef HAVE_SYSLOG_H +#include <syslog.h> +#endif +#include <sys/types.h> +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif +#ifdef HAVE_SYS_RESOURCE_H +#include <sys/resource.h> +#endif +#ifdef HAVE_SYS_SELECT_H +#include <sys/select.h> +#endif +#include <sys/wait.h> +#include <sys/stat.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> +#include <sys/sockio.h> +#include <net/if.h> +#ifdef HAVE_NET_IF_VAR_H +#include <net/if_var.h> +#endif +#include <net/if_tun.h> +#include <err.h> + +#ifdef SOCKS +#include <socks.h> +#endif + +#include <krb.h> + +#include <roken.h> + +#define TUNDEV "tun" + +#define KIPPORT 2112 + +#define KIP_VERSION "KIPSRV.0" + +int +copy_packets (int tundev, int netdev, int mtu, des_cblock *iv, + des_key_schedule schedule); + +RETSIGTYPE childhandler (int); + +int +tunnel_open (void); diff --git a/crypto/kerberosIV/appl/kip/kipd.c b/crypto/kerberosIV/appl/kip/kipd.c new file mode 100644 index 0000000..6d9d334 --- /dev/null +++ b/crypto/kerberosIV/appl/kip/kipd.c @@ -0,0 +1,128 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kip.h" + +RCSID("$Id: kipd.c,v 1.13 1997/05/18 20:38:01 assar Exp $"); + +static int +fatal (int fd, char *s) +{ + u_char err = 1; + + write (fd, &err, sizeof(err)); + write (fd, s, strlen(s)+1); + syslog(LOG_ERR, s); + return err; +} + +static int +recv_conn (int sock, des_cblock *key, des_key_schedule schedule, + struct sockaddr_in *retaddr) +{ + int status; + KTEXT_ST ticket; + AUTH_DAT auth; + char instance[INST_SZ + 1]; + struct sockaddr_in thisaddr, thataddr; + int addrlen; + char version[KRB_SENDAUTH_VLEN + 1]; + u_char ok = 0; + struct passwd *passwd; + + addrlen = sizeof(thisaddr); + if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 || + addrlen != sizeof(thisaddr)) { + return 1; + } + addrlen = sizeof(thataddr); + if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 || + addrlen != sizeof(thataddr)) { + return 1; + } + + k_getsockinst (sock, instance, sizeof(instance)); + status = krb_recvauth (KOPT_DO_MUTUAL, sock, &ticket, "rcmd", instance, + &thataddr, &thisaddr, &auth, "", schedule, + version); + if (status != KSUCCESS || + strncmp(version, KIP_VERSION, KRB_SENDAUTH_VLEN) != 0) { + return 1; + } + passwd = k_getpwnam ("root"); + if (passwd == NULL) + return fatal (sock, "Cannot find root"); + if (kuserok(&auth, "root") != 0) + return fatal (sock, "Permission denied"); + if (write (sock, &ok, sizeof(ok)) != sizeof(ok)) + return 1; + + memcpy(key, &auth.session, sizeof(des_cblock)); + *retaddr = thataddr; + return 0; +} + +static int +doit(int sock) +{ + struct sockaddr_in thataddr; + des_key_schedule schedule; + des_cblock key; + int this; + + if (recv_conn (sock, &key, schedule, &thataddr)) + return 1; + this = tunnel_open (); + if (this < 0) + fatal (sock, "Cannot open " _PATH_DEV TUNDEV); + return copy_packets (this, sock, TUNMTU, &key, schedule); +} + +/* + * kipd - receive forwarded IP + */ + +int +main (int argc, char **argv) +{ + set_progname (argv[0]); + + openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON); + signal (SIGCHLD, childhandler); + return doit(0); +} diff --git a/crypto/kerberosIV/config.guess b/crypto/kerberosIV/config.guess new file mode 100644 index 0000000..74253c3 --- /dev/null +++ b/crypto/kerberosIV/config.guess @@ -0,0 +1,696 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 93, 94, 95, 1996 Free Software Foundation, Inc. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Written by Per Bothner <bothner@cygnus.com>. +# The master version of this file is at the FSF in /home/gd/gnu/lib. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# The plan is that this can be called by configure scripts if you +# don't specify an explicit system type (host/target name). +# +# Only a few systems have been added to this list; please add others +# (but try to keep the structure clean). +# + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 8/24/94.) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +trap 'rm -f dummy.c dummy.o dummy; exit 1' 1 2 15 + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + alpha:OSF1:*:*) + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo alpha-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//'` + exit 0 ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit 0 ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-cbm-sysv4 + exit 0;; + amiga:NetBSD:*:*) + echo m68k-cbm-netbsd${UNAME_RELEASE} + exit 0 ;; + amiga:OpenBSD:*:*) + echo m68k-cbm-openbsd${UNAME_RELEASE} + exit 0 ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit 0;; + Pyramid*:OSx*:*:*|MIS*:OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit 0 ;; + NILE:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit 0 ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + i86pc:SunOS:5.*:*) + echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit 0 ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit 0 ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit 0 ;; + atari*:NetBSD:*:*) + echo m68k-atari-netbsd${UNAME_RELEASE} + exit 0 ;; + atari*:OpenBSD:*:*) + echo m68k-atari-openbsd${UNAME_RELEASE} + exit 0 ;; + sun3*:NetBSD:*:*) + echo m68k-sun-netbsd${UNAME_RELEASE} + exit 0 ;; + sun3*:OpenBSD:*:*) + echo m68k-sun-openbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:NetBSD:*:*) + echo m68k-apple-netbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:OpenBSD:*:*) + echo m68k-apple-openbsd${UNAME_RELEASE} + exit 0 ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit 0 ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit 0 ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + sed 's/^ //' << EOF >dummy.c + int main (argc, argv) int argc; char **argv; { + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + ${CC-cc} dummy.c -o dummy \ + && ./dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ + && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + echo mips-mips-riscos${UNAME_RELEASE} + exit 0 ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit 0 ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit 0 ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit 0 ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit 0 ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 -o $UNAME_PROCESSOR = mc88110 ] ; then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx \ + -o ${TARGET_BINARY_INTERFACE}x = x ] ; then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else echo i586-dg-dgux${UNAME_RELEASE} + fi + exit 0 ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit 0 ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit 0 ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit 0 ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit 0 ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit 0 ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i?86:AIX:*:*) + echo i386-ibm-aix + exit 0 ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + sed 's/^ //' << EOF >dummy.c + #include <sys/systemcfg.h> + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + echo rs6000-ibm-aix3.2.5 + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit 0 ;; + *:AIX:*:4) + if /usr/sbin/lsattr -EHl proc0 | grep POWER >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=4.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit 0 ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit 0 ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC NetBSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit 0 ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit 0 ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit 0 ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit 0 ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit 0 ;; + 9000/[3478]??:HP-UX:*:*) + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/7?? | 9000/8?[1679] ) HP_ARCH=hppa1.1 ;; + 9000/8?? ) HP_ARCH=hppa1.0 ;; + esac + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit 0 ;; + 3050*:HI-UX:*:*) + sed 's/^ //' << EOF >dummy.c + #include <unistd.h> + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + ${CC-cc} dummy.c -o dummy && ./dummy && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + echo unknown-hitachi-hiuxwe2 + exit 0 ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit 0 ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit 0 ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit 0 ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit 0 ;; + i?86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit 0 ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit 0 ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit 0 ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit 0 ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit 0 ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit 0 ;; + CRAY*X-MP:*:*:*) + echo xmp-cray-unicos + exit 0 ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} + exit 0 ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ + exit 0 ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} + exit 0 ;; + CRAY-2:*:*:*) + echo cray2-cray-unicos + exit 0 ;; + F300:UNIX_System_V:*:*) + FUJITSU_SYS=`uname -p | tr [A-Z] [a-z] | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "f300-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit 0 ;; + F301:UNIX_System_V:*:*) + echo f301-fujitsu-uxpv`echo $UNAME_RELEASE | sed 's/ .*//'` + exit 0 ;; + hp3[0-9][05]:NetBSD:*:*) + echo m68k-hp-netbsd${UNAME_RELEASE} + exit 0 ;; + hp3[0-9][05]:OpenBSD:*:*) + echo m68k-hp-openbsd${UNAME_RELEASE} + exit 0 ;; + i?86:BSD/386:*:* | *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit 0 ;; + *:FreeBSD:*:*) + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit 0 ;; + *:NetBSD:*:*) + echo ${UNAME_MACHINE}-unknown-netbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + exit 0 ;; + *:OpenBSD:*:*) + echo ${UNAME_MACHINE}-unknown-openbsd`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + exit 0 ;; + i*:CYGWIN*:*) + echo i386-pc-cygwin32 + exit 0 ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin32 + exit 0 ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + *:GNU:*:*) + echo `echo ${UNAME_MACHINE}|sed -e 's,/.*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit 0 ;; + *:Linux:*:*) + # The BFD linker knows what the default object file format is, so + # first see if it will tell us. + ld_help_string=`ld --help 2>&1` + if echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf_i.86"; then + echo "${UNAME_MACHINE}-pc-linux-gnu" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86linux"; then + echo "${UNAME_MACHINE}-pc-linux-gnuaout" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: i.86coff"; then + echo "${UNAME_MACHINE}-pc-linux-gnucoff" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68kelf"; then + echo "${UNAME_MACHINE}-unknown-linux-gnu" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: m68klinux"; then + echo "${UNAME_MACHINE}-unknown-linux-gnuaout" ; exit 0 + elif echo "$ld_help_string" | grep >/dev/null 2>&1 "supported emulations: elf32ppc"; then + echo "powerpc-unknown-linux-gnu" ; exit 0 + elif test "${UNAME_MACHINE}" = "alpha" ; then + echo alpha-unknown-linux-gnu ; exit 0 + elif test "${UNAME_MACHINE}" = "sparc" ; then + echo sparc-unknown-linux-gnu ; exit 0 + else + # Either a pre-BFD a.out linker (linux-gnuoldld) or one that does not give us + # useful --help. Gcc wants to distinguish between linux-gnuoldld and linux-gnuaout. + test ! -d /usr/lib/ldscripts/. \ + && echo "${UNAME_MACHINE}-pc-linux-gnuoldld" && exit 0 + # Determine whether the default compiler is a.out or elf + cat >dummy.c <<EOF +main(argc, argv) +int argc; +char *argv[]; +{ +#ifdef __ELF__ + printf ("%s-pc-linux-gnu\n", argv[1]); +#else + printf ("%s-pc-linux-gnuaout\n", argv[1]); +#endif + return 0; +} +EOF + ${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy "${UNAME_MACHINE}" && rm dummy.c dummy && exit 0 + rm -f dummy.c dummy + fi ;; +# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. earlier versions +# are messed up and put the nodename in both sysname and nodename. + i?86:DYNIX/ptx:4*:*) + echo i386-sequent-sysv4 + exit 0 ;; + i?86:*:4.*:* | i?86:SYSTEM_V:4.*:*) + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_RELEASE} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_RELEASE} + fi + exit 0 ;; + i?86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name` + echo ${UNAME_MACHINE}-pc-isc$UNAME_REL + elif /bin/uname -X 2>/dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')` + (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit 0 ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit 0 ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit 0 ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit 0 ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit 0 ;; + M68*:*:R3V[567]*:*) + test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; + 3[34]??:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 4850:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4.3${OS_REL} && exit 0 + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4 && exit 0 ;; + m68*:LynxOS:2.*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit 0 ;; + i?86:LynxOS:2.*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + rs6000:LynxOS:2.*:* | PowerPC:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit 0 ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit 0 ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes <hewes@openmarket.com>. + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit 0 ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit 0 ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit 0 ;; + R3000:*System_V*:*:* | R4000:UNIX_SYSV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit 0 ;; + PENTIUM:CPunix:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says <Richard.M.Bartel@ccMail.Census.GOV> + echo i586-unisys-sysv4 + exit 0 ;; + *:OS/2:*:*) + echo ${UNAME_MACHINE}-pc-os2_emx + exit 0 ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +cat >dummy.c <<EOF +#ifdef _SEQUENT_ +# include <sys/types.h> +# include <sys/utsname.h> +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include <sys/param.h> + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +#if !defined (ultrix) + printf ("vax-dec-bsd\n"); exit (0); +#else + printf ("vax-dec-ultrix\n"); exit (0); +#endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +${CC-cc} dummy.c -o dummy 2>/dev/null && ./dummy && rm dummy.c dummy && exit 0 +rm -f dummy.c dummy + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit 0 ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + c34*) + echo c34-convex-bsd + exit 0 ;; + c38*) + echo c38-convex-bsd + exit 0 ;; + c4*) + echo c4-convex-bsd + exit 0 ;; + esac +fi + +#echo '(Unable to guess system type)' 1>&2 + +exit 1 diff --git a/crypto/kerberosIV/config.sub b/crypto/kerberosIV/config.sub new file mode 100644 index 0000000..75822a2 --- /dev/null +++ b/crypto/kerberosIV/config.sub @@ -0,0 +1,932 @@ +#! /bin/sh +# Configuration validation subroutine script, version 1.1. +# Copyright (C) 1991, 92, 93, 94, 95, 1996 Free Software Foundation, Inc. +# This file is (in principle) common to ALL GNU software. +# The presence of a machine in this file suggests that SOME GNU software +# can handle that machine. It does not imply ALL GNU software can. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +if [ x$1 = x ] +then + echo Configuration name missing. 1>&2 + echo "Usage: $0 CPU-MFR-OPSYS" 1>&2 + echo "or $0 ALIAS" 1>&2 + echo where ALIAS is a recognized configuration type. 1>&2 + exit 1 +fi + +# First pass through any local machine types. +case $1 in + *local*) + echo $1 + exit 0 + ;; + *) + ;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + linux-gnu*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple) + os= + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco5) + os=sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + tahoe | i860 | m68k | m68000 | m88k | ns32k | arm \ + | arme[lb] | pyramid \ + | tron | a29k | 580 | i960 | h8300 | hppa | hppa1.0 | hppa1.1 \ + | alpha | we32k | ns16k | clipper | i370 | sh \ + | powerpc | powerpcle | 1750a | dsp16xx | mips64 | mipsel \ + | pdp11 | mips64el | mips64orion | mips64orionel \ + | sparc | sparclet | sparclite | sparc64) + basic_machine=$basic_machine-unknown + ;; + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i[3456]86) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + vax-* | tahoe-* | i[3456]86-* | i860-* | m68k-* | m68000-* | m88k-* \ + | sparc-* | ns32k-* | fx80-* | arm-* | c[123]* \ + | mips-* | pyramid-* | tron-* | a29k-* | romp-* | rs6000-* | power-* \ + | none-* | 580-* | cray2-* | h8300-* | i960-* | xmp-* | ymp-* \ + | hppa-* | hppa1.0-* | hppa1.1-* | alpha-* | we32k-* | cydra-* | ns16k-* \ + | pn-* | np1-* | xps100-* | clipper-* | orion-* | sparclite-* \ + | pdp11-* | sh-* | powerpc-* | powerpcle-* | sparc64-* | mips64-* | mipsel-* \ + | mips64el-* | mips64orion-* | mips64orionel-* | f301-*) + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-cbm + ;; + amigados) + basic_machine=m68k-cbm + os=-amigados + ;; + amigaunix | amix) + basic_machine=m68k-cbm + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | ymp) + basic_machine=ymp-cray + os=-unicos + ;; + cray2) + basic_machine=cray2-cray + os=-unicos + ;; + [ctj]90-cray) + #basic_machine=c90-cray + os=-unicos + ;; + crds | unos) + basic_machine=m68k-crds + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k7[0-9][0-9] | hp7[0-9][0-9] | hp9k8[0-9]7 | hp8[0-9]7) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + os=-mvs + ;; +# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i[3456]86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i[3456]86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i[3456]86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i[3456]86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + miniframe) + basic_machine=m68000-convergent + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + np1) + basic_machine=np1-gould + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pentium | p5) + basic_machine=i586-intel + ;; + pentiumpro | p6) + basic_machine=i686-intel + ;; + pentium-* | p5-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + k5) + # We don't have specific support for AMD's K5 yet, so just call it a Pentium + basic_machine=i586-amd + ;; + nexen) + # We don't have specific support for Nexgen yet, so just call it a Pentium + basic_machine=i586-nexgen + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=rs6000-ibm + ;; + ppc) basic_machine=powerpc-unknown + ;; + ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + xmp) + basic_machine=xmp-cray + os=-unicos + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + mips) + basic_machine=mips-mips + ;; + romp) + basic_machine=romp-ibm + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sparc) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -unixware* | svr4*) + os=-sysv4 + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -amigados* | -msdos* | -newsos* | -unicos* | -aof* | -aos* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ + | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -cygwin32* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -linux-gnu* | -uxpv*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -ctix* | -uts*) + os=-sysv + ;; + -ns2 ) + os=-nextstep2 + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -xenix) + os=-xenix + ;; + -os2*) + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + *-acorn) + os=-riscix1.2 + ;; + arm*-semi) + os=-aout + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + # This also exists in the configure program, but was not the + # default. + # os=-sunos4 + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-ibm) + os=-aix + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigados + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f301-fujitsu) + os=-uxpv + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -aix*) + vendor=ibm + ;; + -hpux*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -vxsim* | -vxworks*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os diff --git a/crypto/kerberosIV/configure b/crypto/kerberosIV/configure new file mode 100644 index 0000000..e6fefbf --- /dev/null +++ b/crypto/kerberosIV/configure @@ -0,0 +1,9343 @@ +#! /bin/sh + +# From configure.in Revision: 1.285 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +# Guess values for system-dependent variables and create Makefiles. +# Generated automatically using autoconf version 2.12 +# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. + +# Defaults: +ac_help= +ac_default_prefix=/usr/local +# Any additions from configure.in: +ac_default_prefix=/usr/athena +ac_help="$ac_help + --with-socks=dir use socks in dir" +ac_help="$ac_help + --with-socks-lib=dir use socks-lib in dir" +ac_help="$ac_help + --with-socks-include=dir use socks-include in dir" +ac_help="$ac_help + --with-shared create shared libraries for Kerberos" +ac_help="$ac_help + --with-cracklib=dir use the cracklib.a in dir" +ac_help="$ac_help + --with-dictpath=path use this dictionary with cracklib +" +ac_help="$ac_help + --with-mailspool=dir this is the mail spool directory +" +ac_help="$ac_help + --enable-random-mkey use new code for master keys" +ac_help="$ac_help + --with-mkey=file where to put the master key" +ac_help="$ac_help + --without-berkeley-db if you don't want berkeley db" +ac_help="$ac_help + --without-afs-support if you don't want support for afs" +ac_help="$ac_help + --with-des-quad-checksum=kind + default checksum to use (new, old, or guess)" +ac_help="$ac_help + --with-readline=dir use readline in dir" +ac_help="$ac_help + --with-readline-lib=dir use readline-lib in dir" +ac_help="$ac_help + --with-readline-include=dir use readline-include in dir" +ac_help="$ac_help + --with-x use the X Window System" + +# Initialize some variables set by options. +# The variables have the same names as the options, with +# dashes changed to underlines. +build=NONE +cache_file=./config.cache +exec_prefix=NONE +host=NONE +no_create= +nonopt=NONE +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +target=NONE +verbose= +x_includes=NONE +x_libraries=NONE +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datadir='${prefix}/share' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +libdir='${exec_prefix}/lib' +includedir='${prefix}/include' +oldincludedir='/usr/include' +infodir='${prefix}/info' +mandir='${prefix}/man' + +# Initialize some other variables. +subdirs= +MFLAGS= MAKEFLAGS= +# Maximum number of lines to put in a shell here document. +ac_max_here_lines=12 + +ac_prev= +for ac_option +do + + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval "$ac_prev=\$ac_option" + ac_prev= + continue + fi + + case "$ac_option" in + -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) ac_optarg= ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case "$ac_option" in + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir="$ac_optarg" ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build="$ac_optarg" ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file="$ac_optarg" ;; + + -datadir | --datadir | --datadi | --datad | --data | --dat | --da) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ + | --da=*) + datadir="$ac_optarg" ;; + + -disable-* | --disable-*) + ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then + { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } + fi + ac_feature=`echo $ac_feature| sed 's/-/_/g'` + eval "enable_${ac_feature}=no" ;; + + -enable-* | --enable-*) + ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then + { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } + fi + ac_feature=`echo $ac_feature| sed 's/-/_/g'` + case "$ac_option" in + *=*) ;; + *) ac_optarg=yes ;; + esac + eval "enable_${ac_feature}='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix="$ac_optarg" ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he) + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat << EOF +Usage: configure [options] [host] +Options: [defaults in brackets after descriptions] +Configuration: + --cache-file=FILE cache test results in FILE + --help print this message + --no-create do not create output files + --quiet, --silent do not print \`checking...' messages + --version print the version of autoconf that created configure +Directory and file names: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [same as prefix] + --bindir=DIR user executables in DIR [EPREFIX/bin] + --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] + --libexecdir=DIR program executables in DIR [EPREFIX/libexec] + --datadir=DIR read-only architecture-independent data in DIR + [PREFIX/share] + --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data in DIR + [PREFIX/com] + --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] + --libdir=DIR object code libraries in DIR [EPREFIX/lib] + --includedir=DIR C header files in DIR [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] + --infodir=DIR info documentation in DIR [PREFIX/info] + --mandir=DIR man documentation in DIR [PREFIX/man] + --srcdir=DIR find the sources in DIR [configure dir or ..] + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM + run sed PROGRAM on installed program names +EOF + cat << EOF +Host type: + --build=BUILD configure for building on BUILD [BUILD=HOST] + --host=HOST configure for HOST [guessed] + --target=TARGET configure for TARGET [TARGET=HOST] +Features and packages: + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --x-includes=DIR X include files are in DIR + --x-libraries=DIR X library files are in DIR +EOF + if test -n "$ac_help"; then + echo "--enable and --with options recognized:$ac_help" + fi + exit 0 ;; + + -host | --host | --hos | --ho) + ac_prev=host ;; + -host=* | --host=* | --hos=* | --ho=*) + host="$ac_optarg" ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir="$ac_optarg" ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir="$ac_optarg" ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir="$ac_optarg" ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir="$ac_optarg" ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst \ + | --locals | --local | --loca | --loc | --lo) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* \ + | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) + localstatedir="$ac_optarg" ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir="$ac_optarg" ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir="$ac_optarg" ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix="$ac_optarg" ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix="$ac_optarg" ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix="$ac_optarg" ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name="$ac_optarg" ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir="$ac_optarg" ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir="$ac_optarg" ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site="$ac_optarg" ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir="$ac_optarg" ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir="$ac_optarg" ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target="$ac_optarg" ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers) + echo "configure generated by autoconf version 2.12" + exit 0 ;; + + -with-* | --with-*) + ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then + { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } + fi + ac_package=`echo $ac_package| sed 's/-/_/g'` + case "$ac_option" in + *=*) ;; + *) ac_optarg=yes ;; + esac + eval "with_${ac_package}='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`echo $ac_option|sed -e 's/-*without-//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then + { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } + fi + ac_package=`echo $ac_package| sed 's/-/_/g'` + eval "with_${ac_package}=no" ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes="$ac_optarg" ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries="$ac_optarg" ;; + + -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } + ;; + + *) + if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then + echo "configure: warning: $ac_option: invalid host type" 1>&2 + fi + if test "x$nonopt" != xNONE; then + { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } + fi + nonopt="$ac_option" + ;; + + esac +done + +if test -n "$ac_prev"; then + { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } +fi + +trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 + +# File descriptor usage: +# 0 standard input +# 1 file creation +# 2 errors and warnings +# 3 some systems may open it to /dev/tty +# 4 used on the Kubota Titan +# 6 checking for... messages and results +# 5 compiler messages saved in config.log +if test "$silent" = yes; then + exec 6>/dev/null +else + exec 6>&1 +fi +exec 5>./config.log + +echo "\ +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. +" 1>&5 + +# Strip out --no-create and --no-recursion so they do not pile up. +# Also quote any args containing shell metacharacters. +ac_configure_args= +for ac_arg +do + case "$ac_arg" in + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) ;; + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) + ac_configure_args="$ac_configure_args '$ac_arg'" ;; + *) ac_configure_args="$ac_configure_args $ac_arg" ;; + esac +done + +# NLS nuisances. +# Only set these to C if already set. These must not be set unconditionally +# because not all systems understand e.g. LANG=C (notably SCO). +# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! +# Non-C LC_CTYPE values break the ctype check. +if test "${LANG+set}" = set; then LANG=C; export LANG; fi +if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi +if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi +if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -rf conftest* confdefs.h +# AIX cpp loses on an empty file, so make sure it contains at least a newline. +echo > confdefs.h + +# A filename unique to this package, relative to the directory that +# configure is in, which we can look for to find out if srcdir is correct. +ac_unique_file=lib/krb/getrealm.c + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then its parent. + ac_prog=$0 + ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` + test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. + srcdir=$ac_confdir + if test ! -r $srcdir/$ac_unique_file; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r $srcdir/$ac_unique_file; then + if test "$ac_srcdir_defaulted" = yes; then + { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } + else + { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } + fi +fi +srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` + +# Prefer explicitly selected file to automatically selected ones. +if test -z "$CONFIG_SITE"; then + if test "x$prefix" != xNONE; then + CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" + else + CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" + fi +fi +for ac_site_file in $CONFIG_SITE; do + if test -r "$ac_site_file"; then + echo "loading site script $ac_site_file" + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + echo "loading cache $cache_file" + . $cache_file +else + echo "creating cache $cache_file" + > $cache_file +fi + +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then + # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. + if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then + ac_n= ac_c=' +' ac_t=' ' + else + ac_n=-n ac_c= ac_t= + fi +else + ac_n= ac_c='\c' ac_t= +fi + + + + + +PACKAGE=krb4 +VERSION=0.9.6 +# This may be overridden using --prefix=/usr to configure + + +ac_aux_dir= +for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do + if test -f $ac_dir/install-sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f $ac_dir/install.sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + fi +done +if test -z "$ac_aux_dir"; then + { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; } +fi +ac_config_guess=$ac_aux_dir/config.guess +ac_config_sub=$ac_aux_dir/config.sub +ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. + + +# Make sure we can run config.sub. +if $ac_config_sub sun4 >/dev/null 2>&1; then : +else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } +fi + +echo $ac_n "checking host system type""... $ac_c" 1>&6 +echo "configure:648: checking host system type" >&5 + +host_alias=$host +case "$host_alias" in +NONE) + case $nonopt in + NONE) + if host_alias=`$ac_config_guess`; then : + else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; } + fi ;; + *) host_alias=$nonopt ;; + esac ;; +esac + +host=`$ac_config_sub $host_alias` +host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` +echo "$ac_t""$host" 1>&6 + +echo $ac_n "checking whether ${MAKE-make} sets \${MAKE}""... $ac_c" 1>&6 +echo "configure:669: checking whether ${MAKE-make} sets \${MAKE}" >&5 +set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_prog_make_${ac_make}_set'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftestmake <<\EOF +all: + @echo 'ac_maketemp="${MAKE}"' +EOF +# GNU make sometimes prints "make[1]: Entering...", which would confuse us. +eval `${MAKE-make} -f conftestmake 2>/dev/null | grep temp=` +if test -n "$ac_maketemp"; then + eval ac_cv_prog_make_${ac_make}_set=yes +else + eval ac_cv_prog_make_${ac_make}_set=no +fi +rm -f conftestmake +fi +if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then + echo "$ac_t""yes" 1>&6 + SET_MAKE= +else + echo "$ac_t""no" 1>&6 + SET_MAKE="MAKE=${MAKE-make}" +fi + +if test "$program_transform_name" = s,x,x,; then + program_transform_name= +else + # Double any \ or $. echo might interpret backslashes. + cat <<\EOF_SED > conftestsed +s,\\,\\\\,g; s,\$,$$,g +EOF_SED + program_transform_name="`echo $program_transform_name|sed -f conftestsed`" + rm -f conftestsed +fi +test "$program_prefix" != NONE && + program_transform_name="s,^,${program_prefix},; $program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s,\$\$,${program_suffix},; $program_transform_name" + +# sed with no file args requires a program. +test "$program_transform_name" = "" && program_transform_name="s,x,x," + + +# We want these before the checks, so the checks can modify their values. +test -z "$LDFLAGS" && LDFLAGS=-g + + +echo $ac_n "checking for ln -s or something else""... $ac_c" 1>&6 +echo "configure:720: checking for ln -s or something else" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + rm -f conftestdata +if ln -s X conftestdata 2>/dev/null +then + rm -f conftestdata + ac_cv_prog_LN_S="ln -s" +else + touch conftestdata1 + if ln conftestdata1 conftestdata2; then + rm -f conftestdata* + ac_cv_prog_LN_S=ln + else + ac_cv_prog_LN_S=cp + fi +fi +fi +LN_S="$ac_cv_prog_LN_S" +echo "$ac_t""$ac_cv_prog_LN_S" 1>&6 + +# Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:745: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + for ac_dir in $PATH; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_CC="gcc" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:774: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + ac_prog_rejected=no + for ac_dir in $PATH; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + break + fi + done + IFS="$ac_save_ifs" +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# -gt 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + set dummy "$ac_dir/$ac_word" "$@" + shift + ac_cv_prog_CC="$@" + fi +fi +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + + test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } +fi + +echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 +echo "configure:822: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 + +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +cat > conftest.$ac_ext <<EOF +#line 832 "configure" +#include "confdefs.h" +main(){return(0);} +EOF +if { (eval echo configure:836: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + ac_cv_prog_cc_works=yes + # If we can't run a trivial program, we are probably using a cross compiler. + if (./conftest; exit) 2>/dev/null; then + ac_cv_prog_cc_cross=no + else + ac_cv_prog_cc_cross=yes + fi +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + ac_cv_prog_cc_works=no +fi +rm -fr conftest* + +echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 +if test $ac_cv_prog_cc_works = no; then + { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } +fi +echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 +echo "configure:856: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 +cross_compiling=$ac_cv_prog_cc_cross + +echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 +echo "configure:861: checking whether we are using GNU C" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.c <<EOF +#ifdef __GNUC__ + yes; +#endif +EOF +if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:870: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then + ac_cv_prog_gcc=yes +else + ac_cv_prog_gcc=no +fi +fi + +echo "$ac_t""$ac_cv_prog_gcc" 1>&6 + +if test $ac_cv_prog_gcc = yes; then + GCC=yes + ac_test_CFLAGS="${CFLAGS+set}" + ac_save_CFLAGS="$CFLAGS" + CFLAGS= + echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 +echo "configure:885: checking whether ${CC-cc} accepts -g" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + echo 'void f(){}' > conftest.c +if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then + ac_cv_prog_cc_g=yes +else + ac_cv_prog_cc_g=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 + if test "$ac_test_CFLAGS" = set; then + CFLAGS="$ac_save_CFLAGS" + elif test $ac_cv_prog_cc_g = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-O2" + fi +else + GCC= + test "${CFLAGS+set}" = set || CFLAGS="-g" +fi + +echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 +echo "configure:913: checking how to run the C preprocessor" >&5 +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then +if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + # This must be in double quotes, not single quotes, because CPP may get + # substituted into the Makefile and "${CC-cc}" will confuse make. + CPP="${CC-cc} -E" + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. + cat > conftest.$ac_ext <<EOF +#line 928 "configure" +#include "confdefs.h" +#include <assert.h> +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:934: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP="${CC-cc} -E -traditional-cpp" + cat > conftest.$ac_ext <<EOF +#line 945 "configure" +#include "confdefs.h" +#include <assert.h> +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:951: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP=/lib/cpp +fi +rm -f conftest* +fi +rm -f conftest* + ac_cv_prog_CPP="$CPP" +fi + CPP="$ac_cv_prog_CPP" +else + ac_cv_prog_CPP="$CPP" +fi +echo "$ac_t""$CPP" 1>&6 + +echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6 +echo "configure:974: checking for POSIXized ISC" >&5 +if test -d /etc/conf/kconfig.d && + grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 +then + echo "$ac_t""yes" 1>&6 + ISC=yes # If later tests want to check for ISC. + cat >> confdefs.h <<\EOF +#define _POSIX_SOURCE 1 +EOF + + if test "$GCC" = yes; then + CC="$CC -posix" + else + CC="$CC -Xp" + fi +else + echo "$ac_t""no" 1>&6 + ISC= +fi + +for ac_prog in byacc yacc 'bison -y' +do +# Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:999: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_YACC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$YACC"; then + ac_cv_prog_YACC="$YACC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + for ac_dir in $PATH; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_YACC="$ac_prog" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +YACC="$ac_cv_prog_YACC" +if test -n "$YACC"; then + echo "$ac_t""$YACC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +test -n "$YACC" && break +done + +# Extract the first word of "flex", so it can be a program name with args. +set dummy flex; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:1030: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_LEX'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$LEX"; then + ac_cv_prog_LEX="$LEX" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + for ac_dir in $PATH; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_LEX="flex" + break + fi + done + IFS="$ac_save_ifs" + test -z "$ac_cv_prog_LEX" && ac_cv_prog_LEX="lex" +fi +fi +LEX="$ac_cv_prog_LEX" +if test -n "$LEX"; then + echo "$ac_t""$LEX" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +if test -z "$LEXLIB" +then + case "$LEX" in + flex*) ac_lib=fl ;; + *) ac_lib=l ;; + esac + echo $ac_n "checking for yywrap in -l$ac_lib""... $ac_c" 1>&6 +echo "configure:1063: checking for yywrap in -l$ac_lib" >&5 +ac_lib_var=`echo $ac_lib'_'yywrap | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-l$ac_lib $LIBS" +cat > conftest.$ac_ext <<EOF +#line 1071 "configure" +#include "confdefs.h" +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char yywrap(); + +int main() { +yywrap() +; return 0; } +EOF +if { (eval echo configure:1082: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LEXLIB="-l$ac_lib" +else + echo "$ac_t""no" 1>&6 +fi + +fi + +# Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:1107: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + for ac_dir in $PATH; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_RANLIB="ranlib" + break + fi + done + IFS="$ac_save_ifs" + test -z "$ac_cv_prog_RANLIB" && ac_cv_prog_RANLIB=":" +fi +fi +RANLIB="$ac_cv_prog_RANLIB" +if test -n "$RANLIB"; then + echo "$ac_t""$RANLIB" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# ./install, which can be erroneously created by make from ./install.sh. +echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 +echo "configure:1144: checking for a BSD compatible install" >&5 +if test -z "$INSTALL"; then +if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS="${IFS}:" + for ac_dir in $PATH; do + # Account for people who put trailing slashes in PATH elements. + case "$ac_dir/" in + /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + for ac_prog in ginstall installbsd scoinst install; do + if test -f $ac_dir/$ac_prog; then + if test $ac_prog = install && + grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + # OSF/1 installbsd also uses dspmsg, but is usable. + : + else + ac_cv_path_install="$ac_dir/$ac_prog -c" + break 2 + fi + fi + done + ;; + esac + done + IFS="$ac_save_IFS" + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL="$ac_cv_path_install" + else + # As a last resort, use the slow shell script. We don't cache a + # path for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the path is relative. + INSTALL="$ac_install_sh" + fi +fi +echo "$ac_t""$INSTALL" 1>&6 + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +# Extract the first word of "makeinfo", so it can be a program name with args. +set dummy makeinfo; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:1196: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_MAKEINFO'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$MAKEINFO"; then + ac_cv_prog_MAKEINFO="$MAKEINFO" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + for ac_dir in $PATH; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_MAKEINFO="makeinfo" + break + fi + done + IFS="$ac_save_ifs" + test -z "$ac_cv_prog_MAKEINFO" && ac_cv_prog_MAKEINFO=":" +fi +fi +MAKEINFO="$ac_cv_prog_MAKEINFO" +if test -n "$MAKEINFO"; then + echo "$ac_t""$MAKEINFO" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + + + + +echo $ac_n "checking for socks""... $ac_c" 1>&6 +echo "configure:1226: checking for socks" >&5 +# Check whether --with-socks or --without-socks was given. +if test "${with_socks+set}" = set; then + withval="$with_socks" + if test "$with_socks" = "no"; then + with_socks= +fi + +fi + +# Check whether --with-socks-lib or --without-socks-lib was given. +if test "${with_socks_lib+set}" = set; then + withval="$with_socks_lib" + if test "$withval" = "yes" -o "$withval" = "no"; then + { echo "configure: error: No argument for --with-socks-lib" 1>&2; exit 1; } +elif test "X$with_socks" = "X"; then + with_socks=yes +fi + +fi + +# Check whether --with-socks-include or --without-socks-include was given. +if test "${with_socks_include+set}" = set; then + withval="$with_socks_include" + if test "$withval" = "yes" -o "$withval" = "no"; then + { echo "configure: error: No argument for --with-socks-include" 1>&2; exit 1; } +elif test "X$with_socks" = "X"; then + with_socks=yes +fi + +fi + + + +: << END +@@@syms="$syms SOCKS"@@@ +END + +if test -n "$with_socks"; then + cat >> confdefs.h <<\EOF +#define SOCKS 1 +EOF + + if test "$with_socks" != "yes"; then + socks_dir=$with_socks + fi + if test -n "$with_socks_include"; then + trydir=$with_socks_include + elif test "$with_socks" != "yes"; then + trydir="$with_socks $with_socks/include" + else + trydir= + fi + found= + for i in $trydir ""; do + if test -n "$i"; then + if test -f $i/socks.h; then + found=yes; res=$i; break + fi + else + cat > conftest.$ac_ext <<EOF +#line 1287 "configure" +#include "confdefs.h" +#include <socks.h> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1292: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + found=yes; res=$i; break +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + fi + done + if test -n "$found"; then + socks_include=$res + else + { echo "configure: error: Cannot find socks.h" 1>&2; exit 1; } + fi + if test -n "$with_socks_lib"; then + trydir=$with_socks_lib + elif test "$with_socks" != "yes"; then + trydir="$with_socks $with_socks/lib" + else + trydir= + fi + found= + for i in $trydir ""; do + if test -n "$i"; then + if test -f $i/libsocks5.a; then + found=yes; res=$i; break + fi + else + old_LIBS=$LIBS + LIBS="-lsocks5 $LIBS" + cat > conftest.$ac_ext <<EOF +#line 1327 "configure" +#include "confdefs.h" + +int main() { + +; return 0; } +EOF +if { (eval echo configure:1334: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + found=yes; res=$i; LIBS=$old_LIBS; break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + LIBS=$old_LIBS + fi + done + if test -n "$found"; then + socks_lib=$res + else + { echo "configure: error: Cannot find libsocks5.a" 1>&2; exit 1; } + fi + echo "$ac_t""headers $socks_include, libraries $socks_lib" 1>&6 + cat >> confdefs.h <<EOF +#define SOCKS 1 +EOF + + if test -n "$socks_include"; then + SOCKSINCLUDE="-I$socks_include" + fi + + if test -n "$socks_lib"; then + SOCKSLIB="-L$socks_lib" + fi + SOCKSLIB="$SOCKSLIB -lsocks5" + +else + echo "$ac_t""no" 1>&6 +fi + + +CFLAGS="$SOCKSINCLUDE $CFLAGS" +LIBS="$SOCKSLIB $LIBS" + +# Check whether --with-shared or --without-shared was given. +if test "${with_shared+set}" = set; then + withval="$with_shared" + : +fi + + +# Check whether --with-cracklib or --without-cracklib was given. +if test "${with_cracklib+set}" = set; then + withval="$with_cracklib" + : +fi + + +# Check whether --with-dictpath or --without-dictpath was given. +if test "${with_dictpath+set}" = set; then + withval="$with_dictpath" + : +fi + + +(test -z "$with_cracklib" && test -n "$with_dictpath") || +(test -n "$with_cracklib" && test -z "$with_dictpath") && +{ echo "configure: error: --with-cracklib requires --with-dictpath and vice versa" 1>&2; exit 1; } +test -n "$with_cracklib" && +CRACKLIB="-L$with_cracklib -lcrack" && +echo "$ac_t""Using cracklib in $with_cracklib" 1>&6 +test -n "$with_dictpath" && +echo "$ac_t""Using dictpath=$with_dictpath" 1>&6 && +cat >> confdefs.h <<EOF +#define DICTPATH "$with_dictpath" +EOF + + +# Check whether --with-mailspool or --without-mailspool was given. +if test "${with_mailspool+set}" = set; then + withval="$with_mailspool" + : +fi + + +test -n "$with_mailspool" && +cat >> confdefs.h <<EOF +#define KRB4_MAILDIR "$with_mailspool" +EOF + + +# Check whether --enable-random-mkey or --disable-random-mkey was given. +if test "${enable_random_mkey+set}" = set; then + enableval="$enable_random_mkey" + +if test "$enableval" = "yes"; then + cat >> confdefs.h <<\EOF +#define RANDOM_MKEY 1 +EOF + +fi + +fi + + +# Check whether --with-mkey or --without-mkey was given. +if test "${with_mkey+set}" = set; then + withval="$with_mkey" + +if test -n "$withval"; then + cat >> confdefs.h <<EOF +#define MKEYFILE "$withval" +EOF + +fi + +fi + + +berkeley_db=db +# Check whether --with-berkeley-db or --without-berkeley-db was given. +if test "${with_berkeley_db+set}" = set; then + withval="$with_berkeley_db" + +if test "$withval" = no; then + berkeley_db="" +fi + +fi + + +afs_support=yes +# Check whether --with-afs-support or --without-afs-support was given. +if test "${with_afs_support+set}" = set; then + withval="$with_afs_support" + +if test "$withval" = no; then + cat >> confdefs.h <<\EOF +#define NO_AFS 1 +EOF + + afs_support=no +fi + +fi + + +des_quad=guess +# Check whether --with-des-quad-checksum or --without-des-quad-checksum was given. +if test "${with_des_quad_checksum+set}" = set; then + withval="$with_des_quad_checksum" + +des_quad="$withval" + +fi + +if test "$des_quad" = "new"; then + cat >> confdefs.h <<\EOF +#define DES_QUAD_DEFAULT DES_QUAD_NEW +EOF + +elif test "$des_quad" = "old"; then + cat >> confdefs.h <<\EOF +#define DES_QUAD_DEFAULT DES_QUAD_OLD +EOF + +else + cat >> confdefs.h <<\EOF +#define DES_QUAD_DEFAULT DES_QUAD_GUESS +EOF + +fi + + +echo $ac_n "checking for readline""... $ac_c" 1>&6 +echo "configure:1503: checking for readline" >&5 +# Check whether --with-readline or --without-readline was given. +if test "${with_readline+set}" = set; then + withval="$with_readline" + if test "$with_readline" = "no"; then + with_readline= +fi + +fi + +# Check whether --with-readline-lib or --without-readline-lib was given. +if test "${with_readline_lib+set}" = set; then + withval="$with_readline_lib" + if test "$withval" = "yes" -o "$withval" = "no"; then + { echo "configure: error: No argument for --with-readline-lib" 1>&2; exit 1; } +elif test "X$with_readline" = "X"; then + with_readline=yes +fi + +fi + +# Check whether --with-readline-include or --without-readline-include was given. +if test "${with_readline_include+set}" = set; then + withval="$with_readline_include" + if test "$withval" = "yes" -o "$withval" = "no"; then + { echo "configure: error: No argument for --with-readline-include" 1>&2; exit 1; } +elif test "X$with_readline" = "X"; then + with_readline=yes +fi + +fi + + + +: << END +@@@syms="$syms READLINE"@@@ +END + +if test -n "$with_readline"; then + cat >> confdefs.h <<\EOF +#define READLINE 1 +EOF + + if test "$with_readline" != "yes"; then + readline_dir=$with_readline + fi + if test -n "$with_readline_include"; then + trydir=$with_readline_include + elif test "$with_readline" != "yes"; then + trydir="$with_readline $with_readline/include" + else + trydir= + fi + found= + for i in $trydir ""; do + if test -n "$i"; then + if test -f $i/readline.h; then + found=yes; res=$i; break + fi + else + cat > conftest.$ac_ext <<EOF +#line 1564 "configure" +#include "confdefs.h" +#include <readline.h> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1569: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + found=yes; res=$i; break +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + fi + done + if test -n "$found"; then + readline_include=$res + else + { echo "configure: error: Cannot find readline.h" 1>&2; exit 1; } + fi + if test -n "$with_readline_lib"; then + trydir=$with_readline_lib + elif test "$with_readline" != "yes"; then + trydir="$with_readline $with_readline/lib" + else + trydir= + fi + found= + for i in $trydir ""; do + if test -n "$i"; then + if test -f $i/libreadline.a; then + found=yes; res=$i; break + fi + else + old_LIBS=$LIBS + LIBS="-lreadline $LIBS" + cat > conftest.$ac_ext <<EOF +#line 1604 "configure" +#include "confdefs.h" + +int main() { + +; return 0; } +EOF +if { (eval echo configure:1611: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + found=yes; res=$i; LIBS=$old_LIBS; break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + LIBS=$old_LIBS + fi + done + if test -n "$found"; then + readline_lib=$res + else + { echo "configure: error: Cannot find libreadline.a" 1>&2; exit 1; } + fi + echo "$ac_t""headers $readline_include, libraries $readline_lib" 1>&6 + cat >> confdefs.h <<EOF +#define READLINE 1 +EOF + + if test -n "$readline_include"; then + READLINEINCLUDE="-I$readline_include" + fi + + if test -n "$readline_lib"; then + READLINELIB="-L$readline_lib" + fi + READLINELIB="$READLINELIB -lreadline" + +else + echo "$ac_t""no" 1>&6 +fi + + + + + +case ${with_shared} in + yes ) with_shared=yes;; + no ) with_shared=no;; + * ) with_shared=no;; +esac + +# NOTE: Building shared libraries may not work if you do not use gcc! +# +# OS $SHLIBEXT +# HP-UX sl +# Linux so +# NetBSD so +# FreeBSD so +# OSF so +# SunOS5 so +# SunOS4 so.0.5 +# Irix so +# +# LIBEXT is the extension we should build (.a or $SHLIBEXT) +REAL_PICFLAGS="-fpic" +LDSHARED='$(CC) $(PICFLAGS) -shared' +LIBPREFIX=lib +REAL_SHLIBEXT=so +SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'` +case "${host}" in +*-*-hpux*) + REAL_SHLIBEXT=sl + REAL_LD_FLAGS='-Wl,+b$(libdir)' + if test -z "$GCC"; then + LDSHARED="ld -b" + REAL_PICFLAGS="+z" + fi + ;; +*-*-linux*) + REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' + ;; +*-*-*bsd*) + REAL_SHLIBEXT=so.$SHLIB_VERSION + LDSHARED='ld -Bshareable' + REAL_LD_FLAGS='-Wl,-R$(libdir)' + ;; +*-*-osf*) + REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' + REAL_PICFLAGS= + LDSHARED='ld -shared -expect_unresolved \*' + ;; +*-*-solaris2*) + REAL_LD_FLAGS='-Wl,-R$(libdir)' + if test -z "$GCC"; then + LDSHARED='$(CC) -G' + REAL_PICFLAGS="-Kpic" + fi + ;; +*-*-sunos*) + REAL_SHLIBEXT=so.$SHLIB_VERSION + REAL_LD_FLAGS='-Wl,-L$(libdir)' + ;; +*-*-irix*) + REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' + REAL_PICFLAGS= + ;; +*-*-os2_emx*) + LD_FLAGS='-Zexe' + LIBPREFIX= + EXECSUFFIX='.exe' + RANLIB=EMXOMF + REAL_SHLIBEXT=nobuild + ;; +*-*-cygwin32*) + EXECSUFFIX='.exe' + REAL_SHLIBEXT=nobuild + ;; +*) REAL_SHLIBEXT=nobuild + REAL_PICFLAGS= + ;; +esac + +if test "${with_shared}" != "yes" ; then + PICFLAGS="" + SHLIBEXT="nobuild" + LIBEXT="a" +else + PICFLAGS="$REAL_PICFLAGS" + SHLIBEXT="$REAL_SHLIBEXT" + LIBEXT="$SHLIBEXT" + LD_FLAGS="$REAL_LD_FLAGS" +fi + + + + + +if test "${with_shared}" = "yes"; then +echo $ac_n "checking for pragma weak""... $ac_c" 1>&6 +echo "configure:1743: checking for pragma weak" >&5 +if eval "test \"`echo '$''{'ac_have_pragma_weak'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +ac_have_pragma_weak=no +cat > conftest_foo.$ac_ext <<'EOF' +#line 1750 "configure" +#include "confdefs.h" +#pragma weak foo = _foo +int _foo = 17; +EOF +cat > conftest_bar.$ac_ext <<'EOF' +#line 1756 "configure" +#include "confdefs.h" +extern int foo; + +int t() { + return foo; +} + +int main() { + return t(); +} +EOF +if { (eval echo configure:1768: \"$'CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&5'\") 1>&5; (eval $'CC -o conftest $CFLAGS $CPPFLAGS $LDFLAGS conftest_foo.$ac_ext conftest_bar.$ac_ext 1>&5') 2>&5; }; then +ac_have_pragma_weak=yes +fi +rm -rf conftest* + +fi + +if test "$ac_have_pragma_weak" = "yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_PRAGMA_WEAK 1 +EOF +fi +echo "$ac_t""$ac_have_pragma_weak" 1>&6 +fi + + +echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 +echo "configure:1785: checking whether byte ordering is bigendian" >&5 +if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_cv_c_bigendian=unknown +# See if sys/param.h defines the BYTE_ORDER macro. +cat > conftest.$ac_ext <<EOF +#line 1792 "configure" +#include "confdefs.h" +#include <sys/types.h> +#include <sys/param.h> +int main() { + +#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN + bogus endian macros +#endif +; return 0; } +EOF +if { (eval echo configure:1803: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + # It does; now see whether it defined to BIG_ENDIAN or not. +cat > conftest.$ac_ext <<EOF +#line 1807 "configure" +#include "confdefs.h" +#include <sys/types.h> +#include <sys/param.h> +int main() { + +#if BYTE_ORDER != BIG_ENDIAN + not big endian +#endif +; return 0; } +EOF +if { (eval echo configure:1818: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_bigendian=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_c_bigendian=no +fi +rm -f conftest* +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* +if test $ac_cv_c_bigendian = unknown; then +if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext <<EOF +#line 1838 "configure" +#include "confdefs.h" +main () { + /* Are we little or big endian? From Harbison&Steele. */ + union + { + long l; + char c[sizeof (long)]; + } u; + u.l = 1; + exit (u.c[sizeof (long) - 1] == 1); +} +EOF +if { (eval echo configure:1851: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + ac_cv_c_bigendian=no +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_c_bigendian=yes +fi +rm -fr conftest* +fi + +fi +fi + +echo "$ac_t""$ac_cv_c_bigendian" 1>&6 +if test $ac_cv_c_bigendian = yes; then + cat >> confdefs.h <<\EOF +#define WORDS_BIGENDIAN 1 +EOF + +fi + + +echo $ac_n "checking for working const""... $ac_c" 1>&6 +echo "configure:1876: checking for working const" >&5 +if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 1881 "configure" +#include "confdefs.h" + +int main() { + +/* Ultrix mips cc rejects this. */ +typedef int charset[2]; const charset x; +/* SunOS 4.1.1 cc rejects this. */ +char const *const *ccp; +char **p; +/* NEC SVR4.0.2 mips cc rejects this. */ +struct point {int x, y;}; +static struct point const zero = {0,0}; +/* AIX XL C 1.02.0.0 rejects this. + It does not let you subtract one const X* pointer from another in an arm + of an if-expression whose if-part is not a constant expression */ +const char *g = "string"; +ccp = &g + (g ? g-g : 0); +/* HPUX 7.0 cc rejects these. */ +++ccp; +p = (char**) ccp; +ccp = (char const *const *) p; +{ /* SCO 3.2v4 cc rejects this. */ + char *t; + char const *s = 0 ? (char *) 0 : (char const *) 0; + + *t++ = 0; +} +{ /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ + int x[] = {25, 17}; + const int *foo = &x[0]; + ++foo; +} +{ /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ + typedef const int *iptr; + iptr p = 0; + ++p; +} +{ /* AIX XL C 1.02.0.0 rejects this saying + "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ + struct s { int j; const int *ap[3]; }; + struct s *b; b->j = 5; +} +{ /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ + const int foo = 10; +} + +; return 0; } +EOF +if { (eval echo configure:1930: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_const=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_c_const=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_c_const" 1>&6 +if test $ac_cv_c_const = no; then + cat >> confdefs.h <<\EOF +#define const +EOF + +fi + + + + +echo $ac_n "checking for NEXTSTEP""... $ac_c" 1>&6 +echo "configure:1954: checking for NEXTSTEP" >&5 +if eval "test \"`echo '$''{'krb_cv_sys_nextstep'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 1959 "configure" +#include "confdefs.h" +#ifdef NeXT + yes +#endif + +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "yes" >/dev/null 2>&1; then + rm -rf conftest* + krb_cv_sys_nextstep=yes +else + rm -rf conftest* + krb_cv_sys_nextstep=no +fi +rm -f conftest* + +fi + +if test "$krb_cv_sys_nextstep" = "yes"; then + CFLAGS="$CFLAGS -posix" + LIBS="$LIBS -posix" +fi +echo "$ac_t""$krb_cv_sys_nextstep" 1>&6 + + +echo $ac_n "checking for AIX""... $ac_c" 1>&6 +echo "configure:1986: checking for AIX" >&5 +if eval "test \"`echo '$''{'krb_cv_sys_aix'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 1991 "configure" +#include "confdefs.h" +#ifdef _AIX + yes +#endif + +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "yes" >/dev/null 2>&1; then + rm -rf conftest* + krb_cv_sys_aix=yes +else + rm -rf conftest* + krb_cv_sys_aix=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$krb_cv_sys_aix" 1>&6 + + +if test "$krb_cv_sys_aix" = yes ;then + AFS_EXTRA_OBJS='$(srcdir)/afsl.exp dlfcn.o' + + AFS_EXTRA_LIBS=afslib.so + +fi + +# +# AIX needs /lib/pse.exp for getmsg, but alas that file is broken in +# AIX414 +# + +if test -f /lib/pse.exp ;then + LIBS="$LIBS -Wl,-bI:/lib/pse.exp" +fi + + +echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 +echo "configure:2031: checking for ANSI C header files" >&5 +if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2036 "configure" +#include "confdefs.h" +#include <stdlib.h> +#include <stdarg.h> +#include <string.h> +#include <float.h> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2044: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + ac_cv_header_stdc=yes +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. +cat > conftest.$ac_ext <<EOF +#line 2061 "configure" +#include "confdefs.h" +#include <string.h> +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "memchr" >/dev/null 2>&1; then + : +else + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. +cat > conftest.$ac_ext <<EOF +#line 2079 "configure" +#include "confdefs.h" +#include <stdlib.h> +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "free" >/dev/null 2>&1; then + : +else + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. +if test "$cross_compiling" = yes; then + : +else + cat > conftest.$ac_ext <<EOF +#line 2100 "configure" +#include "confdefs.h" +#include <ctype.h> +#define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int main () { int i; for (i = 0; i < 256; i++) +if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); +exit (0); } + +EOF +if { (eval echo configure:2111: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + : +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_header_stdc=no +fi +rm -fr conftest* +fi + +fi +fi + +echo "$ac_t""$ac_cv_header_stdc" 1>&6 +if test $ac_cv_header_stdc = yes; then + cat >> confdefs.h <<\EOF +#define STDC_HEADERS 1 +EOF + +fi + + +for ac_hdr in arpa/ftp.h arpa/inet.h arpa/nameser.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2139: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2144 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2149: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in arpa/telnet.h bind/bitypes.h bsd/bsd.h bsdsetjmp.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2179: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2184 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2189: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in crypt.h dbm.h dirent.h err.h fcntl.h grp.h io.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2219: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2224 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2229: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in lastlog.h login.h maillock.h ndbm.h net/if.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2259: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2264 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2269: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in net/if_tun.h net/if_var.h netdb.h netinet/in.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2299: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2304 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2309: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in netinet/in6_machtypes.h netinet/in_systm.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2339: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2344 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2349: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in netinet/ip.h netinet/tcp.h paths.h pty.h pwd.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2379: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2384 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2389: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in resolv.h rpcsvc/dbm.h sac.h security/pam_modules.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2419: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2424 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2429: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in shadow.h siad.h signal.h stropts.h sys/bitypes.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2459: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2464 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2469: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in sys/category.h sys/cdefs.h sys/file.h sys/filio.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2499: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2504 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2509: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in sys/ioccom.h sys/ioctl.h sys/locking.h sys/mman.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2539: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2544 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2549: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in sys/param.h sys/proc.h sys/ptyio.h sys/ptyvar.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2579: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2584 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2589: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in sys/resource.h sys/select.h sys/socket.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2619: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2624 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2629: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in sys/sockio.h sys/stat.h sys/str_tty.h sys/stream.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2659: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2664 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2669: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in sys/stropts.h sys/strtty.h sys/syscall.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2699: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2704 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2709: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in sys/sysctl.h sys/termio.h sys/time.h sys/timeb.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2739: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2744 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2749: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in sys/times.h sys/tty.h sys/types.h sys/uio.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2779: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2784 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2789: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in sys/un.h sys/utsname.h sys/wait.h syslog.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2819: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2824 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2829: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in termio.h termios.h tmpdir.h ttyent.h udb.h ulimit.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2859: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2864 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2869: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in unistd.h userpw.h usersec.h util.h utime.h utmp.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2899: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2904 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2909: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_hdr in utmpx.h wait.h winsock.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2939: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2944 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2949: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + + +echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 +echo "configure:2977: checking whether time.h and sys/time.h may both be included" >&5 +if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 2982 "configure" +#include "confdefs.h" +#include <sys/types.h> +#include <sys/time.h> +#include <time.h> +int main() { +struct tm *tp; +; return 0; } +EOF +if { (eval echo configure:2991: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_header_time=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_time=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_header_time" 1>&6 +if test $ac_cv_header_time = yes; then + cat >> confdefs.h <<\EOF +#define TIME_WITH_SYS_TIME 1 +EOF + +fi + +echo $ac_n "checking for sys_siglist declaration in signal.h or unistd.h""... $ac_c" 1>&6 +echo "configure:3012: checking for sys_siglist declaration in signal.h or unistd.h" >&5 +if eval "test \"`echo '$''{'ac_cv_decl_sys_siglist'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 3017 "configure" +#include "confdefs.h" +#include <sys/types.h> +#include <signal.h> +/* NetBSD declares sys_siglist in unistd.h. */ +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +int main() { +char *msg = *(sys_siglist + 1); +; return 0; } +EOF +if { (eval echo configure:3029: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_decl_sys_siglist=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_decl_sys_siglist=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_decl_sys_siglist" 1>&6 +if test $ac_cv_decl_sys_siglist = yes; then + cat >> confdefs.h <<\EOF +#define SYS_SIGLIST_DECLARED 1 +EOF + +fi + + + +for i in int8_t int16_t int32_t int64_t; do + echo $ac_n "checking for $i""... $ac_c" 1>&6 +echo "configure:3053: checking for $i" >&5 + +if eval "test \"`echo '$''{'ac_cv_type_$i'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 3059 "configure" +#include "confdefs.h" + +#include "confdefs.h" +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_BITYPES_H +#include <sys/bitypes.h> +#endif +#ifdef HAVE_BIND_BITYPES_H +#include <bind/bitypes.h> +#endif +#ifdef HAVE_NETINET_IN6_MACHTYPES_H +#include <netinet/in6_machtypes.h> +#endif + +int main() { +$i x; + +; return 0; } +EOF +if { (eval echo configure:3081: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval ac_cv_type_$i=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval ac_cv_type_$i=no +fi +rm -f conftest* +fi + + eval ac_res=\$ac_cv_type_$i + if test "$ac_res" = yes; then + type=HAVE_`echo $i | tr 'a-z' 'A-Z'` + cat >> confdefs.h <<EOF +#define $type 1 +EOF + + fi + echo "$ac_t""$ac_res" 1>&6 +done + + +for i in u_int8_t u_int16_t u_int32_t u_int64_t; do + echo $ac_n "checking for $i""... $ac_c" 1>&6 +echo "configure:3107: checking for $i" >&5 + +if eval "test \"`echo '$''{'ac_cv_type_$i'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 3113 "configure" +#include "confdefs.h" + +#include "confdefs.h" +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_BITYPES_H +#include <sys/bitypes.h> +#endif +#ifdef HAVE_BIND_BITYPES_H +#include <bind/bitypes.h> +#endif +#ifdef HAVE_NETINET_IN6_MACHTYPES_H +#include <netinet/in6_machtypes.h> +#endif + +int main() { +$i x; + +; return 0; } +EOF +if { (eval echo configure:3135: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval ac_cv_type_$i=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval ac_cv_type_$i=no +fi +rm -f conftest* +fi + + eval ac_res=\$ac_cv_type_$i + if test "$ac_res" = yes; then + type=HAVE_`echo $i | tr 'a-z' 'A-Z'` + cat >> confdefs.h <<EOF +#define $type 1 +EOF + + fi + echo "$ac_t""$ac_res" 1>&6 +done + + + + + + + +echo $ac_n "checking for socket""... $ac_c" 1>&6 +echo "configure:3165: checking for socket" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_socket'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_socket\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" socket; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 3178 "configure" +#include "confdefs.h" +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +int main() { +socket(0,0,0) +; return 0; } +EOF +if { (eval echo configure:3190: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_socket=$ac_lib; else ac_cv_funclib_socket=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_socket=\${ac_cv_funclib_socket-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_socket" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs socket"@@@ +@@@libs="$libs socket"@@@ +END + +eval "ac_tr_func=HAVE_`echo socket | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_socket=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_socket=yes" + eval "LIB_socket=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_socket=no" + eval "LIB_socket=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_socket=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + +if test -n "$LIB_socket"; then + LIBS="$LIB_socket $LIBS" +fi + + + + +echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6 +echo "configure:3257: checking for gethostbyname" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_gethostbyname'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_gethostbyname\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" nsl; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 3270 "configure" +#include "confdefs.h" +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +int main() { +gethostbyname("foo") +; return 0; } +EOF +if { (eval echo configure:3282: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_gethostbyname=$ac_lib; else ac_cv_funclib_gethostbyname=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_gethostbyname=\${ac_cv_funclib_gethostbyname-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_gethostbyname" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs gethostbyname"@@@ +@@@libs="$libs nsl"@@@ +END + +eval "ac_tr_func=HAVE_`echo gethostbyname | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_gethostbyname=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_gethostbyname=yes" + eval "LIB_gethostbyname=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_gethostbyname=no" + eval "LIB_gethostbyname=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_gethostbyname=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + +if test -n "$LIB_gethostbyname"; then + LIBS="$LIB_gethostbyname $LIBS" +fi + + + + + + +echo $ac_n "checking for odm_initialize""... $ac_c" 1>&6 +echo "configure:3351: checking for odm_initialize" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_odm_initialize'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_odm_initialize\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" odm; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 3364 "configure" +#include "confdefs.h" + +int main() { +odm_initialize() +; return 0; } +EOF +if { (eval echo configure:3371: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_odm_initialize=$ac_lib; else ac_cv_funclib_odm_initialize=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_odm_initialize=\${ac_cv_funclib_odm_initialize-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_odm_initialize" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs odm_initialize"@@@ +@@@libs="$libs odm"@@@ +END + +eval "ac_tr_func=HAVE_`echo odm_initialize | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_odm_initialize=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_odm_initialize=yes" + eval "LIB_odm_initialize=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_odm_initialize=no" + eval "LIB_odm_initialize=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_odm_initialize=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + +if test -n "$LIB_odm_initialize"; then + LIBS="$LIB_odm_initialize $LIBS" +fi + + + + +echo $ac_n "checking for getattr""... $ac_c" 1>&6 +echo "configure:3438: checking for getattr" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_getattr'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_getattr\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" cfg; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 3451 "configure" +#include "confdefs.h" + +int main() { +getattr() +; return 0; } +EOF +if { (eval echo configure:3458: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_getattr=$ac_lib; else ac_cv_funclib_getattr=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_getattr=\${ac_cv_funclib_getattr-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_getattr" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs getattr"@@@ +@@@libs="$libs cfg"@@@ +END + +eval "ac_tr_func=HAVE_`echo getattr | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_getattr=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_getattr=yes" + eval "LIB_getattr=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_getattr=no" + eval "LIB_getattr=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_getattr=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + +if test -n "$LIB_getattr"; then + LIBS="$LIB_getattr $LIBS" +fi + + + + +echo $ac_n "checking for setpcred""... $ac_c" 1>&6 +echo "configure:3525: checking for setpcred" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_setpcred'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_setpcred\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" s; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 3538 "configure" +#include "confdefs.h" + +int main() { +setpcred() +; return 0; } +EOF +if { (eval echo configure:3545: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_setpcred=$ac_lib; else ac_cv_funclib_setpcred=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_setpcred=\${ac_cv_funclib_setpcred-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_setpcred" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs setpcred"@@@ +@@@libs="$libs s"@@@ +END + +eval "ac_tr_func=HAVE_`echo setpcred | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_setpcred=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_setpcred=yes" + eval "LIB_setpcred=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_setpcred=no" + eval "LIB_setpcred=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_setpcred=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + +if test -n "$LIB_setpcred"; then + LIBS="$LIB_setpcred $LIBS" +fi + + + + +echo $ac_n "checking for logwtmp""... $ac_c" 1>&6 +echo "configure:3612: checking for logwtmp" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_logwtmp'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_logwtmp\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" util; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 3625 "configure" +#include "confdefs.h" + +int main() { +logwtmp() +; return 0; } +EOF +if { (eval echo configure:3632: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_logwtmp=$ac_lib; else ac_cv_funclib_logwtmp=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_logwtmp=\${ac_cv_funclib_logwtmp-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_logwtmp" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs logwtmp"@@@ +@@@libs="$libs util"@@@ +END + +eval "ac_tr_func=HAVE_`echo logwtmp | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_logwtmp=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_logwtmp=yes" + eval "LIB_logwtmp=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_logwtmp=no" + eval "LIB_logwtmp=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_logwtmp=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + +if test -n "$LIB_logwtmp"; then + LIBS="$LIB_logwtmp $LIBS" +fi + + + + + +echo $ac_n "checking for logout""... $ac_c" 1>&6 +echo "configure:3700: checking for logout" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_logout'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_logout\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" util; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 3713 "configure" +#include "confdefs.h" + +int main() { +logout() +; return 0; } +EOF +if { (eval echo configure:3720: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_logout=$ac_lib; else ac_cv_funclib_logout=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_logout=\${ac_cv_funclib_logout-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_logout" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs logout"@@@ +@@@libs="$libs util"@@@ +END + +eval "ac_tr_func=HAVE_`echo logout | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_logout=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_logout=yes" + eval "LIB_logout=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_logout=no" + eval "LIB_logout=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_logout=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + +if test -n "$LIB_logout"; then + LIBS="$LIB_logout $LIBS" +fi + + + +echo $ac_n "checking for tgetent""... $ac_c" 1>&6 +echo "configure:3786: checking for tgetent" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_tgetent'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_tgetent\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" termcap; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 3799 "configure" +#include "confdefs.h" + +int main() { +tgetent() +; return 0; } +EOF +if { (eval echo configure:3806: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_tgetent=$ac_lib; else ac_cv_funclib_tgetent=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_tgetent=\${ac_cv_funclib_tgetent-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_tgetent" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs tgetent"@@@ +@@@libs="$libs termcap"@@@ +END + +eval "ac_tr_func=HAVE_`echo tgetent | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_tgetent=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_tgetent=yes" + eval "LIB_tgetent=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_tgetent=no" + eval "LIB_tgetent=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_tgetent=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + + +# If we find X, set shell vars x_includes and x_libraries to the +# paths, otherwise set no_x=yes. +# Uses ac_ vars as temps to allow command line to override cache and checks. +# --without-x overrides everything else, but does not touch the cache. +echo $ac_n "checking for X""... $ac_c" 1>&6 +echo "configure:3871: checking for X" >&5 + +# Check whether --with-x or --without-x was given. +if test "${with_x+set}" = set; then + withval="$with_x" + : +fi + +# $have_x is `yes', `no', `disabled', or empty when we do not yet know. +if test "x$with_x" = xno; then + # The user explicitly disabled X. + have_x=disabled +else + if test "x$x_includes" != xNONE && test "x$x_libraries" != xNONE; then + # Both variables are already set. + have_x=yes + else +if eval "test \"`echo '$''{'ac_cv_have_x'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + # One or both of the vars are not set, and there is no cached value. +ac_x_includes=NO ac_x_libraries=NO +rm -fr conftestdir +if mkdir conftestdir; then + cd conftestdir + # Make sure to not put "make" in the Imakefile rules, since we grep it out. + cat > Imakefile <<'EOF' +acfindx: + @echo 'ac_im_incroot="${INCROOT}"; ac_im_usrlibdir="${USRLIBDIR}"; ac_im_libdir="${LIBDIR}"' +EOF + if (xmkmf) >/dev/null 2>/dev/null && test -f Makefile; then + # GNU make sometimes prints "make[1]: Entering...", which would confuse us. + eval `${MAKE-make} acfindx 2>/dev/null | grep -v make` + # Open Windows xmkmf reportedly sets LIBDIR instead of USRLIBDIR. + for ac_extension in a so sl; do + if test ! -f $ac_im_usrlibdir/libX11.$ac_extension && + test -f $ac_im_libdir/libX11.$ac_extension; then + ac_im_usrlibdir=$ac_im_libdir; break + fi + done + # Screen out bogus values from the imake configuration. They are + # bogus both because they are the default anyway, and because + # using them would break gcc on systems where it needs fixed includes. + case "$ac_im_incroot" in + /usr/include) ;; + *) test -f "$ac_im_incroot/X11/Xos.h" && ac_x_includes="$ac_im_incroot" ;; + esac + case "$ac_im_usrlibdir" in + /usr/lib | /lib) ;; + *) test -d "$ac_im_usrlibdir" && ac_x_libraries="$ac_im_usrlibdir" ;; + esac + fi + cd .. + rm -fr conftestdir +fi + +if test "$ac_x_includes" = NO; then + # Guess where to find include files, by looking for this one X11 .h file. + test -z "$x_direct_test_include" && x_direct_test_include=X11/Intrinsic.h + + # First, try using that file with no special directory specified. +cat > conftest.$ac_ext <<EOF +#line 3933 "configure" +#include "confdefs.h" +#include <$x_direct_test_include> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:3938: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + # We can compile using X headers with no special include directory. +ac_x_includes= +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + # Look for the header file in a standard set of common directories. +# Check X11 before X11Rn because it is often a symlink to the current release. + for ac_dir in \ + /usr/X11/include \ + /usr/X11R6/include \ + /usr/X11R5/include \ + /usr/X11R4/include \ + \ + /usr/include/X11 \ + /usr/include/X11R6 \ + /usr/include/X11R5 \ + /usr/include/X11R4 \ + \ + /usr/local/X11/include \ + /usr/local/X11R6/include \ + /usr/local/X11R5/include \ + /usr/local/X11R4/include \ + \ + /usr/local/include/X11 \ + /usr/local/include/X11R6 \ + /usr/local/include/X11R5 \ + /usr/local/include/X11R4 \ + \ + /usr/X386/include \ + /usr/x386/include \ + /usr/XFree86/include/X11 \ + \ + /usr/include \ + /usr/local/include \ + /usr/unsupported/include \ + /usr/athena/include \ + /usr/local/x11r5/include \ + /usr/lpp/Xamples/include \ + \ + /usr/openwin/include \ + /usr/openwin/share/include \ + ; \ + do + if test -r "$ac_dir/$x_direct_test_include"; then + ac_x_includes=$ac_dir + break + fi + done +fi +rm -f conftest* +fi # $ac_x_includes = NO + +if test "$ac_x_libraries" = NO; then + # Check for the libraries. + + test -z "$x_direct_test_library" && x_direct_test_library=Xt + test -z "$x_direct_test_function" && x_direct_test_function=XtMalloc + + # See if we find them without any special options. + # Don't add to $LIBS permanently. + ac_save_LIBS="$LIBS" + LIBS="-l$x_direct_test_library $LIBS" +cat > conftest.$ac_ext <<EOF +#line 4007 "configure" +#include "confdefs.h" + +int main() { +${x_direct_test_function}() +; return 0; } +EOF +if { (eval echo configure:4014: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + LIBS="$ac_save_LIBS" +# We can link X programs with no special library path. +ac_x_libraries= +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + LIBS="$ac_save_LIBS" +# First see if replacing the include by lib works. +# Check X11 before X11Rn because it is often a symlink to the current release. +for ac_dir in `echo "$ac_x_includes" | sed s/include/lib/` \ + /usr/X11/lib \ + /usr/X11R6/lib \ + /usr/X11R5/lib \ + /usr/X11R4/lib \ + \ + /usr/lib/X11 \ + /usr/lib/X11R6 \ + /usr/lib/X11R5 \ + /usr/lib/X11R4 \ + \ + /usr/local/X11/lib \ + /usr/local/X11R6/lib \ + /usr/local/X11R5/lib \ + /usr/local/X11R4/lib \ + \ + /usr/local/lib/X11 \ + /usr/local/lib/X11R6 \ + /usr/local/lib/X11R5 \ + /usr/local/lib/X11R4 \ + \ + /usr/X386/lib \ + /usr/x386/lib \ + /usr/XFree86/lib/X11 \ + \ + /usr/lib \ + /usr/local/lib \ + /usr/unsupported/lib \ + /usr/athena/lib \ + /usr/local/x11r5/lib \ + /usr/lpp/Xamples/lib \ + /lib/usr/lib/X11 \ + \ + /usr/openwin/lib \ + /usr/openwin/share/lib \ + ; \ +do + for ac_extension in a so sl; do + if test -r $ac_dir/lib${x_direct_test_library}.$ac_extension; then + ac_x_libraries=$ac_dir + break 2 + fi + done +done +fi +rm -f conftest* +fi # $ac_x_libraries = NO + +if test "$ac_x_includes" = NO || test "$ac_x_libraries" = NO; then + # Didn't find X anywhere. Cache the known absence of X. + ac_cv_have_x="have_x=no" +else + # Record where we found X for the cache. + ac_cv_have_x="have_x=yes \ + ac_x_includes=$ac_x_includes ac_x_libraries=$ac_x_libraries" +fi +fi + fi + eval "$ac_cv_have_x" +fi # $with_x != no + +if test "$have_x" != yes; then + echo "$ac_t""$have_x" 1>&6 + no_x=yes +else + # If each of the values was on the command line, it overrides each guess. + test "x$x_includes" = xNONE && x_includes=$ac_x_includes + test "x$x_libraries" = xNONE && x_libraries=$ac_x_libraries + # Update the cache value to reflect the command line values. + ac_cv_have_x="have_x=yes \ + ac_x_includes=$x_includes ac_x_libraries=$x_libraries" + echo "$ac_t""libraries $x_libraries, headers $x_includes" 1>&6 +fi + +if test "$no_x" = yes; then + # Not all programs may use this symbol, but it does not hurt to define it. + cat >> confdefs.h <<\EOF +#define X_DISPLAY_MISSING 1 +EOF + + X_CFLAGS= X_PRE_LIBS= X_LIBS= X_EXTRA_LIBS= +else + if test -n "$x_includes"; then + X_CFLAGS="$X_CFLAGS -I$x_includes" + fi + + # It would also be nice to do this for all -L options, not just this one. + if test -n "$x_libraries"; then + X_LIBS="$X_LIBS -L$x_libraries" + # For Solaris; some versions of Sun CC require a space after -R and + # others require no space. Words are not sufficient . . . . + case "`(uname -sr) 2>/dev/null`" in + "SunOS 5"*) + echo $ac_n "checking whether -R must be followed by a space""... $ac_c" 1>&6 +echo "configure:4120: checking whether -R must be followed by a space" >&5 + ac_xsave_LIBS="$LIBS"; LIBS="$LIBS -R$x_libraries" + cat > conftest.$ac_ext <<EOF +#line 4123 "configure" +#include "confdefs.h" + +int main() { + +; return 0; } +EOF +if { (eval echo configure:4130: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + ac_R_nospace=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_R_nospace=no +fi +rm -f conftest* + if test $ac_R_nospace = yes; then + echo "$ac_t""no" 1>&6 + X_LIBS="$X_LIBS -R$x_libraries" + else + LIBS="$ac_xsave_LIBS -R $x_libraries" + cat > conftest.$ac_ext <<EOF +#line 4146 "configure" +#include "confdefs.h" + +int main() { + +; return 0; } +EOF +if { (eval echo configure:4153: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + ac_R_space=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_R_space=no +fi +rm -f conftest* + if test $ac_R_space = yes; then + echo "$ac_t""yes" 1>&6 + X_LIBS="$X_LIBS -R $x_libraries" + else + echo "$ac_t""neither works" 1>&6 + fi + fi + LIBS="$ac_xsave_LIBS" + esac + fi + + # Check for system-dependent libraries X programs must link with. + # Do this before checking for the system-independent R6 libraries + # (-lICE), since we may need -lsocket or whatever for X linking. + + if test "$ISC" = yes; then + X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl_s -linet" + else + # Martyn.Johnson@cl.cam.ac.uk says this is needed for Ultrix, if the X + # libraries were built with DECnet support. And karl@cs.umb.edu says + # the Alpha needs dnet_stub (dnet does not exist). + echo $ac_n "checking for dnet_ntoa in -ldnet""... $ac_c" 1>&6 +echo "configure:4185: checking for dnet_ntoa in -ldnet" >&5 +ac_lib_var=`echo dnet'_'dnet_ntoa | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-ldnet $LIBS" +cat > conftest.$ac_ext <<EOF +#line 4193 "configure" +#include "confdefs.h" +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char dnet_ntoa(); + +int main() { +dnet_ntoa() +; return 0; } +EOF +if { (eval echo configure:4204: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet" +else + echo "$ac_t""no" 1>&6 +fi + + if test $ac_cv_lib_dnet_dnet_ntoa = no; then + echo $ac_n "checking for dnet_ntoa in -ldnet_stub""... $ac_c" 1>&6 +echo "configure:4226: checking for dnet_ntoa in -ldnet_stub" >&5 +ac_lib_var=`echo dnet_stub'_'dnet_ntoa | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-ldnet_stub $LIBS" +cat > conftest.$ac_ext <<EOF +#line 4234 "configure" +#include "confdefs.h" +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char dnet_ntoa(); + +int main() { +dnet_ntoa() +; return 0; } +EOF +if { (eval echo configure:4245: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + X_EXTRA_LIBS="$X_EXTRA_LIBS -ldnet_stub" +else + echo "$ac_t""no" 1>&6 +fi + + fi + + # msh@cis.ufl.edu says -lnsl (and -lsocket) are needed for his 386/AT, + # to get the SysV transport functions. + # chad@anasazi.com says the Pyramis MIS-ES running DC/OSx (SVR4) + # needs -lnsl. + # The nsl library prevents programs from opening the X display + # on Irix 5.2, according to dickey@clark.net. + echo $ac_n "checking for gethostbyname""... $ac_c" 1>&6 +echo "configure:4274: checking for gethostbyname" >&5 +if eval "test \"`echo '$''{'ac_cv_func_gethostbyname'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 4279 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char gethostbyname(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char gethostbyname(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_gethostbyname) || defined (__stub___gethostbyname) +choke me +#else +gethostbyname(); +#endif + +; return 0; } +EOF +if { (eval echo configure:4302: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_gethostbyname=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_gethostbyname=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'gethostbyname`\" = yes"; then + echo "$ac_t""yes" 1>&6 + : +else + echo "$ac_t""no" 1>&6 +fi + + if test $ac_cv_func_gethostbyname = no; then + echo $ac_n "checking for gethostbyname in -lnsl""... $ac_c" 1>&6 +echo "configure:4323: checking for gethostbyname in -lnsl" >&5 +ac_lib_var=`echo nsl'_'gethostbyname | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lnsl $LIBS" +cat > conftest.$ac_ext <<EOF +#line 4331 "configure" +#include "confdefs.h" +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char gethostbyname(); + +int main() { +gethostbyname() +; return 0; } +EOF +if { (eval echo configure:4342: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + X_EXTRA_LIBS="$X_EXTRA_LIBS -lnsl" +else + echo "$ac_t""no" 1>&6 +fi + + fi + + # lieder@skyler.mavd.honeywell.com says without -lsocket, + # socket/setsockopt and other routines are undefined under SCO ODT + # 2.0. But -lsocket is broken on IRIX 5.2 (and is not necessary + # on later versions), says simon@lia.di.epfl.ch: it contains + # gethostby* variants that don't use the nameserver (or something). + # -lsocket must be given before -lnsl if both are needed. + # We assume that if connect needs -lnsl, so does gethostbyname. + echo $ac_n "checking for connect""... $ac_c" 1>&6 +echo "configure:4372: checking for connect" >&5 +if eval "test \"`echo '$''{'ac_cv_func_connect'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 4377 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char connect(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char connect(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_connect) || defined (__stub___connect) +choke me +#else +connect(); +#endif + +; return 0; } +EOF +if { (eval echo configure:4400: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_connect=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_connect=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'connect`\" = yes"; then + echo "$ac_t""yes" 1>&6 + : +else + echo "$ac_t""no" 1>&6 +fi + + if test $ac_cv_func_connect = no; then + echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6 +echo "configure:4421: checking for connect in -lsocket" >&5 +ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lsocket $X_EXTRA_LIBS $LIBS" +cat > conftest.$ac_ext <<EOF +#line 4429 "configure" +#include "confdefs.h" +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char connect(); + +int main() { +connect() +; return 0; } +EOF +if { (eval echo configure:4440: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + X_EXTRA_LIBS="-lsocket $X_EXTRA_LIBS" +else + echo "$ac_t""no" 1>&6 +fi + + fi + + # gomez@mi.uni-erlangen.de says -lposix is necessary on A/UX. + echo $ac_n "checking for remove""... $ac_c" 1>&6 +echo "configure:4464: checking for remove" >&5 +if eval "test \"`echo '$''{'ac_cv_func_remove'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 4469 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char remove(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char remove(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_remove) || defined (__stub___remove) +choke me +#else +remove(); +#endif + +; return 0; } +EOF +if { (eval echo configure:4492: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_remove=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_remove=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'remove`\" = yes"; then + echo "$ac_t""yes" 1>&6 + : +else + echo "$ac_t""no" 1>&6 +fi + + if test $ac_cv_func_remove = no; then + echo $ac_n "checking for remove in -lposix""... $ac_c" 1>&6 +echo "configure:4513: checking for remove in -lposix" >&5 +ac_lib_var=`echo posix'_'remove | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lposix $LIBS" +cat > conftest.$ac_ext <<EOF +#line 4521 "configure" +#include "confdefs.h" +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char remove(); + +int main() { +remove() +; return 0; } +EOF +if { (eval echo configure:4532: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + X_EXTRA_LIBS="$X_EXTRA_LIBS -lposix" +else + echo "$ac_t""no" 1>&6 +fi + + fi + + # BSDI BSD/OS 2.1 needs -lipc for XOpenDisplay. + echo $ac_n "checking for shmat""... $ac_c" 1>&6 +echo "configure:4556: checking for shmat" >&5 +if eval "test \"`echo '$''{'ac_cv_func_shmat'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 4561 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char shmat(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char shmat(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_shmat) || defined (__stub___shmat) +choke me +#else +shmat(); +#endif + +; return 0; } +EOF +if { (eval echo configure:4584: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_shmat=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_shmat=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'shmat`\" = yes"; then + echo "$ac_t""yes" 1>&6 + : +else + echo "$ac_t""no" 1>&6 +fi + + if test $ac_cv_func_shmat = no; then + echo $ac_n "checking for shmat in -lipc""... $ac_c" 1>&6 +echo "configure:4605: checking for shmat in -lipc" >&5 +ac_lib_var=`echo ipc'_'shmat | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lipc $LIBS" +cat > conftest.$ac_ext <<EOF +#line 4613 "configure" +#include "confdefs.h" +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char shmat(); + +int main() { +shmat() +; return 0; } +EOF +if { (eval echo configure:4624: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + X_EXTRA_LIBS="$X_EXTRA_LIBS -lipc" +else + echo "$ac_t""no" 1>&6 +fi + + fi + fi + + # Check for libraries that X11R6 Xt/Xaw programs need. + ac_save_LDFLAGS="$LDFLAGS" + test -n "$x_libraries" && LDFLAGS="$LDFLAGS -L$x_libraries" + # SM needs ICE to (dynamically) link under SunOS 4.x (so we have to + # check for ICE first), but we must link in the order -lSM -lICE or + # we get undefined symbols. So assume we have SM if we have ICE. + # These have to be linked with before -lX11, unlike the other + # libraries we check for below, so use a different variable. + # --interran@uluru.Stanford.EDU, kb@cs.umb.edu. + echo $ac_n "checking for IceConnectionNumber in -lICE""... $ac_c" 1>&6 +echo "configure:4657: checking for IceConnectionNumber in -lICE" >&5 +ac_lib_var=`echo ICE'_'IceConnectionNumber | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lICE $LIBS" +cat > conftest.$ac_ext <<EOF +#line 4665 "configure" +#include "confdefs.h" +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char IceConnectionNumber(); + +int main() { +IceConnectionNumber() +; return 0; } +EOF +if { (eval echo configure:4676: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + X_PRE_LIBS="$X_PRE_LIBS -lSM -lICE" +else + echo "$ac_t""no" 1>&6 +fi + + LDFLAGS="$ac_save_LDFLAGS" + +fi + +if test "$no_x" = "yes" ; then + MAKE_X_PROGS_BIN="" + MAKE_X_PROGS_LIBEXEC="" +else + MAKE_X_PROGS_BIN='$(X_PROGS_BIN)' + MAKE_X_PROGS_LIBEXEC='$(X_PROGS_LIBEXEC)' +fi + +save_CFLAGS="$CFLAGS" +CFLAGS="$X_CFLAGS $CFLAGS" +save_LIBS="$LIBS" +LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS" +save_LDFLAGS="$LDFLAGS" +LDFLAGS="$LDFLAGS $X_LIBS" + + + +echo $ac_n "checking for XauReadAuth""... $ac_c" 1>&6 +echo "configure:4718: checking for XauReadAuth" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_XauReadAuth'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_XauReadAuth\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" Xau X11; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 4731 "configure" +#include "confdefs.h" + +int main() { +XauReadAuth() +; return 0; } +EOF +if { (eval echo configure:4738: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_XauReadAuth=$ac_lib; else ac_cv_funclib_XauReadAuth=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_XauReadAuth=\${ac_cv_funclib_XauReadAuth-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_XauReadAuth" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs XauReadAuth"@@@ +@@@libs="$libs Xau X11"@@@ +END + +eval "ac_tr_func=HAVE_`echo XauReadAuth | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_XauReadAuth=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_XauReadAuth=yes" + eval "LIB_XauReadAuth=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_XauReadAuth=no" + eval "LIB_XauReadAuth=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_XauReadAuth=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + +ac_xxx="$LIBS" +LIBS="$LIB_XauReadAuth $LIBS" +for ac_func in XauWriteAuth +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:4802: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 4807 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:4830: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +if test "$ac_cv_func_XauWriteAuth" != "yes"; then + XauWriteAuth_c=writeauth.c + XauWriteAuth_o=writeauth.o +fi +LIBS="$ac_xxx" + +CFLAGS=$save_CFLAGS +LIBS=$save_LIBS +LDFLAGS=$save_LDFLAGS + + +save_LIBS="$LIBS" + + +echo $ac_n "checking for dbopen""... $ac_c" 1>&6 +echo "configure:4869: checking for dbopen" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_dbopen'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_dbopen\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" $berkeley_db; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 4882 "configure" +#include "confdefs.h" + +int main() { +dbopen() +; return 0; } +EOF +if { (eval echo configure:4889: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbopen=$ac_lib; else ac_cv_funclib_dbopen=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_dbopen=\${ac_cv_funclib_dbopen-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_dbopen" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs dbopen"@@@ +@@@libs="$libs $berkeley_db"@@@ +END + +eval "ac_tr_func=HAVE_`echo dbopen | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_dbopen=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_dbopen=yes" + eval "LIB_dbopen=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_dbopen=no" + eval "LIB_dbopen=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_dbopen=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + +LIBS="$LIB_dbopen $LIBS" + + +echo $ac_n "checking for dbm_firstkey""... $ac_c" 1>&6 +echo "configure:4952: checking for dbm_firstkey" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_dbm_firstkey'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_dbm_firstkey\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" $berkeley_db gdbm ndbm; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 4965 "configure" +#include "confdefs.h" + +int main() { +dbm_firstkey() +; return 0; } +EOF +if { (eval echo configure:4972: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_dbm_firstkey=$ac_lib; else ac_cv_funclib_dbm_firstkey=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_dbm_firstkey=\${ac_cv_funclib_dbm_firstkey-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_dbm_firstkey" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs dbm_firstkey"@@@ +@@@libs="$libs $berkeley_db gdbm ndbm"@@@ +END + +eval "ac_tr_func=HAVE_`echo dbm_firstkey | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_dbm_firstkey=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_dbm_firstkey=yes" + eval "LIB_dbm_firstkey=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_dbm_firstkey=no" + eval "LIB_dbm_firstkey=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_dbm_firstkey=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + +if test -n "$LIB_dbopen"; then + LIB_DBM="$LIB_dbopen" +else + LIB_DBM="$LIB_dbm_firstkey" +fi +LIBS="$save_LIBS" + + + + +echo $ac_n "checking for syslog""... $ac_c" 1>&6 +echo "configure:5042: checking for syslog" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_syslog'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_syslog\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" syslog; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 5055 "configure" +#include "confdefs.h" + +int main() { +syslog() +; return 0; } +EOF +if { (eval echo configure:5062: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_syslog=$ac_lib; else ac_cv_funclib_syslog=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_syslog=\${ac_cv_funclib_syslog-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_syslog" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs syslog"@@@ +@@@libs="$libs syslog"@@@ +END + +eval "ac_tr_func=HAVE_`echo syslog | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_syslog=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_syslog=yes" + eval "LIB_syslog=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_syslog=no" + eval "LIB_syslog=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_syslog=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + +if test -n "$LIB_syslog"; then + LIBS="$LIB_syslog $LIBS" +fi + + +echo $ac_n "checking for working snprintf""... $ac_c" 1>&6 +echo "configure:5127: checking for working snprintf" >&5 +if eval "test \"`echo '$''{'ac_cv_func_snprintf_working'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_cv_func_snprintf_working=yes +if test "$cross_compiling" = yes; then + : +else + cat > conftest.$ac_ext <<EOF +#line 5136 "configure" +#include "confdefs.h" + +#include <stdio.h> +#include <string.h> +int main() +{ + char foo[3]; + snprintf(foo, 2, "12"); + return strcmp(foo, "1"); +} +EOF +if { (eval echo configure:5148: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + : +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_func_snprintf_working=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$ac_cv_func_snprintf_working" 1>&6 +: << END +@@@funcs="$funcs snprintf"@@@ +END +if test "$ac_cv_func_snprintf_working" = yes; then + foo=HAVE_SNPRINTF + cat >> confdefs.h <<EOF +#define $foo 1 +EOF + +fi + +for ac_func in asnprintf asprintf vasprintf vasnprintf vsnprintf +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5177: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 5182 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5205: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + + + +for ac_func in _getpty _scrsize _setsid _stricmp fchmod fcntl flock +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5234: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 5239 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5262: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_func in forkpty frevoke gethostname getlogin getpriority getservbyname +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5289: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 5294 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5317: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_func in getspnam getspuid gettimeofday getuid grantpt +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5344: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 5349 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5372: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_func in innetgr iruserok mktime ptsname rand random +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5399: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 5404 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5427: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_func in revoke setitimer setlogin setpgid setpriority +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5454: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 5459 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5482: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_func in setproctitle setregid setresgid setresuid setreuid setsid +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5509: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 5514 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5537: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_func in setutent swab ttyname ttyslot ulimit uname +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5564: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 5569 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5592: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_func in unlockpt vhangup yp_get_default_domain +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5619: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 5624 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5647: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + + + +echo $ac_n "checking for getpwnam_r""... $ac_c" 1>&6 +echo "configure:5674: checking for getpwnam_r" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_getpwnam_r'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_getpwnam_r\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" c_r; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 5687 "configure" +#include "confdefs.h" + +int main() { +getpwnam_r() +; return 0; } +EOF +if { (eval echo configure:5694: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_getpwnam_r=$ac_lib; else ac_cv_funclib_getpwnam_r=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_getpwnam_r=\${ac_cv_funclib_getpwnam_r-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_getpwnam_r" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs getpwnam_r"@@@ +@@@libs="$libs c_r"@@@ +END + +eval "ac_tr_func=HAVE_`echo getpwnam_r | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_getpwnam_r=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_getpwnam_r=yes" + eval "LIB_getpwnam_r=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_getpwnam_r=no" + eval "LIB_getpwnam_r=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_getpwnam_r=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + +if test "$ac_cv_func_getpwnam_r" = yes; then + echo $ac_n "checking if getpwnam_r is posix""... $ac_c" 1>&6 +echo "configure:5755: checking if getpwnam_r is posix" >&5 +if eval "test \"`echo '$''{'ac_cv_func_getpwnam_r_posix'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_libs="$LIBS" + LIBS="$LIBS $LIB_getpwnam_r" + if test "$cross_compiling" = yes; then + : +else + cat > conftest.$ac_ext <<EOF +#line 5765 "configure" +#include "confdefs.h" + +#include <pwd.h> +int main() +{ + struct passwd pw, *pwd; + return getpwnam_r("", &pw, NULL, 0, &pwd) < 0; +} + +EOF +if { (eval echo configure:5776: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + ac_cv_func_getpwnam_r_posix=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_func_getpwnam_r_posix=no +fi +rm -fr conftest* +fi + +LIBS="$ac_libs" +fi + +echo "$ac_t""$ac_cv_func_getpwnam_r_posix" 1>&6 +if test "$ac_cv_func_getpwnam_r_posix" = yes; then + cat >> confdefs.h <<\EOF +#define POSIX_GETPWNAM_R 1 +EOF + +fi +fi + + + +echo $ac_n "checking for getsockopt""... $ac_c" 1>&6 +echo "configure:5803: checking for getsockopt" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_getsockopt'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_getsockopt\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" ; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 5816 "configure" +#include "confdefs.h" +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +int main() { +getsockopt(0,0,0,0,0) +; return 0; } +EOF +if { (eval echo configure:5828: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_getsockopt=$ac_lib; else ac_cv_funclib_getsockopt=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_getsockopt=\${ac_cv_funclib_getsockopt-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_getsockopt" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs getsockopt"@@@ +@@@libs="$libs "@@@ +END + +eval "ac_tr_func=HAVE_`echo getsockopt | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_getsockopt=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_getsockopt=yes" + eval "LIB_getsockopt=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_getsockopt=no" + eval "LIB_getsockopt=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_getsockopt=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + + + +echo $ac_n "checking for setsockopt""... $ac_c" 1>&6 +echo "configure:5890: checking for setsockopt" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_setsockopt'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_setsockopt\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" ; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 5903 "configure" +#include "confdefs.h" +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +int main() { +setsockopt(0,0,0,0,0) +; return 0; } +EOF +if { (eval echo configure:5915: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_setsockopt=$ac_lib; else ac_cv_funclib_setsockopt=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_setsockopt=\${ac_cv_funclib_setsockopt-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_setsockopt" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs setsockopt"@@@ +@@@libs="$libs "@@@ +END + +eval "ac_tr_func=HAVE_`echo setsockopt | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_setsockopt=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_setsockopt=yes" + eval "LIB_setsockopt=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_setsockopt=no" + eval "LIB_setsockopt=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_setsockopt=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + + +for ac_func in getudbnam setlim +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5978: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 5983 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6006: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + + + + + +echo $ac_n "checking for res_search""... $ac_c" 1>&6 +echo "configure:6035: checking for res_search" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_res_search'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_res_search\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" resolv; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 6048 "configure" +#include "confdefs.h" + +#include <stdio.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include <arpa/nameser.h> +#endif +#ifdef HAVE_RESOLV_H +#include <resolv.h> +#endif + +int main() { +res_search(0,0,0,0,0) +; return 0; } +EOF +if { (eval echo configure:6069: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_res_search=$ac_lib; else ac_cv_funclib_res_search=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_res_search=\${ac_cv_funclib_res_search-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_res_search" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs res_search"@@@ +@@@libs="$libs resolv"@@@ +END + +eval "ac_tr_func=HAVE_`echo res_search | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_res_search=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_res_search=yes" + eval "LIB_res_search=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_res_search=no" + eval "LIB_res_search=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_res_search=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + +if test -n "$LIB_res_search"; then + LIBS="$LIB_res_search $LIBS" +fi + + + + + +echo $ac_n "checking for dn_expand""... $ac_c" 1>&6 +echo "configure:6137: checking for dn_expand" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_dn_expand'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_dn_expand\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" resolv; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 6150 "configure" +#include "confdefs.h" + +#include <stdio.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include <arpa/nameser.h> +#endif +#ifdef HAVE_RESOLV_H +#include <resolv.h> +#endif + +int main() { +dn_expand(0,0,0,0,0) +; return 0; } +EOF +if { (eval echo configure:6171: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_dn_expand=$ac_lib; else ac_cv_funclib_dn_expand=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_dn_expand=\${ac_cv_funclib_dn_expand-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_dn_expand" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs dn_expand"@@@ +@@@libs="$libs resolv"@@@ +END + +eval "ac_tr_func=HAVE_`echo dn_expand | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_dn_expand=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_dn_expand=yes" + eval "LIB_dn_expand=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_dn_expand=no" + eval "LIB_dn_expand=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_dn_expand=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + +if test -n "$LIB_dn_expand"; then + LIBS="$LIB_dn_expand $LIBS" +fi + + + +for ac_hdr in unistd.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:6240: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 6245 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:6250: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +for ac_func in getpagesize +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6279: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 6284 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6307: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + +echo $ac_n "checking for working mmap""... $ac_c" 1>&6 +echo "configure:6332: checking for working mmap" >&5 +if eval "test \"`echo '$''{'ac_cv_func_mmap_fixed_mapped'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + ac_cv_func_mmap_fixed_mapped=no +else + cat > conftest.$ac_ext <<EOF +#line 6340 "configure" +#include "confdefs.h" + +/* Thanks to Mike Haertel and Jim Avera for this test. + Here is a matrix of mmap possibilities: + mmap private not fixed + mmap private fixed at somewhere currently unmapped + mmap private fixed at somewhere already mapped + mmap shared not fixed + mmap shared fixed at somewhere currently unmapped + mmap shared fixed at somewhere already mapped + For private mappings, we should verify that changes cannot be read() + back from the file, nor mmap's back from the file at a different + address. (There have been systems where private was not correctly + implemented like the infamous i386 svr4.0, and systems where the + VM page cache was not coherent with the filesystem buffer cache + like early versions of FreeBSD and possibly contemporary NetBSD.) + For shared mappings, we should conversely verify that changes get + propogated back to all the places they're supposed to be. + + Grep wants private fixed already mapped. + The main things grep needs to know about mmap are: + * does it exist and is it safe to write into the mmap'd area + * how to use it (BSD variants) */ +#include <sys/types.h> +#include <fcntl.h> +#include <sys/mman.h> + +/* This mess was copied from the GNU getpagesize.h. */ +#ifndef HAVE_GETPAGESIZE +# ifdef HAVE_UNISTD_H +# include <unistd.h> +# endif + +/* Assume that all systems that can run configure have sys/param.h. */ +# ifndef HAVE_SYS_PARAM_H +# define HAVE_SYS_PARAM_H 1 +# endif + +# ifdef _SC_PAGESIZE +# define getpagesize() sysconf(_SC_PAGESIZE) +# else /* no _SC_PAGESIZE */ +# ifdef HAVE_SYS_PARAM_H +# include <sys/param.h> +# ifdef EXEC_PAGESIZE +# define getpagesize() EXEC_PAGESIZE +# else /* no EXEC_PAGESIZE */ +# ifdef NBPG +# define getpagesize() NBPG * CLSIZE +# ifndef CLSIZE +# define CLSIZE 1 +# endif /* no CLSIZE */ +# else /* no NBPG */ +# ifdef NBPC +# define getpagesize() NBPC +# else /* no NBPC */ +# ifdef PAGESIZE +# define getpagesize() PAGESIZE +# endif /* PAGESIZE */ +# endif /* no NBPC */ +# endif /* no NBPG */ +# endif /* no EXEC_PAGESIZE */ +# else /* no HAVE_SYS_PARAM_H */ +# define getpagesize() 8192 /* punt totally */ +# endif /* no HAVE_SYS_PARAM_H */ +# endif /* no _SC_PAGESIZE */ + +#endif /* no HAVE_GETPAGESIZE */ + +#ifdef __cplusplus +extern "C" { void *malloc(unsigned); } +#else +char *malloc(); +#endif + +int +main() +{ + char *data, *data2, *data3; + int i, pagesize; + int fd; + + pagesize = getpagesize(); + + /* + * First, make a file with some known garbage in it. + */ + data = malloc(pagesize); + if (!data) + exit(1); + for (i = 0; i < pagesize; ++i) + *(data + i) = rand(); + umask(0); + fd = creat("conftestmmap", 0600); + if (fd < 0) + exit(1); + if (write(fd, data, pagesize) != pagesize) + exit(1); + close(fd); + + /* + * Next, try to mmap the file at a fixed address which + * already has something else allocated at it. If we can, + * also make sure that we see the same garbage. + */ + fd = open("conftestmmap", O_RDWR); + if (fd < 0) + exit(1); + data2 = malloc(2 * pagesize); + if (!data2) + exit(1); + data2 += (pagesize - ((int) data2 & (pagesize - 1))) & (pagesize - 1); + if (data2 != mmap(data2, pagesize, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_FIXED, fd, 0L)) + exit(1); + for (i = 0; i < pagesize; ++i) + if (*(data + i) != *(data2 + i)) + exit(1); + + /* + * Finally, make sure that changes to the mapped area + * do not percolate back to the file as seen by read(). + * (This is a bug on some variants of i386 svr4.0.) + */ + for (i = 0; i < pagesize; ++i) + *(data2 + i) = *(data2 + i) + 1; + data3 = malloc(pagesize); + if (!data3) + exit(1); + if (read(fd, data3, pagesize) != pagesize) + exit(1); + for (i = 0; i < pagesize; ++i) + if (*(data + i) != *(data3 + i)) + exit(1); + close(fd); + unlink("conftestmmap"); + exit(0); +} + +EOF +if { (eval echo configure:6480: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + ac_cv_func_mmap_fixed_mapped=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_func_mmap_fixed_mapped=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$ac_cv_func_mmap_fixed_mapped" 1>&6 +if test $ac_cv_func_mmap_fixed_mapped = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_MMAP 1 +EOF + +fi + +# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works +# for constant arguments. Useless! +echo $ac_n "checking for working alloca.h""... $ac_c" 1>&6 +echo "configure:6505: checking for working alloca.h" >&5 +if eval "test \"`echo '$''{'ac_cv_header_alloca_h'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 6510 "configure" +#include "confdefs.h" +#include <alloca.h> +int main() { +char *p = alloca(2 * sizeof(int)); +; return 0; } +EOF +if { (eval echo configure:6517: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + ac_cv_header_alloca_h=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_alloca_h=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_header_alloca_h" 1>&6 +if test $ac_cv_header_alloca_h = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_ALLOCA_H 1 +EOF + +fi + +echo $ac_n "checking for alloca""... $ac_c" 1>&6 +echo "configure:6538: checking for alloca" >&5 +if eval "test \"`echo '$''{'ac_cv_func_alloca_works'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 6543 "configure" +#include "confdefs.h" + +#ifdef __GNUC__ +# define alloca __builtin_alloca +#else +# if HAVE_ALLOCA_H +# include <alloca.h> +# else +# ifdef _AIX + #pragma alloca +# else +# ifndef alloca /* predefined by HP cc +Olibcalls */ +char *alloca (); +# endif +# endif +# endif +#endif + +int main() { +char *p = (char *) alloca(1); +; return 0; } +EOF +if { (eval echo configure:6566: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + ac_cv_func_alloca_works=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_func_alloca_works=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_alloca_works" 1>&6 +if test $ac_cv_func_alloca_works = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_ALLOCA 1 +EOF + +fi + +if test $ac_cv_func_alloca_works = no; then + # The SVR3 libPW and SVR4 libucb both contain incompatible functions + # that cause trouble. Some versions do not even contain alloca or + # contain a buggy version. If you still want to use their alloca, + # use ar to extract alloca.o from them instead of compiling alloca.c. + ALLOCA=alloca.o + cat >> confdefs.h <<\EOF +#define C_ALLOCA 1 +EOF + + +echo $ac_n "checking whether alloca needs Cray hooks""... $ac_c" 1>&6 +echo "configure:6598: checking whether alloca needs Cray hooks" >&5 +if eval "test \"`echo '$''{'ac_cv_os_cray'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 6603 "configure" +#include "confdefs.h" +#if defined(CRAY) && ! defined(CRAY2) +webecray +#else +wenotbecray +#endif + +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "webecray" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_os_cray=yes +else + rm -rf conftest* + ac_cv_os_cray=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$ac_cv_os_cray" 1>&6 +if test $ac_cv_os_cray = yes; then +for ac_func in _getb67 GETB67 getb67; do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6628: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 6633 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6656: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<EOF +#define CRAY_STACKSEG_END $ac_func +EOF + + break +else + echo "$ac_t""no" 1>&6 +fi + +done +fi + +echo $ac_n "checking stack direction for C alloca""... $ac_c" 1>&6 +echo "configure:6683: checking stack direction for C alloca" >&5 +if eval "test \"`echo '$''{'ac_cv_c_stack_direction'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + ac_cv_c_stack_direction=0 +else + cat > conftest.$ac_ext <<EOF +#line 6691 "configure" +#include "confdefs.h" +find_stack_direction () +{ + static char *addr = 0; + auto char dummy; + if (addr == 0) + { + addr = &dummy; + return find_stack_direction (); + } + else + return (&dummy > addr) ? 1 : -1; +} +main () +{ + exit (find_stack_direction() < 0); +} +EOF +if { (eval echo configure:6710: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + ac_cv_c_stack_direction=1 +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_c_stack_direction=-1 +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$ac_cv_c_stack_direction" 1>&6 +cat >> confdefs.h <<EOF +#define STACK_DIRECTION $ac_cv_c_stack_direction +EOF + +fi + + +# +# Test for POSIX (broken) getlogin +# + +if test "$ac_cv_func_getlogin" = yes; then +echo $ac_n "checking if getlogin is posix""... $ac_c" 1>&6 +echo "configure:6738: checking if getlogin is posix" >&5 +if eval "test \"`echo '$''{'ac_cv_func_getlogin_posix'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then + ac_cv_func_getlogin_posix=no +else + ac_cv_func_getlogin_posix=yes +fi + +fi + +echo "$ac_t""$ac_cv_func_getlogin_posix" 1>&6 +if test "$ac_cv_func_getlogin_posix" = yes; then + cat >> confdefs.h <<\EOF +#define POSIX_GETLOGIN 1 +EOF + +fi +fi + + + + +echo $ac_n "checking for hstrerror""... $ac_c" 1>&6 +echo "configure:6764: checking for hstrerror" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_hstrerror'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_hstrerror\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" resolv; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 6777 "configure" +#include "confdefs.h" +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +int main() { +hstrerror(17) +; return 0; } +EOF +if { (eval echo configure:6786: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_hstrerror=$ac_lib; else ac_cv_funclib_hstrerror=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_hstrerror=\${ac_cv_funclib_hstrerror-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_hstrerror" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs hstrerror"@@@ +@@@libs="$libs resolv"@@@ +END + +eval "ac_tr_func=HAVE_`echo hstrerror | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_hstrerror=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_hstrerror=yes" + eval "LIB_hstrerror=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_hstrerror=no" + eval "LIB_hstrerror=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_hstrerror=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + +if test -n "$LIB_hstrerror"; then + LIBS="$LIB_hstrerror $LIBS" +fi + +if eval "test \"$ac_cv_func_hstrerror\" != yes"; then +LIBOBJS="$LIBOBJS hstrerror.o" +fi + + +for ac_func in chown daemon err errx fchown getcwd getdtablesize getopt +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6857: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 6862 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6885: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` +cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs chown daemon err errx fchown getcwd getdtablesize getopt"@@@ +END +done + +for ac_func in getusershell inet_aton initgroups lstat memmove mkstemp +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6919: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 6924 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6947: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` +cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs getusershell inet_aton initgroups lstat memmove mkstemp"@@@ +END +done + +for ac_func in putenv rcmd setegid setenv seteuid strcasecmp strdup +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6981: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 6986 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7009: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` +cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs putenv rcmd setegid setenv seteuid strcasecmp strdup"@@@ +END +done + +for ac_func in strerror strftime strlwr strnlen strtok_r strupr unsetenv +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7043: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 7048 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7071: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` +cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs strerror strftime strlwr strnlen strtok_r strupr unsetenv"@@@ +END +done + +for ac_func in verr verrx vwarn vwarnx warn warnx +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7105: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 7110 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7133: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + +ac_tr_func=HAVE_`echo $ac_func | tr '[a-z]' '[A-Z]'` +cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +LIBOBJS="$LIBOBJS ${ac_func}.o" +fi + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs verr verrx vwarn vwarnx warn warnx"@@@ +END +done + + + +if test "$ac_cv_func_getcwd" = yes; then +echo $ac_n "checking if getcwd is broken""... $ac_c" 1>&6 +echo "configure:7168: checking if getcwd is broken" >&5 +if eval "test \"`echo '$''{'ac_cv_func_getcwd_broken'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +ac_cv_func_getcwd_broken=no + +if test "$cross_compiling" = yes; then + : +else + cat > conftest.