diff options
author | assar <assar@FreeBSD.org> | 2001-06-21 02:12:07 +0000 |
---|---|---|
committer | assar <assar@FreeBSD.org> | 2001-06-21 02:12:07 +0000 |
commit | 0c8fa354358381b3f1b92598e7f1b46f8cf744cc (patch) | |
tree | ed28ffb73cc0ae48a9892dab3f10b09bc36436d5 /crypto/heimdal/appl | |
parent | 06c859ecf534f468a52f24a3eb14409d73a4907c (diff) | |
download | FreeBSD-src-0c8fa354358381b3f1b92598e7f1b46f8cf744cc.zip FreeBSD-src-0c8fa354358381b3f1b92598e7f1b46f8cf744cc.tar.gz |
import of heimdal 0.3f
Diffstat (limited to 'crypto/heimdal/appl')
166 files changed, 20720 insertions, 398 deletions
diff --git a/crypto/heimdal/appl/Makefile.in b/crypto/heimdal/appl/Makefile.in index 2690db2..ae89497 100644 --- a/crypto/heimdal/appl/Makefile.in +++ b/crypto/heimdal/appl/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -119,7 +120,7 @@ install_sh = @install_sh@ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) @OTP_TRUE@dir_otp = @OTP_TRUE@otp @@ -227,7 +230,7 @@ DIST_SUBDIRS = afsutil ftp login otp popper push rsh rcp su xnlock \ telnet test kx kf dceutils all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .et .h .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/Makefile @@ -268,11 +271,16 @@ mostlyclean-recursive clean-recursive distclean-recursive \ maintainer-clean-recursive: @set fnord $(MAKEFLAGS); amf=$$2; \ dot_seen=no; \ - rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \ - rev="$$subdir $$rev"; \ - if test "$$subdir" = "."; then dot_seen=yes; else :; fi; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ done; \ - test "$$dot_seen" = "no" && rev=". $$rev"; \ + rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ @@ -318,6 +326,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/appl/afsutil/ChangeLog b/crypto/heimdal/appl/afsutil/ChangeLog index af83aef..8dfd532 100644 --- a/crypto/heimdal/appl/afsutil/ChangeLog +++ b/crypto/heimdal/appl/afsutil/ChangeLog @@ -1,3 +1,7 @@ +2001-05-17 Assar Westerlund <assar@sics.se> + + * afslog.c (main): call free_getarg_strings + 2000-12-31 Assar Westerlund <assar@sics.se> * afslog.c (main): handle krb5_init_context failure consistently diff --git a/crypto/heimdal/appl/afsutil/Makefile.in b/crypto/heimdal/appl/afsutil/Makefile.in index 24f5a61..44d5b58 100644 --- a/crypto/heimdal/appl/afsutil/Makefile.in +++ b/crypto/heimdal/appl/afsutil/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -119,7 +120,7 @@ install_sh = @install_sh@ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) @KRB4_TRUE@AFSPROGS = @KRB4_TRUE@afslog pagsh @@ -253,7 +256,7 @@ OBJECTS = $(am_afslog_OBJECTS) $(am_pagsh_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/afsutil/Makefile @@ -349,6 +352,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/appl/afsutil/afslog.c b/crypto/heimdal/appl/afsutil/afslog.c index f557421..5451b22 100644 --- a/crypto/heimdal/appl/afsutil/afslog.c +++ b/crypto/heimdal/appl/afsutil/afslog.c @@ -33,7 +33,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: afslog.c,v 1.14 2001/01/25 12:44:46 assar Exp $"); +RCSID("$Id: afslog.c,v 1.16 2001/05/16 22:10:15 assar Exp $"); #endif #include <ctype.h> #include <krb5.h> @@ -179,7 +179,7 @@ main(int argc, char **argv) int num; int ret = 0; - set_progname(argv[0]); + setprogname(argv[0]); if(getarg(args, num_args, argc, argv, &optind)) usage(1); @@ -206,10 +206,12 @@ main(int argc, char **argv) for(i = 0; i < files.num_strings; i++){ afslog_file(context, id, files.strings[i]); num++; + free_getarg_strings (&files); } for(i = 0; i < cells.num_strings; i++){ afslog_cell(context, id, cells.strings[i], 1); num++; + free_getarg_strings (&cells); } for(i = optind; i < argc; i++){ num++; diff --git a/crypto/heimdal/appl/dceutils/ChangeLog b/crypto/heimdal/appl/dceutils/ChangeLog new file mode 100644 index 0000000..8d991ca --- /dev/null +++ b/crypto/heimdal/appl/dceutils/ChangeLog @@ -0,0 +1,18 @@ +2001-02-07 Assar Westerlund <assar@sics.se> + + * Makefile.am (dpagaix): needs to be linked with ld, add an + explicit command for it. from Ake Sandgren <ake@cs.umu.se> + +2000-10-02 Assar Westerlund <assar@sics.se> + + * Makefile.am: link with roken on everything except irix, where + apperently it fails. reported by Ake Sandgren <ake@cs.umu.se> + +2000-07-17 Johan Danielsson <joda@pdc.kth.se> + + * Makefile.am: set compiler flags + +2000-07-01 Assar Westerlund <assar@sics.se> + + * imported stuff from Ake Sandgren <ake@cs.umu.se> + diff --git a/crypto/heimdal/appl/dceutils/Makefile.am b/crypto/heimdal/appl/dceutils/Makefile.am new file mode 100644 index 0000000..bc7ebef --- /dev/null +++ b/crypto/heimdal/appl/dceutils/Makefile.am @@ -0,0 +1,30 @@ +# $Id: Makefile.am,v 1.6 2001/02/07 22:45:37 assar Exp $ + +include $(top_srcdir)/Makefile.am.common + + +DFSPROGS = k5dcecon +if AIX +AIX_DFSPROGS = dpagaix +endif + +libexec_PROGRAMS = $(DFSPROGS) $(AIX_DFSPROGS) + +dpagaix_CFLAGS = @dpagaix_CFLAGS@ +dpagaix_LDFLAGS = @dpagaix_LDFLAGS@ +dpagaix_LDADD = @dpagaix_LDADD@ + +dpagaix: $(dpagaix_OBJECTS) + ld -edpagaix -o dpagaix $(dpagaix_OBJECTS) $(srcdir)/dfspag.exp + +LIB_dce = -ldce + +k5dcecon_SOURCES = k5dcecon.c k5dce.h + +dpagaix_SOURCES = dpagaix.c + +if IRIX +LDADD = $(LIB_dce) +else +LDADD = $(LIB_roken) $(LIB_dce) +endif diff --git a/crypto/heimdal/appl/dceutils/Makefile.in b/crypto/heimdal/appl/dceutils/Makefile.in new file mode 100644 index 0000000..4138b1c --- /dev/null +++ b/crypto/heimdal/appl/dceutils/Makefile.in @@ -0,0 +1,594 @@ +# Makefile.in generated automatically by automake 1.4b from Makefile.am + +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +SHELL = @SHELL@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +datadir = @datadir@ +sysconfdir = @sysconfdir@ +sharedstatedir = @sharedstatedir@ +localstatedir = @localstatedir@ +libdir = @libdir@ +infodir = @infodir@ +mandir = @mandir@ +includedir = @includedir@ +oldincludedir = /usr/include + +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ + +top_builddir = ../.. + +ACLOCAL = @ACLOCAL@ +AUTOCONF = @AUTOCONF@ +AUTOMAKE = @AUTOMAKE@ +AUTOHEADER = @AUTOHEADER@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_FLAG = +transform = @program_transform_name@ + +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : + +@SET_MAKE@ +host_alias = @host_alias@ +host_triplet = @host@ +AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ +AMDEP = @AMDEP@ +AMTAR = @AMTAR@ +AS = @AS@ +AWK = @AWK@ +CANONICAL_HOST = @CANONICAL_HOST@ +CATMAN = @CATMAN@ +CATMANEXT = @CATMANEXT@ +CC = @CC@ +CPP = @CPP@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +DBLIB = @DBLIB@ +DEPDIR = @DEPDIR@ +DIR_des = @DIR_des@ +DIR_roken = @DIR_roken@ +DLLTOOL = @DLLTOOL@ +EXEEXT = @EXEEXT@ +EXTRA_LIB45 = @EXTRA_LIB45@ +GROFF = @GROFF@ +INCLUDES_roken = @INCLUDES_roken@ +INCLUDE_ = @INCLUDE_@ +LEX = @LEX@ +LIBOBJS = @LIBOBJS@ +LIBTOOL = @LIBTOOL@ +LIB_ = @LIB_@ +LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_des = @LIB_des@ +LIB_des_appl = @LIB_des_appl@ +LIB_kdb = @LIB_kdb@ +LIB_otp = @LIB_otp@ +LIB_roken = @LIB_roken@ +LIB_security = @LIB_security@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ +NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ +NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +RANLIB = @RANLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ +WFLAGS = @WFLAGS@ +WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ +WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +YACC = @YACC@ +dpagaix_CFLAGS = @dpagaix_CFLAGS@ +dpagaix_LDADD = @dpagaix_LDADD@ +install_sh = @install_sh@ + +# $Id: Makefile.am,v 1.6 2001/02/07 22:45:37 assar Exp $ + + +# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ + + +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ + + +AUTOMAKE_OPTIONS = foreign no-dependencies + +SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x + +INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) + +AM_CFLAGS = $(WFLAGS) + +CP = cp + +COMPILE_ET = $(top_builddir)/lib/com_err/compile_et + +buildinclude = $(top_builddir)/include + +LIB_XauReadAuth = @LIB_XauReadAuth@ +LIB_crypt = @LIB_crypt@ +LIB_dbm_firstkey = @LIB_dbm_firstkey@ +LIB_dbopen = @LIB_dbopen@ +LIB_dlopen = @LIB_dlopen@ +LIB_dn_expand = @LIB_dn_expand@ +LIB_el_init = @LIB_el_init@ +LIB_getattr = @LIB_getattr@ +LIB_gethostbyname = @LIB_gethostbyname@ +LIB_getpwent_r = @LIB_getpwent_r@ +LIB_getpwnam_r = @LIB_getpwnam_r@ +LIB_getsockopt = @LIB_getsockopt@ +LIB_logout = @LIB_logout@ +LIB_logwtmp = @LIB_logwtmp@ +LIB_odm_initialize = @LIB_odm_initialize@ +LIB_pidfile = @LIB_pidfile@ +LIB_readline = @LIB_readline@ +LIB_res_search = @LIB_res_search@ +LIB_setpcred = @LIB_setpcred@ +LIB_setsockopt = @LIB_setsockopt@ +LIB_socket = @LIB_socket@ +LIB_syslog = @LIB_syslog@ +LIB_tgetent = @LIB_tgetent@ + +LIBS = @LIBS@ + +HESIODLIB = @HESIODLIB@ +HESIODINCLUDE = @HESIODINCLUDE@ +INCLUDE_hesiod = @INCLUDE_hesiod@ +LIB_hesiod = @LIB_hesiod@ + +INCLUDE_krb4 = @INCLUDE_krb4@ +LIB_krb4 = @LIB_krb4@ + +INCLUDE_openldap = @INCLUDE_openldap@ +LIB_openldap = @LIB_openldap@ + +INCLUDE_readline = @INCLUDE_readline@ + +LEXLIB = @LEXLIB@ + +NROFF_MAN = groff -mandoc -Tascii + +@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) + +@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la +@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la + +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + +CHECK_LOCAL = $(PROGRAMS) + +DFSPROGS = k5dcecon +@AIX_TRUE@AIX_DFSPROGS = @AIX_TRUE@dpagaix + +libexec_PROGRAMS = $(DFSPROGS) $(AIX_DFSPROGS) + +dpagaix_CFLAGS = @dpagaix_CFLAGS@ +dpagaix_LDFLAGS = @dpagaix_LDFLAGS@ +dpagaix_LDADD = @dpagaix_LDADD@ + +LIB_dce = -ldce + +k5dcecon_SOURCES = k5dcecon.c k5dce.h + +dpagaix_SOURCES = dpagaix.c +@IRIX_TRUE@LDADD = @IRIX_TRUE@$(LIB_dce) +@IRIX_FALSE@LDADD = @IRIX_FALSE@$(LIB_roken) $(LIB_dce) +subdir = appl/dceutils +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = ../../include/config.h +CONFIG_CLEAN_FILES = +@AIX_FALSE@libexec_PROGRAMS = k5dcecon$(EXEEXT) +@AIX_TRUE@libexec_PROGRAMS = k5dcecon$(EXEEXT) dpagaix$(EXEEXT) +PROGRAMS = $(libexec_PROGRAMS) + + +DEFS = @DEFS@ -I. -I$(srcdir) -I../../include +CPPFLAGS = @CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +X_CFLAGS = @X_CFLAGS@ +X_LIBS = @X_LIBS@ +X_EXTRA_LIBS = @X_EXTRA_LIBS@ +X_PRE_LIBS = @X_PRE_LIBS@ +am_dpagaix_OBJECTS = dpagaix-dpagaix.$(OBJEXT) +dpagaix_OBJECTS = $(am_dpagaix_OBJECTS) +dpagaix_DEPENDENCIES = +am_k5dcecon_OBJECTS = k5dcecon.$(OBJEXT) +k5dcecon_OBJECTS = $(am_k5dcecon_OBJECTS) +k5dcecon_LDADD = $(LDADD) +@IRIX_FALSE@k5dcecon_DEPENDENCIES = +@IRIX_TRUE@k5dcecon_DEPENDENCIES = +k5dcecon_LDFLAGS = +COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CFLAGS = @CFLAGS@ +CCLD = $(CC) +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +DIST_SOURCES = $(dpagaix_SOURCES) $(k5dcecon_SOURCES) +depcomp = +DIST_COMMON = ChangeLog Makefile.am Makefile.in compile + + +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + +GZIP_ENV = --best +SOURCES = $(dpagaix_SOURCES) $(k5dcecon_SOURCES) +OBJECTS = $(am_dpagaix_OBJECTS) $(am_k5dcecon_OBJECTS) + +all: all-redirect +.SUFFIXES: +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj +$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common + cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/dceutils/Makefile + +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) \ + && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status + + +mostlyclean-libexecPROGRAMS: + +clean-libexecPROGRAMS: + -test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS) + +distclean-libexecPROGRAMS: + +maintainer-clean-libexecPROGRAMS: + +install-libexecPROGRAMS: $(libexec_PROGRAMS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(libexecdir) + @list='$(libexec_PROGRAMS)'; for p in $$list; do \ + if test -f $$p; then \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f"; \ + $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f; \ + else :; fi; \ + done + +uninstall-libexecPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(libexec_PROGRAMS)'; for p in $$list; do \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \ + rm -f $(DESTDIR)$(libexecdir)/$$f; \ + done + +mostlyclean-compile: + -rm -f *.o core *.core + -rm -f *.$(OBJEXT) + +clean-compile: + +distclean-compile: + -rm -f *.tab.c + +maintainer-clean-compile: + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + +maintainer-clean-libtool: +dpagaix-dpagaix.$(OBJEXT): dpagaix.c + $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(dpagaix_CFLAGS) $(CFLAGS) -c -o dpagaix-dpagaix.$(OBJEXT) `test -f dpagaix.c || echo '$(srcdir)/'`dpagaix.c + +dpagaix$(EXEEXT): $(dpagaix_OBJECTS) $(dpagaix_DEPENDENCIES) + @rm -f dpagaix$(EXEEXT) + $(LINK) $(dpagaix_LDFLAGS) $(dpagaix_OBJECTS) $(dpagaix_LDADD) $(LIBS) + +k5dcecon$(EXEEXT): $(k5dcecon_OBJECTS) $(k5dcecon_DEPENDENCIES) + @rm -f k5dcecon$(EXEEXT) + $(LINK) $(k5dcecon_LDFLAGS) $(k5dcecon_OBJECTS) $(k5dcecon_LDADD) $(LIBS) +.c.o: + $(COMPILE) -c $< +.c.obj: + $(COMPILE) -c `cygpath -w $<` +.c.lo: + $(LTCOMPILE) -c -o $@ $< + +tags: TAGS + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique $(LISP) + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ + || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) + +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + +mostlyclean-tags: + +clean-tags: + +distclean-tags: + -rm -f TAGS ID + +maintainer-clean-tags: + +distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) + +distdir: $(DISTFILES) + @for file in $(DISTFILES); do \ + d=$(srcdir); \ + if test -d $$d/$$file; then \ + cp -pR $$d/$$file $(distdir) \ + || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook +info-am: +info: info-am +dvi-am: +dvi: dvi-am +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-local +check: check-am +installcheck-am: +installcheck: installcheck-am +install-exec-am: install-libexecPROGRAMS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook +install-exec: install-exec-am + +install-data-am: install-data-local +install-data: install-data-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am +install: install-am +uninstall-am: uninstall-libexecPROGRAMS +uninstall: uninstall-am +all-am: Makefile $(PROGRAMS) all-local +all-redirect: all-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install +installdirs: + $(mkinstalldirs) $(DESTDIR)$(libexecdir) + + +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f config.cache config.log stamp-h stamp-h[0-9]* + +maintainer-clean-generic: + -rm -f Makefile.in +mostlyclean-am: mostlyclean-libexecPROGRAMS mostlyclean-compile \ + mostlyclean-libtool mostlyclean-tags \ + mostlyclean-generic + +mostlyclean: mostlyclean-am + +clean-am: clean-libexecPROGRAMS clean-compile clean-libtool clean-tags \ + clean-generic mostlyclean-am + +clean: clean-am + +distclean-am: distclean-libexecPROGRAMS distclean-compile \ + distclean-libtool distclean-tags distclean-generic \ + clean-am + -rm -f libtool + +distclean: distclean-am + +maintainer-clean-am: maintainer-clean-libexecPROGRAMS \ + maintainer-clean-compile maintainer-clean-libtool \ + maintainer-clean-tags maintainer-clean-generic \ + distclean-am + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." + +maintainer-clean: maintainer-clean-am + +.PHONY: mostlyclean-libexecPROGRAMS distclean-libexecPROGRAMS \ +clean-libexecPROGRAMS maintainer-clean-libexecPROGRAMS \ +uninstall-libexecPROGRAMS install-libexecPROGRAMS mostlyclean-compile \ +distclean-compile clean-compile maintainer-clean-compile \ +mostlyclean-libtool distclean-libtool clean-libtool \ +maintainer-clean-libtool tags mostlyclean-tags distclean-tags \ +clean-tags maintainer-clean-tags distdir info-am info dvi-am dvi \ +check-local check check-am installcheck-am installcheck install-exec-am \ +install-exec install-data-local install-data-am install-data install-am \ +install uninstall-am uninstall all-local all-redirect all-am all \ +install-strip installdirs mostlyclean-generic distclean-generic \ +clean-generic maintainer-clean-generic clean mostlyclean distclean \ +maintainer-clean + + +install-suid-programs: + @foo='$(bin_SUIDS)'; \ + for file in $$foo; do \ + x=$(DESTDIR)$(bindir)/$$file; \ + if chown 0:0 $$x && chmod u+s $$x; then :; else \ + echo "*"; \ + echo "* Failed to install $$x setuid root"; \ + echo "*"; \ + fi; done + +install-exec-hook: install-suid-programs + +install-build-headers:: $(include_HEADERS) $(build_HEADERZ) + @foo='$(include_HEADERS) $(build_HEADERZ)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done + +all-local: install-build-headers +#NROFF_MAN = nroff -man +.1.cat1: + $(NROFF_MAN) $< > $@ +.3.cat3: + $(NROFF_MAN) $< > $@ +.5.cat5: + $(NROFF_MAN) $< > $@ +.8.cat8: + $(NROFF_MAN) $< > $@ + +dist-cat1-mans: + @foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat3-mans: + @foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat5-mans: + @foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat8-mans: + @foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans + +install-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +install-data-local: install-cat-mans + +.et.h: + $(COMPILE_ET) $< +.et.c: + $(COMPILE_ET) $< + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ + +check-local:: + @foo='$(CHECK_LOCAL)'; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if ./$$i --version > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0; \ + fi + +dpagaix: $(dpagaix_OBJECTS) + ld -edpagaix -o dpagaix $(dpagaix_OBJECTS) $(srcdir)/dfspag.exp + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/crypto/heimdal/appl/dceutils/README.dcedfs b/crypto/heimdal/appl/dceutils/README.dcedfs new file mode 100644 index 0000000..80a06fe --- /dev/null +++ b/crypto/heimdal/appl/dceutils/README.dcedfs @@ -0,0 +1,59 @@ +This is a set of patches and files to get a DFS ticket from a k5 ticket. +This code comes from Doug Engert, Argonne Nat. Lab (See dce/README.original +for more info) + +The files in dce are; +testpag: for testing if this is at all possible. +k5dfspag: included in libkrb5 +k5dcecon: Creates (or searches for) the actual DFSPAG ticketfile. +dpagaix: An AIX syscall stub. +README.original: Original README file from Doug Engert + + +Certain applications (rshd/telnetd) have been patched to call the +functions in k5dfspag when the situation is right. They are ifdef +with DCE. The patches are also originally from Doug but they +where against MIT krb5 code and have been merged into heimdal by me. +I will try to fix ftpd soon... + +There is also an ifdefs for DCE && AIX that can be used to make AIX +use DCE for getting group/passwd entries. This is needed if one is running +with a bare bones passwd/group file and AUTHSTATE set to DCE (This will be +more or less clear to people doing this...) I have forced this on for now. + +k5dfspag.c is in lib/krb5 +k5dfspag.c is dependent on DCE only. +It is also POSIX systems only. There are defines for the location of +k5dcecon and dpagaix that needs a correct configure setting. + +k5dcecon needs no special things for the compile except whatever is needed +on the target system to compile dce programs. +(On aix the dce compile flags are: -D_THREAD_SAFE -D_AIX32_THREADS=1 -D_AIX41 -D_AES_SOURCE or one can use xlc_r4 if it is version 3.6.4 or later) + +k5dcecon wants the following libs (on aix 4.3): +-ldce (and setenv from somewhere) + +dpagaix is only needed on AIX (see k5dfspag.c). +dpagaix needs dfspag.exp and is linked with +ld -edpagaix -o dpagaix dpagaix.o dfspag.exp + + +Hope to get this into heimdal soon :-) although I know that you will have to +change some things to get it cleanly into configure. Since I don't know the +structure of the code (heimdal), nor enough of configure, good enough I +just won't try it myself. + +One more thing, to get this to work one has to put fcache_version = x in +krb5.conf where x = whatever the DCE implementation understands, (usually +1 or 2). +Thanks for adding that... + + +Åke Sandgren (ake@hpc2n.umu.se) +HPC2N +Umeå University +Sweden + +PS +I have now added patches for configure.in and some Makefile.am's to get this +all cleanly (I hope) into heimdal. diff --git a/crypto/heimdal/appl/dceutils/README.original b/crypto/heimdal/appl/dceutils/README.original new file mode 100644 index 0000000..7283c38 --- /dev/null +++ b/crypto/heimdal/appl/dceutils/README.original @@ -0,0 +1,335 @@ +KERBEROS and DCE INTEROPERABILITY ROUTINES + +WHAT'S NEW + +When k5dcecon was examining the ticket caches looking to +update one with a newer TGT, it might update the wrong +one for the correct user. This problem was reported by PNNL, +and is now fixed. + +Any Kerberized application can now use a forwarded TGT to establish a +DCE context, or can use a previously established DCE context. This is +both a functional improvement and a performance improvement. + +BACKGROUND + +The MIT Kerberos 5 Release 1.x and DCE 1.1 can interoperate in a +number of ways. This is possible because: + + o DCE used Kerberos 5 internally. Based on the MIT code as of beta 4 + or so, with additional changes. + + o The DCE security server can act as a K5 KDC, as defined in RFC 1510 + and responds on port 88. + + o On the clients, DCE and Kerberos use the same format for the ticket + cache, and then can share it. The KRB5CCNAME environment variable points + at the cache. + + o On the clients, DCE and Kerberos use the same format for the srvtab + file. DCE refers to is a /krb5/v5srvtab and Kerberos as + /etc/krb5.keytab. They can be symlinked. + + o MIT has added many options to the krb5.conf configuration file + which allows newer features of Release 1.0 to be turned off to match + the earlier version of Kerberos upon which DCE is based. + + o DCE will accept a externally obtained Kerberos TGT in place of a + password when establishing a DCE context. + +There are some areas where they differ, including the following: + + o Administration of the database and the keytab files is done by the + DCE routines, rather the the Kerberos kadmin. + + o User password changes must be done using the DCE commands. Kpasswd + does not work. (But there are mods to Kerberos to use the v5passwd + with DCE. + + o DCE goes beyond authentication only, and provides authorization via + the PAC, and the dce-ptgt tickets stored in the cache. Thus a + Kerberos KDC can not act as a DCE security server. + + o A DCE cell and Kerberos realm can cross-realm authenticate, but + there can be no intermediate realms. (There are other problems + in this area as well. But directly connected realms/cells do work.) + + o You can't link a module with the DCE library and the Kerberos + library. They have conflicting routines, static data and structures. + +One of the main features of DCE is the Distributed File System +DFS. Access to DFS requires authentication and authorization, and when +one uses a Kerberized network utility such as telnet, a forwarded +Kerberos ticket can be used to establish the DCE context to allow +access to DFS. + + +NEW TO THIS RELEASE + +This release introduces sharing of a DCE context, and PAG, and allows +any Kerberized application to establish or share the context. This is +made possible by using an undocumented feature of DCE which is on at +least the Transarc and IBM releases of DCE 1.1. + +I am in the process of trying to get this contributed to the general +DCE 1.2.2 release as a patch, so it could be included in other vendors +products. HP has expressed interest in doing this, as well as the +OpenGroup if the modification is contributed. You can help by +requesting Transarc and/or IBM to submit this modification to the +OpenGroup and ask your vendor to adopt this modification. + +The feature is a modification to the setpag() system call which will +allow an authorized process to set the PAG to a specific value, and +thus allow unrelated processes to share the same PAG. + +This then allows the Kerberized daemons such as kshd, to exec a DCE +module which established the DCE context. Kshd then sets the +KRB5CCNAME environment variable and then issues the setpag() to use +this context. This solves the linking problem. This is done via the +k5dfspag.c routine. + +The k5dfspag.c code is compiled with the lib/krb5/os routines and +included in the libkrb5. A daemon calls krb5_dfs_pag after the +krb5_kuserok has determined that the Kerberos principal and local +userid pair are acceptable. This should be done early so as to give +the daemon access to the home directory which may be located on DFS. +If the .k5login file is used by krb5_kuserok it will need to be +accessed by the daemon and will need special ACL handling. + +The krb5_dfs_pag routine will exec the k5dcecon module to do all the +real work. Upon return, if a PAG is obtained, krb5_dfs_pag with set +the PAG for the current process to the returned PAG value. It will +also set the KRB5CCNAME environment as well. Under DCE the PAG value +is the nnnnnnn part of the name of the cache: +FILE:/opt/dcelocal/var/security/creds/dcecred_nnnnnnnn. + +The k5dcecon routine will attempt to use TGT which may have been +forwarded, to convert it to a DCE context. If there is no TGT, an +attempt will be made to join an existing PAG for the local userid, and +Kerberos principal. If there are existing PAGs, and a forwarded TGT, +k5dcecon will check the lifetime of the forwarded TGT, and if it is +less then the lifetime of the PAG, it will just join the PAG. If it +is greater, it will refresh the PAG using the forwarded TGT. +This approach has the advantage of not requiring many new tickets from +having to be obtained, and allows one to refresh a DCE context, or use +an already established context. + +If the system also has AFS, the AFS krb5_afs_pag should be called +after the krb5_dfs_pag, since cache pointed at via the KRB5CCNAME may +have changed, such as if a DFS PAG has been joined. The AFS code does +not have the capability to join an existing AFS PAG, but can use the +same cache which might already had a +afsx/<afs.cell.name>@<k5.realm.name> service ticket. + + +WHAT'S IN THIS RELEASE + +The k5prelogin, k5dcelogin, k5afslogin (with ak5log) were designed to +be slipped in between telnetd or klogind and login.krb5. They would +use a forwarded Kerberos ticket to establish a DCE context. They are +the older programs which are included here. They work on all DCE +platforms, and don't take advantage of the undocumented setpag +feature. (A version of k5dcelogin is being included with DCE 1.2.2) + +K5dcecon is the new program which can be used to create, update or +join a DCE context. k5dcecon returns KRB5CCNAME string which contains +the PAG. + +k5dfspag.c is to be built in the MIT Kerberos 5 release 1.0 patchlevel +1 and added to the libkrb5. It will exec k5dcecon and upon return set +the KRB5CCNAME and PAG. Mods to Kerberized klogind, rshd, telnetd, +ftpd are available to use the k5dfspag. + +Testpag.c is a test programs to see if the PAG can be set. + +The cpwkey.c routine can be used to change a key in the DCE registry, +by adding the key directly, or by setting the salt/pepper and password +or by providing the key and the pepper. This could be useful when +coping keys from a K4 or AFS database to DCE. It can also be used when +setting a DCE to K5 cross-cell key. This program is a test program +For mass inserts, it should be rewritten to read from stdin. + +K5dcelogin can also be called directly, much like dce_login. +I use the following commands in effect do the same thing as dce_login +and get a forwardable ticket, DCE context and an AFS token: + + #!/bin/csh + # simulate a dce_login using krb5 kinit and k5dcelogin + # + setenv KRB5CCNAME FILE:/tmp/krb5cc_p$$ + /krb5/bin/kinit -f + exec /krb5/sbin/k5dcelogin /krb5/sbin/k5afslogin /bin/csh + #exec /krb5/sbin/k5dcelogin /bin/csh + +This could be useful in a mixed cell where "AS_REQ" messages are +handled by a K5 KDC, but DCE RPCs are handled by the DCE security +server. + +TESTING THE SETPAG + +The krb5_dfs_pag routine relies on an undocumented feature which is +in the AIX and Transarc Solaris ports of DCE and has been recently +added to the SGI version. To test if this feature is present +on some other DFS implementation use the testpag routine. + +The testpag routine attempts to set a PAG value to one you supply. It +uses the afs_syscall with the afs_setpag, and passes the supplied +PAG value as the next parameter. On an unmodifed system, this +will be ignored, and a new will be set. You should also check that +if run as a user, you cannot join a PAG owned by another user. +When run as root, any PAG should be usable. + +On a machine with DFS running, do a dce_login to get a DCE context and +PAG. ECHO the KRB5CCNAME and look at the nnnnnnnn at the end. It +should look like an 8 char hex value, which may be 41ffxxxx on some +systems. + +Su to root and unsetenv KRB5CCNAME. Do a testpag -n nnnnnnnn where +nnnnnnnn is the PAG obtained for the above name. + +It should look like this example on an AIX 4.1.4 system: + + pembroke# ./testpag -n 63dc9997 + calling k5dcepag newpag=63dc9997 + PAG returned = 63dc9997 + +You will be running under a new shell with the PAG and KRB5CCNAME set. +If the PAG returned is the same as the newpag, then it worked. You can +further verify this by doing a DCE klist, cd to DFS and a DCE klist +again. The klist should show some tickets for DFS servers. + +If the PAG returned is not the same, and repeated attempts show a +returned PAG decremented by 1 from the previous returned PAG, then +this system does not have the modification For example: + + # ./testpag -n 41fffff9 + calling k5dcepag newpag=41fffff9 + PAG returned = 41fffff8 + # ./testpag -n 41fffff9 + calling k5dcepag newpag=41fffff9 + PAG returned = 41fffff7 + +In this case the syscall is ignoring the newpag parameter. + +Running it with -n 0 should get the next PAG value with or without +this modification. + +If the DFS kernel extensions are not installed, you would get +something like this: + + caliban.ctd.anl.gov% ./testpag -n 012345678 + calling k5dcepag newpag=012345678 + Setpag failed with a system error + PAG returned = ffffffff + Not a good pag value + +If you DFS implementation does not have this modification, you could +attempt to install it yourself. But this requires source and requires +modifications to the kernel extensions. At the end of this note is an +untested sample using the DCE 1.2.2 source code. You can also contact +your system vendor and ask for this modification. + +UNICOS has a similar function setppag(newpag) which can be used to set +the PAG of the parent. Contact me if you are interested. + +HOW TO INSTALL + +Examine the k5dfspag.c file to make sure the DFS syscalls are correct +for your platform. See the /opt/dcelocal/share/include/dcedfs/syscall.h +on Solaris for example. + +You should build the testpag routine and make sure it works before +adding all the other mods. If it fails you can still use the klogind +and telnetd with the k5prelogin and k5dcelogin code. + +If you intend to install with a prefix other then /krb5, change: +DPAGAIX and K5DCECON in k5dfspag.c; the three references in +k5prelogin.c; and the DESTDIR in the Makefile. + +Get k5101.cdiff.xxxxxx.tar file and install the mods for ANL_DFS_PAG +and ANL_DCE to the MIT Kerberos 5 source. These mods turn on some DCE +related changes and the calls to krb5_dfs_pag. + +Symlink or copy the k5dfspag.c to the src/lib/krb5/os directory. + +Add the -DANL_DFS_PAG and -DANL_DCE flags to the configuration. + +Configure and Build the Kerberos v5. + +Modify the k5dce Makefile for your system. + +Build the k5dcecon and related programs. + +Install both the MIT Kerberos v5 and the k5dcecon and dpagaix if AIX. + +The makefile can also build k5dcelogin and k5prelogin. The install +can install k5dcelogin, k5prelogin and update the links for login.krb5 +-> k5prelogin and moving login.krb5 to login.k5. If you will be using +the k5dcecon/k5dfspag with the Kerberos mods, you don't need +k5prelogin, or the links changed, and may not need k5dcelogin. + +Note that Transarc has obfuscated the entries to the lib, and +the 1.0.3a is different from the 1.1. You may need to build two +versions of the k5dcelogin and/or k5dcecon one for each. + +AIX ONLY + +The dpagaix routine is needed for AIX because of the way they do the +syscalls. + +The following fix.aix.libdce.mk is not needed if dce 2.1.0.21 +has been installed. This PTF exposed the needed entrypoints. + +The fix.aix.libdce.mk is a Makefile for AIX 4.x to add the required +external entry points to the libdce.a. These are needed by k5dcecon +and k5dcelogin. A bug report was submitted to IBM on this, and it was +rejected. But since DCE 1.2.2 will have a k5dcelogin, this should not +be needed with 1.2.2 + +Copy /usr/lib/libdce.a to /usr/libdce.a.orig before starting. Copy the +makefile to its own directory. It will create a new libdce.a which you +need to copy back to /usr/lib/libdce.a You will need to reboot the +machine. See the /usr/lpp/dce/examples/inst/README.AIX for a similar +procedure. IBM was not responsive in a request to have these added. + +UNTESTED KERNEL EXTENSION FOR SETPAG + +*** src/file/osi/,osi_pag.c Wed Oct 2 13:03:05 1996 +--- src/file/osi/osi_pag.c Mon Jul 28 13:53:13 1997 +*************** +*** 293,298 **** +--- 293,302 ---- + int code; + + osi_MakePreemptionRight(); ++ /* allow sharing of a PAG by non child processes DEE- 6/6/97 */ ++ if (unused && osi_GetUID(osi_getucred()) == 0) { ++ newpag = unused; ++ } else { + osi_mutex_enter(&osi_pagLock); + now = osi_Time(); + soonest = osi_firstPagTime + +*************** +*** 309,314 **** +--- 313,319 ---- + } + osi_mutex_exit(&osi_pagLock); + newpag = osi_genpag(); ++ } + osi_pcred_lock(p); + credp = crcopy(osi_getucred()); + code = osi_SetPagInCred(credp, newpag); + +Created 07/08/96 +Modified 09/30/96 +Modified 11/19/96 +Modified 12/19/96 +Modified 06/20/97 +Modified 07/28/97 +Modified 02/18/98 + + Douglas E. Engert <DEEngert@anl.gov> + Argonne National Laboratory + 9700 South Cass Avenue + Argonne, Illinois 60439 + (630) 252-5444 diff --git a/crypto/heimdal/appl/dceutils/compile b/crypto/heimdal/appl/dceutils/compile new file mode 100755 index 0000000..d4a34aa --- /dev/null +++ b/crypto/heimdal/appl/dceutils/compile @@ -0,0 +1,82 @@ +#! /bin/sh + +# Wrapper for compilers which do not understand `-c -o'. + +# Copyright 1999, 2000 Free Software Foundation, Inc. +# Written by Tom Tromey <tromey@cygnus.com>. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +# Usage: +# compile PROGRAM [ARGS]... +# `-o FOO.o' is removed from the args passed to the actual compile. + +prog=$1 +shift + +ofile= +cfile= +args= +while test $# -gt 0; do + case "$1" in + -o) + ofile=$2 + shift + ;; + *.c) + cfile=$1 + args="$args $1" + ;; + *) + args="$args $1" + ;; + esac + shift +done + +test -z "$ofile" && { + echo "compile: no \`-o' option seen" 1>&2 + exit 1 +} + +test -z "$cfile" && { + echo "compile: no \`.c' file seen" 1>&2 + exit 1 +} + +# Name of file we expect compiler to create. +cofile=`echo $cfile | sed -e 's|^.*/||' -e 's/\.c$/.o/'` + +# Create the lock directory. +lockdir=`echo $ofile | sed -e 's|/|_|g'` +while true; do + if mkdir $lockdir > /dev/null 2>&1; then + break + fi + sleep 1 +done +# FIXME: race condition here if user kills between mkdir and trap. +trap "rmdir $lockdir; exit 1" 1 2 15 + +# Run the compile. +"$prog" $args +status=$? + +if test -f "$cofile"; then + mv "$cofile" "$ofile" +fi + +rmdir $lockdir +exit $status diff --git a/crypto/heimdal/appl/dceutils/dfspag.exp b/crypto/heimdal/appl/dceutils/dfspag.exp new file mode 100644 index 0000000..ed39788 --- /dev/null +++ b/crypto/heimdal/appl/dceutils/dfspag.exp @@ -0,0 +1,3 @@ +#!/unix +* kernel extentions used to get the pag +kafs_syscall syscall diff --git a/crypto/heimdal/appl/dceutils/dpagaix.c b/crypto/heimdal/appl/dceutils/dpagaix.c new file mode 100644 index 0000000..cbc23cb --- /dev/null +++ b/crypto/heimdal/appl/dceutils/dpagaix.c @@ -0,0 +1,23 @@ +/* + * dpagaix.c + * On AIX we need to get the kernel extentions + * with the DFS kafs_syscall in it. + * We might be running on a system + * where DFS is not active. + * So we use this dummy routine which + * might not load to do the dirty work + * + * DCE does this with the /usr/lib/drivers/dfsloadobj + * + */ + + int dpagaix(parm1, parm2, parm3, parm4, parm5, parm6) + int parm1; + int parm2; + int parm3; + int parm4; + int parm5; + int parm6; + { + return(kafs_syscall(parm1, parm2, parm3, parm4, parm5, parm6)); + } diff --git a/crypto/heimdal/appl/dceutils/k5dce.h b/crypto/heimdal/appl/dceutils/k5dce.h new file mode 100644 index 0000000..424ebdc --- /dev/null +++ b/crypto/heimdal/appl/dceutils/k5dce.h @@ -0,0 +1,165 @@ +/* dummy K5 routines which are needed to get this to + * compile without having access ti the DCE versions + * of the header files. + * Thiis is very crude, and OSF needs to expose the K5 + * API. + */ + +#ifdef sun +/* Transarc obfascates these routines */ +#ifdef DCE_1_1 + +#define krb5_init_ets _dce_PkjKqOaklP +#define krb5_copy_creds _dce_LuFxPiITzD +#define krb5_unparse_name _dce_LWHtAuNgRV +#define krb5_get_default_realm _dce_vDruhprWGh +#define krb5_build_principal _dce_qwAalSzTtF +#define krb5_build_principal_ext _dce_vhafIQlejW +#define krb5_build_principal_va _dce_alsqToMmuJ +#define krb5_cc_default _dce_KZRshhTXhE +#define krb5_cc_default_name _dce_bzJVAjHXVQ +#define sec_login_krb5_add_cred _dce_ePDtOJTZvU + +#else /* DCE 1.0.3a */ + +#define krb5_init_ets _dce_BmLRpOVsBo +#define krb5_copy_creds _dce_VGwSEBNwaf +#define krb5_unparse_name _dce_PgAOkJoMXA +#define krb5_get_default_realm _dce_plVOzStKyK +#define krb5_build_principal _dce_uAKSsluIFy +#define krb5_build_principal_ext _dce_tRMpPiRada +#define krb5_build_principal_va _dce_SxnLejZemH +#define krb5_cc_default _dce_SeKosWFnsv +#define krb5_cc_default_name _dce_qJeaphJWVc +#define sec_login_krb5_add_cred _dce_uHwRasumsN + +#endif +#endif + +/* Define the bare minimum k5 structures which are needed + * by this program. Since the krb5 includes are not supplied + * with DCE, these were based on the MIT Kerberos 5 beta 3 + * which should match the DCE as of 1.0.3 at least. + * The tricky one is the krb5_creds, since one is allocated + * by this program, and it needs access to the client principal + * in it. + * Note that there are no function prototypes, so there is no + * compile time checking. + * DEE 07/11/95 + */ +#define NPROTOTYPE(x) () +typedef int krb5_int32; /* assuming all DCE systems are 32 bit */ +typedef short krb5short; /* assuming short is 16 bit */ +typedef krb5_int32 krb5_error_code; +typedef unsigned char krb5_octet; +typedef krb5_octet krb5_boolean; +typedef krb5short krb5_keytype; /* in k5.2 it's a short */ +typedef krb5_int32 krb5_flags; +typedef krb5_int32 krb5_timestamp; + +typedef char * krb5_pointer; /* pointer to unexposed data */ + +typedef struct _krb5_ccache { + struct _krb5_cc_ops *ops; + krb5_pointer data; +} *krb5_ccache; + +typedef struct _krb5_cc_ops { + char *prefix; + char *(*get_name) NPROTOTYPE((krb5_ccache)); + krb5_error_code (*resolve) NPROTOTYPE((krb5_ccache *, char *)); + krb5_error_code (*gen_new) NPROTOTYPE((krb5_ccache *)); + krb5_error_code (*init) NPROTOTYPE((krb5_ccache, krb5_principal)); + krb5_error_code (*destroy) NPROTOTYPE((krb5_ccache)); + krb5_error_code (*close) NPROTOTYPE((krb5_ccache)); + krb5_error_code (*store) NPROTOTYPE((krb5_ccache, krb5_creds *)); + krb5_error_code (*retrieve) NPROTOTYPE((krb5_ccache, krb5_flags, + krb5_creds *, krb5_creds *)); + krb5_error_code (*get_princ) NPROTOTYPE((krb5_ccache, + krb5_principal *)); + krb5_error_code (*get_first) NPROTOTYPE((krb5_ccache, + krb5_cc_cursor *)); + krb5_error_code (*get_next) NPROTOTYPE((krb5_ccache, krb5_cc_cursor *, + krb5_creds *)); + krb5_error_code (*end_get) NPROTOTYPE((krb5_ccache, krb5_cc_cursor *)); + krb5_error_code (*remove_cred) NPROTOTYPE((krb5_ccache, krb5_flags, + krb5_creds *)); + krb5_error_code (*set_flags) NPROTOTYPE((krb5_ccache, krb5_flags)); +} krb5_cc_ops; + +typedef struct _krb5_keyblock { + krb5_keytype keytype; + int length; + krb5_octet *contents; +} krb5_keyblock; + +typedef struct _krb5_ticket_times { + krb5_timestamp authtime; + krb5_timestamp starttime; + krb5_timestamp endtime; + krb5_timestamp renew_till; +} krb5_ticket_times; + +typedef krb5_pointer krb5_cc_cursor; + +typedef struct _krb5_data { + int length; + char *data; +} krb5_data; + +typedef struct _krb5_authdata { + int ad_type; + int length; + krb5_octet *contents; +} krb5_authdata; + +typedef struct _krb5_creds { + krb5_pointer client; + krb5_pointer server; + krb5_keyblock keyblock; + krb5_ticket_times times; + krb5_boolean is_skey; + krb5_flags ticket_flags; + krb5_pointer **addresses; + krb5_data ticket; + krb5_data second_ticket; + krb5_pointer **authdata; +} krb5_creds; + +typedef krb5_pointer krb5_principal; + +#define KRB5_CC_END 336760974 +#define KRB5_TC_OPENCLOSE 0x00000001 + +/* Ticket flags */ +/* flags are 32 bits; each host is responsible to put the 4 bytes + representing these bits into net order before transmission */ +/* #define TKT_FLG_RESERVED 0x80000000 */ +#define TKT_FLG_FORWARDABLE 0x40000000 +#define TKT_FLG_FORWARDED 0x20000000 +#define TKT_FLG_PROXIABLE 0x10000000 +#define TKT_FLG_PROXY 0x08000000 +#define TKT_FLG_MAY_POSTDATE 0x04000000 +#define TKT_FLG_POSTDATED 0x02000000 +#define TKT_FLG_INVALID 0x01000000 +#define TKT_FLG_RENEWABLE 0x00800000 +#define TKT_FLG_INITIAL 0x00400000 +#define TKT_FLG_PRE_AUTH 0x00200000 +#define TKT_FLG_HW_AUTH 0x00100000 +#ifdef PK_INIT +#define TKT_FLG_PUBKEY_PREAUTH 0x00080000 +#define TKT_FLG_DIGSIGN_PREAUTH 0x00040000 +#define TKT_FLG_PRIVKEY_PREAUTH 0x00020000 +#endif + + +#define krb5_cc_get_principal(cache, principal) (*(cache)->ops->get_princ)(cache, principal) +#define krb5_cc_set_flags(cache, flags) (*(cache)->ops->set_flags)(cache, flags) +#define krb5_cc_get_name(cache) (*(cache)->ops->get_name)(cache) +#define krb5_cc_start_seq_get(cache, cursor) (*(cache)->ops->get_first)(cache, cursor) +#define krb5_cc_next_cred(cache, cursor, creds) (*(cache)->ops->get_next)(cache, cursor, creds) +#define krb5_cc_destroy(cache) (*(cache)->ops->destroy)(cache) +#define krb5_cc_end_seq_get(cache, cursor) (*(cache)->ops->end_get)(cache, cursor) + +/* end of k5 dummy typedefs */ + diff --git a/crypto/heimdal/appl/dceutils/k5dcecon.c b/crypto/heimdal/appl/dceutils/k5dcecon.c new file mode 100644 index 0000000..38acee9 --- /dev/null +++ b/crypto/heimdal/appl/dceutils/k5dcecon.c @@ -0,0 +1,791 @@ +/* + * (c) Copyright 1995 HEWLETT-PACKARD COMPANY + * + * To anyone who acknowledges that this file is provided + * "AS IS" without any express or implied warranty: + * permission to use, copy, modify, and distribute this + * file for any purpose is hereby granted without fee, + * provided that the above copyright notice and this + * notice appears in all copies, and that the name of + * Hewlett-Packard Company not be used in advertising or + * publicity pertaining to distribution of the software + * without specific, written prior permission. Hewlett- + * Packard Company makes no representations about the + * suitability of this software for any purpose. + * + */ +/* + * k5dcecon - Program to convert a K5 TGT to a DCE context, + * for use with DFS and its PAG. + * + * The program is designed to be called as a sub process, + * and return via stdout the name of the cache which implies + * the PAG which should be used. This program itself does not + * use the cache or PAG itself, so the PAG in the kernel for + * this program may not be set. + * + * The calling program can then use the name of the cache + * to set the KRB5CCNAME and PAG for its self and its children. + * + * If no ticket was passed, an attemplt to join an existing + * PAG will be made. + * + * If a forwarded K5 TGT is passed in, either a new DCE + * context will be created, or an existing one will be updated. + * If the same ticket was already used to create an existing + * context, it will be joined instead. + * + * Parts of this program are based on k5dceauth,c which was + * given to me by HP and by the k5dcelogin.c which I developed. + * A slightly different version of k5dcelogin.c, was added to + * DCE 1.2.2 + * + * D. E. Engert 6/17/97 ANL + */ + +#include <stdio.h> +#include <stdlib.h> +#include <fcntl.h> +#include <sys/types.h> +#include <dirent.h> +#include <sys/stat.h> +#include <locale.h> +#include <pwd.h> +#include <string.h> +#include <time.h> + +#include <errno.h> +#include "k5dce.h" + +#include <dce/sec_login.h> +#include <dce/dce_error.h> +#include <dce/passwd.h> + +/* #define DEBUG */ +#if defined(DEBUG) +#define DEEDEBUG(A) fprintf(stderr,A); fflush(stderr) +#define DEEDEBUG2(A,B) fprintf(stderr,A,B); fflush(stderr) +#else +#define DEEDEBUG(A) +#define DEEDEBUG2(A,B) +#endif + +#ifdef __hpux +#define seteuid(A) setresuid(-1,A,-1); +#endif + + +int k5dcecreate (uid_t, char *, char*, krb5_creds **); +int k5dcecon (uid_t, char *, char *); +int k5dcegettgt (krb5_ccache *, char *, char *, krb5_creds **); +int k5dcematch (uid_t, char *, char *, off_t *, krb5_creds **); +int k5dcesession (uid_t, char *, krb5_creds **, int *,krb5_flags); + + +char *progname = "k5dcecon"; +static time_t now; + +#ifdef notdef +#ifdef _AIX +/*---------------------------------------------*/ + /* AIX with DCE 1.1 does not have the com_err in the libdce.a + * do a half hearted job of substituting for it. + */ +void com_err(char *p1, int code, ...) +{ + int lst; + dce_error_string_t err_string; + dce_error_inq_text(code, err_string, &lst); + fprintf(stderr,"Error %d in %s: %s\n", code, p1, err_string ); +} + +/*---------------------------------------------*/ +void krb5_init_ets() +{ + +} +#endif +#endif + + +/*------------------------------------------------*/ +/* find a cache to use for our new pag */ +/* Since there is no simple way to determine which + * caches are associated with a pag, we will have + * do look around and see what makes most sense on + * different systems. + * on a Solaris system, and in the DCE source, + * the pags always start with a 41. + * this is not true on the IBM, where there does not + * appear to be any pattern. + * + * But since we are always certifing our creds when + * they are received, we can us that fact, and look + * at the first word of the associated data file + * to see that it has a "5". If not don't use. + */ + +int k5dcesession(luid, pname, tgt, ppag, tflags) + uid_t luid; + char *pname; + krb5_creds **tgt; + int *ppag; + krb5_flags tflags; +{ + DIR *dirp; + struct dirent *direntp; + off_t size; + krb5_timestamp endtime; + int better = 0; + krb5_creds *xtgt; + + char prev_name[17] = ""; + krb5_timestamp prev_endtime; + off_t prev_size; + u_long prev_pag = 0; + + char ccname[64] = "FILE:/opt/dcelocal/var/security/creds/"; + + error_status_t st; + sec_login_handle_t lcontext = 0; + dce_error_string_t err_string; + int lst; + + DEEDEBUG2("k5dcesession looking for flags %8.8x\n",tflags); + + dirp = opendir("/opt/dcelocal/var/security/creds/"); + if (dirp == NULL) { + return 1; + } + + while ( (direntp = readdir( dirp )) != NULL ) { + +/* + * (but root has the ffffffff which we are not interested in) + */ + if (!strncmp(direntp->d_name,"dcecred_",8) + && (strlen(direntp->d_name) == 16)) { + + /* looks like a cache name, lets do the stat, etc */ + + strcpy(ccname+38,direntp->d_name); + if (!k5dcematch(luid, pname, ccname, &size, &xtgt)) { + + /* its one of our caches, see if it is better + * i.e. the endtime is farther, and if the endtimes + * are the same, take the larger, as he who has the + * most tickets wins. + * it must also had the same set of flags at least + * i.e. if the forwarded TGT is forwardable, this one must + * be as well. + */ + + DEEDEBUG2("Cache:%s",direntp->d_name); + DEEDEBUG2(" size:%d",size); + DEEDEBUG2(" flags:%8.8x",xtgt->ticket_flags); + DEEDEBUG2(" %s",ctime((time_t *)&xtgt->times.endtime)); + + if ((xtgt->ticket_flags & tflags) == tflags ) { + if (prev_name[0]) { + if (xtgt->times.endtime > prev_endtime) { + better = 1; + } else if ((xtgt->times.endtime = prev_endtime) + && (size > prev_size)){ + better = 1; + } + } else { /* the first */ + if (xtgt->times.endtime >= now) { + better = 1; + } + } + if (better) { + strcpy(prev_name, direntp->d_name); + prev_endtime = xtgt->times.endtime; + prev_size = size; + sscanf(prev_name+8,"%8X",&prev_pag); + *tgt = xtgt; + better = 0; + } + } + } + } + } + (void)closedir( dirp ); + + if (!prev_name[0]) + return 1; /* failed to find one */ + + DEEDEBUG2("Best: %s\n",prev_name); + + if (ppag) + *ppag = prev_pag; + + strcpy(ccname+38,prev_name); + setenv("KRB5CCNAME",ccname,1); + + return(0); +} + + +/*----------------------------------------------*/ +/* see if this cache is for this this principal */ + +int k5dcematch(luid, pname, ccname, sizep, tgt) + uid_t luid; + char *pname; + char *ccname; + off_t *sizep; /* size of the file */ + krb5_creds **tgt; +{ + + krb5_ccache cache; + struct stat stbuf; + char ccdata[256]; + int fd; + int status; + + /* DEEDEBUG2("k5dcematch called: cache=%s\n",ccname+38); */ + + if (!strncmp(ccname,"FILE:",5)) { + + strcpy(ccdata,ccname+5); + strcat(ccdata,".data"); + + /* DEEDEBUG2("Checking the .data file for %s\n",ccdata); */ + + if (stat(ccdata, &stbuf)) + return(1); + + if (stbuf.st_uid != luid) + return(1); + + if ((fd = open(ccdata,O_RDONLY)) == -1) + return(1); + + if ((read(fd,&status,4)) != 4) { + close(fd); + return(1); + } + + /* DEEDEBUG2(".data file status = %d\n", status); */ + + if (status != 5) + return(1); + + if (stat(ccname+5, &stbuf)) + return(1); + + if (stbuf.st_uid != luid) + return(1); + + *sizep = stbuf.st_size; + } + + return(k5dcegettgt(&cache, ccname, pname, tgt)); +} + + +/*----------------------------------------*/ +/* k5dcegettgt - get the tgt from a cache */ + +int k5dcegettgt(pcache, ccname, pname, tgt) + krb5_ccache *pcache; + char *ccname; + char *pname; + krb5_creds **tgt; + +{ + krb5_ccache cache; + krb5_cc_cursor cur; + krb5_creds creds; + int code; + int found = 1; + krb5_principal princ; + char *kusername; + krb5_flags flags; + char *sname, *realm, *tgtname = NULL; + + /* Since DCE does not expose much of the Kerberos interface, + * we will have to use what we can. This means setting the + * KRB5CCNAME for each file we want to test + * We will also not worry about freeing extra cache structures + * as this this routine is also not exposed, and this should not + * effect this module. + * We should also free the creds contents, but that is not exposed + * either. + */ + + setenv("KRB5CCNAME",ccname,1); + cache = NULL; + *tgt = NULL; + + if (code = krb5_cc_default(pcache)) { + com_err(progname, code, "while getting ccache"); + goto return2; + } + + DEEDEBUG("Got cache\n"); + flags = 0; + if (code = krb5_cc_set_flags(*pcache, flags)) { + com_err(progname, code,"While setting flags"); + goto return2; + } + DEEDEBUG("Set flags\n"); + if (code = krb5_cc_get_principal(*pcache, &princ)) { + com_err(progname, code, "While getting princ"); + goto return1; + } + DEEDEBUG("Got principal\n"); + if (code = krb5_unparse_name(princ, &kusername)) { + com_err(progname, code, "While unparsing principal"); + goto return1; + } + + DEEDEBUG2("Unparsed to \"%s\"\n", kusername); + DEEDEBUG2("pname is \"%s\"\n", pname); + if (strcmp(kusername, pname)) { + DEEDEBUG("Principals not equal\n"); + goto return1; + } + DEEDEBUG("Principals equal\n"); + + realm = strchr(pname,'@'); + realm++; + + if ((tgtname = malloc(9 + 2 * strlen(realm))) == 0) { + fprintf(stderr,"Malloc failed for tgtname\n"); + goto return1; + } + + strcpy(tgtname,"krbtgt/"); + strcat(tgtname,realm); + strcat(tgtname,"@"); + strcat(tgtname,realm); + + DEEDEBUG2("Getting tgt %s\n", tgtname); + if (code = krb5_cc_start_seq_get(*pcache, &cur)) { + com_err(progname, code, "while starting to retrieve tickets"); + goto return1; + } + + while (!(code = krb5_cc_next_cred(*pcache, &cur, &creds))) { + krb5_creds *cred = &creds; + + if (code = krb5_unparse_name(cred->server, &sname)) { + com_err(progname, code, "while unparsing server name"); + continue; + } + + if (strncmp(sname, tgtname, strlen(tgtname)) == 0) { + DEEDEBUG("FOUND\n"); + if (code = krb5_copy_creds(&creds, tgt)) { + com_err(progname, code, "while copying TGT"); + goto return1; + } + found = 0; + break; + } + /* we should do a krb5_free_cred_contents(creds); */ + } + + if (code = krb5_cc_end_seq_get(*pcache, &cur)) { + com_err(progname, code, "while finishing retrieval"); + goto return2; + } + +return1: + flags = KRB5_TC_OPENCLOSE; + krb5_cc_set_flags(*pcache, flags); /* force a close */ + +return2: + if (tgtname) + free(tgtname); + + return(found); +} + + +/*------------------------------------------*/ +/* Convert a forwarded TGT to a DCE context */ +int k5dcecon(luid, luser, pname) + uid_t luid; + char *luser; + char *pname; +{ + + krb5_creds *ftgt = NULL; + krb5_creds *tgt = NULL; + unsigned32 dfspag; + boolean32 reset_passwd = 0; + int lst; + dce_error_string_t err_string; + char *shell_prog; + krb5_ccache fcache; + char *ccname; + char *kusername; + char *urealm; + char *cp; + int pag; + int code; + krb5_timestamp endtime; + + + /* If there is no cache to be converted, we should not be here */ + + if ((ccname = getenv("KRB5CCNAME")) == NULL) { + DEEDEBUG("No KRB5CCNAME\n"); + return(1); + } + + if (k5dcegettgt(&fcache, ccname, pname, &ftgt)) { + fprintf(stderr, "%s: Did not find TGT\n", progname); + return(1); + } + + + DEEDEBUG2("flags=%x\n",ftgt->ticket_flags); + if (!(ftgt->ticket_flags & TKT_FLG_FORWARDABLE)){ + fprintf(stderr,"Ticket not forwardable\n"); + return(0); /* but OK to continue */ + } + + setenv("KRB5CCNAME","",1); + +#define TKT_ACCEPTABLE (TKT_FLG_FORWARDABLE | TKT_FLG_PROXIABLE \ + | TKT_FLG_MAY_POSTDATE | TKT_FLG_RENEWABLE | TKT_FLG_HW_AUTH \ + | TKT_FLG_PRE_AUTH) + + if (!k5dcesession(luid, pname, &tgt, &pag, + (ftgt->ticket_flags & TKT_ACCEPTABLE))) { + if (ftgt->times.endtime > tgt->times.endtime) { + DEEDEBUG("Updating existing cache\n"); + return(k5dceupdate(&ftgt, pag)); + } else { + DEEDEBUG("Using existing cache\n"); + return(0); /* use the original one */ + } + } + /* see if the tgts match up */ + + if ((code = k5dcecreate(luid, luser, pname, &ftgt))) { + return (code); + } + + /* + * Destroy the Kerberos5 cred cache file. + * but dont care aout the return code. + */ + + DEEDEBUG("Destroying the old cache\n"); + if ((code = krb5_cc_destroy(fcache))) { + com_err(progname, code, "while destroying Kerberos5 ccache"); + } + return (0); +} + + +/*--------------------------------------------------*/ +/* k5dceupdate - update the cache with a new TGT */ +/* Assumed that the KRB5CCNAME has been set */ + +int k5dceupdate(krbtgt, pag) + krb5_creds **krbtgt; + int pag; +{ + + krb5_ccache ccache; + int code; + + if (code = krb5_cc_default(&ccache)) { + com_err(progname, code, "while opening cache for update"); + return(2); + } + + if (code = ccache->ops->init(ccache,(*krbtgt)->client)) { + com_err(progname, code, "while reinitilizing cache"); + return(3); + } + + /* krb5_cc_store_cred */ + if (code = ccache->ops->store(ccache, *krbtgt)) { + com_err(progname, code, "while updating cache"); + return(2); + } + + sec_login_pag_new_tgt(pag, (*krbtgt)->times.endtime); + return(0); +} +/*--------------------------------------------------*/ +/* k5dcecreate - create a new DCE context */ + +int k5dcecreate(luid, luser, pname, krbtgt) + uid_t luid; + char *luser; + char *pname; + krb5_creds **krbtgt; +{ + + char *cp; + char *urealm; + char *username; + char *defrealm; + uid_t uid; + + error_status_t st; + sec_login_handle_t lcontext = 0; + sec_login_auth_src_t auth_src = 0; + boolean32 reset_passwd = 0; + int lst; + dce_error_string_t err_string; + + setenv("KRB5CCNAME","",1); /* make sure it not misused */ + + uid = getuid(); + DEEDEBUG2("uid=%d\n",uid); + + /* if run as root, change to user, so as to have the + * cache created for the local user even if cross-cell + * If run as a user, let standard file protection work. + */ + + if (uid == 0) { + seteuid(luid); + } + + cp = strchr(pname,'@'); + *cp = '\0'; + urealm = ++cp; + + DEEDEBUG2("basename=%s\n",cp); + DEEDEBUG2("realm=%s\n",urealm); + + /* now build the username as a single string or a /.../cell/user + * if this is a cross cell + */ + + if ((username = malloc(7+strlen(pname)+strlen(urealm))) == 0) { + fprintf(stderr,"Malloc failed for username\n"); + goto abort; + } + if (krb5_get_default_realm(&defrealm)) { + DEEDEBUG("krb5_get_default_realm failed\n"); + goto abort; + } + + + if (!strcmp(urealm,defrealm)) { + strcpy(username,pname); + } else { + strcpy(username,"/.../"); + strcat(username,urealm); + strcat(username,"/"); + strcat(username,pname); + } + + /* + * Setup a DCE login context + */ + + if (sec_login_setup_identity((unsigned_char_p_t)username, + (sec_login_external_tgt|sec_login_proxy_cred), + &lcontext, &st)) { + /* + * Add our TGT. + */ + DEEDEBUG("Adding our new TGT\n"); + sec_login_krb5_add_cred(lcontext, *krbtgt, &st); + if (st) { + dce_error_inq_text(st, err_string, &lst); + fprintf(stderr, + "Error while adding credentials for %s because %s\n", + username, err_string); + goto abort; + } + DEEDEBUG("validating and certifying\n"); + /* + * Now "validate" and certify the identity, + * usually we would pass a password here, but... + * sec_login_valid_and_cert_ident + * sec_login_validate_identity + */ + + if (sec_login_validate_identity(lcontext, 0, &reset_passwd, + &auth_src, &st)) { + DEEDEBUG2("validate_identity st=%d\n",st); + if (st) { + dce_error_inq_text(st, err_string, &lst); + fprintf(stderr, "Validation error for %s because %s\n", + username, err_string); + goto abort; + } + if (!sec_login_certify_identity(lcontext,&st)) { + dce_error_inq_text(st, err_string, &lst); + fprintf(stderr, + "Credentials not certified because %s\n",err_string); + } + if (reset_passwd) { + fprintf(stderr, + "Password must be changed for %s\n", username); + } + if (auth_src == sec_login_auth_src_local) { + fprintf(stderr, + "Credentials obtained from local registry for %s\n", + username); + } + if (auth_src == sec_login_auth_src_overridden) { + fprintf(stderr, "Validated %s from local override entry, no network credentials obtained\n", username); + goto abort; + + } + /* + * Actually create the cred files. + */ + DEEDEBUG("Ceating new cred files.\n"); + sec_login_set_context(lcontext, &st); + if (st) { + dce_error_inq_text(st, err_string, &lst); + fprintf(stderr, + "Unable to set context for %s because %s\n", + username, err_string); + goto abort; + } + + /* + * Now free up the local context and leave the + * network context with its pag + */ +#if 0 + sec_login_release_context(&lcontext, &st); + if (st) { + dce_error_inq_text(st, err_string, &lst); + fprintf(stderr, + "Unable to release context for %s because %s\n", + username, err_string); + goto abort; + } +#endif + } + else { + DEEDEBUG2("validate failed %d\n",st); + dce_error_inq_text(st, err_string, &lst); + fprintf(stderr, + "Unable to validate %s because %s\n", username, + err_string); + goto abort; + } + } + else { + dce_error_inq_text(st, err_string, &lst); + fprintf(stderr, + "Unable to setup login entry for %s because %s\n", + username, err_string); + goto abort; + } + + done: + /* if we were root, get back to root */ + + DEEDEBUG2("sec_login_inq_pag %8.8x\n", + sec_login_inq_pag(lcontext, &st)); + + if (uid == 0) { + seteuid(0); + } + + DEEDEBUG("completed\n"); + return(0); + + abort: + if (uid == 0) { + seteuid(0); + } + + DEEDEBUG("Aborting\n"); + return(2); +} + + + +/*-------------------------------------------------*/ +main(argc, argv) + int argc; + char *argv[]; +{ + int status; + extern int optind; + extern char *optarg; + int rv; + + char *lusername = NULL; + char *pname = NULL; + int fflag = 0; + struct passwd *pw; + uid_t luid; + uid_t myuid; + char *ccname; + krb5_creds *tgt = NULL; + +#ifdef DEBUG + close(2); + open("/tmp/k5dce.debug",O_WRONLY|O_CREAT|O_APPEND); +#endif + + if (myuid = getuid()) { + DEEDEBUG2("UID = %d\n",myuid); + exit(33); /* must be root to run this, get out now */ + } + + while ((rv = getopt(argc,argv,"l:p:fs")) != -1) { + DEEDEBUG2("Arg = %c\n", rv); + switch(rv) { + case 'l': /* user name */ + lusername = optarg; + DEEDEBUG2("Optarg = %s\n", optarg); + break; + case 'p': /* principal name */ + pname = optarg; + DEEDEBUG2("Optarg = %s\n", optarg); + break; + case 'f': /* convert a forwarded TGT to a context */ + fflag++; + break; + case 's': /* old test parameter, ignore it */ + break; + } + } + + setlocale(LC_ALL, ""); + krb5_init_ets(); + time(&now); /* set time to check expired tickets */ + + /* if lusername == NULL, Then user is passed as the USER= variable */ + + if (!lusername) { + lusername = getenv("USER"); + if (!lusername) { + fprintf(stderr, "USER not in environment\n"); + return(3); + } + } + + if ((pw = getpwnam(lusername)) == NULL) { + fprintf(stderr, "Who are you?\n"); + return(44); + } + + luid = pw->pw_uid; + + if (fflag) { + status = k5dcecon(luid, lusername, pname); + } else { + status = k5dcesession(luid, pname, &tgt, NULL, 0); + } + + if (!status) { + printf("%s",getenv("KRB5CCNAME")); /* return via stdout to caller */ + DEEDEBUG2("KRB5CCNAME=%s\n",getenv("KRB5CCNAME")); + } + + DEEDEBUG2("Returning status %d\n",status); + return (status); +} diff --git a/crypto/heimdal/appl/dceutils/testpag.c b/crypto/heimdal/appl/dceutils/testpag.c new file mode 100644 index 0000000..4613fba --- /dev/null +++ b/crypto/heimdal/appl/dceutils/testpag.c @@ -0,0 +1,150 @@ +/* Test the k5dcepag routine by setting a pag, and + * and execing a shell under this pag. + * + * This allows you to join a PAG which was created + * earlier by some other means. + * for example k5dcecon + * + * Must be run as root for testing only. + * + */ + +#include <stdio.h> +#include <sys/stat.h> +#include <sys/wait.h> +#include <fcntl.h> +#include <signal.h> +#include <setjmp.h> +#include <errno.h> + +#define POSIX_SETJMP +#define POSIX_SIGNALS + +#ifdef POSIX_SIGNALS +typedef struct sigaction handler; +#define handler_init(H,F) (sigemptyset(&(H).sa_mask), \ + (H).sa_flags=0, \ + (H).sa_handler=(F)) +#define handler_swap(S,NEW,OLD) sigaction(S, &NEW, &OLD) +#define handler_set(S,OLD) sigaction(S, &OLD, NULL) +#else +typedef sigtype (*handler)(); +#define handler_init(H,F) ((H) = (F)) +#define handler_swap(S,NEW,OLD) ((OLD) = signal ((S), (NEW))) + +#define handler_set(S,OLD) (signal ((S), (OLD))) +#endif + +typedef void sigtype; + +/* + * We could include the dcedfs/syscall.h which should have these + * numbers, but it has extra baggage. So for + * simplicity sake now, we define these here. + */ + + +#define AFSCALL_SETPAG 2 +#define AFSCALL_GETPAG 11 + +#if defined(sun) +#define AFS_SYSCALL 72 + +#elif defined(hpux) +/* assume HPUX 10 + or is it 50 */ +#define AFS_SYSCALL 326 + +#elif defined(_AIX) +#define DPAGAIX "dpagaix" +/* #define DPAGAIX "/krb5/sbin/dpagaix" */ + +#elif defined(sgi) || defined(_sgi) +#define AFS_SYSCALL 206+1000 + +#else +#define AFS_SYSCALL (Unknown_DFS_AFS_SYSCALL) +#endif + +static sigjmp_buf setpag_buf; + +static sigtype mysig() +{ + siglongjmp(setpag_buf, 1); +} + + +int krb5_dfs_newpag(new_pag) + int new_pag; +{ + handler sa1, osa1; + handler sa2, osa2; + int pag = -1; + + handler_init (sa1, mysig); + handler_init (sa2, mysig); + handler_swap (SIGSYS, sa1, osa1); + handler_swap (SIGSEGV, sa2, osa2); + + if (sigsetjmp(setpag_buf, 1) == 0) { +#if defined(_AIX) + int (*dpagaix)(int, int, int, int, int, int); + + if (dpagaix = load(DPAGAIX, 0, 0)) + pag = (*dpagaix)(AFSCALL_SETPAG, new_pag, 0, 0, 0, 0); +#else + pag = syscall(AFS_SYSCALL,AFSCALL_SETPAG, new_pag, 0, 0, 0, 0); +#endif + handler_set (SIGSYS, osa1); + handler_set (SIGSEGV, osa2); + return(pag); + } + + fprintf(stderr,"Setpag failed with a system error\n"); + /* syscall failed! return 0 */ + handler_set (SIGSYS, osa1); + handler_set (SIGSEGV, osa2); + return(-1); +} + +main(argc, argv) + int argc; + char *argv[]; +{ + extern int optind; + extern char *optarg; + int rv; + int rc; + unsigned int pag; + unsigned int newpag = 0; + char ccname[256]; + int nflag = 0; + + while((rv = getopt(argc,argv,"n:")) != -1) { + switch(rv) { + case 'n': + nflag++; + sscanf(optarg,"%8x",&newpag); + break; + default: + printf("Usage: k5dcepagt -n pag \n"); + exit(1); + } + } + + if (nflag) { + fprintf (stderr,"calling k5dcepag newpag=%8.8x\n",newpag); + pag = krb5_dfs_newpag(newpag); + + fprintf (stderr,"PAG returned = %8.8x\n",pag); + if ((pag != 0) && (pag != -1)) { + sprintf (ccname, + "FILE:/opt/dcelocal/var/security/creds/dcecred_%8.8x", + pag); + esetenv("KRB5CCNAME",ccname,1); + execl("/bin/csh","csh",0); + } + else { + fprintf(stderr," Not a good pag value\n"); + } + } +} diff --git a/crypto/heimdal/appl/ftp/ChangeLog b/crypto/heimdal/appl/ftp/ChangeLog index 58dd9f8..226902f 100644 --- a/crypto/heimdal/appl/ftp/ChangeLog +++ b/crypto/heimdal/appl/ftp/ChangeLog @@ -1,3 +1,25 @@ +2001-04-19 Johan Danielsson <joda@pdc.kth.se> + + * ftpd/ftpd.c (do_store): call closefunc before claiming that + everything went ok, if the close fails the file might not have + been stored properly + +2001-03-26 Assar Westerlund <assar@sics.se> + + * ftpd/ftpd.c, ftpd/popen.c: always use GLOB_LIMIT + * ftpd/popen.c (ftpd_popen): use GLOB_LIMIT if defined + * ftpd/ftpd.c (send_file_list): use GLOB_LIMIT if defined + +2001-02-15 Assar Westerlund <assar@sics.se> + + * ftp/cmds.c (setpeer): handle both service names and port numbers + for the second optional argument. also make parsing more robust + +2001-02-07 Assar Westerlund <assar@sics.se> + + * ftp/security.c (sec_end): only clean app_data if there is any + (*): do realloc consistently + 2001-02-05 Assar Westerlund <assar@sics.se> * ftpd/popen.c (ftpd_popen): avoid overwriting the bounds of argv diff --git a/crypto/heimdal/appl/ftp/Makefile.in b/crypto/heimdal/appl/ftp/Makefile.in index e25633c..d704ee8 100644 --- a/crypto/heimdal/appl/ftp/Makefile.in +++ b/crypto/heimdal/appl/ftp/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -119,7 +120,7 @@ install_sh = @install_sh@ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) SUBDIRS = common ftp ftpd @@ -205,9 +208,10 @@ DIST_COMMON = ChangeLog Makefile.am Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) GZIP_ENV = --best +DIST_SUBDIRS = $(SUBDIRS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .et .h .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/Makefile @@ -248,11 +252,16 @@ mostlyclean-recursive clean-recursive distclean-recursive \ maintainer-clean-recursive: @set fnord $(MAKEFLAGS); amf=$$2; \ dot_seen=no; \ - rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \ - rev="$$subdir $$rev"; \ - if test "$$subdir" = "."; then dot_seen=yes; else :; fi; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ done; \ - test "$$dot_seen" = "no" && rev=". $$rev"; \ + rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ @@ -298,6 +307,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/appl/ftp/common/Makefile.in b/crypto/heimdal/appl/ftp/common/Makefile.in index a46eff6..525c6bd 100644 --- a/crypto/heimdal/appl/ftp/common/Makefile.in +++ b/crypto/heimdal/appl/ftp/common/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -119,7 +120,7 @@ install_sh = @install_sh@ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) noinst_LIBRARIES = libcommon.a @@ -231,7 +234,7 @@ OBJECTS = $(am_libcommon_a_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/common/Makefile @@ -305,6 +308,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/appl/ftp/ftp/Makefile.in b/crypto/heimdal/appl/ftp/ftp/Makefile.in index 1a28ad9..1986d3e 100644 --- a/crypto/heimdal/appl/ftp/ftp/Makefile.in +++ b/crypto/heimdal/appl/ftp/ftp/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -119,7 +120,7 @@ install_sh = @install_sh@ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = bin_PROGRAMS = ftp @@ -284,7 +287,7 @@ OBJECTS = $(am_ftp_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/ftp/Makefile @@ -417,6 +420,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/appl/ftp/ftp/cmds.c b/crypto/heimdal/appl/ftp/ftp/cmds.c index c7a066d..3f1933e 100644 --- a/crypto/heimdal/appl/ftp/ftp/cmds.c +++ b/crypto/heimdal/appl/ftp/ftp/cmds.c @@ -36,7 +36,7 @@ */ #include "ftp_locl.h" -RCSID("$Id: cmds.c,v 1.41 2000/07/18 10:00:31 joda Exp $"); +RCSID("$Id: cmds.c,v 1.42 2001/02/15 04:17:09 assar Exp $"); typedef void (*sighand)(int); @@ -81,7 +81,7 @@ void setpeer(int argc, char **argv) { char *host; - short port; + u_short port; struct servent *sp; if (connected) { @@ -102,14 +102,23 @@ setpeer(int argc, char **argv) errx(1, "You bastard. You removed ftp/tcp from services"); port = sp->s_port; if (argc > 2) { - port = atoi(argv[2]); - if (port <= 0) { - printf("%s: bad port number-- %s\n", argv[1], argv[2]); - printf ("usage: %s host-name [port]\n", argv[0]); - code = -1; - return; + sp = getservbyname(argv[2], "tcp"); + if (sp != NULL) { + port = sp->s_port; + } else { + char *ep; + + port = strtol(argv[2], &ep, 0); + if (argv[2] == ep) { + printf("%s: bad port number-- %s\n", + argv[1], argv[2]); + printf ("usage: %s host-name [port]\n", + argv[0]); + code = -1; + return; + } + port = htons(port); } - port = htons(port); } host = hookup(argv[1], port); if (host) { diff --git a/crypto/heimdal/appl/ftp/ftp/ftp.cat1 b/crypto/heimdal/appl/ftp/ftp/ftp.cat1 new file mode 100644 index 0000000..66262de --- /dev/null +++ b/crypto/heimdal/appl/ftp/ftp/ftp.cat1 @@ -0,0 +1,650 @@ + +FTP(1) UNIX Reference Manual FTP(1) + +NNAAMMEE + ffttpp - ARPANET file transfer program + +SSYYNNOOPPSSIISS + ffttpp [--tt] [--vv] [--dd] [--ii] [--nn] [--gg] [--pp] [--ll] [_h_o_s_t] + +DDEESSCCRRIIPPTTIIOONN + FFttpp is the user interface to the ARPANET standard File Transfer Protocol. + The program allows a user to transfer files to and from a remote network + site. + + Modifications has been made so that it almost follows the ftpsec Internet + draft. + + Options may be specified at the command line, or to the command inter- + preter. + + --tt Enables packet tracing. + + --vv Verbose option forces ffttpp to show all responses from the remote + server, as well as report on data transfer statistics. + + --nn Restrains ffttpp from attempting ``auto-login'' upon initial connec- + tion. If auto-login is enabled, ffttpp will check the _._n_e_t_r_c (see be- + low) file in the user's home directory for an entry describing an + account on the remote machine. If no entry exists, ffttpp will prompt + for the remote machine login name (default is the user identity on + the local machine), and, if necessary, prompt for a password and an + account with which to login. + + --ii Turns off interactive prompting during multiple file transfers. + + --pp Turn on passive mode. + + --dd Enables debugging. + + --gg Disables file name globbing. + + --ll Disables command line editing. + + The client host with which ffttpp is to communicate may be specified on the + command line. If this is done, ffttpp will immediately attempt to establish + a connection to an FTP server on that host; otherwise, ffttpp will enter its + command interpreter and await instructions from the user. When ffttpp is + awaiting commands from the user the prompt `ftp>' is provided to the us- + er. The following commands are recognized by ffttpp: + + !! [_c_o_m_m_a_n_d [_a_r_g_s]] + Invoke an interactive shell on the local machine. If there + are arguments, the first is taken to be a command to execute + directly, with the rest of the arguments as its arguments. + + $$ _m_a_c_r_o_-_n_a_m_e [_a_r_g_s] + Execute the macro _m_a_c_r_o_-_n_a_m_e that was defined with the mmaaccddeeff + command. Arguments are passed to the macro unglobbed. + + aaccccoouunntt [_p_a_s_s_w_d] + Supply a supplemental password required by a remote system + for access to resources once a login has been successfully + completed. If no argument is included, the user will be + + + prompted for an account password in a non-echoing input mode. + + aappppeenndd _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e] + Append a local file to a file on the remote machine. If + _r_e_m_o_t_e_-_f_i_l_e is left unspecified, the local file name is used + in naming the remote file after being altered by any nnttrraannss + or nnmmaapp setting. File transfer uses the current settings for + ttyyppee, ffoorrmmaatt, mmooddee, and ssttrruuccttuurree. + + aasscciiii Set the file transfer ttyyppee to network ASCII. This is the de- + fault type. + + bbeellll Arrange that a bell be sounded after each file transfer com- + mand is completed. + + bbiinnaarryy Set the file transfer ttyyppee to support binary image transfer. + + bbyyee Terminate the FTP session with the remote server and exit + ffttpp. An end of file will also terminate the session and exit. + + ccaassee Toggle remote computer file name case mapping during mmggeett + commands. When ccaassee is on (default is off), remote computer + file names with all letters in upper case are written in the + local directory with the letters mapped to lower case. + + ccdd _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y + Change the working directory on the remote machine to _r_e_m_o_t_e_- + _d_i_r_e_c_t_o_r_y. + + ccdduupp Change the remote machine working directory to the parent of + the current remote machine working directory. + + cchhmmoodd _m_o_d_e _f_i_l_e_-_n_a_m_e + Change the permission modes of the file _f_i_l_e_-_n_a_m_e on the re- + mote sytem to _m_o_d_e. + + cclloossee Terminate the FTP session with the remote server, and return + to the command interpreter. Any defined macros are erased. + + ccrr Toggle carriage return stripping during ascii type file re- + trieval. Records are denoted by a carriage return/linefeed + sequence during ascii type file transfer. When ccrr is on (the + default), carriage returns are stripped from this sequence to + conform with the UNIX single linefeed record delimiter. + Records on non-UNIX remote systems may contain single line- + feeds; when an ascii type transfer is made, these linefeeds + may be distinguished from a record delimiter only when ccrr is + off. + + ddeelleettee _r_e_m_o_t_e_-_f_i_l_e + Delete the file _r_e_m_o_t_e_-_f_i_l_e on the remote machine. + + ddeebbuugg [_d_e_b_u_g_-_v_a_l_u_e] + Toggle debugging mode. If an optional _d_e_b_u_g_-_v_a_l_u_e is speci- + fied it is used to set the debugging level. When debugging + is on, ffttpp prints each command sent to the remote machine, + preceded by the string `-->' + + ddiirr [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e] + Print a listing of the directory contents in the directory, + _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y, and, optionally, placing the output in + _l_o_c_a_l_-_f_i_l_e. If interactive prompting is on, ffttpp will prompt + the user to verify that the last argument is indeed the tar- + get local file for receiving ddiirr output. If no directory is + specified, the current working directory on the remote ma- + chine is used. If no local file is specified, or _l_o_c_a_l_-_f_i_l_e + + is --, output comes to the terminal. + + ddiissccoonnnneecctt A synonym for _c_l_o_s_e. + + ffoorrmm _f_o_r_m_a_t + Set the file transfer ffoorrmm to _f_o_r_m_a_t. The default format is + ``file''. + + ggeett _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e] + Retrieve the _r_e_m_o_t_e_-_f_i_l_e and store it on the local machine. + If the local file name is not specified, it is given the same + name it has on the remote machine, subject to alteration by + the current ccaassee, nnttrraannss, and nnmmaapp settings. The current + settings for ttyyppee, ffoorrmm, mmooddee, and ssttrruuccttuurree are used while + transferring the file. + + gglloobb Toggle filename expansion for mmddeelleettee, mmggeett and mmppuutt. If + globbing is turned off with gglloobb, the file name arguments are + taken literally and not expanded. Globbing for mmppuutt is done + as in csh(1). For mmddeelleettee and mmggeett, each remote file name is + expanded separately on the remote machine and the lists are + not merged. Expansion of a directory name is likely to be + different from expansion of the name of an ordinary file: the + exact result depends on the foreign operating system and ftp + server, and can be previewed by doing `mls remote-files -'. + As a security measure, remotely globbed files that starts + with `/' or contains `../', will not be automatically re- + ceived. If you have interactive prompting turned off, these + filenames will be ignored. Note: mmggeett and mmppuutt are not meant + to transfer entire directory subtrees of files. That can be + done by transferring a tar(1) archive of the subtree (in bi- + nary mode). + + hhaasshh Toggle hash-sign (``#'') printing for each data block trans- + ferred. The size of a data block is 1024 bytes. + + hheellpp [_c_o_m_m_a_n_d] + Print an informative message about the meaning of _c_o_m_m_a_n_d. If + no argument is given, ffttpp prints a list of the known com- + mands. + + iiddllee [_s_e_c_o_n_d_s] + Set the inactivity timer on the remote server to _s_e_c_o_n_d_s sec- + onds. If _s_e_c_o_n_d_s is omitted, the current inactivity timer is + printed. + + llccdd [_d_i_r_e_c_t_o_r_y] + Change the working directory on the local machine. If no + _d_i_r_e_c_t_o_r_y is specified, the user's home directory is used. + + llss [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e] + Print a listing of the contents of a directory on the remote + machine. The listing includes any system-dependent informa- + tion that the server chooses to include; for example, most + UNIX systems will produce output from the command `ls -l'. + (See also nnlliisstt.) If _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y is left unspecified, + the current working directory is used. If interactive + prompting is on, ffttpp will prompt the user to verify that the + last argument is indeed the target local file for receiving + llss output. If no local file is specified, or if _l_o_c_a_l_-_f_i_l_e + is `--', the output is sent to the terminal. + + mmaaccddeeff _m_a_c_r_o_-_n_a_m_e + Define a macro. Subsequent lines are stored as the macro + _m_a_c_r_o_-_n_a_m_e; a null line (consecutive newline characters in a + file or carriage returns from the terminal) terminates macro + input mode. There is a limit of 16 macros and 4096 total + characters in all defined macros. Macros remain defined un- + til a cclloossee command is executed. The macro processor inter- + prets `$' and `\' as special characters. A `$' followed by a + number (or numbers) is replaced by the corresponding argument + on the macro invocation command line. A `$' followed by an + `i' signals that macro processor that the executing macro is + to be looped. On the first pass `$i' is replaced by the + first argument on the macro invocation command line, on the + second pass it is replaced by the second argument, and so on. + A `\' followed by any character is replaced by that charac- + ter. Use the `\' to prevent special treatment of the `$'. + + mmddeelleettee [_r_e_m_o_t_e_-_f_i_l_e_s] + Delete the _r_e_m_o_t_e_-_f_i_l_e_s on the remote machine. + + mmddiirr _r_e_m_o_t_e_-_f_i_l_e_s _l_o_c_a_l_-_f_i_l_e + Like ddiirr, except multiple remote files may be specified. If + interactive prompting is on, ffttpp will prompt the user to ver- + ify that the last argument is indeed the target local file + for receiving mmddiirr output. + + mmggeett _r_e_m_o_t_e_-_f_i_l_e_s + Expand the _r_e_m_o_t_e_-_f_i_l_e_s on the remote machine and do a ggeett + for each file name thus produced. See gglloobb for details on + the filename expansion. Resulting file names will then be + processed according to ccaassee, nnttrraannss, and nnmmaapp settings. + Files are transferred into the local working directory, which + can be changed with `lcd directory'; new local directories + can be created with `! mkdir directory'. + + mmkkddiirr _d_i_r_e_c_t_o_r_y_-_n_a_m_e + Make a directory on the remote machine. + + mmllss _r_e_m_o_t_e_-_f_i_l_e_s _l_o_c_a_l_-_f_i_l_e + Like nnlliisstt, except multiple remote files may be specified, + and the _l_o_c_a_l_-_f_i_l_e must be specified. If interactive prompt- + ing is on, ffttpp will prompt the user to verify that the last + argument is indeed the target local file for receiving mmllss + output. + + mmooddee [_m_o_d_e_-_n_a_m_e] + Set the file transfer mmooddee to _m_o_d_e_-_n_a_m_e. The default mode is + ``stream'' mode. + + mmooddttiimmee _f_i_l_e_-_n_a_m_e + Show the last modification time of the file on the remote ma- + chine. + + mmppuutt _l_o_c_a_l_-_f_i_l_e_s + Expand wild cards in the list of local files given as argu- + ments and do a ppuutt for each file in the resulting list. See + gglloobb for details of filename expansion. Resulting file names + will then be processed according to nnttrraannss and nnmmaapp settings. + + nneewweerr _f_i_l_e_-_n_a_m_e + Get the file only if the modification time of the remote file + is more recent that the file on the current system. If the + file does not exist on the current system, the remote file is + considered nneewweerr. Otherwise, this command is identical to + _g_e_t. + + nnlliisstt [_r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y] [_l_o_c_a_l_-_f_i_l_e] + Print a list of the files in a directory on the remote ma- + chine. If _r_e_m_o_t_e_-_d_i_r_e_c_t_o_r_y is left unspecified, the current + working directory is used. If interactive prompting is on, + ffttpp will prompt the user to verify that the last argument is + indeed the target local file for receiving nnlliisstt output. If + no local file is specified, or if _l_o_c_a_l_-_f_i_l_e is --, the output + is sent to the terminal. + + nnmmaapp [_i_n_p_a_t_t_e_r_n _o_u_t_p_a_t_t_e_r_n] + Set or unset the filename mapping mechanism. If no arguments + are specified, the filename mapping mechanism is unset. If + arguments are specified, remote filenames are mapped during + mmppuutt commands and ppuutt commands issued without a specified re- + mote target filename. If arguments are specified, local + filenames are mapped during mmggeett commands and ggeett commands + issued without a specified local target filename. This com- + mand is useful when connecting to a non-UNIX remote computer + with different file naming conventions or practices. The + mapping follows the pattern set by _i_n_p_a_t_t_e_r_n and _o_u_t_p_a_t_t_e_r_n. + [_I_n_p_a_t_t_e_r_n] is a template for incoming filenames (which may + have already been processed according to the nnttrraannss and ccaassee + settings). Variable templating is accomplished by including + the sequences `$1', `$2', ..., `$9' in _i_n_p_a_t_t_e_r_n. Use `\' to + prevent this special treatment of the `$' character. All + other characters are treated literally, and are used to de- + termine the nnmmaapp [_i_n_p_a_t_t_e_r_n] variable values. For example, + given _i_n_p_a_t_t_e_r_n $1.