diff options
author | markm <markm@FreeBSD.org> | 2003-03-08 12:55:48 +0000 |
---|---|---|
committer | markm <markm@FreeBSD.org> | 2003-03-08 12:55:48 +0000 |
commit | 508deb59f881236ef37872f9bd311690d6f5a52f (patch) | |
tree | 5248199756c9c4bedc55a990ad63d4d2cb595d51 /crypto/kerberosIV/appl/kip | |
parent | 98c95b963a4c3a3fc5d30f7a902a7f28f001b2b8 (diff) | |
download | FreeBSD-src-508deb59f881236ef37872f9bd311690d6f5a52f.zip FreeBSD-src-508deb59f881236ef37872f9bd311690d6f5a52f.tar.gz |
KerberosIV deorbit sequence: Re-entry. Thank you, faithful friend.
Enjoy your retirement in ports.
Diffstat (limited to 'crypto/kerberosIV/appl/kip')
-rw-r--r-- | crypto/kerberosIV/appl/kip/Makefile.in | 110 | ||||
-rw-r--r-- | crypto/kerberosIV/appl/kip/common.c | 302 | ||||
-rw-r--r-- | crypto/kerberosIV/appl/kip/kip-join-network.in | 53 | ||||
-rw-r--r-- | crypto/kerberosIV/appl/kip/kip.c | 261 | ||||
-rw-r--r-- | crypto/kerberosIV/appl/kip/kip.h | 122 | ||||
-rw-r--r-- | crypto/kerberosIV/appl/kip/kipd-control.in | 54 | ||||
-rw-r--r-- | crypto/kerberosIV/appl/kip/kipd.c | 204 |
7 files changed, 0 insertions, 1106 deletions
diff --git a/crypto/kerberosIV/appl/kip/Makefile.in b/crypto/kerberosIV/appl/kip/Makefile.in deleted file mode 100644 index 16ed049..0000000 --- a/crypto/kerberosIV/appl/kip/Makefile.in +++ /dev/null @@ -1,110 +0,0 @@ -# $Id: Makefile.in,v 1.18.4.1 2000/06/23 02:54:59 assar Exp $ - -SHELL = /bin/sh - -srcdir = @srcdir@ -VPATH = @srcdir@ - -CC = @CC@ -LINK = @LINK@ -AR = ar -DEFS = @DEFS@ -DLIBEXECDIR="\"$(libexecdir)\"" -CFLAGS = @CFLAGS@ $(WFLAGS) -WFLAGS = @WFLAGS@ -LD_FLAGS = @LD_FLAGS@ -INSTALL = @INSTALL@ -INSTALL_PROGRAM = @INSTALL_PROGRAM@ -INSTALL_SCRIPT = @INSTALL_SCRIPT@ -LIBS = @LIBS@ -MKINSTALLDIRS = @top_srcdir@/mkinstalldirs - -prefix = @prefix@ -exec_prefix = @exec_prefix@ -libexecdir = @libexecdir@ -libdir = @libdir@ -bindir = @bindir@ -transform=@program_transform_name@ -EXECSUFFIX=@EXECSUFFIX@ - -PROG_BIN = kip$(EXECSUFFIX) -PROG_LIBEXEC = kipd$(EXECSUFFIX) -SCRIPT_LIBEXEC = kip-join-network kipd-control -PROGS = $(PROG_BIN) $(PROG_LIBEXEC) $(SCRIPT_LIBEXEC) - -SOURCES_KIP = kip.c -SOURCES_KIPD = kipd.c -SOURCES_COMMON = common.c - -OBJECTS_KIP = kip.o common.o -OBJECTS_KIPD = kipd.o common.o - -OBJECTS = $(OBJECTS_KIP) $(OBJECTS_KIPD) -SOURCES = $(SOURCES_KIP) $(SOURCES_KIPD) $(SOURCES_COMMON) - -all: $(PROGS) - -Wall: - make CFLAGS="-g -Wall -Wno-comment -Wmissing-prototypes -Wmissing-declarations -D__USE_FIXED_PROTOTYPES__" - -.c.o: - $(CC) -c $(DEFS) -I../../include -I$(srcdir) $(CFLAGS) $(CPPFLAGS) $< - -install: all - $(MKINSTALLDIRS) $(DESTDIR)$(bindir) $(DESTDIR)$(libexecdir) - for x in $(PROG_BIN); do \ - $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \ - done - for x in $(PROG_LIBEXEC); do \ - $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ - done - for x in $(SCRIPT_LIBEXEC); do \ - $(INSTALL_SCRIPT) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ - done - -uninstall: - for x in $(PROG_BIN); do \ - rm -f $(DESTDIR)$(bindir)/`echo $$x | sed '$(transform)'`; \ - done - for x in $(PROG_LIBEXEC); do \ - rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ - done - for x in $(SCRIPT_LIBEXEC); do \ - rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ - done - -TAGS: $(SOURCES) - etags $(SOURCES) - -check: - -clean: - rm -f *.a *.o $(PROGS) - -mostlyclean: clean - -distclean: clean - rm -f Makefile *.tab.c *~ - -realclean: distclean - rm -f TAGS - -KLIB=-L../../lib/krb -lkrb -L../../lib/des -ldes -LIBROKEN=-L../../lib/roken -lroken - -kip$(EXECSUFFIX): $(OBJECTS_KIP) - $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIP) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) - -kipd$(EXECSUFFIX): $(OBJECTS_KIPD) - $(LINK) $(LD_FLAGS) $(LDFLAGS) -o $@ $(OBJECTS_KIPD) $(KLIB) $(LIBROKEN) $(LIBS) $(LIBROKEN) - -$(OBJECTS): ../../include/config.h - -kip-join-network: kip-join-network.in - sed -e "s!%bindir%!$(bindir)!" $(srcdir)/kip-join-network.in > $@ - chmod +x $@ - -kipd-control: kipd-control.in - sed -e "s!%bindir%!$(bindir)!" $(srcdir)/kipd-control.in > $@ - chmod +x $@ - -.PHONY: all Wall install uninstall check clean mostlyclean distclean realclean diff --git a/crypto/kerberosIV/appl/kip/common.c b/crypto/kerberosIV/appl/kip/common.c deleted file mode 100644 index 4feb9c8..0000000 --- a/crypto/kerberosIV/appl/kip/common.c +++ /dev/null @@ -1,302 +0,0 @@ -/* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "kip.h" - -RCSID("$Id: common.c,v 1.13.2.4 2000/10/18 23:31:51 assar Exp $"); - -sig_atomic_t disconnect = 0; -int isserver = 0; - -/* - * Copy packets from `tundev' to `netdev' or vice versa. - * Mode is used when reading from `tundev' - */ - -int -copy_packets (int tundev, int netdev, int mtu, des_cblock *iv, - des_key_schedule schedule) -{ - des_cblock iv1, iv2; - int num1 = 0, num2 = 0; - u_char *buf; - - buf = malloc (mtu + 2); - if (buf == NULL) { - warnx("malloc(%d) failed", mtu); - return 1; - } - - memcpy (&iv1, iv, sizeof(iv1)); - memcpy (&iv2, iv, sizeof(iv2)); - while(!disconnect) { - fd_set fdset; - int ret, len; - - if (tundev >= FD_SETSIZE || netdev >= FD_SETSIZE) { - warnx ("fd too large"); - return 1; - } - - FD_ZERO(&fdset); - FD_SET(tundev, &fdset); - FD_SET(netdev, &fdset); - - ret = select (max(tundev, netdev)+1, &fdset, NULL, NULL, NULL); - if (ret < 0) { - if (errno == EINTR) - continue; - warn ("select"); - return 1; - } - if (FD_ISSET(tundev, &fdset)) { - ret = read (tundev, buf + 2, mtu); - if (ret == 0) - return 0; - if (ret < 0) { - if (errno == EINTR) - continue; - else { - warn("read"); - return ret; - } - } - buf[0] = ret >> 8; - buf[1] = ret & 0xFF; - ret += 2; - des_cfb64_encrypt (buf, buf, ret, schedule, - &iv1, &num1, DES_ENCRYPT); - ret = krb_net_write (netdev, buf, ret); - if (ret < 0) { - warn("write"); - return ret; - } - } - if (FD_ISSET(netdev, &fdset)) { - ret = read (netdev, buf, 2); - if (ret == 0) - return 0; - if (ret < 0) { - if (errno == EINTR) - continue; - else { - warn("read"); - return ret; - } - } - des_cfb64_encrypt (buf, buf, 2, schedule, - &iv2, &num2, DES_DECRYPT); - len = (buf[0] << 8 ) | buf[1]; - if (len > mtu) { - fatal (-1, "buffer too large", schedule, &iv2); - return -1; - } - - if (len == 0) { - len = read (netdev, buf, mtu); - if (len < 1) - len = 1; - buf[len-1] = '\0'; - - fatal (-1, buf, schedule, &iv2); - return -1; - } - - ret = krb_net_read (netdev, buf + 2, len); - if (ret == 0) - return 0; - if (ret < 0) { - if (errno == EINTR) - continue; - else { - warn("read"); - return ret; - } - } - des_cfb64_encrypt (buf + 2, buf + 2, len, schedule, - &iv2, &num2, DES_DECRYPT); - ret = krb_net_write (tundev, buf + 2, len); - if (ret < 0) { - warn("write"); - return ret; - } - } - } - return 0; -} - -/* - * Signal handler that justs waits for the children when they die. - */ - -RETSIGTYPE -childhandler (int sig) -{ - pid_t pid; - int status; - - do { - pid = waitpid (-1, &status, WNOHANG|WUNTRACED); - } while(pid > 0); - signal (SIGCHLD, childhandler); - SIGRETURN(0); -} - -/* - * Find a free tunnel device and open it. - * Return the interface name in `name, len'. - */ - -int -tunnel_open (char *name, size_t len) -{ - int fd; - int i; - char devname[256]; - - for (i = 0; i < 256; ++i) { - snprintf (devname, len, "%s%s%d", _PATH_DEV, TUNDEV, i); - fd = open (devname, O_RDWR, 0); - if (fd >= 0) - break; - if (errno == ENOENT || errno == ENODEV) { - warn("open %s", name); - return fd; - } - } - if (fd < 0) - warn("open %s" ,name); - else - snprintf (name, len, "%s%d", TUNDEV, i); - return fd; -} - -/* - * run the command `cmd' with (...). return 0 if succesful or error - * otherwise (and copy an error messages into `msg, len') - */ - -int -kip_exec (const char *cmd, char *msg, size_t len, ...) -{ - pid_t pid; - char **argv; - va_list ap; - - va_start(ap, len); - argv = vstrcollect(&ap); - va_end(ap); - - pid = fork(); - switch (pid) { - case -1: - snprintf (msg, len, "fork: %s", strerror(errno)); - return errno; - case 0: { - int fd = open (_PATH_DEVNULL, O_RDWR, 0600); - if (fd < 0) { - snprintf (msg, len, "open " _PATH_DEVNULL ": %s", strerror(errno)); - return errno; - } - - close (STDIN_FILENO); - close (STDOUT_FILENO); - close (STDERR_FILENO); - - dup2 (fd, STDIN_FILENO); - dup2 (fd, STDOUT_FILENO); - dup2 (fd, STDERR_FILENO); - - execvp (cmd, argv); - snprintf (msg, len, "execvp %s: %s", cmd, strerror(errno)); - return errno; - } - default: { - int status; - - while (waitpid(pid, &status, 0) < 0) - if (errno != EINTR) { - snprintf (msg, len, "waitpid: %s", strerror(errno)); - return errno; - } - - if (WIFEXITED(status)) { - if (WEXITSTATUS(status) == 0) { - return 0; - } else { - snprintf (msg, len, "child returned with %d", - WEXITSTATUS(status)); - return 1; - } - } else if (WIFSIGNALED(status)) { -#ifndef WCOREDUMP -#define WCOREDUMP(X) 0 -#endif - snprintf (msg, len, "terminated by signal num %d %s", - WTERMSIG(status), - WCOREDUMP(status) ? " coredumped" : ""); - return 1; - } else if (WIFSTOPPED(status)) { - snprintf (msg, len, "process stoped by signal %d", - WSTOPSIG(status)); - return 1; - } else { - snprintf (msg, len, "child died in mysterious circumstances"); - return 1; - } - } - } -} - -/* - * fatal error `s' occured. - */ - -void -fatal (int fd, const char *s, des_key_schedule schedule, des_cblock *iv) -{ - int16_t err = 0; - int num = 0; - - if (fd != -1) { - des_cfb64_encrypt ((unsigned char*) &err, (unsigned char*) &err, - sizeof(err), schedule, iv, &num, DES_ENCRYPT); - - write (fd, &err, sizeof(err)); - write (fd, s, strlen(s)+1); - } - if (isserver) - syslog(LOG_ERR, "%s", s); - else - warnx ("fatal error: %s", s); -} diff --git a/crypto/kerberosIV/appl/kip/kip-join-network.in b/crypto/kerberosIV/appl/kip/kip-join-network.in deleted file mode 100644 index c105fe6..0000000 --- a/crypto/kerberosIV/appl/kip/kip-join-network.in +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/sh -# $Id$ -# -# Join a network, see kipd-control from more comments. -# - -PATH=/usr/sbin:/sbin:/usr/bin:/bin:%bindir% - -endpointhost=130.237.43.201 -thispointhost=130.237.43.17 -fakepoint=10.0.0.1 -dev=tun0 - -case $# in - 0) - modprobe tun - def=$(route -n | awk '$1 ~ /0.0.0.0/ && $3 ~ /0.0.0.0/ { print $2 }') - - if test "X$def" = "X" ; then - echo "missing default route" - exit 1 - fi - - exec kip -c $0 -a $def $endpointhost - ;; - *) - state=$1 - dev=$2 - host=$3 - arg=$4 - case $state in - up) - ifconfig $dev $thispointhost pointopoint $fakepoint - route delete default - - route add -host $endpointhost gw $arg - route add default gw $fakepoint - ;; - down) - - echo $dev $arg > /tmp/kip-down - - ifconfig $dev down - - route delete default - route delete $endpointhost - route add default gw $arg - ;; - *) - exit 17 - ;; - esac -esac diff --git a/crypto/kerberosIV/appl/kip/kip.c b/crypto/kerberosIV/appl/kip/kip.c deleted file mode 100644 index 55b6032..0000000 --- a/crypto/kerberosIV/appl/kip/kip.c +++ /dev/null @@ -1,261 +0,0 @@ -/* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "kip.h" - -RCSID("$Id: kip.c,v 1.18.2.1 2000/06/23 02:55:01 assar Exp $"); - -static char *cmd_str = NULL; -static char *arg_str = NULL; -static char *port_str = NULL; -static int version_flag = 0; -static int help_flag = 0; - -struct getargs args[] = { - { "port", 'p', arg_string, &port_str, "Use this port", - "port" }, - { "cmd", 'c', arg_string, &cmd_str, - "command to run when starting", "cmd"}, - { "arg", 'a', arg_string, &arg_str, - "argument to above command", "arg"}, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } -}; - - -static RETSIGTYPE -disconnecthandler (int sig) -{ - disconnect = 1; - SIGRETURN(0); -} - -/* - * Establish authenticated connection - */ - -static int -connect_host (char *host, int port, - des_cblock *key, des_key_schedule schedule) -{ - CREDENTIALS cred; - KTEXT_ST text; - MSG_DAT msg; - int status; - struct sockaddr_in thisaddr, thataddr; - int addrlen; - struct hostent *hostent; - int s; - u_char b; - char **p; - - hostent = gethostbyname (host); - if (hostent == NULL) { - warnx ("gethostbyname '%s': %s", host, - hstrerror(h_errno)); - return -1; - } - - memset (&thataddr, 0, sizeof(thataddr)); - thataddr.sin_family = AF_INET; - thataddr.sin_port = port; - - for(p = hostent->h_addr_list; *p; ++p) { - memcpy (&thataddr.sin_addr, *p, sizeof(thataddr.sin_addr)); - - s = socket (AF_INET, SOCK_STREAM, 0); - if (s < 0) { - warn ("socket"); - return -1; - } - -#if defined(TCP_NODELAY) && defined(HAVE_SETSOCKOPT) - { - int one = 1; - - setsockopt (s, IPPROTO_TCP, TCP_NODELAY, - (void *)&one, sizeof(one)); - } -#endif - - if (connect (s, (struct sockaddr *)&thataddr, sizeof(thataddr)) < 0) { - warn ("connect(%s)", host); - close (s); - continue; - } else { - break; - } - } - if (*p == NULL) - return -1; - - addrlen = sizeof(thisaddr); - if (getsockname (s, (struct sockaddr *)&thisaddr, &addrlen) < 0 || - addrlen != sizeof(thisaddr)) { - warn ("getsockname(%s)", host); - return -1; - } - status = krb_sendauth (KOPT_DO_MUTUAL, s, &text, "rcmd", - host, krb_realmofhost (host), - getpid(), &msg, &cred, schedule, - &thisaddr, &thataddr, KIP_VERSION); - if (status != KSUCCESS) { - warnx("%s: %s", host, - krb_get_err_text(status)); - return -1; - } - if (read (s, &b, sizeof(b)) != sizeof(b)) { - warn ("read"); - return -1; - } - if (b) { - char buf[BUFSIZ]; - - read (s, buf, sizeof(buf)); - buf[BUFSIZ - 1] = '\0'; - - warnx ("%s: %s", host, buf); - return -1; - } - - memcpy(key, &cred.session, sizeof(des_cblock)); - return s; -} - -/* - * Connect to the given host. - */ - -static int -doit (char *host, int port) -{ - char tun_if_name[64]; - des_key_schedule schedule; - des_cblock iv; - int other, this, ret; - - other = connect_host (host, port, &iv, schedule); - if (other < 0) - return 1; - this = tunnel_open (tun_if_name, sizeof(tun_if_name)); - if (this < 0) - return 1; - - if (cmd_str) { - char buf[1024]; - ret = kip_exec (cmd_str, buf, sizeof(buf), - "kip-control", "up", tun_if_name, host, arg_str, - NULL); - if (ret) - errx (1, "%s (up) failed: %s", cmd_str, buf); - } - - ret = copy_packets (this, other, TUNMTU, &iv, schedule); - - if (cmd_str) { - char buf[1024]; - ret = kip_exec (cmd_str, buf, sizeof(buf), - "kip-control", "down", tun_if_name, host, arg_str, - NULL); - if (ret) - errx (1, "%s (down) failed: %s", cmd_str, buf); - } - return 0; -} - -static void -usage(int ret) -{ - arg_printusage (args, - sizeof(args) / sizeof(args[0]), - NULL, - "hostname"); - exit (ret); -} - -/* - * kip - forward IP packets over a kerberos-encrypted channel. - * - */ - -int -main(int argc, char **argv) -{ - int port; - int optind = 0; - char *hostname; - - set_progname (argv[0]); - if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, - &optind)) - usage (1); - - if (help_flag) - usage (0); - - if (version_flag) { - print_version (NULL); - return 0; - } - - argv += optind; - argc -= optind; - - if (argc != 1) - usage (1); - - hostname = argv[0]; - - if(port_str) { - struct servent *s = roken_getservbyname (port_str, "tcp"); - - if (s) - port = s->s_port; - else { - char *ptr; - - port = strtol (port_str, &ptr, 10); - if (port == 0 && ptr == port_str) - errx (1, "bad port `%s'", port_str); - port = htons(port); - } - } else { - port = k_getportbyname ("kip", "tcp", htons(KIPPORT)); - } - - signal (SIGCHLD, childhandler); - signal (SIGHUP, disconnecthandler); - signal (SIGTERM, disconnecthandler); - - return doit (hostname, port); -} diff --git a/crypto/kerberosIV/appl/kip/kip.h b/crypto/kerberosIV/appl/kip/kip.h deleted file mode 100644 index 7bfc5f1..0000000 --- a/crypto/kerberosIV/appl/kip/kip.h +++ /dev/null @@ -1,122 +0,0 @@ -/* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* $Id: kip.h,v 1.18.2.1 2000/06/23 02:55:01 assar Exp $ */ - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif /* HAVE_CONFIG_H */ - -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> -#include <errno.h> -#include <pwd.h> -#include <signal.h> -#include <fcntl.h> -#ifdef HAVE_SYSLOG_H -#include <syslog.h> -#endif -#include <sys/types.h> -#ifdef TIME_WITH_SYS_TIME -#include <sys/time.h> -#include <time.h> -#elif defined(HAVE_SYS_TIME_H) -#include <sys/time.h> -#else -#include <time.h> -#endif -#ifdef HAVE_SYS_RESOURCE_H -#include <sys/resource.h> -#endif -#ifdef HAVE_SYS_SELECT_H -#include <sys/select.h> -#endif -#include <sys/wait.h> -#include <sys/stat.h> -#include <sys/socket.h> -#include <netinet/in.h> -#ifdef HAVE_NETINET_TCP_H -#include <netinet/tcp.h> -#endif -#include <netdb.h> -#ifdef HAVE_SYS_SOCKIO_H -#include <sys/sockio.h> -#endif -#include <net/if.h> -#ifdef HAVE_NET_IF_VAR_H -#include <net/if_var.h> -#endif -#ifdef HAVE_NET_IF_TUN_H -#include <net/if_tun.h> -#endif -#include <err.h> - -#include <getarg.h> - -#ifdef SOCKS -#include <socks.h> -#endif - -#include <krb.h> - -#include <roken.h> - -#define TUNDEV "tun" - -#ifndef TUNMTU -#define TUNMTU 1500 /* everything is ethernet :) */ -#endif - -#define KIPPORT 2112 - -#define KIP_VERSION "KIPSRV.0" - -int -copy_packets (int tundev, int netdev, int mtu, des_cblock *iv, - des_key_schedule schedule); - -RETSIGTYPE childhandler (int); - -extern sig_atomic_t disconnect; -extern int isserver; - -int -tunnel_open (char *, size_t); - -void -fatal (int fd, const char *s, des_key_schedule schedule, des_cblock *iv); - -int -kip_exec (const char *cmd, char *msg, size_t len, ...); diff --git a/crypto/kerberosIV/appl/kip/kipd-control.in b/crypto/kerberosIV/appl/kip/kipd-control.in deleted file mode 100644 index 8fb0e9b..0000000 --- a/crypto/kerberosIV/appl/kip/kipd-control.in +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh -# -# $Id$ -# -# Simple example how you can missuse kip to provide "mobile-ip". -# This is since there is no way to tunnel ip over udp or any other -# protocol. There is also problems to get thru firewalls and NATs -# with mobile-ip since (today) they usully doesn't support IPIP or -# GRE. -# -# All commands are for linux (redhat6.1) but it should be quite -# simple to fix it to support other OS. -# - -PATH=/sbin:/usr/sbin:/usr/bin:/bin - -# arguments are: [up|down] dev remote-peer-addr user - -state=$1 -dev=$2 -remote=$3 -user=$4 - -outdevice=eth0 - -case "$state" in - up) - case "$user" in - lha.root@E.KTH.SE) - ifconfig $dev 10.0.0.1 pointopoint 130.237.43.17 - route add -host 130.237.43.17 gw 10.0.0.1 - arp -H ether -i $outdevice \ - -s 130.237.43.17 00:80:c8:82:83:61 pub - ;; - esac - ;; - down) - case "$user" in - lha.root@E.KTH.SE) - ifconfig $dev 0.0.0.0 - ifconfig $dev down - arp -i $outdevice -d 130.237.43.17 - arp -d 130.237.43.17 - true - ;; - *) - ifconfig $dev down - ;; - esac - ;; - *) - exit 17 - ;; -esac diff --git a/crypto/kerberosIV/appl/kip/kipd.c b/crypto/kerberosIV/appl/kip/kipd.c deleted file mode 100644 index 0bbf06b..0000000 --- a/crypto/kerberosIV/appl/kip/kipd.c +++ /dev/null @@ -1,204 +0,0 @@ -/* $FreeBSD$ */ - -/* - * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan - * (Royal Institute of Technology, Stockholm, Sweden). - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of the Institute nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "kip.h" - -RCSID("$Id: kipd.c,v 1.16.2.3 2000/10/18 20:46:45 assar Exp $"); - -static int -recv_conn (int sock, des_cblock *key, des_key_schedule schedule, - struct sockaddr_in *retaddr, char *user, size_t len) -{ - int status; - KTEXT_ST ticket; - AUTH_DAT auth; - char instance[INST_SZ]; - struct sockaddr_in thisaddr, thataddr; - int addrlen; - char version[KRB_SENDAUTH_VLEN + 1]; - u_char ok = 0; - struct passwd *passwd; - - addrlen = sizeof(thisaddr); - if (getsockname (sock, (struct sockaddr *)&thisaddr, &addrlen) < 0 || - addrlen != sizeof(thisaddr)) { - return 1; - } - addrlen = sizeof(thataddr); - if (getpeername (sock, (struct sockaddr *)&thataddr, &addrlen) < 0 || - addrlen != sizeof(thataddr)) { - return 1; - } - - k_getsockinst (sock, instance, sizeof(instance)); - status = krb_recvauth (KOPT_DO_MUTUAL, sock, &ticket, "rcmd", instance, - &thataddr, &thisaddr, &auth, "", schedule, - version); - if (status != KSUCCESS || - strncmp(version, KIP_VERSION, KRB_SENDAUTH_VLEN) != 0) { - return 1; - } - passwd = k_getpwnam ("root"); - if (passwd == NULL) { - fatal (sock, "Cannot find root", schedule, &auth.session); - return 1; - } - if (kuserok(&auth, "root") != 0) { - fatal (sock, "Permission denied", schedule, &auth.session); - return 1; - } - if (write (sock, &ok, sizeof(ok)) != sizeof(ok)) - return 1; - - snprintf (user, len, "%s%s%s@%s", auth.pname, - auth.pinst[0] != '\0' ? "." : "", - auth.pinst, auth.prealm); - - memcpy(key, &auth.session, sizeof(des_cblock)); - *retaddr = thataddr; - return 0; -} - -static int -doit(int sock) -{ - char msg[1024]; - char cmd[MAXPATHLEN]; - char tun_if_name[64]; - char user[MAX_K_NAME_SZ]; - struct sockaddr_in thataddr; - des_key_schedule schedule; - des_cblock key; - int this, ret, ret2; - - isserver = 1; - - if (recv_conn (sock, &key, schedule, &thataddr, user, sizeof(user))) - return 1; - this = tunnel_open (tun_if_name, sizeof(tun_if_name)); - if (this < 0) - fatal (sock, "Cannot open " _PATH_DEV TUNDEV, schedule, &key); - - strlcpy(cmd, LIBEXECDIR "/kipd-control", sizeof(cmd)); - - ret = kip_exec (cmd, msg, sizeof(msg), "kipd-control", - "up", tun_if_name, inet_ntoa(thataddr.sin_addr), user, - NULL); - if (ret) { - fatal (sock, msg, schedule, &key); - return -1; - } - - ret = copy_packets (this, sock, TUNMTU, &key, schedule); - - ret2 = kip_exec (cmd, msg, sizeof(msg), "kipd-control", - "down", tun_if_name, user, NULL); - if (ret2) - syslog(LOG_ERR, "%s", msg); - return ret; -} - -static char *port_str = NULL; -static int inetd_flag = 1; -static int version_flag = 0; -static int help_flag = 0; - -struct getargs args[] = { - { "inetd", 'i', arg_negative_flag, &inetd_flag, - "Not started from inetd" }, - { "port", 'p', arg_string, &port_str, "Use this port", - "port" }, - { "version", 0, arg_flag, &version_flag }, - { "help", 0, arg_flag, &help_flag } -}; - -static void -usage(int ret) -{ - arg_printusage (args, - sizeof(args) / sizeof(args[0]), - NULL, - ""); - exit (ret); -} - -/* - * kipd - receive forwarded IP - */ - -int -main (int argc, char **argv) -{ - int port; - int optind = 0; - - set_progname (argv[0]); - roken_openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON); - - if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, - &optind)) - usage (1); - - if (help_flag) - usage (0); - - if (version_flag) { - print_version (NULL); - return 0; - } - - if(port_str) { - struct servent *s = roken_getservbyname (port_str, "tcp"); - - if (s) - port = s->s_port; - else { - char *ptr; - - port = strtol (port_str, &ptr, 10); - if (port == 0 && ptr == port_str) - errx (1, "bad port `%s'", port_str); - port = htons(port); - } - } else { - port = k_getportbyname ("kip", "tcp", htons(KIPPORT)); - } - - if (!inetd_flag) - mini_inetd (port); - - signal (SIGCHLD, childhandler); - return doit(STDIN_FILENO); -} |