$ac_ext <<EOF +#line 7179 "configure" +#include "confdefs.h" + +#include <errno.h> +char *getcwd(char*, int); + +void *popen(char *cmd, char *mode) +{ + errno = ENOTTY; + return 0; +} + +int main() +{ + char *ret; + ret = getcwd(0, 1024); + if(ret == 0 && errno == ENOTTY) + return 0; + return 1; +} + +EOF +if { (eval echo configure:7201: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + ac_cv_func_getcwd_broken=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + : +fi +rm -fr conftest* +fi + + +fi + +if test "$ac_cv_func_getcwd_broken" = yes; then + cat >> confdefs.h <<\EOF +#define BROKEN_GETCWD 1 +EOF + LIBOBJS="$LIBOBJS getcwd.o" + echo "$ac_t""$ac_cv_func_getcwd_broken" 1>&6 +else + echo "$ac_t""seems ok" 1>&6 +fi +fi + + + +echo $ac_n "checking which authentication modules should be built""... $ac_c" 1>&6 +echo "configure:7230: checking which authentication modules should be built" >&5 + +LIB_AUTH_SUBDIRS= + +if test "$ac_cv_header_siad_h" = yes; then + LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia" +fi + +if test "$ac_cv_header_security_pam_modules_h" = yes; then + LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam" +fi + +case "${host}" in +*-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;; +esac + +echo "$ac_t""$LIB_AUTH_SUBDIRS" 1>&6 + + + +echo $ac_n "checking for tunnel devices""... $ac_c" 1>&6 +echo "configure:7251: checking for tunnel devices" >&5 + +APPL_KIP_DIR= + +if test "$ac_cv_header_net_if_tun_h" = "yes"; then + APPL_KIP_DIR=kip +fi + +echo "$ac_t""$ac_cv_header_net_if_tun_h" 1>&6 + + + + +echo $ac_n "checking if crypt needs a prototype""... $ac_c" 1>&6 +echo "configure:7265: checking if crypt needs a prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_crypt_noproto'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 7270 "configure" +#include "confdefs.h" + +#ifdef HAVE_CRYPT_H +#include <crypt.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +int main() { +struct foo { int foo; } xx; +extern int crypt (struct foo*); +crypt(&xx); + +; return 0; } +EOF +if { (eval echo configure:7287: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_crypt_noproto=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_crypt_noproto=no" +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_crypt_noproto" 1>&6 + +if test "$ac_cv_func_crypt_noproto" = yes; then + cat >> confdefs.h <<\EOF +#define NEED_CRYPT_PROTO 1 +EOF + +fi +: << END +@@@syms="$syms NEED_CRYPT_PROTO"@@@ +END + + + + +echo $ac_n "checking if strtok_r needs a prototype""... $ac_c" 1>&6 +echo "configure:7315: checking if strtok_r needs a prototype" >&5 +if eval "test \"`echo '$''{'ac_cv_func_strtok_r_noproto'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 7320 "configure" +#include "confdefs.h" + +#include <string.h> + +int main() { +struct foo { int foo; } xx; +extern int strtok_r (struct foo*); +strtok_r(&xx); + +; return 0; } +EOF +if { (eval echo configure:7332: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_func_strtok_r_noproto=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_strtok_r_noproto=no" +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_func_strtok_r_noproto" 1>&6 + +if test "$ac_cv_func_strtok_r_noproto" = yes; then + cat >> confdefs.h <<\EOF +#define NEED_STRTOK_R_PROTO 1 +EOF + +fi +: << END +@@@syms="$syms NEED_STRTOK_R_PROTO"@@@ +END + + + + +echo $ac_n "checking for h_errno""... $ac_c" 1>&6 +echo "configure:7360: checking for h_errno" >&5 +if eval "test \"`echo '$''{'ac_cv_var_h_errno'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <<EOF +#line 7366 "configure" +#include "confdefs.h" +extern int h_errno; +int foo() { return h_errno; } +int main() { +foo() +; return 0; } +EOF +if { (eval echo configure:7374: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + ac_cv_var_h_errno=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_var_h_errno=no +fi +rm -f conftest* + +fi + +eval "ac_tr_var=HAVE_H_ERRNO" + + +: << END +@@@syms="$syms HAVE_H_ERRNO"@@@ +END + + +echo "$ac_t""`eval echo \\$ac_cv_var_h_errno`" 1>&6 +if test `eval echo \\$ac_cv_var_h_errno` = yes; then + cat >> confdefs.h <<EOF +#define $ac_tr_var 1 +EOF + + +echo $ac_n "checking if h_errno is properly declared""... $ac_c" 1>&6 +echo "configure:7403: checking if h_errno is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var_h_errno_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <<EOF +#line 7409 "configure" +#include "confdefs.h" +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +extern struct { int foo; } h_errno; +int main() { +h_errno.foo = 1; +; return 0; } +EOF +if { (eval echo configure:7422: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var_h_errno_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var_h_errno_declaration=yes" +fi +rm -f conftest* + +fi + + +ac_tr_var=HAVE_H_ERRNO_DECLARATION + + +: << END +@@@syms="$syms HAVE_H_ERRNO_DECLARATION"@@@ +END + + +echo "$ac_t""$ac_cv_var_h_errno_declaration" 1>&6 +if eval "test \"\$ac_cv_var_h_errno_declaration\" = yes"; then + cat >> confdefs.h <<EOF +#define $ac_tr_var 1 +EOF + +fi + +fi + + + +echo $ac_n "checking for h_errlist""... $ac_c" 1>&6 +echo "configure:7457: checking for h_errlist" >&5 +if eval "test \"`echo '$''{'ac_cv_var_h_errlist'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <<EOF +#line 7463 "configure" +#include "confdefs.h" +extern int h_errlist; +int foo() { return h_errlist; } +int main() { +foo() +; return 0; } +EOF +if { (eval echo configure:7471: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + ac_cv_var_h_errlist=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_var_h_errlist=no +fi +rm -f conftest* + +fi + +eval "ac_tr_var=HAVE_H_ERRLIST" + + +: << END +@@@syms="$syms HAVE_H_ERRLIST"@@@ +END + + +echo "$ac_t""`eval echo \\$ac_cv_var_h_errlist`" 1>&6 +if test `eval echo \\$ac_cv_var_h_errlist` = yes; then + cat >> confdefs.h <<EOF +#define $ac_tr_var 1 +EOF + + +echo $ac_n "checking if h_errlist is properly declared""... $ac_c" 1>&6 +echo "configure:7500: checking if h_errlist is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var_h_errlist_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <<EOF +#line 7506 "configure" +#include "confdefs.h" +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +extern struct { int foo; } h_errlist; +int main() { +h_errlist.foo = 1; +; return 0; } +EOF +if { (eval echo configure:7516: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var_h_errlist_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var_h_errlist_declaration=yes" +fi +rm -f conftest* + +fi + + +ac_tr_var=HAVE_H_ERRLIST_DECLARATION + + +: << END +@@@syms="$syms HAVE_H_ERRLIST_DECLARATION"@@@ +END + + +echo "$ac_t""$ac_cv_var_h_errlist_declaration" 1>&6 +if eval "test \"\$ac_cv_var_h_errlist_declaration\" = yes"; then + cat >> confdefs.h <<EOF +#define $ac_tr_var 1 +EOF + +fi + +fi + + + +echo $ac_n "checking for h_nerr""... $ac_c" 1>&6 +echo "configure:7551: checking for h_nerr" >&5 +if eval "test \"`echo '$''{'ac_cv_var_h_nerr'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <<EOF +#line 7557 "configure" +#include "confdefs.h" +extern int h_nerr; +int foo() { return h_nerr; } +int main() { +foo() +; return 0; } +EOF +if { (eval echo configure:7565: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + ac_cv_var_h_nerr=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_var_h_nerr=no +fi +rm -f conftest* + +fi + +eval "ac_tr_var=HAVE_H_NERR" + + +: << END +@@@syms="$syms HAVE_H_NERR"@@@ +END + + +echo "$ac_t""`eval echo \\$ac_cv_var_h_nerr`" 1>&6 +if test `eval echo \\$ac_cv_var_h_nerr` = yes; then + cat >> confdefs.h <<EOF +#define $ac_tr_var 1 +EOF + + +echo $ac_n "checking if h_nerr is properly declared""... $ac_c" 1>&6 +echo "configure:7594: checking if h_nerr is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var_h_nerr_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <<EOF +#line 7600 "configure" +#include "confdefs.h" +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +extern struct { int foo; } h_nerr; +int main() { +h_nerr.foo = 1; +; return 0; } +EOF +if { (eval echo configure:7610: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var_h_nerr_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var_h_nerr_declaration=yes" +fi +rm -f conftest* + +fi + + +ac_tr_var=HAVE_H_NERR_DECLARATION + + +: << END +@@@syms="$syms HAVE_H_NERR_DECLARATION"@@@ +END + + +echo "$ac_t""$ac_cv_var_h_nerr_declaration" 1>&6 +if eval "test \"\$ac_cv_var_h_nerr_declaration\" = yes"; then + cat >> confdefs.h <<EOF +#define $ac_tr_var 1 +EOF + +fi + +fi + + + +echo $ac_n "checking for __progname""... $ac_c" 1>&6 +echo "configure:7645: checking for __progname" >&5 +if eval "test \"`echo '$''{'ac_cv_var___progname'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <<EOF +#line 7651 "configure" +#include "confdefs.h" +extern int __progname; +int foo() { return __progname; } +int main() { +foo() +; return 0; } +EOF +if { (eval echo configure:7659: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + ac_cv_var___progname=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_var___progname=no +fi +rm -f conftest* + +fi + +eval "ac_tr_var=HAVE___PROGNAME" + + +: << END +@@@syms="$syms HAVE___PROGNAME"@@@ +END + + +echo "$ac_t""`eval echo \\$ac_cv_var___progname`" 1>&6 +if test `eval echo \\$ac_cv_var___progname` = yes; then + cat >> confdefs.h <<EOF +#define $ac_tr_var 1 +EOF + + +echo $ac_n "checking if __progname is properly declared""... $ac_c" 1>&6 +echo "configure:7688: checking if __progname is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var___progname_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <<EOF +#line 7694 "configure" +#include "confdefs.h" +#ifdef HAVE_ERR_H +#include <err.h> +#endif +extern struct { int foo; } __progname; +int main() { +__progname.foo = 1; +; return 0; } +EOF +if { (eval echo configure:7704: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var___progname_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var___progname_declaration=yes" +fi +rm -f conftest* + +fi + + +ac_tr_var=HAVE___PROGNAME_DECLARATION + + +: << END +@@@syms="$syms HAVE___PROGNAME_DECLARATION"@@@ +END + + +echo "$ac_t""$ac_cv_var___progname_declaration" 1>&6 +if eval "test \"\$ac_cv_var___progname_declaration\" = yes"; then + cat >> confdefs.h <<EOF +#define $ac_tr_var 1 +EOF + +fi + +fi + + + +echo $ac_n "checking if optarg is properly declared""... $ac_c" 1>&6 +echo "configure:7739: checking if optarg is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var_optarg_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <<EOF +#line 7745 "configure" +#include "confdefs.h" +#include <stdlib.h> +extern struct { int foo; } optarg; +int main() { +optarg.foo = 1; +; return 0; } +EOF +if { (eval echo configure:7753: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var_optarg_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var_optarg_declaration=yes" +fi +rm -f conftest* + +fi + + +ac_tr_var=HAVE_OPTARG_DECLARATION + + +: << END +@@@syms="$syms HAVE_OPTARG_DECLARATION"@@@ +END + + +echo "$ac_t""$ac_cv_var_optarg_declaration" 1>&6 +if eval "test \"\$ac_cv_var_optarg_declaration\" = yes"; then + cat >> confdefs.h <<EOF +#define $ac_tr_var 1 +EOF + +fi + + +echo $ac_n "checking if optind is properly declared""... $ac_c" 1>&6 +echo "configure:7785: checking if optind is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var_optind_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <<EOF +#line 7791 "configure" +#include "confdefs.h" +#include <stdlib.h> +extern struct { int foo; } optind; +int main() { +optind.foo = 1; +; return 0; } +EOF +if { (eval echo configure:7799: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var_optind_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var_optind_declaration=yes" +fi +rm -f conftest* + +fi + + +ac_tr_var=HAVE_OPTIND_DECLARATION + + +: << END +@@@syms="$syms HAVE_OPTIND_DECLARATION"@@@ +END + + +echo "$ac_t""$ac_cv_var_optind_declaration" 1>&6 +if eval "test \"\$ac_cv_var_optind_declaration\" = yes"; then + cat >> confdefs.h <<EOF +#define $ac_tr_var 1 +EOF + +fi + + +echo $ac_n "checking if opterr is properly declared""... $ac_c" 1>&6 +echo "configure:7831: checking if opterr is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var_opterr_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <<EOF +#line 7837 "configure" +#include "confdefs.h" +#include <stdlib.h> +extern struct { int foo; } opterr; +int main() { +opterr.foo = 1; +; return 0; } +EOF +if { (eval echo configure:7845: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var_opterr_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var_opterr_declaration=yes" +fi +rm -f conftest* + +fi + + +ac_tr_var=HAVE_OPTERR_DECLARATION + + +: << END +@@@syms="$syms HAVE_OPTERR_DECLARATION"@@@ +END + + +echo "$ac_t""$ac_cv_var_opterr_declaration" 1>&6 +if eval "test \"\$ac_cv_var_opterr_declaration\" = yes"; then + cat >> confdefs.h <<EOF +#define $ac_tr_var 1 +EOF + +fi + + +echo $ac_n "checking if optopt is properly declared""... $ac_c" 1>&6 +echo "configure:7877: checking if optopt is properly declared" >&5 +if eval "test \"`echo '$''{'ac_cv_var_optopt_declaration'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <<EOF +#line 7883 "configure" +#include "confdefs.h" +#include <stdlib.h> +extern struct { int foo; } optopt; +int main() { +optopt.foo = 1; +; return 0; } +EOF +if { (eval echo configure:7891: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_var_optopt_declaration=no" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_var_optopt_declaration=yes" +fi +rm -f conftest* + +fi + + +ac_tr_var=HAVE_OPTOPT_DECLARATION + + +: << END +@@@syms="$syms HAVE_OPTOPT_DECLARATION"@@@ +END + + +echo "$ac_t""$ac_cv_var_optopt_declaration" 1>&6 +if eval "test \"\$ac_cv_var_optopt_declaration\" = yes"; then + cat >> confdefs.h <<EOF +#define $ac_tr_var 1 +EOF + +fi + + +echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 +echo "configure:7923: checking return type of signal handlers" >&5 +if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 7928 "configure" +#include "confdefs.h" +#include <sys/types.h> +#include <signal.h> +#ifdef signal +#undef signal +#endif +#ifdef __cplusplus +extern "C" void (*signal (int, void (*)(int)))(int); +#else +void (*signal ()) (); +#endif + +int main() { +int i; +; return 0; } +EOF +if { (eval echo configure:7945: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_type_signal=void +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_type_signal=int +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_type_signal" 1>&6 +cat >> confdefs.h <<EOF +#define RETSIGTYPE $ac_cv_type_signal +EOF + + +if test "$ac_cv_type_signal" = "void" ; then + cat >> confdefs.h <<\EOF +#define VOID_RETSIGTYPE 1 +EOF + +fi + +cat > conftest.$ac_ext <<EOF +#line 7971 "configure" +#include "confdefs.h" +#include <utmp.h> +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ut_user" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_UT_USER 1 +EOF + +fi +rm -f conftest* + +cat > conftest.$ac_ext <<EOF +#line 7986 "configure" +#include "confdefs.h" +#include <utmp.h> +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ut_host" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_UT_HOST 1 +EOF + +fi +rm -f conftest* + +cat > conftest.$ac_ext <<EOF +#line 8001 "configure" +#include "confdefs.h" +#include <utmp.h> +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ut_addr" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_UT_ADDR 1 +EOF + +fi +rm -f conftest* + +cat > conftest.$ac_ext <<EOF +#line 8016 "configure" +#include "confdefs.h" +#include <utmp.h> +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ut_type" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_UT_TYPE 1 +EOF + +fi +rm -f conftest* + +cat > conftest.$ac_ext <<EOF +#line 8031 "configure" +#include "confdefs.h" +#include <utmp.h> +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ut_pid" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_UT_PID 1 +EOF + +fi +rm -f conftest* + +cat > conftest.$ac_ext <<EOF +#line 8046 "configure" +#include "confdefs.h" +#include <utmp.h> +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ut_id" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_UT_ID 1 +EOF + +fi +rm -f conftest* + +cat > conftest.$ac_ext <<EOF +#line 8061 "configure" +#include "confdefs.h" +#include <utmpx.h> +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ut_syslen" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_UT_SYSLEN 1 +EOF + +fi +rm -f conftest* + + +echo $ac_n "checking for st_blksize in struct stat""... $ac_c" 1>&6 +echo "configure:8077: checking for st_blksize in struct stat" >&5 +if eval "test \"`echo '$''{'ac_cv_struct_st_blksize'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 8082 "configure" +#include "confdefs.h" +#include <sys/types.h> +#include <sys/stat.h> +int main() { +struct stat s; s.st_blksize; +; return 0; } +EOF +if { (eval echo configure:8090: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_struct_st_blksize=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_struct_st_blksize=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_struct_st_blksize" 1>&6 +if test $ac_cv_struct_st_blksize = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_ST_BLKSIZE 1 +EOF + +fi + + + + +echo $ac_n "checking for struct winsize""... $ac_c" 1>&6 +echo "configure:8114: checking for struct winsize" >&5 +if eval "test \"`echo '$''{'ac_cv_struct_winsize'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +ac_cv_struct_winsize=no +for i in sys/termios.h sys/ioctl.h; do +cat > conftest.$ac_ext <<EOF +#line 8122 "configure" +#include "confdefs.h" +#include <$i> +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "struct[ ]*winsize" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_struct_winsize=yes; break +fi +rm -f conftest* +done + +fi + +if test "$ac_cv_struct_winsize" = "yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_STRUCT_WINSIZE 1 +EOF +fi +echo "$ac_t""$ac_cv_struct_winsize" 1>&6 +cat > conftest.$ac_ext <<EOF +#line 8143 "configure" +#include "confdefs.h" +#include <termios.h> +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ws_xpixel" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_WS_XPIXEL 1 +EOF + +fi +rm -f conftest* + +cat > conftest.$ac_ext <<EOF +#line 8158 "configure" +#include "confdefs.h" +#include <termios.h> +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "ws_ypixel" >/dev/null 2>&1; then + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define HAVE_WS_YPIXEL 1 +EOF + +fi +rm -f conftest* + + + + +echo $ac_n "checking for pid_t""... $ac_c" 1>&6 +echo "configure:8176: checking for pid_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 8181 "configure" +#include "confdefs.h" +#include <sys/types.h> +#if STDC_HEADERS +#include <stdlib.h> +#include <stddef.h> +#endif +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "pid_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_pid_t=yes +else + rm -rf conftest* + ac_cv_type_pid_t=no +fi +rm -f conftest* + +fi +echo "$ac_t""$ac_cv_type_pid_t" 1>&6 +if test $ac_cv_type_pid_t = no; then + cat >> confdefs.h <<\EOF +#define pid_t int +EOF + +fi + +echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 +echo "configure:8209: checking for uid_t in sys/types.h" >&5 +if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 8214 "configure" +#include "confdefs.h" +#include <sys/types.h> +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "uid_t" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_uid_t=yes +else + rm -rf conftest* + ac_cv_type_uid_t=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$ac_cv_type_uid_t" 1>&6 +if test $ac_cv_type_uid_t = no; then + cat >> confdefs.h <<\EOF +#define uid_t int +EOF + + cat >> confdefs.h <<\EOF +#define gid_t int +EOF + +fi + +echo $ac_n "checking for off_t""... $ac_c" 1>&6 +echo "configure:8243: checking for off_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 8248 "configure" +#include "confdefs.h" +#include <sys/types.h> +#if STDC_HEADERS +#include <stdlib.h> +#include <stddef.h> +#endif +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_off_t=yes +else + rm -rf conftest* + ac_cv_type_off_t=no +fi +rm -f conftest* + +fi +echo "$ac_t""$ac_cv_type_off_t" 1>&6 +if test $ac_cv_type_off_t = no; then + cat >> confdefs.h <<\EOF +#define off_t long +EOF + +fi + +echo $ac_n "checking for size_t""... $ac_c" 1>&6 +echo "configure:8276: checking for size_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 8281 "configure" +#include "confdefs.h" +#include <sys/types.h> +#if STDC_HEADERS +#include <stdlib.h> +#include <stddef.h> +#endif +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_size_t=yes +else + rm -rf conftest* + ac_cv_type_size_t=no +fi +rm -f conftest* + +fi +echo "$ac_t""$ac_cv_type_size_t" 1>&6 +if test $ac_cv_type_size_t = no; then + cat >> confdefs.h <<\EOF +#define size_t unsigned +EOF + +fi + + + +echo $ac_n "checking for sa_len in struct sockaddr""... $ac_c" 1>&6 +echo "configure:8311: checking for sa_len in struct sockaddr" >&5 +if eval "test \"`echo '$''{'krb_cv_struct_sockaddr_sa_len'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <<EOF +#line 8317 "configure" +#include "confdefs.h" +#include <sys/types.h> +#include <sys/socket.h> +int main() { +struct sockaddr sa; +int foo = sa.sa_len; +; return 0; } +EOF +if { (eval echo configure:8326: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + krb_cv_struct_sockaddr_sa_len=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + krb_cv_struct_sockaddr_sa_len=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$krb_cv_struct_sockaddr_sa_len" 1>&6 +if test "$krb_cv_struct_sockaddr_sa_len" = yes; then + cat >> confdefs.h <<\EOF +#define SOCKADDR_HAS_SA_LEN 1 +EOF + +fi + + +if test "$ac_cv_header_siad_h" = yes; then +echo $ac_n "checking for ouid in struct siaentity""... $ac_c" 1>&6 +echo "configure:8350: checking for ouid in struct siaentity" >&5 +if eval "test \"`echo '$''{'krb_cv_struct_siaentity_ouid'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext <<EOF +#line 8356 "configure" +#include "confdefs.h" +#include <siad.h> + +int main() { +SIAENTITY e; +int foo = e.ouid; +; return 0; } +EOF +if { (eval echo configure:8365: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + krb_cv_struct_siaentity_ouid=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + krb_cv_struct_siaentity_ouid=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$krb_cv_struct_siaentity_ouid" 1>&6 +if test "$krb_cv_struct_siaentity_ouid" = yes; then + cat >> confdefs.h <<\EOF +#define SIAENTITY_HAS_OUID 1 +EOF + +fi +fi + + +echo $ac_n "checking for working getmsg""... $ac_c" 1>&6 +echo "configure:8389: checking for working getmsg" >&5 +if eval "test \"`echo '$''{'ac_cv_func_getmsg'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + ac_cv_func_getmsg=no +else + cat > conftest.$ac_ext <<EOF +#line 8397 "configure" +#include "confdefs.h" + +#include <stdio.h> + +int main() +{ + getmsg(open("/dev/null", 0), NULL, NULL, NULL); + return 0; +} + +EOF +if { (eval echo configure:8409: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + ac_cv_func_getmsg=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_func_getmsg=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$ac_cv_func_getmsg" 1>&6 +test "$ac_cv_func_getmsg" = "yes" && +cat >> confdefs.h <<\EOF +#define HAVE_GETMSG 1 +EOF + + + +save_LIBS="$LIBS" +LIBS="$LIB_DBM $LIBS" +echo $ac_n "checking for berkeley db""... $ac_c" 1>&6 +echo "configure:8434: checking for berkeley db" >&5 +if eval "test \"`echo '$''{'krb_cv_lib_berkeleydb'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + krb_cv_lib_berkeleydb=no +else + cat > conftest.$ac_ext <<EOF +#line 8442 "configure" +#include "confdefs.h" + +#include <unistd.h> +#include <fcntl.h> +#include <ndbm.h> +int main() +{ + DBM *d; + + d = dbm_open("conftest", O_RDWR | O_CREAT, 0666); + if(d == NULL) + return 1; + dbm_close(d); + return access("conftest.db", F_OK) != 0; +} +EOF +if { (eval echo configure:8459: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest && (./conftest; exit) 2>/dev/null +then + krb_cv_lib_berkeleydb=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + krb_cv_lib_berkeleydb=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$krb_cv_lib_berkeleydb" 1>&6 +test "$krb_cv_lib_berkeleydb" = "yes" && +cat >> confdefs.h <<\EOF +#define HAVE_NEW_DB 1 +EOF + +LIBS="$save_LIBS" + + + + +echo $ac_n "checking for el_init""... $ac_c" 1>&6 +echo "configure:8485: checking for el_init" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_el_init'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_el_init\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" edit; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 8498 "configure" +#include "confdefs.h" + +int main() { +el_init() +; return 0; } +EOF +if { (eval echo configure:8505: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_el_init=$ac_lib; else ac_cv_funclib_el_init=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_el_init=\${ac_cv_funclib_el_init-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_el_init" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs el_init"@@@ +@@@libs="$libs edit"@@@ +END + +eval "ac_tr_func=HAVE_`echo el_init | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_el_init=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_el_init=yes" + eval "LIB_el_init=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_el_init=no" + eval "LIB_el_init=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_el_init=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + + + +echo $ac_n "checking for readline""... $ac_c" 1>&6 +echo "configure:8567: checking for readline" >&5 +if eval "test \"`echo '$''{'ac_cv_funclib_readline'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if eval "test \"\$ac_cv_func_readline\" != yes" ; then + ac_save_LIBS="$LIBS" + for ac_lib in "" readline; do + if test -n "$ac_lib"; then + ac_lib="-l$ac_lib" + LIBS="$ac_lib $ac_save_LIBS" + fi + cat > conftest.$ac_ext <<EOF +#line 8580 "configure" +#include "confdefs.h" + +int main() { +readline() +; return 0; } +EOF +if { (eval echo configure:8587: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest; then + rm -rf conftest* + eval "if test -n \"$ac_lib\";then ac_cv_funclib_readline=$ac_lib; else ac_cv_funclib_readline=yes; fi";break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + done + eval "ac_cv_funclib_readline=\${ac_cv_funclib_readline-no}" + LIBS="$ac_save_LIBS" +fi + +fi + + +eval "ac_res=\$ac_cv_funclib_readline" + +# autoheader tricks *sigh* +: << END +@@@funcs="$funcs readline"@@@ +@@@libs="$libs readline"@@@ +END + +eval "ac_tr_func=HAVE_`echo readline | tr '[a-z]' '[A-Z]'`" +eval "ac_tr_lib=HAVE_LIB`echo $ac_res | sed -e 's/-l//' | tr '[a-z]' '[A-Z]'`" +eval "LIB_readline=$ac_res" + +case "$ac_res" in + yes) + eval "ac_cv_func_readline=yes" + eval "LIB_readline=" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + echo "$ac_t""yes" 1>&6 + ;; + no) + eval "ac_cv_func_readline=no" + eval "LIB_readline=" + echo "$ac_t""no" 1>&6 + ;; + *) + eval "ac_cv_func_readline=yes" + eval "ac_cv_lib_`echo "$ac_res" | sed 's/-l//'`=yes" + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + + cat >> confdefs.h <<EOF +#define $ac_tr_lib 1 +EOF + + echo "$ac_t""yes, in $ac_res" 1>&6 + ;; +esac + + + +if test "$with_readline"; then + cat >> confdefs.h <<\EOF +#define HAVE_READLINE 1 +EOF + + editline_OBJS= + LIB_readline="$READLINELIB "'$(LIB_tgetent)' + INCLUDE_readline="$READLINEINCLUDE" +elif test "$ac_cv_func_el_init" = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_READLINE 1 +EOF + + + editline_OBJS=edit_compat.o + LIB_readline='-L$(topdir)/lib/editline -leditline '"$LIB_el_init"' $(LIB_tgetent)' + + INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline' +elif test "$ac_cv_func_readline" = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_READLINE 1 +EOF + + editline_OBJS= + LIB_readline='-lreadline $(LIB_tgetent)' + INCLUDE_readline= +else + cat >> confdefs.h <<\EOF +#define HAVE_READLINE 1 +EOF + + editline_OBJS="editline.o complete.o sysunix.o" + LIB_readline='-L$(topdir)/lib/editline -leditline $(LIB_tgetent)' + INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline' +fi + + + + + +cat >> confdefs.h <<\EOF +#define AUTHENTICATION 1 +EOF +cat >> confdefs.h <<\EOF +#define KRB4 1 +EOF +cat >> confdefs.h <<\EOF +#define ENCRYPTION 1 +EOF +cat >> confdefs.h <<\EOF +#define DES_ENCRYPTION 1 +EOF +cat >> confdefs.h <<\EOF +#define DIAGNOSTICS 1 +EOF +cat >> confdefs.h <<\EOF +#define OLD_ENVIRON 1 +EOF + +# Simple test for streamspty, based on the existance of getmsg(), alas +# this breaks on SunOS4 which have streams but BSD-like ptys +# +# And also something wierd has happend with dec-osf1, fallback to bsd-ptys + +echo $ac_n "checking for streamspty""... $ac_c" 1>&6 +echo "configure:8712: checking for streamspty" >&5 +case "`uname -sr`" in +SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.10.*) + krb_cv_sys_streamspty=no + ;; +AIX*) + os_rel=`uname -v`.`uname -r` + if expr "$os_rel" : "3*" >/dev/null 2>&1; then + krb_cv_sys_streamspty=no + else + krb_cv_sys_streamspty="$ac_cv_func_getmsg" + fi + ;; +*) + krb_cv_sys_streamspty="$ac_cv_func_getmsg" + ;; +esac +if test "$krb_cv_sys_streamspty" = yes; then + cat >> confdefs.h <<\EOF +#define STREAMSPTY 1 +EOF + +fi +echo "$ac_t""$krb_cv_sys_streamspty" 1>&6 + +echo $ac_n "checking if /bin/ls takes -A""... $ac_c" 1>&6 +echo "configure:8738: checking if /bin/ls takes -A" >&5 +if /bin/ls -A > /dev/null 2>&1 ;then + cat >> confdefs.h <<\EOF +#define HAVE_LS_A 1 +EOF + + krb_ls_a=yes +else + krb_ls_a=no +fi +echo "$ac_t""$krb_ls_a" 1>&6 + +echo $ac_n "checking for suffix of preformatted manual pages""... $ac_c" 1>&6 +echo "configure:8751: checking for suffix of preformatted manual pages" >&5 +if eval "test \"`echo '$''{'krb_cv_sys_cat_suffix'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if grep _version /etc/man.conf > /dev/null 2>&1; then + krb_cv_sys_cat_suffix=0 +else + krb_cv_sys_cat_suffix=number +fi +fi + +echo "$ac_t""$krb_cv_sys_cat_suffix" 1>&6 +if test "$krb_cv_sys_cat_suffix" = number; then + CATSUFFIX='$$s' +else + CATSUFFIX=0 +fi + + + +KRB_KAFS_LIB='-L$(topdir)/lib/kafs -lkafs' +if test "$krb_cv_sys_aix" = yes; then + KRB_KAFS_LIB="$KRB_KAFS_LIB -lld" +fi + + + + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +for i in bin lib libexec sbin; do + i=${i}dir + foo=`echo $i | tr 'xindiscernible' 'XINDISCERNIBLE'` + x="\$${i}" + eval y="$x" + while test "x$y" != "x$x"; do + x="$y" + eval y="$x" + done + cat >> confdefs.h <<EOF +#define $foo "$x" +EOF + +done + +trap '' 1 2 15 +cat > confcache <<\EOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs. It is not useful on other systems. +# If it contains results you don't want to keep, you may remove or edit it. +# +# By default, configure uses ./config.cache as the cache file, +# creating it if it does not exist already. You can give configure +# the --cache-file=FILE option to use a different cache file; that is +# what configure does when it calls configure scripts in +# subdirectories, so they share the cache. +# Giving --cache-file=/dev/null disables caching, for debugging configure. +# config.status only pays attention to the cache file if you give it the +# --recheck option to rerun configure. +# +EOF +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, don't put newlines in cache variables' values. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +(set) 2>&1 | + case `(ac_space=' '; set) 2>&1 | grep '^ac_space'` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote substitution + # turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + -e "s/'/'\\\\''/g" \ + -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' + ;; + esac >> confcache +if cmp -s $cache_file confcache; then + : +else + if test -w $cache_file; then + echo "updating cache $cache_file" + cat confcache > $cache_file + else + echo "not updating unwritable cache $cache_file" + fi +fi +rm -f confcache + +trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# Any assignment to VPATH causes Sun make to only execute +# the first set of double-colon rules, so remove it if not needed. +# If there is a colon in the path, we need to keep it. +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' +fi + +trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 + +DEFS=-DHAVE_CONFIG_H + +# Without the "./", some shells look in PATH for config.status. +: ${CONFIG_STATUS=./config.status} + +echo creating $CONFIG_STATUS +rm -f $CONFIG_STATUS +cat > $CONFIG_STATUS <<EOF +#! /bin/sh +# Generated automatically by configure. +# Run this file to recreate the current configuration. +# This directory was configured as follows, +# on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# +# $0 $ac_configure_args +# +# Compiler output produced by configure, useful for debugging +# configure, is in ./config.log if it exists. + +ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" +for ac_option +do + case "\$ac_option" in + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" + exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; + -version | --version | --versio | --versi | --vers | --ver | --ve | --v) + echo "$CONFIG_STATUS generated by autoconf version 2.12" + exit 0 ;; + -help | --help | --hel | --he | --h) + echo "\$ac_cs_usage"; exit 0 ;; + *) echo "\$ac_cs_usage"; exit 1 ;; + esac +done + +ac_given_srcdir=$srcdir +ac_given_INSTALL="$INSTALL" + +trap 'rm -fr `echo "\ +Makefile \ +include/Makefile \ +include/sys/Makefile \ + \ +util/Makefile \ +util/et/Makefile \ + \ +man/Makefile \ + \ +lib/Makefile \ +lib/des/Makefile \ +lib/krb/Makefile \ +lib/kdb/Makefile \ +lib/kadm/Makefile \ +lib/acl/Makefile \ +lib/kafs/Makefile \ +lib/roken/Makefile \ +lib/otp/Makefile \ +lib/sl/Makefile \ +lib/editline/Makefile \ +lib/auth/Makefile \ +lib/auth/pam/Makefile \ +lib/auth/sia/Makefile \ +lib/auth/afskauthlib/Makefile \ + \ +kuser/Makefile \ +server/Makefile \ +slave/Makefile \ +admin/Makefile \ +kadmin/Makefile \ + \ +appl/Makefile \ + \ +appl/afsutil/Makefile \ +appl/ftp/Makefile \ +appl/ftp/common/Makefile \ +appl/ftp/ftp/Makefile \ +appl/ftp/ftpd/Makefile \ +appl/telnet/Makefile \ +appl/telnet/libtelnet/Makefile \ +appl/telnet/telnet/Makefile \ +appl/telnet/telnetd/Makefile \ +appl/bsd/Makefile \ +appl/kauth/Makefile \ +appl/kpopper/Makefile \ +appl/movemail/Makefile \ +appl/sample/Makefile \ +appl/xnlock/Makefile \ +appl/kx/Makefile \ +appl/kip/Makefile \ +appl/otp/Makefile \ +doc/Makefile \ + include/config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 +EOF +cat >> $CONFIG_STATUS <<EOF + +# Protect against being on the right side of a sed subst in config.status. +sed 's/%@/@@/; s/@%/@@/; s/%g\$/@g/; /@g\$/s/[\\\\&%]/\\\\&/g; + s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF +$ac_vpsub +$extrasub +s%@CFLAGS@%$CFLAGS%g +s%@CPPFLAGS@%$CPPFLAGS%g +s%@CXXFLAGS@%$CXXFLAGS%g +s%@DEFS@%$DEFS%g +s%@LDFLAGS@%$LDFLAGS%g +s%@LIBS@%$LIBS%g +s%@exec_prefix@%$exec_prefix%g +s%@prefix@%$prefix%g +s%@program_transform_name@%$program_transform_name%g +s%@bindir@%$bindir%g +s%@sbindir@%$sbindir%g +s%@libexecdir@%$libexecdir%g +s%@datadir@%$datadir%g +s%@sysconfdir@%$sysconfdir%g +s%@sharedstatedir@%$sharedstatedir%g +s%@localstatedir@%$localstatedir%g +s%@libdir@%$libdir%g +s%@includedir@%$includedir%g +s%@oldincludedir@%$oldincludedir%g +s%@infodir@%$infodir%g +s%@mandir@%$mandir%g +s%@PACKAGE@%$PACKAGE%g +s%@VERSION@%$VERSION%g +s%@host@%$host%g +s%@host_alias@%$host_alias%g +s%@host_cpu@%$host_cpu%g +s%@host_vendor@%$host_vendor%g +s%@host_os@%$host_os%g +s%@SET_MAKE@%$SET_MAKE%g +s%@LN_S@%$LN_S%g +s%@CC@%$CC%g +s%@CPP@%$CPP%g +s%@YACC@%$YACC%g +s%@LEX@%$LEX%g +s%@LEXLIB@%$LEXLIB%g +s%@RANLIB@%$RANLIB%g +s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g +s%@INSTALL_DATA@%$INSTALL_DATA%g +s%@MAKEINFO@%$MAKEINFO%g +s%@SOCKSINCLUDE@%$SOCKSINCLUDE%g +s%@SOCKSLIB@%$SOCKSLIB%g +s%@CRACKLIB@%$CRACKLIB%g +s%@READLINEINCLUDE@%$READLINEINCLUDE%g +s%@READLINELIB@%$READLINELIB%g +s%@REAL_PICFLAGS@%$REAL_PICFLAGS%g +s%@REAL_SHLIBEXT@%$REAL_SHLIBEXT%g +s%@REAL_LD_FLAGS@%$REAL_LD_FLAGS%g +s%@PICFLAGS@%$PICFLAGS%g +s%@SHLIBEXT@%$SHLIBEXT%g +s%@LDSHARED@%$LDSHARED%g +s%@LD_FLAGS@%$LD_FLAGS%g +s%@LIBEXT@%$LIBEXT%g +s%@LIBPREFIX@%$LIBPREFIX%g +s%@EXECSUFFIX@%$EXECSUFFIX%g +s%@AFS_EXTRA_OBJS@%$AFS_EXTRA_OBJS%g +s%@AFS_EXTRA_LIBS@%$AFS_EXTRA_LIBS%g +s%@ac_cv_header_sys_cdefs_h@%$ac_cv_header_sys_cdefs_h%g +s%@ac_cv_header_err_h@%$ac_cv_header_err_h%g +s%@LIB_socket@%$LIB_socket%g +s%@LIB_gethostbyname@%$LIB_gethostbyname%g +s%@LIB_odm_initialize@%$LIB_odm_initialize%g +s%@LIB_getattr@%$LIB_getattr%g +s%@LIB_setpcred@%$LIB_setpcred%g +s%@LIB_logwtmp@%$LIB_logwtmp%g +s%@LIB_logout@%$LIB_logout%g +s%@LIB_tgetent@%$LIB_tgetent%g +s%@X_CFLAGS@%$X_CFLAGS%g +s%@X_PRE_LIBS@%$X_PRE_LIBS%g +s%@X_LIBS@%$X_LIBS%g +s%@X_EXTRA_LIBS@%$X_EXTRA_LIBS%g +s%@MAKE_X_PROGS_BIN@%$MAKE_X_PROGS_BIN%g +s%@MAKE_X_PROGS_LIBEXEC@%$MAKE_X_PROGS_LIBEXEC%g +s%@LIB_XauReadAuth@%$LIB_XauReadAuth%g +s%@XauWriteAuth_c@%$XauWriteAuth_c%g +s%@XauWriteAuth_o@%$XauWriteAuth_o%g +s%@LIB_dbopen@%$LIB_dbopen%g +s%@LIB_dbm_firstkey@%$LIB_dbm_firstkey%g +s%@LIB_DBM@%$LIB_DBM%g +s%@LIB_syslog@%$LIB_syslog%g +s%@LIB_getpwnam_r@%$LIB_getpwnam_r%g +s%@LIB_getsockopt@%$LIB_getsockopt%g +s%@LIB_setsockopt@%$LIB_setsockopt%g +s%@LIB_res_search@%$LIB_res_search%g +s%@LIB_dn_expand@%$LIB_dn_expand%g +s%@ALLOCA@%$ALLOCA%g +s%@LIB_hstrerror@%$LIB_hstrerror%g +s%@LIBOBJS@%$LIBOBJS%g +s%@LIB_AUTH_SUBDIRS@%$LIB_AUTH_SUBDIRS%g +s%@APPL_KIP_DIR@%$APPL_KIP_DIR%g +s%@LIB_el_init@%$LIB_el_init%g +s%@LIB_readline@%$LIB_readline%g +s%@INCLUDE_readline@%$INCLUDE_readline%g +s%@editline_OBJS@%$editline_OBJS%g +s%@CATSUFFIX@%$CATSUFFIX%g +s%@KRB_KAFS_LIB@%$KRB_KAFS_LIB%g + +CEOF +EOF + +cat >> $CONFIG_STATUS <<\EOF + +# Split the substitutions into bite-sized pieces for seds with +# small command number limits, like on Digital OSF/1 and HP-UX. +ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script. +ac_file=1 # Number of current file. +ac_beg=1 # First line for current file. +ac_end=$ac_max_sed_cmds # Line after last line for current file. +ac_more_lines=: +ac_sed_cmds="" +while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file + else + sed "${ac_end}q" conftest.subs > conftest.s$ac_file + fi + if test ! -s conftest.s$ac_file; then + ac_more_lines=false + rm -f conftest.s$ac_file + else + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f conftest.s$ac_file" + else + ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file" + fi + ac_file=`expr $ac_file + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_cmds` + fi +done +if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat +fi +EOF + +cat >> $CONFIG_STATUS <<EOF + +CONFIG_FILES=\${CONFIG_FILES-"\ +Makefile \ +include/Makefile \ +include/sys/Makefile \ + \ +util/Makefile \ +util/et/Makefile \ + \ +man/Makefile \ + \ +lib/Makefile \ +lib/des/Makefile \ +lib/krb/Makefile \ +lib/kdb/Makefile \ +lib/kadm/Makefile \ +lib/acl/Makefile \ +lib/kafs/Makefile \ +lib/roken/Makefile \ +lib/otp/Makefile \ +lib/sl/Makefile \ +lib/editline/Makefile \ +lib/auth/Makefile \ +lib/auth/pam/Makefile \ +lib/auth/sia/Makefile \ +lib/auth/afskauthlib/Makefile \ + \ +kuser/Makefile \ +server/Makefile \ +slave/Makefile \ +admin/Makefile \ +kadmin/Makefile \ + \ +appl/Makefile \ + \ +appl/afsutil/Makefile \ +appl/ftp/Makefile \ +appl/ftp/common/Makefile \ +appl/ftp/ftp/Makefile \ +appl/ftp/ftpd/Makefile \ +appl/telnet/Makefile \ +appl/telnet/libtelnet/Makefile \ +appl/telnet/telnet/Makefile \ +appl/telnet/telnetd/Makefile \ +appl/bsd/Makefile \ +appl/kauth/Makefile \ +appl/kpopper/Makefile \ +appl/movemail/Makefile \ +appl/sample/Makefile \ +appl/xnlock/Makefile \ +appl/kx/Makefile \ +appl/kip/Makefile \ +appl/otp/Makefile \ +doc/Makefile \ +"} +EOF +cat >> $CONFIG_STATUS <<\EOF +for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case "$ac_file" in + *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` + ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + *) ac_file_in="${ac_file}.in" ;; + esac + + # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories. + + # Remove last slash and all that follows it. Not all systems have dirname. + ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` + if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then + # The file is in a subdirectory. + test ! -d "$ac_dir" && mkdir "$ac_dir" + ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" + # A "../" for each directory in $ac_dir_suffix. + ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` + else + ac_dir_suffix= ac_dots= + fi + + case "$ac_given_srcdir" in + .) srcdir=. + if test -z "$ac_dots"; then top_srcdir=. + else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; + /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; + *) # Relative path. + srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" + top_srcdir="$ac_dots$ac_given_srcdir" ;; + esac + + case "$ac_given_INSTALL" in + [/$]*) INSTALL="$ac_given_INSTALL" ;; + *) INSTALL="$ac_dots$ac_given_INSTALL" ;; + esac + + echo creating "$ac_file" + rm -f "$ac_file" + configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." + case "$ac_file" in + *Makefile*) ac_comsub="1i\\ +# $configure_input" ;; + *) ac_comsub= ;; + esac + + ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` + sed -e "$ac_comsub +s%@configure_input@%$configure_input%g +s%@srcdir@%$srcdir%g +s%@top_srcdir@%$top_srcdir%g +s%@INSTALL@%$INSTALL%g +" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file +fi; done +rm -f conftest.s* + +# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where +# NAME is the cpp macro being defined and VALUE is the value it is being given. +# +# ac_d sets the value in "#define NAME VALUE" lines. +ac_dA='s%^\([ ]*\)#\([ ]*define[ ][ ]*\)' +ac_dB='\([ ][ ]*\)[^ ]*%\1#\2' +ac_dC='\3' +ac_dD='%g' +# ac_u turns "#undef NAME" with trailing blanks into "#define NAME VALUE". +ac_uA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_uB='\([ ]\)%\1#\2define\3' +ac_uC=' ' +ac_uD='\4%g' +# ac_e turns "#undef NAME" without trailing blanks into "#define NAME VALUE". +ac_eA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_eB='$%\1#\2define\3' +ac_eC=' ' +ac_eD='%g' + +if test "${CONFIG_HEADERS+set}" != set; then +EOF +cat >> $CONFIG_STATUS <<EOF + CONFIG_HEADERS="include/config.h" +EOF +cat >> $CONFIG_STATUS <<\EOF +fi +for ac_file in .. $CONFIG_HEADERS; do if test "x$ac_file" != x..; then + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case "$ac_file" in + *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` + ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + *) ac_file_in="${ac_file}.in" ;; + esac + + echo creating $ac_file + + rm -f conftest.frag conftest.in conftest.out + ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` + cat $ac_file_inputs > conftest.in + +EOF + +# Transform confdefs.h into a sed script conftest.vals that substitutes +# the proper values into config.h.in to produce config.h. And first: +# Protect against being on the right side of a sed subst in config.status. +# Protect against being in an unquoted here document in config.status. +rm -f conftest.vals +cat > conftest.hdr <<\EOF +s/[\\&%]/\\&/g +s%[\\$`]%\\&%g +s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD}%gp +s%ac_d%ac_u%gp +s%ac_u%ac_e%gp +EOF +sed -n -f conftest.hdr confdefs.h > conftest.vals +rm -f conftest.hdr + +# This sed command replaces #undef with comments. This is necessary, for +# example, in the case of _POSIX_SOURCE, which is predefined and required +# on some systems where configure will not decide to define it. +cat >> conftest.vals <<\EOF +s%^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*%/* & */% +EOF + +# Break up conftest.vals because some shells have a limit on +# the size of here documents, and old seds have small limits too. + +rm -f conftest.tail +while : +do + ac_lines=`grep -c . conftest.vals` + # grep -c gives empty output for an empty file on some AIX systems. + if test -z "$ac_lines" || test "$ac_lines" -eq 0; then break; fi + # Write a limited-size here document to conftest.frag. + echo ' cat > conftest.frag <<CEOF' >> $CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.vals >> $CONFIG_STATUS + echo 'CEOF + sed -f conftest.frag conftest.in > conftest.out + rm -f conftest.in + mv conftest.out conftest.in +' >> $CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.vals > conftest.tail + rm -f conftest.vals + mv conftest.tail conftest.vals +done +rm -f conftest.vals + +cat >> $CONFIG_STATUS <<\EOF + rm -f conftest.frag conftest.h + echo "/* $ac_file. Generated automatically by configure. */" > conftest.h + cat conftest.in >> conftest.h + rm -f conftest.in + if cmp -s $ac_file conftest.h 2>/dev/null; then + echo "$ac_file is unchanged" + rm -f conftest.h + else + # Remove last slash and all that follows it. Not all systems have dirname. + ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` + if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then + # The file is in a subdirectory. + test ! -d "$ac_dir" && mkdir "$ac_dir" + fi + rm -f $ac_file + mv conftest.h $ac_file + fi +fi; done + +EOF +cat >> $CONFIG_STATUS <<EOF + +EOF +cat >> $CONFIG_STATUS <<\EOF + +exit 0 +EOF +chmod +x $CONFIG_STATUS +rm -fr confdefs* $ac_clean_files +test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 + +KRB4VERSION="$PACKAGE-$VERSION" + +cat > include/newversion.h.in <<EOF +char *krb4_long_version = "@(#)\$Version: $KRB4VERSION by @USER@ on @HOST@ ($host) @DATE@ \$"; +char *krb4_version = "$KRB4VERSION"; +EOF + +if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then + echo "include/version.h is unchanged" + rm -f include/newversion.h.in +else + echo "creating include/version.h" + User=${USER-${LOGNAME}} + Host=`(hostname || uname -n) 2>/dev/null | sed 1q` + Date=`date` + mv -f include/newversion.h.in include/version.h.in + sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h +fi diff --git a/crypto/kerberosIV/configure.in b/crypto/kerberosIV/configure.in new file mode 100644 index 0000000..9265666 --- /dev/null +++ b/crypto/kerberosIV/configure.in @@ -0,0 +1,970 @@ +dnl +dnl *** PLEASE NOTE *** +dnl *** PLEASE NOTE *** +dnl *** PLEASE NOTE *** +dnl +dnl Update $VERSION before making a new release +dnl + +dnl Process this file with autoconf to produce a configure script. +dnl +AC_REVISION($Revision: 1.285 $) +AC_INIT(lib/krb/getrealm.c) +AC_CONFIG_HEADER(include/config.h) + +dnl +dnl definitions +dnl + +PACKAGE=krb4 +AC_SUBST(PACKAGE)dnl +VERSION=0.9.6 +AC_SUBST(VERSION)dnl +# This may be overridden using --prefix=/usr to configure +AC_PREFIX_DEFAULT(/usr/athena) + +AC_CANONICAL_HOST +AC_PROG_MAKE_SET +AC_ARG_PROGRAM + +# We want these before the checks, so the checks can modify their values. +test -z "$LDFLAGS" && LDFLAGS=-g + +dnl +dnl check for programs +dnl + +AC_KRB_PROG_LN_S +AC_PROG_CC +AC_PROG_CPP +AC_ISC_POSIX +AC_KRB_PROG_YACC +AC_PROG_LEX +AC_PROG_RANLIB +AC_PROG_INSTALL +AC_CHECK_PROG(MAKEINFO, makeinfo, makeinfo, :) + +dnl +dnl check for build options +dnl + +AC_TEST_PACKAGE(socks,socks.h,libsocks5.a,-lsocks5) +CFLAGS="$SOCKSINCLUDE $CFLAGS" +LIBS="$SOCKSLIB $LIBS" + +dnl Check if we want to use shared libraries +AC_ARG_WITH(shared, +[ --with-shared create shared libraries for Kerberos]) + +AC_ARG_WITH(cracklib, +[ --with-cracklib=dir use the cracklib.a in dir], +) + +AC_ARG_WITH(dictpath, +[ --with-dictpath=path use this dictionary with cracklib] +) + +(test -z "$with_cracklib" && test -n "$with_dictpath") || +(test -n "$with_cracklib" && test -z "$with_dictpath") && +AC_MSG_ERROR(--with-cracklib requires --with-dictpath and vice versa) +test -n "$with_cracklib" && +CRACKLIB="-L$with_cracklib -lcrack" && +AC_MSG_RESULT(Using cracklib in $with_cracklib) +AC_SUBST(CRACKLIB)dnl +test -n "$with_dictpath" && +AC_MSG_RESULT(Using dictpath=$with_dictpath) && +AC_DEFINE_UNQUOTED(DICTPATH,"$with_dictpath") + +AC_ARG_WITH(mailspool, +[ --with-mailspool=dir this is the mail spool directory] +) + +test -n "$with_mailspool" && +AC_DEFINE_UNQUOTED(KRB4_MAILDIR, "$with_mailspool") + +AC_ARG_ENABLE(random-mkey, +[ --enable-random-mkey use new code for master keys],[ +if test "$enableval" = "yes"; then + AC_DEFINE(RANDOM_MKEY,1) +fi +]) + +AC_ARG_WITH(mkey, +[ --with-mkey=file where to put the master key],[ +if test -n "$withval"; then + AC_DEFINE_UNQUOTED(MKEYFILE,"$withval") +fi +]) + +berkeley_db=db +AC_ARG_WITH(berkeley-db, +[ --without-berkeley-db if you don't want berkeley db],[ +if test "$withval" = no; then + berkeley_db="" +fi +]) + +afs_support=yes +AC_ARG_WITH(afs-support, +[ --without-afs-support if you don't want support for afs],[ +if test "$withval" = no; then + AC_DEFINE(NO_AFS) + afs_support=no +fi +]) + +des_quad=guess +AC_ARG_WITH(des-quad-checksum, +[ --with-des-quad-checksum=kind + default checksum to use (new, old, or guess)],[ +des_quad="$withval" +]) +if test "$des_quad" = "new"; then + AC_DEFINE(DES_QUAD_DEFAULT,DES_QUAD_NEW) +elif test "$des_quad" = "old"; then + AC_DEFINE(DES_QUAD_DEFAULT,DES_QUAD_OLD) +else + AC_DEFINE(DES_QUAD_DEFAULT,DES_QUAD_GUESS) +fi + +AC_TEST_PACKAGE(readline,readline.h,libreadline.a,-lreadline) + +dnl +dnl Shared library stuff has to be different everywhere +dnl + +AC_SUBST(CFLAGS)dnl +AC_SUBST(LDFLAGS)dnl + +case ${with_shared} in + yes ) with_shared=yes;; + no ) with_shared=no;; + * ) with_shared=no;; +esac + +# NOTE: Building shared libraries may not work if you do not use gcc! +# +# OS $SHLIBEXT +# HP-UX sl +# Linux so +# NetBSD so +# FreeBSD so +# OSF so +# SunOS5 so +# SunOS4 so.0.5 +# Irix so +# +# LIBEXT is the extension we should build (.a or $SHLIBEXT) +REAL_PICFLAGS="-fpic" +LDSHARED='$(CC) $(PICFLAGS) -shared' +LIBPREFIX=lib +REAL_SHLIBEXT=so +changequote({,})dnl +SHLIB_VERSION=`echo $VERSION | sed 's/\([0-9.]*\).*/\1/'` +changequote([,])dnl +case "${host}" in +*-*-hpux*) + REAL_SHLIBEXT=sl + REAL_LD_FLAGS='-Wl,+b$(libdir)' + if test -z "$GCC"; then + LDSHARED="ld -b" + REAL_PICFLAGS="+z" + fi + ;; +*-*-linux*) + REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' + ;; +*-*-*bsd*) + REAL_SHLIBEXT=so.$SHLIB_VERSION + LDSHARED='ld -Bshareable' + REAL_LD_FLAGS='-Wl,-R$(libdir)' + ;; +*-*-osf*) + REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' + REAL_PICFLAGS= + LDSHARED='ld -shared -expect_unresolved \*' + ;; +*-*-solaris2*) + REAL_LD_FLAGS='-Wl,-R$(libdir)' + if test -z "$GCC"; then + LDSHARED='$(CC) -G' + REAL_PICFLAGS="-Kpic" + fi + ;; +*-*-sunos*) + REAL_SHLIBEXT=so.$SHLIB_VERSION + REAL_LD_FLAGS='-Wl,-L$(libdir)' + ;; +*-*-irix*) + REAL_LD_FLAGS='-Wl,-rpath,$(libdir)' + REAL_PICFLAGS= + ;; +*-*-os2_emx*) + LD_FLAGS='-Zexe' + LIBPREFIX= + EXECSUFFIX='.exe' + RANLIB=EMXOMF + REAL_SHLIBEXT=nobuild + ;; +*-*-cygwin32*) + EXECSUFFIX='.exe' + REAL_SHLIBEXT=nobuild + ;; +*) REAL_SHLIBEXT=nobuild + REAL_PICFLAGS= + ;; +esac + +if test "${with_shared}" != "yes" ; then + PICFLAGS="" + SHLIBEXT="nobuild" + LIBEXT="a" +else + PICFLAGS="$REAL_PICFLAGS" + SHLIBEXT="$REAL_SHLIBEXT" + LIBEXT="$SHLIBEXT" + LD_FLAGS="$REAL_LD_FLAGS" +fi + +AC_SUBST(REAL_PICFLAGS) dnl +AC_SUBST(REAL_SHLIBEXT) dnl +AC_SUBST(REAL_LD_FLAGS) dnl + +AC_SUBST(PICFLAGS) dnl +AC_SUBST(SHLIBEXT) dnl +AC_SUBST(LDSHARED) dnl +AC_SUBST(LD_FLAGS) dnl +AC_SUBST(LIBEXT) dnl +AC_SUBST(LIBPREFIX) dnl +AC_SUBST(EXECSUFFIX) dnl + +dnl +dnl Check if we need to use weak-stuff +dnl + +AC_HAVE_PRAGMA_WEAK + +dnl +dnl Check for endian-ness, this breaks cross compilation +dnl +AC_C_BIGENDIAN + +dnl +dnl Check for constness +dnl +AC_C_CONST + +dnl +dnl Check for strange operating systems that you need to handle differently +dnl + +AC_KRB_SYS_NEXTSTEP +AC_KRB_SYS_AIX + +if test "$krb_cv_sys_aix" = yes ;then + AFS_EXTRA_OBJS='$(srcdir)/afsl.exp dlfcn.o' + AC_SUBST(AFS_EXTRA_OBJS) + AFS_EXTRA_LIBS=afslib.so + AC_SUBST(AFS_EXTRA_LIBS) +fi + +# +# AIX needs /lib/pse.exp for getmsg, but alas that file is broken in +# AIX414 +# + +if test -f /lib/pse.exp ;then + LIBS="$LIBS -Wl,-bI:/lib/pse.exp" +fi + +dnl +dnl Various checks for headers and their contents +dnl + +AC_HEADER_STDC + +AC_CHECK_HEADERS(arpa/ftp.h arpa/inet.h arpa/nameser.h) +AC_CHECK_HEADERS(arpa/telnet.h bind/bitypes.h bsd/bsd.h bsdsetjmp.h) +AC_CHECK_HEADERS(crypt.h dbm.h dirent.h err.h fcntl.h grp.h io.h) +AC_CHECK_HEADERS(lastlog.h login.h maillock.h ndbm.h net/if.h) +AC_CHECK_HEADERS(net/if_tun.h net/if_var.h netdb.h netinet/in.h) +AC_CHECK_HEADERS(netinet/in6_machtypes.h netinet/in_systm.h) +AC_CHECK_HEADERS(netinet/ip.h netinet/tcp.h paths.h pty.h pwd.h) +AC_CHECK_HEADERS(resolv.h rpcsvc/dbm.h sac.h security/pam_modules.h) +AC_CHECK_HEADERS(shadow.h siad.h signal.h stropts.h sys/bitypes.h) +AC_CHECK_HEADERS(sys/category.h sys/cdefs.h sys/file.h sys/filio.h) +AC_CHECK_HEADERS(sys/ioccom.h sys/ioctl.h sys/locking.h sys/mman.h) +AC_CHECK_HEADERS(sys/param.h sys/proc.h sys/ptyio.h sys/ptyvar.h) +AC_CHECK_HEADERS(sys/resource.h sys/select.h sys/socket.h) +AC_CHECK_HEADERS(sys/sockio.h sys/stat.h sys/str_tty.h sys/stream.h) +AC_CHECK_HEADERS(sys/stropts.h sys/strtty.h sys/syscall.h) +AC_CHECK_HEADERS(sys/sysctl.h sys/termio.h sys/time.h sys/timeb.h) +AC_CHECK_HEADERS(sys/times.h sys/tty.h sys/types.h sys/uio.h) +AC_CHECK_HEADERS(sys/un.h sys/utsname.h sys/wait.h syslog.h) +AC_CHECK_HEADERS(termio.h termios.h tmpdir.h ttyent.h udb.h ulimit.h) +AC_CHECK_HEADERS(unistd.h userpw.h usersec.h util.h utime.h utmp.h) +AC_CHECK_HEADERS(utmpx.h wait.h winsock.h) + +AC_HEADER_TIME +AC_DECL_SYS_SIGLIST +AC_SUBST(ac_cv_header_sys_cdefs_h)dnl +AC_SUBST(ac_cv_header_err_h)dnl + +AC_GROK_TYPES(int8_t int16_t int32_t int64_t) +AC_GROK_TYPES(u_int8_t u_int16_t u_int32_t u_int64_t) + +dnl +dnl Various checks for libraries and their contents +dnl + +dnl +dnl System V is have misplaced the socket routines, should really be in libc +dnl + +AC_FIND_FUNC(socket, socket, +[#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif], +[0,0,0]) +AC_FIND_FUNC(gethostbyname, nsl, +[#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif], +"foo") + +dnl +dnl Horror AIX needs -lodm -lcfg to link login +dnl + +AC_FIND_FUNC(odm_initialize, odm) +AC_FIND_FUNC(getattr, cfg) +AC_FIND_FUNC(setpcred, s) +AC_FIND_FUNC(logwtmp, util) + +AC_FIND_FUNC(logout, util) +AC_FIND_FUNC_NO_LIBS(tgetent, termcap) + +dnl +dnl See if there is any X11 present +dnl +AC_PATH_XTRA +if test "$no_x" = "yes" ; then + MAKE_X_PROGS_BIN="" + MAKE_X_PROGS_LIBEXEC="" +else + MAKE_X_PROGS_BIN='$(X_PROGS_BIN)' + MAKE_X_PROGS_LIBEXEC='$(X_PROGS_LIBEXEC)' +fi +AC_SUBST(MAKE_X_PROGS_BIN)dnl +AC_SUBST(MAKE_X_PROGS_LIBEXEC)dnl + +save_CFLAGS="$CFLAGS" +CFLAGS="$X_CFLAGS $CFLAGS" +save_LIBS="$LIBS" +dnl LIBS="$X_LIBS $X_PRE_LIBS $X_EXTRA_LIBS $LIBS" +LIBS="$X_PRE_LIBS $X_EXTRA_LIBS $LIBS" +save_LDFLAGS="$LDFLAGS" +LDFLAGS="$LDFLAGS $X_LIBS" + +AC_FIND_FUNC_NO_LIBS(XauReadAuth, Xau X11) +ac_xxx="$LIBS" +LIBS="$LIB_XauReadAuth $LIBS" +AC_CHECK_FUNCS(XauWriteAuth) +if test "$ac_cv_func_XauWriteAuth" != "yes"; then + XauWriteAuth_c=writeauth.c + XauWriteAuth_o=writeauth.o +fi +AC_SUBST(XauWriteAuth_c)dnl +AC_SUBST(XauWriteAuth_o)dnl +LIBS="$ac_xxx" + +CFLAGS=$save_CFLAGS +LIBS=$save_LIBS +LDFLAGS=$save_LDFLAGS + +dnl +dnl Look for berkeley db, gdbm, and ndbm in that order. +dnl + +save_LIBS="$LIBS" +AC_FIND_FUNC_NO_LIBS(dbopen, $berkeley_db) +LIBS="$LIB_dbopen $LIBS" +AC_FIND_FUNC_NO_LIBS(dbm_firstkey, $berkeley_db gdbm ndbm) +if test -n "$LIB_dbopen"; then + LIB_DBM="$LIB_dbopen" +else + LIB_DBM="$LIB_dbm_firstkey" +fi +AC_SUBST(LIB_DBM)dnl +LIBS="$save_LIBS" + +AC_FIND_FUNC(syslog, syslog) + +AC_CACHE_CHECK(for working snprintf,ac_cv_func_snprintf_working, +ac_cv_func_snprintf_working=yes +AC_TRY_RUN([ +#include <stdio.h> +#include <string.h> +int main() +{ +changequote(`,')dnl + char foo[3]; +changequote([,])dnl + snprintf(foo, 2, "12"); + return strcmp(foo, "1"); +}],:,ac_cv_func_snprintf_working=no,:)) +: << END +@@@funcs="$funcs snprintf"@@@ +END +if test "$ac_cv_func_snprintf_working" = yes; then + foo=HAVE_SNPRINTF + AC_DEFINE_UNQUOTED($foo) +fi + +AC_CHECK_FUNCS(asnprintf asprintf vasprintf vasnprintf vsnprintf) + + +AC_CHECK_FUNCS(_getpty _scrsize _setsid _stricmp fchmod fcntl flock) +AC_CHECK_FUNCS(forkpty frevoke gethostname getlogin getpriority getservbyname) +AC_CHECK_FUNCS(getspnam getspuid gettimeofday getuid grantpt) +AC_CHECK_FUNCS(innetgr iruserok mktime ptsname rand random) +AC_CHECK_FUNCS(revoke setitimer setlogin setpgid setpriority) +AC_CHECK_FUNCS(setproctitle setregid setresgid setresuid setreuid setsid) +AC_CHECK_FUNCS(setutent swab ttyname ttyslot ulimit uname) +AC_CHECK_FUNCS(unlockpt vhangup yp_get_default_domain) +AC_FIND_FUNC_NO_LIBS(getpwnam_r,c_r) +if test "$ac_cv_func_getpwnam_r" = yes; then + AC_CACHE_CHECK(if getpwnam_r is posix,ac_cv_func_getpwnam_r_posix, + ac_libs="$LIBS" + LIBS="$LIBS $LIB_getpwnam_r" + AC_TRY_RUN([ +#include <pwd.h> +int main() +{ + struct passwd pw, *pwd; + return getpwnam_r("", &pw, NULL, 0, &pwd) < 0; +} +],ac_cv_func_getpwnam_r_posix=yes,ac_cv_func_getpwnam_r_posix=no,:) +LIBS="$ac_libs") +if test "$ac_cv_func_getpwnam_r_posix" = yes; then + AC_DEFINE(POSIX_GETPWNAM_R) +fi +fi + +AC_FIND_FUNC_NO_LIBS(getsockopt, , +[#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif], +[0,0,0,0,0]) +AC_FIND_FUNC_NO_LIBS(setsockopt, , +[#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif], +[0,0,0,0,0]) + +dnl Cray stuff +AC_CHECK_FUNCS(getudbnam setlim) + +AC_FIND_FUNC(res_search, resolv, +[ +#include <stdio.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include <arpa/nameser.h> +#endif +#ifdef HAVE_RESOLV_H +#include <resolv.h> +#endif +], +[0,0,0,0,0]) + +AC_FIND_FUNC(dn_expand, resolv, +[ +#include <stdio.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_ARPA_NAMESER_H +#include <arpa/nameser.h> +#endif +#ifdef HAVE_RESOLV_H +#include <resolv.h> +#endif +], +[0,0,0,0,0]) + + +AC_FUNC_MMAP +AC_FUNC_ALLOCA + +# +# Test for POSIX (broken) getlogin +# + +if test "$ac_cv_func_getlogin" = yes; then +AC_CACHE_CHECK(if getlogin is posix, ac_cv_func_getlogin_posix, [ +if test "$ac_cv_func_getlogin" = yes -a "$ac_cv_func_setlogin" = yes; then + ac_cv_func_getlogin_posix=no +else + ac_cv_func_getlogin_posix=yes +fi +]) +if test "$ac_cv_func_getlogin_posix" = yes; then + AC_DEFINE(POSIX_GETLOGIN, 1) +fi +fi + +AC_FIND_IF_NOT_BROKEN(hstrerror, resolv, +[#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif], +17) + +AC_BROKEN(chown daemon err errx fchown getcwd getdtablesize getopt) +AC_BROKEN(getusershell inet_aton initgroups lstat memmove mkstemp) +AC_BROKEN(putenv rcmd setegid setenv seteuid strcasecmp strdup) +AC_BROKEN(strerror strftime strlwr strnlen strtok_r strupr unsetenv) +AC_BROKEN(verr verrx vwarn vwarnx warn warnx) + +AC_KRB_FUNC_GETCWD_BROKEN + +dnl +dnl Figure what authentication modules should be built +dnl + +AC_MSG_CHECKING(which authentication modules should be built) + +LIB_AUTH_SUBDIRS= + +if test "$ac_cv_header_siad_h" = yes; then + LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS sia" +fi + +if test "$ac_cv_header_security_pam_modules_h" = yes; then + LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS pam" +fi + +case "${host}" in +changequote(,)dnl +*-*-irix[56]*) LIB_AUTH_SUBDIRS="$LIB_AUTH_SUBDIRS afskauthlib" ;; +changequote([,])dnl +esac + +AC_MSG_RESULT($LIB_AUTH_SUBDIRS) + +AC_SUBST(LIB_AUTH_SUBDIRS)dnl + +dnl +dnl Figure out if we have tunnels +dnl + +AC_MSG_CHECKING(for tunnel devices) + +APPL_KIP_DIR= + +if test "$ac_cv_header_net_if_tun_h" = "yes"; then + APPL_KIP_DIR=kip +fi + +AC_MSG_RESULT($ac_cv_header_net_if_tun_h) + +AC_SUBST(APPL_KIP_DIR)dnl + +dnl +dnl Checks for prototypes and declarations +dnl + +AC_NEED_PROTO([ +#ifdef HAVE_CRYPT_H +#include <crypt.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +], +crypt) + +AC_NEED_PROTO([ +#include <string.h> +], +strtok_r) + +AC_CHECK_VAR([#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif], +h_errno) + +AC_CHECK_VAR([#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif], +h_errlist) + +AC_CHECK_VAR([#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif], +h_nerr) + +AC_CHECK_VAR([#ifdef HAVE_ERR_H +#include <err.h> +#endif],[__progname]) + +AC_CHECK_DECLARATION([#include <stdlib.h>], optarg) +AC_CHECK_DECLARATION([#include <stdlib.h>], optind) +AC_CHECK_DECLARATION([#include <stdlib.h>], opterr) +AC_CHECK_DECLARATION([#include <stdlib.h>], optopt) + +dnl +dnl According to ANSI you are explicitly allowed to cast to void, +dnl but the standard fails to say what should happen. Some compilers +dnl think this is illegal: +dnl +dnl void foo(void) +dnl { +dnl return (void)0; +dnl } +dnl +dnl Thus explicitly test for void +dnl +AC_TYPE_SIGNAL +if test "$ac_cv_type_signal" = "void" ; then + AC_DEFINE(VOID_RETSIGTYPE, 1) +fi + +dnl +dnl Check for fields in struct utmp +dnl +AC_EGREP_HEADER(ut_user, utmp.h, AC_DEFINE(HAVE_UT_USER)) +AC_EGREP_HEADER(ut_host, utmp.h, AC_DEFINE(HAVE_UT_HOST)) +AC_EGREP_HEADER(ut_addr, utmp.h, AC_DEFINE(HAVE_UT_ADDR)) +AC_EGREP_HEADER(ut_type, utmp.h, AC_DEFINE(HAVE_UT_TYPE)) +AC_EGREP_HEADER(ut_pid, utmp.h, AC_DEFINE(HAVE_UT_PID)) +AC_EGREP_HEADER(ut_id, utmp.h, AC_DEFINE(HAVE_UT_ID)) +AC_EGREP_HEADER(ut_syslen, utmpx.h, AC_DEFINE(HAVE_UT_SYSLEN)) + +AC_STRUCT_ST_BLKSIZE + +dnl +dnl Check for struct winsize +dnl + +AC_KRB_STRUCT_WINSIZE + +dnl +dnl Check for some common types +dnl + +AC_TYPE_PID_T +AC_TYPE_UID_T +AC_TYPE_OFF_T +AC_TYPE_SIZE_T + +dnl +dnl Check for sa_len in sys/socket.h +dnl + +AC_MSG_CHECKING(for sa_len in struct sockaddr) +AC_CACHE_VAL(krb_cv_struct_sockaddr_sa_len, [ +AC_TRY_COMPILE( +[#include <sys/types.h> +#include <sys/socket.h>], +[struct sockaddr sa; +int foo = sa.sa_len;], +krb_cv_struct_sockaddr_sa_len=yes, +krb_cv_struct_sockaddr_sa_len=no) +]) +AC_MSG_RESULT($krb_cv_struct_sockaddr_sa_len) +if test "$krb_cv_struct_sockaddr_sa_len" = yes; then + AC_DEFINE(SOCKADDR_HAS_SA_LEN) +fi + +dnl +dnl Check for ouid in sys/siad.h +dnl + +if test "$ac_cv_header_siad_h" = yes; then +AC_MSG_CHECKING(for ouid in struct siaentity) +AC_CACHE_VAL(krb_cv_struct_siaentity_ouid, [ +AC_TRY_COMPILE( +[#include <siad.h> +], +[SIAENTITY e; +int foo = e.ouid;], +krb_cv_struct_siaentity_ouid=yes, +krb_cv_struct_siaentity_ouid=no) +]) +AC_MSG_RESULT($krb_cv_struct_siaentity_ouid) +if test "$krb_cv_struct_siaentity_ouid" = yes; then + AC_DEFINE(SIAENTITY_HAS_OUID) +fi +fi + +dnl +dnl you can link with getmsg on AIX 3.2 but you cannot run the program +dnl + +AC_CACHE_CHECK(for working getmsg, ac_cv_func_getmsg, +AC_TRY_RUN( +[ +#include <stdio.h> + +int main() +{ + getmsg(open("/dev/null", 0), NULL, NULL, NULL); + return 0; +} +], ac_cv_func_getmsg=yes, ac_cv_func_getmsg=no, ac_cv_func_getmsg=no)) +test "$ac_cv_func_getmsg" = "yes" && +AC_DEFINE(HAVE_GETMSG) + +dnl +dnl Test if we are using berkeley db +dnl + +save_LIBS="$LIBS" +LIBS="$LIB_DBM $LIBS" +AC_CACHE_CHECK(for berkeley db, krb_cv_lib_berkeleydb, +AC_TRY_RUN( +[ +#include <unistd.h> +#include <fcntl.h> +#include <ndbm.h> +int main() +{ + DBM *d; + + d = dbm_open("conftest", O_RDWR | O_CREAT, 0666); + if(d == NULL) + return 1; + dbm_close(d); + return access("conftest.db", F_OK) != 0; +}], krb_cv_lib_berkeleydb=yes, krb_cv_lib_berkeleydb=no, +krb_cv_lib_berkeleydb=no)) +test "$krb_cv_lib_berkeleydb" = "yes" && +AC_DEFINE(HAVE_NEW_DB) +LIBS="$save_LIBS" + +dnl +dnl Tests for editline +dnl + +AC_FIND_FUNC_NO_LIBS(el_init, edit) +AC_FIND_FUNC_NO_LIBS(readline, readline) + +if test "$with_readline"; then + AC_DEFINE(HAVE_READLINE, 1) + editline_OBJS= + LIB_readline="$READLINELIB "'$(LIB_tgetent)' + INCLUDE_readline="$READLINEINCLUDE" +elif test "$ac_cv_func_el_init" = yes; then + AC_DEFINE(HAVE_READLINE, 1) + + editline_OBJS=edit_compat.o + LIB_readline='-L$(topdir)/lib/editline -leditline '"$LIB_el_init"' $(LIB_tgetent)' + + INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline' +elif test "$ac_cv_func_readline" = yes; then + AC_DEFINE(HAVE_READLINE, 1) + editline_OBJS= + LIB_readline='-lreadline $(LIB_tgetent)' + INCLUDE_readline= +else + AC_DEFINE(HAVE_READLINE, 1) + editline_OBJS="editline.o complete.o sysunix.o" + LIB_readline='-L$(topdir)/lib/editline -leditline $(LIB_tgetent)' + INCLUDE_readline='-I$(topdir)/lib/editline -I$(top_srcdir)/lib/editline' +fi +AC_SUBST(LIB_readline) +AC_SUBST(INCLUDE_readline) +AC_SUBST(editline_OBJS) + +dnl telnet muck -------------------------------------------------- + +AC_DEFINE(AUTHENTICATION)dnl +AC_DEFINE(KRB4)dnl +AC_DEFINE(ENCRYPTION)dnl +AC_DEFINE(DES_ENCRYPTION)dnl +AC_DEFINE(DIAGNOSTICS)dnl +AC_DEFINE(OLD_ENVIRON)dnl + +# Simple test for streamspty, based on the existance of getmsg(), alas +# this breaks on SunOS4 which have streams but BSD-like ptys +# +# And also something wierd has happend with dec-osf1, fallback to bsd-ptys + +AC_MSG_CHECKING(for streamspty) +case "`uname -sr`" in +SunOS\ 4*|OSF1*|IRIX\ 4*|HP-UX\ ?.10.*) + krb_cv_sys_streamspty=no + ;; +AIX*) + os_rel=`uname -v`.`uname -r` + if expr "$os_rel" : "3*" >/dev/null 2>&1; then + krb_cv_sys_streamspty=no + else + krb_cv_sys_streamspty="$ac_cv_func_getmsg" + fi + ;; +*) + krb_cv_sys_streamspty="$ac_cv_func_getmsg" + ;; +esac +if test "$krb_cv_sys_streamspty" = yes; then + AC_DEFINE(STREAMSPTY) +fi +dnl AC_SUBST(STREAMSPTY) +AC_MSG_RESULT($krb_cv_sys_streamspty) + +AC_MSG_CHECKING([if /bin/ls takes -A]) +if /bin/ls -A > /dev/null 2>&1 ;then + AC_DEFINE(HAVE_LS_A) + krb_ls_a=yes +else + krb_ls_a=no +fi +AC_MSG_RESULT($krb_ls_a) + +dnl ------------------------------------------------------------ +AC_CACHE_CHECK(for suffix of preformatted manual pages, krb_cv_sys_cat_suffix, +if grep _version /etc/man.conf > /dev/null 2>&1; then + krb_cv_sys_cat_suffix=0 +else + krb_cv_sys_cat_suffix=number +fi) +if test "$krb_cv_sys_cat_suffix" = number; then + CATSUFFIX='$$s' +else + CATSUFFIX=0 +fi +AC_SUBST(CATSUFFIX) + +dnl ------------------------------------------------------------ + +KRB_KAFS_LIB='-L$(topdir)/lib/kafs -lkafs' +if test "$krb_cv_sys_aix" = yes; then + KRB_KAFS_LIB="$KRB_KAFS_LIB -lld" +fi +AC_SUBST(KRB_KAFS_LIB)dnl + +dnl ------------------------------------------------------------ + + +dnl This is done by AC_OUTPUT but we need the result here. + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +for i in bin lib libexec sbin; do + i=${i}dir + foo=`echo $i | tr 'xindiscernible' 'XINDISCERNIBLE'` + x="\$${i}" + eval y="$x" + while test "x$y" != "x$x"; do + x="$y" + eval y="$x" + done + AC_DEFINE_UNQUOTED($foo,"$x") +done + +dnl +dnl We are all set to emit the Makefiles and config.h +dnl +AC_OUTPUT( \ +Makefile \ +include/Makefile \ +include/sys/Makefile \ + \ +util/Makefile \ +util/et/Makefile \ + \ +man/Makefile \ + \ +lib/Makefile \ +lib/des/Makefile \ +lib/krb/Makefile \ +lib/kdb/Makefile \ +lib/kadm/Makefile \ +lib/acl/Makefile \ +lib/kafs/Makefile \ +lib/roken/Makefile \ +lib/otp/Makefile \ +lib/sl/Makefile \ +lib/editline/Makefile \ +lib/auth/Makefile \ +lib/auth/pam/Makefile \ +lib/auth/sia/Makefile \ +lib/auth/afskauthlib/Makefile \ + \ +kuser/Makefile \ +server/Makefile \ +slave/Makefile \ +admin/Makefile \ +kadmin/Makefile \ + \ +appl/Makefile \ + \ +appl/afsutil/Makefile \ +appl/ftp/Makefile \ +appl/ftp/common/Makefile \ +appl/ftp/ftp/Makefile \ +appl/ftp/ftpd/Makefile \ +appl/telnet/Makefile \ +appl/telnet/libtelnet/Makefile \ +appl/telnet/telnet/Makefile \ +appl/telnet/telnetd/Makefile \ +appl/bsd/Makefile \ +appl/kauth/Makefile \ +appl/kpopper/Makefile \ +appl/movemail/Makefile \ +appl/sample/Makefile \ +appl/xnlock/Makefile \ +appl/kx/Makefile \ +appl/kip/Makefile \ +appl/otp/Makefile \ +doc/Makefile \ +) dnl end of AC_OUTPUT + +dnl +dnl This is the release version name-number[beta] +dnl Update before making a new release +dnl +KRB4VERSION="$PACKAGE-$VERSION" + +cat > include/newversion.h.in <<EOF +char *krb4_long_version = "@(#)\$Version: $KRB4VERSION by @USER@ on @HOST@ ($host) @DATE@ \$"; +char *krb4_version = "$KRB4VERSION"; +EOF + +if test -f include/version.h && cmp -s include/newversion.h.in include/version.h.in; then + echo "include/version.h is unchanged" + rm -f include/newversion.h.in +else + echo "creating include/version.h" + User=${USER-${LOGNAME}} + Host=`(hostname || uname -n) 2>/dev/null | sed 1q` + Date=`date` + mv -f include/newversion.h.in include/version.h.in + sed -e "s/@USER@/$User/" -e "s/@HOST@/$Host/" -e "s/@DATE@/$Date/" include/version.h.in > include/version.h +fi diff --git a/crypto/kerberosIV/doc/Makefile.in b/crypto/kerberosIV/doc/Makefile.in new file mode 100644 index 0000000..5071e8e --- /dev/null +++ b/crypto/kerberosIV/doc/Makefile.in @@ -0,0 +1,65 @@ +# $Id: Makefile.in,v 1.10 1997/05/06 03:05:55 joda Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +INSTALL = @INSTALL@ +INSTALL_DATA = $(INSTALL) +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs +MAKEINFO = @MAKEINFO@ +TEXI2DVI = texi2dvi +TEXI2HTML = texi2html + +prefix = @prefix@ +infodir = @infodir@ + +all: info + +install: all installdirs + if test -f kth-krb.info; then \ + $(INSTALL_DATA) kth-krb.info $(infodir)/kth-krb.info; \ + else \ + $(INSTALL_DATA) $(srcdir)/kth-krb.info $(infodir)/kth-krb.info; \ + fi + if $(SHELL) -c 'install-info --version' >/dev/null 2>&1; then \ + install-info --dir-file=$(infodir)/dir $(infodir)/kth-krb.info; \ + else \ + true; \ + fi + +uninstall: + rm -f $(infodir)/kth-krb.info + +installdirs: + $(MKINSTALLDIRS) $(infodir) + +info: kth-krb.info + +kth-krb.info: kth-krb.texi + $(MAKEINFO) -I$(srcdir) -o $@ $(srcdir)/kth-krb.texi + +dvi: kth-krb.dvi + +kth-krb.dvi: kth-krb.texi + $(TEXI2DVI) $(srcdir)/kth-krb.texi + +html: kth-krb.html + +kth-krb.html: kth-krb.texi + $(TEXI2HTML) $(srcdir)/kth-krb.texi + +clean: + rm -f *.aux *.cp *.cps *.dvi *.fn *.ky *.log *.pg *.toc *.tp *.vr + +distclean: clean + +mostlyclean: clean + +maintainer-clean: clean + rm -f kth-krb.info + +check: + +.PHONY: install all installdirs uninstall info dvi html clean check distclean mostlyclean maintainer-clean diff --git a/crypto/kerberosIV/doc/ack.texi b/crypto/kerberosIV/doc/ack.texi new file mode 100644 index 0000000..388f644 --- /dev/null +++ b/crypto/kerberosIV/doc/ack.texi @@ -0,0 +1,80 @@ +@node Acknowledgments, Index, Resolving frequent problems, Top +@comment node-name, next, previous, up +@appendix Acknowledgments + +People from the MIT Athena project wrote the original code that this is +based on. @w{Kerberos 4} @w{patch-level 9} was stripped of both the +encryption functions and the calls to them. This was exported from the +US as the ``Bones'' release. Eric Young put back the calls and hooked +in his libdes, thereby creating the ``eBones'' release. +@cindex Bones +@cindex eBones + +The ``rcmd'' programs where initially developed at the University of +California at Berkeley and then hacked on by the FreeBSD and NetBSD +projects. + +Berkeley also wrote @code{ftp}, @code{ftpd}, @code{telnet}, and +@code{telnetd}. The authentication and encryption code of @code{telnet} +and @code{telnetd} was added by David Borman (then of Cray Research, +Inc). The encryption code was removed when this was exported and then +added back by Juha Eskelinen, @code{<esc@@magic.fi>}. + +The @code{popper} was also a Berkeley program initially. + +The @code{login} has the same origins but has received code written by +Wietse Venema at Eindhoven University of Technology, The Netherlands. + +@code{movemail} was (at least partially) written by Jonathan Kamens, +@code{<jik@@security.ov.com>}, and is Copyright @copyright{} 1986, 1991, +1992, 1993, 1994 Free Software Foundation, Inc. + +@code{xnlock} was originally written by Dan Heller in 1985 for sunview. +The X version was written by him in 1990. + +Some of the functions in @file{libroken} also come from Berkeley by the +way of NetBSD/FreeBSD. + +The code to handle the dynamic loading of the AFS module for AIX is +copyright @copyright{} 1992 HELIOS Software GmbH 30159 Hannover, +Germany. + +@code{editline} was written by Simmule Turner and Rich Salz. + +Bugfixes and code has been contributed by: +@table @asis +@item Derrick J Brashear +@code{<shadow@@dementia.org>} +@item Anders Gertz +@code{<gertz@@lysator.liu.se>} +@item Dejan Ilic +@code{<svedja@@lysator.liu.se>} +@item Kent Engström +@code{<kent@@lysator.liu.se>} +@item Simon Josefsson +@code{<jas@@pdc.kth.se>} +@item Robert Malmgren +@code{<rom@@incolumitas.se>} +@item Fredrik Ljungberg +@code{<flag@@it.kth.se>} +@item Lars Malinowsky +@code{<lama@@pdc.kth.se>} +@item Fabien Coelho +@code{<coelho@@cri.ensmp.fr>} +@item and we hope that those not mentioned here will forgive us. +@end table + +Ian Marsh @code{<ianm@@sics.se>} removed the worst abuses of the English +language from this text. + +Ilja Hallberg @code{<iha@@incolumitas.se>} is still promising to help us +finish the documentation. + +This work was supported in part by SUNET and the Centre for Parallel +Computers at KTH. + +The port to Windows 95/NT was supported by the Computer Council at KTH +and done by Jörgen Karlsson @code{<d93-jka@@nada.kth.se>}. + +All the bugs were introduced by ourselves. + diff --git a/crypto/kerberosIV/doc/index.texi b/crypto/kerberosIV/doc/index.texi new file mode 100644 index 0000000..ebe5d91 --- /dev/null +++ b/crypto/kerberosIV/doc/index.texi @@ -0,0 +1,6 @@ +@node Index, , Acknowledgments, Top +@comment node-name, next, previous, up +@unnumbered Index + +@printindex cp + diff --git a/crypto/kerberosIV/doc/install.texi b/crypto/kerberosIV/doc/install.texi new file mode 100644 index 0000000..240c04e --- /dev/null +++ b/crypto/kerberosIV/doc/install.texi @@ -0,0 +1,368 @@ +@node Installing programs, How to set up a realm, What is Kerberos?, Top +@chapter Installing programs + +You have a choise to either build the distribution from source code or +to install binaries, if they are available for your machine. + +@c XXX + +We recommend building from sources, but using pre-compiled binaries +might be easier. If there are no binaries available for your machine or +you want to do some specific configuration, you will have to compile +from source. + +@menu +* Installing from source:: +* Installing a binary distribution:: +* Finishing the installation:: +* Authentication modules:: +@end menu + +@node Installing from source, Installing a binary distribution, Installing programs, Installing programs +@comment node-name, next, previous, up +@section Installing from source + +To build this software un-tar the distribution and run the +@code{configure} script. + +To compile successfully, you will need an ANSI C compiler, such as +@code{gcc}. Other compilers might also work, but setting the ``ANSI +compliance'' too high, might break in parts of the code, not to mention +the standard include files. + +To build in a separate build tree, run @code{configure} in the directory +where the tree should reside. You will need a Make that understands +VPATH correctly. GNU Make works fine. + +After building everything (which will take anywhere from a few minutes +to a long time), you can install everything in @file{/usr/athena} with +@kbd{make install} (running as root). It is possible to install in some +other place, but it isn't recommended. To do this you will have to run +@code{configure} with @samp{--prefix=/my/path}. + +If you need to change the default behavior, configure understands the +following options: + +@table @asis +@item @kbd{--with-shared} +Create shared versions of the Kerberos libraries. Not really +recommended and might not work on all systems. + +@item @kbd{--with-cracklib=}@var{dir} +Use cracklib for password quality control in +@pindex kadmind +@code{kadmind}. This option requires +@cindex cracklib +cracklib with the patch from +@code{ftp://ftp.pdc.kth.se/pub/krb/src/cracklib.patch}. + +@item @kbd{--with-dictpath=}@var{dictpath} +This is the dictionary that cracklib should use. + +@item @kbd{--with-socks=}@var{dir} +@cindex firewall +@cindex socks +If you have to traverse a firewall and it uses the SocksV5 protocol +(@cite{RFC 1928}), you can build with socks-support. Point @var{dir} to +the directory where you have socks5 installed. For more information +about socks see @kbd{http://www.socks.nec.com/}. + +@item @kbd{--with-readline=}@var{dir} +@cindex readline +To enable history/line editing in @code{ftp} and @code{kadmin}, any +present version of readline will be used. If you have readline +installed but in a place where configure does not managed to find it, +you can use this option. The code also looks for @code{libedit}. If +there is no library at all, the bundled version of @code{editline} will +be used. + +@item @kbd{--with-mailspool=}@var{dir} +The configuration process tries to determine where your machine stores +its incoming mail. This is typically @file{/usr/spool/mail} or +@file{/var/mail}. If it does not work or you store your mail in some +unusual directory, this option can be used to specify where the mail +spool directory is located. This directory is only accessed by +@pindex popper +@code{popper}, and the mail check in +@pindex login +@code{login}. + +@c @item @kbd{--enable-random-mkey} +@c Do not use this option unless you think you know what you are doing. + +@item @kbd{--with-mkey=}@var{file} +Put the master key here, the default is @file{/.k}. + +@item @kbd{--without-berkeley-db} +If you have +@cindex Berkeley DB +Berkeley DB installed, it is preferred over +@c XXX +dbm. If you already are running Kerberos this option might be useful, +since there currently isn't an easy way to convert a dbm database to a +db one (you have to dump the old database and then load it with the new +binaries). +@end table + +@node Installing a binary distribution, Finishing the installation, Installing from source, Installing programs +@comment node-name, next, previous, up +@section Installing a binary distribution + +The binary distribution is supposed to be installed in +@file{/usr/athena}, installing in some other place may work but is not +recommended. A symlink from @file{/usr/athena} to the install directory +should be fine. + +@node Finishing the installation, Authentication modules, Installing a binary distribution, Installing programs +@section Finishing the installation + +@pindex su +The only program that needs to be installed setuid to root is @code{su}. + +If +@pindex rlogin +@pindex rsh +@code{rlogin} and @code{rsh} are setuid to root they will fall back to +non-kerberised protocols if the kerberised ones fail for some +reason. The old protocols use reserved ports as security, and therefore +the programs have to be setuid to root. If you don't need this +functionality consider turning off the setuid bit. + +@pindex login +@code{login} does not have to be setuid, as it is always run by root +(users should use @code{su} rather than @code{login}). It will print a +helpful message when not setuid to root and run by a user. + +The programs intended to be run by users are located in +@file{/usr/athena/bin}. Inform your users to include +@file{/usr/athena/bin} in their paths, or copy or symlink the binaries +to some good place. The programs that you will want to use are: +@code{kauth}/@code{kinit}, +@pindex kauth +@pindex kinit +@code{klist}, @code{kdestroy}, @code{kpasswd}, @code{ftp}, +@pindex klist +@pindex kdestroy +@pindex kpasswd +@pindex ftp +@code{telnet}, @code{rcp}, @code{rsh}, @code{rlogin}, @code{su}, +@pindex telnet +@pindex rcp +@pindex rsh +@pindex rlogin +@pindex su +@pindex xnlock +@pindex afslog +@pindex pagsh +@pindex rxtelnet +@pindex tenletxr +@pindex rxterm +@code{rxtelnet}, @code{tenletxr}, @code{rxterm}, and +@code{xnlock}. If you are using AFS, @code{afslog} and @code{pagsh} +might also be useful. Administrators will want to use @code{kadmin} and +@code{ksrvutil}, which are located in @file{/usr/athena/sbin}. +@pindex kadmin +@pindex ksrvutil + +@code{telnetd} and @code{rlogind} assume that @code{login} is located in +@file{/usr/athena/bin} (or whatever path you used as +@samp{--prefix}). If for some reason you want to move @code{login}, you +will have to specify the new location with the @samp{-L} switch when +configuring +@pindex telnetd +telnetd +and +@pindex rlogind +rlogind +in @file{inetd.conf}. + +It should be possible to replace the system's default @code{login} with +the kerberised @code{login}. However some systems assume that login +performs some serious amount of magic that our login might not do (although +we've tried to do our best). So before replacing it on every machine, +try and see what happens. Another thing to try is to use one of the +authentication modules (@xref{Authentication modules}) supplied. + +The @code{login} program that we use was in an earlier life the standard +login program from NetBSD. In order to use it with a lot of weird +systems, it has been ``enhanced'' with features from many other logins +(Solaris, SunOS, IRIX, AIX, and others). Some of these features are +actually useful and you might want to use them even on other systems. + +@table @file +@item /etc/fbtab +@pindex fbtab +@itemx /etc/logindevperm +@pindex logindevperm +Allows you to chown some devices when a user logs in on a certain +terminal. Commonly used to change the ownership of @file{/dev/mouse}, +@file{/dev/kbd}, and other devices when someone logs in on +@file{/dev/console}. + +@file{/etc/fbtab} is the SunOS file name and it is tried first. If +there is no such file then the Solaris file name +@file{/etc/logindevperm} is tried. +@item /etc/environment +@pindex environment +This file specifies what environment variables should be set when a user +logs in. (AIX-style) +@item /etc/default/login +@pindex default/login +Almost the same as @file{/etc/environment}, but the System V style. +@item /etc/login.access +@pindex login.access +Can be used to control who is allowed to login from where and on what +ttys. (From Wietse Venema) +@end table + +@menu +* Authentication modules:: +@end menu + +@node Authentication modules, , Finishing the installation, Installing programs +@comment node-name, next, previous, up +@section Authentication modules +The problem of having different authentication mechanisms has been +recognised by several vendors, and several solutions has appeared. In +most cases these solutions involve some kind of shared modules that are +loaded at run-time. Modules for some of these systems can be found in +@file{lib/auth}. Presently there are modules for Digital's SIA, Linux' +PAM (might also work on Solaris, when PAM gets supported), and IRIX' +@code{login} and @code{xdm} (in @file{lib/auth/afskauthlib}). + +@menu +* Digital SIA:: +* IRIX:: +* PAM:: +@end menu + +@node Digital SIA, IRIX, Authentication modules, Authentication modules +@subsection Digital SIA + +To install the SIA module you will have to do the following: + +@itemize @bullet + +@item +Make sure @file{libsia_krb4.so} is available in +@file{/usr/athena/lib}. If @file{/usr/athena} is not on local disk, you +might want to put it in @file{/usr/shlib} or someplace else. If you do, +you'll have to edit @file{krb4_matrix.conf} to reflect the new location +(you will also have to do this if you installed in some other directory +than @file{/usr/athena}). +@item +Copy (your possibly edited) @file{krb4_matrix.conf} to @file{/etc/sia}. +@item +Apply @file{security.patch} to @file{/sbin/init.d/security}. +@item +Turn on KRB4 security by issuing @kbd{rcmgr set SECURITY KRB4} and +@kbd{rcmgr set KRB4_MATRIX_CONF krb4_matrix.conf}. +@item +Digital thinks you should reboot your machine, but that really shouldn't +be necessary. It's usually sufficient just to run +@kbd{/sbin/init.d/security start}. +@end itemize + +Users with local passwords (like @samp{root}) should be able to login +safely. + +When using Digital's xdm the @samp{KRBTKFILE} environment variable isn't +passed along as it should (since xdm zaps the environment). Instead you +have to set @samp{KRBTKFILE} to the correct value in +@file{/usr/lib/X11/xdm/Xsession}. Add a line similar to +@example +KRBTKFILE=/tmp/tkt`id -u`_`ps -o ppid= -p $$`; export KRBTKFILE +@end example + +There is currently no support for changing passwords. Use @file{kpasswd} +instead. + +@subsubheading Notes to users with Enhanced security + +Digital's @samp{ENHANCED} (C2) security, and Kerberos solves two +different problems. C2 deals with local security, adds better control of +who can do what, auditing, and similar things. Kerberos deals with +network security. + +To make C2 security work with Kerberos you will have to do the +following. + +@itemize @bullet +@item +Replace all occurencies of @file{krb4_matrix.conf} with +@file{krb4+c2_matrix.conf} in the directions above. +@item +You must enable ``vouching'' in the @samp{default} database. This will +make the OSFC2 module trust other SIA modules, so you can login without +giving your C2 password. To do this use @samp{edauth} to edit the +default entry @kbd{/usr/tcb/bin/edauth -dd default}, and add a +@samp{d_accept_alternate_vouching} capability, if not already present. +@item +For each user that does @emph{not} have a local C2 password, you should +set the password expiration field to zero. You can do this for each +user, or in the @samp{default} table. To to this use @samp{edauth} to +set (or change) the @samp{u_exp} capability to @samp{u_exp#0}. +@item +You should make sure that you use Digital's login rather than the one +distributed by us. The easiest way to do this is to replace +@file{/usr/athena/bin/login} with @file{/bin/login}. +@end itemize + +At present @samp{su} does not accept the vouching flag, so it will not +work as expected. + +Also, kerberised ftp will not work with C2 passwords. You can solve this +by using both Digital's ftpd and our on different ports. + +@strong{Remember}, if you do these changes you will get a system that +most certainly does @emph{not} fulfill the requirements of a C2 +system. If C2 is what you want, for instance if someone else is forcing +you to use it, you're out of luck. If you use enhanced security because +you want a system that is more secure than it would otherwise be, you +probably got an even more secure system. Passwords will not be sent in +the clear, for instance. + +@node IRIX, PAM, Digital SIA, Authentication modules +@subsection IRIX + +The IRIX support is a module that is compatible with Transarc's +@file{afskauthlib.so}. It should work with all programs that use this +library, this should include @file{login} and @file{xdm}. + +The interface is not very documented but it seems that you have to copy +@file{libkafs.so}, @file{libkrb.so}, and @file{libdes.so} to +@file{/usr/lib}, or build your @file{afskauthlib.so} statically. + +The @file{afskauthlib.so} itself is able to reside in +@file{/usr/vice/etc}, @file{/usr/afsws/lib}, or the current directory +(wherever that is). + +Appart from this it should ``just work'', there are no configuration +files. + +@node PAM, , IRIX, Authentication modules +@subsection PAM + +The PAM module was written more out of curiosity that anything else. It +has not been updated for quite a while, since none of us are using +Linux, and Solaris does not support PAM yet. We've had positive reports +from at least one person using the module, though. + +To use this module you should: + +@itemize @bullet +@item +Make sure @file{pam_krb4.so} is available in @file{/usr/athena/lib}. You +might actually want it on local disk, so @file{/lib/security} might be a +better place if @file{/usr/athena} is not local. +@item +Look at @file{pam.conf.add} for examples of what to add to +@file{/etc/pam.conf}. +@end itemize + +There is currently no support for changing kerberos passwords. Use +kpasswd instead. + +See also Derrick J Brashear's @code{<shadow@@dementia.org>} Kerberos PAM +module at @kbd{ftp://ftp.dementia.org/pub/pam}. It has a lot more +features, and it is also more in line with other PAM modules. diff --git a/crypto/kerberosIV/doc/intro.texi b/crypto/kerberosIV/doc/intro.texi new file mode 100644 index 0000000..830ca1a --- /dev/null +++ b/crypto/kerberosIV/doc/intro.texi @@ -0,0 +1,69 @@ +@node Introduction, What is Kerberos?, Top, Top +@comment node-name, next, previous, up +@chapter Introduction + +This is an attempt at documenting the Kerberos 4 distribution from +Kungliga Tekniska Högskolan (the Royal Institute of Technology in +Stockholm, Sweden). This distribution is based on eBones, but has been +improved in many ways. It is more portable, and several new features +have been added. It currently runs on the following systems: + +@itemize @bullet +@item +AIX 4.1, 4.2 +@item +BSD/OS 2.0, 2.1 +@item +Digital UNIX 3.2, 4.0 +@item +HP-UX 9, 10 +@item +IRIX 4.0, 5.2, 5.3, 6.1, 6.2, 6.3, 6.4 +@item +Linux 1.3, 2.0 +@item +NetBSD 1.2 +@item +FreeBSD 2.2 +@item +SunOS 4.1 +@item +SunOS 5.4/5.5 (aka Solaris 2.4/2.5) +@item +Ultrix 4.4 +@item +Cray UNICOS 9. +@item +Fujitsu UXP/V 4.1. +@end itemize + +Some part compile and work on: + +@itemize @bullet +@item +OS/2 with EMX +@item +Windows 95/NT with gnu-win32 (with the proper amount of magic the +libraries should compile with Microsoft C as well) +@end itemize + +It should work on anything that is almost POSIX, has an ANSI C +compiler, a dbm library (for the server side), and BSD Sockets. + +A web-page is available at @kbd{http://www.pdc.kth.se/kth-krb/}. + +@heading Bug reports + +If you cannot build the programs or they do not behave as you think they +should, please send us a bug report. The bug report should be sent to +@code{<kth-krb-bugs@@nada.kth.se>}. Please include information on what +machine and operating system (including version) you are running, what +you are trying to do, what happens, what you think should have happened, +an example for us to repeat, the output you get when trying the example, +and a patch for the problem if you have one. Please make any patches +with @code{diff -u} or @code{diff -c}. The more detailed the bug report +is, the easier it will be for us to reproduce, understand, and fix it. + +Suggestions, comments and other non bug reports are welcome. Send them +to @code{<kth-krb@@nada.kth.se>}. + diff --git a/crypto/kerberosIV/doc/kth-krb.texi b/crypto/kerberosIV/doc/kth-krb.texi new file mode 100644 index 0000000..8b26349 --- /dev/null +++ b/crypto/kerberosIV/doc/kth-krb.texi @@ -0,0 +1,300 @@ +\input texinfo @c -*- texinfo -*- +@c %**start of header +@c $Id: kth-krb.texi,v 1.71 1997/05/25 21:31:00 assar Exp $ +@setfilename kth-krb.info +@settitle KTH-KRB +@iftex +@afourpaper +@end iftex +@c some sensible characters, please? +@tex +\input latin1.tex +@end tex +@setchapternewpage on +@syncodeindex pg cp +@c %**end of header + +@dircategory Kerberos +@direntry +* Kth-krb: (kth-krb). The Kerberos IV distribution from KTH +@end direntry + +@c title page +@titlepage +@title KTH-KRB +@subtitle Kerberos 4 from KTH +@subtitle Edition -1.0, for version 0.9.5 +@subtitle 1997 +@author Johan Danielsson +@author Assar Westerlund +@author last updated $Date: 1997/05/25 21:31:00 $ + +@def@copynext{@vskip 20pt plus 1fil@penalty-1000} +@def@copyrightstart{} +@def@copyrightend{} +@page +@copyrightstart +Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan +(Royal Institute of Technology, Stockholm, Sweden). +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by the Kungliga Tekniska + Högskolan and its contributors. + +4. Neither the name of the Institute nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@copynext + +Copyright (C) 1995 Eric Young (eay@@mincom.oz.au) +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by Eric Young (eay@@mincom.oz.au) + +THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@copynext + +Copyright (c) 1983, 1990 The Regents of the University of California. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by the University of + California, Berkeley and its contributors. + +4. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. + +@copynext + +Copyright (C) 1990 by the Massachusetts Institute of Technology + +Export of this software from the United States of America is assumed +to require a specific license from the United States Government. +It is the responsibility of any person or organization contemplating +export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + +@copynext + +Copyright 1987, 1989 by the Student Information Processing Board + of the Massachusetts Institute of Technology + +Permission to use, copy, modify, and distribute this software +and its documentation for any purpose and without fee is +hereby granted, provided that the above copyright notice +appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, +and that the names of M.I.T. and the M.I.T. S.I.P.B. not be +used in advertising or publicity pertaining to distribution +of the software without specific, written prior permission. +M.I.T. and the M.I.T. S.I.P.B. make no representations about +the suitability of this software for any purpose. It is +provided "as is" without express or implied warranty. + +@copynext + +Copyright 1992 Simmule Turner and Rich Salz. All rights reserved. + +This software is not subject to any license of the American Telephone +and Telegraph Company or of the Regents of the University of California. + +Permission is granted to anyone to use this software for any purpose on +any computer system, and to alter it and redistribute it freely, subject +to the following restrictions: + +1. The authors are not responsible for the consequences of use of this + software, no matter how awful, even if they arise from flaws in it. + +2. The origin of this software must not be misrepresented, either by + explicit claim or by omission. Since few users ever read sources, + credits must appear in the documentation. + +3. Altered versions must be plainly marked as such, and must not be + misrepresented as being the original software. Since few users + ever read sources, credits must appear in the documentation. + +4. This notice may not be removed or altered. + +@copyrightend +@end titlepage + +@c Less filling! Tastes great! +@iftex +@parindent=0pt +@global@parskip 6pt plus 1pt +@global@chapheadingskip = 15pt plus 4pt minus 2pt +@global@secheadingskip = 12pt plus 3pt minus 2pt +@global@subsecheadingskip = 9pt plus 2pt minus 2pt +@end iftex +@ifinfo +@paragraphindent 0 +@end ifinfo + +@ifinfo +@node Top, Introduction, (dir), (dir) +@top KTH-krb +@end ifinfo + +@menu +* Introduction:: +* What is Kerberos?:: +* Installing programs:: +* How to set up a realm:: +* One-Time Passwords:: +* Resolving frequent problems:: +* Acknowledgments:: +* Index:: + + --- The Detailed Node Listing --- + +Installing programs + +* Installing from source:: +* Installing a binary distribution:: +* Finishing the installation:: +* Authentication modules:: + +Finishing the installation + +* Authentication modules:: + +Authentication modules + +* Digital SIA:: +* IRIX:: +* PAM:: + +How to set up a realm + +* How to set up the kerberos server:: +* Install the client programs:: +* Install the kerberised services:: +* Install a slave kerberos server:: +* Cross-realm functionality :: + +How to set up the kerberos server + +* Choose a realm name:: +* Choose a kerberos server:: +* Install the configuration files:: +* Install the /etc/services:: +* Install the kerberos server:: +* Set up the server:: +* Add a few important principals:: +* Start the server:: +* Try to get tickets:: +* Create initial ACL for the admin server:: +* Start the admin server:: +* Add users to the database:: +* Automate the startup of the servers:: + +One-Time Passwords + +* What are one time passwords?:: +* When to use one time passwords?:: +* Configuring OTPs:: + +Resolving frequent problems + +* Problems compiling Kerberos:: +* Common error messages:: +@end menu + +@include intro.texi +@include whatis.texi +@include install.texi +@include setup.texi +@include otp.texi +@include problems.texi +@include ack.texi +@include index.texi + +@c @shortcontents +@contents + +@bye diff --git a/crypto/kerberosIV/doc/latin1.tex b/crypto/kerberosIV/doc/latin1.tex new file mode 100644 index 0000000..e683dd2 --- /dev/null +++ b/crypto/kerberosIV/doc/latin1.tex @@ -0,0 +1,95 @@ +% ISO Latin 1 (ISO 8859/1) encoding for Computer Modern fonts. +% Jan Michael Rynning <jmr@nada.kth.se> 1990-10-12 +\def\inmathmode#1{\relax\ifmmode#1\else$#1$\fi} +\global\catcode`\^^a0=\active \global\let^^a0=~ % no-break space +\global\catcode`\^^a1=\active \global\def^^a1{!`} % inverted exclamation mark +\global\catcode`\^^a2=\active \global\def^^a2{{\rm\rlap/c}} % cent sign +\global\catcode`\^^a3=\active \global\def^^a3{{\it\$}} % pound sign +% currency sign, yen sign, broken bar +\global\catcode`\^^a7=\active \global\let^^a7=\S % section sign +\global\catcode`\^^a8=\active \global\def^^a8{\"{}} % diaeresis +\global\catcode`\^^a9=\active \global\let^^a9=\copyright % copyright sign +% feminine ordinal indicator, left angle quotation mark +\global\catcode`\^^ac=\active \global\def^^ac{\inmathmode\neg}% not sign +\global\catcode`\^^ad=\active \global\let^^ad=\- % soft hyphen +% registered trade mark sign +\global\catcode`\^^af=\active \global\def^^af{\={}} % macron +% ... +\global\catcode`\^^b1=\active \global\def^^b1{\inmathmode\pm} % plus minus +\global\catcode`\^^b2=\active \global\def^^b2{\inmathmode{{^2}}} +\global\catcode`\^^b3=\active \global\def^^b3{\inmathmode{{^3}}} +\global\catcode`\^^b4=\active \global\def^^b4{\'{}} % acute accent +\global\catcode`\^^b5=\active \global\def^^b5{\inmathmode\mu} % mu +\global\catcode`\^^b6=\active \global\let^^b6=\P % pilcroy +\global\catcode`\^^b7=\active \global\def^^b7{\inmathmode{{\cdot}}} +\global\catcode`\^^b8=\active \global\def^^b8{\c{}} % cedilla +\global\catcode`\^^b9=\active \global\def^^b9{\inmathmode{{^1}}} +% ... +\global\catcode`\^^bc=\active \global\def^^bc{\inmathmode{{1\over4}}} +\global\catcode`\^^bd=\active \global\def^^bd{\inmathmode{{1\over2}}} +\global\catcode`\^^be=\active \global\def^^be{\inmathmode{{3\over4}}} +\global\catcode`\^^bf=\active \global\def^^bf{?`} % inverted question mark +\global\catcode`\^^c0=\active \global\def^^c0{\`A} +\global\catcode`\^^c1=\active \global\def^^c1{\'A} +\global\catcode`\^^c2=\active \global\def^^c2{\^A} +\global\catcode`\^^c3=\active \global\def^^c3{\~A} +\global\catcode`\^^c4=\active \global\def^^c4{\"A} % capital a with diaeresis +\global\catcode`\^^c5=\active \global\let^^c5=\AA % capital a with ring above +\global\catcode`\^^c6=\active \global\let^^c6=\AE +\global\catcode`\^^c7=\active \global\def^^c7{\c C} +\global\catcode`\^^c8=\active \global\def^^c8{\`E} +\global\catcode`\^^c9=\active \global\def^^c9{\'E} +\global\catcode`\^^ca=\active \global\def^^ca{\^E} +\global\catcode`\^^cb=\active \global\def^^cb{\"E} +\global\catcode`\^^cc=\active \global\def^^cc{\`I} +\global\catcode`\^^cd=\active \global\def^^cd{\'I} +\global\catcode`\^^ce=\active \global\def^^ce{\^I} +\global\catcode`\^^cf=\active \global\def^^cf{\"I} +% capital eth +\global\catcode`\^^d1=\active \global\def^^d1{\~N} +\global\catcode`\^^d2=\active \global\def^^d2{\`O} +\global\catcode`\^^d3=\active \global\def^^d3{\'O} +\global\catcode`\^^d4=\active \global\def^^d4{\^O} +\global\catcode`\^^d5=\active \global\def^^d5{\~O} +\global\catcode`\^^d6=\active \global\def^^d6{\"O} % capital o with diaeresis +\global\catcode`\^^d7=\active \global\def^^d7{\inmathmode\times}% multiplication sign +\global\catcode`\^^d8=\active \global\let^^d8=\O +\global\catcode`\^^d9=\active \global\def^^d9{\`U} +\global\catcode`\^^da=\active \global\def^^da{\'U} +\global\catcode`\^^db=\active \global\def^^db{\^U} +\global\catcode`\^^dc=\active \global\def^^dc{\"U} +\global\catcode`\^^dd=\active \global\def^^dd{\'Y} +% capital thorn +\global\catcode`\^^df=\active \global\def^^df{\ss} +\global\catcode`\^^e0=\active \global\def^^e0{\`a} +\global\catcode`\^^e1=\active \global\def^^e1{\'a} +\global\catcode`\^^e2=\active \global\def^^e2{\^a} +\global\catcode`\^^e3=\active \global\def^^e3{\~a} +\global\catcode`\^^e4=\active \global\def^^e4{\"a} % small a with diaeresis +\global\catcode`\^^e5=\active \global\let^^e5=\aa % small a with ring above +\global\catcode`\^^e6=\active \global\let^^e6=\ae +\global\catcode`\^^e7=\active \global\def^^e7{\c c} +\global\catcode`\^^e8=\active \global\def^^e8{\`e} +\global\catcode`\^^e9=\active \global\def^^e9{\'e} +\global\catcode`\^^ea=\active \global\def^^ea{\^e} +\global\catcode`\^^eb=\active \global\def^^eb{\"e} +\global\catcode`\^^ec=\active \global\def^^ec{\`\i} +\global\catcode`\^^ed=\active \global\def^^ed{\'\i} +\global\catcode`\^^ee=\active \global\def^^ee{\^\i} +\global\catcode`\^^ef=\active \global\def^^ef{\"\i} +% small eth +\global\catcode`\^^f1=\active \global\def^^f1{\~n} +\global\catcode`\^^f2=\active \global\def^^f2{\`o} +\global\catcode`\^^f3=\active \global\def^^f3{\'o} +\global\catcode`\^^f4=\active \global\def^^f4{\^o} +\global\catcode`\^^f5=\active \global\def^^f5{\~o} +\global\catcode`\^^f6=\active \global\def^^f6{\"o} % small o with diaeresis +\global\catcode`\^^f7=\active \global\def^^f7{\inmathmode\div}% division sign +\global\catcode`\^^f8=\active \global\let^^f8=\o +\global\catcode`\^^f9=\active \global\def^^f9{\`u} +\global\catcode`\^^fa=\active \global\def^^fa{\'u} +\global\catcode`\^^fb=\active \global\def^^fb{\^u} +\global\catcode`\^^fc=\active \global\def^^fc{\"u} +\global\catcode`\^^fd=\active \global\def^^fd{\'y} +% capital thorn +\global\catcode`\^^ff=\active \global\def^^ff{\"y} diff --git a/crypto/kerberosIV/doc/otp.texi b/crypto/kerberosIV/doc/otp.texi new file mode 100644 index 0000000..0a5929f --- /dev/null +++ b/crypto/kerberosIV/doc/otp.texi @@ -0,0 +1,127 @@ +@node One-Time Passwords, Resolving frequent problems, How to set up a realm, Top +@chapter One-Time Passwords + +@cindex OTP +@cindex One time passwords +There is also support for using @dfn{one time passwords} (OTP) in this +package. Specifically @code{login}, @code{ftpd}, and @code{popper} have +support for using them. + +@menu +* What are one time passwords?:: +* When to use one time passwords?:: +* Configuring OTPs:: +@end menu + +@node What are one time passwords?, When to use one time passwords?, One-Time Passwords, One-Time Passwords +@comment node-name, next, previous, up +@section What are one time passwords? + +One time passwords are, as the name implies, passwords that can only +be used once. This means that even if someone is eavesdropping on the +network, they will not be able to make use of the passwords they steal. + +The OTPs used in this package support @cite{RFC 1938}. This standard is +also backwards compatible with the well-known S/Key. There are lots of +programs for generating these on everything from HP 48's to Crays. +@cindex S/Key + +@node When to use one time passwords?, Configuring OTPs, What are one time passwords?, One-Time Passwords +@comment node-name, next, previous, up +@section When to use one time passwords? + +Why would you want to use OTPs instead of Kerberos? The advantage of +OTPs is that they don't require a computer to operate. You can print +out a list of passwords and take with you, or you could use your +calculator or hand-held computer to generate them. + +The downside is that they only protect you against passive attacks. +Only the initial connection is authenticated. After that, anyone can +eavesdrop on your session, so you should not send or view any sensitive +data (e.g. passwords) over a OTP-initiated link. You are also +vulnerable to active attacks where intruders try to take over your +TCP-session and/or introduce data in the middle of it. In other words, +they provide initial authentication, but neither integrity nor +confidentiality. + +The OTPs are generated from the tuple (@var{seed}, @var{sequence +number}, @var{pass-phrase}). The seed and the sequence number will be +printed as part of the @dfn{challenge} and you will have to generate the +corresponding password or pick it from a list. + +In conclusion, they are simple and can be used everywhere but don't +protect against all threats that Kerberos does. Use them when you can't +use Kerberos. + +@node Configuring OTPs, , When to use one time passwords?, One-Time Passwords +@comment node-name, next, previous, up +@section Configuring OTPs + +@heading Initializing + +To initialize your OTPs use the @code{otp} program. This program will +write an entry in a local file on this host with your current password +(in this case the 100th) and the corresponding seed (@samp{foobar}). +@pindex otp + +@example +@cartouche +datan:>otp 100 foobar +Pass-phrase: <pass-phrase> +Verifying password Pass-phrase: <pass-phrase> +@end cartouche +@end example + +@heading Generating + +To print out a list of them there is a program called +@code{otpprint}. +@pindex otpprint + +@example +@cartouche +datan:>otpprint 100 foobar +Pass-phrase: <pass-phrase> +91: SLAM BUY SUP DUSK SKY BEST +92: DEEM SIGH ROB RASH JUG MAT +93: DUET FISK HERS AREA TOLL SUP +94: WOW RAIN LEAK SARA MARK WING +95: COG YELL MILK CART ABE BAWL +96: GROW SILK GIST OMEN CAM ANNE +97: JAG QUAD NUT BEAT BHOY MAGI +98: ADAM USED GENE NIP EYE SIS +99: MY SUNG HERO AT DASH RAKE +100: CORN KNIT BOTH TOGO SOUL BOG +@end cartouche +@end example + +@heading Using the OTPs + +When you try to use one and have initialized a series of +one-time passwords for yourself you will get a challenge with the +algorithm being used, the sequence number, and the seed. Enter those in +your generator or find the corresponding password in your list. + +@example +@cartouche +login: assar +assar's [ otp-md5 99 foobar ] Password: <MY SUNG HERO AT DASH RAKE> +@end cartouche +@end example + +The sequence number of the password will start at one less that the +number you gave to @code{otp} and decrease by one every time you use it. +You should try to keep track of which should be the current one so that +you can be assured that nobody has stolen some of your passwords and +used them. When the number has reached zero you need to acquire a new +series of passwords. + +Once you have initialized your series of passwords, you can always use +them at any password prompt where you get the challenge as shown above. + +@heading Configuring servers + +@code{ftpd}, @code{telnetd}, and @code{popper} can be configured to +require one-time passwords when the connection has not been kerberos +authenticated. Check the man pages for these programs for the correct +options. diff --git a/crypto/kerberosIV/doc/problems.texi b/crypto/kerberosIV/doc/problems.texi new file mode 100644 index 0000000..9e3630e --- /dev/null +++ b/crypto/kerberosIV/doc/problems.texi @@ -0,0 +1,156 @@ +@node Resolving frequent problems, Acknowledgments, One-Time Passwords, Top +@chapter Resolving frequent problems + +@menu +* Problems compiling Kerberos:: +* Common error messages:: +@end menu + +@node Problems compiling Kerberos, Common error messages, Resolving frequent problems, Resolving frequent problems +@section Problems compiling Kerberos + +Many compilers require a switch to become ANSI compliant. Since kth-krb +is written in ANSI C it is necessary to specify the name of the compiler +to be used and the required switch to make it ANSI compliant. This is +most easily done when running configure using the @kbd{env} command. For +instance to build under HP-UX using the native compiler do: + +@cartouche +@example +datan$ env CC="cc -Ae" ./configure +@end example +@end cartouche + +In general @kbd{gcc} works. The following combinations have also been +verified to successfully compile the distribution: + +@table @asis + +@item @samp{HP-UX} +@kbd{cc -Ae} +@item @samp{Digital UNIX} +@kbd{cc -std1} +@item @samp{AIX} +@kbd{xlc} +@item @samp{Solaris 2.x} +@kbd{cc} (unbundled one) +@item @samp{IRIX} +@kbd{cc} + +@end table + +@subheading Linux problems + +Some systems have lost @file{/usr/include/ndbm.h} which is necessary to +build kth-krb correctly. There is a @file{ndbm.h.Linux} right next to +the source distribution. + +There has been reports of non-working @file{libdb} on some Linux +distributions. If that happens, use the @kbd{--without-berkeley-db} +when configuring. + +@subheading HP-UX problems + +The shared library @file{/usr/lib/libndbm.sl} doesn't exist on all +systems. To make problems even worse, there is never an archive version +for static linking either. Therefore, when building ``truly portable'' +binaries first install GNU gdbm or Berkeley DB, and make sure that you +are linking against that library. + +@subheading Cray problems + +@kbd{rlogind} won't work on Crays until @code{forkpty()} has been +ported, in the mean time use @kbd{telnetd}. + +@subheading AIX problems + +@kbd{gcc} version 2.7.2.1 has a bug which makes it miscompile +@file{appl/telnet/telnetd/sys_term.c} (and possibily +@file{appl/bsd/forkpty.c}), if used with too much optimization. + +@subheading C2 problems + +@cindex C2 +The programs that checks passwords works with @file{passwd}, OTP, and +Kerberos paswords. This is problem if you use C2 security (or use some +other password database), that normally keeps passwords in some obscure +place. If you want to use Kerberos with C2 security you will have to +think about what kind of changes are necessary. See also the discussion +about Digital's SIA and C2 security, see @ref{Digital SIA}. + +@node Common error messages, , Problems compiling Kerberos, Resolving frequent problems +@section Common error messages + +These are some of the more obscure error messages you might encounter: + +@table @asis + +@item @samp{Time is out of bounds} + +The time on your machine differs from the time on either the kerberos +server or the machine you are trying to login to. If it isn't obvious +that this is the case, remember that all times are compared in UTC. + +On unix systems you usually can find out what the local time is by doing +@code{telnet machine daytime}. This time (again, usually is the keyword) +is with correction for time-zone and daylight savings. + +If you have problem keeping your clocks synchronized, consider using a +time keeping system such as NTP (see also the discussion in +@ref{Install the client programs}). + +@item @samp{Ticket issue date too far in the future} + +The time on the kerberos server is more than five minutes ahead of the +time on the server. + +@item @samp{Can't decode authenticator} + +This means that there is a mismatch between the service key in the +kerberos server and the service key file on the specific machine. +Either: +@itemize @bullet +@item +the server couldn't find a service key matching the request +@item +the service key (or version number) does not match the key the packet +was encrypted with +@end itemize + +@item @samp{Incorrect network address} + +The address in the ticket does not match the address you sent the +request from. This happens on systems with more than one network +address, either physically or logically. You can list addresses which +should be considered equal in @file{/etc/krb.equiv} on your servers. + +A note to programmers: a server should not pass @samp{*} as the instance +to @samp{krb_rd_req}. It should try to figure out on which interface the +request was received, for instance by using @samp{k_getsockinst}. + +If you change addresses on your computer you invalidate any tickets you +might have. The easiest way to fix this is to get new tickets with the +new address. + +@item @samp{Message integrity error} + +The packet is broken in some way: +@itemize @bullet +@item +the lengths does not match the size of the packet, or +@item +the checksum does not match the contents of the packet +@end itemize + +@item @samp{Can't send request} +There is some problem contacting the kerberos server. Either the server +is down, or it is using the wrong port (compare the entries for +@samp{kerberos-iv} in @file{/etc/services}). The client might also have +failed to guess what kerberos server to talk to (check +@file{/etc/krb.conf} and @file{/etc/krb.realms}). + +@item @samp{Generic kerberos error} +This is a generic catch-all error message. + +@end table + diff --git a/crypto/kerberosIV/doc/setup.texi b/crypto/kerberosIV/doc/setup.texi new file mode 100644 index 0000000..1b4b395 --- /dev/null +++ b/crypto/kerberosIV/doc/setup.texi @@ -0,0 +1,794 @@ +@node How to set up a realm, One-Time Passwords, Installing programs, Top +@chapter How to set up a realm + +@quotation +@flushleft + Who willed you? or whose will stands but mine? + There's none protector of the realm but I. + Break up the gates, I'll be your warrantize. + Shall I be flouted thus by dunghill grooms? + --- King Henry VI, 6.1 +@end flushleft +@end quotation + +@menu +* How to set up the kerberos server:: +* Install the client programs:: +* Install the kerberised services:: +* Install a slave kerberos server:: +* Cross-realm functionality :: +@end menu + +@node How to set up the kerberos server, Install the client programs, How to set up a realm, How to set up a realm +@section How to set up the kerberos server + +@menu +* Choose a realm name:: +* Choose a kerberos server:: +* Install the configuration files:: +* Install the /etc/services:: +* Install the kerberos server:: +* Set up the server:: +* Add a few important principals:: +* Start the server:: +* Try to get tickets:: +* Create initial ACL for the admin server:: +* Start the admin server:: +* Add users to the database:: +* Automate the startup of the servers:: +@end menu + +@node Choose a realm name, Choose a kerberos server, How to set up the kerberos server, How to set up the kerberos server +@subsection Choose a realm name + +A +@cindex realm +realm is an administrative domain. Kerberos realms are usually +written in uppercase and consist of a Internet domain +name@footnote{Using lowercase characters in the realm name might break +in mysterious ways. This really should have been fixed, but has not.}. +Call your realm the same as your Internet domain name if you do not have +strong reasons for not doing so. It will make life easier for you and +everyone else. + +@node Choose a kerberos server, Install the configuration files, Choose a realm name, How to set up the kerberos server +@subsection Choose a kerberos server + +You need to choose a machine to run the +@pindex kerberos +kerberos server program. If the kerberos database residing on this host +is compromised, your entire realm will be compromised. Therefore, this +machine must be as secure as possible. Preferably it should not run any +services other than Kerberos. The secure-minded administrator might +only allow logins on the console. + +This machine has also to be reliable. If it is down, you will not be +able to use any kerberised services unless you have also configured a +slave server (@xref{Install a slave kerberos server}). + +Running the kerberos server requires very little CPU power and a small +amount of disk. An old PC with some hundreds of megabytes of free disk +space should do fine. Most of the disk space will be used for various +logs. + +@node Install the configuration files, Install the /etc/services, Choose a kerberos server, How to set up the kerberos server +@subsection Install the configuration files + +There are two important configuration files: @file{/etc/krb.conf} and +@file{/etc/krb.realms}. +@pindex krb.conf +@pindex krb.realms + +The @file{krb.conf} file determines which machines are servers for +different realms. The format of this file is: + +@example +THIS.REALM +THIS.REALM kerberos.this.realm admin server +THIS.REALM kerberos-1.this.realm +ANOTHER.REALM kerberos.another.realm +@end example + +The first line defines the name of the local realm. Line two defines the +name of the master kerberos server and the database administration +server for this realm. You can define any number of kerberos slave +servers similar to the one defined in line three. The clients will try +to contact the servers in the order they are defined in @file{krb.conf}. + +The @samp{admin server} clause at the first entry states that this is +the master server +@cindex master server +(the one to contact when modifying the database, such as changing +passwords). There should be only one such entry for each realm. + +In the original MIT Kerberos 4 (as in most others), the server +specification could only take the form of a host-name. To facilitate +having kerberos servers in odd places (such as behind a firewall), +support has been added for ports other than the default (750), and +protocols other than UDP. + +The formal syntax for an entry is now +@samp{@var{[proto}/@var{]host[}:@var{port]}}. @var{proto} is either +@samp{udp} or @samp{tcp}, and @var{port} is the port to talk to. Default +value for @var{proto} is @samp{udp} and for @var{port} whatever +@samp{kerberos-iv} is defined to be in @file{/etc/services} or 750 if +undefined. + +If the information about a realm is missing from the @file{krb.conf} +file, or if the information is wrong, the following methods will be +tried in order. + +@enumerate +@item +If you have an SRV-record (@cite{RFC 2052}) for your realm it will be +used. This record should be of the form +@samp{kerberos-iv.@var{protocol}.@var{REALM}}, where @var{proto} is +either @samp{udp} or @samp{tcp}. (Note: the current implementation does +not look at priority or weight when deciding which server to talk to.) +@item +If there isn't any SRV-record, it tries to find a TXT-record for the +same domain. The contents of the record should have the same format as the +host specification in @file{krb.conf}. (Note: this is a temporary +solution if your name server doesn't support SRV records. The clients +should work fine with SRV records, so if your name server supports them, +they are very much preferred.) +@item +If no valid kerberos server is found, it will try to talk udp to the +service @samp{kerberos-iv} with fall-back to port 750 with +@samp{kerberos.@var{REALM}} (which is also assumed to be the master +server), and then @samp{kerberos-1.@var{REALM}}, +@samp{kerberos-2.@var{REALM}}, and so on. +@end enumerate + +We strongly recommend that you add a CNAME @samp{kerberos.@var{REALM}} +pointing to your kerberos master server. + +The @file{krb.realms} file is used to find out what realm a particular +host belongs to. An example of this file could look like: + +@example +this.realm THIS.REALM +.this.realm THIS.REALM +foo.com SOME.OTHER.REALM +www.foo.com A.STRANGE.REALM +.foo.com FOO.REALM +@end example + +Entries starting with a dot are taken as the name of a domain. Entries +not starting with a dot are taken as a host-name. The first entry matched +is used. The entry for @samp{this.realm} is only necessary if there is a +host named @samp{this.realm}. + +If no matching realm is found in @file{krb.realms}, DNS is searched for +the correct realm. For example, if we are looking for host @samp{a.b.c}, +@samp{krb4-realm.a.b.c} is first tried and then @samp{krb4-realm.b.c} +and so on. The entry should be a TXT record containing the name of the +realm, such as: + +@example +krb4-realm.pdc.kth.se. 7200 TXT "NADA.KTH.SE" +@end example + +If this didn't help the domain name sans the first part in uppercase is +tried. + +The plain vanilla version of Kerberos doesn't have any fancy methods of +getting realms and servers so it is generally a good idea to keep +@file{krb.conf} and @file{krb.realms} up to date. + +@node Install the /etc/services, Install the kerberos server, Install the configuration files, How to set up the kerberos server +@subsection Updating /etc/services + +You should append or merge the contents of @file{services.append} to +your @file{/etc/services} files or NIS-map. Remove any unused factory +installed kerberos port definitions to avoid possible conflicts. +@pindex services + +Most of the programs will fall back to the default ports if the port +numbers are not found in @file{/etc/services}, but it is convenient to +have them there anyway. + +@node Install the kerberos server, Set up the server, Install the /etc/services, How to set up the kerberos server +@subsection Install the kerberos server + +You should have already chosen the machine where you want to run the +kerberos server and the realm name. The machine should also be as +secure as possible (@xref{Choose a kerberos server}) before installing +the kerberos server. In this example, we will install a kerberos server +for the realm @samp{FOO.SE} on a machine called @samp{hemlig.foo.se}. + +@node Set up the server, Add a few important principals, Install the kerberos server, How to set up the kerberos server +@subsection Setup the server + +Login as root on the console of the kerberos server. Add +@file{/usr/athena/bin} and @file{/usr/athena/sbin} to your path. Run +@kbd{kdb_init}: +@pindex kdb_init + +@example +@cartouche +hemlig# kdb_init +Realm name [default FOO.SE ]: +You will be prompted for the database Master Password. +It is important that you NOT FORGET this password. + +Enter Kerberos master password: +Verifying password +Enter Kerberos master password: +@end cartouche +@end example + +If you have set up the configuration files correctly, @kbd{kdb_init} +should choose the correct realm as the default, otherwise a (good) guess +is made. Enter the master password. + +This password will only be used for encrypting the kerberos database on +disk and for generating new random keys. You will not have to remember +it, only to type it again when you run @kbd{kstash}. Choose something +long and random. Now run @kbd{kstash} using the same password: +@pindex kstash + +@example +@cartouche +hemlig# kstash + +Enter Kerberos master password: + +Current Kerberos master key version is 1. + +Master key entered. BEWARE! +Wrote master key to /.k +@end cartouche +@end example + +After entering the same master password it will be saved in the file +@file{/.k} and the kerberos server will read it when needed. Write down +the master password and put it in a sealed envelope in a safe, you might +need it if your disk crashes or should you want to set up a slave +server. + +@code{kdb_init} initializes the database with a few entries: + +@table @samp +@item krbtgt.@var{REALM} +The key used for authenticating to the kerberos server. + +@item changepw.kerberos +The key used for authenticating to the administrative server, i.e. when +adding users, changing passwords, and so on. + +@item default +This entry is copied to new items when these are added. Enter here the +values you want new entries to have, particularly the expiry date. + +@item K.M +This is the master key and it is only used to verify that the master key +that is saved un-encrypted in @file{/.k} is correct and corresponds to +this database. + +@end table + +@code{kstash} only reads the master password and writes it to +@file{/.k}. This enables the kerberos server to start without you +having to enter the master password. This file (@file{/.k}) is only +readable by root and resides on a ``secure'' machine. + +@node Add a few important principals, Start the server, Set up the server, How to set up the kerberos server +@subsection Add a few important principals + +Now the kerberos database has been created, containing only a few +principals. The next step is to add a few more so that you can test +that it works properly and so that you can administer your realm without +having to use the console on the kerberos server. Use @kbd{kdb_edit} +to edit the kerberos database directly on the server. +@pindex kdb_edit + +@code{kdb_edit} is intended as a bootstrapping and fall-back mechanism +for editing the database. For normal purposes, use the @code{kadmin} +program (@xref{Add users to the database}). + +The following example shows the adding of the principal +@samp{nisse.admin} into the kerberos database. This principal is used +by @samp{nisse} when administrating the kerberos database. Later on the +normal principal for @samp{nisse} will be created. Replace @samp{nisse} +and @samp{password} with your own username and password. + +@example +@cartouche +hemlig# kdb_edit -n +Opening database... +Current Kerberos master key version is 1. + +Master key entered. BEWARE! +Previous or default values are in [brackets] , +enter return to leave the same, or new value. + +Principal name: <nisse> +Instance: <admin> + +<Not found>, Create [y] ? <> + +Principal: nisse, Instance: admin, kdc_key_ver: 1 +New Password: <password> +Verifying password +New Password: <password> + +Principal's new key version = 1 +Expiration date (enter yyyy-mm-dd) [ 2000-01-01 ] ? <> +Max ticket lifetime (*5 minutes) [ 255 ] ? <> +Attributes [ 0 ] ? <> +Edit O.K. +Principal name: <> +@end cartouche +@end example + +@code{kdb_edit} will loop until you hit the @kbd{return} key at the +``Principal name'' prompt. Now you have added nisse as an administrator. + +@node Start the server, Try to get tickets, Add a few important principals, How to set up the kerberos server +@subsection Start the server + +@pindex kerberos +@example +@cartouche +hemlig# /usr/athena/libexec/kerberos & +Kerberos server starting +Sleep forever on error +Log file is /var/log/kerberos.log +Current Kerberos master key version is 1. + +Master key entered. BEWARE! + +Current Kerberos master key version is 1 +Local realm: FOO.SE +@end cartouche +@end example + +@node Try to get tickets, Create initial ACL for the admin server, Start the server, How to set up the kerberos server +@subsection Try to get tickets + +You can now verify that these principals have been added and that the +server is working correctly. + +@pindex kinit +@example +@cartouche +hemlig# kinit +eBones International (hemlig.foo.se) +Kerberos Initialization +Kerberos name: <nisse.admin> +Password: <password> +@end cartouche +@end example + +If you do not get any error message from @code{kinit}, then everything +is working (otherwise, see @ref{Common error messages}). Use +@code{klist} to verify the tickets you acquired with @code{kinit}: + +@pindex klist +@example +@cartouche +hemlig# klist +Ticket file: /tmp/tkt0 +Principal: nisse.admin@@FOO.SE + +Issued Expires Principal +May 24 21:06:03 May 25 07:06:03 krbtgt.FOO.SE@@FOO.SE +@end cartouche +@end example + +@node Create initial ACL for the admin server, Start the admin server, Try to get tickets, How to set up the kerberos server +@subsection Create initial ACL for the admin server + +The admin server, @code{kadmind}, uses a series of files to determine who has +@pindex kadmind +the right to perform certain operations. The files are: +@file{admin_acl.add}, @file{admin_acl.get}, @file{admin_acl.del}, and +@file{admin_acl.mod}. Create these with @samp{nisse.admin@@FOO.SE} as +the contents. +@pindex admin_acl.add +@pindex admin_acl.get +@pindex admin_acl.del +@pindex admin_acl.mod + +@example +@cartouche +hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.add +hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.get +hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.mod +hemlig# echo "nisse.admin@@FOO.SE" > /var/kerberos/admin_acl.del +@end cartouche +@end example + +Later on you may wish to add more users with administration +privileges. Make sure that you create both the administration principals +and add them to the admin server ACL. + +@node Start the admin server, Add users to the database, Create initial ACL for the admin server, How to set up the kerberos server +@subsection Start the admin server + +@pindex kadmind +@example +@cartouche +hemlig# /usr/athena/libexec/kadmind & +KADM Server KADM0.0A initializing +Please do not use 'kill -9' to kill this job, use a +regular kill instead + +Current Kerberos master key version is 1. + +Master key entered. BEWARE! +@end cartouche +@end example + +@node Add users to the database, Automate the startup of the servers, Start the admin server, How to set up the kerberos server +@subsection Add users to the database + +Use the @code{kadmin} client to add users to the database: +@pindex kadmin + +@example +@cartouche +hemlig# kadmin -u nisse.admin -m +Welcome to the Kerberos Administration Program, version 2 +Type "help" if you need it. +admin: <add nisse> +Admin password: <nisse.admin's password> +Maximum ticket lifetime? (255) [Forever] +Attributes? [0x00] +Expiration date (enter yyyy-mm-dd) ? [Sat Jan 1 05:59:00 2000] +Password for nisse: +Verifying password Password for nisse: +nisse added to database. +@end cartouche +@end example + +Add whatever other users you want to have in the same way. Verify that +a user is in the database and check the database entry for that user: + +@example +@cartouche +admin: <get nisse> +Info in Database for nisse.: +Max Life: 255 (Forever) Exp Date: Sat Jan 1 05:59:59 2000 + +Attribs: 00 key: 0 0 +admin: <^D> +Cleaning up and exiting. +@end cartouche +@end example + +@node Automate the startup of the servers, , Add users to the database, How to set up the kerberos server +@subsection Automate the startup of the servers + +Add the lines that were used to start the kerberos server and the +admin server to your startup scripts (@file{/etc/rc} or similar). +@pindex rc + +@node Install the client programs, Install the kerberised services, How to set up the kerberos server, How to set up a realm +@section Install the client programs + +Making a machine a kerberos client only requires a few steps. First you +might need to change the configuration files as with the kerberos +server. (@xref{Install the configuration files} and @ref{Install the +/etc/services}.) Also you need to make the programs in +@file{/usr/athena/bin} available. This can be done by adding the +@file{/usr/athena/bin} directory to the users' paths, by making symbolic +links, or even by copying the programs. + +You should also verify that the local time on the client is synchronised +with the time on the kerberos server by some means. The maximum allowed +time difference between the participating servers and a client is 5 +minutes. +@cindex NTP. +One good way to synchronize the time is NTP (Network Time Protocol), see +@code{http://www.eecis.udel.edu/~ntp/}. + +If you need to run the client programs on a machine where you do not +have root-access, you can hopefully just use the binaries and no +configuration will be needed. The heuristics used are mentioned above +(see @ref{Install the configuration files}). If this is not the case +and you need to have @file{krb.conf} and/or @file{krb.realms}, you can +copy them into a directory of your choice and +@pindex krb.conf +@pindex krb.realms +set the environment variable @var{KRBCONFDIR} to point at this +@cindex KRBCONFDIR +directory. + +To test the client functionality, run the @code{kinit} program: + +@example +@cartouche +foo$ kinit +eBones International (foo.foo.se) +Kerberos Initialization +Kerberos name: <nisse> +Password: <password> + +foo$ klist +Ticket file: /tmp/tkt4711 +Principal: nisse@@FOO.SE + +Issued Expires Principal +May 24 21:06:03 May 25 07:06:03 krbtgt.FOO.SE@@FOO.SE +@end cartouche +@end example + +@node Install the kerberised services, Install a slave kerberos server, Install the client programs, How to set up a realm +@section Install the kerberised services + +These includes @code{rsh}, @code{rlogin}, @code{telnet}, @code{ftp}, +@code{rxtelnet}, and so on. +@pindex rsh +@pindex rlogin +@pindex telnet +@pindex ftp +@pindex rxtelnet + +First follow the steps mentioned in the prior section to make it a +client and verify its operation. Change @file{inetd.conf} next to use +the new daemons. Look at the file +@pindex inetd.conf +@file{etc/inetd.conf.changes} to see the changes that we recommend you +perform on @file{inetd.conf}. + +You should at this point decide what services you want to run on +each machine. + +@subsection rsh, rlogin, and rcp +@pindex rsh +@pindex rlogin +@pindex rcp + +These exist in kerberised versions and ``old-style'' versions. The +different versions use different port numbers, so you can choose none, +one, or both. If you do not want to use ``old-style'' r* services, you +can let the programs output the text ``Remote host requires Kerberos +authentication'' instead of just refusing connections to that port. +This is enabled with the @samp{-v} option. The kerberised services +exist in encrypted and non-encrypted versions. The encrypted services +have an ``e'' prepended to the name and the programs take @samp{-x} as an +option indicating encryption. + +Our recommendation is to only use the kerberised services and give +explanation messages for the old ports. + +@subsection telnet +@pindex telnet + +The telnet service always uses the same port and negotiates as to which +authentication method should be used. The @code{telnetd} program has +@pindex telnetd +an option ``-a user'' that only allows kerberised and authenticated +connections. If this is not included, it falls back to using clear text +passwords. For obvious reasons, we recommend that you enable this +option. If you want to use one-time passwords (@xref{One-Time +Passwords}) you can use the ``-a otp'' option which will allow OTPs or +kerberised connections. + +@subsection ftp +@pindex ftp + +The ftp service works as telnet does, with just one port being used. By +default only kerberos authenticated connections are allowed. You can +specify additional levels that are thus allowed with these options: + +@table @asis +@item @kbd{-a otp} +Allow one-time passwords (@xref{One-Time Passwords}). +@item @kbd{-a ftp} +Allow anonymous login (as user ``ftp'' or ``anonymous''). +@item @kbd{-a safe} +The same as @kbd{-a ftp}, for backwards compatibility. +@item @kbd{-a plain} +Allow clear-text passwords. +@item @kbd{-a none} +The same as @kbd{-a ftp -a plain}. +@item @kbd{-a user} +A no-op, also there for backwards compatibility reasons. +@end table + +When running anonymous ftp you should read the man page on @code{ftpd} +which explains how to set it up. + +@subsection pop +@pindex popper + +The Post Office Protocol (POP) is used to retrieve mail from the mail +hub. The @code{popper} program implements the standard POP3 protocol +and the kerberised KPOP. Use the @samp{-k} option to run the kerberos +version of the protocol. This service should only be run on your mail +hub. + +@subsection kx +@pindex kx + +@code{kx} allows you to run X over a kerberos-authenticated and +encrypted connection. This program is used by @code{rxtelnet}, +@code{tenletxr}, and @code{rxterm}. + +If you have some strange kind of operating system with X libraries that +do not allow you to use unix-sockets, you need to specify the @samp{-t} +@pindex kxd +option to @code{kxd}. Otherwise it should be sufficient by adding the +daemon in @file{inetd.conf}. + +@subsection kauth +@pindex kauth + +This service allows you to create tickets on a remote host. To +enable it just insert the corresponding line in @file{inetd.conf}. + +@section srvtabs +@pindex srvtab + +In the same way every user needs to have a password registered with +the kerberos server, every service needs to have a shared key with the +kerberos server. The service keys are stored in a file, usually called +@file{/etc/srvtab}. This file should not be readable to anyone but +root, in order to keep the key from being divulged. The name of this principal +in the kerberos database is usually the service and the host. The key +for the pop service is called @samp{pop.