$2 and the remote file name "mydata.data", + $1 would have the value "mydata", and $2 would have the value + "data". The _o_u_t_p_a_t_t_e_r_n determines the resulting mapped file- + name. The sequences `$1', `$2', ...., `$9' are replaced by + any value resulting from the _i_n_p_a_t_t_e_r_n template. The se- + quence `$0' is replace by the original filename. Additional- + ly, the sequence `[_s_e_q_1, _s_e_q_2]' is replaced by [_s_e_q_1] if _s_e_q_1 + is not a null string; otherwise it is replaced by _s_e_q_2. For + example, the command + + nmap $1.$2.$3 [$1,$2].[$2,file] + + would yield the output filename "myfile.data" for input file- + names "myfile.data" and "myfile.data.old", "myfile.file" for + the input filename "myfile", and "myfile.myfile" for the in- + put filename ".myfile". Spaces may be included in + _o_u_t_p_a_t_t_e_r_n, as in the example: `nmap $1 sed "s/ *$//" > $1' + . Use the `\' character to prevent special treatment of the + `$','[','[', and `,' characters. + + nnttrraannss [_i_n_c_h_a_r_s [_o_u_t_c_h_a_r_s]] + Set or unset the filename character translation mechanism. + If no arguments are specified, the filename character trans- + lation mechanism is unset. If arguments are specified, char- + acters in remote filenames are translated during mmppuutt com- + mands and ppuutt commands issued without a specified remote tar- + get filename. If arguments are specified, characters in lo- + cal filenames are translated during mmggeett commands and ggeett + commands issued without a specified local target filename. + This command is useful when connecting to a non-UNIX remote + computer with different file naming conventions or practices. + Characters in a filename matching a character in _i_n_c_h_a_r_s are + replaced with the corresponding character in _o_u_t_c_h_a_r_s. If the + character's position in _i_n_c_h_a_r_s is longer than the length of + _o_u_t_c_h_a_r_s, the character is deleted from the file name. + + ooppeenn _h_o_s_t [_p_o_r_t] + Establish a connection to the specified _h_o_s_t FTP server. An + optional port number may be supplied, in which case, ffttpp will + attempt to contact an FTP server at that port. If the aauuttoo-- + llooggiinn option is on (default), ffttpp will also attempt to auto- + + matically log the user in to the FTP server (see below). + + ppaassssiivvee Toggle passive mode. If passive mode is turned on (default + is off), the ftp client will send a PASV command for all data + connections instead of the usual PORT command. The PASV com- + mand requests that the remote server open a port for the data + connection and return the address of that port. The remote + server listens on that port and the client connects to it. + When using the more traditional PORT command, the client lis- + tens on a port and sends that address to the remote server, + who connects back to it. Passive mode is useful when using + ffttpp through a gateway router or host that controls the direc- + tionality of traffic. (Note that though ftp servers are re- + quired to support the PASV command by RFC 1123, some do not.) + + pprroommpptt Toggle interactive prompting. Interactive prompting occurs + during multiple file transfers to allow the user to selec- + tively retrieve or store files. If prompting is turned off + (default is on), any mmggeett or mmppuutt will transfer all files, + and any mmddeelleettee will delete all files. + + pprrooxxyy _f_t_p_-_c_o_m_m_a_n_d + Execute an ftp command on a secondary control connection. + This command allows simultaneous connection to two remote ftp + servers for transferring files between the two servers. The + first pprrooxxyy command should be an ooppeenn, to establish the sec- + ondary control connection. Enter the command "proxy ?" to + see other ftp commands executable on the secondary connec- + tion. The following commands behave differently when pref- + aced by pprrooxxyy: ooppeenn will not define new macros during the au- + to-login process, cclloossee will not erase existing macro defini- + tions, ggeett and mmggeett transfer files from the host on the pri- + mary control connection to the host on the secondary control + connection, and ppuutt, mmppuutt, and aappppeenndd transfer files from the + host on the secondary control connection to the host on the + primary control connection. Third party file transfers de- + pend upon support of the ftp protocol PASV command by the + server on the secondary control connection. + + ppuutt _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e] + Store a local file on the remote machine. If _r_e_m_o_t_e_-_f_i_l_e is + left unspecified, the local file name is used after process- + ing according to any nnttrraannss or nnmmaapp settings in naming the + remote file. File transfer uses the current settings for + ttyyppee, ffoorrmmaatt, mmooddee, and ssttrruuccttuurree. + + ppwwdd Print the name of the current working directory on the remote + machine. + + qquuiitt A synonym for bbyyee. + + qquuoottee _a_r_g_1 _a_r_g_2 _._._. + The arguments specified are sent, verbatim, to the remote FTP + server. + + rreeccvv _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e] + A synonym for get. + + rreeggeett _r_e_m_o_t_e_-_f_i_l_e [_l_o_c_a_l_-_f_i_l_e] + Reget acts like get, except that if _l_o_c_a_l_-_f_i_l_e exists and is + smaller than _r_e_m_o_t_e_-_f_i_l_e, _l_o_c_a_l_-_f_i_l_e is presumed to be a par- + tially transferred copy of _r_e_m_o_t_e_-_f_i_l_e and the transfer is + continued from the apparent point of failure. This command + is useful when transferring very large files over networks + + + that are prone to dropping connections. + + rreemmootteehheellpp [_c_o_m_m_a_n_d_-_n_a_m_e] + Request help from the remote FTP server. If a _c_o_m_m_a_n_d_-_n_a_m_e + is specified it is supplied to the server as well. + + rreemmootteessttaattuuss [_f_i_l_e_-_n_a_m_e] + With no arguments, show status of remote machine. If _f_i_l_e_- + _n_a_m_e is specified, show status of _f_i_l_e_-_n_a_m_e on remote ma- + chine. + + rreennaammee [_f_r_o_m] [_t_o] + Rename the file _f_r_o_m on the remote machine, to the file _t_o. + + rreesseett Clear reply queue. This command re-synchronizes command/re- + ply sequencing with the remote ftp server. Resynchronization + may be necessary following a violation of the ftp protocol by + the remote server. + + rreessttaarrtt _m_a_r_k_e_r + Restart the immediately following ggeett or ppuutt at the indicated + _m_a_r_k_e_r. On UNIX systems, marker is usually a byte offset into + the file. + + rrmmddiirr _d_i_r_e_c_t_o_r_y_-_n_a_m_e + Delete a directory on the remote machine. + + rruunniiqquuee Toggle storing of files on the local system with unique file- + names. If a file already exists with a name equal to the + target local filename for a ggeett or mmggeett command, a ".1" is + appended to the name. If the resulting name matches another + existing file, a ".2" is appended to the original name. If + this process continues up to ".99", an error message is + printed, and the transfer does not take place. The generated + unique filename will be reported. Note that rruunniiqquuee will not + affect local files generated from a shell command (see be- + low). The default value is off. + + sseenndd _l_o_c_a_l_-_f_i_l_e [_r_e_m_o_t_e_-_f_i_l_e] + A synonym for put. + + sseennddppoorrtt Toggle the use of PORT commands. By default, ffttpp will at- + tempt to use a PORT command when establishing a connection + for each data transfer. The use of PORT commands can prevent + delays when performing multiple file transfers. If the PORT + command fails, ffttpp will use the default data port. When the + use of PORT commands is disabled, no attempt will be made to + use PORT commands for each data transfer. This is useful for + certain FTP implementations which do ignore PORT commands + but, incorrectly, indicate they've been accepted. + + ssiittee _a_r_g_1 _a_r_g_2 _._._. + The arguments specified are sent, verbatim, to the remote FTP + server as a SITE command. + + ssiizzee _f_i_l_e_-_n_a_m_e + Return size of _f_i_l_e_-_n_a_m_e on remote machine. + + ssttaattuuss Show the current status of ffttpp. + + ssttrruucctt [_s_t_r_u_c_t_-_n_a_m_e] + Set the file transfer _s_t_r_u_c_t_u_r_e to _s_t_r_u_c_t_-_n_a_m_e. By default + ``stream'' structure is used. + + ssuunniiqquuee Toggle storing of files on remote machine under unique file + names. Remote ftp server must support ftp protocol STOU com- + mand for successful completion. The remote server will re- + port unique name. Default value is off. + + ssyysstteemm Show the type of operating system running on the remote ma- + chine. + + tteenneexx Set the file transfer type to that needed to talk to TENEX + machines. + + ttrraaccee Toggle packet tracing. + + ttyyppee [_t_y_p_e_-_n_a_m_e] + Set the file transfer ttyyppee to _t_y_p_e_-_n_a_m_e. If no type is speci- + fied, the current type is printed. The default type is net- + work ASCII. + + uummaasskk [_n_e_w_m_a_s_k] + Set the default umask on the remote server to _n_e_w_m_a_s_k. If + _n_e_w_m_a_s_k is omitted, the current umask is printed. + + uusseerr _u_s_e_r_-_n_a_m_e [_p_a_s_s_w_o_r_d] [_a_c_c_o_u_n_t] + Identify yourself to the remote FTP server. If the _p_a_s_s_w_o_r_d + is not specified and the server requires it, ffttpp will prompt + the user for it (after disabling local echo). If an _a_c_c_o_u_n_t + field is not specified, and the FTP server requires it, the + user will be prompted for it. If an _a_c_c_o_u_n_t field is speci- + fied, an account command will be relayed to the remote server + after the login sequence is completed if the remote server + did not require it for logging in. Unless ffttpp is invoked + with ``auto-login'' disabled, this process is done automati- + cally on initial connection to the FTP server. + + vveerrbboossee Toggle verbose mode. In verbose mode, all responses from the + FTP server are displayed to the user. In addition, if ver- + bose is on, when a file transfer completes, statistics re- + garding the efficiency of the transfer are reported. By de- + fault, verbose is on. + + ?? [_c_o_m_m_a_n_d] + A synonym for help. + + The following command can be used with ftpsec-aware servers. + + pprroott _c_l_e_a_r | _s_a_f_e | _c_o_n_f_i_d_e_n_t_i_a_l | _p_r_i_v_a_t_e + Set the data protection level to the requested level. + + The following command can be used with ftp servers that has implemented + the KAUTH site command. + + kkaauutthh [_p_r_i_n_c_i_p_a_l] + Obtain remote tickets. + + Command arguments which have embedded spaces may be quoted with quote `"' + marks. + +AABBOORRTTIINNGG AA FFIILLEE TTRRAANNSSFFEERR + To abort a file transfer, use the terminal interrupt key (usually Ctrl- + C). Sending transfers will be immediately halted. Receiving transfers + will be halted by sending a ftp protocol ABOR command to the remote serv- + er, and discarding any further data received. The speed at which this is + accomplished depends upon the remote server's support for ABOR process- + ing. If the remote server does not support the ABOR command, an `ftp>' + prompt will not appear until the remote server has completed sending the + requested file. + + + The terminal interrupt key sequence will be ignored when ffttpp has complet- + ed any local processing and is awaiting a reply from the remote server. + A long delay in this mode may result from the ABOR processing described + above, or from unexpected behavior by the remote server, including viola- + tions of the ftp protocol. If the delay results from unexpected remote + server behavior, the local ffttpp program must be killed by hand. + +FFIILLEE NNAAMMIINNGG CCOONNVVEENNTTIIOONNSS + Files specified as arguments to ffttpp commands are processed according to + the following rules. + + 1. If the file name `--' is specified, the _s_t_d_i_n (for reading) or _s_t_d_o_u_t + (for writing) is used. + + 2. If the first character of the file name is `|', the remainder of the + argument is interpreted as a shell command. FFttpp then forks a shell, + using popen(3) with the argument supplied, and reads (writes) from + the stdout (stdin). If the shell command includes spaces, the argu- + ment must be quoted; e.g. ``" ls -lt"''. A particularly useful ex- + ample of this mechanism is: ``dir more''. + + 3. Failing the above checks, if ``globbing'' is enabled, local file + names are expanded according to the rules used in the csh(1); c.f. + the gglloobb command. If the ffttpp command expects a single local file + (.e.g. ppuutt), only the first filename generated by the "globbing" + operation is used. + + 4. For mmggeett commands and ggeett commands with unspecified local file + names, the local filename is the remote filename, which may be al- + tered by a ccaassee, nnttrraannss, or nnmmaapp setting. The resulting filename + may then be altered if rruunniiqquuee is on. + + 5. For mmppuutt commands and ppuutt commands with unspecified remote file + names, the remote filename is the local filename, which may be al- + tered by a nnttrraannss or nnmmaapp setting. The resulting filename may then + be altered by the remote server if ssuunniiqquuee is on. + +FFIILLEE TTRRAANNSSFFEERR PPAARRAAMMEETTEERRSS + The FTP specification specifies many parameters which may affect a file + transfer. The ttyyppee may be one of ``ascii'', ``image'' (binary), + ``ebcdic'', and ``local byte size'' (for PDP-10's and PDP-20's mostly). + FFttpp supports the ascii and image types of file transfer, plus local byte + size 8 for tteenneexx mode transfers. + + FFttpp supports only the default values for the remaining file transfer pa- + rameters: mmooddee, ffoorrmm, and ssttrruucctt. + +TTHHEE ..nneettrrcc FFIILLEE + The _._n_e_t_r_c file contains login and initialization information used by the + auto-login process. It resides in the user's home directory. The fol- + lowing tokens are recognized; they may be separated by spaces, tabs, or + new-lines: + + mmaacchhiinnee _n_a_m_e + Identify a remote machine _n_a_m_e. The auto-login process searches + the _._n_e_t_r_c file for a mmaacchhiinnee token that matches the remote ma- + chine specified on the ffttpp command line or as an ooppeenn command + argument. Once a match is made, the subsequent _._n_e_t_r_c tokens + are processed, stopping when the end of file is reached or an- + other mmaacchhiinnee or a ddeeffaauulltt token is encountered. + + ddeeffaauulltt This is the same as mmaacchhiinnee _n_a_m_e except that ddeeffaauulltt matches + any name. There can be only one ddeeffaauulltt token, and it must be + after all mmaacchhiinnee tokens. This is normally used as: + + + default login anonymous password user@site + + thereby giving the user _a_u_t_o_m_a_t_i_c anonymous ftp login to ma- + chines not specified in _._n_e_t_r_c. This can be overridden by using + the --nn flag to disable auto-login. + + llooggiinn _n_a_m_e + Identify a user on the remote machine. If this token is pre- + sent, the auto-login process will initiate a login using the + specified _n_a_m_e. + + ppaasssswwoorrdd _s_t_r_i_n_g + Supply a password. If this token is present, the auto-login + process will supply the specified string if the remote server + requires a password as part of the login process. Note that if + this token is present in the _._n_e_t_r_c file for any user other + than _a_n_o_n_y_m_o_u_s, ffttpp will abort the auto-login process if the + _._n_e_t_r_c is readable by anyone besides the user. + + aaccccoouunntt _s_t_r_i_n_g + Supply an additional account password. If this token is pre- + sent, the auto-login process will supply the specified string + if the remote server requires an additional account password, + or the auto-login process will initiate an ACCT command if it + does not. + + mmaaccddeeff _n_a_m_e + Define a macro. This token functions like the ffttpp mmaaccddeeff com- + mand functions. A macro is defined with the specified name; + its contents begin with the next _._n_e_t_r_c line and continue until + a null line (consecutive new-line characters) is encountered. + If a macro named iinniitt is defined, it is automatically executed + as the last step in the auto-login process. + +EENNVVIIRROONNMMEENNTT + FFttpp utilizes the following environment variables. + + HOME For default location of a _._n_e_t_r_c file, if one exists. + + SHELL For default shell. + +SSEEEE AALLSSOO + ftpd(8), _R_F_C_2_2_2_8 + +HHIISSTTOORRYY + The ffttpp command appeared in 4.2BSD. + +BBUUGGSS + Correct execution of many commands depends upon proper behavior by the + remote server. + + An error in the treatment of carriage returns in the 4.2BSD ascii-mode + transfer code has been corrected. This correction may result in incor- + rect transfers of binary files to and from 4.2BSD servers using the ascii + type. Avoid this problem by using the binary image type. + +4.2 Berkeley Distribution April 27, 1996 10 diff --git a/crypto/heimdal/appl/ftp/ftp/ftp_locl.h b/crypto/heimdal/appl/ftp/ftp/ftp_locl.h index 49c2b2f..0f8e7cd 100644 --- a/crypto/heimdal/appl/ftp/ftp/ftp_locl.h +++ b/crypto/heimdal/appl/ftp/ftp/ftp_locl.h @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: ftp_locl.h,v 1.34 1999/12/02 16:58:29 joda Exp $ */ +/* $Id: ftp_locl.h,v 1.35 2001/02/15 04:20:51 assar Exp $ */ #ifndef __FTP_LOCL_H__ #define __FTP_LOCL_H__ @@ -129,7 +129,13 @@ struct hostent *gethostbyname(const char *); #include "roken.h" #include "security.h" -#include <des.h> /* for des_read_pw_string */ + +/* des_read_pw_string */ +#ifdef HAVE_OPENSSL_DES_H +#include <openssl/des.h> +#else +#include <des.h> +#endif #if defined(__sun__) && !defined(__svr4) int fclose(FILE*); diff --git a/crypto/heimdal/appl/ftp/ftp/main.c b/crypto/heimdal/appl/ftp/ftp/main.c index e1a4e14..3531579 100644 --- a/crypto/heimdal/appl/ftp/ftp/main.c +++ b/crypto/heimdal/appl/ftp/ftp/main.c @@ -36,7 +36,7 @@ */ #include "ftp_locl.h" -RCSID("$Id: main.c,v 1.30 2000/11/15 22:56:35 assar Exp $"); +RCSID("$Id: main.c,v 1.31 2001/02/20 01:44:43 assar Exp $"); int main(int argc, char **argv) @@ -46,7 +46,7 @@ main(int argc, char **argv) char homedir[MaxPathLen]; struct servent *sp; - set_progname(argv[0]); + setprogname(argv[0]); sp = getservbyname("ftp", "tcp"); if (sp == 0) @@ -127,7 +127,7 @@ main(int argc, char **argv) exit(0); signal(SIGINT, intr); signal(SIGPIPE, lostpeer); - xargv[0] = (char*)__progname; + xargv[0] = (char*)getprogname(); xargv[1] = argv[0]; xargv[2] = argv[1]; xargv[3] = argv[2]; diff --git a/crypto/heimdal/appl/ftp/ftp/security.c b/crypto/heimdal/appl/ftp/ftp/security.c index ab3785a..a8fff1d 100644 --- a/crypto/heimdal/appl/ftp/ftp/security.c +++ b/crypto/heimdal/appl/ftp/ftp/security.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1998-2000 Kungliga Tekniska Högskolan + * Copyright (c) 1998-2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -37,7 +37,7 @@ #include "ftp_locl.h" #endif -RCSID("$Id: security.c,v 1.17 2000/11/08 23:30:32 joda Exp $"); +RCSID("$Id: security.c,v 1.18 2001/02/07 10:49:43 assar Exp $"); static enum protection_level command_prot; static enum protection_level data_prot; @@ -166,6 +166,7 @@ sec_get_data(int fd, struct buffer *buf, int level) { int len; int b; + void *tmp; b = block_read(fd, &len, sizeof(len)); if (b == 0) @@ -173,7 +174,10 @@ sec_get_data(int fd, struct buffer *buf, int level) else if (b < 0) return -1; len = ntohl(len); - buf->data = realloc(buf->data, len); + tmp = realloc(buf->data, len); + if (tmp == NULL) + return -1; + buf->data = tmp; b = block_read(fd, buf->data, len); if (b == 0) return 0; @@ -424,9 +428,17 @@ void auth(char *auth_name) { int i; + void *tmp; + for(i = 0; (mech = mechs[i]) != NULL; i++){ if(!strcasecmp(auth_name, mech->name)){ - app_data = realloc(app_data, mech->size); + tmp = realloc(app_data, mech->size); + if (tmp == NULL) { + reply(431, "Unable to accept %s at this time", mech->name); + return; + } + app_data = tmp; + if(mech->init && (*mech->init)(app_data) != 0) { reply(431, "Unable to accept %s at this time", mech->name); return; @@ -443,6 +455,7 @@ auth(char *auth_name) } } free (app_data); + app_data = NULL; reply(504, "%s is unknown to me", auth_name); } @@ -776,9 +789,11 @@ sec_end(void) if (mech != NULL) { if(mech->end) (*mech->end)(app_data); - memset(app_data, 0, mech->size); - free(app_data); - app_data = NULL; + if (app_data != NULL) { + memset(app_data, 0, mech->size); + free(app_data); + app_data = NULL; + } } sec_complete = 0; data_prot = (enum protection_level)0; diff --git a/crypto/heimdal/appl/ftp/ftpd/Makefile.in b/crypto/heimdal/appl/ftp/ftpd/Makefile.in index a3fa628..cd67376 100644 --- a/crypto/heimdal/appl/ftp/ftpd/Makefile.in +++ b/crypto/heimdal/appl/ftp/ftpd/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -119,7 +120,7 @@ install_sh = @install_sh@ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = libexec_PROGRAMS = ftpd @@ -288,7 +291,7 @@ OBJECTS = $(am_ftpd_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x .y +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj .y $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/ftp/ftpd/Makefile @@ -462,6 +465,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.8 index 745090c..32d5002 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpd.8 +++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.8 @@ -40,7 +40,7 @@ .Nm ftpd .Nd Internet File Transfer Protocol server .Sh SYNOPSIS -.Nm ftpd +.Nm .Op Fl a Ar authmode .Op Fl dilv .Op Fl g Ar umask @@ -48,6 +48,8 @@ .Op Fl T Ar maxtimeout .Op Fl t Ar timeout .Op Fl u Ar default umask +.Op Fl B | Fl -builtin-ls +.Op Fl -good-chars= Ns Ar string .Sh DESCRIPTION .Nm Ftpd is the @@ -128,6 +130,15 @@ seconds (the default is 15 minutes). Set the initial umask to something else than the default 027. .It Fl v Verbose mode. +.It Xo +.Fl B Ns , +.Fl -builtin-ls +.Xc +use built-in ls to list files +.It Xo +.Fl -good-chars= Ns Ar string +.Xc +allowed anonymous upload filename chars .El .Pp The file diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.c b/crypto/heimdal/appl/ftp/ftpd/ftpd.c index 4db5e9f..faf07ff 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpd.c +++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.c @@ -38,7 +38,7 @@ #endif #include "getarg.h" -RCSID("$Id: ftpd.c,v 1.153 2001/01/18 09:14:59 joda Exp $"); +RCSID("$Id: ftpd.c,v 1.157 2001/04/19 14:41:29 joda Exp $"); static char version[] = "Version 6.00"; @@ -262,7 +262,7 @@ main(int argc, char **argv) int optind = 0; - set_progname (argv[0]); + setprogname (argv[0]); /* detach from any tickets and tokens */ { @@ -1187,18 +1187,22 @@ do_store(char *name, char *mode, int unique) goto done; set_buffer_size(fileno(din), 1); if (receive_data(din, fout) == 0) { + if((*closefunc)(fout) < 0) + perror_reply(552, name); + else { if (unique) reply(226, "Transfer complete (unique file name:%s).", name); else reply(226, "Transfer complete."); - } + } + } else + (*closefunc)(fout); fclose(din); data = -1; pdata = -1; done: LOGBYTES(*mode == 'w' ? "put" : "append", name, byte_count); - (*closefunc)(fout); } static FILE * @@ -2161,7 +2165,7 @@ send_file_list(char *whichf) char buf[MaxPathLen]; if (strpbrk(whichf, "~{[*?") != NULL) { - int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; + int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE|GLOB_LIMIT; memset(&gl, 0, sizeof(gl)); freeglob = 1; diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 b/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 new file mode 100644 index 0000000..d4af02e --- /dev/null +++ b/crypto/heimdal/appl/ftp/ftpd/ftpd.cat8 @@ -0,0 +1,296 @@ + +FTPD(8) UNIX System Manager's Manual FTPD(8) + +NNAAMMEE + ffttppdd - Internet File Transfer Protocol server + +SSYYNNOOPPSSIISS + ffttppdd [--aa _a_u_t_h_m_o_d_e] [--ddiillvv] [--gg _u_m_a_s_k] [--pp _p_o_r_t] [--TT _m_a_x_t_i_m_e_o_u_t] [--tt + _t_i_m_e_o_u_t] [--uu _d_e_f_a_u_l_t _u_m_a_s_k] [--BB | ----bbuuiillttiinn--llss] [----ggoooodd--cchhaarrss==_s_t_r_i_n_g] + +DDEESSCCRRIIPPTTIIOONN + FFttppdd is the Internet File Transfer Protocol server process. The server + uses the TCP protocol and listens at the port specified in the ``ftp'' + service specification; see services(5). + + Available options: + + --aa Select the level of authentication required. Kerberised login + can not be turned off. The default is to only allow kerberised + login. Other possibilities can be turned on by giving a string + of comma separated flags as argument to --aa. Recognised flags are: + + _p_l_a_i_n Allow logging in with plaintext password. The password can + be a(n) OTP or an ordinary password. + + _o_t_p Same as _p_l_a_i_n, but only OTP is allowed. + + _f_t_p Allow anonymous login. + + The following combination modes exists for backwards compatibili- + ty: + + _n_o_n_e Same as _p_l_a_i_n_,_f_t_p. + + _s_a_f_e Same as _f_t_p. + + _u_s_e_r Ignored. + + --dd Debugging information is written to the syslog using LOG_FTP. + + --gg Anonymous users will get a umask of _u_m_a_s_k. + + --ii Open a socket and wait for a connection. This is mainly used for + debugging when ftpd isn't started by inetd. + + --ll Each successful and failed ftp(1) session is logged using syslog + with a facility of LOG_FTP. If this option is specified twice, + the retrieve (get), store (put), append, delete, make directory, + remove directory and rename operations and their filename argu- + ments are also logged. + + --pp Use _p_o_r_t (a service name or number) instead of the default + _f_t_p_/_t_c_p. + + --TT A client may also request a different timeout period; the maximum + period allowed may be set to _t_i_m_e_o_u_t seconds with the --TT option. + The default limit is 2 hours. + + --tt The inactivity timeout period is set to _t_i_m_e_o_u_t seconds (the de- + fault is 15 minutes). + + --uu Set the initial umask to something else than the default 027. + + + + --vv Verbose mode. + + --BB, ----bbuuiillttiinn--llss + use built-in ls to list files + + ----ggoooodd--cchhaarrss==_s_t_r_i_n_g + allowed anonymous upload filename chars + + The file _/_e_t_c_/_n_o_l_o_g_i_n can be used to disable ftp access. If the file ex- + ists, ffttppdd displays it and exits. If the file _/_e_t_c_/_f_t_p_w_e_l_c_o_m_e exists, + ffttppdd prints it before issuing the ``ready'' message. If the file + _/_e_t_c_/_m_o_t_d exists, ffttppdd prints it after a successful login. + + The ftp server currently supports the following ftp requests. The case + of the requests is ignored. + + Request Description + ABOR abort previous command + ACCT specify account (ignored) + ALLO allocate storage (vacuously) + APPE append to a file + CDUP change to parent of current working directory + CWD change working directory + DELE delete a file + HELP give help information + LIST give list files in a directory (``ls -lgA'') + MKD make a directory + MDTM show last modification time of file + MODE specify data transfer _m_o_d_e + NLST give name list of files in directory + NOOP do nothing + PASS specify password + PASV prepare for server-to-server transfer + PORT specify data connection port + PWD print the current working directory + QUIT terminate session + REST restart incomplete transfer + RETR retrieve a file + RMD remove a directory + RNFR specify rename-from file name + RNTO specify rename-to file name + SITE non-standard commands (see next section) + SIZE return size of file + STAT return status of server + STOR store a file + STOU store a file with a unique name + STRU specify data transfer _s_t_r_u_c_t_u_r_e + SYST show operating system type of server system + TYPE specify data transfer _t_y_p_e + USER specify user name + XCUP change to parent of current working directory + (deprecated) + XCWD change working directory (deprecated) + XMKD make a directory (deprecated) + XPWD print the current working directory (deprecated) + XRMD remove a directory (deprecated) + + The following commands are specified by RFC2228. + + AUTH authentication/security mechanism + ADAT authentication/security data + PROT data channel protection level + PBSZ protection buffer size + MIC integrity protected command + + + CONF confidentiality protected command + ENC privacy protected command + CCC clear command channel + + The following non-standard or UNIX specific commands are supported by the + SITE request. + + UMASK change umask, (e.g. SSIITTEE UUMMAASSKK 000022) + IDLE set idle-timer, (e.g. SSIITTEE IIDDLLEE 6600) + CHMOD change mode of a file (e.g. SSIITTEE CCHHMMOODD 775555 ffiilleennaammee) + FIND quickly find a specific file with GNU locate(1). + HELP give help information. + + The following Kerberos related site commands are understood. + + KAUTH obtain remote tickets. + KLIST show remote tickets + + The remaining ftp requests specified in Internet RFC 959 are recognized, + but not implemented. MDTM and SIZE are not specified in RFC 959, but + will appear in the next updated FTP RFC. + + The ftp server will abort an active file transfer only when the ABOR com- + mand is preceded by a Telnet "Interrupt Process" (IP) signal and a Telnet + "Synch" signal in the command Telnet stream, as described in Internet RFC + 959. If a STAT command is received during a data transfer, preceded by a + Telnet IP and Synch, transfer status will be returned. + + FFttppdd interprets file names according to the ``globbing'' conventions used + by csh(1). This allows users to utilize the metacharacters ``*?[]{}~''. + + FFttppdd authenticates users according to these rules. + + 1. If Kerberos authentication is used, the user must pass valid + tickets and the principal must be allowed to login as the re- + mote user. + + 2. The login name must be in the password data base, and not have + a null password (if kerberos is used the password field is not + checked). In this case a password must be provided by the + client before any file operations may be performed. If the + user has an OTP key, the response from a successful USER com- + mand will include an OTP challenge. The client may choose to + respond with a PASS command giving either a standard password + or an OTP one-time password. The server will automatically de- + termine which type of password it has been given and attempt + to authenticate accordingly. See otp(1) for more information + on OTP authentication. + + 3. The login name must not appear in the file _/_e_t_c_/_f_t_p_u_s_e_r_s. + + 4. The user must have a standard shell returned by + getusershell(3). + + 5. If the user name appears in the file _/_e_t_c_/_f_t_p_c_h_r_o_o_t the ses- + sion's root will be changed to the user's login directory by + chroot(2) as for an ``anonymous'' or ``ftp'' account (see next + item). However, the user must still supply a password. This + feature is intended as a compromise between a fully anonymous + account and a fully privileged account. The account should + also be set up as for an anonymous account. + + 6. If the user name is ``anonymous'' or ``ftp'', an anonymous ftp + account must be present in the password file (user ``ftp''). + In this case the user is allowed to log in by specifying any + password (by convention an email address for the user should + be used as the password). + + In the last case, ffttppdd takes special measures to restrict the client's + access privileges. The server performs a chroot(2) to the home directory + of the ``ftp'' user. In order that system security is not breached, it + is recommended that the ``ftp'' subtree be constructed with care, consid- + er following these guidelines for anonymous ftp. + + In general all files should be owned by ``root'', and have non-write per- + missions (644 or 755 depending on the kind of file). No files should be + owned or writable by ``ftp'' (possibly with exception for the + _~_f_t_p_/_i_n_c_o_m_i_n_g, as specified below). + + _~_f_t_p The ``ftp'' homedirectory should be owned by root. + + _~_f_t_p_/_b_i_n The directory for external programs (such as ls(1)). + These programs must either be statically linked, or you + must setup an environment for dynamic linking when run- + ning chrooted. These programs will be used if present: + + ls Used when listing files. + + compress + When retrieving a filename that ends in _._Z, + and that file isn't present, ffttppdd will try + to find the filename without _._Z and com- + press it on the fly. + + gzip Same as compress, just with files ending in + _._g_z. + + gtar Enables retrieval of whole directories as + files ending in _._t_a_r. Can also be combined + with compression. You must use GNU Tar (or + some other that supports the --zz and --ZZ + flags). + + locate Will enable ``fast find'' with the SSIITTEE + FFIINNDD command. You must also create a + _l_o_c_a_t_e_d_b file in _~_f_t_p_/_e_t_c. + + _~_f_t_p_/_e_t_c If you put copies of the passwd(5) and group(5) files + here, ls will be able to produce owner names rather than + numbers. Remember to remove any passwords from these + files. + + The file _m_o_t_d, if present, will be printed after a suc- + cessful login. + + _~_f_t_p_/_d_e_v Put a copy of /dev/null(7) here. + + _~_f_t_p_/_p_u_b Traditional place to put whatever you want to make pub- + lic. + + If you want guests to be able to upload files, create a _~_f_t_p_/_i_n_c_o_m_i_n_g di- + rectory owned by ``root'', and group ``ftp'' with mode 730 (make sure + ``ftp'' is member of group ``ftp''). The following restrictions apply to + anonymous users: + + ++oo Directories created will have mode 700. + + ++oo Uploaded files will be created with an umask of 777, if not changed + with the --gg option. + + ++oo These command are not accessible: DDEELLEE, RRMMDD, RRNNTTOO, RRNNFFRR, SSIITTEE UUMMAASSKK, + + and SSIITTEE CCHHMMOODD. + + ++oo Filenames must start with an alpha-numeric character, and consist of + alpha-numeric characters or any of the following: + (plus), - (mi- + nus), = (equal), _ (underscore), . (period), and , (comma). + +FFIILLEESS + /etc/ftpusers Access list for users. + /etc/ftpchroot List of normal users who should be chroot'd. + /etc/ftpwelcome Welcome notice. + /etc/motd Welcome notice after login. + /etc/nologin Displayed and access refused. + ~/.klogin Login access for Kerberos. + +SSEEEE AALLSSOO + ftp(1), otp(1), getusershell(3), ftpusers(5), syslogd(8), + +SSTTAANNDDAARRDDSS + RRFFCC 995599 FTP PROTOCOL SPECIFICATION + RRFFCC 11993388 OTP Specification + RRFFCC 22222288 FTP Security Extensions. + +BBUUGGSS + The server must run as the super-user to create sockets with privileged + port numbers. It maintains an effective user id of the logged in user, + reverting to the super-user only when binding addresses to sockets. The + possible security holes have been extensively scrutinized, but are possi- + bly incomplete. + +HHIISSTTOORRYY + The ffttppdd command appeared in 4.2BSD. + +4.2 Berkeley Distribution April 19, 1997 5 diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 b/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 index d10d15a..631f11b 100644 --- a/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 +++ b/crypto/heimdal/appl/ftp/ftpd/ftpusers.5 @@ -1,4 +1,4 @@ -.\" $Id: ftpusers.5,v 1.3 2001/01/11 16:16:26 assar Exp $ +.\" $Id: ftpusers.5,v 1.4 2001/05/02 08:59:20 assar Exp $ .\" .Dd May 7, 1997 .Dt FTPUSERS 5 diff --git a/crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5 b/crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5 new file mode 100644 index 0000000..d2ee3d3 --- /dev/null +++ b/crypto/heimdal/appl/ftp/ftpd/ftpusers.cat5 @@ -0,0 +1,27 @@ + +FTPUSERS(5) UNIX Programmer's Manual FTPUSERS(5) + +NNAAMMEE + _/_e_t_c_/_f_t_p_u_s_e_r_s - FTP access list file + +DDEESSCCRRIIPPTTIIOONN + _/_e_t_c_/_f_t_p_u_s_e_r_s contains a list of users that should be allowed or denied + FTP access. Each line contains a user, optionally followed by ``allow'' + (anything but ``allow'' is ignored). The semi-user ``*'' matches any us- + er. Users that has an explicit ``allow'', or that does not match any + line, are allowed access. Anyone else is denied access. + + Note that this is compatible with the old format, where this file con- + tained a list of users that should be denied access. + +EEXXAAMMPPLLEESS + This will deny anyone but ``foo'' and ``bar'' to use FTP: + + foo allow + bar allow + * + +SSEEEE AALLSSOO + ftpd(8) + + KTH-KRB May 7, 1997 1 diff --git a/crypto/heimdal/appl/ftp/ftpd/popen.c b/crypto/heimdal/appl/ftp/ftpd/popen.c index d8a4996..52c8824 100644 --- a/crypto/heimdal/appl/ftp/ftpd/popen.c +++ b/crypto/heimdal/appl/ftp/ftpd/popen.c @@ -37,7 +37,7 @@ #ifdef HAVE_CONFIG_H #include <config.h> -RCSID("$Id: popen.c,v 1.22 2001/02/05 07:51:51 assar Exp $"); +RCSID("$Id: popen.c,v 1.24 2001/03/26 11:41:02 assar Exp $"); #endif #include <sys/types.h> @@ -138,7 +138,8 @@ ftpd_popen(char *program, char *type, int do_stderr, int no_glob) /* glob each piece */ for (gargc = argc = 1; argv[argc] && gargc < MAXGLOBS - 1; argc++) { glob_t gl; - int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE; + int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE + | GLOB_LIMIT; memset(&gl, 0, sizeof(gl)); if (no_glob || glob(argv[argc], flags, NULL, &gl)) diff --git a/crypto/heimdal/appl/kf/Makefile.in b/crypto/heimdal/appl/kf/Makefile.in index fe2a23b..16a599c 100644 --- a/crypto/heimdal/appl/kf/Makefile.in +++ b/crypto/heimdal/appl/kf/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -119,7 +120,7 @@ install_sh = @install_sh@ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) bin_PROGRAMS = kf @@ -251,7 +254,7 @@ OBJECTS = $(am_kf_OBJECTS) $(am_kfd_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/kf/Makefile @@ -451,6 +454,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/appl/kf/kf.c b/crypto/heimdal/appl/kf/kf.c index 0800ce9..3288dae 100644 --- a/crypto/heimdal/appl/kf/kf.c +++ b/crypto/heimdal/appl/kf/kf.c @@ -32,7 +32,7 @@ */ #include "kf_locl.h" -RCSID("$Id: kf.c,v 1.14 2000/12/31 07:31:06 assar Exp $"); +RCSID("$Id: kf.c,v 1.15 2001/02/20 01:44:44 assar Exp $"); krb5_context context; static int help_flag; @@ -71,7 +71,7 @@ client_setup(krb5_context *context, int *argc, char **argv) int port = 0; int status; - set_progname (argv[0]); + setprogname (argv[0]); status = krb5_init_context (context); if (status) diff --git a/crypto/heimdal/appl/kf/kf.cat1 b/crypto/heimdal/appl/kf/kf.cat1 new file mode 100644 index 0000000..b87ed85 --- /dev/null +++ b/crypto/heimdal/appl/kf/kf.cat1 @@ -0,0 +1,46 @@ + +KF(1) UNIX Reference Manual KF(1) + +NNAAMMEE + kkff - securly forward tickets + +SSYYNNOOPPSSIISS + kkff [--pp _p_o_r_t | ----ppoorrtt=_p_o_r_t] [--ll _l_o_g_i_n | ----llooggiinn=_l_o_g_i_n] [--cc _c_c_a_c_h_e | + ----ccccaacchhee=_c_c_a_c_h_e] [--FF | ----ffoorrwwaarrddaabbllee] [--GG | ----nnoo--ffoorrwwaarrddaabbllee] [--hh | + ----hheellpp] [----vveerrssiioonn] _h_o_s_t _._._. + +DDEESSCCRRIIPPTTIIOONN + The kkff program forwards tickets to a remove host through an authenticated + and encrypted stream. Options supported are: + + --pp _p_o_r_t, ----ppoorrtt=_p_o_r_t + port to connect to + + --ll _l_o_g_i_n, ----llooggiinn=_l_o_g_i_n + remote login name + + --cc _c_c_a_c_h_e, ----ccccaacchhee=_c_c_a_c_h_e + remote cred cache + + --FF, ----ffoorrwwaarrddaabbllee + forward forwardable credentials + + --GG, ----nnoo--ffoorrwwaarrddaabbllee + do not forward forwardable credentials + + --hh, ----hheellpp + + ----vveerrssiioonn + + kkff is useful when you do not want to enter your password on a remote host + but want to have your tickets one for example afs. + + In order for kkff to work you will need to acquire your initial ticket with + forwardable flag, ie kkiinniitt ----ffoorrwwaarrddaabbllee. + + tteellnneett is able to forward ticket by itself. + +SSEEEE AALLSSOO + kinit(1), telnet(1), kfd(8) + + Heimdal July 2, 2000 1 diff --git a/crypto/heimdal/appl/kf/kfd.c b/crypto/heimdal/appl/kf/kfd.c index 3791579..6dc2666 100644 --- a/crypto/heimdal/appl/kf/kfd.c +++ b/crypto/heimdal/appl/kf/kfd.c @@ -32,7 +32,7 @@ */ #include "kf_locl.h" -RCSID("$Id: kfd.c,v 1.8 2001/01/09 18:43:10 assar Exp $"); +RCSID("$Id: kfd.c,v 1.9 2001/02/20 01:44:44 assar Exp $"); krb5_context context; char krb5_tkfile[MAXPATHLEN]; @@ -315,7 +315,7 @@ main(int argc, char **argv) int port; int ret; - set_progname (argv[0]); + setprogname (argv[0]); roken_openlog (argv[0], LOG_ODELAY | LOG_PID,LOG_AUTH); port = server_setup(&context, argc, argv); ret = doit (port, service); diff --git a/crypto/heimdal/appl/kf/kfd.cat8 b/crypto/heimdal/appl/kf/kfd.cat8 new file mode 100644 index 0000000..396ffdc --- /dev/null +++ b/crypto/heimdal/appl/kf/kfd.cat8 @@ -0,0 +1,31 @@ + +KFD(8) UNIX System Manager's Manual KFD(8) + +NNAAMMEE + kkffdd - receive forwarded tickets + +SSYYNNOOPPSSIISS + kkffdd [--pp _p_o_r_t | ----ppoorrtt=_p_o_r_t] [--ii | ----iinneettdd] [--RR _r_e_g_p_a_g | ----rreeggppaagg=_r_e_g_p_a_g] + [--hh | ----hheellpp] [----vveerrssiioonn] + +DDEESSCCRRIIPPTTIIOONN + This is the daemon for kf(1). Supported options: + + --pp _p_o_r_t, ----ppoorrtt=_p_o_r_t + port to listen to + + --ii, ----iinneettdd + not started from inetd + + --RR _r_e_g_p_a_g, ----rreeggppaagg==_r_e_g_p_a_g + path to regpag binary + +EEXXAAMMPPLLEESS + Put the following in _/_e_t_c_/_i_n_e_t_d_._c_o_n_f: + + kf stream tcp nowait root /usr/heimdal/libexec/kfd kfd + +SSEEEE AALLSSOO + kf(1) + + Heimdal July 2, 2000 1 diff --git a/crypto/heimdal/appl/kx/ChangeLog b/crypto/heimdal/appl/kx/ChangeLog new file mode 100644 index 0000000..3050e2e --- /dev/null +++ b/crypto/heimdal/appl/kx/ChangeLog @@ -0,0 +1,317 @@ +2001-01-17 Johan Danielsson <joda@pdc.kth.se> + + * common.c: don't write to string constants + +2000-12-31 Assar Westerlund <assar@sics.se> + + * krb5.c (krb5_make_context): handle krb5_init_context failure + consistently + +2000-10-08 Assar Westerlund <assar@sics.se> + + * kxd.c (doit_passive): check that fds are not too large to select + on + * kx.c (doit_active): check that fds are not too large to select + on + * krb5.c (krb5_copy_encrypted): check that fds are not too large + to select on + * krb4.c (krb4_copy_encrypted): check that fds are not too large + to select on + +2000-06-10 Assar Westerlund <assar@sics.se> + + * Makefile.in: use INSTALL_SCRIPT for installing rxterm, rxtelnet, + tenletxr + +2000-04-19 Assar Westerlund <assar@sics.se> + + * common.c: try hostname uncanonified if getaddrinfo() fails + +2000-02-06 Assar Westerlund <assar@sics.se> + + * kx.h: remove old prorotypes + +2000-01-08 Assar Westerlund <assar@sics.se> + + * common.c (match_local_auth): handle ai_canonname being set in + any of the addresses returnedby getaddrinfo. glibc apparently + returns the reverse lookup of every address in ai_canonname. + +1999-12-28 Assar Westerlund <assar@sics.se> + + * kxd.c (main): call krb5_getportbyname with the default in + host-byte-order + +1999-12-17 Assar Westerlund <assar@sics.se> + + * common.c (match_local_auth): remove extra brace. spotted by + Jakob Schlyter <jakob@cdg.chalmers.se> + +1999-12-16 Assar Westerlund <assar@sics.se> + + * common.c (match_local_auth): handle ai_canonname not being set + +1999-12-06 Assar Westerlund <assar@sics.se> + + * krb4.c (krb4_authenticate): the NAT address might not be the one + for the relevant realm, try anyway. + * kxd.c (recv_conn): type correctness + * kx.c (connect_host): typo + +1999-12-05 Assar Westerlund <assar@sics.se> + + * common.c (INADDR_LOOPBACK): remove. now in roken. + + * kxd.c (recv_conn): use getnameinfo_verified + * kxd.c (recv_conn): replace inaddr2str with getnameinfo + +1999-12-04 Assar Westerlund <assar@sics.se> + + * kx.c (connect_host): use getaddrinfo + * common.c (find_auth_cookie, match_local_auth): re-write to use + getaddrinfo + +1999-11-27 Assar Westerlund <assar@sics.se> + + * kxd.c (recv_conn): better errors when getting unrecognized data + +1999-11-25 Assar Westerlund <assar@sics.se> + + * krb4.c (krb4_authenticate): obtain the `local' address when + doing NAT. also turn on passive mode. From <thn@stacken.kth.se> + +1999-11-18 Assar Westerlund <assar@sics.se> + + * krb5.c (krb5_destroy): free the correct part of the context + +1999-11-02 Assar Westerlund <assar@sics.se> + + * kx.c (main): redo the v4/v5 selection for consistency. -4 -> + try only v4 -5 -> try only v5 none, -45 -> try v5, v4 + +1999-10-10 Assar Westerlund <assar@sics.se> + + * Makefile.am (CLEANFILES): add generated files so that they get + cleaned away + +1999-09-29 Assar Westerlund <assar@sics.se> + + * common.c (match_local_auth): only look for FamilyLocal (and + FamilyWild) cookies. This will not work when we start talking tcp + to the local X-server but `connect_local_xsocket' and the rest of + the code doesn't handle it anyway and the old code could (and did) + pick up the wrong cookie sometimes. If we have to match + FamilyInternet cookies, the search order has to be changed anyway + +1999-09-02 Assar Westerlund <assar@sics.se> + + * kxd.c (childhandler): watch for child `wait_on_pid' to die. + (recv_conn): set `wait_on_pid' instead of looping on waitpid here + also. This should solve the problem of kxd looping which was + caused by the signal handler getting invoked before this waitpid + and reaping the child leaving this poor loop without any child + +1999-08-19 Assar Westerlund <assar@sics.se> + + * kxd.c (recv_conn): give better error message + (doit_active): don't die if fork gives EAGAIN + +1999-08-19 Johan Danielsson <joda@pdc.kth.se> + + * kxd.c (recv_conn): call setjob on crays; + (doit_passive): if fork fails with EAGAIN, don't shutdown, just close + the connection re-implement `-t' flag + +1999-07-12 Assar Westerlund <assar@sics.se> + + * Makefile.am: handle not building X programs + +1999-06-23 Assar Westerlund <assar@sics.se> + + * kx.c: conditionalize krb_enable_debug + +1999-06-20 Assar Westerlund <assar@sics.se> + + * kxd.c (main): hopefully do inetd confusion right + +1999-06-15 Assar Westerlund <assar@sics.se> + + * krb4.c (krb4_authenticate): get rid of a warning + + * kx.h: const-pollution + + * kx.c: use get_default_username and resulting const pollution + + * context.c (context_set): const pollution + +1999-05-22 Assar Westerlund <assar@sics.se> + + * kxd.c (recv_conn): fix syslog messages + (main): fix inetd_flag thinko + +1999-05-21 Assar Westerlund <assar@sics.se> + + * kx.c (main): don't byte-swap the argument to krb5_getportbyname + + * kx.c (main): try to use $USERNAME + +1999-05-10 Assar Westerlund <assar@sics.se> + + * Makefile.in (SOURCES*): update sources list + + * kx.c (main): forgot to conditionalize some KRB5 code + + * kxd.c (main): use getarg + (*): handle v4 and/or v5 + + * kx.h: update + + * kx.c (main): use getarg. + (*): handle v4 and/or v5 + + * common.c (do_enccopy, copy_encrypted): remove use + net_{read,write} instead of krb_net_{read,write} + (krb_get_int, krb_put_int): include fallback of these for when we + compile without krb4 + + * Makefile.am (*_SOURCES): remove encdata, add krb[45].c, + context.c + (LDADD): add krb5 + + * krb4.c, krb5.c, context.c: new files + +1999-05-08 Assar Westerlund <assar@sics.se> + + * kxd.c (doit_passive): handle error code from + create_and_write_cookie + + * kx.c (doit_active): handle error code from + create_and_write_cookie + + * common.c (create_and_write_cookie): try to return better (and + correct) errors. Based on a patch from Love <lha@e.kth.se> + + * common.c (try_pie): more braces + (match_local_auth): new function + (find_auth_cookie): new function + (replace_cookie): don't just take the first auth cookie. based on + patch from Ake Sandgren <ake@@cs.umu.se> + +Wed Apr 7 23:39:23 1999 Assar Westerlund <assar@sics.se> + + * common.c (get_xsockets): init local variable to get rid of a gcc + warning + +Thu Apr 1 21:11:36 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * Makefile.in: fix for writeauth.o + +Fri Mar 19 15:12:31 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * kx.c: add gcc-braces + +Thu Mar 18 11:18:20 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * Makefile.am: include Makefile.am.common + +Thu Mar 11 14:58:32 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * writeauth.c: protoize + + * common.c: fix some warnings + +Wed Mar 10 19:33:39 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * kxd.c: openlog -> roken_openlog + +Wed Feb 3 22:01:55 1999 Assar Westerlund <assar@sics.se> + + * rxtelnet.in: print out what telnet program we are running. From + <nissej@pdc.kth.se> + + * tenletxr.in: add --version, [-h | --help], -v + + * rxterm.in: add --version, [-h | --help], -v + + * rxtelnet.in: add --version, [-h | --help], -v + + * Makefile.in (rxterm, rxtelnet, telnetxr): substitute VERSION and + PACKAGE + + * rxtelnet.in: update usage string + +Fri Jan 22 23:51:05 1999 Assar Westerlund <assar@sics.se> + + * common.c (verify_and_remove_cookies): give back a meaningful + error message if we're using the wrong cookie + +Fri Dec 18 17:42:02 1998 Assar Westerlund <assar@sics.se> + + * common.c (replace_cookie): try to handle the case of not finding + any cookies + +Sun Nov 22 10:31:53 1998 Assar Westerlund <assar@sics.se> + + * Makefile.in (WFLAGS): set + +Wed Nov 18 20:25:37 1998 Assar Westerlund <assar@sics.se> + + * rxtelnet.in: new argument -n for not starting any terminal + emulator + + * kx.c (doit_passive): parse $DISPLAY correctly + +Fri Oct 2 06:34:51 1998 Assar Westerlund <assar@sics.se> + + * kx.c (doit_active): check DISPLAY to figure out what local + socket to connect to. From Åke Sandgren <ake@cs.umu.se> + +Thu Oct 1 23:02:29 1998 Johan Danielsson <joda@hella.pdc.kth.se> + + * kx.h: case MAY_HAVE_X11_PIPES with Solaris + +Tue Sep 29 02:22:44 1998 Assar Westerlund <assar@sics.se> + + * kx.c: fix from Ake Sandgren <ake@cs.umu.se> + +Mon Sep 28 18:04:03 1998 Johan Danielsson <joda@hella.pdc.kth.se> + + * common.c (try_pipe): return -1 if I_PUSH fails with ENOSYS + +Sat Sep 26 17:34:21 1998 Assar Westerlund <assar@sics.se> + + * kxd.c: create sockets before setuid to handle Solaris' strange + permissions on /tmp/.X11-{unix,pipe} + + * common.c (chown_xsockets): new function + + * kx.h (chown_xsockets): new prototype + +Sun Aug 16 18:34:30 1998 Assar Westerlund <assar@sics.se> + + * kxd.c (doit_passive): conditionalize stream pipe code + + * implement support for Solaris's named-pipe X transport + +Thu May 28 17:20:39 1998 Johan Danielsson <joda@emma.pdc.kth.se> + + * common.c: fix for (compiler?) bug in solaris 2.4 bind + + * kx.c: get_xsockets returns int, not unsigned + +Wed May 27 04:20:20 1998 Assar Westerlund <assar@sics.se> + + * kxd.c (doit): better error reporting + +Tue May 26 17:41:23 1998 Johan Danielsson <joda@emma.pdc.kth.se> + + * kx.c: use krb_enable_debug + +Mon May 25 05:22:18 1998 Assar Westerlund <assar@sics.se> + + * Makefile.in (clean): remove encdata.c + +Fri May 1 07:16:36 1998 Assar Westerlund <assar@sics.se> + + * kx.c: unifdef -DHAVE_H_ERRNO + diff --git a/crypto/heimdal/appl/kx/Makefile.am b/crypto/heimdal/appl/kx/Makefile.am new file mode 100644 index 0000000..ec3f249 --- /dev/null +++ b/crypto/heimdal/appl/kx/Makefile.am @@ -0,0 +1,73 @@ +# $Id: Makefile.am,v 1.12 2000/11/15 22:51:08 assar Exp $ + +include $(top_srcdir)/Makefile.am.common + +INCLUDES += $(INCLUDE_krb4) $(X_CFLAGS) + +WFLAGS += $(WFLAGS_NOIMPLICITINT) + +if HAVE_X + +bin_PROGRAMS = kx +bin_SCRIPTS = rxterm rxtelnet tenletxr +libexec_PROGRAMS = kxd + +else + +bin_PROGRAMS = +bin_SCRIPTS = +libexec_PROGRAMS = + +endif + +CLEANFILES = rxterm rxtelnet tenletxr + +if NEED_WRITEAUTH +XauWriteAuth_c = writeauth.c +endif + +kx_SOURCES = \ + kx.c \ + kx.h \ + common.c \ + context.c \ + krb4.c \ + krb5.c \ + $(XauWriteAuth_c) + +EXTRA_kx_SOURCES = writeauth.c + +kxd_SOURCES = \ + kxd.c \ + kx.h \ + common.c \ + context.c \ + krb4.c \ + krb5.c \ + $(XauWriteAuth_c) + +EXTRA_kxd_SOURCES = writeauth.c + +EXTRA_DIST = rxterm.in rxtelnet.in tenletxr.in + +man_MANS = kx.1 rxtelnet.1 rxterm.1 tenletxr.1 kxd.8 + +rxterm: rxterm.in + sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxterm.in > $@ + chmod +x $@ + +rxtelnet: rxtelnet.in + sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxtelnet.in > $@ + chmod +x $@ + +tenletxr: tenletxr.in + sed -e "s!%bindir%!$(bindir)!" $(srcdir)/tenletxr.in > $@ + chmod +x $@ + +LDADD = \ + $(LIB_kafs) \ + $(LIB_krb5) \ + $(LIB_krb4) \ + $(LIB_des) \ + $(LIB_roken) \ + $(X_LIBS) $(LIB_XauReadAuth) $(X_PRE_LIBS) $(X_EXTRA_LIBS) diff --git a/crypto/heimdal/appl/kx/Makefile.in b/crypto/heimdal/appl/kx/Makefile.in new file mode 100644 index 0000000..9d327ec --- /dev/null +++ b/crypto/heimdal/appl/kx/Makefile.in @@ -0,0 +1,801 @@ +# Makefile.in generated automatically by automake 1.4b from Makefile.am + +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +SHELL = @SHELL@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +datadir = @datadir@ +sysconfdir = @sysconfdir@ +sharedstatedir = @sharedstatedir@ +localstatedir = @localstatedir@ +libdir = @libdir@ +infodir = @infodir@ +mandir = @mandir@ +includedir = @includedir@ +oldincludedir = /usr/include + +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ + +top_builddir = ../.. + +ACLOCAL = @ACLOCAL@ +AUTOCONF = @AUTOCONF@ +AUTOMAKE = @AUTOMAKE@ +AUTOHEADER = @AUTOHEADER@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_FLAG = +transform = @program_transform_name@ + +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : + +@SET_MAKE@ +host_alias = @host_alias@ +host_triplet = @host@ +AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ +AMDEP = @AMDEP@ +AMTAR = @AMTAR@ +AS = @AS@ +AWK = @AWK@ +CANONICAL_HOST = @CANONICAL_HOST@ +CATMAN = @CATMAN@ +CATMANEXT = @CATMANEXT@ +CC = @CC@ +CPP = @CPP@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +DBLIB = @DBLIB@ +DEPDIR = @DEPDIR@ +DIR_des = @DIR_des@ +DIR_roken = @DIR_roken@ +DLLTOOL = @DLLTOOL@ +EXEEXT = @EXEEXT@ +EXTRA_LIB45 = @EXTRA_LIB45@ +GROFF = @GROFF@ +INCLUDES_roken = @INCLUDES_roken@ +INCLUDE_ = @INCLUDE_@ +LEX = @LEX@ +LIBOBJS = @LIBOBJS@ +LIBTOOL = @LIBTOOL@ +LIB_ = @LIB_@ +LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_des = @LIB_des@ +LIB_des_appl = @LIB_des_appl@ +LIB_kdb = @LIB_kdb@ +LIB_otp = @LIB_otp@ +LIB_roken = @LIB_roken@ +LIB_security = @LIB_security@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ +NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ +NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +RANLIB = @RANLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ +WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ +WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +YACC = @YACC@ +dpagaix_CFLAGS = @dpagaix_CFLAGS@ +dpagaix_LDADD = @dpagaix_LDADD@ +install_sh = @install_sh@ + +# $Id: Makefile.am,v 1.12 2000/11/15 22:51:08 assar Exp $ + + +# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ + + +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ + + +AUTOMAKE_OPTIONS = foreign no-dependencies + +SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x + +INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(X_CFLAGS) + +AM_CFLAGS = $(WFLAGS) + +CP = cp + +COMPILE_ET = $(top_builddir)/lib/com_err/compile_et + +buildinclude = $(top_builddir)/include + +LIB_XauReadAuth = @LIB_XauReadAuth@ +LIB_crypt = @LIB_crypt@ +LIB_dbm_firstkey = @LIB_dbm_firstkey@ +LIB_dbopen = @LIB_dbopen@ +LIB_dlopen = @LIB_dlopen@ +LIB_dn_expand = @LIB_dn_expand@ +LIB_el_init = @LIB_el_init@ +LIB_getattr = @LIB_getattr@ +LIB_gethostbyname = @LIB_gethostbyname@ +LIB_getpwent_r = @LIB_getpwent_r@ +LIB_getpwnam_r = @LIB_getpwnam_r@ +LIB_getsockopt = @LIB_getsockopt@ +LIB_logout = @LIB_logout@ +LIB_logwtmp = @LIB_logwtmp@ +LIB_odm_initialize = @LIB_odm_initialize@ +LIB_pidfile = @LIB_pidfile@ +LIB_readline = @LIB_readline@ +LIB_res_search = @LIB_res_search@ +LIB_setpcred = @LIB_setpcred@ +LIB_setsockopt = @LIB_setsockopt@ +LIB_socket = @LIB_socket@ +LIB_syslog = @LIB_syslog@ +LIB_tgetent = @LIB_tgetent@ + +LIBS = @LIBS@ + +HESIODLIB = @HESIODLIB@ +HESIODINCLUDE = @HESIODINCLUDE@ +INCLUDE_hesiod = @INCLUDE_hesiod@ +LIB_hesiod = @LIB_hesiod@ + +INCLUDE_krb4 = @INCLUDE_krb4@ +LIB_krb4 = @LIB_krb4@ + +INCLUDE_openldap = @INCLUDE_openldap@ +LIB_openldap = @LIB_openldap@ + +INCLUDE_readline = @INCLUDE_readline@ + +LEXLIB = @LEXLIB@ + +NROFF_MAN = groff -mandoc -Tascii + +@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) + +@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la +@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la + +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + +CHECK_LOCAL = $(PROGRAMS) + +WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT) + +@HAVE_X_TRUE@bin_PROGRAMS = @HAVE_X_TRUE@kx +@HAVE_X_FALSE@bin_PROGRAMS = +@HAVE_X_TRUE@bin_SCRIPTS = @HAVE_X_TRUE@rxterm rxtelnet tenletxr +@HAVE_X_FALSE@bin_SCRIPTS = +@HAVE_X_TRUE@libexec_PROGRAMS = @HAVE_X_TRUE@kxd +@HAVE_X_FALSE@libexec_PROGRAMS = + +CLEANFILES = rxterm rxtelnet tenletxr + +@NEED_WRITEAUTH_TRUE@XauWriteAuth_c = @NEED_WRITEAUTH_TRUE@writeauth.c + +kx_SOURCES = \ + kx.c \ + kx.h \ + common.c \ + context.c \ + krb4.c \ + krb5.c \ + $(XauWriteAuth_c) + + +EXTRA_kx_SOURCES = writeauth.c + +kxd_SOURCES = \ + kxd.c \ + kx.h \ + common.c \ + context.c \ + krb4.c \ + krb5.c \ + $(XauWriteAuth_c) + + +EXTRA_kxd_SOURCES = writeauth.c + +EXTRA_DIST = rxterm.in rxtelnet.in tenletxr.in + +man_MANS = kx.1 rxtelnet.1 rxterm.1 tenletxr.1 kxd.8 + +LDADD = \ + $(LIB_kafs) \ + $(LIB_krb5) \ + $(LIB_krb4) \ + $(LIB_des) \ + $(LIB_roken) \ + $(X_LIBS) $(LIB_XauReadAuth) $(X_PRE_LIBS) $(X_EXTRA_LIBS) + +subdir = appl/kx +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = ../../include/config.h +CONFIG_CLEAN_FILES = +@HAVE_X_FALSE@bin_PROGRAMS = +@HAVE_X_FALSE@libexec_PROGRAMS = +PROGRAMS = $(bin_PROGRAMS) $(libexec_PROGRAMS) + + +DEFS = @DEFS@ -I. -I$(srcdir) -I../../include +CPPFLAGS = @CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +X_CFLAGS = @X_CFLAGS@ +X_LIBS = @X_LIBS@ +X_EXTRA_LIBS = @X_EXTRA_LIBS@ +X_PRE_LIBS = @X_PRE_LIBS@ +@NEED_WRITEAUTH_FALSE@am_kx_OBJECTS = kx.$(OBJEXT) common.$(OBJEXT) \ +@NEED_WRITEAUTH_FALSE@context.$(OBJEXT) krb4.$(OBJEXT) krb5.$(OBJEXT) +@NEED_WRITEAUTH_TRUE@am_kx_OBJECTS = kx.$(OBJEXT) common.$(OBJEXT) \ +@NEED_WRITEAUTH_TRUE@context.$(OBJEXT) krb4.$(OBJEXT) krb5.$(OBJEXT) \ +@NEED_WRITEAUTH_TRUE@writeauth.$(OBJEXT) +kx_OBJECTS = $(am_kx_OBJECTS) +kx_LDADD = $(LDADD) +@KRB4_FALSE@@KRB5_FALSE@kx_DEPENDENCIES = +@KRB4_FALSE@@KRB5_TRUE@kx_DEPENDENCIES = \ +@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@KRB4_TRUE@@KRB5_FALSE@kx_DEPENDENCIES = \ +@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la +@KRB4_TRUE@@KRB5_TRUE@kx_DEPENDENCIES = \ +@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \ +@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +kx_LDFLAGS = +@NEED_WRITEAUTH_FALSE@am_kxd_OBJECTS = kxd.$(OBJEXT) common.$(OBJEXT) \ +@NEED_WRITEAUTH_FALSE@context.$(OBJEXT) krb4.$(OBJEXT) krb5.$(OBJEXT) +@NEED_WRITEAUTH_TRUE@am_kxd_OBJECTS = kxd.$(OBJEXT) common.$(OBJEXT) \ +@NEED_WRITEAUTH_TRUE@context.$(OBJEXT) krb4.$(OBJEXT) krb5.$(OBJEXT) \ +@NEED_WRITEAUTH_TRUE@writeauth.$(OBJEXT) +kxd_OBJECTS = $(am_kxd_OBJECTS) +kxd_LDADD = $(LDADD) +@KRB4_FALSE@@KRB5_FALSE@kxd_DEPENDENCIES = +@KRB4_FALSE@@KRB5_TRUE@kxd_DEPENDENCIES = \ +@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@KRB4_TRUE@@KRB5_FALSE@kxd_DEPENDENCIES = \ +@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la +@KRB4_TRUE@@KRB5_TRUE@kxd_DEPENDENCIES = \ +@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \ +@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +kxd_LDFLAGS = +SCRIPTS = $(bin_SCRIPTS) + +COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CFLAGS = @CFLAGS@ +CCLD = $(CC) +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +DIST_SOURCES = $(kx_SOURCES) $(EXTRA_kx_SOURCES) $(kxd_SOURCES) \ +$(EXTRA_kxd_SOURCES) +man1dir = $(mandir)/man1 +man8dir = $(mandir)/man8 +MANS = $(man_MANS) +depcomp = +DIST_COMMON = ChangeLog Makefile.am Makefile.in + + +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + +GZIP_ENV = --best +SOURCES = $(kx_SOURCES) $(EXTRA_kx_SOURCES) $(kxd_SOURCES) $(EXTRA_kxd_SOURCES) +OBJECTS = $(am_kx_OBJECTS) $(am_kxd_OBJECTS) + +all: all-redirect +.SUFFIXES: +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj +$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common + cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/kx/Makefile + +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) \ + && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status + + +mostlyclean-binPROGRAMS: + +clean-binPROGRAMS: + -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS) + +distclean-binPROGRAMS: + +maintainer-clean-binPROGRAMS: + +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(bindir) + @list='$(bin_PROGRAMS)'; for p in $$list; do \ + if test -f $$p; then \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f"; \ + $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f; \ + else :; fi; \ + done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(bin_PROGRAMS)'; for p in $$list; do \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " rm -f $(DESTDIR)$(bindir)/$$f"; \ + rm -f $(DESTDIR)$(bindir)/$$f; \ + done + +mostlyclean-libexecPROGRAMS: + +clean-libexecPROGRAMS: + -test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS) + +distclean-libexecPROGRAMS: + +maintainer-clean-libexecPROGRAMS: + +install-libexecPROGRAMS: $(libexec_PROGRAMS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(libexecdir) + @list='$(libexec_PROGRAMS)'; for p in $$list; do \ + if test -f $$p; then \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f"; \ + $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f; \ + else :; fi; \ + done + +uninstall-libexecPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(libexec_PROGRAMS)'; for p in $$list; do \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \ + rm -f $(DESTDIR)$(libexecdir)/$$f; \ + done + +mostlyclean-compile: + -rm -f *.o core *.core + -rm -f *.$(OBJEXT) + +clean-compile: + +distclean-compile: + -rm -f *.tab.c + +maintainer-clean-compile: + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + +maintainer-clean-libtool: + +kx$(EXEEXT): $(kx_OBJECTS) $(kx_DEPENDENCIES) + @rm -f kx$(EXEEXT) + $(LINK) $(kx_LDFLAGS) $(kx_OBJECTS) $(kx_LDADD) $(LIBS) + +kxd$(EXEEXT): $(kxd_OBJECTS) $(kxd_DEPENDENCIES) + @rm -f kxd$(EXEEXT) + $(LINK) $(kxd_LDFLAGS) $(kxd_OBJECTS) $(kxd_LDADD) $(LIBS) + +install-binSCRIPTS: $(bin_SCRIPTS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(bindir) + @list='$(bin_SCRIPTS)'; for p in $$list; do \ + f="`echo $$p|sed '$(transform)'`"; \ + if test -f $$p; then \ + echo " $(INSTALL_SCRIPT) $$p $(DESTDIR)$(bindir)/$$f"; \ + $(INSTALL_SCRIPT) $$p $(DESTDIR)$(bindir)/$$f; \ + elif test -f $(srcdir)/$$p; then \ + echo " $(INSTALL_SCRIPT) $(srcdir)/$$p $(DESTDIR)$(bindir)/$$f"; \ + $(INSTALL_SCRIPT) $(srcdir)/$$p $(DESTDIR)$(bindir)/$$f; \ + else :; fi; \ + done + +uninstall-binSCRIPTS: + @$(NORMAL_UNINSTALL) + @list='$(bin_SCRIPTS)'; for p in $$list; do \ + f="`echo $$p|sed '$(transform)'`"; \ + echo " rm -f $(DESTDIR)$(bindir)/$$f"; \ + rm -f $(DESTDIR)$(bindir)/$$f; \ + done +.c.o: + $(COMPILE) -c $< +.c.obj: + $(COMPILE) -c `cygpath -w $<` +.c.lo: + $(LTCOMPILE) -c -o $@ $< + +install-man1: + $(mkinstalldirs) $(DESTDIR)$(man1dir) + @list='$(man1_MANS)'; \ + l2='$(man_MANS)'; for i in $$l2; do \ + case "$$i" in \ + *.1*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \ + $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \ + done + +uninstall-man1: + @list='$(man1_MANS)'; \ + l2='$(man_MANS)'; for i in $$l2; do \ + case "$$i" in \ + *.1*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \ + rm -f $(DESTDIR)$(man1dir)/$$inst; \ + done + +install-man8: + $(mkinstalldirs) $(DESTDIR)$(man8dir) + @list='$(man8_MANS)'; \ + l2='$(man_MANS)'; for i in $$l2; do \ + case "$$i" in \ + *.8*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst"; \ + $(INSTALL_DATA) $$file $(DESTDIR)$(man8dir)/$$inst; \ + done + +uninstall-man8: + @list='$(man8_MANS)'; \ + l2='$(man_MANS)'; for i in $$l2; do \ + case "$$i" in \ + *.8*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f $(DESTDIR)$(man8dir)/$$inst"; \ + rm -f $(DESTDIR)$(man8dir)/$$inst; \ + done +install-man: $(MANS) + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-man1 install-man8 +uninstall-man: + @$(NORMAL_UNINSTALL) + $(MAKE) $(AM_MAKEFLAGS) uninstall-man1 uninstall-man8 + +tags: TAGS + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique $(LISP) + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ + || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) + +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + +mostlyclean-tags: + +clean-tags: + +distclean-tags: + -rm -f TAGS ID + +maintainer-clean-tags: + +distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) + +distdir: $(DISTFILES) + @for file in $(DISTFILES); do \ + d=$(srcdir); \ + if test -d $$d/$$file; then \ + cp -pR $$d/$$file $(distdir) \ + || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook +info-am: +info: info-am +dvi-am: +dvi: dvi-am +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-local +check: check-am +installcheck-am: +installcheck: installcheck-am +install-exec-am: install-binPROGRAMS install-libexecPROGRAMS \ + install-binSCRIPTS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook +install-exec: install-exec-am + +install-data-am: install-man install-data-local +install-data: install-data-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am +install: install-am +uninstall-am: uninstall-binPROGRAMS uninstall-libexecPROGRAMS \ + uninstall-binSCRIPTS uninstall-man +uninstall: uninstall-am +all-am: Makefile $(PROGRAMS) $(SCRIPTS) $(MANS) all-local +all-redirect: all-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install +installdirs: + $(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) \ + $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 \ + $(DESTDIR)$(mandir)/man8 + + +mostlyclean-generic: + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f config.cache config.log stamp-h stamp-h[0-9]* + +maintainer-clean-generic: + -rm -f Makefile.in +mostlyclean-am: mostlyclean-binPROGRAMS mostlyclean-libexecPROGRAMS \ + mostlyclean-compile mostlyclean-libtool \ + mostlyclean-tags mostlyclean-generic + +mostlyclean: mostlyclean-am + +clean-am: clean-binPROGRAMS clean-libexecPROGRAMS clean-compile \ + clean-libtool clean-tags clean-generic mostlyclean-am + +clean: clean-am + +distclean-am: distclean-binPROGRAMS distclean-libexecPROGRAMS \ + distclean-compile distclean-libtool distclean-tags \ + distclean-generic clean-am + -rm -f libtool + +distclean: distclean-am + +maintainer-clean-am: maintainer-clean-binPROGRAMS \ + maintainer-clean-libexecPROGRAMS \ + maintainer-clean-compile maintainer-clean-libtool \ + maintainer-clean-tags maintainer-clean-generic \ + distclean-am + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." + +maintainer-clean: maintainer-clean-am + +.PHONY: mostlyclean-binPROGRAMS distclean-binPROGRAMS clean-binPROGRAMS \ +maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \ +mostlyclean-libexecPROGRAMS distclean-libexecPROGRAMS \ +clean-libexecPROGRAMS maintainer-clean-libexecPROGRAMS \ +uninstall-libexecPROGRAMS install-libexecPROGRAMS mostlyclean-compile \ +distclean-compile clean-compile maintainer-clean-compile \ +mostlyclean-libtool distclean-libtool clean-libtool \ +maintainer-clean-libtool uninstall-binSCRIPTS install-binSCRIPTS \ +install-man1 uninstall-man1 install-man8 uninstall-man8 install-man \ +uninstall-man tags mostlyclean-tags distclean-tags clean-tags \ +maintainer-clean-tags distdir info-am info dvi-am dvi check-local check \ +check-am installcheck-am installcheck install-exec-am install-exec \ +install-data-local install-data-am install-data install-am install \ +uninstall-am uninstall all-local all-redirect all-am all install-strip \ +installdirs mostlyclean-generic distclean-generic clean-generic \ +maintainer-clean-generic clean mostlyclean distclean maintainer-clean + + +install-suid-programs: + @foo='$(bin_SUIDS)'; \ + for file in $$foo; do \ + x=$(DESTDIR)$(bindir)/$$file; \ + if chown 0:0 $$x && chmod u+s $$x; then :; else \ + echo "*"; \ + echo "* Failed to install $$x setuid root"; \ + echo "*"; \ + fi; done + +install-exec-hook: install-suid-programs + +install-build-headers:: $(include_HEADERS) $(build_HEADERZ) + @foo='$(include_HEADERS) $(build_HEADERZ)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done + +all-local: install-build-headers +#NROFF_MAN = nroff -man +.1.cat1: + $(NROFF_MAN) $< > $@ +.3.cat3: + $(NROFF_MAN) $< > $@ +.5.cat5: + $(NROFF_MAN) $< > $@ +.8.cat8: + $(NROFF_MAN) $< > $@ + +dist-cat1-mans: + @foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat3-mans: + @foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat5-mans: + @foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat8-mans: + @foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans + +install-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +install-data-local: install-cat-mans + +.et.h: + $(COMPILE_ET) $< +.et.c: + $(COMPILE_ET) $< + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ + +check-local:: + @foo='$(CHECK_LOCAL)'; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if ./$$i --version > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0; \ + fi + +rxterm: rxterm.in + sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxterm.in > $@ + chmod +x $@ + +rxtelnet: rxtelnet.in + sed -e "s!%bindir%!$(bindir)!" $(srcdir)/rxtelnet.in > $@ + chmod +x $@ + +tenletxr: tenletxr.in + sed -e "s!%bindir%!