diff options
author | assar <assar@FreeBSD.org> | 2000-12-29 21:00:22 +0000 |
---|---|---|
committer | assar <assar@FreeBSD.org> | 2000-12-29 21:00:22 +0000 |
commit | 2aa51584a1bbbfd8d631a114c91b525674ec0175 (patch) | |
tree | 3be1655d8572aa7a94f884419466a6be1d5e9e35 /crypto/kerberosIV/appl | |
parent | 7e5f2377be4220b42ea18ddd0112a4a64320943a (diff) | |
download | FreeBSD-src-2aa51584a1bbbfd8d631a114c91b525674ec0175.zip FreeBSD-src-2aa51584a1bbbfd8d631a114c91b525674ec0175.tar.gz |
import krb4-1.0.5
Diffstat (limited to 'crypto/kerberosIV/appl')
53 files changed, 1117 insertions, 362 deletions
diff --git a/crypto/kerberosIV/appl/Makefile.in b/crypto/kerberosIV/appl/Makefile.in index 2cc8391..74a3b9a 100644 --- a/crypto/kerberosIV/appl/Makefile.in +++ b/crypto/kerberosIV/appl/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.31 1998/04/26 09:59:31 assar Exp $ +# $Id: Makefile.in,v 1.31.6.1 2000/06/23 04:30:11 assar Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -8,7 +8,7 @@ SHELL = /bin/sh @SET_MAKE@ SUBDIRS = sample kauth bsd movemail push afsutil \ - popper xnlock kx @OTP_dir@ @APPL_KIP_DIR@ ftp telnet + popper xnlock kx kip @OTP_dir@ ftp telnet all: for i in $(SUBDIRS); \ diff --git a/crypto/kerberosIV/appl/afsutil/aklog.c b/crypto/kerberosIV/appl/afsutil/aklog.c index 22dbfe7..b3370da 100644 --- a/crypto/kerberosIV/appl/afsutil/aklog.c +++ b/crypto/kerberosIV/appl/afsutil/aklog.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -66,7 +66,7 @@ #include <roken.h> -RCSID("$Id: aklog.c,v 1.24 1999/12/02 16:58:28 joda Exp $"); +RCSID("$Id: aklog.c,v 1.24.2.1 2000/06/23 02:31:15 assar Exp $"); static int debug = 0; @@ -89,15 +89,15 @@ DEBUG(const char *fmt, ...) } static char * -expand_cell_name(char *cell) +expand_1 (const char *cell, const char *filename) { FILE *f; static char buf[128]; char *p; - f = fopen(_PATH_CELLSERVDB, "r"); + f = fopen(filename, "r"); if(f == NULL) - return cell; + return NULL; while(fgets(buf, sizeof(buf), f) != NULL) { if(buf[0] == '>') { for(p=buf; *p && !isspace(*p) && *p != '#'; p++) @@ -111,11 +111,25 @@ expand_cell_name(char *cell) buf[0] = 0; } fclose(f); + return NULL; +} + +static const char * +expand_cell_name(const char *cell) +{ + char *ret; + + ret = expand_1(cell, _PATH_CELLSERVDB); + if (ret != NULL) + return ret; + ret = expand_1(cell, _PATH_ARLA_CELLSERVDB); + if (ret != NULL) + return ret; return cell; } static int -createuser (char *cell) +createuser (const char *cell) { char cellbuf[64]; char name[ANAME_SZ]; @@ -129,9 +143,11 @@ createuser (char *cell) f = fopen (_PATH_THISCELL, "r"); if (f == NULL) - err (1, "open(%s)", _PATH_THISCELL); + f = fopen (_PATH_ARLA_THISCELL, "r"); + if (f == NULL) + err (1, "open(%s, %s)", _PATH_THISCELL, _PATH_ARLA_THISCELL); if (fgets (cellbuf, sizeof(cellbuf), f) == NULL) - err (1, "read cellname from %s", _PATH_THISCELL); + err (1, "read cellname from %s %s", _PATH_THISCELL, _PATH_ARLA_THISCELL); fclose (f); len = strlen(cellbuf); if (cellbuf[len-1] == '\n') @@ -156,7 +172,7 @@ main(int argc, char **argv) int i; int do_aklog = -1; int do_createuser = -1; - char *cell = NULL; + const char *cell = NULL; char *realm = NULL; char cellbuf[64]; diff --git a/crypto/kerberosIV/appl/bsd/bsd_locl.h b/crypto/kerberosIV/appl/bsd/bsd_locl.h index e39bc36..f742d63 100644 --- a/crypto/kerberosIV/appl/bsd/bsd_locl.h +++ b/crypto/kerberosIV/appl/bsd/bsd_locl.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: bsd_locl.h,v 1.111 1999/12/02 16:58:28 joda Exp $ */ +/* $Id: bsd_locl.h,v 1.111.2.1 2000/06/23 02:34:20 assar Exp $ */ #define LOGALL #define KERBEROS @@ -395,3 +395,5 @@ void prepare_utmp (struct utmp *utmp, char *tty, char *username, #endif int do_osfc2_magic(uid_t); + +void paranoid_setuid (uid_t uid); diff --git a/crypto/kerberosIV/appl/bsd/kcmd.c b/crypto/kerberosIV/appl/bsd/kcmd.c index af20357..93b2b70 100644 --- a/crypto/kerberosIV/appl/bsd/kcmd.c +++ b/crypto/kerberosIV/appl/bsd/kcmd.c @@ -33,7 +33,7 @@ #include "bsd_locl.h" -RCSID("$Id: kcmd.c,v 1.20 1998/07/13 13:54:07 assar Exp $"); +RCSID("$Id: kcmd.c,v 1.20.4.1 2000/10/10 12:55:55 assar Exp $"); #define START_PORT 5120 /* arbitrary */ @@ -185,6 +185,14 @@ kcmd(int *sock, { fd_set fds; FD_ZERO(&fds); + if (s >= FD_SETSIZE || s2 >= FD_SETSIZE) { + warnx("file descriptor too large"); + close(s); + close(s2); + status = -1; + goto bad; + } + FD_SET(s, &fds); FD_SET(s2, &fds); status = select(FD_SETSIZE, &fds, NULL, NULL, NULL); diff --git a/crypto/kerberosIV/appl/bsd/login.c b/crypto/kerberosIV/appl/bsd/login.c index 0d29ebe..f2f0873 100644 --- a/crypto/kerberosIV/appl/bsd/login.c +++ b/crypto/kerberosIV/appl/bsd/login.c @@ -45,7 +45,7 @@ #include <sys/capability.h> #endif -RCSID("$Id: login.c,v 1.125 1999/11/30 19:24:01 bg Exp $"); +RCSID("$Id: login.c,v 1.125.2.2 2000/06/23 02:33:07 assar Exp $"); #ifdef OTP #include <otp.h> @@ -596,22 +596,28 @@ main(int argc, char **argv) if (pwd->pw_change || pwd->pw_expire) gettimeofday(&tp, (struct timezone *)NULL); - if (pwd->pw_change) + if (pwd->pw_change) { + time_t t; + if (tp.tv_sec >= pwd->pw_change) { printf("Sorry -- your password has expired.\n"); changepass=1; } else if (pwd->pw_change - tp.tv_sec < - 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) + 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) { + t = pwd->pw_change; printf("Warning: your password expires on %s", - ctime(&pwd->pw_change)); + ctime(&t)); + } if (pwd->pw_expire) if (tp.tv_sec >= pwd->pw_expire) { printf("Sorry -- your account has expired.\n"); sleepexit(1); } else if (pwd->pw_expire - tp.tv_sec < - 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) + 2 * DAYSPERWEEK * SECSPERDAY && !quietlog) { + t = pwd->pw_expire; printf("Warning: your account expires on %s", - ctime(&pwd->pw_expire)); + ctime(&t)); + } #endif /* defined(HAVE_PASSWD_CHANGE) && defined(HAVE_PASSWD_EXPIRE) */ /* Nothing else left to fail -- really log in. */ @@ -788,6 +794,11 @@ main(int argc, char **argv) if(!rootlogin) exit(1); } + if (uid != 0 && setuid(0) != -1) { + syslog(LOG_ALERT | LOG_AUTH, + "Failed to drop privileges for user %d", uid); + errx(1, "Sorry"); + } } @@ -953,6 +964,7 @@ dolastlog(int quiet) #if defined(HAVE_LASTLOG_H) || defined(HAVE_LOGIN_H) struct lastlog ll; int fd; + time_t t; if ((fd = open(_PATH_LASTLOG, O_RDWR, 0)) >= 0) { lseek(fd, (off_t)pwd->pw_uid * sizeof(ll), SEEK_SET); @@ -966,8 +978,8 @@ dolastlog(int quiet) sleepexit(1); } if (!quiet) { - printf("Last login: %.*s ", - 24-5, ctime(&ll.ll_time)); + t = ll.ll_time; + printf("Last login: %.*s ", 24-5, ctime(&t)); if (*ll.ll_host != '\0') { printf("from %.*s\n", (int)sizeof(ll.ll_host), @@ -983,8 +995,8 @@ dolastlog(int quiet) if (!quiet) { if (read(fd, &ll, sizeof(ll)) == sizeof(ll) && ll.ll_time != 0) { - printf("Last login: %.*s ", - 24-5, ctime(&ll.ll_time)); + t = ll.ll_time; + printf("Last login: %.*s ", 24-5, ctime(&t)); if (*ll.ll_host != '\0') printf("from %.*s\n", (int)sizeof(ll.ll_host), @@ -998,7 +1010,7 @@ dolastlog(int quiet) } #endif /* SYSV_SHADOW */ memset(&ll, 0, sizeof(ll)); - time(&ll.ll_time); + ll.ll_time = time(NULL); strncpy(ll.ll_line, tty, sizeof(ll.ll_line)); if (hostname) strncpy(ll.ll_host, hostname, sizeof(ll.ll_host)); diff --git a/crypto/kerberosIV/appl/bsd/rcmd_util.c b/crypto/kerberosIV/appl/bsd/rcmd_util.c index 1dfb46d..cd431e3 100644 --- a/crypto/kerberosIV/appl/bsd/rcmd_util.c +++ b/crypto/kerberosIV/appl/bsd/rcmd_util.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,7 @@ #include "bsd_locl.h" -RCSID("$Id: rcmd_util.c,v 1.19 1999/12/02 16:58:28 joda Exp $"); +RCSID("$Id: rcmd_util.c,v 1.19.2.1 2000/06/23 02:34:48 assar Exp $"); int get_login_port(int kerberos, int encryption) @@ -245,3 +245,19 @@ warning(const char *fmt, ...) } va_end(args); } + +/* + * setuid but work-around Linux 2.2.15 bug with setuid and capabilities + */ + +void +paranoid_setuid (uid_t uid) +{ + if (setuid (uid) < 0) + err (1, "setuid"); + if (uid != 0 && setuid (0) == 0) { + syslog(LOG_ALERT | LOG_AUTH, + "Failed to drop privileges for uid %u", (unsigned)uid); + err (1, "setuid"); + } +} diff --git a/crypto/kerberosIV/appl/bsd/rcp.c b/crypto/kerberosIV/appl/bsd/rcp.c index be87097..660be91 100644 --- a/crypto/kerberosIV/appl/bsd/rcp.c +++ b/crypto/kerberosIV/appl/bsd/rcp.c @@ -33,7 +33,7 @@ #include "bsd_locl.h" -RCSID("$Id: rcp.c,v 1.52 1999/11/16 16:54:16 bg Exp $"); +RCSID("$Id: rcp.c,v 1.52.2.1 2000/06/23 02:35:16 assar Exp $"); /* Globals */ static char dst_realm_buf[REALM_SZ]; @@ -415,7 +415,7 @@ kerberos(char **host, char *bp, char *locuser, char *user) int sock = -1, err; if (use_kerberos) { - setuid(getuid()); + paranoid_setuid(getuid()); rem = KSUCCESS; errno = 0; if (dest_realm == NULL) @@ -559,7 +559,7 @@ toremote(char *targ, int argc, char **argv) if (response() < 0) exit(1); free(bp); - setuid(userid); + paranoid_setuid(userid); } source(1, argv+i); } @@ -1002,7 +1002,7 @@ main(int argc, char **argv) response(); if(do_osfc2_magic(pwd->pw_uid)) exit(1); - setuid(userid); + paranoid_setuid(userid); if (k_hasafs()) { /* Sometimes we will need cell specific tokens * to be able to read and write files, thus, diff --git a/crypto/kerberosIV/appl/bsd/rlogin.c b/crypto/kerberosIV/appl/bsd/rlogin.c index d057ede..60bed67 100644 --- a/crypto/kerberosIV/appl/bsd/rlogin.c +++ b/crypto/kerberosIV/appl/bsd/rlogin.c @@ -36,7 +36,7 @@ */ #include "bsd_locl.h" -RCSID("$Id: rlogin.c,v 1.67 1999/11/13 06:13:02 assar Exp $"); +RCSID("$Id: rlogin.c,v 1.67.2.2 2000/10/10 12:54:26 assar Exp $"); CREDENTIALS cred; Key_schedule schedule; @@ -241,6 +241,8 @@ reader(void) rcvcnt = 0; FD_ZERO (&readfds); + if (rem >= FD_SETSIZE) + errx (1, "fd too large"); FD_SET (rem, &readfds); FD_ZERO (&exceptfds); if (kludgep) @@ -641,7 +643,7 @@ main(int argc, char **argv) get_window_size(0, &winsize); if (use_kerberos) { - setuid(getuid()); + paranoid_setuid(getuid()); rem = KSUCCESS; errno = 0; if (dest_realm == NULL) @@ -703,7 +705,7 @@ main(int argc, char **argv) #endif /* IP_TOS */ #endif /* HAVE_SETSOCKOPT */ - setuid(uid); + paranoid_setuid(uid); doit(); return 0; } diff --git a/crypto/kerberosIV/appl/bsd/rlogind.c b/crypto/kerberosIV/appl/bsd/rlogind.c index 927ffc5..eae2dd6 100644 --- a/crypto/kerberosIV/appl/bsd/rlogind.c +++ b/crypto/kerberosIV/appl/bsd/rlogind.c @@ -42,7 +42,7 @@ #include "bsd_locl.h" -RCSID("$Id: rlogind.c,v 1.109 1999/11/25 05:27:38 assar Exp $"); +RCSID("$Id: rlogind.c,v 1.109.2.2 2000/06/23 02:37:06 assar Exp $"); extern int __check_rhosts_file; @@ -257,7 +257,7 @@ rlogind_logout(const char *line) ut.ut_exit.e_exit = 0; #endif #endif - time(&ut.ut_time); + ut.ut_time = time(NULL); fseek(fp, (long)-sizeof(struct utmp), SEEK_CUR); fwrite(&ut, sizeof(struct utmp), 1, fp); fseek(fp, (long)0, SEEK_CUR); @@ -297,7 +297,7 @@ logwtmp(const char *line, const char *name, const char *host) else ut.ut_type = DEAD_PROCESS; #endif - time(&ut.ut_time); + ut.ut_time = time(NULL); if (write(fd, &ut, sizeof(struct utmp)) != sizeof(struct utmp)) ftruncate(fd, buf.st_size); @@ -491,6 +491,13 @@ doit(int f, struct sockaddr_in *fromp) execl(new_login, "login", "-p", "-h", hostname, "-f", "--", lusername, 0); + } else if (use_kerberos) { + fprintf(stderr, "User `%s' is not authorized to login as `%s'!