@var{hostname}}. The one for +rsh/rlogin/telnet is named @samp{rcmd.@var{hostname}}. (rcmd comes from +``remote command''). To create these keys you will use the the +@code{ksrvutil} program. Perform the +@pindex ksrvutil +following: + +@example +@cartouche +bar# ksrvutil -p nisse.admin get +Name [rcmd]: <> +Instance [bar]: <> +Realm [FOO.SE]: <> +Is this correct? (y,n) [y] <> +Add more keys? (y,n) [n] <> +Password for nisse.admin@@FOO.SE: <nisse.admin's password> +Written rcmd.bar +rcmd.bar@@FOO.SE +Old keyfile in /etc/srvtab.old. +@end cartouche +@end example + +@subsection Complete test of the kerberised services + +Obtain a ticket on one machine (@samp{foo}) and use it to login with a +kerberised service to a second machine (@samp{bar}). The test should +look like this if successful: + +@example +@cartouche +foo$ kinit nisse +eBones International (foo.foo.se) +Kerberos Initialization for "nisse" +Password: <nisse's password> +foo$ klist +Ticket file: /tmp/tkt4711 +Principal: nisse@@FOO.SE + +Issued Expires Principal +May 30 13:48:03 May 30 23:48:03 krbtgt.FOO.SE@@FOO.SE +foo$ telnet bar +Trying 17.17.17.17... +Connected to bar.foo.se +Escape character is '^]'. +[ Trying mutual KERBEROS4 ... ] +[ Kerberos V4 accepts you ] +[ Kerberos V4 challenge successful ] +bar$ +@end cartouche +@end example + +You can also try with @code{rsh}, @code{rcp}, @code{rlogin}, +@code{rlogin -x}, and some other commands to see that everything is +working all right. + +@node Install a slave kerberos server, Cross-realm functionality , Install the kerberised services, How to set up a realm +@section Install a slave kerberos server + +It is desirable to have at least one backup (slave) server in case the +master server fails. It is possible to have any number of such slave +servers but more than three usually doesn't buy much more redundancy. + +First select a good server machine. @xref{Choose a kerberos +server}. Since the master and slave servers will use copies of the same +database, they need to use the same master key. + +On the master, add a @samp{rcmd.kerberos} principal (using +@samp{ksrvutil get}). The +@pindex kprop +@code{kprop} program, running on the master, will use this when +authenticating to the +@pindex kpropd +@code{kpropd} daemons running on the slave servers. + +On your master server, create a file, e.g. @file{/var/kerberos/slaves}, +that contains the hostnames of your kerberos slave servers. + +Start @code{kpropd} with @samp{kpropd -i} on your slave servers. + +On your master server, create a dump of the database with @samp{kdb_util +slave_dump /var/kerberos/slave_dump}, and then run @code{kprop}. + +You should now have copies of the database on your slave servers. You +can verify this by issuing @samp{kdb_util dump @var{file}} on your +slave servers, and comparing with the original file on the master +server. Note that the entries will not be in the same order. + +This procedure should be automated with a script run regularly by cron, +for instance once an hour. + +To start the kerberos server on slaves, you first have to copy the +master key from the master server. You can do this either by remembering +the master password and issuing @samp{kstash}, or you can just copy the +keyfile. Remember that if you copy the file, do so on a safe media, not +over the network. Good means include floppy or paper. Paper is better, +since it is easier to swallow afterwards. + +The kerberos server should be started with @samp{-s} on the slave +servers. This enables sanity checks, for example checking the time since +the last update from the master. + +All changes to the database are made by @code{kadmind} at the master, +and then propagated to the slaves, so you should @strong{not} run +@code{kadmind} on the slaves. + +Finally add the slave servers to +@file{/etc/krb.conf}. The clients will ask the servers in the order +specified by that file. + +Consider adding CNAMEs to your slave servers, see @ref{Install the +configuration files}. + +@node Cross-realm functionality , , Install a slave kerberos server, How to set up a realm +@section Cross-realm functionality + +Suppose you are residing in the realm @samp{MY.REALM}, how do you +authenticate to a server in @samp{OTHER.REALM}? Having valid tickets in +@samp{MY.REALM} allows you to communicate with kerberised services in that +realm. However, the computer in the other realm does not have a secret +key shared with the kerberos server in your realm. + +It is possible to add a shared key between two realms that trust each +other. When a client program, such as @code{telnet}, finds that the +other computer is in a different realm, it will try to get a ticket +granting ticket for that other realm, but from the local kerberos +server. With that ticket granting ticket, it will then obtain service +tickets from the kerberos server in the other realm. + +To add this functionality you have to add a principal to each realm. The +principals should be @samp{krbtgt.OTHER.REALM} in @samp{MY.REALM}, and +@samp{krbtgt.MY.REALM} in @samp{OTHER.REALM}. The two different +principals should have the same key (and key version number). Remember +to transfer this key in a safe manner. This is all that is required. + +@example +@cartouche +blubb$ klist +Ticket file: /tmp/tkt3008 +Principal: joda@@NADA.KTH.SE + + Issued Expires Principal +Jun 7 02:26:23 Jun 7 12:26:23 krbtgt.NADA.KTH.SE@@NADA.KTH.SE +blubb$ telnet agat.e.kth.se +Trying 130.237.48.12... +Connected to agat.e.kth.se. +Escape character is '^]'. +[ Trying mutual KERBEROS4 ... ] +[ Kerberos V4 accepts you ] +[ Kerberos V4 challenge successful ] +Last login: Sun Jun 2 20:51:50 from emma.pdc.kth.se + +agat$ exit +Connection closed by foreign host. +blubb$ klist +Ticket file: /tmp/tkt3008 +Principal: joda@@NADA.KTH.SE + + Issued Expires Principal +Jun 7 02:26:23 Jun 7 12:26:23 krbtgt.NADA.KTH.SE@@NADA.KTH.SE +Jun 7 02:26:50 Jun 7 12:26:50 krbtgt.E.KTH.SE@@NADA.KTH.SE +Jun 7 02:26:51 Jun 7 12:26:51 rcmd.agat@@E.KTH.SE +@end cartouche +@end example diff --git a/crypto/kerberosIV/doc/whatis.texi b/crypto/kerberosIV/doc/whatis.texi new file mode 100644 index 0000000..16989bb --- /dev/null +++ b/crypto/kerberosIV/doc/whatis.texi @@ -0,0 +1,137 @@ +@node What is Kerberos?, Installing programs, Introduction, Top +@chapter What is Kerberos? + +@quotation +@flushleft + Now this Cerberus had three heads of dogs, + the tail of a dragon, and on his back the + heads of all sorts of snakes. + --- Pseudo-Apollodorus Library 2.5.12 +@end flushleft +@end quotation + +Kerberos is a system for authenticating users and services on a network. +It is built upon the assumption that the network is ``unsafe''. For +example, data sent over the network can be eavesdropped and altered, and +addresses can also be faked. Therefore they cannot be used for +authentication purposes. +@cindex authentication + +Kerberos is a trusted third-party service. That means that there is a +third party (the kerberos server) that is trusted by all the entities on +the network (users and services, usually called @dfn{principals}). All +principals share a secret password (or key) with the kerberos server and +this enables principals to verify that the messages from the kerberos +server are authentic. Thus trusting the kerberos server, users and +services can authenticate each other. + +@section Basic mechanism + +@ifinfo +@macro sub{arg} +<\arg\> +@end macro +@end ifinfo + +@tex +@def@xsub#1{$_{#1}$} +@global@let@sub=@xsub +@end tex + +In Kerberos, principals use @dfn{tickets} to prove that they are who +they claim to be. In the following example, @var{A} is the initiator of +the authentication exchange, usually a user, and @var{B} is the service +that @var{A} wishes to use. + +To obtain a ticket for a specific service, @var{A} sends a ticket +request to the kerberos server. The request basically contains @var{A}'s +and @var{B}'s names. The kerberos server checks that both @var{A} and +@var{B} are valid principals. + +Having verified the validity of the principals, it creates a packet +containing @var{A}'s and @var{B}'s names, @var{A}'s network address +(@var{A@sub{addr}}), the current time (@var{t@sub{issue}}), the lifetime +of the ticket (@var{life}), and a secret @dfn{session key} +@cindex session key +(@var{K@sub{AB}}). This packet is encrypted with @var{B}'s secret key +(@var{K@sub{B}}). The actual ticket (@var{T@sub{AB}}) looks like this: +(@{@var{A}, @var{B}, @var{A@sub{addr}}, @var{t@sub{issue}}, @var{life}, +@var{K@sub{AB}}@}@var{K@sub{B}}). + +The reply to @var{A} consists of the ticket (@var{T@sub{AB}}), @var{B}'s +name, the current time, the lifetime of the ticket, and the session key, all +encrypted in @var{A}'s secret key (@{@var{B}, @var{t@sub{issue}}, +@var{life}, @var{K@sub{AB}}, @var{T@sub{AB}}@}@var{K@sub{A}}). @var{A} +decrypts the reply and retains it for later use. + +@sp 1 + +Before sending a message to @var{B}, @var{A} creates an authenticator +consisting of @var{A}'s name, @var{A}'s address, the current time, and a +``checksum'' chosen by @var{A}, all encrypted with the secret session +key (@{@var{A}, @var{A@sub{addr}}, @var{t@sub{current}}, +@var{checksum}@}@var{K@sub{AB}}). This is sent together with the ticket +received from the kerberos server to @var{B}. Upon reception, @var{B} +decrypts the ticket using @var{B}'s secret key. Since the ticket +contains the session key that the authenticator was encrypted with, +@var{B} can now also decrypt the authenticator. To verify that @var{A} +really is @var{A}, @var{B} now has to compare the contents of the ticket +with that of the authenticator. If everything matches, @var{B} now +considers @var{A} as properly authenticated. + +@c (here we should have some more explanations) + +@section Different attacks + +@subheading Impersonating A + +An impostor, @var{C} could steal the authenticator and the ticket as it +is transmitted across the network, and use them to impersonate +@var{A}. The address in the ticket and the authenticator was added to +make it more difficult to perform this attack. To succeed @var{C} will +have to either use the same machine as @var{A} or fake the source +addresses of the packets. By including the time stamp in the +authenticator, @var{C} does not have much time in which to mount the +attack. + +@subheading Impersonating B + +@var{C} can hijack @var{B}'s network address, and when @var{A} sends +her credentials, @var{C} just pretend to verify them. @var{C} can't +be sure that she is talking to @var{A}. + +@section Defense strategies + +It would be possible to add a @dfn{replay cache} +@cindex replay cache +to the server side. The idea is to save the authenticators sent during +the last few minutes, so that @var{B} can detect when someone is trying +to retransmit an already used message. This is somewhat impractical +(mostly regarding efficiency), and is not part of Kerberos 4; MIT +Kerberos 5 contains it. + +To authenticate @var{B}, @var{A} might request that @var{B} sends +something back that proves that @var{B} has access to the session +key. An example of this is the checksum that @var{A} sent as part of the +authenticator. One typical procedure is to add one to the checksum, +encrypt it with the session key and send it back to @var{A}. This is +called @dfn{mutual authentication}. + +The session key can also be used to add cryptographic checksums to the +messages sent between @var{A} and @var{B} (known as @dfn{message +integrity}). Encryption can also be added (@dfn{message +confidentiality}). This is probably the best approach in all cases. +@cindex integrity +@cindex confidentiality + +@section Further reading + +The original paper on Kerberos from 1988 is @cite{Kerberos: An +Authentication Service for Open Network Systems}, by Jennifer Steiner, +Clifford Neuman and Jeffrey I. Schiller. + +A less technical description can be found in @cite{Designing an +Authentication System: a Dialogue in Four Scenes} by Bill Bryant, also +from 1988. + +These and several other documents can be found on our web-page. diff --git a/crypto/kerberosIV/eBones-p9.README b/crypto/kerberosIV/eBones-p9.README new file mode 100644 index 0000000..8442985 --- /dev/null +++ b/crypto/kerberosIV/eBones-p9.README @@ -0,0 +1,26 @@ +The file eBones-p9.patch.Z is the compressed patch for Bones (patchlevel 9) +that puts back the calls to the DES encryption libraries. + +eBones-p9-des.tar.Z is a compressed tar file of MIT compatible +des encryption routines. Install these routines in src/lib/des. +The des_quad_cksum is not compatible with the MIT version +but I should fix that when I have access to ultrix 4 +* [It has now been fixed and is the same as MIT's] +(it has a binary copy of libdes.a)). There are two extra routines, +des_enc_read and des_enc_write. These routines are used in the +kerberos rcp, rlogin and rlogind to encrypt all network traffic. + +eBones-p9.tar.Z is a compressed tar file of Bones (patchlevel 9) +with the eBones-p9.patch applied and eBones-p9-des.tar.Z installed. + +When applying the patch to Bones, don't do a +find src -name "*.orig" -exec /bin/rm {} \; +There is a file called src/util/ss/ss.h.orig that is needed and +the above find will remove it. + +The Imakefile in src/lib/des assumes you have gcc. If you don't, +you will have to change the Imakefile. Compile this directory with +the maximum optimization your compiler has available. + +These modifications have been successfully unpacked and compiled +on a microvax 3600. diff --git a/crypto/kerberosIV/etc/README b/crypto/kerberosIV/etc/README new file mode 100644 index 0000000..68865ec --- /dev/null +++ b/crypto/kerberosIV/etc/README @@ -0,0 +1,41 @@ + + How to update your files in the /etc directory! + +/etc/services (all machines) + + The contents of services.append can probably just be appended to +your local file. If you use NIS (YP) you need to do this on the NIS +master. Delete and duplicate definitions to prevent inconsistencies. + +/etc/krb.conf (all machines) + + Create a krb.conf file by substituting MY.REALM.NAME with your +domain name. If you create a domain name alias (CNAME) kerberos.domain +pointing to your master server, unconfigured clients will have a +chance to find your realm. + + It is no longer necessary to put each and every realm in +krb.{conf,realms}. If the domain name matches your realm name and you +have a CNAME kerberos.REALMNAME pointing at your kerberos server other +sites will find your realm even if it is not listed in krb.conf. +*** Please add this CNAME to your local DNS *** + +/etc/krb.realms (all machines) + + Substitue MY.REALM.NAME in krb.realms with your domain name. + Not strictly necessary when domain and realm names match. + +/etc/inetd.conf (all machines supporting incoming telnet, rsh etc.) + + Comment out the lines starting with shell, login and telnet and +append inetd.conf.changes. Be carefull to check that there are no +additional old entries of kshell, ekshell, klogin and eklogin left. + + The -v option to rshd and rlogin turns off that service and echo +an informational message to the user. + +/etc/srvtab + + With 'ksrvutil get' you can add entries to the Kerberos database and +put the service keys into your srvtab file. + diff --git a/crypto/kerberosIV/etc/default.login b/crypto/kerberosIV/etc/default.login new file mode 100644 index 0000000..f01b2ee --- /dev/null +++ b/crypto/kerberosIV/etc/default.login @@ -0,0 +1,47 @@ +# +# Sample /etc/default/login file, read by the login program +# +# For more info consult SysV login(1) +# +# Most things are environment variables. +# HZ and TZ are set only if they are still uninitialized. + +# This really variable TZ +#TIMEZONE=EST5EDT + +#HZ=100 + +# File size limit, se ulimit(2). +# Note that the limit must be specified in units of 512-byte blocks. +#ULIMIT=0 + +# If CONSOLE is set, root can only login on that device. +# When not set root can log in on any device. +#CONSOLE=/dev/console + +# PASSREQ determines if login requires a password. +PASSREQ=YES + +# ALTSHELL, really set SHELL=/bin/bash or other shell +# Extension: when ALTSHELL=YES, we set the SHELL variable even if it is /bin/sh +ALTSHELL=YES + +# Default PATH +#PATH=/usr/bin: + +# Default PATH for root user +#SUPATH=/usr/sbin:/usr/bin + +# TIMEOUT sets the number of seconds (between 0 and 900) to wait before +# abandoning a login session. +# +#TIMEOUT=300 + +# Use this for default umask(2) value +#UMASK=022 + +# Sleeptime between failed logins +# SLEEPTIME + +# Maximum number of failed login attempts, well the user can always reconnect +# MAXTRYS diff --git a/crypto/kerberosIV/etc/fbtab b/crypto/kerberosIV/etc/fbtab new file mode 100644 index 0000000..3e21376 --- /dev/null +++ b/crypto/kerberosIV/etc/fbtab @@ -0,0 +1,15 @@ +# Sample /etc/fbtab file read by the login program +# This file can also be called /etc/logindevperm. + +# Use this to give away devices to the console user. The group of the +# devices is set to the owner's group specified in /etc/passwd. +# +# First column specifies the console device. +# +# Second the mode bits of the given away devices +# +# Third is a : separated list of devices to give away + +# console mode devices +/dev/console 0600 /dev/console:/dev/mouse +/dev/console 0600 /dev/floppy diff --git a/crypto/kerberosIV/etc/hosts.equiv b/crypto/kerberosIV/etc/hosts.equiv new file mode 100644 index 0000000..2fbb50c --- /dev/null +++ b/crypto/kerberosIV/etc/hosts.equiv @@ -0,0 +1 @@ +localhost diff --git a/crypto/kerberosIV/etc/inetd.conf.changes b/crypto/kerberosIV/etc/inetd.conf.changes new file mode 100644 index 0000000..a9721a0 --- /dev/null +++ b/crypto/kerberosIV/etc/inetd.conf.changes @@ -0,0 +1,33 @@ +# +# $Id: inetd.conf.changes,v 1.12 1996/10/27 11:58:02 bg Exp $ +# +# Turn off vanilla rshd and rlogind with an informational message. +# If you really want this security problem remove the '-v' option! +shell stream tcp nowait root /usr/athena/libexec/rshd rshd -l -L -v +login stream tcp nowait root /usr/athena/libexec/rlogind rlogind -l -v +# +# Kerberos rsh +kshell stream tcp nowait root /usr/athena/libexec/rshd rshd -L -k +ekshell stream tcp nowait root /usr/athena/libexec/rshd rshd -L -k -x +ekshell2 stream tcp nowait root /usr/athena/libexec/rshd rshd -L -k -x +# +# Kerberos rlogin +klogin stream tcp nowait root /usr/athena/libexec/rlogind rlogind -k +eklogin stream tcp nowait root /usr/athena/libexec/rlogind rlogind -k -x +# +# Kerberized telnet and ftp, consider adding '-a user' to +# disallow cleartext passwords to both telnetd and ftpd. +telnet stream tcp nowait root /usr/athena/libexec/telnetd telnetd -a none +ftp stream tcp nowait root /usr/athena/libexec/ftpd ftpd -a none +# +# Kerberized POP. Server principal is pop.hostname, *not* rcmd.hostname! +#kpop stream tcp nowait root /usr/athena/libexec/popper popper -k +# +# Old POP3 with passwords in clear (not recommended, uses cleartext passwords) +#pop3 stream tcp nowait root /usr/athena/libexec/popper popper +# +# Kauthd, support for putting tickets on other machines in a secure fashion. +kauth stream tcp nowait root /usr/athena/libexec/kauthd kauthd +# +# Encrypted X connections +kx stream tcp nowait root /usr/athena/libexec/kxd kxd diff --git a/crypto/kerberosIV/etc/krb.conf b/crypto/kerberosIV/etc/krb.conf new file mode 100644 index 0000000..6114c85 --- /dev/null +++ b/crypto/kerberosIV/etc/krb.conf @@ -0,0 +1,56 @@ +MY.REALM.NAME +MY.REALM.NAME kerberos.MY.REALM.NAME admin server +SICS.SE kerberos.sics.se admin server +NADA.KTH.SE kerberos.nada.kth.se admin server +NADA.KTH.SE sysman.nada.kth.se +NADA.KTH.SE server.nada.kth.se +ADMIN.KTH.SE ulysses.admin.kth.se admin server +ADMIN.KTH.SE graziano.admin.kth.se +ADMIN.KTH.SE montano.admin.kth.se +BION.KTH.SE chaplin.bion.kth.se admin server +DSV.SU.SE ssi.dsv.su.se admin server +DSV.SU.SE vall.dsv.su.se +E.KTH.SE heimdal.e.kth.se admin server +E.KTH.SE elixir.e.kth.se +E.KTH.SE malt.e.kth.se +IT.KTH.SE gaia.it.kth.se +IT.KTH.SE isolde.it.kth.se +IT.KTH.SE tristan.it.kth.se +KTH.SE kth.se admin server +ML.KVA.SE gustava.ml.kva.se admin server +PI.SE liszt.adm.pi.se admin server +STACKEN.KTH.SE linnea.stacken.kth.se admin server +STACKEN.KTH.SE marcel.stacken.kth.se +STACKEN.KTH.SE sune.stacken.kth.se +SUNET.SE bar.pilsnet.sunet.se admin server +CYGNUS.COM kerberos.cygnus.com admin server +CYGNUS.COM kerberos-1.cygnus.com +CYGNUS.COM dumb.cygnus.com +DEVO.CYGNUS.COM dumber.cygnus.com admin server +MIRKWOOD.CYGNUS.COM mirkwood.cygnus.com admin server +KITHRUP.COM KITHRUP.COM admin server +ATHENA.MIT.EDU kerberos.mit.edu admin server +ATHENA.MIT.EDU kerberos-1.mit.edu +ATHENA.MIT.EDU kerberos-2.mit.edu +ATHENA.MIT.EDU kerberos-3.mit.edu +LCS.MIT.EDU kerberos.lcs.mit.edu admin server +SMS_TEST.MIT.EDU dodo.mit.edu admin server +LS.MIT.EDU ls.mit.edu admin server +IFS.UMICH.EDU kerberos.ifs.umich.edu +CS.WASHINGTON.EDU hawk.cs.washington.edu +CS.WASHINGTON.EDU aspen.cs.washington.edu +CS.BERKELEY.EDU okeeffe.berkeley.edu +SOUP.MIT.EDU soup.mit.edu admin server +TELECOM.MIT.EDU bitsy.mit.edu +MEDIA.MIT.EDU kerberos.media.mit.edu +NEAR.NET kerberos.near.net +CATS.UCSC.EDU mehitabel.ucsc.edu admin server +CATS.UCSC.EDU ucsch.ucsc.edu +WATCH.MIT.EDU kerberos.watch.mit.edu admin server +TELEBIT.COM napa.telebit.com. admin server +ARMADILLO.COM monad.armadillo.com admin server +TOAD.COM toad.com admin server +ZEN.ORG zen.org admin server +LLOYD.COM harry.lloyd.com admin server +EPRI.COM kerberos.epri.com admin server +EPRI.COM kerberos-2.epri.com diff --git a/crypto/kerberosIV/etc/krb.equiv b/crypto/kerberosIV/etc/krb.equiv new file mode 100644 index 0000000..6205c1f --- /dev/null +++ b/crypto/kerberosIV/etc/krb.equiv @@ -0,0 +1,14 @@ +# List of host with multiple adresses. +# +193.10.156.253 130.237.232.44 193.10.156.252 # scws scws-fddi scws-2. +193.10.156.250 130.237.232.15 # salmon-sp salmon. +# +# new krb.equiv syntax for all of SP. +# +193.10.156.0/24 193.10.157.0/24 \ # syk-X.pdc.kth.se syk-X-hps.pdc.kth.se +130.237.232.31 130.237.232.32 \ # syk-0101-fddi syk-0201-fddi +130.237.232.38 130.237.232.39 \ # syk-0115-fddi syk-0116-fddi +130.237.232.33 130.237.232.34 \ # syk-0301-fddi syk-0401-fddi +130.237.232.35 130.237.232.36 \ # syk-0501-fddi syk-0601-fddi +130.237.232.37 130.237.230.66 \ # syk-0602-fddi syk-0602-fcs +130.237.230.36 # syk-0606-hippi. diff --git a/crypto/kerberosIV/etc/krb.realms b/crypto/kerberosIV/etc/krb.realms new file mode 100644 index 0000000..85e955a --- /dev/null +++ b/crypto/kerberosIV/etc/krb.realms @@ -0,0 +1,51 @@ +.MY.REALM.NAME MY.REALM.NAME +sics.se SICS.SE +.sics.se SICS.SE +nada.kth.se NADA.KTH.SE +pdc.kth.se NADA.KTH.SE +.hydro.kth.se NADA.KTH.SE +.math.kth.se NADA.KTH.SE +.mech.kth.se NADA.KTH.SE +.nada.kth.se NADA.KTH.SE +.pdc.kth.se NADA.KTH.SE +.sans.kth.se NADA.KTH.SE +.admin.kth.se ADMIN.KTH.SE +.e.kth.se E.KTH.SE +.electrum.kth.se IT.KTH.SE +.it.kth.se IT.KTH.SE +.sth.sunet.se SUNET.SE +.pilsnet.sunet.se SUNET.SE +.sunet.se SUNET.SE +.ml.kva.se ML.KVA.SE +pi.se PI.SE +.pi.se PI.SE +.adm.pi.se PI.SE +.stacken.kth.se STACKEN.KTH.SE +kth.se KTH.SE +.kth.se KTH.SE +.bion.kth.se BION.KTH.SE +.dsv.su.se DSV.SU.SE +.MIT.EDU ATHENA.MIT.EDU +.MIT.EDU. ATHENA.MIT.EDU +MIT.EDU ATHENA.MIT.EDU +DODO.MIT.EDU SMS_TEST.MIT.EDU +.UCSC.EDU CATS.UCSC.EDU +.UCSC.EDU. CATS.UCSC.EDU +CYGNUS.COM CYGNUS.COM +.CYGNUS.COM CYGNUS.COM +MIRKWOOD.CYGNUS.COM MIRKWOOD.CYGNUS.COM +KITHRUP.COM KITHRUP.COM +.KITHRUP.COM KITHRUP.COM +.berkeley.edu EECS.BERKELEY.EDU +.CS.berkeley.edu EECS.BERKELEY.EDU +.MIT.EDU ATHENA.MIT.EDU +.mit.edu ATHENA.MIT.EDU +.BSDI.COM BSDI.COM +ARMADILLO.COM ARMADILLO.COM +.ARMADILLO.COM ARMADILLO.COM +ZEN.ORG ZEN.ORG +.ZEN.ORG ZEN.ORG +toad.com TOAD.COM +.toad.com TOAD.COM +lloyd.com LLOYD.COM +.lloyd.com LLOYD.COM diff --git a/crypto/kerberosIV/etc/login.access b/crypto/kerberosIV/etc/login.access new file mode 100644 index 0000000..f811616 --- /dev/null +++ b/crypto/kerberosIV/etc/login.access @@ -0,0 +1,54 @@ +# Sample /etc/login.access file read by the login program +# +# Login access control table. +# +# When someone logs in, the table is scanned for the first entry that +# matches the (user, host) combination, or, in case of non-networked +# logins, the first entry that matches the (user, tty) combination. The +# permissions field of that table entry determines whether the login will +# be accepted or refused. +# +# Format of the login access control table is three fields separated by a +# ":" character: +# +# permission : users : origins +# +# The first field should be a "+" (access granted) or "-" (access denied) +# character. +# +# The second field should be a list of one or more login names, group +# names, or ALL (always matches). A pattern of the form user@host is +# matched when the login name matches the "user" part, and when the +# "host" part matches the local machine name. +# +# The third field should be a list of one or more tty names (for +# non-networked logins), host names, domain names (begin with "."), host +# addresses, internet network numbers (end with "."), ALL (always +# matches) or LOCAL (matches any string that does not contain a "." +# character). +# +# If you run NIS you can use @netgroupname in host or user patterns; this +# even works for @usergroup@@hostgroup patterns. Weird. +# +# The EXCEPT operator makes it possible to write very compact rules. +# +# The group file is searched only when a name does not match that of the +# logged-in user. Only groups are matched in which users are explicitly +# listed: the program does not look at a user's primary group id value. +# +############################################################################## +# +# Disallow console logins to all but a few accounts. +# +-:ALL EXCEPT wheel shutdown sync:console +# +# Disallow non-local logins to privileged accounts (group wheel). +# +-:wheel:ALL EXCEPT LOCAL .win.tue.nl +# +# Some accounts are not allowed to login from anywhere: +# +-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL +# +# All other accounts are allowed to login from anywhere. +# diff --git a/crypto/kerberosIV/etc/services.append b/crypto/kerberosIV/etc/services.append new file mode 100644 index 0000000..8101e72 --- /dev/null +++ b/crypto/kerberosIV/etc/services.append @@ -0,0 +1,22 @@ +# +# Kerberos +# +# $Id: services.append,v 1.11 1996/10/18 15:25:17 bg Exp $ +# +kerberos-sec 88/udp # Kerberos secondary port UDP +kerberos-sec 88/tcp # Kerberos secondary port TCP +klogin 543/tcp # Kerberos authenticated rlogin +kshell 544/tcp krcmd # and remote shell +ekshell 545/tcp # Kerberos encrypted remote shell -kfall +ekshell2 2106/tcp # What U of Colorado @ Boulder uses? +kerberos-iv 750/udp kerberos kdc # Kerberos authentication--udp +kerberos-iv 750/tcp kerberos kdc # Kerberos authentication--tcp +kerberos_master 751/udp # Kerberos authentication +kerberos_master 751/tcp # Kerberos authentication +krb_prop 754/tcp # Kerberos slave propagation +kpop 1109/tcp # Pop with Kerberos +eklogin 2105/tcp # Kerberos encrypted rlogin +rkinit 2108/tcp # Kerberos remote kinit +kx 2111/tcp # X over kerberos +kip 2112/tcp # IP over kerberos +kauth 2120/tcp # Remote kauth diff --git a/crypto/kerberosIV/include/Makefile.in b/crypto/kerberosIV/include/Makefile.in new file mode 100644 index 0000000..5061c08 --- /dev/null +++ b/crypto/kerberosIV/include/Makefile.in @@ -0,0 +1,147 @@ +# $Id: Makefile.in,v 1.36 1997/05/20 18:58:39 bg Exp $ + +srcdir = @srcdir@ +VPATH = @srcdir@ + +SHELL = /bin/sh + +CC = @CC@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs +LN_S = @LN_S@ +EXECSUFFIX = @EXECSUFFIX@ + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +includedir = @includedir@ +libdir = @libdir@ + +HAVE_ERR_H = @ac_cv_header_err_h@ + +@SET_MAKE@ + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I. -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +HEADERS = krb_err.h kadm_err.h acl.h com_err.h des.h kadm.h kafs.h \ + kdc.h klog.h krb.h krb_db.h prot.h otp.h sl.h ktypes.h + +KTYPES_OBJECTS = ktypes.o + +SOURCES = ktypes.c + +LOCL_HEADERS = roken.h protos.h resolve.h xdbm.h + +MAYBE_HEADERS = err.h + +SUBDIRS = sys + +all: stamp-headers + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) all); done + +Wall: + $(MAKE) CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +ALL_INC = com_err.h des.h kadm.h kafs.h kdc.h klog.h krb.h krb_db.h otp.h + +install: + $(MKINSTALLDIRS) $(includedir) + for x in $(HEADERS); \ + do $(INSTALL_DATA) $$x $(includedir)/$$x; done + -if test "$(HAVE_ERR_H)" != yes; then \ + $(INSTALL_DATA) err.h $(includedir)/err.h; \ + fi + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) install); done + +uninstall: + for x in $(HEADERS); do \ + rm -f $(includedir)/$$x; \ + done + -if test "$(HAVE_ERR_H)" != yes; then \ + rm -f $(includedir)/err.h; \ + fi + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done + +clean: + rm -f $(HEADERS) $(LOCL_HEADERS) $(MAYBE_HEADERS) *.o ktypes stamp-headers + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) clean); done + +mostlyclean: clean + +distclean: + $(MAKE) clean + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) distclean); done + rm -f Makefile config.status *~ + +realclean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) realclean); done + +err.h: + if test "$(HAVE_ERR_H)" != yes; then \ + $(LN_S) $(srcdir)/../lib/roken/err.h err.h; \ + fi || true + +krb_err.h: + cd ../lib/krb && $(MAKE) krb_err.h + $(LN_S) ../lib/krb/krb_err.h . +kadm_err.h: + cd ../lib/kadm && $(MAKE) kadm_err.h + $(LN_S) ../lib/kadm/kadm_err.h . +acl.h: + $(LN_S) $(srcdir)/../lib/acl/acl.h . +com_err.h: + $(LN_S) $(srcdir)/../util/et/com_err.h . +des.h: + $(LN_S) $(srcdir)/../lib/des/des.h . +kadm.h: + $(LN_S) $(srcdir)/../lib/kadm/kadm.h . +kafs.h: + $(LN_S) $(srcdir)/../lib/kafs/kafs.h . +kdc.h: + $(LN_S) $(srcdir)/../lib/kdb/kdc.h . +klog.h: + $(LN_S) $(srcdir)/../lib/krb/klog.h . +krb.h: + $(LN_S) $(srcdir)/../lib/krb/krb.h . +resolve.h: + $(LN_S) $(srcdir)/../lib/krb/resolve.h . +krb_db.h: + $(LN_S) $(srcdir)/../lib/kdb/krb_db.h . +prot.h: + $(LN_S) $(srcdir)/../lib/krb/prot.h . + +protos.h: + $(LN_S) $(srcdir)/protos.H protos.h +roken.h: + $(LN_S) $(srcdir)/../lib/roken/roken.h . +xdbm.h: + $(LN_S) $(srcdir)/../lib/roken/xdbm.h . + +otp.h: + $(LN_S) $(srcdir)/../lib/otp/otp.h . + +sl.h: + $(LN_S) $(srcdir)/../lib/sl/sl.h . + +ktypes$(EXECSUFFIX): $(KTYPES_OBJECTS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(KTYPES_OBJECTS) + +ktypes.o: ktypes.c + +ktypes.h: ktypes$(EXECSUFFIX) + ./ktypes$(EXECSUFFIX) > $@ + +stamp-headers: Makefile + $(MAKE) $(HEADERS) $(LOCL_HEADERS) $(MAYBE_HEADERS) + touch stamp-headers diff --git a/crypto/kerberosIV/include/config.h.in b/crypto/kerberosIV/include/config.h.in new file mode 100644 index 0000000..826dc76 --- /dev/null +++ b/crypto/kerberosIV/include/config.h.in @@ -0,0 +1,984 @@ +/* include/config.h.in. Generated automatically from configure.in by autoheader. */ + +/* Define if using alloca.c. */ +#undef C_ALLOCA + +/* Define to empty if the keyword does not work. */ +#undef const + +/* Define to one of _getb67, GETB67, getb67 for Cray-2 and Cray-YMP systems. + This function is required for alloca.c support on those systems. */ +#undef CRAY_STACKSEG_END + +/* Define to `int' if <sys/types.h> doesn't define. */ +#undef gid_t + +/* Define if you have alloca, as a function or macro. */ +#undef HAVE_ALLOCA + +/* Define if you have <alloca.h> and it should be used (not on Ultrix). */ +#undef HAVE_ALLOCA_H + +/* Define if you have a working `mmap' system call. */ +#undef HAVE_MMAP + +/* Define if your struct stat has st_blksize. */ +#undef HAVE_ST_BLKSIZE + +/* Define to `long' if <sys/types.h> doesn't define. */ +#undef off_t + +/* Define to `int' if <sys/types.h> doesn't define. */ +#undef pid_t + +/* Define if you need to in order for stat and other things to work. */ +#undef _POSIX_SOURCE + +/* Define as the return type of signal handlers (int or void). */ +#undef RETSIGTYPE + +/* Define to `unsigned' if <sys/types.h> doesn't define. */ +#undef size_t + +/* If using the C implementation of alloca, define if you know the + direction of stack growth for your system; otherwise it will be + automatically deduced at run-time. + STACK_DIRECTION > 0 => grows toward higher addresses + STACK_DIRECTION < 0 => grows toward lower addresses + STACK_DIRECTION = 0 => direction of growth unknown + */ +#undef STACK_DIRECTION + +/* Define if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Define if `sys_siglist' is declared by <signal.h>. */ +#undef SYS_SIGLIST_DECLARED + +/* Define if you can safely include both <sys/time.h> and <time.h>. */ +#undef TIME_WITH_SYS_TIME + +/* Define to `int' if <sys/types.h> doesn't define. */ +#undef uid_t + +/* Define if your processor stores words with the most significant + byte first (like Motorola and SPARC, unlike Intel and VAX). */ +#undef WORDS_BIGENDIAN + +/* Define if the X Window System is missing or not being used. */ +#undef X_DISPLAY_MISSING + +/* Define this if RETSIGTYPE == void */ +#undef VOID_RETSIGTYPE + +/* Define this if struct utmp have ut_user */ +#undef HAVE_UT_USER + +/* Define this if struct utmp have ut_host */ +#undef HAVE_UT_HOST + +/* Define this if struct utmp have ut_addr */ +#undef HAVE_UT_ADDR + +/* Define this if struct utmp have ut_type */ +#undef HAVE_UT_TYPE + +/* Define this if struct utmp have ut_pid */ +#undef HAVE_UT_PID + +/* Define this if struct utmp have ut_id */ +#undef HAVE_UT_ID + +/* Define this if struct utmpx have ut_syslen */ +#undef HAVE_UT_SYSLEN + +/* Define this if struct winsize is declared in sys/termios.h */ +#undef HAVE_STRUCT_WINSIZE + +/* Define this if struct winsize have ws_xpixel */ +#undef HAVE_WS_XPIXEL + +/* Define this if struct winsize have ws_ypixel */ +#undef HAVE_WS_YPIXEL + +/* Define this to be the directory where the dictionary for cracklib */ +/* resides */ +#undef DICTPATH + +/* Define this if you want to use SOCKS v5 */ +#undef SOCKS + +/* Define this to the path of the mail spool directory */ +#undef KRB4_MAILDIR + +/* Define this if `struct sockaddr' includes sa_len */ +#undef SOCKADDR_HAS_SA_LEN + +/* Define this if `struct siaentity' includes ouid */ +#undef SIAENTITY_HAS_OUID + +/* Define if getlogin has POSIX flavour, as opposed to BSD */ +#undef POSIX_GETLOGIN + +/* Define if getpwnam_r has POSIX flavour */ +#undef POSIX_GETPWNAM_R + +/* define if getcwd() is broken (such as in SunOS) */ +#undef BROKEN_GETCWD + +/* define if the system is missing a prototype for crypt() */ +#undef NEED_CRYPT_PROTO + +/* define if the system is missing a prototype for strtok_r() */ +#undef NEED_STRTOK_R_PROTO + +/* define if /bin/ls takes -A */ +#undef HAVE_LS_A + +/* define if you have h_errno */ +#undef HAVE_H_ERRNO + +/* define if you have h_errlist but not hstrerror */ +#undef HAVE_H_ERRLIST + +/* define if you have h_nerr but not hstrerror */ +#undef HAVE_H_NERR + +/* define if your system doesn't declare h_errlist */ +#undef HAVE_H_ERRLIST_DECLARATION + +/* define if your system doesn't declare h_nerr */ +#undef HAVE_H_NERR_DECLARATION + +/* define this if you need a declaration for h_errno */ +#undef HAVE_H_ERRNO_DECLARATION + +/* define if you need a declaration for optarg */ +#undef HAVE_OPTARG_DECLARATION + +/* define if you need a declaration for optind */ +#undef HAVE_OPTIND_DECLARATION + +/* define if you need a declaration for opterr */ +#undef HAVE_OPTERR_DECLARATION + +/* define if you need a declaration for optopt */ +#undef HAVE_OPTOPT_DECLARATION + +/* define if you need a declaration for __progname */ +#undef HAVE___PROGNAME_DECLARATION + +/* Define if you have the XauReadAuth function. */ +#undef HAVE_XAUREADAUTH + +/* Define if you have the XauWriteAuth function. */ +#undef HAVE_XAUWRITEAUTH + +/* Define if you have the _getpty function. */ +#undef HAVE__GETPTY + +/* Define if you have the _scrsize function. */ +#undef HAVE__SCRSIZE + +/* Define if you have the _setsid function. */ +#undef HAVE__SETSID + +/* Define if you have the _stricmp function. */ +#undef HAVE__STRICMP + +/* Define if you have the asnprintf function. */ +#undef HAVE_ASNPRINTF + +/* Define if you have the asprintf function. */ +#undef HAVE_ASPRINTF + +/* Define if you have the chown function. */ +#undef HAVE_CHOWN + +/* Define if you have the daemon function. */ +#undef HAVE_DAEMON + +/* Define if you have the dbm_firstkey function. */ +#undef HAVE_DBM_FIRSTKEY + +/* Define if you have the dbopen function. */ +#undef HAVE_DBOPEN + +/* Define if you have the dn_expand function. */ +#undef HAVE_DN_EXPAND + +/* Define if you have the el_init function. */ +#undef HAVE_EL_INIT + +/* Define if you have the err function. */ +#undef HAVE_ERR + +/* Define if you have the errx function. */ +#undef HAVE_ERRX + +/* Define if you have the fchmod function. */ +#undef HAVE_FCHMOD + +/* Define if you have the fchown function. */ +#undef HAVE_FCHOWN + +/* Define if you have the fcntl function. */ +#undef HAVE_FCNTL + +/* Define if you have the flock function. */ +#undef HAVE_FLOCK + +/* Define if you have the forkpty function. */ +#undef HAVE_FORKPTY + +/* Define if you have the frevoke function. */ +#undef HAVE_FREVOKE + +/* Define if you have the getattr function. */ +#undef HAVE_GETATTR + +/* Define if you have the getcwd function. */ +#undef HAVE_GETCWD + +/* Define if you have the getdtablesize function. */ +#undef HAVE_GETDTABLESIZE + +/* Define if you have the gethostbyname function. */ +#undef HAVE_GETHOSTBYNAME + +/* Define if you have the gethostname function. */ +#undef HAVE_GETHOSTNAME + +/* Define if you have the getlogin function. */ +#undef HAVE_GETLOGIN + +/* Define if you have the getopt function. */ +#undef HAVE_GETOPT + +/* Define if you have the getpagesize function. */ +#undef HAVE_GETPAGESIZE + +/* Define if you have the getpriority function. */ +#undef HAVE_GETPRIORITY + +/* Define if you have the getpwnam_r function. */ +#undef HAVE_GETPWNAM_R + +/* Define if you have the getservbyname function. */ +#undef HAVE_GETSERVBYNAME + +/* Define if you have the getsockopt function. */ +#undef HAVE_GETSOCKOPT + +/* Define if you have the getspnam function. */ +#undef HAVE_GETSPNAM + +/* Define if you have the getspuid function. */ +#undef HAVE_GETSPUID + +/* Define if you have the gettimeofday function. */ +#undef HAVE_GETTIMEOFDAY + +/* Define if you have the getudbnam function. */ +#undef HAVE_GETUDBNAM + +/* Define if you have the getuid function. */ +#undef HAVE_GETUID + +/* Define if you have the getusershell function. */ +#undef HAVE_GETUSERSHELL + +/* Define if you have the grantpt function. */ +#undef HAVE_GRANTPT + +/* Define if you have the hstrerror function. */ +#undef HAVE_HSTRERROR + +/* Define if you have the inet_aton function. */ +#undef HAVE_INET_ATON + +/* Define if you have the initgroups function. */ +#undef HAVE_INITGROUPS + +/* Define if you have the innetgr function. */ +#undef HAVE_INNETGR + +/* Define if you have the iruserok function. */ +#undef HAVE_IRUSEROK + +/* Define if you have the logout function. */ +#undef HAVE_LOGOUT + +/* Define if you have the logwtmp function. */ +#undef HAVE_LOGWTMP + +/* Define if you have the lstat function. */ +#undef HAVE_LSTAT + +/* Define if you have the memmove function. */ +#undef HAVE_MEMMOVE + +/* Define if you have the mkstemp function. */ +#undef HAVE_MKSTEMP + +/* Define if you have the mktime function. */ +#undef HAVE_MKTIME + +/* Define if you have the odm_initialize function. */ +#undef HAVE_ODM_INITIALIZE + +/* Define if you have the ptsname function. */ +#undef HAVE_PTSNAME + +/* Define if you have the putenv function. */ +#undef HAVE_PUTENV + +/* Define if you have the rand function. */ +#undef HAVE_RAND + +/* Define if you have the random function. */ +#undef HAVE_RANDOM + +/* Define if you have the rcmd function. */ +#undef HAVE_RCMD + +/* Define if you have the readline function. */ +#undef HAVE_READLINE + +/* Define if you have the res_search function. */ +#undef HAVE_RES_SEARCH + +/* Define if you have the revoke function. */ +#undef HAVE_REVOKE + +/* Define if you have the setegid function. */ +#undef HAVE_SETEGID + +/* Define if you have the setenv function. */ +#undef HAVE_SETENV + +/* Define if you have the seteuid function. */ +#undef HAVE_SETEUID + +/* Define if you have the setitimer function. */ +#undef HAVE_SETITIMER + +/* Define if you have the setlim function. */ +#undef HAVE_SETLIM + +/* Define if you have the setlogin function. */ +#undef HAVE_SETLOGIN + +/* Define if you have the setpcred function. */ +#undef HAVE_SETPCRED + +/* Define if you have the setpgid function. */ +#undef HAVE_SETPGID + +/* Define if you have the setpriority function. */ +#undef HAVE_SETPRIORITY + +/* Define if you have the setproctitle function. */ +#undef HAVE_SETPROCTITLE + +/* Define if you have the setregid function. */ +#undef HAVE_SETREGID + +/* Define if you have the setresgid function. */ +#undef HAVE_SETRESGID + +/* Define if you have the setresuid function. */ +#undef HAVE_SETRESUID + +/* Define if you have the setreuid function. */ +#undef HAVE_SETREUID + +/* Define if you have the setsid function. */ +#undef HAVE_SETSID + +/* Define if you have the setsockopt function. */ +#undef HAVE_SETSOCKOPT + +/* Define if you have the setutent function. */ +#undef HAVE_SETUTENT + +/* Define if you have the snprintf function. */ +#undef HAVE_SNPRINTF + +/* Define if you have the socket function. */ +#undef HAVE_SOCKET + +/* Define if you have the strcasecmp function. */ +#undef HAVE_STRCASECMP + +/* Define if you have the strdup function. */ +#undef HAVE_STRDUP + +/* Define if you have the strerror function. */ +#undef HAVE_STRERROR + +/* Define if you have the strftime function. */ +#undef HAVE_STRFTIME + +/* Define if you have the strlwr function. */ +#undef HAVE_STRLWR + +/* Define if you have the strnlen function. */ +#undef HAVE_STRNLEN + +/* Define if you have the strtok_r function. */ +#undef HAVE_STRTOK_R + +/* Define if you have the strupr function. */ +#undef HAVE_STRUPR + +/* Define if you have the swab function. */ +#undef HAVE_SWAB + +/* Define if you have the syslog function. */ +#undef HAVE_SYSLOG + +/* Define if you have the tgetent function. */ +#undef HAVE_TGETENT + +/* Define if you have the ttyname function. */ +#undef HAVE_TTYNAME + +/* Define if you have the ttyslot function. */ +#undef HAVE_TTYSLOT + +/* Define if you have the ulimit function. */ +#undef HAVE_ULIMIT + +/* Define if you have the uname function. */ +#undef HAVE_UNAME + +/* Define if you have the unlockpt function. */ +#undef HAVE_UNLOCKPT + +/* Define if you have the unsetenv function. */ +#undef HAVE_UNSETENV + +/* Define if you have the vasnprintf function. */ +#undef HAVE_VASNPRINTF + +/* Define if you have the vasprintf function. */ +#undef HAVE_VASPRINTF + +/* Define if you have the verr function. */ +#undef HAVE_VERR + +/* Define if you have the verrx function. */ +#undef HAVE_VERRX + +/* Define if you have the vhangup function. */ +#undef HAVE_VHANGUP + +/* Define if you have the vsnprintf function. */ +#undef HAVE_VSNPRINTF + +/* Define if you have the vwarn function. */ +#undef HAVE_VWARN + +/* Define if you have the vwarnx function. */ +#undef HAVE_VWARNX + +/* Define if you have the warn function. */ +#undef HAVE_WARN + +/* Define if you have the warnx function. */ +#undef HAVE_WARNX + +/* Define if you have the yp_get_default_domain function. */ +#undef HAVE_YP_GET_DEFAULT_DOMAIN + +/* Define if you have the <arpa/ftp.h> header file. */ +#undef HAVE_ARPA_FTP_H + +/* Define if you have the <arpa/inet.h> header file. */ +#undef HAVE_ARPA_INET_H + +/* Define if you have the <arpa/nameser.h> header file. */ +#undef HAVE_ARPA_NAMESER_H + +/* Define if you have the <arpa/telnet.h> header file. */ +#undef HAVE_ARPA_TELNET_H + +/* Define if you have the <bind/bitypes.h> header file. */ +#undef HAVE_BIND_BITYPES_H + +/* Define if you have the <bsd/bsd.h> header file. */ +#undef HAVE_BSD_BSD_H + +/* Define if you have the <bsdsetjmp.h> header file. */ +#undef HAVE_BSDSETJMP_H + +/* Define if you have the <crypt.h> header file. */ +#undef HAVE_CRYPT_H + +/* Define if you have the <dbm.h> header file. */ +#undef HAVE_DBM_H + +/* Define if you have the <dirent.h> header file. */ +#undef HAVE_DIRENT_H + +/* Define if you have the <err.h> header file. */ +#undef HAVE_ERR_H + +/* Define if you have the <fcntl.h> header file. */ +#undef HAVE_FCNTL_H + +/* Define if you have the <grp.h> header file. */ +#undef HAVE_GRP_H + +/* Define if you have the <io.h> header file. */ +#undef HAVE_IO_H + +/* Define if you have the <lastlog.h> header file. */ +#undef HAVE_LASTLOG_H + +/* Define if you have the <login.h> header file. */ +#undef HAVE_LOGIN_H + +/* Define if you have the <maillock.h> header file. */ +#undef HAVE_MAILLOCK_H + +/* Define if you have the <ndbm.h> header file. */ +#undef HAVE_NDBM_H + +/* Define if you have the <net/if.h> header file. */ +#undef HAVE_NET_IF_H + +/* Define if you have the <net/if_tun.h> header file. */ +#undef HAVE_NET_IF_TUN_H + +/* Define if you have the <net/if_var.h> header file. */ +#undef HAVE_NET_IF_VAR_H + +/* Define if you have the <netdb.h> header file. */ +#undef HAVE_NETDB_H + +/* Define if you have the <netinet/in.h> header file. */ +#undef HAVE_NETINET_IN_H + +/* Define if you have the <netinet/in6_machtypes.h> header file. */ +#undef HAVE_NETINET_IN6_MACHTYPES_H + +/* Define if you have the <netinet/in_systm.h> header file. */ +#undef HAVE_NETINET_IN_SYSTM_H + +/* Define if you have the <netinet/ip.h> header file. */ +#undef HAVE_NETINET_IP_H + +/* Define if you have the <netinet/tcp.h> header file. */ +#undef HAVE_NETINET_TCP_H + +/* Define if you have the <paths.h> header file. */ +#undef HAVE_PATHS_H + +/* Define if you have the <pty.h> header file. */ +#undef HAVE_PTY_H + +/* Define if you have the <pwd.h> header file. */ +#undef HAVE_PWD_H + +/* Define if you have the <resolv.h> header file. */ +#undef HAVE_RESOLV_H + +/* Define if you have the <rpcsvc/dbm.h> header file. */ +#undef HAVE_RPCSVC_DBM_H + +/* Define if you have the <sac.h> header file. */ +#undef HAVE_SAC_H + +/* Define if you have the <security/pam_modules.h> header file. */ +#undef HAVE_SECURITY_PAM_MODULES_H + +/* Define if you have the <shadow.h> header file. */ +#undef HAVE_SHADOW_H + +/* Define if you have the <siad.h> header file. */ +#undef HAVE_SIAD_H + +/* Define if you have the <signal.h> header file. */ +#undef HAVE_SIGNAL_H + +/* Define if you have the <stropts.h> header file. */ +#undef HAVE_STROPTS_H + +/* Define if you have the <sys/bitypes.h> header file. */ +#undef HAVE_SYS_BITYPES_H + +/* Define if you have the <sys/category.h> header file. */ +#undef HAVE_SYS_CATEGORY_H + +/* Define if you have the <sys/cdefs.h> header file. */ +#undef HAVE_SYS_CDEFS_H + +/* Define if you have the <sys/file.h> header file. */ +#undef HAVE_SYS_FILE_H + +/* Define if you have the <sys/filio.h> header file. */ +#undef HAVE_SYS_FILIO_H + +/* Define if you have the <sys/ioccom.h> header file. */ +#undef HAVE_SYS_IOCCOM_H + +/* Define if you have the <sys/ioctl.h> header file. */ +#undef HAVE_SYS_IOCTL_H + +/* Define if you have the <sys/locking.h> header file. */ +#undef HAVE_SYS_LOCKING_H + +/* Define if you have the <sys/mman.h> header file. */ +#undef HAVE_SYS_MMAN_H + +/* Define if you have the <sys/param.h> header file. */ +#undef HAVE_SYS_PARAM_H + +/* Define if you have the <sys/proc.h> header file. */ +#undef HAVE_SYS_PROC_H + +/* Define if you have the <sys/ptyio.h> header file. */ +#undef HAVE_SYS_PTYIO_H + +/* Define if you have the <sys/ptyvar.h> header file. */ +#undef HAVE_SYS_PTYVAR_H + +/* Define if you have the <sys/resource.h> header file. */ +#undef HAVE_SYS_RESOURCE_H + +/* Define if you have the <sys/select.h> header file. */ +#undef HAVE_SYS_SELECT_H + +/* Define if you have the <sys/socket.h> header file. */ +#undef HAVE_SYS_SOCKET_H + +/* Define if you have the <sys/sockio.h> header file. */ +#undef HAVE_SYS_SOCKIO_H + +/* Define if you have the <sys/stat.h> header file. */ +#undef HAVE_SYS_STAT_H + +/* Define if you have the <sys/str_tty.h> header file. */ +#undef HAVE_SYS_STR_TTY_H + +/* Define if you have the <sys/stream.h> header file. */ +#undef HAVE_SYS_STREAM_H + +/* Define if you have the <sys/stropts.h> header file. */ +#undef HAVE_SYS_STROPTS_H + +/* Define if you have the <sys/strtty.h> header file. */ +#undef HAVE_SYS_STRTTY_H + +/* Define if you have the <sys/syscall.h> header file. */ +#undef HAVE_SYS_SYSCALL_H + +/* Define if you have the <sys/sysctl.h> header file. */ +#undef HAVE_SYS_SYSCTL_H + +/* Define if you have the <sys/termio.h> header file. */ +#undef HAVE_SYS_TERMIO_H + +/* Define if you have the <sys/time.h> header file. */ +#undef HAVE_SYS_TIME_H + +/* Define if you have the <sys/timeb.h> header file. */ +#undef HAVE_SYS_TIMEB_H + +/* Define if you have the <sys/times.h> header file. */ +#undef HAVE_SYS_TIMES_H + +/* Define if you have the <sys/tty.h> header file. */ +#undef HAVE_SYS_TTY_H + +/* Define if you have the <sys/types.h> header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define if you have the <sys/uio.h> header file. */ +#undef HAVE_SYS_UIO_H + +/* Define if you have the <sys/un.h> header file. */ +#undef HAVE_SYS_UN_H + +/* Define if you have the <sys/utsname.h> header file. */ +#undef HAVE_SYS_UTSNAME_H + +/* Define if you have the <sys/wait.h> header file. */ +#undef HAVE_SYS_WAIT_H + +/* Define if you have the <syslog.h> header file. */ +#undef HAVE_SYSLOG_H + +/* Define if you have the <termio.h> header file. */ +#undef HAVE_TERMIO_H + +/* Define if you have the <termios.h> header file. */ +#undef HAVE_TERMIOS_H + +/* Define if you have the <tmpdir.h> header file. */ +#undef HAVE_TMPDIR_H + +/* Define if you have the <ttyent.h> header file. */ +#undef HAVE_TTYENT_H + +/* Define if you have the <udb.h> header file. */ +#undef HAVE_UDB_H + +/* Define if you have the <ulimit.h> header file. */ +#undef HAVE_ULIMIT_H + +/* Define if you have the <unistd.h> header file. */ +#undef HAVE_UNISTD_H + +/* Define if you have the <userpw.h> header file. */ +#undef HAVE_USERPW_H + +/* Define if you have the <usersec.h> header file. */ +#undef HAVE_USERSEC_H + +/* Define if you have the <util.h> header file. */ +#undef HAVE_UTIL_H + +/* Define if you have the <utime.h> header file. */ +#undef HAVE_UTIME_H + +/* Define if you have the <utmp.h> header file. */ +#undef HAVE_UTMP_H + +/* Define if you have the <utmpx.h> header file. */ +#undef HAVE_UTMPX_H + +/* Define if you have the <wait.h> header file. */ +#undef HAVE_WAIT_H + +/* Define if you have the <winsock.h> header file. */ +#undef HAVE_WINSOCK_H + +/* Define if you have the X11 library (-lX11). */ +#undef HAVE_LIBX11 + +/* Define if you have the Xau library (-lXau). */ +#undef HAVE_LIBXAU + +/* Define if you have the c_r library (-lc_r). */ +#undef HAVE_LIBC_R + +/* Define if you have the cfg library (-lcfg). */ +#undef HAVE_LIBCFG + +/* Define if you have the edit library (-ledit). */ +#undef HAVE_LIBEDIT + +/* Define if you have the gdbm library (-lgdbm). */ +#undef HAVE_LIBGDBM + +/* Define if you have the ndbm library (-lndbm). */ +#undef HAVE_LIBNDBM + +/* Define if you have the nsl library (-lnsl). */ +#undef HAVE_LIBNSL + +/* Define if you have the odm library (-lodm). */ +#undef HAVE_LIBODM + +/* Define if you have the readline library (-lreadline). */ +#undef HAVE_LIBREADLINE + +/* Define if you have the resolv library (-lresolv). */ +#undef HAVE_LIBRESOLV + +/* Define if you have the s library (-ls). */ +#undef HAVE_LIBS + +/* Define if you have the socket library (-lsocket). */ +#undef HAVE_LIBSOCKET + +/* Define if you have the syslog library (-lsyslog). */ +#undef HAVE_LIBSYSLOG + +/* Define if you have the termcap library (-ltermcap). */ +#undef HAVE_LIBTERMCAP + +/* Define if you have the util library (-lutil). */ +#undef HAVE_LIBUTIL + +#undef HAVE_INT8_T +#undef HAVE_INT16_T +#undef HAVE_INT32_T +#undef HAVE_INT64_T +#undef HAVE_U_INT8_T +#undef HAVE_U_INT16_T +#undef HAVE_U_INT32_T +#undef HAVE_U_INT64_T + +#define RCSID(msg) \ +static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } + +/* + * Set ORGANIZATION to be the desired organization string printed + * by the 'kinit' program. It may have spaces. + */ +#define ORGANIZATION "eBones International" + +#if 0 +#undef BINDIR +#undef LIBDIR +#undef LIBEXECDIR +#undef SBINDIR +#endif + +#if 0 +#define KRB_CNF_FILES { "/etc/krb.conf", "/etc/kerberosIV/krb.conf", 0} +#define KRB_RLM_FILES { "/etc/krb.realms", "/etc/kerberosIV/krb.realms", 0} +#define KRB_EQUIV "/etc/krb.equiv" + +#define KEYFILE "/etc/srvtab" + +#define KRBDIR "/var/kerberos" +#define DBM_FILE KRBDIR "/principal" +#define DEFAULT_ACL_DIR KRBDIR + +#define KRBLOG "/var/log/kerberos.log" /* master server */ +#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */ +#define KADM_SYSLOG "/var/log/admin_server.syslog" +#define K_LOGFIL "/var/log/kpropd.log" +#endif + +/* Maximum values on all known systems */ +#define MaxHostNameLen (64+4) +#define MaxPathLen (1024+4) + +/* + * Define NDBM if you are using the 4.3 ndbm library (which is part of + * libc). If not defined, 4.2 dbm will be assumed. + */ +#if defined(HAVE_DBM_FIRSTKEY) +#define NDBM +#endif + +/* ftp stuff -------------------------------------------------- */ + +#define KERBEROS + +/* telnet stuff ----------------------------------------------- */ + +/* define this if you have kerberos 4 */ +#undef KRB4 + +/* define this if you want encryption */ +#undef ENCRYPTION + +/* define this if you want authentication */ +#undef AUTHENTICATION + +#if defined(ENCRYPTION) && !defined(AUTHENTICATION) +#define AUTHENTICATION 1 +#endif + +/* Set this if you want des encryption */ +#undef DES_ENCRYPTION + +/* Set this to the default system lead string for telnetd + * can contain %-escapes: %s=sysname, %m=machine, %r=os-release + * %v=os-version, %t=tty, %h=hostname, %d=date and time + */ +#undef USE_IM + +/* define this if you want diagnostics in telnetd */ +#undef DIAGNOSTICS + +/* define this if you want support for broken ENV_{VALUE,VAR} systems */ +#undef ENV_HACK + +/* */ +#undef OLD_ENVIRON + +/* Used with login -p */ +#undef LOGIN_ARGS + +/* Define if there are working stream ptys */ +#undef STREAMSPTY + +/* set this to a sensible login */ +#ifndef LOGIN_PATH +#define LOGIN_PATH BINDIR "/login" +#endif + + +/* ------------------------------------------------------------ */ + +/* + * Define this if your ndbm-library really is berkeley db and creates + * files that ends in .db. + */ +#undef HAVE_NEW_DB + +/* Define this if you have a working getmsg */ +#undef HAVE_GETMSG + +/* Define to enable new master key code */ +#undef RANDOM_MKEY + +/* Location of the master key file, default value lives in <kdc.h> */ +#undef MKEYFILE + +/* Define if you don't want support for afs, might be a good idea on + AIX if you don't have afs */ +#undef NO_AFS + +/* Define if you have a readline compatible library */ +#undef HAVE_READLINE + +#ifdef VOID_RETSIGTYPE +#define SIGRETURN(x) return +#else +#define SIGRETURN(x) return (RETSIGTYPE)(x) +#endif + +/* Define this if your compiler supports '#pragma weak' */ +#undef HAVE_PRAGMA_WEAK + +/* Temporary fixes for krb_{rd,mk}_safe */ +#define DES_QUAD_GUESS 0 +#define DES_QUAD_NEW 1 +#define DES_QUAD_OLD 2 + +/* Set this to one of the constants above to specify default checksum + type to emit */ +#undef DES_QUAD_DEFAULT + +/* + * AIX braindamage! + */ +#if _AIX +#define _ALL_SOURCE +#define _POSIX_SOURCE +/* this is left for hysteric reasons :-) */ +#define unix /* well, ok... */ +#endif + +/* + * SunOS braindamage! (Sun include files are generally braindead) + */ +#if (defined(sun) || defined(__sun)) +#if defined(__svr4__) || defined(__SVR4) +#define SunOS 5 +#else +#define SunOS 4 +#endif +#endif + +#if defined(__sgi) || defined(sgi) +#if defined(__SYSTYPE_SVR4) || defined(_SYSTYPE_SVR4) +#define IRIX 5 +#else +#define IRIX 4 +#endif +#endif + +/* IRIX 4 braindamage */ +#if IRIX == 4 && !defined(__STDC__) +#define __STDC__ 0 +#endif diff --git a/crypto/kerberosIV/include/ktypes.c b/crypto/kerberosIV/include/ktypes.c new file mode 100644 index 0000000..eb6ad48 --- /dev/null +++ b/crypto/kerberosIV/include/ktypes.c @@ -0,0 +1,64 @@ +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: ktypes.c,v 1.4 1997/05/31 08:52:09 bg Exp $"); +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_BITYPES_H +#include <sys/bitypes.h> +#endif +#ifdef HAVE_BIND_BITYPES_H +#include <bind/bitypes.h> +#endif +#ifdef HAVE_NETINET_IN6_MACHTYPES_H +#include <netinet/in6_machtypes.h> +#endif + +int +main(void) +{ + printf ("/*\n" + " * This file was automatically generated by\n" + " * $Id: ktypes.c,v 1.4 1997/05/31 08:52:09 bg Exp $.\n" + " * Please do not edit\n" + " */\n\n"); + + printf ("#ifndef __KTYPES_H__\n" + "#define __KTYPES_H__\n\n"); + +#ifdef HAVE_SYS_TYPES_H + printf("#include <sys/types.h>\n"); +#endif +#ifdef HAVE_SYS_BITYPES_H + printf("#include <sys/bitypes.h>\n"); +#endif +#ifdef HAVE_BIND_BITYPES_H + printf("#include <bind/bitypes.h>\n"); +#endif +#ifdef HAVE_NETINET_IN6_MACHTYPES_H + printf("#include <netinet/in6_machtypes.h>\n"); +#endif + +#ifndef HAVE_INT8_T + printf("typedef signed char int8_t;\n"); +#endif +#ifndef HAVE_U_INT8_T + printf("typedef unsigned char u_int8_t;\n"); +#endif +#ifndef HAVE_INT16_T + printf("typedef short int16_t;\n"); +#endif +#ifndef HAVE_U_INT16_T + printf("typedef unsigned short u_int16_t;\n"); +#endif +#ifndef HAVE_INT32_T + printf("typedef int int32_t;\n"); +#endif +#ifndef HAVE_U_INT32_T + printf("typedef unsigned int u_int32_t;\n"); +#endif + + printf("\n#endif /* __KTYPES_H__ */\n"); + return 0; +} diff --git a/crypto/kerberosIV/include/protos.h b/crypto/kerberosIV/include/protos.h new file mode 100644 index 0000000..0ceb122 --- /dev/null +++ b/crypto/kerberosIV/include/protos.h @@ -0,0 +1,276 @@ +/* -*- C -*- + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * Add here functions that don't have a prototype on your system. + * + * $Id: protos.H,v 1.43 1997/05/28 01:09:36 assar Exp $ + */ + +#ifdef NEED_CRYPT_PROTO +char *crypt(const char*, const char*); +#endif + +#ifdef NEED_STRTOK_R_PROTO +char *strtok_r (char *s1, const char *s2, char **lasts); +#endif + +#ifndef HAVE_OPTARG_DECLARATION +extern char *optarg; +#endif +#ifndef HAVE_OPTERR_DECLARATION +extern int opterr; +#endif +#ifndef HAVE_OPTIND_DECLARATION +extern int optind; +#endif +#ifndef HAVE_OPTOPT_DECLARATION +extern int optopt; +#endif + +#if defined(__GNUC__) && SunOS == 4 + +/* To get type fd_set */ +#include <sys/types.h> +#include <sys/time.h> + +/* To get struct sockaddr, struct in_addr and struct hostent */ +#include <sys/socket.h> +#include <netinet/in.h> +#include <netdb.h> + +/* To get struct stat */ +#include <sys/stat.h> + +/* To get struct utimbuf */ +#include <utime.h> + +int utime(const char *, struct utimbuf *); +int syscall(int, ...); +pid_t getpid(void); +int ftruncate(int, off_t); +int fchmod(int, mode_t); +int fchown(int fd, int owner, int group); +int fsync(int); +int seteuid(uid_t); +int setreuid(int, int); +int flock(int, int); +int gettimeofday(struct timeval *tp, struct timezone *tzp); +int lstat(const char *, struct stat *); +int ioctl(int, int, void *); +int getpriority(int which, int who); +int setpriority(int which, int who, int priority); +int getdtablesize(void); +int initgroups(const char *name, int basegid); +long ulimit(int cmd, long newlimit); +int vhangup(void); + +int sigblock(int); +int sigsetmask(int); +int setitimer(int which, struct itimerval *value, struct itimerval *ovalue); + +int munmap(caddr_t addr, int len); + +int socket(int, int, int); +int setsockopt(int, int, int, void *, int); +int bind(int, void *, int); +int getsockname(int, struct sockaddr *, int *); +int accept(int, struct sockaddr *, int *); +int connect(int, struct sockaddr *, int); +int listen(int, int); +int recv(int s, void *buf, int len, int flags); +int recvfrom(int, char *, int, int, void *, int *); +int sendto(int, const char *, int, int, void *, int); +int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); +int shutdown(int, int); +int getpeername(int, struct sockaddr *, int *); +int getsockopt(int, int, int, void *, int *); +int send(int s, const void *msg, int len, int flags); +struct strbuf; +int getmsg(int fd, struct strbuf *ctlptr, struct strbuf *dataptr, int *flags); + +char *inet_ntoa(struct in_addr in); +unsigned long inet_addr(const char *cp); +int gethostname(char *, int); +struct hostent *gethostbyname(const char *); +int dn_expand(const u_char *msg, + const u_char *eomorig, + const u_char *comp_dn, + char *exp_dn, + int length); +int res_search(const char *dname, + int class, + int type, + u_char *answer, + int anslen); + +int yp_get_default_domain (char **outdomain); +int innetgr(const char *netgroup, const char *machine, + const char *user, const char *domain); + +char *getwd(char *pathname); + +void bzero(char *b, int length); +int strcasecmp(const char *, const char *); +void swab(const char *, char *, int); +int atoi(const char *str); +char *mktemp(char *); +void srandom(int seed); +int random(void); + +int rcmd(char **, unsigned short, char *, char *, char *, int *); +int rresvport(int *); +int openlog(const char *ident, int logopt, int facility); +int syslog(int priority, const char *message, ...); +int ttyslot(void); + +char *getpass(const char *); + +char *getusershell(void); +void setpwent(); +void endpwent(); + +#include <stdio.h> +int fclose(FILE *); + +#endif /* SunOS4 */ + +#if SunOS == 5 + +#include <sys/types.h> +#include <sys/resource.h> + +char *getusershell(void); +char *strtok_r(char *, const char *, char **); +int getpriority (int which, id_t who); +int setpriority (int which, id_t who, int prio); +int getdtablesize (void); +char *getusershell(void); +void setusershell(void); +void endusershell(void); + +#if defined(__GNUC__) + +int syscall(int, ...); +int gethostname(char *, int); + +struct timeval; +int gettimeofday(struct timeval *tp, void *); + +#endif +#endif + +#if defined(__osf__) /* OSF/1 */ + +#if 0 +/* To get type fd_set */ +#include <sys/types.h> +#include <sys/time.h> + +int select(int, fd_set *, fd_set *, fd_set *, struct timeval *); +int fsync(int fildes); +int gethostname(char *address, int address_len); +int setreuid(int ruid, int euid); +int ioctl(int d, unsigned long request, void * arg); +#endif +int flock(int fildes, int operation); +int syscall(int, ...); + +unsigned short htons(unsigned short hostshort); +unsigned int htonl(unsigned int hostint); +unsigned short ntohs(unsigned short netshort); +unsigned int ntohl(unsigned int netint); + +char *mktemp(char *template); +char *getusershell(void); + +int rcmd(char **, unsigned short, char *, char *, char *, int *); +int rresvport (int *port); + +#endif /* OSF/1 */ + +#if defined(__sgi) +#include <sys/types.h> + +char *ptsname(int fd); +struct spwd *getspuid(uid_t); +#endif /* IRIX */ + +#if defined(__GNUC__) && defined(_AIX) /* AIX */ + +struct timeval; +struct timezone; +int gettimeofday (struct timeval *Tp, void *Tzp); + +#endif /* AIX */ + +#if defined(__GNUC__) && defined(__hpux) /* HP-UX */ + +int syscall(int, ...); + +int vhangup(void); + +char *ptsname(int fildes); + +void utmpname(const char *file); + +int innetgr(const char *netgroup, const char *machine, + const char *user, const char *domain); + +int dn_comp(char *exp_dn, char *comp_dn, int length, + char **dnptrs, char **lastdnptr); + +int res_query(char *dname, int class, int type, + unsigned char *answer, int anslen); + +int dn_expand(char *msg, char *eomorig, char *comp_dn, + char *exp_dn, int length); + +int res_search(char *dname, int class, int type, + unsigned char *answer, int anslen); + +#endif /* HP-UX */ + +#if defined(WIN32) /* Visual C++ 4.0 (Windows95/NT) */ + +int open(const char *, int, ...); +int close(int); +int read(int, void *, unsigned int); +int write(int, const void *, unsigned int); + +#endif /* WIN32 */ diff --git a/crypto/kerberosIV/include/sys/Makefile.in b/crypto/kerberosIV/include/sys/Makefile.in new file mode 100644 index 0000000..d6a58e0 --- /dev/null +++ b/crypto/kerberosIV/include/sys/Makefile.in @@ -0,0 +1,53 @@ +# $Id: Makefile.in,v 1.18 1997/05/11 04:29:47 assar Exp $ + +srcdir = @srcdir@ +VPATH = @srcdir@ + +SHELL = /bin/sh + +LN_S = @LN_S@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +includedir = @includedir@ +HAVE_CDEFS = @ac_cv_header_sys_cdefs_h@ + +@SET_MAKE@ + +HEADERS = cdefs.h + +all: stamp-headers + +Wall: + $(MAKE) CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +install: all + $(MKINSTALLDIRS) $(includedir)/sys + -if test "$(HAVE_CDEFS)" != yes; then \ + $(INSTALL_DATA) cdefs.h $(includedir)/sys/cdefs.h ; \ + fi + +uninstall: + -if test "$(HAVE_CDEFS)" != yes; then \ + rm -f $(includedir)/sys/cdefs.h ; \ + fi + +clean: + rm -f $(HEADERS) stamp-headers + +mostlyclean: clean +distclean: clean + rm -f Makefile config.status *~ + +realclean: clean + +cdefs.h: + if test "$(HAVE_CDEFS)" != yes; then \ + $(LN_S) ${srcdir}/cdefs.H cdefs.h; \ + fi || true + +stamp-headers: + $(MAKE) $(HEADERS) + touch stamp-headers diff --git a/crypto/kerberosIV/include/sys/cdefs.H b/crypto/kerberosIV/include/sys/cdefs.H new file mode 100644 index 0000000..196d476 --- /dev/null +++ b/crypto/kerberosIV/include/sys/cdefs.H @@ -0,0 +1,149 @@ +/* -*- C -*- + * + * ++Copyright++ 1991, 1993 + * - + * Copyright (c) 1991, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * - + * Portions Copyright (c) 1993 by Digital Equipment Corporation. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies, and that + * the name of Digital Equipment Corporation not be used in advertising or + * publicity pertaining to distribution of the document or software without + * specific, written prior permission. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT + * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + * - + * --Copyright-- + */ + +/* + * @(#)cdefs.h 8.1 (Berkeley) 6/2/93 + * $Id: cdefs.H,v 1.2 1995/09/10 20:18:56 d91-jda Exp $ + */ + +#ifndef _CDEFS_H_ +#define _CDEFS_H_ + +#if defined(__cplusplus) +#define __BEGIN_DECLS extern "C" { +#define __END_DECLS }; +#else +#define __BEGIN_DECLS +#define __END_DECLS +#endif + +/* + * The __CONCAT macro is used to concatenate parts of symbol names, e.g. + * with "#define OLD(foo) __CONCAT(old,foo)", OLD(foo) produces oldfoo. + * The __CONCAT macro is a bit tricky -- make sure you don't put spaces + * in between its arguments. __CONCAT can also concatenate double-quoted + * strings produced by the __STRING macro, but this only works with ANSI C. + */ +#if defined(__STDC__) || defined(__cplusplus) +#ifndef __P /* it's quite popular to define this */ +#define __P(protos) protos /* full-blown ANSI C */ +#endif +#define __CONCAT(x,y) x ## y +#define __STRING(x) #x + +#define __const const /* define reserved names to standard */ +#define __signed signed +#define __volatile volatile +#if defined(__cplusplus) +#define __inline inline /* convert to C++ keyword */ +#else +#ifndef __GNUC__ +#define __inline /* delete GCC keyword */ +#endif /* !__GNUC__ */ +#endif /* !__cplusplus */ + +#else /* !(__STDC__ || __cplusplus) */ +#ifndef __P +#define __P(protos) () /* traditional C preprocessor */ +#endif +#define __CONCAT(x,y) x/**/y +#define __STRING(x) "x" + +#ifndef __GNUC__ +#define __const /* delete pseudo-ANSI C keywords */ +#define __inline +#define __signed +#define __volatile +/* + * In non-ANSI C environments, new programs will want ANSI-only C keywords + * deleted from the program and old programs will want them left alone. + * When using a compiler other than gcc, programs using the ANSI C keywords + * const, inline etc. as normal identifiers should define -DNO_ANSI_KEYWORDS. + * When using "gcc -traditional", we assume that this is the intent; if + * __GNUC__ is defined but __STDC__ is not, we leave the new keywords alone. + */ +#ifndef NO_ANSI_KEYWORDS +#define const /* delete ANSI C keywords */ +#define inline +#define signed +#define volatile +#endif +#endif /* !__GNUC__ */ +#endif /* !(__STDC__ || __cplusplus) */ + +/* + * GCC1 and some versions of GCC2 declare dead (non-returning) and + * pure (no side effects) functions using "volatile" and "const"; + * unfortunately, these then cause warnings under "-ansi -pedantic". + * GCC2 uses a new, peculiar __attribute__((attrs)) style. All of + * these work for GNU C++ (modulo a slight glitch in the C++ grammar + * in the distribution version of 2.5.5). + */ +#if !defined(__GNUC__) || __GNUC__ < 2 || __GNUC_MINOR__ < 5 +#define __attribute__(x) /* delete __attribute__ if non-gcc or gcc1 */ +#if defined(__GNUC__) && !defined(__STRICT_ANSI__) +#define __dead __volatile +#define __pure __const +#endif +#endif + +/* Delete pseudo-keywords wherever they are not available or needed. */ +#ifndef __dead +#define __dead +#define __pure +#endif + +#endif /* !_CDEFS_H_ */ diff --git a/crypto/kerberosIV/install-sh b/crypto/kerberosIV/install-sh new file mode 100644 index 0000000..ebc6691 --- /dev/null +++ b/crypto/kerberosIV/install-sh @@ -0,0 +1,250 @@ +#! /bin/sh +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + true +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + else + instcmd=mkdir + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f $src -o -d $src ] + then + true + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + true + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + true + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' +' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + true + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + true + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 diff --git a/crypto/kerberosIV/kadmin/Design.txt b/crypto/kerberosIV/kadmin/Design.txt new file mode 100644 index 0000000..7763a04 --- /dev/null +++ b/crypto/kerberosIV/kadmin/Design.txt @@ -0,0 +1,23 @@ +// This file attempts to present the internal functioning of the new kerberos +// admin server and interface.. + +// +// The calling side +// + +// Outer interface (programmers interface) +kadm_mod_entry(vals *old_dat, vals *new_dat) returns (vals *cur_dat) + // sends a command telling the server to change all entries which match + // old_dat to entries matching new_dat + // returns in cur_dat the actual current values of the modified records + // implemented with calls to _vals_to_stream, _send_out, _take_in, and + // _stream_to_vals, _interpret_ret + +// Inner calls +_vals_to_stream (vals *, unsigned char *) + // converts a vals structure to a byte stream for transmission over the net + +_stream_to_vals (unsigned char *, vals *) + // converts a byte stream recieved into a vals structure + + diff --git a/crypto/kerberosIV/kadmin/Makefile.in b/crypto/kerberosIV/kadmin/Makefile.in new file mode 100644 index 0000000..947248e --- /dev/null +++ b/crypto/kerberosIV/kadmin/Makefile.in @@ -0,0 +1,125 @@ +# $Id: Makefile.in,v 1.37 1997/05/02 17:50:35 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +topdir=.. + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +LN_S = @LN_S@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ + +LIB_tgetent = @LIB_tgetent@ +LIB_readline = @LIB_readline@ +LIB_DBM = @LIB_DBM@ +LIBS = @LIBS@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +CRACKLIB = @CRACKLIB@ + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ +libexecdir = @libexecdir@ +bindir = @bindir@ +sbindir = @sbindir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +PROG_BIN = kpasswd$(EXECSUFFIX) \ + kadmin$(EXECSUFFIX) +PROG_SBIN = ksrvutil$(EXECSUFFIX) +PROG_LIBEXEC = kadmind$(EXECSUFFIX) +PROGS = $(PROG_BIN) $(PROG_SBIN) $(PROG_LIBEXEC) + +SOURCES = kpasswd.c kadmin.c kadm_server.c kadm_funcs.c pw_check.c \ + admin_server.c kadm_ser_wrap.c ksrvutil.c ksrvutil_get.c \ + new_pwd.c + +OBJECTS = kpasswd.o kadmin.o kadm_server.o kadm_funcs.o \ + admin_server.o kadm_ser_wrap.o ksrvutil.o ksrvutil_get.o \ + new_pwd.o + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(bindir) + for x in $(PROG_BIN); do \ + $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + $(MKINSTALLDIRS) $(sbindir) + for x in $(PROG_SBIN); do \ + $(INSTALL_PROGRAM) $$x $(sbindir)/`echo $$x | sed '$(transform)'`; \ + done + $(MKINSTALLDIRS) $(libexecdir) + for x in $(PROG_LIBEXEC); do \ + $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + @rm -f $(prefix)/sbin/kadmin + +uninstall: + for x in $(PROG_BIN); do \ + rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + for x in $(PROG_SBIN); do \ + rm -f $(sbindir)/`echo $$x | sed '$(transform)'`; \ + done + for x in $(PROG_LIBEXEC); do \ + rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +KLIB=-L../lib/kadm -lkadm -L../lib/krb -lkrb -L../lib/des -ldes -L../util/et -lcom_err +LIBROKEN=-L../lib/roken -lroken + +kpasswd$(EXECSUFFIX): kpasswd.o new_pwd.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kpasswd.o new_pwd.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +kadmin$(EXECSUFFIX): kadmin.o new_pwd.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ new_pwd.o kadmin.o -L../lib/kadm -lkadm -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/sl -lsl -L../util/et -lcom_err $(LIBROKEN) $(LIBS) $(LIB_readline) $(LIBROKEN) + +KADMIND_OBJECTS=kadm_server.o kadm_funcs.o admin_server.o kadm_ser_wrap.o pw_check.o + +kadmind$(EXECSUFFIX): $(KADMIND_OBJECTS) + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ $(KADMIND_OBJECTS) -L../lib/kdb -lkdb -L../lib/acl -lacl $(KLIB) $(CRACKLIB) $(LIBROKEN) $(LIB_DBM) $(LIBS) $(LIBROKEN) + +ksrvutil$(EXECSUFFIX): ksrvutil.o ksrvutil_get.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ ksrvutil.o ksrvutil_get.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +$(OBJECTS): ../include/config.h diff --git a/crypto/kerberosIV/kadmin/admin_server.c b/crypto/kerberosIV/kadmin/admin_server.c new file mode 100644 index 0000000..2654c77 --- /dev/null +++ b/crypto/kerberosIV/kadmin/admin_server.c @@ -0,0 +1,432 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Top-level loop of the kerberos Administration server + */ + +/* + admin_server.c + this holds the main loop and initialization and cleanup code for the server +*/ + +#include "kadm_locl.h" + +RCSID("$Id: admin_server.c,v 1.41 1997/05/27 15:52:53 bg Exp $"); + +/* Almost all procs and such need this, so it is global */ +admin_params prm; /* The command line parameters struct */ + +/* GLOBAL */ +char *acldir = DEFAULT_ACL_DIR; +static char krbrlm[REALM_SZ]; + +static unsigned pidarraysize = 0; +static int *pidarray = (int *)0; + +static int exit_now = 0; + +static +RETSIGTYPE +doexit(int sig) +{ + exit_now = 1; + SIGRETURN(0); +} + +static +RETSIGTYPE +do_child(int sig) +{ + int pid; + int i, j; + + int status; + + pid = wait(&status); + + /* Reinstall signal handlers for SysV. Must be done *after* wait */ + signal(SIGCHLD, do_child); + + for (i = 0; i < pidarraysize; i++) + if (pidarray[i] == pid) { + /* found it */ + for (j = i; j < pidarraysize-1; j++) + /* copy others down */ + pidarray[j] = pidarray[j+1]; + pidarraysize--; + if ((WIFEXITED(status) && WEXITSTATUS(status) != 0) + || WIFSIGNALED(status)) + krb_log("child %d: termsig %d, retcode %d", pid, + WTERMSIG(status), WEXITSTATUS(status)); + SIGRETURN(0); + } + krb_log("child %d not in list: termsig %d, retcode %d", pid, + WTERMSIG(status), WEXITSTATUS(status)); + SIGRETURN(0); +} + +static void +kill_children(void) +{ + int i; + + for (i = 0; i < pidarraysize; i++) { + kill(pidarray[i], SIGINT); + krb_log("killing child %d", pidarray[i]); + } +} + +/* close the system log file */ +static void +close_syslog(void) +{ + krb_log("Shutting down admin server"); +} + +static void +byebye(void) /* say goodnight gracie */ +{ + printf("Admin Server (kadm server) has completed operation.\n"); +} + +static void +clear_secrets(void) +{ + memset(server_parm.master_key, 0, sizeof(server_parm.master_key)); + memset(server_parm.master_key_schedule, 0, + sizeof(server_parm.master_key_schedule)); + server_parm.master_key_version = 0L; +} + +#ifdef DEBUG +#define cleanexit(code) {kerb_fini(); return;} +#endif + +#ifndef DEBUG +static void +cleanexit(int val) +{ + kerb_fini(); + clear_secrets(); + exit(val); +} +#endif + +static void +process_client(int fd, struct sockaddr_in *who) +{ + u_char *dat; + int dat_len; + u_short dlen; + int retval; + int on = 1; + Principal service; + des_cblock skey; + int more; + int status; + +#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT) + if (setsockopt(fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof(on)) < 0) + krb_log("setsockopt keepalive: %d",errno); +#endif + + server_parm.recv_addr = *who; + + if (kerb_init()) { /* Open as client */ + krb_log("can't open krb db"); + cleanexit(1); + } + /* need to set service key to changepw.KRB_MASTER */ + + status = kerb_get_principal(server_parm.sname, server_parm.sinst, &service, + 1, &more); + if (status == -1) { + /* db locked */ + int32_t retcode = KADM_DB_INUSE; + char *pdat; + + dat_len = KADM_VERSIZE + sizeof(retcode); + dat = (u_char *) malloc((unsigned)dat_len); + pdat = (char *) dat; + retcode = htonl((u_int32_t) KADM_DB_INUSE); + strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); + memcpy(pdat+KADM_VERSIZE, &retcode, sizeof(retcode)); + goto out; + } else if (!status) { + krb_log("no service %s.%s",server_parm.sname, server_parm.sinst); + cleanexit(2); + } + + copy_to_key(&service.key_low, &service.key_high, skey); + memset(&service, 0, sizeof(service)); + kdb_encrypt_key (&skey, &skey, &server_parm.master_key, + server_parm.master_key_schedule, DES_DECRYPT); + krb_set_key(skey, 0); /* if error, will show up when + rd_req fails */ + memset(skey, 0, sizeof(skey)); + + while (1) { + if ((retval = krb_net_read(fd, &dlen, sizeof(u_short))) != + sizeof(u_short)) { + if (retval < 0) + krb_log("dlen read: %s",error_message(errno)); + else if (retval) + krb_log("short dlen read: %d",retval); + close(fd); + cleanexit(retval ? 3 : 0); + } + if (exit_now) { + cleanexit(0); + } + dat_len = ntohs(dlen); + dat = (u_char *) malloc(dat_len); + if (!dat) { + krb_log("malloc: No memory"); + close(fd); + cleanexit(4); + } + if ((retval = krb_net_read(fd, dat, dat_len)) != dat_len) { + if (retval < 0) + krb_log("data read: %s",error_message(errno)); + else + krb_log("short read: %d vs. %d", dat_len, retval); + close(fd); + cleanexit(5); + } + if (exit_now) { + cleanexit(0); + } + if ((retval = kadm_ser_in(&dat,&dat_len)) != KADM_SUCCESS) + krb_log("processing request: %s", error_message(retval)); + + /* kadm_ser_in did the processing and returned stuff in + dat & dat_len , return the appropriate data */ + + out: + dlen = htons(dat_len); + + if (krb_net_write(fd, &dlen, sizeof(u_short)) < 0) { + krb_log("writing dlen to client: %s",error_message(errno)); + close(fd); + cleanexit(6); + } + + if (krb_net_write(fd, dat, dat_len) < 0) { + krb_log("writing to client: %s", error_message(errno)); + close(fd); + cleanexit(7); + } + free(dat); + } + /*NOTREACHED*/ +} + +/* +kadm_listen +listen on the admin servers port for a request +*/ +static int +kadm_listen(void) +{ + int found; + int admin_fd; + int peer_fd; + fd_set mask, readfds; + struct sockaddr_in peer; + int addrlen; + int pid; + + signal(SIGINT, doexit); + signal(SIGTERM, doexit); + signal(SIGHUP, doexit); + signal(SIGQUIT, doexit); + signal(SIGPIPE, SIG_IGN); /* get errors on write() */ + signal(SIGALRM, doexit); + signal(SIGCHLD, do_child); + if (setsid() < 0) + krb_log("setsid() failed"); + + if ((admin_fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) + return KADM_NO_SOCK; +#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) + { + int one=1; + setsockopt(admin_fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one, + sizeof(one)); + } +#endif + if (bind(admin_fd, (struct sockaddr *)&server_parm.admin_addr, + sizeof(struct sockaddr_in)) < 0) + return KADM_NO_BIND; + listen(admin_fd, 1); + FD_ZERO(&mask); + FD_SET(admin_fd, &mask); + + for (;;) { /* loop nearly forever */ + if (exit_now) { + clear_secrets(); + kill_children(); + return(0); + } + readfds = mask; + if ((found = select(admin_fd+1, &readfds, 0, + 0, (struct timeval *)0)) == 0) + continue; /* no things read */ + if (found < 0) { + if (errno != EINTR) + krb_log("select: %s",error_message(errno)); + continue; + } + if (FD_ISSET(admin_fd, &readfds)) { + /* accept the conn */ + addrlen = sizeof(peer); + if ((peer_fd = accept(admin_fd, (struct sockaddr *)&peer, + &addrlen)) < 0) { + krb_log("accept: %s",error_message(errno)); + continue; + } +#ifndef DEBUG + /* if you want a sep daemon for each server */ + if ((pid = fork())) { + /* parent */ + if (pid < 0) { + krb_log("fork: %s",error_message(errno)); + close(peer_fd); + continue; + } + /* fork succeded: keep tabs on child */ + close(peer_fd); + if (pidarray) { + pidarray = (int *)realloc(pidarray, ++pidarraysize); + pidarray[pidarraysize-1] = pid; + } else { + pidarray = (int *)malloc(pidarraysize = 1); + pidarray[0] = pid; + } + } else { + /* child */ + close(admin_fd); +#endif /* DEBUG */ + /* + * If we are multihomed we need to figure out which + * local address that is used this time since it is + * used in "direction" comparison. + */ + getsockname(peer_fd, + (struct sockaddr *)&server_parm.admin_addr, + &addrlen); + /* do stuff */ + process_client (peer_fd, &peer); +#ifndef DEBUG + } +#endif + } else { + krb_log("something else woke me up!"); + return(0); + } + } + /*NOTREACHED*/ +} + +/* +** Main does the logical thing, it sets up the database and RPC interface, +** as well as handling the creation and maintenance of the syslog file... +*/ +int +main(int argc, char **argv) /* admin_server main routine */ +{ + int errval; + int c; + + set_progname (argv[0]); + + umask(077); /* Create protected files */ + + /* initialize the admin_params structure */ + prm.sysfile = KADM_SYSLOG; /* default file name */ + prm.inter = 0; + + memset(krbrlm, 0, sizeof(krbrlm)); + + while ((c = getopt(argc, argv, "f:hmnd:a:r:")) != EOF) + switch(c) { + case 'f': /* Syslog file name change */ + prm.sysfile = optarg; + break; + case 'n': + prm.inter = 0; + break; + case 'm': + prm.inter = 1; + break; + case 'a': /* new acl directory */ + acldir = optarg; + break; + case 'd': + /* put code to deal with alt database place */ + if ((errval = kerb_db_set_name(optarg))) + errx (1, "opening database %s: %s", + optarg, error_message(errval)); + break; + case 'r': + strncpy(krbrlm, optarg, sizeof(krbrlm) - 1); + break; + case 'h': /* get help on using admin_server */ + default: + errx(1, "Usage: kadmind [-h] [-n] [-m] [-r realm] [-d dbname] [-f filename] [-a acldir]"); + } + + if (krbrlm[0] == 0) + if (krb_get_lrealm(krbrlm, 0) != KSUCCESS) + errx (1, "Unable to get local realm. Fix krb.conf or use -r."); + + printf("KADM Server %s initializing\n",KADM_VERSTR); + printf("Please do not use 'kill -9' to kill this job, use a\n"); + printf("regular kill instead\n\n"); + + kset_logfile(prm.sysfile); + krb_log("Admin server starting"); + + kerb_db_set_lockmode(KERB_DBL_NONBLOCKING); + errval = kerb_init(); /* Open the Kerberos database */ + if (errval) { + warnx ("error: kerb_init() failed"); + close_syslog(); + byebye(); + } + /* set up the server_parm struct */ + if ((errval = kadm_ser_init(prm.inter, krbrlm))==KADM_SUCCESS) { + kerb_fini(); /* Close the Kerberos database-- + will re-open later */ + errval = kadm_listen(); /* listen for calls to server from + clients */ + } + if (errval != KADM_SUCCESS) { + warnx("error: %s",error_message(errval)); + kerb_fini(); /* Close if error */ + } + close_syslog(); /* Close syslog file, print + closing note */ + byebye(); /* Say bye bye on the terminal + in use */ + exit(1); +} /* procedure main */ diff --git a/crypto/kerberosIV/kadmin/kadm_funcs.c b/crypto/kerberosIV/kadmin/kadm_funcs.c new file mode 100644 index 0000000..34a34b0 --- /dev/null +++ b/crypto/kerberosIV/kadmin/kadm_funcs.c @@ -0,0 +1,411 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + +*/ + +/* + * Kerberos administration server-side database manipulation routines + */ + +/* + * kadm_funcs.c + * the actual database manipulation code + */ + +#include "kadm_locl.h" + +RCSID("$Id: kadm_funcs.c,v 1.16 1997/05/02 14:28:49 assar Exp $"); + +static int +check_access(char *pname, char *pinst, char *prealm, enum acl_types acltype) +{ + char checkname[MAX_K_NAME_SZ]; + char filename[MaxPathLen]; + + snprintf(checkname, sizeof(checkname), "%s.%s@%s", pname, pinst, prealm); + + switch (acltype) { + case ADDACL: + snprintf(filename, sizeof(filename), "%s%s", acldir, ADD_ACL_FILE); + break; + case GETACL: + snprintf(filename, sizeof(filename), "%s%s", acldir, GET_ACL_FILE); + break; + case MODACL: + snprintf(filename, sizeof(filename), "%s%s", acldir, MOD_ACL_FILE); + break; + case DELACL: + snprintf(filename, sizeof(filename), "%s%s", acldir, DEL_ACL_FILE); + break; + default: + krb_log("WARNING in check_access: default case in switch"); + return 0; + } + return(acl_check(filename, checkname)); +} + +static int +wildcard(char *str) +{ + if (!strcmp(str, WILDCARD_STR)) + return(1); + return(0); +} + +static int +fail(int code, char *oper, char *princ) +{ + krb_log("ERROR: %s: %s (%s)", oper, princ, error_message(code)); + return code; +} + +#define failadd(code) { fail(code, "ADD", victim); return code; } +#define faildelete(code) { fail(code, "DELETE", victim); return code; } +#define failget(code) { fail(code, "GET", victim); return code; } +#define failmod(code) { fail(code, "MOD", victim); return code; } +#define failchange(code) { fail(code, "CHANGE", admin); return code; } + +int +kadm_add_entry (char *rname, char *rinstance, char *rrealm, + Kadm_vals *valsin, Kadm_vals *valsout) +{ + long numfound; /* check how many we get written */ + int more; /* pointer to more grabbed records */ + Principal data_i, data_o; /* temporary principal */ + u_char flags[4]; + des_cblock newpw; + Principal default_princ; + + char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ]; + + strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm)); + strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL)); + + krb_log("ADD: %s by %s", victim, admin); + + if (!check_access(rname, rinstance, rrealm, ADDACL)) { + krb_log("WARNING: ADD: %s permission denied", admin); + return KADM_UNAUTH; + } + + /* Need to check here for "legal" name and instance */ + if (wildcard(valsin->name) || wildcard(valsin->instance)) { + failadd(KADM_ILL_WILDCARD); + } + + numfound = kerb_get_principal(KERB_DEFAULT_NAME, KERB_DEFAULT_INST, + &default_princ, 1, &more); + if (numfound == -1) { + failadd(KADM_DB_INUSE); + } else if (numfound != 1) { + failadd(KADM_UK_RERROR); + } + + kadm_vals_to_prin(valsin->fields, &data_i, valsin); + strncpy(data_i.name, valsin->name, ANAME_SZ); + strncpy(data_i.instance, valsin->instance, INST_SZ); + + if (!IS_FIELD(KADM_EXPDATE,valsin->fields)) + data_i.exp_date = default_princ.exp_date; + if (!IS_FIELD(KADM_ATTR,valsin->fields)) + data_i.attributes = default_princ.attributes; + if (!IS_FIELD(KADM_MAXLIFE,valsin->fields)) + data_i.max_life = default_princ.max_life; + + memset(&default_princ, 0, sizeof(default_princ)); + + /* convert to host order */ + data_i.key_low = ntohl(data_i.key_low); + data_i.key_high = ntohl(data_i.key_high); + + + copy_to_key(&data_i.key_low, &data_i.key_high, newpw); + + /* encrypt new key in master key */ + kdb_encrypt_key (&newpw, &newpw, &server_parm.master_key, + server_parm.master_key_schedule, DES_ENCRYPT); + copy_from_key(newpw, &data_i.key_low, &data_i.key_high); + memset(newpw, 0, sizeof(newpw)); + + data_o = data_i; + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if (numfound == -1) { + failadd(KADM_DB_INUSE); + } else if (numfound) { + failadd(KADM_INUSE); + } else { + data_i.key_version++; + data_i.kdc_key_ver = server_parm.master_key_version; + strncpy(data_i.mod_name, rname, sizeof(data_i.mod_name)-1); + strncpy(data_i.mod_instance, rinstance, + sizeof(data_i.mod_instance)-1); + + numfound = kerb_put_principal(&data_i, 1); + if (numfound == -1) { + failadd(KADM_DB_INUSE); + } else if (numfound) { + failadd(KADM_UK_SERROR); + } else { + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if ((numfound!=1) || (more!=0)) { + failadd(KADM_UK_RERROR); + } + memset(flags, 0, sizeof(flags)); + SET_FIELD(KADM_NAME,flags); + SET_FIELD(KADM_INST,flags); + SET_FIELD(KADM_EXPDATE,flags); + SET_FIELD(KADM_ATTR,flags); + SET_FIELD(KADM_MAXLIFE,flags); + kadm_prin_to_vals(flags, valsout, &data_o); + krb_log("ADD: %s added", victim); + return KADM_DATA; /* Set all the appropriate fields */ + } + } +} + +int +kadm_delete_entry (char *rname, char *rinstance, char *rrealm, + Kadm_vals *valsin) +{ + int ret; + + char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ]; + + strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm)); + strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL)); + + krb_log("DELETE: %s by %s", victim, admin); + + if (!check_access(rname, rinstance, rrealm, DELACL)) { + krb_log("WARNING: DELETE: %s permission denied", admin); + return KADM_UNAUTH; + } + + /* Need to check here for "legal" name and instance */ + if (wildcard(valsin->name) || wildcard(valsin->instance)) { + faildelete(KADM_ILL_WILDCARD); + } + +#define EQ(V,N,I) (strcmp((V)->name, (N)) == 0 && strcmp((V)->instance, (I)) == 0) + + if(EQ(valsin, PWSERV_NAME, KRB_MASTER) || + EQ(valsin, "K", "M") || + EQ(valsin, "default", "") || + EQ(valsin, KRB_TICKET_GRANTING_TICKET, server_parm.krbrlm)){ + krb_log("WARNING: DELETE: %s is immutable", victim); + return KADM_IMMUTABLE; /* XXX */ + } + + ret = kerb_delete_principal(valsin->name, valsin->instance); + if(ret == -1) + return KADM_DB_INUSE; /* XXX */ + krb_log("DELETE: %s removed.", victim); + return KADM_SUCCESS; +} + + +int +kadm_get_entry (char *rname, char *rinstance, char *rrealm, + Kadm_vals *valsin, u_char *flags, Kadm_vals *valsout) +{ + long numfound; /* check how many were returned */ + int more; /* To point to more name.instances */ + Principal data_o; /* Data object to hold Principal */ + + char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ]; + + strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm)); + strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL)); + + krb_log("GET: %s by %s", victim, admin); + + if (!check_access(rname, rinstance, rrealm, GETACL)) { + krb_log("WARNING: GET: %s permission denied", admin); + return KADM_UNAUTH; + } + + if (wildcard(valsin->name) || wildcard(valsin->instance)) { + failget(KADM_ILL_WILDCARD); + } + + /* Look up the record in the database */ + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if (numfound == -1) { + failget(KADM_DB_INUSE); + } else if (numfound) { /* We got the record, let's return it */ + kadm_prin_to_vals(flags, valsout, &data_o); + krb_log("GET: %s retrieved", victim); + return KADM_DATA; /* Set all the appropriate fields */ + } else { + failget(KADM_NOENTRY); /* Else whimper and moan */ + } +} + +int +kadm_mod_entry (char *rname, char *rinstance, char *rrealm, + Kadm_vals *valsin, Kadm_vals *valsin2, Kadm_vals *valsout) +{ + long numfound; + int more; + Principal data_o, temp_key; + u_char fields[4]; + des_cblock newpw; + + char admin[MAX_K_NAME_SZ], victim[MAX_K_NAME_SZ]; + + strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm)); + strcpy(victim, krb_unparse_name_long(valsin->name, valsin->instance, NULL)); + + krb_log("MOD: %s by %s", victim, admin); + + if (wildcard(valsin->name) || wildcard(valsin->instance)) { + failmod(KADM_ILL_WILDCARD); + } + + if (!check_access(rname, rinstance, rrealm, MODACL)) { + krb_log("WARNING: MOD: %s permission denied", admin); + return KADM_UNAUTH; + } + + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if (numfound == -1) { + failmod(KADM_DB_INUSE); + } else if (numfound) { + kadm_vals_to_prin(valsin2->fields, &temp_key, valsin2); + strncpy(data_o.name, valsin->name, ANAME_SZ); + strncpy(data_o.instance, valsin->instance, INST_SZ); + if (IS_FIELD(KADM_EXPDATE,valsin2->fields)) + data_o.exp_date = temp_key.exp_date; + if (IS_FIELD(KADM_ATTR,valsin2->fields)) + data_o.attributes = temp_key.attributes; + if (IS_FIELD(KADM_MAXLIFE,valsin2->fields)) + data_o.max_life = temp_key.max_life; + if (IS_FIELD(KADM_DESKEY,valsin2->fields)) { + data_o.key_version++; + data_o.kdc_key_ver = server_parm.master_key_version; + + + /* convert to host order */ + temp_key.key_low = ntohl(temp_key.key_low); + temp_key.key_high = ntohl(temp_key.key_high); + + + copy_to_key(&temp_key.key_low, &temp_key.key_high, newpw); + + /* encrypt new key in master key */ + kdb_encrypt_key (&newpw, &newpw, &server_parm.master_key, + server_parm.master_key_schedule, DES_ENCRYPT); + copy_from_key(newpw, &data_o.key_low, &data_o.key_high); + memset(newpw, 0, sizeof(newpw)); + } + memset(&temp_key, 0, sizeof(temp_key)); + + strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); + strncpy(data_o.mod_instance, rinstance, + sizeof(data_o.mod_instance)-1); + more = kerb_put_principal(&data_o, 1); + + memset(&data_o, 0, sizeof(data_o)); + + if (more == -1) { + failmod(KADM_DB_INUSE); + } else if (more) { + failmod(KADM_UK_SERROR); + } else { + numfound = kerb_get_principal(valsin->name, valsin->instance, + &data_o, 1, &more); + if ((more!=0)||(numfound!=1)) { + failmod(KADM_UK_RERROR); + } + memset(fields, 0, sizeof(fields)); + SET_FIELD(KADM_NAME,fields); + SET_FIELD(KADM_INST,fields); + SET_FIELD(KADM_EXPDATE,fields); + SET_FIELD(KADM_ATTR,fields); + SET_FIELD(KADM_MAXLIFE,fields); + kadm_prin_to_vals(fields, valsout, &data_o); + krb_log("MOD: %s modified", victim); + return KADM_DATA; /* Set all the appropriate fields */ + } + } + else { + failmod(KADM_NOENTRY); + } +} + +int +kadm_change (char *rname, char *rinstance, char *rrealm, unsigned char *newpw) +{ + long numfound; + int more; + Principal data_o; + des_cblock local_pw; + + char admin[MAX_K_NAME_SZ]; + + strcpy(admin, krb_unparse_name_long(rname, rinstance, rrealm)); + + krb_log("CHANGE: %s", admin); + + if (strcmp(server_parm.krbrlm, rrealm)) { + krb_log("ERROR: CHANGE: request from wrong realm %s", rrealm); + return(KADM_WRONG_REALM); + } + + if (wildcard(rname) || wildcard(rinstance)) { + failchange(KADM_ILL_WILDCARD); + } + + memcpy(local_pw, newpw, sizeof(local_pw)); + + /* encrypt new key in master key */ + kdb_encrypt_key (&local_pw, &local_pw, &server_parm.master_key, + server_parm.master_key_schedule, DES_ENCRYPT); + + numfound = kerb_get_principal(rname, rinstance, + &data_o, 1, &more); + if (numfound == -1) { + failchange(KADM_DB_INUSE); + } else if (numfound) { + copy_from_key(local_pw, &data_o.key_low, &data_o.key_high); + data_o.key_version++; + data_o.kdc_key_ver = server_parm.master_key_version; + strncpy(data_o.mod_name, rname, sizeof(data_o.mod_name)-1); + strncpy(data_o.mod_instance, rinstance, + sizeof(data_o.mod_instance)-1); + more = kerb_put_principal(&data_o, 1); + memset(local_pw, 0, sizeof(local_pw)); + memset(&data_o, 0, sizeof(data_o)); + if (more == -1) { + failchange(KADM_DB_INUSE); + } else if (more) { + failchange(KADM_UK_SERROR); + } else { + krb_log("CHANGE: %s's password changed", admin); + return KADM_SUCCESS; + } + } + else { + failchange(KADM_NOENTRY); + } +} diff --git a/crypto/kerberosIV/kadmin/kadm_locl.h b/crypto/kerberosIV/kadmin/kadm_locl.h new file mode 100644 index 0000000..07f9093 --- /dev/null +++ b/crypto/kerberosIV/kadmin/kadm_locl.h @@ -0,0 +1,148 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kadm_locl.h,v 1.25 1997/05/20 18:40:43 bg Exp $ */ + +#include "config.h" +#include "protos.h" + +#include <stdio.h> +#include <stdlib.h> +#include <ctype.h> +#include <string.h> + +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif + +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif + +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_SYS_SELECT_H +#include <sys/select.h> +#endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif + +#include <errno.h> +#include <signal.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +#ifdef HAVE_SYS_RESOURCE_H +#include <sys/resource.h> +#endif /* HAVE_SYS_RESOURCE_H */ +#ifdef HAVE_SYS_WAIT_H +#include <sys/wait.h> +#endif +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif + +#ifdef HAVE_SYSLOG_H +#include <syslog.h> +#endif + +#include <err.h> + +#ifdef SOCKS +#include <socks.h> +#endif + +#include <roken.h> + +#include <com_err.h> +#include <sl.h> + +#include <des.h> +#include <krb.h> +#include <krb_err.h> +#include <krb_db.h> +#include <kadm.h> +#include <kadm_err.h> +#include <acl.h> + +#include "kadm_server.h" +#include "pw_check.h" + +/* from libacl */ +/* int acl_check(char *acl, char *principal); */ + +/* GLOBALS */ +extern char *acldir; +extern Kadm_Server server_parm; + +/* Utils */ +int kadm_change __P((char *, char *, char *, des_cblock)); +int kadm_add_entry __P((char *, char *, char *, Kadm_vals *, Kadm_vals *)); +int kadm_mod_entry __P((char *, char *, char *, Kadm_vals *, Kadm_vals *, Kadm_vals *)); +int kadm_get_entry __P((char *, char *, char *, Kadm_vals *, u_char *, Kadm_vals *)); +int kadm_delete_entry __P((char *, char *, char *, Kadm_vals *)); +int kadm_ser_cpw __P((u_char *, int, AUTH_DAT *, u_char **, int *)); +int kadm_ser_add __P((u_char *, int, AUTH_DAT *, u_char **, int *)); +int kadm_ser_mod __P((u_char *, int, AUTH_DAT *, u_char **, int *)); +int kadm_ser_get __P((u_char *, int, AUTH_DAT *, u_char **, int *)); +int kadm_ser_delete __P((u_char *, int, AUTH_DAT *, u_char **, int *)); +int kadm_ser_init __P((int inter, char realm[])); +int kadm_ser_in __P((u_char **, int *)); + +int get_pw_new_pwd __P((char *pword, int pwlen, krb_principal *pr, int print_realm)); + +/* cracklib */ +char *FascistCheck __P((char *password, char *path, char **strings)); diff --git a/crypto/kerberosIV/kadmin/kadm_ser_wrap.c b/crypto/kerberosIV/kadmin/kadm_ser_wrap.c new file mode 100644 index 0000000..6909a9f --- /dev/null +++ b/crypto/kerberosIV/kadmin/kadm_ser_wrap.c @@ -0,0 +1,213 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Kerberos administration server-side support functions + */ + +/* +kadm_ser_wrap.c +unwraps wrapped packets and calls the appropriate server subroutine +*/ + +#include "kadm_locl.h" + +RCSID("$Id: kadm_ser_wrap.c,v 1.20 1997/05/02 10:29:14 joda Exp $"); + +/* GLOBAL */ +Kadm_Server server_parm; + +/* +kadm_ser_init +set up the server_parm structure +*/ +int +kadm_ser_init(int inter, char *realm) + /* interactive or from file */ + +{ + struct hostent *hp; + char hostname[MaxHostNameLen]; + + init_kadm_err_tbl(); + init_krb_err_tbl(); + if (k_gethostname(hostname, sizeof(hostname))) + return KADM_NO_HOSTNAME; + + strcpy(server_parm.sname, PWSERV_NAME); + strcpy(server_parm.sinst, KRB_MASTER); + strcpy(server_parm.krbrlm, realm); + + server_parm.admin_fd = -1; + /* setting up the addrs */ + memset(&server_parm.admin_addr,0, sizeof(server_parm.admin_addr)); + + server_parm.admin_addr.sin_port = k_getportbyname (KADM_SNAME, + "tcp", + htons(751)); + server_parm.admin_addr.sin_family = AF_INET; + if ((hp = gethostbyname(hostname)) == NULL) + return KADM_NO_HOSTNAME; + server_parm.admin_addr.sin_addr.s_addr = INADDR_ANY; + /* setting up the database */ + if (kdb_get_master_key((inter==1), &server_parm.master_key, + server_parm.master_key_schedule) != 0) + return KADM_NO_MAST; + if ((server_parm.master_key_version = + kdb_verify_master_key(&server_parm.master_key, + server_parm.master_key_schedule,stderr))<0) + return KADM_NO_VERI; + return KADM_SUCCESS; +} + +static void errpkt(u_char **dat, int *dat_len, int code) +{ + u_int32_t retcode; + char *pdat; + + free(*dat); /* free up req */ + *dat_len = KADM_VERSIZE + sizeof(u_int32_t); + *dat = (u_char *) malloc((unsigned)*dat_len); + pdat = (char *) *dat; + retcode = htonl((u_int32_t) code); + strncpy(pdat, KADM_ULOSE, KADM_VERSIZE); + memcpy(&pdat[KADM_VERSIZE], &retcode, sizeof(u_int32_t)); + return; +} + +/* +kadm_ser_in +unwrap the data stored in dat, process, and return it. +*/ +int +kadm_ser_in(u_char **dat, int *dat_len) +{ + u_char *in_st; /* pointer into the sent packet */ + int in_len,retc; /* where in packet we are, for + returns */ + u_int32_t r_len; /* length of the actual packet */ + KTEXT_ST authent; /* the authenticator */ + AUTH_DAT ad; /* who is this, klink */ + u_int32_t ncksum; /* checksum of encrypted data */ + des_key_schedule sess_sched; /* our schedule */ + MSG_DAT msg_st; + u_char *retdat, *tmpdat; + int retval, retlen; + + if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) { + errpkt(dat, dat_len, KADM_BAD_VER); + return KADM_BAD_VER; + } + in_len = KADM_VERSIZE; + /* get the length */ + if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0) + return KADM_LENGTH_ERROR; + in_len += retc; + authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_int32_t); + memcpy(authent.dat, (char *)(*dat) + in_len, authent.length); + authent.mbz = 0; + /* service key should be set before here */ + if ((retc = krb_rd_req(&authent, server_parm.sname, server_parm.sinst, + server_parm.recv_addr.sin_addr.s_addr, &ad, NULL))) + { + errpkt(dat, dat_len,retc + krb_err_base); + return retc + krb_err_base; + } + +#define clr_cli_secrets() {memset(sess_sched, 0, sizeof(sess_sched)); memset(ad.session, 0,sizeof(ad.session));} + + in_st = *dat + *dat_len - r_len; +#ifdef NOENCRYPTION + ncksum = 0; +#else + ncksum = des_quad_cksum((des_cblock *)in_st, (des_cblock *)0, (long) r_len, 0, &ad.session); +#endif + if (ncksum!=ad.checksum) { /* yow, are we correct yet */ + clr_cli_secrets(); + errpkt(dat, dat_len,KADM_BAD_CHK); + return KADM_BAD_CHK; + } +#ifdef NOENCRYPTION + memset(sess_sched, 0, sizeof(sess_sched)); +#else + des_key_sched(&ad.session, sess_sched); +#endif + if ((retc = (int) krb_rd_priv(in_st, r_len, sess_sched, &ad.session, + &server_parm.recv_addr, + &server_parm.admin_addr, &msg_st))) { + clr_cli_secrets(); + errpkt(dat, dat_len,retc + krb_err_base); + return retc + krb_err_base; + } + switch (msg_st.app_data[0]) { + case CHANGE_PW: + retval = kadm_ser_cpw(msg_st.app_data+1,(int) msg_st.app_length - 1, + &ad, &retdat, &retlen); + break; + case ADD_ENT: + retval = kadm_ser_add(msg_st.app_data+1,(int) msg_st.app_length - 1, + &ad, &retdat, &retlen); + break; + case GET_ENT: + retval = kadm_ser_get(msg_st.app_data+1,(int) msg_st.app_length - 1, + &ad, &retdat, &retlen); + break; + case MOD_ENT: + retval = kadm_ser_mod(msg_st.app_data+1,(int) msg_st.app_length - 1, + &ad, &retdat, &retlen); + break; + case DEL_ENT: + retval = kadm_ser_delete(msg_st.app_data + 1, msg_st.app_length - 1, + &ad, &retdat, &retlen); + break; + default: + clr_cli_secrets(); + errpkt(dat, dat_len, KADM_NO_OPCODE); + return KADM_NO_OPCODE; + } + /* Now seal the response back into a priv msg */ + free(*dat); + tmpdat = (u_char *) malloc((unsigned)(retlen + KADM_VERSIZE + + sizeof(u_int32_t))); + strncpy((char *)tmpdat, KADM_VERSTR, KADM_VERSIZE); + retval = htonl((u_int32_t)retval); + memcpy((char *)tmpdat + KADM_VERSIZE, &retval, sizeof(u_int32_t)); + if (retlen) { + memcpy((char *)tmpdat + KADM_VERSIZE + sizeof(u_int32_t), retdat, + retlen); + free(retdat); + } + /* slop for mk_priv stuff */ + *dat = (u_char *) malloc((unsigned) (retlen + KADM_VERSIZE + + sizeof(u_int32_t) + 200)); + if ((*dat_len = krb_mk_priv(tmpdat, *dat, + (u_int32_t) (retlen + KADM_VERSIZE + + sizeof(u_int32_t)), + sess_sched, + &ad.session, &server_parm.admin_addr, + &server_parm.recv_addr)) < 0) { + clr_cli_secrets(); + errpkt(dat, dat_len, KADM_NO_ENCRYPT); + return KADM_NO_ENCRYPT; + } + clr_cli_secrets(); + return KADM_SUCCESS; +} diff --git a/crypto/kerberosIV/kadmin/kadm_server.c b/crypto/kerberosIV/kadmin/kadm_server.c new file mode 100644 index 0000000..1006f20 --- /dev/null +++ b/crypto/kerberosIV/kadmin/kadm_server.c @@ -0,0 +1,198 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Kerberos administration server-side subroutines + */ + +#include "kadm_locl.h" + +RCSID("$Id: kadm_server.c,v 1.9 1997/05/02 10:29:08 joda Exp $"); + +/* +kadm_ser_cpw - the server side of the change_password routine + recieves : KTEXT, {key} + returns : CKSUM, RETCODE + acl : caller can change only own password + +Replaces the password (i.e. des key) of the caller with that specified in key. +Returns no actual data from the master server, since this is called by a user +*/ +int +kadm_ser_cpw(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen) +{ + u_int32_t keylow, keyhigh; + des_cblock newkey; + int status; + int stvlen=0; + char *pw_msg; + char pword[MAX_KPW_LEN]; + char *strings[4]; + + /* take key off the stream, and change the database */ + + if ((status = stv_long(dat, &keyhigh, 0, len)) < 0) + return(KADM_LENGTH_ERROR); + stvlen=status; + if ((status = stv_long(dat, &keylow, stvlen, len)) < 0) + return(KADM_LENGTH_ERROR); + stvlen+=status; + + if((status = stv_string(dat, pword, stvlen, sizeof(pword), len))<0) + pword[0]=0; + + keylow = ntohl(keylow); + keyhigh = ntohl(keyhigh); + memcpy(((char *)newkey) + 4, &keyhigh, 4); + memcpy(newkey, &keylow, 4); + + strings[0] = ad->pname; + strings[1] = ad->pinst; + strings[2] = ad->prealm; + strings[3] = NULL; + status = kadm_pw_check(pword, &newkey, &pw_msg, strings); + + memset(pword, 0, sizeof(pword)); + memset(dat, 0, len); + + if(status != KADM_SUCCESS){ + *datout=malloc(0); + *outlen=vts_string(pw_msg, datout, 0); + return status; + } + *datout=0; + *outlen=0; + + return(kadm_change(ad->pname, ad->pinst, ad->prealm, newkey)); +} + + +/* +kadm_ser_add - the server side of the add_entry routine + recieves : KTEXT, {values} + returns : CKSUM, RETCODE, {values} + acl : su, sms (as alloc) + +Adds and entry containing values to the database +returns the values of the entry, so if you leave certain fields blank you will + be able to determine the default values they are set to +*/ +int +kadm_ser_add(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen) +{ + Kadm_vals values, retvals; + long status; + + if ((status = stream_to_vals(dat, &values, len)) < 0) + return(KADM_LENGTH_ERROR); + if ((status = kadm_add_entry(ad->pname, ad->pinst, ad->prealm, + &values, &retvals)) == KADM_DATA) { + *outlen = vals_to_stream(&retvals,datout); + return KADM_SUCCESS; + } else { + *outlen = 0; + return status; + } +} + +/* +kadm_ser_mod - the server side of the mod_entry routine + recieves : KTEXT, {values, values} + returns : CKSUM, RETCODE, {values} + acl : su, sms (as register or dealloc) + +Modifies all entries corresponding to the first values so they match the + second values. +returns the values for the changed entries +*/ +int +kadm_ser_mod(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen) +{ + Kadm_vals vals1, vals2, retvals; + int wh; + long status; + + if ((wh = stream_to_vals(dat, &vals1, len)) < 0) + return KADM_LENGTH_ERROR; + if ((status = stream_to_vals(dat+wh,&vals2, len-wh)) < 0) + return KADM_LENGTH_ERROR; + if ((status = kadm_mod_entry(ad->pname, ad->pinst, ad->prealm, &vals1, + &vals2, &retvals)) == KADM_DATA) { + *outlen = vals_to_stream(&retvals,datout); + return KADM_SUCCESS; + } else { + *outlen = 0; + return status; + } +} + +int +kadm_ser_delete(u_char *dat, int len, AUTH_DAT *ad, + u_char **datout, int *outlen) +{ + Kadm_vals values; + int wh; + int status; + + if((wh = stream_to_vals(dat, &values, len)) < 0) + return KADM_LENGTH_ERROR; + if(wh != len) + return KADM_LENGTH_ERROR; + status = kadm_delete_entry(ad->pname, ad->pinst, ad->prealm, + &values); + *outlen = 0; + return status; +} + +/* +kadm_ser_get + recieves : KTEXT, {values, flags} + returns : CKSUM, RETCODE, {count, values, values, values} + acl : su + +gets the fields requested by flags from all entries matching values +returns this data for each matching recipient, after a count of how many such + matches there were +*/ +int +kadm_ser_get(u_char *dat, int len, AUTH_DAT *ad, u_char **datout, int *outlen) +{ + Kadm_vals values, retvals; + u_char fl[FLDSZ]; + int loop,wh; + long status; + + if ((wh = stream_to_vals(dat, &values, len)) < 0) + return KADM_LENGTH_ERROR; + if (wh + FLDSZ > len) + return KADM_LENGTH_ERROR; + for (loop=FLDSZ-1; loop>=0; loop--) + fl[loop] = dat[wh++]; + if ((status = kadm_get_entry(ad->pname, ad->pinst, ad->prealm, + &values, fl, &retvals)) == KADM_DATA) { + *outlen = vals_to_stream(&retvals,datout); + return KADM_SUCCESS; + } else { + *outlen = 0; + return status; + } +} + diff --git a/crypto/kerberosIV/kadmin/kadm_server.h b/crypto/kerberosIV/kadmin/kadm_server.h new file mode 100644 index 0000000..c730574 --- /dev/null +++ b/crypto/kerberosIV/kadmin/kadm_server.h @@ -0,0 +1,66 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* $Id: kadm_server.h,v 1.10 1997/05/11 04:08:26 assar Exp $ */ + +/* + * Definitions for Kerberos administration server & client + */ + +#ifndef KADM_SERVER_DEFS +#define KADM_SERVER_DEFS + +/* + * kadm_server.h + * Header file for the fourth attempt at an admin server + * Doug Church, December 28, 1989, MIT Project Athena + * ps. Yes that means this code belongs to athena etc... + * as part of our ongoing attempt to copyright all greek names + */ + +typedef struct { + struct sockaddr_in admin_addr; + struct sockaddr_in recv_addr; + int recv_addr_len; + int admin_fd; /* our link to clients */ + char sname[ANAME_SZ]; + char sinst[INST_SZ]; + char krbrlm[REALM_SZ]; + des_cblock master_key; + des_cblock session_key; + des_key_schedule master_key_schedule; + long master_key_version; +} Kadm_Server; + +/* the default syslog file */ +#ifndef KADM_SYSLOG +#define KADM_SYSLOG "/var/log/admin_server.syslog" +#endif /* KADM_SYSLOG */ + +#ifndef DEFAULT_ACL_DIR +#define DEFAULT_ACL_DIR "/var/kerberos" +#endif /* DEFAULT_ACL_DIR */ +#define ADD_ACL_FILE "/admin_acl.add" +#define GET_ACL_FILE "/admin_acl.get" +#define MOD_ACL_FILE "/admin_acl.mod" +#define DEL_ACL_FILE "/admin_acl.del" + +#endif /* KADM_SERVER_DEFS */ diff --git a/crypto/kerberosIV/kadmin/kadmin.c b/crypto/kerberosIV/kadmin/kadmin.c new file mode 100644 index 0000000..f117b6b --- /dev/null +++ b/crypto/kerberosIV/kadmin/kadmin.c @@ -0,0 +1,845 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Kerberos database administrator's tool. + * + * The default behavior of kadmin is if the -m option is given + * on the commandline, multiple requests are allowed to be given + * with one entry of the admin password (until the tickets expire). + */ + +#include "kadm_locl.h" + +RCSID("$Id: kadmin.c,v 1.48 1997/05/13 09:43:06 bg Exp $"); + +static void change_password(int argc, char **argv); +static void change_key(int argc, char **argv); +static void change_admin_password(int argc, char **argv); +static void add_new_key(int argc, char **argv); +static void del_entry(int argc, char **argv); +static void get_entry(int argc, char **argv); +static void mod_entry(int argc, char **argv); +static void help(int argc, char **argv); +static void clean_up_cmd(int argc, char **argv); +static void quit_cmd(int argc, char **argv); + +static SL_cmd cmds[] = { + {"change_password", change_password, "Change a user's password"}, + {"cpw"}, + {"passwd"}, + {"change_key", change_key, "Change a user's password as a DES binary key"}, + {"ckey"}, + {"change_admin_password", change_admin_password, + "Change your admin password"}, + {"cap"}, + {"add_new_key", add_new_key, "Add new user to kerberos database"}, + {"ank"}, + {"del_entry", del_entry, "Delete entry from database"}, + {"del"}, + {"delete"}, + {"get_entry", get_entry, "Get entry from kerberos database"}, + {"mod_entry", mod_entry, "Modify entry in kerberos database"}, + {"destroy_tickets", clean_up_cmd, "Destroy admin tickets"}, + {"exit", quit_cmd, "Exit program"}, + {"quit"}, + {"help", help, "Help"}, + {"?"}, + {NULL} +}; + +#define BAD_PW 1 +#define GOOD_PW 0 +#define FUDGE_VALUE 15 /* for ticket expiration time */ +#define PE_NO 0 +#define PE_YES 1 +#define PE_UNSURE 2 + +/* for get_password, whether it should do the swapping...necessary for + using vals structure, unnecessary for change_pw requests */ +#define DONTSWAP 0 +#define SWAP 1 + +static krb_principal pr; +static char default_realm[REALM_SZ]; /* default kerberos realm */ +static char krbrlm[REALM_SZ]; /* current realm being administered */ +static int multiple = 0; /* Allow multiple requests per ticket */ + +#ifdef NOENCRYPTION +#define read_long_pw_string placebo_read_pw_string +#else +#define read_long_pw_string des_read_pw_string +#endif + +static void +get_maxlife(Kadm_vals *vals) +{ + char buff[BUFSIZ]; + time_t life; + int l; + + do { + printf("Maximum ticket lifetime? (%d) [%s] ", + vals->max_life, krb_life_to_atime(vals->max_life)); + fflush(stdout); + if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') { + clearerr(stdin); + return; + } + life = krb_atime_to_life(buff); + } while (life <= 0); + + l = strlen(buff); + if (buff[l-2] == 'm') + life = krb_time_to_life(0L, life*60); + if (buff[l-2] == 'h') + life = krb_time_to_life(0L, life*60*60); + + vals->max_life = life; + SET_FIELD(KADM_MAXLIFE,vals->fields); +} + +static void +get_attr(Kadm_vals *vals) +{ + char buff[BUFSIZ], *out; + int attr; + + do { + printf("Attributes? [0x%.2x] ", vals->attributes); + fflush(stdout); + if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') { + clearerr(stdin); + return; + } + attr = strtol(buff, &out, 0); + if (attr == 0 && out == buff) + attr = -1; + } while (attr < 0 || attr > 0xffff); + + vals->attributes = attr; + SET_FIELD(KADM_ATTR,vals->fields); +} + +static void +get_expdate(Kadm_vals *vals) +{ + char buff[BUFSIZ]; + struct tm edate; + + memset(&edate, 0, sizeof(edate)); + do { + printf("Expiration date (enter yyyy-mm-dd) ? [%.24s] ", + asctime(k_localtime(&vals->exp_date))); + fflush(stdout); + if (fgets(buff, sizeof(buff), stdin) == NULL || *buff == '\n') { + clearerr(stdin); + return; + } + if (sscanf(buff, "%d-%d-%d", + &edate.tm_year, &edate.tm_mon, &edate.tm_mday) == 3) { + edate.tm_mon--; /* January is 0, not 1 */ + edate.tm_hour = 23; /* nearly midnight at the end of the */ + edate.tm_min = 59; /* specified day */ + } + } while (krb_check_tm (edate)); + + edate.tm_year -= 1900; + vals->exp_date = tm2time (edate, 1); + SET_FIELD(KADM_EXPDATE,vals->fields); +} + +static int +princ_exists(char *name, char *instance, char *realm) +{ + int status; + + status = krb_get_pw_in_tkt(name, instance, realm, + KRB_TICKET_GRANTING_TICKET, + realm, 1, ""); + + if ((status == KSUCCESS) || (status == INTK_BADPW)) + return(PE_YES); + else if (status == KDC_PR_UNKNOWN) + return(PE_NO); + else + return(PE_UNSURE); +} + +static int +get_password(u_int32_t *low, u_int32_t *high, char *prompt, int byteswap) +{ + char new_passwd[MAX_KPW_LEN]; /* new password */ + des_cblock newkey; + + if (read_long_pw_string(new_passwd, sizeof(new_passwd)-1, prompt, 1)) + return(BAD_PW); + if (strlen(new_passwd) == 0) { + printf("Using random password.\n"); +#ifdef NOENCRYPTION + memset(newkey, 0, sizeof(newkey)); +#else + des_new_random_key(&newkey); +#endif + } else { +#ifdef NOENCRYPTION + memset(newkey, 0, sizeof(newkey)); +#else + des_string_to_key(new_passwd, &newkey); +#endif + memset(new_passwd, 0, sizeof(new_passwd)); + } + + memcpy(low, newkey, 4); + memcpy(high, ((char *)newkey) + 4, 4); + + memset(newkey, 0, sizeof(newkey)); + +#ifdef NOENCRYPTION + *low = 1; +#endif + + if (byteswap != DONTSWAP) { + *low = htonl(*low); + *high = htonl(*high); + } + return(GOOD_PW); +} + +static int +get_admin_password(void) +{ + int status; + char admin_passwd[MAX_KPW_LEN]; /* Admin's password */ + int ticket_life = 1; /* minimum ticket lifetime */ + CREDENTIALS c; + + if (multiple) { + /* If admin tickets exist and are valid, just exit. */ + memset(&c, 0, sizeof(c)); + if (krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c) == KSUCCESS) + /* + * If time is less than lifetime - FUDGE_VALUE after issue date, + * tickets will probably last long enough for the next + * transaction. + */ + if (time(0) < (c.issue_date + (5 * 60 * c.lifetime) - FUDGE_VALUE)) + return(KADM_SUCCESS); + ticket_life = DEFAULT_TKT_LIFE; + } + + if (princ_exists(pr.name, pr.instance, pr.realm) != PE_NO) { + char prompt[256]; + snprintf(prompt, sizeof(prompt), "%s's Password: ", krb_unparse_name(&pr)); + if (read_long_pw_string(admin_passwd, + sizeof(admin_passwd)-1, + prompt, 0)) { + warnx ("Error reading admin password."); + goto bad; + } + status = krb_get_pw_in_tkt(pr.name, pr.instance, pr.realm, + PWSERV_NAME, KADM_SINST, + ticket_life, admin_passwd); + memset(admin_passwd, 0, sizeof(admin_passwd)); + + /* Initialize non shared random sequence from session key. */ + memset(&c, 0, sizeof(c)); + krb_get_cred(PWSERV_NAME, KADM_SINST, krbrlm, &c); + des_init_random_number_generator(&c.session); + } + else + status = KDC_PR_UNKNOWN; + + switch(status) { + case GT_PW_OK: + return(GOOD_PW); + case KDC_PR_UNKNOWN: + printf("Principal %s does not exist.\n", krb_unparse_name(&pr)); + goto bad; + case GT_PW_BADPW: + printf("Incorrect admin password.\n"); + goto bad; + default: + com_err("kadmin", status+krb_err_base, + "while getting password tickets"); + goto bad; + } + + bad: + memset(admin_passwd, 0, sizeof(admin_passwd)); + dest_tkt(); + return(BAD_PW); +} + +static void +usage(void) +{ + fprintf (stderr, "Usage: kadmin [[-u|-p] admin_name] [-r default_realm]" + " [-m]\n" + " -m allows multiple admin requests to be " + "serviced with one entry of admin\n" + " password.\n"); + exit (1); +} + +/* GLOBAL */ +static void +clean_up() +{ + dest_tkt(); +} + +static void +clean_up_cmd (int argc, char **argv) +{ + clean_up(); +} + +/* GLOBAL */ +static void +quit() +{ + printf("Cleaning up and exiting.\n"); + clean_up(); + exit(0); +} + +static void +quit_cmd (int argc, char **argv) +{ + quit(); +} + +static void +do_init(int argc, char **argv) +{ + int c; + int tflag = 0; + char tktstring[MaxPathLen]; + int k_errno; + + set_progname (argv[0]); + + memset(&pr, 0, sizeof(pr)); + if (krb_get_default_principal(pr.name, pr.instance, default_realm) < 0) + errx (1, "I could not even guess who you might be"); + while ((c = getopt(argc, argv, "p:u:r:mt")) != EOF) + switch (c) { + case 'p': + case 'u': + if((k_errno = krb_parse_name(optarg, &pr)) != KSUCCESS) + errx (1, "%s", krb_get_err_text(k_errno)); + break; + case 'r': + memset(default_realm, 0, sizeof(default_realm)); + strncpy(default_realm, optarg, sizeof(default_realm) - 1); + break; + case 'm': + multiple++; + break; + case 't': + tflag++; + break; + default: + usage(); + break; + } + if (optind < argc) + usage(); + strcpy(krbrlm, default_realm); + + if (kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm) != KADM_SUCCESS) + *krbrlm = '\0'; + if (pr.realm[0] == '\0') + strcpy (pr.realm, krbrlm); + if (pr.instance[0] == '\0') + strcpy(pr.instance, "admin"); + + if (!tflag) { + snprintf(tktstring, sizeof(tktstring), TKT_ROOT "_adm_%d",(int)getpid()); + krb_set_tkt_string(tktstring); + } + +} + +int +main(int argc, char **argv) +{ + do_init(argc, argv); + + printf("Welcome to the Kerberos Administration Program, version 2\n"); + printf("Type \"help\" if you need it.\n"); + sl_loop (cmds, "kadmin: "); + printf("\n"); + quit(); + exit(0); +} + +static int +setvals(Kadm_vals *vals, char *string) +{ + char realm[REALM_SZ]; + int status = KADM_SUCCESS; + + memset(vals, 0, sizeof(*vals)); + memset(realm, 0, sizeof(realm)); + + SET_FIELD(KADM_NAME,vals->fields); + SET_FIELD(KADM_INST,vals->fields); + if ((status = kname_parse(vals->name, vals->instance, realm, string))) { + printf("kerberos error: %s\n", krb_get_err_text(status)); + return status; + } + if (!realm[0]) + strcpy(realm, default_realm); + if (strcmp(realm, krbrlm)) { + strcpy(krbrlm, realm); + if ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, krbrlm)) + != KADM_SUCCESS) + printf("kadm error for realm %s: %s\n", + krbrlm, error_message(status)); + } + if (status) + return 1; + else + return KADM_SUCCESS; +} + +static void +change_password(int argc, char **argv) +{ + Kadm_vals old, new; + int status; + char pw_prompt[BUFSIZ]; + + if (argc != 2) { + printf("Usage: change_password loginname\n"); + return; + } + + if (setvals(&old, argv[1]) != KADM_SUCCESS) + return; + + new = old; + + SET_FIELD(KADM_DESKEY,new.fields); + + if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) { + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + /* get the new password */ + snprintf(pw_prompt, sizeof(pw_prompt), "New password for %s:", argv[1]); + + if (get_password(&new.key_low, &new.key_high, + pw_prompt, SWAP) == GOOD_PW) { + status = kadm_mod(&old, &new); + if (status == KADM_SUCCESS) { + printf("Password changed for %s.\n", argv[1]); + } else { + printf("kadmin: %s\nwhile changing password for %s", + error_message(status), argv[1]); + } + } else + printf("Error reading password; password unchanged\n"); + memset(&new, 0, sizeof(new)); + if (!multiple) + clean_up(); + } + else + printf("kadmin: Principal %s does not exist.\n", + krb_unparse_name_long (old.name, old.instance, krbrlm)); + return; +} + +static int +getkey(unsigned char *k) +{ + int i, c; + for (i = 0; i < 8; i++) + { + c = getchar(); + if (c == EOF) + return 0; + else if (c == '\\') + { + int oct = -1; + scanf("%03o", &oct); + if (oct < 0 || oct > 255) + return 0; + k[i] = oct; + } + else if (!isalpha(c)) + return 0; + else + k[i] = c; + } + c = getchar(); + if (c != '\n') + return 0; + return 1; /* Success */ +} + +static void +printkey(unsigned char *tkey) +{ + int j; + for(j = 0; j < 8; j++) + if(tkey[j] != '\\' && isalpha(tkey[j]) != 0) + printf("%c", tkey[j]); + else + printf("\\%03o",(unsigned char)tkey[j]); + printf("\n"); +} + +static void +change_key(int argc, char **argv) +{ + Kadm_vals old, new; + unsigned char newkey[8]; + int status; + + if (argc != 2) { + printf("Usage: change_key principal-name\n"); + return; + } + + if (setvals(&old, argv[1]) != KADM_SUCCESS) + return; + + new = old; + + SET_FIELD(KADM_DESKEY,new.fields); + + if (princ_exists(old.name, old.instance, krbrlm) != PE_NO) { + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + /* get the new password */ + printf("New DES key for %s: ", argv[1]); + + if (getkey(newkey)) { + memcpy(&new.key_low, newkey, 4); + memcpy(&new.key_high, ((char *)newkey) + 4, 4); + printf("Entered key for %s: ", argv[1]); + printkey(newkey); + memset(newkey, 0, sizeof(newkey)); + + status = kadm_mod(&old, &new); + if (status == KADM_SUCCESS) { + printf("Key changed for %s.\n", argv[1]); + } else { + printf("kadmin: %s\nwhile changing key for %s", + error_message(status), argv[1]); + } + } else + printf("Error reading key; key unchanged\n"); + memset(&new, 0, sizeof(new)); + if (!multiple) + clean_up(); + } + else + printf("kadmin: Principal %s does not exist.\n", + krb_unparse_name_long (old.name, old.instance, krbrlm)); + return; +} + +static void +change_admin_password(int argc, char **argv) +{ + des_cblock newkey; + int status; + char pword[MAX_KPW_LEN]; + char *pw_msg; + + if (argc != 1) { + printf("Usage: change_admin_password\n"); + return; + } + if (get_pw_new_pwd(pword, sizeof(pword), &pr, 1) == 0) { + des_string_to_key(pword, &newkey); + status = kadm_change_pw_plain(newkey, pword, &pw_msg); + if(status == KADM_INSECURE_PW) + printf("Insecure password: %s\n", pw_msg); + else if (status == KADM_SUCCESS) + printf("Admin password changed\n"); + else + printf("kadm error: %s\n",error_message(status)); + memset(newkey, 0, sizeof(newkey)); + memset(pword, 0, sizeof(pword)); + } + if (!multiple) + clean_up(); + return; +} + +static void +add_new_key(int argc, char **argv) +{ + Kadm_vals new; + char pw_prompt[BUFSIZ]; + int status; + + if (argc != 2) { + printf("Usage: add_new_key user_name.\n"); + return; + } + if (setvals(&new, argv[1]) != KADM_SUCCESS) + return; + + SET_FIELD(KADM_EXPDATE,new.fields); + SET_FIELD(KADM_ATTR,new.fields); + SET_FIELD(KADM_MAXLIFE,new.fields); + SET_FIELD(KADM_DESKEY,new.fields); + + if (princ_exists(new.name, new.instance, krbrlm) != PE_YES) { + Kadm_vals vals; + u_char fields[4]; + char n[ANAME_SZ + INST_SZ + 1]; + + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + memset(fields, 0, sizeof(fields)); + SET_FIELD(KADM_NAME,fields); + SET_FIELD(KADM_INST,fields); + SET_FIELD(KADM_EXPDATE,fields); + SET_FIELD(KADM_ATTR,fields); + SET_FIELD(KADM_MAXLIFE,fields); + snprintf (n, sizeof(n), "default.%s", new.instance); + if (setvals(&vals, n) != KADM_SUCCESS) + return; + + if (kadm_get(&vals, fields) != KADM_SUCCESS) { + if (setvals(&vals, "default") != KADM_SUCCESS) + return; + if ((status = kadm_get(&vals, fields)) != KADM_SUCCESS) { + printf ("kadm error: %s\n", error_message(status)); + return; + } + } + + if (vals.max_life == 255) /* Defaults not set! */ { + /* This is the default maximum lifetime for new principals. */ + if (strcmp(new.instance, "admin") == 0) + vals.max_life = 1 + (CLOCK_SKEW/(5*60)); /* 5+5 minutes */ + else if (strcmp(new.instance, "root") == 0) + vals.max_life = 96; /* 8 hours */ + else if (krb_life_to_time(0, 162) >= 24*60*60) + vals.max_life = 162; /* ca 100 hours */ + else + vals.max_life = 255; /* ca 21 hours (maximum) */ + + /* Also fix expiration date. */ + if (strcmp(new.name, "rcmd") == 0) + vals.exp_date = 1104814999; /* Tue Jan 4 06:03:19 2005 */ + else + vals.exp_date = time(0) + 2*(365*24*60*60); /* + ca 2 years */ + } + + new.max_life = vals.max_life; + new.exp_date = vals.exp_date; + new.attributes = vals.attributes; + get_maxlife(&new); + get_attr(&new); + get_expdate(&new); + + /* get the new password */ + snprintf(pw_prompt, sizeof(pw_prompt), "Password for %s:", argv[1]); + + if (get_password(&new.key_low, &new.key_high, + pw_prompt, SWAP) == GOOD_PW) { + status = kadm_add(&new); + if (status == KADM_SUCCESS) { + printf("%s added to database.\n", argv[1]); + } else { + printf("kadm error: %s\n",error_message(status)); + } + } else + printf("Error reading password; %s not added\n",argv[1]); + memset(&new, 0, sizeof(new)); + if (!multiple) + clean_up(); + } + else + printf("kadmin: Principal already exists.\n"); + return; +} + +static void +del_entry(int argc, char **argv) +{ + int status; + Kadm_vals vals; + + if (argc != 2) { + printf("Usage: del_entry username\n"); + return; + } + + if (setvals(&vals, argv[1]) != KADM_SUCCESS) + return; + + if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) { + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + if ((status = kadm_del(&vals)) == KADM_SUCCESS){ + printf("%s removed from database.\n", argv[1]); + } else { + printf("kadm error: %s\n",error_message(status)); + } + + if (!multiple) + clean_up(); + } + else + printf("kadmin: Principal %s does not exist.\n", + krb_unparse_name_long (vals.name, vals.instance, krbrlm)); + return; +} + +static void +get_entry(int argc, char **argv) +{ + int status; + u_char fields[4]; + Kadm_vals vals; + + if (argc != 2) { + printf("Usage: get_entry username\n"); + return; + } + + memset(fields, 0, sizeof(fields)); + + SET_FIELD(KADM_NAME,fields); + SET_FIELD(KADM_INST,fields); + SET_FIELD(KADM_EXPDATE,fields); + SET_FIELD(KADM_ATTR,fields); + SET_FIELD(KADM_MAXLIFE,fields); +#if 0 + SET_FIELD(KADM_DESKEY,fields); +#endif + + if (setvals(&vals, argv[1]) != KADM_SUCCESS) + return; + + + if (princ_exists(vals.name, vals.instance, krbrlm) != PE_NO) { + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + if ((status = kadm_get(&vals, fields)) == KADM_SUCCESS) + prin_vals(&vals); + else + printf("kadm error: %s\n",error_message(status)); + + if (!multiple) + clean_up(); + } + else + printf("kadmin: Principal %s does not exist.\n", + krb_unparse_name_long (vals.name, vals.instance, krbrlm)); + return; +} + +static void +mod_entry(int argc, char **argv) +{ + int status; + u_char fields[4]; + Kadm_vals ovals, nvals; + + if (argc != 2) { + printf("Usage: mod_entry username\n"); + return; + } + + memset(fields, 0, sizeof(fields)); + + SET_FIELD(KADM_NAME,fields); + SET_FIELD(KADM_INST,fields); + SET_FIELD(KADM_EXPDATE,fields); + SET_FIELD(KADM_ATTR,fields); + SET_FIELD(KADM_MAXLIFE,fields); + + if (setvals(&ovals, argv[1]) != KADM_SUCCESS) + return; + + nvals = ovals; + + if (princ_exists(ovals.name, ovals.instance, krbrlm) == PE_NO) { + printf("kadmin: Principal %s does not exist.