$(bindir)!" $(srcdir)/tenletxr.in > $@ + chmod +x $@ + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/crypto/heimdal/appl/kx/common.c b/crypto/heimdal/appl/kx/common.c new file mode 100644 index 0000000..0d23169 --- /dev/null +++ b/crypto/heimdal/appl/kx/common.c @@ -0,0 +1,794 @@ +/* + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kx.h" + +RCSID("$Id: common.c,v 1.62 2001/02/15 04:20:51 assar Exp $"); + +char x_socket[MaxPathLen]; + +u_int32_t display_num; +char display[MaxPathLen]; +int display_size = sizeof(display); +char xauthfile[MaxPathLen]; +int xauthfile_size = sizeof(xauthfile); +u_char cookie[16]; +size_t cookie_len = sizeof(cookie); + +#ifndef X_UNIX_PATH +#define X_UNIX_PATH "/tmp/.X11-unix/X" +#endif + +#ifndef X_PIPE_PATH +#define X_PIPE_PATH "/tmp/.X11-pipe/X" +#endif + +/* + * Allocate a unix domain socket in `s' for display `dpy' and with + * filename `pattern' + * + * 0 if all is OK + * -1 if bind failed badly + * 1 if dpy is already used */ + +static int +try_socket (struct x_socket *s, int dpy, const char *pattern) +{ + struct sockaddr_un addr; + int fd; + + fd = socket (AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) + err (1, "socket AF_UNIX"); + memset (&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + snprintf (addr.sun_path, sizeof(addr.sun_path), pattern, dpy); + if(bind(fd, + (struct sockaddr *)&addr, + sizeof(addr)) < 0) { + close (fd); + if (errno == EADDRINUSE || + errno == EACCES /* Cray return EACCESS */ +#ifdef ENOTUNIQ + || errno == ENOTUNIQ /* bug in Solaris 2.4 */ +#endif + ) + return 1; + else + return -1; + } + s->fd = fd; + s->pathname = strdup (addr.sun_path); + if (s->pathname == NULL) + errx (1, "strdup: out of memory"); + s->flags = UNIX_SOCKET; + return 0; +} + +#ifdef MAY_HAVE_X11_PIPES +/* + * Allocate a stream (masqueraded as a named pipe) + * + * 0 if all is OK + * -1 if bind failed badly + * 1 if dpy is already used + */ + +static int +try_pipe (struct x_socket *s, int dpy, const char *pattern) +{ + char path[MAXPATHLEN]; + int ret; + int fd; + int pipefd[2]; + + snprintf (path, sizeof(path), pattern, dpy); + fd = open (path, O_WRONLY | O_CREAT | O_EXCL, 0600); + if (fd < 0) { + if (errno == EEXIST) + return 1; + else + return -1; + } + + close (fd); + + ret = pipe (pipefd); + if (ret < 0) + err (1, "pipe"); + + ret = ioctl (pipefd[1], I_PUSH, "connld"); + if (ret < 0) { + if(errno == ENOSYS) + return -1; + err (1, "ioctl I_PUSH"); + } + + ret = fattach (pipefd[1], path); + if (ret < 0) + err (1, "fattach %s", path); + + s->fd = pipefd[0]; + close (pipefd[1]); + s->pathname = strdup (path); + if (s->pathname == NULL) + errx (1, "strdup: out of memory"); + s->flags = STREAM_PIPE; + return 0; +} +#endif /* MAY_HAVE_X11_PIPES */ + +/* + * Try to create a TCP socket in `s' corresponding to display `dpy'. + * + * 0 if all is OK + * -1 if bind failed badly + * 1 if dpy is already used + */ + +static int +try_tcp (struct x_socket *s, int dpy) +{ + struct sockaddr_in tcpaddr; + struct in_addr local; + int one = 1; + int fd; + + memset(&local, 0, sizeof(local)); + local.s_addr = htonl(INADDR_LOOPBACK); + + fd = socket (AF_INET, SOCK_STREAM, 0); + if (fd < 0) + err (1, "socket AF_INET"); +#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT) + setsockopt (fd, IPPROTO_TCP, TCP_NODELAY, (void *)&one, + sizeof(one)); +#endif + memset (&tcpaddr, 0, sizeof(tcpaddr)); + tcpaddr.sin_family = AF_INET; + tcpaddr.sin_addr = local; + tcpaddr.sin_port = htons(6000 + dpy); + if (bind (fd, (struct sockaddr *)&tcpaddr, + sizeof(tcpaddr)) < 0) { + close (fd); + if (errno == EADDRINUSE) + return 1; + else + return -1; + } + s->fd = fd; + s->pathname = NULL; + s->flags = TCP; + return 0; +} + +/* + * The potential places to create unix sockets. + */ + +static char *x_sockets[] = { +X_UNIX_PATH "%u", +"/var/X/.X11-unix/X" "%u", +"/usr/spool/sockets/X11/" "%u", +NULL +}; + +/* + * Dito for stream pipes. + */ + +#ifdef MAY_HAVE_X11_PIPES +static char *x_pipes[] = { +X_PIPE_PATH "%u", +"/var/X/.X11-pipe/X" "%u", +NULL +}; +#endif + +/* + * Create the directory corresponding to dirname of `path' or fail. + */ + +static void +try_mkdir (const char *path) +{ + char *dir; + char *p; + int oldmask; + + if((dir = strdup (path)) == NULL) + errx (1, "strdup: out of memory"); + p = strrchr (dir, '/'); + if (p) + *p = '\0'; + + oldmask = umask(0); + mkdir (dir, 01777); + umask (oldmask); + free (dir); +} + +/* + * Allocate a display, returning the number of sockets in `number' and + * all the corresponding sockets in `sockets'. If `tcp_socket' is + * true, also allcoaet a TCP socket. + * + * The return value is the display allocated or -1 if an error occurred. + */ + +int +get_xsockets (int *number, struct x_socket **sockets, int tcp_socket) +{ + int dpy; + struct x_socket *s; + int n; + int i; + + s = malloc (sizeof(*s) * 5); + if (s == NULL) + errx (1, "malloc: out of memory"); + + try_mkdir (X_UNIX_PATH); + try_mkdir (X_PIPE_PATH); + + for(dpy = 4; dpy < 256; ++dpy) { + char **path; + int tmp = 0; + + n = 0; + for (path = x_sockets; *path; ++path) { + tmp = try_socket (&s[n], dpy, *path); + if (tmp == -1) { + if (errno != ENOTDIR && errno != ENOENT) + return -1; + } else if (tmp == 1) { + while(--n >= 0) { + close (s[n].fd); + free (s[n].pathname); + } + break; + } else if (tmp == 0) + ++n; + } + if (tmp == 1) + continue; + +#ifdef MAY_HAVE_X11_PIPES + for (path = x_pipes; *path; ++path) { + tmp = try_pipe (&s[n], dpy, *path); + if (tmp == -1) { + if (errno != ENOTDIR && errno != ENOENT && errno != ENOSYS) + return -1; + } else if (tmp == 1) { + while (--n >= 0) { + close (s[n].fd); + free (s[n].pathname); + } + break; + } else if (tmp == 0) + ++n; + } + + if (tmp == 1) + continue; +#endif + + if (tcp_socket) { + tmp = try_tcp (&s[n], dpy); + if (tmp == -1) + return -1; + else if (tmp == 1) { + while (--n >= 0) { + close (s[n].fd); + free (s[n].pathname); + } + break; + } else if (tmp == 0) + ++n; + } + break; + } + if (dpy == 256) + errx (1, "no free x-servers"); + for (i = 0; i < n; ++i) + if (s[i].flags & LISTENP + && listen (s[i].fd, SOMAXCONN) < 0) + err (1, "listen %s", s[i].pathname ? s[i].pathname : "tcp"); + *number = n; + *sockets = s; + return dpy; +} + +/* + * Change owner on the `n' sockets in `sockets' to `uid', `gid'. + * Return 0 is succesful or -1 if an error occurred. + */ + +int +chown_xsockets (int n, struct x_socket *sockets, uid_t uid, gid_t gid) +{ + int i; + + for (i = 0; i < n; ++i) + if (sockets[i].pathname != NULL) + if (chown (sockets[i].pathname, uid, gid) < 0) + return -1; + return 0; +} + +/* + * Connect to local display `dnr' with local transport. + * Return a file descriptor. + */ + +int +connect_local_xsocket (unsigned dnr) +{ + int fd; + struct sockaddr_un addr; + char **path; + + for (path = x_sockets; *path; ++path) { + fd = socket (AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) + err (1, "socket AF_UNIX"); + memset (&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + snprintf (addr.sun_path, sizeof(addr.sun_path), *path, dnr); + if (connect (fd, (struct sockaddr *)&addr, sizeof(addr)) == 0) + return fd; + } + err (1, "connecting to local display %u", dnr); +} + +/* + * Create a cookie file with a random cookie for the localhost. The + * file name will be stored in `xauthfile' (but not larger than + * `xauthfile_size'), and the cookie returned in `cookie', `cookie_sz'. + * Return 0 if succesful, or errno. + */ + +int +create_and_write_cookie (char *xauthfile, + size_t xauthfile_size, + u_char *cookie, + size_t cookie_sz) +{ + Xauth auth; + char tmp[64]; + int fd; + FILE *f; + char hostname[MaxHostNameLen]; + struct in_addr loopback; + int saved_errno; + + gethostname (hostname, sizeof(hostname)); + loopback.s_addr = htonl(INADDR_LOOPBACK); + + auth.family = FamilyLocal; + auth.address = hostname; + auth.address_length = strlen(auth.address); + snprintf (tmp, sizeof(tmp), "%d", display_num); + auth.number_length = strlen(tmp); + auth.number = tmp; + auth.name = COOKIE_TYPE; + auth.name_length = strlen(auth.name); + auth.data_length = cookie_sz; + auth.data = (char*)cookie; +#ifdef HAVE_OPENSSL_DES_H + krb5_generate_random_block (cookie, cookie_sz); +#else + des_rand_data (cookie, cookie_sz); +#endif + + strlcpy(xauthfile, "/tmp/AXXXXXX", xauthfile_size); + fd = mkstemp(xauthfile); + if(fd < 0) { + saved_errno = errno; + syslog(LOG_ERR, "create_and_write_cookie: mkstemp: %m"); + return saved_errno; + } + f = fdopen(fd, "r+"); + if(f == NULL){ + saved_errno = errno; + close(fd); + return errno; + } + if(XauWriteAuth(f, &auth) == 0) { + saved_errno = errno; + fclose(f); + return saved_errno; + } + + /* + * I would like to write a cookie for localhost:n here, but some + * stupid code in libX11 will not look for cookies of that type, + * so we are forced to use FamilyWild instead. + */ + + auth.family = FamilyWild; + auth.address_length = 0; + +#if 0 /* XXX */ + auth.address = (char *)&loopback; + auth.address_length = sizeof(loopback); +#endif + + if (XauWriteAuth(f, &auth) == 0) { + saved_errno = errno; + fclose (f); + return saved_errno; + } + + if(fclose(f)) + return errno; + return 0; +} + +/* + * Verify and remove cookies. Read and parse a X-connection from + * `fd'. Check the cookie used is the same as in `cookie'. Remove the + * cookie and copy the rest of it to `sock'. + * Expect cookies iff cookiesp. + * Return 0 iff ok. + * + * The protocol is as follows: + * + * C->S: [Bl] 1 + * unused 1 + * protocol major version 2 + * protocol minor version 2 + * length of auth protocol name(n) 2 + * length of auth protocol data 2 + * unused 2 + * authorization protocol name n + * pad pad(n) + * authorization protocol data d + * pad pad(d) + * + * S->C: Failed + * 0 1 + * length of reason 1 + * protocol major version 2 + * protocol minor version 2 + * length in 4 bytes unit of + * additional data (n+p)/4 2 + * reason n + * unused p = pad(n) + */ + +int +verify_and_remove_cookies (int fd, int sock, int cookiesp) +{ + u_char beg[12]; + int bigendianp; + unsigned n, d, npad, dpad; + char *protocol_name, *protocol_data; + u_char zeros[6] = {0, 0, 0, 0, 0, 0}; + u_char refused[20] = {0, 10, + 0, 0, /* protocol major version */ + 0, 0, /* protocol minor version */ + 0, 0, /* length of additional data / 4 */ + 'b', 'a', 'd', ' ', 'c', 'o', 'o', 'k', 'i', 'e', + 0, 0}; + + if (net_read (fd, beg, sizeof(beg)) != sizeof(beg)) + return 1; + if (net_write (sock, beg, 6) != 6) + return 1; + bigendianp = beg[0] == 'B'; + if (bigendianp) { + n = (beg[6] << 8) | beg[7]; + d = (beg[8] << 8) | beg[9]; + } else { + n = (beg[7] << 8) | beg[6]; + d = (beg[9] << 8) | beg[8]; + } + npad = (4 - (n % 4)) % 4; + dpad = (4 - (d % 4)) % 4; + protocol_name = malloc(n + npad); + if (n + npad != 0 && protocol_name == NULL) + return 1; + protocol_data = malloc(d + dpad); + if (d + dpad != 0 && protocol_data == NULL) { + free (protocol_name); + return 1; + } + if (net_read (fd, protocol_name, n + npad) != n + npad) + goto fail; + if (net_read (fd, protocol_data, d + dpad) != d + dpad) + goto fail; + if (cookiesp) { + if (strncmp (protocol_name, COOKIE_TYPE, strlen(COOKIE_TYPE)) != 0) + goto refused; + if (d != cookie_len || + memcmp (protocol_data, cookie, cookie_len) != 0) + goto refused; + } + free (protocol_name); + free (protocol_data); + if (net_write (sock, zeros, 6) != 6) + return 1; + return 0; +refused: + refused[2] = beg[2]; + refused[3] = beg[3]; + refused[4] = beg[4]; + refused[5] = beg[5]; + if (bigendianp) + refused[7] = 3; + else + refused[6] = 3; + + net_write (fd, refused, sizeof(refused)); +fail: + free (protocol_name); + free (protocol_data); + return 1; +} + +/* + * Return 0 iff `cookie' is compatible with the cookie for the + * localhost with name given in `ai' (or `hostname') and display + * number in `disp_nr'. + */ + +static int +match_local_auth (Xauth* auth, + struct addrinfo *ai, const char *hostname, int disp_nr) +{ + int auth_disp; + char *tmp_disp; + struct addrinfo *a; + + tmp_disp = strndup (auth->number, auth->number_length); + if (tmp_disp == NULL) + return -1; + auth_disp = atoi(tmp_disp); + free (tmp_disp); + if (auth_disp != disp_nr) + return 1; + for (a = ai; a != NULL; a = a->ai_next) { + if ((auth->family == FamilyLocal + || auth->family == FamilyWild) + && a->ai_canonname != NULL + && strncmp (auth->address, + a->ai_canonname, + auth->address_length) == 0) + return 0; + } + if (hostname != NULL + && (auth->family == FamilyLocal + || auth->family == FamilyWild) + && strncmp (auth->address, hostname, auth->address_length) == 0) + return 0; + return 1; +} + +/* + * Find `our' cookie from the cookie file `f' and return it or NULL. + */ + +static Xauth* +find_auth_cookie (FILE *f) +{ + Xauth *ret = NULL; + char local_hostname[MaxHostNameLen]; + char *display = getenv("DISPLAY"); + char d[MaxHostNameLen + 4]; + char *colon; + struct addrinfo *ai; + struct addrinfo hints; + int disp; + int error; + + if(display == NULL) + display = ":0"; + strlcpy(d, display, sizeof(d)); + display = d; + colon = strchr (display, ':'); + if (colon == NULL) + disp = 0; + else { + *colon = '\0'; + disp = atoi (colon + 1); + } + if (strcmp (display, "") == 0 + || strncmp (display, "unix", 4) == 0 + || strncmp (display, "localhost", 9) == 0) { + gethostname (local_hostname, sizeof(local_hostname)); + display = local_hostname; + } + memset (&hints, 0, sizeof(hints)); + hints.ai_flags = AI_CANONNAME; + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + + error = getaddrinfo (display, NULL, &hints, &ai); + if (error) + ai = NULL; + + for (; (ret = XauReadAuth (f)) != NULL; XauDisposeAuth(ret)) { + if (match_local_auth (ret, ai, display, disp) == 0) { + if (ai != NULL) + freeaddrinfo (ai); + return ret; + } + } + if (ai != NULL) + freeaddrinfo (ai); + return NULL; +} + +/* + * Get rid of the cookie that we were sent and get the correct one + * from our own cookie file instead. + */ + +int +replace_cookie(int xserver, int fd, char *filename, int cookiesp) /* XXX */ +{ + u_char beg[12]; + int bigendianp; + unsigned n, d, npad, dpad; + FILE *f; + u_char zeros[6] = {0, 0, 0, 0, 0, 0}; + + if (net_read (fd, beg, sizeof(beg)) != sizeof(beg)) + return 1; + if (net_write (xserver, beg, 6) != 6) + return 1; + bigendianp = beg[0] == 'B'; + if (bigendianp) { + n = (beg[6] << 8) | beg[7]; + d = (beg[8] << 8) | beg[9]; + } else { + n = (beg[7] << 8) | beg[6]; + d = (beg[9] << 8) | beg[8]; + } + if (n != 0 || d != 0) + return 1; + f = fopen(filename, "r"); + if (f != NULL) { + Xauth *auth = find_auth_cookie (f); + u_char len[6] = {0, 0, 0, 0, 0, 0}; + + fclose (f); + + if (auth != NULL) { + n = auth->name_length; + d = auth->data_length; + } else { + n = 0; + d = 0; + } + if (bigendianp) { + len[0] = n >> 8; + len[1] = n & 0xFF; + len[2] = d >> 8; + len[3] = d & 0xFF; + } else { + len[0] = n & 0xFF; + len[1] = n >> 8; + len[2] = d & 0xFF; + len[3] = d >> 8; + } + if (net_write (xserver, len, 6) != 6) { + XauDisposeAuth(auth); + return 1; + } + if(n != 0 && net_write (xserver, auth->name, n) != n) { + XauDisposeAuth(auth); + return 1; + } + npad = (4 - (n % 4)) % 4; + if (npad && net_write (xserver, zeros, npad) != npad) { + XauDisposeAuth(auth); + return 1; + } + if (d != 0 && net_write (xserver, auth->data, d) != d) { + XauDisposeAuth(auth); + return 1; + } + XauDisposeAuth(auth); + dpad = (4 - (d % 4)) % 4; + if (dpad && net_write (xserver, zeros, dpad) != dpad) + return 1; + } else { + if(net_write(xserver, zeros, 6) != 6) + return 1; + } + return 0; +} + +/* + * Some simple controls on the address and corresponding socket + */ + +int +suspicious_address (int sock, struct sockaddr_in addr) +{ + char data[40]; + socklen_t len = sizeof(data); + + return addr.sin_addr.s_addr != htonl(INADDR_LOOPBACK) +#if defined(IP_OPTIONS) && defined(HAVE_GETSOCKOPT) + || getsockopt (sock, IPPROTO_IP, IP_OPTIONS, data, &len) < 0 + || len != 0 +#endif + ; +} + +/* + * This really sucks, but these functions are used and if we're not + * linking against libkrb they don't exist. Using the heimdal storage + * functions will not work either cause we do not always link with + * libkrb5 either. + */ + +#ifndef KRB4 + +int +krb_get_int(void *f, u_int32_t *to, int size, int lsb) +{ + int i; + unsigned char *from = (unsigned char *)f; + + *to = 0; + if(lsb){ + for(i = size-1; i >= 0; i--) + *to = (*to << 8) | from[i]; + }else{ + for(i = 0; i < size; i++) + *to = (*to << 8) | from[i]; + } + return size; +} + +int +krb_put_int(u_int32_t from, void *to, size_t rem, int size) +{ + int i; + unsigned char *p = (unsigned char *)to; + + if (rem < size) + return -1; + + for(i = size - 1; i >= 0; i--){ + p[i] = from & 0xff; + from >>= 8; + } + return size; +} + +#endif /* !KRB4 */ diff --git a/crypto/heimdal/appl/kx/context.c b/crypto/heimdal/appl/kx/context.c new file mode 100644 index 0000000..bbc8da9 --- /dev/null +++ b/crypto/heimdal/appl/kx/context.c @@ -0,0 +1,92 @@ +/* + * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kx.h" + +RCSID("$Id: context.c,v 1.4 1999/12/02 16:58:32 joda Exp $"); + +/* + * Set the common part of the context `kc' + */ + +void +context_set (kx_context *kc, const char *host, const char *user, int port, + int debug_flag, int keepalive_flag, int tcp_flag) +{ + kc->host = host; + kc->user = user; + kc->port = port; + kc->debug_flag = debug_flag; + kc->keepalive_flag = keepalive_flag; + kc->tcp_flag = tcp_flag; +} + +/* + * dispatch functions + */ + +void +context_destroy (kx_context *kc) +{ + (*kc->destroy)(kc); +} + +int +context_authenticate (kx_context *kc, int s) +{ + return (*kc->authenticate)(kc, s); +} + +int +context_userok (kx_context *kc, char *user) +{ + return (*kc->userok)(kc, user); +} + +ssize_t +kx_read (kx_context *kc, int fd, void *buf, size_t len) +{ + return (*kc->read)(kc, fd, buf, len); +} + +ssize_t +kx_write (kx_context *kc, int fd, const void *buf, size_t len) +{ + return (*kc->write)(kc, fd, buf, len); +} + +int +copy_encrypted (kx_context *kc, int fd1, int fd2) +{ + return (*kc->copy_encrypted)(kc, fd1, fd2); +} diff --git a/crypto/heimdal/appl/kx/krb4.c b/crypto/heimdal/appl/kx/krb4.c new file mode 100644 index 0000000..07852c9 --- /dev/null +++ b/crypto/heimdal/appl/kx/krb4.c @@ -0,0 +1,361 @@ +/* + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kx.h" + +RCSID("$Id: krb4.c,v 1.8 2000/10/08 13:19:22 assar Exp $"); + +#ifdef KRB4 + +struct krb4_kx_context { + des_cblock key; + des_key_schedule schedule; + AUTH_DAT auth; +}; + +typedef struct krb4_kx_context krb4_kx_context; + +/* + * Destroy the krb4 context in `c'. + */ + +static void +krb4_destroy (kx_context *c) +{ + memset (c->data, 0, sizeof(krb4_kx_context)); + free (c->data); +} + +/* + * Read the authentication information from `s' and return 0 if + * succesful, else -1. + */ + +static int +krb4_authenticate (kx_context *kc, int s) +{ + CREDENTIALS cred; + KTEXT_ST text; + MSG_DAT msg; + int status; + krb4_kx_context *c = (krb4_kx_context *)kc->data; + const char *host = kc->host; + +#ifdef HAVE_KRB_GET_OUR_IP_FOR_REALM + if (krb_get_config_bool("nat_in_use")) { + struct in_addr natAddr; + + if (krb_get_our_ip_for_realm(krb_realmofhost(kc->host), + &natAddr) == KSUCCESS + || krb_get_our_ip_for_realm (NULL, &natAddr) == KSUCCESS) + kc->thisaddr.sin_addr = natAddr; + } +#endif + + status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd", + (char *)host, krb_realmofhost (host), + getpid(), &msg, &cred, c->schedule, + &kc->thisaddr, &kc->thataddr, KX_VERSION); + if (status != KSUCCESS) { + warnx ("%s: %s\n", host, krb_get_err_text(status)); + return -1; + } + memcpy (c->key, cred.session, sizeof(des_cblock)); + return 0; +} + +/* + * Read a krb4 priv packet from `fd' into `buf' (of size `len'). + * Return the number of bytes read or 0 on EOF or -1 on error. + */ + +static ssize_t +krb4_read (kx_context *kc, + int fd, void *buf, size_t len) +{ + unsigned char tmp[4]; + ssize_t ret; + size_t l; + int status; + krb4_kx_context *c = (krb4_kx_context *)kc->data; + MSG_DAT msg; + + ret = krb_net_read (fd, tmp, 4); + if (ret == 0) + return ret; + if (ret != 4) + return -1; + l = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3]; + if (l > len) + return -1; + if (krb_net_read (fd, buf, l) != l) + return -1; + status = krb_rd_priv (buf, l, c->schedule, &c->key, + &kc->thataddr, &kc->thisaddr, &msg); + if (status != RD_AP_OK) { + warnx ("krb4_read: %s", krb_get_err_text(status)); + return -1; + } + memmove (buf, msg.app_data, msg.app_length); + return msg.app_length; +} + +/* + * Write a krb4 priv packet on `fd' with the data in `buf, len'. + * Return len or -1 on error + */ + +static ssize_t +krb4_write(kx_context *kc, + int fd, const void *buf, size_t len) +{ + void *outbuf; + krb4_kx_context *c = (krb4_kx_context *)kc->data; + int outlen; + unsigned char tmp[4]; + + outbuf = malloc (len + 30); + if (outbuf == NULL) + return -1; + outlen = krb_mk_priv ((void *)buf, outbuf, len, c->schedule, &c->key, + &kc->thisaddr, &kc->thataddr); + if (outlen < 0) { + free (outbuf); + return -1; + } + tmp[0] = (outlen >> 24) & 0xFF; + tmp[1] = (outlen >> 16) & 0xFF; + tmp[2] = (outlen >> 8) & 0xFF; + tmp[3] = (outlen >> 0) & 0xFF; + + if (krb_net_write (fd, tmp, 4) != 4 || + krb_net_write (fd, outbuf, outlen) != outlen) { + free (outbuf); + return -1; + } + free (outbuf); + return len; +} + +/* + * Copy data from `fd1' to `fd2', {en,de}crypting with cfb64 + * with `mode' and state stored in `iv', `schedule', and `num'. + * Return -1 if error, 0 if eof, else 1 + */ + +static int +do_enccopy (int fd1, int fd2, int mode, des_cblock *iv, + des_key_schedule schedule, int *num) +{ + int ret; + u_char buf[BUFSIZ]; + + ret = read (fd1, buf, sizeof(buf)); + if (ret == 0) + return 0; + if (ret < 0) { + warn ("read"); + return ret; + } +#ifndef NOENCRYPTION + des_cfb64_encrypt (buf, buf, ret, schedule, iv, + num, mode); +#endif + ret = krb_net_write (fd2, buf, ret); + if (ret < 0) { + warn ("write"); + return ret; + } + return 1; +} + +/* + * Copy data between fd1 and fd2, encrypting one way and decrypting + * the other. + */ + +static int +krb4_copy_encrypted (kx_context *kc, + int fd1, int fd2) +{ + krb4_kx_context *c = (krb4_kx_context *)kc->data; + des_cblock iv1, iv2; + int num1 = 0, num2 = 0; + + memcpy (iv1, c->key, sizeof(iv1)); + memcpy (iv2, c->key, sizeof(iv2)); + for (;;) { + fd_set fdset; + int ret; + + if (fd1 >= FD_SETSIZE || fd2 >= FD_SETSIZE) { + warnx ("fd too large"); + return 1; + } + + FD_ZERO(&fdset); + FD_SET(fd1, &fdset); + FD_SET(fd2, &fdset); + + ret = select (max(fd1, fd2)+1, &fdset, NULL, NULL, NULL); + if (ret < 0 && errno != EINTR) { + warn ("select"); + return 1; + } + if (FD_ISSET(fd1, &fdset)) { + ret = do_enccopy (fd1, fd2, DES_ENCRYPT, &iv1, c->schedule, &num1); + if (ret <= 0) + return ret; + } + if (FD_ISSET(fd2, &fdset)) { + ret = do_enccopy (fd2, fd1, DES_DECRYPT, &iv2, c->schedule, &num2); + if (ret <= 0) + return ret; + } + } +} + +/* + * Return 0 if the user authenticated on `kc' is allowed to login as + * `user'. + */ + +static int +krb4_userok (kx_context *kc, char *user) +{ + krb4_kx_context *c = (krb4_kx_context *)kc->data; + char *tmp; + + tmp = krb_unparse_name_long (c->auth.pname, + c->auth.pinst, + c->auth.prealm); + kc->user = strdup (tmp); + if (kc->user == NULL) + err (1, "malloc"); + + + return kuserok (&c->auth, user); +} + +/* + * Create an instance of an krb4 context. + */ + +void +krb4_make_context (kx_context *kc) +{ + kc->authenticate = krb4_authenticate; + kc->userok = krb4_userok; + kc->read = krb4_read; + kc->write = krb4_write; + kc->copy_encrypted = krb4_copy_encrypted; + kc->destroy = krb4_destroy; + kc->user = NULL; + kc->data = malloc(sizeof(krb4_kx_context)); + + if (kc->data == NULL) + err (1, "malloc"); +} + +/* + * Receive authentication information on `sock' (first four bytes + * in `buf'). + */ + +int +recv_v4_auth (kx_context *kc, int sock, u_char *buf) +{ + int status; + KTEXT_ST ticket; + char instance[INST_SZ + 1]; + char version[KRB_SENDAUTH_VLEN + 1]; + krb4_kx_context *c; + AUTH_DAT auth; + des_key_schedule schedule; + + if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0) + return -1; + if (net_read (sock, buf + 4, KRB_SENDAUTH_VLEN - 4) != + KRB_SENDAUTH_VLEN - 4) { + syslog (LOG_ERR, "read: %m"); + exit (1); + } + if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0) { + syslog (LOG_ERR, "unrecognized auth protocol: %.8s", buf); + exit (1); + } + + k_getsockinst (sock, instance, sizeof(instance)); + status = krb_recvauth (KOPT_IGNORE_PROTOCOL | KOPT_DO_MUTUAL, + sock, + &ticket, + "rcmd", + instance, + &kc->thataddr, + &kc->thisaddr, + &auth, + "", + schedule, + version); + if (status != KSUCCESS) { + syslog (LOG_ERR, "krb_recvauth: %s", krb_get_err_text(status)); + exit (1); + } + if (strncmp (version, KX_VERSION, KRB_SENDAUTH_VLEN) != 0) { + /* Try to be nice to old kx's */ + if (strncmp (version, KX_OLD_VERSION, KRB_SENDAUTH_VLEN) == 0) { + char *old_errmsg = "\001Old version of kx. Please upgrade."; + char user[64]; + + syslog (LOG_ERR, "Old version client (%s)", version); + + krb_net_read (sock, user, sizeof(user)); + krb_net_write (sock, old_errmsg, strlen(old_errmsg) + 1); + exit (1); + } else { + syslog (LOG_ERR, "bad version: %s", version); + exit (1); + } + } + + krb4_make_context (kc); + c = (krb4_kx_context *)kc->data; + + c->auth = auth; + memcpy (c->key, &auth.session, sizeof(des_cblock)); + memcpy (c->schedule, schedule, sizeof(schedule)); + + return 0; +} + +#endif /* KRB4 */ diff --git a/crypto/heimdal/appl/kx/krb5.c b/crypto/heimdal/appl/kx/krb5.c new file mode 100644 index 0000000..0b4a083 --- /dev/null +++ b/crypto/heimdal/appl/kx/krb5.c @@ -0,0 +1,421 @@ +/* + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kx.h" + +RCSID("$Id: krb5.c,v 1.7 2000/12/31 07:32:03 assar Exp $"); + +#ifdef KRB5 + +struct krb5_kx_context { + krb5_context context; + krb5_keyblock *keyblock; + krb5_crypto crypto; + krb5_principal client; +}; + +typedef struct krb5_kx_context krb5_kx_context; + +/* + * Destroy the krb5 context in `c'. + */ + +static void +krb5_destroy (kx_context *c) +{ + krb5_kx_context *kc = (krb5_kx_context *)c->data; + + if (kc->keyblock) + krb5_free_keyblock (kc->context, kc->keyblock); + if (kc->crypto) + krb5_crypto_destroy (kc->context, kc->crypto); + if (kc->client) + krb5_free_principal (kc->context, kc->client); + if (kc->context) + krb5_free_context (kc->context); + free (kc); +} + +/* + * Read the authentication information from `s' and return 0 if + * succesful, else -1. + */ + +static int +krb5_authenticate (kx_context *kc, int s) +{ + krb5_kx_context *c = (krb5_kx_context *)kc->data; + krb5_context context = c->context; + krb5_auth_context auth_context = NULL; + krb5_error_code ret; + krb5_principal server; + const char *host = kc->host; + + ret = krb5_sname_to_principal (context, + host, "host", KRB5_NT_SRV_HST, &server); + if (ret) { + warnx ("krb5_sname_to_principal: %s: %s", host, + krb5_get_err_text(context, ret)); + return 1; + } + + ret = krb5_sendauth (context, + &auth_context, + &s, + KX_VERSION, + NULL, + server, + AP_OPTS_MUTUAL_REQUIRED, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL); + if (ret) { + warnx ("krb5_sendauth: %s: %s", host, + krb5_get_err_text(context, ret)); + return 1; + } + + ret = krb5_auth_con_getkey (context, auth_context, &c->keyblock); + if (ret) { + warnx ("krb5_auth_con_getkey: %s: %s", host, + krb5_get_err_text(context, ret)); + krb5_auth_con_free (context, auth_context); + return 1; + } + + ret = krb5_crypto_init (context, c->keyblock, 0, &c->crypto); + if (ret) { + warnx ("krb5_crypto_init: %s", krb5_get_err_text (context, ret)); + krb5_auth_con_free (context, auth_context); + return 1; + } + return 0; +} + +/* + * Read an encapsulated krb5 packet from `fd' into `buf' (of size + * `len'). Return the number of bytes read or 0 on EOF or -1 on + * error. + */ + +static ssize_t +krb5_read (kx_context *kc, + int fd, void *buf, size_t len) +{ + krb5_kx_context *c = (krb5_kx_context *)kc->data; + krb5_context context = c->context; + size_t data_len, outer_len; + krb5_error_code ret; + unsigned char tmp[4]; + krb5_data data; + int l; + + l = krb5_net_read (context, &fd, tmp, 4); + if (l == 0) + return l; + if (l != 4) + return -1; + data_len = (tmp[0] << 24) | (tmp[1] << 16) | (tmp[2] << 8) | tmp[3]; + outer_len = krb5_get_wrapped_length (context, c->crypto, data_len); + if (outer_len > len) + return -1; + if (krb5_net_read (context, &fd, buf, outer_len) != outer_len) + return -1; + + ret = krb5_decrypt (context, c->crypto, KRB5_KU_OTHER_ENCRYPTED, + buf, outer_len, &data); + if (ret) { + warnx ("krb5_decrypt: %s", krb5_get_err_text(context, ret)); + return -1; + } + if (data_len > data.length) { + krb5_data_free (&data); + return -1; + } + memmove (buf, data.data, data_len); + krb5_data_free (&data); + return data_len; +} + +/* + * Write an encapsulated krb5 packet on `fd' with the data in `buf, + * len'. Return len or -1 on error. + */ + +static ssize_t +krb5_write(kx_context *kc, + int fd, const void *buf, size_t len) +{ + krb5_kx_context *c = (krb5_kx_context *)kc->data; + krb5_context context = c->context; + krb5_data data; + krb5_error_code ret; + unsigned char tmp[4]; + size_t outlen; + + ret = krb5_encrypt (context, c->crypto, KRB5_KU_OTHER_ENCRYPTED, + (void *)buf, len, &data); + if (ret){ + warnx ("krb5_write: %s", krb5_get_err_text (context, ret)); + return -1; + } + + outlen = data.length; + tmp[0] = (len >> 24) & 0xFF; + tmp[1] = (len >> 16) & 0xFF; + tmp[2] = (len >> 8) & 0xFF; + tmp[3] = (len >> 0) & 0xFF; + + if (krb5_net_write (context, &fd, tmp, 4) != 4 || + krb5_net_write (context, &fd, data.data, outlen) != outlen) { + krb5_data_free (&data); + return -1; + } + krb5_data_free (&data); + return len; +} + +/* + * Copy from the unix socket `from_fd' encrypting to `to_fd'. + * Return 0, -1 or len. + */ + +static int +copy_out (kx_context *kc, int from_fd, int to_fd) +{ + char buf[32768]; + ssize_t len; + + len = read (from_fd, buf, sizeof(buf)); + if (len == 0) + return 0; + if (len < 0) { + warn ("read"); + return len; + } + return krb5_write (kc, to_fd, buf, len); +} + +/* + * Copy from the socket `from_fd' decrypting to `to_fd'. + * Return 0, -1 or len. + */ + +static int +copy_in (kx_context *kc, int from_fd, int to_fd) +{ + krb5_kx_context *c = (krb5_kx_context *)kc->data; + char buf[33000]; /* XXX */ + + ssize_t len; + + len = krb5_read (kc, from_fd, buf, sizeof(buf)); + if (len == 0) + return 0; + if (len < 0) { + warn ("krb5_read"); + return len; + } + + return krb5_net_write (c->context, &to_fd, buf, len); +} + +/* + * Copy data between `fd1' and `fd2', encrypting in one direction and + * decrypting in the other. + */ + +static int +krb5_copy_encrypted (kx_context *kc, int fd1, int fd2) +{ + for (;;) { + fd_set fdset; + int ret; + + if (fd1 >= FD_SETSIZE || fd2 >= FD_SETSIZE) { + warnx ("fd too large"); + return 1; + } + + FD_ZERO(&fdset); + FD_SET(fd1, &fdset); + FD_SET(fd2, &fdset); + + ret = select (max(fd1, fd2)+1, &fdset, NULL, NULL, NULL); + if (ret < 0 && errno != EINTR) { + warn ("select"); + return 1; + } + if (FD_ISSET(fd1, &fdset)) { + ret = copy_out (kc, fd1, fd2); + if (ret <= 0) + return ret; + } + if (FD_ISSET(fd2, &fdset)) { + ret = copy_in (kc, fd2, fd1); + if (ret <= 0) + return ret; + } + } +} + +/* + * Return 0 if the user authenticated on `kc' is allowed to login as + * `user'. + */ + +static int +krb5_userok (kx_context *kc, char *user) +{ + krb5_kx_context *c = (krb5_kx_context *)kc->data; + krb5_context context = c->context; + krb5_error_code ret; + char *tmp; + + ret = krb5_unparse_name (context, c->client, &tmp); + if (ret) + krb5_err (context, 1, ret, "krb5_unparse_name"); + kc->user = tmp; + + return !krb5_kuserok (context, c->client, user); +} + +/* + * Create an instance of an krb5 context. + */ + +void +krb5_make_context (kx_context *kc) +{ + krb5_kx_context *c; + krb5_error_code ret; + + kc->authenticate = krb5_authenticate; + kc->userok = krb5_userok; + kc->read = krb5_read; + kc->write = krb5_write; + kc->copy_encrypted = krb5_copy_encrypted; + kc->destroy = krb5_destroy; + kc->user = NULL; + kc->data = malloc(sizeof(krb5_kx_context)); + + if (kc->data == NULL) + err (1, "malloc"); + memset (kc->data, 0, sizeof(krb5_kx_context)); + c = (krb5_kx_context *)kc->data; + ret = krb5_init_context (&c->context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); +} + +/* + * Receive authentication information on `sock' (first four bytes + * in `buf'). + */ + +int +recv_v5_auth (kx_context *kc, int sock, u_char *buf) +{ + u_int32_t len; + krb5_error_code ret; + krb5_kx_context *c; + krb5_context context; + krb5_principal server; + krb5_auth_context auth_context = NULL; + krb5_ticket *ticket; + + if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0) + return 1; + len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]); + if (net_read(sock, buf, len) != len) { + syslog (LOG_ERR, "read: %m"); + exit (1); + } + if (len != sizeof(KRB5_SENDAUTH_VERSION) + || memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0) { + syslog (LOG_ERR, "bad sendauth version: %.8s", buf); + exit (1); + } + + krb5_make_context (kc); + c = (krb5_kx_context *)kc->data; + context = c->context; + + ret = krb5_sock_to_principal (context, sock, "host", + KRB5_NT_SRV_HST, &server); + if (ret) { + syslog (LOG_ERR, "krb5_sock_to_principal: %s", + krb5_get_err_text (context, ret)); + exit (1); + } + + ret = krb5_recvauth (context, + &auth_context, + &sock, + KX_VERSION, + server, + KRB5_RECVAUTH_IGNORE_VERSION, + NULL, + &ticket); + krb5_free_principal (context, server); + if (ret) { + syslog (LOG_ERR, "krb5_sock_to_principal: %s", + krb5_get_err_text (context, ret)); + exit (1); + } + + ret = krb5_auth_con_getkey (context, auth_context, &c->keyblock); + if (ret) { + syslog (LOG_ERR, "krb5_auth_con_getkey: %s", + krb5_get_err_text (context, ret)); + exit (1); + } + + ret = krb5_crypto_init (context, c->keyblock, 0, &c->crypto); + if (ret) { + syslog (LOG_ERR, "krb5_crypto_init: %s", + krb5_get_err_text (context, ret)); + exit (1); + } + + c->client = ticket->client; + ticket->client = NULL; + krb5_free_ticket (context, ticket); + + return 0; +} + +#endif /* KRB5 */ diff --git a/crypto/heimdal/appl/kx/kx.1 b/crypto/heimdal/appl/kx/kx.1 new file mode 100644 index 0000000..fe621d8 --- /dev/null +++ b/crypto/heimdal/appl/kx/kx.1 @@ -0,0 +1,62 @@ +.\" $Id: kx.1,v 1.7 1997/09/01 15:59:07 assar Exp $ +.\" +.Dd September 27, 1996 +.Dt KX 1 +.Os KTH-KRB +.Sh NAME +.Nm kx +.Nd +securely forward X conections +.Sh SYNOPSIS +.Ar kx +.Op Fl l Ar username +.Op Fl k +.Op Fl d +.Op Fl t +.Op Fl p Ar port +.Op Fl P +.Ar host +.Sh DESCRIPTION +The +.Nm +program forwards a X connection from a remote client to a local screen +through an authenticated and encrypted stream. Options supported by +.Nm kx : +.Bl -tag -width Ds +.It Fl l +Log in on remote the host as user +.Ar username . +.It Fl k +Do not enable keep-alives on the TCP connections. +.It Fl d +Do not fork. This is mainly useful for debugging. +.It Fl t +Listen not only on a UNIX-domain socket but on a TCP socket as well. +.It Fl p +Use the port +.Ar port . +.It Fl P +Force passive mode. +.El +.Pp +This program is used by +.Nm rxtelnet +and +.Nm rxterm +and you should not need to run it directly. +.Pp +It connects to a +.Nm kxd +on the host +.Ar host +and then will relay the traffic from the remote X clients to the local +server. When started, it prints the display and Xauthority-file to be +used on host +.Ar host +and then goes to the background, waiting for connections from the +remote +.Nm kxd. +.Sh SEE ALSO +.Xr rxtelnet 1 , +.Xr rxterm 1 , +.Xr kxd 8 diff --git a/crypto/heimdal/appl/kx/kx.c b/crypto/heimdal/appl/kx/kx.c new file mode 100644 index 0000000..63e1595 --- /dev/null +++ b/crypto/heimdal/appl/kx/kx.c @@ -0,0 +1,765 @@ +/* + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kx.h" + +RCSID("$Id: kx.c,v 1.68 2001/02/20 01:44:45 assar Exp $"); + +static int nchild; +static int donep; + +/* + * Signal handler that justs waits for the children when they die. + */ + +static RETSIGTYPE +childhandler (int sig) +{ + pid_t pid; + int status; + + do { + pid = waitpid (-1, &status, WNOHANG|WUNTRACED); + if (pid > 0 && (WIFEXITED(status) || WIFSIGNALED(status))) + if (--nchild == 0 && donep) + exit (0); + } while(pid > 0); + signal (SIGCHLD, childhandler); + SIGRETURN(0); +} + +/* + * Handler for SIGUSR1. + * This signal means that we should wait until there are no children + * left and then exit. + */ + +static RETSIGTYPE +usr1handler (int sig) +{ + donep = 1; + + SIGRETURN(0); +} + +/* + * Almost the same as for SIGUSR1, except we should exit immediately + * if there are no active children. + */ + +static RETSIGTYPE +usr2handler (int sig) +{ + donep = 1; + if (nchild == 0) + exit (0); + + SIGRETURN(0); +} + +/* + * Establish authenticated connection. Return socket or -1. + */ + +static int +connect_host (kx_context *kc) +{ + struct addrinfo *ai, *a; + struct addrinfo hints; + int error; + char portstr[NI_MAXSERV]; + socklen_t addrlen; + int s; + struct sockaddr_storage thisaddr_ss; + struct sockaddr *thisaddr = (struct sockaddr *)&thisaddr_ss; + + memset (&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + + snprintf (portstr, sizeof(portstr), "%u", ntohs(kc->port)); + + error = getaddrinfo (kc->host, portstr, &hints, &ai); + if (error) { + warnx ("%s: %s", kc->host, gai_strerror(error)); + return -1; + } + + for (a = ai; a != NULL; a = a->ai_next) { + s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + if (s < 0) + continue; + if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { + warn ("connect(%s)", kc->host); + close (s); + continue; + } + break; + } + + if (a == NULL) { + freeaddrinfo (ai); + return -1; + } + + addrlen = a->ai_addrlen; + if (getsockname (s, thisaddr, &addrlen) < 0 || + addrlen != a->ai_addrlen) + err(1, "getsockname(%s)", kc->host); + memcpy (&kc->thisaddr, thisaddr, sizeof(kc->thisaddr)); + memcpy (&kc->thataddr, a->ai_addr, sizeof(kc->thataddr)); + freeaddrinfo (ai); + if ((*kc->authenticate)(kc, s)) + return -1; + return s; +} + +/* + * Get rid of the cookie that we were sent and get the correct one + * from our own cookie file instead and then just copy data in both + * directions. + */ + +static int +passive_session (int xserver, int fd, kx_context *kc) +{ + if (replace_cookie (xserver, fd, XauFileName(), 1)) + return 1; + else + return copy_encrypted (kc, xserver, fd); +} + +static int +active_session (int xserver, int fd, kx_context *kc) +{ + if (verify_and_remove_cookies (xserver, fd, 1)) + return 1; + else + return copy_encrypted (kc, xserver, fd); +} + +/* + * fork (unless debugp) and print the output that will be used by the + * script to capture the display, xauth cookie and pid. + */ + +static void +status_output (int debugp) +{ + if(debugp) + printf ("%u\t%s\t%s\n", (unsigned)getpid(), display, xauthfile); + else { + pid_t pid; + + pid = fork(); + if (pid < 0) { + err(1, "fork"); + } else if (pid > 0) { + printf ("%u\t%s\t%s\n", (unsigned)pid, display, xauthfile); + exit (0); + } else { + fclose(stdout); + } + } +} + +/* + * Obtain an authenticated connection on `kc'. Send a kx message + * saying we are `kc->user' and want to use passive mode. Wait for + * answer on that connection and fork of a child for every new + * connection we have to make. + */ + +static int +doit_passive (kx_context *kc) +{ + int otherside; + u_char msg[1024], *p; + int len; + u_int32_t tmp; + const char *host = kc->host; + + otherside = connect_host (kc); + + if (otherside < 0) + return 1; +#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT) + if (kc->keepalive_flag) { + int one = 1; + + setsockopt (otherside, SOL_SOCKET, SO_KEEPALIVE, (void *)&one, + sizeof(one)); + } +#endif + + p = msg; + *p++ = INIT; + len = strlen(kc->user); + p += KRB_PUT_INT (len, p, sizeof(msg) - 1, 4); + memcpy(p, kc->user, len); + p += len; + *p++ = PASSIVE | (kc->keepalive_flag ? KEEP_ALIVE : 0); + if (kx_write (kc, otherside, msg, p - msg) != p - msg) + err (1, "write to %s", host); + len = kx_read (kc, otherside, msg, sizeof(msg)); + if (len <= 0) + errx (1, + "error reading initial message from %s: " + "this probably means it's using an old version.", + host); + p = (u_char *)msg; + if (*p == ERROR) { + p++; + p += krb_get_int (p, &tmp, 4, 0); + errx (1, "%s: %.*s", host, (int)tmp, p); + } else if (*p != ACK) { + errx (1, "%s: strange msg %d", host, *p); + } else + p++; + p += krb_get_int (p, &tmp, 4, 0); + memcpy(display, p, tmp); + display[tmp] = '\0'; + p += tmp; + + p += krb_get_int (p, &tmp, 4, 0); + memcpy(xauthfile, p, tmp); + xauthfile[tmp] = '\0'; + p += tmp; + + status_output (kc->debug_flag); + for (;;) { + pid_t child; + + len = kx_read (kc, otherside, msg, sizeof(msg)); + if (len < 0) + err (1, "read from %s", host); + else if (len == 0) + return 0; + + p = (u_char *)msg; + if (*p == ERROR) { + p++; + p += krb_get_int (p, &tmp, 4, 0); + errx (1, "%s: %.*s", host, (int)tmp, p); + } else if(*p != NEW_CONN) { + errx (1, "%s: strange msg %d", host, *p); + } else { + p++; + p += krb_get_int (p, &tmp, 4, 0); + } + + ++nchild; + child = fork (); + if (child < 0) { + warn("fork"); + continue; + } else if (child == 0) { + struct sockaddr_in addr; + int fd; + int xserver; + + addr = kc->thataddr; + close (otherside); + + addr.sin_port = htons(tmp); + fd = socket (AF_INET, SOCK_STREAM, 0); + if (fd < 0) + err(1, "socket"); +#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT) + { + int one = 1; + + setsockopt (fd, IPPROTO_TCP, TCP_NODELAY, (void *)&one, + sizeof(one)); + } +#endif +#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT) + if (kc->keepalive_flag) { + int one = 1; + + setsockopt (fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&one, + sizeof(one)); + } +#endif + + if (connect (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) + err(1, "connect(%s)", host); + { + int d = 0; + char *s; + + s = getenv ("DISPLAY"); + if (s != NULL) { + s = strchr (s, ':'); + if (s != NULL) + d = atoi (s + 1); + } + + xserver = connect_local_xsocket (d); + if (xserver < 0) + return 1; + } + return passive_session (xserver, fd, kc); + } else { + } + } +} + +/* + * Allocate a local pseudo-xserver and wait for connections + */ + +static int +doit_active (kx_context *kc) +{ + int otherside; + int nsockets; + struct x_socket *sockets; + u_char msg[1024], *p; + int len = strlen(kc->user); + int tmp, tmp2; + char *s; + int i; + size_t rem; + u_int32_t other_port; + int error; + const char *host = kc->host; + + otherside = connect_host (kc); + if (otherside < 0) + return 1; +#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT) + if (kc->keepalive_flag) { + int one = 1; + + setsockopt (otherside, SOL_SOCKET, SO_KEEPALIVE, (void *)&one, + sizeof(one)); + } +#endif + p = msg; + rem = sizeof(msg); + *p++ = INIT; + --rem; + len = strlen(kc->user); + tmp = KRB_PUT_INT (len, p, rem, 4); + if (tmp < 0) + return 1; + p += tmp; + rem -= tmp; + memcpy(p, kc->user, len); + p += len; + rem -= len; + *p++ = (kc->keepalive_flag ? KEEP_ALIVE : 0); + --rem; + + s = getenv("DISPLAY"); + if (s == NULL || (s = strchr(s, ':')) == NULL) + s = ":0"; + len = strlen (s); + tmp = KRB_PUT_INT (len, p, rem, 4); + if (tmp < 0) + return 1; + rem -= tmp; + p += tmp; + memcpy (p, s, len); + p += len; + rem -= len; + + s = getenv("XAUTHORITY"); + if (s == NULL) + s = ""; + len = strlen (s); + tmp = KRB_PUT_INT (len, p, rem, 4); + if (tmp < 0) + return 1; + p += len; + rem -= len; + memcpy (p, s, len); + p += len; + rem -= len; + + if (kx_write (kc, otherside, msg, p - msg) != p - msg) + err (1, "write to %s", host); + + len = kx_read (kc, otherside, msg, sizeof(msg)); + if (len < 0) + err (1, "read from %s", host); + p = (u_char *)msg; + if (*p == ERROR) { + u_int32_t u32; + + p++; + p += krb_get_int (p, &u32, 4, 0); + errx (1, "%s: %.*s", host, (int)u32, p); + } else if (*p != ACK) { + errx (1, "%s: strange msg %d", host, *p); + } else + p++; + + tmp2 = get_xsockets (&nsockets, &sockets, kc->tcp_flag); + if (tmp2 < 0) + return 1; + display_num = tmp2; + if (kc->tcp_flag) + snprintf (display, display_size, "localhost:%u", display_num); + else + snprintf (display, display_size, ":%u", display_num); + error = create_and_write_cookie (xauthfile, xauthfile_size, + cookie, cookie_len); + if (error) { + warnx ("failed creating cookie file: %s", strerror(error)); + return 1; + } + status_output (kc->debug_flag); + for (;;) { + fd_set fdset; + pid_t child; + int fd, thisfd = -1; + socklen_t zero = 0; + + FD_ZERO(&fdset); + for (i = 0; i < nsockets; ++i) { + if (sockets[i].fd >= FD_SETSIZE) + errx (1, "fd too large"); + FD_SET(sockets[i].fd, &fdset); + } + if (select(FD_SETSIZE, &fdset, NULL, NULL, NULL) <= 0) + continue; + for (i = 0; i < nsockets; ++i) + if (FD_ISSET(sockets[i].fd, &fdset)) { + thisfd = sockets[i].fd; + break; + } + fd = accept (thisfd, NULL, &zero); + if (fd < 0) { + if (errno == EINTR) + continue; + else + err(1, "accept"); + } + + p = msg; + *p++ = NEW_CONN; + if (kx_write (kc, otherside, msg, p - msg) != p - msg) + err (1, "write to %s", host); + len = kx_read (kc, otherside, msg, sizeof(msg)); + if (len < 0) + err (1, "read from %s", host); + p = (u_char *)msg; + if (*p == ERROR) { + u_int32_t val; + + p++; + p += krb_get_int (p, &val, 4, 0); + errx (1, "%s: %.*s", host, (int)val, p); + } else if (*p != NEW_CONN) { + errx (1, "%s: strange msg %d", host, *p); + } else { + p++; + p += krb_get_int (p, &other_port, 4, 0); + } + + ++nchild; + child = fork (); + if (child < 0) { + warn("fork"); + continue; + } else if (child == 0) { + int s; + struct sockaddr_in addr; + + for (i = 0; i < nsockets; ++i) + close (sockets[i].fd); + + addr = kc->thataddr; + close (otherside); + + addr.sin_port = htons(other_port); + s = socket (AF_INET, SOCK_STREAM, 0); + if (s < 0) + err(1, "socket"); +#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT) + { + int one = 1; + + setsockopt (s, IPPROTO_TCP, TCP_NODELAY, (void *)&one, + sizeof(one)); + } +#endif +#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT) + if (kc->keepalive_flag) { + int one = 1; + + setsockopt (s, SOL_SOCKET, SO_KEEPALIVE, (void *)&one, + sizeof(one)); + } +#endif + + if (connect (s, (struct sockaddr *)&addr, sizeof(addr)) < 0) + err(1, "connect"); + + return active_session (fd, s, kc); + } else { + close (fd); + } + } +} + +/* + * Should we interpret `disp' as this being a passive call? + */ + +static int +check_for_passive (const char *disp) +{ + char local_hostname[MaxHostNameLen]; + + gethostname (local_hostname, sizeof(local_hostname)); + + return disp != NULL && + (*disp == ':' + || strncmp(disp, "unix", 4) == 0 + || strncmp(disp, "localhost", 9) == 0 + || strncmp(disp, local_hostname, strlen(local_hostname)) == 0); +} + +/* + * Set up signal handlers and then call the functions. + */ + +static int +doit (kx_context *kc, int passive_flag) +{ + signal (SIGCHLD, childhandler); + signal (SIGUSR1, usr1handler); + signal (SIGUSR2, usr2handler); + if (passive_flag) + return doit_passive (kc); + else + return doit_active (kc); +} + +#ifdef KRB4 + +/* + * Start a v4-authenticatated kx connection. + */ + +static int +doit_v4 (const char *host, int port, const char *user, + int passive_flag, int debug_flag, int keepalive_flag, int tcp_flag) +{ + int ret; + kx_context context; + + krb4_make_context (&context); + context_set (&context, + host, user, port, debug_flag, keepalive_flag, tcp_flag); + + ret = doit (&context, passive_flag); + context_destroy (&context); + return ret; +} +#endif /* KRB4 */ + +#ifdef KRB5 + +/* + * Start a v5-authenticatated kx connection. + */ + +static int +doit_v5 (const char *host, int port, const char *user, + int passive_flag, int debug_flag, int keepalive_flag, int tcp_flag) +{ + int ret; + kx_context context; + + krb5_make_context (&context); + context_set (&context, + host, user, port, debug_flag, keepalive_flag, tcp_flag); + + ret = doit (&context, passive_flag); + context_destroy (&context); + return ret; +} +#endif /* KRB5 */ + +/* + * Variables set from the arguments + */ + +#ifdef KRB4 +static int use_v4 = -1; +#ifdef HAVE_KRB_ENABLE_DEBUG +static int krb_debug_flag = 0; +#endif /* HAVE_KRB_ENABLE_DEBUG */ +#endif /* KRB4 */ +#ifdef KRB5 +static int use_v5 = -1; +#endif +static char *port_str = NULL; +static const char *user = NULL; +static int tcp_flag = 0; +static int passive_flag = 0; +static int keepalive_flag = 1; +static int debug_flag = 0; +static int version_flag = 0; +static int help_flag = 0; + +struct getargs args[] = { +#ifdef KRB4 + { "krb4", '4', arg_flag, &use_v4, "Use Kerberos V4", + NULL }, +#ifdef HAVE_KRB_ENABLE_DEBUG + { "krb4-debug", 'D', arg_flag, &krb_debug_flag, + "enable krb4 debugging" }, +#endif /* HAVE_KRB_ENABLE_DEBUG */ +#endif /* KRB4 */ +#ifdef KRB5 + { "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5", + NULL }, +#endif + { "port", 'p', arg_string, &port_str, "Use this port", + "number-of-service" }, + { "user", 'l', arg_string, &user, "Run as this user", + NULL }, + { "tcp", 't', arg_flag, &tcp_flag, + "Use a TCP connection for X11" }, + { "passive", 'P', arg_flag, &passive_flag, + "Force a passive connection" }, + { "keepalive", 'k', arg_negative_flag, &keepalive_flag, + "disable keep-alives" }, + { "debug", 'd', arg_flag, &debug_flag, + "Enable debug information" }, + { "version", 0, arg_flag, &version_flag, "Print version", + NULL }, + { "help", 0, arg_flag, &help_flag, NULL, + NULL } +}; + +static void +usage(int ret) +{ + arg_printusage (args, + sizeof(args) / sizeof(args[0]), + NULL, + "host"); + exit (ret); +} + +/* + * kx - forward an x-connection over a kerberos-encrypted channel. + */ + +int +main(int argc, char **argv) +{ + int port = 0; + int optind = 0; + int ret = 1; + char *host = NULL; + + setprogname (argv[0]); + + if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, + &optind)) + usage (1); + + if (help_flag) + usage (0); + + if (version_flag) { + print_version (NULL); + return 0; + } + + if (optind != argc - 1) + usage (1); + + host = argv[optind]; + + if (port_str) { + struct servent *s = roken_getservbyname (port_str, "tcp"); + + if (s) + port = s->s_port; + else { + char *ptr; + + port = strtol (port_str, &ptr, 10); + if (port == 0 && ptr == port_str) + errx (1, "Bad port `%s'", port_str); + port = htons(port); + } + } + + if (user == NULL) { + user = get_default_username (); + if (user == NULL) + errx (1, "who are you?"); + } + + if (!passive_flag) + passive_flag = check_for_passive (getenv("DISPLAY")); + +#if defined(HAVE_KERNEL_ENABLE_DEBUG) + if (krb_debug_flag) + krb_enable_debug (); +#endif + +#if defined(KRB4) && defined(KRB5) + if(use_v4 == -1 && use_v5 == 1) + use_v4 = 0; + if(use_v5 == -1 && use_v4 == 1) + use_v5 = 0; +#endif + +#ifdef KRB5 + if (ret && use_v5) { + if (port == 0) + port = krb5_getportbyname(NULL, "kx", "tcp", KX_PORT); + ret = doit_v5 (host, port, user, + passive_flag, debug_flag, keepalive_flag, tcp_flag); + } +#endif +#ifdef KRB4 + if (ret && use_v4) { + if (port == 0) + port = k_getportbyname("kx", "tcp", htons(KX_PORT)); + ret = doit_v4 (host, port, user, + passive_flag, debug_flag, keepalive_flag, tcp_flag); + } +#endif + return ret; +} diff --git a/crypto/heimdal/appl/kx/kx.cat1 b/crypto/heimdal/appl/kx/kx.cat1 new file mode 100644 index 0000000..ce22926 --- /dev/null +++ b/crypto/heimdal/appl/kx/kx.cat1 @@ -0,0 +1,39 @@ + +KX(1) UNIX Reference Manual KX(1) + +NNAAMMEE + kkxx - securely forward X conections + +SSYYNNOOPPSSIISS + _k_x [--ll _u_s_e_r_n_a_m_e] [--kk] [--dd] [--tt] [--pp _p_o_r_t] [--PP] _h_o_s_t + +DDEESSCCRRIIPPTTIIOONN + The kkxx program forwards a X connection from a remote client to a local + screen through an authenticated and encrypted stream. Options supported + by kkxx: + + --ll Log in on remote the host as user _u_s_e_r_n_a_m_e. + + --kk Do not enable keep-alives on the TCP connections. + + --dd Do not fork. This is mainly useful for debugging. + + --tt Listen not only on a UNIX-domain socket but on a TCP socket as + well. + + --pp Use the port _p_o_r_t. + + --PP Force passive mode. + + This program is used by rrxxtteellnneett and rrxxtteerrmm and you should not need to + run it directly. + + It connects to a kkxxdd on the host _h_o_s_t and then will relay the traffic + from the remote X clients to the local server. When started, it prints + the display and Xauthority-file to be used on host _h_o_s_t and then goes to + the background, waiting for connections from the remote kkxxdd.. + +SSEEEE AALLSSOO + rxtelnet(1), rxterm(1), kxd(8) + + KTH-KRB September 27, 1996 1 diff --git a/crypto/heimdal/appl/kx/kx.h b/crypto/heimdal/appl/kx/kx.h new file mode 100644 index 0000000..fdda414 --- /dev/null +++ b/crypto/heimdal/appl/kx/kx.h @@ -0,0 +1,259 @@ +/* + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: kx.h,v 1.38 2000/02/06 05:52:03 assar Exp $ */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif /* HAVE_CONFIG_H */ + +#include <stdio.h> +#include <stdarg.h> +#include <stdlib.h> +#include <string.h> +#include <signal.h> +#include <errno.h> +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif +#ifdef HAVE_GRP_H +#include <grp.h> +#endif +#ifdef HAVE_SYSLOG_H +#include <syslog.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif +#ifdef HAVE_SYS_RESOURCE_H +#include <sys/resource.h> +#endif +#ifdef HAVE_SYS_SELECT_H +#include <sys/select.h> +#endif +#ifdef HAVE_SYS_WAIT_H +#include <sys/wait.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_NETINET_TCP_H +#include <netinet/tcp.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +#ifdef HAVE_SYS_UN_H +#include <sys/un.h> +#endif +#include <X11/X.h> +#include <X11/Xlib.h> +#include <X11/Xauth.h> + +#ifdef HAVE_SYS_STREAM_H +#include <sys/stream.h> +#endif +#ifdef HAVE_SYS_STROPTS_H +#include <sys/stropts.h> +#endif + +/* as far as we know, this is only used with later versions of Slowlaris */ +#if SunOS >= 50 && defined(HAVE_SYS_STROPTS_H) && defined(HAVE_FATTACH) && defined(I_PUSH) +#define MAY_HAVE_X11_PIPES +#endif + +#ifdef SOCKS +#include <socks.h> +/* This doesn't belong here. */ +struct tm *localtime(const time_t *); +struct hostent *gethostbyname(const char *); +#endif + +#ifdef KRB4 +#include <krb.h> +#include <prot.h> +#endif +#ifdef KRB5 +#include <krb5.h> +#endif + +#include <err.h> +#include <getarg.h> +#include <roken.h> + +struct x_socket { + char *pathname; + int fd; + enum { + LISTENP = 0x80, + TCP = LISTENP | 1, + UNIX_SOCKET = LISTENP | 2, + STREAM_PIPE = 3 + } flags; +}; + +extern char x_socket[]; +extern u_int32_t display_num; +extern char display[]; +extern int display_size; +extern char xauthfile[]; +extern int xauthfile_size; +extern u_char cookie[]; +extern size_t cookie_len; + +int get_xsockets (int *number, struct x_socket **sockets, int tcpp); +int chown_xsockets (int n, struct x_socket *sockets, uid_t uid, gid_t gid); + +int connect_local_xsocket (unsigned dnr); +int create_and_write_cookie (char *xauthfile, + size_t size, + u_char *cookie, + size_t sz); +int verify_and_remove_cookies (int fd, int sock, int cookiesp); +int replace_cookie(int xserver, int fd, char *filename, int cookiesp); + +int suspicious_address (int sock, struct sockaddr_in addr); + +#define KX_PORT 2111 + +#define KX_OLD_VERSION "KXSERV.1" +#define KX_VERSION "KXSERV.2" + +#define COOKIE_TYPE "MIT-MAGIC-COOKIE-1" + +enum { INIT = 0, ACK = 1, NEW_CONN = 2, ERROR = 3 }; + +enum kx_flags { PASSIVE = 1, KEEP_ALIVE = 2 }; + +typedef enum kx_flags kx_flags; + +struct kx_context { + int (*authenticate)(struct kx_context *kc, int s); + int (*userok)(struct kx_context *kc, char *user); + ssize_t (*read)(struct kx_context *kc, + int fd, void *buf, size_t len); + ssize_t (*write)(struct kx_context *kc, + int fd, const void *buf, size_t len); + int (*copy_encrypted)(struct kx_context *kc, + int fd1, int fd2); + void (*destroy)(struct kx_context *kc); + const char *host; + const char *user; + int port; + int debug_flag; + int keepalive_flag; + int tcp_flag; + struct sockaddr_in thisaddr, thataddr; + void *data; +}; + +typedef struct kx_context kx_context; + +void +context_set (kx_context *kc, const char *host, const char *user, int port, + int debug_flag, int keepalive_flag, int tcp_flag); + +void +context_destroy (kx_context *kc); + +int +context_authenticate (kx_context *kc, int s); + +int +context_userok (kx_context *kc, char *user); + +ssize_t +kx_read (kx_context *kc, int fd, void *buf, size_t len); + +ssize_t +kx_write (kx_context *kc, int fd, const void *buf, size_t len); + +int +copy_encrypted (kx_context *kc, int fd1, int fd2); + +#ifdef KRB4 + +void +krb4_make_context (kx_context *c); + +int +recv_v4_auth (kx_context *kc, int sock, u_char *buf); + +#endif + +#ifdef KRB5 + +void +krb5_make_context (kx_context *c); + +int +recv_v5_auth (kx_context *kc, int sock, u_char *buf); + +#endif + +void +fatal (kx_context *kc, int fd, char *format, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 3, 4))) +#endif +; + +#ifndef KRB4 + +int +krb_get_int(void *f, u_int32_t *to, int size, int lsb); + +int +krb_put_int(u_int32_t from, void *to, size_t rem, int size); + +#endif diff --git a/crypto/heimdal/appl/kx/kxd.8 b/crypto/heimdal/appl/kx/kxd.8 new file mode 100644 index 0000000..04b7db5 --- /dev/null +++ b/crypto/heimdal/appl/kx/kxd.8 @@ -0,0 +1,53 @@ +.\" $Id: kxd.8,v 1.5 2001/01/11 16:16:26 assar Exp $ +.\" +.Dd September 27, 1996 +.Dt KXD 8 +.Os KTH-KRB +.Sh NAME +.Nm kxd +.Nd +securely forward X conections +.Sh SYNOPSIS +.Ar kxd +.Op Fl t +.Op Fl i +.Op Fl p Ar port +.Sh DESCRIPTION +This is the daemon for +.Nm kx . +.Pp +Options supported by +.Nm kxd : +.Bl -tag -width Ds +.It Fl t +TCP. Normally +.Nm kxd +will only listen for X connections on a UNIX socket, but some machines +(for example, Cray) have X libraries that are not able to use UNIX +sockets and thus you need to use TCP to talk to the pseudo-xserver +created by +.Nm kxd. +This option decreases the security significantly and should only be +used when it is necessary and you have considered the consequences of +doing so. +.It Fl i +Interactive. Do not expect to be started by +.Nm inetd, +but allocate and listen to the socket yourself. Handy for testing +and debugging. +.It Fl p +Port. Listen on the port +.Ar port . +Only usable with +.Fl i . +.El +.Sh EXAMPLES +Put the following in +.Pa /etc/inetd.conf : +.Bd -literal +kx stream tcp nowait root /usr/athena/libexec/kxd kxd +.Ed +.Sh SEE ALSO +.Xr kx 1 , +.Xr rxtelnet 1 , +.Xr rxterm 1 diff --git a/crypto/heimdal/appl/kx/kxd.c b/crypto/heimdal/appl/kx/kxd.c new file mode 100644 index 0000000..65f6165 --- /dev/null +++ b/crypto/heimdal/appl/kx/kxd.c @@ -0,0 +1,754 @@ +/* + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "kx.h" + +RCSID("$Id: kxd.c,v 1.69 2001/02/20 01:44:45 assar Exp $"); + +static pid_t wait_on_pid = -1; +static int done = 0; + +/* + * Signal handler that justs waits for the children when they die. + */ + +static RETSIGTYPE +childhandler (int sig) +{ + pid_t pid; + int status; + + do { + pid = waitpid (-1, &status, WNOHANG|WUNTRACED); + if (pid > 0 && pid == wait_on_pid) + done = 1; + } while(pid > 0); + signal (SIGCHLD, childhandler); + SIGRETURN(0); +} + +/* + * Print the error message `format' and `...' on fd and die. + */ + +void +fatal (kx_context *kc, int fd, char *format, ...) +{ + u_char msg[1024]; + u_char *p; + va_list args; + int len; + + va_start(args, format); + p = msg; + *p++ = ERROR; + vsnprintf ((char *)p + 4, sizeof(msg) - 5, format, args); + syslog (LOG_ERR, "%s", (char *)p + 4); + len = strlen ((char *)p + 4); + p += KRB_PUT_INT (len, p, 4, 4); + p += len; + kx_write (kc, fd, msg, p - msg); + va_end(args); + exit (1); +} + +/* + * Remove all sockets and cookie files. + */ + +static void +cleanup(int nsockets, struct x_socket *sockets) +{ + int i; + + if(xauthfile[0]) + unlink(xauthfile); + for (i = 0; i < nsockets; ++i) { + if (sockets[i].pathname != NULL) { + unlink (sockets[i].pathname); + free (sockets[i].pathname); + } + } +} + +/* + * Prepare to receive a connection on `sock'. + */ + +static int +recv_conn (int sock, kx_context *kc, + int *dispnr, int *nsockets, struct x_socket **sockets, + int tcp_flag) +{ + u_char msg[1024], *p; + char user[256]; + socklen_t addrlen; + struct passwd *passwd; + struct sockaddr_in thisaddr, thataddr; + char remotehost[MaxHostNameLen]; + char remoteaddr[INET6_ADDRSTRLEN]; + int ret = 1; + int flags; + int len; + u_int32_t tmp32; + + addrlen = sizeof(thisaddr); + if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 || + addrlen != sizeof(thisaddr)) { + syslog (LOG_ERR, "getsockname: %m"); + exit (1); + } + addrlen = sizeof(thataddr); + if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 || + addrlen != sizeof(thataddr)) { + syslog (LOG_ERR, "getpeername: %m"); + exit (1); + } + + kc->thisaddr = thisaddr; + kc->thataddr = thataddr; + + getnameinfo_verified ((struct sockaddr *)&thataddr, addrlen, + remotehost, sizeof(remotehost), + NULL, 0, 0); + + if (net_read (sock, msg, 4) != 4) { + syslog (LOG_ERR, "read: %m"); + exit (1); + } + +#ifdef KRB5 + if (ret && recv_v5_auth (kc, sock, msg) == 0) + ret = 0; +#endif +#ifdef KRB4 + if (ret && recv_v4_auth (kc, sock, msg) == 0) + ret = 0; +#endif + if (ret) { + syslog (LOG_ERR, "unrecognized auth protocol: %x %x %x %x", + msg[0], msg[1], msg[2], msg[3]); + exit (1); + } + + len = kx_read (kc, sock, msg, sizeof(msg)); + if (len < 0) { + syslog (LOG_ERR, "kx_read failed"); + exit (1); + } + p = (u_char *)msg; + if (*p != INIT) + fatal(kc, sock, "Bad message"); + p++; + p += krb_get_int (p, &tmp32, 4, 0); + len = min(sizeof(user), tmp32); + memcpy (user, p, len); + p += tmp32; + user[len] = '\0'; + + passwd = k_getpwnam (user); + if (passwd == NULL) + fatal (kc, sock, "cannot find uid for %s", user); + + if (context_userok (kc, user) != 0) + fatal (kc, sock, "%s not allowed to login as %s", + kc->user, user); + + flags = *p++; + + if (flags & PASSIVE) { + pid_t pid; + int tmp; + + tmp = get_xsockets (nsockets, sockets, tcp_flag); + if (tmp < 0) { + fatal (kc, sock, "Cannot create X socket(s): %s", + strerror(errno)); + } + *dispnr = tmp; + + if (chown_xsockets (*nsockets, *sockets, + passwd->pw_uid, passwd->pw_gid)) { + cleanup (*nsockets, *sockets); + fatal (kc, sock, "Cannot chown sockets: %s", + strerror(errno)); + } + + pid = fork(); + if (pid == -1) { + cleanup (*nsockets, *sockets); + fatal (kc, sock, "fork: %s", strerror(errno)); + } else if (pid != 0) { + wait_on_pid = pid; + while (!done) + pause (); + cleanup (*nsockets, *sockets); + exit (0); + } + } + + if (setgid (passwd->pw_gid) || + initgroups(passwd->pw_name, passwd->pw_gid) || +#ifdef HAVE_GETUDBNAM /* XXX this happens on crays */ + setjob(passwd->pw_uid, 0) == -1 || +#endif + setuid(passwd->pw_uid)) { + syslog(LOG_ERR, "setting uid/groups: %m"); + fatal (kc, sock, "cannot set uid"); + } + inet_ntop (thataddr.sin_family, + &thataddr.sin_addr, remoteaddr, sizeof(remoteaddr)); + + syslog (LOG_INFO, "from %s(%s): %s -> %s", + remotehost, remoteaddr, + kc->user, user); + umask(077); + if (!(flags & PASSIVE)) { + p += krb_get_int (p, &tmp32, 4, 0); + len = min(tmp32, display_size); + memcpy (display, p, len); + display[len] = '\0'; + p += tmp32; + p += krb_get_int (p, &tmp32, 4, 0); + len = min(tmp32, xauthfile_size); + memcpy (xauthfile, p, len); + xauthfile[len] = '\0'; + p += tmp32; + } +#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT) + if (flags & KEEP_ALIVE) { + int one = 1; + + setsockopt (sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&one, + sizeof(one)); + } +#endif + return flags; +} + +/* + * + */ + +static int +passive_session (kx_context *kc, int fd, int sock, int cookiesp) +{ + if (verify_and_remove_cookies (fd, sock, cookiesp)) + return 1; + else + return copy_encrypted (kc, fd, sock); +} + +/* + * + */ + +static int +active_session (kx_context *kc, int fd, int sock, int cookiesp) +{ + fd = connect_local_xsocket(0); + + if (replace_cookie (fd, sock, xauthfile, cookiesp)) + return 1; + else + return copy_encrypted (kc, fd, sock); +} + +/* + * Handle a new connection. + */ + +static int +doit_conn (kx_context *kc, + int fd, int meta_sock, int flags, int cookiesp) +{ + int sock, sock2; + struct sockaddr_in addr; + struct sockaddr_in thisaddr; + socklen_t addrlen; + u_char msg[1024], *p; + + sock = socket (AF_INET, SOCK_STREAM, 0); + if (sock < 0) { + syslog (LOG_ERR, "socket: %m"); + return 1; + } +#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT) + { + int one = 1; + setsockopt (sock, IPPROTO_TCP, TCP_NODELAY, (void *)&one, sizeof(one)); + } +#endif +#if defined(SO_KEEPALIVE) && defined(HAVE_SETSOCKOPT) + if (flags & KEEP_ALIVE) { + int one = 1; + + setsockopt (sock, SOL_SOCKET, SO_KEEPALIVE, (void *)&one, + sizeof(one)); + } +#endif + memset (&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + if (bind (sock, (struct sockaddr *)&addr, sizeof(addr)) < 0) { + syslog (LOG_ERR, "bind: %m"); + return 1; + } + addrlen = sizeof(addr); + if (getsockname (sock, (struct sockaddr *)&addr, &addrlen) < 0) { + syslog (LOG_ERR, "getsockname: %m"); + return 1; + } + if (listen (sock, SOMAXCONN) < 0) { + syslog (LOG_ERR, "listen: %m"); + return 1; + } + p = msg; + *p++ = NEW_CONN; + p += KRB_PUT_INT (ntohs(addr.sin_port), p, 4, 4); + + if (kx_write (kc, meta_sock, msg, p - msg) < 0) { + syslog (LOG_ERR, "write: %m"); + return 1; + } + + addrlen = sizeof(thisaddr); + sock2 = accept (sock, (struct sockaddr *)&thisaddr, &addrlen); + if (sock2 < 0) { + syslog (LOG_ERR, "accept: %m"); + return 1; + } + close (sock); + close (meta_sock); + + if (flags & PASSIVE) + return passive_session (kc, fd, sock2, cookiesp); + else + return active_session (kc, fd, sock2, cookiesp); +} + +/* + * Is the current user the owner of the console? + */ + +static void +check_user_console (kx_context *kc, int fd) +{ + struct stat sb; + + if (stat ("/dev/console", &sb) < 0) + fatal (kc, fd, "Cannot stat /dev/console: %s", strerror(errno)); + if (getuid() != sb.st_uid) + fatal (kc, fd, "Permission denied"); +} + +/* close down the new connection with a reasonable error message */ +static void +close_connection(int fd, const char *message) +{ + char buf[264]; /* max message */ + char *p; + int lsb = 0; + size_t mlen; + + mlen = strlen(message); + if(mlen > 255) + mlen = 255; + + /* read first part of connection packet, to get byte order */ + if(read(fd, buf, 6) != 6) { + close(fd); + return; + } + if(buf[0] == 0x6c) + lsb++; + p = buf; + *p++ = 0; /* failed */ + *p++ = mlen; /* length of message */ + p += 4; /* skip protocol version */ + p += 2; /* skip additional length */ + memcpy(p, message, mlen); /* copy message */ + p += mlen; + while((p - buf) % 4) /* pad to multiple of 4 bytes */ + *p++ = 0; + + /* now fill in length of additional data */ + if(lsb) { + buf[6] = (p - buf - 8) / 4; + buf[7] = 0; + }else{ + buf[6] = 0; + buf[7] = (p - buf - 8) / 4; + } + write(fd, buf, p - buf); + close(fd); +} + + +/* + * Handle a passive session on `sock' + */ + +static int +doit_passive (kx_context *kc, + int sock, + int flags, + int dispnr, + int nsockets, + struct x_socket *sockets, + int tcp_flag) +{ + int tmp; + int len; + size_t rem; + u_char msg[1024], *p; + int error; + + display_num = dispnr; + if (tcp_flag) + snprintf (display, display_size, "localhost:%u", display_num); + else + snprintf (display, display_size, ":%u", display_num); + error = create_and_write_cookie (xauthfile, xauthfile_size, + cookie, cookie_len); + if (error) { + cleanup(nsockets, sockets); + fatal (kc, sock, "Cookie-creation failed: %s", strerror(error)); + return 1; + } + + p = msg; + rem = sizeof(msg); + *p++ = ACK; + --rem; + + len = strlen (display); + tmp = KRB_PUT_INT (len, p, rem, 4); + if (tmp < 0 || rem < len + 4) { + syslog (LOG_ERR, "doit: buffer too small"); + cleanup(nsockets, sockets); + return 1; + } + p += tmp; + rem -= tmp; + + memcpy (p, display, len); + p += len; + rem -= len; + + len = strlen (xauthfile); + tmp = KRB_PUT_INT (len, p, rem, 4); + if (tmp < 0 || rem < len + 4) { + syslog (LOG_ERR, "doit: buffer too small"); + cleanup(nsockets, sockets); + return 1; + } + p += tmp; + rem -= tmp; + + memcpy (p, xauthfile, len); + p += len; + rem -= len; + + if(kx_write (kc, sock, msg, p - msg) < 0) { + syslog (LOG_ERR, "write: %m"); + cleanup(nsockets, sockets); + return 1; + } + for (;;) { + pid_t child; + int fd = -1; + fd_set fds; + int i; + int ret; + int cookiesp = TRUE; + + FD_ZERO(&fds); + if (sock >= FD_SETSIZE) { + syslog (LOG_ERR, "fd too large"); + cleanup(nsockets, sockets); + return 1; + } + + FD_SET(sock, &fds); + for (i = 0; i < nsockets; ++i) { + if (sockets[i].fd >= FD_SETSIZE) { + syslog (LOG_ERR, "fd too large"); + cleanup(nsockets, sockets); + return 1; + } + FD_SET(sockets[i].fd, &fds); + } + ret = select(FD_SETSIZE, &fds, NULL, NULL, NULL); + if(ret <= 0) + continue; + if(FD_ISSET(sock, &fds)){ + /* there are no processes left on the remote side + */ + cleanup(nsockets, sockets); + exit(0); + } else if(ret) { + for (i = 0; i < nsockets; ++i) { + if (FD_ISSET(sockets[i].fd, &fds)) { + if (sockets[i].flags == TCP) { + struct sockaddr_in peer; + socklen_t len = sizeof(peer); + + fd = accept (sockets[i].fd, + (struct sockaddr *)&peer, + &len); + if (fd < 0 && errno != EINTR) + syslog (LOG_ERR, "accept: %m"); + + /* XXX */ + if (fd >= 0 && suspicious_address (fd, peer)) { + close (fd); + fd = -1; + errno = EINTR; + } + } else if(sockets[i].flags == UNIX_SOCKET) { + socklen_t zero = 0; + + fd = accept (sockets[i].fd, NULL, &zero); + + if (fd < 0 && errno != EINTR) + syslog (LOG_ERR, "accept: %m"); +#ifdef MAY_HAVE_X11_PIPES + } else if(sockets[i].flags == STREAM_PIPE) { + /* + * this code tries to handle the + * send fd-over-pipe stuff for + * solaris + */ + + struct strrecvfd strrecvfd; + + ret = ioctl (sockets[i].fd, + I_RECVFD, &strrecvfd); + if (ret < 0 && errno != EINTR) { + syslog (LOG_ERR, "ioctl I_RECVFD: %m"); + } + + /* XXX */ + if (ret == 0) { + if (strrecvfd.uid != getuid()) { + close (strrecvfd.fd); + fd = -1; + errno = EINTR; + } else { + fd = strrecvfd.fd; + cookiesp = FALSE; + } + } +#endif /* MAY_HAVE_X11_PIPES */ + } else + abort (); + break; + } + } + } + if (fd < 0) { + if (errno == EINTR) + continue; + else + return 1; + } + + child = fork (); + if (child < 0) { + syslog (LOG_ERR, "fork: %m"); + if(errno != EAGAIN) + return 1; + close_connection(fd, strerror(errno)); + } else if (child == 0) { + for (i = 0; i < nsockets; ++i) + close (sockets[i].fd); + return doit_conn (kc, fd, sock, flags, cookiesp); + } else { + close (fd); + } + } +} + +/* + * Handle an active session on `sock' + */ + +static int +doit_active (kx_context *kc, + int sock, + int flags, + int tcp_flag) +{ + u_char msg[1024], *p; + + check_user_console (kc, sock); + + p = msg; + *p++ = ACK; + + if(kx_write (kc, sock, msg, p - msg) < 0) { + syslog (LOG_ERR, "write: %m"); + return 1; + } + for (;;) { + pid_t child; + int len; + + len = kx_read (kc, sock, msg, sizeof(msg)); + if (len < 0) { + syslog (LOG_ERR, "read: %m"); + return 1; + } + p = (u_char *)msg; + if (*p != NEW_CONN) { + syslog (LOG_ERR, "bad_message: %d", *p); + return 1; + } + + child = fork (); + if (child < 0) { + syslog (LOG_ERR, "fork: %m"); + if (errno != EAGAIN) + return 1; + } else if (child == 0) { + return doit_conn (kc, sock, sock, flags, 1); + } else { + } + } +} + +/* + * Receive a connection on `sock' and process it. + */ + +static int +doit(int sock, int tcp_flag) +{ + int ret; + kx_context context; + int dispnr; + int nsockets; + struct x_socket *sockets; + int flags; + + flags = recv_conn (sock, &context, &dispnr, &nsockets, &sockets, tcp_flag); + + if (flags & PASSIVE) + ret = doit_passive (&context, sock, flags, dispnr, + nsockets, sockets, tcp_flag); + else + ret = doit_active (&context, sock, flags, tcp_flag); + context_destroy (&context); + return ret; +} + +static char *port_str = NULL; +static int inetd_flag = 1; +static int tcp_flag = 0; +static int version_flag = 0; +static int help_flag = 0; + +struct getargs args[] = { + { "inetd", 'i', arg_negative_flag, &inetd_flag, + "Not started from inetd" }, + { "tcp", 't', arg_flag, &tcp_flag, "Use TCP" }, + { "port", 'p', arg_string, &port_str, "Use this port", + "port" }, + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; + +static void +usage(int ret) +{ + arg_printusage (args, + sizeof(args) / sizeof(args[0]), + NULL, + "host"); + exit (ret); +} + +/* + * kxd - receive a forwarded X conncection + */ + +int +main (int argc, char **argv) +{ + int port; + int optind = 0; + + setprogname (argv[0]); + roken_openlog ("kxd", LOG_ODELAY | LOG_PID, LOG_DAEMON); + + if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, + &optind)) + usage (1); + + if (help_flag) + usage (0); + + if (version_flag) { + print_version (NULL); + return 0; + } + + if(port_str) { + struct servent *s = roken_getservbyname (port_str, "tcp"); + + if (s) + port = s->s_port; + else { + char *ptr; + + port = strtol (port_str, &ptr, 10); + if (port == 0 && ptr == port_str) + errx (1, "bad port `%s'", port_str); + port = htons(port); + } + } else { +#if defined(KRB5) + port = krb5_getportbyname(NULL, "kx", "tcp", KX_PORT); +#elif defined(KRB4) + port = k_getportbyname ("kx", "tcp", htons(KX_PORT)); +#else +#error define KRB4 or KRB5 +#endif + } + + if (!inetd_flag) + mini_inetd (port); + + signal (SIGCHLD, childhandler); + return doit(STDIN_FILENO, tcp_flag); +} diff --git a/crypto/heimdal/appl/kx/kxd.cat8 b/crypto/heimdal/appl/kx/kxd.cat8 new file mode 100644 index 0000000..e033cee --- /dev/null +++ b/crypto/heimdal/appl/kx/kxd.cat8 @@ -0,0 +1,37 @@ + +KXD(8) UNIX System Manager's Manual KXD(8) + +NNAAMMEE + kkxxdd - securely forward X conections + +SSYYNNOOPPSSIISS + _k_x_d [--tt] [--ii] [--pp _p_o_r_t] + +DDEESSCCRRIIPPTTIIOONN + This is the daemon for kkxx. + + Options supported by kkxxdd: + + --tt TCP. Normally kkxxdd will only listen for X connections on a UNIX + socket, but some machines (for example, Cray) have X libraries + that are not able to use UNIX sockets and thus you need to use + TCP to talk to the pseudo-xserver created by kkxxdd.. This option de- + creases the security significantly and should only be used when + it is necessary and you have considered the consequences of doing + so. + + --ii Interactive. Do not expect to be started by iinneettdd,, but allocate + and listen to the socket yourself. Handy for testing and debug- + ging. + + --pp Port. Listen on the port _p_o_r_t. Only usable with --ii. + +EEXXAAMMPPLLEESS + Put the following in _/_e_t_c_/_i_n_e_t_d_._c_o_n_f: + + kx stream tcp nowait root /usr/athena/libexec/kxd kxd + +SSEEEE AALLSSOO + kx(1), rxtelnet(1), rxterm(1) + + KTH-KRB September 27, 1996 1 diff --git a/crypto/heimdal/appl/kx/rxtelnet.1 b/crypto/heimdal/appl/kx/rxtelnet.1 new file mode 100644 index 0000000..7c37a7a --- /dev/null +++ b/crypto/heimdal/appl/kx/rxtelnet.1 @@ -0,0 +1,80 @@ +.\" $Id: rxtelnet.1,v 1.6 2001/01/11 16:16:26 assar Exp $ +.\" +.Dd September 27, 1996 +.Dt RXTELNET 1 +.Os KTH_KRB +.Sh NAME +.Nm rxtelnet +.Nd +start a telnet and forward X-connections. +.Sh SYNOPSIS +.Nm rxtelnet +.Op Fl l Ar username +.Op Fl k +.Op Fl t Ar telnet_args +.Op Fl x Ar xterm_args +.Op Fl w Ar term_emulator +.Op Fl n +.Ar host +.Op Ar port +.Sh DESCRIPTION +The +.Nm +program starts a +.Nm xterm +window with a telnet to host +.Ar host . +From this window you will also be able to run X clients that will be +able to connect securily to your X server. If +.Ar port +is given, that port will be used instead of the default. +.Pp +The supported options are: +.Bl -tag -width Ds +.It Fl l +Log in on the remote host as user +.Ar username +.It Fl k +Disables keep-alives +.It Fl t +Send +.Ar telnet_args +as arguments to +.Nm telnet +.It Fl x +Send +.Ar xterm_args +as arguments to +.Nm xterm +.It Fl w +Use +.Ar term_emulator +instead of xterm. +.It Fl n +Do not start any terminal emulator. +.El +.Sh EXAMPLE +To login from host +.Va foo +(where your display is) +to host +.Va bar , +you might do the following. +.Bl -enum +.It +On foo: +.Nm +.Va bar +.It +You will get a new window with a +.Nm telnet +to +.Va bar . +In this window you will be able to start X clients. +.El +.Sh SEE ALSO +.Xr rxterm 1 , +.Xr tenletxr 1 , +.Xr kx 1 , +.Xr kxd 8 , +.Xr telnet 1 diff --git a/crypto/heimdal/appl/kx/rxtelnet.cat1 b/crypto/heimdal/appl/kx/rxtelnet.cat1 new file mode 100644 index 0000000..ad3f420 --- /dev/null +++ b/crypto/heimdal/appl/kx/rxtelnet.cat1 @@ -0,0 +1,43 @@ + +RXTELNET(1) UNIX Reference Manual RXTELNET(1) + +NNAAMMEE + rrxxtteellnneett - start a telnet and forward X-connections. + +SSYYNNOOPPSSIISS + rrxxtteellnneett [--ll _u_s_e_r_n_a_m_e] [--kk] [--tt _t_e_l_n_e_t___a_r_g_s] [--xx _x_t_e_r_m___a_r_g_s] [--ww + _t_e_r_m___e_m_u_l_a_t_o_r] [--nn] _h_o_s_t [_p_o_r_t] + +DDEESSCCRRIIPPTTIIOONN + The rrxxtteellnneett program starts a xxtteerrmm window with a telnet to host _h_o_s_t. + From this window you will also be able to run X clients that will be able + to connect securily to your X server. If _p_o_r_t is given, that port will be + used instead of the default. + + The supported options are: + + --ll Log in on the remote host as user _u_s_e_r_n_a_m_e + + --kk Disables keep-alives + + --tt Send _t_e_l_n_e_t___a_r_g_s as arguments to tteellnneett + + --xx Send _x_t_e_r_m___a_r_g_s as arguments to xxtteerrmm + + --ww Use _t_e_r_m___e_m_u_l_a_t_o_r instead of xterm. + + --nn Do not start any terminal emulator. + +EEXXAAMMPPLLEE + To login from host _f_o_o (where your display is) to host _b_a_r, you might do + the following. + + 1. On foo: rrxxtteellnneett _b_a_r + + 2. You will get a new window with a tteellnneett to _b_a_r. In this window you + will be able to start X clients. + +SSEEEE AALLSSOO + rxterm(1), tenletxr(1), kx(1), kxd(8), telnet(1) + + KTH_KRB September 27, 1996 1 diff --git a/crypto/heimdal/appl/kx/rxtelnet.in b/crypto/heimdal/appl/kx/rxtelnet.in new file mode 100644 index 0000000..233f10b --- /dev/null +++ b/crypto/heimdal/appl/kx/rxtelnet.in @@ -0,0 +1,63 @@ +#!/bin/sh +# $Id: rxtelnet.in,v 1.26 1999/02/04 21:19:50 assar Exp $ +# +usage="Usage: $0 [-l username] [-k] [-t args_to_telnet] [-x args_to_xterm] [-w term_emulator] [-n] [-v] [-h | --help] [--version] host [port]" +term= +kx_args=-P +while true +do + case $1 in + -l) telnet_args="${telnet_args} -l $2 "; kx_args="${kx_args} -l $2"; title="${2}@"; shift 2;; + -t) telnet_args="${telnet_args} $2 "; shift 2;; + -x) xterm_args="${xterm_args} $2 "; shift 2;; + -k) kx_args="${kx_args} -k"; shift;; + -n) term=none; shift;; + -w) term=$2; shift 2;; + --version) echo "$0: %PACKAGE% %VERSION%"; exit 0;; + -h) echo $usage; exit 0;; + --help) echo $usage; exit 0;; + -v) set -x; verb=1; shift;; + -*) echo "$0: Bad option $1"; echo $usage; exit 1;; + *) break;; + esac +done +if test $# -lt 1; then + echo $usage + exit 1 +fi +host=$1 +port=$2 +title="${title}${host}" +bindir=%bindir% +pdc_trams=`dirname $0` +PATH=$pdc_trams:$bindir:$PATH +export PATH +set -- `kx $kx_args $host` +if test $# -ne 3; then + exit 1 +fi +screen=`echo $DISPLAY | sed -ne 's/[^:]*:[0-9]*\(\.[0-9]*\)/\1/p'` +pid=$1 +disp=${2}${screen} +auth=$3 +oldifs=$IFS +IFS=: +set -- $PATH +IFS=$oldifs +if test -z "$term"; then + for j in xterm dtterm aixterm dxterm hpterm; do + for i in $*; do + test -n "$i" || i="." + if test -x $i/$j; then + term=$j; break 2 + fi + done + done +fi +test "$verb" && echo "Telnet command used is `type telnet`." +if test -n "$term" -a "$term" != "none"; then + ($term -title $title -n $title $xterm_args -e env DISPLAY=$disp XAUTHORITY=$auth telnet -D $telnet_args $host $port; kill -USR2 $pid) & +else + env DISPLAY=$disp XAUTHORITY=$auth telnet -D $telnet_args $host $port + kill -USR2 $pid +fi diff --git a/crypto/heimdal/appl/kx/rxterm.1 b/crypto/heimdal/appl/kx/rxterm.1 new file mode 100644 index 0000000..e8dd0c8 --- /dev/null +++ b/crypto/heimdal/appl/kx/rxterm.1 @@ -0,0 +1,77 @@ +.\" $Id: rxterm.1,v 1.4 1997/06/03 00:58:23 assar Exp $ +.\" +.Dd September 27, 1996 +.Dt RXTERM 1 +.Os KTH_KRB +.Sh NAME +.Nm rxterm +.Nd +start a secure remote xterm +.Sh SYNOPSIS +.Nm rxterm +.Op Fl l Ar username +.Op Fl k +.Op Fl r Ar rsh_args +.Op Fl x Ar xterm_args +.Op Fl w Ar term_emulator +.Ar host +.Op Ar port +.Sh DESCRIPTION +The +.Nm +program starts a +.Nm xterm +window on host +.Ar host . +From this window you will also be able to run X clients that will be +able to connect securily to your X server. If +.Ar port +is given, that port will be used instead of the default. +.Pp +The supported options are: +.Bl -tag -width Ds +.It Fl l +Log in on the remote host as user +.Ar username +.It Fl k +Disable keep-alives +.It Fl r +Send +.Ar rsh_args +as arguments to +.Nm rsh +.It Fl x +Send +.Ar xterm_args +as arguments to +.Nm xterm +.It Fl w +Use +.Ar term_emulator +instead of xterm. +.El +.Sh EXAMPLE +To login from host +.Va foo +(where your display is) +to host +.Va bar , +you might do the following. +.Bl -enum +.It +On foo: +.Nm +.Va bar +.It +You will get a new window running an +.Nm xterm +on host +.Va bar . +In this window you will be able to start X clients. +.El +.Sh SEE ALSO +.Xr rxtelnet 1 , +.Xr tenletxr 1 , +.Xr kx 1 , +.Xr kxd 8 , +.Xr rsh 1 diff --git a/crypto/heimdal/appl/kx/rxterm.cat1 b/crypto/heimdal/appl/kx/rxterm.cat1 new file mode 100644 index 0000000..56eec66 --- /dev/null +++ b/crypto/heimdal/appl/kx/rxterm.cat1 @@ -0,0 +1,41 @@ + +RXTERM(1) UNIX Reference Manual RXTERM(1) + +NNAAMMEE + rrxxtteerrmm - start a secure remote xterm + +SSYYNNOOPPSSIISS + rrxxtteerrmm [--ll _u_s_e_r_n_a_m_e] [--kk] [--rr _r_s_h___a_r_g_s] [--xx _x_t_e_r_m___a_r_g_s] [--ww + _t_e_r_m___e_m_u_l_a_t_o_r] _h_o_s_t [_p_o_r_t] + +DDEESSCCRRIIPPTTIIOONN + The rrxxtteerrmm program starts a xxtteerrmm window on host _h_o_s_t. From this window + you will also be able to run X clients that will be able to connect se- + curily to your X server. If _p_o_r_t is given, that port will be used instead + of the default. + + The supported options are: + + --ll Log in on the remote host as user _u_s_e_r_n_a_m_e + + --kk Disable keep-alives + + --rr Send _r_s_h___a_r_g_s as arguments to rrsshh + + --xx Send _x_t_e_r_m___a_r_g_s as arguments to xxtteerrmm + + --ww Use _t_e_r_m___e_m_u_l_a_t_o_r instead of xterm. + +EEXXAAMMPPLLEE + To login from host _f_o_o (where your display is) to host _b_a_r, you might do + the following. + + 1. On foo: rrxxtteerrmm _b_a_r + + 2. You will get a new window running an xxtteerrmm on host _b_a_r. In this win- + dow you will be able to start X clients. + +SSEEEE AALLSSOO + rxtelnet(1), tenletxr(1), kx(1), kxd(8), rsh(1) + + KTH_KRB September 27, 1996 1 diff --git a/crypto/heimdal/appl/kx/rxterm.in b/crypto/heimdal/appl/kx/rxterm.in new file mode 100644 index 0000000..dab3645 --- /dev/null +++ b/crypto/heimdal/appl/kx/rxterm.in @@ -0,0 +1,41 @@ +#!