\n", + krb_unparse_name_long(kdata->pname, + kdata->pinst, + kdata->prealm), + lusername); + exit(1); } else execl(new_login, "login", "-p", "-h", hostname, "--", lusername, 0); diff --git a/crypto/kerberosIV/appl/bsd/rsh.c b/crypto/kerberosIV/appl/bsd/rsh.c index 87fe1fe..a18f775 100644 --- a/crypto/kerberosIV/appl/bsd/rsh.c +++ b/crypto/kerberosIV/appl/bsd/rsh.c @@ -33,7 +33,7 @@ #include "bsd_locl.h" -RCSID("$Id: rsh.c,v 1.43 1999/11/13 06:13:34 assar Exp $"); +RCSID("$Id: rsh.c,v 1.43.2.2 2000/10/10 12:53:50 assar Exp $"); CREDENTIALS cred; Key_schedule schedule; @@ -107,7 +107,10 @@ talk(int nflag, sigset_t omask, int pid, int rem) goto done; bp = buf; - rewrite: FD_ZERO(&rembits); + rewrite: + FD_ZERO(&rembits); + if (rem >= FD_SETSIZE) + errx(1, "fd too large"); FD_SET(rem, &rembits); if (select(rem + 1, 0, &rembits, 0, 0) < 0) { if (errno != EINTR) @@ -140,6 +143,8 @@ talk(int nflag, sigset_t omask, int pid, int rem) if (sigprocmask(SIG_SETMASK, &omask, 0) != 0) warn("sigprocmask"); FD_ZERO(&readfrom); + if (rem >= FD_SETSIZE || rfd2 >= FD_SETSIZE) + errx(1, "fd too large"); FD_SET(rem, &readfrom); FD_SET(rfd2, &readfrom); do { @@ -253,7 +258,7 @@ main(int argc, char **argv) /* if no further arguments, must have been called as rlogin. */ if (!argv[optind]) { *argv = "rlogin"; - setuid(getuid()); + paranoid_setuid (getuid ()); execv(_PATH_RLOGIN, argv); err(1, "can't exec %s", _PATH_RLOGIN); } @@ -282,7 +287,7 @@ main(int argc, char **argv) sv_port = get_shell_port(use_kerberos, doencrypt); if (use_kerberos) { - setuid(getuid()); + paranoid_setuid(getuid()); rem = KSUCCESS; errno = 0; if (dest_realm == NULL) @@ -342,7 +347,7 @@ main(int argc, char **argv) } #endif - setuid(uid); + paranoid_setuid(uid); { sigset_t sigmsk; sigemptyset(&sigmsk); @@ -358,6 +363,7 @@ main(int argc, char **argv) signal(SIGQUIT, sendsig); if (signal(SIGTERM, SIG_IGN) != SIG_IGN) signal(SIGTERM, sendsig); + signal(SIGPIPE, SIG_IGN); if (!nfork) { pid = fork(); diff --git a/crypto/kerberosIV/appl/bsd/rshd.c b/crypto/kerberosIV/appl/bsd/rshd.c index b750e72..496fa88 100644 --- a/crypto/kerberosIV/appl/bsd/rshd.c +++ b/crypto/kerberosIV/appl/bsd/rshd.c @@ -42,7 +42,7 @@ #include "bsd_locl.h" -RCSID("$Id: rshd.c,v 1.60 1999/11/13 06:13:53 assar Exp $"); +RCSID("$Id: rshd.c,v 1.60.2.3 2000/10/18 20:39:12 assar Exp $"); extern char *__rcmd_errstr; /* syslog hook from libc/net/rcmd.c. */ extern int __check_rhosts_file; @@ -200,6 +200,8 @@ doit(struct sockaddr_in *fromp) char *cp, sig, buf[DES_RW_MAXWRITE]; char cmdbuf[NCARGS+1], locuser[16], remuser[16]; char remotehost[2 * MaxHostNameLen + 1]; + uid_t uid; + char shell_path[MAXPATHLEN]; AUTH_DAT *kdata; KTEXT ticket; @@ -433,6 +435,11 @@ doit(struct sockaddr_in *fromp) close(2); close(pv[1]); + if (s >= FD_SETSIZE || pv[0] >= FD_SETSIZE) { + error ("fd too large\n"); + exit (1); + } + FD_ZERO(&readfrom); FD_SET(s, &readfrom); FD_SET(pv[0], &readfrom); @@ -441,6 +448,11 @@ doit(struct sockaddr_in *fromp) else nfd = s; if (doencrypt) { + if (pv2[1] >= FD_SETSIZE || pv1[0] >= FD_SETSIZE) { + error ("fd too large\n"); + exit (1); + } + FD_ZERO(&writeto); FD_SET(pv2[1], &writeto); FD_SET(pv1[0], &readfrom); @@ -571,14 +583,16 @@ doit(struct sockaddr_in *fromp) snprintf(path, sizeof(path), "PATH=%s:%s", BINDIR, _PATH_DEFPATH); strlcat(shell, pwd->pw_shell, sizeof(shell)); + strlcpy(shell_path, pwd->pw_shell, sizeof(shell_path)); strlcat(username, pwd->pw_name, sizeof(username)); + uid = pwd->pw_uid; cp = strrchr(pwd->pw_shell, '/'); if (cp) cp++; else cp = pwd->pw_shell; endpwent(); - if (log_success || pwd->pw_uid == 0) { + if (log_success || uid == 0) { if (use_kerberos) syslog(LOG_INFO|LOG_AUTH, "Kerberos shell from %s on %s as %s, cmd='%.80s'", @@ -591,12 +605,16 @@ doit(struct sockaddr_in *fromp) remuser, remotehost, locuser, cmdbuf); } if (k_hasafs()) { + char cell[64]; + if (new_pag) k_setpag(); /* Put users process in an new pag */ - krb_afslog(0, 0); + if (k_afs_cell_of_file (homedir, cell, sizeof(cell)) == 0) + krb_afslog_uid_home (cell, NULL, uid, homedir); + krb_afslog_uid_home(NULL, NULL, uid, homedir); } - execle(pwd->pw_shell, cp, "-c", cmdbuf, 0, envinit); - err(1, "%s", pwd->pw_shell); + execle(shell_path, cp, "-c", cmdbuf, 0, envinit); + err(1, "%s", shell_path); } /* diff --git a/crypto/kerberosIV/appl/bsd/su.c b/crypto/kerberosIV/appl/bsd/su.c index cb24591..7fc63ee 100644 --- a/crypto/kerberosIV/appl/bsd/su.c +++ b/crypto/kerberosIV/appl/bsd/su.c @@ -33,20 +33,20 @@ #include "bsd_locl.h" -RCSID ("$Id: su.c,v 1.70 1999/11/13 06:14:11 assar Exp $"); +RCSID ("$Id: su.c,v 1.70.2.2 2000/12/07 14:04:19 assar Exp $"); #ifdef SYSV_SHADOW #include "sysv_shadow.h" #endif -static int kerberos (char *username, char *user, int uid); +static int kerberos (char *username, char *user, char *realm, int uid); static int chshell (char *sh); static char *ontty (void); static int koktologin (char *name, char *realm, char *toname); static int chshell (char *sh); /* Handle '-' option after all the getopt options */ -#define ARGSTR "Kflmti:" +#define ARGSTR "Kkflmti:r:" int destroy_tickets = 0; static int use_kerberos = 1; @@ -63,15 +63,22 @@ main (int argc, char **argv) enum { UNSET, YES, NO } iscsh = UNSET; char *user, *shell, *avshell, *username, **np; char shellbuf[MaxPathLen], avshellbuf[MaxPathLen]; + char *realm = NULL; set_progname (argv[0]); + if (getuid() == 0) + use_kerberos = 0; + asme = asthem = fastlogin = 0; while ((ch = getopt (argc, argv, ARGSTR)) != -1) switch ((char) ch) { case 'K': use_kerberos = 0; break; + case 'k': + use_kerberos = 1; + break; case 'f': fastlogin = 1; break; @@ -89,10 +96,13 @@ main (int argc, char **argv) case 'i': root_inst = optarg; break; + case 'r': + realm = optarg; + break; case '?': default: fprintf (stderr, - "usage: su [-Kflmt] [-i root-instance] [-] [login]\n"); + "usage: su [-Kkflmt] [-i root-instance] [-r realm] [-] [login]\n"); exit (1); } /* Don't handle '-' option with getopt */ @@ -150,7 +160,7 @@ main (int argc, char **argv) syslog (LOG_ALERT, "NIS attack, user %s has uid 0", user); errx (1, "unknown login %s", user); } - if (!use_kerberos || kerberos (username, user, pwd->pw_uid)) { + if (!use_kerberos || kerberos (username, user, realm, pwd->pw_uid)) { #ifndef PASSWD_FALLBACK errx (1, "won't use /etc/passwd authentication"); #endif @@ -225,12 +235,22 @@ main (int argc, char **argv) if (setgid (pwd->pw_gid) < 0) err (1, "setgid"); - if (initgroups (user, pwd->pw_gid)) - errx (1, "initgroups failed."); + if (initgroups (user, pwd->pw_gid)) { + if (errno == E2BIG) /* Member of too many groups! */ + warn("initgroups failed."); + else + errx(1, "initgroups failed."); + } if (setuid (pwd->pw_uid) < 0) err (1, "setuid"); + if (pwd->pw_uid != 0 && setuid(0) != -1) { + syslog(LOG_ALERT | LOG_AUTH, + "Failed to drop privileges for user %s", pwd->pw_name); + errx(1, "Sorry"); + } + if (!asme) { if (asthem) { char *k = getenv ("KRBTKFILE"); @@ -321,19 +341,26 @@ ontty (void) } static int -kerberos (char *username, char *user, int uid) +kerberos (char *username, char *user, char *lrealm, int uid) { KTEXT_ST ticket; AUTH_DAT authdata; struct hostent *hp; int kerno; u_long faddr; - char lrealm[REALM_SZ], krbtkfile[MaxPathLen]; + char tmp_realm[REALM_SZ], krbtkfile[MaxPathLen]; char hostname[MaxHostNameLen], savehost[MaxHostNameLen]; + int n; + int allowed = 0; - if (krb_get_lrealm (lrealm, 1) != KSUCCESS) - return (1); - if (koktologin (username, lrealm, user) && !uid) { + if (lrealm != NULL) { + allowed = koktologin (username, lrealm, user) == 0; + } else { + for (n = 1; !allowed && krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n) + allowed = koktologin (username, tmp_realm, user) == 0; + lrealm = tmp_realm; + } + if (!allowed && !uid) { #ifndef PASSWD_FALLBACK warnx ("not in %s's ACL.", user); #endif @@ -416,7 +443,11 @@ kerberos (char *username, char *user, int uid) } strlcpy (savehost, krb_get_phost (hostname), sizeof (savehost)); - kerno = krb_mk_req (&ticket, "rcmd", savehost, lrealm, 33); + for (n = 1; krb_get_lrealm (tmp_realm, n) == KSUCCESS; ++n) { + kerno = krb_mk_req (&ticket, "rcmd", savehost, tmp_realm, 33); + if (kerno == 0) + break; + } if (kerno == KDC_PR_UNKNOWN) { warnx ("Warning: TGT not verified."); diff --git a/crypto/kerberosIV/appl/ftp/ChangeLog b/crypto/kerberosIV/appl/ftp/ChangeLog index e2e1bb5..0136a4b 100644 --- a/crypto/kerberosIV/appl/ftp/ChangeLog +++ b/crypto/kerberosIV/appl/ftp/ChangeLog @@ -1,3 +1,11 @@ +2000-03-26 Assar Westerlund <assar@sics.se> + + * ftpd/ls.c, ftpd/ftpcmd.y, ftp/cmds.c: make sure to always call + time, ctime, and gmtime with `time_t's. there were some types + (like in lastlog) that we believed to always be time_t. this has + proven wrong on Solaris 8 in 64-bit mode, where they are stored as + 32-bit quantities but time_t has gone up to 64 bits + 1999-11-30 Assar Westerlund <assar@sics.se> * ftpd/ftpd.c (getdatasock): make sure to keep the port-number of diff --git a/crypto/kerberosIV/appl/ftp/ftp/cmds.c b/crypto/kerberosIV/appl/ftp/ftp/cmds.c index 7698313..1b98932 100644 --- a/crypto/kerberosIV/appl/ftp/ftp/cmds.c +++ b/crypto/kerberosIV/appl/ftp/ftp/cmds.c @@ -36,7 +36,7 @@ */ #include "ftp_locl.h" -RCSID("$Id: cmds.c,v 1.36 1999/09/16 20:37:28 assar Exp $"); +RCSID("$Id: cmds.c,v 1.36.2.2 2000/06/23 02:43:49 assar Exp $"); typedef void (*sighand)(int); @@ -647,6 +647,7 @@ getit(int argc, char **argv, int restartit, char *mode) int cmdret; int yy, mo, day, hour, min, sec; struct tm *tm; + time_t mtime = stbuf.st_mtime; overbose = verbose; if (debug == 0) @@ -665,7 +666,7 @@ getit(int argc, char **argv, int restartit, char *mode) return (0); } - tm = gmtime(&stbuf.st_mtime); + tm = gmtime(&mtime); tm->tm_mon++; tm->tm_year += 1900; diff --git a/crypto/kerberosIV/appl/ftp/ftp/ftp.c b/crypto/kerberosIV/appl/ftp/ftp/ftp.c index 833fb08..848debd 100644 --- a/crypto/kerberosIV/appl/ftp/ftp/ftp.c +++ b/crypto/kerberosIV/appl/ftp/ftp/ftp.c @@ -32,7 +32,7 @@ */ #include "ftp_locl.h" -RCSID ("$Id: ftp.c,v 1.60 1999/10/28 19:32:17 assar Exp $"); +RCSID ("$Id: ftp.c,v 1.60.2.1 2000/06/23 02:45:40 assar Exp $"); struct sockaddr_storage hisctladdr_ss; struct sockaddr *hisctladdr = (struct sockaddr *)&hisctladdr_ss; @@ -193,8 +193,9 @@ login (char *host) printf ("Name (%s:%s): ", host, myname); else printf ("Name (%s): ", host); - fgets (tmp, sizeof (tmp) - 1, stdin); - tmp[strlen (tmp) - 1] = '\0'; + *tmp = '\0'; + if (fgets (tmp, sizeof (tmp) - 1, stdin) != NULL) + tmp[strlen (tmp) - 1] = '\0'; if (*tmp == '\0') user = myname; else @@ -203,24 +204,26 @@ login (char *host) strlcpy(username, user, sizeof(username)); n = command("USER %s", user); if (n == CONTINUE) { - if(sec_complete) - pass = myname; - else if (pass == NULL) { + if (pass == NULL) { char prompt[128]; if(myname && - (!strcmp(user, "ftp") || !strcmp(user, "anonymous"))){ + (!strcmp(user, "ftp") || !strcmp(user, "anonymous"))) { snprintf(defaultpass, sizeof(defaultpass), "%s@%s", myname, mydomain); snprintf(prompt, sizeof(prompt), "Password (%s): ", defaultpass); - }else{ + } else if (sec_complete) { + pass = myname; + } else { *defaultpass = '\0'; snprintf(prompt, sizeof(prompt), "Password: "); } - pass = defaultpass; - des_read_pw_string (tmp, sizeof (tmp), prompt, 0); - if (tmp[0]) - pass = tmp; + if (pass == NULL) { + pass = defaultpass; + des_read_pw_string (tmp, sizeof (tmp), prompt, 0); + if (tmp[0]) + pass = tmp; + } } n = command ("PASS %s", pass); } diff --git a/crypto/kerberosIV/appl/ftp/ftp/main.c b/crypto/kerberosIV/appl/ftp/ftp/main.c index dfe9e88..929acac 100644 --- a/crypto/kerberosIV/appl/ftp/ftp/main.c +++ b/crypto/kerberosIV/appl/ftp/ftp/main.c @@ -36,7 +36,7 @@ */ #include "ftp_locl.h" -RCSID("$Id: main.c,v 1.27 1999/11/13 06:18:02 assar Exp $"); +RCSID("$Id: main.c,v 1.27.2.1 2000/10/10 13:01:50 assar Exp $"); int main(int argc, char **argv) @@ -244,8 +244,10 @@ cmdscanner(int top) if (fromatty) { char *p; p = readline("ftp> "); - if(p == NULL) + if(p == NULL) { + printf("\n"); quit(0, 0); + } strlcpy(line, p, sizeof(line)); add_history(p); free(p); diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y b/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y index 07ff9a5..c482029 100644 --- a/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y +++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpcmd.y @@ -43,7 +43,7 @@ %{ #include "ftpd_locl.h" -RCSID("$Id: ftpcmd.y,v 1.56 1999/10/26 11:56:23 assar Exp $"); +RCSID("$Id: ftpcmd.y,v 1.56.2.2 2000/06/23 02:48:19 assar Exp $"); off_t restart_point; @@ -577,7 +577,7 @@ cmd } | SYST CRLF { -#if defined(unix) || defined(__unix__) || defined(__unix) || defined(_AIX) || defined(_CRAY) +#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__) reply(215, "UNIX Type: L%d", NBBY); #else reply(215, "UNKNOWN Type: L%d", NBBY); @@ -620,7 +620,9 @@ cmd "%s: not a plain file.", $3); } else { struct tm *t; - t = gmtime(&stbuf.st_mtime); + time_t mtime = stbuf.st_mtime; + + t = gmtime(&mtime); reply(213, "%04d%02d%02d%02d%02d%02d", t->tm_year + 1900, diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c b/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c index d3c9a6a..51daa3f 100644 --- a/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c +++ b/crypto/kerberosIV/appl/ftp/ftpd/ftpd.c @@ -38,7 +38,7 @@ #endif #include "getarg.h" -RCSID("$Id: ftpd.c,v 1.131 1999/11/30 19:18:38 assar Exp $"); +RCSID("$Id: ftpd.c,v 1.131.2.4 2000/09/26 09:30:26 assar Exp $"); static char version[] = "Version 6.00"; @@ -195,14 +195,13 @@ parse_auth_level(char *str) * Print usage and die. */ -static int debug_flag; static int interactive_flag; static char *guest_umask_string; static char *port_string; static char *umask_string; static char *auth_string; -int use_builtin_ls; +int use_builtin_ls = -1; static int help_flag; static int version_flag; @@ -216,8 +215,8 @@ struct getargs args[] = { { NULL, 't', arg_integer, &ftpd_timeout, "initial timeout" }, { NULL, 'T', arg_integer, &maxtimeout, "max timeout" }, { NULL, 'u', arg_string, &umask_string, "umask for user logins" }, - { NULL, 'd', arg_flag, &debug_flag, "enable debugging" }, - { NULL, 'v', arg_flag, &debug_flag, "enable debugging" }, + { NULL, 'd', arg_flag, &debug, "enable debugging" }, + { NULL, 'v', arg_flag, &debug, "enable debugging" }, { "builtin-ls", 'B', arg_flag, &use_builtin_ls, "use built-in ls to list files" }, { "version", 0, arg_flag, &version_flag }, { "help", 'h', arg_flag, &help_flag } @@ -232,6 +231,24 @@ usage (int code) exit (code); } +/* output contents of a file */ +static int +show_file(const char *file, int code) +{ + FILE *f; + char buf[128]; + + f = fopen(file, "r"); + if(f == NULL) + return -1; + while(fgets(buf, sizeof(buf), f)){ + buf[strcspn(buf, "\r\n")] = '\0'; + lreply(code, "%s", buf); + } + fclose(f); + return 0; +} + int main(int argc, char **argv) { @@ -377,27 +394,12 @@ main(int argc, char **argv) tmpline[0] = '\0'; /* If logins are disabled, print out the message. */ - if ((fd = fopen(_PATH_NOLOGIN,"r")) != NULL) { - while (fgets(line, sizeof(line), fd) != NULL) { - if ((cp = strchr(line, '\n')) != NULL) - *cp = '\0'; - lreply(530, "%s", line); - } - fflush(stdout); - fclose(fd); + if(show_file(_PATH_NOLOGIN, 530) == 0) { reply(530, "System not available."); exit(0); } - if ((fd = fopen(_PATH_FTPWELCOME, "r")) != NULL) { - while (fgets(line, sizeof(line), fd) != NULL) { - if ((cp = strchr(line, '\n')) != NULL) - *cp = '\0'; - lreply(220, "%s", line); - } - fflush(stdout); - fclose(fd); - /* reply(220,) must follow */ - } + show_file(_PATH_FTPWELCOME, 220); + /* reply(220,) must follow */ gethostname(hostname, sizeof(hostname)); reply(220, "%s FTP server (%s" @@ -704,24 +706,6 @@ checkaccess(char *name) #undef ALLOWED #undef NOT_ALLOWED -/* output contents of /etc/issue.net, or /etc/issue */ -static void -show_issue(int code) -{ - FILE *f; - char buf[128]; - - f = fopen("/etc/issue.net", "r"); - if(f == NULL) - f = fopen("/etc/issue", "r"); - if(f){ - while(fgets(buf, sizeof(buf), f)){ - buf[strcspn(buf, "\r\n")] = '\0'; - lreply(code, "%s", buf); - } - fclose(f); - } -} int do_login(int code, char *passwd) { @@ -765,28 +749,33 @@ int do_login(int code, char *passwd) reply(550, "Can't set uid."); return -1; } + + if(use_builtin_ls == -1) { + struct stat st; + /* if /bin/ls exist and is a regular file, use it, otherwise + use built-in ls */ + if(stat("/bin/ls", &st) == 0 && + S_ISREG(st.st_mode)) + use_builtin_ls = 0; + else + use_builtin_ls = 1; + } + /* * Display a login message, if it exists. * N.B. reply(code,) must follow the message. */ - if ((fd = fopen(_PATH_FTPLOGINMESG, "r")) != NULL) { - char *cp, line[LINE_MAX]; - - while (fgets(line, sizeof(line), fd) != NULL) { - if ((cp = strchr(line, '\n')) != NULL) - *cp = '\0'; - lreply(code, "%s", line); - } - } + show_file(_PATH_FTPLOGINMESG, code); + if(show_file(_PATH_ISSUE_NET, code) != 0) + show_file(_PATH_ISSUE, code); if (guest) { - show_issue(code); reply(code, "Guest login ok, access restrictions apply."); #ifdef HAVE_SETPROCTITLE snprintf (proctitle, sizeof(proctitle), "%s: anonymous/%s", remotehost, passwd); - setproctitle(proctitle); + setproctitle("%s", proctitle); #endif /* HAVE_SETPROCTITLE */ if (logging) { char data_addr[256]; @@ -803,11 +792,10 @@ int do_login(int code, char *passwd) passwd); } } else { - show_issue(code); reply(code, "User %s logged in.", pw->pw_name); #ifdef HAVE_SETPROCTITLE snprintf(proctitle, sizeof(proctitle), "%s: %s", remotehost, pw->pw_name); - setproctitle(proctitle); + setproctitle("%s", proctitle); #endif /* HAVE_SETPROCTITLE */ if (logging) { char data_addr[256]; @@ -957,8 +945,8 @@ retrieve(const char *cmd, char *name) {".tar", "/bin/gtar cPf - %s", NULL}, {".tar.gz", "/bin/gtar zcPf - %s", NULL}, {".tar.Z", "/bin/gtar ZcPf - %s", NULL}, - {".gz", "/bin/gzip -c %s", "/bin/gzip -c -d %s"}, - {".Z", "/bin/compress -c %s", "/bin/uncompress -c -d %s"}, + {".gz", "/bin/gzip -c -- %s", "/bin/gzip -c -d -- %s"}, + {".Z", "/bin/compress -c -- %s", "/bin/uncompress -c -- %s"}, {NULL, NULL} }; struct cmds *p; @@ -1211,7 +1199,7 @@ dataconn(const char *name, off_t size, const char *mode) *sizebuf = '\0'; if (pdata >= 0) { struct sockaddr_storage from_ss; - struct sockaddr *from = (struct sockaddr *)&from; + struct sockaddr *from = (struct sockaddr *)&from_ss; int s; int fromlen = sizeof(from_ss); @@ -1501,7 +1489,7 @@ statfilecmd(char *filename) int c; char line[LINE_MAX]; - snprintf(line, sizeof(line), "/bin/ls -la %s", filename); + snprintf(line, sizeof(line), "/bin/ls -la -- %s", filename); fin = ftpd_popen(line, "r", 1, 0); lreply(211, "status of %s:", filename); while ((c = getc(fin)) != EOF) { @@ -1782,7 +1770,7 @@ dolog(struct sockaddr *sa) inaddr2str (sin->sin_addr, remotehost, sizeof(remotehost)); #ifdef HAVE_SETPROCTITLE snprintf(proctitle, sizeof(proctitle), "%s: connected", remotehost); - setproctitle(proctitle); + setproctitle("%s", proctitle); #endif /* HAVE_SETPROCTITLE */ if (logging) { @@ -2093,9 +2081,9 @@ list_file(char *file) pdata = -1; } else { #ifdef HAVE_LS_A - const char *cmd = "/bin/ls -lA %s"; + const char *cmd = "/bin/ls -lA -- %s"; #else - const char *cmd = "/bin/ls -la %s"; + const char *cmd = "/bin/ls -la -- %s"; #endif retrieve(cmd, file); } @@ -2146,8 +2134,8 @@ send_file_list(char *whichf) */ if (dirname[0] == '-' && *dirlist == NULL && transflag == 0) { - retrieve("/bin/ls %s", dirname); - goto out; + list_file(dirname); + goto out; } perror_reply(550, whichf); if (dout != NULL) { @@ -2241,7 +2229,7 @@ find(char *pattern) FILE *f; snprintf(line, sizeof(line), - "/bin/locate -d %s %s", + "/bin/locate -d %s -- %s", ftp_rooted("/etc/locatedb"), pattern); f = ftpd_popen(line, "r", 1, 1); diff --git a/crypto/kerberosIV/appl/ftp/ftpd/ls.c b/crypto/kerberosIV/appl/ftp/ftpd/ls.c index 97eb77e..6e2c9a1 100644 --- a/crypto/kerberosIV/appl/ftp/ftpd/ls.c +++ b/crypto/kerberosIV/appl/ftp/ftpd/ls.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1999 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ #include "ftpd_locl.h" -RCSID("$Id: ls.c,v 1.13 1999/11/20 20:49:41 assar Exp $"); +RCSID("$Id: ls.c,v 1.13.2.2 2000/06/23 02:51:09 assar Exp $"); struct fileinfo { struct stat st; @@ -164,9 +164,10 @@ make_fileinfo(const char *filename, struct fileinfo *file, int flags) { time_t t = time(NULL); - struct tm *tm = localtime(&st->st_mtime); - if((t - st->st_mtime > 6*30*24*60*60) || - (st->st_mtime - t > 6*30*24*60*60)) + time_t mtime = st->st_mtime; + struct tm *tm = localtime(&mtime); + if((t - mtime > 6*30*24*60*60) || + (mtime - t > 6*30*24*60*60)) strftime(buf, sizeof(buf), "%b %e %Y", tm); else strftime(buf, sizeof(buf), "%b %e %H:%M", tm); diff --git a/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h b/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h index 1bd2be1..ff2041b 100644 --- a/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h +++ b/crypto/kerberosIV/appl/ftp/ftpd/pathnames.h @@ -53,3 +53,6 @@ #define _PATH_FTPCHROOT "/etc/ftpchroot" #define _PATH_FTPWELCOME "/etc/ftpwelcome" #define _PATH_FTPLOGINMESG "/etc/motd" + +#define _PATH_ISSUE "/etc/issue" +#define _PATH_ISSUE_NET "/etc/issue.net" diff --git a/crypto/kerberosIV/appl/kauth/ChangeLog b/crypto/kerberosIV/appl/kauth/ChangeLog index a770682..7ce281c 100644 --- a/crypto/kerberosIV/appl/kauth/ChangeLog +++ b/crypto/kerberosIV/appl/kauth/ChangeLog @@ -1,3 +1,14 @@ +2000-02-28 Assar Westerlund <assar@sics.se> + + * kauth.c (main): don't enable aflag with `-d'. this breaks with + kaservers that don't let you get a ticket for a user and besides, + adding debugging should not change the functionality + +1999-12-06 Assar Westerlund <assar@sics.se> + + * rkinit.c (doit_host): NAT work-around + * kauthd.c (doit): type correctness + 1999-08-31 Johan Danielsson <joda@pdc.kth.se> * kauth.c: cleanup usage string; handle `kauth -h' gracefully diff --git a/crypto/kerberosIV/appl/kauth/Makefile.in b/crypto/kerberosIV/appl/kauth/Makefile.in index 278facc..1e8a4c1 100644 --- a/crypto/kerberosIV/appl/kauth/Makefile.in +++ b/crypto/kerberosIV/appl/kauth/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.40 1999/03/10 19:01:11 joda Exp $ +# $Id: Makefile.in,v 1.40.16.1 2000/06/23 02:52:31 assar Exp $ SHELL = /bin/sh @@ -17,6 +17,7 @@ WFLAGS = @WFLAGS@ LD_FLAGS = @LD_FLAGS@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ LIBS = @LIBS@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs @@ -28,9 +29,10 @@ bindir = @bindir@ transform=@program_transform_name@ EXECSUFFIX=@EXECSUFFIX@ -PROG_BIN = kauth$(EXECSUFFIX) ksrvtgt +PROG_BIN = kauth$(EXECSUFFIX) +SCRIPT_BIN = ksrvtgt PROG_LIBEXEC = kauthd$(EXECSUFFIX) -PROGS = $(PROG_BIN) $(PROG_LIBEXEC) +PROGS = $(PROG_BIN) $(SCRIPT_BIN) $(PROG_LIBEXEC) SOURCES_KAUTH = kauth.c rkinit.c SOURCES_KAUTHD = kauthd.c @@ -58,6 +60,9 @@ install: all for x in $(PROG_BIN); do \ $(INSTALL_PROGRAM) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \ done + for x in $(SCRIPT_BIN); do \ + $(INSTALL_SCRIPT) $$x $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \ + done if test -f $(DESTDIR)$(bindir)/zrefresh -o -r $(DESTDIR)$(bindir)/zrefresh; then \ true; \ else \ @@ -68,7 +73,7 @@ install: all done uninstall: - for x in $(PROG_BIN); do \ + for x in $(PROG_BIN) $(SCRIPT_BIN); do \ rm -f $(DESTDIR)$(bindir)/`echo $$x| sed '$(transform)'`; \ done for x in $(PROG_LIBEXEC); do \ diff --git a/crypto/kerberosIV/appl/kauth/kauth.c b/crypto/kerberosIV/appl/kauth/kauth.c index 13448a0..3f6f0bc 100644 --- a/crypto/kerberosIV/appl/kauth/kauth.c +++ b/crypto/kerberosIV/appl/kauth/kauth.