\n", + krb_unparse_name_long (ovals.name, ovals.instance, krbrlm)); + return; + } + + /* get the admin's password */ + if (get_admin_password() != GOOD_PW) + return; + + if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) { + printf("[ unable to retrieve current settings: %s ]\n", + error_message(status)); + nvals.max_life = DEFAULT_TKT_LIFE; + nvals.exp_date = 0; + nvals.attributes = 0; + } else { + nvals.max_life = ovals.max_life; + nvals.exp_date = ovals.exp_date; + nvals.attributes = ovals.attributes; + } + + get_maxlife(&nvals); + get_attr(&nvals); + get_expdate(&nvals); + + if (IS_FIELD(KADM_MAXLIFE, nvals.fields) || + IS_FIELD(KADM_ATTR, nvals.fields) || + IS_FIELD(KADM_EXPDATE, nvals.fields)) { + if ((status = kadm_mod(&ovals, &nvals)) != KADM_SUCCESS) { + printf("kadm error: %s\n",error_message(status)); + goto out; + } + if ((status = kadm_get(&ovals, fields)) != KADM_SUCCESS) { + printf("kadm error: %s\n",error_message(status)); + goto out; + } + } + prin_vals(&ovals); + +out: + if (!multiple) + clean_up(); + return; +} + +static void +help(int argc, char **argv) +{ + sl_help (cmds, argc, argv); +} diff --git a/crypto/kerberosIV/kadmin/kpasswd.c b/crypto/kerberosIV/kadmin/kpasswd.c new file mode 100644 index 0000000..f4c0cda --- /dev/null +++ b/crypto/kerberosIV/kadmin/kpasswd.c @@ -0,0 +1,163 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * change your password with kerberos + */ + +#include "kadm_locl.h" + +RCSID("$Id: kpasswd.c,v 1.25 1997/05/02 14:28:51 assar Exp $"); + +static void +usage(int value) +{ + fprintf(stderr, "Usage: "); + fprintf(stderr, "kpasswd [-h ] [-n user] [-i instance] [-r realm] "); + fprintf(stderr, "[-u fullname]\n"); + exit(value); +} + +int +main(int argc, char **argv) +{ + krb_principal principal; + krb_principal default_principal; + int realm_given = 0; /* True if realm was give on cmdline */ + int use_default = 1; /* True if we should use default name */ + int status; /* return code */ + char pword[MAX_KPW_LEN]; + int c; + char tktstring[MaxPathLen]; + + set_progname (argv[0]); + + memset (&principal, 0, sizeof(principal)); + memset (&default_principal, 0, sizeof(default_principal)); + + krb_get_default_principal (default_principal.name, + default_principal.instance, + default_principal.realm); + + while ((c = getopt(argc, argv, "u:n:i:r:h")) != EOF) { + switch (c) { + case 'u': + status = krb_parse_name (optarg, &principal); + if (status != KSUCCESS) + errx (2, "%s", krb_get_err_text(status)); + if (principal.realm[0]) + realm_given++; + else if (krb_get_lrealm(principal.realm, 1) != KSUCCESS) + errx (1, "Could not find default realm!"); + break; + case 'n': + if (k_isname(optarg)) + strncpy(principal.name, optarg, sizeof(principal.name) - 1); + else { + warnx("Bad name: %s", optarg); + usage(1); + } + break; + case 'i': + if (k_isinst(optarg)) + strncpy(principal.instance, + optarg, + sizeof(principal.instance) - 1); + else { + warnx("Bad instance: %s", optarg); + usage(1); + } + break; + case 'r': + if (k_isrealm(optarg)) { + strncpy(principal.realm, optarg, sizeof(principal.realm) - 1); + realm_given++; + } else { + warnx("Bad realm: %s", optarg); + usage(1); + } + break; + case 'h': + usage(0); + break; + default: + usage(1); + break; + } + use_default = 0; + } + if (optind < argc) { + use_default = 0; + status = krb_parse_name (argv[optind], &principal); + if(status != KSUCCESS) + errx (1, "%s", krb_get_err_text (status)); + } + + if (use_default) { + strcpy(principal.name, default_principal.name); + strcpy(principal.instance, default_principal.instance); + strcpy(principal.realm, default_principal.realm); + } else { + if (!principal.name[0]) + strcpy(principal.name, default_principal.name); + if (!principal.realm[0]) + strcpy(principal.realm, default_principal.realm); + } + + snprintf(tktstring, sizeof(tktstring), + TKT_ROOT "_cpw_%u", (unsigned)getpid()); + krb_set_tkt_string(tktstring); + + if (get_pw_new_pwd(pword, sizeof(pword), &principal, + realm_given)) { + dest_tkt (); + exit(1); + } + + status = kadm_init_link (PWSERV_NAME, KRB_MASTER, principal.realm); + if (status != KADM_SUCCESS) + com_err(argv[0], status, "while initializing"); + else { + des_cblock newkey; + char *pw_msg; /* message from server */ + + des_string_to_key(pword, &newkey); + status = kadm_change_pw_plain((unsigned char*)&newkey, pword, &pw_msg); + memset(newkey, 0, sizeof(newkey)); + + if (status == KADM_INSECURE_PW) + warnx ("Insecure password: %s", pw_msg); + else if (status != KADM_SUCCESS) + com_err(argv[0], status, " attempting to change password."); + } + memset(pword, 0, sizeof(pword)); + + if (status != KADM_SUCCESS) + fprintf(stderr,"Password NOT changed.\n"); + else + printf("Password changed.\n"); + + dest_tkt(); + if (status) + return 2; + else + return 0; +} diff --git a/crypto/kerberosIV/kadmin/ksrvutil.c b/crypto/kerberosIV/kadmin/ksrvutil.c new file mode 100644 index 0000000..108481c --- /dev/null +++ b/crypto/kerberosIV/kadmin/ksrvutil.c @@ -0,0 +1,601 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * list and update contents of srvtab files + */ + +/* + * ksrvutil + * list and update the contents of srvtab files + */ + +#include "kadm_locl.h" + +RCSID("$Id: ksrvutil.c,v 1.39 1997/05/02 14:28:52 assar Exp $"); + +#include "ksrvutil.h" + +#ifdef NOENCRYPTION +#define read_long_pw_string placebo_read_pw_string +#else /* NOENCRYPTION */ +#define read_long_pw_string des_read_pw_string +#endif /* NOENCRYPTION */ + +#define SRVTAB_MODE 0600 /* rw------- */ +#define PAD " " +#define VNO_HEADER "Version" +#define VNO_FORMAT "%4d " +#define KEY_HEADER " Key " /* 17 characters long */ +#define PRINC_HEADER " Principal\n" +#define PRINC_FORMAT "%s" + +char u_name[ANAME_SZ]; +char u_inst[INST_SZ]; +char u_realm[REALM_SZ]; + +int destroyp = FALSE; /* Should the ticket file be destroyed? */ + +static unsigned short +get_mode(char *filename) +{ + struct stat statbuf; + unsigned short mode; + + memset(&statbuf, 0, sizeof(statbuf)); + + if (stat(filename, &statbuf) < 0) + mode = SRVTAB_MODE; + else + mode = statbuf.st_mode; + + return(mode); +} + +static void +copy_keyfile(char *keyfile, char *backup_keyfile) +{ + int keyfile_fd; + int backup_keyfile_fd; + int keyfile_mode; + char buf[BUFSIZ]; /* for copying keyfiles */ + int rcount; /* for copying keyfiles */ + int try_again; + + memset(buf, 0, sizeof(buf)); + + do { + try_again = FALSE; + if ((keyfile_fd = open(keyfile, O_RDONLY, 0)) < 0) { + if (errno != ENOENT) + err (1, "read %s", keyfile); + else { + try_again = TRUE; + if ((keyfile_fd = + open(keyfile, + O_WRONLY | O_TRUNC | O_CREAT, SRVTAB_MODE)) < 0) + err(1, "create %s", keyfile); + else + if (close(keyfile_fd) < 0) + err (1, "close %s", keyfile); + } + } + } while(try_again); + + keyfile_mode = get_mode(keyfile); + + if ((backup_keyfile_fd = + open(backup_keyfile, O_WRONLY | O_TRUNC | O_CREAT, + keyfile_mode)) < 0) + err (1, "write %s", backup_keyfile); + do { + if ((rcount = read(keyfile_fd, buf, sizeof(buf))) < 0) + err (1, "read %s", keyfile); + if (rcount && (write(backup_keyfile_fd, buf, rcount) != rcount)) + err (1, "write %s", backup_keyfile); + } while (rcount); + if (close(backup_keyfile_fd) < 0) + err(1, "close %s", backup_keyfile); + if (close(keyfile_fd) < 0) + err(1, "close %s", keyfile); +} + +void +leave(char *str, int x) +{ + if (str) + fprintf(stderr, "%s\n", str); + if (destroyp) + dest_tkt(); + exit(x); +} + +void +safe_read_stdin(char *prompt, char *buf, size_t size) +{ + printf("%s", prompt); + fflush(stdout); + memset(buf, 0, size); + if (read(0, buf, size - 1) < 0) { + warn("read stdin"); + leave(NULL, 1); + } + buf[strlen(buf)-1] = 0; +} + +void +safe_write(char *filename, int fd, void *buf, size_t len) +{ + if (write(fd, buf, len) != len) { + warn("write %s", filename); + close(fd); + leave("In progress srvtab in this file.", 1); + } +} + +static int +yes_no(char *string, int dflt) +{ + char ynbuf[5]; + + printf("%s (y,n) [%c]", string, dflt?'y':'n'); + for (;;) { + safe_read_stdin("", ynbuf, sizeof(ynbuf)); + + if ((ynbuf[0] == 'n') || (ynbuf[0] == 'N')) + return(0); + else if ((ynbuf[0] == 'y') || (ynbuf[0] == 'Y')) + return(1); + else if(ynbuf[0] == 0) + return dflt; + else { + printf("Please enter 'y' or 'n': "); + fflush(stdout); + } + } +} + +int yn(char *string) +{ + return yes_no(string, 1); +} + +int ny(char *string) +{ + return yes_no(string, 0); +} + +static void +append_srvtab(char *filename, int fd, char *sname, char *sinst, char *srealm, unsigned char key_vno, unsigned char *key) +{ + /* Add one to append null */ + safe_write(filename, fd, sname, strlen(sname) + 1); + safe_write(filename, fd, sinst, strlen(sinst) + 1); + safe_write(filename, fd, srealm, strlen(srealm) + 1); + safe_write(filename, fd, &key_vno, 1); + safe_write(filename, fd, key, sizeof(des_cblock)); + fsync(fd); +} + +static void +print_key(unsigned char *key) +{ + int i; + + for (i = 0; i < 4; i++) + printf("%02x", key[i]); + printf(" "); + for (i = 4; i < 8; i++) + printf("%02x", key[i]); +} + +static void +print_name(char *name, char *inst, char *realm) +{ + printf("%s", krb_unparse_name_long(name, inst, realm)); +} + +static int +get_svc_new_key(des_cblock *new_key, char *sname, char *sinst, + char *srealm, char *keyfile) +{ + int status = KADM_SUCCESS; + + if (((status = krb_get_svc_in_tkt(sname, sinst, srealm, PWSERV_NAME, + KADM_SINST, 1, keyfile)) == KSUCCESS) && + ((status = kadm_init_link(PWSERV_NAME, KRB_MASTER, srealm)) == + KADM_SUCCESS)) { +#ifdef NOENCRYPTION + memset(new_key, 0, sizeof(des_cblock)); + (*new_key)[0] = (unsigned char) 1; +#else /* NOENCRYPTION */ + des_new_random_key(new_key); +#endif /* NOENCRYPTION */ + return(KADM_SUCCESS); + } + + return(status); +} + +static void +get_key_from_password(des_cblock (*key), char *cellname) +{ + char password[MAX_KPW_LEN]; /* storage for the password */ + + if (read_long_pw_string(password, sizeof(password)-1, "Password: ", 1)) + leave("Error reading password.", 1); + +#ifdef NOENCRYPTION + memset(key, 0, sizeof(des_cblock)); + (*key)[0] = (unsigned char) 1; +#else /* NOENCRYPTION */ + if (strlen(cellname) == 0) + des_string_to_key(password, key); + else + afs_string_to_key(password, cellname, key); +#endif /* NOENCRYPTION */ + memset(password, 0, sizeof(password)); +} + +static void +usage(void) +{ + fprintf(stderr, "Usage: ksrvutil [-f keyfile] [-i] [-k] "); + fprintf(stderr, "[-p principal] [-r realm] "); + fprintf(stderr, "[-c AFS cellname] "); + fprintf(stderr, "{list | change | add | get}\n"); + fprintf(stderr, " -i causes the program to ask for "); + fprintf(stderr, "confirmation before changing keys.\n"); + fprintf(stderr, " -k causes the key to printed for list or "); + fprintf(stderr, "change.\n"); + exit(1); +} + +int +main(int argc, char **argv) +{ + char sname[ANAME_SZ]; /* name of service */ + char sinst[INST_SZ]; /* instance of service */ + char srealm[REALM_SZ]; /* realm of service */ + unsigned char key_vno; /* key version number */ + int status; /* general purpose error status */ + des_cblock new_key; + des_cblock old_key; + char change_tkt[MaxPathLen]; /* Ticket to use for key change */ + char keyfile[MaxPathLen]; /* Original keyfile */ + char work_keyfile[MaxPathLen]; /* Working copy of keyfile */ + char backup_keyfile[MaxPathLen]; /* Backup copy of keyfile */ + unsigned short keyfile_mode; /* Protections on keyfile */ + int work_keyfile_fd = -1; /* Initialize so that */ + int backup_keyfile_fd = -1; /* compiler doesn't complain */ + char local_realm[REALM_SZ]; /* local kerberos realm */ + char cellname[1024]; /* AFS cell name */ + int c; + int interactive = FALSE; + int list = FALSE; + int change = FALSE; + int add = FALSE; + int get = FALSE; + int key = FALSE; /* do we show keys? */ + int arg_entered = FALSE; + int change_this_key = FALSE; + char databuf[BUFSIZ]; + int first_printed = FALSE; /* have we printed the first item? */ + + memset(sname, 0, sizeof(sname)); + memset(sinst, 0, sizeof(sinst)); + memset(srealm, 0, sizeof(srealm)); + + memset(change_tkt, 0, sizeof(change_tkt)); + memset(keyfile, 0, sizeof(keyfile)); + memset(work_keyfile, 0, sizeof(work_keyfile)); + memset(backup_keyfile, 0, sizeof(backup_keyfile)); + memset(local_realm, 0, sizeof(local_realm)); + memset(cellname, 0, sizeof(cellname)); + + set_progname (argv[0]); + + if (krb_get_default_principal(u_name, u_inst, u_realm) < 0) + errx (1, "could not get default principal"); + + /* This is used only as a default for adding keys */ + if (krb_get_lrealm(local_realm, 1) != KSUCCESS) + strcpy(local_realm, KRB_REALM); + + while((c = getopt(argc, argv, "ikc:f:p:r:")) != EOF) { + switch (c) { + case 'i': + interactive++; + break; + case 'k': + key++; + break; + case 'c': + strcpy(cellname, optarg); + break; + case 'f': + strcpy(keyfile, optarg); + break; + case 'p': + if((status = kname_parse (u_name, u_inst, u_realm, optarg)) != + KSUCCESS) + errx (1, "principal %s: %s", optarg, + krb_get_err_text(status)); + break; + case 'r': + strcpy(u_realm, optarg); + break; + case '?': + usage(); + } + } + if (optind >= argc) + usage(); + if (*u_realm == '\0') + strcpy (u_realm, local_realm); + if (strcmp(argv[optind], "list") == 0) { + if (arg_entered) + usage(); + else { + arg_entered++; + list++; + } + } + else if (strcmp(argv[optind], "change") == 0) { + if (arg_entered) + usage(); + else { + arg_entered++; + change++; + } + } + else if (strcmp(argv[optind], "add") == 0) { + if (arg_entered) + usage(); + else { + arg_entered++; + add++; + } + } + else if (strcmp(argv[optind], "get") == 0) { + if (arg_entered) + usage(); + else { + arg_entered++; + get++; + } + } + else + usage(); + ++optind; + + if (!arg_entered) + usage(); + + if (!keyfile[0]) + strcpy(keyfile, KEYFILE); + + strcpy(work_keyfile, keyfile); + strcpy(backup_keyfile, keyfile); + + if (change || add || get) { + strcat(work_keyfile, ".work"); + strcat(backup_keyfile, ".old"); + + copy_keyfile(keyfile, backup_keyfile); + } + + if (add || get) + copy_keyfile(backup_keyfile, work_keyfile); + + keyfile_mode = get_mode(keyfile); + + if (change || list) + if ((backup_keyfile_fd = open(backup_keyfile, O_RDONLY, 0)) < 0) + err (1, "open %s", backup_keyfile); + + if (change) { + if ((work_keyfile_fd = + open(work_keyfile, O_WRONLY | O_CREAT | O_TRUNC, + SRVTAB_MODE)) < 0) + err (1, "creat %s", work_keyfile); + } + else if (add) { + if ((work_keyfile_fd = + open(work_keyfile, O_APPEND | O_WRONLY, SRVTAB_MODE)) < 0) + err (1, "open with append %s", work_keyfile ); + } + else if (get) { + if ((work_keyfile_fd = + open(work_keyfile, O_RDWR | O_CREAT, SRVTAB_MODE)) < 0) + err (1, "open for writing %s", work_keyfile); + } + + if (change || list) { + while ((getst(backup_keyfile_fd, sname, SNAME_SZ) > 0) && + (getst(backup_keyfile_fd, sinst, INST_SZ) > 0) && + (getst(backup_keyfile_fd, srealm, REALM_SZ) > 0) && + (read(backup_keyfile_fd, &key_vno, 1) > 0) && + (read(backup_keyfile_fd, old_key, sizeof(old_key)) > 0)) { + if (list) { + if (!first_printed) { + printf(VNO_HEADER); + printf(PAD); + if (key) { + printf(KEY_HEADER); + printf(PAD); + } + printf(PRINC_HEADER); + first_printed = 1; + } + printf(VNO_FORMAT, key_vno); + printf(PAD); + if (key) { + print_key(old_key); + printf(PAD); + } + print_name(sname, sinst, srealm); + printf("\n"); + } + else if (change) { + snprintf(change_tkt, sizeof(change_tkt), + TKT_ROOT "_ksrvutil.%u", + (unsigned)getpid()); + krb_set_tkt_string(change_tkt); + destroyp = TRUE; + + printf("\nPrincipal: "); + print_name(sname, sinst, srealm); + printf("; version %d\n", key_vno); + if (interactive) + change_this_key = yn("Change this key?"); + else if (change) + change_this_key = 1; + else + change_this_key = 0; + + if (change_this_key) + printf("Changing to version %d.\n", key_vno + 1); + else if (change) + printf("Not changing this key.\n"); + + if (change_this_key) { + /* + * This is not a good choice of seed when/if the + * key has been compromised so we also use a + * random sequence number! + */ + des_init_random_number_generator(&old_key); + { + des_cblock seqnum; + des_generate_random_block(&seqnum); + des_set_sequence_number((unsigned char *)&seqnum); + } + /* + * Pick a new key and determine whether or not + * it is safe to change + */ + if ((status = + get_svc_new_key(&new_key, sname, sinst, + srealm, keyfile)) == KADM_SUCCESS) + key_vno++; + else { + memcpy(new_key, old_key, sizeof(new_key)); + warnx ("Key NOT changed: %s\n", + krb_get_err_text(status)); + change_this_key = FALSE; + } + } + else + memcpy(new_key, old_key, sizeof(new_key)); + append_srvtab(work_keyfile, work_keyfile_fd, + sname, sinst, srealm, key_vno, new_key); + if (key && change_this_key) { + printf("Old key: "); + print_key(old_key); + printf("; new key: "); + print_key(new_key); + printf("\n"); + } + if (change_this_key) { + if ((status = kadm_change_pw(new_key)) == KADM_SUCCESS) { + printf("Key changed.\n"); + dest_tkt(); + } + else { + com_err(__progname, status, + " attempting to change password."); + dest_tkt(); + /* XXX This knows the format of a keyfile */ + if (lseek(work_keyfile_fd, -9, SEEK_CUR) >= 0) { + key_vno--; + safe_write(work_keyfile, + work_keyfile_fd, &key_vno, 1); + safe_write(work_keyfile, work_keyfile_fd, + old_key, sizeof(des_cblock)); + fsync(work_keyfile_fd); + fprintf(stderr,"Key NOT changed.\n"); + } else { + warn ("Unable to revert keyfile"); + leave("", 1); + } + } + } + } + memset(old_key, 0, sizeof(des_cblock)); + memset(new_key, 0, sizeof(des_cblock)); + } + } + else if (add) { + do { + do { + safe_read_stdin("Name: ", databuf, sizeof(databuf)); + strncpy(sname, databuf, sizeof(sname) - 1); + if (strchr(sname, '.') != 0) { + strcpy(sinst, strchr(sname, '.') + 1); + *(strchr(sname, '.')) = 0; + } else { + safe_read_stdin("Instance: ", databuf, sizeof(databuf)); + strncpy(sinst, databuf, sizeof(sinst) - 1); + } + safe_read_stdin("Realm: ", databuf, sizeof(databuf)); + strncpy(srealm, databuf, sizeof(srealm) - 1); + safe_read_stdin("Version number: ", databuf, sizeof(databuf)); + key_vno = atoi(databuf); + if (key_vno == 0) + key_vno = 1; /* Version numbers are never 0 */ + if (!srealm[0]) + strcpy(srealm, local_realm); + printf("New principal: "); + print_name(sname, sinst, srealm); + printf("; version %d\n", key_vno); + } while (!yn("Is this correct?")); + get_key_from_password(&new_key, cellname); + if (key) { + printf("Key: "); + print_key(new_key); + printf("\n"); + } + append_srvtab(work_keyfile, work_keyfile_fd, + sname, sinst, srealm, key_vno, new_key); + printf("Key successfully added.\n"); + } while (yn("Would you like to add another key?")); + } + else if (get) { + ksrvutil_get(work_keyfile_fd, work_keyfile, + argc - optind, argv + optind); + } + + if (change || list) + if (close(backup_keyfile_fd) < 0) + warn ("close %s", backup_keyfile); + + if (change || add || get) { + if (close(work_keyfile_fd) < 0) + err (1, "close %s", work_keyfile); + if (rename(work_keyfile, keyfile) < 0) + err (1, "rename(%s, %s)", work_keyfile, keyfile); + chmod(backup_keyfile, keyfile_mode); + chmod(keyfile, keyfile_mode); + printf("Old keyfile in %s.\n", backup_keyfile); + } + return 0; +} diff --git a/crypto/kerberosIV/kadmin/ksrvutil.h b/crypto/kerberosIV/kadmin/ksrvutil.h new file mode 100644 index 0000000..64e2fe4 --- /dev/null +++ b/crypto/kerberosIV/kadmin/ksrvutil.h @@ -0,0 +1,54 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: ksrvutil.h,v 1.8 1997/04/01 03:58:55 assar Exp $ + * + */ + +extern char u_name[], u_inst[], u_realm[]; +extern int destroyp; + +void leave(char *str, int x); +void safe_read_stdin(char *prompt, char *buf, size_t size); +void safe_write(char *filename, int fd, void *buf, size_t len); + +int yn(char *string); +int ny(char *string); + +void ksrvutil_get(int fd, char *filename, int argc, char **argv); diff --git a/crypto/kerberosIV/kadmin/ksrvutil_get.c b/crypto/kerberosIV/kadmin/ksrvutil_get.c new file mode 100644 index 0000000..7b97d35 --- /dev/null +++ b/crypto/kerberosIV/kadmin/ksrvutil_get.c @@ -0,0 +1,400 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm_locl.h" +#include "ksrvutil.h" + +RCSID("$Id: ksrvutil_get.c,v 1.32 1997/05/05 21:14:57 assar Exp $"); + +#define BAD_PW 1 +#define GOOD_PW 0 +#define FUDGE_VALUE 15 /* for ticket expiration time */ +#define PE_NO 0 +#define PE_YES 1 +#define PE_UNSURE 2 + +static char tktstring[128]; + +static int +princ_exists(char *name, char *instance, char *realm) +{ + int status; + + status = krb_get_pw_in_tkt(name, instance, realm, + KRB_TICKET_GRANTING_TICKET, + realm, 1, ""); + + if ((status == KSUCCESS) || (status == INTK_BADPW)) + return(PE_YES); + else if (status == KDC_PR_UNKNOWN) + return(PE_NO); + else + return(PE_UNSURE); +} + +static int +get_admin_password(char *myname, char *myinst, char *myrealm) +{ + int status; + char admin_passwd[MAX_KPW_LEN]; /* Admin's password */ + int ticket_life = 1; /* minimum ticket lifetime */ + char buf[1024]; + CREDENTIALS c; + + if (princ_exists(myname, myinst, myrealm) != PE_NO) { + snprintf(buf, sizeof(buf), "Password for %s: ", + krb_unparse_name_long (myname, myinst, myrealm)); + if (des_read_pw_string(admin_passwd, sizeof(admin_passwd)-1, + buf, 0)) { + fprintf(stderr, "Error reading admin password.\n"); + goto bad; + } + status = krb_get_pw_in_tkt(myname, myinst, myrealm, PWSERV_NAME, + KADM_SINST, ticket_life, admin_passwd); + memset(admin_passwd, 0, sizeof(admin_passwd)); + + /* Initialize non shared random sequence from session key. */ + memset(&c, 0, sizeof(c)); + krb_get_cred(PWSERV_NAME, KADM_SINST, myrealm, &c); + des_init_random_number_generator(&c.session); + } + else + status = KDC_PR_UNKNOWN; + + switch(status) { + case GT_PW_OK: + return(GOOD_PW); + case KDC_PR_UNKNOWN: + printf("Principal %s does not exist.\n", + krb_unparse_name_long(myname, myinst, myrealm)); + goto bad; + case GT_PW_BADPW: + printf("Incorrect admin password.\n"); + goto bad; + default: + com_err("kadmin", status+krb_err_base, + "while getting password tickets"); + goto bad; + } + +bad: + memset(admin_passwd, 0, sizeof(admin_passwd)); + dest_tkt(); + return(BAD_PW); +} + +static void +srvtab_put_key (int fd, char *filename, char *name, char *inst, char *realm, + int8_t kvno, des_cblock key) +{ + char sname[ANAME_SZ]; /* name of service */ + char sinst[INST_SZ]; /* instance of service */ + char srealm[REALM_SZ]; /* realm of service */ + int8_t skvno; + des_cblock skey; + + lseek(fd, 0, SEEK_SET); + + while(getst(fd, sname, SNAME_SZ) > 0 && + getst(fd, sinst, INST_SZ) > 0 && + getst(fd, srealm, REALM_SZ) > 0 && + read(fd, &skvno, sizeof(skvno)) > 0 && + read(fd, skey, sizeof(skey)) > 0) { + if(strcmp(name, sname) == 0 && + strcmp(inst, sinst) == 0 && + strcmp(realm, srealm) == 0) { + lseek(fd, lseek(fd,0,SEEK_CUR)-(sizeof(skvno) + sizeof(skey)), SEEK_SET); + safe_write(filename, fd, &kvno, sizeof(kvno)); + safe_write(filename, fd, key, sizeof(des_cblock)); + return; + } + } + safe_write(filename, fd, name, strlen(name) + 1); + safe_write(filename, fd, inst, strlen(inst) + 1); + safe_write(filename, fd, realm, strlen(realm) + 1); + safe_write(filename, fd, &kvno, sizeof(kvno)); + safe_write(filename, fd, key, sizeof(des_cblock)); +} + +/* + * node list of services + */ + +struct srv_ent{ + char name[SNAME_SZ]; + char inst[INST_SZ]; + char realm[REALM_SZ]; + struct srv_ent *next; +}; + +static int +key_to_key(char *user, char *instance, char *realm, void *arg, + des_cblock *key) +{ + memcpy(key, arg, sizeof(des_cblock)); + return 0; +} + +static void +get_srvtab_ent(int fd, char *filename, char *name, char *inst, char *realm) +{ + char chname[128]; + des_cblock newkey; + char old_tktfile[MaxPathLen], new_tktfile[MaxPathLen]; + char garbage_name[ANAME_SZ]; + char garbage_inst[ANAME_SZ]; + CREDENTIALS c; + u_int8_t kvno; + Kadm_vals values; + int ret; + + strncpy(chname, krb_get_phost(inst), sizeof(chname)); + if(strcmp(inst, chname)) + fprintf(stderr, + "Warning: Are you sure `%s' should not be `%s'?\n", + inst, chname); + + memset(&values, 0, sizeof(values)); + strcpy(values.name, name); + strcpy(values.instance, inst); + des_new_random_key(&newkey); + values.key_low = (newkey[0] << 24) | (newkey[1] << 16) + | (newkey[2] << 8) | (newkey[3] << 0); + values.key_high = (newkey[4] << 24) | (newkey[5] << 16) + | (newkey[6] << 8) | (newkey[7] << 0); + + SET_FIELD(KADM_NAME,values.fields); + SET_FIELD(KADM_INST,values.fields); + SET_FIELD(KADM_DESKEY,values.fields); + + ret = kadm_mod(&values, &values); + if(ret == KADM_NOENTRY) + ret = kadm_add(&values); + if (ret != KSUCCESS) { + warnx ("Couldn't get srvtab entry for %s.%s: %s", + name, inst, error_message(ret)); + return; + } + + values.key_low = values.key_high = 0; + + /* get the key version number */ + + strcpy(old_tktfile, tkt_string()); + snprintf(new_tktfile, sizeof(new_tktfile), + TKT_ROOT "_ksrvutil-get.%u", + (unsigned)getpid()); + krb_set_tkt_string(new_tktfile); + + ret = krb_get_in_tkt(name, inst, realm, name, inst, + 1, key_to_key, NULL, &newkey); + + if (ret == KSUCCESS && + (ret = tf_init(tkt_string(), R_TKT_FIL)) == KSUCCESS && + (ret = tf_get_pname(garbage_name)) == KSUCCESS && + (ret = tf_get_pinst(garbage_inst)) == KSUCCESS && + (ret = tf_get_cred(&c)) == KSUCCESS) + kvno = c.kvno; + else { + warnx ("Could not find the cred in the ticket file"); + return; + } + + tf_close(); + krb_set_tkt_string(old_tktfile); + unlink(new_tktfile); + + if(ret != KSUCCESS) { + memset(&newkey, 0, sizeof(newkey)); + warnx ("Could not get a ticket for %s: %s\n", + krb_unparse_name_long(name, inst, realm), + krb_get_err_text(ret)); + return; + } + + /* Write the new key & c:o to the srvtab file */ + + srvtab_put_key (fd, filename, name, inst, realm, kvno, newkey); + memset(&newkey, 0, sizeof(newkey)); + + fprintf (stderr, "Added %s\n", krb_unparse_name_long (name, inst, realm)); +} + +static void +ksrvutil_kadm(int fd, char *filename, struct srv_ent *p) +{ + int ret; + CREDENTIALS c; + + ret = kadm_init_link(PWSERV_NAME, KADM_SINST, u_realm); + if (ret != KADM_SUCCESS) { + warnx("Couldn't initialize kadmin link: %s", error_message(ret)); + leave(NULL, 1); + } + + ret = krb_get_cred (PWSERV_NAME, KADM_SINST, u_realm, &c); + if (ret == KSUCCESS) + des_init_random_number_generator (&c.session); + else { + umask(077); + + /* + * create ticket file and get admin tickets + */ + snprintf(tktstring, sizeof(tktstring), TKT_ROOT "_ksrvutil_%d", (int)getpid()); + krb_set_tkt_string(tktstring); + destroyp = TRUE; + + ret = get_admin_password(u_name, u_inst, u_realm); + if (ret) { + warnx("Couldn't get admin password."); + leave(NULL, 1); + } + } + for(;p;){ + get_srvtab_ent(fd, filename, p->name, p->inst, p->realm); + p=p->next; + } + unlink(tktstring); +} + +static void +parseinput (char *result, size_t sz, char *val, char *def) +{ + char *lim; + int inq; + + if (val[0] == '\0') { + strncpy (result, def, sz-1); + return; + } + lim = result + sz - 1; + inq = 0; + while(*val && result < lim) { + switch(*val) { + case '\'' : + inq = !inq; + ++val; + break; + case '\\' : + if(!inq) + val++; + default: + *result++ = *val++; + break; + } + } + *result = '\0'; +} + +void +ksrvutil_get(int fd, char *filename, int argc, char **argv) +{ + char sname[ANAME_SZ]; /* name of service */ + char sinst[INST_SZ]; /* instance of service */ + char srealm[REALM_SZ]; /* realm of service */ + char databuf[BUFSIZ]; + char local_hostname[100]; + char prompt[100]; + struct srv_ent *head=NULL; + int i; + + k_gethostname(local_hostname, sizeof(local_hostname)); + strcpy(local_hostname, krb_get_phost(local_hostname)); + + if (argc) + for(i=0; i < argc; ++i) { + struct srv_ent *p=malloc(sizeof(*p)); + + if(p == NULL) { + warnx ("out of memory in malloc"); + leave(NULL,1); + } + p->next = head; + strcpy (p->realm, u_realm); + if (kname_parse (p->name, p->inst, p->realm, argv[i]) != + KSUCCESS) { + warnx ("parse error on '%s'\n", argv[i]); + free(p); + continue; + } + if (p->name[0] == '\0') + strcpy(p->name, "rcmd"); + if (p->inst[0] == '\0') + strcpy(p->inst, local_hostname); + if (p->realm[0] == '\0') + strcpy(p->realm, u_realm); + head = p; + } + + else + do{ + safe_read_stdin("Name [rcmd]: ", databuf, sizeof(databuf)); + parseinput (sname, sizeof(sname), databuf, "rcmd"); + + snprintf(prompt, sizeof(prompt), "Instance [%s]: ", local_hostname); + safe_read_stdin(prompt, databuf, sizeof(databuf)); + parseinput (sinst, sizeof(sinst), databuf, local_hostname); + + snprintf(prompt, sizeof(prompt), "Realm [%s]: ", u_realm); + safe_read_stdin(prompt, databuf, sizeof(databuf)); + parseinput (srealm, sizeof(srealm), databuf, u_realm); + + if(yn("Is this correct?")){ + struct srv_ent *p=(struct srv_ent*)malloc(sizeof(struct srv_ent)); + p->next=head; + head=p; + strcpy(p->name, sname); + strcpy(p->inst, sinst); + strcpy(p->realm, srealm); + } + }while(ny("Add more keys?")); + + + ksrvutil_kadm(fd, filename, head); + + { + struct srv_ent *p=head, *q; + while(p){ + q=p; + p=p->next; + free(q); + } + } + +} diff --git a/crypto/kerberosIV/kadmin/new_pwd.c b/crypto/kerberosIV/kadmin/new_pwd.c new file mode 100644 index 0000000..88fb7a9 --- /dev/null +++ b/crypto/kerberosIV/kadmin/new_pwd.c @@ -0,0 +1,146 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm_locl.h" + +RCSID("$Id: new_pwd.c,v 1.11 1997/05/02 14:28:54 assar Exp $"); + +#ifdef NOENCRYPTION +#define read_long_pw_string placebo_read_pw_string +#else +#define read_long_pw_string des_read_pw_string +#endif + +static char * +check_pw (char *pword) +{ + if (strlen(pword) == 0) + return "Null passwords are not allowed - Please enter a longer password."; + + if (strlen(pword) < MIN_KPW_LEN) + return "Password is to short - Please enter a longer password."; + + /* Don't allow all lower case passwords regardless of length */ + { + char *t; + for (t = pword; *t && islower(*t); t++) + ; + if (*t == 0) + return "Please don't use an all-lower case password.\n" + "\tUnusual capitalization, delimiter characters or " + "digits are suggested."; + } + + return NULL; +} + +int +get_pw_new_pwd(char *pword, int pwlen, krb_principal *pr, int print_realm) +{ + char ppromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ + char npromp[40+ANAME_SZ+INST_SZ+REALM_SZ]; /* for the password prompt */ + + char p[MAX_K_NAME_SZ]; + + char local_realm[REALM_SZ]; + int status; + char *expl; + + /* + * We don't care about failure; this is to determine whether or + * not to print the realm in the prompt for a new password. + */ + krb_get_lrealm(local_realm, 1); + + if (strcmp(local_realm, pr->realm)) + print_realm++; + + { + char *q; + krb_unparse_name_r(pr, p); + if(print_realm == 0 && (q = strrchr(p, '@'))) + *q = 0; + } + + snprintf(ppromp, sizeof(ppromp), "Old password for %s:", p); + if (read_long_pw_string(pword, pwlen-1, ppromp, 0)) { + fprintf(stderr, "Error reading old password.\n"); + return -1; + } + + status = krb_get_pw_in_tkt(pr->name, pr->instance, pr->realm, + PWSERV_NAME, KADM_SINST, 1, pword); + if (status != KSUCCESS) { + if (status == INTK_BADPW) { + printf("Incorrect old password.\n"); + return -1; + } + else { + fprintf(stderr, "Kerberos error: %s\n", krb_get_err_text(status)); + return -1; + } + } + memset(pword, 0, pwlen); + + do { + char verify[MAX_KPW_LEN]; + snprintf(npromp, sizeof(npromp), "New Password for %s:",p); + if (read_long_pw_string(pword, pwlen-1, npromp, 0)) { + fprintf(stderr, + "Error reading new password, password unchanged.\n"); + return -1; + } + expl = check_pw (pword); + if (expl) { + printf("\n\t%s\n\n", expl); + continue; + } + /* Now we got an ok password, verify it. */ + snprintf(npromp, sizeof(npromp), "Verifying New Password for %s:", p); + if (read_long_pw_string(verify, MAX_KPW_LEN-1, npromp, 0)) { + fprintf(stderr, + "Error reading new password, password unchanged.\n"); + return -1; + } + if (strcmp(pword, verify) != 0) { + printf("Verify failure - try again\n"); + expl = ""; /* continue */ + } + } while (expl); + return 0; +} diff --git a/crypto/kerberosIV/kadmin/pw_check.c b/crypto/kerberosIV/kadmin/pw_check.c new file mode 100644 index 0000000..ac6912b --- /dev/null +++ b/crypto/kerberosIV/kadmin/pw_check.c @@ -0,0 +1,87 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kadm_locl.h" + +RCSID("$Id: pw_check.c,v 1.13 1997/04/01 08:17:50 joda Exp $"); + +/* + * kadm_pw_check + * + * pw : new password or "" if none passed + * newkey : key for pw as passed from client + * strings : interesting strings to check for + * + * returns NULL if pw is ok, else an explanatory string + */ +int +kadm_pw_check(char *pw, des_cblock *newkey, char **pw_msg, + char **strings) +{ + des_cblock pwkey; + int status=KADM_SUCCESS; + + if (pw == NULL || *pw == '\0') + return status; /* XXX - Change this later */ + +#ifndef NO_PW_CHECK + *pw_msg = NULL; + des_string_to_key(pw, &pwkey); /* Check AFS string to key also! */ + if (memcmp(pwkey, *newkey, sizeof(pwkey)) != 0) + { + /* no password or bad key */ + status=KADM_PW_MISMATCH; + *pw_msg = "Password doesn't match supplied DES key"; + } + else if (strlen(pw) < MIN_KPW_LEN) + { + status = KADM_INSECURE_PW; + *pw_msg="Password is too short"; + } + +#ifdef DICTPATH + *pw_msg = FascistCheck(pw, DICTPATH, strings); + if (*pw_msg) + return KADM_INSECURE_PW; +#endif + + memset(pwkey, 0, sizeof(pwkey)); +#endif + + return status; +} diff --git a/crypto/kerberosIV/kadmin/pw_check.h b/crypto/kerberosIV/kadmin/pw_check.h new file mode 100644 index 0000000..c5a5d69 --- /dev/null +++ b/crypto/kerberosIV/kadmin/pw_check.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * $Id: pw_check.h,v 1.6 1997/04/01 08:17:50 joda Exp $ + */ + +int kadm_pw_check(char *pw, des_cblock *newkey, + char **pw_msg, char **strings); + diff --git a/crypto/kerberosIV/kuser/Makefile.in b/crypto/kerberosIV/kuser/Makefile.in new file mode 100644 index 0000000..aff8c19 --- /dev/null +++ b/crypto/kerberosIV/kuser/Makefile.in @@ -0,0 +1,92 @@ +# $Id: Makefile.in,v 1.23 1997/03/23 13:04:08 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +topdir = .. + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +LIBS = @LIBS@ +KRB_KAFS_LIB = @KRB_KAFS_LIB@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +bindir = @bindir@ +libdir = @libdir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +PROGS = kinit$(EXECSUFFIX) \ + kdestroy$(EXECSUFFIX) \ + klist$(EXECSUFFIX) + +SOURCES = kinit.c kdestroy.c klist.c + +OBJECTS = kinit.o kdestroy.o klist.o + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(bindir) + for x in $(PROGS); do \ + $(INSTALL_PROGRAM) $$x $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROGS); do \ + rm -f $(bindir)/`echo $$x | sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +KLIB=-L../lib/krb -lkrb -L../lib/des -ldes +LIBROKEN=-L../lib/roken -lroken + +kinit$(EXECSUFFIX): kinit.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kinit.o $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +kdestroy$(EXECSUFFIX): kdestroy.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kdestroy.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +klist$(EXECSUFFIX): klist.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ klist.o $(KRB_KAFS_LIB) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) + +# su move to appl/bsd + +$(OBJECTS): ../include/config.h diff --git a/crypto/kerberosIV/kuser/kdestroy.c b/crypto/kerberosIV/kuser/kdestroy.c new file mode 100644 index 0000000..2fe36c3 --- /dev/null +++ b/crypto/kerberosIV/kuser/kdestroy.c @@ -0,0 +1,72 @@ +/* + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * This program causes Kerberos tickets to be destroyed. + * Options are: + * + * -q[uiet] - no bell even if tickets not destroyed + * -f[orce] - no message printed at all + * -t - do not destroy tokens + */ + +#include "kuser_locl.h" +#include <kafs.h> + +RCSID("$Id: kdestroy.c,v 1.8 1997/03/30 16:15:03 joda Exp $"); + +static void +usage(void) +{ + fprintf(stderr, "Usage: %s [-f] [-q] [-t]\n", __progname); + exit(1); +} + +int +main(int argc, char **argv) +{ + int fflag=0, tflag = 0, k_errno; + int c; + + set_progname(argv[0]); + + while((c = getopt(argc, argv, "fqt")) >= 0){ + switch(c){ + case 'f': + case 'q': + fflag++; + break; + case 't': + tflag++; + break; + default: + usage(); + } + } + if(argc - optind > 0) + usage(); + + k_errno = dest_tkt(); + + if(!tflag && k_hasafs()) + k_unlog(); + + if (fflag) { + if (k_errno != 0 && k_errno != RET_TKFIL) + exit(1); + else + exit(0); + } else { + if (k_errno == 0) + printf("Tickets destroyed.\n"); + else if (k_errno == RET_TKFIL) + printf("No tickets to destroy.\n"); + else { + printf("Tickets NOT destroyed.\n"); + exit(1); + } + } + exit(0); +} diff --git a/crypto/kerberosIV/kuser/kinit.c b/crypto/kerberosIV/kuser/kinit.c new file mode 100644 index 0000000..64910b9 --- /dev/null +++ b/crypto/kerberosIV/kuser/kinit.c @@ -0,0 +1,158 @@ +/* + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Routine to initialize user to Kerberos. Prompts optionally for + * user, instance and realm. Authenticates user and gets a ticket + * for the Kerberos ticket-granting service for future use. + * + * Options are: + * + * -i[instance] + * -r[realm] + * -v[erbose] + * -l[ifetime] + * -p + */ + +#include "kuser_locl.h" + +RCSID("$Id: kinit.c,v 1.15 1997/03/30 18:58:46 assar Exp $"); + +#define LIFE DEFAULT_TKT_LIFE /* lifetime of ticket in 5-minute units */ +#define CHPASSLIFE 2 + +static void +get_input(char *s, int size, FILE *stream) +{ + char *p; + + if (fgets(s, size, stream) == NULL) + exit(1); + if ( (p = strchr(s, '\n')) != NULL) + *p = '\0'; +} + + +static void +usage(void) +{ + fprintf(stderr, "Usage: %s [-irvlp] [name]\n", __progname); + exit(1); +} + +int +main(int argc, char **argv) +{ + char aname[ANAME_SZ]; + char inst[INST_SZ]; + char realm[REALM_SZ]; + char buf[MaxHostNameLen]; + char name[MAX_K_NAME_SZ]; + char *username = NULL; + int iflag, rflag, vflag, lflag, pflag, lifetime, k_errno; + int i; + + set_progname (argv[0]); + + *inst = *realm = '\0'; + iflag = rflag = vflag = lflag = pflag = 0; + lifetime = LIFE; + set_progname(argv[0]); + + while (--argc) { + if ((*++argv)[0] != '-') { + if (username) + usage(); + username = *argv; + continue; + } + for (i = 1; (*argv)[i] != '\0'; i++) + switch ((*argv)[i]) { + case 'i': /* Instance */ + ++iflag; + continue; + case 'r': /* Realm */ + ++rflag; + continue; + case 'v': /* Verbose */ + ++vflag; + continue; + case 'l': + ++lflag; + continue; + case 'p': + ++pflag; /* chpass-tickets */ + lifetime = CHPASSLIFE; + break; + default: + usage(); + } + } + if (username && + (k_errno = kname_parse(aname, inst, realm, username)) != KSUCCESS) { + warnx("%s", krb_get_err_text(k_errno)); + iflag = rflag = 1; + username = NULL; + } + if (k_gethostname(buf, MaxHostNameLen)) + err(1, "k_gethostname failed"); + printf("%s (%s)\n", ORGANIZATION, buf); + if (username) { + printf("Kerberos Initialization for \"%s", aname); + if (*inst) + printf(".%s", inst); + if (*realm) + printf("@%s", realm); + printf("\"\n"); + } else { + printf("Kerberos Initialization\n"); + printf("Kerberos name: "); + get_input(name, sizeof(name), stdin); + if (!*name) + return 0; + if ((k_errno = kname_parse(aname, inst, realm, name)) != KSUCCESS ) + errx(1, "%s", krb_get_err_text(k_errno)); + } + /* optional instance */ + if (iflag) { + printf("Kerberos instance: "); + get_input(inst, sizeof(inst), stdin); + if (!k_isinst(inst)) + errx(1, "bad Kerberos instance format"); + } + if (rflag) { + printf("Kerberos realm: "); + get_input(realm, sizeof(realm), stdin); + if (!k_isrealm(realm)) + errx(1, "bad Kerberos realm format"); + } + if (lflag) { + printf("Kerberos ticket lifetime (minutes): "); + get_input(buf, sizeof(buf), stdin); + lifetime = atoi(buf); + if (lifetime < 5) + lifetime = 1; + else + lifetime = krb_time_to_life(0, lifetime*60); + /* This should be changed if the maximum ticket lifetime */ + /* changes */ + if (lifetime > 255) + lifetime = 255; + } + if (!*realm && krb_get_lrealm(realm, 1)) + errx(1, "krb_get_lrealm failed"); + k_errno = krb_get_pw_in_tkt(aname, inst, realm, + pflag ? PWSERV_NAME : + KRB_TICKET_GRANTING_TICKET, + pflag ? KADM_SINST : realm, + lifetime, 0); + if (vflag) { + printf("Kerberos realm %s:\n", realm); + printf("%s\n", krb_get_err_text(k_errno)); + } else if (k_errno) + errx(1, "%s", krb_get_err_text(k_errno)); + exit(0); +} diff --git a/crypto/kerberosIV/kuser/klist.c b/crypto/kerberosIV/kuser/klist.c new file mode 100644 index 0000000..faf7d6b --- /dev/null +++ b/crypto/kerberosIV/kuser/klist.c @@ -0,0 +1,314 @@ +/* + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Lists your current Kerberos tickets. + * Written by Bill Sommerfeld, MIT Project Athena. + */ + +#include "kuser_locl.h" + +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include <sys/ioctl.h> +#endif + +#ifdef HAVE_SYS_IOCCOM_H +#include <sys/ioccom.h> +#endif + +#include <kafs.h> + +RCSID("$Id: klist.c,v 1.28 1997/05/26 17:33:50 bg Exp $"); + +static int option_verbose = 0; + +static char * +short_date(int32_t dp) +{ + char *cp; + time_t t = (time_t)dp; + + if (t == (time_t)(-1L)) return "*** Never *** "; + cp = ctime(&t) + 4; + cp[15] = '\0'; + return (cp); +} + +static void +display_tktfile(char *file, int tgt_test, int long_form) +{ + krb_principal pr; + char buf1[20], buf2[20]; + int k_errno; + CREDENTIALS c; + int header = 1; + + if ((file == NULL) && ((file = getenv("KRBTKFILE")) == NULL)) + file = TKT_FILE; + + if (long_form) + printf("Ticket file: %s\n", file); + + /* + * Since krb_get_tf_realm will return a ticket_file error, + * we will call tf_init and tf_close first to filter out + * things like no ticket file. Otherwise, the error that + * the user would see would be + * klist: can't find realm of ticket file: No ticket file (tf_util) + * instead of + * klist: No ticket file (tf_util) + */ + + /* Open ticket file */ + if ((k_errno = tf_init(file, R_TKT_FIL))) { + if (!tgt_test) + warnx("%s", krb_get_err_text(k_errno)); + exit(1); + } + /* Close ticket file */ + tf_close(); + + /* + * We must find the realm of the ticket file here before calling + * tf_init because since the realm of the ticket file is not + * really stored in the principal section of the file, the + * routine we use must itself call tf_init and tf_close. + */ + if ((k_errno = krb_get_tf_realm(file, pr.realm)) != KSUCCESS) { + if (!tgt_test) + warnx("can't find realm of ticket file: %s", + krb_get_err_text(k_errno)); + exit(1); + } + + /* Open ticket file */ + if ((k_errno = tf_init(file, R_TKT_FIL))) { + if (!tgt_test) + warnx("%s", krb_get_err_text(k_errno)); + exit(1); + } + /* Get principal name and instance */ + if ((k_errno = tf_get_pname(pr.name)) || + (k_errno = tf_get_pinst(pr.instance))) { + if (!tgt_test) + warnx("%s", krb_get_err_text(k_errno)); + exit(1); + } + + /* + * You may think that this is the obvious place to get the + * realm of the ticket file, but it can't be done here as the + * routine to do this must open the ticket file. This is why + * it was done before tf_init. + */ + + if (!tgt_test && long_form) + printf("Principal:\t%s\n\n", krb_unparse_name(&pr)); + while ((k_errno = tf_get_cred(&c)) == KSUCCESS) { + if (!tgt_test && long_form && header) { + printf("%-15s %-15s %s%s\n", + " Issued", " Expires", " Principal", + option_verbose ? " (kvno)" : ""); + header = 0; + } + if (tgt_test) { + c.issue_date = krb_life_to_time(c.issue_date, c.lifetime); + if (!strcmp(c.service, KRB_TICKET_GRANTING_TICKET) && + !strcmp(c.instance, pr.realm)) { + if (time(0) < c.issue_date) + exit(0); /* tgt hasn't expired */ + else + exit(1); /* has expired */ + } + continue; /* not a tgt */ + } + if (long_form) { + strcpy(buf1, short_date(c.issue_date)); + c.issue_date = krb_life_to_time(c.issue_date, c.lifetime); + if (time(0) < (unsigned long) c.issue_date) + strcpy(buf2, short_date(c.issue_date)); + else + strcpy(buf2, ">>> Expired <<<"); + printf("%s %s ", buf1, buf2); + } + printf("%s", krb_unparse_name_long(c.service, c.instance, c.realm)); + if(long_form && option_verbose) + printf(" (%d)", c.kvno); + printf("\n"); + } + if (tgt_test) + exit(1); /* no tgt found */ + if (header && long_form && k_errno == EOF) { + printf("No tickets in file.\n"); + } +} + +/* adapted from getst() in librkb */ +/* + * ok_getst() takes a file descriptor, a string and a count. It reads + * from the file until either it has read "count" characters, or until + * it reads a null byte. When finished, what has been read exists in + * the given string "s". If "count" characters were actually read, the + * last is changed to a null, so the returned string is always null- + * terminated. ok_getst() returns the number of characters read, including + * the null terminator. + * + * If there is a read error, it returns -1 (like the read(2) system call) + */ + +static int +ok_getst(int fd, char *s, int n) +{ + int count = n; + int err; + while ((err = read(fd, s, 1)) > 0 && --count) + if (*s++ == '\0') + return (n - count); + if (err < 0) + return(-1); + *s = '\0'; + return (n - count); +} + +static void +display_tokens() +{ + u_int32_t i; + unsigned char t[128]; + struct ViceIoctl parms; + struct ClearToken ct; + int size_secret_tok, size_public_tok; + + parms.in = (void *)&i; + parms.in_size = sizeof(i); + parms.out = (void *)t; + parms.out_size = sizeof(t); + + for (i = 0; k_pioctl(NULL, VIOCGETTOK, &parms, 0) == 0; i++) { + char *cell; + memcpy(&size_secret_tok, t, 4); + memcpy(&size_public_tok, t + 4 + size_secret_tok, 4); + memcpy(&ct, t + 4 + size_secret_tok + 4, size_public_tok); + cell = t + 4 + size_secret_tok + 4 + size_public_tok + 4; + + printf("%-15s ", short_date(ct.BeginTimestamp)); + printf("%-15s ", short_date(ct.EndTimestamp)); + if ((ct.EndTimestamp - ct.BeginTimestamp) & 1) + printf("User's (AFS ID %d) tokens for %s", ct.ViceId, cell); + else + printf("Tokens for %s", cell); + if (option_verbose) + printf(" (%d)", ct.AuthHandle); + putchar('\n'); + } +} + +static void +display_srvtab(char *file) +{ + int stab; + char serv[SNAME_SZ]; + char inst[INST_SZ]; + char rlm[REALM_SZ]; + unsigned char key[8]; + unsigned char vno; + int count; + + printf("Server key file: %s\n", file); + + if ((stab = open(file, O_RDONLY, 0400)) < 0) { + perror(file); + exit(1); + } + printf("%-15s %-15s %-10s %s\n","Service","Instance","Realm", + "Key Version"); + printf("------------------------------------------------------\n"); + + /* argh. getst doesn't return error codes, it silently fails */ + while (((count = ok_getst(stab, serv, SNAME_SZ)) > 0) + && ((count = ok_getst(stab, inst, INST_SZ)) > 0) + && ((count = ok_getst(stab, rlm, REALM_SZ)) > 0)) { + if (((count = read(stab, &vno,1)) != 1) || + ((count = read(stab, key,8)) != 8)) { + if (count < 0) + err(1, "reading from key file"); + else + errx(1, "key file truncated"); + } + printf("%-15s %-15s %-15s %d\n",serv,inst,rlm,vno); + } + if (count < 0) + warn(file); + close(stab); +} + +static void +usage(void) +{ + fprintf(stderr, + "Usage: %s [ -v | -s | -t ] [ -f filename ] [-tokens] [-srvtab ]\n", + __progname); + exit(1); +} + +/* ARGSUSED */ +int +main(int argc, char **argv) +{ + int long_form = 1; + int tgt_test = 0; + int do_srvtab = 0; + int do_tokens = 0; + char *tkt_file = NULL; + + set_progname(argv[0]); + + while (*(++argv)) { + if (!strcmp(*argv, "-v")) { + option_verbose = 1; + continue; + } + if (!strcmp(*argv, "-s")) { + long_form = 0; + continue; + } + if (!strcmp(*argv, "-t")) { + tgt_test = 1; + long_form = 0; + continue; + } + if (strcmp(*argv, "-tokens") == 0 + || strcmp(*argv, "-T") == 0) { + do_tokens = k_hasafs(); + continue; + } + if (!strcmp(*argv, "-l")) { /* now default */ + continue; + } + if (!strncmp(*argv, "-f", 2)) { + if (*(++argv)) { + tkt_file = *argv; + continue; + } else + usage(); + } + if (!strcmp(*argv, "-srvtab")) { + if (tkt_file == NULL) /* if no other file spec'ed, + set file to default srvtab */ + tkt_file = KEYFILE; + do_srvtab = 1; + continue; + } + usage(); + } + + if (do_srvtab) + display_srvtab(tkt_file); + else + display_tktfile(tkt_file, tgt_test, long_form); + if (long_form && do_tokens) + display_tokens(); + exit(0); +} diff --git a/crypto/kerberosIV/kuser/kuser_locl.h b/crypto/kerberosIV/kuser/kuser_locl.h new file mode 100644 index 0000000..514a0ac --- /dev/null +++ b/crypto/kerberosIV/kuser/kuser_locl.h @@ -0,0 +1,86 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kuser_locl.h,v 1.10 1997/05/20 18:40:43 bg Exp $ */ + +#include "config.h" +#include "protos.h" + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#include <time.h> +#ifdef HAVE_SYS_FILE_H +#include <sys/file.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif + +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif + +#ifdef SOCKS +#include <socks.h> +#endif + +#include <roken.h> + +#include <err.h> + +#include <krb.h> +#include <krb_db.h> +#include <kadm.h> +#include <prot.h> diff --git a/crypto/kerberosIV/lib/Makefile.in b/crypto/kerberosIV/lib/Makefile.in new file mode 100644 index 0000000..b2e662c --- /dev/null +++ b/crypto/kerberosIV/lib/Makefile.in @@ -0,0 +1,46 @@ +# +# $Id: Makefile.in,v 1.21 1997/05/20 18:58:40 bg Exp $ +# + +srcdir = @srcdir@ +VPATH = @srcdir@ + +SHELL = /bin/sh + +@SET_MAKE@ + +SUBDIRS = des krb kdb kadm acl kafs roken otp auth sl editline + +all: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) all); done + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +install: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) install); done + +uninstall: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) uninstall); done + +check: all + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) check); done + +clean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) clean); done + +mostlyclean: clean + +distclean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) distclean); done + rm -f Makefile config.status *~ + +realclean: + for i in $(SUBDIRS); \ + do (cd $$i && $(MAKE) $(MFLAGS) realclean); done diff --git a/crypto/kerberosIV/lib/acl/Makefile.in b/crypto/kerberosIV/lib/acl/Makefile.in new file mode 100644 index 0000000..59894e4 --- /dev/null +++ b/crypto/kerberosIV/lib/acl/Makefile.in @@ -0,0 +1,84 @@ +# +# $Id: Makefile.in,v 1.21 1997/05/06 03:46:37 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = # @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)acl +#LIBEXT = @LIBEXT@ Always build archive library! +LIBEXT = a +LIBPREFIX = @LIBPREFIX@ +SHLIBEXT = @SHLIBEXT@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) + +SOURCES = acl_files.c + +OBJECTS = acl_files.o + +all: $(LIB) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) *.o *.a + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) + rm -f $@ + $(AR) cr $@ $(OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/lib/acl/acl.h b/crypto/kerberosIV/lib/acl/acl.h new file mode 100644 index 0000000..305b66c --- /dev/null +++ b/crypto/kerberosIV/lib/acl/acl.h @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: acl.h,v 1.5 1997/04/01 08:17:52 joda Exp $ */ + +#ifndef __ACL_H +#define __ACL_H + +#include <sys/cdefs.h> + +void acl_canonicalize_principal __P((char *principal, char *canon)); +int acl_initialize __P((char *acl_file, int perm)); +int acl_exact_match __P((char *acl, char *principal)); +int acl_check __P((char *acl, char *principal)); +int acl_add __P((char *acl, char *principal)); +int acl_delete __P((char *acl, char *principal)); + +#endif /* __ACL_H */ diff --git a/crypto/kerberosIV/lib/acl/acl_files.c b/crypto/kerberosIV/lib/acl/acl_files.c new file mode 100644 index 0000000..fc00b80 --- /dev/null +++ b/crypto/kerberosIV/lib/acl/acl_files.c @@ -0,0 +1,540 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "config.h" +#include "protos.h" + +RCSID("$Id: acl_files.c,v 1.10 1997/05/02 14:28:56 assar Exp $"); + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#include <time.h> +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_SYS_FILE_H +#include <sys/file.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif + +#include <errno.h> +#include <ctype.h> + +#include <roken.h> + +#include <krb.h> +#include <acl.h> + +/*** Routines for manipulating access control list files ***/ + +/* "aname.inst@realm" */ +#define MAX_PRINCIPAL_SIZE (ANAME_SZ + INST_SZ + REALM_SZ + 3) +#define INST_SEP '.' +#define REALM_SEP '@' + +#define LINESIZE 2048 /* Maximum line length in an acl file */ + +#define NEW_FILE "%s.~NEWACL~" /* Format for name of altered acl file */ +#define WAIT_TIME 300 /* Maximum time allowed write acl file */ + +#define CACHED_ACLS 8 /* How many acls to cache */ + /* Each acl costs 1 open file descriptor */ +#define ACL_LEN 16 /* Twice a reasonable acl length */ + +#define COR(a,b) ((a!=NULL)?(a):(b)) + +/* Canonicalize a principal name */ +/* If instance is missing, it becomes "" */ +/* If realm is missing, it becomes the local realm */ +/* Canonicalized form is put in canon, which must be big enough to hold + MAX_PRINCIPAL_SIZE characters */ +void +acl_canonicalize_principal(char *principal, char *canon) +{ + char *dot, *atsign, *end; + int len; + + dot = strchr(principal, INST_SEP); + atsign = strchr(principal, REALM_SEP); + + /* Maybe we're done already */ + if(dot != NULL && atsign != NULL) { + if(dot < atsign) { + /* It's for real */ + /* Copy into canon */ + strncpy(canon, principal, MAX_PRINCIPAL_SIZE); + canon[MAX_PRINCIPAL_SIZE-1] = '\0'; + return; + } else { + /* Nope, it's part of the realm */ + dot = NULL; + } + } + + /* No such luck */ + end = principal + strlen(principal); + + /* Get the principal name */ + len = min(ANAME_SZ, COR(dot, COR(atsign, end)) - principal); + strncpy(canon, principal, len); + canon += len; + + /* Add INST_SEP */ + *canon++ = INST_SEP; + + /* Get the instance, if it exists */ + if(dot != NULL) { + ++dot; + len = min(INST_SZ, COR(atsign, end) - dot); + strncpy(canon, dot, len); + canon += len; + } + + /* Add REALM_SEP */ + *canon++ = REALM_SEP; + + /* Get the realm, if it exists */ + /* Otherwise, default to local realm */ + if(atsign != NULL) { + ++atsign; + len = min(REALM_SZ, end - atsign); + strncpy(canon, atsign, len); + canon += len; + *canon++ = '\0'; + } else if(krb_get_lrealm(canon, 1) != KSUCCESS) { + strcpy(canon, KRB_REALM); + } +} + +/* Get a lock to modify acl_file */ +/* Return new FILE pointer */ +/* or NULL if file cannot be modified */ +/* REQUIRES WRITE PERMISSION TO CONTAINING DIRECTORY */ +static +FILE *acl_lock_file(char *acl_file) +{ + struct stat s; + char new[LINESIZE]; + int nfd; + FILE *nf; + int mode; + + if(stat(acl_file, &s) < 0) return(NULL); + mode = s.st_mode; + snprintf(new, sizeof(new), NEW_FILE, acl_file); + for(;;) { + /* Open the new file */ + if((nfd = open(new, O_WRONLY|O_CREAT|O_EXCL, mode)) < 0) { + if(errno == EEXIST) { + /* Maybe somebody got here already, maybe it's just old */ + if(stat(new, &s) < 0) return(NULL); + if(time(0) - s.st_ctime > WAIT_TIME) { + /* File is stale, kill it */ + unlink(new); + continue; + } else { + /* Wait and try again */ + sleep(1); + continue; + } + } else { + /* Some other error, we lose */ + return(NULL); + } + } + + /* If we got to here, the lock file is ours and ok */ + /* Reopen it under stdio */ + if((nf = fdopen(nfd, "w")) == NULL) { + /* Oops, clean up */ + unlink(new); + } + return(nf); + } +} + +/* Abort changes to acl_file written onto FILE *f */ +/* Returns 0 if successful, < 0 otherwise */ +/* Closes f */ +static int +acl_abort(char *acl_file, FILE *f) +{ + char new[LINESIZE]; + int ret; + struct stat s; + + /* make sure we aren't nuking someone else's file */ + if(fstat(fileno(f), &s) < 0 + || s.st_nlink == 0) { + fclose(f); + return(-1); + } else { + snprintf(new, sizeof(new), NEW_FILE, acl_file); + ret = unlink(new); + fclose(f); + return(ret); + } +} + +/* Commit changes to acl_file written onto FILE *f */ +/* Returns zero if successful */ +/* Returns > 0 if lock was broken */ +/* Returns < 0 if some other error occurs */ +/* Closes f */ +static int +acl_commit(char *acl_file, FILE *f) +{ + char new[LINESIZE]; + int ret; + struct stat s; + + snprintf(new, sizeof(new), NEW_FILE, acl_file); + if(fflush(f) < 0 + || fstat(fileno(f), &s) < 0 + || s.st_nlink == 0) { + acl_abort(acl_file, f); + return(-1); + } + + ret = rename(new, acl_file); + fclose(f); + return(ret); +} + +/* Initialize an acl_file */ +/* Creates the file with permissions perm if it does not exist */ +/* Erases it if it does */ +/* Returns return value of acl_commit */ +int +acl_initialize(char *acl_file, int perm) +{ + FILE *new; + int fd; + + /* Check if the file exists already */ + if((new = acl_lock_file(acl_file)) != NULL) { + return(acl_commit(acl_file, new)); + } else { + /* File must be readable and writable by owner */ + if((fd = open(acl_file, O_CREAT|O_EXCL, perm|0600)) < 0) { + return(-1); + } else { + close(fd); + return(0); + } + } +} + +/* Eliminate all whitespace character in buf */ +/* Modifies its argument */ +static void + nuke_whitespace(char *buf) +{ + char *pin, *pout; + + for(pin = pout = buf; *pin != '\0'; pin++) + if(!isspace(*pin)) *pout++ = *pin; + *pout = '\0'; /* Terminate the string */ +} + +/* Hash table stuff */ + +struct hashtbl { + int size; /* Max number of entries */ + int entries; /* Actual number of entries */ + char **tbl; /* Pointer to start of table */ +}; + +/* Make an empty hash table of size s */ +static struct hashtbl * +make_hash(int size) +{ + struct hashtbl *h; + + if(size < 1) size = 1; + h = (struct hashtbl *) malloc(sizeof(struct hashtbl)); + h->size = size; + h->entries = 0; + h->tbl = (char **) calloc(size, sizeof(char *)); + return(h); +} + +/* Destroy a hash table */ +static void +destroy_hash(struct hashtbl *h) +{ + int i; + + for(i = 0; i < h->size; i++) { + if(h->tbl[i] != NULL) free(h->tbl[i]); + } + free(h->tbl); + free(h); +} + +/* Compute hash value for a string */ +static unsigned int +hashval(char *s) +{ + unsigned hv; + + for(hv = 0; *s != '\0'; s++) { + hv ^= ((hv << 3) ^ *s); + } + return(hv); +} + +/* Add an element to a hash table */ +static void +add_hash(struct hashtbl *h, char *el) +{ + unsigned hv; + char *s; + char **old; + int i; + + /* Make space if it isn't there already */ + if(h->entries + 1 > (h->size >> 1)) { + old = h->tbl; + h->tbl = (char **) calloc(h->size << 1, sizeof(char *)); + for(i = 0; i < h->size; i++) { + if(old[i] != NULL) { + hv = hashval(old[i]) % (h->size << 1); + while(h->tbl[hv] != NULL) hv = (hv+1) % (h->size << 1); + h->tbl[hv] = old[i]; + } + } + h->size = h->size << 1; + free(old); + } + + hv = hashval(el) % h->size; + while(h->tbl[hv] != NULL && strcmp(h->tbl[hv], el)) hv = (hv+1) % h->size; + s = strdup(el); + h->tbl[hv] = s; + h->entries++; +} + +/* Returns nonzero if el is in h */ +static int +check_hash(struct hashtbl *h, char *el) +{ + unsigned hv; + + for(hv = hashval(el) % h->size; + h->tbl[hv] != NULL; + hv = (hv + 1) % h->size) { + if(!strcmp(h->tbl[hv], el)) return(1); + } + return(0); +} + +struct acl { + char filename[LINESIZE]; /* Name of acl file */ + int fd; /* File descriptor for acl file */ + struct stat status; /* File status at last read */ + struct hashtbl *acl; /* Acl entries */ +}; + +static struct acl acl_cache[CACHED_ACLS]; + +static int acl_cache_count = 0; +static int acl_cache_next = 0; + +/* Returns < 0 if unsuccessful in loading acl */ +/* Returns index into acl_cache otherwise */ +/* Note that if acl is already loaded, this is just a lookup */ +static int +acl_load(char *name) +{ + int i; + FILE *f; + struct stat s; + char buf[MAX_PRINCIPAL_SIZE]; + char canon[MAX_PRINCIPAL_SIZE]; + + /* See if it's there already */ + for(i = 0; i < acl_cache_count; i++) { + if(!strcmp(acl_cache[i].filename, name) + && acl_cache[i].fd >= 0) goto got_it; + } + + /* It isn't, load it in */ + /* maybe there's still room */ + if(acl_cache_count < CACHED_ACLS) { + i = acl_cache_count++; + } else { + /* No room, clean one out */ + i = acl_cache_next; + acl_cache_next = (acl_cache_next + 1) % CACHED_ACLS; + close(acl_cache[i].fd); + if(acl_cache[i].acl) { + destroy_hash(acl_cache[i].acl); + acl_cache[i].acl = (struct hashtbl *) 0; + } + } + + /* Set up the acl */ + strcpy(acl_cache[i].filename, name); + if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1); + /* Force reload */ + acl_cache[i].acl = (struct hashtbl *) 0; + + got_it: + /* + * See if the stat matches + * + * Use stat(), not fstat(), as the file may have been re-created by + * acl_add or acl_delete. If this happens, the old inode will have + * no changes in the mod-time and the following test will fail. + */ + if(stat(acl_cache[i].filename, &s) < 0) return(-1); + if(acl_cache[i].acl == (struct hashtbl *) 0 + || s.st_nlink != acl_cache[i].status.st_nlink + || s.st_mtime != acl_cache[i].status.st_mtime + || s.st_ctime != acl_cache[i].status.st_ctime) { + /* Gotta reload */ + if(acl_cache[i].fd >= 0) close(acl_cache[i].fd); + if((acl_cache[i].fd = open(name, O_RDONLY, 0)) < 0) return(-1); + if((f = fdopen(acl_cache[i].fd, "r")) == NULL) return(-1); + if(acl_cache[i].acl) destroy_hash(acl_cache[i].acl); + acl_cache[i].acl = make_hash(ACL_LEN); + while(fgets(buf, sizeof(buf), f) != NULL) { + nuke_whitespace(buf); + acl_canonicalize_principal(buf, canon); + add_hash(acl_cache[i].acl, canon); + } + fclose(f); + acl_cache[i].status = s; + } + return(i); +} + +/* Returns nonzero if it can be determined that acl contains principal */ +/* Principal is not canonicalized, and no wildcarding is done */ +int +acl_exact_match(char *acl, char *principal) +{ + int idx; + + return((idx = acl_load(acl)) >= 0 + && check_hash(acl_cache[idx].acl, principal)); +} + +/* Returns nonzero if it can be determined that acl contains principal */ +/* Recognizes wildcards in acl of the form + name.*@realm, *.*@realm, and *.*@* */ +int +acl_check(char *acl, char *principal) +{ + char buf[MAX_PRINCIPAL_SIZE]; + char canon[MAX_PRINCIPAL_SIZE]; + char *realm; + + acl_canonicalize_principal(principal, canon); + + /* Is it there? */ + if(acl_exact_match(acl, canon)) return(1); + + /* Try the wildcards */ + realm = strchr(canon, REALM_SEP); + *strchr(canon, INST_SEP) = '\0'; /* Chuck the instance */ + + snprintf(buf, sizeof(buf), "%s.*%s", canon, realm); + if(acl_exact_match(acl, buf)) return(1); + + snprintf(buf, sizeof(buf), "*.*%s", realm); + if(acl_exact_match(acl, buf) || acl_exact_match(acl, "*.*@*")) return(1); + + return(0); +} + +/* Adds principal to acl */ +/* Wildcards are interpreted literally */ +int +acl_add(char *acl, char *principal) +{ + int idx; + int i; + FILE *new; + char canon[MAX_PRINCIPAL_SIZE]; + + acl_canonicalize_principal(principal, canon); + + if((new = acl_lock_file(acl)) == NULL) return(-1); + if((acl_exact_match(acl, canon)) + || (idx = acl_load(acl)) < 0) { + acl_abort(acl, new); + return(-1); + } + /* It isn't there yet, copy the file and put it in */ + for(i = 0; i < acl_cache[idx].acl->size; i++) { + if(acl_cache[idx].acl->tbl[i] != NULL) { + if(fputs(acl_cache[idx].acl->tbl[i], new) == EOF + || putc('\n', new) != '\n') { + acl_abort(acl, new); + return(-1); + } + } + } + fputs(canon, new); + putc('\n', new); + return(acl_commit(acl, new)); +} + +/* Removes principal from acl */ +/* Wildcards are interpreted literally */ +int +acl_delete(char *acl, char *principal) +{ + int idx; + int i; + FILE *new; + char canon[MAX_PRINCIPAL_SIZE]; + + acl_canonicalize_principal(principal, canon); + + if((new = acl_lock_file(acl)) == NULL) return(-1); + if((!acl_exact_match(acl, canon)) + || (idx = acl_load(acl)) < 0) { + acl_abort(acl, new); + return(-1); + } + /* It isn't there yet, copy the file and put it in */ + for(i = 0; i < acl_cache[idx].acl->size; i++) { + if(acl_cache[idx].acl->tbl[i] != NULL + && strcmp(acl_cache[idx].acl->tbl[i], canon)) { + fputs(acl_cache[idx].acl->tbl[i], new); + putc('\n', new); + } + } + return(acl_commit(acl, new)); +} diff --git a/crypto/kerberosIV/lib/acl/acl_files.doc b/crypto/kerberosIV/lib/acl/acl_files.doc new file mode 100644 index 0000000..78c448a --- /dev/null +++ b/crypto/kerberosIV/lib/acl/acl_files.doc @@ -0,0 +1,107 @@ +PROTOTYPE ACL LIBRARY + +Introduction + +An access control list (ACL) is a list of principals, where each +principal is is represented by a text string which cannot contain +whitespace. The library allows application programs to refer to named +access control lists to test membership and to atomically add and +delete principals using a natural and intuitive interface. At +present, the names of access control lists are required to be Unix +filenames, and refer to human-readable Unix files; in the future, when +a networked ACL server is implemented, the names may refer to a +different namespace specific to the ACL service. + + +Usage + +cc <files> -lacl -lkrb. + + + +Principal Names + +Principal names have the form + +<name>[.<instance>][@<realm>] + +e.g. + +asp +asp.root +asp@ATHENA.MIT.EDU +asp.@ATHENA.MIT.EDU +asp.root@ATHENA.MIT.EDU + +It is possible for principals to be underspecified. If instance is +missing, it is assumed to be "". If realm is missing, it is assumed +to be local_realm. The canonical form contains all of name, instance, +and realm; the acl_add and acl_delete routines will always +leave the file in that form. Note that the canonical form of +asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU. + + +Routines + +acl_canonicalize_principal(principal, buf) +char *principal; +char *buf; /*RETVAL*/ + +Store the canonical form of principal in buf. Buf must contain enough +space to store a principal, given the limits on the sizes of name, +instance, and realm specified in /usr/include/krb.h. + +acl_check(acl, principal) +char *acl; +char *principal; + +Returns nonzero if principal appears in acl. Returns 0 if principal +does not appear in acl, or if an error occurs. Canonicalizes +principal before checking, and allows the ACL to contain wildcards. + +acl_exact_match(acl, principal) +char *acl; +char *principal; + +Like acl_check, but does no canonicalization or wildcarding. + +acl_add(acl, principal) +char *acl; +char *principal; + +Atomically adds principal to acl. Returns 0 if successful, nonzero +otherwise. It is considered a failure if principal is already in acl. +This routine will canonicalize principal, but will treat wildcards +literally. + +acl_delete(acl, principal) +char *acl; +char *principal; + +Atomically deletes principal from acl. Returns 0 if successful, +nonzero otherwise. It is consider a failure if principal is not +already in acl. This routine will canonicalize principal, but will +treat wildcards literally. + +acl_initialize(acl, mode) +char *acl; +int mode; + +Initialize acl. If acl file does not exist, creates it with mode +mode. If acl exists, removes all members. Returns 0 if successful, +nonzero otherwise. WARNING: Mode argument is likely to change with +the eventual introduction of an ACL service. + + +Known problems + +In the presence of concurrency, there is a very small chance that +acl_add or acl_delete could report success even though it would have +had no effect. This is a necessary side effect of using lock files +for concurrency control rather than flock(2), which is not supported +by NFS. + +The current implementation caches ACLs in memory in a hash-table +format for increased efficiency in checking membership; one effect of +the caching scheme is that one file descriptor will be kept open for +each ACL cached, up to a maximum of 8. diff --git a/crypto/kerberosIV/lib/kadm/Makefile.in b/crypto/kerberosIV/lib/kadm/Makefile.in new file mode 100644 index 0000000..1dafd4f --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/Makefile.in @@ -0,0 +1,92 @@ +# +# $Id: Makefile.in,v 1.30 1997/05/06 03:47:28 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +LN_S = @LN_S@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +COMPILE_ET = ../../util/et/compile_et$(EXECSUFFIX) -language ansi-c + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)kadm +LIBEXT = @LIBEXT@ +LIBPREFIX = @LIBPREFIX@ +EXECSUFFIX = @EXECSUFFIX@ +SHLIBEXT = @SHLIBEXT@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) + +SOURCES = kadm_cli_wrap.c kadm_err.c kadm_stream.c kadm_supp.c + +OBJECTS = kadm_cli_wrap.o kadm_err.o kadm_stream.o kadm_supp.o + +all: $(LIB) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) *.o *.a kadm_err.c kadm_err.h + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) + rm -f $@ + $(AR) cr $@ $(OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) + +kadm_err.c kadm_err.h: kadm_err.et + test -r kadm_err.et || (rm -f kadm_err.et && $(LN_S) $(srcdir)/kadm_err.et .) + $(COMPILE_ET) kadm_err.et + +$(OBJECTS): ../../include/config.h +$(OBJECTS): kadm_err.h kadm_locl.h diff --git a/crypto/kerberosIV/lib/kadm/kadm.h b/crypto/kerberosIV/lib/kadm/kadm.h new file mode 100644 index 0000000..d18f592 --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm.h @@ -0,0 +1,143 @@ +/* + * $Id: kadm.h,v 1.12 1996/11/17 20:04:39 assar Exp $ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Definitions for Kerberos administration server & client + */ + +#ifndef KADM_DEFS +#define KADM_DEFS + +/* + * kadm.h + * Header file for the fourth attempt at an admin server + * Doug Church, December 28, 1989, MIT Project Athena + */ + +#include <krb_db.h> + +/* The global structures for the client and server */ +typedef struct { + struct sockaddr_in admin_addr; + struct sockaddr_in my_addr; + int my_addr_len; + int admin_fd; /* file descriptor for link to admin server */ + char sname[ANAME_SZ]; /* the service name */ + char sinst[INST_SZ]; /* the services instance */ + char krbrlm[REALM_SZ]; +} Kadm_Client; + +typedef struct { /* status of the server, i.e the parameters */ + int inter; /* Space for command line flags */ + char *sysfile; /* filename of server */ +} admin_params; /* Well... it's the admin's parameters */ + +/* Largest password length to be supported */ +#define MAX_KPW_LEN 128 +/* Minimum allowed password length */ +#define MIN_KPW_LEN 6 + +/* Largest packet the admin server will ever allow itself to return */ +#define KADM_RET_MAX 2048 + +/* That's right, versions are 8 byte strings */ +#define KADM_VERSTR "KADM0.0A" +#define KADM_ULOSE "KYOULOSE" /* sent back when server can't + decrypt client's msg */ +#define KADM_VERSIZE strlen(KADM_VERSTR) + +/* the lookups for the server instances */ +#define PWSERV_NAME "changepw" +#define KADM_SNAME "kerberos_master" +#define KADM_PORT 751 +#define KADM_SINST "kerberos" + +/* Attributes fields constants and macros */ +#define ALLOC 2 +#define RESERVED 3 +#define DEALLOC 4 +#define DEACTIVATED 5 +#define ACTIVE 6 + +/* Kadm_vals structure for passing db fields into the server routines */ +#define FLDSZ 4 + +typedef struct { + u_int8_t fields[FLDSZ]; /* The active fields in this struct */ + char name[ANAME_SZ]; + char instance[INST_SZ]; + u_int32_t key_low; + u_int32_t key_high; + u_int32_t exp_date; + u_int16_t attributes; + u_int8_t max_life; +} Kadm_vals; /* The basic values structure in Kadm */ + +/* Kadm_vals structure for passing db fields into the server routines */ +#define FLDSZ 4 + +/* Need to define fields types here */ +#define KADM_NAME 31 +#define KADM_INST 30 +#define KADM_EXPDATE 29 +#define KADM_ATTR 28 +#define KADM_MAXLIFE 27 +#define KADM_DESKEY 26 + +/* To set a field entry f in a fields structure d */ +#define SET_FIELD(f,d) (d[3-(f/8)]|=(1<<(f%8))) + +/* To set a field entry f in a fields structure d */ +#define CLEAR_FIELD(f,d) (d[3-(f/8)]&=(~(1<<(f%8)))) + +/* Is field f in fields structure d */ +#define IS_FIELD(f,d) (d[3-(f/8)]&(1<<(f%8))) + +/* Various return codes */ +#define KADM_SUCCESS 0 + +#define WILDCARD_STR "*" + +enum acl_types { +ADDACL, +GETACL, +MODACL, +STABACL, /* not used */ +DELACL +}; + +/* Various opcodes for the admin server's functions */ +#define CHANGE_PW 2 +#define ADD_ENT 3 +#define MOD_ENT 4 +#define GET_ENT 5 +#define CHECK_PW 6 /* not used */ +#define CHG_STAB 7 /* not used */ +#define DEL_ENT 8 + +void prin_vals __P((Kadm_vals *)); +int stv_long __P((u_char *, u_int32_t *, int, int)); +int vts_long __P((u_int32_t, u_char **, int)); +int vts_string __P((char *, u_char **, int)); +int stv_string __P((u_char *, char *, int, int, int)); + +int stream_to_vals __P((u_char *, Kadm_vals *, int)); +int vals_to_stream __P((Kadm_vals *, u_char **)); + +int kadm_init_link __P((char *, char *, char *)); +int kadm_change_pw __P((unsigned char *)); +int kadm_change_pw_plain __P((unsigned char *, char *, char**)); +int kadm_mod __P((Kadm_vals *, Kadm_vals *)); +int kadm_get __P((Kadm_vals *, u_char *)); +int kadm_add __P((Kadm_vals *)); +int kadm_del __P((Kadm_vals *)); +void kadm_vals_to_prin __P((u_char *, Principal *, Kadm_vals *)); +void kadm_prin_to_vals __P((u_char *, Kadm_vals *, Principal *)); + + + +#endif /* KADM_DEFS */ diff --git a/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c b/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c new file mode 100644 index 0000000..1e5c4f3 --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm_cli_wrap.c @@ -0,0 +1,545 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Kerberos administration server client-side routines + */ + +/* + * kadm_cli_wrap.c the client side wrapping of the calls to the admin server + */ + +#include "kadm_locl.h" + +RCSID("$Id: kadm_cli_wrap.c,v 1.21 1997/05/02 10:28:11 joda Exp $"); + +#ifndef NULL +#define NULL 0 +#endif + +static Kadm_Client client_parm; + +/* Macros for use in returning data... used in kadm_cli_send */ +#define RET_N_FREE(r) {clear_secrets(); free((char *)act_st); free((char *)priv_pak); return r;} + +/* Keys for use in the transactions */ +static des_cblock sess_key; /* to be filled in by kadm_cli_keyd */ +static des_key_schedule sess_sched; + +static void +clear_secrets(void) +{ + memset(sess_key, 0, sizeof(sess_key)); + memset(sess_sched, 0, sizeof(sess_sched)); + return; +} + +static RETSIGTYPE (*opipe)(); + +static void +kadm_cli_disconn(void) +{ + close(client_parm.admin_fd); + signal(SIGPIPE, opipe); + return; +} + +/* + * kadm_init_link + * receives : name, inst, realm + * + * initializes client parm, the Kadm_Client structure which holds the + * data about the connection between the server and client, the services + * used, the locations and other fun things + */ + +int +kadm_init_link(char *n, char *i, char *r) +{ + struct hostent *hop; /* host we will talk to */ + char adm_hostname[MaxHostNameLen]; + + init_kadm_err_tbl(); + init_krb_err_tbl(); + strcpy(client_parm.sname, n); + strcpy(client_parm.sinst, i); + strcpy(client_parm.krbrlm, r); + client_parm.admin_fd = -1; + + /* set up the admin_addr - fetch name of admin host */ + if (krb_get_admhst(adm_hostname, client_parm.krbrlm, 1) != KSUCCESS) + return KADM_NO_HOST; + if ((hop = gethostbyname(adm_hostname)) == NULL) + return KADM_UNK_HOST; + memset(&client_parm.admin_addr, 0, sizeof(client_parm.admin_addr)); + client_parm.admin_addr.sin_port = + k_getportbyname(KADM_SNAME, "tcp", htons(KADM_PORT)); + client_parm.admin_addr.sin_family = hop->h_addrtype; + memcpy(&client_parm.admin_addr.sin_addr, hop->h_addr, + sizeof(client_parm.admin_addr.sin_addr)); + + return KADM_SUCCESS; +} + +static int +kadm_cli_conn(void) +{ /* this connects and sets my_addr */ + int on = 1; + + if ((client_parm.admin_fd = + socket(client_parm.admin_addr.sin_family, SOCK_STREAM,0)) < 0) + return KADM_NO_SOCK; /* couldnt create the socket */ + if (connect(client_parm.admin_fd, + (struct sockaddr *) & client_parm.admin_addr, + sizeof(client_parm.admin_addr))) { + close(client_parm.admin_fd); + client_parm.admin_fd = -1; + return KADM_NO_CONN; /* couldnt get the connect */ + } + opipe = signal(SIGPIPE, SIG_IGN); + client_parm.my_addr_len = sizeof(client_parm.my_addr); + if (getsockname(client_parm.admin_fd, + (struct sockaddr *) & client_parm.my_addr, + &client_parm.my_addr_len) < 0) { + close(client_parm.admin_fd); + client_parm.admin_fd = -1; + signal(SIGPIPE, opipe); + return KADM_NO_HERE; /* couldnt find out who we are */ + } +#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT) + if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, + (void *)&on, + sizeof(on)) < 0) { + close(client_parm.admin_fd); + client_parm.admin_fd = -1; + signal(SIGPIPE, opipe); + return KADM_NO_CONN; /* XXX */ + } +#endif + return KADM_SUCCESS; +} + +/* takes in the sess_key and key_schedule and sets them appropriately */ +static int +kadm_cli_keyd(des_cblock (*s_k), struct des_ks_struct *s_s) + /* session key */ + /* session key schedule */ +{ + CREDENTIALS cred; /* to get key data */ + int stat; + + /* want .sname and .sinst here.... */ + if ((stat = krb_get_cred(client_parm.sname, client_parm.sinst, + client_parm.krbrlm, &cred))) + return stat + krb_err_base; + memcpy(s_k, cred.session, sizeof(des_cblock)); + memset(cred.session, 0, sizeof(des_cblock)); +#ifdef NOENCRYPTION + memset(s_s, 0, sizeof(des_key_schedule)); +#else + if ((stat = des_key_sched(s_k,s_s))) + return(stat+krb_err_base); +#endif + return KADM_SUCCESS; +} /* This code "works" */ + +static int +kadm_cli_out(u_char *dat, int dat_len, u_char **ret_dat, int *ret_siz) +{ + u_int16_t dlen; + int retval; + char tmp[4]; + + dlen = (u_int16_t) dat_len; + + if (dat_len != (int)dlen) + return (KADM_NO_ROOM); + + tmp[0] = (dlen >> 8) & 0xff; + tmp[1] = dlen & 0xff; + if (krb_net_write(client_parm.admin_fd, tmp, 2) != 2) + return (errno); /* XXX */ + + if (krb_net_write(client_parm.admin_fd, (char *) dat, dat_len) < 0) + return (errno); /* XXX */ + + + if ((retval = krb_net_read(client_parm.admin_fd, tmp, 2)) != 2){ + if (retval < 0) + return(errno); /* XXX */ + else + return(EPIPE); /* short read ! */ + } + dlen = (tmp[0] << 8) | tmp[1]; + + *ret_dat = (u_char *)malloc((unsigned)dlen); + if (!*ret_dat) + return(KADM_NOMEM); + + if ((retval = krb_net_read(client_parm.admin_fd, *ret_dat, + dlen) != dlen)) { + if (retval < 0) + return(errno); /* XXX */ + else + return(EPIPE); /* short read ! */ + } + *ret_siz = (int) dlen; + return KADM_SUCCESS; +} + +/* + * kadm_cli_send + * recieves : opcode, packet, packet length, serv_name, serv_inst + * returns : return code from the packet build, the server, or + * something else + * + * It assembles a packet as follows: + * 8 bytes : VERSION STRING + * 4 bytes : LENGTH OF MESSAGE DATA and OPCODE + * : KTEXT + * : OPCODE \ + * : DATA > Encrypted (with make priv) + * : ...... / + * + * If it builds the packet and it is small enough, then it attempts to open the + * connection to the admin server. If the connection is succesfully open + * then it sends the data and waits for a reply. + */ +static int +kadm_cli_send(u_char *st_dat, int st_siz, u_char **ret_dat, int *ret_siz) + /* the actual data */ + /* length of said data */ + /* to give return info */ + /* length of returned info */ +{ + int act_len, retdat; /* current offset into packet, return + * data */ + KTEXT_ST authent; /* the authenticator we will build */ + u_char *act_st; /* the pointer to the complete packet */ + u_char *priv_pak; /* private version of the packet */ + int priv_len; /* length of private packet */ + u_int32_t cksum; /* checksum of the packet */ + MSG_DAT mdat; + u_char *return_dat; + + act_st = (u_char *) malloc(KADM_VERSIZE); /* verstr stored first */ + strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE); + act_len = KADM_VERSIZE; + + if ((retdat = kadm_cli_keyd(&sess_key, sess_sched)) != KADM_SUCCESS) { + free(act_st); + return retdat; /* couldnt get key working */ + } + priv_pak = (u_char *) malloc((unsigned)(st_siz + 200)); + /* 200 bytes for extra info case */ + if ((priv_len = krb_mk_priv(st_dat, priv_pak, (u_int32_t)st_siz, + sess_sched, &sess_key, &client_parm.my_addr, + &client_parm.admin_addr)) < 0) + RET_N_FREE(KADM_NO_ENCRYPT); /* whoops... we got a lose + * here */ + /* here is the length of priv data. receiver calcs + size of authenticator by subtracting vno size, priv size, and + sizeof(u_int32_t) (for the size indication) from total size */ + + act_len += vts_long((u_int32_t) priv_len, &act_st, act_len); +#ifdef NOENCRYPTION + cksum = 0; +#else + cksum = des_quad_cksum((des_cblock *)priv_pak, (des_cblock *)0, (long)priv_len, 0, + &sess_key); +#endif + if ((retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst, + client_parm.krbrlm, cksum))) { + /* authenticator? */ + RET_N_FREE(retdat + krb_err_base); + } + + act_st = (u_char *) realloc(act_st, + act_len + authent.length + priv_len); + if (!act_st) { + clear_secrets(); + free(priv_pak); + return(KADM_NOMEM); + } + memcpy((char *)act_st + act_len, authent.dat, authent.length); + memcpy((char *)act_st + act_len + authent.length, priv_pak, priv_len); + free(priv_pak); + if ((retdat = kadm_cli_out(act_st, + act_len + authent.length + priv_len, + ret_dat, ret_siz)) != KADM_SUCCESS) + RET_N_FREE(retdat); + free(act_st); +#define RET_N_FREE2(r) {free(*ret_dat); clear_secrets(); return(r);} + + /* first see if it's a YOULOUSE */ + if ((*ret_siz >= KADM_VERSIZE) && + !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE)) { + unsigned char *p; + /* it's a youlose packet */ + if (*ret_siz < KADM_VERSIZE + 4) + RET_N_FREE2(KADM_BAD_VER); + p = (*ret_dat)+KADM_VERSIZE; + retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + RET_N_FREE2(retdat); + } + /* need to decode the ret_dat */ + if ((retdat = krb_rd_priv(*ret_dat, (u_int32_t)*ret_siz, sess_sched, + &sess_key, &client_parm.admin_addr, + &client_parm.my_addr, &mdat))) + RET_N_FREE2(retdat+krb_err_base); + if (mdat.app_length < KADM_VERSIZE + 4) + /* too short! */ + RET_N_FREE2(KADM_BAD_VER); + if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE)) + /* bad version */ + RET_N_FREE2(KADM_BAD_VER); + { + unsigned char *p = mdat.app_data+KADM_VERSIZE; + retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + } + { + int s=mdat.app_length - KADM_VERSIZE - 4; + if(s<=0) s=1; + if (!(return_dat = (u_char *)malloc(s))) + RET_N_FREE2(KADM_NOMEM); + } + memcpy(return_dat, + (char *) mdat.app_data + KADM_VERSIZE + 4, + mdat.app_length - KADM_VERSIZE - 4); + free(*ret_dat); + clear_secrets(); + *ret_dat = return_dat; + *ret_siz = mdat.app_length - KADM_VERSIZE - 4; + return retdat; +} + + + +/* + * kadm_change_pw_plain + * + * see kadm_change_pw + * + */ +int kadm_change_pw_plain(unsigned char *newkey, char *password, char **pw_msg) +{ + int stsize, retc; /* stream size and return code */ + u_char *send_st; /* send stream */ + u_char *ret_st; + int ret_sz; + int status; + static char msg[128]; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + /* possible problem with vts_long on a non-multiple of four boundary */ + + stsize = 0; /* start of our output packet */ + send_st = (u_char *) malloc(1);/* to make it reallocable */ + send_st[stsize++] = (u_char) CHANGE_PW; + + /* change key to stream */ + + send_st = realloc(send_st, stsize + 8); + memcpy(send_st + stsize + 4, newkey, 4); /* yes, this is backwards */ + memcpy(send_st + stsize, newkey + 4, 4); + stsize += 8; + + if(password && *password) + stsize += vts_string(password, &send_st, stsize); + + retc = kadm_cli_send(send_st, stsize, &ret_st, &ret_sz); + free(send_st); + + if(retc != KADM_SUCCESS){ + status = stv_string(ret_st, msg, 0, sizeof(msg), ret_sz); + if(status<0) + msg[0]=0; + *pw_msg=msg; + } + + if (ret_st) + free(ret_st); + + kadm_cli_disconn(); + return(retc); +} + +/* + * kadm_change_pw + * recieves : key + * + * Replaces the password (i.e. des key) of the caller with that specified in + * key. Returns no actual data from the master server, since this is called + * by a user + */ + +int kadm_change_pw(unsigned char *newkey) +{ + char *pw_msg; + return kadm_change_pw_plain(newkey, "", &pw_msg); +} + +/* + * kadm_add + * receives : vals + * returns : vals + * + * Adds and entry containing values to the database returns the values of the + * entry, so if you leave certain fields blank you will be able to determine + * the default values they are set to + */ +int +kadm_add(Kadm_vals *vals) +{ + u_char *st, *st2; /* st will hold the stream of values */ + int st_len; /* st2 the final stream with opcode */ + int retc; /* return code from call */ + u_char *ret_st; + int ret_sz; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + st_len = vals_to_stream(vals, &st); + st2 = (u_char *) malloc((unsigned)(1 + st_len)); + *st2 = (u_char) ADD_ENT; /* here's the opcode */ + memcpy((char *) st2 + 1, st, st_len); /* append st on */ + retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz); + free(st); + free(st2); + if (retc == KADM_SUCCESS) { + /* ret_st has vals */ + if (stream_to_vals(ret_st, vals, ret_sz) < 0) + retc = KADM_LENGTH_ERROR; + free(ret_st); + } + kadm_cli_disconn(); + return(retc); +} + +/* + * kadm_mod + * receives : KTEXT, {values, values} + * returns : CKSUM, RETCODE, {values} + * acl : su, sms (as register or dealloc) + * + * Modifies all entries corresponding to the first values so they match the + * second values. returns the values for the changed entries in vals2 + */ +int +kadm_mod(Kadm_vals *vals1, Kadm_vals *vals2) +{ + u_char *st, *st2; /* st will hold the stream of values */ + int st_len, nlen; /* st2 the final stream with opcode */ + u_char *ret_st; + int ret_sz; + + /* nlen is the length of second vals */ + int retc; /* return code from call */ + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + + st_len = vals_to_stream(vals1, &st); + st2 = (u_char *) malloc((unsigned)(1 + st_len)); + *st2 = (u_char) MOD_ENT; /* here's the opcode */ + memcpy((char *)st2 + 1, st, st_len++); /* append st on */ + free(st); + nlen = vals_to_stream(vals2, &st); + st2 = (u_char *) realloc((char *) st2, (unsigned)(st_len + nlen)); + memcpy((char *) st2 + st_len, st, nlen); /* append st on */ + retc = kadm_cli_send(st2, st_len + nlen, &ret_st, &ret_sz); + free(st); + free(st2); + if (retc == KADM_SUCCESS) { + /* ret_st has vals */ + if (stream_to_vals(ret_st, vals2, ret_sz) < 0) + retc = KADM_LENGTH_ERROR; + free(ret_st); + } + kadm_cli_disconn(); + return(retc); +} + + +int +kadm_del(Kadm_vals *vals) +{ + unsigned char *st, *st2; /* st will hold the stream of values */ + int st_len; /* st2 the final stream with opcode */ + int retc; /* return code from call */ + u_char *ret_st; + int ret_sz; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + st_len = vals_to_stream(vals, &st); + st2 = (unsigned char *) malloc(st_len + 1); + *st2 = DEL_ENT; /* here's the opcode */ + memcpy(st2 + 1, st, st_len); /* append st on */ + retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz); + free(st); + free(st2); + kadm_cli_disconn(); + return(retc); +} + + +/* + * kadm_get + * receives : KTEXT, {values, flags} + * returns : CKSUM, RETCODE, {count, values, values, values} + * acl : su + * + * gets the fields requested by flags from all entries matching values returns + * this data for each matching recipient, after a count of how many such + * matches there were + */ +int +kadm_get(Kadm_vals *vals, u_char *fl) +{ + int loop; /* for copying the fields data */ + u_char *st, *st2; /* st will hold the stream of values */ + int st_len; /* st2 the final stream with opcode */ + int retc; /* return code from call */ + u_char *ret_st; + int ret_sz; + + if ((retc = kadm_cli_conn()) != KADM_SUCCESS) + return(retc); + st_len = vals_to_stream(vals, &st); + st2 = (u_char *) malloc((unsigned)(1 + st_len + FLDSZ)); + *st2 = (u_char) GET_ENT; /* here's the opcode */ + memcpy((char *)st2 + 1, st, st_len); /* append st on */ + for (loop = FLDSZ - 1; loop >= 0; loop--) + *(st2 + st_len + FLDSZ - loop) = fl[loop]; /* append the flags */ + retc = kadm_cli_send(st2, st_len + 1 + FLDSZ, &ret_st, &ret_sz); + free(st); + free(st2); + if (retc == KADM_SUCCESS) { + /* ret_st has vals */ + if (stream_to_vals(ret_st, vals, ret_sz) < 0) + retc = KADM_LENGTH_ERROR; + free(ret_st); + } + kadm_cli_disconn(); + return(retc); +} diff --git a/crypto/kerberosIV/lib/kadm/kadm_err.et b/crypto/kerberosIV/lib/kadm/kadm_err.et new file mode 100644 index 0000000..0a7c7b6 --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm_err.et @@ -0,0 +1,59 @@ +# $Id: kadm_err.et,v 1.4 1996/06/12 08:01:34 bg Exp $ +# $Author: bg $ +# +# Copyright 1988 by the Massachusetts Institute of Technology. +# +# For copying and distribution information, please see the file +# <mit-copyright.h>. +# +# Kerberos administration server error table +# + et kadm + +# KADM_SUCCESS, as all success codes should be, is zero + +ec KADM_RCSID, "$Id: kadm_err.et,v 1.4 1996/06/12 08:01:34 bg Exp $" +# /* Building and unbuilding the packet errors */ +ec KADM_NO_REALM, "Cannot fetch local realm" +ec KADM_NO_CRED, "Unable to fetch credentials" +ec KADM_BAD_KEY, "Bad key supplied" +ec KADM_NO_ENCRYPT, "Can't encrypt data" +ec KADM_NO_AUTH, "Cannot encode/decode authentication info" +ec KADM_WRONG_REALM, "Principal attemping change is in wrong realm" +ec KADM_NO_ROOM, "Packet is too large" +ec KADM_BAD_VER, "Version number is incorrect" +ec KADM_BAD_CHK, "Checksum does not match" +ec KADM_NO_READ, "Unsealing private data failed" +ec KADM_NO_OPCODE, "Unsupported operation" +ec KADM_NO_HOST, "Could not find administrating host" +ec KADM_UNK_HOST, "Administrating host name is unknown" +ec KADM_NO_SERV, "Could not find service name in services database" +ec KADM_NO_SOCK, "Could not create socket" +ec KADM_NO_CONN, "Could not connect to server" +ec KADM_NO_HERE, "Could not fetch local socket address" +ec KADM_NO_MAST, "Could not fetch master key" +ec KADM_NO_VERI, "Could not verify master key" + +# /* From the server side routines */ +ec KADM_INUSE, "Entry already exists in database" +ec KADM_UK_SERROR, "Database store error" +ec KADM_UK_RERROR, "Database read error" +ec KADM_UNAUTH, "Insufficient access to perform requested operation" +# KADM_DATA isn't really an error, but... +ec KADM_DATA, "Data is available for return to client" +ec KADM_NOENTRY, "No such entry in the database" + +ec KADM_NOMEM, "Memory exhausted" +ec KADM_NO_HOSTNAME, "Could not fetch system hostname" +ec KADM_NO_BIND, "Could not bind port" +ec KADM_LENGTH_ERROR, "Length mismatch problem" +ec KADM_ILL_WILDCARD, "Illegal use of wildcard" + +ec KADM_DB_INUSE, "Database is locked or in use--try again later" + +ec KADM_INSECURE_PW, "Insecure password rejected" +ec KADM_PW_MISMATCH, "Cleartext password and DES key did not match" + +ec KADM_NOT_SERV_PRINC, "Invalid principal for change srvtab request" +ec KADM_IMMUTABLE, "Attempt do delete immutable principal" +end diff --git a/crypto/kerberosIV/lib/kadm/kadm_locl.h b/crypto/kerberosIV/lib/kadm/kadm_locl.h new file mode 100644 index 0000000..e6e374b --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm_locl.h @@ -0,0 +1,90 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kadm_locl.h,v 1.9 1997/05/20 18:40:44 bg Exp $ */ + +#include "config.h" +#include "protos.h" + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#include <signal.h> +#include <time.h> +#include <errno.h> + +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif + +#ifdef SOCKS +#include <socks.h> +#endif + +#include <roken.h> + +#include <des.h> +#include <krb.h> +#include <krb_err.h> +#include <krb_db.h> +#include <kadm.h> +#include <kadm_err.h> + +int vts_long __P((u_int32_t, u_char **, int)); +int vals_to_stream __P((Kadm_vals *, u_char **)); +int stream_to_vals __P((u_char *, Kadm_vals *, int)); + +int kadm_init_link __P((char n[], char i[], char r[])); +int kadm_change_pw __P((des_cblock)); +int kadm_add __P((Kadm_vals *)); +int kadm_mod __P((Kadm_vals *, Kadm_vals *)); +int kadm_get __P((Kadm_vals *, u_char fl[4])); + + diff --git a/crypto/kerberosIV/lib/kadm/kadm_stream.c b/crypto/kerberosIV/lib/kadm/kadm_stream.c new file mode 100644 index 0000000..33fe177 --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm_stream.c @@ -0,0 +1,299 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Stream conversion functions for Kerberos administration server + */ + +/* + kadm_stream.c + this holds the stream support routines for the kerberos administration server + + vals_to_stream: converts a vals struct to a stream for transmission + internals build_field_header, vts_[string, char, long, short] + stream_to_vals: converts a stream to a vals struct + internals check_field_header, stv_[string, char, long, short] + error: prints out a kadm error message, returns + fatal: prints out a kadm fatal error message, exits +*/ + +#include "kadm_locl.h" + +RCSID("$Id: kadm_stream.c,v 1.11 1997/05/02 10:28:05 joda Exp $"); + +static int +build_field_header(u_char *cont, u_char **st) + /* container for fields data */ + /* stream */ +{ + *st = (u_char *) malloc (4); + memcpy(*st, cont, 4); + return 4; /* return pointer to current stream location */ +} + +static int +check_field_header(u_char *st, u_char *cont, int maxlen) + /* stream */ + /* container for fields data */ + +{ + if (4 > maxlen) + return(-1); + memcpy(cont, st, 4); + return 4; /* return pointer to current stream location */ +} + +int +vts_string(char *dat, u_char **st, int loc) + /* a string to put on the stream */ + /* base pointer to the stream */ + /* offset into the stream for current data */ +{ + *st = (u_char *) realloc (*st, (unsigned) (loc + strlen(dat) + 1)); + memcpy(*st + loc, dat, strlen(dat)+1); + return strlen(dat)+1; +} + + +static int +vts_short(u_int16_t dat, u_char **st, int loc) + /* the attributes field */ + /* a base pointer to the stream */ + /* offset into the stream for current data */ +{ + unsigned char *p; + p = realloc(*st, loc + 2); + if(p == NULL){ + abort(); + } + p[loc] = (dat >> 8) & 0xff; + p[loc+1] = dat & 0xff; + *st = p; + return 2; +} + +static int +vts_char(u_char dat, u_char **st, int loc) + /* the attributes field */ + /* a base pointer to the stream */ + /* offset into the stream for current data */ +{ + unsigned char *p = realloc(*st, loc + 1); + if(p == NULL){ + abort(); + } + p[loc] = dat; + *st = p; + return 1; +} + +int +vts_long(u_int32_t dat, u_char **st, int loc) + /* the attributes field */ + /* a base pointer to the stream */ + /* offset into the stream for current data */ +{ + unsigned char *p = realloc(*st, loc + 4); + if(p == NULL){ + abort(); + } + p[loc] = (dat >> 24) & 0xff; + p[loc+1] = (dat >> 16) & 0xff; + p[loc+2] = (dat >> 8) & 0xff; + p[loc+3] = dat & 0xff; + *st = p; + return 4; +} + +int +stv_string(u_char *st, /* base pointer to the stream */ + char *dat, /* a string to read from the stream */ + int loc, /* offset into the stream for current data */ + int stlen, /* max length of string to copy in */ + int maxlen) /* max length of input stream */ +{ + int maxcount; /* max count of chars to copy */ + + maxcount = min(maxlen - loc, stlen); + + if(maxcount <= 0) + return -1; + + strncpy(dat, (char *)st + loc, maxcount); + + if (dat[maxcount-1]) /* not null-term --> not enuf room */ + return(-1); + return strlen(dat)+1; +} + +static int +stv_short(u_char *st, u_int16_t *dat, int loc, int maxlen) + /* a base pointer to the stream */ + /* the attributes field */ + /* offset into the stream for current data */ + +{ + if (maxlen - loc < 2) + return -1; + + *dat = (st[loc] << 8) | st[loc + 1]; + return 2; +} + +int +stv_long(u_char *st, u_int32_t *dat, int loc, int maxlen) + /* a base pointer to the stream */ + /* the attributes field */ + /* offset into the stream for current data */ + /* maximum length of st */ +{ + if (maxlen - loc < 4) + return -1; + + *dat = (st[loc] << 24) | (st[loc+1] << 16) | (st[loc+2] << 8) | st[loc+3]; + return 4; +} + +static int +stv_char(u_char *st, u_char *dat, int loc, int maxlen) + /* a base pointer to the stream */ + /* the attributes field */ + /* offset into the stream for current data */ + +{ + if (maxlen - loc < 1) + return -1; + + *dat = st[loc]; + return 1; +} + +/* +vals_to_stream + recieves : kadm_vals *, u_char * + returns : a realloced and filled in u_char * + +this function creates a byte-stream representation of the kadm_vals structure +*/ +int +vals_to_stream(Kadm_vals *dt_in, u_char **dt_out) +{ + int vsloop, stsize; /* loop counter, stream size */ + + stsize = build_field_header(dt_in->fields, dt_out); + for (vsloop=31; vsloop>=0; vsloop--) + if (IS_FIELD(vsloop,dt_in->fields)) { + switch (vsloop) { + case KADM_NAME: + stsize+=vts_string(dt_in->name, dt_out, stsize); + break; + case KADM_INST: + stsize+=vts_string(dt_in->instance, dt_out, stsize); + break; + case KADM_EXPDATE: + stsize+=vts_long(dt_in->exp_date, dt_out, stsize); + break; + case KADM_ATTR: + stsize+=vts_short(dt_in->attributes, dt_out, stsize); + break; + case KADM_MAXLIFE: + stsize+=vts_char(dt_in->max_life, dt_out, stsize); + break; + case KADM_DESKEY: + stsize+=vts_long(dt_in->key_high, dt_out, stsize); + stsize+=vts_long(dt_in->key_low, dt_out, stsize); + break; + default: + break; + } +} + return(stsize); +} + +/* +stream_to_vals + recieves : u_char *, kadm_vals * + returns : a kadm_vals filled in according to u_char * + +this decodes a byte stream represntation of a vals struct into kadm_vals +*/ +int +stream_to_vals(u_char *dt_in, Kadm_vals *dt_out, int maxlen) + + + /* max length to use */ +{ + int vsloop, stsize; /* loop counter, stream size */ + int status; + + memset(dt_out, 0, sizeof(*dt_out)); + + stsize = check_field_header(dt_in, dt_out->fields, maxlen); + if (stsize < 0) + return(-1); + for (vsloop=31; vsloop>=0; vsloop--) + if (IS_FIELD(vsloop,dt_out->fields)) + switch (vsloop) { + case KADM_NAME: + if ((status = stv_string(dt_in, dt_out->name, stsize, + sizeof(dt_out->name), maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_INST: + if ((status = stv_string(dt_in, dt_out->instance, stsize, + sizeof(dt_out->instance), maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_EXPDATE: + if ((status = stv_long(dt_in, &dt_out->exp_date, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_ATTR: + if ((status = stv_short(dt_in, &dt_out->attributes, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_MAXLIFE: + if ((status = stv_char(dt_in, &dt_out->max_life, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + case KADM_DESKEY: + if ((status = stv_long(dt_in, &dt_out->key_high, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + if ((status = stv_long(dt_in, &dt_out->key_low, stsize, + maxlen)) < 0) + return(-1); + stsize += status; + break; + default: + break; + } + return stsize; +} diff --git a/crypto/kerberosIV/lib/kadm/kadm_supp.c b/crypto/kerberosIV/lib/kadm/kadm_supp.c new file mode 100644 index 0000000..9845267 --- /dev/null +++ b/crypto/kerberosIV/lib/kadm/kadm_supp.c @@ -0,0 +1,111 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Support functions for Kerberos administration server & clients + */ + +/* + kadm_supp.c + this holds the support routines for the kerberos administration server + + error: prints out a kadm error message, returns + fatal: prints out a kadm fatal error message, exits + prin_vals: prints out data associated with a Principal in the vals + structure +*/ + +#include "kadm_locl.h" + +RCSID("$Id: kadm_supp.c,v 1.8 1997/05/02 10:27:58 joda Exp $"); + +/* +prin_vals: + recieves : a vals structure +*/ +void +prin_vals(Kadm_vals *vals) +{ + printf("Info in Database for %s.%s:\n", vals->name, vals->instance); + printf(" Max Life: %d (%s) Exp Date: %s\n", + vals->max_life, + krb_life_to_atime(vals->max_life), + asctime(k_localtime(&vals->exp_date))); + printf(" Attribs: %.2x key: %#lx %#lx\n", + vals->attributes, + (long)vals->key_low, (long)vals->key_high); +} + +/* kadm_prin_to_vals takes a fields arguments, a Kadm_vals and a Principal, + it copies the fields in Principal specified by fields into Kadm_vals, + i.e from old to new */ + +void +kadm_prin_to_vals(u_char *fields, Kadm_vals *new, Principal *old) +{ + memset(new, 0, sizeof(*new)); + if (IS_FIELD(KADM_NAME,fields)) { + strncpy(new->name, old->name, ANAME_SZ); + SET_FIELD(KADM_NAME, new->fields); + } + if (IS_FIELD(KADM_INST,fields)) { + strncpy(new->instance, old->instance, INST_SZ); + SET_FIELD(KADM_INST, new->fields); + } + if (IS_FIELD(KADM_EXPDATE,fields)) { + new->exp_date = old->exp_date; + SET_FIELD(KADM_EXPDATE, new->fields); + } + if (IS_FIELD(KADM_ATTR,fields)) { + new->attributes = old->attributes; + SET_FIELD(KADM_ATTR, new->fields); + } + if (IS_FIELD(KADM_MAXLIFE,fields)) { + new->max_life = old->max_life; + SET_FIELD(KADM_MAXLIFE, new->fields); + } + if (IS_FIELD(KADM_DESKEY,fields)) { + new->key_low = old->key_low; + new->key_high = old->key_high; + SET_FIELD(KADM_DESKEY, new->fields); + } +} + +void +kadm_vals_to_prin(u_char *fields, Principal *new, Kadm_vals *old) +{ + + memset(new, 0, sizeof(*new)); + if (IS_FIELD(KADM_NAME,fields)) + strncpy(new->name, old->name, ANAME_SZ); + if (IS_FIELD(KADM_INST,fields)) + strncpy(new->instance, old->instance, INST_SZ); + if (IS_FIELD(KADM_EXPDATE,fields)) + new->exp_date = old->exp_date; + if (IS_FIELD(KADM_ATTR,fields)) + new->attributes = old->attributes; + if (IS_FIELD(KADM_MAXLIFE,fields)) + new->max_life = old->max_life; + if (IS_FIELD(KADM_DESKEY,fields)) { + new->key_low = old->key_low; + new->key_high = old->key_high; + } +} diff --git a/crypto/kerberosIV/lib/kafs/Makefile.in b/crypto/kerberosIV/lib/kafs/Makefile.in new file mode 100644 index 0000000..e9c9121 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/Makefile.in @@ -0,0 +1,90 @@ +# +# $Id: Makefile.in,v 1.30 1997/05/06 03:47:35 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ -DLIBDIR='"$(libdir)"' +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)kafs +LIBEXT = @LIBEXT@ +SHLIBEXT = @SHLIBEXT@ +LIBPREFIX = @LIBPREFIX@ +LDSHARED = @LDSHARED@ +AFS_EXTRA_LIBS = @AFS_EXTRA_LIBS@ +LIB = $(LIBNAME).$(LIBEXT) $(AFS_EXTRA_LIBS) + +SOURCES = afssys.c afskrb.c afslib.c + +OBJECTS = afssys.o afskrb.o + +all: $(LIB) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) *.o *.a + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) @AFS_EXTRA_OBJS@ + rm -f $@ + $(AR) cr $@ $(OBJECTS) @AFS_EXTRA_OBJS@ + -$(RANLIB) $@ + + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) + +# AIX: this almost works with gcc, but somehow it fails to use the +# correct ld, use ld instead +afslib.so: afslib.o + ld -o $@ -bM:SRE -bI:$(srcdir)/afsl.exp -bE:$(srcdir)/afslib.exp -bnoentry afslib.o + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/lib/kafs/afskrb.c b/crypto/kerberosIV/lib/kafs/afskrb.c new file mode 100644 index 0000000..d979ac5 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afskrb.c @@ -0,0 +1,373 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kafs_locl.h" + +RCSID("$Id: afskrb.c,v 1.6 1997/05/26 17:38:24 bg Exp $"); + +#define AUTH_SUPERUSER "afs" + +/* + * Here only ASCII characters are relevant. + */ + +#define IsAsciiLower(c) ('a' <= (c) && (c) <= 'z') + +#define ToAsciiUpper(c) ((c) - 'a' + 'A') + +static void +foldup(char *a, const char *b) +{ + for (; *b; a++, b++) + if (IsAsciiLower(*b)) + *a = ToAsciiUpper(*b); + else + *a = *b; + *a = '\0'; +} + +static int +get_cred(const char *princ, const char *inst, const char *krealm, + CREDENTIALS *c, KTEXT_ST *tkt) +{ + int k_errno = krb_get_cred((char*)princ, (char*)inst, (char*)krealm, c); + + if (k_errno != KSUCCESS) + { + k_errno = krb_mk_req(tkt, (char*)princ, (char*)inst, (char*)krealm, 0); + if (k_errno == KSUCCESS) + k_errno = krb_get_cred((char*)princ, (char*)inst, (char*)krealm, c); + } + return k_errno; +} + + +/* Convert a string to a 32 bit ip number in network byte order. + Return 0 on error + */ + +static u_int32_t +ip_aton(char *ip) +{ + u_int32_t addr; + unsigned int a, b, c, d; + + if(sscanf(ip, "%u.%u.%u.%u", &a, &b, &c, &d) != 4) + return 0; + if((a | b | c | d) > 255) + return 0; + addr = (a << 24) | (b << 16) | (c << 8) | d; + addr = htonl(addr); + return addr; +} + +/* Try to get a db-server for an AFS cell from a AFSDB record */ + +static int +dns_find_cell(const char *cell, char *dbserver) +{ + struct dns_reply *r; + int ok = -1; + r = dns_lookup(cell, "afsdb"); + if(r){ + struct resource_record *rr = r->head; + while(rr){ + if(rr->type == T_AFSDB && rr->u.afsdb->preference == 1){ + strncpy(dbserver, rr->u.afsdb->domain, MaxHostNameLen); + dbserver[MaxHostNameLen - 1] = 0; + ok = 0; + break; + } + rr = rr->next; + } + dns_free_data(r); + } + return ok; +} + + +/* Find the realm associated with cell. Do this by opening + /usr/vice/etc/CellServDB and getting the realm-of-host for the + first VL-server for the cell. + + This does not work when the VL-server is living in one cell, but + the cell it is serving is living in another cell. + */ + +static char* +realm_of_cell(const char *cell) +{ + FILE *F; + char buf[1024]; + u_int32_t addr; + struct hostent *hp; + char *realm = NULL; + + if((F = fopen(_PATH_CELLSERVDB, "r"))){ + while(fgets(buf, sizeof(buf), F)){ + if(buf[0] != '>') + continue; + if(strncmp(buf + 1, cell, strlen(cell)) == 0){ + if(fgets(buf, sizeof(buf), F) == NULL) + break; + addr = ip_aton(buf); + if(addr == 0) + break; + hp = gethostbyaddr((char*)&addr, 4, AF_INET); + if(hp == NULL) + break; + strncpy (buf, hp->h_name, sizeof(buf)); + buf[sizeof(buf) - 1] = '\0'; + realm = krb_realmofhost(buf); + break; + } + } + fclose(F); + } + if(realm == NULL){ + if(dns_find_cell(cell, buf) == 0) + realm = krb_realmofhost(buf); + } + return realm; +} + +/* + * Get tokens for all cells[] + */ +static int +k_afslog_cells(char *cells[], int max, const char *krealm, uid_t uid) +{ + int err = KSUCCESS; + int i; + for(i = 0; i < max; i++) + err = k_afsklog_uid(cells[i], krealm, uid); + return err; +} + +/* + * Try to find the cells we should try to klog to in "file". + */ +static void +k_find_cells(char *file, char *cells[], int size, int *index) +{ + FILE *f; + char cell[64]; + int i; + f = fopen(file, "r"); + if (f == NULL) + return; + while (*index < size && fgets(cell, sizeof(cell), f)) { + char *nl = strchr(cell, '\n'); + if (nl) *nl = 0; + for(i = 0; i < *index; i++) + if(strcmp(cells[i], cell) == 0) + break; + if(i == *index) + cells[(*index)++] = strdup(cell); + } + fclose(f); +} + +static int +k_afsklog_all_local_cells(const char *krealm, uid_t uid) +{ + int err; + char *cells[32]; /* XXX */ + int num_cells = sizeof(cells) / sizeof(cells[0]); + int index = 0; + + char *p; + + if ((p = getenv("HOME"))) { + char home[MaxPathLen]; + + if (k_concat(home, sizeof(home), p, "/.TheseCells", NULL) == 0) + k_find_cells(home, cells, num_cells, &index); + } + k_find_cells(_PATH_THESECELLS, cells, num_cells, &index); + k_find_cells(_PATH_THISCELL, cells, num_cells, &index); + + err = k_afslog_cells(cells, index, krealm, uid); + while(index > 0) + free(cells[--index]); + return err; +} + +int +k_afsklog_uid(const char *cell, const char *krealm, uid_t uid) +{ + int k_errno; + CREDENTIALS c; + KTEXT_ST ticket; + char realm[REALM_SZ]; + char *vl_realm; /* realm of vl-server */ + char *lrealm; /* local realm */ + char CELL[64]; + + if (cell == 0 || cell[0] == 0) + return k_afsklog_all_local_cells (krealm, uid); + foldup(CELL, cell); + + k_errno = krb_get_lrealm(realm , 0); + if(k_errno == KSUCCESS && (krealm == NULL || strcmp(krealm, realm))) + lrealm = realm; + else + lrealm = NULL; + + /* We're about to find the the realm that holds the key for afs in + * the specified cell. The problem is that null-instance + * afs-principals are common and that hitting the wrong realm might + * yield the wrong afs key. The following assumptions were made. + * + * Any realm passed to us is preferred. + * + * If there is a realm with the same name as the cell, it is most + * likely the correct realm to talk to. + * + * In most (maybe even all) cases the database servers of the cell + * will live in the realm we are looking for. + * + * Try the local realm, but if the previous cases fail, this is + * really a long shot. + * + */ + + /* comments on the ordering of these tests */ + + /* If the user passes a realm, she probably knows something we don't + * know and we should try afs@krealm (otherwise we're talking with a + * blondino and she might as well have it.) + */ + + k_errno = -1; + if(krealm){ + k_errno = get_cred(AUTH_SUPERUSER, cell, krealm, &c, &ticket); + if(k_errno) + k_errno = get_cred(AUTH_SUPERUSER, "", krealm, &c, &ticket); + } + + if(k_errno) + k_errno = get_cred(AUTH_SUPERUSER, cell, CELL, &c, &ticket); + if(k_errno) + k_errno = get_cred(AUTH_SUPERUSER, "", CELL, &c, &ticket); + + /* this might work in some conditions */ + if(k_errno && (vl_realm = realm_of_cell(cell))){ + k_errno = get_cred(AUTH_SUPERUSER, cell, vl_realm, &c, &ticket); + if(k_errno) + k_errno = get_cred(AUTH_SUPERUSER, "", vl_realm, &c, &ticket); + } + + if(k_errno && lrealm){ + k_errno = get_cred(AUTH_SUPERUSER, cell, lrealm, &c, &ticket); +#if 0 + /* this is most likely never right anyway, but won't fail */ + if(k_errno) + k_errno = get_cred(AUTH_SUPERUSER, "", lrealm, &c, &ticket); +#endif + } + + if (k_errno == KSUCCESS) + { + struct ViceIoctl parms; + struct ClearToken ct; + int32_t sizeof_x; + char buf[2048], *t; + + /* + * Build a struct ClearToken + */ + ct.AuthHandle = c.kvno; + memcpy (ct.HandShakeKey, c.session, sizeof(c.session)); + ct.ViceId = uid; /* is this always valid? */ + ct.BeginTimestamp = 1 + c.issue_date; + ct.EndTimestamp = krb_life_to_time(c.issue_date, c.lifetime); + +#define ODD(x) ((x) & 1) + /* If we don't know the numerical ID lifetime should be even? */ + if (uid == 0 && ODD(ct.EndTimestamp - ct.BeginTimestamp)) + ct.BeginTimestamp--; + + t = buf; + /* + * length of secret token followed by secret token + */ + sizeof_x = c.ticket_st.length; + memcpy(t, &sizeof_x, sizeof(sizeof_x)); + t += sizeof(sizeof_x); + memcpy(t, c.ticket_st.dat, sizeof_x); + t += sizeof_x; + /* + * length of clear token followed by clear token + */ + sizeof_x = sizeof(ct); + memcpy(t, &sizeof_x, sizeof(sizeof_x)); + t += sizeof(sizeof_x); + memcpy(t, &ct, sizeof_x); + t += sizeof_x; + + /* + * do *not* mark as primary cell + */ + sizeof_x = 0; + memcpy(t, &sizeof_x, sizeof(sizeof_x)); + t += sizeof(sizeof_x); + /* + * follow with cell name + */ + sizeof_x = strlen(cell) + 1; + memcpy(t, cell, sizeof_x); + t += sizeof_x; + + /* + * Build argument block + */ + parms.in = buf; + parms.in_size = t - buf; + parms.out = 0; + parms.out_size = 0; + k_pioctl(0, VIOCSETTOK, &parms, 0); + } + return k_errno; +} + +int +k_afsklog(const char *cell, const char *krealm) +{ + return k_afsklog_uid (cell, krealm, getuid()); +} diff --git a/crypto/kerberosIV/lib/kafs/afsl.exp b/crypto/kerberosIV/lib/kafs/afsl.exp new file mode 100644 index 0000000..4d2b00e --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afsl.exp @@ -0,0 +1,6 @@ +#!/unix + +* This mumbo jumbo creates entry points to syscalls in _AIX + +lpioctl syscall +lsetpag syscall diff --git a/crypto/kerberosIV/lib/kafs/afslib.c b/crypto/kerberosIV/lib/kafs/afslib.c new file mode 100644 index 0000000..12779bc --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afslib.c @@ -0,0 +1,60 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * This file is only used with AIX + */ + +#include "kafs_locl.h" + +RCSID("$Id: afslib.c,v 1.5 1997/04/20 13:21:15 joda Exp $"); + +int +aix_pioctl(char *a_path, + int o_opcode, + struct ViceIoctl *a_paramsP, + int a_followSymlinks) +{ + return lpioctl(a_path, o_opcode, a_paramsP, a_followSymlinks); +} + +int +aix_setpag(void) +{ + return lsetpag(); +} diff --git a/crypto/kerberosIV/lib/kafs/afslib.exp b/crypto/kerberosIV/lib/kafs/afslib.exp new file mode 100644 index 0000000..f288717 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afslib.exp @@ -0,0 +1,3 @@ +#! +aix_pioctl +aix_setpag diff --git a/crypto/kerberosIV/lib/kafs/afssys.c b/crypto/kerberosIV/lib/kafs/afssys.c new file mode 100644 index 0000000..741225c --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afssys.c @@ -0,0 +1,293 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kafs_locl.h" + +RCSID("$Id: afssys.c,v 1.53 1997/05/04 02:30:41 assar Exp $"); + +/* Magic to get AIX syscalls to work */ +#ifdef _AIX + +static int (*Pioctl)(char*, int, void*, int); +static int (*Setpag)(void); + +#include "dlfcn.h" + +static int +isSuid() +{ + int uid = getuid(); + int gid = getgid(); + int euid = getegid(); + int egid = getegid(); + return (uid != euid) || (gid != egid); +} + +static int +aix_setup(void) +{ +#ifdef STATIC_AFS_SYSCALLS + Pioctl = aix_pioctl; + Setpag = aix_setpag; +#else + void *ptr; + char path[MaxPathLen], *p; + /* + * If we are root or running setuid don't trust AFSLIBPATH! + */ + if (getuid() != 0 && !isSuid() && (p = getenv("AFSLIBPATH")) != NULL) + strcpy(path, p); + else + snprintf(path, sizeof(path), "%s/afslib.so", LIBDIR); + + ptr = dlopen(path, 0); + if(ptr){ + Setpag = (int (*)(void))dlsym(ptr, "aix_setpag"); + Pioctl = (int (*)(char*, int, void*, int))dlsym(ptr, "aix_pioctl"); + } +#endif +} +#endif /* _AIX */ + +#define NO_ENTRY_POINT 0 +#define SINGLE_ENTRY_POINT 1 +#define MULTIPLE_ENTRY_POINT 2 +#define SINGLE_ENTRY_POINT2 3 +#define SINGLE_ENTRY_POINT3 4 +#define AIX_ENTRY_POINTS 5 +#define UNKNOWN_ENTRY_POINT 6 +static int afs_entry_point = UNKNOWN_ENTRY_POINT; +static int afs_syscalls[2]; + + +int +k_pioctl(char *a_path, + int o_opcode, + struct ViceIoctl *a_paramsP, + int a_followSymlinks) +{ +#ifndef NO_AFS + switch(afs_entry_point){ +#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3) + case SINGLE_ENTRY_POINT: + case SINGLE_ENTRY_POINT2: + case SINGLE_ENTRY_POINT3: + return syscall(afs_syscalls[0], AFSCALL_PIOCTL, + a_path, o_opcode, a_paramsP, a_followSymlinks); +#endif +#if defined(AFS_PIOCTL) + case MULTIPLE_ENTRY_POINT: + return syscall(afs_syscalls[0], + a_path, o_opcode, a_paramsP, a_followSymlinks); +#endif +#ifdef _AIX + case AIX_ENTRY_POINTS: + return Pioctl(a_path, o_opcode, a_paramsP, a_followSymlinks); +#endif + } + + errno = ENOSYS; +#ifdef SIGSYS + kill(getpid(), SIGSYS); /* You loose! */ +#endif +#endif /* NO_AFS */ + return -1; +} + +int +k_afs_cell_of_file(const char *path, char *cell, int len) +{ + struct ViceIoctl parms; + parms.in = NULL; + parms.in_size = 0; + parms.out = cell; + parms.out_size = len; + return k_pioctl((char*)path, VIOC_FILE_CELL_NAME, &parms, 1); +} + +int +k_unlog(void) +{ + struct ViceIoctl parms; + memset(&parms, 0, sizeof(parms)); + return k_pioctl(0, VIOCUNLOG, &parms, 0); +} + +int +k_setpag(void) +{ +#ifndef NO_AFS + switch(afs_entry_point){ +#if defined(AFS_SYSCALL) || defined(AFS_SYSCALL2) || defined(AFS_SYSCALL3) + case SINGLE_ENTRY_POINT: + case SINGLE_ENTRY_POINT2: + case SINGLE_ENTRY_POINT3: + return syscall(afs_syscalls[0], AFSCALL_SETPAG); +#endif +#if defined(AFS_PIOCTL) + case MULTIPLE_ENTRY_POINT: + return syscall(afs_syscalls[1]); +#endif +#ifdef _AIX + case AIX_ENTRY_POINTS: + return Setpag(); +#endif + } + + errno = ENOSYS; +#ifdef SIGSYS + kill(getpid(), SIGSYS); /* You loose! */ +#endif +#endif /* NO_AFS */ + return -1; +} + +static jmp_buf catch_SIGSYS; + +#ifdef SIGSYS + +static RETSIGTYPE +SIGSYS_handler(int sig) +{ + errno = 0; + signal(SIGSYS, SIGSYS_handler); /* Need to reinstall handler on SYSV */ + longjmp(catch_SIGSYS, 1); +} + +#endif + +int +k_hasafs(void) +{ + int saved_errno; + RETSIGTYPE (*saved_func)(); + struct ViceIoctl parms; + + /* + * Already checked presence of AFS syscalls? + */ + if (afs_entry_point != UNKNOWN_ENTRY_POINT) + return afs_entry_point != NO_ENTRY_POINT; + + /* + * Probe kernel for AFS specific syscalls, + * they (currently) come in two flavors. + * If the syscall is absent we recive a SIGSYS. + */ + afs_entry_point = NO_ENTRY_POINT; + memset(&parms, 0, sizeof(parms)); + + saved_errno = errno; +#ifndef NO_AFS +#ifdef SIGSYS + saved_func = signal(SIGSYS, SIGSYS_handler); +#endif + +#ifdef AFS_SYSCALL + if (setjmp(catch_SIGSYS) == 0) + { + syscall(AFS_SYSCALL, AFSCALL_PIOCTL, + 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + if (errno == EINVAL) + { + afs_entry_point = SINGLE_ENTRY_POINT; + afs_syscalls[0] = AFS_SYSCALL; + goto done; + } + } +#endif /* AFS_SYSCALL */ + +#ifdef AFS_PIOCTL + if (setjmp(catch_SIGSYS) == 0) + { + syscall(AFS_PIOCTL, + 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + if (errno == EINVAL) + { + afs_entry_point = MULTIPLE_ENTRY_POINT; + afs_syscalls[0] = AFS_PIOCTL; + afs_syscalls[1] = AFS_SETPAG; + goto done; + } + } +#endif /* AFS_PIOCTL */ + +#ifdef AFS_SYSCALL2 + if (setjmp(catch_SIGSYS) == 0) + { + syscall(AFS_SYSCALL2, AFSCALL_PIOCTL, + 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + if (errno == EINVAL) + { + afs_entry_point = SINGLE_ENTRY_POINT2; + afs_syscalls[0] = AFS_SYSCALL2; + goto done; + } + } +#endif /* AFS_SYSCALL */ + +#ifdef AFS_SYSCALL3 + if (setjmp(catch_SIGSYS) == 0) + { + syscall(AFS_SYSCALL3, AFSCALL_PIOCTL, + 0, VIOCSETTOK, &parms, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0); + if (errno == EINVAL) + { + afs_entry_point = SINGLE_ENTRY_POINT3; + afs_syscalls[0] = AFS_SYSCALL3; + goto done; + } + } +#endif /* AFS_SYSCALL */ + +#ifdef _AIX + aix_setup(); + if(Pioctl != NULL && Setpag != NULL){ + afs_entry_point = AIX_ENTRY_POINTS; + goto done; + } +#endif + +done: +#ifdef SIGSYS + signal(SIGSYS, saved_func); +#endif +#endif /* NO_AFS */ + errno = saved_errno; + return afs_entry_point != NO_ENTRY_POINT; +} diff --git a/crypto/kerberosIV/lib/kafs/afssysdefs.h b/crypto/kerberosIV/lib/kafs/afssysdefs.h new file mode 100644 index 0000000..028f9b3 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/afssysdefs.h @@ -0,0 +1,87 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: afssysdefs.h,v 1.15 1997/04/01 08:18:12 joda Exp $ */ + +/* + * This section is for machines using single entry point AFS syscalls! + * and/or + * This section is for machines using multiple entry point AFS syscalls! + * + * SunOS 4 is an example of single entry point and sgi of multiple + * entry point syscalls. + */ + +#if SunOS == 4 +#define AFS_SYSCALL 31 +#endif + +#if SunOS == 5 +#define AFS_SYSCALL 105 +#endif + +#if defined(__hpux) +#define AFS_SYSCALL 50 +#define AFS_SYSCALL2 49 +#endif + +#if defined(_AIX) +/* _AIX is too weird */ +#endif + +#if defined(__sgi) +#define AFS_PIOCTL (64+1000) +#define AFS_SETPAG (65+1000) +#endif + +#if defined(__osf__) +#define AFS_SYSCALL 232 +#define AFS_SYSCALL2 258 +#endif + +#if defined(__ultrix) +#define AFS_SYSCALL 31 +#endif + +#if defined(__NetBSD__) +#define AFS_SYSCALL 210 +#endif + +#ifdef SYS_afs_syscall +#define AFS_SYSCALL3 SYS_afs_syscall +#endif diff --git a/crypto/kerberosIV/lib/kafs/dlfcn.c b/crypto/kerberosIV/lib/kafs/dlfcn.c new file mode 100644 index 0000000..3f4de92 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/dlfcn.c @@ -0,0 +1,570 @@ +/* + * @(#)dlfcn.c 1.11 revision of 96/04/10 20:12:51 + * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH + * 30159 Hannover, Germany + */ + +/* + * Changes marked with `--jwe' were made on April 7 1996 by John W. Eaton + * <jwe@bevo.che.wisc.edu> to support g++ and/or use with Octave. + */ + +/* + * This makes my life easier with Octave. --jwe + */ +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <errno.h> +#include <string.h> +#include <stdlib.h> +#include <sys/types.h> +#include <sys/ldr.h> +#include <a.out.h> +#include <ldfcn.h> +#include "dlfcn.h" + +/* + * We simulate dlopen() et al. through a call to load. Because AIX has + * no call to find an exported symbol we read the loader section of the + * loaded module and build a list of exported symbols and their virtual + * address. + */ + +typedef struct { + char *name; /* the symbols's name */ + void *addr; /* its relocated virtual address */ +} Export, *ExportPtr; + +/* + * xlC uses the following structure to list its constructors and + * destructors. This is gleaned from the output of munch. + */ +typedef struct { + void (*init)(void); /* call static constructors */ + void (*term)(void); /* call static destructors */ +} Cdtor, *CdtorPtr; + +typedef void (*GccCDtorPtr)(void); + +/* + * The void * handle returned from dlopen is actually a ModulePtr. + */ +typedef struct Module { + struct Module *next; + char *name; /* module name for refcounting */ + int refCnt; /* the number of references */ + void *entry; /* entry point from load */ + struct dl_info *info; /* optional init/terminate functions */ + CdtorPtr cdtors; /* optional C++ constructors */ + GccCDtorPtr gcc_ctor; /* g++ constructors --jwe */ + GccCDtorPtr gcc_dtor; /* g++ destructors --jwe */ + int nExports; /* the number of exports found */ + ExportPtr exports; /* the array of exports */ +} Module, *ModulePtr; + +/* + * We keep a list of all loaded modules to be able to call the fini + * handlers and destructors at atexit() time. + */ +static ModulePtr modList; + +/* + * The last error from one of the dl* routines is kept in static + * variables here. Each error is returned only once to the caller. + */ +static char errbuf[BUFSIZ]; +static int errvalid; + +/* + * The `fixed' gcc header files on AIX 3.2.5 provide a prototype for + * strdup(). --jwe + */ +#ifndef HAVE_STRDUP +extern char *strdup(const char *); +#endif +static void caterr(char *); +static int readExports(ModulePtr); +static void terminate(void); +static void *findMain(void); + +void *dlopen(const char *path, int mode) +{ + ModulePtr mp; + static void *mainModule; + + /* + * Upon the first call register a terminate handler that will + * close all libraries. Also get a reference to the main module + * for use with loadbind. + */ + if (!mainModule) { + if ((mainModule = findMain()) == NULL) + return NULL; + atexit(terminate); + } + /* + * Scan the list of modules if we have the module already loaded. + */ + for (mp = modList; mp; mp = mp->next) + if (strcmp(mp->name, path) == 0) { + mp->refCnt++; + return mp; + } + if ((mp = (ModulePtr)calloc(1, sizeof(*mp))) == NULL) { + errvalid++; + strcpy(errbuf, "calloc: "); + strcat(errbuf, strerror(errno)); + return NULL; + } + if ((mp->name = strdup(path)) == NULL) { + errvalid++; + strcpy(errbuf, "strdup: "); + strcat(errbuf, strerror(errno)); + free(mp); + return NULL; + } + /* + * load should be declared load(const char *...). Thus we + * cast the path to a normal char *. Ugly. + */ + if ((mp->entry = (void *)load((char *)path, L_NOAUTODEFER, NULL)) == NULL) { + free(mp->name); + free(mp); + errvalid++; + strcpy(errbuf, "dlopen: "); + strcat(errbuf, path); + strcat(errbuf, ": "); + /* + * If AIX says the file is not executable, the error + * can be further described by querying the loader about + * the last error. + */ + if (errno == ENOEXEC) { + char *tmp[BUFSIZ/sizeof(char *)]; + if (loadquery(L_GETMESSAGES, tmp, sizeof(tmp)) == -1) + strcpy(errbuf, strerror(errno)); + else { + char **p; + for (p = tmp; *p; p++) + caterr(*p); + } + } else + strcat(errbuf, strerror(errno)); + return NULL; + } + mp->refCnt = 1; + mp->next = modList; + modList = mp; + if (loadbind(0, mainModule, mp->entry) == -1) { + dlclose(mp); + errvalid++; + strcpy(errbuf, "loadbind: "); + strcat(errbuf, strerror(errno)); + return NULL; + } + /* + * If the user wants global binding, loadbind against all other + * loaded modules. + */ + if (mode & RTLD_GLOBAL) { + ModulePtr mp1; + for (mp1 = mp->next; mp1; mp1 = mp1->next) + if (loadbind(0, mp1->entry, mp->entry) == -1) { + dlclose(mp); + errvalid++; + strcpy(errbuf, "loadbind: "); + strcat(errbuf, strerror(errno)); + return NULL; + } + } + if (readExports(mp) == -1) { + dlclose(mp); + return NULL; + } + /* + * If there is a dl_info structure, call the init function. + */ + if (mp->info = (struct dl_info *)dlsym(mp, "dl_info")) { + if (mp->info->init) + (*mp->info->init)(); + } else + errvalid = 0; + /* + * If the shared object was compiled using xlC we will need + * to call static constructors (and later on dlclose destructors). + */ + if (mp->cdtors = (CdtorPtr)dlsym(mp, "__cdtors")) { + CdtorPtr cp = mp->cdtors; + while (cp->init || cp->term) { + if (cp->init && cp->init != (void (*)(void))0xffffffff) + (*cp->init)(); + cp++; + } + /* + * If the shared object was compiled using g++, we will need + * to call global constructors using the _GLOBAL__DI function, + * and later, global destructors using the _GLOBAL_DD + * funciton. --jwe + */ + } else if (mp->gcc_ctor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DI")) { + (*mp->gcc_ctor)(); + mp->gcc_dtor = (GccCDtorPtr)dlsym(mp, "_GLOBAL__DD"); + } else + errvalid = 0; + return mp; +} + +/* + * Attempt to decipher an AIX loader error message and append it + * to our static error message buffer. + */ +static void caterr(char *s) +{ + char *p = s; + + while (*p >= '0' && *p <= '9') + p++; + switch(atoi(s)) { + case L_ERROR_TOOMANY: + strcat(errbuf, "to many errors"); + break; + case L_ERROR_NOLIB: + strcat(errbuf, "can't load library"); + strcat(errbuf, p); + break; + case L_ERROR_UNDEF: + strcat(errbuf, "can't find symbol"); + strcat(errbuf, p); + break; + case L_ERROR_RLDBAD: + strcat(errbuf, "bad RLD"); + strcat(errbuf, p); + break; + case L_ERROR_FORMAT: + strcat(errbuf, "bad exec format in"); + strcat(errbuf, p); + break; + case L_ERROR_ERRNO: + strcat(errbuf, strerror(atoi(++p))); + break; + default: + strcat(errbuf, s); + break; + } +} + +void *dlsym(void *handle, const char *symbol) +{ + ModulePtr mp = (ModulePtr)handle; + ExportPtr ep; + int i; + + /* + * Could speed up the search, but I assume that one assigns + * the result to function pointers anyways. + */ + for (ep = mp->exports, i = mp->nExports; i; i--, ep++) + if (strcmp(ep->name, symbol) == 0) + return ep->addr; + errvalid++; + strcpy(errbuf, "dlsym: undefined symbol "); + strcat(errbuf, symbol); + return NULL; +} + +char *dlerror(void) +{ + if (errvalid) { + errvalid = 0; + return errbuf; + } + return NULL; +} + +int dlclose(void *handle) +{ + ModulePtr mp = (ModulePtr)handle; + int result; + ModulePtr mp1; + + if (--mp->refCnt > 0) + return 0; + if (mp->info && mp->info->fini) + (*mp->info->fini)(); + if (mp->cdtors) { + CdtorPtr cp = mp->cdtors; + while (cp->init || cp->term) { + if (cp->term && cp->init != (void (*)(void))0xffffffff) + (*cp->term)(); + cp++; + } + /* + * If the function to handle global destructors for g++ + * exists, call it. --jwe + */ + } else if (mp->gcc_dtor) { + (*mp->gcc_dtor)(); + } + result = unload(mp->entry); + if (result == -1) { + errvalid++; + strcpy(errbuf, strerror(errno)); + } + if (mp->exports) { + ExportPtr ep; + int i; + for (ep = mp->exports, i = mp->nExports; i; i--, ep++) + if (ep->name) + free(ep->name); + free(mp->exports); + } + if (mp == modList) + modList = mp->next; + else { + for (mp1 = modList; mp1; mp1 = mp1->next) + if (mp1->next == mp) { + mp1->next = mp->next; + break; + } + } + free(mp->name); + free(mp); + return result; +} + +static void terminate(void) +{ + while (modList) + dlclose(modList); +} + +/* + * Build the export table from the XCOFF .loader section. + */ +static int readExports(ModulePtr mp) +{ + LDFILE *ldp = NULL; + SCNHDR sh, shdata; + LDHDR *lhp; + char *ldbuf; + LDSYM *ls; + int i; + ExportPtr ep; + + if ((ldp = ldopen(mp->name, ldp)) == NULL) { + struct ld_info *lp; + char *buf; + int size = 4*1024; + if (errno != ENOENT) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + return -1; + } + /* + * The module might be loaded due to the LIBPATH + * environment variable. Search for the loaded + * module using L_GETINFO. + */ + if ((buf = malloc(size)) == NULL) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + return -1; + } + while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) { + free(buf); + size += 4*1024; + if ((buf = malloc(size)) == NULL) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + return -1; + } + } + if (i == -1) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + free(buf); + return -1; + } + /* + * Traverse the list of loaded modules. The entry point + * returned by load() does actually point to the data + * segment origin. + */ + lp = (struct ld_info *)buf; + while (lp) { + if (lp->ldinfo_dataorg == mp->entry) { + ldp = ldopen(lp->ldinfo_filename, ldp); + break; + } + if (lp->ldinfo_next == 0) + lp = NULL; + else + lp = (struct ld_info *)((char *)lp + lp->ldinfo_next); + } + free(buf); + if (!ldp) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + return -1; + } + } + if (TYPE(ldp) != U802TOCMAGIC) { + errvalid++; + strcpy(errbuf, "readExports: bad magic"); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + /* + * Get the padding for the data section. This is needed for + * AIX 4.1 compilers. This is used when building the final + * function pointer to the exported symbol. + */ + if (ldnshread(ldp, _DATA, &shdata) != SUCCESS) { + errvalid++; + strcpy(errbuf, "readExports: cannot read data section header"); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + if (ldnshread(ldp, _LOADER, &sh) != SUCCESS) { + errvalid++; + strcpy(errbuf, "readExports: cannot read loader section header"); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + /* + * We read the complete loader section in one chunk, this makes + * finding long symbol names residing in the string table easier. + */ + if ((ldbuf = (char *)malloc(sh.s_size)) == NULL) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + if (FSEEK(ldp, sh.s_scnptr, BEGINNING) != OKFSEEK) { + errvalid++; + strcpy(errbuf, "readExports: cannot seek to loader section"); + free(ldbuf); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + if (FREAD(ldbuf, sh.s_size, 1, ldp) != 1) { + errvalid++; + strcpy(errbuf, "readExports: cannot read loader section"); + free(ldbuf); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + lhp = (LDHDR *)ldbuf; + ls = (LDSYM *)(ldbuf+LDHDRSZ); + /* + * Count the number of exports to include in our export table. + */ + for (i = lhp->l_nsyms; i; i--, ls++) { + if (!LDR_EXPORT(*ls)) + continue; + mp->nExports++; + } + if ((mp->exports = (ExportPtr)calloc(mp->nExports, sizeof(*mp->exports))) == NULL) { + errvalid++; + strcpy(errbuf, "readExports: "); + strcat(errbuf, strerror(errno)); + free(ldbuf); + while(ldclose(ldp) == FAILURE) + ; + return -1; + } + /* + * Fill in the export table. All entries are relative to + * the entry point we got from load. + */ + ep = mp->exports; + ls = (LDSYM *)(ldbuf+LDHDRSZ); + for (i = lhp->l_nsyms; i; i--, ls++) { + char *symname; + char tmpsym[SYMNMLEN+1]; + if (!LDR_EXPORT(*ls)) + continue; + if (ls->l_zeroes == 0) + symname = ls->l_offset+lhp->l_stoff+ldbuf; + else { + /* + * The l_name member is not zero terminated, we + * must copy the first SYMNMLEN chars and make + * sure we have a zero byte at the end. + */ + strncpy(tmpsym, ls->l_name, SYMNMLEN); + tmpsym[SYMNMLEN] = '\0'; + symname = tmpsym; + } + ep->name = strdup(symname); + ep->addr = (void *)((unsigned long)mp->entry + + ls->l_value - shdata.s_vaddr); + ep++; + } + free(ldbuf); + while(ldclose(ldp) == FAILURE) + ; + return 0; +} + +/* + * Find the main modules entry point. This is used as export pointer + * for loadbind() to be able to resolve references to the main part. + */ +static void * findMain(void) +{ + struct ld_info *lp; + char *buf; + int size = 4*1024; + int i; + void *ret; + + if ((buf = malloc(size)) == NULL) { + errvalid++; + strcpy(errbuf, "findMain: "); + strcat(errbuf, strerror(errno)); + return NULL; + } + while ((i = loadquery(L_GETINFO, buf, size)) == -1 && errno == ENOMEM) { + free(buf); + size += 4*1024; + if ((buf = malloc(size)) == NULL) { + errvalid++; + strcpy(errbuf, "findMain: "); + strcat(errbuf, strerror(errno)); + return NULL; + } + } + if (i == -1) { + errvalid++; + strcpy(errbuf, "findMain: "); + strcat(errbuf, strerror(errno)); + free(buf); + return NULL; + } + /* + * The first entry is the main module. The entry point + * returned by load() does actually point to the data + * segment origin. + */ + lp = (struct ld_info *)buf; + ret = lp->ldinfo_dataorg; + free(buf); + return ret; +} diff --git a/crypto/kerberosIV/lib/kafs/dlfcn.h b/crypto/kerberosIV/lib/kafs/dlfcn.h new file mode 100644 index 0000000..5671e9c --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/dlfcn.h @@ -0,0 +1,46 @@ +/* + * @(#)dlfcn.h 1.4 revision of 95/04/25 09:36:52 + * This is an unpublished work copyright (c) 1992 HELIOS Software GmbH + * 30159 Hannover, Germany + */ + +#ifndef __dlfcn_h__ +#define __dlfcn_h__ + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * Mode flags for the dlopen routine. + */ +#define RTLD_LAZY 1 /* lazy function call binding */ +#define RTLD_NOW 2 /* immediate function call binding */ +#define RTLD_GLOBAL 0x100 /* allow symbols to be global */ + +/* + * To be able to intialize, a library may provide a dl_info structure + * that contains functions to be called to initialize and terminate. + */ +struct dl_info { + void (*init)(void); + void (*fini)(void); +}; + +#if __STDC__ || defined(_IBMR2) +void *dlopen(const char *path, int mode); +void *dlsym(void *handle, const char *symbol); +char *dlerror(void); +int dlclose(void *handle); +#else +void *dlopen(); +void *dlsym(); +char *dlerror(); +int dlclose(); +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* __dlfcn_h__ */ diff --git a/crypto/kerberosIV/lib/kafs/kafs.h b/crypto/kerberosIV/lib/kafs/kafs.h new file mode 100644 index 0000000..b3c53b5 --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/kafs.h @@ -0,0 +1,100 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kafs.h,v 1.19 1997/05/14 17:41:02 joda Exp $ */ + +#ifndef __KAFS_H +#define __KAFS_H + +#include <ktypes.h> +#include <sys/cdefs.h> +/* sys/ioctl.h must be included manually before kafs.h */ + +/* + */ +#define AFSCALL_PIOCTL 20 +#define AFSCALL_SETPAG 21 + +#ifndef _VICEIOCTL +#define _VICEIOCTL(id) ((unsigned int ) _IOW('V', id, struct ViceIoctl)) +#endif /* _VICEIOCTL */ + +#define VIOCSETTOK _VICEIOCTL(3) +#define VIOCGETTOK _VICEIOCTL(8) +#define VIOCUNLOG _VICEIOCTL(9) +#define VIOC_FILE_CELL_NAME _VICEIOCTL(30) + +struct ViceIoctl { + caddr_t in, out; + short in_size; + short out_size; +}; + +struct ClearToken { + int32_t AuthHandle; + char HandShakeKey[8]; + int32_t ViceId; + int32_t BeginTimestamp; + int32_t EndTimestamp; +}; + +#ifndef __P +#define __P(x) x +#endif + +/* Use k_hasafs() to probe if the machine supports AFS syscalls. + The other functions will generate a SIGSYS if AFS is not supported */ + +int k_hasafs __P((void)); + +int k_afsklog __P((const char *cell, const char *realm)); +int k_afsklog_uid __P((const char *cell, const char *realm, uid_t uid)); +int k_pioctl __P((char *a_path, + int o_opcode, + struct ViceIoctl *a_paramsP, + int a_followSymlinks)); +int k_unlog __P((void)); +int k_setpag __P((void)); +int k_afs_cell_of_file __P((const char *path, char *cell, int len)); + +#define _PATH_VICE "/usr/vice/etc/" +#define _PATH_THISCELL _PATH_VICE "ThisCell" +#define _PATH_CELLSERVDB _PATH_VICE "CellServDB" +#define _PATH_THESECELLS _PATH_VICE "TheseCells" + +#endif /* __KAFS_H */ diff --git a/crypto/kerberosIV/lib/kafs/kafs_locl.h b/crypto/kerberosIV/lib/kafs/kafs_locl.h new file mode 100644 index 0000000..6ada6ab --- /dev/null +++ b/crypto/kerberosIV/lib/kafs/kafs_locl.h @@ -0,0 +1,96 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kafs_locl.h,v 1.3 1997/05/04 23:04:44 assar Exp $ */ + +#ifndef __KAFS_LOCL_H__ +#define __KAFS_LOCL_H__ + +#include <config.h> +#include <protos.h> + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <signal.h> +#include <setjmp.h> +#include <errno.h> + +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include <sys/ioctl.h> +#endif +#ifdef HAVE_SYS_FILIO_H +#include <sys/filio.h> +#endif + +#ifdef HAVE_SYS_SYSCALL_H +#include <sys/syscall.