/bin/sh +# $Id: rxterm.in,v 1.20 1999/02/04 09:29:49 assar Exp $ +# +usage="Usage: $0 [-l username] [-k] [-r rsh_args] [-x xterm_args] [-w term_emulator] [-v] [-h | --help] [--version] host" +term=xterm +while true +do + case $1 in + -l) rsh_args="${rsh_args} -l $2 "; kx_args="${kx_args} -l $2"; title="${2}@"; shift 2;; + -r) rsh_args="${rsh_args} $2 "; shift 2;; + -x) xterm_args="${xterm_args} $2 "; shift 2;; + -k) kx_args="${kx_args} -k"; shift;; + -w) term=$2; shift 2;; + --version) echo "$0: %PACKAGE% %VERSION%"; exit 0;; + -h) echo $usage; exit 0;; + --help) echo $usage; exit 0;; + -v) set -x; shift;; + -*) echo "$0: Bad option $1"; echo $usage; exit 1;; + *) break;; + esac +done +if test $# -lt 1; then + echo "Usage: $0 host [arguments to $term]" + exit 1 +fi +host=$1 +title="${title}${host}" +bindir=%bindir% +pdc_trams=`dirname $0` +PATH=$pdc_trams:$bindir:$PATH +export PATH +set -- `kx $kx_args $host` +if test $# -ne 3; then + exit 1 +fi +screen=`echo $DISPLAY | sed -ne 's/[^:]*:[0-9]*\(\.[0-9]*\)/\1/p'` +pid=$1 +disp=${2}${screen} +auth=$3 +kill -USR1 $pid +rsh -n $rsh_args $host "/bin/sh -c 'DISPLAY=$disp XAUTHORITY=$auth $term -T $title -n $title $xterm_args </dev/null >/dev/null 2>/dev/null &'" diff --git a/crypto/heimdal/appl/kx/tenletxr.1 b/crypto/heimdal/appl/kx/tenletxr.1 new file mode 100644 index 0000000..ae7c858 --- /dev/null +++ b/crypto/heimdal/appl/kx/tenletxr.1 @@ -0,0 +1,61 @@ +.\" $Id: tenletxr.1,v 1.2 1997/03/31 03:43:33 assar Exp $ +.\" +.Dd March 31, 1997 +.Dt TENLETXR 1 +.Os KTH_KRB +.Sh NAME +.Nm tenletxr +.Nd +forward X-connections backwards. +.Sh SYNOPSIS +.Nm tenletxr +.Op Fl l Ar username +.Op Fl k +.Ar host +.Op Ar port +.Sh DESCRIPTION +The +.Nm +program +enables forwarding of X-connections from this machine to host +.Ar host . +If +.Ar port +is given, that port will be used instead of the default. +.Pp +The supported options are: +.Bl -tag -width Ds +.It Fl l +Log in on the remote host as user +.Ar username +.It Fl k +Disables keep-alives. +.El +.Sh EXAMPLE +To login from host +.Va foo +to host +.Va bar +(where your display is), +you might do the following. +.Bl -enum +.It +On foo: +.Nm +.Va bar +.It +You will get a new shell where you will be able to start X clients +that will show their windows on +.Va bar . +.El +.Sh BUGS +It currently checks if you have permission to run it by checking if +you own +.Pa /dev/console +on the remote host. +.Sh SEE ALSO +.Xr rxtelnet 1 , +.Xr rxterm 1 , +.Xr kx 1 , +.Xr kxd 8 , +.Xr telnet 1 diff --git a/crypto/heimdal/appl/kx/tenletxr.cat1 b/crypto/heimdal/appl/kx/tenletxr.cat1 new file mode 100644 index 0000000..c1714e7 --- /dev/null +++ b/crypto/heimdal/appl/kx/tenletxr.cat1 @@ -0,0 +1,37 @@ + +TENLETXR(1) UNIX Reference Manual TENLETXR(1) + +NNAAMMEE + tteennlleettxxrr - forward X-connections backwards. + +SSYYNNOOPPSSIISS + tteennlleettxxrr [--ll _u_s_e_r_n_a_m_e] [--kk] _h_o_s_t [_p_o_r_t] + +DDEESSCCRRIIPPTTIIOONN + The tteennlleettxxrr program enables forwarding of X-connections from this ma- + chine to host _h_o_s_t. If _p_o_r_t is given, that port will be used instead of + the default. + + The supported options are: + + --ll Log in on the remote host as user _u_s_e_r_n_a_m_e + + --kk Disables keep-alives. + +EEXXAAMMPPLLEE + To login from host _f_o_o to host _b_a_r (where your display is), you might do + the following. + + 1. On foo: tteennlleettxxrr _b_a_r + + 2. You will get a new shell where you will be able to start X clients + that will show their windows on _b_a_r. + +BBUUGGSS + It currently checks if you have permission to run it by checking if you + own _/_d_e_v_/_c_o_n_s_o_l_e on the remote host. + +SSEEEE AALLSSOO + rxtelnet(1), rxterm(1), kx(1), kxd(8), telnet(1) + + KTH_KRB March 31, 1997 1 diff --git a/crypto/heimdal/appl/kx/tenletxr.in b/crypto/heimdal/appl/kx/tenletxr.in new file mode 100644 index 0000000..5c05dc9 --- /dev/null +++ b/crypto/heimdal/appl/kx/tenletxr.in @@ -0,0 +1,37 @@ +#!/bin/sh +# $Id: tenletxr.in,v 1.3 1999/02/04 09:29:59 assar Exp $ +# +usage="Usage: $0 [-l username] [-k] [-v] [-h | --help] [--version] host [port]" +while true +do + case $1 in + -l) kx_args="${kx_args} -l $2"; shift 2;; + -k) kx_args="${kx_args} -k"; shift;; + --version) echo "$0: %PACKAGE% %VERSION%"; exit 0;; + -h) echo $usage; exit 0;; + --help) echo $usage; exit 0;; + -v) set -x; shift;; + -*) echo "$0: Bad option $1"; echo $usage; exit 1;; + *) break;; + esac +done +if test $# -lt 1; then + echo $usage + exit 1 +fi +host=$1 +port=$2 +bindir=%bindir% +pdc_trams=`dirname $0` +PATH=$pdc_trams:$bindir:$PATH +export PATH +set -- `kx $kx_args $host` +if test $# -ne 3; then + exit 1 +fi +screen=`echo $DISPLAY | sed -ne 's/[^:]*:[0-9]*\(\.[0-9]*\)/\1/p'` +pid=$1 +disp=${2}${screen} +auth=$3 +env DISPLAY=$disp XAUTHORITY=$auth $SHELL +kill -USR2 $pid diff --git a/crypto/heimdal/appl/kx/writeauth.c b/crypto/heimdal/appl/kx/writeauth.c new file mode 100644 index 0000000..11dc72d --- /dev/null +++ b/crypto/heimdal/appl/kx/writeauth.c @@ -0,0 +1,73 @@ +/* $XConsortium: AuWrite.c,v 1.6 94/04/17 20:15:45 gildea Exp $ */ + +/* + +Copyright (c) 1988 X Consortium + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN +CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +Except as contained in this notice, the name of the X Consortium shall not be +used in advertising or otherwise to promote the sale, use or other dealings +in this Software without prior written authorization from the X Consortium. + +*/ + +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: writeauth.c,v 1.4 1999/05/12 17:59:44 assar Exp $"); +#endif + +#include <X11/Xauth.h> + +static int +write_short (unsigned short s, FILE *file) +{ + unsigned char file_short[2]; + + file_short[0] = (s & (unsigned)0xff00) >> 8; + file_short[1] = s & 0xff; + if (fwrite (file_short, sizeof (file_short), 1, file) != 1) + return 0; + return 1; +} + +static int +write_counted_string (unsigned short count, char *string, FILE *file) +{ + if (write_short (count, file) == 0) + return 0; + if (fwrite (string, (int) sizeof (char), (int) count, file) != count) + return 0; + return 1; +} + +int +XauWriteAuth (FILE *auth_file, Xauth *auth) +{ + if (write_short (auth->family, auth_file) == 0) + return 0; + if (write_counted_string (auth->address_length, auth->address, auth_file) == 0) + return 0; + if (write_counted_string (auth->number_length, auth->number, auth_file) == 0) + return 0; + if (write_counted_string (auth->name_length, auth->name, auth_file) == 0) + return 0; + if (write_counted_string (auth->data_length, auth->data, auth_file) == 0) + return 0; + return 1; +} diff --git a/crypto/heimdal/appl/login/ChangeLog b/crypto/heimdal/appl/login/ChangeLog index fc9f7554..15d01be 100644 --- a/crypto/heimdal/appl/login/ChangeLog +++ b/crypto/heimdal/appl/login/ChangeLog @@ -1,3 +1,8 @@ +2001-02-08 Assar Westerlund <assar@sics.se> + + * utmp_login.c, utmpx_login.c: try to write a useful string as + host in utmp, using the same algoritm as telnetd + 2001-01-29 Assar Westerlund <assar@sics.se> * login.c: remove some krb5_free_context that might happen at diff --git a/crypto/heimdal/appl/login/Makefile.in b/crypto/heimdal/appl/login/Makefile.in index ba353de..64f94b3 100644 --- a/crypto/heimdal/appl/login/Makefile.in +++ b/crypto/heimdal/appl/login/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -119,7 +120,7 @@ install_sh = @install_sh@ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) bin_PROGRAMS = login @@ -260,7 +263,7 @@ OBJECTS = $(am_login_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/login/Makefile @@ -352,6 +355,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/appl/login/login.c b/crypto/heimdal/appl/login/login.c index 2ada921..7cd405b 100644 --- a/crypto/heimdal/appl/login/login.c +++ b/crypto/heimdal/appl/login/login.c @@ -39,7 +39,7 @@ #include <sys/capability.h> #endif -RCSID("$Id: login.c,v 1.46 2001/01/29 02:18:03 assar Exp $"); +RCSID("$Id: login.c,v 1.47 2001/02/20 01:44:45 assar Exp $"); static int login_timeout = 60; @@ -650,7 +650,7 @@ main(int argc, char **argv) int ask = 1; struct sigaction sa; - set_progname(argv[0]); + setprogname(argv[0]); #ifdef KRB5 { diff --git a/crypto/heimdal/appl/login/login_protos.h b/crypto/heimdal/appl/login/login_protos.h index e19a598..4bb8207 100644 --- a/crypto/heimdal/appl/login/login_protos.h +++ b/crypto/heimdal/appl/login/login_protos.h @@ -64,6 +64,12 @@ read_string __P(( int echo)); void +shrink_hostname __P(( + const char *hostname, + char *dst, + size_t dst_sz)); + +void stty_default __P((void)); void diff --git a/crypto/heimdal/appl/login/osfc2.c b/crypto/heimdal/appl/login/osfc2.c index 5d4d087..056484c 100644 --- a/crypto/heimdal/appl/login/osfc2.c +++ b/crypto/heimdal/appl/login/osfc2.c @@ -32,7 +32,7 @@ */ #include "login_locl.h" -RCSID("$Id: osfc2.c,v 1.3 1999/12/02 17:04:56 joda Exp $"); +RCSID("$Id: osfc2.c,v 1.4 2001/02/20 01:44:46 assar Exp $"); int do_osfc2_magic(uid_t uid) @@ -42,7 +42,7 @@ do_osfc2_magic(uid_t uid) char *argv[2]; /* fake */ - argv[0] = (char*)__progname; + argv[0] = (char*)getprogname(); argv[1] = NULL; set_auth_parameters(1, argv); diff --git a/crypto/heimdal/appl/login/utmp_login.c b/crypto/heimdal/appl/login/utmp_login.c index b584326b..0be6cdb 100644 --- a/crypto/heimdal/appl/login/utmp_login.c +++ b/crypto/heimdal/appl/login/utmp_login.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2001 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,49 @@ #include "login_locl.h" -RCSID("$Id: utmp_login.c,v 1.17 1999/12/02 17:04:56 joda Exp $"); +RCSID("$Id: utmp_login.c,v 1.18 2001/02/08 16:08:26 assar Exp $"); + +/* try to put something useful from hostname into dst, dst_sz: + * full name, first component or address */ + +void +shrink_hostname (const char *hostname, + char *dst, size_t dst_sz) +{ + char local_hostname[MaxHostNameLen]; + char *ld, *hd; + int ret; + struct addrinfo *ai; + + if (strlen(hostname) < dst_sz) { + strlcpy (dst, hostname, dst_sz); + return; + } + gethostname (local_hostname, sizeof(local_hostname)); + hd = strchr (hostname, '.'); + ld = strchr (local_hostname, '.'); + if (hd != NULL && ld != NULL && strcmp(hd, ld) == 0 + && hd - hostname < dst_sz) { + strlcpy (dst, hostname, dst_sz); + dst[hd - hostname] = '\0'; + return; + } + + ret = getaddrinfo (hostname, NULL, NULL, &ai); + if (ret) { + strncpy (dst, hostname, dst_sz); + return; + } + ret = getnameinfo (ai->ai_addr, ai->ai_addrlen, + dst, dst_sz, + NULL, 0, + NI_NUMERICHOST); + freeaddrinfo (ai); + if (ret) { + strncpy (dst, hostname, dst_sz); + return; + } +} void prepare_utmp (struct utmp *utmp, char *tty, @@ -60,7 +102,7 @@ prepare_utmp (struct utmp *utmp, char *tty, # endif # ifdef HAVE_STRUCT_UTMP_UT_HOST - strncpy(utmp->ut_host, hostname, sizeof(utmp->ut_host)); + shrink_hostname (hostname, utmp->ut_host, sizeof(utmp->ut_host)); # endif # ifdef HAVE_STRUCT_UTMP_UT_TYPE diff --git a/crypto/heimdal/appl/login/utmpx_login.c b/crypto/heimdal/appl/login/utmpx_login.c index 745d64c..46d7f15 100644 --- a/crypto/heimdal/appl/login/utmpx_login.c +++ b/crypto/heimdal/appl/login/utmpx_login.c @@ -2,7 +2,7 @@ #include "login_locl.h" -RCSID("$Id: utmpx_login.c,v 1.24 1999/08/04 17:03:15 assar Exp $"); +RCSID("$Id: utmpx_login.c,v 1.25 2001/02/08 16:08:47 assar Exp $"); /* utmpx_login - update utmp and wtmp after login */ @@ -21,7 +21,7 @@ utmpx_update(struct utmpx *ut, char *line, const char *user, const char *host) strncpy(ut->ut_id, make_id(clean_tty), sizeof(ut->ut_id)); #endif strncpy(ut->ut_user, user, sizeof(ut->ut_user)); - strncpy(ut->ut_host, host, sizeof(ut->ut_host)); + shrink_hostname (host, ut->ut_host, sizeof(ut->ut_host)); #ifdef HAVE_STRUCT_UTMPX_UT_SYSLEN ut->ut_syslen = strlen(host) + 1; if (ut->ut_syslen > sizeof(ut->ut_host)) diff --git a/crypto/heimdal/appl/otp/ChangeLog b/crypto/heimdal/appl/otp/ChangeLog new file mode 100644 index 0000000..cffff9e --- /dev/null +++ b/crypto/heimdal/appl/otp/ChangeLog @@ -0,0 +1,40 @@ +2000-11-29 Johan Danielsson <joda@pdc.kth.se> + + * otpprint.1: sort parameters and close a list + + * otp.1: sort parameters and close a list + +1999-09-14 Assar Westerlund <assar@sics.se> + + * otp.c (verify_user_otp): check return value from + des_read_pw_string + +Thu Apr 1 16:51:07 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * otpprint.c: use getarg + + * otp.c: use getarg + +Thu Mar 18 12:08:58 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * Makefile.am: include Makefile.am.common + +Thu Mar 4 19:45:40 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * Makefile.am: DESTDIR + +Sat Feb 27 19:44:25 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * Makefile.am: add + +Sun Nov 22 10:32:50 1998 Assar Westerlund <assar@sics.se> + + * otpprint.c: more braces + + * Makefile.in (WFLAGS): set + +Sun Dec 21 09:31:30 1997 Assar Westerlund <assar@sics.se> + + * otp.c (renew): don't set the OTP if the reading of the string + fails. + diff --git a/crypto/heimdal/appl/otp/Makefile.am b/crypto/heimdal/appl/otp/Makefile.am new file mode 100644 index 0000000..0597a73 --- /dev/null +++ b/crypto/heimdal/appl/otp/Makefile.am @@ -0,0 +1,16 @@ +# $Id: Makefile.am,v 1.9 2000/11/15 22:51:09 assar Exp $ + +include $(top_srcdir)/Makefile.am.common + +bin_PROGRAMS = otp otpprint +bin_SUIDS = otp +otp_SOURCES = otp.c otp_locl.h +otpprint_SOURCES = otpprint.c otp_locl.h + +man_MANS = otp.1 otpprint.1 + +LDADD = \ + $(top_builddir)/lib/otp/libotp.la \ + $(LIB_des) \ + $(LIB_roken) \ + $(DBLIB) diff --git a/crypto/heimdal/appl/otp/Makefile.in b/crypto/heimdal/appl/otp/Makefile.in new file mode 100644 index 0000000..7c576b8 --- /dev/null +++ b/crypto/heimdal/appl/otp/Makefile.in @@ -0,0 +1,628 @@ +# Makefile.in generated automatically by automake 1.4b from Makefile.am + +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +SHELL = @SHELL@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +datadir = @datadir@ +sysconfdir = @sysconfdir@ +sharedstatedir = @sharedstatedir@ +localstatedir = @localstatedir@ +libdir = @libdir@ +infodir = @infodir@ +mandir = @mandir@ +includedir = @includedir@ +oldincludedir = /usr/include + +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ + +top_builddir = ../.. + +ACLOCAL = @ACLOCAL@ +AUTOCONF = @AUTOCONF@ +AUTOMAKE = @AUTOMAKE@ +AUTOHEADER = @AUTOHEADER@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_FLAG = +transform = @program_transform_name@ + +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : + +@SET_MAKE@ +host_alias = @host_alias@ +host_triplet = @host@ +AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ +AMDEP = @AMDEP@ +AMTAR = @AMTAR@ +AS = @AS@ +AWK = @AWK@ +CANONICAL_HOST = @CANONICAL_HOST@ +CATMAN = @CATMAN@ +CATMANEXT = @CATMANEXT@ +CC = @CC@ +CPP = @CPP@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +DBLIB = @DBLIB@ +DEPDIR = @DEPDIR@ +DIR_des = @DIR_des@ +DIR_roken = @DIR_roken@ +DLLTOOL = @DLLTOOL@ +EXEEXT = @EXEEXT@ +EXTRA_LIB45 = @EXTRA_LIB45@ +GROFF = @GROFF@ +INCLUDES_roken = @INCLUDES_roken@ +INCLUDE_ = @INCLUDE_@ +LEX = @LEX@ +LIBOBJS = @LIBOBJS@ +LIBTOOL = @LIBTOOL@ +LIB_ = @LIB_@ +LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_des = @LIB_des@ +LIB_des_appl = @LIB_des_appl@ +LIB_kdb = @LIB_kdb@ +LIB_otp = @LIB_otp@ +LIB_roken = @LIB_roken@ +LIB_security = @LIB_security@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ +NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ +NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +RANLIB = @RANLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ +WFLAGS = @WFLAGS@ +WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ +WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +YACC = @YACC@ +dpagaix_CFLAGS = @dpagaix_CFLAGS@ +dpagaix_LDADD = @dpagaix_LDADD@ +install_sh = @install_sh@ + +# $Id: Makefile.am,v 1.9 2000/11/15 22:51:09 assar Exp $ + + +# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ + + +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ + + +AUTOMAKE_OPTIONS = foreign no-dependencies + +SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x + +INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) + +AM_CFLAGS = $(WFLAGS) + +CP = cp + +COMPILE_ET = $(top_builddir)/lib/com_err/compile_et + +buildinclude = $(top_builddir)/include + +LIB_XauReadAuth = @LIB_XauReadAuth@ +LIB_crypt = @LIB_crypt@ +LIB_dbm_firstkey = @LIB_dbm_firstkey@ +LIB_dbopen = @LIB_dbopen@ +LIB_dlopen = @LIB_dlopen@ +LIB_dn_expand = @LIB_dn_expand@ +LIB_el_init = @LIB_el_init@ +LIB_getattr = @LIB_getattr@ +LIB_gethostbyname = @LIB_gethostbyname@ +LIB_getpwent_r = @LIB_getpwent_r@ +LIB_getpwnam_r = @LIB_getpwnam_r@ +LIB_getsockopt = @LIB_getsockopt@ +LIB_logout = @LIB_logout@ +LIB_logwtmp = @LIB_logwtmp@ +LIB_odm_initialize = @LIB_odm_initialize@ +LIB_pidfile = @LIB_pidfile@ +LIB_readline = @LIB_readline@ +LIB_res_search = @LIB_res_search@ +LIB_setpcred = @LIB_setpcred@ +LIB_setsockopt = @LIB_setsockopt@ +LIB_socket = @LIB_socket@ +LIB_syslog = @LIB_syslog@ +LIB_tgetent = @LIB_tgetent@ + +LIBS = @LIBS@ + +HESIODLIB = @HESIODLIB@ +HESIODINCLUDE = @HESIODINCLUDE@ +INCLUDE_hesiod = @INCLUDE_hesiod@ +LIB_hesiod = @LIB_hesiod@ + +INCLUDE_krb4 = @INCLUDE_krb4@ +LIB_krb4 = @LIB_krb4@ + +INCLUDE_openldap = @INCLUDE_openldap@ +LIB_openldap = @LIB_openldap@ + +INCLUDE_readline = @INCLUDE_readline@ + +LEXLIB = @LEXLIB@ + +NROFF_MAN = groff -mandoc -Tascii + +@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) + +@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la +@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la + +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + +CHECK_LOCAL = $(PROGRAMS) + +bin_PROGRAMS = otp otpprint +bin_SUIDS = otp +otp_SOURCES = otp.c otp_locl.h +otpprint_SOURCES = otpprint.c otp_locl.h + +man_MANS = otp.1 otpprint.1 + +LDADD = \ + $(top_builddir)/lib/otp/libotp.la \ + $(LIB_des) \ + $(LIB_roken) \ + $(DBLIB) + +subdir = appl/otp +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = ../../include/config.h +CONFIG_CLEAN_FILES = +bin_PROGRAMS = otp$(EXEEXT) otpprint$(EXEEXT) +PROGRAMS = $(bin_PROGRAMS) + + +DEFS = @DEFS@ -I. -I$(srcdir) -I../../include +CPPFLAGS = @CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +X_CFLAGS = @X_CFLAGS@ +X_LIBS = @X_LIBS@ +X_EXTRA_LIBS = @X_EXTRA_LIBS@ +X_PRE_LIBS = @X_PRE_LIBS@ +am_otp_OBJECTS = otp.$(OBJEXT) +otp_OBJECTS = $(am_otp_OBJECTS) +otp_LDADD = $(LDADD) +otp_DEPENDENCIES = $(top_builddir)/lib/otp/libotp.la +otp_LDFLAGS = +am_otpprint_OBJECTS = otpprint.$(OBJEXT) +otpprint_OBJECTS = $(am_otpprint_OBJECTS) +otpprint_LDADD = $(LDADD) +otpprint_DEPENDENCIES = $(top_builddir)/lib/otp/libotp.la +otpprint_LDFLAGS = +COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CFLAGS = @CFLAGS@ +CCLD = $(CC) +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +DIST_SOURCES = $(otp_SOURCES) $(otpprint_SOURCES) +man1dir = $(mandir)/man1 +MANS = $(man_MANS) +depcomp = +DIST_COMMON = ChangeLog Makefile.am Makefile.in + + +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + +GZIP_ENV = --best +SOURCES = $(otp_SOURCES) $(otpprint_SOURCES) +OBJECTS = $(am_otp_OBJECTS) $(am_otpprint_OBJECTS) + +all: all-redirect +.SUFFIXES: +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj +$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common + cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/otp/Makefile + +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) \ + && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status + + +mostlyclean-binPROGRAMS: + +clean-binPROGRAMS: + -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS) + +distclean-binPROGRAMS: + +maintainer-clean-binPROGRAMS: + +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(bindir) + @list='$(bin_PROGRAMS)'; for p in $$list; do \ + if test -f $$p; then \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f"; \ + $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f; \ + else :; fi; \ + done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(bin_PROGRAMS)'; for p in $$list; do \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " rm -f $(DESTDIR)$(bindir)/$$f"; \ + rm -f $(DESTDIR)$(bindir)/$$f; \ + done + +mostlyclean-compile: + -rm -f *.o core *.core + -rm -f *.$(OBJEXT) + +clean-compile: + +distclean-compile: + -rm -f *.tab.c + +maintainer-clean-compile: + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + +maintainer-clean-libtool: + +otp$(EXEEXT): $(otp_OBJECTS) $(otp_DEPENDENCIES) + @rm -f otp$(EXEEXT) + $(LINK) $(otp_LDFLAGS) $(otp_OBJECTS) $(otp_LDADD) $(LIBS) + +otpprint$(EXEEXT): $(otpprint_OBJECTS) $(otpprint_DEPENDENCIES) + @rm -f otpprint$(EXEEXT) + $(LINK) $(otpprint_LDFLAGS) $(otpprint_OBJECTS) $(otpprint_LDADD) $(LIBS) +.c.o: + $(COMPILE) -c $< +.c.obj: + $(COMPILE) -c `cygpath -w $<` +.c.lo: + $(LTCOMPILE) -c -o $@ $< + +install-man1: + $(mkinstalldirs) $(DESTDIR)$(man1dir) + @list='$(man1_MANS)'; \ + l2='$(man_MANS)'; for i in $$l2; do \ + case "$$i" in \ + *.1*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \ + $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \ + done + +uninstall-man1: + @list='$(man1_MANS)'; \ + l2='$(man_MANS)'; for i in $$l2; do \ + case "$$i" in \ + *.1*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \ + rm -f $(DESTDIR)$(man1dir)/$$inst; \ + done +install-man: $(MANS) + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-man1 +uninstall-man: + @$(NORMAL_UNINSTALL) + $(MAKE) $(AM_MAKEFLAGS) uninstall-man1 + +tags: TAGS + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique $(LISP) + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ + || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) + +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + +mostlyclean-tags: + +clean-tags: + +distclean-tags: + -rm -f TAGS ID + +maintainer-clean-tags: + +distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) + +distdir: $(DISTFILES) + @for file in $(DISTFILES); do \ + d=$(srcdir); \ + if test -d $$d/$$file; then \ + cp -pR $$d/$$file $(distdir) \ + || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook +info-am: +info: info-am +dvi-am: +dvi: dvi-am +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-local +check: check-am +installcheck-am: +installcheck: installcheck-am +install-exec-am: install-binPROGRAMS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook +install-exec: install-exec-am + +install-data-am: install-man install-data-local +install-data: install-data-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am +install: install-am +uninstall-am: uninstall-binPROGRAMS uninstall-man +uninstall: uninstall-am +all-am: Makefile $(PROGRAMS) $(MANS) all-local +all-redirect: all-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install +installdirs: + $(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 + + +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f config.cache config.log stamp-h stamp-h[0-9]* + +maintainer-clean-generic: + -rm -f Makefile.in +mostlyclean-am: mostlyclean-binPROGRAMS mostlyclean-compile \ + mostlyclean-libtool mostlyclean-tags \ + mostlyclean-generic + +mostlyclean: mostlyclean-am + +clean-am: clean-binPROGRAMS clean-compile clean-libtool clean-tags \ + clean-generic mostlyclean-am + +clean: clean-am + +distclean-am: distclean-binPROGRAMS distclean-compile distclean-libtool \ + distclean-tags distclean-generic clean-am + -rm -f libtool + +distclean: distclean-am + +maintainer-clean-am: maintainer-clean-binPROGRAMS \ + maintainer-clean-compile maintainer-clean-libtool \ + maintainer-clean-tags maintainer-clean-generic \ + distclean-am + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." + +maintainer-clean: maintainer-clean-am + +.PHONY: mostlyclean-binPROGRAMS distclean-binPROGRAMS clean-binPROGRAMS \ +maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \ +mostlyclean-compile distclean-compile clean-compile \ +maintainer-clean-compile mostlyclean-libtool distclean-libtool \ +clean-libtool maintainer-clean-libtool install-man1 uninstall-man1 \ +install-man uninstall-man tags mostlyclean-tags distclean-tags \ +clean-tags maintainer-clean-tags distdir info-am info dvi-am dvi \ +check-local check check-am installcheck-am installcheck install-exec-am \ +install-exec install-data-local install-data-am install-data install-am \ +install uninstall-am uninstall all-local all-redirect all-am all \ +install-strip installdirs mostlyclean-generic distclean-generic \ +clean-generic maintainer-clean-generic clean mostlyclean distclean \ +maintainer-clean + + +install-suid-programs: + @foo='$(bin_SUIDS)'; \ + for file in $$foo; do \ + x=$(DESTDIR)$(bindir)/$$file; \ + if chown 0:0 $$x && chmod u+s $$x; then :; else \ + echo "*"; \ + echo "* Failed to install $$x setuid root"; \ + echo "*"; \ + fi; done + +install-exec-hook: install-suid-programs + +install-build-headers:: $(include_HEADERS) $(build_HEADERZ) + @foo='$(include_HEADERS) $(build_HEADERZ)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done + +all-local: install-build-headers +#NROFF_MAN = nroff -man +.1.cat1: + $(NROFF_MAN) $< > $@ +.3.cat3: + $(NROFF_MAN) $< > $@ +.5.cat5: + $(NROFF_MAN) $< > $@ +.8.cat8: + $(NROFF_MAN) $< > $@ + +dist-cat1-mans: + @foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat3-mans: + @foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat5-mans: + @foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat8-mans: + @foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans + +install-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +install-data-local: install-cat-mans + +.et.h: + $(COMPILE_ET) $< +.et.c: + $(COMPILE_ET) $< + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ + +check-local:: + @foo='$(CHECK_LOCAL)'; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if ./$$i --version > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0; \ + fi + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/crypto/heimdal/appl/otp/otp.1 b/crypto/heimdal/appl/otp/otp.1 new file mode 100644 index 0000000..473a4b0 --- /dev/null +++ b/crypto/heimdal/appl/otp/otp.1 @@ -0,0 +1,60 @@ +.\" $Id: otp.1,v 1.2 2000/11/29 18:18:22 joda Exp $ +.\" +.Dd November 17, 1996 +.Dt OTP 1 +.Os KTH-KRB +.Sh NAME +.Nm otp +.Nd +manages one-time passwords +.Sh SYNOPSIS +.Nm otp +.Op Fl dhlor +.Op Fl f Ar algorithm +.Op Fl u Ar user +.Ar sequence-number +.Ar seed +.Sh DESCRIPTION +The +.Nm +program initializes and updates your current series of one-time +passwords (OTPs). +.Pp +Use this to set a new series of one-time passwords. Only perform this +on the console or over an encrypted link as you will have to supply +your pass-phrase. The other two parameters are +.Ar sequence-number +and +.Ar seed . +.Pp +Options are: +.Bl -tag -width Ds +.It Fl d +To delete a one-time password. +.It Fl f +Choose a different +.Ar algorithm +from the default md5. Pick any of: md4, md5, and sha. +.It Fl h +For getting a help message. +.It Fl l +List the current table of one-time passwords. +.It Fl o +To open (unlock) the otp-entry for a user. +.It Fl r +To renew a one-time password series. This operation can be performed +over an potentially eavesdropped link because you do not supply the +pass-phrase. First you need to supply the current one-time password +and then the new one corresponding to the supplied +.Ar sequence-number +and +.Ar seed . +.It Fl u +To choose a different +.Ar user +to set one-time passwords for. This only works when running +.Nm +as root. +.El +.Sh SEE ALSO +.Xr otpprint 1 diff --git a/crypto/heimdal/appl/otp/otp.c b/crypto/heimdal/appl/otp/otp.c new file mode 100644 index 0000000..66de4e0 --- /dev/null +++ b/crypto/heimdal/appl/otp/otp.c @@ -0,0 +1,366 @@ +/* + * Copyright (c) 1995-1997, 1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "otp_locl.h" +#include <getarg.h> + +RCSID("$Id: otp.c,v 1.33 2001/02/20 01:44:46 assar Exp $"); + +static int listp; +static int deletep; +static int openp; +static int renewp; +static char* alg_string; +static char *user; +static int version_flag; +static int help_flag; + +struct getargs args[] = { + { "list", 'l', arg_flag, &listp, "list OTP status" }, + { "delete", 'd', arg_flag, &deletep, "delete OTP" }, + { "open", 'o', arg_flag, &openp, "open a locked OTP" }, + { "renew", 'r', arg_flag, &renewp, "securely renew OTP" }, + { "hash", 'f', arg_string, &alg_string, + "hash algorithm (md4, md5, or sha)", "algorithm"}, + { "user", 'u', arg_string, &user, + "user other than current user (root only)", "user" }, + { "version", 0, arg_flag, &version_flag }, + { "help", 'h', arg_flag, &help_flag } +}; + +int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage(int code) +{ + arg_printusage(args, num_args, NULL, "[num seed]"); + exit(code); +} + +/* + * Renew the OTP for a user. + * The pass-phrase is not required (RFC 1938/8.0) + */ + +static int +renew (int argc, char **argv, OtpAlgorithm *alg, char *user) +{ + OtpContext newctx, *ctx; + char prompt[128]; + char pw[64]; + void *dbm; + int ret; + + newctx.alg = alg; + newctx.user = user; + newctx.n = atoi (argv[0]); + strlcpy (newctx.seed, argv[1], sizeof(newctx.seed)); + strlwr(newctx.seed); + snprintf (prompt, sizeof(prompt), + "[ otp-%s %u %s ]", + newctx.alg->name, + newctx.n, + newctx.seed); + if (des_read_pw_string (pw, sizeof(pw), prompt, 0) == 0 && + otp_parse (newctx.key, pw, alg) == 0) { + ctx = &newctx; + ret = 0; + } else + return 1; + + dbm = otp_db_open (); + if (dbm == NULL) { + warnx ("otp_db_open failed"); + return 1; + } + otp_put (dbm, ctx); + otp_db_close (dbm); + return ret; +} + +/* + * Return 0 if the user could enter the next OTP. + * I would rather have returned !=0 but it's shell-like here around. + */ + +static int +verify_user_otp(char *username) +{ + OtpContext ctx; + char passwd[OTP_MAX_PASSPHRASE + 1]; + char prompt[128], ss[256]; + + if (otp_challenge (&ctx, username, ss, sizeof(ss)) != 0) { + warnx("no otp challenge found for %s", username); + return 1; + } + + snprintf (prompt, sizeof(prompt), "%s's %s Password: ", username, ss); + if(des_read_pw_string(passwd, sizeof(passwd)-1, prompt, 0)) + return 1; + return otp_verify_user (&ctx, passwd); +} + +/* + * Set the OTP for a user + */ + +static int +set (int argc, char **argv, OtpAlgorithm *alg, char *user) +{ + void *db; + OtpContext ctx; + char pw[OTP_MAX_PASSPHRASE + 1]; + int ret; + int i; + + ctx.alg = alg; + ctx.user = strdup (user); + if (ctx.user == NULL) + err (1, "out of memory"); + + ctx.n = atoi (argv[0]); + strlcpy (ctx.seed, argv[1], sizeof(ctx.seed)); + strlwr(ctx.seed); + do { + if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 1)) + return 1; + if (strlen (pw) < OTP_MIN_PASSPHRASE) + printf ("Too short pass-phrase. Use at least %d characters\n", + OTP_MIN_PASSPHRASE); + } while(strlen(pw) < OTP_MIN_PASSPHRASE); + ctx.alg->init (ctx.key, pw, ctx.seed); + for (i = 0; i < ctx.n; ++i) + ctx.alg->next (ctx.key); + db = otp_db_open (); + if(db == NULL) { + free (ctx.user); + err (1, "otp_db_open failed"); + } + ret = otp_put (db, &ctx); + otp_db_close (db); + free (ctx.user); + return ret; +} + +/* + * Delete otp of user from the database + */ + +static int +delete_otp (int argc, char **argv, char *user) +{ + void *db; + OtpContext ctx; + int ret; + + db = otp_db_open (); + if(db == NULL) + errx (1, "otp_db_open failed"); + + ctx.user = user; + ret = otp_delete(db, &ctx); + otp_db_close (db); + return ret; +} + +/* + * Tell whether the user has an otp + */ + +static int +has_an_otp(char *user) +{ + void *db; + OtpContext ctx; + int ret; + + db = otp_db_open (); + if(db == NULL) { + warnx ("otp_db_open failed"); + return 0; /* if no db no otp! */ + } + + ctx.user = user; + ret = otp_simple_get(db, &ctx); + + otp_db_close (db); + return !ret; +} + +/* + * Get and print out the otp entry for some user + */ + +static void +print_otp_entry_for_name (void *db, char *user) +{ + OtpContext ctx; + + ctx.user = user; + if (!otp_simple_get(db, &ctx)) { + fprintf(stdout, + "%s\totp-%s %d %s", + ctx.user, ctx.alg->name, ctx.n, ctx.seed); + if (ctx.lock_time) + fprintf(stdout, + "\tlocked since %s", + ctime(&ctx.lock_time)); + else + fprintf(stdout, "\n"); + } +} + +static int +open_otp (int argc, char **argv, char *user) +{ + void *db; + OtpContext ctx; + int ret; + + db = otp_db_open (); + if (db == NULL) + errx (1, "otp_db_open failed"); + + ctx.user = user; + ret = otp_simple_get (db, &ctx); + if (ret == 0) + ret = otp_put (db, &ctx); + otp_db_close (db); + return ret; +} + +/* + * Print otp entries for one or all users + */ + +static int +list_otps (int argc, char **argv, char *user) +{ + void *db; + struct passwd *pw; + + db = otp_db_open (); + if(db == NULL) + errx (1, "otp_db_open failed"); + + if (user) + print_otp_entry_for_name(db, user); + else + /* scans all users... so as to get a deterministic order */ + while ((pw = getpwent())) + print_otp_entry_for_name(db, pw->pw_name); + + otp_db_close (db); + return 0; +} + +int +main (int argc, char **argv) +{ + int defaultp = 0; + int uid = getuid(); + OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT); + int optind = 0; + + setprogname (argv[0]); + if(getarg(args, num_args, argc, argv, &optind)) + usage(1); + if(help_flag) + usage(0); + if(version_flag) { + print_version(NULL); + exit(0); + } + + if(deletep && uid != 0) + errx (1, "Only root can delete OTPs"); + if(alg_string) { + alg = otp_find_alg (alg_string); + if (alg == NULL) + errx (1, "Unknown algorithm: %s", alg_string); + } + if (user && uid != 0) + errx (1, "Only root can use `-u'"); + argc -= optind; + argv += optind; + + if (!(listp || deletep || renewp || openp)) + defaultp = 1; + + if ( listp + deletep + renewp + defaultp + openp != 1) + usage(1); /* one of -d or -l or -r or none */ + + if(deletep || openp || listp) { + if(argc != 0) + errx(1, "delete, open, and list requires no arguments\n"); + } else { + if(argc != 2) + errx(1, "setup, and renew requires `num', and `seed'"); + } + if (listp) + return list_otps (argc, argv, user); + + if (user == NULL) { + struct passwd *pwd; + + pwd = k_getpwuid(uid); + if (pwd == NULL) + err (1, "You don't exist"); + user = pwd->pw_name; + } + + /* + * users other that root must provide the next OTP to update the sequence. + * it avoids someone to use a pending session to change an OTP sequence. + * see RFC 1938/8.0. + */ + if (uid != 0 && (defaultp || renewp)) { + if (!has_an_otp(user)) { + errx (1, "Only root can set an initial OTP"); + } else { /* Check the next OTP (RFC 1938/8.0: SHOULD) */ + if (verify_user_otp(user) != 0) { + errx (1, "User authentification failed"); + } + } + } + + if (deletep) + return delete_otp (argc, argv, user); + else if (renewp) + return renew (argc, argv, alg, user); + else if (openp) + return open_otp (argc, argv, user); + else + return set (argc, argv, alg, user); +} diff --git a/crypto/heimdal/appl/otp/otp.cat1 b/crypto/heimdal/appl/otp/otp.cat1 new file mode 100644 index 0000000..588bcc2 --- /dev/null +++ b/crypto/heimdal/appl/otp/otp.cat1 @@ -0,0 +1,43 @@ + +OTP(1) UNIX Reference Manual OTP(1) + +NNAAMMEE + oottpp - manages one-time passwords + +SSYYNNOOPPSSIISS + oottpp [--ddhhlloorr] [--ff _a_l_g_o_r_i_t_h_m] [--uu _u_s_e_r] _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r _s_e_e_d + +DDEESSCCRRIIPPTTIIOONN + The oottpp program initializes and updates your current series of one-time + passwords (OTPs). + + Use this to set a new series of one-time passwords. Only perform this on + the console or over an encrypted link as you will have to supply your + pass-phrase. The other two parameters are _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and _s_e_e_d. + + Options are: + + --dd To delete a one-time password. + + --ff Choose a different _a_l_g_o_r_i_t_h_m from the default md5. Pick any of: + md4, md5, and sha. + + --hh For getting a help message. + + --ll List the current table of one-time passwords. + + --oo To open (unlock) the otp-entry for a user. + + --rr To renew a one-time password series. This operation can be per- + formed over an potentially eavesdropped link because you do not + supply the pass-phrase. First you need to supply the current + one-time password and then the new one corresponding to the sup- + plied _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and _s_e_e_d. + + --uu To choose a different _u_s_e_r to set one-time passwords for. This + only works when running oottpp as root. + +SSEEEE AALLSSOO + otpprint(1) + + KTH-KRB November 17, 1996 1 diff --git a/crypto/heimdal/appl/otp/otp_locl.h b/crypto/heimdal/appl/otp/otp_locl.h new file mode 100644 index 0000000..971ec68 --- /dev/null +++ b/crypto/heimdal/appl/otp/otp_locl.h @@ -0,0 +1,60 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* $Id: otp_locl.h,v 1.8 2001/02/15 04:20:51 assar Exp $ */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif +#include <roken.h> +#include <err.h> +#ifdef HAVE_OPENSSL_DES_H +#include <openssl/des.h> +#else +#include <des.h> +#endif +#include <otp.h> diff --git a/crypto/heimdal/appl/otp/otpprint.1 b/crypto/heimdal/appl/otp/otpprint.1 new file mode 100644 index 0000000..7f7d5be --- /dev/null +++ b/crypto/heimdal/appl/otp/otpprint.1 @@ -0,0 +1,52 @@ +.\" $Id: otpprint.1,v 1.4 2001/06/08 20:44:46 assar Exp $ +.\" +.Dd November 17, 1996 +.Dt OTP 1 +.Os KTH-KRB +.Sh NAME +.Nm otpprint +.Nd +print lists of one-time passwords +.Sh SYNOPSIS +.Nm otp +.Op Fl n Ar count +.Op Fl e +.Op Fl h +.Op Fl f Ar algorithm +.Ar sequence-number +.Ar seed +.Sh DESCRIPTION +The +.Nm +program prints lists of OTPs. +.Pp +Use this to print out a series of one-time passwords. You will have +to supply the +.Ar sequence number +and the +.Ar seed +as arguments and then the program will prompt you for your pass-phrase. +.Pp +There are several different print formats. The default is to print +each password with six short english words. +.Pp +Options are: +.Bl -tag -width Ds +.It Fl e +Print the passwords in ``extended'' format. In this format a prefix +that says ``hex:'' or ``word:'' is included. +.It Fl f +To choose a different +.Ar algorithm +from the default md5. Pick any of: md4, md5, and sha. +.It Fl h +Print the passwords in hex. +.It Fl n +Print +.Ar count +one-time passwords, starting at +.Ar sequence-number +and going backwards. The default is 10. +.El +.Sh SEE ALSO +.Xr otp 1 diff --git a/crypto/heimdal/appl/otp/otpprint.c b/crypto/heimdal/appl/otp/otpprint.c new file mode 100644 index 0000000..b1d0a84 --- /dev/null +++ b/crypto/heimdal/appl/otp/otpprint.c @@ -0,0 +1,135 @@ +/* + * Copyright (c) 1995-1999 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "otp_locl.h" +#include <getarg.h> + +RCSID("$Id: otpprint.c,v 1.14 2001/02/20 01:44:46 assar Exp $"); + +static int extendedp; +static int count = 10; +static int hexp; +static char* alg_string; +static int version_flag; +static int help_flag; + +struct getargs args[] = { + { "extended", 'e', arg_flag, &extendedp, "print keys in extended format" }, + { "count", 'n', arg_integer, &count, "number of keys to print" }, + { "hexadecimal", 'h', arg_flag, &hexp, "output in hexadecimal" }, + { "hash", 'f', arg_string, &alg_string, + "hash algorithm (md4, md5, or sha)", "algorithm"}, + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; + +int num_args = sizeof(args) / sizeof(args[0]); + +static void +usage(int code) +{ + arg_printusage(args, num_args, NULL, "num seed"); + exit(code); +} + +static int +print (int argc, + char **argv, + int count, + OtpAlgorithm *alg, + void (*print_fn)(OtpKey, char *, size_t)) +{ + char pw[64]; + OtpKey key; + int n; + int i; + char *seed; + + if (argc != 2) + usage (1); + n = atoi(argv[0]); + seed = argv[1]; + if (des_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 0)) + return 1; + alg->init (key, pw, seed); + for (i = 0; i < n; ++i) { + char s[64]; + + alg->next (key); + if (i >= n - count) { + (*print_fn)(key, s, sizeof(s)); + printf ("%d: %s\n", i + 1, s); + } + } + return 0; +} + +int +main (int argc, char **argv) +{ + int optind = 0; + void (*fn)(OtpKey, char *, size_t); + OtpAlgorithm *alg = otp_find_alg (OTP_ALG_DEFAULT); + + setprogname (argv[0]); + if(getarg(args, num_args, argc, argv, &optind)) + usage(1); + if(help_flag) + usage(0); + if(version_flag) { + print_version(NULL); + exit(0); + } + + if(alg_string) { + alg = otp_find_alg (alg_string); + if (alg == NULL) + errx(1, "Unknown algorithm: %s", alg_string); + } + argc -= optind; + argv += optind; + + if (hexp) { + if (extendedp) + fn = otp_print_hex_extended; + else + fn = otp_print_hex; + } else { + if (extendedp) + fn = otp_print_stddict_extended; + else + fn = otp_print_stddict; + } + + return print (argc, argv, count, alg, fn); +} diff --git a/crypto/heimdal/appl/otp/otpprint.cat1 b/crypto/heimdal/appl/otp/otpprint.cat1 new file mode 100644 index 0000000..1c4d244 --- /dev/null +++ b/crypto/heimdal/appl/otp/otpprint.cat1 @@ -0,0 +1,36 @@ + +OTP(1) UNIX Reference Manual OTP(1) + +NNAAMMEE + oottpppprriinntt - print lists of one-time passwords + +SSYYNNOOPPSSIISS + oottpp [--nn _c_o_u_n_t] [--ee] [--hh] [--ff _a_l_g_o_r_i_t_h_m] _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r _s_e_e_d + +DDEESSCCRRIIPPTTIIOONN + The oottpppprriinntt program prints lists of OTPs. + + Use this to print out a series of one-time passwords. You will have to + supply the _s_e_q_u_e_n_c_e _n_u_m_b_e_r and the _s_e_e_d as arguments and then the program + will prompt you for your pass-phrase. + + There are several different print formats. The default is to print each + password with six short english words. + + Options are: + + --ee Print the passwords in ``extended'' format. In this format a + prefix that says ``hex:'' or ``word:'' is included. + + --ff To choose a different _a_l_g_o_r_i_t_h_m from the default md5. Pick any + of: md4, md5, and sha. + + --hh Print the passwords in hex. + + --nn Print _c_o_u_n_t one-time passwords, starting at _s_e_q_u_e_n_c_e_-_n_u_m_b_e_r and + going backwards. The default is 10. + +SSEEEE AALLSSOO + otp(1) + + KTH-KRB November 17, 1996 1 diff --git a/crypto/heimdal/appl/popper/ChangeLog b/crypto/heimdal/appl/popper/ChangeLog new file mode 100644 index 0000000..8c85793 --- /dev/null +++ b/crypto/heimdal/appl/popper/ChangeLog @@ -0,0 +1,169 @@ +2000-12-31 Assar Westerlund <assar@sics.se> + + * pop_init.c (pop_init): handle krb5_init_context failure + consistently + * pop_debug.c (doit_v5): handle krb5_init_context failure + consistently + +2000-06-10 Assar Westerlund <assar@sics.se> + + * pop_init.c (krb4_authenticate): do not exit on failure, just + return + (krb5_authenticate): log errors from krb5_recvauth + +2000-04-12 Assar Westerlund <assar@sics.se> + + * *.c: replace all erroneous calls to pop_log with POP_FAILURE + with POP_PRIORITY. reported by Janne Johansson <jj@it.kth.se>' + +2000-01-27 Assar Westerlund <assar@sics.se> + + * pop_debug.c (main): figure out port number + +1999-12-20 Assar Westerlund <assar@sics.se> + + * pop_init.c (pop_init): use getnameinfo_verified + + * pop_debug.c (get_socket): use getaddrinfo + +1999-12-03 Johan Danielsson <joda@pdc.kth.se> + + * pop_init.c: optionally trace connected addresses to a file + +1999-11-02 Assar Westerlund <assar@sics.se> + + * pop_debug.c (main): redo the v4/v5 selection for consistency. + -4 -> try only v4 -5 -> try only v5 none, -45 -> try v5, v4 + +1999-10-16 Johan Danielsson <joda@pdc.kth.se> + + * pop_init.c (krb5_authenticate): don't use the principal + associated with the socket for authentication, instead let + krb5_rd_req pick the correct one from the ticket; just check that + it actually was a pop-ticket + +1999-08-12 Johan Danielsson <joda@pdc.kth.se> + + * pop_init.c (pop_init): don't freehostent if ch == NULL + + * pop_dele.c: implement XDELE to delete a range of messages + +1999-08-05 Assar Westerlund <assar@sics.se> + + * pop_init.c: v6-ify + + * pop_debug.c: v6-ify + +1999-05-10 Assar Westerlund <assar@sics.se> + + * pop_debug.c (doit_v5): call krb5_sendauth with ccache == NULL + +1999-04-11 Assar Westerlund <assar@sics.se> + + * pop_debug.c (main): use print_version + +Thu Apr 8 15:07:11 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * pop_pass.c: remove definition of KRB_VERIFY_USER (moved to + config.h) + +Thu Mar 18 12:55:42 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * pop_pass.c: define KRB_VERIFY_SECURE if not defined + + * Makefile.am: include Makefile.am.common + +Wed Mar 17 23:36:21 1999 Assar Westerlund <assar@sics.se> + + * pop_pass.c (krb4_verify_password): use KRB_VERIFY_SECURE instead + of 1 + +Tue Mar 16 22:28:52 1999 Assar Westerlund <assar@sics.se> + + * pop_pass.c: krb_verify_user_multiple -> krb_verify_user + +Sat Mar 13 22:17:29 1999 Assar Westerlund <assar@sics.se> + + * pop_parse.c (pop_parse): cast when calling is* to get rid of a + warning + +Mon Mar 8 11:50:06 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * pop_init.c: use print_version + +Fri Mar 5 15:14:29 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * pop_send.c: fix handling of messages w/o body + +Sun Nov 22 10:33:29 1998 Assar Westerlund <assar@sics.se> + + * pop_pass.c (pop_pass): try to always log + + * Makefile.in (WFLAGS): set + +Fri Jul 10 01:14:25 1998 Assar Westerlund <assar@sics.se> + + * pop_init.c: s/net_read/pop_net_read/ + +Tue Jun 2 17:33:54 1998 Johan Danielsson <joda@emma.pdc.kth.se> + + * pop_send.c: add missing newlines + +Sun May 24 20:59:45 1998 Johan Danielsson <joda@emma.pdc.kth.se> + + * maildir.c (make_path): fix reversed args + +Sat May 16 00:02:18 1998 Assar Westerlund <assar@sics.se> + + * Makefile.am: link with DBLIB + +Sun Apr 26 11:47:58 1998 Assar Westerlund <assar@sics.se> + + * pop_pass.c (pop_pass): check return value from changeuser + + * pop_dropcopy.c (changeuser): check that `setuid' and `setgid' + succeeded. + + * popper.h: changeuser now returns int + +Thu Apr 23 00:54:38 1998 Johan Danielsson <joda@emma.pdc.kth.se> + + * Add support for maildir spoolfiles. + + * popper.h (MsgInfoList): replace `del_flag' and `retr_flag' with + single `flags' + + * pop_dropcopy.c: Fix mismatched parenthesis. + +Sat Apr 4 15:13:56 1998 Assar Westerlund <assar@sics.se> + + * pop_dropcopy.c (pop_dropcopy): first do mkstemp and then fdopen. + Originally from <map@stacken.kth.se> + + * popper.h: include <io.h> + +Sat Feb 7 10:07:39 1998 Assar Westerlund <assar@sics.se> + + * pop_pass.c(krb4_verify_password: Don't use REALM_SZ + 1, just + REALM_SZ + +Mon Dec 29 16:37:26 1997 Assar Westerlund <assar@sics.se> + + * pop_updt.c (pop_updt): lseek before ftruncating the file. From + <map@stacken.kth.se> + +Sat Nov 22 13:46:39 1997 Johan Danielsson <joda@emma.pdc.kth.se> + + * pop_pass.c: Destroy tickets after verification. + +Sun Nov 9 09:11:14 1997 Assar Westerlund <assar@sics.se> + + * pop_dropinfo.c: be careful with mails without msg-id, subject, + or from + +Wed Oct 29 02:09:24 1997 Assar Westerlund <assar@sics.se> + + * pop_pass.c: conditionalize OTP-support + + * pop_init.c: conditionalize OTP-support + diff --git a/crypto/heimdal/appl/popper/Makefile.am b/crypto/heimdal/appl/popper/Makefile.am new file mode 100644 index 0000000..d52d0cf --- /dev/null +++ b/crypto/heimdal/appl/popper/Makefile.am @@ -0,0 +1,29 @@ +# $Id: Makefile.am,v 1.13 2000/11/15 22:51:09 assar Exp $ + +include $(top_srcdir)/Makefile.am.common + +INCLUDES += $(INCLUDE_krb4) + +noinst_PROGRAMS = pop_debug + +libexec_PROGRAMS = popper + +popper_SOURCES = \ + pop_dele.c pop_dropcopy.c pop_dropinfo.c \ + pop_get_command.c pop_init.c \ + pop_last.c pop_list.c pop_log.c \ + pop_msg.c pop_parse.c pop_pass.c pop_quit.c \ + pop_rset.c pop_send.c pop_stat.c pop_updt.c \ + pop_user.c pop_uidl.c pop_xover.c popper.c \ + maildir.c popper.h version.h + +EXTRA_DIST = pop3.rfc1081 pop3e.rfc1082 \ + popper.README.release README-FIRST README-KRB4 + +LDADD = \ + $(LIB_otp) \ + $(LIB_krb5) \ + $(LIB_krb4) \ + $(LIB_des) \ + $(LIB_roken) \ + $(DBLIB) diff --git a/crypto/heimdal/appl/popper/Makefile.in b/crypto/heimdal/appl/popper/Makefile.in new file mode 100644 index 0000000..0185f12 --- /dev/null +++ b/crypto/heimdal/appl/popper/Makefile.in @@ -0,0 +1,623 @@ +# Makefile.in generated automatically by automake 1.4b from Makefile.am + +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +SHELL = @SHELL@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +datadir = @datadir@ +sysconfdir = @sysconfdir@ +sharedstatedir = @sharedstatedir@ +localstatedir = @localstatedir@ +libdir = @libdir@ +infodir = @infodir@ +mandir = @mandir@ +includedir = @includedir@ +oldincludedir = /usr/include + +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ + +top_builddir = ../.. + +ACLOCAL = @ACLOCAL@ +AUTOCONF = @AUTOCONF@ +AUTOMAKE = @AUTOMAKE@ +AUTOHEADER = @AUTOHEADER@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_FLAG = +transform = @program_transform_name@ + +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : + +@SET_MAKE@ +host_alias = @host_alias@ +host_triplet = @host@ +AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ +AMDEP = @AMDEP@ +AMTAR = @AMTAR@ +AS = @AS@ +AWK = @AWK@ +CANONICAL_HOST = @CANONICAL_HOST@ +CATMAN = @CATMAN@ +CATMANEXT = @CATMANEXT@ +CC = @CC@ +CPP = @CPP@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +DBLIB = @DBLIB@ +DEPDIR = @DEPDIR@ +DIR_des = @DIR_des@ +DIR_roken = @DIR_roken@ +DLLTOOL = @DLLTOOL@ +EXEEXT = @EXEEXT@ +EXTRA_LIB45 = @EXTRA_LIB45@ +GROFF = @GROFF@ +INCLUDES_roken = @INCLUDES_roken@ +INCLUDE_ = @INCLUDE_@ +LEX = @LEX@ +LIBOBJS = @LIBOBJS@ +LIBTOOL = @LIBTOOL@ +LIB_ = @LIB_@ +LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_des = @LIB_des@ +LIB_des_appl = @LIB_des_appl@ +LIB_kdb = @LIB_kdb@ +LIB_otp = @LIB_otp@ +LIB_roken = @LIB_roken@ +LIB_security = @LIB_security@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ +NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ +NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +RANLIB = @RANLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ +WFLAGS = @WFLAGS@ +WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ +WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +YACC = @YACC@ +dpagaix_CFLAGS = @dpagaix_CFLAGS@ +dpagaix_LDADD = @dpagaix_LDADD@ +install_sh = @install_sh@ + +# $Id: Makefile.am,v 1.13 2000/11/15 22:51:09 assar Exp $ + + +# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ + + +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ + + +AUTOMAKE_OPTIONS = foreign no-dependencies + +SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x + +INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) + +AM_CFLAGS = $(WFLAGS) + +CP = cp + +COMPILE_ET = $(top_builddir)/lib/com_err/compile_et + +buildinclude = $(top_builddir)/include + +LIB_XauReadAuth = @LIB_XauReadAuth@ +LIB_crypt = @LIB_crypt@ +LIB_dbm_firstkey = @LIB_dbm_firstkey@ +LIB_dbopen = @LIB_dbopen@ +LIB_dlopen = @LIB_dlopen@ +LIB_dn_expand = @LIB_dn_expand@ +LIB_el_init = @LIB_el_init@ +LIB_getattr = @LIB_getattr@ +LIB_gethostbyname = @LIB_gethostbyname@ +LIB_getpwent_r = @LIB_getpwent_r@ +LIB_getpwnam_r = @LIB_getpwnam_r@ +LIB_getsockopt = @LIB_getsockopt@ +LIB_logout = @LIB_logout@ +LIB_logwtmp = @LIB_logwtmp@ +LIB_odm_initialize = @LIB_odm_initialize@ +LIB_pidfile = @LIB_pidfile@ +LIB_readline = @LIB_readline@ +LIB_res_search = @LIB_res_search@ +LIB_setpcred = @LIB_setpcred@ +LIB_setsockopt = @LIB_setsockopt@ +LIB_socket = @LIB_socket@ +LIB_syslog = @LIB_syslog@ +LIB_tgetent = @LIB_tgetent@ + +LIBS = @LIBS@ + +HESIODLIB = @HESIODLIB@ +HESIODINCLUDE = @HESIODINCLUDE@ +INCLUDE_hesiod = @INCLUDE_hesiod@ +LIB_hesiod = @LIB_hesiod@ + +INCLUDE_krb4 = @INCLUDE_krb4@ +LIB_krb4 = @LIB_krb4@ + +INCLUDE_openldap = @INCLUDE_openldap@ +LIB_openldap = @LIB_openldap@ + +INCLUDE_readline = @INCLUDE_readline@ + +LEXLIB = @LEXLIB@ + +NROFF_MAN = groff -mandoc -Tascii + +@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) + +@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la +@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la + +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + +CHECK_LOCAL = $(PROGRAMS) + +noinst_PROGRAMS = pop_debug + +libexec_PROGRAMS = popper + +popper_SOURCES = \ + pop_dele.c pop_dropcopy.c pop_dropinfo.c \ + pop_get_command.c pop_init.c \ + pop_last.c pop_list.c pop_log.c \ + pop_msg.c pop_parse.c pop_pass.c pop_quit.c \ + pop_rset.c pop_send.c pop_stat.c pop_updt.c \ + pop_user.c pop_uidl.c pop_xover.c popper.c \ + maildir.c popper.h version.h + + +EXTRA_DIST = pop3.rfc1081 pop3e.rfc1082 \ + popper.README.release README-FIRST README-KRB4 + + +LDADD = \ + $(LIB_otp) \ + $(LIB_krb5) \ + $(LIB_krb4) \ + $(LIB_des) \ + $(LIB_roken) \ + $(DBLIB) + +subdir = appl/popper +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = ../../include/config.h +CONFIG_CLEAN_FILES = +libexec_PROGRAMS = popper$(EXEEXT) +noinst_PROGRAMS = pop_debug$(EXEEXT) +PROGRAMS = $(libexec_PROGRAMS) $(noinst_PROGRAMS) + + +DEFS = @DEFS@ -I. -I$(srcdir) -I../../include +CPPFLAGS = @CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +X_CFLAGS = @X_CFLAGS@ +X_LIBS = @X_LIBS@ +X_EXTRA_LIBS = @X_EXTRA_LIBS@ +X_PRE_LIBS = @X_PRE_LIBS@ +pop_debug_SOURCES = pop_debug.c +pop_debug_OBJECTS = pop_debug.$(OBJEXT) +pop_debug_LDADD = $(LDADD) +@KRB5_FALSE@pop_debug_DEPENDENCIES = +@KRB5_TRUE@pop_debug_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +pop_debug_LDFLAGS = +am_popper_OBJECTS = pop_dele.$(OBJEXT) pop_dropcopy.$(OBJEXT) \ +pop_dropinfo.$(OBJEXT) pop_get_command.$(OBJEXT) pop_init.$(OBJEXT) \ +pop_last.$(OBJEXT) pop_list.$(OBJEXT) pop_log.$(OBJEXT) \ +pop_msg.$(OBJEXT) pop_parse.$(OBJEXT) pop_pass.$(OBJEXT) \ +pop_quit.$(OBJEXT) pop_rset.$(OBJEXT) pop_send.$(OBJEXT) \ +pop_stat.$(OBJEXT) pop_updt.$(OBJEXT) pop_user.$(OBJEXT) \ +pop_uidl.$(OBJEXT) pop_xover.$(OBJEXT) popper.$(OBJEXT) \ +maildir.$(OBJEXT) +popper_OBJECTS = $(am_popper_OBJECTS) +popper_LDADD = $(LDADD) +@KRB5_FALSE@popper_DEPENDENCIES = +@KRB5_TRUE@popper_DEPENDENCIES = $(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +popper_LDFLAGS = +COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CFLAGS = @CFLAGS@ +CCLD = $(CC) +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +DIST_SOURCES = pop_debug.c $(popper_SOURCES) +depcomp = +DIST_COMMON = README ChangeLog Makefile.am Makefile.in + + +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + +GZIP_ENV = --best +SOURCES = pop_debug.c $(popper_SOURCES) +OBJECTS = pop_debug.$(OBJEXT) $(am_popper_OBJECTS) + +all: all-redirect +.SUFFIXES: +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj +$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common + cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/popper/Makefile + +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) \ + && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status + + +mostlyclean-libexecPROGRAMS: + +clean-libexecPROGRAMS: + -test -z "$(libexec_PROGRAMS)" || rm -f $(libexec_PROGRAMS) + +distclean-libexecPROGRAMS: + +maintainer-clean-libexecPROGRAMS: + +install-libexecPROGRAMS: $(libexec_PROGRAMS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(libexecdir) + @list='$(libexec_PROGRAMS)'; for p in $$list; do \ + if test -f $$p; then \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f"; \ + $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(libexecdir)/$$f; \ + else :; fi; \ + done + +uninstall-libexecPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(libexec_PROGRAMS)'; for p in $$list; do \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " rm -f $(DESTDIR)$(libexecdir)/$$f"; \ + rm -f $(DESTDIR)$(libexecdir)/$$f; \ + done + +mostlyclean-noinstPROGRAMS: + +clean-noinstPROGRAMS: + -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS) + +distclean-noinstPROGRAMS: + +maintainer-clean-noinstPROGRAMS: + +mostlyclean-compile: + -rm -f *.o core *.core + -rm -f *.$(OBJEXT) + +clean-compile: + +distclean-compile: + -rm -f *.tab.c + +maintainer-clean-compile: + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + +maintainer-clean-libtool: + +pop_debug$(EXEEXT): $(pop_debug_OBJECTS) $(pop_debug_DEPENDENCIES) + @rm -f pop_debug$(EXEEXT) + $(LINK) $(pop_debug_LDFLAGS) $(pop_debug_OBJECTS) $(pop_debug_LDADD) $(LIBS) + +popper$(EXEEXT): $(popper_OBJECTS) $(popper_DEPENDENCIES) + @rm -f popper$(EXEEXT) + $(LINK) $(popper_LDFLAGS) $(popper_OBJECTS) $(popper_LDADD) $(LIBS) +.c.o: + $(COMPILE) -c $< +.c.obj: + $(COMPILE) -c `cygpath -w $<` +.c.lo: + $(LTCOMPILE) -c -o $@ $< + +tags: TAGS + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique $(LISP) + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ + || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) + +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + +mostlyclean-tags: + +clean-tags: + +distclean-tags: + -rm -f TAGS ID + +maintainer-clean-tags: + +distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) + +distdir: $(DISTFILES) + @for file in $(DISTFILES); do \ + d=$(srcdir); \ + if test -d $$d/$$file; then \ + cp -pR $$d/$$file $(distdir) \ + || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook +info-am: +info: info-am +dvi-am: +dvi: dvi-am +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-local +check: check-am +installcheck-am: +installcheck: installcheck-am +install-exec-am: install-libexecPROGRAMS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook +install-exec: install-exec-am + +install-data-am: install-data-local +install-data: install-data-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am +install: install-am +uninstall-am: uninstall-libexecPROGRAMS +uninstall: uninstall-am +all-am: Makefile $(PROGRAMS) all-local +all-redirect: all-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install +installdirs: + $(mkinstalldirs) $(DESTDIR)$(libexecdir) + + +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f config.cache config.log stamp-h stamp-h[0-9]* + +maintainer-clean-generic: + -rm -f Makefile.in +mostlyclean-am: mostlyclean-libexecPROGRAMS mostlyclean-noinstPROGRAMS \ + mostlyclean-compile mostlyclean-libtool \ + mostlyclean-tags mostlyclean-generic + +mostlyclean: mostlyclean-am + +clean-am: clean-libexecPROGRAMS clean-noinstPROGRAMS clean-compile \ + clean-libtool clean-tags clean-generic mostlyclean-am + +clean: clean-am + +distclean-am: distclean-libexecPROGRAMS distclean-noinstPROGRAMS \ + distclean-compile distclean-libtool distclean-tags \ + distclean-generic clean-am + -rm -f libtool + +distclean: distclean-am + +maintainer-clean-am: maintainer-clean-libexecPROGRAMS \ + maintainer-clean-noinstPROGRAMS \ + maintainer-clean-compile maintainer-clean-libtool \ + maintainer-clean-tags maintainer-clean-generic \ + distclean-am + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." + +maintainer-clean: maintainer-clean-am + +.PHONY: mostlyclean-libexecPROGRAMS distclean-libexecPROGRAMS \ +clean-libexecPROGRAMS maintainer-clean-libexecPROGRAMS \ +uninstall-libexecPROGRAMS install-libexecPROGRAMS \ +mostlyclean-noinstPROGRAMS distclean-noinstPROGRAMS \ +clean-noinstPROGRAMS maintainer-clean-noinstPROGRAMS \ +mostlyclean-compile distclean-compile clean-compile \ +maintainer-clean-compile mostlyclean-libtool distclean-libtool \ +clean-libtool maintainer-clean-libtool tags mostlyclean-tags \ +distclean-tags clean-tags maintainer-clean-tags distdir info-am info \ +dvi-am dvi check-local check check-am installcheck-am installcheck \ +install-exec-am install-exec install-data-local install-data-am \ +install-data install-am install uninstall-am uninstall all-local \ +all-redirect all-am all install-strip installdirs mostlyclean-generic \ +distclean-generic clean-generic maintainer-clean-generic clean \ +mostlyclean distclean maintainer-clean + + +install-suid-programs: + @foo='$(bin_SUIDS)'; \ + for file in $$foo; do \ + x=$(DESTDIR)$(bindir)/$$file; \ + if chown 0:0 $$x && chmod u+s $$x; then :; else \ + echo "*"; \ + echo "* Failed to install $$x setuid root"; \ + echo "*"; \ + fi; done + +install-exec-hook: install-suid-programs + +install-build-headers:: $(include_HEADERS) $(build_HEADERZ) + @foo='$(include_HEADERS) $(build_HEADERZ)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done + +all-local: install-build-headers +#NROFF_MAN = nroff -man +.1.cat1: + $(NROFF_MAN) $< > $@ +.3.cat3: + $(NROFF_MAN) $< > $@ +.5.cat5: + $(NROFF_MAN) $< > $@ +.8.cat8: + $(NROFF_MAN) $< > $@ + +dist-cat1-mans: + @foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat3-mans: + @foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat5-mans: + @foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat8-mans: + @foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans + +install-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +install-data-local: install-cat-mans + +.et.h: + $(COMPILE_ET) $< +.et.c: + $(COMPILE_ET) $< + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ + +check-local:: + @foo='$(CHECK_LOCAL)'; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if ./$$i --version > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0; \ + fi + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/crypto/heimdal/appl/popper/README b/crypto/heimdal/appl/popper/README new file mode 100644 index 0000000..0735fdd --- /dev/null +++ b/crypto/heimdal/appl/popper/README @@ -0,0 +1,381 @@ +@(#)@(#)README 2.6 2.6 4/2/91 + + +The Post Office Protocol Server: Installation Guide + + + +Introduction + +The Post Office Protocol server runs on a variety of Unix[1] computers +to manage electronic mail for Macintosh and MS-DOS computers. The +server was developed at the University of California at Berkeley and +conforms fully to the specifications in RFC 1081[2] and RFC 1082[3]. +The Berkeley server also has extensions to send electronic mail on +behalf of a client. + +This guide explains how to install the POP server on your Unix +computer. It assumes that you are not only familiar with Unix but also +capable of performing Unix system administration. + + +How to Obtain the Server + +The POP server is available via anonymous ftp from ftp.CC.Berkeley.EDU +(128.32.136.9, 128.32.206.12). It is in two files in the pub directory: +a compressed tar file popper-version.tar.Z and a Macintosh StuffIt archive +in BinHex format called MacPOP.sit.hqx. + + +Contents of the Distribution + +The distribution contains the following: + ++ All of the C source necessary to create the server program. + ++ A visual representation of how the POP system works. + ++ Reprints of RFC 1081 and RFC 1082. + ++ A HyperCard stack POP client implementation using MacTCP. + ++ A man page for the popper daemon. + ++ This guide. + + +Compatibility + +The Berkeley POP server has been successfully tested on the following +Unix operating systems: + ++ Berkeley Systems Distribution 4.3 + ++ Sun Microsystems Operating System versions 3.5 and 4.0 + ++ Ultrix version 2.3 + +The following POP clients operate correctly with the Berkeley POP server: + ++ The Berkeley HyperMail HyperCard stack for the Apple Macintosh + (distributed with the server). + ++ The Stanford University Macintosh Internet Protocol MacMH program. + ++ The Stanford University Personal Computer Internet Protocol MH + program. + ++ The mh version 6.0 programs for Unix. + + +Support + +The Berkeley POP server is not officially supported and is without any +warranty, explicit or implied. However, we are interested in your +experiences using the server. Bugs, comments and suggestions should be +sent electronically to netinfo@garnet.Berkeley.EDU. + + +Operational Characteristics + +The POP Transaction Cycle + +The Berkeley POP server is a single program (called popper) that is +launched by inetd when it gets a service request on the POP TCP port. +(The official port number specified in RFC 1081 for POP version 3 is +port 110. However, some POP3 clients attempt to contact the server at +port 109, the POP version 2 port. Unless you are running both POP2 and +POP3 servers, you can simply define both ports for use by the POP3 +server. This is explained in the installation instructions later on.) +The popper program initializes and verifies that the peer IP address is +registered in the local domain, logging a warning message when a +connection is made to a client whose IP address does not have a +canonical name. For systems using BSD 4.3 bind, it also checks to see +if a cannonical name lookup for the client returns the same peer IP +address, logging a warning message if it does not. The the server +enters the authorization state, during which the client must correctly +identify itself by providing a valid Unix userid and password on the +server's host machine. No other exchanges are allowed during this +state (other than a request to quit.) If authentication fails, a +warning message is logged and the session ends. Once the user is +identified, popper changes its user and group ids to match that of the +user and enters the transaction state. The server makes a temporary +copy of the user's maildrop (ordinarily in /usr/spool/mail) which is +used for all subsequent transactions. These include the bulk of POP +commands to retrieve mail, delete mail, undelete mail, and so forth. A +Berkeley extension also allows the user to submit a mail parcel to the +server who mails it using the sendmail program (this extension is +supported in the HyperMail client distributed with the server). When +the client quits, the server enters the final update state during which +the network connection is terminated and the user's maildrop is updated +with the (possibly) modified temporary maildrop. + + +Logging + +The POP server uses syslog to keep a record of its activities. On +systems with BSD 4.3 syslogging, the server logs (by default) to the +"local0" facility at priority "notice" for all messages except +debugging which is logged at priority "debug". The default log file is +/usr/spool/mqueue/POPlog. These can be changed, if desired. On +systems with 4.2 syslogging all messages are logged to the local log +file, usually /usr/spool/mqueue/syslog. + +Problems + +If the filesystem which holds the /usr/spool/mail fills up users will +experience difficulties. The filesystem must have enough space to hold +(approximately) two copies of the largest mail box. Popper (v1.81 and +above) is designed to be robust in the face of this problem, but you may +end up with a situation where some of the user's mail is in + + /usr/spool/mail/.userid.pop + +and some of the mail is in + + /usr/spool/mail/userid + +If this happens the System Administrator should clear enough disk space +so that the filesystem has at least as much free disk as both mailboxes +hold and probably a little more. Then the user should initiate a POP +session, and do nothing but quit. If the POP session ends without an +error the user can then use POP or another mail program to clean up his/her +mailbox. + +Alternatively, the System Administrator can combine the two files (but +popper will do this for you if there is enough disk space). + + +Debugging + +The popper program will log debugging information when the -d parameter +is specified after its invocation in the inetd.conf file. Care should +be exercised in using this option since it generates considerable +output in the syslog file. Alternatively, the "-t <file-name>" option +will place debugging information into file "<file-name>" using fprintf +instead of syslog. (To enable debugging, you must edit the Makefile +to add -DDEBUG to the compiler options.) + +For SunOS version 3.5, the popper program is launched by inetd from +/etc/servers. This file does not allow you to specify command line +arguments. Therefore, if you want to enable debugging, you can specify +a shell script in /etc/servers to be launched instead of popper and in +this script call popper with the desired arguments. + + +Installation + +1. Examine this file for the latest information, warnings, etc. + +2. Check the Makefile for conformity with your system. + +3. Issue the make command in the directory containing the popper + source. + +4. Issue the make install command in the directory containing the + popper source to copy the program to /usr/etc. + +5. Enable syslogging: + + + For systems with 4.3 syslogging: + + Add the following line to the /etc/syslog.conf file: + + local0.notice;local0.debug /usr/spool/mqueue/POPlog + + Create the empty file /usr/spool/mqueue/POPlog. + + Kill and restart the syslogd daemon. + + + For systems with 4.2 syslogging: + + Be sure that you are logging messages of priority 7 and higher. + For example: + + 7/usr/spool/mqueue/syslog + 9/dev/null + +6. Update /etc/services: + + Add the following line to the /etc/services file: + + pop 110/tcp + + Note: This is the official port number for version 3 of the + Post Office Protocol as defined in RFC 1081. However, some + POP3 clients use port 109, the port number for the previous + version (2) of POP. Therefore you may also want to add the + following line to the /etc/services file: + + pop2 109/tcp + + For Sun systems running yp, also do the following: + + + Change to the /var/yp directory. + + + Issue the make services command. + +7. Update the inetd daemon configuration. Include the second line ONLY if you + are running the server at both ports. + + + On BSD 4.3 and SunOS 4.0 systems, add the following line to the + /etc/inetd.conf file: + + pop stream tcp nowait root /usr/etc/popper popper + pop2 stream tcp nowait root /usr/etc/popper popper + + + On Ultrix systems, add the following line to the + /etc/inetd.conf file: + + pop stream tcp nowait /usr/etc/popper popper + pop2 stream tcp nowait /usr/etc/popper popper + + + On SunOS 3.5 systems, add the following line to the + /etc/servers file: + + pop tcp /usr/etc/popper + pop2 tcp /usr/etc/popper + + Kill and restart the inetd daemon. + +You can confirm that the POP server is running on Unix by telneting to +port 110 (or 109 if you set it up that way). For example: + +%telnet myhost 110 +Trying... +Connected to myhost.berkeley.edu. +Escape character is '^]'. ++OK UCB Pop server (version 1.6) at myhost starting. +quit +Connection closed by foreign host. + + +Release Notes + +1.83 Make sure that everything we do as root is non-destructive. + +1.82 Make the /usr/spool/mail/.userid.pop file owned by the user rather + than owned by root. + +1.81 There were two versions of 1.7 floating around, 1.7b4 and 1.7b5. + The difference is that 1.7b5 attempted to save disk space on + /usr/spool/mail by deleting the users permanent maildrop after + making the temporary copy. Unfortunately, if compiled with + -DDEBUG, this version could easily wipe out a users' mail file. + This is now fixed. + + This version also fixes a security hole for systems that have + /usr/spool/mail writeable by all users. + + With this version we go to all new SCCS IDs for all files. This + is unfortunate, and we hope it is not too much of a problem. + + Thanks to Steve Dorner of UIUC for pointing out the major problem. + +1.7 Extensive re-write of the maildrop processing code contributed by + Viktor Dukhovni <viktor@math.princeton.edu> that greatly reduces the + possibility that the maildrop can be corrupted as the result of + simultaneous access by two or more processes. + + Added "pop_dropcopy" module to create a temporary maildrop from + the existing, standard maildrop as root before the setuid and + setgid for the user is done. This allows the temporary maildrop + to be created in a mail spool area that is not world read-writable. + + This version does *not* send the sendmail "From " delimiter line + in response to a TOP or RETR command. + + Encased all debugging code in #ifdef DEBUG constructs. This code can + be included by specifying the DEGUG compiler flag. Note: You still + need to use the -d or -t option to obtain debugging output. + +1.6 Corrects a bug that causes the server to crash on SunOS + 4.0 systems. + + Uses varargs and vsprintf (if available) in pop_log and + pop_msg. This is enabled by the "HAVE_VSPRINTF" + compiler flag. + + For systems with BSD 4.3 bind, performs a cannonical + name lookup and searches the returned address(es) for + the client's address, logging a warning message if it + is not located. This is enabled by the "BIND43" + comiler flag. + + Removed all the includes from popper.h and distributed + them throughout the porgrams files, as needed. + + Reformatted the source to convert tabs to spaces and + shorten lines for display on 80-column terminals. + +1.5 Creates the temporary maildrop with mode "600" and + immediately unlinks it. + + Uses client's IP address in lieu of a canonical name if + the latter cannot be obtained. + + Added "-t <file-name>" option. The presence of this + option causes debugging output to be placed in the file + "file-name" using fprintf instead of the system log + file using syslog. + + Corrected maildrop parsing problem. + +1.4 Copies user's mail into a temporary maildrop on which + all subsequent activity is performed. + + Added "pop_log" function and replaced "syslog" calls + throughout the code with it. + +1.3 Corrected updating of Status: header line. + + Added strncasecmp for systems that do not have one. + Used strncasecmp in all appropriate places. This is + enabled by the STRNCASECMP compiler flag. + +1.2 Support for version 4.2 syslogging added. This is + enabled by the SYSLOG42 compiler flag. + +1.1 Several bugs fixed. + +1.0 Original version. + + +Limitations + ++ The POP server copies the user's entire maildrop to /tmp and + then operates on that copy. If the maildrop is particularly + large, or inadequate space is available in /tmp, then the + server will refuse to continue and terminate the connection. + ++ Simultaneous modification of a single maildrop can result in + confusing results. For example, manipulating messages in a + maildrop using the Unix /usr/ucb/mail command while a copy of + it is being processed by the POP server can cause the changes + made by one program to be lost when the other terminates. This + problem is being worked on and will be fixed in a later + release. + + +Credits + +The POP server was written by Edward Moy and Austin Shelton with +contributions from Robert Campbell (U.C. Berkeley) and Viktor Dukhovni +(Princeton University). Edward Moy wrote the HyperMail stack and drew +the POP operation diagram. This installation guide was written by +Austin Shelton. + + +Footnotes + +[1] Copyright (c) 1990 Regents of the University of California. + All rights reserved. The Berkeley software License Agreement + specifies the terms and conditions for redistribution. Unix is + a registered trademark of AT&T corporation. HyperCard and + Macintosh are registered trademarks of Apple Corporation. + +[2] M. Rose, Post Office Protocol - Version 3. RFC 1081, NIC, + November 1988. + +[3] M. Rose, Post Office Protocol - Version 3 Extended Service + Offerings. RFC 1082, NIC, November 1988. diff --git a/crypto/heimdal/appl/popper/README-FIRST b/crypto/heimdal/appl/popper/README-FIRST new file mode 100644 index 0000000..3d78fb6 --- /dev/null +++ b/crypto/heimdal/appl/popper/README-FIRST @@ -0,0 +1,11 @@ +This kerberized popper was based on popper-1.831beta +which was later announced as "offical" and not beta. + +This program is able to talk both the pop3 and the kpop3 protocol. + +Please note that the server principal is pop.hostname and not +rcmd.hostname. I.e an additional entry is needed in your mailhub's +/etc/srvtab. Use ksrvutil to add the extra prinicpal. + +The server is usually started from inetd and there is already an entry +for that in inetd.conf.changes. diff --git a/crypto/heimdal/appl/popper/README-KRB4 b/crypto/heimdal/appl/popper/README-KRB4 new file mode 100644 index 0000000..f029cf9 --- /dev/null +++ b/crypto/heimdal/appl/popper/README-KRB4 @@ -0,0 +1,3 @@ +Define KERBEROS if you want support for Kerberos V4 style +authentification, then you will be able to start a kerberise pop with +the `-k' flag. diff --git a/crypto/heimdal/appl/popper/maildir.c b/crypto/heimdal/appl/popper/maildir.c new file mode 100644 index 0000000..4c9a441 --- /dev/null +++ b/crypto/heimdal/appl/popper/maildir.c @@ -0,0 +1,216 @@ +/* + * Copyright (c) 1998 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <popper.h> +#include <dirent.h> +RCSID("$Id: maildir.c,v 1.5 1999/12/02 16:58:33 joda Exp $"); + +static void +make_path(POP *p, MsgInfoList *mp, int new, char *buf, size_t len) +{ + snprintf(buf, len, "%s/%s%s%s", p->drop_name, + new ? "new" : "cur", mp ? "/" : "", mp ? mp->name : ""); +} + +static int +scan_file(POP *p, MsgInfoList *mp) +{ + char path[MAXDROPLEN]; + FILE *f; + char buf[1024]; + int eoh = 0; + + make_path(p, mp, mp->flags & NEW_FLAG, path, sizeof(path)); + f = fopen(path, "r"); + + if(f == NULL) { +#ifdef DEBUG + if(p->debug) + pop_log(p, POP_DEBUG, + "Failed to open message file `%s': %s", + path, strerror(errno)); +#endif + return pop_msg (p, POP_FAILURE, + "Failed to open message file `%s'", path); + } + while(fgets(buf, sizeof(buf), f)) { + if(buf[strlen(buf) - 1] == '\n') + mp->lines++; + mp->length += strlen(buf); + if(eoh) + continue; + if(strcmp(buf, "\n") == 0) + eoh = 1; + parse_header(mp, buf); + } + fclose(f); + return add_missing_headers(p, mp); +} + +static int +scan_dir(POP *p, int new) +{ + char tmp[MAXDROPLEN]; + DIR *dir; + struct dirent *dent; + MsgInfoList *mp = p->mlp; + int n_mp = p->msg_count; + int e; + + make_path(p, NULL, new, tmp, sizeof(tmp)); + mkdir(tmp, 0700); + dir = opendir(tmp); + while((dent = readdir(dir)) != NULL) { + if(strcmp(dent->d_name, ".") == 0 || strcmp(dent->d_name, "..") == 0) + continue; + mp = realloc(mp, (n_mp + 1) * sizeof(*mp)); + if(mp == NULL) { + p->msg_count = 0; + return pop_msg (p, POP_FAILURE, + "Can't build message list for '%s': Out of memory", + p->user); + } + memset(mp + n_mp, 0, sizeof(*mp)); + mp[n_mp].name = strdup(dent->d_name); + if(mp[n_mp].name == NULL) { + p->msg_count = 0; + return pop_msg (p, POP_FAILURE, + "Can't build message list for '%s': Out of memory", + p->user); + } + mp[n_mp].number = n_mp + 1; + mp[n_mp].flags = 0; + if(new) + mp[n_mp].flags |= NEW_FLAG; + e = scan_file(p, &mp[n_mp]); + if(e != POP_SUCCESS) + return e; + p->drop_size += mp[n_mp].length; + n_mp++; + } + closedir(dir); + p->mlp = mp; + p->msg_count = n_mp; + return POP_SUCCESS; +} + +int +pop_maildir_info(POP *p) +{ + int e; + + p->temp_drop[0] = '\0'; + p->mlp = NULL; + p->msg_count = 0; + + e = scan_dir(p, 0); + if(e != POP_SUCCESS) return e; + + e = scan_dir(p, 1); + if(e != POP_SUCCESS) return e; + return POP_SUCCESS; +} + +int +pop_maildir_update(POP *p) +{ + int i; + char tmp1[MAXDROPLEN], tmp2[MAXDROPLEN]; + for(i = 0; i < p->msg_count; i++) { + make_path(p, &p->mlp[i], p->mlp[i].flags & NEW_FLAG, + tmp1, sizeof(tmp1)); + if(p->mlp[i].flags & DEL_FLAG) { +#ifdef DEBUG + if(p->debug) + pop_log(p, POP_DEBUG, "Removing `%s'", tmp1); +#endif + if(unlink(tmp1) < 0) { +#ifdef DEBUG + if(p->debug) + pop_log(p, POP_DEBUG, "Failed to remove `%s': %s", + tmp1, strerror(errno)); +#endif + /* return failure? */ + } + } else if((p->mlp[i].flags & NEW_FLAG) && + (p->mlp[i].flags & RETR_FLAG)) { + make_path(p, &p->mlp[i], 0, tmp2, sizeof(tmp2)); +#ifdef DEBUG + if(p->debug) + pop_log(p, POP_DEBUG, "Linking `%s' to `%s'", tmp1, tmp2); +#endif + if(link(tmp1, tmp2) == 0) { +#ifdef DEBUG + if(p->debug) + pop_log(p, POP_DEBUG, "Removing `%s'", tmp1); +#endif + if(unlink(tmp1) < 0) { +#ifdef DEBUG + if(p->debug) + pop_log(p, POP_DEBUG, "Failed to remove `%s'", tmp1); +#endif + /* return failure? */ + } + } else { + if(errno == EXDEV) { +#ifdef DEBUG + if(p->debug) + pop_log(p, POP_DEBUG, "Trying to rename `%s' to `%s'", + tmp1, tmp2); +#endif + if(rename(tmp1, tmp2) < 0) { +#ifdef DEBUG + if(p->debug) + pop_log(p, POP_DEBUG, "Failed to rename `%s' to `%s'", + tmp1, tmp2); +#endif + } + } + } + } + } + return(pop_quit(p)); +} + +int +pop_maildir_open(POP *p, MsgInfoList *mp) +{ + char tmp[MAXDROPLEN]; + make_path(p, mp, mp->flags & NEW_FLAG, tmp, sizeof(tmp)); + if(p->drop) + fclose(p->drop); + p->drop = fopen(tmp, "r"); + if(p->drop == NULL) + return pop_msg(p, POP_FAILURE, "Failed to open message file"); + return POP_SUCCESS; +} diff --git a/crypto/heimdal/appl/popper/pop3.rfc1081 b/crypto/heimdal/appl/popper/pop3.rfc1081 new file mode 100644 index 0000000..08ea6dd --- /dev/null +++ b/crypto/heimdal/appl/popper/pop3.rfc1081 @@ -0,0 +1,898 @@ + + + + + + +Network Working Group M. Rose +Request for Comments: 1081 TWG + November 1988 + + Post Office Protocol - Version 3 + + +Status of this Memo + + This memo suggests a simple method for workstations to dynamically + access mail from a mailbox server. This RFC specifies a proposed + protocol for the Internet community, and requests discussion and + suggestions for improvements. Distribution of this memo is + unlimited. + + This memo is based on RFC 918 (since revised as RFC 937). Although + similar in form to the original Post Office Protocol (POP) proposed + for the Internet community, the protocol discussed in this memo is + similar in spirit to the ideas investigated by the MZnet project at + the University of California, Irvine. + + Further, substantial work was done on examining POP in a PC-based + environment. This work, which resulted in additional functionality + in this protocol, was performed by the ACIS Networking Systems Group + at Stanford University. The author gratefully acknowledges their + interest. + +Introduction + + On certain types of smaller nodes in the Internet it is often + impractical to maintain a message transport system (MTS). For + example, a workstation may not have sufficient resources (cycles, + disk space) in order to permit a SMTP server and associated local + mail delivery system to be kept resident and continuously running. + Similarly, it may be expensive (or impossible) to keep a personal + computer interconnected to an IP-style network for long amounts of + time (the node is lacking the resource known as "connectivity"). + + Despite this, it is often very useful to be able to manage mail on + these smaller nodes, and they often support a user agent (UA) to aid + the tasks of mail handling. To solve this problem, a node which can + support an MTS entity offers a maildrop service to these less endowed + nodes. The Post Office Protocol - Version 3 (POP3) is intended to + permit a workstation to dynamically access a maildrop on a server + host in a useful fashion. Usually, this means that the POP3 is used + to allow a workstation to retrieve mail that the server is holding + for it. + + + + +Rose [Page 1] + +RFC 1081 POP3 November 1988 + + + For the remainder of this memo, the term "client host" refers to a + host making use of the POP3 service, while the term "server host" + refers to a host which offers the POP3 service. + +A Short Digression + + This memo does not specify how a client host enters mail into the + transport system, although a method consistent with the philosophy of + this memo is presented here: + + When the user agent on a client host wishes to enter a message + into the transport system, it establishes an SMTP connection to + its relay host (this relay host could be, but need not be, the + POP3 server host for the client host). + + If this method is followed, then the client host appears to the MTS + as a user agent, and should NOT be regarded as a "trusted" MTS entity + in any sense whatsoever. This concept, along with the role of the + POP3 as a part of a split-UA model is discussed later in this memo. + + Initially, the server host starts the POP3 service by listening on + TCP port 110. When a client host wishes to make use of the service, + it establishes a TCP connection with the server host. When the + connection is established, the POP3 server sends a greeting. The + client and POP3 server then exchange commands and responses + (respectively) until the connection is closed or aborted. + + Commands in the POP3 consist of a keyword possibly followed by an + argument. All commands are terminated by a CRLF pair. + + Responses in the POP3 consist of a success indicator and a keyword + possibly followed by additional information. All responses are + terminated by a CRLF pair. There are currently two success + indicators: positive ("+OK") and negative ("-ERR"). + + Responses to certain commands are multi-line. In these cases, which + are clearly indicated below, after sending the first line of the + response and a CRLF, any additional lines are sent, each terminated + by a CRLF pair. When all lines of the response have been sent, a + final line is sent, consisting of a termination octet (decimal code + 046, ".") and a CRLF pair. If any line of the multi-line response + begins with the termination octet, the line is "byte-stuffed" by + pre-pending the termination octet to that line of the response. + Hence a multi-line response is terminated with the five octets + "CRLF.CRLF". When examining a multi-line response, the client checks + to see if the line begins with the termination octet. If so and if + octets other than CRLF follow, the the first octet of the line (the + termination octet) is stripped away. If so and if CRLF immediately + + + +Rose [Page 2] + +RFC 1081 POP3 November 1988 + + + follows the termination character, then the response from the POP + server is ended and the line containing ".CRLF" is not considered + part of the multi-line response. + + A POP3 session progresses through a number of states during its + lifetime. Once the TCP connection has been opened and the POP3 + server has sent the greeting, the session enters the AUTHORIZATION + state. In this state, the client must identify itself to the POP3 + server. Once the client has successfully done this, the server + acquires resources associated with the client's maildrop, and the + session enters the TRANSACTION state. In this state, the client + requests actions on the part of the POP3 server. When the client has + finished its transactions, the session enters the UPDATE state. In + this state, the POP3 server releases any resources acquired during + the TRANSACTION state and says goodbye. The TCP connection is then + closed. + +The AUTHORIZATION State + + Once the TCP connection has been opened by a POP3 client, the POP3 + server issues a one line greeting. This can be any string terminated + by CRLF. An example might be: + + S. +OK dewey POP3 server ready (Comments to: PostMaster@UDEL.EDU) + + Note that this greeting is a POP3 reply. The POP3 server should + always give a positive response as the greeting. + + The POP3 session is now in the AUTHORIZATION state. The client must + now issue the USER command. If the POP3 server responds with a + positive success indicator ("+OK"), then the client may issue either + the PASS command to complete the authorization, or the QUIT command + to terminate the POP3 session. If the POP3 server responds with a + negative success indicator ("-ERR") to the USER command, then the + client may either issue a new USER command or may issue the QUIT + command. + + When the client issues the PASS command, the POP3 server uses the + argument pair from the USER and PASS commands to determine if the + client should be given access to the appropriate maildrop. If so, + the POP3 server then acquires an exclusive-access lock on the + maildrop. If the lock is successfully acquired, the POP3 server + parses the maildrop into individual messages (read note below), + determines the last message (if any) present in the maildrop that was + referenced by the RETR command, and responds with a positive success + indicator. The POP3 session now enters the TRANSACTION state. If + the lock can not be acquired or the client should is denied access to + the appropriate maildrop or the maildrop can't be parsed for some + + + +Rose [Page 3] + +RFC 1081 POP3 November 1988 + + + reason, the POP3 server responds with a negative success indicator. + (If a lock was acquired but the POP3 server intends to respond with a + negative success indicator, the POP3 server must release the lock + prior to rejecting the command.) At this point, the client may + either issue a new USER command and start again, or the client may + issue the QUIT command. + + NOTE: Minimal implementations of the POP3 need only be + able to break a maildrop into its component messages; + they need NOT be able to parse individual messages. + More advanced implementations may wish to have this + capability, for reasons discussed later. + + After the POP3 server has parsed the maildrop into individual + messages, it assigns a message-id to each message, and notes the size + of the message in octets. The first message in the maildrop is + assigned a message-id of "1", the second is assigned "2", and so on, + so that the n'th message in a maildrop is assigned a message-id of + "n". In POP3 commands and responses, all message-id's and message + sizes are expressed in base-10 (i.e., decimal). + + It sets the "highest number accessed" to be that of the last message + referenced by the RETR command. + + Here are summaries for the three POP3 commands discussed thus far: + + USER name + Arguments: a server specific user-id (required) + Restrictions: may only be given in the AUTHORIZATION + state after the POP3 greeting or after an + unsuccessful USER or PASS command + Possible Responses: + +OK name is welcome here + -ERR never heard of name + Examples: + C: USER mrose + S: +OK mrose is a real hoopy frood + ... + C: USER frated + S: -ERR sorry, frated doesn't get his mail here + + PASS string + Arguments: a server/user-id specific password (required) + Restrictions: may only be given in the AUTHORIZATION + state after a successful USER command + Possible Responses: + +OK maildrop locked and ready + -ERR invalid password + + + +Rose [Page 4] + +RFC 1081 POP3 November 1988 + + + -ERR unable to lock maildrop + Examples: + C: USER mrose + S: +OK mrose is a real hoopy frood + C: PASS secret + S: +OK mrose's maildrop has 2 messages + (320 octets) + ... + C: USER mrose + S: +OK mrose is a real hoopy frood + C: PASS secret + S: -ERR unable to lock mrose's maildrop, file + already locked + + QUIT + Arguments: none + Restrictions: none + Possible Responses: + +OK + Examples: + C: QUIT + S: +OK dewey POP3 server signing off + + +The TRANSACTION State + + Once the client has successfully identified itself to the POP3 server + and the POP3 server has locked and burst the appropriate maildrop, + the POP3 session is now in the TRANSACTION state. The client may now + issue any of the following POP3 commands repeatedly. After each + command, the POP3 server issues a response. Eventually, the client + issues the QUIT command and the POP3 session enters the UPDATE state. + + Here are the POP3 commands valid in the TRANSACTION state: + + STAT + Arguments: none + Restrictions: may only be given in the TRANSACTION state. + Discussion: + + The POP3 server issues a positive response with a line + containing information for the maildrop. This line is + called a "drop listing" for that maildrop. + + In order to simplify parsing, all POP3 servers are + required to use a certain format for drop listings. + The first octets present must indicate the number of + messages in the maildrop. Following this is the size + + + +Rose [Page 5] + +RFC 1081 POP3 November 1988 + + + of the maildrop in octets. This memo makes no + requirement on what follows the maildrop size. + Minimal implementations should just end that line of + the response with a CRLF pair. More advanced + implementations may include other information. + + NOTE: This memo STRONGLY discourages + implementations from supplying additional + information in the drop listing. Other, + optional, facilities are discussed later on + which permit the client to parse the messages + in the maildrop. + + Note that messages marked as deleted are not counted in + either total. + + Possible Responses: + +OK nn mm + Examples: + C: STAT + S: +OK 2 320 + + LIST [msg] + Arguments: a message-id (optionally) If a message-id is + given, it may NOT refer to a message marked as + deleted. + Restrictions: may only be given in the TRANSACTION state. + Discussion: + + If an argument was given and the POP3 server issues a + positive response with a line containing information + for that message. This line is called a "scan listing" + for that message. + + If no argument was given and the POP3 server issues a + positive response, then the response given is + multi-line. After the initial +OK, for each message + in the maildrop, the POP3 server responds with a line + containing information for that message. This line + is called a "scan listing" for that message. + + In order to simplify parsing, all POP3 servers are + required to use a certain format for scan listings. + The first octets present must be the message-id of + the message. Following the message-id is the size of + the message in octets. This memo makes no requirement + on what follows the message size in the scan listing. + Minimal implementations should just end that line of + + + +Rose [Page 6] + +RFC 1081 POP3 November 1988 + + + the response with a CRLF pair. More advanced + implementations may include other information, as + parsed from the message. + + NOTE: This memo STRONGLY discourages + implementations from supplying additional + information in the scan listing. Other, optional, + facilities are discussed later on which permit + the client to parse the messages in the maildrop. + + Note that messages marked as deleted are not listed. + + Possible Responses: + +OK scan listing follows + -ERR no such message + Examples: + C: LIST + S: +OK 2 messages (320 octets) + S: 1 120 + S: 2 200 + S: . + ... + C: LIST 2 + S: +OK 2 200 + ... + C: LIST 3 + S: -ERR no such message, only 2 messages in + maildrop + + RETR msg + Arguments: a message-id (required) This message-id may + NOT refer to a message marked as deleted. + Restrictions: may only be given in the TRANSACTION state. + Discussion: + + If the POP3 server issues a positive response, then the + response given is multi-line. After the initial +OK, + the POP3 server sends the message corresponding to the + given message-id, being careful to byte-stuff the + termination character (as with all multi-line + responses). + + If the number associated with this message is higher + than the "highest number accessed" in the maildrop, the + POP3 server updates the "highest number accessed" to + the number associated with this message. + + + + + +Rose [Page 7] + +RFC 1081 POP3 November 1988 + + + Possible Responses: + +OK message follows + -ERR no such message + Examples: + C: RETR 1 + S: +OK 120 octets + S: <the POP3 server sends the entire message here> + S: . + + DELE msg + Arguments: a message-id (required) This message-id + may NOT refer to a message marked as deleted. + Restrictions: may only be given in the TRANSACTION state. + Discussion: + + The POP3 server marks the message as deleted. Any + future reference to the message-id associated with the + message in a POP3 command generates an error. The POP3 + server does not actually delete the message until the + POP3 session enters the UPDATE state. + + If the number associated with this message is higher + than the "highest number accessed" in the maildrop, + the POP3 server updates the "highest number accessed" + to the number associated with this message. + + Possible Responses: + +OK message deleted + -ERR no such message + Examples: + C: DELE 1 + S: +OK message 1 deleted + ... + C: DELE 2 + S: -ERR message 2 already deleted + + NOOP + Arguments: none + Restrictions: may only be given in the TRANSACTION state. + Discussion: + + The POP3 server does nothing, it merely replies with a + positive response. + + Possible Responses: + +OK + + + + + +Rose [Page 8] + +RFC 1081 POP3 November 1988 + + + Examples: + C: NOOP + S: +OK + + LAST + Arguments: none + Restrictions: may only be issued in the TRANSACTION state. + Discussion: + + The POP3 server issues a positive response with a line + containing the highest message number which accessed. + Zero is returned in case no message in the maildrop has + been accessed during previous transactions. A client + may thereafter infer that messages, if any, numbered + greater than the response to the LAST command are + messages not yet accessed by the client. + + Possible Response: + +OK nn + + Examples: + C: STAT + S: +OK 4 320 + C: LAST + S: +OK 1 + C: RETR 3 + S: +OK 120 octets + S: <the POP3 server sends the entire message + here> + S: . + C: LAST + S: +OK 3 + C: DELE 2 + S: +OK message 2 deleted + C: LAST + S: +OK 3 + C: RSET + S: +OK + C: LAST + S: +OK 1 + + RSET + Arguments: none + Restrictions: may only be given in the TRANSACTION + state. + Discussion: + + If any messages have been marked as deleted by the POP3 + + + +Rose [Page 9] + +RFC 1081 POP3 November 1988 + + + server, they are unmarked. The POP3 server then + replies with a positive response. In addition, the + "highest number accessed" is also reset to the value + determined at the beginning of the POP3 session. + + Possible Responses: + +OK + Examples: + C: RSET + S: +OK maildrop has 2 messages (320 octets) + + + +The UPDATE State + + When the client issues the QUIT command from the TRANSACTION state, + the POP3 session enters the UPDATE state. (Note that if the client + issues the QUIT command from the AUTHORIZATION state, the POP3 + session terminates but does NOT enter the UPDATE state.) + + QUIT + Arguments: none + Restrictions: none + Discussion: + + The POP3 server removes all messages marked as deleted + from the maildrop. It then releases the + exclusive-access lock on the maildrop and replies as + to the success of + these operations. The TCP connection is then closed. + + Possible Responses: + +OK + Examples: + C: QUIT + S: +OK dewey POP3 server signing off (maildrop + empty) + ... + C: QUIT + S: +OK dewey POP3 server signing off (2 messages + left) + ... + + +Optional POP3 Commands + + The POP3 commands discussed above must be supported by all minimal + implementations of POP3 servers. + + + +Rose [Page 10] + +RFC 1081 POP3 November 1988 + + + The optional POP3 commands described below permit a POP3 client + greater freedom in message handling, while preserving a simple POP3 + server implementation. + + NOTE: This memo STRONGLY encourages implementations to + support these commands in lieu of developing augmented + drop and scan listings. In short, the philosophy of + this memo is to put intelligence in the part of the + POP3 client and not the POP3 server. + + TOP msg n + Arguments: a message-id (required) and a number. This + message-id may NOT refer to a message marked as + deleted. + Restrictions: may only be given in the TRANSACTION state. + Discussion: + + If the POP3 server issues a positive response, then + the response given is multi-line. After the initial + +OK, the POP3 server sends the headers of the message, + the blank line separating the headers from the body, + and then the number of lines indicated message's body, + being careful to byte-stuff the termination character + (as with all multi-line responses). + + Note that if the number of lines requested by the POP3 + client is greater than than the number of lines in the + body, then the POP3 server sends the entire message. + + Possible Responses: + +OK top of message follows + -ERR no such message + Examples: + C: TOP 10 + S: +OK + S: <the POP3 server sends the headers of the + message, a blank line, and the first 10 lines + of the body of the message> + S: . + ... + C: TOP 100 + S: -ERR no such message + + RPOP user + Arguments: a client specific user-id (required) + Restrictions: may only be given in the AUTHORIZATION + state after a successful USER command; in addition, + may only be given if the client used a reserved + + + +Rose [Page 11] + +RFC 1081 POP3 November 1988 + + + (privileged) TCP port to connect to the server. + Discussion: + + The RPOP command may be used instead of the PASS + command to authenticate access to the maildrop. In + order for this command to be successful, the POP3 + client must use a reserved TCP port (port < 1024) to + connect tothe server. The POP3 server uses the + argument pair from the USER and RPOP commands to + determine if the client should be given access to + the appropriate maildrop. Unlike the PASS command + however, the POP3 server considers if the remote user + specified by the RPOP command who resides on the POP3 + client host is allowed to access the maildrop for the + user specified by the USER command (e.g., on Berkeley + UNIX, the .rhosts mechanism is used). With the + exception of this differing in authentication, this + command is identical to the PASS command. + + Note that the use of this feature has allowed much wider + penetration into numerous hosts on local networks (and + sometimes remote networks) by those who gain illegal + access to computers by guessing passwords or otherwise + breaking into the system. + + Possible Responses: + +OK maildrop locked and ready + -ERR permission denied + Examples: + C: USER mrose + S: +OK mrose is a real hoopy frood + C: RPOP mrose + S: +OK mrose's maildrop has 2 messages (320 + octets) + + Minimal POP3 Commands: + USER name valid in the AUTHORIZATION state + PASS string + QUIT + + STAT valid in the TRANSACTION state + LIST [msg] + RETR msg + DELE msg + NOOP + LAST + RSET + + + + +Rose [Page 12] + +RFC 1081 POP3 November 1988 + + + QUIT valid in the UPDATE state + + Optional POP3 Commands: + RPOP user valid in the AUTHORIZATION state + + TOP msg n valid in the TRANSACTION state + + POP3 Replies: + +OK + -ERR + + Note that with the exception of the STAT command, the reply given + by the POP3 server to any command is significant only to "+OK" + and "-ERR". Any text occurring after this reply may be ignored + by the client. + +Example POP3 Session + + S: <wait for connection on TCP port 110> + ... + C: <open connection> + S: +OK dewey POP3 server ready (Comments to: PostMaster@UDEL.EDU) + C: USER mrose + S: +OK mrose is a real hoopy frood + C: PASS secret + S: +OK mrose's maildrop has 2 messages (320 octets) + C: STAT + S: +OK 2 320 + C: LIST + S: +OK 2 messages (320 octets) + S: 1 120 + S: 2 200 + S: . + C: RETR 1 + S: +OK 120 octets + S: <the POP3 server sends message 1> + S: . + C: DELE 1 + S: +OK message 1 deleted + C: RETR 2 + S: +OK 200 octets + S: <the POP3 server sends message 2> + S: . + C: DELE 2 + S: +OK message 2 deleted + C: QUIT + + + + + +Rose [Page 13] + +RFC 1081 POP3 November 1988 + + + S: +OK dewey POP3 server signing off (maildrop empty) + C: <close connection> + S: <wait for next connection> + +Message Format + + All messages transmitted during a POP3 session are assumed to conform + to the standard for the format of Internet text messages [RFC822]. + + It is important to note that the byte count for a message on the + server host may differ from the octet count assigned to that message + due to local conventions for designating end-of-line. Usually, + during the AUTHORIZATION state of the POP3 session, the POP3 client + can calculate the size of each message in octets when it parses the + maildrop into messages. For example, if the POP3 server host + internally represents end-of-line as a single character, then the + POP3 server simply counts each occurrence of this character in a + message as two octets. Note that lines in the message which start + with the termination octet need not be counted twice, since the POP3 + client will remove all byte-stuffed termination characters when it + receives a multi-line response. + +The POP and the Split-UA model + + The underlying paradigm in which the POP3 functions is that of a + split-UA model. The POP3 client host, being a remote PC based + workstation, acts solely as a client to the message transport system. + It does not provide delivery/authentication services to others. + Hence, it is acting as a UA, on behalf of the person using the + workstation. Furthermore, the workstation uses SMTP to enter mail + into the MTS. + + In this sense, we have two UA functions which interface to the + message transport system: Posting (SMTP) and Retrieval (POP3). The + entity which supports this type of environment is called a split-UA + (since the user agent is split between two hosts which must + interoperate to provide these functions). + + ASIDE: Others might term this a remote-UA instead. + There are arguments supporting the use of both terms. + + This memo has explicitly referenced TCP as the underlying transport + agent for the POP3. This need not be the case. In the MZnet split- + UA, for example, personal micro-computer systems are used which do + not have IP-style networking capability. To connect to the POP3 + server host, a PC establishes a terminal connection using some simple + protocol (PhoneNet). A program on the PC drives the connection, + first establishing a login session as a normal user. The login shell + + + +Rose [Page 14] + +RFC 1081 POP3 November 1988 + + + for this pseudo-user is a program which drives the other half of the + terminal protocol and communicates with one of two servers. Although + MZnet can support several PCs, a single pseudo-user login is present + on the server host. The user-id and password for this pseudo-user + login is known to all members of MZnet. Hence, the first action of + the login shell, after starting the terminal protocol, is to demand a + USER/PASS authorization pair from the PC. This second level of + authorization is used to ascertain who is interacting with the MTS. + Although the server host is deemed to support a "trusted" MTS entity, + PCs in MZnet are not. Naturally, the USER/PASS authorization pair + for a PC is known only to the owner of the PC (in theory, at least). + + After successfully verifying the identity of the client, a modified + SMTP server is started, and the PC posts mail with the server host. + After the QUIT command is given to the SMTP server and it terminates, + a modified POP3 server is started, and the PC retrieves mail from the + server host. After the QUIT command is given to the POP3 server and + it terminates, the login shell for the pseudo-user terminates the + terminal protocol and logs the job out. The PC then closes the + terminal connection to the server host. + + The SMTP server used by MZnet is modified in the sense that it knows + that it's talking to a user agent and not a "trusted" entity in the + message transport system. Hence, it does performs the validation + activities normally performed by an entity in the MTS when it accepts + a message from a UA. + + The POP3 server used by MZnet is modified in the sense that it does + not require a USER/PASS combination before entering the TRANSACTION + state. The reason for this (of course) is that the PC has already + identified itself during the second-level authorization step + described above. + + NOTE: Truth in advertising laws require that the author + of this memo state that MZnet has not actually been + fully implemented. The concepts presented and proven + by the project led to the notion of the MZnet + split-slot model. This notion has inspired the + split-UA concept described in this memo, led to the + author's interest in the POP, and heavily influenced + the the description of the POP3 herein. + + In fact, some UAs present in the Internet already support the notion + of posting directly to an SMTP server and retrieving mail directly + from a POP server, even if the POP server and client resided on the + same host! + + ASIDE: this discussion raises an issue which this memo + + + +Rose [Page 15] + +RFC 1081 POP3 November 1988 + + + purposedly avoids: how does SMTP know that it's talking + to a "trusted" MTS entity? + +References + + [MZnet] Stefferud, E., J. Sweet, and T. Domae, "MZnet: Mail + Service for Personal Micro-Computer Systems", + Proceedings, IFIP 6.5 International Conference on + Computer Message Systems, Nottingham, U.K., May 1984. + + [RFC821] Postel, J., "Simple Mail Transfer Protocol", + USC/Information Sciences Institute, August 1982. + + [RFC822] Crocker, D., "Standard for the Format of ARPA-Internet + Text Messages", University of Delaware, August 1982. + + [RFC937] Butler, M., J. Postel, D. Chase, J. Goldberger, and J. + Reynolds, "Post Office Protocol - Version 2", RFC 937, + USC/Information Sciences Institute, February 1985. + + [RFC1010] Reynolds, J., and J. Postel, "Assigned Numbers", RFC + 1010, USC/Information Sciences Institute, May 1987. + +Author's Address: + + + Marshall Rose + The Wollongong Group + 1129 San Antonio Rd. + Palo Alto, California 94303 + + Phone: (415) 962-7100 + + Email: MRose@TWG.COM + + + + + + + + + + + + + + + + + +Rose [Page 16] diff --git a/crypto/heimdal/appl/popper/pop3e.rfc1082 b/crypto/heimdal/appl/popper/pop3e.rfc1082 new file mode 100644 index 0000000..ac49448 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop3e.rfc1082 @@ -0,0 +1,619 @@ + + + + + + +Network Working Group M. Rose +Request for Comments: 1082 TWG + November 1988 + + + + Post Office Protocol - Version 3 + Extended Service Offerings + +Status of This Memo + + This memo suggests a simple method for workstations to dynamically + access mail from a discussion group server, as an extension to an + earlier memo which dealt with dynamically accessing mail from a + mailbox server using the Post Office Protocol - Version 3 (POP3). + This RFC specifies a proposed protocol for the Internet community, + and requests discussion and suggestions for improvements. All of the + extensions described in this memo to the POP3 are OPTIONAL. + Distribution of this memo is unlimited. + +Introduction and Motivation + + It is assumed that the reader is familiar with RFC 1081 that + discusses the Post Office Protocol - Version 3 (POP3) [RFC1081]. + This memo describes extensions to the POP3 which enhance the service + it offers to clients. This additional service permits a client host + to access discussion group mail, which is often kept in a separate + spool area, using the general POP3 facilities. + + The next section describes the evolution of discussion groups and the + technologies currently used to implement them. To summarize: + + o An exploder is used to map from a single address to + a list of addresses which subscribe to the list, and redirects + any subsequent error reports associated with the delivery of + each message. This has two primary advantages: + - Subscribers need know only a single address + - Responsible parties get the error reports and not + the subscribers + + + + + + + + + + + + +Rose [Page 1] + +RFC 1082 POP3 Extended Service November 1988 + + + o Typically, each subscription address is not a person's private + maildrop, but a system-wide maildrop, which can be accessed + by more than one user. This has several advantages: + - Only a single copy of each message need traverse the + net for a given site (which may contain several local + hosts). This conserves bandwidth and cycles. + - Only a single copy of each message need reside on each + subscribing host. This conserves disk space. + - The private maildrop for each user is not cluttered + with discussion group mail. + + Despite this optimization of resources, further economy can be + achieved at sites with more than one host. Typically, sites with + more than one host either: + + 1. Replicate discussion group mail on each host. This + results in literally gigabytes of disk space committed to + unnecessarily store redundant information. + + 2. Keep discussion group mail on one host and give all users a + login on that host (in addition to any other logins they may + have). This is usually a gross inconvenience for users who + work on other hosts, or a burden to users who are forced to + work on that host. + + As discussed in [RFC1081], the problem of giving workstations dynamic + access to mail from a mailbox server has been explored in great + detail (originally there was [RFC918], this prompted the author to + write [RFC1081], independently of this [RFC918] was upgraded to + [RFC937]). A natural solution to the problem outlined above is to + keep discussion group mail on a mailbox server at each site and + permit different hosts at that site to employ the POP3 to access + discussion group mail. If implemented properly, this avoids the + problems of both strategies outlined above. + + ASIDE: It might be noted that a good distributed filesystem + could also solve this problem. Sadly, "good" + distributed filesystems, which do not suffer + unacceptable response time for interactive use, are + few and far between these days! + + Given this motivation, now let's consider discussion groups, both in + general and from the point of view of a user agent. Following this, + extensions to the POP3 defined in [RFC1081] are presented. Finally, + some additional policy details are discussed along with some initial + experiences. + + + + + +Rose [Page 2] + +RFC 1082 POP3 Extended Service November 1988 + + +What's in a Discussion Group + + Since mailers and user agents first crawled out of the primordial + ARPAnet, the value of discussion groups have been appreciated, + (though their implementation has not always been well-understood). + + Described simply, a discussion group is composed of a number of + subscribers with a common interest. These subscribers post mail to a + single address, known as a distribution address. From this + distribution address, a copy of the message is sent to each + subscriber. Each group has a moderator, which is the person that + administrates the group. The moderator can usually be reached at a + special address, known as a request address. Usually, the + responsibilities of the moderator are quite simple, since the mail + system handles the distribution to subscribers automatically. In + some cases, the interest group, instead of being distributed directly + to its subscribers, is put into a digest format by the moderator and + then sent to the subscribers. Although this requires more work on + the part of the moderator, such groups tend to be better organized. + + Unfortunately, there are a few problems with the scheme outlined + above. First, if two users on the same host subscribe to the same + interest group, two copies of the message get delivered. This is + wasteful of both processor and disk resources. + + Second, some of these groups carry a lot of traffic. Although + subscription to an group does indicate interest on the part of a + subscriber, it is usually not interesting to get 50 messages or so + delivered to the user's private maildrop each day, interspersed with + personal mail, that is likely to be of a much more important and + timely nature. + + Third, if a subscriber on the distribution list for a group becomes + "bad" somehow, the originator of the message and not the moderator of + the group is notified. It is not uncommon for a large list to have + 10 or so bogus addresses present. This results in the originator + being flooded with "error messages" from mailers across the Internet + stating that a given address on the list was bad. Needless to say, + the originator usually could not care less if the bogus addresses got + a copy of the message or not. The originator is merely interested in + posting a message to the group at large. Furthermore, the moderator + of the group does care if there are bogus addresses on the list, but + ironically does not receive notification. + + There are various approaches which can be used to solve some or all + of these problems. Usually these involve placing an exploder agent + at the distribution source of the discussion group, which expands the + name of the group into the list of subscription addresses for the + + + +Rose [Page 3] + +RFC 1082 POP3 Extended Service November 1988 + + + group. In the process, the exploder will also change the address + that receives error notifications to be the request address or other + responsible party. + + A complementary approach, used in order to cut down on resource + utilization of all kinds, replaces all the subscribers at a single + host (or group of hosts under a single administration) with a single + address at that host. This address maps to a file on the host, + usually in a spool area, which all users can access. (Advanced + implementations can also implement private discussion groups this + way, in which a single copy of each message is kept, but is + accessible to only a select number of users on the host.) + + The two approaches can be combined to avoid all of the problems + described above. + + Finally, a third approach can be taken, which can be used to aid user + agents processing mail for the discussion group: In order to speed + querying of the maildrop which contains the local host's copy of the + discussion group, two other items are usually associated with the + discussion group, on a local basis. These are the maxima and the + last-date. Each time a message is received for the group on the + local host, the maxima is increased by at least one. Furthermore, + when a new maxima is generated, the current date is determined. This + is called the last date. As the message is entered into the local + maildrop, it is given the current maxima and last-date. This permits + the user agent to quickly determine if new messages are present in + the maildrop. + + NOTE: The maxima may be characterized as a monotonically + increasing quanity. Although sucessive values of the + maxima need not be consecutive, any maxima assigned + is always greater than any previously assigned value. + +Definition of Terms + + To formalize these notions somewhat, consider the following 7 + parameters which describe a given discussion group from the + perspective of the user agent (the syntax given is from [RFC822]): + + + + + + + + + + + + +Rose [Page 4] + +RFC 1082 POP3 Extended Service November 1988 + + + NAME Meaning: the name of the discussion group + Syntax: TOKEN (ALPHA *[ ALPHA / DIGIT / "-" ]) + (case-insensitive recognition) + Example: unix-wizards + + ALIASES Meaning: alternates names for the group, which + are locally meaningful; these are + typically used to shorten user typein + Syntax: TOKEN (case-insensitive recognition) + Example: uwiz + + ADDRESS Meaning: the primary source of the group + Syntax: 822 address + Example: Unix-Wizards@BRL.MIL + + REQUEST Meaning: the primary moderator of the group + Syntax: 822 address + Example: Unix-Wizards-Request@BRL.MIL + + FLAGS Meaning: locally meaningful flags associated + with the discussion group; this memo + leaves interpretation of this + parameter to each POP3 implementation + Syntax: octal number + Example: 01 + + MAXIMA Meaning: the magic cookie associated with the + last message locally received for the + group; it is the property of the magic + cookie that it's value NEVER + decreases, and increases by at least + one each time a message is locally + received + Syntax: decimal number + Example: 1004 + + LASTDATE Meaning: the date that the last message was + locally received + Syntax: 822 date + Example: Thu, 19 Dec 85 10:26:48 -0800 + + Note that the last two values are locally determined for the maildrop + associated with the discussion group and with each message in that + maildrop. Note however that the last message in the maildrop have a + different MAXIMA and LASTDATE than the discussion group. This often + occurs when the maildrop has been archived. + + + + + +Rose [Page 5] + +RFC 1082 POP3 Extended Service November 1988 + + + Finally, some local systems provide mechanisms for automatically + archiving discussion group mail. In some cases, a two-level archive + scheme is used: current mail is kept in the standard maildrop, + recent mail is kept in an archive maildrop, and older mail is kept + off-line. With this scheme, in addition to having a "standard" + maildrop for each discussion group, an "archive" maildrop may also be + available. This permits a user agent to examine the most recent + archive using the same mechanisms as those used on the current mail. + +The XTND Command + + The following commands are valid only in the TRANSACTION state of the + POP3. This implies that the POP3 server has already opened the + user's maildrop (which may be empty). This maildrop is called the + "default maildrop". The phrase "closes the current maildrop" has two + meanings, depending on whether the current maildrop is the default + maildrop or is a maildrop associated with a discussion group. + + In the former context, when the current maildrop is closed any + messages marked as deleted are removed from the maildrop currently in + use. The exclusive-access lock on the maildrop is then released + along with any implementation-specific resources (e.g., file- + descriptors). + + In the latter context, a maildrop associated with a discussion group + is considered to be read-only to the POP3 client. In this case, the + phrase "closes the current maildrop" merely means that any + implementation-specific resources are released. (Hence, the POP3 + command DELE is a no-op.) + + All the new facilities are introduced via a single POP3 command, + XTND. All positive reponses to the XTND command are multi-line. + + The most common multi-line response to the commands contains a + "discussion group listing" which presents the name of the discussion + group along with it's maxima. In order to simplify parsing all POP3 + servers are required to use a certain format for discussion group + listings: + + NAME SP MAXIMA + + This memo makes no requirement on what follows the maxima in the + listing. Minimal implementations should just end that line of the + response with a CRLF pair. More advanced implementations may include + other information, as parsed from the message. + + NOTE: This memo STRONGLY discourages implementations from + supplying additional information in the listing. + + + +Rose [Page 6] + +RFC 1082 POP3 Extended Service November 1988 + + + XTND BBOARDS [name] + Arguments: the name of a discussion group (optionally) + Restrictions: may only be given in the TRANSACTION state. + Discussion: + + If an argument was given, the POP3 server closes the current + maildrop. The POP3 server then validates the argument as the name of + a discussion group. If this is successful, it opens the maildrop + associated with the group, and returns a multi-line response + containing the discussion group listing. If the discussion group + named is not valid, or the associated archive maildrop is not + readable by the user, then an error response is returned. + + If no argument was given, the POP3 server issues a multi-line + response. After the initial +OK, for each discussion group known, + the POP3 server responds with a line containing the listing for that + discussion group. Note that only world-readable discussion groups + are included in the multi-line response. + + In order to aid user agents, this memo requires an extension to the + scan listing when an "XTND BBOARDS" command has been given. + Normally, a scan listing, as generated by the LIST, takes the form: + + MSGNO SIZE + + where MSGNO is the number of the message being listed and SIZE is the + size of the message in octets. When reading a maildrop accessed via + "XTND BBOARDS", the scan listing takes the form + + MSGNO SIZE MAXIMA + + where MAXIMA is the maxima that was assigned to the message when it + was placed in the BBoard. + + Possible Responses: + +OK XTND + -ERR no such bboard + Examples: + C: XTND BBOARDS + S: +OK XTND + S: system 10 + S: mh-users 100 + S: . + C: XTND BBOARDS system + S: + OK XTND + S: system 10 + S: . + + + + +Rose [Page 7] + +RFC 1082 POP3 Extended Service November 1988 + + + XTND ARCHIVE name + Arguments: the name of a discussion group (required) + Restrictions: may only be given in the TRANSACTION state. + Discussion: + + The POP3 server closes the current maildrop. The POP3 server then + validates the argument as the name of a discussion group. If this is + successful, it opens the archive maildrop associated with the group, + and returns a multi-line response containing the discussion group + listing. If the discussion group named is not valid, or the + associated archive maildrop is not readable by the user, then an + error response is returned. + + In addition, the scan listing generated by the LIST command is + augmented (as described above). + + Possible Responses: + +OK XTND + -ERR no such bboard Examples: + C: XTND ARCHIVE system + S: + OK XTND + S: system 3 + S: . + + XTND X-BBOARDS name + Arguments: the name of a discussion group (required) + Restrictions: may only be given in the TRANSACTION state. + Discussion: + + The POP3 server validates the argument as the name of a + discussion group. If this is unsuccessful, then an error + response is returned. Otherwise a multi-line response is + returned. The first 14 lines of this response (after the + initial +OK) are defined in this memo. Minimal implementations + need not include other information (and may omit certain + information, outputing a bare CRLF pair). More advanced + implementations may include other information. + + Line Information (refer to "Definition of Terms") + ---- ----------- + 1 NAME + 2 ALIASES, separated by SP + 3 system-specific: maildrop + 4 system-specific: archive maildrop + 5 system-specific: information + 6 system-specific: maildrop map + 7 system-specific: encrypted password + 8 system-specific: local leaders, separated by SP + + + +Rose [Page 8] + +RFC 1082 POP3 Extended Service November 1988 + + + 9 ADDRESS + 10 REQUEST + 11 system-specific: incoming feed + 12 system-specific: outgoing feeds + 13 FLAGS SP MAXIMA + 14 LASTDATE + + Most of this information is entirely too specific to the UCI Version + of the Rand MH Message Handling System [MRose85]. Nevertheless, + lines 1, 2, 9, 10, 13, and 14 are of general interest, regardless of + the implementation. + + Possible Responses: + +OK XTND + -ERR no such bboard + Examples: + C: XTND X-BBOARDS system + S: + OK XTND + S: system + S: local general + S: /usr/bboards/system.mbox + S: /usr/bboards/archive/system.mbox + S: /usr/bboards/.system.cnt + S: /usr/bboards/.system.map + S: * + S: mother + S: system@nrtc.northrop.com + S: system-request@nrtc.northrop.com + S: + S: dist-system@nrtc-gremlin.northrop.com + S: 01 10 + S: Thu, 19 Dec 85 00:08:49 -0800 + S: . + +Policy Notes + + Depending on the particular entity administrating the POP3 service + host, two additional policies might be implemented: + + 1. Private Discussion Groups + + In the general case, discussion groups are world-readable, any user, + once logged in (via a terminal, terminal server, or POP3, etc.), is + able to read the maildrop for each discussion group known to the POP3 + service host. Nevertheless, it is desirable, usually for privacy + reasons, to implement private discussion groups as well. + + Support of this is consistent with the extensions outlined in this + + + +Rose [Page 9] + +RFC 1082 POP3 Extended Service November 1988 + + + memo. Once the AUTHORIZATION state has successfully concluded, the + POP3 server grants the user access to exactly those discussion groups + the POP3 service host permits the authenticated user to access. As a + "security" feature, discussion groups associated with unreadable + maildrops should not be listed in a positive response to the XTND + BBOARDS command. + + 2. Anonymous POP3 Users + + In order to minimize the authentication problem, a policy permitting + "anonymous" access to the world-readable maildrops for discussion + groups on the POP3 server may be implemented. + + Support of this is consistent with the extensions outlined in this + memo. The POP3 server can be modified to accept a USER command for a + well-known pseudonym (i.e., "anonymous") which is valid with any PASS + command. As a "security" feature, it is advisable to limit this kind + of access to only hosts at the local site, or to hosts named in an + access list. + +Experiences and Conclusions + + All of the facilities described in this memo and in [RFC1081] have + been implemented in MH #6.1. Initial experiences have been, on the + whole, very positive. + + After the first implementation, some performance tuning was required. + This consisted primarily of caching the datastructures which describe + discussion groups in the POP3 server. A second optimization + pertained to the client: the program most commonly used to read + BBoards in MH was modified to retrieve messages only when needed. + Two schemes are used: + + o If only the headers (and the first few lines of the body) of + the message are required (e.g., for a scan listing), then only + these are retrieved. The resulting output is then cached, on + a per-message basis. + + o If the entire message is required, then it is retrieved intact, + and cached locally. + + With these optimizations, response time is quite adequate when the + POP3 server and client are connected via a high-speed local area + network. In fact, the author uses this mechanism to access certain + private discussion groups over the Internet. In this case, response + is still good. When a 9.6Kbps modem is inserted in the path, + response went from good to almost tolerable (fortunately the author + only reads a few discussion groups in this fashion). + + + +Rose [Page 10] + +RFC 1082 POP3 Extended Service November 1988 + + + To conclude: the POP3 is a good thing, not only for personal mail but + for discussion group mail as well. + + +References + + [RFC1081] Rose, M., "Post Office Protocol - Verison 3 (POP3)", RFC + 1081, TWG, November 1988. + + [MRose85] Rose, M., and J. Romine, "The Rand MH Message Handling + System: User's Manual", University of California, Irvine, + November 1985. + + [RFC822] Crocker, D., "Standard for the Format of ARPA-Internet + Text Messages", RFC 822, University of Delaware, August + 1982. + + [RFC918] Reynolds, J., "Post Office Protocol", RFC 918, + USC/Information Sciences Institute, October 1984. + + [RFC937] Butler, M., J. Postel, D. Chase, J. Goldberger, and J. + Reynolds, "Post Office Protocol - Version 2", RFC 937, + USC/Information Sciences Institute, February 1985. + +Author's Address: + + + Marshall Rose + The Wollongong Group + 1129 San Antonio Rd. + Palo Alto, California 94303 + + Phone: (415) 962-7100 + + Email: MRose@TWG.COM + + + + + + + + + + + + + + + + +Rose [Page 11] + diff --git a/crypto/heimdal/appl/popper/pop_auth.c b/crypto/heimdal/appl/popper/pop_auth.c new file mode 100644 index 0000000..525beaa --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_auth.c @@ -0,0 +1,220 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by the Kungliga Tekniska + * Högskolan and its contributors. + * + * 4. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <popper.h> +#include <base64.h> +RCSID("$Id: pop_auth.c,v 1.2 2000/04/12 15:37:45 assar Exp $"); + +#ifdef KRB4 + +enum { + NO_PROT = 1, + INT_PROT = 2, + PRIV_PROT = 4 +}; + +static int +auth_krb4(POP *p) +{ + int ret; + des_cblock key; + u_int32_t nonce, nonce_reply; + u_int32_t max_client_packet; + int protocols = NO_PROT | INT_PROT | PRIV_PROT; + char data[8]; + int len; + char *s; + char instance[INST_SZ]; + KTEXT_ST authent; + des_key_schedule schedule; + struct passwd *pw; + + /* S -> C: 32 bit nonce in MSB base64 */ + + des_new_random_key(&key); + nonce = (key[0] | (key[1] << 8) | (key[2] << 16) | (key[3] << 24) + | key[4] | (key[5] << 8) | (key[6] << 16) | (key[7] << 24)); + krb_put_int(nonce, data, 4, 8); + len = base64_encode(data, 4, &s); + + pop_msg(p, POP_CONTINUE, "%s", s); + free(s); + + /* C -> S: ticket and authenticator */ + + ret = sch_readline(p->input, &s); + if (ret <= 0 || strcmp (s, "*") == 0) + return pop_msg(p, POP_FAILURE, + "authentication aborted by client"); + len = strlen(s); + if (len > sizeof(authent.dat)) { + return pop_msg(p, POP_FAILURE, "data packet too long"); + } + + authent.length = base64_decode(s, authent.dat); + + k_getsockinst (0, instance, sizeof(instance)); + ret = krb_rd_req(&authent, "pop", instance, + p->in_addr.sin_addr.s_addr, + &p->kdata, NULL); + if (ret != 0) { + return pop_msg(p, POP_FAILURE, "rd_req: %s", + krb_get_err_text(ret)); + } + if (p->kdata.checksum != nonce) { + return pop_msg(p, POP_FAILURE, "data stream modified"); + } + + /* S -> C: nonce + 1 | bit | max segment */ + + krb_put_int(nonce + 1, data, 4, 7); + data[4] = protocols; + krb_put_int(1024, data + 5, 3, 3); /* XXX */ + des_key_sched(&p->kdata.session, schedule); + des_pcbc_encrypt((des_cblock*)data, + (des_cblock*)data, 8, + schedule, + &p->kdata.session, + DES_ENCRYPT); + len = base64_encode(data, 8, &s); + pop_msg(p, POP_CONTINUE, "%s", s); + + free(s); + + /* C -> S: nonce | bit | max segment | username */ + + ret = sch_readline(p->input, &s); + if (ret <= 0 || strcmp (s, "*") == 0) + return pop_msg(p, POP_FAILURE, + "authentication aborted"); + len = strlen(s); + if (len > sizeof(authent.dat)) { + return pop_msg(p, POP_FAILURE, "data packet too long"); + } + + authent.length = base64_decode(s, authent.dat); + + if (authent.length % 8 != 0) { + return pop_msg(p, POP_FAILURE, "reply is not a multiple of 8 bytes"); + } + + des_key_sched(&p->kdata.session, schedule); + des_pcbc_encrypt((des_cblock*)authent.dat, + (des_cblock*)authent.dat, + authent.length, + schedule, + &p->kdata.session, + DES_DECRYPT); + + krb_get_int(authent.dat, &nonce_reply, 4, 0); + if (nonce_reply != nonce) { + return pop_msg(p, POP_FAILURE, "data stream modified"); + } + protocols &= authent.dat[4]; + krb_get_int(authent.dat + 5, &max_client_packet, 3, 0); + if(authent.dat[authent.length - 1] != '\0') { + return pop_msg(p, POP_FAILURE, "bad format of username"); + } + strncpy (p->user, authent.dat + 8, sizeof(p->user)); + pw = k_getpwnam(p->user); + if (pw == NULL) { + return (pop_msg(p,POP_FAILURE, + "Password supplied for \"%s\" is incorrect.", + p->user)); + } + + if (kuserok(&p->kdata, p->user)) { + pop_log(p, POP_PRIORITY, + "%s: (%s.%s@%s) tried to retrieve mail for %s.", + p->client, p->kdata.pname, p->kdata.pinst, + p->kdata.prealm, p->user); + return(pop_msg(p,POP_FAILURE, + "Popping not authorized")); + } + pop_log(p, POP_INFO, "%s: %s.%s@%s -> %s", + p->ipaddr, + p->kdata.pname, p->kdata.pinst, p->kdata.prealm, + p->user); + ret = pop_login(p, pw); + if (protocols & PRIV_PROT) + ; + else if (protocols & INT_PROT) + ; + else + ; + + return ret; +} +#endif /* KRB4 */ + +#ifdef KRB5 +static int +auth_gssapi(POP *p) +{ + +} +#endif /* KRB5 */ + +/* + * auth: RFC1734 + */ + +static struct { + const char *name; + int (*func)(POP *); +} methods[] = { +#ifdef KRB4 + {"KERBEROS_V4", auth_krb4}, +#endif +#ifdef KRB5 + {"GSSAPI", auth_gssapi}, +#endif + {NULL, NULL} +}; + +int +pop_auth (POP *p) +{ + int i; + + for (i = 0; methods[i].name != NULL; ++i) + if (strcasecmp(p->pop_parm[1], methods[i].name) == 0) + return (*methods[i].func)(p); + return pop_msg(p, POP_FAILURE, + "Authentication method %s unknown", p->pop_parm[1]); +} diff --git a/crypto/heimdal/appl/popper/pop_debug.c b/crypto/heimdal/appl/popper/pop_debug.c new file mode 100644 index 0000000..e400278 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_debug.c @@ -0,0 +1,280 @@ +/* + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* Tiny program to help debug popper */ + +#include "popper.h" +RCSID("$Id: pop_debug.c,v 1.21 2001/02/20 01:44:47 assar Exp $"); + +static void +loop(int s) +{ + char cmd[1024]; + char buf[1024]; + fd_set fds; + while(1){ + FD_ZERO(&fds); + FD_SET(0, &fds); + FD_SET(s, &fds); + if(select(s+1, &fds, 0, 0, 0) < 0) + err(1, "select"); + if(FD_ISSET(0, &fds)){ + fgets(cmd, sizeof(cmd), stdin); + cmd[strlen(cmd) - 1] = '\0'; + strlcat (cmd, "\r\n", sizeof(cmd)); + write(s, cmd, strlen(cmd)); + } + if(FD_ISSET(s, &fds)){ + int n = read(s, buf, sizeof(buf)); + if(n == 0) + exit(0); + fwrite(buf, n, 1, stdout); + } + } +} + +static int +get_socket (const char *hostname, int port) +{ + int ret; + struct addrinfo *ai, *a; + struct addrinfo hints; + char portstr[NI_MAXSERV]; + + memset (&hints, 0, sizeof(hints)); + hints.ai_socktype = SOCK_STREAM; + snprintf (portstr, sizeof(portstr), "%d", ntohs(port)); + ret = getaddrinfo (hostname, portstr, &hints, &ai); + if (ret) + errx (1, "getaddrinfo %s: %s", hostname, gai_strerror (ret)); + + for (a = ai; a != NULL; a = a->ai_next) { + int s; + + s = socket (a->ai_family, a->ai_socktype, a->ai_protocol); + if (s < 0) + continue; + if (connect (s, a->ai_addr, a->ai_addrlen) < 0) { + close (s); + continue; + } + freeaddrinfo (ai); + return s; + } + err (1, "failed to connect to %s", hostname); +} + +#ifdef KRB4 +static int +doit_v4 (char *host, int port) +{ + KTEXT_ST ticket; + MSG_DAT msg_data; + CREDENTIALS cred; + des_key_schedule sched; + int ret; + int s = get_socket (host, port); + + ret = krb_sendauth(0, + s, + &ticket, + "pop", + host, + krb_realmofhost(host), + getpid(), + &msg_data, + &cred, + sched, + NULL, + NULL, + "KPOPV0.1"); + if(ret) { + warnx("krb_sendauth: %s", krb_get_err_text(ret)); + return 1; + } + loop(s); + return 0; +} +#endif + +#ifdef KRB5 +static int +doit_v5 (char *host, int port) +{ + krb5_error_code ret; + krb5_context context; + krb5_auth_context auth_context = NULL; + krb5_principal server; + int s = get_socket (host, port); + + ret = krb5_init_context (&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + ret = krb5_sname_to_principal (context, + host, + "pop", + KRB5_NT_SRV_HST, + &server); + if (ret) { + warnx ("krb5_sname_to_principal: %s", + krb5_get_err_text (context, ret)); + return 1; + } + ret = krb5_sendauth (context, + &auth_context, + &s, + "KPOPV1.0", + NULL, + server, + 0, + NULL, + NULL, + NULL, + NULL, + NULL, + NULL); + if (ret) { + warnx ("krb5_sendauth: %s", + krb5_get_err_text (context, ret)); + return 1; + } + loop (s); + return 0; +} +#endif + + +#ifdef KRB4 +static int use_v4 = -1; +#endif +static int use_v5 = -1; +static char *port_str; +static int do_version; +static int do_help; + +struct getargs args[] = { +#ifdef KRB4 + { "krb4", '4', arg_flag, &use_v4, "Use Kerberos V4", + NULL }, +#endif + { "krb5", '5', arg_flag, &use_v5, "Use Kerberos V5", + NULL }, + { "port", 'p', arg_string, &port_str, "Use this port", + "number-or-service" }, + { "version", 0, arg_flag, &do_version, "Print version", + NULL }, + { "help", 0, arg_flag, &do_help, NULL, + NULL } +}; + +static void +usage (int ret) +{ + arg_printusage (args, + sizeof(args) / sizeof(args[0]), + NULL, + "hostname"); + exit (ret); +} + +int +main(int argc, char **argv) +{ + int port = 0; + int ret = 1; + int optind = 0; + + setprogname(argv[0]); + + if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, + &optind)) + usage (1); + + argc -= optind; + argv += optind; + + if (do_help) + usage (0); + + if (do_version) { + print_version (NULL); + return 0; + } + + if (argc < 1) + usage (1); + + if (port_str) { + struct servent *s = roken_getservbyname (port_str, "tcp"); + + if (s) + port = s->s_port; + else { + char *ptr; + + port = strtol (port_str, &ptr, 10); + if (port == 0 && ptr == port_str) + errx (1, "Bad port `%s'", port_str); + port = htons(port); + } + } + if (port == 0) { +#ifdef KRB5 + port = krb5_getportbyname (NULL, "kpop", "tcp", 1109); +#elif defined(KRB4) + port = k_getportbyname ("kpop", "tcp", 1109); +#else +#error must define KRB4 or KRB5 +#endif + } + +#if defined(KRB4) && defined(KRB5) + if(use_v4 == -1 && use_v5 == 1) + use_v4 = 0; + if(use_v5 == -1 && use_v4 == 1) + use_v5 = 0; +#endif + +#ifdef KRB5 + if (ret && use_v5) { + ret = doit_v5 (argv[0], port); + } +#endif +#ifdef KRB4 + if (ret && use_v4) { + ret = doit_v4 (argv[0], port); + } +#endif + return ret; +} diff --git a/crypto/heimdal/appl/popper/pop_dele.c b/crypto/heimdal/appl/popper/pop_dele.c new file mode 100644 index 0000000..f1c2952 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_dele.c @@ -0,0 +1,107 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_dele.c,v 1.10 1999/08/12 11:35:26 joda Exp $"); + +/* + * dele: Delete a message from the POP maildrop + */ +int +pop_dele (POP *p) +{ + MsgInfoList * mp; /* Pointer to message info list */ + int msg_num; + + /* Convert the message number parameter to an integer */ + msg_num = atoi(p->pop_parm[1]); + + /* Is requested message out of range? */ + if ((msg_num < 1) || (msg_num > p->msg_count)) + return (pop_msg (p,POP_FAILURE,"Message %d does not exist.",msg_num)); + + /* Get a pointer to the message in the message list */ + mp = &(p->mlp[msg_num-1]); + + /* Is the message already flagged for deletion? */ + if (mp->flags & DEL_FLAG) + return (pop_msg (p,POP_FAILURE,"Message %d has already been deleted.", + msg_num)); + + /* Flag the message for deletion */ + mp->flags |= DEL_FLAG; + +#ifdef DEBUG + if(p->debug) + pop_log(p, POP_DEBUG, + "Deleting message %u at offset %ld of length %ld\n", + mp->number, mp->offset, mp->length); +#endif /* DEBUG */ + + /* Update the messages_deleted and bytes_deleted counters */ + p->msgs_deleted++; + p->bytes_deleted += mp->length; + + /* Update the last-message-accessed number if it is lower than + the deleted message */ + if (p->last_msg < msg_num) p->last_msg = msg_num; + + return (pop_msg (p,POP_SUCCESS,"Message %d has been deleted.",msg_num)); +} + +#ifdef XDELE +/* delete a range of messages */ +int +pop_xdele(POP *p) +{ + MsgInfoList * mp; /* Pointer to message info list */ + + int msg_min, msg_max; + int i; + + + msg_min = atoi(p->pop_parm[1]); + if(p->parm_count == 1) + msg_max = msg_min; + else + msg_max = atoi(p->pop_parm[2]); + + if (msg_min < 1) + return (pop_msg (p,POP_FAILURE,"Message %d does not exist.",msg_min)); + if(msg_max > p->msg_count) + return (pop_msg (p,POP_FAILURE,"Message %d does not exist.",msg_max)); + for(i = msg_min; i <= msg_max; i++) { + + /* Get a pointer to the message in the message list */ + mp = &(p->mlp[i - 1]); + + /* Is the message already flagged for deletion? */ + if (mp->flags & DEL_FLAG) + continue; /* no point in returning error */ + /* Flag the message for deletion */ + mp->flags |= DEL_FLAG; + +#ifdef DEBUG + if(p->debug) + pop_log(p, POP_DEBUG, + "Deleting message %u at offset %ld of length %ld\n", + mp->number, mp->offset, mp->length); +#endif /* DEBUG */ + + /* Update the messages_deleted and bytes_deleted counters */ + p->msgs_deleted++; + p->bytes_deleted += mp->length; + } + + /* Update the last-message-accessed number if it is lower than + the deleted message */ + if (p->last_msg < msg_max) p->last_msg = msg_max; + + return (pop_msg (p,POP_SUCCESS,"Messages %d-%d has been deleted.", + msg_min, msg_max)); + +} +#endif /* XDELE */ diff --git a/crypto/heimdal/appl/popper/pop_dropcopy.c b/crypto/heimdal/appl/popper/pop_dropcopy.c new file mode 100644 index 0000000..f33cfb0 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_dropcopy.c @@ -0,0 +1,173 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_dropcopy.c,v 1.25 1999/09/16 20:38:49 assar Exp $"); + +/* + * Run as the user in `pwd' + */ + +int +changeuser(POP *p, struct passwd *pwd) +{ + if(setgid(pwd->pw_gid) < 0) { + pop_log (p, POP_PRIORITY, + "Unable to change to gid %u: %s", + (unsigned)pwd->pw_gid, + strerror(errno)); + return pop_msg (p, POP_FAILURE, + "Unable to change gid"); + } + if(setuid(pwd->pw_uid) < 0) { + pop_log (p, POP_PRIORITY, + "Unable to change to uid %u: %s", + (unsigned)pwd->pw_uid, + strerror(errno)); + return pop_msg (p, POP_FAILURE, + "Unable to change uid"); + } +#ifdef DEBUG + if(p->debug) + pop_log(p, POP_DEBUG,"uid = %u, gid = %u", + (unsigned)getuid(), + (unsigned)getgid()); +#endif /* DEBUG */ + return POP_SUCCESS; +} + +/* + * dropcopy: Make a temporary copy of the user's mail drop and + * save a stream pointer for it. + */ + +int +pop_dropcopy(POP *p, struct passwd *pwp) +{ + int mfd; /* File descriptor for + the user's maildrop */ + int dfd; /* File descriptor for + the SERVER maildrop */ + FILE *tf; /* The temp file */ + char template[POP_TMPSIZE]; /* Temp name holder */ + char buffer[BUFSIZ]; /* Read buffer */ + long offset; /* Old/New boundary */ + int nchar; /* Bytes written/read */ + int tf_fd; /* fd for temp file */ + int ret; + + /* Create a temporary maildrop into which to copy the updated maildrop */ + snprintf(p->temp_drop, sizeof(p->temp_drop), POP_DROP,p->user); + +#ifdef DEBUG + if(p->debug) + pop_log(p,POP_DEBUG,"Creating temporary maildrop '%s'", + p->temp_drop); +#endif /* DEBUG */ + + /* Here we work to make sure the user doesn't cause us to remove or + * write over existing files by limiting how much work we do while + * running as root. + */ + + strlcpy(template, POP_TMPDROP, sizeof(template)); + if ((tf_fd = mkstemp(template)) < 0 || + (tf = fdopen(tf_fd, "w+")) == NULL) { + pop_log(p,POP_PRIORITY, + "Unable to create temporary temporary maildrop '%s': %s",template, + strerror(errno)); + return pop_msg(p,POP_FAILURE, + "System error, can't create temporary file."); + } + + /* Now give this file to the user */ + chown(template, pwp->pw_uid, pwp->pw_gid); + chmod(template, 0600); + + /* Now link this file to the temporary maildrop. If this fails it + * is probably because the temporary maildrop already exists. If so, + * this is ok. We can just go on our way, because by the time we try + * to write into the file we will be running as the user. + */ + link(template,p->temp_drop); + fclose(tf); + unlink(template); + + ret = changeuser(p, pwp); + if (ret != POP_SUCCESS) + return ret; + + /* Open for append, this solves the crash recovery problem */ + if ((dfd = open(p->temp_drop,O_RDWR|O_APPEND|O_CREAT,0600)) == -1){ + pop_log(p,POP_PRIORITY, + "Unable to open temporary maildrop '%s': %s",p->temp_drop, + strerror(errno)); + return pop_msg(p,POP_FAILURE, + "System error, can't open temporary file, do you own it?"); + } + + /* Lock the temporary maildrop */ + if ( flock (dfd, (LOCK_EX | LOCK_NB)) == -1 ) + switch(errno) { + case EWOULDBLOCK: + return pop_msg(p,POP_FAILURE, + "Maildrop lock busy! Is another session active?"); + /* NOTREACHED */ + default: + return pop_msg(p,POP_FAILURE,"flock: '%s': %s", p->temp_drop, + strerror(errno)); + /* NOTREACHED */ + } + + /* May have grown or shrunk between open and lock! */ + offset = lseek(dfd,0, SEEK_END); + + /* Open the user's maildrop, If this fails, no harm in assuming empty */ + if ((mfd = open(p->drop_name,O_RDWR)) > 0) { + + /* Lock the maildrop */ + if (flock (mfd, LOCK_EX) == -1) { + close(mfd) ; + return pop_msg(p,POP_FAILURE, "flock: '%s': %s", p->temp_drop, + strerror(errno)); + } + + /* Copy the actual mail drop into the temporary mail drop */ + while ( (nchar=read(mfd,buffer,BUFSIZ)) > 0 ) + if ( nchar != write(dfd,buffer,nchar) ) { + nchar = -1 ; + break ; + } + + if ( nchar != 0 ) { + /* Error adding new mail. Truncate to original size, + and leave the maildrop as is. The user will not + see the new mail until the error goes away. + Should let them process the current backlog, in case + the error is a quota problem requiring deletions! */ + ftruncate(dfd,(int)offset) ; + } else { + /* Mail transferred! Zero the mail drop NOW, that we + do not have to do gymnastics to figure out what's new + and what is old later */ + ftruncate(mfd,0) ; + } + + /* Close the actual mail drop */ + close (mfd); + } + + /* Acquire a stream pointer for the temporary maildrop */ + if ( (p->drop = fdopen(dfd,"a+")) == NULL ) { + close(dfd) ; + return pop_msg(p,POP_FAILURE,"Cannot assign stream for %s", + p->temp_drop); + } + + rewind (p->drop); + + return(POP_SUCCESS); +} diff --git a/crypto/heimdal/appl/popper/pop_dropinfo.c b/crypto/heimdal/appl/popper/pop_dropinfo.c new file mode 100644 index 0000000..71922d2 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_dropinfo.c @@ -0,0 +1,232 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_dropinfo.c,v 1.24 1999/09/16 20:38:49 assar Exp $"); + +#if defined(UIDL) || defined(XOVER) + +/* + * Copy the string found after after : into a malloced buffer. Stop + * copying at end of string or end of line. End of line delimiter is + * not part of the resulting copy. + */ +static +char * +find_value_after_colon(char *p) +{ + char *t, *tmp; + + for (; *p != 0 && *p != ':'; p++) /* Find : */ + ; + + if (*p == 0) + goto error; + + p++; /* Skip over : */ + + for(; *p == ' ' || *p == '\t'; p++) /* Remove white space */ + ; + + for (t = p; *t != 0 && *t != '\n' && *t != '\r'; t++) /* Find end of str */ + ; + + tmp = t = malloc(t - p + 1); + if (tmp == 0) + goto error; + + for (; *p != 0 && *p != '\n' && *p != '\r'; p++, t++) /* Copy characters */ + *t = *p; + *t = 0; /* Terminate string */ + return tmp; + +error: + return "ErrorUIDL"; +} +#endif + +void +parse_header(MsgInfoList *mp, char *buffer) +{ +#if defined(UIDL) || defined(XOVER) + if (strncasecmp("Message-Id:",buffer, 11) == 0) { + if (mp->msg_id == NULL) + mp->msg_id = find_value_after_colon(buffer); + } +#ifdef UIDL + else if (strncasecmp(buffer, "X-UIDL:", 7) == 0) { + /* Courtesy to Qualcomm, there really is no such + thing as X-UIDL */ + mp->msg_id = find_value_after_colon(buffer); + } +#endif +#endif +#ifdef XOVER + else if (strncasecmp("Subject:", buffer, 8) == 0) { + if(mp->subject == NULL){ + char *p; + mp->subject = find_value_after_colon(buffer); + for(p = mp->subject; *p; p++) + if(*p == '\t') *p = ' '; + } + } + else if (strncasecmp("From:", buffer, 5) == 0) { + if(mp->from == NULL){ + char *p; + mp->from = find_value_after_colon(buffer); + for(p = mp->from; *p; p++) + if(*p == '\t') *p = ' '; + } + } + else if (strncasecmp("Date:", buffer, 5) == 0) { + if(mp->date == NULL){ + char *p; + mp->date = find_value_after_colon(buffer); + for(p = mp->date; *p; p++) + if(*p == '\t') *p = ' '; + } + } +#endif +} + +int +add_missing_headers(POP *p, MsgInfoList *mp) +{ +#if defined(UIDL) || defined(XOVER) + if (mp->msg_id == NULL) { + asprintf(&mp->msg_id, "no-message-id-%d", mp->number); + if(mp->msg_id == NULL) { + fclose (p->drop); + p->msg_count = 0; + return pop_msg (p,POP_FAILURE, + "Can't build message list for '%s': Out of memory", + p->user); + } + } +#endif +#ifdef XOVER + if (mp->subject == NULL) + mp->subject = "<none>"; + if (mp->from == NULL) + mp->from = "<unknown>"; + if (mp->date == NULL) + mp->date = "<unknown>"; +#endif + return POP_SUCCESS; +} + +/* + * dropinfo: Extract information about the POP maildrop and store + * it for use by the other POP routines. + */ + +int +pop_dropinfo(POP *p) +{ + char buffer[BUFSIZ]; /* Read buffer */ + MsgInfoList * mp; /* Pointer to message + info list */ + int msg_num; /* Current message + counter */ + int nchar; /* Bytes written/read */ + int blank_line = 1; /* previous line was blank */ + int in_header = 0; /* if we are in a header block */ + + /* Initialize maildrop status variables in the POP parameter block */ + p->msg_count = 0; + p->msgs_deleted = 0; + p->last_msg = 0; + p->bytes_deleted = 0; + p->drop_size = 0; + + /* Allocate memory for message information structures */ + p->msg_count = ALLOC_MSGS; + p->mlp = (MsgInfoList *)calloc((unsigned)p->msg_count,sizeof(MsgInfoList)); + if (p->mlp == NULL){ + fclose (p->drop); + p->msg_count = 0; + return pop_msg (p,POP_FAILURE, + "Can't build message list for '%s': Out of memory", p->user); + } + + rewind (p->drop); + + /* Scan the file, loading the message information list with + information about each message */ + + for (msg_num = p->drop_size = 0, mp = p->mlp - 1; + fgets(buffer,MAXMSGLINELEN,p->drop);) { + + nchar = strlen(buffer); + + if (blank_line && strncmp(buffer,"From ",5) == 0) { + in_header = 1; + if (++msg_num > p->msg_count) { + p->mlp=(MsgInfoList *) realloc(p->mlp, + (p->msg_count+=ALLOC_MSGS)*sizeof(MsgInfoList)); + if (p->mlp == NULL){ + fclose (p->drop); + p->msg_count = 0; + return pop_msg (p,POP_FAILURE, + "Can't build message list for '%s': Out of memory", + p->user); + } + mp = p->mlp + msg_num - 2; + } + ++mp; + mp->number = msg_num; + mp->length = 0; + mp->lines = 0; + mp->offset = ftell(p->drop) - nchar; + mp->flags = 0; +#if defined(UIDL) || defined(XOVER) + mp->msg_id = 0; +#endif +#ifdef XOVER + mp->subject = 0; + mp->from = 0; + mp->date = 0; +#endif +#ifdef DEBUG + if(p->debug) + pop_log(p, POP_DEBUG, + "Msg %d at offset %ld being added to list", + mp->number, mp->offset); +#endif /* DEBUG */ + } else if(in_header) + parse_header(mp, buffer); + blank_line = (strncmp(buffer, "\n", nchar) == 0); + if(blank_line) { + int e; + in_header = 0; + e = add_missing_headers(p, mp); + if(e != POP_SUCCESS) + return e; + } + mp->length += nchar; + p->drop_size += nchar; + mp->lines++; + } + p->msg_count = msg_num; + +#ifdef DEBUG + if(p->debug && msg_num > 0) { + int i; + for (i = 0, mp = p->mlp; i < p->msg_count; i++, mp++) +#ifdef UIDL + pop_log(p,POP_DEBUG, + "Msg %d at offset %ld is %ld octets long and has %u lines and id %s.", + mp->number,mp->offset,mp->length,mp->lines, mp->msg_id); +#else + pop_log(p,POP_DEBUG, + "Msg %d at offset %d is %d octets long and has %u lines.", + mp->number,mp->offset,mp->length,mp->lines); +#endif + } +#endif /* DEBUG */ + + return(POP_SUCCESS); +} diff --git a/crypto/heimdal/appl/popper/pop_get_command.c b/crypto/heimdal/appl/popper/pop_get_command.c new file mode 100644 index 0000000..e43c1d9 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_get_command.c @@ -0,0 +1,118 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_get_command.c,v 1.15 1999/09/16 20:38:49 assar Exp $"); + +/* + * get_command: Extract the command from an input line form a POP client + */ + +static state_table states[] = { + {auth1, "user", 1, 1, pop_user, {auth1, auth2}}, + {auth2, "pass", 1, 99, pop_pass, {auth1, trans}}, +#ifdef RPOP + {auth2, "rpop", 1, 1, pop_rpop, {auth1, trans}}, +#endif /* RPOP */ + {auth1, "quit", 0, 0, pop_quit, {halt, halt}}, + {auth2, "quit", 0, 0, pop_quit, {halt, halt}}, + {trans, "stat", 0, 0, pop_stat, {trans, trans}}, + {trans, "list", 0, 1, pop_list, {trans, trans}}, + {trans, "retr", 1, 1, pop_send, {trans, trans}}, + {trans, "dele", 1, 1, pop_dele, {trans, trans}}, + {trans, "noop", 0, 0, NULL, {trans, trans}}, + {trans, "rset", 0, 0, pop_rset, {trans, trans}}, + {trans, "top", 2, 2, pop_send, {trans, trans}}, + {trans, "last", 0, 0, pop_last, {trans, trans}}, + {trans, "quit", 0, 0, pop_updt, {halt, halt}}, + {trans, "help", 0, 0, pop_help, {trans, trans}}, +#ifdef UIDL + {trans, "uidl", 0, 1, pop_uidl, {trans, trans}}, +#endif +#ifdef XOVER + {trans, "xover", 0, 0, pop_xover, {trans, trans}}, +#endif +#ifdef XDELE + {trans, "xdele", 1, 2, pop_xdele, {trans, trans}}, +#endif + {(state) 0, NULL, 0, 0, NULL, {halt, halt}}, +}; + +state_table * +pop_get_command(POP *p, char *mp) +{ + state_table * s; + char buf[MAXMSGLINELEN]; + + /* Save a copy of the original client line */ +#ifdef DEBUG + if(p->debug) strlcpy (buf, mp, sizeof(buf)); +#endif /* DEBUG */ + + /* Parse the message into the parameter array */ + if ((p->parm_count = pop_parse(p,mp)) < 0) return(NULL); + + /* Do not log cleartext passwords */ +#ifdef DEBUG + if(p->debug){ + if(strcmp(p->pop_command,"pass") == 0) + pop_log(p,POP_DEBUG,"Received: \"%s xxxxxxxxx\"",p->pop_command); + else { + /* Remove trailing <LF> */ + buf[strlen(buf)-2] = '\0'; + pop_log(p,POP_DEBUG,"Received: \"%s\"",buf); + } + } +#endif /* DEBUG */ + + /* Search for the POP command in the command/state table */ + for (s = states; s->command; s++) { + + /* Is this a valid command for the current operating state? */ + if (strcmp(s->command,p->pop_command) == 0 + && s->ValidCurrentState == p->CurrentState) { + + /* Were too few parameters passed to the command? */ + if (p->parm_count < s->min_parms) { + pop_msg(p,POP_FAILURE, + "Too few arguments for the %s command.", + p->pop_command); + return NULL; + } + + /* Were too many parameters passed to the command? */ + if (p->parm_count > s->max_parms) { + pop_msg(p,POP_FAILURE, + "Too many arguments for the %s command.", + p->pop_command); + return NULL; + } + + /* Return a pointer to the entry for this command in + the command/state table */ + return (s); + } + } + /* The client command was not located in the command/state table */ + pop_msg(p,POP_FAILURE, + "Unknown command: \"%s\".",p->pop_command); + return NULL; +} + +int +pop_help (POP *p) +{ + state_table *s; + + pop_msg(p, POP_SUCCESS, "help"); + + for (s = states; s->command; s++) { + fprintf (p->output, "%s\r\n", s->command); + } + fprintf (p->output, ".\r\n"); + fflush (p->output); + return POP_SUCCESS; +} diff --git a/crypto/heimdal/appl/popper/pop_init.c b/crypto/heimdal/appl/popper/pop_init.c new file mode 100644 index 0000000..7487ce6 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_init.c @@ -0,0 +1,398 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_init.c,v 1.58 2001/02/20 01:44:47 assar Exp $"); + + +#if defined(KRB4) || defined(KRB5) + +static int +pop_net_read(POP *p, int fd, void *buf, size_t len) +{ +#ifdef KRB5 + return krb5_net_read(p->context, &fd, buf, len); +#elif defined(KRB4) + return krb_net_read(fd, buf, len); +#endif +} +#endif + +static char *addr_log; + +static void +pop_write_addr(POP *p, struct sockaddr *addr) +{ + char ts[32]; + char as[128]; + time_t t; + FILE *f; + if(addr_log == NULL) + return; + t = time(NULL); + strftime(ts, sizeof(ts), "%Y%m%d%H%M%S", localtime(&t)); + if(inet_ntop (addr->sa_family, socket_get_address(addr), + as, sizeof(as)) == NULL) { + pop_log(p, POP_PRIORITY, "failed to print address"); + return; + } + + f = fopen(addr_log, "a"); + if(f == NULL) { + pop_log(p, POP_PRIORITY, "failed to open address log (%s)", addr_log); + return; + } + fprintf(f, "%s %s\n", as, ts); + fclose(f); +} + +#ifdef KRB4 +static int +krb4_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr) +{ + Key_schedule schedule; + KTEXT_ST ticket; + char instance[INST_SZ]; + char version[9]; + int auth; + + if (memcmp (buf, KRB_SENDAUTH_VERS, 4) != 0) + return -1; + if (pop_net_read (p, s, buf + 4, + KRB_SENDAUTH_VLEN - 4) != KRB_SENDAUTH_VLEN - 4) + return -1; + if (memcmp (buf, KRB_SENDAUTH_VERS, KRB_SENDAUTH_VLEN) != 0) + return -1; + + k_getsockinst (0, instance, sizeof(instance)); + auth = krb_recvauth(KOPT_IGNORE_PROTOCOL, + s, + &ticket, + "pop", + instance, + (struct sockaddr_in *)addr, + (struct sockaddr_in *) NULL, + &p->kdata, + "", + schedule, + version); + + if (auth != KSUCCESS) { + pop_msg(p, POP_FAILURE, "Kerberos authentication failure: %s", + krb_get_err_text(auth)); + pop_log(p, POP_PRIORITY, "%s: (%s.