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -41,7 +41,7 @@ #include "kauth.h" -RCSID("$Id: kauth.c,v 1.97 1999/12/02 16:58:31 joda Exp $"); +RCSID("$Id: kauth.c,v 1.97.2.1 2000/02/28 03:42:51 assar Exp $"); krb_principal princ; static char srvtab[MaxPathLen]; @@ -233,7 +233,6 @@ main(int argc, char **argv) case 'd': krb_enable_debug(); _kafs_debug = 1; - aflag++; break; case 'f': strlcpy(srvtab, optarg, sizeof(srvtab)); diff --git a/crypto/kerberosIV/appl/kauth/kauthd.c b/crypto/kerberosIV/appl/kauth/kauthd.c index 8dae4d0..d99f2a3 100644 --- a/crypto/kerberosIV/appl/kauth/kauthd.c +++ b/crypto/kerberosIV/appl/kauth/kauthd.c @@ -33,7 +33,7 @@ #include "kauth.h" -RCSID("$Id: kauthd.c,v 1.25 1999/12/02 16:58:31 joda Exp $"); +RCSID("$Id: kauthd.c,v 1.25.2.1 2000/06/28 19:07:58 assar Exp $"); krb_principal princ; static char locuser[SNAME_SZ]; @@ -128,7 +128,7 @@ doit(int sock) if( kuserok(&auth, locuser) != 0) { snprintf(buf, sizeof(buf), "%s cannot get tickets for %s", locuser, krb_unparse_name(&princ)); - syslog (LOG_ERR, buf); + syslog (LOG_ERR, "%s", buf); write_encrypted (sock, buf, strlen(buf), schedule, &auth.session, &thisaddr, &thataddr); return 1; @@ -136,7 +136,7 @@ doit(int sock) passwd = k_getpwnam (locuser); if (passwd == NULL) { snprintf (buf, sizeof(buf), "No user '%s'", locuser); - syslog (LOG_ERR, buf); + syslog (LOG_ERR, "%s", buf); write_encrypted (sock, buf, strlen(buf), schedule, &auth.session, &thisaddr, &thataddr); return 1; @@ -145,7 +145,7 @@ doit(int sock) initgroups(passwd->pw_name, passwd->pw_gid) || setuid(passwd->pw_uid)) { snprintf (buf, sizeof(buf), "Could not change user"); - syslog (LOG_ERR, buf); + syslog (LOG_ERR, "%s", buf); write_encrypted (sock, buf, strlen(buf), schedule, &auth.session, &thisaddr, &thataddr); return 1; @@ -182,7 +182,7 @@ doit(int sock) return 0; } else { snprintf (buf, sizeof(buf), "TGT failed: %s", krb_get_err_text(status)); - syslog (LOG_NOTICE, buf); + syslog (LOG_NOTICE, "%s", buf); write_encrypted (sock, buf, strlen(buf), schedule, &auth.session, &thisaddr, &thataddr); return 1; diff --git a/crypto/kerberosIV/appl/kip/Makefile.in b/crypto/kerberosIV/appl/kip/Makefile.in index 801c3f9..16ed049 100644 --- a/crypto/kerberosIV/appl/kip/Makefile.in +++ b/crypto/kerberosIV/appl/kip/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.18 1999/03/10 19:01:11 joda Exp $ +# $Id: Makefile.in,v 1.18.4.1 2000/06/23 02:54:59 assar Exp $ SHELL = /bin/sh @@ -8,12 +8,13 @@ VPATH = @srcdir@ CC = @CC@ LINK = @LINK@ AR = ar -DEFS = @DEFS@ +DEFS = @DEFS@ -DLIBEXECDIR="\"$(libexecdir)\"" CFLAGS = @CFLAGS@ $(WFLAGS) WFLAGS = @WFLAGS@ LD_FLAGS = @LD_FLAGS@ INSTALL = @INSTALL@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ LIBS = @LIBS@ MKINSTALLDIRS = @top_srcdir@/mkinstalldirs @@ -27,7 +28,8 @@ EXECSUFFIX=@EXECSUFFIX@ PROG_BIN = kip$(EXECSUFFIX) PROG_LIBEXEC = kipd$(EXECSUFFIX) -PROGS = $(PROG_BIN) $(PROG_LIBEXEC) +SCRIPT_LIBEXEC = kip-join-network kipd-control +PROGS = $(PROG_BIN) $(PROG_LIBEXEC) $(SCRIPT_LIBEXEC) SOURCES_KIP = kip.c SOURCES_KIPD = kipd.c @@ -55,6 +57,9 @@ install: all for x in $(PROG_LIBEXEC); do \ $(INSTALL_PROGRAM) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ done + for x in $(SCRIPT_LIBEXEC); do \ + $(INSTALL_SCRIPT) $$x $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done uninstall: for x in $(PROG_BIN); do \ @@ -63,6 +68,9 @@ uninstall: for x in $(PROG_LIBEXEC); do \ rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ done + for x in $(SCRIPT_LIBEXEC); do \ + rm -f $(DESTDIR)$(libexecdir)/`echo $$x | sed '$(transform)'`; \ + done TAGS: $(SOURCES) etags $(SOURCES) @@ -91,4 +99,12 @@ kipd$(EXECSUFFIX): $(OBJECTS_KIPD) $(OBJECTS): ../../include/config.h +kip-join-network: kip-join-network.in + sed -e "s!%bindir%!$(bindir)!" $(srcdir)/kip-join-network.in > $@ + chmod +x $@ + +kipd-control: kipd-control.in + sed -e "s!%bindir%!$(bindir)!" $(srcdir)/kipd-control.in > $@ + chmod +x $@ + .PHONY: all Wall install uninstall check clean mostlyclean distclean realclean diff --git a/crypto/kerberosIV/appl/kip/common.c b/crypto/kerberosIV/appl/kip/common.c index c97fe9f..4feb9c8 100644 --- a/crypto/kerberosIV/appl/kip/common.c +++ b/crypto/kerberosIV/appl/kip/common.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,7 +33,10 @@ #include "kip.h" -RCSID("$Id: common.c,v 1.13 1999/12/02 16:58:31 joda Exp $"); +RCSID("$Id: common.c,v 1.13.2.4 2000/10/18 23:31:51 assar Exp $"); + +sig_atomic_t disconnect = 0; +int isserver = 0; /* * Copy packets from `tundev' to `netdev' or vice versa. @@ -56,16 +59,23 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv, memcpy (&iv1, iv, sizeof(iv1)); memcpy (&iv2, iv, sizeof(iv2)); - for (;;) { + while(!disconnect) { fd_set fdset; int ret, len; + if (tundev >= FD_SETSIZE || netdev >= FD_SETSIZE) { + warnx ("fd too large"); + return 1; + } + FD_ZERO(&fdset); FD_SET(tundev, &fdset); FD_SET(netdev, &fdset); ret = select (max(tundev, netdev)+1, &fdset, NULL, NULL, NULL); - if (ret < 0 && errno != EINTR) { + if (ret < 0) { + if (errno == EINTR) + continue; warn ("select"); return 1; } @@ -107,6 +117,21 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv, des_cfb64_encrypt (buf, buf, 2, schedule, &iv2, &num2, DES_DECRYPT); len = (buf[0] << 8 ) | buf[1]; + if (len > mtu) { + fatal (-1, "buffer too large", schedule, &iv2); + return -1; + } + + if (len == 0) { + len = read (netdev, buf, mtu); + if (len < 1) + len = 1; + buf[len-1] = '\0'; + + fatal (-1, buf, schedule, &iv2); + return -1; + } + ret = krb_net_read (netdev, buf + 2, len); if (ret == 0) return 0; @@ -127,6 +152,7 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv, } } } + return 0; } /* @@ -148,18 +174,19 @@ childhandler (int sig) /* * Find a free tunnel device and open it. + * Return the interface name in `name, len'. */ int -tunnel_open (void) +tunnel_open (char *name, size_t len) { int fd; int i; - char name[64]; + char devname[256]; for (i = 0; i < 256; ++i) { - snprintf (name, sizeof(name), "%s%s%d", _PATH_DEV, TUNDEV, i); - fd = open (name, O_RDWR, 0); + snprintf (devname, len, "%s%s%d", _PATH_DEV, TUNDEV, i); + fd = open (devname, O_RDWR, 0); if (fd >= 0) break; if (errno == ENOENT || errno == ENODEV) { @@ -169,5 +196,107 @@ tunnel_open (void) } if (fd < 0) warn("open %s" ,name); + else + snprintf (name, len, "%s%d", TUNDEV, i); return fd; } + +/* + * run the command `cmd' with (...). return 0 if succesful or error + * otherwise (and copy an error messages into `msg, len') + */ + +int +kip_exec (const char *cmd, char *msg, size_t len, ...) +{ + pid_t pid; + char **argv; + va_list ap; + + va_start(ap, len); + argv = vstrcollect(&ap); + va_end(ap); + + pid = fork(); + switch (pid) { + case -1: + snprintf (msg, len, "fork: %s", strerror(errno)); + return errno; + case 0: { + int fd = open (_PATH_DEVNULL, O_RDWR, 0600); + if (fd < 0) { + snprintf (msg, len, "open " _PATH_DEVNULL ": %s", strerror(errno)); + return errno; + } + + close (STDIN_FILENO); + close (STDOUT_FILENO); + close (STDERR_FILENO); + + dup2 (fd, STDIN_FILENO); + dup2 (fd, STDOUT_FILENO); + dup2 (fd, STDERR_FILENO); + + execvp (cmd, argv); + snprintf (msg, len, "execvp %s: %s", cmd, strerror(errno)); + return errno; + } + default: { + int status; + + while (waitpid(pid, &status, 0) < 0) + if (errno != EINTR) { + snprintf (msg, len, "waitpid: %s", strerror(errno)); + return errno; + } + + if (WIFEXITED(status)) { + if (WEXITSTATUS(status) == 0) { + return 0; + } else { + snprintf (msg, len, "child returned with %d", + WEXITSTATUS(status)); + return 1; + } + } else if (WIFSIGNALED(status)) { +#ifndef WCOREDUMP +#define WCOREDUMP(X) 0 +#endif + snprintf (msg, len, "terminated by signal num %d %s", + WTERMSIG(status), + WCOREDUMP(status) ? " coredumped" : ""); + return 1; + } else if (WIFSTOPPED(status)) { + snprintf (msg, len, "process stoped by signal %d", + WSTOPSIG(status)); + return 1; + } else { + snprintf (msg, len, "child died in mysterious circumstances"); + return 1; + } + } + } +} + +/* + * fatal error `s' occured. + */ + +void +fatal (int fd, const char *s, des_key_schedule schedule, des_cblock *iv) +{ + int16_t err = 0; + int num = 0; + + if (fd != -1) { + des_cfb64_encrypt ((unsigned char*) &err, (unsigned char*) &err, + sizeof(err), schedule, iv, &num, DES_ENCRYPT); + + write (fd, &err, sizeof(err)); + write (fd, s, strlen(s)+1); + } + if (isserver) + syslog(LOG_ERR, "%s", s); + else + warnx ("fatal error: %s", s); +} diff --git a/crypto/kerberosIV/appl/kip/kip-join-network.in b/crypto/kerberosIV/appl/kip/kip-join-network.in new file mode 100644 index 0000000..c105fe6 --- /dev/null +++ b/crypto/kerberosIV/appl/kip/kip-join-network.in @@ -0,0 +1,53 @@ +#!/bin/sh +# $Id$ +# +# Join a network, see kipd-control from more comments. +# + +PATH=/usr/sbin:/sbin:/usr/bin:/bin:%bindir% + +endpointhost=130.237.43.201 +thispointhost=130.237.43.17 +fakepoint=10.0.0.1 +dev=tun0 + +case $# in + 0) + modprobe tun + def=$(route -n | awk '$1 ~ /0.0.0.0/ && $3 ~ /0.0.0.0/ { print $2 }') + + if test "X$def" = "X" ; then + echo "missing default route" + exit 1 + fi + + exec kip -c $0 -a $def $endpointhost + ;; + *) + state=$1 + dev=$2 + host=$3 + arg=$4 + case $state in + up) + ifconfig $dev $thispointhost pointopoint $fakepoint + route delete default + + route add -host $endpointhost gw $arg + route add default gw $fakepoint + ;; + down) + + echo $dev $arg > /tmp/kip-down + + ifconfig $dev down + + route delete default + route delete $endpointhost + route add default gw $arg + ;; + *) + exit 17 + ;; + esac +esac diff --git a/crypto/kerberosIV/appl/kip/kip.c b/crypto/kerberosIV/appl/kip/kip.c index 667a8d8..55b6032 100644 --- a/crypto/kerberosIV/appl/kip/kip.c +++ b/crypto/kerberosIV/appl/kip/kip.