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif + +#ifdef HAVE_ARPA_NAMESER_H +#include <arpa/nameser.h> +#endif +#ifdef HAVE_RESOLV_H +#include <resolv.h> +#endif +#include <roken.h> + +#include <krb.h> +#include <kafs.h> + +#include <resolve.h> + +#include "afssysdefs.h" + + +#endif /* __KAFS_LOCL_H__ */ diff --git a/crypto/kerberosIV/lib/kdb/Makefile.in b/crypto/kerberosIV/lib/kdb/Makefile.in new file mode 100644 index 0000000..f6fb962 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/Makefile.in @@ -0,0 +1,83 @@ +# +# $Id: Makefile.in,v 1.25 1997/05/06 03:47:39 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)kdb +LIBEXT = @LIBEXT@ +SHLIBEXT = @SHLIBEXT@ +LIBPREFIX = @LIBPREFIX@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) + +SOURCES = krb_cache.c krb_kdb_utils.c copykey.c krb_lib.c krb_dbm.c print_princ.c base64.c + +OBJECTS = krb_cache.o krb_kdb_utils.o copykey.o krb_lib.o krb_dbm.o print_princ.o base64.o + +all: $(LIB) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) *.o *.a + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) + rm -f $@ + $(AR) cr $@ $(OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/lib/kdb/base64.c b/crypto/kerberosIV/lib/kdb/base64.c new file mode 100644 index 0000000..d7e89c4 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/base64.c @@ -0,0 +1,150 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: base64.c,v 1.7 1997/04/01 08:18:16 joda Exp $"); +#endif + +#include <stdlib.h> +#include <ctype.h> +#include <string.h> +#include "base64.h" + +static char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +static int POS(char c) +{ + if(c == '=') return 64; + if(isupper(c)) + return c - 'A'; + if(islower(c)) + return c - 'a' + 26; + if(isdigit(c)) + return c - '0' + 52; + if(c == '+') + return 62; + if(c == '/') + return 63; + return -1; +} + +char *base64_encode(const void *buf, int size) +{ + char *str = (char*)malloc((size+3)*4/3+1); + char *p=str; + unsigned char *q = (unsigned char*)buf; + int i; + int c; + i=0; + while(i<size){ + c=q[i++]; + c*=256; + if(i<size) + c+=q[i]; + i++; + c*=256; + if(i<size) + c+=q[i]; + i++; + p[0]=base64[(c&0x00fc0000) >> 18]; + p[1]=base64[(c&0x0003f000) >> 12]; + p[2]=base64[(c&0x00000fc0) >> 6]; + p[3]=base64[(c&0x0000003f) >> 0]; + if(i>size) + p[3]='='; + if(i>size+1) + p[2]='='; + p+=4; + } + *p=0; + return str; +} + +/* convert string in s to binary data. s should be a multiple of 4 + * bytes long. data should be at least len(s) * 3 / 4 bytes long. + * returns + */ +int base64_decode(char *s, void *data) +{ + char *p; + unsigned char *q; + int n[4]; + + if(strlen(s) % 4) + return -1; + q=(unsigned char*)data; + for(p=s; *p; p+=4){ + n[0] = POS(p[0]); + n[1] = POS(p[1]); + n[2] = POS(p[2]); + n[3] = POS(p[3]); + if((n[0] | n[1] | n[2] | n[3]) < 0) + return -1; + + if(n[0] == 64 || n[1] == 64) + return -1; + if(n[2] == 64 && n[3] < 64) + return -1; + q[0] = (n[0] << 2) + (n[1] >> 4); + if(n[2] < 64){ + q[1] = ((n[1] & 15) << 4) + (n[2] >> 2); + } + if(n[3] < 64){ + q[2] = ((n[2] & 3) << 6) + n[3]; + } + q+=3; + } + q -= (n[2] == 64) + (n[3] == 64); + return q - (unsigned char*)data; +} + +#ifdef TEST +int main(int argc, char **argv) +{ + char str[128]; + char buf[128]; + char *p; + printf("base64_encode(\"%s\") = \"%s\"\n", argv[1], + p=base64_encode(argv[1], strlen(argv[1]))); + printf("base64_decode(\"%s\") = %d", p, base64_decode(p, buf)); + printf(" (\"%s\")\n", buf); + printf("base64_decode(\"%s\") = %d", argv[1], base64_decode(argv[1], buf)); + printf(" (\"%s\")\n", buf); +} +#endif diff --git a/crypto/kerberosIV/lib/kdb/base64.h b/crypto/kerberosIV/lib/kdb/base64.h new file mode 100644 index 0000000..edfb344 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/base64.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: base64.h,v 1.5 1997/04/01 08:18:16 joda Exp $ */ + +#ifndef _BASE64_H_ +#define _BASE64_H_ + +char *base64_encode(const void *buf, int size); +int base64_decode(char *s, void *data); + +#endif diff --git a/crypto/kerberosIV/lib/kdb/copykey.c b/crypto/kerberosIV/lib/kdb/copykey.c new file mode 100644 index 0000000..a78baf7 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/copykey.c @@ -0,0 +1,55 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kdb_locl.h" + +RCSID("$Id: copykey.c,v 1.10 1997/04/01 08:18:17 joda Exp $"); + +void +copy_from_key(des_cblock in, u_int32_t *lo, u_int32_t *hi) +{ + memcpy(lo, ((char *) in) + 0, 4); + memcpy(hi, ((char *) in) + 4, 4); +} + +void +copy_to_key(u_int32_t *lo, u_int32_t *hi, des_cblock out) +{ + memcpy(((char *)out) + 0, lo, 4); + memcpy(((char *)out) + 4, hi, 4); +} diff --git a/crypto/kerberosIV/lib/kdb/kdb_locl.h b/crypto/kerberosIV/lib/kdb/kdb_locl.h new file mode 100644 index 0000000..fe4d079 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/kdb_locl.h @@ -0,0 +1,98 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kdb_locl.h,v 1.9 1997/05/02 14:29:08 assar Exp $ */ + +#ifndef __kdb_locl_h +#define __kdb_locl_h + +#include "config.h" +#include "protos.h" + +#include "base64.h" + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <unistd.h> +#include <errno.h> + +#include <sys/types.h> + +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif + +#include <sys/stat.h> +#include <fcntl.h> +#include <utime.h> +#include <sys/file.h> +#include <roken.h> + +#include <krb.h> +#include <krb_db.h> + +/* --- */ + +/* Globals! */ + +/* Utils */ + +int kerb_db_set_lockmode __P((int)); +void kerb_db_fini __P((void)); +int kerb_db_init __P((void)); +int kerb_db_get_principal __P((char *name, char *, Principal *, unsigned int, int *)); +int kerb_db_get_dba __P((char *, char *, Dba *, unsigned int, int *)); + +void delta_stat __P((DB_stat *, DB_stat *, DB_stat *)); + +int kerb_cache_init __P((void)); +int kerb_cache_get_principal __P((char *name, char *, Principal *, unsigned int)); +int kerb_cache_put_principal __P((Principal *, unsigned int)); +int kerb_cache_get_dba __P((char *, char *, Dba *, unsigned int)); +int kerb_cache_put_dba __P((Dba *, unsigned int)); + +void krb_print_principal __P((Principal *)); + +#endif /* __kdb_locl_h */ diff --git a/crypto/kerberosIV/lib/kdb/kdc.h b/crypto/kerberosIV/lib/kdb/kdc.h new file mode 100644 index 0000000..f404d11 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/kdc.h @@ -0,0 +1,34 @@ +/* + * $Id: kdc.h,v 1.8 1997/04/01 03:59:05 assar Exp $ + * + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Include file for the Kerberos Key Distribution Center. + */ + +#ifndef KDC_DEFS +#define KDC_DEFS + +/* Don't depend on this! */ +#ifndef MKEYFILE +#if 0 +#define MKEYFILE "/var/kerberos/master-key" +#else +#define MKEYFILE "/.k" +#endif +#endif +#ifndef K_LOGFIL +#define K_LOGFIL "/var/log/kpropd.log" +#endif + +#define ONE_MINUTE 60 +#define FIVE_MINUTES (5 * ONE_MINUTE) +#define ONE_HOUR (60 * ONE_MINUTE) +#define ONE_DAY (24 * ONE_HOUR) +#define THREE_DAYS (3 * ONE_DAY) + +#endif /* KDC_DEFS */ + diff --git a/crypto/kerberosIV/lib/kdb/krb_cache.c b/crypto/kerberosIV/lib/kdb/krb_cache.c new file mode 100644 index 0000000..ed4a5b1 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/krb_cache.c @@ -0,0 +1,189 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * This is where a cache would be implemented, if it were necessary. + */ + +#include "kdb_locl.h" + +RCSID("$Id: krb_cache.c,v 1.6 1997/05/02 10:27:53 joda Exp $"); + +#ifdef DEBUG +extern int debug; +extern long kerb_debug; +#endif +static int init = 0; + +/* + * initialization routine for cache + */ + +int +kerb_cache_init(void) +{ + init = 1; + return (0); +} + +/* + * look up a principal in the cache returns number of principals found + */ + +int +kerb_cache_get_principal(char *serv, char *inst, Principal *principal, unsigned int max) + /* could have wild card */ + /* could have wild card */ + + /* max number of name structs to return */ + +{ + int found = 0; + + if (!init) + kerb_cache_init(); +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, "cache_get_principal for %s %s max = %d\n", + serv, inst, max); +#endif /* DEBUG */ + +#ifdef DEBUG + if (kerb_debug & 2) { + if (found) { + fprintf(stderr, "cache get %s %s found %s %s sid = %d\n", + serv, inst, principal->name, principal->instance); + } else { + fprintf(stderr, "cache %s %s not found\n", serv, + inst); + } + } +#endif + return (found); +} + +/* + * insert/replace a principal in the cache returns number of principals + * inserted + */ + +int +kerb_cache_put_principal(Principal *principal, unsigned int max) + + /* max number of principal structs to + * insert */ + +{ + u_long i; + int count = 0; + + if (!init) + kerb_cache_init(); + +#ifdef DEBUG + if (kerb_debug & 2) { + fprintf(stderr, "kerb_cache_put_principal max = %d", + max); + } +#endif + + for (i = 0; i < max; i++) { +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, "\n %s %s", + principal->name, principal->instance); +#endif + /* DO IT */ + count++; + principal++; + } + return count; +} + +/* + * look up a dba in the cache returns number of dbas found + */ + +int +kerb_cache_get_dba(char *serv, char *inst, Dba *dba, unsigned int max) + /* could have wild card */ + /* could have wild card */ + + /* max number of name structs to return */ + +{ + int found = 0; + + if (!init) + kerb_cache_init(); + +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, "cache_get_dba for %s %s max = %d\n", + serv, inst, max); +#endif + +#ifdef DEBUG + if (kerb_debug & 2) { + if (found) { + fprintf(stderr, "cache get %s %s found %s %s sid = %d\n", + serv, inst, dba->name, dba->instance); + } else { + fprintf(stderr, "cache %s %s not found\n", serv, inst); + } + } +#endif + return (found); +} + +/* + * insert/replace a dba in the cache returns number of dbas inserted + */ + +int +kerb_cache_put_dba(Dba *dba, unsigned int max) + + /* max number of dba structs to insert */ + +{ + u_long i; + int count = 0; + + if (!init) + kerb_cache_init(); +#ifdef DEBUG + if (kerb_debug & 2) { + fprintf(stderr, "kerb_cache_put_dba max = %d", max); + } +#endif + for (i = 0; i < max; i++) { +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, "\n %s %s", + dba->name, dba->instance); +#endif + /* DO IT */ + count++; + dba++; + } + return count; +} + diff --git a/crypto/kerberosIV/lib/kdb/krb_db.h b/crypto/kerberosIV/lib/kdb/krb_db.h new file mode 100644 index 0000000..1a08b83 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/krb_db.h @@ -0,0 +1,137 @@ +/* + * $Id: krb_db.h,v 1.15 1996/12/17 20:34:32 assar Exp $ + * + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * spm Project Athena 8/85 + * + * This file defines data structures for the kerberos + * authentication/authorization database. + * + * They MUST correspond to those defined in *.rel + */ + +#ifndef KRB_DB_DEFS +#define KRB_DB_DEFS + +#include <stdio.h> + +#define KERB_M_NAME "K" /* Kerberos */ +#define KERB_M_INST "M" /* Master */ +#define KERB_DEFAULT_NAME "default" +#define KERB_DEFAULT_INST "" +#ifndef DB_DIR +#define DB_DIR "/var/kerberos" +#endif +#ifndef DBM_FILE +#define DBM_FILE DB_DIR "/principal" +#endif + +/* this also defines the number of queue headers */ +#define KERB_DB_HASH_MODULO 64 + + +/* Arguments to kerb_dbl_lock() */ + +#define KERB_DBL_EXCLUSIVE 1 +#define KERB_DBL_SHARED 0 + +/* arguments to kerb_db_set_lockmode() */ + +#define KERB_DBL_BLOCKING 0 +#define KERB_DBL_NONBLOCKING 1 + +/* arguments to kdb_get_master_key */ + +#define KDB_GET_PROMPT 1 +#define KDB_GET_TWICE 2 + +/* Principal defines the structure of a principal's name */ + +typedef struct { + char name[ANAME_SZ]; + char instance[INST_SZ]; + + u_int32_t key_low; + u_int32_t key_high; + u_int32_t exp_date; + char exp_date_txt[DATE_SZ]; + u_int32_t mod_date; + char mod_date_txt[DATE_SZ]; + u_int16_t attributes; + u_int8_t max_life; + u_int8_t kdc_key_ver; + u_int8_t key_version; + + char mod_name[ANAME_SZ]; + char mod_instance[INST_SZ]; + char *old; /* cast to (Principal *); not in db, + * ptr to old vals */ +} Principal; + +typedef struct { + int32_t cpu; + int32_t elapsed; + int32_t dio; + int32_t pfault; + int32_t t_stamp; + int32_t n_retrieve; + int32_t n_replace; + int32_t n_append; + int32_t n_get_stat; + int32_t n_put_stat; +} DB_stat; + +/* Dba defines the structure of a database administrator */ + +typedef struct { + char name[ANAME_SZ]; + char instance[INST_SZ]; + u_int16_t attributes; + u_int32_t exp_date; + char exp_date_txt[DATE_SZ]; + char *old; /* + * cast to (Dba *); not in db, ptr to + * old vals + */ +} Dba; + +typedef int (*k_iter_proc_t)(void*, Principal*); + +void copy_from_key __P((des_cblock in, u_int32_t *lo, u_int32_t *hi)); +void copy_to_key __P((u_int32_t *lo, u_int32_t *hi, des_cblock out)); + +void kdb_encrypt_key __P((des_cblock *, des_cblock *, des_cblock *, + des_key_schedule, int)); +int kdb_get_master_key __P((int prompt, des_cblock *master_key, + des_key_schedule master_key_sched)); +int kdb_get_new_master_key __P((des_cblock *, des_key_schedule, int)); +int kdb_kstash __P((des_cblock *, char *)); +int kdb_new_get_master_key __P((des_cblock *, des_key_schedule)); +int kdb_new_get_new_master_key __P((des_cblock *key, des_key_schedule schedule, int verify)); +long kdb_verify_master_key __P((des_cblock *, des_key_schedule, FILE *)); +long *kerb_db_begin_update __P((void)); +int kerb_db_create __P((char *db_name)); +int kerb_db_delete_principal (char *name, char *inst); +void kerb_db_end_update __P((long *db)); +int kerb_db_get_dba __P((char *, char *, Dba *, unsigned, int *)); +void kerb_db_get_stat __P((DB_stat *)); +int kerb_db_iterate __P((k_iter_proc_t, void*)); +int kerb_db_put_principal __P((Principal *, unsigned int)); +void kerb_db_put_stat __P((DB_stat *)); +int kerb_db_rename __P((char *, char *)); +int kerb_db_set_lockmode __P((int)); +int kerb_db_set_name __P((char *)); +int kerb_db_update __P((long *db, Principal *principal, unsigned int max)); +int kerb_delete_principal __P((char *name, char *inst)); +void kerb_fini __P((void)); +int kerb_get_dba __P((char *, char *, Dba *, unsigned int, int *)); +time_t kerb_get_db_age __P((void)); +int kerb_get_principal __P((char *, char *, Principal *, unsigned int, int *)); +int kerb_init __P((void)); +int kerb_put_principal __P((Principal *, unsigned int)); + +#endif /* KRB_DB_DEFS */ diff --git a/crypto/kerberosIV/lib/kdb/krb_dbm.c b/crypto/kerberosIV/lib/kdb/krb_dbm.c new file mode 100644 index 0000000..963656a --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/krb_dbm.c @@ -0,0 +1,823 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "kdb_locl.h" + +RCSID("$Id: krb_dbm.c,v 1.27 1997/05/02 14:29:09 assar Exp $"); + +#include <xdbm.h> + +#define KERB_DB_MAX_RETRY 5 + +#ifdef DEBUG +extern int debug; +extern long kerb_debug; +extern char *progname; +#endif + +static int init = 0; +static char default_db_name[] = DBM_FILE; +static char *current_db_name = default_db_name; + +static struct timeval timestamp;/* current time of request */ +static int non_blocking = 0; + +/* + * This module contains all of the code which directly interfaces to + * the underlying representation of the Kerberos database; this + * implementation uses a DBM or NDBM indexed "file" (actually + * implemented as two separate files) to store the relations, plus a + * third file as a semaphore to allow the database to be replaced out + * from underneath the KDC server. + */ + +/* + * Locking: + * + * There are two distinct locking protocols used. One is designed to + * lock against processes (the admin_server, for one) which make + * incremental changes to the database; the other is designed to lock + * against utilities (kdb_util, kpropd) which replace the entire + * database in one fell swoop. + * + * The first locking protocol is implemented using flock() in the + * krb_dbl_lock() and krb_dbl_unlock routines. + * + * The second locking protocol is necessary because DBM "files" are + * actually implemented as two separate files, and it is impossible to + * atomically rename two files simultaneously. It assumes that the + * database is replaced only very infrequently in comparison to the time + * needed to do a database read operation. + * + * A third file is used as a "version" semaphore; the modification + * time of this file is the "version number" of the database. + * At the start of a read operation, the reader checks the version + * number; at the end of the read operation, it checks again. If the + * version number changed, or if the semaphore was nonexistant at + * either time, the reader sleeps for a second to let things + * stabilize, and then tries again; if it does not succeed after + * KERB_DB_MAX_RETRY attempts, it gives up. + * + * On update, the semaphore file is deleted (if it exists) before any + * update takes place; at the end of the update, it is replaced, with + * a version number strictly greater than the version number which + * existed at the start of the update. + * + * If the system crashes in the middle of an update, the semaphore + * file is not automatically created on reboot; this is a feature, not + * a bug, since the database may be inconsistant. Note that the + * absence of a semaphore file does not prevent another _update_ from + * taking place later. Database replacements take place automatically + * only on slave servers; a crash in the middle of an update will be + * fixed by the next slave propagation. A crash in the middle of an + * update on the master would be somewhat more serious, but this would + * likely be noticed by an administrator, who could fix the problem and + * retry the operation. + */ + + +/* + * Utility routine: generate name of database file. + */ + +static char *gen_dbsuffix (char *db_name, char *sfx); + +static char * +gen_dbsuffix(char *db_name, char *sfx) +{ + char *dbsuffix; + + if (sfx == NULL) + sfx = ".ok"; + + asprintf (&dbsuffix, "%s%s", db_name, sfx); + return dbsuffix; +} + +static void +decode_princ_key (datum *key, char *name, char *instance); + +static void +decode_princ_key(datum *key, char *name, char *instance) +{ + strncpy(name, key->dptr, ANAME_SZ); + strncpy(instance, (char *)key->dptr + ANAME_SZ, INST_SZ); + name[ANAME_SZ - 1] = '\0'; + instance[INST_SZ - 1] = '\0'; +} + +static void +encode_princ_contents (datum *contents, Principal *principal); + +static void +encode_princ_contents(datum *contents, Principal *principal) +{ + contents->dsize = sizeof(*principal); + contents->dptr = (char *) principal; +} + +static void +decode_princ_contents (datum *contents, Principal *principal) +{ + memcpy(principal, contents->dptr, sizeof(*principal)); +} + +static void +encode_princ_key (datum *key, char *name, char *instance) +{ + static char keystring[ANAME_SZ + INST_SZ]; + + memset(keystring, 0, ANAME_SZ + INST_SZ); + strncpy(keystring, name, ANAME_SZ); + strncpy(&keystring[ANAME_SZ], instance, INST_SZ); + key->dptr = keystring; + key->dsize = ANAME_SZ + INST_SZ; +} + +static int dblfd = -1; /* db LOCK fd */ +static int mylock = 0; +static int inited = 0; + +static int +kerb_dbl_init (void); + +static int +kerb_dbl_init() +{ + if (!inited) { + char *filename = gen_dbsuffix (current_db_name, ".ok"); + if ((dblfd = open(filename, O_RDWR)) < 0) { + fprintf(stderr, "kerb_dbl_init: couldn't open %s\n", filename); + fflush(stderr); + perror("open"); + exit(1); + } + free(filename); + inited++; + } + return (0); +} + +static void +kerb_dbl_fini (void); + +static void +kerb_dbl_fini() +{ + close(dblfd); + dblfd = -1; + inited = 0; + mylock = 0; +} + +static int +kerb_dbl_lock (int mode); + +static int +kerb_dbl_lock(int mode) +{ + int flock_mode; + + if (!inited) + kerb_dbl_init(); + if (mylock) { /* Detect lock call when lock already + * locked */ + fprintf(stderr, "Kerberos locking error (mylock)\n"); + fflush(stderr); + exit(1); + } + switch (mode) { + case KERB_DBL_EXCLUSIVE: + flock_mode = K_LOCK_EX; + break; + case KERB_DBL_SHARED: + flock_mode = K_LOCK_SH; + break; + default: + fprintf(stderr, "invalid lock mode %d\n", mode); + abort(); + } + if (non_blocking) + flock_mode |= K_LOCK_NB; + + if (k_flock(dblfd, flock_mode) < 0) + return errno; + mylock++; + return 0; +} + +static void kerb_dbl_unlock (void); + +static void +kerb_dbl_unlock() +{ + if (!mylock) { /* lock already unlocked */ + fprintf(stderr, "Kerberos database lock not locked when unlocking.\n"); + fflush(stderr); + exit(1); + } + if (k_flock(dblfd, K_LOCK_UN) < 0) { + fprintf(stderr, "Kerberos database lock error. (unlocking)\n"); + fflush(stderr); + perror("k_flock"); + exit(1); + } + mylock = 0; +} + +int +kerb_db_set_lockmode (int mode); + +int +kerb_db_set_lockmode(int mode) +{ + int old = non_blocking; + non_blocking = mode; + return old; +} + +/* + * initialization for data base routines. + */ + +int +kerb_db_init (void); + +int +kerb_db_init() +{ + init = 1; + return (0); +} + +/* + * gracefully shut down database--must be called by ANY program that does + * a kerb_db_init + */ + +void +kerb_db_fini (void); + +void +kerb_db_fini() +{ +} + +/* + * Set the "name" of the current database to some alternate value. + * + * Passing a null pointer as "name" will set back to the default. + * If the alternate database doesn't exist, nothing is changed. + */ + +int +kerb_db_set_name (char *name); + +int +kerb_db_set_name(char *name) +{ + DBM *db; + + if (name == NULL) + name = default_db_name; + db = dbm_open(name, 0, 0); + if (db == NULL) + return errno; + dbm_close(db); + kerb_dbl_fini(); + current_db_name = name; + return 0; +} + +/* + * Return the last modification time of the database. + */ + +time_t +kerb_get_db_age (void); + +time_t +kerb_get_db_age() +{ + struct stat st; + char *okname; + time_t age; + + okname = gen_dbsuffix(current_db_name, ".ok"); + + if (stat (okname, &st) < 0) + age = 0; + else + age = st.st_mtime; + + free (okname); + return age; +} + +/* + * Remove the semaphore file; indicates that database is currently + * under renovation. + * + * This is only for use when moving the database out from underneath + * the server (for example, during slave updates). + */ + +static time_t +kerb_start_update (char *db_name); + +static time_t +kerb_start_update(char *db_name) +{ + char *okname = gen_dbsuffix(db_name, ".ok"); + time_t age = kerb_get_db_age(); + + if (unlink(okname) < 0 + && errno != ENOENT) { + age = -1; + } + free (okname); + return age; +} + +static int +kerb_end_update (char *db_name, time_t age); + +static int +kerb_end_update(char *db_name, time_t age) +{ + int fd; + int retval = 0; + char *new_okname = gen_dbsuffix(db_name, ".ok#"); + char *okname = gen_dbsuffix(db_name, ".ok"); + + fd = open (new_okname, O_CREAT|O_RDWR|O_TRUNC, 0600); + if (fd < 0) + retval = errno; + else { + struct stat st; + struct utimbuf tv; + /* make sure that semaphore is "after" previous value. */ + if (fstat (fd, &st) == 0 + && st.st_mtime <= age) { + tv.actime = st.st_atime; + tv.modtime = age; + /* set times.. */ + utime (new_okname, &tv); + fsync(fd); + } + close(fd); + if (rename (new_okname, okname) < 0) + retval = errno; + } + + free (new_okname); + free (okname); + + return retval; +} + +static time_t +kerb_start_read (void); + +static time_t +kerb_start_read() +{ + return kerb_get_db_age(); +} + +static int kerb_end_read (time_t age); + +static int +kerb_end_read(time_t age) +{ + if (kerb_get_db_age() != age || age == -1) { + return -1; + } + return 0; +} + +/* + * Create the database, assuming it's not there. + */ +int +kerb_db_create(char *db_name) +{ + char *okname = gen_dbsuffix(db_name, ".ok"); + int fd; + int ret = 0; +#ifdef NDBM + DBM *db; + + db = dbm_open(db_name, O_RDWR|O_CREAT|O_EXCL, 0600); + if (db == NULL) + ret = errno; + else + dbm_close(db); +#else + char *dirname = gen_dbsuffix(db_name, ".dir"); + char *pagname = gen_dbsuffix(db_name, ".pag"); + + fd = open(dirname, O_RDWR|O_CREAT|O_EXCL, 0600); + if (fd < 0) + ret = errno; + else { + close(fd); + fd = open (pagname, O_RDWR|O_CREAT|O_EXCL, 0600); + if (fd < 0) + ret = errno; + else + close(fd); + } + if (dbminit(db_name) < 0) + ret = errno; +#endif + if (ret == 0) { + fd = open (okname, O_CREAT|O_RDWR|O_TRUNC, 0600); + if (fd < 0) + ret = errno; + close(fd); + } + return ret; +} + +/* + * "Atomically" rename the database in a way that locks out read + * access in the middle of the rename. + * + * Not perfect; if we crash in the middle of an update, we don't + * necessarily know to complete the transaction the rename, but... + */ + +int +kerb_db_rename(char *from, char *to) +{ +#ifdef HAVE_NEW_DB + char *fromdb = gen_dbsuffix (from, ".db"); + char *todb = gen_dbsuffix (to, ".db"); +#else + char *fromdir = gen_dbsuffix (from, ".dir"); + char *todir = gen_dbsuffix (to, ".dir"); + char *frompag = gen_dbsuffix (from , ".pag"); + char *topag = gen_dbsuffix (to, ".pag"); +#endif + char *fromok = gen_dbsuffix(from, ".ok"); + long trans = kerb_start_update(to); + int ok = 0; + +#ifdef HAVE_NEW_DB + if (rename (fromdb, todb) == 0) { + unlink (fromok); + ok = 1; + } + free (fromdb); + free (todb); +#else + if ((rename (fromdir, todir) == 0) + && (rename (frompag, topag) == 0)) { + unlink (fromok); + ok = 1; + } + free (fromdir); + free (todir); + free (frompag); + free (topag); +#endif + free (fromok); + if (ok) + return kerb_end_update(to, trans); + else + return -1; +} + +int +kerb_db_delete_principal (char *name, char *inst) +{ + DBM *db; + int try; + int done = 0; + int code; + datum key; + + if(!init) + kerb_db_init(); + + for(try = 0; try < KERB_DB_MAX_RETRY; try++){ + if((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) + return -1; + + db = dbm_open(current_db_name, O_RDWR, 0600); + if(db == NULL) + return -1; + encode_princ_key(&key, name, inst); + if(dbm_delete(db, key) == 0) + done = 1; + + dbm_close(db); + kerb_dbl_unlock(); + if(done) + break; + if(!non_blocking) + sleep(1); + } + if(!done) + return -1; + return 0; +} + + +/* + * look up a principal in the data base returns number of principals + * found , and whether there were more than requested. + */ + +int +kerb_db_get_principal (char *name, char *inst, Principal *principal, + unsigned int max, int *more) +{ + int found = 0, code; + int wildp, wildi; + datum key, contents; + char testname[ANAME_SZ], testinst[INST_SZ]; + u_long trans; + int try; + DBM *db; + + if (!init) + kerb_db_init(); /* initialize database routines */ + + for (try = 0; try < KERB_DB_MAX_RETRY; try++) { + trans = kerb_start_read(); + + if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) + return -1; + + db = dbm_open(current_db_name, O_RDONLY, 0600); + + *more = 0; + +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, + "%s: db_get_principal for %s %s max = %d", + progname, name, inst, max); +#endif + + wildp = !strcmp(name, "*"); + wildi = !strcmp(inst, "*"); + + if (!wildi && !wildp) { /* nothing's wild */ + encode_princ_key(&key, name, inst); + contents = dbm_fetch(db, key); + if (contents.dptr == NULL) { + found = 0; + goto done; + } + decode_princ_contents(&contents, principal); +#ifdef DEBUG + if (kerb_debug & 1) { + fprintf(stderr, "\t found %s %s p_n length %d t_n length %d\n", + principal->name, principal->instance, + strlen(principal->name), + strlen(principal->instance)); + } +#endif + found = 1; + goto done; + } + /* process wild cards by looping through entire database */ + + for (key = dbm_firstkey(db); key.dptr != NULL; + key = dbm_next(db, key)) { + decode_princ_key(&key, testname, testinst); + if ((wildp || !strcmp(testname, name)) && + (wildi || !strcmp(testinst, inst))) { /* have a match */ + if (found >= max) { + *more = 1; + goto done; + } else { + found++; + contents = dbm_fetch(db, key); + decode_princ_contents(&contents, principal); +#ifdef DEBUG + if (kerb_debug & 1) { + fprintf(stderr, + "\tfound %s %s p_n length %d t_n length %d\n", + principal->name, principal->instance, + strlen(principal->name), + strlen(principal->instance)); + } +#endif + principal++; /* point to next */ + } + } + } + + done: + kerb_dbl_unlock(); /* unlock read lock */ + dbm_close(db); + if (kerb_end_read(trans) == 0) + break; + found = -1; + if (!non_blocking) + sleep(1); + } + return (found); +} + +/* Use long * rather than DBM * so that the database structure is private */ + +long * +kerb_db_begin_update(void) +{ + int code; + + gettimeofday(×tamp, NULL); + + if (!init) + kerb_db_init(); + + if ((code = kerb_dbl_lock(KERB_DBL_EXCLUSIVE)) != 0) + return 0; + + return (long *) dbm_open(current_db_name, O_RDWR, 0600); +} + +void +kerb_db_end_update(long *db) +{ + dbm_close((DBM *)db); + kerb_dbl_unlock(); /* unlock database */ +} + +int +kerb_db_update(long *db, Principal *principal, unsigned int max) +{ + int found = 0; + u_long i; + datum key, contents; + +#ifdef DEBUG + if (kerb_debug & 2) + fprintf(stderr, "%s: kerb_db_put_principal max = %d", + progname, max); +#endif + + /* for each one, stuff temps, and do replace/append */ + for (i = 0; i < max; i++) { + encode_princ_contents(&contents, principal); + encode_princ_key(&key, principal->name, principal->instance); + dbm_store((DBM *)db, key, contents, DBM_REPLACE); +#ifdef DEBUG + if (kerb_debug & 1) { + fprintf(stderr, "\n put %s %s\n", + principal->name, principal->instance); + } +#endif + found++; + principal++; /* bump to next struct */ + } + return found; +} + +/* + * Update a name in the data base. Returns number of names + * successfully updated. + */ + +int +kerb_db_put_principal (Principal *principal, unsigned int max); + +int +kerb_db_put_principal(Principal *principal, + unsigned max) + +{ + int found; + long *db; + + db = kerb_db_begin_update(); + if (db == 0) + return -1; + + found = kerb_db_update(db, principal, max); + + kerb_db_end_update(db); + return (found); +} + +void +kerb_db_get_stat (DB_stat *s); + +void +kerb_db_get_stat(DB_stat *s) +{ + gettimeofday(×tamp, NULL); + + s->cpu = 0; + s->elapsed = 0; + s->dio = 0; + s->pfault = 0; + s->t_stamp = timestamp.tv_sec; + s->n_retrieve = 0; + s->n_replace = 0; + s->n_append = 0; + s->n_get_stat = 0; + s->n_put_stat = 0; + /* update local copy too */ +} + +void +kerb_db_put_stat (DB_stat *s); + +void +kerb_db_put_stat(DB_stat *s) +{ +} + +void +delta_stat (DB_stat *a, DB_stat *b, DB_stat *c); + +void +delta_stat(DB_stat *a, DB_stat *b, DB_stat *c) +{ + /* c = a - b then b = a for the next time */ + + c->cpu = a->cpu - b->cpu; + c->elapsed = a->elapsed - b->elapsed; + c->dio = a->dio - b->dio; + c->pfault = a->pfault - b->pfault; + c->t_stamp = a->t_stamp - b->t_stamp; + c->n_retrieve = a->n_retrieve - b->n_retrieve; + c->n_replace = a->n_replace - b->n_replace; + c->n_append = a->n_append - b->n_append; + c->n_get_stat = a->n_get_stat - b->n_get_stat; + c->n_put_stat = a->n_put_stat - b->n_put_stat; + + memcpy(b, a, sizeof(DB_stat)); + return; +} + +/* + * look up a dba in the data base returns number of dbas found , and + * whether there were more than requested. + */ + +int +kerb_db_get_dba (char *dba_name, char *dba_inst, Dba *dba, unsigned int max, int *more); + +int +kerb_db_get_dba(char *dba_name, char *dba_inst, Dba *dba, + unsigned max, + int *more) + /* could have wild card */ + /* could have wild card */ + /* max number of name structs to return */ + /* where there more than 'max' tuples? */ +{ + *more = 0; + return (0); +} + +int +kerb_db_iterate (k_iter_proc_t func, void *arg) +{ + datum key, contents; + Principal *principal; + int code; + DBM *db; + + kerb_db_init(); /* initialize and open the database */ + if ((code = kerb_dbl_lock(KERB_DBL_SHARED)) != 0) + return code; + + db = dbm_open(current_db_name, O_RDONLY, 0600); + + for (key = dbm_firstkey (db); key.dptr != NULL; key = dbm_next(db, key)) { + contents = dbm_fetch (db, key); + /* XXX may not be properly aligned */ + principal = (Principal *) contents.dptr; + if ((code = (*func)(arg, principal)) != 0) + return code; + } + dbm_close(db); + kerb_dbl_unlock(); + return 0; +} diff --git a/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c b/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c new file mode 100644 index 0000000..f321e9f --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/krb_kdb_utils.c @@ -0,0 +1,261 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * Utility routines for Kerberos programs which directly access + * the database. This code was duplicated in too many places + * before I gathered it here. + * + * Jon Rochlis, MIT Telecom, March 1988 + */ + +#include "kdb_locl.h" + +#include <kdc.h> + +RCSID("$Id: krb_kdb_utils.c,v 1.23 1997/05/02 14:29:10 assar Exp $"); + +/* always try /.k for backwards compatibility */ +static char *master_key_files[] = { MKEYFILE, "/.k", NULL }; + +#ifdef HAVE_STRERROR +#define k_strerror(e) strerror(e) +#else +static +char * +k_strerror(int eno) +{ + extern int sys_nerr; + extern char *sys_errlist[]; + + static char emsg[128]; + + if (eno < 0 || eno >= sys_nerr) + snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno); + else + return sys_errlist[eno]; + + return emsg; +} +#endif + +int +kdb_new_get_master_key(des_cblock *key, des_key_schedule schedule) +{ + int kfile; + int i; + char buf[1024]; + + char **mkey; + + for(mkey = master_key_files; *mkey; mkey++){ + kfile = open(*mkey, O_RDONLY); + if(kfile < 0 && errno != ENOENT) + fprintf(stderr, "Failed to open master key file \"%s\": %s\n", + *mkey, + k_strerror(errno)); + if(kfile >= 0) + break; + } + if(*mkey){ + int bytes; + bytes = read(kfile, (char*)key, sizeof(des_cblock)); + close(kfile); + if(bytes == sizeof(des_cblock)){ + des_key_sched(key, schedule); + return 0; + } + fprintf(stderr, "Could only read %d bytes from master key file %s\n", + bytes, *mkey); + }else{ + fprintf(stderr, "No master key file found.\n"); + } + + + i=0; + while(i < 3){ + if(des_read_pw_string(buf, sizeof(buf), "Enter master password: ", 0)) + break; + + /* buffer now contains either an old format master key password or a + * new format base64 encoded master key + */ + + /* try to verify as old password */ + des_string_to_key(buf, key); + des_key_sched(key, schedule); + + if(kdb_verify_master_key(key, schedule, NULL) != -1){ + memset(buf, 0, sizeof(buf)); + return 0; + } + + /* failed test, so must be base64 encoded */ + + if(base64_decode(buf, key) == 8){ + des_key_sched(key, schedule); + if(kdb_verify_master_key(key, schedule, NULL) != -1){ + memset(buf, 0, sizeof(buf)); + return 0; + } + } + + memset(buf, 0, sizeof(buf)); + fprintf(stderr, "Failed to verify master key.\n"); + i++; + } + + /* life sucks */ + fprintf(stderr, "You loose.\n"); + exit(1); +} + +int kdb_new_get_new_master_key(des_cblock *key, des_key_schedule schedule, + int verify) +{ +#ifndef RANDOM_MKEY + des_read_password(key, "\nEnter Kerberos master password: ", verify); + printf ("\n"); +#else + char buf[1024]; + des_generate_random_block (key); + des_key_sched(key, schedule); + + des_read_pw_string(buf, sizeof(buf), "Enter master key seed: ", 0); + des_cbc_cksum((des_cblock*)buf, key, sizeof(buf), schedule, key); + memset(buf, 0, sizeof(buf)); +#endif + des_key_sched(key, schedule); + return 0; +} + +int kdb_get_master_key(int prompt, des_cblock *master_key, + des_key_schedule master_key_sched) +{ + int ask = (prompt == KDB_GET_TWICE); +#ifndef RANDOM_MKEY + ask |= (prompt == KDB_GET_PROMPT); +#endif + + if(ask) + kdb_new_get_new_master_key(master_key, master_key_sched, + prompt == KDB_GET_TWICE); + else + kdb_new_get_master_key(master_key, master_key_sched); + return 0; +} + +int kdb_kstash(des_cblock *master_key, char *file) +{ + int kfile; + kfile = open(file, O_TRUNC | O_RDWR | O_CREAT, 0600); + if (kfile < 0) { + return -1; + } + if (write(kfile, master_key, sizeof(des_cblock)) != sizeof(des_cblock)) { + close(kfile); + return -1; + } + close(kfile); + return 0; +} + +/* The old algorithm used the key schedule as the initial vector which + was byte order depedent ... */ + +void +kdb_encrypt_key (des_cblock (*in), des_cblock (*out), + des_cblock (*master_key), + des_key_schedule master_key_sched, int e_d_flag) +{ + +#ifdef NOENCRYPTION + memcpy(out, in, sizeof(des_cblock)); +#else + des_pcbc_encrypt(in,out,(long)sizeof(des_cblock),master_key_sched,master_key, + e_d_flag); +#endif +} + +/* The caller is reasponsible for cleaning up the master key and sched, + even if we can't verify the master key */ + +/* Returns master key version if successful, otherwise -1 */ + +long +kdb_verify_master_key (des_cblock *master_key, + des_key_schedule master_key_sched, + FILE *out) /* NULL -> no output */ +{ + des_cblock key_from_db; + Principal principal_data[1]; + int n, more = 0; + long master_key_version; + + /* lookup the master key version */ + n = kerb_get_principal(KERB_M_NAME, KERB_M_INST, principal_data, + 1 /* only one please */, &more); + if ((n != 1) || more) { + if (out != (FILE *) NULL) + fprintf(out, + "verify_master_key: %s, %d found.\n", + "Kerberos error on master key version lookup", + n); + return (-1); + } + + master_key_version = (long) principal_data[0].key_version; + + /* set up the master key */ + if (out != (FILE *) NULL) /* should we punt this? */ + fprintf(out, "Current Kerberos master key version is %d.\n", + principal_data[0].kdc_key_ver); + + /* + * now use the master key to decrypt the key in the db, had better + * be the same! + */ + copy_to_key(&principal_data[0].key_low, + &principal_data[0].key_high, + key_from_db); + kdb_encrypt_key (&key_from_db, &key_from_db, + master_key, master_key_sched, DES_DECRYPT); + + /* the decrypted database key had better equal the master key */ + n = memcmp(master_key, key_from_db, sizeof(master_key)); + /* this used to zero the master key here! */ + memset(key_from_db, 0, sizeof(key_from_db)); + memset(principal_data, 0, sizeof (principal_data)); + + if (n && (out != (FILE *) NULL)) { + fprintf(out, "\n\07\07verify_master_key: Invalid master key; "); + fprintf(out, "does not match database.\n"); + } + if(n) + return (-1); + + if (out != (FILE *) NULL) { + fprintf(out, "\nMaster key entered. BEWARE!\07\07\n"); + fflush(out); + } + + return (master_key_version); +} diff --git a/crypto/kerberosIV/lib/kdb/krb_lib.c b/crypto/kerberosIV/lib/kdb/krb_lib.c new file mode 100644 index 0000000..19bf316 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/krb_lib.c @@ -0,0 +1,259 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "kdb_locl.h" + +RCSID("$Id: krb_lib.c,v 1.11 1997/05/07 01:36:08 assar Exp $"); + +#ifdef DEBUG +extern int debug; +extern char *progname; +long kerb_debug; +#endif + +static int init = 0; + +/* + * initialization routine for data base + */ + +int +kerb_init(void) +{ +#ifdef DEBUG + if (!init) { + char *dbg = getenv("KERB_DBG"); + if (dbg) + sscanf(dbg, "%d", &kerb_debug); + init = 1; + } +#endif + kerb_db_init(); + +#ifdef CACHE + kerb_cache_init(); +#endif + + /* successful init, return 0, else errcode */ + return (0); +} + +/* + * finalization routine for database -- NOTE: MUST be called by any + * program using kerb_init. ALSO will have to be modified to finalize + * caches, if they're ever really implemented. + */ + +void +kerb_fini(void) +{ + kerb_db_fini(); +} + + +int +kerb_delete_principal(char *name, char *inst) +{ + int ret; + + if (!init) + kerb_init(); + + ret = kerb_db_delete_principal(name, inst); +#ifdef CACHE + if(ret == 0){ + kerb_cache_delete_principal(name, inst); + } +#endif + return ret; +} + + +/* + * look up a principal in the cache or data base returns number of + * principals found + */ + +int +kerb_get_principal(char *name, char *inst, Principal *principal, + unsigned int max, int *more) + /* could have wild card */ + /* could have wild card */ + + /* max number of name structs to return */ + /* more tuples than room for */ + +{ + int found = 0; +#ifdef CACHE + static int wild = 0; +#endif + if (!init) + kerb_init(); + +#ifdef DEBUG + if (kerb_debug & 1) + fprintf(stderr, "\n%s: kerb_get_principal for %s %s max = %d\n", + progname, name, inst, max); +#endif + + /* + * if this is a request including a wild card, have to go to db + * since the cache may not be exhaustive. + */ + + /* clear the principal area */ + memset(principal, 0, max * sizeof(Principal)); + +#ifdef CACHE + /* + * so check to see if the name contains a wildcard "*" or "?", not + * preceeded by a backslash. + */ + wild = 0; + if (index(name, '*') || index(name, '?') || + index(inst, '*') || index(inst, '?')) + wild = 1; + + if (!wild) { + /* try the cache first */ + found = kerb_cache_get_principal(name, inst, principal, max, more); + if (found) + return (found); + } +#endif + /* If we didn't try cache, or it wasn't there, try db */ + found = kerb_db_get_principal(name, inst, principal, max, more); + /* try to insert principal(s) into cache if it was found */ +#ifdef CACHE + if (found) { + kerb_cache_put_principal(principal, found); + } +#endif + return (found); +} + +/* principals */ +int +kerb_put_principal(Principal *principal, unsigned int n) + + /* number of principal structs to write */ +{ + struct tm *tp; + + /* set mod date */ + principal->mod_date = time((time_t *)0); + /* and mod date string */ + + tp = k_localtime(&principal->mod_date); + snprintf(principal->mod_date_txt, + sizeof(principal->mod_date_txt), + "%4d-%2d-%2d", + tp->tm_year + 1900, + tp->tm_mon + 1, tp->tm_mday); /* January is 0, not 1 */ +#ifdef DEBUG + if (kerb_debug & 1) { + int i; + fprintf(stderr, "\nkerb_put_principal..."); + for (i = 0; i < n; i++) { + krb_print_principal(&principal[i]); + } + } +#endif + /* write database */ + if (kerb_db_put_principal(principal, n) < 0) { +#ifdef DEBUG + if (kerb_debug & 1) + fprintf(stderr, "\n%s: kerb_db_put_principal err", progname); + /* watch out for cache */ +#endif + return -1; + } +#ifdef CACHE + /* write cache */ + if (!kerb_cache_put_principal(principal, n)) { +#ifdef DEBUG + if (kerb_debug & 1) + fprintf(stderr, "\n%s: kerb_cache_put_principal err", progname); +#endif + return -1; + } +#endif + return 0; +} + +int +kerb_get_dba(char *name, char *inst, Dba *dba, unsigned int max, int *more) + /* could have wild card */ + /* could have wild card */ + + /* max number of name structs to return */ + /* more tuples than room for */ + +{ + int found = 0; +#ifdef CACHE + static int wild = 0; +#endif + if (!init) + kerb_init(); + +#ifdef DEBUG + if (kerb_debug & 1) + fprintf(stderr, "\n%s: kerb_get_dba for %s %s max = %d\n", + progname, name, inst, max); +#endif + /* + * if this is a request including a wild card, have to go to db + * since the cache may not be exhaustive. + */ + + /* clear the dba area */ + memset(dba, 0, max * sizeof(Dba)); + +#ifdef CACHE + /* + * so check to see if the name contains a wildcard "*" or "?", not + * preceeded by a backslash. + */ + + wild = 0; + if (index(name, '*') || index(name, '?') || + index(inst, '*') || index(inst, '?')) + wild = 1; + + if (!wild) { + /* try the cache first */ + found = kerb_cache_get_dba(name, inst, dba, max, more); + if (found) + return (found); + } +#endif + /* If we didn't try cache, or it wasn't there, try db */ + found = kerb_db_get_dba(name, inst, dba, max, more); +#ifdef CACHE + /* try to insert dba(s) into cache if it was found */ + if (found) { + kerb_cache_put_dba(dba, found); + } +#endif + return (found); +} diff --git a/crypto/kerberosIV/lib/kdb/print_princ.c b/crypto/kerberosIV/lib/kdb/print_princ.c new file mode 100644 index 0000000..786c5a9 --- /dev/null +++ b/crypto/kerberosIV/lib/kdb/print_princ.c @@ -0,0 +1,48 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "kdb_locl.h" + +RCSID("$Id: print_princ.c,v 1.5 1997/05/07 01:37:13 assar Exp $"); + +void +krb_print_principal(Principal *a_n) +{ + struct tm *time_p; + + /* run-time database does not contain string versions */ + time_p = k_localtime(&(a_n->exp_date)); + + fprintf(stderr, + "\n%s %s expires %4d-%2d-%2d %2d:%2d, max_life %d*5 = %d min attr 0x%02x", + a_n->name, a_n->instance, + time_p->tm_year + 1900, + time_p->tm_mon + 1, time_p->tm_mday, + time_p->tm_hour, time_p->tm_min, + a_n->max_life, 5 * a_n->max_life, a_n->attributes); + + fprintf(stderr, + "\n\tkey_ver %d k_low 0x%08lx k_high 0x%08lx akv %d exists %ld\n", + a_n->key_version, (long)a_n->key_low, (long)a_n->key_high, + a_n->kdc_key_ver, (long)a_n->old); + + fflush(stderr); +} diff --git a/crypto/kerberosIV/lib/krb/Makefile.in b/crypto/kerberosIV/lib/krb/Makefile.in new file mode 100644 index 0000000..8b34d65 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/Makefile.in @@ -0,0 +1,269 @@ +# +# $Id: Makefile.in,v 1.74 1997/05/19 03:03:05 assar Exp $ +# + +# Under SunOS-5.x it is necessary to link with -ldes to be binary compatible. +LIBDES=`test -r /usr/lib/libkrb.so.1 && echo "-lresolv -L../des -ldes"; true` + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +LN_S = @LN_S@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ +EXECSUFFIX=@EXECSUFFIX@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +COMPILE_ET = ../../util/et/compile_et$(EXECSUFFIX) -language ansi-c + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = @PICFLAGS@ + +PROGS = sizetest$(EXEC_SUFFIX) +LIBNAME = $(LIBPREFIX)krb +LIBEXT = @LIBEXT@ +SHLIBEXT = @SHLIBEXT@ +LIBPREFIX = @LIBPREFIX@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) + +SOURCES = cr_err_reply.c \ + create_auth_reply.c \ + create_ciph.c \ + create_death_packet.c \ + create_ticket.c \ + dest_tkt.c \ + get_in_tkt.c \ + get_svc_in_tkt.c \ + getrealm.c \ + k_localtime.c \ + krb_err_txt.c \ + krb_get_in_tkt.c \ + kuserok.c \ + parse_name.c \ + kntoln.c \ + mk_auth.c \ + krb_check_auth.c \ + mk_err.c \ + mk_safe.c \ + rd_err.c \ + rd_safe.c \ + recvauth.c \ + mk_priv.c \ + rd_req.c \ + decomp_ticket.c \ + lifetime.c \ + month_sname.c \ + stime.c \ + read_service_key.c \ + getst.c \ + sendauth.c \ + netread.c \ + netwrite.c \ + rd_priv.c \ + krb_equiv.c \ + str2key.c \ + get_ad_tkt.c \ + mk_req.c \ + get_cred.c \ + get_tf_realm.c \ + get_tf_fullname.c \ + one.c \ + save_credentials.c \ + send_to_kdc.c \ + get_host.c \ + get_krbrlm.c \ + k_gethostname.c \ + tf_util.c \ + debug_decl.c \ + k_flock.c \ + tkt_string.c \ + getaddrs.c \ + k_getsockinst.c \ + k_getport.c \ + lsb_addr_comp.c \ + name2name.c \ + get_default_principal.c \ + realm_parse.c \ + verify_user.c \ + rw.c \ + kdc_reply.c \ + encrypt_ktext.c \ + swab.c \ + gettimeofday.c \ + check_time.c \ + krb_err.c \ + et_list.c \ + resolve.c \ + unparse_name.c \ + logging.c \ + k_concat.c + +# these files reside in ../roken +# snprintf.c \ +# strdup.c \ +# strtok_r.c \ +# strcasecmp.c + +OBJECTS = cr_err_reply.o \ + create_auth_reply.o \ + create_ciph.o \ + create_death_packet.o \ + create_ticket.o \ + dest_tkt.o \ + get_in_tkt.o \ + get_svc_in_tkt.o \ + getrealm.o \ + k_localtime.o \ + krb_err_txt.o \ + krb_get_in_tkt.o \ + kuserok.o \ + parse_name.o \ + kntoln.o \ + mk_auth.o \ + krb_check_auth.o \ + mk_err.o \ + mk_safe.o \ + rd_err.o \ + rd_safe.o \ + recvauth.o \ + mk_priv.o \ + rd_req.o \ + decomp_ticket.o \ + lifetime.o \ + month_sname.o \ + stime.o \ + read_service_key.o \ + getst.o \ + sendauth.o \ + netread.o \ + netwrite.o \ + rd_priv.o \ + krb_equiv.o \ + str2key.o \ + get_ad_tkt.o \ + mk_req.o \ + get_cred.o \ + get_tf_realm.o \ + get_tf_fullname.o \ + one.o \ + save_credentials.o \ + send_to_kdc.o \ + get_host.o \ + get_krbrlm.o \ + k_gethostname.o \ + tf_util.o \ + debug_decl.o \ + k_flock.o \ + tkt_string.o \ + getaddrs.o \ + k_getsockinst.o \ + k_getport.o \ + lsb_addr_comp.o \ + name2name.o \ + get_default_principal.o \ + realm_parse.o \ + verify_user.o \ + rw.o \ + kdc_reply.o \ + encrypt_ktext.o \ + swab.o \ + gettimeofday.o \ + check_time.o \ + krb_err.o \ + resolve.o \ + unparse_name.o \ + logging.o \ + k_concat.o \ + snprintf.o \ + strdup.o \ + strtok_r.o \ + strcasecmp.o + +# This is only needed by some shared library implementations +LDOBJ = et_list.o + +all: $(LIB) $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +sizetest.o: sizetest.c + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $< + +sizetest$(EXECSUFFIX): sizetest.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ sizetest.o + +check: sizetest$(EXECSUFFIX) + ./sizetest$(EXECSUFFIX) + +clean: + rm -f $(LIB) *.o *.a krb_err.c krb_err.h $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) + rm -f $@ + $(AR) cr $@ $(OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) $(LDOBJ) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) $(LDOBJ) $(LIBDES) + +krb_err.c krb_err.h: krb_err.et + test -r krb_err.et || (rm -f krb_err.et && $(LN_S) $(srcdir)/krb_err.et .) + $(COMPILE_ET) krb_err.et + +snprintf.c: + $(LN_S) $(srcdir)/../roken/snprintf.c . + +strdup.c: + $(LN_S) $(srcdir)/../roken/strdup.c . + +strtok_r.c: + $(LN_S) $(srcdir)/../roken/strtok_r.c . + +strcasecmp.c: + $(LN_S) $(srcdir)/../roken/strcasecmp.c . + +$(OBJECTS): ../../include/config.h +$(OBJECTS): krb_locl.h krb.h krb_err.h +one.o: ../../include/version.h diff --git a/crypto/kerberosIV/lib/krb/check_time.c b/crypto/kerberosIV/lib/krb/check_time.c new file mode 100644 index 0000000..3c3e6c0 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/check_time.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: check_time.c,v 1.4 1997/04/01 08:18:18 joda Exp $"); + +int +krb_check_tm (struct tm tm) +{ + return tm.tm_mon < 0 + || tm.tm_mon > 11 + || tm.tm_hour < 0 + || tm.tm_hour > 23 + || tm.tm_min < 0 + || tm.tm_min > 59 + || tm.tm_sec < 0 + || tm.tm_sec > 59 + || tm.tm_year < 1901 + || tm.tm_year > 2038; +} diff --git a/crypto/kerberosIV/lib/krb/cr_err_reply.c b/crypto/kerberosIV/lib/krb/cr_err_reply.c new file mode 100644 index 0000000..2c1956a --- /dev/null +++ b/crypto/kerberosIV/lib/krb/cr_err_reply.c @@ -0,0 +1,99 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: cr_err_reply.c,v 1.9 1997/04/01 08:18:19 joda Exp $"); + +/* + * This routine is used by the Kerberos authentication server to + * create an error reply packet to send back to its client. + * + * It takes a pointer to the packet to be built, the name, instance, + * and realm of the principal, the client's timestamp, an error code + * and an error string as arguments. Its return value is undefined. + * + * The packet is built in the following format: + * + * type variable data + * or constant + * ---- ----------- ---- + * + * unsigned char req_ack_vno protocol version number + * + * unsigned char AUTH_MSG_ERR_REPLY protocol message type + * + * [least significant HOST_BYTE_ORDER sender's (server's) byte + * bit of above field] order + * + * string pname principal's name + * + * string pinst principal's instance + * + * string prealm principal's realm + * + * unsigned long time_ws client's timestamp + * + * unsigned long e error code + * + * string e_string error text + */ + +void +cr_err_reply(KTEXT pkt, char *pname, char *pinst, char *prealm, + u_int32_t time_ws, u_int32_t e, char *e_string) +{ + unsigned char *p = pkt->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_ERR_REPLY, p, 1); + + if (pname == NULL) pname = ""; + if (pinst == NULL) pinst = ""; + if (prealm == NULL) prealm = ""; + + p += krb_put_nir(pname, pinst, prealm, p); + + p += krb_put_int(time_ws, p, 4); + + p += krb_put_int(e, p, 4); + + p += krb_put_string(e_string, p); + + pkt->length = p - pkt->dat; +} diff --git a/crypto/kerberosIV/lib/krb/create_auth_reply.c b/crypto/kerberosIV/lib/krb/create_auth_reply.c new file mode 100644 index 0000000..4976c46 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/create_auth_reply.c @@ -0,0 +1,131 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: create_auth_reply.c,v 1.11 1997/04/01 08:18:20 joda Exp $"); + +/* + * This routine is called by the Kerberos authentication server + * to create a reply to an authentication request. The routine + * takes the user's name, instance, and realm, the client's + * timestamp, the number of tickets, the user's key version + * number and the ciphertext containing the tickets themselves. + * It constructs a packet and returns a pointer to it. + * + * Notes: The packet returned by this routine is static. Thus, if you + * intend to keep the result beyond the next call to this routine, you + * must copy it elsewhere. + * + * The packet is built in the following format: + * + * variable + * type or constant data + * ---- ----------- ---- + * + * unsigned char KRB_PROT_VERSION protocol version number + * + * unsigned char AUTH_MSG_KDC_REPLY protocol message type + * + * [least significant HOST_BYTE_ORDER sender's (server's) byte + * bit of above field] order + * + * string pname principal's name + * + * string pinst principal's instance + * + * string prealm principal's realm + * + * unsigned long time_ws client's timestamp + * + * unsigned char n number of tickets + * + * unsigned long x_date expiration date + * + * unsigned char kvno master key version + * + * short w_1 cipher length + * + * --- cipher->dat cipher data + */ + +KTEXT +create_auth_reply(char *pname, /* Principal's name */ + char *pinst, /* Principal's instance */ + char *prealm, /* Principal's authentication domain */ + int32_t time_ws, /* Workstation time */ + int n, /* Number of tickets */ + u_int32_t x_date, /* Principal's expiration date */ + int kvno, /* Principal's key version number */ + KTEXT cipher) /* Cipher text with tickets and session keys */ +{ + static KTEXT_ST pkt_st; + KTEXT pkt = &pkt_st; + + unsigned char *p = pkt->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_KDC_REPLY, p, 1); + + if(n != 0){ + /* barf on old code */ + krb_warning("create_auth_reply: don't give me no krb3 crap!" + " (n == %d)\n", n); + return NULL; + } + + + p += krb_put_nir(pname, pinst, prealm, p); + + p += krb_put_int(time_ws, p, 4); + + p += krb_put_int(n, p, 1); + + p += krb_put_int(x_date, p, 4); + + p += krb_put_int(kvno, p, 1); + + p += krb_put_int(cipher->length, p, 2); + + memcpy(p, cipher->dat, cipher->length); + p += cipher->length; + + pkt->length = p - pkt->dat; + + return pkt; +} diff --git a/crypto/kerberosIV/lib/krb/create_ciph.c b/crypto/kerberosIV/lib/krb/create_ciph.c new file mode 100644 index 0000000..27d27ff --- /dev/null +++ b/crypto/kerberosIV/lib/krb/create_ciph.c @@ -0,0 +1,117 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: create_ciph.c,v 1.9 1997/04/01 08:18:20 joda Exp $"); + +/* + * This routine is used by the authentication server to create + * a packet for its client, containing a ticket for the requested + * service (given in "tkt"), and some information about the ticket, + * + * Returns KSUCCESS no matter what. + * + * The length of the cipher is stored in c->length; the format of + * c->dat is as follows: + * + * variable + * type or constant data + * ---- ----------- ---- + * + * + * 8 bytes session session key for client, service + * + * string service service name + * + * string instance service instance + * + * string realm KDC realm + * + * unsigned char life ticket lifetime + * + * unsigned char kvno service key version number + * + * unsigned char tkt->length length of following ticket + * + * data tkt->dat ticket for service + * + * 4 bytes kdc_time KDC's timestamp + * + * <=7 bytes null null pad to 8 byte multiple + * + */ + +int +create_ciph(KTEXT c, /* Text block to hold ciphertext */ + unsigned char *session, /* Session key to send to user */ + char *service, /* Service name on ticket */ + char *instance, /* Instance name on ticket */ + char *realm, /* Realm of this KDC */ + u_int32_t life, /* Lifetime of the ticket */ + int kvno, /* Key version number for service */ + KTEXT tkt, /* The ticket for the service */ + u_int32_t kdc_time, /* KDC time */ + des_cblock *key) /* Key to encrypt ciphertext with */ + +{ + unsigned char *p = c->dat; + + memset(c, 0, sizeof(KTEXT_ST)); + + memcpy(p, session, 8); + p += 8; + + p += krb_put_nir(service, instance, realm, p); + + p += krb_put_int(life, p, 1); + p += krb_put_int(kvno, p, 1); + + p += krb_put_int(tkt->length, p, 1); + + memcpy(p, tkt->dat, tkt->length); + p += tkt->length; + + p += krb_put_int(kdc_time, p, 4); + + /* multiple of eight bytes */ + c->length = (p - c->dat + 7) & ~7; + + encrypt_ktext(c, key, DES_ENCRYPT); + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/create_death_packet.c b/crypto/kerberosIV/lib/krb/create_death_packet.c new file mode 100644 index 0000000..f74ba30 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/create_death_packet.c @@ -0,0 +1,85 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: create_death_packet.c,v 1.8 1997/04/01 08:18:21 joda Exp $"); + +/* + * This routine creates a packet to type AUTH_MSG_DIE which is sent to + * the Kerberos server to make it shut down. It is used only in the + * development environment. + * + * It takes a string "a_name" which is sent in the packet. A pointer + * to the packet is returned. + * + * The format of the killer packet is: + * + * type variable data + * or constant + * ---- ----------- ---- + * + * unsigned char KRB_PROT_VERSION protocol version number + * + * unsigned char AUTH_MSG_DIE message type + * + * [least significant HOST_BYTE_ORDER byte order of sender + * bit of above field] + * + * string a_name presumably, name of + * principal sending killer + * packet + */ + +#ifdef DEBUG +KTEXT +krb_create_death_packet(char *a_name) +{ + static KTEXT_ST pkt_st; + KTEXT pkt = &pkt_st; + + unsigned char *p = pkt->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_DIE, p, 1); + + p += krb_put_string(a_name, p); + pkt->length = p - pkt->dat; + return pkt; +} +#endif /* DEBUG */ diff --git a/crypto/kerberosIV/lib/krb/create_ticket.c b/crypto/kerberosIV/lib/krb/create_ticket.c new file mode 100644 index 0000000..b469232 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/create_ticket.c @@ -0,0 +1,134 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: create_ticket.c,v 1.12 1997/04/01 08:18:21 joda Exp $"); + +/* + * Create ticket takes as arguments information that should be in a + * ticket, and the KTEXT object in which the ticket should be + * constructed. It then constructs a ticket and returns, leaving the + * newly created ticket in tkt. + * The length of the ticket is a multiple of + * eight bytes and is in tkt->length. + * + * If the ticket is too long, the ticket will contain nulls. + * + * The corresponding routine to extract information from a ticket it + * decomp_ticket. When changes are made to this routine, the + * corresponding changes should also be made to that file. + * + * The packet is built in the following format: + * + * variable + * type or constant data + * ---- ----------- ---- + * + * tkt->length length of ticket (multiple of 8 bytes) + * + * tkt->dat: + * + * unsigned char flags namely, HOST_BYTE_ORDER + * + * string pname client's name + * + * string pinstance client's instance + * + * string prealm client's realm + * + * 4 bytes paddress client's address + * + * 8 bytes session session key + * + * 1 byte life ticket lifetime + * + * 4 bytes time_sec KDC timestamp + * + * string sname service's name + * + * string sinstance service's instance + * + * <=7 bytes null null pad to 8 byte multiple + * + */ + +int +krb_create_ticket(KTEXT tkt, /* Gets filled in by the ticket */ + unsigned char flags, /* Various Kerberos flags */ + char *pname, /* Principal's name */ + char *pinstance, /* Principal's instance */ + char *prealm, /* Principal's authentication domain */ + int32_t paddress, /* Net address of requesting entity */ + void *session, /* Session key inserted in ticket */ + int16_t life, /* Lifetime of the ticket */ + int32_t time_sec, /* Issue time and date */ + char *sname, /* Service Name */ + char *sinstance, /* Instance Name */ + des_cblock *key) /* Service's secret key */ +{ + unsigned char *p = tkt->dat; + + memset(tkt, 0, sizeof(KTEXT_ST)); + + p += krb_put_int(flags, p, 1); + p += krb_put_nir(pname, pinstance, prealm, p); + + p += krb_put_address(paddress, p); + + memcpy(p, session, 8); + p += 8; + + p += krb_put_int(life, p, 1); + p += krb_put_int(time_sec, p, 4); + + p += krb_put_nir(sname, sinstance, NULL, p); + + /* multiple of eight bytes */ + tkt->length = (p - tkt->dat + 7) & ~7; + + /* Check length of ticket */ + if (tkt->length > (sizeof(KTEXT_ST) - 7)) { + memset(tkt->dat, 0, tkt->length); + tkt->length = 0; + return KFAILURE /* XXX */; + } + + encrypt_ktext(tkt, key, DES_ENCRYPT); + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/debug_decl.c b/crypto/kerberosIV/lib/krb/debug_decl.c new file mode 100644 index 0000000..5358bcb --- /dev/null +++ b/crypto/kerberosIV/lib/krb/debug_decl.c @@ -0,0 +1,29 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: debug_decl.c,v 1.6 1997/03/23 03:53:07 joda Exp $"); + +/* Declare global debugging variables. */ + +int krb_ap_req_debug = 0; +int krb_debug = 0; diff --git a/crypto/kerberosIV/lib/krb/decomp_ticket.c b/crypto/kerberosIV/lib/krb/decomp_ticket.c new file mode 100644 index 0000000..8e556a3 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/decomp_ticket.c @@ -0,0 +1,119 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: decomp_ticket.c,v 1.16 1997/04/01 08:18:22 joda Exp $"); + +/* + * This routine takes a ticket and pointers to the variables that + * should be filled in based on the information in the ticket. It + * fills in values for its arguments. + * + * The routine returns KFAILURE if any of the "pname", "pinstance", + * or "prealm" fields is too big, otherwise it returns KSUCCESS. + * + * The corresponding routine to generate tickets is create_ticket. + * When changes are made to this routine, the corresponding changes + * should also be made to that file. + * + * See create_ticket.c for the format of the ticket packet. + */ + +int +decomp_ticket(KTEXT tkt, /* The ticket to be decoded */ + unsigned char *flags, /* Kerberos ticket flags */ + char *pname, /* Authentication name */ + char *pinstance, /* Principal's instance */ + char *prealm, /* Principal's authentication domain */ + u_int32_t *paddress,/* Net address of entity requesting ticket */ + unsigned char *session, /* Session key inserted in ticket */ + int *life, /* Lifetime of the ticket */ + u_int32_t *time_sec, /* Issue time and date */ + char *sname, /* Service name */ + char *sinstance, /* Service instance */ + des_cblock *key, /* Service's secret key (to decrypt the ticket) */ + des_key_schedule schedule) /* The precomputed key schedule */ + +{ + unsigned char *p = tkt->dat; + + int little_endian; + + des_pcbc_encrypt((des_cblock *)tkt->dat, (des_cblock *)tkt->dat, + tkt->length, schedule, key, DES_DECRYPT); + + tkt->mbz = 0; + + *flags = *p++; + + little_endian = (*flags >> K_FLAG_ORDER) & 1; + + if(strlen((char*)p) > ANAME_SZ) + return KFAILURE; + p += krb_get_string(p, pname); + + if(strlen((char*)p) > INST_SZ) + return KFAILURE; + p += krb_get_string(p, pinstance); + + if(strlen((char*)p) > REALM_SZ) + return KFAILURE; + p += krb_get_string(p, prealm); + + if(tkt->length - (p - tkt->dat) < 8 + 1 + 4) + return KFAILURE; + p += krb_get_address(p, paddress); + + memcpy(session, p, 8); + p += 8; + + *life = *p++; + + p += krb_get_int(p, time_sec, 4, little_endian); + + if(strlen((char*)p) > SNAME_SZ) + return KFAILURE; + p += krb_get_string(p, sname); + + if(strlen((char*)p) > INST_SZ) + return KFAILURE; + p += krb_get_string(p, sinstance); + + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/dest_tkt.c b/crypto/kerberosIV/lib/krb/dest_tkt.c new file mode 100644 index 0000000..0487e6b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/dest_tkt.c @@ -0,0 +1,82 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: dest_tkt.c,v 1.11 1997/05/19 03:03:40 assar Exp $"); + +/* + * dest_tkt() is used to destroy the ticket store upon logout. + * If the ticket file does not exist, dest_tkt() returns RET_TKFIL. + * Otherwise the function returns RET_OK on success, KFAILURE on + * failure. + * + * The ticket file (TKT_FILE) is defined in "krb.h". + */ + +int +dest_tkt(void) +{ + char *file = TKT_FILE; + int i,fd; + struct stat statb; + char buf[BUFSIZ]; + + errno = 0; + if ( +#ifdef HAVE_LSTAT + lstat +#else + stat +#endif + (file, &statb) < 0) + goto out; + + if (!(statb.st_mode & S_IFREG) +#ifdef notdef + || statb.st_mode & 077 +#endif + ) + goto out; + + if ((fd = open(file, O_RDWR, 0)) < 0) + goto out; + + memset(buf, 0, BUFSIZ); + + for (i = 0; i < statb.st_size; i += sizeof(buf)) + if (write(fd, buf, sizeof(buf)) != sizeof(buf)) { + fsync(fd); + close(fd); + goto out; + } + + + fsync(fd); + close(fd); + + unlink(file); + +out: + if (errno == ENOENT) return RET_TKFIL; + else if (errno != 0) return KFAILURE; + return(KSUCCESS); +} diff --git a/crypto/kerberosIV/lib/krb/dllmain.c b/crypto/kerberosIV/lib/krb/dllmain.c new file mode 100644 index 0000000..e98b7dc --- /dev/null +++ b/crypto/kerberosIV/lib/krb/dllmain.c @@ -0,0 +1,128 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* dllmain.c - main function to krb4.dll + * Author: J Karlsson <d93-jka@nada.kth.se> + * Date: June 1996 + */ + +#include "krb_locl.h" +#include "ticket_memory.h" +#include <Windows.h> + +RCSID("$Id: dllmain.c,v 1.6 1997/05/02 14:29:13 assar Exp $"); + +void +msg(char *text, int error) +{ + char *buf; + + asprintf (&buf, "%s\nAn error of type: %d", text, error); + + MessageBox(GetActiveWindow(), + buf ? buf : "can't tell you", + "kerberos message", + MB_OK|MB_APPLMODAL); + free (buf); +} + +BOOL WINAPI +DllMain (HANDLE hInst, + ULONG reason, + LPVOID lpReserved) +{ + WORD wVersionRequested; + WSADATA wsaData; + PROCESS_INFORMATION p; + int err; + + switch(reason){ + case DLL_PROCESS_ATTACH: + wVersionRequested = MAKEWORD(1, 1); + err = WSAStartup(wVersionRequested, &wsaData); + if (err != 0) + { + /* Tell the user that we couldn't find a useable */ + /* winsock.dll. */ + msg("Cannot find winsock.dll", err); + return FALSE; + } + if(newTktMem(0) != KSUCCESS) + { + /* Tell the user that we couldn't alloc shared memory. */ + msg("Cannot allocate shared ticket memory", GetLastError()); + return FALSE; + } + if(GetLastError() != ERROR_ALREADY_EXISTS) + { + STARTUPINFO s = + { + sizeof(s), + 0, + 0, + 0, + 0,0, + 0,0, + 0,0, + 0, + 0, + 0, + 0,0, + 0,0,0}; + + s.dwFlags = STARTF_USESHOWWINDOW; + s.wShowWindow = SW_HIDE; + if(!CreateProcess(0,"krbmanager", + 0,0,FALSE,0,0, + 0,&s, &p)) + { + msg("Unable to create kerberos manager process.\n" + "Make sure krbmanager.exe is in your PATH.", + GetLastError()); + return FALSE; + } + } + break; + case DLL_PROCESS_DETACH: + freeTktMem(0); + WSACleanup(); + break; + } + + return TRUE; +} diff --git a/crypto/kerberosIV/lib/krb/encrypt_ktext.c b/crypto/kerberosIV/lib/krb/encrypt_ktext.c new file mode 100644 index 0000000..d97fcc7 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/encrypt_ktext.c @@ -0,0 +1,51 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: encrypt_ktext.c,v 1.4 1997/04/01 08:18:26 joda Exp $"); + +void +encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt) +{ + des_key_schedule schedule; + des_set_key(key, schedule); + des_pcbc_encrypt((des_cblock*)cip->dat, (des_cblock*)cip->dat, + cip->length, schedule, key, encrypt); + memset(schedule, 0, sizeof(des_key_schedule)); +} diff --git a/crypto/kerberosIV/lib/krb/et_list.c b/crypto/kerberosIV/lib/krb/et_list.c new file mode 100644 index 0000000..69d1c89 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/et_list.c @@ -0,0 +1,74 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * This is a hack to resolve the reference to _et_list when making a + * shared library under Psoriasis and possibly other systems. Presumably + * they define __ELF__, some people say Linux does so. + */ + +#include "config.h" + +RCSID("$Id: et_list.c,v 1.12 1997/05/13 09:45:01 bg Exp $"); + +struct et_list { + struct et_list *next; + const struct error_table *table; +}; + +#if defined(__GNUC__) + +#ifdef __FreeBSD__ +asm(".globl __et_list"); /* FreeBSD bug workaround */ +#endif +struct et_list * _et_list __attribute__ ((weak)) = 0; + +#else /* !__GNUC__ */ + +#ifdef HAVE_PRAGMA_WEAK + +#pragma weak _et_list = __et_list +struct et_list * __et_list = 0; + +#else /* !HAVE_PRAGMA_WEAK */ + +struct et_list * _et_list = 0; + +#endif /* !HAVE_PRAGMA_WEAK */ + +#endif /* !__GNUC__ */ diff --git a/crypto/kerberosIV/lib/krb/get_ad_tkt.c b/crypto/kerberosIV/lib/krb/get_ad_tkt.c new file mode 100644 index 0000000..9590760 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_ad_tkt.c @@ -0,0 +1,190 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: get_ad_tkt.c,v 1.16 1997/05/30 17:43:34 bg Exp $"); + +/* + * get_ad_tkt obtains a new service ticket from Kerberos, using + * the ticket-granting ticket which must be in the ticket file. + * It is typically called by krb_mk_req() when the client side + * of an application is creating authentication information to be + * sent to the server side. + * + * get_ad_tkt takes four arguments: three pointers to strings which + * contain the name, instance, and realm of the service for which the + * ticket is to be obtained; and an integer indicating the desired + * lifetime of the ticket. + * + * It returns an error status if the ticket couldn't be obtained, + * or AD_OK if all went well. The ticket is stored in the ticket + * cache. + * + * The request sent to the Kerberos ticket-granting service looks + * like this: + * + * pkt->dat + * + * TEXT original contents of authenticator+ticket + * pkt->dat built in krb_mk_req call + * + * 4 bytes time_ws always 0 (?) + * char lifetime lifetime argument passed + * string service service name argument + * string sinstance service instance arg. + * + * See "prot.h" for the reply packet layout and definitions of the + * extraction macros like pkt_version(), pkt_msg_type(), etc. + */ + +int +get_ad_tkt(char *service, char *sinstance, char *realm, int lifetime) +{ + static KTEXT_ST pkt_st; + KTEXT pkt = & pkt_st; /* Packet to KDC */ + static KTEXT_ST rpkt_st; + KTEXT rpkt = &rpkt_st; /* Returned packet */ + + CREDENTIALS cr; + char lrealm[REALM_SZ]; + u_int32_t time_ws = 0; + int kerror; + unsigned char *p; + + /* + * First check if we have a "real" TGT for the corresponding + * realm, if we don't, use ordinary inter-realm authentication. + */ + + kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, &cr); + if (kerror == KSUCCESS) + strncpy(lrealm, realm, REALM_SZ); + else + kerror = krb_get_tf_realm(TKT_FILE, lrealm); + + if (kerror != KSUCCESS) + return(kerror); + + /* + * Look for the session key (and other stuff we don't need) + * in the ticket file for krbtgt.realm@lrealm where "realm" + * is the service's realm (passed in "realm" argument) and + * lrealm is the realm of our initial ticket. If we don't + * have this, we will try to get it. + */ + + if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, + realm, lrealm, &cr)) != KSUCCESS) { + /* + * If realm == lrealm, we have no hope, so let's not even try. + */ + if ((strncmp(realm, lrealm, REALM_SZ)) == 0) + return(AD_NOTGT); + else{ + if ((kerror = + get_ad_tkt(KRB_TICKET_GRANTING_TICKET, + realm, lrealm, lifetime)) != KSUCCESS) + if (kerror == KDC_PR_UNKNOWN) + return(AD_INTR_RLM_NOTGT); + else + return(kerror); + if ((kerror = krb_get_cred(KRB_TICKET_GRANTING_TICKET, + realm, lrealm, &cr)) != KSUCCESS) + return(kerror); + } + } + + /* + * Make up a request packet to the "krbtgt.realm@lrealm". + * Start by calling krb_mk_req() which puts ticket+authenticator + * into "pkt". Then tack other stuff on the end. + */ + + kerror = krb_mk_req(pkt, + KRB_TICKET_GRANTING_TICKET, + realm,lrealm,0L); + + if (kerror) + return(AD_NOTGT); + + p = pkt->dat + pkt->length; + + p += krb_put_int(time_ws, p, 4); + p += krb_put_int(lifetime, p, 1); + p += krb_put_nir(service, sinstance, NULL, p); + + pkt->length = p - pkt->dat; + rpkt->length = 0; + + /* Send the request to the local ticket-granting server */ + if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror); + + /* check packet version of the returned packet */ + + { + KTEXT_ST cip; + CREDENTIALS cred; + struct timeval tv; + + kerror = kdc_reply_cipher(rpkt, &cip); + if(kerror != KSUCCESS) + return kerror; + + encrypt_ktext(&cip, &cr.session, DES_DECRYPT); + + kerror = kdc_reply_cred(&cip, &cred); + if(kerror != KSUCCESS) + return kerror; + + if (strcmp(cred.service, service) || strcmp(cred.instance, sinstance) || + strcmp(cred.realm, realm)) /* not what we asked for */ + return INTK_ERR; /* we need a better code here XXX */ + + gettimeofday(&tv, NULL); + if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) { + return RD_AP_TIME; /* XXX should probably be better code */ + } + + + kerror = save_credentials(cred.service, cred.instance, cred.realm, + cred.session, cred.lifetime, cred.kvno, + &cred.ticket_st, tv.tv_sec); + return kerror; + } +} diff --git a/crypto/kerberosIV/lib/krb/get_cred.c b/crypto/kerberosIV/lib/krb/get_cred.c new file mode 100644 index 0000000..1a0016c --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_cred.c @@ -0,0 +1,70 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_cred.c,v 1.6 1997/05/30 17:38:29 bg Exp $"); + +/* + * krb_get_cred takes a service name, instance, and realm, and a + * structure of type CREDENTIALS to be filled in with ticket + * information. It then searches the ticket file for the appropriate + * ticket and fills in the structure with the corresponding + * information from the file. If successful, it returns KSUCCESS. + * On failure it returns a Kerberos error code. + */ + +int +krb_get_cred(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + CREDENTIALS *c) /* Credentials struct */ +{ + int tf_status; /* return value of tf function calls */ + CREDENTIALS cr; + + if (c == 0) + c = &cr; + + /* Open ticket file and lock it for shared reading */ + if ((tf_status = tf_init(TKT_FILE, R_TKT_FIL)) != KSUCCESS) + return(tf_status); + + /* Copy principal's name and instance into the CREDENTIALS struc c */ + + if ( (tf_status = tf_get_pname(c->pname)) != KSUCCESS || + (tf_status = tf_get_pinst(c->pinst)) != KSUCCESS ) + return (tf_status); + + /* Search for requested service credentials and copy into c */ + + while ((tf_status = tf_get_cred(c)) == KSUCCESS) { + if ((strcmp(c->service,service) == 0) && + (strcmp(c->instance,instance) == 0) && + (strcmp(c->realm,realm) == 0)) + break; + } + tf_close(); + + if (tf_status == EOF) + return (GC_NOTKT); + return(tf_status); +} diff --git a/crypto/kerberosIV/lib/krb/get_default_principal.c b/crypto/kerberosIV/lib/krb/get_default_principal.c new file mode 100644 index 0000000..3a111ea --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_default_principal.c @@ -0,0 +1,94 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: get_default_principal.c,v 1.10 1997/04/01 08:18:28 joda Exp $"); + +int +krb_get_default_principal(char *name, char *instance, char *realm) +{ + char *file; + int ret; + + char *p; + + if ((file = getenv("KRBTKFILE")) == NULL) + file = TKT_FILE; + + ret = krb_get_tf_fullname(file, name, instance, realm); + if(ret == KSUCCESS) + return 0; + + p = getenv("KRB4PRINCIPAL"); + if(p && kname_parse(name, instance, realm, p) == KSUCCESS) + return 1; + + +#ifdef HAVE_PWD_H + { + struct passwd *pw; + pw = getpwuid(getuid()); + if(pw == NULL){ + return -1; + } + + strcpy(name, pw->pw_name); + strcpy(instance, ""); + krb_get_lrealm(realm, 1); + + if(strcmp(name, "root") == 0){ + p = NULL; +#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN) + p = getlogin(); +#endif + if(p == NULL) + p = getenv("USER"); + if(p == NULL) + p = getenv("LOGNAME"); + if(p){ + strncpy (name, p, ANAME_SZ); + name[ANAME_SZ - 1] = '\0'; + strcpy(instance, "root"); + } + } + return 1; + } +#endif + return -1; +} diff --git a/crypto/kerberosIV/lib/krb/get_host.c b/crypto/kerberosIV/lib/krb/get_host.c new file mode 100644 index 0000000..de80ac4 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_host.c @@ -0,0 +1,292 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: get_host.c,v 1.30 1997/05/02 14:29:13 assar Exp $"); + +static struct host_list { + struct krb_host *this; + struct host_list *next; +} *hosts; + +static int krb_port = 0; + +static void +free_hosts(struct host_list *h) +{ + struct host_list *t; + while(h){ + if(h->this->realm) + free(h->this->realm); + if(h->this->host) + free(h->this->host); + t = h; + h = h->next; + free(t); + } +} + +static int +parse_address(char *address, int *proto, char **host, int *port) +{ + char *p, *q; + p = strchr(address, '/'); + *proto = IPPROTO_UDP; + if(p){ + char prot[32]; + struct protoent *pp; + strncpy(prot, address, p - address); + prot[p - address] = 0; + if((pp = getprotobyname(prot))) + *proto = pp->p_proto; + else + krb_warning("Bad protocol name `%s', Using default `udp'.\n", + prot); + p++; + }else + p = address; + q = strchr(p, ':'); + if(q){ + *host = (char*)malloc(q - p + 1); + strncpy(*host, p, q - p); + (*host)[q - p] = 0; + q++; + { + struct servent *sp = getservbyname(q, NULL); + if(sp) + *port = ntohs(sp->s_port); + else + if(sscanf(q, "%d", port) != 1){ + krb_warning("Bad port specification `%s', using port %d.", + q, krb_port); + *port = krb_port; + } + } + }else{ + *host = strdup(p); + *port = krb_port; + } + return 0; +} + +static int +add_host(char *realm, char *address, int admin, int validate) +{ + struct krb_host *host; + struct host_list *p, **last = &hosts; + host = (struct krb_host*)malloc(sizeof(struct krb_host)); + parse_address(address, &host->proto, &host->host, &host->port); + if(validate && gethostbyname(host->host) == NULL){ + free(host->host); + free(host); + return 1; + } + host->admin = admin; + for(p = hosts; p; p = p->next){ + if(strcmp(realm, p->this->realm) == 0 && + strcmp(host->host, p->this->host) == 0 && + host->proto == p->this->proto && + host->port == p->this->port){ + free(host->host); + free(host); + return 1; + } + last = &p->next; + } + host->realm = strdup(realm); + p = (struct host_list*)malloc(sizeof(struct host_list)); + p->this = host; + p->next = NULL; + *last = p; + return 0; +} + + + +static int +read_file(const char *filename, const char *r) +{ + char line[1024]; + char realm[1024]; + char address[1024]; + char scratch[1024]; + int n; + int nhosts = 0; + + FILE *f = fopen(filename, "r"); + if(f == NULL) + return -1; + while(fgets(line, sizeof(line), f)){ + n = sscanf(line, "%s %s admin %s", realm, address, scratch); + if(n == 2 || n == 3){ + if(strcmp(realm, r)) + continue; + if(add_host(realm, address, n == 3, 0) == 0) + nhosts++; + } + } + fclose(f); + return nhosts; +} + +static int +init_hosts(char *realm) +{ + static const char *files[] = KRB_CNF_FILES; + int i; + char *dir = getenv("KRBCONFDIR"); + + krb_port = ntohs(k_getportbyname (KRB_SERVICE, NULL, htons(KRB_PORT))); + if(dir){ + char file[MaxPathLen]; + if(k_concat(file, sizeof(file), dir, "/krb.conf", NULL) == 0) + read_file(file, realm); + } + for(i = 0; files[i]; i++) + read_file(files[i], realm); + return 0; +} + +static void +srv_find_realm(char *realm, char *proto, char *service) +{ + char *domain; + struct dns_reply *r; + struct resource_record *rr; + + k_mconcat(&domain, 1024, service, ".", proto, ".", realm, ".", NULL); + + if(domain == NULL) + return; + + r = dns_lookup(domain, "srv"); + if(r == NULL) + r = dns_lookup(domain, "txt"); + if(r == NULL){ + free(domain); + return; + } + for(rr = r->head; rr; rr = rr->next){ + if(rr->type == T_SRV){ + char buf[1024]; + + if (snprintf (buf, + sizeof(buf), + "%s/%s:%u", + proto, + rr->u.srv->target, + rr->u.srv->port) < sizeof(buf)) + add_host(realm, buf, 0, 0); + }else if(rr->type == T_TXT) + add_host(realm, rr->u.txt, 0, 0); + } + dns_free_data(r); + free(domain); +} + +struct krb_host* +krb_get_host(int nth, char *realm, int admin) +{ + struct host_list *p; + static char orealm[REALM_SZ]; + if(orealm[0] == 0 || strcmp(realm, orealm)){ + /* quick optimization */ + if(realm && realm[0]){ + strncpy(orealm, realm, sizeof(orealm) - 1); + orealm[sizeof(orealm) - 1] = 0; + }else{ + int ret = krb_get_lrealm(orealm, 1); + if(ret != KSUCCESS) + return NULL; + } + + if(hosts){ + free_hosts(hosts); + hosts = NULL; + } + + init_hosts(orealm); + + srv_find_realm(orealm, "udp", KRB_SERVICE); + srv_find_realm(orealm, "tcp", KRB_SERVICE); + + { + /* XXX this assumes no one has more than 99999 kerberos + servers */ + char host[REALM_SZ + sizeof("kerberos-XXXXX..")]; + int i = 0; + sprintf(host, "kerberos.%s.", orealm); + add_host(orealm, host, 1, 1); + do{ + i++; + sprintf(host, "kerberos-%d.%s.", i, orealm); + }while(i < 100000 && add_host(orealm, host, 0, 1) == 0); + } + } + + for(p = hosts; p; p = p->next){ + if(strcmp(orealm, p->this->realm) == 0 && + (!admin || p->this->admin)) + if(nth == 1) + return p->this; + else + nth--; + } + return NULL; +} + +int +krb_get_krbhst(char *host, char *realm, int nth) +{ + struct krb_host *p = krb_get_host(nth, realm, 0); + if(p == NULL) + return KFAILURE; + strcpy(host, p->host); + return KSUCCESS; +} + +int +krb_get_admhst(char *host, char *realm, int nth) +{ + struct krb_host *p = krb_get_host(nth, realm, 1); + if(p == NULL) + return KFAILURE; + strcpy(host, p->host); + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/get_in_tkt.c b/crypto/kerberosIV/lib/krb/get_in_tkt.c new file mode 100644 index 0000000..435632a --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_in_tkt.c @@ -0,0 +1,99 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_in_tkt.c,v 1.15 1997/03/23 03:53:08 joda Exp $"); + +/* + * This file contains three routines: passwd_to_key() and + * passwd_to_afskey() converts a password into a DES key, using the + * normal strinttokey and the AFS one, respectively, and + * krb_get_pw_in_tkt() gets an initial ticket for a user. + */ + +/* + * passwd_to_key() and passwd_to_afskey: given a password, return a DES key. + */ + +int +passwd_to_key(char *user, char *instance, char *realm, void *passwd, + des_cblock *key) +{ +#ifndef NOENCRYPTION + des_string_to_key((char *)passwd, key); +#endif + return 0; +} + + +int +passwd_to_afskey(char *user, char *instance, char *realm, void *passwd, + des_cblock *key) +{ +#ifndef NOENCRYPTION + afs_string_to_key((char *)passwd, realm, key); +#endif + return (0); +} + +/* + * krb_get_pw_in_tkt() takes the name of the server for which the initial + * ticket is to be obtained, the name of the principal the ticket is + * for, the desired lifetime of the ticket, and the user's password. + * It passes its arguments on to krb_get_in_tkt(), which contacts + * Kerberos to get the ticket, decrypts it using the password provided, + * and stores it away for future use. + * + * krb_get_pw_in_tkt() passes two additional arguments to krb_get_in_tkt(): + * the name of a routine (passwd_to_key()) to be used to get the + * password in case the "password" argument is null and NULL for the + * decryption procedure indicating that krb_get_in_tkt should use the + * default method of decrypting the response from the KDC. + * + * The result of the call to krb_get_in_tkt() is returned. + */ + +int +krb_get_pw_in_tkt(char *user, char *instance, char *realm, char *service, + char *sinstance, int life, char *password) +{ + char pword[100]; /* storage for the password */ + int code; + + /* Only request password once! */ + if (!password) { + if (des_read_pw_string(pword, sizeof(pword)-1, "Password: ", 0)){ + memset(pword, 0, sizeof(pword)); + return INTK_BADPW; + } + password = pword; + } + + code = krb_get_in_tkt(user,instance,realm,service,sinstance,life, + passwd_to_key, NULL, password); + if (code == INTK_BADPW) + code = krb_get_in_tkt(user,instance,realm,service,sinstance,life, + passwd_to_afskey, NULL, password); + if (password == pword) + memset(pword, 0, sizeof(pword)); + return(code); +} diff --git a/crypto/kerberosIV/lib/krb/get_krbrlm.c b/crypto/kerberosIV/lib/krb/get_krbrlm.c new file mode 100644 index 0000000..8c5b0c9 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_krbrlm.c @@ -0,0 +1,116 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_krbrlm.c,v 1.16 1997/05/02 01:26:22 assar Exp $"); + +/* + * krb_get_lrealm takes a pointer to a string, and a number, n. It fills + * in the string, r, with the name of the nth realm specified on the + * first line of the kerberos config file (KRB_CONF, defined in "krb.h"). + * It returns 0 (KSUCCESS) on success, and KFAILURE on failure. If the + * config file does not exist, and if n=1, a successful return will occur + * with r = KRB_REALM (also defined in "krb.h"). + * + * NOTE: for archaic & compatibility reasons, this routine will only return + * valid results when n = 1. + * + * For the format of the KRB_CONF file, see comments describing the routine + * krb_get_krbhst(). + */ + +static int +krb_get_lrealm_f(char *r, int n, const char *fname) +{ + FILE *f; + int ret = KFAILURE; + f = fopen(fname, "r"); + if(f){ + char buf[REALM_SZ]; + if(fgets(buf, sizeof(buf), f)){ + char *p = buf + strspn(buf, " \t"); + p[strcspn(p, " \t\r\n")] = 0; + p[REALM_SZ - 1] = 0; + strcpy(r, p); + ret = KSUCCESS; + } + fclose(f); + } + return ret; +} + +int +krb_get_lrealm(char *r, int n) +{ + static const char *const files[] = KRB_CNF_FILES; + int i; + + const char *dir = getenv("KRBCONFDIR"); + + if (n > 1) + return(KFAILURE); /* Temporary restriction */ + + /* First try user specified file */ + if (dir != 0) { + char fname[MaxPathLen]; + if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0) + if (krb_get_lrealm_f(r, n, fname) == KSUCCESS) + return KSUCCESS; + } + + for (i = 0; files[i] != 0; i++) + if (krb_get_lrealm_f(r, n, files[i]) == KSUCCESS) + return KSUCCESS; + + /* If nothing else works try LOCALDOMAIN, if it exists */ + if (n == 1) + { + char *t, hostname[MaxHostNameLen]; + k_gethostname(hostname, sizeof(hostname)); + t = krb_realmofhost(hostname); + if (t) { + strcpy (r, t); + return KSUCCESS; + } + t = strchr(hostname, '.'); + if (t == 0) + return KFAILURE; /* No domain part, you loose */ + + t++; /* Skip leading dot and upcase the rest */ + for (; *t; t++, r++) + *r = toupper(*t); + *r = 0; + return(KSUCCESS); + } + else + return(KFAILURE); +} + +/* For SunOS5 compat. */ +char * +krb_get_default_realm(void) +{ + static char local_realm[REALM_SZ]; /* local kerberos realm */ + if (krb_get_lrealm(local_realm, 1) != KSUCCESS) + strcpy(local_realm, "NO.DEFAULT.REALM"); + return local_realm; +} diff --git a/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c b/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c new file mode 100644 index 0000000..c290524 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_svc_in_tkt.c @@ -0,0 +1,76 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_svc_in_tkt.c,v 1.8 1997/03/23 03:53:09 joda Exp $"); + +/* + * This file contains two routines: srvtab_to_key(), which gets + * a server's key from a srvtab file, and krb_get_svc_in_tkt() which + * gets an initial ticket for a server. + */ + +/* + * srvtab_to_key(): given a "srvtab" file (where the keys for the + * service on a host are stored), return the private key of the + * given service (user.instance@realm). + * + * srvtab_to_key() passes its arguments on to read_service_key(), + * plus one additional argument, the key version number. + * (Currently, the key version number is always 0; this value + * is treated as a wildcard by read_service_key().) + * + * If the "srvtab" argument is null, KEYFILE (defined in "krb.h") + * is passed in its place. + * + * It returns the return value of the read_service_key() call. + * The service key is placed in "key". + */ + +int +srvtab_to_key(char *user, char *instance, char *realm, void *srvtab, + des_cblock *key) +{ + if (!srvtab) + srvtab = KEYFILE; + + return(read_service_key(user, instance, realm, 0, (char *)srvtab, + (char *)key)); +} + +/* + * krb_get_svc_in_tkt() passes its arguments on to krb_get_in_tkt(), + * plus two additional arguments: a pointer to the srvtab_to_key() + * function to be used to get the key from the key file and a NULL + * for the decryption procedure indicating that krb_get_in_tkt should + * use the default method of decrypting the response from the KDC. + * + * It returns the return value of the krb_get_in_tkt() call. + */ + +int +krb_get_svc_in_tkt(char *user, char *instance, char *realm, char *service, + char *sinstance, int life, char *srvtab) +{ + return(krb_get_in_tkt(user, instance, realm, service, sinstance, + life, srvtab_to_key, NULL, srvtab)); +} diff --git a/crypto/kerberosIV/lib/krb/get_tf_fullname.c b/crypto/kerberosIV/lib/krb/get_tf_fullname.c new file mode 100644 index 0000000..33733d0 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_tf_fullname.c @@ -0,0 +1,70 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_tf_fullname.c,v 1.6 1997/03/23 03:53:10 joda Exp $"); + +/* + * This file contains a routine to extract the fullname of a user + * from the ticket file. + */ + +/* + * krb_get_tf_fullname() takes four arguments: the name of the + * ticket file, and variables for name, instance, and realm to be + * returned in. Since the realm of a ticket file is not really fully + * supported, the realm used will be that of the the first ticket in + * the file as this is the one that was obtained with a password by + * krb_get_in_tkt(). + */ + +int +krb_get_tf_fullname(char *ticket_file, char *name, char *instance, char *realm) +{ + int tf_status; + CREDENTIALS c; + + if ((tf_status = tf_init(ticket_file, R_TKT_FIL)) != KSUCCESS) + return(tf_status); + + if (((tf_status = tf_get_pname(c.pname)) != KSUCCESS) || + ((tf_status = tf_get_pinst(c.pinst)) != KSUCCESS)) + return (tf_status); + + if (name) + strcpy(name, c.pname); + if (instance) + strcpy(instance, c.pinst); + if ((tf_status = tf_get_cred(&c)) == KSUCCESS) { + if (realm) + strcpy(realm, c.realm); + } + else { + if (tf_status == EOF) + return(KFAILURE); + else + return(tf_status); + } + tf_close(); + + return(tf_status); +} diff --git a/crypto/kerberosIV/lib/krb/get_tf_realm.c b/crypto/kerberosIV/lib/krb/get_tf_realm.c new file mode 100644 index 0000000..1a3c7d1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/get_tf_realm.c @@ -0,0 +1,41 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: get_tf_realm.c,v 1.5 1997/03/23 03:53:10 joda Exp $"); + +/* + * This file contains a routine to extract the realm of a kerberos + * ticket file. + */ + +/* + * krb_get_tf_realm() takes two arguments: the name of a ticket + * and a variable to store the name of the realm in. + * + */ + +int +krb_get_tf_realm(char *ticket_file, char *realm) +{ + return(krb_get_tf_fullname(ticket_file, 0, 0, realm)); +} diff --git a/crypto/kerberosIV/lib/krb/getaddrs.c b/crypto/kerberosIV/lib/krb/getaddrs.c new file mode 100644 index 0000000..d25ec1b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/getaddrs.c @@ -0,0 +1,130 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: getaddrs.c,v 1.19 1997/04/01 08:18:29 joda Exp $"); + +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include <sys/ioctl.h> +#endif +#ifdef HAVE_NET_IF_H +#include <net/if.h> +#endif + +#ifdef HAVE_SYS_SOCKIO_H +#include <sys/sockio.h> +#endif /* HAVE_SYS_SOCKIO_H */ + +/* + * Return number and list of all local adresses. + */ + +int +k_get_all_addrs (struct in_addr **l) +{ +#if !defined(SIOCGIFCONF) || !defined(SIOCGIFFLAGS) || !defined(SIOCGIFADDR) + char name[MaxHostNameLen]; + struct hostent *he; + + if (k_gethostname(name, sizeof(name)) < 0) + return -1; + he = gethostbyname (name); + if (he == NULL) + return -1; + *l = malloc(sizeof(**l)); + if (*l == NULL) + return -1; + memcpy (*l, he->h_addr_list[0], sizeof(*l)); + return 1; +#else + int fd; + char buf[BUFSIZ]; + struct ifreq ifreq; + struct ifconf ifconf; + int num, j; + char *p; + + fd = socket(AF_INET, SOCK_DGRAM, 0); + if (fd < 0) + return -1; + + ifconf.ifc_len = sizeof(buf); + ifconf.ifc_buf = buf; + if(ioctl(fd, SIOCGIFCONF, &ifconf) < 0) + return -1; + num = ifconf.ifc_len / sizeof(struct ifreq); + *l = malloc(num * sizeof(struct in_addr)); + if(*l == NULL) { + close (fd); + return -1; + } + + j = 0; + ifreq.ifr_name[0] = '\0'; + for (p = ifconf.ifc_buf; p < ifconf.ifc_buf + ifconf.ifc_len;) { + struct ifreq *ifr = (struct ifreq *)p; +#ifdef SOCKADDR_HAS_SA_LEN + size_t sz = sizeof(ifr->ifr_name) + ifr->ifr_addr.sa_len; +#else + size_t sz = sizeof(*ifr); +#endif + if(strncmp(ifreq.ifr_name, ifr->ifr_name, sizeof(ifr->ifr_name))) { + if(ioctl(fd, SIOCGIFFLAGS, ifr) < 0) { + close (fd); + free (*l); + return -1; + } + if (ifr->ifr_flags & IFF_UP) { + if(ioctl(fd, SIOCGIFADDR, ifr) < 0) { + close (fd); + free (*l); + return -1; + } + (*l)[j++] = ((struct sockaddr_in *)&ifr->ifr_addr)->sin_addr; + } + ifreq = *ifr; + } + p = p + sz; + } + if (j != num) + *l = realloc (*l, j * sizeof(struct in_addr)); + close (fd); + return j; +#endif /* SIOCGIFCONF */ +} diff --git a/crypto/kerberosIV/lib/krb/getrealm.c b/crypto/kerberosIV/lib/krb/getrealm.c new file mode 100644 index 0000000..05dfdab --- /dev/null +++ b/crypto/kerberosIV/lib/krb/getrealm.c @@ -0,0 +1,184 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: getrealm.c,v 1.25 1997/05/02 14:29:14 assar Exp $"); + +#define MATCH_SUBDOMAINS 0 + +/* + * krb_realmofhost. + * Given a fully-qualified domain-style primary host name, + * return the name of the Kerberos realm for the host. + * If the hostname contains no discernable domain, or an error occurs, + * return the local realm name, as supplied by get_krbrlm(). + * If the hostname contains a domain, but no translation is found, + * the hostname's domain is converted to upper-case and returned. + * + * The format of each line of the translation file is: + * domain_name kerberos_realm + * -or- + * host_name kerberos_realm + * + * domain_name should be of the form .XXX.YYY (e.g. .LCS.MIT.EDU) + * host names should be in the usual form (e.g. FOO.BAR.BAZ) + */ + +/* To automagically find the correct realm of a host (without + * krb.realms) add a text record for your domain with the name of your + * realm, like this: + * + * krb4-realm IN TXT FOO.SE + * + * The search is recursive, so you can also add entries for specific + * hosts. To find the realm of host a.b.c, it first tries + * krb4-realm.a.b.c, then krb4-realm.b.c and so on. + */ + +static int +dns_find_realm(char *hostname, char *realm) +{ + char domain[MaxHostNameLen + sizeof("krb4-realm..")]; + char *p; + int level = 0; + struct dns_reply *r; + + p = hostname; + + while(1){ + snprintf(domain, sizeof(domain), "krb4-realm.%s.", p); + r = dns_lookup(domain, "TXT"); + if(r){ + struct resource_record *rr = r->head; + while(rr){ + if(rr->type == T_TXT){ + strncpy(realm, rr->u.txt, REALM_SZ); + realm[REALM_SZ - 1] = 0; + dns_free_data(r); + return level; + } + rr = rr->next; + } + dns_free_data(r); + } + level++; + p = strchr(p, '.'); + if(p == NULL) + break; + p++; + } + return -1; +} + + +static FILE * +open_krb_realms(void) +{ + static const char *const files[] = KRB_RLM_FILES; + FILE *res; + int i; + + const char *dir = getenv("KRBCONFDIR"); + + /* First try user specified file */ + if (dir != 0) { + char fname[MaxPathLen]; + + if(k_concat(fname, sizeof(fname), dir, "/krb.realms", NULL) == 0) + if ((res = fopen(fname, "r")) != NULL) + return res; + } + + for (i = 0; files[i] != 0; i++) + if ((res = fopen(files[i], "r")) != NULL) + return res; + + return NULL; +} + +char * +krb_realmofhost(const char *host) +{ + static char ret_realm[REALM_SZ]; + char *domain; + FILE *trans_file; + char trans_host[MaxHostNameLen]; + char trans_realm[REALM_SZ]; + char buf[1024]; + + char phost[MaxHostNameLen]; + + krb_name_to_name(host, phost, sizeof(phost)); + + domain = strchr(phost, '.'); + + /* prepare default */ + if(dns_find_realm(phost, ret_realm) < 0){ + if (domain) { + char *cp; + + strncpy(ret_realm, &domain[1], REALM_SZ); + ret_realm[REALM_SZ - 1] = 0; + /* Upper-case realm */ + for (cp = ret_realm; *cp; cp++) + *cp = toupper(*cp); + } else { + krb_get_lrealm(ret_realm, 1); + } + } + + if ((trans_file = open_krb_realms()) == NULL) + return(ret_realm); /* krb_errno = KRB_NO_TRANS */ + + while (fgets(buf, sizeof(buf), trans_file)) { + char *save = NULL; + char *tok = strtok_r(buf, " \t\r\n", &save); + if(tok == NULL) + continue; + strncpy(trans_host, tok, MaxHostNameLen); + trans_host[MaxHostNameLen - 1] = 0; + tok = strtok_r(NULL, " \t\r\n", &save); + if(tok == NULL) + continue; + strcpy(trans_realm, tok); + trans_realm[REALM_SZ - 1] = 0; + if (!strcasecmp(trans_host, phost)) { + /* exact match of hostname, so return the realm */ + strcpy(ret_realm, trans_realm); + fclose(trans_file); + return(ret_realm); + } + if ((trans_host[0] == '.') && domain) { + char *cp = domain; + do { + if(strcasecmp(trans_host, domain) == 0){ + /* domain match, save for later */ + strcpy(ret_realm, trans_realm); + break; + } + cp = strchr(cp + 1, '.'); + } while(MATCH_SUBDOMAINS && cp); + } + } + fclose(trans_file); + return ret_realm; +} diff --git a/crypto/kerberosIV/lib/krb/getst.c b/crypto/kerberosIV/lib/krb/getst.c new file mode 100644 index 0000000..de99962 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/getst.c @@ -0,0 +1,45 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: getst.c,v 1.6 1997/03/23 03:53:11 joda Exp $"); + +/* + * getst() takes a file descriptor, a string and a count. It reads + * from the file until either it has read "count" characters, or until + * it reads a null byte. When finished, what has been read exists in + * the given string "s". If "count" characters were actually read, the + * last is changed to a null, so the returned string is always null- + * terminated. getst() returns the number of characters read, including + * the null terminator. + */ + +int +getst(int fd, char *s, int n) +{ + int count = n; + while (read(fd, s, 1) > 0 && --count) + if (*s++ == '\0') + return (n - count); + *s = '\0'; + return (n - count); +} diff --git a/crypto/kerberosIV/lib/krb/gettimeofday.c b/crypto/kerberosIV/lib/krb/gettimeofday.c new file mode 100644 index 0000000..734ca59 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/gettimeofday.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" +RCSID("$Id: gettimeofday.c,v 1.5 1997/04/01 08:18:29 joda Exp $"); + +#ifndef HAVE_GETTIMEOFDAY +/* + * Simple gettimeofday that only returns seconds. + */ +int +gettimeofday (struct timeval *tp, void *ignore) +{ + time_t t; + + t = time(NULL); + tp->tv_sec = t; + tp->tv_usec = 0; + return 0; +} +#endif diff --git a/crypto/kerberosIV/lib/krb/k_concat.c b/crypto/kerberosIV/lib/krb/k_concat.c new file mode 100644 index 0000000..e7daa5f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_concat.c @@ -0,0 +1,116 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_concat.c,v 1.5 1997/05/02 08:56:39 joda Exp $"); + +int +k_concat (char *s, size_t len, ...) +{ + int ret; + va_list args; + + va_start(args, len); + ret = k_vconcat (s, len, args); + va_end(args); + return ret; +} + +int +k_vconcat (char *s, size_t len, va_list args) +{ + const char *a; + + while ((a = va_arg(args, const char*))) { + size_t n = strlen (a); + + if (n >= len) + return -1; + strncpy (s, a, n); + s += n; + len -= n; + } + *s = '\0'; + return 0; +} + +size_t +k_vmconcat (char **s, size_t max_len, va_list args) +{ + const char *a; + char *p, *q; + size_t len = 0; + *s = NULL; + p = malloc(1); + if(p == NULL) + return 0; + *p = 0; + len = 1; + while ((a = va_arg(args, const char*))) { + size_t n = strlen (a); + + if(max_len && len + n > max_len){ + free(p); + return 0; + } + q = realloc(p, len + n); + if(q == NULL){ + free(p); + return 0; + } + p = q; + len += n; + strcat(p, a); + } + *s = p; + return len; +} + +size_t +k_mconcat (char **s, size_t max_len, ...) +{ + int ret; + va_list args; + + va_start(args, max_len); + ret = k_vmconcat (s, max_len, args); + va_end(args); + return ret; +} + diff --git a/crypto/kerberosIV/lib/krb/k_flock.c b/crypto/kerberosIV/lib/krb/k_flock.c new file mode 100644 index 0000000..844c34c --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_flock.c @@ -0,0 +1,95 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_flock.c,v 1.8 1997/04/01 08:18:30 joda Exp $"); + +#define K_OP_MASK (K_LOCK_SH | K_LOCK_EX | K_LOCK_UN) + +int +k_flock(int fd, int operation) +{ +#ifdef HAVE_FLOCK + int op = 0; + if (operation & K_LOCK_SH) + op |= LOCK_SH; + if (operation & K_LOCK_EX) + op |= LOCK_EX; + if (operation & K_LOCK_UN) + op |= LOCK_UN; + if (operation & K_LOCK_NB) + op |= LOCK_NB; + + return flock(fd, op); +#elif defined(HAVE_FCNTL) && defined(F_SETLK) + struct flock arg; + int code, cmd; + + arg.l_whence = SEEK_SET; + arg.l_start = 0; + arg.l_len = 0; /* means to EOF */ + + if (operation & K_LOCK_NB) + cmd = F_SETLK; + else + cmd = F_SETLKW; /* Blocking */ + + switch (operation & K_OP_MASK) { + case K_LOCK_UN: + arg.l_type = F_UNLCK; + code = fcntl(fd, F_SETLK, &arg); + break; + case K_LOCK_SH: + arg.l_type = F_RDLCK; + code = fcntl(fd, cmd, &arg); + break; + case K_LOCK_EX: + arg.l_type = F_WRLCK; + code = fcntl(fd, cmd, &arg); + break; + default: + errno = EINVAL; + code = -1; + break; + } + return code; +#else + return -1; +#endif /* !HAVE_FLOCK */ +} diff --git a/crypto/kerberosIV/lib/krb/k_gethostname.c b/crypto/kerberosIV/lib/krb/k_gethostname.c new file mode 100644 index 0000000..0f4d57f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_gethostname.c @@ -0,0 +1,58 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" +RCSID("$Id: k_gethostname.c,v 1.10 1997/03/23 03:53:12 joda Exp $"); + +#ifdef HAVE_SYS_UTSNAME_H +#include <sys/utsname.h> +#endif + +/* + * Return the local host's name in "name", up to "namelen" characters. + * "name" will be null-terminated if "namelen" is big enough. + * The return code is 0 on success, -1 on failure. (The calling + * interface is identical to gethostname(2).) + */ + +int +k_gethostname(char *name, int namelen) +{ +#if defined(HAVE_GETHOSTNAME) + return gethostname(name, namelen); +#elif defined(HAVE_UNAME) + { + struct utsname utsname; + int ret; + + ret = uname (&utsname); + if (ret < 0) + return ret; + strncpy (name, utsname.nodename, namelen); + name[namelen-1] = '\0'; + return 0; + } +#else + strncpy (name, "some.random.host", namelen); + name[namelen-1] = '\0'; + return 0; +#endif +} diff --git a/crypto/kerberosIV/lib/krb/k_getport.c b/crypto/kerberosIV/lib/krb/k_getport.c new file mode 100644 index 0000000..c5f9f15 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_getport.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_getport.c,v 1.10 1997/04/01 08:18:30 joda Exp $"); + +int +k_getportbyname (const char *service, const char *proto, int default_port) +{ +#ifdef HAVE_GETSERVBYNAME + struct servent *sp; + + sp = getservbyname(service, proto); + if(sp != NULL) + return sp->s_port; + + krb_warning ("%s/%s unknown service, using default port %d\n", + service, proto ? proto : "*", ntohs(default_port)); +#endif + return default_port; +} diff --git a/crypto/kerberosIV/lib/krb/k_getsockinst.c b/crypto/kerberosIV/lib/krb/k_getsockinst.c new file mode 100644 index 0000000..04676b1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_getsockinst.c @@ -0,0 +1,73 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_getsockinst.c,v 1.10 1997/05/02 14:29:17 assar Exp $"); + +/* + * Return in inst the name of the local interface bound to socket + * fd. On Failure return the 'wildcard' instance "*". + */ + +int +k_getsockinst(int fd, char *inst, size_t inst_size) +{ + struct sockaddr_in addr; + int len = sizeof(addr); + struct hostent *hnam; + + if (getsockname(fd, (struct sockaddr *)&addr, &len) < 0) + goto fail; + + hnam = gethostbyaddr((char *)&addr.sin_addr, + sizeof(addr.sin_addr), + addr.sin_family); + if (hnam == 0) + goto fail; + + strncpy (inst, hnam->h_name, inst_size); + inst[inst_size - 1] = '\0'; + k_ricercar(inst); /* Canonicalize name */ + return 0; /* Success */ + + fail: + inst[0] = '*'; + inst[1] = 0; + return -1; +} diff --git a/crypto/kerberosIV/lib/krb/k_localtime.c b/crypto/kerberosIV/lib/krb/k_localtime.c new file mode 100644 index 0000000..a6ffb9b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/k_localtime.c @@ -0,0 +1,48 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: k_localtime.c,v 1.7 1997/04/01 08:18:31 joda Exp $"); + +struct tm *k_localtime(u_int32_t *tp) +{ + time_t t; + t = *tp; + return localtime(&t); +} diff --git a/crypto/kerberosIV/lib/krb/kdc_reply.c b/crypto/kerberosIV/lib/krb/kdc_reply.c new file mode 100644 index 0000000..aa012e0 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/kdc_reply.c @@ -0,0 +1,131 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: kdc_reply.c,v 1.9 1997/04/15 21:52:14 assar Exp $"); + +static int little_endian; /* XXX ugly */ + +int +kdc_reply_cred(KTEXT cip, CREDENTIALS *cred) +{ + unsigned char *p = cip->dat; + + memcpy(cred->session, p, 8); + p += 8; + + if(p + strlen((char*)p) > cip->dat + cip->length) + return INTK_BADPW; + p += krb_get_string(p, cred->service); + + if(p + strlen((char*)p) > cip->dat + cip->length) + return INTK_BADPW; + p += krb_get_string(p, cred->instance); + + if(p + strlen((char*)p) > cip->dat + cip->length) + return INTK_BADPW; + p += krb_get_string(p, cred->realm); + + if(p + 3 > cip->dat + cip->length) + return INTK_BADPW; + cred->lifetime = *p++; + cred->kvno = *p++; + cred->ticket_st.length = *p++; + + if(p + cred->ticket_st.length + 4 > cip->dat + cip->length) + return INTK_BADPW; + memcpy(cred->ticket_st.dat, p, cred->ticket_st.length); + p += cred->ticket_st.length; + + p += krb_get_int(p, (u_int32_t *)&cred->issue_date, 4, little_endian); + + return KSUCCESS; +} + +int +kdc_reply_cipher(KTEXT reply, KTEXT cip) +{ + unsigned char *p; + unsigned char pvno; + unsigned char type; + + char aname[ANAME_SZ]; + char inst[INST_SZ]; + char realm[REALM_SZ]; + + u_int32_t kdc_time; + u_int32_t exp_date; + u_int32_t clen; + + p = reply->dat; + + pvno = *p++; + + if (pvno != KRB_PROT_VERSION ) + return INTK_PROT; + + type = *p++; + little_endian = type & 1; + + type &= ~1; + + if(type == AUTH_MSG_ERR_REPLY){ + u_int32_t code; + p += strlen((char*)p) + 1; /* name */ + p += strlen((char*)p) + 1; /* instance */ + p += strlen((char*)p) + 1; /* realm */ + p += 4; /* time */ + p += krb_get_int(p, &code, 4, little_endian); + return code; + } + if(type != AUTH_MSG_KDC_REPLY) + return INTK_PROT; + + p += krb_get_nir(p, aname, inst, realm); + p += krb_get_int(p, &kdc_time, 4, little_endian); + p++; /* number of tickets */ + p += krb_get_int(p, &exp_date, 4, little_endian); + p++; /* master key version number */ + p += krb_get_int(p, &clen, 2, little_endian); + cip->length = clen; + memcpy(cip->dat, p, clen); + p += clen; + + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/klog.h b/crypto/kerberosIV/lib/krb/klog.h new file mode 100644 index 0000000..cee92d9 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/klog.h @@ -0,0 +1,47 @@ +/* + * $Id: klog.h,v 1.5 1997/05/11 11:05:28 assar Exp $ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * This file defines the types of log messages logged by klog. Each + * type of message may be selectively turned on or off. + */ + +#ifndef KLOG_DEFS +#define KLOG_DEFS + +#ifndef KRBLOG +#define KRBLOG "/var/log/kerberos.log" /* master server */ +#endif +#ifndef KRBSLAVELOG +#define KRBSLAVELOG "/var/log/kerberos_slave.log" /* slave server */ +#endif +#define NLOGTYPE 100 /* Maximum number of log msg types */ + +#define L_NET_ERR 1 /* Error in network code */ +#define L_NET_INFO 2 /* Info on network activity */ +#define L_KRB_PERR 3 /* Kerberos protocol errors */ +#define L_KRB_PINFO 4 /* Kerberos protocol info */ +#define L_INI_REQ 5 /* Request for initial ticket */ +#define L_NTGT_INTK 6 /* Initial request not for TGT */ +#define L_DEATH_REQ 7 /* Request for server death */ +#define L_TKT_REQ 8 /* All ticket requests using a tgt */ +#define L_ERR_SEXP 9 /* Service expired */ +#define L_ERR_MKV 10 /* Master key version incorrect */ +#define L_ERR_NKY 11 /* User's key is null */ +#define L_ERR_NUN 12 /* Principal not unique */ +#define L_ERR_UNK 13 /* Principal Unknown */ +#define L_ALL_REQ 14 /* All requests */ +#define L_APPL_REQ 15 /* Application requests (using tgt) */ +#define L_KRB_PWARN 16 /* Protocol warning messages */ + +char * klog __P((int type, const char *format, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 3))) +#endif +; + +#endif /* KLOG_DEFS */ diff --git a/crypto/kerberosIV/lib/krb/kntoln.c b/crypto/kerberosIV/lib/krb/kntoln.c new file mode 100644 index 0000000..88b8b25 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/kntoln.c @@ -0,0 +1,180 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +/* + * krb_kntoln converts an auth name into a local name by looking up + * the auth name in the /etc/aname file. The format of the aname + * file is: + * + * +-----+-----+-----+-----+------+----------+-------+-------+ + * | anl | inl | rll | lnl | name | instance | realm | lname | + * +-----+-----+-----+-----+------+----------+-------+-------+ + * | 1by | 1by | 1by | 1by | name | instance | realm | lname | + * +-----+-----+-----+-----+------+----------+-------+-------+ + * + * If the /etc/aname file can not be opened it will set the + * local name to the auth name. Thus, in this case it performs as + * the identity function. + * + * The name instance and realm are passed to krb_kntoln through + * the AUTH_DAT structure (ad). + * + * Now here's what it *really* does: + * + * Given a Kerberos name in an AUTH_DAT structure, check that the + * instance is null, and that the realm is the same as the local + * realm, and return the principal's name in "lname". Return + * KSUCCESS if all goes well, otherwise KFAILURE. + */ + +#include "krb_locl.h" + +RCSID("$Id: kntoln.c,v 1.7 1997/03/23 03:53:12 joda Exp $"); + +int +krb_kntoln(AUTH_DAT *ad, char *lname) +{ + static char lrealm[REALM_SZ] = ""; + + if (!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) + return(KFAILURE); + + if (strcmp(ad->pinst, "")) + return(KFAILURE); + if (strcmp(ad->prealm, lrealm)) + return(KFAILURE); + strcpy(lname, ad->pname); + return(KSUCCESS); +} + +#if 0 +/* Posted to usenet by "Derrick J. Brashear" <shadow+@andrew.cmu.edu> */ + +#include <krb.h> +#include <ndbm.h> +#include <stdio.h> +#include <sys/file.h> +#include <strings.h> +#include <sys/syslog.h> +#include <sys/errno.h> + +extern int errno; +/* + * antoln converts an authentication name into a local name by looking up + * the authentication name in the /etc/aname dbm database. + * + * If the /etc/aname file can not be opened it will set the + * local name to the principal name. Thus, in this case it performs as + * the identity function. + * + * The name instance and realm are passed to antoln through + * the AUTH_DAT structure (ad). + */ + +static char lrealm[REALM_SZ] = ""; + +an_to_ln(ad,lname) +AUTH_DAT *ad; +char *lname; +{ + static DBM *aname = NULL; + char keyname[ANAME_SZ+INST_SZ+REALM_SZ+2]; + + if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) + return(KFAILURE); + + if((strcmp(ad->pinst,"") && strcmp(ad->pinst,"root")) || +strcmp(ad->prealm,lrealm)) { + datum val; + datum key; + /* + * Non-local name (or) non-null and non-root instance. + * Look up in dbm file. + */ + if (!aname) { + if ((aname = dbm_open("/etc/aname", O_RDONLY, 0)) + == NULL) return (KFAILURE); + } + /* Construct dbm lookup key. */ + an_to_a(ad, keyname); + key.dptr = keyname; + key.dsize = strlen(keyname)+1; + flock(dbm_dirfno(aname), LOCK_SH); + val = dbm_fetch(aname, key); + flock(dbm_dirfno(aname), LOCK_UN); + if (!val.dptr) { + dbm_close(aname); + return(KFAILURE); + } + /* Got it! */ + strcpy(lname,val.dptr); + return(KSUCCESS); + } else strcpy(lname,ad->pname); + return(KSUCCESS); +} + +an_to_a(ad, str) + AUTH_DAT *ad; + char *str; +{ + strcpy(str, ad->pname); + if(*ad->pinst) { + strcat(str, "."); + strcat(str, ad->pinst); + } + strcat(str, "@"); + strcat(str, ad->prealm); +} + +/* + * Parse a string of the form "user[.instance][@realm]" + * into a struct AUTH_DAT. + */ + +a_to_an(str, ad) + AUTH_DAT *ad; + char *str; +{ + char *buf = (char *)malloc(strlen(str)+1); + char *rlm, *inst, *princ; + + if(!(*lrealm) && (krb_get_lrealm(lrealm,1) == KFAILURE)) { + free(buf); + return(KFAILURE); + } + /* destructive string hacking is more fun.. */ + strcpy(buf, str); + + if (rlm = index(buf, '@')) { + *rlm++ = '\0'; + } + if (inst = index(buf, '.')) { + *inst++ = '\0'; + } + strcpy(ad->pname, buf); + if(inst) strcpy(ad->pinst, inst); + else *ad->pinst = '\0'; + if (rlm) strcpy(ad->prealm, rlm); + else strcpy(ad->prealm, lrealm); + free(buf); + return(KSUCCESS); +} +#endif diff --git a/crypto/kerberosIV/lib/krb/krb.def b/crypto/kerberosIV/lib/krb/krb.def new file mode 100644 index 0000000..da2e906 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb.def @@ -0,0 +1,92 @@ +LIBRARY "krb" BASE=0x07000000 + +DESCRIPTION "Dynamic link library for kerberos version 4" +VERSION 1.0 + +EXPORTS + krb_get_err_text + + newTktMem + getTktMem + firstCred + nextCredIndex + currCredIndex + nextFreeIndex + + k_flock + k_localtime + k_getsockinst + k_getportbyname + k_get_all_addrs + + krb_equiv + + afs_string_to_key + + krb_life_to_time + krb_time_to_life + krb_life_to_atime + krb_atime_to_life + + tf_get_cred + tf_get_pinst + tf_get_pname + tf_put_pinst + tf_put_pname + tf_init + tf_create + tf_save_cred + tf_close + + krb_mk_priv + krb_rd_priv + + create_auth_reply + krb_get_phost + krb_realmofhost + tkt_string + create_ciph + decomp_ticket + dest_tkt + get_ad_tkt + in_tkt + k_gethostname + k_isinst + k_isname + k_isrealm + kname_parse + krb_create_ticket + krb_get_admhst + krb_get_cred + krb_get_in_tkt + krb_get_krbhst + krb_get_lrealm + krb_get_default_realm + krb_get_pw_in_tkt + krb_get_svc_in_tkt + krb_get_tf_fullname + krb_get_tf_realm + krb_kntoln + krb_mk_req + krb_net_read + krb_net_write + krb_rd_err + krb_rd_req + krb_recvauth + krb_sendauth + krb_set_key + krb_set_lifetime + read_service_key + save_credentials + send_to_kdc + krb_mk_err + krb_mk_safe + krb_rd_safe + ad_print + cr_err_reply + krb_set_tkt_string + krb_get_default_principal + krb_realm_parse + krb_verify_user + kset_logfile + getst diff --git a/crypto/kerberosIV/lib/krb/krb.h b/crypto/kerberosIV/lib/krb/krb.h new file mode 100644 index 0000000..1ce349e --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb.h @@ -0,0 +1,565 @@ +/* + * $Id: krb.h,v 1.76 1997/05/26 17:47:31 bg Exp $ + * + * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Include file for the Kerberos library. + */ + +/* Only one time, please */ +#ifndef KRB_DEFS +#define KRB_DEFS + +#include <ktypes.h> +#include <sys/cdefs.h> +#include <stdarg.h> +#include <time.h> + +__BEGIN_DECLS + +#ifndef __P +#define __P(x) x +#endif + +/* Need some defs from des.h */ +#if !defined(NOPROTO) && !defined(__STDC__) +#define NOPROTO +#endif +#include <des.h> + +/* Don't use these guys, they are only for compatibility with CNS. */ +#ifndef KRB_INT32 +#define KRB_INT32 int32_t +#endif +#ifndef KRB_UINT32 +#define KRB_UINT32 u_int32_t +#endif + +/* Global library variables. */ +extern int krb_ignore_ip_address; /* To turn off IP address comparison */ +extern int krb_no_long_lifetimes; /* To disable AFS compatible lifetimes */ +extern int krbONE; +#define HOST_BYTE_ORDER (* (char *) &krbONE) + +/* Text describing error codes */ +#define MAX_KRB_ERRORS 256 +extern const char *krb_err_txt[MAX_KRB_ERRORS]; + +/* Use this function rather than indexing in krb_err_txt */ +const char *krb_get_err_text __P((int code)); + + +/* General definitions */ +#define KSUCCESS 0 +#define KFAILURE 255 + +/* + * Kerberos specific definitions + * + * KRBLOG is the log file for the kerberos master server. KRB_CONF is + * the configuration file where different host machines running master + * and slave servers can be found. KRB_MASTER is the name of the + * machine with the master database. The admin_server runs on this + * machine, and all changes to the db (as opposed to read-only + * requests, which can go to slaves) must go to it. KRB_HOST is the + * default machine * when looking for a kerberos slave server. Other + * possibilities are * in the KRB_CONF file. KRB_REALM is the name of + * the realm. + */ + +/* /etc/kerberosIV is only for backwards compatibility, don't use it! */ +#ifndef KRB_CONF +#define KRB_CONF "/etc/krb.conf" +#endif +#ifndef KRB_RLM_TRANS +#define KRB_RLM_TRANS "/etc/krb.realms" +#endif +#ifndef KRB_CNF_FILES +#define KRB_CNF_FILES { KRB_CONF, "/etc/kerberosIV/krb.conf", 0} +#endif +#ifndef KRB_RLM_FILES +#define KRB_RLM_FILES { KRB_RLM_TRANS, "/etc/kerberosIV/krb.realms", 0} +#endif +#ifndef KRB_EQUIV +#define KRB_EQUIV "/etc/krb.equiv" +#endif +#define KRB_MASTER "kerberos" +#ifndef KRB_REALM +#define KRB_REALM (krb_get_default_realm()) +#endif + +/* The maximum sizes for aname, realm, sname, and instance +1 */ +#define ANAME_SZ 40 +#define REALM_SZ 40 +#define SNAME_SZ 40 +#define INST_SZ 40 +/* Leave space for quoting */ +#define MAX_K_NAME_SZ (2*ANAME_SZ + 2*INST_SZ + 2*REALM_SZ - 3) +#define KKEY_SZ 100 +#define VERSION_SZ 1 +#define MSG_TYPE_SZ 1 +#define DATE_SZ 26 /* RTI date output */ + +#define MAX_HSTNM 100 /* for compatibility */ + +typedef struct krb_principal{ + char name[ANAME_SZ]; + char instance[INST_SZ]; + char realm[REALM_SZ]; +}krb_principal; + +#ifndef DEFAULT_TKT_LIFE /* allow compile-time override */ +/* default lifetime for krb_mk_req & co., 10 hrs */ +#define DEFAULT_TKT_LIFE 120 +#endif + +#define KRB_TICKET_GRANTING_TICKET "krbtgt" + +/* Definition of text structure used to pass text around */ +#define MAX_KTXT_LEN 1250 + +struct ktext { + unsigned int length; /* Length of the text */ + unsigned char dat[MAX_KTXT_LEN]; /* The data itself */ + u_int32_t mbz; /* zero to catch runaway strings */ +}; + +typedef struct ktext *KTEXT; +typedef struct ktext KTEXT_ST; + + +/* Definitions for send_to_kdc */ +#define CLIENT_KRB_TIMEOUT 4 /* time between retries */ +#define CLIENT_KRB_RETRY 5 /* retry this many times */ +#define CLIENT_KRB_BUFLEN 512 /* max unfragmented packet */ + +/* Definitions for ticket file utilities */ +#define R_TKT_FIL 0 +#define W_TKT_FIL 1 + +/* Parameters for rd_ap_req */ +/* Maximum alloable clock skew in seconds */ +#define CLOCK_SKEW 5*60 +/* Filename for readservkey */ +#ifndef KEYFILE +#define KEYFILE "/etc/srvtab" +#endif + +/* Structure definition for rd_ap_req */ + +struct auth_dat { + unsigned char k_flags; /* Flags from ticket */ + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* His Instance */ + char prealm[REALM_SZ]; /* His Realm */ + u_int32_t checksum; /* Data checksum (opt) */ + des_cblock session; /* Session Key */ + int life; /* Life of ticket */ + u_int32_t time_sec; /* Time ticket issued */ + u_int32_t address; /* Address in ticket */ + KTEXT_ST reply; /* Auth reply (opt) */ +}; + +typedef struct auth_dat AUTH_DAT; + +/* Structure definition for credentials returned by get_cred */ + +struct credentials { + char service[ANAME_SZ]; /* Service name */ + char instance[INST_SZ]; /* Instance */ + char realm[REALM_SZ]; /* Auth domain */ + des_cblock session; /* Session key */ + int lifetime; /* Lifetime */ + int kvno; /* Key version number */ + KTEXT_ST ticket_st; /* The ticket itself */ + int32_t issue_date; /* The issue time */ + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* Principal's instance */ +}; + +typedef struct credentials CREDENTIALS; + +/* Structure definition for rd_private_msg and rd_safe_msg */ + +struct msg_dat { + unsigned char *app_data; /* pointer to appl data */ + u_int32_t app_length; /* length of appl data */ + u_int32_t hash; /* hash to lookup replay */ + int swap; /* swap bytes? */ + int32_t time_sec; /* msg timestamp seconds */ + unsigned char time_5ms; /* msg timestamp 5ms units */ +}; + +typedef struct msg_dat MSG_DAT; + +struct krb_host { + char *realm; + char *host; + int proto; + int port; + int admin; +}; + +struct krb_host *krb_get_host __P((int, char*, int)); + + +/* Location of ticket file for save_cred and get_cred */ +#define TKT_FILE tkt_string() +#define TKT_ROOT "/tmp/tkt" + +/* Error codes returned from the KDC */ +#define KDC_OK 0 /* Request OK */ +#define KDC_NAME_EXP 1 /* Principal expired */ +#define KDC_SERVICE_EXP 2 /* Service expired */ +#define KDC_AUTH_EXP 3 /* Auth expired */ +#define KDC_PKT_VER 4 /* Protocol version unknown */ +#define KDC_P_MKEY_VER 5 /* Wrong master key version */ +#define KDC_S_MKEY_VER 6 /* Wrong master key version */ +#define KDC_BYTE_ORDER 7 /* Byte order unknown */ +#define KDC_PR_UNKNOWN 8 /* Principal unknown */ +#define KDC_PR_N_UNIQUE 9 /* Principal not unique */ +#define KDC_NULL_KEY 10 /* Principal has null key */ +#define KDC_GEN_ERR 20 /* Generic error from KDC */ + + +/* Values returned by get_credentials */ +#define GC_OK 0 /* Retrieve OK */ +#define RET_OK 0 /* Retrieve OK */ +#define GC_TKFIL 21 /* Can't read ticket file */ +#define RET_TKFIL 21 /* Can't read ticket file */ +#define GC_NOTKT 22 /* Can't find ticket or TGT */ +#define RET_NOTKT 22 /* Can't find ticket or TGT */ + + +/* Values returned by mk_ap_req */ +#define MK_AP_OK 0 /* Success */ +#define MK_AP_TGTEXP 26 /* TGT Expired */ + +/* Values returned by rd_ap_req */ +#define RD_AP_OK 0 /* Request authentic */ +#define RD_AP_UNDEC 31 /* Can't decode authenticator */ +#define RD_AP_EXP 32 /* Ticket expired */ +#define RD_AP_NYV 33 /* Ticket not yet valid */ +#define RD_AP_REPEAT 34 /* Repeated request */ +#define RD_AP_NOT_US 35 /* The ticket isn't for us */ +#define RD_AP_INCON 36 /* Request is inconsistent */ +#define RD_AP_TIME 37 /* delta_t too big */ +#define RD_AP_BADD 38 /* Incorrect net address */ +#define RD_AP_VERSION 39 /* protocol version mismatch */ +#define RD_AP_MSG_TYPE 40 /* invalid msg type */ +#define RD_AP_MODIFIED 41 /* message stream modified */ +#define RD_AP_ORDER 42 /* message out of order */ +#define RD_AP_UNAUTHOR 43 /* unauthorized request */ + +/* Values returned by get_pw_tkt */ +#define GT_PW_OK 0 /* Got password changing tkt */ +#define GT_PW_NULL 51 /* Current PW is null */ +#define GT_PW_BADPW 52 /* Incorrect current password */ +#define GT_PW_PROT 53 /* Protocol Error */ +#define GT_PW_KDCERR 54 /* Error returned by KDC */ +#define GT_PW_NULLTKT 55 /* Null tkt returned by KDC */ + + +/* Values returned by send_to_kdc */ +#define SKDC_OK 0 /* Response received */ +#define SKDC_RETRY 56 /* Retry count exceeded */ +#define SKDC_CANT 57 /* Can't send request */ + +/* + * Values returned by get_intkt + * (can also return SKDC_* and KDC errors) + */ + +#define INTK_OK 0 /* Ticket obtained */ +#define INTK_W_NOTALL 61 /* Not ALL tickets returned */ +#define INTK_BADPW 62 /* Incorrect password */ +#define INTK_PROT 63 /* Protocol Error */ +#define INTK_ERR 70 /* Other error */ + +/* Values returned by get_adtkt */ +#define AD_OK 0 /* Ticket Obtained */ +#define AD_NOTGT 71 /* Don't have tgt */ +#define AD_INTR_RLM_NOTGT 72 /* Can't get inter-realm tgt */ + +/* Error codes returned by ticket file utilities */ +#define NO_TKT_FIL 76 /* No ticket file found */ +#define TKT_FIL_ACC 77 /* Couldn't access tkt file */ +#define TKT_FIL_LCK 78 /* Couldn't lock ticket file */ +#define TKT_FIL_FMT 79 /* Bad ticket file format */ +#define TKT_FIL_INI 80 /* tf_init not called first */ + +/* Error code returned by kparse_name */ +#define KNAME_FMT 81 /* Bad Kerberos name format */ + +/* Error code returned by krb_mk_safe */ +#define SAFE_PRIV_ERROR -1 /* syscall error */ + +/* + * macros for byte swapping; also scratch space + * u_quad 0-->7, 1-->6, 2-->5, 3-->4, 4-->3, 5-->2, 6-->1, 7-->0 + * u_int32_t 0-->3, 1-->2, 2-->1, 3-->0 + * u_int16_t 0-->1, 1-->0 + */ + +#define swap_u_16(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(((char *) x) +0, ((char *) _krb_swap_tmp) +14 ,2); \ + swab(((char *) x) +2, ((char *) _krb_swap_tmp) +12 ,2); \ + swab(((char *) x) +4, ((char *) _krb_swap_tmp) +10 ,2); \ + swab(((char *) x) +6, ((char *) _krb_swap_tmp) +8 ,2); \ + swab(((char *) x) +8, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) x) +10,((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) x) +12,((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) x) +14,((char *) _krb_swap_tmp) +0 ,2); \ + memcpy(x, _krb_swap_tmp, 16);\ + } + +#define swap_u_12(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(( char *) x, ((char *) _krb_swap_tmp) +10 ,2); \ + swab(((char *) x) +2, ((char *) _krb_swap_tmp) +8 ,2); \ + swab(((char *) x) +4, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) x) +6, ((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) x) +8, ((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) x) +10,((char *) _krb_swap_tmp) +0 ,2); \ + memcpy(x, _krb_swap_tmp, 12);\ + } + +#define swap_C_Block(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(( char *) x, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) x) +2,((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) x) +4,((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) x) +6,((char *) _krb_swap_tmp) ,2); \ + memcpy(x, _krb_swap_tmp, 8);\ + } +#define swap_u_quad(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab(( char *) &x, ((char *) _krb_swap_tmp) +6 ,2); \ + swab(((char *) &x) +2,((char *) _krb_swap_tmp) +4 ,2); \ + swab(((char *) &x) +4,((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) &x) +6,((char *) _krb_swap_tmp) ,2); \ + memcpy(x, _krb_swap_tmp, 8);\ + } + +#define swap_u_long(x) {\ + u_int32_t _krb_swap_tmp[4];\ + swab((char *) &x, ((char *) _krb_swap_tmp) +2 ,2); \ + swab(((char *) &x) +2,((char *) _krb_swap_tmp),2); \ + x = _krb_swap_tmp[0]; \ + } + +#define swap_u_short(x) {\ + u_int16_t _krb_swap_sh_tmp; \ + swab((char *) &x, ( &_krb_swap_sh_tmp) ,2); \ + x = (u_int16_t) _krb_swap_sh_tmp; \ + } +/* Kerberos ticket flag field bit definitions */ +#define K_FLAG_ORDER 0 /* bit 0 --> lsb */ +#define K_FLAG_1 /* reserved */ +#define K_FLAG_2 /* reserved */ +#define K_FLAG_3 /* reserved */ +#define K_FLAG_4 /* reserved */ +#define K_FLAG_5 /* reserved */ +#define K_FLAG_6 /* reserved */ +#define K_FLAG_7 /* reserved, bit 7 --> msb */ + +/* Defines for krb_sendauth and krb_recvauth */ + +#define KOPT_DONT_MK_REQ 0x00000001 /* don't call krb_mk_req */ +#define KOPT_DO_MUTUAL 0x00000002 /* do mutual auth */ + +#define KOPT_DONT_CANON 0x00000004 /* + * don't canonicalize inst as + * a hostname + */ + +#define KRB_SENDAUTH_VLEN 8 /* length for version strings */ + + +/* File locking */ +#define K_LOCK_SH 1 /* Shared lock */ +#define K_LOCK_EX 2 /* Exclusive lock */ +#define K_LOCK_NB 4 /* Don't block when locking */ +#define K_LOCK_UN 8 /* Unlock */ +int k_flock __P((int fd, int operation)); +struct tm *k_localtime __P((u_int32_t *)); +int k_getsockinst __P((int fd, char *inst, size_t)); +int k_getportbyname __P((const char *service, const char *proto, int default_port)); + +extern char *krb4_version; + +struct in_addr; + +int k_get_all_addrs __P((struct in_addr **l)); + +/* Host address comparison */ +int krb_equiv __P((u_int32_t, u_int32_t)); + +/* Password conversion */ +void mit_string_to_key __P((char *str, char *cell, des_cblock *key)); +void afs_string_to_key __P((char *str, char *cell, des_cblock *key)); + +/* Lifetime conversion */ +u_int32_t krb_life_to_time __P((u_int32_t start, int life)); +int krb_time_to_life __P((u_int32_t start, u_int32_t end)); +char *krb_life_to_atime __P((int life)); +int krb_atime_to_life __P((char *atime)); + +/* Ticket manipulation */ +int tf_get_cred __P((CREDENTIALS *)); +int tf_get_pinst __P((char *)); +int tf_get_pname __P((char *)); +int tf_put_pinst __P((char *)); +int tf_put_pname __P((char *)); +int tf_init __P((char *, int)); +int tf_create __P((char *)); +int tf_save_cred __P((char *, char *, char *, unsigned char *, int , int , KTEXT ticket, u_int32_t)); +void tf_close __P((void)); +int tf_setup __P((CREDENTIALS *cred, char *pname, char *pinst)); + +/* Private communication */ + +struct sockaddr_in; + +int32_t krb_mk_priv __P((void *, void *, u_int32_t, struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *)); +int32_t krb_rd_priv __P((void *, u_int32_t, struct des_ks_struct *, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *)); + +/* Misc */ +KTEXT create_auth_reply __P((char *, char *, char *, int32_t, int, u_int32_t, int, KTEXT)); + +char *krb_get_phost __P((const char *)); +char *krb_realmofhost __P((const char *)); +char *tkt_string __P((void)); + +int create_ciph __P((KTEXT, unsigned char *, char *, char *, char *, u_int32_t, int, KTEXT, u_int32_t, des_cblock *)); +int decomp_ticket __P((KTEXT, unsigned char *, char *, char *, char *, u_int32_t *, unsigned char *, int *, u_int32_t *, char *, char *, des_cblock *, struct des_ks_struct *)); +int dest_tkt __P((void)); +int get_ad_tkt __P((char *, char *, char *, int)); +int get_pw_tkt __P((char *, char *, char *, char *)); +int get_request __P((KTEXT, int, char **, char **)); +int in_tkt __P((char *, char *)); +int k_gethostname __P((char *, int )); +int k_isinst __P((char *)); +int k_isname __P((char *)); +int k_isrealm __P((char *)); +int kname_parse __P((char *, char *, char *, char *)); +int krb_parse_name __P((const char*, krb_principal*)); +char *krb_unparse_name __P((krb_principal*)); +char *krb_unparse_name_r __P((krb_principal*, char*)); +char *krb_unparse_name_long __P((char*, char*, char*)); +char *krb_unparse_name_long_r __P((char *name, char *instance, char *realm, char *fullname)); +int krb_create_ticket __P((KTEXT, unsigned char, char *, char *, char *, int32_t, void *, int16_t, int32_t, char *, char *, des_cblock *)); +int krb_get_admhst __P((char *, char *, int)); +int krb_get_cred __P((char *, char *, char *, CREDENTIALS *)); + +typedef int (*key_proc_t) __P((char*, char*, char*, void*, des_cblock*)); + +typedef int (*decrypt_proc_t) __P((char*, char*, char*, void*, + key_proc_t, KTEXT*)); + +int krb_get_in_tkt __P((char*, char*, char*, char*, char*, int, key_proc_t, + decrypt_proc_t, void*)); + +int srvtab_to_key __P((char *, char *, char *, void *, des_cblock *)); +int passwd_to_key __P((char *, char *, char *, void *, des_cblock *)); +int passwd_to_afskey __P((char *, char *, char *, void *, des_cblock *)); + +int krb_get_krbhst __P((char *, char *, int)); +int krb_get_lrealm __P((char *, int)); +char *krb_get_default_realm __P((void)); +int krb_get_pw_in_tkt __P((char *, char *, char *, char *, char *, int, char *)); +int krb_get_svc_in_tkt __P((char *, char *, char *, char *, char *, int, char *)); +int krb_get_tf_fullname __P((char *, char *, char *, char *)); +int krb_get_tf_realm __P((char *, char *)); +int krb_kntoln __P((AUTH_DAT *, char *)); +int krb_mk_req __P((KTEXT , char *, char *, char *, int32_t)); +int krb_net_read __P((int , void *, size_t)); +int krb_net_write __P((int , const void *, size_t)); +int krb_rd_err __P((u_char *, u_int32_t, int32_t *, MSG_DAT *)); +int krb_rd_req __P((KTEXT , char *, char *, int32_t, AUTH_DAT *, char *)); +int krb_recvauth __P((int32_t, int, KTEXT, char *, char *, struct sockaddr_in *, struct sockaddr_in *, AUTH_DAT *, char *, struct des_ks_struct *, char *)); +int krb_sendauth __P((int32_t, int, KTEXT, char *,char *, char *, u_int32_t, MSG_DAT *, CREDENTIALS *, struct des_ks_struct *, struct sockaddr_in *, struct sockaddr_in *, char *)); +int krb_mk_auth __P((int32_t, KTEXT, char *, char *, char *, u_int32_t, char *, KTEXT)); +int krb_check_auth __P((KTEXT, u_int32_t, MSG_DAT *, des_cblock *, struct des_ks_struct *, struct sockaddr_in *, struct sockaddr_in *)); +int krb_set_key __P((void *, int)); +int krb_set_lifetime __P((int)); +int krb_kuserok __P((char *name, char *inst, char *realm, char *luser)); +int kuserok __P((AUTH_DAT *, char *)); +int read_service_key __P((char *, char *, char *, int , char *, char *)); +int save_credentials __P((char *, char *, char *, unsigned char *, int , int , KTEXT , int32_t)); +int send_to_kdc __P((KTEXT , KTEXT , char *)); + +int32_t krb_mk_err __P((u_char *, int32_t, char *)); +int32_t krb_mk_safe __P((void *, void *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *)); +int32_t krb_rd_safe __P((void *, u_int32_t, des_cblock *, struct sockaddr_in *, struct sockaddr_in *, MSG_DAT *)); + +void ad_print __P((AUTH_DAT *)); +void cr_err_reply __P((KTEXT, char *, char *, char *, u_int32_t, u_int32_t, char *)); +void extract_ticket __P((KTEXT, int, char *, int *, int *, char *, KTEXT)); +void krb_set_tkt_string __P((char *)); + +int krb_get_default_principal __P((char *, char *, char *)); +int krb_realm_parse __P((char *, int)); +int krb_verify_user __P((char*, char*, char*, char*, int, char *)); + +/* logging.c */ + +typedef int (*krb_log_func_t)(FILE *, const char *, va_list); + +typedef krb_log_func_t krb_warnfn_t; + +struct krb_log_facility; + +int krb_vlogger __P((struct krb_log_facility*, const char *, va_list)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 0))) +#endif +; +int krb_logger __P((struct krb_log_facility*, const char *, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 3))) +#endif +; +int krb_openlog __P((struct krb_log_facility*, char*, FILE*, krb_log_func_t)); + +void krb_set_warnfn __P((krb_warnfn_t)); +krb_warnfn_t krb_get_warnfn __P((void)); +void krb_warning __P((const char*, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; + +void kset_logfile __P((char*)); +void krb_log __P((const char*, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 1, 2))) +#endif +; +char *klog __P((int, const char*, ...)) +#ifdef __GNUC__ +__attribute__ ((format (printf, 2, 3))) +#endif +; + +int getst __P((int, char *, int)); +const char *month_sname __P((int)); +const char *krb_stime __P((time_t *)); +int krb_check_tm __P((struct tm)); + +int krb_get_int __P((void *from, u_int32_t *to, int size, int lsb)); +int krb_put_int __P((u_int32_t from, void *to, int size)); +int krb_get_address __P((void *from, u_int32_t *to)); +int krb_put_address __P((u_int32_t addr, void *to)); +int krb_put_string __P((char *from, void *to)); +int krb_get_string __P((void *from, char *to)); +int krb_get_nir __P((void *from, char *name, char *instance, char *realm)); +int krb_put_nir __P((char *name, char *instance, char *realm, void *to)); + +__END_DECLS + +#endif /* KRB_DEFS */ diff --git a/crypto/kerberosIV/lib/krb/krb.mak b/crypto/kerberosIV/lib/krb/krb.mak new file mode 100644 index 0000000..1236261 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb.mak @@ -0,0 +1,3065 @@ +# Microsoft Developer Studio Generated NMAKE File, Format Version 4.10 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 + +!IF "$(CFG)" == "" +CFG=krb - Win32 Debug +!MESSAGE No configuration specified. Defaulting to krb - Win32 Debug. +!ENDIF + +!IF "$(CFG)" != "krb - Win32 Release" && "$(CFG)" != "krb - Win32 Debug" +!MESSAGE Invalid configuration "$(CFG)" specified. +!MESSAGE You can specify a configuration when running NMAKE on this makefile +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "krb.mak" CFG="krb - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "krb - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "krb - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE +!ERROR An invalid configuration is specified. +!ENDIF + +!IF "$(OS)" == "Windows_NT" +NULL= +!ELSE +NULL=nul +!ENDIF +################################################################################ +# Begin Project +# PROP Target_Last_Scanned "krb - Win32 Debug" +RSC=rc.exe +MTL=mktyplib.exe +CPP=cl.exe + +!IF "$(CFG)" == "krb - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Target_Dir "" +OUTDIR=.