%s@%s) %s", p->client, + p->kdata.pname, p->kdata.pinst, p->kdata.prealm, + krb_get_err_text(auth)); + return -1; + } + +#ifdef DEBUG + pop_log(p, POP_DEBUG, "%s.%s@%s (%s): ok", p->kdata.pname, + p->kdata.pinst, p->kdata.prealm, p->ipaddr); +#endif /* DEBUG */ + return 0; +} +#endif /* KRB4 */ + +#ifdef KRB5 +static int +krb5_authenticate (POP *p, int s, u_char *buf, struct sockaddr *addr) +{ + krb5_error_code ret; + krb5_auth_context auth_context = NULL; + u_int32_t len; + krb5_ticket *ticket; + char *server; + + if (memcmp (buf, "\x00\x00\x00\x13", 4) != 0) + return -1; + len = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | (buf[3]); + + if (krb5_net_read(p->context, &s, buf, len) != len) + return -1; + if (len != sizeof(KRB5_SENDAUTH_VERSION) + || memcmp (buf, KRB5_SENDAUTH_VERSION, len) != 0) + return -1; + + ret = krb5_recvauth (p->context, + &auth_context, + &s, + "KPOPV1.0", + NULL, /* let rd_req figure out what server to use */ + KRB5_RECVAUTH_IGNORE_VERSION, + NULL, + &ticket); + if (ret) { + pop_log(p, POP_PRIORITY, "krb5_recvauth: %s", + krb5_get_err_text(p->context, ret)); + return -1; + } + + + ret = krb5_unparse_name(p->context, ticket->server, &server); + if(ret) { + pop_log(p, POP_PRIORITY, "krb5_unparse_name: %s", + krb5_get_err_text(p->context, ret)); + ret = -1; + goto out; + } + /* does this make sense? */ + if(strncmp(server, "pop/", 4) != 0) { + pop_log(p, POP_PRIORITY, + "Got ticket for service `%s'", server); + ret = -1; + goto out; + } else if(p->debug) + pop_log(p, POP_DEBUG, + "Accepted ticket for service `%s'", server); + free(server); + out: + krb5_auth_con_free (p->context, auth_context); + krb5_copy_principal (p->context, ticket->client, &p->principal); + krb5_free_ticket (p->context, ticket); + + return ret; +} +#endif + +static int +krb_authenticate(POP *p, struct sockaddr *addr) +{ +#if defined(KRB4) || defined(KRB5) + u_char buf[BUFSIZ]; + + if (pop_net_read (p, 0, buf, 4) != 4) { + pop_msg(p, POP_FAILURE, "Reading four bytes: %s", + strerror(errno)); + exit (1); + } +#ifdef KRB4 + if (krb4_authenticate (p, 0, buf, addr) == 0){ + pop_write_addr(p, addr); + p->version = 4; + return POP_SUCCESS; + } +#endif +#ifdef KRB5 + if (krb5_authenticate (p, 0, buf, addr) == 0){ + pop_write_addr(p, addr); + p->version = 5; + return POP_SUCCESS; + } +#endif + exit (1); + +#endif /* defined(KRB4) || defined(KRB5) */ + + return(POP_SUCCESS); +} + +static int +plain_authenticate (POP *p, struct sockaddr *addr) +{ + return(POP_SUCCESS); +} + +static int kerberos_flag; +static char *auth_str; +static int debug_flag; +static int interactive_flag; +static char *port_str; +static char *trace_file; +static int timeout; +static int help_flag; +static int version_flag; + +static struct getargs args[] = { +#if defined(KRB4) || defined(KRB5) + { "kerberos", 'k', arg_flag, &kerberos_flag, "use kerberos" }, +#endif + { "auth-mode", 'a', arg_string, &auth_str, "required authentication" }, + { "debug", 'd', arg_flag, &debug_flag }, + { "interactive", 'i', arg_flag, &interactive_flag, "create new socket" }, + { "port", 'p', arg_string, &port_str, "port to listen to", "port" }, + { "trace-file", 't', arg_string, &trace_file, "trace all command to file", "file" }, + { "timeout", 'T', arg_integer, &timeout, "timeout", "seconds" }, + { "address-log", 0, arg_string, &addr_log, "enable address log", "file" }, + { "help", 'h', arg_flag, &help_flag }, + { "version", 'v', arg_flag, &version_flag } +}; + +static int num_args = sizeof(args) / sizeof(args[0]); + +/* + * init: Start a Post Office Protocol session + */ + +static int +pop_getportbyname(POP *p, const char *service, + const char *proto, short def) +{ +#ifdef KRB5 + return krb5_getportbyname(p->context, service, proto, def); +#elif defined(KRB4) + return k_getportbyname(service, proto, htons(def)); +#else + return htons(default); +#endif +} + +int +pop_init(POP *p,int argcount,char **argmessage) +{ + struct sockaddr_storage cs_ss; + struct sockaddr *cs = (struct sockaddr *)&cs_ss; + socklen_t len; + char * trace_file_name = "/tmp/popper-trace"; + int portnum = 0; + int optind = 0; + int error; + + /* Initialize the POP parameter block */ + memset (p, 0, sizeof(POP)); + + setprogname(argmessage[0]); + + /* Save my name in a global variable */ + p->myname = (char*)getprogname(); + + /* Get the name of our host */ + gethostname(p->myhost,MaxHostNameLen); + +#ifdef KRB5 + { + krb5_error_code ret; + + ret = krb5_init_context (&p->context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + + krb5_openlog(p->context, p->myname, &p->logf); + krb5_set_warn_dest(p->context, p->logf); + } +#else + /* Open the log file */ + roken_openlog(p->myname,POP_LOGOPTS,POP_FACILITY); +#endif + + p->auth_level = AUTH_NONE; + + if(getarg(args, num_args, argcount, argmessage, &optind)){ + arg_printusage(args, num_args, NULL, ""); + exit(1); + } + if(help_flag){ + arg_printusage(args, num_args, NULL, ""); + exit(0); + } + if(version_flag){ + print_version(NULL); + exit(0); + } + + argcount -= optind; + argmessage += optind; + + if (argcount != 0) { + arg_printusage(args, num_args, NULL, ""); + exit(1); + } + + if(auth_str){ + if (strcmp (auth_str, "none") == 0) + p->auth_level = AUTH_NONE; + else if(strcmp(auth_str, "otp") == 0) + p->auth_level = AUTH_OTP; + else + warnx ("bad value for -a: %s", optarg); + } + /* Debugging requested */ + p->debug = debug_flag; + + if(port_str) + portnum = htons(atoi(port_str)); + if(trace_file){ + p->debug++; + if ((p->trace = fopen(trace_file, "a+")) == NULL) { + pop_log(p, POP_PRIORITY, + "Unable to open trace file \"%s\", err = %d", + optarg,errno); + exit (1); + } + trace_file_name = trace_file; + } + +#if defined(KRB4) || defined(KRB5) + p->kerberosp = kerberos_flag; +#endif + + if(timeout) + pop_timeout = timeout; + + /* Fake inetd */ + if (interactive_flag) { + if (portnum == 0) + portnum = p->kerberosp ? + pop_getportbyname(p, "kpop", "tcp", 1109) : + pop_getportbyname(p, "pop", "tcp", 110); + mini_inetd (portnum); + } + + /* Get the address and socket of the client to whom I am speaking */ + len = sizeof(cs_ss); + if (getpeername(STDIN_FILENO, cs, &len) < 0) { + pop_log(p,POP_PRIORITY, + "Unable to obtain socket and address of client, err = %d",errno); + exit (1); + } + + /* Save the dotted decimal form of the client's IP address + in the POP parameter block */ + inet_ntop (cs->sa_family, socket_get_address (cs), + p->ipaddr, sizeof(p->ipaddr)); + + /* Save the client's port */ + p->ipport = ntohs(socket_get_port (cs)); + + /* Get the canonical name of the host to whom I am speaking */ + error = getnameinfo_verified (cs, len, p->client, sizeof(p->client), + NULL, 0, 0); + if (error) { + pop_log (p, POP_PRIORITY, + "getnameinfo: %s", gai_strerror (error)); + strlcpy (p->client, p->ipaddr, sizeof(p->client)); + } + + /* Create input file stream for TCP/IP communication */ + if ((p->input = fdopen(STDIN_FILENO,"r")) == NULL){ + pop_log(p,POP_PRIORITY, + "Unable to open communication stream for input, err = %d",errno); + exit (1); + } + + /* Create output file stream for TCP/IP communication */ + if ((p->output = fdopen(STDOUT_FILENO,"w")) == NULL){ + pop_log(p,POP_PRIORITY, + "Unable to open communication stream for output, err = %d",errno); + exit (1); + } + + pop_log(p,POP_PRIORITY, + "(v%s) Servicing request from \"%s\" at %s\n", + VERSION,p->client,p->ipaddr); + +#ifdef DEBUG + if (p->trace) + pop_log(p,POP_PRIORITY, + "Tracing session and debugging information in file \"%s\"", + trace_file_name); + else if (p->debug) + pop_log(p,POP_PRIORITY,"Debugging turned on"); +#endif /* DEBUG */ + + + return((p->kerberosp ? krb_authenticate : plain_authenticate)(p, cs)); +} diff --git a/crypto/heimdal/appl/popper/pop_last.c b/crypto/heimdal/appl/popper/pop_last.c new file mode 100644 index 0000000..36fdd0d --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_last.c @@ -0,0 +1,18 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_last.c,v 1.6 1996/10/28 16:25:28 assar Exp $"); + +/* + * last: Display the last message touched in a POP session + */ + +int +pop_last (POP *p) +{ + return (pop_msg(p,POP_SUCCESS,"%u is the last message seen.",p->last_msg)); +} diff --git a/crypto/heimdal/appl/popper/pop_list.c b/crypto/heimdal/appl/popper/pop_list.c new file mode 100644 index 0000000..aa7666a --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_list.c @@ -0,0 +1,59 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_list.c,v 1.10 1998/04/23 17:37:47 joda Exp $"); + +/* + * list: List the contents of a POP maildrop + */ + +int +pop_list (POP *p) +{ + MsgInfoList * mp; /* Pointer to message info list */ + int i; + int msg_num; + + /* Was a message number provided? */ + if (p->parm_count > 0) { + msg_num = atoi(p->pop_parm[1]); + + /* Is requested message out of range? */ + if ((msg_num < 1) || (msg_num > p->msg_count)) + return (pop_msg (p,POP_FAILURE, + "Message %d does not exist.",msg_num)); + + /* Get a pointer to the message in the message list */ + mp = &p->mlp[msg_num-1]; + + /* Is the message already flagged for deletion? */ + if (mp->flags & DEL_FLAG) + return (pop_msg (p,POP_FAILURE, + "Message %d has been deleted.",msg_num)); + + /* Display message information */ + return (pop_msg(p,POP_SUCCESS,"%d %ld",msg_num,mp->length)); + } + + /* Display the entire list of messages */ + pop_msg(p,POP_SUCCESS, + "%d messages (%ld octets)", + p->msg_count-p->msgs_deleted, + p->drop_size-p->bytes_deleted); + + /* Loop through the message information list. Skip deleted messages */ + for (i = p->msg_count, mp = p->mlp; i > 0; i--, mp++) { + if (!(mp->flags & DEL_FLAG)) + fprintf(p->output,"%u %lu\r\n",mp->number,mp->length); + } + + /* "." signals the end of a multi-line transmission */ + fprintf(p->output,".\r\n"); + fflush(p->output); + + return(POP_SUCCESS); +} diff --git a/crypto/heimdal/appl/popper/pop_log.c b/crypto/heimdal/appl/popper/pop_log.c new file mode 100644 index 0000000..deb9841 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_log.c @@ -0,0 +1,36 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_log.c,v 1.13 1997/10/14 21:59:07 joda Exp $"); + +/* + * log: Make a log entry + */ + +int +pop_log(POP *p, int stat, char *format, ...) +{ + char msgbuf[MAXLINELEN]; + va_list ap; + + va_start(ap, format); + vsnprintf(msgbuf, sizeof(msgbuf), format, ap); + + if (p->debug && p->trace) { + fprintf(p->trace,"%s\n",msgbuf); + fflush(p->trace); + } else { +#ifdef KRB5 + krb5_log(p->context, p->logf, stat, "%s", msgbuf); +#else + syslog (stat,"%s",msgbuf); +#endif + } + va_end(ap); + + return(stat); +} diff --git a/crypto/heimdal/appl/popper/pop_msg.c b/crypto/heimdal/appl/popper/pop_msg.c new file mode 100644 index 0000000..12887a4 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_msg.c @@ -0,0 +1,57 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_msg.c,v 1.16 1999/09/16 20:38:50 assar Exp $"); + +/* + * msg: Send a formatted line to the POP client + */ + +int +pop_msg(POP *p, int stat, char *format, ...) +{ + char *mp; + char message[MAXLINELEN]; + va_list ap; + + va_start(ap, format); + + /* Point to the message buffer */ + mp = message; + + /* Format the POP status code at the beginning of the message */ + snprintf (mp, sizeof(message), "%s ", + (stat == POP_SUCCESS) ? POP_OK : POP_ERR); + + /* Point past the POP status indicator in the message message */ + mp += strlen(mp); + + /* Append the message (formatted, if necessary) */ + if (format) + vsnprintf (mp, sizeof(message) - strlen(message), + format, ap); + + /* Log the message if debugging is turned on */ +#ifdef DEBUG + if (p->debug && stat == POP_SUCCESS) + pop_log(p,POP_DEBUG,"%s",message); +#endif /* DEBUG */ + + /* Log the message if a failure occurred */ + if (stat != POP_SUCCESS) + pop_log(p,POP_PRIORITY,"%s",message); + + /* Append the <CR><LF> */ + strlcat(message, "\r\n", sizeof(message)); + + /* Send the message to the client */ + fputs(message, p->output); + fflush(p->output); + + va_end(ap); + return(stat); +} diff --git a/crypto/heimdal/appl/popper/pop_parse.c b/crypto/heimdal/appl/popper/pop_parse.c new file mode 100644 index 0000000..37aef36 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_parse.c @@ -0,0 +1,55 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_parse.c,v 1.9 1999/03/13 21:17:27 assar Exp $"); + +/* + * parse: Parse a raw input line from a POP client + * into null-delimited tokens + */ + +int +pop_parse(POP *p, char *buf) +{ + char * mp; + int i; + + /* Loop through the POP command array */ + for (mp = buf, i = 0; ; i++) { + + /* Skip leading spaces and tabs in the message */ + while (isspace((unsigned char)*mp))mp++; + + /* Are we at the end of the message? */ + if (*mp == 0) break; + + /* Have we already obtained the maximum allowable parameters? */ + if (i >= MAXPARMCOUNT) { + pop_msg(p,POP_FAILURE,"Too many arguments supplied."); + return(-1); + } + + /* Point to the start of the token */ + p->pop_parm[i] = mp; + + /* Search for the first space character (end of the token) */ + while (!isspace((unsigned char)*mp) && *mp) mp++; + + /* Delimit the token with a null */ + if (*mp) *mp++ = 0; + } + + /* Were any parameters passed at all? */ + if (i == 0) return (-1); + + /* Convert the first token (POP command) to lower case */ + strlwr(p->pop_command); + + /* Return the number of tokens extracted minus the command itself */ + return (i-1); + +} diff --git a/crypto/heimdal/appl/popper/pop_pass.c b/crypto/heimdal/appl/popper/pop_pass.c new file mode 100644 index 0000000..cebd780 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_pass.c @@ -0,0 +1,220 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_pass.c,v 1.41 2000/04/12 15:37:46 assar Exp $"); + +#ifdef KRB4 +static int +krb4_verify_password (POP *p) +{ + int status; + char lrealm[REALM_SZ]; + char tkt[MaxPathLen]; + + status = krb_get_lrealm(lrealm,1); + if (status == KFAILURE) { + pop_log(p, POP_PRIORITY, "%s: (%s.%s@%s) %s", p->client, + p->kdata.pname, p->kdata.pinst, p->kdata.prealm, + krb_get_err_text(status)); + return 1; + } + snprintf(tkt, sizeof(tkt), "%s_popper.%u", TKT_ROOT, (unsigned)getpid()); + krb_set_tkt_string (tkt); + + status = krb_verify_user(p->user, "", lrealm, + p->pop_parm[1], KRB_VERIFY_SECURE, "pop"); + dest_tkt(); /* no point in keeping the tickets */ + return status; +} +#endif /* KRB4 */ + +#ifdef KRB5 +static int +krb5_verify_password (POP *p) +{ + krb5_preauthtype pre_auth_types[] = {KRB5_PADATA_ENC_TIMESTAMP}; + krb5_get_init_creds_opt get_options; + krb5_verify_init_creds_opt verify_options; + krb5_error_code ret; + krb5_principal client, server; + krb5_creds creds; + + krb5_get_init_creds_opt_init (&get_options); + + krb5_get_init_creds_opt_set_preauth_list (&get_options, + pre_auth_types, + 1); + + krb5_verify_init_creds_opt_init (&verify_options); + + ret = krb5_parse_name (p->context, p->user, &client); + if (ret) { + pop_log(p, POP_PRIORITY, "krb5_parse_name: %s", + krb5_get_err_text (p->context, ret)); + return 1; + } + + ret = krb5_get_init_creds_password (p->context, + &creds, + client, + p->pop_parm[1], + NULL, + NULL, + 0, + NULL, + &get_options); + if (ret) { + pop_log(p, POP_PRIORITY, + "krb5_get_init_creds_password: %s", + krb5_get_err_text (p->context, ret)); + return 1; + } + + ret = krb5_sname_to_principal (p->context, + p->myhost, + "pop", + KRB5_NT_SRV_HST, + &server); + if (ret) { + pop_log(p, POP_PRIORITY, + "krb5_get_init_creds_password: %s", + krb5_get_err_text (p->context, ret)); + return 1; + } + + ret = krb5_verify_init_creds (p->context, + &creds, + server, + NULL, + NULL, + &verify_options); + krb5_free_principal (p->context, client); + krb5_free_principal (p->context, server); + krb5_free_creds_contents (p->context, &creds); + return ret; +} +#endif +/* + * pass: Obtain the user password from a POP client + */ + +int +pop_pass (POP *p) +{ + struct passwd *pw; + int i; + struct stat st; + + /* Make one string of all these parameters */ + + for (i = 1; i < p->parm_count; ++i) + p->pop_parm[i][strlen(p->pop_parm[i])] = ' '; + + /* Look for the user in the password file */ + if ((pw = k_getpwnam(p->user)) == NULL) + return (pop_msg(p,POP_FAILURE, + "Password supplied for \"%s\" is incorrect.", + p->user)); + + if (p->kerberosp) { +#ifdef KRB4 + if (p->version == 4) { + if(kuserok (&p->kdata, p->user)) { + pop_log(p, POP_PRIORITY, + "%s: (%s.%s@%s) tried to retrieve mail for %s.", + p->client, p->kdata.pname, p->kdata.pinst, + p->kdata.prealm, p->user); + return(pop_msg(p,POP_FAILURE, + "Popping not authorized")); + } + pop_log(p, POP_INFO, "%s: %s.%s@%s -> %s", + p->ipaddr, + p->kdata.pname, p->kdata.pinst, p->kdata.prealm, + p->user); + } else +#endif /* KRB4 */ +#ifdef KRB5 + if (p->version == 5) { + char *name; + + if (!krb5_kuserok (p->context, p->principal, p->user)) { + pop_log (p, POP_PRIORITY, + "krb5 permission denied"); + return pop_msg(p, POP_FAILURE, + "Popping not authorized"); + } + if(krb5_unparse_name (p->context, p->principal, &name) == 0) { + pop_log(p, POP_INFO, "%s: %s -> %s", + p->ipaddr, name, p->user); + free (name); + } + } else { + pop_log (p, POP_PRIORITY, "kerberos authentication failed"); + return pop_msg (p, POP_FAILURE, + "kerberos authentication failed"); + } +#endif + { } + } else { + /* We don't accept connections from users with null passwords */ + if (pw->pw_passwd == NULL) + return (pop_msg(p, + POP_FAILURE, + "Password supplied for \"%s\" is incorrect.", + p->user)); + +#ifdef OTP + if (otp_verify_user (&p->otp_ctx, p->pop_parm[1]) == 0) + /* pass OK */; + else +#endif + /* Compare the supplied password with the password file entry */ + if (p->auth_level != AUTH_NONE) + return pop_msg(p, POP_FAILURE, + "Password supplied for \"%s\" is incorrect.", + p->user); + else if (!strcmp(crypt(p->pop_parm[1], pw->pw_passwd), pw->pw_passwd)) + /* pass OK */; + else { + int ret = -1; +#ifdef KRB4 + ret = krb4_verify_password (p); +#endif +#ifdef KRB5 + if(ret) + ret = krb5_verify_password (p); +#endif + if(ret) + return pop_msg(p, POP_FAILURE, + "Password incorrect"); + } + } + pop_log(p, POP_INFO, "login from %s as %s", + p->ipaddr, p->user); + + /* Build the name of the user's maildrop */ + snprintf(p->drop_name, sizeof(p->drop_name), "%s/%s", POP_MAILDIR, p->user); + + if(stat(p->drop_name, &st) < 0 || !S_ISDIR(st.st_mode)){ + /* Make a temporary copy of the user's maildrop */ + /* and set the group and user id */ + if (pop_dropcopy(p, pw) != POP_SUCCESS) return (POP_FAILURE); + + /* Get information about the maildrop */ + if (pop_dropinfo(p) != POP_SUCCESS) return(POP_FAILURE); + } else { + if(changeuser(p, pw) != POP_SUCCESS) return POP_FAILURE; + if(pop_maildir_info(p) != POP_SUCCESS) return POP_FAILURE; + } + /* Initialize the last-message-accessed number */ + p->last_msg = 0; + + /* Authorization completed successfully */ + return (pop_msg (p, POP_SUCCESS, + "%s has %d message(s) (%ld octets).", + p->user, p->msg_count, p->drop_size)); +} diff --git a/crypto/heimdal/appl/popper/pop_quit.c b/crypto/heimdal/appl/popper/pop_quit.c new file mode 100644 index 0000000..429b181 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_quit.c @@ -0,0 +1,21 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_quit.c,v 1.7 1996/11/19 22:48:30 assar Exp $"); + +/* + * quit: Terminate a POP session + */ + +int +pop_quit (POP *p) +{ + /* Release the message information list */ + if (p->mlp) free (p->mlp); + + return(POP_SUCCESS); +} diff --git a/crypto/heimdal/appl/popper/pop_rset.c b/crypto/heimdal/appl/popper/pop_rset.c new file mode 100644 index 0000000..6888ebf --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_rset.c @@ -0,0 +1,33 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_rset.c,v 1.9 1998/04/23 17:38:08 joda Exp $"); + +/* + * rset: Unflag all messages flagged for deletion in a POP maildrop + */ + +int +pop_rset (POP *p) +{ + MsgInfoList * mp; /* Pointer to the message info list */ + int i; + + /* Unmark all the messages */ + for (i = p->msg_count, mp = p->mlp; i > 0; i--, mp++) + mp->flags &= ~DEL_FLAG; + + /* Reset the messages-deleted and bytes-deleted counters */ + p->msgs_deleted = 0; + p->bytes_deleted = 0; + + /* Reset the last-message-access flag */ + p->last_msg = 0; + + return (pop_msg(p,POP_SUCCESS,"Maildrop has %u messages (%ld octets)", + p->msg_count, p->drop_size)); +} diff --git a/crypto/heimdal/appl/popper/pop_send.c b/crypto/heimdal/appl/popper/pop_send.c new file mode 100644 index 0000000..166b990 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_send.c @@ -0,0 +1,176 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_send.c,v 1.25 1999/03/05 14:14:28 joda Exp $"); + +/* + * sendline: Send a line of a multi-line response to a client. + */ +static int +pop_sendline(POP *p, char *buffer) +{ + char * bp; + + /* Byte stuff lines that begin with the termination octet */ + if (*buffer == POP_TERMINATE) + fputc(POP_TERMINATE,p->output); + + /* Look for a <NL> in the buffer */ + if ((bp = strchr(buffer, '\n'))) + *bp = 0; + + /* Send the line to the client */ + fputs(buffer,p->output); + +#ifdef DEBUG + if(p->debug) + pop_log(p,POP_DEBUG,"Sending line \"%s\"",buffer); +#endif /* DEBUG */ + + /* Put a <CR><NL> if a newline was removed from the buffer */ + if (bp) + fputs ("\r\n",p->output); + return bp != NULL; +} + +/* + * send: Send the header and a specified number of lines + * from a mail message to a POP client. + */ + +int +pop_send(POP *p) +{ + MsgInfoList * mp; /* Pointer to message info list */ + int msg_num; + int msg_lines; + char buffer[MAXMSGLINELEN]; +#ifdef RETURN_PATH_HANDLING + char * return_path_adr; + char * return_path_end; + int return_path_sent; + int return_path_linlen; +#endif + int sent_nl = 0; + + /* Convert the first parameter into an integer */ + msg_num = atoi(p->pop_parm[1]); + + /* Is requested message out of range? */ + if ((msg_num < 1) || (msg_num > p->msg_count)) + return (pop_msg (p,POP_FAILURE,"Message %d does not exist.",msg_num)); + + /* Get a pointer to the message in the message list */ + mp = &p->mlp[msg_num-1]; + + /* Is the message flagged for deletion? */ + if (mp->flags & DEL_FLAG) + return (pop_msg (p,POP_FAILURE, + "Message %d has been deleted.",msg_num)); + + /* If this is a TOP command, get the number of lines to send */ + if (strcmp(p->pop_command, "top") == 0) { + /* Convert the second parameter into an integer */ + msg_lines = atoi(p->pop_parm[2]); + } + else { + /* Assume that a RETR (retrieve) command was issued */ + msg_lines = -1; + /* Flag the message as retreived */ + mp->flags |= RETR_FLAG; + } + + /* Display the number of bytes in the message */ + pop_msg(p, POP_SUCCESS, "%ld octets", mp->length); + + if(IS_MAILDIR(p)) { + int e = pop_maildir_open(p, mp); + if(e != POP_SUCCESS) + return e; + } + + /* Position to the start of the message */ + fseek(p->drop, mp->offset, 0); + + return_path_sent = 0; + + if(!IS_MAILDIR(p)) { + /* Skip the first line (the sendmail "From" line) */ + fgets (buffer,MAXMSGLINELEN,p->drop); + +#ifdef RETURN_PATH_HANDLING + if (strncmp(buffer,"From ",5) == 0) { + return_path_linlen = strlen(buffer); + for (return_path_adr = buffer+5; + (*return_path_adr == ' ' || *return_path_adr == '\t') && + return_path_adr < buffer + return_path_linlen; + return_path_adr++) + ; + if (return_path_adr < buffer + return_path_linlen) { + if ((return_path_end = strchr(return_path_adr, ' ')) != NULL) + *return_path_end = '\0'; + if (strlen(return_path_adr) != 0 && *return_path_adr != '\n') { + static char tmpbuf[MAXMSGLINELEN + 20]; + if (snprintf (tmpbuf, + sizeof(tmpbuf), + "Return-Path: %s\n", + return_path_adr) < MAXMSGLINELEN) { + pop_sendline (p,tmpbuf); + if (hangup) + return pop_msg (p, POP_FAILURE, + "SIGHUP or SIGPIPE flagged"); + return_path_sent++; + } + } + } + } +#endif + } + + /* Send the header of the message followed by a blank line */ + while (fgets(buffer,MAXMSGLINELEN,p->drop)) { +#ifdef RETURN_PATH_HANDLING + /* Don't send existing Return-Path-header if already sent own */ + if (!return_path_sent || strncasecmp(buffer, "Return-Path:", 12) != 0) +#endif + sent_nl = pop_sendline (p,buffer); + /* A single newline (blank line) signals the + end of the header. sendline() converts this to a NULL, + so that's what we look for. */ + if (*buffer == 0) break; + if (hangup) + return (pop_msg (p,POP_FAILURE,"SIGHUP or SIGPIPE flagged")); + } + /* Send the message body */ + { + int blank_line = 1; + while (fgets(buffer, MAXMSGLINELEN-1, p->drop)) { + /* Look for the start of the next message */ + if (!IS_MAILDIR(p) && blank_line && strncmp(buffer,"From ",5) == 0) + break; + blank_line = (strncmp(buffer, "\n", 1) == 0); + /* Decrement the lines sent (for a TOP command) */ + if (msg_lines >= 0 && msg_lines-- == 0) break; + sent_nl = pop_sendline(p,buffer); + if (hangup) + return (pop_msg (p,POP_FAILURE,"SIGHUP or SIGPIPE flagged")); + } + /* add missing newline at end */ + if(!sent_nl) + fputs("\r\n", p->output); + /* some pop-clients want a blank line at the end of the + message, we always add one here, but what the heck -- in + outer (white) space, no one can hear you scream */ + if(IS_MAILDIR(p)) + fputs("\r\n", p->output); + } + /* "." signals the end of a multi-line transmission */ + fputs(".\r\n",p->output); + fflush(p->output); + + return(POP_SUCCESS); +} diff --git a/crypto/heimdal/appl/popper/pop_stat.c b/crypto/heimdal/appl/popper/pop_stat.c new file mode 100644 index 0000000..9ab2800 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_stat.c @@ -0,0 +1,26 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_stat.c,v 1.7 1997/05/11 11:04:35 assar Exp $"); + +/* + * stat: Display the status of a POP maildrop to its client + */ + +int +pop_stat (POP *p) +{ +#ifdef DEBUG + if (p->debug) pop_log(p,POP_DEBUG,"%d message(s) (%ld octets).", + p->msg_count-p->msgs_deleted, + p->drop_size-p->bytes_deleted); +#endif /* DEBUG */ + return (pop_msg (p,POP_SUCCESS, + "%d %ld", + p->msg_count-p->msgs_deleted, + p->drop_size-p->bytes_deleted)); +} diff --git a/crypto/heimdal/appl/popper/pop_uidl.c b/crypto/heimdal/appl/popper/pop_uidl.c new file mode 100644 index 0000000..42dc12d --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_uidl.c @@ -0,0 +1,88 @@ +/* + * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * (Royal Institute of Technology, Stockholm, Sweden). + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the Institute nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include <popper.h> +RCSID("$Id: pop_uidl.c,v 1.9 1999/12/02 16:58:33 joda Exp $"); + +#ifdef UIDL +/* + * uidl: Uidl the contents of a POP maildrop + */ + +int +pop_uidl (POP *p) +{ + MsgInfoList * mp; /* Pointer to message info list */ + int i; + int msg_num; + + /* Was a message number provided? */ + if (p->parm_count > 0) { + msg_num = atoi(p->pop_parm[1]); + + /* Is requested message out of range? */ + if ((msg_num < 1) || (msg_num > p->msg_count)) + return (pop_msg (p,POP_FAILURE, + "Message %d does not exist.",msg_num)); + + /* Get a pointer to the message in the message list */ + mp = &p->mlp[msg_num-1]; + + /* Is the message already flagged for deletion? */ + if (mp->flags & DEL_FLAG) + return (pop_msg (p,POP_FAILURE, + "Message %d has been deleted.",msg_num)); + + /* Display message information */ + return (pop_msg(p,POP_SUCCESS,"%u %s",msg_num,mp->msg_id)); + } + + /* Display the entire list of messages */ + pop_msg(p,POP_SUCCESS, + "%d messages (%ld octets)", + p->msg_count-p->msgs_deleted, + p->drop_size-p->bytes_deleted); + + /* Loop through the message information list. Skip deleted messages */ + for (i = p->msg_count, mp = p->mlp; i > 0; i--, mp++) { + if (!(mp->flags & DEL_FLAG)) + fprintf(p->output,"%u %s\r\n",mp->number,mp->msg_id); + } + + /* "." signals the end of a multi-line transmission */ + fprintf(p->output,".\r\n"); + fflush(p->output); + + return(POP_SUCCESS); +} +#endif /* UIDL */ diff --git a/crypto/heimdal/appl/popper/pop_updt.c b/crypto/heimdal/appl/popper/pop_updt.c new file mode 100644 index 0000000..0130132 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_updt.c @@ -0,0 +1,199 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_updt.c,v 1.19 1998/04/23 18:36:51 joda Exp $"); + +static char standard_error[] = + "Error error updating primary drop. Mailbox unchanged"; + +/* + * updt: Apply changes to a user's POP maildrop + */ + +int +pop_updt (POP *p) +{ + FILE * md; /* Stream pointer for + the user's maildrop */ + int mfd; /* File descriptor for + above */ + char buffer[BUFSIZ]; /* Read buffer */ + + MsgInfoList * mp; /* Pointer to message + info list */ + int msg_num; /* Current message + counter */ + int status_written; /* Status header field + written */ + int nchar; /* Bytes read/written */ + + long offset; /* New mail offset */ + + int blank_line; + +#ifdef DEBUG + if (p->debug) { + pop_log(p,POP_DEBUG,"Performing maildrop update..."); + pop_log(p,POP_DEBUG,"Checking to see if all messages were deleted"); + } +#endif /* DEBUG */ + + if(IS_MAILDIR(p)) + return pop_maildir_update(p); + + if (p->msgs_deleted == p->msg_count) { + /* Truncate before close, to avoid race condition, DO NOT UNLINK! + Another process may have opened, and not yet tried to lock */ + ftruncate ((int)fileno(p->drop),0); + fclose(p->drop) ; + return (POP_SUCCESS); + } + +#ifdef DEBUG + if (p->debug) + pop_log(p,POP_DEBUG,"Opening mail drop \"%s\"",p->drop_name); +#endif /* DEBUG */ + + /* Open the user's real maildrop */ + if ((mfd = open(p->drop_name,O_RDWR|O_CREAT,0600)) == -1 || + (md = fdopen(mfd,"r+")) == NULL) { + return pop_msg(p,POP_FAILURE,standard_error); + } + + /* Lock the user's real mail drop */ + if ( flock(mfd, LOCK_EX) == -1 ) { + fclose(md) ; + return pop_msg(p,POP_FAILURE, "flock: '%s': %s", p->temp_drop, + strerror(errno)); + } + + /* Go to the right places */ + offset = lseek((int)fileno(p->drop),0,SEEK_END) ; + + /* Append any messages that may have arrived during the session + to the temporary maildrop */ + while ((nchar=read(mfd,buffer,BUFSIZ)) > 0) + if ( nchar != write((int)fileno(p->drop),buffer,nchar) ) { + nchar = -1; + break ; + } + if ( nchar != 0 ) { + fclose(md) ; + ftruncate((int)fileno(p->drop),(int)offset) ; + fclose(p->drop) ; + return pop_msg(p,POP_FAILURE,standard_error); + } + + rewind(md); + lseek(mfd,0,SEEK_SET); + ftruncate(mfd,0) ; + + /* Synch stdio and the kernel for the POP drop */ + rewind(p->drop); + lseek((int)fileno(p->drop),0,SEEK_SET); + + /* Transfer messages not flagged for deletion from the temporary + maildrop to the new maildrop */ +#ifdef DEBUG + if (p->debug) + pop_log(p,POP_DEBUG,"Creating new maildrop \"%s\" from \"%s\"", + p->drop_name,p->temp_drop); +#endif /* DEBUG */ + + for (msg_num = 0; msg_num < p->msg_count; ++msg_num) { + + int doing_body; + + /* Get a pointer to the message information list */ + mp = &p->mlp[msg_num]; + + if (mp->flags & DEL_FLAG) { +#ifdef DEBUG + if(p->debug) + pop_log(p,POP_DEBUG, + "Message %d flagged for deletion.",mp->number); +#endif /* DEBUG */ + continue; + } + + fseek(p->drop,mp->offset,0); + +#ifdef DEBUG + if(p->debug) + pop_log(p,POP_DEBUG,"Copying message %d.",mp->number); +#endif /* DEBUG */ + blank_line = 1; + for(status_written = doing_body = 0 ; + fgets(buffer,MAXMSGLINELEN,p->drop);) { + + if (doing_body == 0) { /* Header */ + + /* Update the message status */ + if (strncasecmp(buffer,"Status:",7) == 0) { + if (mp->flags & RETR_FLAG) + fputs("Status: RO\n",md); + else + fputs(buffer, md); + status_written++; + continue; + } + /* A blank line signals the end of the header. */ + if (*buffer == '\n') { + doing_body = 1; + if (status_written == 0) { + if (mp->flags & RETR_FLAG) + fputs("Status: RO\n\n",md); + else + fputs("Status: U\n\n",md); + } + else fputs ("\n", md); + continue; + } + /* Save another header line */ + fputs (buffer, md); + } + else { /* Body */ + if (blank_line && strncmp(buffer,"From ",5) == 0) break; + fputs (buffer, md); + blank_line = (*buffer == '\n'); + } + } + } + + /* flush and check for errors now! The new mail will writen + without stdio, since we need not separate messages */ + + fflush(md) ; + if (ferror(md)) { + ftruncate(mfd,0) ; + fclose(md) ; + fclose(p->drop) ; + return pop_msg(p,POP_FAILURE,standard_error); + } + + /* Go to start of new mail if any */ + lseek((int)fileno(p->drop),offset,SEEK_SET); + + while((nchar=read((int)fileno(p->drop),buffer,BUFSIZ)) > 0) + if ( nchar != write(mfd,buffer,nchar) ) { + nchar = -1; + break ; + } + if ( nchar != 0 ) { + ftruncate(mfd,0) ; + fclose(md) ; + fclose(p->drop) ; + return pop_msg(p,POP_FAILURE,standard_error); + } + + /* Close the maildrop and empty temporary maildrop */ + fclose(md); + ftruncate((int)fileno(p->drop),0); + fclose(p->drop); + + return(pop_quit(p)); +} diff --git a/crypto/heimdal/appl/popper/pop_user.c b/crypto/heimdal/appl/popper/pop_user.c new file mode 100644 index 0000000..be771e6 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_user.c @@ -0,0 +1,36 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: pop_user.c,v 1.15 1999/09/16 20:38:50 assar Exp $"); + +/* + * user: Prompt for the user name at the start of a POP session + */ + +int +pop_user (POP *p) +{ + char ss[256]; + + strlcpy(p->user, p->pop_parm[1], sizeof(p->user)); + +#ifdef OTP + if (otp_challenge (&p->otp_ctx, p->user, ss, sizeof(ss)) == 0) { + return pop_msg(p, POP_SUCCESS, "Password %s required for %s.", + ss, p->user); + } else +#endif + if (p->auth_level != AUTH_NONE) { + char *s = NULL; +#ifdef OTP + s = otp_error(&p->otp_ctx); +#endif + return pop_msg(p, POP_FAILURE, "Permission denied%s%s", + s ? ":" : "", s ? s : ""); + } else + return pop_msg(p, POP_SUCCESS, "Password required for %s.", p->user); +} diff --git a/crypto/heimdal/appl/popper/pop_xover.c b/crypto/heimdal/appl/popper/pop_xover.c new file mode 100644 index 0000000..94936f9 --- /dev/null +++ b/crypto/heimdal/appl/popper/pop_xover.c @@ -0,0 +1,37 @@ +#include <popper.h> +RCSID("$Id: pop_xover.c,v 1.4 1998/04/23 17:39:31 joda Exp $"); + +int +pop_xover (POP *p) +{ +#ifdef XOVER + MsgInfoList * mp; /* Pointer to message info list */ + int i; + + pop_msg(p,POP_SUCCESS, + "%d messages (%ld octets)", + p->msg_count-p->msgs_deleted, + p->drop_size-p->bytes_deleted); + + /* Loop through the message information list. Skip deleted messages */ + for (i = p->msg_count, mp = p->mlp; i > 0; i--, mp++) { + if (!(mp->flags & DEL_FLAG)) + fprintf(p->output,"%u\t%s\t%s\t%s\t%s\t%lu\t%u\r\n", + mp->number, + mp->subject, + mp->from, + mp->date, + mp->msg_id, + mp->length, + mp->lines); + } + + /* "." signals the end of a multi-line transmission */ + fprintf(p->output,".\r\n"); + fflush(p->output); + + return(POP_SUCCESS); +#else + return pop_msg(p, POP_FAILURE, "Command not implemented."); +#endif +} diff --git a/crypto/heimdal/appl/popper/popper.8 b/crypto/heimdal/appl/popper/popper.8 new file mode 100644 index 0000000..30dc5b9 --- /dev/null +++ b/crypto/heimdal/appl/popper/popper.8 @@ -0,0 +1,179 @@ +.\" Copyright (c) 1980 Regents of the University of California. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms are permitted +.\" provided that this notice is preserved and that due credit is given +.\" to the University of California at Berkeley. The name of the University +.\" may not be used to endorse or promote products derived from this +.\" software without specific prior written permission. This software +.\" is provided ``as is'' without express or implied warranty. +.\" +.\" @(#)@(#)popper.8 2.3 2.3 (CCS) 4/2/91 Copyright (c) 1990 Regents of the University of California.\nAll rights reserved.\n +.\" +.TH popper 8 "August 1990" +.UC 6 +.ad +.SH NAME +popper \- pop 3 server +.SH SYNOPSIS +.B /usr/etc/popper +[ -d ] +[ -a ] +[ -k ] +[ -t trace-file] +[ -i ] +[ -p portnum] +.SH DESCRIPTION +.I Popper +is an implementation of the Post Office Protocol server that runs on a +variety of Unix computers to manage electronic mail for Macintosh +and MS-DOS computers. The server was developed at the University of +California at Berkeley and conforms fully to the specifications in RFC +1081 and RFC 1082. The Berkeley server also has extensions to +send electronic mail on behalf of a client. +.PP +The +.B \-d +flag sets the socket to debugging and turns on debugging. All debugging +information is saved using syslog(8). +.PP +The +.B \-t trace\-file +flag turns on debugging and saves the trace information in +.I trace\-file +using fprintf(s). +.PP +The +.B \-k +flag tells popper to talk the kerberised POP protocol (KPOP). +.PP +The +.B \-a +flag tells popper not to accept any cleartext passwords, but only OTPs. +.PP +The +.B \-i +flag tells popper it has not been started by inetd and should create +its own socket and listen on it. This is useful for debugging. +.PP +The +.B \-p portnum +flag tells popper on which port it should listen for connections when +creating a socket. +.SH HOW TO OBTAIN THE SERVER +.PP +The POP server is available via anonymous ftp from ftp.CC.Berkeley.EDU +(128.32.136.9, 128.32.206.12). It is in two files in the pub directory: +a compressed +tar file popper.tar.Z and a Macintosh StuffIt archive in BinHex format +called MacPOP.sit.hqx. +.SH THE POP TRANSACTION CYCLE +.PP +The Berkeley POP server is a single program (called popper) that is +launched by inetd when it gets a service request on the POP TCP port. +(The official port number specified in RFC 1081 for POP version 3 is +port 110. However, some POP3 clients attempt to contact the server at +port 109, the POP version 2 port. Unless you are running both POP2 and +POP3 servers, you can simply define both ports for use by the POP3 +server. This is explained in the installation instructions later on.) +The popper program initializes and verifies that the peer IP address is +registered in the local domain, logging a warning message when a +connection is made to a client whose IP address does not have a +canonical name. For systems using BSD 4.3 bind, it also checks to see +if a cannonical name lookup for the client returns the same peer IP +address, logging a warning message if it does not. The the server +enters the authorization state, during which the client must correctly +identify itself by providing a valid Unix userid and password on the +server's host machine. No other exchanges are allowed during this +state (other than a request to quit.) If authentication fails, a +warning message is logged and the session ends. Once the user is +identified, popper changes its user and group ids to match that of the +user and enters the transaction state. The server makes a temporary +copy of the user's maildrop (ordinarily in /usr/spool/mail) which is +used for all subsequent transactions. These include the bulk of POP +commands to retrieve mail, delete mail, undelete mail, and so forth. A +Berkeley extension also allows the user to submit a mail parcel to the +server who mails it using the sendmail program (this extension is +supported in the HyperMail client distributed with the server). When +the client quits, the server enters the final update state during which +the network connection is terminated and the user's maildrop is updated +with the (possibly) modified temporary maildrop. +.SH LOGGING +.PP +The POP server uses syslog to keep a record of its activities. On +systems with BSD 4.3 syslogging, the server logs (by default) to the +"local0" facility at priority "notice" for all messages except +debugging which is logged at priority "debug". The default log file is +/usr/spool/mqueue/POPlog. These can be changed, if desired. On +systems with 4.2 syslogging all messages are logged to the local log +file, usually /usr/spool/mqueue/syslog. +.SH DEBUGGING +.PP +The popper program will log debugging information when the -d parameter +is specified after its invocation in the inetd.conf file. Care should +be exercised in using this option since it generates considerable +output in the syslog file. Alternatively, the "-t <file-name>" option +will place debugging information into file "<file-name>" using fprintf +instead of syslog. +.PP +For SunOS version 3.5, the popper program is launched by inetd from +/etc/servers. This file does not allow you to specify command line +arguments. Therefore, if you want to enable debugging, you can specify +a shell script in /etc/servers to be launched instead of popper and in +this script call popper with the desired arguments. +.PP +You can confirm that the POP server is running on Unix by telneting to +port 110 (or 109 if you set it up that way). For example: +.PP +.nf +%telnet myhost 110 +Trying... +Connected to myhost.berkeley.edu. +Escape character is '^]'. ++OK UCB Pop server (version 1.6) at myhost starting. +quit +Connection closed by foreign host. +.fi +.SH VERSION 1.7 RELEASE NOTES +Extensive re-write of the maildrop processing code contributed by +Viktor Dukhovni <viktor@math.princeton.edu> that greatly reduces the +possibility that the maildrop can be corrupted as the result of +simultaneous access by two or more processes. +.PP +Added "pop_dropcopy" module to create a temporary maildrop from +the existing, standard maildrop as root before the setuid and +setgid for the user is done. This allows the temporary maildrop +to be created in a mail spool area that is not world read-writable. +.PP +This version does *not* send the sendmail "From " delimiter line +in response to a TOP or RETR command. +.PP +Encased all debugging code in #ifdef DEBUG constructs. This code can +be included by specifying the DEGUG compiler flag. Note: You still +need to use the -d or -t option to obtain debugging output. +.SH LIMITATIONS +The POP server copies the user's entire maildrop to /tmp and +then operates on that copy. If the maildrop is particularly +large, or inadequate space is available in /tmp, then the +server will refuse to continue and terminate the connection. +.PP +Simultaneous modification of a single maildrop can result in +confusing results. For example, manipulating messages in a +maildrop using the Unix /usr/ucb/mail command while a copy of +it is being processed by the POP server can cause the changes +made by one program to be lost when the other terminates. This +problem is being worked on and will be fixed in a later +release. +.SH FILES +.nf +/usr/spool/mail mail files +/etc/inetd.conf pop program invocation +/etc/syslog.conf logging specifications +.fi +.SH "SEE ALSO" +inetd(8), +RFC1081, +RFC1082 +.SH AUTHORS +Bob Campbell, Edward Moy, Austin Shelton, Marshall T Rose, and cast of +thousands at Rand, UDel, UCI, and elsewhere diff --git a/crypto/heimdal/appl/popper/popper.README.release b/crypto/heimdal/appl/popper/popper.README.release new file mode 100644 index 0000000..c0b313e --- /dev/null +++ b/crypto/heimdal/appl/popper/popper.README.release @@ -0,0 +1,45 @@ +Release Notes: + +popper-1.831beta is no longer beta 30 July 91 + Removed popper-1.7.tar.Z + +popper-1.831beta.tar.Z 03 April 91 + Changed mkstemp to mktemp for Ultrix. Sigh. + +popper-1.83beta.tar.Z 02 April 91 + + This version makes certain that while running as root we do nothing + at all destructive. + +popper-1.82beta.tar.Z 27 March 91 + + This version fixes problems on Encore MultiMax and some Sun releases + which wouldn't allow a user to ftruncate() a file from an open + file descripter unless the user owns the file. Now the user + owns the /usr/spool/mail/.userid.pop file. Thanks to Ben Levy + of FTP Software and Henry Holtzman of Apple. + +popper-1.81beta.tar.Z 20 March 91 + + This version of popper is supposed to fix three problems reported + with various versions of popper (all called 1.7 or 1.7something). + + 1) Dropped network connections meant lost mail files. Some 1.7 + versions also risked corrupting mail files. + + 2) Some versions of 1.7 created temporary drop files with world + read and write permissions. + + 3) Some versions of 1.7 were not careful about opening the temporary + drop file. + +popper-1.7.tar.Z 09 September 90 (updated 20 March 91) + + This version will exhibit the first problem listed above if it is + compiled with -DDEBUG and run without the "-d" (debug) flag. + + If it is compiled without -DDEBUG it will exhibit only the second + and third bug listed above. + +Cliff Frost poptest@nettlesome.berkeley.edu +UC Berkeley diff --git a/crypto/heimdal/appl/popper/popper.c b/crypto/heimdal/appl/popper/popper.c new file mode 100644 index 0000000..28d6ab9 --- /dev/null +++ b/crypto/heimdal/appl/popper/popper.c @@ -0,0 +1,117 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + */ + +#include <popper.h> +RCSID("$Id: popper.c,v 1.15 1997/05/11 11:04:37 assar Exp $"); + +int hangup = FALSE ; + +static RETSIGTYPE +catchSIGHUP(int sig) +{ + hangup = TRUE ; + + /* This should not be a problem on BSD systems */ + signal(SIGHUP, catchSIGHUP); + signal(SIGPIPE, catchSIGHUP); + SIGRETURN(0); +} + +int pop_timeout = POP_TIMEOUT; + +jmp_buf env; + +static RETSIGTYPE +ring(int sig) +{ + longjmp(env,1); +} + +/* + * fgets, but with a timeout + */ +static char * +tgets(char *str, int size, FILE *fp, int timeout) +{ + signal(SIGALRM, ring); + alarm(timeout); + if (setjmp(env)) + str = NULL; + else + str = fgets(str,size,fp); + alarm(0); + signal(SIGALRM,SIG_DFL); + return(str); +} + +/* + * popper: Handle a Post Office Protocol version 3 session + */ +int +main (int argc, char **argv) +{ + POP p; + state_table * s; + char message[MAXLINELEN]; + + signal(SIGHUP, catchSIGHUP); + signal(SIGPIPE, catchSIGHUP); + + /* Start things rolling */ + pop_init(&p,argc,argv); + + /* Tell the user that we are listenting */ + pop_msg(&p,POP_SUCCESS, + "UCB based pop server (version %s at %s) starting.",VERSION,p.myhost); + + /* State loop. The POP server is always in a particular state in + which a specific suite of commands can be executed. The following + loop reads a line from the client, gets the command, and processes + it in the current context (if allowed) or rejects it. This continues + until the client quits or an error occurs. */ + + for (p.CurrentState=auth1;p.CurrentState!=halt&&p.CurrentState!=error;) { + if (hangup) { + pop_msg(&p, POP_FAILURE, "POP hangup: %s", p.myhost); + if (p.CurrentState > auth2 && !pop_updt(&p)) + pop_msg(&p, POP_FAILURE, + "POP mailbox update failed: %s", p.myhost); + p.CurrentState = error; + } else if (tgets(message, MAXLINELEN, p.input, pop_timeout) == NULL) { + pop_msg(&p, POP_FAILURE, "POP timeout: %s", p.myhost); + if (p.CurrentState > auth2 && !pop_updt(&p)) + pop_msg(&p,POP_FAILURE, + "POP mailbox update failed: %s", p.myhost); + p.CurrentState = error; + } + else { + /* Search for the command in the command/state table */ + if ((s = pop_get_command(&p,message)) == NULL) continue; + + /* Call the function associated with this command in + the current state */ + if (s->function) p.CurrentState = s->result[(*s->function)(&p)]; + + /* Otherwise assume NOOP and send an OK message to the client */ + else { + p.CurrentState = s->success_state; + pop_msg(&p,POP_SUCCESS,NULL); + } + } + } + + /* Say goodbye to the client */ + pop_msg(&p,POP_SUCCESS,"Pop server at %s signing off.",p.myhost); + + /* Log the end of activity */ + pop_log(&p,POP_PRIORITY, + "(v%s) Ending request from \"%s\" at %s\n",VERSION,p.client,p.ipaddr); + + /* Stop logging */ + closelog(); + + return(0); +} diff --git a/crypto/heimdal/appl/popper/popper.h b/crypto/heimdal/appl/popper/popper.h new file mode 100644 index 0000000..22707da --- /dev/null +++ b/crypto/heimdal/appl/popper/popper.h @@ -0,0 +1,347 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + * + * static char copyright[] = "Copyright (c) 1990 Regents of the University of California.\nAll rights reserved.\n"; + * static char SccsId[] = "@(#)@(#)popper.h 2.2 2.2 4/2/91"; + * + */ + +/* $Id: popper.h,v 1.49 1999/08/12 11:37:55 joda Exp $ */ + +/* + * Header file for the POP programs + */ + +#ifdef HAVE_CONFIG_H +#include <config.h> +#define UIDL +#define XOVER +#define XDELE +#define DEBUG +#define RETURN_PATH_HANDLING +#endif + +/* Common include files */ + +#include <stdio.h> +#include <stdarg.h> +#include <stdlib.h> +#include <string.h> +#include <errno.h> +#include <signal.h> +#include <setjmp.h> +#include <ctype.h> +#ifdef HAVE_FCNTL_H +#include <fcntl.h> +#endif +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_IO_H +#include <io.h> +#endif +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif +#ifdef HAVE_SYS_STAT_H +#include <sys/stat.h> +#endif +#ifdef HAVE_SYS_FILE_H +#include <sys/file.h> +#endif +#ifdef TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#elif defined(HAVE_SYS_TIME_H) +#include <sys/time.h> +#else +#include <time.h> +#endif +#ifdef HAVE_SYS_RESOURCE_H +#include <sys/resource.h> +#endif +#ifdef HAVE_SYS_WAIT_H +#include <sys/wait.h> +#endif +#ifdef HAVE_SYS_SOCKET_H +#include <sys/socket.h> +#endif +#ifdef HAVE_NETINET_IN_H +#include <netinet/in.h> +#endif +#ifdef HAVE_NETINET_IN6_H +#include <netinet/in6.h> +#endif +#ifdef HAVE_NETINET6_IN6_H +#include <netinet6/in6.h> +#endif + +#ifdef HAVE_NETDB_H +#include <netdb.h> +#endif +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif +#ifdef HAVE_SYSLOG_H +#include <syslog.h> +#endif +#ifdef HAVE_SYS_SELECT_H +#include <sys/select.h> +#endif +#ifdef HAVE_SYS_PARAM_H +#include <sys/param.h> +#endif +#include "version.h" + +#ifdef SOCKS +#include <socks.h> +#endif + +#include <err.h> +#include <roken.h> +#include <getarg.h> + +#ifdef KRB4 +#include <krb.h> +#include <prot.h> +#endif +#ifdef KRB5 +#include <krb5.h> +#endif + +#define MAXUSERNAMELEN 65 +#define MAXDROPLEN 64 +#define MAXLINELEN 1024 +#define MAXMSGLINELEN 1024 +#define MAXCMDLEN 4 +#define MAXPARMCOUNT 10 +#define MAXPARMLEN 10 +#define ALLOC_MSGS 20 +#define MAIL_COMMAND "/usr/lib/sendmail" + +#define POP_FACILITY LOG_LOCAL0 +#define POP_PRIORITY LOG_NOTICE +#define POP_DEBUG LOG_DEBUG +#define POP_INFO LOG_INFO +#define POP_LOGOPTS 0 + +#ifdef HAVE_PATHS_H +#include <paths.h> +#endif +#ifdef HAVE_MAILLOCK_H +#include <maillock.h> +#endif + +#ifdef OTP +#include <otp.h> +#endif + +#if defined(KRB4_MAILDIR) +#define POP_MAILDIR KRB4_MAILDIR +#elif defined(_PATH_MAILDIR) +#define POP_MAILDIR _PATH_MAILDIR +#elif defined(MAILDIR) +#define POP_MAILDIR MAILDIR +#else +#define POP_MAILDIR "/usr/spool/mail" +#endif + +#define POP_DROP POP_MAILDIR "/.%s.pop" + /* POP_TMPSIZE needs to be big enough to hold the string + * defined by POP_TMPDROP. POP_DROP and POP_TMPDROP + * must be in the same filesystem. + */ +#define POP_TMPDROP POP_MAILDIR "/tmpXXXXXX" +#define POP_TMPSIZE 256 +#define POP_TMPXMIT "/tmp/xmitXXXXXX" +#define POP_OK "+OK" +#define POP_ERR "-ERR" +#define POP_SUCCESS 1 +#define POP_FAILURE 0 +#define POP_TERMINATE '.' +#define POP_TIMEOUT 120 /* timeout connection after this many secs */ + +extern int pop_timeout; + +extern int hangup; + +#define AUTH_NONE 0 +#define AUTH_OTP 1 + +#define pop_command pop_parm[0] /* POP command is first token */ +#define pop_subcommand pop_parm[1] /* POP XTND subcommand is the + second token */ + +typedef enum { /* POP processing states */ + auth1, /* Authorization: waiting for + USER command */ + auth2, /* Authorization: waiting for + PASS command */ + trans, /* Transaction */ + update, /* Update: session ended, + process maildrop changes */ + halt, /* (Halt): stop processing + and exit */ + error /* (Error): something really + bad happened */ +} state; + + +#define DEL_FLAG 1 +#define RETR_FLAG 2 +#define NEW_FLAG 4 + +typedef struct { /* Message information */ + int number; /* Message number relative to + the beginning of list */ + long length; /* Length of message in + bytes */ + int lines; /* Number of (null-terminated) lines in the message */ + long offset; /* Offset from beginning of + file */ + unsigned flags; + +#if defined(UIDL) || defined(XOVER) + char *msg_id; /* The POP UIDL uniqueifier */ +#endif +#ifdef XOVER + char *subject; + char *from; + char *date; +#endif + char *name; +} MsgInfoList; + +#define IS_MAILDIR(P) ((P)->temp_drop[0] == '\0') + +typedef struct { /* POP parameter block */ + int debug; /* Debugging requested */ + char * myname; /* The name of this POP + daemon program */ + char myhost[MaxHostNameLen]; /* The name of our host + computer */ + char client[MaxHostNameLen]; /* Canonical name of client + computer */ + char ipaddr[MaxHostNameLen]; /* Dotted-notation format of + client IP address */ + unsigned short ipport; /* Client port for privileged + operations */ + char user[MAXUSERNAMELEN]; /* Name of the POP user */ + state CurrentState; /* The current POP operational state */ + MsgInfoList * mlp; /* Message information list */ + int msg_count; /* Number of messages in + the maildrop */ + int msgs_deleted; /* Number of messages flagged + for deletion */ + int last_msg; /* Last message touched by + the user */ + long bytes_deleted; /* Number of maildrop bytes + flagged for deletion */ + char drop_name[MAXDROPLEN]; /* The name of the user's + maildrop */ + char temp_drop[MAXDROPLEN]; /* The name of the user's + temporary maildrop */ + long drop_size; /* Size of the maildrop in + bytes */ + FILE * drop; /* (Temporary) mail drop */ + FILE * input; /* Input TCP/IP communication + stream */ + FILE * output; /* Output TCP/IP communication stream */ + FILE * trace; /* Debugging trace file */ + char * pop_parm[MAXPARMCOUNT]; /* Parse POP parameter list */ + int parm_count; /* Number of parameters in + parsed list */ + int kerberosp; /* Using KPOP? */ +#ifdef KRB4 + AUTH_DAT kdata; +#endif +#ifdef KRB5 + krb5_context context; + krb5_principal principal; /* principal auth as */ + krb5_log_facility* logf; +#endif + int version; /* 4 or 5? */ + int auth_level; /* Dont allow cleartext */ +#ifdef OTP + OtpContext otp_ctx; /* OTP context */ +#endif +} POP; + +typedef struct { /* State information for + each POP command */ + state ValidCurrentState; /* The operating state of + the command */ + char * command; /* The POP command */ + int min_parms; /* Minimum number of parms + for the command */ + int max_parms; /* Maximum number of parms + for the command */ + int (*function) (); /* The function that process + the command */ + state result[2]; /* The resulting state after + command processing */ +#define success_state result[0] /* State when a command + succeeds */ +} state_table; + +typedef struct { /* Table of extensions */ + char * subcommand; /* The POP XTND subcommand */ + int min_parms; /* Minimum number of parms for + the subcommand */ + int max_parms; /* Maximum number of parms for + the subcommand */ + int (*function) (); /* The function that processes + the subcommand */ +} xtnd_table; + +int pop_dele(POP *p); +int pop_dropcopy(POP *p, struct passwd *pwp); +int pop_dropinfo(POP *p); +int pop_init(POP *p,int argcount,char **argmessage); +int pop_last(POP *p); +int pop_list(POP *p); +int pop_parse(POP *p, char *buf); +int pop_pass(POP *p); +int pop_quit(POP *p); +int pop_rset(POP *p); +int pop_send(POP *p); +int pop_stat(POP *p); +int pop_updt(POP *p); +int pop_user(POP *p); +#ifdef UIDL +int pop_uidl(POP *p); +#endif +#ifdef XOVER +int pop_xover(POP *p); +#endif +#ifdef XDELE +int pop_xdele(POP *p); +#endif +int pop_help(POP *p); +state_table *pop_get_command(POP *p, char *mp); +void pop_lower(char *buf); + +int pop_log(POP *p, int stat, char *format, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 3, 4))) +#endif +; + +int pop_msg(POP *p, int stat, char *format, ...) +#ifdef __GNUC__ +__attribute__ ((format (printf, 3, 4))) +#endif +; + +int pop_maildir_info (POP*); +int pop_maildir_open (POP*, MsgInfoList*); +int pop_maildir_update (POP*); + +int changeuser(POP*, struct passwd*); +void parse_header(MsgInfoList*, char*); +int add_missing_headers(POP*, MsgInfoList*); diff --git a/crypto/heimdal/appl/popper/version.h b/crypto/heimdal/appl/popper/version.h new file mode 100644 index 0000000..1b5d135 --- /dev/null +++ b/crypto/heimdal/appl/popper/version.h @@ -0,0 +1,19 @@ +/* + * Copyright (c) 1989 Regents of the University of California. + * All rights reserved. The Berkeley software License Agreement + * specifies the terms and conditions for redistribution. + * + * static char copyright[] = "Copyright (c) 1990 Regents of the University of California.\nAll rights reserved.\n"; + * static char SccsId[] = "@(#)@(#)version.h 2.6 2.6 4/3/91"; + * + */ + +/* $Id: version.h,v 1.5 1997/08/08 22:50:13 assar Exp $ */ + +/* + * Current version of this POP implementation + */ + +#if 0 +#define VERSION krb4_version +#endif diff --git a/crypto/heimdal/appl/push/Makefile.in b/crypto/heimdal/appl/push/Makefile.in index e677966..5dd6d72 100644 --- a/crypto/heimdal/appl/push/Makefile.in +++ b/crypto/heimdal/appl/push/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -119,7 +120,7 @@ install_sh = @install_sh@ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) bin_SCRIPTS = pfrom @@ -250,7 +253,7 @@ OBJECTS = $(am_push_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/push/Makefile @@ -440,6 +443,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/appl/push/pfrom.1 b/crypto/heimdal/appl/push/pfrom.1 index 6f4110c..89af229 100644 --- a/crypto/heimdal/appl/push/pfrom.1 +++ b/crypto/heimdal/appl/push/pfrom.1 @@ -1,4 +1,4 @@ -.\" $Id: pfrom.1,v 1.2 2000/11/29 18:26:27 joda Exp $ +.\" $Id: pfrom.1,v 1.3 2001/05/02 08:59:21 assar Exp $ .\" .Dd Mars 4, 2000 .Dt PFROM 1 diff --git a/crypto/heimdal/appl/push/pfrom.cat1 b/crypto/heimdal/appl/push/pfrom.cat1 new file mode 100644 index 0000000..8abf68a --- /dev/null +++ b/crypto/heimdal/appl/push/pfrom.cat1 @@ -0,0 +1,17 @@ + +PFROM(1) UNIX Reference Manual PFROM(1) + +NNAAMMEE + ppffrroomm - fetch a list of the current mail via POP + +SSYYNNOOPPSSIISS + ppffrroomm [--44 | ----kkrrbb44] [--55 | ----kkrrbb55] [--vv | ----vveerrbboossee] [--cc | ----ccoouunntt] + [----hheeaaddeerr] [--pp _p_o_r_t_-_s_p_e_c | ----ppoorrtt==_p_o_r_t_-_s_p_e_c] + +DDEESSCCRRIIPPTTIIOONN + ppffrroomm is a script that does push --from. + +SSEEEE AALLSSOO + push(8) + + HEIMDAL Mars 4, 2000 1 diff --git a/crypto/heimdal/appl/push/push.8 b/crypto/heimdal/appl/push/push.8 index f9e36dd..3915fe5 100644 --- a/crypto/heimdal/appl/push/push.8 +++ b/crypto/heimdal/appl/push/push.8 @@ -1,4 +1,4 @@ -.\" $Id: push.8,v 1.8 2001/01/11 16:16:28 assar Exp $ +.\" $Id: push.8,v 1.10 2001/05/15 12:14:24 assar Exp $ .\" .Dd May 31, 1998 .Dt PUSH 8 @@ -103,7 +103,7 @@ points to the post office, if no other hostname is specified. .\".Sh FILES .Sh EXAMPLES .Bd -literal -offset indent -$ push cornfield:roosta ~/.gnus-crash-box +$ push cornfield:roosta ~/.emacs-mail-crash-box .Ed .Pp tries to fetch mail for the user @@ -111,7 +111,7 @@ tries to fetch mail for the user from the post office at .Dq cornfield , and stores the mail in -.Pa ~/.gnus-crash-box +.Pa ~/.emacs-mail-crash-box (you are using Gnus, aren't you?) .Bd -literal -offset indent $ push --from -5 havregryn diff --git a/crypto/heimdal/appl/push/push.c b/crypto/heimdal/appl/push/push.c index 4e9a7d1..eb4b814 100644 --- a/crypto/heimdal/appl/push/push.c +++ b/crypto/heimdal/appl/push/push.c @@ -32,7 +32,7 @@ */ #include "push_locl.h" -RCSID("$Id: push.c,v 1.43 2000/12/31 07:35:59 assar Exp $"); +RCSID("$Id: push.c,v 1.44 2001/02/20 01:44:47 assar Exp $"); #ifdef KRB4 static int use_v4 = -1; @@ -714,7 +714,7 @@ main(int argc, char **argv) const char *host, *user, *filename = NULL; char *pobox = NULL; - set_progname (argv[0]); + setprogname (argv[0]); #ifdef KRB5 { diff --git a/crypto/heimdal/appl/push/push.cat8 b/crypto/heimdal/appl/push/push.cat8 new file mode 100644 index 0000000..dff390e --- /dev/null +++ b/crypto/heimdal/appl/push/push.cat8 @@ -0,0 +1,77 @@ + +PUSH(8) UNIX System Manager's Manual PUSH(8) + +NNAAMMEE + ppuusshh - fetch mail via POP + +SSYYNNOOPPSSIISS + ppuusshh [--44 | ----kkrrbb44] [--55 | ----kkrrbb55] [--vv | ----vveerrbboossee] [--ff | ----ffoorrkk] [--ll | + ----lleeaavvee] [----ffrroomm] [--cc | ----ccoouunntt] [----hheeaaddeerrss=_h_e_a_d_e_r_s] [--pp _p_o_r_t_-_s_p_e_c | + ----ppoorrtt=_p_o_r_t_-_s_p_e_c] _p_o_-_b_o_x _f_i_l_e_n_a_m_e + +DDEESSCCRRIIPPTTIIOONN + ppuusshh retrieves mail from the post office box _p_o_-_b_o_x, and stores the mail + in mbox format in _f_i_l_e_n_a_m_e. The _p_o_-_b_o_x can have any of the following for- + mats: + `hostname:username' + `po:hostname:username' + `username@hostname' + `po:username@hostname' + `hostname' + `po:username' + + If no username is specified, ppuusshh assumes that it's the same as on the + local machine; _h_o_s_t_n_a_m_e defaults to the value of the MAILHOST environment + variable. + + Supported options: + + --44, ----kkrrbb44 + use Kerberos 4 (if compiled with support for Kerberos 4) + + --55, ----kkrrbb55 + use Kerberos 5 (if compiled with support for Kerberos 5) + + --ff, ----ffoorrkk + fork before starting to delete messages + + --ll, ----lleeaavvee + don't delete fetched mail + + ----ffrroomm behave like from. + + --cc, ----ccoouunntt + first print how many messages and bytes there are. + + ----hheeaaddeerrss=_h_e_a_d_e_r_s + a list of comma-separated headers that should get printed. + + --pp _p_o_r_t_-_s_p_e_c, ----ppoorrtt=_p_o_r_t_-_s_p_e_c + use this port instead of the default `kpop' or `1109'. + + The default is to first try Kerberos 5 authentication and then, if that + fails, Kerberos 4. + +EENNVVIIRROONNMMEENNTT + MAILHOST + points to the post office, if no other hostname is specified. + +EEXXAAMMPPLLEESS + $ push cornfield:roosta ~/.emacs-mail-crash-box + + tries to fetch mail for the user _r_o_o_s_t_a from the post office at + ``cornfield'', and stores the mail in _~_/_._e_m_a_c_s_-_m_a_i_l_-_c_r_a_s_h_-_b_o_x (you are + using Gnus, aren't you?) + + $ push --from -5 havregryn + + tries to fetch FFrroomm:: lines for current user at post office ``havregryn'' + using Kerberos 5. + +SSEEEE AALLSSOO + movemail(8), popper(8), from(1), pfrom(1) + +HHIISSTTOORRYY + ppuusshh was written while waiting for mmoovveemmaaiill to finish getting the mail. + + HEIMDAL May 31, 1998 2 diff --git a/crypto/heimdal/appl/rcp/ChangeLog b/crypto/heimdal/appl/rcp/ChangeLog index 0685061..e8a4f05 100644 --- a/crypto/heimdal/appl/rcp/ChangeLog +++ b/crypto/heimdal/appl/rcp/ChangeLog @@ -1,3 +1,14 @@ +2001-04-21 Johan Danielsson <joda@pdc.kth.se> + + * rcp.c: convert to use getarg + + * rcp.c: do a better job of supporting files larger than 2GB + +2001-02-07 Assar Westerlund <assar@sics.se> + + * rcp.c: add -F for forwarding ticket, from Ake Sandgren + <ake@cs.umu.se> + 2001-01-29 Assar Westerlund <assar@sics.se> * util.c (roundup): add fallback definition diff --git a/crypto/heimdal/appl/rcp/Makefile.in b/crypto/heimdal/appl/rcp/Makefile.in index f0ee151..0f76540 100644 --- a/crypto/heimdal/appl/rcp/Makefile.in +++ b/crypto/heimdal/appl/rcp/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -119,7 +120,7 @@ install_sh = @install_sh@ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) bin_PROGRAMS = rcp @@ -230,7 +233,7 @@ OBJECTS = $(am_rcp_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/rcp/Makefile @@ -322,6 +325,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/appl/rcp/rcp.c b/crypto/heimdal/appl/rcp/rcp.c index 1c532ad..d4a062d 100644 --- a/crypto/heimdal/appl/rcp/rcp.c +++ b/crypto/heimdal/appl/rcp/rcp.c @@ -32,16 +32,16 @@ */ #include "rcp_locl.h" +#include <getarg.h> #define RSH_PROGRAM "rsh" -#define OPTIONS "5dfKpP:rtxz" struct passwd *pwd; uid_t userid; int errs, remin, remout; int pflag, iamremote, iamrecursive, targetshouldbedirectory; int doencrypt, noencrypt; -int usebroken, usekrb5; +int usebroken, usekrb5, forwardtkt; char *port; #define CMDNEEDS 64 @@ -53,58 +53,57 @@ void sink (int, char *[]); void source (int, char *[]); void tolocal (int, char *[]); void toremote (char *, int, char *[]); -void usage (void); int do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout); +static int fflag, tflag; + +static int version_flag, help_flag; + +struct getargs args[] = { + { NULL, '5', arg_flag, &usekrb5, "use Kerberos 5 authentication" }, + { NULL, 'F', arg_flag, &forwardtkt, "forward credentials" }, + { NULL, 'K', arg_flag, &usebroken, "use BSD authentication" }, + { NULL, 'P', arg_string, &port, "non-default port", "port" }, + { NULL, 'p', arg_flag, &pflag, "preserve file permissions" }, + { NULL, 'r', arg_flag, &iamrecursive, "recursive mode" }, + { NULL, 'x', arg_flag, &doencrypt, "use encryption" }, + { NULL, 'z', arg_flag, &noencrypt, "don't encrypt" }, + { NULL, 'd', arg_flag, &targetshouldbedirectory }, + { NULL, 'f', arg_flag, &fflag }, + { NULL, 't', arg_flag, &tflag }, + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; + +static void +usage (int ret) +{ + arg_printusage (args, + sizeof(args) / sizeof(args[0]), + NULL, + "file1 file2|file... directory"); + exit (ret); +} + int -main(argc, argv) - int argc; - char *argv[]; +main(int argc, char **argv) { - int ch, fflag, tflag; char *targ; + int optind = 0; + + if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, + &optind)) + usage (1); + if(help_flag) + usage(0); + if (version_flag) { + print_version (NULL); + return 0; + } + + iamremote = (fflag || tflag); - fflag = tflag = 0; - while ((ch = getopt(argc, argv, OPTIONS)) != -1) - switch(ch) { /* User-visible flags. */ - case '5': - usekrb5 = 1; - break; - case 'K': - usebroken = 1; - break; - case 'P': - port = optarg; - break; - case 'p': - pflag = 1; - break; - case 'r': - iamrecursive = 1; - break; - case 'x': - doencrypt = 1; - break; - case 'z': - noencrypt = 1; - break; - /* Server options. */ - case 'd': - targetshouldbedirectory = 1; - break; - case 'f': /* "from" */ - iamremote = 1; - fflag = 1; - break; - case 't': /* "to" */ - iamremote = 1; - tflag = 1; - break; - case '?': - default: - usage(); - } argc -= optind; argv += optind; @@ -115,29 +114,29 @@ main(argc, argv) remout = STDOUT_FILENO; if (fflag) { /* Follow "protocol", send data. */ - (void)response(); - (void)setuid(userid); + response(); + setuid(userid); source(argc, argv); exit(errs); } if (tflag) { /* Receive data. */ - (void)setuid(userid); + setuid(userid); sink(argc, argv); exit(errs); } if (argc < 2) - usage(); + usage(1); if (argc > 2) targetshouldbedirectory = 1; remin = remout = -1; /* Command to be executed on remote system using "rsh". */ - (void) sprintf(cmd, "rcp%s%s%s", iamrecursive ? " -r" : "", + sprintf(cmd, "rcp%s%s%s", iamrecursive ? " -r" : "", pflag ? " -p" : "", targetshouldbedirectory ? " -d" : ""); - (void)signal(SIGPIPE, lostconn); + signal(SIGPIPE, lostconn); if ((targ = colon(argv[argc - 1]))) /* Dest is remote host. */ toremote(targ, argc, argv); @@ -150,9 +149,7 @@ main(argc, argv) } void -toremote(targ, argc, argv) - char *targ, *argv[]; - int argc; +toremote(char *targ, int argc, char **argv) { int i, len; char *bp, *host, *src, *suser, *thost, *tuser; @@ -193,25 +190,25 @@ toremote(targ, argc, argv) suser = pwd->pw_name; else if (!okname(suser)) continue; - (void)snprintf(bp, len, + snprintf(bp, len, "%s %s -l %s -n %s %s '%s%s%s:%s'", _PATH_RSH, host, suser, cmd, src, tuser ? tuser : "", tuser ? "@" : "", thost, targ); } else - (void)snprintf(bp, len, + snprintf(bp, len, "exec %s %s -n %s %s '%s%s%s:%s'", _PATH_RSH, argv[i], cmd, src, tuser ? tuser : "", tuser ? "@" : "", thost, targ); - (void)susystem(bp, userid); - (void)free(bp); + susystem(bp, userid); + free(bp); } else { /* local to remote */ if (remin == -1) { len = strlen(targ) + CMDNEEDS + 20; if (!(bp = malloc(len))) err(1, "malloc"); - (void)snprintf(bp, len, "%s -t %s", cmd, targ); + snprintf(bp, len, "%s -t %s", cmd, targ); host = thost; if (do_cmd(host, tuser, bp, &remin, &remout) < 0) @@ -219,8 +216,8 @@ toremote(targ, argc, argv) if (response() < 0) exit(1); - (void)free(bp); - (void)setuid(userid); + free(bp); + setuid(userid); } source(1, argv+i); } @@ -228,9 +225,7 @@ toremote(targ, argc, argv) } void -tolocal(argc, argv) - int argc; - char *argv[]; +tolocal(int argc, char **argv) { int i, len; char *bp, *host, *src, *suser; @@ -241,12 +236,12 @@ tolocal(argc, argv) strlen(argv[argc - 1]) + 20; if (!(bp = malloc(len))) err(1, "malloc"); - (void)snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP, + snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP, iamrecursive ? " -PR" : "", pflag ? " -p" : "", argv[i], argv[argc - 1]); if (susystem(bp, userid)) ++errs; - (void)free(bp); + free(bp); continue; } *src++ = 0; @@ -266,24 +261,38 @@ tolocal(argc, argv) len = strlen(src) + CMDNEEDS + 20; if ((bp = malloc(len)) == NULL) err(1, "malloc"); - (void)snprintf(bp, len, "%s -f %s", cmd, src); + snprintf(bp, len, "%s -f %s", cmd, src); if (do_cmd(host, suser, bp, &remin, &remout) < 0) { - (void)free(bp); + free(bp); ++errs; continue; } - (void)free(bp); + free(bp); sink(1, argv + argc - 1); - (void)seteuid(0); - (void)close(remin); + seteuid(0); + close(remin); remin = remout = -1; } } +static char * +sizestr(off_t size) +{ + static char ss[32]; + char *p; + ss[sizeof(ss) - 1] = '\0'; + for(p = ss + sizeof(ss) - 2; p >= ss; p--) { + *p = '0' + size % 10; + size /= 10; + if(size == 0) + break; + } + return ss; +} + + void -source(argc, argv) - int argc; - char *argv[]; +source(int argc, char **argv) { struct stat stb; static BUF buffer; @@ -322,21 +331,21 @@ syserr: run_err("%s: %s", name, strerror(errno)); * Make it compatible with possible future * versions expecting microseconds. */ - (void)snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n", + snprintf(buf, sizeof(buf), "T%ld 0 %ld 0\n", (long)stb.st_mtime, (long)stb.st_atime); - (void)write(remout, buf, strlen(buf)); + write(remout, buf, strlen(buf)); if (response() < 0) goto next; } #define MODEMASK (S_ISUID|S_ISGID|S_ISVTX|S_IRWXU|S_IRWXG|S_IRWXO) - (void)snprintf(buf, sizeof(buf), "C%04o %lu %s\n", - stb.st_mode & MODEMASK, (unsigned long)stb.st_size, last); - (void)write(remout, buf, strlen(buf)); + snprintf(buf, sizeof(buf), "C%04o %s %s\n", + stb.st_mode & MODEMASK, sizestr(stb.st_size), last); + write(remout, buf, strlen(buf)); if (response() < 0) goto next; if ((bp = allocbuf(&buffer, fd, BUFSIZ)) == NULL) { -next: (void)close(fd); +next: close(fd); continue; } @@ -351,7 +360,7 @@ next: (void)close(fd); haderr = result >= 0 ? EIO : errno; } if (haderr) - (void)write(remout, bp->buf, amt); + write(remout, bp->buf, amt); else { result = write(remout, bp->buf, amt); if (result != amt) @@ -361,17 +370,15 @@ next: (void)close(fd); if (close(fd) && !haderr) haderr = errno; if (!haderr) - (void)write(remout, "", 1); + write(remout, "", 1); else run_err("%s: %s", name, strerror(haderr)); - (void)response(); + response(); } } void -rsource(name, statp) - char *name; - struct stat *statp; +rsource(char *name, struct stat *statp) { DIR *dirp; struct dirent *dp; @@ -387,18 +394,18 @@ rsource(name, statp) else last++; if (pflag) { - (void)snprintf(path, sizeof(path), "T%ld 0 %ld 0\n", + snprintf(path, sizeof(path), "T%ld 0 %ld 0\n", (long)statp->st_mtime, (long)statp->st_atime); - (void)write(remout, path, strlen(path)); + write(remout, path, strlen(path)); if (response() < 0) { closedir(dirp); return; } } - (void)snprintf(path, sizeof(path), + snprintf(path, sizeof(path), "D%04o %d %s\n", statp->st_mode & MODEMASK, 0, last); - (void)write(remout, path, strlen(path)); + write(remout, path, strlen(path)); if (response() < 0) { closedir(dirp); return; @@ -412,19 +419,17 @@ rsource(name, statp) run_err("%s/%s: name too long", name, dp->d_name); continue; } - (void)snprintf(path, sizeof(path), "%s/%s", name, dp->d_name); + snprintf(path, sizeof(path), "%s/%s", name, dp->d_name); vect[0] = path; source(1, vect); } - (void)closedir(dirp); - (void)write(remout, "E\n", 2); - (void)response(); + closedir(dirp); + write(remout, "E\n", 2); + response(); } void -sink(argc, argv) - int argc; - char *argv[]; +sink(int argc, char **argv) { static BUF buffer; struct stat stb; @@ -443,7 +448,7 @@ sink(argc, argv) setimes = targisdir = 0; mask = umask(0); if (!pflag) - (void)umask(mask); + umask(mask); if (argc != 1) { run_err("ambiguous target"); exit(1); @@ -451,7 +456,7 @@ sink(argc, argv) targ = *argv; if (targetshouldbedirectory) verifydir(targ); - (void)write(remout, "", 1); + write(remout, "", 1); if (stat(targ, &stb) == 0 && S_ISDIR(stb.st_mode)) targisdir = 1; for (first = 1;; first = 0) { @@ -469,7 +474,7 @@ sink(argc, argv) if (buf[0] == '\01' || buf[0] == '\02') { if (iamremote == 0) - (void)write(STDERR_FILENO, + write(STDERR_FILENO, buf + 1, strlen(buf + 1)); if (buf[0] == '\02') exit(1); @@ -477,7 +482,7 @@ sink(argc, argv) continue; } if (buf[0] == 'E') { - (void)write(remout, "", 1); + write(remout, "", 1); return; } @@ -500,7 +505,7 @@ sink(argc, argv) atime.tv_usec = strtol(cp, &cp, 10); if (!cp || *cp++ != '\0') SCREWUP("atime.usec not delimited"); - (void)write(remout, "", 1); + write(remout, "", 1); continue; } if (*cp != 'C' && *cp != 'D') { @@ -540,7 +545,7 @@ sink(argc, argv) if (!(namebuf = malloc(need))) run_err("%s", strerror(errno)); } - (void)snprintf(namebuf, need, "%s%s%s", targ, + snprintf(namebuf, need, "%s%s%s", targ, *targ ? "/" : "", cp); np = namebuf; } else @@ -554,7 +559,7 @@ sink(argc, argv) goto bad; } if (pflag) - (void)chmod(np, mode); + chmod(np, mode); } else { /* Handle copying from a read-only directory */ mod_flag = 1; @@ -570,7 +575,7 @@ sink(argc, argv) np, strerror(errno)); } if (mod_flag) - (void)chmod(np, mode); + chmod(np, mode); continue; } omode = mode; @@ -579,9 +584,9 @@ sink(argc, argv) bad: run_err("%s: %s", np, strerror(errno)); continue; } - (void)write(remout, "", 1); + write(remout, "", 1); if ((bp = allocbuf(&buffer, ofd, BUFSIZ)) == NULL) { - (void)close(ofd); + close(ofd); continue; } cp = bp->buf; @@ -591,16 +596,13 @@ bad: run_err("%s: %s", np, strerror(errno)); if (i + amt > size) amt = size - i; count += amt; - do { - j = read(remin, cp, amt); - if (j <= 0) { - run_err("%s", j ? strerror(errno) : - "dropped connection"); - exit(1); - } - amt -= j; - cp += j; - } while (amt > 0); + if((j = net_read(remin, cp, amt)) != amt) { + run_err("%s", j ? strerror(errno) : + "dropped connection"); + exit(1); + } + amt -= j; + cp += j; if (count == bp->cnt) { /* Keep reading so we stay sync'd up. */ if (wrerr == NO) { @@ -634,8 +636,8 @@ bad: run_err("%s: %s", np, strerror(errno)); run_err("%s: set mode: %s", np, strerror(errno)); } - (void)close(ofd); - (void)response(); + close(ofd); + response(); if (setimes && wrerr == NO) { setimes = 0; if (utimes(np, tv) < 0) { @@ -649,7 +651,7 @@ bad: run_err("%s: %s", np, strerror(errno)); run_err("%s: %s", np, strerror(wrerrno)); break; case NO: - (void)write(remout, "", 1); + write(remout, "", 1); break; case DISPLAYED: break; @@ -661,7 +663,7 @@ screwup: } int -response() +response(void) { char ch, *cp, resp, rbuf[BUFSIZ]; @@ -684,7 +686,7 @@ response() } while (cp < &rbuf[BUFSIZ] && ch != '\n'); if (!iamremote) - (void)write(STDERR_FILENO, rbuf, cp - rbuf); + write(STDERR_FILENO, rbuf, cp - rbuf); ++errs; if (resp == 1) return (-1); @@ -693,15 +695,6 @@ response() /* NOTREACHED */ } -void -usage() -{ - (void)fprintf(stderr, "%s\n%s\n", - "usage: rcp [-5FKpx] [-P port] f1 f2", - " rcp [-5FKprx] [-P port] f1 ... fn directory"); - exit(1); -} - #include <stdarg.h> void @@ -714,11 +707,11 @@ run_err(const char *fmt, ...) ++errs; if (fp == NULL && !(fp = fdopen(remout, "w"))) return; - (void)fprintf(fp, "%c", 0x01); - (void)fprintf(fp, "rcp: "); - (void)vfprintf(fp, fmt, ap); - (void)fprintf(fp, "\n"); - (void)fflush(fp); + fprintf(fp, "%c", 0x01); + fprintf(fp, "rcp: "); + vfprintf(fp, fmt, ap); + fprintf(fp, "\n"); + fflush(fp); if (!iamremote) vwarnx(fmt, ap); @@ -780,6 +773,8 @@ do_cmd(char *host, char *remuser, char *cmd, int *fdin, int *fdout) args[i++] = "-K"; if (doencrypt) args[i++] = "-x"; + if (forwardtkt) + args[i++] = "-F"; if (noencrypt) args[i++] = "-z"; if (port != NULL) { diff --git a/crypto/heimdal/appl/rsh/ChangeLog b/crypto/heimdal/appl/rsh/ChangeLog index 4a40ac7..a66ce22 100644 --- a/crypto/heimdal/appl/rsh/ChangeLog +++ b/crypto/heimdal/appl/rsh/ChangeLog @@ -1,3 +1,12 @@ +2001-02-07 Assar Westerlund <assar@sics.se> + + * Makefile.am: add login_access + * rshd.c (login_access): add prototype + (syslog_and_die, fatal): add printf attributes + (*): AIX -> _AIX + (doit): use login_access + based on patches from Ake Sandgren <ake@cs.umu.se> + 2001-01-09 Assar Westerlund <assar@sics.se> * rshd.c (save_krb5_creds): use krb5_rd_cred2 instead of diff --git a/crypto/heimdal/appl/rsh/Makefile.am b/crypto/heimdal/appl/rsh/Makefile.am index 3c340ad..8b5065b 100644 --- a/crypto/heimdal/appl/rsh/Makefile.am +++ b/crypto/heimdal/appl/rsh/Makefile.am @@ -1,8 +1,8 @@ -# $Id: Makefile.am,v 1.15 2000/11/15 22:51:10 assar Exp $ +# $Id: Makefile.am,v 1.16 2001/02/07 05:09:06 assar Exp $ include $(top_srcdir)/Makefile.am.common -INCLUDES += $(INCLUDE_krb4) +INCLUDES += $(INCLUDE_krb4) -I$(srcdir)/../login bin_PROGRAMS = rsh @@ -10,10 +10,14 @@ libexec_PROGRAMS = rshd rsh_SOURCES = rsh.c common.c rsh_locl.h -rshd_SOURCES = rshd.c common.c rsh_locl.h +rshd_SOURCES = rshd.c common.c login_access.c rsh_locl.h + +login_access.c: + $(LN_S) $(srcdir)/../login/login_access.c . LDADD = $(LIB_kafs) \ $(LIB_krb5) \ $(LIB_krb4) \ $(LIB_des) \ - $(LIB_roken) + $(LIB_roken) \ + $(LIB_kdfs) diff --git a/crypto/heimdal/appl/rsh/Makefile.in b/crypto/heimdal/appl/rsh/Makefile.in index 0ba1b86..08950b58 100644 --- a/crypto/heimdal/appl/rsh/Makefile.in +++ b/crypto/heimdal/appl/rsh/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -113,20 +114,20 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@ dpagaix_LDADD = @dpagaix_LDADD@ install_sh = @install_sh@ -# $Id: Makefile.am,v 1.15 2000/11/15 22:51:10 assar Exp $ +# $Id: Makefile.am,v 1.16 2001/02/07 05:09:06 assar Exp $ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x -INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) +INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) -I$(srcdir)/../login AM_CFLAGS = $(WFLAGS) @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) bin_PROGRAMS = rsh @@ -193,13 +196,14 @@ libexec_PROGRAMS = rshd rsh_SOURCES = rsh.c common.c rsh_locl.h -rshd_SOURCES = rshd.c common.c rsh_locl.h +rshd_SOURCES = rshd.c common.c login_access.c rsh_locl.h LDADD = $(LIB_kafs) \ $(LIB_krb5) \ $(LIB_krb4) \ $(LIB_des) \ - $(LIB_roken) + $(LIB_roken) \ + $(LIB_kdfs) subdir = appl/rsh mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs @@ -220,30 +224,59 @@ X_PRE_LIBS = @X_PRE_LIBS@ am_rsh_OBJECTS = rsh.