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,14 +33,31 @@ #include "kip.h" -RCSID("$Id: kip.c,v 1.18 1999/12/02 16:58:31 joda Exp $"); +RCSID("$Id: kip.c,v 1.18.2.1 2000/06/23 02:55:01 assar Exp $"); -static void -usage(void) +static char *cmd_str = NULL; +static char *arg_str = NULL; +static char *port_str = NULL; +static int version_flag = 0; +static int help_flag = 0; + +struct getargs args[] = { + { "port", 'p', arg_string, &port_str, "Use this port", + "port" }, + { "cmd", 'c', arg_string, &cmd_str, + "command to run when starting", "cmd"}, + { "arg", 'a', arg_string, &arg_str, + "argument to above command", "arg"}, + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; + + +static RETSIGTYPE +disconnecthandler (int sig) { - fprintf (stderr, "Usage: %s host\n", - __progname); - exit (1); + disconnect = 1; + SIGRETURN(0); } /* @@ -48,7 +65,8 @@ usage(void) */ static int -connect_host (char *host, des_cblock *key, des_key_schedule schedule) +connect_host (char *host, int port, + des_cblock *key, des_key_schedule schedule) { CREDENTIALS cred; KTEXT_ST text; @@ -70,7 +88,7 @@ connect_host (char *host, des_cblock *key, des_key_schedule schedule) memset (&thataddr, 0, sizeof(thataddr)); thataddr.sin_family = AF_INET; - thataddr.sin_port = k_getportbyname ("kip", "tcp", htons(KIPPORT)); + thataddr.sin_port = port; for(p = hostent->h_addr_list; *p; ++p) { memcpy (&thataddr.sin_addr, *p, sizeof(thataddr.sin_addr)); @@ -139,19 +157,50 @@ connect_host (char *host, des_cblock *key, des_key_schedule schedule) */ static int -doit (char *host) +doit (char *host, int port) { + char tun_if_name[64]; des_key_schedule schedule; des_cblock iv; - int other, this; + int other, this, ret; - other = connect_host (host, &iv, schedule); + other = connect_host (host, port, &iv, schedule); if (other < 0) return 1; - this = tunnel_open (); + this = tunnel_open (tun_if_name, sizeof(tun_if_name)); if (this < 0) return 1; - return copy_packets (this, other, TUNMTU, &iv, schedule); + + if (cmd_str) { + char buf[1024]; + ret = kip_exec (cmd_str, buf, sizeof(buf), + "kip-control", "up", tun_if_name, host, arg_str, + NULL); + if (ret) + errx (1, "%s (up) failed: %s", cmd_str, buf); + } + + ret = copy_packets (this, other, TUNMTU, &iv, schedule); + + if (cmd_str) { + char buf[1024]; + ret = kip_exec (cmd_str, buf, sizeof(buf), + "kip-control", "down", tun_if_name, host, arg_str, + NULL); + if (ret) + errx (1, "%s (down) failed: %s", cmd_str, buf); + } + return 0; +} + +static void +usage(int ret) +{ + arg_printusage (args, + sizeof(args) / sizeof(args[0]), + NULL, + "hostname"); + exit (ret); } /* @@ -162,9 +211,51 @@ doit (char *host) int main(int argc, char **argv) { + int port; + int optind = 0; + char *hostname; + set_progname (argv[0]); + if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, + &optind)) + usage (1); + + if (help_flag) + usage (0); + + if (version_flag) { + print_version (NULL); + return 0; + } + + argv += optind; + argc -= optind; + + if (argc != 1) + usage (1); + + hostname = argv[0]; + + if(port_str) { + struct servent *s = roken_getservbyname (port_str, "tcp"); + + if (s) + port = s->s_port; + else { + char *ptr; + + port = strtol (port_str, &ptr, 10); + if (port == 0 && ptr == port_str) + errx (1, "bad port `%s'", port_str); + port = htons(port); + } + } else { + port = k_getportbyname ("kip", "tcp", htons(KIPPORT)); + } + + signal (SIGCHLD, childhandler); + signal (SIGHUP, disconnecthandler); + signal (SIGTERM, disconnecthandler); - if (argc != 2) - usage (); - return doit (argv[1]); + return doit (hostname, port); } diff --git a/crypto/kerberosIV/appl/kip/kip.h b/crypto/kerberosIV/appl/kip/kip.h index dc748df..7bfc5f1 100644 --- a/crypto/kerberosIV/appl/kip/kip.h +++ b/crypto/kerberosIV/appl/kip/kip.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -31,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: kip.h,v 1.18 1999/12/02 16:58:31 joda Exp $ */ +/* $Id: kip.h,v 1.18.2.1 2000/06/23 02:55:01 assar Exp $ */ #ifdef HAVE_CONFIG_H #include "config.h" @@ -44,7 +44,6 @@ #include <errno.h> #include <pwd.h> #include <signal.h> -#include <paths.h> #include <fcntl.h> #ifdef HAVE_SYSLOG_H #include <syslog.h> @@ -72,14 +71,20 @@ #include <netinet/tcp.h> #endif #include <netdb.h> +#ifdef HAVE_SYS_SOCKIO_H #include <sys/sockio.h> +#endif #include <net/if.h> #ifdef HAVE_NET_IF_VAR_H #include <net/if_var.h> #endif +#ifdef HAVE_NET_IF_TUN_H #include <net/if_tun.h> +#endif #include <err.h> +#include <getarg.h> + #ifdef SOCKS #include <socks.h> #endif @@ -90,6 +95,10 @@ #define TUNDEV "tun" +#ifndef TUNMTU +#define TUNMTU 1500 /* everything is ethernet :) */ +#endif + #define KIPPORT 2112 #define KIP_VERSION "KIPSRV.0" @@ -100,5 +109,14 @@ copy_packets (int tundev, int netdev, int mtu, des_cblock *iv, RETSIGTYPE childhandler (int); +extern sig_atomic_t disconnect; +extern int isserver; + +int +tunnel_open (char *, size_t); + +void +fatal (int fd, const char *s, des_key_schedule schedule, des_cblock *iv); + int -tunnel_open (void); +kip_exec (const char *cmd, char *msg, size_t len, ...); diff --git a/crypto/kerberosIV/appl/kip/kipd-control.in b/crypto/kerberosIV/appl/kip/kipd-control.in new file mode 100644 index 0000000..8fb0e9b --- /dev/null +++ b/crypto/kerberosIV/appl/kip/kipd-control.in @@ -0,0 +1,54 @@ +#!/bin/sh +# +# $Id$ +# +# Simple example how you can missuse kip to provide "mobile-ip". +# This is since there is no way to tunnel ip over udp or any other +# protocol. There is also problems to get thru firewalls and NATs +# with mobile-ip since (today) they usully doesn't support IPIP or +# GRE. +# +# All commands are for linux (redhat6.1) but it should be quite +# simple to fix it to support other OS. +# + +PATH=/sbin:/usr/sbin:/usr/bin:/bin + +# arguments are: [up|down] dev remote-peer-addr user + +state=$1 +dev=$2 +remote=$3 +user=$4 + +outdevice=eth0 + +case "$state" in + up) + case "$user" in + lha.root@E.KTH.SE) + ifconfig $dev 10.0.0.1 pointopoint 130.237.43.17 + route add -host 130.237.43.17 gw 10.0.0.1 + arp -H ether -i $outdevice \ + -s 130.237.43.17 00:80:c8:82:83:61 pub + ;; + esac + ;; + down) + case "$user" in + lha.root@E.KTH.SE) + ifconfig $dev 0.0.0.0 + ifconfig $dev down + arp -i $outdevice -d 130.237.43.17 + arp -d 130.237.43.17 + true + ;; + *) + ifconfig $dev down + ;; + esac + ;; + *) + exit 17 + ;; +esac diff --git a/crypto/kerberosIV/appl/kip/kipd.c b/crypto/kerberosIV/appl/kip/kipd.c index 429f815..74e8ac2 100644 --- a/crypto/kerberosIV/appl/kip/kipd.c +++ b/crypto/kerberosIV/appl/kip/kipd.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2000 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -33,22 +33,11 @@ #include "kip.h" -RCSID("$Id: kipd.c,v 1.16 1999/12/02 16:58:31 joda Exp $"); - -static int -fatal (int fd, char *s) -{ - u_char err = 1; - - write (fd, &err, sizeof(err)); - write (fd, s, strlen(s)+1); - syslog(LOG_ERR, s); - return err; -} +RCSID("$Id: kipd.c,v 1.16.2.3 2000/10/18 20:46:45 assar Exp $"); static int recv_conn (int sock, des_cblock *key, des_key_schedule schedule, - struct sockaddr_in *retaddr) + struct sockaddr_in *retaddr, char *user, size_t len) { int status; KTEXT_ST ticket; @@ -80,13 +69,21 @@ recv_conn (int sock, des_cblock *key, des_key_schedule schedule, return 1; } passwd = k_getpwnam ("root"); - if (passwd == NULL) - return fatal (sock, "Cannot find root"); - if (kuserok(&auth, "root") != 0) - return fatal (sock, "Permission denied"); + if (passwd == NULL) { + fatal (sock, "Cannot find root", schedule, &auth.session); + return 1; + } + if (kuserok(&auth, "root") != 0) { + fatal (sock, "Permission denied", schedule, &auth.session); + return 1; + } if (write (sock, &ok, sizeof(ok)) != sizeof(ok)) return 1; + snprintf (user, len, "%s%s%s@%s", auth.pname, + auth.pinst[0] != '\0' ? "." : "", + auth.pinst, auth.prealm); + memcpy(key, &auth.session, sizeof(des_cblock)); *retaddr = thataddr; return 0; @@ -95,17 +92,64 @@ recv_conn (int sock, des_cblock *key, des_key_schedule schedule, static int doit(int sock) { + char msg[1024]; + char cmd[MAXPATHLEN]; + char tun_if_name[64]; + char user[MAX_K_NAME_SZ]; struct sockaddr_in thataddr; des_key_schedule schedule; des_cblock key; - int this; + int this, ret, ret2; - if (recv_conn (sock, &key, schedule, &thataddr)) + isserver = 1; + + if (recv_conn (sock, &key, schedule, &thataddr, user, sizeof(user))) return 1; - this = tunnel_open (); + this = tunnel_open (tun_if_name, sizeof(tun_if_name)); if (this < 0) - fatal (sock, "Cannot open " _PATH_DEV TUNDEV); - return copy_packets (this, sock, TUNMTU, &key, schedule); + fatal (sock, "Cannot open " _PATH_DEV TUNDEV, schedule, &key); + + strlcpy(cmd, LIBEXECDIR "/kipd-control", sizeof(cmd)); + + ret = kip_exec (cmd, msg, sizeof(msg), "kipd-control", + "up", tun_if_name, inet_ntoa(thataddr.sin_addr), user, + NULL); + if (ret) { + fatal (sock, msg, schedule, &key); + return -1; + } + + ret = copy_packets (this, sock, TUNMTU, &key, schedule); + + ret2 = kip_exec (cmd, msg, sizeof(msg), "kipd-control", + "down", tun_if_name, user, NULL); + if (ret2) + syslog(LOG_ERR, "%s", msg); + return ret; +} + +static char *port_str = NULL; +static int inetd_flag = 1; +static int version_flag = 0; +static int help_flag = 0; + +struct getargs args[] = { + { "inetd", 'i', arg_negative_flag, &inetd_flag, + "Not started from inetd" }, + { "port", 'p', arg_string, &port_str, "Use this port", + "port" }, + { "version", 0, arg_flag, &version_flag }, + { "help", 0, arg_flag, &help_flag } +}; + +static void +usage(int ret) +{ + arg_printusage (args, + sizeof(args) / sizeof(args[0]), + NULL, + ""); + exit (ret); } /* @@ -115,9 +159,44 @@ doit(int sock) int main (int argc, char **argv) { - set_progname (argv[0]); + int port; + int optind = 0; + set_progname (argv[0]); roken_openlog(__progname, LOG_PID|LOG_CONS, LOG_DAEMON); + + if (getarg (args, sizeof(args) / sizeof(args[0]), argc, argv, + &optind)) + usage (1); + + if (help_flag) + usage (0); + + if (version_flag) { + print_version (NULL); + return 0; + } + + if(port_str) { + struct servent *s = roken_getservbyname (port_str, "tcp"); + + if (s) + port = s->s_port; + else { + char *ptr; + + port = strtol (port_str, &ptr, 10); + if (port == 0 && ptr == port_str) + errx (1, "bad port `%s'", port_str); + port = htons(port); + } + } else { + port = k_getportbyname ("kip", "tcp", htons(KIPPORT)); + } + + if (!inetd_flag) + mini_inetd (port); + signal (SIGCHLD, childhandler); - return doit(0); + return doit(STDIN_FILENO); } diff --git a/crypto/kerberosIV/appl/push/push.8 b/crypto/kerberosIV/appl/push/push.8 index 5066b37..0cf4a6c 100644 --- a/crypto/kerberosIV/appl/push/push.8 +++ b/crypto/kerberosIV/appl/push/push.8 @@ -1,4 +1,4 @@ -.\" $Id: push.8,v 1.3.16.1 1999/12/06 17:25:27 assar Exp $ +.\" $Id: push.8,v 1.3.16.2 2000/06/23 03:06:11 assar Exp $ .\" .Dd May 31, 1998 .Dt PUSH 8 @@ -127,7 +127,8 @@ using Kerberos 5. .Sh SEE ALSO .Xr movemail 8 , .Xr popper 8 , -.Xr from 1 +.Xr from 1 , +.Xr pfrom 1 .\".Sh STANDARDS .Sh HISTORY .Nm diff --git a/crypto/kerberosIV/appl/push/push.cat8 b/crypto/kerberosIV/appl/push/push.cat8 index bdd3804..1c0b7a4 100644 --- a/crypto/kerberosIV/appl/push/push.cat8 +++ b/crypto/kerberosIV/appl/push/push.cat8 @@ -1,5 +1,5 @@ -PUSH(8) UNIX System Manager's Manual PUSH(8) +PUSH(8) System Manager's Manual PUSH(8) NNAAMMEE ppuusshh - fetch mail via POP @@ -69,7 +69,7 @@ EEXXAAMMPPLLEESS using Kerberos 5. SSEEEE AALLSSOO - movemail(8), popper(8), from(1) + movemail(8), popper(8), from(1), pfrom(1) HHIISSTTOORRYY ppuusshh was written while waiting for mmoovveemmaaiill to finish getting the mail. diff --git a/crypto/kerberosIV/appl/sample/sample_server.c b/crypto/kerberosIV/appl/sample/sample_server.c index 5442562..ba4f6ab 100644 --- a/crypto/kerberosIV/appl/sample/sample_server.c +++ b/crypto/kerberosIV/appl/sample/sample_server.c @@ -18,7 +18,7 @@ #include "sample.h" -RCSID("$Id: sample_server.c,v 1.14 1999/11/13 06:28:49 assar Exp $"); +RCSID("$Id: sample_server.c,v 1.14.2.1 2000/06/28 19:08:00 assar Exp $"); static void usage (void) @@ -108,7 +108,7 @@ main(int argc, char **argv) snprintf(retbuf, sizeof(retbuf), "Kerberos error: %s\n", krb_get_err_text(status)); - syslog(LOG_ERR, retbuf); + syslog(LOG_ERR, "%s", retbuf); } else { /* Check the version string (KRB_SENDAUTH_VLEN chars) */ if (strncmp(version, SAMPLE_VERSION, KRB_SENDAUTH_VLEN)) { diff --git a/crypto/kerberosIV/appl/telnet/ChangeLog b/crypto/kerberosIV/appl/telnet/ChangeLog index 5681679..b2c27bc 100644 --- a/crypto/kerberosIV/appl/telnet/ChangeLog +++ b/crypto/kerberosIV/appl/telnet/ChangeLog @@ -1,3 +1,57 @@ +2000-03-26 Assar Westerlund <assar@sics.se> + + * telnetd/sys_term.c (*): make sure to always call time, ctime, + and gmtime with `time_t's. there were some types (like in + lastlog) that we believed to always be time_t. this has proven + wrong on Solaris 8 in 64-bit mode, where they are stored as 32-bit + quantities but time_t has gone up to 64 bits + +1999-09-16 Assar Westerlund <assar@sics.se> + + * telnet/commands.c: revert 1.54, get_default_username should DTRT + now + +1999-09-05 Assar Westerlund <assar@sics.se> + + * telnetd/utility.c (ttloop): make it return 1 if interrupted by a + signal, which must have been what was meant from the beginning + + * telnetd/ext.h (ttloop): update prototype + + * telnetd/authenc.c (telnet_spin): actually return the value from + ttloop (otherwise it's kind of bogus) + +1999-08-05 Assar Westerlund <assar@sics.se> + + * telnetd/sys_term.c (rmut): free utxp + +1999-08-04 Assar Westerlund <assar@sics.se> + + * telnet/main.c: add -G and config file support. From Miroslav + Ruda <ruda@ics.muni.cz> + + * telnetd/sys_term.c (rmut): work around utmpx strangness. From + Miroslav Ruda <ruda@ics.muni.cz> + +1999-08-02 Assar Westerlund <assar@sics.se> + + * telnetd/telnetd.c (doit): only free hp if != NULL. From: Jonas + Oberg <jonas@coyote.org> + +1999-07-29 Assar Westerlund <assar@sics.se> + + * telnetd/telnetd.c (doit): remove unused variable mapped_sin + +1999-07-26 Assar Westerlund <assar@sics.se> + + * telnetd/ext.h: update prototypes + + * telnetd/telnetd.c: make it handle v4 and v6 sockets. (it + doesn't handle being given a v6 socket that's really talking to an + v4 adress (mapped) because the rest of the code in telnetd is not + able to handle it anyway). please run two telnetd from your + inetd, one for v4 and one for v6. + 1999-07-07 Assar Westerlund <assar@sics.se> * telnet/commands.c (tn): extra bogus const-cast diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c index b5c0953..02e4aca 100644 --- a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c +++ b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos.c @@ -55,7 +55,7 @@ #include <config.h> #endif -RCSID("$Id: kerberos.c,v 1.45 1999/03/13 21:18:55 assar Exp $"); +RCSID("$Id: kerberos.c,v 1.46 1999/09/16 20:41:33 assar Exp $"); #ifdef KRB4 #ifdef HAVE_SYS_TYPES_H @@ -180,7 +180,7 @@ kerberos4_send(char *name, Authenticator *ap) memset(instance, 0, sizeof(instance)); - strcpy_truncate (instance, + strlcpy (instance, krb_get_phost(RemoteHostName), INST_SZ); @@ -521,7 +521,7 @@ kerberos4_status(Authenticator *ap, char *name, size_t name_sz, int level) return(level); if (UserNameRequested && !kuserok(&adat, UserNameRequested)) { - strcpy_truncate(name, UserNameRequested, name_sz); + strlcpy(name, UserNameRequested, name_sz); return(AUTH_VALID); } else return(AUTH_USER); @@ -540,11 +540,11 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) switch(data[3]) { case KRB_REJECT: /* Rejected (reason might follow) */ - strcpy_truncate((char *)buf, " REJECT ", buflen); + strlcpy((char *)buf, " REJECT ", buflen); goto common; case KRB_ACCEPT: /* Accepted (name might follow) */ - strcpy_truncate((char *)buf, " ACCEPT ", buflen); + strlcpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) @@ -557,15 +557,15 @@ kerberos4_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) break; case KRB_AUTH: /* Authentication data follows */ - strcpy_truncate((char *)buf, " AUTH", buflen); + strlcpy((char *)buf, " AUTH", buflen); goto common2; case KRB_CHALLENGE: - strcpy_truncate((char *)buf, " CHALLENGE", buflen); + strlcpy((char *)buf, " CHALLENGE", buflen); goto common2; case KRB_RESPONSE: - strcpy_truncate((char *)buf, " RESPONSE", buflen); + strlcpy((char *)buf, " RESPONSE", buflen); goto common2; default: diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c index 0b7818f..3e6abbb 100644 --- a/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c +++ b/crypto/kerberosIV/appl/telnet/libtelnet/kerberos5.c @@ -53,7 +53,7 @@ #include <config.h> -RCSID("$Id: kerberos5.c,v 1.37 1999/06/24 17:09:10 assar Exp $"); +RCSID("$Id: kerberos5.c,v 1.38 1999/09/16 20:41:33 assar Exp $"); #ifdef KRB5 @@ -587,7 +587,7 @@ kerberos5_status(Authenticator *ap, char *name, size_t name_sz, int level) ticket->client, UserNameRequested)) { - strcpy_truncate(name, UserNameRequested, name_sz); + strlcpy(name, UserNameRequested, name_sz); return(AUTH_VALID); } else return(AUTH_USER); @@ -606,11 +606,11 @@ kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) switch(data[3]) { case KRB_REJECT: /* Rejected (reason might follow) */ - strcpy_truncate((char *)buf, " REJECT ", buflen); + strlcpy((char *)buf, " REJECT ", buflen); goto common; case KRB_ACCEPT: /* Accepted (name might follow) */ - strcpy_truncate((char *)buf, " ACCEPT ", buflen); + strlcpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) @@ -624,24 +624,24 @@ kerberos5_printsub(unsigned char *data, int cnt, unsigned char *buf, int buflen) case KRB_AUTH: /* Authentication data follows */ - strcpy_truncate((char *)buf, " AUTH", buflen); + strlcpy((char *)buf, " AUTH", buflen); goto common2; case KRB_RESPONSE: - strcpy_truncate((char *)buf, " RESPONSE", buflen); + strlcpy((char *)buf, " RESPONSE", buflen); goto common2; case KRB_FORWARD: /* Forwarded credentials follow */ - strcpy_truncate((char *)buf, " FORWARD", buflen); + strlcpy((char *)buf, " FORWARD", buflen); goto common2; case KRB_FORWARD_ACCEPT: /* Forwarded credentials accepted */ - strcpy_truncate((char *)buf, " FORWARD_ACCEPT", buflen); + strlcpy((char *)buf, " FORWARD_ACCEPT", buflen); goto common2; case KRB_FORWARD_REJECT: /* Forwarded credentials rejected */ /* (reason might follow) */ - strcpy_truncate((char *)buf, " FORWARD_REJECT", buflen); + strlcpy((char *)buf, " FORWARD_REJECT", buflen); goto common2; default: diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c b/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c index ee1eee2..a85d562c 100644 --- a/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c +++ b/crypto/kerberosIV/appl/telnet/libtelnet/krb4encpwd.c @@ -33,7 +33,7 @@ #include <config.h> -RCSID("$Id: krb4encpwd.c,v 1.17 1998/07/09 23:16:29 assar Exp $"); +RCSID("$Id: krb4encpwd.c,v 1.18 1999/09/16 20:41:34 assar Exp $"); #ifdef KRB4_ENCPWD /* @@ -308,7 +308,7 @@ krb4encpwd_reply(ap, data, cnt) des_read_pw_string(user_passwd, sizeof(user_passwd)-1, "Password: ", 0); UserPassword = user_passwd; Challenge = challenge; - strcpy_truncate(instance, RemoteHostName, sizeof(instance)); + strlcpy(instance, RemoteHostName, sizeof(instance)); if ((cp = strchr(instance, '.')) != 0) *cp = '\0'; if (r = krb_mk_encpwd_req(&krb_token, KRB_SERVICE_NAME, instance, realm, Challenge, UserNameRequested, user_passwd)) { @@ -338,7 +338,7 @@ krb4encpwd_status(ap, name, name_sz, level) return(level); if (UserNameRequested && passwdok(UserNameRequested, UserPassword)) { - strcpy_truncate(name, UserNameRequested, name_sz); + strlcpy(name, UserNameRequested, name_sz); return(AUTH_VALID); } else { return(AUTH_USER); @@ -360,11 +360,11 @@ krb4encpwd_printsub(data, cnt, buf, buflen) switch(data[3]) { case KRB4_ENCPWD_REJECT: /* Rejected (reason might follow) */ - strcpy_truncate((char *)buf, " REJECT ", buflen); + strlcpy((char *)buf, " REJECT ", buflen); goto common; case KRB4_ENCPWD_ACCEPT: /* Accepted (name might follow) */ - strcpy_truncate((char *)buf, " ACCEPT ", buflen); + strlcpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) @@ -377,15 +377,15 @@ krb4encpwd_printsub(data, cnt, buf, buflen) break; case KRB4_ENCPWD_AUTH: /* Authentication data follows */ - strcpy_truncate((char *)buf, " AUTH", buflen); + strlcpy((char *)buf, " AUTH", buflen); goto common2; case KRB4_ENCPWD_CHALLENGE: - strcpy_truncate((char *)buf, " CHALLENGE", buflen); + strlcpy((char *)buf, " CHALLENGE", buflen); goto common2; case KRB4_ENCPWD_ACK: - strcpy_truncate((char *)buf, " ACK", buflen); + strlcpy((char *)buf, " ACK", buflen); goto common2; default: diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c b/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c index 267e98e..dafb448 100644 --- a/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c +++ b/crypto/kerberosIV/appl/telnet/libtelnet/rsaencpwd.c @@ -33,7 +33,7 @@ #include <config.h> -RCSID("$Id: rsaencpwd.c,v 1.17 1998/07/09 23:16:32 assar Exp $"); +RCSID("$Id: rsaencpwd.c,v 1.18 1999/09/16 20:41:34 assar Exp $"); #ifdef RSA_ENCPWD /* @@ -260,7 +260,7 @@ rsaencpwd_is(ap, data, cnt) snprintf(challenge, sizeof(challenge), "%x", now); challenge_len = strlen(challenge); } else { - strcpy_truncate(challenge, "randchal", sizeof(challenge)); + strlcpy(challenge, "randchal", sizeof(challenge)); challenge_len = 8; } @@ -392,7 +392,7 @@ rsaencpwd_status(ap, name, name_sz, level) return(level); if (UserNameRequested && rsaencpwd_passwdok(UserNameRequested, UserPassword)) { - strcpy_truncate(name, UserNameRequested, name_sz); + strlcpy(name, UserNameRequested, name_sz); return(AUTH_VALID); } else { return(AUTH_USER); @@ -414,11 +414,11 @@ rsaencpwd_printsub(data, cnt, buf, buflen) switch(data[3]) { case RSA_ENCPWD_REJECT: /* Rejected (reason might follow) */ - strcpy_truncate((char *)buf, " REJECT ", buflen); + strlcpy((char *)buf, " REJECT ", buflen); goto common; case RSA_ENCPWD_ACCEPT: /* Accepted (name might follow) */ - strcpy_truncate((char *)buf, " ACCEPT ", buflen); + strlcpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) @@ -431,11 +431,11 @@ rsaencpwd_printsub(data, cnt, buf, buflen) break; case RSA_ENCPWD_AUTH: /* Authentication data follows */ - strcpy_truncate((char *)buf, " AUTH", buflen); + strlcpy((char *)buf, " AUTH", buflen); goto common2; case RSA_ENCPWD_CHALLENGEKEY: - strcpy_truncate((char *)buf, " CHALLENGEKEY", buflen); + strlcpy((char *)buf, " CHALLENGEKEY", buflen); goto common2; default: diff --git a/crypto/kerberosIV/appl/telnet/libtelnet/spx.c b/crypto/kerberosIV/appl/telnet/libtelnet/spx.c index 6d2eefe..9155ef2 100644 --- a/crypto/kerberosIV/appl/telnet/libtelnet/spx.c +++ b/crypto/kerberosIV/appl/telnet/libtelnet/spx.c @@ -33,7 +33,7 @@ #include <config.h> -RCSID("$Id: spx.c,v 1.16 1998/07/09 23:16:33 assar Exp $"); +RCSID("$Id: spx.c,v 1.17 1999/09/16 20:41:34 assar Exp $"); #ifdef SPX /* @@ -514,7 +514,7 @@ spx_status(ap, name, name_sz, level) &acl_file_buffer); if (major_status == GSS_S_COMPLETE) { - strcpy_truncate(name, UserNameRequested, name_sz); + strlcpy(name, UserNameRequested, name_sz); return(AUTH_VALID); } else { return(AUTH_USER); @@ -537,11 +537,11 @@ spx_printsub(data, cnt, buf, buflen) switch(data[3]) { case SPX_REJECT: /* Rejected (reason might follow) */ - strcpy_truncate((char *)buf, " REJECT ", buflen); + strlcpy((char *)buf, " REJECT ", buflen); goto common; case SPX_ACCEPT: /* Accepted (name might follow) */ - strcpy_truncate((char *)buf, " ACCEPT ", buflen); + strlcpy((char *)buf, " ACCEPT ", buflen); common: BUMP(buf, buflen); if (cnt <= 4) @@ -554,7 +554,7 @@ spx_printsub(data, cnt, buf, buflen) break; case SPX_AUTH: /* Authentication data follows */ - strcpy_truncate((char *)buf, " AUTH", buflen); + strlcpy((char *)buf, " AUTH", buflen); goto common2; default: diff --git a/crypto/kerberosIV/appl/telnet/telnet/authenc.c b/crypto/kerberosIV/appl/telnet/telnet/authenc.c index 08da93d..6150fc7 100644 --- a/crypto/kerberosIV/appl/telnet/telnet/authenc.c +++ b/crypto/kerberosIV/appl/telnet/telnet/authenc.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: authenc.c,v 1.9 1999/03/19 23:13:51 assar Exp $"); +RCSID("$Id: authenc.c,v 1.10 1999/09/16 20:41:35 assar Exp $"); #if defined(AUTHENTICATION) || defined(ENCRYPTION) int @@ -82,7 +82,7 @@ telnet_gets(char *prompt, char *result, int length, int echo) printf("%s", prompt); res = fgets(result, length, stdin); } else if ((res = getpass(prompt))) { - strcpy_truncate(result, res, length); + strlcpy(result, res, length); res = result; } TerminalNewMode(om); diff --git a/crypto/kerberosIV/appl/telnet/telnet/commands.c b/crypto/kerberosIV/appl/telnet/telnet/commands.c index 57803fa..fe77b56 100644 --- a/crypto/kerberosIV/appl/telnet/telnet/commands.c +++ b/crypto/kerberosIV/appl/telnet/telnet/commands.