\Release +INTDIR=.\Release + +ALL : ".\Release\krb.dll" + +CLEAN : + -@erase ".\Release\cr_err_reply.obj" + -@erase ".\Release\create_auth_reply.obj" + -@erase ".\Release\create_ciph.obj" + -@erase ".\Release\create_ticket.obj" + -@erase ".\Release\debug_decl.obj" + -@erase ".\Release\decomp_ticket.obj" + -@erase ".\Release\dllmain.obj" + -@erase ".\Release\encrypt_ktext.obj" + -@erase ".\Release\et_list.obj" + -@erase ".\Release\get_ad_tkt.obj" + -@erase ".\Release\get_cred.obj" + -@erase ".\Release\get_default_principal.obj" + -@erase ".\Release\get_host.obj" + -@erase ".\Release\get_in_tkt.obj" + -@erase ".\Release\get_krbrlm.obj" + -@erase ".\Release\get_phost.obj" + -@erase ".\Release\get_svc_in_tkt.obj" + -@erase ".\Release\get_tf_fullname.obj" + -@erase ".\Release\get_tf_realm.obj" + -@erase ".\Release\getaddrs.obj" + -@erase ".\Release\getrealm.obj" + -@erase ".\Release\getst.obj" + -@erase ".\Release\k_flock.obj" + -@erase ".\Release\k_gethostname.obj" + -@erase ".\Release\k_getport.obj" + -@erase ".\Release\k_getsockinst.obj" + -@erase ".\Release\k_localtime.obj" + -@erase ".\Release\kdc_reply.obj" + -@erase ".\Release\kntoln.obj" + -@erase ".\Release\krb.dll" + -@erase ".\Release\krb.exp" + -@erase ".\Release\krb.lib" + -@erase ".\Release\krb_check_auth.obj" + -@erase ".\Release\krb_equiv.obj" + -@erase ".\Release\krb_err_txt.obj" + -@erase ".\Release\krb_get_in_tkt.obj" + -@erase ".\Release\lifetime.obj" + -@erase ".\Release\logging.obj" + -@erase ".\Release\lsb_addr_comp.obj" + -@erase ".\Release\mk_auth.obj" + -@erase ".\Release\mk_err.obj" + -@erase ".\Release\mk_priv.obj" + -@erase ".\Release\mk_req.obj" + -@erase ".\Release\mk_safe.obj" + -@erase ".\Release\month_sname.obj" + -@erase ".\Release\name2name.obj" + -@erase ".\Release\netread.obj" + -@erase ".\Release\netwrite.obj" + -@erase ".\Release\one.obj" + -@erase ".\Release\parse_name.obj" + -@erase ".\Release\rd_err.obj" + -@erase ".\Release\rd_priv.obj" + -@erase ".\Release\rd_req.obj" + -@erase ".\Release\rd_safe.obj" + -@erase ".\Release\read_service_key.obj" + -@erase ".\Release\realm_parse.obj" + -@erase ".\Release\recvauth.obj" + -@erase ".\Release\resolve.obj" + -@erase ".\Release\rw.obj" + -@erase ".\Release\save_credentials.obj" + -@erase ".\Release\send_to_kdc.obj" + -@erase ".\Release\sendauth.obj" + -@erase ".\Release\stime.obj" + -@erase ".\Release\str2key.obj" + -@erase ".\Release\swab.obj" + -@erase ".\Release\ticket_memory.obj" + -@erase ".\Release\tkt_string.obj" + -@erase ".\Release\unparse_name.obj" + -@erase ".\Release\util.obj" + -@erase ".\Release\verify_user.obj" + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c +# ADD CPP /nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c +CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "." /I "..\..\include" /I\ + "..\..\include\win32" /I "..\des" /I "..\roken" /D "NDEBUG" /D "WIN32" /D\ + "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/krb.pch" /YX /Fo"$(INTDIR)/" /c +CPP_OBJS=.\Release/ +CPP_SBRS=.\. +# ADD BASE MTL /nologo /D "NDEBUG" /win32 +# ADD MTL /nologo /D "NDEBUG" /win32 +MTL_PROJ=/nologo /D "NDEBUG" /win32 +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +BSC32_FLAGS=/nologo /o"$(OUTDIR)/krb.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 +# ADD LINK32 ..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 +LINK32_FLAGS=..\roken\Release\roken.lib ..\des\Release\des.lib wsock32.lib\ + kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\ + shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo\ + /subsystem:windows /dll /incremental:no /pdb:"$(OUTDIR)/krb.pdb" /machine:I386\ + /def:".\krb.def" /out:"$(OUTDIR)/krb.dll" /implib:"$(OUTDIR)/krb.lib" +DEF_FILE= \ + ".\krb.def" +LINK32_OBJS= \ + ".\Release\cr_err_reply.obj" \ + ".\Release\create_auth_reply.obj" \ + ".\Release\create_ciph.obj" \ + ".\Release\create_ticket.obj" \ + ".\Release\debug_decl.obj" \ + ".\Release\decomp_ticket.obj" \ + ".\Release\dllmain.obj" \ + ".\Release\encrypt_ktext.obj" \ + ".\Release\et_list.obj" \ + ".\Release\get_ad_tkt.obj" \ + ".\Release\get_cred.obj" \ + ".\Release\get_default_principal.obj" \ + ".\Release\get_host.obj" \ + ".\Release\get_in_tkt.obj" \ + ".\Release\get_krbrlm.obj" \ + ".\Release\get_phost.obj" \ + ".\Release\get_svc_in_tkt.obj" \ + ".\Release\get_tf_fullname.obj" \ + ".\Release\get_tf_realm.obj" \ + ".\Release\getaddrs.obj" \ + ".\Release\getrealm.obj" \ + ".\Release\getst.obj" \ + ".\Release\k_flock.obj" \ + ".\Release\k_gethostname.obj" \ + ".\Release\k_getport.obj" \ + ".\Release\k_getsockinst.obj" \ + ".\Release\k_localtime.obj" \ + ".\Release\kdc_reply.obj" \ + ".\Release\kntoln.obj" \ + ".\Release\krb_check_auth.obj" \ + ".\Release\krb_equiv.obj" \ + ".\Release\krb_err_txt.obj" \ + ".\Release\krb_get_in_tkt.obj" \ + ".\Release\lifetime.obj" \ + ".\Release\logging.obj" \ + ".\Release\lsb_addr_comp.obj" \ + ".\Release\mk_auth.obj" \ + ".\Release\mk_err.obj" \ + ".\Release\mk_priv.obj" \ + ".\Release\mk_req.obj" \ + ".\Release\mk_safe.obj" \ + ".\Release\month_sname.obj" \ + ".\Release\name2name.obj" \ + ".\Release\netread.obj" \ + ".\Release\netwrite.obj" \ + ".\Release\one.obj" \ + ".\Release\parse_name.obj" \ + ".\Release\rd_err.obj" \ + ".\Release\rd_priv.obj" \ + ".\Release\rd_req.obj" \ + ".\Release\rd_safe.obj" \ + ".\Release\read_service_key.obj" \ + ".\Release\realm_parse.obj" \ + ".\Release\recvauth.obj" \ + ".\Release\resolve.obj" \ + ".\Release\rw.obj" \ + ".\Release\save_credentials.obj" \ + ".\Release\send_to_kdc.obj" \ + ".\Release\sendauth.obj" \ + ".\Release\stime.obj" \ + ".\Release\str2key.obj" \ + ".\Release\swab.obj" \ + ".\Release\ticket_memory.obj" \ + ".\Release\tkt_string.obj" \ + ".\Release\unparse_name.obj" \ + ".\Release\util.obj" \ + ".\Release\verify_user.obj" + +".\Release\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Target_Dir "" +OUTDIR=.\Debug +INTDIR=.\Debug + +ALL : ".\Debug\krb.dll" + +CLEAN : + -@erase ".\Debug\cr_err_reply.obj" + -@erase ".\Debug\create_auth_reply.obj" + -@erase ".\Debug\create_ciph.obj" + -@erase ".\Debug\create_ticket.obj" + -@erase ".\Debug\debug_decl.obj" + -@erase ".\Debug\decomp_ticket.obj" + -@erase ".\Debug\dllmain.obj" + -@erase ".\Debug\encrypt_ktext.obj" + -@erase ".\Debug\et_list.obj" + -@erase ".\Debug\get_ad_tkt.obj" + -@erase ".\Debug\get_cred.obj" + -@erase ".\Debug\get_default_principal.obj" + -@erase ".\Debug\get_host.obj" + -@erase ".\Debug\get_in_tkt.obj" + -@erase ".\Debug\get_krbrlm.obj" + -@erase ".\Debug\get_phost.obj" + -@erase ".\Debug\get_svc_in_tkt.obj" + -@erase ".\Debug\get_tf_fullname.obj" + -@erase ".\Debug\get_tf_realm.obj" + -@erase ".\Debug\getaddrs.obj" + -@erase ".\Debug\getrealm.obj" + -@erase ".\Debug\getst.obj" + -@erase ".\Debug\k_flock.obj" + -@erase ".\Debug\k_gethostname.obj" + -@erase ".\Debug\k_getport.obj" + -@erase ".\Debug\k_getsockinst.obj" + -@erase ".\Debug\k_localtime.obj" + -@erase ".\Debug\kdc_reply.obj" + -@erase ".\Debug\kntoln.obj" + -@erase ".\Debug\krb.dll" + -@erase ".\Debug\krb.exp" + -@erase ".\Debug\krb.ilk" + -@erase ".\Debug\krb.lib" + -@erase ".\Debug\krb.pdb" + -@erase ".\Debug\krb_check_auth.obj" + -@erase ".\Debug\krb_equiv.obj" + -@erase ".\Debug\krb_err_txt.obj" + -@erase ".\Debug\krb_get_in_tkt.obj" + -@erase ".\Debug\lifetime.obj" + -@erase ".\Debug\logging.obj" + -@erase ".\Debug\lsb_addr_comp.obj" + -@erase ".\Debug\mk_auth.obj" + -@erase ".\Debug\mk_err.obj" + -@erase ".\Debug\mk_priv.obj" + -@erase ".\Debug\mk_req.obj" + -@erase ".\Debug\mk_safe.obj" + -@erase ".\Debug\month_sname.obj" + -@erase ".\Debug\name2name.obj" + -@erase ".\Debug\netread.obj" + -@erase ".\Debug\netwrite.obj" + -@erase ".\Debug\one.obj" + -@erase ".\Debug\parse_name.obj" + -@erase ".\Debug\rd_err.obj" + -@erase ".\Debug\rd_priv.obj" + -@erase ".\Debug\rd_req.obj" + -@erase ".\Debug\rd_safe.obj" + -@erase ".\Debug\read_service_key.obj" + -@erase ".\Debug\realm_parse.obj" + -@erase ".\Debug\recvauth.obj" + -@erase ".\Debug\resolve.obj" + -@erase ".\Debug\rw.obj" + -@erase ".\Debug\save_credentials.obj" + -@erase ".\Debug\send_to_kdc.obj" + -@erase ".\Debug\sendauth.obj" + -@erase ".\Debug\stime.obj" + -@erase ".\Debug\str2key.obj" + -@erase ".\Debug\swab.obj" + -@erase ".\Debug\ticket_memory.obj" + -@erase ".\Debug\tkt_string.obj" + -@erase ".\Debug\unparse_name.obj" + -@erase ".\Debug\util.obj" + -@erase ".\Debug\vc40.idb" + -@erase ".\Debug\vc40.pdb" + -@erase ".\Debug\verify_user.obj" + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c +# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c +CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "." /I "..\..\include" /I\ + "..\..\include\win32" /I "..\des" /I "..\roken" /D "_DEBUG" /D "WIN32" /D\ + "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/krb.pch" /YX /Fo"$(INTDIR)/"\ + /Fd"$(INTDIR)/" /c +CPP_OBJS=.\Debug/ +CPP_SBRS=.\. +# ADD BASE MTL /nologo /D "_DEBUG" /win32 +# ADD MTL /nologo /D "_DEBUG" /win32 +MTL_PROJ=/nologo /D "_DEBUG" /win32 +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +BSC32_FLAGS=/nologo /o"$(OUTDIR)/krb.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 +# ADD LINK32 ..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 +LINK32_FLAGS=..\roken\Debug\roken.lib ..\des\Debug\des.lib wsock32.lib\ + kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib\ + shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo\ + /subsystem:windows /dll /incremental:yes /pdb:"$(OUTDIR)/krb.pdb" /debug\ + /machine:I386 /def:".\krb.def" /out:"$(OUTDIR)/krb.dll"\ + /implib:"$(OUTDIR)/krb.lib" +DEF_FILE= \ + ".\krb.def" +LINK32_OBJS= \ + ".\Debug\cr_err_reply.obj" \ + ".\Debug\create_auth_reply.obj" \ + ".\Debug\create_ciph.obj" \ + ".\Debug\create_ticket.obj" \ + ".\Debug\debug_decl.obj" \ + ".\Debug\decomp_ticket.obj" \ + ".\Debug\dllmain.obj" \ + ".\Debug\encrypt_ktext.obj" \ + ".\Debug\et_list.obj" \ + ".\Debug\get_ad_tkt.obj" \ + ".\Debug\get_cred.obj" \ + ".\Debug\get_default_principal.obj" \ + ".\Debug\get_host.obj" \ + ".\Debug\get_in_tkt.obj" \ + ".\Debug\get_krbrlm.obj" \ + ".\Debug\get_phost.obj" \ + ".\Debug\get_svc_in_tkt.obj" \ + ".\Debug\get_tf_fullname.obj" \ + ".\Debug\get_tf_realm.obj" \ + ".\Debug\getaddrs.obj" \ + ".\Debug\getrealm.obj" \ + ".\Debug\getst.obj" \ + ".\Debug\k_flock.obj" \ + ".\Debug\k_gethostname.obj" \ + ".\Debug\k_getport.obj" \ + ".\Debug\k_getsockinst.obj" \ + ".\Debug\k_localtime.obj" \ + ".\Debug\kdc_reply.obj" \ + ".\Debug\kntoln.obj" \ + ".\Debug\krb_check_auth.obj" \ + ".\Debug\krb_equiv.obj" \ + ".\Debug\krb_err_txt.obj" \ + ".\Debug\krb_get_in_tkt.obj" \ + ".\Debug\lifetime.obj" \ + ".\Debug\logging.obj" \ + ".\Debug\lsb_addr_comp.obj" \ + ".\Debug\mk_auth.obj" \ + ".\Debug\mk_err.obj" \ + ".\Debug\mk_priv.obj" \ + ".\Debug\mk_req.obj" \ + ".\Debug\mk_safe.obj" \ + ".\Debug\month_sname.obj" \ + ".\Debug\name2name.obj" \ + ".\Debug\netread.obj" \ + ".\Debug\netwrite.obj" \ + ".\Debug\one.obj" \ + ".\Debug\parse_name.obj" \ + ".\Debug\rd_err.obj" \ + ".\Debug\rd_priv.obj" \ + ".\Debug\rd_req.obj" \ + ".\Debug\rd_safe.obj" \ + ".\Debug\read_service_key.obj" \ + ".\Debug\realm_parse.obj" \ + ".\Debug\recvauth.obj" \ + ".\Debug\resolve.obj" \ + ".\Debug\rw.obj" \ + ".\Debug\save_credentials.obj" \ + ".\Debug\send_to_kdc.obj" \ + ".\Debug\sendauth.obj" \ + ".\Debug\stime.obj" \ + ".\Debug\str2key.obj" \ + ".\Debug\swab.obj" \ + ".\Debug\ticket_memory.obj" \ + ".\Debug\tkt_string.obj" \ + ".\Debug\unparse_name.obj" \ + ".\Debug\util.obj" \ + ".\Debug\verify_user.obj" + +".\Debug\krb.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + +!ENDIF + +.c{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.cpp{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.cxx{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.c{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +.cpp{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +.cxx{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +################################################################################ +# Begin Target + +# Name "krb - Win32 Release" +# Name "krb - Win32 Debug" + +!IF "$(CFG)" == "krb - Win32 Release" + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +!ENDIF + +################################################################################ +# Begin Source File + +SOURCE=.\krb.def + +!IF "$(CFG)" == "krb - Win32 Release" + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_tf_fullname.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_T=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_T=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_tf_fullname.obj" : $(SOURCE) $(DEP_CPP_GET_T) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\cr_err_reply.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_CR_ER=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_CR_ER=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\cr_err_reply.obj" : $(SOURCE) $(DEP_CPP_CR_ER) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\create_auth_reply.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_CREAT=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_CREAT=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\create_auth_reply.obj" : $(SOURCE) $(DEP_CPP_CREAT) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\create_ciph.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_CREATE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_CREATE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\create_ciph.obj" : $(SOURCE) $(DEP_CPP_CREATE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\create_ticket.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_CREATE_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_CREATE_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\create_ticket.obj" : $(SOURCE) $(DEP_CPP_CREATE_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\decomp_ticket.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_DECOM=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_DECOM=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\decomp_ticket.obj" : $(SOURCE) $(DEP_CPP_DECOM) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\dllmain.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_DLLMA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\ticket_memory.h"\ + + +".\Release\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_DLLMA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + ".\ticket_memory.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\dllmain.obj" : $(SOURCE) $(DEP_CPP_DLLMA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\encrypt_ktext.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_ENCRY=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_ENCRY=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\encrypt_ktext.obj" : $(SOURCE) $(DEP_CPP_ENCRY) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\et_list.c +DEP_CPP_ET_LI=\ + "..\..\include\win32\config.h"\ + + +!IF "$(CFG)" == "krb - Win32 Release" + + +".\Release\et_list.obj" : $(SOURCE) $(DEP_CPP_ET_LI) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + + +".\Debug\et_list.obj" : $(SOURCE) $(DEP_CPP_ET_LI) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_ad_tkt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_A=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_A=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_ad_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_A) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_cred.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_C=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_C=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_cred.obj" : $(SOURCE) $(DEP_CPP_GET_C) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_default_principal.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_D=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_D=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_default_principal.obj" : $(SOURCE) $(DEP_CPP_GET_D) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_host.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_H=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_H=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_host.obj" : $(SOURCE) $(DEP_CPP_GET_H) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_in_tkt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_I=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_I=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_I) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_krbrlm.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_K=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_K=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_krbrlm.obj" : $(SOURCE) $(DEP_CPP_GET_K) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_phos + +!IF "$(CFG)" == "krb - Win32 Release" + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_svc_in_tkt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_S=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_S=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_svc_in_tkt.obj" : $(SOURCE) $(DEP_CPP_GET_S) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_phost.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_P=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_phost.obj" : $(SOURCE) $(DEP_CPP_GET_P) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_P=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_phost.obj" : $(SOURCE) $(DEP_CPP_GET_P) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\krb_equiv.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KRB_E=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KRB_E=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\krb_equiv.obj" : $(SOURCE) $(DEP_CPP_KRB_E) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\getaddrs.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GETAD=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GETAD=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\getaddrs.obj" : $(SOURCE) $(DEP_CPP_GETAD) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\getrealm.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GETRE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GETRE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\getrealm.obj" : $(SOURCE) $(DEP_CPP_GETRE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\getst.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GETST=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GETST=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\getst.obj" : $(SOURCE) $(DEP_CPP_GETST) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_flock.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_FLO=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_FLO=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_flock.obj" : $(SOURCE) $(DEP_CPP_K_FLO) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_gethostname.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_GET=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_GET=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_gethostname.obj" : $(SOURCE) $(DEP_CPP_K_GET) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_getport.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_GETP=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_GETP=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_getport.obj" : $(SOURCE) $(DEP_CPP_K_GETP) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_getsockinst.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_GETS=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_GETS=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_getsockinst.obj" : $(SOURCE) $(DEP_CPP_K_GETS) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\k_localtime.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_K_LOC=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_K_LOC=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\k_localtime.obj" : $(SOURCE) $(DEP_CPP_K_LOC) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\kdc_reply.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KDC_R=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KDC_R=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\kdc_reply.obj" : $(SOURCE) $(DEP_CPP_KDC_R) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\kntoln.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KNTOL=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Release\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KNTOL=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\kntoln.obj" : $(SOURCE) $(DEP_CPP_KNTOL) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\krb_check_auth.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KRB_C=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KRB_C=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\krb_check_auth.obj" : $(SOURCE) $(DEP_CPP_KRB_C) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\get_tf_realm.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_GET_TF=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_GET_TF=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\get_tf_realm.obj" : $(SOURCE) $(DEP_CPP_GET_TF) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rd_safe.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RD_SA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RD_SA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rd_safe.obj" : $(SOURCE) $(DEP_CPP_RD_SA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\krb_get_in_tkt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KRB_G=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KRB_G=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\krb_get_in_tkt.obj" : $(SOURCE) $(DEP_CPP_KRB_G) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\lifetime.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_LIFET=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_LIFET=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\lifetime.obj" : $(SOURCE) $(DEP_CPP_LIFET) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\lsb_addr_comp.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_LSB_A=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_LSB_A=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\lsb_addr_comp.obj" : $(SOURCE) $(DEP_CPP_LSB_A) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_auth.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_AU=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_AU=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_auth.obj" : $(SOURCE) $(DEP_CPP_MK_AU) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_err.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_ER=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_ER=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_err.obj" : $(SOURCE) $(DEP_CPP_MK_ER) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_priv.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_PR=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_PR=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_priv.obj" : $(SOURCE) $(DEP_CPP_MK_PR) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_req.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_RE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_RE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_req.obj" : $(SOURCE) $(DEP_CPP_MK_RE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\mk_safe.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MK_SA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MK_SA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\mk_safe.obj" : $(SOURCE) $(DEP_CPP_MK_SA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\month_sname.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_MONTH=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_MONTH=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\month_sname.obj" : $(SOURCE) $(DEP_CPP_MONTH) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\name2name.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_NAME2=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_NAME2=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\name2name.obj" : $(SOURCE) $(DEP_CPP_NAME2) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\netread.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_NETRE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_NETRE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\netread.obj" : $(SOURCE) $(DEP_CPP_NETRE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\netwrite.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_NETWR=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_NETWR=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\netwrite.obj" : $(SOURCE) $(DEP_CPP_NETWR) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\one.c + +!IF "$(CFG)" == "krb - Win32 Release" + + +".\Release\one.obj" : $(SOURCE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + + +".\Debug\one.obj" : $(SOURCE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\parse_name.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_PARSE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_PARSE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\parse_name.obj" : $(SOURCE) $(DEP_CPP_PARSE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rd_err.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RD_ER=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RD_ER=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rd_err.obj" : $(SOURCE) $(DEP_CPP_RD_ER) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rd_priv.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RD_PR=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + + +".\Release\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RD_PR=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\lsb_addr_comp.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rd_priv.obj" : $(SOURCE) $(DEP_CPP_RD_PR) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rd_req.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RD_RE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RD_RE=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rd_req.obj" : $(SOURCE) $(DEP_CPP_RD_RE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\krb_err_txt.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_KRB_ER=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_KRB_ER=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\krb_err_txt.obj" : $(SOURCE) $(DEP_CPP_KRB_ER) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\send_to_kdc.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_SEND_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_SEND_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\send_to_kdc.obj" : $(SOURCE) $(DEP_CPP_SEND_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\realm_parse.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_REALM=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_REALM=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\realm_parse.obj" : $(SOURCE) $(DEP_CPP_REALM) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\recvauth.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RECVA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RECVA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\recvauth.obj" : $(SOURCE) $(DEP_CPP_RECVA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\resolve.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RESOL=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\resolve.h"\ + + +".\Release\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RESOL=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\resolve.obj" : $(SOURCE) $(DEP_CPP_RESOL) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\rw.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_RW_C68=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + "..\des\version.h"\ + ".\krb_locl.h"\ + + +".\Release\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C68) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_RW_C68=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\des\version.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\rw.obj" : $(SOURCE) $(DEP_CPP_RW_C68) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\save_credentials.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_SAVE_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_SAVE_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\save_credentials.obj" : $(SOURCE) $(DEP_CPP_SAVE_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\read_service_key.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_READ_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_READ_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\read_service_key.obj" : $(SOURCE) $(DEP_CPP_READ_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\verify_user.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_VERIF=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_VERIF=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\verify_user.obj" : $(SOURCE) $(DEP_CPP_VERIF) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\stime.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_STIME=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_STIME=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\stime.obj" : $(SOURCE) $(DEP_CPP_STIME) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\swab.c +DEP_CPP_SWAB_=\ + "..\..\include\win32\config.h"\ + + +!IF "$(CFG)" == "krb - Win32 Release" + + +".\Release\swab.obj" : $(SOURCE) $(DEP_CPP_SWAB_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + + +".\Debug\swab.obj" : $(SOURCE) $(DEP_CPP_SWAB_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\ticket_memory.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_TICKE=\ + ".\krb_locl.h"\ + ".\ticket_memory.h"\ + + +".\Release\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_TICKE=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + ".\ticket_memory.h"\ + + +".\Debug\ticket_memory.obj" : $(SOURCE) $(DEP_CPP_TICKE) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\tkt_string.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_TKT_S=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_TKT_S=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\tkt_string.obj" : $(SOURCE) $(DEP_CPP_TKT_S) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\unparse_name.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_UNPAR=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_UNPAR=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\unparse_name.obj" : $(SOURCE) $(DEP_CPP_UNPAR) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\util.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_UTIL_=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_UTIL_=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\util.obj" : $(SOURCE) $(DEP_CPP_UTIL_) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\sendauth.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_SENDA=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_SENDA=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\sendauth.obj" : $(SOURCE) $(DEP_CPP_SENDA) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\logging.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_LOGGI=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\klog.h"\ + ".\krb_locl.h"\ + + +".\Release\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_LOGGI=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\klog.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\logging.obj" : $(SOURCE) $(DEP_CPP_LOGGI) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\str2key.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_STR2K=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_STR2K=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\str2key.obj" : $(SOURCE) $(DEP_CPP_STR2K) "$(INTDIR)" + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\debug_decl.c + +!IF "$(CFG)" == "krb - Win32 Release" + +DEP_CPP_DEBUG=\ + "..\..\include\protos.h"\ + "..\..\include\win32\config.h"\ + ".\krb_locl.h"\ + + +".\Release\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "krb - Win32 Debug" + +DEP_CPP_DEBUG=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\roken\roken.h"\ + ".\krb.h"\ + ".\krb_locl.h"\ + ".\prot.h"\ + ".\resolve.h"\ + {$(INCLUDE)}"\sys\STAT.H"\ + {$(INCLUDE)}"\sys\TYPES.H"\ + + +".\Debug\debug_decl.obj" : $(SOURCE) $(DEP_CPP_DEBUG) "$(INTDIR)" + + +!ENDIF + +# End Source File +# End Target +# End Project +################################################################################ diff --git a/crypto/kerberosIV/lib/krb/krb_check_auth.c b/crypto/kerberosIV/lib/krb/krb_check_auth.c new file mode 100644 index 0000000..8bddbf5 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_check_auth.c @@ -0,0 +1,76 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: krb_check_auth.c,v 1.4 1997/04/01 08:18:33 joda Exp $"); + +/* + * + * Receive an mutual-authenticator for a server in `packet', with + * `checksum', `session', and `schedule' having the appropriate values + * and return the data in `msg_data'. + * + * Return KSUCCESS if the received checksum is correct. + * + */ + +int +krb_check_auth(KTEXT packet, + u_int32_t checksum, + MSG_DAT *msg_data, + des_cblock *session, + struct des_ks_struct *schedule, + struct sockaddr_in *laddr, + struct sockaddr_in *faddr) +{ + int ret; + u_int32_t checksum2; + + ret = krb_rd_priv (packet->dat, packet->length, schedule, session, faddr, + laddr, msg_data); + if (ret != RD_AP_OK) + return ret; + if (msg_data->app_length != 4) + return KFAILURE; + krb_get_int (msg_data->app_data, &checksum2, 4, 0); + if (checksum2 == checksum + 1) + return KSUCCESS; + else + return KFAILURE; +} diff --git a/crypto/kerberosIV/lib/krb/krb_equiv.c b/crypto/kerberosIV/lib/krb/krb_equiv.c new file mode 100644 index 0000000..06f42f5 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_equiv.c @@ -0,0 +1,144 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * int krb_equiv(u_int32_t ipaddr_a, u_int32_t ipaddr_b); + * + * Given two IP adresses return true if they match + * or are considered to belong to the same host. + * + * For example if /etc/krb.equiv looks like + * + * 130.237.223.3 192.16.126.3 # alv alv1 + * 130.237.223.4 192.16.126.4 # byse byse1 + * 130.237.228.152 192.16.126.9 # topsy topsy1 + * + * krb_equiv(alv, alv1) would return true but + * krb_equiv(alv, byse1) would not. + * + * A comment starts with an '#' and ends with '\n'. + * + */ +#include "krb_locl.h" + +RCSID("$Id: krb_equiv.c,v 1.13 1997/04/01 08:18:33 joda Exp $"); + +int krb_ignore_ip_address = 0; + +int +krb_equiv(u_int32_t a, u_int32_t b) +{ + FILE *fil; + char line[256]; + int hit_a, hit_b; + int iscomment; + + if (a == b) /* trivial match, also the common case */ + return 1; + + if (krb_ignore_ip_address) + return 1; /* if we have decided not to compare */ + + a = ntohl(a); + b = ntohl(b); + + fil = fopen(KRB_EQUIV, "r"); + if (fil == NULL) /* open failed */ + return 0; + + hit_a = hit_b = 0; + iscomment = 0; + while (fgets(line, sizeof(line)-1, fil) != NULL) /* for each line */ + { + char *t = line; + int len = strlen(t); + + /* for each item on this line */ + while (*t != 0) /* more addresses on this line? */ + if (*t == '\n') { + iscomment = hit_a = hit_b = 0; + break; + } else if (iscomment) + t = line + len - 1; + else if (*t == '#') { /* rest is comment */ + iscomment = 1; + ++t; + } else if (*t == '\\' ) /* continuation */ + break; + else if (isspace(*t)) /* skip space */ + t++; + else if (isdigit(*t)) /* an address? */ + { + u_int32_t tmp; + u_int32_t tmpa, tmpb, tmpc, tmpd; + + sscanf(t, "%d.%d.%d.%d", &tmpa, &tmpb, &tmpc, &tmpd); + tmp = (tmpa << 24) | (tmpb << 16) | (tmpc << 8) | tmpd; + + while (*t == '.' || isdigit(*t)) /* done with this address */ + t++; + + if (tmp != -1) { /* an address (and not broadcast) */ + u_int32_t mask = (u_int32_t)~0; + + if (*t == '/') { + ++t; + mask <<= 32 - atoi(t); + + while(isdigit(*t)) + ++t; + } + + if ((tmp & mask) == (a & mask)) + hit_a = 1; + if ((tmp & mask) == (b & mask)) + hit_b = 1; + if (hit_a && hit_b) { + fclose(fil); + return 1; + } + } + } + else + ++t; /* garbage on this line, skip it */ + + } + + fclose(fil); + return 0; +} diff --git a/crypto/kerberosIV/lib/krb/krb_err.et b/crypto/kerberosIV/lib/krb/krb_err.et new file mode 100644 index 0000000..4e32aed --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_err.et @@ -0,0 +1,257 @@ +# Copyright 1987,1988 Massachusetts Institute of Technology +# +# For copying and distribution information, see the file +# "mit-copyright.h". +# +# $Id: krb_err.et,v 1.4 1996/10/27 13:30:28 bg Exp $ +# + error_table krb + + ec KRBET_KSUCCESS, + "Kerberos successful" + + ec KRBET_KDC_NAME_EXP, + "Kerberos principal expired" + + ec KRBET_KDC_SERVICE_EXP, + "Kerberos service expired" + + ec KRBET_KDC_AUTH_EXP, + "Kerberos auth expired" + + ec KRBET_KDC_PKT_VER, + "Incorrect kerberos master key version" + + ec KRBET_KDC_P_MKEY_VER, + "Incorrect kerberos master key version" + + ec KRBET_KDC_S_MKEY_VER, + "Incorrect kerberos master key version" + + ec KRBET_KDC_BYTE_ORDER, + "Kerberos error: byte order unknown" + + ec KRBET_KDC_PR_UNKNOWN, + "Kerberos principal unknown" + + ec KRBET_KDC_PR_N_UNIQUE, + "Kerberos principal not unique" + + ec KRBET_KDC_NULL_KEY, + "Kerberos principal has null key" + + ec KRBET_KRB_RES11, + "Reserved 11" + + ec KRBET_KRB_RES12, + "Reserved 12" + + ec KRBET_KRB_RES13, + "Reserved 13" + + ec KRBET_KRB_RES14, + "Reserved 14" + + ec KRBET_KRB_RES15, + "Reserved 15" + + ec KRBET_KRB_RES16, + "Reserved 16" + + ec KRBET_KRB_RES17, + "Reserved 17" + + ec KRBET_KRB_RES18, + "Reserved 18" + + ec KRBET_KRB_RES19, + "Reserved 19" + + ec KRBET_KDC_GEN_ERR, + "Generic error from Kerberos KDC" + + ec KRBET_GC_TKFIL, + "Can't read Kerberos ticket file" + + ec KRBET_GC_NOTKT, + "Can't find Kerberos ticket or TGT" + + ec KRBET_KRB_RES23, + "Reserved 23" + + ec KRBET_KRB_RES24, + "Reserved 24" + + ec KRBET_KRB_RES25, + "Reserved 25" + + ec KRBET_MK_AP_TGTEXP, + "Kerberos TGT Expired" + + ec KRBET_KRB_RES27, + "Reserved 27" + + ec KRBET_KRB_RES28, + "Reserved 28" + + ec KRBET_KRB_RES29, + "Reserved 29" + + ec KRBET_KRB_RES30, + "Reserved 30" + + ec KRBET_RD_AP_UNDEC, + "Kerberos error: Can't decode authenticator" + + ec KRBET_RD_AP_EXP, + "Kerberos ticket expired" + + ec KRBET_RD_AP_NYV, + "Kerberos ticket not yet valid" + + ec KRBET_RD_AP_REPEAT, + "Kerberos error: Repeated request" + + ec KRBET_RD_AP_NOT_US, + "The kerberos ticket isn't for us" + + ec KRBET_RD_AP_INCON, + "Kerberos request inconsistent" + + ec KRBET_RD_AP_TIME, + "Kerberos error: delta_t too big" + + ec KRBET_RD_AP_BADD, + "Kerberos error: incorrect net address" + + ec KRBET_RD_AP_VERSION, + "Kerberos protocol version mismatch" + + ec KRBET_RD_AP_MSG_TYPE, + "Kerberos error: invalid msg type" + + ec KRBET_RD_AP_MODIFIED, + "Kerberos error: message stream modified" + + ec KRBET_RD_AP_ORDER, + "Kerberos error: message out of order" + + ec KRBET_RD_AP_UNAUTHOR, + "Kerberos error: unauthorized request" + + ec KRBET_KRB_RES44, + "Reserved 44" + + ec KRBET_KRB_RES45, + "Reserved 45" + + ec KRBET_KRB_RES46, + "Reserved 46" + + ec KRBET_KRB_RES47, + "Reserved 47" + + ec KRBET_KRB_RES48, + "Reserved 48" + + ec KRBET_KRB_RES49, + "Reserved 49" + + ec KRBET_KRB_RES50, + "Reserved 50" + + ec KRBET_GT_PW_NULL, + "Kerberos error: current PW is null" + + ec KRBET_GT_PW_BADPW, + "Kerberos error: Incorrect current password" + + ec KRBET_GT_PW_PROT, + "Kerberos protocol error" + + ec KRBET_GT_PW_KDCERR, + "Error returned by Kerberos KDC" + + ec KRBET_GT_PW_NULLTKT, + "Null Kerberos ticket returned by KDC" + + ec KRBET_SKDC_RETRY, + "Kerberos error: Retry count exceeded" + + ec KRBET_SKDC_CANT, + "Kerberos error: Can't send request" + + ec KRBET_KRB_RES58, + "Reserved 58" + + ec KRBET_KRB_RES59, + "Reserved 59" + + ec KRBET_KRB_RES60, + "Reserved 60" + + ec KRBET_INTK_W_NOTALL, + "Kerberos error: not all tickets returned" + + ec KRBET_INTK_BADPW, + "Kerberos error: incorrect password" + + ec KRBET_INTK_PROT, + "Kerberos error: Protocol Error" + + ec KRBET_KRB_RES64, + "Reserved 64" + + ec KRBET_KRB_RES65, + "Reserved 65" + + ec KRBET_KRB_RES66, + "Reserved 66" + + ec KRBET_KRB_RES67, + "Reserved 67" + + ec KRBET_KRB_RES68, + "Reserved 68" + + ec KRBET_KRB_RES69, + "Reserved 69" + + ec KRBET_INTK_ERR, + "Other error" + + ec KRBET_AD_NOTGT, + "Don't have Kerberos ticket-granting ticket" + + ec KRBET_KRB_RES72, + "Can't get Kerberos inter-realm ticket-granting ticket" + + ec KRBET_KRB_RES73, + "Reserved 73" + + ec KRBET_KRB_RES74, + "Reserved 74" + + ec KRBET_KRB_RES75, + "Reserved 75" + + ec KRBET_NO_TKT_FIL, + "No ticket file found" + + ec KRBET_TKT_FIL_ACC, + "Couldn't access ticket file" + + ec KRBET_TKT_FIL_LCK, + "Couldn't lock ticket file" + + ec KRBET_TKT_FIL_FMT, + "Bad ticket file format" + + ec KRBET_TKT_FIL_INI, + "tf_init not called first" + + ec KRBET_KNAME_FMT, + "Bad Kerberos name format" + + end + diff --git a/crypto/kerberosIV/lib/krb/krb_err_txt.c b/crypto/kerberosIV/lib/krb/krb_err_txt.c new file mode 100644 index 0000000..161aa0f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_err_txt.c @@ -0,0 +1,299 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: krb_err_txt.c,v 1.12 1997/04/02 05:37:10 joda Exp $"); + +/* + * This file contains an array of error text strings. + * The associated error codes (which are defined in "krb.h") + * follow the string in the comments at the end of each line. + */ + +const char *krb_err_txt[256] = { + "OK", /* 000 */ + "Principal expired (kerberos)", /* 001 */ + "Service expired (kerberos)", /* 002 */ + "Authentication expired (kerberos)", /* 003 */ + "Unknown protocol version number (kerberos)", /* 004 */ + "Principal: Incorrect master key version (kerberos)", /* 005 */ + "Service: Incorrect master key version (kerberos)", /* 006 */ + "Bad byte order (kerberos)", /* 007 */ + "Principal unknown (kerberos)", /* 008 */ + "Principal not unique (kerberos)", /* 009 */ + "Principal has null key (kerberos)", /* 010 */ + "Timeout in request (kerberos)", /* 011 */ + "Reserved error message 12 (kerberos)", /* 012 */ + "Reserved error message 13 (kerberos)", /* 013 */ + "Reserved error message 14 (kerberos)", /* 014 */ + "Reserved error message 15 (kerberos)", /* 015 */ + "Reserved error message 16 (kerberos)", /* 016 */ + "Reserved error message 17 (kerberos)", /* 017 */ + "Reserved error message 18 (kerberos)", /* 018 */ + "Reserved error message 19 (kerberos)", /* 019 */ + "Permission Denied (kerberos)", /* 020 */ + "Can't read ticket file (krb_get_cred)", /* 021 */ + "Can't find ticket (krb_get_cred)", /* 022 */ + "Reserved error message 23 (krb_get_cred)", /* 023 */ + "Reserved error message 24 (krb_get_cred)", /* 024 */ + "Reserved error message 25 (krb_get_cred)", /* 025 */ + "Ticket granting ticket expired (krb_mk_req)", /* 026 */ + "Reserved error message 27 (krb_mk_req)", /* 027 */ + "Reserved error message 28 (krb_mk_req)", /* 028 */ + "Reserved error message 29 (krb_mk_req)", /* 029 */ + "Reserved error message 30 (krb_mk_req)", /* 030 */ + "Can't decode authenticator (krb_rd_req)", /* 031 */ + "Ticket expired (krb_rd_req)", /* 032 */ + "Ticket issue date too far in the future (krb_rd_req)",/* 033 */ + "Repeat request (krb_rd_req)", /* 034 */ + "Ticket for wrong server (krb_rd_req)", /* 035 */ + "Request inconsistent (krb_rd_req)", /* 036 */ + "Time is out of bounds (krb_rd_req)", /* 037 */ + "Incorrect network address (krb_rd_req)", /* 038 */ + "Protocol version mismatch (krb_rd_req)", /* 039 */ + "Illegal message type (krb_rd_req)", /* 040 */ + "Message integrity error (krb_rd_req)", /* 041 */ + "Message duplicate or out of order (krb_rd_req)", /* 042 */ + "Unauthorized request (krb_rd_req)", /* 043 */ + "Reserved error message 44 (krb_rd_req)", /* 044 */ + "Reserved error message 45 (krb_rd_req)", /* 045 */ + "Reserved error message 46 (krb_rd_req)", /* 046 */ + "Reserved error message 47 (krb_rd_req)", /* 047 */ + "Reserved error message 48 (krb_rd_req)", /* 048 */ + "Reserved error message 49 (krb_rd_req)", /* 049 */ + "Reserved error message 50 (krb_rd_req)", /* 050 */ + "Current password is NULL (get_pw_tkt)", /* 051 */ + "Current password incorrect (get_pw_tkt)", /* 052 */ + "Protocol error (gt_pw_tkt)", /* 053 */ + "Error returned by KDC (gt_pw_tkt)", /* 054 */ + "Null ticket returned by KDC (gt_pw_tkt)", /* 055 */ + "Retry count exceeded (send_to_kdc)", /* 056 */ + "Can't send request (send_to_kdc)", /* 057 */ + "Reserved error message 58 (send_to_kdc)", /* 058 */ + "Reserved error message 59 (send_to_kdc)", /* 059 */ + "Reserved error message 60 (send_to_kdc)", /* 060 */ + "Warning: Not ALL tickets returned", /* 061 */ + "Password incorrect", /* 062 */ + "Protocol error (get_in_tkt)", /* 063 */ + "Reserved error message 64 (get_in_tkt)", /* 064 */ + "Reserved error message 65 (get_in_tkt)", /* 065 */ + "Reserved error message 66 (get_in_tkt)", /* 066 */ + "Reserved error message 67 (get_in_tkt)", /* 067 */ + "Reserved error message 68 (get_in_tkt)", /* 068 */ + "Reserved error message 69 (get_in_tkt)", /* 069 */ + "Generic error (get_in_tkt)(can't write ticket file)", /* 070 */ + "Don't have ticket granting ticket (get_ad_tkt)", /* 071 */ + "Can't get inter-realm ticket granting ticket (get_ad_tkt)", /* 072 */ + "Reserved error message 73 (get_ad_tkt)", /* 073 */ + "Reserved error message 74 (get_ad_tkt)", /* 074 */ + "Reserved error message 75 (get_ad_tkt)", /* 075 */ + "No ticket file (tf_util)", /* 076 */ + "Can't access ticket file (tf_util)", /* 077 */ + "Can't lock ticket file; try later (tf_util)", /* 078 */ + "Bad ticket file format (tf_util)", /* 079 */ + "Read ticket file before tf_init (tf_util)", /* 080 */ + "Bad Kerberos name format (kname_parse)", /* 081 */ + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "(reserved)", + "Generic kerberos error (kfailure)", /* 255 */ +}; + +static const char err_failure[] = "Illegal error code passed (krb_get_err_text)"; + +const char * +krb_get_err_text(int code) +{ + if(code < 0 || code >= MAX_KRB_ERRORS) + return err_failure; + return krb_err_txt[code]; +} diff --git a/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c b/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c new file mode 100644 index 0000000..d3e6cc1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_get_in_tkt.c @@ -0,0 +1,175 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: krb_get_in_tkt.c,v 1.20 1997/04/01 08:18:34 joda Exp $"); + +/* + * decrypt_tkt(): Given user, instance, realm, passwd, key_proc + * and the cipher text sent from the KDC, decrypt the cipher text + * using the key returned by key_proc. + */ + +static int +decrypt_tkt(char *user, char *instance, char *realm, + void *arg, key_proc_t key_proc, KTEXT *cip) +{ + des_cblock key; /* Key for decrypting cipher */ + int ret; + + ret = key_proc(user, instance, realm, arg, &key); + if (ret != 0) + return ret; + + encrypt_ktext(*cip, &key, DES_DECRYPT); + + memset(&key, 0, sizeof(key)); + return 0; +} + +/* + * krb_get_in_tkt() gets a ticket for a given principal to use a given + * service and stores the returned ticket and session key for future + * use. + * + * The "user", "instance", and "realm" arguments give the identity of + * the client who will use the ticket. The "service" and "sinstance" + * arguments give the identity of the server that the client wishes + * to use. (The realm of the server is the same as the Kerberos server + * to whom the request is sent.) The "life" argument indicates the + * desired lifetime of the ticket; the "key_proc" argument is a pointer + * to the routine used for getting the client's private key to decrypt + * the reply from Kerberos. The "decrypt_proc" argument is a pointer + * to the routine used to decrypt the reply from Kerberos; and "arg" + * is an argument to be passed on to the "key_proc" routine. + * + * If all goes well, krb_get_in_tkt() returns INTK_OK, otherwise it + * returns an error code: If an AUTH_MSG_ERR_REPLY packet is returned + * by Kerberos, then the error code it contains is returned. Other + * error codes returned by this routine include INTK_PROT to indicate + * wrong protocol version, INTK_BADPW to indicate bad password (if + * decrypted ticket didn't make sense), INTK_ERR if the ticket was for + * the wrong server or the ticket store couldn't be initialized. + * + * The format of the message sent to Kerberos is as follows: + * + * Size Variable Field + * ---- -------- ----- + * + * 1 byte KRB_PROT_VERSION protocol version number + * 1 byte AUTH_MSG_KDC_REQUEST | message type + * HOST_BYTE_ORDER local byte order in lsb + * string user client's name + * string instance client's instance + * string realm client's realm + * 4 bytes tlocal.tv_sec timestamp in seconds + * 1 byte life desired lifetime + * string service service's name + * string sinstance service's instance + */ + +int +krb_get_in_tkt(char *user, char *instance, char *realm, + char *service, char *sinstance, int life, + key_proc_t key_proc, decrypt_proc_t decrypt_proc, void *arg) +{ + KTEXT_ST pkt_st; + KTEXT pkt = &pkt_st; /* Packet to KDC */ + KTEXT_ST rpkt_st; + KTEXT rpkt = &rpkt_st; /* Returned packet */ + + int kerror; + struct timeval tv; + + /* BUILD REQUEST PACKET */ + + unsigned char *p = pkt->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_KDC_REQUEST, p, 1); + + p += krb_put_nir(user, instance, realm, p); + + gettimeofday(&tv, NULL); + p += krb_put_int(tv.tv_sec, p, 4); + p += krb_put_int(life, p, 1); + + p += krb_put_nir(service, sinstance, NULL, p); + + pkt->length = p - pkt->dat; + + rpkt->length = 0; + + /* SEND THE REQUEST AND RECEIVE THE RETURN PACKET */ + + if ((kerror = send_to_kdc(pkt, rpkt, realm))) return(kerror); + + p = rpkt->dat; + + { + CREDENTIALS cred; + KTEXT_ST cip; + KTEXT foo = &cip; /* braindamage */ + + kerror = kdc_reply_cipher(rpkt, &cip); + if(kerror != KSUCCESS) + return kerror; + + if (decrypt_proc == NULL) + decrypt_proc = decrypt_tkt; + (*decrypt_proc)(user, instance, realm, arg, key_proc, &foo); + + kerror = kdc_reply_cred(&cip, &cred); + if(kerror != KSUCCESS) + return kerror; + + if (strcmp(cred.service, service) || + strcmp(cred.instance, sinstance) || + strcmp(cred.realm, realm)) /* not what we asked for */ + return INTK_ERR; /* we need a better code here XXX */ + + if (abs((int)(tv.tv_sec - cred.issue_date)) > CLOCK_SKEW) { + return RD_AP_TIME; /* XXX should probably be better code */ + } + + /* initialize ticket cache */ + + return tf_setup(&cred, user, instance); + } +} diff --git a/crypto/kerberosIV/lib/krb/krb_locl.h b/crypto/kerberosIV/lib/krb/krb_locl.h new file mode 100644 index 0000000..4475883 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/krb_locl.h @@ -0,0 +1,163 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: krb_locl.h,v 1.42 1997/05/20 18:40:45 bg Exp $ */ + +#ifndef __krb_locl_h +#define __krb_locl_h + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include "protos.h" + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include <assert.h> +#include <stdarg.h> + +#include <errno.h> + +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif + +#ifdef HAVE_IO_H +#include <io.h> +#endif + +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif + +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_SYS_FILE_H +#include <sys/file.h> +#endif +#ifdef HAVE_SYS_SELECT_H +#include <sys/select.h> +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif + +#ifdef HAVE_WINSOCK_H +#include <winsock.h> +#endif + +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif + +#ifdef HAVE_ARPA_NAMESER_H +#include <arpa/nameser.h> +#endif +#ifdef HAVE_RESOLV_H +#include <resolv.h> +#endif + +#ifdef SOCKS +#include <socks.h> +#endif + +#include <roken.h> + +#include <krb.h> +#include <prot.h> + +#include "resolve.h" + +/* --- */ + +/* Globals! */ +extern int krb_debug; +extern int krb_ap_req_debug; + +/* Utils */ +int krb_name_to_name(const char *, char *, size_t); + +void encrypt_ktext(KTEXT cip, des_cblock *key, int encrypt); +int kdc_reply_cred(KTEXT cip, CREDENTIALS *cred); +int kdc_reply_cipher(KTEXT reply, KTEXT cip); + +#ifndef HAVE_GETTIMEOFDAY +int gettimeofday (struct timeval *, void *); +#endif + +void k_ricercar(char*); + +/* safe multiple strcat */ +int k_concat(char*, size_t, ...); +int k_vconcat(char*, size_t, va_list); + +/* mallocing versions of the above */ +size_t k_vmconcat (char**, size_t, va_list); +size_t k_mconcat (char**, size_t, ...); + +/* used in rd_safe.c and mk_safe.c */ + +void fixup_quad_cksum(void *start, size_t len, des_cblock *key, + void *new_checksum, void *old_checksum, int little); + +#endif /* __krb_locl_h */ diff --git a/crypto/kerberosIV/lib/krb/kuserok.c b/crypto/kerberosIV/lib/krb/kuserok.c new file mode 100644 index 0000000..e3d5e6b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/kuserok.c @@ -0,0 +1,156 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: kuserok.c,v 1.21 1997/04/01 08:18:35 joda Exp $"); + +#define OK 0 +#define NOTOK 1 +#define MAX_USERNAME 10 + +/* + * Given a Kerberos principal and a local username, determine whether + * user is authorized to login according to the authorization file + * ("~luser/.klogin" by default). Returns OK if authorized, NOTOK if + * not authorized. + * + * IMPORTANT CHANGE: To eliminate the need of making a distinction + * between the 3 cases: + * + * 1. We can't verify that a .klogin file doesn't exist (no home dir). + * 2. It's there but we aren't allowed to read it. + * 3. We can read it and ~luser@LOCALREALM is (not) included. + * + * We instead make the assumption that luser@LOCALREALM is *always* + * included. Thus it is impossible to have an empty .klogin file and + * also to exclude luser@LOCALREALM from it. Root is treated differently + * since it's home should always be available. + * + * OLD STRATEGY: + * If there is no account for "luser" on the local machine, returns + * NOTOK. If there is no authorization file, and the given Kerberos + * name "kdata" translates to the same name as "luser" (using + * krb_kntoln()), returns OK. Otherwise, if the authorization file + * can't be accessed, returns NOTOK. Otherwise, the file is read for + * a matching principal name, instance, and realm. If one is found, + * returns OK, if none is found, returns NOTOK. + * + * The file entries are in the format: + * + * name.instance@realm + * + * one entry per line. + * + */ + +int +krb_kuserok(char *name, char *instance, char *realm, char *luser) +{ + struct passwd *pwd; + char lrealm[REALM_SZ]; + FILE *f; + char line[1024]; + char file[MaxPathLen]; + struct stat st; + + pwd = getpwnam(luser); + if(pwd == NULL) + return NOTOK; + if(krb_get_lrealm(lrealm, 1)) + return NOTOK; + if(pwd->pw_uid != 0 && + strcmp(name, luser) == 0 && + strcmp(instance, "") == 0 && + strcmp(realm, lrealm) == 0) + return OK; + strcpy(file, pwd->pw_dir); + strcat(file, "/.klogin"); + + f = fopen(file, "r"); + if(f == NULL) + return NOTOK; + + /* this is not a working test in filesystems like AFS and DFS */ + if(fstat(fileno(f), &st) < 0){ + fclose(f); + return NOTOK; + } + + if(st.st_uid != pwd->pw_uid){ + fclose(f); + return NOTOK; + } + + while(fgets(line, sizeof(line), f)){ + char fname[ANAME_SZ], finst[INST_SZ], frealm[REALM_SZ]; + if(line[strlen(line) - 1] != '\n') + /* read till end of line */ + while(1){ + int c = fgetc(f); + if(c == '\n' || c == EOF) + break; + } + else + line[strlen(line) - 1] = 0; + + if(kname_parse(fname, finst, frealm, line)) + continue; + if(strcmp(name, fname)) + continue; + if(strcmp(instance, finst)) + continue; + if(frealm[0] == 0) + strcpy(frealm, lrealm); + if(strcmp(realm, frealm)) + continue; + fclose(f); + return OK; + } + fclose(f); + return NOTOK; +} + +/* compatibility interface */ + +int +kuserok(AUTH_DAT *auth, char *luser) +{ + return krb_kuserok(auth->pname, auth->pinst, auth->prealm, luser); +} + diff --git a/crypto/kerberosIV/lib/krb/lifetime.c b/crypto/kerberosIV/lib/krb/lifetime.c new file mode 100644 index 0000000..1866996 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/lifetime.c @@ -0,0 +1,213 @@ +/* + * Ticket lifetime. This defines the table used to lookup lifetime + * for the fixed part of rande of the one byte lifetime field. Values + * less than 0x80 are intrpreted as the number of 5 minute intervals. + * Values from 0x80 to 0xBF should be looked up in this table. The + * value of 0x80 is the same using both methods: 10 and two-thirds + * hours . The lifetime of 0xBF is 30 days. The intervening values + * of have a fixed ratio of roughly 1.06914. The value 0xFF is + * defined to mean a ticket has no expiration time. This should be + * used advisedly since individual servers may impose defacto + * upperbounds on ticket lifetimes. + */ + +#include "krb_locl.h" + +RCSID("$Id: lifetime.c,v 1.9 1997/05/02 14:29:18 assar Exp $"); + +/* If you want to disable this feature */ +int krb_no_long_lifetimes = 0; + +#define TKTLIFENUMFIXED 64 +#define TKTLIFEMINFIXED 0x80 +#define TKTLIFEMAXFIXED 0xBF +#define TKTLIFENOEXPIRE 0xFF +#define MAXTKTLIFETIME (30*24*3600) /* 30 days */ +#ifndef NEVERDATE +#define NEVERDATE ((unsigned long)0x7fffffffL) +#endif + +static const int tkt_lifetimes[TKTLIFENUMFIXED] = { + 38400, /* 10.67 hours, 0.44 days */ + 41055, /* 11.40 hours, 0.48 days */ + 43894, /* 12.19 hours, 0.51 days */ + 46929, /* 13.04 hours, 0.54 days */ + 50174, /* 13.94 hours, 0.58 days */ + 53643, /* 14.90 hours, 0.62 days */ + 57352, /* 15.93 hours, 0.66 days */ + 61318, /* 17.03 hours, 0.71 days */ + 65558, /* 18.21 hours, 0.76 days */ + 70091, /* 19.47 hours, 0.81 days */ + 74937, /* 20.82 hours, 0.87 days */ + 80119, /* 22.26 hours, 0.93 days */ + 85658, /* 23.79 hours, 0.99 days */ + 91581, /* 25.44 hours, 1.06 days */ + 97914, /* 27.20 hours, 1.13 days */ + 104684, /* 29.08 hours, 1.21 days */ + 111922, /* 31.09 hours, 1.30 days */ + 119661, /* 33.24 hours, 1.38 days */ + 127935, /* 35.54 hours, 1.48 days */ + 136781, /* 37.99 hours, 1.58 days */ + 146239, /* 40.62 hours, 1.69 days */ + 156350, /* 43.43 hours, 1.81 days */ + 167161, /* 46.43 hours, 1.93 days */ + 178720, /* 49.64 hours, 2.07 days */ + 191077, /* 53.08 hours, 2.21 days */ + 204289, /* 56.75 hours, 2.36 days */ + 218415, /* 60.67 hours, 2.53 days */ + 233517, /* 64.87 hours, 2.70 days */ + 249664, /* 69.35 hours, 2.89 days */ + 266926, /* 74.15 hours, 3.09 days */ + 285383, /* 79.27 hours, 3.30 days */ + 305116, /* 84.75 hours, 3.53 days */ + 326213, /* 90.61 hours, 3.78 days */ + 348769, /* 96.88 hours, 4.04 days */ + 372885, /* 103.58 hours, 4.32 days */ + 398668, /* 110.74 hours, 4.61 days */ + 426234, /* 118.40 hours, 4.93 days */ + 455705, /* 126.58 hours, 5.27 days */ + 487215, /* 135.34 hours, 5.64 days */ + 520904, /* 144.70 hours, 6.03 days */ + 556921, /* 154.70 hours, 6.45 days */ + 595430, /* 165.40 hours, 6.89 days */ + 636601, /* 176.83 hours, 7.37 days */ + 680618, /* 189.06 hours, 7.88 days */ + 727680, /* 202.13 hours, 8.42 days */ + 777995, /* 216.11 hours, 9.00 days */ + 831789, /* 231.05 hours, 9.63 days */ + 889303, /* 247.03 hours, 10.29 days */ + 950794, /* 264.11 hours, 11.00 days */ + 1016537, /* 282.37 hours, 11.77 days */ + 1086825, /* 301.90 hours, 12.58 days */ + 1161973, /* 322.77 hours, 13.45 days */ + 1242318, /* 345.09 hours, 14.38 days */ + 1328218, /* 368.95 hours, 15.37 days */ + 1420057, /* 394.46 hours, 16.44 days */ + 1518247, /* 421.74 hours, 17.57 days */ + 1623226, /* 450.90 hours, 18.79 days */ + 1735464, /* 482.07 hours, 20.09 days */ + 1855462, /* 515.41 hours, 21.48 days */ + 1983758, /* 551.04 hours, 22.96 days */ + 2120925, /* 589.15 hours, 24.55 days */ + 2267576, /* 629.88 hours, 26.25 days */ + 2424367, /* 673.44 hours, 28.06 days */ + 2592000}; /* 720.00 hours, 30.00 days */ + +/* + * krb_life_to_time - takes a start time and a Kerberos standard + * lifetime char and returns the corresponding end time. There are + * four simple cases to be handled. The first is a life of 0xff, + * meaning no expiration, and results in an end time of 0xffffffff. + * The second is when life is less than the values covered by the + * table. In this case, the end time is the start time plus the + * number of 5 minute intervals specified by life. The third case + * returns start plus the MAXTKTLIFETIME if life is greater than + * TKTLIFEMAXFIXED. The last case, uses the life value (minus + * TKTLIFEMINFIXED) as an index into the table to extract the lifetime + * in seconds, which is added to start to produce the end time. + */ +u_int32_t +krb_life_to_time(u_int32_t start, int life_) +{ + unsigned char life = (unsigned char) life_; + + if (krb_no_long_lifetimes) return start + life*5*60; + + if (life == TKTLIFENOEXPIRE) return NEVERDATE; + if (life < TKTLIFEMINFIXED) return start + life*5*60; + if (life > TKTLIFEMAXFIXED) return start + MAXTKTLIFETIME; + return start + tkt_lifetimes[life - TKTLIFEMINFIXED]; +} + +/* + * krb_time_to_life - takes start and end times for the ticket and + * returns a Kerberos standard lifetime char, possibily using the + * tkt_lifetimes table for lifetimes above 127*5 minutes. First, the + * special case of (end == NEVERDATE) is handled to mean no + * expiration. Then negative lifetimes and those greater than the + * maximum ticket lifetime are rejected. Then lifetimes less than the + * first table entry are handled by rounding the requested lifetime + * *up* to the next 5 minute interval. The final step is to search + * the table for the smallest entry *greater than or equal* to the + * requested entry. + */ +int krb_time_to_life(u_int32_t start, u_int32_t end) +{ + int i; + long lifetime = end - start; + + if (krb_no_long_lifetimes) return (lifetime + 5*60 - 1)/(5*60); + + if (end >= NEVERDATE) return TKTLIFENOEXPIRE; + if (lifetime > MAXTKTLIFETIME || lifetime <= 0) return 0; + if (lifetime < tkt_lifetimes[0]) return (lifetime + 5*60 - 1)/(5*60); + for (i=0; i<TKTLIFENUMFIXED; i++) { + if (lifetime <= tkt_lifetimes[i]) { + return i+TKTLIFEMINFIXED; + } + } + return 0; +} + +char * +krb_life_to_atime(int life) +{ + static char atime[11+1+2+1+2+1+2+1]; + unsigned long when; + int secs, mins, hours; + + if (life == TKTLIFENOEXPIRE && !krb_no_long_lifetimes) + return("Forever"); + when = krb_life_to_time(0, life); + secs = when%60; + when /= 60; + mins = when%60; + when /= 60; + hours = when%24; + when /= 24; + snprintf(atime, sizeof(atime), "%d+%02d:%02d:%02d", (int)when, hours, mins, secs); + return(atime); +} + +int +krb_atime_to_life(char *atime) +{ + unsigned long when = 0; + char *cp; + int colon = 0, plus = 0; + int n = 0; + + if (strcasecmp(atime, "forever") == 0) + return(TKTLIFENOEXPIRE); + + for (cp=atime; *cp; cp++) { + switch(*cp) { + case '0': case '1': case '2': case '3': case '4': + case '5': case '6': case '7': case '8': case '9': + n = n*10 + *cp-'0'; + break; + case '+': + plus++; + when += n; + when *= 24; + n = 0; + break; + case ':': + colon++; + when += n; + when *= 60; + n = 0; + break; + default: + break; + } + } + when += n; + if (plus == 0 && colon == 0) + return((unsigned char)when); + while (colon < 2) { + when *= 60; + colon++; + } + return(krb_time_to_life(0,when)); +} diff --git a/crypto/kerberosIV/lib/krb/logging.c b/crypto/kerberosIV/lib/krb/logging.c new file mode 100644 index 0000000..15e5bde --- /dev/null +++ b/crypto/kerberosIV/lib/krb/logging.c @@ -0,0 +1,240 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" +#include <klog.h> + +RCSID("$Id: logging.c,v 1.14 1997/05/11 09:01:40 assar Exp $"); + +struct krb_log_facility { + char filename[MaxPathLen]; + FILE *file; + krb_log_func_t func; +}; + +int +krb_vlogger(struct krb_log_facility *f, const char *format, va_list args) +{ + FILE *file = NULL; + int ret; + + if (f->file != NULL) + file = f->file; + else if (f->filename && f->filename[0]) + file = fopen(f->filename, "a"); + + ret = f->func(file, format, args); + + if (file != f->file) + fclose(file); + return ret; +} + +int +krb_logger(struct krb_log_facility *f, const char *format, ...) +{ + va_list args; + int ret; + va_start(args, format); + ret = krb_vlogger(f, format, args); + va_end(args); + return ret; +} + +/* + * If FILE * is given log to it, otherwise, log to filename. When + * given a file name the file is opened and closed for each log + * record. + */ +int +krb_openlog(struct krb_log_facility *f, + char *filename, + FILE *file, + krb_log_func_t func) +{ + strcpy(f->filename, filename); + f->file = file; + f->func = func; + return KSUCCESS; +} + +/* ------------------------------------------------------------ + Compatibility functions from warning.c + ------------------------------------------------------------ */ + +static int +log_tty(FILE *f, const char *format, va_list args) +{ + if (f != NULL && isatty(fileno(f))) + vfprintf(f, format, args); + return KSUCCESS; +} + +/* stderr */ +static struct krb_log_facility std_log = { "/dev/tty", NULL, log_tty }; + +static void +init_std_log () +{ + static int done = 0; + + if (!done) { + std_log.file = stderr; + done = 1; + } +} + +/* + * + */ +void +krb_set_warnfn (krb_warnfn_t newfunc) +{ + init_std_log (); + std_log.func = newfunc; +} + +/* + * + */ +krb_warnfn_t +krb_get_warnfn (void) +{ + init_std_log (); + return std_log.func; +} + +/* + * Log warnings to stderr if it's a tty. + */ +void +krb_warning (const char *format, ...) +{ + va_list args; + + init_std_log (); + va_start(args, format); + krb_vlogger(&std_log, format, args); + va_end(args); +} + +/* ------------------------------------------------------------ + Compatibility functions from klog.c and log.c + ------------------------------------------------------------ */ + +/* + * Used by kerberos and kadmind daemons and in libkrb (rd_req.c). + * + * By default they log to the kerberos server log-file (KRBLOG) to be + * backwards compatible. + */ + +static int +log_with_timestamp_and_nl(FILE *file, const char *format, va_list args) +{ + time_t now; + if(file == NULL) + return KFAILURE; + time(&now); + fputs(krb_stime(&now), file); + fputs(": ", file); + vfprintf(file, format, args); + fputs("\n", file); + fflush(file); + return KSUCCESS; +} + +static struct krb_log_facility +file_log = { KRBLOG, NULL, log_with_timestamp_and_nl }; + +/* + * kset_logfile() changes the name of the file to which + * messages are logged. If kset_logfile() is not called, + * the logfile defaults to KRBLOG, defined in "krb.h". + */ + +void +kset_logfile(char *filename) +{ + krb_openlog(&file_log, filename, NULL, log_with_timestamp_and_nl); +} + +/* + * krb_log() and klog() is used to add entries to the logfile. + * + * The log entry consists of a timestamp and the given arguments + * printed according to the given "format" string. + * + * The log file is opened and closed for each log entry. + * + * If the given log type "type" is unknown, or if the log file + * cannot be opened, no entry is made to the log file. + * + * CHANGE: the type is always ignored + * + * The return value of klog() is always a pointer to the formatted log + * text string "logtxt". + */ + +/* Used in kerberos.c only. */ +char * +klog(int type, const char *format, ...) +{ + static char logtxt[1024]; + + va_list ap; + + va_start(ap, format); + vsnprintf(logtxt, sizeof(logtxt), format, ap); + va_end(ap); + + krb_logger(&file_log, "%s", logtxt); + + return logtxt; +} + +/* Used in kadmind and rd_req.c */ +void +krb_log(const char *format, ...) +{ + va_list args; + + va_start(args, format); + krb_vlogger(&file_log, format, args); + va_end(args); +} diff --git a/crypto/kerberosIV/lib/krb/lsb_addr_comp.c b/crypto/kerberosIV/lib/krb/lsb_addr_comp.c new file mode 100644 index 0000000..bc3c484 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/lsb_addr_comp.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: lsb_addr_comp.c,v 1.9 1997/04/01 08:18:37 joda Exp $"); + +#include "lsb_addr_comp.h" + +int +krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y) +{ + int i; + u_int32_t a = 0, b = 0; + u_int8_t *p = (u_int8_t*) &x; + u_int8_t *q = (u_int8_t*) &y; + + for(i = sizeof(u_int32_t) - 1; i >= 0; i--){ + a = (a << 8) | p[i]; + b = (b << 8) | q[i]; + } + if(a > b) + return 1; + if(a < b) + return -1; + return 0; +} + +int +krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y) +{ + int i; + u_int16_t a = 0, b = 0; + u_int8_t *p = (u_int8_t*) &x; + u_int8_t *q = (u_int8_t*) &y; + + for(i = sizeof(u_int16_t) - 1; i >= 0; i--){ + a = (a << 8) | p[i]; + b = (b << 8) | q[i]; + } + if(a > b) + return 1; + if(a < b) + return -1; + return 0; +} + +u_int32_t +lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst) +{ + /* + * direction bit is the sign bit of the timestamp. Ok until + * 2038?? + */ + /* For compatibility with broken old code, compares are done in VAX + byte order (LSBFIRST) */ + if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, /* src < recv */ + dst->sin_addr.s_addr) < 0) + t = -t; + else if (krb_lsb_antinet_ulong_less(src->sin_addr.s_addr, + dst->sin_addr.s_addr)==0) + if (krb_lsb_antinet_ushort_less(src->sin_port, dst->sin_port) < 0) + t = -t; + /* + * all that for one tiny bit! Heaven help those that talk to + * themselves. + */ + t = t & 0xffffffff; + return t; +} diff --git a/crypto/kerberosIV/lib/krb/lsb_addr_comp.h b/crypto/kerberosIV/lib/krb/lsb_addr_comp.h new file mode 100644 index 0000000..21adf06 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/lsb_addr_comp.h @@ -0,0 +1,26 @@ +/* + * $Id: lsb_addr_comp.h,v 1.6 1996/10/05 00:18:02 joda Exp $ + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Comparison macros to emulate LSBFIRST comparison results of network + * byte-order quantities + */ + +#ifndef LSB_ADDR_COMP_DEFS +#define LSB_ADDR_COMP_DEFS + +/* Compare x and y in VAX byte order, result is -1, 0 or 1. */ + +#define krb_lsb_antinet_ulong_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ulong_cmp(x, y)) + +#define krb_lsb_antinet_ushort_less(x, y) (((x) == (y)) ? 0 : krb_lsb_antinet_ushort_cmp(x, y)) + +int krb_lsb_antinet_ulong_cmp(u_int32_t x, u_int32_t y); +int krb_lsb_antinet_ushort_cmp(u_int16_t x, u_int16_t y); +u_int32_t lsb_time(time_t t, struct sockaddr_in *src, struct sockaddr_in *dst); + +#endif /* LSB_ADDR_COMP_DEFS */ diff --git a/crypto/kerberosIV/lib/krb/mk_auth.c b/crypto/kerberosIV/lib/krb/mk_auth.c new file mode 100644 index 0000000..7cfb36b --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_auth.c @@ -0,0 +1,96 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_auth.c,v 1.4 1997/04/01 08:18:35 joda Exp $"); + +/* + * Generate an authenticator for service.instance@realm. + * instance is canonicalized by `krb_get_phost' + * realm is set to the local realm if realm == NULL + * The ticket acquired by `krb_mk_req' is returned in `ticket' and the + * authenticator in `buf'. + * Options control the behaviour (see krb_sendauth). + */ + +int +krb_mk_auth(int32_t options, + KTEXT ticket, + char *service, + char *instance, + char *realm, + u_int32_t checksum, + char *version, + KTEXT buf) +{ + char realinst[INST_SZ]; + char realrealm[REALM_SZ]; + int ret; + unsigned char *p; + + if (options & KOPT_DONT_CANON) + strncpy(realinst, instance, sizeof(realinst)); + else + strncpy(realinst, krb_get_phost (instance), sizeof(realinst)); + + if (realm == NULL) { + ret = krb_get_lrealm (realrealm, 1); + if (ret != KSUCCESS) + return ret; + realm = realrealm; + } + + if(!(options & KOPT_DONT_MK_REQ)) { + ret = krb_mk_req (ticket, service, realinst, realm, checksum); + if (ret != KSUCCESS) + return ret; + } + + p = buf->dat; + + memcpy (p, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN); + p += KRB_SENDAUTH_VLEN; + memcpy (p, version, KRB_SENDAUTH_VLEN); + p += KRB_SENDAUTH_VLEN; + p += krb_put_int(ticket->length, p, 4); + memcpy(p, ticket->dat, ticket->length); + p += ticket->length; + buf->length = p - buf->dat; + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/mk_err.c b/crypto/kerberosIV/lib/krb/mk_err.c new file mode 100644 index 0000000..710587a --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_err.c @@ -0,0 +1,56 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_err.c,v 1.6 1997/03/23 03:53:14 joda Exp $"); + +/* + * This routine creates a general purpose error reply message. It + * doesn't use KTEXT because application protocol may have long + * messages, and may want this part of buffer contiguous to other + * stuff. + * + * The error reply is built in "p", using the error code "e" and + * error text "e_string" given. The length of the error reply is + * returned. + * + * The error reply is in the following format: + * + * unsigned char KRB_PROT_VERSION protocol version no. + * unsigned char AUTH_MSG_APPL_ERR message type + * (least significant + * bit of above) HOST_BYTE_ORDER local byte order + * 4 bytes e given error code + * string e_string given error text + */ + +int32_t +krb_mk_err(u_char *p, int32_t e, char *e_string) +{ + unsigned char *start = p; + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_APPL_ERR, p, 1); + + p += krb_put_int(e, p, 4); + p += krb_put_string(e_string, p); + return p - start; +} diff --git a/crypto/kerberosIV/lib/krb/mk_priv.c b/crypto/kerberosIV/lib/krb/mk_priv.c new file mode 100644 index 0000000..b6a9cc4 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_priv.c @@ -0,0 +1,125 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_priv.c,v 1.18 1997/04/01 08:18:37 joda Exp $"); + +/* application include files */ +#include "lsb_addr_comp.h" + +/* + * krb_mk_priv() constructs an AUTH_MSG_PRIVATE message. It takes + * some user data "in" of "length" bytes and creates a packet in "out" + * consisting of the user data, a timestamp, and the sender's network + * address. + * The packet is encrypted by pcbc_encrypt(), using the given + * "key" and "schedule". + * The length of the resulting packet "out" is + * returned. + * + * It is similar to krb_mk_safe() except for the additional key + * schedule argument "schedule" and the fact that the data is encrypted + * rather than appended with a checksum. The protocol version is + * KRB_PROT_VERSION, defined in "krb.h". + * + * The "out" packet consists of: + * + * Size Variable Field + * ---- -------- ----- + * + * 1 byte KRB_PROT_VERSION protocol version number + * 1 byte AUTH_MSG_PRIVATE | message type plus local + * HOST_BYTE_ORDER byte order in low bit + * + * 4 bytes c_length length of data + * we encrypt from here with pcbc_encrypt + * + * 4 bytes length length of user data + * length in user data + * 1 byte msg_time_5ms timestamp milliseconds + * 4 bytes sender->sin.addr.s_addr sender's IP address + * + * 4 bytes msg_time_sec or timestamp seconds with + * -msg_time_sec direction in sign bit + * + * 0<=n<=7 bytes pad to 8 byte multiple zeroes + */ + +int32_t +krb_mk_priv(void *in, void *out, u_int32_t length, + struct des_ks_struct *schedule, des_cblock *key, + struct sockaddr_in *sender, struct sockaddr_in *receiver) +{ + unsigned char *p = (unsigned char*)out; + unsigned char *cipher; + + struct timeval tv; + u_int32_t src_addr; + u_int32_t len; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_PRIVATE, p, 1); + + len = 4 + length + 1 + 4 + 4; + len = (len + 7) & ~7; + p += krb_put_int(len, p, 4); + + cipher = p; + + p += krb_put_int(length, p, 4); + + memcpy(p, in, length); + p += length; + + gettimeofday(&tv, NULL); + + *p++ =tv.tv_usec / 5000; + + src_addr = sender->sin_addr.s_addr; + p += krb_put_address(src_addr, p); + + p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4); + + memset(p, 0, 7); + + des_pcbc_encrypt((des_cblock *)cipher, (des_cblock *)cipher, + len, schedule, key, DES_ENCRYPT); + + return (cipher - (unsigned char*)out) + len; +} diff --git a/crypto/kerberosIV/lib/krb/mk_req.c b/crypto/kerberosIV/lib/krb/mk_req.c new file mode 100644 index 0000000..313ea04 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_req.c @@ -0,0 +1,215 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_req.c,v 1.17 1997/05/30 17:42:38 bg Exp $"); + +static int lifetime = 255; /* But no longer than TGT says. */ + + +static void +build_request(KTEXT req, char *name, char *inst, char *realm, + u_int32_t checksum) +{ + struct timeval tv; + unsigned char *p = req->dat; + + p += krb_put_nir(name, inst, realm, p); + + p += krb_put_int(checksum, p, 4); + + + /* Fill in the times on the request id */ + gettimeofday(&tv, NULL); + + *p++ = tv.tv_usec / 5000; /* 5ms */ + + p += krb_put_int(tv.tv_sec, p, 4); + + /* Fill to a multiple of 8 bytes for DES */ + req->length = ((p - req->dat + 7)/8) * 8; +} + + +/* + * krb_mk_req takes a text structure in which an authenticator is to + * be built, the name of a service, an instance, a realm, + * and a checksum. It then retrieves a ticket for + * the desired service and creates an authenticator in the text + * structure passed as the first argument. krb_mk_req returns + * KSUCCESS on success and a Kerberos error code on failure. + * + * The peer procedure on the other end is krb_rd_req. When making + * any changes to this routine it is important to make corresponding + * changes to krb_rd_req. + * + * The authenticator consists of the following: + * + * authent->dat + * + * unsigned char KRB_PROT_VERSION protocol version no. + * unsigned char AUTH_MSG_APPL_REQUEST message type + * (least significant + * bit of above) HOST_BYTE_ORDER local byte ordering + * unsigned char kvno from ticket server's key version + * string realm server's realm + * unsigned char tl ticket length + * unsigned char idl request id length + * text ticket->dat ticket for server + * text req_id->dat request id + * + * The ticket information is retrieved from the ticket cache or + * fetched from Kerberos. The request id (called the "authenticator" + * in the papers on Kerberos) contains the following: + * + * req_id->dat + * + * string cr.pname {name, instance, and + * string cr.pinst realm of principal + * string myrealm making this request} + * 4 bytes checksum checksum argument given + * unsigned char tv_local.tf_usec time (milliseconds) + * 4 bytes tv_local.tv_sec time (seconds) + * + * req_id->length = 3 strings + 3 terminating nulls + 5 bytes for time, + * all rounded up to multiple of 8. + */ + +int +krb_mk_req(KTEXT authent, char *service, char *instance, char *realm, + int32_t checksum) +{ + KTEXT_ST req_st; + KTEXT req_id = &req_st; + + CREDENTIALS cr; /* Credentials used by retr */ + KTEXT ticket = &(cr.ticket_st); /* Pointer to tkt_st */ + int retval; /* Returned by krb_get_cred */ + + char myrealm[REALM_SZ]; + + unsigned char *p = authent->dat; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + + p += krb_put_int(AUTH_MSG_APPL_REQUEST, p, 1); + + /* Get the ticket and move it into the authenticator */ + if (krb_ap_req_debug) + krb_warning("Realm: %s\n", realm); + + retval = krb_get_cred(service,instance,realm,&cr); + + if (retval == RET_NOTKT) { + retval = get_ad_tkt(service, instance, realm, lifetime); + if (retval == KSUCCESS) + retval = krb_get_cred(service, instance, realm, &cr); + } + + if (retval != KSUCCESS) + return retval; + + + /* + * With multi realm ticket files either find a matching TGT or + * else use the first TGT for inter-realm authentication. + * + * In myrealm hold the realm of the principal "owning" the + * corresponding ticket-granting-ticket. + */ + + retval = krb_get_cred(KRB_TICKET_GRANTING_TICKET, realm, realm, 0); + if (retval == KSUCCESS) + strncpy(myrealm, realm, REALM_SZ); + else + retval = krb_get_tf_realm(TKT_FILE, myrealm); + + if (retval != KSUCCESS) + return retval; + + if (krb_ap_req_debug) + krb_warning("serv=%s.%s@%s princ=%s.%s@%s\n", service, instance, realm, + cr.pname, cr.pinst, myrealm); + + p += krb_put_int(cr.kvno, p, 1); + + p += krb_put_string(realm, p); + + p += krb_put_int(ticket->length, p, 1); + + build_request(req_id, cr.pname, cr.pinst, myrealm, checksum); + + encrypt_ktext(req_id, &cr.session, DES_ENCRYPT); + + p += krb_put_int(req_id->length, p, 1); + + memcpy(p, ticket->dat, ticket->length); + + p += ticket->length; + + memcpy(p, req_id->dat, req_id->length); + + p += req_id->length; + + authent->length = p - authent->dat; + + memset(&cr, 0, sizeof(cr)); + memset(&req_st, 0, sizeof(req_st)); + + if (krb_ap_req_debug) + krb_warning("Authent->length = %d\n", authent->length); + + return KSUCCESS; +} + +/* + * krb_set_lifetime sets the default lifetime for additional tickets + * obtained via krb_mk_req(). + * + * It returns the previous value of the default lifetime. + */ + +int +krb_set_lifetime(int newval) +{ + int olife = lifetime; + + lifetime = newval; + return(olife); +} diff --git a/crypto/kerberosIV/lib/krb/mk_safe.c b/crypto/kerberosIV/lib/krb/mk_safe.c new file mode 100644 index 0000000..df5ca21 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/mk_safe.c @@ -0,0 +1,131 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: mk_safe.c,v 1.21 1997/04/19 23:18:03 joda Exp $"); + +/* application include files */ +#include "lsb_addr_comp.h" + + +/* from rd_safe.c */ +extern int dqc_type; +void fixup_quad_cksum(void*, size_t, des_cblock*, void*, void*, int); + +/* + * krb_mk_safe() constructs an AUTH_MSG_SAFE message. It takes some + * user data "in" of "length" bytes and creates a packet in "out" + * consisting of the user data, a timestamp, and the sender's network + * address, followed by a checksum computed on the above, using the + * given "key". The length of the resulting packet is returned. + * + * The "out" packet consists of: + * + * Size Variable Field + * ---- -------- ----- + * + * 1 byte KRB_PROT_VERSION protocol version number + * 1 byte AUTH_MSG_SAFE | message type plus local + * HOST_BYTE_ORDER byte order in low bit + * + * ===================== begin checksum ================================ + * + * 4 bytes length length of user data + * length in user data + * 1 byte msg_time_5ms timestamp milliseconds + * 4 bytes sender->sin.addr.s_addr sender's IP address + * + * 4 bytes msg_time_sec or timestamp seconds with + * -msg_time_sec direction in sign bit + * + * ======================= end checksum ================================ + * + * 16 bytes big_cksum quadratic checksum of + * above using "key" + */ + +int32_t +krb_mk_safe(void *in, void *out, u_int32_t length, des_cblock *key, + struct sockaddr_in *sender, struct sockaddr_in *receiver) +{ + unsigned char * p = (unsigned char*)out; + struct timeval tv; + unsigned char *start; + u_int32_t src_addr; + + p += krb_put_int(KRB_PROT_VERSION, p, 1); + p += krb_put_int(AUTH_MSG_SAFE, p, 1); + + start = p; + + p += krb_put_int(length, p, 4); + + memcpy(p, in, length); + p += length; + + gettimeofday(&tv, NULL); + + *p++ = tv.tv_usec/5000; /* 5ms */ + + src_addr = sender->sin_addr.s_addr; + p += krb_put_address(src_addr, p); + + p += krb_put_int(lsb_time(tv.tv_sec, sender, receiver), p, 4); + + { + /* We are faking big endian mode, so we need to fix the + * checksum (that is byte order dependent). We always send a + * checksum of the new type, unless we know that we are + * talking to an old client (this requires a call to + * krb_rd_safe first). + */ + unsigned char new_checksum[16]; + unsigned char old_checksum[16]; + fixup_quad_cksum(start, p - start, key, new_checksum, old_checksum, 0); + + if((dqc_type == DES_QUAD_GUESS && DES_QUAD_DEFAULT == DES_QUAD_OLD) || + dqc_type == DES_QUAD_OLD) + memcpy(p, old_checksum, 16); + else + memcpy(p, new_checksum, 16); + } + p += 16; + + return p - (unsigned char*)out; +} diff --git a/crypto/kerberosIV/lib/krb/month_sname.c b/crypto/kerberosIV/lib/krb/month_sname.c new file mode 100644 index 0000000..aaceee5 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/month_sname.c @@ -0,0 +1,39 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: month_sname.c,v 1.5 1997/03/23 03:53:14 joda Exp $"); + +/* + * Given an integer 1-12, month_sname() returns a string + * containing the first three letters of the corresponding + * month. Returns 0 if the argument is out of range. + */ + +const char *month_sname(int n) +{ + static const char *name[] = { + "Jan","Feb","Mar","Apr","May","Jun", + "Jul","Aug","Sep","Oct","Nov","Dec" + }; + return((n < 1 || n > 12) ? 0 : name [n-1]); +} diff --git a/crypto/kerberosIV/lib/krb/name2name.c b/crypto/kerberosIV/lib/krb/name2name.c new file mode 100644 index 0000000..fa95b89 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/name2name.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: name2name.c,v 1.15 1997/04/30 04:30:36 assar Exp $"); + +/* convert host to a more fully qualified domain name, returns 0 if + * phost is the same as host, 1 otherwise. phost should be + * phost_size bytes long. + */ + +int +krb_name_to_name(const char *host, char *phost, size_t phost_size) +{ + struct hostent *hp; + struct in_addr adr; + const char *tmp; + + adr.s_addr = inet_addr(host); + hp = gethostbyname(host); + if (hp == NULL && adr.s_addr != INADDR_NONE) + hp = gethostbyaddr((char *)&adr, sizeof(adr), AF_INET); + if (hp == NULL) + tmp = host; + else + tmp = hp->h_name; + strncpy (phost, tmp, phost_size); + phost[phost_size - 1] = '\0'; + + if (strcmp(phost, host) == 0) + return 0; + else + return 1; +} + +/* lowercase and truncate */ + +void +k_ricercar(char *name) +{ + char *p = name; + while(*p && *p != '.'){ + if(isupper(*p)) + *p = tolower(*p); + p++; + } + if(*p == '.') + *p = 0; +} + +/* + * This routine takes an alias for a host name and returns the first + * field, in lower case, of its domain name. + * + * Example: "fOo.BAR.com" -> "foo" + */ + +char * +krb_get_phost(const char *alias) +{ + static char phost[MaxHostNameLen+1]; + + krb_name_to_name(alias, phost, sizeof(phost)); + k_ricercar(phost); + return phost; +} diff --git a/crypto/kerberosIV/lib/krb/netread.c b/crypto/kerberosIV/lib/krb/netread.c new file mode 100644 index 0000000..cbc1bd1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/netread.c @@ -0,0 +1,55 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: netread.c,v 1.6 1997/03/23 03:53:15 joda Exp $"); + +/* + * krb_net_read() reads from the file descriptor "fd" to the buffer + * "buf", until either 1) "len" bytes have been read or 2) cannot + * read anymore from "fd". It returns the number of bytes read + * or a read() error. (The calling interface is identical to + * read(2).) + * + * XXX must not use non-blocking I/O + */ + +int +krb_net_read (int fd, void *v, size_t len) +{ + int cc, len2 = 0; + char *buf = v; + + do { + cc = read(fd, buf, len); + if (cc < 0) + return(cc); /* errno is already set */ + else if (cc == 0) { + return(len2); + } else { + buf += cc; + len2 += cc; + len -= cc; + } + } while (len > 0); + return(len2); +} diff --git a/crypto/kerberosIV/lib/krb/netwrite.c b/crypto/kerberosIV/lib/krb/netwrite.c new file mode 100644 index 0000000..0703d91 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/netwrite.c @@ -0,0 +1,52 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: netwrite.c,v 1.7 1997/03/23 03:53:15 joda Exp $"); + +/* + * krb_net_write() writes "len" bytes from "buf" to the file + * descriptor "fd". It returns the number of bytes written or + * a write() error. (The calling interface is identical to + * write(2).) + * + * XXX must not use non-blocking I/O + */ + +int +krb_net_write(int fd, const void *v, size_t len) +{ + int cc; + int wrlen = len; + const char *buf = (const char*)v; + + do { + cc = write(fd, buf, wrlen); + if (cc < 0) + return(cc); + else { + buf += cc; + wrlen -= cc; + } + } while (wrlen > 0); + return(len); +} diff --git a/crypto/kerberosIV/lib/krb/one.c b/crypto/kerberosIV/lib/krb/one.c new file mode 100644 index 0000000..d43b284 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/one.c @@ -0,0 +1,27 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + + WITHIN THAT CONSTRAINT, permission to use, copy, modify, and + distribute this software and its documentation for any purpose and + without fee is hereby granted, provided that the above copyright + notice appear in all copies and that both that copyright notice and + this permission notice appear in supporting documentation, and that + the name of M.I.T. not be used in advertising or publicity pertaining + to distribution of the software without specific, written prior + permission. M.I.T. makes no representations about the suitability of + this software for any purpose. It is provided "as is" without express + or implied warranty. + + */ + +/* + * definition of variable set to 1. + * used in krb_conf.h to determine host byte order. + */ + +int krbONE = 1; diff --git a/crypto/kerberosIV/lib/krb/parse_name.c b/crypto/kerberosIV/lib/krb/parse_name.c new file mode 100644 index 0000000..1184330 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/parse_name.c @@ -0,0 +1,199 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: parse_name.c,v 1.4 1997/04/01 08:18:39 joda Exp $"); + +int +krb_parse_name(const char *fullname, krb_principal *principal) +{ + const char *p; + char *ns, *np; + enum {n, i, r} pos = n; + int quote = 0; + ns = np = principal->name; + + principal->name[0] = 0; + principal->instance[0] = 0; + principal->realm[0] = 0; + + for(p = fullname; *p; p++){ + if(np - ns == ANAME_SZ - 1) /* XXX they have the same size */ + return KNAME_FMT; + if(quote){ + *np++ = *p; + quote = 0; + continue; + } + if(*p == '\\') + quote = 1; + else if(*p == '.' && pos == n){ + *np = 0; + ns = np = principal->instance; + pos = i; + }else if(*p == '@' && (pos == n || pos == i)){ + *np = 0; + ns = np = principal->realm; + pos = r; + }else + *np++ = *p; + } + *np = 0; + if(quote || principal->name[0] == 0) + return KNAME_FMT; + return KSUCCESS; +} + +int +kname_parse(char *np, char *ip, char *rp, char *fullname) +{ + krb_principal p; + int ret; + if((ret = krb_parse_name(fullname, &p)) == 0){ + strcpy(np, p.name); + strcpy(ip, p.instance); + if(p.realm[0]) + strcpy(rp, p.realm); + } + return ret; +} +/* + * k_isname() returns 1 if the given name is a syntactically legitimate + * Kerberos name; returns 0 if it's not. + */ + +int +k_isname(char *s) +{ + char c; + int backslash = 0; + + if (!*s) + return 0; + if (strlen(s) > ANAME_SZ - 1) + return 0; + while ((c = *s++)) { + if (backslash) { + backslash = 0; + continue; + } + switch(c) { + case '\\': + backslash = 1; + break; + case '.': + return 0; + /* break; */ + case '@': + return 0; + /* break; */ + } + } + return 1; +} + + +/* + * k_isinst() returns 1 if the given name is a syntactically legitimate + * Kerberos instance; returns 0 if it's not. + */ + +int +k_isinst(char *s) +{ + char c; + int backslash = 0; + + if (strlen(s) > INST_SZ - 1) + return 0; + while ((c = *s++)) { + if (backslash) { + backslash = 0; + continue; + } + switch(c) { + case '\\': + backslash = 1; + break; + case '.': +#if INSTANCE_DOTS_OK + break; +#else /* INSTANCE_DOTS_OK */ + return 0; +#endif /* INSTANCE_DOTS_OK */ + /* break; */ + case '@': + return 0; + /* break; */ + } + } + return 1; +} + +/* + * k_isrealm() returns 1 if the given name is a syntactically legitimate + * Kerberos realm; returns 0 if it's not. + */ + +int +k_isrealm(char *s) +{ + char c; + int backslash = 0; + + if (!*s) + return 0; + if (strlen(s) > REALM_SZ - 1) + return 0; + while ((c = *s++)) { + if (backslash) { + backslash = 0; + continue; + } + switch(c) { + case '\\': + backslash = 1; + break; + case '@': + return 0; + /* break; */ + } + } + return 1; +} diff --git a/crypto/kerberosIV/lib/krb/prot.h b/crypto/kerberosIV/lib/krb/prot.h new file mode 100644 index 0000000..e4825e1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/prot.h @@ -0,0 +1,105 @@ +/* + * $Id: prot.h,v 1.7 1997/03/23 03:52:27 joda Exp $ + * + * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Include file with authentication protocol information. + */ + +#ifndef PROT_DEFS +#define PROT_DEFS + +#define KRB_SERVICE "kerberos-iv" +#define KRB_PORT 750 /* PC's don't have + * /etc/services */ +#define KRB_PROT_VERSION 4 +#define MAX_PKT_LEN 1000 +#define MAX_TXT_LEN 1000 + +/* Macro's to obtain various fields from a packet */ + +#define pkt_version(packet) (unsigned int) *(packet->dat) +#define pkt_msg_type(packet) (unsigned int) *(packet->dat+1) +#define pkt_a_name(packet) (packet->dat+2) +#define pkt_a_inst(packet) \ + (packet->dat+3+strlen((char *)pkt_a_name(packet))) +#define pkt_a_realm(packet) \ + (pkt_a_inst(packet)+1+strlen((char *)pkt_a_inst(packet))) + +/* Macro to obtain realm from application request */ +#define apreq_realm(auth) (auth->dat + 3) + +#define pkt_time_ws(packet) (char *) \ + (packet->dat+5+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) + +#define pkt_no_req(packet) (unsigned short) \ + *(packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) +#define pkt_x_date(packet) (char *) \ + (packet->dat+10+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) +#define pkt_err_code(packet) ( (char *) \ + (packet->dat+9+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet)))) +#define pkt_err_text(packet) \ + (packet->dat+13+strlen((char *)pkt_a_name(packet)) + \ + strlen((char *)pkt_a_inst(packet)) + \ + strlen((char *)pkt_a_realm(packet))) + +/* Routines to create and read packets may be found in prot.c */ + +KTEXT create_auth_reply(char *pname, char *pinst, char *prealm, + int32_t time_ws, int n, u_int32_t x_date, + int kvno, KTEXT cipher); +#ifdef DEBUG +KTEXT krb_create_death_packet(char *a_name); +#endif + +/* Message types , always leave lsb for byte order */ + +#define AUTH_MSG_KDC_REQUEST 1<<1 +#define AUTH_MSG_KDC_REPLY 2<<1 +#define AUTH_MSG_APPL_REQUEST 3<<1 +#define AUTH_MSG_APPL_REQUEST_MUTUAL 4<<1 +#define AUTH_MSG_ERR_REPLY 5<<1 +#define AUTH_MSG_PRIVATE 6<<1 +#define AUTH_MSG_SAFE 7<<1 +#define AUTH_MSG_APPL_ERR 8<<1 +#define AUTH_MSG_KDC_FORWARD 9<<1 +#define AUTH_MSG_KDC_RENEW 10<<1 +#define AUTH_MSG_DIE 63<<1 + +/* values for kerb error codes */ + +#define KERB_ERR_OK 0 +#define KERB_ERR_NAME_EXP 1 +#define KERB_ERR_SERVICE_EXP 2 +#define KERB_ERR_AUTH_EXP 3 +#define KERB_ERR_PKT_VER 4 +#define KERB_ERR_NAME_MAST_KEY_VER 5 +#define KERB_ERR_SERV_MAST_KEY_VER 6 +#define KERB_ERR_BYTE_ORDER 7 +#define KERB_ERR_PRINCIPAL_UNKNOWN 8 +#define KERB_ERR_PRINCIPAL_NOT_UNIQUE 9 +#define KERB_ERR_NULL_KEY 10 +#define KERB_ERR_TIMEOUT 11 + +/* sendauth - recvauth */ + +/* + * If the protocol changes, you will need to change the version string + * be sure to support old versions of krb_sendauth! + */ + +#define KRB_SENDAUTH_VERS "AUTHV0.1" /* MUST be KRB_SENDAUTH_VLEN chars */ + +#endif /* PROT_DEFS */ diff --git a/crypto/kerberosIV/lib/krb/rd_err.c b/crypto/kerberosIV/lib/krb/rd_err.c new file mode 100644 index 0000000..3382eab --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rd_err.c @@ -0,0 +1,82 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: rd_err.c,v 1.8 1997/04/01 08:18:40 joda Exp $"); + +/* + * Given an AUTH_MSG_APPL_ERR message, "in" and its length "in_length", + * return the error code from the message in "code" and the text in + * "m_data" as follows: + * + * m_data->app_data points to the error text + * m_data->app_length points to the length of the error text + * + * If all goes well, return RD_AP_OK. If the version number + * is wrong, return RD_AP_VERSION, and if it's not an AUTH_MSG_APPL_ERR + * type message, return RD_AP_MSG_TYPE. + * + * The AUTH_MSG_APPL_ERR message format can be found in mk_err.c + */ + +int +krb_rd_err(u_char *in, u_int32_t in_length, int32_t *code, MSG_DAT *m_data) +{ + unsigned char *p = (unsigned char*)in; + + unsigned char pvno, type; + int little_endian; + + pvno = *p++; + if(pvno != KRB_PROT_VERSION) + return RD_AP_VERSION; + + type = *p++; + little_endian = type & 1; + type &= ~1; + + if(type != AUTH_MSG_APPL_ERR) + return RD_AP_MSG_TYPE; + + p += krb_get_int(p, (u_int32_t *)&code, 4, little_endian); + + m_data->app_data = p; + m_data->app_length = in_length; /* XXX is this correct? */ + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/rd_priv.c b/crypto/kerberosIV/lib/krb/rd_priv.c new file mode 100644 index 0000000..58ecd9f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rd_priv.c @@ -0,0 +1,129 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: rd_priv.c,v 1.24 1997/05/14 17:53:29 joda Exp $"); + +/* application include files */ +#include "lsb_addr_comp.h" + +/* + * krb_rd_priv() decrypts and checks the integrity of an + * AUTH_MSG_PRIVATE message. Given the message received, "in", + * the length of that message, "in_length", the key "schedule" + * and "key", and the network addresses of the + * "sender" and "receiver" of the message, krb_rd_safe() returns + * RD_AP_OK if the message is okay, otherwise some error code. + * + * The message data retrieved from "in" are returned in the structure + * "m_data". The pointer to the application data + * (m_data->app_data) refers back to the appropriate place in "in". + * + * See the file "mk_priv.c" for the format of the AUTH_MSG_PRIVATE + * message. The structure containing the extracted message + * information, MSG_DAT, is defined in "krb.h". + */ + +int32_t +krb_rd_priv(void *in, u_int32_t in_length, + struct des_ks_struct *schedule, des_cblock *key, + struct sockaddr_in *sender, struct sockaddr_in *receiver, + MSG_DAT *m_data) +{ + unsigned char *p = (unsigned char*)in; + int little_endian; + u_int32_t clen; + struct timeval tv; + u_int32_t src_addr; + int delta_t; + + unsigned char pvno, type; + + pvno = *p++; + if(pvno != KRB_PROT_VERSION) + return RD_AP_VERSION; + + type = *p++; + little_endian = type & 1; + type &= ~1; + + p += krb_get_int(p, &clen, 4, little_endian); + + if(clen + 2 > in_length) + return RD_AP_MODIFIED; + + des_pcbc_encrypt((des_cblock*)p, (des_cblock*)p, clen, + schedule, key, DES_DECRYPT); + + p += krb_get_int(p, &m_data->app_length, 4, little_endian); + if(m_data->app_length + 17 > in_length) + return RD_AP_MODIFIED; + + m_data->app_data = p; + p += m_data->app_length; + + m_data->time_5ms = *p++; + + p += krb_get_address(p, &src_addr); + + if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) + return RD_AP_BADD; + + p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian); + + m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver); + + gettimeofday(&tv, NULL); + + /* check the time integrity of the msg */ + delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec)); + if (delta_t > CLOCK_SKEW) + return RD_AP_TIME; + if (krb_debug) + krb_warning("\ndelta_t = %d", (int) delta_t); + + /* + * caller must check timestamps for proper order and + * replays, since server might have multiple clients + * each with its own timestamps and we don't assume + * tightly synchronized clocks. + */ + + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/rd_req.c b/crypto/kerberosIV/lib/krb/rd_req.c new file mode 100644 index 0000000..1a3e848 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rd_req.c @@ -0,0 +1,324 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: rd_req.c,v 1.24 1997/05/11 11:05:28 assar Exp $"); + +static struct timeval t_local = { 0, 0 }; + +/* + * Keep the following information around for subsequent calls + * to this routine by the same server using the same key. + */ + +static des_key_schedule serv_key; /* Key sched to decrypt ticket */ +static des_cblock ky; /* Initialization vector */ +static int st_kvno; /* version number for this key */ +static char st_rlm[REALM_SZ]; /* server's realm */ +static char st_nam[ANAME_SZ]; /* service name */ +static char st_inst[INST_SZ]; /* server's instance */ + +/* + * This file contains two functions. krb_set_key() takes a DES + * key or password string and returns a DES key (either the original + * key, or the password converted into a DES key) and a key schedule + * for it. + * + * krb_rd_req() reads an authentication request and returns information + * about the identity of the requestor, or an indication that the + * identity information was not authentic. + */ + +/* + * krb_set_key() takes as its first argument either a DES key or a + * password string. The "cvt" argument indicates how the first + * argument "key" is to be interpreted: if "cvt" is null, "key" is + * taken to be a DES key; if "cvt" is non-null, "key" is taken to + * be a password string, and is converted into a DES key using + * string_to_key(). In either case, the resulting key is returned + * in the external static variable "ky". A key schedule is + * generated for "ky" and returned in the external static variable + * "serv_key". + * + * This routine returns the return value of des_key_sched. + * + * krb_set_key() needs to be in the same .o file as krb_rd_req() so that + * the key set by krb_set_key() is available in private storage for + * krb_rd_req(). + */ + +int +krb_set_key(void *key, int cvt) +{ +#ifdef NOENCRYPTION + memset(ky, 0, sizeof(ky)); + return KSUCCESS; +#else /* Encrypt */ + if (cvt) + des_string_to_key((char*)key, &ky); + else + memcpy((char*)ky, key, 8); + return(des_key_sched(&ky, serv_key)); +#endif /* NOENCRYPTION */ +} + + +/* + * krb_rd_req() takes an AUTH_MSG_APPL_REQUEST or + * AUTH_MSG_APPL_REQUEST_MUTUAL message created by krb_mk_req(), + * checks its integrity and returns a judgement as to the requestor's + * identity. + * + * The "authent" argument is a pointer to the received message. + * The "service" and "instance" arguments name the receiving server, + * and are used to get the service's ticket to decrypt the ticket + * in the message, and to compare against the server name inside the + * ticket. "from_addr" is the network address of the host from which + * the message was received; this is checked against the network + * address in the ticket. If "from_addr" is zero, the check is not + * performed. "ad" is an AUTH_DAT structure which is + * filled in with information about the sender's identity according + * to the authenticator and ticket sent in the message. Finally, + * "fn" contains the name of the file containing the server's key. + * (If "fn" is NULL, the server's key is assumed to have been set + * by krb_set_key(). If "fn" is the null string ("") the default + * file KEYFILE, defined in "krb.h", is used.) + * + * krb_rd_req() returns RD_AP_OK if the authentication information + * was genuine, or one of the following error codes (defined in + * "krb.h"): + * + * RD_AP_VERSION - wrong protocol version number + * RD_AP_MSG_TYPE - wrong message type + * RD_AP_UNDEC - couldn't decipher the message + * RD_AP_INCON - inconsistencies found + * RD_AP_BADD - wrong network address + * RD_AP_TIME - client time (in authenticator) + * too far off server time + * RD_AP_NYV - Kerberos time (in ticket) too + * far off server time + * RD_AP_EXP - ticket expired + * + * For the message format, see krb_mk_req(). + * + * Mutual authentication is not implemented. + */ + +int +krb_rd_req(KTEXT authent, /* The received message */ + char *service, /* Service name */ + char *instance, /* Service instance */ + int32_t from_addr, /* Net address of originating host */ + AUTH_DAT *ad, /* Structure to be filled in */ + char *fn) /* Filename to get keys from */ +{ + static KTEXT_ST ticket; /* Temp storage for ticket */ + static KTEXT tkt = &ticket; + static KTEXT_ST req_id_st; /* Temp storage for authenticator */ + KTEXT req_id = &req_id_st; + + char realm[REALM_SZ]; /* Realm of issuing kerberos */ + + unsigned char skey[KKEY_SZ]; /* Session key from ticket */ + char sname[SNAME_SZ]; /* Service name from ticket */ + char iname[INST_SZ]; /* Instance name from ticket */ + char r_aname[ANAME_SZ]; /* Client name from authenticator */ + char r_inst[INST_SZ]; /* Client instance from authenticator */ + char r_realm[REALM_SZ]; /* Client realm from authenticator */ + u_int32_t r_time_sec; /* Coarse time from authenticator */ + unsigned long delta_t; /* Time in authenticator - local time */ + long tkt_age; /* Age of ticket */ + static unsigned char s_kvno;/* Version number of the server's key + * Kerberos used to encrypt ticket */ + + struct timeval tv; + int status; + + int pvno; + int type; + int little_endian; + + unsigned char *p; + + if (authent->length <= 0) + return(RD_AP_MODIFIED); + + p = authent->dat; + + /* get msg version, type and byte order, and server key version */ + + pvno = *p++; + + if(pvno != KRB_PROT_VERSION) + return RD_AP_VERSION; + + type = *p++; + + little_endian = type & 1; + type &= ~1; + + if(type != AUTH_MSG_APPL_REQUEST && type != AUTH_MSG_APPL_REQUEST_MUTUAL) + return RD_AP_MSG_TYPE; + + s_kvno = *p++; + + p += krb_get_string(p, realm); + + /* + * If "fn" is NULL, key info should already be set; don't + * bother with ticket file. Otherwise, check to see if we + * already have key info for the given server and key version + * (saved in the static st_* variables). If not, go get it + * from the ticket file. If "fn" is the null string, use the + * default ticket file. + */ + if (fn && (strcmp(st_nam,service) || strcmp(st_inst,instance) || + strcmp(st_rlm,realm) || (st_kvno != s_kvno))) { + if (*fn == 0) fn = KEYFILE; + st_kvno = s_kvno; + if (read_service_key(service, instance, realm, s_kvno, + fn, (char *)skey)) + return(RD_AP_UNDEC); + if ((status = krb_set_key((char*)skey, 0))) + return(status); + strcpy(st_rlm, realm); + strcpy(st_nam, service); + strcpy(st_inst, instance); + } + + tkt->length = *p++; + + req_id->length = *p++; + + if(tkt->length + (p - authent->dat) > authent->length) + return RD_AP_MODIFIED; + + memcpy(tkt->dat, p, tkt->length); + p += tkt->length; + + if (krb_ap_req_debug) + krb_log("ticket->length: %d",tkt->length); + + /* Decrypt and take apart ticket */ + if (decomp_ticket(tkt, &ad->k_flags, ad->pname, ad->pinst, ad->prealm, + &ad->address, ad->session, &ad->life, + &ad->time_sec, sname, iname, &ky, serv_key)) + return RD_AP_UNDEC; + + if (krb_ap_req_debug) { + krb_log("Ticket Contents."); + krb_log(" Aname: %s.%s",ad->pname, ad->prealm); + krb_log(" Service: %s", krb_unparse_name_long(sname, iname, NULL)); + } + + /* Extract the authenticator */ + + if(req_id->length + (p - authent->dat) > authent->length) + return RD_AP_MODIFIED; + + memcpy(req_id->dat, p, req_id->length); + p = req_id->dat; + +#ifndef NOENCRYPTION + /* And decrypt it with the session key from the ticket */ + if (krb_ap_req_debug) krb_log("About to decrypt authenticator"); + + encrypt_ktext(req_id, &ad->session, DES_DECRYPT); + + if (krb_ap_req_debug) krb_log("Done."); +#endif /* NOENCRYPTION */ + + /* cast req_id->length to int? */ +#define check_ptr() if ((ptr - (char *) req_id->dat) > req_id->length) return(RD_AP_MODIFIED); + + p += krb_get_nir(p, r_aname, r_inst, r_realm); /* XXX no rangecheck */ + + p += krb_get_int(p, &ad->checksum, 4, little_endian); + + p++; /* time_5ms is not used */ + + p += krb_get_int(p, &r_time_sec, 4, little_endian); + + /* Check for authenticity of the request */ + if (krb_ap_req_debug) + krb_log("Principal: %s.%s@%s / %s.%s@%s",ad->pname,ad->pinst, ad->prealm, + r_aname, r_inst, r_realm); + if (strcmp(ad->pname, r_aname) != 0 || + strcmp(ad->pinst, r_inst) != 0 || + strcmp(ad->prealm, r_realm) != 0) + return RD_AP_INCON; + + if (krb_ap_req_debug) + krb_log("Address: %x %x", ad->address, from_addr); + + if (from_addr && (!krb_equiv(ad->address, from_addr))) + return RD_AP_BADD; + + gettimeofday(&tv, NULL); + delta_t = abs((int)(tv.tv_sec - r_time_sec)); + if (delta_t > CLOCK_SKEW) { + if (krb_ap_req_debug) + krb_log("Time out of range: %lu - %lu = %lu", + (unsigned long)t_local.tv_sec, + (unsigned long)r_time_sec, + (unsigned long)delta_t); + return RD_AP_TIME; + } + + /* Now check for expiration of ticket */ + + tkt_age = tv.tv_sec - ad->time_sec; + if (krb_ap_req_debug) + krb_log("Time: %ld Issue Date: %lu Diff: %ld Life %x", + (long)tv.tv_sec, + (unsigned long)ad->time_sec, + tkt_age, + ad->life); + + if ((tkt_age < 0) && (-tkt_age > CLOCK_SKEW)) + return RD_AP_NYV; + + if (tv.tv_sec > krb_life_to_time(ad->time_sec, ad->life)) + return RD_AP_EXP; + + /* All seems OK */ + ad->reply.length = 0; + + return(RD_AP_OK); +} diff --git a/crypto/kerberosIV/lib/krb/rd_safe.c b/crypto/kerberosIV/lib/krb/rd_safe.c new file mode 100644 index 0000000..8471df0 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rd_safe.c @@ -0,0 +1,178 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: rd_safe.c,v 1.24 1997/04/19 23:18:20 joda Exp $"); + +/* application include files */ +#include "lsb_addr_comp.h" + +/* Generate two checksums in the given byteorder of the data, one + * new-form and one old-form. It has to be done this way to be + * compatible with the old version of des_quad_cksum. + */ + +/* des_quad_chsum-type; 0 == unknown, 1 == new PL10++, 2 == old */ +int dqc_type = DES_QUAD_DEFAULT; + +void +fixup_quad_cksum(void *start, size_t len, des_cblock *key, + void *new_checksum, void *old_checksum, int little) +{ + des_quad_cksum((des_cblock*)start, (des_cblock*)new_checksum, len, 2, key); + if(HOST_BYTE_ORDER){ + if(little){ + memcpy(old_checksum, new_checksum, 16); + }else{ + u_int32_t *tmp = (u_int32_t*)new_checksum; + memcpy(old_checksum, new_checksum, 16); + swap_u_16(old_checksum); + swap_u_long(tmp[0]); + swap_u_long(tmp[1]); + swap_u_long(tmp[2]); + swap_u_long(tmp[3]); + } + }else{ + if(little){ + u_int32_t *tmp = (u_int32_t*)new_checksum; + swap_u_long(tmp[0]); + swap_u_long(tmp[1]); + swap_u_long(tmp[2]); + swap_u_long(tmp[3]); + memcpy(old_checksum, new_checksum, 16); + }else{ + u_int32_t tmp[4]; + tmp[0] = ((u_int32_t*)new_checksum)[3]; + tmp[1] = ((u_int32_t*)new_checksum)[2]; + tmp[2] = ((u_int32_t*)new_checksum)[1]; + tmp[3] = ((u_int32_t*)new_checksum)[0]; + memcpy(old_checksum, tmp, 16); + } + } +} + +/* + * krb_rd_safe() checks the integrity of an AUTH_MSG_SAFE message. + * Given the message received, "in", the length of that message, + * "in_length", the "key" to compute the checksum with, and the + * network addresses of the "sender" and "receiver" of the message, + * krb_rd_safe() returns RD_AP_OK if message is okay, otherwise + * some error code. + * + * The message data retrieved from "in" is returned in the structure + * "m_data". The pointer to the application data (m_data->app_data) + * refers back to the appropriate place in "in". + * + * See the file "mk_safe.c" for the format of the AUTH_MSG_SAFE + * message. The structure containing the extracted message + * information, MSG_DAT, is defined in "krb.h". + */ + +int32_t +krb_rd_safe(void *in, u_int32_t in_length, des_cblock *key, + struct sockaddr_in *sender, struct sockaddr_in *receiver, + MSG_DAT *m_data) +{ + unsigned char *p = (unsigned char*)in, *start; + + unsigned char pvno, type; + int little_endian; + struct timeval tv; + u_int32_t src_addr; + int delta_t; + + + pvno = *p++; + if(pvno != KRB_PROT_VERSION) + return RD_AP_VERSION; + + type = *p++; + little_endian = type & 1; + type &= ~1; + if(type != AUTH_MSG_SAFE) + return RD_AP_MSG_TYPE; + + start = p; + + p += krb_get_int(p, &m_data->app_length, 4, little_endian); + + if(m_data->app_length + 31 > in_length) + return RD_AP_MODIFIED; + + m_data->app_data = p; + + p += m_data->app_length; + + m_data->time_5ms = *p++; + + p += krb_get_address(p, &src_addr); + + if (!krb_equiv(src_addr, sender->sin_addr.s_addr)) + return RD_AP_BADD; + + p += krb_get_int(p, (u_int32_t *)&m_data->time_sec, 4, little_endian); + m_data->time_sec = lsb_time(m_data->time_sec, sender, receiver); + + gettimeofday(&tv, NULL); + + delta_t = abs((int)((long) tv.tv_sec - m_data->time_sec)); + if (delta_t > CLOCK_SKEW) return RD_AP_TIME; + + /* + * caller must check timestamps for proper order and replays, since + * server might have multiple clients each with its own timestamps + * and we don't assume tightly synchronized clocks. + */ + + { + unsigned char new_checksum[16]; + unsigned char old_checksum[16]; + fixup_quad_cksum(start, p - start, key, + new_checksum, old_checksum, little_endian); + if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_NEW) && + memcmp(new_checksum, p, 16) == 0) + dqc_type = DES_QUAD_NEW; + else if((dqc_type == DES_QUAD_GUESS || dqc_type == DES_QUAD_OLD) && + memcmp(old_checksum, p, 16) == 0) + dqc_type = DES_QUAD_OLD; + else + return RD_AP_MODIFIED; + } + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/read_service_key.c b/crypto/kerberosIV/lib/krb/read_service_key.c new file mode 100644 index 0000000..6de5db2 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/read_service_key.c @@ -0,0 +1,116 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: read_service_key.c,v 1.8 1997/03/23 03:53:16 joda Exp $"); + +/* + * The private keys for servers on a given host are stored in a + * "srvtab" file (typically "/etc/srvtab"). This routine extracts + * a given server's key from the file. + * + * read_service_key() takes the server's name ("service"), "instance", + * and "realm" and a key version number "kvno", and looks in the given + * "file" for the corresponding entry, and if found, returns the entry's + * key field in "key". + * + * If "instance" contains the string "*", then it will match + * any instance, and the chosen instance will be copied to that + * string. For this reason it is important that the there is enough + * space beyond the "*" to receive the entry. + * + * If "kvno" is 0, it is treated as a wild card and the first + * matching entry regardless of the "vno" field is returned. + * + * This routine returns KSUCCESS on success, otherwise KFAILURE. + * + * The format of each "srvtab" entry is as follows: + * + * Size Variable Field in file + * ---- -------- ------------- + * string serv server name + * string inst server instance + * string realm server realm + * 1 byte vno server key version # + * 8 bytes key server's key + * ... ... ... + */ + + +int +read_service_key(char *service, /* Service Name */ + char *instance, /* Instance name or "*" */ + char *realm, /* Realm */ + int kvno, /* Key version number */ + char *file, /* Filename */ + char *key) /* Pointer to key to be filled in */ +{ + char serv[SNAME_SZ]; + char inst[INST_SZ]; + char rlm[REALM_SZ]; + unsigned char vno; /* Key version number */ + int wcard; + + int stab; + + if ((stab = open(file, O_RDONLY, 0)) < 0) + return(KFAILURE); + + wcard = (instance[0] == '*') && (instance[1] == '\0'); + + while (getst(stab,serv,SNAME_SZ) > 0) { /* Read sname */ + getst(stab,inst,INST_SZ); /* Instance */ + getst(stab,rlm,REALM_SZ); /* Realm */ + /* Vers number */ + if (read(stab, &vno, 1) != 1) { + close(stab); + return(KFAILURE); + } + /* Key */ + if (read(stab,key,8) != 8) { + close(stab); + return(KFAILURE); + } + /* Is this the right service */ + if (strcmp(serv,service)) + continue; + /* How about instance */ + if (!wcard && strcmp(inst,instance)) + continue; + if (wcard) + strncpy(instance,inst,INST_SZ); + /* Is this the right realm */ + if (strcmp(rlm,realm)) + continue; + + /* How about the key version number */ + if (kvno && kvno != (int) vno) + continue; + + close(stab); + return(KSUCCESS); + } + + /* Can't find the requested service */ + close(stab); + return(KFAILURE); +} diff --git a/crypto/kerberosIV/lib/krb/realm_parse.c b/crypto/kerberosIV/lib/krb/realm_parse.c new file mode 100644 index 0000000..2ce852a --- /dev/null +++ b/crypto/kerberosIV/lib/krb/realm_parse.c @@ -0,0 +1,88 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: realm_parse.c,v 1.10 1997/06/01 03:14:50 assar Exp $"); + +static int +realm_parse(char *realm, int length, const char *file) +{ + FILE *F; + char tr[128]; + char *p; + + if ((F = fopen(file,"r")) == NULL) + return -1; + + while(fgets(tr, sizeof(tr), F)){ + char *unused = NULL; + p = strtok_r(tr, " \t\n\r", &unused); + if(p && strcasecmp(p, realm) == 0){ + fclose(F); + strncpy(realm, p, length); + return 0; + } + } + fclose(F); + return -1; +} + +static const char *const files[] = KRB_CNF_FILES; + +int +krb_realm_parse(char *realm, int length) +{ + int i; + + const char *dir = getenv("KRBCONFDIR"); + + /* First try user specified file */ + if (dir != 0) { + char fname[MaxPathLen]; + + if(k_concat(fname, sizeof(fname), dir, "/krb.conf", NULL) == 0) + if (realm_parse(realm, length, fname) == 0) + return 0; + } + + for (i = 0; files[i] != NULL; i++) + if (realm_parse(realm, length, files[i]) == 0) + return 0; + return -1; +} diff --git a/crypto/kerberosIV/lib/krb/recvauth.c b/crypto/kerberosIV/lib/krb/recvauth.c new file mode 100644 index 0000000..6c96897 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/recvauth.c @@ -0,0 +1,190 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: recvauth.c,v 1.17 1997/03/23 03:53:16 joda Exp $"); + +/* + * krb_recvauth() reads (and optionally responds to) a message sent + * using krb_sendauth(). The "options" argument is a bit-field of + * selected options (see "sendauth.c" for options description). + * The only option relevant to krb_recvauth() is KOPT_DO_MUTUAL + * (mutual authentication requested). The "fd" argument supplies + * a file descriptor to read from (and write to, if mutual authenti- + * cation is requested). + * + * Part of the received message will be a Kerberos ticket sent by the + * client; this is read into the "ticket" argument. The "service" and + * "instance" arguments supply the server's Kerberos name. If the + * "instance" argument is the string "*", it is treated as a wild card + * and filled in during the krb_rd_req() call (see read_service_key()). + * + * The "faddr" and "laddr" give the sending (client) and receiving + * (local server) network addresses. ("laddr" may be left NULL unless + * mutual authentication is requested, in which case it must be set.) + * + * The authentication information extracted from the message is returned + * in "kdata". The "filename" argument indicates the file where the + * server's key can be found. (It is passed on to krb_rd_req().) If + * left null, the default "/etc/srvtab" will be used. + * + * If mutual authentication is requested, the session key schedule must + * be computed in order to reply; this schedule is returned in the + * "schedule" argument. A string containing the application version + * number from the received message is returned in "version", which + * should be large enough to hold a KRB_SENDAUTH_VLEN-character string. + * + * See krb_sendauth() for the format of the received client message. + * + * krb_recvauth() first reads the protocol version string from the + * given file descriptor. If it doesn't match the current protocol + * version (KRB_SENDAUTH_VERS), the old-style format is assumed. In + * that case, the string of characters up to the first space is read + * and interpreted as the ticket length, then the ticket is read. + * + * If the first string did match KRB_SENDAUTH_VERS, krb_recvauth() + * next reads the application protocol version string. Then the + * ticket length and ticket itself are read. + * + * The ticket is decrypted and checked by the call to krb_rd_req(). + * If no mutual authentication is required, the result of the + * krb_rd_req() call is retured by this routine. If mutual authenti- + * cation is required, a message in the following format is returned + * on "fd": + * + * Size Variable Field + * ---- -------- ----- + * + * 4 bytes tkt_len length of ticket or -1 + * if error occurred + * + * priv_len tmp_buf "private" message created + * by krb_mk_priv() which + * contains the incremented + * checksum sent by the client + * encrypted in the session + * key. (This field is not + * present in case of error.) + * + * If all goes well, KSUCCESS is returned; otherwise KFAILURE or some + * other error code is returned. + */ + +static int +send_error_reply(int fd) +{ + unsigned char tmp[4] = { 255, 255, 255, 255 }; + if(krb_net_write(fd, tmp, sizeof(tmp)) != sizeof(tmp)) + return -1; + return 0; +} + +int +krb_recvauth(int32_t options, /* bit-pattern of options */ + int fd, /* file descr. to read from */ + KTEXT ticket, /* storage for client's ticket */ + char *service, /* service expected */ + char *instance, /* inst expected (may be filled in) */ + struct sockaddr_in *faddr, /* address of foreign host on fd */ + struct sockaddr_in *laddr, /* local address */ + AUTH_DAT *kdata, /* kerberos data (returned) */ + char *filename, /* name of file with service keys */ + struct des_ks_struct *schedule, /* key schedule (return) */ + char *version) /* version string (filled in) */ +{ + int cc; + char krb_vers[KRB_SENDAUTH_VLEN + 1]; /* + 1 for the null terminator */ + int rem; + int32_t priv_len; + u_char tmp_buf[MAX_KTXT_LEN+max(KRB_SENDAUTH_VLEN+1,21)]; + + /* read the protocol version number */ + if (krb_net_read(fd, krb_vers, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN) + return(errno); + krb_vers[KRB_SENDAUTH_VLEN] = '\0'; + + /* read the application version string */ + if (krb_net_read(fd, version, KRB_SENDAUTH_VLEN) != KRB_SENDAUTH_VLEN) + return(errno); + version[KRB_SENDAUTH_VLEN] = '\0'; + + /* get the length of the ticket */ + { + char tmp[4]; + if (krb_net_read(fd, tmp, 4) != 4) + return -1; + krb_get_int(tmp, &ticket->length, 4, 0); + } + + /* sanity check */ + if (ticket->length <= 0 || ticket->length > MAX_KTXT_LEN) { + if (options & KOPT_DO_MUTUAL) { + if(send_error_reply(fd)) + return -1; + return KFAILURE; + } else + return KFAILURE; /* XXX there may still be junk on the fd? */ + } + + /* read the ticket */ + if (krb_net_read(fd, ticket->dat, ticket->length) != ticket->length) + return -1; + /* + * now have the ticket. decrypt it to get the authenticated + * data. + */ + rem = krb_rd_req(ticket, service, instance, faddr->sin_addr.s_addr, + kdata, filename); + + /* if we are doing mutual auth, compose a response */ + if (options & KOPT_DO_MUTUAL) { + if (rem != KSUCCESS){ + /* the krb_rd_req failed */ + if(send_error_reply(fd)) + return -1; + return rem; + } + + /* add one to the (formerly) sealed checksum, and re-seal it + for return to the client */ + { + unsigned char cs[4]; + krb_put_int(kdata->checksum + 1, cs, 4); +#ifndef NOENCRYPTION + des_key_sched(&kdata->session,schedule); +#endif + priv_len = krb_mk_priv(cs, + tmp_buf+4, + 4, + schedule, + &kdata->session, + laddr, + faddr); + } + /* mk_priv will never fail */ + priv_len += krb_put_int(priv_len, tmp_buf, 4); + + if((cc = krb_net_write(fd, tmp_buf, priv_len)) != priv_len) + return -1; + } + return rem; +} diff --git a/crypto/kerberosIV/lib/krb/resolve.c b/crypto/kerberosIV/lib/krb/resolve.c new file mode 100644 index 0000000..7777c0e --- /dev/null +++ b/crypto/kerberosIV/lib/krb/resolve.c @@ -0,0 +1,288 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" +#include "resolve.h" + +RCSID("$Id: resolve.c,v 1.11 1997/06/01 04:19:20 assar Exp $"); + +#if defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) + +#define DECL(X) {#X, T_##X} + +static struct stot{ + char *name; + int type; +}stot[] = { + DECL(A), + DECL(NS), + DECL(CNAME), + DECL(PTR), + DECL(MX), + DECL(TXT), + DECL(AFSDB), + DECL(SRV), + {NULL, 0} +}; + +static int +string_to_type(const char *name) +{ + struct stot *p = stot; + for(p = stot; p->name; p++) + if(strcasecmp(name, p->name) == 0) + return p->type; + return -1; +} + +#if 0 +static char * +type_to_string(int type) +{ + struct stot *p = stot; + for(p = stot; p->name; p++) + if(type == p->type) + return p->name; + return NULL; +} +#endif + +void +dns_free_data(struct dns_reply *r) +{ + struct resource_record *rr; + if(r->q.domain) + free(r->q.domain); + for(rr = r->head; rr;){ + struct resource_record *tmp = rr; + if(rr->domain) + free(rr->domain); + if(rr->u.data) + free(rr->u.data); + rr = rr->next; + free(tmp); + } + free (r); +} + +static struct dns_reply* +parse_reply(unsigned char *data, int len) +{ + unsigned char *p; + char host[128]; + int status; + + struct dns_reply *r; + struct resource_record **rr; + + r = (struct dns_reply*)malloc(sizeof(struct dns_reply)); + memset(r, 0, sizeof(struct dns_reply)); + + p = data; + memcpy(&r->h, p, sizeof(HEADER)); + p += sizeof(HEADER); + status = dn_expand(data, data + len, p, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + r->q.domain = strdup(host); + p += status; + r->q.type = (p[0] << 8 | p[1]); + p += 2; + r->q.class = (p[0] << 8 | p[1]); + p += 2; + rr = &r->head; + while(p < data + len){ + int type, class, ttl, size; + status = dn_expand(data, data + len, p, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + p += status; + type = (p[0] << 8) | p[1]; + p += 2; + class = (p[0] << 8) | p[1]; + p += 2; + ttl = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; + p += 4; + size = (p[0] << 8) | p[1]; + p += 2; + *rr = (struct resource_record*)calloc(1, + sizeof(struct resource_record)); + (*rr)->domain = strdup(host); + (*rr)->type = type; + (*rr)->class = class; + (*rr)->ttl = ttl; + (*rr)->size = size; + switch(type){ + case T_NS: + case T_CNAME: + case T_PTR: + status = dn_expand(data, data + len, p, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + (*rr)->u.txt = strdup(host); + break; + case T_MX: + case T_AFSDB:{ + status = dn_expand(data, data + len, p + 2, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + + strlen(host)); + (*rr)->u.mx->preference = (p[0] << 8) | p[1]; + strcpy((*rr)->u.mx->domain, host); + break; + } + case T_SRV:{ + status = dn_expand(data, data + len, p + 6, host, sizeof(host)); + if(status < 0){ + dns_free_data(r); + return NULL; + } + (*rr)->u.srv = + (struct srv_record*)malloc(sizeof(struct srv_record) + + strlen(host)); + (*rr)->u.srv->priority = (p[0] << 8) | p[1]; + (*rr)->u.srv->weight = (p[2] << 8) | p[3]; + (*rr)->u.srv->port = (p[4] << 8) | p[5]; + strcpy((*rr)->u.srv->target, host); + break; + } + case T_TXT:{ + (*rr)->u.txt = (char*)malloc(size + 1); + strncpy((*rr)->u.txt, (char*)p + 1, *p); + (*rr)->u.txt[*p] = 0; + break; + } + + default: + (*rr)->u.data = (unsigned char*)malloc(size); + memcpy((*rr)->u.data, p, size); + } + p += size; + rr = &(*rr)->next; + } + *rr = NULL; + return r; +} + + + +struct dns_reply * +dns_lookup(const char *domain, const char *type_name) +{ + unsigned char reply[1024]; + int len; + int type; + struct dns_reply *r = NULL; + + type = string_to_type(type_name); + len = res_search(domain, C_IN, type, reply, sizeof(reply)); + if(len >= 0) + r = parse_reply(reply, len); + return r; +} + +#else /* defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) */ + +struct dns_reply * +dns_lookup(const char *domain, const char *type_name) +{ + return NULL; +} + +void +dns_free_data(struct dns_reply *r) +{ +} + +#endif + +#ifdef TEST + +int +main(int argc, char **argv) +{ + struct dns_reply *r; + struct resource_record *rr; + r = dns_lookup(argv[1], argv[2]); + if(r == NULL){ + printf("No reply.