$(OBJEXT) common.$(OBJEXT) rsh_OBJECTS = $(am_rsh_OBJECTS) rsh_LDADD = $(LDADD) -@KRB4_FALSE@@KRB5_FALSE@rsh_DEPENDENCIES = -@KRB4_FALSE@@KRB5_TRUE@rsh_DEPENDENCIES = \ -@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la -@KRB4_TRUE@@KRB5_FALSE@rsh_DEPENDENCIES = \ -@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la -@KRB4_TRUE@@KRB5_TRUE@rsh_DEPENDENCIES = \ -@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \ -@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@DCE_FALSE@@KRB4_FALSE@@KRB5_FALSE@rsh_DEPENDENCIES = +@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@rsh_DEPENDENCIES = \ +@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@DCE_FALSE@@KRB4_TRUE@@KRB5_FALSE@rsh_DEPENDENCIES = \ +@DCE_FALSE@@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la +@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@rsh_DEPENDENCIES = \ +@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \ +@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@DCE_TRUE@@KRB4_FALSE@@KRB5_FALSE@rsh_DEPENDENCIES = \ +@DCE_TRUE@@KRB4_FALSE@@KRB5_FALSE@$(top_builddir)/lib/kdfs/libkdfs.la +@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@rsh_DEPENDENCIES = \ +@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la \ +@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la +@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@rsh_DEPENDENCIES = \ +@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la \ +@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kdfs/libkdfs.la +@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@rsh_DEPENDENCIES = \ +@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \ +@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la \ +@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la rsh_LDFLAGS = -am_rshd_OBJECTS = rshd.$(OBJEXT) common.$(OBJEXT) +am_rshd_OBJECTS = rshd.$(OBJEXT) common.$(OBJEXT) \ +login_access.$(OBJEXT) rshd_OBJECTS = $(am_rshd_OBJECTS) rshd_LDADD = $(LDADD) -@KRB4_FALSE@@KRB5_FALSE@rshd_DEPENDENCIES = -@KRB4_FALSE@@KRB5_TRUE@rshd_DEPENDENCIES = \ -@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la -@KRB4_TRUE@@KRB5_FALSE@rshd_DEPENDENCIES = \ -@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la -@KRB4_TRUE@@KRB5_TRUE@rshd_DEPENDENCIES = \ -@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \ -@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ -@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@DCE_FALSE@@KRB4_FALSE@@KRB5_FALSE@rshd_DEPENDENCIES = +@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@rshd_DEPENDENCIES = \ +@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@DCE_FALSE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@DCE_FALSE@@KRB4_TRUE@@KRB5_FALSE@rshd_DEPENDENCIES = \ +@DCE_FALSE@@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la +@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@rshd_DEPENDENCIES = \ +@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \ +@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@DCE_FALSE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@DCE_TRUE@@KRB4_FALSE@@KRB5_FALSE@rshd_DEPENDENCIES = \ +@DCE_TRUE@@KRB4_FALSE@@KRB5_FALSE@$(top_builddir)/lib/kdfs/libkdfs.la +@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@rshd_DEPENDENCIES = \ +@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la \ +@DCE_TRUE@@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la +@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@rshd_DEPENDENCIES = \ +@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la \ +@DCE_TRUE@@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kdfs/libkdfs.la +@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@rshd_DEPENDENCIES = \ +@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \ +@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la \ +@DCE_TRUE@@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la rshd_LDFLAGS = COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -263,7 +296,7 @@ OBJECTS = $(am_rsh_OBJECTS) $(am_rshd_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/rsh/Makefile @@ -387,6 +420,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: @@ -624,6 +662,9 @@ check-local:: test "$$failed" -eq 0; \ fi +login_access.c: + $(LN_S) $(srcdir)/../login/login_access.c . + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/crypto/heimdal/appl/rsh/rsh.c b/crypto/heimdal/appl/rsh/rsh.c index 7b97f58..5898099 100644 --- a/crypto/heimdal/appl/rsh/rsh.c +++ b/crypto/heimdal/appl/rsh/rsh.c @@ -32,7 +32,7 @@ */ #include "rsh_locl.h" -RCSID("$Id: rsh.c,v 1.57 2000/12/31 07:36:54 assar Exp $"); +RCSID("$Id: rsh.c,v 1.58 2001/02/20 01:44:47 assar Exp $"); enum auth_method auth_method; int do_encrypt = -1; @@ -836,7 +836,7 @@ main(int argc, char **argv) if (setuid (uid) || (uid != 0 && setuid(0) == 0)) err (1, "setuid"); - set_progname (argv[0]); + setprogname (argv[0]); if (argc >= 2 && argv[1][0] != '-') { host = argv[host_index = 1]; diff --git a/crypto/heimdal/appl/rsh/rshd.c b/crypto/heimdal/appl/rsh/rshd.c index cd7eb7b..d22f3cf 100644 --- a/crypto/heimdal/appl/rsh/rshd.c +++ b/crypto/heimdal/appl/rsh/rshd.c @@ -32,7 +32,10 @@ */ #include "rsh_locl.h" -RCSID("$Id: rshd.c,v 1.39 2001/01/09 18:44:29 assar Exp $"); +RCSID("$Id: rshd.c,v 1.41 2001/02/20 01:44:48 assar Exp $"); + +int +login_access( struct passwd *user, char *from); enum auth_method auth_method; @@ -72,6 +75,10 @@ krb5_ticket *user_ticket; static void syslog_and_die (const char *m, ...) + __attribute__ ((format (printf, 1, 2))); + +static void +syslog_and_die (const char *m, ...) { va_list args; @@ -83,6 +90,10 @@ syslog_and_die (const char *m, ...) static void fatal (int sock, const char *m, ...) + __attribute__ ((format (printf, 2, 3))); + +static void +fatal (int sock, const char *m, ...) { va_list args; char buf[BUFSIZ]; @@ -586,7 +597,7 @@ doit (int do_kerberos, int check_rhosts) struct sockaddr *thataddr = (struct sockaddr *)&thataddr_ss; struct sockaddr_storage erraddr_ss; struct sockaddr *erraddr = (struct sockaddr *)&erraddr_ss; - socklen_t addrlen; + socklen_t thisaddr_len, thataddr_len; int port; int errsock = -1; char client_user[COMMAND_SZ], server_user[USERNAME_SZ]; @@ -594,12 +605,14 @@ doit (int do_kerberos, int check_rhosts) struct passwd *pwd; int s = STDIN_FILENO; char **env; + int ret; + char that_host[NI_MAXHOST]; - addrlen = sizeof(thisaddr_ss); - if (getsockname (s, thisaddr, &addrlen) < 0) + thisaddr_len = sizeof(thisaddr_ss); + if (getsockname (s, thisaddr, &thisaddr_len) < 0) syslog_and_die("getsockname: %m"); - addrlen = sizeof(thataddr_ss); - if (getpeername (s, thataddr, &addrlen) < 0) + thataddr_len = sizeof(thataddr_ss); + if (getpeername (s, thataddr, &thataddr_len) < 0) syslog_and_die ("getpeername: %m"); if (!do_kerberos && !is_reserved(socket_get_port(thataddr))) @@ -689,7 +702,7 @@ doit (int do_kerberos, int check_rhosts) syslog_and_die("recv_bsd_auth failed"); } -#if defined(DCE) && defined(AIX) +#if defined(DCE) && defined(_AIX) esetenv("AUTHSTATE", "DCE", 1); #endif @@ -703,6 +716,19 @@ doit (int do_kerberos, int check_rhosts) if (pwd->pw_uid != 0 && access (_PATH_NOLOGIN, F_OK) == 0) fatal (s, "Login disabled."); + + ret = getnameinfo_verified (thataddr, thataddr_len, + that_host, sizeof(that_host), + NULL, 0, 0); + if (ret) + fatal (s, "getnameinfo: %s", gai_strerror(ret)); + + if (login_access(pwd, that_host) == 0) { + syslog(LOG_NOTICE, "Kerberos rsh denied to %s from %s", + server_user, that_host); + fatal(s, "Permission denied"); + } + #ifdef HAVE_GETSPNAM { struct spwd *sp; @@ -844,7 +870,7 @@ usage (int ret) NULL, ""); else - syslog (LOG_ERR, "Usage: %s [-ikxlvPL] [-p port]", __progname); + syslog (LOG_ERR, "Usage: %s [-ikxlvPL] [-p port]", getprogname()); exit (ret); } @@ -855,7 +881,7 @@ main(int argc, char **argv) int optind = 0; int port = 0; - set_progname (argv[0]); + setprogname (argv[0]); roken_openlog ("rshd", LOG_ODELAY | LOG_PID, LOG_AUTH); if (getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, diff --git a/crypto/heimdal/appl/su/Makefile.in b/crypto/heimdal/appl/su/Makefile.in index 93033f0..33f934b 100644 --- a/crypto/heimdal/appl/su/Makefile.in +++ b/crypto/heimdal/appl/su/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -119,7 +120,7 @@ install_sh = @install_sh@ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) bin_PROGRAMS = su @@ -240,7 +243,7 @@ OBJECTS = $(am_su_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/su/Makefile @@ -332,6 +335,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/appl/su/su.c b/crypto/heimdal/appl/su/su.c index a5fd442..b43894b 100644 --- a/crypto/heimdal/appl/su/su.c +++ b/crypto/heimdal/appl/su/su.c @@ -32,7 +32,7 @@ #include <config.h> -RCSID("$Id: su.c,v 1.18 2001/01/26 16:02:49 joda Exp $"); +RCSID("$Id: su.c,v 1.20 2001/02/20 01:44:48 assar Exp $"); #include <stdio.h> #include <stdlib.h> @@ -50,7 +50,11 @@ RCSID("$Id: su.c,v 1.18 2001/01/26 16:02:49 joda Exp $"); #include <pwd.h> +#ifdef HAVE_OPENSSL_DES_H +#include <openssl/des.h> +#else #include <des.h> +#endif #include <krb5.h> #include <kafs.h> #include <err.h> @@ -274,7 +278,7 @@ main(int argc, char **argv) int ok = 0; int kerberos_error=1; - set_progname (argv[0]); + setprogname (argv[0]); if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) usage(1); diff --git a/crypto/heimdal/appl/telnet/ChangeLog b/crypto/heimdal/appl/telnet/ChangeLog index 6857151..147066a 100644 --- a/crypto/heimdal/appl/telnet/ChangeLog +++ b/crypto/heimdal/appl/telnet/ChangeLog @@ -1,3 +1,36 @@ +2001-04-25 Assar Westerlund <assar@sics.se> + + * telnetd/sys_term.c (start_login): give the correct error if exec + fails + * telnetd/utility.c (fatalperror_errno): add a new function with + explicit errno parameter + +2001-03-07 Assar Westerlund <assar@sics.se> + + * telnetd/sys_term.c: some minimal more amount of + const-correctness + +2001-02-24 Assar Westerlund <assar@sics.se> + + * libtelnet/enc_des.c: learn to live with libcrypto (from openssl) + +2001-02-20 Assar Westerlund <assar@sics.se> + + * telnet/commands.c (tn): copy the hostname so it doesn't get + overwritten while reading ~/.telnetrc + (*): removed some unneeded externs + +2001-02-08 Assar Westerlund <assar@sics.se> + + * telnetd/sys_term.c (startslave, start_login): re-write code to + keep track both of remote hostname and utmp string to be used + * telnetd/telnetd.c (doit, my_telnet): re-write code to keep track + both of remote hostname and utmp string to be used + +2001-02-07 Assar Westerlund <assar@sics.se> + + * telnet/Makefile.am, telnetd/Makefile.am: add LIB_kdfs + 2001-01-09 Assar Westerlund <assar@sics.se> * libtelnet/kerberos5.c (kerberos5_is): use krb5_rd_cred2 instead @@ -21,6 +54,9 @@ 2000-12-07 Assar Westerlund <assar@sics.se> + * telnetd/telnetd.h: move include files around to avoid getting SE + from sys/*.h on HP to override SE from telnet.h + * telnetd/sys_term.c (scrub_env): remove some const-ness * telnetd/sys_term.c (scrub_env): add LOGNAME and POSIXLY_CORRECT to the list of authorized environment variables to be compatible diff --git a/crypto/heimdal/appl/telnet/Makefile.in b/crypto/heimdal/appl/telnet/Makefile.in index ad4a164..8a24b8b 100644 --- a/crypto/heimdal/appl/telnet/Makefile.in +++ b/crypto/heimdal/appl/telnet/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -119,7 +120,7 @@ install_sh = @install_sh@ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) SUBDIRS = libtelnet telnet telnetd @@ -207,9 +210,10 @@ DIST_COMMON = ChangeLog Makefile.am Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) GZIP_ENV = --best +DIST_SUBDIRS = $(SUBDIRS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .et .h .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/telnet/Makefile @@ -250,11 +254,16 @@ mostlyclean-recursive clean-recursive distclean-recursive \ maintainer-clean-recursive: @set fnord $(MAKEFLAGS); amf=$$2; \ dot_seen=no; \ - rev=''; list='$(SUBDIRS)'; for subdir in $$list; do \ - rev="$$subdir $$rev"; \ - if test "$$subdir" = "."; then dot_seen=yes; else :; fi; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + rev=''; for subdir in $$list; do \ + if test "$$subdir" = "."; then :; else \ + rev="$$subdir $$rev"; \ + fi; \ done; \ - test "$$dot_seen" = "no" && rev=". $$rev"; \ + rev="$$rev ."; \ target=`echo $@ | sed s/-recursive//`; \ for subdir in $$rev; do \ echo "Making $$target in $$subdir"; \ @@ -300,6 +309,11 @@ TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/appl/telnet/libtelnet/Makefile.in b/crypto/heimdal/appl/telnet/libtelnet/Makefile.in index a43a6d5..efa9ad1 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/Makefile.in +++ b/crypto/heimdal/appl/telnet/libtelnet/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -119,7 +120,7 @@ install_sh = @install_sh@ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) noinst_LIBRARIES = libtelnet.a @@ -245,7 +248,7 @@ OBJECTS = $(am_libtelnet_a_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/telnet/libtelnet/Makefile @@ -319,6 +322,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/appl/telnet/libtelnet/enc_des.c b/crypto/heimdal/appl/telnet/libtelnet/enc_des.c index a24bfa7..a847138 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/enc_des.c +++ b/crypto/heimdal/appl/telnet/libtelnet/enc_des.c @@ -33,7 +33,7 @@ #include <config.h> -RCSID("$Id: enc_des.c,v 1.16 1998/07/09 23:16:23 assar Exp $"); +RCSID("$Id: enc_des.c,v 1.18 2001/02/24 05:47:39 assar Exp $"); #if defined(AUTHENTICATION) && defined(ENCRYPTION) && defined(DES_ENCRYPTION) #include <arpa/telnet.h> @@ -50,7 +50,11 @@ RCSID("$Id: enc_des.c,v 1.16 1998/07/09 23:16:23 assar Exp $"); #include "encrypt.h" #include "misc-proto.h" +#ifdef HAVE_OPENSSL_DES_H +#include <openssl/des.h> +#else #include <des.h> +#endif extern int encrypt_debug_mode; @@ -404,7 +408,7 @@ static void fb64_session(Session_Key *key, int server, struct fb *fbp) fb64_stream_key(fbp->krbdes_key, &fbp->streams[DIR_DECRYPT-1]); if (fbp->once == 0) { -#ifndef OLD_DES_RANDOM_KEY +#if !defined(OLD_DES_RANDOM_KEY) && !defined(HAVE_OPENSSL_DES_H) des_init_random_number_generator(&fbp->krbdes_key); #endif fbp->once = 1; diff --git a/crypto/heimdal/appl/telnet/libtelnet/encrypt.h b/crypto/heimdal/appl/telnet/libtelnet/encrypt.h index 5919db5..7bc69db 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/encrypt.h +++ b/crypto/heimdal/appl/telnet/libtelnet/encrypt.h @@ -55,7 +55,7 @@ * or implied warranty. */ -/* $Id: encrypt.h,v 1.4 1997/01/24 23:10:56 assar Exp $ */ +/* $Id: encrypt.h,v 1.6 2001/02/15 06:46:28 assar Exp $ */ #ifndef __ENCRYPT__ #define __ENCRYPT__ @@ -90,6 +90,13 @@ typedef struct { #define SK_DES 1 /* Matched Kerberos v5 KEYTYPE_DES */ +#ifdef HAVE_OPENSSL_DES_H +#include <openssl/des.h> +#define des_new_random_key des_random_key +#else +#include <des.h> +#endif + #include "enc-proto.h" extern int encrypt_debug_mode; diff --git a/crypto/heimdal/appl/telnet/libtelnet/kerberos.c b/crypto/heimdal/appl/telnet/libtelnet/kerberos.c index a003007..ea5a51e 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/kerberos.c +++ b/crypto/heimdal/appl/telnet/libtelnet/kerberos.c @@ -55,7 +55,7 @@ #include <config.h> #endif -RCSID("$Id: kerberos.c,v 1.50 2000/11/23 02:28:06 joda Exp $"); +RCSID("$Id: kerberos.c,v 1.51 2001/02/15 04:20:52 assar Exp $"); #ifdef KRB4 #ifdef HAVE_SYS_TYPES_H @@ -65,7 +65,6 @@ RCSID("$Id: kerberos.c,v 1.50 2000/11/23 02:28:06 joda Exp $"); #include <arpa/telnet.h> #endif #include <stdio.h> -#include <des.h> /* BSD wont include this in krb.h, so we do it here */ #include <krb.h> #include <pwd.h> #include <stdlib.h> diff --git a/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c b/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c index a85d562c..0a4ff86 100644 --- a/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c +++ b/crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c @@ -33,7 +33,7 @@ #include <config.h> -RCSID("$Id: krb4encpwd.c,v 1.18 1999/09/16 20:41:34 assar Exp $"); +RCSID("$Id: krb4encpwd.c,v 1.19 2001/02/15 04:20:52 assar Exp $"); #ifdef KRB4_ENCPWD /* @@ -74,7 +74,6 @@ RCSID("$Id: krb4encpwd.c,v 1.18 1999/09/16 20:41:34 assar Exp $"); #include <pwd.h> #include <stdio.h> -#include <des.h> #include <krb.h> #include <stdlib.h> #include <string.h> diff --git a/crypto/heimdal/appl/telnet/telnet/Makefile.am b/crypto/heimdal/appl/telnet/telnet/Makefile.am index 7dd9c19..3107850 100644 --- a/crypto/heimdal/appl/telnet/telnet/Makefile.am +++ b/crypto/heimdal/appl/telnet/telnet/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.14 2000/11/15 22:51:11 assar Exp $ +# $Id: Makefile.am,v 1.15 2001/02/07 06:11:52 assar Exp $ include $(top_srcdir)/Makefile.am.common @@ -19,4 +19,5 @@ LDADD = ../libtelnet/libtelnet.a \ $(LIB_krb4) \ $(LIB_des) \ $(LIB_tgetent) \ + $(LIB_kdfs) \ $(LIB_roken) diff --git a/crypto/heimdal/appl/telnet/telnet/Makefile.in b/crypto/heimdal/appl/telnet/telnet/Makefile.in index 0a23fd9..02dedee 100644 --- a/crypto/heimdal/appl/telnet/telnet/Makefile.in +++ b/crypto/heimdal/appl/telnet/telnet/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -113,13 +114,13 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@ dpagaix_LDADD = @dpagaix_LDADD@ install_sh = @install_sh@ -# $Id: Makefile.am,v 1.14 2000/11/15 22:51:11 assar Exp $ +# $Id: Makefile.am,v 1.15 2001/02/07 06:11:52 assar Exp $ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = bin_PROGRAMS = telnet @@ -201,6 +204,7 @@ LDADD = ../libtelnet/libtelnet.a \ $(LIB_krb4) \ $(LIB_des) \ $(LIB_tgetent) \ + $(LIB_kdfs) \ $(LIB_roken) subdir = appl/telnet/telnet @@ -223,10 +227,16 @@ network.$(OBJEXT) ring.$(OBJEXT) sys_bsd.$(OBJEXT) telnet.$(OBJEXT) \ terminal.$(OBJEXT) utilities.$(OBJEXT) telnet_OBJECTS = $(am_telnet_OBJECTS) telnet_LDADD = $(LDADD) -@KRB5_FALSE@telnet_DEPENDENCIES = ../libtelnet/libtelnet.a -@KRB5_TRUE@telnet_DEPENDENCIES = ../libtelnet/libtelnet.a \ -@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ -@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@DCE_FALSE@@KRB5_FALSE@telnet_DEPENDENCIES = ../libtelnet/libtelnet.a +@DCE_FALSE@@KRB5_TRUE@telnet_DEPENDENCIES = ../libtelnet/libtelnet.a \ +@DCE_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@DCE_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@DCE_TRUE@@KRB5_FALSE@telnet_DEPENDENCIES = ../libtelnet/libtelnet.a \ +@DCE_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kdfs/libkdfs.la +@DCE_TRUE@@KRB5_TRUE@telnet_DEPENDENCIES = ../libtelnet/libtelnet.a \ +@DCE_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@DCE_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la \ +@DCE_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la telnet_LDFLAGS = COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -248,7 +258,7 @@ OBJECTS = $(am_telnet_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/telnet/telnet/Makefile @@ -381,6 +391,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/appl/telnet/telnet/commands.c b/crypto/heimdal/appl/telnet/telnet/commands.c index 7d71979..9ddcfd9 100644 --- a/crypto/heimdal/appl/telnet/telnet/commands.c +++ b/crypto/heimdal/appl/telnet/telnet/commands.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: commands.c,v 1.64 2000/12/11 01:44:01 assar Exp $"); +RCSID("$Id: commands.c,v 1.65 2001/02/20 03:12:09 assar Exp $"); #if defined(IPPROTO_IP) && defined(IP_TOS) int tos = -1; @@ -988,7 +988,6 @@ unsetcmd(int argc, char *argv[]) * 'mode' command. */ #ifdef KLUDGELINEMODE -extern int kludgelinemode; static int dokludgemode(void) @@ -1030,7 +1029,6 @@ static int dolmmode(int bit, int on) { unsigned char c; - extern int linemode; if (my_want_state_is_wont(TELOPT_LINEMODE)) { printf("?Need to have LINEMODE option enabled first.\r\n"); @@ -1328,8 +1326,6 @@ shell(int argc, char **argv) static int bye(int argc, char **argv) { - extern int resettermname; - if (connected) { shutdown(net, 2); printf("Connection closed.\r\n"); @@ -1551,7 +1547,6 @@ env_find(unsigned char *var) void env_init(void) { - extern char **environ; char **epp, *cp; struct env_lst *ep; @@ -1972,7 +1967,7 @@ status(int argc, char **argv) /* * Function that gets called when SIGINFO is received. */ -void +RETSIGTYPE ayt_status(int ignore) { call(status, "status", "notmuch", 0); @@ -2117,6 +2112,7 @@ tn(int argc, char **argv) goto usage; strlcpy (_hostname, hostp, sizeof(_hostname)); + hostp = _hostname; if (hostp[0] == '@' || hostp[0] == '!') { char *p; hostname = NULL; diff --git a/crypto/heimdal/appl/telnet/telnet/externs.h b/crypto/heimdal/appl/telnet/telnet/externs.h index 10d8dcc..14337af 100644 --- a/crypto/heimdal/appl/telnet/telnet/externs.h +++ b/crypto/heimdal/appl/telnet/telnet/externs.h @@ -33,7 +33,7 @@ * @(#)externs.h 8.3 (Berkeley) 5/30/95 */ -/* $Id: externs.h,v 1.20 2000/11/15 23:01:29 assar Exp $ */ +/* $Id: externs.h,v 1.21 2001/03/06 20:10:13 assar Exp $ */ #ifndef BSD # define BSD 43 @@ -223,7 +223,7 @@ int EncryptStatus (void); #endif #ifdef SIGINFO -void ayt_status(int); +RETSIGTYPE ayt_status(int); #endif int tn(int argc, char **argv); void command(int top, char *tbuf, int cnt); @@ -428,3 +428,8 @@ extern Ring ttyoring, ttyiring; +extern int resettermname; +extern int linemode; +#ifdef KLUDGELINEMODE +extern int kludgelinemode; +#endif diff --git a/crypto/heimdal/appl/telnet/telnet/sys_bsd.c b/crypto/heimdal/appl/telnet/telnet/sys_bsd.c index e47079e..9b3f9da 100644 --- a/crypto/heimdal/appl/telnet/telnet/sys_bsd.c +++ b/crypto/heimdal/appl/telnet/telnet/sys_bsd.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: sys_bsd.c,v 1.26 2000/10/19 21:19:57 assar Exp $"); +RCSID("$Id: sys_bsd.c,v 1.27 2001/03/06 20:10:14 assar Exp $"); /* * The following routines try to encapsulate what is system dependent @@ -118,9 +118,6 @@ TerminalAutoFlush(void) #endif /* LNOFLSH */ } -#ifdef KLUDGELINEMODE -extern int kludgelinemode; -#endif /* * TerminalSpecialChars() * diff --git a/crypto/heimdal/appl/telnet/telnet/telnet.cat1 b/crypto/heimdal/appl/telnet/telnet/telnet.cat1 new file mode 100644 index 0000000..708994e --- /dev/null +++ b/crypto/heimdal/appl/telnet/telnet/telnet.cat1 @@ -0,0 +1,718 @@ + +TELNET(1) UNIX Reference Manual TELNET(1) + +NNAAMMEE + tteellnneett - user interface to the TELNET protocol + +SSYYNNOOPPSSIISS + tteellnneett [--7788EEFFKKLLaaccddffrrxx] [--SS _t_o_s] [--XX _a_u_t_h_t_y_p_e] [--ee _e_s_c_a_p_e_c_h_a_r] [--kk _r_e_a_l_m] + [--ll _u_s_e_r] [--nn _t_r_a_c_e_f_i_l_e] [_h_o_s_t [port]] + +DDEESSCCRRIIPPTTIIOONN + The tteellnneett command is used to communicate with another host using the + TELNET protocol. If tteellnneett is invoked without the _h_o_s_t argument, it en- + ters command mode, indicated by its prompt (tteellnneett>>). In this mode, it + accepts and executes the commands listed below. If it is invoked with + arguments, it performs an ooppeenn command with those arguments. + + Options: + + --88 Specifies an 8-bit data path. This causes an attempt to negoti- + ate the TELNET BINARY option on both input and output. + + --77 Do not try to negotiate TELNET BINARY option. + + --EE Stops any character from being recognized as an escape character. + + --FF If Kerberos V5 authentication is being used, the --FF option allows + the local credentials to be forwarded to the remote system, in- + cluding any credentials that have already been forwarded into the + local environment. + + --KK Specifies no automatic login to the remote system. + + --LL Specifies an 8-bit data path on output. This causes the BINARY + option to be negotiated on output. + + --SS _t_o_s Sets the IP type-of-service (TOS) option for the telnet connec- + tion to the value _t_o_s, which can be a numeric TOS value or, on + systems that support it, a symbolic TOS name found in the + /etc/iptos file. + + --XX _a_t_y_p_e + Disables the _a_t_y_p_e type of authentication. + + --aa Attempt automatic login. Currently, this sends the user name via + the USER variable of the ENVIRON option if supported by the re- + mote system. The name used is that of the current user as re- + turned by getlogin(2) if it agrees with the current user ID, oth- + erwise it is the name associated with the user ID. + + --cc Disables the reading of the user's _._t_e_l_n_e_t_r_c file. (See the + ttooggggllee sskkiipprrcc command on this man page.) + + --dd Sets the initial value of the ddeebbuugg toggle to TRUE + + --ee _e_s_c_a_p_e _c_h_a_r + Sets the initial tteellnneett tteellnneett escape character to _e_s_c_a_p_e _c_h_a_r. + If _e_s_c_a_p_e _c_h_a_r is omitted, then there will be no escape charac- + ter. + + --ff If Kerberos V5 authentication is being used, the --ff option allows + the local credentials to be forwarded to the remote system. + + --kk _r_e_a_l_m + If Kerberos authentication is being used, the --kk option requests + that telnet obtain tickets for the remote host in realm realm in- + stead of the remote host's realm, as determined by + krb_realmofhost(3). + + --ll _u_s_e_r + When connecting to the remote system, if the remote system under- + stands the ENVIRON option, then _u_s_e_r will be sent to the remote + system as the value for the variable USER. This option implies + the --aa option. This option may also be used with the ooppeenn com- + mand. + + --nn _t_r_a_c_e_f_i_l_e + Opens _t_r_a_c_e_f_i_l_e for recording trace information. See the sseett + ttrraacceeffiillee command below. + + --rr Specifies a user interface similar to rlogin(1). In this mode, + the escape character is set to the tilde (~) character, unless + modified by the -e option. + + --xx Turns on encryption of the data stream if possible. This is cur- + rently the default and when it fails a warning is issued. + + _h_o_s_t Indicates the official name, an alias, or the Internet address of + a remote host. + + _p_o_r_t Indicates a port number (address of an application). If a number + is not specified, the default tteellnneett port is used. + + When in rlogin mode, a line of the form ~. disconnects from the remote + host; ~ is the telnet escape character. Similarly, the line ~^Z suspends + the telnet session. The line ~^] escapes to the normal telnet escape + prompt. + + Once a connection has been opened, tteellnneett will attempt to enable the + TELNET LINEMODE option. If this fails, then tteellnneett will revert to one of + two input modes: either ``character at a time'' or ``old line by line'' + depending on what the remote system supports. + + When LINEMODE is enabled, character processing is done on the local sys- + tem, under the control of the remote system. When input editing or char- + acter echoing is to be disabled, the remote system will relay that infor- + mation. The remote system will also relay changes to any special charac- + ters that happen on the remote system, so that they can take effect on + the local system. + + In ``character at a time'' mode, most text typed is immediately sent to + the remote host for processing. + + In ``old line by line'' mode, all text is echoed locally, and (normally) + only completed lines are sent to the remote host. The ``local echo char- + acter'' (initially ``^E'') may be used to turn off and on the local echo + (this would mostly be used to enter passwords without the password being + echoed). + + If the LINEMODE option is enabled, or if the llooccaallcchhaarrss toggle is TRUE + (the default for ``old line by line``; see below), the user's qquuiitt, iinnttrr, + and fflluusshh characters are trapped locally, and sent as TELNET protocol se- + quences to the remote side. If LINEMODE has ever been enabled, then the + user's ssuusspp and eeooff are also sent as TELNET protocol sequences, and qquuiitt + is sent as a TELNET ABORT instead of BREAK There are options (see ttooggggllee + aauuttoofflluusshh and ttooggggllee aauuttoossyynncchh below) which cause this action to flush + subsequent output to the terminal (until the remote host acknowledges the + TELNET sequence) and flush previous terminal input (in the case of qquuiitt + and iinnttrr). + + + While connected to a remote host, tteellnneett command mode may be entered by + typing the tteellnneett ``escape character'' (initially ``^]''). When in com- + mand mode, the normal terminal editing conventions are available. + + The following tteellnneett commands are available. Only enough of each command + to uniquely identify it need be typed (this is also true for arguments to + the mmooddee, sseett, ttooggggllee, uunnsseett, ssllcc, eennvviirroonn, and ddiissppllaayy commands). + + aauutthh _a_r_g_u_m_e_n_t _._._. + The auth command manipulates the information sent through the + TELNET AUTHENTICATE option. Valid arguments for the auth com- + mand are as follows: + + ddiissaabbllee _t_y_p_e Disables the specified type of authentication. + To obtain a list of available types, use the + aauutthh ddiissaabbllee ?? command. + + eennaabbllee _t_y_p_e Enables the specified type of authentication. + To obtain a list of available types, use the + aauutthh eennaabbllee ?? command. + + ssttaattuuss Lists the current status of the various types of + authentication. + + cclloossee Close a TELNET session and return to command mode. + + ddiissppllaayy _a_r_g_u_m_e_n_t _._._. + Displays all, or some, of the sseett and ttooggggllee values (see be- + low). + + eennccrryypptt _a_r_g_u_m_e_n_t _._._. + The encrypt command manipulates the information sent through + the TELNET ENCRYPT option. + + Note: Because of export controls, the TELNET ENCRYPT option + is not supported outside of the United States and Canada. + + Valid arguments for the encrypt command are as follows: + + ddiissaabbllee _t_y_p_e [iinnppuutt | oouuttppuutt] + Disables the specified type of encryption. If + you omit the input and output, both input and + output are disabled. To obtain a list of avail- + able types, use the eennccrryypptt ddiissaabbllee ?? command. + + eennaabbllee _t_y_p_e [iinnppuutt | oouuttppuutt] + Enables the specified type of encryption. If + you omit input and output, both input and output + are enabled. To obtain a list of available + types, use the eennccrryypptt eennaabbllee ?? command. + + iinnppuutt This is the same as the eennccrryypptt ssttaarrtt iinnppuutt com- + mand. + + --iinnppuutt This is the same as the eennccrryypptt ssttoopp iinnppuutt com- + mand. + + oouuttppuutt This is the same as the eennccrryypptt ssttaarrtt oouuttppuutt + command. + + --oouuttppuutt This is the same as the eennccrryypptt ssttoopp oouuttppuutt com- + mand. + + ssttaarrtt [iinnppuutt | oouuttppuutt] + Attempts to start encryption. If you omit iinnppuutt + and oouuttppuutt, both input and output are enabled. + To obtain a list of available types, use the + eennccrryypptt eennaabbllee ?? command. + + ssttaattuuss Lists the current status of encryption. + + ssttoopp [iinnppuutt | oouuttppuutt] + Stops encryption. If you omit input and output, + encryption is on both input and output. + + ttyyppee _t_y_p_e Sets the default type of encryption to be used + with later eennccrryypptt ssttaarrtt or eennccrryypptt ssttoopp com- + mands. + + eennvviirroonn _a_r_g_u_m_e_n_t_s _._._. + The eennvviirroonn command is used to manipulate the the variables + that my be sent through the TELNET ENVIRON option. The ini- + tial set of variables is taken from the users environment, + with only the DISPLAY and PRINTER variables being exported by + default. The USER variable is also exported if the --aa or --ll + options are used. + + Valid arguments for the eennvviirroonn command are: + + ddeeffiinnee _v_a_r_i_a_b_l_e _v_a_l_u_e + Define the variable _v_a_r_i_a_b_l_e to have a value of + _v_a_l_u_e. Any variables defined by this command are + automatically exported. The _v_a_l_u_e may be enclosed + in single or double quotes so that tabs and spaces + may be included. + + uunnddeeffiinnee _v_a_r_i_a_b_l_e + Remove _v_a_r_i_a_b_l_e from the list of environment vari- + ables. + + eexxppoorrtt _v_a_r_i_a_b_l_e + Mark the variable _v_a_r_i_a_b_l_e to be exported to the + remote side. + + uunneexxppoorrtt _v_a_r_i_a_b_l_e + Mark the variable _v_a_r_i_a_b_l_e to not be exported un- + less explicitly asked for by the remote side. + + lliisstt List the current set of environment variables. + Those marked with a ** will be sent automatically, + other variables will only be sent if explicitly + requested. + + ?? Prints out help information for the eennvviirroonn com- + mand. + + llooggoouutt Sends the TELNET LOGOUT option to the remote side. This com- + mand is similar to a cclloossee command; however, if the remote + side does not support the LOGOUT option, nothing happens. If, + however, the remote side does support the LOGOUT option, this + command should cause the remote side to close the TELNET con- + nection. If the remote side also supports the concept of sus- + pending a user's session for later reattachment, the logout + argument indicates that you should terminate the session imme- + diately. + + mmooddee _t_y_p_e _T_y_p_e is one of several options, depending on the state of the + TELNET session. The remote host is asked for permission to go + into the requested mode. If the remote host is capable of en- + tering that mode, the requested mode will be entered. + + cchhaarraacctteerr Disable the TELNET LINEMODE option, or, if the + remote side does not understand the LINEMODE op- + tion, then enter ``character at a time`` mode. + + lliinnee Enable the TELNET LINEMODE option, or, if the + remote side does not understand the LINEMODE op- + tion, then attempt to enter ``old-line-by-line`` + mode. + + iissiigg (--iissiigg) Attempt to enable (disable) the TRAPSIG mode of + the LINEMODE option. This requires that the + LINEMODE option be enabled. + + eeddiitt (--eeddiitt) Attempt to enable (disable) the EDIT mode of the + LINEMODE option. This requires that the + LINEMODE option be enabled. + + ssooffttttaabbss (--ssooffttttaabbss) + Attempt to enable (disable) the SOFT_TAB mode of + the LINEMODE option. This requires that the + LINEMODE option be enabled. + + lliitteecchhoo (--lliitteecchhoo) + Attempt to enable (disable) the LIT_ECHO mode of + the LINEMODE option. This requires that the + LINEMODE option be enabled. + + ?? Prints out help information for the mmooddee com- + mand. + + ooppeenn _h_o_s_t [--ll _u_s_e_r] [[--]_p_o_r_t] + Open a connection to the named host. If no port number is + specified, tteellnneett will attempt to contact a TELNET server at + the default port. The host specification may be either a host + name (see hosts(5)) or an Internet address specified in the + ``dot notation'' (see inet(3)). The [--ll] option may be used + to specify the user name to be passed to the remote system via + the ENVIRON option. When connecting to a non-standard port, + tteellnneett omits any automatic initiation of TELNET options. When + the port number is preceded by a minus sign, the initial op- + tion negotiation is done. After establishing a connection, + the file _._t_e_l_n_e_t_r_c in the users home directory is opened. + Lines beginning with a # are comment lines. Blank lines are + ignored. Lines that begin without white space are the start + of a machine entry. The first thing on the line is the name + of the machine that is being connected to. The rest of the + line, and successive lines that begin with white space are as- + sumed to be tteellnneett commands and are processed as if they had + been typed in manually to the tteellnneett command prompt. + + qquuiitt Close any open TELNET session and exit tteellnneett. An end of file + (in command mode) will also close a session and exit. + + sseenndd _a_r_g_u_m_e_n_t_s + Sends one or more special character sequences to the remote + host. The following are the arguments which may be specified + (more than one argument may be specified at a time): + + aabboorrtt Sends the TELNET ABORT (Abort processes) sequence. + + aaoo Sends the TELNET AO (Abort Output) sequence, which + should cause the remote system to flush all output + _f_r_o_m the remote system _t_o the user's terminal. + + aayytt Sends the TELNET AYT (Are You There) sequence, to + which the remote system may or may not choose to re- + + spond. + + bbrrkk Sends the TELNET BRK (Break) sequence, which may have + significance to the remote system. + + eecc Sends the TELNET EC (Erase Character) sequence, which + should cause the remote system to erase the last char- + acter entered. + + eell Sends the TELNET EL (Erase Line) sequence, which + should cause the remote system to erase the line cur- + rently being entered. + + eeooff Sends the TELNET EOF (End Of File) sequence. + + eeoorr Sends the TELNET EOR (End of Record) sequence. + + eessccaappee Sends the current tteellnneett escape character (initially + ``^''). + + ggaa Sends the TELNET GA (Go Ahead) sequence, which likely + has no significance to the remote system. + + ggeettssttaattuuss + If the remote side supports the TELNET STATUS command, + ggeettssttaattuuss will send the subnegotiation to request that + the server send its current option status. + + iipp Sends the TELNET IP (Interrupt Process) sequence, + which should cause the remote system to abort the cur- + rently running process. + + nnoopp Sends the TELNET NOP (No OPeration) sequence. + + ssuusspp Sends the TELNET SUSP (SUSPend process) sequence. + + ssyynncchh Sends the TELNET SYNCH sequence. This sequence causes + the remote system to discard all previously typed (but + not yet read) input. This sequence is sent as TCP ur- + gent data (and may not work if the remote system is a + 4.2BSD system -- if it doesn't work, a lower case + ``r'' may be echoed on the terminal). + + ddoo _c_m_d + + ddoonntt _c_m_d + + wwiillll _c_m_d + + wwoonntt _c_m_d + Sends the TELNET DO _c_m_d sequence. _C_m_d can be either a + decimal number between 0 and 255, or a symbolic name + for a specific TELNET command. _C_m_d can also be either + hheellpp or ?? to print out help information, including a + list of known symbolic names. + + ?? Prints out help information for the sseenndd command. + + sseett _a_r_g_u_m_e_n_t _v_a_l_u_e + + uunnsseett _a_r_g_u_m_e_n_t _v_a_l_u_e + The sseett command will set any one of a number of tteellnneett vari- + ables to a specific value or to TRUE. The special value ooffff + turns off the function associated with the variable, this is + equivalent to using the uunnsseett command. The uunnsseett command will + disable or set to FALSE any of the specified functions. The + values of variables may be interrogated with the ddiissppllaayy com- + mand. The variables which may be set or unset, but not tog- + gled, are listed here. In addition, any of the variables for + the ttooggggllee command may be explicitly set or unset using the + sseett and uunnsseett commands. + + aayytt If TELNET is in localchars mode, or LINEMODE is en- + abled, and the status character is typed, a TELNET AYT + sequence (see sseenndd aayytt preceding) is sent to the re- + mote host. The initial value for the "Are You There" + character is the terminal's status character. + + eecchhoo This is the value (initially ``^E'') which, when in + ``line by line'' mode, toggles between doing local + echoing of entered characters (for normal processing), + and suppressing echoing of entered characters (for en- + tering, say, a password). + + eeooff If tteellnneett is operating in LINEMODE or ``old line by + line'' mode, entering this character as the first + character on a line will cause this character to be + sent to the remote system. The initial value of the + eof character is taken to be the terminal's eeooff char- + acter. + + eerraassee If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss + below), aanndd if tteellnneett is operating in ``character at a + time'' mode, then when this character is typed, a + TELNET EC sequence (see sseenndd eecc above) is sent to the + remote system. The initial value for the erase char- + acter is taken to be the terminal's eerraassee character. + + eessccaappee This is the tteellnneett escape character (initially ``^['') + which causes entry into tteellnneett command mode (when con- + nected to a remote system). + + fflluusshhoouuttppuutt + If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss + below) and the fflluusshhoouuttppuutt character is typed, a + TELNET AO sequence (see sseenndd aaoo above) is sent to the + remote host. The initial value for the flush charac- + ter is taken to be the terminal's fflluusshh character. + + ffoorrww11 + + ffoorrww22 If TELNET is operating in LINEMODE, these are the + characters that, when typed, cause partial lines to be + forwarded to the remote system. The initial value for + the forwarding characters are taken from the termi- + nal's eol and eol2 characters. + + iinntteerrrruupptt + If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss + below) and the iinntteerrrruupptt character is typed, a TELNET + IP sequence (see sseenndd iipp above) is sent to the remote + host. The initial value for the interrupt character + is taken to be the terminal's iinnttrr character. + + kkiillll If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss + below), aanndd if tteellnneett is operating in ``character at a + time'' mode, then when this character is typed, a + TELNET EL sequence (see sseenndd eell above) is sent to the + remote system. The initial value for the kill charac- + ter is taken to be the terminal's kkiillll character. + + llnneexxtt If tteellnneett is operating in LINEMODE or ``old line by + line`` mode, then this character is taken to be the + terminal's llnneexxtt character. The initial value for the + lnext character is taken to be the terminal's llnneexxtt + character. + + qquuiitt If tteellnneett is in llooccaallcchhaarrss mode (see ttooggggllee llooccaallcchhaarrss + below) and the qquuiitt character is typed, a TELNET BRK + sequence (see sseenndd bbrrkk above) is sent to the remote + host. The initial value for the quit character is + taken to be the terminal's qquuiitt character. + + rreepprriinntt + If tteellnneett is operating in LINEMODE or ``old line by + line`` mode, then this character is taken to be the + terminal's rreepprriinntt character. The initial value for + the reprint character is taken to be the terminal's + rreepprriinntt character. + + rrllooggiinn This is the rlogin escape character. If set, the nor- + mal TELNET escape character is ignored unless it is + preceded by this character at the beginning of a line. + This character, at the beginning of a line followed by + a "." closes the connection; when followed by a ^Z it + suspends the telnet command. The initial state is to + disable the rlogin escape character. + + ssttaarrtt If the TELNET TOGGLE-FLOW-CONTROL option has been en- + abled, then this character is taken to be the termi- + nal's ssttaarrtt character. The initial value for the kill + character is taken to be the terminal's ssttaarrtt charac- + ter. + + ssttoopp If the TELNET TOGGLE-FLOW-CONTROL option has been en- + abled, then this character is taken to be the termi- + nal's ssttoopp character. The initial value for the kill + character is taken to be the terminal's ssttoopp charac- + ter. + + ssuusspp If tteellnneett is in llooccaallcchhaarrss mode, or LINEMODE is en- + abled, and the ssuussppeenndd character is typed, a TELNET + SUSP sequence (see sseenndd ssuusspp above) is sent to the re- + mote host. The initial value for the suspend charac- + ter is taken to be the terminal's ssuussppeenndd character. + + ttrraacceeffiillee + This is the file to which the output, caused by + nneettddaattaa or ooppttiioonn tracing being TRUE, will be written. + If it is set to ``--'', then tracing information will + be written to standard output (the default). + + wwoorrddeerraassee + If tteellnneett is operating in LINEMODE or ``old line by + line`` mode, then this character is taken to be the + terminal's wwoorrddeerraassee character. The initial value for + the worderase character is taken to be the terminal's + wwoorrddeerraassee character. + + ?? Displays the legal sseett (uunnsseett) commands. + + ssllcc _s_t_a_t_e The ssllcc command (Set Local Characters) is used to set or + change the state of the the special characters when the TELNET + LINEMODE option has been enabled. Special characters are + characters that get mapped to TELNET commands sequences (like + iipp or qquuiitt) or line editing characters (like eerraassee and kkiillll). + + + By default, the local special characters are exported. + + cchheecckk Verify the current settings for the current spe- + cial characters. The remote side is requested to + send all the current special character settings, + and if there are any discrepancies with the local + side, the local side will switch to the remote + value. + + eexxppoorrtt Switch to the local defaults for the special char- + acters. The local default characters are those of + the local terminal at the time when tteellnneett was + started. + + iimmppoorrtt Switch to the remote defaults for the special + characters. The remote default characters are + those of the remote system at the time when the + TELNET connection was established. + + ?? Prints out help information for the ssllcc command. + + ssttaattuuss Show the current status of tteellnneett. This includes the peer one + is connected to, as well as the current mode. + + ttooggggllee _a_r_g_u_m_e_n_t_s _._._. + Toggle (between TRUE and FALSE) various flags that control how + tteellnneett responds to events. These flags may be set explicitly + to TRUE or FALSE using the sseett and uunnsseett commands listed + above. More than one argument may be specified. The state of + these flags may be interrogated with the ddiissppllaayy command. + Valid arguments are: + + aauutthhddeebbuugg Turns on debugging information for the authenti- + cation code. + + aauuttoofflluusshh If aauuttoofflluusshh and llooccaallcchhaarrss are both TRUE, then + when the aaoo, or qquuiitt characters are recognized + (and transformed into TELNET sequences; see sseett + above for details), tteellnneett refuses to display + any data on the user's terminal until the remote + system acknowledges (via a TELNET TIMING MARK + option) that it has processed those TELNET se- + quences. The initial value for this toggle is + TRUE if the terminal user had not done an "stty + noflsh", otherwise FALSE (see stty(1)). + + aauuttooddeeccrryypptt When the TELNET ENCRYPT option is negotiated, by + default the actual encryption (decryption) of + the data stream does not start automatically. + The autoencrypt (autodecrypt) command states + that encryption of the output (input) stream + should be enabled as soon as possible. + + Note: Because of export controls, the TELNET + ENCRYPT option is not supported outside the + United States and Canada. + + aauuttoollooggiinn If the remote side supports the TELNET + AUTHENTICATION option TELNET attempts to use it + to perform automatic authentication. If the + AUTHENTICATION option is not supported, the us- + er's login name are propagated through the + TELNET ENVIRON option. This command is the same + as specifying _a option on the ooppeenn command. + + aauuttoossyynncchh If aauuttoossyynncchh and llooccaallcchhaarrss are both TRUE, then + when either the iinnttrr or qquuiitt characters is typed + (see sseett above for descriptions of the iinnttrr and + qquuiitt characters), the resulting TELNET sequence + sent is followed by the TELNET SYNCH sequence. + This procedure sshhoouulldd cause the remote system to + begin throwing away all previously typed input + until both of the TELNET sequences have been + read and acted upon. The initial value of this + toggle is FALSE. + + bbiinnaarryy Enable or disable the TELNET BINARY option on + both input and output. + + iinnbbiinnaarryy Enable or disable the TELNET BINARY option on + input. + + oouuttbbiinnaarryy Enable or disable the TELNET BINARY option on + output. + + ccrrllff If this is TRUE, then carriage returns will be + sent as <CR><LF>. If this is FALSE, then car- + riage returns will be send as <CR><NUL>. The + initial value for this toggle is FALSE. + + ccrrmmoodd Toggle carriage return mode. When this mode is + enabled, most carriage return characters re- + ceived from the remote host will be mapped into + a carriage return followed by a line feed. This + mode does not affect those characters typed by + the user, only those received from the remote + host. This mode is not very useful unless the + remote host only sends carriage return, but nev- + er line feed. The initial value for this toggle + is FALSE. + + ddeebbuugg Toggles socket level debugging (useful only to + the ssuuppeerr uusseerr). The initial value for this tog- + gle is FALSE. + + eennccddeebbuugg Turns on debugging information for the encryp- + tion code. + + llooccaallcchhaarrss If this is TRUE, then the fflluusshh, iinntteerrrruupptt, + qquuiitt, eerraassee, and kkiillll characters (see sseett above) + are recognized locally, and transformed into + (hopefully) appropriate TELNET control sequences + (respectively aaoo, iipp, bbrrkk, eecc, and eell; see sseenndd + above). The initial value for this toggle is + TRUE in ``old line by line'' mode, and FALSE in + ``character at a time'' mode. When the LINEMODE + option is enabled, the value of llooccaallcchhaarrss is + ignored, and assumed to always be TRUE. If + LINEMODE has ever been enabled, then qquuiitt is + sent as aabboorrtt, and eeooff and ssuussppeenndd are sent as + eeooff and ssuusspp, see sseenndd above). + + nneettddaattaa Toggles the display of all network data (in hex- + adecimal format). The initial value for this + toggle is FALSE. + + ooppttiioonnss Toggles the display of some internal tteellnneett pro- + tocol processing (having to do with TELNET op- + tions). The initial value for this toggle is + FALSE. + + pprreettttyydduummpp When the nneettddaattaa toggle is enabled, if + pprreettttyydduummpp is enabled the output from the + nneettddaattaa command will be formatted in a more user + readable format. Spaces are put between each + character in the output, and the beginning of + any TELNET escape sequence is preceded by a '*' + to aid in locating them. + + sskkiipprrcc When the skiprc toggle is TRUE, TELNET skips the + reading of the _._t_e_l_n_e_t_r_c file in the users home + directory when connections are opened. The ini- + tial value for this toggle is FALSE. + + tteerrmmddaattaa Toggles the display of all terminal data (in + hexadecimal format). The initial value for this + toggle is FALSE. + + vveerrbboossee__eennccrryypptt + When the vveerrbboossee__eennccrryypptt toggle is TRUE, TELNET + prints out a message each time encryption is en- + abled or disabled. The initial value for this + toggle is FALSE. Note: Because of export con- + trols, data encryption is not supported outside + of the United States and Canada. + + ?? Displays the legal ttooggggllee commands. + + zz Suspend tteellnneett. This command only works when the user is using + the csh(1). + + !! [_c_o_m_m_a_n_d] + Execute a single command in a subshell on the local system. + If ccoommmmaanndd is omitted, then an interactive subshell is in- + voked. + + ?? [_c_o_m_m_a_n_d] + Get help. With no arguments, tteellnneett prints a help summary. + If a command is specified, tteellnneett will print the help informa- + tion for just that command. + +EENNVVIIRROONNMMEENNTT + TTeellnneett uses at least the HOME, SHELL, DISPLAY, and TERM environment vari- + ables. Other environment variables may be propagated to the other side + via the TELNET ENVIRON option. + +FFIILLEESS + ~/.telnetrc user customized telnet startup values + +HHIISSTTOORRYY + The TTeellnneett command appeared in 4.2BSD. + +NNOOTTEESS + On some remote systems, echo has to be turned off manually when in ``old + line by line'' mode. + + In ``old line by line'' mode or LINEMODE the terminal's eeooff character is + only recognized (and sent to the remote system) when it is the first + character on a line. + +4.2 Berkeley Distribution June 1, 1994 11 diff --git a/crypto/heimdal/appl/telnet/telnet/terminal.c b/crypto/heimdal/appl/telnet/telnet/terminal.c index 4404384..44e1611 100644 --- a/crypto/heimdal/appl/telnet/telnet/terminal.c +++ b/crypto/heimdal/appl/telnet/telnet/terminal.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: terminal.c,v 1.10 1997/12/15 19:53:06 joda Exp $"); +RCSID("$Id: terminal.c,v 1.11 2001/03/06 20:10:14 assar Exp $"); Ring ttyoring, ttyiring; unsigned char ttyobuf[2*BUFSIZ], ttyibuf[BUFSIZ]; @@ -151,11 +151,7 @@ ttyflush(int drop) int getconnmode(void) { - extern int linemode; int mode = 0; -#ifdef KLUDGELINEMODE - extern int kludgelinemode; -#endif if (my_want_state_is_dont(TELOPT_ECHO)) mode |= MODE_ECHO; diff --git a/crypto/heimdal/appl/telnet/telnetd/Makefile.am b/crypto/heimdal/appl/telnet/telnetd/Makefile.am index d8497c3..c375a05 100644 --- a/crypto/heimdal/appl/telnet/telnetd/Makefile.am +++ b/crypto/heimdal/appl/telnet/telnetd/Makefile.am @@ -1,4 +1,4 @@ -# $Id: Makefile.am,v 1.14 2000/11/15 22:51:11 assar Exp $ +# $Id: Makefile.am,v 1.15 2001/02/07 06:12:02 assar Exp $ include $(top_srcdir)/Makefile.am.common @@ -20,4 +20,5 @@ LDADD = \ $(LIB_des) \ $(LIB_tgetent) \ $(LIB_logwtmp) \ + $(LIB_kdfs) \ $(LIB_roken) diff --git a/crypto/heimdal/appl/telnet/telnetd/Makefile.in b/crypto/heimdal/appl/telnet/telnetd/Makefile.in index 07ac35b..c62a8ba 100644 --- a/crypto/heimdal/appl/telnet/telnetd/Makefile.in +++ b/crypto/heimdal/appl/telnet/telnetd/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -113,13 +114,13 @@ dpagaix_CFLAGS = @dpagaix_CFLAGS@ dpagaix_LDADD = @dpagaix_LDADD@ install_sh = @install_sh@ -# $Id: Makefile.am,v 1.14 2000/11/15 22:51:11 assar Exp $ +# $Id: Makefile.am,v 1.15 2001/02/07 06:12:02 assar Exp $ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = libexec_PROGRAMS = telnetd @@ -202,6 +205,7 @@ LDADD = \ $(LIB_des) \ $(LIB_tgetent) \ $(LIB_logwtmp) \ + $(LIB_kdfs) \ $(LIB_roken) subdir = appl/telnet/telnetd @@ -224,10 +228,16 @@ termstat.$(OBJEXT) slc.$(OBJEXT) sys_term.$(OBJEXT) utility.$(OBJEXT) \ global.$(OBJEXT) authenc.$(OBJEXT) telnetd_OBJECTS = $(am_telnetd_OBJECTS) telnetd_LDADD = $(LDADD) -@KRB5_FALSE@telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a -@KRB5_TRUE@telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a \ -@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ -@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@DCE_FALSE@@KRB5_FALSE@telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a +@DCE_FALSE@@KRB5_TRUE@telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a \ +@DCE_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@DCE_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@DCE_TRUE@@KRB5_FALSE@telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a \ +@DCE_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kdfs/libkdfs.la +@DCE_TRUE@@KRB5_TRUE@telnetd_DEPENDENCIES = ../libtelnet/libtelnet.a \ +@DCE_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@DCE_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la \ +@DCE_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la telnetd_LDFLAGS = COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) @@ -249,7 +259,7 @@ OBJECTS = $(am_telnetd_OBJECTS) all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/telnet/telnetd/Makefile @@ -382,6 +392,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/appl/telnet/telnetd/ext.h b/crypto/heimdal/appl/telnet/telnetd/ext.h index 4c122f8..1cba5b6 100644 --- a/crypto/heimdal/appl/telnet/telnetd/ext.h +++ b/crypto/heimdal/appl/telnet/telnetd/ext.h @@ -33,7 +33,7 @@ * @(#)ext.h 8.2 (Berkeley) 12/15/93 */ -/* $Id: ext.h,v 1.20 2000/11/15 23:03:38 assar Exp $ */ +/* $Id: ext.h,v 1.22 2001/04/24 23:12:11 assar Exp $ */ #ifndef __EXT_H__ #define __EXT_H__ @@ -116,15 +116,15 @@ void tty_tspeed (int val); void tty_rspeed (int val); void getptyslave (void); int cleanopen (char *line); -void startslave (char *host, int autologin, char *autoname); +void startslave (const char *host, const char *, int autologin, char *autoname); void init_env (void); -void start_login (char *host, int autologin, char *name); +void start_login (const char *host, int autologin, char *name); void cleanup (int sig); int main (int argc, char **argv); int getterminaltype (char *name, size_t); void _gettermname (void); int terminaltypeok (char *s); -void my_telnet (int f, int p, char*, int, char*); +void my_telnet (int f, int p, const char*, const char *, int, char*); void interrupt (void); void sendbrk (void); void sendsusp (void); @@ -141,6 +141,7 @@ void netflush (void); void writenet (unsigned char *ptr, int len); void fatal (int f, char *msg); void fatalperror (int f, const char *msg); +void fatalperror_errno (int f, const char *msg, int error); void edithost (char *pat, char *host); void putstr (char *s); void putchr (int cc); diff --git a/crypto/heimdal/appl/telnet/telnetd/sys_term.c b/crypto/heimdal/appl/telnet/telnetd/sys_term.c index 7c529af..067f8da 100644 --- a/crypto/heimdal/appl/telnet/telnetd/sys_term.c +++ b/crypto/heimdal/appl/telnet/telnetd/sys_term.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$Id: sys_term.c,v 1.97 2000/12/08 23:32:06 assar Exp $"); +RCSID("$Id: sys_term.c,v 1.100 2001/04/24 23:11:43 assar Exp $"); #if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H)) # define PARENT_DOES_UTMP @@ -1110,7 +1110,8 @@ make_id (char *tty) /* ARGSUSED */ void -startslave(char *host, int autologin, char *autoname) +startslave(const char *host, const char *utmp_host, + int autologin, char *autoname) { int i; @@ -1158,7 +1159,7 @@ startslave(char *host, int autologin, char *autoname) wtmp.ut_type = LOGIN_PROCESS; wtmp.ut_pid = pid; strncpy(wtmp.ut_user, "LOGIN", sizeof(wtmp.ut_user)); - strncpy(wtmp.ut_host, host, sizeof(wtmp.ut_host)); + strncpy(wtmp.ut_host, utmp_host, sizeof(wtmp.ut_host)); strncpy(wtmp.ut_line, clean_ttyname(line), sizeof(wtmp.ut_line)); #ifdef HAVE_STRUCT_UTMP_UT_ID strncpy(wtmp.ut_id, wtmp.ut_line + 3, sizeof(wtmp.ut_id)); @@ -1192,7 +1193,6 @@ extern char **environ; void init_env(void) { - extern char *getenv(const char *); char **envp; envp = envinit; @@ -1259,10 +1259,10 @@ scrub_env(void) struct arg_val { int size; int argc; - char **argv; + const char **argv; }; -static void addarg(struct arg_val*, char*); +static void addarg(struct arg_val*, const char*); /* * start_login(host) @@ -1272,10 +1272,11 @@ static void addarg(struct arg_val*, char*); */ void -start_login(char *host, int autologin, char *name) +start_login(const char *host, int autologin, char *name) { struct arg_val argv; char *user; + int save_errno; #ifdef HAVE_UTMPX_H int pid = getpid(); @@ -1316,7 +1317,7 @@ start_login(char *host, int autologin, char *name) /* init argv structure */ argv.size=0; argv.argc=0; - argv.argv=(char**)malloc(0); /*so we can call realloc later */ + argv.argv=malloc(0); /*so we can call realloc later */ addarg(&argv, "login"); addarg(&argv, "-h"); addarg(&argv, host); @@ -1371,14 +1372,14 @@ start_login(char *host, int autologin, char *name) sleep(1); execv(new_login, argv.argv); - + save_errno = errno; syslog(LOG_ERR, "%s: %m\n", new_login); - fatalperror(net, new_login); + fatalperror_errno(net, new_login, save_errno); /*NOTREACHED*/ } static void -addarg(struct arg_val *argv, char *val) +addarg(struct arg_val *argv, const char *val) { if(argv->size <= argv->argc+1) { argv->argv = realloc(argv->argv, sizeof(char*) * (argv->size + 10)); diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.c b/crypto/heimdal/appl/telnet/telnetd/telnetd.c index b788574..af63ce1 100644 --- a/crypto/heimdal/appl/telnet/telnetd/telnetd.c +++ b/crypto/heimdal/appl/telnet/telnetd/telnetd.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$Id: telnetd.c,v 1.63 2000/10/08 13:32:28 assar Exp $"); +RCSID("$Id: telnetd.c,v 1.64 2001/02/08 16:06:27 assar Exp $"); #ifdef _SC_CRAY_SECURE_SYS #include <sys/sysv.h> @@ -289,9 +289,14 @@ main(int argc, char **argv) #endif break; - case 'u': - utmp_len = atoi(optarg); + case 'u': { + char *eptr; + + utmp_len = strtol(optarg, &eptr, 0); + if (optarg == eptr) + fprintf(stderr, "telnetd: unknown utmp len (%s)\n", optarg); break; + } case 'U': registerd_host_only = 1; @@ -490,7 +495,6 @@ int getterminaltype(char *name, size_t name_sz) { int retval = -1; - void _gettermname(); settimer(baseline); #ifdef AUTHENTICATION @@ -629,7 +633,7 @@ getterminaltype(char *name, size_t name_sz) } /* end of getterminaltype */ void -_gettermname() +_gettermname(void) { /* * If the client turned off the option, @@ -653,9 +657,9 @@ terminaltypeok(char *s) } -char *hostname; char host_name[MaxHostNameLen]; char remote_host_name[MaxHostNameLen]; +char remote_utmp_name[MaxHostNameLen]; /* * Get a pty, scan input lines. @@ -663,12 +667,10 @@ char remote_host_name[MaxHostNameLen]; static void doit(struct sockaddr *who, int who_len) { - char *host = NULL; int level; int ptynum; char user_name[256]; int error; - char host_addr[256]; /* * Find an available pty to use. @@ -693,43 +695,42 @@ doit(struct sockaddr *who, int who_len) } #endif /* _SC_CRAY_SECURE_SYS */ - error = getnameinfo_verified (who, who_len, host_addr, sizeof(host_addr), + error = getnameinfo_verified (who, who_len, + remote_host_name, + sizeof(remote_host_name), NULL, 0, registerd_host_only ? NI_NAMEREQD : 0); if (error) fatal(net, "Couldn't resolve your address into a host name.\r\n\ Please contact your net administrator"); - /* - * We must make a copy because Kerberos is probably going - * to also do a gethost* and overwrite the static data... - */ - strlcpy(remote_host_name, host_addr, sizeof(remote_host_name)); - host = remote_host_name; - - /* XXX - should be k_gethostname? */ gethostname(host_name, sizeof (host_name)); - hostname = host_name; + + strlcpy (remote_utmp_name, remote_host_name, sizeof(remote_utmp_name)); /* Only trim if too long (and possible) */ - if (strlen(remote_host_name) > abs(utmp_len)) { + if (strlen(remote_utmp_name) > utmp_len) { char *domain = strchr(host_name, '.'); - char *p = strchr(remote_host_name, '.'); - if (domain && p && (strcmp(p, domain) == 0)) - *p = 0; /* remove domain part */ + char *p = strchr(remote_utmp_name, '.'); + if (domain != NULL && p != NULL && (strcmp(p, domain) == 0)) + *p = '\0'; /* remove domain part */ } - /* * If hostname still doesn't fit utmp, use ipaddr. */ - if (strlen(remote_host_name) > abs(utmp_len)) - strlcpy(remote_host_name, - host_addr, - sizeof(remote_host_name)); + if (strlen(remote_utmp_name) > utmp_len) { + error = getnameinfo (who, who_len, + remote_utmp_name, + sizeof(remote_utmp_name), + NULL, 0, + NI_NUMERICHOST); + if (error) + fatal(net, "Couldn't get numeric address\r\n"); + } #ifdef AUTHENTICATION - auth_encrypt_init(hostname, host, "TELNETD", 1); + auth_encrypt_init(host_name, remote_host_name, "TELNETD", 1); #endif init_env(); @@ -750,7 +751,8 @@ Please contact your net administrator"); #endif /* _SC_CRAY_SECURE_SYS */ /* begin server processing */ - my_telnet(net, ourpty, host, level, user_name); + my_telnet(net, ourpty, remote_host_name, remote_utmp_name, + level, user_name); /*NOTREACHED*/ } /* end of doit */ @@ -777,7 +779,8 @@ show_issue(void) * hand data to telnet receiver finite state machine. */ void -my_telnet(int f, int p, char *host, int level, char *autoname) +my_telnet(int f, int p, const char *host, const char *utmp_host, + int level, char *autoname) { int on = 1; char *he; @@ -960,7 +963,7 @@ my_telnet(int f, int p, char *host, int level, char *autoname) indefinitely */ if(!startslave_called && (!encrypt_delay() || timeout > time(NULL))){ startslave_called = 1; - startslave(host, level, autoname); + startslave(host, utmp_host, level, autoname); } if (ncc < 0 && pcc < 0) diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.cat8 b/crypto/heimdal/appl/telnet/telnetd/telnetd.cat8 new file mode 100644 index 0000000..988bf31 --- /dev/null +++ b/crypto/heimdal/appl/telnet/telnetd/telnetd.cat8 @@ -0,0 +1,297 @@ + +TELNETD(8) UNIX System Manager's Manual TELNETD(8) + +NNAAMMEE + tteellnneettdd - DARPA TELNET protocol server + +SSYYNNOOPPSSIISS + tteellnneettdd [--BBUUhhkkllnn] [--DD _d_e_b_u_g_m_o_d_e] [--SS _t_o_s] [--XX _a_u_t_h_t_y_p_e] [--aa _a_u_t_h_m_o_d_e] + [--rr_l_o_w_p_t_y_-_h_i_g_h_p_t_y] [--uu _l_e_n] [--ddeebbuugg] [--LL _/_b_i_n_/_l_o_g_i_n] [_p_o_r_t] + +DDEESSCCRRIIPPTTIIOONN + The tteellnneettdd command is a server which supports the DARPA standard TELNET + virtual terminal protocol. TTeellnneettdd is normally invoked by the internet + server (see inetd(8)) for requests to connect to the TELNET port as in- + dicated by the _/_e_t_c_/_s_e_r_v_i_c_e_s file (see services(5)). The --ddeebbuugg option + may be used to start up tteellnneettdd manually, instead of through inetd(8). + If started up this way, _p_o_r_t may be specified to run tteellnneettdd on an alter- + nate TCP port number. + + The tteellnneettdd command accepts the following options: + + --aa _a_u_t_h_m_o_d_e This option may be used for specifying what mode should be + used for authentication. Note that this option is only use- + ful if tteellnneettdd has been compiled with support for the + AUTHENTICATION option. There are several valid values for + _a_u_t_h_m_o_d_e: + + debug Turns on authentication debugging code. + + user Only allow connections when the remote user can pro- + vide valid authentication information to identify the + remote user, and is allowed access to the specified + account without providing a password. + + valid Only allow connections when the remote user can pro- + vide valid authentication information to identify the + remote user. The login(1) command will provide any + additional user verification needed if the remote us- + er is not allowed automatic access to the specified + account. + + other Only allow connections that supply some authentica- + tion information. This option is currently not sup- + ported by any of the existing authentication mecha- + nisms, and is thus the same as specifying --aa vvaalliidd. + + otp Only allow authenticated connections (as with --aa + uusseerr) and also logins with one-time passwords (OTPs). + This option will call login with an option so that + only OTPs are accepted. The user can of course still + type secret information at the prompt. + + none This is the default state. Authentication informa- + tion is not required. If no or insufficient authen- + tication information is provided, then the login(1) + program will provide the necessary user verification. + + off This disables the authentication code. All user ver- + ification will happen through the login(1) program. + + --BB Ignored. + + --DD _d_e_b_u_g_m_o_d_e + This option may be used for debugging purposes. This allows + tteellnneettdd to print out debugging information to the connec- + tion, allowing the user to see what tteellnneettdd is doing. There + are several possible values for _d_e_b_u_g_m_o_d_e: + + ooppttiioonnss Prints information about the negotiation of TELNET + options. + + rreeppoorrtt Prints the ooppttiioonnss information, plus some addi- + tional information about what processing is going + on. + + nneettddaattaa Displays the data stream received by tteellnneettdd. + + ppttyyddaattaa Displays data written to the pty. + + eexxeerrcciissee Has not been implemented yet. + + --hh Disables the printing of host-specific information before + login has been completed. + + --kk + + --ll Ignored. + + --nn Disable TCP keep-alives. Normally tteellnneettdd enables the TCP + keep-alive mechanism to probe connections that have been + idle for some period of time to determine if the client is + still there, so that idle connections from machines that + have crashed or can no longer be reached may be cleaned up. + + --rr _l_o_w_p_t_y_-_h_i_g_h_p_t_y + This option is only enabled when tteellnneettdd is compiled for + UNICOS. It specifies an inclusive range of pseudo-terminal + devices to use. If the system has sysconf variable + _SC_CRAY_NPTY configured, the default pty search range is 0 + to _SC_CRAY_NPTY; otherwise, the default range is 0 to 128. + Either _l_o_w_p_t_y or _h_i_g_h_p_t_y may be omitted to allow changing + either end of the search range. If _l_o_w_p_t_y is omitted, the - + character is still required so that tteellnneettdd can differenti- + ate _h_i_g_h_p_t_y from _l_o_w_p_t_y. + + --SS _t_o_s + + --uu _l_e_n This option is used to specify the size of the field in the + utmp structure that holds the remote host name. If the re- + solved host name is longer than _l_e_n, the dotted decimal val- + ue will be used instead. This allows hosts with very long + host names that overflow this field to still be uniquely + identified. Specifying --uu00 indicates that only dotted deci- + mal addresses should be put into the _u_t_m_p file. + + --UU This option causes tteellnneettdd to refuse connections from ad- + dresses that cannot be mapped back into a symbolic name via + the gethostbyaddr(3) routine. + + --XX _a_u_t_h_t_y_p_e This option is only valid if tteellnneettdd has been built with + support for the authentication option. It disables the use + of _a_u_t_h_t_y_p_e authentication, and can be used to temporarily + disable a specific authentication type without having to re- + compile tteellnneettdd. + + --LL --ppaatthhnnaammee + Specify pathname to an alternative login program. + + TTeellnneettdd operates by allocating a pseudo-terminal device (see pty(4)) for + a client, then creating a login process which has the slave side of the + pseudo-terminal as stdin, stdout and stderr. TTeellnneettdd manipulates the mas- + ter side of the pseudo-terminal, implementing the TELNET protocol and + passing characters between the remote client and the login process. + + When a TELNET session is started up, tteellnneettdd sends TELNET options to the + client side indicating a willingness to do the following TELNET options, + which are described in more detail below: + + DO AUTHENTICATION + WILL ENCRYPT + DO TERMINAL TYPE + DO TSPEED + DO XDISPLOC + DO NEW-ENVIRON + DO ENVIRON + WILL SUPPRESS GO AHEAD + DO ECHO + DO LINEMODE + DO NAWS + WILL STATUS + DO LFLOW + DO TIMING-MARK + + The pseudo-terminal allocated to the client is configured to operate in + ``cooked'' mode, and with XTABS and CRMOD enabled (see tty(4)). + + TTeellnneettdd has support for enabling locally the following TELNET options: + + WILL ECHO When the LINEMODE option is enabled, a WILL ECHO or + WONT ECHO will be sent to the client to indicate the + current state of terminal echoing. When terminal echo + is not desired, a WILL ECHO is sent to indicate that + telnetd will take care of echoing any data that needs + to be echoed to the terminal, and then nothing is + echoed. When terminal echo is desired, a WONT ECHO is + sent to indicate that telnetd will not be doing any + terminal echoing, so the client should do any terminal + echoing that is needed. + + WILL BINARY Indicates that the client is willing to send a 8 bits + of data, rather than the normal 7 bits of the Network + Virtual Terminal. + + WILL SGA Indicates that it will not be sending IAC GA, go + ahead, commands. + + WILL STATUS Indicates a willingness to send the client, upon re- + quest, of the current status of all TELNET options. + + WILL TIMING-MARK Whenever a DO TIMING-MARK command is received, it is + always responded to with a WILL TIMING-MARK + + WILL LOGOUT When a DO LOGOUT is received, a WILL LOGOUT is sent in + response, and the TELNET session is shut down. + + WILL ENCRYPT Only sent if tteellnneettdd is compiled with support for data + encryption, and indicates a willingness to decrypt the + data stream. + + TTeellnneettdd has support for enabling remotely the following TELNET options: + + DO BINARY Sent to indicate that telnetd is willing to receive an + 8 bit data stream. + + DO LFLOW Requests that the client handle flow control charac- + + + ters remotely. + + DO ECHO This is not really supported, but is sent to identify + a 4.2BSD telnet(1) client, which will improperly re- + spond with WILL ECHO. If a WILL ECHO is received, a + DONT ECHO will be sent in response. + + DO TERMINAL-TYPE Indicates a desire to be able to request the name of + the type of terminal that is attached to the client + side of the connection. + + DO SGA Indicates that it does not need to receive IAC GA, the + go ahead command. + + DO NAWS Requests that the client inform the server when the + window (display) size changes. + + DO TERMINAL-SPEED Indicates a desire to be able to request information + about the speed of the serial line to which the client + is attached. + + DO XDISPLOC Indicates a desire to be able to request the name of + the X windows display that is associated with the tel- + net client. + + DO NEW-ENVIRON Indicates a desire to be able to request environment + variable information, as described in RFC 1572. + + DO ENVIRON Indicates a desire to be able to request environment + variable information, as described in RFC 1408. + + DO LINEMODE Only sent if tteellnneettdd is compiled with support for + linemode, and requests that the client do line by line + processing. + + DO TIMING-MARK Only sent if tteellnneettdd is compiled with support for both + linemode and kludge linemode, and the client responded + with WONT LINEMODE. If the client responds with WILL + TM, the it is assumed that the client supports kludge + linemode. Note that the [--kk] option can be used to + disable this. + + DO AUTHENTICATION Only sent if tteellnneettdd is compiled with support for au- + thentication, and indicates a willingness to receive + authentication information for automatic login. + + DO ENCRYPT Only sent if tteellnneettdd is compiled with support for data + encryption, and indicates a willingness to decrypt the + data stream. + +EENNVVIIRROONNMMEENNTT +FFIILLEESS + /etc/services + /etc/inittab (UNICOS systems only) + /etc/iptos (if supported) + +SSEEEE AALLSSOO + telnet(1), login(1) + +SSTTAANNDDAARRDDSS + RRFFCC--885544 TELNET PROTOCOL SPECIFICATION + RRFFCC--885555 TELNET OPTION SPECIFICATIONS + RRFFCC--885566 TELNET BINARY TRANSMISSION + RRFFCC--885577 TELNET ECHO OPTION + + + RRFFCC--885588 TELNET SUPPRESS GO AHEAD OPTION + RRFFCC--885599 TELNET STATUS OPTION + RRFFCC--886600 TELNET TIMING MARK OPTION + RRFFCC--886611 TELNET EXTENDED OPTIONS - LIST OPTION + RRFFCC--888855 TELNET END OF RECORD OPTION + RRFFCC--11007733 Telnet Window Size Option + RRFFCC--11007799 Telnet Terminal Speed Option + RRFFCC--11009911 Telnet Terminal-Type Option + RRFFCC--11009966 Telnet X Display Location Option + RRFFCC--11112233 Requirements for Internet Hosts -- Application and Support + RRFFCC--11118844 Telnet Linemode Option + RRFFCC--11337722 Telnet Remote Flow Control Option + RRFFCC--11441166 Telnet Authentication Option + RRFFCC--11441111 Telnet Authentication: Kerberos Version 4 + RRFFCC--11441122 Telnet Authentication: SPX + RRFFCC--11557711 Telnet Environment Option Interoperability Issues + RRFFCC--11557722 Telnet Environment Option + +BBUUGGSS + Some TELNET commands are only partially implemented. + + Because of bugs in the original 4.2 BSD telnet(1), tteellnneettdd performs some + dubious protocol exchanges to try to discover if the remote client is, in + fact, a 4.2 BSD telnet(1). + + Binary mode has no common interpretation except between similar operating + systems (Unix in this case). + + The terminal type name received from the remote client is converted to + lower case. + + TTeellnneettdd never sends TELNET IAC GA (go ahead) commands. + +4.2 Berkeley Distribution June 1, 1994 5 diff --git a/crypto/heimdal/appl/telnet/telnetd/telnetd.h b/crypto/heimdal/appl/telnet/telnetd/telnetd.h index fdda3d7..6504607 100644 --- a/crypto/heimdal/appl/telnet/telnetd/telnetd.h +++ b/crypto/heimdal/appl/telnet/telnetd/telnetd.h @@ -166,7 +166,6 @@ struct hostent *gethostbyname(const char *); #endif #ifdef KRB4 -#include <des.h> #include <krb.h> #endif diff --git a/crypto/heimdal/appl/telnet/telnetd/utility.c b/crypto/heimdal/appl/telnet/telnetd/utility.c index a2e542d..496152c 100644 --- a/crypto/heimdal/appl/telnet/telnetd/utility.c +++ b/crypto/heimdal/appl/telnet/telnetd/utility.c @@ -34,7 +34,7 @@ #define PRINTOPTIONS #include "telnetd.h" -RCSID("$Id: utility.c,v 1.23 2000/10/08 13:34:27 assar Exp $"); +RCSID("$Id: utility.c,v 1.25 2001/05/17 00:34:42 assar Exp $"); /* * utility functions performing io related tasks @@ -363,14 +363,20 @@ void fatal(int f, char *msg) } void -fatalperror(int f, const char *msg) +fatalperror_errno(int f, const char *msg, int error) { char buf[BUFSIZ]; - snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(errno)); + snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(error)); fatal(f, buf); } +void +fatalperror(int f, const char *msg) +{ + fatalperror_errno(f, msg, errno); +} + char editedhost[32]; void edithost(char *pat, char *host) diff --git a/crypto/heimdal/appl/test/Makefile.in b/crypto/heimdal/appl/test/Makefile.in index b95c37a..ff1332d 100644 --- a/crypto/heimdal/appl/test/Makefile.in +++ b/crypto/heimdal/appl/test/Makefile.in @@ -1,6 +1,7 @@ -# Makefile.in generated automatically by automake 1.4a from Makefile.am +# Makefile.in generated automatically by automake 1.4b from Makefile.am -# Copyright (C) 1994, 1995-9, 2000 Free Software Foundation, Inc. +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -119,7 +120,7 @@ install_sh = @install_sh@ # $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ -# $Id: Makefile.am.common,v 1.23 2000/12/05 09:11:09 joda Exp $ +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ AUTOMAKE_OPTIONS = foreign no-dependencies @@ -185,6 +186,8 @@ NROFF_MAN = groff -mandoc -Tascii @KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la @KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + CHECK_LOCAL = $(PROGRAMS) noinst_PROGRAMS = tcp_client tcp_server gssapi_server gssapi_client \ @@ -309,7 +312,7 @@ OBJECTS = $(am_gssapi_client_OBJECTS) $(am_gssapi_server_OBJECTS) $(am_nt_gss_cl all: all-redirect .SUFFIXES: -.SUFFIXES: .1 .3 .5 .8 .c .cat1 .cat3 .cat5 .cat8 .et .h .lo .o .obj .x +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj $(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/test/Makefile @@ -410,6 +413,11 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + mostlyclean-tags: clean-tags: diff --git a/crypto/heimdal/appl/xnlock/ChangeLog b/crypto/heimdal/appl/xnlock/ChangeLog new file mode 100644 index 0000000..822b4f7 --- /dev/null +++ b/crypto/heimdal/appl/xnlock/ChangeLog @@ -0,0 +1,64 @@ +2001-03-15 Johan Danielsson <joda@pdc.kth.se> + + * xnlock.c: don't explicitly set the krb4 ticket file + +2000-12-31 Assar Westerlund <assar@sics.se> + + * xnlock.c (main): handle krb5_init_context failure consistently + +2000-04-09 Assar Westerlund <assar@sics.se> + + * xnlock.c (verfiy_krb5): get the v4-realm from the v5-ticket and + not from the default one. + * xnlock.c (verify_krb5): add obtainting of v4 tickets. + +1999-11-17 Assar Westerlund <assar@sics.se> + + * Makefile.am: only build when we have X11. From: Simon Josefsson + <jas@pdc.kth.se> + +Thu Mar 18 11:21:44 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * Makefile.am: include Makefile.am.common + +Wed Mar 17 23:35:51 1999 Assar Westerlund <assar@sics.se> + + * xnlock.c (verify): use KRB_VERIFY_SECURE instead of 1 + +Tue Mar 16 22:29:14 1999 Assar Westerlund <assar@sics.se> + + * xnlock.c: krb_verify_user_multiple -> krb_verify_user + +Thu Mar 11 14:59:20 1999 Johan Danielsson <joda@hella.pdc.kth.se> + + * xnlock.c: add some if-braces to keep gcc happy + +Sun Nov 22 10:36:45 1998 Assar Westerlund <assar@sics.se> + + * Makefile.in (WFLAGS): set + +Wed Jul 8 01:37:37 1998 Assar Westerlund <assar@sics.se> + + * xnlock.c (main): create place-holder ticket file with + open(O_EXCL | O_CREAT) instead of creat + +Sat Mar 28 12:53:46 1998 Assar Westerlund <assar@sics.se> + + * Makefile.in (install, uninstall): transform the man page + +Tue Mar 24 05:20:34 1998 Assar Westerlund <assar@sics.se> + + * xnlock.c: remove redundant preprocessor stuff + +Sat Mar 21 14:36:21 1998 Assar Westerlund <assar@sics.se> + + * xnlock.c (init_words): recognize both `-p' and `-prog' + +Sat Feb 7 10:08:07 1998 Assar Westerlund <assar@sics.se> + + * xnlock.c: Don't use REALM_SZ + 1, just REALM_SZ + +Sat Nov 29 04:58:19 1997 Johan Danielsson <joda@emma.pdc.kth.se> + + * xnlock.c: Make it build w/o krb4. + diff --git a/crypto/heimdal/appl/xnlock/Makefile.am b/crypto/heimdal/appl/xnlock/Makefile.am new file mode 100644 index 0000000..a8e6440 --- /dev/null +++ b/crypto/heimdal/appl/xnlock/Makefile.am @@ -0,0 +1,30 @@ +# $Id: Makefile.am,v 1.15 2000/11/15 22:51:12 assar Exp $ + +include $(top_srcdir)/Makefile.am.common + +INCLUDES += $(INCLUDE_krb4) $(X_CFLAGS) + +WFLAGS += $(WFLAGS_NOIMPLICITINT) + +if HAVE_X + +bin_PROGRAMS = xnlock + +else + +bin_PROGRAMS = + +endif + +man_MANS = xnlock.1 + +EXTRA_DIST = $(man_MANS) nose.0.left nose.0.right nose.1.left nose.1.right \ + nose.down nose.front nose.left.front nose.right.front + +LDADD = \ + $(LIB_kafs) \ + $(LIB_krb5) \ + $(LIB_krb4) \ + $(LIB_des) \ + $(LIB_roken) \ + $(X_LIBS) -lXt $(X_PRE_LIBS) -lX11 $(X_EXTRA_LIBS) diff --git a/crypto/heimdal/appl/xnlock/Makefile.in b/crypto/heimdal/appl/xnlock/Makefile.in new file mode 100644 index 0000000..a023f23 --- /dev/null +++ b/crypto/heimdal/appl/xnlock/Makefile.in @@ -0,0 +1,633 @@ +# Makefile.in generated automatically by automake 1.4b from Makefile.am + +# Copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 +# Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +SHELL = @SHELL@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +datadir = @datadir@ +sysconfdir = @sysconfdir@ +sharedstatedir = @sharedstatedir@ +localstatedir = @localstatedir@ +libdir = @libdir@ +infodir = @infodir@ +mandir = @mandir@ +includedir = @includedir@ +oldincludedir = /usr/include + +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ + +top_builddir = ../.. + +ACLOCAL = @ACLOCAL@ +AUTOCONF = @AUTOCONF@ +AUTOMAKE = @AUTOMAKE@ +AUTOHEADER = @AUTOHEADER@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_FLAG = +transform = @program_transform_name@ + +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : + +@SET_MAKE@ +host_alias = @host_alias@ +host_triplet = @host@ +AIX_EXTRA_KAFS = @AIX_EXTRA_KAFS@ +AMDEP = @AMDEP@ +AMTAR = @AMTAR@ +AS = @AS@ +AWK = @AWK@ +CANONICAL_HOST = @CANONICAL_HOST@ +CATMAN = @CATMAN@ +CATMANEXT = @CATMANEXT@ +CC = @CC@ +CPP = @CPP@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +DBLIB = @DBLIB@ +DEPDIR = @DEPDIR@ +DIR_des = @DIR_des@ +DIR_roken = @DIR_roken@ +DLLTOOL = @DLLTOOL@ +EXEEXT = @EXEEXT@ +EXTRA_LIB45 = @EXTRA_LIB45@ +GROFF = @GROFF@ +INCLUDES_roken = @INCLUDES_roken@ +INCLUDE_ = @INCLUDE_@ +LEX = @LEX@ +LIBOBJS = @LIBOBJS@ +LIBTOOL = @LIBTOOL@ +LIB_ = @LIB_@ +LIB_AUTH_SUBDIRS = @LIB_AUTH_SUBDIRS@ +LIB_des = @LIB_des@ +LIB_des_appl = @LIB_des_appl@ +LIB_kdb = @LIB_kdb@ +LIB_otp = @LIB_otp@ +LIB_roken = @LIB_roken@ +LIB_security = @LIB_security@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +NEED_WRITEAUTH_FALSE = @NEED_WRITEAUTH_FALSE@ +NEED_WRITEAUTH_TRUE = @NEED_WRITEAUTH_TRUE@ +NROFF = @NROFF@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +RANLIB = @RANLIB@ +STRIP = @STRIP@ +VERSION = @VERSION@ +VOID_RETSIGTYPE = @VOID_RETSIGTYPE@ +WFLAGS_NOIMPLICITINT = @WFLAGS_NOIMPLICITINT@ +WFLAGS_NOUNUSED = @WFLAGS_NOUNUSED@ +YACC = @YACC@ +dpagaix_CFLAGS = @dpagaix_CFLAGS@ +dpagaix_LDADD = @dpagaix_LDADD@ +install_sh = @install_sh@ + +# $Id: Makefile.am,v 1.15 2000/11/15 22:51:12 assar Exp $ + + +# $Id: Makefile.am.common,v 1.3 1999/04/01 14:58:43 joda Exp $ + + +# $Id: Makefile.am.common,v 1.26 2001/05/21 13:27:48 joda Exp $ + + +AUTOMAKE_OPTIONS = foreign no-dependencies + +SUFFIXES = .