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: commands.c,v 1.53 1999/07/07 14:56:17 assar Exp $"); +RCSID("$Id: commands.c,v 1.56 1999/09/16 20:41:35 assar Exp $"); #if defined(IPPROTO_IP) && defined(IP_TOS) int tos = -1; @@ -67,7 +67,7 @@ makeargv() cp = line; if (*cp == '!') { /* Special case shell escape */ /* save for shell command */ - strcpy_truncate(saveline, line, sizeof(saveline)); + strlcpy(saveline, line, sizeof(saveline)); *argp++ = "!"; /* No room in string to get this */ margc++; cp++; @@ -1583,7 +1583,7 @@ env_init(void) if (strchr(hbuf, '.') == 0) { struct hostent *he = roken_gethostbyname(hbuf); if (he != NULL) - strcpy_truncate(hbuf, he->h_name, 256); + strlcpy(hbuf, he->h_name, 256); } asprintf (&cp, "%s%s", hbuf, cp2); @@ -1981,7 +1981,7 @@ cmdrc(char *m1, char *m2) if (skiprc) return; - strcpy_truncate(m1save, m1, sizeof(m1save)); + strlcpy(m1save, m1, sizeof(m1save)); m1 = m1save; if (rcname[0] == 0) { @@ -2075,7 +2075,7 @@ tn(int argc, char **argv) return 0; } if (argc < 2) { - strcpy_truncate(line, "open ", sizeof(line)); + strlcpy(line, "open ", sizeof(line)); printf("(to) "); fgets(&line[strlen(line)], sizeof(line) - strlen(line), stdin); makeargv(); @@ -2146,7 +2146,7 @@ tn(int argc, char **argv) sin6.sin6_family = family = AF_INET6; sa = (struct sockaddr *)&sin6; sa_size = sizeof(sin6); - strcpy_truncate(_hostname, hostp, sizeof(_hostname)); + strlcpy(_hostname, hostp, sizeof(_hostname)); hostname =_hostname; } else #endif @@ -2154,7 +2154,7 @@ tn(int argc, char **argv) sin.sin_family = family = AF_INET; sa = (struct sockaddr *)&sin; sa_size = sizeof(sin); - strcpy_truncate(_hostname, hostp, sizeof(_hostname)); + strlcpy(_hostname, hostp, sizeof(_hostname)); hostname = _hostname; } else { #ifdef HAVE_GETHOSTBYNAME2 @@ -2167,7 +2167,7 @@ tn(int argc, char **argv) host = roken_gethostbyname(hostp); #endif if (host) { - strcpy_truncate(_hostname, host->h_name, sizeof(_hostname)); + strlcpy(_hostname, host->h_name, sizeof(_hostname)); family = host->h_addrtype; addr_list = host->h_addr_list; diff --git a/crypto/kerberosIV/appl/telnet/telnet/main.c b/crypto/kerberosIV/appl/telnet/telnet/main.c index 2c896eb..ea60ae9 100644 --- a/crypto/kerberosIV/appl/telnet/telnet/main.c +++ b/crypto/kerberosIV/appl/telnet/telnet/main.c @@ -38,7 +38,7 @@ static char *copyright[] = { }; #include "telnet_locl.h" -RCSID("$Id: main.c,v 1.27 1999/03/11 13:49:23 joda Exp $"); +RCSID("$Id: main.c,v 1.30 1999/11/13 06:30:11 assar Exp $"); /* These values need to be the same as defined in libtelnet/kerberos5.c */ /* Either define them in both places, or put in some common header file. */ @@ -69,7 +69,7 @@ usage(void) { fprintf(stderr, "Usage: %s %s%s%s%s\n", prompt, #ifdef AUTHENTICATION - "[-8] [-E] [-K] [-L] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]", + "[-8] [-E] [-K] [-L] [-G] [-S tos] [-X atype] [-a] [-c] [-d] [-e char]", "\n\t[-k realm] [-l user] [-f/-F] [-n tracefile] ", #else "[-8] [-E] [-L] [-S tos] [-a] [-c] [-d] [-e char] [-l user]", @@ -90,6 +90,11 @@ usage(void) */ +#ifdef FORWARD +extern int forward_flags; +static int default_forward=0; +#endif /* FORWARD */ + #ifdef KRB5 /* XXX ugly hack to setup dns-proxy stuff */ #define Authenticator asn1_Authenticator @@ -99,8 +104,29 @@ krb5_init(void) { krb5_context context; krb5_init_context(&context); + +#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD) + if (krb5_config_get_bool (context, NULL, + "libdefaults", "forward", NULL)) { + forward_flags |= OPTS_FORWARD_CREDS; + default_forward=1; + } + if (krb5_config_get_bool (context, NULL, + "libdefaults", "forwardable", NULL)) { + forward_flags |= OPTS_FORWARDABLE_CREDS; + default_forward=1; + } +#endif +#ifdef ENCRYPTION + if (krb5_config_get_bool (context, NULL, + "libdefaults", "encrypt", NULL)) { + encrypt_auto(1); + decrypt_auto(1); + EncryptVerbose(1); + } +#endif + krb5_free_context(context); - } #endif @@ -109,9 +135,6 @@ main(int argc, char **argv) { int ch; char *user; -#ifdef FORWARD - extern int forward_flags; -#endif /* FORWARD */ #ifdef KRB5 krb5_init(); @@ -137,7 +160,8 @@ main(int argc, char **argv) */ autologin = -1; - while((ch = getopt(argc, argv, "78DEKLS:X:abcde:fFk:l:n:rx")) != EOF) { + while((ch = getopt(argc, argv, + "78DEKLS:X:abcde:fFk:l:n:rxG")) != -1) { switch(ch) { case '8': eight = 3; /* binary output and input */ @@ -202,7 +226,8 @@ main(int argc, char **argv) break; case 'f': #if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD) - if (forward_flags & OPTS_FORWARD_CREDS) { + if ((forward_flags & OPTS_FORWARD_CREDS) && + !default_forward) { fprintf(stderr, "%s: Only one of -f and -F allowed.\n", prompt); @@ -217,7 +242,8 @@ main(int argc, char **argv) break; case 'F': #if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD) - if (forward_flags & OPTS_FORWARD_CREDS) { + if ((forward_flags & OPTS_FORWARD_CREDS) && + !default_forward) { fprintf(stderr, "%s: Only one of -f and -F allowed.\n", prompt); @@ -237,7 +263,7 @@ main(int argc, char **argv) extern char *dest_realm, dst_realm_buf[]; extern int dst_realm_sz; dest_realm = dst_realm_buf; - strcpy_truncate(dest_realm, optarg, dst_realm_sz); + strlcpy(dest_realm, optarg, dst_realm_sz); } #else fprintf(stderr, @@ -269,6 +295,17 @@ main(int argc, char **argv) prompt); #endif break; + case 'G': +#if defined(AUTHENTICATION) && defined(KRB5) && defined(FORWARD) + forward_flags ^= OPTS_FORWARD_CREDS; + forward_flags ^= OPTS_FORWARDABLE_CREDS; +#else + fprintf(stderr, + "%s: Warning: -G ignored, no Kerberos V5 support.\n", + prompt); +#endif + break; + case '?': default: usage(); diff --git a/crypto/kerberosIV/appl/telnet/telnet/network.c b/crypto/kerberosIV/appl/telnet/telnet/network.c index faacc30..42ca388 100644 --- a/crypto/kerberosIV/appl/telnet/telnet/network.c +++ b/crypto/kerberosIV/appl/telnet/telnet/network.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: network.c,v 1.10 1997/05/04 04:01:08 assar Exp $"); +RCSID("$Id: network.c,v 1.10.28.1 2000/10/10 13:08:27 assar Exp $"); Ring netoring, netiring; unsigned char netobuf[2*BUFSIZ], netibuf[BUFSIZ]; @@ -69,6 +69,8 @@ stilloob(void) do { FD_ZERO(&excepts); + if (net >= FD_SETSIZE) + errx (1, "fd too large"); FD_SET(net, &excepts); value = select(net+1, 0, 0, &excepts, &timeout); } while ((value == -1) && (errno == EINTR)); diff --git a/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c b/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c index 334ef04..6bff638 100644 --- a/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c +++ b/crypto/kerberosIV/appl/telnet/telnet/sys_bsd.c @@ -33,7 +33,7 @@ #include "telnet_locl.h" -RCSID("$Id: sys_bsd.c,v 1.23 1998/06/09 19:24:46 joda Exp $"); +RCSID("$Id: sys_bsd.c,v 1.23.18.2 2000/10/19 21:21:21 assar Exp $"); /* * The following routines try to encapsulate what is system dependent @@ -774,6 +774,11 @@ process_rings(int netin, int returnValue = 0; static struct timeval TimeValue = { 0 }; + if (net >= FD_SETSIZE + || tout >= FD_SETSIZE + || tin >= FD_SETSIZE) + errx (1, "fd too large"); + if (netout) { FD_SET(net, &obits); } @@ -791,7 +796,7 @@ process_rings(int netin, FD_SET(net, &xbits); } #endif - if ((c = select(16, &ibits, &obits, &xbits, + if ((c = select(FD_SETSIZE, &ibits, &obits, &xbits, (poll == 0)? (struct timeval *)0 : &TimeValue)) < 0) { if (c == -1) { /* diff --git a/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h b/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h index b4a3782..0c883d6 100644 --- a/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h +++ b/crypto/kerberosIV/appl/telnet/telnet/telnet_locl.h @@ -14,12 +14,7 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the Kungliga Tekniska - * Högskolan and its contributors. - * - * 4. Neither the name of the Institute nor the names of its contributors + * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * @@ -36,7 +31,7 @@ * SUCH DAMAGE. */ -/* $Id: telnet_locl.h,v 1.16.8.1 1999/07/22 03:22:52 assar Exp $ */ +/* $Id: telnet_locl.h,v 1.18 1999/12/02 16:58:34 joda Exp $ */ #ifdef HAVE_CONFIG_H #include <config.h> diff --git a/crypto/kerberosIV/appl/telnet/telnet/utilities.c b/crypto/kerberosIV/appl/telnet/telnet/utilities.c index 5d677cf..ab281a5 100644 --- a/crypto/kerberosIV/appl/telnet/telnet/utilities.c +++ b/crypto/kerberosIV/appl/telnet/telnet/utilities.c @@ -37,7 +37,7 @@ #include "telnet_locl.h" -RCSID("$Id: utilities.c,v 1.21 1998/06/09 19:24:47 joda Exp $"); +RCSID("$Id: utilities.c,v 1.22.2.1 2000/10/10 13:10:27 assar Exp $"); FILE *NetTrace = 0; /* Not in bss, since needs to stay */ int prettydump; @@ -82,13 +82,13 @@ SetNetTrace(char *file) if (file && (strcmp(file, "-") != 0)) { NetTrace = fopen(file, "w"); if (NetTrace) { - strcpy_truncate(NetTraceFile, file, sizeof(NetTraceFile)); + strlcpy(NetTraceFile, file, sizeof(NetTraceFile)); return; } fprintf(stderr, "Cannot open %s.\n", file); } NetTrace = stdout; - strcpy_truncate(NetTraceFile, "(standard output)", sizeof(NetTraceFile)); + strlcpy(NetTraceFile, "(standard output)", sizeof(NetTraceFile)); } void @@ -817,6 +817,9 @@ EmptyTerminal(void) FD_ZERO(&outs); + if (tout >= FD_SETSIZE) + ExitString("fd too large", 1); + if (TTYBYTES() == 0) { FD_SET(tout, &outs); select(tout+1, 0, &outs, 0, diff --git a/crypto/kerberosIV/appl/telnet/telnetd/authenc.c b/crypto/kerberosIV/appl/telnet/telnetd/authenc.c index 2a95127..ec5f2dc 100644 --- a/crypto/kerberosIV/appl/telnet/telnetd/authenc.c +++ b/crypto/kerberosIV/appl/telnet/telnetd/authenc.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$Id: authenc.c,v 1.8 1998/07/09 23:16:37 assar Exp $"); +RCSID("$Id: authenc.c,v 1.9 1999/09/05 19:14:50 assar Exp $"); #ifdef AUTHENTICATION @@ -63,8 +63,7 @@ net_encrypt(void) int telnet_spin(void) { - ttloop(); - return(0); + return ttloop(); } char * diff --git a/crypto/kerberosIV/appl/telnet/telnetd/ext.h b/crypto/kerberosIV/appl/telnet/telnetd/ext.h index 83b7166..8f5edf1 100644 --- a/crypto/kerberosIV/appl/telnet/telnetd/ext.h +++ b/crypto/kerberosIV/appl/telnet/telnetd/ext.h @@ -33,7 +33,7 @@ * @(#)ext.h 8.2 (Berkeley) 12/15/93 */ -/* $Id: ext.h,v 1.17 1998/07/09 23:16:38 assar Exp $ */ +/* $Id: ext.h,v 1.19 1999/09/05 19:15:21 assar Exp $ */ #ifndef __EXT_H__ #define __EXT_H__ @@ -121,11 +121,9 @@ void init_env (void); void start_login (char *host, int autologin, char *name); void cleanup (int sig); int main (int argc, char **argv); -void usage (void); int getterminaltype (char *name, size_t); void _gettermname (void); int terminaltypeok (char *s); -void doit (struct sockaddr_in *who); void my_telnet (int f, int p, char*, int, char*); void interrupt (void); void sendbrk (void); @@ -134,7 +132,7 @@ void recv_ayt (void); void doeof (void); void flowstat (void); void clientstat (int code, int parm1, int parm2); -void ttloop (void); +int ttloop (void); int stilloob (int s); void ptyflush (void); char *nextitem (char *current); diff --git a/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c b/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c index 09753c0..2477c42 100644 --- a/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c +++ b/crypto/kerberosIV/appl/telnet/telnetd/sys_term.