\n"); + return 1; + } + for(rr = r->head; rr;rr=rr->next){ + printf("%s %s %d ", rr->domain, type_to_string(rr->type), rr->ttl); + switch(rr->type){ + case T_NS: + printf("%s\n", (char*)rr->data); + break; + case T_A: + printf("%d.%d.%d.%d\n", + ((unsigned char*)rr->data)[0], + ((unsigned char*)rr->data)[1], + ((unsigned char*)rr->data)[2], + ((unsigned char*)rr->data)[3]); + break; + case T_MX: + case T_AFSDB:{ + struct mx_record *mx = (struct mx_record*)rr->data; + printf("%d %s\n", mx->preference, mx->domain); + break; + } + case T_SRV:{ + struct srv_record *srv = (struct srv_record*)rr->data; + printf("%d %d %d %s\n", srv->priority, srv->weight, + srv->port, srv->target); + break; + } + default: + printf("\n"); + break; + } + } + + return 0; +} +#endif diff --git a/crypto/kerberosIV/lib/krb/resolve.h b/crypto/kerberosIV/lib/krb/resolve.h new file mode 100644 index 0000000..dac9993 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/resolve.h @@ -0,0 +1,110 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: resolve.h,v 1.5 1997/05/14 17:41:25 joda Exp $ */ + +/* THIS IS NOT (yet) A PUBLIC INTERFACE */ + + +#ifndef __RESOLVE_H__ +#define __RESOLVE_H__ + +/* We use these, but they are not always present in <arpa/nameser.h> */ + +#ifndef T_TXT +#define T_TXT 16 +#endif +#ifndef T_AFSDB +#define T_AFSDB 18 +#endif +#ifndef T_SRV +#define T_SRV 33 +#endif + +struct dns_query{ + char *domain; + unsigned type; + unsigned class; +}; + +struct mx_record{ + unsigned preference; + char domain[1]; +}; + +struct srv_record{ + unsigned priority; + unsigned weight; + unsigned port; + char target[1]; +}; + +struct resource_record{ + char *domain; + unsigned type; + unsigned class; + unsigned ttl; + unsigned size; + union { + void *data; + struct mx_record *mx; + struct mx_record *afsdb; /* mx and afsdb are identical */ + struct srv_record *srv; + struct in_addr *a; + char *txt; + }u; + struct resource_record *next; +}; + + +#ifndef HAVE_ARPA_NAMESER_H /* XXX */ +typedef int HEADER; /* will never be used */ +#endif + +struct dns_reply{ + HEADER h; + struct dns_query q; + struct resource_record *head; +}; + + +struct dns_reply* dns_lookup(const char *, const char *); + +void dns_free_data(struct dns_reply *r); + +#endif /* __RESOLVE_H__ */ diff --git a/crypto/kerberosIV/lib/krb/rw.c b/crypto/kerberosIV/lib/krb/rw.c new file mode 100644 index 0000000..4b136aa --- /dev/null +++ b/crypto/kerberosIV/lib/krb/rw.c @@ -0,0 +1,128 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* Almost all programs use these routines (implicitly) so it's a good + * place to put the version string. */ + +#include "version.h" + +#include "krb_locl.h" + +RCSID("$Id: rw.c,v 1.8 1997/04/01 08:18:44 joda Exp $"); + +int +krb_get_int(void *f, u_int32_t *to, int size, int lsb) +{ + int i; + unsigned char *from = (unsigned char *)f; + + *to = 0; + if(lsb){ + for(i = size-1; i >= 0; i--) + *to = (*to << 8) | from[i]; + }else{ + for(i = 0; i < size; i++) + *to = (*to << 8) | from[i]; + } + return size; +} + +int +krb_put_int(u_int32_t from, void *to, int size) +{ + int i; + unsigned char *p = (unsigned char *)to; + for(i = size - 1; i >= 0; i--){ + p[i] = from & 0xff; + from >>= 8; + } + return size; +} + + +/* addresses are always sent in network byte order */ + +int +krb_get_address(void *from, u_int32_t *to) +{ + unsigned char *p = (unsigned char*)from; + *to = htonl((p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]); + return 4; +} + +int +krb_put_address(u_int32_t addr, void *to) +{ + return krb_put_int(ntohl(addr), to, 4); +} + +int +krb_put_string(char *from, void *to) +{ + strcpy((char *)to, from); + return strlen(from) + 1; +} + +int +krb_get_string(void *from, char *to) +{ + return krb_put_string(from, to); +} + +int +krb_get_nir(void *from, char *name, char *instance, char *realm) +{ + char *p = (char *)from; + + p += krb_get_string(p, name); + p += krb_get_string(p, instance); + if(realm) + p += krb_get_string(p, realm); + return p - (char *)from; +} + +int +krb_put_nir(char *name, char *instance, char *realm, void *to) +{ + char *p = (char *)to; + p += krb_put_string(name, p); + p += krb_put_string(instance, p); + if(realm) + p += krb_put_string(realm, p); + return p - (char *)to; +} diff --git a/crypto/kerberosIV/lib/krb/save_credentials.c b/crypto/kerberosIV/lib/krb/save_credentials.c new file mode 100644 index 0000000..cfd6c07 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/save_credentials.c @@ -0,0 +1,59 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: save_credentials.c,v 1.5 1997/03/23 03:53:17 joda Exp $"); + +/* + * This routine takes a ticket and associated info and calls + * tf_save_cred() to store them in the ticket cache. The peer + * routine for extracting a ticket and associated info from the + * ticket cache is krb_get_cred(). When changes are made to + * this routine, the corresponding changes should be made + * in krb_get_cred() as well. + * + * Returns KSUCCESS if all goes well, otherwise an error returned + * by the tf_init() or tf_save_cred() routines. + */ + +int +save_credentials(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + unsigned char *session, /* Session key */ + int lifetime, /* Lifetime */ + int kvno, /* Key version number */ + KTEXT ticket, /* The ticket itself */ + int32_t issue_date) /* The issue time */ +{ + int tf_status; /* return values of the tf_util calls */ + + /* Open and lock the ticket file for writing */ + if ((tf_status = tf_init(TKT_FILE, W_TKT_FIL)) != KSUCCESS) + return(tf_status); + + /* Save credentials by appending to the ticket file */ + tf_status = tf_save_cred(service, instance, realm, session, + lifetime, kvno, ticket, issue_date); + tf_close(); + return (tf_status); +} diff --git a/crypto/kerberosIV/lib/krb/send_to_kdc.c b/crypto/kerberosIV/lib/krb/send_to_kdc.c new file mode 100644 index 0000000..828b34d --- /dev/null +++ b/crypto/kerberosIV/lib/krb/send_to_kdc.c @@ -0,0 +1,251 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: send_to_kdc.c,v 1.39 1997/05/15 21:02:31 joda Exp $"); + +struct host { + struct sockaddr_in addr; + int proto; +}; + +static const char *prog = "send_to_kdc"; +static send_recv(KTEXT pkt, KTEXT rpkt, int f, + struct sockaddr_in *_to, struct host *addrs, + int h_hosts); + +/* + * This file contains two routines, send_to_kdc() and send_recv(). + * send_recv() is a static routine used by send_to_kdc(). + */ + +/* + * send_to_kdc() sends a message to the Kerberos authentication + * server(s) in the given realm and returns the reply message. + * The "pkt" argument points to the message to be sent to Kerberos; + * the "rpkt" argument will be filled in with Kerberos' reply. + * The "realm" argument indicates the realm of the Kerberos server(s) + * to transact with. If the realm is null, the local realm is used. + * + * If more than one Kerberos server is known for a given realm, + * different servers will be queried until one of them replies. + * Several attempts (retries) are made for each server before + * giving up entirely. + * + * If an answer was received from a Kerberos host, KSUCCESS is + * returned. The following errors can be returned: + * + * SKDC_CANT - can't get local realm + * - can't find "kerberos" in /etc/services database + * - can't open socket + * - can't bind socket + * - all ports in use + * - couldn't find any Kerberos host + * + * SKDC_RETRY - couldn't get an answer from any Kerberos server, + * after several retries + */ + +int +send_to_kdc(KTEXT pkt, KTEXT rpkt, char *realm) +{ + int i; + int no_host; /* was a kerberos host found? */ + int retry; + int n_hosts; + int retval; + struct hostent *host; + char lrealm[REALM_SZ]; + struct krb_host *k_host; + struct host *hosts = malloc(sizeof(*hosts)); + + if (hosts == NULL) + return SKDC_CANT; + + /* + * If "realm" is non-null, use that, otherwise get the + * local realm. + */ + if (realm) + strcpy(lrealm, realm); + else + if (krb_get_lrealm(lrealm,1)) { + if (krb_debug) + krb_warning("%s: can't get local realm\n", prog); + return(SKDC_CANT); + } + if (krb_debug) + krb_warning("lrealm is %s\n", lrealm); + + no_host = 1; + /* get an initial allocation */ + n_hosts = 0; + for (i = 1; (k_host = krb_get_host(i, lrealm, 0)); ++i) { + char *p; + + if (krb_debug) + krb_warning("Getting host entry for %s...", k_host->host); + host = gethostbyname(k_host->host); + if (krb_debug) { + krb_warning("%s.\n", + host ? "Got it" : "Didn't get it"); + } + if (!host) + continue; + no_host = 0; /* found at least one */ + while ((p = *(host->h_addr_list)++)) { + hosts = realloc(hosts, sizeof(*hosts) * (n_hosts + 1)); + if (hosts == NULL) + return SKDC_CANT; + memset (&hosts[n_hosts].addr, 0, sizeof(hosts[n_hosts].addr)); + hosts[n_hosts].addr.sin_family = host->h_addrtype; + hosts[n_hosts].addr.sin_port = htons(k_host->port); + hosts[n_hosts].proto = k_host->proto; + memcpy(&hosts[n_hosts].addr.sin_addr, p, + sizeof(hosts[n_hosts].addr.sin_addr)); + ++n_hosts; + if (send_recv(pkt, rpkt, hosts[n_hosts-1].proto, + &hosts[n_hosts-1].addr, hosts, n_hosts)) { + retval = KSUCCESS; + goto rtn; + } + if (krb_debug) { + krb_warning("Timeout, error, or wrong descriptor\n"); + } + } + } + if (no_host) { + if (krb_debug) + krb_warning("%s: can't find any Kerberos host.\n", + prog); + retval = SKDC_CANT; + goto rtn; + } + /* retry each host in sequence */ + for (retry = 0; retry < CLIENT_KRB_RETRY; ++retry) { + for (i = 0; i < n_hosts; ++i) { + if (send_recv(pkt, rpkt, + hosts[i].proto, + &hosts[i].addr, + hosts, + n_hosts)) { + retval = KSUCCESS; + goto rtn; + } + } + } + retval = SKDC_RETRY; +rtn: + free(hosts); + return(retval); +} + +/* + * try to send out and receive message. + * return 1 on success, 0 on failure + */ + +static int +send_recv_it(KTEXT pkt, KTEXT rpkt, int stream, int f, + struct sockaddr_in *_to, struct host *addrs, int n_hosts) +{ + fd_set readfds; + int numsent; + + /* CLIENT_KRB_TIMEOUT indicates the time to wait before + * retrying a server. It's defined in "krb.h". + */ + struct timeval timeout; + timeout.tv_sec = CLIENT_KRB_TIMEOUT; + timeout.tv_usec = 0; + + if (krb_debug) { + if (_to->sin_family == AF_INET) + krb_warning("Sending message to %s...", + inet_ntoa(_to->sin_addr)); + else + krb_warning("Sending message..."); + } + if(stream){ + unsigned char tmp[4]; + krb_put_int(pkt->length, tmp, 4); + if((numsent = send(f, tmp, 4, 0)) != 4){ + if (krb_debug) + krb_warning("sent only %d/%d\n", numsent, 4); + return 0; + } + } + if ((numsent = send(f, pkt->dat, pkt->length, 0)) != pkt->length) { + if (krb_debug) + krb_warning("sent only %d/%d\n",numsent, pkt->length); + return 0; + } + if (krb_debug) + krb_warning("Sent\nWaiting for reply..."); + FD_ZERO(&readfds); + FD_SET(f, &readfds); + /* select - either recv is ready, or timeout */ + /* see if timeout or error or wrong descriptor */ + if (select(f + 1, &readfds, 0, 0, &timeout) < 1 + || !FD_ISSET(f, &readfds)) { + if (krb_debug) + krb_warning("select failed: errno = %d", errno); + return 0; + } + if(stream){ + if(krb_net_read(f, rpkt->dat, sizeof(rpkt->dat)) <= 0) + return 0; + }else{ + if (recv (f, rpkt->dat, sizeof(rpkt->dat), 0) < 0) { + if (krb_debug) + krb_warning("recvfrom: errno = %d\n", errno); + return 0; + } + } + return 1; +} + +static int +send_recv(KTEXT pkt, KTEXT rpkt, int proto, struct sockaddr_in *_to, + struct host *addrs, int n_hosts) +{ + int f; + int ret = 0; + if(proto == IPPROTO_UDP) + f = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + else if(proto == IPPROTO_TCP) + f = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + else{ + krb_warning("Unknown protocol `%d'.\n", proto); + return 0; + } + + if(connect(f, (struct sockaddr*)_to, sizeof(*_to)) < 0) + krb_warning("Connecting socket: errno = %d\n", errno); + else + ret = send_recv_it(pkt, rpkt, proto == IPPROTO_TCP, f, + _to, addrs, n_hosts); + + close(f); + return ret; +} + diff --git a/crypto/kerberosIV/lib/krb/sendauth.c b/crypto/kerberosIV/lib/krb/sendauth.c new file mode 100644 index 0000000..4240bcf --- /dev/null +++ b/crypto/kerberosIV/lib/krb/sendauth.c @@ -0,0 +1,163 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: sendauth.c,v 1.15 1997/04/18 14:11:36 joda Exp $"); + +/* + * krb_sendauth() transmits a ticket over a file descriptor for a + * desired service, instance, and realm, doing mutual authentication + * with the server if desired. + */ + +/* + * The first argument to krb_sendauth() contains a bitfield of + * options (the options are defined in "krb.h"): + * + * KOPT_DONT_CANON Don't canonicalize instance as a hostname. + * (If this option is not chosen, krb_get_phost() + * is called to canonicalize it.) + * + * KOPT_DONT_MK_REQ Don't request server ticket from Kerberos. + * A ticket must be supplied in the "ticket" + * argument. + * (If this option is not chosen, and there + * is no ticket for the given server in the + * ticket cache, one will be fetched using + * krb_mk_req() and returned in "ticket".) + * + * KOPT_DO_MUTUAL Do mutual authentication, requiring that the + * receiving server return the checksum+1 encrypted + * in the session key. The mutual authentication + * is done using krb_mk_priv() on the other side + * (see "recvauth.c") and krb_rd_priv() on this + * side. + * + * The "fd" argument is a file descriptor to write to the remote + * server on. The "ticket" argument is used to store the new ticket + * from the krb_mk_req() call. If the KOPT_DONT_MK_REQ options is + * chosen, the ticket must be supplied in the "ticket" argument. + * The "service", "inst", and "realm" arguments identify the ticket. + * If "realm" is null, the local realm is used. + * + * The following arguments are only needed if the KOPT_DO_MUTUAL option + * is chosen: + * + * The "checksum" argument is a number that the server will add 1 to + * to authenticate itself back to the client; the "msg_data" argument + * holds the returned mutual-authentication message from the server + * (i.e., the checksum+1); the "cred" structure is used to hold the + * session key of the server, extracted from the ticket file, for use + * in decrypting the mutual authentication message from the server; + * and "schedule" holds the key schedule for that decryption. The + * the local and server addresses are given in "laddr" and "faddr". + * + * The application protocol version number (of up to KRB_SENDAUTH_VLEN + * characters) is passed in "version". + * + * If all goes well, KSUCCESS is returned, otherwise some error code. + * + * The format of the message sent to the server is: + * + * Size Variable Field + * ---- -------- ----- + * + * KRB_SENDAUTH_VLEN KRB_SENDAUTH_VER sendauth protocol + * bytes version number + * + * KRB_SENDAUTH_VLEN version application protocol + * bytes version number + * + * 4 bytes ticket->length length of ticket + * + * ticket->length ticket->dat ticket itself + */ + +int +krb_sendauth(int32_t options, /* bit-pattern of options */ + int fd, /* file descriptor to write onto */ + KTEXT ticket, /* where to put ticket (return); or + * supplied in case of KOPT_DONT_MK_REQ */ + char *service, /* service name, instance, realm */ + char *instance, + char *realm, + u_int32_t checksum, /* checksum to include in request */ + MSG_DAT *msg_data, /* mutual auth MSG_DAT (return) */ + CREDENTIALS *cred, /* credentials (return) */ + struct des_ks_struct *schedule, /* key schedule (return) */ + struct sockaddr_in *laddr, /* local address */ + struct sockaddr_in *faddr, /* address of foreign host on fd */ + char *version) /* version string */ +{ + int ret; + KTEXT_ST buf; + char realrealm[REALM_SZ]; + + if (realm == NULL) { + ret = krb_get_lrealm (realrealm, 1); + if (ret != KSUCCESS) + return ret; + realm = realrealm; + } + ret = krb_mk_auth (options, ticket, service, instance, realm, checksum, + version, &buf); + if (ret != KSUCCESS) + return ret; + ret = krb_net_write(fd, buf.dat, buf.length); + if(ret < 0) + return -1; + + if (options & KOPT_DO_MUTUAL) { + char tmp[4]; + u_int32_t len; + char inst[INST_SZ]; + + ret = krb_net_read (fd, tmp, 4); + if (ret < 0) + return -1; + + krb_get_int (tmp, &len, 4, 0); + if (len == 0xFFFFFFFF || len > sizeof(buf.dat)) + return KFAILURE; + buf.length = len; + ret = krb_net_read (fd, buf.dat, len); + if (ret < 0) + return -1; + + if (options & KOPT_DONT_CANON) + strncpy (inst, instance, sizeof(inst)); + else + strncpy (inst, krb_get_phost(instance), sizeof(inst)); + + ret = krb_get_cred (service, inst, realm, cred); + if (ret != KSUCCESS) + return ret; + + des_key_sched(&cred->session, schedule); + + ret = krb_check_auth (&buf, checksum, msg_data, &cred->session, + schedule, laddr, faddr); + if (ret != KSUCCESS) + return ret; + } + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/sizetest.c b/crypto/kerberosIV/lib/krb/sizetest.c new file mode 100644 index 0000000..d64bbeb --- /dev/null +++ b/crypto/kerberosIV/lib/krb/sizetest.c @@ -0,0 +1,41 @@ +#include "krb_locl.h" + +RCSID("$Id: sizetest.c,v 1.5 1996/11/15 18:39:19 bg Exp $"); + +static +void +err(const char *msg) +{ + fputs(msg, stderr); + exit(1); +} + +int +main() +{ + if (sizeof(u_int8_t) < 1) + err("sizeof(u_int8_t) is smaller than 1 byte\n"); + if (sizeof(u_int16_t) < 2) + err("sizeof(u_int16_t) is smaller than 2 bytes\n"); + if (sizeof(u_int32_t) < 4) + err("sizeof(u_int32_t) is smaller than 4 bytes\n"); + + if (sizeof(u_int8_t) > 1) + fputs("warning: sizeof(u_int8_t) is larger than 1 byte, " + "some stuff may not work properly!\n", stderr); + + { + u_int8_t u = 1; + int i; + for (i = 0; u != 0 && i < 100; i++) + u <<= 1; + + if (i < 8) + err("u_int8_t is smaller than 8 bits\n"); + else if (i > 8) + fputs("warning: u_int8_t is larger than 8 bits, " + "some stuff may not work properly!\n", stderr); + } + + exit(0); +} diff --git a/crypto/kerberosIV/lib/krb/stime.c b/crypto/kerberosIV/lib/krb/stime.c new file mode 100644 index 0000000..ec57d8f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/stime.c @@ -0,0 +1,35 @@ +/* + * $Id: stime.c,v 1.6 1997/05/02 14:29:20 assar Exp $ + * + * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + */ + +#include "krb_locl.h" + +RCSID("$Id: stime.c,v 1.6 1997/05/02 14:29:20 assar Exp $"); + +/* + * Given a pointer to a long containing the number of seconds + * since the beginning of time (midnight 1 Jan 1970 GMT), return + * a string containing the local time in the form: + * + * "25-Jan-1988 10:17:56" + */ + +const char * +krb_stime(time_t *t) +{ + static char st[40]; + struct tm *tm; + + tm = localtime(t); + snprintf(st, sizeof(st), + "%2d-%s-%04d %02d:%02d:%02d",tm->tm_mday, + month_sname(tm->tm_mon + 1),tm->tm_year + 1900, + tm->tm_hour, tm->tm_min, tm->tm_sec); + return st; +} diff --git a/crypto/kerberosIV/lib/krb/str2key.c b/crypto/kerberosIV/lib/krb/str2key.c new file mode 100644 index 0000000..2b00fc1 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/str2key.c @@ -0,0 +1,103 @@ +/* This defines the Andrew string_to_key function. It accepts a password + * string as input and converts its via a one-way encryption algorithm to a DES + * encryption key. It is compatible with the original Andrew authentication + * service password database. + */ + +#include "krb_locl.h" + +RCSID("$Id: str2key.c,v 1.10 1997/03/23 03:53:19 joda Exp $"); + +static void +mklower(char *s) +{ + for (; *s; s++) + if ('A' <= *s && *s <= 'Z') + *s = *s - 'A' + 'a'; +} + +/* + * Short passwords, i.e 8 characters or less. + */ +static void +afs_cmu_StringToKey (char *str, char *cell, des_cblock *key) +{ + char password[8+1]; /* crypt is limited to 8 chars anyway */ + int i; + int passlen; + + memset (key, 0, sizeof(key)); + memset(password, 0, sizeof(password)); + + strncpy (password, cell, 8); + passlen = strlen (str); + if (passlen > 8) passlen = 8; + + for (i=0; i<passlen; i++) + password[i] = str[i] ^ cell[i]; /* make sure cell is zero padded */ + + for (i=0; i<8; i++) + if (password[i] == '\0') password[i] = 'X'; + + /* crypt only considers the first 8 characters of password but for some + reason returns eleven characters of result (plus the two salt chars). */ + strncpy((char *)key, (char *)crypt(password, "#~") + 2, sizeof(des_cblock)); + + /* parity is inserted into the LSB so leftshift each byte up one bit. This + allows ascii characters with a zero MSB to retain as much significance + as possible. */ + { char *keybytes = (char *)key; + unsigned int temp; + + for (i = 0; i < 8; i++) { + temp = (unsigned int) keybytes[i]; + keybytes[i] = (unsigned char) (temp << 1); + } + } + des_fixup_key_parity (key); +} + +/* + * Long passwords, i.e 9 characters or more. + */ +static void +afs_transarc_StringToKey (char *str, char *cell, des_cblock *key) +{ + des_key_schedule schedule; + des_cblock temp_key; + des_cblock ivec; + char password[512]; + int passlen; + + strncpy (password, str, sizeof(password)); + if ((passlen = strlen (password)) < sizeof(password)-1) + strncat (password, cell, sizeof(password)-passlen); + if ((passlen = strlen(password)) > sizeof(password)) passlen = sizeof(password); + + memcpy(&ivec, "kerberos", 8); + memcpy(&temp_key, "kerberos", 8); + des_fixup_key_parity (&temp_key); + des_key_sched (&temp_key, schedule); + des_cbc_cksum ((des_cblock *)password, &ivec, passlen, schedule, &ivec); + + memcpy(&temp_key, &ivec, 8); + des_fixup_key_parity (&temp_key); + des_key_sched (&temp_key, schedule); + des_cbc_cksum ((des_cblock *)password, key, passlen, schedule, &ivec); + + des_fixup_key_parity (key); +} + +void +afs_string_to_key(char *str, char *cell, des_cblock *key) +{ + char realm[REALM_SZ+1]; + strncpy(realm, cell, REALM_SZ); + realm[REALM_SZ] = 0; + mklower(realm); + + if (strlen(str) > 8) + afs_transarc_StringToKey (str, realm, key); + else + afs_cmu_StringToKey (str, realm, key); +} diff --git a/crypto/kerberosIV/lib/krb/swab.c b/crypto/kerberosIV/lib/krb/swab.c new file mode 100644 index 0000000..d68ce3d --- /dev/null +++ b/crypto/kerberosIV/lib/krb/swab.c @@ -0,0 +1,56 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: swab.c,v 1.4 1997/04/01 08:18:45 joda Exp $"); +#endif + +#ifndef HAVE_SWAB +void +swab (char *from, char *to, int nbytes) +{ + while(nbytes >= 2) { + *(to + 1) = *from; + *to = *(from + 1); + to += 2; + from += 2; + nbytes -= 2; + } +} +#endif diff --git a/crypto/kerberosIV/lib/krb/tf_util.c b/crypto/kerberosIV/lib/krb/tf_util.c new file mode 100644 index 0000000..a196448 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/tf_util.c @@ -0,0 +1,645 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: tf_util.c,v 1.24 1997/04/20 06:24:32 assar Exp $"); + + +#define TOO_BIG -1 +#define TF_LCK_RETRY ((unsigned)2) /* seconds to sleep before + * retry if ticket file is + * locked */ +#define TF_LCK_RETRY_COUNT (50) /* number of retries */ + +#ifndef O_BINARY +#define O_BINARY 0 +#endif + +/* + * fd must be initialized to something that won't ever occur as a real + * file descriptor. Since open(2) returns only non-negative numbers as + * valid file descriptors, and tf_init always stuffs the return value + * from open in here even if it is an error flag, we must + * a. Initialize fd to a negative number, to indicate that it is + * not initially valid. + * b. When checking for a valid fd, assume that negative values + * are invalid (ie. when deciding whether tf_init has been + * called.) + * c. In tf_close, be sure it gets reinitialized to a negative + * number. + */ +static int fd = -1; +static int curpos; /* Position in tfbfr */ +static int lastpos; /* End of tfbfr */ +static char tfbfr[BUFSIZ]; /* Buffer for ticket data */ + +static int tf_gets(char *s, int n); +static int tf_read(void *s, int n); + +/* + * This file contains routines for manipulating the ticket cache file. + * + * The ticket file is in the following format: + * + * principal's name (null-terminated string) + * principal's instance (null-terminated string) + * CREDENTIAL_1 + * CREDENTIAL_2 + * ... + * CREDENTIAL_n + * EOF + * + * Where "CREDENTIAL_x" consists of the following fixed-length + * fields from the CREDENTIALS structure (see "krb.h"): + * + * char service[ANAME_SZ] + * char instance[INST_SZ] + * char realm[REALM_SZ] + * C_Block session + * int lifetime + * int kvno + * KTEXT_ST ticket_st + * u_int32_t issue_date + * + * Short description of routines: + * + * tf_init() opens the ticket file and locks it. + * + * tf_get_pname() returns the principal's name. + * + * tf_put_pname() writes the principal's name to the ticket file. + * + * tf_get_pinst() returns the principal's instance (may be null). + * + * tf_put_pinst() writes the instance. + * + * tf_get_cred() returns the next CREDENTIALS record. + * + * tf_save_cred() appends a new CREDENTIAL record to the ticket file. + * + * tf_close() closes the ticket file and releases the lock. + * + * tf_gets() returns the next null-terminated string. It's an internal + * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred(). + * + * tf_read() reads a given number of bytes. It's an internal routine + * used by tf_get_cred(). + */ + +/* + * tf_init() should be called before the other ticket file routines. + * It takes the name of the ticket file to use, "tf_name", and a + * read/write flag "rw" as arguments. + * + * It tries to open the ticket file, checks the mode, and if everything + * is okay, locks the file. If it's opened for reading, the lock is + * shared. If it's opened for writing, the lock is exclusive. + * + * Returns KSUCCESS if all went well, otherwise one of the following: + * + * NO_TKT_FIL - file wasn't there + * TKT_FIL_ACC - file was in wrong mode, etc. + * TKT_FIL_LCK - couldn't lock the file, even after a retry + */ + +int +tf_init(char *tf_name, int rw) +{ + /* Unix implementation */ + int wflag; + struct stat stat_buf; + int i_retry; + + switch (rw) { + case R_TKT_FIL: + wflag = 0; + break; + case W_TKT_FIL: + wflag = 1; + break; + default: + if (krb_debug) + krb_warning("tf_init: illegal parameter\n"); + return TKT_FIL_ACC; + } + if (lstat(tf_name, &stat_buf) < 0) + switch (errno) { + case ENOENT: + return NO_TKT_FIL; + default: + return TKT_FIL_ACC; + } + /* The old code tried to guess when the calling program was + * running set-uid, this is now removed - the kerberos library + * does not (or shouldn't) know anything about user-ids. + + * All library functions now assume that the right userids are set + * upon entry, therefore there is no need to test permissions like + * before. If the file is openable, just open it. + */ + + if(!S_ISREG(stat_buf.st_mode)) + return TKT_FIL_ACC; + + + /* + * If "wflag" is set, open the ticket file in append-writeonly mode + * and lock the ticket file in exclusive mode. If unable to lock + * the file, sleep and try again. If we fail again, return with the + * proper error message. + */ + + curpos = sizeof(tfbfr); + + + if (wflag) { + fd = open(tf_name, O_RDWR | O_BINARY, 0600); + if (fd < 0) { + return TKT_FIL_ACC; + } + for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) { + if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) { + if (krb_debug) + krb_warning("tf_init: retry %d of write lock of `%s'.\n", + i_retry, tf_name); + sleep (TF_LCK_RETRY); + } else { + return KSUCCESS; /* all done */ + } + } + close (fd); + fd = -1; + return TKT_FIL_LCK; + } + /* + * Otherwise "wflag" is not set and the ticket file should be opened + * for read-only operations and locked for shared access. + */ + + fd = open(tf_name, O_RDONLY | O_BINARY, 0600); + if (fd < 0) { + return TKT_FIL_ACC; + } + + for (i_retry = 0; i_retry < TF_LCK_RETRY_COUNT; i_retry++) { + if (k_flock(fd, K_LOCK_SH | K_LOCK_NB) < 0) { + if (krb_debug) + krb_warning("tf_init: retry %d of read lock of `%s'.\n", + i_retry, tf_name); + sleep (TF_LCK_RETRY); + } else { + return KSUCCESS; /* all done */ + } + } + /* failure */ + close(fd); + fd = -1; + return TKT_FIL_LCK; +} + +/* + * tf_create() should be called when creating a new ticket file. + * The only argument is the name of the ticket file. + * After calling this, it should be possible to use other tf_* functions. + * + * New algoritm for creating ticket file: + * 1. try to erase contents of existing file. + * 2. try to remove old file. + * 3. try to open with O_CREAT and O_EXCL + * 4. if this fails, someone has created a file in between 1 and 2 and + * we should fail. Otherwise, all is wonderful. + */ + +int +tf_create(char *tf_name) +{ + struct stat statbuf; + char garbage[BUFSIZ]; + + fd = open(tf_name, O_RDWR | O_BINARY, 0); + if (fd >= 0) { + if (fstat (fd, &statbuf) == 0) { + int i; + + for (i = 0; i < statbuf.st_size; i += sizeof(garbage)) + write (fd, garbage, sizeof(garbage)); + } + close (fd); + } + + if (unlink (tf_name) && errno != ENOENT) + return TKT_FIL_ACC; + + fd = open(tf_name, O_RDWR | O_CREAT | O_EXCL | O_BINARY, 0600); + if (fd < 0) + return TKT_FIL_ACC; + if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) { + sleep(TF_LCK_RETRY); + if (k_flock(fd, K_LOCK_EX | K_LOCK_NB) < 0) { + close(fd); + fd = -1; + return TKT_FIL_LCK; + } + } + return KSUCCESS; +} + +/* + * tf_get_pname() reads the principal's name from the ticket file. It + * should only be called after tf_init() has been called. The + * principal's name is filled into the "p" parameter. If all goes well, + * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is + * returned. If the name was null, or EOF was encountered, or the name + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. + */ + +int +tf_get_pname(char *p) +{ + if (fd < 0) { + if (krb_debug) + krb_warning("tf_get_pname called before tf_init.\n"); + return TKT_FIL_INI; + } + if (tf_gets(p, ANAME_SZ) < 2) /* can't be just a null */ + { + if (krb_debug) + krb_warning ("tf_get_pname: pname < 2.\n"); + return TKT_FIL_FMT; + } + return KSUCCESS; +} + +/* + * tf_put_pname() sets the principal's name in the ticket file. Call + * after tf_create(). + */ + +int +tf_put_pname(char *p) +{ + unsigned count; + + if (fd < 0) { + if (krb_debug) + krb_warning("tf_put_pname called before tf_create.\n"); + return TKT_FIL_INI; + } + count = strlen(p)+1; + if (write(fd,p,count) != count) + return(KFAILURE); + return KSUCCESS; +} + +/* + * tf_get_pinst() reads the principal's instance from a ticket file. + * It should only be called after tf_init() and tf_get_pname() have been + * called. The instance is filled into the "inst" parameter. If all + * goes well, KSUCCESS is returned. If tf_init() wasn't called, + * TKT_FIL_INI is returned. If EOF was encountered, or the instance + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the + * instance may be null. + */ + +int +tf_get_pinst(char *inst) +{ + if (fd < 0) { + if (krb_debug) + krb_warning("tf_get_pinst called before tf_init.\n"); + return TKT_FIL_INI; + } + if (tf_gets(inst, INST_SZ) < 1) + { + if (krb_debug) + krb_warning("tf_get_pinst: inst_sz < 1.\n"); + return TKT_FIL_FMT; + } + return KSUCCESS; +} + +/* + * tf_put_pinst writes the principal's instance to the ticket file. + * Call after tf_create. + */ + +int +tf_put_pinst(char *inst) +{ + unsigned count; + + if (fd < 0) { + if (krb_debug) + krb_warning("tf_put_pinst called before tf_create.\n"); + return TKT_FIL_INI; + } + count = strlen(inst)+1; + if (write(fd,inst,count) != count) + return(KFAILURE); + return KSUCCESS; +} + +/* + * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills + * in the given structure "c". It should only be called after tf_init(), + * tf_get_pname(), and tf_get_pinst() have been called. If all goes well, + * KSUCCESS is returned. Possible error codes are: + * + * TKT_FIL_INI - tf_init wasn't called first + * TKT_FIL_FMT - bad format + * EOF - end of file encountered + */ + +int +tf_get_cred(CREDENTIALS *c) +{ + KTEXT ticket = &c->ticket_st; /* pointer to ticket */ + int k_errno; + + if (fd < 0) { + if (krb_debug) + krb_warning ("tf_get_cred called before tf_init.\n"); + return TKT_FIL_INI; + } + if ((k_errno = tf_gets(c->service, SNAME_SZ)) < 2) + switch (k_errno) { + case TOO_BIG: + if (krb_debug) + krb_warning("tf_get_cred: too big service cred.\n"); + case 1: /* can't be just a null */ + tf_close(); + if (krb_debug) + krb_warning("tf_get_cred: null service cred.\n"); + return TKT_FIL_FMT; + case 0: + return EOF; + } + if ((k_errno = tf_gets(c->instance, INST_SZ)) < 1) + switch (k_errno) { + case TOO_BIG: + if (krb_debug) + krb_warning ("tf_get_cred: too big instance cred.\n"); + return TKT_FIL_FMT; + case 0: + return EOF; + } + if ((k_errno = tf_gets(c->realm, REALM_SZ)) < 2) + switch (k_errno) { + case TOO_BIG: + if (krb_debug) + krb_warning ("tf_get_cred: too big realm cred.\n"); + case 1: /* can't be just a null */ + tf_close(); + if (krb_debug) + krb_warning ("tf_get_cred: null realm cred.\n"); + return TKT_FIL_FMT; + case 0: + return EOF; + } + if ( + tf_read((c->session), DES_KEY_SZ) < 1 || + tf_read(&(c->lifetime), sizeof(c->lifetime)) < 1 || + tf_read(&(c->kvno), sizeof(c->kvno)) < 1 || + tf_read(&(ticket->length), sizeof(ticket->length)) + < 1 || + /* don't try to read a silly amount into ticket->dat */ + ticket->length > MAX_KTXT_LEN || + tf_read((ticket->dat), ticket->length) < 1 || + tf_read(&(c->issue_date), sizeof(c->issue_date)) < 1 + ) { + tf_close(); + if (krb_debug) + krb_warning ("tf_get_cred: failed tf_read.\n"); + return TKT_FIL_FMT; + } + return KSUCCESS; +} + +/* + * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is + * not a valid file descriptor, it just returns. It also clears the + * buffer used to read tickets. + * + * The return value is not defined. + */ + +void +tf_close(void) +{ + if (!(fd < 0)) { + k_flock(fd, K_LOCK_UN); + close(fd); + fd = -1; /* see declaration of fd above */ + } + memset(tfbfr, 0, sizeof(tfbfr)); +} + +/* + * tf_gets() is an internal routine. It takes a string "s" and a count + * "n", and reads from the file until either it has read "n" characters, + * or until it reads a null byte. When finished, what has been read exists + * in "s". If it encounters EOF or an error, it closes the ticket file. + * + * Possible return values are: + * + * n the number of bytes read (including null terminator) + * when all goes well + * + * 0 end of file or read error + * + * TOO_BIG if "count" characters are read and no null is + * encountered. This is an indication that the ticket + * file is seriously ill. + */ + +static int +tf_gets(char *s, int n) +{ + int count; + + if (fd < 0) { + if (krb_debug) + krb_warning ("tf_gets called before tf_init.\n"); + return TKT_FIL_INI; + } + for (count = n - 1; count > 0; --count) { + if (curpos >= sizeof(tfbfr)) { + lastpos = read(fd, tfbfr, sizeof(tfbfr)); + curpos = 0; + } + if (curpos == lastpos) { + tf_close(); + return 0; + } + *s = tfbfr[curpos++]; + if (*s++ == '\0') + return (n - count); + } + tf_close(); + return TOO_BIG; +} + +/* + * tf_read() is an internal routine. It takes a string "s" and a count + * "n", and reads from the file until "n" bytes have been read. When + * finished, what has been read exists in "s". If it encounters EOF or + * an error, it closes the ticket file. + * + * Possible return values are: + * + * n the number of bytes read when all goes well + * + * 0 on end of file or read error + */ + +static int +tf_read(void *v, int n) +{ + char *s = (char *)v; + int count; + + for (count = n; count > 0; --count) { + if (curpos >= sizeof(tfbfr)) { + lastpos = read(fd, tfbfr, sizeof(tfbfr)); + curpos = 0; + } + if (curpos == lastpos) { + tf_close(); + return 0; + } + *s++ = tfbfr[curpos++]; + } + return n; +} + +/* + * tf_save_cred() appends an incoming ticket to the end of the ticket + * file. You must call tf_init() before calling tf_save_cred(). + * + * The "service", "instance", and "realm" arguments specify the + * server's name; "session" contains the session key to be used with + * the ticket; "kvno" is the server key version number in which the + * ticket is encrypted, "ticket" contains the actual ticket, and + * "issue_date" is the time the ticket was requested (local host's time). + * + * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't + * called previously, and KFAILURE for anything else that went wrong. + */ + +int +tf_save_cred(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + unsigned char *session, /* Session key */ + int lifetime, /* Lifetime */ + int kvno, /* Key version number */ + KTEXT ticket, /* The ticket itself */ + u_int32_t issue_date) /* The issue time */ +{ + int count; /* count for write */ + + if (fd < 0) { /* fd is ticket file as set by tf_init */ + if (krb_debug) + krb_warning ("tf_save_cred called before tf_init.\n"); + return TKT_FIL_INI; + } + /* Find the end of the ticket file */ + lseek(fd, 0L, SEEK_END); + + /* Write the ticket and associated data */ + /* Service */ + count = strlen(service) + 1; + if (write(fd, service, count) != count) + goto bad; + /* Instance */ + count = strlen(instance) + 1; + if (write(fd, instance, count) != count) + goto bad; + /* Realm */ + count = strlen(realm) + 1; + if (write(fd, realm, count) != count) + goto bad; + /* Session key */ + if (write(fd, session, 8) != 8) + goto bad; + /* Lifetime */ + if (write(fd, &lifetime, sizeof(int)) != sizeof(int)) + goto bad; + /* Key vno */ + if (write(fd, &kvno, sizeof(int)) != sizeof(int)) + goto bad; + /* Tkt length */ + if (write(fd, &(ticket->length), sizeof(int)) != + sizeof(int)) + goto bad; + /* Ticket */ + count = ticket->length; + if (write(fd, ticket->dat, count) != count) + goto bad; + /* Issue date */ + if (write(fd, &issue_date, sizeof(issue_date)) != sizeof(issue_date)) + goto bad; + + return (KSUCCESS); +bad: + return (KFAILURE); +} + +int +tf_setup(CREDENTIALS *cred, char *pname, char *pinst) +{ + int ret; + ret = tf_create(tkt_string()); + if (ret != KSUCCESS) + return ret; + + if (tf_put_pname(pname) != KSUCCESS || + tf_put_pinst(pinst) != KSUCCESS) { + tf_close(); + return INTK_ERR; + } + + ret = tf_save_cred(cred->service, cred->instance, cred->realm, + cred->session, cred->lifetime, cred->kvno, + &cred->ticket_st, cred->issue_date); + tf_close(); + return ret; +} + +int +in_tkt(char *pname, char *pinst) +{ + int ret; + + ret = tf_create (tkt_string()); + if (ret != KSUCCESS) + return ret; + + if (tf_put_pname(pname) != KSUCCESS || + tf_put_pinst(pinst) != KSUCCESS) { + tf_close(); + return INTK_ERR; + } + + tf_close(); + return KSUCCESS; +} diff --git a/crypto/kerberosIV/lib/krb/ticket_memory.c b/crypto/kerberosIV/lib/krb/ticket_memory.c new file mode 100644 index 0000000..04e20b6 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/ticket_memory.c @@ -0,0 +1,438 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* ticket_memory.c - Storage for tickets in memory + * Author: d93-jka@nada.kth.se - June 1996 + */ + +#define WIN32_LEAN_AND_MEAN +#include <Windows.h> +#include "krb_locl.h" +#include "ticket_memory.h" + +RCSID("$Id: ticket_memory.c,v 1.9 1997/04/20 18:07:36 assar Exp $"); + +void msg(char *text, int error); + +/* Global variables for memory mapping. */ +HANDLE SharedMemoryHandle; +tktmem *SharedMemory; + +static int CredIndex = -1; + +int +newTktMem(const char *tf_name) +{ + if(!SharedMemory) + { + unsigned int MemorySize = sizeof(tktmem); + unsigned int MemorySizeHi = sizeof(tktmem)>>16; + unsigned int MemorySizeLo = MemorySize&0xFFFF; + SharedMemoryHandle = CreateFileMapping((HANDLE)(int)-1, 0, + PAGE_READWRITE, + MemorySizeHi, MemorySizeLo, + "krb_memory"); + + if(!SharedMemoryHandle) + { + msg("Could not create shared memory.", GetLastError()); + return KFAILURE; + } + + SharedMemory = MapViewOfFile(SharedMemoryHandle, + FILE_MAP_WRITE, 0, 0, 0); + if(!SharedMemory) + { + msg("Unable to alloc shared memory.", GetLastError()); + return KFAILURE; + } + if(GetLastError() != ERROR_ALREADY_EXISTS) + { + if(tf_name) + strcpy(SharedMemory->tmname, tf_name); + SharedMemory->last_cred_no = 0; + } + } + + CredIndex = 0; + return KSUCCESS; +} + +int +freeTktMem(const char *tf_name) +{ + if(SharedMemory) + { + UnmapViewOfFile(SharedMemory); + CloseHandle(SharedMemoryHandle); + } + return KSUCCESS; +} + + + +tktmem * +getTktMem(const char *tf_name) +{ + return SharedMemory; +} + +void +firstCred(void) +{ + if(getTktMem(0)->last_cred_no > 0) + CredIndex = 0; + else + CredIndex = -1; +} + +int +nextCredIndex(void) +{ + const tktmem *mem; + int last; + mem = getTktMem(0); + last = mem->last_cred_no; + if(CredIndex >= 0 && CredIndex < last ) + return CredIndex++; + else + return CredIndex = -1; +} + +int +currCredIndex(void) +{ + const tktmem *mem; + int last; + mem = getTktMem(0); + last = mem->last_cred_no; + if(CredIndex >= 0 && CredIndex < last) + return CredIndex; + else + return CredIndex = -1; +} + +int +nextFreeIndex(void) +{ + tktmem *mem = getTktMem(0); + if(mem->last_cred_no > CRED_VEC_SZ) + return -1; + else + return mem->last_cred_no++; +} + +/* + * in_tkt() is used to initialize the ticket store. It creates the + * file to contain the tickets and writes the given user's name "pname" + * and instance "pinst" in the file. in_tkt() returns KSUCCESS on + * success, or KFAILURE if something goes wrong. + */ + +int +in_tkt(char *pname, char *pinst) +{ + /* Here goes code to initialize shared memory, to store tickets in. */ + /* Implemented somewhere else. */ + return KFAILURE; +} + +/* + * dest_tkt() is used to destroy the ticket store upon logout. + * If the ticket file does not exist, dest_tkt() returns RET_TKFIL. + * Otherwise the function returns RET_OK on success, KFAILURE on + * failure. + * + * The ticket file (TKT_FILE) is defined in "krb.h". + */ + +int +dest_tkt(void) +{ + /* Here goes code to destroy tickets in shared memory. */ + /* Not implemented yet. */ + return KFAILURE; +} + +/* Short description of routines: + * + * tf_init() opens the ticket file and locks it. + * + * tf_get_pname() returns the principal's name. + * + * tf_put_pname() writes the principal's name to the ticket file. + * + * tf_get_pinst() returns the principal's instance (may be null). + * + * tf_put_pinst() writes the instance. + * + * tf_get_cred() returns the next CREDENTIALS record. + * + * tf_save_cred() appends a new CREDENTIAL record to the ticket file. + * + * tf_close() closes the ticket file and releases the lock. + * + * tf_gets() returns the next null-terminated string. It's an internal + * routine used by tf_get_pname(), tf_get_pinst(), and tf_get_cred(). + * + * tf_read() reads a given number of bytes. It's an internal routine + * used by tf_get_cred(). + */ + +/* + * tf_init() should be called before the other ticket file routines. + * It takes the name of the ticket file to use, "tf_name", and a + * read/write flag "rw" as arguments. + * + * Returns KSUCCESS if all went well, otherwise one of the following: + * + * NO_TKT_FIL - file wasn't there + * TKT_FIL_ACC - file was in wrong mode, etc. + * TKT_FIL_LCK - couldn't lock the file, even after a retry + */ + +int +tf_init(char *tf_name, int rw) +{ + if(!getTktMem(tf_name)) + return NO_TKT_FIL; + firstCred(); + return KSUCCESS; +} + +/* + * tf_create() should be called when creating a new ticket file. + * The only argument is the name of the ticket file. + * After calling this, it should be possible to use other tf_* functions. + */ + +int +tf_create(char *tf_name) +{ + if(newTktMem(tf_name) != KSUCCESS) + return NO_TKT_FIL; + return KSUCCESS; +} + +/* + * tf_get_pname() reads the principal's name from the ticket file. It + * should only be called after tf_init() has been called. The + * principal's name is filled into the "p" parameter. If all goes well, + * KSUCCESS is returned. If tf_init() wasn't called, TKT_FIL_INI is + * returned. If the name was null, or EOF was encountered, or the name + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. + */ + +int +tf_get_pname(char *p) +{ + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if(!TktStore->pname) + return KFAILURE; + strcpy(p, TktStore->pname); + return KSUCCESS; +} + +/* + * tf_put_pname() sets the principal's name in the ticket file. Call + * after tf_create(). + */ + +int +tf_put_pname(char *p) +{ + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if(!TktStore->pname) + return KFAILURE; + strcpy(TktStore->pname, p); + return KSUCCESS; +} + +/* + * tf_get_pinst() reads the principal's instance from a ticket file. + * It should only be called after tf_init() and tf_get_pname() have been + * called. The instance is filled into the "inst" parameter. If all + * goes well, KSUCCESS is returned. If tf_init() wasn't called, + * TKT_FIL_INI is returned. If EOF was encountered, or the instance + * was longer than ANAME_SZ, TKT_FIL_FMT is returned. Note that the + * instance may be null. + */ + +int +tf_get_pinst(char *inst) +{ + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if(!TktStore->pinst) + return KFAILURE; + strcpy(inst, TktStore->pinst); + return KSUCCESS; +} + +/* + * tf_put_pinst writes the principal's instance to the ticket file. + * Call after tf_create. + */ + +int +tf_put_pinst(char *inst) +{ + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if(!TktStore->pinst) + return KFAILURE; + strcpy(TktStore->pinst, inst); + return KSUCCESS; +} + +/* + * tf_get_cred() reads a CREDENTIALS record from a ticket file and fills + * in the given structure "c". It should only be called after tf_init(), + * tf_get_pname(), and tf_get_pinst() have been called. If all goes well, + * KSUCCESS is returned. Possible error codes are: + * + * TKT_FIL_INI - tf_init wasn't called first + * TKT_FIL_FMT - bad format + * EOF - end of file encountered + */ + +int +tf_get_cred(CREDENTIALS *c) +{ + int index; + CREDENTIALS *cred; + tktmem *TktStore; + + if(!(TktStore = getTktMem(0))) + return KFAILURE; + if((index = nextCredIndex()) == -1) + return EOF; + if(!(cred = TktStore->cred_vec+index)) + return KFAILURE; + if(!c) + return KFAILURE; + memcpy(c, cred, sizeof(*c)); + return KSUCCESS; +} + +/* + * tf_close() closes the ticket file and sets "fd" to -1. If "fd" is + * not a valid file descriptor, it just returns. It also clears the + * buffer used to read tickets. + */ + +void +tf_close(void) +{ +} + +/* + * tf_save_cred() appends an incoming ticket to the end of the ticket + * file. You must call tf_init() before calling tf_save_cred(). + * + * The "service", "instance", and "realm" arguments specify the + * server's name; "session" contains the session key to be used with + * the ticket; "kvno" is the server key version number in which the + * ticket is encrypted, "ticket" contains the actual ticket, and + * "issue_date" is the time the ticket was requested (local host's time). + * + * Returns KSUCCESS if all goes well, TKT_FIL_INI if tf_init() wasn't + * called previously, and KFAILURE for anything else that went wrong. + */ + +int +tf_save_cred(char *service, /* Service name */ + char *instance, /* Instance */ + char *realm, /* Auth domain */ + unsigned char *session, /* Session key */ + int lifetime, /* Lifetime */ + int kvno, /* Key version number */ + KTEXT ticket, /* The ticket itself */ + u_int32_t issue_date) /* The issue time */ +{ + CREDENTIALS *cred; + tktmem *mem = getTktMem(0); + int last = nextFreeIndex(); + + if(last == -1) + return KFAILURE; + cred = mem->cred_vec+last; + strcpy(cred->service, service); + strcpy(cred->instance, instance); + strcpy(cred->realm, realm); + strcpy(cred->session, session); + cred->lifetime = lifetime; + cred->kvno = kvno; + memcpy(&(cred->ticket_st), ticket, sizeof(*ticket)); + cred->issue_date = issue_date; + strcpy(cred->pname, mem->pname); + strcpy(cred->pinst, mem->pinst); + return KSUCCESS; +} + + +int +tf_setup(CREDENTIALS *cred, char *pname, char *pinst) +{ + int ret; + ret = tf_create(tkt_string()); + if (ret != KSUCCESS) + return ret; + + if (tf_put_pname(pname) != KSUCCESS || + tf_put_pinst(pinst) != KSUCCESS) { + tf_close(); + return INTK_ERR; + } + + ret = tf_save_cred(cred->service, cred->instance, cred->realm, + cred->session, cred->lifetime, cred->kvno, + &cred->ticket_st, cred->issue_date); + tf_close(); + return ret; +} diff --git a/crypto/kerberosIV/lib/krb/ticket_memory.h b/crypto/kerberosIV/lib/krb/ticket_memory.h new file mode 100644 index 0000000..e85e1a4 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/ticket_memory.h @@ -0,0 +1,69 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* ticket_memory.h - Storage for tickets in memory + * Author: d93-jka@nada.kth.se - June 1996 + */ + +/* $Id: ticket_memory.h,v 1.6 1997/04/20 06:25:12 assar Exp $ */ + +#ifndef TICKET_MEMORY_H +#define TICKET_MEMORY_H + +#include "krb_locl.h" + +#define CRED_VEC_SZ 20 + +typedef struct _tktmem +{ + char tmname[64]; + char pname[ANAME_SZ]; /* Principal's name */ + char pinst[INST_SZ]; /* Principal's instance */ + int last_cred_no; + CREDENTIALS cred_vec[CRED_VEC_SZ]; +} tktmem; + +int newTktMem(const char *tf_name); +int freeTktMem(const char *tf_name); +tktmem *getTktMem(const char *tf_name); +void firstCred(void); +int nextCredIndex(void); +int currCredIndex(void); +int nextFreeIndex(void); + +#endif /* TICKET_MEMORY_H */ diff --git a/crypto/kerberosIV/lib/krb/tkt_string.c b/crypto/kerberosIV/lib/krb/tkt_string.c new file mode 100644 index 0000000..2914abb --- /dev/null +++ b/crypto/kerberosIV/lib/krb/tkt_string.c @@ -0,0 +1,85 @@ +/* + Copyright (C) 1989 by the Massachusetts Institute of Technology + + Export of this software from the United States of America is assumed + to require a specific license from the United States Government. + It is the responsibility of any person or organization contemplating + export to obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + + */ + +#include "krb_locl.h" + +RCSID("$Id: tkt_string.c,v 1.10 1997/05/02 14:54:26 assar Exp $"); + +/* + * This routine is used to generate the name of the file that holds + * the user's cache of server tickets and associated session keys. + * + * If it is set, krb_ticket_string contains the ticket file name. + * Otherwise, the filename is constructed as follows: + * + * If it is set, the environment variable "KRBTKFILE" will be used as + * the ticket file name. Otherwise TKT_ROOT (defined in "krb.h") and + * the user's uid are concatenated to produce the ticket file name + * (e.g., "/tmp/tkt123"). A pointer to the string containing the ticket + * file name is returned. + */ + +static char krb_ticket_string[MaxPathLen] = ""; + +#ifndef HAVE_GETUID +int getuid(void) +{ + return 27; +} +#endif + +char *tkt_string(void) +{ + char *env; + + if (!*krb_ticket_string) { + if ((env = getenv("KRBTKFILE"))) { + strncpy(krb_ticket_string, env, + sizeof(krb_ticket_string)-1); + krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0'; + } else { + snprintf(krb_ticket_string, sizeof(krb_ticket_string), + "%s%u",TKT_ROOT,(unsigned)getuid()); + } + } + return krb_ticket_string; +} + +/* + * This routine is used to set the name of the file that holds the user's + * cache of server tickets and associated session keys. + * + * The value passed in is copied into local storage. + * + * NOTE: This routine should be called during initialization, before other + * Kerberos routines are called; otherwise tkt_string() above may be called + * and return an undesired ticket file name until this routine is called. + */ + +void +krb_set_tkt_string(char *val) +{ + + strncpy(krb_ticket_string, val, sizeof(krb_ticket_string)-1); + krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0'; + + return; +} diff --git a/crypto/kerberosIV/lib/krb/unparse_name.c b/crypto/kerberosIV/lib/krb/unparse_name.c new file mode 100644 index 0000000..ddb938f --- /dev/null +++ b/crypto/kerberosIV/lib/krb/unparse_name.c @@ -0,0 +1,105 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: unparse_name.c,v 1.7 1997/04/01 08:18:46 joda Exp $"); + +static void +quote_string(char *quote, char *from, char *to) +{ + while(*from){ + if(strchr(quote, *from)) + *to++ = '\\'; + *to++ = *from++; + } + *to = 0; +} + +/* To be compatible with old functions, we quote differently in each + part of the principal*/ + +char * +krb_unparse_name_r(krb_principal *pr, char *fullname) +{ + quote_string("'@\\", pr->name, fullname); + if(pr->instance[0]){ + strcat(fullname, "."); + quote_string("@\\", pr->instance, fullname + strlen(fullname)); + } + if(pr->realm[0]){ + strcat(fullname, "@"); + quote_string("\\", pr->realm, fullname + strlen(fullname)); + } + return fullname; +} + +char * +krb_unparse_name_long_r(char *name, char *instance, char *realm, + char *fullname) +{ + krb_principal pr; + memset(&pr, 0, sizeof(pr)); + strcpy(pr.name, name); + if(instance) + strcpy(pr.instance, instance); + if(realm) + strcpy(pr.realm, realm); + return krb_unparse_name_r(&pr, fullname); +} + +char * +krb_unparse_name(krb_principal *pr) +{ + static char principal[MAX_K_NAME_SZ]; + krb_unparse_name_r(pr, principal); + return principal; +} + +char * +krb_unparse_name_long(char *name, char *instance, char *realm) +{ + krb_principal pr; + memset(&pr, 0, sizeof(pr)); + strcpy(pr.name, name); + if(instance) + strcpy(pr.instance, instance); + if(realm) + strcpy(pr.realm, realm); + return krb_unparse_name(&pr); +} diff --git a/crypto/kerberosIV/lib/krb/util.c b/crypto/kerberosIV/lib/krb/util.c new file mode 100644 index 0000000..7b77bb8 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/util.c @@ -0,0 +1,64 @@ +/* + * + * Copyright 1988 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + * + * Miscellaneous debug printing utilities + */ + +#include "krb_locl.h" + +RCSID("$Id: util.c,v 1.6 1996/10/05 00:18:34 joda Exp $"); + +/* + * Print some of the contents of the given authenticator structure + * (AUTH_DAT defined in "krb.h"). Fields printed are: + * + * pname, pinst, prealm, netaddr, flags, cksum, timestamp, session + */ + +void +ad_print(AUTH_DAT *x) +{ + /* + * Print the contents of an auth_dat struct. + */ + struct in_addr address; + address.s_addr = x->address; + printf("\n%s %s %s %s flags %u cksum 0x%X\n\ttkt_tm 0x%X sess_key", + x->pname, x->pinst, x->prealm, + inet_ntoa(address), x->k_flags, + x->checksum, x->time_sec); + printf("[8] ="); +#ifdef NOENCRYPTION + placebo_cblock_print(x->session); +#else + des_cblock_print_file(&x->session,stdout); +#endif + /* skip reply for now */ +} + +/* + * Print in hex the 8 bytes of the given session key. + * + * Printed format is: " 0x { x, x, x, x, x, x, x, x }" + */ + +#ifdef NOENCRYPTION +placebo_cblock_print(x) + des_cblock x; +{ + unsigned char *y = (unsigned char *) x; + int i = 0; + + printf(" 0x { "); + + while (i++ <8) { + printf("%x",*y++); + if (i<8) printf(", "); + } + printf(" }"); +} +#endif diff --git a/crypto/kerberosIV/lib/krb/verify_user.c b/crypto/kerberosIV/lib/krb/verify_user.c new file mode 100644 index 0000000..ce22b59 --- /dev/null +++ b/crypto/kerberosIV/lib/krb/verify_user.c @@ -0,0 +1,111 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "krb_locl.h" + +RCSID("$Id: verify_user.c,v 1.8 1997/04/01 08:18:46 joda Exp $"); + +/* Verify user with password. If secure, also verify against local + * service key, this can (usually) only be done by root. + * + * As a side effect, fresh tickets are obtained. + * + * Returns zero if ok, a positive kerberos error or -1 for system + * errors. + */ + +int +krb_verify_user(char *name, char *instance, char *realm, char *password, + int secure, char *linstance) +{ + int ret; + ret = krb_get_pw_in_tkt(name, instance, realm, + KRB_TICKET_GRANTING_TICKET, + realm, + DEFAULT_TKT_LIFE, password); + if(ret != KSUCCESS) + return ret; + + if(secure){ + struct hostent *hp; + int32_t addr; + + KTEXT_ST ticket; + AUTH_DAT auth; + + char lrealm[REALM_SZ]; + char hostname[MaxHostNameLen]; + char *phost; + + if (k_gethostname(hostname, sizeof(hostname)) == -1) { + dest_tkt(); + return -1; + } + + hp = gethostbyname(hostname); + if(hp == NULL){ + dest_tkt(); + return -1; + } + memcpy(&addr, hp->h_addr, sizeof(addr)); + + ret = krb_get_lrealm(lrealm, 1); + if(ret != KSUCCESS){ + dest_tkt(); + return ret; + } + phost = krb_get_phost(hostname); + + if (linstance == NULL) + linstance = "rcmd"; + + ret = krb_mk_req(&ticket, linstance, phost, lrealm, 33); + if(ret != KSUCCESS){ + dest_tkt(); + return ret; + } + + ret = krb_rd_req(&ticket, linstance, phost, addr, &auth, ""); + if(ret != KSUCCESS){ + dest_tkt(); + return ret; + } + } + return 0; +} + diff --git a/crypto/kerberosIV/lib/roken/Makefile.in b/crypto/kerberosIV/lib/roken/Makefile.in new file mode 100644 index 0000000..26f3142 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/Makefile.in @@ -0,0 +1,94 @@ +# +# $Id: Makefile.in,v 1.34 1997/05/28 05:23:39 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +CPP = @CPP@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = # @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)roken +#LIBEXT = @LIBEXT@ Always build archive library and don't install! +LIBEXT = a +LIBPREFIX = @LIBPREFIX@ +SHLIBEXT = @SHLIBEXT@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) + +SOURCES = \ + chown.c daemon.c err.c errx.c fchown.c get_window_size.c \ + getcwd.c getdtablesize.c getopt.c getusershell.c \ + hstrerror.c inaddr2str.c inet_aton.c \ + initgroups.c k_getpwnam.c k_getpwuid.c lstat.c \ + memmove.c mini_inetd.c mkstemp.c putenv.c rcmd.c setegid.c \ + setenv.c seteuid.c signal.c snprintf.c \ + strcasecmp.c strdup.c strerror.c strftime.c \ + strlwr.c strnlen.c strtok_r.c strupr.c tm2time.c \ + unsetenv.c verify.c verr.c verrx.c vwarn.c \ + vwarnx.c warn.c warnerr.c warnx.c + +OBJECTS = k_getpwuid.o k_getpwnam.o signal.o tm2time.o \ + verify.o inaddr2str.o mini_inetd.o get_window_size.o \ + warnerr.o snprintf.o @LIBOBJS@ + +all: $(LIB) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(PICFLAGS) $< + +install: all + +uninstall: + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) *.o *.a + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +$(LIBNAME).a: $(OBJECTS) + rm -f $@ + $(AR) cr $@ $(OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(OBJECTS) + +$(OBJECTS): ../../include/config.h diff --git a/crypto/kerberosIV/lib/roken/chown.c b/crypto/kerberosIV/lib/roken/chown.c new file mode 100644 index 0000000..28550d9 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/chown.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: chown.c,v 1.2 1997/04/01 08:18:58 joda Exp $"); +#endif + +#include "roken.h" + +int +chown(const char *path, uid_t owner, gid_t group) +{ + return 0; +} diff --git a/crypto/kerberosIV/lib/roken/daemon.c b/crypto/kerberosIV/lib/roken/daemon.c new file mode 100644 index 0000000..ffab298 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/daemon.c @@ -0,0 +1,89 @@ +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#if defined(LIBC_SCCS) && !defined(lint) +static char sccsid[] = "@(#)daemon.c 8.1 (Berkeley) 6/4/93"; +#endif /* LIBC_SCCS and not lint */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +RCSID("$Id: daemon.c,v 1.2 1997/05/28 05:38:09 assar Exp $"); + +#ifndef HAVE_DAEMON + +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_PATHS_H +#include <paths.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +#include "roken.h" + +int +daemon(nochdir, noclose) + int nochdir, noclose; +{ + int fd; + + switch (fork()) { + case -1: + return (-1); + case 0: + break; + default: + _exit(0); + } + + if (setsid() == -1) + return (-1); + + if (!nochdir) + (void)chdir("/"); + + if (!noclose && (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) { + (void)dup2(fd, STDIN_FILENO); + (void)dup2(fd, STDOUT_FILENO); + (void)dup2(fd, STDERR_FILENO); + if (fd > 2) + (void)close (fd); + } + return (0); +} + +#endif /* HAVE_DAEMON */ diff --git a/crypto/kerberosIV/lib/roken/err.c b/crypto/kerberosIV/lib/roken/err.c new file mode 100644 index 0000000..029faa9 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/err.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: err.c,v 1.5 1997/03/30 08:05:37 joda Exp $"); +#endif + +#include "err.h" + +void +err(int eval, const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + verr(eval, fmt, ap); + va_end(ap); +} diff --git a/crypto/kerberosIV/lib/roken/err.h b/crypto/kerberosIV/lib/roken/err.h new file mode 100644 index 0000000..6f25435 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/err.h @@ -0,0 +1,76 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: err.h,v 1.13 1997/05/02 14:29:30 assar Exp $ */ + +#ifndef __ERR_H__ +#define __ERR_H__ + +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <stdarg.h> + +extern const char *__progname; + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +void warnerr(int doexit, int eval, int doerrno, const char *fmt, va_list ap) + __attribute__ ((format (printf, 4, 0))); + +void verr(int eval, const char *fmt, va_list ap) + __attribute__ ((noreturn, format (printf, 2, 0))); +void err(int eval, const char *fmt, ...) + __attribute__ ((noreturn, format (printf, 2, 3))); +void verrx(int eval, const char *fmt, va_list ap) + __attribute__ ((noreturn, format (printf, 2, 0))); +void errx(int eval, const char *fmt, ...) + __attribute__ ((noreturn, format (printf, 2, 3))); +void vwarn(const char *fmt, va_list ap) + __attribute__ ((format (printf, 1, 0))); +void warn(const char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); +void vwarnx(const char *fmt, va_list ap) + __attribute__ ((format (printf, 1, 0))); +void warnx(const char *fmt, ...) + __attribute__ ((format (printf, 1, 2))); + +#endif /* __ERR_H__ */ diff --git a/crypto/kerberosIV/lib/roken/errx.c b/crypto/kerberosIV/lib/roken/errx.c new file mode 100644 index 0000000..18969d5 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/errx.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: errx.c,v 1.5 1997/03/30 08:05:38 joda Exp $"); +#endif + +#include "err.h" + +void +errx(int eval, const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + verrx(eval, fmt, ap); + va_end(ap); +} diff --git a/crypto/kerberosIV/lib/roken/fchown.c b/crypto/kerberosIV/lib/roken/fchown.c new file mode 100644 index 0000000..2a94e3a --- /dev/null +++ b/crypto/kerberosIV/lib/roken/fchown.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: fchown.c,v 1.2 1997/04/01 08:18:58 joda Exp $"); +#endif + +#include "roken.h" + +int +fchown(int fd, uid_t owner, gid_t group) +{ + return 0; +} diff --git a/crypto/kerberosIV/lib/roken/get_window_size.c b/crypto/kerberosIV/lib/roken/get_window_size.c new file mode 100644 index 0000000..d31d18d --- /dev/null +++ b/crypto/kerberosIV/lib/roken/get_window_size.c @@ -0,0 +1,96 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: get_window_size.c,v 1.4 1997/04/01 08:18:59 joda Exp $"); +#endif + +#include <stdlib.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif + +#if 0 /* Where were those needed? /confused */ +#ifdef HAVE_SYS_PROC_H +#include <sys/proc.h> +#endif + +#ifdef HAVE_SYS_TTY_H +#include <sys/tty.h> +#endif +#endif + +#ifdef HAVE_TERMIOS_H +#include <termios.h> +#endif + +#include <roken.h> + +int +get_window_size(int fd, struct winsize *wp) +{ +#if defined(TIOCGWINSZ) + return ioctl(fd, TIOCGWINSZ, wp); +#elif defined(TIOCGSIZE) + struct ttysize ts; + int error; + + if ((error = ioctl(0, TIOCGSIZE, &ts)) != 0) + return (error); + wp->ws_row = ts.ts_lines; + wp->ws_col = ts.ts_cols; + wp->ws_xpixel = 0; + wp->ws_ypixel = 0; + return 0; +#elif defined(HAVE__SCRSIZE) + int dst[2]; + + _scrsize(dst); + wp->ws_row = dst[1]; + wp->ws_col = dst[0]; + wp->ws_xpixel = 0; + wp->ws_ypixel = 0; + return 0; +#else + return -1; +#endif +} diff --git a/crypto/kerberosIV/lib/roken/getcwd.c b/crypto/kerberosIV/lib/roken/getcwd.c new file mode 100644 index 0000000..a27451f --- /dev/null +++ b/crypto/kerberosIV/lib/roken/getcwd.c @@ -0,0 +1,59 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: getcwd.c,v 1.7 1997/04/01 08:19:00 joda Exp $"); +#endif + +#include <unistd.h> +#include <sys/param.h> + +#include "protos.h" +#include "roken.h" + +char* +getcwd(char *path, size_t size) +{ + char xxx[MaxPathLen]; + char *ret; + ret = getwd(xxx); + if(ret) + strncpy(path, xxx, size); + return ret; +} diff --git a/crypto/kerberosIV/lib/roken/getdtablesize.c b/crypto/kerberosIV/lib/roken/getdtablesize.c new file mode 100644 index 0000000..afd47d2b --- /dev/null +++ b/crypto/kerberosIV/lib/roken/getdtablesize.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: getdtablesize.c,v 1.8 1997/04/20 05:51:06 assar Exp $"); +#endif + +#include "roken.h" + +#include <sys/types.h> +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif +#ifdef HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif +#include <unistd.h> + +#ifdef HAVE_SYS_RESOURCE_H +#include <sys/resource.h> +#endif + +#ifdef HAVE_SYS_SYSCTL_H +#include <sys/sysctl.h> +#endif + +int getdtablesize(void) +{ + int files = -1; +#if defined(HAVE_SYSCONF) && defined(_SC_OPEN_MAX) + files = sysconf(_SC_OPEN_MAX); +#else /* !defined(HAVE_SYSCONF) */ +#if defined(HAVE_GETRLIMIT) && defined(RLIMIT_NOFILE) + struct rlimit res; + if (getrlimit(RLIMIT_NOFILE, &res) == 0) + files = res.rlim_cur; +#else /* !definded(HAVE_GETRLIMIT) */ +#if defined(HAVE_SYSCTL) && defined(CTL_KERN) && defined(KERN_MAXFILES) + int mib[2]; + size_t len; + + mib[0] = CTL_KERN; + mib[1] = KERN_MAXFILES; + len = sizeof(files); + sysctl(&mib, 2, &files, sizeof(nfil), NULL, 0); +#endif /* defined(HAVE_SYSCTL) */ +#endif /* !definded(HAVE_GETRLIMIT) */ +#endif /* !defined(HAVE_SYSCONF) */ + +#ifdef OPEN_MAX + if (files < 0) + files = OPEN_MAX; +#endif + +#ifdef NOFILE + if (files < 0) + files = NOFILE; +#endif + + return files; +} diff --git a/crypto/kerberosIV/lib/roken/getopt.c b/crypto/kerberosIV/lib/roken/getopt.c new file mode 100644 index 0000000..fea4635 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/getopt.c @@ -0,0 +1,128 @@ +/* + * Copyright (c) 1987, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#if defined(LIBC_SCCS) && !defined(lint) +static char sccsid[] = "@(#)getopt.c 8.1 (Berkeley) 6/4/93"; +#endif /* LIBC_SCCS and not lint */ + +#ifndef __STDC__ +#define const +#endif +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +/* + * get option letter from argument vector + */ +int opterr = 1, /* if error message should be printed */ + optind = 1, /* index into parent argv vector */ + optopt, /* character checked for validity */ + optreset; /* reset getopt */ +char *optarg; /* argument associated with option */ + +#define BADCH (int)'?' +#define BADARG (int)':' +#define EMSG "" + +int +getopt(nargc, nargv, ostr) + int nargc; + char * const *nargv; + const char *ostr; +{ + static char *place = EMSG; /* option letter processing */ + char *oli; /* option letter list index */ + char *p; + + if (optreset || !*place) { /* update scanning pointer */ + optreset = 0; + if (optind >= nargc || *(place = nargv[optind]) != '-') { + place = EMSG; + return(EOF); + } + if (place[1] && *++place == '-') { /* found "--" */ + ++optind; + place = EMSG; + return(EOF); + } + } /* option letter okay? */ + if ((optopt = (int)*place++) == (int)':' || + !(oli = strchr(ostr, optopt))) { + /* + * if the user didn't specify '-' as an option, + * assume it means EOF. + */ + if (optopt == (int)'-') + return(EOF); + if (!*place) + ++optind; + if (opterr && *ostr != ':') { + if (!(p = strrchr(*nargv, '/'))) + p = *nargv; + else + ++p; + fprintf(stderr, "%s: illegal option -- %c\n", + p, optopt); + } + return(BADCH); + } + if (*++oli != ':') { /* don't need argument */ + optarg = NULL; + if (!*place) + ++optind; + } + else { /* need an argument */ + if (*place) /* no white space */ + optarg = place; + else if (nargc <= ++optind) { /* no arg */ + place = EMSG; + if (!(p = strrchr(*nargv, '/'))) + p = *nargv; + else + ++p; + if (*ostr == ':') + return(BADARG); + if (opterr) + fprintf(stderr, + "%s: option requires an argument -- %c\n", + p, optopt); + return(BADCH); + } + else /* white space */ + optarg = nargv[optind]; + place = EMSG; + ++optind; + } + return(optopt); /* dump back option letter */ +} diff --git a/crypto/kerberosIV/lib/roken/getusershell.c b/crypto/kerberosIV/lib/roken/getusershell.c new file mode 100644 index 0000000..87a48ec --- /dev/null +++ b/crypto/kerberosIV/lib/roken/getusershell.c @@ -0,0 +1,160 @@ +/* + * Copyright (c) 1985, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +RCSID("$Id: getusershell.c,v 1.8 1997/04/20 06:18:03 assar Exp $"); + +#ifndef HAVE_GETUSERSHELL + +#include <stdio.h> +#include <stdlib.h> +#ifdef HAVE_PATHS_H +#include <paths.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif + +#ifndef _PATH_SHELLS +#define _PATH_SHELLS "/etc/shells" +#endif + +#ifndef _PATH_BSHELL +#define _PATH_BSHELL "/bin/sh" +#endif + +#ifndef _PATH_CSHELL +#define _PATH_CSHELL "/bin/csh" +#endif + +/* + * Local shells should NOT be added here. They should be added in + * /etc/shells. + */ + +static char *okshells[] = { _PATH_BSHELL, _PATH_CSHELL, NULL }; +static char **curshell, **shells, *strings; +static char **initshells (void); + +/* + * Get a list of shells from _PATH_SHELLS, if it exists. + */ +char * +getusershell() +{ + char *ret; + + if (curshell == NULL) + curshell = initshells(); + ret = *curshell; + if (ret != NULL) + curshell++; + return (ret); +} + +void +endusershell() +{ + + if (shells != NULL) + free(shells); + shells = NULL; + if (strings != NULL) + free(strings); + strings = NULL; + curshell = NULL; +} + +void +setusershell() +{ + + curshell = initshells(); +} + +static char ** +initshells() +{ + char **sp, *cp; + FILE *fp; + struct stat statb; + + if (shells != NULL) + free(shells); + shells = NULL; + if (strings != NULL) + free(strings); + strings = NULL; + if ((fp = fopen(_PATH_SHELLS, "r")) == NULL) + return (okshells); + if (fstat(fileno(fp), &statb) == -1) { + fclose(fp); + return (okshells); + } + if ((strings = malloc((u_int)statb.st_size)) == NULL) { + fclose(fp); + return (okshells); + } + shells = calloc((unsigned)statb.st_size / 3, sizeof (char *)); + if (shells == NULL) { + fclose(fp); + free(strings); + strings = NULL; + return (okshells); + } + sp = shells; + cp = strings; + while (fgets(cp, MaxPathLen + 1, fp) != NULL) { + while (*cp != '#' && *cp != '/' && *cp != '\0') + cp++; + if (*cp == '#' || *cp == '\0') + continue; + *sp++ = cp; + while (!isspace(*cp) && *cp != '#' && *cp != '\0') + cp++; + *cp++ = '\0'; + } + *sp = NULL; + fclose(fp); + return (shells); +} +#endif /* HAVE_GETUSERSHELL */ diff --git a/crypto/kerberosIV/lib/roken/hstrerror.c b/crypto/kerberosIV/lib/roken/hstrerror.c new file mode 100644 index 0000000..9e47cb5 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/hstrerror.c @@ -0,0 +1,87 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: hstrerror.c,v 1.17 1997/06/01 03:37:25 assar Exp $"); +#endif + +#include "roken.h" + +#ifndef HAVE_HSTRERROR + +#include <stdio.h> +#include <netdb.h> + +#ifndef HAVE_H_ERRNO +int h_errno = -17; /* Some magic number */ +#endif + +#if !(defined(HAVE_H_ERRLIST) && defined(HAVE_H_NERR)) +static const char *const h_errlist[] = { + "Resolver Error 0 (no error)", + "Unknown host", /* 1 HOST_NOT_FOUND */ + "Host name lookup failure", /* 2 TRY_AGAIN */ + "Unknown server error", /* 3 NO_RECOVERY */ + "No address associated with name", /* 4 NO_ADDRESS */ +}; + +static +const +int h_nerr = { sizeof h_errlist / sizeof h_errlist[0] }; +#else + +#ifndef HAVE_H_ERRLIST_DECLARATION +extern const char *h_errlist[]; +extern int h_nerr; +#endif + +#endif + +char * +hstrerror(int herr) +{ + if (0 <= herr && herr < h_nerr) + return (char *) h_errlist[herr]; + else if(herr == -17) + return "unknown error"; + else + return "Error number out of range (hstrerror)"; +} + +#endif diff --git a/crypto/kerberosIV/lib/roken/inaddr2str.c b/crypto/kerberosIV/lib/roken/inaddr2str.c new file mode 100644 index 0000000..af158aa --- /dev/null +++ b/crypto/kerberosIV/lib/roken/inaddr2str.c @@ -0,0 +1,88 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: inaddr2str.c,v 1.6 1997/04/01 08:19:02 joda Exp $"); +#endif + +#include <stdlib.h> +#include <string.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +#include "roken.h" + +/* + * Get a verified name for `addr'. + * If unable to find it in the DNS, return x.y.z.a + */ + +void +inaddr2str(struct in_addr addr, char *s, size_t len) +{ + struct hostent *h; + char *p; + + h = gethostbyaddr ((const char *)&addr, sizeof(addr), AF_INET); + if (h) { + h = gethostbyname (h->h_name); + if(h) + while ((p = *(h->h_addr_list)++)) + if (memcmp (p, &addr, sizeof(addr)) == 0) { + strncpy (s, h->h_name, len); + s[len - 1] = '\0'; + return; + } + } + strncpy (s, inet_ntoa (addr), len); + s[len - 1] = '\0'; + return; +} diff --git a/crypto/kerberosIV/lib/roken/inet_aton.c b/crypto/kerberosIV/lib/roken/inet_aton.c new file mode 100644 index 0000000..c97ef74 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/inet_aton.c @@ -0,0 +1,68 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: inet_aton.c,v 1.10 1997/05/20 19:57:03 bg Exp $"); +#endif + +#include "roken.h" + +#include <stdio.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif + +/* Minimal implementation of inet_aton. + * Cannot distinguish between failure and a local broadcast address. */ + +int +inet_aton(const char *cp, struct in_addr *addr) +{ + addr->s_addr = inet_addr(cp); + return (addr->s_addr == INADDR_NONE) ? 0 : 1; +} diff --git a/crypto/kerberosIV/lib/roken/initgroups.c b/crypto/kerberosIV/lib/roken/initgroups.c new file mode 100644 index 0000000..a68aa63 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/initgroups.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: initgroups.c,v 1.2 1997/04/01 08:19:03 joda Exp $"); +#endif + +#include "roken.h" + +int +initgroups(const char *name, gid_t basegid) +{ + return 0; +} diff --git a/crypto/kerberosIV/lib/roken/k_getpwnam.c b/crypto/kerberosIV/lib/roken/k_getpwnam.c new file mode 100644 index 0000000..580b1a2 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/k_getpwnam.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: k_getpwnam.c,v 1.6 1997/04/01 08:19:03 joda Exp $"); +#endif /* HAVE_CONFIG_H */ + +#include "roken.h" +#ifdef HAVE_SHADOW_H +#include <shadow.h> +#endif + +struct passwd * +k_getpwnam (char *user) +{ + struct passwd *p; + + p = getpwnam (user); +#ifdef HAVE_GETSPNAM + if(p) + { + struct spwd *spwd; + + spwd = getspnam (user); + if (spwd) + p->pw_passwd = spwd->sp_pwdp; + endspent (); + } +#else + endpwent (); +#endif + return p; +} diff --git a/crypto/kerberosIV/lib/roken/k_getpwuid.c b/crypto/kerberosIV/lib/roken/k_getpwuid.c new file mode 100644 index 0000000..a3a8f04 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/k_getpwuid.c @@ -0,0 +1,69 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: k_getpwuid.c,v 1.6 1997/04/01 08:19:04 joda Exp $"); +#endif /* HAVE_CONFIG_H */ + +#include "roken.h" +#ifdef HAVE_SHADOW_H +#include <shadow.h> +#endif + +struct passwd * +k_getpwuid (uid_t uid) +{ + struct passwd *p; + + p = getpwuid (uid); +#ifdef HAVE_GETSPUID + if (p) + { + struct spwd *spwd; + + spwd = getspuid (uid); + if (spwd) + p->pw_passwd = spwd->sp_pwdp; + endspent (); + } +#else + endpwent (); +#endif + return p; +} diff --git a/crypto/kerberosIV/lib/roken/lstat.c b/crypto/kerberosIV/lib/roken/lstat.c new file mode 100644 index 0000000..881ad9a --- /dev/null +++ b/crypto/kerberosIV/lib/roken/lstat.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: lstat.c,v 1.3 1997/04/01 08:19:04 joda Exp $"); +#endif + +#include "roken.h" + +int +lstat(const char *path, struct stat *buf) +{ + return stat(path, buf); +} diff --git a/crypto/kerberosIV/lib/roken/memmove.c b/crypto/kerberosIV/lib/roken/memmove.c new file mode 100644 index 0000000..315ff05 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/memmove.c @@ -0,0 +1,67 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: memmove.c,v 1.5 1997/04/01 08:19:05 joda Exp $"); +#endif + +/* + * memmove for systems that doesn't have it + */ + +#include <sys/types.h> + +void* memmove(void *s1, const void *s2, size_t n) +{ + char *s=(char*)s2, *d=(char*)s1; + + if(d > s){ + s+=n-1; + d+=n-1; + while(n){ + *d--=*s--; + n--; + } + }else if(d < s) + while(n){ + *d++=*s++; + n--; + } + return s1; +} diff --git a/crypto/kerberosIV/lib/roken/mini_inetd.c b/crypto/kerberosIV/lib/roken/mini_inetd.c new file mode 100644 index 0000000..ccfcfe7 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/mini_inetd.c @@ -0,0 +1,99 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: mini_inetd.c,v 1.10 1997/05/02 14:30:07 assar Exp $"); +#endif + +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif + +#include <roken.h> + +void +mini_inetd (int port) +{ + struct sockaddr_in sa; + int s = socket(AF_INET, SOCK_STREAM, 0); + int s2; + int one = 1; + if(s < 0){ + perror("socket"); + exit(1); + } +#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) + if(setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&one, + sizeof(one)) < 0){ + perror("setsockopt"); + exit(1); + } +#endif + memset(&sa, 0, sizeof(sa)); + sa.sin_family = AF_INET; + sa.sin_port = port; + sa.sin_addr.s_addr = INADDR_ANY; + if(bind(s, (struct sockaddr*)&sa, sizeof(sa)) < 0){ + perror("bind"); + exit(1); + } + if(listen(s, SOMAXCONN) < 0){ + perror("listen"); + exit(1); + } + s2 = accept(s, NULL, 0); + if(s2 < 0){ + perror("accept"); + exit(1); + } + close(s); + dup2(s2, STDIN_FILENO); + dup2(s2, STDOUT_FILENO); + /* dup2(s2, STDERR_FILENO); */ + close(s2); +} diff --git a/crypto/kerberosIV/lib/roken/mkstemp.c b/crypto/kerberosIV/lib/roken/mkstemp.c new file mode 100644 index 0000000..e55398a --- /dev/null +++ b/crypto/kerberosIV/lib/roken/mkstemp.c @@ -0,0 +1,89 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <string.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#include <errno.h> + +RCSID("$Id: mkstemp.c,v 1.2 1997/05/25 02:36:43 joda Exp $"); + +#ifndef HAVE_MKSTEMP + +int +mkstemp(char *template) +{ + int start, i; + pid_t val; + val = getpid(); + start = strlen(template) - 1; + while(template[start] == 'X') { + template[start] = '0' + val % 10; + val /= 10; + start--; + } + + do{ + int fd; + fd = open(template, O_RDWR | O_CREAT | O_EXCL, 0600); + if(fd >= 0 || errno != EEXIST) + return fd; + i = start + 1; + do{ + if(template[i] == 0) + return -1; + template[i]++; + if(template[i] == '9' + 1) + template[i] = 'a'; + if(template[i] <= 'z') + break; + template[i] = 'a'; + i++; + }while(1); + }while(1); +} + +#endif diff --git a/crypto/kerberosIV/lib/roken/putenv.c b/crypto/kerberosIV/lib/roken/putenv.c new file mode 100644 index 0000000..20d5a10 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/putenv.c @@ -0,0 +1,81 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: putenv.c,v 1.5 1997/04/01 08:19:06 joda Exp $"); +#endif + +#include <stdlib.h> + +extern char **environ; + +/* + * putenv -- + * String points to a string of the form name=value. + * + * Makes the value of the environment variable name equal to + * value by altering an existing variable or creating a new one. + */ +int putenv(const char *string) +{ + int i; + int len; + + len = string - strchr(string, '=') + 1; + + if(environ == NULL){ + environ = malloc(sizeof(char*)); + if(environ == NULL) + return 1; + environ[0] = NULL; + } + + for(i = 0; environ[i]; i++) + if(strncmp(string, environ[i], len)){ + environ[len] = string; + return 0; + } + environ = realloc(environ, sizeof(char*) * (i + 1)); + if(environ == NULL) + return 1; + environ[i] = string; + environ[i+1] = NULL; + return 0; +} + diff --git a/crypto/kerberosIV/lib/roken/rcmd.c b/crypto/kerberosIV/lib/roken/rcmd.c new file mode 100644 index 0000000..6064d50 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/rcmd.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: rcmd.c,v 1.2 1997/04/01 08:19:06 joda Exp $"); +#endif + +#include "roken.h" +#include <stdio.h> + +int +rcmd(char **ahost, + unsigned short inport, + const char *locuser, + const char *remuser, + const char *cmd, + int *fd2p) +{ + fprintf(stderr, "Only kerberized services are implemented\n"); + return -1; +} diff --git a/crypto/kerberosIV/lib/roken/roken.def b/crypto/kerberosIV/lib/roken/roken.def new file mode 100644 index 0000000..13e3572 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/roken.def @@ -0,0 +1,4 @@ +LIBRARY roken +EXPORTS + gettimeofday + strcasecmp diff --git a/crypto/kerberosIV/lib/roken/roken.h b/crypto/kerberosIV/lib/roken/roken.h new file mode 100644 index 0000000..1204e3e --- /dev/null +++ b/crypto/kerberosIV/lib/roken/roken.h @@ -0,0 +1,338 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: roken.h,v 1.63 1997/05/28 05:38:09 assar Exp $ */ + +#ifndef __ROKEN_H__ +#define __ROKEN_H__ + +#include <stdlib.h> +#include <stdarg.h> +#include <string.h> +#include <signal.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_GRP_H +#include <grp.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif + +#ifdef HAVE_TERMIOS_H +#include <termios.h> +#endif + +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include <sys/ioctl.h> +#endif + +#include "protos.h" + +#if !defined(HAVE_SETSID) && defined(HAVE__SETSID) +#define setsid _setsid +#endif + +#ifndef HAVE_PUTENV +int putenv(const char *string); +#endif + +#ifndef HAVE_SETENV +int setenv(const char *var, const char *val, int rewrite); +#endif + +#ifndef HAVE_UNSETENV +void unsetenv(const char *name); +#endif + +#ifndef HAVE_GETUSERSHELL +char *getusershell(void); +#endif + +#if !defined(__GNUC__) && !defined(__attribute__) +#define __attribute__(x) +#endif + +#ifndef HAVE_SNPRINTF +int snprintf (char *str, size_t sz, const char *format, ...) + __attribute__ ((format (printf, 3, 4))); +#endif + +#ifndef HAVE_VSNPRINTF +int vsnprintf (char *str, size_t sz, const char *format, va_list ap) + __attribute__((format (printf, 3, 0))); +#endif + +#ifndef HAVE_ASPRINTF +int asprintf (char **ret, const char *format, ...) + __attribute__ ((format (printf, 2, 3))); +#endif + +#ifndef HAVE_VASPRINTF +int vasprintf (char **ret, const char *format, va_list ap) + __attribute__((format (printf, 2, 0))); +#endif + +#ifndef HAVE_ASNPRINTF +int asnprintf (char **ret, size_t max_sz, const char *format, ...) + __attribute__ ((format (printf, 3, 4))); +#endif + +#ifndef HAVE_VASNPRINTF +int vasnprintf (char **ret, size_t max_sz, const char *format, va_list ap) + __attribute__((format (printf, 3, 0))); +#endif + +#ifndef HAVE_STRDUP +char * strdup(const char *old); +#endif + +#ifndef HAVE_STRLWR +char * strlwr(char *); +#endif + +#ifndef HAVE_STRNLEN +int strnlen(char*, int); +#endif + +#ifndef HAVE_STRTOK_R +char *strtok_r(char *s1, const char *s2, char **lasts); +#endif + +#ifndef HAVE_STRUPR +char * strupr(char *); +#endif + +#ifndef HAVE_GETDTABLESIZE +int getdtablesize(void); +#endif + +#if IRIX != 4 /* fix for compiler bug */ +#ifdef RETSIGTYPE +typedef RETSIGTYPE (*SigAction)(/* int??? */); +SigAction signal(int iSig, SigAction pAction); /* BSD compatible */ +#endif +#endif + +#ifndef SIG_ERR +#define SIG_ERR ((RETSIGTYPE (*)())-1) +#endif + +#if !defined(HAVE_STRERROR) && !defined(strerror) +char *strerror(int eno); +#endif + +#ifndef HAVE_HSTRERROR +char *hstrerror(int herr); +#endif + +#ifndef HAVE_H_ERRNO_DECLARATION +extern int h_errno; +#endif + +#ifndef HAVE_INET_ATON +/* Minimal implementation of inet_aton. Doesn't handle hex numbers. */ +int inet_aton(const char *cp, struct in_addr *adr); +#endif + +#if !defined(HAVE_GETCWD) +char* getcwd(char *path, size_t size); +#endif + +#ifndef HAVE_GETENT +int getent(char *cp, char *name); +#endif + +#ifdef HAVE_PWD_H +#include <pwd.h> +struct passwd *k_getpwnam (char *user); +struct passwd *k_getpwuid (uid_t uid); +#endif + +#ifndef HAVE_SETEUID +int seteuid(int euid); +#endif + +#ifndef HAVE_SETEGID +int setegid(int egid); +#endif + +#ifndef HAVE_LSTAT +int lstat(const char *path, struct stat *buf); +#endif + +#ifndef HAVE_MKSTEMP +int mkstemp(char *); +#endif + +#ifndef HAVE_INITGROUPS +int initgroups(const char *name, gid_t basegid); +#endif + +#ifndef HAVE_FCHOWN +int fchown(int fd, uid_t owner, gid_t group); +#endif + +#ifndef HAVE_CHOWN +int chown(const char *path, uid_t owner, gid_t group); +#endif + +#ifndef HAVE_RCMD +int rcmd(char **ahost, unsigned short inport, const char *locuser, + const char *remuser, const char *cmd, int *fd2p); +#endif + +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif + +time_t tm2time (struct tm tm, int local); + +int unix_verify_user(char *user, char *password); + +void inaddr2str(struct in_addr addr, char *s, size_t len); + +void mini_inetd (int port); + +#ifndef HAVE_STRUCT_WINSIZE +struct winsize { + unsigned short ws_row, ws_col; + unsigned short ws_xpixel, ws_ypixel; +}; +#endif + +int get_window_size(int fd, struct winsize *); + +#ifndef INADDR_NONE +#define INADDR_NONE 0xffffffff +#endif + +#ifndef SOMAXCONN +#define SOMAXCONN 5 +#endif + +#ifndef STDIN_FILENO +#define STDIN_FILENO 0 +#endif + +#ifndef STDOUT_FILENO +#define STDOUT_FILENO 1 +#endif + +#ifndef STDERR_FILENO +#define STDERR_FILENO 2 +#endif + +#ifndef max +#define max(a,b) (((a)>(b))?(a):(b)) +#endif + +#ifndef min +#define min(a,b) (((a)<(b))?(a):(b)) +#endif + +#ifndef TRUE +#define TRUE 1 +#endif + +#ifndef FALSE +#define FALSE 0 +#endif + +#ifdef HAVE_SYSLOG_H +#include <syslog.h> +/* Misc definitions for old syslogs */ + +#ifndef LOG_DAEMON +#define openlog(id,option,facility) openlog((id),(option)) +#define LOG_DAEMON 0 +#endif +#ifndef LOG_ODELAY +#define LOG_ODELAY 0 +#endif +#ifndef LOG_NDELAY +#define LOG_NDELAY 0x08 +#endif +#ifndef LOG_CONS +#define LOG_CONS 0 +#endif +#ifndef LOG_AUTH +#define LOG_AUTH 0 +#endif +#ifndef LOG_AUTHPRIV +#define LOG_AUTHPRIV LOG_AUTH +#endif +#endif + +#ifndef HAVE_OPTARG_DECLARATION +extern char *optarg; +#endif +#ifndef HAVE_OPTIND_DECLARATION +extern int optind; +#endif +#ifndef HAVE_OPTERR_DECLARATION +extern int opterr; +#endif + +#ifndef HAVE___PROGNAME_DECLARATION +extern const char *__progname; +#endif + +void set_progname(char *argv0); + +#ifdef HAVE_PATHS_H +#include <paths.h> +#endif + +#ifndef _PATH_DEVNULL +#define _PATH_DEVNULL "/dev/null" +#endif + +#endif /* __ROKEN_H__ */ diff --git a/crypto/kerberosIV/lib/roken/roken.mak b/crypto/kerberosIV/lib/roken/roken.mak new file mode 100644 index 0000000..d0c4a6f --- /dev/null +++ b/crypto/kerberosIV/lib/roken/roken.mak @@ -0,0 +1,278 @@ +# Microsoft Developer Studio Generated NMAKE File, Format Version 4.10 +# ** DO NOT EDIT ** + +# TARGTYPE "Win32 (x86) Dynamic-Link Library" 0x0102 + +!IF "$(CFG)" == "" +CFG=roken - Win32 Debug +!MESSAGE No configuration specified. Defaulting to roken - Win32 Debug. +!ENDIF + +!IF "$(CFG)" != "roken - Win32 Release" && "$(CFG)" != "roken - Win32 Debug" +!MESSAGE Invalid configuration "$(CFG)" specified. +!MESSAGE You can specify a configuration when running NMAKE on this makefile +!MESSAGE by defining the macro CFG on the command line. For example: +!MESSAGE +!MESSAGE NMAKE /f "roken.mak" CFG="roken - Win32 Debug" +!MESSAGE +!MESSAGE Possible choices for configuration are: +!MESSAGE +!MESSAGE "roken - Win32 Release" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE "roken - Win32 Debug" (based on "Win32 (x86) Dynamic-Link Library") +!MESSAGE +!ERROR An invalid configuration is specified. +!ENDIF + +!IF "$(OS)" == "Windows_NT" +NULL= +!ELSE +NULL=nul +!ENDIF +################################################################################ +# Begin Project +# PROP Target_Last_Scanned "roken - Win32 Debug" +RSC=rc.exe +MTL=mktyplib.exe +CPP=cl.exe + +!IF "$(CFG)" == "roken - Win32 Release" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 0 +# PROP BASE Output_Dir "Release" +# PROP BASE Intermediate_Dir "Release" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 0 +# PROP Output_Dir "Release" +# PROP Intermediate_Dir "Release" +# PROP Target_Dir "" +OUTDIR=.\Release +INTDIR=.\Release + +ALL : ".\Release\roken.dll" + +CLEAN : + -@erase ".\Release\gettimeofday.obj" + -@erase ".\Release\roken.dll" + -@erase ".\Release\roken.exp" + -@erase ".\Release\roken.lib" + -@erase ".\Release\strcasecmp.obj" + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /YX /c +# ADD CPP /nologo /MT /W3 /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c +CPP_PROJ=/nologo /MT /W3 /GX /O2 /I "..\krb" /I "..\des" /I "..\..\include" /I\ + "..\..\include\win32" /I "." /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D\ + "HAVE_CONFIG_H" /Fp"$(INTDIR)/roken.pch" /YX /Fo"$(INTDIR)/" /c +CPP_OBJS=.\Release/ +CPP_SBRS=.\. +# ADD BASE MTL /nologo /D "NDEBUG" /win32 +# ADD MTL /nologo /D "NDEBUG" /win32 +MTL_PROJ=/nologo /D "NDEBUG" /win32 +# ADD BASE RSC /l 0x409 /d "NDEBUG" +# ADD RSC /l 0x409 /d "NDEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +BSC32_FLAGS=/nologo /o"$(OUTDIR)/roken.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /machine:I386 +LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\ + advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib\ + odbccp32.lib /nologo /subsystem:windows /dll /incremental:no\ + /pdb:"$(OUTDIR)/roken.pdb" /machine:I386 /def:".\roken.def"\ + /out:"$(OUTDIR)/roken.dll" /implib:"$(OUTDIR)/roken.lib" +DEF_FILE= \ + ".\roken.def" +LINK32_OBJS= \ + ".\Release\gettimeofday.obj" \ + ".\Release\strcasecmp.obj" + +".\Release\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + +!ELSEIF "$(CFG)" == "roken - Win32 Debug" + +# PROP BASE Use_MFC 0 +# PROP BASE Use_Debug_Libraries 1 +# PROP BASE Output_Dir "Debug" +# PROP BASE Intermediate_Dir "Debug" +# PROP BASE Target_Dir "" +# PROP Use_MFC 0 +# PROP Use_Debug_Libraries 1 +# PROP Output_Dir "Debug" +# PROP Intermediate_Dir "Debug" +# PROP Target_Dir "" +OUTDIR=.\Debug +INTDIR=.\Debug + +ALL : ".\Debug\roken.dll" + +CLEAN : + -@erase ".\Debug\gettimeofday.obj" + -@erase ".\Debug\roken.dll" + -@erase ".\Debug\roken.exp" + -@erase ".\Debug\roken.ilk" + -@erase ".\Debug\roken.lib" + -@erase ".\Debug\roken.pdb" + -@erase ".\Debug\strcasecmp.obj" + -@erase ".\Debug\vc40.idb" + -@erase ".\Debug\vc40.pdb" + +"$(OUTDIR)" : + if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)" + +# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /YX /c +# ADD CPP /nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "HAVE_CONFIG_H" /YX /c +CPP_PROJ=/nologo /MTd /W3 /Gm /GX /Zi /Od /I "..\krb" /I "..\des" /I\ + "..\..\include" /I "..\..\include\win32" /I "." /D "_DEBUG" /D "WIN32" /D\ + "_WINDOWS" /D "HAVE_CONFIG_H" /Fp"$(INTDIR)/roken.pch" /YX /Fo"$(INTDIR)/"\ + /Fd"$(INTDIR)/" /c +CPP_OBJS=.\Debug/ +CPP_SBRS=.\. +# ADD BASE MTL /nologo /D "_DEBUG" /win32 +# ADD MTL /nologo /D "_DEBUG" /win32 +MTL_PROJ=/nologo /D "_DEBUG" /win32 +# ADD BASE RSC /l 0x409 /d "_DEBUG" +# ADD RSC /l 0x409 /d "_DEBUG" +BSC32=bscmake.exe +# ADD BASE BSC32 /nologo +# ADD BSC32 /nologo +BSC32_FLAGS=/nologo /o"$(OUTDIR)/roken.bsc" +BSC32_SBRS= \ + +LINK32=link.exe +# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 +# ADD LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:windows /dll /debug /machine:I386 +LINK32_FLAGS=kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib\ + advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib\ + odbccp32.lib /nologo /subsystem:windows /dll /incremental:yes\ + /pdb:"$(OUTDIR)/roken.pdb" /debug /machine:I386 /def:".\roken.def"\ + /out:"$(OUTDIR)/roken.dll" /implib:"$(OUTDIR)/roken.lib" +DEF_FILE= \ + ".\roken.def" +LINK32_OBJS= \ + ".\Debug\gettimeofday.obj" \ + ".\Debug\strcasecmp.obj" + +".\Debug\roken.dll" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS) + $(LINK32) @<< + $(LINK32_FLAGS) $(LINK32_OBJS) +<< + +!ENDIF + +.c{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.cpp{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.cxx{$(CPP_OBJS)}.obj: + $(CPP) $(CPP_PROJ) $< + +.c{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +.cpp{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +.cxx{$(CPP_SBRS)}.sbr: + $(CPP) $(CPP_PROJ) $< + +################################################################################ +# Begin Target + +# Name "roken - Win32 Release" +# Name "roken - Win32 Debug" + +!IF "$(CFG)" == "roken - Win32 Release" + +!ELSEIF "$(CFG)" == "roken - Win32 Debug" + +!ENDIF + +################################################################################ +# Begin Source File + +SOURCE=\TEMP\jimpa3\lib\krb\gettimeofday.c +DEP_CPP_GETTI=\ + "..\..\include\protos.h"\ + "..\..\include\sys/bitypes.h"\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + "..\des\des.h"\ + "..\krb\krb.h"\ + "..\krb\krb_locl.h"\ + "..\krb\prot.h"\ + "..\krb\resolve.h"\ + ".\roken.h"\ + {$(INCLUDE)}"\sys\stat.h"\ + {$(INCLUDE)}"\sys\types.h"\ + + +!IF "$(CFG)" == "roken - Win32 Release" + + +".\Release\gettimeofday.obj" : $(SOURCE) $(DEP_CPP_GETTI) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + +!ELSEIF "$(CFG)" == "roken - Win32 Debug" + + +".\Debug\gettimeofday.obj" : $(SOURCE) $(DEP_CPP_GETTI) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\roken.def + +!IF "$(CFG)" == "roken - Win32 Release" + +!ELSEIF "$(CFG)" == "roken - Win32 Debug" + +!ENDIF + +# End Source File +################################################################################ +# Begin Source File + +SOURCE=.\strcasecmp.c +DEP_CPP_STRCA=\ + "..\..\include\sys/cdefs.h"\ + "..\..\include\win32\config.h"\ + {$(INCLUDE)}"\sys\types.h"\ + + +!IF "$(CFG)" == "roken - Win32 Release" + + +".\Release\strcasecmp.obj" : $(SOURCE) $(DEP_CPP_STRCA) "$(INTDIR)" + + +!ELSEIF "$(CFG)" == "roken - Win32 Debug" + + +".\Debug\strcasecmp.obj" : $(SOURCE) $(DEP_CPP_STRCA) "$(INTDIR)" + + +!ENDIF + +# End Source File +# End Target +# End Project +################################################################################ diff --git a/crypto/kerberosIV/lib/roken/setegid.c b/crypto/kerberosIV/lib/roken/setegid.c new file mode 100644 index 0000000..b79bdd5 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/setegid.c @@ -0,0 +1,60 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: setegid.c,v 1.7 1997/04/01 08:19:07 joda Exp $"); +#endif + +#include <unistd.h> + +#include "roken.h" + +int +setegid(int egid) +{ +#ifdef HAVE_SETREGID + return setregid(-1, egid); +#endif + +#ifdef HAVE_SETRESGID + return setresgid(-1, egid, -1); +#endif + + return -1; +} diff --git a/crypto/kerberosIV/lib/roken/setenv.c b/crypto/kerberosIV/lib/roken/setenv.c new file mode 100644 index 0000000..c83591f --- /dev/null +++ b/crypto/kerberosIV/lib/roken/setenv.c @@ -0,0 +1,71 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: setenv.c,v 1.8 1997/05/02 14:29:32 assar Exp $"); +#endif + +#include "roken.h" + +#include <stdlib.h> +#include <string.h> + +/* + * This is the easy way out, use putenv to implement setenv. We might + * leak some memory but that is ok since we are usally about to exec + * anyway. + */ + +int +setenv(const char *var, const char *val, int rewrite) +{ + char *t; + + if (!rewrite && getenv(var) != 0) + return 0; + + asprintf (&t, "%s=%s", var, val); + if (t == NULL) + return -1; + + if (putenv(t) == 0) + return 0; + else + return -1; +} diff --git a/crypto/kerberosIV/lib/roken/seteuid.c b/crypto/kerberosIV/lib/roken/seteuid.c new file mode 100644 index 0000000..b831318 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/seteuid.c @@ -0,0 +1,60 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: seteuid.c,v 1.7 1997/04/01 08:19:08 joda Exp $"); +#endif + +#include <unistd.h> + +#include "roken.h" + +int +seteuid(int euid) +{ +#ifdef HAVE_SETREUID + return setreuid(-1, euid); +#endif + +#ifdef HAVE_SETRESUID + return setresuid(-1, euid, -1); +#endif + + return -1; +} diff --git a/crypto/kerberosIV/lib/roken/signal.c b/crypto/kerberosIV/lib/roken/signal.c new file mode 100644 index 0000000..a39a194 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/signal.c @@ -0,0 +1,86 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: signal.c,v 1.8 1997/04/01 08:19:09 joda Exp $"); +#endif + +#include <signal.h> + +/* + * We would like to always use this signal but there is a link error + * on NEXTSTEP + */ +#ifndef NeXT +/* + * Bugs: + * + * Do we need any extra hacks for SIGCLD and/or SIGCHLD? + */ + +typedef RETSIGTYPE (*SigAction)(/* int??? */); + +SigAction +signal(int iSig, SigAction pAction) +{ + struct sigaction saNew, saOld; + + saNew.sa_handler = pAction; + sigemptyset(&saNew.sa_mask); + saNew.sa_flags = 0; + + if (iSig == SIGALRM) + { +#ifdef SA_INTERRUPT + saNew.sa_flags |= SA_INTERRUPT; +#endif + } + else + { +#ifdef SA_RESTART + saNew.sa_flags |= SA_RESTART; +#endif + } + + if (sigaction(iSig, &saNew, &saOld) < 0) + return(SIG_ERR); + + return(saOld.sa_handler); +} +#endif diff --git a/crypto/kerberosIV/lib/roken/snprintf.c b/crypto/kerberosIV/lib/roken/snprintf.c new file mode 100644 index 0000000..b0757e5 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/snprintf.c @@ -0,0 +1,520 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: snprintf.c,v 1.13 1997/05/25 02:00:31 assar Exp $"); +#endif +#include <stdio.h> +#include <stdarg.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include <roken.h> + +/* + * Common state + */ + +struct state { + char *str; + char *s; + char *theend; + size_t sz; + size_t max_sz; + int (*append_char)(struct state *, char); + int (*reserve)(struct state *, size_t); + /* XXX - methods */ +}; + +static int +sn_reserve (struct state *state, size_t n) +{ + return state->s + n > state->theend; +} + +static int +sn_append_char (struct state *state, char c) +{ + if (sn_reserve (state, 1)) { + *state->s++ = '\0'; + return 1; + } else { + *state->s++ = c; + return 0; + } +} + +static int +as_reserve (struct state *state, size_t n) +{ + while (state->s + n > state->theend) { + int off = state->s - state->str; + char *tmp; + + if (state->max_sz && state->sz >= state->max_sz) + return 1; + + if (state->max_sz) + state->sz = min(state->max_sz, state->sz*2); + else + state->sz *= 2; + tmp = realloc (state->str, state->sz); + if (tmp == NULL) + return 1; + state->str = tmp; + state->s = state->str + off; + state->theend = state->str + state->sz - 1; + } + return 0; +} + +static int +as_append_char (struct state *state, char c) +{ + if(as_reserve (state, 1)) + return 1; + else { + *state->s++ = c; + return 0; + } +} + +static int +append_number (struct state *state, + unsigned long num, unsigned base, char *rep, + int width, int zerop, int minusp) +{ + int i, len; + + len = 0; + if (num == 0) { + ++len; + if((*state->append_char) (state, '0')) + return 1; + } + while (num > 0) { + ++len; + if ((*state->append_char) (state, rep[num % base])) + return 1; + num /= base; + } + if (minusp) { + ++len; + if ((*state->append_char) (state, '-')) + return 1; + } + + for (i = 0; i < len / 2; ++i) { + char c; + + c = state->s[-i-1]; + state->s[-i-1] = state->s[-len+i]; + state->s[-len+i] = c; + } + + if (width > len) { + if ((*state->reserve) (state, width - len)) + return 1; + +#ifdef HAVE_MEMMOVE + memmove (state->s + width - 2 * len, state->s - len, len); +#else + bcopy (state->s - len, state->s + width - 2 * len, len); +#endif + for (i = 0; i < width - len; ++i) + state->s[-len+i] = (zerop ? '0' : ' '); + state->s += width - len; + + } + return 0; +} + +static int +append_string (struct state *state, + char *arg, + int prec) +{ + if (prec) { + while (*arg && prec--) + if ((*state->append_char) (state, *arg++)) + return 1; + } else { + while (*arg) + if ((*state->append_char) (state, *arg++)) + return 1; + } + return 0; +} + +/* + * This can't be made into a function... + */ + +#define PARSE_INT_FORMAT(res, arg, unsig) \ +if (long_flag) \ + res = va_arg(arg, unsig long); \ +else if (short_flag) \ + res = va_arg(arg, unsig short); \ +else \ + res = va_arg(arg, unsig int) + +/* + * zyxprintf - return 0 or -1 + */ + +static int +xyzprintf (struct state *state, const char *format, va_list ap) +{ + char c; + + while((c = *format++)) { + if (c == '%') { + int zerop = 0; + int width = 0; + int prec = 0; + int long_flag = 0; + int short_flag = 0; + + c = *format++; + + /* flags */ + if (c == '0') { + zerop = 1; + c = *format++; + } + + /* width */ + if (isdigit(c)) + do { + width = width * 10 + c - '0'; + c = *format++; + } while(isdigit(c)); + else if(c == '*') { + width = va_arg(ap, int); + c = *format++; + } + + /* precision */ + if (c == '.') { + c = *format++; + if (isdigit(c)) + do { + prec = prec * 10 + c - '0'; + c = *format++; + } while(isdigit(c)); + else if (c == '*') { + prec = va_arg(ap, int); + c = *format++; + } + } + + /* size */ + + if (c == 'h') { + short_flag = 1; + c = *format++; + } else if (c == 'l') { + long_flag = 1; + c = *format++; + } + + switch (c) { + case 'c' : + if ((*state->append_char)(state, (unsigned char)va_arg(ap, int))) + return -1; + break; + case 's' : + if (append_string(state, + va_arg(ap, char*), + prec)) + return -1; + break; + case 'd' : + case 'i' : { + long arg; + unsigned long num; + int minusp = 0; + + PARSE_INT_FORMAT(arg, ap, ); + + if (arg < 0) { + minusp = 1; + num = -arg; + } else + num = arg; + + if (append_number (state, num, 10, "0123456789", + width, zerop, minusp)) + return -1; + break; + } + case 'u' : { + unsigned long arg; + + PARSE_INT_FORMAT(arg, ap, unsigned); + + if (append_number (state, arg, 10, "0123456789", + width, zerop, 0)) + return -1; + break; + } + case 'o' : { + unsigned long arg; + + PARSE_INT_FORMAT(arg, ap, unsigned); + + if (append_number (state, arg, 010, "01234567", + width, zerop, 0)) + return -1; + break; + } + case 'x' : { + unsigned long arg; + + PARSE_INT_FORMAT(arg, ap, unsigned); + + if (append_number (state, arg, 0x10, "0123456789abcdef", + width, zerop, 0)) + return -1; + break; + } + case 'X' :{ + unsigned long arg; + + PARSE_INT_FORMAT(arg, ap, unsigned); + + if (append_number (state, arg, 0x10, "0123456789ABCDEF", + width, zerop, 0)) + return -1; + break; + } + case 'p' : { + unsigned long arg = (unsigned long)va_arg(ap, void*); + + if (append_number (state, arg, 0x10, "0123456789ABCDEF", + width, zerop, 0)) + return -1; + break; + } + case '%' : + if ((*state->append_char)(state, c)) + return -1; + break; + default : + if ( (*state->append_char)(state, '%') + || (*state->append_char)(state, c)) + return -1; + break; + } + } else + if ((*state->append_char) (state, c)) + return -1; + } + return 0; +} + +#ifndef HAVE_SNPRINTF +int +snprintf (char *str, size_t sz, const char *format, ...) +{ + va_list args; + int ret; + + va_start(args, format); + ret = vsnprintf (str, sz, format, args); + +#ifdef PARANOIA + { + int ret2; + char *tmp; + + tmp = malloc (sz); + if (tmp == NULL) + abort (); + + ret2 = vsprintf (tmp, format, args); + if (ret != ret2 || strcmp(str, tmp)) + abort (); + free (tmp); + } +#endif + + va_end(args); + return ret; +} +#endif + +#ifndef HAVE_ASPRINTF +int +asprintf (char **ret, const char *format, ...) +{ + va_list args; + int val; + + va_start(args, format); + val = vasprintf (ret, format, args); + +#ifdef PARANOIA + { + int ret2; + char *tmp; + tmp = malloc (val + 1); + if (tmp == NULL) + abort (); + + ret2 = vsprintf (tmp, format, args); + if (val != ret2 || strcmp(*ret, tmp)) + abort (); + free (tmp); + } +#endif + + va_end(args); + return val; +} +#endif + +#ifndef HAVE_ASNPRINTF +int +asnprintf (char **ret, size_t max_sz, const char *format, ...) +{ + va_list args; + int val; + + va_start(args, format); + val = vasnprintf (ret, max_sz, format, args); + +#ifdef PARANOIA + { + int ret2; + char *tmp; + tmp = malloc (val + 1); + if (tmp == NULL) + abort (); + + ret2 = vsprintf (tmp, format, args); + if (val != ret2 || strcmp(*ret, tmp)) + abort (); + free (tmp); + } +#endif + + va_end(args); + return val; +} +#endif + +#ifndef HAVE_VASPRINTF +int +vasprintf (char **ret, const char *format, va_list args) +{ + return vasnprintf (ret, 0, format, args); +} +#endif + + +#ifndef HAVE_VASNPRINTF +int +vasnprintf (char **ret, size_t max_sz, const char *format, va_list args) +{ + int st; + size_t len; + struct state state; + + state.max_sz = max_sz; + if (max_sz) + state.sz = min(1, max_sz); + else + state.sz = 1; + state.str = malloc(state.sz); + if (state.str == NULL) { + *ret = NULL; + return -1; + } + state.s = state.str; + state.theend = state.s + state.sz - 1; + state.append_char = as_append_char; + state.reserve = as_reserve; + + st = xyzprintf (&state, format, args); + if (st) { + free (state.str); + *ret = NULL; + return -1; + } else { + char *tmp; + + *state.s = '\0'; + len = state.s - state.str; + tmp = realloc (state.str, len+1); + if (state.str == NULL) { + free (state.str); + *ret = NULL; + return -1; + } + *ret = tmp; + return len; + } +} +#endif + +#ifndef HAVE_VSNPRINTF +int +vsnprintf (char *str, size_t sz, const char *format, va_list args) +{ + struct state state; + int ret; + + state.max_sz = 0; + state.sz = sz; + state.str = str; + state.s = str; + state.theend = str + sz - 1; + state.append_char = sn_append_char; + state.reserve = sn_reserve; + + ret = xyzprintf (&state, format, args); + *state.s = '\0'; + if (ret) + return sz; + else + return state.s - state.str; +} +#endif + diff --git a/crypto/kerberosIV/lib/roken/strcasecmp.c b/crypto/kerberosIV/lib/roken/strcasecmp.c new file mode 100644 index 0000000..a268c29 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strcasecmp.c @@ -0,0 +1,118 @@ +/* + * Copyright (c) 1987, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: strcasecmp.c,v 1.3 1997/04/20 18:04:23 assar Exp $"); +#endif + +#include <string.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#include <sys/cdefs.h> + +#if defined(LIBC_SCCS) && !defined(lint) +static char sccsid[] = "@(#)strcasecmp.c 8.1 (Berkeley) 6/4/93"; +#endif /* LIBC_SCCS and not lint */ + +/* + * This array is designed for mapping upper and lower case letter + * together for a case independent comparison. The mappings are + * based upon ascii character sequences. + */ +static const unsigned char charmap[] = { + '\000', '\001', '\002', '\003', '\004', '\005', '\006', '\007', + '\010', '\011', '\012', '\013', '\014', '\015', '\016', '\017', + '\020', '\021', '\022', '\023', '\024', '\025', '\026', '\027', + '\030', '\031', '\032', '\033', '\034', '\035', '\036', '\037', + '\040', '\041', '\042', '\043', '\044', '\045', '\046', '\047', + '\050', '\051', '\052', '\053', '\054', '\055', '\056', '\057', + '\060', '\061', '\062', '\063', '\064', '\065', '\066', '\067', + '\070', '\071', '\072', '\073', '\074', '\075', '\076', '\077', + '\100', '\141', '\142', '\143', '\144', '\145', '\146', '\147', + '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157', + '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167', + '\170', '\171', '\172', '\133', '\134', '\135', '\136', '\137', + '\140', '\141', '\142', '\143', '\144', '\145', '\146', '\147', + '\150', '\151', '\152', '\153', '\154', '\155', '\156', '\157', + '\160', '\161', '\162', '\163', '\164', '\165', '\166', '\167', + '\170', '\171', '\172', '\173', '\174', '\175', '\176', '\177', + '\200', '\201', '\202', '\203', '\204', '\205', '\206', '\207', + '\210', '\211', '\212', '\213', '\214', '\215', '\216', '\217', + '\220', '\221', '\222', '\223', '\224', '\225', '\226', '\227', + '\230', '\231', '\232', '\233', '\234', '\235', '\236', '\237', + '\240', '\241', '\242', '\243', '\244', '\245', '\246', '\247', + '\250', '\251', '\252', '\253', '\254', '\255', '\256', '\257', + '\260', '\261', '\262', '\263', '\264', '\265', '\266', '\267', + '\270', '\271', '\272', '\273', '\274', '\275', '\276', '\277', + '\300', '\301', '\302', '\303', '\304', '\305', '\306', '\307', + '\310', '\311', '\312', '\313', '\314', '\315', '\316', '\317', + '\320', '\321', '\322', '\323', '\324', '\325', '\326', '\327', + '\330', '\331', '\332', '\333', '\334', '\335', '\336', '\337', + '\340', '\341', '\342', '\343', '\344', '\345', '\346', '\347', + '\350', '\351', '\352', '\353', '\354', '\355', '\356', '\357', + '\360', '\361', '\362', '\363', '\364', '\365', '\366', '\367', + '\370', '\371', '\372', '\373', '\374', '\375', '\376', '\377', +}; + +int +strcasecmp(const char *s1, const char *s2) +{ + const unsigned char *cm = charmap, + *us1 = (const unsigned char *)s1, + *us2 = (const unsigned char *)s2; + + while (cm[*us1] == cm[*us2++]) + if (*us1++ == '\0') + return (0); + return (cm[*us1] - cm[*--us2]); +} + +int +strncasecmp(const char *s1, const char *s2, size_t n) +{ + if (n != 0) { + const unsigned char *cm = charmap, + *us1 = (const unsigned char *)s1, + *us2 = (const unsigned char *)s2; + + do { + if (cm[*us1] != cm[*us2++]) + return (cm[*us1] - cm[*--us2]); + if (*us1++ == '\0') + break; + } while (--n != 0); + } + return (0); +} diff --git a/crypto/kerberosIV/lib/roken/strdup.c b/crypto/kerberosIV/lib/roken/strdup.c new file mode 100644 index 0000000..b16992f --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strdup.c @@ -0,0 +1,55 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: strdup.c,v 1.9 1997/04/01 08:19:10 joda Exp $"); +#endif +#include <stdlib.h> +#include <string.h> + +#ifndef HAVE_STRDUP +char * +strdup(const char *old) +{ + char *t = malloc(strlen(old)+1); + if (t != 0) + strcpy(t, old); + return t; +} +#endif diff --git a/crypto/kerberosIV/lib/roken/strerror.c b/crypto/kerberosIV/lib/roken/strerror.c new file mode 100644 index 0000000..3d7b45c --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strerror.c @@ -0,0 +1,62 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: strerror.c,v 1.8 1997/05/02 14:29:33 assar Exp $"); +#endif + +#include <stdio.h> +#include <string.h> +#include <errno.h> + +extern int sys_nerr; +extern char *sys_errlist[]; + +char* +strerror(int eno) +{ + static char emsg[1024]; + + if(eno < 0 || eno >= sys_nerr) + snprintf(emsg, sizeof(emsg), "Error %d occurred.", eno); + else + strcpy(emsg, sys_errlist[eno]); + + return emsg; +} diff --git a/crypto/kerberosIV/lib/roken/strftime.c b/crypto/kerberosIV/lib/roken/strftime.c new file mode 100644 index 0000000..3473778 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strftime.c @@ -0,0 +1,299 @@ +/* + * Copyright (c) 1989, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the University of + * California, Berkeley and its contributors. + * 4. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif +#include <sys/types.h> +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif +#define TM_YEAR_BASE 1900 /* from <tzfile.h> */ +#include <string.h> + +static char *afmt[] = { + "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", +}; +static char *Afmt[] = { + "Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", + "Saturday", +}; +static char *bfmt[] = { + "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", + "Oct", "Nov", "Dec", +}; +static char *Bfmt[] = { + "January", "February", "March", "April", "May", "June", "July", + "August", "September", "October", "November", "December", +}; + +static size_t gsize; +static char *pt; + +static int _add (char *); +static int _conv (int, int, int); +#ifdef HAVE_MKTIME +static int _secs (const struct tm *); +#endif /* HAVE_MKTIME */ +static size_t _fmt (const char *, const struct tm *); + +size_t +strftime(char *s, size_t maxsize, const char *format, const struct tm *t) +{ + + pt = s; + if ((gsize = maxsize) < 1) + return(0); + if (_fmt(format, t)) { + *pt = '\0'; + return(maxsize - gsize); + } + return(0); +} + +static size_t +_fmt(const char *format, const struct tm *t) +{ + for (; *format; ++format) { + if (*format == '%') + switch(*++format) { + case '\0': + --format; + break; + case 'A': + if (t->tm_wday < 0 || t->tm_wday > 6) + return(0); + if (!_add(Afmt[t->tm_wday])) + return(0); + continue; + case 'a': + if (t->tm_wday < 0 || t->tm_wday > 6) + return(0); + if (!_add(afmt[t->tm_wday])) + return(0); + continue; + case 'B': + if (t->tm_mon < 0 || t->tm_mon > 11) + return(0); + if (!_add(Bfmt[t->tm_mon])) + return(0); + continue; + case 'b': + case 'h': + if (t->tm_mon < 0 || t->tm_mon > 11) + return(0); + if (!_add(bfmt[t->tm_mon])) + return(0); + continue; + case 'C': + if (!_fmt("%a %b %e %H:%M:%S %Y", t)) + return(0); + continue; + case 'c': + if (!_fmt("%m/%d/%y %H:%M:%S", t)) + return(0); + continue; + case 'D': + if (!_fmt("%m/%d/%y", t)) + return(0); + continue; + case 'd': + if (!_conv(t->tm_mday, 2, '0')) + return(0); + continue; + case 'e': + if (!_conv(t->tm_mday, 2, ' ')) + return(0); + continue; + case 'H': + if (!_conv(t->tm_hour, 2, '0')) + return(0); + continue; + case 'I': + if (!_conv(t->tm_hour % 12 ? + t->tm_hour % 12 : 12, 2, '0')) + return(0); + continue; + case 'j': + if (!_conv(t->tm_yday + 1, 3, '0')) + return(0); + continue; + case 'k': + if (!_conv(t->tm_hour, 2, ' ')) + return(0); + continue; + case 'l': + if (!_conv(t->tm_hour % 12 ? + t->tm_hour % 12 : 12, 2, ' ')) + return(0); + continue; + case 'M': + if (!_conv(t->tm_min, 2, '0')) + return(0); + continue; + case 'm': + if (!_conv(t->tm_mon + 1, 2, '0')) + return(0); + continue; + case 'n': + if (!_add("\n")) + return(0); + continue; + case 'p': + if (!_add(t->tm_hour >= 12 ? "PM" : "AM")) + return(0); + continue; + case 'R': + if (!_fmt("%H:%M", t)) + return(0); + continue; + case 'r': + if (!_fmt("%I:%M:%S %p", t)) + return(0); + continue; + case 'S': + if (!_conv(t->tm_sec, 2, '0')) + return(0); + continue; +#ifdef HAVE_MKTIME + case 's': + if (!_secs(t)) + return(0); + continue; +#endif /* HAVE_MKTIME */ + case 'T': + case 'X': + if (!_fmt("%H:%M:%S", t)) + return(0); + continue; + case 't': + if (!_add("\t")) + return(0); + continue; + case 'U': + if (!_conv((t->tm_yday + 7 - t->tm_wday) / 7, + 2, '0')) + return(0); + continue; + case 'W': + if (!_conv((t->tm_yday + 7 - + (t->tm_wday ? (t->tm_wday - 1) : 6)) + / 7, 2, '0')) + return(0); + continue; + case 'w': + if (!_conv(t->tm_wday, 1, '0')) + return(0); + continue; + case 'x': + if (!_fmt("%m/%d/%y", t)) + return(0); + continue; + case 'y': + if (!_conv((t->tm_year + TM_YEAR_BASE) + % 100, 2, '0')) + return(0); + continue; + case 'Y': + if (!_conv(t->tm_year + TM_YEAR_BASE, 4, '0')) + return(0); + continue; +#ifdef notdef + case 'Z': + if (!t->tm_zone || !_add(t->tm_zone)) + return(0); + continue; +#endif + case '%': + /* + * X311J/88-090 (4.12.3.5): if conversion char is + * undefined, behavior is undefined. Print out the + * character itself as printf(3) does. + */ + default: + break; + } + if (!gsize--) + return(0); + *pt++ = *format; + } + return(gsize); +} + +#ifdef HAVE_MKTIME +static int +_secs(const struct tm *t) +{ + static char buf[15]; + time_t s; + char *p; + struct tm tmp; + + /* Make a copy, mktime(3) modifies the tm struct. */ + tmp = *t; + s = mktime(&tmp); + for (p = buf + sizeof(buf) - 2; s > 0 && p > buf; s /= 10) + *p-- = s % 10 + '0'; + return(_add(++p)); +} +#endif /* HAVE_MKTIME */ + +static int +_conv(int n, int digits, int pad) +{ + static char buf[10]; + char *p; + + for (p = buf + sizeof(buf) - 2; n > 0 && p > buf; n /= 10, --digits) + *p-- = n % 10 + '0'; + while (p > buf && digits-- > 0) + *p-- = pad; + return(_add(++p)); +} + +static int +_add(str) + char *str; +{ + for (;; ++pt, --gsize) { + if (!gsize) + return(0); + if (!(*pt = *str++)) + return(1); + } +} diff --git a/crypto/kerberosIV/lib/roken/strlwr.c b/crypto/kerberosIV/lib/roken/strlwr.c new file mode 100644 index 0000000..0222d8c --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strlwr.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: strlwr.c,v 1.3 1997/04/01 08:19:11 joda Exp $"); +#endif +#include <string.h> +#include <ctype.h> + +#include <roken.h> + +#ifndef HAVE_STRLWR +char * +strlwr(char *str) +{ + char *s; + + for(s = str; *s; s++) + *s = tolower(*s); + return str; +} +#endif diff --git a/crypto/kerberosIV/lib/roken/strnlen.c b/crypto/kerberosIV/lib/roken/strnlen.c new file mode 100644 index 0000000..51588f6 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strnlen.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: strnlen.c,v 1.5 1997/04/01 08:19:11 joda Exp $"); +#endif + +#include "roken.h" + +int +strnlen(char *s, int len) +{ + int i; + for(i = 0; i < len && s[i]; i++) + ; + return i; +} diff --git a/crypto/kerberosIV/lib/roken/strtok_r.c b/crypto/kerberosIV/lib/roken/strtok_r.c new file mode 100644 index 0000000..49164d9 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strtok_r.c @@ -0,0 +1,70 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: strtok_r.c,v 1.4 1997/05/19 03:05:47 assar Exp $"); +#endif + +#include <string.h> + +#include "roken.h" + +#ifndef HAVE_STRTOK_R + +char * +strtok_r(char *s1, const char *s2, char **lasts) +{ + char *ret; + + if (s1 == NULL) + s1 = *lasts; + while(*s1 && strchr(s2, *s1)) + ++s1; + if(*s1 == '\0') + return NULL; + ret = s1; + while(*s1 && !strchr(s2, *s1)) + ++s1; + if(*s1) + *s1++ = '\0'; + *lasts = s1; + return ret; +} + +#endif /* HAVE_STRTOK_R */ diff --git a/crypto/kerberosIV/lib/roken/strupr.c b/crypto/kerberosIV/lib/roken/strupr.c new file mode 100644 index 0000000..c5674f7 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/strupr.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: strupr.c,v 1.3 1997/04/01 08:19:13 joda Exp $"); +#endif +#include <string.h> +#include <ctype.h> + +#include <roken.h> + +#ifndef HAVE_STRUPR +char * +strupr(char *str) +{ + char *s; + + for(s = str; *s; s++) + *s = toupper(*s); + return str; +} +#endif diff --git a/crypto/kerberosIV/lib/roken/tm2time.c b/crypto/kerberosIV/lib/roken/tm2time.c new file mode 100644 index 0000000..f4423ff --- /dev/null +++ b/crypto/kerberosIV/lib/roken/tm2time.c @@ -0,0 +1,66 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: tm2time.c,v 1.6 1997/04/20 05:51:30 assar Exp $"); +#endif + +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif +#include "roken.h" + +time_t +tm2time (struct tm tm, int local) +{ + time_t t; + + tm.tm_isdst = -1; + + t = mktime (&tm); + + if (!local) + t += t - mktime (gmtime (&t)); + return t; +} diff --git a/crypto/kerberosIV/lib/roken/unsetenv.c b/crypto/kerberosIV/lib/roken/unsetenv.c new file mode 100644 index 0000000..67fb750 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/unsetenv.c @@ -0,0 +1,75 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: unsetenv.c,v 1.6 1997/04/01 08:19:14 joda Exp $"); +#endif + +#include <stdlib.h> +#include <string.h> + +#include "roken.h" + +extern char **environ; + +/* + * unsetenv -- + */ +void +unsetenv(const char *name) +{ + int len; + const char *np; + char **p; + + if (name == 0 || environ == 0) + return; + + for (np = name; *np && *np != '='; np++) + /* nop */; + len = np - name; + + for (p = environ; *p != 0; p++) + if (strncmp(*p, name, len) == 0 && (*p)[len] == '=') + break; + + for (; *p != 0; p++) + *p = *(p + 1); +} + diff --git a/crypto/kerberosIV/lib/roken/verify.c b/crypto/kerberosIV/lib/roken/verify.c new file mode 100644 index 0000000..65eafcc --- /dev/null +++ b/crypto/kerberosIV/lib/roken/verify.c @@ -0,0 +1,67 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: verify.c,v 1.12 1997/04/01 08:19:15 joda Exp $"); +#endif + +#include <stdio.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_CRYPT_H +#include <crypt.h> +#endif +#include "roken.h" + +int +unix_verify_user(char *user, char *password) +{ + struct passwd *pw; + + pw = k_getpwnam(user); + if(pw == NULL) + return -1; + if(strlen(pw->pw_passwd) == 0 && strlen(password) == 0) + return 0; + if(strcmp(crypt(password, pw->pw_passwd), pw->pw_passwd) == 0) + return 0; + return -1; +} + diff --git a/crypto/kerberosIV/lib/roken/verr.c b/crypto/kerberosIV/lib/roken/verr.c new file mode 100644 index 0000000..f5d8f25 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/verr.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: verr.c,v 1.6 1997/03/30 08:05:38 joda Exp $"); +#endif + +#include "err.h" + +void +verr(int eval, const char *fmt, va_list ap) +{ + warnerr(1, eval, 1, fmt, ap); +} diff --git a/crypto/kerberosIV/lib/roken/verrx.c b/crypto/kerberosIV/lib/roken/verrx.c new file mode 100644 index 0000000..bc25aa0 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/verrx.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: verrx.c,v 1.6 1997/03/30 08:05:39 joda Exp $"); +#endif + +#include "err.h" + +void +verrx(int eval, const char *fmt, va_list ap) +{ + warnerr(1, eval, 0, fmt, ap); +} diff --git a/crypto/kerberosIV/lib/roken/vwarn.c b/crypto/kerberosIV/lib/roken/vwarn.c new file mode 100644 index 0000000..144dd08 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/vwarn.c @@ -0,0 +1,50 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: vwarn.c,v 1.6 1997/03/30 08:05:39 joda Exp $"); +#endif + +#include "err.h" + +void +vwarn(const char *fmt, va_list ap) +{ + warnerr(0, 0, 1, fmt, ap); +} diff --git a/crypto/kerberosIV/lib/roken/vwarnx.c b/crypto/kerberosIV/lib/roken/vwarnx.c new file mode 100644 index 0000000..540c2a6 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/vwarnx.c @@ -0,0 +1,51 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: vwarnx.c,v 1.6 1997/03/30 08:05:40 joda Exp $"); +#endif + +#include "err.h" + +void +vwarnx(const char *fmt, va_list ap) +{ + warnerr(0, 0, 0, fmt, ap); +} + diff --git a/crypto/kerberosIV/lib/roken/warn.c b/crypto/kerberosIV/lib/roken/warn.c new file mode 100644 index 0000000..5af5d8d --- /dev/null +++ b/crypto/kerberosIV/lib/roken/warn.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: warn.c,v 1.5 1997/03/30 08:05:40 joda Exp $"); +#endif + +#include "err.h" + +void +warn(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + vwarn(fmt, ap); + va_end(ap); +} diff --git a/crypto/kerberosIV/lib/roken/warnerr.c b/crypto/kerberosIV/lib/roken/warnerr.c new file mode 100644 index 0000000..61fa26a --- /dev/null +++ b/crypto/kerberosIV/lib/roken/warnerr.c @@ -0,0 +1,86 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: warnerr.c,v 1.6 1997/04/02 14:59:54 bg Exp $"); +#endif + +#include "roken.h" +#include "err.h" + +#ifndef HAVE___PROGNAME +const char *__progname; +#endif + +void +set_progname(char *argv0) +{ +#ifndef HAVE___PROGNAME + char *p; + if(argv0 == NULL) + return; + p = strrchr(argv0, '/'); + if(p == NULL) + p = argv0; + else + p++; + __progname = p; +#endif +} + +void +warnerr(int doexit, int eval, int doerrno, const char *fmt, va_list ap) +{ + int sverrno = errno; + if(__progname != NULL){ + fprintf(stderr, "%s", __progname); + if(fmt != NULL || doerrno) + fprintf(stderr, ": "); + } + if (fmt != NULL){ + vfprintf(stderr, fmt, ap); + if(doerrno) + fprintf(stderr, ": "); + } + if(doerrno) + fprintf(stderr, "%s", strerror(sverrno)); + fprintf(stderr, "\n"); + if(doexit) + exit(eval); +} diff --git a/crypto/kerberosIV/lib/roken/warnx.c b/crypto/kerberosIV/lib/roken/warnx.c new file mode 100644 index 0000000..bf7b076 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/warnx.c @@ -0,0 +1,53 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: warnx.c,v 1.5 1997/03/30 08:05:41 joda Exp $"); +#endif + +#include "err.h" + +void +warnx(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + vwarnx(fmt, ap); + va_end(ap); +} diff --git a/crypto/kerberosIV/lib/roken/xdbm.h b/crypto/kerberosIV/lib/roken/xdbm.h new file mode 100644 index 0000000..c3e4781 --- /dev/null +++ b/crypto/kerberosIV/lib/roken/xdbm.h @@ -0,0 +1,75 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: xdbm.h,v 1.2 1997/04/01 08:19:16 joda Exp $ */ + +/* Generic *dbm include file */ + +#ifndef __XDBM_H__ +#define __XDBM_H__ + +#ifdef HAVE_NDBM_H +#include <ndbm.h> +#elif defined(HAVE_DBM_H) +#include <dbm.h> +#elif defined(HAVE_RPCSVC_DBM_H) +#include <rpcsvc/dbm.h> +#endif + +/* Macros to convert ndbm names to dbm names. + * Note that dbm_nextkey() cannot be simply converted using a macro, since + * it is invoked giving the database, and nextkey() needs the previous key. + * + * Instead, all routines call "dbm_next" instead. + */ + +#ifndef NDBM +typedef char DBM; + +#define dbm_open(file, flags, mode) ((dbminit(file) == 0)?"":((char *)0)) +#define dbm_fetch(db, key) fetch(key) +#define dbm_store(db, key, content, flag) store(key, content) +#define dbm_delete(db, key) delete(key) +#define dbm_firstkey(db) firstkey() +#define dbm_next(db,key) nextkey(key) +#define dbm_close(db) dbmclose() +#else +#define dbm_next(db,key) dbm_nextkey(db) +#endif + +#endif /* __XDBM_H__ */ diff --git a/crypto/kerberosIV/lib/sl/Makefile.in b/crypto/kerberosIV/lib/sl/Makefile.in new file mode 100644 index 0000000..b89799b --- /dev/null +++ b/crypto/kerberosIV/lib/sl/Makefile.in @@ -0,0 +1,84 @@ +# +# $Id: Makefile.in,v 1.8 1997/05/06 03:47:56 assar Exp $ +# + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ + +PICFLAGS = @PICFLAGS@ + +LIBNAME = $(LIBPREFIX)sl +LIBEXT = @LIBEXT@ +SHLIBEXT = @SHLIBEXT@ +LIBPREFIX = @LIBPREFIX@ +LDSHARED = @LDSHARED@ +LIB = $(LIBNAME).$(LIBEXT) +PROGS = + +LIB_SOURCES = sl.c + +SOURCES = $(LIB_SOURCES) + +LIB_OBJECTS = sl.o + +OBJECTS = $(LIB_OBJECTS) + +all: $(LIB) $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../../include -I$(srcdir) -I$(srcdir)/../des $(CFLAGS) $(PICFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libdir) + $(INSTALL_DATA) -m 0555 $(LIB) $(libdir) + +uninstall: + rm -f $(libdir)/$(LIB) + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f $(LIB) $(PROGS) *.o *.a + +mostlyclean: clean + +distclean: clean + rm -f Makefile *~ + +realclean: distclean + rm -f TAGS + +$(LIBNAME).a: $(LIB_OBJECTS) + rm -f $@ + $(AR) cr $@ $(LIB_OBJECTS) + -$(RANLIB) $@ + +$(LIBNAME).$(SHLIBEXT): $(LIB_OBJECTS) + rm -f $@ + $(LDSHARED) -o $@ $(LIB_OBJECTS) + +$(OBJECTS): ../../include/config.h + +.PHONY: all install uninstall check clean mostlyclean distclean realclean diff --git a/crypto/kerberosIV/lib/sl/sl.c b/crypto/kerberosIV/lib/sl/sl.c new file mode 100644 index 0000000..adf71f5 --- /dev/null +++ b/crypto/kerberosIV/lib/sl/sl.c @@ -0,0 +1,190 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: sl.c,v 1.12 1997/06/01 03:15:07 assar Exp $"); +#endif + +#include "sl_locl.h" + +static SL_cmd * +sl_match (SL_cmd *cmds, char *cmd, int exactp) +{ + SL_cmd *c, *current = NULL, *partial_cmd = NULL; + int partial_match = 0; + + for (c = cmds; c->name; ++c) { + if (c->func) + current = c; + if (strcmp (cmd, c->name) == 0) + return current; + else if (strncmp (cmd, c->name, strlen(cmd)) == 0 && + partial_cmd != current) { + ++partial_match; + partial_cmd = current; + } + } + if (partial_match == 1 && !exactp) + return partial_cmd; + else + return NULL; +} + +void +sl_help (SL_cmd *cmds, int argc, char **argv) +{ + SL_cmd *c, *prev_c; + + if (argc == 1) { + prev_c = NULL; + for (c = cmds; c->name; ++c) { + if (c->func) { + if(prev_c) + printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "", + prev_c->usage ? "\n" : ""); + prev_c = c; + printf ("%s", c->name); + } else + printf (", %s", c->name); + } + if(prev_c) + printf ("\n\t%s%s", prev_c->usage ? prev_c->usage : "", + prev_c->usage ? "\n" : ""); + } else { + c = sl_match (cmds, argv[1], 0); + if (c == NULL) + printf ("No such command: %s. Try \"help\" for a list of all commands\n", + argv[1]); + else { + printf ("%s\t%s", c->name, c->usage); + if((++c)->name && c->func == NULL) { + printf ("\nSynonyms:"); + while (c->name && c->func == NULL) + printf ("\t%s", (c++)->name); + } + printf ("\n"); + } + } +} + +#ifdef HAVE_READLINE + +char *readline(char *prompt); +void add_history(char *p); + +#else + +static char * +readline(char *prompt) +{ + char buf[BUFSIZ]; + printf ("%s", prompt); + fflush (stdout); + if(fgets(buf, sizeof(buf), stdin) == NULL) + return NULL; + if (buf[strlen(buf) - 1] == '\n') + buf[strlen(buf) - 1] = '\0'; + return strdup(buf); +} + +static void +add_history(char *p) +{ +} + +#endif + +int +sl_loop (SL_cmd *cmds, char *prompt) +{ + unsigned max_count; + char **ptr; + + max_count = 17; + ptr = malloc(max_count * sizeof(*ptr)); + if (ptr == NULL) { + printf ("sl_loop: failed to allocate %u bytes of memory\n", + (int) max_count * sizeof(*ptr)); + return -1; + } + + for (;;) { + char *buf; + unsigned count; + SL_cmd *c; + + buf = readline(prompt); + if(buf == NULL) + break; + + if(*buf) + add_history(buf); + count = 0; + { + char *foo = NULL; + char *p; + + for(p = strtok_r (buf, " \t", &foo); + p; + p = strtok_r (NULL, " \t", &foo)) { + if(count == max_count) { + max_count *= 2; + ptr = realloc (ptr, max_count * sizeof(*ptr)); + if (ptr == NULL) { + printf ("sl_loop: failed to allocate %u " + "bytes of memory\n", + (unsigned) max_count * sizeof(*ptr)); + return -1; + } + } + ptr[count++] = p; + } + } + if (count > 0) { + c = sl_match (cmds, ptr[0], 0); + if (c) + (*c->func)(count, ptr); + else + printf ("Unrecognized command: %s\n", ptr[0]); + } + free(buf); + } + free (ptr); + return 0; +} diff --git a/crypto/kerberosIV/lib/sl/sl.h b/crypto/kerberosIV/lib/sl/sl.h new file mode 100644 index 0000000..158e590 --- /dev/null +++ b/crypto/kerberosIV/lib/sl/sl.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: sl.h,v 1.2 1997/04/01 08:19:18 joda Exp $ */ + +#ifndef _SL_H +#define _SL_H + +typedef void (*cmd_func)(int, char **); + +struct sl_cmd { + char *name; + cmd_func func; + char *usage; + char *help; +}; + +typedef struct sl_cmd SL_cmd; + +void sl_help (SL_cmd *, int argc, char **argv); +int sl_loop (SL_cmd *, char *prompt); + +#endif /* _SL_H */ diff --git a/crypto/kerberosIV/lib/sl/sl_locl.h b/crypto/kerberosIV/lib/sl/sl_locl.h new file mode 100644 index 0000000..ddf25bb --- /dev/null +++ b/crypto/kerberosIV/lib/sl/sl_locl.h @@ -0,0 +1,48 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: sl_locl.h,v 1.3 1997/04/01 08:19:18 joda Exp $ */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include <roken.h> +#include <protos.h> + +#include <sl.h> diff --git a/crypto/kerberosIV/man/Makefile.in b/crypto/kerberosIV/man/Makefile.in new file mode 100644 index 0000000..a1b6e74 --- /dev/null +++ b/crypto/kerberosIV/man/Makefile.in @@ -0,0 +1,95 @@ +# Makefile.in,v 1.2 1994/05/13 05:02:46 assar Exp + +srcdir = @srcdir@ +VPATH = @srcdir@ + +SHELL = /bin/sh + +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +mandir = @mandir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +MANRX = .*\.\([0-9]\) +CATRX = \(.*\)\.cat\([0-9]\) +CATSUFFIX=@CATSUFFIX@ + +MAN1 = afslog.1 kauth.1 ftp.1 kdestroy.1 kinit.1 kpasswd.1 \ + login.1 rlogin.1 su.1 kerberos.1 klist.1 ksrvtgt.1 pagsh.1 \ + rcp.1 rsh.1 telnet.1 kx.1 rxterm.1 rxtelnet.1 tenletxr.1 \ + des.1 movemail.1 \ + otp.1 otpprint.1 + +CAT1 = afslog.cat1 kauth.cat1 ftp.cat1 login.cat1 \ + pagsh.cat1 rcp.cat1 rlogin.cat1 rsh.cat1 su.cat1 telnet.cat1 kx.cat1 \ + rxterm.cat1 rxtelnet.cat1 tenletxr.cat1 movemail.cat1 \ + otp.cat1 otpprint.cat1 + +MAN3 = acl_check.3 kafs.3 kerberos.3 krb_set_tkt_string.3 des_crypt.3 \ + krb_realmofhost.3 kuserok.3 getusershell.3 krb_sendauth.3 \ + tf_util.3 + +CAT3 = getusershell.cat3 kafs.cat3 + +MAN5 = krb.conf.5 krb.realms.5 krb.equiv.5 login.access.5 ftpusers.5 + +CAT5 = login.access.cat5 krb.equiv.cat5 ftpusers.cat5 + +MAN8 = ext_srvtab.8 kdb_destroy.8 kdb_util.8 ksrvutil.8 telnetd.8 rlogind.8 \ + kadmin.8 kdb_edit.8 kstash.8 kadmind.8 kdb_init.8 rshd.8 kauthd.8 \ + popper.8 kxd.8 kerberos.8 + +CAT8 = ftpd.cat8 rshd.cat8 telnetd.cat8 ksrvutil.cat8 rlogind.cat8 \ + kauthd.cat8 kprop.cat8 kpropd.cat8 kxd.cat8 kerberos.cat8 + +all: + +cat: $(CAT1) $(CAT3) $(CAT5) $(CAT8) + +%.cat1: %.1 + `grog -Tascii $<` > $@ +%.cat3: %.3 + `grog -Tascii $<` > $@ +%.cat5: %.5 + `grog -Tascii $<` > $@ +%.cat8: %.8 + `grog -Tascii $<` > $@ + + +Wall: + +install: all + for x in man1 man3 man5 man8 cat1 cat3 cat5 cat8; do \ + $(MKINSTALLDIRS) $(mandir)/$$x; done + (cd $(srcdir); \ + for x in $(MAN1) $(MAN3) $(MAN5) $(MAN8); do \ + s=`echo $$x | sed 's!