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x + +INCLUDES = -I$(top_builddir)/include $(INCLUDES_roken) $(INCLUDE_krb4) $(X_CFLAGS) + +AM_CFLAGS = $(WFLAGS) + +CP = cp + +COMPILE_ET = $(top_builddir)/lib/com_err/compile_et + +buildinclude = $(top_builddir)/include + +LIB_XauReadAuth = @LIB_XauReadAuth@ +LIB_crypt = @LIB_crypt@ +LIB_dbm_firstkey = @LIB_dbm_firstkey@ +LIB_dbopen = @LIB_dbopen@ +LIB_dlopen = @LIB_dlopen@ +LIB_dn_expand = @LIB_dn_expand@ +LIB_el_init = @LIB_el_init@ +LIB_getattr = @LIB_getattr@ +LIB_gethostbyname = @LIB_gethostbyname@ +LIB_getpwent_r = @LIB_getpwent_r@ +LIB_getpwnam_r = @LIB_getpwnam_r@ +LIB_getsockopt = @LIB_getsockopt@ +LIB_logout = @LIB_logout@ +LIB_logwtmp = @LIB_logwtmp@ +LIB_odm_initialize = @LIB_odm_initialize@ +LIB_pidfile = @LIB_pidfile@ +LIB_readline = @LIB_readline@ +LIB_res_search = @LIB_res_search@ +LIB_setpcred = @LIB_setpcred@ +LIB_setsockopt = @LIB_setsockopt@ +LIB_socket = @LIB_socket@ +LIB_syslog = @LIB_syslog@ +LIB_tgetent = @LIB_tgetent@ + +LIBS = @LIBS@ + +HESIODLIB = @HESIODLIB@ +HESIODINCLUDE = @HESIODINCLUDE@ +INCLUDE_hesiod = @INCLUDE_hesiod@ +LIB_hesiod = @LIB_hesiod@ + +INCLUDE_krb4 = @INCLUDE_krb4@ +LIB_krb4 = @LIB_krb4@ + +INCLUDE_openldap = @INCLUDE_openldap@ +LIB_openldap = @LIB_openldap@ + +INCLUDE_readline = @INCLUDE_readline@ + +LEXLIB = @LEXLIB@ + +NROFF_MAN = groff -mandoc -Tascii + +@KRB4_TRUE@LIB_kafs = @KRB4_TRUE@$(top_builddir)/lib/kafs/libkafs.la $(AIX_EXTRA_KAFS) + +@KRB5_TRUE@LIB_krb5 = @KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB5_TRUE@ $(top_builddir)/lib/asn1/libasn1.la +@KRB5_TRUE@LIB_gssapi = @KRB5_TRUE@$(top_builddir)/lib/gssapi/libgssapi.la + +@DCE_TRUE@LIB_kdfs = @DCE_TRUE@$(top_builddir)/lib/kdfs/libkdfs.la + +CHECK_LOCAL = $(PROGRAMS) + +WFLAGS = @WFLAGS@ $(WFLAGS_NOIMPLICITINT) + +@HAVE_X_TRUE@bin_PROGRAMS = @HAVE_X_TRUE@xnlock +@HAVE_X_FALSE@bin_PROGRAMS = + +man_MANS = xnlock.1 + +EXTRA_DIST = $(man_MANS) nose.0.left nose.0.right nose.1.left nose.1.right \ + nose.down nose.front nose.left.front nose.right.front + + +LDADD = \ + $(LIB_kafs) \ + $(LIB_krb5) \ + $(LIB_krb4) \ + $(LIB_des) \ + $(LIB_roken) \ + $(X_LIBS) -lXt $(X_PRE_LIBS) -lX11 $(X_EXTRA_LIBS) + +subdir = appl/xnlock +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = ../../include/config.h +CONFIG_CLEAN_FILES = +@HAVE_X_FALSE@bin_PROGRAMS = +PROGRAMS = $(bin_PROGRAMS) + + +DEFS = @DEFS@ -I. -I$(srcdir) -I../../include +CPPFLAGS = @CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +X_CFLAGS = @X_CFLAGS@ +X_LIBS = @X_LIBS@ +X_EXTRA_LIBS = @X_EXTRA_LIBS@ +X_PRE_LIBS = @X_PRE_LIBS@ +xnlock_SOURCES = xnlock.c +xnlock_OBJECTS = xnlock.$(OBJEXT) +xnlock_LDADD = $(LDADD) +@KRB4_FALSE@@KRB5_FALSE@xnlock_DEPENDENCIES = +@KRB4_FALSE@@KRB5_TRUE@xnlock_DEPENDENCIES = \ +@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB4_FALSE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +@KRB4_TRUE@@KRB5_FALSE@xnlock_DEPENDENCIES = \ +@KRB4_TRUE@@KRB5_FALSE@$(top_builddir)/lib/kafs/libkafs.la +@KRB4_TRUE@@KRB5_TRUE@xnlock_DEPENDENCIES = \ +@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/kafs/libkafs.la \ +@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/krb5/libkrb5.la \ +@KRB4_TRUE@@KRB5_TRUE@$(top_builddir)/lib/asn1/libasn1.la +xnlock_LDFLAGS = +COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) --mode=compile $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CFLAGS = @CFLAGS@ +CCLD = $(CC) +LINK = $(LIBTOOL) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +DIST_SOURCES = xnlock.c +man1dir = $(mandir)/man1 +MANS = $(man_MANS) +depcomp = +DIST_COMMON = README ChangeLog Makefile.am Makefile.in + + +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) + +GZIP_ENV = --best +SOURCES = xnlock.c +OBJECTS = xnlock.$(OBJEXT) + +all: all-redirect +.SUFFIXES: +.SUFFIXES: .et .h .1 .3 .5 .8 .cat1 .cat3 .cat5 .cat8 .x .c .lo .o .obj +$(srcdir)/Makefile.in: Makefile.am $(top_srcdir)/configure.in $(ACLOCAL_M4) $(top_srcdir)/Makefile.am.common $(top_srcdir)/cf/Makefile.am.common + cd $(top_srcdir) && $(AUTOMAKE) --foreign appl/xnlock/Makefile + +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) \ + && CONFIG_FILES=$(subdir)/$@ CONFIG_HEADERS= $(SHELL) ./config.status + + +mostlyclean-binPROGRAMS: + +clean-binPROGRAMS: + -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS) + +distclean-binPROGRAMS: + +maintainer-clean-binPROGRAMS: + +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(bindir) + @list='$(bin_PROGRAMS)'; for p in $$list; do \ + if test -f $$p; then \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f"; \ + $(LIBTOOL) --mode=install $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/$$f; \ + else :; fi; \ + done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(bin_PROGRAMS)'; for p in $$list; do \ + f="`echo $$p|sed -e 's/$(EXEEXT)$$//' -e '$(transform)' -e 's/$$/$(EXEEXT)/'`"; \ + echo " rm -f $(DESTDIR)$(bindir)/$$f"; \ + rm -f $(DESTDIR)$(bindir)/$$f; \ + done + +mostlyclean-compile: + -rm -f *.o core *.core + -rm -f *.$(OBJEXT) + +clean-compile: + +distclean-compile: + -rm -f *.tab.c + +maintainer-clean-compile: + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + +maintainer-clean-libtool: + +xnlock$(EXEEXT): $(xnlock_OBJECTS) $(xnlock_DEPENDENCIES) + @rm -f xnlock$(EXEEXT) + $(LINK) $(xnlock_LDFLAGS) $(xnlock_OBJECTS) $(xnlock_LDADD) $(LIBS) +.c.o: + $(COMPILE) -c $< +.c.obj: + $(COMPILE) -c `cygpath -w $<` +.c.lo: + $(LTCOMPILE) -c -o $@ $< + +install-man1: + $(mkinstalldirs) $(DESTDIR)$(man1dir) + @list='$(man1_MANS)'; \ + l2='$(man_MANS)'; for i in $$l2; do \ + case "$$i" in \ + *.1*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + if test -f $(srcdir)/$$i; then file=$(srcdir)/$$i; \ + else file=$$i; fi; \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst"; \ + $(INSTALL_DATA) $$file $(DESTDIR)$(man1dir)/$$inst; \ + done + +uninstall-man1: + @list='$(man1_MANS)'; \ + l2='$(man_MANS)'; for i in $$l2; do \ + case "$$i" in \ + *.1*) list="$$list $$i" ;; \ + esac; \ + done; \ + for i in $$list; do \ + ext=`echo $$i | sed -e 's/^.*\\.//'`; \ + inst=`echo $$i | sed -e 's/\\.[0-9a-z]*$$//'`; \ + inst=`echo $$inst | sed -e 's/^.*\///'`; \ + inst=`echo $$inst | sed '$(transform)'`.$$ext; \ + echo " rm -f $(DESTDIR)$(man1dir)/$$inst"; \ + rm -f $(DESTDIR)$(man1dir)/$$inst; \ + done +install-man: $(MANS) + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-man1 +uninstall-man: + @$(NORMAL_UNINSTALL) + $(MAKE) $(AM_MAKEFLAGS) uninstall-man1 + +tags: TAGS + +ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) + list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + mkid -fID $$unique $(LISP) + +TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ + $(TAGS_FILES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS) $(TAGS_FILES)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | \ + $(AWK) ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)$$unique$(LISP)$$tags" \ + || etags $(ETAGS_ARGS) $$tags $$unique $(LISP) + +GTAGS: + here=`CDPATH=: && cd $(top_builddir) && pwd` \ + && cd $(top_srcdir) \ + && gtags -i $$here + +mostlyclean-tags: + +clean-tags: + +distclean-tags: + -rm -f TAGS ID + +maintainer-clean-tags: + +distdir = $(top_builddir)/$(PACKAGE)-$(VERSION)/$(subdir) + +distdir: $(DISTFILES) + @for file in $(DISTFILES); do \ + d=$(srcdir); \ + if test -d $$d/$$file; then \ + cp -pR $$d/$$file $(distdir) \ + || exit 1; \ + else \ + test -f $(distdir)/$$file \ + || cp -p $$d/$$file $(distdir)/$$file \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) top_distdir="$(top_distdir)" distdir="$(distdir)" dist-hook +info-am: +info: info-am +dvi-am: +dvi: dvi-am +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-local +check: check-am +installcheck-am: +installcheck: installcheck-am +install-exec-am: install-binPROGRAMS + @$(NORMAL_INSTALL) + $(MAKE) $(AM_MAKEFLAGS) install-exec-hook +install-exec: install-exec-am + +install-data-am: install-man install-data-local +install-data: install-data-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am +install: install-am +uninstall-am: uninstall-binPROGRAMS uninstall-man +uninstall: uninstall-am +all-am: Makefile $(PROGRAMS) $(MANS) all-local +all-redirect: all-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install +installdirs: + $(mkinstalldirs) $(DESTDIR)$(bindir) $(DESTDIR)$(mandir)/man1 + + +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f config.cache config.log stamp-h stamp-h[0-9]* + +maintainer-clean-generic: + -rm -f Makefile.in +mostlyclean-am: mostlyclean-binPROGRAMS mostlyclean-compile \ + mostlyclean-libtool mostlyclean-tags \ + mostlyclean-generic + +mostlyclean: mostlyclean-am + +clean-am: clean-binPROGRAMS clean-compile clean-libtool clean-tags \ + clean-generic mostlyclean-am + +clean: clean-am + +distclean-am: distclean-binPROGRAMS distclean-compile distclean-libtool \ + distclean-tags distclean-generic clean-am + -rm -f libtool + +distclean: distclean-am + +maintainer-clean-am: maintainer-clean-binPROGRAMS \ + maintainer-clean-compile maintainer-clean-libtool \ + maintainer-clean-tags maintainer-clean-generic \ + distclean-am + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." + +maintainer-clean: maintainer-clean-am + +.PHONY: mostlyclean-binPROGRAMS distclean-binPROGRAMS clean-binPROGRAMS \ +maintainer-clean-binPROGRAMS uninstall-binPROGRAMS install-binPROGRAMS \ +mostlyclean-compile distclean-compile clean-compile \ +maintainer-clean-compile mostlyclean-libtool distclean-libtool \ +clean-libtool maintainer-clean-libtool install-man1 uninstall-man1 \ +install-man uninstall-man tags mostlyclean-tags distclean-tags \ +clean-tags maintainer-clean-tags distdir info-am info dvi-am dvi \ +check-local check check-am installcheck-am installcheck install-exec-am \ +install-exec install-data-local install-data-am install-data install-am \ +install uninstall-am uninstall all-local all-redirect all-am all \ +install-strip installdirs mostlyclean-generic distclean-generic \ +clean-generic maintainer-clean-generic clean mostlyclean distclean \ +maintainer-clean + + +install-suid-programs: + @foo='$(bin_SUIDS)'; \ + for file in $$foo; do \ + x=$(DESTDIR)$(bindir)/$$file; \ + if chown 0:0 $$x && chmod u+s $$x; then :; else \ + echo "*"; \ + echo "* Failed to install $$x setuid root"; \ + echo "*"; \ + fi; done + +install-exec-hook: install-suid-programs + +install-build-headers:: $(include_HEADERS) $(build_HEADERZ) + @foo='$(include_HEADERS) $(build_HEADERZ)'; \ + for f in $$foo; do \ + f=`basename $$f`; \ + if test -f "$(srcdir)/$$f"; then file="$(srcdir)/$$f"; \ + else file="$$f"; fi; \ + if cmp -s $$file $(buildinclude)/$$f 2> /dev/null ; then \ + : ; else \ + echo " $(CP) $$file $(buildinclude)/$$f"; \ + $(CP) $$file $(buildinclude)/$$f; \ + fi ; \ + done + +all-local: install-build-headers +#NROFF_MAN = nroff -man +.1.cat1: + $(NROFF_MAN) $< > $@ +.3.cat3: + $(NROFF_MAN) $< > $@ +.5.cat5: + $(NROFF_MAN) $< > $@ +.8.cat8: + $(NROFF_MAN) $< > $@ + +dist-cat1-mans: + @foo='$(man1_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.1) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat1/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat3-mans: + @foo='$(man3_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.3) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat3/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat5-mans: + @foo='$(man5_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.5) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat5/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-cat8-mans: + @foo='$(man8_MANS)'; \ + bar='$(man_MANS)'; \ + for i in $$bar; do \ + case $$i in \ + *.8) foo="$$foo $$i";; \ + esac; done ;\ + for i in $$foo; do \ + x=`echo $$i | sed 's/\.[^.]*$$/.cat8/'`; \ + echo "$(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x"; \ + $(NROFF_MAN) $(srcdir)/$$i > $(distdir)/$$x; \ + done + +dist-hook: dist-cat1-mans dist-cat3-mans dist-cat5-mans dist-cat8-mans + +install-cat-mans: + $(SHELL) $(top_srcdir)/cf/install-catman.sh "$(INSTALL_DATA)" "$(mkinstalldirs)" "$(srcdir)" "$(DESTDIR)$(mandir)" '$(CATMANEXT)' $(man_MANS) $(man1_MANS) $(man3_MANS) $(man5_MANS) $(man8_MANS) + +install-data-local: install-cat-mans + +.et.h: + $(COMPILE_ET) $< +.et.c: + $(COMPILE_ET) $< + +.x.c: + @cmp -s $< $@ 2> /dev/null || cp $< $@ + +check-local:: + @foo='$(CHECK_LOCAL)'; \ + if test "$$foo"; then \ + failed=0; all=0; \ + for i in $$foo; do \ + all=`expr $$all + 1`; \ + if ./$$i --version > /dev/null 2>&1; then \ + echo "PASS: $$i"; \ + else \ + echo "FAIL: $$i"; \ + failed=`expr $$failed + 1`; \ + fi; \ + done; \ + if test "$$failed" -eq 0; then \ + banner="All $$all tests passed"; \ + else \ + banner="$$failed of $$all tests failed"; \ + fi; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes"; \ + test "$$failed" -eq 0; \ + fi + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/crypto/heimdal/appl/xnlock/README b/crypto/heimdal/appl/xnlock/README new file mode 100644 index 0000000..5b16c52 --- /dev/null +++ b/crypto/heimdal/appl/xnlock/README @@ -0,0 +1,21 @@ +xnlock -- Dan Heller, 1990 +"nlock" is a "new lockscreen" type program... something that prevents +screen burnout by making most of it "black" while providing something +of interest to be displayed in case anyone is watching. The program +also provides added security. + +"xnlock" is the X11 version of the program. + +Original sunview version written by Dan Heller 1985 (not included). + +For a real description of how this program works, read the +man page or just try running it. + +The one major outstanding bug with this program is that every +once in a while, two horizontal lines appear below the little +figure that runs around the screen. If someone can find and +fix this bug, *please* let me know -- I don't have time to +look and if I waited till I had time, you'd never see this +program... It has something to do with the "looking down" +position and then directly moving up and right or left... + diff --git a/crypto/heimdal/appl/xnlock/nose.0.left b/crypto/heimdal/appl/xnlock/nose.0.left new file mode 100644 index 0000000..cb3d152 --- /dev/null +++ b/crypto/heimdal/appl/xnlock/nose.0.left @@ -0,0 +1,38 @@ +#define nose_0_left_width 64 +#define nose_0_left_height 64 +static unsigned char nose_0_left_bits[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0xc0,0xff,0xff,0x07,0x00,0x00,0x00,0x00,0x40,0x00, + 0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40, + 0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00, + 0x40,0x00,0x00,0x04,0x00,0x00,0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00, + 0x08,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x08,0x00,0x00,0x00,0x00,0x20,0x00, + 0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00,0xf0,0x03,0x00,0x00,0x80,0x00, + 0x00,0x00,0x0e,0x0c,0x00,0x00,0x80,0x01,0x00,0x00,0x03,0x30,0x00,0x00,0x00, + 0x01,0x00,0x80,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x40,0x00,0xc0,0x00,0x00, + 0x00,0x02,0x00,0x20,0x00,0x80,0x00,0x00,0x00,0x04,0x00,0x10,0x00,0x00,0x00, + 0x00,0x00,0x04,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x0c,0x00,0x08,0x00,0x00, + 0x00,0x00,0x00,0x08,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x08,0x00, + 0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08, + 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00, + 0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10, + 0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x10,0x00,0x00,0x01,0x00,0x00, + 0x18,0x00,0x20,0x00,0x00,0x01,0x00,0x00,0x08,0x00,0x40,0x00,0x80,0x00,0x00, + 0x00,0x08,0x00,0x80,0x00,0x40,0x00,0x00,0x00,0x0c,0x00,0x00,0x01,0x20,0x00, + 0x00,0x00,0x04,0x00,0x00,0x06,0x18,0x00,0x00,0x00,0x06,0x00,0x00,0xf8,0x07, + 0x00,0x00,0x00,0x02,0x00,0x00,0x00,0xf8,0xff,0xff,0xff,0x01,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xf8,0x0f,0x00,0x00,0x00, + 0x00,0xff,0x00,0x04,0x10,0x00,0x00,0x00,0xc0,0x00,0x03,0x03,0x10,0x00,0x00, + 0x00,0x30,0x00,0x0c,0x01,0x20,0x00,0x00,0x00,0x08,0x00,0x98,0x00,0x20,0x00, + 0x00,0x00,0x0c,0x03,0x60,0x00,0x20,0x00,0x00,0x00,0xc2,0x00,0xc0,0x00,0x20, + 0x00,0x00,0x00,0x42,0x00,0x80,0x00,0x20,0x00,0x00,0x00,0x21,0x00,0x00,0x01, + 0x20,0x00,0x00,0x00,0x21,0x00,0x00,0x01,0x20,0x00,0x00,0x00,0x21,0x00,0x00, + 0x00,0x20,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x01,0x00, + 0x00,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x02, + 0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x20,0x00,0x00,0x00, + 0x18,0x00,0x00,0x00,0x20,0x00,0x00,0x00,0x70,0x00,0x00,0x00,0x10,0x00,0x00, + 0x00,0xc0,0xff,0xff,0xff,0x0f,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00}; diff --git a/crypto/heimdal/appl/xnlock/nose.0.right b/crypto/heimdal/appl/xnlock/nose.0.right new file mode 100644 index 0000000..f387baa --- /dev/null +++ b/crypto/heimdal/appl/xnlock/nose.0.right @@ -0,0 +1,38 @@ +#define nose_0_right_width 64 +#define nose_0_right_height 64 +static unsigned char nose_0_right_bits[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0xe0,0xff,0xff,0x03,0x00,0x00,0x00,0x00,0x20,0x00, + 0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20, + 0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00, + 0x20,0x00,0x00,0x02,0x00,0x00,0x00,0xfc,0xff,0xff,0xff,0xff,0x1f,0x00,0x00, + 0x04,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x10,0x00, + 0x00,0xfc,0xff,0xff,0xff,0xff,0x1f,0x00,0x00,0x00,0x01,0x00,0x00,0xc0,0x0f, + 0x00,0x00,0x80,0x01,0x00,0x00,0x30,0x70,0x00,0x00,0x80,0x00,0x00,0x00,0x0c, + 0xc0,0x00,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x01,0x00,0x40,0x00,0x00,0x00, + 0x03,0x00,0x02,0x00,0x20,0x00,0x00,0x00,0x01,0x00,0x04,0x00,0x20,0x00,0x00, + 0x00,0x00,0x00,0x08,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x10,0x00, + 0x00,0x00,0x00,0x00,0x10,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08, + 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00, + 0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10, + 0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00, + 0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x18,0x00,0x00,0x80,0x00, + 0x00,0x08,0x00,0x10,0x00,0x00,0x80,0x00,0x00,0x04,0x00,0x10,0x00,0x00,0x00, + 0x01,0x00,0x02,0x00,0x30,0x00,0x00,0x00,0x02,0x00,0x01,0x00,0x20,0x00,0x00, + 0x00,0x04,0x80,0x00,0x00,0x60,0x00,0x00,0x00,0x18,0x60,0x00,0x00,0x40,0x00, + 0x00,0x00,0xe0,0x1f,0x00,0x00,0x80,0xff,0xff,0xff,0x1f,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xf0,0x1f,0x00,0x00,0x00,0x00,0x00, + 0x00,0x08,0x20,0x00,0xff,0x00,0x00,0x00,0x00,0x08,0xc0,0xc0,0x00,0x03,0x00, + 0x00,0x00,0x04,0x80,0x30,0x00,0x0c,0x00,0x00,0x00,0x04,0x00,0x19,0x00,0x10, + 0x00,0x00,0x00,0x04,0x00,0x06,0xc0,0x30,0x00,0x00,0x00,0x04,0x00,0x03,0x00, + 0x43,0x00,0x00,0x00,0x04,0x00,0x01,0x00,0x42,0x00,0x00,0x00,0x04,0x80,0x00, + 0x00,0x84,0x00,0x00,0x00,0x04,0x80,0x00,0x00,0x84,0x00,0x00,0x00,0x04,0x00, + 0x00,0x00,0x84,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x80,0x00,0x00,0x00,0x02, + 0x00,0x00,0x00,0x80,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00, + 0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x20,0x00,0x00, + 0x00,0x04,0x00,0x00,0x00,0x18,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0x0e,0x00, + 0x00,0x00,0xf0,0xff,0xff,0xff,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00}; diff --git a/crypto/heimdal/appl/xnlock/nose.1.left b/crypto/heimdal/appl/xnlock/nose.1.left new file mode 100644 index 0000000..8a6b829 --- /dev/null +++ b/crypto/heimdal/appl/xnlock/nose.1.left @@ -0,0 +1,38 @@ +#define nose_1_left_width 64 +#define nose_1_left_height 64 +static unsigned char nose_1_left_bits[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0xc0,0xff,0xff,0x07,0x00,0x00,0x00,0x00,0x40,0x00, + 0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40, + 0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00, + 0x40,0x00,0x00,0x04,0x00,0x00,0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00, + 0x08,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x08,0x00,0x00,0x00,0x00,0x20,0x00, + 0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00,0xf0,0x03,0x00,0x00,0x80,0x00, + 0x00,0x00,0x0e,0x0c,0x00,0x00,0x80,0x01,0x00,0x00,0x03,0x30,0x00,0x00,0x00, + 0x01,0x00,0x80,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x40,0x00,0xc0,0x00,0x00, + 0x00,0x02,0x00,0x20,0x00,0x80,0x00,0x00,0x00,0x04,0x00,0x10,0x00,0x00,0x00, + 0x00,0x00,0x04,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x0c,0x00,0x08,0x00,0x00, + 0x00,0x00,0x00,0x08,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x08,0x00, + 0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08, + 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00, + 0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10, + 0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x10,0x00,0x00,0x01,0x00,0x00, + 0x18,0x00,0x10,0x00,0x00,0x01,0x00,0x00,0x08,0x00,0x20,0x00,0x80,0x00,0x00, + 0x00,0x08,0x00,0x40,0x00,0x40,0x00,0x00,0x00,0x0c,0x00,0x80,0x00,0x20,0x00, + 0x00,0x00,0xe4,0x00,0x00,0x03,0x18,0x00,0x00,0x00,0x26,0x03,0x00,0xfc,0x07, + 0x00,0x00,0x00,0x12,0x0c,0x00,0x00,0xf8,0xff,0xff,0xff,0x11,0x10,0x80,0x1f, + 0x00,0x00,0x00,0x00,0x08,0x20,0x60,0x60,0xc0,0x07,0x00,0x00,0x04,0x40,0x10, + 0xc0,0x20,0x08,0x00,0x1f,0x02,0x40,0x08,0x00,0x21,0x10,0xc0,0x60,0x02,0x40, + 0x04,0x00,0x12,0x20,0x20,0x80,0x02,0x20,0xc2,0x00,0x14,0x40,0x18,0x00,0x03, + 0x20,0x22,0x00,0x0c,0x80,0x04,0x03,0x02,0x10,0x12,0x00,0x08,0x80,0x86,0x00, + 0x04,0x10,0x12,0x00,0x10,0x80,0x42,0x00,0x18,0x08,0x12,0x00,0x10,0x40,0x42, + 0x00,0x00,0x04,0x02,0x00,0x20,0x40,0x42,0x00,0x00,0x04,0x02,0x00,0x00,0x20, + 0x42,0x00,0x00,0x02,0x04,0x00,0x00,0x20,0x02,0x00,0x00,0x01,0x04,0x00,0x00, + 0x20,0x02,0x00,0x00,0x01,0x08,0x00,0x00,0x20,0x04,0x00,0x80,0x00,0x10,0x00, + 0x00,0x20,0x0c,0x00,0x80,0x00,0x60,0x00,0x00,0x10,0x08,0x00,0x40,0x00,0x80, + 0xff,0xff,0x0f,0x30,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0xc0,0xff,0x0f,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00}; diff --git a/crypto/heimdal/appl/xnlock/nose.1.right b/crypto/heimdal/appl/xnlock/nose.1.right new file mode 100644 index 0000000..f7c8962 --- /dev/null +++ b/crypto/heimdal/appl/xnlock/nose.1.right @@ -0,0 +1,38 @@ +#define nose_1_right_width 64 +#define nose_1_right_height 64 +static unsigned char nose_1_right_bits[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0xe0,0xff,0xff,0x03,0x00,0x00,0x00,0x00,0x20,0x00, + 0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20, + 0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00, + 0x20,0x00,0x00,0x02,0x00,0x00,0x00,0xfc,0xff,0xff,0xff,0xff,0x1f,0x00,0x00, + 0x04,0x00,0x00,0x00,0x00,0x10,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x10,0x00, + 0x00,0xfc,0xff,0xff,0xff,0xff,0x1f,0x00,0x00,0x00,0x01,0x00,0x00,0xc0,0x0f, + 0x00,0x00,0x80,0x01,0x00,0x00,0x30,0x70,0x00,0x00,0x80,0x00,0x00,0x00,0x0c, + 0xc0,0x00,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x01,0x00,0x40,0x00,0x00,0x00, + 0x03,0x00,0x02,0x00,0x20,0x00,0x00,0x00,0x01,0x00,0x04,0x00,0x20,0x00,0x00, + 0x00,0x00,0x00,0x08,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0x08,0x00,0x10,0x00, + 0x00,0x00,0x00,0x00,0x10,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08, + 0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00, + 0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10, + 0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00, + 0x10,0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x18,0x00,0x00,0x80,0x00, + 0x00,0x08,0x00,0x10,0x00,0x00,0x80,0x00,0x00,0x08,0x00,0x10,0x00,0x00,0x00, + 0x01,0x00,0x04,0x00,0x30,0x00,0x00,0x00,0x02,0x00,0x02,0x00,0x27,0x00,0x00, + 0x00,0x04,0x00,0x01,0xc0,0x64,0x00,0x00,0x00,0x18,0xc0,0x00,0x30,0x48,0x00, + 0x00,0x00,0xe0,0x3f,0x00,0x08,0x88,0xff,0xff,0xff,0x1f,0x00,0x00,0x04,0x10, + 0x00,0x00,0x00,0x00,0xf8,0x01,0x02,0x20,0x00,0x00,0xe0,0x03,0x06,0x06,0x02, + 0x40,0xf8,0x00,0x10,0x04,0x03,0x08,0x02,0x40,0x06,0x03,0x08,0x84,0x00,0x10, + 0x04,0x40,0x01,0x04,0x04,0x48,0x00,0x20,0x04,0xc0,0x00,0x18,0x02,0x28,0x00, + 0x43,0x08,0x40,0xc0,0x20,0x01,0x30,0x00,0x44,0x08,0x20,0x00,0x61,0x01,0x10, + 0x00,0x48,0x10,0x18,0x00,0x42,0x01,0x08,0x00,0x48,0x20,0x00,0x00,0x42,0x02, + 0x08,0x00,0x48,0x20,0x00,0x00,0x42,0x02,0x04,0x00,0x40,0x40,0x00,0x00,0x42, + 0x04,0x00,0x00,0x40,0x80,0x00,0x00,0x40,0x04,0x00,0x00,0x20,0x80,0x00,0x00, + 0x40,0x04,0x00,0x00,0x20,0x00,0x01,0x00,0x20,0x04,0x00,0x00,0x10,0x00,0x01, + 0x00,0x30,0x04,0x00,0x00,0x08,0x00,0x02,0x00,0x10,0x08,0x00,0x00,0x06,0x00, + 0x0c,0x00,0x0c,0xf0,0xff,0xff,0x01,0x00,0xf0,0xff,0x03,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00}; diff --git a/crypto/heimdal/appl/xnlock/nose.down b/crypto/heimdal/appl/xnlock/nose.down new file mode 100644 index 0000000..e8bdba4 --- /dev/null +++ b/crypto/heimdal/appl/xnlock/nose.down @@ -0,0 +1,38 @@ +#define nose_down_width 64 +#define nose_down_height 64 +static unsigned char nose_down_bits[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0xfc,0xff,0x01,0x00,0x00,0x00,0x00,0xc0,0x03,0x00,0x1e,0x00, + 0x00,0x00,0x00,0x38,0x00,0x00,0xe0,0x00,0x00,0x00,0x00,0x06,0x00,0x00,0x00, + 0x03,0x00,0x00,0x80,0x01,0x00,0x00,0x00,0x04,0x00,0x00,0x40,0x00,0x00,0x00, + 0x00,0x08,0x00,0x00,0x20,0x00,0x00,0x00,0x00,0x30,0x00,0x00,0x10,0x00,0x80, + 0x1f,0x00,0x40,0x00,0x00,0x08,0x00,0x60,0x60,0x00,0x80,0x00,0x00,0x08,0x00, + 0x10,0x80,0x00,0x80,0x00,0x00,0x04,0x00,0x08,0x00,0x01,0x00,0x01,0x00,0x04, + 0x00,0x08,0x00,0x01,0x00,0x01,0x00,0x02,0x00,0x18,0x80,0x01,0x00,0x02,0x00, + 0x02,0x00,0x68,0x60,0x01,0x00,0x02,0x00,0x02,0x00,0x88,0x1f,0x01,0x00,0x02, + 0x00,0x02,0x00,0x08,0x00,0x01,0x00,0x02,0x00,0x02,0x00,0x10,0x80,0x00,0x00, + 0x03,0x00,0x06,0x00,0x60,0x60,0x00,0x80,0x02,0x00,0x0c,0x00,0x80,0x1f,0x00, + 0x40,0x01,0x00,0x14,0x00,0x00,0x00,0x00,0x20,0x01,0x00,0x28,0x00,0x00,0x00, + 0x00,0x90,0x00,0x00,0x50,0x00,0x00,0x00,0x00,0x48,0x00,0x00,0xa0,0x01,0x00, + 0x00,0x00,0x26,0x00,0x00,0x40,0x1e,0x00,0x00,0xc0,0x11,0x00,0x00,0x80,0xe1, + 0x03,0x00,0x3c,0x0c,0x00,0x00,0x00,0x0e,0xfc,0xff,0x83,0x03,0x00,0x00,0x00, + 0xf0,0x01,0x00,0x78,0x00,0x00,0x00,0x00,0x00,0xfe,0xff,0x0f,0x00,0x00,0x00, + 0x00,0x80,0x03,0x00,0x0c,0x00,0x00,0x00,0x00,0x80,0x02,0x00,0x14,0x00,0x00, + 0x00,0x00,0x60,0x04,0x00,0x12,0x00,0x00,0xc0,0x7f,0x10,0x04,0x00,0x22,0xe0, + 0x01,0x70,0xc0,0x18,0x08,0x00,0x61,0x1c,0x06,0x10,0x00,0x0f,0x30,0xc0,0x80, + 0x07,0x08,0x08,0x00,0x06,0xc0,0x3f,0x80,0x01,0x08,0x08,0x00,0x18,0x00,0x02, + 0xc0,0x00,0x10,0x04,0x00,0x30,0x00,0x05,0x30,0x00,0x10,0x04,0x00,0x00,0x80, + 0x08,0x18,0x00,0x20,0x04,0x00,0x00,0x80,0x08,0x00,0x00,0x20,0x04,0x00,0x00, + 0x40,0x10,0x00,0x00,0x20,0x24,0x00,0x00,0x40,0x10,0x00,0x00,0x22,0x24,0x00, + 0x00,0x40,0x10,0x00,0x00,0x22,0x44,0x00,0x00,0x40,0x10,0x00,0x00,0x11,0x84, + 0x01,0x00,0xc0,0x18,0x00,0xc0,0x10,0x08,0x00,0x00,0x80,0x08,0x00,0x00,0x08, + 0x30,0x00,0x00,0x80,0x08,0x00,0x00,0x04,0xe0,0xff,0xff,0xff,0xf8,0xff,0xff, + 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00}; diff --git a/crypto/heimdal/appl/xnlock/nose.front b/crypto/heimdal/appl/xnlock/nose.front new file mode 100644 index 0000000..64b8201 --- /dev/null +++ b/crypto/heimdal/appl/xnlock/nose.front @@ -0,0 +1,38 @@ +#define nose_front_width 64 +#define nose_front_height 64 +static unsigned char nose_front_bits[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0xc0,0xff,0xff,0x07,0x00,0x00,0x00,0x00,0x40,0x00, + 0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40, + 0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00, + 0x40,0x00,0x00,0x04,0x00,0x00,0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00, + 0x08,0x00,0xc0,0x1f,0x00,0x20,0x00,0x00,0x08,0x00,0x30,0x60,0x00,0x20,0x00, + 0x00,0xf8,0xff,0x0f,0x80,0xff,0x3f,0x00,0x00,0x00,0x02,0x02,0x00,0x82,0x00, + 0x00,0x00,0x00,0x03,0x01,0x00,0x84,0x01,0x00,0x00,0x00,0x81,0x00,0x00,0x08, + 0x01,0x00,0x00,0x80,0x80,0x00,0x00,0x08,0x02,0x00,0x00,0x80,0x40,0x00,0x00, + 0x10,0x02,0x00,0x00,0x40,0x40,0x00,0x00,0x10,0x04,0x00,0x00,0x40,0x20,0x00, + 0x00,0x20,0x04,0x00,0x00,0x60,0x20,0x00,0x00,0x20,0x0c,0x00,0x00,0x20,0x20, + 0x00,0x00,0x20,0x08,0x00,0x00,0x20,0x20,0x00,0x00,0x20,0x08,0x00,0x00,0x10, + 0x20,0x00,0x00,0x20,0x10,0x00,0x00,0x10,0x20,0x00,0x00,0x20,0x10,0x00,0x00, + 0x10,0x20,0x00,0x00,0x20,0x10,0x00,0x00,0x10,0x40,0x00,0x00,0x10,0x10,0x00, + 0x00,0x10,0x40,0x00,0x00,0x10,0x10,0x00,0x00,0x10,0x80,0x00,0x00,0x08,0x10, + 0x00,0x00,0x10,0x80,0x00,0x00,0x08,0x10,0x00,0x00,0x30,0x00,0x01,0x00,0x04, + 0x18,0x00,0x00,0x20,0x00,0x02,0x00,0x02,0x08,0x00,0x00,0x20,0x00,0x0c,0x80, + 0x01,0x08,0x00,0x00,0x60,0x00,0x30,0x60,0x00,0x0c,0x00,0x00,0x40,0x00,0xc0, + 0x1f,0x00,0x04,0x00,0x00,0xc0,0x00,0x00,0x00,0x00,0x06,0x00,0x00,0x00,0x01, + 0x00,0x00,0x00,0x02,0x00,0x00,0x00,0xfe,0xff,0xff,0xff,0x01,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x80,0x0f,0xc0,0x0f,0x00,0x00,0x00, + 0x00,0x40,0x10,0x20,0x10,0x00,0x00,0x00,0x00,0x20,0x60,0x30,0x20,0x00,0x00, + 0x00,0x00,0x20,0xc0,0x18,0x20,0x00,0x00,0xc0,0x7f,0x10,0x80,0x0d,0x40,0xe0, + 0x01,0x70,0xc0,0x18,0x00,0x05,0x40,0x1c,0x06,0x10,0x00,0x0f,0x00,0x05,0x80, + 0x07,0x08,0x08,0x00,0x06,0x00,0x05,0x80,0x01,0x08,0x08,0x00,0x18,0x00,0x05, + 0xc0,0x00,0x10,0x04,0x00,0x30,0x00,0x05,0x30,0x00,0x10,0x04,0x00,0x00,0x80, + 0x08,0x18,0x00,0x20,0x04,0x00,0x00,0x80,0x08,0x00,0x00,0x20,0x04,0x00,0x00, + 0x40,0x10,0x00,0x00,0x20,0x24,0x00,0x00,0x40,0x10,0x00,0x00,0x22,0x24,0x00, + 0x00,0x40,0x10,0x00,0x00,0x22,0x44,0x00,0x00,0x40,0x10,0x00,0x00,0x11,0x84, + 0x01,0x00,0xc0,0x18,0x00,0xc0,0x10,0x08,0x00,0x00,0x80,0x08,0x00,0x00,0x08, + 0x30,0x00,0x00,0x80,0x08,0x00,0x00,0x04,0xe0,0xff,0xff,0xff,0xf8,0xff,0xff, + 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00}; diff --git a/crypto/heimdal/appl/xnlock/nose.left.front b/crypto/heimdal/appl/xnlock/nose.left.front new file mode 100644 index 0000000..3a871ea --- /dev/null +++ b/crypto/heimdal/appl/xnlock/nose.left.front @@ -0,0 +1,38 @@ +#define nose_left_front_width 64 +#define nose_left_front_height 64 +static unsigned char nose_left_front_bits[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0xc0,0xff,0xff,0x07,0x00,0x00,0x00,0x00,0x40,0x00, + 0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40, + 0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x40,0x00,0x00,0x04,0x00,0x00,0x00,0x00, + 0x40,0x00,0x00,0x04,0x00,0x00,0x00,0xf8,0xff,0xff,0xff,0xff,0x3f,0x00,0x00, + 0x08,0x00,0xe0,0x0f,0x00,0x20,0x00,0x00,0x08,0x00,0x18,0x30,0x00,0x20,0x00, + 0x00,0xf8,0xff,0x07,0xc0,0xff,0x3f,0x00,0x00,0x00,0x02,0x01,0x00,0x81,0x00, + 0x00,0x00,0x00,0x83,0x00,0x00,0x82,0x01,0x00,0x00,0x00,0x41,0x00,0x00,0x04, + 0x01,0x00,0x00,0x80,0x40,0x00,0x00,0x04,0x02,0x00,0x00,0x80,0x20,0x00,0x00, + 0x08,0x02,0x00,0x00,0x40,0x20,0x00,0x00,0x08,0x04,0x00,0x00,0x40,0x10,0x00, + 0x00,0x10,0x04,0x00,0x00,0x60,0x10,0x00,0x00,0x10,0x0c,0x00,0x00,0x20,0x10, + 0x00,0x00,0x10,0x08,0x00,0x00,0x30,0x10,0x00,0x00,0x10,0x08,0x00,0x00,0x10, + 0x10,0x00,0x00,0x10,0x10,0x00,0x00,0x10,0x10,0x00,0x00,0x10,0x10,0x00,0x00, + 0x10,0x10,0x00,0x00,0x10,0x10,0x00,0x00,0x10,0x20,0x00,0x00,0x08,0x10,0x00, + 0x00,0x10,0x20,0x00,0x00,0x08,0x10,0x00,0x00,0x10,0x40,0x00,0x00,0x04,0x10, + 0x00,0x00,0x30,0x40,0x00,0x00,0x04,0x10,0x00,0x00,0x20,0x80,0x00,0x00,0x02, + 0x18,0x00,0x00,0x20,0x00,0x01,0x00,0x01,0x08,0x00,0x00,0x60,0x00,0x06,0xc0, + 0x00,0x08,0x00,0x00,0x80,0x00,0x18,0x30,0x00,0x0c,0x00,0x00,0x80,0x00,0xe0, + 0x0f,0x00,0x04,0x00,0x00,0x80,0x01,0x00,0x00,0x00,0x06,0x00,0x00,0x00,0x01, + 0x00,0x00,0x00,0x02,0x00,0x00,0x00,0xfe,0xff,0xff,0xff,0x01,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xf8,0x0f,0x00,0x00,0x00, + 0x00,0xff,0x00,0x04,0x10,0x00,0x00,0x00,0xe0,0x00,0x07,0x02,0x10,0x00,0x00, + 0x00,0x30,0x00,0x8c,0x01,0x20,0x00,0x00,0x00,0x0c,0x00,0x90,0x00,0x20,0x00, + 0x00,0x00,0x04,0x03,0x60,0x00,0x20,0x00,0x00,0x00,0xc2,0x00,0xc0,0x00,0x20, + 0x00,0x00,0x00,0x42,0x00,0x00,0x01,0x20,0x00,0x00,0x00,0x21,0x00,0x00,0x02, + 0x20,0x00,0x00,0x00,0x21,0x00,0x00,0x06,0x20,0x00,0x00,0x00,0x21,0x00,0x00, + 0x00,0x20,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x03,0x00, + 0x00,0x00,0x40,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x02, + 0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x20,0x00,0x00,0x00, + 0x18,0x00,0x00,0x00,0x20,0x00,0x00,0x00,0x70,0x00,0x00,0x00,0x10,0x00,0x00, + 0x00,0xc0,0xff,0xff,0xff,0x0f,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00}; diff --git a/crypto/heimdal/appl/xnlock/nose.right.front b/crypto/heimdal/appl/xnlock/nose.right.front new file mode 100644 index 0000000..f821417 --- /dev/null +++ b/crypto/heimdal/appl/xnlock/nose.right.front @@ -0,0 +1,38 @@ +#define nose_right_front_width 64 +#define nose_right_front_height 64 +static unsigned char nose_right_front_bits[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0xe0,0xff,0xff,0x03,0x00,0x00,0x00,0x00,0x20,0x00, + 0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20, + 0x00,0x00,0x02,0x00,0x00,0x00,0x00,0x20,0x00,0x00,0x02,0x00,0x00,0x00,0x00, + 0x20,0x00,0x00,0x02,0x00,0x00,0x00,0xfc,0xff,0xff,0xff,0xff,0x1f,0x00,0x00, + 0x04,0x00,0xf0,0x07,0x00,0x10,0x00,0x00,0x04,0x00,0x0c,0x18,0x00,0x10,0x00, + 0x00,0xfc,0xff,0x03,0xe0,0xff,0x1f,0x00,0x00,0x00,0x81,0x00,0x80,0x40,0x00, + 0x00,0x00,0x80,0x41,0x00,0x00,0xc1,0x00,0x00,0x00,0x80,0x20,0x00,0x00,0x82, + 0x00,0x00,0x00,0x40,0x20,0x00,0x00,0x02,0x01,0x00,0x00,0x40,0x10,0x00,0x00, + 0x04,0x01,0x00,0x00,0x20,0x10,0x00,0x00,0x04,0x02,0x00,0x00,0x20,0x08,0x00, + 0x00,0x08,0x02,0x00,0x00,0x30,0x08,0x00,0x00,0x08,0x06,0x00,0x00,0x10,0x08, + 0x00,0x00,0x08,0x04,0x00,0x00,0x10,0x08,0x00,0x00,0x08,0x0c,0x00,0x00,0x08, + 0x08,0x00,0x00,0x08,0x08,0x00,0x00,0x08,0x08,0x00,0x00,0x08,0x08,0x00,0x00, + 0x08,0x08,0x00,0x00,0x08,0x08,0x00,0x00,0x08,0x10,0x00,0x00,0x04,0x08,0x00, + 0x00,0x08,0x10,0x00,0x00,0x04,0x08,0x00,0x00,0x08,0x20,0x00,0x00,0x02,0x08, + 0x00,0x00,0x08,0x20,0x00,0x00,0x02,0x0c,0x00,0x00,0x18,0x40,0x00,0x00,0x01, + 0x04,0x00,0x00,0x10,0x80,0x00,0x80,0x00,0x04,0x00,0x00,0x10,0x00,0x03,0x60, + 0x00,0x06,0x00,0x00,0x30,0x00,0x0c,0x18,0x00,0x01,0x00,0x00,0x20,0x00,0xf0, + 0x07,0x00,0x01,0x00,0x00,0x60,0x00,0x00,0x00,0x80,0x01,0x00,0x00,0x40,0x00, + 0x00,0x00,0x80,0x00,0x00,0x00,0x80,0xff,0xff,0xff,0x7f,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xf0,0x1f,0x00,0x00,0x00,0x00,0x00, + 0x00,0x08,0x20,0x00,0xff,0x00,0x00,0x00,0x00,0x08,0x40,0xe0,0x00,0x07,0x00, + 0x00,0x00,0x04,0x80,0x31,0x00,0x0c,0x00,0x00,0x00,0x04,0x00,0x09,0x00,0x30, + 0x00,0x00,0x00,0x04,0x00,0x06,0xc0,0x20,0x00,0x00,0x00,0x04,0x00,0x03,0x00, + 0x43,0x00,0x00,0x00,0x04,0x80,0x00,0x00,0x42,0x00,0x00,0x00,0x04,0x40,0x00, + 0x00,0x84,0x00,0x00,0x00,0x04,0x60,0x00,0x00,0x84,0x00,0x00,0x00,0x04,0x00, + 0x00,0x00,0x84,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x80,0x00,0x00,0x00,0x02, + 0x00,0x00,0x00,0xc0,0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00, + 0x02,0x00,0x00,0x00,0x40,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x20,0x00,0x00, + 0x00,0x04,0x00,0x00,0x00,0x18,0x00,0x00,0x00,0x08,0x00,0x00,0x00,0x0e,0x00, + 0x00,0x00,0xf0,0xff,0xff,0xff,0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00}; diff --git a/crypto/heimdal/appl/xnlock/xnlock.1 b/crypto/heimdal/appl/xnlock/xnlock.1 new file mode 100644 index 0000000..c62417d --- /dev/null +++ b/crypto/heimdal/appl/xnlock/xnlock.1 @@ -0,0 +1,123 @@ +.\" xnlock -- Dan Heller 1985 <argv@sun.com> +.TH XNLOCK 1L "19 April 1990" +.SH NAME +xnlock \- amusing lock screen program with message for passers-by +.SH SYNOPSIS +.B xnlock +[ +\fIoptions\fP +] +[ +\fImessage\fP +] +.SH DESCRIPTION +.I xnlock +is a program that acts as a screen saver for workstations running X11. +It also "locks" the screen such that the workstation can be left +unattended without worry that someone else will walk up to it and +mess everything up. When \fIxnlock\fP is running, a little man with +a big nose and a hat runs around spewing out messages to the screen. +By default, the messages are "humorous", but that depends on your +sense of humor. +.LP +If a key or mouse button is pressed, a prompt is printed requesting the +user's password. If a RETURN is not typed within 30 seconds, +the little man resumes running around. +.LP +Text on the command line is used as the message. For example: +.br + % xnlock I\'m out to lunch for a couple of hours. +.br +Note the need to quote shell metacharacters. +.LP +In the absence of flags or text, \fIxnlock\fP displays random fortunes. +.SH OPTIONS +Command line options override all resource specifications. +All arguments that are not associated with a command line option +is taken to be message text that the little man will "say" every +once in a while. The resource \fBxnlock.text\fP may be set to +a string. +.TP +.BI \-fn " fontname" +The default font is the first 18 point font in the \fInew century schoolbook\fP +family. While larger fonts are recokmmended over smaller ones, any font +in the server's font list will work. The resource to use for this option +is \fBxnlock.font\fP. +.TP +.BI \-filename " filename" +Take the message to be displayed from the file \fIfilename\fP. +If \fIfilename\fP is not specified, \fI$HOME/.msgfile\fP is used. +If the contents of the file are changed during runtime, the most recent text +of the file is used (allowing the displayed message to be altered remotely). +Carriage returns within the text are allowed, but tabs or other control +characters are not translated and should not be used. +The resource available for this option is \fBxnlock.file\fP. +.TP +.BI \-ar +Accept root's password to unlock screen. This option is true by +default. The reason for this is so that someone's screen may be +unlocked by autorized users in case of emergency and the person +running the program is still out to lunch. The resource available +for specifying this option is \fBxnlock.acceptRootPasswd\fP. +.TP +.BI \-noar +Don't accept root's password. This option is for paranoids who +fear their peers might breakin using root's password and remove +their files anyway. Specifying this option on the command line +overrides the \fBxnlock.acceptRootPasswd\fP if set to True. +.TP +.BI \-ip +Ignore password prompt. +The resource available for this option is \fBxnlock.ignorePasswd\fP. +.TP +.BI \-noip +Don't ignore password prompt. This is available in order to +override the resource \fBignorePasswd\fP if set to True. +.TP +.BI -fg " color" +Specifies the foreground color. The resource available for this +is \fBxnlock.foreground\fP. +.TP +.BI -bg " color" +Specifies the background color. The resource available for this +is \fBxnlock.background\fP. +.TP +.BI \-rv +Reverse the foreground and background colors. +The resource for this is \fBxvnlock.reverseVideo\fP. +.TP +.BI \-norv +Don't use reverse video. This is available to override the reverseVideo +resource if set to True. +.TP +.BI \-prog " program" +Receive message text from the running program \fIprogram\fP. If there +are arguments to \fIprogram\fP, encase them with the name of the program in +quotes (e.g. xnlock -t "fortune -o"). +The resource for this is \fBxnlock.program\fP. +.SH RESOURCES +.br +xnlock.font: fontname +.br +xnlock.foreground: color +.br +xnlock.background: color +.br +xnlock.reverseVideo: True/False +.br +xnlock.text: Some random text string +.br +xnlock.program: program [args] +.br +xnlock.ignorePasswd: True/False +.br +xnlock.acceptRootPasswd: True/False +.SH FILES +\fIxnlock\fP executable file +.br +~/.msgfile default message file +.SH AUTHOR +Dan Heller <argv@sun.com> Copyright (c) 1985, 1990. +.br +The original version of this program was written using pixrects on +a Sun 2 running SunOS 1.1. diff --git a/crypto/heimdal/appl/xnlock/xnlock.c b/crypto/heimdal/appl/xnlock/xnlock.c new file mode 100644 index 0000000..da61baf --- /dev/null +++ b/crypto/heimdal/appl/xnlock/xnlock.c @@ -0,0 +1,1117 @@ +/* + * xnlock -- Dan Heller, 1990 + * "nlock" is a "new lockscreen" type program... something that prevents + * screen burnout by making most of it "black" while providing something + * of interest to be displayed in case anyone is watching. + * "xnlock" is the X11 version of the program. + * Original sunview version written by Dan Heller 1985 (not included here). + */ +#ifdef HAVE_CONFIG_H +#include <config.h> +RCSID("$Id: xnlock.c,v 1.85 2001/03/15 17:13:13 joda Exp $"); +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <signal.h> +#include <X11/StringDefs.h> +#include <X11/Intrinsic.h> +#include <X11/keysym.h> +#include <X11/Shell.h> +#include <X11/Xos.h> +#ifdef strerror +#undef strerror +#endif +#include <ctype.h> +#ifdef HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#ifdef HAVE_PWD_H +#include <pwd.h> +#endif + +#ifdef KRB5 +#include <krb5.h> +#endif +#ifdef KRB4 +#include <krb.h> +#include <kafs.h> +#endif + +#include <roken.h> +#include <err.h> + +static char login[16]; +static char userprompt[128]; +#ifdef KRB4 +static char name[ANAME_SZ]; +static char inst[INST_SZ]; +static char realm[REALM_SZ]; +#endif +#ifdef KRB5 +static krb5_context context; +static krb5_principal client; +#endif + +#define font_height(font) (font->ascent + font->descent) + +static char *SPACE_STRING = " "; +static char STRING[] = "****************"; + +#define STRING_LENGTH (sizeof(STRING)) +#define MAX_PASSWD_LENGTH 256 +/* (sizeof(STRING)) */ + +#define PROMPT "Password: " +#define FAIL_MSG "Sorry, try again" +#define LEFT 001 +#define RIGHT 002 +#define DOWN 004 +#define UP 010 +#define FRONT 020 +#define X_INCR 3 +#define Y_INCR 2 +#define XNLOCK_CTRL 1 +#define XNLOCK_NOCTRL 0 + +static XtAppContext app; +static Display *dpy; +static unsigned short Width, Height; +static Widget widget; +static GC gc; +static XtIntervalId timeout_id; +static char *words; +static int x, y; +static Pixel Black, White; +static XFontStruct *font; +static char root_cpass[128]; +static char user_cpass[128]; +static int time_left, prompt_x, prompt_y, time_x, time_y; +static unsigned long interval; +static Pixmap left0, left1, right0, right1, left_front, + right_front, front, down; + +#define MAXLINES 40 + +#define IS_MOVING 1 +#define GET_PASSWD 2 +static int state; /* indicates states: walking or getting passwd */ + +static int ALLOW_LOGOUT = (60*10); /* Allow logout after nn seconds */ +#define LOGOUT_PASSWD "enuHDmTo5Lq4g" /* when given password "LOGOUT" */ +static time_t locked_at; + +struct appres_t { + Pixel bg; + Pixel fg; + XFontStruct *font; + Boolean ignore_passwd; + Boolean do_reverse; + Boolean accept_root; + char *text, *text_prog, *file, *logoutPasswd; + Boolean no_screensaver; + Boolean destroytickets; +} appres; + +static XtResource resources[] = { + { XtNbackground, XtCBackground, XtRPixel, sizeof(Pixel), + XtOffsetOf(struct appres_t, bg), XtRString, "black" }, + + { XtNforeground, XtCForeground, XtRPixel, sizeof(Pixel), + XtOffsetOf(struct appres_t, fg), XtRString, "white" }, + + { XtNfont, XtCFont, XtRFontStruct, sizeof (XFontStruct *), + XtOffsetOf(struct appres_t, font), + XtRString, "-*-new century schoolbook-*-*-*-18-*" }, + + { "ignorePasswd", "IgnorePasswd", XtRBoolean, sizeof(Boolean), + XtOffsetOf(struct appres_t,ignore_passwd),XtRImmediate,(XtPointer)False }, + + { "acceptRootPasswd", "AcceptRootPasswd", XtRBoolean, sizeof(Boolean), + XtOffsetOf(struct appres_t, accept_root), XtRImmediate, (XtPointer)True }, + + { "text", "Text", XtRString, sizeof(String), + XtOffsetOf(struct appres_t, text), XtRString, "I'm out running around." }, + + { "program", "Program", XtRString, sizeof(String), + XtOffsetOf(struct appres_t, text_prog), XtRImmediate, NULL }, + + { "file", "File", XtRString, sizeof(String), + XtOffsetOf(struct appres_t,file), XtRImmediate, NULL }, + + { "logoutPasswd", "logoutPasswd", XtRString, sizeof(String), + XtOffsetOf(struct appres_t, logoutPasswd), XtRString, LOGOUT_PASSWD }, + + { "noScreenSaver", "NoScreenSaver", XtRBoolean, sizeof(Boolean), + XtOffsetOf(struct appres_t,no_screensaver), XtRImmediate, (XtPointer)True }, + + { "destroyTickets", "DestroyTickets", XtRBoolean, sizeof(Boolean), + XtOffsetOf(struct appres_t,destroytickets), XtRImmediate, (XtPointer)True }, +}; + +static XrmOptionDescRec options[] = { + { "-fg", ".foreground", XrmoptionSepArg, NULL }, + { "-foreground", ".foreground", XrmoptionSepArg, NULL }, + { "-fn", ".font", XrmoptionSepArg, NULL }, + { "-font", ".font", XrmoptionSepArg, NULL }, + { "-ip", ".ignorePasswd", XrmoptionNoArg, "True" }, + { "-noip", ".ignorePasswd", XrmoptionNoArg, "False" }, + { "-ar", ".acceptRootPasswd", XrmoptionNoArg, "True" }, + { "-noar", ".acceptRootPasswd", XrmoptionNoArg, "False" }, + { "-nonoscreensaver", ".noScreenSaver", XrmoptionNoArg, "False" }, + { "-nodestroytickets", ".destroyTickets", XrmoptionNoArg, "False" }, +}; + +static char* +get_words(void) +{ + FILE *pp = NULL; + static char buf[512]; + long n; + + if (appres.text_prog) { + pp = popen(appres.text_prog, "r"); + if (!pp) { + warn("popen %s", appres.text_prog); + return appres.text; + } + n = fread(buf, 1, sizeof(buf) - 1, pp); + buf[n] = 0; + pclose(pp); + return buf; + } + if (appres.file) { + pp = fopen(appres.file, "r"); + if (!pp) { + warn("fopen %s", appres.file); + return appres.text; + } + n = fread(buf, 1, sizeof(buf) - 1, pp); + buf[n] = 0; + fclose(pp); + return buf; + } + + return appres.text; +} + +static void +usage(void) +{ + fprintf(stderr, "usage: %s [options] [message]\n", getprogname()); + fprintf(stderr, "-fg color foreground color\n"); + fprintf(stderr, "-bg color background color\n"); + fprintf(stderr, "-rv reverse foreground/background colors\n"); + fprintf(stderr, "-nrv no reverse video\n"); + fprintf(stderr, "-ip ignore passwd\n"); + fprintf(stderr, "-nip don't ignore passwd\n"); + fprintf(stderr, "-ar accept root's passwd to unlock\n"); + fprintf(stderr, "-nar don't accept root's passwd\n"); + fprintf(stderr, "-f [file] message is read from file or ~/.msgfile\n"); + fprintf(stderr, "-prog program text is gotten from executing `program'\n"); + fprintf(stderr, "-nodestroytickets keep kerberos tickets\n"); + exit(1); +} + +static void +init_words (int argc, char **argv) +{ + int i = 0; + + while(argv[i]) { + if(strcmp(argv[i], "-p") == 0 + || strcmp(argv[i], "-prog") == 0) { + i++; + if(argv[i]) { + appres.text_prog = argv[i]; + i++; + } else { + warnx ("-p requires an argument"); + usage(); + } + } else if(strcmp(argv[i], "-f") == 0) { + i++; + if(argv[i]) { + appres.file = argv[i]; + i++; + } else { + asprintf (&appres.file, + "%s/.msgfile", getenv("HOME")); + if (appres.file == NULL) + errx (1, "cannot allocate memory for message"); + } + } else { + int j; + int len = 1; + for(j = i; argv[j]; j++) + len += strlen(argv[j]) + 1; + appres.text = malloc(len); + if (appres.text == NULL) + errx (1, "cannot allocate memory for message"); + appres.text[0] = 0; + for(; i < j; i++){ + strlcat(appres.text, argv[i], len); + strlcat(appres.text, " ", len); + } + } + } +} + +static void +ScreenSaver(int save) +{ + static int timeout, interval, prefer_blank, allow_exp; + if(!appres.no_screensaver){ + if (save) { + XGetScreenSaver(dpy, &timeout, &interval, + &prefer_blank, &allow_exp); + XSetScreenSaver(dpy, 0, interval, prefer_blank, allow_exp); + } else + /* restore state */ + XSetScreenSaver(dpy, timeout, interval, prefer_blank, allow_exp); + } +} + +/* Forward decls necessary */ +static void talk(int force_erase); +static unsigned long look(void); + +static int +zrefresh(void) +{ + switch (fork()) { + case -1: + warn ("zrefresh: fork"); + return -1; + case 0: + /* Child */ + execlp("zrefresh", "zrefresh", 0); + execl(BINDIR "/zrefresh", "zrefresh", 0); + return -1; + default: + /* Parent */ + break; + } + return 0; +} + +static void +leave(void) +{ + XUngrabPointer(dpy, CurrentTime); + XUngrabKeyboard(dpy, CurrentTime); + ScreenSaver(0); + XCloseDisplay(dpy); + zrefresh(); + exit(0); +} + +static void +walk(int dir) +{ + int incr = 0; + static int lastdir; + static int up = 1; + static Pixmap frame; + + XSetForeground(dpy, gc, White); + XSetBackground(dpy, gc, Black); + if (dir & (LEFT|RIGHT)) { /* left/right movement (mabye up/down too) */ + up = -up; /* bouncing effect (even if hit a wall) */ + if (dir & LEFT) { + incr = X_INCR; + frame = (up < 0) ? left0 : left1; + } else { + incr = -X_INCR; + frame = (up < 0) ? right0 : right1; + } + if ((lastdir == FRONT || lastdir == DOWN) && dir & UP) { + /* workaround silly bug that leaves screen dust when + * guy is facing forward or down and moves up-left/right. + */ + XCopyPlane(dpy, frame, XtWindow(widget), gc, 0, 0, 64,64, x, y, 1L); + XFlush(dpy); + } + /* note that maybe neither UP nor DOWN is set! */ + if (dir & UP && y > Y_INCR) + y -= Y_INCR; + else if (dir & DOWN && y < (int)Height - 64) + y += Y_INCR; + } + /* Explicit up/down movement only (no left/right) */ + else if (dir == UP) + XCopyPlane(dpy, front, XtWindow(widget), gc, + 0,0, 64,64, x, y -= Y_INCR, 1L); + else if (dir == DOWN) + XCopyPlane(dpy, down, XtWindow(widget), gc, + 0,0, 64,64, x, y += Y_INCR, 1L); + else if (dir == FRONT && frame != front) { + if (up > 0) + up = -up; + if (lastdir & LEFT) + frame = left_front; + else if (lastdir & RIGHT) + frame = right_front; + else + frame = front; + XCopyPlane(dpy, frame, XtWindow(widget), gc, 0, 0, 64,64, x, y, 1L); + } + if (dir & LEFT) + while(--incr >= 0) { + XCopyPlane(dpy, frame, XtWindow(widget), gc, + 0,0, 64,64, --x, y+up, 1L); + XFlush(dpy); + } + else if (dir & RIGHT) + while(++incr <= 0) { + XCopyPlane(dpy, frame, XtWindow(widget), gc, + 0,0, 64,64, ++x, y+up, 1L); + XFlush(dpy); + } + lastdir = dir; +} + +static int +think(void) +{ + if (rand() & 1) + walk(FRONT); + if (rand() & 1) { + words = get_words(); + return 1; + } + return 0; +} + +static void +move(XtPointer _p, XtIntervalId *_id) +{ + static int length, dir; + + if (!length) { + int tries = 0; + dir = 0; + if ((rand() & 1) && think()) { + talk(0); /* sets timeout to itself */ + return; + } + if (!(rand() % 3) && (interval = look())) { + timeout_id = XtAppAddTimeOut(app, interval, move, NULL); + return; + } + interval = 20 + rand() % 100; + do { + if (!tries) + length = Width/100 + rand() % 90, tries = 8; + else + tries--; + switch (rand() % 8) { + case 0: + if (x - X_INCR*length >= 5) + dir = LEFT; + case 1: + if (x + X_INCR*length <= (int)Width - 70) + dir = RIGHT; + case 2: + if (y - (Y_INCR*length) >= 5) + dir = UP, interval = 40; + case 3: + if (y + Y_INCR*length <= (int)Height - 70) + dir = DOWN, interval = 20; + case 4: + if (x - X_INCR*length >= 5 && y - (Y_INCR*length) >= 5) + dir = (LEFT|UP); + case 5: + if (x + X_INCR * length <= (int)Width - 70 && + y-Y_INCR * length >= 5) + dir = (RIGHT|UP); + case 6: + if (x - X_INCR * length >= 5 && + y + Y_INCR * length <= (int)Height - 70) + dir = (LEFT|DOWN); + case 7: + if (x + X_INCR*length <= (int)Width - 70 && + y + Y_INCR*length <= (int)Height - 70) + dir = (RIGHT|DOWN); + } + } while (!dir); + } + walk(dir); + --length; + timeout_id = XtAppAddTimeOut(app, interval, move, NULL); +} + +static void +post_prompt_box(Window window) +{ + int width = (Width / 3); + int height = font_height(font) * 6; + int box_x, box_y; + + /* make sure the entire nose icon fits in the box */ + if (height < 100) + height = 100; + + if(width < 105 + font->max_bounds.width*STRING_LENGTH) + width = 105 + font->max_bounds.width*STRING_LENGTH; + box_x = (Width - width) / 2; + time_x = prompt_x = box_x + 105; + + time_y = prompt_y = Height / 2; + box_y = prompt_y - 3 * font_height(font); + + /* erase current guy -- text message may still exist */ + XSetForeground(dpy, gc, Black); + XFillRectangle(dpy, window, gc, x, y, 64, 64); + talk(1); /* forcefully erase message if one is being displayed */ + /* Clear area in middle of screen for prompt box */ + XSetForeground(dpy, gc, White); + XFillRectangle(dpy, window, gc, box_x, box_y, width, height); + + /* make a box that's 5 pixels thick. Then add a thin box inside it */ + XSetForeground(dpy, gc, Black); + XSetLineAttributes(dpy, gc, 5, 0, 0, 0); + XDrawRectangle(dpy, window, gc, box_x+5, box_y+5, width-10, height-10); + XSetLineAttributes(dpy, gc, 0, 0, 0, 0); + XDrawRectangle(dpy, window, gc, box_x+12, box_y+12, width-23, height-23); + + XDrawString(dpy, window, gc, + prompt_x, prompt_y-font_height(font), + userprompt, strlen(userprompt)); + XDrawString(dpy, window, gc, prompt_x, prompt_y, PROMPT, strlen(PROMPT)); + /* set background for copyplane and DrawImageString; need reverse video */ + XSetBackground(dpy, gc, White); + XCopyPlane(dpy, right0, window, gc, 0,0, 64,64, + box_x + 20, box_y + (height - 64)/2, 1L); + prompt_x += XTextWidth(font, PROMPT, strlen(PROMPT)); + time_y += 2*font_height(font); +} + +static void +RaiseWindow(Widget w, XEvent *ev, String *s, Cardinal *n) +{ + Widget x; + if(!XtIsRealized(w)) + return; + x = XtParent(w); + XRaiseWindow(dpy, XtWindow(x)); +} + + +static void +ClearWindow(Widget w, XEvent *_event, String *_s, Cardinal *_n) +{ + XExposeEvent *event = (XExposeEvent *)_event; + if (!XtIsRealized(w)) + return; + XClearArea(dpy, XtWindow(w), event->x, event->y, + event->width, event->height, False); + if (state == GET_PASSWD) + post_prompt_box(XtWindow(w)); + if (timeout_id == 0 && event->count == 0) { + timeout_id = XtAppAddTimeOut(app, 1000L, move, NULL); + /* first grab the input focus */ + XSetInputFocus(dpy, XtWindow(w), RevertToPointerRoot, CurrentTime); + /* now grab the pointer and keyboard and contrain to this window */ + XGrabPointer(dpy, XtWindow(w), TRUE, 0, GrabModeAsync, + GrabModeAsync, XtWindow(w), None, CurrentTime); + } +} + +static void +countdown(XtPointer _t, XtIntervalId *_d) +{ + int *timeout = (int *)_t; + char buf[128]; + time_t seconds; + + if (--(*timeout) < 0) { + XExposeEvent event; + XtRemoveTimeOut(timeout_id); + state = IS_MOVING; + event.x = event.y = 0; + event.width = Width, event.height = Height; + ClearWindow(widget, (XEvent *)&event, 0, 0); + timeout_id = XtAppAddTimeOut(app, 200L, move, NULL); + return; + } + seconds = time(0) - locked_at; + if (seconds >= 3600) + snprintf(buf, sizeof(buf), + "Locked for %d:%02d:%02d ", + (int)seconds/3600, (int)seconds/60%60, (int)seconds%60); + else + snprintf(buf, sizeof(buf), + "Locked for %2d:%02d ", + (int)seconds/60, (int)seconds%60); + + XDrawImageString(dpy, XtWindow(widget), gc, + time_x, time_y, buf, strlen(buf)); + XtAppAddTimeOut(app, 1000L, countdown, timeout); + return; +} + +#ifdef KRB5 +static int +verify_krb5(const char *password) +{ + krb5_error_code ret; + krb5_ccache id; + + krb5_cc_default(context, &id); + ret = krb5_verify_user(context, + client, + id, + password, + 0, + NULL); + if (ret == 0){ +#ifdef KRB4 + if (krb5_config_get_bool(context, NULL, + "libdefaults", + "krb4_get_tickets", + NULL)) { + CREDENTIALS c; + krb5_creds mcred, cred; + char krb4tkfile[MAXPATHLEN]; + + krb5_make_principal(context, &mcred.server, + client->realm, + "krbtgt", + client->realm, + NULL); + ret = krb5_cc_retrieve_cred(context, id, 0, &mcred, &cred); + if(ret == 0) { + ret = krb524_convert_creds_kdc(context, id, &cred, &c); + if(ret == 0) + tf_setup(&c, c.pname, c.pinst); + memset(&c, 0, sizeof(c)); + krb5_free_creds_contents(context, &cred); + } + krb5_free_principal(context, mcred.server); + } + if (k_hasafs()) + krb5_afslog(context, id, NULL, NULL); +#endif + return 0; + } + if (ret != KRB5KRB_AP_ERR_MODIFIED) + krb5_warn(context, ret, "verify_krb5"); + + return -1; +} +#endif + +static int +verify(char *password) +{ + int ret; + + /* + * First try with root password, if allowed. + */ + if ( appres.accept_root + && strcmp(crypt(password, root_cpass), root_cpass) == 0) + return 0; + + /* + * Password that log out user + */ + if (getuid() != 0 && + geteuid() != 0 && + (time(0) - locked_at) > ALLOW_LOGOUT && + strcmp(crypt(password, appres.logoutPasswd), appres.logoutPasswd) == 0) + { + signal(SIGHUP, SIG_IGN); + kill(-1, SIGHUP); + sleep(5); + /* If the X-server shut down then so will we, else + * continue */ + signal(SIGHUP, SIG_DFL); + } + + /* + * Try copy of users password. + */ + if (strcmp(crypt(password, user_cpass), user_cpass) == 0) + return 0; + + /* + * Try to verify as user in case password change. + */ + if (unix_verify_user(login, password) == 0) + return 0; + +#ifdef KRB5 + /* + * Try to verify as user with kerberos 5. + */ + if(verify_krb5(password) == 0) + return 0; +#endif + +#ifdef KRB4 + /* + * Try to verify as user with kerberos 4. + */ + ret = krb_verify_user(name, inst, realm, password, + KRB_VERIFY_NOT_SECURE, NULL); + if (ret == KSUCCESS){ + if (k_hasafs()) + krb_afslog(NULL, NULL); + return 0; + } + if (ret != INTK_BADPW) + warnx ("warning: %s", + (ret < 0) ? strerror(ret) : krb_get_err_text(ret)); +#endif + + return -1; +} + + +static void +GetPasswd(Widget w, XEvent *_event, String *_s, Cardinal *_n) +{ + XKeyEvent *event = (XKeyEvent *)_event; + static char passwd[MAX_PASSWD_LENGTH]; + static int cnt; + static int is_ctrl = XNLOCK_NOCTRL; + char c; + KeySym keysym; + int echolen; + int old_state = state; + + if (event->type == ButtonPress) { + x = event->x, y = event->y; + return; + } + if (state == IS_MOVING) { + /* guy is running around--change to post prompt box. */ + XtRemoveTimeOut(timeout_id); + state = GET_PASSWD; + if (appres.ignore_passwd || !strlen(user_cpass)) + leave(); + post_prompt_box(XtWindow(w)); + cnt = 0; + time_left = 30; + countdown((XtPointer)&time_left, 0); + } + if (event->type == KeyRelease) { + keysym = XLookupKeysym(event, 0); + if (keysym == XK_Control_L || keysym == XK_Control_R) { + is_ctrl = XNLOCK_NOCTRL; + } + } + if (event->type != KeyPress) + return; + + time_left = 30; + + keysym = XLookupKeysym(event, 0); + if (keysym == XK_Control_L || keysym == XK_Control_R) { + is_ctrl = XNLOCK_CTRL; + return; + } + if (!XLookupString(event, &c, 1, &keysym, 0)) + return; + if (keysym == XK_Return || keysym == XK_Linefeed) { + passwd[cnt] = 0; + if(old_state == IS_MOVING) + return; + XtRemoveTimeOut(timeout_id); + + if(verify(passwd) == 0) + leave(); + + cnt = 0; + + XDrawImageString(dpy, XtWindow(widget), gc, + time_x, time_y, FAIL_MSG, strlen(FAIL_MSG)); + time_left = 0; + timeout_id = XtAppAddTimeOut(app, 2000L, countdown, &time_left); + return; + } + if (keysym == XK_BackSpace || keysym == XK_Delete || keysym == XK_Left) { + if (cnt) + passwd[cnt--] = ' '; + } else if (keysym == XK_u && is_ctrl == XNLOCK_CTRL) { + while (cnt) { + passwd[cnt--] = ' '; + echolen = min(cnt, STRING_LENGTH); + XDrawImageString(dpy, XtWindow(w), gc, + prompt_x, prompt_y, STRING, echolen); + XDrawImageString(dpy, XtWindow(w), gc, + prompt_x + XTextWidth(font, STRING, echolen), + prompt_y, SPACE_STRING, STRING_LENGTH - echolen + 1); + } + } else if (isprint(c)) { + if ((cnt + 1) >= MAX_PASSWD_LENGTH) + XBell(dpy, 50); + else + passwd[cnt++] = c; + } else + return; + echolen = min(cnt, STRING_LENGTH); + XDrawImageString(dpy, XtWindow(w), gc, + prompt_x, prompt_y, STRING, echolen); + XDrawImageString(dpy, XtWindow(w), gc, + prompt_x + XTextWidth(font, STRING, echolen), + prompt_y, SPACE_STRING, STRING_LENGTH - echolen +1); +} + +#include "nose.0.left" +#include "nose.1.left" +#include "nose.0.right" +#include "nose.1.right" +#include "nose.left.front" +#include "nose.right.front" +#include "nose.front" +#include "nose.down" + +static void +init_images(void) +{ + static Pixmap *images[] = { + &left0, &left1, &right0, &right1, + &left_front, &right_front, &front, &down + }; + static unsigned char *bits[] = { + nose_0_left_bits, nose_1_left_bits, nose_0_right_bits, + nose_1_right_bits, nose_left_front_bits, nose_right_front_bits, + nose_front_bits, nose_down_bits + }; + int i; + + for (i = 0; i < XtNumber(images); i++) + if (!(*images[i] = + XCreatePixmapFromBitmapData(dpy, DefaultRootWindow(dpy), + (char*)(bits[i]), 64, 64, 1, 0, 1))) + XtError("Can't load nose images"); +} + +static void +talk(int force_erase) +{ + int width = 0, height, Z, total = 0; + static int X, Y, talking; + static struct { int x, y, width, height; } s_rect; + char *p, *p2; + char buf[BUFSIZ], args[MAXLINES][256]; + + /* clear what we've written */ + if (talking || force_erase) { + if (!talking) + return; + if (talking == 2) { + XSetForeground(dpy, gc, Black); + XDrawString(dpy, XtWindow(widget), gc, X, Y, words, strlen(words)); + } else if (talking == 1) { + XSetForeground(dpy, gc, Black); + XFillRectangle(dpy, XtWindow(widget), gc, s_rect.x-5, s_rect.y-5, + s_rect.width+10, s_rect.height+10); + } + talking = 0; + if (!force_erase) + timeout_id = XtAppAddTimeOut(app, 40L, + (XtTimerCallbackProc)move, + NULL); + return; + } + XSetForeground(dpy, gc, White); + talking = 1; + walk(FRONT); + strlcpy (buf, words, sizeof(buf)); + p = buf; + + /* possibly avoid a lot of work here + * if no CR or only one, then just print the line + */ + if (!(p2 = strchr(p, '\n')) || !p2[1]) { + int w; + + if (p2) + *p2 = 0; + w = XTextWidth(font, words, strlen(words)); + X = x + 32 - w/2; + Y = y - 5 - font_height(font); + /* give us a nice 5 pixel margin */ + if (X < 5) + X = 5; + else if (X + w + 15 > (int)Width + 5) + X = Width - w - 5; + if (Y < 5) + Y = y + 64 + 5 + font_height(font); + XDrawString(dpy, XtWindow(widget), gc, X, Y, words, strlen(words)); + timeout_id = XtAppAddTimeOut(app, 5000L, (XtTimerCallbackProc)talk, + NULL); + talking++; + return; + } + + /* p2 now points to the first '\n' */ + for (height = 0; p; height++) { + int w; + *p2 = 0; + if ((w = XTextWidth(font, p, p2 - p)) > width) + width = w; + total += p2 - p; /* total chars; count to determine reading time */ + strlcpy(args[height], p, sizeof(args[height])); + if (height == MAXLINES - 1) { + puts("Message too long!"); + break; + } + p = p2+1; + if (!(p2 = strchr(p, '\n'))) + break; + } + height++; + + /* Figure out the height and width in pixels (height, width) extend + * the new box by 15 pixels on the sides (30 total) top and bottom. + */ + s_rect.width = width + 30; + s_rect.height = height * font_height(font) + 30; + if (x - s_rect.width - 10 < 5) + s_rect.x = 5; + else + if ((s_rect.x = x+32-(s_rect.width+15)/2) + + s_rect.width+15 > (int)Width-5) + s_rect.x = Width - 15 - s_rect.width; + if (y - s_rect.height - 10 < 5) + s_rect.y = y + 64 + 5; + else + s_rect.y = y - 5 - s_rect.height; + + XSetForeground(dpy, gc, White); + XFillRectangle(dpy, XtWindow(widget), gc, + s_rect.x-5, s_rect.y-5, s_rect.width+10, s_rect.height+10); + + /* make a box that's 5 pixels thick. Then add a thin box inside it */ + XSetForeground(dpy, gc, Black); + XSetLineAttributes(dpy, gc, 5, 0, 0, 0); + XDrawRectangle(dpy, XtWindow(widget), gc, + s_rect.x, s_rect.y, s_rect.width-1, s_rect.height-1); + XSetLineAttributes(dpy, gc, 0, 0, 0, 0); + XDrawRectangle(dpy, XtWindow(widget), gc, + s_rect.x + 7, s_rect.y + 7, s_rect.width - 15, + s_rect.height - 15); + + X = 15; + Y = 15 + font_height(font); + + /* now print each string in reverse order (start at bottom of box) */ + for (Z = 0; Z < height; Z++) { + XDrawString(dpy, XtWindow(widget), gc, s_rect.x+X, s_rect.y+Y, + args[Z], strlen(args[Z])); + Y += font_height(font); + } + timeout_id = XtAppAddTimeOut(app, (total/15) * 1000, + (XtTimerCallbackProc)talk, NULL); +} + +static unsigned long +look(void) +{ + XSetForeground(dpy, gc, White); + XSetBackground(dpy, gc, Black); + if (rand() % 3) { + XCopyPlane(dpy, (rand() & 1)? down : front, XtWindow(widget), gc, + 0, 0, 64,64, x, y, 1L); + return 1000L; + } + if (!(rand() % 5)) + return 0; + if (rand() % 3) { + XCopyPlane(dpy, (rand() & 1)? left_front : right_front, + XtWindow(widget), gc, 0, 0, 64,64, x, y, 1L); + return 1000L; + } + if (!(rand() % 5)) + return 0; + XCopyPlane(dpy, (rand() & 1)? left0 : right0, XtWindow(widget), gc, + 0, 0, 64,64, x, y, 1L); + return 1000L; +} + +int +main (int argc, char **argv) +{ + int i; + Widget override; + XGCValues gcvalues; + + setprogname (argv[0]); + + /* + * Must be setuid root to read /etc/shadow, copy encrypted + * passwords here and then switch to sane uid. + */ + { + struct passwd *pw; + uid_t uid = getuid(); + if (!(pw = k_getpwuid(0))) + errx (1, "can't get root's passwd!"); + strlcpy(root_cpass, pw->pw_passwd, sizeof(root_cpass)); + + if (!(pw = k_getpwuid(uid))) + errx (1, "Can't get your password entry!"); + strlcpy(user_cpass, pw->pw_passwd, sizeof(user_cpass)); + setuid(uid); + if (uid != 0 && setuid(0) != -1) { + fprintf(stderr, "Failed to drop privileges!\n"); + exit(1); + } + /* Now we're no longer running setuid root. */ + strlcpy(login, pw->pw_name, sizeof(login)); + } + + srand(getpid()); + for (i = 0; i < STRING_LENGTH; i++) + STRING[i] = ((unsigned long)rand() % ('~' - ' ')) + ' '; + + locked_at = time(0); + + snprintf(userprompt, sizeof(userprompt), "User: %s", login); +#ifdef KRB4 + krb_get_default_principal(name, inst, realm); + snprintf(userprompt, sizeof(userprompt), "User: %s", + krb_unparse_name_long(name, inst, realm)); +#endif +#ifdef KRB5 + { + krb5_error_code ret; + char *str; + + ret = krb5_init_context(&context); + if (ret) + errx (1, "krb5_init_context failed: %d", ret); + krb5_get_default_principal(context, &client); + krb5_unparse_name(context, client, &str); + snprintf(userprompt, sizeof(userprompt), "User: %s", str); + free(str); + } +#endif + + override = XtVaAppInitialize(&app, "XNlock", options, XtNumber(options), + (Cardinal*)&argc, argv, NULL, + XtNoverrideRedirect, True, + NULL); + + XtVaGetApplicationResources(override,(XtPointer)&appres, + resources,XtNumber(resources), + NULL); + /* the background is black and the little guy is white */ + Black = appres.bg; + White = appres.fg; + + if (appres.destroytickets) { +#ifdef KRB4 + int fd; + + dest_tkt(); /* Nuke old ticket file */ + /* but keep a place holder */ + fd = open (TKT_FILE, O_WRONLY | O_CREAT | O_EXCL, 0600); + if (fd >= 0) + close (fd); +#endif + } + + dpy = XtDisplay(override); + + if (dpy == 0) + errx (1, "Error: Can't open display"); + + Width = DisplayWidth(dpy, DefaultScreen(dpy)) + 2; + Height = DisplayHeight(dpy, DefaultScreen(dpy)) + 2; + + for(i = 0; i < ScreenCount(dpy); i++){ + Widget shell, core; + + struct xxx{ + Pixel bg; + }res; + + XtResource Res[] = { + { XtNbackground, XtCBackground, XtRPixel, sizeof(Pixel), + XtOffsetOf(struct xxx, bg), XtRString, "black" } + }; + + if(i == DefaultScreen(dpy)) + continue; + + shell = XtVaAppCreateShell(NULL,NULL, applicationShellWidgetClass, dpy, + XtNscreen, ScreenOfDisplay(dpy, i), + XtNoverrideRedirect, True, + XtNx, -1, + XtNy, -1, + NULL); + + XtVaGetApplicationResources(shell, (XtPointer)&res, + Res, XtNumber(Res), + NULL); + + core = XtVaCreateManagedWidget("_foo", widgetClass, shell, + XtNwidth, DisplayWidth(dpy, i), + XtNheight, DisplayHeight(dpy, i), + XtNbackground, res.bg, + NULL); + XtRealizeWidget(shell); + } + + widget = XtVaCreateManagedWidget("_foo", widgetClass, override, + XtNwidth, Width, + XtNheight, Height, + XtNbackground, Black, + NULL); + + init_words(--argc, ++argv); + init_images(); + + gcvalues.foreground = Black; + gcvalues.background = White; + + + font = appres.font; + gcvalues.font = font->fid; + gcvalues.graphics_exposures = False; + gc = XCreateGC(dpy, DefaultRootWindow(dpy), + GCForeground | GCBackground | GCGraphicsExposures | GCFont, + &gcvalues); + + x = Width / 2; + y = Height / 2; + srand (time(0)); + state = IS_MOVING; + + { + static XtActionsRec actions[] = { + { "ClearWindow", ClearWindow }, + { "GetPasswd", GetPasswd }, + { "RaiseWindow", RaiseWindow }, + }; + XtAppAddActions(app, actions, XtNumber(actions)); + XtOverrideTranslations(widget, + XtParseTranslationTable( + "<Expose>: ClearWindow() \n" + "<BtnDown>: GetPasswd() \n" + "<Visible>: RaiseWindow() \n" + "<KeyRelease>: GetPasswd() \n" + "<KeyPress>: GetPasswd()")); + } + + XtRealizeWidget(override); + if((i = XGrabPointer(dpy, XtWindow(widget), True, 0, GrabModeAsync, + GrabModeAsync, XtWindow(widget), + None, CurrentTime)) != 0) + errx(1, "Failed to grab pointer (%d)", i); + + if((i = XGrabKeyboard(dpy, XtWindow(widget), True, GrabModeAsync, + GrabModeAsync, CurrentTime)) != 0) + errx(1, "Failed to grab keyboard (%d)", i); + ScreenSaver(1); + XtAppMainLoop(app); + exit(0); +} + diff --git a/crypto/heimdal/appl/xnlock/xnlock.cat1 b/crypto/heimdal/appl/xnlock/xnlock.cat1 new file mode 100644 index 0000000..dde8eef --- /dev/null +++ b/crypto/heimdal/appl/xnlock/xnlock.cat1 @@ -0,0 +1,132 @@ + + + +XNLOCK(1L) XNLOCK(1L) + + + +NAME + xnlock - amusing lock screen program with message for passers-by + +SYNOPSIS + xxnnlloocckk [ _o_p_t_i_o_n_s ] [ _m_e_s_s_a_g_e ] + +DESCRIPTION + _x_n_l_o_c_k is a program that acts as a screen saver for workstations running + X11. It also "locks" the screen such that the workstation can be left + unattended without worry that someone else will walk up to it and mess + everything up. When _x_n_l_o_c_k is running, a little man with a big nose and a + hat runs around spewing out messages to the screen. By default, the mes- + sages are "humorous", but that depends on your sense of humor. + + If a key or mouse button is pressed, a prompt is printed requesting the + user's password. If a RETURN is not typed within 30 seconds, the little + man resumes running around. + + Text on the command line is used as the message. For example: + % xnlock I'm out to lunch for a couple of hours. + Note the need to quote shell metacharacters. + + In the absence of flags or text, _x_n_l_o_c_k displays random fortunes. + +OPTIONS + Command line options override all resource specifications. All arguments + that are not associated with a command line option is taken to be message + text that the little man will "say" every once in a while. The resource + xxnnlloocckk..tteexxtt may be set to a string. + + --ffnn _f_o_n_t_n_a_m_e + The default font is the first 18 point font in the _n_e_w _c_e_n_t_u_r_y _s_c_h_o_o_l_- + _b_o_o_k family. While larger fonts are recokmmended over smaller ones, + any font in the server's font list will work. The resource to use for + this option is xxnnlloocckk..ffoonntt. + + --ffiilleennaammee _f_i_l_e_n_a_m_e + Take the message to be displayed from the file _f_i_l_e_n_a_m_e. If _f_i_l_e_n_a_m_e + is not specified, _$_H_O_M_E_/_._m_s_g_f_i_l_e is used. If the contents of the file + are changed during runtime, the most recent text of the file is used + (allowing the displayed message to be altered remotely). Carriage + returns within the text are allowed, but tabs or other control charac- + ters are not translated and should not be used. The resource avail- + able for this option is xxnnlloocckk..ffiillee. + + --aarr Accept root's password to unlock screen. This option is true by + default. The reason for this is so that someone's screen may be + unlocked by autorized users in case of emergency and the person run- + ning the program is still out to lunch. The resource available for + specifying this option is xxnnlloocckk..aacccceeppttRRoooottPPaasssswwdd. + + --nnooaarr + Don't accept root's password. This option is for paranoids who fear + their peers might breakin using root's password and remove their files + anyway. Specifying this option on the command line overrides the + xxnnlloocckk..aacccceeppttRRoooottPPaasssswwdd if set to True. + + --iipp Ignore password prompt. The resource available for this option is + xxnnlloocckk..iiggnnoorreePPaasssswwdd. + + --nnooiipp + Don't ignore password prompt. This is available in order to override + the resource iiggnnoorreePPaasssswwdd if set to True. + + --ffgg _c_o_l_o_r + Specifies the foreground color. The resource available for this is + xxnnlloocckk..ffoorreeggrroouunndd. + + --bbgg _c_o_l_o_r + Specifies the background color. The resource available for this is + xxnnlloocckk..bbaacckkggrroouunndd. + + --rrvv Reverse the foreground and background colors. The resource for this + is xxvvnnlloocckk..rreevveerrsseeVViiddeeoo. + + --nnoorrvv + Don't use reverse video. This is available to override the reverseV- + ideo resource if set to True. + + --pprroogg _p_r_o_g_r_a_m + Receive message text from the running program _p_r_o_g_r_a_m. If there are + arguments to _p_r_o_g_r_a_m, encase them with the name of the program in + quotes (e.g. xnlock -t "fortune -o"). The resource for this is + xxnnlloocckk..pprrooggrraamm. + +RESOURCES + xnlock.font: fontname + xnlock.foreground: color + xnlock.background: color + xnlock.reverseVideo: True/False + xnlock.text: Some random text string + xnlock.program: program [args] + xnlock.ignorePasswd: True/False + xnlock.acceptRootPasswd: True/False + +FILES + _x_n_l_o_c_k executable file + ~/.msgfile default message file + +AUTHOR + Dan Heller <argv@sun.com> Copyright (c) 1985, 1990. + The original version of this program was written using pixrects on a Sun 2 + running SunOS 1.1. + + + + + + + + + + + + + + + + + + + + + + |