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$Id: sys_term.c,v 1.85.2.1 1999/07/22 03:23:19 assar Exp $"); +RCSID("$Id: sys_term.c,v 1.89.2.6 2000/12/08 23:34:05 assar Exp $"); #if defined(_CRAY) || (defined(__hpux) && !defined(HAVE_UTMPX_H)) # define PARENT_DOES_UTMP @@ -388,7 +388,7 @@ int getpty(int *ptynum) p = _getpty(&master, O_RDWR, 0600, 1); if(p == NULL) return -1; - strcpy_truncate(line, p, sizeof(Xline)); + strlcpy(line, p, sizeof(Xline)); return master; #else @@ -420,7 +420,7 @@ int getpty(int *ptynum) #ifdef HAVE_UNLOCKPT unlockpt(p); #endif - strcpy_truncate(line, ptsname(p), sizeof(Xline)); + strlcpy(line, ptsname(p), sizeof(Xline)); really_stream = 1; return p; } @@ -1154,7 +1154,7 @@ startslave(char *host, int autologin, char *autoname) /* * Create utmp entry for child */ - time(&wtmp.ut_time); + wtmp.ut_time = time(NULL); wtmp.ut_type = LOGIN_PROCESS; wtmp.ut_pid = pid; strncpy(wtmp.ut_user, "LOGIN", sizeof(wtmp.ut_user)); @@ -1205,26 +1205,50 @@ init_env(void) /* * scrub_env() * - * Remove variables from the environment that might cause login to - * behave in a bad manner. To avoid this, login should be staticly - * linked. + * We only accept the environment variables listed below. */ -static void scrub_env(void) +static void +scrub_env(void) { - static char *remove[] = { "LD_", "_RLD_", "LIBPATH=", "IFS=", NULL }; + static const char *reject[] = { + "TERMCAP=/", + NULL + }; + + static const char *accept[] = { + "XAUTH=", "XAUTHORITY=", "DISPLAY=", + "TERM=", + "EDITOR=", + "PAGER=", + "PRINTER=", + "LOGNAME=", + "POSIXLY_CORRECT=", + "TERMCAP=", + NULL + }; char **cpp, **cpp2; - char **p; + const char **p; for (cpp2 = cpp = environ; *cpp; cpp++) { - for(p = remove; *p; p++) + int reject_it = 0; + + for(p = reject; *p; p++) + if(strncmp(*cpp, *p, strlen(*p)) == 0) { + reject_it = 1; + break; + } + if (reject_it) + continue; + + for(p = accept; *p; p++) if(strncmp(*cpp, *p, strlen(*p)) == 0) break; - if(*p == NULL) + if(*p != NULL) *cpp2++ = *cpp; } - *cpp2 = 0; + *cpp2 = NULL; } @@ -1376,7 +1400,7 @@ static int addarg(struct arg_val *argv, char *val) static void rmut(void) { - struct utmpx *utxp, utmpx; + struct utmpx utmpx, *non_save_utxp; char *clean_tty = clean_ttyname(line); /* @@ -1387,8 +1411,14 @@ rmut(void) memset(&utmpx, 0, sizeof(utmpx)); strncpy(utmpx.ut_line, clean_tty, sizeof(utmpx.ut_line)); utmpx.ut_type = LOGIN_PROCESS; - utxp = getutxline(&utmpx); - if (utxp) { + non_save_utxp = getutxline(&utmpx); + if (non_save_utxp) { + struct utmpx *utxp; + char user0; + + utxp = malloc(sizeof(struct utmpx)); + *utxp = *non_save_utxp; + user0 = utxp->ut_user[0]; utxp->ut_user[0] = '\0'; utxp->ut_type = DEAD_PROCESS; #ifdef HAVE_STRUCT_UTMPX_UT_EXIT @@ -1406,6 +1436,7 @@ rmut(void) gettimeofday(&utxp->ut_tv, NULL); pututxline(utxp); #ifdef WTMPX_FILE + utxp->ut_user[0] = user0; updwtmpx(WTMPX_FILE, utxp); #elif defined(WTMP_FILE) /* This is a strange system with a utmpx and a wtmp! */ @@ -1418,14 +1449,13 @@ rmut(void) #ifdef HAVE_STRUCT_UTMP_UT_HOST strncpy(wtmp.ut_host, "", sizeof(wtmp.ut_host)); #endif - time(&wtmp.ut_time); + wtmp.ut_time = time(NULL); write(f, &wtmp, sizeof(wtmp)); close(f); } } -#else - #endif + free (utxp); } endutxent(); } /* end of rmut */ @@ -1463,7 +1493,7 @@ rmut(void) #ifdef HAVE_STRUCT_UTMP_UT_HOST strncpy(u->ut_host, "", sizeof(u->ut_host)); #endif - time(&u->ut_time); + u->ut_time = time(NULL); write(f, u, sizeof(wtmp)); found++; } @@ -1478,7 +1508,7 @@ rmut(void) #ifdef HAVE_STRUCT_UTMP_UT_HOST strncpy(wtmp.ut_host, "", sizeof(wtmp.ut_host)); #endif - time(&wtmp.ut_time); + wtmp.ut_time = time(NULL); write(f, &wtmp, sizeof(wtmp)); close(f); } diff --git a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c index 73008a3..0c2750e 100644 --- a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c +++ b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.c @@ -33,7 +33,7 @@ #include "telnetd.h" -RCSID("$Id: telnetd.c,v 1.53 1999/03/15 16:40:52 joda Exp $"); +RCSID("$Id: telnetd.c,v 1.58.2.1 2000/10/10 13:12:08 assar Exp $"); #ifdef _SC_CRAY_SECURE_SYS #include <sys/sysv.h> @@ -117,7 +117,7 @@ int debug = 0; int keepalive = 1; char *progname; -extern void usage (void); +static void usage (void); /* * The string to pass to getopt(). We do it this way so @@ -136,12 +136,14 @@ char valid_opts[] = "Bd:hklnS:u:UL:y" #endif ; -void doit(struct sockaddr_in*); +static void doit(struct sockaddr*, int); -int main(int argc, char **argv) +int +main(int argc, char **argv) { - struct sockaddr_in from; - int on = 1, fromlen; + struct sockaddr_storage __ss; + struct sockaddr *sa = (struct sockaddr *)&__ss; + int on = 1, sa_size; int ch; #if defined(IPPROTO_IP) && defined(IP_TOS) int tos = -1; @@ -167,7 +169,7 @@ int main(int argc, char **argv) highpty = getnpty(); #endif /* CRAY */ - while ((ch = getopt(argc, argv, valid_opts)) != EOF) { + while ((ch = getopt(argc, argv, valid_opts)) != -1) { switch(ch) { #ifdef AUTHENTICATION @@ -406,14 +408,14 @@ int main(int argc, char **argv) #endif /* _SC_CRAY_SECURE_SYS */ roken_openlog("telnetd", LOG_PID | LOG_ODELAY, LOG_DAEMON); - fromlen = sizeof (from); - if (getpeername(STDIN_FILENO, (struct sockaddr *)&from, &fromlen) < 0) { + sa_size = sizeof (__ss); + if (getpeername(STDIN_FILENO, sa, &sa_size) < 0) { fprintf(stderr, "%s: ", progname); perror("getpeername"); _exit(1); } if (keepalive && - setsockopt(0, SOL_SOCKET, SO_KEEPALIVE, + setsockopt(STDIN_FILENO, SOL_SOCKET, SO_KEEPALIVE, (void *)&on, sizeof (on)) < 0) { syslog(LOG_WARNING, "setsockopt (SO_KEEPALIVE): %m"); } @@ -428,20 +430,21 @@ int main(int argc, char **argv) if (tos < 0) tos = 020; /* Low Delay bit */ if (tos - && (setsockopt(0, IPPROTO_IP, IP_TOS, + && sa->sa_family == AF_INET + && (setsockopt(STDIN_FILENO, IPPROTO_IP, IP_TOS, (void *)&tos, sizeof(tos)) < 0) && (errno != ENOPROTOOPT) ) syslog(LOG_WARNING, "setsockopt (IP_TOS): %m"); } #endif /* defined(IPPROTO_IP) && defined(IP_TOS) */ - net = 0; - doit(&from); + net = STDIN_FILENO; + doit(sa, sa_size); /* NOTREACHED */ return 0; } /* end of main */ -void -usage() +static void +usage(void) { fprintf(stderr, "Usage: telnetd"); #ifdef AUTHENTICATION @@ -591,12 +594,12 @@ getterminaltype(char *name, size_t name_sz) * we have to just go with what we (might) have already gotten. */ if (his_state_is_will(TELOPT_TTYPE) && !terminaltypeok(terminaltype)) { - strcpy_truncate(first, terminaltype, sizeof(first)); + strlcpy(first, terminaltype, sizeof(first)); for(;;) { /* * Save the unknown name, and request the next name. */ - strcpy_truncate(last, terminaltype, sizeof(last)); + strlcpy(last, terminaltype, sizeof(last)); _gettermname(); if (terminaltypeok(terminaltype)) break; @@ -656,14 +659,20 @@ char remote_host_name[MaxHostNameLen]; /* * Get a pty, scan input lines. */ -void -doit(struct sockaddr_in *who) +static void +doit(struct sockaddr *who, int who_len) { char *host = NULL; - struct hostent *hp; + struct hostent *hp = NULL; int level; int ptynum; char user_name[256]; + int error; + char host_addr[256]; + void *addr; + int addr_sz; + const char *tmp; + int af; /* * Find an available pty to use. @@ -688,24 +697,52 @@ doit(struct sockaddr_in *who) } #endif /* _SC_CRAY_SECURE_SYS */ - /* get name of connected client */ - hp = roken_gethostbyaddr((const char *)&who->sin_addr, - sizeof (struct in_addr), - who->sin_family); + af = who->sa_family; + switch (af) { + case AF_INET : { + struct sockaddr_in *sin = (struct sockaddr_in *)who; + + addr = &sin->sin_addr; + addr_sz = sizeof(sin->sin_addr); + break; + } +#ifdef HAVE_IPV6 + case AF_INET6 : { + struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)who; + + addr = &sin6->sin6_addr; + addr_sz = sizeof(sin6->sin6_addr); + break; + } +#endif + default : + fatal (net, "Unknown address family\r\n"); + break; + } + + hp = getipnodebyaddr (addr, addr_sz, af, &error); if (hp == NULL && registerd_host_only) { fatal(net, "Couldn't resolve your address into a host name.\r\n\ Please contact your net administrator"); - } else if (hp) { + } else if (hp != NULL) { host = hp->h_name; - } else { - host = inet_ntoa(who->sin_addr); } + + tmp = inet_ntop(af, addr, host_addr, sizeof(host_addr)); + if (tmp == NULL) + strlcpy (host_addr, "unknown address", sizeof(host_addr)); + + if (host == NULL) + host = host_addr; + /* * We must make a copy because Kerberos is probably going * to also do a gethost* and overwrite the static data... */ - strcpy_truncate(remote_host_name, host, sizeof(remote_host_name)); + strlcpy(remote_host_name, host, sizeof(remote_host_name)); + if (hp != NULL) + freehostent (hp); host = remote_host_name; /* XXX - should be k_gethostname? */ @@ -725,9 +762,9 @@ Please contact your net administrator"); * If hostname still doesn't fit utmp, use ipaddr. */ if (strlen(remote_host_name) > abs(utmp_len)) - strcpy_truncate(remote_host_name, - inet_ntoa(who->sin_addr), - sizeof(remote_host_name)); + strlcpy(remote_host_name, + host_addr, + sizeof(remote_host_name)); #ifdef AUTHENTICATION auth_encrypt_init(hostname, host, "TELNETD", 1); @@ -970,6 +1007,11 @@ my_telnet(int f, int p, char *host, int level, char *autoname) FD_ZERO(&ibits); FD_ZERO(&obits); FD_ZERO(&xbits); + + if (f >= FD_SETSIZE + || p >= FD_SETSIZE) + fatal(net, "fd too large"); + /* * Never look for input if there's still * stuff in the corresponding output buffer diff --git a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h index 5ad5bd8..fdda3d7 100644 --- a/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h +++ b/crypto/kerberosIV/appl/telnet/telnetd/telnetd.h @@ -124,10 +124,6 @@ #include "defs.h" -#ifdef HAVE_ARPA_TELNET_H -#include <arpa/telnet.h> -#endif - #ifndef _POSIX_VDISABLE # ifdef VDISABLE # define _POSIX_VDISABLE VDISABLE @@ -152,12 +148,16 @@ #include <sys/utsname.h> #endif -#include "ext.h" - #ifdef HAVE_PATHS_H #include <paths.h> #endif +#ifdef HAVE_ARPA_TELNET_H +#include <arpa/telnet.h> +#endif + +#include "ext.h" + #ifdef SOCKS #include <socks.h> /* This doesn't belong here. */ diff --git a/crypto/kerberosIV/appl/telnet/telnetd/utility.c b/crypto/kerberosIV/appl/telnet/telnetd/utility.c index cfca89a..ff5192e 100644 --- a/crypto/kerberosIV/appl/telnet/telnetd/utility.c +++ b/crypto/kerberosIV/appl/telnet/telnetd/utility.c @@ -34,7 +34,7 @@ #define PRINTOPTIONS #include "telnetd.h" -RCSID("$Id: utility.c,v 1.20 1998/06/13 00:06:56 assar Exp $"); +RCSID("$Id: utility.c,v 1.22.2.1 2000/10/10 13:12:34 assar Exp $"); /* * utility functions performing io related tasks @@ -47,9 +47,11 @@ RCSID("$Id: utility.c,v 1.20 1998/06/13 00:06:56 assar Exp $"); * data from the network, and pass it through the telnet state * machine. We also flush the pty input buffer (by dropping its data) * if it becomes too full. + * + * return 0 if OK or 1 if interrupted by a signal. */ -void +int ttloop(void) { void netflush(void); @@ -61,10 +63,12 @@ ttloop(void) netflush(); ncc = read(net, netibuf, sizeof netibuf); if (ncc < 0) { + if (errno == EINTR) + return 1; syslog(LOG_INFO, "ttloop: read: %m\n"); exit(1); } else if (ncc == 0) { - syslog(LOG_INFO, "ttloop: peer died: %m\n"); + syslog(LOG_INFO, "ttloop: peer died\n"); exit(1); } DIAG(TD_REPORT, { @@ -76,6 +80,7 @@ ttloop(void) pfrontp = pbackp = ptyobuf; telrcv(); } + return 0; } /* end of ttloop */ /* @@ -88,6 +93,9 @@ stilloob(int s) fd_set excepts; int value; + if (s >= FD_SETSIZE) + fatal(ourpty, "fd too large"); + do { FD_ZERO(&excepts); FD_SET(s, &excepts); @@ -395,7 +403,7 @@ void edithost(char *pat, char *host) pat++; } if (*host) - strcpy_truncate (res, host, + strlcpy (res, host, sizeof editedhost - (res - editedhost)); else *res = '\0'; |