$(MANRX)!\1!'` ; \ + $(INSTALL_DATA) $$x $(mandir)/man$$s; done ;\ + for x in $(CAT1) $(CAT3) $(CAT5) $(CAT8); do \ + s=`echo $$x | sed 's!$(CATRX)!\2!'`; \ + b=`echo $$x | sed 's!$(CATRX)!\1!'`; \ + $(INSTALL_DATA) $$x $(mandir)/cat$$s/$$b.$(CATSUFFIX);\ + done ) + +uninstall: + for x in $(MAN1) $(MAN3) $(MAN5) $(MAN8); do \ + s=`echo $$x | sed 's!$(MANRX)!\1!'` ; \ + rm -f $(mandir)/man$$s/$$x; done + for x in $(CAT1) $(CAT3) $(CAT5) $(CAT8); do \ + s=`echo $$x | sed 's!$(CATRX)!\2!'`; \ + b=`echo $$x | sed 's!$(CATRX)!\1!'`; \ + rm -f $(mandir)/cat$$s/$$b.$(CATSUFFIX); done + +clean: + +mostlyclean: clean + +distclean: + rm -f Makefile *~ + +realclean: + diff --git a/crypto/kerberosIV/man/acl_check.3 b/crypto/kerberosIV/man/acl_check.3 new file mode 100644 index 0000000..53bb7c8 --- /dev/null +++ b/crypto/kerberosIV/man/acl_check.3 @@ -0,0 +1,182 @@ +.\" $Id: acl_check.3,v 1.2 1996/06/12 21:29:08 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH ACL_CHECK 3 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +acl_canonicalize_principal, acl_check, acl_exact_match, acl_add, +acl_delete, acl_initialize \- Access control list routines +.SH SYNOPSIS +.nf +.nj +.ft B +cc <files> \-lacl \-lkrb +.PP +.ft B +#include <krb.h> +.PP +.ft B +acl_canonicalize_principal(principal, buf) +char *principal; +char *buf; +.PP +.ft B +acl_check(acl, principal) +char *acl; +char *principal; +.PP +.ft B +acl_exact_match(acl, principal) +char *acl; +char *principal; +.PP +.ft B +acl_add(acl, principal) +char *acl; +char *principal; +.PP +.ft B +acl_delete(acl, principal) +char *acl; +char *principal; +.PP +.ft B +acl_initialize(acl_file, mode) +char *acl_file; +int mode; +.fi +.ft R +.SH DESCRIPTION +.SS Introduction +.PP +An access control list (ACL) is a list of principals, where each +principal is represented by a text string which cannot contain +whitespace. The library allows application programs to refer to named +access control lists to test membership and to atomically add and +delete principals using a natural and intuitive interface. At +present, the names of access control lists are required to be Unix +filenames, and refer to human-readable Unix files; in the future, when +a networked ACL server is implemented, the names may refer to a +different namespace specific to the ACL service. +.PP +.SS Principal Names +.PP +Principal names have the form +.nf +.in +5n +<name>[.<instance>][@<realm>] +.in -5n +e.g.: +.in +5n +asp +asp.root +asp@ATHENA.MIT.EDU +asp.@ATHENA.MIT.EDU +asp.root@ATHENA.MIT.EDU +.in -5n +.fi +It is possible for principals to be underspecified. If an instance is +missing, it is assumed to be "". If realm is missing, it is assumed +to be the local realm as determined by +.IR krb_get_lrealm (3). +The canonical form contains all of name, instance, +and realm; the acl_add and acl_delete routines will always +leave the file in that form. Note that the canonical form of +asp@ATHENA.MIT.EDU is actually asp.@ATHENA.MIT.EDU. +.SS Routines +.PP +.I acl_canonicalize_principal +stores the canonical form of +.I principal +in +.IR buf . +.I Buf +must contain enough +space to store a principal, given the limits on the sizes of name, +instance, and realm specified as ANAME_SZ, INST_SZ, and REALM_SZ, +respectively, in +.IR /usr/include/krb.h . +.PP +.I acl_check +returns nonzero if +.I principal +appears in +.IR acl . +Returns 0 if principal +does not appear in acl, or if an error occurs. Canonicalizes +principal before checking, and allows the ACL to contain wildcards. The +only supported wildcards are entries of the form +name.*@realm, *.*@realm, and *.*@*. An asterisk matches any value for the +its component field. For example, "jtkohl.*@*" would match principal +jtkohl, with any instance and any realm. +.PP +.I acl_exact_match +performs like +.IR acl_check , +but does no canonicalization or wildcard matching. +.PP +.I acl_add +atomically adds +.I principal +to +.IR acl . +Returns 0 if successful, nonzero otherwise. It is considered a failure +if +.I principal +is already in +.IR acl . +This routine will canonicalize +.IR principal , +but will treat wildcards literally. +.PP +.I acl_delete +atomically deletes +.I principal +from +.IR acl . +Returns 0 if successful, +nonzero otherwise. It is considered a failure if +.I principal +is not +already in +.IR acl . +This routine will canonicalize +.IR principal , +but will treat wildcards literally. +.PP +.I acl_initialize +initializes +.IR acl_file . +If the file +.I acl_file +does not exist, +.I acl_initialize +creates it with mode +.IR mode . +If the file +.I acl_file +exists, +.I acl_initialize +removes all members. Returns 0 if successful, +nonzero otherwise. WARNING: Mode argument is likely to change with +the eventual introduction of an ACL service. +.SH NOTES +In the presence of concurrency, there is a very small chance that +.I acl_add +or +.I acl_delete +could report success even though it would have +had no effect. This is a necessary side effect of using lock files +for concurrency control rather than flock(2), which is not supported +by NFS. +.PP +The current implementation caches ACLs in memory in a hash-table +format for increased efficiency in checking membership; one effect of +the caching scheme is that one file descriptor will be kept open for +each ACL cached, up to a maximum of 8. +.SH SEE ALSO +kerberos(3), krb_get_lrealm(3) +.SH AUTHOR +James Aspnes (MIT Project Athena) diff --git a/crypto/kerberosIV/man/ext_srvtab.8 b/crypto/kerberosIV/man/ext_srvtab.8 new file mode 100644 index 0000000..4f2c120 --- /dev/null +++ b/crypto/kerberosIV/man/ext_srvtab.8 @@ -0,0 +1,62 @@ +.\" $Id: ext_srvtab.8,v 1.3 1997/04/02 21:09:51 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH EXT_SRVTAB 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +ext_srvtab \- extract service key files from Kerberos key distribution center database +.SH SYNOPSIS +ext_srvtab [ +.B \-n +] [ +.B \-r realm +] [ +.B hostname ... +] +.SH DESCRIPTION +.I ext_srvtab +extracts service key files from the Kerberos key distribution center +(KDC) database. +.PP +Upon execution, it prompts the user to enter the master key string for +the database. If the +.B \-n +option is specified, the master key is instead fetched from the master +key cache file. +.PP +For each +.I hostname +specified on the command line, +.I ext_srvtab +creates the service key file +.IR hostname -new-srvtab, +containing all the entries in the database with an instance field of +.I hostname. +This new file contains all the keys registered for Kerberos-mediated +service providing programs which use the +.IR krb_get_phost (3) +principal and instance conventions to run on the host +.IR hostname . +If the +.B \-r +option is specified, the realm fields in the extracted file will +match the given realm rather than the local realm. +.SH DIAGNOSTICS +.TP 20n +"verify_master_key: Invalid master key, does not match database." +The master key string entered was incorrect. +.SH FILES +.TP 20n +.IR hostname -new-srvtab +Service key file generated for +.I hostname +.TP +/var/kerberos/principal.pag, /var/kerberos/principal.dir +DBM files containing database +.TP +/.k +Master key cache file. +.SH SEE ALSO +read_service_key(3), krb_get_phost(3) diff --git a/crypto/kerberosIV/man/getusershell.3 b/crypto/kerberosIV/man/getusershell.3 new file mode 100644 index 0000000..84dc3ad --- /dev/null +++ b/crypto/kerberosIV/man/getusershell.3 @@ -0,0 +1,99 @@ +.\" $NetBSD: getusershell.3,v 1.3 1995/02/27 04:13:24 cgd Exp $ +.\" +.\" Copyright (c) 1985, 1991, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)getusershell.3 8.1 (Berkeley) 6/4/93 +.\" +.Dd June 4, 1993 +.Dt GETUSERSHELL 3 +.Os BSD 4.3 +.Sh NAME +.Nm getusershell , +.Nm setusershell , +.Nm endusershell +.Nd get legal user shells +.Sh SYNOPSIS +.Ft char * +.Fn getusershell void +.Ft void +.Fn setusershell void +.Ft void +.Fn endusershell void +.Sh DESCRIPTION +The +.Fn getusershell +function +returns a pointer to a legal user shell as defined by the +system manager in the file +.Pa /etc/shells . +If +.Pa /etc/shells +is unreadable or does not exist, +.Fn getusershell +behaves as if +.Pa /bin/sh +and +.Pa /bin/csh +were listed in the file. +.Pp +The +.Fn getusershell +function +reads the next +line (opening the file if necessary); +.Fn setusershell +rewinds the file; +.Fn endusershell +closes it. +.Sh FILES +.Bl -tag -width /etc/shells -compact +.It Pa /etc/shells +.El +.Sh DIAGNOSTICS +The routine +.Fn getusershell +returns a null pointer (0) on +.Dv EOF . +.Sh SEE ALSO +.Xr shells 5 +.Sh HISTORY +The +.Fn getusershell +function appeared in +.Bx 4.3 . +.Sh BUGS +The +.Fn getusershell +function leaves its result in an internal static object and returns +a pointer to that object. Subsequent calls to +.Fn getusershell +will modify the same object. diff --git a/crypto/kerberosIV/man/kadmin.8 b/crypto/kerberosIV/man/kadmin.8 new file mode 100644 index 0000000..3139b25 --- /dev/null +++ b/crypto/kerberosIV/man/kadmin.8 @@ -0,0 +1,176 @@ +.\" $Id: kadmin.8,v 1.4 1997/04/02 21:09:53 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KADMIN 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kadmin \- network utility for Kerberos database administration +.SH SYNOPSIS +.B kadmin [-u user] [-r default_realm] [-m] [-t] +.SH DESCRIPTION +This utility provides a unified administration interface to +the +Kerberos +master database. +Kerberos +administrators +use +.I kadmin +to register new users and services to the master database, +and to change information about existing database entries. +For instance, an administrator can use +.I kadmin +to change a user's +Kerberos +password. +A Kerberos administrator is a user with an ``admin'' instance +whose name appears on one of the Kerberos administration access control +lists. If the \-u option is used, +.I user +will be used as the administrator instead of the local user. +If the \-r option is used, +.I default_realm +will be used as the default realm for transactions. Otherwise, +the local realm will be used by default. +If the \-m option is used, multiple requests will be permitted +on only one entry of the admin password. Some sites won't +support this option. The \-t option is used to tell kadmin to use the +existing ticket file instead of creating a new one. + +The +.I kadmin +program communicates over the network with the +.I kadmind +program, which runs on the machine housing the Kerberos master +database. +The +.I kadmind +creates new entries and makes modifications to the database. + +When you enter the +.I kadmin +command, +the program displays a message that welcomes you and explains +how to ask for help. +Then +.I kadmin +waits for you to enter commands (which are described below). +It then asks you for your +.I admin +password before accessing the database. + +All commands can be abbreviated as long as they are unique. Some +short versions of the commands are also recognized for backwards +compatibility. + +Use the +.I add_new_key +(or +.I ank +for short) +command to register a new principal +with the master database. +The command requires one argument, +the principal's name. The name +given can be fully qualified using +the standard +.I name.instance@realm +convention. +You are asked to enter your +.I admin +password, +then prompted twice to enter the principal's +new password. If no realm is specified, +the local realm is used unless another was +given on the commandline with the \-r flag. +If no instance is +specified, a null instance is used. If +a realm other than the default realm is specified, +you will need to supply your admin password for +the other realm. + +Use the +.I change_password (cpw) +to change a principal's +Kerberos +password. +The command requires one argument, +the principal's +name. +You are asked to enter your +.I admin +password, +then prompted twice to enter the principal's new password. +The name +given can be fully qualified using +the standard +.I name.instance@realm +convention. + +Use the +.I change_key (ckey) +if you have a need to change the raw key of a particular principal. +In other words, if you do not want to input a DES key instead of a +password that will get converted into a DES key. + +Use the +.I change_admin_password (cap) +to change your +.I admin +instance password. +This command requires no arguments. +It prompts you for your old +.I admin +password, then prompts you twice to enter the new +.I admin +password. If this is your first command, +the default realm is used. Otherwise, the realm +used in the last command is used. + +Use the +.I del_entry (del) +to remove an entry from the kerberos database. + +Use the +.I mod_entry (mod) +to modify a particular entry, for example to change the expire date. + +Use the +.I destroy_tickets (dest) +command to destroy your admin tickets explicitly. + +Use the +.I list_requests (lr) +command to get a list of possible commands. + +Use the +.I help +command to display +.IR kadmin's +various help messages. +If entered without an argument, +.I help +displays a general help message. +You can get detailed information on specific +.I kadmin +commands +by entering +.I help +.IR command_name . + +To quit the program, type +.IR quit . + +.SH BUGS +The user interface is primitive, and the command names could be better. + +.SH "SEE ALSO" +kerberos(1), kadmind(8), kpasswd(1), ksrvutil(8) +.br +``A Subsystem Utilities Package for UNIX'' by Ken Raeburn +.SH AUTHORS +Jeffrey I. Schiller, MIT Project Athena +.br +Emanuel Jay Berkenbilt, MIT Project Athena diff --git a/crypto/kerberosIV/man/kadmind.8 b/crypto/kerberosIV/man/kadmind.8 new file mode 100644 index 0000000..477511b --- /dev/null +++ b/crypto/kerberosIV/man/kadmind.8 @@ -0,0 +1,125 @@ +.\" $Id: kadmind.8,v 1.4 1997/04/02 21:09:53 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kadmind \- network daemon for Kerberos database administration +.SH SYNOPSIS +.B kadmind +[ +.B \-n +] [ +.B \-m +] [ +.B \-h +] [ +.B \-r realm +] [ +.B \-f filename +] [ +.B \-d dbname +] [ +.B \-a acldir +] +.SH DESCRIPTION +.I kadmind +is the network database server for the Kerberos password-changing and +administration tools. +.PP +Upon execution, it fetches the master key from the key cache file. +.PP +If the +.B \-m +option is specified, it instead prompts the user to enter the master +key string for the database. +.PP +The +.B \-n +option is a no-op and is left for compatibility reasons. +.PP +If the +.B \-r +.I realm +option is specified, the admin server will pretend that its +local realm is +.I realm +instead of the actual local realm of the host it is running on. +This makes it possible to run a server for a foreign kerberos +realm. +.PP +If the +.B \-f +.I filename +option is specified, then that file is used to hold the log information +instead of the default. +.PP +If the +.B \-d +.I dbname +option is specified, then that file is used as the database name instead +of the default. +.PP +If the +.B \-a +.I acldir +option is specified, then +.I acldir +is used as the directory in which to search for access control lists +instead of the default. +.PP +If the +.B \-h +option is specified, +.I kadmind +prints out a short summary of the permissible control arguments, and +then exits. +.PP +When performing requests on behalf of clients, +.I kadmind +checks access control lists (ACLs) to determine the authorization of the client +to perform the requested action. +Currently four distinct access types are supported: +.TP 1i +Addition +(.add ACL file). If a principal is on this list, it may add new +principals to the database. +.TP +Retrieval +(.get ACL file). If a principal is on this list, it may retrieve +database entries. NOTE: A principal's private key is never returned by +the get functions. +.TP +Modification +(.mod ACL file). If a principal is on this list, it may modify entries +in the database. +.TP +Deletions +(.del ACL file). If a principal is on this list, if may delete +entries from the database. +.PP +A principal is always granted authorization to change its own password. +.SH FILES +.TP 20n +/kerberos/admin_server.syslog +Default log file. +.TP +/kerberos +Default access control list directory. +.TP +admin_acl.{add,get,mod} +Access control list files (within the directory) +.TP +/kerberos/principal.pag, /kerberos/principal.dir +Default DBM files containing database +.TP +/.k +Master key cache file. +.SH "SEE ALSO" +kerberos(1), kpasswd(1), kadmin(8), acl_check(3) +.SH AUTHORS +Douglas A. Church, MIT Project Athena +.br +John T. Kohl, Project Athena/Digital Equipment Corporation diff --git a/crypto/kerberosIV/man/kafs.3 b/crypto/kerberosIV/man/kafs.3 new file mode 100644 index 0000000..041fd23 --- /dev/null +++ b/crypto/kerberosIV/man/kafs.3 @@ -0,0 +1,122 @@ +.\" $Id: kafs.3,v 1.1 1997/05/07 21:49:02 joda Exp $ +.\" +.Dd May 7, 1997 +.Os KTH-KRB +.Dt KAFS 3 +.Sh NAME +.Nm k_hasafs , +.Nm k_afsklog , +.Nm k_afsklog_uid , +.Nm k_pioctl , +.Nm k_unlog , +.Nm k_setpag , +.Nm k_afs_cell_of_file +.Nd AFS library +.Sh SYNOPSIS +.Fd #include <kafs.h> +.Ft int +.Fn k_afsklog "char *cell" "char *realm" +.Ft int +.Fn k_afsklog_uid "char *cell" "char *realm" "uid_t uid" +.Ft int +.Fn k_afs_cell_of_file "const char *path" "char *cell" "int len" +.Ft int +.Fn k_hasafs +.Ft int +.Fn k_pioctl "char *a_path" "int o_opcode" "struct ViceIoctl *a_paramsP" "int a_followSymlinks" +.Ft int +.Fn k_setpag +.Ft int +.Fn k_unlog +.Sh DESCRIPTION +.Fn k_hasafs +initializes some library internal structures, and tests for the +presense of AFS in the kernel, none of the other functions should be +called before +.Fn k_hasafs +is called, or if it fails. + +.Fn k_afsklog , +and +.Fn k_afsklog_uid +obtains new tokens (and possibly tickets) for the specified +.Fa cell +and +.Fa realm . +If +.Fa cell +is +.Dv NULL , +the local cell is used. If +.Fa realm +is +.Dv NULL , +the function tries to guess what realm to use. Unless you have some good knowledge of what cell or realm to use, you should pass +.Dv NULL . +.Fn k_afsklog +will use the real user-id for the +.Dv ViceId +field in the token, +.Fn k_afsklog_uid +will use +.Fa uid . + +.Fn k_afs_cell_of_file +will in +.Fa cell +return the cell of a specified file, no more than +.Fa len +characters is put in +.Fa cell . + +.Fn k_pioctl +does a +.Fn pioctl +syscall with the specified arguments. This function is equivalent to +.Fn lpioctl . + +.Fn k_setpag +initializes a new PAG. + +.Fn k_unlog +removes destroys all tokens in the current PAG. + +.Sh RETURN VALUES +.Fn k_hasafs +returns 1 if AFS is present in the kernel, 0 otherwise. +.Fn k_afsklog +and +.Fn k_afsklog_uid +returns 0 on success, or a kerberos error number on failure. +.Fn k_afs_cell_of_file , +.Fn k_pioctl , +.Fn k_setpag , +and +.Fn k_unlog +all return the value of the underlaying system call, 0 on success. +.Sh EXAMPLES +The following code from +.Nm login +will obtain a new PAG and tokens for the local cell and the cell of +the users home directory. +.Bd -literal +if (k_hasafs()) { + char cell[64]; + k_setpag(); + if(k_afs_cell_of_file(pwd->pw_dir, cell, sizeof(cell)) == 0) + k_afsklog(cell, 0); + k_afsklog(0, 0); +} +.Ed +.Sh ERRORS +If any of these functions (appart from +.Fn k_hasafs ) +is called without AFS beeing present in the kernel, the process will +usually (depending on the operating system) receive a SIGSYS signal. +.Sh SEE ALSO +.Rs +.%A Transarc Corporation +.%J AFS-3 Programmer's Reference +.%T File Server/Cache Manager Interface +.%D 1991 +.Re
\ No newline at end of file diff --git a/crypto/kerberosIV/man/kauth.1 b/crypto/kerberosIV/man/kauth.1 new file mode 100644 index 0000000..cc71b29 --- /dev/null +++ b/crypto/kerberosIV/man/kauth.1 @@ -0,0 +1,65 @@ +.\" $Id: kauth.1,v 1.1 1996/05/04 01:49:34 d91-jda Exp $ +.\" +.Dd May 4, 1996 +.Dt KAUTH 1 +.Os KTH-KRB +.Sh NAME +.Nm kauth +.Nd +overworked Kerberos login program +.Sh SYNOPSIS +.Nm +.Op Fl n Ar name +.Op Fl r Ar remote user +.Op Fl t Pa remote ticket file +.Op Fl h Ar hosts... +.Op Fl l Ar lifetime +.Op Fl f Pa srvtab +.Op Fl c Ar cell +.Op Ar command ... +.Sh DESCRIPTION +The +.Nm +command obtains ticket granting tickets as well as AFS ticket and +tokens. It also does a whole lot of other stuff. +.Pp +The following flags are supported: +.Bl -tag -width xxxx +.It Fl n +Principal to get tickets for. If no other arguments are present this +can be given without the +.Fl n +flag. +.It Fl h +Remote hosts to obtain tickets for. This works similar to the MIT +Athena Kerberos 4 patchlevel 10 command +.Xr rkinit 1 , +however not in a compatible way. It requires that the remote host runs +the +.Xr kauthd 8 , +server. The +.Fl r +and +.Fl t +flags are useful only with this option. +.It Fl r +User on the remote host that should own the ticket file. +.It Fl t +Ticket file on remote host. +.It Fl l +Lifetime of tickets i minutes +.It Fl f +Srvtab to get service keys from. Default is +.Pa /etc/srvtab . +This is mainly used with batch services that need to run +authenticated. If any command is given, it will be executed in an +authenticated fashion and when the program exits the tickets are +destroyed. For long running jobs the tickets will be renewed. +.It Fl c +AFS cell to get tokens for, default is your local cell. +.El +.Sh SEE ALSO +.Xr kinit 1 , +.Xr kauthd 8 +.Sh BUGS +There is no help-switch. diff --git a/crypto/kerberosIV/man/kauthd.8 b/crypto/kerberosIV/man/kauthd.8 new file mode 100644 index 0000000..4978ff2 --- /dev/null +++ b/crypto/kerberosIV/man/kauthd.8 @@ -0,0 +1,27 @@ +.\" $Id: kauthd.8,v 1.2 1996/09/28 22:04:48 assar Exp $ +.\" +.Dd September 27, 1996 +.Dt KAUTHD 8 +.Os KTH-KRB +.Sh NAME +.Nm kauthd +.Nd +remote Kerberos login daemon +.Sh SYNOPSIS +.Nm +.Sh DESCRIPTION +Daemon for the +.Xr kauth 1 +command. +.Pp +Options supported by +.Nm kauthd : +.Bl -tag -width Ds +.It Fl i +Interactive. Do not expect to be started by +.Nm inetd, +but allocate and listen to the socket yourself. Handy for testing +and debugging. +.El +.Sh SEE ALSO +.Xr kauth 1 diff --git a/crypto/kerberosIV/man/kdb_destroy.8 b/crypto/kerberosIV/man/kdb_destroy.8 new file mode 100644 index 0000000..c6e4739 --- /dev/null +++ b/crypto/kerberosIV/man/kdb_destroy.8 @@ -0,0 +1,32 @@ +.\" $Id: kdb_destroy.8,v 1.3 1997/04/02 21:09:54 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KDB_DESTROY 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kdb_destroy \- destroy Kerberos key distribution center database +.SH SYNOPSIS +kdb_destroy +.SH DESCRIPTION +.I kdb_destroy +deletes a Kerberos key distribution center database. +.PP +The user is prompted to verify that the database should be destroyed. A +response beginning with `y' or `Y' confirms deletion. +Any other response aborts deletion. +.SH DIAGNOSTICS +.TP 20n +"Database cannot be deleted at /var/kerberos/principal" +The attempt to delete the database failed (probably due to a system or +access permission error). +.TP +"Database not deleted." +The user aborted the deletion. +.SH FILES +.TP 20n +/var/kerberos/principal.pag, /var/kerberos/principal.dir +DBM files containing database +.SH SEE ALSO +kdb_init(8) diff --git a/crypto/kerberosIV/man/kdb_edit.8 b/crypto/kerberosIV/man/kdb_edit.8 new file mode 100644 index 0000000..14f7e92 --- /dev/null +++ b/crypto/kerberosIV/man/kdb_edit.8 @@ -0,0 +1,54 @@ +.\" $Id: kdb_edit.8,v 1.3 1997/04/02 21:09:54 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KDB_EDIT 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kdb_edit \- Kerberos key distribution center database editing utility +.SH SYNOPSIS +kdb_edit [ +.B \-n +] +.SH DESCRIPTION +.I kdb_edit +is used to create or change principals stored in the Kerberos key +distribution center (KDC) database. +.PP +When executed, +.I kdb_edit +prompts for the master key string and verifies that it matches the +master key stored in the database. +If the +.B \-n +option is specified, the master key is instead fetched from the master +key cache file. +.PP +Once the master key has been verified, +.I kdb_edit +begins a prompt loop. The user is prompted for the principal and +instance to be modified. If the entry is not found the user may create +it. +Once an entry is found or created, the user may set the password, +expiration date, maximum ticket lifetime, and attributes. +Default expiration dates, maximum ticket lifetimes, and attributes are +presented in brackets; if the user presses return the default is selected. +There is no default password. +The password RANDOM is interpreted specially, and if entered +the user may have the program select a random DES key for the +principal. +.PP +Upon successfully creating or changing the entry, ``Edit O.K.'' is +printed. +.SH DIAGNOSTICS +.TP 20n +"verify_master_key: Invalid master key, does not match database." +The master key string entered was incorrect. +.SH FILES +.TP 20n +/var/kerberos/principal.pag, /var/kerberos/principal.dir +DBM files containing database +.TP +/.k +Master key cache file. diff --git a/crypto/kerberosIV/man/kdb_init.8 b/crypto/kerberosIV/man/kdb_init.8 new file mode 100644 index 0000000..f019dd4 --- /dev/null +++ b/crypto/kerberosIV/man/kdb_init.8 @@ -0,0 +1,37 @@ +.\" $Id: kdb_init.8,v 1.3 1997/04/02 21:09:54 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KDB_INIT 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kdb_init \- Initialize Kerberos key distribution center database +.SH SYNOPSIS +kdb_init [ +.B realm +] +.SH DESCRIPTION +.I kdb_init +initializes a Kerberos key distribution center database, creating the +necessary principals. +.PP +If the optional +.I realm +argument is not present, +.I kdb_init +prompts for a realm name. +After determining the realm to be created, it prompts for +a master key password. The master key password is used to encrypt +every encryption key stored in the database. +.SH DIAGNOSTICS +.TP 20n +"/var/kerberos/principal: File exists" +An attempt was made to create a database on a machine which already had +an existing database. +.SH FILES +.TP 20n +/var/kerberos/principal.pag, /var/kerberos/principal.dir +DBM files containing database +.SH SEE ALSO +kdb_destroy(8) diff --git a/crypto/kerberosIV/man/kdb_util.8 b/crypto/kerberosIV/man/kdb_util.8 new file mode 100644 index 0000000..0e3c201 --- /dev/null +++ b/crypto/kerberosIV/man/kdb_util.8 @@ -0,0 +1,68 @@ +.\" $Id: kdb_util.8,v 1.3 1997/04/02 20:45:38 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KDB_UTIL 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kdb_util \- Kerberos key distribution center database utility +.SH SYNOPSIS +kdb_util +.B operation filename +.SH DESCRIPTION +.I kdb_util +allows the Kerberos key distribution center (KDC) database administrator to +perform utility functions on the database. +.PP +.I Operation +must be one of the following: +.TP 10n +.I load +initializes the KDC database with the records described by the +text contained in the file +.IR filename . +Any existing database is overwritten. +.TP +.I dump +dumps the KDC database into a text representation in the file +.IR filename . +.TP +.I slave_dump +performs a database dump like the +.I dump +operation, and additionally creates a semaphore file signalling the +propagation software that an update is available for distribution to +slave KDC databases. +.TP +.I merge +merges in the entries from +.IR filename +into the database. +.TP +.I new_master_key +prompts for the old and new master key strings, and then dumps the KDC +database into a text representation in the file +.IR filename . +The keys in the text representation are encrypted in the new master key. +.TP +.I convert_old_db +prompts for the master key string, and then dumps the KDC database into +a text representation in the file +.IR filename . +The existing database is assumed to be encrypted using the old format +(encrypted by the key schedule of the master key); the dumped database +is encrypted using the new format (encrypted directly with master key). +.PP +.SH DIAGNOSTICS +.TP 20n +"verify_master_key: Invalid master key, does not match database." +The master key string entered was incorrect. +.SH FILES +.TP 20n +/kerberos/principal.pag, /kerberos/principal.dir +DBM files containing database +.TP +.IR filename .ok +semaphore file created by +.IR slave_dump. diff --git a/crypto/kerberosIV/man/kdestroy.1 b/crypto/kerberosIV/man/kdestroy.1 new file mode 100644 index 0000000..66ffd39 --- /dev/null +++ b/crypto/kerberosIV/man/kdestroy.1 @@ -0,0 +1,88 @@ +.\" $Id: kdestroy.1,v 1.3 1996/06/12 21:29:16 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KDESTROY 1 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kdestroy \- destroy Kerberos tickets +.SH SYNOPSIS +.B kdestroy +[ +.B \-f +] +[ +.B \-q +] +[ +.B \-t +] +.SH DESCRIPTION +The +.I kdestroy +utility destroys the user's active +Kerberos +authorization tickets by writing zeros to the file that contains them. +If the ticket file does not exist, +.I kdestroy +displays a message to that effect. +.PP +After overwriting the file, +.I kdestroy +removes the file from the system. +The utility +displays a message indicating the success or failure of the +operation. +If +.I kdestroy +is unable to destroy the ticket file, +the utility will warn you by making your terminal beep. +.PP +In the Athena workstation environment, +the +.I toehold +service automatically destroys your tickets when you +end a workstation session. +If your site does not provide a similar ticket-destroying mechanism, +you can place the +.I kdestroy +command in your +.I .logout +file so that your tickets are destroyed automatically +when you logout. +.PP +The options to +.I kdestroy +are as follows: +.TP 7 +.B \-f +.I kdestroy +runs without displaying the status message. +.TP +.B \-q +.I kdestroy +will not make your terminal beep if it fails to destroy the tickets. +.TP +.B \-t +.I kdestroy +will not remove any afs-tokens. Without this flag the tokens +associated with the current PAG is destroyed. +.SH FILES +KRBTKFILE environment variable if set, otherwise +.br +/tmp/tkt[uid] +.SH SEE ALSO +kerberos(1), kinit(1), klist(1) +.SH BUGS +.PP +Only the tickets in the user's current ticket file are destroyed. +Separate ticket files are used to hold root instance and password +changing tickets. These files should probably be destroyed too, or +all of a user's tickets kept in a single ticket file. +.SH AUTHORS +Steve Miller, MIT Project Athena/Digital Equipment Corporation +.br +Clifford Neuman, MIT Project Athena +.br +Bill Sommerfeld, MIT Project Athena diff --git a/crypto/kerberosIV/man/kerberos.1 b/crypto/kerberosIV/man/kerberos.1 new file mode 100644 index 0000000..aced5a5 --- /dev/null +++ b/crypto/kerberosIV/man/kerberos.1 @@ -0,0 +1,258 @@ +.\" $Id: kerberos.1,v 1.2 1996/06/12 21:29:16 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KERBEROS 1 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kerberos \- introduction to the Kerberos system + +.SH DESCRIPTION +The +Kerberos +system authenticates +individual users in a network environment. +After authenticating yourself to +Kerberos, +you can use network utilities such as +.IR rlogin , +.IR rcp , +and +.IR rsh +without +having to present passwords to remote hosts and without having to bother +with +.I \.rhosts +files. +Note that these utilities will work without passwords only if +the remote machines you deal with +support the +Kerberos +system. +All Athena timesharing machines and public workstations support +Kerberos. +.PP +Before you can use +Kerberos, +you must register as an Athena user, +and you must make sure you have been added to +the +Kerberos +database. +You can use the +.I kinit +command to find out. +This command +tries to log you into the +Kerberos +system. +.I kinit +will prompt you for a username and password. +Enter your username and password. +If the utility lets you login without giving you a message, +you have already been registered. +.PP +If you enter your username and +.I kinit +responds with this message: +.nf + +Principal unknown (kerberos) + +.fi +you haven't been registered as a +Kerberos +user. +See your system administrator. +.PP +A Kerberos name contains three parts. +The first is the +.I principal name, +which is usually a user's or service's name. +The second is the +.I instance, +which in the case of a user is usually null. +Some users may have privileged instances, however, +such as ``root'' or ``admin''. +In the case of a service, the instance is the +name of the machine on which it runs; i.e. there +can be an +.I rlogin +service running on the machine ABC, which +is different from the rlogin service running on +the machine XYZ. +The third part of a Kerberos name +is the +.I realm. +The realm corresponds to the Kerberos service providing +authentication for the principal. +For example, at MIT there is a Kerberos running at the +Laboratory for Computer Science and one running at +Project Athena. +.PP +When writing a Kerberos name, the principal name is +separated from the instance (if not null) by a period, +and the realm (if not the local realm) follows, preceded by +an ``@'' sign. +The following are examples of valid Kerberos names: +.sp +.nf +.in +8 +billb +jis.admin +srz@lcs.mit.edu +treese.root@athena.mit.edu +.in -8 +.fi +.PP +When you authenticate yourself with +Kerberos, +through either the workstation +.I toehold +system or the +.I kinit +command, +Kerberos +gives you an initial +Kerberos +.IR ticket . +(A +Kerberos +ticket +is an encrypted protocol message that provides authentication.) +Kerberos +uses this ticket for network utilities +such as +.I rlogin +and +.IR rcp . +The ticket transactions are done transparently, +so you don't have to worry about their management. +.PP +Note, however, that tickets expire. +Privileged tickets, such as root instance tickets, +expire in a few minutes, while tickets that carry more ordinary +privileges may be good for several hours or a day, depending on the +installation's policy. +If your login session extends beyond the time limit, +you will have to re-authenticate yourself to +Kerberos +to get new tickets. +Use the +.IR kinit +command to re-authenticate yourself. +.PP +If you use the +.I kinit +command to get your tickets, +make sure you use the +.I kdestroy +command +to destroy your tickets before you end your login session. +You should probably put the +.I kdestroy +command in your +.I \.logout +file so that your tickets will be destroyed automatically when you logout. +For more information about the +.I kinit +and +.I kdestroy +commands, +see the +.I kinit(1) +and +.I kdestroy(1) +manual pages. +.PP +Currently, +Kerberos +supports the following network services: +.IR rlogin , +.IR rsh , +and +.IR rcp . +Other services are being worked on, +such as the +.IR pop +mail system and NFS (network file system), +but are not yet available. + +.SH "SEE ALSO" +kdestroy(1), kinit(1), klist(1), kpasswd(1), des_crypt(3), kerberos(3), +kadmin(8) +.SH BUGS +Kerberos +will not do authentication forwarding. +In other words, +if you use +.I rlogin +to login to a remote host, +you cannot use +Kerberos +services from that host +until you authenticate yourself explicitly on that host. +Although you may need to authenticate yourself on the remote +host, +be aware that when you do so, +.I rlogin +sends your password across the network in clear text. + +.SH AUTHORS +Steve Miller, MIT Project Athena/Digital Equipment Corporation +.br +Clifford Neuman, MIT Project Athena + +The following people helped out on various aspects of the system: + +Jeff Schiller designed and wrote the administration server and its +user interface, kadmin. +He also wrote the dbm version of the database management system. + +Mark Colan developed the +Kerberos +versions of +.IR rlogin , +.IR rsh , +and +.IR rcp , +as well as contributing work on the servers. + +John Ostlund developed the +Kerberos +versions of +.I passwd +and +.IR userreg . + +Stan Zanarotti pioneered Kerberos in a foreign realm (LCS), +and made many contributions based on that experience. + +Many people contributed code and/or useful ideas, including +Jim Aspnes, +Bob Baldwin, +John Barba, +Richard Basch, +Jim Bloom, +Bill Bryant, +Rob French, +Dan Geer, +David Jedlinsky, +John Kohl, +John Kubiatowicz, +Bob McKie, +Brian Murphy, +Ken Raeburn, +Chris Reed, +Jon Rochlis, +Mike Shanzer, +Bill Sommerfeld, +Jennifer Steiner, +Ted Ts'o, +and +Win Treese. + +.SH RESTRICTIONS + +COPYRIGHT 1985,1986 Massachusetts Institute of Technology diff --git a/crypto/kerberosIV/man/kerberos.3 b/crypto/kerberosIV/man/kerberos.3 new file mode 100644 index 0000000..71da54d --- /dev/null +++ b/crypto/kerberosIV/man/kerberos.3 @@ -0,0 +1,460 @@ +.\" $Id: kerberos.3,v 1.2 1996/06/12 21:29:18 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KERBEROS 3 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +krb_mk_req, krb_rd_req, krb_kntoln, krb_set_key, krb_get_cred, +krb_mk_priv, krb_rd_priv, krb_mk_safe, krb_rd_safe, krb_mk_err, +krb_rd_err, krb_ck_repl \- Kerberos authentication library +.SH SYNOPSIS +.nf +.nj +.ft B +#include <des.h> +#include <krb.h> +.PP +.ft B +extern char *krb_err_txt[]; +.PP +.ft B +int krb_mk_req(authent,service,instance,realm,checksum) +KTEXT authent; +char *service; +char *instance; +char *realm; +u_long checksum; +.PP +.ft B +int krb_rd_req(authent,service,instance,from_addr,ad,fn) +KTEXT authent; +char *service; +char *instance; +u_long from_addr; +AUTH_DAT *ad; +char *fn; +.PP +.ft B +int krb_kntoln(ad,lname) +AUTH_DAT *ad; +char *lname; +.PP +.ft B +int krb_set_key(key,cvt) +char *key; +int cvt; +.PP +.ft B +int krb_get_cred(service,instance,realm,c) +char *service; +char *instance; +char *realm; +CREDENTIALS *c; +.PP +.ft B +long krb_mk_priv(in,out,in_length,schedule,key,sender,receiver) +u_char *in; +u_char *out; +u_long in_length; +des_cblock key; +des_key_schedule schedule; +struct sockaddr_in *sender; +struct sockaddr_in *receiver; +.PP +.ft B +long krb_rd_priv(in,in_length,schedule,key,sender,receiver,msg_data) +u_char *in; +u_long in_length; +Key_schedule schedule; +des_cblock key; +struct sockaddr_in *sender; +struct sockaddr_in *receiver; +MSG_DAT *msg_data; +.PP +.ft B +long krb_mk_safe(in,out,in_length,key,sender,receiver) +u_char *in; +u_char *out; +u_long in_length; +des_cblock key; +struct sockaddr_in *sender; +struct sockaddr_in *receiver; +.PP +.ft B +long krb_rd_safe(in,length,key,sender,receiver,msg_data) +u_char *in; +u_long length; +des_cblock key; +struct sockaddr_in *sender; +struct sockaddr_in *receiver; +MSG_DAT *msg_data; +.PP +.ft B +long krb_mk_err(out,code,string) +u_char *out; +long code; +char *string; +.PP +.ft B +long krb_rd_err(in,length,code,msg_data) +u_char *in; +u_long length; +long code; +MSG_DAT *msg_data; +.fi +.ft R +.SH DESCRIPTION +This library supports network authentication and various related +operations. The library contains many routines beyond those described +in this man page, but they are not intended to be used directly. +Instead, they are called by the routines that are described, the +authentication server and the login program. +.PP +.I krb_err_txt[] +contains text string descriptions of various Kerberos error codes returned +by some of the routines below. +.PP +.I krb_mk_req +takes a pointer to a text structure in which an authenticator is to be +built. It also takes the name, instance, and realm of the service to be +used and an optional checksum. It is up to the application to decide +how to generate the checksum. +.I krb_mk_req +then retrieves a ticket for the desired service and creates an +authenticator. The authenticator is built in +.I authent +and is accessible +to the calling procedure. +.PP +It is up to the application to get the authenticator to the service +where it will be read by +.I krb_rd_req. +Unless an attacker posesses the session key contained in the ticket, it +will be unable to modify the authenticator. Thus, the checksum can be +used to verify the authenticity of the other data that will pass through +a connection. +.PP +.I krb_rd_req +takes an authenticator of type +.B KTEXT, +a service name, an instance, the address of the +host originating the request, and a pointer to a structure of type +.B AUTH_DAT +which is filled in with information obtained from the authenticator. +It also optionally takes the name of the file in which it will find the +secret key(s) for the service. +If the supplied +.I instance +contains "*", then the first service key with the same service name +found in the service key file will be used, and the +.I instance +argument will be filled in with the chosen instance. This means that +the caller must provide space for such an instance name. +.PP +It is used to find out information about the principal when a request +has been made to a service. It is up to the application protocol to get +the authenticator from the client to the service. The authenticator is +then passed to +.I krb_rd_req +to extract the desired information. +.PP +.I krb_rd_req +returns zero (RD_AP_OK) upon successful authentication. If a packet was +forged, modified, or replayed, authentication will fail. If the +authentication fails, a non-zero value is returned indicating the +particular problem encountered. See +.I krb.h +for the list of error codes. +.PP +If the last argument is the null string (""), krb_rd_req will use the +file /etc/srvtab to find its keys. If the last argument is NULL, it +will assume that the key has been set by +.I krb_set_key +and will not bother looking further. +.PP +.I krb_kntoln +converts a Kerberos name to a local name. It takes a structure +of type AUTH_DAT and uses the name and instance to look in the database +/etc/aname to find the corresponding local name. The local name is +returned and can be used by an application to change uids, directories, +or other parameters. It is not an integral part of Kerberos, but is +instead provided to support the use of Kerberos in existing utilities. +.PP +.I krb_set_key +takes as an argument a des key. It then creates +a key schedule from it and saves the original key to be used as an +initialization vector. +It is used to set the server's key which +must be used to decrypt tickets. +.PP +If called with a non-zero second argument, +.I krb_set_key +will first convert the input from a string of arbitrary length to a DES +key by encrypting it with a one-way function. +.PP +In most cases it should not be necessary to call +.I krb_set_key. +The necessary keys will usually be obtained and set inside +.I krb_rd_req. krb_set_key +is provided for those applications that do not wish to place the +application keys on disk. +.PP +.I krb_get_cred +searches the caller's ticket file for a ticket for the given service, instance, +and realm; and, if a ticket is found, fills in the given CREDENTIALS structure +with the ticket information. +.PP +If the ticket was found, +.I krb_get_cred +returns GC_OK. +If the ticket file can't be found, can't be read, doesn't belong to +the user (other than root), isn't a regular file, or is in the wrong +mode, the error GC_TKFIL is returned. +.PP +.I krb_mk_priv +creates an encrypted, authenticated +message from any arbitrary application data, pointed to by +.I in +and +.I in_length +bytes long. +The private session key, pointed to by +.I key +and the key schedule, +.I schedule, +are used to encrypt the data and some header information using +.I pcbc_encrypt. +.I sender +and +.I receiver +point to the Internet address of the two parties. +In addition to providing privacy, this protocol message protects +against modifications, insertions or replays. The encapsulated message and +header are placed in the area pointed to by +.I out +and the routine returns the length of the output, or -1 indicating +an error. +.PP +.I krb_rd_priv +decrypts and authenticates a received +.I krb_mk_priv +message. +.I in +points to the beginning of the received message, whose length +is specified in +.I in_length. +The private session key, pointed to by +.I key, +and the key schedule, +.I schedule, +are used to decrypt and verify the received message. +.I msg_data +is a pointer to a +.I MSG_DAT +struct, defined in +.I krb.h. +The routine fills in the +.I app_data +field with a pointer to the decrypted application data, +.I app_length +with the length of the +.I app_data +field, +.I time_sec +and +.I time_5ms +with the timestamps in the message, and +.I swap +with a 1 if the byte order of the receiver is different than that of +the sender. (The application must still determine if it is appropriate +to byte-swap application data; the Kerberos protocol fields are already taken +care of). The +.I hash +field returns a value useful as input to the +.I krb_ck_repl +routine. + +The routine returns zero if ok, or a Kerberos error code. Modified messages +and old messages cause errors, but it is up to the caller to +check the time sequence of messages, and to check against recently replayed +messages using +.I krb_ck_repl +if so desired. +.PP +.I krb_mk_safe +creates an authenticated, but unencrypted message from any arbitrary +application data, +pointed to by +.I in +and +.I in_length +bytes long. +The private session key, pointed to by +.I key, +is used to seed the +.I quad_cksum() +checksum algorithm used as part of the authentication. +.I sender +and +.I receiver +point to the Internet address of the two parties. +This message does not provide privacy, but does protect (via detection) +against modifications, insertions or replays. The encapsulated message and +header are placed in the area pointed to by +.I out +and the routine returns the length of the output, or -1 indicating +an error. +The authentication provided by this routine is not as strong as that +provided by +.I krb_mk_priv +or by computing the checksum using +.I cbc_cksum +instead, both of which authenticate via DES. +.PP + +.I krb_rd_safe +authenticates a received +.I krb_mk_safe +message. +.I in +points to the beginning of the received message, whose length +is specified in +.I in_length. +The private session key, pointed to by +.I key, +is used to seed the quad_cksum() routine as part of the authentication. +.I msg_data +is a pointer to a +.I MSG_DAT +struct, defined in +.I krb.h . +The routine fills in these +.I MSG_DAT +fields: +the +.I app_data +field with a pointer to the application data, +.I app_length +with the length of the +.I app_data +field, +.I time_sec +and +.I time_5ms +with the timestamps in the message, and +.I swap +with a 1 if the byte order of the receiver is different than that of +the sender. +(The application must still determine if it is appropriate +to byte-swap application data; the Kerberos protocol fields are already taken +care of). The +.I hash +field returns a value useful as input to the +.I krb_ck_repl +routine. + +The routine returns zero if ok, or a Kerberos error code. Modified messages +and old messages cause errors, but it is up to the caller to +check the time sequence of messages, and to check against recently replayed +messages using +.I krb_ck_repl +if so desired. +.PP +.I krb_mk_err +constructs an application level error message that may be used along +with +.I krb_mk_priv +or +.I krb_mk_safe. +.I out +is a pointer to the output buffer, +.I code +is an application specific error code, and +.I string +is an application specific error string. + +.PP +.I krb_rd_err +unpacks a received +.I krb_mk_err +message. +.I in +points to the beginning of the received message, whose length +is specified in +.I in_length. +.I code +is a pointer to a value to be filled in with the error +value provided by the application. +.I msg_data +is a pointer to a +.I MSG_DAT +struct, defined in +.I krb.h . +The routine fills in these +.I MSG_DAT +fields: the +.I app_data +field with a pointer to the application error text, +.I app_length +with the length of the +.I app_data +field, and +.I swap +with a 1 if the byte order of the receiver is different than that of +the sender. (The application must still determine if it is appropriate +to byte-swap application data; the Kerberos protocol fields are already taken +care of). + +The routine returns zero if the error message has been successfully received, +or a Kerberos error code. +.PP +The +.I KTEXT +structure is used to pass around text of varying lengths. It consists +of a buffer for the data, and a length. krb_rd_req takes an argument of this +type containing the authenticator, and krb_mk_req returns the +authenticator in a structure of this type. KTEXT itself is really a +pointer to the structure. The actual structure is of type KTEXT_ST. +.PP +The +.I AUTH_DAT +structure is filled in by krb_rd_req. It must be allocated before +calling krb_rd_req, and a pointer to it is passed. The structure is +filled in with data obtained from Kerberos. +.I MSG_DAT +structure is filled in by either krb_rd_priv, krb_rd_safe, or +krb_rd_err. It must be allocated before the call and a pointer to it +is passed. The structure is +filled in with data obtained from Kerberos. +.PP +.SH FILES +/usr/include/krb.h +.br +/usr/lib/libkrb.a +.br +/usr/include/des.h +.br +/usr/lib/libdes.a +.br +/etc/aname +.br +/etc/srvtab +.br +/tmp/tkt[uid] +.SH "SEE ALSO" +kerberos(1), des_crypt(3) +.SH DIAGNOSTICS +.SH BUGS +The caller of +.I krb_rd_req, krb_rd_priv, and krb_rd_safe +must check time order and for replay attempts. +.I krb_ck_repl +is not implemented yet. +.SH AUTHORS +Clifford Neuman, MIT Project Athena +.br +Steve Miller, MIT Project Athena/Digital Equipment Corporation +.SH RESTRICTIONS +COPYRIGHT 1985,1986,1989 Massachusetts Institute of Technology diff --git a/crypto/kerberosIV/man/kerberos.8 b/crypto/kerberosIV/man/kerberos.8 new file mode 100644 index 0000000..6a64c57 --- /dev/null +++ b/crypto/kerberosIV/man/kerberos.8 @@ -0,0 +1,44 @@ +.\" $Id: kerberos.8,v 1.1 1996/11/14 22:14:55 assar Exp $ +.\" +.Dd November 14, 1996 +.Dt KERBEROS 8 +.Os KTH-KRB +.Sh NAME +.Nm kerberos +.Nd The kerberos daemon +.Sh SYNPOSIS +.Nm +.Op Fl snm +.Op Fl p Ar pause +.Op Fl a Ar max age +.Op Fl l Ar log +.Op Fl r Ar realm +.Ar database +.Sh DESCRIPTION +This is the +.Nm +daemon. +.Pp +Options: +.Bl -tag -width -ident +.It Fl s +Set slave parameters. This will enable check to see if data is +getting too stale relative to the master. +.It Fl n +Do not check max age. +.It Fl m +Run manually and prompt for master key. +.It Fl p +Pause for +.Ar pause +before dying. +.It Fl a +Set the +.Ar max age +before the database is considered stale. +.It Fl l +Write the log to +.Ar log +.It Fl r +Run as a server for realm +.Ar realm diff --git a/crypto/kerberosIV/man/kinit.1 b/crypto/kerberosIV/man/kinit.1 new file mode 100644 index 0000000..b70ce4b --- /dev/null +++ b/crypto/kerberosIV/man/kinit.1 @@ -0,0 +1,136 @@ +.\" $Id: kinit.1,v 1.3 1997/04/02 21:09:55 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KINIT 1 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kinit \- Kerberos login utility +.SH SYNOPSIS +.B kinit +[ +.B \-irvlp +] +.SH DESCRIPTION +The +.I kinit +command is used to login to the +Kerberos +authentication and authorization system. +Note that only registered +Kerberos +users can use the +Kerberos +system. +For information about registering as a +Kerberos +user, +see the +.I kerberos(1) +manual page. +.PP +If you are logged in to a workstation that is running the +.I toehold +service, +you do not have to use +.I kinit. +The +.I toehold +login procedure will log you into +Kerberos +automatically. +You will need to use +.I kinit +only in those situations in which +your original tickets have expired. +(Tickets expire in about a day.) +Note as well that +.I toehold +will automatically destroy your tickets when you logout from the workstation. +.PP +When you use +.I kinit +without options, +the utility +prompts for your username and Kerberos password, +and tries to authenticate your login with the local +Kerberos +server. +.PP +If +Kerberos +authenticates the login attempt, +.I kinit +retrieves your initial ticket and puts it in the ticket file specified by +your KRBTKFILE environment variable. +If this variable is undefined, +your ticket will be stored in the +.IR /tmp +directory, +in the file +.I tktuid , +where +.I uid +specifies your user identification number. +.PP +If you have logged in to +Kerberos +without the benefit of the workstation +.I toehold +system, +make sure you use the +.I kdestroy +command to destroy any active tickets before you end your login session. +You may want to put the +.I kdestroy +command in your +.I \.logout +file so that your tickets will be destroyed automatically when you logout. +.PP +The options to +.I kinit +are as follows: +.TP 7 +.B \-i +.I kinit +prompts you for a +Kerberos +instance. +.TP +.B \-r +.I kinit +prompts you for a +Kerberos +realm. +This option lets you authenticate yourself with a remote +Kerberos +server. +.TP +.B \-v +Verbose mode. +.I kinit +prints the name of the ticket file used, and +a status message indicating the success or failure of +your login attempt. +.TP +.B \-l +.I kinit +prompts you for a ticket lifetime in minutes. Due to protocol +restrictions in Kerberos Version 4, this value must be between 5 and +1275 minutes. +.TP +.B \-p +.I kinit +will acquires a ticket for chpass.kerberos. +.SH SEE ALSO +.PP +kerberos(1), kdestroy(1), klist(1), toehold(1) +.SH BUGS +The +.B \-r +option has not been fully implemented. +.SH AUTHORS +Steve Miller, MIT Project Athena/Digital Equipment Corporation +.br +Clifford Neuman, MIT Project Athena diff --git a/crypto/kerberosIV/man/klist.1 b/crypto/kerberosIV/man/klist.1 new file mode 100644 index 0000000..76dec02 --- /dev/null +++ b/crypto/kerberosIV/man/klist.1 @@ -0,0 +1,83 @@ +.\" $Id: klist.1,v 1.2 1996/06/12 21:29:19 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KLIST 1 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +klist \- list currently held Kerberos tickets +.SH SYNOPSIS +.B klist +[ +\fB\-s \fR|\fB \-t\fR +] [ +.B \-file +name ] [ +.B \-srvtab +] +.br +.SH DESCRIPTION +.I klist +prints the name of the tickets file and the +identity of the principal the tickets are for (as listed in the +tickets file), and +lists the principal names of all Kerberos tickets currently held by +the user, along with the issue and expire time for each authenticator. +Principal names are listed in the form +.I name.instance@realm, +with the '.' omitted if the instance is null, +and the '@' omitted if the realm is null. + +If given the +.B \-s +option, +.I klist +does not print the issue and expire times, the name of the tickets file, +or the identity of the principal. + +If given the +.B \-t +option, +.B klist +checks for the existence of a non-expired ticket-granting-ticket in the +ticket file. If one is present, it exits with status 0, else it exits +with status 1. No output is generated when this option is specified. + +If given the +.B \-file +option, the following argument is used as the ticket file. +Otherwise, if the +.B KRBTKFILE +environment variable is set, it is used. +If this environment variable +is not set, the file +.B /tmp/tkt[uid] +is used, where +.B uid +is the current user-id of the user. + +If given the +.B \-srvtab +option, the file is treated as a service key file, and the names of the +keys contained therein are printed. If no file is +specified with a +.B \-file +option, the default is +.IR /etc/srvtab . +.SH FILES +.TP 2i +/etc/krb.conf +to get the name of the local realm +.TP +/tmp/tkt[uid] +as the default ticket file ([uid] is the decimal UID of the user). +.TP +/etc/srvtab +as the default service key file +.SH SEE ALSO +.PP +kerberos(1), kinit(1), kdestroy(1) +.SH BUGS +When reading a file as a service key file, very little sanity or error +checking is performed. diff --git a/crypto/kerberosIV/man/kprop.8 b/crypto/kerberosIV/man/kprop.8 new file mode 100644 index 0000000..376f715 --- /dev/null +++ b/crypto/kerberosIV/man/kprop.8 @@ -0,0 +1,58 @@ +.\" $Id: kprop.8,v 1.2 1996/06/15 17:03:22 assar Exp $ +.\" +.Dd June 7, 1996 +.Dt KPROP 8 +.Os KTH-KRB +.Sh NAME +.Nm kprop +.Nd +the kerberos slave server update client +.Sh SYNOPSIS +.Nm +.Op Fl force +.Op Fl realm Ar realm +.Op Ar dump-file +.Op Ar slave-file +.Sh DESCRIPTION +Changes to the database, such as changed passwords, are only made to +the master server through the +.Nm kadmind +service. To propagate these changes to the slave servers, +.Nm +should be run regularly on the master server. + +The following options are recognised. + +.Bl -tag -width -force +.It Fl force +Propagate even if there hasn't been an update to the dump file since +last time. +.It Fl realm +Realm if other than the default. +.It dump-file +is a file created with +.Ic kdb_util slave_dump , +default is +.Pa /var/kerberos/slave_dump . +.It slave-file +Contains the names of the slave servers. Default is +.Pa /var/kerberos/slaves . +.El + +.Nm +will use the principal +.Nm rcmd.kerberos +to authenticate to the master servers. This principal has to be added +to the database, and it should also be put into the service key file +on the master server. + +.Sh FILES +.Bl -tag -width indent -compact +.It Pa /var/kerberos/slave_dump +.It Pa /var/kerberos/slaves +.It Pa /etc/srvtab +.El +.Sh SEE ALSO +.Xr kpropd 8 , +.Xr kerberos 8 , +.Xr kadmind 8 diff --git a/crypto/kerberosIV/man/kpropd.8 b/crypto/kerberosIV/man/kpropd.8 new file mode 100644 index 0000000..d1dbd16 --- /dev/null +++ b/crypto/kerberosIV/man/kpropd.8 @@ -0,0 +1,63 @@ +.\" $Id: kpropd.8,v 1.2 1997/02/07 22:04:55 assar Exp $ +.\" +.Dd June 7, 1996 +.Dt KPROPD 8 +.Os KTH-KRB +.Sh NAME +.Nm kpropd +.Nd +the kerberos slave server update facility +.Sh SYNOPSIS +.Nm +.Op Fl i +.Op Fl d Ar database +.Op Fl l Ar logfile +.Op Fl m +.Op Fl p Ar kdb_util +.Op Fl r Ar realm +.Op Fl s Ar srvtab +.Sh DESCRIPTION +The +.Nm +responds to database update requests from the +.Nm kprop +command. It can either be started from +.Nm inetd +or as an ordinary program. + +The following options are recognised: + +.Bl -tag -width xxxx +.It Fl i +Run stand-alone. If this flag is not given, it is assumed to have +been started by +.Nm inetd . +.It Fl d +What database file to use, default is +.Pa /var/kerberos/principal . +.It Fl l +Logfile to use, default is +.Pa /var/log/kpropd.log . +.It Fl m +Treat data as changes to the database rather than a complete database. +.It Fl p +The path to +.Nm kdb_util , +default is +.Pa /usr/athena/sbin/kdb_util . +.It Fl r +Realm if other than the default realm. +.It Fl s +Srvtab if other than +.Pa /etc/srvtab . +.El +.Sh FILES +.Bl -tag -width indent -compact +.It Pa /var/kerberos/principal.{db,dir,pag} +.It Pa /var/log/kpropd.log +.It Pa /etc/srvtab +.El +.Sh SEE ALSO +.Xr kprop 8 , +.Xr kerberos 8 , +.Xr kadmind 8 diff --git a/crypto/kerberosIV/man/krb.conf.5 b/crypto/kerberosIV/man/krb.conf.5 new file mode 100644 index 0000000..b122b9c --- /dev/null +++ b/crypto/kerberosIV/man/krb.conf.5 @@ -0,0 +1,31 @@ +.\" $Id: krb.conf.5,v 1.2 1996/06/12 21:29:21 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KRB.CONF 5 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +/etc/krb.conf \- Kerberos configuration file +.SH DESCRIPTION +.I krb.conf +contains configuration information describing the Kerberos realm and the +Kerberos key distribution center (KDC) servers for known realms. +.PP +.I krb.conf +contains the name of the local realm in the first +line, followed by lines indicating realm/host +entries. The first token is a realm name, and the second is the hostname +of a host running a KDC for that realm. +The words "admin server" following the hostname indicate that +the host also provides an administrative database server. +For example: +.nf +.in +1i +ATHENA.MIT.EDU +ATHENA.MIT.EDU kerberos-1.mit.edu admin server +ATHENA.MIT.EDU kerberos-2.mit.edu +LCS.MIT.EDU kerberos.lcs.mit.edu admin server +.in -1i +.SH SEE ALSO +krb.realms(5), krb_get_krbhst(3), krb_get_lrealm(3) diff --git a/crypto/kerberosIV/man/krb.equiv.5 b/crypto/kerberosIV/man/krb.equiv.5 new file mode 100644 index 0000000..e38f94b --- /dev/null +++ b/crypto/kerberosIV/man/krb.equiv.5 @@ -0,0 +1,28 @@ +.\" $Id: krb.equiv.5,v 1.3 1996/06/18 16:26:20 joda Exp $ +.\" +.Dd June 18, 1996 +.Dt KRB.EQUIV 5 +.Os KTH-KRB +.Sh NAME +.Nm krb.equiv +.Nd +Kerberos equivalent hosts file +.Sh DESCRIPTION +.Nm +contains a list of IP addresses that is to be considered being the +same host for Kerberos purposes. Plain addresses match a single +host. Addresses followed by a slash (/) and a number is taken as a +sub-network that should be considered equal. +.Pp +Hash (#) starts a comment. Backslash (\\) is a continuation character. +.Sh EXAMPLES +.Bd -literal +# A machine with two interfaces. +130.237.232.113 130.237.221.42 # emma emma-ether +# A machine with *many* interfaces +193.10.156.0/24 193.10.157.0/24 # syk-* syk-*-hps +.Ed +.Sh SEE ALSO +.Xr krb_equiv 3 , +.Xr krb.conf 5 , +.Xr krb.realms 5 diff --git a/crypto/kerberosIV/man/krb.realms.5 b/crypto/kerberosIV/man/krb.realms.5 new file mode 100644 index 0000000..427c455 --- /dev/null +++ b/crypto/kerberosIV/man/krb.realms.5 @@ -0,0 +1,38 @@ +.\" $Id: krb.realms.5,v 1.2 1996/06/12 21:29:22 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KRB.REALMS 5 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +/etc/krb.realms \- host to Kerberos realm translation file +.SH DESCRIPTION +.I krb.realms +provides a translation from a hostname to the Kerberos realm name for +the services provided by that host. +.PP +Each line of the translation file is in one of the following forms +(domain_name should be of the form .XXX.YYY, e.g. .LCS.MIT.EDU): +.nf +.in +5n +host_name kerberos_realm +domain_name kerberos_realm +.in -5n +.fi +If a hostname exactly matches the +.I host_name +field in a line of the first +form, the corresponding realm is the realm of the host. +If a hostname does not match any +.I host_name +in the file, but its +domain exactly matches the +.I domain_name +field in a line of the second +form, the corresponding realm is the realm of the host. +.PP +If no translation entry applies, the host's realm is considered to be +the hostname's domain portion converted to upper case. +.SH SEE ALSO +krb_realmofhost(3) diff --git a/crypto/kerberosIV/man/krb_realmofhost.3 b/crypto/kerberosIV/man/krb_realmofhost.3 new file mode 100644 index 0000000..ddbda74 --- /dev/null +++ b/crypto/kerberosIV/man/krb_realmofhost.3 @@ -0,0 +1,160 @@ +.\" $Id: krb_realmofhost.3,v 1.2 1996/06/12 21:29:23 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KRB_REALMOFHOST 3 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +krb_realmofhost, krb_get_phost, krb_get_krbhst, krb_get_admhst, +krb_get_lrealm \- additional Kerberos utility routines +.SH SYNOPSIS +.nf +.nj +.ft B +#include <krb.h> +#include <des.h> +#include <netinet/in.h> +.PP +.ft B +char *krb_realmofhost(host) +char *host; +.PP +.ft B +char *krb_get_phost(alias) +char *alias; +.PP +.ft B +krb_get_krbhst(host,realm,n) +char *host; +char *realm; +int n; +.PP +.ft B +krb_get_admhst(host,realm,n) +char *host; +char *realm; +int n; +.PP +.ft B +krb_get_lrealm(realm,n) +char *realm; +int n; +.fi +.ft R +.SH DESCRIPTION +.I krb_realmofhost +returns the Kerberos realm of the host +.IR host , +as determined by the translation table +.IR /etc/krb.realms . +.I host +should be the fully-qualified domain-style primary host name of the host +in question. In order to prevent certain security attacks, this routine +must either have +.I a priori +knowledge of a host's realm, or obtain such information securely. +.PP +The format of the translation file is described by +.IR krb.realms (5). +If +.I host +exactly matches a host_name line, the corresponding realm +is returned. +Otherwise, if the domain portion of +.I host +matches a domain_name line, the corresponding realm +is returned. +If +.I host +contains a domain, but no translation is found, +.IR host 's +domain is converted to upper-case and returned. +If +.I host +contains no discernable domain, or an error occurs, +the local realm name, as supplied by +.IR krb_get_lrealm (3), +is returned. +.PP +.I krb_get_phost +converts the hostname +.I alias +(which can be either an official name or an alias) into the instance +name to be used in obtaining Kerberos tickets for most services, +including the Berkeley rcmd suite (rlogin, rcp, rsh). +.br +The current convention is to return the first segment of the official +domain-style name after conversion to lower case. +.PP +.I krb_get_krbhst +fills in +.I host +with the hostname of the +.IR n th +host running a Kerberos key distribution center (KDC) +for realm +.IR realm , +as specified in the configuration file (\fI/etc/krb.conf\fR). +The configuration file is described by +.IR krb.conf (5). +If the host is successfully filled in, the routine +returns KSUCCESS. +If the file cannot be opened, and +.I n +equals 1, then the value of KRB_HOST as defined in +.I <krb.h> +is filled in, and KSUCCESS is returned. If there are fewer than +.I n +hosts running a Kerberos KDC for the requested realm, or the +configuration file is malformed, the routine +returns KFAILURE. +.PP +.I krb_get_admhst +fills in +.I host +with the hostname of the +.IR n th +host running a Kerberos KDC database administration server +for realm +.IR realm , +as specified in the configuration file (\fI/etc/krb.conf\fR). +If the file cannot be opened or is malformed, or there are fewer than +.I n +hosts running a Kerberos KDC database administration server, +the routine returns KFAILURE. +.PP +The character arrays used as return values for +.IR krb_get_krbhst , +.IR krb_get_admhst , +should be large enough to +hold any hostname (MAXHOSTNAMELEN from <sys/param.h>). +.PP +.I krb_get_lrealm +fills in +.I realm +with the +.IR n th +realm of the local host, as specified in the configuration file. +.I realm +should be at least REALM_SZ (from +.IR <krb.h>) characters long. +.PP +.SH SEE ALSO +kerberos(3), krb.conf(5), krb.realms(5) +.SH FILES +.TP 20n +/etc/krb.realms +translation file for host-to-realm mapping. +.TP +/etc/krb.conf +local realm-name and realm/server configuration file. +.SH BUGS +The current convention for instance names is too limited; the full +domain name should be used. +.PP +.I krb_get_lrealm +currently only supports +.I n += 1. It should really consult the user's ticket cache to determine the +user's current realm, rather than consulting a file on the host. diff --git a/crypto/kerberosIV/man/krb_sendauth.3 b/crypto/kerberosIV/man/krb_sendauth.3 new file mode 100644 index 0000000..208b6bc --- /dev/null +++ b/crypto/kerberosIV/man/krb_sendauth.3 @@ -0,0 +1,347 @@ +.\" $Id: krb_sendauth.3,v 1.2 1996/06/12 21:29:24 bg Exp $ +.\" Copyright 1988 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KRB_SENDAUTH 3 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +krb_sendauth, krb_recvauth, krb_net_write, krb_net_read \- +Kerberos routines for sending authentication via network stream sockets +.SH SYNOPSIS +.nf +.nj +.ft B +#include <krb.h> +#include <des.h> +#include <netinet/in.h> +.PP +.fi +.HP 1i +.ft B +int krb_sendauth(options, fd, ktext, service, inst, realm, checksum, +msg_data, cred, schedule, laddr, faddr, version) +.nf +.RS 0 +.ft B +long options; +int fd; +KTEXT ktext; +char *service, *inst, *realm; +u_long checksum; +MSG_DAT *msg_data; +CREDENTIALS *cred; +Key_schedule schedule; +struct sockaddr_in *laddr, *faddr; +char *version; +.PP +.fi +.HP 1i +.ft B +int krb_recvauth(options, fd, ktext, service, inst, faddr, laddr, +auth_data, filename, schedule, version) +.nf +.RS 0 +.ft B +long options; +int fd; +KTEXT ktext; +char *service, *inst; +struct sockaddr_in *faddr, *laddr; +AUTH_DAT *auth_data; +char *filename; +Key_schedule schedule; +char *version; +.PP +.ft B +int krb_net_write(fd, buf, len) +int fd; +char *buf; +int len; +.PP +.ft B +int krb_net_read(fd, buf, len) +int fd; +char *buf; +int len; +.fi +.SH DESCRIPTION +.PP +These functions, +which are built on top of the core Kerberos library, +provide a convenient means for client and server +programs to send authentication messages +to one another through network connections. +The +.I krb_sendauth +function sends an authenticated ticket from the client program to +the server program by writing the ticket to a network socket. +The +.I krb_recvauth +function receives the ticket from the client by +reading from a network socket. + +.SH KRB_SENDAUTH +.PP +This function writes the ticket to +the network socket specified by the +file descriptor +.IR fd, +returning KSUCCESS if the write proceeds successfully, +and an error code if it does not. + +The +.I ktext +argument should point to an allocated KTEXT_ST structure. +The +.IR service, +.IR inst, +and +.IR realm +arguments specify the server program's Kerberos principal name, +instance, and realm. +If you are writing a client that uses the local realm exclusively, +you can set the +.I realm +argument to NULL. + +The +.I version +argument allows the client program to pass an application-specific +version string that the server program can then match against +its own version string. +The +.I version +string can be up to KSEND_VNO_LEN (see +.IR <krb.h> ) +characters in length. + +The +.I checksum +argument can be used to pass checksum information to the +server program. +The client program is responsible for specifying this information. +This checksum information is difficult to corrupt because +.I krb_sendauth +passes it over the network in encrypted form. +The +.I checksum +argument is passed as the checksum argument to +.IR krb_mk_req . + +You can set +.IR krb_sendauth's +other arguments to NULL unless you want the +client and server programs to mutually authenticate +themselves. +In the case of mutual authentication, +the client authenticates itself to the server program, +and demands that the server in turn authenticate itself to +the client. + +.SH KRB_SENDAUTH AND MUTUAL AUTHENTICATION +.PP +If you want mutual authentication, +make sure that you read all pending data from the local socket +before calling +.IR krb_sendauth. +Set +.IR krb_sendauth's +.I options +argument to +.BR KOPT_DO_MUTUAL +(this macro is defined in the +.IR krb.h +file); +make sure that the +.I laddr +argument points to +the address of the local socket, +and that +.I faddr +points to the foreign socket's network address. + +.I Krb_sendauth +fills in the other arguments-- +.IR msg_data , +.IR cred , +and +.IR schedule --before +sending the ticket to the server program. +You must, however, allocate space for these arguments +before calling the function. + +.I Krb_sendauth +supports two other options: +.BR KOPT_DONT_MK_REQ, +and +.BR KOPT_DONT_CANON. +If called with +.I options +set as KOPT_DONT_MK_REQ, +.I krb_sendauth +will not use the +.I krb_mk_req +function to retrieve the ticket from the Kerberos server. +The +.I ktext +argument must point to an existing ticket and authenticator (such as +would be created by +.IR krb_mk_req ), +and the +.IR service, +.IR inst, +and +.IR realm +arguments can be set to NULL. + +If called with +.I options +set as KOPT_DONT_CANON, +.I krb_sendauth +will not convert the service's instance to canonical form using +.IR krb_get_phost (3). + +If you want to call +.I krb_sendauth +with a multiple +.I options +specification, +construct +.I options +as a bitwise-OR of the options you want to specify. + +.SH KRB_RECVAUTH +.PP +The +.I krb_recvauth +function +reads a ticket/authenticator pair from the socket pointed to by the +.I fd +argument. +Set the +.I options +argument +as a bitwise-OR of the options desired. +Currently only KOPT_DO_MUTUAL is useful to the receiver. + +The +.I ktext +argument +should point to an allocated KTEXT_ST structure. +.I Krb_recvauth +fills +.I ktext +with the +ticket/authenticator pair read from +.IR fd , +then passes it to +.IR krb_rd_req . + +The +.I service +and +.I inst +arguments +specify the expected service and instance for which the ticket was +generated. They are also passed to +.IR krb_rd_req. +The +.I inst +argument may be set to "*" if the caller wishes +.I krb_mk_req +to fill in the instance used (note that there must be space in the +.I inst +argument to hold a full instance name, see +.IR krb_mk_req (3)). + +The +.I faddr +argument +should point to the address of the peer which is presenting the ticket. +It is also passed to +.IR krb_rd_req . + +If the client and server plan to mutually authenticate +one another, +the +.I laddr +argument +should point to the local address of the file descriptor. +Otherwise you can set this argument to NULL. + +The +.I auth_data +argument +should point to an allocated AUTH_DAT area. +It is passed to and filled in by +.IR krb_rd_req . +The checksum passed to the corresponding +.I krb_sendauth +is available as part of the filled-in AUTH_DAT area. + +The +.I filename +argument +specifies the filename +which the service program should use to obtain its service key. +.I Krb_recvauth +passes +.I filename +to the +.I krb_rd_req +function. +If you set this argument to "", +.I krb_rd_req +looks for the service key in the file +.IR /etc/srvtab. + +If the client and server are performing mutual authenication, +the +.I schedule +argument +should point to an allocated Key_schedule. +Otherwise it is ignored and may be NULL. + +The +.I version +argument should point to a character array of at least KSEND_VNO_LEN +characters. It is filled in with the version string passed by the client to +.IR krb_sendauth. +.PP +.SH KRB_NET_WRITE AND KRB_NET_READ +.PP +The +.I krb_net_write +function +emulates the write(2) system call, but guarantees that all data +specified is written to +.I fd +before returning, unless an error condition occurs. +.PP +The +.I krb_net_read +function +emulates the read(2) system call, but guarantees that the requested +amount of data is read from +.I fd +before returning, unless an error condition occurs. +.PP +.SH BUGS +.IR krb_sendauth, +.IR krb_recvauth, +.IR krb_net_write, +and +.IR krb_net_read +will not work properly on sockets set to non-blocking I/O mode. + +.SH SEE ALSO + +krb_mk_req(3), krb_rd_req(3), krb_get_phost(3) + +.SH AUTHOR +John T. Kohl, MIT Project Athena +.SH RESTRICTIONS +Copyright 1988, Massachusetts Instititute of Technology. +For copying and distribution information, +please see the file <mit-copyright.h>. diff --git a/crypto/kerberosIV/man/krb_set_tkt_string.3 b/crypto/kerberosIV/man/krb_set_tkt_string.3 new file mode 100644 index 0000000..9d94143 --- /dev/null +++ b/crypto/kerberosIV/man/krb_set_tkt_string.3 @@ -0,0 +1,42 @@ +.\" $Id: krb_set_tkt_string.3,v 1.2 1996/06/12 21:29:24 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KRB_SET_TKT_STRING 3 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +krb_set_tkt_string \- set Kerberos ticket cache file name +.SH SYNOPSIS +.nf +.nj +.ft B +#include <krb.h> +.PP +.ft B +void krb_set_tkt_string(filename) +char *filename; +.fi +.ft R +.SH DESCRIPTION +.I krb_set_tkt_string +sets the name of the file that holds the user's +cache of Kerberos server tickets and associated session keys. +.PP +The string +.I filename +passed in is copied into local storage. +Only MAXPATHLEN-1 (see <sys/param.h>) characters of the filename are +copied in for use as the cache file name. +.PP +This routine should be called during initialization, before other +Kerberos routines are called; otherwise the routines which fetch the +ticket cache file name may be called and return an undesired ticket file +name until this routine is called. +.SH FILES +.TP 20n +/tmp/tkt[uid] +default ticket file name, unless the environment variable KRBTKFILE is set. +[uid] denotes the user's uid, in decimal. +.SH SEE ALSO +kerberos(3), setenv(3) diff --git a/crypto/kerberosIV/man/ksrvtgt.1 b/crypto/kerberosIV/man/ksrvtgt.1 new file mode 100644 index 0000000..ff8563c --- /dev/null +++ b/crypto/kerberosIV/man/ksrvtgt.1 @@ -0,0 +1,50 @@ +.\" $Id: ksrvtgt.1,v 1.2 1996/06/12 21:29:26 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KSRVTGT 1 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +ksrvtgt \- fetch and store Kerberos ticket-granting-ticket using a +service key +.SH SYNOPSIS +.B ksrvtgt +name instance [[realm] srvtab] +.SH DESCRIPTION +.I ksrvtgt +retrieves a ticket-granting ticket with a lifetime of five (5) minutes +for the principal +.I name.instance@realm +(or +.I name.instance@localrealm +if +.I realm +is not supplied on the command line), decrypts the response using +the service key found in +.I srvtab +(or in +.B /etc/srvtab +if +.I srvtab +is not specified on the command line), and stores the ticket in the +standard ticket cache. +.PP +This command is intended primarily for use in shell scripts and other +batch-type facilities. +.SH DIAGNOSTICS +"Generic kerberos failure (kfailure)" can indicate a whole range of +problems, the most common of which is the inability to read the service +key file. +.SH FILES +.TP 2i +/etc/krb.conf +to get the name of the local realm. +.TP +/tmp/tkt[uid] +The default ticket file. +.TP +/etc/srvtab +The default service key file. +.SH SEE ALSO +kerberos(1), kinit(1), kdestroy(1) diff --git a/crypto/kerberosIV/man/ksrvutil.8 b/crypto/kerberosIV/man/ksrvutil.8 new file mode 100644 index 0000000..fdc99e6 --- /dev/null +++ b/crypto/kerberosIV/man/ksrvutil.8 @@ -0,0 +1,104 @@ +.\" $Id: ksrvutil.8,v 1.3 1996/06/12 21:29:27 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.Dd May 4, 1996 +.Dt KSRVUTIL 8 +.Os KTH-KRB + +.Sh NAME +.Nm ksrvutil +host kerberos keyfile (srvtab) manipulation utility +.Sh SYNOPSIS +.Nm +.Op Fl f Pa keyfile +.Op Fl i +.Op Fl k +.Op Fl p Ar principal +.Op Fl r Ar realm +.Ar operation + +.Sh DESCRIPTION +.Nm +allows a system manager to list or change keys currently in his +keyfile or to add new keys to the keyfile. +.Pp +Operation must be one of the following: +.Bl -tag -width indent +.It list +lists the keys in a keyfile showing version number and principal name. +If the +.Fl k +option is given, keys will also be shown. +.It change +changes all the keys in the keyfile by using the regular admin +protocol. If the +.Fl i +flag is given, +.Nm ksrvutil +will prompt for yes or no before changing each key. If the +.Fl k +option is used, the old and new keys will be displayed. +.It add +allows the user to add a key. +add +prompts for name, instance, realm, and key version number, asks +for confirmation, and then asks for a password. +.Nm +then converts the password to a key and appends the keyfile with the +new information. If the +.Fl k +option is used, the key is displayed. +.It get +gets a service from the Kerberos server, possibly creating the +principal. Names, instances and realms for the service keys to get are +prompted for. The default principal used in the kadmin transcation is +your root instance. This can be changed with the +.Fl p +option. +.El +.Pp +In all cases, the default file used is KEY_FILE as defined in krb.h +unless this is overridden by the +.Fl f +option. +.Pp +A good use for +.Nm +would be for adding keys to a keyfile. A system manager could +ask a kerberos administrator to create a new service key with +.Xr kadmin 8 +and could supply an initial password. Then, he could use +.Nm +to add the key to the keyfile and then to change the key so that it +will be random and unknown to either the system manager or the +kerberos administrator. + +.Nm +always makes a backup copy of the keyfile before making any changes. + +.Sh DIAGNOSTICS +If +.Nm +should exit on an error condition at any time during a change or add, +a copy of the original keyfile can be found in +.Pa filename Ns .old +where +.Pa filename +is the name of the keyfile, and a copy of the file with all new +keys changed or added so far can be found in +.Pa filename Ns .work. +The original keyfile is left unmodified until the program exits at +which point it is removed and replaced it with the workfile. +Appending the workfile to the backup copy and replacing the keyfile +with the result should always give a usable keyfile, although the +resulting keyfile will have some out of date keys in it. + +.Sh SEE ALSO +.Xr kadmin 8 , +.Xr ksrvtgt 1 + +.Sh AUTHOR +Emanuel Jay Berkenbilt, MIT Project Athena diff --git a/crypto/kerberosIV/man/kstash.8 b/crypto/kerberosIV/man/kstash.8 new file mode 100644 index 0000000..0197a3d --- /dev/null +++ b/crypto/kerberosIV/man/kstash.8 @@ -0,0 +1,40 @@ +.\" $Id: kstash.8,v 1.3 1997/04/02 21:09:56 assar Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KSTASH 8 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kstash \- stash Kerberos key distribution center database master key +.SH SYNOPSIS +kstash +.SH DESCRIPTION +.I kstash +saves the Kerberos key distribution center (KDC) database master key in +the master key cache file. +.PP +The user is prompted to enter the key, to verify the authenticity of the +key and the authorization to store the key in the file. +.SH DIAGNOSTICS +.TP 20n +"verify_master_key: Invalid master key, does not match database." +The master key string entered was incorrect. +.TP +"kstash: Unable to open master key file" +The attempt to open the cache file for writing failed (probably due to a +system or access permission error). +.TP +"kstash: Write I/O error on master key file" +The +.BR write (2) +system call returned an error while +.I kstash +was attempting to write the key to the file. +.SH FILES +.TP 20n +/var/kerberos/principal.pag, /var/kerberos/principal.dir +DBM files containing database +.TP +/.k +Master key cache file. diff --git a/crypto/kerberosIV/man/kuserok.3 b/crypto/kerberosIV/man/kuserok.3 new file mode 100644 index 0000000..0987308 --- /dev/null +++ b/crypto/kerberosIV/man/kuserok.3 @@ -0,0 +1,66 @@ +.\" $Id: kuserok.3,v 1.3 1996/10/13 17:51:18 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH KUSEROK 3 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +kuserok \- Kerberos version of ruserok +.SH SYNOPSIS +.nf +.nj +.ft B +#include <krb.h> +.PP +.ft B +kuserok(kdata, localuser) +AUTH_DAT *auth_data; +char *localuser; +.fi +.ft R +.SH DESCRIPTION +.I kuserok +determines whether a Kerberos principal described by the structure +.I auth_data +is authorized to login as user +.I localuser +according to the authorization file +("~\fIlocaluser\fR/.klogin" by default). It returns 0 (zero) if authorized, +1 (one) if not authorized. +.PP +If there is no account for +.I localuser +on the local machine, authorization is not granted. +If there is no authorization file, and the Kerberos principal described +by +.I auth_data +translates to +.I localuser +(using +.IR krb_kntoln (3)), +authorization is granted. +If the authorization file +can't be accessed, or the file is not owned by +.IR localuser, +authorization is denied. Otherwise, the file is searched for +a matching principal name, instance, and realm. If a match is found, +authorization is granted, else authorization is denied. +.PP +The file entries are in the format: +.nf +.in +5n + name.instance@realm +.in -5n +.fi +with one entry per line. + +For convenience ~localuser@LOCALREALM is +always considered to be an entry in the file even when there is no +file or the file is unreadable. +.SH SEE ALSO +kerberos(3), ruserok(3), krb_kntoln(3) +.SH FILES +.TP 20n +~\fIlocaluser\fR/.klogin +authorization list diff --git a/crypto/kerberosIV/man/tf_util.3 b/crypto/kerberosIV/man/tf_util.3 new file mode 100644 index 0000000..3f98321 --- /dev/null +++ b/crypto/kerberosIV/man/tf_util.3 @@ -0,0 +1,150 @@ +.\" $Id: tf_util.3,v 1.2 1996/06/12 21:29:29 bg Exp $ +.\" Copyright 1989 by the Massachusetts Institute of Technology. +.\" +.\" For copying and distribution information, +.\" please see the file <mit-copyright.h>. +.\" +.TH TF_UTIL 3 "Kerberos Version 4.0" "MIT Project Athena" +.SH NAME +tf_init, tf_get_pname, tf_get_pinst, tf_get_cred, tf_close \ +\- Routines for manipulating a Kerberos ticket file +.SH SYNOPSIS +.nf +.nj +.ft B +#include <krb.h> +.PP +.ft B +extern char *krb_err_txt[]; +.PP +.ft B +tf_init(tf_name, rw) +char *tf_name; +int rw; +.PP +.ft B +tf_get_pname(pname) +char *pname; +.PP +.ft B +tf_get_pinst(pinst) +char *pinst; +.PP +.ft B +tf_get_cred(c) +CREDENTIALS *c; +.PP +.ft B +tf_close() +.PP +.fi +.SH DESCRIPTION +This group of routines are provided to manipulate the Kerberos tickets +file. A ticket file has the following format: +.nf +.in +4 +.sp +principal's name (null-terminated string) +principal's instance (null-terminated string) +CREDENTIAL_1 +CREDENTIAL_2 + ... +CREDENTIAL_n +EOF +.sp +.in -4 +.LP +Where "CREDENTIAL_x" consists of the following fixed-length +fields from the CREDENTIALS structure (defined in <krb.h>): +.nf +.sp +.in +4 + char service[ANAME_SZ] + char instance[INST_SZ] + char realm[REALM_SZ] + des_cblock session + int lifetime + int kvno + KTEXT_ST ticket_st + long issue_date +.in -4 +.sp +.fi +.PP +.I tf_init +must be called before the other ticket file +routines. +It takes the name of the ticket file to use, +and a read/write flag as arguments. +It tries to open the ticket file, checks the mode and if +everything is okay, locks the file. If it's opened for +reading, the lock is shared. If it's opened for writing, +the lock is exclusive. +KSUCCESS is returned if all went well, otherwise one of the +following: +.nf +.sp +NO_TKT_FIL - file wasn't there +TKT_FIL_ACC - file was in wrong mode, etc. +TKT_FIL_LCK - couldn't lock the file, even after a retry +.sp +.fi +.PP +The +.I tf_get_pname +reads the principal's name from a ticket file. +It should only be called after tf_init has been called. The +principal's name is filled into the +.I pname +parameter. If all goes +well, KSUCCESS is returned. +If tf_init wasn't called, TKT_FIL_INI +is returned. +If the principal's name was null, or EOF was encountered, or the +name was longer than ANAME_SZ, TKT_FIL_FMT is returned. +.PP +The +.I tf_get_pinst +reads the principal's instance from a ticket file. +It should only be called after tf_init and tf_get_pname +have been called. +The principal's instance is filled into the +.I pinst +parameter. +If all goes +well, KSUCCESS is returned. +If tf_init wasn't called, TKT_FIL_INI +is returned. +If EOF was encountered, or the +name was longer than INST_SZ, TKT_FIL_FMT is returned. +Note that, unlike the principal name, the instance name may be null. +.PP +The +.I tf_get_cred +routine reads a CREDENTIALS record from a ticket file and +fills in the given structure. +It should only be called after +tf_init, tf_get_pname, and tf_get_pinst have been called. +If all goes well, KSUCCESS is returned. Possible error codes +are: +.nf +.sp +TKT_FIL_INI - tf_init wasn't called first +TKT_FIL_FMT - bad format +EOF - end of file encountered +.sp +.fi +.PP +.I tf_close +closes the ticket file and releases the lock on it. +.SH "SEE ALSO" +krb(3) +.SH DIAGNOSTICS +.SH BUGS +The ticket file routines have to be called in a certain order. +.SH AUTHORS +Jennifer Steiner, MIT Project Athena +.br +Bill Bryant, MIT Project Athena +.SH RESTRICTIONS +Copyright 1987 Massachusetts Institute of Technology diff --git a/crypto/kerberosIV/mkinstalldirs b/crypto/kerberosIV/mkinstalldirs new file mode 100644 index 0000000..1c13a50 --- /dev/null +++ b/crypto/kerberosIV/mkinstalldirs @@ -0,0 +1,40 @@ +#! /bin/sh +# mkinstalldirs --- make directory hierarchy +# Author: Noah Friedman <friedman@prep.ai.mit.edu> +# Created: 1993-05-16 +# Public domain + +# $Id: mkinstalldirs,v 1.1 1996/06/27 01:12:51 joda Exp $ + +errstatus=0 + +for file +do + set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` + shift + + pathcomp= + for d + do + pathcomp="$pathcomp$d" + case "$pathcomp" in + -* ) pathcomp=./$pathcomp ;; + esac + + if test ! -d "$pathcomp"; then + echo "mkdir $pathcomp" 1>&2 + + mkdir "$pathcomp" || lasterr=$? + + if test ! -d "$pathcomp"; then + errstatus=$lasterr + fi + fi + + pathcomp="$pathcomp/" + done +done + +exit $errstatus + +# mkinstalldirs ends here diff --git a/crypto/kerberosIV/server/Makefile.in b/crypto/kerberosIV/server/Makefile.in new file mode 100644 index 0000000..64e7eb1 --- /dev/null +++ b/crypto/kerberosIV/server/Makefile.in @@ -0,0 +1,79 @@ +# $Id: Makefile.in,v 1.24 1997/05/02 17:52:00 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +LIBS = @LIBS@ +LIB_DBM = @LIB_DBM@ + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ +libexecdir = @libexecdir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +PROGS = kerberos$(EXECSUFFIX) + +SOURCES = kerberos.c + +OBJECTS = kerberos.o + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libexecdir) + for x in $(PROGS); do \ + $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROGS); do \ + rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +kerberos$(EXECSUFFIX): kerberos.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kerberos.o -L../lib/kdb -lkdb -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIB_DBM) $(LIBS) -lroken + +$(OBJECTS): ../include/config.h diff --git a/crypto/kerberosIV/server/kerberos.c b/crypto/kerberosIV/server/kerberos.c new file mode 100644 index 0000000..405e48d --- /dev/null +++ b/crypto/kerberosIV/server/kerberos.c @@ -0,0 +1,846 @@ +/* + * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * of Technology. + * + * For copying and distribution information, please see the file + * <mit-copyright.h>. + */ + +#include "config.h" +#include "protos.h" + +RCSID("$Id: kerberos.c,v 1.64 1997/05/20 18:40:46 bg Exp $"); + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> + +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif + +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif + +#ifdef HAVE_SYS_SELECT_H +#include <sys/select.h> +#endif + +#include <errno.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif + +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#if defined(HAVE_SYS_IOCTL_H) && SunOS != 4 +#include <sys/ioctl.h> +#endif +#ifdef HAVE_SYS_FILIO_H +#include <sys/filio.h> +#endif /* HAVE_SYS_FILIO_H */ + +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +#include <err.h> + +#ifdef SOCKS +#include <socks.h> +#endif + +#include <roken.h> + +#include <des.h> +#include <krb.h> +#include <krb_db.h> +#include <prot.h> +#include <klog.h> + +#include <kdc.h> + +static des_key_schedule master_key_schedule; +static des_cblock master_key; + +static struct timeval kerb_time; +static u_char master_key_version; +static char k_instance[INST_SZ]; +static char *lt; +static int more; + +static int mflag; /* Are we invoked manually? */ +static char *log_file; /* name of alt. log file */ +static int nflag; /* don't check max age */ +static int rflag; /* alternate realm specified */ + +/* fields within the received request packet */ +static char *req_name_ptr; +static char *req_inst_ptr; +static char *req_realm_ptr; +static u_int32_t req_time_ws; + +static char local_realm[REALM_SZ]; + +/* options */ +static int max_age = -1; +static int pause_int = -1; + +/* + * Print usage message and exit. + */ +static void +usage(void) +{ + fprintf(stderr, "Usage: %s [-s] [-m] [-n] [-p pause_seconds]" + " [-a max_age] [-l log_file] [-r realm] [database_pathname]\n", + __progname); + exit(1); +} + +/* + * kerb_err_reply creates an error reply packet and sends it to the + * client. + */ + +static void +kerb_err_reply(int f, struct sockaddr_in *client, int err, char *string) +{ + static KTEXT_ST e_pkt_st; + KTEXT e_pkt = &e_pkt_st; + static char e_msg[128]; + + strcpy(e_msg, "\nKerberos error -- "); + strcat(e_msg, string); + cr_err_reply(e_pkt, req_name_ptr, req_inst_ptr, req_realm_ptr, + req_time_ws, err, e_msg); + sendto(f, (char*)e_pkt->dat, e_pkt->length, 0, (struct sockaddr *)client, + sizeof(*client)); +} + +static void +hang(void) +{ + if (pause_int == -1) { + klog(L_KRB_PERR, "Kerberos will pause so as not to loop init"); + for (;;) + pause(); + } else { + char buf[256]; + snprintf(buf, sizeof(buf), + "Kerberos will wait %d seconds before dying so as not to loop init", + pause_int); + klog(L_KRB_PERR, buf); + sleep(pause_int); + klog(L_KRB_PERR, "Do svedania....\n"); + exit(1); + } +} + +static int +check_princ(char *p_name, char *instance, unsigned int lifetime, Principal *p) +{ + static int n; + static int more; + + n = kerb_get_principal(p_name, instance, p, 1, &more); + + if (n < 0) { + lt = klog(L_KRB_PERR, "Database unavailable!"); + hang(); + } + + /* + * if more than one p_name, pick one, randomly create a session key, + * compute maximum lifetime, lookup authorizations if applicable, + * and stuff into cipher. + */ + if (n == 0) { + /* service unknown, log error, skip to next request */ + lt = klog(L_ERR_UNK, "UNKNOWN %s.%s", p_name, instance); + return KERB_ERR_PRINCIPAL_UNKNOWN; + } + if (more) { + /* not unique, log error */ + lt = klog(L_ERR_NUN, "Principal not unique %s.%s", p_name, instance); + return KERB_ERR_PRINCIPAL_NOT_UNIQUE; + } + /* If the user's key is null, we want to return an error */ + if ((p->key_low == 0) && (p->key_high == 0)) { + /* User has a null key */ + lt = klog(L_ERR_NKY, "Null key %s.%s", p_name, instance); + return KERB_ERR_NULL_KEY; + } + if (master_key_version != p->kdc_key_ver) { + /* log error reply */ + lt = klog(L_ERR_MKV, + "Incorrect master key version for %s.%s: %d (should be %d)", + p->name, p->instance, p->kdc_key_ver, master_key_version); + return KERB_ERR_NAME_MAST_KEY_VER; + } + /* make sure the service hasn't expired */ + if ((u_int32_t) p->exp_date < (u_int32_t) kerb_time.tv_sec) { + /* service did expire, log it */ + time_t t = p->exp_date; + lt = klog(L_ERR_SEXP, + "Principal %s.%s expired at %s", p->name, p->instance, + krb_stime(&t)); + return KERB_ERR_NAME_EXP; + } + /* ok is zero */ + return 0; +} + +static void +unseal(des_cblock *key) +{ + kdb_encrypt_key(key, key, &master_key, master_key_schedule, DES_DECRYPT); +} + + +/* Set the key for krb_rd_req so we can check tgt */ +static int +set_tgtkey(char *r) + /* Realm for desired key */ +{ + int n; + static char lastrealm[REALM_SZ]; + Principal p_st; + Principal *p = &p_st; + des_cblock key; + + if (!strcmp(lastrealm, r)) + return (KSUCCESS); + + klog(L_ALL_REQ, "Getting key for %s", r); + + n = kerb_get_principal(KRB_TICKET_GRANTING_TICKET, r, p, 1, &more); + if (n == 0) + return (KFAILURE); + + /* unseal tgt key from master key */ + copy_to_key(&p->key_low, &p->key_high, key); + unseal(&key); + krb_set_key(key, 0); + strcpy(lastrealm, r); + return (KSUCCESS); +} + + +static int +kerberos(unsigned char *buf, int len, struct in_addr client, KTEXT rpkt) +{ + int pvno; + int msg_type; + int lsb; + int life; + int flags = 0; + char name[ANAME_SZ], inst[INST_SZ], realm[REALM_SZ]; + char service[SNAME_SZ], sinst[INST_SZ]; + u_int32_t req_time; + static KTEXT_ST ticket, cipher, adat; + KTEXT tk = &ticket, ciph = &cipher, auth = &adat; + AUTH_DAT ad; + des_cblock session, key; + int err; + Principal a_name, s_name; + + char *msg; + + + unsigned char *p = buf; + if(len < 2){ + strcpy((char*)rpkt->dat, "Packet too short"); + return KFAILURE; + } + + gettimeofday(&kerb_time, NULL); + + pvno = *p++; + if(pvno != KRB_PROT_VERSION){ + msg = klog(L_KRB_PERR, "KRB protocol version mismatch (%d)", pvno); + strcpy((char*)rpkt->dat, msg); + return KERB_ERR_PKT_VER; + } + msg_type = *p++; + lsb = msg_type & 1; + msg_type &= ~1; + switch(msg_type){ + case AUTH_MSG_KDC_REQUEST: + /* XXX range check */ + p += krb_get_nir(p, name, inst, realm); + p += krb_get_int(p, &req_time, 4, lsb); + life = *p++; + p += krb_get_nir(p, service, sinst, NULL); + klog(L_INI_REQ, "AS REQ %s.%s@%s for %s.%s from %s", + name, inst, realm, service, sinst, inet_ntoa(client)); + if((err = check_princ(name, inst, 0, &a_name))){ + strcpy((char*)rpkt->dat, krb_get_err_text(err)); + return err; + } + tk->length = 0; + if((err = check_princ(service, sinst, 0, &s_name))){ + strcpy((char*)rpkt->dat, krb_get_err_text(err)); + return err; + } + life = min(life, s_name.max_life); + life = min(life, a_name.max_life); + + des_new_random_key(&session); + copy_to_key(&s_name.key_low, &s_name.key_high, key); + unseal(&key); + krb_create_ticket(tk, flags, a_name.name, a_name.instance, + local_realm, client.s_addr, session, + life, kerb_time.tv_sec, + s_name.name, s_name.instance, &key); + copy_to_key(&a_name.key_low, &a_name.key_high, key); + unseal(&key); + create_ciph(ciph, session, s_name.name, s_name.instance, + local_realm, life, s_name.key_version, tk, + kerb_time.tv_sec, &key); + memset(&session, 0, sizeof(session)); + memset(&key, 0, sizeof(key)); + { + KTEXT r; + r = create_auth_reply(name, inst, realm, req_time, 0, + a_name.exp_date, a_name.key_version, ciph); + memcpy(rpkt, r, sizeof(*rpkt)); + } + return 0; + case AUTH_MSG_APPL_REQUEST: + strcpy(realm, (char*)buf + 3); + if((err = set_tgtkey(realm))){ + msg = klog(L_ERR_UNK, "Unknown realm %s from %s", + realm, inet_ntoa(client)); + strcpy((char*)rpkt->dat, msg); + return err; + } + p = buf + strlen(realm) + 4; + p = p + p[0] + p[1] + 2; + auth->length = p - buf; + memcpy(auth->dat, buf, auth->length); + err = krb_rd_req(auth, KRB_TICKET_GRANTING_TICKET, + realm, client.s_addr, &ad, 0); + if(err){ + msg = klog(L_ERR_UNK, "krb_rd_req from %s: %s", + inet_ntoa(client), krb_get_err_text(err)); + strcpy((char*)rpkt->dat, msg); + return err; + } + p += krb_get_int(p, &req_time, 4, lsb); + life = *p++; + p += krb_get_nir(p, service, sinst, NULL); + klog(L_APPL_REQ, "APPL REQ %s.%s@%s for %s.%s from %s", + ad.pname, ad.pinst, ad.prealm, + service, sinst, + inet_ntoa(client)); + if(strcmp(ad.prealm, realm)){ + msg = klog(L_ERR_UNK, "Can't hop realms: %s -> %s", + realm, ad.prealm); + strcpy((char*)rpkt->dat, msg); + return KERB_ERR_PRINCIPAL_UNKNOWN; + } + + if(!strcmp(service, "changepw")){ + strcpy((char*)rpkt->dat, + "Can't authorize password changed based on TGT"); + return KERB_ERR_PRINCIPAL_UNKNOWN; + } + + err = check_princ(service, sinst, life, &s_name); + if(err){ + strcpy((char*)rpkt->dat, krb_get_err_text(err)); + return err; + } + life = min(life, + krb_time_to_life(kerb_time.tv_sec, + krb_life_to_time(ad.time_sec, + ad.life))); + life = min(life, s_name.max_life); + copy_to_key(&s_name.key_low, &s_name.key_high, key); + unseal(&key); + des_new_random_key(&session); + krb_create_ticket(tk, flags, ad.pname, ad.pinst, ad.prealm, + client.s_addr, &session, life, kerb_time.tv_sec, + s_name.name, s_name.instance, + &key); + + memset(&key, 0, sizeof(key)); + + create_ciph(ciph, session, service, sinst, local_realm, + life, s_name.key_version, tk, + kerb_time.tv_sec, &ad.session); + + memset(&session, 0, sizeof(session)); + memset(ad.session, 0, sizeof(ad.session)); + { + KTEXT r; + r =create_auth_reply(ad.pname, ad.pinst, ad.prealm, + req_time, 0, 0, 0, ciph); + memcpy(rpkt, r, sizeof(*rpkt)); + } + memset(&s_name, 0, sizeof(s_name)); + return 0; + + case AUTH_MSG_ERR_REPLY: + return -1; + default: + msg = klog(L_KRB_PERR, "Unknown message type: %d from %s", + msg_type, inet_ntoa(client)); + strcpy((char*)rpkt->dat, msg); + return KFAILURE; + } +} + + +static void +kerberos_wrap(int s, KTEXT data, struct sockaddr_in *client) +{ + KTEXT_ST pkt; + int err = kerberos(data->dat, data->length, client->sin_addr, &pkt); + if(err == -1) + return; + if(err){ + kerb_err_reply(s, client, err, (char*)pkt.dat); + return; + } + sendto(s, pkt.dat, pkt.length, 0, (struct sockaddr *)client, + sizeof(*client)); +} + + +/* + * setup_disc + * + * disconnect all descriptors, remove ourself from the process + * group that spawned us. + */ + +static void +setup_disc(void) +{ + int s; + + for (s = 0; s < 3; s++) { + close(s); + } + + open("/dev/null", 0); + dup2(0, 1); + dup2(0, 2); + + setsid(); + + chdir("/tmp"); + return; +} + +/* + * Make sure that database isn't stale. + * + * Exit if it is; we don't want to tell lies. + */ + +static void +check_db_age(void) +{ + long age; + + if (max_age != -1) { + /* Requires existance of kerb_get_db_age() */ + gettimeofday(&kerb_time, 0); + age = kerb_get_db_age(); + if (age == 0) { + klog(L_KRB_PERR, "Database currently being updated!"); + hang(); + } + if ((age + max_age) < kerb_time.tv_sec) { + klog(L_KRB_PERR, "Database out of date!"); + hang(); + /* NOTREACHED */ + } + } +} + +struct descr{ + int s; + KTEXT_ST buf; + int type; + int timeout; +}; + +static void +mksocket(struct descr *d, struct in_addr addr, int type, + const char *service, int port) +{ + struct sockaddr_in sina; + int on = 1; + int sock; + + memset(d, 0, sizeof(struct descr)); + if ((sock = socket(AF_INET, type, 0)) < 0) + err (1, "socket"); +#if defined(SO_REUSEADDR) && defined(HAVE_SETSOCKOPT) + if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, + sizeof(on)) < 0) + warn ("setsockopt (SO_REUSEADDR)"); +#endif + memset(&sina, 0, sizeof(sina)); + sina.sin_family = AF_INET; + sina.sin_port = port; + sina.sin_addr = addr; + if (bind(sock, (struct sockaddr *)&sina, sizeof(sina)) < 0) + err (1, "bind '%s/%s' (%d)", + service, (type == SOCK_DGRAM) ? "udp" : "tcp", + ntohs(sina.sin_port)); + + if(type == SOCK_STREAM) + listen(sock, SOMAXCONN); + d->s = sock; + d->type = type; +} + + +static void loop(struct descr *fds, int maxfd); + +int +main(int argc, char **argv) +{ + int child; + int c; + struct descr *fds; + int nfds; + int i; + int n; + int kerror; + + umask(077); /* Create protected files */ + + set_progname (argv[0]); + + while ((c = getopt(argc, argv, "snmp:a:l:r:")) != EOF) { + switch(c) { + case 's': + /* + * Set parameters to slave server defaults. + */ + if (max_age == -1 && !nflag) + max_age = ONE_DAY; /* 24 hours */ + if (pause_int == -1) + pause_int = FIVE_MINUTES; /* 5 minutes */ +#if 0 + if (log_file == NULL) { + /* this is only silly */ + log_file = KRBSLAVELOG; + } +#endif + break; + case 'n': + max_age = -1; /* don't check max age. */ + nflag++; + break; + case 'm': + mflag++; /* running manually; prompt for master key */ + break; + case 'p': + /* Set pause interval. */ + if (!isdigit(optarg[0])) + usage(); + pause_int = atoi(optarg); + if ((pause_int < 5) || (pause_int > ONE_HOUR)) { + fprintf(stderr, "pause_int must be between 5 and 3600 seconds.\n"); + usage(); + } + break; + case 'a': + /* Set max age. */ + if (!isdigit(optarg[0])) + usage(); + max_age = atoi(optarg); + if ((max_age < ONE_HOUR) || (max_age > THREE_DAYS)) { + fprintf(stderr, "max_age must be between one hour and three days, in seconds\n"); + usage(); + } + break; + case 'l': + /* Set alternate log file */ + log_file = optarg; + break; + case 'r': + /* Set realm name */ + rflag++; + strcpy(local_realm, optarg); + break; + default: + usage(); + break; + } + } + + if(log_file == NULL) + log_file = KRBLOG; + + if (optind == (argc-1)) { + if (kerb_db_set_name(argv[optind]) != 0) { + fprintf(stderr, "Could not set alternate database name\n"); + exit(1); + } + optind++; + } + + if (optind != argc) + usage(); + + printf("Kerberos server starting\n"); + + if ((!nflag) && (max_age != -1)) + printf("\tMaximum database age: %d seconds\n", max_age); + if (pause_int != -1) + printf("\tSleep for %d seconds on error\n", pause_int); + else + printf("\tSleep forever on error\n"); + if (mflag) + printf("\tMaster key will be entered manually\n"); + + printf("\tLog file is %s\n", log_file); + + kset_logfile(log_file); + + /* find our hostname, and use it as the instance */ + if (k_gethostname(k_instance, INST_SZ)) + err (1, "gethostname"); + + /* + * Yes this looks backwards but it has to be this way to enable a + * smooth migration to the new port 88. + */ + { + int p1, p2; + struct in_addr *a; + + p1 = k_getportbyname ("kerberos-iv", "udp", htons(750)); + p2 = k_getportbyname ("kerberos-sec", "udp", htons(88)); + + if (p1 == p2) + { + fprintf(stderr, "Either define kerberos-iv/udp as 750\n"); + fprintf(stderr, " and kerberos-sec/udp as 88\n"); + fprintf(stderr, "or the other way around!"); + exit(1); + } + + nfds = k_get_all_addrs (&a); + if (nfds < 0) { + struct in_addr any; + + any.s_addr = INADDR_ANY; + + fprintf (stderr, "Could not get local addresses, " + "binding to INADDR_ANY\n"); + nfds = 1; + a = malloc(sizeof(*a) * nfds); + memcpy(a, &any, sizeof(struct in_addr)); + } + nfds *= 4; + fds = (struct descr*)malloc(nfds * sizeof(struct descr)); + for (i = 0; i < nfds/4; i++) { + mksocket(fds + 4 * i + 0, a[i], SOCK_DGRAM, "kerberos-iv", p1); + mksocket(fds + 4 * i + 1, a[i], SOCK_DGRAM, "kerberos-sec", p2); + mksocket(fds + 4 * i + 2, a[i], SOCK_STREAM, "kerberos-iv", p1); + mksocket(fds + 4 * i + 3, a[i], SOCK_STREAM, "kerberos-sec", p2); + } + free (a); + } + /* do all the database and cache inits */ + if ((n = kerb_init())) { + if (mflag) { + printf("Kerberos db and cache init "); + printf("failed = %d ...exiting\n", n); + exit (1); + } else { + klog(L_KRB_PERR, + "Kerberos db and cache init failed = %d ...exiting", n); + hang(); + } + } + + /* Make sure database isn't stale */ + check_db_age(); + + /* setup master key */ + if (kdb_get_master_key (mflag, &master_key, master_key_schedule) != 0) { + klog (L_KRB_PERR, "kerberos: couldn't get master key.\n"); + exit (1); + } + kerror = kdb_verify_master_key (&master_key, master_key_schedule, stdout); + if (kerror < 0) { + klog (L_KRB_PERR, "Can't verify master key."); + memset(master_key, 0, sizeof (master_key)); + memset (master_key_schedule, 0, sizeof (master_key_schedule)); + exit (1); + } + + master_key_version = (u_char) kerror; + + fprintf(stdout, "\nCurrent Kerberos master key version is %d\n", + master_key_version); + des_init_random_number_generator(&master_key); + + if (!rflag) { + /* Look up our local realm */ + krb_get_lrealm(local_realm, 1); + } + fprintf(stdout, "Local realm: %s\n", local_realm); + fflush(stdout); + + if (set_tgtkey(local_realm)) { + /* Ticket granting service unknown */ + klog(L_KRB_PERR, "Ticket granting ticket service unknown"); + fprintf(stderr, "Ticket granting ticket service unknown\n"); + exit(1); + } + if (mflag) { + if ((child = fork()) != 0) { + printf("Kerberos started, PID=%d\n", child); + exit(0); + } + setup_disc(); + } + + klog(L_ALL_REQ, "Starting Kerberos for %s (kvno %d)", + local_realm, master_key_version); + + /* receive loop */ + loop(fds, nfds); + exit(1); +} + + +static void +loop(struct descr *fds, int nfds) +{ + for (;;) { + int ret; + fd_set readfds; + struct timeval tv; + int maxfd = 0; + struct descr *n, *minfree; + + FD_ZERO(&readfds); + gettimeofday(&tv, NULL); + maxfd = 0; + minfree = NULL; + /* Remove expired TCP sockets, and add all other + to the set we are selecting on */ + for(n = fds; n < fds + nfds; n++){ + if(n->s >= 0 && n->timeout && tv.tv_sec > n->timeout){ + kerb_err_reply(n->s, NULL, KERB_ERR_TIMEOUT, "Timeout"); + close(n->s); + n->s = -1; + } + if(n->s < 0){ + if(minfree == NULL) minfree = n; + continue; + } + FD_SET(n->s, &readfds); + maxfd = max(maxfd, n->s); + } + /* add more space for sockets */ + if(minfree == NULL){ + int i = nfds; + struct descr *new; + nfds *=2; + new = realloc(fds, sizeof(struct descr) * nfds); + if(new){ + fds = new; + minfree = fds + i; + for(; i < nfds; i++) fds[i].s = -1; + } + } + ret = select(maxfd + 1, &readfds, 0, 0, 0); + for (n = fds; n < fds + nfds; n++){ + if(n->s < 0) continue; + if (FD_ISSET(n->s, &readfds)){ + if(n->type == SOCK_STREAM && n->timeout == 0){ + /* add accepted socket to list of sockets we are + selecting on */ + int s = accept(n->s, NULL, 0); + if(minfree == NULL){ + kerb_err_reply(s, NULL, KFAILURE, "Out of memory"); + close(s); + }else{ + minfree->s = s; + minfree->type = SOCK_STREAM; + gettimeofday(&tv, NULL); + minfree->timeout = tv.tv_sec + 4; /* XXX */ + } + }else{ + int b; + struct sockaddr_in from; + int fromlen = sizeof(from); + b = recvfrom(n->s, n->buf.dat + n->buf.length, + MAX_PKT_LEN - n->buf.length, 0, + (struct sockaddr *)&from, &fromlen); + if(b < 0){ + if(n->type == SOCK_STREAM){ + close(n->s); + n->s = -1; + } + n->buf.length = 0; + continue; + } + n->buf.length += b; + if(n->type == SOCK_STREAM){ + if(n->buf.length >= 4 && n->buf.dat[0] == 0){ + /* if this is a new type of packet (with + the length attached to the head of the + packet), and there is no more data to + be read, fake an old packet, so the + code below will work */ + u_int32_t len; + krb_get_int(n->buf.dat, &len, 4, 0); + if(n->buf.length == len + 4){ + memmove(n->buf.dat, n->buf.dat + 4, len); + b = 0; + } + } + if(b == 0){ + /* handle request if there are + no more bytes to read */ + fromlen = sizeof(from); + getpeername(n->s,(struct sockaddr*)&from, &fromlen); + kerberos_wrap(n->s, &n->buf, &from); + n->buf.length = 0; + close(n->s); + n->s = -1; + } + }else{ + /* udp packets are atomic */ + kerberos_wrap(n->s, &n->buf, &from); + n->buf.length = 0; + } + } + } + } + } +} diff --git a/crypto/kerberosIV/slave/Makefile.in b/crypto/kerberosIV/slave/Makefile.in new file mode 100644 index 0000000..ce35546 --- /dev/null +++ b/crypto/kerberosIV/slave/Makefile.in @@ -0,0 +1,82 @@ +# $Id: Makefile.in,v 1.27 1997/05/04 04:16:28 assar Exp $ + +SHELL = /bin/sh + +srcdir = @srcdir@ +VPATH = @srcdir@ + +CC = @CC@ +AR = ar +RANLIB = @RANLIB@ +DEFS = @DEFS@ -DSBINDIR=\"$(sbindir)\" +CFLAGS = @CFLAGS@ +LD_FLAGS = @LD_FLAGS@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +LIBS = @LIBS@ +MKINSTALLDIRS = @top_srcdir@/mkinstalldirs + +prefix = @prefix@ +exec_prefix = @exec_prefix@ +libdir = @libdir@ +libexecdir = @libexecdir@ +sbindir = @sbindir@ +transform=@program_transform_name@ +EXECSUFFIX=@EXECSUFFIX@ + +PROGS = kpropd$(EXECSUFFIX) \ + kprop$(EXECSUFFIX) + +SOURCES = kpropd.c kprop.c + +OBJECTS = kpropd.o kprop.o + +all: $(PROGS) + +Wall: + make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" + +.c.o: + $(CC) -c $(CPPFLAGS) $(DEFS) -I../include -I$(srcdir) $(CFLAGS) $< + +install: all + $(MKINSTALLDIRS) $(libexecdir) + for x in $(PROGS); do \ + $(INSTALL_PROGRAM) $$x $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +uninstall: + for x in $(PROGS); do \ + rm -f $(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done + +TAGS: $(SOURCES) + etags $(SOURCES) + +check: + +clean: + rm -f *.a *.o $(PROGS) + +mostlyclean: clean + +distclean: clean + rm -f Makefile *.tab.c *~ + +realclean: distclean + rm -f TAGS + +dist: $(DISTFILES) + for file in $(DISTFILES); do \ + ln $$file ../`cat ../.fname`/lib \ + || cp -p $$file ../`cat ../.fname`/lib; \ + done + +kprop$(EXECSUFFIX): kprop.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kprop.o -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIBS) -lroken + +kpropd$(EXECSUFFIX): kpropd.o + $(CC) $(LD_FLAGS) $(LDFLAGS) -o $@ kpropd.o -L../lib/krb -lkrb -L../lib/des -ldes -L../lib/roken -lroken $(LIBS) -lroken + +$(OBJECTS): ../include/config.h diff --git a/crypto/kerberosIV/slave/kprop.c b/crypto/kerberosIV/slave/kprop.c new file mode 100644 index 0000000..8901121 --- /dev/null +++ b/crypto/kerberosIV/slave/kprop.c @@ -0,0 +1,530 @@ +/* + +Copyright 1987, 1988 by the Student Information Processing Board + of the Massachusetts Institute of Technology + +Permission to use, copy, modify, and distribute this software +and its documentation for any purpose and without fee is +hereby granted, provided that the above copyright notice +appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, +and that the names of M.I.T. and the M.I.T. S.I.P.B. not be +used in advertising or publicity pertaining to distribution +of the software without specific, written prior permission. +M.I.T. and the M.I.T. S.I.P.B. make no representations about +the suitability of this software for any purpose. It is +provided "as is" without express or implied warranty. + +*/ + +#include "slav_locl.h" + +RCSID("$Id: kprop.c,v 1.29 1997/05/25 02:43:54 joda Exp $"); + +#include "kprop.h" + +static char kprop_version[KPROP_PROT_VERSION_LEN] = KPROP_PROT_VERSION; + +int debug = 0; + +char my_realm[REALM_SZ]; +int princ_data_size = 3 * sizeof(int32_t) + 3 * sizeof(unsigned char); +short transfer_mode, net_transfer_mode; +int force_flag; +static char ok[] = ".dump_ok"; + +struct slave_host { + u_int32_t net_addr; + char *name; + char *instance; + char *realm; + int not_time_yet; + int succeeded; + struct slave_host *next; +}; + +static +int get_slaves(struct slave_host **psl, char *file, time_t ok_mtime) +{ + FILE *fin; + char namebuf[128], *inst; + char *pc; + struct hostent *host; + struct slave_host **th; + char path[256]; + char *ppath; + struct stat stbuf; + + if ((fin = fopen(file, "r")) == NULL) + err (1, "open(%s)", file); + strcpy(path, file); + if ((ppath = strrchr(path, '/'))) { + ppath += 1; + } else { + ppath = path; + } + th = psl; + while(fgets(namebuf, sizeof(namebuf), fin)){ + if ((pc = strchr(namebuf, '\n'))) { + *pc = '\0'; + } else { + if(strlen(namebuf) == sizeof(namebuf) - 1){ + warnx ("Hostname too long (>= %d chars) in '%s'.", + (int) sizeof(namebuf), file); + do{ + if(fgets(namebuf, sizeof(namebuf), fin) == NULL) + break; + }while(strchr(namebuf, '\n') == NULL); + continue; + } + } + if(namebuf[0] == 0 || namebuf[0] == '#') + continue; + host = gethostbyname(namebuf); + if (host == NULL) { + warnx ("Ignoring host '%s' in '%s': %s", + namebuf, file, +#ifdef HAVE_H_ERRNO + hstrerror(h_errno) +#else + "unknown error" +#endif + ); + continue; + } + (*th) = (struct slave_host *) malloc(sizeof(struct slave_host)); + if (!*th) + errx (1, "No memory reading host list from '%s'.", + file); + memset(*th, 0, sizeof(struct slave_host)); + (*th)->name = strdup(namebuf); + if ((*th)->name == NULL) + errx (1, "No memory reading host list from '%s'.", + file); + /* get kerberos cannonical instance name */ + inst = krb_get_phost ((*th)->name); + (*th)->instance = strdup(inst); + if ((*th)->instance == NULL) + errx (1, "No memory reading host list from '%s'.", + file); + /* what a concept, slave servers in different realms! */ + (*th)->realm = my_realm; + memcpy(&(*th)->net_addr, host->h_addr, sizeof((*th)->net_addr)); + (*th)->not_time_yet = 0; + (*th)->succeeded = 0; + (*th)->next = NULL; + strcat(strcpy(ppath, (*th)->name), "-last-prop"); + if (!force_flag && !stat(path, &stbuf) && stbuf.st_mtime > ok_mtime) { + (*th)->not_time_yet = 1; + (*th)->succeeded = 1; /* no change since last success */ + } + th = &(*th)->next; + } + fclose(fin); + return (1); +} + +/* The master -> slave protocol looks like this: + 1) 8 byte version string + 2) 2 bytes of "transfer mode" (net byte order of course) + 3) ticket/authentication send by sendauth + 4) 4 bytes of "block" length (u_int32_t) + 5) data + + 4 and 5 repeat til EOF ... +*/ + +static int +prop_to_slaves(struct slave_host *sl, int fd, char *fslv) +{ + u_char buf[KPROP_BUFSIZ]; + u_char obuf[KPROP_BUFSIZ + 64]; /* leave room for private msg overhead */ + struct sockaddr_in sin, my_sin; + int i, n, s; + struct slave_host *cs; /* current slave */ + char path[256], my_host_name[MaxHostNameLen], *p_my_host_name; + char kprop_service_instance[INST_SZ]; + char *pc; + u_int32_t cksum; + u_int32_t length, nlength; + long kerror; + KTEXT_ST ticket; + CREDENTIALS cred; + MSG_DAT msg_dat; + static char tkstring[] = "/tmp/kproptktXXXXXX"; + + des_key_schedule session_sched; + + close(mkstemp(tkstring)); + krb_set_tkt_string(tkstring); + + memset(&sin, 0, sizeof sin); + sin.sin_family = AF_INET; + sin.sin_port = k_getportbyname ("krb_prop", "tcp", htons(KPROP_PORT)); + sin.sin_addr.s_addr = INADDR_ANY; + + strcpy(path, fslv); + if ((pc = strrchr(path, '/'))) { + pc += 1; + } else { + pc = path; + } + + for (i = 0; i < 5; i++) { /* try each slave five times max */ + for (cs = sl; cs; cs = cs->next) { + if (!cs->succeeded) { + if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) + err (1, "socket"); + memcpy(&sin.sin_addr, &cs->net_addr, + sizeof cs->net_addr); + + if (connect(s, (struct sockaddr *) &sin, sizeof sin) < 0) { + warn ("connect(%s)", cs->name); + close(s); + continue; /*** NEXT SLAVE ***/ + } + + /* for krb_mk_{priv, safe} */ + memset(&my_sin, 0, sizeof my_sin); + n = sizeof my_sin; + if (getsockname (s, (struct sockaddr *) &my_sin, &n) != 0) { + warn ("getsockname(%s)", cs->name); + close (s); + continue; /*** NEXT SLAVE ***/ + } + if (n != sizeof (my_sin)) { + warnx ("can't get socketname %s length", cs->name); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + /* Get ticket */ + kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, + cs->instance, cs->realm, (u_int32_t) 0); + /* if ticket has expired try to get a new one, but + * first get a TGT ... + */ + if (kerror != MK_AP_OK) { + if (k_gethostname (my_host_name, sizeof(my_host_name)) != 0) { + warnx ("gethostname(%s): %s", + my_host_name, +#ifdef HAVE_H_ERRNO + hstrerror(h_errno) +#else + "unknown error" +#endif + ); + close (s); + break; /* next one can't work either! */ + } + /* get canonical kerberos service instance name */ + p_my_host_name = krb_get_phost (my_host_name); + /* copy it to make sure gethostbyname static doesn't + * screw us. */ + strcpy (kprop_service_instance, p_my_host_name); + kerror = krb_get_svc_in_tkt (KPROP_SERVICE_NAME, +#if 0 + kprop_service_instance, +#else + KRB_MASTER, +#endif + my_realm, + KRB_TICKET_GRANTING_TICKET, + my_realm, + 96, + KPROP_SRVTAB); + if (kerror != INTK_OK) { + warnx ("%s: %s. While getting initial ticket\n", + cs->name, krb_get_err_text(kerror)); + close (s); + goto punt; + } + kerror = krb_mk_req (&ticket, KPROP_SERVICE_NAME, + cs->instance, cs->realm, (u_int32_t) 0); + } + if (kerror != MK_AP_OK) { + warnx ("%s: krb_mk_req: %s", + cs->name, krb_get_err_text(kerror)); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + if (write(s, kprop_version, sizeof(kprop_version)) + != sizeof(kprop_version)) { + warn ("%s", cs->name); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + net_transfer_mode = htons (transfer_mode); + if (write(s, &net_transfer_mode, sizeof(net_transfer_mode)) + != sizeof(net_transfer_mode)) { + warn ("write(%s)", cs->name); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + kerror = krb_get_cred (KPROP_SERVICE_NAME, cs->instance, + cs->realm, &cred); + if (kerror != KSUCCESS) { + warnx ("%s: %s. Getting session key.", + cs->name, krb_get_err_text(kerror)); + close (s); + continue; /*** NEXT SLAVE ***/ + } +#ifdef NOENCRYPTION + memset(session_sched, 0, sizeof(session_sched)); +#else + if (des_key_sched (&cred.session, session_sched)) { + warnx ("%s: can't make key schedule.", + cs->name); + close (s); + continue; /*** NEXT SLAVE ***/ + } +#endif + /* SAFE (quad_cksum) and CLEAR are just not good enough */ + cksum = 0; +#ifdef not_working_yet + if (transfer_mode != KPROP_TRANSFER_PRIVATE) { + cksum = get_data_checksum(fd, session_sched); + lseek(fd, 0L, 0); + } + else +#endif + { + struct stat st; + fstat (fd, &st); + cksum = st.st_size; + } + kerror = krb_sendauth(KOPT_DO_MUTUAL, + s, + &ticket, + KPROP_SERVICE_NAME, + cs->instance, + cs->realm, + cksum, + &msg_dat, + &cred, + session_sched, + &my_sin, + &sin, + KPROP_PROT_VERSION); + if (kerror != KSUCCESS) { + warnx ("%s: krb_sendauth: %s.", + cs->name, krb_get_err_text(kerror)); + close (s); + continue; /*** NEXT SLAVE ***/ + } + + lseek(fd, 0L, SEEK_SET); /* Rewind file before rereading it. */ + while ((n = read(fd, buf, sizeof buf))) { + if (n < 0) + err (1, "read"); + switch (transfer_mode) { + case KPROP_TRANSFER_PRIVATE: + case KPROP_TRANSFER_SAFE: + if (transfer_mode == KPROP_TRANSFER_PRIVATE) + length = krb_mk_priv (buf, obuf, n, + session_sched, &cred.session, + &my_sin, &sin); + else + length = krb_mk_safe (buf, obuf, n, + &cred.session, + &my_sin, &sin); + if (length == -1) { + warnx ("%s: %s failed.", + cs->name, + (transfer_mode == KPROP_TRANSFER_PRIVATE) + ? "krb_rd_priv" : "krb_rd_safe"); + close (s); + continue; /*** NEXT SLAVE ***/ + } + nlength = htonl(length); + if (write(s, &nlength, sizeof nlength) + != sizeof nlength) { + warn ("write(%s)", cs->name); + close (s); + continue; /*** NEXT SLAVE ***/ + } + if (write(s, obuf, length) != length) { + warn ("write(%s)", cs->name); + close(s); + continue; /*** NEXT SLAVE ***/ + } + break; + case KPROP_TRANSFER_CLEAR: + if (write(s, buf, n) != n) { + warn ("write(%s)", cs->name); + close(s); + continue; /*** NEXT SLAVE ***/ + } + break; + } + } + close(s); + cs->succeeded = 1; + fprintf(stderr, "%s: success.\n", cs->name); + strcat(strcpy(pc, cs->name), "-last-prop"); + unlink(path); + close(creat(path, 0600)); + } + } + } +punt: + + dest_tkt(); + for (cs = sl; cs; cs = cs->next) { + if (!cs->succeeded) + return (0); /* didn't get this slave */ + } + return (1); +} + +static void +usage() +{ + /* already got floc and fslv, what is this? */ + fprintf(stderr, + "\nUsage: kprop [-force] [-realm realm] [-private" +#ifdef not_safe_yet + "|-safe|-clear" +#endif + "] [data_file [slaves_file]]\n\n"); + exit(1); +} + + +int +main(int argc, char **argv) +{ + int fd, i; + char *floc, *floc_ok; + char *fslv; + struct stat stbuf, stbuf_ok; + time_t l_init, l_final; + char *pc; + int l_diff; + static struct slave_host *slave_host_list = NULL; + struct slave_host *sh; + + set_progname (argv[0]); + + transfer_mode = KPROP_TRANSFER_PRIVATE; + + time(&l_init); + pc = ctime(&l_init); + pc[strlen(pc) - 1] = '\0'; + printf("\nStart slave propagation: %s\n", pc); + + floc = NULL; + fslv = NULL; + + if (krb_get_lrealm(my_realm,1) != KSUCCESS) + errx (1, "Getting my kerberos realm. Check krb.conf"); + + for (i = 1; i < argc; i++) + switch (argv[i][0]) { + case '-': + if (strcmp (argv[i], "-private") == 0) + transfer_mode = KPROP_TRANSFER_PRIVATE; +#ifdef not_safe_yet + else if (strcmp (argv[i], "-safe") == 0) + transfer_mode = KPROP_TRANSFER_SAFE; + else if (strcmp (argv[i], "-clear") == 0) + transfer_mode = KPROP_TRANSFER_CLEAR; +#endif + else if (strcmp (argv[i], "-realm") == 0) { + i++; + if (i < argc) + strcpy(my_realm, argv[i]); + else + usage(); + } else if (strcmp (argv[i], "-force") == 0) + force_flag++; + else { + warnx("unknown control argument %s.", argv[i]); + usage (); + } + break; + default: + /* positional arguments are marginal at best ... */ + if (floc == NULL) + floc = argv[i]; + else { + if (fslv == NULL) + fslv = argv[i]; + else + usage(); + } + } + if(floc == NULL) + floc = DB_DIR "/slave_dump"; + if(fslv == NULL) + fslv = DB_DIR "/slaves"; + + asprintf (&floc_ok, "%s%s", floc, ok); + if (floc_ok == NULL) + errx (1, "out of memory in copying %s", floc); + + if ((fd = open(floc, O_RDONLY)) < 0) + err (1, "open(%s)", floc); + if (k_flock(fd, K_LOCK_SH | K_LOCK_NB)) + err (1, "flock(%s)", floc); + if (stat(floc, &stbuf)) + err (1, "stat(%s)", floc); + if (stat(floc_ok, &stbuf_ok)) + err (1, "stat(%s)", floc_ok); + if (stbuf.st_mtime > stbuf_ok.st_mtime) + errx (1, "'%s' more recent than '%s'.", floc, floc_ok); + if (!get_slaves(&slave_host_list, fslv, stbuf_ok.st_mtime)) + errx (1, "can't read slave host file '%s'.", fslv); +#ifdef KPROP_DBG + { + struct slave_host *sh; + int i; + fprintf(stderr, "\n\n"); + fflush(stderr); + for (sh = slave_host_list; sh; sh = sh->next) { + fprintf(stderr, "slave %d: %s, %s", i++, sh->name, + inet_ntoa(sh->net_addr)); + fflush(stderr); + } + } +#endif /* KPROP_DBG */ + + if (!prop_to_slaves(slave_host_list, fd, fslv)) + errx (1, "propagation failed."); + if (k_flock(fd, K_LOCK_UN)) + err (1, "flock(%s, LOCK_UN)", floc); + fprintf(stderr, "\n\n"); + for (sh = slave_host_list; sh; sh = sh->next) { + fprintf(stderr, "%s:\t\t%s\n", sh->name, + (sh->not_time_yet? "Not time yet" : (sh->succeeded ? "Succeeded" : "FAILED"))); + } + + time(&l_final); + l_diff = l_final - l_init; + printf("propagation finished, %d:%02d:%02d elapsed\n", + l_diff / 3600, (l_diff % 3600) / 60, l_diff % 60); + + exit(0); +} + +#ifdef doesnt_work_yet +u_long get_data_checksum(fd, key_sched) + int fd; + des_key_schedule key_sched; +{ + u_int32_t cksum = 0; + int n; + char buf[BUFSIZ]; + u_int32_t obuf[2]; + + while (n = read(fd, buf, sizeof buf)) { + if (n < 0) + err (1, "read"); + cksum = cbc_cksum(buf, obuf, n, key_sched, key_sched); + } + return cksum; +} +#endif diff --git a/crypto/kerberosIV/slave/kprop.h b/crypto/kerberosIV/slave/kprop.h new file mode 100644 index 0000000..d66f63f --- /dev/null +++ b/crypto/kerberosIV/slave/kprop.h @@ -0,0 +1,19 @@ +/* + * Copyright 1987 by the Massachusetts Institute of Technology. + * + * For copying and distribution information, + * please see the file <mit-copyright.h>. + * + * $Id: kprop.h,v 1.5 1997/02/07 21:39:52 assar Exp $ + * + */ + +#define KPROP_SERVICE_NAME "rcmd" +#define KPROP_SRVTAB "/etc/srvtab" +#define KPROP_PROT_VERSION_LEN 8 +#define KPROP_PROT_VERSION "kprop01" +#define KPROP_TRANSFER_PRIVATE 1 +#define KPROP_TRANSFER_SAFE 2 +#define KPROP_TRANSFER_CLEAR 3 +#define KPROP_BUFSIZ 32768 +#define KPROP_PORT 754 diff --git a/crypto/kerberosIV/slave/kpropd.c b/crypto/kerberosIV/slave/kpropd.c new file mode 100644 index 0000000..e2b5f0a --- /dev/null +++ b/crypto/kerberosIV/slave/kpropd.c @@ -0,0 +1,301 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "slav_locl.h" + +#include "kprop.h" + +RCSID("$Id: kpropd.c,v 2.21 1997/05/02 17:52:13 assar Exp $"); + +#ifndef SBINDIR +#define SBINDIR "/usr/athena/sbin" +#endif + +struct sockaddr_in master, slave; + +char *database = DBM_FILE; + +char *lockfile = DB_DIR "/slave_propagation"; + +char *logfile = K_LOGFIL; + +char *kdb_util = SBINDIR "/kdb_util"; + +char *kdb_util_command = "load"; + +char *srvtab = ""; + +char realm[REALM_SZ]; + +static +int +copy_data(int from, int to, des_cblock *session, des_key_schedule schedule) +{ + unsigned char tmp[4]; + char buf[KPROP_BUFSIZ + 26]; + u_int32_t length; + int n; + + int kerr; + MSG_DAT m; + + while(1){ + n = krb_net_read(from, tmp, 4); + if(n == 0) + break; + if(n < 0){ + klog(L_KRB_PERR, "krb_net_read: %s", strerror(errno)); + return -1; + } + if(n != 4){ + klog(L_KRB_PERR, "Premature end of data"); + return -1; + } + length = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3]; + if(length > sizeof(buf)){ + klog(L_KRB_PERR, "Giant packet received: %d", length); + return -1; + } + if(krb_net_read(from, buf, length) != length){ + klog(L_KRB_PERR, "Premature end of data"); + return -1; + } + kerr = krb_rd_priv (buf, length, schedule, session, &master, &slave, &m); + if(kerr != KSUCCESS){ + klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr)); + return -1; + } + write(to, m.app_data, m.app_length); + } + return 0; +} + + +static +int +kprop(int s) +{ + char buf[128]; + int n; + KTEXT_ST ticket; + AUTH_DAT ad; + char sinst[INST_SZ]; + char command[1024]; + des_key_schedule schedule; + int mode; + int kerr; + int lock; + + n = sizeof(master); + if(getpeername(s, (struct sockaddr*)&master, &n) < 0){ + klog(L_KRB_PERR, "getpeername: %s", strerror(errno)); + return 1; + } + + n = sizeof(slave); + if(getsockname(s, (struct sockaddr*)&slave, &n) < 0){ + klog(L_KRB_PERR, "getsockname: %s", strerror(errno)); + return 1; + } + + klog(L_KRB_PERR, "Connection from %s", inet_ntoa(master.sin_addr)); + + n = krb_net_read(s, buf, KPROP_PROT_VERSION_LEN + 2); + if(n < KPROP_PROT_VERSION_LEN + 2){ + klog(L_KRB_PERR, "Premature end of data"); + return 1; + } + if(memcmp(buf, KPROP_PROT_VERSION, KPROP_PROT_VERSION_LEN) != 0){ + klog(L_KRB_PERR, "Bad protocol version string received"); + return 1; + } + mode = (buf[n-2] << 8) | buf[n-1]; + if(mode != KPROP_TRANSFER_PRIVATE){ + klog(L_KRB_PERR, "Bad transfer mode received: %d", mode); + return 1; + } + k_getsockinst(s, sinst, sizeof(sinst)); + kerr = krb_recvauth(KOPT_DO_MUTUAL, s, &ticket, + KPROP_SERVICE_NAME, sinst, + &master, &slave, + &ad, srvtab, schedule, + buf); + if(kerr != KSUCCESS){ + klog(L_KRB_PERR, "Kerberos error: %s", krb_get_err_text(kerr)); + return 1; + } + des_set_key(&ad.session, schedule); + + lock = open(lockfile, O_WRONLY|O_CREAT, 0600); + if(lock < 0){ + klog(L_KRB_PERR, "Failed to open file: %s", strerror(errno)); + return 1; + } + if(k_flock(lock, K_LOCK_EX | K_LOCK_NB)){ + close(lock); + klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno)); + return 1; + } + + if(ftruncate(lock, 0) < 0){ + close(lock); + klog(L_KRB_PERR, "Failed to lock file: %s", strerror(errno)); + return 1; + } + + if(copy_data(s, lock, &ad.session, schedule)){ + close(lock); + return 1; + } + close(lock); + snprintf(command, sizeof(command), + "%s %s %s %s", kdb_util, kdb_util_command, + lockfile, database); + if(system(command) == 0){ + klog(L_KRB_PERR, "Propagation finished successfully"); + return 0; + } + klog(L_KRB_PERR, "*** Propagation failed ***"); + return 1; +} + +static int +doit(void) +{ + return kprop(0); +} + +static int +doit_interactive(void) +{ + struct sockaddr_in sa; + int salen; + int s, s2; + int ret; + + s = socket(AF_INET, SOCK_STREAM, 0); + if(s < 0){ + klog(L_KRB_PERR, "socket: %s", strerror(errno)); + return 1; + } + memset(&sa, 0, sizeof(sa)); + sa.sin_family = AF_INET; + sa.sin_port = k_getportbyname ("krb_prop", "tcp", htons(KPROP_PORT)); + ret = bind(s, (struct sockaddr*)&sa, sizeof(sa)); + if (ret < 0) { + klog(L_KRB_PERR, "bind: %s", strerror(errno)); + return 1; + } + ret = listen(s, SOMAXCONN); + if (ret < 0) { + klog(L_KRB_PERR, "listen: %s", strerror(errno)); + return 1; + } + for(;;) { + salen = sizeof(sa); + s2 = accept(s, (struct sockaddr*)&sa, &salen); + switch(fork()){ + case -1: + klog(L_KRB_PERR, "fork: %s", strerror(errno)); + return 1; + case 0: + close(s); + kprop(s2); + return 1; + default: { + int status; + close(s2); + wait(&status); + } + } + } +} + +static void +usage (void) +{ + fprintf (stderr, + "Usage: kpropd [-i] [-d database] [-l log] [-m] [-[p|P] program]" + " [-r realm] [-s srvtab]\n"); + exit (1); +} + +int +main(int argc, char **argv) +{ + int opt; + int interactive = 0; + + krb_get_lrealm(realm, 1); + + while((opt = getopt(argc, argv, ":d:l:mp:P:r:s:i")) >= 0){ + switch(opt){ + case 'd': + database = optarg; + break; + case 'l': + logfile = optarg; + break; + case 'm': + kdb_util_command = "merge"; + break; + case 'p': + case 'P': + kdb_util = optarg; + break; + case 'r': + strcpy(realm, optarg); + break; + case 's': + srvtab = optarg; + break; + case 'i': + interactive = 1; + break; + default: + klog(L_KRB_PERR, "Bad option: -%c", optopt); + usage (); + exit(1); + } + } + kset_logfile(logfile); + if (interactive) + return doit_interactive (); + else + return doit (); +} diff --git a/crypto/kerberosIV/slave/slav_locl.h b/crypto/kerberosIV/slave/slav_locl.h new file mode 100644 index 0000000..760fb9d --- /dev/null +++ b/crypto/kerberosIV/slave/slav_locl.h @@ -0,0 +1,101 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: slav_locl.h,v 1.11 1997/05/20 18:40:47 bg Exp $ */ + +#ifndef __slav_locl_h +#define __slav_locl_h + +#include "config.h" +#include "protos.h" + +#include <stdio.h> +#include <stdarg.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> + +#include <errno.h> +#include <unistd.h> + +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#include <time.h> +#ifdef HAVE_SYS_FILE_H +#include <sys/file.h> +#endif +#ifdef HAVE_SYS_WAIT_H +#include <sys/wait.h> +#endif + +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +#include <err.h> + +#ifdef SOCKS +#include <socks.h> +#endif + +#include <roken.h> + +#include <krb.h> +#include <krb_db.h> +#include <klog.h> +#include <prot.h> +#include <kdc.h> + +#include "kprop.h" + +#endif /* __slav_locl_h */ |